From 3b878dae7e7bb00f8d886426dc4f75bf45b8113f Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Fri, 11 Sep 2009 15:35:10 +0200 Subject: [PATCH] Removed chunk_from_buf() in favor of a simpler chunk_from_chars() macro --- scripts/pubkey_speed.c | 5 +- src/charon/plugins/eap_aka/eap_aka.c | 11 +- .../plugins/eap_mschapv2/eap_mschapv2.c | 103 ++++++++---------- src/charon/plugins/eap_sim/eap_sim.c | 15 +-- .../plugins/unit_tester/tests/test_agent.c | 6 +- .../unit_tester/tests/test_auth_info.c | 7 +- .../plugins/unit_tester/tests/test_med_db.c | 5 +- .../plugins/unit_tester/tests/test_mysql.c | 3 +- .../plugins/unit_tester/tests/test_rsa_gen.c | 51 ++++----- .../plugins/unit_tester/tests/test_sqlite.c | 3 +- src/libfast/session.c | 4 +- src/libstrongswan/asn1/asn1.c | 12 +- src/libstrongswan/chunk.h | 4 +- src/libstrongswan/crypto/pkcs7.c | 56 +++------- src/libstrongswan/crypto/pkcs9.c | 42 ++----- .../plugins/agent/agent_private_key.c | 6 +- src/libstrongswan/plugins/fips_prf/fips_prf.c | 3 +- src/libstrongswan/plugins/x509/x509_ac.c | 21 +--- src/libstrongswan/plugins/x509/x509_cert.c | 15 ++- .../plugins/x509/x509_ocsp_request.c | 18 +-- .../plugins/x509/x509_ocsp_response.c | 18 +-- src/pluto/crl.c | 2 +- src/pluto/ipsec_doi.c | 24 ++-- src/pluto/ocsp.c | 28 ++--- src/pluto/pgpcert.c | 5 +- src/pluto/pkcs7.c | 77 +++---------- src/pluto/x509.c | 7 +- src/scepclient/pkcs10.c | 14 +-- src/scepclient/scep.c | 31 ++---- 29 files changed, 207 insertions(+), 389 deletions(-) diff --git a/scripts/pubkey_speed.c b/scripts/pubkey_speed.c index e6c668832..255f650f5 100644 --- a/scripts/pubkey_speed.c +++ b/scripts/pubkey_speed.c @@ -25,8 +25,6 @@ static void usage() exit(1); } -static char data_buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07}; - int main(int argc, char *argv[]) { private_key_t *private; @@ -36,7 +34,7 @@ int main(int argc, char *argv[]) char buf[8096], *pos = buf; key_type_t type = KEY_ANY; signature_scheme_t scheme = SIGN_UNKNOWN; - chunk_t keydata, *sigs, data = chunk_from_buf(data_buf); + chunk_t keydata, *sigs, data; if (argc < 4) { @@ -102,6 +100,7 @@ int main(int argc, char *argv[]) sigs = malloc(sizeof(chunk_t) * rounds); + data = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07); start_timing(&timing); for (round = 0; round < rounds; round++) { diff --git a/src/charon/plugins/eap_aka/eap_aka.c b/src/charon/plugins/eap_aka/eap_aka.c index e76778f22..11e7515ef 100644 --- a/src/charon/plugins/eap_aka/eap_aka.c +++ b/src/charon/plugins/eap_aka/eap_aka.c @@ -251,20 +251,17 @@ struct private_eap_aka_t { }; /** Family key, as proposed in S.S0055 */ -static u_int8_t fmk_buf[] = {0x41, 0x48, 0x41, 0x47}; -static chunk_t fmk = chunk_from_buf(fmk_buf); +static chunk_t fmk = chunk_from_chars(0x41, 0x48, 0x41, 0x47); /** Authentication management field */ -static u_int8_t amf_buf[] = {0x00, 0x01}; -static chunk_t amf = chunk_from_buf(amf_buf); +static chunk_t amf = chunk_from_chars(0x00, 0x01); /** AT_CLIENT_ERROR_CODE AKA attribute */ -static u_int8_t client_error_code_buf[] = {0, 0}; -static chunk_t client_error_code = chunk_from_buf(client_error_code_buf); +static chunk_t client_error_code = chunk_from_chars(0, 0); /** previously used sqn by peer, next one must be greater */ static u_int8_t peer_sqn_buf[6]; -static chunk_t peer_sqn = chunk_from_buf(peer_sqn_buf); +static chunk_t peer_sqn = {peer_sqn_buf, sizeof(peer_sqn_buf)}; /** set SQN to the current time */ static void update_sqn(u_int8_t *sqn, time_t offset) diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c index a063eba91..a5cab2100 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c @@ -353,20 +353,17 @@ static status_t ChallengeResponse(chunk_t challenge_hash, chunk_t password_hash, static status_t AuthenticatorResponse(chunk_t password_hash_hash, chunk_t challenge_hash, chunk_t nt_response, chunk_t *response) { - static u_int8_t magic1_data[] = - { 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, - 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, - 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 }; - static u_int8_t magic2_data[] = - { 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, - 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, - 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, - 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, - 0x6E }; - static const chunk_t magic1 = chunk_from_buf(magic1_data); - static const chunk_t magic2 = chunk_from_buf(magic2_data); - + chunk_t magic1 = chunk_from_chars( + 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, + 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74); + chunk_t magic2 = chunk_from_chars( + 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, + 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, + 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, + 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, + 0x6E); chunk_t digest = chunk_empty, concat; hasher_t *hasher; @@ -393,47 +390,43 @@ static status_t AuthenticatorResponse(chunk_t password_hash_hash, static status_t GenerateMSK(chunk_t password_hash_hash, chunk_t nt_response, chunk_t *msk) { - static u_int8_t magic1_data[] = - { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, - 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, - 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; - static u_int8_t magic2_data[] = - { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, - 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, - 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, - 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, - 0x6b, 0x65, 0x79, 0x2e }; - static u_int8_t magic3_data[] = - { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, - 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, - 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, - 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, - 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, - 0x6b, 0x65, 0x79, 0x2e }; - static u_int8_t shapad1_data[] = - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - static u_int8_t shapad2_data[] = - { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }; - static const chunk_t magic1 = chunk_from_buf(magic1_data); - static const chunk_t magic2 = chunk_from_buf(magic2_data); - static const chunk_t magic3 = chunk_from_buf(magic3_data); - static const chunk_t shapad1 = chunk_from_buf(shapad1_data); - static const chunk_t shapad2 = chunk_from_buf(shapad2_data); - static const chunk_t keypad = { shapad1_data, 16 }; - + chunk_t magic1 = chunk_from_chars( + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, + 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79); + chunk_t magic2 = chunk_from_chars( + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, + 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, + 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x2e); + chunk_t magic3 = chunk_from_chars( + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, + 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, + 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, + 0x6b, 0x65, 0x79, 0x2e); + chunk_t shapad1 = chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00); + chunk_t shapad2 = chunk_from_chars( + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2); + chunk_t keypad = chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00); chunk_t concat, master_key, master_receive_key, master_send_key; hasher_t *hasher; diff --git a/src/charon/plugins/eap_sim/eap_sim.c b/src/charon/plugins/eap_sim/eap_sim.c index a4bde05fe..f657ca3c4 100644 --- a/src/charon/plugins/eap_sim/eap_sim.c +++ b/src/charon/plugins/eap_sim/eap_sim.c @@ -222,16 +222,10 @@ struct private_eap_sim_t { /** length of the EMSK */ #define EMSK_LEN 64 -static char version[] = {0x00,0x01}; /* client error codes used in AT_CLIENT_ERROR_CODE */ -char client_error_general_buf[] = {0x00, 0x01}; -char client_error_unsupported_buf[] = {0x00, 0x02}; -char client_error_insufficient_buf[] = {0x00, 0x03}; -char client_error_notfresh_buf[] = {0x00, 0x04}; -chunk_t client_error_general = chunk_from_buf(client_error_general_buf); -chunk_t client_error_unsupported = chunk_from_buf(client_error_unsupported_buf); -chunk_t client_error_insufficient = chunk_from_buf(client_error_insufficient_buf); -chunk_t client_error_notfresh = chunk_from_buf(client_error_notfresh_buf); +static chunk_t client_error_general = chunk_from_chars(0x00, 0x01); +static chunk_t client_error_unsupported = chunk_from_chars(0x00, 0x02); +static chunk_t client_error_insufficient = chunk_from_chars(0x00, 0x03); /** * Read EAP and EAP-SIM header, return SIM type @@ -1075,8 +1069,7 @@ eap_sim_t *eap_sim_create_generic(eap_role_t role, identification_t *server, this->sreses = chunk_empty; this->peer = peer->clone(peer); this->tries = MAX_TRIES; - this->version.ptr = version; - this->version.len = sizeof(version); + this->version = chunk_from_chars(0x00,0x01); this->version_list = chunk_empty; this->k_auth = chunk_empty; this->k_encr = chunk_empty; diff --git a/src/charon/plugins/unit_tester/tests/test_agent.c b/src/charon/plugins/unit_tester/tests/test_agent.c index 21cb8b777..baab629be 100644 --- a/src/charon/plugins/unit_tester/tests/test_agent.c +++ b/src/charon/plugins/unit_tester/tests/test_agent.c @@ -21,8 +21,8 @@ ******************************************************************************/ bool test_agent() { - char *path, buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08}; - chunk_t sig, data = chunk_from_buf(buf); + char *path; + chunk_t sig, data = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08); private_key_t *private; public_key_t *public; @@ -53,7 +53,7 @@ bool test_agent() return FALSE; } free(sig.ptr); - buf[1] = 0x01; /* fake it */ + data.ptr[1] = 0x01; /* fake it */ if (public->verify(public, SIGN_RSA_EMSA_PKCS1_SHA1, data, sig)) { return FALSE; diff --git a/src/charon/plugins/unit_tester/tests/test_auth_info.c b/src/charon/plugins/unit_tester/tests/test_auth_info.c index 6de34b2a1..d6abe7a05 100644 --- a/src/charon/plugins/unit_tester/tests/test_auth_info.c +++ b/src/charon/plugins/unit_tester/tests/test_auth_info.c @@ -18,9 +18,7 @@ #include -char buf[] = {0x01,0x02,0x03,0x04}; -chunk_t chunk = chunk_from_buf(buf); -char certbuf[] = { +static chunk_t certchunk = chunk_from_chars( 0x30,0x82,0x02,0xfa,0x30,0x82,0x01,0xe2,0xa0,0x03,0x02,0x01,0x02,0x02,0x10,0x5a, 0xf2,0x65,0xae,0x78,0xff,0x23,0xde,0xf7,0xa6,0xa3,0x94,0x8c,0x3f,0xa0,0xc1,0x30, 0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05,0x05,0x00,0x30,0x39, @@ -69,8 +67,7 @@ char certbuf[] = { 0xec,0xd2,0x31,0xc6,0x1e,0xb6,0xc0,0x57,0xd9,0xe1,0x14,0x06,0x9b,0xf8,0x51,0x69, 0x47,0xf0,0x9c,0xcd,0x69,0xef,0x8e,0x5f,0x62,0xda,0x10,0xf7,0x3c,0x6d,0x0f,0x33, 0xec,0x6f,0xfd,0x94,0x07,0x16,0x41,0x32,0x06,0xa4,0xe1,0x08,0x31,0x87, -}; -chunk_t certchunk = chunk_from_buf(certbuf); +); /******************************************************************************* * auth info test diff --git a/src/charon/plugins/unit_tester/tests/test_med_db.c b/src/charon/plugins/unit_tester/tests/test_med_db.c index c5c15d1c2..7fd78b0bc 100644 --- a/src/charon/plugins/unit_tester/tests/test_med_db.c +++ b/src/charon/plugins/unit_tester/tests/test_med_db.c @@ -25,12 +25,11 @@ bool test_med_db() { - char keyid_buf[] = { + chunk_t found, keyid = chunk_from_chars( 0xed,0x90,0xe6,0x4f,0xec,0xa2,0x1f,0x4b, 0x68,0x97,0x99,0x24,0x22,0xe0,0xde,0x21, 0xb9,0xd6,0x26,0x29 - }; - chunk_t found, keyid = chunk_from_buf(keyid_buf); + ); identification_t *id; enumerator_t *enumerator; public_key_t *public; diff --git a/src/charon/plugins/unit_tester/tests/test_mysql.c b/src/charon/plugins/unit_tester/tests/test_mysql.c index cd63a5f78..252441ef8 100644 --- a/src/charon/plugins/unit_tester/tests/test_mysql.c +++ b/src/charon/plugins/unit_tester/tests/test_mysql.c @@ -24,8 +24,7 @@ bool test_mysql() { database_t *db; char *txt = "I'm a superduper test"; - char buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08}; - chunk_t data = chunk_from_buf(buf); + chunk_t data = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08); int row; chunk_t qdata; char *qtxt; diff --git a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c b/src/charon/plugins/unit_tester/tests/test_rsa_gen.c index a449112ec..59da15644 100644 --- a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c +++ b/src/charon/plugins/unit_tester/tests/test_rsa_gen.c @@ -21,8 +21,8 @@ ******************************************************************************/ bool test_rsa_gen() { - char buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08}; - chunk_t data = chunk_from_buf(buf), sig, crypt, plain; + chunk_t data = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08); + chunk_t sig, crypt, plain; private_key_t *private; public_key_t *public; u_int key_size; @@ -83,35 +83,28 @@ bool test_rsa_gen() return TRUE; } - -/******************************************************************************* - * Load a subjectPubkeyInfo wrapped key (RSA in this case) - ******************************************************************************/ -static char public_any[] = { - 0x30,0x82,0x01,0x20,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, - 0x01,0x05,0x00,0x03,0x82,0x01,0x0d,0x00,0x30,0x82,0x01,0x08,0x02,0x82,0x01,0x01, - 0x00,0xc6,0x68,0x99,0x1d,0xc8,0x06,0xdb,0xcf,0x1c,0x66,0xbb,0x91,0xc3,0xd4,0x10, - 0xb2,0x08,0xa9,0xc5,0x71,0x39,0x1c,0xbe,0x5b,0x1d,0xce,0xfd,0x1b,0xfa,0xec,0x04, - 0x89,0x9f,0x79,0xc8,0x46,0x00,0xd2,0x71,0xfb,0x22,0x16,0x52,0x2f,0xda,0xbf,0x0f, - 0xe7,0x16,0xb1,0xd7,0x6a,0xa5,0xa5,0xfc,0xee,0xff,0x84,0x4c,0x81,0x3f,0xab,0x84, - 0x0e,0xed,0x4a,0x26,0x59,0xd0,0x9b,0xb5,0xe1,0xec,0x61,0xc4,0xd3,0x15,0x4c,0x29, - 0x51,0xa0,0xde,0x33,0x07,0x58,0x6c,0x36,0x1b,0x18,0x61,0xd9,0x56,0x18,0x39,0x54, - 0x8b,0xd2,0xea,0x4e,0x87,0x28,0x58,0xb9,0x88,0x3d,0x30,0xbc,0xfc,0x6d,0xad,0xab, - 0x43,0x26,0x09,0x48,0x4e,0x6e,0x8a,0x8b,0x88,0xb3,0xf0,0x29,0x25,0x79,0xb6,0xb6, - 0x71,0x3c,0x93,0x59,0xd2,0x36,0x94,0xd5,0xfc,0xf3,0x62,0x2b,0x69,0xa3,0x7a,0x47, - 0x4e,0x53,0xa2,0x35,0x1b,0x26,0x89,0xaa,0x09,0xfd,0x56,0xd7,0x75,0x2a,0xd4,0x91, - 0xc0,0xf2,0x78,0xd7,0x05,0xca,0x12,0x1d,0xd9,0xd4,0x81,0x23,0xb2,0x3c,0x38,0xd9, - 0xb4,0xdc,0x21,0xe0,0xe5,0x2d,0xd4,0xbe,0x61,0x39,0x8a,0x46,0x90,0x46,0x73,0x31, - 0xba,0x48,0xbb,0x51,0xbb,0x91,0xd5,0x62,0xad,0xd1,0x53,0x5b,0x85,0xc9,0x1d,0xa7, - 0xf6,0xa0,0xe1,0x0e,0x6c,0x22,0x5d,0x29,0x9a,0xe7,0x0f,0xe8,0x0a,0x50,0xa7,0x19, - 0x11,0xc2,0x8b,0xe0,0x8a,0xfd,0x2b,0x94,0x31,0x7a,0x78,0x9c,0x9b,0x75,0x63,0x49, - 0xa9,0xe5,0x58,0xe6,0x3a,0x99,0xcb,0x2b,0xdd,0x0e,0xdc,0x7d,0x1b,0x98,0x80,0xc3, - 0x9f,0x02,0x01,0x23, -}; - bool test_rsa_load_any() { - chunk_t chunk = chunk_from_buf(public_any); + chunk_t chunk = chunk_from_chars( + 0x30,0x82,0x01,0x20,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01, + 0x01,0x05,0x00,0x03,0x82,0x01,0x0d,0x00,0x30,0x82,0x01,0x08,0x02,0x82,0x01,0x01, + 0x00,0xc6,0x68,0x99,0x1d,0xc8,0x06,0xdb,0xcf,0x1c,0x66,0xbb,0x91,0xc3,0xd4,0x10, + 0xb2,0x08,0xa9,0xc5,0x71,0x39,0x1c,0xbe,0x5b,0x1d,0xce,0xfd,0x1b,0xfa,0xec,0x04, + 0x89,0x9f,0x79,0xc8,0x46,0x00,0xd2,0x71,0xfb,0x22,0x16,0x52,0x2f,0xda,0xbf,0x0f, + 0xe7,0x16,0xb1,0xd7,0x6a,0xa5,0xa5,0xfc,0xee,0xff,0x84,0x4c,0x81,0x3f,0xab,0x84, + 0x0e,0xed,0x4a,0x26,0x59,0xd0,0x9b,0xb5,0xe1,0xec,0x61,0xc4,0xd3,0x15,0x4c,0x29, + 0x51,0xa0,0xde,0x33,0x07,0x58,0x6c,0x36,0x1b,0x18,0x61,0xd9,0x56,0x18,0x39,0x54, + 0x8b,0xd2,0xea,0x4e,0x87,0x28,0x58,0xb9,0x88,0x3d,0x30,0xbc,0xfc,0x6d,0xad,0xab, + 0x43,0x26,0x09,0x48,0x4e,0x6e,0x8a,0x8b,0x88,0xb3,0xf0,0x29,0x25,0x79,0xb6,0xb6, + 0x71,0x3c,0x93,0x59,0xd2,0x36,0x94,0xd5,0xfc,0xf3,0x62,0x2b,0x69,0xa3,0x7a,0x47, + 0x4e,0x53,0xa2,0x35,0x1b,0x26,0x89,0xaa,0x09,0xfd,0x56,0xd7,0x75,0x2a,0xd4,0x91, + 0xc0,0xf2,0x78,0xd7,0x05,0xca,0x12,0x1d,0xd9,0xd4,0x81,0x23,0xb2,0x3c,0x38,0xd9, + 0xb4,0xdc,0x21,0xe0,0xe5,0x2d,0xd4,0xbe,0x61,0x39,0x8a,0x46,0x90,0x46,0x73,0x31, + 0xba,0x48,0xbb,0x51,0xbb,0x91,0xd5,0x62,0xad,0xd1,0x53,0x5b,0x85,0xc9,0x1d,0xa7, + 0xf6,0xa0,0xe1,0x0e,0x6c,0x22,0x5d,0x29,0x9a,0xe7,0x0f,0xe8,0x0a,0x50,0xa7,0x19, + 0x11,0xc2,0x8b,0xe0,0x8a,0xfd,0x2b,0x94,0x31,0x7a,0x78,0x9c,0x9b,0x75,0x63,0x49, + 0xa9,0xe5,0x58,0xe6,0x3a,0x99,0xcb,0x2b,0xdd,0x0e,0xdc,0x7d,0x1b,0x98,0x80,0xc3, + 0x9f,0x02,0x01,0x23); public_key_t *public; public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, diff --git a/src/charon/plugins/unit_tester/tests/test_sqlite.c b/src/charon/plugins/unit_tester/tests/test_sqlite.c index 4dcc5bad1..dd8d1955e 100644 --- a/src/charon/plugins/unit_tester/tests/test_sqlite.c +++ b/src/charon/plugins/unit_tester/tests/test_sqlite.c @@ -29,8 +29,7 @@ bool test_sqlite() { database_t *db; char *txt = "I'm a superduper test"; - char buf[] = {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08}; - chunk_t data = chunk_from_buf(buf); + chunk_t data = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08); int row; chunk_t qdata; char *qtxt; diff --git a/src/libfast/session.c b/src/libfast/session.c index 5fd5d9863..7f4954372 100644 --- a/src/libfast/session.c +++ b/src/libfast/session.c @@ -77,15 +77,13 @@ static void add_filter(private_session_t *this, filter_t *filter) */ static void create_sid(private_session_t *this, request_t *request) { - char buf[16]; - chunk_t chunk = chunk_from_buf(buf); rng_t *rng; rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (rng) { rng->get_bytes(rng, sizeof(buf), buf); - this->sid = chunk_to_hex(chunk, NULL, FALSE).ptr; + this->sid = chunk_to_hex(chunk_create(buf, sizeof(buf)), NULL, FALSE).ptr; request->add_cookie(request, "SID", this->sid); rng->destroy(rng); } diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 96d3d2eab..418b47338 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -28,15 +28,11 @@ #include "asn1_parser.h" /** - * some common prefabricated ASN.1 constants + * Commonly used ASN1 values. */ -static u_char ASN1_INTEGER_0_str[] = { 0x02, 0x00 }; -static u_char ASN1_INTEGER_1_str[] = { 0x02, 0x01, 0x01 }; -static u_char ASN1_INTEGER_2_str[] = { 0x02, 0x01, 0x02 }; - -const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str); -const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str); -const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str); +const chunk_t ASN1_INTEGER_0 = chunk_from_chars(0x02, 0x00); +const chunk_t ASN1_INTEGER_1 = chunk_from_chars(0x02, 0x01, 0x01); +const chunk_t ASN1_INTEGER_2 = chunk_from_chars(0x02, 0x01, 0x02); /* * Defined in header. diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h index f565f8486..a526f4a89 100644 --- a/src/libstrongswan/chunk.h +++ b/src/libstrongswan/chunk.h @@ -169,9 +169,9 @@ static inline void chunk_clear(chunk_t *chunk) } /** - * Initialize a chunk to point to buffer inspectable by sizeof() + * Initialize a chunk using a char array */ -#define chunk_from_buf(str) { str, sizeof(str) } +#define chunk_from_chars(...) ((chunk_t){(char[]){__VA_ARGS__}, sizeof((char[]){__VA_ARGS__})}) /** * Initialize a chunk to point to a thing diff --git a/src/libstrongswan/crypto/pkcs7.c b/src/libstrongswan/crypto/pkcs7.c index 451b6f947..52adbc851 100644 --- a/src/libstrongswan/crypto/pkcs7.c +++ b/src/libstrongswan/crypto/pkcs7.c @@ -84,66 +84,42 @@ struct private_pkcs7_t { /** * PKCS7 contentInfo OIDs */ -static u_char ASN1_pkcs7_data_oid_str[] = { +static chunk_t ASN1_pkcs7_data_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 -}; - -static u_char ASN1_pkcs7_signed_data_oid_str[] = { +); +static chunk_t ASN1_pkcs7_signed_data_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 -}; - -static u_char ASN1_pkcs7_enveloped_data_oid_str[] = { +); +static chunk_t ASN1_pkcs7_enveloped_data_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03 -}; - -static u_char ASN1_pkcs7_signed_enveloped_data_oid_str[] = { +); +static chunk_t ASN1_pkcs7_signed_enveloped_data_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x04 -}; - -static u_char ASN1_pkcs7_digested_data_oid_str[] = { +); +static chunk_t ASN1_pkcs7_digested_data_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05 -}; - -static char ASN1_pkcs7_encrypted_data_oid_str[] = { +); +static chunk_t ASN1_pkcs7_encrypted_data_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06 -}; - -static const chunk_t ASN1_pkcs7_data_oid = - chunk_from_buf(ASN1_pkcs7_data_oid_str); -static const chunk_t ASN1_pkcs7_signed_data_oid = - chunk_from_buf(ASN1_pkcs7_signed_data_oid_str); -static const chunk_t ASN1_pkcs7_enveloped_data_oid = - chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str); -static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid = - chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str); -static const chunk_t ASN1_pkcs7_digested_data_oid = - chunk_from_buf(ASN1_pkcs7_digested_data_oid_str); -static const chunk_t ASN1_pkcs7_encrypted_data_oid = - chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str); +); /** * 3DES and DES encryption OIDs */ -static u_char ASN1_3des_ede_cbc_oid_str[] = { +static const chunk_t ASN1_3des_ede_cbc_oid = chunk_from_chars( 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07 -}; - -static u_char ASN1_des_cbc_oid_str[] = { +); +static const chunk_t ASN1_des_cbc_oid = chunk_from_chars( 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x07 -}; - -static const chunk_t ASN1_3des_ede_cbc_oid = - chunk_from_buf(ASN1_3des_ede_cbc_oid_str); -static const chunk_t ASN1_des_cbc_oid = - chunk_from_buf(ASN1_des_cbc_oid_str); +); /** * Implements pkcs7_t.is_data. diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c index 4b659cf64..e3ba0f129 100644 --- a/src/libstrongswan/crypto/pkcs9.c +++ b/src/libstrongswan/crypto/pkcs9.c @@ -78,48 +78,30 @@ struct attribute_t { /** * PKCS#9 attribute type OIDs */ -static u_char ASN1_contentType_oid_str[] = { +static chunk_t ASN1_contentType_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03 -}; - -static u_char ASN1_messageDigest_oid_str[] = { +); +static chunk_t ASN1_messageDigest_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04 -}; - -static u_char ASN1_signingTime_oid_str[] = { +); +static chunk_t ASN1_signingTime_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x05 -}; - -static char ASN1_messageType_oid_str[] = { +); +static chunk_t ASN1_messageType_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02 -}; - -static char ASN1_senderNonce_oid_str[] = { +); +static chunk_t ASN1_senderNonce_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05 -}; - -static char ASN1_transId_oid_str[] = { +); +static chunk_t ASN1_transId_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07 -}; - -static const chunk_t ASN1_contentType_oid = - chunk_from_buf(ASN1_contentType_oid_str); -static const chunk_t ASN1_messageDigest_oid = - chunk_from_buf(ASN1_messageDigest_oid_str); -static const chunk_t ASN1_signingTime_oid = - chunk_from_buf(ASN1_signingTime_oid_str); -static const chunk_t ASN1_messageType_oid = - chunk_from_buf(ASN1_messageType_oid_str); -static const chunk_t ASN1_senderNonce_oid = - chunk_from_buf(ASN1_senderNonce_oid_str); -static const chunk_t ASN1_transId_oid = - chunk_from_buf(ASN1_transId_oid_str); +); /** * return the ASN.1 encoded OID of a PKCS#9 attribute diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index 1c48d706c..2bc6dea34 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -161,7 +161,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) { int len, count; char buf[2048]; - chunk_t blob = chunk_from_buf(buf), key, type, n; + chunk_t blob, key, type, n; len = htonl(1); buf[0] = SSH_AGENT_ID_REQUEST; @@ -172,6 +172,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) return FALSE; } + blob = chunk_create(buf, sizeof(buf)); blob.len = read(this->socket, blob.ptr, blob.len); if (blob.len < sizeof(u_int32_t) + sizeof(u_char) || @@ -226,7 +227,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, { u_int32_t len, flags; char buf[2048]; - chunk_t blob = chunk_from_buf(buf); + chunk_t blob; if (scheme != SIGN_RSA_EMSA_PKCS1_SHA1) { @@ -267,6 +268,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, return FALSE; } + blob = chunk_create(buf, sizeof(buf)); blob.len = read(this->socket, blob.ptr, blob.len); if (blob.len < sizeof(u_int32_t) + sizeof(u_char) || read_uint32(&blob) != blob.len || diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index ba8158367..123d2a244 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -114,7 +114,6 @@ static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) u_int8_t sum[this->b]; u_int8_t *xkey = this->key; u_int8_t one[this->b]; - chunk_t xval_chunk = chunk_from_buf(xval); memset(one, 0, this->b); one[this->b - 1] = 0x01; @@ -129,7 +128,7 @@ static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) add_mod(this->b, xkey, xseed, xval); DBG3("XVAL %b", xval, this->b); /* b. wi = G(t, XVAL ) */ - this->g(this, xval_chunk, &w[i * this->b]); + this->g(this, chunk_create(xval, this->b), &w[i * this->b]); DBG3("w[%d] %b", i, &w[i * this->b], this->b); /* c. XKEY = (1 + XKEY + wi) mod 2b */ add_mod(this->b, xkey, &w[i * this->b], sum); diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 0b73a3791..fbb8189a6 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -153,30 +153,21 @@ struct private_x509_ac_t { refcount_t ref; }; -static u_char ASN1_group_oid_str[] = { +static chunk_t ASN1_group_oid = chunk_from_chars( 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a ,0x04 -}; - -static const chunk_t ASN1_group_oid = chunk_from_buf(ASN1_group_oid_str); - -static u_char ASN1_authorityKeyIdentifier_oid_str[] = { +); +static chunk_t ASN1_authorityKeyIdentifier_oid = chunk_from_chars( 0x06, 0x03, 0x55, 0x1d, 0x23 -}; - -static const chunk_t ASN1_authorityKeyIdentifier_oid = - chunk_from_buf(ASN1_authorityKeyIdentifier_oid_str); - -static u_char ASN1_noRevAvail_ext_str[] = { +); +static chunk_t ASN1_noRevAvail_ext = chunk_from_chars( 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x38, 0x04, 0x02, 0x05, 0x00 -}; - -static const chunk_t ASN1_noRevAvail_ext = chunk_from_buf(ASN1_noRevAvail_ext_str); +); /** * declaration of function implemented in x509_cert.c diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 0d9411fc0..a4bd628c8 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -171,10 +171,9 @@ struct private_x509_cert_t { refcount_t ref; }; -static u_char ASN1_sAN_oid_buf[] = { +static const chunk_t ASN1_subjectAltName_oid = chunk_from_chars( 0x06, 0x03, 0x55, 0x1D, 0x11 -}; -static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_sAN_oid_buf); +); /** * ASN.1 definition of a basicConstraints extension @@ -1341,16 +1340,16 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, if (cert->flags & X509_CA) { - chunk_t yes, keyid; + chunk_t keyid; - yes = chunk_alloca(1); - yes.ptr[0] = 0xFF; basicConstraints = asn1_wrap(ASN1_SEQUENCE, "mmm", asn1_build_known_oid(OID_BASIC_CONSTRAINTS), - asn1_wrap(ASN1_BOOLEAN, "c", yes), + asn1_wrap(ASN1_BOOLEAN, "c", + chunk_from_chars(0xFF)), asn1_wrap(ASN1_OCTET_STRING, "m", asn1_wrap(ASN1_SEQUENCE, "m", - asn1_wrap(ASN1_BOOLEAN, "c", yes)))); + asn1_wrap(ASN1_BOOLEAN, "c", + chunk_from_chars(0xFF))))); /* add subjectKeyIdentifier to CA certificates */ if (cert->public_key->get_fingerprint(cert->public_key, KEY_ID_PUBKEY_SHA1, &keyid)) diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index e0d9905f1..f86f87751 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -81,29 +81,23 @@ struct private_x509_ocsp_request_t { refcount_t ref; }; -static u_char ASN1_nonce_oid_str[] = { +static const chunk_t ASN1_nonce_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02 -}; - -static u_char ASN1_response_oid_str[] = { +); +static const chunk_t ASN1_response_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04 -}; - -static u_char ASN1_response_content_str[] = { +); +static const chunk_t ASN1_response_content = chunk_from_chars( 0x04, 0x0D, 0x30, 0x0B, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01 -}; - -static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str); -static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str); -static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str); +); /** * build requestorName diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 2b60df323..02713ad33 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -130,29 +130,23 @@ typedef struct { #define OCSP_BASIC_RESPONSE_VERSION 1 /* some OCSP specific prefabricated ASN.1 constants */ -static u_char ASN1_nonce_oid_str[] = { +static const chunk_t ASN1_nonce_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02 -}; - -static u_char ASN1_response_oid_str[] = { +); +static const chunk_t ASN1_response_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04 -}; - -static u_char ASN1_response_content_str[] = { +); +static const chunk_t ASN1_response_content = chunk_from_chars( 0x04, 0x0D, 0x30, 0x0B, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01 -}; - -static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str); -static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str); -static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str); +); /** * Implementaiton of ocsp_response_t.get_status diff --git a/src/pluto/crl.c b/src/pluto/crl.c index 84d58ab85..52f46e701 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -290,7 +290,7 @@ bool insert_crl(x509crl_t *crl, chunk_t crl_uri, bool cache_crl) { char path[BUF_LEN], buf[BUF_LEN]; char digest_buf[HASH_SIZE_SHA1]; - chunk_t subjectKeyID = chunk_from_buf(digest_buf); + chunk_t subjectKeyID = chunk_create(digest_buf, sizeof(digest_buf)); bool has_keyID; if (issuer_cert->subjectKeyID.ptr == NULL) diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 21cecd90b..5cc8ff23e 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -1233,12 +1233,9 @@ static bool generate_skeyids_iv(struct state *st) /* generate SKEYID_* from SKEYID */ { - char buf_skeyid_d[] = { 0x00 }; - char buf_skeyid_a[] = { 0x01 }; - char buf_skeyid_e[] = { 0x02 }; - chunk_t seed_skeyid_d = chunk_from_buf(buf_skeyid_d); - chunk_t seed_skeyid_a = chunk_from_buf(buf_skeyid_a); - chunk_t seed_skeyid_e = chunk_from_buf(buf_skeyid_e); + chunk_t seed_skeyid_d = chunk_from_chars(0x00); + chunk_t seed_skeyid_a = chunk_from_chars(0x01); + chunk_t seed_skeyid_e = chunk_from_chars(0x02); chunk_t icookie = { st->st_icookie, COOKIE_SIZE }; chunk_t rcookie = { st->st_rcookie, COOKIE_SIZE }; pseudo_random_function_t prf_alg; @@ -1308,8 +1305,7 @@ static bool generate_skeyids_iv(struct state *st) if (keysize > st->st_skeyid_e.len) { u_char keytemp[MAX_OAKLEY_KEY_LEN + MAX_DIGEST_LEN]; - char seed_buf[] = { 0x00 }; - chunk_t seed = chunk_from_buf(seed_buf); + chunk_t seed = chunk_from_chars(0x00); size_t prf_block_size, i; pseudo_random_function_t prf_alg; prf_t *prf; @@ -1775,8 +1771,7 @@ static size_t quick_mode_hash12(u_char *dest, u_char *start, u_char *roof, */ static size_t quick_mode_hash3(u_char *dest, struct state *st) { - char seed_buf[] = { 0x00 }; - chunk_t seed_chunk = chunk_from_buf(seed_buf); + chunk_t seed_chunk = chunk_from_chars(0x00); chunk_t msgid_chunk = chunk_from_thing(st->st_msgid); pseudo_random_function_t prf_alg; prf_t *prf; @@ -3466,8 +3461,7 @@ stf_status main_inR2_outI3(struct msg_digest *md) /* HASH_I or SIG_I out */ { - u_char hash_buf[MAX_DIGEST_LEN]; - chunk_t hash = chunk_from_buf(hash_buf); + chunk_t hash = chunk_alloca(MAX_DIGEST_LEN); main_mode_hash(st, &hash, TRUE, &id_pbs); @@ -3558,8 +3552,7 @@ main_id_and_auth(struct msg_digest *md , const struct key_continuation *kc /* current state, can be NULL */ ) { - u_char hash_buf[MAX_DIGEST_LEN]; - chunk_t hash = chunk_from_buf(hash_buf); + chunk_t hash = chunk_alloca(MAX_DIGEST_LEN); struct state *st = md->st; struct id peer; stf_status r = STF_OK; @@ -3881,8 +3874,7 @@ main_inI3_outR3_tail(struct msg_digest *md /* HASH_R or SIG_R out */ { - u_char hash_buf[MAX_DIGEST_LEN]; - chunk_t hash = chunk_from_buf(hash_buf); + chunk_t hash = chunk_alloca(MAX_DIGEST_LEN); main_mode_hash(st, &hash, FALSE, &r_id_pbs); diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c index 49225a68c..da81ce2d8 100644 --- a/src/pluto/ocsp.c +++ b/src/pluto/ocsp.c @@ -126,26 +126,17 @@ struct request_list { }; /* some OCSP specific prefabricated ASN.1 constants */ - -static u_char ASN1_nonce_oid_str[] = { +static const chunk_t ASN1_nonce_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02 -}; - -static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str); - -static u_char ASN1_response_oid_str[] = { +); +static const chunk_t ASN1_response_oid = chunk_from_chars( 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04 -}; - -static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str); - -static u_char ASN1_response_content_str[] = { +); +static const chunk_t ASN1_response_content = chunk_from_chars( 0x04, 0x0D, 0x30, 0x0B, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01 -}; - -static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str); +); /* default OCSP uri */ static chunk_t ocsp_default_uri; @@ -726,8 +717,7 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc) { hasher_t *hasher; u_char *pos; - u_char digest_buf[HASH_SIZE_SHA1]; - chunk_t digest = chunk_from_buf(digest_buf); + chunk_t digest; chunk_t digest_info, sigdata; size_t siglen = 0; @@ -756,7 +746,7 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc) { return chunk_empty; } - hasher->get_hash(hasher, tbs, digest_buf); + hasher->allocate_hash(hasher, tbs, &digest); hasher->destroy(hasher); /* according to PKCS#1 v2.1 digest must be packaged into @@ -764,7 +754,7 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc) */ digest_info = asn1_wrap(ASN1_SEQUENCE, "mm" , asn1_algorithmIdentifier(OID_SHA1) - , asn1_simple_object(ASN1_OCTET_STRING, digest)); + , asn1_wrap(ASN1_OCTET_STRING, "m", digest)); pos = asn1_build_object(&sigdata, ASN1_BIT_STRING, 1 + siglen); *pos++ = 0x00; diff --git a/src/pluto/pgpcert.c b/src/pluto/pgpcert.c index e1561665a..2b1f5cbb8 100644 --- a/src/pluto/pgpcert.c +++ b/src/pluto/pgpcert.c @@ -261,10 +261,9 @@ static bool parse_pgp_pubkey_packet(chunk_t *packet, pgpcert_t *cert) /* compute V4 or V3 fingerprint according to section 12.2 of RFC 4880 */ if (cert->version == 4) { - char pubkey_packet_header_buf[] = { + chunk_t pubkey_packet_header = chunk_from_chars( 0x99, pubkey_packet.len / 256, pubkey_packet.len % 256 - }; - chunk_t pubkey_packet_header = chunk_from_buf(pubkey_packet_header_buf); + ); chunk_t hash; hasher_t *hasher; diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c index edeb5ae12..57310a73c 100644 --- a/src/pluto/pkcs7.c +++ b/src/pluto/pkcs7.c @@ -130,77 +130,34 @@ static const asn1Object_t envelopedDataObjects[] = { /** * PKCS7 contentInfo OIDs */ - -static u_char ASN1_pkcs7_data_oid_str[] = { +static chunk_t ASN1_pkcs7_data_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 -}; - -static u_char ASN1_pkcs7_signed_data_oid_str[] = { +); +static chunk_t ASN1_pkcs7_signed_data_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 -}; - -static u_char ASN1_pkcs7_enveloped_data_oid_str[] = { +); +static chunk_t ASN1_pkcs7_enveloped_data_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03 -}; - -static u_char ASN1_pkcs7_signed_enveloped_data_oid_str[] = { +); +static chunk_t ASN1_pkcs7_signed_enveloped_data_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x04 -}; - -static u_char ASN1_pkcs7_digested_data_oid_str[] = { - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05 -}; - -static char ASN1_pkcs7_encrypted_data_oid_str[] = { +); +static chunk_t ASN1_pkcs7_digested_data_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06 -}; - -static const chunk_t ASN1_pkcs7_data_oid = - chunk_from_buf(ASN1_pkcs7_data_oid_str); -static const chunk_t ASN1_pkcs7_signed_data_oid = - chunk_from_buf(ASN1_pkcs7_signed_data_oid_str); -static const chunk_t ASN1_pkcs7_enveloped_data_oid = - chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str); -static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid = - chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str); -static const chunk_t ASN1_pkcs7_digested_data_oid = - chunk_from_buf(ASN1_pkcs7_digested_data_oid_str); -static const chunk_t ASN1_pkcs7_encrypted_data_oid = - chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str); - -/** - * 3DES and DES encryption OIDs - */ - -static u_char ASN1_3des_ede_cbc_oid_str[] = { - 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07 -}; - -static u_char ASN1_des_cbc_oid_str[] = { - 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x07 -}; - -static const chunk_t ASN1_3des_ede_cbc_oid = - chunk_from_buf(ASN1_3des_ede_cbc_oid_str); -static const chunk_t ASN1_des_cbc_oid = - chunk_from_buf(ASN1_des_cbc_oid_str); +); +static chunk_t ASN1_pkcs7_encrypted_data_oid = chunk_from_chars( + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05 +); /** * PKCS#7 attribute type OIDs */ - -static u_char ASN1_contentType_oid_str[] = { +static chunk_t ASN1_contentType_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03 -}; - -static u_char ASN1_messageDigest_oid_str[] = { +); +static chunk_t ASN1_messageDigest_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04 -}; - -static const chunk_t ASN1_contentType_oid = - chunk_from_buf(ASN1_contentType_oid_str); -static const chunk_t ASN1_messageDigest_oid = - chunk_from_buf(ASN1_messageDigest_oid_str); +); /** * Parse PKCS#7 ContentInfo object diff --git a/src/pluto/x509.c b/src/pluto/x509.c index 9d4448c94..f1d079560 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -333,11 +333,9 @@ static const x501rdn_t x501rdns[] = { #define X501_RDN_ROOF 26 -static u_char ASN1_subjectAltName_oid_str[] = { +static chunk_t ASN1_subjectAltName_oid = chunk_from_chars( 0x06, 0x03, 0x55, 0x1D, 0x11 -}; - -static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_subjectAltName_oid_str); +); static void update_chunk(chunk_t *ch, int n) { @@ -345,7 +343,6 @@ static void update_chunk(chunk_t *ch, int n) ch->ptr += n; ch->len -= n; } - /** * Pointer is set to the first RDN in a DN */ diff --git a/src/scepclient/pkcs10.c b/src/scepclient/pkcs10.c index 654626d15..95fd768b7 100644 --- a/src/scepclient/pkcs10.c +++ b/src/scepclient/pkcs10.c @@ -37,18 +37,12 @@ #include "pkcs10.h" /* some pre-coded OIDs */ - -static u_char ASN1_challengePassword_oid_str[] = { +static chunk_t ASN1_challengePassword_oid = chunk_from_chars( 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07 -}; - -static const chunk_t ASN1_challengePassword_oid = chunk_from_buf(ASN1_challengePassword_oid_str); - -static u_char ASN1_extensionRequest_oid_str[] = { +); +static const chunk_t ASN1_extensionRequest_oid = chunk_from_chars( 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E -}; - -static const chunk_t ASN1_extensionRequest_oid = chunk_from_buf(ASN1_extensionRequest_oid_str); +); /** * @brief Adds a subjectAltName in DER-coded form to a linked list diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c index f496ece33..86fd5656e 100644 --- a/src/scepclient/scep.c +++ b/src/scepclient/scep.c @@ -39,24 +39,15 @@ #include "scep.h" -static char ASN1_messageType_oid_str[] = { +static const chunk_t ASN1_messageType_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02 -}; - -static char ASN1_senderNonce_oid_str[] = { +); +static const chunk_t ASN1_senderNonce_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05 -}; - -static char ASN1_transId_oid_str[] = { +); +static const chunk_t ASN1_transId_oid = chunk_from_chars( 0x06, 0x0A, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07 -}; - -static const chunk_t ASN1_messageType_oid = - chunk_from_buf(ASN1_messageType_oid_str); -static const chunk_t ASN1_senderNonce_oid = - chunk_from_buf(ASN1_senderNonce_oid_str); -static const chunk_t ASN1_transId_oid = - chunk_from_buf(ASN1_transId_oid_str); +); static const char *pkiStatus_values[] = { "0", "2", "3" }; @@ -267,12 +258,11 @@ end: */ chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10) { - char digest_buf[HASH_SIZE_MD5]; - chunk_t digest = chunk_from_buf(digest_buf); + chunk_t digest = chunk_alloca(HASH_SIZE_MD5); hasher_t *hasher; hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - hasher->get_hash(hasher, pkcs10, digest_buf); + hasher->get_hash(hasher, pkcs10, digest.ptr); hasher->destroy(hasher); return chunk_to_hex(digest, NULL, FALSE); @@ -285,8 +275,7 @@ chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10) void scep_generate_transaction_id(public_key_t *key, chunk_t *transID, chunk_t *serialNumber) { - char digest_buf[HASH_SIZE_MD5]; - chunk_t digest = chunk_from_buf(digest_buf); + chunk_t digest = chunk_alloca(HASH_SIZE_MD5); chunk_t keyEncoding = chunk_empty, keyInfo; hasher_t *hasher; bool msb_set; @@ -299,7 +288,7 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID, asn1_bitstring("m", keyEncoding)); hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - hasher->get_hash(hasher, keyInfo, digest_buf); + hasher->get_hash(hasher, keyInfo, digest.ptr); hasher->destroy(hasher); free(keyInfo.ptr);