ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

scepclient uses pkcs10 from libstrongswan

This commit is contained in:
Andreas Steffen 2009-09-28 05:52:20 +02:00
parent c72080cea8
commit 5406c65702
2 changed files with 0 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

216
src/scepclient/pkcs10.c
View File

@ -1,216 +0,0 @@
/**
* @file pkcs10.c
* @brief Functions to build PKCS#10 requests
*
* Contains functions to build DER encoded pkcs#10 certificate requests
*/
/* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <freeswan.h>
#include <asn1/asn1.h>
#include <asn1/oid.h>
#include "../pluto/constants.h"
#include "../pluto/defs.h"
#include "../pluto/log.h"
#include "../pluto/x509.h"
#include "pkcs10.h"
/* some pre-coded OIDs */
static chunk_t ASN1_challengePassword_oid = chunk_from_chars(
0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07
);
static const chunk_t ASN1_extensionRequest_oid = chunk_from_chars(
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E
);
/**
* Adds a subjectAltName in DER-coded form to a linked list
*
* @param[in] subjectAltNames linked list of subjectAltNames
* @param[in] kind type of the subjectAltName (which is a generalName)
* @param[in] value value of the subjectAltName as an ASCII string
*/
void pkcs10_add_subjectAltName(linked_list_t *subjectAltNames,
generalNames_t kind, char *value)
{
generalName_t *gn;
asn1_t asn1_type = ASN1_EOC;
chunk_t name = { value, strlen(value) };
switch (kind)
{
case GN_RFC822_NAME:
asn1_type = ASN1_CONTEXT_S_1;
break;
case GN_DNS_NAME:
asn1_type = ASN1_CONTEXT_S_2;
break;
case GN_IP_ADDRESS:
{
struct in_addr addr;
/* convert an ASCII dotted IPv4 address (e.g. 123.456.78.90)
* to a byte representation in network order
*/
if (!inet_aton(value, &addr))
{
fprintf(stderr, "error in IPv4 subjectAltName\n");
return;
}
asn1_type = ASN1_CONTEXT_S_7;
name.ptr = (u_char *) &addr.s_addr;
name.len = sizeof(addr.s_addr);
break;
}
default:
break;
}
gn = malloc_thing(generalName_t);
gn->kind = kind;
gn->name = asn1_simple_object(asn1_type, name);
gn->next = *subjectAltNames;
*subjectAltNames = gn;
}
/**
* Builds the requestInfoAttributes of the certificationRequestInfo-field
*
* challenge password ans subjectAltNames are only included,
* when avaiable in given #pkcs10_t structure
*
* @param[in] pkcs10 Pointer to a #pkcs10_t structure
* @return 1 if succeeded, 0 otherwise
*/
static chunk_t build_req_info_attributes(pkcs10_t* pkcs10)
{
chunk_t subjectAltNames = chunk_empty;
chunk_t challengePassword = chunk_empty;
if (pkcs10->subjectAltNames != NULL)
{
subjectAltNames = asn1_wrap(ASN1_SEQUENCE, "cm"
, ASN1_extensionRequest_oid
, asn1_wrap(ASN1_SET, "m"
, asn1_wrap(ASN1_SEQUENCE, "m"
, build_subjectAltNames(pkcs10->subjectAltNames)
)
)
);
}
if (pkcs10->challengePassword.len > 0)
{
asn1_t type = asn1_is_printablestring(pkcs10->challengePassword)
? ASN1_PRINTABLESTRING : ASN1_T61STRING;
challengePassword = asn1_wrap(ASN1_SEQUENCE, "cm"
, ASN1_challengePassword_oid
, asn1_wrap(ASN1_SET, "m"
, asn1_simple_object(type, pkcs10->challengePassword)
)
);
}
return asn1_wrap(ASN1_CONTEXT_C_0, "mm"
, subjectAltNames
, challengePassword);
}
/**
* Builds a DER-code pkcs#10 certificate request
*
* @param[in] pkcs10 pointer to a pkcs10_t struct
* @return DER-code pkcs10 request
*/
static chunk_t pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg)
{
chunk_t key = chunk_empty;
pkcs10->public_key->get_encoding(pkcs10->public_key, KEY_PUB_ASN1_DER, &key);
chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
asn1_bitstring("m", key));
chunk_t cert_req_info = asn1_wrap(ASN1_SEQUENCE, "ccmm",
ASN1_INTEGER_0,
pkcs10->subject,
keyInfo,
build_req_info_attributes(pkcs10));
chunk_t signature = x509_build_signature(cert_req_info, signature_alg,
pkcs10->private_key, TRUE);
return asn1_wrap(ASN1_SEQUENCE, "mmm",
cert_req_info,
asn1_algorithmIdentifier(signature_alg),
signature);
}
/**
* Creates a pkcs#10 certificate request object
*
* To create a certificate request, the RSA key and the
* names to be included as subject in the certificate request
* (e.g. commonName, organization) are needed. An optional challenge
* password or some subjectAltNames may be included.
*
* @param[in] key rsakey of type #rsakey_t
* @param[in] subject DER-coded subject distinguished name
* @param[in] challengePassword challenge password or chunk_empty
* @param[in] subjectAltNames linked list of subjectAltNames or NULL
* @return pointer to a #pkcs10_t object
*/
pkcs10_t* pkcs10_build(private_key_t *private, public_key_t *public,
chunk_t subject, chunk_t challengePassword,
linked_list_t *subjectAltNames, int signature_alg)
{
pkcs10_t *pkcs10 = malloc_thing(pkcs10_t);
pkcs10->subject = subject;
pkcs10->private_key = private;
pkcs10->public_key = public;
pkcs10->challengePassword = challengePassword;
pkcs10->subjectAltNames = subjectAltNames;
pkcs10->request = pkcs10_build_request(pkcs10, signature_alg);
return pkcs10;
}
/**
* Frees the resources used by an #pkcs10_t object
*
* @param[in] pkcs10 #pkcs10_t to free
*/
void pkcs10_free(pkcs10_t *pkcs10)
{
if (pkcs10 != NULL)
{
free(pkcs10->request.ptr);
free(pkcs10);
}
}

61
src/scepclient/pkcs10.h
View File

@ -1,61 +0,0 @@
/**
* @file pkcs10.h
* @brief Functions to build PKCS#10 Request's
*
* Contains functions to build DER encoded pkcs#10 certificate requests
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef _PKCS10_H
#define _PKCS10_H
#include <utils/linked_list.h>
#include <credentials/keys/private_key.h>
#include <credentials/keys/public_key.h>
#include "../pluto/defs.h"
#include "../pluto/x509.h"
typedef struct pkcs10_struct pkcs10_t;
/**
* @brief type representating a pkcs#10 request.
*
* A pkcs#10 request contains a distinguished name, an optional
* challenge password, a public key and optional subjectAltNames.
*
* The RSA private key is needed to compute the signature of the given request
*/
struct pkcs10_struct {
private_key_t *private_key;
public_key_t *public_key;
chunk_t request;
chunk_t subject;
chunk_t challengePassword;
linked_list_t *subjectAltNames;
};
extern const pkcs10_t empty_pkcs10;
extern void pkcs10_add_subjectAltName(linked_list_t *subjectAltNames,
generalNames_t kind, char *value);
extern pkcs10_t* pkcs10_build(private_key_t *private, public_key_t *public,
chunk_t subject, chunk_t challengePassword,
linked_list_t *subjectAltNames, int signature_alg);
extern void pkcs10_free(pkcs10_t *pkcs10);
#endif /* _PKCS10_H */