added CERT_ROOF
[strongswan.git] / src / charon / encoding / payloads / certreq_payload.c
1 /**
2 * @file certreq_payload.c
3 *
4 * @brief Implementation of certreq_payload_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005-2006 Martin Willi
10 * Copyright (C) 2005 Jan Hutter
11 * Hochschule fuer Technik Rapperswil
12 *
13 * This program is free software; you can redistribute it and/or modify it
14 * under the terms of the GNU General Public License as published by the
15 * Free Software Foundation; either version 2 of the License, or (at your
16 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * for more details.
22 */
23
24 #include <stddef.h>
25 #include <string.h>
26
27 #include <daemon.h>
28 #include <crypto/hashers/hasher.h>
29 #include <crypto/ca.h>
30
31 #include "certreq_payload.h"
32
33
34 typedef struct private_certreq_payload_t private_certreq_payload_t;
35
36 /**
37 * Private data of an certreq_payload_t object.
38 *
39 */
40 struct private_certreq_payload_t {
41 /**
42 * Public certreq_payload_t interface.
43 */
44 certreq_payload_t public;
45
46 /**
47 * Next payload type.
48 */
49 u_int8_t next_payload;
50
51 /**
52 * Critical flag.
53 */
54 bool critical;
55
56 /**
57 * Length of this payload.
58 */
59 u_int16_t payload_length;
60
61 /**
62 * Encoding of the CERT Data.
63 */
64 u_int8_t cert_encoding;
65
66 /**
67 * The contained certreq data value.
68 */
69 chunk_t certreq_data;
70 };
71
72 /**
73 * Encoding rules to parse or generate a CERTREQ payload
74 *
75 * The defined offsets are the positions in a object of type
76 * private_certreq_payload_t.
77 *
78 */
79 encoding_rule_t certreq_payload_encodings[] = {
80 /* 1 Byte next payload type, stored in the field next_payload */
81 { U_INT_8, offsetof(private_certreq_payload_t, next_payload) },
82 /* the critical bit */
83 { FLAG, offsetof(private_certreq_payload_t, critical) },
84 /* 7 Bit reserved bits, nowhere stored */
85 { RESERVED_BIT, 0 },
86 { RESERVED_BIT, 0 },
87 { RESERVED_BIT, 0 },
88 { RESERVED_BIT, 0 },
89 { RESERVED_BIT, 0 },
90 { RESERVED_BIT, 0 },
91 { RESERVED_BIT, 0 },
92 /* Length of the whole payload*/
93 { PAYLOAD_LENGTH, offsetof(private_certreq_payload_t, payload_length)},
94 /* 1 Byte CERTREQ type*/
95 { U_INT_8, offsetof(private_certreq_payload_t, cert_encoding)},
96 /* some certreq data bytes, length is defined in PAYLOAD_LENGTH */
97 { CERTREQ_DATA, offsetof(private_certreq_payload_t, certreq_data)}
98 };
99
100 /*
101 1 2 3
102 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
103 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
104 ! Next Payload !C! RESERVED ! Payload Length !
105 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
106 ! Cert Encoding ! !
107 +-+-+-+-+-+-+-+-+ !
108 ~ Certification Authority ~
109 ! !
110 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
111 */
112
113 /**
114 * Implementation of payload_t.verify.
115 */
116 static status_t verify(private_certreq_payload_t *this)
117 {
118 if ((this->cert_encoding == 0) ||
119 ((this->cert_encoding >= CERT_ROOF) && (this->cert_encoding <= 200)))
120 {
121 /* reserved IDs */
122 return FAILED;
123 }
124 return SUCCESS;
125 }
126
127 /**
128 * Implementation of certreq_payload_t.get_encoding_rules.
129 */
130 static void get_encoding_rules(private_certreq_payload_t *this, encoding_rule_t **rules, size_t *rule_count)
131 {
132 *rules = certreq_payload_encodings;
133 *rule_count = sizeof(certreq_payload_encodings) / sizeof(encoding_rule_t);
134 }
135
136 /**
137 * Implementation of payload_t.get_type.
138 */
139 static payload_type_t get_payload_type(private_certreq_payload_t *this)
140 {
141 return CERTIFICATE_REQUEST;
142 }
143
144 /**
145 * Implementation of payload_t.get_next_type.
146 */
147 static payload_type_t get_next_type(private_certreq_payload_t *this)
148 {
149 return (this->next_payload);
150 }
151
152 /**
153 * Implementation of payload_t.set_next_type.
154 */
155 static void set_next_type(private_certreq_payload_t *this,payload_type_t type)
156 {
157 this->next_payload = type;
158 }
159
160 /**
161 * Implementation of payload_t.get_length.
162 */
163 static size_t get_length(private_certreq_payload_t *this)
164 {
165 return this->payload_length;
166 }
167
168 /**
169 * Implementation of certreq_payload_t.set_cert_encoding.
170 */
171 static void set_cert_encoding (private_certreq_payload_t *this, cert_encoding_t encoding)
172 {
173 this->cert_encoding = encoding;
174 }
175
176 /**
177 * Implementation of certreq_payload_t.get_cert_encoding.
178 */
179 static cert_encoding_t get_cert_encoding (private_certreq_payload_t *this)
180 {
181 return (this->cert_encoding);
182 }
183
184 /**
185 * Implementation of certreq_payload_t.set_data.
186 */
187 static void set_data (private_certreq_payload_t *this, chunk_t data)
188 {
189 if (this->certreq_data.ptr != NULL)
190 {
191 chunk_free(&(this->certreq_data));
192 }
193 this->certreq_data.ptr = clalloc(data.ptr,data.len);
194 this->certreq_data.len = data.len;
195 this->payload_length = CERTREQ_PAYLOAD_HEADER_LENGTH + this->certreq_data.len;
196 }
197
198 /**
199 * Implementation of certreq_payload_t.get_data.
200 */
201 static chunk_t get_data (private_certreq_payload_t *this)
202 {
203 return (this->certreq_data);
204 }
205
206 /**
207 * Implementation of certreq_payload_t.get_data_clone.
208 */
209 static chunk_t get_data_clone (private_certreq_payload_t *this)
210 {
211 chunk_t cloned_data;
212 if (this->certreq_data.ptr == NULL)
213 {
214 return (this->certreq_data);
215 }
216 cloned_data.ptr = clalloc(this->certreq_data.ptr,this->certreq_data.len);
217 cloned_data.len = this->certreq_data.len;
218 return cloned_data;
219 }
220
221 /**
222 * Implementation of payload_t.destroy and certreq_payload_t.destroy.
223 */
224 static void destroy(private_certreq_payload_t *this)
225 {
226 if (this->certreq_data.ptr != NULL)
227 {
228 chunk_free(&(this->certreq_data));
229 }
230
231 free(this);
232 }
233
234 /*
235 * Described in header
236 */
237 certreq_payload_t *certreq_payload_create()
238 {
239 private_certreq_payload_t *this = malloc_thing(private_certreq_payload_t);
240
241 /* interface functions */
242 this->public.payload_interface.verify = (status_t (*) (payload_t*))verify;
243 this->public.payload_interface.get_encoding_rules = (void (*) (payload_t*,encoding_rule_t**,size_t*))get_encoding_rules;
244 this->public.payload_interface.get_length = (size_t (*) (payload_t*))get_length;
245 this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t*))get_next_type;
246 this->public.payload_interface.set_next_type = (void (*) (payload_t*,payload_type_t))set_next_type;
247 this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type;
248 this->public.payload_interface.destroy = (void (*) (payload_t*))destroy;
249
250 /* public functions */
251 this->public.destroy = (void (*) (certreq_payload_t*)) destroy;
252 this->public.set_cert_encoding = (void (*) (certreq_payload_t*,cert_encoding_t))set_cert_encoding;
253 this->public.get_cert_encoding = (cert_encoding_t (*) (certreq_payload_t*))get_cert_encoding;
254 this->public.set_data = (void (*) (certreq_payload_t*,chunk_t))set_data;
255 this->public.get_data_clone = (chunk_t (*) (certreq_payload_t*))get_data_clone;
256 this->public.get_data = (chunk_t (*) (certreq_payload_t*))get_data;
257
258 /* private variables */
259 this->critical = FALSE;
260 this->next_payload = NO_PAYLOAD;
261 this->payload_length =CERTREQ_PAYLOAD_HEADER_LENGTH;
262 this->certreq_data = chunk_empty;
263
264 return (&(this->public));
265 }
266
267 /*
268 * Described in header
269 */
270 certreq_payload_t *certreq_payload_create_from_cacert(identification_t *id)
271 {
272 x509_t *cacert;
273 rsa_public_key_t *pubkey;
274 chunk_t keyid;
275 certreq_payload_t *this;
276
277 cacert = charon->credentials->get_auth_certificate(charon->credentials, AUTH_CA, id);
278 if (cacert == NULL)
279 {
280 /* no such CA cert */
281 return NULL;
282 }
283
284 this = certreq_payload_create();
285 pubkey = cacert->get_public_key(cacert);
286 keyid = pubkey->get_keyid(pubkey);
287
288 DBG2(DBG_IKE, "requesting certificate issued by '%D'", id);
289 DBG2(DBG_IKE, " with keyid %#B", &keyid);
290
291 this->set_cert_encoding(this, CERT_X509_SIGNATURE);
292 this->set_data(this, keyid);
293 return this;
294 }
295
296 /*
297 * Described in header
298 */
299 certreq_payload_t *certreq_payload_create_from_cacerts(void)
300 {
301 certreq_payload_t *this;
302 chunk_t keyids;
303 u_char *pos;
304 ca_info_t *cainfo;
305
306 iterator_t *iterator = charon->credentials->create_cainfo_iterator(charon->credentials);
307 int count = iterator->get_count(iterator);
308
309 if (count == 0)
310 {
311 iterator->destroy(iterator);
312 return NULL;
313 }
314
315 this = certreq_payload_create();
316 keyids = chunk_alloc(count * HASH_SIZE_SHA1);
317 pos = keyids.ptr;
318
319 while (iterator->iterate(iterator, (void**)&cainfo))
320 {
321 x509_t *cacert = cainfo->get_certificate(cainfo);
322 chunk_t keyid = cacert->get_keyid(cacert);
323
324 DBG2(DBG_IKE, "requesting certificate issued by '%D'", cacert->get_subject(cacert));
325 DBG2(DBG_IKE, " with keyid %#B", &keyid);
326 memcpy(pos, keyid.ptr, keyid.len);
327 pos += HASH_SIZE_SHA1;
328 }
329 iterator->destroy(iterator);
330
331 this->set_cert_encoding(this, CERT_X509_SIGNATURE);
332 this->set_data(this, keyids);
333 free(keyids.ptr);
334 return this;
335 }