src/libcharon/encoding/payloads/certreq_payload.c

   1 /*
   2  * Copyright (C) 2005-2010 Martin Willi
   3  * Copyright (C) 2010 revosec AG
   4  * Copyright (C) 2005 Jan Hutter
   5  * Hochschule fuer Technik Rapperswil
   6  *
   7  * This program is free software; you can redistribute it and/or modify it
   8  * under the terms of the GNU General Public License as published by the
   9  * Free Software Foundation; either version 2 of the License, or (at your
  10  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  11  *
  12  * This program is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  14  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  15  * for more details.
  16  */
  17
  18 #include <stddef.h>
  19
  20 #include <daemon.h>
  21 #include <crypto/hashers/hasher.h>
  22 #include <encoding/payloads/cert_payload.h>
  23
  24 #include "certreq_payload.h"
  25
  26 typedef struct private_certreq_payload_t private_certreq_payload_t;
  27
  28 /**
  29  * Private data of an certreq_payload_t object.
  30  */
  31 struct private_certreq_payload_t {
  32
  33         /**
  34          * Public certreq_payload_t interface.
  35          */
  36         certreq_payload_t public;
  37
  38         /**
  39          * Next payload type.
  40          */
  41         u_int8_t  next_payload;
  42
  43         /**
  44          * Critical flag.
  45          */
  46         bool critical;
  47
  48         /**
  49          * Reserved bits
  50          */
  51         bool reserved[7];
  52
  53         /**
  54          * Length of this payload.
  55          */
  56         u_int16_t payload_length;
  57
  58         /**
  59          * Encoding of the CERT Data.
  60          */
  61         u_int8_t encoding;
  62
  63         /**
  64          * The contained certreq data value.
  65          */
  66         chunk_t data;
  67 };
  68
  69 /**
  70  * Encoding rules to parse or generate a CERTREQ payload
  71  *
  72  * The defined offsets are the positions in a object of type
  73  * private_certreq_payload_t.
  74  */
  75 static encoding_rule_t encodings[] = {
  76         /* 1 Byte next payload type, stored in the field next_payload */
  77         { U_INT_8,                      offsetof(private_certreq_payload_t, next_payload)       },
  78         /* the critical bit */
  79         { FLAG,                         offsetof(private_certreq_payload_t, critical)           },
  80         /* 7 Bit reserved bits */
  81         { RESERVED_BIT,         offsetof(private_certreq_payload_t, reserved[0])        },
  82         { RESERVED_BIT,         offsetof(private_certreq_payload_t, reserved[1])        },
  83         { RESERVED_BIT,         offsetof(private_certreq_payload_t, reserved[2])        },
  84         { RESERVED_BIT,         offsetof(private_certreq_payload_t, reserved[3])        },
  85         { RESERVED_BIT,         offsetof(private_certreq_payload_t, reserved[4])        },
  86         { RESERVED_BIT,         offsetof(private_certreq_payload_t, reserved[5])        },
  87         { RESERVED_BIT,         offsetof(private_certreq_payload_t, reserved[6])        },
  88         /* Length of the whole payload*/
  89         { PAYLOAD_LENGTH,       offsetof(private_certreq_payload_t, payload_length)     },
  90         /* 1 Byte CERTREQ type*/
  91         { U_INT_8,                      offsetof(private_certreq_payload_t, encoding)           },
  92         /* some certreq data bytes, length is defined in PAYLOAD_LENGTH */
  93         { CERTREQ_DATA,         offsetof(private_certreq_payload_t, data)                       }
  94 };
  95
  96 /*
  97                            1                   2                   3
  98        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  99       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 100       ! Next Payload  !C!  RESERVED   !         Payload Length        !
 101       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 102       ! Cert Encoding !                                               !
 103       +-+-+-+-+-+-+-+-+                                               !
 104       ~                    Certification Authority                    ~
 105       !                                                               !
 106       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 107 */
 108
 109 METHOD(payload_t, verify, status_t,
 110         private_certreq_payload_t *this)
 111 {
 112         if (this->encoding == ENC_X509_SIGNATURE)
 113         {
 114                 if (this->data.len < HASH_SIZE_SHA1 ||
 115                         this->data.len % HASH_SIZE_SHA1)
 116                 {
 117                         DBG1(DBG_ENC, "invalid X509 hash length (%d) in certreq",
 118                                  this->data.len);
 119                         return FAILED;
 120                 }
 121         }
 122         return SUCCESS;
 123 }
 124
 125 METHOD(payload_t, get_encoding_rules, int,
 126         private_certreq_payload_t *this, encoding_rule_t **rules)
 127 {
 128         *rules = encodings;
 129         return countof(encodings);
 130 }
 131
 132 METHOD(payload_t, get_type, payload_type_t,
 133         private_certreq_payload_t *this)
 134 {
 135         return CERTIFICATE_REQUEST;
 136 }
 137
 138 METHOD(payload_t, get_next_type, payload_type_t,
 139         private_certreq_payload_t *this)
 140 {
 141         return this->next_payload;
 142 }
 143
 144 METHOD(payload_t, set_next_type, void,
 145         private_certreq_payload_t *this, payload_type_t type)
 146 {
 147         this->next_payload = type;
 148 }
 149
 150 METHOD(payload_t, get_length, size_t,
 151         private_certreq_payload_t *this)
 152 {
 153         return this->payload_length;
 154 }
 155
 156 METHOD(certreq_payload_t, add_keyid, void,
 157         private_certreq_payload_t *this, chunk_t keyid)
 158 {
 159         this->data = chunk_cat("mc", this->data, keyid);
 160         this->payload_length += keyid.len;
 161 }
 162
 163 typedef struct keyid_enumerator_t keyid_enumerator_t;
 164
 165 /**
 166  * enumerator to enumerate keyids
 167  */
 168 struct keyid_enumerator_t  {
 169         enumerator_t public;
 170         chunk_t full;
 171         u_char *pos;
 172 };
 173
 174 METHOD(enumerator_t, keyid_enumerate, bool,
 175         keyid_enumerator_t *this, chunk_t *chunk)
 176 {
 177         if (this->pos == NULL)
 178         {
 179                 this->pos = this->full.ptr;
 180         }
 181         else
 182         {
 183                 this->pos += HASH_SIZE_SHA1;
 184                 if (this->pos > (this->full.ptr + this->full.len - HASH_SIZE_SHA1))
 185                 {
 186                         this->pos = NULL;
 187                 }
 188         }
 189         if (this->pos)
 190         {
 191                 chunk->ptr = this->pos;
 192                 chunk->len = HASH_SIZE_SHA1;
 193                 return TRUE;
 194         }
 195         return FALSE;
 196 }
 197
 198 METHOD(certreq_payload_t, create_keyid_enumerator, enumerator_t*,
 199         private_certreq_payload_t *this)
 200 {
 201         keyid_enumerator_t *enumerator;
 202
 203         INIT(enumerator,
 204                 .public = {
 205                         .enumerate = (void*)_keyid_enumerate,
 206                         .destroy = (void*)free,
 207                 },
 208                 .full = this->data,
 209         );
 210         return &enumerator->public;
 211 }
 212
 213 METHOD(certreq_payload_t, get_cert_type, certificate_type_t,
 214         private_certreq_payload_t *this)
 215 {
 216         switch (this->encoding)
 217         {
 218                 case ENC_X509_SIGNATURE:
 219                         return CERT_X509;
 220                 default:
 221                         return CERT_ANY;
 222         }
 223 }
 224
 225 METHOD2(payload_t, certreq_payload_t, destroy, void,
 226         private_certreq_payload_t *this)
 227 {
 228         chunk_free(&this->data);
 229         free(this);
 230 }
 231
 232 /*
 233  * Described in header
 234  */
 235 certreq_payload_t *certreq_payload_create()
 236 {
 237         private_certreq_payload_t *this;
 238
 239         INIT(this,
 240                 .public = {
 241                         .payload_interface = {
 242                                 .verify = _verify,
 243                                 .get_encoding_rules = _get_encoding_rules,
 244                                 .get_length = _get_length,
 245                                 .get_next_type = _get_next_type,
 246                                 .set_next_type = _set_next_type,
 247                                 .get_type = _get_type,
 248                                 .destroy = _destroy,
 249                         },
 250                         .create_keyid_enumerator = _create_keyid_enumerator,
 251                         .get_cert_type = _get_cert_type,
 252                         .add_keyid = _add_keyid,
 253                         .destroy = _destroy,
 254                 },
 255                 .next_payload = NO_PAYLOAD,
 256                 .payload_length = CERTREQ_PAYLOAD_HEADER_LENGTH,
 257         );
 258         return &this->public;
 259 }
 260
 261 /*
 262  * Described in header
 263  */
 264 certreq_payload_t *certreq_payload_create_type(certificate_type_t type)
 265 {
 266         private_certreq_payload_t *this = (private_certreq_payload_t*)certreq_payload_create();
 267
 268         switch (type)
 269         {
 270                 case CERT_X509:
 271                         this->encoding = ENC_X509_SIGNATURE;
 272                         break;
 273                 default:
 274                         DBG1(DBG_ENC, "certificate type %N not supported in requests",
 275                                  certificate_type_names, type);
 276                         free(this);
 277                         return NULL;
 278         }
 279         return &this->public;
 280 }
 281