1ebfedea0SLionel Sambuc /* v3_sxnet.c */
2*0a6a1f1dSLionel Sambuc /*
3*0a6a1f1dSLionel Sambuc * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4*0a6a1f1dSLionel Sambuc * 1999.
5ebfedea0SLionel Sambuc */
6ebfedea0SLionel Sambuc /* ====================================================================
7ebfedea0SLionel Sambuc * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8ebfedea0SLionel Sambuc *
9ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
10ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
11ebfedea0SLionel Sambuc * are met:
12ebfedea0SLionel Sambuc *
13ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright
14ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer.
15ebfedea0SLionel Sambuc *
16ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
17ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in
18ebfedea0SLionel Sambuc * the documentation and/or other materials provided with the
19ebfedea0SLionel Sambuc * distribution.
20ebfedea0SLionel Sambuc *
21ebfedea0SLionel Sambuc * 3. All advertising materials mentioning features or use of this
22ebfedea0SLionel Sambuc * software must display the following acknowledgment:
23ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project
24ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25ebfedea0SLionel Sambuc *
26ebfedea0SLionel Sambuc * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27ebfedea0SLionel Sambuc * endorse or promote products derived from this software without
28ebfedea0SLionel Sambuc * prior written permission. For written permission, please contact
29ebfedea0SLionel Sambuc * licensing@OpenSSL.org.
30ebfedea0SLionel Sambuc *
31ebfedea0SLionel Sambuc * 5. Products derived from this software may not be called "OpenSSL"
32ebfedea0SLionel Sambuc * nor may "OpenSSL" appear in their names without prior written
33ebfedea0SLionel Sambuc * permission of the OpenSSL Project.
34ebfedea0SLionel Sambuc *
35ebfedea0SLionel Sambuc * 6. Redistributions of any form whatsoever must retain the following
36ebfedea0SLionel Sambuc * acknowledgment:
37ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project
38ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39ebfedea0SLionel Sambuc *
40ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41ebfedea0SLionel Sambuc * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43ebfedea0SLionel Sambuc * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44ebfedea0SLionel Sambuc * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45ebfedea0SLionel Sambuc * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46ebfedea0SLionel Sambuc * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47ebfedea0SLionel Sambuc * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49ebfedea0SLionel Sambuc * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50ebfedea0SLionel Sambuc * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51ebfedea0SLionel Sambuc * OF THE POSSIBILITY OF SUCH DAMAGE.
52ebfedea0SLionel Sambuc * ====================================================================
53ebfedea0SLionel Sambuc *
54ebfedea0SLionel Sambuc * This product includes cryptographic software written by Eric Young
55ebfedea0SLionel Sambuc * (eay@cryptsoft.com). This product includes software written by Tim
56ebfedea0SLionel Sambuc * Hudson (tjh@cryptsoft.com).
57ebfedea0SLionel Sambuc *
58ebfedea0SLionel Sambuc */
59ebfedea0SLionel Sambuc
60ebfedea0SLionel Sambuc #include <stdio.h>
61ebfedea0SLionel Sambuc #include "cryptlib.h"
62ebfedea0SLionel Sambuc #include <openssl/conf.h>
63ebfedea0SLionel Sambuc #include <openssl/asn1.h>
64ebfedea0SLionel Sambuc #include <openssl/asn1t.h>
65ebfedea0SLionel Sambuc #include <openssl/x509v3.h>
66ebfedea0SLionel Sambuc
67ebfedea0SLionel Sambuc /* Support for Thawte strong extranet extension */
68ebfedea0SLionel Sambuc
69ebfedea0SLionel Sambuc #define SXNET_TEST
70ebfedea0SLionel Sambuc
71*0a6a1f1dSLionel Sambuc static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
72*0a6a1f1dSLionel Sambuc int indent);
73ebfedea0SLionel Sambuc #ifdef SXNET_TEST
74ebfedea0SLionel Sambuc static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
75ebfedea0SLionel Sambuc STACK_OF(CONF_VALUE) *nval);
76ebfedea0SLionel Sambuc #endif
77ebfedea0SLionel Sambuc const X509V3_EXT_METHOD v3_sxnet = {
78ebfedea0SLionel Sambuc NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
79ebfedea0SLionel Sambuc 0, 0, 0, 0,
80ebfedea0SLionel Sambuc 0, 0,
81ebfedea0SLionel Sambuc 0,
82ebfedea0SLionel Sambuc #ifdef SXNET_TEST
83ebfedea0SLionel Sambuc (X509V3_EXT_V2I)sxnet_v2i,
84ebfedea0SLionel Sambuc #else
85ebfedea0SLionel Sambuc 0,
86ebfedea0SLionel Sambuc #endif
87ebfedea0SLionel Sambuc (X509V3_EXT_I2R)sxnet_i2r,
88ebfedea0SLionel Sambuc 0,
89ebfedea0SLionel Sambuc NULL
90ebfedea0SLionel Sambuc };
91ebfedea0SLionel Sambuc
92ebfedea0SLionel Sambuc ASN1_SEQUENCE(SXNETID) = {
93ebfedea0SLionel Sambuc ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
94ebfedea0SLionel Sambuc ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
95ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(SXNETID)
96ebfedea0SLionel Sambuc
97ebfedea0SLionel Sambuc IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
98ebfedea0SLionel Sambuc
99ebfedea0SLionel Sambuc ASN1_SEQUENCE(SXNET) = {
100ebfedea0SLionel Sambuc ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
101ebfedea0SLionel Sambuc ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
102ebfedea0SLionel Sambuc } ASN1_SEQUENCE_END(SXNET)
103ebfedea0SLionel Sambuc
104ebfedea0SLionel Sambuc IMPLEMENT_ASN1_FUNCTIONS(SXNET)
105ebfedea0SLionel Sambuc
106ebfedea0SLionel Sambuc static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
107ebfedea0SLionel Sambuc int indent)
108ebfedea0SLionel Sambuc {
109ebfedea0SLionel Sambuc long v;
110ebfedea0SLionel Sambuc char *tmp;
111ebfedea0SLionel Sambuc SXNETID *id;
112ebfedea0SLionel Sambuc int i;
113ebfedea0SLionel Sambuc v = ASN1_INTEGER_get(sx->version);
114ebfedea0SLionel Sambuc BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
115ebfedea0SLionel Sambuc for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
116ebfedea0SLionel Sambuc id = sk_SXNETID_value(sx->ids, i);
117ebfedea0SLionel Sambuc tmp = i2s_ASN1_INTEGER(NULL, id->zone);
118ebfedea0SLionel Sambuc BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
119ebfedea0SLionel Sambuc OPENSSL_free(tmp);
120ebfedea0SLionel Sambuc M_ASN1_OCTET_STRING_print(out, id->user);
121ebfedea0SLionel Sambuc }
122ebfedea0SLionel Sambuc return 1;
123ebfedea0SLionel Sambuc }
124ebfedea0SLionel Sambuc
125ebfedea0SLionel Sambuc #ifdef SXNET_TEST
126ebfedea0SLionel Sambuc
127*0a6a1f1dSLionel Sambuc /*
128*0a6a1f1dSLionel Sambuc * NBB: this is used for testing only. It should *not* be used for anything
129ebfedea0SLionel Sambuc * else because it will just take static IDs from the configuration file and
130ebfedea0SLionel Sambuc * they should really be separate values for each user.
131ebfedea0SLionel Sambuc */
132ebfedea0SLionel Sambuc
sxnet_v2i(X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)133ebfedea0SLionel Sambuc static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
134ebfedea0SLionel Sambuc STACK_OF(CONF_VALUE) *nval)
135ebfedea0SLionel Sambuc {
136ebfedea0SLionel Sambuc CONF_VALUE *cnf;
137ebfedea0SLionel Sambuc SXNET *sx = NULL;
138ebfedea0SLionel Sambuc int i;
139ebfedea0SLionel Sambuc for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
140ebfedea0SLionel Sambuc cnf = sk_CONF_VALUE_value(nval, i);
141ebfedea0SLionel Sambuc if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
142ebfedea0SLionel Sambuc return NULL;
143ebfedea0SLionel Sambuc }
144ebfedea0SLionel Sambuc return sx;
145ebfedea0SLionel Sambuc }
146ebfedea0SLionel Sambuc
147ebfedea0SLionel Sambuc #endif
148ebfedea0SLionel Sambuc
149ebfedea0SLionel Sambuc /* Strong Extranet utility functions */
150ebfedea0SLionel Sambuc
151ebfedea0SLionel Sambuc /* Add an id given the zone as an ASCII number */
152ebfedea0SLionel Sambuc
SXNET_add_id_asc(SXNET ** psx,char * zone,char * user,int userlen)153*0a6a1f1dSLionel Sambuc int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
154ebfedea0SLionel Sambuc {
155ebfedea0SLionel Sambuc ASN1_INTEGER *izone = NULL;
156ebfedea0SLionel Sambuc if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
157ebfedea0SLionel Sambuc X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
158ebfedea0SLionel Sambuc return 0;
159ebfedea0SLionel Sambuc }
160ebfedea0SLionel Sambuc return SXNET_add_id_INTEGER(psx, izone, user, userlen);
161ebfedea0SLionel Sambuc }
162ebfedea0SLionel Sambuc
163ebfedea0SLionel Sambuc /* Add an id given the zone as an unsigned long */
164ebfedea0SLionel Sambuc
SXNET_add_id_ulong(SXNET ** psx,unsigned long lzone,char * user,int userlen)165ebfedea0SLionel Sambuc int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
166ebfedea0SLionel Sambuc int userlen)
167ebfedea0SLionel Sambuc {
168ebfedea0SLionel Sambuc ASN1_INTEGER *izone = NULL;
169ebfedea0SLionel Sambuc if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
170ebfedea0SLionel Sambuc X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
171ebfedea0SLionel Sambuc M_ASN1_INTEGER_free(izone);
172ebfedea0SLionel Sambuc return 0;
173ebfedea0SLionel Sambuc }
174ebfedea0SLionel Sambuc return SXNET_add_id_INTEGER(psx, izone, user, userlen);
175ebfedea0SLionel Sambuc
176ebfedea0SLionel Sambuc }
177ebfedea0SLionel Sambuc
178*0a6a1f1dSLionel Sambuc /*
179*0a6a1f1dSLionel Sambuc * Add an id given the zone as an ASN1_INTEGER. Note this version uses the
180*0a6a1f1dSLionel Sambuc * passed integer and doesn't make a copy so don't free it up afterwards.
181ebfedea0SLionel Sambuc */
182ebfedea0SLionel Sambuc
SXNET_add_id_INTEGER(SXNET ** psx,ASN1_INTEGER * zone,char * user,int userlen)183ebfedea0SLionel Sambuc int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
184ebfedea0SLionel Sambuc int userlen)
185ebfedea0SLionel Sambuc {
186ebfedea0SLionel Sambuc SXNET *sx = NULL;
187ebfedea0SLionel Sambuc SXNETID *id = NULL;
188ebfedea0SLionel Sambuc if (!psx || !zone || !user) {
189*0a6a1f1dSLionel Sambuc X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
190*0a6a1f1dSLionel Sambuc X509V3_R_INVALID_NULL_ARGUMENT);
191ebfedea0SLionel Sambuc return 0;
192ebfedea0SLionel Sambuc }
193*0a6a1f1dSLionel Sambuc if (userlen == -1)
194*0a6a1f1dSLionel Sambuc userlen = strlen(user);
195ebfedea0SLionel Sambuc if (userlen > 64) {
196ebfedea0SLionel Sambuc X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG);
197ebfedea0SLionel Sambuc return 0;
198ebfedea0SLionel Sambuc }
199ebfedea0SLionel Sambuc if (!*psx) {
200*0a6a1f1dSLionel Sambuc if (!(sx = SXNET_new()))
201*0a6a1f1dSLionel Sambuc goto err;
202*0a6a1f1dSLionel Sambuc if (!ASN1_INTEGER_set(sx->version, 0))
203*0a6a1f1dSLionel Sambuc goto err;
204ebfedea0SLionel Sambuc *psx = sx;
205*0a6a1f1dSLionel Sambuc } else
206*0a6a1f1dSLionel Sambuc sx = *psx;
207ebfedea0SLionel Sambuc if (SXNET_get_id_INTEGER(sx, zone)) {
208ebfedea0SLionel Sambuc X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID);
209ebfedea0SLionel Sambuc return 0;
210ebfedea0SLionel Sambuc }
211ebfedea0SLionel Sambuc
212*0a6a1f1dSLionel Sambuc if (!(id = SXNETID_new()))
213*0a6a1f1dSLionel Sambuc goto err;
214*0a6a1f1dSLionel Sambuc if (userlen == -1)
215*0a6a1f1dSLionel Sambuc userlen = strlen(user);
216ebfedea0SLionel Sambuc
217*0a6a1f1dSLionel Sambuc if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen))
218*0a6a1f1dSLionel Sambuc goto err;
219*0a6a1f1dSLionel Sambuc if (!sk_SXNETID_push(sx->ids, id))
220*0a6a1f1dSLionel Sambuc goto err;
221ebfedea0SLionel Sambuc id->zone = zone;
222ebfedea0SLionel Sambuc return 1;
223ebfedea0SLionel Sambuc
224ebfedea0SLionel Sambuc err:
225ebfedea0SLionel Sambuc X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
226ebfedea0SLionel Sambuc SXNETID_free(id);
227ebfedea0SLionel Sambuc SXNET_free(sx);
228ebfedea0SLionel Sambuc *psx = NULL;
229ebfedea0SLionel Sambuc return 0;
230ebfedea0SLionel Sambuc }
231ebfedea0SLionel Sambuc
SXNET_get_id_asc(SXNET * sx,char * zone)232ebfedea0SLionel Sambuc ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
233ebfedea0SLionel Sambuc {
234ebfedea0SLionel Sambuc ASN1_INTEGER *izone = NULL;
235ebfedea0SLionel Sambuc ASN1_OCTET_STRING *oct;
236ebfedea0SLionel Sambuc if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
237ebfedea0SLionel Sambuc X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
238ebfedea0SLionel Sambuc return NULL;
239ebfedea0SLionel Sambuc }
240ebfedea0SLionel Sambuc oct = SXNET_get_id_INTEGER(sx, izone);
241ebfedea0SLionel Sambuc M_ASN1_INTEGER_free(izone);
242ebfedea0SLionel Sambuc return oct;
243ebfedea0SLionel Sambuc }
244ebfedea0SLionel Sambuc
SXNET_get_id_ulong(SXNET * sx,unsigned long lzone)245ebfedea0SLionel Sambuc ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
246ebfedea0SLionel Sambuc {
247ebfedea0SLionel Sambuc ASN1_INTEGER *izone = NULL;
248ebfedea0SLionel Sambuc ASN1_OCTET_STRING *oct;
249ebfedea0SLionel Sambuc if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
250ebfedea0SLionel Sambuc X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
251ebfedea0SLionel Sambuc M_ASN1_INTEGER_free(izone);
252ebfedea0SLionel Sambuc return NULL;
253ebfedea0SLionel Sambuc }
254ebfedea0SLionel Sambuc oct = SXNET_get_id_INTEGER(sx, izone);
255ebfedea0SLionel Sambuc M_ASN1_INTEGER_free(izone);
256ebfedea0SLionel Sambuc return oct;
257ebfedea0SLionel Sambuc }
258ebfedea0SLionel Sambuc
SXNET_get_id_INTEGER(SXNET * sx,ASN1_INTEGER * zone)259ebfedea0SLionel Sambuc ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
260ebfedea0SLionel Sambuc {
261ebfedea0SLionel Sambuc SXNETID *id;
262ebfedea0SLionel Sambuc int i;
263ebfedea0SLionel Sambuc for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
264ebfedea0SLionel Sambuc id = sk_SXNETID_value(sx->ids, i);
265*0a6a1f1dSLionel Sambuc if (!M_ASN1_INTEGER_cmp(id->zone, zone))
266*0a6a1f1dSLionel Sambuc return id->user;
267ebfedea0SLionel Sambuc }
268ebfedea0SLionel Sambuc return NULL;
269ebfedea0SLionel Sambuc }
270ebfedea0SLionel Sambuc
271ebfedea0SLionel Sambuc IMPLEMENT_STACK_OF(SXNETID)
272*0a6a1f1dSLionel Sambuc
273ebfedea0SLionel Sambuc IMPLEMENT_ASN1_SET_OF(SXNETID)
274