| blob | 684a990a0dac27cbc08f25824a94c78dbb08b6b0 |
1 /**
2 * @file sipe-cert-crypto-openssl.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2013-2017 SIPE Project <http://sipe.sourceforge.net/>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
23 /**
24 * Certificate routines implementation based on OpenSSL.
25 */
27 #include <openssl/bn.h>
28 #include <openssl/evp.h>
29 #include <openssl/rsa.h>
30 #include <openssl/x509.h>
32 #include <time.h>
34 #include <glib.h>
41 };
43 /*
44 * This data structure is used in two different modes
45 *
46 * a) certificate generated by the server from our Certificate Request
47 *
48 * key - reference to client RSA key, don't free!
49 * decoded - certificate as OpenSSL data structure, must be freed
50 * raw - certificate as DER encoded binary, must be freed
51 * length - length of DER binary
52 *
53 * b) server certificate
54 *
55 * key - reference to server public key, must be freed
56 * decoded - certificate as OpenSSL data structure, must be freed
57 * raw - NULL
58 * length - modulus length of server public key
59 */
65 gsize length;
66 };
69 {
72 /* allocate memory for RSA key */
78 /* RSA parameters - should those be configurable? */
80 SIPE_DEBUG_INFO_NOFORMAT("sipe_cert_crypto_init: generate key pair, this might take a while...");
101 }
104 {
109 }
110 }
115 {
136 MBSTRING_ASC,
141 gsize length;
144 /*
145 * Encode into DER format
146 *
147 * NOTE: i2d_X509(a, b) autoincrements b!
148 */
158 }
162 SIPE_DEBUG_ERROR_NOFORMAT("sipe_cert_crypto_request: can't create x509 request data structure");
163 }
168 }
171 }
174 {
178 /* imported server certificate - mode (b) */
185 }
186 }
188 /* generates certificate_openssl in mode (a) */
191 {
195 /* NOTE: d2i_X509(NULL, &in, len) autoincrements "in" */
202 }
207 }
209 /* generates certificate_openssl in mode (b) */
211 gsize length)
212 {
216 /* co->raw not needed as this is a server certificate */
217 /* NOTE: d2i_X509(NULL, in, len) autoincrements "in" */
223 }
230 }
239 }
242 }
245 guint offset)
246 {
253 }
256 {
258 guint min;
259 guint max;
261 /* make sure certificate hasn't expired already */
265 /*
266 * I can't believe this, but it's true...
267 *
268 * OpenSSL doesn't have a public API to convert an ASN1_TIME
269 * to seconds since epoch :-(
270 *
271 * @TODO: latest OpenSSL API has ASN1_TIME_diff()
272 *
273 * <30000 seconds (~8 hours) seems to be the most common expiration
274 * value. Run a bisect to determine the real expiration value.
275 */
287 }
288 }
291 }
294 {
296 }
299 {
301 }
304 {
306 }
309 {
311 }
314 {
316 }
318 /* Create test certificate for internal key pair (ONLY USE FOR TEST CODE!!!) */
320 {
341 MBSTRING_ASC,
353 /*
354 * Encode into DER format
355 *
356 * NOTE: i2d_X509(a, b) autoincrements b!
357 */
365 }
367 SIPE_DEBUG_ERROR_NOFORMAT("sipe_cert_crypto_test_certificate: can't create x509 data structure");
368 }
372 SIPE_DEBUG_ERROR_NOFORMAT("sipe_cert_crypto_test_certificate: can't create private key data structure");
373 }
376 }
378 /*
379 Local Variables:
380 mode: c
381 c-file-style: "bsd"
382 indent-tabs-mode: t
383 tab-width: 8
384 End:
385 */