summaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
authorStef Walter <stefw@gnome.org>2013-03-15 16:24:27 +0100
committerStef Walter <stefw@gnome.org>2013-03-15 18:00:10 +0100
commit29af2c1eeca2fb0257e1172753b129d638472f0f (patch)
tree0d9f46ad34c3055a2cb5e555509e183e8a7d0294 /common
parent2d75eb32793a569dc3de359bb623713c80393d24 (diff)
trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by default
This is what's recommended by the spec, and allows stapled extensions to hang off a predictable CKA_ID. https://bugs.freedesktop.org/show_bug.cgi?id=62329
Diffstat (limited to 'common')
-rw-r--r--common/x509.c22
-rw-r--r--common/x509.h5
2 files changed, 27 insertions, 0 deletions
diff --git a/common/x509.c b/common/x509.c
index f86d2b3..ae1c810 100644
--- a/common/x509.c
+++ b/common/x509.c
@@ -36,6 +36,7 @@
#include "asn1.h"
#define P11_DEBUG_FLAG P11_DEBUG_TRUST
+#include "checksum.h"
#include "debug.h"
#include "oid.h"
#include "utf8.h"
@@ -104,6 +105,27 @@ p11_x509_find_extension (node_asn *cert,
}
bool
+p11_x509_calc_keyid (node_asn *cert,
+ const unsigned char *der,
+ size_t der_len,
+ unsigned char *keyid)
+{
+ int start, end;
+ int ret;
+
+ return_val_if_fail (cert != NULL, NULL);
+ return_val_if_fail (der != NULL, NULL);
+ return_val_if_fail (keyid != NULL, NULL);
+
+ ret = asn1_der_decoding_startEnd (cert, der, der_len, "tbsCertificate.subjectPublicKeyInfo", &start, &end);
+ return_val_if_fail (ret == ASN1_SUCCESS, false);
+ return_val_if_fail (end >= start, false);
+
+ p11_checksum_sha1 (keyid, (der + start), (end - start) + 1, NULL);
+ return true;
+}
+
+bool
p11_x509_parse_basic_constraints (p11_dict *asn1_defs,
const unsigned char *ext_der,
size_t ext_len,
diff --git a/common/x509.h b/common/x509.h
index cbfc574..af91c28 100644
--- a/common/x509.h
+++ b/common/x509.h
@@ -46,6 +46,11 @@ unsigned char * p11_x509_find_extension (node_asn *cert,
size_t der_len,
size_t *ext_len);
+bool p11_x509_calc_keyid (node_asn *cert,
+ const unsigned char *der,
+ size_t der_len,
+ unsigned char *keyid);
+
bool p11_x509_parse_basic_constraints (p11_dict *asn1_defs,
const unsigned char *ext_der,
size_t ext_len,