/** * gnutls_ocsp_req_print: * @req: The data to be printed * @format: Indicate the format to use * @out: Newly allocated datum with (0) terminated string. * * This function will pretty print a OCSP request, suitable for * display to a human. * * If the format is %GNUTLS_OCSP_PRINT_FULL then all fields of the * request will be output, on multiple lines. * * The output @out->data needs to be deallocate using gnutls_free(). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ int gnutls_ocsp_req_print(gnutls_ocsp_req_t req, gnutls_ocsp_print_formats_t format, gnutls_datum_t * out) { gnutls_buffer_st str; int rc; if (format != GNUTLS_OCSP_PRINT_FULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } _gnutls_buffer_init(&str); _gnutls_buffer_append_str(&str, _("OCSP Request Information:\n")); print_req(&str, req); rc = _gnutls_buffer_to_datum(&str, out, 1); if (rc != GNUTLS_E_SUCCESS) { gnutls_assert(); return rc; } return GNUTLS_E_SUCCESS; }
/** * gnutls_ocsp_resp_print: * @resp: The structure to be printed * @format: Indicate the format to use * @out: Newly allocated datum with (0) terminated string. * * This function will pretty print a OCSP response, suitable for * display to a human. * * If the format is %GNUTLS_OCSP_PRINT_FULL then all fields of the * response will be output, on multiple lines. * * The output @out->data needs to be deallocate using gnutls_free(). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ int gnutls_ocsp_resp_print (gnutls_ocsp_resp_t resp, gnutls_ocsp_print_formats_t format, gnutls_datum_t * out) { gnutls_buffer_st str; int rc; _gnutls_buffer_init (&str); _gnutls_buffer_append_str (&str, _("OCSP Response Information:\n")); print_resp (&str, resp, format); _gnutls_buffer_append_data (&str, "\0", 1); rc = _gnutls_buffer_to_datum (&str, out); if (rc != GNUTLS_E_SUCCESS) { gnutls_assert (); return rc; } return GNUTLS_E_SUCCESS; }
/** * gnutls_openpgp_crt_print: * @cert: The structure to be printed * @format: Indicate the format to use * @out: Newly allocated datum with (0) terminated string. * * This function will pretty print an OpenPGP certificate, suitable * for display to a human. * * The format should be (0) for future compatibility. * * The output @out needs to be deallocate using gnutls_free(). * * Returns: %GNUTLS_E_SUCCESS on success, or an error code. **/ int gnutls_openpgp_crt_print(gnutls_openpgp_crt_t cert, gnutls_certificate_print_formats_t format, gnutls_datum_t * out) { gnutls_buffer_st str; int ret; _gnutls_buffer_init(&str); if (format == GNUTLS_CRT_PRINT_ONELINE) print_oneline(&str, cert); else if (format == GNUTLS_CRT_PRINT_COMPACT) { print_oneline(&str, cert); _gnutls_buffer_append_data(&str, "\n", 1); print_key_fingerprint(&str, cert); } else { _gnutls_buffer_append_str(&str, _ ("OpenPGP Certificate Information:\n")); print_cert(&str, cert); } _gnutls_buffer_append_data(&str, "\0", 1); ret = _gnutls_buffer_to_datum(&str, out); if (out->size > 0) out->size--; return ret; }
int _gnutls_x509_get_dn(ASN1_TYPE asn1_struct, const char *asn1_rdn_name, gnutls_datum_t * dn, unsigned flags) { gnutls_buffer_st out_str; int i, k1, result; _gnutls_buffer_init(&out_str); result = asn1_number_of_elements(asn1_struct, asn1_rdn_name, &k1); if (result != ASN1_SUCCESS) { if (result == ASN1_ELEMENT_NOT_FOUND || result == ASN1_VALUE_NOT_FOUND) { result = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); } else { gnutls_assert(); result = _gnutls_asn2err(result); } goto cleanup; } if (k1 == 0) { gnutls_assert(); result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; goto cleanup; } if (flags & GNUTLS_X509_DN_FLAG_COMPAT) { for (i=0;i<k1;i++) { result = append_elements(asn1_struct, asn1_rdn_name, &out_str, i+1, (i==(k1-1))?1:0); if (result < 0) { gnutls_assert(); goto cleanup; } } } else { while (k1 > 0) { result = append_elements(asn1_struct, asn1_rdn_name, &out_str, k1, k1==1?1:0); if (result < 0) { gnutls_assert(); goto cleanup; } k1--; } } return _gnutls_buffer_to_datum(&out_str, dn, 1); cleanup: _gnutls_buffer_clear(&out_str); return result; }
int _gnutls_krb5_der_to_principal(const gnutls_datum_t * der, gnutls_datum_t * name) { int ret, result; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; gnutls_buffer_st str; _gnutls_buffer_init(&str); result = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.KRB5PrincipalName", &c2); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } result = asn1_der_decoding(&c2, der->data, der->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(result); goto cleanup; } ret = principal_to_str(c2, &str); if (ret < 0) { /* for some reason we cannot convert to a human readable string * the principal. Then we use the #HEX format. */ _gnutls_buffer_reset(&str); ret = _gnutls_buffer_append_data(&str, "#", 1); if (ret < 0) { gnutls_assert(); goto cleanup; } _gnutls_buffer_hexprint(&str, der->data, der->size); } asn1_delete_structure(&c2); return _gnutls_buffer_to_datum(&str, name, 1); cleanup: _gnutls_buffer_clear(&str); asn1_delete_structure(&c2); return ret; }
/** * gnutls_certificate_verification_status_print: * @status: The status flags to be printed * @type: The certificate type * @out: Newly allocated datum with (0) terminated string. * @flags: should be zero * * This function will pretty print the status of a verification * process -- eg. the one obtained by gnutls_certificate_verify_peers3(). * * The output @out needs to be deallocated using gnutls_free(). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 3.1.4 **/ int gnutls_certificate_verification_status_print (unsigned int status, gnutls_certificate_type_t type, gnutls_datum_t * out, unsigned int flags) { gnutls_buffer_st str; int ret; _gnutls_buffer_init (&str); if (status == 0) _gnutls_buffer_append_str (&str, _("The certificate is trusted. ")); else _gnutls_buffer_append_str (&str, _("The certificate is NOT trusted. ")); if (type == GNUTLS_CRT_X509) { if (status & GNUTLS_CERT_REVOKED) _gnutls_buffer_append_str (&str, _("The certificate chain is revoked. ")); if (status & GNUTLS_CERT_MISMATCH) _gnutls_buffer_append_str (&str, _("The certificate doesn't match the local copy (TOFU). ")); if (status & GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED) _gnutls_buffer_append_str (&str, _("The revocation data are old and have been superseded. ")); if (status & GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE) _gnutls_buffer_append_str (&str, _("The revocation data are issued with a future date. ")); if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) _gnutls_buffer_append_str (&str, _("The certificate issuer is unknown. ")); if (status & GNUTLS_CERT_SIGNER_NOT_CA) _gnutls_buffer_append_str (&str, _("The certificate issuer is not a CA. ")); } else if (type == GNUTLS_CRT_OPENPGP) { _gnutls_buffer_append_str (&str, _("The certificate is not trusted. ")); if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) _gnutls_buffer_append_str (&str, _("Could not find a signer of the certificate. ")); if (status & GNUTLS_CERT_REVOKED) _gnutls_buffer_append_str (&str, _("The certificate is revoked. ")); } if (status & GNUTLS_CERT_INSECURE_ALGORITHM) _gnutls_buffer_append_str (&str, _("The certificate chain uses insecure algorithm. ")); if (status & GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE) _gnutls_buffer_append_str (&str, _("The certificate chain violates the signer's constraints. ")); if (status & GNUTLS_CERT_NOT_ACTIVATED) _gnutls_buffer_append_str (&str, _("The certificate chain uses not yet valid certificate. ")); if (status & GNUTLS_CERT_EXPIRED) _gnutls_buffer_append_str (&str, _("The certificate chain uses expired certificate. ")); if (status & GNUTLS_CERT_SIGNATURE_FAILURE) _gnutls_buffer_append_str (&str, _("The signature in the certificate is invalid. ")); if (status & GNUTLS_CERT_UNEXPECTED_OWNER) _gnutls_buffer_append_str (&str, _("The name in the certificate does not match the expected. ")); ret = _gnutls_buffer_to_datum( &str, out); if (out->size > 0) out->size--; return ret; }
/* Since auth_info structures contain malloced data, this function * is required in order to pack these structures in a vector in * order to store them to the DB. * * packed_session will contain the session data. * * The data will be in a platform independent format. */ int _gnutls_session_pack (gnutls_session_t session, gnutls_datum_t * packed_session) { int ret; gnutls_buffer_st sb; opaque id; if (packed_session == NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } _gnutls_buffer_init (&sb); id = gnutls_auth_get_type (session); BUFFER_APPEND (&sb, &id, 1); switch (id) { #ifdef ENABLE_SRP case GNUTLS_CRD_SRP: ret = pack_srp_auth_info (session, &sb); if (ret < 0) { gnutls_assert (); return ret; } break; #endif #ifdef ENABLE_PSK case GNUTLS_CRD_PSK: ret = pack_psk_auth_info (session, &sb); if (ret < 0) { gnutls_assert (); return ret; } break; #endif #ifdef ENABLE_ANON case GNUTLS_CRD_ANON: ret = pack_anon_auth_info (session, &sb); if (ret < 0) { gnutls_assert (); return ret; } break; #endif case GNUTLS_CRD_CERTIFICATE: ret = pack_certificate_auth_info (session, &sb); if (ret < 0) { gnutls_assert (); return ret; } break; default: return GNUTLS_E_INTERNAL_ERROR; } /* Auth_info structures copied. Now copy security_parameters_st. * packed_session must have allocated space for the security parameters. */ ret = pack_security_parameters (session, &sb); if (ret < 0) { gnutls_assert (); _gnutls_buffer_clear (&sb); return ret; } ret = _gnutls_ext_pack (session, &sb); if (ret < 0) { gnutls_assert (); _gnutls_buffer_clear (&sb); return ret; } ret = _gnutls_buffer_to_datum (&sb, packed_session); return ret; }
static int encode_tpmkey_url(char **url, const TSS_UUID * uuid, TSS_FLAG storage) { size_t size = (UUID_SIZE * 2 + 4) * 2 + 32; uint8_t u1[UUID_SIZE]; gnutls_buffer_st buf; gnutls_datum_t dret; int ret; *url = gnutls_malloc(size); if (*url == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); _gnutls_buffer_init(&buf); memcpy(u1, &uuid->ulTimeLow, 4); memcpy(&u1[4], &uuid->usTimeMid, 2); memcpy(&u1[6], &uuid->usTimeHigh, 2); u1[8] = uuid->bClockSeqHigh; u1[9] = uuid->bClockSeqLow; memcpy(&u1[10], uuid->rgbNode, 6); ret = _gnutls_buffer_append_str(&buf, "tpmkey:uuid="); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = _gnutls_buffer_append_printf(&buf, "%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x", (unsigned int) u1[0], (unsigned int) u1[1], (unsigned int) u1[2], (unsigned int) u1[3], (unsigned int) u1[4], (unsigned int) u1[5], (unsigned int) u1[6], (unsigned int) u1[7], (unsigned int) u1[8], (unsigned int) u1[9], (unsigned int) u1[10], (unsigned int) u1[11], (unsigned int) u1[12], (unsigned int) u1[13], (unsigned int) u1[14], (unsigned int) u1[15]); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = _gnutls_buffer_append_printf(&buf, ";storage=%s", (storage == TSS_PS_TYPE_USER) ? "user" : "system"); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = _gnutls_buffer_to_datum(&buf, &dret); if (ret < 0) { gnutls_assert(); goto cleanup; } *url = (char *) dret.data; return 0; cleanup: _gnutls_buffer_clear(&buf); return ret; }
int _gnutls_x509_get_dn(ASN1_TYPE asn1_struct, const char *asn1_rdn_name, gnutls_datum_t * dn) { gnutls_buffer_st out_str; int k2, k1, result; char tmpbuffer1[ASN1_MAX_NAME_SIZE]; char tmpbuffer2[ASN1_MAX_NAME_SIZE]; char tmpbuffer3[ASN1_MAX_NAME_SIZE]; uint8_t value[MAX_STRING_LEN]; gnutls_datum_t td = { NULL, 0 }, tvd = { NULL, 0}; const char *ldap_desc; char oid[MAX_OID_SIZE]; int len; _gnutls_buffer_init(&out_str); k1 = 0; do { k1++; /* create a string like "tbsCertList.issuer.rdnSequence.?1" */ if (asn1_rdn_name[0] != 0) snprintf(tmpbuffer1, sizeof(tmpbuffer1), "%s.?%u", asn1_rdn_name, k1); else snprintf(tmpbuffer1, sizeof(tmpbuffer1), "?%u", k1); len = sizeof(value) - 1; result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); if (result == ASN1_ELEMENT_NOT_FOUND) { if (k1 == 1) { gnutls_assert(); result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; goto cleanup; } break; } if (result != ASN1_VALUE_NOT_FOUND) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } k2 = 0; do { /* Move to the attibute type and values */ k2++; if (tmpbuffer1[0] != 0) snprintf(tmpbuffer2, sizeof(tmpbuffer2), "%s.?%u", tmpbuffer1, k2); else snprintf(tmpbuffer2, sizeof(tmpbuffer2), "?%u", k2); /* Try to read the RelativeDistinguishedName attributes. */ len = sizeof(value) - 1; result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len); if (result == ASN1_ELEMENT_NOT_FOUND) break; if (result != ASN1_VALUE_NOT_FOUND) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } /* Read the OID */ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type"); len = sizeof(oid) - 1; result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); if (result == ASN1_ELEMENT_NOT_FOUND) break; else if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } /* Read the Value */ _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".value"); len = 0; result = _gnutls_x509_read_value(asn1_struct, tmpbuffer3, &tvd); if (result < 0) { gnutls_assert(); goto cleanup; } #define STR_APPEND(y) if ((result=_gnutls_buffer_append_str( &out_str, y)) < 0) { \ gnutls_assert(); \ goto cleanup; \ } #define DATA_APPEND(x,y) if ((result=_gnutls_buffer_append_data( &out_str, x,y)) < 0) { \ gnutls_assert(); \ goto cleanup; \ } /* The encodings of adjoining RelativeDistinguishedNames are separated * by a comma character (',' ASCII 44). */ /* Where there is a multi-valued RDN, the outputs from adjoining * AttributeTypeAndValues are separated by a plus ('+' ASCII 43) * character. */ if (k1 != 1) { /* the first time do not append a comma */ if (k2 != 1) { /* adjoining multi-value RDN */ STR_APPEND("+"); } else { STR_APPEND(","); } } ldap_desc = gnutls_x509_dn_oid_name(oid, GNUTLS_X509_DN_OID_RETURN_OID); STR_APPEND(ldap_desc); STR_APPEND("="); result = _gnutls_x509_dn_to_string(oid, tvd.data, tvd.size, &td); if (result < 0) { gnutls_assert(); _gnutls_debug_log ("Cannot parse OID: '%s' with value '%s'\n", oid, _gnutls_bin2hex(tvd.data, tvd.size, tmpbuffer3, sizeof (tmpbuffer3), NULL)); goto cleanup; } DATA_APPEND(td.data, td.size); _gnutls_free_datum(&td); _gnutls_free_datum(&tvd); } while (1); } while (1); result = _gnutls_buffer_to_datum(&out_str, dn, 1); if (result < 0) gnutls_assert(); goto cleanup1; cleanup: _gnutls_buffer_clear(&out_str); cleanup1: _gnutls_free_datum(&td); _gnutls_free_datum(&tvd); return result; }
/** * gnutls_pkcs7_crt_print: * @pkcs7: The PKCS7 struct to be printed * @format: Indicate the format to use * @out: Newly allocated datum with null terminated string. * * This function will pretty print a signed PKCS #7 structure, suitable for * display to a human. * * Currently the supported formats are %GNUTLS_CRT_PRINT_FULL and * %GNUTLS_CRT_PRINT_COMPACT. * * The output @out needs to be deallocated using gnutls_free(). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ int gnutls_pkcs7_print(gnutls_pkcs7_t pkcs7, gnutls_certificate_print_formats_t format, gnutls_datum_t * out) { int count, ret, i; gnutls_pkcs7_signature_info_st info; gnutls_buffer_st str; const char *oid; _gnutls_buffer_init(&str); /* For backwards compatibility with structures using the default OID, * we don't print the eContent Type explicitly */ oid = gnutls_pkcs7_get_embedded_data_oid(pkcs7); if (oid) { if (strcmp(oid, DATA_OID) != 0 && strcmp(oid, DIGESTED_DATA_OID) != 0) { addf(&str, "eContent Type: %s\n", oid); } } for (i = 0;; i++) { if (i == 0) addf(&str, "Signers:\n"); ret = gnutls_pkcs7_get_signature_info(pkcs7, i, &info); if (ret < 0) break; print_pkcs7_info(&info, &str, format); gnutls_pkcs7_signature_info_deinit(&info); } if (format == GNUTLS_CRT_PRINT_FULL) { gnutls_datum_t data, b64; count = gnutls_pkcs7_get_crt_count(pkcs7); if (count > 0) { addf(&str, "Number of certificates: %u\n\n", count); for (i = 0; i < count; i++) { ret = gnutls_pkcs7_get_crt_raw2(pkcs7, i, &data); if (ret < 0) { addf(&str, "Error: cannot print certificate %d\n", i); continue; } ret = gnutls_pem_base64_encode_alloc ("CERTIFICATE", &data, &b64); if (ret < 0) { gnutls_free(data.data); continue; } adds(&str, (char*)b64.data); adds(&str, "\n"); gnutls_free(b64.data); gnutls_free(data.data); } } count = gnutls_pkcs7_get_crl_count(pkcs7); if (count > 0) { addf(&str, "Number of CRLs: %u\n\n", count); for (i = 0; i < count; i++) { ret = gnutls_pkcs7_get_crl_raw2(pkcs7, i, &data); if (ret < 0) { addf(&str, "Error: cannot print certificate %d\n", i); continue; } ret = gnutls_pem_base64_encode_alloc("X509 CRL", &data, &b64); if (ret < 0) { gnutls_free(data.data); continue; } adds(&str, (char*)b64.data); adds(&str, "\n"); gnutls_free(b64.data); gnutls_free(data.data); } } } return _gnutls_buffer_to_datum(&str, out, 1); }