DataMuseum.dk

Presents historical artifacts from the history of:

DKUUG/EUUG Conference tapes

This is an automatic "excavation" of a thematic subset of
artifacts from Datamuseum.dk's BitArchive.

See our Wiki for more about DKUUG/EUUG Conference tapes

Excavated with: AutoArchaeologist - Free & Open Source Software. 

top - metrics - download
Index: T s

⟦660eae06b⟧ TextFile

    Length: 6160 (0x1810)
    Types: TextFile
    Names: »security.c«

Derivation

└─⟦2d1937cfd⟧ Bits:30007241 EUUGD22: P.P 5.0
    └─⟦35176feda⟧ »EurOpenD22/isode/isode-6.tar.Z« 
        └─⟦de7628f85⟧ 
            └─⟦this⟧ »isode-6.0/quipu/security.c«

TextFile

/* security.c - Check security parameters */

#ifndef	lint
static char *rcsid = "$Header: /f/osi/quipu/RCS/security.c,v 7.1 89/12/19 16:20:47 mrose Exp $";
#endif

/* 
 * $Header: /f/osi/quipu/RCS/security.c,v 7.1 89/12/19 16:20:47 mrose Exp $
 *
 *
 * $Log:	security.c,v $
 * Revision 7.1  89/12/19  16:20:47  mrose
 * sync
 * 
 * Revision 6.0  89/09/08  10:20:02  mrose
 * *** empty log message ***
 * 
 */

/*
 *				  NOTICE
 *
 *    Acquisition, use, and distribution of this module and related
 *    materials are subject to the restrictions of a license agreement.
 *    Consult the Preface in the User's Manual for the full terms of
 *    this agreement.
 *
 */


#include "logger.h"
#include "quipu/ds_error.h"
#include "quipu/commonarg.h"

extern int encode_AF_CertificateToSign();
extern int dn_print();
extern LLog *log_dsap;
#ifndef NO_STATS
extern LLog *log_stat;
#endif

caddr_t compute_signature();
int pe2hash();

/* 
 * Cache holding keys of trusted certification authorities
 */

struct ca_record *ca_key_cache = (struct ca_record *) 0;

/*
 * Cache holding keys of users (untrusted)
 */

struct ca_record *user_key_cache = (struct ca_record *) 0;

/*
 * Own certificate. (For convenient access).
 */

struct certificate *my_certificate = (struct certificate *) 0;

/*
 * RSA secret key.
 */

static caddr_t my_secret_key;
static caddr_t my_key_parms;

struct ca_record *find_user_keyinfo();
struct ca_record *find_ca_keyinfo();

/*
 * Check security parameters - return 0 or the number of the security error.
 */

/* ARGSUSED */
int check_security_parms(data, fnx, sp, sig, nameptr)
caddr_t data;
IFP fnx;
struct security_parms *sp;
struct signature *sig;
DN *nameptr;
{
extern long time();
long time_now;
long time_then;
long delta;

  /* If parameters are present, they must be valid */

  if (sp != (struct security_parms *) 0)
  {
    if (sp->sp_time != NULLCP)
    {
      (void) time(&time_now);
      time_then = gtime(ut2tm(str2utct(sp->sp_time, strlen(sp->sp_time))));
      delta = time_now - time_then;
    }
    else
      delta = 0L;

#ifndef NO_STATS
    DLOG(log_stat, LLOG_NOTICE, 
	("Delay=%D s, protection%s requested, certificate%s present",
		delta, 
		(sp->sp_target == '\0') ? " not" : "",
		(sp->sp_path == (struct certificate_list *) 0) ? " not" : "" 
		));
   /* NB : must use "" rather than NULLCP for the above to work. */
#endif
   }

/* If no signature is provided, nothing else to do */

  if (sig == (struct signature *) 0)
	return (0);

#ifndef NO_STATS
    DLOG(log_stat, LLOG_NOTICE, ("Operation is signed"));
#endif

/* Policy : signed messages must have security parameters present. */
  if (sp == (struct security_parms *) 0)
    return (DSE_SC_INVALIDCREDENTIALS);

/* Policy: signed messages must have a time-stamp. */
  if (sp->sp_time == NULLCP)
    return (DSE_SC_INVALIDCREDENTIALS);

/* Policy: a certification path must be provided. */
  if (sp->sp_path == (struct certificate_list *) 0)
    return (DSE_SC_INVALIDCREDENTIALS);

  return (DSE_SC_AUTHENTICATION);
}


/*
 * Having decided that a CA is trusted (eg. by looking a tailor file),
 * add its key to the cache.
 */

int add_ca_key(str)
char *str;
{
struct key_info key;
DN name;
char *ptr;
OID alg;

  ptr = index(str, '#');
  if (ptr == NULLCP)
    return (NOTOK);
  *ptr = '\0';
  ptr++;
  name = str2dn(str);
  if (name == NULLDN)
  {
    DLOG(log_dsap, LLOG_FATAL, ("Invalid CA name: %s", str));
    return (NOTOK);
  }

  str = ptr;
  ptr = index(str, '#');
  if (ptr == NULLCP)
    return (NOTOK);
  *ptr = '\0';
  ptr++;
  alg = name2oid(str);
  if (alg == NULLOID)
  {
    DLOG(log_dsap, LLOG_FATAL, ("Invalid algorithm: %s", str));
    return (NOTOK);
  }
  key.alg.algorithm = alg;

  str = ptr;
  ptr = index(str, '#');
  if (ptr == NULLCP)
  {
    DLOG(log_dsap, LLOG_FATAL, ("Algorithm parameters missing"));
    return (NOTOK);
  }
  *ptr = '\0';
  ptr++;
  str2alg(str, &(key.alg));

  str = ptr;
  str2encrypted(str, &(key.value), &(key.n_bits));

  return (add_ca_key_aux(name, &key));
}

int add_ca_key_aux(name, key)
DN name;
struct key_info *key;
{
struct ca_record *new;

  pslog(log_dsap, LLOG_NOTICE, "Adding CA:", dn_print, (caddr_t) name);

  new = (struct ca_record *) calloc(1, sizeof(*new));
  if (new == (struct ca_record *) 0)
	return (NOTOK);

  new->name = name;
  bcopy((char *)key, (char *)&(new->key), sizeof(struct key_info));
  new->next = ca_key_cache;
  ca_key_cache = new;

  return (OK);
} 


/* ARGSUSED */
static struct ca_record *find_keyinfo_aux(cache, name)
struct ca_record *cache;
DN name;
{
struct ca_record *ptr;

  ptr = cache;

  while (ptr)
  {
   if (dn_cmp(name, ptr->name) == 0)
     return (ptr);
   ptr = ptr->next;
  }

  return (ptr); /* ie. NULL */
}

struct ca_record *find_user_keyinfo(name)
DN name;
{
  return (find_keyinfo_aux(user_key_cache, name));
}

struct ca_record *find_ca_keyinfo(name)
DN name;
{
  return (find_keyinfo_aux(ca_key_cache, name));
}

/*
 * Read RSA secret key from a file.
 */

/* ARGSUSED */
int set_secret_key(str)
char *str;
{
  return (NOTOK);
}

/*
 * Compute signature. To do this, have to know canonical BER encoding of the
 * data structure. Hence, this routine takes a PEPY-produced encoder as one
 * parameter, and uses it to produce a PE.
 */

struct signature *sign_operation_aux();

/* ARGSUSED */
struct signature *sign_operation(data, encfnx)
caddr_t data;
IFP encfnx;
{
  return sign_operation_aux(data, encfnx, my_secret_key, my_key_parms);
}

/* ARGSUSED */
struct signature *sign_operation_aux(data, encfnx, secret, parms)
caddr_t data;
IFP encfnx;
caddr_t secret;
caddr_t parms;
{
struct signature *result;

  result = (struct signature *)
	calloc(1, sizeof(*result));
  if (result == (struct signature *) 0)
	return (result);

  result->alg.algorithm = name2oid("2.5.8.3.1");		/* sq_mod_n_with_rsa */
  result->alg.p_type = ALG_PARM_NUMERIC;

  result->alg.un.numeric = 512;
  result->encrypted = calloc(64, 1);
  result->n_bits = 512;

  return (result);
}

/* ARGSUSED */
int check_signature(data, fnx, sig, public, parms)
caddr_t data;
IFP fnx;
struct signature *sig;
caddr_t public;
caddr_t parms;
{

  return (NOTOK);
}