security-and-privacy/uts-server
security-and-privacy/uts-server
1
0
Fork 0
mirror of https://github.com/kakwa/uts-server synced 2025-01-09 21:24:29 +01:00
Code Issues Releases Wiki Activity

adding creation for the ts context

Browse Source
This commit is contained in:
kakwa 2016-08-26 01:28:34 +02:00
parent 6066e93bb2
commit ed74ddb981
7 changed files with 64 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conf/uts-server.cnf
View File

@ -93,7 +93,7 @@ default_tsa = tsa_config1 # the default TSA section
# These are used by the TSA reply generation only. # These are used by the TSA reply generation only.
dir = ./demoCA # TSA root directory dir = ./demoCA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory) serial = ./tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional) # (optional)

1
inc/context.h
View File

@ -20,6 +20,7 @@ typedef struct {
TS_RESP_CTX *resp_ctx; TS_RESP_CTX *resp_ctx;
int loglevel; int loglevel;
const char *http_options[40]; const char *http_options[40];
TS_RESP_CTX *ts_ctx;
} rfc3161_context; } rfc3161_context;
struct rfc3161_option { struct rfc3161_option {

12
inc/rfc3161.h
View File

@ -14,6 +14,11 @@
/* Name of config entry that defines the OID file. */ /* Name of config entry that defines the OID file. */
#define ENV_OID_FILE "oid_file" #define ENV_OID_FILE "oid_file"
#define B_FORMAT_TEXT 0x8000
#define FORMAT_UNDEF 0
#define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
#define FORMAT_ASN1 4 /* ASN.1/DER */
static ASN1_OBJECT *txt2obj(const char *oid); static ASN1_OBJECT *txt2obj(const char *oid);
/* Reply related functions. */ /* Reply related functions. */
@ -30,9 +35,4 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data); static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
static ASN1_INTEGER *next_serial(const char *serialfile); static ASN1_INTEGER *next_serial(const char *serialfile);
static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
TS_RESP_CTX *create_tsctx(CONF *conf, const char *section, const char *policy);
#define B_FORMAT_TEXT 0x8000
#define FORMAT_UNDEF 0
#define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
#define FORMAT_ASN1 4 /* ASN.1/DER */

1
inc/utils.h
View File

@ -1,4 +1,5 @@
#include "context.h" #include "context.h"
#include "rfc3161.h"
void skeleton_daemon(); void skeleton_daemon();
void logger(rfc3161_context *ct, int priority, char *fmt, ...); void logger(rfc3161_context *ct, int priority, char *fmt, ...);

3
src/lib/http.c
View File

@ -107,7 +107,8 @@ int http_server_start(char *conffile, bool stdout_dbg) {
rfc3161_context *ct = (rfc3161_context *)calloc(1, sizeof(rfc3161_context)); rfc3161_context *ct = (rfc3161_context *)calloc(1, sizeof(rfc3161_context));
ct->stdout_dbg = stdout_dbg; ct->stdout_dbg = stdout_dbg;
ct->loglevel = 8; ct->loglevel = 8;
set_params(ct, conffile); if (!set_params(ct, conffile))
return 1;
// Prepare callbacks structure. We have only one callback, the rest are // Prepare callbacks structure. We have only one callback, the rest are
// NULL. // NULL.

49
src/lib/rfc3161.c
View File

@ -12,7 +12,6 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <stdbool.h> #include <stdbool.h>
#include "utils.h"
#include <sys/syslog.h> #include <sys/syslog.h>
#include <openssl/bio.h> #include <openssl/bio.h>
#include <openssl/err.h> #include <openssl/err.h>
@ -20,6 +19,7 @@
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/ts.h> #include <openssl/ts.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#include "rfc3161.h"
/* Name of config entry that defines the OID file. */ /* Name of config entry that defines the OID file. */
#define ENV_OID_FILE "oid_file" #define ENV_OID_FILE "oid_file"
@ -198,6 +198,53 @@ end:
return resp; return resp;
} }
TS_RESP_CTX *create_tsctx(CONF *conf, const char *section, const char *policy) {
int ret = 0;
TS_RESP_CTX *resp_ctx = NULL;
if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL)
goto end;
if ((resp_ctx = TS_RESP_CTX_new()) == NULL)
goto end;
if (!TS_CONF_set_serial(conf, section, NULL, resp_ctx))
goto end;
if (!TS_CONF_set_crypto_device(conf, section, NULL))
goto end;
if (!TS_CONF_set_signer_cert(conf, section, NULL, resp_ctx))
goto end;
if (!TS_CONF_set_certs(conf, section, NULL, resp_ctx))
goto end;
if (!TS_CONF_set_signer_key(conf, section, NULL, NULL, resp_ctx))
goto end;
// if (md) {
// if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md))
// goto end;
// } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) {
// goto end;
// }
if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx))
goto end;
if (!TS_CONF_set_policies(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_digests(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_accuracy(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_ordering(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_tsa_name(conf, section, resp_ctx))
goto end;
if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx))
goto end;
ret = 1;
end:
return resp_ctx;
}
static TS_RESP *create_response(CONF *conf, const char *section, char *engine, static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
char *query, char *passin, char *inkey, char *query, char *passin, char *inkey,
const EVP_MD *md, char *signer, char *chain, const EVP_MD *md, char *signer, char *chain,

9
src/lib/utils.c
View File

@ -9,10 +9,8 @@
#include <openssl/bio.h> #include <openssl/bio.h>
#include <errno.h> #include <errno.h>
#include <string.h> #include <string.h>
#include "context.h"
#include <syslog.h> #include <syslog.h>
#include "utils.h"
#define FORMAT_TEXT 1
typedef struct _code { typedef struct _code {
char *c_name; char *c_name;
@ -239,7 +237,10 @@ int set_params(rfc3161_context *ct, char *conf_file) {
} }
ct->http_options[http_counter] = NULL; ct->http_options[http_counter] = NULL;
} }
// device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE);
ct->ts_ctx = create_tsctx(conf, "tsa", NULL);
if (ct->ts_ctx == NULL)
ret = 0;
return ret; return ret;
end: end: