Commit 48e27e21 authored by Jan Včelák's avatar Jan Včelák 🚀 Committed by Daniel Salzman

utils: add cert_get_pin() function

parent 54c46b59
......@@ -433,6 +433,8 @@ src/libknot/yparser/ypscheme.c
src/libknot/yparser/ypscheme.h
src/libknot/yparser/yptrafo.c
src/libknot/yparser/yptrafo.h
src/utils/common/cert.c
src/utils/common/cert.h
src/utils/common/exec.c
src/utils/common/exec.h
src/utils/common/hex.c
......
......@@ -200,6 +200,8 @@ endif
# static: utilities shared
libknotus_la_SOURCES = \
utils/common/cert.c \
utils/common/cert.h \
utils/common/exec.c \
utils/common/exec.h \
utils/common/hex.c \
......
/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <gnutls/abstract.h>
#include <gnutls/crypto.h>
#include "utils/common/cert.h"
#include "libknot/error.h"
static int spki_hash(gnutls_x509_crt_t cert, gnutls_digest_algorithm_t alg,
uint8_t *hash, size_t size)
{
if (!cert || !hash || gnutls_hash_get_len(alg) != size) {
return KNOT_EINVAL;
}
gnutls_pubkey_t key = { 0 };
if (gnutls_pubkey_init(&key) != GNUTLS_E_SUCCESS) {
return KNOT_ENOMEM;
}
if (gnutls_pubkey_import_x509(key, cert, 0) != GNUTLS_E_SUCCESS) {
gnutls_pubkey_deinit(key);
return KNOT_ERROR;
}
gnutls_datum_t der = { 0 };
if (gnutls_pubkey_export2(key, GNUTLS_X509_FMT_DER, &der) != GNUTLS_E_SUCCESS) {
gnutls_pubkey_deinit(key);
return KNOT_ERROR;
}
int ret = gnutls_hash_fast(alg, der.data, der.size, hash);
gnutls_free(der.data);
gnutls_pubkey_deinit(key);
if (ret != GNUTLS_E_SUCCESS) {
return KNOT_ERROR;
}
return KNOT_EOK;
}
int cert_get_pin(gnutls_x509_crt_t cert, uint8_t *pin, size_t size)
{
return spki_hash(cert, GNUTLS_DIG_SHA256, pin, size);
}
/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <gnutls/x509.h>
#include <stdint.h>
#include <stdlib.h>
#define CERT_PIN_LEN 32
/*!
* \brief Get certificate pin value.
*
* The pin is a SHA-256 hash of the X.509 SubjectPublicKeyInfo.
*
* \param[in] crt Certificate.
* \param[out] pin Pin.
* \param[in] size Length of the pin, must be CERT_PIN_LEN.
*
* \return Error code, KNOT_EOK if successful.
*/
int cert_get_pin(gnutls_x509_crt_t crt, uint8_t *pin, size_t size);
......@@ -53,6 +53,7 @@
/rrl
/semantic_check
/server
/utils/test_cert
/utils/test_lookup
/worker_pool
/worker_queue
......
......@@ -47,6 +47,7 @@ check_PROGRAMS += \
check_PROGRAMS += \
modules/online_sign \
utils/test_cert \
utils/test_lookup \
acl \
changeset \
......@@ -82,6 +83,15 @@ utils_test_lookup_LDADD = \
$(top_builddir)/src/libknotus.la \
$(libedit_LIBS)
utils_test_cert_CPPFLAGS = \
$(AM_CPPFLAGS) \
$(libedit_CFLAGS)
utils_test_cert_LDADD = \
$(top_builddir)/libtap/libtap.la \
$(top_builddir)/src/libknotus.la \
$(libedit_LIBS)
CLEANFILES = runtests.log
include $(srcdir)/semantic_check_data/Makefile.inc
......
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment