Unify PKCS#9 set_attribute* methods to a single add_attribute

This way the PKCS#9 implementation does not have to know the encoding types for values
2025-10-05 00:00:45 -04:00 · 2012-11-23 16:27:31 +01:00 · 2012-11-23 16:27:31 +01:00 · 7f9fedc9bd
commit 7f9fedc9bd
parent c1005c120c
4 changed files with 17 additions and 59 deletions
--- a/src/libstrongswan/crypto/pkcs7.c
+++ b/src/libstrongswan/crypto/pkcs7.c
@ -930,17 +930,16 @@ METHOD(pkcs7_t, build_signedData, bool,
 				return FALSE;
 			}
 			hasher->destroy(hasher);
-			this->attributes->set_attribute(this->attributes,
-									OID_PKCS9_MESSAGE_DIGEST,
-									messageDigest);
-			free(messageDigest.ptr);
+			this->attributes->add_attribute(this->attributes,
+							OID_PKCS9_MESSAGE_DIGEST,
+							asn1_wrap(ASN1_OCTET_STRING, "m", messageDigest));

 			/* take the current time as signingTime */
 			now = time(NULL);
 			signingTime = asn1_from_time(&now, ASN1_UTCTIME);
-			this->attributes->set_attribute_raw(this->attributes,
+			this->attributes->add_attribute(this->attributes,
 									OID_PKCS9_SIGNING_TIME, signingTime);
-			this->attributes->set_attribute_raw(this->attributes,
+			this->attributes->add_attribute(this->attributes,
 									OID_PKCS9_CONTENT_TYPE,
 									asn1_build_known_oid(OID_PKCS7_DATA));

--- a/src/libstrongswan/crypto/pkcs9.c
+++ b/src/libstrongswan/crypto/pkcs9.c
@ -68,32 +68,6 @@ struct attribute_t {
 	chunk_t encoding;
 };

-/**
- * return the ASN.1 encoding of a PKCS#9 attribute
- */
-static asn1_t get_attribute_type(int oid)
-{
-	switch (oid)
-	{
-		case OID_PKCS9_CONTENT_TYPE:
-			return ASN1_OID;
-		case OID_PKCS9_SIGNING_TIME:
-			return ASN1_UTCTIME;
-		case OID_PKI_MESSAGE_TYPE:
-		case OID_PKI_STATUS:
-		case OID_PKI_FAIL_INFO:
-			return ASN1_PRINTABLESTRING;
-		case OID_PKI_SENDER_NONCE:
-		case OID_PKI_RECIPIENT_NONCE:
-		case OID_PKCS9_MESSAGE_DIGEST:
-			return ASN1_OCTET_STRING;
-		case OID_PKI_TRANS_ID:
-			return ASN1_PRINTABLESTRING;
-		default:
-			return ASN1_EOC;
-	}
-}
-
 /**
 * Destroy an attribute_t object.
 */
@ -185,23 +159,14 @@ METHOD(pkcs9_t, get_attribute, chunk_t,
 	return chunk_empty;
 }

-METHOD(pkcs9_t, set_attribute_raw, void,
+METHOD(pkcs9_t, add_attribute, void,
 	private_pkcs9_t *this, int oid, chunk_t value)
 {
-	attribute_t *attribute = attribute_create(oid, value);
-
-	this->attributes->insert_last(this->attributes, attribute);
+	this->attributes->insert_last(this->attributes,
+								  attribute_create(oid, value));
 	chunk_free(&value);
 }

-METHOD(pkcs9_t, set_attribute, void,
-	private_pkcs9_t *this, int oid, chunk_t value)
-{
-	chunk_t attr = asn1_simple_object(get_attribute_type(oid), value);
-
-	set_attribute_raw(this, oid, attr);
-}
-
 METHOD(pkcs9_t, destroy, void,
 	private_pkcs9_t *this)
 {
@ -222,8 +187,7 @@ pkcs9_t *pkcs9_create(void)
 		.public = {
 			.get_encoding = _get_encoding,
 			.get_attribute = _get_attribute,
-			.set_attribute = _set_attribute,
-			.set_attribute_raw = _set_attribute_raw,
+			.add_attribute = _add_attribute,
 			.destroy = _destroy,
 		},
 		.attributes = linked_list_create(),
--- a/src/libstrongswan/crypto/pkcs9.h
+++ b/src/libstrongswan/crypto/pkcs9.h
@ -50,17 +50,9 @@ struct pkcs9_t {
 	 * Adds a PKCS#9 attribute.
 	 *
 	 * @param oid			OID of the attribute
-	 * @param value			value of the attribute (gets cloned)
+	 * @param value			value of the attribute, with ASN1 type (gets owned)
 	 */
-	void (*set_attribute) (pkcs9_t *this, int oid, chunk_t value);
-
-	/**
-	 * Adds a ASN.1 encoded PKCS#9 attribute.
-	 *
-	 * @param oid			OID of the attribute
-	 * @param value			ASN.1 encoded value of the attribute (gets adopted)
-	 */
-	void (*set_attribute_raw) (pkcs9_t *this, int oid, chunk_t value);
+	void (*add_attribute) (pkcs9_t *this, int oid, chunk_t value);

 	/**
 	 * Destroys the PKCS#9 attribute list.
--- a/src/scepclient/scep.c
+++ b/src/scepclient/scep.c
@ -205,7 +205,8 @@ static bool add_senderNonce_attribute(pkcs9_t *pkcs9)
 	}
 	rng->destroy(rng);

-	pkcs9->set_attribute(pkcs9, OID_PKI_SENDER_NONCE, senderNonce);
+	pkcs9->add_attribute(pkcs9, OID_PKI_SENDER_NONCE,
+						 asn1_wrap(ASN1_OCTET_STRING, "c", senderNonce));
 	return TRUE;
 }

@ -232,8 +233,10 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
 	}

 	pkcs9 = pkcs9_create();
-	pkcs9->set_attribute(pkcs9, OID_PKI_TRANS_ID, transID);
-	pkcs9->set_attribute(pkcs9, OID_PKI_MESSAGE_TYPE, msgType);
+	pkcs9->add_attribute(pkcs9, OID_PKI_TRANS_ID,
+						 asn1_wrap(ASN1_PRINTABLESTRING, "c", transID));
+	pkcs9->add_attribute(pkcs9, OID_PKI_MESSAGE_TYPE,
+						 asn1_wrap(ASN1_PRINTABLESTRING, "c", msgType));
 	if (!add_senderNonce_attribute(pkcs9))
 	{
 		pkcs9->destroy(pkcs9);