From b781feb4871d9428d1e6f243f3b72f5aa0844964 Mon Sep 17 00:00:00 2001 From: Tobias Fella Date: Thu, 2 Nov 2023 14:34:18 +0100 Subject: dirmngr: Add timestamp / RFC3161 client * dirmngr/rfc3161.c: Add rfc3161 implementation. * dirmngr/rfc3161.h: Add rfc3161 header. * dirmngr/Makefile.am: Add new file to makefile. * dirmngr/dirmngr.h: Add tsa responder url option. * dirmngr/dirmngr.c: Add tsa responder url option. * dirmngr/server.c: Add assuan call to request a timestamp. --- dirmngr/server.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'dirmngr/server.c') diff --git a/dirmngr/server.c b/dirmngr/server.c index 1dbc87878..db77116b1 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -64,6 +64,7 @@ #include "../common/mbox-util.h" #include "../common/zb32.h" #include "../common/server-help.h" +#include "rfc3161.h" /* To avoid DoS attacks we limit the size of a certificate to something reasonable. The DoS was actually only an issue back when @@ -655,6 +656,29 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) return err; } +static gpg_error_t +cmd_tsa (assuan_context_t ctx, char *line) +{ + gpg_error_t err = 0; + unsigned char *digest; + ksba_cms_t cms; + ctrl_t ctrl = assuan_get_pointer(ctx); + gcry_md_hd_t hd; + const char *oid = "2.16.840.1.101.3.4.2.1"; + gcry_md_open(&hd, gcry_md_map_name(oid), 0); + gcry_md_write(hd, line, strlen(line)); + digest = gcry_md_read(hd, 0); + err = dirmngr_get_timestamp(ctrl, oid, digest, 32, &cms); + if (err) + goto leave; + gnupg_isotime_t time; + ksba_cms_get_signing_time(cms, 0, &time); + ksba_cms_release(cms); +leave: + gcry_md_close(hd); + return leave_cmd (ctx, 0); +} + static const char hlp_dns_cert[] = @@ -3049,6 +3073,7 @@ register_commands (assuan_context_t ctx) assuan_handler_t handler; const char * const help; } table[] = { + { "TSA", cmd_tsa, hlp_dns_cert }, { "DNS_CERT", cmd_dns_cert, hlp_dns_cert }, { "WKD_GET", cmd_wkd_get, hlp_wkd_get }, { "LDAPSERVER", cmd_ldapserver, hlp_ldapserver }, -- cgit v1.2.3