create algorithmIdentifier dynamically from OID database

src/libstrongswan/asn1/asn1.c

@@ -38,151 +38,14 @@ const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str);
 const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str);
 const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str);
 
-/**
- * some popular algorithmIdentifiers
- */
-
-static u_char ASN1_md2_id_str[] = {
-	0x30, 0x0c,
-		  0x06, 0x08,
-				0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02,
-		  0x05,0x00,
-};
-
-static u_char ASN1_md5_id_str[] = {
-	0x30, 0x0C,
-		  0x06, 0x08,
-				0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
-		  0x05, 0x00
-};
-
-static u_char ASN1_sha1_id_str[] = {
-	0x30, 0x09,
-		  0x06, 0x05,
-				0x2B, 0x0E,0x03, 0x02, 0x1A,
-		  0x05, 0x00
-};
-
-static u_char ASN1_sha256_id_str[] = {
-	0x30, 0x0d,
-		  0x06, 0x09,
-				0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
-		  0x05, 0x00
-};
-
-static u_char ASN1_sha384_id_str[] = {
-	0x30, 0x0d,
-		  0x06, 0x09,
-				0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
-		  0x05, 0x00
-};
-
-static u_char ASN1_sha512_id_str[] = {
-	0x30, 0x0d,
-		  0x06, 0x09,
-				0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
-		  0x05,0x00
-};
-
-static u_char ASN1_md2WithRSA_id_str[] = {
-	0x30, 0x0D,
-		  0x06, 0x09,
-				0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02,
-		  0x05, 0x00
-};
-
-static u_char ASN1_md5WithRSA_id_str[] = {
-	0x30, 0x0D,
-		  0x06, 0x09,
-				0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04,
-		  0x05, 0x00
-};
-
-static u_char ASN1_sha1WithRSA_id_str[] = {
-	0x30, 0x0D,
-		  0x06, 0x09,
-				0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
-		  0x05, 0x00
-};
-
-static u_char ASN1_sha256WithRSA_id_str[] = {
-	0x30, 0x0D,
-		  0x06, 0x09,
-				0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
-		  0x05, 0x00
-};
-
-static u_char ASN1_sha384WithRSA_id_str[] = {
-	0x30, 0x0D,
-		  0x06, 0x09,
-				0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C,
-		  0x05, 0x00
-};
-
-static u_char ASN1_sha512WithRSA_id_str[] = {
-	0x30, 0x0D,
-		  0x06, 0x09,
-				0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D,
-		  0x05, 0x00
-};
-
-static u_char ASN1_rsaEncryption_id_str[] = {
-	0x30, 0x0D,
-		  0x06, 0x09,
-				0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
-		  0x05, 0x00
-};
-
-static const chunk_t ASN1_md2_id    = chunk_from_buf(ASN1_md2_id_str);
-static const chunk_t ASN1_md5_id    = chunk_from_buf(ASN1_md5_id_str);
-static const chunk_t ASN1_sha1_id   = chunk_from_buf(ASN1_sha1_id_str);
-static const chunk_t ASN1_sha256_id = chunk_from_buf(ASN1_sha256_id_str);
-static const chunk_t ASN1_sha384_id = chunk_from_buf(ASN1_sha384_id_str);
-static const chunk_t ASN1_sha512_id = chunk_from_buf(ASN1_sha512_id_str);
-static const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str);
-static const chunk_t ASN1_md2WithRSA_id = chunk_from_buf(ASN1_md2WithRSA_id_str);
-static const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str);
-static const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str);
-static const chunk_t ASN1_sha256WithRSA_id = chunk_from_buf(ASN1_sha256WithRSA_id_str);
-static const chunk_t ASN1_sha384WithRSA_id = chunk_from_buf(ASN1_sha384WithRSA_id_str);
-static const chunk_t ASN1_sha512WithRSA_id = chunk_from_buf(ASN1_sha512WithRSA_id_str);
-
 /*
  * Defined in header.
  */
 chunk_t asn1_algorithmIdentifier(int oid)
 {
-	switch (oid)
-	{
-		case OID_RSA_ENCRYPTION:
-			return ASN1_rsaEncryption_id;
-		case OID_MD2_WITH_RSA:
-			return ASN1_md2WithRSA_id;
-		case OID_MD5_WITH_RSA:
-			return ASN1_md5WithRSA_id;
-		case OID_SHA1_WITH_RSA:
-			return ASN1_sha1WithRSA_id;
-		case OID_SHA256_WITH_RSA:
-			return ASN1_sha256WithRSA_id;
-		case OID_SHA384_WITH_RSA:
-			return ASN1_sha384WithRSA_id;
-		case OID_SHA512_WITH_RSA:
-			return ASN1_sha512WithRSA_id;
-		case OID_MD2:
-			return ASN1_md2_id;
-		case OID_MD5:
-			return ASN1_md5_id;
-		case OID_SHA1:
-			return ASN1_sha1_id;
-		case OID_SHA256:
-			return ASN1_sha256_id;
-		case OID_SHA384:
-			return ASN1_sha384_id;
-		case OID_SHA512:
-			return ASN1_sha512_id;
-		default:
-			return chunk_empty;
-	}
+	return asn1_wrap(ASN1_SEQUENCE, "mm",
+					asn1_build_known_oid(oid),
+					asn1_wrap(ASN1_NULL, ""));
 }
 
 /*

src/libstrongswan/asn1/asn1.h

@@ -92,10 +92,10 @@ extern const chunk_t ASN1_INTEGER_2;
 /** Some ASN.1 analysis functions */
 
 /**
- * Returns some popular algorithmIdentifiers
+ * Build an algorithmIdentifier from a known OID.
  *
  * @param oid		known OID index
- * @return			body of the corresponding OID
+ * @return			body of the corresponding OID, allocated
  */
 chunk_t asn1_algorithmIdentifier(int oid);
 

src/libstrongswan/crypto/pkcs7.c

@@ -828,7 +828,7 @@ bool build_envelopedData(private_pkcs7_t *this, x509_t *cert,
 
 		encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m", wrappedKey);
 
-		recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm",
+		recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmmm",
 					ASN1_INTEGER_0,
 					pkcs7_build_issuerAndSerialNumber(cert),
 					asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
@@ -910,7 +910,7 @@ bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key,
 		encryptedDigest = asn1_wrap(ASN1_OCTET_STRING, "m", encryptedDigest);
 	}
 
-	signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm",
+	signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmmmmm",
 					ASN1_INTEGER_1,
 					pkcs7_build_issuerAndSerialNumber(cert),
 					asn1_algorithmIdentifier(signature_oid),
@@ -931,7 +931,7 @@ bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key,
 
 	this->content = asn1_wrap(ASN1_SEQUENCE, "cmcmm",
 			ASN1_INTEGER_1,
-			asn1_simple_object(ASN1_SET, asn1_algorithmIdentifier(signature_oid)),
+			asn1_wrap(ASN1_SET, "m", asn1_algorithmIdentifier(signature_oid)),
 			this->data,
 			asn1_simple_object(ASN1_CONTEXT_C_0, cert->get_certificate(cert)),
 			asn1_wrap(ASN1_SET, "m", signerInfo));

src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c

@@ -232,7 +232,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
 		hasher->destroy(hasher);
 	
 		/* build DER-encoded digestInfo */
-		digestInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+		digestInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
 						asn1_algorithmIdentifier(hash_oid),
 						asn1_simple_object(ASN1_OCTET_STRING, hash)
 					  );

src/libstrongswan/plugins/x509/x509_ac.c

@@ -616,7 +616,7 @@ static chunk_t build_extensions(private_x509_ac_t *this)
  */
 static chunk_t build_attr_cert_info(private_x509_ac_t *this)
 {
-	return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm",
+	return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmm",
 				ASN1_INTEGER_1,
 				build_holder(this),
 				build_v2_form(this),
@@ -641,7 +641,7 @@ static chunk_t build_ac(private_x509_ac_t *this)
 	this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1,
 						  attributeCertificateInfo, &signatureValue);
 
-	return asn1_wrap(ASN1_SEQUENCE, "mcm",
+	return asn1_wrap(ASN1_SEQUENCE, "mmm",
 				attributeCertificateInfo,
 				asn1_algorithmIdentifier(OID_SHA1_WITH_RSA),
 				asn1_bitstring("m", signatureValue));

src/libstrongswan/plugins/x509/x509_cert.c

@@ -1259,7 +1259,7 @@ static bool generate(private_builder_t *this)
 			{
 				return FALSE;
 			}
-			key_info = asn1_wrap(ASN1_SEQUENCE, "cm",
+			key_info = asn1_wrap(ASN1_SEQUENCE, "mm",
 							asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
 							asn1_bitstring("m", key));
 			break;
@@ -1272,7 +1272,7 @@ static bool generate(private_builder_t *this)
 		/* TODO: encode subjectAltNames */
 	}
 	
-	this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmccmcmm", 
+	this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm", 
 		asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2),
 		asn1_integer("c", this->cert->serialNumber),
 		asn1_algorithmIdentifier(this->cert->algorithm),
@@ -1288,7 +1288,7 @@ static bool generate(private_builder_t *this)
 	{
 		return FALSE;
 	}
-	this->cert->encoding = asn1_wrap(ASN1_SEQUENCE, "ccm",
+	this->cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm",
 								this->cert->tbsCertificate,
 								asn1_algorithmIdentifier(this->cert->algorithm),
 								asn1_bitstring("c", this->cert->signature));

src/libstrongswan/plugins/x509/x509_ocsp_request.c

@@ -133,7 +133,7 @@ static chunk_t build_Request(private_x509_ocsp_request_t *this,
 							 chunk_t serialNumber)
 {
 	return asn1_wrap(ASN1_SEQUENCE, "m",
-				asn1_wrap(ASN1_SEQUENCE, "cmmm",
+				asn1_wrap(ASN1_SEQUENCE, "mmmm",
 					asn1_algorithmIdentifier(OID_SHA1),
 					asn1_simple_object(ASN1_OCTET_STRING, issuerNameHash),
 					asn1_simple_object(ASN1_OCTET_STRING, issuerKeyHash),

src/pluto/ocsp.c

@@ -762,7 +762,7 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc)
 	/* according to PKCS#1 v2.1 digest must be packaged into
 	 * an ASN.1 structure for encryption
 	 */
-	digest_info = asn1_wrap(ASN1_SEQUENCE, "cm"
+	digest_info = asn1_wrap(ASN1_SEQUENCE, "mm"
 		, asn1_algorithmIdentifier(OID_SHA1)
 		, asn1_simple_object(ASN1_OCTET_STRING, digest));
 
@@ -811,7 +811,7 @@ static chunk_t build_signature(chunk_t tbsRequest)
 
 	/* build signature comprising algorithm, signature and cert */
 	return asn1_wrap(ASN1_CONTEXT_C_0, "m"
-				, asn1_wrap(ASN1_SEQUENCE, "cmm"
+				, asn1_wrap(ASN1_SEQUENCE, "mmm"
 					, asn1_algorithmIdentifier(OID_SHA1_WITH_RSA)
 					, sigdata
 					, certs
@@ -825,7 +825,7 @@ static chunk_t build_signature(chunk_t tbsRequest)
  */
 static chunk_t build_request(ocsp_location_t *location, ocsp_certinfo_t *certinfo)
 {
-	chunk_t reqCert = asn1_wrap(ASN1_SEQUENCE, "cmmm"
+	chunk_t reqCert = asn1_wrap(ASN1_SEQUENCE, "mmmm"
 				, asn1_algorithmIdentifier(OID_SHA1)
 				, asn1_simple_object(ASN1_OCTET_STRING, location->authNameID)
 				, asn1_simple_object(ASN1_OCTET_STRING, location->authKeyID)

src/pluto/pkcs7.c

@@ -673,8 +673,6 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
 	contentInfo_t pkcs7Data, signedData;
 	chunk_t authenticatedAttributes, encryptedDigest, signerInfo, cInfo;
 
-	chunk_t digestAlgorithm = asn1_algorithmIdentifier(digest_alg);
-
 	if (attributes.ptr != NULL)
 	{
 		encryptedDigest = x509_build_signature(attributes, digest_alg, key,
@@ -689,10 +687,10 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
 		authenticatedAttributes = chunk_empty;
 	}
 
-	signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm"
+	signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmmmmm"
 				, ASN1_INTEGER_1
 				, pkcs7_build_issuerAndSerialNumber(cert)
-				, digestAlgorithm
+				, asn1_algorithmIdentifier(digest_alg)
 				, authenticatedAttributes
 				, asn1_algorithmIdentifier(OID_RSA_ENCRYPTION)
 				, encryptedDigest);
@@ -704,7 +702,7 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
 	signedData.type = OID_PKCS7_SIGNED_DATA;
 	signedData.content = asn1_wrap(ASN1_SEQUENCE, "cmmmm"
 				, ASN1_INTEGER_1
-				, asn1_simple_object(ASN1_SET, digestAlgorithm)
+				, asn1_wrap(ASN1_SET, "m", asn1_algorithmIdentifier(digest_alg))
 				, pkcs7_build_contentInfo(&pkcs7Data)
 				, asn1_simple_object(ASN1_CONTEXT_C_0, cert->certificate)
 				, asn1_wrap(ASN1_SET, "m", signerInfo));
@@ -792,7 +790,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int enc_
 		chunk_t encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m"
 					, protectedKey);
 
-		chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm"
+		chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmmm"
 					, ASN1_INTEGER_0
 					, pkcs7_build_issuerAndSerialNumber(cert)
 					, asn1_algorithmIdentifier(OID_RSA_ENCRYPTION)

src/pluto/x509.c

@@ -1126,7 +1126,7 @@ static chunk_t build_tbs_x509cert(x509cert_t *cert, public_key_t *rsa)
 
 	rsa->get_encoding(rsa, KEY_PUB_ASN1_DER, &key);
 
-	chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+	chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
 							asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), 
 							asn1_bitstring("m", key));
 
@@ -1137,7 +1137,7 @@ static chunk_t build_tbs_x509cert(x509cert_t *cert, public_key_t *rsa)
 				, build_subjectAltNames(cert->subjectAltName)));
 	}
 
-	return asn1_wrap(ASN1_SEQUENCE, "mmccmcmm"
+	return asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm"
 				, version
 				, asn1_integer("c", cert->serialNumber)
 				, asn1_algorithmIdentifier(cert->sigAlg)
@@ -1163,7 +1163,7 @@ void build_x509cert(x509cert_t *cert, public_key_t *cert_key,
 	chunk_t signature = x509_build_signature(tbs_cert, cert->sigAlg
 								, signer_key, TRUE);
 
-	cert->certificate = asn1_wrap(ASN1_SEQUENCE, "mcm"
+	cert->certificate = asn1_wrap(ASN1_SEQUENCE, "mmm"
 								, tbs_cert
 								, asn1_algorithmIdentifier(cert->sigAlg)
 								, signature);

src/scepclient/pkcs10.c

@@ -161,7 +161,7 @@ pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg)
 	
 	pkcs10->public_key->get_encoding(pkcs10->public_key, KEY_PUB_ASN1_DER, &key);
 	
-	chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+	chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
 							asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), 
 							asn1_bitstring("m", key));
 
@@ -174,7 +174,7 @@ pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg)
 	chunk_t signature = x509_build_signature(cert_req_info, signature_alg,
 											 pkcs10->private_key, TRUE);
 
-	return asn1_wrap(ASN1_SEQUENCE, "mcm",
+	return asn1_wrap(ASN1_SEQUENCE, "mmm",
 				cert_req_info,
 				asn1_algorithmIdentifier(signature_alg),
 				signature);

src/scepclient/scep.c

@@ -294,7 +294,7 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
 	
 	key->get_encoding(key, KEY_PUB_ASN1_DER, &keyEncoding);
 	
-	keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+	keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
 						asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), 
 						asn1_bitstring("m", keyEncoding));