create algorithmIdentifier dynamically from OID database
This commit is contained in:
parent
c03b095ebe
commit
eb73685dac
|
@ -38,151 +38,14 @@ const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str);
|
|||
const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str);
|
||||
const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str);
|
||||
|
||||
/**
|
||||
* some popular algorithmIdentifiers
|
||||
*/
|
||||
|
||||
static u_char ASN1_md2_id_str[] = {
|
||||
0x30, 0x0c,
|
||||
0x06, 0x08,
|
||||
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02,
|
||||
0x05,0x00,
|
||||
};
|
||||
|
||||
static u_char ASN1_md5_id_str[] = {
|
||||
0x30, 0x0C,
|
||||
0x06, 0x08,
|
||||
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
|
||||
0x05, 0x00
|
||||
};
|
||||
|
||||
static u_char ASN1_sha1_id_str[] = {
|
||||
0x30, 0x09,
|
||||
0x06, 0x05,
|
||||
0x2B, 0x0E,0x03, 0x02, 0x1A,
|
||||
0x05, 0x00
|
||||
};
|
||||
|
||||
static u_char ASN1_sha256_id_str[] = {
|
||||
0x30, 0x0d,
|
||||
0x06, 0x09,
|
||||
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
|
||||
0x05, 0x00
|
||||
};
|
||||
|
||||
static u_char ASN1_sha384_id_str[] = {
|
||||
0x30, 0x0d,
|
||||
0x06, 0x09,
|
||||
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
|
||||
0x05, 0x00
|
||||
};
|
||||
|
||||
static u_char ASN1_sha512_id_str[] = {
|
||||
0x30, 0x0d,
|
||||
0x06, 0x09,
|
||||
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
|
||||
0x05,0x00
|
||||
};
|
||||
|
||||
static u_char ASN1_md2WithRSA_id_str[] = {
|
||||
0x30, 0x0D,
|
||||
0x06, 0x09,
|
||||
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02,
|
||||
0x05, 0x00
|
||||
};
|
||||
|
||||
static u_char ASN1_md5WithRSA_id_str[] = {
|
||||
0x30, 0x0D,
|
||||
0x06, 0x09,
|
||||
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04,
|
||||
0x05, 0x00
|
||||
};
|
||||
|
||||
static u_char ASN1_sha1WithRSA_id_str[] = {
|
||||
0x30, 0x0D,
|
||||
0x06, 0x09,
|
||||
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
|
||||
0x05, 0x00
|
||||
};
|
||||
|
||||
static u_char ASN1_sha256WithRSA_id_str[] = {
|
||||
0x30, 0x0D,
|
||||
0x06, 0x09,
|
||||
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
|
||||
0x05, 0x00
|
||||
};
|
||||
|
||||
static u_char ASN1_sha384WithRSA_id_str[] = {
|
||||
0x30, 0x0D,
|
||||
0x06, 0x09,
|
||||
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C,
|
||||
0x05, 0x00
|
||||
};
|
||||
|
||||
static u_char ASN1_sha512WithRSA_id_str[] = {
|
||||
0x30, 0x0D,
|
||||
0x06, 0x09,
|
||||
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D,
|
||||
0x05, 0x00
|
||||
};
|
||||
|
||||
static u_char ASN1_rsaEncryption_id_str[] = {
|
||||
0x30, 0x0D,
|
||||
0x06, 0x09,
|
||||
0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
|
||||
0x05, 0x00
|
||||
};
|
||||
|
||||
static const chunk_t ASN1_md2_id = chunk_from_buf(ASN1_md2_id_str);
|
||||
static const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str);
|
||||
static const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str);
|
||||
static const chunk_t ASN1_sha256_id = chunk_from_buf(ASN1_sha256_id_str);
|
||||
static const chunk_t ASN1_sha384_id = chunk_from_buf(ASN1_sha384_id_str);
|
||||
static const chunk_t ASN1_sha512_id = chunk_from_buf(ASN1_sha512_id_str);
|
||||
static const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str);
|
||||
static const chunk_t ASN1_md2WithRSA_id = chunk_from_buf(ASN1_md2WithRSA_id_str);
|
||||
static const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str);
|
||||
static const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str);
|
||||
static const chunk_t ASN1_sha256WithRSA_id = chunk_from_buf(ASN1_sha256WithRSA_id_str);
|
||||
static const chunk_t ASN1_sha384WithRSA_id = chunk_from_buf(ASN1_sha384WithRSA_id_str);
|
||||
static const chunk_t ASN1_sha512WithRSA_id = chunk_from_buf(ASN1_sha512WithRSA_id_str);
|
||||
|
||||
/*
|
||||
* Defined in header.
|
||||
*/
|
||||
chunk_t asn1_algorithmIdentifier(int oid)
|
||||
{
|
||||
switch (oid)
|
||||
{
|
||||
case OID_RSA_ENCRYPTION:
|
||||
return ASN1_rsaEncryption_id;
|
||||
case OID_MD2_WITH_RSA:
|
||||
return ASN1_md2WithRSA_id;
|
||||
case OID_MD5_WITH_RSA:
|
||||
return ASN1_md5WithRSA_id;
|
||||
case OID_SHA1_WITH_RSA:
|
||||
return ASN1_sha1WithRSA_id;
|
||||
case OID_SHA256_WITH_RSA:
|
||||
return ASN1_sha256WithRSA_id;
|
||||
case OID_SHA384_WITH_RSA:
|
||||
return ASN1_sha384WithRSA_id;
|
||||
case OID_SHA512_WITH_RSA:
|
||||
return ASN1_sha512WithRSA_id;
|
||||
case OID_MD2:
|
||||
return ASN1_md2_id;
|
||||
case OID_MD5:
|
||||
return ASN1_md5_id;
|
||||
case OID_SHA1:
|
||||
return ASN1_sha1_id;
|
||||
case OID_SHA256:
|
||||
return ASN1_sha256_id;
|
||||
case OID_SHA384:
|
||||
return ASN1_sha384_id;
|
||||
case OID_SHA512:
|
||||
return ASN1_sha512_id;
|
||||
default:
|
||||
return chunk_empty;
|
||||
}
|
||||
return asn1_wrap(ASN1_SEQUENCE, "mm",
|
||||
asn1_build_known_oid(oid),
|
||||
asn1_wrap(ASN1_NULL, ""));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -92,10 +92,10 @@ extern const chunk_t ASN1_INTEGER_2;
|
|||
/** Some ASN.1 analysis functions */
|
||||
|
||||
/**
|
||||
* Returns some popular algorithmIdentifiers
|
||||
* Build an algorithmIdentifier from a known OID.
|
||||
*
|
||||
* @param oid known OID index
|
||||
* @return body of the corresponding OID
|
||||
* @return body of the corresponding OID, allocated
|
||||
*/
|
||||
chunk_t asn1_algorithmIdentifier(int oid);
|
||||
|
||||
|
|
|
@ -828,7 +828,7 @@ bool build_envelopedData(private_pkcs7_t *this, x509_t *cert,
|
|||
|
||||
encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m", wrappedKey);
|
||||
|
||||
recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm",
|
||||
recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmmm",
|
||||
ASN1_INTEGER_0,
|
||||
pkcs7_build_issuerAndSerialNumber(cert),
|
||||
asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
|
||||
|
@ -910,7 +910,7 @@ bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key,
|
|||
encryptedDigest = asn1_wrap(ASN1_OCTET_STRING, "m", encryptedDigest);
|
||||
}
|
||||
|
||||
signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm",
|
||||
signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmmmmm",
|
||||
ASN1_INTEGER_1,
|
||||
pkcs7_build_issuerAndSerialNumber(cert),
|
||||
asn1_algorithmIdentifier(signature_oid),
|
||||
|
@ -931,7 +931,7 @@ bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key,
|
|||
|
||||
this->content = asn1_wrap(ASN1_SEQUENCE, "cmcmm",
|
||||
ASN1_INTEGER_1,
|
||||
asn1_simple_object(ASN1_SET, asn1_algorithmIdentifier(signature_oid)),
|
||||
asn1_wrap(ASN1_SET, "m", asn1_algorithmIdentifier(signature_oid)),
|
||||
this->data,
|
||||
asn1_simple_object(ASN1_CONTEXT_C_0, cert->get_certificate(cert)),
|
||||
asn1_wrap(ASN1_SET, "m", signerInfo));
|
||||
|
|
|
@ -232,7 +232,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
|
|||
hasher->destroy(hasher);
|
||||
|
||||
/* build DER-encoded digestInfo */
|
||||
digestInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
|
||||
digestInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
|
||||
asn1_algorithmIdentifier(hash_oid),
|
||||
asn1_simple_object(ASN1_OCTET_STRING, hash)
|
||||
);
|
||||
|
|
|
@ -616,7 +616,7 @@ static chunk_t build_extensions(private_x509_ac_t *this)
|
|||
*/
|
||||
static chunk_t build_attr_cert_info(private_x509_ac_t *this)
|
||||
{
|
||||
return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm",
|
||||
return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmm",
|
||||
ASN1_INTEGER_1,
|
||||
build_holder(this),
|
||||
build_v2_form(this),
|
||||
|
@ -641,7 +641,7 @@ static chunk_t build_ac(private_x509_ac_t *this)
|
|||
this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1,
|
||||
attributeCertificateInfo, &signatureValue);
|
||||
|
||||
return asn1_wrap(ASN1_SEQUENCE, "mcm",
|
||||
return asn1_wrap(ASN1_SEQUENCE, "mmm",
|
||||
attributeCertificateInfo,
|
||||
asn1_algorithmIdentifier(OID_SHA1_WITH_RSA),
|
||||
asn1_bitstring("m", signatureValue));
|
||||
|
|
|
@ -1259,7 +1259,7 @@ static bool generate(private_builder_t *this)
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
key_info = asn1_wrap(ASN1_SEQUENCE, "cm",
|
||||
key_info = asn1_wrap(ASN1_SEQUENCE, "mm",
|
||||
asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
|
||||
asn1_bitstring("m", key));
|
||||
break;
|
||||
|
@ -1272,7 +1272,7 @@ static bool generate(private_builder_t *this)
|
|||
/* TODO: encode subjectAltNames */
|
||||
}
|
||||
|
||||
this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmccmcmm",
|
||||
this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm",
|
||||
asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2),
|
||||
asn1_integer("c", this->cert->serialNumber),
|
||||
asn1_algorithmIdentifier(this->cert->algorithm),
|
||||
|
@ -1288,7 +1288,7 @@ static bool generate(private_builder_t *this)
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
this->cert->encoding = asn1_wrap(ASN1_SEQUENCE, "ccm",
|
||||
this->cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm",
|
||||
this->cert->tbsCertificate,
|
||||
asn1_algorithmIdentifier(this->cert->algorithm),
|
||||
asn1_bitstring("c", this->cert->signature));
|
||||
|
|
|
@ -133,7 +133,7 @@ static chunk_t build_Request(private_x509_ocsp_request_t *this,
|
|||
chunk_t serialNumber)
|
||||
{
|
||||
return asn1_wrap(ASN1_SEQUENCE, "m",
|
||||
asn1_wrap(ASN1_SEQUENCE, "cmmm",
|
||||
asn1_wrap(ASN1_SEQUENCE, "mmmm",
|
||||
asn1_algorithmIdentifier(OID_SHA1),
|
||||
asn1_simple_object(ASN1_OCTET_STRING, issuerNameHash),
|
||||
asn1_simple_object(ASN1_OCTET_STRING, issuerKeyHash),
|
||||
|
|
|
@ -762,7 +762,7 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc)
|
|||
/* according to PKCS#1 v2.1 digest must be packaged into
|
||||
* an ASN.1 structure for encryption
|
||||
*/
|
||||
digest_info = asn1_wrap(ASN1_SEQUENCE, "cm"
|
||||
digest_info = asn1_wrap(ASN1_SEQUENCE, "mm"
|
||||
, asn1_algorithmIdentifier(OID_SHA1)
|
||||
, asn1_simple_object(ASN1_OCTET_STRING, digest));
|
||||
|
||||
|
@ -811,7 +811,7 @@ static chunk_t build_signature(chunk_t tbsRequest)
|
|||
|
||||
/* build signature comprising algorithm, signature and cert */
|
||||
return asn1_wrap(ASN1_CONTEXT_C_0, "m"
|
||||
, asn1_wrap(ASN1_SEQUENCE, "cmm"
|
||||
, asn1_wrap(ASN1_SEQUENCE, "mmm"
|
||||
, asn1_algorithmIdentifier(OID_SHA1_WITH_RSA)
|
||||
, sigdata
|
||||
, certs
|
||||
|
@ -825,7 +825,7 @@ static chunk_t build_signature(chunk_t tbsRequest)
|
|||
*/
|
||||
static chunk_t build_request(ocsp_location_t *location, ocsp_certinfo_t *certinfo)
|
||||
{
|
||||
chunk_t reqCert = asn1_wrap(ASN1_SEQUENCE, "cmmm"
|
||||
chunk_t reqCert = asn1_wrap(ASN1_SEQUENCE, "mmmm"
|
||||
, asn1_algorithmIdentifier(OID_SHA1)
|
||||
, asn1_simple_object(ASN1_OCTET_STRING, location->authNameID)
|
||||
, asn1_simple_object(ASN1_OCTET_STRING, location->authKeyID)
|
||||
|
|
|
@ -673,8 +673,6 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
|
|||
contentInfo_t pkcs7Data, signedData;
|
||||
chunk_t authenticatedAttributes, encryptedDigest, signerInfo, cInfo;
|
||||
|
||||
chunk_t digestAlgorithm = asn1_algorithmIdentifier(digest_alg);
|
||||
|
||||
if (attributes.ptr != NULL)
|
||||
{
|
||||
encryptedDigest = x509_build_signature(attributes, digest_alg, key,
|
||||
|
@ -689,10 +687,10 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
|
|||
authenticatedAttributes = chunk_empty;
|
||||
}
|
||||
|
||||
signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm"
|
||||
signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmmmmm"
|
||||
, ASN1_INTEGER_1
|
||||
, pkcs7_build_issuerAndSerialNumber(cert)
|
||||
, digestAlgorithm
|
||||
, asn1_algorithmIdentifier(digest_alg)
|
||||
, authenticatedAttributes
|
||||
, asn1_algorithmIdentifier(OID_RSA_ENCRYPTION)
|
||||
, encryptedDigest);
|
||||
|
@ -704,7 +702,7 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
|
|||
signedData.type = OID_PKCS7_SIGNED_DATA;
|
||||
signedData.content = asn1_wrap(ASN1_SEQUENCE, "cmmmm"
|
||||
, ASN1_INTEGER_1
|
||||
, asn1_simple_object(ASN1_SET, digestAlgorithm)
|
||||
, asn1_wrap(ASN1_SET, "m", asn1_algorithmIdentifier(digest_alg))
|
||||
, pkcs7_build_contentInfo(&pkcs7Data)
|
||||
, asn1_simple_object(ASN1_CONTEXT_C_0, cert->certificate)
|
||||
, asn1_wrap(ASN1_SET, "m", signerInfo));
|
||||
|
@ -792,7 +790,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int enc_
|
|||
chunk_t encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m"
|
||||
, protectedKey);
|
||||
|
||||
chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm"
|
||||
chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmmm"
|
||||
, ASN1_INTEGER_0
|
||||
, pkcs7_build_issuerAndSerialNumber(cert)
|
||||
, asn1_algorithmIdentifier(OID_RSA_ENCRYPTION)
|
||||
|
|
|
@ -1126,7 +1126,7 @@ static chunk_t build_tbs_x509cert(x509cert_t *cert, public_key_t *rsa)
|
|||
|
||||
rsa->get_encoding(rsa, KEY_PUB_ASN1_DER, &key);
|
||||
|
||||
chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
|
||||
chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
|
||||
asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
|
||||
asn1_bitstring("m", key));
|
||||
|
||||
|
@ -1137,7 +1137,7 @@ static chunk_t build_tbs_x509cert(x509cert_t *cert, public_key_t *rsa)
|
|||
, build_subjectAltNames(cert->subjectAltName)));
|
||||
}
|
||||
|
||||
return asn1_wrap(ASN1_SEQUENCE, "mmccmcmm"
|
||||
return asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm"
|
||||
, version
|
||||
, asn1_integer("c", cert->serialNumber)
|
||||
, asn1_algorithmIdentifier(cert->sigAlg)
|
||||
|
@ -1163,7 +1163,7 @@ void build_x509cert(x509cert_t *cert, public_key_t *cert_key,
|
|||
chunk_t signature = x509_build_signature(tbs_cert, cert->sigAlg
|
||||
, signer_key, TRUE);
|
||||
|
||||
cert->certificate = asn1_wrap(ASN1_SEQUENCE, "mcm"
|
||||
cert->certificate = asn1_wrap(ASN1_SEQUENCE, "mmm"
|
||||
, tbs_cert
|
||||
, asn1_algorithmIdentifier(cert->sigAlg)
|
||||
, signature);
|
||||
|
|
|
@ -161,7 +161,7 @@ pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg)
|
|||
|
||||
pkcs10->public_key->get_encoding(pkcs10->public_key, KEY_PUB_ASN1_DER, &key);
|
||||
|
||||
chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
|
||||
chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
|
||||
asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
|
||||
asn1_bitstring("m", key));
|
||||
|
||||
|
@ -174,7 +174,7 @@ pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg)
|
|||
chunk_t signature = x509_build_signature(cert_req_info, signature_alg,
|
||||
pkcs10->private_key, TRUE);
|
||||
|
||||
return asn1_wrap(ASN1_SEQUENCE, "mcm",
|
||||
return asn1_wrap(ASN1_SEQUENCE, "mmm",
|
||||
cert_req_info,
|
||||
asn1_algorithmIdentifier(signature_alg),
|
||||
signature);
|
||||
|
|
|
@ -294,7 +294,7 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
|
|||
|
||||
key->get_encoding(key, KEY_PUB_ASN1_DER, &keyEncoding);
|
||||
|
||||
keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
|
||||
keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
|
||||
asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
|
||||
asn1_bitstring("m", keyEncoding));
|
||||
|
||||
|
|
Loading…
Reference in New Issue