Added support for encrypted PKCS#8 files (for some PKCS#5 v1.5 schemes).
[strongswan.git] / src / libstrongswan / asn1 / asn1.c
1 /*
2 * Copyright (C) 2006 Martin Will
3 * Copyright (C) 2000-2008 Andreas Steffen
4 *
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <stdio.h>
19 #include <string.h>
20 #include <time.h>
21
22 #include <debug.h>
23
24 #include "oid.h"
25 #include "asn1.h"
26 #include "asn1_parser.h"
27
28 /**
29 * Commonly used ASN1 values.
30 */
31 const chunk_t ASN1_INTEGER_0 = chunk_from_chars(0x02, 0x00);
32 const chunk_t ASN1_INTEGER_1 = chunk_from_chars(0x02, 0x01, 0x01);
33 const chunk_t ASN1_INTEGER_2 = chunk_from_chars(0x02, 0x01, 0x02);
34
35 /*
36 * Defined in header.
37 */
38 chunk_t asn1_algorithmIdentifier(int oid)
39 {
40 chunk_t parameters;
41
42 /* some algorithmIdentifiers have a NULL parameters field and some do not */
43 switch (oid)
44 {
45 case OID_ECDSA_WITH_SHA1:
46 case OID_ECDSA_WITH_SHA224:
47 case OID_ECDSA_WITH_SHA256:
48 case OID_ECDSA_WITH_SHA384:
49 case OID_ECDSA_WITH_SHA512:
50 parameters = chunk_empty;
51 break;
52 default:
53 parameters = asn1_simple_object(ASN1_NULL, chunk_empty);
54 break;
55 }
56 return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(oid), parameters);
57 }
58
59 /*
60 * Defined in header.
61 */
62 int asn1_known_oid(chunk_t object)
63 {
64 int oid = 0;
65
66 while (object.len)
67 {
68 if (oid_names[oid].octet == *object.ptr)
69 {
70 if (--object.len == 0 || oid_names[oid].down == 0)
71 {
72 return oid; /* found terminal symbol */
73 }
74 else
75 {
76 object.ptr++; oid++; /* advance to next hex octet */
77 }
78 }
79 else
80 {
81 if (oid_names[oid].next)
82 {
83 oid = oid_names[oid].next;
84 }
85 else
86 {
87 return OID_UNKNOWN;
88 }
89 }
90 }
91 return -1;
92 }
93
94 /*
95 * Defined in header.
96 */
97 chunk_t asn1_build_known_oid(int n)
98 {
99 chunk_t oid;
100 int i;
101
102 if (n < 0 || n >= OID_MAX)
103 {
104 return chunk_empty;
105 }
106
107 i = oid_names[n].level + 1;
108 oid = chunk_alloc(2 + i);
109 oid.ptr[0] = ASN1_OID;
110 oid.ptr[1] = i;
111
112 do
113 {
114 if (oid_names[n].level >= i)
115 {
116 n--;
117 continue;
118 }
119 oid.ptr[--i + 2] = oid_names[n--].octet;
120 }
121 while (i > 0);
122
123 return oid;
124 }
125
126 /*
127 * Defined in header.
128 */
129 chunk_t asn1_oid_from_string(char *str)
130 {
131 enumerator_t *enumerator;
132 u_char buf[64];
133 char *end;
134 int i = 0, pos = 0, shift;
135 u_int val, shifted_val, first = 0;
136
137 enumerator = enumerator_create_token(str, ".", "");
138 while (enumerator->enumerate(enumerator, &str))
139 {
140 val = strtoul(str, &end, 10);
141 if (end == str || pos > countof(buf))
142 {
143 pos = 0;
144 break;
145 }
146 switch (i++)
147 {
148 case 0:
149 first = val;
150 break;
151 case 1:
152 buf[pos++] = first * 40 + val;
153 break;
154 default:
155 shift = 28; /* sufficient to handle 32 bit node numbers */
156 while (shift)
157 {
158 shifted_val = val >> shift;
159 shift -= 7;
160 if (shifted_val) /* do not encode leading zeroes */
161 {
162 buf[pos++] = 0x80 | (shifted_val & 0x7F);
163 }
164 }
165 buf[pos++] = val & 0x7F;
166 }
167 }
168 enumerator->destroy(enumerator);
169
170 return chunk_clone(chunk_create(buf, pos));
171 }
172
173 /*
174 * Defined in header.
175 */
176 char *asn1_oid_to_string(chunk_t oid)
177 {
178 char buf[64], *pos = buf;
179 int len;
180 u_int val;
181
182 if (!oid.len)
183 {
184 return NULL;
185 }
186 val = oid.ptr[0] / 40;
187 len = snprintf(buf, sizeof(buf), "%u.%u", val, oid.ptr[0] - val * 40);
188 oid = chunk_skip(oid, 1);
189 if (len < 0 || len >= sizeof(buf))
190 {
191 return NULL;
192 }
193 pos += len;
194 val = 0;
195
196 while (oid.len)
197 {
198 val = (val << 7) + (u_int)(oid.ptr[0] & 0x7f);
199
200 if (oid.ptr[0] < 128)
201 {
202 len = snprintf(pos, sizeof(buf) + buf - pos, ".%u", val);
203 if (len < 0 || len >= sizeof(buf) + buf - pos)
204 {
205 return NULL;
206 }
207 pos += len;
208 val = 0;
209 }
210 oid = chunk_skip(oid, 1);
211 }
212 return (val == 0) ? strdup(buf) : NULL;
213 }
214
215 /*
216 * Defined in header.
217 */
218 size_t asn1_length(chunk_t *blob)
219 {
220 u_char n;
221 size_t len;
222
223 if (blob->len < 2)
224 {
225 DBG2(DBG_ASN, "insufficient number of octets to parse ASN.1 length");
226 return ASN1_INVALID_LENGTH;
227 }
228
229 /* read length field, skip tag and length */
230 n = blob->ptr[1];
231 *blob = chunk_skip(*blob, 2);
232
233 if ((n & 0x80) == 0)
234 { /* single length octet */
235 if (n > blob->len)
236 {
237 DBG2(DBG_ASN, "length is larger than remaining blob size");
238 return ASN1_INVALID_LENGTH;
239 }
240 return n;
241 }
242
243 /* composite length, determine number of length octets */
244 n &= 0x7f;
245
246 if (n == 0 || n > blob->len)
247 {
248 DBG2(DBG_ASN, "number of length octets invalid");
249 return ASN1_INVALID_LENGTH;
250 }
251
252 if (n > sizeof(len))
253 {
254 DBG2(DBG_ASN, "number of length octets is larger than limit of"
255 " %d octets", (int)sizeof(len));
256 return ASN1_INVALID_LENGTH;
257 }
258
259 len = 0;
260
261 while (n-- > 0)
262 {
263 len = 256*len + *blob->ptr++;
264 blob->len--;
265 }
266 if (len > blob->len)
267 {
268 DBG2(DBG_ASN, "length is larger than remaining blob size");
269 return ASN1_INVALID_LENGTH;
270 }
271 return len;
272 }
273
274 /*
275 * See header.
276 */
277 int asn1_unwrap(chunk_t *blob, chunk_t *inner)
278 {
279 chunk_t res;
280 u_char len;
281 int type;
282
283 if (blob->len < 2)
284 {
285 return ASN1_INVALID;
286 }
287 type = blob->ptr[0];
288 len = blob->ptr[1];
289 *blob = chunk_skip(*blob, 2);
290
291 if ((len & 0x80) == 0)
292 { /* single length octet */
293 res.len = len;
294 }
295 else
296 { /* composite length, determine number of length octets */
297 len &= 0x7f;
298 if (len == 0 || len > sizeof(res.len))
299 {
300 return ASN1_INVALID;
301 }
302 res.len = 0;
303 while (len-- > 0)
304 {
305 res.len = 256 * res.len + blob->ptr[0];
306 *blob = chunk_skip(*blob, 1);
307 }
308 }
309 if (res.len > blob->len)
310 {
311 return ASN1_INVALID;
312 }
313 res.ptr = blob->ptr;
314 *blob = chunk_skip(*blob, res.len);
315 /* updating inner not before we are finished allows a caller to pass
316 * blob = inner */
317 *inner = res;
318 return type;
319 }
320
321 static const int days[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 };
322 static const int tm_leap_1970 = 477;
323
324 /**
325 * Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time
326 */
327 time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
328 {
329 int tm_year, tm_mon, tm_day, tm_hour, tm_min, tm_sec;
330 int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap;
331 int tz_hour, tz_min, tz_offset;
332 time_t tm_days, tm_secs;
333 u_char *eot = NULL;
334
335 if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
336 {
337 tz_offset = 0; /* Zulu time with a zero time zone offset */
338 }
339 else if ((eot = memchr(utctime->ptr, '+', utctime->len)) != NULL)
340 {
341 if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
342 {
343 return 0; /* error in positive timezone offset format */
344 }
345 tz_offset = 3600*tz_hour + 60*tz_min; /* positive time zone offset */
346 }
347 else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL)
348 {
349 if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
350 {
351 return 0; /* error in negative timezone offset format */
352 }
353 tz_offset = -3600*tz_hour - 60*tz_min; /* negative time zone offset */
354 }
355 else
356 {
357 return 0; /* error in time format */
358 }
359
360 /* parse ASN.1 time string */
361 {
362 const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
363 "%4d%2d%2d%2d%2d";
364
365 if (sscanf(utctime->ptr, format, &tm_year, &tm_mon, &tm_day,
366 &tm_hour, &tm_min) != 5)
367 {
368 return 0; /* error in [yy]yymmddhhmm time format */
369 }
370 }
371
372 /* is there a seconds field? */
373 if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
374 {
375 if (sscanf(eot-2, "%2d", &tm_sec) != 1)
376 {
377 return 0; /* error in ss seconds field format */
378 }
379 }
380 else
381 {
382 tm_sec = 0;
383 }
384
385 /* representation of two-digit years */
386 if (type == ASN1_UTCTIME)
387 {
388 tm_year += (tm_year < 50) ? 2000 : 1900;
389 }
390
391 /* prevent large 32 bit integer overflows */
392 if (sizeof(time_t) == 4 && tm_year > 2038)
393 {
394 return TIME_32_BIT_SIGNED_MAX;
395 }
396
397 /* representation of months as 0..11*/
398 if (tm_mon < 1 || tm_mon > 12)
399 {
400 return 0; /* error in month format */
401 }
402 tm_mon--;
403
404 /* representation of days as 0..30 */
405 tm_day--;
406
407 /* number of leap years between last year and 1970? */
408 tm_leap_4 = (tm_year - 1) / 4;
409 tm_leap_100 = tm_leap_4 / 25;
410 tm_leap_400 = tm_leap_100 / 4;
411 tm_leap = tm_leap_4 - tm_leap_100 + tm_leap_400 - tm_leap_1970;
412
413 /* if date later then February, is the current year a leap year? */
414 if (tm_mon > 1 && (tm_year % 4 == 0) &&
415 (tm_year % 100 != 0 || tm_year % 400 == 0))
416 {
417 tm_leap++;
418 }
419 tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap;
420 tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec - tz_offset;
421
422 /* has a 32 bit signed integer overflow occurred? */
423 return (tm_secs < 0) ? TIME_32_BIT_SIGNED_MAX : tm_secs;
424 }
425
426 /**
427 * Convert a date into ASN.1 UTCTIME or GENERALIZEDTIME format
428 */
429 chunk_t asn1_from_time(const time_t *time, asn1_t type)
430 {
431 int offset;
432 const char *format;
433 char buf[BUF_LEN];
434 chunk_t formatted_time;
435 struct tm t;
436
437 gmtime_r(time, &t);
438 /* RFC 5280 says that dates through the year 2049 MUST be encoded as UTCTIME
439 * and dates in 2050 or later MUST be encoded as GENERALIZEDTIME. We only
440 * enforce the latter to avoid overflows but allow callers to force the
441 * encoding to GENERALIZEDTIME */
442 type = (t.tm_year >= 150) ? ASN1_GENERALIZEDTIME : type;
443 if (type == ASN1_GENERALIZEDTIME)
444 {
445 format = "%04d%02d%02d%02d%02d%02dZ";
446 offset = 1900;
447 }
448 else /* ASN1_UTCTIME */
449 {
450 format = "%02d%02d%02d%02d%02d%02dZ";
451 offset = (t.tm_year < 100) ? 0 : -100;
452 }
453 snprintf(buf, BUF_LEN, format, t.tm_year + offset,
454 t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);
455 formatted_time.ptr = buf;
456 formatted_time.len = strlen(buf);
457 return asn1_simple_object(type, formatted_time);
458 }
459
460 /*
461 * Defined in header.
462 */
463 void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private)
464 {
465 int oid;
466
467 switch (type)
468 {
469 case ASN1_OID:
470 oid = asn1_known_oid(object);
471 if (oid == OID_UNKNOWN)
472 {
473 char *oid_str = asn1_oid_to_string(object);
474
475 if (!oid_str)
476 {
477 break;
478 }
479 DBG2(DBG_ASN, " %s", oid_str);
480 free(oid_str);
481 }
482 else
483 {
484 DBG2(DBG_ASN, " '%s'", oid_names[oid].name);
485 }
486 return;
487 case ASN1_UTF8STRING:
488 case ASN1_IA5STRING:
489 case ASN1_PRINTABLESTRING:
490 case ASN1_T61STRING:
491 case ASN1_VISIBLESTRING:
492 DBG2(DBG_ASN, " '%.*s'", (int)object.len, object.ptr);
493 return;
494 case ASN1_UTCTIME:
495 case ASN1_GENERALIZEDTIME:
496 {
497 time_t time = asn1_to_time(&object, type);
498
499 DBG2(DBG_ASN, " '%T'", &time, TRUE);
500 }
501 return;
502 default:
503 break;
504 }
505 if (private)
506 {
507 DBG4(DBG_ASN, "%B", &object);
508 }
509 else
510 {
511 DBG3(DBG_ASN, "%B", &object);
512 }
513 }
514
515 /**
516 * parse an ASN.1 simple type
517 */
518 bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const char* name)
519 {
520 size_t len;
521
522 /* an ASN.1 object must possess at least a tag and length field */
523 if (object->len < 2)
524 {
525 DBG2(DBG_ASN, "L%d - %s: ASN.1 object smaller than 2 octets", level,
526 name);
527 return FALSE;
528 }
529
530 if (*object->ptr != type)
531 {
532 DBG2(DBG_ASN, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
533 level, name, type, *object->ptr);
534 return FALSE;
535 }
536
537 len = asn1_length(object);
538
539 if (len == ASN1_INVALID_LENGTH || object->len < len)
540 {
541 DBG2(DBG_ASN, "L%d - %s: length of ASN.1 object invalid or too large",
542 level, name);
543 return FALSE;
544 }
545
546 DBG2(DBG_ASN, "L%d - %s:", level, name);
547 asn1_debug_simple_object(*object, type, FALSE);
548 return TRUE;
549 }
550
551 /**
552 * ASN.1 definition of an algorithmIdentifier
553 */
554 static const asn1Object_t algorithmIdentifierObjects[] = {
555 { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
556 { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */
557 { 1, "parameters", ASN1_OID, ASN1_RAW|ASN1_OPT }, /* 2 */
558 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
559 { 1, "parameters", ASN1_SEQUENCE, ASN1_RAW|ASN1_OPT }, /* 4 */
560 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 5 */
561 { 0, "exit", ASN1_EOC, ASN1_EXIT }
562 };
563 #define ALGORITHM_ID_ALG 1
564 #define ALGORITHM_ID_PARAMETERS_OID 2
565 #define ALGORITHM_ID_PARAMETERS_SEQ 4
566
567 /*
568 * Defined in header
569 */
570 int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters)
571 {
572 asn1_parser_t *parser;
573 chunk_t object;
574 int objectID;
575 int alg = OID_UNKNOWN;
576
577 parser = asn1_parser_create(algorithmIdentifierObjects, blob);
578 parser->set_top_level(parser, level0);
579
580 while (parser->iterate(parser, &objectID, &object))
581 {
582 switch (objectID)
583 {
584 case ALGORITHM_ID_ALG:
585 alg = asn1_known_oid(object);
586 break;
587 case ALGORITHM_ID_PARAMETERS_OID:
588 case ALGORITHM_ID_PARAMETERS_SEQ:
589 if (parameters != NULL)
590 {
591 *parameters = object;
592 }
593 break;
594 default:
595 break;
596 }
597 }
598 parser->destroy(parser);
599 return alg;
600 }
601
602 /*
603 * tests if a blob contains a valid ASN.1 set or sequence
604 */
605 bool is_asn1(chunk_t blob)
606 {
607 u_int len;
608 u_char tag;
609
610 if (!blob.len || !blob.ptr)
611 {
612 return FALSE;
613 }
614
615 tag = *blob.ptr;
616 if (tag != ASN1_SEQUENCE && tag != ASN1_SET && tag != ASN1_OCTET_STRING)
617 {
618 DBG2(DBG_ASN, " file content is not binary ASN.1");
619 return FALSE;
620 }
621
622 len = asn1_length(&blob);
623
624 /* exact match */
625 if (len == blob.len)
626 {
627 return TRUE;
628 }
629
630 /* some websites append a surplus newline character to the blob */
631 if (len + 1 == blob.len && *(blob.ptr + len) == '\n')
632 {
633 return TRUE;
634 }
635
636 DBG2(DBG_ASN, " file size does not match ASN.1 coded length");
637 return FALSE;
638 }
639
640 /*
641 * Defined in header.
642 */
643 bool asn1_is_printablestring(chunk_t str)
644 {
645 const char printablestring_charset[] =
646 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 '()+,-./:=?";
647 u_int i;
648
649 for (i = 0; i < str.len; i++)
650 {
651 if (strchr(printablestring_charset, str.ptr[i]) == NULL)
652 return FALSE;
653 }
654 return TRUE;
655 }
656
657 /**
658 * codes ASN.1 lengths up to a size of 16'777'215 bytes
659 */
660 static void asn1_code_length(size_t length, chunk_t *code)
661 {
662 if (length < 128)
663 {
664 code->ptr[0] = length;
665 code->len = 1;
666 }
667 else if (length < 256)
668 {
669 code->ptr[0] = 0x81;
670 code->ptr[1] = (u_char) length;
671 code->len = 2;
672 }
673 else if (length < 65536)
674 {
675 code->ptr[0] = 0x82;
676 code->ptr[1] = length >> 8;
677 code->ptr[2] = length & 0x00ff;
678 code->len = 3;
679 }
680 else
681 {
682 code->ptr[0] = 0x83;
683 code->ptr[1] = length >> 16;
684 code->ptr[2] = (length >> 8) & 0x00ff;
685 code->ptr[3] = length & 0x0000ff;
686 code->len = 4;
687 }
688 }
689
690 /**
691 * build an empty asn.1 object with tag and length fields already filled in
692 */
693 u_char* asn1_build_object(chunk_t *object, asn1_t type, size_t datalen)
694 {
695 u_char length_buf[4];
696 chunk_t length = { length_buf, 0 };
697 u_char *pos;
698
699 /* code the asn.1 length field */
700 asn1_code_length(datalen, &length);
701
702 /* allocate memory for the asn.1 TLV object */
703 object->len = 1 + length.len + datalen;
704 object->ptr = malloc(object->len);
705
706 /* set position pointer at the start of the object */
707 pos = object->ptr;
708
709 /* copy the asn.1 tag field and advance the pointer */
710 *pos++ = type;
711
712 /* copy the asn.1 length field and advance the pointer */
713 memcpy(pos, length.ptr, length.len);
714 pos += length.len;
715
716 return pos;
717 }
718
719 /**
720 * Build a simple ASN.1 object
721 */
722 chunk_t asn1_simple_object(asn1_t tag, chunk_t content)
723 {
724 chunk_t object;
725
726 u_char *pos = asn1_build_object(&object, tag, content.len);
727 memcpy(pos, content.ptr, content.len);
728 pos += content.len;
729
730 return object;
731 }
732
733 /**
734 * Build an ASN.1 BIT_STRING object
735 */
736 chunk_t asn1_bitstring(const char *mode, chunk_t content)
737 {
738 chunk_t object;
739 u_char *pos = asn1_build_object(&object, ASN1_BIT_STRING, 1 + content.len);
740
741 *pos++ = 0x00;
742 memcpy(pos, content.ptr, content.len);
743 if (*mode == 'm')
744 {
745 free(content.ptr);
746 }
747 return object;
748 }
749
750 /**
751 * Build an ASN.1 INTEGER object
752 */
753 chunk_t asn1_integer(const char *mode, chunk_t content)
754 {
755 chunk_t object;
756 size_t len;
757 u_char *pos;
758
759 if (content.len == 0 || (content.len == 1 && *content.ptr == 0x00))
760 {
761 /* a zero ASN.1 integer does not have a value field */
762 len = 0;
763 }
764 else
765 {
766 /* ASN.1 integers must be positive numbers in two's complement */
767 len = content.len + ((*content.ptr & 0x80) ? 1 : 0);
768 }
769 pos = asn1_build_object(&object, ASN1_INTEGER, len);
770 if (len > content.len)
771 {
772 *pos++ = 0x00;
773 }
774 if (len)
775 {
776 memcpy(pos, content.ptr, content.len);
777 }
778 if (*mode == 'm')
779 {
780 free(content.ptr);
781 }
782 return object;
783 }
784
785 /**
786 * Build an ASN.1 object from a variable number of individual chunks.
787 * Depending on the mode, chunks either are moved ('m') or copied ('c').
788 */
789 chunk_t asn1_wrap(asn1_t type, const char *mode, ...)
790 {
791 chunk_t construct;
792 va_list chunks;
793 u_char *pos;
794 int i;
795 int count = strlen(mode);
796
797 /* sum up lengths of individual chunks */
798 va_start(chunks, mode);
799 construct.len = 0;
800 for (i = 0; i < count; i++)
801 {
802 chunk_t ch = va_arg(chunks, chunk_t);
803 construct.len += ch.len;
804 }
805 va_end(chunks);
806
807 /* allocate needed memory for construct */
808 pos = asn1_build_object(&construct, type, construct.len);
809
810 /* copy or move the chunks */
811 va_start(chunks, mode);
812 for (i = 0; i < count; i++)
813 {
814 chunk_t ch = va_arg(chunks, chunk_t);
815
816 memcpy(pos, ch.ptr, ch.len);
817 pos += ch.len;
818
819 switch (*mode++)
820 {
821 case 's':
822 chunk_clear(&ch);
823 break;
824 case 'm':
825 free(ch.ptr);
826 break;
827 default:
828 break;
829 }
830 }
831 va_end(chunks);
832
833 return construct;
834 }
835
836 /**
837 * ASN.1 definition of time
838 */
839 static const asn1Object_t timeObjects[] = {
840 { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */
841 { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */
842 { 0, "generalizeTime", ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */
843 { 0, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
844 { 0, "exit", ASN1_EOC, ASN1_EXIT }
845 };
846 #define TIME_UTC 0
847 #define TIME_GENERALIZED 2
848
849 /**
850 * extracts and converts a UTCTIME or GENERALIZEDTIME object
851 */
852 time_t asn1_parse_time(chunk_t blob, int level0)
853 {
854 asn1_parser_t *parser;
855 chunk_t object;
856 int objectID;
857 time_t utc_time = 0;
858
859 parser= asn1_parser_create(timeObjects, blob);
860 parser->set_top_level(parser, level0);
861
862 while (parser->iterate(parser, &objectID, &object))
863 {
864 if (objectID == TIME_UTC || objectID == TIME_GENERALIZED)
865 {
866 utc_time = asn1_to_time(&object, (objectID == TIME_UTC)
867 ? ASN1_UTCTIME : ASN1_GENERALIZEDTIME);
868 }
869 }
870 parser->destroy(parser);
871 return utc_time;
872 }