added additional sanity checks to asn1_length() parsing
[strongswan.git] / src / libstrongswan / asn1 / asn1.c
1 /*
2 * Copyright (C) 2006 Martin Will
3 * Copyright (C) 2000-2008 Andreas Steffen
4 *
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <stdio.h>
19 #include <string.h>
20 #include <time.h>
21 #include <pthread.h>
22
23 #include <utils.h>
24 #include <debug.h>
25
26 #include "oid.h"
27 #include "asn1.h"
28 #include "asn1_parser.h"
29
30 /**
31 * some common prefabricated ASN.1 constants
32 */
33 static u_char ASN1_INTEGER_0_str[] = { 0x02, 0x00 };
34 static u_char ASN1_INTEGER_1_str[] = { 0x02, 0x01, 0x01 };
35 static u_char ASN1_INTEGER_2_str[] = { 0x02, 0x01, 0x02 };
36
37 const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str);
38 const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str);
39 const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str);
40
41 /**
42 * some popular algorithmIdentifiers
43 */
44
45 static u_char ASN1_md2_id_str[] = {
46 0x30, 0x0c,
47 0x06, 0x08,
48 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02,
49 0x05,0x00,
50 };
51
52 static u_char ASN1_md5_id_str[] = {
53 0x30, 0x0C,
54 0x06, 0x08,
55 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
56 0x05, 0x00
57 };
58
59 static u_char ASN1_sha1_id_str[] = {
60 0x30, 0x09,
61 0x06, 0x05,
62 0x2B, 0x0E,0x03, 0x02, 0x1A,
63 0x05, 0x00
64 };
65
66 static u_char ASN1_sha256_id_str[] = {
67 0x30, 0x0d,
68 0x06, 0x09,
69 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
70 0x05, 0x00
71 };
72
73 static u_char ASN1_sha384_id_str[] = {
74 0x30, 0x0d,
75 0x06, 0x09,
76 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
77 0x05, 0x00
78 };
79
80 static u_char ASN1_sha512_id_str[] = {
81 0x30, 0x0d,
82 0x06, 0x09,
83 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
84 0x05,0x00
85 };
86
87 static u_char ASN1_md2WithRSA_id_str[] = {
88 0x30, 0x0D,
89 0x06, 0x09,
90 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02,
91 0x05, 0x00
92 };
93
94 static u_char ASN1_md5WithRSA_id_str[] = {
95 0x30, 0x0D,
96 0x06, 0x09,
97 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04,
98 0x05, 0x00
99 };
100
101 static u_char ASN1_sha1WithRSA_id_str[] = {
102 0x30, 0x0D,
103 0x06, 0x09,
104 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
105 0x05, 0x00
106 };
107
108 static u_char ASN1_sha256WithRSA_id_str[] = {
109 0x30, 0x0D,
110 0x06, 0x09,
111 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
112 0x05, 0x00
113 };
114
115 static u_char ASN1_sha384WithRSA_id_str[] = {
116 0x30, 0x0D,
117 0x06, 0x09,
118 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C,
119 0x05, 0x00
120 };
121
122 static u_char ASN1_sha512WithRSA_id_str[] = {
123 0x30, 0x0D,
124 0x06, 0x09,
125 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D,
126 0x05, 0x00
127 };
128
129 static u_char ASN1_rsaEncryption_id_str[] = {
130 0x30, 0x0D,
131 0x06, 0x09,
132 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
133 0x05, 0x00
134 };
135
136 static const chunk_t ASN1_md2_id = chunk_from_buf(ASN1_md2_id_str);
137 static const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str);
138 static const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str);
139 static const chunk_t ASN1_sha256_id = chunk_from_buf(ASN1_sha256_id_str);
140 static const chunk_t ASN1_sha384_id = chunk_from_buf(ASN1_sha384_id_str);
141 static const chunk_t ASN1_sha512_id = chunk_from_buf(ASN1_sha512_id_str);
142 static const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str);
143 static const chunk_t ASN1_md2WithRSA_id = chunk_from_buf(ASN1_md2WithRSA_id_str);
144 static const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str);
145 static const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str);
146 static const chunk_t ASN1_sha256WithRSA_id = chunk_from_buf(ASN1_sha256WithRSA_id_str);
147 static const chunk_t ASN1_sha384WithRSA_id = chunk_from_buf(ASN1_sha384WithRSA_id_str);
148 static const chunk_t ASN1_sha512WithRSA_id = chunk_from_buf(ASN1_sha512WithRSA_id_str);
149
150 /*
151 * Defined in header.
152 */
153 chunk_t asn1_algorithmIdentifier(int oid)
154 {
155 switch (oid)
156 {
157 case OID_RSA_ENCRYPTION:
158 return ASN1_rsaEncryption_id;
159 case OID_MD2_WITH_RSA:
160 return ASN1_md2WithRSA_id;
161 case OID_MD5_WITH_RSA:
162 return ASN1_md5WithRSA_id;
163 case OID_SHA1_WITH_RSA:
164 return ASN1_sha1WithRSA_id;
165 case OID_SHA256_WITH_RSA:
166 return ASN1_sha256WithRSA_id;
167 case OID_SHA384_WITH_RSA:
168 return ASN1_sha384WithRSA_id;
169 case OID_SHA512_WITH_RSA:
170 return ASN1_sha512WithRSA_id;
171 case OID_MD2:
172 return ASN1_md2_id;
173 case OID_MD5:
174 return ASN1_md5_id;
175 case OID_SHA1:
176 return ASN1_sha1_id;
177 case OID_SHA256:
178 return ASN1_sha256_id;
179 case OID_SHA384:
180 return ASN1_sha384_id;
181 case OID_SHA512:
182 return ASN1_sha512_id;
183 default:
184 return chunk_empty;
185 }
186 }
187
188 /*
189 * Defined in header.
190 */
191 int asn1_known_oid(chunk_t object)
192 {
193 int oid = 0;
194
195 while (object.len)
196 {
197 if (oid_names[oid].octet == *object.ptr)
198 {
199 if (--object.len == 0 || oid_names[oid].down == 0)
200 {
201 return oid; /* found terminal symbol */
202 }
203 else
204 {
205 object.ptr++; oid++; /* advance to next hex octet */
206 }
207 }
208 else
209 {
210 if (oid_names[oid].next)
211 {
212 oid = oid_names[oid].next;
213 }
214 else
215 {
216 return OID_UNKNOWN;
217 }
218 }
219 }
220 return -1;
221 }
222
223 /*
224 * Defined in header.
225 */
226 chunk_t asn1_build_known_oid(int n)
227 {
228 chunk_t oid;
229 int i;
230
231 if (n < 0 || n >= OID_MAX)
232 {
233 return chunk_empty;
234 }
235
236 i = oid_names[n].level + 1;
237 oid = chunk_alloc(2 + i);
238 oid.ptr[0] = ASN1_OID;
239 oid.ptr[1] = i;
240
241 do
242 {
243 if (oid_names[n].level >= i)
244 {
245 n--;
246 continue;
247 }
248 oid.ptr[--i + 2] = oid_names[n--].octet;
249 }
250 while (i > 0);
251
252 return oid;
253 }
254
255 /*
256 * Defined in header.
257 */
258 size_t asn1_length(chunk_t *blob)
259 {
260 u_char n;
261 size_t len;
262
263 if (blob->len < 2)
264 {
265 DBG2("insufficient number of octets to parse ASN.1 length");
266 return ASN1_INVALID_LENGTH;
267 }
268
269 /* read length field, skip tag and length */
270 n = blob->ptr[1];
271 *blob = chunk_skip(*blob, 2);
272
273 if ((n & 0x80) == 0)
274 { /* single length octet */
275 if (n > blob->len)
276 {
277 DBG2("length is larger than remaining blob size");
278 return ASN1_INVALID_LENGTH;
279 }
280 return n;
281 }
282
283 /* composite length, determine number of length octets */
284 n &= 0x7f;
285
286 if (n == 0 || n > blob->len)
287 {
288 DBG2("number of length octets invalid");
289 return ASN1_INVALID_LENGTH;
290 }
291
292 if (n > sizeof(len))
293 {
294 DBG2("number of length octets is larger than limit of %d octets",
295 (int)sizeof(len));
296 return ASN1_INVALID_LENGTH;
297 }
298
299 len = 0;
300
301 while (n-- > 0)
302 {
303 len = 256*len + *blob->ptr++;
304 blob->len--;
305 }
306 if (len > blob->len)
307 {
308 DBG2("length is larger than remaining blob size");
309 return ASN1_INVALID_LENGTH;
310 }
311 return len;
312 }
313
314 #define TIME_MAX 0x7fffffff
315
316 static const int days[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 };
317 static const int tm_leap_1970 = 477;
318
319 /**
320 * Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time
321 */
322 time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
323 {
324 int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec;
325 int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap;
326 int tz_hour, tz_min, tz_offset;
327 time_t tm_secs;
328 u_char *eot = NULL;
329
330 if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
331 {
332 tz_offset = 0; /* Zulu time with a zero time zone offset */
333 }
334 else if ((eot = memchr(utctime->ptr, '+', utctime->len)) != NULL)
335 {
336 if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
337 {
338 return 0; /* error in positive timezone offset format */
339 }
340 tz_offset = 3600*tz_hour + 60*tz_min; /* positive time zone offset */
341 }
342 else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL)
343 {
344 if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
345 {
346 return 0; /* error in negative timezone offset format */
347 }
348 tz_offset = -3600*tz_hour - 60*tz_min; /* negative time zone offset */
349 }
350 else
351 {
352 return 0; /* error in time format */
353 }
354
355 /* parse ASN.1 time string */
356 {
357 const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
358 "%4d%2d%2d%2d%2d";
359
360 if (sscanf(utctime->ptr, format, &tm_year, &tm_mon, &tm_day,
361 &tm_hour, &tm_min) != 5)
362 {
363 return 0; /* error in [yy]yymmddhhmm time format */
364 }
365 }
366
367 /* is there a seconds field? */
368 if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
369 {
370 if (sscanf(eot-2, "%2d", &tm_sec) != 1)
371 {
372 return 0; /* error in ss seconds field format */
373 }
374 }
375 else
376 {
377 tm_sec = 0;
378 }
379
380 /* representation of two-digit years */
381 if (type == ASN1_UTCTIME)
382 {
383 tm_year += (tm_year < 50) ? 2000 : 1900;
384 }
385
386 /* prevent large 32 bit integer overflows */
387 if (sizeof(time_t) == 4 && tm_year > 2038)
388 {
389 return TIME_MAX;
390 }
391
392 /* representation of months as 0..11*/
393 if (tm_mon < 1 || tm_mon > 12)
394 {
395 return 0; /* error in month format */
396 }
397 tm_mon--;
398
399 /* representation of days as 0..30 */
400 tm_day--;
401
402 /* number of leap years between last year and 1970? */
403 tm_leap_4 = (tm_year - 1) / 4;
404 tm_leap_100 = tm_leap_4 / 25;
405 tm_leap_400 = tm_leap_100 / 4;
406 tm_leap = tm_leap_4 - tm_leap_100 + tm_leap_400 - tm_leap_1970;
407
408 /* if date later then February, is the current year a leap year? */
409 if (tm_mon > 1 && (tm_year % 4 == 0) &&
410 (tm_year % 100 != 0 || tm_year % 400 == 0))
411 {
412 tm_leap++;
413 }
414 tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap;
415 tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec - tz_offset;
416
417 /* has a 32 bit overflow occurred? */
418 return (tm_secs < 0) ? TIME_MAX : tm_secs;
419 }
420
421 /**
422 * Convert a date into ASN.1 UTCTIME or GENERALIZEDTIME format
423 */
424 chunk_t asn1_from_time(const time_t *time, asn1_t type)
425 {
426 int offset;
427 const char *format;
428 char buf[BUF_LEN];
429 chunk_t formatted_time;
430 struct tm t;
431
432 gmtime_r(time, &t);
433 if (type == ASN1_GENERALIZEDTIME)
434 {
435 format = "%04d%02d%02d%02d%02d%02dZ";
436 offset = 1900;
437 }
438 else /* ASN1_UTCTIME */
439 {
440 format = "%02d%02d%02d%02d%02d%02dZ";
441 offset = (t.tm_year < 100)? 0 : -100;
442 }
443 snprintf(buf, BUF_LEN, format, t.tm_year + offset,
444 t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);
445 formatted_time.ptr = buf;
446 formatted_time.len = strlen(buf);
447 return asn1_simple_object(type, formatted_time);
448 }
449
450 /*
451 * Defined in header.
452 */
453 void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private)
454 {
455 int oid;
456
457 switch (type)
458 {
459 case ASN1_OID:
460 oid = asn1_known_oid(object);
461 if (oid != OID_UNKNOWN)
462 {
463 DBG2(" '%s'", oid_names[oid].name);
464 return;
465 }
466 break;
467 case ASN1_UTF8STRING:
468 case ASN1_IA5STRING:
469 case ASN1_PRINTABLESTRING:
470 case ASN1_T61STRING:
471 case ASN1_VISIBLESTRING:
472 DBG2(" '%.*s'", (int)object.len, object.ptr);
473 return;
474 case ASN1_UTCTIME:
475 case ASN1_GENERALIZEDTIME:
476 {
477 time_t time = asn1_to_time(&object, type);
478
479 DBG2(" '%T'", &time, TRUE);
480 }
481 return;
482 default:
483 break;
484 }
485 if (private)
486 {
487 DBG4("%B", &object);
488 }
489 else
490 {
491 DBG3("%B", &object);
492 }
493 }
494
495 /**
496 * parse an ASN.1 simple type
497 */
498 bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const char* name)
499 {
500 size_t len;
501
502 /* an ASN.1 object must possess at least a tag and length field */
503 if (object->len < 2)
504 {
505 DBG2("L%d - %s: ASN.1 object smaller than 2 octets", level, name);
506 return FALSE;
507 }
508
509 if (*object->ptr != type)
510 {
511 DBG2("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
512 level, name, type, *object->ptr);
513 return FALSE;
514 }
515
516 len = asn1_length(object);
517
518 if (len == ASN1_INVALID_LENGTH || object->len < len)
519 {
520 DBG2("L%d - %s: length of ASN.1 object invalid or too large",
521 level, name);
522 return FALSE;
523 }
524
525 DBG2("L%d - %s:", level, name);
526 asn1_debug_simple_object(*object, type, FALSE);
527 return TRUE;
528 }
529
530 /**
531 * ASN.1 definition of an algorithmIdentifier
532 */
533 static const asn1Object_t algorithmIdentifierObjects[] = {
534 { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
535 { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */
536 { 1, "parameters", ASN1_EOC, ASN1_RAW|ASN1_OPT }, /* 2 */
537 { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
538 { 0, "exit", ASN1_EOC, ASN1_EXIT }
539 };
540 #define ALGORITHM_ID_ALG 1
541 #define ALGORITHM_ID_PARAMETERS 2
542
543 /*
544 * Defined in header
545 */
546 int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters)
547 {
548 asn1_parser_t *parser;
549 chunk_t object;
550 int objectID;
551 int alg = OID_UNKNOWN;
552
553 parser = asn1_parser_create(algorithmIdentifierObjects, blob);
554 parser->set_top_level(parser, level0);
555
556 while (parser->iterate(parser, &objectID, &object))
557 {
558 switch (objectID)
559 {
560 case ALGORITHM_ID_ALG:
561 alg = asn1_known_oid(object);
562 break;
563 case ALGORITHM_ID_PARAMETERS:
564 if (parameters != NULL)
565 {
566 *parameters = object;
567 }
568 break;
569 default:
570 break;
571 }
572 }
573 parser->destroy(parser);
574 return alg;
575 }
576
577 /*
578 * tests if a blob contains a valid ASN.1 set or sequence
579 */
580 bool is_asn1(chunk_t blob)
581 {
582 u_int len;
583 u_char tag = *blob.ptr;
584
585 if (tag != ASN1_SEQUENCE && tag != ASN1_SET)
586 {
587 DBG2(" file content is not binary ASN.1");
588 return FALSE;
589 }
590
591 len = asn1_length(&blob);
592
593 /* exact match */
594 if (len == blob.len)
595 {
596 return TRUE;
597 }
598
599 /* some websites append a surplus newline character to the blob */
600 if (len + 1 == blob.len && *(blob.ptr + len) == '\n')
601 {
602 return TRUE;
603 }
604
605 DBG2(" file size does not match ASN.1 coded length");
606 return FALSE;
607 }
608
609 /*
610 * Defined in header.
611 */
612 bool asn1_is_printablestring(chunk_t str)
613 {
614 const char printablestring_charset[] =
615 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 '()+,-./:=?";
616 u_int i;
617
618 for (i = 0; i < str.len; i++)
619 {
620 if (strchr(printablestring_charset, str.ptr[i]) == NULL)
621 return FALSE;
622 }
623 return TRUE;
624 }
625
626 /**
627 * codes ASN.1 lengths up to a size of 16'777'215 bytes
628 */
629 static void asn1_code_length(size_t length, chunk_t *code)
630 {
631 if (length < 128)
632 {
633 code->ptr[0] = length;
634 code->len = 1;
635 }
636 else if (length < 256)
637 {
638 code->ptr[0] = 0x81;
639 code->ptr[1] = (u_char) length;
640 code->len = 2;
641 }
642 else if (length < 65536)
643 {
644 code->ptr[0] = 0x82;
645 code->ptr[1] = length >> 8;
646 code->ptr[2] = length & 0x00ff;
647 code->len = 3;
648 }
649 else
650 {
651 code->ptr[0] = 0x83;
652 code->ptr[1] = length >> 16;
653 code->ptr[2] = (length >> 8) & 0x00ff;
654 code->ptr[3] = length & 0x0000ff;
655 code->len = 4;
656 }
657 }
658
659 /**
660 * build an empty asn.1 object with tag and length fields already filled in
661 */
662 u_char* asn1_build_object(chunk_t *object, asn1_t type, size_t datalen)
663 {
664 u_char length_buf[4];
665 chunk_t length = { length_buf, 0 };
666 u_char *pos;
667
668 /* code the asn.1 length field */
669 asn1_code_length(datalen, &length);
670
671 /* allocate memory for the asn.1 TLV object */
672 object->len = 1 + length.len + datalen;
673 object->ptr = malloc(object->len);
674
675 /* set position pointer at the start of the object */
676 pos = object->ptr;
677
678 /* copy the asn.1 tag field and advance the pointer */
679 *pos++ = type;
680
681 /* copy the asn.1 length field and advance the pointer */
682 memcpy(pos, length.ptr, length.len);
683 pos += length.len;
684
685 return pos;
686 }
687
688 /**
689 * Build a simple ASN.1 object
690 */
691 chunk_t asn1_simple_object(asn1_t tag, chunk_t content)
692 {
693 chunk_t object;
694
695 u_char *pos = asn1_build_object(&object, tag, content.len);
696 memcpy(pos, content.ptr, content.len);
697 pos += content.len;
698
699 return object;
700 }
701
702 /**
703 * Build an ASN.1 BIT_STRING object
704 */
705 chunk_t asn1_bitstring(const char *mode, chunk_t content)
706 {
707 chunk_t object;
708 u_char *pos = asn1_build_object(&object, ASN1_BIT_STRING, 1 + content.len);
709
710 *pos++ = 0x00;
711 memcpy(pos, content.ptr, content.len);
712 if (*mode == 'm')
713 {
714 free(content.ptr);
715 }
716 return object;
717 }
718
719 /**
720 * Build an ASN.1 INTEGER object
721 */
722 chunk_t asn1_integer(const char *mode, chunk_t content)
723 {
724 chunk_t object;
725 size_t len;
726 u_char *pos;
727
728 if (content.len == 0 || (content.len == 1 && *content.ptr == 0x00))
729 {
730 /* a zero ASN.1 integer does not have a value field */
731 len = 0;
732 }
733 else
734 {
735 /* ASN.1 integers must be positive numbers in two's complement */
736 len = content.len + ((*content.ptr & 0x80) ? 1 : 0);
737 }
738 pos = asn1_build_object(&object, ASN1_INTEGER, len);
739 if (len > content.len)
740 {
741 *pos++ = 0x00;
742 }
743 if (len)
744 {
745 memcpy(pos, content.ptr, content.len);
746 }
747 if (*mode == 'm')
748 {
749 free(content.ptr);
750 }
751 return object;
752 }
753
754 /**
755 * Build an ASN.1 object from a variable number of individual chunks.
756 * Depending on the mode, chunks either are moved ('m') or copied ('c').
757 */
758 chunk_t asn1_wrap(asn1_t type, const char *mode, ...)
759 {
760 chunk_t construct;
761 va_list chunks;
762 u_char *pos;
763 int i;
764 int count = strlen(mode);
765
766 /* sum up lengths of individual chunks */
767 va_start(chunks, mode);
768 construct.len = 0;
769 for (i = 0; i < count; i++)
770 {
771 chunk_t ch = va_arg(chunks, chunk_t);
772 construct.len += ch.len;
773 }
774 va_end(chunks);
775
776 /* allocate needed memory for construct */
777 pos = asn1_build_object(&construct, type, construct.len);
778
779 /* copy or move the chunks */
780 va_start(chunks, mode);
781 for (i = 0; i < count; i++)
782 {
783 chunk_t ch = va_arg(chunks, chunk_t);
784
785 memcpy(pos, ch.ptr, ch.len);
786 pos += ch.len;
787
788 if (*mode++ == 'm')
789 {
790 free(ch.ptr);
791 }
792 }
793 va_end(chunks);
794
795 return construct;
796 }
797
798 /**
799 * ASN.1 definition of time
800 */
801 static const asn1Object_t timeObjects[] = {
802 { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */
803 { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */
804 { 0, "generalizeTime", ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */
805 { 0, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
806 { 0, "exit", ASN1_EOC, ASN1_EXIT }
807 };
808 #define TIME_UTC 0
809 #define TIME_GENERALIZED 2
810
811 /**
812 * extracts and converts a UTCTIME or GENERALIZEDTIME object
813 */
814 time_t asn1_parse_time(chunk_t blob, int level0)
815 {
816 asn1_parser_t *parser;
817 chunk_t object;
818 int objectID;
819 time_t utc_time = 0;
820
821 parser= asn1_parser_create(timeObjects, blob);
822 parser->set_top_level(parser, level0);
823
824 while (parser->iterate(parser, &objectID, &object))
825 {
826 if (objectID == TIME_UTC || objectID == TIME_GENERALIZED)
827 {
828 utc_time = asn1_to_time(&object, (objectID == TIME_UTC)
829 ? ASN1_UTCTIME : ASN1_GENERALIZEDTIME);
830 }
831 }
832 parser->destroy(parser);
833 return utc_time;
834 }