static const asn1Object_t algorithmIdentifierObjects[] = {
{ 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
{ 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */
- { 1, "parameters", ASN1_EOC, ASN1_RAW } /* 2 */
+ { 1, "parameters", ASN1_EOC, ASN1_RAW }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
-#define ALGORITHM_ID_ALG 1
-#define ALGORITHM_ID_PARAMETERS 2
-#define ALGORITHM_ID_ROOF 3
+#define ALGORITHM_ID_ALG 1
+#define ALGORITHM_ID_PARAMETERS 2
/*
* Defined in header
int objectID;
int alg = OID_UNKNOWN;
- parser = asn1_parser_create(algorithmIdentifierObjects, ALGORITHM_ID_ROOF,
- blob);
+ parser = asn1_parser_create(algorithmIdentifierObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
* ASN.1 definition of time
*/
static const asn1Object_t timeObjects[] = {
- { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */
- { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */
- { 0, "generalizeTime",ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */
- { 0, "end opt", ASN1_EOC, ASN1_END } /* 3 */
+ { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */
+ { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */
+ { 0, "generalizeTime", ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */
+ { 0, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define TIME_UTC 0
#define TIME_GENERALIZED 2
-#define TIME_ROOF 4
/**
* extracts and converts a UTCTIME or GENERALIZEDTIME object
int objectID;
time_t utc_time = 0;
- parser= asn1_parser_create(timeObjects, TIME_ROOF, blob);
+ parser= asn1_parser_create(timeObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
asn1Object_t const *objects;
/**
- * Total number of syntax definition lines
- */
- int roof;
-
- /**
* Current syntax definition line
*/
int line;
*object = chunk_empty;
+ /* Advance to the next object syntax definition line */
+ obj = this->objects[++(this->line)];
+
/* Terminate if the end of the object syntax definition has been reached */
- if (++(this->line) >= this->roof)
+ if (obj.flags & ASN1_EXIT)
{
return FALSE;
}
- obj = this->objects[this->line];
if (obj.flags & ASN1_END) /* end of loop or option found */
{
/**
* Defined in header.
*/
-asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, int roof, chunk_t blob)
+asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob)
{
private_asn1_parser_t *this = malloc_thing(private_asn1_parser_t);
this->objects = objects;
this->blobs[0] = blob;
this->line = -1;
- this->roof = roof;
this->success = TRUE;
this->public.iterate = (bool (*)(asn1_parser_t*, int*, chunk_t*))iterate;
#define ASN1_OBJ 0x10
#define ASN1_BODY 0x20
#define ASN1_RAW 0x40
+#define ASN1_EXIT 0x80
typedef struct asn1Object_t asn1Object_t;
* Create an ASN.1 parser
*
* @param objects syntax definition of the ASN.1 object to be parsed
- * @param roof number of syntax definition lines
* @param blob ASN.1 coded binary blob
* @return ASN.1 context
*/
-asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, int roof, chunk_t blob);
+asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob);
#endif /* ASN1_PARSER_H_ @}*/
{ 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */
{ 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */
{ 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */
- { 1, "end loop", ASN1_EOC, ASN1_END } /* 25 */
+ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define PKCS7_DIGEST_ALG 3
#define PKCS7_SIGNED_CONTENT_INFO 5
#define PKCS7_AUTH_ATTRIBUTES 19
#define PKCS7_DIGEST_ENC_ALGORITHM 21
#define PKCS7_ENCRYPTED_DIGEST 22
-#define PKCS7_SIGNED_ROOF 26
/**
* Implements pkcs7_t.parse_signedData.
return FALSE;
}
- parser = asn1_parser_create(signedDataObjects, PKCS7_SIGNED_ROOF,
- this->content);
+ parser = asn1_parser_create(signedDataObjects, this->content);
parser->set_top_level(parser, this->level);
while (parser->iterate(parser, &objectID, &object))
{ 1, "encryptedContentInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 11 */
{ 2, "contentType", ASN1_OID, ASN1_BODY }, /* 12 */
{ 2, "contentEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 13 */
- { 2, "encryptedContent", ASN1_CONTEXT_S_0, ASN1_BODY } /* 14 */
+ { 2, "encryptedContent", ASN1_CONTEXT_S_0, ASN1_BODY }, /* 14 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define PKCS7_ENVELOPED_VERSION 1
#define PKCS7_RECIPIENT_INFO_VERSION 4
#define PKCS7_CONTENT_TYPE 12
#define PKCS7_CONTENT_ENC_ALGORITHM 13
#define PKCS7_ENCRYPTED_CONTENT 14
-#define PKCS7_ENVELOPED_ROOF 15
/**
* Parse PKCS#7 envelopedData content
return FALSE;
}
- parser = asn1_parser_create(envelopedDataObjects, PKCS7_ENVELOPED_ROOF,
- this->content);
+ parser = asn1_parser_create(envelopedDataObjects, this->content);
parser->set_top_level(parser, this->level);
while (parser->iterate(parser, &objectID, &object))
* ASN.1 definition of the PKCS#7 ContentInfo type
*/
static const asn1Object_t contentInfoObjects[] = {
- { 0, "contentInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "contentType", ASN1_OID, ASN1_BODY }, /* 1 */
+ { 0, "contentInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "contentType", ASN1_OID, ASN1_BODY }, /* 1 */
{ 1, "content", ASN1_CONTEXT_C_0, ASN1_OPT |
- ASN1_BODY }, /* 2 */
- { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
+ ASN1_BODY }, /* 2 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define PKCS7_INFO_TYPE 1
#define PKCS7_INFO_CONTENT 2
-#define PKCS7_INFO_ROOF 4
/**
* Parse PKCS#7 contentInfo object
int objectID;
bool success = FALSE;
- parser = asn1_parser_create(contentInfoObjects, PKCS7_INFO_TYPE, blob);
+ parser = asn1_parser_create(contentInfoObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
};
-/* ASN.1 definition of the X.501 atttribute type */
-
-static const asn1Object_t attributesObjects[] = {
- { 0, "attributes", ASN1_SET, ASN1_LOOP }, /* 0 */
- { 1, "attribute", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
- { 2, "type", ASN1_OID, ASN1_BODY }, /* 2 */
- { 2, "values", ASN1_SET, ASN1_LOOP }, /* 3 */
- { 3, "value", ASN1_EOC, ASN1_RAW }, /* 4 */
- { 2, "end loop", ASN1_EOC, ASN1_END }, /* 5 */
- { 0, "end loop", ASN1_EOC, ASN1_END }, /* 6 */
-};
-#define ATTRIBUTE_OBJ_TYPE 2
-#define ATTRIBUTE_OBJ_VALUE 4
-#define ATTRIBUTE_OBJ_ROOF 7
-
/**
* PKCS#9 attribute type OIDs
*/
}
/**
+ * ASN.1 definition of the X.501 atttribute type
+ */
+static const asn1Object_t attributesObjects[] = {
+ { 0, "attributes", ASN1_SET, ASN1_LOOP }, /* 0 */
+ { 1, "attribute", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
+ { 2, "type", ASN1_OID, ASN1_BODY }, /* 2 */
+ { 2, "values", ASN1_SET, ASN1_LOOP }, /* 3 */
+ { 3, "value", ASN1_EOC, ASN1_RAW }, /* 4 */
+ { 2, "end loop", ASN1_EOC, ASN1_END }, /* 5 */
+ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 6 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+#define ATTRIBUTE_OBJ_TYPE 2
+#define ATTRIBUTE_OBJ_VALUE 4
+
+/**
* Parse a PKCS#9 attribute list
*/
static bool parse_attributes(chunk_t chunk, int level0, private_pkcs9_t* this)
int oid = OID_UNKNOWN;
bool success = FALSE;
- parser = asn1_parser_create(attributesObjects, ATTRIBUTE_OBJ_ROOF, chunk);
+ parser = asn1_parser_create(attributesObjects, chunk);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
/*
* Copyright (C) 2008 Martin Willi
- * Copyright (C) 2000-2006 Andreas Steffen
+ * Copyright (C) 2000-2008 Andreas Steffen
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
{ 0, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
{ 1, "algorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
{ 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_OBJ }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM 1
#define PKINFO_SUBJECT_PUBLIC_KEY 2
-#define PKINFO_ROOF 3
+
/**
* Load a public key from an ASN1 encoded blob
public_key_t *key = NULL;
key_type_t type = KEY_ANY;
- parser = asn1_parser_create(pkinfoObjects, PKINFO_ROOF, blob);
+ parser = asn1_parser_create(pkinfoObjects, blob);
while (parser->iterate(parser, &objectID, &object))
{
};
/**
- * ASN.1 definition of a PKCS#1 RSA private key
- */
-static const asn1Object_t privkeyObjects[] = {
- { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
- { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */
- { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */
- { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */
- { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */
- { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */
- { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */
- { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */
- { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */
- { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT |
- ASN1_LOOP }, /* 10 */
- { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
- { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */
- { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */
- { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */
- { 1, "end opt or loop", ASN1_EOC, ASN1_END } /* 15 */
-};
-
-#define PRIV_KEY_VERSION 1
-#define PRIV_KEY_MODULUS 2
-#define PRIV_KEY_PUB_EXP 3
-#define PRIV_KEY_PRIV_EXP 4
-#define PRIV_KEY_PRIME1 5
-#define PRIV_KEY_PRIME2 6
-#define PRIV_KEY_EXP1 7
-#define PRIV_KEY_EXP2 8
-#define PRIV_KEY_COEFF 9
-#define PRIV_KEY_ROOF 16
-
-/**
* shared functions, implemented in gmp_rsa_public_key.c
*/
bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, identification_t **keyid,
}
/**
+ * ASN.1 definition of a PKCS#1 RSA private key
+ */
+static const asn1Object_t privkeyObjects[] = {
+ { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */
+ { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */
+ { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */
+ { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */
+ { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */
+ { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */
+ { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */
+ { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */
+ { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT |
+ ASN1_LOOP }, /* 10 */
+ { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
+ { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */
+ { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */
+ { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */
+ { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+#define PRIV_KEY_VERSION 1
+#define PRIV_KEY_MODULUS 2
+#define PRIV_KEY_PUB_EXP 3
+#define PRIV_KEY_PRIV_EXP 4
+#define PRIV_KEY_PRIME1 5
+#define PRIV_KEY_PRIME2 6
+#define PRIV_KEY_EXP1 7
+#define PRIV_KEY_EXP2 8
+#define PRIV_KEY_COEFF 9
+
+/**
* load private key from a ASN1 encoded blob
*/
static gmp_rsa_private_key_t *load(chunk_t blob)
mpz_init(this->exp2);
mpz_init(this->coeff);
- parser = asn1_parser_create(privkeyObjects, PRIV_KEY_ROOF, blob);
+ parser = asn1_parser_create(privkeyObjects, blob);
parser->set_flags(parser, FALSE, TRUE);
while (parser->iterate(parser, &objectID, &object))
{ 0, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
{ 1, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
{ 1, "digest", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define DIGEST_INFO 0
#define DIGEST_INFO_ALGORITHM 1
#define DIGEST_INFO_DIGEST 2
-#define DIGEST_INFO_ROOF 3
/**
* Verification of an EMPSA PKCS1 signature described in PKCS#1
int objectID;
hash_algorithm_t hash_algorithm = HASH_UNKNOWN;
- parser = asn1_parser_create(digestInfoObjects, DIGEST_INFO_ROOF, em);
+ parser = asn1_parser_create(digestInfoObjects, em);
while (parser->iterate(parser, &objectID, &object))
{
* ASN.1 definition of RSApublicKey
*/
static const asn1Object_t pubkeyObjects[] = {
- { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
- { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */
- { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */
+ { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
+ { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define PUB_KEY_RSA_PUBLIC_KEY 0
#define PUB_KEY_MODULUS 1
#define PUB_KEY_EXPONENT 2
-#define PUB_KEY_ROOF 3
/**
* Load a public key from an ASN1 encoded blob
mpz_init(this->n);
mpz_init(this->e);
- parser = asn1_parser_create(pubkeyObjects, PUB_KEY_ROOF, blob);
+ parser = asn1_parser_create(pubkeyObjects, blob);
while (parser->iterate(parser, &objectID, &object))
{
{ 2, "string", ASN1_UTF8STRING, ASN1_OPT |
ASN1_BODY }, /* 8 */
{ 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
- { 1, "end loop", ASN1_EOC, ASN1_END } /* 10 */
+ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define IETF_ATTR_OCTETS 4
#define IETF_ATTR_OID 6
#define IETF_ATTR_STRING 8
-#define IETF_ATTR_ROOF 11
/*
* Described in header.
chunk_t object;
int objectID;
- parser = asn1_parser_create(ietfAttrSyntaxObjects, IETF_ATTR_ROOF, chunk);
+ parser = asn1_parser_create(ietfAttrSyntaxObjects, chunk);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
*/
static const asn1Object_t roleSyntaxObjects[] =
{
- { 0, "roleSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "roleAuthority", ASN1_CONTEXT_C_0, ASN1_OPT |
- ASN1_OBJ }, /* 1 */
- { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
- { 1, "roleName", ASN1_CONTEXT_C_1, ASN1_OBJ } /* 3 */
+ { 0, "roleSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "roleAuthority", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_OBJ }, /* 1 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
+ { 1, "roleName", ASN1_CONTEXT_C_1, ASN1_OBJ }, /* 3 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
-#define ROLE_ROOF 4
/**
* Parses roleSyntax
chunk_t object;
int objectID;
- parser = asn1_parser_create(roleSyntaxObjects, ROLE_ROOF, blob);
+ parser = asn1_parser_create(roleSyntaxObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
{ 4, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 51 */
{ 2, "end loop", ASN1_EOC, ASN1_END }, /* 52 */
{ 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 53 */
- { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 54 */
+ { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 54 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define AC_OBJ_CERTIFICATE_INFO 1
#define AC_OBJ_VERSION 2
#define AC_OBJ_EXTN_VALUE 51
#define AC_OBJ_ALGORITHM 53
#define AC_OBJ_SIGNATURE 54
-#define AC_OBJ_ROOF 55
/**
* Parses an X.509 attribute certificate
bool success = FALSE;
bool critical;
- parser = asn1_parser_create(acObjects, AC_OBJ_ROOF, this->encoding);
+ parser = asn1_parser_create(acObjects, this->encoding);
while (parser->iterate(parser, &objectID, &object))
{
{ 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
{ 1, "CA", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 1 */
{ 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */
- { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define BASIC_CONSTRAINTS_CA 1
-#define BASIC_CONSTRAINTS_ROOF 4
/**
* Extracts the basicConstraints extension
int objectID;
bool isCA = FALSE;
- parser = asn1_parser_create(basicConstraintsObjects, BASIC_CONSTRAINTS_ROOF,
- blob);
+ parser = asn1_parser_create(basicConstraintsObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
* ASN.1 definition of otherName
*/
static const asn1Object_t otherNameObjects[] = {
- {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */
- {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY } /* 1 */
+ {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */
+ {0, "value", ASN1_CONTEXT_C_0, ASN1_BODY }, /* 1 */
+ {0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define ON_OBJ_ID_TYPE 0
#define ON_OBJ_VALUE 1
-#define ON_OBJ_ROOF 2
/**
* Extracts an otherName
int oid = OID_UNKNOWN;
bool success = FALSE;
- parser = asn1_parser_create(otherNameObjects,ON_OBJ_ROOF, blob);
+ parser = asn1_parser_create(otherNameObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
{ 0, "ipAddress", ASN1_CONTEXT_S_7, ASN1_OPT|ASN1_BODY }, /* 14 */
{ 0, "end choice", ASN1_EOC, ASN1_END }, /* 15 */
{ 0, "registeredID", ASN1_CONTEXT_S_8, ASN1_OPT|ASN1_BODY }, /* 16 */
- { 0, "end choice", ASN1_EOC, ASN1_END } /* 17 */
+ { 0, "end choice", ASN1_EOC, ASN1_END }, /* 17 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define GN_OBJ_OTHER_NAME 0
#define GN_OBJ_RFC822_NAME 2
#define GN_OBJ_URI 12
#define GN_OBJ_IP_ADDRESS 14
#define GN_OBJ_REGISTERED_ID 16
-#define GN_OBJ_ROOF 18
/**
* Extracts a generalName
identification_t *gn = NULL;
- parser = asn1_parser_create(generalNameObjects, GN_OBJ_ROOF, blob);
+ parser = asn1_parser_create(generalNameObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
* ASN.1 definition of generalNames
*/
static const asn1Object_t generalNamesObjects[] = {
- { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
- { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */
- { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */
+ { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
+ { 1, "generalName", ASN1_EOC, ASN1_RAW }, /* 1 */
+ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define GENERAL_NAMES_GN 1
-#define GENERAL_NAMES_ROOF 3
/**
* Extracts one or several GNs and puts them into a chained list
chunk_t object;
int objectID;
- parser = asn1_parser_create(generalNamesObjects, GENERAL_NAMES_ROOF, blob);
+ parser = asn1_parser_create(generalNamesObjects, blob);
parser->set_top_level(parser, level0);
parser->set_flags(parser, implicit, FALSE);
parser->destroy(parser);
}
-/**
- * ASN.1 definition of a keyIdentifier
- */
-static const asn1Object_t keyIdentifierObjects[] = {
- { 0, "keyIdentifier", ASN1_OCTET_STRING, ASN1_BODY } /* 0 */
-};
-#define KEY_ID_ROOF 1
-
-/**
- * Extracts a keyIdentifier
- */
-static chunk_t parse_keyIdentifier(chunk_t blob, int level0, bool implicit)
-{
- asn1_parser_t *parser;
- chunk_t object;
- int objectID;
-
- chunk_t keyIdentifier = chunk_empty;
-
- parser = asn1_parser_create(keyIdentifierObjects, KEY_ID_ROOF, blob);
- parser->set_top_level(parser, level0);
- parser->set_flags(parser, implicit, FALSE);
-
- if (parser->iterate(parser, &objectID, &object))
- {
- keyIdentifier = object;
- }
- parser->destroy(parser);
- return keyIdentifier;
-}
-
/**
* ASN.1 definition of a authorityKeyIdentifier extension
*/
static const asn1Object_t authKeyIdentifierObjects[] = {
- { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_OBJ }, /* 1 */
- { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
- { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */
- { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
- { 1, "authorityCertSerialNumber",ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */
- { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */
+ { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_BODY }, /* 1 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
+ { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
+ { 1, "authorityCertSerialNumber", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define AUTH_KEY_ID_KEY_ID 1
#define AUTH_KEY_ID_CERT_ISSUER 3
#define AUTH_KEY_ID_CERT_SERIAL 5
-#define AUTH_KEY_ID_ROOF 7
/**
* Extracts an authoritykeyIdentifier
*authKeySerialNumber = chunk_empty;
- parser = asn1_parser_create(authKeyIdentifierObjects, AUTH_KEY_ID_ROOF,blob);
+ parser = asn1_parser_create(authKeyIdentifierObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
switch (objectID)
{
case AUTH_KEY_ID_KEY_ID:
- {
- chunk_t authKeyID = parse_keyIdentifier(object,
- parser->get_level(parser)+1, TRUE);
-
- if (authKeyID.ptr == NULL)
- {
- goto end;
- }
authKeyIdentifier = identification_create_from_encoding(
- ID_PUBKEY_SHA1, authKeyID);
+ ID_PUBKEY_SHA1, object);
break;
- }
case AUTH_KEY_ID_CERT_ISSUER:
- {
/* TODO: x509_parse_generalNames(object, level+1, TRUE); */
break;
- }
case AUTH_KEY_ID_CERT_SERIAL:
*authKeySerialNumber = object;
break;
break;
}
}
-
-end:
parser->destroy(parser);
return authKeyIdentifier;
}
* ASN.1 definition of a authorityInfoAccess extension
*/
static const asn1Object_t authInfoAccessObjects[] = {
- { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
- { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
- { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */
- { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */
- { 0, "end loop", ASN1_EOC, ASN1_END } /* 4 */
+ { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
+ { 1, "accessDescription", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
+ { 2, "accessMethod", ASN1_OID, ASN1_BODY }, /* 2 */
+ { 2, "accessLocation", ASN1_EOC, ASN1_RAW }, /* 3 */
+ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define AUTH_INFO_ACCESS_METHOD 2
#define AUTH_INFO_ACCESS_LOCATION 3
-#define AUTH_INFO_ACCESS_ROOF 5
/**
* Extracts an authorityInfoAcess location
int objectID;
int accessMethod = OID_UNKNOWN;
- parser = asn1_parser_create(authInfoAccessObjects, AUTH_INFO_ACCESS_ROOF,
- blob);
+ parser = asn1_parser_create(authInfoAccessObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
* ASN.1 definition of a extendedKeyUsage extension
*/
static const asn1Object_t extendedKeyUsageObjects[] = {
- { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
- { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */
- { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
+ { 0, "extendedKeyUsage", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
+ { 1, "keyPurposeID", ASN1_OID, ASN1_BODY }, /* 1 */
+ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define EXT_KEY_USAGE_PURPOSE_ID 1
-#define EXT_KEY_USAGE_ROOF 3
/**
* Extracts extendedKeyUsage OIDs - currently only OCSP_SIGING is returned
int objectID;
bool ocsp_signing = FALSE;
- parser = asn1_parser_create(extendedKeyUsageObjects, EXT_KEY_USAGE_ROOF,
- blob);
+ parser = asn1_parser_create(extendedKeyUsageObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
{ 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */
{ 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */
{ 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define CRL_DIST_POINTS_FULLNAME 3
-#define CRL_DIST_POINTS_ROOF 13
-
/**
* Extracts one or several crlDistributionPoints into a list
int objectID;
linked_list_t *list = linked_list_create();
- parser = asn1_parser_create(crlDistributionPointsObjects,
- CRL_DIST_POINTS_ROOF, blob);
+ parser = asn1_parser_create(crlDistributionPointsObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
{ 3, "end loop", ASN1_EOC, ASN1_END }, /* 24 */
{ 2, "end opt", ASN1_EOC, ASN1_END }, /* 25 */
{ 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 26 */
- { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 27 */
+ { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 27 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define X509_OBJ_TBS_CERTIFICATE 1
#define X509_OBJ_VERSION 3
#define X509_OBJ_EXTN_VALUE 23
#define X509_OBJ_ALGORITHM 26
#define X509_OBJ_SIGNATURE 27
-#define X509_OBJ_ROOF 28
/**
* Parses an X.509v3 certificate
bool success = FALSE;
bool critical;
- parser = asn1_parser_create(certObjects, X509_OBJ_ROOF, this->encoding);
+ parser = asn1_parser_create(certObjects, this->encoding);
while (parser->iterate(parser, &objectID, &object))
{
switch (extn_oid)
{
case OID_SUBJECT_KEY_ID:
- this->subjectKeyID = parse_keyIdentifier(object, level, FALSE);
+ if (!asn1_parse_simple_object(&object, ASN1_OCTET_STRING,
+ level, "keyIdentifier"))
+ {
+ goto end;
+ }
+ this->subjectKeyID = object;
break;
case OID_SUBJECT_ALT_NAME:
- x509_parse_generalNames(object, level, FALSE, this->subjectAltNames);
+ x509_parse_generalNames(object, level, FALSE,
+ this->subjectAltNames);
break;
case OID_BASIC_CONSTRAINTS:
if (parse_basicConstraints(object, level))
{ 3, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
{ 2, "end opt", ASN1_EOC, ASN1_END }, /* 26 */
{ 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 27 */
- { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY } /* 28 */
+ { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 28 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define CRL_OBJ_TBS_CERT_LIST 1
#define CRL_OBJ_VERSION 2
#define CRL_OBJ_EXTN_VALUE 24
#define CRL_OBJ_ALGORITHM 27
#define CRL_OBJ_SIGNATURE 28
-#define CRL_OBJ_ROOF 29
/**
* Parses an X.509 Certificate Revocation List (CRL)
bool critical;
revoked_t *revoked = NULL;
- parser = asn1_parser_create(crlObjects, CRL_OBJ_ROOF, this->encoding);
+ parser = asn1_parser_create(crlObjects, this->encoding);
while (parser->iterate(parser, &objectID, &object))
{
ASN1_DEF }, /* 24 */
{ 4, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 25 */
{ 2, "end loop", ASN1_EOC, ASN1_END }, /* 26 */
- { 1, "end opt", ASN1_EOC, ASN1_END } /* 27 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 27 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define SINGLE_RESPONSE_ALGORITHM 2
#define SINGLE_RESPONSE_ISSUER_NAME_HASH 3
#define SINGLE_RESPONSE_EXT_ID 23
#define SINGLE_RESPONSE_CRITICAL 24
#define SINGLE_RESPONSE_EXT_VALUE 25
-#define SINGLE_RESPONSE_ROOF 28
/**
* Parse a single OCSP response
/* if nextUpdate is missing, we give it a short lifetime */
response->nextUpdate = this->producedAt + OCSP_DEFAULT_LIFETIME;
- parser = asn1_parser_create(singleResponseObjects, SINGLE_RESPONSE_ROOF,
- blob);
+ parser = asn1_parser_create(singleResponseObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
* ASN.1 definition of responses
*/
static const asn1Object_t responsesObjects[] = {
- { 0, "responses", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
- { 1, "singleResponse", ASN1_EOC, ASN1_RAW }, /* 1 */
- { 0, "end loop", ASN1_EOC, ASN1_END } /* 2 */
+ { 0, "responses", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
+ { 1, "singleResponse", ASN1_EOC, ASN1_RAW }, /* 1 */
+ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define RESPONSES_SINGLE_RESPONSE 1
-#define RESPONSES_ROOF 3
/**
* Parse all responses
int objectID;
bool success = FALSE;
- parser = asn1_parser_create(responsesObjects, RESPONSES_ROOF, blob);
+ parser = asn1_parser_create(responsesObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
{ 2, "certs", ASN1_SEQUENCE, ASN1_LOOP }, /* 23 */
{ 3, "certificate", ASN1_SEQUENCE, ASN1_RAW }, /* 24 */
{ 2, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
- { 1, "end opt", ASN1_EOC, ASN1_END } /* 26 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 26 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define BASIC_RESPONSE_TBS_DATA 1
#define BASIC_RESPONSE_VERSION 3
#define BASIC_RESPONSE_ALGORITHM 20
#define BASIC_RESPONSE_SIGNATURE 21
#define BASIC_RESPONSE_CERTIFICATE 24
-#define BASIC_RESPONSE_ROOF 27
/**
* Parse a basicOCSPResponse
bool success = FALSE;
bool critical;
- parser = asn1_parser_create(basicResponseObjects, BASIC_RESPONSE_ROOF, blob);
+ parser = asn1_parser_create(basicResponseObjects, blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
* ASN.1 definition of ocspResponse
*/
static const asn1Object_t ocspResponseObjects[] = {
- { 0, "OCSPResponse", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "responseStatus", ASN1_ENUMERATED, ASN1_BODY }, /* 1 */
- { 1, "responseBytesContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 2 */
- { 2, "responseBytes", ASN1_SEQUENCE, ASN1_NONE }, /* 3 */
- { 3, "responseType", ASN1_OID, ASN1_BODY }, /* 4 */
- { 3, "response", ASN1_OCTET_STRING, ASN1_BODY }, /* 5 */
- { 1, "end opt", ASN1_EOC, ASN1_END } /* 6 */
+ { 0, "OCSPResponse", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "responseStatus", ASN1_ENUMERATED, ASN1_BODY }, /* 1 */
+ { 1, "responseBytesContext", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 2 */
+ { 2, "responseBytes", ASN1_SEQUENCE, ASN1_NONE }, /* 3 */
+ { 3, "responseType", ASN1_OID, ASN1_BODY }, /* 4 */
+ { 3, "response", ASN1_OCTET_STRING, ASN1_BODY }, /* 5 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define OCSP_RESPONSE_STATUS 1
#define OCSP_RESPONSE_TYPE 4
#define OCSP_RESPONSE 5
-#define OCSP_RESPONSE_ROOF 7
/**
* Parse OCSPResponse object
bool success = FALSE;
ocsp_status_t status;
- parser = asn1_parser_create(ocspResponseObjects, OCSP_RESPONSE_ROOF,
- this->encoding);
+ parser = asn1_parser_create(ocspResponseObjects, this->encoding);
while (parser->iterate(parser, &objectID, &object))
{