create algorithmIdentifier dynamically from OID database
authorMartin Willi <martin@strongswan.org>
Thu, 27 Aug 2009 11:14:01 +0000 (13:14 +0200)
committerMartin Willi <martin@strongswan.org>
Thu, 27 Aug 2009 11:59:30 +0000 (13:59 +0200)
12 files changed:
src/libstrongswan/asn1/asn1.c
src/libstrongswan/asn1/asn1.h
src/libstrongswan/crypto/pkcs7.c
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
src/libstrongswan/plugins/x509/x509_ac.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/plugins/x509/x509_ocsp_request.c
src/pluto/ocsp.c
src/pluto/pkcs7.c
src/pluto/x509.c
src/scepclient/pkcs10.c
src/scepclient/scep.c

index ea6702d..c565e14 100644 (file)
@@ -38,151 +38,14 @@ const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str);
 const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str);
 const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str);
 
-/**
- * some popular algorithmIdentifiers
- */
-
-static u_char ASN1_md2_id_str[] = {
-       0x30, 0x0c,
-                 0x06, 0x08,
-                               0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02,
-                 0x05,0x00,
-};
-
-static u_char ASN1_md5_id_str[] = {
-       0x30, 0x0C,
-                 0x06, 0x08,
-                               0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
-                 0x05, 0x00
-};
-
-static u_char ASN1_sha1_id_str[] = {
-       0x30, 0x09,
-                 0x06, 0x05,
-                               0x2B, 0x0E,0x03, 0x02, 0x1A,
-                 0x05, 0x00
-};
-
-static u_char ASN1_sha256_id_str[] = {
-       0x30, 0x0d,
-                 0x06, 0x09,
-                               0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
-                 0x05, 0x00
-};
-
-static u_char ASN1_sha384_id_str[] = {
-       0x30, 0x0d,
-                 0x06, 0x09,
-                               0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
-                 0x05, 0x00
-};
-
-static u_char ASN1_sha512_id_str[] = {
-       0x30, 0x0d,
-                 0x06, 0x09,
-                               0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
-                 0x05,0x00
-};
-
-static u_char ASN1_md2WithRSA_id_str[] = {
-       0x30, 0x0D,
-                 0x06, 0x09,
-                               0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02,
-                 0x05, 0x00
-};
-
-static u_char ASN1_md5WithRSA_id_str[] = {
-       0x30, 0x0D,
-                 0x06, 0x09,
-                               0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04,
-                 0x05, 0x00
-};
-
-static u_char ASN1_sha1WithRSA_id_str[] = {
-       0x30, 0x0D,
-                 0x06, 0x09,
-                               0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
-                 0x05, 0x00
-};
-
-static u_char ASN1_sha256WithRSA_id_str[] = {
-       0x30, 0x0D,
-                 0x06, 0x09,
-                               0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
-                 0x05, 0x00
-};
-
-static u_char ASN1_sha384WithRSA_id_str[] = {
-       0x30, 0x0D,
-                 0x06, 0x09,
-                               0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C,
-                 0x05, 0x00
-};
-
-static u_char ASN1_sha512WithRSA_id_str[] = {
-       0x30, 0x0D,
-                 0x06, 0x09,
-                               0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D,
-                 0x05, 0x00
-};
-
-static u_char ASN1_rsaEncryption_id_str[] = {
-       0x30, 0x0D,
-                 0x06, 0x09,
-                               0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
-                 0x05, 0x00
-};
-
-static const chunk_t ASN1_md2_id    = chunk_from_buf(ASN1_md2_id_str);
-static const chunk_t ASN1_md5_id    = chunk_from_buf(ASN1_md5_id_str);
-static const chunk_t ASN1_sha1_id   = chunk_from_buf(ASN1_sha1_id_str);
-static const chunk_t ASN1_sha256_id = chunk_from_buf(ASN1_sha256_id_str);
-static const chunk_t ASN1_sha384_id = chunk_from_buf(ASN1_sha384_id_str);
-static const chunk_t ASN1_sha512_id = chunk_from_buf(ASN1_sha512_id_str);
-static const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str);
-static const chunk_t ASN1_md2WithRSA_id = chunk_from_buf(ASN1_md2WithRSA_id_str);
-static const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str);
-static const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str);
-static const chunk_t ASN1_sha256WithRSA_id = chunk_from_buf(ASN1_sha256WithRSA_id_str);
-static const chunk_t ASN1_sha384WithRSA_id = chunk_from_buf(ASN1_sha384WithRSA_id_str);
-static const chunk_t ASN1_sha512WithRSA_id = chunk_from_buf(ASN1_sha512WithRSA_id_str);
-
 /*
  * Defined in header.
  */
 chunk_t asn1_algorithmIdentifier(int oid)
 {
-       switch (oid)
-       {
-               case OID_RSA_ENCRYPTION:
-                       return ASN1_rsaEncryption_id;
-               case OID_MD2_WITH_RSA:
-                       return ASN1_md2WithRSA_id;
-               case OID_MD5_WITH_RSA:
-                       return ASN1_md5WithRSA_id;
-               case OID_SHA1_WITH_RSA:
-                       return ASN1_sha1WithRSA_id;
-               case OID_SHA256_WITH_RSA:
-                       return ASN1_sha256WithRSA_id;
-               case OID_SHA384_WITH_RSA:
-                       return ASN1_sha384WithRSA_id;
-               case OID_SHA512_WITH_RSA:
-                       return ASN1_sha512WithRSA_id;
-               case OID_MD2:
-                       return ASN1_md2_id;
-               case OID_MD5:
-                       return ASN1_md5_id;
-               case OID_SHA1:
-                       return ASN1_sha1_id;
-               case OID_SHA256:
-                       return ASN1_sha256_id;
-               case OID_SHA384:
-                       return ASN1_sha384_id;
-               case OID_SHA512:
-                       return ASN1_sha512_id;
-               default:
-                       return chunk_empty;
-       }
+       return asn1_wrap(ASN1_SEQUENCE, "mm",
+                                       asn1_build_known_oid(oid),
+                                       asn1_wrap(ASN1_NULL, ""));
 }
 
 /*
index 6ed9bf4..6552401 100644 (file)
@@ -92,10 +92,10 @@ extern const chunk_t ASN1_INTEGER_2;
 /** Some ASN.1 analysis functions */
 
 /**
- * Returns some popular algorithmIdentifiers
+ * Build an algorithmIdentifier from a known OID.
  *
  * @param oid          known OID index
- * @return                     body of the corresponding OID
+ * @return                     body of the corresponding OID, allocated
  */
 chunk_t asn1_algorithmIdentifier(int oid);
 
index 7da1ca9..e0ea9a3 100644 (file)
@@ -828,7 +828,7 @@ bool build_envelopedData(private_pkcs7_t *this, x509_t *cert,
 
                encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m", wrappedKey);
 
-               recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm",
+               recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmmm",
                                        ASN1_INTEGER_0,
                                        pkcs7_build_issuerAndSerialNumber(cert),
                                        asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
@@ -910,7 +910,7 @@ bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key,
                encryptedDigest = asn1_wrap(ASN1_OCTET_STRING, "m", encryptedDigest);
        }
 
-       signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm",
+       signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmmmmm",
                                        ASN1_INTEGER_1,
                                        pkcs7_build_issuerAndSerialNumber(cert),
                                        asn1_algorithmIdentifier(signature_oid),
@@ -931,7 +931,7 @@ bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key,
 
        this->content = asn1_wrap(ASN1_SEQUENCE, "cmcmm",
                        ASN1_INTEGER_1,
-                       asn1_simple_object(ASN1_SET, asn1_algorithmIdentifier(signature_oid)),
+                       asn1_wrap(ASN1_SET, "m", asn1_algorithmIdentifier(signature_oid)),
                        this->data,
                        asn1_simple_object(ASN1_CONTEXT_C_0, cert->get_certificate(cert)),
                        asn1_wrap(ASN1_SET, "m", signerInfo));
index 5cea55c..f3192b8 100644 (file)
@@ -232,7 +232,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
                hasher->destroy(hasher);
        
                /* build DER-encoded digestInfo */
-               digestInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+               digestInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
                                                asn1_algorithmIdentifier(hash_oid),
                                                asn1_simple_object(ASN1_OCTET_STRING, hash)
                                          );
index ab88c23..1dfe1b8 100644 (file)
@@ -616,7 +616,7 @@ static chunk_t build_extensions(private_x509_ac_t *this)
  */
 static chunk_t build_attr_cert_info(private_x509_ac_t *this)
 {
-       return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm",
+       return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmm",
                                ASN1_INTEGER_1,
                                build_holder(this),
                                build_v2_form(this),
@@ -641,7 +641,7 @@ static chunk_t build_ac(private_x509_ac_t *this)
        this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1,
                                                  attributeCertificateInfo, &signatureValue);
 
-       return asn1_wrap(ASN1_SEQUENCE, "mcm",
+       return asn1_wrap(ASN1_SEQUENCE, "mmm",
                                attributeCertificateInfo,
                                asn1_algorithmIdentifier(OID_SHA1_WITH_RSA),
                                asn1_bitstring("m", signatureValue));
index 81a2b33..a897048 100644 (file)
@@ -1259,7 +1259,7 @@ static bool generate(private_builder_t *this)
                        {
                                return FALSE;
                        }
-                       key_info = asn1_wrap(ASN1_SEQUENCE, "cm",
+                       key_info = asn1_wrap(ASN1_SEQUENCE, "mm",
                                                        asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
                                                        asn1_bitstring("m", key));
                        break;
@@ -1272,7 +1272,7 @@ static bool generate(private_builder_t *this)
                /* TODO: encode subjectAltNames */
        }
        
-       this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmccmcmm", 
+       this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm", 
                asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2),
                asn1_integer("c", this->cert->serialNumber),
                asn1_algorithmIdentifier(this->cert->algorithm),
@@ -1288,7 +1288,7 @@ static bool generate(private_builder_t *this)
        {
                return FALSE;
        }
-       this->cert->encoding = asn1_wrap(ASN1_SEQUENCE, "ccm",
+       this->cert->encoding = asn1_wrap(ASN1_SEQUENCE, "cmm",
                                                                this->cert->tbsCertificate,
                                                                asn1_algorithmIdentifier(this->cert->algorithm),
                                                                asn1_bitstring("c", this->cert->signature));
index 5892e2b..f65fa6d 100644 (file)
@@ -133,7 +133,7 @@ static chunk_t build_Request(private_x509_ocsp_request_t *this,
                                                         chunk_t serialNumber)
 {
        return asn1_wrap(ASN1_SEQUENCE, "m",
-                               asn1_wrap(ASN1_SEQUENCE, "cmmm",
+                               asn1_wrap(ASN1_SEQUENCE, "mmmm",
                                        asn1_algorithmIdentifier(OID_SHA1),
                                        asn1_simple_object(ASN1_OCTET_STRING, issuerNameHash),
                                        asn1_simple_object(ASN1_OCTET_STRING, issuerKeyHash),
index 8e428a7..bb9242b 100644 (file)
@@ -762,7 +762,7 @@ static chunk_t sc_build_sha1_signature(chunk_t tbs, smartcard_t *sc)
        /* according to PKCS#1 v2.1 digest must be packaged into
         * an ASN.1 structure for encryption
         */
-       digest_info = asn1_wrap(ASN1_SEQUENCE, "cm"
+       digest_info = asn1_wrap(ASN1_SEQUENCE, "mm"
                , asn1_algorithmIdentifier(OID_SHA1)
                , asn1_simple_object(ASN1_OCTET_STRING, digest));
 
@@ -811,7 +811,7 @@ static chunk_t build_signature(chunk_t tbsRequest)
 
        /* build signature comprising algorithm, signature and cert */
        return asn1_wrap(ASN1_CONTEXT_C_0, "m"
-                               , asn1_wrap(ASN1_SEQUENCE, "cmm"
+                               , asn1_wrap(ASN1_SEQUENCE, "mmm"
                                        , asn1_algorithmIdentifier(OID_SHA1_WITH_RSA)
                                        , sigdata
                                        , certs
@@ -825,7 +825,7 @@ static chunk_t build_signature(chunk_t tbsRequest)
  */
 static chunk_t build_request(ocsp_location_t *location, ocsp_certinfo_t *certinfo)
 {
-       chunk_t reqCert = asn1_wrap(ASN1_SEQUENCE, "cmmm"
+       chunk_t reqCert = asn1_wrap(ASN1_SEQUENCE, "mmmm"
                                , asn1_algorithmIdentifier(OID_SHA1)
                                , asn1_simple_object(ASN1_OCTET_STRING, location->authNameID)
                                , asn1_simple_object(ASN1_OCTET_STRING, location->authKeyID)
index 7248b04..9b13c23 100644 (file)
@@ -673,8 +673,6 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
        contentInfo_t pkcs7Data, signedData;
        chunk_t authenticatedAttributes, encryptedDigest, signerInfo, cInfo;
 
-       chunk_t digestAlgorithm = asn1_algorithmIdentifier(digest_alg);
-
        if (attributes.ptr != NULL)
        {
                encryptedDigest = x509_build_signature(attributes, digest_alg, key,
@@ -689,10 +687,10 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
                authenticatedAttributes = chunk_empty;
        }
 
-       signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm"
+       signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmmmmm"
                                , ASN1_INTEGER_1
                                , pkcs7_build_issuerAndSerialNumber(cert)
-                               , digestAlgorithm
+                               , asn1_algorithmIdentifier(digest_alg)
                                , authenticatedAttributes
                                , asn1_algorithmIdentifier(OID_RSA_ENCRYPTION)
                                , encryptedDigest);
@@ -704,7 +702,7 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
        signedData.type = OID_PKCS7_SIGNED_DATA;
        signedData.content = asn1_wrap(ASN1_SEQUENCE, "cmmmm"
                                , ASN1_INTEGER_1
-                               , asn1_simple_object(ASN1_SET, digestAlgorithm)
+                               , asn1_wrap(ASN1_SET, "m", asn1_algorithmIdentifier(digest_alg))
                                , pkcs7_build_contentInfo(&pkcs7Data)
                                , asn1_simple_object(ASN1_CONTEXT_C_0, cert->certificate)
                                , asn1_wrap(ASN1_SET, "m", signerInfo));
@@ -792,7 +790,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int enc_
                chunk_t encryptedKey = asn1_wrap(ASN1_OCTET_STRING, "m"
                                        , protectedKey);
 
-               chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm"
+               chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmmm"
                                        , ASN1_INTEGER_0
                                        , pkcs7_build_issuerAndSerialNumber(cert)
                                        , asn1_algorithmIdentifier(OID_RSA_ENCRYPTION)
index 889c22e..0080add 100644 (file)
@@ -1126,7 +1126,7 @@ static chunk_t build_tbs_x509cert(x509cert_t *cert, public_key_t *rsa)
 
        rsa->get_encoding(rsa, KEY_PUB_ASN1_DER, &key);
 
-       chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+       chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
                                                        asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), 
                                                        asn1_bitstring("m", key));
 
@@ -1137,7 +1137,7 @@ static chunk_t build_tbs_x509cert(x509cert_t *cert, public_key_t *rsa)
                                , build_subjectAltNames(cert->subjectAltName)));
        }
 
-       return asn1_wrap(ASN1_SEQUENCE, "mmccmcmm"
+       return asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm"
                                , version
                                , asn1_integer("c", cert->serialNumber)
                                , asn1_algorithmIdentifier(cert->sigAlg)
@@ -1163,7 +1163,7 @@ void build_x509cert(x509cert_t *cert, public_key_t *cert_key,
        chunk_t signature = x509_build_signature(tbs_cert, cert->sigAlg
                                                                , signer_key, TRUE);
 
-       cert->certificate = asn1_wrap(ASN1_SEQUENCE, "mcm"
+       cert->certificate = asn1_wrap(ASN1_SEQUENCE, "mmm"
                                                                , tbs_cert
                                                                , asn1_algorithmIdentifier(cert->sigAlg)
                                                                , signature);
index b0de006..ca0e808 100644 (file)
@@ -161,7 +161,7 @@ pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg)
        
        pkcs10->public_key->get_encoding(pkcs10->public_key, KEY_PUB_ASN1_DER, &key);
        
-       chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+       chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
                                                        asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), 
                                                        asn1_bitstring("m", key));
 
@@ -174,7 +174,7 @@ pkcs10_build_request(pkcs10_t *pkcs10, int signature_alg)
        chunk_t signature = x509_build_signature(cert_req_info, signature_alg,
                                                                                         pkcs10->private_key, TRUE);
 
-       return asn1_wrap(ASN1_SEQUENCE, "mcm",
+       return asn1_wrap(ASN1_SEQUENCE, "mmm",
                                cert_req_info,
                                asn1_algorithmIdentifier(signature_alg),
                                signature);
index f3e978f..bf2532c 100644 (file)
@@ -294,7 +294,7 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
        
        key->get_encoding(key, KEY_PUB_ASN1_DER, &keyEncoding);
        
-       keyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+       keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
                                                asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), 
                                                asn1_bitstring("m", keyEncoding));