diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-10-08 12:35:36 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2009-10-08 12:35:36 +0200 |
commit | 88212ee6e73d9712f16a226b89403ef4166532c6 (patch) | |
tree | b89157114d0e49a762281ea85bcee6fc877d3d4f | |
parent | 0354d5703d87da94f08865fed8bb95a23893775f (diff) | |
download | strongswan-88212ee6e73d9712f16a226b89403ef4166532c6.tar.bz2 strongswan-88212ee6e73d9712f16a226b89403ef4166532c6.tar.xz |
use of asn1_build_known_oid()
-rw-r--r-- | src/pluto/pkcs7.c | 115 |
1 files changed, 29 insertions, 86 deletions
diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c index 7ff51a5a4..0f392f135 100644 --- a/src/pluto/pkcs7.c +++ b/src/pluto/pkcs7.c @@ -131,38 +131,6 @@ static const asn1Object_t envelopedDataObjects[] = { #define PKCS7_ENVELOPED_ROOF 15 /** - * PKCS7 contentInfo OIDs - */ -static chunk_t ASN1_pkcs7_data_oid = chunk_from_chars( - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 -); -static chunk_t ASN1_pkcs7_signed_data_oid = chunk_from_chars( - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 -); -static chunk_t ASN1_pkcs7_enveloped_data_oid = chunk_from_chars( - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03 -); -static chunk_t ASN1_pkcs7_signed_enveloped_data_oid = chunk_from_chars( - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x04 -); -static chunk_t ASN1_pkcs7_digested_data_oid = chunk_from_chars( - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06 -); -static chunk_t ASN1_pkcs7_encrypted_data_oid = chunk_from_chars( - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05 -); - -/** - * PKCS#7 attribute type OIDs - */ -static chunk_t ASN1_contentType_oid = chunk_from_chars( - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03 -); -static chunk_t ASN1_messageDigest_oid = chunk_from_chars( - 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04 -); - -/** * Parse PKCS#7 ContentInfo object */ bool pkcs7_parse_contentInfo(chunk_t blob, u_int level0, contentInfo_t *cInfo) @@ -205,7 +173,6 @@ end: bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert, chunk_t *attributes, certificate_t *cacert) { - u_char buf[BUF_LEN]; asn1_parser_t *parser; chunk_t object; int digest_alg = OID_UNKNOWN; @@ -281,9 +248,13 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert DBG2(" v%d", version); break; case PKCS7_SIGNED_ISSUER: - dntoa(buf, BUF_LEN, object); - DBG2(" '%s'",buf); - break; + { + identification_t *issuer = identification_create_from_encoding( + ID_DER_ASN1_DN, object); + DBG2(" \"%Y\"", issuer); + issuer->destroy(issuer); + break; + } case PKCS7_AUTH_ATTRIBUTES: if (attributes != NULL) { @@ -377,7 +348,6 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, crypter_t *crypter = NULL; - u_char buf[BUF_LEN]; int enc_alg = OID_UNKNOWN; int content_enc_alg = OID_UNKNOWN; int version; @@ -425,9 +395,13 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, } break; case PKCS7_ISSUER: - dntoa(buf, BUF_LEN, object); - DBG2(" '%s'", buf); - break; + { + identification_t *issuer = identification_create_from_encoding( + ID_DER_ASN1_DN, object); + DBG2(" \"%Y\"", issuer); + issuer->destroy(issuer); + break; + } case PKCS7_SERIAL_NUMBER: if (!chunk_equals(serialNumber, object)) { @@ -561,9 +535,10 @@ failed: */ chunk_t pkcs7_contentType_attribute(void) { - return asn1_wrap(ASN1_SEQUENCE, "cm" - , ASN1_contentType_oid - , asn1_simple_object(ASN1_SET, ASN1_pkcs7_data_oid)); + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_PKCS9_CONTENT_TYPE), + asn1_wrap(ASN1_SET, "m", + asn1_build_known_oid(OID_PKCS7_DATA))); } /** @@ -586,12 +561,10 @@ chunk_t pkcs7_messageDigest_attribute(chunk_t content, int digest_alg) hasher->allocate_hash(hasher, content, &digest); hasher->destroy(hasher); - return asn1_wrap(ASN1_SEQUENCE, "cm", - ASN1_messageDigest_oid, - asn1_wrap(ASN1_SET, "m", - asn1_wrap(ASN1_OCTET_STRING, "m", digest) - ) - ); + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_PKCS9_MESSAGE_DIGEST), + asn1_wrap(ASN1_SET, "m", + asn1_wrap(ASN1_OCTET_STRING, "m", digest))); } /** @@ -599,41 +572,11 @@ chunk_t pkcs7_messageDigest_attribute(chunk_t content, int digest_alg) */ static chunk_t pkcs7_build_contentInfo(contentInfo_t *cInfo) { - chunk_t content_type; - - /* select DER-encoded OID for pkcs7 contentInfo type */ - switch(cInfo->type) - { - case OID_PKCS7_DATA: - content_type = ASN1_pkcs7_data_oid; - break; - case OID_PKCS7_SIGNED_DATA: - content_type = ASN1_pkcs7_signed_data_oid; - break; - case OID_PKCS7_ENVELOPED_DATA: - content_type = ASN1_pkcs7_enveloped_data_oid; - break; - case OID_PKCS7_SIGNED_ENVELOPED_DATA: - content_type = ASN1_pkcs7_signed_enveloped_data_oid; - break; - case OID_PKCS7_DIGESTED_DATA: - content_type = ASN1_pkcs7_digested_data_oid; - break; - case OID_PKCS7_ENCRYPTED_DATA: - content_type = ASN1_pkcs7_encrypted_data_oid; - break; - case OID_UNKNOWN: - default: - DBG1("invalid pkcs7 contentInfo type"); - return chunk_empty; - } - - return (cInfo->content.ptr == NULL) - ? asn1_simple_object(ASN1_SEQUENCE, content_type) - : asn1_wrap(ASN1_SEQUENCE, "cm" - , content_type - , asn1_simple_object(ASN1_CONTEXT_C_0, cInfo->content) - ); + return (cInfo->content.ptr) ? + asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(cInfo->type), + asn1_simple_object(ASN1_CONTEXT_C_0, cInfo->content)) : + asn1_build_known_oid(cInfo->type); } /** @@ -783,8 +726,8 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg , asn1_build_known_oid(enc_alg) , asn1_simple_object(ASN1_OCTET_STRING, iv)); - chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "cmm" - , ASN1_pkcs7_data_oid + chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "mmm" + , asn1_build_known_oid(OID_PKCS7_DATA) , contentEncryptionAlgorithm , asn1_wrap(ASN1_CONTEXT_S_0, "m", out)); |