4 files changed, 449 insertions, 88 deletions
diff --git a/Source/charon/asn1/asn1.c b/Source/charon/asn1/asn1.c
index cbd030bb5..01952386c 100644
--- a/Source/charon/asn1/asn1.c
+++ b/Source/charon/asn1/asn1.c
@@ -1,21 +1,33 @@
+/**
+ * @file asn1.c
+ *
+ * @brief String mappings for asn1.h
+ *
+ */
 
-
-
-
-
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
 
 #include "asn1.h"
 
-
-
-
-
 mapping_t asn1_type_m[] = {
 	{ASN1_END, "ASN1_END"},
 	{ASN1_BOOLEAN, "ASN1_BOOLEAN"},
 	{ASN1_INTEGER, "ASN1_INTEGER"},
-	{ASN1_BIT_STRING, "ASN1_BIT_STRING"},
-	{ASN1_OCTET_STRING, "ASN1_OCTET_STRING"},
+	{ASN1_BITSTRING, "ASN1_BITSTRING"},
+	{ASN1_OCTETSTRING, "ASN1_OCTETSTRING"},
 	{ASN1_NULL, "ASN1_NULL"},
 	{ASN1_OID, "ASN1_OID"},
 	{ASN1_ENUMERATED, "ASN1_ENUMERATED"},
@@ -43,6 +55,7 @@ mapping_t asn1_type_m[] = {
 	{ASN1_TAG_E_5, "ASN1_TAG_E_5"},
 	{ASN1_TAG_E_6, "ASN1_TAG_E_6"},
 	{ASN1_TAG_E_7, "ASN1_TAG_E_7"},
+	{ASN1_TAG_I_0, "ASN1_TAG_I_0"},
 	{ASN1_TAG_I_1, "ASN1_TAG_I_1"},
 	{ASN1_TAG_I_2, "ASN1_TAG_I_2"},
 	{ASN1_TAG_I_3, "ASN1_TAG_I_3"},
@@ -50,6 +63,7 @@ mapping_t asn1_type_m[] = {
 	{ASN1_TAG_I_5, "ASN1_TAG_I_5"},
 	{ASN1_TAG_I_6, "ASN1_TAG_I_6"},
 	{ASN1_TAG_I_7, "ASN1_TAG_I_7"},
+	{ASN1_CHOICE, "ASN1_CHOICE"},
 };
 
 mapping_t asn1_flag_m[] = {
diff --git a/Source/charon/asn1/asn1.h b/Source/charon/asn1/asn1.h
index a828034ee..894f048d2 100644
--- a/Source/charon/asn1/asn1.h
+++ b/Source/charon/asn1/asn1.h
@@ -1,7 +1,7 @@
 /**
  * @file asn1.h
  *
- * @brief Definition of asn1_type_t and asn1_rule_t.
+ * @brief Definition of asn1_rule_t and other ASN1 stuff.
  *
  */
 
@@ -27,12 +27,20 @@
 
 typedef enum asn1_type_t asn1_type_t;
 
+/**
+ * @brief Real and some special ASN1 types.
+ * 
+ * @ingroup asn1
+ */
 enum asn1_type_t {
+	/**
+	 * End of a sequence, set, choice
+	 */
 	ASN1_END = 0x00,
 	ASN1_BOOLEAN = 0x01,
 	ASN1_INTEGER = 0x02,
-	ASN1_BIT_STRING = 0x03,
-	ASN1_OCTET_STRING = 0x04,
+	ASN1_BITSTRING = 0x03,
+	ASN1_OCTETSTRING = 0x04,
 	ASN1_NULL = 0x05,
 	ASN1_OID = 0x06,
 	ASN1_ENUMERATED = 0x0A,
@@ -52,6 +60,9 @@ enum asn1_type_t {
 	ASN1_CONSTRUCTED = 0x20,
 	ASN1_SEQUENCE = 0x30,
 	ASN1_SET = 0x31,
+	/**
+	 * EXCPLICIT tags 
+	 */
 	ASN1_TAG_E_0 = 0xA0,
 	ASN1_TAG_E_1 = 0xA1,
 	ASN1_TAG_E_2 = 0xA2,
@@ -60,6 +71,10 @@ enum asn1_type_t {
 	ASN1_TAG_E_5 = 0xA5,
 	ASN1_TAG_E_6 = 0xA6,
 	ASN1_TAG_E_7 = 0xA7,
+	/**
+	 * IMPLICIT tags 
+	 */
+	ASN1_TAG_I_0 = 0x80,
 	ASN1_TAG_I_1 = 0x81,
 	ASN1_TAG_I_2 = 0x82,
 	ASN1_TAG_I_3 = 0x83,
@@ -67,24 +82,70 @@ enum asn1_type_t {
 	ASN1_TAG_I_5 = 0x85,
 	ASN1_TAG_I_6 = 0x86,
 	ASN1_TAG_I_7 = 0x87,
+	/**
+	 * Begin of a choice
+	 */
+	ASN1_CHOICE = 0xFE,
+	/**
+	 * ANY type
+	 */
+	ASN1_ANY = 0xFF,
 };
 
+/**
+ * String mappings for asn1_type_t
+ */
 extern mapping_t asn1_type_m[];
 
+
 typedef enum asn1_flag_t asn1_flag_t;
 
+/**
+ * @brief Flags used to build ASN1 rules.
+ * 
+ * @ingroup asn1
+ */
 enum asn1_flag_t {
+	/**
+	 * Field is optional
+	 */
 	ASN1_OPTIONAL = 0x01,
+	/**
+	 * Field has a default value and is therefore optional
+	 */
 	ASN1_DEFAULT = 0x02,
+	/**
+	 * Convert this INTEGER to an mpz_t
+	 */
 	ASN1_MPZ = 0x04,
+	/**
+	 * SEQUENCE or SET OF
+	 */
 	ASN1_OF = 0x08,
+	/**
+	 * Parse this Sequence in a RAW chunk too.
+	 * Used for crypto calculations...
+	 */
+	ASN1_RAW = 0x10,
 };
 
+/**
+ * String mappings for asn1_flag_t
+ */
 extern mapping_t asn1_flag_m[];
 
 
 typedef struct asn1_rule_t asn1_rule_t;
 
+/**
+ * @brief Single rule of a complet ruleset.
+ * 
+ * This rule containing a type, flags and additional
+ * data allow modellation of complex ASN1 structures and
+ * allow their en- and decoding...
+ * 
+ * @ingroup asn1
+ */
 struct asn1_rule_t {
 	/** 
 	 * ASN1 type 
@@ -98,18 +159,13 @@ struct asn1_rule_t {
 	 * offset of data in structure 
 	 */
 	u_int data_offset;
-// 	union {
-		/** 
-		 * offset to a boolean, which says if optional 
-		 * data is available at data_offset. Used if
-		 * flags & ASN1_OPTIONAL.
-		 */
-// 		u_int available_offset;
-		/**
-		 * default value, used if flags & ASN1_DEFAULT
-		 */
-		u_int default_value;
-// 	};
+	/**
+	 * offset to a boolean, which says if optional 
+	 * data is available at data_offset. Used if
+	 * flags & ASN1_OPTIONAL.
+	 * default value, used if flags & ASN1_DEFAULT
+	 */
+	u_int additional;
 };
 
 
diff --git a/Source/charon/asn1/der_decoder.c b/Source/charon/asn1/der_decoder.c
index 59ea4b077..91521b96a 100644
--- a/Source/charon/asn1/der_decoder.c
+++ b/Source/charon/asn1/der_decoder.c
@@ -5,9 +5,12 @@
  */
 
 /*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Copyright (C) 2000-2004 Andreas Steffen
+ * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
+ * Some parts taken over from pluto/asn1.c
+ *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
  * Free Software Foundation; either version 2 of the License, or (at your
@@ -39,56 +42,269 @@ struct private_der_decoder_t {
 	 */
 	der_decoder_t public;
 	
+	/**
+	 * Rule which was just processed
+	 */
 	asn1_rule_t *rule;
 	
+	/**
+	 * First rule of the hole ruleset
+	 */
 	asn1_rule_t *first_rule;
 	
+	/**
+	 * Output data struct
+	 */
 	void *output;
 	
+	/**
+	 * Complex things like this need a logger ;-)
+	 */
 	logger_t *logger;
 };
 
 status_t read_hdr(private_der_decoder_t *this, chunk_t *data);
 
+/**
+ * Read a sequence from data, parse its contents recursivly
+ */
 status_t read_sequence(private_der_decoder_t *this, chunk_t data)
 {
-	while (this->rule->type != ASN1_END)
+	status_t status;
+	asn1_rule_t *next_rule;
+	
+	while(TRUE)
 	{
-		read_hdr(this, &data);
+		next_rule = this->rule + 1;
+		if (next_rule->type == ASN1_END)
+		{
+			this->rule++;
+			break;
+		}
+		status = read_hdr(this, &data);
+		if (status != SUCCESS)
+		{
+			return status;
+		}
 	}
+	
+	this->logger->log(this->logger, CONTROL|LEVEL2, "Sequence end");
 	return SUCCESS;
 }
 
+/**
+ * Read choice of data, parse if one of the choosable types arise
+ */
+status_t read_choice(private_der_decoder_t *this, chunk_t *data)
+{
+	status_t status = PARSE_ERROR;
+	asn1_rule_t *next_rule;
+	bool found = FALSE;
+	
+	this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "Choice data", *data);
+	
+	while(TRUE)
+	{
+		next_rule = this->rule + 1;
+		if (next_rule->type == ASN1_END)
+		{
+			this->rule++;
+			return status;
+		}
+		if (!found && *(data->ptr) == next_rule->type)
+		{
+			found = TRUE;
+			status = read_hdr(this, data);
+		}
+		else
+		{
+			this->rule++;
+		}
+	}
+	this->logger->log(this->logger, CONTROL|LEVEL2, "Choice end");
+	return status;
+}
 
+/**
+ * Read a utc or generalized time
+ */
+status_t read_time(private_der_decoder_t *this, chunk_t data)
+{
+	struct tm t;
+	time_t tz_offset;
+	u_char *eot = NULL;
+	const char* format;
+	time_t *result = (time_t*)((u_int8_t*)this->output + this->rule->data_offset);
+	
+	/* TODO: Test it */
+	this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "TIME", data);
+	
+	if ((eot = memchr(data.ptr, 'Z', data.len)) != NULL)
+	{
+		/* Zulu time with a zero time zone offset */
+		tz_offset = 0;
+	}
+	else if ((eot = memchr(data.ptr, '+', data.len)) != NULL)
+	{
+		int tz_hour, tz_min;
+		
+		sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+		/* positive time zone offset */
+		tz_offset = 3600*tz_hour + 60*tz_min;
+	}
+	else if ((eot = memchr(data.ptr, '-', data.len)) != NULL)
+	{
+		int tz_hour, tz_min;
+		
+		sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+		/* negative time zone offset */
+		tz_offset = -3600*tz_hour - 60*tz_min;
+	}
+	else
+	{
+		/* error in time format */
+		return PARSE_ERROR; 
+	}
+
+	if (this->rule->type == ASN1_UTCTIME)
+	{
+		format = "%2d%2d%2d%2d%2d";
+	}
+	else
+	{
+		format = "%4d%2d%2d%2d%2d";
+	}
+	
+	sscanf(data.ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min);
+	
+	/* is there a seconds field? */
+	if ((eot - data.ptr) == ((this->rule->type == ASN1_UTCTIME)?12:14))
+	{
+		sscanf(eot-2, "%2d", &t.tm_sec);
+	}
+	else
+	{
+		t.tm_sec = 0;
+	}
+
+	/* representation of year */
+	if (t.tm_year >= 1900)
+	{
+		t.tm_year -= 1900;
+	}
+	else if (t.tm_year >= 100)
+	{
+		return PARSE_ERROR;
+	}
+	else if (t.tm_year < 50)
+	{
+		t.tm_year += 100;
+	}
+
+	/* representation of month 0..11*/
+	t.tm_mon--;
+
+	/* set daylight saving time to off */
+	t.tm_isdst = 0;
+
+	/* compensate timezone */
+
+	*result = mktime(&t) - timezone - tz_offset;
+	return SUCCESS;
+}
+
+/**
+ * Read an integer as u_int or as mpz_t
+ */
 status_t read_int(private_der_decoder_t *this, chunk_t data)
 {
 	this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER", data);
-	u_int *integ = (u_int*)((u_int8_t*)this->output + this->rule->data_offset);
 	
-	*integ = 0;
-	while (data.len-- > 0)
+	if (this->rule->flags & ASN1_MPZ)
 	{
-		*integ = 256 * (*integ) + *data.ptr++;
+		mpz_t *mpz = (mpz_t*)((u_int8_t*)this->output + this->rule->data_offset);
+		mpz_import(*mpz, data.len, 1, 1, 1, 0, data.ptr);
+	}
+	else
+	{	
+		u_int *integ = (u_int*)((u_int8_t*)this->output + this->rule->data_offset);
+		
+		*integ = 0;
+		while (data.len-- > 0)
+		{
+			*integ = 256 * (*integ) + *data.ptr++;
+		}
 	}
 	return SUCCESS;
 }
 
-status_t read_mpz(private_der_decoder_t *this, chunk_t data)
+/**
+ * Read boolean value 
+ */
+status_t read_bool(private_der_decoder_t *this, chunk_t data)
 {
-	this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER as mpz", data);
-	mpz_t *mpz = (mpz_t*)((u_int8_t*)this->output + this->rule->data_offset);
+	this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_BOOLEAN", data);
+
+	bool *boolean = (u_int*)((u_int8_t*)this->output + this->rule->data_offset);
 	
-	mpz_import(*mpz, data.len, 1, 1, 1, 0, data.ptr);
+	*boolean = *data.ptr;
+	
+	return SUCCESS;
+}
+
+/**
+ * Read an OID
+ */
+status_t read_oid(private_der_decoder_t *this, chunk_t data)
+{
+	this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_OID", data);
+	/* TODO: OID parsing stuff */
 	return SUCCESS;
 }
 
+/**
+ * Read a bitstring
+ */
+status_t read_bitstring(private_der_decoder_t *this, chunk_t data)
+{
+	/* TODO: cleanly determine amount of unused bits */
+	
+	/* skip "unused-bits-in-following-byte"-byte */
+	data.ptr += 1;
+	data.len -= 1;
+	
+	chunk_t *chunk = (chunk_t*)((u_int8_t*)this->output + this->rule->data_offset);
+	
+	*chunk = allocator_clone_chunk(data);
+	
+	this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_BITSTRING", data);
+	return SUCCESS;
+}
+
+/**
+ * Read any type which appears in a chunk
+ */
+status_t read_any(private_der_decoder_t *this, chunk_t data)
+{	
+	chunk_t *chunk = (chunk_t*)((u_int8_t*)this->output + this->rule->data_offset);
+	
+	*chunk = allocator_clone_chunk(data);
+	
+	this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_ANY", data);
+	return SUCCESS;
+}
+
+/**
+ * Read the length field of a type
+ */
 u_int32_t read_length(chunk_t *data)
 {
 	u_int8_t n;
 	size_t len;
 	
 	/* read first octet of length field */
-	n = *data->ptr++;
+	n = *data->ptr;
+	data->ptr++; data->len--;
 
 	if ((n & 0x80) == 0) 
 	{
@@ -114,81 +330,138 @@ u_int32_t read_length(chunk_t *data)
 	len = 0;
 	while (n-- > 0)
 	{
-		len = 256 * len + *data->ptr++;
+		len = 256 * len + *data->ptr;
+		data->ptr++; data->len--;
 	}
 	return len;
 }
 
+/**
+ * Read the next field
+ */
 status_t read_hdr(private_der_decoder_t *this, chunk_t *data)
 {
 	chunk_t inner;
+	/* TODO: Redo this that an average mid-european can understand it */
 	
+beginning:
 	/* advance to the next rule */
 	this->rule++;
 	
-	if (this->rule->type == ASN1_END)
-	{
-		return SUCCESS;
-	}
-	
-	this->logger->log(this->logger, CONTROL|LEVEL2, "reading header of rule %s",
-					  mapping_find(asn1_type_m, this->rule->type));
-	
-	this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "reading from:", *data);
-	
-	/* read type, advance in data */
-	if (*(data->ptr) != this->rule->type)
-	{
-		this->logger->log(this->logger, CONTROL|LEVEL2, "Bad byte found (%x)", *data->ptr);
-		return PARSE_ERROR;
-	}
-	data->ptr++; 
-	data->len--;
-	
-	/* read length, advance in data */
-	inner.len = read_length(data);
-	if (inner.len == -1)
-	{
-		this->logger->log(this->logger, CONTROL|LEVEL2, "Error reading length");
-		return PARSE_ERROR;
-	}
-	this->logger->log(this->logger, CONTROL|LEVEL2, "Length is %d",
-					  inner.len);
-	inner.ptr = data->ptr;
-	
-	/* advance in data */
-	data->ptr += inner.len;
-	data->len -= inner.len;
+	this->logger->log(this->logger, CONTROL|LEVEL2, "reading rule %d %s",
+						this->rule - this->first_rule,
+						mapping_find(asn1_type_m, this->rule->type));
 	
-	/* process inner */
 	switch (this->rule->type)
 	{
-		case ASN1_INTEGER:
-			if (this->rule->flags & ASN1_MPZ)
+		case ASN1_END:
+			/* ignore, handled outside */
+			return SUCCESS;
+		case ASN1_CHOICE:
+			/* CHOICE has no type/length */
+			break;
+		default:
+			/* anything else has type/length */
+			if (data->len == 0)
 			{
-				read_mpz(this, inner);
+				goto beginning;
 			}
-			else
+			this->logger->log_chunk(this->logger, CONTROL|LEVEL3, "reading from:", *data);
+			
+			/* read type, advance in data */
+			if (this->rule->type != ASN1_ANY && *(data->ptr) != this->rule->type)
 			{
-				read_int(this, inner);
+				if (this->rule->flags & ASN1_OPTIONAL)
+				{
+					goto beginning;
+				}
+				if (this->rule->flags & ASN1_DEFAULT)
+				{
+					goto beginning;
+				}
+				this->logger->log(this->logger, CONTROL|LEVEL2, "Bad byte found: %x, %x expected", 
+								*data->ptr, this->rule->type);
+				return PARSE_ERROR;
 			}
-			break;
-		case ASN1_SEQUENCE:
-			read_sequence(this, inner);
-			break;
-		default:
-			break;
+			data->ptr++;
+			data->len--;
+			
+			/* read length, advance in data */
+			inner.len = read_length(data);
+			if (inner.len == -1)
+			{
+				this->logger->log(this->logger, CONTROL|LEVEL2, "Error reading length");
+				return PARSE_ERROR;
+			}
+			this->logger->log(this->logger, CONTROL|LEVEL2, "Length is %d", inner.len);
+			inner.ptr = data->ptr;
+			
+			/* advance in data, at the size of the inner */
+			data->ptr += inner.len;
+			data->len -= inner.len;
 	}
 	
-	return SUCCESS;
+	/* process inner */
+	while (TRUE)
+	{
+		switch (this->rule->type)
+		{
+			case ASN1_INTEGER:
+				return read_int(this, inner);
+			case ASN1_BOOLEAN:
+				return read_bool(this, inner);
+			case ASN1_SEQUENCE:
+			case ASN1_SET:
+				return read_sequence(this, inner);
+			case ASN1_TAG_E_0:
+			case ASN1_TAG_E_1:
+			case ASN1_TAG_E_2:
+			case ASN1_TAG_E_3:
+			case ASN1_TAG_E_4:
+			case ASN1_TAG_E_5:
+			case ASN1_TAG_E_6:
+			case ASN1_TAG_E_7:
+				return read_hdr(this, &inner);
+			case ASN1_TAG_I_0:
+			case ASN1_TAG_I_1:
+			case ASN1_TAG_I_2:
+			case ASN1_TAG_I_3:
+			case ASN1_TAG_I_4:
+			case ASN1_TAG_I_5:
+			case ASN1_TAG_I_6:
+			case ASN1_TAG_I_7:
+				this->rule++;
+				continue;
+			case ASN1_OID:
+				return read_oid(this, inner);
+			case ASN1_CHOICE:
+				return read_choice(this, data);
+			case ASN1_NULL:
+				return SUCCESS;
+			case ASN1_ANY:
+				return read_any(this, inner);
+			case ASN1_UTCTIME:
+				return read_time(this, inner);
+			case  ASN1_GENERALIZEDTIME:
+				return read_time(this, inner);
+			case ASN1_BITSTRING:
+				return read_bitstring(this, inner);
+			case ASN1_OCTETSTRING:
+				return read_any(this, inner);
+			default:
+				return NOT_SUPPORTED;
+		}
+	}
 }
 
-
-
+/**
+ * Implements der_decoder_t.decode
+ */
 status_t decode(private_der_decoder_t *this, chunk_t input, void *output)
 {
 	this->rule = this->first_rule - 1;
 	this->output = output;
+	/* start parsing recursivly */
 	return read_hdr(this, &input);
 }
 
diff --git a/Source/charon/asn1/der_decoder.h b/Source/charon/asn1/der_decoder.h
index d6ccaf4cc..68731b5d9 100644
--- a/Source/charon/asn1/der_decoder.h
+++ b/Source/charon/asn1/der_decoder.h
@@ -29,15 +29,29 @@
 typedef struct der_decoder_t der_decoder_t;
 
 /**
- * @brief Decode der_encoded bytes to usable structures.
+ * @brief Decode ASN1 DER encoded chunks.
  * 
  * @b Constructors:
  *  - der_decoder_create()
  * 
+ * @todo A lot.
+ * 
  * @ingroup asn1
  */
 struct der_decoder_t {
 	
+	/**
+	 * @brief Decode a chunk of bytes to a data structure
+	 *
+	 * @param der_decoder 	calling object
+	 * @param input			chunk of data to decode
+	 * @param output		data structure where decoded data is written
+	 * @return
+	 * 						- PARSE_ERROR
+	 * 						- FAILED
+	 * 						- NOT_SUPPORTED
+	 * 						- or SUCCESS sometimes
+	 */
 	status_t (*decode) (der_decoder_t *this, chunk_t input, void *output);
 
 	/**
@@ -52,7 +66,11 @@ struct der_decoder_t {
 /**
  * @brief Create a der_decoder instance.
  * 
- * @return	der_decoder_t object
+ * The instance needs ASN1 rules to know how to decode
+ * data...
+ * 
+ * @param rules		set of ASN1 coding rules
+ * @return			der_decoder_t object
  * 
  * @ingroup ans1
  */