aboutsummaryrefslogtreecommitdiffstats
path: root/src/pluto/pkcs7.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/pluto/pkcs7.c')
-rw-r--r--src/pluto/pkcs7.c319
1 files changed, 168 insertions, 151 deletions
diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c
index 8283a0699..7fa2cb3a4 100644
--- a/src/pluto/pkcs7.c
+++ b/src/pluto/pkcs7.c
@@ -22,10 +22,12 @@
#include <freeswan.h>
+#include <asn1/asn1.h>
+#include <asn1/asn1_parser.h>
+#include <asn1/oid.h>
+
#include "constants.h"
#include "defs.h"
-#include "asn1.h"
-#include <asn1/oid.h>
#include "log.h"
#include "x509.h"
#include "certs.h"
@@ -37,54 +39,55 @@ const contentInfo_t empty_contentInfo = {
{ NULL, 0 } /* content */
};
-/* ASN.1 definition of the PKCS#7 ContentInfo type */
-
+/**
+ * ASN.1 definition of the PKCS#7 ContentInfo type
+ */
static const asn1Object_t contentInfoObjects[] = {
- { 0, "contentInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "contentType", ASN1_OID, ASN1_BODY }, /* 1 */
- { 1, "content", ASN1_CONTEXT_C_0, ASN1_OPT |
- ASN1_BODY }, /* 2 */
- { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
+ { 0, "contentInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "contentType", ASN1_OID, ASN1_BODY }, /* 1 */
+ { 1, "content", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_BODY }, /* 2 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
-
#define PKCS7_INFO_TYPE 1
#define PKCS7_INFO_CONTENT 2
-#define PKCS7_INFO_ROOF 4
-
-/* ASN.1 definition of the PKCS#7 signedData type */
+/**
+ * ASN.1 definition of the PKCS#7 signedData type
+ */
static const asn1Object_t signedDataObjects[] = {
- { 0, "signedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
- { 1, "digestAlgorithms", ASN1_SET, ASN1_LOOP }, /* 2 */
- { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 3 */
- { 1, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
- { 1, "contentInfo", ASN1_EOC, ASN1_RAW }, /* 5 */
- { 1, "certificates", ASN1_CONTEXT_C_0, ASN1_OPT |
- ASN1_LOOP }, /* 6 */
- { 2, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 7 */
- { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 8 */
- { 1, "crls", ASN1_CONTEXT_C_1, ASN1_OPT |
- ASN1_LOOP }, /* 9 */
- { 2, "crl", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
- { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 11 */
- { 1, "signerInfos", ASN1_SET, ASN1_LOOP }, /* 12 */
- { 2, "signerInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */
- { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 14 */
- { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 15 */
- { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 16 */
- { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 17 */
- { 3, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 18 */
- { 3, "authenticatedAttributes", ASN1_CONTEXT_C_0, ASN1_OPT |
- ASN1_OBJ }, /* 19 */
- { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */
- { 3, "digestEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 21 */
- { 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */
- { 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */
- { 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */
- { 1, "end loop", ASN1_EOC, ASN1_END } /* 25 */
+ { 0, "signedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "digestAlgorithms", ASN1_SET, ASN1_LOOP }, /* 2 */
+ { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 3 */
+ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
+ { 1, "contentInfo", ASN1_EOC, ASN1_RAW }, /* 5 */
+ { 1, "certificates", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_LOOP }, /* 6 */
+ { 2, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 7 */
+ { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 8 */
+ { 1, "crls", ASN1_CONTEXT_C_1, ASN1_OPT |
+ ASN1_LOOP }, /* 9 */
+ { 2, "crl", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
+ { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 11 */
+ { 1, "signerInfos", ASN1_SET, ASN1_LOOP }, /* 12 */
+ { 2, "signerInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */
+ { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 14 */
+ { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 15 */
+ { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 16 */
+ { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 17 */
+ { 3, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 18 */
+ { 3, "authenticatedAttributes", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_OBJ }, /* 19 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */
+ { 3, "digestEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 21 */
+ { 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */
+ { 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */
+ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 25 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
-
#define PKCS7_DIGEST_ALG 3
#define PKCS7_SIGNED_CONTENT_INFO 5
#define PKCS7_SIGNED_CERT 7
@@ -95,28 +98,28 @@ static const asn1Object_t signedDataObjects[] = {
#define PKCS7_AUTH_ATTRIBUTES 19
#define PKCS7_DIGEST_ENC_ALGORITHM 21
#define PKCS7_ENCRYPTED_DIGEST 22
-#define PKCS7_SIGNED_ROOF 26
-
-/* ASN.1 definition of the PKCS#7 envelopedData type */
+/**
+ * ASN.1 definition of the PKCS#7 envelopedData type
+ */
static const asn1Object_t envelopedDataObjects[] = {
- { 0, "envelopedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
- { 1, "recipientInfos", ASN1_SET, ASN1_LOOP }, /* 2 */
- { 2, "recipientInfo", ASN1_SEQUENCE, ASN1_BODY }, /* 3 */
- { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 4 */
- { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */
- { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
- { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 7 */
- { 3, "encryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 8 */
- { 3, "encryptedKey", ASN1_OCTET_STRING, ASN1_BODY }, /* 9 */
- { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */
- { 1, "encryptedContentInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 11 */
- { 2, "contentType", ASN1_OID, ASN1_BODY }, /* 12 */
- { 2, "contentEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 13 */
- { 2, "encryptedContent", ASN1_CONTEXT_S_0, ASN1_BODY } /* 14 */
+ { 0, "envelopedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "recipientInfos", ASN1_SET, ASN1_LOOP }, /* 2 */
+ { 2, "recipientInfo", ASN1_SEQUENCE, ASN1_BODY }, /* 3 */
+ { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 4 */
+ { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */
+ { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
+ { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 7 */
+ { 3, "encryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 8 */
+ { 3, "encryptedKey", ASN1_OCTET_STRING, ASN1_BODY }, /* 9 */
+ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */
+ { 1, "encryptedContentInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 11 */
+ { 2, "contentType", ASN1_OID, ASN1_BODY }, /* 12 */
+ { 2, "contentEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 13 */
+ { 2, "encryptedContent", ASN1_CONTEXT_S_0, ASN1_BODY }, /* 14 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
-
#define PKCS7_ENVELOPED_VERSION 1
#define PKCS7_RECIPIENT_INFO_VERSION 4
#define PKCS7_ISSUER 6
@@ -128,7 +131,9 @@ static const asn1Object_t envelopedDataObjects[] = {
#define PKCS7_ENCRYPTED_CONTENT 14
#define PKCS7_ENVELOPED_ROOF 15
-/* PKCS7 contentInfo OIDs */
+/**
+ * PKCS7 contentInfo OIDs
+ */
static u_char ASN1_pkcs7_data_oid_str[] = {
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
@@ -167,7 +172,9 @@ static const chunk_t ASN1_pkcs7_digested_data_oid =
static const chunk_t ASN1_pkcs7_encrypted_data_oid =
chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str);
-/* 3DES and DES encryption OIDs */
+/**
+ * 3DES and DES encryption OIDs
+ */
static u_char ASN1_3des_ede_cbc_oid_str[] = {
0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07
@@ -182,7 +189,9 @@ static const chunk_t ASN1_3des_ede_cbc_oid =
static const chunk_t ASN1_des_cbc_oid =
chunk_from_buf(ASN1_des_cbc_oid_str);
-/* PKCS#7 attribute type OIDs */
+/**
+ * PKCS#7 attribute type OIDs
+ */
static u_char ASN1_contentType_oid_str[] = {
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03
@@ -197,24 +206,21 @@ static const chunk_t ASN1_contentType_oid =
static const chunk_t ASN1_messageDigest_oid =
chunk_from_buf(ASN1_messageDigest_oid_str);
-/*
+/**
* Parse PKCS#7 ContentInfo object
*/
-bool
-pkcs7_parse_contentInfo(chunk_t blob, u_int level0, contentInfo_t *cInfo)
+bool pkcs7_parse_contentInfo(chunk_t blob, u_int level0, contentInfo_t *cInfo)
{
- asn1_ctx_t ctx;
+ asn1_parser_t *parser;
chunk_t object;
- u_int level;
- int objectID = 0;
+ int objectID;
+ bool success = FALSE;
- asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
+ parser = asn1_parser_create(contentInfoObjects, blob);
+ parser->set_top_level(parser, level0);
- while (objectID < PKCS7_INFO_ROOF)
+ while (parser->iterate(parser, &objectID, &object))
{
- if (!extract_object(contentInfoObjects, &objectID, &object, &level, &ctx))
- return FALSE;
-
if (objectID == PKCS7_INFO_TYPE)
{
cInfo->type = asn1_known_oid(object);
@@ -222,57 +228,60 @@ pkcs7_parse_contentInfo(chunk_t blob, u_int level0, contentInfo_t *cInfo)
|| cInfo->type > OID_PKCS7_ENCRYPTED_DATA)
{
plog("unknown pkcs7 content type");
- return FALSE;
+ goto end;
}
}
else if (objectID == PKCS7_INFO_CONTENT)
{
cInfo->content = object;
}
- objectID++;
}
- return TRUE;
+ success = parser->success(parser);
+
+end:
+ parser->destroy(parser);
+ return success;
}
-/*
+/**
* Parse a PKCS#7 signedData object
*/
-bool
-pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert
-, chunk_t *attributes, const x509cert_t *cacert)
+bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert,
+ chunk_t *attributes, const x509cert_t *cacert)
{
u_char buf[BUF_LEN];
- asn1_ctx_t ctx;
+ asn1_parser_t *parser;
chunk_t object;
- u_int level;
int digest_alg = OID_UNKNOWN;
int enc_alg = OID_UNKNOWN;
int signerInfos = 0;
- int objectID = 0;
+ int objectID;
+ bool success = FALSE;
contentInfo_t cInfo = empty_contentInfo;
chunk_t encrypted_digest = chunk_empty;
if (!pkcs7_parse_contentInfo(blob, 0, &cInfo))
+ {
return FALSE;
-
+ }
if (cInfo.type != OID_PKCS7_SIGNED_DATA)
{
plog("pkcs7 content type is not signedData");
return FALSE;
}
- asn1_init(&ctx, cInfo.content, 2, FALSE, DBG_RAW);
+ parser = asn1_parser_create(signedDataObjects, blob);
+ parser->set_top_level(parser, 2);
- while (objectID < PKCS7_SIGNED_ROOF)
- {
- if (!extract_object(signedDataObjects, &objectID, &object, &level, &ctx))
- return FALSE;
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ u_int level = parser->get_level(parser);
switch (objectID)
{
case PKCS7_DIGEST_ALG:
- digest_alg = parse_algorithmIdentifier(object, level, NULL);
+ digest_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
break;
case PKCS7_SIGNED_CONTENT_INFO:
if (data != NULL)
@@ -322,15 +331,20 @@ pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert
}
break;
case PKCS7_DIGEST_ALGORITHM:
- digest_alg = parse_algorithmIdentifier(object, level, NULL);
+ digest_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
break;
case PKCS7_DIGEST_ENC_ALGORITHM:
- enc_alg = parse_algorithmIdentifier(object, level, NULL);
+ enc_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
break;
case PKCS7_ENCRYPTED_DIGEST:
encrypted_digest = object;
}
- objectID++;
+ }
+ success = parser->success(parser);
+ parser->destroy(parser);
+ if (!success)
+ {
+ return FALSE;
}
/* check the signature only if a cacert is available */
@@ -367,44 +381,45 @@ pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert
return TRUE;
}
-/*
+/**
* Parse a PKCS#7 envelopedData object
*/
-bool
-pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
-, chunk_t serialNumber, const RSA_private_key_t *key)
+bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data,
+ chunk_t serialNumber,
+ const RSA_private_key_t *key)
{
- asn1_ctx_t ctx;
+ asn1_parser_t *parser;
chunk_t object;
chunk_t iv = chunk_empty;
chunk_t symmetric_key = chunk_empty;
chunk_t encrypted_content = chunk_empty;
u_char buf[BUF_LEN];
- u_int level;
u_int total_keys = 3;
int enc_alg = OID_UNKNOWN;
int content_enc_alg = OID_UNKNOWN;
- int objectID = 0;
+ int objectID;
+ bool success = FALSE;
contentInfo_t cInfo = empty_contentInfo;
*data = chunk_empty;
if (!pkcs7_parse_contentInfo(blob, 0, &cInfo))
- goto failed;
-
+ {
+ goto end;
+ }
if (cInfo.type != OID_PKCS7_ENVELOPED_DATA)
{
plog("pkcs7 content type is not envelopedData");
- return FALSE;
+ goto end;
}
- asn1_init(&ctx, cInfo.content, 2, FALSE, DBG_RAW);
+ parser = asn1_parser_create(envelopedDataObjects, cInfo.content);
+ parser->set_top_level(parser, 2);
- while (objectID < PKCS7_ENVELOPED_ROOF)
+ while (parser->iterate(parser, &objectID, &object))
{
- if (!extract_object(envelopedDataObjects, &objectID, &object, &level, &ctx))
- goto failed;
+ u_int level = parser->get_level(parser);
switch (objectID)
{
@@ -412,14 +427,14 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
if (*object.ptr != 0)
{
plog("envelopedData version is not 0");
- goto failed;
+ goto end;
}
break;
case PKCS7_RECIPIENT_INFO_VERSION:
if (*object.ptr != 0)
{
plog("recipient info version is not 0");
- goto failed;
+ goto end;
}
break;
case PKCS7_ISSUER:
@@ -432,22 +447,22 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
if (!chunk_equals(serialNumber, object))
{
plog("serial numbers do not match");
- goto failed;
+ goto end;
}
break;
case PKCS7_ENCRYPTION_ALG:
- enc_alg = parse_algorithmIdentifier(object, level, NULL);
+ enc_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
if (enc_alg != OID_RSA_ENCRYPTION)
{
plog("only rsa encryption supported");
- goto failed;
+ goto end;
}
break;
case PKCS7_ENCRYPTED_KEY:
if (!RSA_decrypt(key, object, &symmetric_key))
{
plog("symmetric key could not be decrypted with rsa");
- goto failed;
+ goto end;
}
DBG(DBG_PRIVATE,
DBG_dump_chunk("symmetric key :", symmetric_key)
@@ -457,11 +472,11 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
if (asn1_known_oid(object) != OID_PKCS7_DATA)
{
plog("encrypted content not of type pkcs7 data");
- goto failed;
+ goto end;
}
break;
case PKCS7_CONTENT_ENC_ALGORITHM:
- content_enc_alg = parse_algorithmIdentifier(object, level, &iv);
+ content_enc_alg = asn1_parse_algorithmIdentifier(object, level, &iv);
switch (content_enc_alg)
{
@@ -473,29 +488,33 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
break;
default:
plog("Only DES and 3DES supported for symmetric encryption");
- goto failed;
+ goto end;
}
if (symmetric_key.len != (total_keys * DES_CBC_BLOCK_SIZE))
{
plog("key length is not %d",(total_keys * DES_CBC_BLOCK_SIZE));
- goto failed;
+ goto end;
}
- if (!parse_asn1_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV"))
+ if (!asn1_parse_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV"))
{
plog("IV could not be parsed");
- goto failed;
+ goto end;
}
if (iv.len != DES_CBC_BLOCK_SIZE)
{
plog("IV has wrong length");
- goto failed;
+ goto end;
}
break;
case PKCS7_ENCRYPTED_CONTENT:
encrypted_content = object;
break;
}
- objectID++;
+ }
+;
+ if (!parser->success(parser))
+ {
+ goto end;
}
/* decrypt the content */
@@ -512,7 +531,7 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
if (des_set_key(&des_key[i], key_s[i]))
{
plog("des key schedule failed");
- goto failed;
+ goto end;
}
}
@@ -546,7 +565,7 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
if (padding > data->len)
{
plog("padding greater than data length");
- goto failed;
+ goto end;
}
data->len -= padding;
@@ -555,17 +574,19 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
if (*pos-- != pattern)
{
plog("wrong padding pattern");
- goto failed;
+ goto end;
}
}
}
- chunk_clear(&symmetric_key);
- return TRUE;
+ success = TRUE;
-failed:
+end:
chunk_clear(&symmetric_key);
- free(data->ptr);
- return FALSE;
+ if (!success)
+ {
+ free(data->ptr);
+ }
+ return success;
}
/**
@@ -573,8 +594,7 @@ failed:
*
* @return ASN.1 encoded contentType attribute
*/
-chunk_t
-pkcs7_contentType_attribute(void)
+chunk_t pkcs7_contentType_attribute(void)
{
return asn1_wrap(ASN1_SEQUENCE, "cm"
, ASN1_contentType_oid
@@ -590,8 +610,7 @@ pkcs7_contentType_attribute(void)
* @return ASN.1 encoded messageDigest attribute
*
*/
-chunk_t
-pkcs7_messageDigest_attribute(chunk_t content, int digest_alg)
+chunk_t pkcs7_messageDigest_attribute(chunk_t content, int digest_alg)
{
u_char digest_buf[MAX_DIGEST_LEN];
chunk_t digest = { digest_buf, MAX_DIGEST_LEN };
@@ -605,11 +624,11 @@ pkcs7_messageDigest_attribute(chunk_t content, int digest_alg)
)
);
}
-/*
+
+/**
* build a DER-encoded contentInfo object
*/
-static chunk_t
-pkcs7_build_contentInfo(contentInfo_t *cInfo)
+static chunk_t pkcs7_build_contentInfo(contentInfo_t *cInfo)
{
chunk_t content_type;
@@ -648,23 +667,22 @@ pkcs7_build_contentInfo(contentInfo_t *cInfo)
);
}
-/*
+/**
* build issuerAndSerialNumber object
*/
-chunk_t
-pkcs7_build_issuerAndSerialNumber(const x509cert_t *cert)
+chunk_t pkcs7_build_issuerAndSerialNumber(const x509cert_t *cert)
{
return asn1_wrap(ASN1_SEQUENCE, "cm"
, cert->issuer
, asn1_simple_object(ASN1_INTEGER, cert->serialNumber));
}
-/*
+/**
* create a signed pkcs7 contentInfo object
*/
-chunk_t
-pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert
-, int digest_alg, const RSA_private_key_t *key)
+chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes,
+ const x509cert_t *cert, int digest_alg,
+ const RSA_private_key_t *key)
{
contentInfo_t pkcs7Data, signedData;
chunk_t authenticatedAttributes, encryptedDigest, signerInfo, cInfo;
@@ -690,7 +708,7 @@ pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert
, pkcs7_build_issuerAndSerialNumber(cert)
, digestAlgorithm
, authenticatedAttributes
- , ASN1_rsaEncryption_id
+ , asn1_algorithmIdentifier(OID_RSA_ENCRYPTION)
, encryptedDigest);
pkcs7Data.type = OID_PKCS7_DATA;
@@ -715,11 +733,10 @@ pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert
return cInfo;
}
-/*
+/**
* create a symmetrically encrypted pkcs7 contentInfo object
*/
-chunk_t
-pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int cipher)
+chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int cipher)
{
bool des_check_key_save;
des_key_schedule ks[3];
@@ -833,7 +850,7 @@ pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int cipher)
chunk_t recipientInfo = asn1_wrap(ASN1_SEQUENCE, "cmcm"
, ASN1_INTEGER_0
, pkcs7_build_issuerAndSerialNumber(cert)
- , ASN1_rsaEncryption_id
+ , asn1_algorithmIdentifier(OID_RSA_ENCRYPTION)
, encryptedKey);
chunk_t cInfo;
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-17 07:15:16 +0000