summaryrefslogtreecommitdiff
path: root/src/libstrongswan/asn1
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/asn1')
-rw-r--r--src/libstrongswan/asn1/asn1.c170
-rw-r--r--src/libstrongswan/asn1/asn1.h24
-rw-r--r--src/libstrongswan/asn1/asn1_parser.c6
-rw-r--r--src/libstrongswan/asn1/asn1_parser.h6
-rw-r--r--src/libstrongswan/asn1/oid.c562
-rw-r--r--src/libstrongswan/asn1/oid.h264
-rw-r--r--src/libstrongswan/asn1/oid.pl7
-rw-r--r--src/libstrongswan/asn1/oid.txt72
-rwxr-xr-xsrc/libstrongswan/asn1/pem.c49
-rwxr-xr-xsrc/libstrongswan/asn1/pem.h8
10 files changed, 697 insertions, 471 deletions
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 8b9762777..d2078cbbc 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -13,15 +13,14 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: asn1.c 5041 2009-03-27 08:58:48Z andreas $
*/
#include <stdio.h>
#include <string.h>
#include <time.h>
+#include <pthread.h>
-#include <library.h>
+#include <utils.h>
#include <debug.h>
#include "oid.h"
@@ -209,9 +208,13 @@ int asn1_known_oid(chunk_t object)
else
{
if (oid_names[oid].next)
+ {
oid = oid_names[oid].next;
+ }
else
+ {
return OID_UNKNOWN;
+ }
}
}
return -1;
@@ -220,7 +223,39 @@ int asn1_known_oid(chunk_t object)
/*
* Defined in header.
*/
-u_int asn1_length(chunk_t *blob)
+chunk_t asn1_build_known_oid(int n)
+{
+ chunk_t oid;
+ int i;
+
+ if (n < 0 || n >= OID_MAX)
+ {
+ return chunk_empty;
+ }
+
+ i = oid_names[n].level + 1;
+ oid = chunk_alloc(2 + i);
+ oid.ptr[0] = ASN1_OID;
+ oid.ptr[1] = i;
+
+ do
+ {
+ if (oid_names[n].level >= i)
+ {
+ n--;
+ continue;
+ }
+ oid.ptr[--i + 2] = oid_names[n--].octet;
+ }
+ while (i > 0);
+
+ return oid;
+}
+
+/*
+ * Defined in header.
+ */
+size_t asn1_length(chunk_t *blob)
{
u_char n;
size_t len;
@@ -261,18 +296,28 @@ u_int asn1_length(chunk_t *blob)
len = 256*len + *blob->ptr++;
blob->len--;
}
+ if (len > blob->len)
+ {
+ DBG2("length is larger than remaining blob size");
+ return ASN1_INVALID_LENGTH;
+ }
return len;
}
#define TIME_MAX 0x7fffffff
+static const int days[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 };
+static const int tm_leap_1970 = 477;
+
/**
* Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time
*/
time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
{
- struct tm t;
- time_t tc, tz_offset;
+ int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec;
+ int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap;
+ int tz_hour, tz_min, tz_offset;
+ time_t tm_secs;
u_char *eot = NULL;
if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
@@ -281,16 +326,18 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
}
else if ((eot = memchr(utctime->ptr, '+', utctime->len)) != NULL)
{
- int tz_hour, tz_min;
-
- sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+ if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
+ {
+ return 0; /* error in positive timezone offset format */
+ }
tz_offset = 3600*tz_hour + 60*tz_min; /* positive time zone offset */
}
else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL)
{
- int tz_hour, tz_min;
-
- sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+ if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
+ {
+ return 0; /* error in negative timezone offset format */
+ }
tz_offset = -3600*tz_hour - 60*tz_min; /* negative time zone offset */
}
else
@@ -303,45 +350,65 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
"%4d%2d%2d%2d%2d";
- sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
- &t.tm_hour, &t.tm_min);
+ if (sscanf(utctime->ptr, format, &tm_year, &tm_mon, &tm_day,
+ &tm_hour, &tm_min) != 5)
+ {
+ return 0; /* error in [yy]yymmddhhmm time format */
+ }
}
/* is there a seconds field? */
if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
{
- sscanf(eot-2, "%2d", &t.tm_sec);
+ if (sscanf(eot-2, "%2d", &tm_sec) != 1)
+ {
+ return 0; /* error in ss seconds field format */
+ }
}
else
{
- t.tm_sec = 0;
+ tm_sec = 0;
}
- /* representation of year */
- if (t.tm_year >= 1900)
+ /* representation of two-digit years */
+ if (type == ASN1_UTCTIME)
{
- t.tm_year -= 1900;
+ tm_year += (tm_year < 50) ? 2000 : 1900;
}
- else if (t.tm_year >= 100)
+
+ /* prevent large 32 bit integer overflows */
+ if (sizeof(time_t) == 4 && tm_year > 2038)
{
- return 0;
+ return TIME_MAX;
}
- else if (t.tm_year < 50)
+
+ /* representation of months as 0..11*/
+ if (tm_mon < 1 || tm_mon > 12)
{
- t.tm_year += 100;
+ return 0; /* error in month format */
}
+ tm_mon--;
- /* representation of month 0..11*/
- t.tm_mon--;
-
- /* set daylight saving time to off */
- t.tm_isdst = 0;
-
- /* convert to time_t */
- tc = mktime(&t);
+ /* representation of days as 0..30 */
+ tm_day--;
- /* if no conversion overflow occurred, compensate timezone */
- return (tc == -1) ? TIME_MAX : (tc - timezone - tz_offset);
+ /* number of leap years between last year and 1970? */
+ tm_leap_4 = (tm_year - 1) / 4;
+ tm_leap_100 = tm_leap_4 / 25;
+ tm_leap_400 = tm_leap_100 / 4;
+ tm_leap = tm_leap_4 - tm_leap_100 + tm_leap_400 - tm_leap_1970;
+
+ /* if date later then February, is the current year a leap year? */
+ if (tm_mon > 1 && (tm_year % 4 == 0) &&
+ (tm_year % 100 != 0 || tm_year % 400 == 0))
+ {
+ tm_leap++;
+ }
+ tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap;
+ tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec - tz_offset;
+
+ /* has a 32 bit overflow occurred? */
+ return (tm_secs < 0) ? TIME_MAX : tm_secs;
}
/**
@@ -626,7 +693,7 @@ chunk_t asn1_simple_object(asn1_t tag, chunk_t content)
}
/**
- * Build an ASN.1 BITSTRING object
+ * Build an ASN.1 BIT_STRING object
*/
chunk_t asn1_bitstring(const char *mode, chunk_t content)
{
@@ -643,6 +710,41 @@ chunk_t asn1_bitstring(const char *mode, chunk_t content)
}
/**
+ * Build an ASN.1 INTEGER object
+ */
+chunk_t asn1_integer(const char *mode, chunk_t content)
+{
+ chunk_t object;
+ size_t len;
+ u_char *pos;
+
+ if (content.len == 0 || (content.len == 1 && *content.ptr == 0x00))
+ {
+ /* a zero ASN.1 integer does not have a value field */
+ len = 0;
+ }
+ else
+ {
+ /* ASN.1 integers must be positive numbers in two's complement */
+ len = content.len + ((*content.ptr & 0x80) ? 1 : 0);
+ }
+ pos = asn1_build_object(&object, ASN1_INTEGER, len);
+ if (len > content.len)
+ {
+ *pos++ = 0x00;
+ }
+ if (len)
+ {
+ memcpy(pos, content.ptr, content.len);
+ }
+ if (*mode == 'm')
+ {
+ free(content.ptr);
+ }
+ return object;
+}
+
+/**
* Build an ASN.1 object from a variable number of individual chunks.
* Depending on the mode, chunks either are moved ('m') or copied ('c').
*/
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index 4ea89730c..6a2b594c0 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: asn1.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -27,7 +25,8 @@
#include <stdarg.h>
-#include <library.h>
+#include <utils.h>
+#include <chunk.h>
/**
* Definition of some primitive ASN1 types
@@ -107,13 +106,21 @@ chunk_t asn1_algorithmIdentifier(int oid);
int asn1_known_oid(chunk_t object);
/**
+ * Converts a known OID index to an ASN.1 OID
+ *
+ * @param n index into the oid_names[] table
+ * @return allocated OID chunk, chunk_empty if index out of range
+ */
+chunk_t asn1_build_known_oid(int n);
+
+/**
* Returns the length of an ASN.1 object
* The blob pointer is advanced past the tag length fields
*
* @param blob pointer to an ASN.1 coded blob
* @return length of ASN.1 object
*/
-u_int asn1_length(chunk_t *blob);
+size_t asn1_length(chunk_t *blob);
/**
* Parses an ASN.1 algorithmIdentifier object
@@ -221,6 +228,15 @@ chunk_t asn1_simple_object(asn1_t tag, chunk_t content);
chunk_t asn1_bitstring(const char *mode, chunk_t content);
/**
+ * Build an ASN.1 INTEGER object
+ *
+ * @param mode 'c' for copy or 'm' for move
+ * @param content content of the INTEGER
+ * @return chunk containing the ASN.1 coded INTEGER
+ */
+chunk_t asn1_integer(const char *mode, chunk_t content);
+
+/**
* Build an ASN.1 object from a variable number of individual chunks
*
* @param type ASN.1 type to be created
diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c
index 7a2028fc3..bc4c0b50f 100644
--- a/src/libstrongswan/asn1/asn1_parser.c
+++ b/src/libstrongswan/asn1/asn1_parser.c
@@ -13,15 +13,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: asn1_parser.c 3894 2008-04-28 18:44:21Z andreas $
*/
#include <stdio.h>
#include <string.h>
#include <time.h>
-#include <library.h>
+#include <utils.h>
#include <debug.h>
#include "asn1.h"
@@ -160,7 +158,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
blob1->len = asn1_length(blob);
- if (blob1->len == ASN1_INVALID_LENGTH || blob->len < blob1->len)
+ if (blob1->len == ASN1_INVALID_LENGTH)
{
DBG1("L%d - %s: length of ASN.1 object invalid or too large",
level, obj.name);
diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h
index bcc966e04..b2f4133a1 100644
--- a/src/libstrongswan/asn1/asn1_parser.h
+++ b/src/libstrongswan/asn1/asn1_parser.h
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: asn1_parser.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -27,7 +25,9 @@
#include <stdarg.h>
-#include <library.h>
+#include <utils.h>
+#include <chunk.h>
+#include <asn1/asn1.h>
/**
* Definition of ASN.1 flags
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index f9eb26d1d..53657b514 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -10,270 +10,300 @@
#include "oid.h"
const oid_t oid_names[] = {
- {0x02, 7, 1, "ITU-T Administration" }, /* 0 */
- { 0x82, 0, 1, "" }, /* 1 */
- { 0x06, 0, 1, "Germany ITU-T member" }, /* 2 */
- { 0x01, 0, 1, "Deutsche Telekom AG" }, /* 3 */
- { 0x0A, 0, 1, "" }, /* 4 */
- { 0x07, 0, 1, "" }, /* 5 */
- { 0x14, 0, 0, "ND" }, /* 6 */
- {0x09, 18, 1, "data" }, /* 7 */
- { 0x92, 0, 1, "" }, /* 8 */
- { 0x26, 0, 1, "" }, /* 9 */
- { 0x89, 0, 1, "" }, /* 10 */
- { 0x93, 0, 1, "" }, /* 11 */
- { 0xF2, 0, 1, "" }, /* 12 */
- { 0x2C, 0, 1, "" }, /* 13 */
- { 0x64, 0, 1, "pilot" }, /* 14 */
- { 0x01, 0, 1, "pilotAttributeType" }, /* 15 */
- { 0x01, 17, 0, "UID" }, /* 16 */
- { 0x19, 0, 0, "DC" }, /* 17 */
- {0x55, 52, 1, "X.500" }, /* 18 */
- { 0x04, 36, 1, "X.509" }, /* 19 */
- { 0x03, 21, 0, "CN" }, /* 20 */
- { 0x04, 22, 0, "S" }, /* 21 */
- { 0x05, 23, 0, "SN" }, /* 22 */
- { 0x06, 24, 0, "C" }, /* 23 */
- { 0x07, 25, 0, "L" }, /* 24 */
- { 0x08, 26, 0, "ST" }, /* 25 */
- { 0x0A, 27, 0, "O" }, /* 26 */
- { 0x0B, 28, 0, "OU" }, /* 27 */
- { 0x0C, 29, 0, "T" }, /* 28 */
- { 0x0D, 30, 0, "D" }, /* 29 */
- { 0x24, 31, 0, "userCertificate" }, /* 30 */
- { 0x29, 32, 0, "N" }, /* 31 */
- { 0x2A, 33, 0, "G" }, /* 32 */
- { 0x2B, 34, 0, "I" }, /* 33 */
- { 0x2D, 35, 0, "ID" }, /* 34 */
- { 0x48, 0, 0, "role" }, /* 35 */
- { 0x1D, 0, 1, "id-ce" }, /* 36 */
- { 0x09, 38, 0, "subjectDirectoryAttrs" }, /* 37 */
- { 0x0E, 39, 0, "subjectKeyIdentifier" }, /* 38 */
- { 0x0F, 40, 0, "keyUsage" }, /* 39 */
- { 0x10, 41, 0, "privateKeyUsagePeriod" }, /* 40 */
- { 0x11, 42, 0, "subjectAltName" }, /* 41 */
- { 0x12, 43, 0, "issuerAltName" }, /* 42 */
- { 0x13, 44, 0, "basicConstraints" }, /* 43 */
- { 0x14, 45, 0, "crlNumber" }, /* 44 */
- { 0x15, 46, 0, "reasonCode" }, /* 45 */
- { 0x1F, 47, 0, "crlDistributionPoints" }, /* 46 */
- { 0x20, 48, 0, "certificatePolicies" }, /* 47 */
- { 0x23, 49, 0, "authorityKeyIdentifier" }, /* 48 */
- { 0x25, 50, 0, "extendedKeyUsage" }, /* 49 */
- { 0x37, 51, 0, "targetInformation" }, /* 50 */
- { 0x38, 0, 0, "noRevAvail" }, /* 51 */
- {0x2A, 131, 1, "" }, /* 52 */
- { 0x86, 0, 1, "" }, /* 53 */
- { 0x48, 0, 1, "" }, /* 54 */
- { 0x86, 95, 1, "" }, /* 55 */
- { 0xF6, 61, 1, "" }, /* 56 */
- { 0x7D, 0, 1, "NortelNetworks" }, /* 57 */
- { 0x07, 0, 1, "Entrust" }, /* 58 */
- { 0x41, 0, 1, "nsn-ce" }, /* 59 */
- { 0x00, 0, 0, "entrustVersInfo" }, /* 60 */
- { 0xF7, 0, 1, "" }, /* 61 */
- { 0x0D, 0, 1, "RSADSI" }, /* 62 */
- { 0x01, 90, 1, "PKCS" }, /* 63 */
- { 0x01, 72, 1, "PKCS-1" }, /* 64 */
- { 0x01, 66, 0, "rsaEncryption" }, /* 65 */
- { 0x02, 67, 0, "md2WithRSAEncryption" }, /* 66 */
- { 0x04, 68, 0, "md5WithRSAEncryption" }, /* 67 */
- { 0x05, 69, 0, "sha-1WithRSAEncryption" }, /* 68 */
- { 0x0B, 70, 0, "sha256WithRSAEncryption" }, /* 69 */
- { 0x0C, 71, 0, "sha384WithRSAEncryption" }, /* 70 */
- { 0x0D, 0, 0, "sha512WithRSAEncryption" }, /* 71 */
- { 0x07, 79, 1, "PKCS-7" }, /* 72 */
- { 0x01, 74, 0, "data" }, /* 73 */
- { 0x02, 75, 0, "signedData" }, /* 74 */
- { 0x03, 76, 0, "envelopedData" }, /* 75 */
- { 0x04, 77, 0, "signedAndEnvelopedData" }, /* 76 */
- { 0x05, 78, 0, "digestedData" }, /* 77 */
- { 0x06, 0, 0, "encryptedData" }, /* 78 */
- { 0x09, 0, 1, "PKCS-9" }, /* 79 */
- { 0x01, 81, 0, "E" }, /* 80 */
- { 0x02, 82, 0, "unstructuredName" }, /* 81 */
- { 0x03, 83, 0, "contentType" }, /* 82 */
- { 0x04, 84, 0, "messageDigest" }, /* 83 */
- { 0x05, 85, 0, "signingTime" }, /* 84 */
- { 0x06, 86, 0, "counterSignature" }, /* 85 */
- { 0x07, 87, 0, "challengePassword" }, /* 86 */
- { 0x08, 88, 0, "unstructuredAddress" }, /* 87 */
- { 0x0E, 89, 0, "extensionRequest" }, /* 88 */
- { 0x0F, 0, 0, "S/MIME Capabilities" }, /* 89 */
- { 0x02, 93, 1, "digestAlgorithm" }, /* 90 */
- { 0x02, 92, 0, "md2" }, /* 91 */
- { 0x05, 0, 0, "md5" }, /* 92 */
- { 0x03, 0, 1, "encryptionAlgorithm" }, /* 93 */
- { 0x07, 0, 0, "3des-ede-cbc" }, /* 94 */
- { 0xCE, 0, 1, "" }, /* 95 */
- { 0x3D, 0, 1, "ansi-X9-62" }, /* 96 */
- { 0x02, 99, 1, "id-publicKeyType" }, /* 97 */
- { 0x01, 0, 0, "id-ecPublicKey" }, /* 98 */
- { 0x03, 129, 1, "ellipticCurve" }, /* 99 */
- { 0x00, 121, 1, "c-TwoCurve" }, /* 100 */
- { 0x01, 102, 0, "c2pnb163v1" }, /* 101 */
- { 0x02, 103, 0, "c2pnb163v2" }, /* 102 */
- { 0x03, 104, 0, "c2pnb163v3" }, /* 103 */
- { 0x04, 105, 0, "c2pnb176w1" }, /* 104 */
- { 0x05, 106, 0, "c2tnb191v1" }, /* 105 */
- { 0x06, 107, 0, "c2tnb191v2" }, /* 106 */
- { 0x07, 108, 0, "c2tnb191v3" }, /* 107 */
- { 0x08, 109, 0, "c2onb191v4" }, /* 108 */
- { 0x09, 110, 0, "c2onb191v5" }, /* 109 */
- { 0x0A, 111, 0, "c2pnb208w1" }, /* 110 */
- { 0x0B, 112, 0, "c2tnb239v1" }, /* 111 */
- { 0x0C, 113, 0, "c2tnb239v2" }, /* 112 */
- { 0x0D, 114, 0, "c2tnb239v3" }, /* 113 */
- { 0x0E, 115, 0, "c2onb239v4" }, /* 114 */
- { 0x0F, 116, 0, "c2onb239v5" }, /* 115 */
- { 0x10, 117, 0, "c2pnb272w1" }, /* 116 */
- { 0x11, 118, 0, "c2pnb304w1" }, /* 117 */
- { 0x12, 119, 0, "c2tnb359v1" }, /* 118 */
- { 0x13, 120, 0, "c2pnb368w1" }, /* 119 */
- { 0x14, 0, 0, "c2tnb431r1" }, /* 120 */
- { 0x01, 0, 1, "primeCurve" }, /* 121 */
- { 0x01, 123, 0, "prime192v1" }, /* 122 */
- { 0x02, 124, 0, "prime192v2" }, /* 123 */
- { 0x03, 125, 0, "prime192v3" }, /* 124 */
- { 0x04, 126, 0, "prime239v1" }, /* 125 */
- { 0x05, 127, 0, "prime239v2" }, /* 126 */
- { 0x06, 128, 0, "prime239v3" }, /* 127 */
- { 0x07, 0, 0, "prime256v1" }, /* 128 */
- { 0x04, 0, 1, "id-ecSigType" }, /* 129 */
- { 0x01, 0, 0, "ecdsa-with-SHA1" }, /* 130 */
- {0x2B, 231, 1, "" }, /* 131 */
- { 0x06, 184, 1, "dod" }, /* 132 */
- { 0x01, 0, 1, "internet" }, /* 133 */
- { 0x04, 152, 1, "private" }, /* 134 */
- { 0x01, 0, 1, "enterprise" }, /* 135 */
- { 0x82, 145, 1, "" }, /* 136 */
- { 0x37, 0, 1, "Microsoft" }, /* 137 */
- { 0x0A, 142, 1, "" }, /* 138 */
- { 0x03, 0, 1, "" }, /* 139 */
- { 0x03, 141, 0, "msSGC" }, /* 140 */
- { 0x04, 0, 0, "msEncryptingFileSystem" }, /* 141 */
- { 0x14, 0, 1, "msEnrollmentInfrastructure"}, /* 142 */
- { 0x02, 0, 1, "msCertificateTypeExtension"}, /* 143 */
- { 0x02, 0, 0, "msSmartcardLogon" }, /* 144 */
- { 0x89, 0, 1, "" }, /* 145 */
- { 0x31, 0, 1, "" }, /* 146 */
- { 0x01, 0, 1, "" }, /* 147 */
- { 0x01, 0, 1, "" }, /* 148 */
- { 0x02, 0, 1, "" }, /* 149 */
- { 0x02, 151, 0, "" }, /* 150 */
- { 0x4B, 0, 0, "TCGID" }, /* 151 */
- { 0x05, 0, 1, "security" }, /* 152 */
- { 0x05, 0, 1, "mechanisms" }, /* 153 */
- { 0x07, 0, 1, "id-pkix" }, /* 154 */
- { 0x01, 157, 1, "id-pe" }, /* 155 */
- { 0x01, 0, 0, "authorityInfoAccess" }, /* 156 */
- { 0x03, 167, 1, "id-kp" }, /* 157 */
- { 0x01, 159, 0, "serverAuth" }, /* 158 */
- { 0x02, 160, 0, "clientAuth" }, /* 159 */
- { 0x03, 161, 0, "codeSigning" }, /* 160 */
- { 0x04, 162, 0, "emailProtection" }, /* 161 */
- { 0x05, 163, 0, "ipsecEndSystem" }, /* 162 */
- { 0x06, 164, 0, "ipsecTunnel" }, /* 163 */
- { 0x07, 165, 0, "ipsecUser" }, /* 164 */
- { 0x08, 166, 0, "timeStamping" }, /* 165 */
- { 0x09, 0, 0, "ocspSigning" }, /* 166 */
- { 0x08, 169, 1, "id-otherNames" }, /* 167 */
- { 0x05, 0, 0, "xmppAddr" }, /* 168 */
- { 0x0A, 174, 1, "id-aca" }, /* 169 */
- { 0x01, 171, 0, "authenticationInfo" }, /* 170 */
- { 0x02, 172, 0, "accessIdentity" }, /* 171 */
- { 0x03, 173, 0, "chargingIdentity" }, /* 172 */
- { 0x04, 0, 0, "group" }, /* 173 */
- { 0x30, 0, 1, "id-ad" }, /* 174 */
- { 0x01, 183, 1, "ocsp" }, /* 175 */
- { 0x01, 177, 0, "basic" }, /* 176 */
- { 0x02, 178, 0, "nonce" }, /* 177 */
- { 0x03, 179, 0, "crl" }, /* 178 */
- { 0x04, 180, 0, "response" }, /* 179 */
- { 0x05, 181, 0, "noCheck" }, /* 180 */
- { 0x06, 182, 0, "archiveCutoff" }, /* 181 */
- { 0x07, 0, 0, "serviceLocator" }, /* 182 */
- { 0x02, 0, 0, "caIssuers" }, /* 183 */
- { 0x0E, 190, 1, "oiw" }, /* 184 */
- { 0x03, 0, 1, "secsig" }, /* 185 */
- { 0x02, 0, 1, "algorithms" }, /* 186 */
- { 0x07, 188, 0, "des-cbc" }, /* 187 */
- { 0x1A, 189, 0, "sha-1" }, /* 188 */
- { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 189 */
- { 0x24, 197, 1, "TeleTrusT" }, /* 190 */
- { 0x03, 0, 1, "algorithm" }, /* 191 */
- { 0x03, 0, 1, "signatureAlgorithm" }, /* 192 */
- { 0x01, 0, 1, "rsaSignature" }, /* 193 */
- { 0x02, 195, 0, "rsaSigWithripemd160" }, /* 194 */
- { 0x03, 196, 0, "rsaSigWithripemd128" }, /* 195 */
- { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 196 */
- { 0x81, 0, 1, "" }, /* 197 */
- { 0x04, 0, 1, "Certicom" }, /* 198 */
- { 0x00, 0, 1, "curve" }, /* 199 */
- { 0x01, 201, 0, "sect163k1" }, /* 200 */
- { 0x02, 202, 0, "sect163r1" }, /* 201 */
- { 0x03, 203, 0, "sect239k1" }, /* 202 */
- { 0x04, 204, 0, "sect113r1" }, /* 203 */
- { 0x05, 205, 0, "sect113r2" }, /* 204 */
- { 0x06, 206, 0, "secp112r1" }, /* 205 */
- { 0x07, 207, 0, "secp112r2" }, /* 206 */
- { 0x08, 208, 0, "secp160r1" }, /* 207 */
- { 0x09, 209, 0, "secp160k1" }, /* 208 */
- { 0x0A, 210, 0, "secp256k1" }, /* 209 */
- { 0x0F, 211, 0, "sect163r2" }, /* 210 */
- { 0x10, 212, 0, "sect283k1" }, /* 211 */
- { 0x11, 213, 0, "sect283r1" }, /* 212 */
- { 0x16, 214, 0, "sect131r1" }, /* 213 */
- { 0x17, 215, 0, "sect131r2" }, /* 214 */
- { 0x18, 216, 0, "sect193r1" }, /* 215 */
- { 0x19, 217, 0, "sect193r2" }, /* 216 */
- { 0x1A, 218, 0, "sect233k1" }, /* 217 */
- { 0x1B, 219, 0, "sect233r1" }, /* 218 */
- { 0x1C, 220, 0, "secp128r1" }, /* 219 */
- { 0x1D, 221, 0, "secp128r2" }, /* 220 */
- { 0x1E, 222, 0, "secp160r2" }, /* 221 */
- { 0x1F, 223, 0, "secp192k1" }, /* 222 */
- { 0x20, 224, 0, "secp224k1" }, /* 223 */
- { 0x21, 225, 0, "secp224r1" }, /* 224 */
- { 0x22, 226, 0, "secp384r1" }, /* 225 */
- { 0x23, 227, 0, "secp521r1" }, /* 226 */
- { 0x24, 228, 0, "sect409k1" }, /* 227 */
- { 0x25, 229, 0, "sect409r1" }, /* 228 */
- { 0x26, 230, 0, "sect571k1" }, /* 229 */
- { 0x27, 0, 0, "sect571r1" }, /* 230 */
- {0x60, 0, 1, "" }, /* 231 */
- { 0x86, 0, 1, "" }, /* 232 */
- { 0x48, 0, 1, "" }, /* 233 */
- { 0x01, 0, 1, "organization" }, /* 234 */
- { 0x65, 242, 1, "gov" }, /* 235 */
- { 0x03, 0, 1, "csor" }, /* 236 */
- { 0x04, 0, 1, "nistalgorithm" }, /* 237 */
- { 0x02, 0, 1, "hashalgs" }, /* 238 */
- { 0x01, 240, 0, "id-SHA-256" }, /* 239 */
- { 0x02, 241, 0, "id-SHA-384" }, /* 240 */
- { 0x03, 0, 0, "id-SHA-512" }, /* 241 */
- { 0x86, 0, 1, "" }, /* 242 */
- { 0xf8, 0, 1, "" }, /* 243 */
- { 0x42, 256, 1, "netscape" }, /* 244 */
- { 0x01, 251, 1, "" }, /* 245 */
- { 0x01, 247, 0, "nsCertType" }, /* 246 */
- { 0x03, 248, 0, "nsRevocationUrl" }, /* 247 */
- { 0x04, 249, 0, "nsCaRevocationUrl" }, /* 248 */
- { 0x08, 250, 0, "nsCaPolicyUrl" }, /* 249 */
- { 0x0d, 0, 0, "nsComment" }, /* 250 */
- { 0x03, 254, 1, "directory" }, /* 251 */
- { 0x01, 0, 1, "" }, /* 252 */
- { 0x03, 0, 0, "employeeNumber" }, /* 253 */
- { 0x04, 0, 1, "policy" }, /* 254 */
- { 0x01, 0, 0, "nsSGC" }, /* 255 */
- { 0x45, 0, 1, "verisign" }, /* 256 */
- { 0x01, 0, 1, "pki" }, /* 257 */
- { 0x09, 0, 1, "attributes" }, /* 258 */
- { 0x02, 260, 0, "messageType" }, /* 259 */
- { 0x03, 261, 0, "pkiStatus" }, /* 260 */
- { 0x04, 262, 0, "failInfo" }, /* 261 */
- { 0x05, 263, 0, "senderNonce" }, /* 262 */
- { 0x06, 264, 0, "recipientNonce" }, /* 263 */
- { 0x07, 265, 0, "transID" }, /* 264 */
- { 0x08, 0, 0, "extensionReq" } /* 265 */
+ {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */
+ { 0x82, 0, 1, 1, "" }, /* 1 */
+ { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */
+ { 0x01, 0, 1, 3, "Deutsche Telekom AG" }, /* 3 */
+ { 0x0A, 0, 1, 4, "" }, /* 4 */
+ { 0x07, 0, 1, 5, "" }, /* 5 */
+ { 0x14, 0, 0, 6, "ND" }, /* 6 */
+ {0x09, 18, 1, 0, "data" }, /* 7 */
+ { 0x92, 0, 1, 1, "" }, /* 8 */
+ { 0x26, 0, 1, 2, "" }, /* 9 */
+ { 0x89, 0, 1, 3, "" }, /* 10 */
+ { 0x93, 0, 1, 4, "" }, /* 11 */
+ { 0xF2, 0, 1, 5, "" }, /* 12 */
+ { 0x2C, 0, 1, 6, "" }, /* 13 */
+ { 0x64, 0, 1, 7, "pilot" }, /* 14 */
+ { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */
+ { 0x01, 17, 0, 9, "UID" }, /* 16 */
+ { 0x19, 0, 0, 9, "DC" }, /* 17 */
+ {0x55, 52, 1, 0, "X.500" }, /* 18 */
+ { 0x04, 36, 1, 1, "X.509" }, /* 19 */
+ { 0x03, 21, 0, 2, "CN" }, /* 20 */
+ { 0x04, 22, 0, 2, "S" }, /* 21 */
+ { 0x05, 23, 0, 2, "SN" }, /* 22 */
+ { 0x06, 24, 0, 2, "C" }, /* 23 */
+ { 0x07, 25, 0, 2, "L" }, /* 24 */
+ { 0x08, 26, 0, 2, "ST" }, /* 25 */
+ { 0x0A, 27, 0, 2, "O" }, /* 26 */
+ { 0x0B, 28, 0, 2, "OU" }, /* 27 */
+ { 0x0C, 29, 0, 2, "T" }, /* 28 */
+ { 0x0D, 30, 0, 2, "D" }, /* 29 */
+ { 0x24, 31, 0, 2, "userCertificate" }, /* 30 */
+ { 0x29, 32, 0, 2, "N" }, /* 31 */
+ { 0x2A, 33, 0, 2, "G" }, /* 32 */
+ { 0x2B, 34, 0, 2, "I" }, /* 33 */
+ { 0x2D, 35, 0, 2, "ID" }, /* 34 */
+ { 0x48, 0, 0, 2, "role" }, /* 35 */
+ { 0x1D, 0, 1, 1, "id-ce" }, /* 36 */
+ { 0x09, 38, 0, 2, "subjectDirectoryAttrs" }, /* 37 */
+ { 0x0E, 39, 0, 2, "subjectKeyIdentifier" }, /* 38 */
+ { 0x0F, 40, 0, 2, "keyUsage" }, /* 39 */
+ { 0x10, 41, 0, 2, "privateKeyUsagePeriod" }, /* 40 */
+ { 0x11, 42, 0, 2, "subjectAltName" }, /* 41 */
+ { 0x12, 43, 0, 2, "issuerAltName" }, /* 42 */
+ { 0x13, 44, 0, 2, "basicConstraints" }, /* 43 */
+ { 0x14, 45, 0, 2, "crlNumber" }, /* 44 */
+ { 0x15, 46, 0, 2, "reasonCode" }, /* 45 */
+ { 0x1F, 47, 0, 2, "crlDistributionPoints" }, /* 46 */
+ { 0x20, 48, 0, 2, "certificatePolicies" }, /* 47 */
+ { 0x23, 49, 0, 2, "authorityKeyIdentifier" }, /* 48 */
+ { 0x25, 50, 0, 2, "extendedKeyUsage" }, /* 49 */
+ { 0x37, 51, 0, 2, "targetInformation" }, /* 50 */
+ { 0x38, 0, 0, 2, "noRevAvail" }, /* 51 */
+ {0x2A, 143, 1, 0, "" }, /* 52 */
+ { 0x83, 65, 1, 1, "" }, /* 53 */
+ { 0x08, 0, 1, 2, "jp" }, /* 54 */
+ { 0x8C, 0, 1, 3, "" }, /* 55 */
+ { 0x9A, 0, 1, 4, "" }, /* 56 */
+ { 0x4B, 0, 1, 5, "" }, /* 57 */
+ { 0x3D, 0, 1, 6, "" }, /* 58 */
+ { 0x01, 0, 1, 7, "security" }, /* 59 */
+ { 0x01, 0, 1, 8, "algorithm" }, /* 60 */
+ { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 61 */
+ { 0x02, 63, 0, 10, "camellia128-cbc" }, /* 62 */
+ { 0x03, 64, 0, 10, "camellia192-cbc" }, /* 63 */
+ { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 64 */
+ { 0x86, 0, 1, 1, "" }, /* 65 */
+ { 0x48, 0, 1, 2, "us" }, /* 66 */
+ { 0x86, 107, 1, 3, "" }, /* 67 */
+ { 0xF6, 73, 1, 4, "" }, /* 68 */
+ { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 69 */
+ { 0x07, 0, 1, 6, "Entrust" }, /* 70 */
+ { 0x41, 0, 1, 7, "nsn-ce" }, /* 71 */
+ { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 72 */
+ { 0xF7, 0, 1, 4, "" }, /* 73 */
+ { 0x0D, 0, 1, 5, "RSADSI" }, /* 74 */
+ { 0x01, 102, 1, 6, "PKCS" }, /* 75 */
+ { 0x01, 84, 1, 7, "PKCS-1" }, /* 76 */
+ { 0x01, 78, 0, 8, "rsaEncryption" }, /* 77 */
+ { 0x02, 79, 0, 8, "md2WithRSAEncryption" }, /* 78 */
+ { 0x04, 80, 0, 8, "md5WithRSAEncryption" }, /* 79 */
+ { 0x05, 81, 0, 8, "sha-1WithRSAEncryption" }, /* 80 */
+ { 0x0B, 82, 0, 8, "sha256WithRSAEncryption" }, /* 81 */
+ { 0x0C, 83, 0, 8, "sha384WithRSAEncryption" }, /* 82 */
+ { 0x0D, 0, 0, 8, "sha512WithRSAEncryption" }, /* 83 */
+ { 0x07, 91, 1, 7, "PKCS-7" }, /* 84 */
+ { 0x01, 86, 0, 8, "data" }, /* 85 */
+ { 0x02, 87, 0, 8, "signedData" }, /* 86 */
+ { 0x03, 88, 0, 8, "envelopedData" }, /* 87 */
+ { 0x04, 89, 0, 8, "signedAndEnvelopedData" }, /* 88 */
+ { 0x05, 90, 0, 8, "digestedData" }, /* 89 */
+ { 0x06, 0, 0, 8, "encryptedData" }, /* 90 */
+ { 0x09, 0, 1, 7, "PKCS-9" }, /* 91 */
+ { 0x01, 93, 0, 8, "E" }, /* 92 */
+ { 0x02, 94, 0, 8, "unstructuredName" }, /* 93 */
+ { 0x03, 95, 0, 8, "contentType" }, /* 94 */
+ { 0x04, 96, 0, 8, "messageDigest" }, /* 95 */
+ { 0x05, 97, 0, 8, "signingTime" }, /* 96 */
+ { 0x06, 98, 0, 8, "counterSignature" }, /* 97 */
+ { 0x07, 99, 0, 8, "challengePassword" }, /* 98 */
+ { 0x08, 100, 0, 8, "unstructuredAddress" }, /* 99 */
+ { 0x0E, 101, 0, 8, "extensionRequest" }, /* 100 */
+ { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 101 */
+ { 0x02, 105, 1, 6, "digestAlgorithm" }, /* 102 */
+ { 0x02, 104, 0, 7, "md2" }, /* 103 */
+ { 0x05, 0, 0, 7, "md5" }, /* 104 */
+ { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 105 */
+ { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 106 */
+ { 0xCE, 0, 1, 3, "" }, /* 107 */
+ { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 108 */
+ { 0x02, 111, 1, 5, "id-publicKeyType" }, /* 109 */
+ { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 110 */
+ { 0x03, 141, 1, 5, "ellipticCurve" }, /* 111 */
+ { 0x00, 133, 1, 6, "c-TwoCurve" }, /* 112 */
+ { 0x01, 114, 0, 7, "c2pnb163v1" }, /* 113 */
+ { 0x02, 115, 0, 7, "c2pnb163v2" }, /* 114 */
+ { 0x03, 116, 0, 7, "c2pnb163v3" }, /* 115 */
+ { 0x04, 117, 0, 7, "c2pnb176w1" }, /* 116 */
+ { 0x05, 118, 0, 7, "c2tnb191v1" }, /* 117 */
+ { 0x06, 119, 0, 7, "c2tnb191v2" }, /* 118 */
+ { 0x07, 120, 0, 7, "c2tnb191v3" }, /* 119 */
+ { 0x08, 121, 0, 7, "c2onb191v4" }, /* 120 */
+ { 0x09, 122, 0, 7, "c2onb191v5" }, /* 121 */
+ { 0x0A, 123, 0, 7, "c2pnb208w1" }, /* 122 */
+ { 0x0B, 124, 0, 7, "c2tnb239v1" }, /* 123 */
+ { 0x0C, 125, 0, 7, "c2tnb239v2" }, /* 124 */
+ { 0x0D, 126, 0, 7, "c2tnb239v3" }, /* 125 */
+ { 0x0E, 127, 0, 7, "c2onb239v4" }, /* 126 */
+ { 0x0F, 128, 0, 7, "c2onb239v5" }, /* 127 */
+ { 0x10, 129, 0, 7, "c2pnb272w1" }, /* 128 */
+ { 0x11, 130, 0, 7, "c2pnb304w1" }, /* 129 */
+ { 0x12, 131, 0, 7, "c2tnb359v1" }, /* 130 */
+ { 0x13, 132, 0, 7, "c2pnb368w1" }, /* 131 */
+ { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 132 */
+ { 0x01, 0, 1, 6, "primeCurve" }, /* 133 */
+ { 0x01, 135, 0, 7, "prime192v1" }, /* 134 */
+ { 0x02, 136, 0, 7, "prime192v2" }, /* 135 */
+ { 0x03, 137, 0, 7, "prime192v3" }, /* 136 */
+ { 0x04, 138, 0, 7, "prime239v1" }, /* 137 */
+ { 0x05, 139, 0, 7, "prime239v2" }, /* 138 */
+ { 0x06, 140, 0, 7, "prime239v3" }, /* 139 */
+ { 0x07, 0, 0, 7, "prime256v1" }, /* 140 */
+ { 0x04, 0, 1, 5, "id-ecSigType" }, /* 141 */
+ { 0x01, 0, 0, 6, "ecdsa-with-SHA1" }, /* 142 */
+ {0x2B, 243, 1, 0, "" }, /* 143 */
+ { 0x06, 196, 1, 1, "dod" }, /* 144 */
+ { 0x01, 0, 1, 2, "internet" }, /* 145 */
+ { 0x04, 164, 1, 3, "private" }, /* 146 */
+ { 0x01, 0, 1, 4, "enterprise" }, /* 147 */
+ { 0x82, 157, 1, 5, "" }, /* 148 */
+ { 0x37, 0, 1, 6, "Microsoft" }, /* 149 */
+ { 0x0A, 154, 1, 7, "" }, /* 150 */
+ { 0x03, 0, 1, 8, "" }, /* 151 */
+ { 0x03, 153, 0, 9, "msSGC" }, /* 152 */
+ { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 153 */
+ { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 154 */
+ { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 155 */
+ { 0x02, 0, 0, 9, "msSmartcardLogon" }, /* 156 */
+ { 0x89, 0, 1, 5, "" }, /* 157 */
+ { 0x31, 0, 1, 6, "" }, /* 158 */
+ { 0x01, 0, 1, 7, "" }, /* 159 */
+ { 0x01, 0, 1, 8, "" }, /* 160 */
+ { 0x02, 0, 1, 9, "" }, /* 161 */
+ { 0x02, 163, 0, 10, "" }, /* 162 */
+ { 0x4B, 0, 0, 10, "TCGID" }, /* 163 */
+ { 0x05, 0, 1, 3, "security" }, /* 164 */
+ { 0x05, 0, 1, 4, "mechanisms" }, /* 165 */
+ { 0x07, 0, 1, 5, "id-pkix" }, /* 166 */
+ { 0x01, 169, 1, 6, "id-pe" }, /* 167 */
+ { 0x01, 0, 0, 7, "authorityInfoAccess" }, /* 168 */
+ { 0x03, 179, 1, 6, "id-kp" }, /* 169 */
+ { 0x01, 171, 0, 7, "serverAuth" }, /* 170 */
+ { 0x02, 172, 0, 7, "clientAuth" }, /* 171 */
+ { 0x03, 173, 0, 7, "codeSigning" }, /* 172 */
+ { 0x04, 174, 0, 7, "emailProtection" }, /* 173 */
+ { 0x05, 175, 0, 7, "ipsecEndSystem" }, /* 174 */
+ { 0x06, 176, 0, 7, "ipsecTunnel" }, /* 175 */
+ { 0x07, 177, 0, 7, "ipsecUser" }, /* 176 */
+ { 0x08, 178, 0, 7, "timeStamping" }, /* 177 */
+ { 0x09, 0, 0, 7, "ocspSigning" }, /* 178 */
+ { 0x08, 181, 1, 6, "id-otherNames" }, /* 179 */
+ { 0x05, 0, 0, 7, "xmppAddr" }, /* 180 */
+ { 0x0A, 186, 1, 6, "id-aca" }, /* 181 */
+ { 0x01, 183, 0, 7, "authenticationInfo" }, /* 182 */
+ { 0x02, 184, 0, 7, "accessIdentity" }, /* 183 */
+ { 0x03, 185, 0, 7, "chargingIdentity" }, /* 184 */
+ { 0x04, 0, 0, 7, "group" }, /* 185 */
+ { 0x30, 0, 1, 6, "id-ad" }, /* 186 */
+ { 0x01, 195, 1, 7, "ocsp" }, /* 187 */
+ { 0x01, 189, 0, 8, "basic" }, /* 188 */
+ { 0x02, 190, 0, 8, "nonce" }, /* 189 */
+ { 0x03, 191, 0, 8, "crl" }, /* 190 */
+ { 0x04, 192, 0, 8, "response" }, /* 191 */
+ { 0x05, 193, 0, 8, "noCheck" }, /* 192 */
+ { 0x06, 194, 0, 8, "archiveCutoff" }, /* 193 */
+ { 0x07, 0, 0, 8, "serviceLocator" }, /* 194 */
+ { 0x02, 0, 0, 7, "caIssuers" }, /* 195 */
+ { 0x0E, 202, 1, 1, "oiw" }, /* 196 */
+ { 0x03, 0, 1, 2, "secsig" }, /* 197 */
+ { 0x02, 0, 1, 3, "algorithms" }, /* 198 */
+ { 0x07, 200, 0, 4, "des-cbc" }, /* 199 */
+ { 0x1A, 201, 0, 4, "sha-1" }, /* 200 */
+ { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 201 */
+ { 0x24, 209, 1, 1, "TeleTrusT" }, /* 202 */
+ { 0x03, 0, 1, 2, "algorithm" }, /* 203 */
+ { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 204 */
+ { 0x01, 0, 1, 4, "rsaSignature" }, /* 205 */
+ { 0x02, 207, 0, 5, "rsaSigWithripemd160" }, /* 206 */
+ { 0x03, 208, 0, 5, "rsaSigWithripemd128" }, /* 207 */
+ { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 208 */
+ { 0x81, 0, 1, 1, "" }, /* 209 */
+ { 0x04, 0, 1, 2, "Certicom" }, /* 210 */
+ { 0x00, 0, 1, 3, "curve" }, /* 211 */
+ { 0x01, 213, 0, 4, "sect163k1" }, /* 212 */
+ { 0x02, 214, 0, 4, "sect163r1" }, /* 213 */
+ { 0x03, 215, 0, 4, "sect239k1" }, /* 214 */
+ { 0x04, 216, 0, 4, "sect113r1" }, /* 215 */
+ { 0x05, 217, 0, 4, "sect113r2" }, /* 216 */
+ { 0x06, 218, 0, 4, "secp112r1" }, /* 217 */
+ { 0x07, 219, 0, 4, "secp112r2" }, /* 218 */
+ { 0x08, 220, 0, 4, "secp160r1" }, /* 219 */
+ { 0x09, 221, 0, 4, "secp160k1" }, /* 220 */
+ { 0x0A, 222, 0, 4, "secp256k1" }, /* 221 */
+ { 0x0F, 223, 0, 4, "sect163r2" }, /* 222 */
+ { 0x10, 224, 0, 4, "sect283k1" }, /* 223 */
+ { 0x11, 225, 0, 4, "sect283r1" }, /* 224 */
+ { 0x16, 226, 0, 4, "sect131r1" }, /* 225 */
+ { 0x17, 227, 0, 4, "sect131r2" }, /* 226 */
+ { 0x18, 228, 0, 4, "sect193r1" }, /* 227 */
+ { 0x19, 229, 0, 4, "sect193r2" }, /* 228 */
+ { 0x1A, 230, 0, 4, "sect233k1" }, /* 229 */
+ { 0x1B, 231, 0, 4, "sect233r1" }, /* 230 */
+ { 0x1C, 232, 0, 4, "secp128r1" }, /* 231 */
+ { 0x1D, 233, 0, 4, "secp128r2" }, /* 232 */
+ { 0x1E, 234, 0, 4, "secp160r2" }, /* 233 */
+ { 0x1F, 235, 0, 4, "secp192k1" }, /* 234 */
+ { 0x20, 236, 0, 4, "secp224k1" }, /* 235 */
+ { 0x21, 237, 0, 4, "secp224r1" }, /* 236 */
+ { 0x22, 238, 0, 4, "secp384r1" }, /* 237 */
+ { 0x23, 239, 0, 4, "secp521r1" }, /* 238 */
+ { 0x24, 240, 0, 4, "sect409k1" }, /* 239 */
+ { 0x25, 241, 0, 4, "sect409r1" }, /* 240 */
+ { 0x26, 242, 0, 4, "sect571k1" }, /* 241 */
+ { 0x27, 0, 0, 4, "sect571r1" }, /* 242 */
+ {0x60, 0, 1, 0, "" }, /* 243 */
+ { 0x86, 0, 1, 1, "" }, /* 244 */
+ { 0x48, 0, 1, 2, "" }, /* 245 */
+ { 0x01, 289, 1, 3, "organization" }, /* 246 */
+ { 0x65, 265, 1, 4, "gov" }, /* 247 */
+ { 0x03, 0, 1, 5, "csor" }, /* 248 */
+ { 0x04, 0, 1, 6, "nistalgorithm" }, /* 249 */
+ { 0x01, 260, 1, 7, "aes" }, /* 250 */
+ { 0x02, 252, 0, 8, "id-aes128-CBC" }, /* 251 */
+ { 0x06, 253, 0, 8, "id-aes128-GCM" }, /* 252 */
+ { 0x07, 254, 0, 8, "id-aes128-CCM" }, /* 253 */
+ { 0x16, 255, 0, 8, "id-aes192-CBC" }, /* 254 */
+ { 0x1A, 256, 0, 8, "id-aes192-GCM" }, /* 255 */
+ { 0x1B, 257, 0, 8, "id-aes192-CCM" }, /* 256 */
+ { 0x2A, 258, 0, 8, "id-aes256-CBC" }, /* 257 */
+ { 0x2E, 259, 0, 8, "id-aes256-GCM" }, /* 258 */
+ { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 259 */
+ { 0x02, 0, 1, 7, "hashalgs" }, /* 260 */
+ { 0x01, 262, 0, 8, "id-SHA-256" }, /* 261 */
+ { 0x02, 263, 0, 8, "id-SHA-384" }, /* 262 */
+ { 0x03, 264, 0, 8, "id-SHA-512" }, /* 263 */
+ { 0x04, 0, 0, 8, "id-SHA-224" }, /* 264 */
+ { 0x86, 0, 1, 4, "" }, /* 265 */
+ { 0xf8, 0, 1, 5, "" }, /* 266 */
+ { 0x42, 279, 1, 6, "netscape" }, /* 267 */
+ { 0x01, 274, 1, 7, "" }, /* 268 */
+ { 0x01, 270, 0, 8, "nsCertType" }, /* 269 */
+ { 0x03, 271, 0, 8, "nsRevocationUrl" }, /* 270 */
+ { 0x04, 272, 0, 8, "nsCaRevocationUrl" }, /* 271 */
+ { 0x08, 273, 0, 8, "nsCaPolicyUrl" }, /* 272 */
+ { 0x0d, 0, 0, 8, "nsComment" }, /* 273 */
+ { 0x03, 277, 1, 7, "directory" }, /* 274 */
+ { 0x01, 0, 1, 8, "" }, /* 275 */
+ { 0x03, 0, 0, 9, "employeeNumber" }, /* 276 */
+ { 0x04, 0, 1, 7, "policy" }, /* 277 */
+ { 0x01, 0, 0, 8, "nsSGC" }, /* 278 */
+ { 0x45, 0, 1, 6, "verisign" }, /* 279 */
+ { 0x01, 0, 1, 7, "pki" }, /* 280 */
+ { 0x09, 0, 1, 8, "attributes" }, /* 281 */
+ { 0x02, 283, 0, 9, "messageType" }, /* 282 */
+ { 0x03, 284, 0, 9, "pkiStatus" }, /* 283 */
+ { 0x04, 285, 0, 9, "failInfo" }, /* 284 */
+ { 0x05, 286, 0, 9, "senderNonce" }, /* 285 */
+ { 0x06, 287, 0, 9, "recipientNonce" }, /* 286 */
+ { 0x07, 288, 0, 9, "transID" }, /* 287 */
+ { 0x08, 0, 0, 9, "extensionReq" }, /* 288 */
+ { 0x86, 0, 1, 3, "old-netscape" }, /* 289 */
+ { 0xF7, 0, 1, 4, "" }, /* 290 */
+ { 0x0D, 0, 1, 5, "" }, /* 291 */
+ { 0x01, 0, 1, 6, "" }, /* 292 */
+ { 0x09, 0, 1, 7, "" }, /* 293 */
+ { 0x01, 295, 0, 8, "emailAddress" }, /* 294 */
+ { 0x02, 0, 0, 8, "unstructuredName" } /* 295 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 72049259a..477789b62 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -5,6 +5,8 @@
* Do not edit manually!
*/
+#include <sys/types.h>
+
#ifndef OID_H_
#define OID_H_
@@ -12,12 +14,31 @@ typedef struct {
u_char octet;
u_int next;
u_int down;
+ u_int level;
const u_char *name;
} oid_t;
extern const oid_t oid_names[];
#define OID_UNKNOWN -1
+#define OID_NAME_DISTINGUISHER 6
+#define OID_PILOT_USERID 16
+#define OID_PILOT_DOMAIN_COMPONENT 17
+#define OID_COMMON_NAME 20
+#define OID_SURNAME 21
+#define OID_SERIAL_NUMBER 22
+#define OID_COUNTRY 23
+#define OID_LOCALITY 24
+#define OID_STATE_OR_PROVINCE 25
+#define OID_ORGANIZATION 26
+#define OID_ORGANIZATION_UNIT 27
+#define OID_TITLE 28
+#define OID_DESCRIPTION 29
+#define OID_USER_CERTIFICATE 30
+#define OID_NAME 31
+#define OID_GIVEN_NAME 32
+#define OID_INITIALS 33
+#define OID_UNIQUE_IDENTIFIER 34
#define OID_ROLE 35
#define OID_SUBJECT_KEY_ID 38
#define OID_SUBJECT_ALT_NAME 41
@@ -29,117 +50,136 @@ extern const oid_t oid_names[];
#define OID_EXTENDED_KEY_USAGE 49
#define OID_TARGET_INFORMATION 50
#define OID_NO_REV_AVAIL 51
-#define OID_RSA_ENCRYPTION 65
-#define OID_MD2_WITH_RSA 66
-#define OID_MD5_WITH_RSA 67
-#define OID_SHA1_WITH_RSA 68
-#define OID_SHA256_WITH_RSA 69
-#define OID_SHA384_WITH_RSA 70
-#define OID_SHA512_WITH_RSA 71
-#define OID_PKCS7_DATA 73
-#define OID_PKCS7_SIGNED_DATA 74
-#define OID_PKCS7_ENVELOPED_DATA 75
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA 76
-#define OID_PKCS7_DIGESTED_DATA 77
-#define OID_PKCS7_ENCRYPTED_DATA 78
-#define OID_PKCS9_EMAIL 80
-#define OID_PKCS9_CONTENT_TYPE 82
-#define OID_PKCS9_MESSAGE_DIGEST 83
-#define OID_PKCS9_SIGNING_TIME 84
-#define OID_MD2 91
-#define OID_MD5 92
-#define OID_3DES_EDE_CBC 94
-#define OID_EC_PUBLICKEY 98
-#define OID_C2PNB163V1 101
-#define OID_C2PNB163V2 102
-#define OID_C2PNB163V3 103
-#define OID_C2PNB176W1 104
-#define OID_C2PNB191V1 105
-#define OID_C2PNB191V2 106
-#define OID_C2PNB191V3 107
-#define OID_C2PNB191V4 108
-#define OID_C2PNB191V5 109
-#define OID_C2PNB208W1 110
-#define OID_C2PNB239V1 111
-#define OID_C2PNB239V2 112
-#define OID_C2PNB239V3 113
-#define OID_C2PNB239V4 114
-#define OID_C2PNB239V5 115
-#define OID_C2PNB272W1 116
-#define OID_C2PNB304W1 117
-#define OID_C2PNB359V1 118
-#define OID_C2PNB368W1 119
-#define OID_C2PNB431R1 120
-#define OID_PRIME192V1 122
-#define OID_PRIME192V2 123
-#define OID_PRIME192V3 124
-#define OID_PRIME239V1 125
-#define OID_PRIME239V2 126
-#define OID_PRIME239V3 127
-#define OID_PRIME256V1 128
-#define OID_ECDSA_WITH_SHA1 130
-#define OID_AUTHORITY_INFO_ACCESS 156
-#define OID_OCSP_SIGNING 166
-#define OID_XMPP_ADDR 168
-#define OID_AUTHENTICATION_INFO 170
-#define OID_ACCESS_IDENTITY 171
-#define OID_CHARGING_IDENTITY 172
-#define OID_GROUP 173
-#define OID_OCSP 175
-#define OID_BASIC 176
-#define OID_NONCE 177
-#define OID_CRL 178
-#define OID_RESPONSE 179
-#define OID_NO_CHECK 180
-#define OID_ARCHIVE_CUTOFF 181
-#define OID_SERVICE_LOCATOR 182
-#define OID_CA_ISSUERS 183
-#define OID_DES_CBC 187
-#define OID_SHA1 188
-#define OID_SHA1_WITH_RSA_OIW 189
-#define OID_SECT163K1 200
-#define OID_SECT163R1 201
-#define OID_SECT239K1 202
-#define OID_SECT113R1 203
-#define OID_SECT113R2 204
-#define OID_SECT112R1 205
-#define OID_SECT112R2 206
-#define OID_SECT160R1 207
-#define OID_SECT160K1 208
-#define OID_SECT256K1 209
-#define OID_SECT163R2 210
-#define OID_SECT283K1 211
-#define OID_SECT283R1 212
-#define OID_SECT131R1 213
-#define OID_SECT131R2 214
-#define OID_SECT193R1 215
-#define OID_SECT193R2 216
-#define OID_SECT233K1 217
-#define OID_SECT233R1 218
-#define OID_SECT128R1 219
-#define OID_SECT128R2 220
-#define OID_SECT160R2 221
-#define OID_SECT192K1 222
-#define OID_SECT224K1 223
-#define OID_SECT224R1 224
-#define OID_SECT384R1 225
-#define OID_SECT521R1 226
-#define OID_SECT409K1 227
-#define OID_SECT409R1 228
-#define OID_SECT571K1 229
-#define OID_SECT571R1 230
-#define OID_SHA256 239
-#define OID_SHA384 240
-#define OID_SHA512 241
-#define OID_NS_REVOCATION_URL 247
-#define OID_NS_CA_REVOCATION_URL 248
-#define OID_NS_CA_POLICY_URL 249
-#define OID_NS_COMMENT 250
-#define OID_PKI_MESSAGE_TYPE 259
-#define OID_PKI_STATUS 260
-#define OID_PKI_FAIL_INFO 261
-#define OID_PKI_SENDER_NONCE 262
-#define OID_PKI_RECIPIENT_NONCE 263
-#define OID_PKI_TRANS_ID 264
+#define OID_CAMELLIA128_CBC 62
+#define OID_CAMELLIA192_CBC 63
+#define OID_CAMELLIA256_CBC 64
+#define OID_RSA_ENCRYPTION 77
+#define OID_MD2_WITH_RSA 78
+#define OID_MD5_WITH_RSA 79
+#define OID_SHA1_WITH_RSA 80
+#define OID_SHA256_WITH_RSA 81
+#define OID_SHA384_WITH_RSA 82
+#define OID_SHA512_WITH_RSA 83
+#define OID_PKCS7_DATA 85
+#define OID_PKCS7_SIGNED_DATA 86
+#define OID_PKCS7_ENVELOPED_DATA 87
+#define OID_PKCS7_SIGNED_ENVELOPED_DATA 88
+#define OID_PKCS7_DIGESTED_DATA 89
+#define OID_PKCS7_ENCRYPTED_DATA 90
+#define OID_PKCS9_EMAIL 92
+#define OID_PKCS9_CONTENT_TYPE 94
+#define OID_PKCS9_MESSAGE_DIGEST 95
+#define OID_PKCS9_SIGNING_TIME 96
+#define OID_MD2 103
+#define OID_MD5 104
+#define OID_3DES_EDE_CBC 106
+#define OID_EC_PUBLICKEY 110
+#define OID_C2PNB163V1 113
+#define OID_C2PNB163V2 114
+#define OID_C2PNB163V3 115
+#define OID_C2PNB176W1 116
+#define OID_C2PNB191V1 117
+#define OID_C2PNB191V2 118
+#define OID_C2PNB191V3 119
+#define OID_C2PNB191V4 120
+#define OID_C2PNB191V5 121
+#define OID_C2PNB208W1 122
+#define OID_C2PNB239V1 123
+#define OID_C2PNB239V2 124
+#define OID_C2PNB239V3 125
+#define OID_C2PNB239V4 126
+#define OID_C2PNB239V5 127
+#define OID_C2PNB272W1 128
+#define OID_C2PNB304W1 129
+#define OID_C2PNB359V1 130
+#define OID_C2PNB368W1 131
+#define OID_C2PNB431R1 132
+#define OID_PRIME192V1 134
+#define OID_PRIME192V2 135
+#define OID_PRIME192V3 136
+#define OID_PRIME239V1 137
+#define OID_PRIME239V2 138
+#define OID_PRIME239V3 139
+#define OID_PRIME256V1 140
+#define OID_ECDSA_WITH_SHA1 142
+#define OID_TCGID 163
+#define OID_AUTHORITY_INFO_ACCESS 168
+#define OID_OCSP_SIGNING 178
+#define OID_XMPP_ADDR 180
+#define OID_AUTHENTICATION_INFO 182
+#define OID_ACCESS_IDENTITY 183
+#define OID_CHARGING_IDENTITY 184
+#define OID_GROUP 185
+#define OID_OCSP 187
+#define OID_BASIC 188
+#define OID_NONCE 189
+#define OID_CRL 190
+#define OID_RESPONSE 191
+#define OID_NO_CHECK 192
+#define OID_ARCHIVE_CUTOFF 193
+#define OID_SERVICE_LOCATOR 194
+#define OID_CA_ISSUERS 195
+#define OID_DES_CBC 199
+#define OID_SHA1 200
+#define OID_SHA1_WITH_RSA_OIW 201
+#define OID_SECT163K1 212
+#define OID_SECT163R1 213
+#define OID_SECT239K1 214
+#define OID_SECT113R1 215
+#define OID_SECT113R2 216
+#define OID_SECT112R1 217
+#define OID_SECT112R2 218
+#define OID_SECT160R1 219
+#define OID_SECT160K1 220
+#define OID_SECT256K1 221
+#define OID_SECT163R2 222
+#define OID_SECT283K1 223
+#define OID_SECT283R1 224
+#define OID_SECT131R1 225
+#define OID_SECT131R2 226
+#define OID_SECT193R1 227
+#define OID_SECT193R2 228
+#define OID_SECT233K1 229
+#define OID_SECT233R1 230
+#define OID_SECT128R1 231
+#define OID_SECT128R2 232
+#define OID_SECT160R2 233
+#define OID_SECT192K1 234
+#define OID_SECT224K1 235
+#define OID_SECT224R1 236
+#define OID_SECT384R1 237
+#define OID_SECT521R1 238
+#define OID_SECT409K1 239
+#define OID_SECT409R1 240
+#define OID_SECT571K1 241
+#define OID_SECT571R1 242
+#define OID_AES128_CBC 251
+#define OID_AES128_GCM 252
+#define OID_AES128_CCM 253
+#define OID_AES192_CBC 254
+#define OID_AES192_GCM 255
+#define OID_AES192_CCM 256
+#define OID_AES256_CBC 257
+#define OID_AES256_GCM 258
+#define OID_AES256_CCM 259
+#define OID_SHA256 261
+#define OID_SHA384 262
+#define OID_SHA512 263
+#define OID_SHA224 264
+#define OID_NS_REVOCATION_URL 270
+#define OID_NS_CA_REVOCATION_URL 271
+#define OID_NS_CA_POLICY_URL 272
+#define OID_NS_COMMENT 273
+#define OID_EMPLOYEE_NUMBER 276
+#define OID_PKI_MESSAGE_TYPE 282
+#define OID_PKI_STATUS 283
+#define OID_PKI_FAIL_INFO 284
+#define OID_PKI_SENDER_NONCE 285
+#define OID_PKI_RECIPIENT_NONCE 286
+#define OID_PKI_TRANS_ID 287
+#define OID_EMAIL_ADDRESS 294
+#define OID_UNSTRUCTURED_NAME 295
+
+#define OID_MAX 296
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.pl b/src/libstrongswan/asn1/oid.pl
index 373101cc0..ed26febc9 100644
--- a/src/libstrongswan/asn1/oid.pl
+++ b/src/libstrongswan/asn1/oid.pl
@@ -32,12 +32,14 @@ print OID_H "/* Object identifiers (OIDs) used by strongSwan\n",
" * ", $automatic, "\n",
" * ", $warning, "\n",
" */\n\n",
+ "#include <sys/types.h>\n\n",
"#ifndef OID_H_\n",
"#define OID_H_\n\n",
"typedef struct {\n",
" u_char octet;\n",
" u_int next;\n",
" u_int down;\n",
+ " u_int level;\n",
" const u_char *name;\n",
"} oid_t;\n",
"\n",
@@ -77,6 +79,8 @@ while ($line = <SRC>)
$counter++;
}
+printf OID_H "\n#define OID_MAX%s%d\n", "\t" x 8, $counter;
+
print OID_H "\n#endif /* OID_H_ */\n";
close SRC;
@@ -113,12 +117,13 @@ for ($c = 0; $c < $counter; $c++)
}
}
- printf OID_C " {%s%s,%s%3d, %d, %s%s}%s /* %3d */\n"
+ printf OID_C " {%s%s,%s%3d, %d, %2d, %s%s}%s /* %3d */\n"
,' ' x @order[$c]
, @octet[$c]
, ' ' x (1 + $max_order - @order[$c])
, @next[$c]
, @order[$c+1] > @order[$c]
+ , @order[$c] / 2
, @name[$c]
, ' ' x ($max_name - length(@name[$c]))
, $c != $counter-1 ? "," : " "
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 6bb765787..1514f179f 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -4,7 +4,7 @@
0x01 "Deutsche Telekom AG"
0x0A ""
0x07 ""
- 0x14 "ND"
+ 0x14 "ND" OID_NAME_DISTINGUISHER
0x09 "data"
0x92 ""
0x26 ""
@@ -14,25 +14,25 @@
0x2C ""
0x64 "pilot"
0x01 "pilotAttributeType"
- 0x01 "UID"
- 0x19 "DC"
+ 0x01 "UID" OID_PILOT_USERID
+ 0x19 "DC" OID_PILOT_DOMAIN_COMPONENT
0x55 "X.500"
0x04 "X.509"
- 0x03 "CN"
- 0x04 "S"
- 0x05 "SN"
- 0x06 "C"
- 0x07 "L"
- 0x08 "ST"
- 0x0A "O"
- 0x0B "OU"
- 0x0C "T"
- 0x0D "D"
- 0x24 "userCertificate"
- 0x29 "N"
- 0x2A "G"
- 0x2B "I"
- 0x2D "ID"
+ 0x03 "CN" OID_COMMON_NAME
+ 0x04 "S" OID_SURNAME
+ 0x05 "SN" OID_SERIAL_NUMBER
+ 0x06 "C" OID_COUNTRY
+ 0x07 "L" OID_LOCALITY
+ 0x08 "ST" OID_STATE_OR_PROVINCE
+ 0x0A "O" OID_ORGANIZATION
+ 0x0B "OU" OID_ORGANIZATION_UNIT
+ 0x0C "T" OID_TITLE
+ 0x0D "D" OID_DESCRIPTION
+ 0x24 "userCertificate" OID_USER_CERTIFICATE
+ 0x29 "N" OID_NAME
+ 0x2A "G" OID_GIVEN_NAME
+ 0x2B "I" OID_INITIALS
+ 0x2D "ID" OID_UNIQUE_IDENTIFIER
0x48 "role" OID_ROLE
0x1D "id-ce"
0x09 "subjectDirectoryAttrs"
@@ -51,8 +51,20 @@
0x37 "targetInformation" OID_TARGET_INFORMATION
0x38 "noRevAvail" OID_NO_REV_AVAIL
0x2A ""
+ 0x83 ""
+ 0x08 "jp"
+ 0x8C ""
+ 0x9A ""
+ 0x4B ""
+ 0x3D ""
+ 0x01 "security"
+ 0x01 "algorithm"
+ 0x01 "symm-encryption-alg"
+ 0x02 "camellia128-cbc" OID_CAMELLIA128_CBC
+ 0x03 "camellia192-cbc" OID_CAMELLIA192_CBC
+ 0x04 "camellia256-cbc" OID_CAMELLIA256_CBC
0x86 ""
- 0x48 ""
+ 0x48 "us"
0x86 ""
0xF6 ""
0x7D "NortelNetworks"
@@ -149,7 +161,7 @@
0x01 ""
0x02 ""
0x02 ""
- 0x4B "TCGID"
+ 0x4B "TCGID" OID_TCGID
0x05 "security"
0x05 "mechanisms"
0x07 "id-pkix"
@@ -236,10 +248,21 @@
0x65 "gov"
0x03 "csor"
0x04 "nistalgorithm"
+ 0x01 "aes"
+ 0x02 "id-aes128-CBC" OID_AES128_CBC
+ 0x06 "id-aes128-GCM" OID_AES128_GCM
+ 0x07 "id-aes128-CCM" OID_AES128_CCM
+ 0x16 "id-aes192-CBC" OID_AES192_CBC
+ 0x1A "id-aes192-GCM" OID_AES192_GCM
+ 0x1B "id-aes192-CCM" OID_AES192_CCM
+ 0x2A "id-aes256-CBC" OID_AES256_CBC
+ 0x2E "id-aes256-GCM" OID_AES256_GCM
+ 0x2F "id-aes256-CCM" OID_AES256_CCM
0x02 "hashalgs"
0x01 "id-SHA-256" OID_SHA256
0x02 "id-SHA-384" OID_SHA384
0x03 "id-SHA-512" OID_SHA512
+ 0x04 "id-SHA-224" OID_SHA224
0x86 ""
0xf8 ""
0x42 "netscape"
@@ -251,7 +274,7 @@
0x0d "nsComment" OID_NS_COMMENT
0x03 "directory"
0x01 ""
- 0x03 "employeeNumber"
+ 0x03 "employeeNumber" OID_EMPLOYEE_NUMBER
0x04 "policy"
0x01 "nsSGC"
0x45 "verisign"
@@ -264,3 +287,10 @@
0x06 "recipientNonce" OID_PKI_RECIPIENT_NONCE
0x07 "transID" OID_PKI_TRANS_ID
0x08 "extensionReq"
+ 0x86 "old-netscape"
+ 0xF7 ""
+ 0x0D ""
+ 0x01 ""
+ 0x09 ""
+ 0x01 "emailAddress" OID_EMAIL_ADDRESS
+ 0x02 "unstructuredName" OID_UNSTRUCTURED_NAME
diff --git a/src/libstrongswan/asn1/pem.c b/src/libstrongswan/asn1/pem.c
index d3176b6bc..059795548 100755
--- a/src/libstrongswan/asn1/pem.c
+++ b/src/libstrongswan/asn1/pem.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: pem.c 4029 2008-06-03 12:14:02Z martin $
*/
#include <stdio.h>
@@ -84,8 +82,8 @@ static bool find_boundary(const char* tag, chunk_t *line)
/*
* decrypts a passphrase protected encrypted data block
*/
-static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_size,
- chunk_t *iv, chunk_t *passphrase)
+static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_size,
+ chunk_t *iv, chunk_t passphrase)
{
hasher_t *hasher;
crypter_t *crypter;
@@ -95,10 +93,10 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
chunk_t key = {alloca(key_size), key_size};
u_int8_t padding, *last_padding_pos, *first_padding_pos;
- if (passphrase == NULL || passphrase->len == 0)
+ if (passphrase.len == 0)
{
DBG1(" missing passphrase");
- return FALSE;
+ return INVALID_ARG;
}
/* build key from passphrase and IV */
@@ -106,18 +104,18 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
if (hasher == NULL)
{
DBG1(" MD5 hash algorithm not available");
- return FALSE;
+ return NOT_SUPPORTED;
}
hash.len = hasher->get_hash_size(hasher);
hash.ptr = alloca(hash.len);
- hasher->get_hash(hasher, *passphrase, NULL);
+ hasher->get_hash(hasher, passphrase, NULL);
hasher->get_hash(hasher, salt, hash.ptr);
memcpy(key.ptr, hash.ptr, hash.len);
if (key.len > hash.len)
{
hasher->get_hash(hasher, hash, NULL);
- hasher->get_hash(hasher, *passphrase, NULL);
+ hasher->get_hash(hasher, passphrase, NULL);
hasher->get_hash(hasher, salt, hash.ptr);
memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
}
@@ -129,7 +127,7 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
{
DBG1(" %N encryption algorithm not available",
encryption_algorithm_names, alg);
- return FALSE;
+ return NOT_SUPPORTED;
}
crypter->set_key(crypter, key);
@@ -138,7 +136,7 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
{
crypter->destroy(crypter);
DBG1(" data size is not multiple of block size");
- return FALSE;
+ return PARSE_ERROR;
}
crypter->decrypt(crypter, *blob, *iv, &decrypted);
crypter->destroy(crypter);
@@ -156,12 +154,12 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
if (*last_padding_pos != padding)
{
DBG1(" invalid passphrase");
- return FALSE;
+ return INVALID_ARG;
}
}
/* remove padding */
blob->len -= padding;
- return TRUE;
+ return SUCCESS;
}
/* Converts a PEM encoded file into its binary form
@@ -169,7 +167,7 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
* RFC 1421 Privacy Enhancement for Electronic Mail, February 1993
* RFC 934 Message Encapsulation, January 1985
*/
-bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
+status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp)
{
typedef enum {
PEM_PRE = 0,
@@ -239,17 +237,21 @@ bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
DBG2(" %.*s", (int)line.len, line.ptr);
ugh = extract_parameter_value(&name, &value, &line);
if (ugh != NULL)
+ {
continue;
-
+ }
if (match("Proc-Type", &name) && *value.ptr == '4')
+ {
encrypted = TRUE;
+ }
else if (match("DEK-Info", &name))
{
chunk_t dek;
if (!extract_token(&dek, ',', &value))
+ {
dek = value;
-
+ }
if (match("DES-EDE3-CBC", &dek))
{
alg = ENCR_3DES;
@@ -274,7 +276,7 @@ bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
{
DBG1(" encryption algorithm '%.s' not supported",
dek.len, dek.ptr);
- return FALSE;
+ return NOT_SUPPORTED;
}
eat_whitespace(&value);
iv = chunk_from_hex(value, iv.ptr);
@@ -317,11 +319,11 @@ bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
if (state != PEM_POST)
{
DBG1(" file coded in unknown format, discarded");
- return FALSE;
+ return PARSE_ERROR;
}
if (!encrypted)
{
- return TRUE;
+ return SUCCESS;
}
return pem_decrypt(blob, alg, key_size, &iv, passphrase);
@@ -337,7 +339,9 @@ bool pem_asn1_load_file(char *filename, chunk_t *passphrase,
if (fd)
{
+ chunk_t pass = chunk_empty;
int bytes;
+
fseek(fd, 0, SEEK_END );
blob->len = ftell(fd);
rewind(fd);
@@ -356,10 +360,13 @@ bool pem_asn1_load_file(char *filename, chunk_t *passphrase,
}
if (passphrase != NULL)
- DBG4(" passphrase:", passphrase->ptr, passphrase->len);
+ {
+ pass = *passphrase;
+ DBG4(" passphrase: %#B", passphrase);
+ }
/* try PEM format */
- if (pem_to_bin(blob, passphrase, pgp))
+ if (pem_to_bin(blob, pass, pgp) == SUCCESS)
{
if (*pgp)
{
diff --git a/src/libstrongswan/asn1/pem.h b/src/libstrongswan/asn1/pem.h
index 4b76fbe80..7385330d7 100755
--- a/src/libstrongswan/asn1/pem.h
+++ b/src/libstrongswan/asn1/pem.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: pem.h 4011 2008-05-23 19:18:08Z andreas $
*/
#ifndef PEM_H_
@@ -23,9 +21,9 @@
#include <library.h>
-bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp);
+status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp);
-bool pem_asn1_load_file(char *filename, chunk_t *passphrase,
- chunk_t *blob, bool *pgp);
+bool pem_asn1_load_file(char *filename, chunk_t *passphrase, chunk_t *blob,
+ bool *pgp);
#endif /*PEM_H_ @} */