diff options
Diffstat (limited to 'src/libstrongswan/asn1')
-rw-r--r-- | src/libstrongswan/asn1/asn1.c | 311 | ||||
-rw-r--r-- | src/libstrongswan/asn1/asn1.h | 110 | ||||
-rw-r--r-- | src/libstrongswan/asn1/asn1_parser.c | 38 | ||||
-rw-r--r-- | src/libstrongswan/asn1/asn1_parser.h | 16 | ||||
-rw-r--r-- | src/libstrongswan/asn1/oid.c | 566 | ||||
-rw-r--r-- | src/libstrongswan/asn1/oid.h | 296 | ||||
-rw-r--r-- | src/libstrongswan/asn1/oid.txt | 78 | ||||
-rwxr-xr-x | src/libstrongswan/asn1/pem.c | 393 | ||||
-rwxr-xr-x | src/libstrongswan/asn1/pem.h | 29 |
9 files changed, 708 insertions, 1129 deletions
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index ec46b165b..763caafc4 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -18,7 +18,6 @@ #include <stdio.h> #include <string.h> #include <time.h> -#include <pthread.h> #include <utils.h> #include <debug.h> @@ -28,161 +27,34 @@ #include "asn1_parser.h" /** - * some common prefabricated ASN.1 constants + * Commonly used ASN1 values. */ -static u_char ASN1_INTEGER_0_str[] = { 0x02, 0x00 }; -static u_char ASN1_INTEGER_1_str[] = { 0x02, 0x01, 0x01 }; -static u_char ASN1_INTEGER_2_str[] = { 0x02, 0x01, 0x02 }; - -const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str); -const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str); -const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str); - -/** - * some popular algorithmIdentifiers - */ - -static u_char ASN1_md2_id_str[] = { - 0x30, 0x0c, - 0x06, 0x08, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02, - 0x05,0x00, -}; - -static u_char ASN1_md5_id_str[] = { - 0x30, 0x0C, - 0x06, 0x08, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, - 0x05, 0x00 -}; - -static u_char ASN1_sha1_id_str[] = { - 0x30, 0x09, - 0x06, 0x05, - 0x2B, 0x0E,0x03, 0x02, 0x1A, - 0x05, 0x00 -}; - -static u_char ASN1_sha256_id_str[] = { - 0x30, 0x0d, - 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, - 0x05, 0x00 -}; - -static u_char ASN1_sha384_id_str[] = { - 0x30, 0x0d, - 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, - 0x05, 0x00 -}; - -static u_char ASN1_sha512_id_str[] = { - 0x30, 0x0d, - 0x06, 0x09, - 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, - 0x05,0x00 -}; - -static u_char ASN1_md2WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02, - 0x05, 0x00 -}; - -static u_char ASN1_md5WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04, - 0x05, 0x00 -}; - -static u_char ASN1_sha1WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, - 0x05, 0x00 -}; - -static u_char ASN1_sha256WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, - 0x05, 0x00 -}; - -static u_char ASN1_sha384WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C, - 0x05, 0x00 -}; - -static u_char ASN1_sha512WithRSA_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D, - 0x05, 0x00 -}; - -static u_char ASN1_rsaEncryption_id_str[] = { - 0x30, 0x0D, - 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, - 0x05, 0x00 -}; - -static const chunk_t ASN1_md2_id = chunk_from_buf(ASN1_md2_id_str); -static const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str); -static const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str); -static const chunk_t ASN1_sha256_id = chunk_from_buf(ASN1_sha256_id_str); -static const chunk_t ASN1_sha384_id = chunk_from_buf(ASN1_sha384_id_str); -static const chunk_t ASN1_sha512_id = chunk_from_buf(ASN1_sha512_id_str); -static const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str); -static const chunk_t ASN1_md2WithRSA_id = chunk_from_buf(ASN1_md2WithRSA_id_str); -static const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str); -static const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str); -static const chunk_t ASN1_sha256WithRSA_id = chunk_from_buf(ASN1_sha256WithRSA_id_str); -static const chunk_t ASN1_sha384WithRSA_id = chunk_from_buf(ASN1_sha384WithRSA_id_str); -static const chunk_t ASN1_sha512WithRSA_id = chunk_from_buf(ASN1_sha512WithRSA_id_str); +const chunk_t ASN1_INTEGER_0 = chunk_from_chars(0x02, 0x00); +const chunk_t ASN1_INTEGER_1 = chunk_from_chars(0x02, 0x01, 0x01); +const chunk_t ASN1_INTEGER_2 = chunk_from_chars(0x02, 0x01, 0x02); /* * Defined in header. */ chunk_t asn1_algorithmIdentifier(int oid) { + chunk_t parameters; + + /* some algorithmIdentifiers have a NULL parameters field and some do not */ switch (oid) { - case OID_RSA_ENCRYPTION: - return ASN1_rsaEncryption_id; - case OID_MD2_WITH_RSA: - return ASN1_md2WithRSA_id; - case OID_MD5_WITH_RSA: - return ASN1_md5WithRSA_id; - case OID_SHA1_WITH_RSA: - return ASN1_sha1WithRSA_id; - case OID_SHA256_WITH_RSA: - return ASN1_sha256WithRSA_id; - case OID_SHA384_WITH_RSA: - return ASN1_sha384WithRSA_id; - case OID_SHA512_WITH_RSA: - return ASN1_sha512WithRSA_id; - case OID_MD2: - return ASN1_md2_id; - case OID_MD5: - return ASN1_md5_id; - case OID_SHA1: - return ASN1_sha1_id; - case OID_SHA256: - return ASN1_sha256_id; - case OID_SHA384: - return ASN1_sha384_id; - case OID_SHA512: - return ASN1_sha512_id; + case OID_ECDSA_WITH_SHA1: + case OID_ECDSA_WITH_SHA224: + case OID_ECDSA_WITH_SHA256: + case OID_ECDSA_WITH_SHA384: + case OID_ECDSA_WITH_SHA512: + parameters = chunk_empty; + break; default: - return chunk_empty; + parameters = asn1_simple_object(ASN1_NULL, chunk_empty); + break; } + return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(oid), parameters); } /* @@ -191,14 +63,14 @@ chunk_t asn1_algorithmIdentifier(int oid) int asn1_known_oid(chunk_t object) { int oid = 0; - + while (object.len) { if (oid_names[oid].octet == *object.ptr) { if (--object.len == 0 || oid_names[oid].down == 0) { - return oid; /* found terminal symbol */ + return oid; /* found terminal symbol */ } else { @@ -227,17 +99,17 @@ chunk_t asn1_build_known_oid(int n) { chunk_t oid; int i; - + if (n < 0 || n >= OID_MAX) { return chunk_empty; } - + i = oid_names[n].level + 1; oid = chunk_alloc(2 + i); oid.ptr[0] = ASN1_OID; oid.ptr[1] = i; - + do { if (oid_names[n].level >= i) @@ -248,7 +120,7 @@ chunk_t asn1_build_known_oid(int n) oid.ptr[--i + 2] = oid_names[n--].octet; } while (i > 0); - + return oid; } @@ -259,18 +131,18 @@ size_t asn1_length(chunk_t *blob) { u_char n; size_t len; - + if (blob->len < 2) { DBG2("insufficient number of octets to parse ASN.1 length"); return ASN1_INVALID_LENGTH; } - + /* read length field, skip tag and length */ n = blob->ptr[1]; *blob = chunk_skip(*blob, 2); - - if ((n & 0x80) == 0) + + if ((n & 0x80) == 0) { /* single length octet */ if (n > blob->len) { @@ -279,25 +151,25 @@ size_t asn1_length(chunk_t *blob) } return n; } - + /* composite length, determine number of length octets */ n &= 0x7f; - + if (n == 0 || n > blob->len) { DBG2("number of length octets invalid"); return ASN1_INVALID_LENGTH; } - + if (n > sizeof(len)) { - DBG2("number of length octets is larger than limit of %d octets", + DBG2("number of length octets is larger than limit of %d octets", (int)sizeof(len)); return ASN1_INVALID_LENGTH; } - + len = 0; - + while (n-- > 0) { len = 256*len + *blob->ptr++; @@ -319,7 +191,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner) chunk_t res; u_char len; int type; - + if (blob->len < 2) { return ASN1_INVALID; @@ -327,7 +199,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner) type = blob->ptr[0]; len = blob->ptr[1]; *blob = chunk_skip(*blob, 2); - + if ((len & 0x80) == 0) { /* single length octet */ res.len = len; @@ -358,8 +230,6 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner) return type; } -#define TIME_MAX 0x7fffffff - static const int days[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 }; static const int tm_leap_1970 = 477; @@ -373,7 +243,7 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) int tz_hour, tz_min, tz_offset; time_t tm_secs; u_char *eot = NULL; - + if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL) { tz_offset = 0; /* Zulu time with a zero time zone offset */ @@ -398,19 +268,19 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) { return 0; /* error in time format */ } - + /* parse ASN.1 time string */ { const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d": "%4d%2d%2d%2d%2d"; - + if (sscanf(utctime->ptr, format, &tm_year, &tm_mon, &tm_day, &tm_hour, &tm_min) != 5) { return 0; /* error in [yy]yymmddhhmm time format */ } } - + /* is there a seconds field? */ if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14)) { @@ -423,17 +293,17 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) { tm_sec = 0; } - + /* representation of two-digit years */ if (type == ASN1_UTCTIME) { tm_year += (tm_year < 50) ? 2000 : 1900; } - + /* prevent large 32 bit integer overflows */ if (sizeof(time_t) == 4 && tm_year > 2038) { - return TIME_MAX; + return TIME_32_BIT_SIGNED_MAX; } /* representation of months as 0..11*/ @@ -442,7 +312,7 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) return 0; /* error in month format */ } tm_mon--; - + /* representation of days as 0..30 */ tm_day--; @@ -461,8 +331,8 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap; tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec - tz_offset; - /* has a 32 bit overflow occurred? */ - return (tm_secs < 0) ? TIME_MAX : tm_secs; + /* has a 32 bit signed integer overflow occurred? */ + return (tm_secs < 0) ? TIME_32_BIT_SIGNED_MAX : tm_secs; } /** @@ -475,7 +345,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type) char buf[BUF_LEN]; chunk_t formatted_time; struct tm t; - + gmtime_r(time, &t); if (type == ASN1_GENERALIZEDTIME) { @@ -487,7 +357,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type) format = "%02d%02d%02d%02d%02d%02dZ"; offset = (t.tm_year < 100)? 0 : -100; } - snprintf(buf, BUF_LEN, format, t.tm_year + offset, + snprintf(buf, BUF_LEN, format, t.tm_year + offset, t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec); formatted_time.ptr = buf; formatted_time.len = strlen(buf); @@ -500,7 +370,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type) void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) { int oid; - + switch (type) { case ASN1_OID: @@ -545,30 +415,30 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const char* name) { size_t len; - + /* an ASN.1 object must possess at least a tag and length field */ if (object->len < 2) { DBG2("L%d - %s: ASN.1 object smaller than 2 octets", level, name); return FALSE; } - + if (*object->ptr != type) { DBG2("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x", level, name, type, *object->ptr); return FALSE; } - + len = asn1_length(object); - + if (len == ASN1_INVALID_LENGTH || object->len < len) { DBG2("L%d - %s: length of ASN.1 object invalid or too large", level, name); return FALSE; } - + DBG2("L%d - %s:", level, name); asn1_debug_simple_object(*object, type, FALSE); return TRUE; @@ -578,11 +448,11 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c * ASN.1 definition of an algorithmIdentifier */ static const asn1Object_t algorithmIdentifierObjects[] = { - { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */ - { 1, "parameters", ASN1_EOC, ASN1_RAW|ASN1_OPT }, /* 2 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */ + { 1, "parameters", ASN1_EOC, ASN1_RAW|ASN1_OPT }, /* 2 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define ALGORITHM_ID_ALG 1 #define ALGORITHM_ID_PARAMETERS 2 @@ -596,10 +466,10 @@ int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters chunk_t object; int objectID; int alg = OID_UNKNOWN; - + parser = asn1_parser_create(algorithmIdentifierObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { switch (objectID) @@ -629,7 +499,7 @@ bool is_asn1(chunk_t blob) u_int len; u_char tag = *blob.ptr; - if (tag != ASN1_SEQUENCE && tag != ASN1_SET) + if (tag != ASN1_SEQUENCE && tag != ASN1_SET && tag != ASN1_OCTET_STRING) { DBG2(" file content is not binary ASN.1"); return FALSE; @@ -661,7 +531,7 @@ bool asn1_is_printablestring(chunk_t str) const char printablestring_charset[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 '()+,-./:=?"; u_int i; - + for (i = 0; i < str.len; i++) { if (strchr(printablestring_charset, str.ptr[i]) == NULL) @@ -711,24 +581,24 @@ u_char* asn1_build_object(chunk_t *object, asn1_t type, size_t datalen) u_char length_buf[4]; chunk_t length = { length_buf, 0 }; u_char *pos; - + /* code the asn.1 length field */ asn1_code_length(datalen, &length); - + /* allocate memory for the asn.1 TLV object */ object->len = 1 + length.len + datalen; object->ptr = malloc(object->len); - + /* set position pointer at the start of the object */ pos = object->ptr; - + /* copy the asn.1 tag field and advance the pointer */ *pos++ = type; - + /* copy the asn.1 length field and advance the pointer */ - memcpy(pos, length.ptr, length.len); + memcpy(pos, length.ptr, length.len); pos += length.len; - + return pos; } @@ -738,11 +608,11 @@ u_char* asn1_build_object(chunk_t *object, asn1_t type, size_t datalen) chunk_t asn1_simple_object(asn1_t tag, chunk_t content) { chunk_t object; - + u_char *pos = asn1_build_object(&object, tag, content.len); - memcpy(pos, content.ptr, content.len); + memcpy(pos, content.ptr, content.len); pos += content.len; - + return object; } @@ -809,8 +679,8 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...) u_char *pos; int i; int count = strlen(mode); - - /* sum up lengths of individual chunks */ + + /* sum up lengths of individual chunks */ va_start(chunks, mode); construct.len = 0; for (i = 0; i < count; i++) @@ -819,26 +689,33 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...) construct.len += ch.len; } va_end(chunks); - + /* allocate needed memory for construct */ pos = asn1_build_object(&construct, type, construct.len); - + /* copy or move the chunks */ va_start(chunks, mode); for (i = 0; i < count; i++) { chunk_t ch = va_arg(chunks, chunk_t); - + memcpy(pos, ch.ptr, ch.len); pos += ch.len; - if (*mode++ == 'm') + switch (*mode++) { - free(ch.ptr); + case 's': + chunk_clear(&ch); + break; + case 'm': + free(ch.ptr); + break; + default: + break; } } va_end(chunks); - + return construct; } @@ -846,11 +723,11 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...) * ASN.1 definition of time */ static const asn1Object_t timeObjects[] = { - { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */ - { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */ - { 0, "generalizeTime", ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */ - { 0, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */ + { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */ + { 0, "generalizeTime", ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */ + { 0, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define TIME_UTC 0 #define TIME_GENERALIZED 2 @@ -864,10 +741,10 @@ time_t asn1_parse_time(chunk_t blob, int level0) chunk_t object; int objectID; time_t utc_time = 0; - + parser= asn1_parser_create(timeObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { if (objectID == TIME_UTC || objectID == TIME_GENERALIZED) diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 8072d62d6..d29190df7 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup asn1i asn1 * @{ @ingroup asn1 @@ -32,51 +32,51 @@ * Definition of some primitive ASN1 types */ typedef enum { - ASN1_EOC = 0x00, - ASN1_BOOLEAN = 0x01, - ASN1_INTEGER = 0x02, - ASN1_BIT_STRING = 0x03, - ASN1_OCTET_STRING = 0x04, - ASN1_NULL = 0x05, - ASN1_OID = 0x06, - ASN1_ENUMERATED = 0x0A, - ASN1_UTF8STRING = 0x0C, - ASN1_NUMERICSTRING = 0x12, - ASN1_PRINTABLESTRING = 0x13, - ASN1_T61STRING = 0x14, - ASN1_VIDEOTEXSTRING = 0x15, - ASN1_IA5STRING = 0x16, - ASN1_UTCTIME = 0x17, - ASN1_GENERALIZEDTIME = 0x18, - ASN1_GRAPHICSTRING = 0x19, - ASN1_VISIBLESTRING = 0x1A, - ASN1_GENERALSTRING = 0x1B, - ASN1_UNIVERSALSTRING = 0x1C, - ASN1_BMPSTRING = 0x1E, - - ASN1_CONSTRUCTED = 0x20, - - ASN1_SEQUENCE = 0x30, - ASN1_SET = 0x31, - - ASN1_CONTEXT_S_0 = 0x80, - ASN1_CONTEXT_S_1 = 0x81, - ASN1_CONTEXT_S_2 = 0x82, - ASN1_CONTEXT_S_3 = 0x83, - ASN1_CONTEXT_S_4 = 0x84, - ASN1_CONTEXT_S_5 = 0x85, - ASN1_CONTEXT_S_6 = 0x86, - ASN1_CONTEXT_S_7 = 0x87, - ASN1_CONTEXT_S_8 = 0x88, - - ASN1_CONTEXT_C_0 = 0xA0, - ASN1_CONTEXT_C_1 = 0xA1, - ASN1_CONTEXT_C_2 = 0xA2, - ASN1_CONTEXT_C_3 = 0xA3, - ASN1_CONTEXT_C_4 = 0xA4, - ASN1_CONTEXT_C_5 = 0xA5, - - ASN1_INVALID = 0x100, + ASN1_EOC = 0x00, + ASN1_BOOLEAN = 0x01, + ASN1_INTEGER = 0x02, + ASN1_BIT_STRING = 0x03, + ASN1_OCTET_STRING = 0x04, + ASN1_NULL = 0x05, + ASN1_OID = 0x06, + ASN1_ENUMERATED = 0x0A, + ASN1_UTF8STRING = 0x0C, + ASN1_NUMERICSTRING = 0x12, + ASN1_PRINTABLESTRING = 0x13, + ASN1_T61STRING = 0x14, + ASN1_VIDEOTEXSTRING = 0x15, + ASN1_IA5STRING = 0x16, + ASN1_UTCTIME = 0x17, + ASN1_GENERALIZEDTIME = 0x18, + ASN1_GRAPHICSTRING = 0x19, + ASN1_VISIBLESTRING = 0x1A, + ASN1_GENERALSTRING = 0x1B, + ASN1_UNIVERSALSTRING = 0x1C, + ASN1_BMPSTRING = 0x1E, + + ASN1_CONSTRUCTED = 0x20, + + ASN1_SEQUENCE = 0x30, + ASN1_SET = 0x31, + + ASN1_CONTEXT_S_0 = 0x80, + ASN1_CONTEXT_S_1 = 0x81, + ASN1_CONTEXT_S_2 = 0x82, + ASN1_CONTEXT_S_3 = 0x83, + ASN1_CONTEXT_S_4 = 0x84, + ASN1_CONTEXT_S_5 = 0x85, + ASN1_CONTEXT_S_6 = 0x86, + ASN1_CONTEXT_S_7 = 0x87, + ASN1_CONTEXT_S_8 = 0x88, + + ASN1_CONTEXT_C_0 = 0xA0, + ASN1_CONTEXT_C_1 = 0xA1, + ASN1_CONTEXT_C_2 = 0xA2, + ASN1_CONTEXT_C_3 = 0xA3, + ASN1_CONTEXT_C_4 = 0xA4, + ASN1_CONTEXT_C_5 = 0xA5, + + ASN1_INVALID = 0x100, } asn1_t; #define ASN1_INVALID_LENGTH 0xffffffff @@ -92,10 +92,10 @@ extern const chunk_t ASN1_INTEGER_2; /** Some ASN.1 analysis functions */ /** - * Returns some popular algorithmIdentifiers + * Build an algorithmIdentifier from a known OID. * * @param oid known OID index - * @return body of the corresponding OID + * @return body of the corresponding OID, allocated */ chunk_t asn1_algorithmIdentifier(int oid); @@ -103,7 +103,7 @@ chunk_t asn1_algorithmIdentifier(int oid); * Converts an ASN.1 OID into a known OID index * * @param object body of an OID - * @return index into the oid_names[] table or OID_UNKNOWN + * @return index into the oid_names[] table or OID_UNKNOWN */ int asn1_known_oid(chunk_t object); @@ -139,7 +139,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *content); * @param blob ASN.1 coded blob * @param level0 top-most level offset * @param params returns optional [ASN.1 coded] parameters - * @return known OID index or OID_UNKNOWN + * @return known OID index or OID_UNKNOWN */ int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *params); @@ -178,7 +178,7 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type); * * @param time time_t in UTC * @param type ASN1_UTCTIME or ASN1_GENERALIZEDTIME - * @return body of an ASN.1 code time object + * @return body of an ASN.1 code time object */ chunk_t asn1_from_time(const time_t *time, asn1_t type); @@ -187,7 +187,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type); * * @param blob ASN.1 coded time object * @param level0 top-most level offset - * @return time_t in UTC + * @return time_t in UTC */ time_t asn1_parse_time(chunk_t blob, int level0); @@ -250,8 +250,12 @@ chunk_t asn1_integer(const char *mode, chunk_t content); /** * Build an ASN.1 object from a variable number of individual chunks * + * The mode string specifies the number of chunks, and how to handle each of + * them with a single character: 'c' for copy (allocate new chunk), 'm' for move + * (free given chunk) or 's' for sensitive-copy (clear given chunk, then free). + * * @param type ASN.1 type to be created - * @param mode for each list member: 'c' for copy or 'm' for move + * @param mode for each list member: 'c', 'm' or 's' * @return chunk containing the ASN.1 coded object */ chunk_t asn1_wrap(asn1_t type, const char *mode, ...); diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index bc4c0b50f..dc7726ad7 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -54,7 +54,7 @@ struct private_asn1_parser_t { bool success; /** - * Declare object data as private - use debug level 4 to log it + * Declare object data as private - use debug level 4 to log it */ bool private; @@ -88,7 +88,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) u_char *start_ptr; u_int level; asn1Object_t obj; - + *object = chunk_empty; /* Advance to the next object syntax definition line */ @@ -99,7 +99,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) { return FALSE; } - + if (obj.flags & ASN1_END) /* end of loop or option found */ { if (this->loopAddr[obj.level] && this->blobs[obj.level+1].len > 0) @@ -109,16 +109,16 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) } else { - this->loopAddr[obj.level] = 0; /* exit loop or option*/ + this->loopAddr[obj.level] = 0; /* exit loop or option*/ goto end; } } - + level = this->level0 + obj.level; blob = this->blobs + obj.level; blob1 = blob + 1; start_ptr = blob->ptr; - + /* handle ASN.1 defaults values */ if ((obj.flags & ASN1_DEF) && (blob->len == 0 || *start_ptr != obj.type) ) { @@ -130,9 +130,9 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) } goto end; } - + /* handle ASN.1 options */ - + if ((obj.flags & ASN1_OPT) && (blob->len == 0 || *start_ptr != obj.type)) { @@ -145,9 +145,9 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) (this->objects[this->line].level == obj.level))); goto end; } - + /* an ASN.1 object must possess at least a tag and length field */ - + if (blob->len < 2) { DBG1("L%d - %s: ASN.1 object smaller than 2 octets", @@ -155,22 +155,22 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) this->success = FALSE; goto end; } - + blob1->len = asn1_length(blob); - + if (blob1->len == ASN1_INVALID_LENGTH) { - DBG1("L%d - %s: length of ASN.1 object invalid or too large", + DBG1("L%d - %s: length of ASN.1 object invalid or too large", level, obj.name); this->success = FALSE; } - + blob1->ptr = blob->ptr; blob->ptr += blob1->len; blob->len -= blob1->len; - + /* return raw ASN.1 object without prior type checking */ - + if (obj.flags & ASN1_RAW) { DBG2("L%d - %s:", level, obj.name); @@ -187,10 +187,10 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) this->success = FALSE; goto end; } - + DBG2("L%d - %s:", level, obj.name); - - /* In case of "SEQUENCE OF" or "SET OF" start a loop */ + + /* In case of "SEQUENCE OF" or "SET OF" start a loop */ if (obj.flags & ASN1_LOOP) { if (blob1->len > 0) diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h index b2f4133a1..49325232d 100644 --- a/src/libstrongswan/asn1/asn1_parser.h +++ b/src/libstrongswan/asn1/asn1_parser.h @@ -14,7 +14,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup asn1_parser asn1_parser * @{ @ingroup asn1 @@ -57,7 +57,7 @@ struct asn1Object_t{ typedef struct asn1_parser_t asn1_parser_t; /** - * Public interface of an ASN.1 parser + * Public interface of an ASN.1 parser */ struct asn1_parser_t { @@ -69,25 +69,25 @@ struct asn1_parser_t { * @return - FALSE if end of object syntax definition was reached * or a parsing error occurred * - TRUE otherwise - */ + */ bool (*iterate)(asn1_parser_t *this, int *objectID, chunk_t *object); /** - * Get the current parsing level + * Get the current parsing level * * @return current level */ u_int (*get_level)(asn1_parser_t *this); /** - * Set the top-most level + * Set the top-most level * * @param level top-most level */ void (*set_top_level)(asn1_parser_t *this, u_int level0); /** - * Set implicit and private flags + * Set implicit and private flags * * @param implicit top-most type of object is implicit * @param private object data is private (use debug level 4) @@ -95,7 +95,7 @@ struct asn1_parser_t { void (*set_flags)(asn1_parser_t *this, bool implicit, bool private); /** - * Show final parsing status + * Show final parsing status * * @return TRUE if parsing was successful, FALSE otherwise */ @@ -106,7 +106,7 @@ struct asn1_parser_t { */ void (*destroy)(asn1_parser_t *this); }; - + /** * Create an ASN.1 parser * diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index 391d65e89..8f91a2e2b 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -28,7 +28,7 @@ const oid_t oid_names[] = { { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */ { 0x01, 17, 0, 9, "UID" }, /* 16 */ { 0x19, 0, 0, 9, "DC" }, /* 17 */ - {0x55, 52, 1, 0, "X.500" }, /* 18 */ + {0x55, 64, 1, 0, "X.500" }, /* 18 */ { 0x04, 36, 1, 1, "X.509" }, /* 19 */ { 0x03, 21, 0, 2, "CN" }, /* 20 */ { 0x04, 22, 0, 2, "S" }, /* 21 */ @@ -56,260 +56,312 @@ const oid_t oid_names[] = { { 0x13, 44, 0, 2, "basicConstraints" }, /* 43 */ { 0x14, 45, 0, 2, "crlNumber" }, /* 44 */ { 0x15, 46, 0, 2, "reasonCode" }, /* 45 */ - { 0x1F, 47, 0, 2, "crlDistributionPoints" }, /* 46 */ - { 0x20, 48, 0, 2, "certificatePolicies" }, /* 47 */ - { 0x23, 49, 0, 2, "authorityKeyIdentifier" }, /* 48 */ - { 0x25, 50, 0, 2, "extendedKeyUsage" }, /* 49 */ - { 0x37, 51, 0, 2, "targetInformation" }, /* 50 */ - { 0x38, 0, 0, 2, "noRevAvail" }, /* 51 */ - {0x2A, 149, 1, 0, "" }, /* 52 */ - { 0x83, 65, 1, 1, "" }, /* 53 */ - { 0x08, 0, 1, 2, "jp" }, /* 54 */ - { 0x8C, 0, 1, 3, "" }, /* 55 */ - { 0x9A, 0, 1, 4, "" }, /* 56 */ - { 0x4B, 0, 1, 5, "" }, /* 57 */ - { 0x3D, 0, 1, 6, "" }, /* 58 */ - { 0x01, 0, 1, 7, "security" }, /* 59 */ - { 0x01, 0, 1, 8, "algorithm" }, /* 60 */ - { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 61 */ - { 0x02, 63, 0, 10, "camellia128-cbc" }, /* 62 */ - { 0x03, 64, 0, 10, "camellia192-cbc" }, /* 63 */ - { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 64 */ - { 0x86, 0, 1, 1, "" }, /* 65 */ - { 0x48, 0, 1, 2, "us" }, /* 66 */ - { 0x86, 108, 1, 3, "" }, /* 67 */ - { 0xF6, 73, 1, 4, "" }, /* 68 */ - { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 69 */ - { 0x07, 0, 1, 6, "Entrust" }, /* 70 */ - { 0x41, 0, 1, 7, "nsn-ce" }, /* 71 */ - { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 72 */ - { 0xF7, 0, 1, 4, "" }, /* 73 */ - { 0x0D, 0, 1, 5, "RSADSI" }, /* 74 */ - { 0x01, 103, 1, 6, "PKCS" }, /* 75 */ - { 0x01, 85, 1, 7, "PKCS-1" }, /* 76 */ - { 0x01, 78, 0, 8, "rsaEncryption" }, /* 77 */ - { 0x02, 79, 0, 8, "md2WithRSAEncryption" }, /* 78 */ - { 0x04, 80, 0, 8, "md5WithRSAEncryption" }, /* 79 */ - { 0x05, 81, 0, 8, "sha-1WithRSAEncryption" }, /* 80 */ - { 0x0B, 82, 0, 8, "sha256WithRSAEncryption" }, /* 81 */ - { 0x0C, 83, 0, 8, "sha384WithRSAEncryption" }, /* 82 */ - { 0x0D, 84, 0, 8, "sha512WithRSAEncryption" }, /* 83 */ - { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 84 */ - { 0x07, 92, 1, 7, "PKCS-7" }, /* 85 */ - { 0x01, 87, 0, 8, "data" }, /* 86 */ - { 0x02, 88, 0, 8, "signedData" }, /* 87 */ - { 0x03, 89, 0, 8, "envelopedData" }, /* 88 */ - { 0x04, 90, 0, 8, "signedAndEnvelopedData" }, /* 89 */ - { 0x05, 91, 0, 8, "digestedData" }, /* 90 */ - { 0x06, 0, 0, 8, "encryptedData" }, /* 91 */ - { 0x09, 0, 1, 7, "PKCS-9" }, /* 92 */ - { 0x01, 94, 0, 8, "E" }, /* 93 */ - { 0x02, 95, 0, 8, "unstructuredName" }, /* 94 */ - { 0x03, 96, 0, 8, "contentType" }, /* 95 */ - { 0x04, 97, 0, 8, "messageDigest" }, /* 96 */ - { 0x05, 98, 0, 8, "signingTime" }, /* 97 */ - { 0x06, 99, 0, 8, "counterSignature" }, /* 98 */ - { 0x07, 100, 0, 8, "challengePassword" }, /* 99 */ - { 0x08, 101, 0, 8, "unstructuredAddress" }, /* 100 */ - { 0x0E, 102, 0, 8, "extensionRequest" }, /* 101 */ - { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 102 */ - { 0x02, 106, 1, 6, "digestAlgorithm" }, /* 103 */ - { 0x02, 105, 0, 7, "md2" }, /* 104 */ - { 0x05, 0, 0, 7, "md5" }, /* 105 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 106 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 107 */ - { 0xCE, 0, 1, 3, "" }, /* 108 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 109 */ - { 0x02, 112, 1, 5, "id-publicKeyType" }, /* 110 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 111 */ - { 0x03, 142, 1, 5, "ellipticCurve" }, /* 112 */ - { 0x00, 134, 1, 6, "c-TwoCurve" }, /* 113 */ - { 0x01, 115, 0, 7, "c2pnb163v1" }, /* 114 */ - { 0x02, 116, 0, 7, "c2pnb163v2" }, /* 115 */ - { 0x03, 117, 0, 7, "c2pnb163v3" }, /* 116 */ - { 0x04, 118, 0, 7, "c2pnb176w1" }, /* 117 */ - { 0x05, 119, 0, 7, "c2tnb191v1" }, /* 118 */ - { 0x06, 120, 0, 7, "c2tnb191v2" }, /* 119 */ - { 0x07, 121, 0, 7, "c2tnb191v3" }, /* 120 */ - { 0x08, 122, 0, 7, "c2onb191v4" }, /* 121 */ - { 0x09, 123, 0, 7, "c2onb191v5" }, /* 122 */ - { 0x0A, 124, 0, 7, "c2pnb208w1" }, /* 123 */ - { 0x0B, 125, 0, 7, "c2tnb239v1" }, /* 124 */ - { 0x0C, 126, 0, 7, "c2tnb239v2" }, /* 125 */ - { 0x0D, 127, 0, 7, "c2tnb239v3" }, /* 126 */ - { 0x0E, 128, 0, 7, "c2onb239v4" }, /* 127 */ - { 0x0F, 129, 0, 7, "c2onb239v5" }, /* 128 */ - { 0x10, 130, 0, 7, "c2pnb272w1" }, /* 129 */ - { 0x11, 131, 0, 7, "c2pnb304w1" }, /* 130 */ - { 0x12, 132, 0, 7, "c2tnb359v1" }, /* 131 */ - { 0x13, 133, 0, 7, "c2pnb368w1" }, /* 132 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 133 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 134 */ - { 0x01, 136, 0, 7, "prime192v1" }, /* 135 */ - { 0x02, 137, 0, 7, "prime192v2" }, /* 136 */ - { 0x03, 138, 0, 7, "prime192v3" }, /* 137 */ - { 0x04, 139, 0, 7, "prime239v1" }, /* 138 */ - { 0x05, 140, 0, 7, "prime239v2" }, /* 139 */ - { 0x06, 141, 0, 7, "prime239v3" }, /* 140 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 141 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 142 */ - { 0x01, 144, 0, 6, "ecdsa-with-SHA1" }, /* 143 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 144 */ - { 0x01, 146, 0, 7, "ecdsa-with-SHA224" }, /* 145 */ - { 0x02, 147, 0, 7, "ecdsa-with-SHA256" }, /* 146 */ - { 0x03, 148, 0, 7, "ecdsa-with-SHA384" }, /* 147 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 148 */ - {0x2B, 249, 1, 0, "" }, /* 149 */ - { 0x06, 202, 1, 1, "dod" }, /* 150 */ - { 0x01, 0, 1, 2, "internet" }, /* 151 */ - { 0x04, 170, 1, 3, "private" }, /* 152 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 153 */ - { 0x82, 163, 1, 5, "" }, /* 154 */ - { 0x37, 0, 1, 6, "Microsoft" }, /* 155 */ - { 0x0A, 160, 1, 7, "" }, /* 156 */ - { 0x03, 0, 1, 8, "" }, /* 157 */ - { 0x03, 159, 0, 9, "msSGC" }, /* 158 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 159 */ - { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 160 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 161 */ - { 0x02, 0, 0, 9, "msSmartcardLogon" }, /* 162 */ - { 0x89, 0, 1, 5, "" }, /* 163 */ - { 0x31, 0, 1, 6, "" }, /* 164 */ - { 0x01, 0, 1, 7, "" }, /* 165 */ - { 0x01, 0, 1, 8, "" }, /* 166 */ - { 0x02, 0, 1, 9, "" }, /* 167 */ - { 0x02, 169, 0, 10, "" }, /* 168 */ - { 0x4B, 0, 0, 10, "TCGID" }, /* 169 */ - { 0x05, 0, 1, 3, "security" }, /* 170 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 171 */ - { 0x07, 0, 1, 5, "id-pkix" }, /* 172 */ - { 0x01, 175, 1, 6, "id-pe" }, /* 173 */ - { 0x01, 0, 0, 7, "authorityInfoAccess" }, /* 174 */ - { 0x03, 185, 1, 6, "id-kp" }, /* 175 */ - { 0x01, 177, 0, 7, "serverAuth" }, /* 176 */ - { 0x02, 178, 0, 7, "clientAuth" }, /* 177 */ - { 0x03, 179, 0, 7, "codeSigning" }, /* 178 */ - { 0x04, 180, 0, 7, "emailProtection" }, /* 179 */ - { 0x05, 181, 0, 7, "ipsecEndSystem" }, /* 180 */ - { 0x06, 182, 0, 7, "ipsecTunnel" }, /* 181 */ - { 0x07, 183, 0, 7, "ipsecUser" }, /* 182 */ - { 0x08, 184, 0, 7, "timeStamping" }, /* 183 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 184 */ - { 0x08, 187, 1, 6, "id-otherNames" }, /* 185 */ - { 0x05, 0, 0, 7, "xmppAddr" }, /* 186 */ - { 0x0A, 192, 1, 6, "id-aca" }, /* 187 */ - { 0x01, 189, 0, 7, "authenticationInfo" }, /* 188 */ - { 0x02, 190, 0, 7, "accessIdentity" }, /* 189 */ - { 0x03, 191, 0, 7, "chargingIdentity" }, /* 190 */ - { 0x04, 0, 0, 7, "group" }, /* 191 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 192 */ - { 0x01, 201, 1, 7, "ocsp" }, /* 193 */ - { 0x01, 195, 0, 8, "basic" }, /* 194 */ - { 0x02, 196, 0, 8, "nonce" }, /* 195 */ - { 0x03, 197, 0, 8, "crl" }, /* 196 */ - { 0x04, 198, 0, 8, "response" }, /* 197 */ - { 0x05, 199, 0, 8, "noCheck" }, /* 198 */ - { 0x06, 200, 0, 8, "archiveCutoff" }, /* 199 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 200 */ - { 0x02, 0, 0, 7, "caIssuers" }, /* 201 */ - { 0x0E, 208, 1, 1, "oiw" }, /* 202 */ - { 0x03, 0, 1, 2, "secsig" }, /* 203 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 204 */ - { 0x07, 206, 0, 4, "des-cbc" }, /* 205 */ - { 0x1A, 207, 0, 4, "sha-1" }, /* 206 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 207 */ - { 0x24, 215, 1, 1, "TeleTrusT" }, /* 208 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 209 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 210 */ - { 0x01, 0, 1, 4, "rsaSignature" }, /* 211 */ - { 0x02, 213, 0, 5, "rsaSigWithripemd160" }, /* 212 */ - { 0x03, 214, 0, 5, "rsaSigWithripemd128" }, /* 213 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 214 */ - { 0x81, 0, 1, 1, "" }, /* 215 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 216 */ - { 0x00, 0, 1, 3, "curve" }, /* 217 */ - { 0x01, 219, 0, 4, "sect163k1" }, /* 218 */ - { 0x02, 220, 0, 4, "sect163r1" }, /* 219 */ - { 0x03, 221, 0, 4, "sect239k1" }, /* 220 */ - { 0x04, 222, 0, 4, "sect113r1" }, /* 221 */ - { 0x05, 223, 0, 4, "sect113r2" }, /* 222 */ - { 0x06, 224, 0, 4, "secp112r1" }, /* 223 */ - { 0x07, 225, 0, 4, "secp112r2" }, /* 224 */ - { 0x08, 226, 0, 4, "secp160r1" }, /* 225 */ - { 0x09, 227, 0, 4, "secp160k1" }, /* 226 */ - { 0x0A, 228, 0, 4, "secp256k1" }, /* 227 */ - { 0x0F, 229, 0, 4, "sect163r2" }, /* 228 */ - { 0x10, 230, 0, 4, "sect283k1" }, /* 229 */ - { 0x11, 231, 0, 4, "sect283r1" }, /* 230 */ - { 0x16, 232, 0, 4, "sect131r1" }, /* 231 */ - { 0x17, 233, 0, 4, "sect131r2" }, /* 232 */ - { 0x18, 234, 0, 4, "sect193r1" }, /* 233 */ - { 0x19, 235, 0, 4, "sect193r2" }, /* 234 */ - { 0x1A, 236, 0, 4, "sect233k1" }, /* 235 */ - { 0x1B, 237, 0, 4, "sect233r1" }, /* 236 */ - { 0x1C, 238, 0, 4, "secp128r1" }, /* 237 */ - { 0x1D, 239, 0, 4, "secp128r2" }, /* 238 */ - { 0x1E, 240, 0, 4, "secp160r2" }, /* 239 */ - { 0x1F, 241, 0, 4, "secp192k1" }, /* 240 */ - { 0x20, 242, 0, 4, "secp224k1" }, /* 241 */ - { 0x21, 243, 0, 4, "secp224r1" }, /* 242 */ - { 0x22, 244, 0, 4, "secp384r1" }, /* 243 */ - { 0x23, 245, 0, 4, "secp521r1" }, /* 244 */ - { 0x24, 246, 0, 4, "sect409k1" }, /* 245 */ - { 0x25, 247, 0, 4, "sect409r1" }, /* 246 */ - { 0x26, 248, 0, 4, "sect571k1" }, /* 247 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 248 */ - {0x60, 0, 1, 0, "" }, /* 249 */ - { 0x86, 0, 1, 1, "" }, /* 250 */ - { 0x48, 0, 1, 2, "" }, /* 251 */ - { 0x01, 295, 1, 3, "organization" }, /* 252 */ - { 0x65, 271, 1, 4, "gov" }, /* 253 */ - { 0x03, 0, 1, 5, "csor" }, /* 254 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 255 */ - { 0x01, 266, 1, 7, "aes" }, /* 256 */ - { 0x02, 258, 0, 8, "id-aes128-CBC" }, /* 257 */ - { 0x06, 259, 0, 8, "id-aes128-GCM" }, /* 258 */ - { 0x07, 260, 0, 8, "id-aes128-CCM" }, /* 259 */ - { 0x16, 261, 0, 8, "id-aes192-CBC" }, /* 260 */ - { 0x1A, 262, 0, 8, "id-aes192-GCM" }, /* 261 */ - { 0x1B, 263, 0, 8, "id-aes192-CCM" }, /* 262 */ - { 0x2A, 264, 0, 8, "id-aes256-CBC" }, /* 263 */ - { 0x2E, 265, 0, 8, "id-aes256-GCM" }, /* 264 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 265 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 266 */ - { 0x01, 268, 0, 8, "id-SHA-256" }, /* 267 */ - { 0x02, 269, 0, 8, "id-SHA-384" }, /* 268 */ - { 0x03, 270, 0, 8, "id-SHA-512" }, /* 269 */ - { 0x04, 0, 0, 8, "id-SHA-224" }, /* 270 */ - { 0x86, 0, 1, 4, "" }, /* 271 */ - { 0xf8, 0, 1, 5, "" }, /* 272 */ - { 0x42, 285, 1, 6, "netscape" }, /* 273 */ - { 0x01, 280, 1, 7, "" }, /* 274 */ - { 0x01, 276, 0, 8, "nsCertType" }, /* 275 */ - { 0x03, 277, 0, 8, "nsRevocationUrl" }, /* 276 */ - { 0x04, 278, 0, 8, "nsCaRevocationUrl" }, /* 277 */ - { 0x08, 279, 0, 8, "nsCaPolicyUrl" }, /* 278 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 279 */ - { 0x03, 283, 1, 7, "directory" }, /* 280 */ - { 0x01, 0, 1, 8, "" }, /* 281 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 282 */ - { 0x04, 0, 1, 7, "policy" }, /* 283 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 284 */ - { 0x45, 0, 1, 6, "verisign" }, /* 285 */ - { 0x01, 0, 1, 7, "pki" }, /* 286 */ - { 0x09, 0, 1, 8, "attributes" }, /* 287 */ - { 0x02, 289, 0, 9, "messageType" }, /* 288 */ - { 0x03, 290, 0, 9, "pkiStatus" }, /* 289 */ - { 0x04, 291, 0, 9, "failInfo" }, /* 290 */ - { 0x05, 292, 0, 9, "senderNonce" }, /* 291 */ - { 0x06, 293, 0, 9, "recipientNonce" }, /* 292 */ - { 0x07, 294, 0, 9, "transID" }, /* 293 */ - { 0x08, 0, 0, 9, "extensionReq" }, /* 294 */ - { 0x86, 0, 1, 3, "old-netscape" }, /* 295 */ - { 0xF7, 0, 1, 4, "" }, /* 296 */ - { 0x0D, 0, 1, 5, "" }, /* 297 */ - { 0x01, 0, 1, 6, "" }, /* 298 */ - { 0x09, 0, 1, 7, "" }, /* 299 */ - { 0x01, 301, 0, 8, "emailAddress" }, /* 300 */ - { 0x02, 0, 0, 8, "unstructuredName" } /* 301 */ + { 0x17, 47, 0, 2, "holdInstructionCode" }, /* 46 */ + { 0x18, 48, 0, 2, "invalidityDate" }, /* 47 */ + { 0x1B, 49, 0, 2, "deltaCrlIndicator" }, /* 48 */ + { 0x1C, 50, 0, 2, "issuingDistributionPoint" }, /* 49 */ + { 0x1D, 51, 0, 2, "certificateIssuer" }, /* 50 */ + { 0x1E, 52, 0, 2, "nameConstraints" }, /* 51 */ + { 0x1F, 53, 0, 2, "crlDistributionPoints" }, /* 52 */ + { 0x20, 55, 1, 2, "certificatePolicies" }, /* 53 */ + { 0x00, 0, 0, 3, "anyPolicy" }, /* 54 */ + { 0x21, 56, 0, 2, "policyMappings" }, /* 55 */ + { 0x23, 57, 0, 2, "authorityKeyIdentifier" }, /* 56 */ + { 0x24, 58, 0, 2, "policyConstraints" }, /* 57 */ + { 0x25, 60, 1, 2, "extendedKeyUsage" }, /* 58 */ + { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 59 */ + { 0x2E, 61, 0, 2, "freshestCRL" }, /* 60 */ + { 0x36, 62, 0, 2, "inhibitAnyPolicy" }, /* 61 */ + { 0x37, 63, 0, 2, "targetInformation" }, /* 62 */ + { 0x38, 0, 0, 2, "noRevAvail" }, /* 63 */ + {0x2A, 161, 1, 0, "" }, /* 64 */ + { 0x83, 77, 1, 1, "" }, /* 65 */ + { 0x08, 0, 1, 2, "jp" }, /* 66 */ + { 0x8C, 0, 1, 3, "" }, /* 67 */ + { 0x9A, 0, 1, 4, "" }, /* 68 */ + { 0x4B, 0, 1, 5, "" }, /* 69 */ + { 0x3D, 0, 1, 6, "" }, /* 70 */ + { 0x01, 0, 1, 7, "security" }, /* 71 */ + { 0x01, 0, 1, 8, "algorithm" }, /* 72 */ + { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 73 */ + { 0x02, 75, 0, 10, "camellia128-cbc" }, /* 74 */ + { 0x03, 76, 0, 10, "camellia192-cbc" }, /* 75 */ + { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 76 */ + { 0x86, 0, 1, 1, "" }, /* 77 */ + { 0x48, 0, 1, 2, "us" }, /* 78 */ + { 0x86, 120, 1, 3, "" }, /* 79 */ + { 0xF6, 85, 1, 4, "" }, /* 80 */ + { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 81 */ + { 0x07, 0, 1, 6, "Entrust" }, /* 82 */ + { 0x41, 0, 1, 7, "nsn-ce" }, /* 83 */ + { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 84 */ + { 0xF7, 0, 1, 4, "" }, /* 85 */ + { 0x0D, 0, 1, 5, "RSADSI" }, /* 86 */ + { 0x01, 115, 1, 6, "PKCS" }, /* 87 */ + { 0x01, 97, 1, 7, "PKCS-1" }, /* 88 */ + { 0x01, 90, 0, 8, "rsaEncryption" }, /* 89 */ + { 0x02, 91, 0, 8, "md2WithRSAEncryption" }, /* 90 */ + { 0x04, 92, 0, 8, "md5WithRSAEncryption" }, /* 91 */ + { 0x05, 93, 0, 8, "sha-1WithRSAEncryption" }, /* 92 */ + { 0x0B, 94, 0, 8, "sha256WithRSAEncryption" }, /* 93 */ + { 0x0C, 95, 0, 8, "sha384WithRSAEncryption" }, /* 94 */ + { 0x0D, 96, 0, 8, "sha512WithRSAEncryption" }, /* 95 */ + { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 96 */ + { 0x07, 104, 1, 7, "PKCS-7" }, /* 97 */ + { 0x01, 99, 0, 8, "data" }, /* 98 */ + { 0x02, 100, 0, 8, "signedData" }, /* 99 */ + { 0x03, 101, 0, 8, "envelopedData" }, /* 100 */ + { 0x04, 102, 0, 8, "signedAndEnvelopedData" }, /* 101 */ + { 0x05, 103, 0, 8, "digestedData" }, /* 102 */ + { 0x06, 0, 0, 8, "encryptedData" }, /* 103 */ + { 0x09, 0, 1, 7, "PKCS-9" }, /* 104 */ + { 0x01, 106, 0, 8, "E" }, /* 105 */ + { 0x02, 107, 0, 8, "unstructuredName" }, /* 106 */ + { 0x03, 108, 0, 8, "contentType" }, /* 107 */ + { 0x04, 109, 0, 8, "messageDigest" }, /* 108 */ + { 0x05, 110, 0, 8, "signingTime" }, /* 109 */ + { 0x06, 111, 0, 8, "counterSignature" }, /* 110 */ + { 0x07, 112, 0, 8, "challengePassword" }, /* 111 */ + { 0x08, 113, 0, 8, "unstructuredAddress" }, /* 112 */ + { 0x0E, 114, 0, 8, "extensionRequest" }, /* 113 */ + { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 114 */ + { 0x02, 118, 1, 6, "digestAlgorithm" }, /* 115 */ + { 0x02, 117, 0, 7, "md2" }, /* 116 */ + { 0x05, 0, 0, 7, "md5" }, /* 117 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 118 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 119 */ + { 0xCE, 0, 1, 3, "" }, /* 120 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 121 */ + { 0x02, 124, 1, 5, "id-publicKeyType" }, /* 122 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 123 */ + { 0x03, 154, 1, 5, "ellipticCurve" }, /* 124 */ + { 0x00, 146, 1, 6, "c-TwoCurve" }, /* 125 */ + { 0x01, 127, 0, 7, "c2pnb163v1" }, /* 126 */ + { 0x02, 128, 0, 7, "c2pnb163v2" }, /* 127 */ + { 0x03, 129, 0, 7, "c2pnb163v3" }, /* 128 */ + { 0x04, 130, 0, 7, "c2pnb176w1" }, /* 129 */ + { 0x05, 131, 0, 7, "c2tnb191v1" }, /* 130 */ + { 0x06, 132, 0, 7, "c2tnb191v2" }, /* 131 */ + { 0x07, 133, 0, 7, "c2tnb191v3" }, /* 132 */ + { 0x08, 134, 0, 7, "c2onb191v4" }, /* 133 */ + { 0x09, 135, 0, 7, "c2onb191v5" }, /* 134 */ + { 0x0A, 136, 0, 7, "c2pnb208w1" }, /* 135 */ + { 0x0B, 137, 0, 7, "c2tnb239v1" }, /* 136 */ + { 0x0C, 138, 0, 7, "c2tnb239v2" }, /* 137 */ + { 0x0D, 139, 0, 7, "c2tnb239v3" }, /* 138 */ + { 0x0E, 140, 0, 7, "c2onb239v4" }, /* 139 */ + { 0x0F, 141, 0, 7, "c2onb239v5" }, /* 140 */ + { 0x10, 142, 0, 7, "c2pnb272w1" }, /* 141 */ + { 0x11, 143, 0, 7, "c2pnb304w1" }, /* 142 */ + { 0x12, 144, 0, 7, "c2tnb359v1" }, /* 143 */ + { 0x13, 145, 0, 7, "c2pnb368w1" }, /* 144 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 145 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 146 */ + { 0x01, 148, 0, 7, "prime192v1" }, /* 147 */ + { 0x02, 149, 0, 7, "prime192v2" }, /* 148 */ + { 0x03, 150, 0, 7, "prime192v3" }, /* 149 */ + { 0x04, 151, 0, 7, "prime239v1" }, /* 150 */ + { 0x05, 152, 0, 7, "prime239v2" }, /* 151 */ + { 0x06, 153, 0, 7, "prime239v3" }, /* 152 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 153 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 154 */ + { 0x01, 156, 0, 6, "ecdsa-with-SHA1" }, /* 155 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 156 */ + { 0x01, 158, 0, 7, "ecdsa-with-SHA224" }, /* 157 */ + { 0x02, 159, 0, 7, "ecdsa-with-SHA256" }, /* 158 */ + { 0x03, 160, 0, 7, "ecdsa-with-SHA384" }, /* 159 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 160 */ + {0x2B, 307, 1, 0, "" }, /* 161 */ + { 0x06, 221, 1, 1, "dod" }, /* 162 */ + { 0x01, 0, 1, 2, "internet" }, /* 163 */ + { 0x04, 182, 1, 3, "private" }, /* 164 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 165 */ + { 0x82, 175, 1, 5, "" }, /* 166 */ + { 0x37, 0, 1, 6, "Microsoft" }, /* 167 */ + { 0x0A, 172, 1, 7, "" }, /* 168 */ + { 0x03, 0, 1, 8, "" }, /* 169 */ + { 0x03, 171, 0, 9, "msSGC" }, /* 170 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 171 */ + { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 172 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 173 */ + { 0x02, 0, 0, 9, "msSmartcardLogon" }, /* 174 */ + { 0x89, 0, 1, 5, "" }, /* 175 */ + { 0x31, 0, 1, 6, "" }, /* 176 */ + { 0x01, 0, 1, 7, "" }, /* 177 */ + { 0x01, 0, 1, 8, "" }, /* 178 */ + { 0x02, 0, 1, 9, "" }, /* 179 */ + { 0x02, 181, 0, 10, "" }, /* 180 */ + { 0x4B, 0, 0, 10, "TCGID" }, /* 181 */ + { 0x05, 0, 1, 3, "security" }, /* 182 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 183 */ + { 0x07, 0, 1, 5, "id-pkix" }, /* 184 */ + { 0x01, 188, 1, 6, "id-pe" }, /* 185 */ + { 0x01, 187, 0, 7, "authorityInfoAccess" }, /* 186 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 187 */ + { 0x02, 191, 1, 6, "id-qt" }, /* 188 */ + { 0x01, 190, 0, 7, "cps" }, /* 189 */ + { 0x02, 0, 0, 7, "unotice" }, /* 190 */ + { 0x03, 201, 1, 6, "id-kp" }, /* 191 */ + { 0x01, 193, 0, 7, "serverAuth" }, /* 192 */ + { 0x02, 194, 0, 7, "clientAuth" }, /* 193 */ + { 0x03, 195, 0, 7, "codeSigning" }, /* 194 */ + { 0x04, 196, 0, 7, "emailProtection" }, /* 195 */ + { 0x05, 197, 0, 7, "ipsecEndSystem" }, /* 196 */ + { 0x06, 198, 0, 7, "ipsecTunnel" }, /* 197 */ + { 0x07, 199, 0, 7, "ipsecUser" }, /* 198 */ + { 0x08, 200, 0, 7, "timeStamping" }, /* 199 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 200 */ + { 0x08, 203, 1, 6, "id-otherNames" }, /* 201 */ + { 0x05, 0, 0, 7, "xmppAddr" }, /* 202 */ + { 0x0A, 208, 1, 6, "id-aca" }, /* 203 */ + { 0x01, 205, 0, 7, "authenticationInfo" }, /* 204 */ + { 0x02, 206, 0, 7, "accessIdentity" }, /* 205 */ + { 0x03, 207, 0, 7, "chargingIdentity" }, /* 206 */ + { 0x04, 0, 0, 7, "group" }, /* 207 */ + { 0x0B, 209, 0, 6, "subjectInfoAccess" }, /* 208 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 209 */ + { 0x01, 218, 1, 7, "ocsp" }, /* 210 */ + { 0x01, 212, 0, 8, "basic" }, /* 211 */ + { 0x02, 213, 0, 8, "nonce" }, /* 212 */ + { 0x03, 214, 0, 8, "crl" }, /* 213 */ + { 0x04, 215, 0, 8, "response" }, /* 214 */ + { 0x05, 216, 0, 8, "noCheck" }, /* 215 */ + { 0x06, 217, 0, 8, "archiveCutoff" }, /* 216 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 217 */ + { 0x02, 219, 0, 7, "caIssuers" }, /* 218 */ + { 0x03, 220, 0, 7, "timeStamping" }, /* 219 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 220 */ + { 0x0E, 227, 1, 1, "oiw" }, /* 221 */ + { 0x03, 0, 1, 2, "secsig" }, /* 222 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 223 */ + { 0x07, 225, 0, 4, "des-cbc" }, /* 224 */ + { 0x1A, 226, 0, 4, "sha-1" }, /* 225 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 226 */ + { 0x24, 273, 1, 1, "TeleTrusT" }, /* 227 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 228 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 229 */ + { 0x01, 234, 1, 4, "rsaSignature" }, /* 230 */ + { 0x02, 232, 0, 5, "rsaSigWithripemd160" }, /* 231 */ + { 0x03, 233, 0, 5, "rsaSigWithripemd128" }, /* 232 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 233 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 234 */ + { 0x01, 236, 0, 5, "ecSignWithsha1" }, /* 235 */ + { 0x02, 237, 0, 5, "ecSignWithripemd160" }, /* 236 */ + { 0x03, 238, 0, 5, "ecSignWithmd2" }, /* 237 */ + { 0x04, 239, 0, 5, "ecSignWithmd5" }, /* 238 */ + { 0x05, 256, 1, 5, "ttt-ecg" }, /* 239 */ + { 0x01, 244, 1, 6, "fieldType" }, /* 240 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 241 */ + { 0x01, 0, 1, 8, "basisType" }, /* 242 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 243 */ + { 0x02, 246, 1, 6, "keyType" }, /* 244 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 245 */ + { 0x03, 247, 0, 6, "curve" }, /* 246 */ + { 0x04, 254, 1, 6, "signatures" }, /* 247 */ + { 0x01, 249, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 248 */ + { 0x02, 250, 0, 7, "ecgdsa-with-SHA1" }, /* 249 */ + { 0x03, 251, 0, 7, "ecgdsa-with-SHA224" }, /* 250 */ + { 0x04, 252, 0, 7, "ecgdsa-with-SHA256" }, /* 251 */ + { 0x05, 253, 0, 7, "ecgdsa-with-SHA384" }, /* 252 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 253 */ + { 0x05, 0, 1, 6, "module" }, /* 254 */ + { 0x01, 0, 0, 7, "1" }, /* 255 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 256 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 257 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 258 */ + { 0x01, 260, 0, 8, "brainpoolP160r1" }, /* 259 */ + { 0x02, 261, 0, 8, "brainpoolP160t1" }, /* 260 */ + { 0x03, 262, 0, 8, "brainpoolP192r1" }, /* 261 */ + { 0x04, 263, 0, 8, "brainpoolP192t1" }, /* 262 */ + { 0x05, 264, 0, 8, "brainpoolP224r1" }, /* 263 */ + { 0x06, 265, 0, 8, "brainpoolP224t1" }, /* 264 */ + { 0x07, 266, 0, 8, "brainpoolP256r1" }, /* 265 */ + { 0x08, 267, 0, 8, "brainpoolP256t1" }, /* 266 */ + { 0x09, 268, 0, 8, "brainpoolP320r1" }, /* 267 */ + { 0x0A, 269, 0, 8, "brainpoolP320t1" }, /* 268 */ + { 0x0B, 270, 0, 8, "brainpoolP384r1" }, /* 269 */ + { 0x0C, 271, 0, 8, "brainpoolP384t1" }, /* 270 */ + { 0x0D, 272, 0, 8, "brainpoolP512r1" }, /* 271 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 272 */ + { 0x81, 0, 1, 1, "" }, /* 273 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 274 */ + { 0x00, 0, 1, 3, "curve" }, /* 275 */ + { 0x01, 277, 0, 4, "sect163k1" }, /* 276 */ + { 0x02, 278, 0, 4, "sect163r1" }, /* 277 */ + { 0x03, 279, 0, 4, "sect239k1" }, /* 278 */ + { 0x04, 280, 0, 4, "sect113r1" }, /* 279 */ + { 0x05, 281, 0, 4, "sect113r2" }, /* 280 */ + { 0x06, 282, 0, 4, "secp112r1" }, /* 281 */ + { 0x07, 283, 0, 4, "secp112r2" }, /* 282 */ + { 0x08, 284, 0, 4, "secp160r1" }, /* 283 */ + { 0x09, 285, 0, 4, "secp160k1" }, /* 284 */ + { 0x0A, 286, 0, 4, "secp256k1" }, /* 285 */ + { 0x0F, 287, 0, 4, "sect163r2" }, /* 286 */ + { 0x10, 288, 0, 4, "sect283k1" }, /* 287 */ + { 0x11, 289, 0, 4, "sect283r1" }, /* 288 */ + { 0x16, 290, 0, 4, "sect131r1" }, /* 289 */ + { 0x17, 291, 0, 4, "sect131r2" }, /* 290 */ + { 0x18, 292, 0, 4, "sect193r1" }, /* 291 */ + { 0x19, 293, 0, 4, "sect193r2" }, /* 292 */ + { 0x1A, 294, 0, 4, "sect233k1" }, /* 293 */ + { 0x1B, 295, 0, 4, "sect233r1" }, /* 294 */ + { 0x1C, 296, 0, 4, "secp128r1" }, /* 295 */ + { 0x1D, 297, 0, 4, "secp128r2" }, /* 296 */ + { 0x1E, 298, 0, 4, "secp160r2" }, /* 297 */ + { 0x1F, 299, 0, 4, "secp192k1" }, /* 298 */ + { 0x20, 300, 0, 4, "secp224k1" }, /* 299 */ + { 0x21, 301, 0, 4, "secp224r1" }, /* 300 */ + { 0x22, 302, 0, 4, "secp384r1" }, /* 301 */ + { 0x23, 303, 0, 4, "secp521r1" }, /* 302 */ + { 0x24, 304, 0, 4, "sect409k1" }, /* 303 */ + { 0x25, 305, 0, 4, "sect409r1" }, /* 304 */ + { 0x26, 306, 0, 4, "sect571k1" }, /* 305 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 306 */ + {0x60, 0, 1, 0, "" }, /* 307 */ + { 0x86, 0, 1, 1, "" }, /* 308 */ + { 0x48, 0, 1, 2, "" }, /* 309 */ + { 0x01, 0, 1, 3, "organization" }, /* 310 */ + { 0x65, 329, 1, 4, "gov" }, /* 311 */ + { 0x03, 0, 1, 5, "csor" }, /* 312 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 313 */ + { 0x01, 324, 1, 7, "aes" }, /* 314 */ + { 0x02, 316, 0, 8, "id-aes128-CBC" }, /* 315 */ + { 0x06, 317, 0, 8, "id-aes128-GCM" }, /* 316 */ + { 0x07, 318, 0, 8, "id-aes128-CCM" }, /* 317 */ + { 0x16, 319, 0, 8, "id-aes192-CBC" }, /* 318 */ + { 0x1A, 320, 0, 8, "id-aes192-GCM" }, /* 319 */ + { 0x1B, 321, 0, 8, "id-aes192-CCM" }, /* 320 */ + { 0x2A, 322, 0, 8, "id-aes256-CBC" }, /* 321 */ + { 0x2E, 323, 0, 8, "id-aes256-GCM" }, /* 322 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 323 */ + { 0x02, 0, 1, 7, "hashalgs" }, /* 324 */ + { 0x01, 326, 0, 8, "id-SHA-256" }, /* 325 */ + { 0x02, 327, 0, 8, "id-SHA-384" }, /* 326 */ + { 0x03, 328, 0, 8, "id-SHA-512" }, /* 327 */ + { 0x04, 0, 0, 8, "id-SHA-224" }, /* 328 */ + { 0x86, 0, 1, 4, "" }, /* 329 */ + { 0xf8, 0, 1, 5, "" }, /* 330 */ + { 0x42, 343, 1, 6, "netscape" }, /* 331 */ + { 0x01, 338, 1, 7, "" }, /* 332 */ + { 0x01, 334, 0, 8, "nsCertType" }, /* 333 */ + { 0x03, 335, 0, 8, "nsRevocationUrl" }, /* 334 */ + { 0x04, 336, 0, 8, "nsCaRevocationUrl" }, /* 335 */ + { 0x08, 337, 0, 8, "nsCaPolicyUrl" }, /* 336 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 337 */ + { 0x03, 341, 1, 7, "directory" }, /* 338 */ + { 0x01, 0, 1, 8, "" }, /* 339 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 340 */ + { 0x04, 0, 1, 7, "policy" }, /* 341 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 342 */ + { 0x45, 0, 1, 6, "verisign" }, /* 343 */ + { 0x01, 0, 1, 7, "pki" }, /* 344 */ + { 0x09, 0, 1, 8, "attributes" }, /* 345 */ + { 0x02, 347, 0, 9, "messageType" }, /* 346 */ + { 0x03, 348, 0, 9, "pkiStatus" }, /* 347 */ + { 0x04, 349, 0, 9, "failInfo" }, /* 348 */ + { 0x05, 350, 0, 9, "senderNonce" }, /* 349 */ + { 0x06, 351, 0, 9, "recipientNonce" }, /* 350 */ + { 0x07, 352, 0, 9, "transID" }, /* 351 */ + { 0x08, 353, 0, 9, "extensionReq" }, /* 352 */ + { 0x08, 0, 0, 9, "extensionReq" } /* 353 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index b7241af8d..32e2eb033 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -45,146 +45,162 @@ extern const oid_t oid_names[]; #define OID_BASIC_CONSTRAINTS 43 #define OID_CRL_NUMBER 44 #define OID_CRL_REASON_CODE 45 -#define OID_CRL_DISTRIBUTION_POINTS 46 -#define OID_AUTHORITY_KEY_ID 48 -#define OID_EXTENDED_KEY_USAGE 49 -#define OID_TARGET_INFORMATION 50 -#define OID_NO_REV_AVAIL 51 -#define OID_CAMELLIA128_CBC 62 -#define OID_CAMELLIA192_CBC 63 -#define OID_CAMELLIA256_CBC 64 -#define OID_RSA_ENCRYPTION 77 -#define OID_MD2_WITH_RSA 78 -#define OID_MD5_WITH_RSA 79 -#define OID_SHA1_WITH_RSA 80 -#define OID_SHA256_WITH_RSA 81 -#define OID_SHA384_WITH_RSA 82 -#define OID_SHA512_WITH_RSA 83 -#define OID_SHA224_WITH_RSA 84 -#define OID_PKCS7_DATA 86 -#define OID_PKCS7_SIGNED_DATA 87 -#define OID_PKCS7_ENVELOPED_DATA 88 -#define OID_PKCS7_SIGNED_ENVELOPED_DATA 89 -#define OID_PKCS7_DIGESTED_DATA 90 -#define OID_PKCS7_ENCRYPTED_DATA 91 -#define OID_PKCS9_EMAIL 93 -#define OID_PKCS9_CONTENT_TYPE 95 -#define OID_PKCS9_MESSAGE_DIGEST 96 -#define OID_PKCS9_SIGNING_TIME 97 -#define OID_MD2 104 -#define OID_MD5 105 -#define OID_3DES_EDE_CBC 107 -#define OID_EC_PUBLICKEY 111 -#define OID_C2PNB163V1 114 -#define OID_C2PNB163V2 115 -#define OID_C2PNB163V3 116 -#define OID_C2PNB176W1 117 -#define OID_C2PNB191V1 118 -#define OID_C2PNB191V2 119 -#define OID_C2PNB191V3 120 -#define OID_C2PNB191V4 121 -#define OID_C2PNB191V5 122 -#define OID_C2PNB208W1 123 -#define OID_C2PNB239V1 124 -#define OID_C2PNB239V2 125 -#define OID_C2PNB239V3 126 -#define OID_C2PNB239V4 127 -#define OID_C2PNB239V5 128 -#define OID_C2PNB272W1 129 -#define OID_C2PNB304W1 130 -#define OID_C2PNB359V1 131 -#define OID_C2PNB368W1 132 -#define OID_C2PNB431R1 133 -#define OID_PRIME192V1 135 -#define OID_PRIME192V2 136 -#define OID_PRIME192V3 137 -#define OID_PRIME239V1 138 -#define OID_PRIME239V2 139 -#define OID_PRIME239V3 140 -#define OID_PRIME256V1 141 -#define OID_ECDSA_WITH_SHA1 143 -#define OID_ECDSA_WITH_SHA224 145 -#define OID_ECDSA_WITH_SHA256 146 -#define OID_ECDSA_WITH_SHA384 147 -#define OID_ECDSA_WITH_SHA512 148 -#define OID_TCGID 169 -#define OID_AUTHORITY_INFO_ACCESS 174 -#define OID_OCSP_SIGNING 184 -#define OID_XMPP_ADDR 186 -#define OID_AUTHENTICATION_INFO 188 -#define OID_ACCESS_IDENTITY 189 -#define OID_CHARGING_IDENTITY 190 -#define OID_GROUP 191 -#define OID_OCSP 193 -#define OID_BASIC 194 -#define OID_NONCE 195 -#define OID_CRL 196 -#define OID_RESPONSE 197 -#define OID_NO_CHECK 198 -#define OID_ARCHIVE_CUTOFF 199 -#define OID_SERVICE_LOCATOR 200 -#define OID_CA_ISSUERS 201 -#define OID_DES_CBC 205 -#define OID_SHA1 206 -#define OID_SHA1_WITH_RSA_OIW 207 -#define OID_SECT163K1 218 -#define OID_SECT163R1 219 -#define OID_SECT239K1 220 -#define OID_SECT113R1 221 -#define OID_SECT113R2 222 -#define OID_SECT112R1 223 -#define OID_SECT112R2 224 -#define OID_SECT160R1 225 -#define OID_SECT160K1 226 -#define OID_SECT256K1 227 -#define OID_SECT163R2 228 -#define OID_SECT283K1 229 -#define OID_SECT283R1 230 -#define OID_SECT131R1 231 -#define OID_SECT131R2 232 -#define OID_SECT193R1 233 -#define OID_SECT193R2 234 -#define OID_SECT233K1 235 -#define OID_SECT233R1 236 -#define OID_SECT128R1 237 -#define OID_SECT128R2 238 -#define OID_SECT160R2 239 -#define OID_SECT192K1 240 -#define OID_SECT224K1 241 -#define OID_SECT224R1 242 -#define OID_SECT384R1 243 -#define OID_SECT521R1 244 -#define OID_SECT409K1 245 -#define OID_SECT409R1 246 -#define OID_SECT571K1 247 -#define OID_SECT571R1 248 -#define OID_AES128_CBC 257 -#define OID_AES128_GCM 258 -#define OID_AES128_CCM 259 -#define OID_AES192_CBC 260 -#define OID_AES192_GCM 261 -#define OID_AES192_CCM 262 -#define OID_AES256_CBC 263 -#define OID_AES256_GCM 264 -#define OID_AES256_CCM 265 -#define OID_SHA256 267 -#define OID_SHA384 268 -#define OID_SHA512 269 -#define OID_SHA224 270 -#define OID_NS_REVOCATION_URL 276 -#define OID_NS_CA_REVOCATION_URL 277 -#define OID_NS_CA_POLICY_URL 278 -#define OID_NS_COMMENT 279 -#define OID_EMPLOYEE_NUMBER 282 -#define OID_PKI_MESSAGE_TYPE 288 -#define OID_PKI_STATUS 289 -#define OID_PKI_FAIL_INFO 290 -#define OID_PKI_SENDER_NONCE 291 -#define OID_PKI_RECIPIENT_NONCE 292 -#define OID_PKI_TRANS_ID 293 -#define OID_EMAIL_ADDRESS 300 -#define OID_UNSTRUCTURED_NAME 301 +#define OID_DELTA_CRL_INDICATOR 48 +#define OID_NAME_CONSTRAINTS 51 +#define OID_CRL_DISTRIBUTION_POINTS 52 +#define OID_ANY_POLICY 54 +#define OID_AUTHORITY_KEY_ID 56 +#define OID_EXTENDED_KEY_USAGE 58 +#define OID_FRESHEST_CRL 60 +#define OID_INHIBIT_ANY_POLICY 61 +#define OID_TARGET_INFORMATION 62 +#define OID_NO_REV_AVAIL 63 +#define OID_CAMELLIA128_CBC 74 +#define OID_CAMELLIA192_CBC 75 +#define OID_CAMELLIA256_CBC 76 +#define OID_RSA_ENCRYPTION 89 +#define OID_MD2_WITH_RSA 90 +#define OID_MD5_WITH_RSA 91 +#define OID_SHA1_WITH_RSA 92 +#define OID_SHA256_WITH_RSA 93 +#define OID_SHA384_WITH_RSA 94 +#define OID_SHA512_WITH_RSA 95 +#define OID_SHA224_WITH_RSA 96 +#define OID_PKCS7_DATA 98 +#define OID_PKCS7_SIGNED_DATA 99 +#define OID_PKCS7_ENVELOPED_DATA 100 +#define OID_PKCS7_SIGNED_ENVELOPED_DATA 101 +#define OID_PKCS7_DIGESTED_DATA 102 +#define OID_PKCS7_ENCRYPTED_DATA 103 +#define OID_EMAIL_ADDRESS 105 +#define OID_UNSTRUCTURED_NAME 106 +#define OID_PKCS9_CONTENT_TYPE 107 +#define OID_PKCS9_MESSAGE_DIGEST 108 +#define OID_PKCS9_SIGNING_TIME 109 +#define OID_CHALLENGE_PASSWORD 111 +#define OID_EXTENSION_REQUEST 113 +#define OID_MD2 116 +#define OID_MD5 117 +#define OID_3DES_EDE_CBC 119 +#define OID_EC_PUBLICKEY 123 +#define OID_C2PNB163V1 126 +#define OID_C2PNB163V2 127 +#define OID_C2PNB163V3 128 +#define OID_C2PNB176W1 129 +#define OID_C2PNB191V1 130 +#define OID_C2PNB191V2 131 +#define OID_C2PNB191V3 132 +#define OID_C2PNB191V4 133 +#define OID_C2PNB191V5 134 +#define OID_C2PNB208W1 135 +#define OID_C2PNB239V1 136 +#define OID_C2PNB239V2 137 +#define OID_C2PNB239V3 138 +#define OID_C2PNB239V4 139 +#define OID_C2PNB239V5 140 +#define OID_C2PNB272W1 141 +#define OID_C2PNB304W1 142 +#define OID_C2PNB359V1 143 +#define OID_C2PNB368W1 144 +#define OID_C2PNB431R1 145 +#define OID_PRIME192V1 147 +#define OID_PRIME192V2 148 +#define OID_PRIME192V3 149 +#define OID_PRIME239V1 150 +#define OID_PRIME239V2 151 +#define OID_PRIME239V3 152 +#define OID_PRIME256V1 153 +#define OID_ECDSA_WITH_SHA1 155 +#define OID_ECDSA_WITH_SHA224 157 +#define OID_ECDSA_WITH_SHA256 158 +#define OID_ECDSA_WITH_SHA384 159 +#define OID_ECDSA_WITH_SHA512 160 +#define OID_TCGID 181 +#define OID_AUTHORITY_INFO_ACCESS 186 +#define OID_IP_ADDR_BLOCKS 187 +#define OID_SERVER_AUTH 192 +#define OID_CLIENT_AUTH 193 +#define OID_OCSP_SIGNING 200 +#define OID_XMPP_ADDR 202 +#define OID_AUTHENTICATION_INFO 204 +#define OID_ACCESS_IDENTITY 205 +#define OID_CHARGING_IDENTITY 206 +#define OID_GROUP 207 +#define OID_OCSP 210 +#define OID_BASIC 211 +#define OID_NONCE 212 +#define OID_CRL 213 +#define OID_RESPONSE 214 +#define OID_NO_CHECK 215 +#define OID_ARCHIVE_CUTOFF 216 +#define OID_SERVICE_LOCATOR 217 +#define OID_CA_ISSUERS 218 +#define OID_DES_CBC 224 +#define OID_SHA1 225 +#define OID_SHA1_WITH_RSA_OIW 226 +#define OID_ECGDSA_PUBKEY 245 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 248 +#define OID_ECGDSA_SIG_WITH_SHA1 249 +#define OID_ECGDSA_SIG_WITH_SHA224 250 +#define OID_ECGDSA_SIG_WITH_SHA256 251 +#define OID_ECGDSA_SIG_WITH_SHA384 252 +#define OID_ECGDSA_SIG_WITH_SHA512 253 +#define OID_SECT163K1 276 +#define OID_SECT163R1 277 +#define OID_SECT239K1 278 +#define OID_SECT113R1 279 +#define OID_SECT113R2 280 +#define OID_SECT112R1 281 +#define OID_SECT112R2 282 +#define OID_SECT160R1 283 +#define OID_SECT160K1 284 +#define OID_SECT256K1 285 +#define OID_SECT163R2 286 +#define OID_SECT283K1 287 +#define OID_SECT283R1 288 +#define OID_SECT131R1 289 +#define OID_SECT131R2 290 +#define OID_SECT193R1 291 +#define OID_SECT193R2 292 +#define OID_SECT233K1 293 +#define OID_SECT233R1 294 +#define OID_SECT128R1 295 +#define OID_SECT128R2 296 +#define OID_SECT160R2 297 +#define OID_SECT192K1 298 +#define OID_SECT224K1 299 +#define OID_SECT224R1 300 +#define OID_SECT384R1 301 +#define OID_SECT521R1 302 +#define OID_SECT409K1 303 +#define OID_SECT409R1 304 +#define OID_SECT571K1 305 +#define OID_SECT571R1 306 +#define OID_AES128_CBC 315 +#define OID_AES128_GCM 316 +#define OID_AES128_CCM 317 +#define OID_AES192_CBC 318 +#define OID_AES192_GCM 319 +#define OID_AES192_CCM 320 +#define OID_AES256_CBC 321 +#define OID_AES256_GCM 322 +#define OID_AES256_CCM 323 +#define OID_SHA256 325 +#define OID_SHA384 326 +#define OID_SHA512 327 +#define OID_SHA224 328 +#define OID_NS_REVOCATION_URL 334 +#define OID_NS_CA_REVOCATION_URL 335 +#define OID_NS_CA_POLICY_URL 336 +#define OID_NS_COMMENT 337 +#define OID_EMPLOYEE_NUMBER 340 +#define OID_PKI_MESSAGE_TYPE 346 +#define OID_PKI_STATUS 347 +#define OID_PKI_FAIL_INFO 348 +#define OID_PKI_SENDER_NONCE 349 +#define OID_PKI_RECIPIENT_NONCE 350 +#define OID_PKI_TRANS_ID 351 -#define OID_MAX 302 +#define OID_MAX 354 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index 5adca6289..203bc1f28 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -44,10 +44,22 @@ 0x13 "basicConstraints" OID_BASIC_CONSTRAINTS 0x14 "crlNumber" OID_CRL_NUMBER 0x15 "reasonCode" OID_CRL_REASON_CODE + 0x17 "holdInstructionCode" + 0x18 "invalidityDate" + 0x1B "deltaCrlIndicator" OID_DELTA_CRL_INDICATOR + 0x1C "issuingDistributionPoint" + 0x1D "certificateIssuer" + 0x1E "nameConstraints" OID_NAME_CONSTRAINTS 0x1F "crlDistributionPoints" OID_CRL_DISTRIBUTION_POINTS 0x20 "certificatePolicies" + 0x00 "anyPolicy" OID_ANY_POLICY + 0x21 "policyMappings" 0x23 "authorityKeyIdentifier" OID_AUTHORITY_KEY_ID + 0x24 "policyConstraints" 0x25 "extendedKeyUsage" OID_EXTENDED_KEY_USAGE + 0x00 "anyExtendedKeyUsage" + 0x2E "freshestCRL" OID_FRESHEST_CRL + 0x36 "inhibitAnyPolicy" OID_INHIBIT_ANY_POLICY 0x37 "targetInformation" OID_TARGET_INFORMATION 0x38 "noRevAvail" OID_NO_REV_AVAIL 0x2A "" @@ -91,15 +103,15 @@ 0x05 "digestedData" OID_PKCS7_DIGESTED_DATA 0x06 "encryptedData" OID_PKCS7_ENCRYPTED_DATA 0x09 "PKCS-9" - 0x01 "E" OID_PKCS9_EMAIL - 0x02 "unstructuredName" + 0x01 "E" OID_EMAIL_ADDRESS + 0x02 "unstructuredName" OID_UNSTRUCTURED_NAME 0x03 "contentType" OID_PKCS9_CONTENT_TYPE 0x04 "messageDigest" OID_PKCS9_MESSAGE_DIGEST 0x05 "signingTime" OID_PKCS9_SIGNING_TIME 0x06 "counterSignature" - 0x07 "challengePassword" + 0x07 "challengePassword" OID_CHALLENGE_PASSWORD 0x08 "unstructuredAddress" - 0x0E "extensionRequest" + 0x0E "extensionRequest" OID_EXTENSION_REQUEST 0x0F "S/MIME Capabilities" 0x02 "digestAlgorithm" 0x02 "md2" OID_MD2 @@ -173,9 +185,13 @@ 0x07 "id-pkix" 0x01 "id-pe" 0x01 "authorityInfoAccess" OID_AUTHORITY_INFO_ACCESS + 0x07 "ipAddrBlocks" OID_IP_ADDR_BLOCKS + 0x02 "id-qt" + 0x01 "cps" + 0x02 "unotice" 0x03 "id-kp" - 0x01 "serverAuth" - 0x02 "clientAuth" + 0x01 "serverAuth" OID_SERVER_AUTH + 0x02 "clientAuth" OID_CLIENT_AUTH 0x03 "codeSigning" 0x04 "emailProtection" 0x05 "ipsecEndSystem" @@ -190,6 +206,7 @@ 0x02 "accessIdentity" OID_ACCESS_IDENTITY 0x03 "chargingIdentity" OID_CHARGING_IDENTITY 0x04 "group" OID_GROUP + 0x0B "subjectInfoAccess" 0x30 "id-ad" 0x01 "ocsp" OID_OCSP 0x01 "basic" OID_BASIC @@ -200,6 +217,8 @@ 0x06 "archiveCutoff" OID_ARCHIVE_CUTOFF 0x07 "serviceLocator" OID_SERVICE_LOCATOR 0x02 "caIssuers" OID_CA_ISSUERS + 0x03 "timeStamping" + 0x05 "caRepository" 0x0E "oiw" 0x03 "secsig" 0x02 "algorithms" @@ -213,6 +232,45 @@ 0x02 "rsaSigWithripemd160" 0x03 "rsaSigWithripemd128" 0x04 "rsaSigWithripemd256" + 0x02 "ecSign" + 0x01 "ecSignWithsha1" + 0x02 "ecSignWithripemd160" + 0x03 "ecSignWithmd2" + 0x04 "ecSignWithmd5" + 0x05 "ttt-ecg" + 0x01 "fieldType" + 0x01 "characteristictwoField" + 0x01 "basisType" + 0x01 "ipBasis" + 0x02 "keyType" + 0x01 "ecgPublicKey" OID_ECGDSA_PUBKEY + 0x03 "curve" + 0x04 "signatures" + 0x01 "ecgdsa-with-RIPEMD160" OID_ECGDSA_SIG_WITH_RIPEMD160 + 0x02 "ecgdsa-with-SHA1" OID_ECGDSA_SIG_WITH_SHA1 + 0x03 "ecgdsa-with-SHA224" OID_ECGDSA_SIG_WITH_SHA224 + 0x04 "ecgdsa-with-SHA256" OID_ECGDSA_SIG_WITH_SHA256 + 0x05 "ecgdsa-with-SHA384" OID_ECGDSA_SIG_WITH_SHA384 + 0x06 "ecgdsa-with-SHA512" OID_ECGDSA_SIG_WITH_SHA512 + 0x05 "module" + 0x01 "1" + 0x08 "ecStdCurvesAndGeneration" + 0x01 "ellipticCurve" + 0x01 "versionOne" + 0x01 "brainpoolP160r1" + 0x02 "brainpoolP160t1" + 0x03 "brainpoolP192r1" + 0x04 "brainpoolP192t1" + 0x05 "brainpoolP224r1" + 0x06 "brainpoolP224t1" + 0x07 "brainpoolP256r1" + 0x08 "brainpoolP256t1" + 0x09 "brainpoolP320r1" + 0x0A "brainpoolP320t1" + 0x0B "brainpoolP384r1" + 0x0C "brainpoolP384t1" + 0x0D "brainpoolP512r1" + 0x0E "brainpoolP512t1" 0x81 "" 0x04 "Certicom" 0x00 "curve" @@ -293,10 +351,4 @@ 0x06 "recipientNonce" OID_PKI_RECIPIENT_NONCE 0x07 "transID" OID_PKI_TRANS_ID 0x08 "extensionReq" - 0x86 "old-netscape" - 0xF7 "" - 0x0D "" - 0x01 "" - 0x09 "" - 0x01 "emailAddress" OID_EMAIL_ADDRESS - 0x02 "unstructuredName" OID_UNSTRUCTURED_NAME + diff --git a/src/libstrongswan/asn1/pem.c b/src/libstrongswan/asn1/pem.c deleted file mode 100755 index 059795548..000000000 --- a/src/libstrongswan/asn1/pem.c +++ /dev/null @@ -1,393 +0,0 @@ -/* - * Copyright (C) 2001-2008 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <errno.h> -#include <string.h> -#include <stddef.h> -#include <sys/types.h> - -#include "pem.h" - -#include <library.h> -#include <debug.h> -#include <asn1/asn1.h> - -#include <utils/lexparser.h> -#include <crypto/hashers/hasher.h> -#include <crypto/crypters/crypter.h> - -#define PKCS5_SALT_LEN 8 /* bytes */ - -/** - * check the presence of a pattern in a character string - */ -static bool present(const char* pattern, chunk_t* ch) -{ - u_int pattern_len = strlen(pattern); - - if (ch->len >= pattern_len && strneq(ch->ptr, pattern, pattern_len)) - { - ch->ptr += pattern_len; - ch->len -= pattern_len; - return TRUE; - } - return FALSE; -} - -/** - * find a boundary of the form -----tag name----- - */ -static bool find_boundary(const char* tag, chunk_t *line) -{ - chunk_t name = chunk_empty; - - if (!present("-----", line)) - return FALSE; - if (!present(tag, line)) - return FALSE; - if (*line->ptr != ' ') - return FALSE; - line->ptr++; line->len--; - - /* extract name */ - name.ptr = line->ptr; - while (line->len > 0) - { - if (present("-----", line)) - { - DBG2(" -----%s %.*s-----", tag, (int)name.len, name.ptr); - return TRUE; - } - line->ptr++; line->len--; name.len++; - } - return FALSE; -} - -/* - * decrypts a passphrase protected encrypted data block - */ -static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_size, - chunk_t *iv, chunk_t passphrase) -{ - hasher_t *hasher; - crypter_t *crypter; - chunk_t salt = { iv->ptr, PKCS5_SALT_LEN }; - chunk_t hash; - chunk_t decrypted; - chunk_t key = {alloca(key_size), key_size}; - u_int8_t padding, *last_padding_pos, *first_padding_pos; - - if (passphrase.len == 0) - { - DBG1(" missing passphrase"); - return INVALID_ARG; - } - - /* build key from passphrase and IV */ - hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - if (hasher == NULL) - { - DBG1(" MD5 hash algorithm not available"); - return NOT_SUPPORTED; - } - hash.len = hasher->get_hash_size(hasher); - hash.ptr = alloca(hash.len); - hasher->get_hash(hasher, passphrase, NULL); - hasher->get_hash(hasher, salt, hash.ptr); - memcpy(key.ptr, hash.ptr, hash.len); - - if (key.len > hash.len) - { - hasher->get_hash(hasher, hash, NULL); - hasher->get_hash(hasher, passphrase, NULL); - hasher->get_hash(hasher, salt, hash.ptr); - memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len); - } - hasher->destroy(hasher); - - /* decrypt blob */ - crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size); - if (crypter == NULL) - { - DBG1(" %N encryption algorithm not available", - encryption_algorithm_names, alg); - return NOT_SUPPORTED; - } - crypter->set_key(crypter, key); - - if (iv->len != crypter->get_block_size(crypter) || - blob->len % iv->len) - { - crypter->destroy(crypter); - DBG1(" data size is not multiple of block size"); - return PARSE_ERROR; - } - crypter->decrypt(crypter, *blob, *iv, &decrypted); - crypter->destroy(crypter); - memcpy(blob->ptr, decrypted.ptr, blob->len); - chunk_free(&decrypted); - - /* determine amount of padding */ - last_padding_pos = blob->ptr + blob->len - 1; - padding = *last_padding_pos; - first_padding_pos = (padding > blob->len) ? blob->ptr : last_padding_pos - padding; - - /* check the padding pattern */ - while (--last_padding_pos > first_padding_pos) - { - if (*last_padding_pos != padding) - { - DBG1(" invalid passphrase"); - return INVALID_ARG; - } - } - /* remove padding */ - blob->len -= padding; - return SUCCESS; -} - -/* Converts a PEM encoded file into its binary form - * - * RFC 1421 Privacy Enhancement for Electronic Mail, February 1993 - * RFC 934 Message Encapsulation, January 1985 - */ -status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp) -{ - typedef enum { - PEM_PRE = 0, - PEM_MSG = 1, - PEM_HEADER = 2, - PEM_BODY = 3, - PEM_POST = 4, - PEM_ABORT = 5 - } state_t; - - encryption_algorithm_t alg = ENCR_UNDEFINED; - size_t key_size = 0; - - bool encrypted = FALSE; - - state_t state = PEM_PRE; - - chunk_t src = *blob; - chunk_t dst = *blob; - chunk_t line = chunk_empty; - chunk_t iv = chunk_empty; - - u_char iv_buf[16]; /* MD5 digest size */ - - /* zero size of converted blob */ - dst.len = 0; - - /* zero size of IV */ - iv.ptr = iv_buf; - iv.len = 0; - - while (fetchline(&src, &line)) - { - if (state == PEM_PRE) - { - if (find_boundary("BEGIN", &line)) - { - state = PEM_MSG; - } - continue; - } - else - { - if (find_boundary("END", &line)) - { - state = PEM_POST; - break; - } - if (state == PEM_MSG) - { - state = (memchr(line.ptr, ':', line.len) == NULL) ? PEM_BODY : PEM_HEADER; - } - if (state == PEM_HEADER) - { - err_t ugh = NULL; - chunk_t name = chunk_empty; - chunk_t value = chunk_empty; - - /* an empty line separates HEADER and BODY */ - if (line.len == 0) - { - state = PEM_BODY; - continue; - } - - /* we are looking for a parameter: value pair */ - DBG2(" %.*s", (int)line.len, line.ptr); - ugh = extract_parameter_value(&name, &value, &line); - if (ugh != NULL) - { - continue; - } - if (match("Proc-Type", &name) && *value.ptr == '4') - { - encrypted = TRUE; - } - else if (match("DEK-Info", &name)) - { - chunk_t dek; - - if (!extract_token(&dek, ',', &value)) - { - dek = value; - } - if (match("DES-EDE3-CBC", &dek)) - { - alg = ENCR_3DES; - key_size = 24; - } - else if (match("AES-128-CBC", &dek)) - { - alg = ENCR_AES_CBC; - key_size = 16; - } - else if (match("AES-192-CBC", &dek)) - { - alg = ENCR_AES_CBC; - key_size = 24; - } - else if (match("AES-256-CBC", &dek)) - { - alg = ENCR_AES_CBC; - key_size = 32; - } - else - { - DBG1(" encryption algorithm '%.s' not supported", - dek.len, dek.ptr); - return NOT_SUPPORTED; - } - eat_whitespace(&value); - iv = chunk_from_hex(value, iv.ptr); - } - } - else /* state is PEM_BODY */ - { - chunk_t data; - - /* remove any trailing whitespace */ - if (!extract_token(&data ,' ', &line)) - { - data = line; - } - - /* check for PGP armor checksum */ - if (*data.ptr == '=') - { - *pgp = TRUE; - data.ptr++; - data.len--; - DBG2(" armor checksum: %.*s", (int)data.len, data.ptr); - continue; - } - - if (blob->len - dst.len < data.len / 4 * 3) - { - state = PEM_ABORT; - } - data = chunk_from_base64(data, dst.ptr); - - dst.ptr += data.len; - dst.len += data.len; - } - } - } - /* set length to size of binary blob */ - blob->len = dst.len; - - if (state != PEM_POST) - { - DBG1(" file coded in unknown format, discarded"); - return PARSE_ERROR; - } - if (!encrypted) - { - return SUCCESS; - } - return pem_decrypt(blob, alg, key_size, &iv, passphrase); - -} - -/* load a coded key or certificate file with autodetection - * of binary DER or base64 PEM ASN.1 formats and armored PGP format - */ -bool pem_asn1_load_file(char *filename, chunk_t *passphrase, - chunk_t *blob, bool *pgp) -{ - FILE *fd = fopen(filename, "r"); - - if (fd) - { - chunk_t pass = chunk_empty; - int bytes; - - fseek(fd, 0, SEEK_END ); - blob->len = ftell(fd); - rewind(fd); - blob->ptr = malloc(blob->len); - bytes = fread(blob->ptr, 1, blob->len, fd); - fclose(fd); - DBG2(" loading '%s' (%d bytes)", filename, bytes); - - *pgp = FALSE; - - /* try DER format */ - if (is_asn1(*blob)) - { - DBG2(" file coded in DER format"); - return TRUE; - } - - if (passphrase != NULL) - { - pass = *passphrase; - DBG4(" passphrase: %#B", passphrase); - } - - /* try PEM format */ - if (pem_to_bin(blob, pass, pgp) == SUCCESS) - { - if (*pgp) - { - DBG2(" file coded in armored PGP format"); - return TRUE; - } - if (is_asn1(*blob)) - { - DBG2(" file coded in PEM format"); - return TRUE; - } - DBG1(" file coded in unknown format, discarded"); - } - - /* a conversion error has occured */ - chunk_free(blob); - } - else - { - DBG1(" reading file '%s' failed", filename); - } - return FALSE; -} - diff --git a/src/libstrongswan/asn1/pem.h b/src/libstrongswan/asn1/pem.h deleted file mode 100755 index 7385330d7..000000000 --- a/src/libstrongswan/asn1/pem.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (C) 2001-2008 Andreas Steffen - * - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef PEM_H_ -#define PEM_H_ - -#include <stdio.h> - -#include <library.h> - -status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp); - -bool pem_asn1_load_file(char *filename, chunk_t *passphrase, chunk_t *blob, - bool *pgp); - -#endif /*PEM_H_ @} */ |