summaryrefslogtreecommitdiff
path: root/src/libstrongswan/asn1
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/asn1')
-rw-r--r--src/libstrongswan/asn1/asn1.c311
-rw-r--r--src/libstrongswan/asn1/asn1.h110
-rw-r--r--src/libstrongswan/asn1/asn1_parser.c38
-rw-r--r--src/libstrongswan/asn1/asn1_parser.h16
-rw-r--r--src/libstrongswan/asn1/oid.c566
-rw-r--r--src/libstrongswan/asn1/oid.h296
-rw-r--r--src/libstrongswan/asn1/oid.txt78
-rwxr-xr-xsrc/libstrongswan/asn1/pem.c393
-rwxr-xr-xsrc/libstrongswan/asn1/pem.h29
9 files changed, 708 insertions, 1129 deletions
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index ec46b165b..763caafc4 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -18,7 +18,6 @@
#include <stdio.h>
#include <string.h>
#include <time.h>
-#include <pthread.h>
#include <utils.h>
#include <debug.h>
@@ -28,161 +27,34 @@
#include "asn1_parser.h"
/**
- * some common prefabricated ASN.1 constants
+ * Commonly used ASN1 values.
*/
-static u_char ASN1_INTEGER_0_str[] = { 0x02, 0x00 };
-static u_char ASN1_INTEGER_1_str[] = { 0x02, 0x01, 0x01 };
-static u_char ASN1_INTEGER_2_str[] = { 0x02, 0x01, 0x02 };
-
-const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str);
-const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str);
-const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str);
-
-/**
- * some popular algorithmIdentifiers
- */
-
-static u_char ASN1_md2_id_str[] = {
- 0x30, 0x0c,
- 0x06, 0x08,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02,
- 0x05,0x00,
-};
-
-static u_char ASN1_md5_id_str[] = {
- 0x30, 0x0C,
- 0x06, 0x08,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
- 0x05, 0x00
-};
-
-static u_char ASN1_sha1_id_str[] = {
- 0x30, 0x09,
- 0x06, 0x05,
- 0x2B, 0x0E,0x03, 0x02, 0x1A,
- 0x05, 0x00
-};
-
-static u_char ASN1_sha256_id_str[] = {
- 0x30, 0x0d,
- 0x06, 0x09,
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
- 0x05, 0x00
-};
-
-static u_char ASN1_sha384_id_str[] = {
- 0x30, 0x0d,
- 0x06, 0x09,
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
- 0x05, 0x00
-};
-
-static u_char ASN1_sha512_id_str[] = {
- 0x30, 0x0d,
- 0x06, 0x09,
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
- 0x05,0x00
-};
-
-static u_char ASN1_md2WithRSA_id_str[] = {
- 0x30, 0x0D,
- 0x06, 0x09,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02,
- 0x05, 0x00
-};
-
-static u_char ASN1_md5WithRSA_id_str[] = {
- 0x30, 0x0D,
- 0x06, 0x09,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04,
- 0x05, 0x00
-};
-
-static u_char ASN1_sha1WithRSA_id_str[] = {
- 0x30, 0x0D,
- 0x06, 0x09,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
- 0x05, 0x00
-};
-
-static u_char ASN1_sha256WithRSA_id_str[] = {
- 0x30, 0x0D,
- 0x06, 0x09,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B,
- 0x05, 0x00
-};
-
-static u_char ASN1_sha384WithRSA_id_str[] = {
- 0x30, 0x0D,
- 0x06, 0x09,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C,
- 0x05, 0x00
-};
-
-static u_char ASN1_sha512WithRSA_id_str[] = {
- 0x30, 0x0D,
- 0x06, 0x09,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D,
- 0x05, 0x00
-};
-
-static u_char ASN1_rsaEncryption_id_str[] = {
- 0x30, 0x0D,
- 0x06, 0x09,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
- 0x05, 0x00
-};
-
-static const chunk_t ASN1_md2_id = chunk_from_buf(ASN1_md2_id_str);
-static const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str);
-static const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str);
-static const chunk_t ASN1_sha256_id = chunk_from_buf(ASN1_sha256_id_str);
-static const chunk_t ASN1_sha384_id = chunk_from_buf(ASN1_sha384_id_str);
-static const chunk_t ASN1_sha512_id = chunk_from_buf(ASN1_sha512_id_str);
-static const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str);
-static const chunk_t ASN1_md2WithRSA_id = chunk_from_buf(ASN1_md2WithRSA_id_str);
-static const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str);
-static const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str);
-static const chunk_t ASN1_sha256WithRSA_id = chunk_from_buf(ASN1_sha256WithRSA_id_str);
-static const chunk_t ASN1_sha384WithRSA_id = chunk_from_buf(ASN1_sha384WithRSA_id_str);
-static const chunk_t ASN1_sha512WithRSA_id = chunk_from_buf(ASN1_sha512WithRSA_id_str);
+const chunk_t ASN1_INTEGER_0 = chunk_from_chars(0x02, 0x00);
+const chunk_t ASN1_INTEGER_1 = chunk_from_chars(0x02, 0x01, 0x01);
+const chunk_t ASN1_INTEGER_2 = chunk_from_chars(0x02, 0x01, 0x02);
/*
* Defined in header.
*/
chunk_t asn1_algorithmIdentifier(int oid)
{
+ chunk_t parameters;
+
+ /* some algorithmIdentifiers have a NULL parameters field and some do not */
switch (oid)
{
- case OID_RSA_ENCRYPTION:
- return ASN1_rsaEncryption_id;
- case OID_MD2_WITH_RSA:
- return ASN1_md2WithRSA_id;
- case OID_MD5_WITH_RSA:
- return ASN1_md5WithRSA_id;
- case OID_SHA1_WITH_RSA:
- return ASN1_sha1WithRSA_id;
- case OID_SHA256_WITH_RSA:
- return ASN1_sha256WithRSA_id;
- case OID_SHA384_WITH_RSA:
- return ASN1_sha384WithRSA_id;
- case OID_SHA512_WITH_RSA:
- return ASN1_sha512WithRSA_id;
- case OID_MD2:
- return ASN1_md2_id;
- case OID_MD5:
- return ASN1_md5_id;
- case OID_SHA1:
- return ASN1_sha1_id;
- case OID_SHA256:
- return ASN1_sha256_id;
- case OID_SHA384:
- return ASN1_sha384_id;
- case OID_SHA512:
- return ASN1_sha512_id;
+ case OID_ECDSA_WITH_SHA1:
+ case OID_ECDSA_WITH_SHA224:
+ case OID_ECDSA_WITH_SHA256:
+ case OID_ECDSA_WITH_SHA384:
+ case OID_ECDSA_WITH_SHA512:
+ parameters = chunk_empty;
+ break;
default:
- return chunk_empty;
+ parameters = asn1_simple_object(ASN1_NULL, chunk_empty);
+ break;
}
+ return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(oid), parameters);
}
/*
@@ -191,14 +63,14 @@ chunk_t asn1_algorithmIdentifier(int oid)
int asn1_known_oid(chunk_t object)
{
int oid = 0;
-
+
while (object.len)
{
if (oid_names[oid].octet == *object.ptr)
{
if (--object.len == 0 || oid_names[oid].down == 0)
{
- return oid; /* found terminal symbol */
+ return oid; /* found terminal symbol */
}
else
{
@@ -227,17 +99,17 @@ chunk_t asn1_build_known_oid(int n)
{
chunk_t oid;
int i;
-
+
if (n < 0 || n >= OID_MAX)
{
return chunk_empty;
}
-
+
i = oid_names[n].level + 1;
oid = chunk_alloc(2 + i);
oid.ptr[0] = ASN1_OID;
oid.ptr[1] = i;
-
+
do
{
if (oid_names[n].level >= i)
@@ -248,7 +120,7 @@ chunk_t asn1_build_known_oid(int n)
oid.ptr[--i + 2] = oid_names[n--].octet;
}
while (i > 0);
-
+
return oid;
}
@@ -259,18 +131,18 @@ size_t asn1_length(chunk_t *blob)
{
u_char n;
size_t len;
-
+
if (blob->len < 2)
{
DBG2("insufficient number of octets to parse ASN.1 length");
return ASN1_INVALID_LENGTH;
}
-
+
/* read length field, skip tag and length */
n = blob->ptr[1];
*blob = chunk_skip(*blob, 2);
-
- if ((n & 0x80) == 0)
+
+ if ((n & 0x80) == 0)
{ /* single length octet */
if (n > blob->len)
{
@@ -279,25 +151,25 @@ size_t asn1_length(chunk_t *blob)
}
return n;
}
-
+
/* composite length, determine number of length octets */
n &= 0x7f;
-
+
if (n == 0 || n > blob->len)
{
DBG2("number of length octets invalid");
return ASN1_INVALID_LENGTH;
}
-
+
if (n > sizeof(len))
{
- DBG2("number of length octets is larger than limit of %d octets",
+ DBG2("number of length octets is larger than limit of %d octets",
(int)sizeof(len));
return ASN1_INVALID_LENGTH;
}
-
+
len = 0;
-
+
while (n-- > 0)
{
len = 256*len + *blob->ptr++;
@@ -319,7 +191,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner)
chunk_t res;
u_char len;
int type;
-
+
if (blob->len < 2)
{
return ASN1_INVALID;
@@ -327,7 +199,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner)
type = blob->ptr[0];
len = blob->ptr[1];
*blob = chunk_skip(*blob, 2);
-
+
if ((len & 0x80) == 0)
{ /* single length octet */
res.len = len;
@@ -358,8 +230,6 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner)
return type;
}
-#define TIME_MAX 0x7fffffff
-
static const int days[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 };
static const int tm_leap_1970 = 477;
@@ -373,7 +243,7 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
int tz_hour, tz_min, tz_offset;
time_t tm_secs;
u_char *eot = NULL;
-
+
if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
{
tz_offset = 0; /* Zulu time with a zero time zone offset */
@@ -398,19 +268,19 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
{
return 0; /* error in time format */
}
-
+
/* parse ASN.1 time string */
{
const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
"%4d%2d%2d%2d%2d";
-
+
if (sscanf(utctime->ptr, format, &tm_year, &tm_mon, &tm_day,
&tm_hour, &tm_min) != 5)
{
return 0; /* error in [yy]yymmddhhmm time format */
}
}
-
+
/* is there a seconds field? */
if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
{
@@ -423,17 +293,17 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
{
tm_sec = 0;
}
-
+
/* representation of two-digit years */
if (type == ASN1_UTCTIME)
{
tm_year += (tm_year < 50) ? 2000 : 1900;
}
-
+
/* prevent large 32 bit integer overflows */
if (sizeof(time_t) == 4 && tm_year > 2038)
{
- return TIME_MAX;
+ return TIME_32_BIT_SIGNED_MAX;
}
/* representation of months as 0..11*/
@@ -442,7 +312,7 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
return 0; /* error in month format */
}
tm_mon--;
-
+
/* representation of days as 0..30 */
tm_day--;
@@ -461,8 +331,8 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap;
tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec - tz_offset;
- /* has a 32 bit overflow occurred? */
- return (tm_secs < 0) ? TIME_MAX : tm_secs;
+ /* has a 32 bit signed integer overflow occurred? */
+ return (tm_secs < 0) ? TIME_32_BIT_SIGNED_MAX : tm_secs;
}
/**
@@ -475,7 +345,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type)
char buf[BUF_LEN];
chunk_t formatted_time;
struct tm t;
-
+
gmtime_r(time, &t);
if (type == ASN1_GENERALIZEDTIME)
{
@@ -487,7 +357,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type)
format = "%02d%02d%02d%02d%02d%02dZ";
offset = (t.tm_year < 100)? 0 : -100;
}
- snprintf(buf, BUF_LEN, format, t.tm_year + offset,
+ snprintf(buf, BUF_LEN, format, t.tm_year + offset,
t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);
formatted_time.ptr = buf;
formatted_time.len = strlen(buf);
@@ -500,7 +370,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type)
void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private)
{
int oid;
-
+
switch (type)
{
case ASN1_OID:
@@ -545,30 +415,30 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private)
bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const char* name)
{
size_t len;
-
+
/* an ASN.1 object must possess at least a tag and length field */
if (object->len < 2)
{
DBG2("L%d - %s: ASN.1 object smaller than 2 octets", level, name);
return FALSE;
}
-
+
if (*object->ptr != type)
{
DBG2("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
level, name, type, *object->ptr);
return FALSE;
}
-
+
len = asn1_length(object);
-
+
if (len == ASN1_INVALID_LENGTH || object->len < len)
{
DBG2("L%d - %s: length of ASN.1 object invalid or too large",
level, name);
return FALSE;
}
-
+
DBG2("L%d - %s:", level, name);
asn1_debug_simple_object(*object, type, FALSE);
return TRUE;
@@ -578,11 +448,11 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c
* ASN.1 definition of an algorithmIdentifier
*/
static const asn1Object_t algorithmIdentifierObjects[] = {
- { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */
- { 1, "parameters", ASN1_EOC, ASN1_RAW|ASN1_OPT }, /* 2 */
- { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
- { 0, "exit", ASN1_EOC, ASN1_EXIT }
+ { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */
+ { 1, "parameters", ASN1_EOC, ASN1_RAW|ASN1_OPT }, /* 2 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define ALGORITHM_ID_ALG 1
#define ALGORITHM_ID_PARAMETERS 2
@@ -596,10 +466,10 @@ int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters
chunk_t object;
int objectID;
int alg = OID_UNKNOWN;
-
+
parser = asn1_parser_create(algorithmIdentifierObjects, blob);
parser->set_top_level(parser, level0);
-
+
while (parser->iterate(parser, &objectID, &object))
{
switch (objectID)
@@ -629,7 +499,7 @@ bool is_asn1(chunk_t blob)
u_int len;
u_char tag = *blob.ptr;
- if (tag != ASN1_SEQUENCE && tag != ASN1_SET)
+ if (tag != ASN1_SEQUENCE && tag != ASN1_SET && tag != ASN1_OCTET_STRING)
{
DBG2(" file content is not binary ASN.1");
return FALSE;
@@ -661,7 +531,7 @@ bool asn1_is_printablestring(chunk_t str)
const char printablestring_charset[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 '()+,-./:=?";
u_int i;
-
+
for (i = 0; i < str.len; i++)
{
if (strchr(printablestring_charset, str.ptr[i]) == NULL)
@@ -711,24 +581,24 @@ u_char* asn1_build_object(chunk_t *object, asn1_t type, size_t datalen)
u_char length_buf[4];
chunk_t length = { length_buf, 0 };
u_char *pos;
-
+
/* code the asn.1 length field */
asn1_code_length(datalen, &length);
-
+
/* allocate memory for the asn.1 TLV object */
object->len = 1 + length.len + datalen;
object->ptr = malloc(object->len);
-
+
/* set position pointer at the start of the object */
pos = object->ptr;
-
+
/* copy the asn.1 tag field and advance the pointer */
*pos++ = type;
-
+
/* copy the asn.1 length field and advance the pointer */
- memcpy(pos, length.ptr, length.len);
+ memcpy(pos, length.ptr, length.len);
pos += length.len;
-
+
return pos;
}
@@ -738,11 +608,11 @@ u_char* asn1_build_object(chunk_t *object, asn1_t type, size_t datalen)
chunk_t asn1_simple_object(asn1_t tag, chunk_t content)
{
chunk_t object;
-
+
u_char *pos = asn1_build_object(&object, tag, content.len);
- memcpy(pos, content.ptr, content.len);
+ memcpy(pos, content.ptr, content.len);
pos += content.len;
-
+
return object;
}
@@ -809,8 +679,8 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...)
u_char *pos;
int i;
int count = strlen(mode);
-
- /* sum up lengths of individual chunks */
+
+ /* sum up lengths of individual chunks */
va_start(chunks, mode);
construct.len = 0;
for (i = 0; i < count; i++)
@@ -819,26 +689,33 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...)
construct.len += ch.len;
}
va_end(chunks);
-
+
/* allocate needed memory for construct */
pos = asn1_build_object(&construct, type, construct.len);
-
+
/* copy or move the chunks */
va_start(chunks, mode);
for (i = 0; i < count; i++)
{
chunk_t ch = va_arg(chunks, chunk_t);
-
+
memcpy(pos, ch.ptr, ch.len);
pos += ch.len;
- if (*mode++ == 'm')
+ switch (*mode++)
{
- free(ch.ptr);
+ case 's':
+ chunk_clear(&ch);
+ break;
+ case 'm':
+ free(ch.ptr);
+ break;
+ default:
+ break;
}
}
va_end(chunks);
-
+
return construct;
}
@@ -846,11 +723,11 @@ chunk_t asn1_wrap(asn1_t type, const char *mode, ...)
* ASN.1 definition of time
*/
static const asn1Object_t timeObjects[] = {
- { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */
- { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */
- { 0, "generalizeTime", ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */
- { 0, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
- { 0, "exit", ASN1_EOC, ASN1_EXIT }
+ { 0, "utcTime", ASN1_UTCTIME, ASN1_OPT|ASN1_BODY }, /* 0 */
+ { 0, "end opt", ASN1_EOC, ASN1_END }, /* 1 */
+ { 0, "generalizeTime", ASN1_GENERALIZEDTIME, ASN1_OPT|ASN1_BODY }, /* 2 */
+ { 0, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define TIME_UTC 0
#define TIME_GENERALIZED 2
@@ -864,10 +741,10 @@ time_t asn1_parse_time(chunk_t blob, int level0)
chunk_t object;
int objectID;
time_t utc_time = 0;
-
+
parser= asn1_parser_create(timeObjects, blob);
parser->set_top_level(parser, level0);
-
+
while (parser->iterate(parser, &objectID, &object))
{
if (objectID == TIME_UTC || objectID == TIME_GENERALIZED)
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index 8072d62d6..d29190df7 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-
+
/**
* @defgroup asn1i asn1
* @{ @ingroup asn1
@@ -32,51 +32,51 @@
* Definition of some primitive ASN1 types
*/
typedef enum {
- ASN1_EOC = 0x00,
- ASN1_BOOLEAN = 0x01,
- ASN1_INTEGER = 0x02,
- ASN1_BIT_STRING = 0x03,
- ASN1_OCTET_STRING = 0x04,
- ASN1_NULL = 0x05,
- ASN1_OID = 0x06,
- ASN1_ENUMERATED = 0x0A,
- ASN1_UTF8STRING = 0x0C,
- ASN1_NUMERICSTRING = 0x12,
- ASN1_PRINTABLESTRING = 0x13,
- ASN1_T61STRING = 0x14,
- ASN1_VIDEOTEXSTRING = 0x15,
- ASN1_IA5STRING = 0x16,
- ASN1_UTCTIME = 0x17,
- ASN1_GENERALIZEDTIME = 0x18,
- ASN1_GRAPHICSTRING = 0x19,
- ASN1_VISIBLESTRING = 0x1A,
- ASN1_GENERALSTRING = 0x1B,
- ASN1_UNIVERSALSTRING = 0x1C,
- ASN1_BMPSTRING = 0x1E,
-
- ASN1_CONSTRUCTED = 0x20,
-
- ASN1_SEQUENCE = 0x30,
- ASN1_SET = 0x31,
-
- ASN1_CONTEXT_S_0 = 0x80,
- ASN1_CONTEXT_S_1 = 0x81,
- ASN1_CONTEXT_S_2 = 0x82,
- ASN1_CONTEXT_S_3 = 0x83,
- ASN1_CONTEXT_S_4 = 0x84,
- ASN1_CONTEXT_S_5 = 0x85,
- ASN1_CONTEXT_S_6 = 0x86,
- ASN1_CONTEXT_S_7 = 0x87,
- ASN1_CONTEXT_S_8 = 0x88,
-
- ASN1_CONTEXT_C_0 = 0xA0,
- ASN1_CONTEXT_C_1 = 0xA1,
- ASN1_CONTEXT_C_2 = 0xA2,
- ASN1_CONTEXT_C_3 = 0xA3,
- ASN1_CONTEXT_C_4 = 0xA4,
- ASN1_CONTEXT_C_5 = 0xA5,
-
- ASN1_INVALID = 0x100,
+ ASN1_EOC = 0x00,
+ ASN1_BOOLEAN = 0x01,
+ ASN1_INTEGER = 0x02,
+ ASN1_BIT_STRING = 0x03,
+ ASN1_OCTET_STRING = 0x04,
+ ASN1_NULL = 0x05,
+ ASN1_OID = 0x06,
+ ASN1_ENUMERATED = 0x0A,
+ ASN1_UTF8STRING = 0x0C,
+ ASN1_NUMERICSTRING = 0x12,
+ ASN1_PRINTABLESTRING = 0x13,
+ ASN1_T61STRING = 0x14,
+ ASN1_VIDEOTEXSTRING = 0x15,
+ ASN1_IA5STRING = 0x16,
+ ASN1_UTCTIME = 0x17,
+ ASN1_GENERALIZEDTIME = 0x18,
+ ASN1_GRAPHICSTRING = 0x19,
+ ASN1_VISIBLESTRING = 0x1A,
+ ASN1_GENERALSTRING = 0x1B,
+ ASN1_UNIVERSALSTRING = 0x1C,
+ ASN1_BMPSTRING = 0x1E,
+
+ ASN1_CONSTRUCTED = 0x20,
+
+ ASN1_SEQUENCE = 0x30,
+ ASN1_SET = 0x31,
+
+ ASN1_CONTEXT_S_0 = 0x80,
+ ASN1_CONTEXT_S_1 = 0x81,
+ ASN1_CONTEXT_S_2 = 0x82,
+ ASN1_CONTEXT_S_3 = 0x83,
+ ASN1_CONTEXT_S_4 = 0x84,
+ ASN1_CONTEXT_S_5 = 0x85,
+ ASN1_CONTEXT_S_6 = 0x86,
+ ASN1_CONTEXT_S_7 = 0x87,
+ ASN1_CONTEXT_S_8 = 0x88,
+
+ ASN1_CONTEXT_C_0 = 0xA0,
+ ASN1_CONTEXT_C_1 = 0xA1,
+ ASN1_CONTEXT_C_2 = 0xA2,
+ ASN1_CONTEXT_C_3 = 0xA3,
+ ASN1_CONTEXT_C_4 = 0xA4,
+ ASN1_CONTEXT_C_5 = 0xA5,
+
+ ASN1_INVALID = 0x100,
} asn1_t;
#define ASN1_INVALID_LENGTH 0xffffffff
@@ -92,10 +92,10 @@ extern const chunk_t ASN1_INTEGER_2;
/** Some ASN.1 analysis functions */
/**
- * Returns some popular algorithmIdentifiers
+ * Build an algorithmIdentifier from a known OID.
*
* @param oid known OID index
- * @return body of the corresponding OID
+ * @return body of the corresponding OID, allocated
*/
chunk_t asn1_algorithmIdentifier(int oid);
@@ -103,7 +103,7 @@ chunk_t asn1_algorithmIdentifier(int oid);
* Converts an ASN.1 OID into a known OID index
*
* @param object body of an OID
- * @return index into the oid_names[] table or OID_UNKNOWN
+ * @return index into the oid_names[] table or OID_UNKNOWN
*/
int asn1_known_oid(chunk_t object);
@@ -139,7 +139,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *content);
* @param blob ASN.1 coded blob
* @param level0 top-most level offset
* @param params returns optional [ASN.1 coded] parameters
- * @return known OID index or OID_UNKNOWN
+ * @return known OID index or OID_UNKNOWN
*/
int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *params);
@@ -178,7 +178,7 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type);
*
* @param time time_t in UTC
* @param type ASN1_UTCTIME or ASN1_GENERALIZEDTIME
- * @return body of an ASN.1 code time object
+ * @return body of an ASN.1 code time object
*/
chunk_t asn1_from_time(const time_t *time, asn1_t type);
@@ -187,7 +187,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type);
*
* @param blob ASN.1 coded time object
* @param level0 top-most level offset
- * @return time_t in UTC
+ * @return time_t in UTC
*/
time_t asn1_parse_time(chunk_t blob, int level0);
@@ -250,8 +250,12 @@ chunk_t asn1_integer(const char *mode, chunk_t content);
/**
* Build an ASN.1 object from a variable number of individual chunks
*
+ * The mode string specifies the number of chunks, and how to handle each of
+ * them with a single character: 'c' for copy (allocate new chunk), 'm' for move
+ * (free given chunk) or 's' for sensitive-copy (clear given chunk, then free).
+ *
* @param type ASN.1 type to be created
- * @param mode for each list member: 'c' for copy or 'm' for move
+ * @param mode for each list member: 'c', 'm' or 's'
* @return chunk containing the ASN.1 coded object
*/
chunk_t asn1_wrap(asn1_t type, const char *mode, ...);
diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c
index bc4c0b50f..dc7726ad7 100644
--- a/src/libstrongswan/asn1/asn1_parser.c
+++ b/src/libstrongswan/asn1/asn1_parser.c
@@ -54,7 +54,7 @@ struct private_asn1_parser_t {
bool success;
/**
- * Declare object data as private - use debug level 4 to log it
+ * Declare object data as private - use debug level 4 to log it
*/
bool private;
@@ -88,7 +88,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
u_char *start_ptr;
u_int level;
asn1Object_t obj;
-
+
*object = chunk_empty;
/* Advance to the next object syntax definition line */
@@ -99,7 +99,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
{
return FALSE;
}
-
+
if (obj.flags & ASN1_END) /* end of loop or option found */
{
if (this->loopAddr[obj.level] && this->blobs[obj.level+1].len > 0)
@@ -109,16 +109,16 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
}
else
{
- this->loopAddr[obj.level] = 0; /* exit loop or option*/
+ this->loopAddr[obj.level] = 0; /* exit loop or option*/
goto end;
}
}
-
+
level = this->level0 + obj.level;
blob = this->blobs + obj.level;
blob1 = blob + 1;
start_ptr = blob->ptr;
-
+
/* handle ASN.1 defaults values */
if ((obj.flags & ASN1_DEF) && (blob->len == 0 || *start_ptr != obj.type) )
{
@@ -130,9 +130,9 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
}
goto end;
}
-
+
/* handle ASN.1 options */
-
+
if ((obj.flags & ASN1_OPT)
&& (blob->len == 0 || *start_ptr != obj.type))
{
@@ -145,9 +145,9 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
(this->objects[this->line].level == obj.level)));
goto end;
}
-
+
/* an ASN.1 object must possess at least a tag and length field */
-
+
if (blob->len < 2)
{
DBG1("L%d - %s: ASN.1 object smaller than 2 octets",
@@ -155,22 +155,22 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
this->success = FALSE;
goto end;
}
-
+
blob1->len = asn1_length(blob);
-
+
if (blob1->len == ASN1_INVALID_LENGTH)
{
- DBG1("L%d - %s: length of ASN.1 object invalid or too large",
+ DBG1("L%d - %s: length of ASN.1 object invalid or too large",
level, obj.name);
this->success = FALSE;
}
-
+
blob1->ptr = blob->ptr;
blob->ptr += blob1->len;
blob->len -= blob1->len;
-
+
/* return raw ASN.1 object without prior type checking */
-
+
if (obj.flags & ASN1_RAW)
{
DBG2("L%d - %s:", level, obj.name);
@@ -187,10 +187,10 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
this->success = FALSE;
goto end;
}
-
+
DBG2("L%d - %s:", level, obj.name);
-
- /* In case of "SEQUENCE OF" or "SET OF" start a loop */
+
+ /* In case of "SEQUENCE OF" or "SET OF" start a loop */
if (obj.flags & ASN1_LOOP)
{
if (blob1->len > 0)
diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h
index b2f4133a1..49325232d 100644
--- a/src/libstrongswan/asn1/asn1_parser.h
+++ b/src/libstrongswan/asn1/asn1_parser.h
@@ -14,7 +14,7 @@
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
-
+
/**
* @defgroup asn1_parser asn1_parser
* @{ @ingroup asn1
@@ -57,7 +57,7 @@ struct asn1Object_t{
typedef struct asn1_parser_t asn1_parser_t;
/**
- * Public interface of an ASN.1 parser
+ * Public interface of an ASN.1 parser
*/
struct asn1_parser_t {
@@ -69,25 +69,25 @@ struct asn1_parser_t {
* @return - FALSE if end of object syntax definition was reached
* or a parsing error occurred
* - TRUE otherwise
- */
+ */
bool (*iterate)(asn1_parser_t *this, int *objectID, chunk_t *object);
/**
- * Get the current parsing level
+ * Get the current parsing level
*
* @return current level
*/
u_int (*get_level)(asn1_parser_t *this);
/**
- * Set the top-most level
+ * Set the top-most level
*
* @param level top-most level
*/
void (*set_top_level)(asn1_parser_t *this, u_int level0);
/**
- * Set implicit and private flags
+ * Set implicit and private flags
*
* @param implicit top-most type of object is implicit
* @param private object data is private (use debug level 4)
@@ -95,7 +95,7 @@ struct asn1_parser_t {
void (*set_flags)(asn1_parser_t *this, bool implicit, bool private);
/**
- * Show final parsing status
+ * Show final parsing status
*
* @return TRUE if parsing was successful, FALSE otherwise
*/
@@ -106,7 +106,7 @@ struct asn1_parser_t {
*/
void (*destroy)(asn1_parser_t *this);
};
-
+
/**
* Create an ASN.1 parser
*
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index 391d65e89..8f91a2e2b 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -28,7 +28,7 @@ const oid_t oid_names[] = {
{ 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */
{ 0x01, 17, 0, 9, "UID" }, /* 16 */
{ 0x19, 0, 0, 9, "DC" }, /* 17 */
- {0x55, 52, 1, 0, "X.500" }, /* 18 */
+ {0x55, 64, 1, 0, "X.500" }, /* 18 */
{ 0x04, 36, 1, 1, "X.509" }, /* 19 */
{ 0x03, 21, 0, 2, "CN" }, /* 20 */
{ 0x04, 22, 0, 2, "S" }, /* 21 */
@@ -56,260 +56,312 @@ const oid_t oid_names[] = {
{ 0x13, 44, 0, 2, "basicConstraints" }, /* 43 */
{ 0x14, 45, 0, 2, "crlNumber" }, /* 44 */
{ 0x15, 46, 0, 2, "reasonCode" }, /* 45 */
- { 0x1F, 47, 0, 2, "crlDistributionPoints" }, /* 46 */
- { 0x20, 48, 0, 2, "certificatePolicies" }, /* 47 */
- { 0x23, 49, 0, 2, "authorityKeyIdentifier" }, /* 48 */
- { 0x25, 50, 0, 2, "extendedKeyUsage" }, /* 49 */
- { 0x37, 51, 0, 2, "targetInformation" }, /* 50 */
- { 0x38, 0, 0, 2, "noRevAvail" }, /* 51 */
- {0x2A, 149, 1, 0, "" }, /* 52 */
- { 0x83, 65, 1, 1, "" }, /* 53 */
- { 0x08, 0, 1, 2, "jp" }, /* 54 */
- { 0x8C, 0, 1, 3, "" }, /* 55 */
- { 0x9A, 0, 1, 4, "" }, /* 56 */
- { 0x4B, 0, 1, 5, "" }, /* 57 */
- { 0x3D, 0, 1, 6, "" }, /* 58 */
- { 0x01, 0, 1, 7, "security" }, /* 59 */
- { 0x01, 0, 1, 8, "algorithm" }, /* 60 */
- { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 61 */
- { 0x02, 63, 0, 10, "camellia128-cbc" }, /* 62 */
- { 0x03, 64, 0, 10, "camellia192-cbc" }, /* 63 */
- { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 64 */
- { 0x86, 0, 1, 1, "" }, /* 65 */
- { 0x48, 0, 1, 2, "us" }, /* 66 */
- { 0x86, 108, 1, 3, "" }, /* 67 */
- { 0xF6, 73, 1, 4, "" }, /* 68 */
- { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 69 */
- { 0x07, 0, 1, 6, "Entrust" }, /* 70 */
- { 0x41, 0, 1, 7, "nsn-ce" }, /* 71 */
- { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 72 */
- { 0xF7, 0, 1, 4, "" }, /* 73 */
- { 0x0D, 0, 1, 5, "RSADSI" }, /* 74 */
- { 0x01, 103, 1, 6, "PKCS" }, /* 75 */
- { 0x01, 85, 1, 7, "PKCS-1" }, /* 76 */
- { 0x01, 78, 0, 8, "rsaEncryption" }, /* 77 */
- { 0x02, 79, 0, 8, "md2WithRSAEncryption" }, /* 78 */
- { 0x04, 80, 0, 8, "md5WithRSAEncryption" }, /* 79 */
- { 0x05, 81, 0, 8, "sha-1WithRSAEncryption" }, /* 80 */
- { 0x0B, 82, 0, 8, "sha256WithRSAEncryption" }, /* 81 */
- { 0x0C, 83, 0, 8, "sha384WithRSAEncryption" }, /* 82 */
- { 0x0D, 84, 0, 8, "sha512WithRSAEncryption" }, /* 83 */
- { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 84 */
- { 0x07, 92, 1, 7, "PKCS-7" }, /* 85 */
- { 0x01, 87, 0, 8, "data" }, /* 86 */
- { 0x02, 88, 0, 8, "signedData" }, /* 87 */
- { 0x03, 89, 0, 8, "envelopedData" }, /* 88 */
- { 0x04, 90, 0, 8, "signedAndEnvelopedData" }, /* 89 */
- { 0x05, 91, 0, 8, "digestedData" }, /* 90 */
- { 0x06, 0, 0, 8, "encryptedData" }, /* 91 */
- { 0x09, 0, 1, 7, "PKCS-9" }, /* 92 */
- { 0x01, 94, 0, 8, "E" }, /* 93 */
- { 0x02, 95, 0, 8, "unstructuredName" }, /* 94 */
- { 0x03, 96, 0, 8, "contentType" }, /* 95 */
- { 0x04, 97, 0, 8, "messageDigest" }, /* 96 */
- { 0x05, 98, 0, 8, "signingTime" }, /* 97 */
- { 0x06, 99, 0, 8, "counterSignature" }, /* 98 */
- { 0x07, 100, 0, 8, "challengePassword" }, /* 99 */
- { 0x08, 101, 0, 8, "unstructuredAddress" }, /* 100 */
- { 0x0E, 102, 0, 8, "extensionRequest" }, /* 101 */
- { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 102 */
- { 0x02, 106, 1, 6, "digestAlgorithm" }, /* 103 */
- { 0x02, 105, 0, 7, "md2" }, /* 104 */
- { 0x05, 0, 0, 7, "md5" }, /* 105 */
- { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 106 */
- { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 107 */
- { 0xCE, 0, 1, 3, "" }, /* 108 */
- { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 109 */
- { 0x02, 112, 1, 5, "id-publicKeyType" }, /* 110 */
- { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 111 */
- { 0x03, 142, 1, 5, "ellipticCurve" }, /* 112 */
- { 0x00, 134, 1, 6, "c-TwoCurve" }, /* 113 */
- { 0x01, 115, 0, 7, "c2pnb163v1" }, /* 114 */
- { 0x02, 116, 0, 7, "c2pnb163v2" }, /* 115 */
- { 0x03, 117, 0, 7, "c2pnb163v3" }, /* 116 */
- { 0x04, 118, 0, 7, "c2pnb176w1" }, /* 117 */
- { 0x05, 119, 0, 7, "c2tnb191v1" }, /* 118 */
- { 0x06, 120, 0, 7, "c2tnb191v2" }, /* 119 */
- { 0x07, 121, 0, 7, "c2tnb191v3" }, /* 120 */
- { 0x08, 122, 0, 7, "c2onb191v4" }, /* 121 */
- { 0x09, 123, 0, 7, "c2onb191v5" }, /* 122 */
- { 0x0A, 124, 0, 7, "c2pnb208w1" }, /* 123 */
- { 0x0B, 125, 0, 7, "c2tnb239v1" }, /* 124 */
- { 0x0C, 126, 0, 7, "c2tnb239v2" }, /* 125 */
- { 0x0D, 127, 0, 7, "c2tnb239v3" }, /* 126 */
- { 0x0E, 128, 0, 7, "c2onb239v4" }, /* 127 */
- { 0x0F, 129, 0, 7, "c2onb239v5" }, /* 128 */
- { 0x10, 130, 0, 7, "c2pnb272w1" }, /* 129 */
- { 0x11, 131, 0, 7, "c2pnb304w1" }, /* 130 */
- { 0x12, 132, 0, 7, "c2tnb359v1" }, /* 131 */
- { 0x13, 133, 0, 7, "c2pnb368w1" }, /* 132 */
- { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 133 */
- { 0x01, 0, 1, 6, "primeCurve" }, /* 134 */
- { 0x01, 136, 0, 7, "prime192v1" }, /* 135 */
- { 0x02, 137, 0, 7, "prime192v2" }, /* 136 */
- { 0x03, 138, 0, 7, "prime192v3" }, /* 137 */
- { 0x04, 139, 0, 7, "prime239v1" }, /* 138 */
- { 0x05, 140, 0, 7, "prime239v2" }, /* 139 */
- { 0x06, 141, 0, 7, "prime239v3" }, /* 140 */
- { 0x07, 0, 0, 7, "prime256v1" }, /* 141 */
- { 0x04, 0, 1, 5, "id-ecSigType" }, /* 142 */
- { 0x01, 144, 0, 6, "ecdsa-with-SHA1" }, /* 143 */
- { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 144 */
- { 0x01, 146, 0, 7, "ecdsa-with-SHA224" }, /* 145 */
- { 0x02, 147, 0, 7, "ecdsa-with-SHA256" }, /* 146 */
- { 0x03, 148, 0, 7, "ecdsa-with-SHA384" }, /* 147 */
- { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 148 */
- {0x2B, 249, 1, 0, "" }, /* 149 */
- { 0x06, 202, 1, 1, "dod" }, /* 150 */
- { 0x01, 0, 1, 2, "internet" }, /* 151 */
- { 0x04, 170, 1, 3, "private" }, /* 152 */
- { 0x01, 0, 1, 4, "enterprise" }, /* 153 */
- { 0x82, 163, 1, 5, "" }, /* 154 */
- { 0x37, 0, 1, 6, "Microsoft" }, /* 155 */
- { 0x0A, 160, 1, 7, "" }, /* 156 */
- { 0x03, 0, 1, 8, "" }, /* 157 */
- { 0x03, 159, 0, 9, "msSGC" }, /* 158 */
- { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 159 */
- { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 160 */
- { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 161 */
- { 0x02, 0, 0, 9, "msSmartcardLogon" }, /* 162 */
- { 0x89, 0, 1, 5, "" }, /* 163 */
- { 0x31, 0, 1, 6, "" }, /* 164 */
- { 0x01, 0, 1, 7, "" }, /* 165 */
- { 0x01, 0, 1, 8, "" }, /* 166 */
- { 0x02, 0, 1, 9, "" }, /* 167 */
- { 0x02, 169, 0, 10, "" }, /* 168 */
- { 0x4B, 0, 0, 10, "TCGID" }, /* 169 */
- { 0x05, 0, 1, 3, "security" }, /* 170 */
- { 0x05, 0, 1, 4, "mechanisms" }, /* 171 */
- { 0x07, 0, 1, 5, "id-pkix" }, /* 172 */
- { 0x01, 175, 1, 6, "id-pe" }, /* 173 */
- { 0x01, 0, 0, 7, "authorityInfoAccess" }, /* 174 */
- { 0x03, 185, 1, 6, "id-kp" }, /* 175 */
- { 0x01, 177, 0, 7, "serverAuth" }, /* 176 */
- { 0x02, 178, 0, 7, "clientAuth" }, /* 177 */
- { 0x03, 179, 0, 7, "codeSigning" }, /* 178 */
- { 0x04, 180, 0, 7, "emailProtection" }, /* 179 */
- { 0x05, 181, 0, 7, "ipsecEndSystem" }, /* 180 */
- { 0x06, 182, 0, 7, "ipsecTunnel" }, /* 181 */
- { 0x07, 183, 0, 7, "ipsecUser" }, /* 182 */
- { 0x08, 184, 0, 7, "timeStamping" }, /* 183 */
- { 0x09, 0, 0, 7, "ocspSigning" }, /* 184 */
- { 0x08, 187, 1, 6, "id-otherNames" }, /* 185 */
- { 0x05, 0, 0, 7, "xmppAddr" }, /* 186 */
- { 0x0A, 192, 1, 6, "id-aca" }, /* 187 */
- { 0x01, 189, 0, 7, "authenticationInfo" }, /* 188 */
- { 0x02, 190, 0, 7, "accessIdentity" }, /* 189 */
- { 0x03, 191, 0, 7, "chargingIdentity" }, /* 190 */
- { 0x04, 0, 0, 7, "group" }, /* 191 */
- { 0x30, 0, 1, 6, "id-ad" }, /* 192 */
- { 0x01, 201, 1, 7, "ocsp" }, /* 193 */
- { 0x01, 195, 0, 8, "basic" }, /* 194 */
- { 0x02, 196, 0, 8, "nonce" }, /* 195 */
- { 0x03, 197, 0, 8, "crl" }, /* 196 */
- { 0x04, 198, 0, 8, "response" }, /* 197 */
- { 0x05, 199, 0, 8, "noCheck" }, /* 198 */
- { 0x06, 200, 0, 8, "archiveCutoff" }, /* 199 */
- { 0x07, 0, 0, 8, "serviceLocator" }, /* 200 */
- { 0x02, 0, 0, 7, "caIssuers" }, /* 201 */
- { 0x0E, 208, 1, 1, "oiw" }, /* 202 */
- { 0x03, 0, 1, 2, "secsig" }, /* 203 */
- { 0x02, 0, 1, 3, "algorithms" }, /* 204 */
- { 0x07, 206, 0, 4, "des-cbc" }, /* 205 */
- { 0x1A, 207, 0, 4, "sha-1" }, /* 206 */
- { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 207 */
- { 0x24, 215, 1, 1, "TeleTrusT" }, /* 208 */
- { 0x03, 0, 1, 2, "algorithm" }, /* 209 */
- { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 210 */
- { 0x01, 0, 1, 4, "rsaSignature" }, /* 211 */
- { 0x02, 213, 0, 5, "rsaSigWithripemd160" }, /* 212 */
- { 0x03, 214, 0, 5, "rsaSigWithripemd128" }, /* 213 */
- { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 214 */
- { 0x81, 0, 1, 1, "" }, /* 215 */
- { 0x04, 0, 1, 2, "Certicom" }, /* 216 */
- { 0x00, 0, 1, 3, "curve" }, /* 217 */
- { 0x01, 219, 0, 4, "sect163k1" }, /* 218 */
- { 0x02, 220, 0, 4, "sect163r1" }, /* 219 */
- { 0x03, 221, 0, 4, "sect239k1" }, /* 220 */
- { 0x04, 222, 0, 4, "sect113r1" }, /* 221 */
- { 0x05, 223, 0, 4, "sect113r2" }, /* 222 */
- { 0x06, 224, 0, 4, "secp112r1" }, /* 223 */
- { 0x07, 225, 0, 4, "secp112r2" }, /* 224 */
- { 0x08, 226, 0, 4, "secp160r1" }, /* 225 */
- { 0x09, 227, 0, 4, "secp160k1" }, /* 226 */
- { 0x0A, 228, 0, 4, "secp256k1" }, /* 227 */
- { 0x0F, 229, 0, 4, "sect163r2" }, /* 228 */
- { 0x10, 230, 0, 4, "sect283k1" }, /* 229 */
- { 0x11, 231, 0, 4, "sect283r1" }, /* 230 */
- { 0x16, 232, 0, 4, "sect131r1" }, /* 231 */
- { 0x17, 233, 0, 4, "sect131r2" }, /* 232 */
- { 0x18, 234, 0, 4, "sect193r1" }, /* 233 */
- { 0x19, 235, 0, 4, "sect193r2" }, /* 234 */
- { 0x1A, 236, 0, 4, "sect233k1" }, /* 235 */
- { 0x1B, 237, 0, 4, "sect233r1" }, /* 236 */
- { 0x1C, 238, 0, 4, "secp128r1" }, /* 237 */
- { 0x1D, 239, 0, 4, "secp128r2" }, /* 238 */
- { 0x1E, 240, 0, 4, "secp160r2" }, /* 239 */
- { 0x1F, 241, 0, 4, "secp192k1" }, /* 240 */
- { 0x20, 242, 0, 4, "secp224k1" }, /* 241 */
- { 0x21, 243, 0, 4, "secp224r1" }, /* 242 */
- { 0x22, 244, 0, 4, "secp384r1" }, /* 243 */
- { 0x23, 245, 0, 4, "secp521r1" }, /* 244 */
- { 0x24, 246, 0, 4, "sect409k1" }, /* 245 */
- { 0x25, 247, 0, 4, "sect409r1" }, /* 246 */
- { 0x26, 248, 0, 4, "sect571k1" }, /* 247 */
- { 0x27, 0, 0, 4, "sect571r1" }, /* 248 */
- {0x60, 0, 1, 0, "" }, /* 249 */
- { 0x86, 0, 1, 1, "" }, /* 250 */
- { 0x48, 0, 1, 2, "" }, /* 251 */
- { 0x01, 295, 1, 3, "organization" }, /* 252 */
- { 0x65, 271, 1, 4, "gov" }, /* 253 */
- { 0x03, 0, 1, 5, "csor" }, /* 254 */
- { 0x04, 0, 1, 6, "nistalgorithm" }, /* 255 */
- { 0x01, 266, 1, 7, "aes" }, /* 256 */
- { 0x02, 258, 0, 8, "id-aes128-CBC" }, /* 257 */
- { 0x06, 259, 0, 8, "id-aes128-GCM" }, /* 258 */
- { 0x07, 260, 0, 8, "id-aes128-CCM" }, /* 259 */
- { 0x16, 261, 0, 8, "id-aes192-CBC" }, /* 260 */
- { 0x1A, 262, 0, 8, "id-aes192-GCM" }, /* 261 */
- { 0x1B, 263, 0, 8, "id-aes192-CCM" }, /* 262 */
- { 0x2A, 264, 0, 8, "id-aes256-CBC" }, /* 263 */
- { 0x2E, 265, 0, 8, "id-aes256-GCM" }, /* 264 */
- { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 265 */
- { 0x02, 0, 1, 7, "hashalgs" }, /* 266 */
- { 0x01, 268, 0, 8, "id-SHA-256" }, /* 267 */
- { 0x02, 269, 0, 8, "id-SHA-384" }, /* 268 */
- { 0x03, 270, 0, 8, "id-SHA-512" }, /* 269 */
- { 0x04, 0, 0, 8, "id-SHA-224" }, /* 270 */
- { 0x86, 0, 1, 4, "" }, /* 271 */
- { 0xf8, 0, 1, 5, "" }, /* 272 */
- { 0x42, 285, 1, 6, "netscape" }, /* 273 */
- { 0x01, 280, 1, 7, "" }, /* 274 */
- { 0x01, 276, 0, 8, "nsCertType" }, /* 275 */
- { 0x03, 277, 0, 8, "nsRevocationUrl" }, /* 276 */
- { 0x04, 278, 0, 8, "nsCaRevocationUrl" }, /* 277 */
- { 0x08, 279, 0, 8, "nsCaPolicyUrl" }, /* 278 */
- { 0x0d, 0, 0, 8, "nsComment" }, /* 279 */
- { 0x03, 283, 1, 7, "directory" }, /* 280 */
- { 0x01, 0, 1, 8, "" }, /* 281 */
- { 0x03, 0, 0, 9, "employeeNumber" }, /* 282 */
- { 0x04, 0, 1, 7, "policy" }, /* 283 */
- { 0x01, 0, 0, 8, "nsSGC" }, /* 284 */
- { 0x45, 0, 1, 6, "verisign" }, /* 285 */
- { 0x01, 0, 1, 7, "pki" }, /* 286 */
- { 0x09, 0, 1, 8, "attributes" }, /* 287 */
- { 0x02, 289, 0, 9, "messageType" }, /* 288 */
- { 0x03, 290, 0, 9, "pkiStatus" }, /* 289 */
- { 0x04, 291, 0, 9, "failInfo" }, /* 290 */
- { 0x05, 292, 0, 9, "senderNonce" }, /* 291 */
- { 0x06, 293, 0, 9, "recipientNonce" }, /* 292 */
- { 0x07, 294, 0, 9, "transID" }, /* 293 */
- { 0x08, 0, 0, 9, "extensionReq" }, /* 294 */
- { 0x86, 0, 1, 3, "old-netscape" }, /* 295 */
- { 0xF7, 0, 1, 4, "" }, /* 296 */
- { 0x0D, 0, 1, 5, "" }, /* 297 */
- { 0x01, 0, 1, 6, "" }, /* 298 */
- { 0x09, 0, 1, 7, "" }, /* 299 */
- { 0x01, 301, 0, 8, "emailAddress" }, /* 300 */
- { 0x02, 0, 0, 8, "unstructuredName" } /* 301 */
+ { 0x17, 47, 0, 2, "holdInstructionCode" }, /* 46 */
+ { 0x18, 48, 0, 2, "invalidityDate" }, /* 47 */
+ { 0x1B, 49, 0, 2, "deltaCrlIndicator" }, /* 48 */
+ { 0x1C, 50, 0, 2, "issuingDistributionPoint" }, /* 49 */
+ { 0x1D, 51, 0, 2, "certificateIssuer" }, /* 50 */
+ { 0x1E, 52, 0, 2, "nameConstraints" }, /* 51 */
+ { 0x1F, 53, 0, 2, "crlDistributionPoints" }, /* 52 */
+ { 0x20, 55, 1, 2, "certificatePolicies" }, /* 53 */
+ { 0x00, 0, 0, 3, "anyPolicy" }, /* 54 */
+ { 0x21, 56, 0, 2, "policyMappings" }, /* 55 */
+ { 0x23, 57, 0, 2, "authorityKeyIdentifier" }, /* 56 */
+ { 0x24, 58, 0, 2, "policyConstraints" }, /* 57 */
+ { 0x25, 60, 1, 2, "extendedKeyUsage" }, /* 58 */
+ { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 59 */
+ { 0x2E, 61, 0, 2, "freshestCRL" }, /* 60 */
+ { 0x36, 62, 0, 2, "inhibitAnyPolicy" }, /* 61 */
+ { 0x37, 63, 0, 2, "targetInformation" }, /* 62 */
+ { 0x38, 0, 0, 2, "noRevAvail" }, /* 63 */
+ {0x2A, 161, 1, 0, "" }, /* 64 */
+ { 0x83, 77, 1, 1, "" }, /* 65 */
+ { 0x08, 0, 1, 2, "jp" }, /* 66 */
+ { 0x8C, 0, 1, 3, "" }, /* 67 */
+ { 0x9A, 0, 1, 4, "" }, /* 68 */
+ { 0x4B, 0, 1, 5, "" }, /* 69 */
+ { 0x3D, 0, 1, 6, "" }, /* 70 */
+ { 0x01, 0, 1, 7, "security" }, /* 71 */
+ { 0x01, 0, 1, 8, "algorithm" }, /* 72 */
+ { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 73 */
+ { 0x02, 75, 0, 10, "camellia128-cbc" }, /* 74 */
+ { 0x03, 76, 0, 10, "camellia192-cbc" }, /* 75 */
+ { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 76 */
+ { 0x86, 0, 1, 1, "" }, /* 77 */
+ { 0x48, 0, 1, 2, "us" }, /* 78 */
+ { 0x86, 120, 1, 3, "" }, /* 79 */
+ { 0xF6, 85, 1, 4, "" }, /* 80 */
+ { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 81 */
+ { 0x07, 0, 1, 6, "Entrust" }, /* 82 */
+ { 0x41, 0, 1, 7, "nsn-ce" }, /* 83 */
+ { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 84 */
+ { 0xF7, 0, 1, 4, "" }, /* 85 */
+ { 0x0D, 0, 1, 5, "RSADSI" }, /* 86 */
+ { 0x01, 115, 1, 6, "PKCS" }, /* 87 */
+ { 0x01, 97, 1, 7, "PKCS-1" }, /* 88 */
+ { 0x01, 90, 0, 8, "rsaEncryption" }, /* 89 */
+ { 0x02, 91, 0, 8, "md2WithRSAEncryption" }, /* 90 */
+ { 0x04, 92, 0, 8, "md5WithRSAEncryption" }, /* 91 */
+ { 0x05, 93, 0, 8, "sha-1WithRSAEncryption" }, /* 92 */
+ { 0x0B, 94, 0, 8, "sha256WithRSAEncryption" }, /* 93 */
+ { 0x0C, 95, 0, 8, "sha384WithRSAEncryption" }, /* 94 */
+ { 0x0D, 96, 0, 8, "sha512WithRSAEncryption" }, /* 95 */
+ { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 96 */
+ { 0x07, 104, 1, 7, "PKCS-7" }, /* 97 */
+ { 0x01, 99, 0, 8, "data" }, /* 98 */
+ { 0x02, 100, 0, 8, "signedData" }, /* 99 */
+ { 0x03, 101, 0, 8, "envelopedData" }, /* 100 */
+ { 0x04, 102, 0, 8, "signedAndEnvelopedData" }, /* 101 */
+ { 0x05, 103, 0, 8, "digestedData" }, /* 102 */
+ { 0x06, 0, 0, 8, "encryptedData" }, /* 103 */
+ { 0x09, 0, 1, 7, "PKCS-9" }, /* 104 */
+ { 0x01, 106, 0, 8, "E" }, /* 105 */
+ { 0x02, 107, 0, 8, "unstructuredName" }, /* 106 */
+ { 0x03, 108, 0, 8, "contentType" }, /* 107 */
+ { 0x04, 109, 0, 8, "messageDigest" }, /* 108 */
+ { 0x05, 110, 0, 8, "signingTime" }, /* 109 */
+ { 0x06, 111, 0, 8, "counterSignature" }, /* 110 */
+ { 0x07, 112, 0, 8, "challengePassword" }, /* 111 */
+ { 0x08, 113, 0, 8, "unstructuredAddress" }, /* 112 */
+ { 0x0E, 114, 0, 8, "extensionRequest" }, /* 113 */
+ { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 114 */
+ { 0x02, 118, 1, 6, "digestAlgorithm" }, /* 115 */
+ { 0x02, 117, 0, 7, "md2" }, /* 116 */
+ { 0x05, 0, 0, 7, "md5" }, /* 117 */
+ { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 118 */
+ { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 119 */
+ { 0xCE, 0, 1, 3, "" }, /* 120 */
+ { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 121 */
+ { 0x02, 124, 1, 5, "id-publicKeyType" }, /* 122 */
+ { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 123 */
+ { 0x03, 154, 1, 5, "ellipticCurve" }, /* 124 */
+ { 0x00, 146, 1, 6, "c-TwoCurve" }, /* 125 */
+ { 0x01, 127, 0, 7, "c2pnb163v1" }, /* 126 */
+ { 0x02, 128, 0, 7, "c2pnb163v2" }, /* 127 */
+ { 0x03, 129, 0, 7, "c2pnb163v3" }, /* 128 */
+ { 0x04, 130, 0, 7, "c2pnb176w1" }, /* 129 */
+ { 0x05, 131, 0, 7, "c2tnb191v1" }, /* 130 */
+ { 0x06, 132, 0, 7, "c2tnb191v2" }, /* 131 */
+ { 0x07, 133, 0, 7, "c2tnb191v3" }, /* 132 */
+ { 0x08, 134, 0, 7, "c2onb191v4" }, /* 133 */
+ { 0x09, 135, 0, 7, "c2onb191v5" }, /* 134 */
+ { 0x0A, 136, 0, 7, "c2pnb208w1" }, /* 135 */
+ { 0x0B, 137, 0, 7, "c2tnb239v1" }, /* 136 */
+ { 0x0C, 138, 0, 7, "c2tnb239v2" }, /* 137 */
+ { 0x0D, 139, 0, 7, "c2tnb239v3" }, /* 138 */
+ { 0x0E, 140, 0, 7, "c2onb239v4" }, /* 139 */
+ { 0x0F, 141, 0, 7, "c2onb239v5" }, /* 140 */
+ { 0x10, 142, 0, 7, "c2pnb272w1" }, /* 141 */
+ { 0x11, 143, 0, 7, "c2pnb304w1" }, /* 142 */
+ { 0x12, 144, 0, 7, "c2tnb359v1" }, /* 143 */
+ { 0x13, 145, 0, 7, "c2pnb368w1" }, /* 144 */
+ { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 145 */
+ { 0x01, 0, 1, 6, "primeCurve" }, /* 146 */
+ { 0x01, 148, 0, 7, "prime192v1" }, /* 147 */
+ { 0x02, 149, 0, 7, "prime192v2" }, /* 148 */
+ { 0x03, 150, 0, 7, "prime192v3" }, /* 149 */
+ { 0x04, 151, 0, 7, "prime239v1" }, /* 150 */
+ { 0x05, 152, 0, 7, "prime239v2" }, /* 151 */
+ { 0x06, 153, 0, 7, "prime239v3" }, /* 152 */
+ { 0x07, 0, 0, 7, "prime256v1" }, /* 153 */
+ { 0x04, 0, 1, 5, "id-ecSigType" }, /* 154 */
+ { 0x01, 156, 0, 6, "ecdsa-with-SHA1" }, /* 155 */
+ { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 156 */
+ { 0x01, 158, 0, 7, "ecdsa-with-SHA224" }, /* 157 */
+ { 0x02, 159, 0, 7, "ecdsa-with-SHA256" }, /* 158 */
+ { 0x03, 160, 0, 7, "ecdsa-with-SHA384" }, /* 159 */
+ { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 160 */
+ {0x2B, 307, 1, 0, "" }, /* 161 */
+ { 0x06, 221, 1, 1, "dod" }, /* 162 */
+ { 0x01, 0, 1, 2, "internet" }, /* 163 */
+ { 0x04, 182, 1, 3, "private" }, /* 164 */
+ { 0x01, 0, 1, 4, "enterprise" }, /* 165 */
+ { 0x82, 175, 1, 5, "" }, /* 166 */
+ { 0x37, 0, 1, 6, "Microsoft" }, /* 167 */
+ { 0x0A, 172, 1, 7, "" }, /* 168 */
+ { 0x03, 0, 1, 8, "" }, /* 169 */
+ { 0x03, 171, 0, 9, "msSGC" }, /* 170 */
+ { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 171 */
+ { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 172 */
+ { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 173 */
+ { 0x02, 0, 0, 9, "msSmartcardLogon" }, /* 174 */
+ { 0x89, 0, 1, 5, "" }, /* 175 */
+ { 0x31, 0, 1, 6, "" }, /* 176 */
+ { 0x01, 0, 1, 7, "" }, /* 177 */
+ { 0x01, 0, 1, 8, "" }, /* 178 */
+ { 0x02, 0, 1, 9, "" }, /* 179 */
+ { 0x02, 181, 0, 10, "" }, /* 180 */
+ { 0x4B, 0, 0, 10, "TCGID" }, /* 181 */
+ { 0x05, 0, 1, 3, "security" }, /* 182 */
+ { 0x05, 0, 1, 4, "mechanisms" }, /* 183 */
+ { 0x07, 0, 1, 5, "id-pkix" }, /* 184 */
+ { 0x01, 188, 1, 6, "id-pe" }, /* 185 */
+ { 0x01, 187, 0, 7, "authorityInfoAccess" }, /* 186 */
+ { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 187 */
+ { 0x02, 191, 1, 6, "id-qt" }, /* 188 */
+ { 0x01, 190, 0, 7, "cps" }, /* 189 */
+ { 0x02, 0, 0, 7, "unotice" }, /* 190 */
+ { 0x03, 201, 1, 6, "id-kp" }, /* 191 */
+ { 0x01, 193, 0, 7, "serverAuth" }, /* 192 */
+ { 0x02, 194, 0, 7, "clientAuth" }, /* 193 */
+ { 0x03, 195, 0, 7, "codeSigning" }, /* 194 */
+ { 0x04, 196, 0, 7, "emailProtection" }, /* 195 */
+ { 0x05, 197, 0, 7, "ipsecEndSystem" }, /* 196 */
+ { 0x06, 198, 0, 7, "ipsecTunnel" }, /* 197 */
+ { 0x07, 199, 0, 7, "ipsecUser" }, /* 198 */
+ { 0x08, 200, 0, 7, "timeStamping" }, /* 199 */
+ { 0x09, 0, 0, 7, "ocspSigning" }, /* 200 */
+ { 0x08, 203, 1, 6, "id-otherNames" }, /* 201 */
+ { 0x05, 0, 0, 7, "xmppAddr" }, /* 202 */
+ { 0x0A, 208, 1, 6, "id-aca" }, /* 203 */
+ { 0x01, 205, 0, 7, "authenticationInfo" }, /* 204 */
+ { 0x02, 206, 0, 7, "accessIdentity" }, /* 205 */
+ { 0x03, 207, 0, 7, "chargingIdentity" }, /* 206 */
+ { 0x04, 0, 0, 7, "group" }, /* 207 */
+ { 0x0B, 209, 0, 6, "subjectInfoAccess" }, /* 208 */
+ { 0x30, 0, 1, 6, "id-ad" }, /* 209 */
+ { 0x01, 218, 1, 7, "ocsp" }, /* 210 */
+ { 0x01, 212, 0, 8, "basic" }, /* 211 */
+ { 0x02, 213, 0, 8, "nonce" }, /* 212 */
+ { 0x03, 214, 0, 8, "crl" }, /* 213 */
+ { 0x04, 215, 0, 8, "response" }, /* 214 */
+ { 0x05, 216, 0, 8, "noCheck" }, /* 215 */
+ { 0x06, 217, 0, 8, "archiveCutoff" }, /* 216 */
+ { 0x07, 0, 0, 8, "serviceLocator" }, /* 217 */
+ { 0x02, 219, 0, 7, "caIssuers" }, /* 218 */
+ { 0x03, 220, 0, 7, "timeStamping" }, /* 219 */
+ { 0x05, 0, 0, 7, "caRepository" }, /* 220 */
+ { 0x0E, 227, 1, 1, "oiw" }, /* 221 */
+ { 0x03, 0, 1, 2, "secsig" }, /* 222 */
+ { 0x02, 0, 1, 3, "algorithms" }, /* 223 */
+ { 0x07, 225, 0, 4, "des-cbc" }, /* 224 */
+ { 0x1A, 226, 0, 4, "sha-1" }, /* 225 */
+ { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 226 */
+ { 0x24, 273, 1, 1, "TeleTrusT" }, /* 227 */
+ { 0x03, 0, 1, 2, "algorithm" }, /* 228 */
+ { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 229 */
+ { 0x01, 234, 1, 4, "rsaSignature" }, /* 230 */
+ { 0x02, 232, 0, 5, "rsaSigWithripemd160" }, /* 231 */
+ { 0x03, 233, 0, 5, "rsaSigWithripemd128" }, /* 232 */
+ { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 233 */
+ { 0x02, 0, 1, 4, "ecSign" }, /* 234 */
+ { 0x01, 236, 0, 5, "ecSignWithsha1" }, /* 235 */
+ { 0x02, 237, 0, 5, "ecSignWithripemd160" }, /* 236 */
+ { 0x03, 238, 0, 5, "ecSignWithmd2" }, /* 237 */
+ { 0x04, 239, 0, 5, "ecSignWithmd5" }, /* 238 */
+ { 0x05, 256, 1, 5, "ttt-ecg" }, /* 239 */
+ { 0x01, 244, 1, 6, "fieldType" }, /* 240 */
+ { 0x01, 0, 1, 7, "characteristictwoField" }, /* 241 */
+ { 0x01, 0, 1, 8, "basisType" }, /* 242 */
+ { 0x01, 0, 0, 9, "ipBasis" }, /* 243 */
+ { 0x02, 246, 1, 6, "keyType" }, /* 244 */
+ { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 245 */
+ { 0x03, 247, 0, 6, "curve" }, /* 246 */
+ { 0x04, 254, 1, 6, "signatures" }, /* 247 */
+ { 0x01, 249, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 248 */
+ { 0x02, 250, 0, 7, "ecgdsa-with-SHA1" }, /* 249 */
+ { 0x03, 251, 0, 7, "ecgdsa-with-SHA224" }, /* 250 */
+ { 0x04, 252, 0, 7, "ecgdsa-with-SHA256" }, /* 251 */
+ { 0x05, 253, 0, 7, "ecgdsa-with-SHA384" }, /* 252 */
+ { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 253 */
+ { 0x05, 0, 1, 6, "module" }, /* 254 */
+ { 0x01, 0, 0, 7, "1" }, /* 255 */
+ { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 256 */
+ { 0x01, 0, 1, 6, "ellipticCurve" }, /* 257 */
+ { 0x01, 0, 1, 7, "versionOne" }, /* 258 */
+ { 0x01, 260, 0, 8, "brainpoolP160r1" }, /* 259 */
+ { 0x02, 261, 0, 8, "brainpoolP160t1" }, /* 260 */
+ { 0x03, 262, 0, 8, "brainpoolP192r1" }, /* 261 */
+ { 0x04, 263, 0, 8, "brainpoolP192t1" }, /* 262 */
+ { 0x05, 264, 0, 8, "brainpoolP224r1" }, /* 263 */
+ { 0x06, 265, 0, 8, "brainpoolP224t1" }, /* 264 */
+ { 0x07, 266, 0, 8, "brainpoolP256r1" }, /* 265 */
+ { 0x08, 267, 0, 8, "brainpoolP256t1" }, /* 266 */
+ { 0x09, 268, 0, 8, "brainpoolP320r1" }, /* 267 */
+ { 0x0A, 269, 0, 8, "brainpoolP320t1" }, /* 268 */
+ { 0x0B, 270, 0, 8, "brainpoolP384r1" }, /* 269 */
+ { 0x0C, 271, 0, 8, "brainpoolP384t1" }, /* 270 */
+ { 0x0D, 272, 0, 8, "brainpoolP512r1" }, /* 271 */
+ { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 272 */
+ { 0x81, 0, 1, 1, "" }, /* 273 */
+ { 0x04, 0, 1, 2, "Certicom" }, /* 274 */
+ { 0x00, 0, 1, 3, "curve" }, /* 275 */
+ { 0x01, 277, 0, 4, "sect163k1" }, /* 276 */
+ { 0x02, 278, 0, 4, "sect163r1" }, /* 277 */
+ { 0x03, 279, 0, 4, "sect239k1" }, /* 278 */
+ { 0x04, 280, 0, 4, "sect113r1" }, /* 279 */
+ { 0x05, 281, 0, 4, "sect113r2" }, /* 280 */
+ { 0x06, 282, 0, 4, "secp112r1" }, /* 281 */
+ { 0x07, 283, 0, 4, "secp112r2" }, /* 282 */
+ { 0x08, 284, 0, 4, "secp160r1" }, /* 283 */
+ { 0x09, 285, 0, 4, "secp160k1" }, /* 284 */
+ { 0x0A, 286, 0, 4, "secp256k1" }, /* 285 */
+ { 0x0F, 287, 0, 4, "sect163r2" }, /* 286 */
+ { 0x10, 288, 0, 4, "sect283k1" }, /* 287 */
+ { 0x11, 289, 0, 4, "sect283r1" }, /* 288 */
+ { 0x16, 290, 0, 4, "sect131r1" }, /* 289 */
+ { 0x17, 291, 0, 4, "sect131r2" }, /* 290 */
+ { 0x18, 292, 0, 4, "sect193r1" }, /* 291 */
+ { 0x19, 293, 0, 4, "sect193r2" }, /* 292 */
+ { 0x1A, 294, 0, 4, "sect233k1" }, /* 293 */
+ { 0x1B, 295, 0, 4, "sect233r1" }, /* 294 */
+ { 0x1C, 296, 0, 4, "secp128r1" }, /* 295 */
+ { 0x1D, 297, 0, 4, "secp128r2" }, /* 296 */
+ { 0x1E, 298, 0, 4, "secp160r2" }, /* 297 */
+ { 0x1F, 299, 0, 4, "secp192k1" }, /* 298 */
+ { 0x20, 300, 0, 4, "secp224k1" }, /* 299 */
+ { 0x21, 301, 0, 4, "secp224r1" }, /* 300 */
+ { 0x22, 302, 0, 4, "secp384r1" }, /* 301 */
+ { 0x23, 303, 0, 4, "secp521r1" }, /* 302 */
+ { 0x24, 304, 0, 4, "sect409k1" }, /* 303 */
+ { 0x25, 305, 0, 4, "sect409r1" }, /* 304 */
+ { 0x26, 306, 0, 4, "sect571k1" }, /* 305 */
+ { 0x27, 0, 0, 4, "sect571r1" }, /* 306 */
+ {0x60, 0, 1, 0, "" }, /* 307 */
+ { 0x86, 0, 1, 1, "" }, /* 308 */
+ { 0x48, 0, 1, 2, "" }, /* 309 */
+ { 0x01, 0, 1, 3, "organization" }, /* 310 */
+ { 0x65, 329, 1, 4, "gov" }, /* 311 */
+ { 0x03, 0, 1, 5, "csor" }, /* 312 */
+ { 0x04, 0, 1, 6, "nistalgorithm" }, /* 313 */
+ { 0x01, 324, 1, 7, "aes" }, /* 314 */
+ { 0x02, 316, 0, 8, "id-aes128-CBC" }, /* 315 */
+ { 0x06, 317, 0, 8, "id-aes128-GCM" }, /* 316 */
+ { 0x07, 318, 0, 8, "id-aes128-CCM" }, /* 317 */
+ { 0x16, 319, 0, 8, "id-aes192-CBC" }, /* 318 */
+ { 0x1A, 320, 0, 8, "id-aes192-GCM" }, /* 319 */
+ { 0x1B, 321, 0, 8, "id-aes192-CCM" }, /* 320 */
+ { 0x2A, 322, 0, 8, "id-aes256-CBC" }, /* 321 */
+ { 0x2E, 323, 0, 8, "id-aes256-GCM" }, /* 322 */
+ { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 323 */
+ { 0x02, 0, 1, 7, "hashalgs" }, /* 324 */
+ { 0x01, 326, 0, 8, "id-SHA-256" }, /* 325 */
+ { 0x02, 327, 0, 8, "id-SHA-384" }, /* 326 */
+ { 0x03, 328, 0, 8, "id-SHA-512" }, /* 327 */
+ { 0x04, 0, 0, 8, "id-SHA-224" }, /* 328 */
+ { 0x86, 0, 1, 4, "" }, /* 329 */
+ { 0xf8, 0, 1, 5, "" }, /* 330 */
+ { 0x42, 343, 1, 6, "netscape" }, /* 331 */
+ { 0x01, 338, 1, 7, "" }, /* 332 */
+ { 0x01, 334, 0, 8, "nsCertType" }, /* 333 */
+ { 0x03, 335, 0, 8, "nsRevocationUrl" }, /* 334 */
+ { 0x04, 336, 0, 8, "nsCaRevocationUrl" }, /* 335 */
+ { 0x08, 337, 0, 8, "nsCaPolicyUrl" }, /* 336 */
+ { 0x0d, 0, 0, 8, "nsComment" }, /* 337 */
+ { 0x03, 341, 1, 7, "directory" }, /* 338 */
+ { 0x01, 0, 1, 8, "" }, /* 339 */
+ { 0x03, 0, 0, 9, "employeeNumber" }, /* 340 */
+ { 0x04, 0, 1, 7, "policy" }, /* 341 */
+ { 0x01, 0, 0, 8, "nsSGC" }, /* 342 */
+ { 0x45, 0, 1, 6, "verisign" }, /* 343 */
+ { 0x01, 0, 1, 7, "pki" }, /* 344 */
+ { 0x09, 0, 1, 8, "attributes" }, /* 345 */
+ { 0x02, 347, 0, 9, "messageType" }, /* 346 */
+ { 0x03, 348, 0, 9, "pkiStatus" }, /* 347 */
+ { 0x04, 349, 0, 9, "failInfo" }, /* 348 */
+ { 0x05, 350, 0, 9, "senderNonce" }, /* 349 */
+ { 0x06, 351, 0, 9, "recipientNonce" }, /* 350 */
+ { 0x07, 352, 0, 9, "transID" }, /* 351 */
+ { 0x08, 353, 0, 9, "extensionReq" }, /* 352 */
+ { 0x08, 0, 0, 9, "extensionReq" } /* 353 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index b7241af8d..32e2eb033 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -45,146 +45,162 @@ extern const oid_t oid_names[];
#define OID_BASIC_CONSTRAINTS 43
#define OID_CRL_NUMBER 44
#define OID_CRL_REASON_CODE 45
-#define OID_CRL_DISTRIBUTION_POINTS 46
-#define OID_AUTHORITY_KEY_ID 48
-#define OID_EXTENDED_KEY_USAGE 49
-#define OID_TARGET_INFORMATION 50
-#define OID_NO_REV_AVAIL 51
-#define OID_CAMELLIA128_CBC 62
-#define OID_CAMELLIA192_CBC 63
-#define OID_CAMELLIA256_CBC 64
-#define OID_RSA_ENCRYPTION 77
-#define OID_MD2_WITH_RSA 78
-#define OID_MD5_WITH_RSA 79
-#define OID_SHA1_WITH_RSA 80
-#define OID_SHA256_WITH_RSA 81
-#define OID_SHA384_WITH_RSA 82
-#define OID_SHA512_WITH_RSA 83
-#define OID_SHA224_WITH_RSA 84
-#define OID_PKCS7_DATA 86
-#define OID_PKCS7_SIGNED_DATA 87
-#define OID_PKCS7_ENVELOPED_DATA 88
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA 89
-#define OID_PKCS7_DIGESTED_DATA 90
-#define OID_PKCS7_ENCRYPTED_DATA 91
-#define OID_PKCS9_EMAIL 93
-#define OID_PKCS9_CONTENT_TYPE 95
-#define OID_PKCS9_MESSAGE_DIGEST 96
-#define OID_PKCS9_SIGNING_TIME 97
-#define OID_MD2 104
-#define OID_MD5 105
-#define OID_3DES_EDE_CBC 107
-#define OID_EC_PUBLICKEY 111
-#define OID_C2PNB163V1 114
-#define OID_C2PNB163V2 115
-#define OID_C2PNB163V3 116
-#define OID_C2PNB176W1 117
-#define OID_C2PNB191V1 118
-#define OID_C2PNB191V2 119
-#define OID_C2PNB191V3 120
-#define OID_C2PNB191V4 121
-#define OID_C2PNB191V5 122
-#define OID_C2PNB208W1 123
-#define OID_C2PNB239V1 124
-#define OID_C2PNB239V2 125
-#define OID_C2PNB239V3 126
-#define OID_C2PNB239V4 127
-#define OID_C2PNB239V5 128
-#define OID_C2PNB272W1 129
-#define OID_C2PNB304W1 130
-#define OID_C2PNB359V1 131
-#define OID_C2PNB368W1 132
-#define OID_C2PNB431R1 133
-#define OID_PRIME192V1 135
-#define OID_PRIME192V2 136
-#define OID_PRIME192V3 137
-#define OID_PRIME239V1 138
-#define OID_PRIME239V2 139
-#define OID_PRIME239V3 140
-#define OID_PRIME256V1 141
-#define OID_ECDSA_WITH_SHA1 143
-#define OID_ECDSA_WITH_SHA224 145
-#define OID_ECDSA_WITH_SHA256 146
-#define OID_ECDSA_WITH_SHA384 147
-#define OID_ECDSA_WITH_SHA512 148
-#define OID_TCGID 169
-#define OID_AUTHORITY_INFO_ACCESS 174
-#define OID_OCSP_SIGNING 184
-#define OID_XMPP_ADDR 186
-#define OID_AUTHENTICATION_INFO 188
-#define OID_ACCESS_IDENTITY 189
-#define OID_CHARGING_IDENTITY 190
-#define OID_GROUP 191
-#define OID_OCSP 193
-#define OID_BASIC 194
-#define OID_NONCE 195
-#define OID_CRL 196
-#define OID_RESPONSE 197
-#define OID_NO_CHECK 198
-#define OID_ARCHIVE_CUTOFF 199
-#define OID_SERVICE_LOCATOR 200
-#define OID_CA_ISSUERS 201
-#define OID_DES_CBC 205
-#define OID_SHA1 206
-#define OID_SHA1_WITH_RSA_OIW 207
-#define OID_SECT163K1 218
-#define OID_SECT163R1 219
-#define OID_SECT239K1 220
-#define OID_SECT113R1 221
-#define OID_SECT113R2 222
-#define OID_SECT112R1 223
-#define OID_SECT112R2 224
-#define OID_SECT160R1 225
-#define OID_SECT160K1 226
-#define OID_SECT256K1 227
-#define OID_SECT163R2 228
-#define OID_SECT283K1 229
-#define OID_SECT283R1 230
-#define OID_SECT131R1 231
-#define OID_SECT131R2 232
-#define OID_SECT193R1 233
-#define OID_SECT193R2 234
-#define OID_SECT233K1 235
-#define OID_SECT233R1 236
-#define OID_SECT128R1 237
-#define OID_SECT128R2 238
-#define OID_SECT160R2 239
-#define OID_SECT192K1 240
-#define OID_SECT224K1 241
-#define OID_SECT224R1 242
-#define OID_SECT384R1 243
-#define OID_SECT521R1 244
-#define OID_SECT409K1 245
-#define OID_SECT409R1 246
-#define OID_SECT571K1 247
-#define OID_SECT571R1 248
-#define OID_AES128_CBC 257
-#define OID_AES128_GCM 258
-#define OID_AES128_CCM 259
-#define OID_AES192_CBC 260
-#define OID_AES192_GCM 261
-#define OID_AES192_CCM 262
-#define OID_AES256_CBC 263
-#define OID_AES256_GCM 264
-#define OID_AES256_CCM 265
-#define OID_SHA256 267
-#define OID_SHA384 268
-#define OID_SHA512 269
-#define OID_SHA224 270
-#define OID_NS_REVOCATION_URL 276
-#define OID_NS_CA_REVOCATION_URL 277
-#define OID_NS_CA_POLICY_URL 278
-#define OID_NS_COMMENT 279
-#define OID_EMPLOYEE_NUMBER 282
-#define OID_PKI_MESSAGE_TYPE 288
-#define OID_PKI_STATUS 289
-#define OID_PKI_FAIL_INFO 290
-#define OID_PKI_SENDER_NONCE 291
-#define OID_PKI_RECIPIENT_NONCE 292
-#define OID_PKI_TRANS_ID 293
-#define OID_EMAIL_ADDRESS 300
-#define OID_UNSTRUCTURED_NAME 301
+#define OID_DELTA_CRL_INDICATOR 48
+#define OID_NAME_CONSTRAINTS 51
+#define OID_CRL_DISTRIBUTION_POINTS 52
+#define OID_ANY_POLICY 54
+#define OID_AUTHORITY_KEY_ID 56
+#define OID_EXTENDED_KEY_USAGE 58
+#define OID_FRESHEST_CRL 60
+#define OID_INHIBIT_ANY_POLICY 61
+#define OID_TARGET_INFORMATION 62
+#define OID_NO_REV_AVAIL 63
+#define OID_CAMELLIA128_CBC 74
+#define OID_CAMELLIA192_CBC 75
+#define OID_CAMELLIA256_CBC 76
+#define OID_RSA_ENCRYPTION 89
+#define OID_MD2_WITH_RSA 90
+#define OID_MD5_WITH_RSA 91
+#define OID_SHA1_WITH_RSA 92
+#define OID_SHA256_WITH_RSA 93
+#define OID_SHA384_WITH_RSA 94
+#define OID_SHA512_WITH_RSA 95
+#define OID_SHA224_WITH_RSA 96
+#define OID_PKCS7_DATA 98
+#define OID_PKCS7_SIGNED_DATA 99
+#define OID_PKCS7_ENVELOPED_DATA 100
+#define OID_PKCS7_SIGNED_ENVELOPED_DATA 101
+#define OID_PKCS7_DIGESTED_DATA 102
+#define OID_PKCS7_ENCRYPTED_DATA 103
+#define OID_EMAIL_ADDRESS 105
+#define OID_UNSTRUCTURED_NAME 106
+#define OID_PKCS9_CONTENT_TYPE 107
+#define OID_PKCS9_MESSAGE_DIGEST 108
+#define OID_PKCS9_SIGNING_TIME 109
+#define OID_CHALLENGE_PASSWORD 111
+#define OID_EXTENSION_REQUEST 113
+#define OID_MD2 116
+#define OID_MD5 117
+#define OID_3DES_EDE_CBC 119
+#define OID_EC_PUBLICKEY 123
+#define OID_C2PNB163V1 126
+#define OID_C2PNB163V2 127
+#define OID_C2PNB163V3 128
+#define OID_C2PNB176W1 129
+#define OID_C2PNB191V1 130
+#define OID_C2PNB191V2 131
+#define OID_C2PNB191V3 132
+#define OID_C2PNB191V4 133
+#define OID_C2PNB191V5 134
+#define OID_C2PNB208W1 135
+#define OID_C2PNB239V1 136
+#define OID_C2PNB239V2 137
+#define OID_C2PNB239V3 138
+#define OID_C2PNB239V4 139
+#define OID_C2PNB239V5 140
+#define OID_C2PNB272W1 141
+#define OID_C2PNB304W1 142
+#define OID_C2PNB359V1 143
+#define OID_C2PNB368W1 144
+#define OID_C2PNB431R1 145
+#define OID_PRIME192V1 147
+#define OID_PRIME192V2 148
+#define OID_PRIME192V3 149
+#define OID_PRIME239V1 150
+#define OID_PRIME239V2 151
+#define OID_PRIME239V3 152
+#define OID_PRIME256V1 153
+#define OID_ECDSA_WITH_SHA1 155
+#define OID_ECDSA_WITH_SHA224 157
+#define OID_ECDSA_WITH_SHA256 158
+#define OID_ECDSA_WITH_SHA384 159
+#define OID_ECDSA_WITH_SHA512 160
+#define OID_TCGID 181
+#define OID_AUTHORITY_INFO_ACCESS 186
+#define OID_IP_ADDR_BLOCKS 187
+#define OID_SERVER_AUTH 192
+#define OID_CLIENT_AUTH 193
+#define OID_OCSP_SIGNING 200
+#define OID_XMPP_ADDR 202
+#define OID_AUTHENTICATION_INFO 204
+#define OID_ACCESS_IDENTITY 205
+#define OID_CHARGING_IDENTITY 206
+#define OID_GROUP 207
+#define OID_OCSP 210
+#define OID_BASIC 211
+#define OID_NONCE 212
+#define OID_CRL 213
+#define OID_RESPONSE 214
+#define OID_NO_CHECK 215
+#define OID_ARCHIVE_CUTOFF 216
+#define OID_SERVICE_LOCATOR 217
+#define OID_CA_ISSUERS 218
+#define OID_DES_CBC 224
+#define OID_SHA1 225
+#define OID_SHA1_WITH_RSA_OIW 226
+#define OID_ECGDSA_PUBKEY 245
+#define OID_ECGDSA_SIG_WITH_RIPEMD160 248
+#define OID_ECGDSA_SIG_WITH_SHA1 249
+#define OID_ECGDSA_SIG_WITH_SHA224 250
+#define OID_ECGDSA_SIG_WITH_SHA256 251
+#define OID_ECGDSA_SIG_WITH_SHA384 252
+#define OID_ECGDSA_SIG_WITH_SHA512 253
+#define OID_SECT163K1 276
+#define OID_SECT163R1 277
+#define OID_SECT239K1 278
+#define OID_SECT113R1 279
+#define OID_SECT113R2 280
+#define OID_SECT112R1 281
+#define OID_SECT112R2 282
+#define OID_SECT160R1 283
+#define OID_SECT160K1 284
+#define OID_SECT256K1 285
+#define OID_SECT163R2 286
+#define OID_SECT283K1 287
+#define OID_SECT283R1 288
+#define OID_SECT131R1 289
+#define OID_SECT131R2 290
+#define OID_SECT193R1 291
+#define OID_SECT193R2 292
+#define OID_SECT233K1 293
+#define OID_SECT233R1 294
+#define OID_SECT128R1 295
+#define OID_SECT128R2 296
+#define OID_SECT160R2 297
+#define OID_SECT192K1 298
+#define OID_SECT224K1 299
+#define OID_SECT224R1 300
+#define OID_SECT384R1 301
+#define OID_SECT521R1 302
+#define OID_SECT409K1 303
+#define OID_SECT409R1 304
+#define OID_SECT571K1 305
+#define OID_SECT571R1 306
+#define OID_AES128_CBC 315
+#define OID_AES128_GCM 316
+#define OID_AES128_CCM 317
+#define OID_AES192_CBC 318
+#define OID_AES192_GCM 319
+#define OID_AES192_CCM 320
+#define OID_AES256_CBC 321
+#define OID_AES256_GCM 322
+#define OID_AES256_CCM 323
+#define OID_SHA256 325
+#define OID_SHA384 326
+#define OID_SHA512 327
+#define OID_SHA224 328
+#define OID_NS_REVOCATION_URL 334
+#define OID_NS_CA_REVOCATION_URL 335
+#define OID_NS_CA_POLICY_URL 336
+#define OID_NS_COMMENT 337
+#define OID_EMPLOYEE_NUMBER 340
+#define OID_PKI_MESSAGE_TYPE 346
+#define OID_PKI_STATUS 347
+#define OID_PKI_FAIL_INFO 348
+#define OID_PKI_SENDER_NONCE 349
+#define OID_PKI_RECIPIENT_NONCE 350
+#define OID_PKI_TRANS_ID 351
-#define OID_MAX 302
+#define OID_MAX 354
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 5adca6289..203bc1f28 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -44,10 +44,22 @@
0x13 "basicConstraints" OID_BASIC_CONSTRAINTS
0x14 "crlNumber" OID_CRL_NUMBER
0x15 "reasonCode" OID_CRL_REASON_CODE
+ 0x17 "holdInstructionCode"
+ 0x18 "invalidityDate"
+ 0x1B "deltaCrlIndicator" OID_DELTA_CRL_INDICATOR
+ 0x1C "issuingDistributionPoint"
+ 0x1D "certificateIssuer"
+ 0x1E "nameConstraints" OID_NAME_CONSTRAINTS
0x1F "crlDistributionPoints" OID_CRL_DISTRIBUTION_POINTS
0x20 "certificatePolicies"
+ 0x00 "anyPolicy" OID_ANY_POLICY
+ 0x21 "policyMappings"
0x23 "authorityKeyIdentifier" OID_AUTHORITY_KEY_ID
+ 0x24 "policyConstraints"
0x25 "extendedKeyUsage" OID_EXTENDED_KEY_USAGE
+ 0x00 "anyExtendedKeyUsage"
+ 0x2E "freshestCRL" OID_FRESHEST_CRL
+ 0x36 "inhibitAnyPolicy" OID_INHIBIT_ANY_POLICY
0x37 "targetInformation" OID_TARGET_INFORMATION
0x38 "noRevAvail" OID_NO_REV_AVAIL
0x2A ""
@@ -91,15 +103,15 @@
0x05 "digestedData" OID_PKCS7_DIGESTED_DATA
0x06 "encryptedData" OID_PKCS7_ENCRYPTED_DATA
0x09 "PKCS-9"
- 0x01 "E" OID_PKCS9_EMAIL
- 0x02 "unstructuredName"
+ 0x01 "E" OID_EMAIL_ADDRESS
+ 0x02 "unstructuredName" OID_UNSTRUCTURED_NAME
0x03 "contentType" OID_PKCS9_CONTENT_TYPE
0x04 "messageDigest" OID_PKCS9_MESSAGE_DIGEST
0x05 "signingTime" OID_PKCS9_SIGNING_TIME
0x06 "counterSignature"
- 0x07 "challengePassword"
+ 0x07 "challengePassword" OID_CHALLENGE_PASSWORD
0x08 "unstructuredAddress"
- 0x0E "extensionRequest"
+ 0x0E "extensionRequest" OID_EXTENSION_REQUEST
0x0F "S/MIME Capabilities"
0x02 "digestAlgorithm"
0x02 "md2" OID_MD2
@@ -173,9 +185,13 @@
0x07 "id-pkix"
0x01 "id-pe"
0x01 "authorityInfoAccess" OID_AUTHORITY_INFO_ACCESS
+ 0x07 "ipAddrBlocks" OID_IP_ADDR_BLOCKS
+ 0x02 "id-qt"
+ 0x01 "cps"
+ 0x02 "unotice"
0x03 "id-kp"
- 0x01 "serverAuth"
- 0x02 "clientAuth"
+ 0x01 "serverAuth" OID_SERVER_AUTH
+ 0x02 "clientAuth" OID_CLIENT_AUTH
0x03 "codeSigning"
0x04 "emailProtection"
0x05 "ipsecEndSystem"
@@ -190,6 +206,7 @@
0x02 "accessIdentity" OID_ACCESS_IDENTITY
0x03 "chargingIdentity" OID_CHARGING_IDENTITY
0x04 "group" OID_GROUP
+ 0x0B "subjectInfoAccess"
0x30 "id-ad"
0x01 "ocsp" OID_OCSP
0x01 "basic" OID_BASIC
@@ -200,6 +217,8 @@
0x06 "archiveCutoff" OID_ARCHIVE_CUTOFF
0x07 "serviceLocator" OID_SERVICE_LOCATOR
0x02 "caIssuers" OID_CA_ISSUERS
+ 0x03 "timeStamping"
+ 0x05 "caRepository"
0x0E "oiw"
0x03 "secsig"
0x02 "algorithms"
@@ -213,6 +232,45 @@
0x02 "rsaSigWithripemd160"
0x03 "rsaSigWithripemd128"
0x04 "rsaSigWithripemd256"
+ 0x02 "ecSign"
+ 0x01 "ecSignWithsha1"
+ 0x02 "ecSignWithripemd160"
+ 0x03 "ecSignWithmd2"
+ 0x04 "ecSignWithmd5"
+ 0x05 "ttt-ecg"
+ 0x01 "fieldType"
+ 0x01 "characteristictwoField"
+ 0x01 "basisType"
+ 0x01 "ipBasis"
+ 0x02 "keyType"
+ 0x01 "ecgPublicKey" OID_ECGDSA_PUBKEY
+ 0x03 "curve"
+ 0x04 "signatures"
+ 0x01 "ecgdsa-with-RIPEMD160" OID_ECGDSA_SIG_WITH_RIPEMD160
+ 0x02 "ecgdsa-with-SHA1" OID_ECGDSA_SIG_WITH_SHA1
+ 0x03 "ecgdsa-with-SHA224" OID_ECGDSA_SIG_WITH_SHA224
+ 0x04 "ecgdsa-with-SHA256" OID_ECGDSA_SIG_WITH_SHA256
+ 0x05 "ecgdsa-with-SHA384" OID_ECGDSA_SIG_WITH_SHA384
+ 0x06 "ecgdsa-with-SHA512" OID_ECGDSA_SIG_WITH_SHA512
+ 0x05 "module"
+ 0x01 "1"
+ 0x08 "ecStdCurvesAndGeneration"
+ 0x01 "ellipticCurve"
+ 0x01 "versionOne"
+ 0x01 "brainpoolP160r1"
+ 0x02 "brainpoolP160t1"
+ 0x03 "brainpoolP192r1"
+ 0x04 "brainpoolP192t1"
+ 0x05 "brainpoolP224r1"
+ 0x06 "brainpoolP224t1"
+ 0x07 "brainpoolP256r1"
+ 0x08 "brainpoolP256t1"
+ 0x09 "brainpoolP320r1"
+ 0x0A "brainpoolP320t1"
+ 0x0B "brainpoolP384r1"
+ 0x0C "brainpoolP384t1"
+ 0x0D "brainpoolP512r1"
+ 0x0E "brainpoolP512t1"
0x81 ""
0x04 "Certicom"
0x00 "curve"
@@ -293,10 +351,4 @@
0x06 "recipientNonce" OID_PKI_RECIPIENT_NONCE
0x07 "transID" OID_PKI_TRANS_ID
0x08 "extensionReq"
- 0x86 "old-netscape"
- 0xF7 ""
- 0x0D ""
- 0x01 ""
- 0x09 ""
- 0x01 "emailAddress" OID_EMAIL_ADDRESS
- 0x02 "unstructuredName" OID_UNSTRUCTURED_NAME
+
diff --git a/src/libstrongswan/asn1/pem.c b/src/libstrongswan/asn1/pem.c
deleted file mode 100755
index 059795548..000000000
--- a/src/libstrongswan/asn1/pem.c
+++ /dev/null
@@ -1,393 +0,0 @@
-/*
- * Copyright (C) 2001-2008 Andreas Steffen
- *
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-#include <string.h>
-#include <stddef.h>
-#include <sys/types.h>
-
-#include "pem.h"
-
-#include <library.h>
-#include <debug.h>
-#include <asn1/asn1.h>
-
-#include <utils/lexparser.h>
-#include <crypto/hashers/hasher.h>
-#include <crypto/crypters/crypter.h>
-
-#define PKCS5_SALT_LEN 8 /* bytes */
-
-/**
- * check the presence of a pattern in a character string
- */
-static bool present(const char* pattern, chunk_t* ch)
-{
- u_int pattern_len = strlen(pattern);
-
- if (ch->len >= pattern_len && strneq(ch->ptr, pattern, pattern_len))
- {
- ch->ptr += pattern_len;
- ch->len -= pattern_len;
- return TRUE;
- }
- return FALSE;
-}
-
-/**
- * find a boundary of the form -----tag name-----
- */
-static bool find_boundary(const char* tag, chunk_t *line)
-{
- chunk_t name = chunk_empty;
-
- if (!present("-----", line))
- return FALSE;
- if (!present(tag, line))
- return FALSE;
- if (*line->ptr != ' ')
- return FALSE;
- line->ptr++; line->len--;
-
- /* extract name */
- name.ptr = line->ptr;
- while (line->len > 0)
- {
- if (present("-----", line))
- {
- DBG2(" -----%s %.*s-----", tag, (int)name.len, name.ptr);
- return TRUE;
- }
- line->ptr++; line->len--; name.len++;
- }
- return FALSE;
-}
-
-/*
- * decrypts a passphrase protected encrypted data block
- */
-static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_size,
- chunk_t *iv, chunk_t passphrase)
-{
- hasher_t *hasher;
- crypter_t *crypter;
- chunk_t salt = { iv->ptr, PKCS5_SALT_LEN };
- chunk_t hash;
- chunk_t decrypted;
- chunk_t key = {alloca(key_size), key_size};
- u_int8_t padding, *last_padding_pos, *first_padding_pos;
-
- if (passphrase.len == 0)
- {
- DBG1(" missing passphrase");
- return INVALID_ARG;
- }
-
- /* build key from passphrase and IV */
- hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
- if (hasher == NULL)
- {
- DBG1(" MD5 hash algorithm not available");
- return NOT_SUPPORTED;
- }
- hash.len = hasher->get_hash_size(hasher);
- hash.ptr = alloca(hash.len);
- hasher->get_hash(hasher, passphrase, NULL);
- hasher->get_hash(hasher, salt, hash.ptr);
- memcpy(key.ptr, hash.ptr, hash.len);
-
- if (key.len > hash.len)
- {
- hasher->get_hash(hasher, hash, NULL);
- hasher->get_hash(hasher, passphrase, NULL);
- hasher->get_hash(hasher, salt, hash.ptr);
- memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
- }
- hasher->destroy(hasher);
-
- /* decrypt blob */
- crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size);
- if (crypter == NULL)
- {
- DBG1(" %N encryption algorithm not available",
- encryption_algorithm_names, alg);
- return NOT_SUPPORTED;
- }
- crypter->set_key(crypter, key);
-
- if (iv->len != crypter->get_block_size(crypter) ||
- blob->len % iv->len)
- {
- crypter->destroy(crypter);
- DBG1(" data size is not multiple of block size");
- return PARSE_ERROR;
- }
- crypter->decrypt(crypter, *blob, *iv, &decrypted);
- crypter->destroy(crypter);
- memcpy(blob->ptr, decrypted.ptr, blob->len);
- chunk_free(&decrypted);
-
- /* determine amount of padding */
- last_padding_pos = blob->ptr + blob->len - 1;
- padding = *last_padding_pos;
- first_padding_pos = (padding > blob->len) ? blob->ptr : last_padding_pos - padding;
-
- /* check the padding pattern */
- while (--last_padding_pos > first_padding_pos)
- {
- if (*last_padding_pos != padding)
- {
- DBG1(" invalid passphrase");
- return INVALID_ARG;
- }
- }
- /* remove padding */
- blob->len -= padding;
- return SUCCESS;
-}
-
-/* Converts a PEM encoded file into its binary form
- *
- * RFC 1421 Privacy Enhancement for Electronic Mail, February 1993
- * RFC 934 Message Encapsulation, January 1985
- */
-status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp)
-{
- typedef enum {
- PEM_PRE = 0,
- PEM_MSG = 1,
- PEM_HEADER = 2,
- PEM_BODY = 3,
- PEM_POST = 4,
- PEM_ABORT = 5
- } state_t;
-
- encryption_algorithm_t alg = ENCR_UNDEFINED;
- size_t key_size = 0;
-
- bool encrypted = FALSE;
-
- state_t state = PEM_PRE;
-
- chunk_t src = *blob;
- chunk_t dst = *blob;
- chunk_t line = chunk_empty;
- chunk_t iv = chunk_empty;
-
- u_char iv_buf[16]; /* MD5 digest size */
-
- /* zero size of converted blob */
- dst.len = 0;
-
- /* zero size of IV */
- iv.ptr = iv_buf;
- iv.len = 0;
-
- while (fetchline(&src, &line))
- {
- if (state == PEM_PRE)
- {
- if (find_boundary("BEGIN", &line))
- {
- state = PEM_MSG;
- }
- continue;
- }
- else
- {
- if (find_boundary("END", &line))
- {
- state = PEM_POST;
- break;
- }
- if (state == PEM_MSG)
- {
- state = (memchr(line.ptr, ':', line.len) == NULL) ? PEM_BODY : PEM_HEADER;
- }
- if (state == PEM_HEADER)
- {
- err_t ugh = NULL;
- chunk_t name = chunk_empty;
- chunk_t value = chunk_empty;
-
- /* an empty line separates HEADER and BODY */
- if (line.len == 0)
- {
- state = PEM_BODY;
- continue;
- }
-
- /* we are looking for a parameter: value pair */
- DBG2(" %.*s", (int)line.len, line.ptr);
- ugh = extract_parameter_value(&name, &value, &line);
- if (ugh != NULL)
- {
- continue;
- }
- if (match("Proc-Type", &name) && *value.ptr == '4')
- {
- encrypted = TRUE;
- }
- else if (match("DEK-Info", &name))
- {
- chunk_t dek;
-
- if (!extract_token(&dek, ',', &value))
- {
- dek = value;
- }
- if (match("DES-EDE3-CBC", &dek))
- {
- alg = ENCR_3DES;
- key_size = 24;
- }
- else if (match("AES-128-CBC", &dek))
- {
- alg = ENCR_AES_CBC;
- key_size = 16;
- }
- else if (match("AES-192-CBC", &dek))
- {
- alg = ENCR_AES_CBC;
- key_size = 24;
- }
- else if (match("AES-256-CBC", &dek))
- {
- alg = ENCR_AES_CBC;
- key_size = 32;
- }
- else
- {
- DBG1(" encryption algorithm '%.s' not supported",
- dek.len, dek.ptr);
- return NOT_SUPPORTED;
- }
- eat_whitespace(&value);
- iv = chunk_from_hex(value, iv.ptr);
- }
- }
- else /* state is PEM_BODY */
- {
- chunk_t data;
-
- /* remove any trailing whitespace */
- if (!extract_token(&data ,' ', &line))
- {
- data = line;
- }
-
- /* check for PGP armor checksum */
- if (*data.ptr == '=')
- {
- *pgp = TRUE;
- data.ptr++;
- data.len--;
- DBG2(" armor checksum: %.*s", (int)data.len, data.ptr);
- continue;
- }
-
- if (blob->len - dst.len < data.len / 4 * 3)
- {
- state = PEM_ABORT;
- }
- data = chunk_from_base64(data, dst.ptr);
-
- dst.ptr += data.len;
- dst.len += data.len;
- }
- }
- }
- /* set length to size of binary blob */
- blob->len = dst.len;
-
- if (state != PEM_POST)
- {
- DBG1(" file coded in unknown format, discarded");
- return PARSE_ERROR;
- }
- if (!encrypted)
- {
- return SUCCESS;
- }
- return pem_decrypt(blob, alg, key_size, &iv, passphrase);
-
-}
-
-/* load a coded key or certificate file with autodetection
- * of binary DER or base64 PEM ASN.1 formats and armored PGP format
- */
-bool pem_asn1_load_file(char *filename, chunk_t *passphrase,
- chunk_t *blob, bool *pgp)
-{
- FILE *fd = fopen(filename, "r");
-
- if (fd)
- {
- chunk_t pass = chunk_empty;
- int bytes;
-
- fseek(fd, 0, SEEK_END );
- blob->len = ftell(fd);
- rewind(fd);
- blob->ptr = malloc(blob->len);
- bytes = fread(blob->ptr, 1, blob->len, fd);
- fclose(fd);
- DBG2(" loading '%s' (%d bytes)", filename, bytes);
-
- *pgp = FALSE;
-
- /* try DER format */
- if (is_asn1(*blob))
- {
- DBG2(" file coded in DER format");
- return TRUE;
- }
-
- if (passphrase != NULL)
- {
- pass = *passphrase;
- DBG4(" passphrase: %#B", passphrase);
- }
-
- /* try PEM format */
- if (pem_to_bin(blob, pass, pgp) == SUCCESS)
- {
- if (*pgp)
- {
- DBG2(" file coded in armored PGP format");
- return TRUE;
- }
- if (is_asn1(*blob))
- {
- DBG2(" file coded in PEM format");
- return TRUE;
- }
- DBG1(" file coded in unknown format, discarded");
- }
-
- /* a conversion error has occured */
- chunk_free(blob);
- }
- else
- {
- DBG1(" reading file '%s' failed", filename);
- }
- return FALSE;
-}
-
diff --git a/src/libstrongswan/asn1/pem.h b/src/libstrongswan/asn1/pem.h
deleted file mode 100755
index 7385330d7..000000000
--- a/src/libstrongswan/asn1/pem.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright (C) 2001-2008 Andreas Steffen
- *
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef PEM_H_
-#define PEM_H_
-
-#include <stdio.h>
-
-#include <library.h>
-
-status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp);
-
-bool pem_asn1_load_file(char *filename, chunk_t *passphrase, chunk_t *blob,
- bool *pgp);
-
-#endif /*PEM_H_ @} */