2
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
3
Use is subject to license terms.
5
This program is free software; you can redistribute it and/or modify
6
it under the terms of the GNU General Public License as published by
7
the Free Software Foundation; version 2 of the License.
9
This program is distributed in the hope that it will be useful,
10
but WITHOUT ANY WARRANTY; without even the implied warranty of
11
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
GNU General Public License for more details.
14
You should have received a copy of the GNU General Public License
15
along with this program; see the file COPYING. If not, write to the
16
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
20
/* asn.cpp implements ASN1 BER, PublicKey, and x509v3 decoding
23
#include "runtime.hpp"
26
#include "integer.hpp"
34
#include <time.h> // gmtime();
35
#include "memory.hpp" // some auto_ptr don't have reset, also need auto_array
44
bool operator>(tm& a, tm& b)
46
if (a.tm_year > b.tm_year)
49
if (a.tm_year == b.tm_year && a.tm_mon > b.tm_mon)
52
if (a.tm_year == b.tm_year && a.tm_mon == b.tm_mon && a.tm_mday >b.tm_mday)
55
if (a.tm_year == b.tm_year && a.tm_mon == b.tm_mon &&
56
a.tm_mday == b.tm_mday && a.tm_hour > b.tm_hour)
59
if (a.tm_year == b.tm_year && a.tm_mon == b.tm_mon &&
60
a.tm_mday == b.tm_mday && a.tm_hour == b.tm_hour &&
68
bool operator<(tm& a, tm&b)
74
// like atoi but only use first byte
81
// two byte date/time, add to value
82
void GetTime(int& value, const byte* date, int& i)
84
value += btoi(date[i++]) * 10;
85
value += btoi(date[i++]);
89
// Make sure before and after dates are valid
90
bool ValidateDate(const byte* date, byte format, CertDecoder::DateType dt)
93
memset(&certTime, 0, sizeof(certTime));
96
if (format == UTC_TIME) {
97
if (btoi(date[0]) >= 5)
98
certTime.tm_year = 1900;
100
certTime.tm_year = 2000;
102
else { // format == GENERALIZED_TIME
103
certTime.tm_year += btoi(date[i++]) * 1000;
104
certTime.tm_year += btoi(date[i++]) * 100;
107
GetTime(certTime.tm_year, date, i); certTime.tm_year -= 1900; // adjust
108
GetTime(certTime.tm_mon, date, i); certTime.tm_mon -= 1; // adjust
109
GetTime(certTime.tm_mday, date, i);
110
GetTime(certTime.tm_hour, date, i);
111
GetTime(certTime.tm_min, date, i);
112
GetTime(certTime.tm_sec, date, i);
114
if (date[i] != 'Z') // only Zulu supported for this profile
117
time_t ltime = time(0);
118
tm* localTime = gmtime(<ime);
120
if (dt == CertDecoder::BEFORE) {
121
if (*localTime < certTime)
125
if (*localTime > certTime)
132
class BadCertificate {};
138
// used by Integer as well
139
word32 GetLength(Source& source)
143
byte b = source.next();
144
if (b >= LONG_LENGTH) {
145
word32 bytes = b & 0x7F;
147
if (source.IsLeft(bytes) == false) return 0;
151
length = (length << 8) | b;
157
if (source.IsLeft(length) == false) return 0;
163
word32 SetLength(word32 length, byte* output)
167
if (length < LONG_LENGTH)
168
output[i++] = length;
170
output[i++] = BytePrecision(length) | 0x80;
172
for (int j = BytePrecision(length); j; --j) {
173
output[i] = length >> (j - 1) * 8;
181
PublicKey::PublicKey(const byte* k, word32 s) : key_(0), sz_(0)
190
void PublicKey::SetSize(word32 s)
193
key_ = NEW_TC byte[sz_];
197
void PublicKey::SetKey(const byte* k)
199
memcpy(key_, k, sz_);
203
void PublicKey::AddToEnd(const byte* data, word32 len)
205
mySTL::auto_array<byte> tmp(NEW_TC byte[sz_ + len]);
207
memcpy(tmp.get(), key_, sz_);
208
memcpy(tmp.get() + sz_, data, len);
211
STL::swap(del, key_);
214
key_ = tmp.release();
219
Signer::Signer(const byte* k, word32 kSz, const char* n, const byte* h)
222
size_t sz = strlen(n);
223
memcpy(name_, n, sz);
226
memcpy(hash_, h, SHA::DIGEST_SIZE);
234
Error BER_Decoder::GetError()
236
return source_.GetError();
240
Integer& BER_Decoder::GetInteger(Integer& integer)
242
if (!source_.GetError().What())
243
integer.Decode(source_);
248
// Read a Sequence, return length
249
word32 BER_Decoder::GetSequence()
251
if (source_.GetError().What()) return 0;
253
byte b = source_.next();
254
if (b != (SEQUENCE | CONSTRUCTED)) {
255
source_.SetError(SEQUENCE_E);
259
return GetLength(source_);
263
// Read a Sequence, return length
264
word32 BER_Decoder::GetSet()
266
if (source_.GetError().What()) return 0;
268
byte b = source_.next();
269
if (b != (SET | CONSTRUCTED)) {
270
source_.SetError(SET_E);
274
return GetLength(source_);
278
// Read Version, return it
279
word32 BER_Decoder::GetVersion()
281
if (source_.GetError().What()) return 0;
283
byte b = source_.next();
285
source_.SetError(INTEGER_E);
291
source_.SetError(VERSION_E);
295
return source_.next();
299
// Read ExplicitVersion, return it or 0 if not there (not an error)
300
word32 BER_Decoder::GetExplicitVersion()
302
if (source_.GetError().What()) return 0;
304
byte b = source_.next();
306
if (b == (CONTEXT_SPECIFIC | CONSTRUCTED)) { // not an error if not here
311
source_.prev(); // put back
317
// Decode a BER encoded RSA Private Key
318
void RSA_Private_Decoder::Decode(RSA_PrivateKey& key)
321
if (source_.GetError().What()) return;
323
key.SetModulus(GetInteger(Integer().Ref()));
324
key.SetPublicExponent(GetInteger(Integer().Ref()));
327
key.SetPrivateExponent(GetInteger(Integer().Ref()));
328
key.SetPrime1(GetInteger(Integer().Ref()));
329
key.SetPrime2(GetInteger(Integer().Ref()));
330
key.SetModPrime1PrivateExponent(GetInteger(Integer().Ref()));
331
key.SetModPrime2PrivateExponent(GetInteger(Integer().Ref()));
332
key.SetMultiplicativeInverseOfPrime2ModPrime1(GetInteger(Integer().Ref()));
336
void RSA_Private_Decoder::ReadHeader()
343
// Decode a BER encoded DSA Private Key
344
void DSA_Private_Decoder::Decode(DSA_PrivateKey& key)
347
if (source_.GetError().What()) return;
349
key.SetModulus(GetInteger(Integer().Ref()));
350
key.SetSubGroupOrder(GetInteger(Integer().Ref()));
351
key.SetSubGroupGenerator(GetInteger(Integer().Ref()));
354
key.SetPublicPart(GetInteger(Integer().Ref()));
355
key.SetPrivatePart(GetInteger(Integer().Ref()));
359
void DSA_Private_Decoder::ReadHeader()
366
// Decode a BER encoded RSA Public Key
367
void RSA_Public_Decoder::Decode(RSA_PublicKey& key)
370
if (source_.GetError().What()) return;
372
ReadHeaderOpenSSL(); // may or may not be
373
if (source_.GetError().What()) return;
376
key.SetModulus(GetInteger(Integer().Ref()));
377
key.SetPublicExponent(GetInteger(Integer().Ref()));
381
// Read OpenSSL format public header
382
void RSA_Public_Decoder::ReadHeaderOpenSSL()
384
byte b = source_.next(); // peek
387
if (b != INTEGER) { // have OpenSSL public format
390
if (b != OBJECT_IDENTIFIER) {
391
source_.SetError(OBJECT_ID_E);
395
word32 len = GetLength(source_);
396
source_.advance(len);
399
if (b == TAG_NULL) { // could have NULL tag and 0 terminator, may not
402
source_.SetError(EXPECT_0_E);
407
source_.prev(); // put back
410
if (b != BIT_STRING) {
411
source_.SetError(BIT_STR_E);
415
len = GetLength(source_);
417
if (b != 0) // could have 0
418
source_.prev(); // put back
425
void RSA_Public_Decoder::ReadHeader()
431
// Decode a BER encoded DSA Public Key
432
void DSA_Public_Decoder::Decode(DSA_PublicKey& key)
435
if (source_.GetError().What()) return;
438
key.SetModulus(GetInteger(Integer().Ref()));
439
key.SetSubGroupOrder(GetInteger(Integer().Ref()));
440
key.SetSubGroupGenerator(GetInteger(Integer().Ref()));
443
key.SetPublicPart(GetInteger(Integer().Ref()));
447
void DSA_Public_Decoder::ReadHeader()
453
void DH_Decoder::ReadHeader()
459
// Decode a BER encoded Diffie-Hellman Key
460
void DH_Decoder::Decode(DH& key)
463
if (source_.GetError().What()) return;
466
key.SetP(GetInteger(Integer().Ref()));
467
key.SetG(GetInteger(Integer().Ref()));
471
CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers,
472
bool noVerify, CertType ct)
473
: BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0),
474
signature_(0), verify_(!noVerify)
485
CertDecoder::~CertDecoder()
487
tcArrayDelete(signature_);
491
// process certificate header, set signature offset
492
void CertDecoder::ReadHeader()
494
if (source_.GetError().What()) return;
496
GetSequence(); // total
497
certBegin_ = source_.get_index();
499
sigIndex_ = GetSequence(); // this cert
500
sigIndex_ += source_.get_index();
502
GetExplicitVersion(); // version
503
GetInteger(Integer().Ref()); // serial number
507
// Decode a x509v3 Certificate
508
void CertDecoder::Decode(SignerList* signers, CertType ct)
510
if (source_.GetError().What()) return;
512
if (source_.GetError().What()) return;
514
if (source_.get_index() != sigIndex_)
515
source_.set_index(sigIndex_);
517
word32 confirmOID = GetAlgoId();
519
if (source_.GetError().What()) return;
521
if ( confirmOID != signatureOID_ ) {
522
source_.SetError(SIG_OID_E);
526
if (ct != CA && verify_ && !ValidateSignature(signers))
527
source_.SetError(SIG_OTHER_E);
531
void CertDecoder::DecodeToKey()
534
signatureOID_ = GetAlgoId();
543
void CertDecoder::GetKey()
545
if (source_.GetError().What()) return;
548
keyOID_ = GetAlgoId();
550
if (keyOID_ == RSAk) {
551
byte b = source_.next();
552
if (b != BIT_STRING) {
553
source_.SetError(BIT_STR_E);
556
b = source_.next(); // length, future
561
else if (keyOID_ == DSAk)
564
source_.SetError(UNKNOWN_OID_E);
575
void CertDecoder::StoreKey()
577
if (source_.GetError().What()) return;
579
word32 read = source_.get_index();
580
word32 length = GetSequence();
582
read = source_.get_index() - read;
585
if (source_.GetError().What()) return;
586
while (read--) source_.prev();
588
if (source_.IsLeft(length) == false) return;
589
key_.SetSize(length);
590
key_.SetKey(source_.get_current());
591
source_.advance(length);
595
// DSA has public key after group
596
void CertDecoder::AddDSA()
598
if (source_.GetError().What()) return;
600
byte b = source_.next();
601
if (b != BIT_STRING) {
602
source_.SetError(BIT_STR_E);
605
b = source_.next(); // length, future
610
word32 idx = source_.get_index();
613
source_.SetError(INTEGER_E);
617
word32 length = GetLength(source_);
618
length += source_.get_index() - idx;
620
if (source_.IsLeft(length) == false) return;
622
key_.AddToEnd(source_.get_buffer() + idx, length);
626
// process algo OID by summing, return it
627
word32 CertDecoder::GetAlgoId()
629
if (source_.GetError().What()) return 0;
630
word32 length = GetSequence();
632
if (source_.GetError().What()) return 0;
634
byte b = source_.next();
635
if (b != OBJECT_IDENTIFIER) {
636
source_.SetError(OBJECT_ID_E);
640
length = GetLength(source_);
641
if (source_.IsLeft(length) == false) return 0;
645
oid += source_.next(); // just sum it up for now
647
// could have NULL tag and 0 terminator, but may not
652
source_.SetError(EXPECT_0_E);
657
// go back, didn't have it
664
// read cert signature, store in signature_
665
word32 CertDecoder::GetSignature()
667
if (source_.GetError().What()) return 0;
668
byte b = source_.next();
670
if (b != BIT_STRING) {
671
source_.SetError(BIT_STR_E);
675
sigLength_ = GetLength(source_);
676
if (sigLength_ == 0 || source_.IsLeft(sigLength_) == false) {
677
source_.SetError(CONTENT_E);
683
source_.SetError(EXPECT_0_E);
688
signature_ = NEW_TC byte[sigLength_];
689
memcpy(signature_, source_.get_current(), sigLength_);
690
source_.advance(sigLength_);
696
// read cert digest, store in signature_
697
word32 CertDecoder::GetDigest()
699
if (source_.GetError().What()) return 0;
700
byte b = source_.next();
702
if (b != OCTET_STRING) {
703
source_.SetError(OCTET_STR_E);
707
sigLength_ = GetLength(source_);
709
signature_ = NEW_TC byte[sigLength_];
710
memcpy(signature_, source_.get_current(), sigLength_);
711
source_.advance(sigLength_);
717
// memory length checked add tag to buffer
718
char* CertDecoder::AddTag(char* ptr, const char* buf_end, const char* tag_name,
719
word32 tag_name_length, word32 tag_value_length)
721
if (ptr + tag_name_length + tag_value_length > buf_end) {
722
source_.SetError(CONTENT_E);
726
memcpy(ptr, tag_name, tag_name_length);
727
ptr += tag_name_length;
729
memcpy(ptr, source_.get_current(), tag_value_length);
730
ptr += tag_value_length;
736
// process NAME, either issuer or subject
737
void CertDecoder::GetName(NameType nt)
739
if (source_.GetError().What()) return;
742
word32 length = GetSequence(); // length of all distinguished names
744
if (length >= ASN_NAME_MAX)
746
if (source_.IsLeft(length) == false) return;
747
length += source_.get_index();
754
buf_end = ptr + sizeof(issuer_) - 1; // 1 byte for trailing 0
758
buf_end = ptr + sizeof(subject_) - 1; // 1 byte for trailing 0
761
while (source_.get_index() < length) {
763
if (source_.GetError().What() == SET_E) {
764
source_.SetError(NO_ERROR_E); // extensions may only have sequence
769
byte b = source_.next();
770
if (b != OBJECT_IDENTIFIER) {
771
source_.SetError(OBJECT_ID_E);
775
word32 oidSz = GetLength(source_);
776
if (source_.IsLeft(oidSz) == false) return;
779
if (source_.IsLeft(sizeof(joint)) == false) return;
780
memcpy(joint, source_.get_current(), sizeof(joint));
783
if (joint[0] == 0x55 && joint[1] == 0x04) {
785
byte id = source_.next();
786
b = source_.next(); // strType
787
word32 strLen = GetLength(source_);
789
if (source_.IsLeft(strLen) == false) return;
793
if (!(ptr = AddTag(ptr, buf_end, "/CN=", 4, strLen)))
797
if (!(ptr = AddTag(ptr, buf_end, "/SN=", 4, strLen)))
801
if (!(ptr = AddTag(ptr, buf_end, "/C=", 3, strLen)))
805
if (!(ptr = AddTag(ptr, buf_end, "/L=", 3, strLen)))
809
if (!(ptr = AddTag(ptr, buf_end, "/ST=", 4, strLen)))
813
if (!(ptr = AddTag(ptr, buf_end, "/O=", 3, strLen)))
817
if (!(ptr = AddTag(ptr, buf_end, "/OU=", 4, strLen)))
822
sha.Update(source_.get_current(), strLen);
823
source_.advance(strLen);
827
if (joint[0] == 0x2a && joint[1] == 0x86) // email id hdr
830
source_.advance(oidSz + 1);
831
word32 length = GetLength(source_);
832
if (source_.IsLeft(length) == false) return;
835
if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length))) {
836
source_.SetError(CONTENT_E);
841
source_.advance(length);
848
sha.Final(issuerHash_);
850
sha.Final(subjectHash_);
854
// process a Date, either BEFORE or AFTER
855
void CertDecoder::GetDate(DateType dt)
857
if (source_.GetError().What()) return;
859
byte b = source_.next();
860
if (b != UTC_TIME && b != GENERALIZED_TIME) {
861
source_.SetError(TIME_E);
865
word32 length = GetLength(source_);
866
if (source_.IsLeft(length) == false) return;
868
byte date[MAX_DATE_SZ];
869
if (length > MAX_DATE_SZ || length < MIN_DATE_SZ) {
870
source_.SetError(DATE_SZ_E);
874
memcpy(date, source_.get_current(), length);
875
source_.advance(length);
877
if (!ValidateDate(date, b, dt) && verify_) {
879
source_.SetError(BEFORE_DATE_E);
881
source_.SetError(AFTER_DATE_E);
884
// save for later use
886
memcpy(beforeDate_, date, length);
887
beforeDate_[length] = 0;
890
memcpy(afterDate_, date, length);
891
afterDate_[length] = 0;
896
void CertDecoder::GetValidity()
898
if (source_.GetError().What()) return;
906
bool CertDecoder::ValidateSelfSignature()
908
Source pub(key_.GetKey(), key_.size());
909
return ConfirmSignature(pub);
913
// extract compare signature hash from plain and place into digest
914
void CertDecoder::GetCompareHash(const byte* plain, word32 sz, byte* digest,
917
if (source_.GetError().What()) return;
920
CertDecoder dec(s, false);
926
if (dec.sigLength_ > digSz) {
927
source_.SetError(SIG_LEN_E);
931
memcpy(digest, dec.signature_, dec.sigLength_);
935
// validate signature signed by someone else
936
bool CertDecoder::ValidateSignature(SignerList* signers)
941
SignerList::iterator first = signers->begin();
942
SignerList::iterator last = signers->end();
944
while (first != last) {
945
if ( memcmp(issuerHash_, (*first)->GetHash(), SHA::DIGEST_SIZE) == 0) {
947
const PublicKey& iKey = (*first)->GetPublicKey();
948
Source pub(iKey.GetKey(), iKey.size());
949
return ConfirmSignature(pub);
957
// confirm certificate signature
958
bool CertDecoder::ConfirmSignature(Source& pub)
961
mySTL::auto_ptr<HASH> hasher;
963
if (signatureOID_ == MD5wRSA) {
964
hasher.reset(NEW_TC MD5);
967
else if (signatureOID_ == MD2wRSA) {
968
hasher.reset(NEW_TC MD2);
971
else if (signatureOID_ == SHAwRSA || signatureOID_ == SHAwDSA) {
972
hasher.reset(NEW_TC SHA);
976
source_.SetError(UNKOWN_SIG_E);
980
byte digest[SHA::DIGEST_SIZE]; // largest size
982
hasher->Update(source_.get_buffer() + certBegin_, sigIndex_ - certBegin_);
983
hasher->Final(digest);
985
if (keyOID_ == RSAk) {
986
// put in ASN.1 signature format
988
Signature_Encoder(digest, hasher->getDigestSize(), ht, build);
990
RSA_PublicKey pubKey(pub);
991
RSAES_Encryptor enc(pubKey);
993
return enc.SSL_Verify(build.get_buffer(), build.size(), signature_);
996
// extract r and s from sequence
997
byte seqDecoded[DSA_SIG_SZ];
998
DecodeDSA_Signature(seqDecoded, signature_, sigLength_);
1000
DSA_PublicKey pubKey(pub);
1001
DSA_Verifier ver(pubKey);
1003
return ver.Verify(digest, seqDecoded);
1008
Signature_Encoder::Signature_Encoder(const byte* dig, word32 digSz,
1009
HashType digOID, Source& source)
1014
byte digArray[MAX_DIGEST_SZ];
1015
word32 digestSz = SetDigest(dig, digSz, digArray);
1018
byte algoArray[MAX_ALGO_SZ];
1019
word32 algoSz = SetAlgoID(digOID, algoArray);
1022
byte seqArray[MAX_SEQ_SZ];
1023
word32 seqSz = SetSequence(digestSz + algoSz, seqArray);
1025
source.grow(seqSz + algoSz + digestSz); // make sure enough room
1026
source.add(seqArray, seqSz);
1027
source.add(algoArray, algoSz);
1028
source.add(digArray, digestSz);
1033
word32 Signature_Encoder::SetDigest(const byte* d, word32 dSz, byte* output)
1035
output[0] = OCTET_STRING;
1037
memcpy(&output[2], d, dSz);
1044
word32 DER_Encoder::SetAlgoID(HashType aOID, byte* output)
1046
// adding TAG_NULL and 0 to end
1047
static const byte shaAlgoID[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a,
1049
static const byte md5AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1050
0x02, 0x05, 0x05, 0x00 };
1051
static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
1052
0x02, 0x02, 0x05, 0x00};
1055
const byte* algoName = 0;
1059
algoSz = sizeof(shaAlgoID);
1060
algoName = shaAlgoID;
1064
algoSz = sizeof(md2AlgoID);
1065
algoName = md2AlgoID;
1069
algoSz = sizeof(md5AlgoID);
1070
algoName = md5AlgoID;
1074
error_.SetError(UNKOWN_HASH_E);
1079
byte ID_Length[MAX_LENGTH_SZ];
1080
word32 idSz = SetLength(algoSz - 2, ID_Length); // don't include TAG_NULL/0
1082
byte seqArray[MAX_SEQ_SZ + 1]; // add object_id to end
1083
word32 seqSz = SetSequence(idSz + algoSz + 1, seqArray);
1084
seqArray[seqSz++] = OBJECT_IDENTIFIER;
1086
memcpy(output, seqArray, seqSz);
1087
memcpy(output + seqSz, ID_Length, idSz);
1088
memcpy(output + seqSz + idSz, algoName, algoSz);
1090
return seqSz + idSz + algoSz;
1094
word32 SetSequence(word32 len, byte* output)
1097
output[0] = SEQUENCE | CONSTRUCTED;
1098
return SetLength(len, output + 1) + 1;
1102
word32 EncodeDSA_Signature(const byte* signature, byte* output)
1104
Integer r(signature, 20);
1105
Integer s(signature + 20, 20);
1107
return EncodeDSA_Signature(r, s, output);
1111
word32 EncodeDSA_Signature(const Integer& r, const Integer& s, byte* output)
1113
word32 rSz = r.ByteCount();
1114
word32 sSz = s.ByteCount();
1116
byte rLen[MAX_LENGTH_SZ + 1];
1117
byte sLen[MAX_LENGTH_SZ + 1];
1122
word32 rLenSz = SetLength(rSz, &rLen[1]) + 1;
1123
word32 sLenSz = SetLength(sSz, &sLen[1]) + 1;
1125
byte seqArray[MAX_SEQ_SZ];
1127
word32 seqSz = SetSequence(rLenSz + rSz + sLenSz + sSz, seqArray);
1130
memcpy(output, seqArray, seqSz);
1132
memcpy(output + seqSz, rLen, rLenSz);
1133
r.Encode(output + seqSz + rLenSz, rSz);
1135
memcpy(output + seqSz + rLenSz + rSz, sLen, sLenSz);
1136
s.Encode(output + seqSz + rLenSz + rSz + sLenSz, sSz);
1138
return seqSz + rLenSz + rSz + sLenSz + sSz;
1142
// put sequence encoded dsa signature into decoded in 2 20 byte integers
1143
word32 DecodeDSA_Signature(byte* decoded, const byte* encoded, word32 sz)
1145
Source source(encoded, sz);
1147
if (source.next() != (SEQUENCE | CONSTRUCTED)) {
1148
source.SetError(SEQUENCE_E);
1152
GetLength(source); // total
1155
if (source.next() != INTEGER) {
1156
source.SetError(INTEGER_E);
1159
word32 rLen = GetLength(source);
1161
if (rLen == 21) { // zero at front, eat
1165
else if (rLen == 19) { // add zero to front so 20 bytes
1170
source.SetError(DSA_SZ_E);
1174
memcpy(decoded, source.get_buffer() + source.get_index(), rLen);
1175
source.advance(rLen);
1178
if (source.next() != INTEGER) {
1179
source.SetError(INTEGER_E);
1182
word32 sLen = GetLength(source);
1185
source.next(); // zero at front, eat
1188
else if (sLen == 19) {
1189
decoded[rLen] = 0; // add zero to front so 20 bytes
1193
source.SetError(DSA_SZ_E);
1197
memcpy(decoded + rLen, source.get_buffer() + source.get_index(), sLen);
1198
source.advance(sLen);
1205
// Get Cert in PEM format from BEGIN to END
1206
int GetCert(Source& source)
1208
char header[] = "-----BEGIN CERTIFICATE-----";
1209
char footer[] = "-----END CERTIFICATE-----";
1211
char* begin = strstr((char*)source.get_buffer(), header);
1212
char* end = strstr((char*)source.get_buffer(), footer);
1214
if (!begin || !end || begin >= end) return -1;
1216
end += strlen(footer);
1217
if (*end == '\r') end++;
1219
Source tmp((byte*)begin, end - begin + 1);
1227
// Decode a BER encoded PKCS12 structure
1228
void PKCS12_Decoder::Decode()
1231
if (source_.GetError().What()) return;
1238
byte obj_id = source_.next();
1239
if (obj_id != OBJECT_IDENTIFIER) {
1240
source_.SetError(OBJECT_ID_E);
1244
word32 length = GetLength(source_);
1246
word32 algo_sum = 0;
1248
algo_sum += source_.next();
1255
// Get MacData optional
1256
// mac digestInfo like certdecoder::getdigest?
1257
// macsalt octet string
1263
void PKCS12_Decoder::ReadHeader()
1271
// Get Cert in PEM format from pkcs12 file
1272
int GetPKCS_Cert(const char* password, Source& source)
1274
PKCS12_Decoder pkcs12(source);