derparse.c revision 7711facfe58561dd91d6ece0f5f41150c3956c83
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* derparse.c - Functions for parsing DER-encoded data
*
* NOTE: This code was originally written by Cryptographic Products
* Group at Sun Microsystems for the SCA 1000 "realmparse" program.
* It is mostly intact except for necessary adaptaions to allow it to
* compile in this environment.
*/
#include <errno.h>
#include <fcntl.h>
#include <lber.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <cryptoutil.h>
#include "derparse.h"
/* I18N helpers. */
#include <libintl.h>
#include <locale.h>
/*
* Some types that we need below.
*/
typedef struct oidinfo {
char *strval; /* String rep. for OID in RDN */
} oidinfo_t;
/*
* X.509 Issuer OIDs as recommended by RFC 3280
* We might see these in certificates in their subject an issuer names.
*/
{0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x01};
static uint8_t domain_comp_oid[] =
{0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19};
static uint8_t email_addr_oid[] =
{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01};
/* Define this structure so we can match on a given oid */
};
/* Local functions */
static int get_oid_type(char *);
/*
* An RDNSequence is what is handed to us when we get attributes like
* CKA_ISSUER and CKA_SUBJECT_NAME. This function will take in a buffer
* with the DER encoded bytes of an RDNSequence and print out the components.
*
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
*
* RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
*
* AttributeTypeAndValue ::= SEQUENCE {
* type AttributeType,
* value AttributeValue
* }
*
* AttributeType ::= OBJECT IDENTIFIER
*
* AttributeValue ::= ANY DEFINED BY AttributeType
*/
void
{
#define PKTOOL_LINEMAX 1024
char oidout[PKTOOL_LINEMAX];
int tag;
int idx;
int prnsz;
int offset = 0;
cryptodebug("inside rdnseq_to_str");
cryptodebug("nothing to parse");
return;
}
/* Take the raw bytes and stuff them into a BerValue structure */
/* Allocate the BerElement */
cryptodebug("ber_init failed to return ber element");
"Unable to begin parsing RDNSequence."));
return;
}
/* Begin by parsing out the outer sequence */
if (tag != LBER_SEQUENCE) {
cryptodebug("ber_next_element tag is not SEQUENCE");
"Expected RDNSequence SEQUENCE object, got tag [%02x]."),
tag);
return;
}
/* Parse the sequence of RelativeDistinguishedName objects */
cryptodebug("ber_next_element tag is not SET");
"Expected RelativeDistinguishedName SET object, "
"got tag [%02x]."), tag);
return;
}
/* AttributeTypeAndValue */
if (tag != LBER_SEQUENCE) {
cryptodebug("ber_next_element tag is not SEQUENCE");
"Expected AttributeTypeAndValue SEQUENCE object, "
"got tag [%02x]."), tag);
return;
}
/* AttributeType OID */
atv_type_size++; /* Add room for null terminator */
cryptodebug("ber_next_element tag is not OID");
"Expected an OID, got tag [%02x]."), tag);
return;
}
/* Note: ber_scanf() allocates memory here for "a". */
/* AttributeValue */
cryptodebug("ber_next_element tag is not "
"got tag [%02x]."), tag);
return;
}
/* Note: ber_scanf() allocates memory here for "a". */
/*
* Now go and turn the attribute type and value into
* some kind of meaningful output.
*/
cryptodebug("oid_to_str failed");
"Unable to convert OID to string."));
return;
}
} else {
}
if (!first)
else {
}
break;
}
}
/*
* Convert OID to dotted notation string.
*/
static int
{
int count = 0;
int offset = 0;
int prnsz;
cryptodebug("inside oid_to_str");
if (oidlen == 0)
return (-1);
/*
* The first octet has a value of (40 x oidnum1) + oidnum2. We
* will deconstruct it here and sanity check the result. According
* to X.690, oidnum1 should never be more than 2 and oidnum2
* shouldn't be greater than 39 when oidnum1 = 0 or 1.
*/
firstnum = 2;
if (offset >= oidout_len)
return (0);
/* Start at the second byte and move our way forward */
/* ORIGINAL COMMENT */
/*
* Each oid byte is taken as a 7-bit number. If bit 8 is
* set, it means the next octet and this one are to be
* chained together as a single bit string, and so forth.
* We need to mask of bit 8, then shift over 7 bits in the
* resulting integer, and then stuff the new 7 bits in
* the low order byte, all the while making sure we don't
* stomp bit 1 from the previous octet.
* See X.690 or the layman's guide to ASN.1 for more.
*/
/*
* String together as many of the next octets if each of
* their high order bits is set to 1. For example,
* 1 1010111, 1 0010100, 1 0010110, 0 1101111, ...
* (3 8-bit octets)
* becomes
* 1010111 0010100 0010110, 1101111, ...
* (one 21 bit integer)
* The high order bit functions as a "link" between octets.
* Note that if there are more than 9 octets with their
* high order bits set, it will overflow a 64-bit integer.
*/
count++) {
nextnum <<= 7;
}
return (-1);
/* We're done with this oid number, write it and move on */
".%lld", nextnum);
if (offset >= oidout_len)
return (0);
}
return (0);
}
/*
* Returns the index in the oids[] array that matches the input type,
* or -1 if it could not find a match.
*/
static int
get_oid_type(char *type)
{
int count;
cryptodebug("inside get_oid_type");
return (count);
}
}
/* If we get here, we haven't found a match, so return -1 */
return (-1);
}