1 /*
2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the License); you may
5 * not use this file except in compliance with the License.
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 */
9
10
11 #include <stdio.h>
12 #include <string.h>
13 #include <stdlib.h>
14 #include <gmssl/ec.h>
15 #include <gmssl/oid.h>
16 #include <gmssl/asn1.h>
17 #include <gmssl/error.h>
18 #include <gmssl/x509_alg.h>
19
20
21 static uint32_t oid_sm3[] = { 1,2,156,10197,1,401 };
22 static uint32_t oid_md5[] = { 1,2,840,113549,2,5 };
23 static uint32_t oid_sha1[] = { 1,3,14,3,2,26 };
24 static uint32_t oid_sha256[] = { 2,16,840,1,101,3,4,2,1 };
25 static uint32_t oid_sha384[] = { 2,16,840,1,101,3,4,2,2 };
26 static uint32_t oid_sha512[] = { 2,16,840,1,101,3,4,2,3 };
27 static uint32_t oid_sha224[] = { 2,16,840,1,101,3,4,2,4 };
28
29 static const ASN1_OID_INFO x509_digest_algors[] = {
30 { OID_sm3, "sm3", oid_sm3, sizeof(oid_sm3)/sizeof(int) },
31 { OID_md5, "md5", oid_md5, sizeof(oid_md5)/sizeof(int) },
32 { OID_sha1, "sha1", oid_sha1, sizeof(oid_sha1)/sizeof(int) },
33 { OID_sha224, "sha224", oid_sha224, sizeof(oid_sha224)/sizeof(int) },
34 { OID_sha256, "sha256", oid_sha256, sizeof(oid_sha256)/sizeof(int) },
35 { OID_sha384, "sha384", oid_sha384, sizeof(oid_sha384)/sizeof(int) },
36 { OID_sha512, "sha512", oid_sha512, sizeof(oid_sha512)/sizeof(int) },
37 };
38
39 static const int x509_digest_algors_count =
40 sizeof(x509_digest_algors)/sizeof(x509_digest_algors[0]);
41
x509_digest_algor_name(int oid)42 const char *x509_digest_algor_name(int oid)
43 {
44 const ASN1_OID_INFO *info;
45 if (!(info = asn1_oid_info_from_oid(x509_digest_algors, x509_digest_algors_count, oid))) {
46 error_print();
47 return NULL;
48 }
49 return info->name;
50 }
51
x509_digest_algor_from_name(const char * name)52 int x509_digest_algor_from_name(const char *name)
53 {
54 const ASN1_OID_INFO *info;
55 if (!(info = asn1_oid_info_from_name(x509_digest_algors, x509_digest_algors_count, name))) {
56 error_print();
57 return OID_undef;
58 }
59 return info->oid;
60 }
61
x509_digest_algor_to_der(int oid,uint8_t ** out,size_t * outlen)62 int x509_digest_algor_to_der(int oid, uint8_t **out, size_t *outlen)
63 {
64 const ASN1_OID_INFO *info;
65 size_t len = 0;
66 if (!(info = asn1_oid_info_from_oid(x509_digest_algors, x509_digest_algors_count, oid))) {
67 error_print();
68 return -1;
69 }
70 if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, NULL, &len) != 1
71 || asn1_sequence_header_to_der(len, out, outlen) != 1
72 || asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
73 error_print();
74 return -1;
75 }
76 return 1;
77 }
78
x509_digest_algor_from_der(int * oid,const uint8_t ** in,size_t * inlen)79 int x509_digest_algor_from_der(int *oid, const uint8_t **in, size_t *inlen)
80 {
81 int ret;
82 const uint8_t *p;
83 size_t len;
84 const ASN1_OID_INFO *info;
85
86 *oid = 0;
87 if ((ret = asn1_sequence_from_der(&p, &len, in, inlen)) != 1) {
88 if (ret < 0) error_print();
89 return ret;
90 }
91 if ((ret = asn1_oid_info_from_der(&info, x509_digest_algors, x509_digest_algors_count, &p, &len)) != 1
92 || asn1_length_is_zero(len) != 1) {
93 error_print();
94 return ret;
95 }
96 *oid = info->oid;
97 return 1;
98 }
99
x509_digest_algor_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)100 int x509_digest_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
101 {
102 const ASN1_OID_INFO *info;
103 format_print(fp, fmt, ind, "%s\n", label);
104 ind += 4;
105
106 if (asn1_oid_info_from_der(&info, x509_digest_algors, x509_digest_algors_count, &d, &dlen) != 1) goto err;
107 format_print(fp, fmt, ind, "algorithm: %s\n", info->name);
108 if (asn1_length_is_zero(dlen) != 1) goto err;
109 return 1;
110 err:
111 error_print();
112 return -1;
113 }
114
115
116 static uint32_t oid_sm4_cbc[] = { 1,2,156,10197,1,104,2 };
117 static uint32_t oid_aes128_cbc[] = { 2,16,840,1,101,3,4,1,2 };
118 static uint32_t oid_aes192_cbc[] = { 2,16,840,1,101,3,4,1,22 };
119 static uint32_t oid_aes256_cbc[] = { 2,16,840,1,101,3,4,1,42 };
120
121 static const ASN1_OID_INFO x509_enc_algors[] = {
122 { OID_sm4_cbc, "sm4-cbc", oid_sm4_cbc, sizeof(oid_sm4_cbc)/sizeof(int) },
123 { OID_aes128_cbc, "aes128-cbc", oid_aes128_cbc, sizeof(oid_aes128_cbc)/sizeof(int) },
124 { OID_aes192_cbc, "aes192-cbc", oid_aes192_cbc, sizeof(oid_aes192_cbc)/sizeof(int) },
125 { OID_aes256_cbc, "aes256-cbc", oid_aes256_cbc, sizeof(oid_aes256_cbc)/sizeof(int) },
126 };
127
128 static const int x509_enc_algors_count =
129 sizeof(x509_enc_algors)/sizeof(x509_enc_algors[0]);
130
x509_encryption_algor_name(int oid)131 const char *x509_encryption_algor_name(int oid)
132 {
133 const ASN1_OID_INFO *info;
134 if (!(info = asn1_oid_info_from_oid(x509_enc_algors, x509_enc_algors_count, oid))) {
135 error_print();
136 return NULL;
137 }
138 return info->name;
139 }
140
x509_encryption_algor_from_name(const char * name)141 int x509_encryption_algor_from_name(const char *name)
142 {
143 const ASN1_OID_INFO *info;
144 if (!(info = asn1_oid_info_from_name(x509_enc_algors, x509_enc_algors_count, name))) {
145 error_print();
146 return OID_undef;
147 }
148 return info->oid;
149 }
150
x509_encryption_algor_to_der(int oid,const uint8_t * iv,size_t ivlen,uint8_t ** out,size_t * outlen)151 int x509_encryption_algor_to_der(int oid, const uint8_t *iv, size_t ivlen,
152 uint8_t **out, size_t *outlen)
153 {
154 const ASN1_OID_INFO *info;
155 size_t len = 0;
156
157 if (!(info = asn1_oid_info_from_oid(x509_enc_algors, x509_enc_algors_count, oid))) {
158 error_print();
159 return -1;
160 }
161 if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, NULL, &len) != 1
162 || asn1_octet_string_to_der(iv, ivlen, NULL, &len) != 1
163 || asn1_sequence_header_to_der(len, out, outlen) != 1
164 || asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1
165 || asn1_octet_string_to_der(iv, ivlen, out, outlen) != 1) {
166 error_print();
167 return -1;
168 }
169 return 1;
170 }
171
x509_encryption_algor_from_der(int * oid,const uint8_t ** iv,size_t * ivlen,const uint8_t ** in,size_t * inlen)172 int x509_encryption_algor_from_der(int *oid, const uint8_t **iv, size_t *ivlen,
173 const uint8_t **in, size_t *inlen)
174 {
175 int ret;
176 const uint8_t *p;
177 size_t len;
178 const ASN1_OID_INFO *info;
179
180 *oid = OID_undef;
181 *iv = NULL;
182 *ivlen = 0;
183
184 if ((ret = asn1_sequence_from_der(&p, &len, in, inlen)) != 1) {
185 if (ret < 0) error_print();
186 return ret;
187 }
188 if (asn1_oid_info_from_der(&info, x509_enc_algors, x509_enc_algors_count, &p, &len) != 1
189 || asn1_octet_string_from_der(iv, ivlen, &p, &len) != 1
190 || asn1_length_is_zero(len) != 1) {
191 error_print();
192 return -1;
193 }
194 if (!(*iv) || *ivlen != 16) {
195 error_print();
196 return -1;
197 }
198 *oid = info->oid;
199 return 1;
200 }
201
x509_encryption_algor_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)202 int x509_encryption_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
203 {
204 const ASN1_OID_INFO *info;
205 const uint8_t *iv;
206 size_t ivlen;
207 format_print(fp, fmt, ind, "%s\n", label);
208 ind += 4;
209
210 if (asn1_oid_info_from_der(&info, x509_enc_algors, x509_enc_algors_count, &d, &dlen) != 1) goto err;
211 format_print(fp, fmt, ind, "algorithm: %s\n", info->name);
212 if (asn1_octet_string_from_der(&iv, &ivlen, &d, &dlen) != 1) goto err;
213 format_bytes(fp, fmt, ind, "iv: ", iv, ivlen);
214 if (asn1_length_is_zero(dlen) != 1) goto err;
215 return 1;
216 err:
217 error_print();
218 return -1;
219 }
220
221
222 static uint32_t oid_sm2sign_with_sm3[] = { 1,2,156,10197,1,501 };
223 static uint32_t oid_rsasign_with_sm3[] = { 1,2,156,10197,1,504 };
224 static uint32_t oid_ecdsa_with_sha1[] = { 1,2,840,10045,4,1 };
225 static uint32_t oid_ecdsa_with_sha224[] = { 1,2,840,10045,4,3,1 };
226 static uint32_t oid_ecdsa_with_sha256[] = { 1,2,840,10045,4,3,2 };
227 static uint32_t oid_ecdsa_with_sha384[] = { 1,2,840,10045,4,3,3 };
228 static uint32_t oid_ecdsa_with_sha512[] = { 1,2,840,10045,4,3,4 };
229 static uint32_t oid_rsasign_with_md5[] = { 1,2,840,113549,1,1,4 };
230 static uint32_t oid_rsasign_with_sha1[] = { 1,2,840,113549,1,1,5 };
231 static uint32_t oid_rsasign_with_sha224[] = { 1,2,840,113549,1,1,14 };
232 static uint32_t oid_rsasign_with_sha256[] = { 1,2,840,113549,1,1,11 };
233 static uint32_t oid_rsasign_with_sha384[] = { 1,2,840,113549,1,1,12 };
234 static uint32_t oid_rsasign_with_sha512[] = { 1,2,840,113549,1,1,13 };
235
236
237 static const ASN1_OID_INFO x509_sign_algors[] = {
238 { OID_sm2sign_with_sm3, "sm2sign-with-sm3", oid_sm2sign_with_sm3, sizeof(oid_sm2sign_with_sm3)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
239 { OID_rsasign_with_sm3, "rsasign-with-sm3", oid_rsasign_with_sm3, sizeof(oid_rsasign_with_sm3)/sizeof(int), 1 },
240 { OID_ecdsa_with_sha1, "ecdsa-with-sha1", oid_ecdsa_with_sha1, sizeof(oid_ecdsa_with_sha1)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
241 { OID_ecdsa_with_sha224, "ecdsa-with-sha224", oid_ecdsa_with_sha224, sizeof(oid_ecdsa_with_sha224)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM } ,
242 { OID_ecdsa_with_sha256, "ecdsa-with-sha256", oid_ecdsa_with_sha256, sizeof(oid_ecdsa_with_sha256)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
243 { OID_ecdsa_with_sha384, "ecdsa-with-sha384", oid_ecdsa_with_sha384, sizeof(oid_ecdsa_with_sha384)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
244 { OID_ecdsa_with_sha512, "ecdsa-with-sha512", oid_ecdsa_with_sha512, sizeof(oid_ecdsa_with_sha512)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
245 { OID_rsasign_with_md5, "md5WithRSAEncryption", oid_rsasign_with_md5, sizeof(oid_rsasign_with_md5)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
246 { OID_rsasign_with_sha1, "sha1WithRSAEncryption", oid_rsasign_with_sha1, sizeof(oid_rsasign_with_sha1)/sizeof(int), X509_ALGOR_ALLOW_EC_NULL_PARAM },
247 { OID_rsasign_with_sha224, "sha224WithRSAEncryption", oid_rsasign_with_sha224, sizeof(oid_rsasign_with_sha224)/sizeof(int), 1 },
248 { OID_rsasign_with_sha256, "sha256WithRSAEncryption", oid_rsasign_with_sha256, sizeof(oid_rsasign_with_sha256)/sizeof(int), 1 },
249 { OID_rsasign_with_sha384, "sha384WithRSAEncryption", oid_rsasign_with_sha384, sizeof(oid_rsasign_with_sha384)/sizeof(int), 1 },
250 { OID_rsasign_with_sha512, "sha512WithRSAEncryption", oid_rsasign_with_sha512, sizeof(oid_rsasign_with_sha512)/sizeof(int), 1 },
251 };
252
253 static const int x509_sign_algors_count =
254 sizeof(x509_sign_algors)/sizeof(x509_sign_algors[0]);
255
x509_signature_algor_name(int oid)256 const char *x509_signature_algor_name(int oid)
257 {
258 const ASN1_OID_INFO *info;
259 if (!(info = asn1_oid_info_from_oid(x509_sign_algors, x509_sign_algors_count, oid))) {
260 error_print();
261 return NULL;
262 }
263 return info->name;
264 }
265
x509_signature_algor_from_name(const char * name)266 int x509_signature_algor_from_name(const char *name)
267 {
268 const ASN1_OID_INFO *info;
269 if (!(info = asn1_oid_info_from_name(x509_sign_algors, x509_sign_algors_count, name))) {
270 error_print();
271 return OID_undef;
272 }
273 return info->oid;
274 }
275
x509_signature_algor_to_der(int oid,uint8_t ** out,size_t * outlen)276 int x509_signature_algor_to_der(int oid, uint8_t **out, size_t *outlen)
277 {
278 const ASN1_OID_INFO *info;
279 size_t len = 0;
280 if (!(info = asn1_oid_info_from_oid(x509_sign_algors, x509_sign_algors_count, oid))) {
281 error_print();
282 return -1;
283 }
284 if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, NULL, &len) != 1
285 || (info->flags && asn1_null_to_der(NULL, &len) != 1)
286 || asn1_sequence_header_to_der(len, out, outlen) != 1
287 || asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1
288 || (info->flags && asn1_null_to_der(out, outlen) != 1)) {
289 error_print();
290 return -1;
291 }
292 return 1;
293 }
294
x509_signature_algor_from_der(int * oid,const uint8_t ** in,size_t * inlen)295 int x509_signature_algor_from_der(int *oid, const uint8_t **in, size_t *inlen)
296 {
297 int ret;
298 const uint8_t *p;
299 size_t len;
300 const ASN1_OID_INFO *info;
301 int has_null_obj;
302 int i;
303
304 *oid = OID_undef;
305 if ((ret = asn1_sequence_from_der(&p, &len, in, inlen)) != 1) {
306 if (ret < 0) error_print();
307 return ret;
308 }
309 if (asn1_oid_info_from_der(&info, x509_sign_algors, x509_sign_algors_count, &p, &len) != 1
310 || (info->flags && asn1_null_from_der(&p, &len) < 0)
311 || asn1_length_is_zero(len) != 1) {
312 error_print();
313 return -1;
314 }
315 *oid = info->oid;
316 return 1;
317 }
318
x509_signature_algor_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)319 int x509_signature_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
320 {
321 const ASN1_OID_INFO *info;
322 int null_param;
323
324 format_print(fp, fmt, ind, "%s\n", label);
325 ind += 4;
326
327 if (asn1_oid_info_from_der(&info, x509_sign_algors, x509_sign_algors_count, &d, &dlen) != 1) goto err;
328 format_print(fp, fmt, ind, "algorithm: %s\n", info->name);
329 if ((null_param = asn1_null_from_der(&d, &dlen)) < 0) goto err;
330 if (null_param) format_print(fp, fmt, ind, "parameters: %s\n", asn1_tag_name(ASN1_TAG_NULL));
331 if (asn1_length_is_zero(dlen) != 1) goto err;
332 return 1;
333 err:
334 error_print();
335 return -1;
336 }
337
338 /*
339 sm2encrypt: no parameters
340
341 rsaes_oaep: from rfc 3560
342 RSAES-OAEP-params ::= SEQUENCE {
343 hashFunc [0] AlgorithmIdentifier DEFAULT sha1Identifier,
344 maskGenFunc [1] AlgorithmIdentifier DEFAULT mgf1SHA1Identifier,
345 pSourceFunc [2] AlgorithmIdentifier DEFAULT
346 */
347
348 static uint32_t oid_sm2encrypt[] = { 1,2,156,10197,1,301,2 };
349 static uint32_t oid_rsa_encryption[] = { 1,2,840,113549,1,1,1 };
350 static uint32_t oid_rsaes_oaep[] = { 1,2,840,113549,1,1,7 };
351
352 static const ASN1_OID_INFO x509_pke_algors[] = {
353 { OID_sm2encrypt, "sm2encrypt", oid_sm2encrypt, sizeof(oid_sm2encrypt)/sizeof(int) },
354 { OID_rsa_encryption, "rsaEncryption", oid_rsa_encryption, sizeof(oid_rsa_encryption)/sizeof(int) },
355 { OID_rsaes_oaep, "rsaesOAEP", oid_rsaes_oaep, sizeof(oid_rsaes_oaep)/sizeof(int) },
356 };
357
358 static const int x509_pke_algors_count =
359 sizeof(x509_pke_algors)/sizeof(x509_pke_algors[0]);
360
x509_public_key_encryption_algor_name(int oid)361 const char *x509_public_key_encryption_algor_name(int oid)
362 {
363 const ASN1_OID_INFO *info;
364 if (!(info = asn1_oid_info_from_oid(x509_pke_algors, x509_pke_algors_count, oid))) {
365 error_print();
366 return NULL;
367 }
368 return info->name;
369 }
370
x509_public_key_encryption_algor_from_name(const char * name)371 int x509_public_key_encryption_algor_from_name(const char *name)
372 {
373 const ASN1_OID_INFO *info;
374 if (!(info = asn1_oid_info_from_name(x509_pke_algors, x509_pke_algors_count, name))) {
375 error_print();
376 return OID_undef;
377 }
378 return info->oid;
379 }
380
x509_public_key_encryption_algor_to_der(int oid,uint8_t ** out,size_t * outlen)381 int x509_public_key_encryption_algor_to_der(int oid, uint8_t **out, size_t *outlen)
382 {
383 const ASN1_OID_INFO *info;
384 size_t len = 0;
385
386 if (oid != OID_sm2encrypt) {
387 error_print();
388 return -1;
389 }
390 if (!(info = asn1_oid_info_from_oid(x509_pke_algors, x509_pke_algors_count, oid))) {
391 error_print();
392 return -1;
393 }
394 if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, NULL, &len) != 1
395 || asn1_sequence_header_to_der(len, out, outlen) != 1
396 || asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
397 error_print();
398 return -1;
399 }
400 return 1;
401 }
402
x509_public_key_encryption_algor_from_der(int * oid,const uint8_t ** params,size_t * params_len,const uint8_t ** in,size_t * inlen)403 int x509_public_key_encryption_algor_from_der(int *oid, const uint8_t **params, size_t *params_len,
404 const uint8_t **in, size_t *inlen)
405 {
406 int ret;
407 const uint8_t *p;
408 size_t len;
409 const ASN1_OID_INFO *info;
410
411 *oid = OID_undef;
412 *params = NULL;
413 *params_len = 0;
414
415 if ((ret = asn1_sequence_from_der(&p, &len, in, inlen)) != 1) {
416 if (ret < 0) error_print();
417 return ret;
418 }
419 if (asn1_oid_info_from_der(&info, x509_pke_algors, x509_pke_algors_count, &p, &len) != 1) {
420 error_print();
421 return -1;
422 }
423 *oid = info->oid;
424 if (asn1_length_is_zero(len) != 1) {
425 if (info->oid == OID_sm2encrypt) {
426 error_print();
427 return -1;
428 }
429 *params = p;
430 *params_len = len;
431 }
432 return 1;
433 }
434
x509_public_key_encryption_algor_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)435 int x509_public_key_encryption_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
436 {
437 const ASN1_OID_INFO *info;
438 format_print(fp, fmt, ind, "%s\n", label);
439 ind += 4;
440
441 if (asn1_oid_info_from_der(&info, x509_pke_algors, x509_pke_algors_count, &d, &dlen) != 1) goto err;
442 format_print(fp, fmt, ind, "algorithm: %s\n", info->name);
443 if (asn1_length_is_zero(dlen) != 1) {
444 if (info->oid == OID_sm2encrypt) goto err;
445 format_bytes(fp, fmt, ind, "parameters: ", d, dlen);
446 }
447 return 1;
448 err:
449 error_print();
450 return -1;
451 }
452
453
454
455
456
457 static uint32_t oid_ec_public_key[] = { oid_x9_62,2,1 };
458 //static uint32_t oid_rsa_encryption[] = { 1,2,840,113549,1,1,1 };
459
460 static const ASN1_OID_INFO x509_public_key_algors[] = {
461 { OID_ec_public_key, "ecPublicKey", oid_ec_public_key, sizeof(oid_ec_public_key)/sizeof(int), 0, "X9.62 ecPublicKey" },
462 { OID_rsa_encryption, "rsaEncryption", oid_rsa_encryption, sizeof(oid_rsa_encryption)/sizeof(int), 0, "RSAEncryption" },
463 };
464
465 static const int x509_public_key_algors_count =
466 sizeof(x509_public_key_algors)/sizeof(x509_public_key_algors[0]);
467
x509_public_key_algor_name(int oid)468 const char *x509_public_key_algor_name(int oid)
469 {
470 const ASN1_OID_INFO *info;
471 if (!(info = asn1_oid_info_from_oid(x509_public_key_algors, x509_public_key_algors_count, oid))) {
472 error_print();
473 return NULL;
474 }
475 return info->name;
476 }
477
x509_public_key_algor_from_name(const char * name)478 int x509_public_key_algor_from_name(const char *name)
479 {
480 const ASN1_OID_INFO *info;
481 if (!(info = asn1_oid_info_from_name(x509_public_key_algors, x509_public_key_algors_count, name))) {
482 error_print();
483 return OID_undef;
484 }
485 return info->oid;
486 }
487
x509_public_key_algor_to_der(int oid,int curve_or_null,uint8_t ** out,size_t * outlen)488 int x509_public_key_algor_to_der(int oid, int curve_or_null, uint8_t **out, size_t *outlen)
489 {
490 size_t len = 0;
491
492 switch (oid) {
493 case OID_ec_public_key:
494 if (asn1_object_identifier_to_der(oid_ec_public_key, sizeof(oid_ec_public_key)/sizeof(int), NULL, &len) != 1
495 || ec_named_curve_to_der(curve_or_null, NULL, &len) != 1
496 || asn1_sequence_header_to_der(len, out, outlen) != 1
497 || asn1_object_identifier_to_der(oid_ec_public_key, sizeof(oid_ec_public_key)/sizeof(int), out, outlen) != 1
498 || ec_named_curve_to_der(curve_or_null, out, outlen) != 1) {
499 error_print();
500 return -1;
501 }
502 break;
503 case OID_rsa_encryption:
504 if (asn1_object_identifier_to_der(oid_rsa_encryption, sizeof(oid_rsa_encryption)/sizeof(int), NULL, &len) != 1
505 || asn1_null_to_der(NULL, &len) != 1
506 || asn1_sequence_header_to_der(len, out, outlen) != 1
507 || asn1_object_identifier_to_der(oid_rsa_encryption, sizeof(oid_rsa_encryption)/sizeof(int), out, outlen) != 1
508 || asn1_null_to_der(out, outlen) != 1) {
509 error_print();
510 return -1;
511 }
512 break;
513 default:
514 error_print();
515 return -1;
516 }
517 return 1;
518 }
519
x509_public_key_algor_from_der(int * oid,int * curve_or_null,const uint8_t ** in,size_t * inlen)520 int x509_public_key_algor_from_der(int *oid , int *curve_or_null, const uint8_t **in, size_t *inlen)
521 {
522 int ret;
523 const uint8_t *d;
524 size_t dlen;
525 const ASN1_OID_INFO *info;
526
527 if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
528 if (ret < 0) error_print();
529 return ret;
530 }
531
532 if (asn1_oid_info_from_der(&info, x509_public_key_algors, x509_public_key_algors_count, &d, &dlen) != 1) {
533 error_print();
534 return -1;
535 }
536 *oid = info->oid;
537
538 switch (*oid) {
539 case OID_ec_public_key:
540 if (ec_named_curve_from_der(curve_or_null, &d, &dlen) != 1
541 || asn1_length_is_zero(dlen) != 1) {
542 error_print();
543 return -1;
544 }
545 break;
546 case OID_rsa_encryption:
547 if ((*curve_or_null = asn1_null_from_der(&d, &dlen)) < 0
548 || asn1_length_is_zero(dlen) != 1) {
549 error_print();
550 return -1;
551 }
552 break;
553 default:
554 error_print();
555 return -1;
556 }
557 return 1;
558 }
559
x509_public_key_algor_print(FILE * fp,int fmt,int ind,const char * label,const uint8_t * d,size_t dlen)560 int x509_public_key_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
561 {
562 const ASN1_OID_INFO *info;
563 int val;
564
565 format_print(fp, fmt, ind, "%s\n", label);
566 ind += 4;
567
568 if (asn1_oid_info_from_der(&info, x509_public_key_algors, x509_public_key_algors_count, &d, &dlen) != 1) goto err;
569 format_print(fp, fmt, ind, "algorithm: %s\n", info->name);
570
571 switch (info->oid) {
572 case OID_ec_public_key:
573 if (ec_named_curve_from_der(&val, &d, &dlen) != 1) goto err;
574 format_print(fp, fmt, ind, "namedCurve: %s\n", ec_named_curve_name(val));
575 break;
576 case OID_rsa_encryption:
577 if ((val = asn1_null_from_der(&d, &dlen)) < 0) goto err;
578 else if (val) format_print(fp, fmt, ind, "parameters: %s\n", asn1_null_name());
579 break;
580 default:
581 error_print();
582 return -1;
583 }
584 if (asn1_length_is_zero(dlen) != 1) goto err;
585 return 1;
586 err:
587 error_print();
588 return -1;
589 }
590