std::vector<uint8_t> Buf4() { std::vector<uint8_t> buf(DEFAULT_BUF_SIZE); long oneT1; oneT1 = 123; long twoT1; twoT1 = 456; long threeT1; threeT1 = 789; SetOfT2setof rec; memset(&rec, 0, sizeof(rec)); SetOfT1_t one; memset(&one, 0, sizeof(one)); ASN_SEQUENCE_ADD(&one, &oneT1); ASN_SEQUENCE_ADD(&one, &twoT1); SetOfT1_t two; memset(&two, 0, sizeof(two)); ASN_SEQUENCE_ADD(&two, &threeT1); ASN_SET_ADD(&rec, &one); ASN_SET_ADD(&rec, &two); asn_enc_rval_t rval; rval = der_encode_to_buffer(&asn_DEF_SetOfT2setof, &rec, (void*)buf.data(), buf.size()); if (rval.encoded >= 0) { buf.resize(rval.encoded); } else { printf("cannot encode record in Buf3"); exit(0); } return std::move(buf); }
std::vector<uint8_t> Buf4() { std::vector<uint8_t> buf(DEFAULT_BUF_SIZE); SetOfT2seq rec; memset(&rec, 0, sizeof(rec)); SeqT1_t one; memset(&one, 0, sizeof(one)); one.first = 123; one.second = 321; SeqT1_t two; memset(&two, 0, sizeof(two)); two.first = 654; two.second = 456; ASN_SET_ADD(&rec, &one); ASN_SET_ADD(&rec, &two); asn_enc_rval_t rval; rval = der_encode_to_buffer(&asn_DEF_SetOfT2seq, &rec, (void*)buf.data(), buf.size()); if (rval.encoded >= 0) { buf.resize(rval.encoded); } else { printf("cannot encode record in Buf3"); exit(0); } return std::move(buf); }
static void check_serialize() { LogLine_t ll; VariablePartSet_t vps; VariablePart_t vp; VisibleString_t vpart; asn_enc_rval_t erval; int i; memset(&ll, 0, sizeof(ll)); memset(&vps, 0, sizeof(vps)); memset(&vp, 0, sizeof(vp)); memset(&vpart, 0, sizeof(vpart)); vpart.buf = "123"; vpart.size = 3; vp.present = VariablePart_PR_vset; ASN_SET_ADD(&vp.choice.vset, &vpart); vps.resolution.accept_as = accept_as_unknown; ASN_SEQUENCE_ADD(&vps.vparts, &vp); ASN_SEQUENCE_ADD(&ll.varsets, &vps); ll.line_digest.buf = "zzz\007"; ll.line_digest.size = 4; asn_fprint(stderr, &asn_DEF_LogLine, &ll); buf_size = 128; buf = alloca(buf_size); erval = der_encode(&asn_DEF_LogLine, &ll, buf_fill, 0); assert(erval.encoded > 1); fprintf(stderr, "Encoded in %d bytes\n", erval.encoded); fprintf(stderr, "\n"); for(i = 0; i < buf_pos; i++) { fprintf(stderr, "%d ", buf[i]); } fprintf(stderr, "\n\n"); assert(erval.encoded == sizeof(buf0)); assert(memcmp(buf0, buf, sizeof(buf0)) == 0); }
static void check_serialize() { LogLine_t ll; VariablePartSet_t *vps; VariablePart_t *vp; VisibleString_t *vpart; asn_enc_rval_t erval; int i; memset(&ll, 0, sizeof(ll)); vps = calloc(1, sizeof(*vps)); vp = calloc(1, sizeof(*vp)); vpart = OCTET_STRING_new_fromBuf(&asn_DEF_VisibleString, "123", 3); vp->present = VariablePart_PR_vset; ASN_SET_ADD(&vp->choice.vset, vpart); vps->resolution.accept_as = accept_as_unknown; ASN_SEQUENCE_ADD(&vps->vparts, vp); ASN_SEQUENCE_ADD(&ll.varsets, vps); OCTET_STRING_fromBuf(&ll.line_digest, "zzz\007", 4); asn_fprint(stderr, &asn_DEF_LogLine, &ll); buf_size = 128; uint8_t scratch[buf_size]; buf = scratch; erval = der_encode(&asn_DEF_LogLine, &ll, buf_fill, 0); assert(erval.encoded > 1); fprintf(stderr, "Encoded in %zd bytes\n", erval.encoded); fprintf(stderr, "\n"); for(i = 0; i < buf_pos; i++) { fprintf(stderr, "%d ", buf[i]); } fprintf(stderr, "\n\n"); assert(erval.encoded == sizeof(buf0)); assert(memcmp(buf0, buf, sizeof(buf0)) == 0); ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_LogLine, &ll); return; }
void getCADESSigningTime(Attribute_t **at_ext, struct tm *local){ /** SINGING TIME **/ //AtributeValue int ret; Attribute_t *atSigningTime; atSigningTime = calloc(1, sizeof(*atSigningTime)); atSigningTime -> type = makeOID(SIGNING_TIME_OID); AttributeValue_t *atSigningTimeValue; atSigningTimeValue = calloc(1,sizeof( *atSigningTimeValue)); UTCTime_t *time; time = calloc (1, sizeof(*time)); asn_time2UT(time, local, 1); atSigningTimeValue = ANY_new_fromType(&asn_DEF_UTCTime, time); ret = ASN_SET_ADD(&atSigningTime-> values, atSigningTimeValue); *at_ext = atSigningTime; /** FIN SIGNING TIME **/ }
asn_dec_rval_t SET_OF_decode_uper(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, asn_per_constraints_t *constraints, void **sptr, asn_per_data_t *pd) { asn_dec_rval_t rv; asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics; asn_TYPE_member_t *elm = td->elements; /* Single one */ void *st = *sptr; asn_anonymous_set_ *list; asn_per_constraint_t *ct; int repeat = 0; ssize_t nelems; if(_ASN_STACK_OVERFLOW_CHECK(opt_codec_ctx)) _ASN_DECODE_FAILED; /* * Create the target structure if it is not present already. */ if(!st) { st = *sptr = CALLOC(1, specs->struct_size); if(!st) _ASN_DECODE_FAILED; } list = _A_SET_FROM_VOID(st); /* Figure out which constraints to use */ if(constraints) ct = &constraints->size; else if(td->per_constraints) ct = &td->per_constraints->size; else ct = 0; if(ct && ct->flags & APC_EXTENSIBLE) { int value = per_get_few_bits(pd, 1); if(value < 0) _ASN_DECODE_STARVED; if(value) ct = 0; /* Not restricted! */ } if(ct && ct->effective_bits >= 0) { /* X.691, #19.5: No length determinant */ nelems = per_get_few_bits(pd, ct->effective_bits); ASN_DEBUG("Preparing to fetch %ld+%ld elements from %s", (long)nelems, ct->lower_bound, td->name); if(nelems < 0) _ASN_DECODE_STARVED; nelems += ct->lower_bound; } else { nelems = -1; } do { int i; if(nelems < 0) { nelems = uper_get_length(pd, ct ? ct->effective_bits : -1, &repeat); ASN_DEBUG("Got to decode %d elements (eff %d)", (int)nelems, (int)ct ? ct->effective_bits : -1); if(nelems < 0) _ASN_DECODE_STARVED; } for(i = 0; i < nelems; i++) { void *ptr = 0; ASN_DEBUG("SET OF %s decoding", elm->type->name); rv = elm->type->uper_decoder(opt_codec_ctx, elm->type, elm->per_constraints, &ptr, pd); ASN_DEBUG("%s SET OF %s decoded %d, %p", td->name, elm->type->name, rv.code, ptr); if(rv.code == RC_OK) { if(ASN_SET_ADD(list, ptr) == 0) continue; ASN_DEBUG("Failed to add element into %s", td->name); /* Fall through */ rv.code = RC_FAIL; } else { ASN_DEBUG("Failed decoding %s of %s (SET OF)", elm->type->name, td->name); } if(ptr) ASN_STRUCT_FREE(*elm->type, ptr); return rv; } nelems = -1; /* Allow uper_get_length() */ } while(repeat); ASN_DEBUG("Decoded %s as SET OF", td->name); rv.code = RC_OK; rv.consumed = 0; return rv; }
/* * The decoder of the SET OF type. */ asn_dec_rval_t SET_OF_decode_ber(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **struct_ptr, const void *ptr, size_t size, int tag_mode) { /* * Bring closer parts of structure description. */ asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics; asn_TYPE_member_t *elm = td->elements; /* Single one */ /* * Parts of the structure being constructed. */ void *st = *struct_ptr; /* Target structure. */ asn_struct_ctx_t *ctx; /* Decoder context */ ber_tlv_tag_t tlv_tag; /* T from TLV */ asn_dec_rval_t rval; /* Return code from subparsers */ ssize_t consumed_myself = 0; /* Consumed bytes from ptr */ ASN_DEBUG("Decoding %s as SET OF", td->name); /* * Create the target structure if it is not present already. */ if(st == 0) { st = *struct_ptr = CALLOC(1, specs->struct_size); if(st == 0) { RETURN(RC_FAIL); } } /* * Restore parsing context. */ ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset); /* * Start to parse where left previously */ switch(ctx->phase) { case 0: /* * PHASE 0. * Check that the set of tags associated with given structure * perfectly fits our expectations. */ rval = ber_check_tags(opt_codec_ctx, td, ctx, ptr, size, tag_mode, 1, &ctx->left, 0); if(rval.code != RC_OK) { ASN_DEBUG("%s tagging check failed: %d", td->name, rval.code); return rval; } if(ctx->left >= 0) ctx->left += rval.consumed; /* ?Substracted below! */ ADVANCE(rval.consumed); ASN_DEBUG("Structure consumes %ld bytes, " "buffer %ld", (long)ctx->left, (long)size); NEXT_PHASE(ctx); /* Fall through */ case 1: /* * PHASE 1. * From the place where we've left it previously, * try to decode the next item. */ for(;; ctx->step = 0) { ssize_t tag_len; /* Length of TLV's T */ if(ctx->step & 1) goto microphase2; /* * MICROPHASE 1: Synchronize decoding. */ if(ctx->left == 0) { ASN_DEBUG("End of SET OF %s", td->name); /* * No more things to decode. * Exit out of here. */ PHASE_OUT(ctx); RETURN(RC_OK); } /* * Fetch the T from TLV. */ tag_len = ber_fetch_tag(ptr, LEFT, &tlv_tag); switch(tag_len) { case 0: if(!SIZE_VIOLATION) RETURN(RC_WMORE); /* Fall through */ case -1: RETURN(RC_FAIL); } if(ctx->left < 0 && ((const uint8_t *)ptr)[0] == 0) { if(LEFT < 2) { if(SIZE_VIOLATION) RETURN(RC_FAIL); else RETURN(RC_WMORE); } else if(((const uint8_t *)ptr)[1] == 0) { /* * Found the terminator of the * indefinite length structure. */ break; } } /* Outmost tag may be unknown and cannot be fetched/compared */ if(elm->tag != (ber_tlv_tag_t)-1) { if(BER_TAGS_EQUAL(tlv_tag, elm->tag)) { /* * The new list member of expected type has arrived. */ } else { ASN_DEBUG("Unexpected tag %s fixed SET OF %s", ber_tlv_tag_string(tlv_tag), td->name); ASN_DEBUG("%s SET OF has tag %s", td->name, ber_tlv_tag_string(elm->tag)); RETURN(RC_FAIL); } } /* * MICROPHASE 2: Invoke the member-specific decoder. */ ctx->step |= 1; /* Confirm entering next microphase */ microphase2: /* * Invoke the member fetch routine according to member's type */ rval = elm->type->ber_decoder(opt_codec_ctx, elm->type, &ctx->ptr, ptr, LEFT, 0); ASN_DEBUG("In %s SET OF %s code %d consumed %d", td->name, elm->type->name, rval.code, (int)rval.consumed); switch(rval.code) { case RC_OK: { asn_anonymous_set_ *list = _A_SET_FROM_VOID(st); if(ASN_SET_ADD(list, ctx->ptr) != 0) RETURN(RC_FAIL); else ctx->ptr = 0; } break; case RC_WMORE: /* More data expected */ if(!SIZE_VIOLATION) { ADVANCE(rval.consumed); RETURN(RC_WMORE); } /* Fall through */ case RC_FAIL: /* Fatal error */ ASN_STRUCT_FREE(*elm->type, ctx->ptr); ctx->ptr = 0; RETURN(RC_FAIL); } /* switch(rval) */ ADVANCE(rval.consumed); } /* for(all list members) */ NEXT_PHASE(ctx); case 2: /* * Read in all "end of content" TLVs. */ while(ctx->left < 0) { if(LEFT < 2) { if(LEFT > 0 && ((const char *)ptr)[0] != 0) { /* Unexpected tag */ RETURN(RC_FAIL); } else { RETURN(RC_WMORE); } } if(((const char *)ptr)[0] == 0 && ((const char *)ptr)[1] == 0) { ADVANCE(2); ctx->left++; } else { RETURN(RC_FAIL); } } PHASE_OUT(ctx); } RETURN(RC_OK); }
/* * Decode the XER (XML) data. */ asn_dec_rval_t SET_OF_decode_xer(asn_codec_ctx_t *opt_codec_ctx, asn_TYPE_descriptor_t *td, void **struct_ptr, const char *opt_mname, const void *buf_ptr, size_t size) { /* * Bring closer parts of structure description. */ asn_SET_OF_specifics_t *specs = (asn_SET_OF_specifics_t *)td->specifics; asn_TYPE_member_t *element = td->elements; const char *elm_tag; const char *xml_tag = opt_mname ? opt_mname : td->xml_tag; /* * ... and parts of the structure being constructed. */ void *st = *struct_ptr; /* Target structure. */ asn_struct_ctx_t *ctx; /* Decoder context */ asn_dec_rval_t rval; /* Return value from a decoder */ ssize_t consumed_myself = 0; /* Consumed bytes from ptr */ /* * Create the target structure if it is not present already. */ if(st == 0) { st = *struct_ptr = CALLOC(1, specs->struct_size); if(st == 0) RETURN(RC_FAIL); } /* Which tag is expected for the downstream */ if(specs->as_XMLValueList) { elm_tag = (specs->as_XMLValueList == 1) ? 0 : ""; } else { elm_tag = (*element->name) ? element->name : element->type->xml_tag; } /* * Restore parsing context. */ ctx = (asn_struct_ctx_t *)((char *)st + specs->ctx_offset); /* * Phases of XER/XML processing: * Phase 0: Check that the opening tag matches our expectations. * Phase 1: Processing body and reacting on closing tag. * Phase 2: Processing inner type. */ for(; ctx->phase <= 2;) { pxer_chunk_type_e ch_type; /* XER chunk type */ ssize_t ch_size; /* Chunk size */ xer_check_tag_e tcv; /* Tag check value */ /* * Go inside the inner member of a set. */ if(ctx->phase == 2) { asn_dec_rval_t tmprval; /* Invoke the inner type decoder, m.b. multiple times */ ASN_DEBUG("XER/SET OF element [%s]", elm_tag); tmprval = element->type->xer_decoder(opt_codec_ctx, element->type, &ctx->ptr, elm_tag, buf_ptr, size); if(tmprval.code == RC_OK) { asn_anonymous_set_ *list = _A_SET_FROM_VOID(st); if(ASN_SET_ADD(list, ctx->ptr) != 0) RETURN(RC_FAIL); ctx->ptr = 0; XER_ADVANCE(tmprval.consumed); } else { XER_ADVANCE(tmprval.consumed); RETURN(tmprval.code); } ctx->phase = 1; /* Back to body processing */ ASN_DEBUG("XER/SET OF phase => %d", ctx->phase); /* Fall through */ } /* * Get the next part of the XML stream. */ ch_size = xer_next_token(&ctx->context, buf_ptr, size, &ch_type); switch(ch_size) { case -1: RETURN(RC_FAIL); case 0: RETURN(RC_WMORE); default: switch(ch_type) { case PXER_COMMENT: /* Got XML comment */ case PXER_TEXT: /* Ignore free-standing text */ XER_ADVANCE(ch_size); /* Skip silently */ continue; case PXER_TAG: break; /* Check the rest down there */ } } tcv = xer_check_tag(buf_ptr, ch_size, xml_tag); ASN_DEBUG("XER/SET OF: tcv = %d, ph=%d t=%s", tcv, ctx->phase, xml_tag); switch(tcv) { case XCT_CLOSING: if(ctx->phase == 0) break; ctx->phase = 0; /* Fall through */ case XCT_BOTH: if(ctx->phase == 0) { /* No more things to decode */ XER_ADVANCE(ch_size); ctx->phase = 3; /* Phase out */ RETURN(RC_OK); } /* Fall through */ case XCT_OPENING: if(ctx->phase == 0) { XER_ADVANCE(ch_size); ctx->phase = 1; /* Processing body phase */ continue; } /* Fall through */ case XCT_UNKNOWN_OP: case XCT_UNKNOWN_BO: ASN_DEBUG("XER/SET OF: tcv=%d, ph=%d", tcv, ctx->phase); if(ctx->phase == 1) { /* * Process a single possible member. */ ctx->phase = 2; continue; } /* Fall through */ default: break; } ASN_DEBUG("Unexpected XML tag in SET OF"); break; } ctx->phase = 3; /* "Phase out" on hard failure */ RETURN(RC_FAIL); }
asn_random_fill_result_t SET_OF_random_fill(const asn_TYPE_descriptor_t *td, void **sptr, const asn_encoding_constraints_t *constraints, size_t max_length) { const asn_SET_OF_specifics_t *specs = (const asn_SET_OF_specifics_t *)td->specifics; asn_random_fill_result_t res_ok = {ARFILL_OK, 0}; asn_random_fill_result_t result_failed = {ARFILL_FAILED, 0}; asn_random_fill_result_t result_skipped = {ARFILL_SKIPPED, 0}; const asn_TYPE_member_t *elm = td->elements; void *st = *sptr; long max_elements = 5; long slb = 0; /* Lower size bound */ long sub = 0; /* Upper size bound */ size_t rnd_len; if(max_length == 0) return result_skipped; if(st == NULL) { st = (*sptr = CALLOC(1, specs->struct_size)); if(st == NULL) { return result_failed; } } switch(asn_random_between(0, 6)) { case 0: max_elements = 0; break; case 1: max_elements = 1; break; case 2: max_elements = 5; break; case 3: max_elements = max_length; break; case 4: max_elements = max_length / 2; break; case 5: max_elements = max_length / 4; break; default: break; } sub = slb + max_elements; if(!constraints || !constraints->per_constraints) constraints = &td->encoding_constraints; if(constraints->per_constraints) { const asn_per_constraint_t *pc = &constraints->per_constraints->size; if(pc->flags & APC_SEMI_CONSTRAINED) { slb = pc->lower_bound; sub = pc->lower_bound + max_elements; } else if(pc->flags & APC_CONSTRAINED) { slb = pc->lower_bound; sub = pc->upper_bound; if(sub - slb > max_elements) sub = slb + max_elements; } } /* Bias towards edges of allowed space */ switch(asn_random_between(-1, 4)) { default: case -1: /* Prepare lengths somewhat outside of constrained range. */ if(constraints->per_constraints && (constraints->per_constraints->size.flags & APC_EXTENSIBLE)) { switch(asn_random_between(0, 5)) { default: case 0: rnd_len = 0; break; case 1: if(slb > 0) { rnd_len = slb - 1; } else { rnd_len = 0; } break; case 2: rnd_len = asn_random_between(0, slb); break; case 3: if(sub < (ssize_t)max_length) { rnd_len = sub + 1; } else { rnd_len = max_length; } break; case 4: if(sub < (ssize_t)max_length) { rnd_len = asn_random_between(sub + 1, max_length); } else { rnd_len = max_length; } break; case 5: rnd_len = max_length; break; } break; } /* Fall through */ case 0: rnd_len = asn_random_between(slb, sub); break; case 1: if(slb < sub) { rnd_len = asn_random_between(slb + 1, sub); break; } /* Fall through */ case 2: rnd_len = asn_random_between(slb, slb); break; case 3: if(slb < sub) { rnd_len = asn_random_between(slb, sub - 1); break; } /* Fall through */ case 4: rnd_len = asn_random_between(sub, sub); break; } for(; rnd_len > 0; rnd_len--) { asn_anonymous_set_ *list = _A_SET_FROM_VOID(st); void *ptr = 0; asn_random_fill_result_t tmpres = elm->type->op->random_fill( elm->type, &ptr, &elm->encoding_constraints, (max_length > res_ok.length ? max_length - res_ok.length : 0) / rnd_len); switch(tmpres.code) { case ARFILL_OK: ASN_SET_ADD(list, ptr); res_ok.length += tmpres.length; break; case ARFILL_SKIPPED: break; case ARFILL_FAILED: assert(ptr == 0); return tmpres; } } return res_ok; }
PKIError GenerateCertificate (const UTF8String_t *subjectName, const UTF8String_t *issuerName, const UTCTime_t *notBefore, const UTCTime_t *notAfter, const BIT_STRING_t *subjectPublicKey, const BIT_STRING_t *issuerPrivateKey, ByteArray *encodedCertificate) { FUNCTION_INIT(); asn_enc_rval_t ec; /* Encoder return value */ Certificate_t *certificate = NULL; /* Type to encode */ AttributeTypeAndValue_t *issuerTypeAndValue = NULL; AttributeTypeAndValue_t *subjectTypeAndValue = NULL; RelativeDistinguishedName_t *issuerRDN = NULL; RelativeDistinguishedName_t *subjectRDN = NULL; uint8_t *uint8Pointer = NULL; ByteArray tbs = BYTE_ARRAY_INITIALIZER; uint8_t signature[SIGN_FULL_SIZE]; uint8_t sha256[SHA_256_HASH_LEN]; uint8_t tbsDer[ISSUER_MAX_CERT_SIZE]; long serialNumber = 0; CHECK_NULL(subjectName, ISSUER_X509_NULL_PASSED); CHECK_NULL(issuerName, ISSUER_X509_NULL_PASSED); CHECK_NULL(notBefore, ISSUER_X509_NULL_PASSED); CHECK_NULL(notAfter, ISSUER_X509_NULL_PASSED); CHECK_NULL(subjectPublicKey, ISSUER_X509_NULL_PASSED); CHECK_NULL(issuerPrivateKey, ISSUER_X509_NULL_PASSED); CHECK_NULL_BYTE_ARRAY_PTR(encodedCertificate, ISSUER_X509_NULL_PASSED); CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, encodedCertificate->len, ISSUER_X509_WRONG_BYTE_ARRAY_LEN); /* Allocate the memory */ certificate = OICCalloc(1, sizeof(Certificate_t)); // not malloc! CHECK_NULL(certificate, ISSUER_X509_MEMORY_ALLOC_FAILED); issuerTypeAndValue = OICCalloc(1, sizeof(AttributeTypeAndValue_t)); CHECK_NULL(issuerTypeAndValue, ISSUER_X509_MEMORY_ALLOC_FAILED); issuerRDN = OICCalloc(1, sizeof(RelativeDistinguishedName_t)); CHECK_NULL(issuerRDN, ISSUER_X509_MEMORY_ALLOC_FAILED); subjectTypeAndValue = OICCalloc(1, sizeof(AttributeTypeAndValue_t)); CHECK_NULL(subjectTypeAndValue, ISSUER_X509_MEMORY_ALLOC_FAILED); subjectRDN = OICCalloc(1, sizeof(RelativeDistinguishedName_t)); CHECK_NULL(subjectRDN, ISSUER_X509_MEMORY_ALLOC_FAILED); //set issuer name issuerTypeAndValue->value = *issuerName; issuerTypeAndValue->type.buf = (uint8_t *)g_COMMON_NAME_OID; //2.5.4.3 issuerTypeAndValue->type.size = sizeof(g_COMMON_NAME_OID) / sizeof(g_COMMON_NAME_OID[0]); ASN_SET_ADD(issuerRDN, issuerTypeAndValue); ASN_SEQUENCE_ADD(&(certificate->tbsCertificate.issuer), issuerRDN); //set subject name subjectTypeAndValue->value = *subjectName; subjectTypeAndValue->type.buf = (uint8_t *)g_COMMON_NAME_OID; //2.5.4.3 subjectTypeAndValue->type.size = sizeof(g_COMMON_NAME_OID) / sizeof(g_COMMON_NAME_OID[0]); ASN_SET_ADD(subjectRDN, subjectTypeAndValue); ASN_SEQUENCE_ADD(&(certificate->tbsCertificate.subject), subjectRDN); //set validity certificate->tbsCertificate.validity.notBefore = *notBefore; certificate->tbsCertificate.validity.notAfter = *notAfter; //set X.509 certificate version certificate->tbsCertificate.version = X509_V2; //set serial number certificate->tbsCertificate.serialNumber = 0; CHECK_CALL(InitCKMInfo); CHECK_CALL(GetNextSerialNumber, &serialNumber); certificate->tbsCertificate.serialNumber = serialNumber; serialNumber++; CHECK_CALL(SetNextSerialNumber, serialNumber); CHECK_CALL(SaveCKMInfo); //set signature algorithm in TBS certificate->tbsCertificate.signature.algorithm.buf = (uint8_t *)g_ECDSA_WITH_SHA256_OID; //1.2.840.10045.4.3.2 certificate->tbsCertificate.signature.algorithm.size = sizeof(g_ECDSA_WITH_SHA256_OID) / sizeof(g_ECDSA_WITH_SHA256_OID[0]); certificate->tbsCertificate.signature.nul = OICCalloc(1, sizeof(NULL_t)); CHECK_NULL(certificate->tbsCertificate.signature.nul, ISSUER_X509_MEMORY_ALLOC_FAILED); //set subject Public Key algorithm certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.buf = (uint8_t *)g_EC_PUBLIC_KEY_OID; //1.2.840.10045.2.1 certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.size = sizeof(g_EC_PUBLIC_KEY_OID) / sizeof(g_EC_PUBLIC_KEY_OID[0]); //set subject Public Key curve certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey = OICCalloc(1, sizeof(OBJECT_IDENTIFIER_t)); CHECK_NULL(certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey, ISSUER_X509_MEMORY_ALLOC_FAILED); certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->buf = (uint8_t *)g_PRIME_256_V1_OID; //1.2.840.10045.3.1.7 certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->size = sizeof(g_PRIME_256_V1_OID) / sizeof(g_PRIME_256_V1_OID[0]); //set subject Public Key certificate->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey = *subjectPublicKey; //set signature algorithm certificate->signatureAlgorithm.algorithm.buf = (uint8_t *)g_ECDSA_WITH_SHA256_OID; certificate->signatureAlgorithm.algorithm.size = sizeof(g_ECDSA_WITH_SHA256_OID) / sizeof(g_ECDSA_WITH_SHA256_OID[0]); certificate->signatureAlgorithm.nul = OICCalloc(1, sizeof(NULL_t)); CHECK_NULL(certificate->signatureAlgorithm.nul, ISSUER_X509_MEMORY_ALLOC_FAILED); //encode TBS to DER ec = der_encode_to_buffer(&asn_DEF_TBSCertificate, &(certificate->tbsCertificate), tbsDer, ISSUER_MAX_CERT_SIZE); CHECK_COND(ec.encoded > 0, ISSUER_X509_DER_ENCODE_FAIL); tbs.len = ec.encoded; tbs.data = tbsDer; GET_SHA_256(tbs, sha256); CHECK_COND(uECC_sign((issuerPrivateKey->buf) + 1, sha256, signature), ISSUER_X509_SIGNATURE_FAIL); //additional byte for ASN1_UNCOMPRESSED_KEY_ID // ECDSA-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } (RFC 5480) certificate->signatureValue.size = SIGN_FULL_SIZE + 6;// size for SEQUENCE ID + 2 * INTEGER ID // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature[0] > 127) { certificate->signatureValue.size ++; } // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature[SIGN_R_LEN] > 127) { certificate->signatureValue.size ++; } certificate->signatureValue.buf = OICCalloc(certificate->signatureValue.size, sizeof(uint8_t)); CHECK_NULL(certificate->signatureValue.buf, ISSUER_X509_MEMORY_ALLOC_FAILED); *(certificate->signatureValue.buf) = (12 << 2); //ASN.1 SEQUENCE ID *(certificate->signatureValue.buf + 1) = certificate->signatureValue.size - 2; //ASN.1 SEQUENCE size uint8Pointer = certificate->signatureValue.buf + 2; //skip SEQUENCE ID and size *uint8Pointer = (2 << 0); //ASN.1 INTEGER ID // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature[0] > 127) { *(uint8Pointer + 1) = SIGN_R_LEN + 1; //ASN.1 INTEGER size uint8Pointer += 3; //skip INTEGER ID and size } else { *(uint8Pointer + 1) = SIGN_R_LEN; //ASN.1 INTEGER SIZE uint8Pointer += 2; //skip INTEGER ID and size } memcpy(uint8Pointer, signature, SIGN_R_LEN); uint8Pointer += SIGN_R_LEN; //skip first part of signature *uint8Pointer = (2 << 0); //ASN.1 INTEGER ID // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature [SIGN_R_LEN] > 127) { *(uint8Pointer + 1) = SIGN_S_LEN + 1; //ASN.1 INTEGER size uint8Pointer += 3; //skip INTEGER ID and size } else { *(uint8Pointer + 1) = SIGN_S_LEN; //ASN.1 INTEGER size uint8Pointer += 2; //skip INTEGER ID and size } memcpy(uint8Pointer, signature + SIGN_R_LEN, SIGN_S_LEN); ec = der_encode_to_buffer(&asn_DEF_Certificate, certificate, encodedCertificate->data, ISSUER_MAX_CERT_SIZE); CHECK_COND(ec.encoded > 0, ISSUER_X509_DER_ENCODE_FAIL); encodedCertificate->len = ec.encoded; FUNCTION_CLEAR( if (issuerTypeAndValue) { issuerTypeAndValue->value.buf = NULL; issuerTypeAndValue->type.buf = NULL; } if (subjectTypeAndValue) { subjectTypeAndValue->value.buf = NULL; subjectTypeAndValue->type.buf = NULL; } if (certificate) { certificate->tbsCertificate.validity.notBefore.buf = NULL; certificate->tbsCertificate.validity.notAfter.buf = NULL; certificate->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.buf = NULL; certificate->tbsCertificate.signature.algorithm.buf = NULL; certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.buf = NULL; certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->buf = NULL; certificate->signatureAlgorithm.algorithm.buf = NULL; } ASN_STRUCT_FREE(asn_DEF_Certificate, certificate); certificate = NULL; );
void getSignedDataStructure(SignedData_t **sig_dat, X509 *certificateX509, char *contentData, const char *certBuffer, int certLenght, char *dataSigned, int lengthdataSigned, char *messageDigest, int lengthMessageDigest, char *contentDescription, char *policyOID, char *policyHash, char *policyHashAlg, char *policyUri, char *certHash, int lengthCertHash, char *hashAlgorithm, int signingCertificateV2, char *signAlgorithm, struct tm *local){ int rec; //creamos el objeto signedData SignedData_t *signedData; signedData = calloc(1, sizeof(*signedData)); /*****VERSION SIGNEDDATA*****/ //creamos el objeto CMSVersion CMSVersion_t *version; version = calloc(1, sizeof(*version)); version = CMSVersion_v1; signedData -> version = version; /*****DIGEST ALGORITHMS*****/ DigestAlgorithmIdentifiers_t *digestAlgorithms; digestAlgorithms = calloc(1, sizeof(*digestAlgorithms)); DigestAlgorithmIdentifier_t *digestAlgorithm; digestAlgorithm = calloc(1, sizeof(*digestAlgorithm)); digestAlgorithm -> algorithm = makeOID(hashAlgorithm); NULL_t *null; null = calloc(1, sizeof(*null)); digestAlgorithm -> parameters = ANY_new_fromType(&asn_DEF_NULL, null); rec = ASN_SET_ADD(&digestAlgorithms ->list, digestAlgorithm); signedData -> digestAlgorithms = *digestAlgorithms; /*****ENCAPCONTENTINFO*****/ EncapsulatedContentInfo_t *encapsulatedContentInfo; encapsulatedContentInfo = calloc(1, sizeof(*encapsulatedContentInfo)); ContentType_t *eContentType; eContentType = calloc(1,sizeof(*eContentType)); *eContentType = makeOID(DATA_OID); encapsulatedContentInfo->eContentType = *eContentType; //NSString *contentData= @"datos"; //NSString *contentData= NULL; if (contentData != NULL){ OCTET_STRING_t *osContentData; osContentData = calloc(1,sizeof(*osContentData)); OCTET_STRING_fromString(osContentData,contentData); encapsulatedContentInfo->eContent = osContentData; } signedData -> encapContentInfo = *encapsulatedContentInfo; /*****CERTIFICATES (OPTIONAL)*****/ CertificateSet_t *certificateSet; certificateSet = calloc(1, sizeof(*certificateSet)); certificateSet = ANY_new_fromBuf(certBuffer, certLenght); signedData -> certificates = certificateSet; /*****SIGNERINFO******/ SignerInfos_t *CADESSignerInfos; getCADESSignerInfos(&CADESSignerInfos, certificateX509, dataSigned, lengthdataSigned, messageDigest, lengthMessageDigest, contentDescription, policyOID, policyHash, policyHashAlg, policyUri, certHash, lengthCertHash, hashAlgorithm, signingCertificateV2, signAlgorithm, local); signedData-> signerInfos = *CADESSignerInfos; *sig_dat = signedData; }