Ejemplo n.º 1
0
/*
* Decode a BER encoded DistinguishedName
*/
void X509_DN::decode_from(BER_Decoder& source)
   {
   MemoryVector<byte> bits;

   source.start_cons(SEQUENCE)
      .raw_bytes(bits)
   .end_cons();

   BER_Decoder sequence(bits);

   while(sequence.more_items())
      {
      BER_Decoder rdn = sequence.start_cons(SET);

      while(rdn.more_items())
         {
         OID oid;
         ASN1_String str;

         rdn.start_cons(SEQUENCE)
            .decode(oid)
            .decode(str)
            .verify_end()
        .end_cons();

         add_attribute(oid, str.value());
         }
      }

   dn_bits = bits;
   }
Ejemplo n.º 2
0
/*
* Decompress a message
*/
void CMS_Decoder::decompress(BER_Decoder& decoder)
   {
   size_t version;
   AlgorithmIdentifier comp_algo;

   BER_Decoder comp_info = decoder.start_cons(SEQUENCE);

   comp_info.decode(version);
   if(version != 0)
      throw Decoding_Error("CMS: Unknown version for CompressedData");

   comp_info.decode(comp_algo);
   read_econtent(comp_info);
   comp_info.end_cons();

   Filter* decompressor = 0;

   info = comp_algo.oid.as_string();

#if defined(BOTAN_HAS_COMPRESSOR_ZLIB)
   if(comp_algo.oid == OIDS::lookup("Compression.Zlib"))
      {
      decompressor = new Zlib_Decompression;
      info = "Zlib";
      }
#endif

   if(!decompressor)
      status = FAILURE;

   Pipe pipe(decompressor);
   pipe.process_msg(data);
   data = pipe.read_all();
   }
Ejemplo n.º 3
0
/*
* Decode a BER encoded AlgorithmIdentifier
*/
void AlgorithmIdentifier::decode_from(BER_Decoder& codec)
   {
   codec.start_cons(SEQUENCE)
      .decode(oid)
      .raw_bytes(parameters)
   .end_cons();
   }
Ejemplo n.º 4
0
/*
* Decode a BER encoded CRL_Entry
*/
void CRL_Entry::decode_from(BER_Decoder& source)
   {
   BigInt serial_number_bn;

   std::unique_ptr<CRL_Entry_Data> data(new CRL_Entry_Data);

   BER_Decoder entry = source.start_cons(SEQUENCE);

   entry.decode(serial_number_bn).decode(data->m_time);
   data->m_serial = BigInt::encode(serial_number_bn);

   if(entry.more_items())
      {
      entry.decode(data->m_extensions);
      if(auto ext = data->m_extensions.get_extension_object_as<Cert_Extension::CRL_ReasonCode>())
         {
         data->m_reason = ext->get_reason();
         }
      else
         {
         data->m_reason = UNSPECIFIED;
         }
      }

   entry.end_cons();

   m_data.reset(data.release());
   }
Ejemplo n.º 5
0
/*
* Decode a BER encoded Attribute
*/
void Attribute::decode_from(BER_Decoder& codec)
   {
   codec.start_cons(SEQUENCE)
      .decode(oid)
      .start_cons(SET)
         .raw_bytes(parameters)
      .end_cons()
   .end_cons();
   }
Ejemplo n.º 6
0
Response::Response(const uint8_t response_bits[], size_t response_bits_len) :
   m_response_bits(response_bits, response_bits + response_bits_len)
   {
   m_dummy_response_status = Certificate_Status_Code::OCSP_RESPONSE_INVALID;

   BER_Decoder response_outer = BER_Decoder(m_response_bits).start_cons(SEQUENCE);

   size_t resp_status = 0;

   response_outer.decode(resp_status, ENUMERATED, UNIVERSAL);

   if(resp_status != 0)
      throw Exception("OCSP response status " + std::to_string(resp_status));

   if(response_outer.more_items())
      {
      BER_Decoder response_bytes =
         response_outer.start_cons(ASN1_Tag(0), CONTEXT_SPECIFIC).start_cons(SEQUENCE);

      response_bytes.decode_and_check(OID("1.3.6.1.5.5.7.48.1.1"),
                                      "Unknown response type in OCSP response");

      BER_Decoder basicresponse =
         BER_Decoder(response_bytes.get_next_octet_string()).start_cons(SEQUENCE);

      basicresponse.start_cons(SEQUENCE)
           .raw_bytes(m_tbs_bits)
         .end_cons()
         .decode(m_sig_algo)
         .decode(m_signature, BIT_STRING);
      decode_optional_list(basicresponse, ASN1_Tag(0), m_certs);

      size_t responsedata_version = 0;
      Extensions extensions;

      BER_Decoder(m_tbs_bits)
         .decode_optional(responsedata_version, ASN1_Tag(0),
                          ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))

         .decode_optional(m_signer_name, ASN1_Tag(1),
                          ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))

         .decode_optional_string(m_key_hash, OCTET_STRING, 2,
                                 ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))

         .decode(m_produced_at)

         .decode_list(m_responses)

         .decode_optional(extensions, ASN1_Tag(1),
                          ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC));
      }

   response_outer.end_cons();
   }
Ejemplo n.º 7
0
/*
* Read a BER encoded X.509 object
*/
void X509_Object::decode_from(BER_Decoder& from)
   {
   from.start_cons(SEQUENCE)
         .start_cons(SEQUENCE)
            .raw_bytes(m_tbs_bits)
         .end_cons()
         .decode(m_sig_algo)
         .decode(m_sig, BIT_STRING)
         .verify_end()
      .end_cons();
   }
Ejemplo n.º 8
0
/*
* Decode a BER encoded CRL_Entry
*/
void CRL_Entry::decode_from(BER_Decoder& source)
   {
   BigInt serial_number_bn;

   source.start_cons(SEQUENCE)
      .decode(serial_number_bn)
      .decode(time);

   if(source.more_items())
      {
      Extensions extensions(throw_on_unknown_critical);
      source.decode(extensions);
      Data_Store info;
      extensions.contents_to(info, info);
      reason = CRL_Code(info.get1_u32bit("X509v3.CRLReasonCode"));
      }

   serial = BigInt::encode(serial_number_bn);
   }
Ejemplo n.º 9
0
Response::Response(const Certificate_Store& trusted_roots,
                   const std::vector<byte>& response_bits)
   {
   BER_Decoder response_outer = BER_Decoder(response_bits).start_cons(SEQUENCE);

   size_t resp_status = 0;

   response_outer.decode(resp_status, ENUMERATED, UNIVERSAL);

   if(resp_status != 0)
      throw std::runtime_error("OCSP response status " + std::to_string(resp_status));

   if(response_outer.more_items())
      {
      BER_Decoder response_bytes =
         response_outer.start_cons(ASN1_Tag(0), CONTEXT_SPECIFIC).start_cons(SEQUENCE);

      response_bytes.decode_and_check(OID("1.3.6.1.5.5.7.48.1.1"),
                                      "Unknown response type in OCSP response");

      BER_Decoder basicresponse =
         BER_Decoder(response_bytes.get_next_octet_string()).start_cons(SEQUENCE);

      std::vector<byte> tbs_bits;
      AlgorithmIdentifier sig_algo;
      std::vector<byte> signature;
      std::vector<X509_Certificate> certs;

      basicresponse.start_cons(SEQUENCE)
           .raw_bytes(tbs_bits)
         .end_cons()
         .decode(sig_algo)
         .decode(signature, BIT_STRING);
      decode_optional_list(basicresponse, ASN1_Tag(0), certs);

      size_t responsedata_version = 0;
      X509_DN name;
      std::vector<byte> key_hash;
      X509_Time produced_at;
      Extensions extensions;

      BER_Decoder(tbs_bits)
         .decode_optional(responsedata_version, ASN1_Tag(0),
                          ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))

         .decode_optional(name, ASN1_Tag(1),
                          ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))

         .decode_optional_string(key_hash, OCTET_STRING, 2,
                                 ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))

         .decode(produced_at)

         .decode_list(m_responses)

         .decode_optional(extensions, ASN1_Tag(1),
                          ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC));

      if(certs.empty())
         {
         if(auto cert = trusted_roots.find_cert(name, std::vector<byte>()))
            certs.push_back(*cert);
         else
            throw std::runtime_error("Could not find certificate that signed OCSP response");
         }

      check_signature(tbs_bits, sig_algo, signature, trusted_roots, certs);
      }

   response_outer.end_cons();
   }
Ejemplo n.º 10
0
bool ne7ssh_keys::getRSAKeys (char* buffer, uint32 size)
{
  const char* headerRSA = "-----BEGIN RSA PRIVATE KEY-----\n";
  const char* footerRSA = "-----END RSA PRIVATE KEY-----\n";
  SecureVector<Botan::byte> keyDataRaw;
  BigInt p, q, e, d, n;
  char *start;
  uint32 version;

  start = buffer + strlen(headerRSA);
  Pipe base64dec (new Base64_Decoder);
  base64dec.process_msg ((Botan::byte*)start, size - strlen(footerRSA) - strlen(headerRSA));
  keyDataRaw = base64dec.read_all (PIPE_DEFAULT_MESSAGE);

  BER_Decoder decoder (keyDataRaw);

#if BOTAN_PRE_15
  BER_Decoder sequence = BER::get_subsequence(decoder);
  BER::decode (sequence, version);
#else
  BER_Decoder sequence = decoder.start_cons(SEQUENCE);
  sequence.decode (version);
#endif

  if (version)
  {
    ne7ssh::errors()->push (-1, "Encountered unknown RSA key version.");
    return false;
  }

#if BOTAN_PRE_15
  BER::decode (sequence, n);
  BER::decode (sequence, e);
  BER::decode (sequence, d);
  BER::decode (sequence, p);
  BER::decode (sequence, q);
#else
  sequence.decode (n);
  sequence.decode (e);
  sequence.decode (d);
  sequence.decode (p);
  sequence.decode (q);
#endif

  sequence.discard_remaining();
  sequence.verify_end();

  if (n.is_zero() || e.is_zero() || d.is_zero() || p.is_zero() || q.is_zero())
  {
    ne7ssh::errors()->push (-1, "Could not decode the supplied RSA key.");
    return false;
  }

#if BOTAN_PRE_18 || BOTAN_PRE_15
  rsaPrivateKey = new RSA_PrivateKey (p, q, e, d, n);
#else
  rsaPrivateKey = new RSA_PrivateKey (*ne7ssh::rng, p, q, e, d, n);
#endif

  publicKeyBlob.clear();
  publicKeyBlob.addString ("ssh-rsa");
  publicKeyBlob.addBigInt (e);
  publicKeyBlob.addBigInt (n);

  return true;
}
Ejemplo n.º 11
0
bool ne7ssh_keys::getDSAKeys (char* buffer, uint32 size)
{
//  DataSource_Memory privKeyPEMSrc (privKeyPEMStr);
  const char* headerDSA = "-----BEGIN DSA PRIVATE KEY-----\n";
  const char* footerDSA = "-----END DSA PRIVATE KEY-----\n";
  SecureVector<Botan::byte> keyDataRaw;
  BigInt p, q, g, y, x;
  char *start;
  uint32 version;

  start = buffer + strlen(headerDSA);
  Pipe base64dec (new Base64_Decoder);
  base64dec.process_msg ((Botan::byte*)start, size - strlen(footerDSA) - strlen(headerDSA));
  keyDataRaw = base64dec.read_all (PIPE_DEFAULT_MESSAGE);

  BER_Decoder decoder (keyDataRaw);

#if BOTAN_PRE_15
  BER_Decoder sequence = BER::get_subsequence(decoder);
  BER::decode (sequence, version);
#else
  BER_Decoder sequence = decoder.start_cons (SEQUENCE);
  sequence.decode (version);
#endif

  if (version)
  {
    ne7ssh::errors()->push (-1, "Encountered unknown DSA key version.");
    return false;
  }

#if BOTAN_PRE_15
  BER::decode (sequence, p);
  BER::decode (sequence, q);
  BER::decode (sequence, g);
  BER::decode (sequence, y);
  BER::decode (sequence, x);
#else
  sequence.decode (p);
  sequence.decode (q);
  sequence.decode (g);
  sequence.decode (y);
  sequence.decode (x);
#endif


  sequence.discard_remaining();
  sequence.verify_end();

  if (p.is_zero() || q.is_zero() || g.is_zero() || y.is_zero() || x.is_zero())
  {
    ne7ssh::errors()->push (-1, "Could not decode the supplied DSA key.");
    return false;
  }

  DL_Group dsaGroup (p, q, g);

#if BOTAN_PRE_18 || BOTAN_PRE_15
  dsaPrivateKey = new DSA_PrivateKey (dsaGroup, x);
#else
  dsaPrivateKey = new DSA_PrivateKey (*ne7ssh::rng, dsaGroup, x);
#endif
  publicKeyBlob.clear();
  publicKeyBlob.addString ("ssh-dss");
  publicKeyBlob.addBigInt (p);
  publicKeyBlob.addBigInt (q);
  publicKeyBlob.addBigInt (g);
  publicKeyBlob.addBigInt (y);

  return true;

}