static AJ_Status DecodeCertificateTBS(X509Certificate* certificate, DER_Element* tbs)
{
AJ_Status status;
DER_Element ver;
DER_Element oid;
DER_Element iss;
DER_Element utc;
DER_Element sub;
DER_Element pub;
DER_Element ext;
DER_Element tmp;
DER_Element time1;
DER_Element time2;
uint8_t tags1[] = { ASN_CONTEXT_SPECIFIC, ASN_INTEGER, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_CONTEXT_SPECIFIC };
uint8_t tags2[] = { ASN_UTC_TIME, ASN_UTC_TIME };
status = AJ_ASN1DecodeElements(tbs, tags1, sizeof (tags1), 0, &ver, &certificate->serial, &oid, &iss, &utc, &sub, &pub, 3, &ext);
if (AJ_OK != status) {
return status;
}
/*
* We only accept X.509v3 certificates.
*/
status = AJ_ASN1DecodeElement(&ver, ASN_INTEGER, &tmp);
if (AJ_OK != status) {
return status;
}
if ((0x1 != tmp.size) || (0x2 != *tmp.data)) {
return AJ_ERR_INVALID;
}
/*
* We only accept ECDSA-SHA256 signed certificates at the moment.
*/
status = AJ_ASN1DecodeElement(&oid, ASN_OID, &tmp);
if (AJ_OK != status) {
return status;
}
if (!CompareOID(&tmp, OID_SIG_ECDSA_SHA256, sizeof (OID_SIG_ECDSA_SHA256))) {
return AJ_ERR_INVALID;
}
status = DecodeCertificateName(&iss, 0, NULL, &certificate->issuer);
if (AJ_OK != status) {
return status;
}
status = AJ_ASN1DecodeElements(&utc, tags2, sizeof (tags2), &time1, &time2);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificateName(&sub, 0, &certificate->guild, &certificate->subject);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificatePub(&pub, &certificate->keyinfo);
if (AJ_OK != status) {
return status;
}
memset(certificate->digest, 0, SHA256_DIGEST_LENGTH);
status = DecodeCertificateExt(certificate, &ext);
return status;
}
static AJ_Status DecodeCertificateTBS(X509TbsCertificate* tbs, DER_Element* der)
{
AJ_Status status;
DER_Element ver;
DER_Element oid;
DER_Element iss;
DER_Element utc;
DER_Element sub;
DER_Element pub;
DER_Element ext;
DER_Element tmp;
const uint8_t tags[] = { ASN_CONTEXT_SPECIFIC, ASN_INTEGER, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_CONTEXT_SPECIFIC };
memset(tbs, 0, sizeof (X509TbsCertificate));
status = AJ_ASN1DecodeElements(der, tags, sizeof (tags), 0, &ver, &tbs->serial, &oid, &iss, &utc, &sub, &pub, 3, &ext);
if (AJ_OK != status) {
return status;
}
/*
* We only accept X.509v3 certificates.
*/
status = AJ_ASN1DecodeElement(&ver, ASN_INTEGER, &tmp);
if (AJ_OK != status) {
return status;
}
if ((0x1 != tmp.size) || (0x2 != *tmp.data)) {
return AJ_ERR_INVALID;
}
/*
* We only accept ECDSA-SHA256 signed certificates at the moment.
*/
status = AJ_ASN1DecodeElement(&oid, ASN_OID, &tmp);
if (AJ_OK != status) {
return status;
}
if (!CompareOID(&tmp, OID_SIG_ECDSA_SHA256, sizeof (OID_SIG_ECDSA_SHA256))) {
return AJ_ERR_INVALID;
}
status = DecodeCertificateName(&tbs->issuer, &iss);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificateTime(&tbs->validity, &utc);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificateName(&tbs->subject, &sub);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificatePub(&tbs->publickey, &pub);
if (AJ_OK != status) {
return status;
}
status = DecodeCertificateExt(&tbs->extensions, &ext);
if (AJ_OK != status) {
return status;
}
return status;
}
