static AJ_Status DecodeCertificateTBS(X509Certificate* certificate, DER_Element* tbs) { AJ_Status status; DER_Element ver; DER_Element oid; DER_Element iss; DER_Element utc; DER_Element sub; DER_Element pub; DER_Element ext; DER_Element tmp; DER_Element time1; DER_Element time2; uint8_t tags1[] = { ASN_CONTEXT_SPECIFIC, ASN_INTEGER, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_CONTEXT_SPECIFIC }; uint8_t tags2[] = { ASN_UTC_TIME, ASN_UTC_TIME }; status = AJ_ASN1DecodeElements(tbs, tags1, sizeof (tags1), 0, &ver, &certificate->serial, &oid, &iss, &utc, &sub, &pub, 3, &ext); if (AJ_OK != status) { return status; } /* * We only accept X.509v3 certificates. */ status = AJ_ASN1DecodeElement(&ver, ASN_INTEGER, &tmp); if (AJ_OK != status) { return status; } if ((0x1 != tmp.size) || (0x2 != *tmp.data)) { return AJ_ERR_INVALID; } /* * We only accept ECDSA-SHA256 signed certificates at the moment. */ status = AJ_ASN1DecodeElement(&oid, ASN_OID, &tmp); if (AJ_OK != status) { return status; } if (!CompareOID(&tmp, OID_SIG_ECDSA_SHA256, sizeof (OID_SIG_ECDSA_SHA256))) { return AJ_ERR_INVALID; } status = DecodeCertificateName(&iss, 0, NULL, &certificate->issuer); if (AJ_OK != status) { return status; } status = AJ_ASN1DecodeElements(&utc, tags2, sizeof (tags2), &time1, &time2); if (AJ_OK != status) { return status; } status = DecodeCertificateName(&sub, 0, &certificate->guild, &certificate->subject); if (AJ_OK != status) { return status; } status = DecodeCertificatePub(&pub, &certificate->keyinfo); if (AJ_OK != status) { return status; } memset(certificate->digest, 0, SHA256_DIGEST_LENGTH); status = DecodeCertificateExt(certificate, &ext); return status; }
static AJ_Status DecodeCertificateTBS(X509TbsCertificate* tbs, DER_Element* der) { AJ_Status status; DER_Element ver; DER_Element oid; DER_Element iss; DER_Element utc; DER_Element sub; DER_Element pub; DER_Element ext; DER_Element tmp; const uint8_t tags[] = { ASN_CONTEXT_SPECIFIC, ASN_INTEGER, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_SEQ, ASN_CONTEXT_SPECIFIC }; memset(tbs, 0, sizeof (X509TbsCertificate)); status = AJ_ASN1DecodeElements(der, tags, sizeof (tags), 0, &ver, &tbs->serial, &oid, &iss, &utc, &sub, &pub, 3, &ext); if (AJ_OK != status) { return status; } /* * We only accept X.509v3 certificates. */ status = AJ_ASN1DecodeElement(&ver, ASN_INTEGER, &tmp); if (AJ_OK != status) { return status; } if ((0x1 != tmp.size) || (0x2 != *tmp.data)) { return AJ_ERR_INVALID; } /* * We only accept ECDSA-SHA256 signed certificates at the moment. */ status = AJ_ASN1DecodeElement(&oid, ASN_OID, &tmp); if (AJ_OK != status) { return status; } if (!CompareOID(&tmp, OID_SIG_ECDSA_SHA256, sizeof (OID_SIG_ECDSA_SHA256))) { return AJ_ERR_INVALID; } status = DecodeCertificateName(&tbs->issuer, &iss); if (AJ_OK != status) { return status; } status = DecodeCertificateTime(&tbs->validity, &utc); if (AJ_OK != status) { return status; } status = DecodeCertificateName(&tbs->subject, &sub); if (AJ_OK != status) { return status; } status = DecodeCertificatePub(&tbs->publickey, &pub); if (AJ_OK != status) { return status; } status = DecodeCertificateExt(&tbs->extensions, &ext); if (AJ_OK != status) { return status; } return status; }