...
|
...
|
@@ -135,6 +135,64 @@ int asn1_expect_algo(fmap_t *map, void **asn1data, unsigned int *asn1len, unsign
|
135
|
135
|
return 0;
|
136
|
136
|
}
|
137
|
137
|
|
|
138
|
+#define OID_1_3_14_3_2_26 "\x2b\x0e\x03\x02\x1a"
|
|
139
|
+#define OID_sha1 OID_1_3_14_3_2_26
|
|
140
|
+
|
|
141
|
+#define OID_1_3_14_3_2_29 "\x2b\x0e\x03\x02\x1d"
|
|
142
|
+#define OID_sha1WithRSA OID_1_3_14_3_2_29
|
|
143
|
+
|
|
144
|
+
|
|
145
|
+#define OID_1_2_840_113549_1_1_1 "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01"
|
|
146
|
+#define OID_rsaEncryption OID_1_2_840_113549_1_1_1
|
|
147
|
+
|
|
148
|
+#define OID_1_2_840_113549_1_1_4 "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04"
|
|
149
|
+#define OID_md5WithRSAEncryption OID_1_2_840_113549_1_1_4
|
|
150
|
+
|
|
151
|
+#define OID_1_2_840_113549_1_1_5 "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05"
|
|
152
|
+#define OID_sha1WithRSAEncryption OID_1_2_840_113549_1_1_5
|
|
153
|
+
|
|
154
|
+#define OID_1_2_840_113549_1_7_1 "\x2a\x86\x48\x86\xf7\x0d\x01\x07\x01"
|
|
155
|
+#define OID_pkcs7_data OID_1_2_840_113549_1_7_1
|
|
156
|
+
|
|
157
|
+#define OID_1_2_840_113549_1_7_2 "\x2a\x86\x48\x86\xf7\x0d\x01\x07\x02"
|
|
158
|
+#define OID_signedData OID_1_2_840_113549_1_7_2
|
|
159
|
+
|
|
160
|
+#define OID_1_2_840_113549_1_9_3 "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x03"
|
|
161
|
+#define OID_contentType OID_1_2_840_113549_1_9_3
|
|
162
|
+
|
|
163
|
+#define OID_1_2_840_113549_1_9_4 "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x04"
|
|
164
|
+#define OID_messageDigest OID_1_2_840_113549_1_9_4
|
|
165
|
+
|
|
166
|
+#define OID_1_2_840_113549_1_9_5 "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x05"
|
|
167
|
+#define OID_signingTime OID_1_2_840_113549_1_9_5
|
|
168
|
+
|
|
169
|
+
|
|
170
|
+#define OID_1_2_840_113549_2_5 "\x2a\x86\x48\x86\xf7\x0d\x02\x05"
|
|
171
|
+#define OID_md5 OID_1_2_840_113549_2_5
|
|
172
|
+
|
|
173
|
+#define OID_1_2_840_113549_1_9_6 "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x06"
|
|
174
|
+#define OID_countersignature OID_1_2_840_113549_1_9_6
|
|
175
|
+
|
|
176
|
+
|
|
177
|
+#define OID_1_3_6_1_4_1_311_2_1_4 "\x2b\x06\x01\x04\x01\x82\x37\x02\x01\x04"
|
|
178
|
+#define OID_SPC_INDIRECT_DATA_OBJID OID_1_3_6_1_4_1_311_2_1_4
|
|
179
|
+
|
|
180
|
+#define OID_1_3_6_1_4_1_311_2_1_15 "\x2b\x06\x01\x04\x01\x82\x37\x02\x01\x0f"
|
|
181
|
+#define OID_SPC_PE_IMAGE_DATA_OBJID OID_1_3_6_1_4_1_311_2_1_15
|
|
182
|
+
|
|
183
|
+#define OID_1_3_6_1_4_1_311_2_1_25 "\x2b\x06\x01\x04\x01\x82\x37\x02\x01\x19"
|
|
184
|
+#define OID_SPC_CAB_DATA_OBJID OID_1_3_6_1_4_1_311_2_1_25
|
|
185
|
+
|
|
186
|
+#define OID_1_3_6_1_4_1_311_10_1 "\x2b\x06\x01\x04\x01\x82\x37\x0a\x01"
|
|
187
|
+#define OID_szOID_CTL OID_1_3_6_1_4_1_311_10_1
|
|
188
|
+
|
|
189
|
+#define OID_1_3_6_1_4_1_311_12_1_1 "\x2b\x06\x01\x04\x01\x82\x37\x0c\x01\x01"
|
|
190
|
+#define OID_szOID_CATALOG_LIST OID_1_3_6_1_4_1_311_12_1_1
|
|
191
|
+
|
|
192
|
+#define OID_1_3_6_1_4_1_311_12_1_2 "\x2b\x06\x01\x04\x01\x82\x37\x0c\x01\x02"
|
|
193
|
+#define OID_szOID_CATALOG_LIST_MEMBER OID_1_3_6_1_4_1_311_12_1_2
|
|
194
|
+
|
|
195
|
+#define lenof(x) (sizeof((x))-1)
|
138
|
196
|
|
139
|
197
|
static int asn1_expect_rsa(fmap_t *map, void **asn1data, unsigned int *asn1len, cli_crt_hashtype *hashtype) {
|
140
|
198
|
struct cli_asn1 obj;
|
...
|
...
|
@@ -147,7 +205,7 @@ static int asn1_expect_rsa(fmap_t *map, void **asn1data, unsigned int *asn1len,
|
147
|
147
|
|
148
|
148
|
if(asn1_get_obj(map, obj.content, &avail, &obj))
|
149
|
149
|
return 1;
|
150
|
|
- if(obj.type != 0x06 || (obj.size != 5 && obj.size != 9)) {
|
|
150
|
+ if(obj.type != 0x06 || (obj.size != lenof(OID_sha1WithRSA) && obj.size != lenof(OID_sha1WithRSAEncryption))) { /* lenof(OID_sha1WithRSAEncryption) = lenof(OID_md5WithRSAEncryption) = 9 */
|
151
|
151
|
cli_dbgmsg("asn1_expect_rsa: expecting OID with size 5 or 9, got %02x with size %u\n", obj.type, obj.size);
|
152
|
152
|
return 1;
|
153
|
153
|
}
|
...
|
...
|
@@ -155,11 +213,11 @@ static int asn1_expect_rsa(fmap_t *map, void **asn1data, unsigned int *asn1len,
|
155
|
155
|
cli_dbgmsg("asn1_expect_rsa: failed to read OID\n");
|
156
|
156
|
return 1;
|
157
|
157
|
}
|
158
|
|
- if(obj.size == 5 && !memcmp(obj.content, "\x2b\x0e\x03\x02\x1d", 5))
|
|
158
|
+ if(obj.size == lenof(OID_sha1WithRSA) && !memcmp(obj.content, OID_sha1WithRSA, lenof(OID_sha1WithRSA)))
|
159
|
159
|
*hashtype = CLI_SHA1RSA; /* Obsolete sha1rsa 1.3.14.3.2.29 */
|
160
|
|
- else if(obj.size == 9 && !memcmp(obj.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05", 9))
|
|
160
|
+ else if(obj.size == lenof(OID_sha1WithRSAEncryption) && !memcmp(obj.content, OID_sha1WithRSAEncryption, lenof(OID_sha1WithRSAEncryption)))
|
161
|
161
|
*hashtype = CLI_SHA1RSA; /* sha1withRSAEncryption 1.2.840.113549.1.1.5 */
|
162
|
|
- else if(obj.size == 9 && !memcmp(obj.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x04", 9))
|
|
162
|
+ else if(obj.size == lenof(OID_md5WithRSAEncryption) && !memcmp(obj.content, OID_md5WithRSAEncryption, lenof(OID_md5WithRSAEncryption)))
|
163
|
163
|
*hashtype = CLI_MD5RSA; /* md5withRSAEncryption 1.2.840.113549.1.1.4 */
|
164
|
164
|
else {
|
165
|
165
|
cli_dbgmsg("asn1_expect_rsa: OID mismatch\n");
|
...
|
...
|
@@ -186,13 +244,13 @@ int ms_asn1_get_sha1(fmap_t *map, void *asn1data, unsigned int avail, unsigned i
|
186
|
186
|
/* Manual parsing to avoid spamming */
|
187
|
187
|
if(asn1_expect_objtype(map, asn1data, &avail, &obj, 0x06))
|
188
|
188
|
return 2;
|
189
|
|
- if(obj.size != 10)
|
|
189
|
+ if(obj.size != lenof(OID_SPC_INDIRECT_DATA_OBJID))
|
190
|
190
|
return 1;
|
191
|
|
- if(!fmap_need_ptr_once(map, obj.content, 10)) {
|
|
191
|
+ if(!fmap_need_ptr_once(map, obj.content, lenof(OID_SPC_INDIRECT_DATA_OBJID))) {
|
192
|
192
|
cli_dbgmsg("ms_asn1_get_sha1: failed to read content\n");
|
193
|
193
|
return 2;
|
194
|
194
|
}
|
195
|
|
- if(memcmp(obj.content, "\x2b\x06\x01\x04\x01\x82\x37\x02\x01\x04", 10)) /* OBJECT 1.3.6.1.4.1.311.2.1.4 - SPC_INDIRECT_DATA_OBJID */
|
|
195
|
+ if(memcmp(obj.content, OID_SPC_INDIRECT_DATA_OBJID, lenof(OID_SPC_INDIRECT_DATA_OBJID))) /* OBJECT 1.3.6.1.4.1.311.2.1.4 - SPC_INDIRECT_DATA_OBJID */
|
196
|
196
|
return 1;
|
197
|
197
|
|
198
|
198
|
if(asn1_expect_objtype(map, obj.next, &avail, &obj, emb ? 0xa0 : 0x31))
|
...
|
...
|
@@ -208,18 +266,18 @@ int ms_asn1_get_sha1(fmap_t *map, void *asn1data, unsigned int avail, unsigned i
|
208
|
208
|
avail2 = obj.size;
|
209
|
209
|
if(asn1_expect_objtype(map, obj.content, &avail2, &obj2, 0x06)) /* OBJECT */
|
210
|
210
|
return 2;
|
211
|
|
- if(obj2.size != 10) {
|
|
211
|
+ if(obj2.size != lenof(OID_SPC_PE_IMAGE_DATA_OBJID)) {
|
212
|
212
|
cli_dbgmsg("ms_asn1_get_sha1: expected data object size 10, got %u\n", obj2.size);
|
213
|
213
|
return 2;
|
214
|
214
|
}
|
215
|
|
- if(!fmap_need_ptr_once(map, obj2.content, 10)) {
|
|
215
|
+ if(!fmap_need_ptr_once(map, obj2.content, lenof(OID_SPC_PE_IMAGE_DATA_OBJID))) {
|
216
|
216
|
cli_dbgmsg("ms_asn1_get_sha1: failed to read data content\n");
|
217
|
217
|
return 2;
|
218
|
218
|
}
|
219
|
|
- if(!memcmp(obj2.content, "\x2b\x06\x01\x04\x01\x82\x37\x02\x01\x0f", 10)) {
|
|
219
|
+ if(!memcmp(obj2.content, OID_SPC_PE_IMAGE_DATA_OBJID, lenof(OID_SPC_PE_IMAGE_DATA_OBJID))) {
|
220
|
220
|
/* SPC_PE_IMAGE_DATA_OBJID */
|
221
|
221
|
if(type) *type = 1;
|
222
|
|
- } else if (!emb && !memcmp(obj2.content, "\x2b\x06\x01\x04\x01\x82\x37\x02\x01\x19", 10)) {
|
|
222
|
+ } else if (!emb && !memcmp(obj2.content, OID_SPC_CAB_DATA_OBJID, lenof(OID_SPC_CAB_DATA_OBJID))) {
|
223
|
223
|
/* SPC_CAB_DATA_OBJID */
|
224
|
224
|
if(type) *type = 0;
|
225
|
225
|
} else {
|
...
|
...
|
@@ -231,7 +289,7 @@ int ms_asn1_get_sha1(fmap_t *map, void *asn1data, unsigned int avail, unsigned i
|
231
|
231
|
return 2;
|
232
|
232
|
|
233
|
233
|
avail = obj.size;
|
234
|
|
- if(asn1_expect_algo(map, &obj.content, &avail, 5, "\x2b\x0e\x03\x02\x1a")) /* objid 1.3.14.3.2.26 - sha1 */
|
|
234
|
+ if(asn1_expect_algo(map, &obj.content, &avail, lenof(OID_sha1), OID_sha1)) /* objid 1.3.14.3.2.26 - sha1 */
|
235
|
235
|
return 2;
|
236
|
236
|
|
237
|
237
|
if(asn1_expect_objtype(map, obj.content, &avail, &obj, 0x04))
|
...
|
...
|
@@ -367,7 +425,7 @@ int asn1_get_rsa_pubkey(fmap_t *map, void **asn1data, unsigned int *size, cli_cr
|
367
|
367
|
*asn1data = obj.next;
|
368
|
368
|
|
369
|
369
|
avail = obj.size;
|
370
|
|
- if(asn1_expect_algo(map, &obj.content, &avail, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01")) /* rsaEncryption */
|
|
370
|
+ if(asn1_expect_algo(map, &obj.content, &avail, lenof(OID_rsaEncryption), OID_rsaEncryption)) /* rsaEncryption */
|
371
|
371
|
return 1;
|
372
|
372
|
|
373
|
373
|
if(asn1_expect_objtype(map, obj.content, &avail, &obj, 0x03)) /* BIT STRING - subjectPublicKey */
|
...
|
...
|
@@ -594,7 +652,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
594
|
594
|
break;
|
595
|
595
|
}
|
596
|
596
|
size = asn1.size;
|
597
|
|
- if(asn1_expect_obj(map, &asn1.content, &size, 0x06, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x07\x02")) /* OBJECT 1.2.840.113549.1.7.2 - contentType = signedData */
|
|
597
|
+ if(asn1_expect_obj(map, &asn1.content, &size, 0x06, lenof(OID_signedData), OID_signedData)) /* OBJECT 1.2.840.113549.1.7.2 - contentType = signedData */
|
598
|
598
|
break;
|
599
|
599
|
if(asn1_expect_objtype(map, asn1.content, &size, &asn1, 0xa0)) /* [0] - content */
|
600
|
600
|
break;
|
...
|
...
|
@@ -616,7 +674,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
616
|
616
|
if(asn1_expect_objtype(map, asn1.content, &size, &asn1, 0x31)) /* SET OF DigestAlgorithmIdentifier */
|
617
|
617
|
break;
|
618
|
618
|
|
619
|
|
- if(asn1_expect_algo(map, &asn1.content, &asn1.size, 5, "\x2b\x0e\x03\x02\x1a")) /* DigestAlgorithmIdentifier[0] == sha1 */
|
|
619
|
+ if(asn1_expect_algo(map, &asn1.content, &asn1.size, lenof(OID_sha1), OID_sha1)) /* DigestAlgorithmIdentifier[0] == sha1 */
|
620
|
620
|
break;
|
621
|
621
|
if(asn1.size) {
|
622
|
622
|
cli_dbgmsg("asn1_parse_mscat: only one digestAlgorithmIdentifier is allowed\n");
|
...
|
...
|
@@ -627,7 +685,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
627
|
627
|
break;
|
628
|
628
|
/* Here there is either a PKCS #7 ContentType Object Identifier for Certificate Trust List (szOID_CTL)
|
629
|
629
|
* or a single SPC_INDIRECT_DATA_OBJID */
|
630
|
|
- if(asn1_expect_obj(map, &asn1.content, &asn1.size, 0x06, 9, "\x2b\x06\x01\x04\x01\x82\x37\x0a\x01")) /* szOID_CTL - 1.3.6.1.4.1.311.10.1 */
|
|
630
|
+ if(asn1_expect_obj(map, &asn1.content, &asn1.size, 0x06, lenof(OID_szOID_CTL), OID_szOID_CTL)) /* szOID_CTL - 1.3.6.1.4.1.311.10.1 */
|
631
|
631
|
break;
|
632
|
632
|
if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, 0xa0))
|
633
|
633
|
break;
|
...
|
...
|
@@ -649,7 +707,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
649
|
649
|
dsize = deep.size;
|
650
|
650
|
if(asn1_expect_objtype(map, deep.content, &dsize, &deep, 0x30))
|
651
|
651
|
break;
|
652
|
|
- if(asn1_expect_obj(map, &deep.content, &deep.size, 0x06, 10, "\x2b\x06\x01\x04\x01\x82\x37\x0c\x01\x01")) /* szOID_CATALOG_LIST - 1.3.6.1.4.1.311.12.1.1 */
|
|
652
|
+ if(asn1_expect_obj(map, &deep.content, &deep.size, 0x06, lenof(OID_szOID_CATALOG_LIST), OID_szOID_CATALOG_LIST)) /* szOID_CATALOG_LIST - 1.3.6.1.4.1.311.12.1.1 */
|
653
|
653
|
break;
|
654
|
654
|
if(deep.size) {
|
655
|
655
|
cli_dbgmsg("asn1_parse_mscat: found extra data in szOID_CATALOG_LIST content\n");
|
...
|
...
|
@@ -659,7 +717,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
659
|
659
|
break;
|
660
|
660
|
if(asn1_expect_objtype(map, deep.next, &dsize, &deep, 0x17)) /* Effective date - WTF?! */
|
661
|
661
|
break;
|
662
|
|
- if(asn1_expect_algo(map, &deep.next, &dsize, 10, "\x2b\x06\x01\x04\x01\x82\x37\x0c\x01\x02")) /* szOID_CATALOG_LIST_MEMBER */
|
|
662
|
+ if(asn1_expect_algo(map, &deep.next, &dsize, lenof(OID_szOID_CATALOG_LIST_MEMBER), OID_szOID_CATALOG_LIST_MEMBER)) /* szOID_CATALOG_LIST_MEMBER */
|
663
|
663
|
break;
|
664
|
664
|
if(asn1_expect_objtype(map, deep.next, &dsize, &deep, 0x30)) /* hashes here */
|
665
|
665
|
break;
|
...
|
...
|
@@ -809,7 +867,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
809
|
809
|
cli_dbgmsg("asn1_parse_mscat: extra data inside issuerAndSerialNumber\n");
|
810
|
810
|
break;
|
811
|
811
|
}
|
812
|
|
- if(asn1_expect_algo(map, &asn1.next, &size, 5, "\x2b\x0e\x03\x02\x1a")) /* digestAlgorithm == sha1 */
|
|
812
|
+ if(asn1_expect_algo(map, &asn1.next, &size, lenof(OID_sha1), OID_sha1)) /* digestAlgorithm == sha1 */
|
813
|
813
|
break;
|
814
|
814
|
|
815
|
815
|
attrs = asn1.next;
|
...
|
...
|
@@ -835,16 +893,16 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
835
|
835
|
dsize = 1;
|
836
|
836
|
break;
|
837
|
837
|
}
|
838
|
|
- if(deeper.size != 9)
|
|
838
|
+ if(deeper.size != lenof(OID_contentType))
|
839
|
839
|
continue;
|
840
|
|
- if(!fmap_need_ptr_once(map, deeper.content, deeper.size)) {
|
|
840
|
+ if(!fmap_need_ptr_once(map, deeper.content, lenof(OID_contentType))) {
|
841
|
841
|
cli_dbgmsg("asn1_parse_mscat: failed to read authenticated attribute\n");
|
842
|
842
|
dsize = 1;
|
843
|
843
|
break;
|
844
|
844
|
}
|
845
|
|
- if(!memcmp(deeper.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x03", 9))
|
|
845
|
+ if(!memcmp(deeper.content, OID_contentType, lenof(OID_contentType)))
|
846
|
846
|
content = 0; /* contentType */
|
847
|
|
- else if(!memcmp(deeper.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x04", 9))
|
|
847
|
+ else if(!memcmp(deeper.content, OID_messageDigest, lenof(OID_messageDigest)))
|
848
|
848
|
content = 1; /* messageDigest */
|
849
|
849
|
else
|
850
|
850
|
continue;
|
...
|
...
|
@@ -866,7 +924,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
866
|
866
|
|
867
|
867
|
if(content == 0) { /* contentType */
|
868
|
868
|
/* FIXME CHECK THE ACTUAL CONTENT TYPE MATCHES */
|
869
|
|
- if(asn1_expect_obj(map, &deeper.content, &deeper.size, 0x06, 9, "\x2b\x06\x01\x04\x01\x82\x37\x0a\x01")) { /* szOID_CTL - 1.3.6.1.4.1.311.10.1 */
|
|
869
|
+ if(asn1_expect_obj(map, &deeper.content, &deeper.size, 0x06, lenof(OID_szOID_CTL), OID_szOID_CTL)) { /* szOID_CTL - 1.3.6.1.4.1.311.10.1 */
|
870
|
870
|
dsize = 1;
|
871
|
871
|
break;
|
872
|
872
|
}
|
...
|
...
|
@@ -902,7 +960,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
902
|
902
|
break;
|
903
|
903
|
}
|
904
|
904
|
|
905
|
|
- if(asn1_expect_algo(map, &asn1.next, &size, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01")) /* digestEncryptionAlgorithm == sha1 */
|
|
905
|
+ if(asn1_expect_algo(map, &asn1.next, &size, lenof(OID_rsaEncryption), OID_rsaEncryption)) /* digestEncryptionAlgorithm == sha1 */
|
906
|
906
|
break;
|
907
|
907
|
|
908
|
908
|
if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0x04)) /* encryptedDigest */
|
...
|
...
|
@@ -957,7 +1015,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
957
|
957
|
|
958
|
958
|
size = asn1.size;
|
959
|
959
|
/* 1.2.840.113549.1.9.6 - counterSignature */
|
960
|
|
- if(asn1_expect_obj(map, &asn1.content, &size, 0x06, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x06"))
|
|
960
|
+ if(asn1_expect_obj(map, &asn1.content, &size, 0x06, lenof(OID_countersignature), OID_countersignature))
|
961
|
961
|
break;
|
962
|
962
|
if(asn1_expect_objtype(map, asn1.content, &size, &asn1, 0x31))
|
963
|
963
|
break;
|
...
|
...
|
@@ -997,7 +1055,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
997
|
997
|
break;
|
998
|
998
|
if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, 0x06))
|
999
|
999
|
break;
|
1000
|
|
- if(deep.size != 5 && deep.size != 8) {
|
|
1000
|
+ if(deep.size != lenof(OID_sha1) && deep.size != lenof(OID_md5)) {
|
1001
|
1001
|
cli_dbgmsg("asn1_parse_mscat: wrong digestAlgorithm size\n");
|
1002
|
1002
|
break;
|
1003
|
1003
|
}
|
...
|
...
|
@@ -1005,11 +1063,11 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
1005
|
1005
|
cli_dbgmsg("asn1_parse_mscat: failed to read digestAlgorithm OID\n");
|
1006
|
1006
|
break;
|
1007
|
1007
|
}
|
1008
|
|
- if(deep.size == 5 && !memcmp(deep.content, "\x2b\x0e\x03\x02\x1a", 5)) {
|
|
1008
|
+ if(deep.size == lenof(OID_sha1) && !memcmp(deep.content, OID_sha1, lenof(OID_sha1))) {
|
1009
|
1009
|
hashtype = CLI_SHA1RSA;
|
1010
|
1010
|
if(map_sha1(map, message, message_size, md))
|
1011
|
1011
|
break;
|
1012
|
|
- } else if(deep.size == 8 && !memcmp(deep.content, "\x2a\x86\x48\x86\xf7\x0d\x02\x05", 8)) {
|
|
1012
|
+ } else if(deep.size == lenof(OID_md5) && !memcmp(deep.content, OID_md5, lenof(OID_md5))) {
|
1013
|
1013
|
hashtype = CLI_MD5RSA;
|
1014
|
1014
|
if(map_md5(map, message, message_size, md))
|
1015
|
1015
|
break;
|
...
|
...
|
@@ -1045,18 +1103,18 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
1045
|
1045
|
dsize = 1;
|
1046
|
1046
|
break;
|
1047
|
1047
|
}
|
1048
|
|
- if(deeper.size != 9)
|
|
1048
|
+ if(deeper.size != lenof(OID_contentType)) /* lenof(contentType) = lenof(messageDigest) = lenof(signingTime) = 9 */
|
1049
|
1049
|
continue;
|
1050
|
1050
|
|
1051
|
|
- if(!fmap_need_ptr_once(map, deeper.content, 9)) {
|
|
1051
|
+ if(!fmap_need_ptr_once(map, deeper.content, lenof(OID_contentType))) {
|
1052
|
1052
|
dsize = 1;
|
1053
|
1053
|
break;
|
1054
|
1054
|
}
|
1055
|
|
- if(!memcmp(deeper.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x03", 9))
|
|
1055
|
+ if(!memcmp(deeper.content, OID_contentType, lenof(OID_contentType)))
|
1056
|
1056
|
content = 0; /* contentType */
|
1057
|
|
- else if(!memcmp(deeper.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x04", 9))
|
|
1057
|
+ else if(!memcmp(deeper.content, OID_messageDigest, lenof(OID_messageDigest)))
|
1058
|
1058
|
content = 1; /* messageDigest */
|
1059
|
|
- else if(!memcmp(deeper.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x05", 9))
|
|
1059
|
+ else if(!memcmp(deeper.content, OID_signingTime, lenof(OID_signingTime)))
|
1060
|
1060
|
content = 2; /* signingTime */
|
1061
|
1061
|
else
|
1062
|
1062
|
continue;
|
...
|
...
|
@@ -1078,7 +1136,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
1078
|
1078
|
deep.size = deeper.size;
|
1079
|
1079
|
switch(content) {
|
1080
|
1080
|
case 0: /* contentType = pkcs7-data */
|
1081
|
|
- if(asn1_expect_obj(map, &deeper.content, &deep.size, 0x06, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x07\x01"))
|
|
1081
|
+ if(asn1_expect_obj(map, &deeper.content, &deep.size, 0x06, lenof(OID_pkcs7_data), OID_pkcs7_data))
|
1082
|
1082
|
deep.size = 1;
|
1083
|
1083
|
else if(deep.size)
|
1084
|
1084
|
cli_dbgmsg("asn1_parse_mscat: extra data in countersignature content-type\n");
|
...
|
...
|
@@ -1116,16 +1174,16 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
1116
|
1116
|
break;
|
1117
|
1117
|
if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, 0x06)) /* digestEncryptionAlgorithm == sha1 */
|
1118
|
1118
|
break;
|
1119
|
|
- if(deep.size != 9) {
|
|
1119
|
+ if(deep.size != lenof(OID_rsaEncryption)) { /* lenof(OID_rsaEncryption) = lenof(OID_sha1WithRSAEncryption) = 9 */
|
1120
|
1120
|
cli_dbgmsg("asn1_parse_mscat: wrong digestEncryptionAlgorithm size in countersignature\n");
|
1121
|
1121
|
break;
|
1122
|
1122
|
}
|
1123
|
|
- if(!fmap_need_ptr_once(map, deep.content, 9)) {
|
|
1123
|
+ if(!fmap_need_ptr_once(map, deep.content, lenof(OID_rsaEncryption))) {
|
1124
|
1124
|
cli_dbgmsg("asn1_parse_mscat: cannot read digestEncryptionAlgorithm in countersignature\n");
|
1125
|
1125
|
break;
|
1126
|
1126
|
}
|
1127
|
1127
|
/* rsaEncryption or sha1withRSAEncryption */
|
1128
|
|
- if(memcmp(deep.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01", 9) && memcmp(deep.content, "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x05", 9)) {
|
|
1128
|
+ if(memcmp(deep.content, OID_rsaEncryption, lenof(OID_rsaEncryption)) && memcmp(deep.content, OID_sha1WithRSAEncryption, lenof(OID_sha1WithRSAEncryption))) {
|
1129
|
1129
|
cli_dbgmsg("asn1_parse_mscat: digestEncryptionAlgorithm in countersignature is not sha1\n");
|
1130
|
1130
|
break;
|
1131
|
1131
|
}
|