Update ldap/asn1/... files with current tinyldap

author: Simon Rettberg 2017-04-21 16:31:06 +0200
committer: Simon Rettberg 2017-04-21 16:31:06 +0200
commit: b61176f17b59a94750dff1f959231dadc4e6078a (patch)
tree: 88ee419323ba332a1dd06c5aa801c87f59b36bb3 /scan_certificate.c
parent: ldadp.h: Add missing SearchRequestReference opcode (diff)
download: ldadp-b61176f17b59a94750dff1f959231dadc4e6078a.tar.gz
ldadp-b61176f17b59a94750dff1f959231dadc4e6078a.tar.xz
ldadp-b61176f17b59a94750dff1f959231dadc4e6078a.zip
1 files changed, 69 insertions, 14 deletions
diff --git a/scan_certificate.c b/scan_certificate.c
index 4fb1b44..4cffcf7 100644
--- a/scan_certificate.c
+++ b/scan_certificate.c
@@ -33,8 +33,7 @@ struct rsaprivatekey {
 };
 
 struct dsaprivatekey {
-}
-
+};
 
 void printasn1(const char* buf,const char* max);
 
@@ -175,8 +174,8 @@ size_t scan_certificate(const char* cert, size_t l, struct x509cert* C, char** f
     unsigned long tagforversion;	// must be 0
     unsigned long version;
     struct string oidalg,algparams,pubkeyalg,extensions,oidsig,sigrest,sigdata;
-    size_t i;
-    if (scan_asn1generic(cert,cert+l,"{{ci]i{o!}{!}{uu}{!}{!}!}{o!}b}",
+    size_t n,i;
+    if ((n=scan_asn1generic(cert,cert+l,"{{ci]i{o!}{!}{uu}{!}{!}!}{o!}b}",
 			 &tagforversion,
 			 &version,
 			 &C->serial,
@@ -186,7 +185,7 @@ size_t scan_certificate(const char* cert, size_t l, struct x509cert* C, char** f
 			 &C->subject,
 			 &pubkeyalg,
 			 &extensions,
-			 &oidsig, &sigrest, &sigdata)) {
+			 &oidsig, &sigrest, &sigdata))) {
 
       if (version==0)
 	printf("X.509 certificate\n");
@@ -274,20 +273,22 @@ size_t scan_certificate(const char* cert, size_t l, struct x509cert* C, char** f
 		    printf("public exponent %lu\n",publicExponent[1]);
 		  else
 		    printf("public exponent is larger than a word?!\n");
-		  printf("modulus: ");
+		  printf("modulus:\n  ");
 		  for (i=1; i<=modulus[0]; ++i) {
 		    size_t j,k;
 		    for (j=0, k=modulus[i]; j<sizeof(modulus[0]); ++j) {
-		      printf("%02lx:",(k>>((sizeof(modulus[0])*8)-(j+1)*8))&0xff);
+		      printf("%02lx%s",(k>>((sizeof(modulus[0])*8)-(j+1)*8))&0xff,i==modulus[0] && j==sizeof(modulus[0])-1?"":":");
 		    }
-		    if ((i-1)%4==3 || i==modulus[0]) printf("\n");
+		    if ((i-1)%4==3)
+		      if (i==modulus[0])
+			printf("\n");
+		      else
+			printf("\n  ");
 		  }
 		} else
 		  printf("bignum scanning failed!\n");
 	      }
 	      free(modulus); free(publicExponent);
-	      /* for RSA, bits is actually another sequence with two integers, modulus and publicExponent */
-	      printf("pubkeyparams len %lu, bits len %lu\n",pubkeyparams.l,bits.l);
 	    }
 	  } else {
 	    unsigned long temp[100];
@@ -302,13 +303,63 @@ size_t scan_certificate(const char* cert, size_t l, struct x509cert* C, char** f
 
 	} else
 	  printf("could not parse public key part!\n");
+
+	// parse x.509v3 extensions
+	if (version!=2 && extensions.l) {
+	  printf("Not X.509v3 but extensions present!?\n");
+	} else if (extensions.l) {
+	  const char* c=extensions.s;
+	  const char* max=extensions.s+extensions.l;
+	  struct string extoid,extval;
+	  unsigned long noextensions;
+	  if (c!=max) {
+	    size_t n=scan_asn1generic(c,max,"c{!}}!",&noextensions,&extensions,&extval);
+	    if (n==0 || extval.l>0) {
+	      printf("failed to parse X.509v3 extensions!\n");
+	      c=max;
+	    } else {
+	      c=extensions.s;
+	      max=extensions.s+extensions.l;
+	    }
+	  }
+	  while (c<max) {
+	    size_t n=scan_asn1generic(c,max,"{os}",&extoid,&extval);
+	    if (n) {
+	      size_t i=lookupoid(extoid.s,extoid.l);
+	      if (i!=(size_t)-1) {
+		printf("X.509 extension %s\n",oid2string[i].name);
+	      } else {
+		unsigned long temp[100];
+		size_t len=100;
+		if (scan_asn1rawoid(extoid.s,extoid.s+extoid.l,temp,&len)) {
+		  printf("Unknown X.509v3 extension (oid ");
+		  for (i=0; i<len; ++i)
+		    printf("%lu%s",temp[i],i+1<len?".":")\n");
+		} else
+		  printf("Failed to parse X.509v3 extension OID\n");
+	      }
+	      c+=n;
+	    } else {
+	      printf("X.509v3 extension parse error!\n");
+	      printasn1(c,max);
+	      break;
+	    }
+	  }
+	}
+	/*
+			 &extensions,
+			 &oidsig, &sigrest, &sigdata))) {
+	 */
       }
 
+      return n;
+
+    } else {
+      printasn1(cert,cert+l);
+      return 0;
     }
   }
 
-//  printasn1(cert,cert+l);
-
 }
 
 #include "mmap.h"
@@ -318,7 +369,7 @@ size_t scan_certificate(const char* cert, size_t l, struct x509cert* C, char** f
 
 int main(int argc,char* argv[]) {
   char* freewhendone;
-  char* buf;
+  const char* buf;
   size_t l,n;
   struct x509cert c;
   struct rsaprivatekey k;
@@ -327,12 +378,16 @@ int main(int argc,char* argv[]) {
   if (!buf) { puts("test.pem not found"); return 1; }
 
   n=scan_certificate(buf,l,&c,&freewhendone);
+  if (!n)
+    printf("failed to parse certificate\n");
   free(freewhendone);
 
-  buf=mmap_read(argc>1?argv[1]:"privatekey.pem",&l);
+  buf=mmap_read(argc>2?argv[2]:"privatekey.pem",&l);
   if (!buf) { puts("privatekey.pem not found"); return 1; }
 
   n=scan_rsaprivatekey(buf,l,&k,&freewhendone);
+  if (!n)
+    printf("failed to parse rsa private key\n");
   free(freewhendone);
   free(k.freewhendone);
 }
author	Simon Rettberg	2017-04-21 16:31:06 +0200
committer	Simon Rettberg	2017-04-21 16:31:06 +0200
commit	b61176f17b59a94750dff1f959231dadc4e6078a (patch)
tree	88ee419323ba332a1dd06c5aa801c87f59b36bb3 /scan_certificate.c
parent	ldadp.h: Add missing SearchRequestReference opcode (diff)
download	ldadp-b61176f17b59a94750dff1f959231dadc4e6078a.tar.gz ldadp-b61176f17b59a94750dff1f959231dadc4e6078a.tar.xz ldadp-b61176f17b59a94750dff1f959231dadc4e6078a.zip