diff options
author | Simon Rettberg | 2017-04-21 16:31:06 +0200 |
---|---|---|
committer | Simon Rettberg | 2017-04-21 16:31:06 +0200 |
commit | b61176f17b59a94750dff1f959231dadc4e6078a (patch) | |
tree | 88ee419323ba332a1dd06c5aa801c87f59b36bb3 /scan_certificate.c | |
parent | ldadp.h: Add missing SearchRequestReference opcode (diff) | |
download | ldadp-b61176f17b59a94750dff1f959231dadc4e6078a.tar.gz ldadp-b61176f17b59a94750dff1f959231dadc4e6078a.tar.xz ldadp-b61176f17b59a94750dff1f959231dadc4e6078a.zip |
Update ldap/asn1/... files with current tinyldap
Diffstat (limited to 'scan_certificate.c')
-rw-r--r-- | scan_certificate.c | 83 |
1 files changed, 69 insertions, 14 deletions
diff --git a/scan_certificate.c b/scan_certificate.c index 4fb1b44..4cffcf7 100644 --- a/scan_certificate.c +++ b/scan_certificate.c @@ -33,8 +33,7 @@ struct rsaprivatekey { }; struct dsaprivatekey { -} - +}; void printasn1(const char* buf,const char* max); @@ -175,8 +174,8 @@ size_t scan_certificate(const char* cert, size_t l, struct x509cert* C, char** f unsigned long tagforversion; // must be 0 unsigned long version; struct string oidalg,algparams,pubkeyalg,extensions,oidsig,sigrest,sigdata; - size_t i; - if (scan_asn1generic(cert,cert+l,"{{ci]i{o!}{!}{uu}{!}{!}!}{o!}b}", + size_t n,i; + if ((n=scan_asn1generic(cert,cert+l,"{{ci]i{o!}{!}{uu}{!}{!}!}{o!}b}", &tagforversion, &version, &C->serial, @@ -186,7 +185,7 @@ size_t scan_certificate(const char* cert, size_t l, struct x509cert* C, char** f &C->subject, &pubkeyalg, &extensions, - &oidsig, &sigrest, &sigdata)) { + &oidsig, &sigrest, &sigdata))) { if (version==0) printf("X.509 certificate\n"); @@ -274,20 +273,22 @@ size_t scan_certificate(const char* cert, size_t l, struct x509cert* C, char** f printf("public exponent %lu\n",publicExponent[1]); else printf("public exponent is larger than a word?!\n"); - printf("modulus: "); + printf("modulus:\n "); for (i=1; i<=modulus[0]; ++i) { size_t j,k; for (j=0, k=modulus[i]; j<sizeof(modulus[0]); ++j) { - printf("%02lx:",(k>>((sizeof(modulus[0])*8)-(j+1)*8))&0xff); + printf("%02lx%s",(k>>((sizeof(modulus[0])*8)-(j+1)*8))&0xff,i==modulus[0] && j==sizeof(modulus[0])-1?"":":"); } - if ((i-1)%4==3 || i==modulus[0]) printf("\n"); + if ((i-1)%4==3) + if (i==modulus[0]) + printf("\n"); + else + printf("\n "); } } else printf("bignum scanning failed!\n"); } free(modulus); free(publicExponent); - /* for RSA, bits is actually another sequence with two integers, modulus and publicExponent */ - printf("pubkeyparams len %lu, bits len %lu\n",pubkeyparams.l,bits.l); } } else { unsigned long temp[100]; @@ -302,13 +303,63 @@ size_t scan_certificate(const char* cert, size_t l, struct x509cert* C, char** f } else printf("could not parse public key part!\n"); + + // parse x.509v3 extensions + if (version!=2 && extensions.l) { + printf("Not X.509v3 but extensions present!?\n"); + } else if (extensions.l) { + const char* c=extensions.s; + const char* max=extensions.s+extensions.l; + struct string extoid,extval; + unsigned long noextensions; + if (c!=max) { + size_t n=scan_asn1generic(c,max,"c{!}}!",&noextensions,&extensions,&extval); + if (n==0 || extval.l>0) { + printf("failed to parse X.509v3 extensions!\n"); + c=max; + } else { + c=extensions.s; + max=extensions.s+extensions.l; + } + } + while (c<max) { + size_t n=scan_asn1generic(c,max,"{os}",&extoid,&extval); + if (n) { + size_t i=lookupoid(extoid.s,extoid.l); + if (i!=(size_t)-1) { + printf("X.509 extension %s\n",oid2string[i].name); + } else { + unsigned long temp[100]; + size_t len=100; + if (scan_asn1rawoid(extoid.s,extoid.s+extoid.l,temp,&len)) { + printf("Unknown X.509v3 extension (oid "); + for (i=0; i<len; ++i) + printf("%lu%s",temp[i],i+1<len?".":")\n"); + } else + printf("Failed to parse X.509v3 extension OID\n"); + } + c+=n; + } else { + printf("X.509v3 extension parse error!\n"); + printasn1(c,max); + break; + } + } + } + /* + &extensions, + &oidsig, &sigrest, &sigdata))) { + */ } + return n; + + } else { + printasn1(cert,cert+l); + return 0; } } -// printasn1(cert,cert+l); - } #include "mmap.h" @@ -318,7 +369,7 @@ size_t scan_certificate(const char* cert, size_t l, struct x509cert* C, char** f int main(int argc,char* argv[]) { char* freewhendone; - char* buf; + const char* buf; size_t l,n; struct x509cert c; struct rsaprivatekey k; @@ -327,12 +378,16 @@ int main(int argc,char* argv[]) { if (!buf) { puts("test.pem not found"); return 1; } n=scan_certificate(buf,l,&c,&freewhendone); + if (!n) + printf("failed to parse certificate\n"); free(freewhendone); - buf=mmap_read(argc>1?argv[1]:"privatekey.pem",&l); + buf=mmap_read(argc>2?argv[2]:"privatekey.pem",&l); if (!buf) { puts("privatekey.pem not found"); return 1; } n=scan_rsaprivatekey(buf,l,&k,&freewhendone); + if (!n) + printf("failed to parse rsa private key\n"); free(freewhendone); free(k.freewhendone); } |