aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/asn1_alg.cpp36
-rw-r--r--src/asn1_alt.cpp56
-rw-r--r--src/asn1_att.cpp34
-rw-r--r--src/asn1_dn.cpp58
-rw-r--r--src/asn1_ext.cpp40
-rw-r--r--src/asn1_int.cpp20
-rw-r--r--src/asn1_ku.cpp3
-rw-r--r--src/asn1_oid.cpp16
-rw-r--r--src/asn1_str.cpp44
-rw-r--r--src/asn1_tm.cpp11
-rw-r--r--src/ber_code.cpp237
-rw-r--r--src/ber_dec.cpp211
-rw-r--r--src/crl_ent.cpp123
-rw-r--r--src/datastor.cpp13
-rw-r--r--src/der_enc.cpp168
-rw-r--r--src/dl_algo.cpp8
-rw-r--r--src/dl_group.cpp14
-rw-r--r--src/if_algo.cpp45
-rw-r--r--src/libstate.cpp4
-rw-r--r--src/pbes1.cpp25
-rw-r--r--src/pbes2.cpp39
-rw-r--r--src/pkcs10.cpp29
-rw-r--r--src/pkcs8.cpp33
-rw-r--r--src/policy.cpp1
-rw-r--r--src/prf_x942.cpp50
-rw-r--r--src/pubkey.cpp19
-rw-r--r--src/x509_ca.cpp147
-rw-r--r--src/x509_crl.cpp22
-rw-r--r--src/x509_ext.cpp335
-rw-r--r--src/x509_key.cpp19
-rw-r--r--src/x509_obj.cpp72
-rw-r--r--src/x509cert.cpp72
-rw-r--r--src/x509self.cpp29
33 files changed, 1029 insertions, 1004 deletions
diff --git a/src/asn1_alg.cpp b/src/asn1_alg.cpp
index 4dd5af88e..251c8c31f 100644
--- a/src/asn1_alg.cpp
+++ b/src/asn1_alg.cpp
@@ -4,6 +4,8 @@
*************************************************/
#include <botan/asn1_obj.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/oids.h>
namespace Botan {
@@ -23,17 +25,6 @@ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id,
oid(OIDS::lookup(alg_id)), parameters(param) { }
/*************************************************
-* DER encode an AlgorithmIdentifier *
-*************************************************/
-void AlgorithmIdentifier::encode_into(DER_Encoder& der) const
- {
- der.start_sequence()
- .encode(oid)
- .add_raw_octets(parameters)
- .end_sequence();
- }
-
-/*************************************************
* Compare two AlgorithmIdentifiers *
*************************************************/
bool operator==(const AlgorithmIdentifier& a1, const AlgorithmIdentifier& a2)
@@ -53,19 +44,26 @@ bool operator!=(const AlgorithmIdentifier& a1, const AlgorithmIdentifier& a2)
return !(a1 == a2);
}
-namespace BER {
+/*************************************************
+* DER encode an AlgorithmIdentifier *
+*************************************************/
+void AlgorithmIdentifier::encode_into(DER_Encoder& codec) const
+ {
+ codec.start_cons(SEQUENCE)
+ .encode(oid)
+ .raw_bytes(parameters)
+ .end_cons();
+ }
/*************************************************
* Decode a BER encoded AlgorithmIdentifier *
*************************************************/
-void decode(BER_Decoder& source, AlgorithmIdentifier& alg_id)
+void AlgorithmIdentifier::decode_from(BER_Decoder& codec)
{
- BER_Decoder sequence = BER::get_subsequence(source);
- BER::decode(sequence, alg_id.oid);
- alg_id.parameters = sequence.get_remaining();
- sequence.verify_end();
+ codec.start_cons(SEQUENCE)
+ .decode(oid)
+ .raw_bytes(parameters)
+ .end_cons();
}
}
-
-}
diff --git a/src/asn1_alt.cpp b/src/asn1_alt.cpp
index 930f9d3a9..2bc6f01db 100644
--- a/src/asn1_alt.cpp
+++ b/src/asn1_alt.cpp
@@ -4,6 +4,9 @@
*************************************************/
#include <botan/asn1_obj.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+#include <botan/oids.h>
#include <botan/stl_util.h>
#include <botan/charset.h>
@@ -67,6 +70,24 @@ std::multimap<OID, ASN1_String> AlternativeName::get_othernames() const
}
/*************************************************
+* Return all of the alternative names *
+*************************************************/
+std::multimap<std::string, std::string> AlternativeName::contents() const
+ {
+ std::multimap<std::string, std::string> names;
+
+ typedef std::multimap<std::string, std::string>::const_iterator rdn_iter;
+ for(rdn_iter j = alt_info.begin(); j != alt_info.end(); ++j)
+ multimap_insert(names, j->first, j->second);
+
+ typedef std::multimap<OID, ASN1_String>::const_iterator on_iter;
+ for(on_iter j = othernames.begin(); j != othernames.end(); ++j)
+ multimap_insert(names, OIDS::lookup(j->first), j->second.value());
+
+ return names;
+ }
+
+/*************************************************
* Return if this object has anything useful *
*************************************************/
bool AlternativeName::has_items() const
@@ -89,7 +110,7 @@ void encode_entries(DER_Encoder& encoder,
for(iter j = range.first; j != range.second; ++j)
{
ASN1_String asn1_string(j->second, IA5_STRING);
- DER::encode(encoder, asn1_string, tagging, CONTEXT_SPECIFIC);
+ encoder.add_object(tagging, CONTEXT_SPECIFIC, asn1_string.iso_8859());
}
}
@@ -100,7 +121,7 @@ void encode_entries(DER_Encoder& encoder,
*************************************************/
void AlternativeName::encode_into(DER_Encoder& der) const
{
- der.start_sequence();
+ der.start_cons(SEQUENCE);
encode_entries(der, alt_info, "RFC822", ASN1_Tag(1));
encode_entries(der, alt_info, "DNS", ASN1_Tag(2));
@@ -109,25 +130,24 @@ void AlternativeName::encode_into(DER_Encoder& der) const
std::multimap<OID, ASN1_String>::const_iterator i;
for(i = othernames.begin(); i != othernames.end(); ++i)
{
- der.start_explicit(ASN1_Tag(0))
+ der.start_explicit(0)
.encode(i->first)
- .start_explicit(ASN1_Tag(0))
+ .start_explicit(0)
.encode(i->second)
- .end_explicit(ASN1_Tag(0))
- .end_explicit(ASN1_Tag(0));
+ .end_explicit()
+ .end_explicit();
}
- der.end_sequence();
+ der.end_cons();
}
-namespace BER {
-
/*************************************************
* Decode a BER encoded AlternativeName *
*************************************************/
-void decode(BER_Decoder& source, AlternativeName& alt_name)
+void AlternativeName::decode_from(BER_Decoder& source)
{
- BER_Decoder names = BER::get_subsequence(source);
+ BER_Decoder names = source.start_cons(SEQUENCE);
+
while(names.more_items())
{
BER_Object obj = names.get_next_object();
@@ -142,7 +162,7 @@ void decode(BER_Decoder& source, AlternativeName& alt_name)
BER_Decoder othername(obj.value);
OID oid;
- BER::decode(othername, oid);
+ othername.decode(oid);
if(othername.more_items())
{
BER_Object othername_value_outer = othername.get_next_object();
@@ -162,21 +182,19 @@ void decode(BER_Decoder& source, AlternativeName& alt_name)
ASN1_Tag value_type = value.type_tag;
if(is_string_type(value_type) && value.class_tag == UNIVERSAL)
- alt_name.add_othername(oid, BER::to_string(value), value_type);
+ add_othername(oid, ASN1::to_string(value), value_type);
}
}
else if(tag == 1 || tag == 2 || tag == 6)
{
- const std::string value = iso2local(BER::to_string(obj));
+ const std::string value = iso2local(ASN1::to_string(obj));
- if(tag == 1) alt_name.add_attribute("RFC822", value);
- if(tag == 2) alt_name.add_attribute("DNS", value);
- if(tag == 6) alt_name.add_attribute("URI", value);
+ if(tag == 1) add_attribute("RFC822", value);
+ if(tag == 2) add_attribute("DNS", value);
+ if(tag == 6) add_attribute("URI", value);
}
}
}
}
-
-}
diff --git a/src/asn1_att.cpp b/src/asn1_att.cpp
index 58ed761b4..8216054b3 100644
--- a/src/asn1_att.cpp
+++ b/src/asn1_att.cpp
@@ -4,6 +4,8 @@
*************************************************/
#include <botan/asn1_obj.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/oids.h>
namespace Botan {
@@ -30,33 +32,27 @@ Attribute::Attribute(const std::string& attr_oid,
/*************************************************
* DER encode a Attribute *
*************************************************/
-void Attribute::encode_into(DER_Encoder& der) const
+void Attribute::encode_into(DER_Encoder& codec) const
{
- der.start_sequence()
+ codec.start_cons(SEQUENCE)
.encode(oid)
- .start_set()
- .add_raw_octets(parameters)
- .end_set()
- .end_sequence();
+ .start_cons(SET)
+ .raw_bytes(parameters)
+ .end_cons()
+ .end_cons();
}
-namespace BER {
-
/*************************************************
* Decode a BER encoded Attribute *
*************************************************/
-void decode(BER_Decoder& source, Attribute& attr)
+void Attribute::decode_from(BER_Decoder& codec)
{
- BER_Decoder decoder = BER::get_subsequence(source);
- BER::decode(decoder, attr.oid);
-
- BER_Decoder attributes = BER::get_subset(decoder);
- attr.parameters = attributes.get_remaining();
- attributes.verify_end();
-
- decoder.verify_end();
+ codec.start_cons(SEQUENCE)
+ .decode(oid)
+ .start_cons(SET)
+ .raw_bytes(parameters)
+ .end_cons()
+ .end_cons();
}
}
-
-}
diff --git a/src/asn1_dn.cpp b/src/asn1_dn.cpp
index 22ce980f6..4d33db38b 100644
--- a/src/asn1_dn.cpp
+++ b/src/asn1_dn.cpp
@@ -4,6 +4,8 @@
*************************************************/
#include <botan/asn1_obj.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/parsing.h>
#include <botan/stl_util.h>
#include <botan/oids.h>
@@ -80,6 +82,19 @@ std::multimap<OID, std::string> X509_DN::get_attributes() const
}
/*************************************************
+* Get the contents of this X.500 Name *
+*************************************************/
+std::multimap<std::string, std::string> X509_DN::contents() const
+ {
+ typedef std::multimap<OID, ASN1_String>::const_iterator rdn_iter;
+
+ std::multimap<std::string, std::string> retval;
+ for(rdn_iter j = dn_info.begin(); j != dn_info.end(); ++j)
+ multimap_insert(retval, OIDS::lookup(j->first), j->second.value());
+ return retval;
+ }
+
+/*************************************************
* Get a single attribute type *
*************************************************/
std::vector<std::string> X509_DN::get_attribute(const std::string& attr) const
@@ -104,16 +119,18 @@ void X509_DN::do_decode(const MemoryRegion<byte>& bits)
while(sequence.more_items())
{
- BER_Decoder rdn = BER::get_subset(sequence);
+ BER_Decoder rdn = sequence.start_cons(SET);
+
while(rdn.more_items())
{
OID oid;
ASN1_String str;
- BER_Decoder ava = BER::get_subsequence(rdn);
- BER::decode(ava, oid);
- BER::decode(ava, str);
- ava.verify_end();
+ rdn.start_cons(SEQUENCE)
+ .decode(oid)
+ .decode(str)
+ .verify_end()
+ .end_cons();
add_attribute(oid, str.value());
}
@@ -231,12 +248,12 @@ void do_ava(DER_Encoder& encoder,
for(rdn_iter j = range.first; j != range.second; ++j)
{
- encoder.start_set()
- .start_sequence()
+ encoder.start_cons(SET)
+ .start_cons(SEQUENCE)
.encode(oid)
.encode(ASN1_String(j->second, string_type))
- .end_sequence()
- .end_set();
+ .end_cons()
+ .end_cons();
}
}
@@ -249,10 +266,10 @@ void X509_DN::encode_into(DER_Encoder& der) const
{
std::multimap<OID, std::string> dn_info = get_attributes();
- der.start_sequence();
+ der.start_cons(SEQUENCE);
if(dn_bits.has_items())
- der.add_raw_octets(dn_bits);
+ der.raw_bytes(dn_bits);
else
{
do_ava(der, dn_info, PRINTABLE_STRING, "X520.Country", true);
@@ -264,22 +281,21 @@ void X509_DN::encode_into(DER_Encoder& der) const
do_ava(der, dn_info, PRINTABLE_STRING, "X520.SerialNumber");
}
- der.end_sequence();
+ der.end_cons();
}
-namespace BER {
-
/*************************************************
* Decode a BER encoded DistinguishedName *
*************************************************/
-void decode(BER_Decoder& source, X509_DN& dn)
+void X509_DN::decode_from(BER_Decoder& source)
{
- dn = X509_DN();
- BER_Decoder sequence = BER::get_subsequence(source);
- SecureVector<byte> bits = sequence.get_remaining();
- dn.do_decode(bits);
- }
+ dn_info.clear();
-}
+ source.start_cons(SEQUENCE)
+ .raw_bytes(dn_bits)
+ .end_cons();
+
+ do_decode(dn_bits);
+ }
}
diff --git a/src/asn1_ext.cpp b/src/asn1_ext.cpp
index 44deeaf8a..557e7712c 100644
--- a/src/asn1_ext.cpp
+++ b/src/asn1_ext.cpp
@@ -4,6 +4,8 @@
*************************************************/
#include <botan/asn1_obj.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/oids.h>
namespace Botan {
@@ -32,39 +34,25 @@ Extension::Extension(const std::string& extn_oid,
/*************************************************
* DER encode a Extension *
*************************************************/
-void Extension::encode_into(DER_Encoder& der) const
+void Extension::encode_into(DER_Encoder& codec) const
{
- der.start_sequence();
- der.encode(oid);
- if(critical)
- der.encode(true);
- // der.encode_with_default(critical, false);
- der.encode(value, OCTET_STRING);
- der.end_sequence();
+ codec.start_cons(SEQUENCE)
+ .encode(oid)
+ .encode_optional(critical, false)
+ .encode(value, OCTET_STRING)
+ .end_cons();
}
-namespace BER {
-
/*************************************************
* Decode a BER encoded Extension *
*************************************************/
-void decode(BER_Decoder& ber, Extension& extn)
+void Extension::decode_from(BER_Decoder& codec)
{
-#if 1
- BER_Decoder extension = BER::get_subsequence(ber);
- BER::decode(extension, extn.oid);
- BER::decode_optional(extension, extn.critical, BOOLEAN, UNIVERSAL, false);
- extension.decode(extn.value, OCTET_STRING);
- extension.verify_end();
-#else
- ber.start_subsequence()
- .decode(extn.oid)
- .decode_optional(extn.critical, BOOLEAN, UNIVERSAL, false)
- .decode(extn.value, OCTET_STRING)
- .end_subsequence();
-#endif
+ codec.start_cons(SEQUENCE)
+ .decode(oid)
+ .decode_optional(critical, BOOLEAN, UNIVERSAL, false)
+ .decode(value, OCTET_STRING)
+ .end_cons();
}
}
-
-}
diff --git a/src/asn1_int.cpp b/src/asn1_int.cpp
index 324187eff..042712df1 100644
--- a/src/asn1_int.cpp
+++ b/src/asn1_int.cpp
@@ -5,6 +5,7 @@
#include <botan/asn1_int.h>
#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/data_src.h>
#include <botan/parsing.h>
@@ -30,11 +31,20 @@ namespace ASN1 {
*************************************************/
SecureVector<byte> put_in_sequence(const MemoryRegion<byte>& contents)
{
- DER_Encoder encoder;
- encoder.start_sequence();
- encoder.add_raw_octets(contents);
- encoder.end_sequence();
- return encoder.get_contents();
+ return DER_Encoder()
+ .start_cons(SEQUENCE)
+ .raw_bytes(contents)
+ .end_cons()
+ .get_contents();
+ }
+
+/*************************************************
+* Convert a BER object into a string object *
+*************************************************/
+std::string to_string(const BER_Object& obj)
+ {
+ std::string str((const char*)obj.value.begin(), obj.value.size());
+ return str;
}
/*************************************************
diff --git a/src/asn1_ku.cpp b/src/asn1_ku.cpp
index 626074e7c..c5bb3ce4d 100644
--- a/src/asn1_ku.cpp
+++ b/src/asn1_ku.cpp
@@ -4,7 +4,8 @@
*************************************************/
#include <botan/asn1_obj.h>
-#include <botan/asn1_int.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/bit_ops.h>
namespace Botan {
diff --git a/src/asn1_oid.cpp b/src/asn1_oid.cpp
index 413beedcf..3115c2be5 100644
--- a/src/asn1_oid.cpp
+++ b/src/asn1_oid.cpp
@@ -4,7 +4,6 @@
*************************************************/
#include <botan/asn1_oid.h>
-#include <botan/asn1_int.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
#include <botan/bit_ops.h>
@@ -140,12 +139,10 @@ void OID::encode_into(DER_Encoder& der) const
der.add_object(OBJECT_ID, UNIVERSAL, encoding);
}
-namespace BER {
-
/*************************************************
* Decode a BER encoded OBJECT IDENTIFIER *
*************************************************/
-void decode(BER_Decoder& decoder, OID& oid)
+void OID::decode_from(BER_Decoder& decoder)
{
BER_Object obj = decoder.get_next_object();
if(obj.type_tag != OBJECT_ID || obj.class_tag != UNIVERSAL)
@@ -154,9 +151,10 @@ void decode(BER_Decoder& decoder, OID& oid)
if(obj.value.size() < 2)
throw BER_Decoding_Error("OID encoding is too short");
- oid.clear();
- oid += (obj.value[0] / 40);
- oid += (obj.value[0] % 40);
+
+ clear();
+ id.push_back(obj.value[0] / 40);
+ id.push_back(obj.value[0] % 40);
u32bit j = 0;
while(j != obj.value.size() - 1)
@@ -169,10 +167,8 @@ void decode(BER_Decoder& decoder, OID& oid)
if(!(obj.value[j] & 0x80))
break;
}
- oid += component;
+ id.push_back(component);
}
}
}
-
-}
diff --git a/src/asn1_str.cpp b/src/asn1_str.cpp
index ced252b49..f3c8584ed 100644
--- a/src/asn1_str.cpp
+++ b/src/asn1_str.cpp
@@ -4,7 +4,6 @@
*************************************************/
#include <botan/asn1_obj.h>
-#include <botan/asn1_int.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
#include <botan/charset.h>
@@ -133,29 +132,12 @@ void ASN1_String::encode_into(DER_Encoder& encoder) const
encoder.add_object(tagging(), UNIVERSAL, value);
}
-namespace DER {
-
-/*************************************************
-* DER encode an ASN1_String *
-*************************************************/
-void encode(DER_Encoder& encoder, const ASN1_String& string,
- ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- if(string.tagging() == UTF8_STRING)
- encoder.add_object(type_tag, class_tag, iso2utf(string.iso_8859()));
- else
- encoder.add_object(type_tag, class_tag, string.iso_8859());
- }
-
-}
-
-namespace BER {
-
namespace {
/*************************************************
* Do any UTF-8/Unicode decoding needed *
*************************************************/
+// FIXME: inline this
std::string convert_string(BER_Object obj, ASN1_Tag type)
{
if(type == BMP_STRING)
@@ -177,9 +159,9 @@ std::string convert_string(BER_Object obj, ASN1_Tag type)
return iso2local(value);
}
else if(type == UTF8_STRING)
- return iso2local(utf2iso(BER::to_string(obj)));
+ return iso2local(utf2iso(ASN1::to_string(obj)));
else
- return iso2local(BER::to_string(obj));
+ return iso2local(ASN1::to_string(obj));
}
}
@@ -187,25 +169,11 @@ std::string convert_string(BER_Object obj, ASN1_Tag type)
/*************************************************
* Decode a BER encoded ASN1_String *
*************************************************/
-void decode(BER_Decoder& source, ASN1_String& string,
- ASN1_Tag expected_tag, ASN1_Tag real_tag)
+void ASN1_String::decode_from(BER_Decoder& source)
{
BER_Object obj = source.get_next_object();
- if(obj.type_tag != expected_tag)
- throw BER_Bad_Tag("Unexpected string tag", obj.type_tag);
-
- string = ASN1_String(convert_string(obj, real_tag), real_tag);
- }
-
-/*************************************************
-* Decode a BER encoded ASN1_String *
-*************************************************/
-void decode(BER_Decoder& source, ASN1_String& string)
- {
- BER_Object obj = source.get_next_object();
- string = ASN1_String(convert_string(obj, obj.type_tag), obj.type_tag);
+ // FIXME, don't like this at all...
+ *this = ASN1_String(convert_string(obj, obj.type_tag), obj.type_tag);
}
}
-
-}
diff --git a/src/asn1_tm.cpp b/src/asn1_tm.cpp
index af4eaa1b4..1b9f6bdba 100644
--- a/src/asn1_tm.cpp
+++ b/src/asn1_tm.cpp
@@ -4,6 +4,8 @@
*************************************************/
#include <botan/asn1_obj.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/charset.h>
#include <botan/parsing.h>
#include <botan/conf.h>
@@ -282,17 +284,14 @@ s32bit validity_check(const X509_Time& start, const X509_Time& end,
return VALID_TIME;
}
-namespace BER {
-
/*************************************************
* Decode a BER encoded X509_Time *
*************************************************/
-void decode(BER_Decoder& source, X509_Time& time)
+void X509_Time::decode_from(BER_Decoder& source)
{
BER_Object ber_time = source.get_next_object();
- time = X509_Time(iso2local(BER::to_string(ber_time)), ber_time.type_tag);
+ // FIXME - should have a set
+ *this = X509_Time(iso2local(ASN1::to_string(ber_time)), ber_time.type_tag);
}
}
-
-}
diff --git a/src/ber_code.cpp b/src/ber_code.cpp
deleted file mode 100644
index 43ec17207..000000000
--- a/src/ber_code.cpp
+++ /dev/null
@@ -1,237 +0,0 @@
-/*************************************************
-* BER Decoding Source File *
-* (C) 1999-2006 The Botan Project *
-*************************************************/
-
-#include <botan/ber_dec.h>
-#include <botan/asn1_int.h>
-#include <botan/parsing.h>
-#include <botan/bigint.h>
-
-#include <assert.h>
-
-namespace Botan {
-
-namespace {
-
-/*************************************************
-* Check an object's type and size *
-*************************************************/
-void check_object(const BER_Object& obj,
- ASN1_Tag type_tag, ASN1_Tag class_tag,
- u32bit length = 0, bool check_length = false)
- {
- if(obj.type_tag != type_tag || obj.class_tag != class_tag)
- throw BER_Decoding_Error("Tag mismatch when decoding");
- if(check_length && obj.value.size() != length)
- throw BER_Decoding_Error("Incorrect size for type");
- }
-
-}
-
-/*************************************************
-* Decode a BER encoded NULL *
-*************************************************/
-BER_Decoder& BER_Decoder::decode_null()
- {
- check_object(get_next_object(), NULL_TAG, UNIVERSAL, 0, true);
- return (*this);
- }
-
-/*************************************************
-* Decode a BER encoded BOOLEAN *
-*************************************************/
-BER_Decoder& BER_Decoder::decode(bool& out)
- {
- return decode(out, BOOLEAN, UNIVERSAL);
- }
-
-/*************************************************
-* Decode a small BER encoded INTEGER *
-*************************************************/
-BER_Decoder& BER_Decoder::decode(u32bit& out)
- {
- return decode(out, INTEGER, UNIVERSAL);
- }
-
-/*************************************************
-* Decode a BER encoded INTEGER *
-*************************************************/
-BER_Decoder& BER_Decoder::decode(BigInt& out)
- {
- return decode(out, INTEGER, UNIVERSAL);
- }
-
-/*************************************************
-* Decode a BER encoded BOOLEAN *
-*************************************************/
-BER_Decoder& BER_Decoder::decode(bool& out,
- ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- BER_Object obj = get_next_object();
- check_object(obj, type_tag, class_tag, 1, true);
- out = (obj.value[0]) ? true : false;
- return (*this);
- }
-
-/*************************************************
-* Decode a small BER encoded INTEGER *
-*************************************************/
-BER_Decoder& BER_Decoder::decode(u32bit& out,
- ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- BigInt integer;
- decode(integer, type_tag, class_tag);
- out = integer.to_u32bit();
- return (*this);
- }
-
-/*************************************************
-* Decode a BER encoded INTEGER *
-*************************************************/
-BER_Decoder& BER_Decoder::decode(BigInt& out,
- ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- BER_Object obj = get_next_object();
- check_object(obj, type_tag, class_tag);
-
- if(obj.value.is_empty())
- out = 0;
- else
- {
- const bool negative = (obj.value[0] & 0x80) ? true : false;
-
- if(negative)
- {
- for(u32bit j = obj.value.size(); j > 0; --j)
- if(obj.value[j-1]--)
- break;
- for(u32bit j = 0; j != obj.value.size(); ++j)
- obj.value[j] = ~obj.value[j];
- }
-
- out = BigInt(obj.value, obj.value.size());
-
- if(negative)
- out.flip_sign();
- }
-
- return (*this);
- }
-
-/*************************************************
-* BER decode a BIT STRING or OCTET STRING *
-*************************************************/
-BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& out, ASN1_Tag real_type)
- {
- return decode(out, real_type, real_type, UNIVERSAL);
- }
-
-/*************************************************
-* BER decode a BIT STRING or OCTET STRING *
-*************************************************/
-BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& buffer,
- ASN1_Tag real_type,
- ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- if(real_type != OCTET_STRING && real_type != BIT_STRING)
- throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type);
-
- BER_Object obj = get_next_object();
- check_object(obj, type_tag, class_tag);
-
- if(real_type == OCTET_STRING)
- buffer = obj.value;
- else
- {
- if(obj.value[0] >= 8)
- throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
- buffer.set(obj.value + 1, obj.value.size() - 1);
- }
- return (*this);
- }
-
-namespace BER {
-
-/*************************************************
-* Decode and return a BER encoded SEQUENCE *
-*************************************************/
-BER_Decoder get_subsequence(BER_Decoder& decoder)
- {
- return get_subsequence(decoder, SEQUENCE, CONSTRUCTED);
- }
-
-/*************************************************
-* Decode and return a BER encoded SET *
-*************************************************/
-BER_Decoder get_subset(BER_Decoder& decoder)
- {
- return get_subset(decoder, SET, CONSTRUCTED);
- }
-
-/*************************************************
-* Decode and return a BER encoded SEQUENCE *
-*************************************************/
-BER_Decoder get_subsequence(BER_Decoder& decoder,
- ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- BER_Object obj = decoder.get_next_object();
- check_object(obj, type_tag, ASN1_Tag(class_tag | CONSTRUCTED));
- return BER_Decoder(obj.value, obj.value.size());
- }
-
-/*************************************************
-* Decode and return a BER encoded SET *
-*************************************************/
-BER_Decoder get_subset(BER_Decoder& decoder,
- ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- BER_Object obj = decoder.get_next_object();
- check_object(obj, type_tag, ASN1_Tag(class_tag | CONSTRUCTED));
- return BER_Decoder(obj.value, obj.value.size());
- }
-
-/*************************************************
-* Convert a BER object into a string object *
-*************************************************/
-std::string to_string(const BER_Object& obj)
- {
- std::string str((const char*)obj.value.begin(), obj.value.size());
- return str;
- }
-
-/*************************************************
-* Decode an OPTIONAL string type *
-*************************************************/
-bool decode_optional_string(BER_Decoder& in, MemoryRegion<byte>& out,
- ASN1_Tag real_type,
- ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- BER_Object obj = in.get_next_object();
-
- if(obj.type_tag == type_tag && obj.class_tag == class_tag)
- {
- if(class_tag & CONSTRUCTED)
- {
- BER_Decoder stored_value(obj.value);
- stored_value.decode(out, real_type);
- stored_value.verify_end();
- }
- else
- {
- in.push_back(obj);
- in.decode(out, real_type, type_tag, class_tag);
- }
- return true;
- }
- else
- {
- out.clear();
- in.push_back(obj);
- return false;
- }
- }
-
-}
-
-}
diff --git a/src/ber_dec.cpp b/src/ber_dec.cpp
index f9550fc83..51bc8f989 100644
--- a/src/ber_dec.cpp
+++ b/src/ber_dec.cpp
@@ -4,7 +4,7 @@
*************************************************/
#include <botan/ber_dec.h>
-#include <botan/asn1_int.h>
+#include <botan/bigint.h>
#include <botan/bit_ops.h>
namespace Botan {
@@ -133,6 +133,15 @@ u32bit find_eoc(DataSource* ber)
}
/*************************************************
+* Check a type invariant on BER data *
+*************************************************/
+void BER_Object::assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ if(this->type_tag != type_tag || this->class_tag != class_tag)
+ throw BER_Decoding_Error("Tag mismatch when decoding");
+ }
+
+/*************************************************
* Check if more objects are there *
*************************************************/
bool BER_Decoder::more_items() const
@@ -145,32 +154,34 @@ bool BER_Decoder::more_items() const
/*************************************************
* Verify that no bytes remain in the source *
*************************************************/
-void BER_Decoder::verify_end() const
+BER_Decoder& BER_Decoder::verify_end()
{
if(!source->end_of_data() || (pushed.type_tag != NO_OBJECT))
throw Invalid_State("BER_Decoder::verify_end called, but data remains");
+ return (*this);
}
/*************************************************
-* Return all the bytes remaining in the source *
+* Save all the bytes remaining in the source *
*************************************************/
-SecureVector<byte> BER_Decoder::get_remaining()
+BER_Decoder& BER_Decoder::raw_bytes(MemoryRegion<byte>& out)
{
- SecureVector<byte> out;
+ out.destroy();
byte buf;
while(source->read_byte(buf))
out.append(buf);
- return out;
+ return (*this);
}
/*************************************************
* Discard all the bytes remaining in the source *
*************************************************/
-void BER_Decoder::discard_remaining()
+BER_Decoder& BER_Decoder::discard_remaining()
{
byte buf;
while(source->read_byte(buf))
;
+ return (*this);
}
/*************************************************
@@ -213,6 +224,30 @@ void BER_Decoder::push_back(const BER_Object& obj)
}
/*************************************************
+* Begin decoding a CONSTRUCTED type *
+*************************************************/
+BER_Decoder BER_Decoder::start_cons(ASN1_Tag type_tag)
+ {
+ BER_Object obj = get_next_object();
+ obj.assert_is_a(type_tag, CONSTRUCTED);
+ BER_Decoder result(obj.value, obj.value.size());
+ result.parent = this;
+ return result;
+ }
+
+/*************************************************
+* Finish decoding a CONSTRUCTED type *
+*************************************************/
+BER_Decoder& BER_Decoder::end_cons()
+ {
+ if(!parent)
+ throw Invalid_State("BER_Decoder::end_cons called with NULL parent");
+ if(!source->end_of_data())
+ throw Decoding_Error("BER_Decoder::end_cons called with data left");
+ return (*parent);
+ }
+
+/*************************************************
* BER_Decoder Constructor *
*************************************************/
BER_Decoder::BER_Decoder(DataSource& src)
@@ -220,6 +255,7 @@ BER_Decoder::BER_Decoder(DataSource& src)
source = &src;
owns = false;
pushed.type_tag = pushed.class_tag = NO_OBJECT;
+ parent = 0;
}
/*************************************************
@@ -230,6 +266,7 @@ BER_Decoder::BER_Decoder(const byte data[], u32bit length)
source = new DataSource_Memory(data, length);
owns = true;
pushed.type_tag = pushed.class_tag = NO_OBJECT;
+ parent = 0;
}
/*************************************************
@@ -240,6 +277,7 @@ BER_Decoder::BER_Decoder(const MemoryRegion<byte>& data)
source = new DataSource_Memory(data);
owns = true;
pushed.type_tag = pushed.class_tag = NO_OBJECT;
+ parent = 0;
}
/*************************************************
@@ -255,6 +293,7 @@ BER_Decoder::BER_Decoder(const BER_Decoder& other)
owns = true;
}
pushed.type_tag = pushed.class_tag = NO_OBJECT;
+ parent = 0;
}
/*************************************************
@@ -267,4 +306,162 @@ BER_Decoder::~BER_Decoder()
source = 0;
}
+/*************************************************
+* Request for an object to decode itself *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(ASN1_Object& obj)
+ {
+ obj.decode_from(*this);
+ return (*this);
+ }
+
+/*************************************************
+* Decode a BER encoded NULL *
+*************************************************/
+BER_Decoder& BER_Decoder::decode_null()
+ {
+ BER_Object obj = get_next_object();
+ obj.assert_is_a(NULL_TAG, UNIVERSAL);
+ if(obj.value.size())
+ throw BER_Decoding_Error("NULL object had nonzero size");
+ return (*this);
+ }
+
+/*************************************************
+* Decode a BER encoded BOOLEAN *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(bool& out)
+ {
+ return decode(out, BOOLEAN, UNIVERSAL);
+ }
+
+/*************************************************
+* Decode a small BER encoded INTEGER *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(u32bit& out)
+ {
+ return decode(out, INTEGER, UNIVERSAL);
+ }
+
+/*************************************************
+* Decode a BER encoded INTEGER *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(BigInt& out)
+ {
+ return decode(out, INTEGER, UNIVERSAL);
+ }
+
+/*************************************************
+* Decode a BER encoded BOOLEAN *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(bool& out,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ BER_Object obj = get_next_object();
+ obj.assert_is_a(type_tag, class_tag);
+
+ if(obj.value.size() != 1)
+ throw BER_Decoding_Error("BER boolean value had invalid size");
+
+ out = (obj.value[0]) ? true : false;
+ return (*this);
+ }
+
+/*************************************************
+* Decode a small BER encoded INTEGER *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(u32bit& out,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ BigInt integer;
+ decode(integer, type_tag, class_tag);
+ out = integer.to_u32bit();
+ return (*this);
+ }
+
+/*************************************************
+* Decode a BER encoded INTEGER *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(BigInt& out,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ BER_Object obj = get_next_object();
+ obj.assert_is_a(type_tag, class_tag);
+
+ if(obj.value.is_empty())
+ out = 0;
+ else
+ {
+ const bool negative = (obj.value[0] & 0x80) ? true : false;
+
+ if(negative)
+ {
+ for(u32bit j = obj.value.size(); j > 0; --j)
+ if(obj.value[j-1]--)
+ break;
+ for(u32bit j = 0; j != obj.value.size(); ++j)
+ obj.value[j] = ~obj.value[j];
+ }
+
+ out = BigInt(obj.value, obj.value.size());
+
+ if(negative)
+ out.flip_sign();
+ }
+
+ return (*this);
+ }
+
+/*************************************************
+* BER decode a BIT STRING or OCTET STRING *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& out, ASN1_Tag real_type)
+ {
+ return decode(out, real_type, real_type, UNIVERSAL);
+ }
+
+/*************************************************
+* BER decode a BIT STRING or OCTET STRING *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& buffer,
+ ASN1_Tag real_type,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ if(real_type != OCTET_STRING && real_type != BIT_STRING)
+ throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type);
+
+ BER_Object obj = get_next_object();
+ obj.assert_is_a(type_tag, class_tag);
+
+ if(real_type == OCTET_STRING)
+ buffer = obj.value;
+ else
+ {
+ if(obj.value[0] >= 8)
+ throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
+ buffer.set(obj.value + 1, obj.value.size() - 1);
+ }
+ return (*this);
+ }
+
+/*************************************************
+* Decode an OPTIONAL string type *
+*************************************************/
+BER_Decoder& BER_Decoder::decode_optional_string(MemoryRegion<byte>& out,
+ ASN1_Tag real_type,
+ u16bit type_no)
+ {
+ BER_Object obj = get_next_object();
+
+ ASN1_Tag type_tag = (ASN1_Tag)type_no;
+
+ out.clear();
+ push_back(obj);
+
+ if(obj.type_tag == type_tag && obj.class_tag == CONTEXT_SPECIFIC)
+ decode(out, real_type, type_tag, CONTEXT_SPECIFIC);
+
+ return (*this);
+ }
+
}
diff --git a/src/crl_ent.cpp b/src/crl_ent.cpp
index 086dd496b..8c6d79b5e 100644
--- a/src/crl_ent.cpp
+++ b/src/crl_ent.cpp
@@ -4,11 +4,12 @@
*************************************************/
#include <botan/crl_ent.h>
+#include <botan/x509_ext.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
+#include <botan/bigint.h>
#include <botan/conf.h>
#include <botan/oids.h>
-#include <botan/x509_crl.h>
#include <botan/util.h>
namespace Botan {
@@ -61,105 +62,67 @@ bool operator<(const CRL_Entry& a1, const CRL_Entry& a2)
return (a1.time.cmp(a2.time) < 0);
}
-namespace DER {
-
-/*************************************************
-* DER encode an CRL_Entry *
-*************************************************/
-void encode(DER_Encoder& der, const CRL_Entry& crl_ent)
- {
- der.start_sequence()
- .encode(BigInt::decode(crl_ent.serial, crl_ent.serial.size()))
- .encode(crl_ent.time)
- .start_sequence();
-
- if(crl_ent.reason != UNSPECIFIED)
- {
-#if 1
- der.start_sequence()
- .encode(OIDS::lookup("X509v3.ReasonCode"))
- .encode(
- DER_Encoder()
- .encode((u32bit)crl_ent.reason, ENUMERATED, UNIVERSAL)
- .get_contents(),
- OCTET_STRING)
- .end_sequence();
-#else
- DER_Encoder v2_ext;
- v2_ext.encode((u32bit)crl_ent.reason, ENUMERATED, UNIVERSAL);
- der.encode(Extension("X509v3.ReasonCode", v2_ext.get_contents()));
-#endif
- }
-
- der.end_sequence()
- .end_sequence();
- }
-
-}
-
-namespace BER {
-
-namespace {
-
/*************************************************
-* Decode a CRL entry extension *
+* DER encode a CRL_Entry *
*************************************************/
-void handle_crl_entry_extension(CRL_Entry& crl_ent, const Extension& extn)
+void CRL_Entry::encode_into(DER_Encoder& der) const
{
- BER_Decoder value(extn.value);
+ Extensions extensions;
- if(extn.oid == OIDS::lookup("X509v3.ReasonCode"))
- {
- u32bit reason_code;
- value.decode(reason_code, ENUMERATED, UNIVERSAL);
- crl_ent.reason = CRL_Code(reason_code);
- }
- else
- {
- if(extn.critical)
- {
- std::string action = Config::get_string("x509/crl/unknown_critical");
- if(action == "throw")
- throw Decoding_Error("Unknown critical CRL entry extension " +
- extn.oid.as_string());
- else if(action != "ignore")
- throw Invalid_Argument("Bad value of x509/crl/unknown_critical: "
- + action);
- }
- return;
- }
+ extensions.add(new Cert_Extension::CRL_ReasonCode(reason));
- value.verify_end();
+ der.start_cons(SEQUENCE)
+ .encode(BigInt::decode(serial, serial.size()))
+ .encode(time)
+ .encode(extensions)
+ .end_cons();
}
-}
-
/*************************************************
* Decode a BER encoded CRL_Entry *
*************************************************/
-void decode(BER_Decoder& source, CRL_Entry& crl_ent)
+void CRL_Entry::decode_from(BER_Decoder& source)
{
- BigInt serial_number;
+ BigInt serial_number_bn;
- BER_Decoder sequence = BER::get_subsequence(source);
- sequence.decode(serial_number);
- crl_ent.serial = BigInt::encode(serial_number);
- BER::decode(sequence, crl_ent.time);
+ source.start_cons(SEQUENCE)
+ .decode(serial_number_bn)
+ .decode(time);
- if(sequence.more_items())
+ if(source.more_items())
{
- BER_Decoder crl_entry_exts = BER::get_subsequence(sequence);
+ BER_Decoder crl_entry_exts = source.start_cons(SEQUENCE);
while(crl_entry_exts.more_items())
{
Extension extn;
- BER::decode(crl_entry_exts, extn);
- handle_crl_entry_extension(crl_ent, extn);
+ crl_entry_exts.decode(extn);
+
+ BER_Decoder value(extn.value);
+
+ if(extn.oid == OIDS::lookup("X509v3.ReasonCode"))
+ {
+ u32bit reason_code;
+ value.decode(reason_code, ENUMERATED, UNIVERSAL);
+ reason = CRL_Code(reason_code);
+ }
+ else if(extn.critical)
+ {
+ std::string action =
+ Config::get_string("x509/crl/unknown_critical");
+
+ if(action == "throw")
+ throw Decoding_Error("Unknown critical CRL entry extn " +
+ extn.oid.as_string());
+ else if(action != "ignore")
+ throw Invalid_Argument("Bad setting x509/crl/unknown_critical: "
+ + action);
+ }
+ value.verify_end();
}
+ source.end_cons();
}
- sequence.verify_end();
+ serial = BigInt::encode(serial_number_bn);
}
}
-
-}
diff --git a/src/datastor.cpp b/src/datastor.cpp
index 2b7255112..69afd3ce2 100644
--- a/src/datastor.cpp
+++ b/src/datastor.cpp
@@ -29,10 +29,18 @@ bool Data_Store::operator==(const Data_Store& other) const
}
/*************************************************
+* Check if this key has at least one value *
+*************************************************/
+bool Data_Store::has_value(const std::string& key) const
+ {
+ return (contents.lower_bound(key) != contents.end());
+ }
+
+/*************************************************
* Search based on an arbitrary predicate *
*************************************************/
std::multimap<std::string, std::string>
-Data_Store::get(const Matcher& matcher) const
+Data_Store::search_with(const Matcher& matcher) const
{
std::multimap<std::string, std::string> out;
@@ -49,12 +57,13 @@ Data_Store::get(const Matcher& matcher) const
}
/*************************************************
-* Search based on an key equality *
+* Search based on key equality *
*************************************************/
std::vector<std::string> Data_Store::get(const std::string& looking_for) const
{
std::vector<std::string> out;
+ // FIXME: use equal_range!!!!
std::multimap<std::string, std::string>::const_iterator i;
i = contents.begin();
while(i != contents.end())
diff --git a/src/der_enc.cpp b/src/der_enc.cpp
index c4a7245ff..a3d61152b 100644
--- a/src/der_enc.cpp
+++ b/src/der_enc.cpp
@@ -74,6 +74,7 @@ class DER_Cmp
bool DER_Cmp::operator()(const MemoryRegion<byte>& a,
const MemoryRegion<byte>& b) const
{
+ // FIXME: use lexicographical_compare
if(a.size() < b.size()) return true;
if(a.size() > b.size()) return false;
@@ -96,7 +97,7 @@ SecureVector<byte> DER_Encoder::DER_Sequence::get_contents()
SecureVector<byte> encoded_tag = encode_tag(type_tag, real_class_tag);
- if(is_a_set)
+ if(type_tag == SET)
{
std::sort(set_contents.begin(), set_contents.end(), DER_Cmp());
for(u32bit j = 0; j != set_contents.size(); ++j)
@@ -119,10 +120,8 @@ SecureVector<byte> DER_Encoder::DER_Sequence::get_contents()
*************************************************/
void DER_Encoder::DER_Sequence::add_bytes(const byte data[], u32bit length)
{
- if(is_a_set)
- {
+ if(type_tag == SET)
set_contents.push_back(SecureVector<byte>(data, length));
- }
else
contents.append(data, length);
}
@@ -138,8 +137,8 @@ ASN1_Tag DER_Encoder::DER_Sequence::tag_of() const
/*************************************************
* DER_Sequence Constructor *
*************************************************/
-DER_Encoder::DER_Sequence::DER_Sequence(ASN1_Tag t1, ASN1_Tag t2, bool b) :
- type_tag(t1), class_tag(t2), is_a_set(b)
+DER_Encoder::DER_Sequence::DER_Sequence(ASN1_Tag t1, ASN1_Tag t2) :
+ type_tag(t1), class_tag(t2)
{
}
@@ -148,7 +147,7 @@ DER_Encoder::DER_Sequence::DER_Sequence(ASN1_Tag t1, ASN1_Tag t2, bool b) :
*************************************************/
SecureVector<byte> DER_Encoder::get_contents()
{
- if(sequence_level != 0)
+ if(subsequences.size() != 0)
throw Invalid_State("DER_Encoder: Sequence hasn't been marked done");
SecureVector<byte> retval;
@@ -160,128 +159,65 @@ SecureVector<byte> DER_Encoder::get_contents()
/*************************************************
* Start a new ASN.1 SEQUENCE/SET/EXPLICIT *
*************************************************/
-DER_Encoder& DER_Encoder::start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag,
- bool is_a_set)
+DER_Encoder& DER_Encoder::start_cons(ASN1_Tag type_tag,
+ ASN1_Tag class_tag)
{
- ++sequence_level;
- subsequences.push_back(DER_Sequence(type_tag, class_tag, is_a_set));
+ subsequences.push_back(DER_Sequence(type_tag, class_tag));
return (*this);
}
/*************************************************
* Finish the current ASN.1 SEQUENCE/SET/EXPLICIT *
*************************************************/
-DER_Encoder& DER_Encoder::end_cons(ASN1_Tag type_tag, ASN1_Tag class_tag)
+DER_Encoder& DER_Encoder::end_cons()
{
- if(sequence_level == 0)
+ if(subsequences.size() == 0)
throw Invalid_State("DER_Encoder::end_cons: No such sequence");
- sequence_level--;
- if(subsequences[sequence_level].tag_of() != ASN1_Tag(type_tag | class_tag))
- throw Invalid_Argument("DER_Encoder::end_cons: Tag mismatch");
- SecureVector<byte> seq = subsequences[sequence_level].get_contents();
+ SecureVector<byte> seq = subsequences[subsequences.size()-1].get_contents();
subsequences.pop_back();
- add_raw_octets(seq);
+ raw_bytes(seq);
return (*this);
}
/*************************************************
-* Start a new ASN.1 SEQUENCE *
-*************************************************/
-DER_Encoder& DER_Encoder::start_sequence(ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- return start_cons(type_tag, class_tag, false);
- }
-
-/*************************************************
-* Finish the current ASN.1 SEQUENCE *
-*************************************************/
-DER_Encoder& DER_Encoder::end_sequence(ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- return end_cons(type_tag, class_tag);
- }
-
-/*************************************************
-* Start a new ASN.1 SET *
-*************************************************/
-DER_Encoder& DER_Encoder::start_set(ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- return start_cons(type_tag, class_tag, true);
- }
-
-/*************************************************
-* Finish the current ASN.1 SET *
-*************************************************/
-DER_Encoder& DER_Encoder::end_set(ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- return end_cons(type_tag, class_tag);
- }
-
-/*************************************************
-* Start a new ASN.1 SEQUENCE *
-*************************************************/
-DER_Encoder& DER_Encoder::start_sequence()
- {
- return start_sequence(SEQUENCE, UNIVERSAL);
- }
-
-/*************************************************
-* Finish the current ASN.1 SEQUENCE *
+* Start a new ASN.1 EXPLICIT encoding *
*************************************************/
-DER_Encoder& DER_Encoder::end_sequence()
+DER_Encoder& DER_Encoder::start_explicit(u16bit type_no)
{
- return end_sequence(SEQUENCE, UNIVERSAL);
- }
+ ASN1_Tag type_tag = (ASN1_Tag)type_no;
-/*************************************************
-* Start a new ASN.1 SET *
-*************************************************/
-DER_Encoder& DER_Encoder::start_set()
- {
- return start_set(SET, UNIVERSAL);
- }
+ if(type_tag == SET)
+ throw Internal_Error("DER_Encoder.start_explicit(SET); cannot perform");
-/*************************************************
-* Finish the current ASN.1 SET *
-*************************************************/
-DER_Encoder& DER_Encoder::end_set()
- {
- return end_set(SET, UNIVERSAL);
- }
-
-/*************************************************
-* Start a new ASN.1 EXPLICIT encoding *
-*************************************************/
-DER_Encoder& DER_Encoder::start_explicit(ASN1_Tag type_tag, ASN1_Tag class_tag)
- {
- return start_cons(type_tag, class_tag, false);
+ return start_cons(type_tag, CONTEXT_SPECIFIC);
}
/*************************************************
* Finish the current ASN.1 EXPLICIT encoding *
*************************************************/
-DER_Encoder& DER_Encoder::end_explicit(ASN1_Tag type_tag, ASN1_Tag class_tag)
+DER_Encoder& DER_Encoder::end_explicit()
{
- return end_cons(type_tag, class_tag);
+ return end_cons();
}
/*************************************************
-* Write raw octets into the stream *
+* Write raw bytes into the stream *
*************************************************/
-DER_Encoder& DER_Encoder::add_raw_octets(const MemoryRegion<byte>& octets)
+DER_Encoder& DER_Encoder::raw_bytes(const MemoryRegion<byte>& val)
{
- return add_raw_octets(octets.begin(), octets.size());
+ return raw_bytes(val.begin(), val.size());
}
/*************************************************
-* Write raw octets into the stream *
+* Write raw bytes into the stream *
*************************************************/
-DER_Encoder& DER_Encoder::add_raw_octets(const byte octets[], u32bit length)
+DER_Encoder& DER_Encoder::raw_bytes(const byte bytes[], u32bit length)
{
- if(sequence_level == 0)
- contents.append(octets, length);
+ if(subsequences.size() == 0)
+ contents.append(bytes, length);
else
- subsequences[sequence_level-1].add_bytes(octets, length);
+ subsequences[subsequences.size()-1].add_bytes(bytes, length);
return (*this);
}
@@ -320,20 +256,20 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n)
/*************************************************
* DER encode an OCTET STRING or BIT STRING *
*************************************************/
-DER_Encoder& DER_Encoder::encode(const MemoryRegion<byte>& octets,
+DER_Encoder& DER_Encoder::encode(const MemoryRegion<byte>& bytes,
ASN1_Tag real_type)
{
- return encode(octets.begin(), octets.size(),
+ return encode(bytes.begin(), bytes.size(),
real_type, real_type, UNIVERSAL);
}
/*************************************************
* Encode this object *
*************************************************/
-DER_Encoder& DER_Encoder::encode(const byte octets[], u32bit length,
+DER_Encoder& DER_Encoder::encode(const byte bytes[], u32bit length,
ASN1_Tag real_type)
{
- return encode(octets, length, real_type, real_type, UNIVERSAL);
+ return encode(bytes, length, real_type, real_type, UNIVERSAL);
}
/*************************************************
@@ -382,18 +318,18 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n,
/*************************************************
* DER encode an OCTET STRING or BIT STRING *
*************************************************/
-DER_Encoder& DER_Encoder::encode(const MemoryRegion<byte>& octets,
+DER_Encoder& DER_Encoder::encode(const MemoryRegion<byte>& bytes,
ASN1_Tag real_type,
ASN1_Tag type_tag, ASN1_Tag class_tag)
{
- return encode(octets.begin(), octets.size(),
+ return encode(bytes.begin(), bytes.size(),
real_type, type_tag, class_tag);
}
/*************************************************
* DER encode an OCTET STRING or BIT STRING *
*************************************************/
-DER_Encoder& DER_Encoder::encode(const byte octets[], u32bit length,
+DER_Encoder& DER_Encoder::encode(const byte bytes[], u32bit length,
ASN1_Tag real_type,
ASN1_Tag type_tag, ASN1_Tag class_tag)
{
@@ -404,11 +340,21 @@ DER_Encoder& DER_Encoder::encode(const byte octets[], u32bit length,
{
SecureVector<byte> encoded;
encoded.append(0);
- encoded.append(octets, length);
+ encoded.append(bytes, length);
return add_object(type_tag, class_tag, encoded);
}
else
- return add_object(type_tag, class_tag, octets, length);
+ return add_object(type_tag, class_tag, bytes, length);
+ }
+
+/*************************************************
+* Conditionally write some values to the stream *
+*************************************************/
+DER_Encoder& DER_Encoder::encode_if(bool cond, DER_Encoder& codec)
+ {
+ if(cond)
+ return raw_bytes(codec.get_contents());
+ return (*this);
}
/*************************************************
@@ -421,7 +367,7 @@ DER_Encoder& DER_Encoder::encode(const ASN1_Object& obj)
}
/*************************************************
-* Write the encoding of the octet(s) *
+* Write the encoding of the byte(s) *
*************************************************/
DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag,
const byte rep[], u32bit length)
@@ -434,11 +380,11 @@ DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag,
buffer.append(encoded_length);
buffer.append(rep, length);
- return add_raw_octets(buffer);
+ return raw_bytes(buffer);
}
/*************************************************
-* Write the encoding of the octet(s) *
+* Write the encoding of the byte(s) *
*************************************************/
DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag,
const MemoryRegion<byte>& rep_buf)
@@ -449,7 +395,7 @@ DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag,
}
/*************************************************
-* Write the encoding of the octet(s) *
+* Write the encoding of the byte(s) *
*************************************************/
DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag,
const std::string& rep_str)
@@ -460,7 +406,7 @@ DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag,
}
/*************************************************
-* Write the encoding of the octet *
+* Write the encoding of the byte *
*************************************************/
DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag,
ASN1_Tag class_tag, byte rep)
@@ -468,12 +414,4 @@ DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag,
return add_object(type_tag, class_tag, &rep, 1);
}
-/*************************************************
-* DER_Encoder Constructor *
-*************************************************/
-DER_Encoder::DER_Encoder()
- {
- sequence_level = 0;
- }
-
}
diff --git a/src/dl_algo.cpp b/src/dl_algo.cpp
index e29696200..6e61a672b 100644
--- a/src/dl_algo.cpp
+++ b/src/dl_algo.cpp
@@ -15,9 +15,7 @@ namespace Botan {
*************************************************/
MemoryVector<byte> DL_Scheme_PublicKey::DER_encode_pub() const
{
- DER_Encoder der;
- der.encode(y);
- return der.get_contents();
+ return DER_Encoder().encode(y).get_contents();
}
/*************************************************
@@ -53,9 +51,7 @@ void DL_Scheme_PublicKey::BER_decode_params(DataSource& source)
*************************************************/
SecureVector<byte> DL_Scheme_PrivateKey::DER_encode_priv() const
{
- DER_Encoder der;
- der.encode(x);
- return der.get_contents();
+ return DER_Encoder().encode(x).get_contents();
}
/*************************************************
diff --git a/src/dl_group.cpp b/src/dl_group.cpp
index f54ceac22..fffc64185 100644
--- a/src/dl_group.cpp
+++ b/src/dl_group.cpp
@@ -194,30 +194,30 @@ SecureVector<byte> DL_Group::DER_encode(Format format) const
if(format == ANSI_X9_57)
{
return DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode(p)
.encode(q)
.encode(g)
- .end_sequence()
+ .end_cons()
.get_contents();
}
else if(format == ANSI_X9_42)
{
return DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode(p)
.encode(g)
.encode(q)
- .end_sequence()
+ .end_cons()
.get_contents();
}
else if(format == PKCS_3)
{
return DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode(p)
.encode(g)
- .end_sequence()
+ .end_cons()
.get_contents();
}
@@ -248,7 +248,7 @@ void DL_Group::BER_decode(DataSource& source, Format format)
BigInt new_p, new_q, new_g;
BER_Decoder decoder(source);
- BER_Decoder ber = BER::get_subsequence(decoder);
+ BER_Decoder ber = decoder.start_cons(SEQUENCE);
if(format == ANSI_X9_57)
{
diff --git a/src/if_algo.cpp b/src/if_algo.cpp
index 8c6a8654e..36d859282 100644
--- a/src/if_algo.cpp
+++ b/src/if_algo.cpp
@@ -16,10 +16,10 @@ namespace Botan {
MemoryVector<byte> IF_Scheme_PublicKey::DER_encode_pub() const
{
return DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode(n)
.encode(e)
- .end_sequence()
+ .end_cons()
.get_contents();
}
@@ -36,12 +36,12 @@ MemoryVector<byte> IF_Scheme_PublicKey::DER_encode_params() const
*************************************************/
void IF_Scheme_PublicKey::BER_decode_pub(DataSource& source)
{
- BER_Decoder decoder(source);
- BER_Decoder ber = BER::get_subsequence(decoder);
-
- ber.decode(n)
- .decode(e)
- .verify_end();
+ BER_Decoder(source)
+ .start_cons(SEQUENCE)
+ .decode(n)
+ .decode(e)
+ .verify_end()
+ .end_cons();
X509_load_hook();
}
@@ -62,7 +62,7 @@ void IF_Scheme_PublicKey::BER_decode_params(DataSource& source)
SecureVector<byte> IF_Scheme_PrivateKey::DER_encode_priv() const
{
return DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode((u32bit)0)
.encode(n)
.encode(e)
@@ -72,7 +72,7 @@ SecureVector<byte> IF_Scheme_PrivateKey::DER_encode_priv() const
.encode(d1)
.encode(d2)
.encode(c)
- .end_sequence()
+ .end_cons()
.get_contents();
}
@@ -83,19 +83,18 @@ void IF_Scheme_PrivateKey::BER_decode_priv(DataSource& source)
{
u32bit version;
- BER_Decoder decoder(source);
- BER_Decoder ber = BER::get_subsequence(decoder);
-
- ber.decode(version)
- .decode(n)
- .decode(e)
- .decode(d)
- .decode(p)
- .decode(q)
- .decode(d1)
- .decode(d2)
- .decode(c)
- .verify_end();
+ BER_Decoder(source)
+ .start_cons(SEQUENCE)
+ .decode(version)
+ .decode(n)
+ .decode(e)
+ .decode(d)
+ .decode(p)
+ .decode(q)
+ .decode(d1)
+ .decode(d2)
+ .decode(c)
+ .end_cons();
if(version != 0)
throw Decoding_Error(algo_name() + ": Unknown PKCS #1 key version");
diff --git a/src/libstate.cpp b/src/libstate.cpp
index 4990938f3..456a4a8dd 100644
--- a/src/libstate.cpp
+++ b/src/libstate.cpp
@@ -14,8 +14,12 @@ namespace Botan {
/*************************************************
* Botan's global state *
*************************************************/
+namespace {
+
Library_State* global_lib_state = 0;
+}
+
Library_State& global_state()
{
if(!global_lib_state)
diff --git a/src/pbes1.cpp b/src/pbes1.cpp
index d99e9a1fd..da97ee2da 100644
--- a/src/pbes1.cpp
+++ b/src/pbes1.cpp
@@ -94,14 +94,12 @@ void PBE_PKCS5v15::new_params()
*************************************************/
MemoryVector<byte> PBE_PKCS5v15::encode_params() const
{
- DER_Encoder der;
-
- der.start_sequence()
- .encode(salt, OCTET_STRING)
- .encode(iterations)
- .end_sequence();
-
- return der.get_contents();
+ return DER_Encoder()
+ .start_cons(SEQUENCE)
+ .encode(salt, OCTET_STRING)
+ .encode(iterations)
+ .end_cons()
+ .get_contents();
}
/*************************************************
@@ -109,11 +107,12 @@ MemoryVector<byte> PBE_PKCS5v15::encode_params() const
*************************************************/
void PBE_PKCS5v15::decode_params(DataSource& source)
{
- BER_Decoder decoder(source);
- BER_Decoder sequence = BER::get_subsequence(decoder);
- sequence.decode(salt, OCTET_STRING);
- sequence.decode(iterations);
- sequence.verify_end();
+ BER_Decoder(source)
+ .start_cons(SEQUENCE)
+ .decode(salt, OCTET_STRING)
+ .decode(iterations)
+ .verify_end()
+ .end_cons();
if(salt.size() != 8)
throw Decoding_Error("PBES1: Encoded salt is not 8 octets");
diff --git a/src/pbes2.cpp b/src/pbes2.cpp
index 036acb675..0eeb4eee5 100644
--- a/src/pbes2.cpp
+++ b/src/pbes2.cpp
@@ -4,6 +4,8 @@
*************************************************/
#include <botan/pbe_pkcs.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/parsing.h>
#include <botan/lookup.h>
#include <botan/rng.h>
@@ -95,15 +97,15 @@ void PBE_PKCS5v20::new_params()
MemoryVector<byte> PBE_PKCS5v20::encode_params() const
{
return DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode(
AlgorithmIdentifier("PKCS5.PBKDF2",
DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode(salt, OCTET_STRING)
.encode(iterations)
.encode(key_length)
- .end_sequence()
+ .end_cons()
.get_contents()
)
)
@@ -114,7 +116,7 @@ MemoryVector<byte> PBE_PKCS5v20::encode_params() const
.get_contents()
)
)
- .end_sequence()
+ .end_cons()
.get_contents();
}
@@ -125,22 +127,24 @@ void PBE_PKCS5v20::decode_params(DataSource& source)
{
AlgorithmIdentifier kdf_algo, enc_algo;
- BER_Decoder decoder(source);
- BER_Decoder sequence = BER::get_subsequence(decoder);
- BER::decode(sequence, kdf_algo);
- BER::decode(sequence, enc_algo);
- sequence.verify_end();
+ BER_Decoder(source)
+ .start_cons(SEQUENCE)
+ .decode(kdf_algo)
+ .decode(enc_algo)
+ .verify_end()
+ .end_cons();
if(kdf_algo.oid == OIDS::lookup("PKCS5.PBKDF2"))
{
digest = "SHA-160";
- BER_Decoder pbkdf2_params(kdf_algo.parameters);
- BER_Decoder algo_params = BER::get_subsequence(pbkdf2_params);
- algo_params.decode(salt, OCTET_STRING);
- algo_params.decode(iterations);
- BER::decode_optional(algo_params, key_length, INTEGER, UNIVERSAL);
- algo_params.verify_end();
+ BER_Decoder(kdf_algo.parameters)
+ .start_cons(SEQUENCE)
+ .decode(salt, OCTET_STRING)
+ .decode(iterations)
+ .decode_optional(key_length, INTEGER, UNIVERSAL)
+ .verify_end()
+ .end_cons();
}
else
throw Decoding_Error("PBE-PKCS5 v2.0: Unknown KDF algorithm " +
@@ -156,12 +160,7 @@ void PBE_PKCS5v20::decode_params(DataSource& source)
throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " +
cipher);
-#if 0
- BER_Decoder algo_params(enc_algo.parameters);
- algo_params.decode(iv, OCTET_STRING);
-#else
BER_Decoder(enc_algo.parameters).decode(iv, OCTET_STRING).verify_end();
-#endif
if(key_length == 0)
key_length = max_keylength_of(cipher_algo);
diff --git a/src/pkcs10.cpp b/src/pkcs10.cpp
index a567f5a00..74ff30867 100644
--- a/src/pkcs10.cpp
+++ b/src/pkcs10.cpp
@@ -4,7 +4,8 @@
*************************************************/
#include <botan/pkcs10.h>
-#include <botan/asn1_int.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/parsing.h>
#include <botan/x509stor.h>
#include <botan/oids.h>
@@ -49,7 +50,7 @@ void PKCS10_Request::force_decode()
throw Decoding_Error("Unknown version code in PKCS #10 request: " +
to_string(version));
- BER::decode(cert_req_info, dn);
+ cert_req_info.decode(dn);
BER_Object public_key = cert_req_info.get_next_object();
if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED)
@@ -66,7 +67,7 @@ void PKCS10_Request::force_decode()
while(attributes.more_items())
{
Attribute attr;
- BER::decode(attributes, attr);
+ attributes.decode(attr);
handle_attribute(attr);
}
attributes.verify_end();
@@ -96,23 +97,23 @@ void PKCS10_Request::handle_attribute(const Attribute& attr)
if(attr.oid == OIDS::lookup("PKCS9.EmailAddress"))
{
ASN1_String email;
- BER::decode(value, email);
+ value.decode(email);
subject_alt.add_attribute("RFC822", email.value());
}
else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword"))
{
ASN1_String challenge_password;
- BER::decode(value, challenge_password);
+ value.decode(challenge_password);
challenge = challenge_password.value();
}
else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest"))
{
- BER_Decoder sequence = BER::get_subsequence(value);
+ BER_Decoder sequence = value.start_cons(SEQUENCE);
while(sequence.more_items())
{
Extension extn;
- BER::decode(sequence, extn);
+ sequence.decode(extn);
handle_v3_extension(extn);
}
sequence.verify_end();
@@ -130,23 +131,23 @@ void PKCS10_Request::handle_v3_extension(const Extension& extn)
BER::decode(value, constraints_value);
else if(extn.oid == OIDS::lookup("X509v3.ExtendedKeyUsage"))
{
- BER_Decoder key_usage = BER::get_subsequence(value);
+ BER_Decoder key_usage = value.start_cons(SEQUENCE);
while(key_usage.more_items())
{
OID usage_oid;
- BER::decode(key_usage, usage_oid);
+ key_usage.decode(usage_oid);
ex_constraints_list.push_back(usage_oid);
}
}
else if(extn.oid == OIDS::lookup("X509v3.BasicConstraints"))
{
- BER_Decoder constraints = BER::get_subsequence(value);
- BER::decode_optional(constraints, is_ca, BOOLEAN, UNIVERSAL, false);
- BER::decode_optional(constraints, max_path_len,
- INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT);
+ BER_Decoder constraints = value.start_cons(SEQUENCE);
+ constraints.decode_optional(is_ca, BOOLEAN, UNIVERSAL, false);
+ constraints.decode_optional(max_path_len, INTEGER, UNIVERSAL,
+ NO_CERT_PATH_LIMIT);
}
else if(extn.oid == OIDS::lookup("X509v3.SubjectAlternativeName"))
- BER::decode(value, subject_alt);
+ value.decode(subject_alt);
else
return;
diff --git a/src/pkcs8.cpp b/src/pkcs8.cpp
index 2888774dd..72fcb41e4 100644
--- a/src/pkcs8.cpp
+++ b/src/pkcs8.cpp
@@ -4,6 +4,8 @@
*************************************************/
#include <botan/pkcs8.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/asn1_obj.h>
#include <botan/pk_algs.h>
#include <botan/conf.h>
@@ -28,8 +30,8 @@ SecureVector<byte> PKCS8_extract(DataSource& source,
try {
BER_Decoder decoder(source);
- BER_Decoder sequence = BER::get_subsequence(decoder);
- BER::decode(sequence, alg_id);
+ BER_Decoder sequence = decoder.start_cons(SEQUENCE);
+ sequence.decode(alg_id);
sequence.decode(enc_pkcs8_key, OCTET_STRING);
sequence.verify_end();
}
@@ -107,17 +109,18 @@ SecureVector<byte> PKCS8_decode(DataSource& source, const User_Interface& ui,
}
u32bit version;
- BER_Decoder decoder(key);
- BER_Decoder sequence = BER::get_subsequence(decoder);
- sequence.decode(version);
+
+ BER_Decoder(key)
+ .start_cons(SEQUENCE)
+ .decode(version)
+ .decode(pk_alg_id)
+ .decode(key, OCTET_STRING)
+ .discard_remaining()
+ .end_cons();
+
if(version != 0)
throw Decoding_Error("PKCS #8: Unknown version number");
- BER::decode(sequence, pk_alg_id);
- sequence.decode(key, OCTET_STRING);
- sequence.discard_remaining();
- sequence.verify_end();
-
break;
}
catch(Decoding_Error)
@@ -144,11 +147,11 @@ void encode(const PKCS8_PrivateKey& key, Pipe& pipe, X509_Encoding encoding)
SecureVector<byte> contents =
DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode(PKCS8_VERSION)
.encode(alg_id)
.encode(key.DER_encode_priv(), OCTET_STRING)
- .end_sequence()
+ .end_cons()
.get_contents();
if(encoding == PEM)
@@ -177,12 +180,12 @@ void encrypt_key(const PKCS8_PrivateKey& key, Pipe& pipe,
Pipe key_encrytor(pbe);
key_encrytor.process_msg(raw_key);
- SecureVector<byte> enc_key =
+ SecureVector<byte> enc_key =
DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode(AlgorithmIdentifier(pbe->get_oid(), pbe->encode_params()))
.encode(key_encrytor.read_all(), OCTET_STRING)
- .end_sequence()
+ .end_cons()
.get_contents();
if(encoding == PEM)
diff --git a/src/policy.cpp b/src/policy.cpp
index 72f751560..3ec3227db 100644
--- a/src/policy.cpp
+++ b/src/policy.cpp
@@ -227,7 +227,6 @@ void set_default_config(Library_State* state)
state->set_option("conf", "x509/exts/key_usage", "critical");
state->set_option("conf", "x509/exts/extended_key_usage", "yes");
state->set_option("conf", "x509/exts/crl_number", "yes");
-
}
/*************************************************
diff --git a/src/prf_x942.cpp b/src/prf_x942.cpp
index 59a0d96c6..508fe6cc9 100644
--- a/src/prf_x942.cpp
+++ b/src/prf_x942.cpp
@@ -20,13 +20,11 @@ namespace {
*************************************************/
MemoryVector<byte> encode_x942_int(u32bit n)
{
- byte n_buf[4];
+ byte n_buf[4] = { 0 };
for(u32bit j = 0; j != 4; ++j)
n_buf[j] = get_byte(j, n);
- DER_Encoder encoder;
- encoder.encode(n_buf, 4, OCTET_STRING);
- return encoder.get_contents();
+ return DER_Encoder().encode(n_buf, 4, OCTET_STRING).get_contents();
}
}
@@ -46,28 +44,30 @@ SecureVector<byte> X942_PRF::derive(u32bit key_len,
while(key.size() != key_len)
{
- DER_Encoder encoder;
-
- encoder.start_sequence()
- .start_sequence()
- .encode(kek_algo)
- .add_raw_octets(encode_x942_int(counter))
- .end_sequence();
-
- if(salt_len)
- {
- encoder.start_explicit(ASN1_Tag(0));
- encoder.encode(salt, salt_len, OCTET_STRING);
- encoder.end_explicit(ASN1_Tag(0));
- }
-
- encoder.start_explicit(ASN1_Tag(2))
- .add_raw_octets(encode_x942_int(8 * key_len))
- .end_explicit(ASN1_Tag(2))
- .end_sequence();
-
hash->update(secret, secret_len);
- hash->update(encoder.get_contents());
+
+ hash->update(
+ DER_Encoder().start_cons(SEQUENCE)
+
+ .start_cons(SEQUENCE)
+ .encode(kek_algo)
+ .raw_bytes(encode_x942_int(counter))
+ .end_cons()
+
+ .encode_if(salt_len != 0,
+ DER_Encoder()
+ .start_explicit(0)
+ .encode(salt, salt_len, OCTET_STRING)
+ .end_explicit()
+ )
+
+ .start_explicit(2)
+ .raw_bytes(encode_x942_int(8 * key_len))
+ .end_explicit()
+
+ .end_cons().get_contents()
+ );
+
SecureVector<byte> digest = hash->final();
key.append(digest, std::min(digest.size(), key_len - key.size()));
diff --git a/src/pubkey.cpp b/src/pubkey.cpp
index 75772fd47..c23d16bd4 100644
--- a/src/pubkey.cpp
+++ b/src/pubkey.cpp
@@ -4,11 +4,12 @@
*************************************************/
#include <botan/pubkey.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+#include <botan/bigint.h>
#include <botan/parsing.h>
#include <botan/bit_ops.h>
#include <botan/lookup.h>
-#include <botan/der_enc.h>
-#include <botan/ber_dec.h>
#include <memory>
namespace Botan {
@@ -196,13 +197,11 @@ SecureVector<byte> PK_Signer::signature()
for(u32bit j = 0; j != sig_parts.size(); ++j)
sig_parts[j].binary_decode(plain_sig + SIZE_OF_PART*j, SIZE_OF_PART);
- DER_Encoder der_sig;
- der_sig.start_sequence();
- for(u32bit j = 0; j != sig_parts.size(); ++j)
- der_sig.encode(sig_parts[j]);
- der_sig.end_sequence();
-
- return der_sig.get_contents();
+ return DER_Encoder()
+ .start_cons(SEQUENCE)
+ .encode_list(sig_parts)
+ .end_cons()
+ .get_contents();
}
else
throw Encoding_Error("PK_Signer: Unknown signature format " +
@@ -290,7 +289,7 @@ bool PK_Verifier::check_signature(const byte sig[], u32bit length)
else if(sig_format == DER_SEQUENCE)
{
BER_Decoder decoder(sig, length);
- BER_Decoder ber_sig = BER::get_subsequence(decoder);
+ BER_Decoder ber_sig = decoder.start_cons(SEQUENCE);
u32bit count = 0;
SecureVector<byte> real_sig;
diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp
index eed733f17..3600843d3 100644
--- a/src/x509_ca.cpp
+++ b/src/x509_ca.cpp
@@ -6,6 +6,8 @@
#include <botan/x509_ca.h>
#include <botan/x509_ext.h>
#include <botan/x509stor.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/conf.h>
#include <botan/lookup.h>
#include <botan/look_pk.h>
@@ -13,11 +15,29 @@
#include <botan/oids.h>
#include <botan/util.h>
#include <algorithm>
+#include <typeinfo>
#include <memory>
#include <set>
namespace Botan {
+namespace {
+
+// FIXME: move elsewhere
+MemoryVector<byte> make_signed(PK_Signer* signer,
+ const AlgorithmIdentifier& sig_algo,
+ const MemoryRegion<byte>& tbs_bits)
+ {
+ return DER_Encoder().start_cons(SEQUENCE)
+ .raw_bytes(tbs_bits)
+ .encode(sig_algo)
+ .encode(signer->sign_message(tbs_bits), BIT_STRING)
+ .end_cons()
+ .get_contents();
+ }
+
+}
+
/*************************************************
* Load the certificate and private key *
*************************************************/
@@ -28,8 +48,11 @@ X509_CA::X509_CA(const X509_Certificate& c,
if(!dynamic_cast<const PK_Signing_Key*>(key_pointer))
throw Invalid_Argument("X509_CA: " + key.algo_name() + " cannot sign");
+#if 0
+ // FIXME!
if(!cert.is_CA_cert())
throw Invalid_Argument("X509_CA: This certificate is not for a CA");
+#endif
std::string padding;
Signature_Format format;
@@ -93,11 +116,9 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer,
Key_Constraints constraints,
const std::vector<OID>& ex_constraints)
{
- const u32bit X509_CERT_VERSION = 2;
- const u32bit SERIAL_BITS = 128;
-
Extensions extensions;
+ // POLICY: which extensions
extensions.add(new Cert_Extension::Subject_Key_ID(pub_key));
extensions.add(new Cert_Extension::Authority_Key_ID(auth_key_id));
@@ -120,41 +141,35 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer,
"issuer_alternative_name")
);
- MemoryVector<byte> tbs_bits =
- DER_Encoder().start_sequence()
- .start_explicit(ASN1_Tag(0))
- .encode(X509_CERT_VERSION)
- .end_explicit(ASN1_Tag(0))
-
- .encode(random_integer(SERIAL_BITS))
- .encode(sig_algo)
- .encode(issuer_dn)
-
- .start_sequence()
- .encode(not_before)
- .encode(not_after)
- .end_sequence()
-
- .encode(subject_dn)
- .add_raw_octets(pub_key)
-
- .start_explicit(ASN1_Tag(3))
- .start_sequence()
- .encode(extensions)
- .end_sequence()
- .end_explicit(ASN1_Tag(3))
- .end_sequence()
- .get_contents();
-
- DataSource_Memory source(
- DER_Encoder()
- .start_sequence()
- .add_raw_octets(tbs_bits)
+ const u32bit X509_CERT_VERSION = 3;
+ const u32bit SERIAL_BITS = 128;
+
+ DataSource_Memory source(make_signed(signer, sig_algo,
+ DER_Encoder().start_cons(SEQUENCE)
+ .start_explicit(0)
+ .encode(X509_CERT_VERSION-1)
+ .end_explicit()
+
+ .encode(random_integer(SERIAL_BITS))
.encode(sig_algo)
- .encode(signer->sign_message(tbs_bits), BIT_STRING)
- .end_sequence()
+ .encode(issuer_dn)
+
+ .start_cons(SEQUENCE)
+ .encode(not_before)
+ .encode(not_after)
+ .end_cons()
+
+ .encode(subject_dn)
+ .raw_bytes(pub_key)
+
+ .start_explicit(3)
+ .start_cons(SEQUENCE)
+ .encode(extensions)
+ .end_cons()
+ .end_explicit()
+ .end_cons()
.get_contents()
- );
+ ));
return X509_Certificate(source);
}
@@ -215,7 +230,7 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl,
X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
u32bit crl_number, u32bit next_update) const
{
- const u32bit X509_CRL_VERSION = 1;
+ const u32bit X509_CRL_VERSION = 2;
if(next_update == 0)
next_update = Config::get_time("x509/crl/next_update");
@@ -223,47 +238,31 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
const u64bit current_time = system_time();
Extensions extensions;
- extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id()));
+ extensions.add(
+ new Cert_Extension::Authority_Key_ID(cert.subject_key_id()));
extensions.add(new Cert_Extension::CRL_Number(crl_number));
- DER_Encoder tbs_crl;
-
- tbs_crl
- .start_sequence()
- .encode(X509_CRL_VERSION)
- .encode(ca_sig_algo)
- .encode(cert.subject_dn())
- .encode(X509_Time(current_time))
- .encode(X509_Time(current_time + next_update));
-
- if(revoked.size())
- {
- tbs_crl.start_sequence();
- for(u32bit j = 0; j != revoked.size(); ++j)
- DER::encode(tbs_crl, revoked[j]);
- tbs_crl.end_sequence();
- }
-
- tbs_crl
- .start_explicit(ASN1_Tag(0))
- .start_sequence()
- .encode(extensions)
- .end_sequence()
- .end_explicit(ASN1_Tag(0))
- .end_sequence();
-
- MemoryVector<byte> tbs_bits = tbs_crl.get_contents();
- MemoryVector<byte> sig = signer->sign_message(tbs_bits);
-
- DataSource_Memory source(
- DER_Encoder()
- .start_sequence()
- .add_raw_octets(tbs_bits)
+ DataSource_Memory source(make_signed(signer, ca_sig_algo,
+ DER_Encoder().start_cons(SEQUENCE)
+ .encode(X509_CRL_VERSION-1)
.encode(ca_sig_algo)
- .encode(sig, BIT_STRING)
- .end_sequence()
+ .encode(cert.issuer_dn())
+ .encode(X509_Time(current_time))
+ .encode(X509_Time(current_time + next_update))
+ .encode_if(revoked.size() > 0,
+ DER_Encoder()
+ .start_cons(SEQUENCE)
+ .encode_list(revoked)
+ .end_cons()
+ )
+ .start_explicit(0)
+ .start_cons(SEQUENCE)
+ .encode(extensions)
+ .end_cons()
+ .end_explicit()
+ .end_cons()
.get_contents()
- );
+ ));
return X509_CRL(source);
}
diff --git a/src/x509_crl.cpp b/src/x509_crl.cpp
index 520932dba..491202fc3 100644
--- a/src/x509_crl.cpp
+++ b/src/x509_crl.cpp
@@ -4,6 +4,7 @@
*************************************************/
#include <botan/x509_crl.h>
+#include <botan/ber_dec.h>
#include <botan/parsing.h>
#include <botan/bigint.h>
#include <botan/conf.h>
@@ -38,21 +39,21 @@ void X509_CRL::force_decode()
{
BER_Decoder tbs_crl(tbs_bits);
- BER::decode_optional(tbs_crl, version, INTEGER, UNIVERSAL);
+ tbs_crl.decode_optional(version, INTEGER, UNIVERSAL);
if(version != 0 && version != 1)
throw X509_CRL_Error("Unknown X.509 CRL version " +
to_string(version+1));
AlgorithmIdentifier sig_algo_inner;
- BER::decode(tbs_crl, sig_algo_inner);
+ tbs_crl.decode(sig_algo_inner);
if(sig_algo != sig_algo_inner)
throw X509_CRL_Error("Algorithm identifier mismatch");
- BER::decode(tbs_crl, issuer);
- BER::decode(tbs_crl, start);
- BER::decode(tbs_crl, end);
+ tbs_crl.decode(issuer);
+ tbs_crl.decode(start);
+ tbs_crl.decode(end);
BER_Object next = tbs_crl.get_next_object();
@@ -63,7 +64,7 @@ void X509_CRL::force_decode()
while(cert_list.more_items())
{
CRL_Entry entry;
- BER::decode(cert_list, entry);
+ cert_list.decode(entry);
revoked.push_back(entry);
}
next = tbs_crl.get_next_object();
@@ -73,12 +74,12 @@ void X509_CRL::force_decode()
next.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
{
BER_Decoder crl_options(next.value);
- BER_Decoder sequence = BER::get_subsequence(crl_options);
+ BER_Decoder sequence = crl_options.start_cons(SEQUENCE);
while(sequence.more_items())
{
Extension extn;
- BER::decode(sequence, extn);
+ sequence.decode(extn);
handle_crl_extension(extn);
}
next = tbs_crl.get_next_object();
@@ -99,9 +100,8 @@ void X509_CRL::handle_crl_extension(const Extension& extn)
if(extn.oid == OIDS::lookup("X509v3.AuthorityKeyIdentifier"))
{
- BER_Decoder key_id = BER::get_subsequence(value);
- BER::decode_optional_string(key_id, issuer_key_id, OCTET_STRING,
- ASN1_Tag(0), CONTEXT_SPECIFIC);
+ BER_Decoder key_id = value.start_cons(SEQUENCE);
+ key_id.decode_optional_string(issuer_key_id, OCTET_STRING, 0);
}
else if(extn.oid == OIDS::lookup("X509v3.CRLNumber"))
value.decode(crl_count);
diff --git a/src/x509_ext.cpp b/src/x509_ext.cpp
index b814d3c43..38d2fbabb 100644
--- a/src/x509_ext.cpp
+++ b/src/x509_ext.cpp
@@ -15,63 +15,36 @@
namespace Botan {
-/*************************************************
-* Encode a Certificate Extension *
-*************************************************/
-void Certificate_Extension::encode_into(DER_Encoder& der,
- bool is_critical) const
- {
- if(should_encode())
- {
-#if 0
- der.start_seqeuence()
- .encode(oid_of())
- .encode_optional(is_critical, false)
- .encode(encode_inner(), OCTET_STRING)
- .end_sequence();
-#else
- der.start_sequence();
- der.encode(oid_of());
- if(is_critical)
- der.encode(is_critical);
- der.encode(encode_inner(), OCTET_STRING);
- der.end_sequence();
-#endif
- }
- }
+namespace {
/*************************************************
-* Decode a Certificate Extension *
+* Create a new certificate extension object *
*************************************************/
-void Certificate_Extension::decode_from(BER_Decoder& ber)
+Certificate_Extension* make_extension(const OID& oid)
{
- MemoryVector<byte> value;
- OID oid;
-
-#if 0
- ber.start_sequence()
- .decode(oid)
- .decode_optional(is_critical, false)
- .decode(value, OCTET_STRING)
- .end_sequence();
-#else
- BER_Decoder extension = BER::get_subsequence(ber);
- BER::decode(extension, oid);
- BER::decode_optional(extension, critical, BOOLEAN, UNIVERSAL, false);
- extension.decode(value, OCTET_STRING);
- extension.verify_end();
-#endif
-
- decode_inner(value);
+ const std::string oid_name = OIDS::lookup(oid);
+
+ if(oid_name == "X509v3.KeyUsage")
+ return new Cert_Extension::Key_Usage();
+ else if(oid_name == "X509v3.BasicConstraints")
+ return new Cert_Extension::Basic_Constraints();
+ else if(oid_name == "X509v3.SubjectKeyIdentifier")
+ return new Cert_Extension::Subject_Key_ID();
+ else if(oid_name == "X509v3.AuthorityKeyIdentifier")
+ return new Cert_Extension::Authority_Key_ID();
+ else if(oid_name == "X509v3.ExtendedKeyUsage")
+ return new Cert_Extension::Extended_Key_Usage();
+ else if(oid_name == "X509v3.CRLNumber")
+ return new Cert_Extension::CRL_Number();
+ else if(oid_name == "X509v3.CertificatePolicies")
+ return 0;//return new Cert_Extension::Certificate_Policies();
+
+ //printf("No result for %s\n", oid_name.c_str());
+
+ return 0;
}
-/*************************************************
-* Encode a Certificate Extension *
-*************************************************/
-void Certificate_Extension::encode_into(DER_Encoder& der) const
- {
- encode_into(der, critical);
- }
+}
/*************************************************
* Return the OID of this extension *
@@ -82,24 +55,64 @@ OID Certificate_Extension::oid_of() const
}
/*************************************************
-* Encode a Certificate Extension *
+* Encode an Extensions list *
*************************************************/
-void Certificate_Extension::maybe_add(class DER_Encoder& der) const
+void Extensions::encode_into(DER_Encoder& to_object) const
{
- const std::string opt_name = "x509/exts/" + config_id();
- std::string setting = Config::get_string(opt_name);
-
- if(setting != "no")
- encode_into(der, critical || (setting == "critical"));
+ for(u32bit j = 0; j != extensions.size(); j++)
+ {
+ const Certificate_Extension* ext = extensions[j];
+
+ if(ext->should_encode())
+ {
+ to_object.start_cons(SEQUENCE)
+ .encode(ext->oid_of())
+ .encode_optional(ext->is_critical(), false)
+ .encode(ext->encode_inner(), OCTET_STRING)
+ .end_cons();
+ }
+ }
}
/*************************************************
-* Encode an Extensions list *
+* Decode a list of Extensions *
*************************************************/
-void Extensions::encode_into(class DER_Encoder& to_object) const
+void Extensions::decode_from(BER_Decoder& from_source)
{
for(u32bit j = 0; j != extensions.size(); ++j)
- extensions[j]->maybe_add(to_object);
+ delete extensions[j];
+ extensions.clear();
+
+ BER_Decoder sequence = from_source.start_cons(SEQUENCE);
+ while(sequence.more_items())
+ {
+ OID oid;
+ MemoryVector<byte> value;
+ bool critical;
+
+ sequence.start_cons(SEQUENCE)
+ .decode(oid)
+ .decode_optional(critical, BOOLEAN, UNIVERSAL, false)
+ .decode(value, OCTET_STRING)
+ .verify_end()
+ .end_cons();
+
+ Certificate_Extension* ext = make_extension(oid);
+
+ if(!ext)
+ {
+ if(!critical)
+ continue;
+
+ throw Decoding_Error("Encountered unknown X.509 extension marked"
+ "as critical; OID = " + oid.as_string());
+ }
+
+ ext->decode_inner(value);
+
+ extensions.push_back(ext);
+ }
+ sequence.verify_end();
}
/*************************************************
@@ -118,18 +131,15 @@ namespace Cert_Extension {
*************************************************/
MemoryVector<byte> Basic_Constraints::encode_inner() const
{
- DER_Encoder der;
-
- der.start_sequence();
- if(is_ca)
- {
- der.encode(true);
- if(path_limit != NO_CERT_PATH_LIMIT)
- der.encode(path_limit);
- }
- der.end_sequence();
-
- return der.get_contents();
+ return DER_Encoder()
+ .start_cons(SEQUENCE)
+ .encode_if(is_ca,
+ DER_Encoder()
+ .encode(is_ca)
+ .encode_optional(path_limit, NO_CERT_PATH_LIMIT)
+ )
+ .end_cons()
+ .get_contents();
}
/*************************************************
@@ -137,23 +147,24 @@ MemoryVector<byte> Basic_Constraints::encode_inner() const
*************************************************/
void Basic_Constraints::decode_inner(const MemoryRegion<byte>& in)
{
- BER_Decoder ber(in);
-
- BER_Decoder basic_constraints = BER::get_subsequence(ber);
- BER::decode_optional(basic_constraints, is_ca,
- BOOLEAN, UNIVERSAL, false);
- BER::decode_optional(basic_constraints, path_limit,
- INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT);
- basic_constraints.verify_end();
+ BER_Decoder(in)
+ .start_cons(SEQUENCE)
+ .decode_optional(is_ca, BOOLEAN, UNIVERSAL, false)
+ .decode_optional(path_limit, INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT)
+ .verify_end()
+ .end_cons();
+
+ if(is_ca == false)
+ path_limit = 0;
}
/*************************************************
-* Basic_Constraints Constructor *
+* Return a textual representation *
*************************************************/
-Basic_Constraints::Basic_Constraints(bool is_ca, u32bit path_limit)
+void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const
{
- this->is_ca = is_ca;
- this->path_limit = path_limit;
+ subject.add("X509v3.BasicConstraints.path_constraint",
+ (is_ca ? path_limit : 0));
}
/*************************************************
@@ -206,11 +217,11 @@ void Key_Usage::decode_inner(const MemoryRegion<byte>& in)
}
/*************************************************
-* Key_Usage Constructor *
+* Return a textual representation *
*************************************************/
-Key_Usage::Key_Usage(Key_Constraints constraints)
+void Key_Usage::contents_to(Data_Store& subject, Data_Store&) const
{
- this->constraints = constraints;
+ subject.add("X509v3.KeyUsage", constraints);
}
/*************************************************
@@ -230,6 +241,14 @@ void Subject_Key_ID::decode_inner(const MemoryRegion<byte>& in)
}
/*************************************************
+* Return a textual representation *
+*************************************************/
+void Subject_Key_ID::contents_to(Data_Store& subject, Data_Store&) const
+ {
+ subject.add("X509v3.SubjectKeyIdentifier", key_id);
+ }
+
+/*************************************************
* Subject_Key_ID Constructor *
*************************************************/
Subject_Key_ID::Subject_Key_ID(const MemoryRegion<byte>& pub_key)
@@ -244,9 +263,9 @@ Subject_Key_ID::Subject_Key_ID(const MemoryRegion<byte>& pub_key)
MemoryVector<byte> Authority_Key_ID::encode_inner() const
{
return DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode(key_id, OCTET_STRING, ASN1_Tag(0), CONTEXT_SPECIFIC)
- .end_sequence()
+ .end_cons()
.get_contents();
}
@@ -256,15 +275,16 @@ MemoryVector<byte> Authority_Key_ID::encode_inner() const
void Authority_Key_ID::decode_inner(const MemoryRegion<byte>& in)
{
BER_Decoder ber(in);
-
+ // FIXME
}
/*************************************************
-* Authority_Key_ID Constructor *
+* Return a textual representation *
*************************************************/
-Authority_Key_ID::Authority_Key_ID(const MemoryRegion<byte>& key_id)
+void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer) const
{
- this->key_id = key_id;
+ if(key_id.size())
+ issuer.add("X509v3.AuthorityKeyIdentifier", key_id);
}
/*************************************************
@@ -280,8 +300,15 @@ MemoryVector<byte> Alternative_Name::encode_inner() const
*************************************************/
void Alternative_Name::decode_inner(const MemoryRegion<byte>& in)
{
- BER_Decoder ber(in);
+ BER_Decoder(in).decode(alt_name);
+ }
+/*************************************************
+* Return a textual representation *
+*************************************************/
+void Alternative_Name::contents_to(Data_Store& info, Data_Store&) const
+ {
+ info.add(alt_name.contents());
}
/*************************************************
@@ -301,31 +328,93 @@ Alternative_Name::Alternative_Name(const AlternativeName& alt_name,
*************************************************/
MemoryVector<byte> Extended_Key_Usage::encode_inner() const
{
- DER_Encoder der;
+ return DER_Encoder()
+ .start_cons(SEQUENCE)
+ .encode_list(oids)
+ .end_cons()
+ .get_contents();
+ }
- der.start_sequence();
- for(u32bit j = 0; j != oids.size(); ++j)
- der.encode(oids[j]);
- der.end_sequence();
+/*************************************************
+* Decode the extension *
+*************************************************/
+void Extended_Key_Usage::decode_inner(const MemoryRegion<byte>& in)
+ {
+ BER_Decoder(in)
+ .start_cons(SEQUENCE)
+ .decode_list(oids)
+ .end_cons();
+ }
- return der.get_contents();
+/*************************************************
+* Return a textual representation *
+*************************************************/
+void Extended_Key_Usage::contents_to(Data_Store& subject, Data_Store&) const
+ {
+ for(u32bit j = 0; j != oids.size(); j++)
+ subject.add("X509v3.ExtendedKeyUsage", oids[j].as_string());
+ }
+
+namespace {
+
+class Policy_Information : public ASN1_Object
+ {
+ public:
+ OID oid;
+
+ void encode_into(DER_Encoder& codec) const
+ {
+ codec.start_cons(SEQUENCE)
+ .encode(oid)
+ .end_cons();
+ }
+ void decode_from(BER_Decoder& codec)
+ {
+ codec.start_cons(SEQUENCE)
+ .decode(oid)
+ .discard_remaining()
+ .end_cons();
+ }
+ };
+
+}
+
+/*************************************************
+* Encode the extension *
+*************************************************/
+MemoryVector<byte> Certificate_Policies::encode_inner() const
+ {
+ throw Exception("Certificate_Policies::encode_inner: Bugged");
+
+ std::vector<Policy_Information> policies;
+
+ return DER_Encoder()
+ .start_cons(SEQUENCE)
+ .encode_list(policies)
+ .end_cons()
+ .get_contents();
}
/*************************************************
* Decode the extension *
*************************************************/
-void Extended_Key_Usage::decode_inner(const MemoryRegion<byte>& in)
+void Certificate_Policies::decode_inner(const MemoryRegion<byte>& in)
{
- BER_Decoder ber(in);
+ std::vector<Policy_Information> policies;
+ BER_Decoder(in)
+ .start_cons(SEQUENCE)
+ .decode_list(policies)
+ .end_cons();
}
/*************************************************
-* Extended_Key_Usage Constructor *
+* Return a textual representation *
*************************************************/
-Extended_Key_Usage::Extended_Key_Usage(const std::vector<OID>& oids)
+void Certificate_Policies::contents_to(Data_Store& info, Data_Store&) const
{
- this->oids = oids;
+ for(u32bit j = 0; j != oids.size(); j++)
+ info.add("X509v3.ExtendedKeyUsage", oids[j].as_string());
}
/*************************************************
@@ -341,15 +430,43 @@ MemoryVector<byte> CRL_Number::encode_inner() const
*************************************************/
void CRL_Number::decode_inner(const MemoryRegion<byte>& in)
{
- BER_Decoder ber(in);
+ BER_Decoder(in).decode(crl_number);
+ }
+
+/*************************************************
+* Return a textual representation *
+*************************************************/
+void CRL_Number::contents_to(Data_Store& info, Data_Store&) const
+ {
+ info.add("X509v3.CRLNumber", crl_number);
+ }
+/*************************************************
+* Encode the extension *
+*************************************************/
+MemoryVector<byte> CRL_ReasonCode::encode_inner() const
+ {
+ return DER_Encoder()
+ .encode((u32bit)reason, ENUMERATED, UNIVERSAL)
+ .get_contents();
+ }
+
+/*************************************************
+* Decode the extension *
+*************************************************/
+void CRL_ReasonCode::decode_inner(const MemoryRegion<byte>& in)
+ {
+ u32bit reason_code = 0;
+ BER_Decoder(in).decode(reason_code, ENUMERATED, UNIVERSAL);
+ reason = (CRL_Code)reason_code;
}
/*************************************************
-* CRL_Number Constructor *
+* Return a textual representation *
*************************************************/
-CRL_Number::CRL_Number(u32bit n) : crl_number(n)
+void CRL_ReasonCode::contents_to(Data_Store& info, Data_Store&) const
{
+ info.add("X509v3.CRLReasonCode", reason);
}
}
diff --git a/src/x509_key.cpp b/src/x509_key.cpp
index 118242b4e..08b440a3d 100644
--- a/src/x509_key.cpp
+++ b/src/x509_key.cpp
@@ -6,6 +6,8 @@
#include <botan/x509_key.h>
#include <botan/filters.h>
#include <botan/asn1_obj.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/pk_algs.h>
#include <botan/oids.h>
#include <botan/pem.h>
@@ -47,11 +49,12 @@ namespace {
void X509_extract_info(DataSource& source, AlgorithmIdentifier& alg_id,
MemoryVector<byte>& key)
{
- BER_Decoder decoder(source);
- BER_Decoder sequence = BER::get_subsequence(decoder);
- BER::decode(sequence, alg_id);
- sequence.decode(key, BIT_STRING);
- sequence.verify_end();
+ BER_Decoder(source)
+ .start_cons(SEQUENCE)
+ .decode(alg_id)
+ .decode(key, BIT_STRING)
+ .verify_end()
+ .end_cons();
}
}
@@ -63,12 +66,12 @@ void encode(const X509_PublicKey& key, Pipe& pipe, X509_Encoding encoding)
{
AlgorithmIdentifier alg_id(key.get_oid(), key.DER_encode_params());
- MemoryVector<byte> der =
+ MemoryVector<byte> der =
DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode(alg_id)
.encode(key.DER_encode_pub(), BIT_STRING)
- .end_sequence()
+ .end_cons()
.get_contents();
if(encoding == PEM)
diff --git a/src/x509_obj.cpp b/src/x509_obj.cpp
index ae545c134..f5d1bab85 100644
--- a/src/x509_obj.cpp
+++ b/src/x509_obj.cpp
@@ -4,6 +4,11 @@
*************************************************/
#include <botan/x509_obj.h>
+#include <botan/x509_key.h>
+#include <botan/look_pk.h>
+#include <botan/oids.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/parsing.h>
#include <botan/pem.h>
#include <algorithm>
@@ -64,13 +69,15 @@ void X509_Object::init(DataSource& in, const std::string& labels)
*************************************************/
void X509_Object::decode_info(DataSource& source)
{
- BER_Decoder ber(source);
- BER_Decoder sequence = BER::get_subsequence(ber);
- tbs_bits = BER::get_subsequence(sequence).get_remaining();
-
- BER::decode(sequence, sig_algo);
- sequence.decode(sig, BIT_STRING);
- sequence.verify_end();
+ BER_Decoder(source)
+ .start_cons(SEQUENCE)
+ .start_cons(SEQUENCE)
+ .raw_bytes(tbs_bits)
+ .end_cons()
+ .decode(sig_algo)
+ .decode(sig, BIT_STRING)
+ .verify_end()
+ .end_cons();
}
/*************************************************
@@ -78,12 +85,14 @@ void X509_Object::decode_info(DataSource& source)
*************************************************/
void X509_Object::encode(Pipe& out, X509_Encoding encoding) const
{
- SecureVector<byte> der =
- DER_Encoder().start_sequence()
- .add_raw_octets(tbs_data())
+ SecureVector<byte> der = DER_Encoder()
+ .start_cons(SEQUENCE)
+ .start_cons(SEQUENCE)
+ .raw_bytes(tbs_bits)
+ .end_cons()
.encode(sig_algo)
.encode(sig, BIT_STRING)
- .end_sequence()
+ .end_cons()
.get_contents();
if(encoding == PEM)
@@ -141,6 +150,47 @@ AlgorithmIdentifier X509_Object::signature_algorithm() const
}
/*************************************************
+* Check the signature on an object *
+*************************************************/
+bool X509_Object::check_signature(X509_PublicKey& pub_key) const
+ {
+ try {
+ std::vector<std::string> sig_info =
+ split_on(OIDS::lookup(sig_algo.oid), '/');
+
+ if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name())
+ return false;
+
+ std::string padding = sig_info[1];
+ Signature_Format format =
+ (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
+
+ std::auto_ptr<PK_Verifier> verifier;
+
+ if(dynamic_cast<PK_Verifying_with_MR_Key*>(&pub_key))
+ {
+ PK_Verifying_with_MR_Key& sig_key =
+ dynamic_cast<PK_Verifying_with_MR_Key&>(pub_key);
+ verifier.reset(get_pk_verifier(sig_key, padding, format));
+ }
+ else if(dynamic_cast<PK_Verifying_wo_MR_Key*>(&pub_key))
+ {
+ PK_Verifying_wo_MR_Key& sig_key =
+ dynamic_cast<PK_Verifying_wo_MR_Key&>(pub_key);
+ verifier.reset(get_pk_verifier(sig_key, padding, format));
+ }
+ else
+ return false;
+
+ return verifier->verify_message(tbs_data(), signature());
+ }
+ catch(...)
+ {
+ return false;
+ }
+ }
+
+/*************************************************
* Try to decode the actual information *
*************************************************/
void X509_Object::do_decode()
diff --git a/src/x509cert.cpp b/src/x509cert.cpp
index 143cc84b0..9f8fe85a2 100644
--- a/src/x509cert.cpp
+++ b/src/x509cert.cpp
@@ -4,7 +4,9 @@
*************************************************/
#include <botan/x509cert.h>
-#include <botan/asn1_int.h>
+#include <botan/x509_ext.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
#include <botan/stl_util.h>
#include <botan/parsing.h>
#include <botan/bigint.h>
@@ -132,8 +134,9 @@ void X509_Certificate::force_decode()
BER_Decoder tbs_cert(tbs_bits);
u32bit version;
- BER::decode_optional(tbs_cert, version, ASN1_Tag(0),
- ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC));
+ tbs_cert.decode_optional(version, ASN1_Tag(0),
+ ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC));
+
if(version > 2)
throw Decoding_Error("Unknown X.509 cert version " + to_string(version));
if(version < 2)
@@ -146,24 +149,25 @@ void X509_Certificate::force_decode()
tbs_cert.decode(serial_bn);
AlgorithmIdentifier sig_algo_inner;
- BER::decode(tbs_cert, sig_algo_inner);
+ tbs_cert.decode(sig_algo_inner);
if(sig_algo != sig_algo_inner)
throw Decoding_Error("Algorithm identifier mismatch");
X509_DN dn_issuer;
- BER::decode(tbs_cert, dn_issuer);
+ tbs_cert.decode(dn_issuer);
load_info(issuer, dn_issuer);
X509_Time start, end;
- BER_Decoder validity = BER::get_subsequence(tbs_cert);
- BER::decode(validity, start);
- BER::decode(validity, end);
- validity.verify_end();
+ tbs_cert.start_cons(SEQUENCE)
+ .decode(start)
+ .decode(end)
+ .verify_end()
+ .end_cons();
X509_DN dn_subject;
- BER::decode(tbs_cert, dn_subject);
+ tbs_cert.decode(dn_subject);
load_info(subject, dn_subject);
BER_Object public_key = tbs_cert.get_next_object();
@@ -173,26 +177,24 @@ void X509_Certificate::force_decode()
MemoryVector<byte> v2_issuer_key_id, v2_subject_key_id;
- BER::decode_optional_string(tbs_cert, v2_issuer_key_id, BIT_STRING,
- ASN1_Tag(1), CONTEXT_SPECIFIC);
- BER::decode_optional_string(tbs_cert, v2_subject_key_id, BIT_STRING,
- ASN1_Tag(2), CONTEXT_SPECIFIC);
+ tbs_cert.decode_optional_string(v2_issuer_key_id, BIT_STRING, 1);
+ tbs_cert.decode_optional_string(v2_subject_key_id, BIT_STRING, 2);
BER_Object v3_exts_data = tbs_cert.get_next_object();
if(v3_exts_data.type_tag == 3 &&
v3_exts_data.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
{
BER_Decoder v3_exts_decoder(v3_exts_data.value);
- BER_Decoder sequence = BER::get_subsequence(v3_exts_decoder);
+ BER_Decoder ext_data = v3_exts_decoder.start_cons(SEQUENCE);
+ v3_exts_decoder.verify_end();
- while(sequence.more_items())
+ while(ext_data.more_items())
{
Extension extn;
- BER::decode(sequence, extn);
+ ext_data.decode(extn);
handle_v3_extension(extn);
}
- sequence.verify_end();
- v3_exts_decoder.verify_end();
+ ext_data.end_cons();
}
else if(v3_exts_data.type_tag != NO_OBJECT)
throw BER_Bad_Tag("Unknown tag in X.509 cert",
@@ -234,22 +236,24 @@ void X509_Certificate::handle_v3_extension(const Extension& extn)
}
else if(extn.oid == OIDS::lookup("X509v3.ExtendedKeyUsage"))
{
- BER_Decoder key_usage = BER::get_subsequence(value);
+ BER_Decoder key_usage = value.start_cons(SEQUENCE);
while(key_usage.more_items())
{
OID usage_oid;
- BER::decode(key_usage, usage_oid);
+ key_usage.decode(usage_oid);
info.add("X509v3.ExtendedKeyUsage", usage_oid.as_string());
}
}
else if(extn.oid == OIDS::lookup("X509v3.BasicConstraints"))
{
u32bit max_path_len = 0;
- BER_Decoder basic_constraints = BER::get_subsequence(value);
- BER::decode_optional(basic_constraints, is_ca,
- BOOLEAN, UNIVERSAL, false);
- BER::decode_optional(basic_constraints, max_path_len,
- INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT);
+
+ value.start_cons(SEQUENCE)
+ .decode_optional(is_ca, BOOLEAN, UNIVERSAL, false)
+ .decode_optional(max_path_len, INTEGER, UNIVERSAL,
+ NO_CERT_PATH_LIMIT)
+ .verify_end()
+ .end_cons();
info.add("X509v3.BasicConstraints.is_ca", is_ca);
info.add("X509v3.BasicConstraints.path_constraint", max_path_len);
@@ -263,32 +267,32 @@ void X509_Certificate::handle_v3_extension(const Extension& extn)
else if(extn.oid == OIDS::lookup("X509v3.AuthorityKeyIdentifier"))
{
MemoryVector<byte> v3_issuer_key_id;
- BER_Decoder key_id = BER::get_subsequence(value);
- BER::decode_optional_string(key_id, v3_issuer_key_id, OCTET_STRING,
- ASN1_Tag(0), CONTEXT_SPECIFIC);
+ BER_Decoder key_id = value.start_cons(SEQUENCE);
+ key_id.decode_optional_string(v3_issuer_key_id, OCTET_STRING, 0);
info.add("X509v3.AuthorityKeyIdentifier", v3_issuer_key_id);
}
else if(extn.oid == OIDS::lookup("X509v3.SubjectAlternativeName"))
{
AlternativeName alt_name;
- BER::decode(value, alt_name);
+ value.decode(alt_name);
load_info(subject, alt_name);
}
else if(extn.oid == OIDS::lookup("X509v3.IssuerAlternativeName"))
{
AlternativeName alt_name;
- BER::decode(value, alt_name);
+ value.decode(alt_name);
load_info(issuer, alt_name);
}
else if(extn.oid == OIDS::lookup("X509v3.CertificatePolicies"))
{
- BER_Decoder ber_policies = BER::get_subsequence(value);
+
+ BER_Decoder ber_policies = value.start_cons(SEQUENCE);
while(ber_policies.more_items())
{
OID oid;
- BER_Decoder policy = BER::get_subsequence(ber_policies);
- BER::decode(policy, oid);
+ BER_Decoder policy = ber_policies.start_cons(SEQUENCE);
+ policy.decode(oid);
if(extn.critical && policy.more_items())
throw Decoding_Error("X.509 v3 critical policy has qualifiers");
diff --git a/src/x509self.cpp b/src/x509self.cpp
index 281251bef..f107e005b 100644
--- a/src/x509self.cpp
+++ b/src/x509self.cpp
@@ -6,6 +6,7 @@
#include <botan/x509self.h>
#include <botan/x509_ext.h>
#include <botan/x509_ca.h>
+#include <botan/der_enc.h>
#include <botan/conf.h>
#include <botan/look_pk.h>
#include <botan/oids.h>
@@ -140,53 +141,45 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
DER_Encoder tbs_req;
- tbs_req.start_sequence()
+ tbs_req.start_cons(SEQUENCE)
.encode(PKCS10_VERSION)
.encode(subject_dn)
- .add_raw_octets(pub_key)
- .start_explicit(ASN1_Tag(0));
+ .raw_bytes(pub_key)
+ .start_explicit(0);
if(opts.challenge != "")
{
ASN1_String challenge(opts.challenge, DIRECTORY_STRING);
-#if 0
- DER_Encoder attr_encoder;
- attr_encoder.encode(challenge);
- tbs_req.encode(
- Attribute("PKCS9.ChallengePassword", attr_encoder.get_contents())
- );
-#else
tbs_req.encode(
Attribute("PKCS9.ChallengePassword",
DER_Encoder().encode(challenge).get_contents()
)
);
-#endif
}
tbs_req.encode(
Attribute("PKCS9.ExtensionRequest",
DER_Encoder()
- .start_sequence()
+ .start_cons(SEQUENCE)
.encode(extensions)
- .end_sequence()
+ .end_cons()
.get_contents()
)
)
- .end_explicit(ASN1_Tag(0))
- .end_sequence();
+ .end_explicit()
+ .end_cons();
MemoryVector<byte> tbs_bits = tbs_req.get_contents();
MemoryVector<byte> sig = signer->sign_message(tbs_bits);
DataSource_Memory source(
DER_Encoder()
- .start_sequence()
- .add_raw_octets(tbs_bits)
+ .start_cons(SEQUENCE)
+ .raw_bytes(tbs_bits)
.encode(sig_algo)
.encode(sig, BIT_STRING)
- .end_sequence()
+ .end_cons()
.get_contents()
);