From f061dedcb70ed88214e730fff842d06e7857b333 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Mon, 4 Oct 2021 12:39:11 +0200 Subject: [PATCH] asn1: Return any parameters of algorithmIdentifier structures Previously, only parameters of type OID, SEQUENCE and OCTET STRING were returned (so e.g. random integers could be put in parameters and we wouldn't know about it). Log output is basically the same as with asn1_parser_t before, except that parameters are always dumped (if any), that wasn't the case before because ASN1_RAW (instead of ASN1_OBJ) was used. --- src/libstrongswan/asn1/asn1.c | 55 +++++++--------------- src/libstrongswan/tests/suites/test_asn1.c | 7 +-- 2 files changed, 20 insertions(+), 42 deletions(-) diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index f75e942578..60e7867907 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -637,58 +637,35 @@ chunk_t asn1_integer_from_uint64(uint64_t val) return chunk_clone(enc); } -/** - * ASN.1 definition of an algorithmIdentifier - */ -static const asn1Object_t algorithmIdentifierObjects[] = { - { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */ - { 1, "parameters", ASN1_OID, ASN1_RAW|ASN1_OPT }, /* 2 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 1, "parameters", ASN1_SEQUENCE, ASN1_RAW|ASN1_OPT }, /* 4 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 5 */ - { 1, "parameters", ASN1_OCTET_STRING, ASN1_RAW|ASN1_OPT }, /* 6 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 7 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define ALGORITHM_ID_ALG 1 -#define ALGORITHM_ID_PARAMETERS_OID 2 -#define ALGORITHM_ID_PARAMETERS_SEQ 4 -#define ALGORITHM_ID_PARAMETERS_OCT 6 - /* - * Defined in header + * Described in header */ int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters) { - asn1_parser_t *parser; chunk_t object; - int objectID; int alg = OID_UNKNOWN; - parser = asn1_parser_create(algorithmIdentifierObjects, blob); - parser->set_top_level(parser, level0); - - while (parser->iterate(parser, &objectID, &object)) + if (asn1_unwrap(&blob, &blob) == ASN1_SEQUENCE) { - switch (objectID) + DBG2(DBG_ASN, "L%d - algorithmIdentifier:", level0); + + if (asn1_unwrap(&blob, &object) == ASN1_OID) { - case ALGORITHM_ID_ALG: - alg = asn1_known_oid(object); - break; - case ALGORITHM_ID_PARAMETERS_OID: - case ALGORITHM_ID_PARAMETERS_SEQ: - case ALGORITHM_ID_PARAMETERS_OCT: - if (parameters != NULL) + DBG2(DBG_ASN, "L%d - algorithm:", level0+1); + asn1_debug_simple_object(object, ASN1_OID, FALSE); + alg = asn1_known_oid(object); + + if (blob.len) + { + DBG2(DBG_ASN, "L%d - parameters:", level0+1); + DBG3(DBG_ASN, "%B", &blob); + if (parameters) { - *parameters = object; + *parameters = blob; } - break; - default: - break; + } } } - parser->destroy(parser); return alg; } diff --git a/src/libstrongswan/tests/suites/test_asn1.c b/src/libstrongswan/tests/suites/test_asn1.c index d7fb7c2a9b..cbeaa47254 100644 --- a/src/libstrongswan/tests/suites/test_asn1.c +++ b/src/libstrongswan/tests/suites/test_asn1.c @@ -64,9 +64,10 @@ START_TEST(test_asn1_parse_algorithmIdentifier) testdata_t test[] = { { OID_ECDSA_WITH_SHA1, TRUE, chunk_empty }, - { OID_SHA1_WITH_RSA, TRUE, chunk_from_chars(0x05, 0x00) }, + { OID_SHA1_WITH_RSA, FALSE, chunk_from_chars(0x05, 0x00) }, { OID_3DES_EDE_CBC, FALSE, chunk_from_chars(0x04, 0x01, 0xaa) }, - { OID_PBKDF2, FALSE, chunk_from_chars(0x30, 0x01, 0xaa) } + { OID_PBKDF2, FALSE, chunk_from_chars(0x30, 0x01, 0xaa) }, + { OID_ECGDSA_PUBKEY, FALSE, chunk_from_chars(0x02, 0x01, 0x01, 0x30, 0x01, 0xaa) }, }; chunk_t algid, parameters; @@ -88,7 +89,7 @@ START_TEST(test_asn1_parse_algorithmIdentifier) { ck_assert(parameters.len == 0 && parameters.ptr == NULL); } - else + else { ck_assert(chunk_equals(parameters, test[i].parameters)); } -- 2.47.2