You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
856 lines
30 KiB
856 lines
30 KiB
//+-------------------------------------------------------------------------
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (C) Microsoft Corporation, 2001 - 2001
|
|
//
|
|
// File: minasn1.h
|
|
//
|
|
// Contents: Minimal ASN.1 Utility and Parsing API Prototypes
|
|
// and Definitions
|
|
//
|
|
// Contains functions to parse X.509 certificates, PKCS #7
|
|
// Signed Data messages, Certificate Trusts Lists (CTLs),
|
|
// hash catalogs, Authenticode Indirect Data and
|
|
// RSA public keys.
|
|
//
|
|
// These APIs are implemented to be self contained and to
|
|
// allow for code obfuscation. These APIs will be included
|
|
// in such applications as, DRM or licensing verification.
|
|
//
|
|
// Additionally, since these APIs have been pared down
|
|
// from their wincrypt.h and crypt32.dll counterparts they are
|
|
// a good candidate for applications with minimal memory and CPU
|
|
// resources.
|
|
//
|
|
// These parsing functions don't depend on more heavy wait
|
|
// ASN.1 runtimes, such as, msoss.dll or msasn1.dll.
|
|
//
|
|
// These functions will only use stack memory. No heap
|
|
// allocations. No calls to APIs in other DLLs.
|
|
//
|
|
// APIs:
|
|
// MinAsn1DecodeLength
|
|
// MinAsn1ExtractContent
|
|
// MinAsn1ExtractValues
|
|
//
|
|
// MinAsn1ParseCertificate
|
|
// MinAsn1ParseAlgorithmIdentifier
|
|
// MinAsn1ParsePublicKeyInfo
|
|
// MinAsn1ParseRSAPublicKey
|
|
// MinAsn1ParseExtensions
|
|
// MinAsn1ParseSignedData
|
|
// MinAsn1ParseSignedDataCertificates
|
|
// MinAsn1ParseAttributes
|
|
// MinAsn1ParseCTL
|
|
// MinAsn1ParseCTLSubject
|
|
// MinAsn1ParseIndirectData
|
|
//
|
|
// MinAsn1FindExtension
|
|
// MinAsn1FindAttribute
|
|
// MinAsn1ExtractParsedCertificatesFromSignedData
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
#ifndef __MINASN1_H__
|
|
#define __MINASN1_H__
|
|
|
|
|
|
#if defined (_MSC_VER)
|
|
|
|
#if ( _MSC_VER >= 800 )
|
|
#if _MSC_VER >= 1200
|
|
#pragma warning(push)
|
|
#endif
|
|
#pragma warning(disable:4201) /* Nameless struct/union */
|
|
#endif
|
|
|
|
#if (_MSC_VER > 1020)
|
|
#pragma once
|
|
#endif
|
|
|
|
#endif
|
|
|
|
|
|
#include <wincrypt.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// ASN.1 Tag Defines
|
|
//--------------------------------------------------------------------------
|
|
#define MINASN1_TAG_NULL 0x00
|
|
#define MINASN1_TAG_BOOLEAN 0x01
|
|
#define MINASN1_TAG_INTEGER 0x02
|
|
#define MINASN1_TAG_BITSTRING 0x03
|
|
#define MINASN1_TAG_OCTETSTRING 0x04
|
|
#define MINASN1_TAG_OID 0x06
|
|
#define MINASN1_TAG_UTC_TIME 0x17
|
|
#define MINASN1_TAG_GENERALIZED_TIME 0x18
|
|
#define MINASN1_TAG_CONSTRUCTED 0x20
|
|
#define MINASN1_TAG_SEQ 0x30
|
|
#define MINASN1_TAG_SET 0x31
|
|
#define MINASN1_TAG_CONTEXT_0 0x80
|
|
#define MINASN1_TAG_CONTEXT_1 0x81
|
|
#define MINASN1_TAG_CONTEXT_2 0x82
|
|
#define MINASN1_TAG_CONTEXT_3 0x83
|
|
|
|
#define MINASN1_TAG_CONSTRUCTED_CONTEXT_0 \
|
|
(MINASN1_TAG_CONSTRUCTED | MINASN1_TAG_CONTEXT_0)
|
|
#define MINASN1_TAG_CONSTRUCTED_CONTEXT_1 \
|
|
(MINASN1_TAG_CONSTRUCTED | MINASN1_TAG_CONTEXT_1)
|
|
#define MINASN1_TAG_CONSTRUCTED_CONTEXT_3 \
|
|
(MINASN1_TAG_CONSTRUCTED | MINASN1_TAG_CONTEXT_3)
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// ASN.1 Length Defines for indefinite length encooding
|
|
//--------------------------------------------------------------------------
|
|
#define MINASN1_LENGTH_INDEFINITE 0x80
|
|
#define MINASN1_LENGTH_NULL 0x00
|
|
|
|
#define MINASN1_LENGTH_TOO_LARGE -1
|
|
#define MINASN1_INSUFFICIENT_DATA -2
|
|
#define MINASN1_UNSUPPORTED_INDEFINITE_LENGTH -3
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Get the number of contents octets in a definite-length BER-encoding.
|
|
//
|
|
// Parameters:
|
|
// pcbContent - receives the number of contents octets
|
|
// pbLength - points to the first length octet
|
|
// cbBER - number of bytes remaining in the BER encoding
|
|
//
|
|
// Returns:
|
|
// success - the number of bytes in the length field, > 0
|
|
// failure - < 0
|
|
//
|
|
// One of the following failure values can be returned:
|
|
// MINASN1_LENGTH_TOO_LARGE
|
|
// MINASN1_INSUFFICIENT_DATA
|
|
// MINASN1_UNSUPPORTED_INDEFINITE_LENGTH
|
|
//--------------------------------------------------------------------------
|
|
LONG
|
|
WINAPI
|
|
MinAsn1DecodeLength(
|
|
OUT DWORD *pcbContent,
|
|
IN const BYTE *pbLength,
|
|
IN DWORD cbBER
|
|
);
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Point to the content octets in a definite-length BER-encoded blob.
|
|
//
|
|
// Returns:
|
|
// success - the number of bytes skipped, > 0
|
|
// failure - < 0
|
|
//
|
|
// One of the following failure values can be returned:
|
|
// MINASN1_LENGTH_TOO_LARGE
|
|
// MINASN1_INSUFFICIENT_DATA
|
|
// MINASN1_UNSUPPORTED_INDEFINITE_LENGTH
|
|
//
|
|
// Assumption: pbData points to a definite-length BER-encoded blob.
|
|
// If *pcbContent isn't within cbBER, MINASN1_INSUFFICIENT_DATA
|
|
// is returned.
|
|
//--------------------------------------------------------------------------
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ExtractContent(
|
|
IN const BYTE *pbBER,
|
|
IN DWORD cbBER,
|
|
OUT DWORD *pcbContent,
|
|
OUT const BYTE **ppbContent
|
|
);
|
|
|
|
|
|
typedef struct _MINASN1_EXTRACT_VALUE_PARA {
|
|
// See below for list of operations and optional return blobs.
|
|
DWORD dwFlags;
|
|
|
|
// Index into rgValueBlob of the returned value. Ignored if none of
|
|
// the ASN1_PARSE_RETURN_*_BLOB_FLAG's is set in the above dwFlags.
|
|
DWORD dwIndex;
|
|
|
|
// The following 0 terminated array of tags is optional. If ommited, the
|
|
// value may contain any tag.
|
|
const BYTE *rgbTag;
|
|
} MINASN1_EXTRACT_VALUE_PARA, *PMINASN1_EXTRACT_VALUE_PARA;
|
|
|
|
// The lower 8 bits of dwFlags is set to one of the following operations
|
|
#define MINASN1_MASK_VALUE_OP 0xFF
|
|
#define MINASN1_STEP_OVER_VALUE_OP 1
|
|
#define MINASN1_OPTIONAL_STEP_OVER_VALUE_OP 2
|
|
#define MINASN1_STEP_INTO_VALUE_OP 3
|
|
#define MINASN1_OPTIONAL_STEP_INTO_VALUE_OP 4
|
|
#define MINASN1_STEP_OUT_VALUE_OP 5
|
|
|
|
#define MINASN1_RETURN_VALUE_BLOB_FLAG 0x80000000
|
|
#define MINASN1_RETURN_CONTENT_BLOB_FLAG 0x40000000
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Extract one or more tagged values from the ASN.1 encoded byte array.
|
|
//
|
|
// Either steps into the value's content octets (MINASN1_STEP_INTO_VALUE_OP or
|
|
// MINASN1_OPTIONAL_STEP_INTO_VALUE_OP) or steps over the value's tag,
|
|
// length and content octets (MINASN1_STEP_OVER_VALUE_OP or
|
|
// MINASN1_OPTIONAL_STEP_OVER_VALUE_OP).
|
|
//
|
|
// You can step out of a stepped into sequence via MINASN1_STEP_OUT_VALUE_OP.
|
|
//
|
|
// For tag matching, only supports single byte tags.
|
|
//
|
|
// Only definite-length ASN.1 is supported.
|
|
//
|
|
// *pcValue is updated with the number of values successfully extracted.
|
|
//
|
|
// Returns:
|
|
// success - >= 0 => length of all bytes consumed through the last value
|
|
// extracted. For STEP_INTO, only the tag and length
|
|
// octets.
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// A non-NULL rgValueBlob[] is updated with the pointer to and length of the
|
|
// tagged value or its content octets. The rgValuePara[].dwIndex is used to
|
|
// index into rgValueBlob[]. For OPTIONAL_STEP_OVER or
|
|
// OPTIONAL_STEP_INTO, if no more bytes in the outer SEQUENCE or if the tag
|
|
// isn't found, pbData and cbData are set to 0. Additioanlly, for
|
|
// OPTIONAL_STEP_INTO, all subsequent values are skipped and their
|
|
// rgValueBlob[] entries zeroed until a STEP_OUT is encountered.
|
|
//
|
|
// If MINASN1_RETURN_VALUE_BLOB_FLAG is set, pbData points to
|
|
// the tag. cbData includes the tag, length and content octets.
|
|
//
|
|
// If MINASN1_RETURN_CONTENT_BLOB_FLAG is set, pbData points to the content
|
|
// octets. cbData includes only the content octets.
|
|
//
|
|
// If neither BLOB_FLAG is set, rgValueBlob[] isn't updated.
|
|
//
|
|
// For MINASN1_RETURN_CONTENT_BLOB_FLAG of a BITSTRING, pbData is
|
|
// advanced past the first contents octet containing the number of
|
|
// unused bits and cbData has been decremented by 1. If cbData > 0, then,
|
|
// *(pbData - 1) will contain the number of unused bits.
|
|
//--------------------------------------------------------------------------
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ExtractValues(
|
|
IN const BYTE *pbEncoded,
|
|
IN DWORD cbEncoded,
|
|
IN OUT DWORD *pcValuePara,
|
|
IN const MINASN1_EXTRACT_VALUE_PARA *rgValuePara,
|
|
IN DWORD cValueBlob,
|
|
OUT OPTIONAL PCRYPT_DER_BLOB rgValueBlob
|
|
);
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Function: MinAsn1ParseCertificate
|
|
//
|
|
// Parses an ASN.1 encoded X.509 certificate.
|
|
//
|
|
// Returns:
|
|
// success - > 0 => bytes skipped, length of the encoded certificate
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// The rgCertBlob[] is updated with pointer to and length of the following
|
|
// fields in the encoded X.509 certificate.
|
|
//
|
|
// All BITSTRING fields have been advanced past the unused count octet.
|
|
//--------------------------------------------------------------------------
|
|
|
|
// Encoded bytes including To Be Signed and Signature
|
|
#define MINASN1_CERT_ENCODED_IDX 1
|
|
|
|
// To Be Signed bytes
|
|
#define MINASN1_CERT_TO_BE_SIGNED_IDX 2
|
|
|
|
// Signature Algorithm value bytes (MinAsn1ParseAlgorithmIdentifier)
|
|
#define MINASN1_CERT_SIGN_ALGID_IDX 3
|
|
|
|
// Signature content bytes (BITSTRING)
|
|
#define MINASN1_CERT_SIGNATURE_IDX 4
|
|
|
|
// Version content bytes (OPTIONAL INTEGER)
|
|
#define MINASN1_CERT_VERSION_IDX 5
|
|
|
|
// Serial Number content bytes (INTEGER)
|
|
#define MINASN1_CERT_SERIAL_NUMBER_IDX 6
|
|
|
|
// Issuer Name value bytes (ANY)
|
|
#define MINASN1_CERT_ISSUER_IDX 7
|
|
|
|
// Not Before value bytes (UTC_TIME or GENERALIZED_TIME)
|
|
#define MINASN1_CERT_NOT_BEFORE_IDX 8
|
|
|
|
// Not After value bytes (UTC_TIME or GENERALIZED_TIME)
|
|
#define MINASN1_CERT_NOT_AFTER_IDX 9
|
|
|
|
// Subject Name value bytes (ANY)
|
|
#define MINASN1_CERT_SUBJECT_IDX 10
|
|
|
|
// Public Key Info value bytes (MinAsn1ParsePublicKeyInfo)
|
|
#define MINASN1_CERT_PUBKEY_INFO_IDX 11
|
|
|
|
// Issuer Unique Id content bytes (OPTIONAL BITSTRING)
|
|
#define MINASN1_CERT_ISSUER_UNIQUE_ID_IDX 12
|
|
|
|
// Subject Unique Id content bytes (OPTIONAL BITSTRING)
|
|
#define MINASN1_CERT_SUBJECT_UNIQUE_ID_IDX 13
|
|
|
|
// Extensions value bytes skipping "[3] EXPLICIT" tag
|
|
// (OPTIONAL MinAsn1ParseExtensions)
|
|
#define MINASN1_CERT_EXTS_IDX 14
|
|
|
|
#define MINASN1_CERT_BLOB_CNT 15
|
|
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ParseCertificate(
|
|
IN const BYTE *pbEncoded,
|
|
IN DWORD cbEncoded,
|
|
OUT CRYPT_DER_BLOB rgCertBlob[MINASN1_CERT_BLOB_CNT]
|
|
);
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Function: MinAsn1ParseAlgorithmIdentifier
|
|
//
|
|
// Parses an ASN.1 encoded Algorithm Identifier contained in numerous
|
|
// other ASN.1 structures, such as, X.509 certificate and PKCS #7 Signed Data
|
|
// message.
|
|
//
|
|
// Returns:
|
|
// success - > 0 => bytes skipped, length of the encoded algorithm
|
|
// identifier
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// The rgAlgIdBlob[] is updated with pointer to and length of the following
|
|
// fields in the encoded Algorithm Identifier
|
|
//--------------------------------------------------------------------------
|
|
|
|
// Encoded bytes including outer SEQUENCE tag and length octets
|
|
#define MINASN1_ALGID_ENCODED_IDX 1
|
|
|
|
// Object Identifier content bytes (OID)
|
|
#define MINASN1_ALGID_OID_IDX 2
|
|
|
|
// Encoded parameters value bytes (OPTIONAL ANY)
|
|
#define MINASN1_ALGID_PARA_IDX 3
|
|
|
|
#define MINASN1_ALGID_BLOB_CNT 4
|
|
|
|
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ParseAlgorithmIdentifier(
|
|
IN PCRYPT_DER_BLOB pAlgIdValueBlob,
|
|
OUT CRYPT_DER_BLOB rgAlgIdBlob[MINASN1_ALGID_BLOB_CNT]
|
|
);
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Function: MinAsn1ParsePublicKeyInfo
|
|
//
|
|
// Parses an ASN.1 encoded Public Key Info structure contained in an
|
|
// X.509 certificate
|
|
//
|
|
// Returns:
|
|
// success - > 0 => bytes skipped, length of the encoded public key
|
|
// info
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// The rgPubKeyInfoBlob[] is updated with pointer to and length of the
|
|
// following fields in the encoded Public Key Info.
|
|
//
|
|
// All BITSTRING fields have been advanced past the unused count octet.
|
|
//--------------------------------------------------------------------------
|
|
|
|
// Encoded bytes including outer SEQUENCE tag and length octets
|
|
#define MINASN1_PUBKEY_INFO_ENCODED_IDX 1
|
|
|
|
// Algorithm Identifier value bytes (MinAsn1ParseAlgorithmIdentifier)
|
|
#define MINASN1_PUBKEY_INFO_ALGID_IDX 2
|
|
|
|
// Public Key content bytes (BITSTRING, MinAsn1ParseRSAPublicKey)
|
|
#define MINASN1_PUBKEY_INFO_PUBKEY_IDX 3
|
|
|
|
#define MINASN1_PUBKEY_INFO_BLOB_CNT 4
|
|
|
|
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ParsePublicKeyInfo(
|
|
IN PCRYPT_DER_BLOB pPubKeyInfoValueBlob,
|
|
CRYPT_DER_BLOB rgPubKeyInfoBlob[MINASN1_PUBKEY_INFO_BLOB_CNT]
|
|
);
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Function: MinAsn1ParseRSAPublicKey
|
|
//
|
|
// Parses an ASN.1 encoded RSA PKCS #1 Public Key contained in the contents of
|
|
// Public Key BITSTRING in a X.509 certificate.
|
|
//
|
|
// Returns:
|
|
// success - > 0 => bytes skipped, length of the encoded RSA public key
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// The rgRSAPubKeyBlob[] is updated with pointer to and length of the
|
|
// following fields in the encoded RSA Public Key.
|
|
//--------------------------------------------------------------------------
|
|
|
|
// Encoded bytes including outer SEQUENCE tag and length octets
|
|
#define MINASN1_RSA_PUBKEY_ENCODED_IDX 1
|
|
|
|
// Modulus content bytes (INTEGER)
|
|
#define MINASN1_RSA_PUBKEY_MODULUS_IDX 2
|
|
|
|
// Exponent content bytes (INTEGER)
|
|
#define MINASN1_RSA_PUBKEY_EXPONENT_IDX 3
|
|
|
|
#define MINASN1_RSA_PUBKEY_BLOB_CNT 4
|
|
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ParseRSAPublicKey(
|
|
IN PCRYPT_DER_BLOB pPubKeyContentBlob,
|
|
CRYPT_DER_BLOB rgRSAPubKeyBlob[MINASN1_RSA_PUBKEY_BLOB_CNT]
|
|
);
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Function: MinAsn1ParseExtensions
|
|
//
|
|
// Parses an ASN.1 encoded sequence of extensions contained in
|
|
// other ASN.1 structures, such as, X.509 certificate and CTL.
|
|
//
|
|
// Upon input, *pcExt contains the maximum number of parsed extensions
|
|
// that can be returned. Updated with the number of extensions processed.
|
|
//
|
|
// Returns:
|
|
// success - >= 0 => bytes skipped, length of the encoded extensions
|
|
// processed. If all extensions were processed,
|
|
// bytes skipped = pExtsValueBlob->cbData.
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// The rgrgExtBlob[][] is updated with pointer to and length of the
|
|
// following fields in the encoded extension.
|
|
//--------------------------------------------------------------------------
|
|
|
|
// Encoded bytes including outer SEQUENCE tag and length octets
|
|
#define MINASN1_EXT_ENCODED_IDX 1
|
|
|
|
// Object Identifier content bytes (OID)
|
|
#define MINASN1_EXT_OID_IDX 2
|
|
|
|
// Critical content bytes (OPTIONAL BOOLEAN, DEFAULT FALSE)
|
|
#define MINASN1_EXT_CRITICAL_IDX 3
|
|
|
|
// Value content bytes (OCTETSTRING)
|
|
#define MINASN1_EXT_VALUE_IDX 4
|
|
|
|
#define MINASN1_EXT_BLOB_CNT 5
|
|
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ParseExtensions(
|
|
IN PCRYPT_DER_BLOB pExtsValueBlob, // Extensions ::= SEQUENCE OF Extension
|
|
IN OUT DWORD *pcExt,
|
|
OUT CRYPT_DER_BLOB rgrgExtBlob[][MINASN1_EXT_BLOB_CNT]
|
|
);
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Function: MinAsn1ParseSignedData
|
|
//
|
|
// Parses an ASN.1 encoded PKCS #7 Signed Data Message. Assumes the
|
|
// PKCS #7 message is definite length encoded. Assumes PKCS #7 version
|
|
// 1.5, ie, not the newer CMS version.
|
|
//
|
|
// Returns:
|
|
// success - > 0 => bytes skipped, length of the encoded message
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// The rgSignedDataBlob[] is updated with pointer to and length of the
|
|
// following fields in the encoded PKCS #7 message.
|
|
//--------------------------------------------------------------------------
|
|
|
|
// Encoded bytes including outer SEQUENCE tag and length octets
|
|
#define MINASN1_SIGNED_DATA_ENCODED_IDX 1
|
|
|
|
// Outer Object Identfier content bytes (OID, should be "1.2.840.113549.1.7.2")
|
|
#define MINASN1_SIGNED_DATA_OUTER_OID_IDX 2
|
|
|
|
// Version content bytes (INTEGER)
|
|
#define MINASN1_SIGNED_DATA_VERSION_IDX 3
|
|
|
|
// Set of Digest Algorithms value bytes (SET OF)
|
|
#define MINASN1_SIGNED_DATA_DIGEST_ALGIDS_IDX 4
|
|
|
|
// Inner Object Identifier content bytes (OID)
|
|
#define MINASN1_SIGNED_DATA_CONTENT_OID_IDX 5
|
|
|
|
// Signed content data content bytes excluding "[0] EXPLICIT" tag
|
|
// (OPTIONAL ANY, MinAsn1ParseCTL, MinAsn1ParseIndirectData)
|
|
#define MINASN1_SIGNED_DATA_CONTENT_DATA_IDX 6
|
|
|
|
// Certificates value bytes including "[1] IMPLICIT" tag
|
|
// (OPTIONAL, MinAsn1ParseSignedDataCertificates)
|
|
#define MINASN1_SIGNED_DATA_CERTS_IDX 7
|
|
|
|
// CRL value bytes including "[2] IMPLICIT" tag (OPTIONAL)
|
|
#define MINASN1_SIGNED_DATA_CRLS_IDX 8
|
|
|
|
// Encoded bytes including outer SET tag and length octets
|
|
#define MINASN1_SIGNED_DATA_SIGNER_INFOS_IDX 9
|
|
|
|
// The following point to the first Signer Info fields (OPTIONAL)
|
|
|
|
// Encoded bytes including outer SEQUENCE tag and length octets
|
|
#define MINASN1_SIGNED_DATA_SIGNER_INFO_ENCODED_IDX 10
|
|
|
|
// Version content bytes (INTEGER)
|
|
#define MINASN1_SIGNED_DATA_SIGNER_INFO_VERSION_IDX 11
|
|
|
|
// Issuer Name value bytes (ANY)
|
|
#define MINASN1_SIGNED_DATA_SIGNER_INFO_ISSUER_IDX 12
|
|
|
|
// Serial Number content bytes (INTEGER)
|
|
#define MINASN1_SIGNED_DATA_SIGNER_INFO_SERIAL_NUMBER_IDX 13
|
|
|
|
// Digest Algorithm value bytes (MinAsn1ParseAlgorithmIdentifier)
|
|
#define MINASN1_SIGNED_DATA_SIGNER_INFO_DIGEST_ALGID_IDX 14
|
|
|
|
// Authenticated attributes value bytes including "[0] IMPLICIT" tag
|
|
// (OPTIONAL, MinAsn1ParseAttributes)
|
|
#define MINASN1_SIGNED_DATA_SIGNER_INFO_AUTH_ATTRS_IDX 15
|
|
|
|
// Encrypted Digest Algorithm value bytes (MinAsn1ParseAlgorithmIdentifier)
|
|
#define MINASN1_SIGNED_DATA_SIGNER_INFO_ENCRYPT_DIGEST_ALGID_IDX 16
|
|
|
|
// Encrypted digest content bytes (OCTET STRING)
|
|
#define MINASN1_SIGNED_DATA_SIGNER_INFO_ENCYRPT_DIGEST_IDX 17
|
|
|
|
// Unauthenticated attributes value bytes including "[1] IMPLICIT" tag
|
|
// (OPTIONAL, MinAsn1ParseAttributes)
|
|
#define MINASN1_SIGNED_DATA_SIGNER_INFO_UNAUTH_ATTRS_IDX 18
|
|
|
|
#define MINASN1_SIGNED_DATA_BLOB_CNT 19
|
|
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ParseSignedData(
|
|
IN const BYTE *pbEncoded,
|
|
IN DWORD cbEncoded,
|
|
OUT CRYPT_DER_BLOB rgSignedDataBlob[MINASN1_SIGNED_DATA_BLOB_CNT]
|
|
);
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Function: MinAsn1ParseSignedDataCertificates
|
|
//
|
|
// Parses an ASN.1 encoded set of certificates contained in
|
|
// a Signed Data message.
|
|
//
|
|
// Upon input, *pcCert contains the maximum number of parsed certificates
|
|
// that can be returned. Updated with the number of certificates processed.
|
|
//
|
|
// Returns:
|
|
// success - >= 0 => bytes skipped, length of the encoded certificates
|
|
// processed. If all certificates were processed,
|
|
// bytes skipped = pCertsValueBlob->cbData.
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// The rgrgCertBlob[][] is updated with pointer to and length of the
|
|
// fields in the encoded certificate. See MinAsn1ParseCertificate for the
|
|
// field definitions.
|
|
//--------------------------------------------------------------------------
|
|
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ParseSignedDataCertificates(
|
|
IN PCRYPT_DER_BLOB pCertsValueBlob,
|
|
IN OUT DWORD *pcCert,
|
|
OUT CRYPT_DER_BLOB rgrgCertBlob[][MINASN1_CERT_BLOB_CNT]
|
|
);
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Function: MinAsn1ParseAttributes
|
|
//
|
|
// Parses an ASN.1 encoded sequence of attributes contained in
|
|
// other ASN.1 structures, such as, Signer Info authenticated or
|
|
// unauthenticated attributes.
|
|
//
|
|
// The outer tag is ignored. It can be a SET, [0] IMPLICIT, or [1] IMPLICIT.
|
|
//
|
|
// Upon input, *pcAttr contains the maximum number of parsed attributes
|
|
// that can be returned. Updated with the number of attributes processed.
|
|
//
|
|
// Returns:
|
|
// success - >= 0 => bytes skipped, length of the encoded attributes
|
|
// processed. If all attributes were processed,
|
|
// bytes skipped = pAttrsValueBlob->cbData.
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// The rgrgAttrBlob[][] is updated with pointer to and length of the
|
|
// following fields in the encoded attribute.
|
|
//--------------------------------------------------------------------------
|
|
|
|
// Encoded bytes including outer SEQUENCE tag and length octets
|
|
#define MINASN1_ATTR_ENCODED_IDX 1
|
|
|
|
// Object Identifier content bytes (OID)
|
|
#define MINASN1_ATTR_OID_IDX 2
|
|
|
|
// Values value bytes (SET OF)
|
|
#define MINASN1_ATTR_VALUES_IDX 3
|
|
|
|
// First Value's value bytes (OPTIONAL ANY)
|
|
#define MINASN1_ATTR_VALUE_IDX 4
|
|
|
|
#define MINASN1_ATTR_BLOB_CNT 5
|
|
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ParseAttributes(
|
|
IN PCRYPT_DER_BLOB pAttrsValueBlob,
|
|
IN OUT DWORD *pcAttr,
|
|
OUT CRYPT_DER_BLOB rgrgAttrBlob[][MINASN1_ATTR_BLOB_CNT]
|
|
);
|
|
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Function: MinAsn1ParseCTL
|
|
//
|
|
// Parses an ASN.1 encoded Certificate Trust List (CTL). A CTL is always
|
|
// contained as the inner content data in a PKCS #7 Signed Data. A CTL has
|
|
// the following OID: "1.3.6.1.4.1.311.10.1".
|
|
//
|
|
// A catalog file is formatted as a PKCS #7 Signed CTL.
|
|
//
|
|
// Returns:
|
|
// success - > 0 => bytes skipped, length of the encoded CTL
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// The rgCTLBlob[] is updated with pointer to and length of the following
|
|
// fields in the encoded CTL.
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
// Encoded bytes including outer SEQUENCE tag and length octets
|
|
#define MINASN1_CTL_ENCODED_IDX 1
|
|
|
|
// Version content bytes (OPTIONAL INTEGER)
|
|
#define MINASN1_CTL_VERSION_IDX 2
|
|
|
|
// Subject usage value bytes (SEQUENCE OF OID)
|
|
#define MINASN1_CTL_SUBJECT_USAGE_IDX 3
|
|
|
|
// List Identifier content bytes (OPTIONAL OCTETSTRING)
|
|
#define MINASN1_CTL_LIST_ID_IDX 4
|
|
|
|
// Sequence number content bytes (OPTIONAL INTEGER)
|
|
#define MINASN1_CTL_SEQUENCE_NUMBER_IDX 5
|
|
|
|
// This Update value bytes (UTC_TIME or GENERALIZED_TIME)
|
|
#define MINASN1_CTL_THIS_UPDATE_IDX 6
|
|
|
|
// Next Update value bytes (OPTIONAL UTC_TIME or GENERALIZED_TIME)
|
|
#define MINASN1_CTL_NEXT_UPDATE_IDX 7
|
|
|
|
// Subject Algorithm Identifier value bytes (MinAsn1ParseAlgorithmIdentifier)
|
|
#define MINASN1_CTL_SUBJECT_ALGID_IDX 8
|
|
|
|
// Subjects value bytes (OPTIONAL, iterative MinAsn1ParseCTLSubject)
|
|
#define MINASN1_CTL_SUBJECTS_IDX 9
|
|
|
|
// Extensions value bytes skipping "[0] EXPLICIT" tag
|
|
// (OPTIONAL, MinAsn1ParseExtensions)
|
|
#define MINASN1_CTL_EXTS_IDX 10
|
|
|
|
#define MINASN1_CTL_BLOB_CNT 11
|
|
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ParseCTL(
|
|
IN PCRYPT_DER_BLOB pEncodedContentBlob,
|
|
OUT CRYPT_DER_BLOB rgCTLBlob[MINASN1_CTL_BLOB_CNT]
|
|
);
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Function: MinAsn1ParseCTLSubject
|
|
//
|
|
// Parses an ASN.1 encoded CTL Subject contained within a CTL's SEQUENCE OF
|
|
// Subjects.
|
|
//
|
|
// Returns:
|
|
// success - > 0 => bytes skipped, length of the encoded subject.
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// The rgCTLSubjectBlob[][] is updated with pointer to and length of the
|
|
// following fields in the encoded subject.
|
|
//--------------------------------------------------------------------------
|
|
|
|
// Encoded bytes including outer SEQUENCE tag and length octets
|
|
#define MINASN1_CTL_SUBJECT_ENCODED_IDX 1
|
|
|
|
// Subject Identifier content bytes (OCTETSTRING)
|
|
#define MINASN1_CTL_SUBJECT_ID_IDX 2
|
|
|
|
// Attributes value bytes (OPTIONAL, MinAsn1ParseAttributes)
|
|
#define MINASN1_CTL_SUBJECT_ATTRS_IDX 3
|
|
|
|
#define MINASN1_CTL_SUBJECT_BLOB_CNT 4
|
|
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ParseCTLSubject(
|
|
IN const BYTE *pbEncoded,
|
|
IN DWORD cbEncoded,
|
|
OUT CRYPT_DER_BLOB rgCTLSubjectBlob[MINASN1_CTL_SUBJECT_BLOB_CNT]
|
|
);
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Function: MinAsn1ParseIndirectData
|
|
//
|
|
// Parses an ASN.1 encoded Indirect Data. Indirect Data is always
|
|
// contained as the inner content data in a PKCS #7 Signed Data. It has
|
|
// the following OID: "1.3.6.1.4.1.311.2.1.4"
|
|
//
|
|
// An Authenticode signed file contains a PKCS #7 Signed Indirect Data.
|
|
//
|
|
// Returns:
|
|
// success - > 0 => bytes skipped, length of the encoded Indirect Data
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
//
|
|
// The rgIndirectDataBlob[] is updated with pointer to and length of the
|
|
// following fields in the encoded Indirect Data.
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
// Encoded bytes including outer SEQUENCE tag and length octets
|
|
#define MINASN1_INDIRECT_DATA_ENCODED_IDX 1
|
|
|
|
// Attribute Object Identifier content bytes (OID)
|
|
#define MINASN1_INDIRECT_DATA_ATTR_OID_IDX 2
|
|
|
|
// Attribute value bytes (OPTIONAL ANY)
|
|
#define MINASN1_INDIRECT_DATA_ATTR_VALUE_IDX 3
|
|
|
|
// Digest Algorithm Identifier (MinAsn1ParseAlgorithmIdentifier)
|
|
#define MINASN1_INDIRECT_DATA_DIGEST_ALGID_IDX 4
|
|
|
|
// Digest content bytes (OCTETSTRING)
|
|
#define MINASN1_INDIRECT_DATA_DIGEST_IDX 5
|
|
|
|
#define MINASN1_INDIRECT_DATA_BLOB_CNT 6
|
|
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ParseIndirectData(
|
|
IN PCRYPT_DER_BLOB pEncodedContentBlob,
|
|
OUT CRYPT_DER_BLOB rgIndirectDataBlob[MINASN1_INDIRECT_DATA_BLOB_CNT]
|
|
);
|
|
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Find an extension identified by its Encoded Object Identifier.
|
|
//
|
|
// Searches the list of parsed extensions returned by
|
|
// MinAsn1ParseExtensions().
|
|
//
|
|
// If found, returns pointer to the rgExtBlob[MINASN1_EXT_BLOB_CNT].
|
|
// Otherwise, returns NULL.
|
|
//--------------------------------------------------------------------------
|
|
PCRYPT_DER_BLOB
|
|
WINAPI
|
|
MinAsn1FindExtension(
|
|
IN PCRYPT_DER_BLOB pEncodedOIDBlob,
|
|
IN DWORD cExt,
|
|
IN CRYPT_DER_BLOB rgrgExtBlob[][MINASN1_EXT_BLOB_CNT]
|
|
);
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Find the first attribute identified by its Encoded Object Identifier.
|
|
//
|
|
// Searches the list of parsed attributes returned by
|
|
// MinAsn1ParseAttributes().
|
|
//
|
|
// If found, returns pointer to the rgAttrBlob[MINASN1_ATTR_BLOB_CNT].
|
|
// Otherwise, returns NULL.
|
|
//--------------------------------------------------------------------------
|
|
PCRYPT_DER_BLOB
|
|
WINAPI
|
|
MinAsn1FindAttribute(
|
|
IN PCRYPT_DER_BLOB pEncodedOIDBlob,
|
|
IN DWORD cAttr,
|
|
IN CRYPT_DER_BLOB rgrgAttrBlob[][MINASN1_ATTR_BLOB_CNT]
|
|
);
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// Parses an ASN.1 encoded PKCS #7 Signed Data Message to extract and
|
|
// parse the X.509 certificates it contains.
|
|
//
|
|
// Assumes the PKCS #7 message is definite length encoded.
|
|
// Assumes PKCS #7 version 1.5, ie, not the newer CMS version.
|
|
//
|
|
// Upon input, *pcCert contains the maximum number of parsed certificates
|
|
// that can be returned. Updated with the number of certificates processed.
|
|
//
|
|
// If the encoded message was successfully parsed, TRUE is returned
|
|
// with *pcCert updated with the number of parsed certificates. Otherwise,
|
|
// FALSE is returned for a parse error.
|
|
// Returns:
|
|
// success - >= 0 => bytes skipped, length of the encoded certificates
|
|
// processed.
|
|
// failure - < 0 => negative (offset + 1) of first bad tagged value
|
|
// from beginning of message.
|
|
//
|
|
// The rgrgCertBlob[][] is updated with pointer to and length of the
|
|
// fields in the encoded certificate. See MinAsn1ParseCertificate for the
|
|
// field definitions.
|
|
//--------------------------------------------------------------------------
|
|
LONG
|
|
WINAPI
|
|
MinAsn1ExtractParsedCertificatesFromSignedData(
|
|
IN const BYTE *pbEncoded,
|
|
IN DWORD cbEncoded,
|
|
IN OUT DWORD *pcCert,
|
|
OUT CRYPT_DER_BLOB rgrgCertBlob[][MINASN1_CERT_BLOB_CNT]
|
|
);
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
} // Balance extern "C" above
|
|
#endif
|
|
|
|
#if defined (_MSC_VER)
|
|
#if ( _MSC_VER >= 800 )
|
|
|
|
#if _MSC_VER >= 1200
|
|
#pragma warning(pop)
|
|
#else
|
|
#pragma warning(default:4201)
|
|
#endif
|
|
|
|
#endif
|
|
#endif
|
|
|
|
#endif // __MINASN1_H__
|
|
|