1 #include <stdio.h> 2 #include <stdlib.h> 3 #include <string.h> 4 #include <openssl/pkcs7.h> 5 #include <openssl/asn1_mac.h> 6 #include <openssl/x509.h> 7 8 int add_signed_time(PKCS7_SIGNER_INFO *si) 9 { 10 ASN1_UTCTIME *sign_time; 11 12 /* The last parameter is the amount to add/subtract from the current 13 * time (in seconds) */ 14 sign_time=X509_gmtime_adj(NULL,0); 15 PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime, 16 V_ASN1_UTCTIME,(char *)sign_time); 17 return(1); 18 } 19 20 ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si) 21 { 22 ASN1_TYPE *so; 23 24 so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime); 25 if (so->type == V_ASN1_UTCTIME) 26 return so->value.utctime; 27 return NULL; 28 } 29 30 static int signed_string_nid= -1; 31 32 void add_signed_string(PKCS7_SIGNER_INFO *si, char *str) 33 { 34 ASN1_OCTET_STRING *os; 35 36 /* To a an object of OID 1.2.3.4.5, which is an octet string */ 37 if (signed_string_nid == -1) 38 signed_string_nid= 39 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 40 os=ASN1_OCTET_STRING_new(); 41 ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); 42 /* When we add, we do not free */ 43 PKCS7_add_signed_attribute(si,signed_string_nid, 44 V_ASN1_OCTET_STRING,(char *)os); 45 } 46 47 int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len) 48 { 49 ASN1_TYPE *so; 50 ASN1_OCTET_STRING *os; 51 int i; 52 53 if (signed_string_nid == -1) 54 signed_string_nid= 55 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 56 /* To retrieve */ 57 so=PKCS7_get_signed_attribute(si,signed_string_nid); 58 if (so != NULL) 59 { 60 if (so->type == V_ASN1_OCTET_STRING) 61 { 62 os=so->value.octet_string; 63 i=os->length; 64 if ((i+1) > len) 65 i=len-1; 66 memcpy(buf,os->data,i); 67 return(i); 68 } 69 } 70 return(0); 71 } 72 73 static int signed_seq2string_nid= -1; 74 /* ########################################### */ 75 int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) 76 { 77 /* To add an object of OID 1.9.999, which is a sequence containing 78 * 2 octet strings */ 79 unsigned char *p; 80 ASN1_OCTET_STRING *os1,*os2; 81 ASN1_STRING *seq; 82 unsigned char *data; 83 int i,total; 84 85 if (signed_seq2string_nid == -1) 86 signed_seq2string_nid= 87 OBJ_create("1.9.9999","OID_example","Our example OID"); 88 89 os1=ASN1_OCTET_STRING_new(); 90 os2=ASN1_OCTET_STRING_new(); 91 ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); 92 ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); 93 i =i2d_ASN1_OCTET_STRING(os1,NULL); 94 i+=i2d_ASN1_OCTET_STRING(os2,NULL); 95 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 96 97 data=malloc(total); 98 p=data; 99 ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); 100 i2d_ASN1_OCTET_STRING(os1,&p); 101 i2d_ASN1_OCTET_STRING(os2,&p); 102 103 seq=ASN1_STRING_new(); 104 ASN1_STRING_set(seq,data,total); 105 free(data); 106 ASN1_OCTET_STRING_free(os1); 107 ASN1_OCTET_STRING_free(os2); 108 109 PKCS7_add_signed_attribute(si,signed_seq2string_nid, 110 V_ASN1_SEQUENCE,(char *)seq); 111 return(1); 112 } 113 114 /* For this case, I will malloc the return strings */ 115 int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) 116 { 117 ASN1_TYPE *so; 118 119 if (signed_seq2string_nid == -1) 120 signed_seq2string_nid= 121 OBJ_create("1.9.9999","OID_example","Our example OID"); 122 /* To retrieve */ 123 so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); 124 if (so && (so->type == V_ASN1_SEQUENCE)) 125 { 126 ASN1_const_CTX c; 127 ASN1_STRING *s; 128 long length; 129 ASN1_OCTET_STRING *os1,*os2; 130 131 s=so->value.sequence; 132 c.p=ASN1_STRING_data(s); 133 c.max=c.p+ASN1_STRING_length(s); 134 if (!asn1_GetSequence(&c,&length)) goto err; 135 /* Length is the length of the seqence */ 136 137 c.q=c.p; 138 if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 139 goto err; 140 c.slen-=(c.p-c.q); 141 142 c.q=c.p; 143 if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 144 goto err; 145 c.slen-=(c.p-c.q); 146 147 if (!asn1_const_Finish(&c)) goto err; 148 *str1=malloc(os1->length+1); 149 *str2=malloc(os2->length+1); 150 memcpy(*str1,os1->data,os1->length); 151 memcpy(*str2,os2->data,os2->length); 152 (*str1)[os1->length]='\0'; 153 (*str2)[os2->length]='\0'; 154 ASN1_OCTET_STRING_free(os1); 155 ASN1_OCTET_STRING_free(os2); 156 return(1); 157 } 158 err: 159 return(0); 160 } 161 162 163 /* ####################################### 164 * THE OTHER WAY TO DO THINGS 165 * ####################################### 166 */ 167 X509_ATTRIBUTE *create_time(void) 168 { 169 ASN1_UTCTIME *sign_time; 170 X509_ATTRIBUTE *ret; 171 172 /* The last parameter is the amount to add/subtract from the current 173 * time (in seconds) */ 174 sign_time=X509_gmtime_adj(NULL,0); 175 ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime, 176 V_ASN1_UTCTIME,(char *)sign_time); 177 return(ret); 178 } 179 180 ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk) 181 { 182 ASN1_TYPE *so; 183 PKCS7_SIGNER_INFO si; 184 185 si.auth_attr=sk; 186 so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime); 187 if (so->type == V_ASN1_UTCTIME) 188 return so->value.utctime; 189 return NULL; 190 } 191 192 X509_ATTRIBUTE *create_string(char *str) 193 { 194 ASN1_OCTET_STRING *os; 195 X509_ATTRIBUTE *ret; 196 197 /* To a an object of OID 1.2.3.4.5, which is an octet string */ 198 if (signed_string_nid == -1) 199 signed_string_nid= 200 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 201 os=ASN1_OCTET_STRING_new(); 202 ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); 203 /* When we add, we do not free */ 204 ret=X509_ATTRIBUTE_create(signed_string_nid, 205 V_ASN1_OCTET_STRING,(char *)os); 206 return(ret); 207 } 208 209 int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len) 210 { 211 ASN1_TYPE *so; 212 ASN1_OCTET_STRING *os; 213 int i; 214 PKCS7_SIGNER_INFO si; 215 216 si.auth_attr=sk; 217 218 if (signed_string_nid == -1) 219 signed_string_nid= 220 OBJ_create("1.2.3.4.5","OID_example","Our example OID"); 221 /* To retrieve */ 222 so=PKCS7_get_signed_attribute(&si,signed_string_nid); 223 if (so != NULL) 224 { 225 if (so->type == V_ASN1_OCTET_STRING) 226 { 227 os=so->value.octet_string; 228 i=os->length; 229 if ((i+1) > len) 230 i=len-1; 231 memcpy(buf,os->data,i); 232 return(i); 233 } 234 } 235 return(0); 236 } 237 238 X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) 239 { 240 /* To add an object of OID 1.9.999, which is a sequence containing 241 * 2 octet strings */ 242 unsigned char *p; 243 ASN1_OCTET_STRING *os1,*os2; 244 ASN1_STRING *seq; 245 X509_ATTRIBUTE *ret; 246 unsigned char *data; 247 int i,total; 248 249 if (signed_seq2string_nid == -1) 250 signed_seq2string_nid= 251 OBJ_create("1.9.9999","OID_example","Our example OID"); 252 253 os1=ASN1_OCTET_STRING_new(); 254 os2=ASN1_OCTET_STRING_new(); 255 ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); 256 ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); 257 i =i2d_ASN1_OCTET_STRING(os1,NULL); 258 i+=i2d_ASN1_OCTET_STRING(os2,NULL); 259 total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 260 261 data=malloc(total); 262 p=data; 263 ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); 264 i2d_ASN1_OCTET_STRING(os1,&p); 265 i2d_ASN1_OCTET_STRING(os2,&p); 266 267 seq=ASN1_STRING_new(); 268 ASN1_STRING_set(seq,data,total); 269 free(data); 270 ASN1_OCTET_STRING_free(os1); 271 ASN1_OCTET_STRING_free(os2); 272 273 ret=X509_ATTRIBUTE_create(signed_seq2string_nid, 274 V_ASN1_SEQUENCE,(char *)seq); 275 return(ret); 276 } 277 278 /* For this case, I will malloc the return strings */ 279 int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) 280 { 281 ASN1_TYPE *so; 282 PKCS7_SIGNER_INFO si; 283 284 if (signed_seq2string_nid == -1) 285 signed_seq2string_nid= 286 OBJ_create("1.9.9999","OID_example","Our example OID"); 287 288 si.auth_attr=sk; 289 /* To retrieve */ 290 so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); 291 if (so->type == V_ASN1_SEQUENCE) 292 { 293 ASN1_const_CTX c; 294 ASN1_STRING *s; 295 long length; 296 ASN1_OCTET_STRING *os1,*os2; 297 298 s=so->value.sequence; 299 c.p=ASN1_STRING_data(s); 300 c.max=c.p+ASN1_STRING_length(s); 301 if (!asn1_GetSequence(&c,&length)) goto err; 302 /* Length is the length of the seqence */ 303 304 c.q=c.p; 305 if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 306 goto err; 307 c.slen-=(c.p-c.q); 308 309 c.q=c.p; 310 if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 311 goto err; 312 c.slen-=(c.p-c.q); 313 314 if (!asn1_const_Finish(&c)) goto err; 315 *str1=malloc(os1->length+1); 316 *str2=malloc(os2->length+1); 317 memcpy(*str1,os1->data,os1->length); 318 memcpy(*str2,os2->data,os2->length); 319 (*str1)[os1->length]='\0'; 320 (*str2)[os2->length]='\0'; 321 ASN1_OCTET_STRING_free(os1); 322 ASN1_OCTET_STRING_free(os2); 323 return(1); 324 } 325 err: 326 return(0); 327 } 328 329 330
