* Added ASN.1 / BER / DER utilities, to be used in generating and parsing X.509 certs.
* Added Keychain user-interaction-allowed setter. Added doc comments to MYSymmetricKey.
5 // Created by Jens Alfke on 6/2/09.
6 // Copyright 2009 Jens Alfke. All rights reserved.
9 #import "MYBERParser.h"
10 #import "MYASN1Object.h"
12 #import "MYErrorUtils.h"
13 #import "CollectionUtils.h"
17 #define MYBERParserException @"MYBERParserException"
22 const uint8_t *nextChar;
27 static void requireLength (size_t length, size_t expectedLength) {
28 if (length != expectedLength)
29 [NSException raise: MYBERParserException format: @"Unexpected value length"];
33 static const void* readOrDie (InputData *input, size_t len) {
34 if (len > input->length)
35 [NSException raise: MYBERParserException format: @"Unexpected EOF on input"];
36 const void *bytes = input->nextChar;
37 input->nextChar += len;
43 static NSData* readDataOrDie(InputData *input, size_t length) {
44 return [NSMutableData dataWithBytes: readOrDie(input,length) length: length];
48 static NSString* readStringOrDie(InputData *input, size_t length, NSStringEncoding encoding) {
49 NSString *str = [[NSString alloc] initWithBytes: readOrDie(input,length)
53 [NSException raise: MYBERParserException format: @"Unparseable string"];
54 return [str autorelease];
58 static uint32_t readBigEndianUnsignedInteger (InputData *input, size_t length) {
59 if (length == 0 || length > 4)
60 [NSException raise: MYBERParserException format: @"Invalid integer length"];
62 memcpy(((uint8_t*)&result)+(4-length), readOrDie(input, length), length);
66 static int32_t readBigEndianSignedInteger (InputData *input, size_t length) {
67 int32_t result = (int32_t) readBigEndianUnsignedInteger(input,length);
68 uint8_t *dst = ((uint8_t*)&result)+(4-length);
69 if (*dst & 0x80) { // sign-extend negative value
70 while (--dst >= (uint8_t*)&result)
77 NSDateFormatter* MYBERGeneralizedTimeFormatter() {
78 static NSDateFormatter *sFmt;
80 sFmt = [[NSDateFormatter alloc] init];
81 sFmt.dateFormat = @"yyyyMMddHHmmss'Z'";
82 sFmt.timeZone = [NSTimeZone timeZoneWithName: @"GMT"];
87 NSDateFormatter* MYBERUTCTimeFormatter() {
88 static NSDateFormatter *sFmt;
90 sFmt = [[NSDateFormatter alloc] init];
91 sFmt.dateFormat = @"yyMMddHHmmss'Z'";
92 sFmt.timeZone = [NSTimeZone timeZoneWithName: @"GMT"];
97 static NSDate* parseDate (NSString *dateStr, unsigned tag) {
98 NSDateFormatter *fmt = (tag==23 ?MYBERUTCTimeFormatter() :MYBERGeneralizedTimeFormatter());
99 NSDate *date = [fmt dateFromString: dateStr];
101 [NSException raise: MYBERParserException format: @"Unparseable date '%@'", dateStr];
106 static id parseBER(InputData *input) {
109 unsigned isConstructed :1;
110 unsigned tagClass :2;
112 unsigned isLengthLong :1;
114 memcpy(&header, readOrDie(input,2), 2);
116 if (header.tag == 0x1F)
117 [NSException raise: MYBERParserException format: @"Long tags not supported"];
121 if (!header.isLengthLong)
122 length = header.length;
123 else if (header.length == 0)
124 [NSException raise: MYBERParserException format: @"Indefinite length not supported"];
126 length = NSSwapBigIntToHost(readBigEndianUnsignedInteger(input,header.length));
128 Class defaultClass = [MYASN1Object class];
130 // Tag values can be found in <Security/x509defs.h>. I'm not using them here because that
131 // header does not exist on iPhone!
133 if (header.isConstructed) {
135 NSMutableArray *items = $marray();
136 InputData subInput = {input->nextChar, length};
137 while (subInput.length > 0) {
138 [items addObject: parseBER(&subInput)];
140 input->nextChar += length;
141 input->length -= length;
143 switch (header.tag) {
147 return [NSSet setWithArray: items];
149 return [[[MYASN1Object alloc] initWithTag: header.tag
150 ofClass: header.tagClass
151 components: items] autorelease];
155 switch (header.tag) {
157 requireLength(length,1);
158 return *(const uint8_t*)readOrDie(input, 1) ?$true :$false;
164 int32_t value = NSSwapBigIntToHost(readBigEndianSignedInteger(input,length));
165 return [NSNumber numberWithInteger: value];
168 defaultClass = [MYASN1BigInteger class];
174 UInt8 unusedBits = *(const UInt8*) readOrDie(input, 1);
176 Log(@"Bit-string has %u unused bits", (unsigned)unusedBits);
177 if (unusedBits > 7 || length < 1)
178 [NSException raise: MYBERParserException format: @"Bogus bit-string"];
179 return [[[MYBitString alloc] initWithBits: readDataOrDie(input, length-1)
180 count: 8*(length-1) - unusedBits] autorelease];
182 case 4: // octetstring
183 return readDataOrDie(input, length);
185 requireLength(length,0);
186 return [NSNull null];
188 return [[[MYOID alloc] initWithBEREncoding: readDataOrDie(input, length)] autorelease];
189 case 12: // UTF8String
190 return readStringOrDie(input,length,NSUTF8StringEncoding);
191 case 18: // numeric string
192 case 19: // printable string:
193 return readStringOrDie(input,length,NSASCIIStringEncoding);
194 case 23: // UTC time:
195 case 24: // Generalized time:
196 return parseDate(readStringOrDie(input,length,NSASCIIStringEncoding), header.tag);
202 // Generic case -- create and return a MYASN1Object:
203 NSData *value = readDataOrDie(input, length);
204 id result = [[[defaultClass alloc] initWithTag: header.tag
205 ofClass: header.tagClass
206 constructed: header.isConstructed
207 value: value] autorelease];
208 if( defaultClass == [MYASN1Object class])
209 Warn(@"parseBER: Returning default %@", result);
214 id MYBERParse (NSData *ber, NSError **outError) {
216 InputData input = {ber.bytes, ber.length};
217 return parseBER(&input);
218 }@catch (NSException *x) {
219 if ($equal(x.name, MYBERParserException)) {
220 *outError = MYError(1,MYASN1ErrorDomain, @"%@", x.reason);
232 #pragma mark TEST CASES:
235 #define $data(BYTES...) ({const uint8_t bytes[] = {BYTES}; [NSData dataWithBytes: bytes length: sizeof(bytes)];})
238 CAssertEqual(MYBERParse($data(0x05, 0x00), nil),
240 CAssertEqual(MYBERParse($data(0x01, 0x01, 0xFF), nil),
242 CAssertEqual(MYBERParse($data(0x01, 0x01, 0x00), nil),
246 CAssertEqual(MYBERParse($data(0x02, 0x01, 0x00), nil),
248 CAssertEqual(MYBERParse($data(0x02, 0x01, 0x48), nil),
250 CAssertEqual(MYBERParse($data(0x02, 0x01, 0x80), nil),
252 CAssertEqual(MYBERParse($data(0x02, 0x02, 0x00, 0x80), nil),
254 CAssertEqual(MYBERParse($data(0x02, 0x02, 0x30,0x39), nil),
256 CAssertEqual(MYBERParse($data(0x02, 0x02, 0xCF, 0xC7), nil),
258 CAssertEqual(MYBERParse($data(0x02, 0x04, 0x07, 0x5B, 0xCD, 0x15), nil),
260 CAssertEqual(MYBERParse($data(0x02, 0x04, 0xF8, 0xA4, 0x32, 0xEB), nil),
261 $object(-123456789));
262 CAssertEqual(MYBERParse($data(0x02, 0x04, 0xF8, 0xA4, 0x32, 0xEB), nil),
263 $object(-123456789));
266 CAssertEqual(MYBERParse($data(0x04, 0x05, 'h', 'e', 'l', 'l', 'o'), nil),
267 [@"hello" dataUsingEncoding: NSASCIIStringEncoding]);
268 CAssertEqual(MYBERParse($data(0x04, 0x00), nil),
270 CAssertEqual(MYBERParse($data(0x0C, 0x05, 'h', 'e', 'l', 'l', 'o'), nil),
274 CAssertEqual(MYBERParse($data(0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF), nil),
275 $array($object(72), $true));
276 CAssertEqual(MYBERParse($data(0x30, 0x10,
277 0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF,
278 0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF), nil),
279 $array( $array($object(72), $true), $array($object(72), $true)));
283 TestCase(ParseCert) {
284 NSData *cert = [NSData dataWithContentsOfFile: @"../../Tests/selfsigned.cer"];
285 NSError *error = nil;
286 id parsed = MYBERParse(cert,&error);
289 NSString *dump = [MYASN1Object dump: parsed];
292 cert = [NSData dataWithContentsOfFile: @"../../Tests/iphonedev.cer"];
293 parsed = MYBERParse(cert,&error);
296 dump = [MYASN1Object dump: parsed];