jens@16: // jens@16: // MYDEREncoder.m jens@16: // MYCrypto jens@16: // jens@16: // Created by Jens Alfke on 5/29/09. jens@16: // Copyright 2009 Jens Alfke. All rights reserved. jens@16: // jens@16: jens@20: // Reference: jens@20: // "Layman's Guide To ASN.1/BER/DER" jens@20: jens@16: #import "MYDEREncoder.h" jens@16: #import "MYASN1Object.h" jens@16: #import "MYBERParser.h" jens@16: #import "MYOID.h" jens@16: #import "MYErrorUtils.h" jens@16: jens@16: jens@16: #define MYDEREncoderException @"MYDEREncoderException" jens@16: jens@16: jens@16: @interface MYDEREncoder () jens@16: - (void) _encode: (id)object; jens@16: @property (retain) NSError *error; jens@20: jens@20: /* Forces use of PrintableString tag for ASCII strings that contain characters not valid jens@20: for that encoding (notably '@'). Provided to get byte-for-byte compatibility with certs jens@20: generated by CDSA, for test cases that check this. */ jens@19: @property BOOL _forcePrintableStrings; jens@16: @end jens@16: jens@16: jens@16: @implementation MYDEREncoder jens@16: jens@16: jens@16: - (id) initWithRootObject: (id)rootObject jens@16: { jens@16: self = [super init]; jens@16: if (self != nil) { jens@16: _rootObject = [rootObject retain]; jens@16: } jens@16: return self; jens@16: } jens@16: jens@16: + (NSData*) encodeRootObject: (id)rootObject error: (NSError**)outError { jens@16: MYDEREncoder *encoder = [[self alloc] initWithRootObject: rootObject]; jens@16: NSData *output = [encoder.output copy]; jens@16: if (outError) *outError = [[encoder.error retain] autorelease]; jens@16: [encoder release]; jens@16: return [output autorelease]; jens@16: } jens@16: jens@16: - (void) dealloc jens@16: { jens@16: [_rootObject release]; jens@16: [_output release]; jens@19: [_error release]; jens@16: [super dealloc]; jens@16: } jens@16: jens@19: - (id) copyWithZone: (NSZone*)zone { jens@19: MYDEREncoder *copy = [[[self class] alloc] init]; jens@19: copy->_forcePrintableStrings = _forcePrintableStrings; jens@19: return copy; jens@19: } jens@16: jens@16: jens@16: static unsigned sizeOfUnsignedInt (UInt64 n) { jens@16: unsigned bytes = 0; jens@16: for (; n; n >>= 8) jens@16: bytes++; jens@16: return bytes; jens@16: } jens@16: jens@16: static unsigned encodeUnsignedInt (UInt64 n, UInt8 buf[], BOOL padHighBit) { jens@16: unsigned size = MAX(1U, sizeOfUnsignedInt(n)); jens@16: UInt64 bigEndian = NSSwapHostLongLongToBig(n); jens@16: const UInt8* src = (UInt8*)&bigEndian + (8-size); jens@16: UInt8 *dst = &buf[0]; jens@16: if (padHighBit && (*src & 0x80)) { jens@16: *dst++ = 0; jens@16: size++; jens@16: } jens@16: memcpy(dst, src, size); jens@16: return size; jens@16: } jens@16: jens@16: static unsigned encodeSignedInt (SInt64 n, UInt8 buf[]) { jens@16: if (n >= 0) jens@16: return encodeUnsignedInt(n, buf, YES); jens@16: else { jens@16: unsigned size = MAX(1U, sizeOfUnsignedInt(~n)); jens@16: UInt64 bigEndian = NSSwapHostLongLongToBig(n); jens@16: const UInt8* src = (UInt8*)&bigEndian + (8-size); jens@16: UInt8 *dst = &buf[0]; jens@16: if (!(*src & 0x80)) { jens@16: *dst++ = 0xFF; jens@16: size++; jens@16: } jens@16: memcpy(dst, src, size); jens@16: return size; jens@16: } jens@16: } jens@16: jens@16: jens@16: - (void) _writeTag: (unsigned)tag jens@16: class: (unsigned)tagClass jens@16: constructed: (BOOL) constructed jens@16: length: (size_t)length jens@16: { jens@16: struct { jens@16: unsigned tag :5; jens@16: unsigned isConstructed :1; jens@16: unsigned tagClass :2; jens@16: unsigned length :7; jens@16: unsigned isLengthLong :1; jens@16: UInt8 extraLength[9]; jens@16: } header; jens@16: size_t headerSize = 2; jens@16: jens@16: header.tag = tag; jens@16: header.isConstructed = constructed; jens@16: header.tagClass = tagClass; jens@16: if (length < 128) { jens@16: header.isLengthLong = NO; jens@16: header.length = length; jens@16: } else { jens@16: header.isLengthLong = YES; jens@16: header.length = encodeUnsignedInt(length, header.extraLength, NO); jens@16: headerSize += header.length; jens@16: } jens@16: [_output appendBytes: &header length: headerSize]; jens@16: } jens@16: jens@16: - (void) _writeTag: (unsigned)tag jens@16: class: (unsigned)tagClass jens@16: constructed: (BOOL) constructed jens@16: bytes: (const void*)bytes jens@16: length: (size_t)length jens@16: { jens@16: [self _writeTag: tag class: tagClass constructed: constructed length: length]; jens@16: [_output appendBytes: bytes length: length]; jens@16: } jens@16: jens@16: - (void) _writeTag: (unsigned)tag jens@16: class: (unsigned)tagClass jens@16: constructed: (BOOL) constructed jens@16: data: (NSData*)data jens@16: { jens@16: Assert(data); jens@16: [self _writeTag: tag class: tagClass constructed: constructed bytes: data.bytes length: data.length]; jens@16: } jens@16: jens@16: jens@16: - (void) _encodeNumber: (NSNumber*)number { jens@16: // Special-case detection of booleans by pointer equality, because otherwise they appear jens@16: // identical to 0 and 1: jens@16: if (number==$true || number==$false) { jens@16: UInt8 value = number==$true ?0xFF :0x00; jens@16: [self _writeTag: 1 class: 0 constructed: NO bytes: &value length: 1]; jens@16: return; jens@16: } jens@16: jens@16: const char *type = number.objCType; jens@16: if (strlen(type) == 1) { jens@16: switch(type[0]) { jens@16: case 'c': jens@16: case 'i': jens@16: case 's': jens@16: case 'l': jens@16: case 'q': jens@16: { // Signed integers: jens@16: UInt8 buf[9]; jens@16: size_t size = encodeSignedInt(number.longLongValue, buf); jens@16: [self _writeTag: 2 class: 0 constructed: NO bytes: buf length: size]; jens@16: return; jens@16: } jens@16: case 'C': jens@16: case 'I': jens@16: case 'S': jens@16: case 'L': jens@16: case 'Q': jens@16: { // Unsigned integers: jens@16: UInt8 buf[9]; jens@16: size_t size = encodeUnsignedInt(number.unsignedLongLongValue, buf, YES); jens@16: [self _writeTag: 2 class: 0 constructed: NO bytes: buf length: size]; jens@16: return; jens@16: } jens@16: case 'B': jens@16: { // bool jens@16: UInt8 value = number.boolValue ?0xFF :0x00; jens@16: [self _writeTag: 1 class: 0 constructed: NO bytes: &value length: 1]; jens@16: return; jens@16: } jens@16: } jens@16: } jens@16: [NSException raise: MYDEREncoderException format: @"Can't DER-encode value %@ (typecode=%s)", number,type]; jens@16: } jens@16: jens@16: jens@16: - (void) _encodeString: (NSString*)string { jens@19: static NSMutableCharacterSet *kNotPrintableCharSet; jens@19: if (!kNotPrintableCharSet) { jens@19: kNotPrintableCharSet = [[NSMutableCharacterSet characterSetWithCharactersInString: @" '()+,-./:=?"] retain]; jens@19: [kNotPrintableCharSet formUnionWithCharacterSet: [NSCharacterSet alphanumericCharacterSet]]; jens@19: [kNotPrintableCharSet invert]; jens@19: } jens@16: NSData *data = [string dataUsingEncoding: NSASCIIStringEncoding]; jens@19: if (data) { jens@19: unsigned tag = 19; // printablestring (a silly arbitrary subset of ASCII defined by ASN.1) jens@19: if (!_forcePrintableStrings && [string rangeOfCharacterFromSet: kNotPrintableCharSet].length > 0) jens@19: tag = 20; // IA5string (full 7-bit ASCII) jens@19: [self _writeTag: tag class: 0 constructed: NO data: data]; jens@19: } else { jens@19: // fall back to UTF-8: jens@16: [self _writeTag: 12 class: 0 constructed: NO data: [string dataUsingEncoding: NSUTF8StringEncoding]]; jens@19: } jens@16: } jens@16: jens@16: jens@16: - (void) _encodeBitString: (MYBitString*)bitString { jens@16: NSUInteger bitCount = bitString.bitCount; jens@16: [self _writeTag: 3 class: 0 constructed: NO length: 1 + (bitCount/8)]; jens@16: UInt8 unused = (8 - (bitCount % 8)) % 8; jens@16: [_output appendBytes: &unused length: 1]; jens@16: [_output appendBytes: bitString.bits.bytes length: bitCount/8]; jens@16: } jens@16: jens@16: - (void) _encodeDate: (NSDate*)date { jens@16: NSString *dateStr = [MYBERGeneralizedTimeFormatter() stringFromDate: date]; jens@16: [self _writeTag: 24 class: 0 constructed: NO data: [dateStr dataUsingEncoding: NSASCIIStringEncoding]]; jens@16: } jens@16: jens@16: jens@16: - (void) _encodeCollection: (id)collection tag: (unsigned)tag class: (unsigned)tagClass { jens@19: MYDEREncoder *subEncoder = [self copy]; jens@16: for (id object in collection) jens@16: [subEncoder _encode: object]; jens@16: [self _writeTag: tag class: tagClass constructed: YES data: subEncoder.output]; jens@16: [subEncoder release]; jens@16: } jens@16: jens@16: jens@16: - (void) _encode: (id)object { jens@16: if (!_output) jens@16: _output = [[NSMutableData alloc] initWithCapacity: 1024]; jens@16: if ([object isKindOfClass: [NSNumber class]]) { jens@16: [self _encodeNumber: object]; jens@16: } else if ([object isKindOfClass: [NSData class]]) { jens@16: [self _writeTag: 4 class: 0 constructed: NO data: object]; jens@16: } else if ([object isKindOfClass: [MYBitString class]]) { jens@16: [self _encodeBitString: object]; jens@16: } else if ([object isKindOfClass: [NSString class]]) { jens@16: [self _encodeString: object]; jens@16: } else if ([object isKindOfClass: [NSDate class]]) { jens@16: [self _encodeDate: object]; jens@16: } else if ([object isKindOfClass: [NSNull class]]) { jens@16: [self _writeTag: 5 class: 0 constructed: NO bytes: NULL length: 0]; jens@16: } else if ([object isKindOfClass: [NSArray class]]) { jens@16: [self _encodeCollection: object tag: 16 class: 0]; jens@16: } else if ([object isKindOfClass: [NSSet class]]) { jens@16: [self _encodeCollection: object tag: 17 class: 0]; jens@16: } else if ([object isKindOfClass: [MYOID class]]) { jens@16: [self _writeTag: 6 class: 0 constructed: NO data: [object DEREncoding]]; jens@16: } else if ([object isKindOfClass: [MYASN1Object class]]) { jens@16: MYASN1Object *asn = object; jens@16: if (asn.components) jens@16: [self _encodeCollection: asn.components tag: asn.tag class: asn.tagClass]; jens@16: else jens@16: [self _writeTag: asn.tag jens@16: class: asn.tagClass jens@16: constructed: asn.constructed jens@16: data: asn.value]; jens@16: } else { jens@16: [NSException raise: MYDEREncoderException format: @"Can't DER-encode a %@", [object class]]; jens@16: } jens@16: } jens@16: jens@16: jens@16: - (NSData*) output { jens@16: if (!_output && !_error) { jens@16: @try{ jens@16: [self _encode: _rootObject]; jens@16: }@catch (NSException *x) { jens@16: if ($equal(x.name, MYDEREncoderException)) { jens@16: self.error = MYError(2,MYASN1ErrorDomain, @"%@", x.reason); jens@16: return nil; jens@16: } else jens@16: @throw(x); jens@16: } jens@16: } jens@16: return _output; jens@16: } jens@16: jens@19: @synthesize error=_error, _forcePrintableStrings; jens@16: jens@16: jens@16: @end jens@16: jens@16: jens@16: jens@16: #define $data(BYTES...) ({const uint8_t bytes[] = {BYTES}; [NSData dataWithBytes: bytes length: sizeof(bytes)];}) jens@16: jens@16: TestCase(DEREncoder) { jens@16: CAssertEqual([MYDEREncoder encodeRootObject: [NSNull null] error: nil], jens@16: $data(0x05, 0x00)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $true error: nil], jens@16: $data(0x01, 0x01, 0xFF)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $false error: nil], jens@16: $data(0x01, 0x01, 0x00)); jens@16: jens@16: // Integers: jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(0) error: nil], jens@16: $data(0x02, 0x01, 0x00)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(1) error: nil], jens@16: $data(0x02, 0x01, 0x01)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(-1) error: nil], jens@16: $data(0x02, 0x01, 0xFF)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(72) error: nil], jens@16: $data(0x02, 0x01, 0x48)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(-128) error: nil], jens@16: $data(0x02, 0x01, 0x80)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(128) error: nil], jens@16: $data(0x02, 0x02, 0x00, 0x80)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(255) error: nil], jens@16: $data(0x02, 0x02, 0x00, 0xFF)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(-256) error: nil], jens@16: $data(0x02, 0x02, 0xFF, 0x00)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(12345) error: nil], jens@16: $data(0x02, 0x02, 0x30,0x39)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(-12345) error: nil], jens@16: $data(0x02, 0x02, 0xCF, 0xC7)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(123456789) error: nil], jens@16: $data(0x02, 0x04, 0x07, 0x5B, 0xCD, 0x15)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(-123456789) error: nil], jens@16: $data(0x02, 0x04, 0xF8, 0xA4, 0x32, 0xEB)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $object(-123456789) error: nil], jens@16: $data(0x02, 0x04, 0xF8, 0xA4, 0x32, 0xEB)); jens@16: jens@16: // Strings: jens@16: CAssertEqual([MYDEREncoder encodeRootObject: @"hello" error: nil], jens@16: $data(0x13, 0x05, 'h', 'e', 'l', 'l', 'o')); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: @"thérè" error: nil], jens@16: $data(0x0C, 0x07, 't', 'h', 0xC3, 0xA9, 'r', 0xC3, 0xA8)); jens@16: jens@16: // Dates: jens@16: CAssertEqual([MYDEREncoder encodeRootObject: [NSDate dateWithTimeIntervalSinceReferenceDate: 265336576] jens@16: error: nil], jens@16: $data(0x18, 0x0F, '2', '0', '0', '9', '0', '5', '3', '0', '0', '0', '3', '6', '1', '6', 'Z')); jens@16: jens@16: // Sequences: jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $array($object(72), $true) error: nil], jens@16: $data(0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF)); jens@16: CAssertEqual([MYDEREncoder encodeRootObject: $array( $array($object(72), $true), jens@16: $array($object(72), $true)) jens@16: error: nil], jens@16: $data(0x30, 0x10, jens@16: 0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF, jens@16: 0x30, 0x06, 0x02, 0x01, 0x48, 0x01, 0x01, 0xFF)); jens@16: } jens@16: jens@16: jens@16: TestCase(EncodeCert) { jens@16: NSError *error = nil; jens@21: NSData *cert = [NSData dataWithContentsOfFile: @"../../Tests/selfsigned.cer"]; jens@16: id certObjects = MYBERParse(cert,&error); jens@16: CAssertNil(error); jens@16: Log(@"Decoded as:\n%@", [MYASN1Object dump: certObjects]); jens@19: MYDEREncoder *encoder = [[MYDEREncoder alloc] initWithRootObject: certObjects]; jens@19: encoder._forcePrintableStrings = YES; // hack for compatibility with the way CDSA writes ASN.1 jens@19: NSData *encoded = encoder.output; jens@16: CAssertNil(error); jens@16: id reDecoded = MYBERParse(encoded, &error); jens@16: CAssertNil(error); jens@16: Log(@"Re-decoded as:\n%@", [MYASN1Object dump: reDecoded]); jens@19: [encoded writeToFile: @"../../Tests/selfsigned_reencoded.cer" atomically: YES]; jens@16: CAssertEqual(encoded,cert); jens@16: } jens@21: jens@21: jens@21: jens@21: /* jens@21: Copyright (c) 2009, Jens Alfke . All rights reserved. jens@21: jens@21: Redistribution and use in source and binary forms, with or without modification, are permitted jens@21: provided that the following conditions are met: jens@21: jens@21: * Redistributions of source code must retain the above copyright notice, this list of conditions jens@21: and the following disclaimer. jens@21: * Redistributions in binary form must reproduce the above copyright notice, this list of conditions jens@21: and the following disclaimer in the documentation and/or other materials provided with the jens@21: distribution. jens@21: jens@21: THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR jens@21: IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND jens@21: FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRI- jens@21: BUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES jens@21: (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR jens@21: PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN jens@21: CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF jens@21: THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. jens@21: */