Cryptography Reference
In-Depth Information
if ( !( strcmp( argv[ 1 ], “-pem” ) ) )
{
// XXX this overallocates a bit, since it sets aside space for markers, etc.
unsigned char *pem_buffer = buffer;
buffer = (unsigned char * ) malloc( buffer_size );
buffer_size = pem_decode( pem_buffer, buffer );
free( pem_buffer );
}
asn1parse( buffer, buffer_size, &certificate );
You now have a working ASN.1 parser that can be used to read and interpret
X.509 certifi cates. You could stop here, and write code like this:
root->next->next->children->next->children->next->data
to look up the values of specifi c elements in the tree, but to make your code have
any semblance of readability, you should really continue to parse this ASN.1
tree into a proper X.509 structure.
Turning a Parsed ASN.1 Structure into X.509 Certifi cate
Components
The X.509 structure is decidedly more complex than the ASN.1 structure; defi ne
it to mirror the ASN.1 defi nition. To keep the implementation easy to digest, the
code is presented for RSA certifi cates — by far the most common case — and
then extended to support DSA and Diffi e-Hellman. The structure defi nitions
are shown in Listing 5-10.
Listing 5-10:
“x509.h” structure defi nitions
typedef enum
{
rsa,
dh
}
algorithmIdentifier;
typedef enum
{
md5WithRSAEncryption,
shaWithRSAEncryption
}
signatureAlgorithmIdentifier;
/**
* A name (or “distinguishedName”) is a list of attribute-value pairs.
* Instead of keeping track of all of them, just keep track of
* the most interesting ones.
*/
typedef struct
Search WWH ::
Custom Search