From 87c253f15d5788c82c7e965d955a81d6aeb4c93d Mon Sep 17 00:00:00 2001 From: 5HT Date: Fri, 1 Nov 2024 14:26:22 +0200 Subject: [PATCH] CMS is unified across KEP and CMS-2009, CMS-2010. --- include/KEP.hrl | 128 +++++++++++++++++++++++++++-------- lib/encryption/cms.ex | 85 +++++++++++++++++++---- lib/services/crt.ex | 38 +++++++---- priv/csr/KEP.asn1 | 12 +++- src/KEP.erl | 154 ++++++++++++++++++++++++++++++------------ 5 files changed, 314 insertions(+), 103 deletions(-) diff --git a/include/KEP.hrl b/include/KEP.hrl index 0ef634c..abc3053 100644 --- a/include/KEP.hrl +++ b/include/KEP.hrl @@ -1,4 +1,4 @@ -%% Generated by the Erlang ASN.1 compiler. Version: 5.2.2 +%% Generated by the Erlang ASN.1 compiler. Version: 5.0.17 %% Purpose: Erlang record definitions for each named and unnamed %% SEQUENCE and SET, and macro definitions for each value %% definition in module KEP. @@ -6,33 +6,41 @@ -ifndef(_KEP_HRL_). -define(_KEP_HRL_, true). --record('ContentInfo', { - contentType, - content +-record('AttributeTypeAndValue', { + type, + value }). --record('CrlValidatedID', { - crlHash, - crlIdentifier = asn1_NOVALUE +-record('AlgorithmIdentifier', { + algorithm, + parameters = asn1_NOVALUE }). --record('OcspListID', { - ocspResponses +-record('CertificateList', { + tbsCertList, + signatureAlgorithm, + signatureValue = asn1_NOVALUE }). --record('OcspResponsesID', { - ocspIdentifier, - ocspRepHash = asn1_NOVALUE +-record('TBSCertList', { + version = asn1_NOVALUE, + signature, + issuer, + thisUpdate = asn1_NOVALUE, + nextUpdate = asn1_NOVALUE, + revokedCertificates = asn1_NOVALUE, + crlExtensions = asn1_NOVALUE }). --record('OtherRevRefs', { - otherRevRefType, - otherRevRefs +-record('TBSCertList_revokedCertificates_SEQOF', { + userCertificate, + revocationDate, + crlEntryExtensions = asn1_NOVALUE }). --record('OcspIdentifier', { - ocspResponderID, - producedAt +-record('ContentInfo', { + contentType, + content }). -record('SignedData', { @@ -44,6 +52,25 @@ signerInfos }). +-record('EnvelopedData', { + version, + recipientInfos, + encryptedContentInfo +}). + +-record('EncryptedContentInfo', { + contentType, + contentEncryptionAlgorithm, + encryptedContent = asn1_NOVALUE +}). + +-record('RecipientInfoUA', { + version, + issuerAndSerialNumber, + keyEncryptionAlgorithm, + encryptedKey +}). + -record('EncapsulatedContentInfo', { eContentType, eContent = asn1_NOVALUE @@ -112,6 +139,54 @@ crlNumber = asn1_NOVALUE }). +-record('CrlValidatedID', { + crlHash, + crlIdentifier = asn1_NOVALUE +}). + +-record('OcspListID', { + ocspResponses +}). + +-record('OcspResponsesID', { + ocspIdentifier, + ocspRepHash = asn1_NOVALUE +}). + +-record('OtherRevRefs', { + otherRevRefType, + otherRevRefs +}). + +-record('OcspIdentifier', { + ocspResponderID, + producedAt +}). + +-record('RevocationValues', { + crlVals = asn1_NOVALUE, + ocspVals = asn1_NOVALUE, + otherRevVals = asn1_NOVALUE +}). + +-record('OtherSigningCertificate', { + certs, + policies = asn1_NOVALUE +}). + +-record('OtherCertID', { + otherCertHash, + issuerSerial = asn1_NOVALUE +}). + +-record('OtherRevVals', { + otherRevValType +}). + +-record('CRLListID', { + crls +}). + -record('BasicOCSPResponse', { tbsResponseData, signatureAlgorithm, @@ -147,18 +222,15 @@ singleExtensions = asn1_NOVALUE }). --record('RevocationValues', { - crlVals = asn1_NOVALUE, - ocspVals = asn1_NOVALUE, - otherRevVals = asn1_NOVALUE +-record('QCStatement', { + statementId, + statementInfo = asn1_NOVALUE }). --record('OtherRevVals', { - otherRevValType -}). - --record('CRLListID', { - crls +-record('MonetaryValue', { + currency, + amount, + exponent }). -record('MessageImprint', { diff --git a/lib/encryption/cms.ex b/lib/encryption/cms.ex index 0965175..2d9bde7 100644 --- a/lib/encryption/cms.ex +++ b/lib/encryption/cms.ex @@ -147,11 +147,15 @@ defmodule CA.CMS do CA.AES.decrypt(:'id-aes256-CBC', data, unwrap, iv) end + # ASN.1 DER Parsing Facilities + def parseSignDataFile(file) do {_, bin} = :file.read_file file parseData(bin) end + def parseRecipientInfo([]) do [] end + def parseRecipientInfo({scheme,ri}) do {scheme,ri} end def parseRecipientInfo(ri) do {:RecipientInfo, _, {_,issuer,_}, {_,keyAlg,_}, data} = ri [ @@ -163,12 +167,16 @@ defmodule CA.CMS do def parseSignerInfo(si) do {:SignerInfo, :v1, {_,{_,issuer,_}}, {_,keyAlg,_}, signedAttrs, {_,signatureAlg,_}, sign, attrs} = si - signedAttributes = :lists.map(fn {_,code,[{:asn1_OPENTYPE,b}],_} -> - CA.CRT.oid(code, b) - end, signedAttrs) + signedAttributes = :lists.map(fn {_,code,[{:asn1_OPENTYPE,b}]} -> CA.CRT.oid(code, b) + {_,code,[{:asn1_OPENTYPE,b}],_} -> CA.CRT.oid(code, b) + {_,code,b} -> {CA.AT.oid(code), b} + end, signedAttrs) attributes = case attrs do :asn1_NOVALUE -> [] - _ -> :lists.map(fn {_,code,[{:asn1_OPENTYPE,b}],_} -> CA.CRT.oid(code, b) end, attrs) + _ -> :lists.map(fn {_,code,[{:asn1_OPENTYPE,b}]} -> CA.CRT.oid(code, b) + {_,code,[{:asn1_OPENTYPE,b}],_} -> CA.CRT.oid(code, b) + {_,code,b} -> {CA.AT.oid(code), b} + end, attrs) end [ resourceType: :SignerInfo, @@ -180,21 +188,37 @@ defmodule CA.CMS do ] end - def parseData(content) do - {:ok, {:SignedData, ver, alg, x, c, x1, sis}} = :KEP.decode(:SignedData, content) + def parseDataBin(content) do + {:ok, envelopedData} = :KEP.decode(:SignedData, content) + parseData(envelopedData) + end + def parseData({:SignedData, ver, alg, x, c, x1, sis}) do {:EncapsulatedContentInfo, contentOid, data} = x [ resourceType: :SignedData, version: ver, - cert: parseSignDataCert(c,sis), + cert: parseSignDataCert(case c do {:certificate,cert} -> cert ; c -> c end,sis), signerInfo: parseSignerInfos(sis), signedContent: data, ] end - def parseEnvelopedData(content) do - {:ok, {:EnvelopedData, oid, {_,ri}, ci}} = :KEP.decode(:EnvelopedData, content) - {:EncryptedContentInfo, _, {_,encOID,<<_::16,iv::binary>>},data} = ci + def parseEnvelopedDataBin(content) do + {:ok, envelopedData} = :KEP.decode(:EnvelopedData, content) + parseEnvelopedData(envelopedData) + end + + def parseEnvelopedData({:EnvelopedData, _, oid, list, ci, tag}) do + parseEnvelopedData({:EnvelopedData, oid, list, ci}) end + + def parseEnvelopedData({:EnvelopedData, oid, {:riSet, ri}, ci}) do + parseEnvelopedData({:EnvelopedData, oid, ri, ci}) end + + def parseEnvelopedData({:EnvelopedData, oid, ri, ci}) do + {:EncryptedContentInfo, oid2, {_,encOID,<<_::16,iv::binary>>},data} = case ci do + {:EncryptedContentInfo, x, {y,encOID,{_,bin}},data} -> {:EncryptedContentInfo, x, {y,encOID,bin},data} + {:EncryptedContentInfo, x, {y,encOID,bin},data} -> {:EncryptedContentInfo, x, {y,encOID,bin},data} + end [ resourceType: :EnvelopedData, ver: CA.ALG.oid(oid), @@ -204,12 +228,35 @@ defmodule CA.CMS do ] end - def parseSignerInfos(sis) do :lists.map(fn si -> CA.CMS.parseSignerInfo(si) end, sis) end - def parseRecipientInfos(sis) do :lists.map(fn si -> CA.CMS.parseRecipientInfo(si) end, sis) end + def parseSignerInfos(sis) do :lists.map(fn si -> CA.CMS.parseSignerInfo(si) end, sis) end + def parseRecipientInfos(sis) do :lists.map(fn si -> CA.CMS.parseRecipientInfo(si) end, sis) end + + def testECC() do + {:ok,base} = :file.read_file "priv/certs/encrypted.txt" + [_,s] = :string.split base, "\n\n" + x = :base64.decode s + :'CryptographicMessageSyntax-2010'.decode(:ContentInfo, x) + end + + def parseContentInfoSMIME(file) do + {:ok, smime} = :file.read_file(file) + [_,base] = :string.split(smime, "\n\n") + parseContentInfoBin(:base64.decode(base)) + end + def parseContentInfoB64(file) do {:ok, bin} = :file.read_file file ; parseContentInfoBin(:base64.decode(bin)) end + def parseContentInfoFile(file) do {:ok, bin} = :file.read_file file ; parseContentInfoBin(bin) end + def parseContentInfoBinUA(bin) do {:ok, contentInfo} = :KEP.decode(:ContentInfo, bin) ; parseContentInfo(contentInfo, true) end + def parseContentInfoBinX509(bin) do {:ok, contentInfo} = :'CryptographicMessageSyntax-2010'.decode(:ContentInfo, bin) ; parseContentInfo(contentInfo, false) end + + def parseContentInfoBin(bin) do + case :application.get_env(:ca, :ukrainian, :parseContentInfoBinUA) do + :parseContentInfoBinX509 -> CA.CMS.parseContentInfoBinX509(bin) + :parseContentInfoBinUA -> CA.CMS.parseContentInfoBinUA(bin) + _ -> CA.CMS.parseContentInfoBinUA(bin) + end + end - def parseContentInfoFile(file) do {:ok, bin} = :file.read_file file ; parseContentInfo(bin) end - def parseContentInfo(bin) do - {:ok, {:ContentInfo, oid, content}} = :KEP.decode(:ContentInfo, bin) + def parseContentInfo({:ContentInfo, oid, content}, false) do case CA.AT.oid(oid) do :data -> parseData(content) :signedData -> parseData(content) @@ -217,6 +264,14 @@ defmodule CA.CMS do _ -> [] end end + def parseContentInfo({:ContentInfo, oid, content}, true) do + case CA.AT.oid(oid) do + :data -> parseDataBin(content) + :signedData -> parseDataBin(content) + :envelopedData -> parseEnvelopedDataBin(content) + _ -> [] + end + end def parseSignDataCert(:asn1_NOVALUE,_), do: [] def parseSignDataCert(certs,si), do: :lists.map(fn cert -> CA.CRT.parseCert(cert, si) end, certs) diff --git a/lib/services/crt.ex b/lib/services/crt.ex index d65c22f..d1070dc 100644 --- a/lib/services/crt.ex +++ b/lib/services/crt.ex @@ -115,15 +115,15 @@ defmodule CA.CRT do def flat(code,k,acc) when is_list(k), do: [:lists.map(fn x -> flat(code,x,acc) end, k)|acc] def flat(_code,k,acc) when is_binary(k), do: [k|acc] - def rdn({2, 5, 4, 3}), do: "cn" # "commonName" + def rdn({2, 5, 4, 3}), do: "cn" # "commonName" def rdn({2, 5, 4, 4}), do: "sn" # "surename" - def rdn({2, 5, 4, 5}), do: "serialNumber" def rdn({2, 5, 4, 6}), do: "c" # "country" def rdn({2, 5, 4, 7}), do: "l" # "localityName" - def rdn({2, 5, 4, 8}), do: "stateOrProvinceName" - def rdn({0,9,2342,19200300,100,1,25}), do: "dc" # "domainComponen" - def rdn({2, 5, 4, 10}), do: "o" # "organization" + def rdn({2, 5, 4, 10}), do: "o" # "organization" def rdn({2, 5, 4, 11}), do: "ou" # "organizationalUnit" + + def rdn({2, 5, 4, 5}), do: "serialNumber" + def rdn({2, 5, 4, 8}), do: "stateOrProvinceName" def rdn({2, 5, 4, 12}), do: "title" def rdn({2, 5, 4, 13}), do: "description" def rdn({2, 5, 4, 14}), do: "device" @@ -137,17 +137,20 @@ defmodule CA.CRT do def rdn({2, 5, 6, 7}), do: "organizationalPerson" def rdn({2, 5, 6, 8}), do: "organizationalRole" def rdn({2, 5, 6, 9}), do: "groupOfNames" + + def rdn({0,9,2342,19200300,100,1,25}), do: "dc" # "domainComponent" def rdn({:rdnSequence, list}) do :lists.map(fn [{_,oid,{_,list}}] -> {rdn(oid),"#{list}"} + [{_,oid,list}] -> {rdn(oid),"#{list}"} {_,oid,{_,list}} -> {rdn(oid),"#{list}"} - {_,oid,list} -> {rdn(oid),"#{list}"} end, list) + {_,oid, list} -> {rdn(oid),"#{list}"} end, list) end def rdn(x), do: "#{x}" def rdn2({:rdnSequence, list}) do Enum.join :lists.map(fn [{_,oid,{_,list}}] -> "#{rdn(oid)}=#{list}" - {_,oid,{_,list}} -> "#{rdn(oid)}=#{list}" - {_,oid,list} -> "#{rdn(oid)}=#{list}" end, list), "/" + {_,oid,{_,list}} -> "#{rdn(oid)}=#{list}" + {_,oid, list} -> "#{rdn(oid)}=#{list}" end, list), "/" end def decodePointFromPublic(oid0,oid,publicKey) do @@ -165,14 +168,24 @@ defmodule CA.CRT do def decodePublicKey(oid,oid2,publicKey) do case oid do - {1,2,804,2,1,1,1,1,3,1,1} -> :base64.encode publicKey + {1,2,804,2,1,1,1,1,3,1,1} -> :base64.encode publicKey _ -> decodePointFromPublic(oid, CA.EST.decodeObjectIdentifier(oid2),publicKey) end end + def parseCertPEM(file) do {:ok, bin} = :file.read_file file ; list = :public_key.pem_decode(bin) ; :lists.map(fn x -> parseCert(:public_key.pem_entry_decode(x)) end, list) end + def parseCertB64(file) do {:ok, bin} = :file.read_file file ; parseCertBin(:base64.decode(bin)) end + def parseCertFile(file) do {:ok, bin} = :file.read_file file ; parseCertBin(bin) end + def parseCertBin(bin) do {:ok, cert} = :"AuthenticationFramework".decode(:Certificate, bin) ; parseCert(cert) end + def parseCert(cert, _) do parseCert(cert) end + def parseCert({:certificate, cert}) do parseCert(cert) end def parseCert(cert) do - {:Certificate, tbs, _, _} = cert + {:Certificate, tbs, _, _} = case cert do + {:Certificate, tbs, x, y} -> {:Certificate, tbs, x, y} + {:Certificate, tbs, x, y, _} -> {:Certificate, tbs, x, y} + end + {_, ver, serial, {_,alg,_}, issuer, {_,{_,nb},{_,na}}, issuee, {:SubjectPublicKeyInfo, {_, oid, oid2}, publicKey}, _b, _c, exts} = tbs extensions = :lists.map(fn {:Extension,code,_x,b} -> @@ -190,10 +203,5 @@ defmodule CA.CRT do ] end - def parseCertFile(file) do - {:ok, bin} = :file.read_file file - {:ok, cert} = :"AuthenticationFramework".decode :Certificate, bin - parseCert(cert) - end end diff --git a/priv/csr/KEP.asn1 b/priv/csr/KEP.asn1 index 22bc604..bbfa2d1 100644 --- a/priv/csr/KEP.asn1 +++ b/priv/csr/KEP.asn1 @@ -12,7 +12,7 @@ -- to: Адміністрації Державної служби спеціального зв’язку та захисту інформації України -- date: 20.08.2012 #1236/5/453 -KEP DEFINITIONS EXPLICIT TAGS ::= BEGIN +KEP DEFINITIONS IMPLICIT TAGS ::= BEGIN IMPORTS Certificate FROM PKIX1Explicit88 Attribute FROM InformationFramework AttributeCertificate, CertificateSerialNumber, Extensions, Version FROM AuthenticationFramework @@ -117,13 +117,21 @@ ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptedContent ::= OCTET STRING -RecipientInfo ::= SEQUENCE { +RecipientInfoUA ::= SEQUENCE { version INTEGER {riVer0(0)} (riVer0), issuerAndSerialNumber IssuerAndSerialNumber, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey } +RecipientInfo ::= CHOICE { -- CMS v5 + ktri RecipientInfoUA, + kari [1] OCTET STRING, + kekri [2] OCTET STRING, + pwri [3] OCTET STRING, + ori [4] OCTET STRING +} + EncryptedKey ::= OCTET STRING EncapsulatedContentInfo ::= SEQUENCE { diff --git a/src/KEP.erl b/src/KEP.erl index 8bf4a1a..0bdd3f4 100644 --- a/src/KEP.erl +++ b/src/KEP.erl @@ -5,7 +5,7 @@ -compile(nowarn_unused_vars). -dialyzer(no_improper_lists). -dialyzer(no_match). --include("KEP.hrl"). +-include_lib("ca/include/KEP.hrl"). -asn1_info([{vsn,'5.0.17'}, {module,'KEP'}, {options,[warnings,ber,errors, @@ -51,6 +51,7 @@ enc_EncryptedContentInfo/2, enc_ContentEncryptionAlgorithmIdentifier/2, enc_KeyEncryptionAlgorithmIdentifier/2, enc_EncryptedContent/2, +enc_RecipientInfoUA/2, enc_RecipientInfo/2, enc_EncryptedKey/2, enc_EncapsulatedContentInfo/2, @@ -154,6 +155,7 @@ dec_EncryptedContentInfo/2, dec_ContentEncryptionAlgorithmIdentifier/2, dec_KeyEncryptionAlgorithmIdentifier/2, dec_EncryptedContent/2, +dec_RecipientInfoUA/2, dec_RecipientInfo/2, dec_EncryptedKey/2, dec_EncapsulatedContentInfo/2, @@ -320,6 +322,7 @@ encode_disp('EncryptedContentInfo', Data) -> enc_EncryptedContentInfo(Data); encode_disp('ContentEncryptionAlgorithmIdentifier', Data) -> enc_ContentEncryptionAlgorithmIdentifier(Data); encode_disp('KeyEncryptionAlgorithmIdentifier', Data) -> enc_KeyEncryptionAlgorithmIdentifier(Data); encode_disp('EncryptedContent', Data) -> enc_EncryptedContent(Data); +encode_disp('RecipientInfoUA', Data) -> enc_RecipientInfoUA(Data); encode_disp('RecipientInfo', Data) -> enc_RecipientInfo(Data); encode_disp('EncryptedKey', Data) -> enc_EncryptedKey(Data); encode_disp('EncapsulatedContentInfo', Data) -> enc_EncapsulatedContentInfo(Data); @@ -422,6 +425,7 @@ decode_disp('EncryptedContentInfo', Data) -> dec_EncryptedContentInfo(Data); decode_disp('ContentEncryptionAlgorithmIdentifier', Data) -> dec_ContentEncryptionAlgorithmIdentifier(Data); decode_disp('KeyEncryptionAlgorithmIdentifier', Data) -> dec_KeyEncryptionAlgorithmIdentifier(Data); decode_disp('EncryptedContent', Data) -> dec_EncryptedContent(Data); +decode_disp('RecipientInfoUA', Data) -> dec_RecipientInfoUA(Data); decode_disp('RecipientInfo', Data) -> dec_RecipientInfo(Data); decode_disp('EncryptedKey', Data) -> dec_EncryptedKey(Data); decode_disp('EncapsulatedContentInfo', Data) -> dec_EncapsulatedContentInfo(Data); @@ -1338,19 +1342,19 @@ enc_GeneralName(Val) -> enc_GeneralName(Val, TagIn) -> {EncBytes,EncLen} = case element(1,Val) of otherName -> - 'enc_INSTANCE OF'(element(2,Val), [<<40>>,<<160>>]); + 'enc_INSTANCE OF'(element(2,Val), [<<160>>]); rfc822Name -> - encode_restricted_string(element(2,Val), [<<22>>,<<161>>]); + encode_restricted_string(element(2,Val), [<<129>>]); dNSName -> - encode_restricted_string(element(2,Val), [<<22>>,<<162>>]); + encode_restricted_string(element(2,Val), [<<130>>]); directoryName -> 'enc_Name'(element(2,Val), [<<164>>]); uniformResourceIdentifier -> - encode_restricted_string(element(2,Val), [<<22>>,<<166>>]); + encode_restricted_string(element(2,Val), [<<134>>]); iPAddress -> - encode_restricted_string(element(2,Val), [<<4>>,<<167>>]); + encode_restricted_string(element(2,Val), [<<135>>]); registeredID -> - encode_object_identifier(element(2,Val), [<<6>>,<<168>>]); + encode_object_identifier(element(2,Val), [<<136>>]); Else -> exit({error,{asn1,{invalid_choice_type,Else}}}) end, @@ -1369,13 +1373,13 @@ case (case Tlv1 of [CtempTlv1] -> CtempTlv1; _ -> Tlv1 end) of %% 'otherName' {131072, V1} -> - {otherName, 'dec_INSTANCE OF'(V1, [8])}; + {otherName, 'dec_INSTANCE OF'(V1, [])}; %% 'rfc822Name' {131073, V1} -> {rfc822Name, begin -binary_to_list(decode_restricted_string(V1, [22])) +binary_to_list(decode_restricted_string(V1, [])) end }; @@ -1383,7 +1387,7 @@ end %% 'dNSName' {131074, V1} -> {dNSName, begin -binary_to_list(decode_restricted_string(V1, [22])) +binary_to_list(decode_restricted_string(V1, [])) end }; @@ -1396,19 +1400,19 @@ end %% 'uniformResourceIdentifier' {131078, V1} -> {uniformResourceIdentifier, begin -binary_to_list(decode_restricted_string(V1, [22])) +binary_to_list(decode_restricted_string(V1, [])) end }; %% 'iPAddress' {131079, V1} -> - {iPAddress, decode_octet_string(V1, [4])}; + {iPAddress, decode_octet_string(V1, [])}; %% 'registeredID' {131080, V1} -> - {registeredID, decode_object_identifier(V1, [6])}; + {registeredID, decode_object_identifier(V1, [])}; Else -> exit({error,{asn1,{invalid_choice_tag,Else}}}) @@ -1828,7 +1832,7 @@ enc_RecipientInfos_riSet(Val, TagIn) -> {lists:reverse(AccBytes),AccLen}; 'enc_RecipientInfos_riSet_components'([H|T],AccBytes, AccLen) -> - {EncBytes,EncLen} = 'enc_RecipientInfo'(H, [<<48>>]), + {EncBytes,EncLen} = 'enc_RecipientInfo'(H, []), 'enc_RecipientInfos_riSet_components'(T,[EncBytes|AccBytes], AccLen + EncLen). @@ -1845,7 +1849,7 @@ enc_RecipientInfos_riSequence(Val, TagIn) -> {lists:reverse(AccBytes),AccLen}; 'enc_RecipientInfos_riSequence_components'([H|T],AccBytes, AccLen) -> - {EncBytes,EncLen} = 'enc_RecipientInfo'(H, [<<48>>]), + {EncBytes,EncLen} = 'enc_RecipientInfo'(H, []), 'enc_RecipientInfos_riSequence_components'(T,[EncBytes|AccBytes], AccLen + EncLen). @@ -1875,7 +1879,7 @@ case (case Tlv1 of [CtempTlv1] -> CtempTlv1; _ -> Tlv1 end) of %% decode tag and length %%------------------------------------------------- Tlv1 = match_tags(Tlv, TagIn), -['dec_RecipientInfo'(V1, [16]) || V1 <- Tlv1]. +['dec_RecipientInfo'(V1, []) || V1 <- Tlv1]. 'dec_RecipientInfos_riSequence'(Tlv, TagIn) -> @@ -1883,7 +1887,7 @@ Tlv1 = match_tags(Tlv, TagIn), %% decode tag and length %%------------------------------------------------- Tlv1 = match_tags(Tlv, TagIn), -['dec_RecipientInfo'(V1, [16]) || V1 <- Tlv1]. +['dec_RecipientInfo'(V1, []) || V1 <- Tlv1]. @@ -2014,12 +2018,12 @@ decode_octet_string(Tlv, TagIn). %%================================ -%% RecipientInfo +%% RecipientInfoUA %%================================ -enc_RecipientInfo(Val) -> - enc_RecipientInfo(Val, [<<48>>]). +enc_RecipientInfoUA(Val) -> + enc_RecipientInfoUA(Val, [<<48>>]). -enc_RecipientInfo(Val, TagIn) -> +enc_RecipientInfoUA(Val, TagIn) -> {_,Cindex1,Cindex2,Cindex3,Cindex4} = Val, %%------------------------------------------------- @@ -2047,10 +2051,10 @@ LenSoFar = EncLen1 + EncLen2 + EncLen3 + EncLen4, encode_tags(TagIn, BytesSoFar, LenSoFar). -dec_RecipientInfo(Tlv) -> - dec_RecipientInfo(Tlv, [16]). +dec_RecipientInfoUA(Tlv) -> + dec_RecipientInfoUA(Tlv, [16]). -dec_RecipientInfo(Tlv, TagIn) -> +dec_RecipientInfoUA(Tlv, TagIn) -> %%------------------------------------------------- %% decode tag and length %%------------------------------------------------- @@ -2091,10 +2095,74 @@ Term4 = decode_octet_string(V4, [4]), case Tlv5 of [] -> true;_ -> exit({error,{asn1, {unexpected,Tlv5}}}) % extra fields not allowed end, -Res1 = {'RecipientInfo',Term1,Term2,Term3,Term4}, +Res1 = {'RecipientInfoUA',Term1,Term2,Term3,Term4}, Res1. +%%================================ +%% RecipientInfo +%%================================ +enc_RecipientInfo(Val) -> + enc_RecipientInfo(Val, []). + +enc_RecipientInfo(Val, TagIn) -> + {EncBytes,EncLen} = case element(1,Val) of + ktri -> + 'enc_RecipientInfoUA'(element(2,Val), [<<48>>]); + kari -> + encode_restricted_string(element(2,Val), [<<129>>]); + kekri -> + encode_restricted_string(element(2,Val), [<<130>>]); + pwri -> + encode_restricted_string(element(2,Val), [<<131>>]); + ori -> + encode_restricted_string(element(2,Val), [<<132>>]); + Else -> + exit({error,{asn1,{invalid_choice_type,Else}}}) + end, + +encode_tags(TagIn, EncBytes, EncLen). + + + + +dec_RecipientInfo(Tlv) -> + dec_RecipientInfo(Tlv, []). + +dec_RecipientInfo(Tlv, TagIn) -> +Tlv1 = match_tags(Tlv, TagIn), +case (case Tlv1 of [CtempTlv1] -> CtempTlv1; _ -> Tlv1 end) of + +%% 'ktri' + {16, V1} -> + {ktri, 'dec_RecipientInfoUA'(V1, [])}; + + +%% 'kari' + {131073, V1} -> + {kari, decode_octet_string(V1, [])}; + + +%% 'kekri' + {131074, V1} -> + {kekri, decode_octet_string(V1, [])}; + + +%% 'pwri' + {131075, V1} -> + {pwri, decode_octet_string(V1, [])}; + + +%% 'ori' + {131076, V1} -> + {ori, decode_octet_string(V1, [])}; + + Else -> + exit({error,{asn1,{invalid_choice_tag,Else}}}) + end +. + + %%================================ %% EncryptedKey %%================================ @@ -2311,7 +2379,7 @@ enc_SignerIdentifier(Val, TagIn) -> issuerAndSerialNumber -> 'enc_IssuerAndSerialNumber'(element(2,Val), [<<48>>]); subjectKeyIdentifier -> - encode_restricted_string(element(2,Val), [<<4>>,<<160>>]); + encode_restricted_string(element(2,Val), [<<128>>]); Else -> exit({error,{asn1,{invalid_choice_type,Else}}}) end, @@ -2335,7 +2403,7 @@ case (case Tlv1 of [CtempTlv1] -> CtempTlv1; _ -> Tlv1 end) of %% 'subjectKeyIdentifier' {131072, V1} -> - {subjectKeyIdentifier, decode_octet_string(V1, [4])}; + {subjectKeyIdentifier, decode_octet_string(V1, [])}; Else -> exit({error,{asn1,{invalid_choice_tag,Else}}}) @@ -3308,7 +3376,7 @@ enc_CrlOcspRef(Val, TagIn) -> {EncBytes1,EncLen1} = case Cindex1 of asn1_NOVALUE -> {<<>>,0}; _ -> - 'enc_CRLListID'(Cindex1, [<<48>>,<<160>>]) + 'enc_CRLListID'(Cindex1, [<<160>>]) end, %%------------------------------------------------- @@ -3317,7 +3385,7 @@ enc_CrlOcspRef(Val, TagIn) -> {EncBytes2,EncLen2} = case Cindex2 of asn1_NOVALUE -> {<<>>,0}; _ -> - 'enc_OcspListID'(Cindex2, [<<48>>,<<161>>]) + 'enc_OcspListID'(Cindex2, [<<161>>]) end, %%------------------------------------------------- @@ -3326,7 +3394,7 @@ enc_CrlOcspRef(Val, TagIn) -> {EncBytes3,EncLen3} = case Cindex3 of asn1_NOVALUE -> {<<>>,0}; _ -> - 'enc_OtherRevRefs'(Cindex3, [<<48>>,<<162>>]) + 'enc_OtherRevRefs'(Cindex3, [<<162>>]) end, BytesSoFar = [EncBytes1, EncBytes2, EncBytes3], @@ -3348,7 +3416,7 @@ Tlv1 = match_tags(Tlv, TagIn), %%------------------------------------------------- {Term1,Tlv2} = case Tlv1 of [{131072,V1}|TempTlv2] -> - {'dec_CRLListID'(V1, [16]), TempTlv2}; + {'dec_CRLListID'(V1, []), TempTlv2}; _ -> { asn1_NOVALUE, Tlv1} end, @@ -3358,7 +3426,7 @@ end, %%------------------------------------------------- {Term2,Tlv3} = case Tlv2 of [{131073,V2}|TempTlv3] -> - {'dec_OcspListID'(V2, [16]), TempTlv3}; + {'dec_OcspListID'(V2, []), TempTlv3}; _ -> { asn1_NOVALUE, Tlv2} end, @@ -3368,7 +3436,7 @@ end, %%------------------------------------------------- {Term3,Tlv4} = case Tlv3 of [{131074,V3}|TempTlv4] -> - {'dec_OtherRevRefs'(V3, [16]), TempTlv4}; + {'dec_OtherRevRefs'(V3, []), TempTlv4}; _ -> { asn1_NOVALUE, Tlv3} end, @@ -3803,7 +3871,7 @@ enc_ResponderID(Val, TagIn) -> byName -> 'enc_Name'(element(2,Val), [<<161>>]); byKey -> - encode_restricted_string(element(2,Val), [<<4>>,<<162>>]); + encode_restricted_string(element(2,Val), [<<130>>]); Else -> exit({error,{asn1,{invalid_choice_type,Else}}}) end, @@ -3827,7 +3895,7 @@ case (case Tlv1 of [CtempTlv1] -> CtempTlv1; _ -> Tlv1 end) of %% 'byKey' {131074, V1} -> - {byKey, decode_octet_string(V1, [4])}; + {byKey, decode_octet_string(V1, [])}; Else -> exit({error,{asn1,{invalid_choice_tag,Else}}}) @@ -3868,7 +3936,7 @@ enc_RevocationValues(Val, TagIn) -> {EncBytes1,EncLen1} = case Cindex1 of asn1_NOVALUE -> {<<>>,0}; _ -> - 'enc_RevocationValues_crlVals'(Cindex1, [<<48>>,<<160>>]) + 'enc_RevocationValues_crlVals'(Cindex1, [<<160>>]) end, %%------------------------------------------------- @@ -3886,7 +3954,7 @@ enc_RevocationValues(Val, TagIn) -> {EncBytes3,EncLen3} = case Cindex3 of asn1_NOVALUE -> {<<>>,0}; _ -> - 'enc_OtherRevVals'(Cindex3, [<<48>>,<<162>>]) + 'enc_OtherRevVals'(Cindex3, [<<162>>]) end, BytesSoFar = [EncBytes1, EncBytes2, EncBytes3], @@ -3925,7 +3993,7 @@ Tlv1 = match_tags(Tlv, TagIn), %%------------------------------------------------- {Term1,Tlv2} = case Tlv1 of [{131072,V1}|TempTlv2] -> - {'dec_RevocationValues_crlVals'(V1, [16]), TempTlv2}; + {'dec_RevocationValues_crlVals'(V1, []), TempTlv2}; _ -> { asn1_NOVALUE, Tlv1} end, @@ -3945,7 +4013,7 @@ end, %%------------------------------------------------- {Term3,Tlv4} = case Tlv3 of [{131074,V3}|TempTlv4] -> - {'dec_OtherRevVals'(V3, [16]), TempTlv4}; + {'dec_OtherRevVals'(V3, []), TempTlv4}; _ -> { asn1_NOVALUE, Tlv3} end, @@ -5532,7 +5600,7 @@ enc_Accuracy(Val, TagIn) -> {EncBytes2,EncLen2} = case Cindex2 of asn1_NOVALUE -> {<<>>,0}; _ -> - encode_integer(Cindex2, [<<2>>,<<160>>]) + encode_integer(Cindex2, [<<128>>]) end, %%------------------------------------------------- @@ -5541,7 +5609,7 @@ enc_Accuracy(Val, TagIn) -> {EncBytes3,EncLen3} = case Cindex3 of asn1_NOVALUE -> {<<>>,0}; _ -> - encode_integer(Cindex3, [<<2>>,<<161>>]) + encode_integer(Cindex3, [<<129>>]) end, BytesSoFar = [EncBytes1, EncBytes2, EncBytes3], @@ -5574,7 +5642,7 @@ end, {Term2,Tlv3} = case Tlv2 of [{131072,V2}|TempTlv3] -> {begin -Val1 = decode_integer(V2, [2]), +Val1 = decode_integer(V2, []), if 1 =< Val1, Val1 =< 999 -> Val1; true -> @@ -5591,7 +5659,7 @@ end, {Term3,Tlv4} = case Tlv3 of [{131073,V3}|TempTlv4] -> {begin -Val2 = decode_integer(V3, [2]), +Val2 = decode_integer(V3, []), if 1 =< Val2, Val2 =< 999 -> Val2; true ->