├── corecrypto ├── cc.h ├── ccn.h ├── cc_clear.c ├── cc_debug.h ├── cc_priv.h ├── ccaes.h ├── ccasn1.h ├── ccdigest.c ├── ccdigest.h ├── ccmode.h ├── ccn_add.c ├── ccn_cmp.c ├── ccn_mul.c ├── ccn_n.c ├── ccn_priv.h ├── ccn_set.c ├── ccn_sqr.c ├── ccn_sub.c ├── ccrng.h ├── ccrsa.h ├── ccsha1.h ├── ccsha2.h ├── cczp.h ├── cczp_mod.c ├── cczp_mul.c ├── cczp_sqr.c ├── arm │ ├── aes_cbc.s │ ├── aesdata.s │ ├── aesdecbc.s │ ├── aeskey.s │ ├── arm_aes.h │ ├── ccn_add.s │ ├── ccn_cmp.s │ ├── ccn_mul.s │ ├── ccn_mul1.s │ ├── ccn_n.s │ ├── ccn_set.s │ ├── ccn_sub.s │ ├── ccn_addmul1.s │ ├── ccn_cmp-arm64.s │ ├── ccn_n-arm64.s │ ├── ccaes_arm_cbc_decrypt_mode.c │ └── ccarm_intrinsic_compatability.h ├── cc_cmp_safe.c ├── cc_config.h ├── cc_macros.h ├── cc_memory.h ├── ccdigest_init.c ├── ccdigest_priv.h ├── ccmode_impl.h ├── ccn_bitlen.c ├── ccn_read_uint.c ├── ccrsa_priv.h ├── ccsha1_ltc.c ├── cczp_init.c ├── cczp_priv.h ├── intel │ ├── ccn_add.s │ ├── ccn_mul.s │ ├── ccn_sub.s │ ├── ccn_n-x86_64.s │ └── ccn_cmp-x86_64.s ├── cc_runtime_config.h ├── ccdigest_update.c ├── ccn_shift_right.c ├── ccn_write_uint.c ├── ccrsa_pub_crypt.c ├── cczp_power_fast.c ├── gladman │ ├── aescrypt.c │ ├── aeskey.c │ ├── aesopt.h │ ├── aestab.c │ ├── aestab.h │ ├── gladman_aes.h │ └── ccaes_gladman_cbc_decrypt.c ├── ccaes_cbc_decrypt_mode.c ├── ccdigest_final_64be.c ├── ccn_shift_right_multi.c ├── ccrsa_verify_pkcs1v15.c ├── ccsha1_initial_state.c └── ccrsa_emsa_pkcs1v15_verify.c ├── README.md ├── .gitmodules ├── lzss.h ├── libDER ├── libDER.h ├── libDER_config.h ├── asn1Types.h ├── oids.h ├── DER_Decode.h ├── DER_Decode.c └── oids.c ├── Makefile ├── System └── i386 │ └── cpu_capabilities.h ├── validate_ca.h ├── lzss.c └── img4.c /corecrypto/cc.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cc_clear.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cc_debug.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cc_priv.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccaes.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccasn1.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccdigest.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccdigest.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccmode.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_add.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_cmp.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_mul.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_n.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_priv.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_set.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_sqr.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_sub.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccrng.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccrsa.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccsha1.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccsha2.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cczp.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cczp_mod.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cczp_mul.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cczp_sqr.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/aes_cbc.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/aesdata.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/aesdecbc.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/aeskey.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/arm_aes.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccn_add.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccn_cmp.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccn_mul.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccn_mul1.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccn_n.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccn_set.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccn_sub.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cc_cmp_safe.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cc_config.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cc_macros.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cc_memory.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccdigest_init.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccdigest_priv.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccmode_impl.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_bitlen.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_read_uint.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccrsa_priv.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccsha1_ltc.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cczp_init.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cczp_priv.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/intel/ccn_add.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/intel/ccn_mul.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/intel/ccn_sub.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccn_addmul1.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccn_cmp-arm64.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccn_n-arm64.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cc_runtime_config.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccdigest_update.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_shift_right.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_write_uint.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccrsa_pub_crypt.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/cczp_power_fast.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/gladman/aescrypt.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/gladman/aeskey.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/gladman/aesopt.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/gladman/aestab.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/gladman/aestab.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/intel/ccn_n-x86_64.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccaes_cbc_decrypt_mode.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccdigest_final_64be.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccn_shift_right_multi.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccrsa_verify_pkcs1v15.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccsha1_initial_state.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/gladman/gladman_aes.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/intel/ccn_cmp-x86_64.s: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/ccrsa_emsa_pkcs1v15_verify.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccaes_arm_cbc_decrypt_mode.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/arm/ccarm_intrinsic_compatability.h: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /corecrypto/gladman/ccaes_gladman_cbc_decrypt.c: -------------------------------------------------------------------------------- 1 | https://developer.apple.com/security/ 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | This project is retired. Please use https://github.com/xerub/img4lib/ instead. 2 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "lzfse"] 2 | path = lzfse 3 | url = https://github.com/lzfse/lzfse 4 | -------------------------------------------------------------------------------- /lzss.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | uint32_t lzadler32(uint8_t *buf, int32_t len); 4 | int decompress_lzss(uint8_t *dst, uint8_t *src, uint32_t srclen); 5 | uint8_t *compress_lzss(uint8_t *dst, uint32_t dstlen, uint8_t *src, uint32_t srcLen); 6 | -------------------------------------------------------------------------------- /libDER/libDER.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005-2007,2011,2014 Apple Inc. All Rights Reserved. 3 | * 4 | * @APPLE_LICENSE_HEADER_START@ 5 | * 6 | * This file contains Original Code and/or Modifications of Original Code 7 | * as defined in and that are subject to the Apple Public Source License 8 | * Version 2.0 (the 'License'). You may not use this file except in 9 | * compliance with the License. Please obtain a copy of the License at 10 | * http://www.opensource.apple.com/apsl/ and read it before using this 11 | * file. 12 | * 13 | * The Original Code and all software distributed under the License are 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 | * Please see the License for the specific language governing rights and 19 | * limitations under the License. 20 | * 21 | * @APPLE_LICENSE_HEADER_END@ 22 | */ 23 | 24 | 25 | /* 26 | * libDER.h - main header for libDER, a ROM-capable DER decoding library. 27 | * 28 | */ 29 | 30 | #ifndef _LIB_DER_H_ 31 | #define _LIB_DER_H_ 32 | 33 | #ifdef __cplusplus 34 | extern "C" { 35 | #endif 36 | 37 | #include 38 | /* 39 | * Error returns generated by this library. 40 | */ 41 | typedef enum { 42 | DR_Success, 43 | DR_EndOfSequence, /* end of sequence or set */ 44 | DR_UnexpectedTag, /* unexpected tag found while decoding */ 45 | DR_DecodeError, /* misc. decoding error (badly formatted DER) */ 46 | DR_Unimplemented, /* function not implemented in this configuration */ 47 | DR_IncompleteSeq, /* incomplete sequence */ 48 | DR_ParamErr, /* incoming parameter error */ 49 | DR_BufOverflow /* buffer overflow */ 50 | /* etc. */ 51 | } DERReturn; 52 | 53 | /* 54 | * Primary representation of a block of memory. 55 | */ 56 | typedef struct { 57 | DERByte *data; 58 | DERSize length; 59 | } DERItem; 60 | 61 | /* 62 | * The structure of a sequence during decode or encode is expressed as 63 | * an array of DERItemSpecs. While decoding or encoding a sequence, 64 | * each item in the sequence corresponds to one DERItemSpec. 65 | */ 66 | typedef struct { 67 | DERSize offset; /* offset of destination DERItem */ 68 | DERTag tag; /* DER tag */ 69 | DERShort options; /* DER_DEC_xxx or DER_ENC_xxx */ 70 | } DERItemSpec; 71 | 72 | /* 73 | * Macro to obtain offset of a DERDecodedInfo within a struct. 74 | * FIXME this is going to need reworking to avoid compiler warnings 75 | * on 64-bit compiles. It'll work OK as long as an offset can't be larger 76 | * than a DERSize, but the cast from a pointer to a DERSize may 77 | * provoke compiler warnings. 78 | */ 79 | #define DER_OFFSET(type, field) ((DERSize)(&((type *)0)->field)) 80 | 81 | #ifdef __cplusplus 82 | } 83 | #endif 84 | 85 | #endif /* _LIB_DER_H_ */ 86 | 87 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # undefined = use OpenSSL 2 | # 1 = use included sources 3 | #CORECRYPTO = 1 4 | 5 | CC = gcc 6 | CFLAGS = -Wall -W -pedantic 7 | CFLAGS += -std=c99 -Wno-variadic-macros -Wno-multichar -Wno-four-char-constants 8 | CFLAGS += -O2 -m64 -I. -g -DiOS10 -Ilzfse/src 9 | CFLAGS += -DDER_MULTIBYTE_TAGS=1 -DDER_TAG_SIZE=8 10 | CFLAGS += -D__unused="__attribute__((unused))" 11 | 12 | LD = gcc 13 | LDFLAGS = -m64 -g -Llzfse/build/bin 14 | LDLIBS = -llzfse 15 | 16 | SOURCES = \ 17 | libDER/DER_Decode.c \ 18 | libDER/oids.c \ 19 | img4.c 20 | 21 | CCSOURCES = \ 22 | corecrypto/arm/ccn_add.s \ 23 | corecrypto/arm/ccn_addmul1.s \ 24 | corecrypto/arm/ccn_cmp-arm64.s \ 25 | corecrypto/arm/ccn_cmp.s \ 26 | corecrypto/arm/ccn_mul.s \ 27 | corecrypto/arm/ccn_mul1.s \ 28 | corecrypto/arm/ccn_n-arm64.s \ 29 | corecrypto/arm/ccn_n.s \ 30 | corecrypto/arm/ccn_set.s \ 31 | corecrypto/arm/ccn_sub.s \ 32 | corecrypto/intel/ccn_add.s \ 33 | corecrypto/intel/ccn_cmp-x86_64.s \ 34 | corecrypto/intel/ccn_mul.s \ 35 | corecrypto/intel/ccn_n-x86_64.s \ 36 | corecrypto/intel/ccn_sub.s \ 37 | corecrypto/cc_clear.c \ 38 | corecrypto/cc_cmp_safe.c \ 39 | corecrypto/ccaes_cbc_decrypt_mode.c \ 40 | corecrypto/gladman/aescrypt.c \ 41 | corecrypto/gladman/aeskey.c \ 42 | corecrypto/gladman/aestab.c \ 43 | corecrypto/gladman/ccaes_gladman_cbc_decrypt.c \ 44 | corecrypto/arm/aesdata.s \ 45 | corecrypto/arm/aesdecbc.s \ 46 | corecrypto/arm/aeskey.s \ 47 | corecrypto/arm/ccaes_arm_cbc_decrypt_mode.c \ 48 | corecrypto/ccdigest.c \ 49 | corecrypto/ccdigest_final_64be.c \ 50 | corecrypto/ccdigest_init.c \ 51 | corecrypto/ccdigest_update.c \ 52 | corecrypto/ccn_add.c \ 53 | corecrypto/ccn_bitlen.c \ 54 | corecrypto/ccn_cmp.c \ 55 | corecrypto/ccn_mul.c \ 56 | corecrypto/ccn_n.c \ 57 | corecrypto/ccn_read_uint.c \ 58 | corecrypto/ccn_set.c \ 59 | corecrypto/ccn_shift_right.c \ 60 | corecrypto/ccn_shift_right_multi.c \ 61 | corecrypto/ccn_sqr.c \ 62 | corecrypto/ccn_sub.c \ 63 | corecrypto/ccn_write_uint.c \ 64 | corecrypto/ccrsa_emsa_pkcs1v15_verify.c \ 65 | corecrypto/ccrsa_pub_crypt.c \ 66 | corecrypto/ccrsa_verify_pkcs1v15.c \ 67 | corecrypto/ccsha1_initial_state.c \ 68 | corecrypto/ccsha1_ltc.c \ 69 | corecrypto/cczp_init.c \ 70 | corecrypto/cczp_mod.c \ 71 | corecrypto/cczp_mul.c \ 72 | corecrypto/cczp_power_fast.c \ 73 | corecrypto/cczp_sqr.c 74 | 75 | OBJECTS = $(SOURCES:.c=.o) 76 | CCOBJECTS = $(addsuffix .o,$(basename $(CCSOURCES))) 77 | 78 | ifdef CORECRYPTO 79 | CC = clang 80 | CFLAGS += -Wno-gnu -DUSE_CORECRYPTO #-DIBOOT=1 81 | #CFLAGS += -DNO_CCZP_OPTIONS # either way 82 | OBJECTS += $(CCOBJECTS) 83 | else 84 | CFLAGS += -Wno-deprecated-declarations 85 | LDLIBS += -lcrypto 86 | endif 87 | 88 | .c.o: 89 | $(CC) -o $@ $(CFLAGS) -c $< 90 | .s.o: 91 | $(CC) -o $@ $(CFLAGS) -x assembler-with-cpp -c $< 92 | 93 | all: img4 94 | 95 | img4: $(OBJECTS) 96 | $(LD) -o $@ $(LDFLAGS) $^ $(LDLIBS) 97 | 98 | clean: 99 | -$(RM) $(OBJECTS) $(CCOBJECTS) 100 | 101 | distclean: clean 102 | -$(RM) img4 103 | -------------------------------------------------------------------------------- /System/i386/cpu_capabilities.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2003-2009 Apple Inc. All rights reserved. 3 | * 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 | * 6 | * This file contains Original Code and/or Modifications of Original Code 7 | * as defined in and that are subject to the Apple Public Source License 8 | * Version 2.0 (the 'License'). You may not use this file except in 9 | * compliance with the License. The rights granted to you under the License 10 | * may not be used to create, or enable the creation or redistribution of, 11 | * unlawful or unlicensed copies of an Apple operating system, or to 12 | * circumvent, violate, or enable the circumvention or violation of, any 13 | * terms of an Apple operating system software license agreement. 14 | * 15 | * Please obtain a copy of the License at 16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 | * 18 | * The Original Code and all software distributed under the License are 19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 | * Please see the License for the specific language governing rights and 24 | * limitations under the License. 25 | * 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 | */ 28 | 29 | #ifndef _I386_CPU_CAPABILITIES_H 30 | #define _I386_CPU_CAPABILITIES_H 31 | 32 | #ifndef __ASSEMBLER__ 33 | #include 34 | #endif 35 | 36 | /* 37 | * This API only supported for Apple internal use. 38 | */ 39 | 40 | /* Bit definitions for _cpu_capabilities: */ 41 | 42 | #define kHasMMX 0x00000001 43 | #define kHasSSE 0x00000002 44 | #define kHasSSE2 0x00000004 45 | #define kHasSSE3 0x00000008 46 | #define kCache32 0x00000010 /* cache line size is 32 bytes */ 47 | #define kCache64 0x00000020 48 | #define kCache128 0x00000040 49 | #define kFastThreadLocalStorage 0x00000080 /* TLS ptr is kept in a user-mode-readable register */ 50 | #define kHasSupplementalSSE3 0x00000100 51 | #define k64Bit 0x00000200 /* processor supports EM64T (not what mode you're running in) */ 52 | #define kHasSSE4_1 0x00000400 53 | #define kHasSSE4_2 0x00000800 54 | #define kHasAES 0x00001000 55 | #define kInOrderPipeline 0x00002000 56 | #define kSlow 0x00004000 /* tsc < nanosecond */ 57 | #define kUP 0x00008000 /* set if (kNumCPUs == 1) */ 58 | #define kNumCPUs 0x00FF0000 /* number of CPUs (see _NumCPUs() below) */ 59 | #define kNumCPUsShift 16 60 | #define kHasAVX1_0 0x01000000 61 | #define kHasRDRAND 0x02000000 62 | #define kHasF16C 0x04000000 63 | #define kHasENFSTRG 0x08000000 64 | #define kHasFMA 0x10000000 65 | #define kHasAVX2_0 0x20000000 66 | #define kHasBMI1 0x40000000 67 | #define kHasBMI2 0x80000000 68 | /* Extending into 64-bits from here: */ 69 | #define kHasRTM 0x0000000100000000ULL 70 | #define kHasHLE 0x0000000200000000ULL 71 | #define kHasRDSEED 0x0000000800000000ULL 72 | #define kHasADX 0x0000000400000000ULL 73 | #define kHasMPX 0x0000001000000000ULL 74 | #define kHasSGX 0x0000002000000000ULL 75 | 76 | 77 | #ifndef __ASSEMBLER__ 78 | #include 79 | 80 | __BEGIN_DECLS 81 | extern uint64_t _get_cpu_capabilities( void ); 82 | __END_DECLS 83 | 84 | inline static 85 | int _NumCPUs( void ) 86 | { 87 | return (int) (_get_cpu_capabilities() & kNumCPUs) >> kNumCPUsShift; 88 | } 89 | 90 | #endif /* __ASSEMBLER__ */ 91 | 92 | #endif /* _I386_CPU_CAPABILITIES_H */ 93 | -------------------------------------------------------------------------------- /libDER/libDER_config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005-2007,2011-2012,2014 Apple Inc. All Rights Reserved. 3 | * 4 | * @APPLE_LICENSE_HEADER_START@ 5 | * 6 | * This file contains Original Code and/or Modifications of Original Code 7 | * as defined in and that are subject to the Apple Public Source License 8 | * Version 2.0 (the 'License'). You may not use this file except in 9 | * compliance with the License. Please obtain a copy of the License at 10 | * http://www.opensource.apple.com/apsl/ and read it before using this 11 | * file. 12 | * 13 | * The Original Code and all software distributed under the License are 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 | * Please see the License for the specific language governing rights and 19 | * limitations under the License. 20 | * 21 | * @APPLE_LICENSE_HEADER_END@ 22 | */ 23 | 24 | 25 | /* 26 | * libDER_config.h - platform dependent #defines and typedefs for libDER 27 | * 28 | */ 29 | 30 | #ifndef _LIB_DER_CONFIG_H_ 31 | #define _LIB_DER_CONFIG_H_ 32 | 33 | #include 34 | #include 35 | 36 | #ifdef __cplusplus 37 | extern "C" { 38 | #endif 39 | 40 | /* 41 | * Basic data types: unsigned 8-bit integer, unsigned 32-bit integer 42 | */ 43 | typedef uint8_t DERByte; 44 | typedef uint16_t DERShort; 45 | typedef uint32_t DERSize; 46 | 47 | /* 48 | * Use these #defines of you have memset, memmove, and memcmp; else 49 | * write your own equivalents. 50 | */ 51 | 52 | #define DERMemset(ptr, c, len) memset(ptr, c, len) 53 | #define DERMemmove(dst, src, len) memmove(dst, src, len) 54 | #define DERMemcmp(b1, b2, len) memcmp(b1, b2, len) 55 | 56 | 57 | /*** 58 | *** Compile time options to trim size of the library. 59 | ***/ 60 | 61 | /* enable general DER encode */ 62 | #define DER_ENCODE_ENABLE 1 63 | 64 | /* enable general DER decode */ 65 | #define DER_DECODE_ENABLE 1 66 | 67 | #ifndef DER_MULTIBYTE_TAGS 68 | /* enable multibyte tag support. */ 69 | #define DER_MULTIBYTE_TAGS 1 70 | #endif 71 | 72 | #ifndef DER_TAG_SIZE 73 | /* Iff DER_MULTIBYTE_TAGS is 1 this is the sizeof(DERTag) in bytes. Note that 74 | tags are still encoded and decoded from a minimally encoded DER 75 | represantation. This value determines how big each DERItemSpecs is, we 76 | choose 2 since that makes DERItemSpecs 8 bytes wide. */ 77 | #define DER_TAG_SIZE 2 78 | #endif 79 | 80 | 81 | /* ---------------------- Do not edit below this line ---------------------- */ 82 | 83 | /* 84 | * Logical representation of a tag (the encoded representation is always in 85 | * the minimal number of bytes). The top 3 bits encode class and method 86 | * The remaining bits encode the tag value. To obtain smaller DERItemSpecs 87 | * sizes, choose the smallest type that fits your needs. Most standard ASN.1 88 | * usage only needs single byte tags, but ocasionally custom applications 89 | * require a larger tag namespace. 90 | */ 91 | #if DER_MULTIBYTE_TAGS 92 | 93 | #if DER_TAG_SIZE == 1 94 | typedef uint8_t DERTag; 95 | #elif DER_TAG_SIZE == 2 96 | typedef uint16_t DERTag; 97 | #elif DER_TAG_SIZE == 4 98 | typedef uint32_t DERTag; 99 | #elif DER_TAG_SIZE == 8 100 | typedef uint64_t DERTag; 101 | #else 102 | #error DER_TAG_SIZE invalid 103 | #endif 104 | 105 | #else /* DER_MULTIBYTE_TAGS */ 106 | typedef DERByte DERTag; 107 | #endif /* !DER_MULTIBYTE_TAGS */ 108 | 109 | #ifdef __cplusplus 110 | } 111 | #endif 112 | 113 | #endif /* _LIB_DER_CONFIG_H_ */ 114 | -------------------------------------------------------------------------------- /libDER/asn1Types.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005-2007,2011,2014 Apple Inc. All Rights Reserved. 3 | * 4 | * @APPLE_LICENSE_HEADER_START@ 5 | * 6 | * This file contains Original Code and/or Modifications of Original Code 7 | * as defined in and that are subject to the Apple Public Source License 8 | * Version 2.0 (the 'License'). You may not use this file except in 9 | * compliance with the License. Please obtain a copy of the License at 10 | * http://www.opensource.apple.com/apsl/ and read it before using this 11 | * file. 12 | * 13 | * The Original Code and all software distributed under the License are 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 | * Please see the License for the specific language governing rights and 19 | * limitations under the License. 20 | * 21 | * @APPLE_LICENSE_HEADER_END@ 22 | */ 23 | 24 | 25 | /* 26 | * asn1Types.h - ASN.1/DER #defines - strictly hard coded per the real world 27 | * 28 | */ 29 | 30 | #ifndef _ASN1_TYPES_H_ 31 | #define _ASN1_TYPES_H_ 32 | 33 | #ifdef __cplusplus 34 | extern "C" { 35 | #endif 36 | 37 | /* copied from libsecurity_asn1 project */ 38 | 39 | #define ASN1_BOOLEAN 0x01 40 | #define ASN1_INTEGER 0x02 41 | #define ASN1_BIT_STRING 0x03 42 | #define ASN1_OCTET_STRING 0x04 43 | #define ASN1_NULL 0x05 44 | #define ASN1_OBJECT_ID 0x06 45 | #define ASN1_OBJECT_DESCRIPTOR 0x07 46 | /* External type and instance-of type 0x08 */ 47 | #define ASN1_REAL 0x09 48 | #define ASN1_ENUMERATED 0x0a 49 | #define ASN1_EMBEDDED_PDV 0x0b 50 | #define ASN1_UTF8_STRING 0x0c 51 | /* 0x0d */ 52 | /* 0x0e */ 53 | /* 0x0f */ 54 | #define ASN1_SEQUENCE 0x10 55 | #define ASN1_SET 0x11 56 | #define ASN1_NUMERIC_STRING 0x12 57 | #define ASN1_PRINTABLE_STRING 0x13 58 | #define ASN1_T61_STRING 0x14 59 | #define ASN1_VIDEOTEX_STRING 0x15 60 | #define ASN1_IA5_STRING 0x16 61 | #define ASN1_UTC_TIME 0x17 62 | #define ASN1_GENERALIZED_TIME 0x18 63 | #define ASN1_GRAPHIC_STRING 0x19 64 | #define ASN1_VISIBLE_STRING 0x1a 65 | #define ASN1_GENERAL_STRING 0x1b 66 | #define ASN1_UNIVERSAL_STRING 0x1c 67 | /* 0x1d */ 68 | #define ASN1_BMP_STRING 0x1e 69 | #define ASN1_HIGH_TAG_NUMBER 0x1f 70 | #define ASN1_TELETEX_STRING ASN1_T61_STRING 71 | 72 | #ifdef DER_MULTIBYTE_TAGS 73 | 74 | #define ASN1_TAG_MASK ((DERTag)~0) 75 | #define ASN1_TAGNUM_MASK ((DERTag)~((DERTag)7 << (sizeof(DERTag) * 8 - 3))) 76 | 77 | #define ASN1_METHOD_MASK ((DERTag)1 << (sizeof(DERTag) * 8 - 3)) 78 | #define ASN1_PRIMITIVE ((DERTag)0 << (sizeof(DERTag) * 8 - 3)) 79 | #define ASN1_CONSTRUCTED ((DERTag)1 << (sizeof(DERTag) * 8 - 3)) 80 | 81 | #define ASN1_CLASS_MASK ((DERTag)3 << (sizeof(DERTag) * 8 - 2)) 82 | #define ASN1_UNIVERSAL ((DERTag)0 << (sizeof(DERTag) * 8 - 2)) 83 | #define ASN1_APPLICATION ((DERTag)1 << (sizeof(DERTag) * 8 - 2)) 84 | #define ASN1_CONTEXT_SPECIFIC ((DERTag)2 << (sizeof(DERTag) * 8 - 2)) 85 | #define ASN1_PRIVATE ((DERTag)3 << (sizeof(DERTag) * 8 - 2)) 86 | 87 | #else /* DER_MULTIBYTE_TAGS */ 88 | 89 | #define ASN1_TAG_MASK 0xff 90 | #define ASN1_TAGNUM_MASK 0x1f 91 | #define ASN1_METHOD_MASK 0x20 92 | #define ASN1_PRIMITIVE 0x00 93 | #define ASN1_CONSTRUCTED 0x20 94 | 95 | #define ASN1_CLASS_MASK 0xc0 96 | #define ASN1_UNIVERSAL 0x00 97 | #define ASN1_APPLICATION 0x40 98 | #define ASN1_CONTEXT_SPECIFIC 0x80 99 | #define ASN1_PRIVATE 0xc0 100 | 101 | #endif /* !DER_MULTIBYTE_TAGS */ 102 | 103 | /* sequence and set appear as the following */ 104 | #define ASN1_CONSTR_SEQUENCE (ASN1_CONSTRUCTED | ASN1_SEQUENCE) 105 | #define ASN1_CONSTR_SET (ASN1_CONSTRUCTED | ASN1_SET) 106 | 107 | #ifdef __cplusplus 108 | } 109 | #endif 110 | 111 | #endif /* _ASN1_TYPES_H_ */ 112 | 113 | -------------------------------------------------------------------------------- /libDER/oids.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005-2009,2011-2014 Apple Inc. All Rights Reserved. 3 | * 4 | * @APPLE_LICENSE_HEADER_START@ 5 | * 6 | * This file contains Original Code and/or Modifications of Original Code 7 | * as defined in and that are subject to the Apple Public Source License 8 | * Version 2.0 (the 'License'). You may not use this file except in 9 | * compliance with the License. Please obtain a copy of the License at 10 | * http://www.opensource.apple.com/apsl/ and read it before using this 11 | * file. 12 | * 13 | * The Original Code and all software distributed under the License are 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 | * Please see the License for the specific language governing rights and 19 | * limitations under the License. 20 | * 21 | * @APPLE_LICENSE_HEADER_END@ 22 | */ 23 | 24 | 25 | /* 26 | * oids.h - declaration of OID consts 27 | * 28 | */ 29 | 30 | #ifndef _LIB_DER_OIDS_H_ 31 | #define _LIB_DER_OIDS_H_ 32 | 33 | #include 34 | #include 35 | 36 | #ifdef __cplusplus 37 | extern "C" { 38 | #endif 39 | 40 | /* Algorithm oids. */ 41 | extern const DERItem 42 | oidRsa, /* PKCS1 RSA encryption, used to identify RSA keys */ 43 | oidMd2Rsa, /* PKCS1 md2withRSAEncryption signature alg */ 44 | oidMd5Rsa, /* PKCS1 md5withRSAEncryption signature alg */ 45 | oidSha1Rsa, /* PKCS1 sha1withRSAEncryption signature alg */ 46 | oidSha256Rsa, /* PKCS1 sha256WithRSAEncryption signature alg */ 47 | oidEcPubKey, /* ECDH or ECDSA public key in a certificate */ 48 | oidSha1Ecdsa, /* ECDSA with SHA1 signature alg */ 49 | oidSha224Ecdsa, /* ECDSA with SHA224 signature alg */ 50 | oidSha256Ecdsa, /* ECDSA with SHA256 signature alg */ 51 | oidSha384Ecdsa, /* ECDSA with SHA384 signature alg */ 52 | oidSha512Ecdsa, /* ECDSA with SHA512 signature alg */ 53 | oidMd2, /* OID_RSA_HASH 2 */ 54 | oidMd4, /* OID_RSA_HASH 4 */ 55 | oidMd5, /* OID_RSA_HASH 5 */ 56 | oidSha1, /* OID_OIW_ALGORITHM 26 */ 57 | oidSha256, /* OID_NIST_HASHALG 1 */ 58 | oidSha384, /* OID_NIST_HASHALG 2 */ 59 | oidSha512, /* OID_NIST_HASHALG 3 */ 60 | oidSha224; /* OID_NIST_HASHALG 4 */ 61 | 62 | /* Standard X.509 Cert and CRL extensions. */ 63 | extern const DERItem 64 | oidSubjectKeyIdentifier, 65 | oidKeyUsage, 66 | oidPrivateKeyUsagePeriod, 67 | oidSubjectAltName, 68 | oidIssuerAltName, 69 | oidBasicConstraints, 70 | oidCrlDistributionPoints, 71 | oidCertificatePolicies, 72 | oidAnyPolicy, 73 | oidPolicyMappings, 74 | oidAuthorityKeyIdentifier, 75 | oidPolicyConstraints, 76 | oidExtendedKeyUsage, 77 | oidAnyExtendedKeyUsage, 78 | oidInhibitAnyPolicy, 79 | oidAuthorityInfoAccess, 80 | oidSubjectInfoAccess, 81 | oidAdOCSP, 82 | oidAdCAIssuer, 83 | oidNetscapeCertType, 84 | oidEntrustVersInfo, 85 | oidMSNTPrincipalName, 86 | /* Policy Qualifier IDs for Internet policy qualifiers. */ 87 | oidQtCps, 88 | oidQtUNotice, 89 | /* X.501 Name IDs. */ 90 | oidCommonName, 91 | oidCountryName, 92 | oidLocalityName, 93 | oidStateOrProvinceName, 94 | oidOrganizationName, 95 | oidOrganizationalUnitName, 96 | oidDescription, 97 | oidEmailAddress, 98 | oidFriendlyName, 99 | oidLocalKeyId, 100 | oidExtendedKeyUsageServerAuth, 101 | oidExtendedKeyUsageClientAuth, 102 | oidExtendedKeyUsageCodeSigning, 103 | oidExtendedKeyUsageEmailProtection, 104 | oidExtendedKeyUsageOCSPSigning, 105 | oidExtendedKeyUsageIPSec, 106 | oidExtendedKeyUsageMicrosoftSGC, 107 | oidExtendedKeyUsageNetscapeSGC, 108 | /* Secure Boot Spec oid */ 109 | oidAppleSecureBootCertSpec, 110 | oidAppleProvisioningProfile, 111 | oidAppleApplicationSigning, 112 | oidAppleInstallerPackagingSigningExternal, 113 | oidAppleExtendedKeyUsageAppleID, 114 | oidAppleExtendedKeyUsageShoebox, 115 | oidAppleExtendedKeyUsageProfileSigning, 116 | oidAppleExtendedKeyUsageQAProfileSigning, 117 | oidAppleIntmMarkerAppleID, 118 | oidAppleIntmMarkerAppleID2, 119 | oidApplePushServiceClient, 120 | oidApplePolicyMobileStore, 121 | oidApplePolicyTestMobileStore, 122 | oidApplePolicyEscrowService, 123 | oidAppleCertExtensionAppleIDRecordValidationSigning, 124 | oidAppleIntmMarkerAppleSystemIntg2, 125 | oidAppleIntmMarkerAppleSystemIntgG3, 126 | oidAppleCertExtAppleSMPEncryption, 127 | oidAppleCertExtAppleServerAuthentication, 128 | oidAppleIntmMarkerAppleServerAuthentication; 129 | 130 | /* Compare two decoded OIDs. Returns true iff they are equivalent. */ 131 | bool DEROidCompare(const DERItem *oid1, const DERItem *oid2); 132 | 133 | #ifdef __cplusplus 134 | } 135 | #endif 136 | 137 | #endif /* _LIB_DER_UTILS_H_ */ 138 | -------------------------------------------------------------------------------- /libDER/DER_Decode.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005-2011 Apple Inc. All Rights Reserved. 3 | * 4 | * @APPLE_LICENSE_HEADER_START@ 5 | * 6 | * This file contains Original Code and/or Modifications of Original Code 7 | * as defined in and that are subject to the Apple Public Source License 8 | * Version 2.0 (the 'License'). You may not use this file except in 9 | * compliance with the License. Please obtain a copy of the License at 10 | * http://www.opensource.apple.com/apsl/ and read it before using this 11 | * file. 12 | * 13 | * The Original Code and all software distributed under the License are 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 | * Please see the License for the specific language governing rights and 19 | * limitations under the License. 20 | * 21 | * @APPLE_LICENSE_HEADER_END@ 22 | */ 23 | 24 | /* 25 | * DER_Decode.h - DER decoding routines 26 | */ 27 | /* 28 | * NOTICE: This file was modified by xerub to reflect binary code. 29 | */ 30 | 31 | #ifndef _DER_DECODE_H_ 32 | #define _DER_DECODE_H_ 33 | 34 | #ifdef __cplusplus 35 | extern "C" { 36 | #endif 37 | 38 | #include 39 | #include 40 | 41 | /* 42 | * Decoding one item consists of extracting its tag, a pointer 43 | * to the actual content, and the length of the content. Those 44 | * three are represented by a DERDecodedInfo. 45 | */ 46 | typedef struct { 47 | DERTag tag; 48 | DERItem content; 49 | } DERDecodedInfo; 50 | 51 | /* 52 | * Basic decoding primitive. Only works with: 53 | * 54 | * -- definite length encoding 55 | * -- one-byte tags 56 | * -- max content length fits in a DERSize 57 | * 58 | * No malloc or copy of the contents is performed; the returned 59 | * content->content.data is a pointer into the incoming der data. 60 | */ 61 | DERReturn DERDecodeItem( 62 | const DERItem *der, /* data to decode */ 63 | DERDecodedInfo *decoded); /* RETURNED */ 64 | 65 | DERReturn DERDecodeItemPartialBuffer( 66 | const DERItem *der, /* data to decode */ 67 | DERDecodedInfo *decoded, /* RETURNED */ 68 | bool partial); 69 | 70 | /* 71 | * Given a BIT_STRING, in the form of its raw content bytes, 72 | * obtain the number of unused bits and the raw bit string bytes. 73 | */ 74 | DERReturn DERParseBitString( 75 | const DERItem *contents, 76 | DERItem *bitStringBytes, /* RETURNED */ 77 | DERByte *numUnusedBits); /* RETURNED */ 78 | 79 | /* 80 | * Given a BOOLEAN, in the form of its raw content bytes, 81 | * obtain it's value. 82 | */ 83 | DERReturn DERParseBoolean( 84 | const DERItem *contents, 85 | bool *value); /* RETURNED */ 86 | 87 | DERReturn DERParseInteger( 88 | const DERItem *contents, 89 | uint32_t *value); /* RETURNED */ 90 | 91 | DERReturn DERParseInteger64( 92 | const DERItem *contents, 93 | uint64_t *value); /* RETURNED */ 94 | 95 | /* 96 | * Sequence/set decode support. 97 | */ 98 | 99 | /* state representing a sequence or set being decoded */ 100 | typedef struct { 101 | DERByte *nextItem; 102 | DERByte *end; 103 | } DERSequence; 104 | 105 | /* 106 | * To decode a set or sequence, call DERDecodeSeqInit or 107 | * DERDecodeSeqContentInit once, then call DERDecodeSeqNext to 108 | * get each enclosed item. 109 | * 110 | * DERDecodeSeqNext returns DR_EndOfSequence when no more 111 | * items are available. 112 | */ 113 | 114 | /* 115 | * Use this to parse the top level sequence's tag and content length. 116 | */ 117 | DERReturn DERDecodeSeqInit( 118 | const DERItem *der, /* data to decode */ 119 | DERTag *tag, /* RETURNED tag of sequence/set. This will be 120 | * either ASN1_CONSTR_SEQUENCE or 121 | * ASN1_CONSTR_SET. */ 122 | DERSequence *derSeq); /* RETURNED, to use in DERDecodeSeqNext */ 123 | 124 | /* 125 | * Use this to start in on decoding a sequence's content, when 126 | * the top-level tag and content have already been decoded. 127 | */ 128 | DERReturn DERDecodeSeqContentInit( 129 | const DERItem *content, 130 | DERSequence *derSeq); /* RETURNED, to use in DERDecodeSeqNext */ 131 | 132 | /* obtain the next decoded item in a sequence or set */ 133 | DERReturn DERDecodeSeqNext( 134 | DERSequence *derSeq, 135 | DERDecodedInfo *decoded); /* RETURNED */ 136 | 137 | /* 138 | * High level sequence decode. 139 | */ 140 | 141 | /* 142 | * Per-item decode options. 143 | */ 144 | 145 | /* Explicit default, no options */ 146 | #define DER_DEC_NO_OPTS 0x0000 147 | 148 | /* This item optional, can be skipped during decode */ 149 | #define DER_DEC_OPTIONAL 0x0001 150 | 151 | /* Skip the tag check; accept anything. */ 152 | #define DER_DEC_ASN_ANY 0x0002 153 | 154 | /* Skip item, no write to DERDecodedInfo (but tag check still performed) */ 155 | #define DER_DEC_SKIP 0x0004 156 | 157 | /* Save full DER encoding in DERDecodedInfo, including tag and length. Normally 158 | * only the content is saved. */ 159 | #define DER_DEC_SAVE_DER 0x0008 160 | 161 | /* 162 | * High level sequence parse, starting with top-level tag and content. 163 | * Top level tag must be ASN1_CONSTR_SEQUENCE - if it's not, and that's 164 | * OK, use DERParseSequenceContent(). 165 | * 166 | * These never return DR_EndOfSequence - if an *unexpected* end of sequence 167 | * occurs, return DR_IncompleteSeq. 168 | * 169 | * Results of the decoding of one item are placed in a DERItem whose address 170 | * is the dest arg plus the offset value in the associated DERItemSpec. 171 | * 172 | * Items which are optional (DER_DEC_OPTIONAL) and which are not found, 173 | * leave their associated DERDecodedInfos unmodified. 174 | * 175 | * Processing of a sequence ends on detection of any error or after the 176 | * last DERItemSpec is processed. 177 | * 178 | * The sizeToZero argument, if nonzero, indicates the number of bytes 179 | * starting at dest to zero before processing the sequence. This is 180 | * generally desirable, particularly if there are any DER_DEC_OPTIONAL 181 | * items in the sequence; skipped optional items are detected by the 182 | * caller via a NULL DERDecodedInfo.content.data; if this hasn't been 183 | * explicitly zeroed (generally, by passing a nonzero value of sizeToZero), 184 | * skipped items can't be detected. 185 | */ 186 | DERReturn DERParseSequence( 187 | const DERItem *der, 188 | DERShort numItems, /* size of itemSpecs[] */ 189 | const DERItemSpec *itemSpecs, 190 | void *dest, /* DERDecodedInfo(s) here RETURNED */ 191 | DERSize sizeToZero); /* optional */ 192 | 193 | /* high level sequence parse, starting with sequence's content */ 194 | DERReturn DERParseSequenceContent( 195 | const DERItem *content, 196 | DERShort numItems, /* size of itemSpecs[] */ 197 | const DERItemSpec *itemSpecs, 198 | void *dest, /* DERDecodedInfo(s) here RETURNED */ 199 | DERSize sizeToZero); /* optional */ 200 | 201 | #ifdef __cplusplus 202 | } 203 | #endif 204 | 205 | #endif /* _DER_DECODE_H_ */ 206 | 207 | -------------------------------------------------------------------------------- /validate_ca.h: -------------------------------------------------------------------------------- 1 | const unsigned char ROOT_CA_CERTIFICATE[] = { 2 | 0x30, 0x82, 0x04, 0xbb, 0x30, 0x82, 0x03, 0xa3, 0xa0, 0x03, 0x02, 0x01, 3 | 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 4 | 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x62, 0x31, 0x0b, 0x30, 5 | 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 6 | 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 7 | 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x26, 0x30, 0x24, 0x06, 8 | 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 9 | 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 10 | 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 11 | 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0d, 0x41, 0x70, 12 | 0x70, 0x6c, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 13 | 0x1e, 0x17, 0x0d, 0x30, 0x36, 0x30, 0x34, 0x32, 0x35, 0x32, 0x31, 0x34, 14 | 0x30, 0x33, 0x36, 0x5a, 0x17, 0x0d, 0x33, 0x35, 0x30, 0x32, 0x30, 0x39, 15 | 0x32, 0x31, 0x34, 0x30, 0x33, 0x36, 0x5a, 0x30, 0x62, 0x31, 0x0b, 0x30, 16 | 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 17 | 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 18 | 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x26, 0x30, 0x24, 0x06, 19 | 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 20 | 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 21 | 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 22 | 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0d, 0x41, 0x70, 23 | 0x70, 0x6c, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, 24 | 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 25 | 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 26 | 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xe4, 0x91, 0xa9, 0x09, 27 | 0x1f, 0x91, 0xdb, 0x1e, 0x47, 0x50, 0xeb, 0x05, 0xed, 0x5e, 0x79, 0x84, 28 | 0x2d, 0xeb, 0x36, 0xa2, 0x57, 0x4c, 0x55, 0xec, 0x8b, 0x19, 0x89, 0xde, 29 | 0xf9, 0x4b, 0x6c, 0xf5, 0x07, 0xab, 0x22, 0x30, 0x02, 0xe8, 0x18, 0x3e, 30 | 0xf8, 0x50, 0x09, 0xd3, 0x7f, 0x41, 0xa8, 0x98, 0xf9, 0xd1, 0xca, 0x66, 31 | 0x9c, 0x24, 0x6b, 0x11, 0xd0, 0xa3, 0xbb, 0xe4, 0x1b, 0x2a, 0xc3, 0x1f, 32 | 0x95, 0x9e, 0x7a, 0x0c, 0xa4, 0x47, 0x8b, 0x5b, 0xd4, 0x16, 0x37, 0x33, 33 | 0xcb, 0xc4, 0x0f, 0x4d, 0xce, 0x14, 0x69, 0xd1, 0xc9, 0x19, 0x72, 0xf5, 34 | 0x5d, 0x0e, 0xd5, 0x7f, 0x5f, 0x9b, 0xf2, 0x25, 0x03, 0xba, 0x55, 0x8f, 35 | 0x4d, 0x5d, 0x0d, 0xf1, 0x64, 0x35, 0x23, 0x15, 0x4b, 0x15, 0x59, 0x1d, 36 | 0xb3, 0x94, 0xf7, 0xf6, 0x9c, 0x9e, 0xcf, 0x50, 0xba, 0xc1, 0x58, 0x50, 37 | 0x67, 0x8f, 0x08, 0xb4, 0x20, 0xf7, 0xcb, 0xac, 0x2c, 0x20, 0x6f, 0x70, 38 | 0xb6, 0x3f, 0x01, 0x30, 0x8c, 0xb7, 0x43, 0xcf, 0x0f, 0x9d, 0x3d, 0xf3, 39 | 0x2b, 0x49, 0x28, 0x1a, 0xc8, 0xfe, 0xce, 0xb5, 0xb9, 0x0e, 0xd9, 0x5e, 40 | 0x1c, 0xd6, 0xcb, 0x3d, 0xb5, 0x3a, 0xad, 0xf4, 0x0f, 0x0e, 0x00, 0x92, 41 | 0x0b, 0xb1, 0x21, 0x16, 0x2e, 0x74, 0xd5, 0x3c, 0x0d, 0xdb, 0x62, 0x16, 42 | 0xab, 0xa3, 0x71, 0x92, 0x47, 0x53, 0x55, 0xc1, 0xaf, 0x2f, 0x41, 0xb3, 43 | 0xf8, 0xfb, 0xe3, 0x70, 0xcd, 0xe6, 0xa3, 0x4c, 0x45, 0x7e, 0x1f, 0x4c, 44 | 0x6b, 0x50, 0x96, 0x41, 0x89, 0xc4, 0x74, 0x62, 0x0b, 0x10, 0x83, 0x41, 45 | 0x87, 0x33, 0x8a, 0x81, 0xb1, 0x30, 0x58, 0xec, 0x5a, 0x04, 0x32, 0x8c, 46 | 0x68, 0xb3, 0x8f, 0x1d, 0xde, 0x65, 0x73, 0xff, 0x67, 0x5e, 0x65, 0xbc, 47 | 0x49, 0xd8, 0x76, 0x9f, 0x33, 0x14, 0x65, 0xa1, 0x77, 0x94, 0xc9, 0x2d, 48 | 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x7a, 0x30, 0x82, 0x01, 49 | 0x76, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 50 | 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 51 | 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 52 | 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x2b, 0xd0, 0x69, 53 | 0x47, 0x94, 0x76, 0x09, 0xfe, 0xf4, 0x6b, 0x8d, 0x2e, 0x40, 0xa6, 0xf7, 54 | 0x47, 0x4d, 0x7f, 0x08, 0x5e, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 55 | 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x2b, 0xd0, 0x69, 0x47, 0x94, 0x76, 56 | 0x09, 0xfe, 0xf4, 0x6b, 0x8d, 0x2e, 0x40, 0xa6, 0xf7, 0x47, 0x4d, 0x7f, 57 | 0x08, 0x5e, 0x30, 0x82, 0x01, 0x11, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 58 | 0x82, 0x01, 0x08, 0x30, 0x82, 0x01, 0x04, 0x30, 0x82, 0x01, 0x00, 0x06, 59 | 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x63, 0x64, 0x05, 0x01, 0x30, 0x81, 60 | 0xf2, 0x30, 0x2a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 61 | 0x01, 0x16, 0x1e, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 62 | 0x77, 0x77, 0x2e, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 63 | 0x2f, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x63, 0x61, 0x2f, 0x30, 0x81, 0xc3, 64 | 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30, 0x81, 65 | 0xb6, 0x1a, 0x81, 0xb3, 0x52, 0x65, 0x6c, 0x69, 0x61, 0x6e, 0x63, 0x65, 66 | 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x63, 0x65, 0x72, 67 | 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x62, 0x79, 0x20, 68 | 0x61, 0x6e, 0x79, 0x20, 0x70, 0x61, 0x72, 0x74, 0x79, 0x20, 0x61, 0x73, 69 | 0x73, 0x75, 0x6d, 0x65, 0x73, 0x20, 0x61, 0x63, 0x63, 0x65, 0x70, 0x74, 70 | 0x61, 0x6e, 0x63, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 71 | 0x74, 0x68, 0x65, 0x6e, 0x20, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 72 | 0x62, 0x6c, 0x65, 0x20, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 73 | 0x20, 0x74, 0x65, 0x72, 0x6d, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x63, 74 | 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x6f, 0x66, 75 | 0x20, 0x75, 0x73, 0x65, 0x2c, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 76 | 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 77 | 0x20, 0x61, 0x6e, 0x64, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 78 | 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x70, 0x72, 0x61, 0x63, 0x74, 79 | 0x69, 0x63, 0x65, 0x20, 0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 80 | 0x74, 0x73, 0x2e, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 81 | 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x5c, 82 | 0x36, 0x99, 0x4c, 0x2d, 0x78, 0xb7, 0xed, 0x8c, 0x9b, 0xdc, 0xf3, 0x77, 83 | 0x9b, 0xf2, 0x76, 0xd2, 0x77, 0x30, 0x4f, 0xc1, 0x1f, 0x85, 0x83, 0x85, 84 | 0x1b, 0x99, 0x3d, 0x47, 0x37, 0xf2, 0xa9, 0x9b, 0x40, 0x8e, 0x2c, 0xd4, 85 | 0xb1, 0x90, 0x12, 0xd8, 0xbe, 0xf4, 0x73, 0x9b, 0xee, 0xd2, 0x64, 0x0f, 86 | 0xcb, 0x79, 0x4f, 0x34, 0xd8, 0xa2, 0x3e, 0xf9, 0x78, 0xff, 0x6b, 0xc8, 87 | 0x07, 0xec, 0x7d, 0x39, 0x83, 0x8b, 0x53, 0x20, 0xd3, 0x38, 0xc4, 0xb1, 88 | 0xbf, 0x9a, 0x4f, 0x0a, 0x6b, 0xff, 0x2b, 0xfc, 0x59, 0xa7, 0x05, 0x09, 89 | 0x7c, 0x17, 0x40, 0x56, 0x11, 0x1e, 0x74, 0xd3, 0xb7, 0x8b, 0x23, 0x3b, 90 | 0x47, 0xa3, 0xd5, 0x6f, 0x24, 0xe2, 0xeb, 0xd1, 0xb7, 0x70, 0xdf, 0x0f, 91 | 0x45, 0xe1, 0x27, 0xca, 0xf1, 0x6d, 0x78, 0xed, 0xe7, 0xb5, 0x17, 0x17, 92 | 0xa8, 0xdc, 0x7e, 0x22, 0x35, 0xca, 0x25, 0xd5, 0xd9, 0x0f, 0xd6, 0x6b, 93 | 0xd4, 0xa2, 0x24, 0x23, 0x11, 0xf7, 0xa1, 0xac, 0x8f, 0x73, 0x81, 0x60, 94 | 0xc6, 0x1b, 0x5b, 0x09, 0x2f, 0x92, 0xb2, 0xf8, 0x44, 0x48, 0xf0, 0x60, 95 | 0x38, 0x9e, 0x15, 0xf5, 0x3d, 0x26, 0x67, 0x20, 0x8a, 0x33, 0x6a, 0xf7, 96 | 0x0d, 0x82, 0xcf, 0xde, 0xeb, 0xa3, 0x2f, 0xf9, 0x53, 0x6a, 0x5b, 0x64, 97 | 0xc0, 0x63, 0x33, 0x77, 0xf7, 0x3a, 0x07, 0x2c, 0x56, 0xeb, 0xda, 0x0f, 98 | 0x21, 0x0e, 0xda, 0xba, 0x73, 0x19, 0x4f, 0xb5, 0xd9, 0x36, 0x7f, 0xc1, 99 | 0x87, 0x55, 0xd9, 0xa7, 0x99, 0xb9, 0x32, 0x42, 0xfb, 0xd8, 0xd5, 0x71, 100 | 0x9e, 0x7e, 0xa1, 0x52, 0xb7, 0x1b, 0xbd, 0x93, 0x42, 0x24, 0x12, 0x2a, 101 | 0xc7, 0x0f, 0x1d, 0xb6, 0x4d, 0x9c, 0x5e, 0x63, 0xc8, 0x4b, 0x80, 0x17, 102 | 0x50, 0xaa, 0x8a, 0xd5, 0xda, 0xe4, 0xfc, 0xd0, 0x09, 0x07, 0x37, 0xb0, 103 | 0x75, 0x75, 0x21 104 | }; 105 | const unsigned int ROOT_CA_CERTIFICATE_SIZE = 1215; 106 | -------------------------------------------------------------------------------- /lzss.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "lzss.h" 5 | 6 | #define BASE 65521L /* largest prime smaller than 65536 */ 7 | #define NMAX 5000 8 | // NMAX (was 5521) the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 9 | 10 | #define DO1(buf,i) {s1 += buf[i]; s2 += s1;} 11 | #define DO2(buf,i) DO1(buf,i); DO1(buf,i+1); 12 | #define DO4(buf,i) DO2(buf,i); DO2(buf,i+2); 13 | #define DO8(buf,i) DO4(buf,i); DO4(buf,i+4); 14 | #define DO16(buf) DO8(buf,0); DO8(buf,8); 15 | 16 | uint32_t lzadler32(uint8_t *buf, int32_t len) 17 | { 18 | unsigned long s1 = 1; // adler & 0xffff; 19 | unsigned long s2 = 0; // (adler >> 16) & 0xffff; 20 | int k; 21 | 22 | while (len > 0) { 23 | k = len < NMAX ? len : NMAX; 24 | len -= k; 25 | while (k >= 16) { 26 | DO16(buf); 27 | buf += 16; 28 | k -= 16; 29 | } 30 | if (k != 0) do { 31 | s1 += *buf++; 32 | s2 += s1; 33 | } while (--k); 34 | s1 %= BASE; 35 | s2 %= BASE; 36 | } 37 | return (s2 << 16) | s1; 38 | } 39 | 40 | 41 | 42 | /************************************************************** 43 | LZSS.C -- A Data Compression Program 44 | *************************************************************** 45 | 4/6/1989 Haruhiko Okumura 46 | Use, distribute, and modify this program freely. 47 | Please send me your improved versions. 48 | PC-VAN SCIENCE 49 | NIFTY-Serve PAF01022 50 | CompuServe 74050,1022 51 | 52 | **************************************************************/ 53 | 54 | #define N 4096 /* size of ring buffer - must be power of 2 */ 55 | #define F 18 /* upper limit for match_length */ 56 | #define THRESHOLD 2 /* encode string into position and length 57 | if match_length is greater than this */ 58 | #define NIL N /* index for root of binary search trees */ 59 | 60 | struct encode_state { 61 | /* 62 | * left & right children & parent. These constitute binary search trees. 63 | */ 64 | int lchild[N + 1], rchild[N + 257], parent[N + 1]; 65 | 66 | /* ring buffer of size N, with extra F-1 bytes to aid string comparison */ 67 | uint8_t text_buf[N + F - 1]; 68 | 69 | /* 70 | * match_length of longest match. 71 | * These are set by the insert_node() procedure. 72 | */ 73 | int match_position, match_length; 74 | }; 75 | 76 | 77 | int 78 | decompress_lzss(uint8_t *dst, uint8_t *src, uint32_t srclen) 79 | { 80 | /* ring buffer of size N, with extra F-1 bytes to aid string comparison */ 81 | uint8_t text_buf[N + F - 1]; 82 | uint8_t *dststart = dst; 83 | uint8_t *srcend = src + srclen; 84 | int i, j, k, r, c; 85 | unsigned int flags; 86 | 87 | dst = dststart; 88 | srcend = src + srclen; 89 | for (i = 0; i < N - F; i++) 90 | text_buf[i] = ' '; 91 | r = N - F; 92 | flags = 0; 93 | for ( ; ; ) { 94 | if (((flags >>= 1) & 0x100) == 0) { 95 | if (src < srcend) c = *src++; else break; 96 | flags = c | 0xFF00; /* uses higher byte cleverly */ 97 | } /* to count eight */ 98 | if (flags & 1) { 99 | if (src < srcend) c = *src++; else break; 100 | *dst++ = c; 101 | text_buf[r++] = c; 102 | r &= (N - 1); 103 | } else { 104 | if (src < srcend) i = *src++; else break; 105 | if (src < srcend) j = *src++; else break; 106 | i |= ((j & 0xF0) << 4); 107 | j = (j & 0x0F) + THRESHOLD; 108 | for (k = 0; k <= j; k++) { 109 | c = text_buf[(i + k) & (N - 1)]; 110 | *dst++ = c; 111 | text_buf[r++] = c; 112 | r &= (N - 1); 113 | } 114 | } 115 | } 116 | 117 | return dst - dststart; 118 | } 119 | 120 | /* 121 | * initialize state, mostly the trees 122 | * 123 | * For i = 0 to N - 1, rchild[i] and lchild[i] will be the right and left 124 | * children of node i. These nodes need not be initialized. Also, parent[i] 125 | * is the parent of node i. These are initialized to NIL (= N), which stands 126 | * for 'not used.' For i = 0 to 255, rchild[N + i + 1] is the root of the 127 | * tree for strings that begin with character i. These are initialized to NIL. 128 | * Note there are 256 trees. */ 129 | static void init_state(struct encode_state *sp) 130 | { 131 | int i; 132 | 133 | memset(sp, 0, sizeof(*sp)); 134 | 135 | for (i = 0; i < N - F; i++) 136 | sp->text_buf[i] = ' '; 137 | for (i = N + 1; i <= N + 256; i++) 138 | sp->rchild[i] = NIL; 139 | for (i = 0; i < N; i++) 140 | sp->parent[i] = NIL; 141 | } 142 | 143 | /* 144 | * Inserts string of length F, text_buf[r..r+F-1], into one of the trees 145 | * (text_buf[r]'th tree) and returns the longest-match position and length 146 | * via the global variables match_position and match_length. 147 | * If match_length = F, then removes the old node in favor of the new one, 148 | * because the old one will be deleted sooner. Note r plays double role, 149 | * as tree node and position in buffer. 150 | */ 151 | static void insert_node(struct encode_state *sp, int r) 152 | { 153 | int i, p, cmp; 154 | uint8_t *key; 155 | 156 | cmp = 1; 157 | key = &sp->text_buf[r]; 158 | p = N + 1 + key[0]; 159 | sp->rchild[r] = sp->lchild[r] = NIL; 160 | sp->match_length = 0; 161 | for ( ; ; ) { 162 | if (cmp >= 0) { 163 | if (sp->rchild[p] != NIL) 164 | p = sp->rchild[p]; 165 | else { 166 | sp->rchild[p] = r; 167 | sp->parent[r] = p; 168 | return; 169 | } 170 | } else { 171 | if (sp->lchild[p] != NIL) 172 | p = sp->lchild[p]; 173 | else { 174 | sp->lchild[p] = r; 175 | sp->parent[r] = p; 176 | return; 177 | } 178 | } 179 | for (i = 1; i < F; i++) { 180 | if ((cmp = key[i] - sp->text_buf[p + i]) != 0) 181 | break; 182 | } 183 | if (i > sp->match_length) { 184 | sp->match_position = p; 185 | if ((sp->match_length = i) >= F) 186 | break; 187 | } 188 | } 189 | sp->parent[r] = sp->parent[p]; 190 | sp->lchild[r] = sp->lchild[p]; 191 | sp->rchild[r] = sp->rchild[p]; 192 | sp->parent[sp->lchild[p]] = r; 193 | sp->parent[sp->rchild[p]] = r; 194 | if (sp->rchild[sp->parent[p]] == p) 195 | sp->rchild[sp->parent[p]] = r; 196 | else 197 | sp->lchild[sp->parent[p]] = r; 198 | sp->parent[p] = NIL; /* remove p */ 199 | } 200 | 201 | /* deletes node p from tree */ 202 | static void delete_node(struct encode_state *sp, int p) 203 | { 204 | int q; 205 | 206 | if (sp->parent[p] == NIL) 207 | return; /* not in tree */ 208 | if (sp->rchild[p] == NIL) 209 | q = sp->lchild[p]; 210 | else if (sp->lchild[p] == NIL) 211 | q = sp->rchild[p]; 212 | else { 213 | q = sp->lchild[p]; 214 | if (sp->rchild[q] != NIL) { 215 | do { 216 | q = sp->rchild[q]; 217 | } while (sp->rchild[q] != NIL); 218 | sp->rchild[sp->parent[q]] = sp->lchild[q]; 219 | sp->parent[sp->lchild[q]] = sp->parent[q]; 220 | sp->lchild[q] = sp->lchild[p]; 221 | sp->parent[sp->lchild[p]] = q; 222 | } 223 | sp->rchild[q] = sp->rchild[p]; 224 | sp->parent[sp->rchild[p]] = q; 225 | } 226 | sp->parent[q] = sp->parent[p]; 227 | if (sp->rchild[sp->parent[p]] == p) 228 | sp->rchild[sp->parent[p]] = q; 229 | else 230 | sp->lchild[sp->parent[p]] = q; 231 | sp->parent[p] = NIL; 232 | } 233 | 234 | uint8_t * 235 | compress_lzss(uint8_t *dst, uint32_t dstlen, uint8_t *src, uint32_t srcLen) 236 | { 237 | /* Encoding state, mostly tree but some current match stuff */ 238 | struct encode_state *sp; 239 | 240 | int i, c, len, r, s, last_match_length, code_buf_ptr; 241 | uint8_t code_buf[17], mask; 242 | uint8_t *srcend = src + srcLen; 243 | uint8_t *dstend = dst + dstlen; 244 | 245 | /* initialize trees */ 246 | sp = (struct encode_state *) malloc(sizeof(*sp)); 247 | init_state(sp); 248 | 249 | /* 250 | * code_buf[1..16] saves eight units of code, and code_buf[0] works 251 | * as eight flags, "1" representing that the unit is an unencoded 252 | * letter (1 byte), "" a position-and-length pair (2 bytes). 253 | * Thus, eight units require at most 16 bytes of code. 254 | */ 255 | code_buf[0] = 0; 256 | code_buf_ptr = mask = 1; 257 | 258 | /* Clear the buffer with any character that will appear often. */ 259 | s = 0; r = N - F; 260 | 261 | /* Read F bytes into the last F bytes of the buffer */ 262 | for (len = 0; len < F && src < srcend; len++) 263 | sp->text_buf[r + len] = *src++; 264 | if (!len) { 265 | free(sp); 266 | return (void *) 0; /* text of size zero */ 267 | } 268 | /* 269 | * Insert the F strings, each of which begins with one or more 270 | * 'space' characters. Note the order in which these strings are 271 | * inserted. This way, degenerate trees will be less likely to occur. 272 | */ 273 | for (i = 1; i <= F; i++) 274 | insert_node(sp, r - i); 275 | 276 | /* 277 | * Finally, insert the whole string just read. 278 | * The global variables match_length and match_position are set. 279 | */ 280 | insert_node(sp, r); 281 | do { 282 | /* match_length may be spuriously long near the end of text. */ 283 | if (sp->match_length > len) 284 | sp->match_length = len; 285 | if (sp->match_length <= THRESHOLD) { 286 | sp->match_length = 1; /* Not long enough match. Send one byte. */ 287 | code_buf[0] |= mask; /* 'send one byte' flag */ 288 | code_buf[code_buf_ptr++] = sp->text_buf[r]; /* Send uncoded. */ 289 | } else { 290 | /* Send position and length pair. Note match_length > THRESHOLD. */ 291 | code_buf[code_buf_ptr++] = (uint8_t) sp->match_position; 292 | code_buf[code_buf_ptr++] = (uint8_t) 293 | ( ((sp->match_position >> 4) & 0xF0) 294 | | (sp->match_length - (THRESHOLD + 1)) ); 295 | } 296 | if ((mask <<= 1) == 0) { /* Shift mask left one bit. */ 297 | /* Send at most 8 units of code together */ 298 | for (i = 0; i < code_buf_ptr; i++) 299 | if (dst < dstend) 300 | *dst++ = code_buf[i]; 301 | else { 302 | free(sp); 303 | return (void *) 0; 304 | } 305 | code_buf[0] = 0; 306 | code_buf_ptr = mask = 1; 307 | } 308 | last_match_length = sp->match_length; 309 | for (i = 0; i < last_match_length && src < srcend; i++) { 310 | delete_node(sp, s); /* Delete old strings and */ 311 | c = *src++; 312 | sp->text_buf[s] = c; /* read new bytes */ 313 | 314 | /* 315 | * If the position is near the end of buffer, extend the buffer 316 | * to make string comparison easier. 317 | */ 318 | if (s < F - 1) 319 | sp->text_buf[s + N] = c; 320 | 321 | /* Since this is a ring buffer, increment the position modulo N. */ 322 | s = (s + 1) & (N - 1); 323 | r = (r + 1) & (N - 1); 324 | 325 | /* Register the string in text_buf[r..r+F-1] */ 326 | insert_node(sp, r); 327 | } 328 | while (i++ < last_match_length) { 329 | delete_node(sp, s); 330 | 331 | /* After the end of text, no need to read, */ 332 | s = (s + 1) & (N - 1); 333 | r = (r + 1) & (N - 1); 334 | /* but buffer may not be empty. */ 335 | if (--len) 336 | insert_node(sp, r); 337 | } 338 | } while (len > 0); /* until length of string to be processed is zero */ 339 | 340 | if (code_buf_ptr > 1) { /* Send remaining code. */ 341 | for (i = 0; i < code_buf_ptr; i++) 342 | if (dst < dstend) 343 | *dst++ = code_buf[i]; 344 | else { 345 | free(sp); 346 | return (void *) 0; 347 | } 348 | } 349 | 350 | free(sp); 351 | return dst; 352 | } 353 | -------------------------------------------------------------------------------- /libDER/DER_Decode.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005-2012 Apple Inc. All Rights Reserved. 3 | * 4 | * @APPLE_LICENSE_HEADER_START@ 5 | * 6 | * This file contains Original Code and/or Modifications of Original Code 7 | * as defined in and that are subject to the Apple Public Source License 8 | * Version 2.0 (the 'License'). You may not use this file except in 9 | * compliance with the License. Please obtain a copy of the License at 10 | * http://www.opensource.apple.com/apsl/ and read it before using this 11 | * file. 12 | * 13 | * The Original Code and all software distributed under the License are 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 | * Please see the License for the specific language governing rights and 19 | * limitations under the License. 20 | * 21 | * @APPLE_LICENSE_HEADER_END@ 22 | */ 23 | 24 | /* 25 | * DER_Decode.c - DER decoding routines 26 | */ 27 | /* 28 | * NOTICE: This file was modified by xerub to reflect binary code. 29 | */ 30 | 31 | #include 32 | #include 33 | 34 | #include 35 | 36 | #ifndef DER_DECODE_ENABLE 37 | #error Please define DER_DECODE_ENABLE. 38 | #endif 39 | 40 | #if DER_DECODE_ENABLE 41 | 42 | #define DER_DECODE_DEBUG 0 43 | #if DER_DECODE_DEBUG 44 | #include 45 | #define derDecDbg(a) printf(a) 46 | #define derDecDbg1(a, b) printf(a, b) 47 | #define derDecDbg2(a, b, c) printf(a, b, c) 48 | #define derDecDbg3(a, b, c, d) printf(a, b, c, d) 49 | #else 50 | #define derDecDbg(a) 51 | #define derDecDbg1(a, b) 52 | #define derDecDbg2(a, b, c) 53 | #define derDecDbg3(a, b, c, d) 54 | #endif /* DER_DECODE_DEBUG */ 55 | 56 | /* 57 | * Basic decoding primitive. Only works with: 58 | * 59 | * -- definite length encoding 60 | * -- one-byte tags 61 | * -- max content length fits in a DERSize 62 | * 63 | * No malloc or copy of the contents is performed; the returned 64 | * content->content.data is a pointer into the incoming der data. 65 | */ 66 | DERReturn DERDecodeItem( 67 | const DERItem *der, /* data to decode */ 68 | DERDecodedInfo *decoded) /* RETURNED */ 69 | { 70 | return DERDecodeItemPartialBuffer(der, decoded, false); 71 | } 72 | DERReturn DERDecodeItemPartialBuffer( 73 | const DERItem *der, /* data to decode */ 74 | DERDecodedInfo *decoded, /* RETURNED */ 75 | bool partial) 76 | { 77 | DERByte tag1; /* first tag byte */ 78 | DERByte len1; /* first length byte */ 79 | DERTag tagNumber; /* tag number without class and method bits */ 80 | DERByte *derPtr = der->data; 81 | DERSize derLen = der->length; 82 | 83 | /* The tag decoding below is fully BER complient. We support a max tag 84 | value of 2 ^ ((sizeof(DERTag) * 8) - 3) - 1 so for tag size 1 byte we 85 | support tag values from 0 - 0x1F. For tag size 2 tag values 86 | from 0 - 0x1FFF and for tag size 4 values from 0 - 0x1FFFFFFF. */ 87 | if(derLen < 2) { 88 | return DR_DecodeError; 89 | } 90 | /* Grab the first byte of the tag. */ 91 | tag1 = *derPtr++; 92 | derLen--; 93 | tagNumber = tag1 & 0x1F; 94 | if(tagNumber == 0x1F) { 95 | #ifdef DER_MULTIBYTE_TAGS 96 | if (*derPtr == 0x80 || *derPtr < 0x1F) { 97 | return DR_DecodeError; 98 | } 99 | /* Long tag form: bit 8 of each octet shall be set to one unless it is 100 | the last octet of the tag */ 101 | const DERTag overflowMask = ((DERTag)0x7F << (sizeof(DERTag) * 8 - 7)); 102 | DERByte tagByte; 103 | tagNumber = 0; 104 | do { 105 | if(derLen < 2 || (tagNumber & overflowMask) != 0) { 106 | return DR_DecodeError; 107 | } 108 | tagByte = *derPtr++; 109 | derLen--; 110 | tagNumber = (tagNumber << 7) | (tagByte & 0x7F); 111 | } while((tagByte & 0x80) != 0); 112 | 113 | /* Check for any of the top 3 reserved bits being set. */ 114 | if ((tagNumber & (overflowMask << 4)) != 0) 115 | #endif 116 | return DR_DecodeError; 117 | } 118 | /* Returned tag, top 3 bits are class/method remaining bits are number. */ 119 | decoded->tag = ((DERTag)(tag1 & 0xE0) << ((sizeof(DERTag) - 1) * 8)) | tagNumber; 120 | 121 | /* Tag decoding above ensured we have at least one more input byte left. */ 122 | len1 = *derPtr++; 123 | derLen--; 124 | if(len1 & 0x80) { 125 | /* long length form - first byte is length of length */ 126 | DERSize longLen = 0; /* long form length */ 127 | unsigned dex; 128 | 129 | len1 &= 0x7f; 130 | if((len1 > sizeof(DERSize)) || (len1 > derLen) || len1 == 0 || *derPtr == 0) { 131 | /* no can do */ 132 | return DR_DecodeError; 133 | } 134 | for(dex=0; dex derLen && !partial) { 140 | /* not enough data left for this encoding */ 141 | return DR_DecodeError; 142 | } 143 | decoded->content.data = derPtr; 144 | decoded->content.length = longLen; 145 | } 146 | else { 147 | /* short length form, len1 is the length */ 148 | if(len1 > derLen && !partial) { 149 | /* not enough data left for this encoding */ 150 | return DR_DecodeError; 151 | } 152 | decoded->content.data = derPtr; 153 | decoded->content.length = len1; 154 | } 155 | 156 | return DR_Success; 157 | } 158 | 159 | /* 160 | * Given a BIT_STRING, in the form of its raw content bytes, 161 | * obtain the number of unused bits and the raw bit string bytes. 162 | */ 163 | DERReturn DERParseBitString( 164 | const DERItem *contents, 165 | DERItem *bitStringBytes, /* RETURNED */ 166 | DERByte *numUnusedBits) /* RETURNED */ 167 | { 168 | if(contents->length < 2) { 169 | /* not enough room for actual bits after the unused bits field */ 170 | *numUnusedBits = 0; 171 | bitStringBytes->data = NULL; 172 | bitStringBytes->length = 0; 173 | return DR_Success; 174 | } 175 | *numUnusedBits = contents->data[0]; 176 | bitStringBytes->data = contents->data + 1; 177 | bitStringBytes->length = contents->length - 1; 178 | return DR_Success; 179 | } 180 | 181 | /* 182 | * Given a BOOLEAN, in the form of its raw content bytes, 183 | * obtain it's value. 184 | */ 185 | DERReturn DERParseBoolean( 186 | const DERItem *contents, 187 | bool *value) { /* RETURNED */ 188 | if (contents->length != 1 || 189 | (contents->data[0] != 0 && contents->data[0] != 0xFF)) 190 | return DR_DecodeError; 191 | 192 | *value = contents->data[0] != 0; 193 | return DR_Success; 194 | } 195 | 196 | DERReturn DERParseInteger( 197 | const DERItem *contents, 198 | uint32_t *result) { /* RETURNED */ 199 | uint64_t value; 200 | DERReturn drtn = DERParseInteger64(contents, &value); 201 | if (drtn) { 202 | return drtn; 203 | } 204 | if (value >> 32) { 205 | return DR_BufOverflow; 206 | } 207 | *result = value; 208 | return DR_Success; 209 | } 210 | 211 | DERReturn DERParseInteger64( 212 | const DERItem *contents, 213 | uint64_t *result) { /* RETURNED */ 214 | const char *data = (char *)contents->data; 215 | DERSize length = contents->length; 216 | uint64_t value = 0; 217 | 218 | if (length == 0 || data[0] < 0) { 219 | return DR_DecodeError; 220 | } 221 | 222 | if (data[0] == 0) { 223 | if (length >= 2) { 224 | if (data[1] >= 0) { 225 | return DR_DecodeError; 226 | } 227 | if (length > 9) { 228 | return DR_BufOverflow; 229 | } 230 | } 231 | } else if (length > 8) { 232 | return DR_BufOverflow; 233 | } 234 | 235 | while (length--) { 236 | value <<= 8; 237 | value += *(unsigned char *)data++; 238 | } 239 | *result = value; 240 | return DR_Success; 241 | } 242 | 243 | /* Sequence/set support */ 244 | 245 | /* 246 | * To decode a set or sequence, call DERDecodeSeqInit once, then 247 | * call DERDecodeSeqNext to get each enclosed item. 248 | * DERDecodeSeqNext returns DR_EndOfSequence when no more 249 | * items are available. 250 | */ 251 | DERReturn DERDecodeSeqInit( 252 | const DERItem *der, /* data to decode */ 253 | DERTag *tag, /* RETURNED tag of sequence/set. This will be 254 | * either ASN1_CONSTR_SEQUENCE or ASN1_CONSTR_SET. */ 255 | DERSequence *derSeq) /* RETURNED, to use in DERDecodeSeqNext */ 256 | { 257 | DERDecodedInfo decoded; 258 | DERReturn drtn; 259 | 260 | drtn = DERDecodeItem(der, &decoded); 261 | if(drtn) { 262 | return drtn; 263 | } 264 | *tag = decoded.tag; 265 | switch(decoded.tag) { 266 | case ASN1_CONSTR_SEQUENCE: 267 | case ASN1_CONSTR_SET: 268 | break; 269 | default: 270 | return DR_UnexpectedTag; 271 | } 272 | derSeq->nextItem = decoded.content.data; 273 | derSeq->end = decoded.content.data + decoded.content.length; 274 | return DR_Success; 275 | } 276 | 277 | /* 278 | * Use this to start in on decoding a sequence's content, when 279 | * the top-level tag and content have already been decoded. 280 | */ 281 | DERReturn DERDecodeSeqContentInit( 282 | const DERItem *content, 283 | DERSequence *derSeq) /* RETURNED, to use in DERDecodeSeqNext */ 284 | { 285 | /* just prepare for decoding items in content */ 286 | derSeq->nextItem = content->data; 287 | derSeq->end = content->data + content->length; 288 | return DR_Success; 289 | } 290 | 291 | DERReturn DERDecodeSeqNext( 292 | DERSequence *derSeq, 293 | DERDecodedInfo *decoded) /* RETURNED */ 294 | { 295 | DERReturn drtn; 296 | DERItem item; 297 | 298 | if(derSeq->nextItem >= derSeq->end) { 299 | /* normal termination, contents all used up */ 300 | return DR_EndOfSequence; 301 | } 302 | 303 | /* decode next item */ 304 | item.data = derSeq->nextItem; 305 | item.length = derSeq->end - derSeq->nextItem; 306 | drtn = DERDecodeItem(&item, decoded); 307 | if(drtn) { 308 | return drtn; 309 | } 310 | 311 | /* skip over the item we just decoded */ 312 | derSeq->nextItem = decoded->content.data + decoded->content.length; 313 | return DR_Success; 314 | } 315 | 316 | /* 317 | * High level sequence parse, starting with top-level tag and content. 318 | * Top level tag must be ASN1_CONSTR_SEQUENCE - if it's not, and that's 319 | * OK, use DERParseSequenceContent(). 320 | */ 321 | DERReturn DERParseSequence( 322 | const DERItem *der, 323 | DERShort numItems, /* size of itemSpecs[] */ 324 | const DERItemSpec *itemSpecs, 325 | void *dest, /* DERDecodedInfo(s) here RETURNED */ 326 | DERSize sizeToZero) /* optional */ 327 | { 328 | DERReturn drtn; 329 | DERDecodedInfo topDecode; 330 | 331 | drtn = DERDecodeItem(der, &topDecode); 332 | if(drtn) { 333 | return drtn; 334 | } 335 | if(topDecode.tag != ASN1_CONSTR_SEQUENCE) { 336 | return DR_UnexpectedTag; 337 | } 338 | return DERParseSequenceContent(&topDecode.content, 339 | numItems, itemSpecs, dest, sizeToZero); 340 | } 341 | 342 | /* high level sequence parse, starting with sequence's content */ 343 | DERReturn DERParseSequenceContent( 344 | const DERItem *content, 345 | DERShort numItems, /* size of itemSpecs[] */ 346 | const DERItemSpec *itemSpecs, 347 | void *dest, /* DERDecodedInfo(s) here RETURNED */ 348 | DERSize sizeToZero) /* optional */ 349 | { 350 | DERSequence derSeq; 351 | DERReturn drtn; 352 | DERShort itemDex; 353 | DERByte *currDER; /* full DER encoding of current item */ 354 | 355 | if(sizeToZero) { 356 | DERMemset(dest, 0, sizeToZero); 357 | } 358 | 359 | drtn = DERDecodeSeqContentInit(content, &derSeq); 360 | if(drtn) { 361 | return drtn; 362 | } 363 | 364 | /* main loop */ 365 | for(itemDex=0 ; itemDexoptions; 406 | derDecDbg3("--- currItem %u expectTag 0x%x currOptions 0x%x\n", 407 | i, currItemSpec->tag, currOptions); 408 | 409 | if((currOptions & DER_DEC_ASN_ANY) || 410 | (foundTag == currItemSpec->tag)) { 411 | /* 412 | * We're good with this one. Cook up destination address 413 | * as appropriate. 414 | */ 415 | if(!(currOptions & DER_DEC_SKIP)) { 416 | derDecDbg1("--- MATCH at currItem %u\n", i); 417 | DERByte *byteDst = (DERByte *)dest + currItemSpec->offset; 418 | DERItem *dst = (DERItem *)byteDst; 419 | *dst = currDecoded.content; 420 | if(currOptions & DER_DEC_SAVE_DER) { 421 | /* recreate full DER encoding of this item */ 422 | derDecDbg1("--- SAVE_DER at currItem %u\n", i); 423 | dst->data = currDER; 424 | dst->length += (currDecoded.content.data - currDER); 425 | } 426 | } 427 | 428 | /* on to next item */ 429 | itemDex = i + 1; 430 | 431 | /* is this the end? */ 432 | if(itemDex == numItems) { 433 | /* normal termination if we consumed everything */ 434 | if (derSeq.nextItem == derSeq.end) 435 | return DR_Success; 436 | else 437 | return DR_DecodeError; 438 | } 439 | else { 440 | /* on to next item */ 441 | foundMatch = 1; 442 | break; 443 | } 444 | } /* ASN_ANY, or match */ 445 | 446 | /* 447 | * If current itemSpec isn't optional, abort - else on to 448 | * next item 449 | */ 450 | if(!(currOptions & DER_DEC_OPTIONAL)) { 451 | derDecDbg1("--- MISMATCH at currItem %u, !OPTIONAL, abort\n", i); 452 | return DR_UnexpectedTag; 453 | } 454 | 455 | /* else this was optional, on to next item */ 456 | } /* searching for tag match */ 457 | 458 | if(foundMatch == 0) { 459 | /* 460 | * Found an item we couldn't match to any tag spec and we're at 461 | * the end. 462 | */ 463 | derDecDbg("--- TAG NOT FOUND, abort\n"); 464 | return DR_UnexpectedTag; 465 | } 466 | 467 | /* else on to next item */ 468 | } /* main loop */ 469 | 470 | /* 471 | * If we get here, there appears to be more to process, but we've 472 | * given the caller everything they want. 473 | */ 474 | return (derSeq.nextItem == derSeq.end) ? DR_Success : DR_DecodeError; 475 | } 476 | 477 | #if 0 478 | /* 479 | * High level sequence parse, starting with top-level tag and content. 480 | * Top level tag must be ASN1_CONSTR_SEQUENCE - if it's not, and that's 481 | * OK, use DERParseSequenceContent(). 482 | */ 483 | DERReturn DERParseSequenceOf( 484 | const DERItem *der, 485 | DERShort numItems, /* size of itemSpecs[] */ 486 | const DERItemSpec *itemSpecs, 487 | void *dest, /* DERDecodedInfo(s) here RETURNED */ 488 | DERSize *numDestItems) /* output */ 489 | { 490 | DERReturn drtn; 491 | DERDecodedInfo topDecode; 492 | 493 | drtn = DERDecodeItem(der, &topDecode); 494 | if(drtn) { 495 | return drtn; 496 | } 497 | if(topDecode.tag != ASN1_CONSTR_SEQUENCE) { 498 | return DR_UnexpectedTag; 499 | } 500 | return DERParseSequenceContent(&topDecode.content, 501 | numItems, itemSpecs, dest, sizeToZero); 502 | } 503 | 504 | /* 505 | * High level set of parse, starting with top-level tag and content. 506 | * Top level tag must be ASN1_CONSTR_SET - if it's not, and that's 507 | * OK, use DERParseSetOrSequenceOfContent(). 508 | */ 509 | DERReturn DERParseSetOf( 510 | const DERItem *der, 511 | DERShort numItems, /* size of itemSpecs[] */ 512 | const DERItemSpec *itemSpecs, 513 | void *dest, /* DERDecodedInfo(s) here RETURNED */ 514 | DERSize *numDestItems) /* output */ 515 | { 516 | DERReturn drtn; 517 | DERDecodedInfo topDecode; 518 | 519 | drtn = DERDecodeItem(der, &topDecode); 520 | if(drtn) { 521 | return drtn; 522 | } 523 | if(topDecode.tag != ASN1_CONSTR_SET) { 524 | return DR_UnexpectedTag; 525 | } 526 | return DERParseSetOrSequenceOfContent(&topDecode.content, 527 | numItems, itemSpecs, dest, numDestItems); 528 | } 529 | 530 | /* High level set of or sequence of parse, starting with set or 531 | sequence's content */ 532 | DERReturn DERParseSetOrSequenceOfContent( 533 | const DERItem *content, 534 | void(*itemHandeler)(void *, const DERDecodedInfo *) 535 | void *itemHandelerContext); 536 | { 537 | DERSequence derSeq; 538 | DERShort itemDex; 539 | 540 | drtn = DERDecodeSeqContentInit(content, &derSeq); 541 | require_noerr_quiet(drtn, badCert); 542 | 543 | /* main loop */ 544 | for (;;) { 545 | DERDecodedInfo currDecoded; 546 | DERShort i; 547 | DERByte foundTag; 548 | char foundMatch = 0; 549 | 550 | drtn = DERDecodeSeqNext(&derSeq, &currDecoded); 551 | if(drtn) { 552 | /* The only legal error here is DR_EndOfSequence. */ 553 | if(drtn == DR_EndOfSequence) { 554 | /* no more items left in the sequence; success */ 555 | return DR_Success; 556 | } 557 | else { 558 | /* any other error is fatal */ 559 | require_noerr_quiet(drtn, badCert); 560 | } 561 | } /* decode error */ 562 | 563 | /* Each element can be anything. */ 564 | foundTag = currDecoded.tag; 565 | 566 | /* 567 | * We're good with this one. Cook up destination address 568 | * as appropriate. 569 | */ 570 | DERByte *byteDst = (DERByte *)dest + currItemSpec->offset; 571 | DERItem *dst = (DERItem *)byteDst; 572 | *dst = currDecoded.content; 573 | if(currOptions & DER_DEC_SAVE_DER) { 574 | /* recreate full DER encoding of this item */ 575 | derDecDbg1("--- SAVE_DER at currItem %u\n", i); 576 | dst->data = currDER; 577 | dst->length += (currDecoded.content.data - currDER); 578 | } 579 | 580 | /* on to next item */ 581 | itemDex = i + 1; 582 | 583 | /* is this the end? */ 584 | if(itemDex == numItems) { 585 | /* normal termination */ 586 | return DR_Success; 587 | } 588 | else { 589 | /* on to next item */ 590 | foundMatch = 1; 591 | break; 592 | } 593 | 594 | /* 595 | * If current itemSpec isn't optional, abort - else on to 596 | * next item 597 | */ 598 | if(!(currOptions & DER_DEC_OPTIONAL)) { 599 | derDecDbg1("--- MISMATCH at currItem %u, !OPTIONAL, abort\n", i); 600 | return DR_UnexpectedTag; 601 | } 602 | 603 | /* else this was optional, on to next item */ 604 | } /* searching for tag match */ 605 | 606 | if(foundMatch == 0) { 607 | /* 608 | * Found an item we couldn't match to any tag spec and we're at 609 | * the end. 610 | */ 611 | derDecDbg("--- TAG NOT FOUND, abort\n"); 612 | return DR_UnexpectedTag; 613 | } 614 | 615 | /* else on to next item */ 616 | } /* main loop */ 617 | 618 | /* 619 | * If we get here, there appears to be more to process, but we've 620 | * given the caller everything they want. 621 | */ 622 | return DR_Success; 623 | } 624 | } 625 | #endif 626 | 627 | #endif /* DER_DECODE_ENABLE */ 628 | -------------------------------------------------------------------------------- /img4.c: -------------------------------------------------------------------------------- 1 | /* 2 | * img4 tool 3 | * xerub 2015 4 | */ 5 | 6 | 7 | #include 8 | #include 9 | #include 10 | #ifdef USE_CORECRYPTO 11 | #include 12 | #include 13 | #else 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #endif 20 | #include 21 | #include 22 | #include 23 | #include "validate_ca.h" 24 | 25 | #define E000000000000000 (ASN1_CONSTRUCTED | ASN1_PRIVATE) 26 | 27 | #define IS_EQUAL(a, b) ((a).length == (b).length && !memcmp((a).data, (b).data, (a).length)) 28 | 29 | #define FOURCC(tag) (unsigned char)((tag) >> 24), (unsigned char)((tag) >> 16), (unsigned char)((tag) >> 8), (unsigned char)(tag) 30 | 31 | #define RESERVE_DIGEST_SPACE 20 32 | 33 | #define panic(fn, args...) do { fprintf(stderr, fn args); exit(1); } while (0) 34 | 35 | #ifdef iOS10 36 | #include "lzfse.h" 37 | #endif 38 | 39 | typedef enum { 40 | DictMANP, 41 | DictOBJP 42 | } DictType; 43 | 44 | typedef struct { 45 | DERItem item; 46 | DERTag tag; 47 | } DERMonster; 48 | 49 | typedef struct { 50 | DERItem magic; // "IM4P" 51 | DERItem type; // "illb" 52 | DERItem version; // "iBoot-2261.3.33" 53 | DERItem imageData; 54 | DERItem keybag; 55 | #ifdef iOS10 56 | DERItem compression; 57 | #endif 58 | DERByte full_digest[RESERVE_DIGEST_SPACE]; 59 | } TheImg4Payload; 60 | 61 | typedef struct { 62 | DERItem magic; // "IM4M" 63 | DERItem version; // 0 64 | DERItem theset; // MANB + MANP 65 | DERItem sig_blob; // RSA 66 | DERItem chain_blob; // cert chain 67 | DERItem img4_blob; 68 | DERByte full_digest[RESERVE_DIGEST_SPACE]; 69 | DERByte theset_digest[RESERVE_DIGEST_SPACE]; 70 | } TheImg4Manifest; 71 | 72 | typedef struct { 73 | DERItem magic; // "IM4R" 74 | DERItem nonce; 75 | } TheImg4RestoreInfo; 76 | 77 | typedef struct { 78 | bool payloadHashed; 79 | bool manifestHashed; 80 | DERItem payloadRaw; 81 | DERItem manifestRaw; 82 | DERItem manb; 83 | DERItem manp; 84 | DERItem objp; 85 | TheImg4Payload payload; 86 | TheImg4Manifest manifest; 87 | TheImg4RestoreInfo restoreInfo; 88 | } TheImg4; 89 | 90 | const DERItemSpec DERImg4ItemSpecs[4] = { 91 | { 0 * sizeof(DERItem), ASN1_IA5_STRING, 0 }, // "IMG4" 92 | { 1 * sizeof(DERItem), ASN1_CONSTR_SEQUENCE, DER_DEC_SAVE_DER }, // SEQUENCE(payload) 93 | { 2 * sizeof(DERItem), ASN1_CONSTRUCTED|ASN1_CONTEXT_SPECIFIC | 0, DER_DEC_OPTIONAL }, // CONS(SEQUENCE(manifest)) 94 | { 3 * sizeof(DERItem), ASN1_CONSTRUCTED|ASN1_CONTEXT_SPECIFIC | 1, DER_DEC_OPTIONAL } // CONS(SEQUENCE(restoreInfo)) 95 | }; 96 | 97 | #ifdef iOS10 98 | const DERItemSpec DERImg4PayloadItemSpecs[6] = { 99 | { 0 * sizeof(DERItem), ASN1_IA5_STRING, 0 }, // "IM4P" 100 | { 1 * sizeof(DERItem), ASN1_IA5_STRING, 0 }, // "illb" 101 | { 2 * sizeof(DERItem), ASN1_IA5_STRING, 0 }, // "iBoot-2261.3.33" 102 | { 3 * sizeof(DERItem), ASN1_OCTET_STRING, 0 }, // binary data 103 | { 4 * sizeof(DERItem), ASN1_OCTET_STRING, DER_DEC_OPTIONAL }, // keybag 104 | { 5 * sizeof(DERItem), ASN1_CONSTR_SEQUENCE, DER_DEC_OPTIONAL } // iOS10 compression info 105 | }; 106 | #else 107 | const DERItemSpec DERImg4PayloadItemSpecs[5] = { 108 | { 0 * sizeof(DERItem), ASN1_IA5_STRING, 0 }, // "IM4P" 109 | { 1 * sizeof(DERItem), ASN1_IA5_STRING, 0 }, // "illb" 110 | { 2 * sizeof(DERItem), ASN1_IA5_STRING, 0 }, // "iBoot-2261.3.33" 111 | { 3 * sizeof(DERItem), ASN1_OCTET_STRING, 0 }, // binary data 112 | { 4 * sizeof(DERItem), ASN1_OCTET_STRING, DER_DEC_OPTIONAL } // keybag 113 | }; 114 | #endif 115 | 116 | const DERItemSpec DERImg4ManifestItemSpecs[5] = { 117 | { 0 * sizeof(DERItem), ASN1_IA5_STRING, 0 }, // "IM4M" 118 | { 1 * sizeof(DERItem), ASN1_INTEGER, 0 }, // 0 119 | { 2 * sizeof(DERItem), ASN1_CONSTR_SET, DER_DEC_SAVE_DER }, // SET(things) 120 | { 3 * sizeof(DERItem), ASN1_OCTET_STRING, 0 }, // RSA 121 | { 4 * sizeof(DERItem), ASN1_CONSTR_SEQUENCE, 0 } // chain 122 | }; 123 | 124 | const DERItemSpec DERImg4RestoreInfoItemSpecs[2] = { 125 | { 0 * sizeof(DERItem), ASN1_IA5_STRING, 0 }, // "IM4R" 126 | { 1 * sizeof(DERItem), ASN1_CONSTR_SET, 0 } // SET(nonce) 127 | }; 128 | 129 | const DERItemSpec DERSignedCertCrlItemSpecs[3] = { 130 | { 0 * sizeof(DERItem), ASN1_CONSTR_SEQUENCE, DER_DEC_SAVE_DER }, 131 | { 1 * sizeof(DERItem), ASN1_CONSTR_SEQUENCE, 0 }, 132 | { 2 * sizeof(DERItem), ASN1_BIT_STRING, 0 } 133 | }; 134 | 135 | const DERItemSpec DERTBSCertItemSpecs[10] = { 136 | { 0 * sizeof(DERItem), ASN1_CONSTRUCTED|ASN1_CONTEXT_SPECIFIC | 0, DER_DEC_OPTIONAL }, 137 | { 1 * sizeof(DERItem), ASN1_INTEGER, 0 }, 138 | { 2 * sizeof(DERItem), ASN1_CONSTR_SEQUENCE, 0 }, 139 | { 3 * sizeof(DERItem), ASN1_CONSTR_SEQUENCE, 0 }, 140 | { 4 * sizeof(DERItem), ASN1_CONSTR_SEQUENCE, 0 }, 141 | { 5 * sizeof(DERItem), ASN1_CONSTR_SEQUENCE, 0 }, 142 | { 6 * sizeof(DERItem), ASN1_CONSTR_SEQUENCE, 0 }, 143 | { 7 * sizeof(DERItem), ASN1_CONTEXT_SPECIFIC | 1, DER_DEC_OPTIONAL }, 144 | { 8 * sizeof(DERItem), ASN1_CONTEXT_SPECIFIC | 2, DER_DEC_OPTIONAL }, 145 | { 9 * sizeof(DERItem), ASN1_CONSTRUCTED|ASN1_CONTEXT_SPECIFIC | 3, DER_DEC_OPTIONAL } 146 | }; 147 | 148 | const DERItemSpec DERAttributeTypeAndValueItemSpecs[2] = { 149 | { 0 * sizeof(DERItem), ASN1_OBJECT_ID, 0 }, 150 | { 1 * sizeof(DERItem), 0, DER_DEC_ASN_ANY | DER_DEC_SAVE_DER } 151 | }; 152 | 153 | const DERItemSpec DERExtensionItemSpecs[3] = { 154 | { 0 * sizeof(DERItem), ASN1_OBJECT_ID, 0 }, 155 | { 1 * sizeof(DERItem), ASN1_BOOLEAN, DER_DEC_OPTIONAL }, 156 | { 2 * sizeof(DERItem), ASN1_OCTET_STRING, 0 } 157 | }; 158 | 159 | const DERItemSpec DERAlgorithmIdItemSpecs[2] = { 160 | { 0 * sizeof(DERItem), ASN1_OBJECT_ID, 0 }, 161 | { 1 * sizeof(DERItem), 0, DER_DEC_OPTIONAL | DER_DEC_ASN_ANY | DER_DEC_SAVE_DER } 162 | }; 163 | 164 | const DERItemSpec DERSubjPubKeyInfoItemSpecs[2] = { 165 | { 0 * sizeof(DERItem), ASN1_CONSTR_SEQUENCE, 0 }, 166 | { 1 * sizeof(DERItem), ASN1_BIT_STRING, 0 } 167 | }; 168 | 169 | const DERItemSpec DERRSAPubKeyPKCS1ItemSpecs[2] = { 170 | { 0 * sizeof(DERItem), ASN1_INTEGER, 0x100 }, 171 | { 1 * sizeof(DERItem), ASN1_INTEGER, 0x100 } 172 | }; 173 | 174 | const DERByte _oidAppleImg4ManifestCertSpec[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x63, 0x64, 6, 1, 0xF }; 175 | const DERItem oidAppleImg4ManifestCertSpec = { (DERByte *)_oidAppleImg4ManifestCertSpec, sizeof(_oidAppleImg4ManifestCertSpec) }; 176 | 177 | const DERItem AppleSecureBootCA = { (DERByte *)"\x13)Apple Secure Boot Certification Authority", 0x2B }; 178 | 179 | /*****************************************************************************/ 180 | 181 | int 182 | DERImg4DecodeFindInSequence(unsigned char *a1, unsigned char *a2, DERTag tag, DERItem *a5) 183 | { 184 | DERDecodedInfo currDecoded; 185 | DERSequence derSeq; 186 | 187 | derSeq.nextItem = a1; 188 | derSeq.end = a2; 189 | 190 | do { 191 | int rv = DERDecodeSeqNext(&derSeq, &currDecoded); 192 | if (rv) { 193 | return rv; 194 | } 195 | } while (currDecoded.tag != tag); 196 | 197 | *a5 = currDecoded.content; 198 | return 0; 199 | } 200 | 201 | int 202 | DERImg4DecodeContentFindItemWithTag(const DERItem *a1, DERTag tag, DERItem *a4) 203 | { 204 | int rv; 205 | DERSequence derSeq; 206 | 207 | rv = DERDecodeSeqContentInit(a1, &derSeq); 208 | if (rv) { 209 | return rv; 210 | } 211 | return DERImg4DecodeFindInSequence(derSeq.nextItem, derSeq.end, tag, a4); 212 | } 213 | 214 | int 215 | DERImg4DecodeTagCompare(const DERItem *a1, uint32_t nameTag) 216 | { 217 | uint32_t var_14; 218 | 219 | if (a1->length < 4) { 220 | return -1; 221 | } 222 | if (a1->length > 4) { 223 | return 1; 224 | } 225 | 226 | if (DERParseInteger(a1, &var_14)) { 227 | return -2; 228 | } 229 | 230 | if (var_14 < nameTag) { 231 | return -1; 232 | } 233 | if (var_14 > nameTag) { 234 | return 1; 235 | } 236 | return 0; 237 | } 238 | 239 | int 240 | DERImg4Decode(const DERItem *a1, DERItem *a2) 241 | { 242 | int rv; 243 | DERDecodedInfo var_38; 244 | 245 | if (a1 == NULL || a2 == NULL) { 246 | return DR_ParamErr; 247 | } 248 | 249 | rv = DERDecodeItem(a1, &var_38); 250 | if (rv) { 251 | return rv; 252 | } 253 | 254 | if (var_38.tag != ASN1_CONSTR_SEQUENCE) { 255 | return DR_UnexpectedTag; 256 | } 257 | 258 | if (a1->data + a1->length != var_38.content.data + var_38.content.length) { 259 | return DR_BufOverflow; 260 | } 261 | 262 | rv = DERParseSequenceContent(&var_38.content, 4, DERImg4ItemSpecs, a2, 0); 263 | if (rv) { 264 | return rv; 265 | } 266 | 267 | if (DERImg4DecodeTagCompare(a2, 'IMG4')) { 268 | return DR_UnexpectedTag; 269 | } 270 | 271 | return 0; 272 | } 273 | 274 | int 275 | DERImg4DecodePayload(const DERItem *a1, TheImg4Payload *a2) 276 | { 277 | int rv; 278 | 279 | if (a1 == NULL || a2 == NULL) { 280 | return DR_ParamErr; 281 | } 282 | 283 | #ifdef iOS10 284 | rv = DERParseSequence(a1, 6, DERImg4PayloadItemSpecs, a2, 0); 285 | #else 286 | rv = DERParseSequence(a1, 5, DERImg4PayloadItemSpecs, a2, 0); 287 | #endif 288 | if (rv) { 289 | return rv; 290 | } 291 | 292 | if (DERImg4DecodeTagCompare(&a2->magic, 'IM4P')) { 293 | return DR_UnexpectedTag; 294 | } 295 | 296 | return 0; 297 | } 298 | 299 | int 300 | DERImg4DecodeManifest(const DERItem *a1, TheImg4Manifest *a2) 301 | { 302 | int rv; 303 | uint32_t var_14; 304 | 305 | if (a1 == NULL || a2 == NULL) { 306 | return DR_ParamErr; 307 | } 308 | if (a1->data == NULL || a1->length == 0) { 309 | return 0; 310 | } 311 | 312 | rv = DERParseSequence(a1, 5, DERImg4ManifestItemSpecs, a2, 0); 313 | if (rv) { 314 | return rv; 315 | } 316 | 317 | if (DERImg4DecodeTagCompare(&a2->magic, 'IM4M')) { 318 | return DR_UnexpectedTag; 319 | } 320 | 321 | rv = DERParseInteger(&a2->version, &var_14); 322 | if (rv) { 323 | return rv; 324 | } 325 | 326 | if (var_14) { 327 | return DR_UnexpectedTag; 328 | } 329 | return 0; 330 | } 331 | 332 | int 333 | DERImg4DecodeRestoreInfo(const DERItem *a1, TheImg4RestoreInfo *a2) 334 | { 335 | int rv; 336 | 337 | if (a1 == NULL) { 338 | return 0; 339 | } 340 | if (a2 == NULL) { 341 | return DR_ParamErr; 342 | } 343 | if (a1->data == NULL || a1->length == 0) { 344 | return 0; 345 | } 346 | 347 | rv = DERParseSequence(a1, 2, DERImg4RestoreInfoItemSpecs, a2, 0); 348 | if (rv) { 349 | return rv; 350 | } 351 | 352 | if (DERImg4DecodeTagCompare(&a2->magic, 'IM4R')) { 353 | return DR_UnexpectedTag; 354 | } 355 | 356 | return 0; 357 | } 358 | 359 | int 360 | DERImg4DecodeFindProperty(const DERItem *a1, DERTag etag, DERTag atag, DERMonster *dest) 361 | { 362 | int rv; 363 | DERItemSpec var_70[2]; 364 | uint32_t var_3C; 365 | DERItem var_38; 366 | 367 | rv = DERImg4DecodeContentFindItemWithTag(a1, etag, &var_38); 368 | if (rv) { 369 | return rv; 370 | } 371 | 372 | var_70[0].offset = 0; 373 | var_70[0].tag = ASN1_IA5_STRING; 374 | var_70[0].options = 0; 375 | var_70[1].offset = sizeof(DERMonster); 376 | var_70[1].tag = atag; 377 | var_70[1].options = 0; 378 | 379 | rv = DERParseSequence(&var_38, 2, var_70, dest, 0); 380 | if (rv) { 381 | return rv; 382 | } 383 | 384 | rv = DERParseInteger(&dest[0].item, &var_3C); 385 | if (rv) { 386 | return rv; 387 | } 388 | 389 | if ((E000000000000000 | var_3C) != etag) { 390 | return DR_UnexpectedTag; 391 | } 392 | 393 | dest[0].tag = etag | E000000000000000; 394 | dest[1].tag = atag; 395 | return 0; 396 | } 397 | 398 | int 399 | Img4DecodeGetPayload(TheImg4 *img4, DERItem *a2) 400 | { 401 | if (img4 == NULL || a2 == NULL) { 402 | return DR_ParamErr; 403 | } 404 | if (img4->payload.imageData.data == NULL || img4->payload.imageData.length == 0) { 405 | return DR_EndOfSequence; 406 | } 407 | *a2 = img4->payload.imageData; 408 | return 0; 409 | } 410 | 411 | int 412 | Img4DecodeGetPayloadType(TheImg4 *img4, unsigned int *a2) 413 | { 414 | if (img4 == NULL || a2 == NULL) { 415 | return DR_ParamErr; 416 | } 417 | if (img4->payload.imageData.data == NULL || img4->payload.imageData.length == 0) { 418 | return DR_EndOfSequence; 419 | } 420 | return DERParseInteger(&img4->payload.type, a2); 421 | } 422 | 423 | int 424 | Img4DecodeGetPayloadKeybag(TheImg4 *img4, DERItem *a2) 425 | { 426 | if (img4 == NULL || a2 == NULL) { 427 | return DR_ParamErr; 428 | } 429 | if (img4->payload.imageData.data == NULL || img4->payload.imageData.length == 0) { 430 | return DR_EndOfSequence; 431 | } 432 | *a2 = img4->payload.keybag; 433 | return 0; 434 | } 435 | 436 | int 437 | Img4DecodeManifestExists(TheImg4 *img4, bool *exists) 438 | { 439 | if (img4 == NULL || exists == NULL) { 440 | return DR_ParamErr; 441 | } 442 | *exists = (img4->manifestRaw.data != NULL); 443 | return 0; 444 | } 445 | 446 | int 447 | Img4DecodeGetRestoreInfoNonce(TheImg4 *img4, DERTag etag, DERTag atag, DERMonster *dest) 448 | { 449 | if (img4 == NULL || dest == NULL) { 450 | return DR_ParamErr; 451 | } 452 | if (img4->restoreInfo.nonce.data == NULL || img4->restoreInfo.nonce.length == 0) { 453 | return 0; 454 | } 455 | return DERImg4DecodeFindProperty(&img4->restoreInfo.nonce, etag, atag, dest); 456 | } 457 | 458 | int 459 | Img4DecodeGetRestoreInfoData(TheImg4 *img4, DERTag tag, DERByte **a4, DERSize *a5) 460 | { 461 | int rv; 462 | DERMonster var_40[2]; 463 | 464 | if (img4 == NULL || a4 == NULL || a5 == NULL) { 465 | return DR_ParamErr; 466 | } 467 | rv = Img4DecodeGetRestoreInfoNonce(img4, E000000000000000 | tag, ASN1_OCTET_STRING, var_40); 468 | if (rv) { 469 | return rv; 470 | } 471 | *a4 = var_40[1].item.data; 472 | *a5 = var_40[1].item.length; 473 | return 0; 474 | } 475 | 476 | int 477 | Img4DecodeInit(DERByte *data, DERSize length, TheImg4 *img4) 478 | { 479 | int rv; 480 | DERItem var_70[4]; 481 | DERItem var_30; 482 | 483 | if (data == NULL || img4 == NULL) { 484 | return DR_ParamErr; 485 | } 486 | 487 | var_30.data = data; 488 | var_30.length = length; 489 | 490 | memset(var_70, 0, sizeof(var_70)); 491 | memset(img4, 0, sizeof(TheImg4)); 492 | 493 | rv = DERImg4Decode(&var_30, var_70); 494 | if (rv) { 495 | return rv; 496 | } 497 | rv = DERImg4DecodePayload(&var_70[1], &img4->payload); 498 | if (rv) { 499 | return rv; 500 | } 501 | rv = DERImg4DecodeManifest(&var_70[2], &img4->manifest); 502 | if (rv) { 503 | return rv; 504 | } 505 | rv = DERImg4DecodeRestoreInfo(&var_70[3], &img4->restoreInfo); 506 | if (rv) { 507 | return rv; 508 | } 509 | 510 | img4->payloadRaw = var_70[1]; 511 | img4->manifestRaw = var_70[2]; 512 | return 0; 513 | } 514 | 515 | #include 516 | #include 517 | #include 518 | #include 519 | #include 520 | #include 521 | #include 522 | #ifdef USE_CORECRYPTO 523 | #include 524 | #else 525 | #include 526 | #endif 527 | #define DWORD_BE(data, offset) __builtin_bswap32(*(uint32_t *)((char *)(data) + (offset))) 528 | #include "lzss.c" 529 | 530 | #define OUTSET(ptr) do { if (outdup) { free(output); } output = ptr; outdup = 1; } while (0) 531 | 532 | static unsigned char * 533 | read_file(const char *filename, off_t off, size_t *size) 534 | { 535 | int fd; 536 | size_t rv, sz; 537 | struct stat st; 538 | unsigned char *buf; 539 | 540 | fd = open(filename, O_RDONLY); 541 | if (fd < 0) { 542 | return NULL; 543 | } 544 | 545 | rv = fstat(fd, &st); 546 | if (rv) { 547 | close(fd); 548 | return NULL; 549 | } 550 | 551 | if (off > st.st_size) { 552 | off = st.st_size; 553 | } 554 | sz = st.st_size - off; 555 | 556 | buf = malloc(sz); 557 | if (buf == NULL) { 558 | close(fd); 559 | return NULL; 560 | } 561 | 562 | rv = read(fd, buf, sz); 563 | close(fd); 564 | 565 | if (rv != sz) { 566 | free(buf); 567 | return NULL; 568 | } 569 | 570 | if (size != NULL) { 571 | *size = sz; 572 | } 573 | return buf; 574 | } 575 | 576 | static ssize_t 577 | write_file(const char *filename, void *buf, size_t size) 578 | { 579 | ssize_t rv; 580 | int fd = creat(filename, 0644); 581 | if (fd < 0) { 582 | return -1; 583 | } 584 | rv = write(fd, buf, size); 585 | close(fd); 586 | return rv; 587 | } 588 | 589 | static int 590 | str2hex(int buflen, unsigned char *buf, const char *str) 591 | { 592 | unsigned char *ptr = buf; 593 | int seq = -1; 594 | while (buflen > 0) { 595 | int nibble = *str++; 596 | if (nibble >= '0' && nibble <= '9') { 597 | nibble -= '0'; 598 | } else { 599 | nibble |= 0x20; 600 | if (nibble < 'a' || nibble > 'f') { 601 | break; 602 | } 603 | nibble -= 'a' - 10; 604 | } 605 | if (seq >= 0) { 606 | *buf++ = (seq << 4) | nibble; 607 | buflen--; 608 | seq = -1; 609 | } else { 610 | seq = nibble; 611 | } 612 | } 613 | return buf - ptr; 614 | } 615 | 616 | static TheImg4 * 617 | parse(unsigned char *data, unsigned length) 618 | { 619 | int rv; 620 | TheImg4 *img4; 621 | 622 | img4 = malloc(sizeof(TheImg4)); 623 | if (!img4) { 624 | return NULL; 625 | } 626 | memset(img4, 0, sizeof(TheImg4)); 627 | 628 | rv = Img4DecodeInit(data, length, img4); 629 | if (rv) { 630 | DERItem item; 631 | item.data = data; 632 | item.length = length; 633 | rv = DERImg4DecodePayload(&item, &img4->payload); 634 | } 635 | if (rv) { 636 | free(img4); 637 | return NULL; 638 | } 639 | 640 | return img4; 641 | } 642 | 643 | int 644 | main(int argc, char **argv) 645 | { 646 | int rv; 647 | const char *what; 648 | const char *filename; 649 | const char *outname; 650 | 651 | TheImg4 *img4; 652 | unsigned type; 653 | unsigned written; 654 | unsigned char ivkey[16 + 32]; 655 | unsigned char *iv = NULL, *key = NULL; 656 | unsigned char *output = NULL; 657 | unsigned outlen = 0; 658 | int outdup = 0; 659 | 660 | DERItem item; 661 | unsigned char *data; 662 | size_t size; 663 | 664 | if (argc < 4) { 665 | fprintf(stderr, "usage: %s {-image|-extra|-keybag|-ticket} input output [ivkey]\n", argv[0]); 666 | return 1; 667 | } 668 | 669 | what = argv[1]; 670 | filename = argv[2]; 671 | outname = argv[3]; 672 | if (argc > 4) { 673 | rv = str2hex(sizeof(ivkey), ivkey, argv[4]); 674 | if (rv == sizeof(ivkey)) { 675 | iv = ivkey; 676 | key = ivkey + 16; 677 | } 678 | } 679 | 680 | data = read_file(filename, 0, &size); 681 | if (data == NULL) { 682 | fprintf(stderr, "[e] cannot read '%s'\n", filename); 683 | return -1; 684 | } 685 | 686 | img4 = parse(data, size); 687 | if (!img4) { 688 | fprintf(stderr, "[e] cannot parse '%s'\n", filename); 689 | free(data); 690 | return -1; 691 | } 692 | 693 | rv = Img4DecodeGetPayloadType(img4, &type); 694 | if (rv) { 695 | fprintf(stderr, "[e] cannot identify '%s'\n", filename); 696 | goto err; 697 | } 698 | printf("%c%c%c%c\n", FOURCC(type)); 699 | 700 | if (!strncmp(what, "-i", 2) || !strncmp(what, "-e", 2)) { 701 | int decompress; 702 | 703 | rv = Img4DecodeGetPayload(img4, &item); 704 | if (rv) { 705 | fprintf(stderr, "[e] cannot extract payload from '%s'\n", filename); 706 | goto err; 707 | } 708 | output = item.data; 709 | outlen = item.length; 710 | 711 | if (iv && key) { 712 | if (outlen & 15) { 713 | unsigned usize = (outlen + 15) & ~15; 714 | unsigned char *tmp = calloc(1, usize); 715 | if (!tmp) { 716 | fprintf(stderr, "[e] out of memory %u\n", usize); 717 | goto err; 718 | } 719 | memcpy(tmp, output, outlen); 720 | OUTSET(tmp); 721 | } 722 | 723 | rv = Img4DecodeGetPayloadKeybag(img4, &item); 724 | if (rv || item.length == 0) { 725 | fprintf(stderr, "[w] image '%s' has no keybag\n", filename); 726 | } 727 | #ifdef USE_CORECRYPTO 728 | cccbc_one_shot(ccaes_cbc_decrypt_mode(), 32, key, iv, (outlen + 15) / 16, output, output); 729 | #else 730 | AES_KEY decryptKey; 731 | AES_set_decrypt_key(key, 256, &decryptKey); 732 | AES_cbc_encrypt(output, output, (outlen + 15) & ~15, &decryptKey, iv, AES_DECRYPT); 733 | #endif 734 | } 735 | 736 | #ifdef iOS10 737 | if (img4->payload.compression.data && img4->payload.compression.length) { 738 | DERItem tmp[2]; 739 | uint32_t deco = 0; 740 | uint64_t usize = 0; 741 | /* XXX ugly hack: reuse DERRSAPubKeyPKCS1ItemSpecs */ 742 | if (DERParseSequenceContent(&img4->payload.compression, 2, DERRSAPubKeyPKCS1ItemSpecs, tmp, 0) || 743 | DERParseInteger(&tmp[0], &deco) || DERParseInteger64(&tmp[1], &usize)) { 744 | fprintf(stderr, "[e] cannot get decompression info\n"); 745 | goto err; 746 | } 747 | if (deco == 1 && what[1] == 'i') { 748 | size_t asize = lzfse_decode_scratch_size(); 749 | unsigned char *dec, *aux = malloc(asize); 750 | if (!aux) { 751 | fprintf(stderr, "[e] out of memory %zu\n", asize); 752 | goto err; 753 | } 754 | dec = malloc(usize + 1); 755 | if (!dec) { 756 | fprintf(stderr, "[e] out of memory %llu\n", usize + 1); 757 | free(aux); 758 | goto err; 759 | } 760 | outlen = lzfse_decode_buffer(dec, usize + 1, output, outlen, aux); 761 | free(aux); 762 | if (outlen != usize) { 763 | fprintf(stderr, "[e] decompression error\n"); 764 | free(dec); 765 | goto err; 766 | } 767 | OUTSET(dec); 768 | } 769 | } 770 | #endif 771 | decompress = (DWORD_BE(output, 0) == 'comp' && DWORD_BE(output, 4) == 'lzss'); 772 | if (decompress && what[1] == 'i') { 773 | uint32_t csize = DWORD_BE(output, 16); 774 | uint32_t usize = DWORD_BE(output, 12); 775 | uint32_t adler = DWORD_BE(output, 8); 776 | unsigned char *dec = malloc(usize); 777 | if (outlen > 0x180 + csize) { 778 | fprintf(stderr, "[i] extra 0x%x bytes after compressed chunk\n", outlen - 0x180 - csize); 779 | } 780 | if (!dec) { 781 | fprintf(stderr, "[e] out of memory %u\n", usize); 782 | goto err; 783 | } 784 | outlen = decompress_lzss(dec, output + 0x180, csize); 785 | if (adler != lzadler32(dec, outlen)) { 786 | fprintf(stderr, "[w] adler32 mismatch\n"); 787 | } 788 | OUTSET(dec); 789 | } else if (decompress) { 790 | uint32_t csize = DWORD_BE(output, 16); 791 | uint32_t usize = outlen - 0x180 - csize; 792 | if (outlen > 0x180 + csize) { 793 | unsigned char *dec = malloc(usize); 794 | if (!dec) { 795 | fprintf(stderr, "[e] out of memory %u\n", usize); 796 | goto err; 797 | } 798 | memcpy(dec, output + 0x180 + csize, usize); 799 | outlen = usize; 800 | OUTSET(dec); 801 | } else { 802 | OUTSET(NULL); 803 | } 804 | } else if (what[1] == 'e') { 805 | OUTSET(NULL); 806 | } 807 | if (!output) { 808 | fprintf(stderr, "[e] nothing to do\n"); 809 | goto err; 810 | } 811 | } 812 | if (!strncmp(what, "-k", 2)) { 813 | rv = Img4DecodeGetPayloadKeybag(img4, &item); 814 | if (rv == 0 && item.length) { 815 | output = item.data; 816 | outlen = item.length; 817 | } else { 818 | fprintf(stderr, "[e] image '%s' has no keybag\n", filename); 819 | goto err; 820 | } 821 | } 822 | if (!strncmp(what, "-t", 2)) { 823 | bool exists = false; 824 | rv = Img4DecodeManifestExists(img4, &exists); 825 | if (rv == 0 && exists) { 826 | output = img4->manifestRaw.data; 827 | outlen = img4->manifestRaw.length; 828 | } else { 829 | fprintf(stderr, "[e] image '%s' has no ticket\n", filename); 830 | goto err; 831 | } 832 | } 833 | 834 | written = write_file(outname, output, outlen); 835 | if (written != outlen) { 836 | fprintf(stderr, "[e] cannot write '%s'\n", outname); 837 | goto err; 838 | } 839 | 840 | rv = 0; 841 | out: 842 | if (outdup) { 843 | free(output); 844 | } 845 | free(img4); 846 | free(data); 847 | return rv; 848 | 849 | err: 850 | rv = -1; 851 | goto out; 852 | } 853 | -------------------------------------------------------------------------------- /libDER/oids.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2005-2009,2011-2014 Apple Inc. All Rights Reserved. 3 | * 4 | * @APPLE_LICENSE_HEADER_START@ 5 | * 6 | * This file contains Original Code and/or Modifications of Original Code 7 | * as defined in and that are subject to the Apple Public Source License 8 | * Version 2.0 (the 'License'). You may not use this file except in 9 | * compliance with the License. Please obtain a copy of the License at 10 | * http://www.opensource.apple.com/apsl/ and read it before using this 11 | * file. 12 | * 13 | * The Original Code and all software distributed under the License are 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 | * Please see the License for the specific language governing rights and 19 | * limitations under the License. 20 | * 21 | * @APPLE_LICENSE_HEADER_END@ 22 | */ 23 | 24 | 25 | /* 26 | * oids.c - OID consts 27 | * 28 | */ 29 | 30 | #include 31 | #include 32 | 33 | #define OID_ISO_CCITT_DIR_SERVICE 85 34 | #define OID_DS OID_ISO_CCITT_DIR_SERVICE 35 | #define OID_ATTR_TYPE OID_DS, 4 36 | #define OID_EXTENSION OID_DS, 29 37 | #define OID_ISO_STANDARD 40 38 | #define OID_ISO_MEMBER 42 39 | #define OID_US OID_ISO_MEMBER, 134, 72 40 | 41 | #define OID_ISO_IDENTIFIED_ORG 43 42 | #define OID_OSINET OID_ISO_IDENTIFIED_ORG, 4 43 | #define OID_GOSIP OID_ISO_IDENTIFIED_ORG, 5 44 | #define OID_DOD OID_ISO_IDENTIFIED_ORG, 6 45 | #define OID_OIW OID_ISO_IDENTIFIED_ORG, 14 46 | 47 | /* From the PKCS Standards */ 48 | #define OID_RSA OID_US, 134, 247, 13 49 | #define OID_RSA_HASH OID_RSA, 2 50 | #define OID_RSA_ENCRYPT OID_RSA, 3 51 | #define OID_PKCS OID_RSA, 1 52 | #define OID_PKCS_1 OID_PKCS, 1 53 | #define OID_PKCS_2 OID_PKCS, 2 54 | #define OID_PKCS_3 OID_PKCS, 3 55 | #define OID_PKCS_4 OID_PKCS, 4 56 | #define OID_PKCS_5 OID_PKCS, 5 57 | #define OID_PKCS_6 OID_PKCS, 6 58 | #define OID_PKCS_7 OID_PKCS, 7 59 | #define OID_PKCS_8 OID_PKCS, 8 60 | #define OID_PKCS_9 OID_PKCS, 9 61 | #define OID_PKCS_10 OID_PKCS, 10 62 | #define OID_PKCS_11 OID_PKCS, 11 63 | #define OID_PKCS_12 OID_PKCS, 12 64 | 65 | /* ANSI X9.62 */ 66 | #define OID_ANSI_X9_62 OID_US, 206, 61 67 | #define OID_PUBLIC_KEY_TYPE OID_ANSI_X9_62, 2 68 | #define OID_EC_SIG_TYPE OID_ANSI_X9_62, 4 69 | #define OID_ECDSA_WITH_SHA2 OID_EC_SIG_TYPE, 3 70 | 71 | /* ANSI X9.42 */ 72 | #define OID_ANSI_X9_42 OID_US, 206, 62, 2 73 | #define OID_ANSI_X9_42_SCHEME OID_ANSI_X9_42, 3 74 | #define OID_ANSI_X9_42_NAMED_SCHEME OID_ANSI_X9_42, 4 75 | 76 | /* DOD IANA Security releated objects. */ 77 | #define OID_IANA OID_DOD, 1, 5 78 | 79 | /* Kerberos PKINIT */ 80 | #define OID_KERBv5 OID_IANA, 2 81 | #define OID_KERBv5_PKINIT OID_KERBv5, 3 82 | 83 | /* DOD IANA Mechanisms. */ 84 | #define OID_MECHANISMS OID_IANA, 5 85 | 86 | /* PKIX */ 87 | #define OID_PKIX OID_MECHANISMS, 7 88 | #define OID_PE OID_PKIX, 1 89 | #define OID_QT OID_PKIX, 2 90 | #define OID_KP OID_PKIX, 3 91 | #define OID_OTHER_NAME OID_PKIX, 8 92 | #define OID_PDA OID_PKIX, 9 93 | #define OID_QCS OID_PKIX, 11 94 | #define OID_AD OID_PKIX, 48 95 | #define OID_AD_OCSP OID_AD, 1 96 | #define OID_AD_CAISSUERS OID_AD, 2 97 | 98 | /* ISAKMP */ 99 | #define OID_ISAKMP OID_MECHANISMS, 8 100 | 101 | /* ETSI */ 102 | #define OID_ETSI 0x04, 0x00 103 | #define OID_ETSI_QCS 0x04, 0x00, 0x8E, 0x46, 0x01 104 | 105 | #define OID_OIW_SECSIG OID_OIW, 3 106 | 107 | #define OID_OIW_ALGORITHM OID_OIW_SECSIG, 2 108 | 109 | /* NIST defined digest algorithm arc (2, 16, 840, 1, 101, 3, 4, 2) */ 110 | #define OID_NIST_HASHALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02 111 | 112 | /* 113 | * Apple-specific OID bases 114 | */ 115 | 116 | /* 117 | * apple OBJECT IDENTIFIER ::= 118 | * { iso(1) member-body(2) US(840) 113635 } 119 | * 120 | * BER = 06 06 2A 86 48 86 F7 63 121 | */ 122 | #define APPLE_OID OID_US, 0x86, 0xf7, 0x63 123 | 124 | /* appleDataSecurity OBJECT IDENTIFIER ::= 125 | * { apple 100 } 126 | * { 1 2 840 113635 100 } 127 | * 128 | * BER = 06 07 2A 86 48 86 F7 63 64 129 | */ 130 | #define APPLE_ADS_OID APPLE_OID, 0x64 131 | 132 | /* 133 | * appleTrustPolicy OBJECT IDENTIFIER ::= 134 | * { appleDataSecurity 1 } 135 | * { 1 2 840 113635 100 1 } 136 | * 137 | * BER = 06 08 2A 86 48 86 F7 63 64 01 138 | */ 139 | #define APPLE_TP_OID APPLE_ADS_OID, 1 140 | 141 | /* 142 | * appleSecurityAlgorithm OBJECT IDENTIFIER ::= 143 | * { appleDataSecurity 2 } 144 | * { 1 2 840 113635 100 2 } 145 | * 146 | * BER = 06 08 2A 86 48 86 F7 63 64 02 147 | */ 148 | #define APPLE_ALG_OID APPLE_ADS_OID, 2 149 | 150 | /* 151 | * appleDotMacCertificate OBJECT IDENTIFIER ::= 152 | * { appleDataSecurity 3 } 153 | * { 1 2 840 113635 100 3 } 154 | */ 155 | #define APPLE_DOTMAC_CERT_OID APPLE_ADS_OID, 3 156 | 157 | /* 158 | * Basis of Policy OIDs for .mac TP requests 159 | * 160 | * dotMacCertificateRequest OBJECT IDENTIFIER ::= 161 | * { appleDotMacCertificate 1 } 162 | * { 1 2 840 113635 100 3 1 } 163 | */ 164 | #define APPLE_DOTMAC_CERT_REQ_OID APPLE_DOTMAC_CERT_OID, 1 165 | 166 | /* 167 | * Basis of .mac Certificate Extensions 168 | * 169 | * dotMacCertificateExtension OBJECT IDENTIFIER ::= 170 | * { appleDotMacCertificate 2 } 171 | * { 1 2 840 113635 100 3 2 } 172 | */ 173 | #define APPLE_DOTMAC_CERT_EXTEN_OID APPLE_DOTMAC_CERT_OID, 2 174 | 175 | /* 176 | * Basis of .mac Certificate request OID/value identitifiers 177 | * 178 | * dotMacCertificateRequestValues OBJECT IDENTIFIER ::= 179 | * { appleDotMacCertificate 3 } 180 | * { 1 2 840 113635 100 3 3 } 181 | */ 182 | #define APPLE_DOTMAC_CERT_REQ_VALUE_OID APPLE_DOTMAC_CERT_OID, 3 183 | 184 | /* 185 | * Basis of Apple-specific extended key usages 186 | * 187 | * appleExtendedKeyUsage OBJECT IDENTIFIER ::= 188 | * { appleDataSecurity 4 } 189 | * { 1 2 840 113635 100 4 } 190 | */ 191 | #define APPLE_EKU_OID APPLE_ADS_OID, 4 192 | 193 | /* 194 | * Basis of Apple Code Signing extended key usages 195 | * appleCodeSigning OBJECT IDENTIFIER ::= 196 | * { appleExtendedKeyUsage 1 } 197 | * { 1 2 840 113635 100 4 1} 198 | */ 199 | #define APPLE_EKU_CODE_SIGNING APPLE_EKU_OID, 1 200 | #define APPLE_EKU_APPLE_ID APPLE_EKU_OID, 7 201 | #define APPLE_EKU_SHOEBOX APPLE_EKU_OID, 14 202 | #define APPLE_EKU_PROFILE_SIGNING APPLE_EKU_OID, 16 203 | #define APPLE_EKU_QA_PROFILE_SIGNING APPLE_EKU_OID, 17 204 | 205 | 206 | /* 207 | * Basis of Apple-specific Certificate Policy IDs. 208 | * appleCertificatePolicies OBJECT IDENTIFIER ::= 209 | * { appleDataSecurity 5 } 210 | * { 1 2 840 113635 100 5 } 211 | */ 212 | #define APPLE_CERT_POLICIES APPLE_ADS_OID, 5 213 | 214 | #define APPLE_CERT_POLICY_MOBILE_STORE APPLE_CERT_POLICIES, 12 215 | 216 | #define APPLE_CERT_POLICY_TEST_MOBILE_STORE APPLE_CERT_POLICY_MOBILE_STORE, 1 217 | 218 | /* 219 | * Basis of Apple-specific Signing extensions 220 | * { appleDataSecurity 6 } 221 | */ 222 | #define APPLE_CERT_EXT APPLE_ADS_OID, 6 223 | 224 | /* Apple Intermediate Marker OIDs */ 225 | #define APPLE_CERT_EXT_INTERMEDIATE_MARKER APPLE_CERT_EXT, 2 226 | /* Apple Apple ID Intermediate Marker */ 227 | #define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID APPLE_CERT_EXT_INTERMEDIATE_MARKER, 3 228 | /* 229 | * Apple Apple ID Intermediate Marker (New subCA, no longer shared with push notification server cert issuer 230 | * 231 | * appleCertificateExtensionAppleIDIntermediate ::= 232 | * { appleCertificateExtensionIntermediateMarker 7 } 233 | * { 1 2 840 113635 100 6 2 7 } 234 | */ 235 | #define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_2 APPLE_CERT_EXT_INTERMEDIATE_MARKER, 7 236 | 237 | #define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_SYSTEM_INTEGRATION_2 APPLE_CERT_EXT_INTERMEDIATE_MARKER, 10 238 | 239 | #define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_SYSTEM_INTEGRATION_G3 APPLE_CERT_EXT_INTERMEDIATE_MARKER, 13 240 | 241 | #define APPLE_CERT_EXT_APPLE_PUSH_MARKER APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID, 2 242 | 243 | 244 | #define APPLE_CERT_EXTENSION_CODESIGNING APPLE_CERT_EXT, 1 245 | 246 | /* Secure Boot Embedded Image3 value, 247 | co-opted by desktop for "Apple Released Code Signature", without value */ 248 | #define APPLE_SBOOT_CERT_EXTEN_SBOOT_SPEC_OID APPLE_CERT_EXTENSION_CODESIGNING, 1 249 | /* iPhone Provisioning Profile Signing leaf - on the intermediate marker arc? */ 250 | #define APPLE_PROVISIONING_PROFILE_OID APPLE_CERT_EXT_INTERMEDIATE_MARKER, 1 251 | /* iPhone Application Signing leaf */ 252 | #define APPLE_APP_SIGNING_OID APPLE_CERT_EXTENSION_CODESIGNING, 3 253 | 254 | #define APPLE_INSTALLER_PACKAGE_SIGNING_EXTERNAL_OID APPLE_CERT_EXTENSION_CODESIGNING, 16 255 | 256 | #define APPLE_ESCROW_ARC APPLE_CERT_EXT, 23 257 | 258 | #define APPLE_ESCROW_POLICY_OID APPLE_ESCROW_ARC, 1 259 | 260 | #define APPLE_CERT_EXT_APPLE_ID_VALIDATION_RECORD_SIGNING APPLE_CERT_EXT, 25 261 | 262 | #define APPLE_SERVER_AUTHENTICATION APPLE_CERT_EXT, 27 263 | #define APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION APPLE_SERVER_AUTHENTICATION, 1 264 | #define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLE_SERVER_AUTHENTICATION APPLE_CERT_EXT_INTERMEDIATE_MARKER, 12 265 | 266 | #define APPLE_CERT_EXT_APPLE_SMP_ENCRYPTION APPLE_CERT_EXT, 30 267 | 268 | /* 269 | * Netscape OIDs. 270 | */ 271 | #define NETSCAPE_BASE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42 272 | 273 | /* 274 | * Netscape cert extension. 275 | * 276 | * netscape-cert-extension OBJECT IDENTIFIER ::= 277 | * { 2 16 840 1 113730 1 } 278 | * 279 | * BER = 06 08 60 86 48 01 86 F8 42 01 280 | */ 281 | #define NETSCAPE_CERT_EXTEN NETSCAPE_BASE_OID, 0x01 282 | 283 | #define NETSCAPE_CERT_POLICY NETSCAPE_BASE_OID, 0x04 284 | 285 | /* Entrust OIDs. */ 286 | #define ENTRUST_BASE_OID OID_US, 0x86, 0xf6, 0x7d 287 | 288 | /* 289 | * Entrust cert extension. 290 | * 291 | * entrust-cert-extension OBJECT IDENTIFIER ::= 292 | * { 1 2 840 113533 7 65 } 293 | * 294 | * BER = 06 08 2A 86 48 86 F6 7D 07 41 295 | */ 296 | #define ENTRUST_CERT_EXTEN ENTRUST_BASE_OID, 0x07, 0x41 297 | 298 | /* Microsfot OIDs. */ 299 | #define MICROSOFT_BASE_OID OID_DOD, 0x01, 0x04, 0x01, 0x82, 0x37 300 | #define MICROSOFT_ENROLLMENT_OID MICROSOFT_BASE_OID, 0x14 301 | 302 | /* Algorithm OIDs. */ 303 | static const DERByte 304 | _oidRsa[] = { OID_PKCS_1, 1 }, 305 | _oidMd2Rsa[] = { OID_PKCS_1, 2 }, 306 | _oidMd5Rsa[] = { OID_PKCS_1, 4 }, 307 | _oidSha1Rsa[] = { OID_PKCS_1, 5 }, 308 | _oidSha256Rsa[] = { OID_PKCS_1, 11 }, 309 | _oidEcPubKey[] = { OID_PUBLIC_KEY_TYPE, 1 }, 310 | _oidSha1Ecdsa[] = { OID_EC_SIG_TYPE, 1 }, /* rfc3279 */ 311 | _oidSha224Ecdsa[] = { OID_ECDSA_WITH_SHA2, 1 }, /* rfc5758 */ 312 | _oidSha256Ecdsa[] = { OID_ECDSA_WITH_SHA2, 2 }, /* rfc5758 */ 313 | _oidSha384Ecdsa[] = { OID_ECDSA_WITH_SHA2, 3 }, /* rfc5758 */ 314 | _oidSha512Ecdsa[] = { OID_ECDSA_WITH_SHA2, 4 }, /* rfc5758 */ 315 | _oidMd2[] = { OID_RSA_HASH, 2 }, 316 | _oidMd4[] = { OID_RSA_HASH, 4 }, 317 | _oidMd5[] = { OID_RSA_HASH, 5 }, 318 | _oidSha1[] = { OID_OIW_ALGORITHM, 26 }, 319 | _oidSha256[] = { OID_NIST_HASHALG, 1 }, 320 | _oidSha384[] = { OID_NIST_HASHALG, 2 }, 321 | _oidSha512[] = { OID_NIST_HASHALG, 3 }, 322 | _oidSha224[] = { OID_NIST_HASHALG, 4 }; 323 | 324 | const DERItem 325 | oidRsa = { (DERByte *)_oidRsa, 326 | sizeof(_oidRsa) }, 327 | oidMd2Rsa = { (DERByte *)_oidMd2Rsa, 328 | sizeof(_oidMd2Rsa) }, 329 | oidMd5Rsa = { (DERByte *)_oidMd5Rsa, 330 | sizeof(_oidMd5Rsa) }, 331 | oidSha1Rsa = { (DERByte *)_oidSha1Rsa, 332 | sizeof(_oidSha1Rsa) }, 333 | oidSha256Rsa = { (DERByte *)_oidSha256Rsa, 334 | sizeof(_oidSha256Rsa) }, 335 | oidEcPubKey = { (DERByte *)_oidEcPubKey, 336 | sizeof(_oidEcPubKey) }, 337 | oidSha1Ecdsa = { (DERByte *)_oidSha1Ecdsa, 338 | sizeof(_oidSha1Ecdsa) }, 339 | oidSha224Ecdsa = { (DERByte *)_oidSha224Ecdsa, 340 | sizeof(_oidSha224Ecdsa) }, 341 | oidSha256Ecdsa = { (DERByte *)_oidSha256Ecdsa, 342 | sizeof(_oidSha256Ecdsa) }, 343 | oidSha384Ecdsa = { (DERByte *)_oidSha384Ecdsa, 344 | sizeof(_oidSha384Ecdsa) }, 345 | oidSha512Ecdsa = { (DERByte *)_oidSha512Ecdsa, 346 | sizeof(_oidSha512Ecdsa) }, 347 | oidMd2 = { (DERByte *)_oidMd2, 348 | sizeof(_oidMd2) }, 349 | oidMd4 = { (DERByte *)_oidMd4, 350 | sizeof(_oidMd4) }, 351 | oidMd5 = { (DERByte *)_oidMd5, 352 | sizeof(_oidMd5) }, 353 | oidSha1 = { (DERByte *)_oidSha1, 354 | sizeof(_oidSha1) }, 355 | oidSha256 = { (DERByte *)_oidSha256, 356 | sizeof(_oidSha256) }, 357 | oidSha384 = { (DERByte *)_oidSha384, 358 | sizeof(_oidSha384) }, 359 | oidSha512 = { (DERByte *)_oidSha512, 360 | sizeof(_oidSha512) }, 361 | oidSha224 = { (DERByte *)_oidSha224, 362 | sizeof(_oidSha224) }; 363 | 364 | /* Extension OIDs. */ 365 | __unused static const DERByte 366 | _oidSubjectKeyIdentifier[] = { OID_EXTENSION, 14 }, 367 | _oidKeyUsage[] = { OID_EXTENSION, 15 }, 368 | _oidPrivateKeyUsagePeriod[] = { OID_EXTENSION, 16 }, 369 | _oidSubjectAltName[] = { OID_EXTENSION, 17 }, 370 | _oidIssuerAltName[] = { OID_EXTENSION, 18 }, 371 | _oidBasicConstraints[] = { OID_EXTENSION, 19 }, 372 | _oidCrlDistributionPoints[] = { OID_EXTENSION, 31 }, 373 | _oidCertificatePolicies[] = { OID_EXTENSION, 32 }, 374 | _oidAnyPolicy[] = { OID_EXTENSION, 32, 0 }, 375 | _oidPolicyMappings[] = { OID_EXTENSION, 33 }, 376 | _oidAuthorityKeyIdentifier[] = { OID_EXTENSION, 35 }, 377 | _oidPolicyConstraints[] = { OID_EXTENSION, 36 }, 378 | _oidExtendedKeyUsage[] = { OID_EXTENSION, 37 }, 379 | _oidAnyExtendedKeyUsage[] = { OID_EXTENSION, 37, 0 }, 380 | _oidInhibitAnyPolicy[] = { OID_EXTENSION, 54 }, 381 | _oidAuthorityInfoAccess[] = { OID_PE, 1 }, 382 | _oidSubjectInfoAccess[] = { OID_PE, 11 }, 383 | _oidAdOCSP[] = { OID_AD_OCSP }, 384 | _oidAdCAIssuer[] = { OID_AD_CAISSUERS }, 385 | _oidNetscapeCertType[] = { NETSCAPE_CERT_EXTEN, 1 }, 386 | _oidEntrustVersInfo[] = { ENTRUST_CERT_EXTEN, 0 }, 387 | _oidMSNTPrincipalName[] = { MICROSOFT_ENROLLMENT_OID, 2, 3 }, 388 | /* Policy Qualifier IDs for Internet policy qualifiers. */ 389 | _oidQtCps[] = { OID_QT, 1 }, 390 | _oidQtUNotice[] = { OID_QT, 2 }, 391 | /* X.501 Name IDs. */ 392 | _oidCommonName[] = { OID_ATTR_TYPE, 3 }, 393 | _oidCountryName[] = { OID_ATTR_TYPE, 6 }, 394 | _oidLocalityName[] = { OID_ATTR_TYPE, 7 }, 395 | _oidStateOrProvinceName[] = { OID_ATTR_TYPE, 8 }, 396 | _oidOrganizationName[] = { OID_ATTR_TYPE, 10 }, 397 | _oidOrganizationalUnitName[] = { OID_ATTR_TYPE, 11 }, 398 | _oidDescription[] = { OID_ATTR_TYPE, 13 }, 399 | _oidEmailAddress[] = { OID_PKCS_9, 1 }, 400 | _oidFriendlyName[] = { OID_PKCS_9, 20 }, 401 | _oidLocalKeyId[] = { OID_PKCS_9, 21 }, 402 | _oidExtendedKeyUsageServerAuth[] = { OID_KP, 1 }, 403 | _oidExtendedKeyUsageClientAuth[] = { OID_KP, 2 }, 404 | _oidExtendedKeyUsageCodeSigning[] = { OID_KP, 3 }, 405 | _oidExtendedKeyUsageEmailProtection[] = { OID_KP, 4 }, 406 | _oidExtendedKeyUsageOCSPSigning[] = { OID_KP, 9 }, 407 | _oidExtendedKeyUsageIPSec[] = { OID_ISAKMP, 2, 2 }, 408 | _oidExtendedKeyUsageMicrosoftSGC[] = { MICROSOFT_BASE_OID, 10, 3, 3 }, 409 | _oidExtendedKeyUsageNetscapeSGC[] = { NETSCAPE_CERT_POLICY, 1 }, 410 | _oidAppleSecureBootCertSpec[] = { APPLE_SBOOT_CERT_EXTEN_SBOOT_SPEC_OID }, 411 | _oidAppleProvisioningProfile[] = {APPLE_PROVISIONING_PROFILE_OID }, 412 | _oidAppleApplicationSigning[] = { APPLE_APP_SIGNING_OID }, 413 | _oidAppleInstallerPackagingSigningExternal[] = { APPLE_INSTALLER_PACKAGE_SIGNING_EXTERNAL_OID }, 414 | _oidAppleExtendedKeyUsageAppleID[] = { APPLE_EKU_APPLE_ID }, 415 | _oidAppleExtendedKeyUsageShoebox[] = { APPLE_EKU_SHOEBOX }, 416 | _oidAppleExtendedKeyUsageProfileSigning[] = { APPLE_EKU_PROFILE_SIGNING }, 417 | _oidAppleExtendedKeyUsageQAProfileSigning[] = { APPLE_EKU_QA_PROFILE_SIGNING }, 418 | _oidAppleIntmMarkerAppleID[] = { APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID }, 419 | _oidAppleIntmMarkerAppleID2[] = {APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_2 }, 420 | _oidApplePushServiceClient[] = { APPLE_CERT_EXT_APPLE_PUSH_MARKER, 2 }, 421 | _oidApplePolicyMobileStore[] = { APPLE_CERT_POLICY_MOBILE_STORE }, 422 | _oidApplePolicyTestMobileStore[] = { APPLE_CERT_POLICY_TEST_MOBILE_STORE }, 423 | _oidApplePolicyEscrowService[] = { APPLE_ESCROW_POLICY_OID }, 424 | _oidAppleCertExtensionAppleIDRecordValidationSigning[] = { APPLE_CERT_EXT_APPLE_ID_VALIDATION_RECORD_SIGNING }, 425 | _oidAppleIntmMarkerAppleSystemIntg2[] = {APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_SYSTEM_INTEGRATION_2}, 426 | _oidAppleIntmMarkerAppleSystemIntgG3[] = {APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_SYSTEM_INTEGRATION_G3}, 427 | _oidAppleCertExtAppleSMPEncryption[] = {APPLE_CERT_EXT_APPLE_SMP_ENCRYPTION}, 428 | _oidAppleCertExtAppleServerAuthentication[] = {APPLE_CERT_EXT_APPLE_SERVER_AUTHENTICATION}, 429 | _oidAppleIntmMarkerAppleServerAuthentication[] = {APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLE_SERVER_AUTHENTICATION}; 430 | 431 | __unused const DERItem 432 | oidSubjectKeyIdentifier = { (DERByte *)_oidSubjectKeyIdentifier, 433 | sizeof(_oidSubjectKeyIdentifier) }, 434 | oidKeyUsage = { (DERByte *)_oidKeyUsage, 435 | sizeof(_oidKeyUsage) }, 436 | oidPrivateKeyUsagePeriod = { (DERByte *)_oidPrivateKeyUsagePeriod, 437 | sizeof(_oidPrivateKeyUsagePeriod) }, 438 | oidSubjectAltName = { (DERByte *)_oidSubjectAltName, 439 | sizeof(_oidSubjectAltName) }, 440 | oidIssuerAltName = { (DERByte *)_oidIssuerAltName, 441 | sizeof(_oidIssuerAltName) }, 442 | oidBasicConstraints = { (DERByte *)_oidBasicConstraints, 443 | sizeof(_oidBasicConstraints) }, 444 | oidCrlDistributionPoints = { (DERByte *)_oidCrlDistributionPoints, 445 | sizeof(_oidCrlDistributionPoints) }, 446 | oidCertificatePolicies = { (DERByte *)_oidCertificatePolicies, 447 | sizeof(_oidCertificatePolicies) }, 448 | oidAnyPolicy = { (DERByte *)_oidAnyPolicy, 449 | sizeof(_oidAnyPolicy) }, 450 | oidPolicyMappings = { (DERByte *)_oidPolicyMappings, 451 | sizeof(_oidPolicyMappings) }, 452 | oidAuthorityKeyIdentifier = { (DERByte *)_oidAuthorityKeyIdentifier, 453 | sizeof(_oidAuthorityKeyIdentifier) }, 454 | oidPolicyConstraints = { (DERByte *)_oidPolicyConstraints, 455 | sizeof(_oidPolicyConstraints) }, 456 | oidExtendedKeyUsage = { (DERByte *)_oidExtendedKeyUsage, 457 | sizeof(_oidExtendedKeyUsage) }, 458 | oidAnyExtendedKeyUsage = { (DERByte *)_oidAnyExtendedKeyUsage, 459 | sizeof(_oidAnyExtendedKeyUsage) }, 460 | oidInhibitAnyPolicy = { (DERByte *)_oidInhibitAnyPolicy, 461 | sizeof(_oidInhibitAnyPolicy) }, 462 | oidAuthorityInfoAccess = { (DERByte *)_oidAuthorityInfoAccess, 463 | sizeof(_oidAuthorityInfoAccess) }, 464 | oidSubjectInfoAccess = { (DERByte *)_oidSubjectInfoAccess, 465 | sizeof(_oidSubjectInfoAccess) }, 466 | oidAdOCSP = { (DERByte *)_oidAdOCSP, 467 | sizeof(_oidAdOCSP) }, 468 | oidAdCAIssuer = { (DERByte *)_oidAdCAIssuer, 469 | sizeof(_oidAdCAIssuer) }, 470 | oidNetscapeCertType = { (DERByte *)_oidNetscapeCertType, 471 | sizeof(_oidNetscapeCertType) }, 472 | oidEntrustVersInfo = { (DERByte *)_oidEntrustVersInfo, 473 | sizeof(_oidEntrustVersInfo) }, 474 | oidMSNTPrincipalName = { (DERByte *)_oidMSNTPrincipalName, 475 | sizeof(_oidMSNTPrincipalName) }, 476 | /* Policy Qualifier IDs for Internet policy qualifiers. */ 477 | oidQtCps = { (DERByte *)_oidQtCps, 478 | sizeof(_oidQtCps) }, 479 | oidQtUNotice = { (DERByte *)_oidQtUNotice, 480 | sizeof(_oidQtUNotice) }, 481 | /* X.501 Name IDs. */ 482 | oidCommonName = { (DERByte *)_oidCommonName, 483 | sizeof(_oidCommonName) }, 484 | oidCountryName = { (DERByte *)_oidCountryName, 485 | sizeof(_oidCountryName) }, 486 | oidLocalityName = { (DERByte *)_oidLocalityName, 487 | sizeof(_oidLocalityName) }, 488 | oidStateOrProvinceName = { (DERByte *)_oidStateOrProvinceName, 489 | sizeof(_oidStateOrProvinceName) }, 490 | oidOrganizationName = { (DERByte *)_oidOrganizationName, 491 | sizeof(_oidOrganizationName) }, 492 | oidOrganizationalUnitName = { (DERByte *)_oidOrganizationalUnitName, 493 | sizeof(_oidOrganizationalUnitName) }, 494 | oidDescription = { (DERByte *)_oidDescription, 495 | sizeof(_oidDescription) }, 496 | oidEmailAddress = { (DERByte *)_oidEmailAddress, 497 | sizeof(_oidEmailAddress) }, 498 | oidFriendlyName = { (DERByte *)_oidFriendlyName, 499 | sizeof(_oidFriendlyName) }, 500 | oidLocalKeyId = { (DERByte *)_oidLocalKeyId, 501 | sizeof(_oidLocalKeyId) }, 502 | oidExtendedKeyUsageServerAuth = { (DERByte *)_oidExtendedKeyUsageServerAuth, 503 | sizeof(_oidExtendedKeyUsageServerAuth) }, 504 | oidExtendedKeyUsageClientAuth = { (DERByte *)_oidExtendedKeyUsageClientAuth, 505 | sizeof(_oidExtendedKeyUsageClientAuth) }, 506 | oidExtendedKeyUsageCodeSigning = { (DERByte *)_oidExtendedKeyUsageCodeSigning, 507 | sizeof(_oidExtendedKeyUsageCodeSigning) }, 508 | oidExtendedKeyUsageEmailProtection = { (DERByte *)_oidExtendedKeyUsageEmailProtection, 509 | sizeof(_oidExtendedKeyUsageEmailProtection) }, 510 | oidExtendedKeyUsageOCSPSigning = { (DERByte *)_oidExtendedKeyUsageOCSPSigning, 511 | sizeof(_oidExtendedKeyUsageOCSPSigning) }, 512 | oidExtendedKeyUsageIPSec = { (DERByte *)_oidExtendedKeyUsageIPSec, 513 | sizeof(_oidExtendedKeyUsageIPSec) }, 514 | oidExtendedKeyUsageMicrosoftSGC = { (DERByte *)_oidExtendedKeyUsageMicrosoftSGC, 515 | sizeof(_oidExtendedKeyUsageMicrosoftSGC) }, 516 | oidExtendedKeyUsageNetscapeSGC = { (DERByte *)_oidExtendedKeyUsageNetscapeSGC, 517 | sizeof(_oidExtendedKeyUsageNetscapeSGC) }, 518 | oidAppleSecureBootCertSpec = { (DERByte *)_oidAppleSecureBootCertSpec, 519 | sizeof(_oidAppleSecureBootCertSpec) }, 520 | oidAppleProvisioningProfile = { (DERByte *)_oidAppleProvisioningProfile, 521 | sizeof(_oidAppleProvisioningProfile) }, 522 | oidAppleApplicationSigning = { (DERByte *)_oidAppleApplicationSigning, 523 | sizeof(_oidAppleApplicationSigning) }, 524 | oidAppleInstallerPackagingSigningExternal = { (DERByte *)_oidAppleInstallerPackagingSigningExternal, 525 | sizeof(_oidAppleInstallerPackagingSigningExternal) }, 526 | oidAppleExtendedKeyUsageAppleID = { (DERByte *)_oidAppleExtendedKeyUsageAppleID, 527 | sizeof(_oidAppleExtendedKeyUsageAppleID) }, 528 | oidAppleExtendedKeyUsageShoebox = { (DERByte *)_oidAppleExtendedKeyUsageShoebox, 529 | sizeof(_oidAppleExtendedKeyUsageShoebox) }, 530 | oidAppleExtendedKeyUsageProfileSigning 531 | = { (DERByte *)_oidAppleExtendedKeyUsageProfileSigning, 532 | sizeof(_oidAppleExtendedKeyUsageProfileSigning) }, 533 | oidAppleExtendedKeyUsageQAProfileSigning 534 | = { (DERByte *)_oidAppleExtendedKeyUsageQAProfileSigning, 535 | sizeof(_oidAppleExtendedKeyUsageQAProfileSigning) }, 536 | oidAppleIntmMarkerAppleID = { (DERByte *)_oidAppleIntmMarkerAppleID, 537 | sizeof(_oidAppleIntmMarkerAppleID) }, 538 | oidAppleIntmMarkerAppleID2 = { (DERByte *)_oidAppleIntmMarkerAppleID2, 539 | sizeof(_oidAppleIntmMarkerAppleID2) }, 540 | oidApplePushServiceClient = { (DERByte *)_oidAppleIntmMarkerAppleID2, 541 | sizeof(_oidAppleIntmMarkerAppleID2) }, 542 | oidApplePolicyMobileStore = { (DERByte *)_oidApplePolicyMobileStore, 543 | sizeof(_oidApplePolicyMobileStore)}, 544 | oidApplePolicyTestMobileStore = { (DERByte *)_oidApplePolicyTestMobileStore, 545 | sizeof(_oidApplePolicyTestMobileStore)}, 546 | oidApplePolicyEscrowService = { (DERByte *)_oidApplePolicyEscrowService, 547 | sizeof(_oidApplePolicyEscrowService)}, 548 | oidAppleCertExtensionAppleIDRecordValidationSigning = { (DERByte *)_oidAppleCertExtensionAppleIDRecordValidationSigning, 549 | sizeof(_oidAppleCertExtensionAppleIDRecordValidationSigning)}, 550 | oidAppleIntmMarkerAppleSystemIntg2 = { (DERByte *) _oidAppleIntmMarkerAppleSystemIntg2, 551 | sizeof(_oidAppleIntmMarkerAppleSystemIntg2)}, 552 | oidAppleIntmMarkerAppleSystemIntgG3 = { (DERByte *) _oidAppleIntmMarkerAppleSystemIntgG3, 553 | sizeof(_oidAppleIntmMarkerAppleSystemIntgG3)}, 554 | oidAppleCertExtAppleSMPEncryption = { (DERByte *)_oidAppleCertExtAppleSMPEncryption, 555 | sizeof(_oidAppleCertExtAppleSMPEncryption)}, 556 | oidAppleCertExtAppleServerAuthentication 557 | = { (DERByte *)_oidAppleCertExtAppleServerAuthentication, 558 | sizeof(_oidAppleCertExtAppleServerAuthentication) }, 559 | oidAppleIntmMarkerAppleServerAuthentication 560 | = { (DERByte *)_oidAppleIntmMarkerAppleServerAuthentication, 561 | sizeof(_oidAppleIntmMarkerAppleServerAuthentication) }; 562 | 563 | 564 | bool DEROidCompare(const DERItem *oid1, const DERItem *oid2) { 565 | if ((oid1 == NULL) || (oid2 == NULL)) { 566 | return false; 567 | } 568 | if (oid1->length != oid2->length) { 569 | return false; 570 | } 571 | if (!DERMemcmp(oid1->data, oid2->data, oid1->length)) { 572 | return true; 573 | } else { 574 | return false; 575 | } 576 | } 577 | --------------------------------------------------------------------------------