All geek questions in one place

Using Xcode's security infrastructure to analyze asn1 format

I would like to parse the asn1 format in OS-X 10.11.

Unfortunately, Apple no longer includes openssl as part of its SDK. instead, there was an internal package that I recommended using in the following header:

SDKs/MacOSX10.11.sdk/System/Library/Frameworks/Security.framework/Versions/A/Headers/SecAsn1Coder.h

Unfortunately, the API I need to parse the asn1 file and extract this field seems very different from the original openssl API.

In openssl, the function "asn1parse", defined in include / openssl / asn1.h, receives a DER-formatted file, decodes it, and returns the output text that represents the asn1 tree.

In an Apple implementation, I found "SecAsn1Decode", which can provide the same functionality. The documentation says that the output argument (void * dest) is a pointer to a "template-specific structure allocated by the caller", but I don't understand what structure should I expect and how much memory should I allocate?

maybe you can help me understand how to use it. Any links are welcome.

+4
source share
1 answer

GitHub now has several snippets showing how to call a function SecAsn1Decode, see here, for example :

typedef struct {
    size_t          length;
    unsigned char   *data;
} ASN1_Data;

typedef struct {
    ASN1_Data type;     // INTEGER
    ASN1_Data version;  // INTEGER
    ASN1_Data value;    // OCTET STRING
} RVNReceiptAttribute;

typedef struct {
    RVNReceiptAttribute **attrs;
} RVNReceiptPayload;

// ASN.1 receipt attribute template
static const SecAsn1Template kReceiptAttributeTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RVNReceiptAttribute) },
    { SEC_ASN1_INTEGER, offsetof(RVNReceiptAttribute, type), NULL, 0 },
    { SEC_ASN1_INTEGER, offsetof(RVNReceiptAttribute, version), NULL, 0 },
    { SEC_ASN1_OCTET_STRING, offsetof(RVNReceiptAttribute, value), NULL, 0 },
    { 0, 0, NULL, 0 }
};

// ASN.1 receipt template set
static const SecAsn1Template kSetOfReceiptAttributeTemplate[] = {
    { SEC_ASN1_SET_OF, 0, kReceiptAttributeTemplate, sizeof(RVNReceiptPayload) },
    { 0, 0, NULL, 0 }
};

And later:

NSData *payloadData = …
RVNReceiptPayload payload = { NULL };
status = SecAsn1Decode(asn1Decoder, payloadData.bytes, payloadData.length, kSetOfReceiptAttributeTemplate, &payload);
+2
source

Source: https://habr.com/ru/post/1625117/

More articles:


All Articles