Skip to content

Commit 0cae137

Browse files
sandeepmistrysandeepmistry
committed
Use GeneralizedTime format for not before and not after dates with year > 2049
1 parent e331415 commit 0cae137

File tree

1 file changed

+38
-15
lines changed

1 file changed

+38
-15
lines changed

src/utility/ECCX08Cert.cpp

Lines changed: 38 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -323,6 +323,25 @@ int ECCX08CertClass::endReconstruction()
323323
return 0;
324324
}
325325

326+
// dates
327+
int year = (compressedCert.dates[0] >> 3) + 2000;
328+
int month = ((compressedCert.dates[0] & 0x07) << 1) | (compressedCert.dates[1] >> 7);
329+
int day = (compressedCert.dates[1] & 0x7c) >> 2;
330+
int hour = ((compressedCert.dates[1] & 0x03) << 3) | (compressedCert.dates[2] >> 5);
331+
int expireYears = (compressedCert.dates[2] & 0x1f);
332+
333+
int datesSize = 30;
334+
335+
if (year > 2049) {
336+
// two more bytes for GeneralizedTime
337+
datesSize += 2;
338+
}
339+
340+
if ((year + expireYears) > 2049) {
341+
// two more bytes for GeneralizedTime
342+
datesSize += 2;
343+
}
344+
326345
int serialNumberLen = serialNumberLength(serialNumberAndAuthorityKeyIdentifier.serialNumber);
327346

328347
int issuerLen = issuerOrSubjectLength(_issuerCountryName,
@@ -349,7 +368,7 @@ int ECCX08CertClass::endReconstruction()
349368

350369
int signatureLen = signatureLength(compressedCert.signature);
351370

352-
int certInfoLen = 5 + serialNumberLen + 12 + issuerHeaderLen + issuerLen + 32 +
371+
int certInfoLen = 5 + serialNumberLen + 12 + issuerHeaderLen + issuerLen + (datesSize + 2) +
353372
subjectHeaderLen + subjectLen + publicKeyLen;
354373

355374
if (authorityKeyIdentifierLen) {
@@ -404,15 +423,8 @@ int ECCX08CertClass::endReconstruction()
404423
_issuerCommonName, out);
405424
out += issuerLen;
406425

407-
// dates
408-
int year = (compressedCert.dates[0] >> 3) + 2000;
409-
int month = ((compressedCert.dates[0] & 0x07) << 1) | (compressedCert.dates[1] >> 7);
410-
int day = (compressedCert.dates[1] & 0x7c) >> 2;
411-
int hour = ((compressedCert.dates[1] & 0x03) << 3) | (compressedCert.dates[2] >> 5);
412-
int expireYears = (compressedCert.dates[2] & 0x1f);
413-
414426
*out++ = ASN1_SEQUENCE;
415-
*out++ = 0x1e;
427+
*out++ = datesSize;
416428
out += appendDate(year, month, day, hour, 0, 0, out);
417429
out += appendDate(year + expireYears, month, day, hour, 0, 0, out);
418430

@@ -888,12 +900,23 @@ void ECCX08CertClass::appendSequenceHeader(int length, byte out[])
888900

889901
int ECCX08CertClass::appendDate(int year, int month, int day, int hour, int minute, int second, byte out[])
890902
{
891-
year -= 2000;
903+
bool useGeneralizedTime = (year > 2049);
892904

893-
*out++ = 0x17;
894-
*out++ = 0x0d;
895-
*out++ = '0' + (year / 10);
896-
*out++ = '0' + (year % 10);
905+
if (useGeneralizedTime) {
906+
*out++ = 0x18;
907+
*out++ = 0x0f;
908+
*out++ = '0' + (year / 1000);
909+
*out++ = '0' + ((year % 1000) / 100);
910+
*out++ = '0' + ((year % 100) / 10);
911+
*out++ = '0' + (year % 10);
912+
} else {
913+
year -= 2000;
914+
915+
*out++ = 0x17;
916+
*out++ = 0x0d;
917+
*out++ = '0' + (year / 10);
918+
*out++ = '0' + (year % 10);
919+
}
897920
*out++ = '0' + (month / 10);
898921
*out++ = '0' + (month % 10);
899922
*out++ = '0' + (day / 10);
@@ -906,7 +929,7 @@ int ECCX08CertClass::appendDate(int year, int month, int day, int hour, int minu
906929
*out++ = '0' + (second % 10);
907930
*out++ = 0x5a; // UTC
908931

909-
return 15;
932+
return (useGeneralizedTime ? 17 : 15);
910933
}
911934

912935
int ECCX08CertClass::appendEcdsaWithSHA256(byte out[])

0 commit comments

Comments
 (0)