/src/mbedtls/library/oid.c
Line | Count | Source (jump to first uncovered line) |
1 | | /** |
2 | | * \file oid.c |
3 | | * |
4 | | * \brief Object Identifier (OID) database |
5 | | * |
6 | | * Copyright The Mbed TLS Contributors |
7 | | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
8 | | */ |
9 | | |
10 | | #include "common.h" |
11 | | |
12 | | #if defined(MBEDTLS_OID_C) |
13 | | |
14 | | #include "mbedtls/oid.h" |
15 | | #include "mbedtls/rsa.h" |
16 | | #include "mbedtls/error.h" |
17 | | #include "mbedtls/pk.h" |
18 | | |
19 | | #include <stdio.h> |
20 | | #include <string.h> |
21 | | |
22 | | #include "mbedtls/platform.h" |
23 | | |
24 | | /* |
25 | | * Macro to automatically add the size of #define'd OIDs |
26 | | */ |
27 | | #define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s) |
28 | | |
29 | | /* |
30 | | * Macro to generate mbedtls_oid_descriptor_t |
31 | | */ |
32 | | #if !defined(MBEDTLS_X509_REMOVE_INFO) |
33 | | #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description } |
34 | | #define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL } |
35 | | #else |
36 | | #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s) } |
37 | | #define NULL_OID_DESCRIPTOR { NULL, 0 } |
38 | | #endif |
39 | | |
40 | | /* |
41 | | * Macro to generate an internal function for oid_XXX_from_asn1() (used by |
42 | | * the other functions) |
43 | | */ |
44 | | #define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST) \ |
45 | | static const TYPE_T *oid_ ## NAME ## _from_asn1( \ |
46 | | const mbedtls_asn1_buf *oid) \ |
47 | 0 | { \ |
48 | 0 | const TYPE_T *p = (LIST); \ |
49 | 0 | const mbedtls_oid_descriptor_t *cur = \ |
50 | 0 | (const mbedtls_oid_descriptor_t *) p; \ |
51 | 0 | if (p == NULL || oid == NULL) return NULL; \ |
52 | 0 | while (cur->asn1 != NULL) { \ |
53 | 0 | if (cur->asn1_len == oid->len && \ |
54 | 0 | memcmp(cur->asn1, oid->p, oid->len) == 0) { \ |
55 | 0 | return p; \ |
56 | 0 | } \ |
57 | 0 | p++; \ |
58 | 0 | cur = (const mbedtls_oid_descriptor_t *) p; \ |
59 | 0 | } \ |
60 | 0 | return NULL; \ |
61 | 0 | } Unexecuted instantiation: oid.c:oid_x520_attr_from_asn1 Unexecuted instantiation: oid.c:oid_x509_ext_from_asn1 Unexecuted instantiation: oid.c:oid_ext_key_usage_from_asn1 Unexecuted instantiation: oid.c:oid_certificate_policies_from_asn1 Unexecuted instantiation: oid.c:oid_sig_alg_from_asn1 Unexecuted instantiation: oid.c:oid_pk_alg_from_asn1 Unexecuted instantiation: oid.c:oid_grp_id_from_asn1 Unexecuted instantiation: oid.c:oid_grp_id_algid_from_asn1 Unexecuted instantiation: oid.c:oid_cipher_alg_from_asn1 Unexecuted instantiation: oid.c:oid_md_alg_from_asn1 Unexecuted instantiation: oid.c:oid_md_hmac_from_asn1 Unexecuted instantiation: oid.c:oid_pkcs12_pbe_alg_from_asn1 |
62 | | |
63 | | #if !defined(MBEDTLS_X509_REMOVE_INFO) |
64 | | /* |
65 | | * Macro to generate a function for retrieving a single attribute from the |
66 | | * descriptor of an mbedtls_oid_descriptor_t wrapper. |
67 | | */ |
68 | | #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ |
69 | | int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ |
70 | 0 | { \ |
71 | 0 | const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ |
72 | 0 | if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ |
73 | 0 | *ATTR1 = data->descriptor.ATTR1; \ |
74 | 0 | return 0; \ |
75 | 0 | } |
76 | | #endif /* MBEDTLS_X509_REMOVE_INFO */ |
77 | | |
78 | | /* |
79 | | * Macro to generate a function for retrieving a single attribute from an |
80 | | * mbedtls_oid_descriptor_t wrapper. |
81 | | */ |
82 | | #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ |
83 | | int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ |
84 | 0 | { \ |
85 | 0 | const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ |
86 | 0 | if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ |
87 | 0 | *ATTR1 = data->ATTR1; \ |
88 | 0 | return 0; \ |
89 | 0 | } Unexecuted instantiation: mbedtls_oid_get_attr_short_name Unexecuted instantiation: mbedtls_oid_get_x509_ext_type Unexecuted instantiation: mbedtls_oid_get_extended_key_usage Unexecuted instantiation: mbedtls_oid_get_certificate_policies Unexecuted instantiation: mbedtls_oid_get_pk_alg Unexecuted instantiation: mbedtls_oid_get_ec_grp Unexecuted instantiation: mbedtls_oid_get_ec_grp_algid Unexecuted instantiation: mbedtls_oid_get_cipher_alg Unexecuted instantiation: mbedtls_oid_get_md_alg Unexecuted instantiation: mbedtls_oid_get_md_hmac |
90 | | |
91 | | /* |
92 | | * Macro to generate a function for retrieving two attributes from an |
93 | | * mbedtls_oid_descriptor_t wrapper. |
94 | | */ |
95 | | #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \ |
96 | | ATTR2_TYPE, ATTR2) \ |
97 | | int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \ |
98 | | ATTR2_TYPE * ATTR2) \ |
99 | 0 | { \ |
100 | 0 | const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ |
101 | 0 | if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ |
102 | 0 | *(ATTR1) = data->ATTR1; \ |
103 | 0 | *(ATTR2) = data->ATTR2; \ |
104 | 0 | return 0; \ |
105 | 0 | } Unexecuted instantiation: mbedtls_oid_get_sig_alg Unexecuted instantiation: mbedtls_oid_get_pkcs12_pbe_alg |
106 | | |
107 | | /* |
108 | | * Macro to generate a function for retrieving the OID based on a single |
109 | | * attribute from a mbedtls_oid_descriptor_t wrapper. |
110 | | */ |
111 | | #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \ |
112 | | int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \ |
113 | 0 | { \ |
114 | 0 | const TYPE_T *cur = (LIST); \ |
115 | 0 | while (cur->descriptor.asn1 != NULL) { \ |
116 | 0 | if (cur->ATTR1 == (ATTR1)) { \ |
117 | 0 | *oid = cur->descriptor.asn1; \ |
118 | 0 | *olen = cur->descriptor.asn1_len; \ |
119 | 0 | return 0; \ |
120 | 0 | } \ |
121 | 0 | cur++; \ |
122 | 0 | } \ |
123 | 0 | return MBEDTLS_ERR_OID_NOT_FOUND; \ |
124 | 0 | } Unexecuted instantiation: mbedtls_oid_get_oid_by_pk_alg Unexecuted instantiation: mbedtls_oid_get_oid_by_ec_grp Unexecuted instantiation: mbedtls_oid_get_oid_by_ec_grp_algid Unexecuted instantiation: mbedtls_oid_get_oid_by_md |
125 | | |
126 | | /* |
127 | | * Macro to generate a function for retrieving the OID based on two |
128 | | * attributes from a mbedtls_oid_descriptor_t wrapper. |
129 | | */ |
130 | | #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \ |
131 | | ATTR2_TYPE, ATTR2) \ |
132 | | int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid, \ |
133 | | size_t *olen) \ |
134 | 0 | { \ |
135 | 0 | const TYPE_T *cur = (LIST); \ |
136 | 0 | while (cur->descriptor.asn1 != NULL) { \ |
137 | 0 | if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) { \ |
138 | 0 | *oid = cur->descriptor.asn1; \ |
139 | 0 | *olen = cur->descriptor.asn1_len; \ |
140 | 0 | return 0; \ |
141 | 0 | } \ |
142 | 0 | cur++; \ |
143 | 0 | } \ |
144 | 0 | return MBEDTLS_ERR_OID_NOT_FOUND; \ |
145 | 0 | } |
146 | | |
147 | | /* |
148 | | * For X520 attribute types |
149 | | */ |
150 | | typedef struct { |
151 | | mbedtls_oid_descriptor_t descriptor; |
152 | | const char *short_name; |
153 | | } oid_x520_attr_t; |
154 | | |
155 | | static const oid_x520_attr_t oid_x520_attr_type[] = |
156 | | { |
157 | | { |
158 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_CN, "id-at-commonName", "Common Name"), |
159 | | "CN", |
160 | | }, |
161 | | { |
162 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_COUNTRY, "id-at-countryName", "Country"), |
163 | | "C", |
164 | | }, |
165 | | { |
166 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_LOCALITY, "id-at-locality", "Locality"), |
167 | | "L", |
168 | | }, |
169 | | { |
170 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_STATE, "id-at-state", "State"), |
171 | | "ST", |
172 | | }, |
173 | | { |
174 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_ORGANIZATION, "id-at-organizationName", |
175 | | "Organization"), |
176 | | "O", |
177 | | }, |
178 | | { |
179 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit"), |
180 | | "OU", |
181 | | }, |
182 | | { |
183 | | OID_DESCRIPTOR(MBEDTLS_OID_PKCS9_EMAIL, |
184 | | "emailAddress", |
185 | | "E-mail address"), |
186 | | "emailAddress", |
187 | | }, |
188 | | { |
189 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_SERIAL_NUMBER, |
190 | | "id-at-serialNumber", |
191 | | "Serial number"), |
192 | | "serialNumber", |
193 | | }, |
194 | | { |
195 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_ADDRESS, |
196 | | "id-at-postalAddress", |
197 | | "Postal address"), |
198 | | "postalAddress", |
199 | | }, |
200 | | { |
201 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode", "Postal code"), |
202 | | "postalCode", |
203 | | }, |
204 | | { |
205 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_SUR_NAME, "id-at-surName", "Surname"), |
206 | | "SN", |
207 | | }, |
208 | | { |
209 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_GIVEN_NAME, "id-at-givenName", "Given name"), |
210 | | "GN", |
211 | | }, |
212 | | { |
213 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_INITIALS, "id-at-initials", "Initials"), |
214 | | "initials", |
215 | | }, |
216 | | { |
217 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_GENERATION_QUALIFIER, |
218 | | "id-at-generationQualifier", |
219 | | "Generation qualifier"), |
220 | | "generationQualifier", |
221 | | }, |
222 | | { |
223 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_TITLE, "id-at-title", "Title"), |
224 | | "title", |
225 | | }, |
226 | | { |
227 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_DN_QUALIFIER, |
228 | | "id-at-dnQualifier", |
229 | | "Distinguished Name qualifier"), |
230 | | "dnQualifier", |
231 | | }, |
232 | | { |
233 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_PSEUDONYM, "id-at-pseudonym", "Pseudonym"), |
234 | | "pseudonym", |
235 | | }, |
236 | | { |
237 | | OID_DESCRIPTOR(MBEDTLS_OID_UID, "id-uid", "User Id"), |
238 | | "uid", |
239 | | }, |
240 | | { |
241 | | OID_DESCRIPTOR(MBEDTLS_OID_DOMAIN_COMPONENT, |
242 | | "id-domainComponent", |
243 | | "Domain component"), |
244 | | "DC", |
245 | | }, |
246 | | { |
247 | | OID_DESCRIPTOR(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER, |
248 | | "id-at-uniqueIdentifier", |
249 | | "Unique Identifier"), |
250 | | "uniqueIdentifier", |
251 | | }, |
252 | | { |
253 | | NULL_OID_DESCRIPTOR, |
254 | | NULL, |
255 | | } |
256 | | }; |
257 | | |
258 | | FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type) |
259 | | FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, |
260 | | oid_x520_attr_t, |
261 | | x520_attr, |
262 | | const char *, |
263 | | short_name) |
264 | | |
265 | | /* |
266 | | * For X509 extensions |
267 | | */ |
268 | | typedef struct { |
269 | | mbedtls_oid_descriptor_t descriptor; |
270 | | int ext_type; |
271 | | } oid_x509_ext_t; |
272 | | |
273 | | static const oid_x509_ext_t oid_x509_ext[] = |
274 | | { |
275 | | { |
276 | | OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS, |
277 | | "id-ce-basicConstraints", |
278 | | "Basic Constraints"), |
279 | | MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, |
280 | | }, |
281 | | { |
282 | | OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage"), |
283 | | MBEDTLS_OID_X509_EXT_KEY_USAGE, |
284 | | }, |
285 | | { |
286 | | OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE, |
287 | | "id-ce-extKeyUsage", |
288 | | "Extended Key Usage"), |
289 | | MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, |
290 | | }, |
291 | | { |
292 | | OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME, |
293 | | "id-ce-subjectAltName", |
294 | | "Subject Alt Name"), |
295 | | MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, |
296 | | }, |
297 | | { |
298 | | OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE, |
299 | | "id-netscape-certtype", |
300 | | "Netscape Certificate Type"), |
301 | | MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, |
302 | | }, |
303 | | { |
304 | | OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES, |
305 | | "id-ce-certificatePolicies", |
306 | | "Certificate Policies"), |
307 | | MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, |
308 | | }, |
309 | | { |
310 | | OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, |
311 | | "id-ce-subjectKeyIdentifier", |
312 | | "Subject Key Identifier"), |
313 | | MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER, |
314 | | }, |
315 | | { |
316 | | OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, |
317 | | "id-ce-authorityKeyIdentifier", |
318 | | "Authority Key Identifier"), |
319 | | MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER, |
320 | | }, |
321 | | { |
322 | | NULL_OID_DESCRIPTOR, |
323 | | 0, |
324 | | }, |
325 | | }; |
326 | | |
327 | | FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) |
328 | | FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) |
329 | | |
330 | | #if !defined(MBEDTLS_X509_REMOVE_INFO) |
331 | | static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = |
332 | | { |
333 | | OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH, |
334 | | "id-kp-serverAuth", |
335 | | "TLS Web Server Authentication"), |
336 | | OID_DESCRIPTOR(MBEDTLS_OID_CLIENT_AUTH, |
337 | | "id-kp-clientAuth", |
338 | | "TLS Web Client Authentication"), |
339 | | OID_DESCRIPTOR(MBEDTLS_OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing"), |
340 | | OID_DESCRIPTOR(MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection"), |
341 | | OID_DESCRIPTOR(MBEDTLS_OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping"), |
342 | | OID_DESCRIPTOR(MBEDTLS_OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing"), |
343 | | OID_DESCRIPTOR(MBEDTLS_OID_WISUN_FAN, |
344 | | "id-kp-wisun-fan-device", |
345 | | "Wi-SUN Alliance Field Area Network (FAN)"), |
346 | | NULL_OID_DESCRIPTOR, |
347 | | }; |
348 | | |
349 | | FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) |
350 | | FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, |
351 | | mbedtls_oid_descriptor_t, |
352 | | ext_key_usage, |
353 | | const char *, |
354 | | description) |
355 | | |
356 | | static const mbedtls_oid_descriptor_t oid_certificate_policies[] = |
357 | | { |
358 | | OID_DESCRIPTOR(MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy"), |
359 | | NULL_OID_DESCRIPTOR, |
360 | | }; |
361 | | |
362 | | FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies) |
363 | | FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, |
364 | | mbedtls_oid_descriptor_t, |
365 | | certificate_policies, |
366 | | const char *, |
367 | | description) |
368 | | #endif /* MBEDTLS_X509_REMOVE_INFO */ |
369 | | |
370 | | /* |
371 | | * For SignatureAlgorithmIdentifier |
372 | | */ |
373 | | typedef struct { |
374 | | mbedtls_oid_descriptor_t descriptor; |
375 | | mbedtls_md_type_t md_alg; |
376 | | mbedtls_pk_type_t pk_alg; |
377 | | } oid_sig_alg_t; |
378 | | |
379 | | static const oid_sig_alg_t oid_sig_alg[] = |
380 | | { |
381 | | #if defined(MBEDTLS_RSA_C) |
382 | | #if defined(MBEDTLS_MD_CAN_MD5) |
383 | | { |
384 | | OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"), |
385 | | MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, |
386 | | }, |
387 | | #endif /* MBEDTLS_MD_CAN_MD5 */ |
388 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
389 | | { |
390 | | OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1"), |
391 | | MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, |
392 | | }, |
393 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
394 | | #if defined(MBEDTLS_MD_CAN_SHA224) |
395 | | { |
396 | | OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", |
397 | | "RSA with SHA-224"), |
398 | | MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, |
399 | | }, |
400 | | #endif /* MBEDTLS_MD_CAN_SHA224 */ |
401 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
402 | | { |
403 | | OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", |
404 | | "RSA with SHA-256"), |
405 | | MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, |
406 | | }, |
407 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
408 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
409 | | { |
410 | | OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", |
411 | | "RSA with SHA-384"), |
412 | | MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, |
413 | | }, |
414 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
415 | | #if defined(MBEDTLS_MD_CAN_SHA512) |
416 | | { |
417 | | OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", |
418 | | "RSA with SHA-512"), |
419 | | MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, |
420 | | }, |
421 | | #endif /* MBEDTLS_MD_CAN_SHA512 */ |
422 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
423 | | { |
424 | | OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1"), |
425 | | MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, |
426 | | }, |
427 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
428 | | #endif /* MBEDTLS_RSA_C */ |
429 | | #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) |
430 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
431 | | { |
432 | | OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1"), |
433 | | MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, |
434 | | }, |
435 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
436 | | #if defined(MBEDTLS_MD_CAN_SHA224) |
437 | | { |
438 | | OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"), |
439 | | MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, |
440 | | }, |
441 | | #endif |
442 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
443 | | { |
444 | | OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256"), |
445 | | MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, |
446 | | }, |
447 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
448 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
449 | | { |
450 | | OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"), |
451 | | MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, |
452 | | }, |
453 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
454 | | #if defined(MBEDTLS_MD_CAN_SHA512) |
455 | | { |
456 | | OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"), |
457 | | MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, |
458 | | }, |
459 | | #endif /* MBEDTLS_MD_CAN_SHA512 */ |
460 | | #endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ |
461 | | #if defined(MBEDTLS_RSA_C) |
462 | | { |
463 | | OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"), |
464 | | MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, |
465 | | }, |
466 | | #endif /* MBEDTLS_RSA_C */ |
467 | | { |
468 | | NULL_OID_DESCRIPTOR, |
469 | | MBEDTLS_MD_NONE, MBEDTLS_PK_NONE, |
470 | | }, |
471 | | }; |
472 | | |
473 | | FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) |
474 | | |
475 | | #if !defined(MBEDTLS_X509_REMOVE_INFO) |
476 | | FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, |
477 | | oid_sig_alg_t, |
478 | | sig_alg, |
479 | | const char *, |
480 | | description) |
481 | | #endif |
482 | | |
483 | | FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, |
484 | | oid_sig_alg_t, |
485 | | sig_alg, |
486 | | mbedtls_md_type_t, |
487 | | md_alg, |
488 | | mbedtls_pk_type_t, |
489 | | pk_alg) |
490 | | FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, |
491 | | oid_sig_alg_t, |
492 | | oid_sig_alg, |
493 | | mbedtls_pk_type_t, |
494 | | pk_alg, |
495 | | mbedtls_md_type_t, |
496 | | md_alg) |
497 | | |
498 | | /* |
499 | | * For PublicKeyInfo (PKCS1, RFC 5480) |
500 | | */ |
501 | | typedef struct { |
502 | | mbedtls_oid_descriptor_t descriptor; |
503 | | mbedtls_pk_type_t pk_alg; |
504 | | } oid_pk_alg_t; |
505 | | |
506 | | static const oid_pk_alg_t oid_pk_alg[] = |
507 | | { |
508 | | { |
509 | | OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA"), |
510 | | MBEDTLS_PK_RSA, |
511 | | }, |
512 | | { |
513 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key"), |
514 | | MBEDTLS_PK_ECKEY, |
515 | | }, |
516 | | { |
517 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH"), |
518 | | MBEDTLS_PK_ECKEY_DH, |
519 | | }, |
520 | | { |
521 | | NULL_OID_DESCRIPTOR, |
522 | | MBEDTLS_PK_NONE, |
523 | | }, |
524 | | }; |
525 | | |
526 | | FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg) |
527 | | FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) |
528 | | FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, |
529 | | oid_pk_alg_t, |
530 | | oid_pk_alg, |
531 | | mbedtls_pk_type_t, |
532 | | pk_alg) |
533 | | |
534 | | #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) |
535 | | /* |
536 | | * For elliptic curves that use namedCurve inside ECParams (RFC 5480) |
537 | | */ |
538 | | typedef struct { |
539 | | mbedtls_oid_descriptor_t descriptor; |
540 | | mbedtls_ecp_group_id grp_id; |
541 | | } oid_ecp_grp_t; |
542 | | |
543 | | static const oid_ecp_grp_t oid_ecp_grp[] = |
544 | | { |
545 | | #if defined(MBEDTLS_ECP_HAVE_SECP192R1) |
546 | | { |
547 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1"), |
548 | | MBEDTLS_ECP_DP_SECP192R1, |
549 | | }, |
550 | | #endif /* MBEDTLS_ECP_HAVE_SECP192R1 */ |
551 | | #if defined(MBEDTLS_ECP_HAVE_SECP224R1) |
552 | | { |
553 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1"), |
554 | | MBEDTLS_ECP_DP_SECP224R1, |
555 | | }, |
556 | | #endif /* MBEDTLS_ECP_HAVE_SECP224R1 */ |
557 | | #if defined(MBEDTLS_ECP_HAVE_SECP256R1) |
558 | | { |
559 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1"), |
560 | | MBEDTLS_ECP_DP_SECP256R1, |
561 | | }, |
562 | | #endif /* MBEDTLS_ECP_HAVE_SECP256R1 */ |
563 | | #if defined(MBEDTLS_ECP_HAVE_SECP384R1) |
564 | | { |
565 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1"), |
566 | | MBEDTLS_ECP_DP_SECP384R1, |
567 | | }, |
568 | | #endif /* MBEDTLS_ECP_HAVE_SECP384R1 */ |
569 | | #if defined(MBEDTLS_ECP_HAVE_SECP521R1) |
570 | | { |
571 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"), |
572 | | MBEDTLS_ECP_DP_SECP521R1, |
573 | | }, |
574 | | #endif /* MBEDTLS_ECP_HAVE_SECP521R1 */ |
575 | | #if defined(MBEDTLS_ECP_HAVE_SECP192K1) |
576 | | { |
577 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"), |
578 | | MBEDTLS_ECP_DP_SECP192K1, |
579 | | }, |
580 | | #endif /* MBEDTLS_ECP_HAVE_SECP192K1 */ |
581 | | #if defined(MBEDTLS_ECP_HAVE_SECP224K1) |
582 | | { |
583 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1"), |
584 | | MBEDTLS_ECP_DP_SECP224K1, |
585 | | }, |
586 | | #endif /* MBEDTLS_ECP_HAVE_SECP224K1 */ |
587 | | #if defined(MBEDTLS_ECP_HAVE_SECP256K1) |
588 | | { |
589 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"), |
590 | | MBEDTLS_ECP_DP_SECP256K1, |
591 | | }, |
592 | | #endif /* MBEDTLS_ECP_HAVE_SECP256K1 */ |
593 | | #if defined(MBEDTLS_ECP_HAVE_BP256R1) |
594 | | { |
595 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"), |
596 | | MBEDTLS_ECP_DP_BP256R1, |
597 | | }, |
598 | | #endif /* MBEDTLS_ECP_HAVE_BP256R1 */ |
599 | | #if defined(MBEDTLS_ECP_HAVE_BP384R1) |
600 | | { |
601 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1", "brainpool384r1"), |
602 | | MBEDTLS_ECP_DP_BP384R1, |
603 | | }, |
604 | | #endif /* MBEDTLS_ECP_HAVE_BP384R1 */ |
605 | | #if defined(MBEDTLS_ECP_HAVE_BP512R1) |
606 | | { |
607 | | OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1", "brainpool512r1"), |
608 | | MBEDTLS_ECP_DP_BP512R1, |
609 | | }, |
610 | | #endif /* MBEDTLS_ECP_HAVE_BP512R1 */ |
611 | | { |
612 | | NULL_OID_DESCRIPTOR, |
613 | | MBEDTLS_ECP_DP_NONE, |
614 | | }, |
615 | | }; |
616 | | |
617 | | FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp) |
618 | | FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) |
619 | | FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, |
620 | | oid_ecp_grp_t, |
621 | | oid_ecp_grp, |
622 | | mbedtls_ecp_group_id, |
623 | | grp_id) |
624 | | |
625 | | /* |
626 | | * For Elliptic Curve algorithms that are directly |
627 | | * encoded in the AlgorithmIdentifier (RFC 8410) |
628 | | */ |
629 | | typedef struct { |
630 | | mbedtls_oid_descriptor_t descriptor; |
631 | | mbedtls_ecp_group_id grp_id; |
632 | | } oid_ecp_grp_algid_t; |
633 | | |
634 | | static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] = |
635 | | { |
636 | | #if defined(MBEDTLS_ECP_HAVE_CURVE25519) |
637 | | { |
638 | | OID_DESCRIPTOR(MBEDTLS_OID_X25519, "X25519", "X25519"), |
639 | | MBEDTLS_ECP_DP_CURVE25519, |
640 | | }, |
641 | | #endif /* MBEDTLS_ECP_HAVE_CURVE25519 */ |
642 | | #if defined(MBEDTLS_ECP_HAVE_CURVE448) |
643 | | { |
644 | | OID_DESCRIPTOR(MBEDTLS_OID_X448, "X448", "X448"), |
645 | | MBEDTLS_ECP_DP_CURVE448, |
646 | | }, |
647 | | #endif /* MBEDTLS_ECP_HAVE_CURVE448 */ |
648 | | { |
649 | | NULL_OID_DESCRIPTOR, |
650 | | MBEDTLS_ECP_DP_NONE, |
651 | | }, |
652 | | }; |
653 | | |
654 | | FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_algid_t, grp_id_algid, oid_ecp_grp_algid) |
655 | | FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp_algid, |
656 | | oid_ecp_grp_algid_t, |
657 | | grp_id_algid, |
658 | | mbedtls_ecp_group_id, |
659 | | grp_id) |
660 | | FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, |
661 | | oid_ecp_grp_algid_t, |
662 | | oid_ecp_grp_algid, |
663 | | mbedtls_ecp_group_id, |
664 | | grp_id) |
665 | | #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ |
666 | | |
667 | | #if defined(MBEDTLS_CIPHER_C) |
668 | | /* |
669 | | * For PKCS#5 PBES2 encryption algorithm |
670 | | */ |
671 | | typedef struct { |
672 | | mbedtls_oid_descriptor_t descriptor; |
673 | | mbedtls_cipher_type_t cipher_alg; |
674 | | } oid_cipher_alg_t; |
675 | | |
676 | | static const oid_cipher_alg_t oid_cipher_alg[] = |
677 | | { |
678 | | { |
679 | | OID_DESCRIPTOR(MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC"), |
680 | | MBEDTLS_CIPHER_DES_CBC, |
681 | | }, |
682 | | { |
683 | | OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC"), |
684 | | MBEDTLS_CIPHER_DES_EDE3_CBC, |
685 | | }, |
686 | | { |
687 | | OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC, "aes128-cbc", "AES128-CBC"), |
688 | | MBEDTLS_CIPHER_AES_128_CBC, |
689 | | }, |
690 | | { |
691 | | OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC, "aes192-cbc", "AES192-CBC"), |
692 | | MBEDTLS_CIPHER_AES_192_CBC, |
693 | | }, |
694 | | { |
695 | | OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC, "aes256-cbc", "AES256-CBC"), |
696 | | MBEDTLS_CIPHER_AES_256_CBC, |
697 | | }, |
698 | | { |
699 | | NULL_OID_DESCRIPTOR, |
700 | | MBEDTLS_CIPHER_NONE, |
701 | | }, |
702 | | }; |
703 | | |
704 | | FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) |
705 | | FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, |
706 | | oid_cipher_alg_t, |
707 | | cipher_alg, |
708 | | mbedtls_cipher_type_t, |
709 | | cipher_alg) |
710 | | #endif /* MBEDTLS_CIPHER_C */ |
711 | | |
712 | | /* |
713 | | * For digestAlgorithm |
714 | | */ |
715 | | typedef struct { |
716 | | mbedtls_oid_descriptor_t descriptor; |
717 | | mbedtls_md_type_t md_alg; |
718 | | } oid_md_alg_t; |
719 | | |
720 | | static const oid_md_alg_t oid_md_alg[] = |
721 | | { |
722 | | #if defined(MBEDTLS_MD_CAN_MD5) |
723 | | { |
724 | | OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5"), |
725 | | MBEDTLS_MD_MD5, |
726 | | }, |
727 | | #endif |
728 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
729 | | { |
730 | | OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1"), |
731 | | MBEDTLS_MD_SHA1, |
732 | | }, |
733 | | #endif |
734 | | #if defined(MBEDTLS_MD_CAN_SHA224) |
735 | | { |
736 | | OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224"), |
737 | | MBEDTLS_MD_SHA224, |
738 | | }, |
739 | | #endif |
740 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
741 | | { |
742 | | OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256"), |
743 | | MBEDTLS_MD_SHA256, |
744 | | }, |
745 | | #endif |
746 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
747 | | { |
748 | | OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384"), |
749 | | MBEDTLS_MD_SHA384, |
750 | | }, |
751 | | #endif |
752 | | #if defined(MBEDTLS_MD_CAN_SHA512) |
753 | | { |
754 | | OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512"), |
755 | | MBEDTLS_MD_SHA512, |
756 | | }, |
757 | | #endif |
758 | | #if defined(MBEDTLS_MD_CAN_RIPEMD160) |
759 | | { |
760 | | OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"), |
761 | | MBEDTLS_MD_RIPEMD160, |
762 | | }, |
763 | | #endif |
764 | | #if defined(MBEDTLS_MD_CAN_SHA3_224) |
765 | | { |
766 | | OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_224, "id-sha3-224", "SHA-3-224"), |
767 | | MBEDTLS_MD_SHA3_224, |
768 | | }, |
769 | | #endif |
770 | | #if defined(MBEDTLS_MD_CAN_SHA3_256) |
771 | | { |
772 | | OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_256, "id-sha3-256", "SHA-3-256"), |
773 | | MBEDTLS_MD_SHA3_256, |
774 | | }, |
775 | | #endif |
776 | | #if defined(MBEDTLS_MD_CAN_SHA3_384) |
777 | | { |
778 | | OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_384, "id-sha3-384", "SHA-3-384"), |
779 | | MBEDTLS_MD_SHA3_384, |
780 | | }, |
781 | | #endif |
782 | | #if defined(MBEDTLS_MD_CAN_SHA3_512) |
783 | | { |
784 | | OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"), |
785 | | MBEDTLS_MD_SHA3_512, |
786 | | }, |
787 | | #endif |
788 | | { |
789 | | NULL_OID_DESCRIPTOR, |
790 | | MBEDTLS_MD_NONE, |
791 | | }, |
792 | | }; |
793 | | |
794 | | FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) |
795 | | FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) |
796 | | FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, |
797 | | oid_md_alg_t, |
798 | | oid_md_alg, |
799 | | mbedtls_md_type_t, |
800 | | md_alg) |
801 | | |
802 | | /* |
803 | | * For HMAC digestAlgorithm |
804 | | */ |
805 | | typedef struct { |
806 | | mbedtls_oid_descriptor_t descriptor; |
807 | | mbedtls_md_type_t md_hmac; |
808 | | } oid_md_hmac_t; |
809 | | |
810 | | static const oid_md_hmac_t oid_md_hmac[] = |
811 | | { |
812 | | #if defined(MBEDTLS_MD_CAN_SHA1) |
813 | | { |
814 | | OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1"), |
815 | | MBEDTLS_MD_SHA1, |
816 | | }, |
817 | | #endif /* MBEDTLS_MD_CAN_SHA1 */ |
818 | | #if defined(MBEDTLS_MD_CAN_SHA224) |
819 | | { |
820 | | OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"), |
821 | | MBEDTLS_MD_SHA224, |
822 | | }, |
823 | | #endif /* MBEDTLS_MD_CAN_SHA224 */ |
824 | | #if defined(MBEDTLS_MD_CAN_SHA256) |
825 | | { |
826 | | OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"), |
827 | | MBEDTLS_MD_SHA256, |
828 | | }, |
829 | | #endif /* MBEDTLS_MD_CAN_SHA256 */ |
830 | | #if defined(MBEDTLS_MD_CAN_SHA384) |
831 | | { |
832 | | OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384"), |
833 | | MBEDTLS_MD_SHA384, |
834 | | }, |
835 | | #endif /* MBEDTLS_MD_CAN_SHA384 */ |
836 | | #if defined(MBEDTLS_MD_CAN_SHA512) |
837 | | { |
838 | | OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512"), |
839 | | MBEDTLS_MD_SHA512, |
840 | | }, |
841 | | #endif /* MBEDTLS_MD_CAN_SHA512 */ |
842 | | #if defined(MBEDTLS_MD_CAN_SHA3_224) |
843 | | { |
844 | | OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_224, "hmacSHA3-224", "HMAC-SHA3-224"), |
845 | | MBEDTLS_MD_SHA3_224, |
846 | | }, |
847 | | #endif /* MBEDTLS_MD_CAN_SHA3_224 */ |
848 | | #if defined(MBEDTLS_MD_CAN_SHA3_256) |
849 | | { |
850 | | OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_256, "hmacSHA3-256", "HMAC-SHA3-256"), |
851 | | MBEDTLS_MD_SHA3_256, |
852 | | }, |
853 | | #endif /* MBEDTLS_MD_CAN_SHA3_256 */ |
854 | | #if defined(MBEDTLS_MD_CAN_SHA3_384) |
855 | | { |
856 | | OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_384, "hmacSHA3-384", "HMAC-SHA3-384"), |
857 | | MBEDTLS_MD_SHA3_384, |
858 | | }, |
859 | | #endif /* MBEDTLS_MD_CAN_SHA3_384 */ |
860 | | #if defined(MBEDTLS_MD_CAN_SHA3_512) |
861 | | { |
862 | | OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"), |
863 | | MBEDTLS_MD_SHA3_512, |
864 | | }, |
865 | | #endif /* MBEDTLS_MD_CAN_SHA3_512 */ |
866 | | #if defined(MBEDTLS_MD_CAN_RIPEMD160) |
867 | | { |
868 | | OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"), |
869 | | MBEDTLS_MD_RIPEMD160, |
870 | | }, |
871 | | #endif /* MBEDTLS_MD_CAN_RIPEMD160 */ |
872 | | { |
873 | | NULL_OID_DESCRIPTOR, |
874 | | MBEDTLS_MD_NONE, |
875 | | }, |
876 | | }; |
877 | | |
878 | | FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) |
879 | | FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) |
880 | | |
881 | | #if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_C) |
882 | | /* |
883 | | * For PKCS#12 PBEs |
884 | | */ |
885 | | typedef struct { |
886 | | mbedtls_oid_descriptor_t descriptor; |
887 | | mbedtls_md_type_t md_alg; |
888 | | mbedtls_cipher_type_t cipher_alg; |
889 | | } oid_pkcs12_pbe_alg_t; |
890 | | |
891 | | static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = |
892 | | { |
893 | | { |
894 | | OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, |
895 | | "pbeWithSHAAnd3-KeyTripleDES-CBC", |
896 | | "PBE with SHA1 and 3-Key 3DES"), |
897 | | MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC, |
898 | | }, |
899 | | { |
900 | | OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, |
901 | | "pbeWithSHAAnd2-KeyTripleDES-CBC", |
902 | | "PBE with SHA1 and 2-Key 3DES"), |
903 | | MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC, |
904 | | }, |
905 | | { |
906 | | NULL_OID_DESCRIPTOR, |
907 | | MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE, |
908 | | }, |
909 | | }; |
910 | | |
911 | | FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg) |
912 | | FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, |
913 | | oid_pkcs12_pbe_alg_t, |
914 | | pkcs12_pbe_alg, |
915 | | mbedtls_md_type_t, |
916 | | md_alg, |
917 | | mbedtls_cipher_type_t, |
918 | | cipher_alg) |
919 | | #endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_C */ |
920 | | |
921 | | /* Return the x.y.z.... style numeric string for the given OID */ |
922 | | int mbedtls_oid_get_numeric_string(char *buf, size_t size, |
923 | | const mbedtls_asn1_buf *oid) |
924 | 0 | { |
925 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
926 | 0 | char *p = buf; |
927 | 0 | size_t n = size; |
928 | 0 | unsigned int value = 0; |
929 | |
|
930 | 0 | if (size > INT_MAX) { |
931 | | /* Avoid overflow computing return value */ |
932 | 0 | return MBEDTLS_ERR_ASN1_INVALID_LENGTH; |
933 | 0 | } |
934 | | |
935 | 0 | if (oid->len <= 0) { |
936 | | /* OID must not be empty */ |
937 | 0 | return MBEDTLS_ERR_ASN1_OUT_OF_DATA; |
938 | 0 | } |
939 | | |
940 | 0 | for (size_t i = 0; i < oid->len; i++) { |
941 | | /* Prevent overflow in value. */ |
942 | 0 | if (value > (UINT_MAX >> 7)) { |
943 | 0 | return MBEDTLS_ERR_ASN1_INVALID_DATA; |
944 | 0 | } |
945 | 0 | if ((value == 0) && ((oid->p[i]) == 0x80)) { |
946 | | /* Overlong encoding is not allowed */ |
947 | 0 | return MBEDTLS_ERR_ASN1_INVALID_DATA; |
948 | 0 | } |
949 | | |
950 | 0 | value <<= 7; |
951 | 0 | value |= oid->p[i] & 0x7F; |
952 | |
|
953 | 0 | if (!(oid->p[i] & 0x80)) { |
954 | | /* Last byte */ |
955 | 0 | if (n == size) { |
956 | 0 | int component1; |
957 | 0 | unsigned int component2; |
958 | | /* First subidentifier contains first two OID components */ |
959 | 0 | if (value >= 80) { |
960 | 0 | component1 = '2'; |
961 | 0 | component2 = value - 80; |
962 | 0 | } else if (value >= 40) { |
963 | 0 | component1 = '1'; |
964 | 0 | component2 = value - 40; |
965 | 0 | } else { |
966 | 0 | component1 = '0'; |
967 | 0 | component2 = value; |
968 | 0 | } |
969 | 0 | ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2); |
970 | 0 | } else { |
971 | 0 | ret = mbedtls_snprintf(p, n, ".%u", value); |
972 | 0 | } |
973 | 0 | if (ret < 2 || (size_t) ret >= n) { |
974 | 0 | return MBEDTLS_ERR_OID_BUF_TOO_SMALL; |
975 | 0 | } |
976 | 0 | n -= (size_t) ret; |
977 | 0 | p += ret; |
978 | 0 | value = 0; |
979 | 0 | } |
980 | 0 | } |
981 | | |
982 | 0 | if (value != 0) { |
983 | | /* Unterminated subidentifier */ |
984 | 0 | return MBEDTLS_ERR_ASN1_OUT_OF_DATA; |
985 | 0 | } |
986 | | |
987 | 0 | return (int) (size - n); |
988 | 0 | } |
989 | | |
990 | | static int oid_parse_number(unsigned int *num, const char **p, const char *bound) |
991 | 0 | { |
992 | 0 | int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; |
993 | |
|
994 | 0 | *num = 0; |
995 | |
|
996 | 0 | while (*p < bound && **p >= '0' && **p <= '9') { |
997 | 0 | ret = 0; |
998 | 0 | if (*num > (UINT_MAX / 10)) { |
999 | 0 | return MBEDTLS_ERR_ASN1_INVALID_DATA; |
1000 | 0 | } |
1001 | 0 | *num *= 10; |
1002 | 0 | *num += **p - '0'; |
1003 | 0 | (*p)++; |
1004 | 0 | } |
1005 | 0 | return ret; |
1006 | 0 | } |
1007 | | |
1008 | | static size_t oid_subidentifier_num_bytes(unsigned int value) |
1009 | 0 | { |
1010 | 0 | size_t num_bytes = 0; |
1011 | |
|
1012 | 0 | do { |
1013 | 0 | value >>= 7; |
1014 | 0 | num_bytes++; |
1015 | 0 | } while (value != 0); |
1016 | |
|
1017 | 0 | return num_bytes; |
1018 | 0 | } |
1019 | | |
1020 | | static int oid_subidentifier_encode_into(unsigned char **p, |
1021 | | unsigned char *bound, |
1022 | | unsigned int value) |
1023 | 0 | { |
1024 | 0 | size_t num_bytes = oid_subidentifier_num_bytes(value); |
1025 | |
|
1026 | 0 | if ((size_t) (bound - *p) < num_bytes) { |
1027 | 0 | return MBEDTLS_ERR_OID_BUF_TOO_SMALL; |
1028 | 0 | } |
1029 | 0 | (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f); |
1030 | 0 | value >>= 7; |
1031 | |
|
1032 | 0 | for (size_t i = 2; i <= num_bytes; i++) { |
1033 | 0 | (*p)[num_bytes - i] = 0x80 | (unsigned char) (value & 0x7f); |
1034 | 0 | value >>= 7; |
1035 | 0 | } |
1036 | 0 | *p += num_bytes; |
1037 | |
|
1038 | 0 | return 0; |
1039 | 0 | } |
1040 | | |
1041 | | /* Return the OID for the given x.y.z.... style numeric string */ |
1042 | | int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, |
1043 | | const char *oid_str, size_t size) |
1044 | 0 | { |
1045 | 0 | int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; |
1046 | 0 | const char *str_ptr = oid_str; |
1047 | 0 | const char *str_bound = oid_str + size; |
1048 | 0 | unsigned int val = 0; |
1049 | 0 | unsigned int component1, component2; |
1050 | 0 | size_t encoded_len; |
1051 | 0 | unsigned char *resized_mem; |
1052 | | |
1053 | | /* Count the number of dots to get a worst-case allocation size. */ |
1054 | 0 | size_t num_dots = 0; |
1055 | 0 | for (size_t i = 0; i < size; i++) { |
1056 | 0 | if (oid_str[i] == '.') { |
1057 | 0 | num_dots++; |
1058 | 0 | } |
1059 | 0 | } |
1060 | | /* Allocate maximum possible required memory: |
1061 | | * There are (num_dots + 1) integer components, but the first 2 share the |
1062 | | * same subidentifier, so we only need num_dots subidentifiers maximum. */ |
1063 | 0 | if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) { |
1064 | 0 | return MBEDTLS_ERR_ASN1_INVALID_DATA; |
1065 | 0 | } |
1066 | | /* Each byte can store 7 bits, calculate number of bytes for a |
1067 | | * subidentifier: |
1068 | | * |
1069 | | * bytes = ceil(subidentifer_size * 8 / 7) |
1070 | | */ |
1071 | 0 | size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7) |
1072 | 0 | + 1; |
1073 | 0 | size_t max_possible_bytes = num_dots * bytes_per_subidentifier; |
1074 | 0 | oid->p = mbedtls_calloc(max_possible_bytes, 1); |
1075 | 0 | if (oid->p == NULL) { |
1076 | 0 | return MBEDTLS_ERR_ASN1_ALLOC_FAILED; |
1077 | 0 | } |
1078 | 0 | unsigned char *out_ptr = oid->p; |
1079 | 0 | unsigned char *out_bound = oid->p + max_possible_bytes; |
1080 | |
|
1081 | 0 | ret = oid_parse_number(&component1, &str_ptr, str_bound); |
1082 | 0 | if (ret != 0) { |
1083 | 0 | goto error; |
1084 | 0 | } |
1085 | 0 | if (component1 > 2) { |
1086 | | /* First component can't be > 2 */ |
1087 | 0 | ret = MBEDTLS_ERR_ASN1_INVALID_DATA; |
1088 | 0 | goto error; |
1089 | 0 | } |
1090 | 0 | if (str_ptr >= str_bound || *str_ptr != '.') { |
1091 | 0 | ret = MBEDTLS_ERR_ASN1_INVALID_DATA; |
1092 | 0 | goto error; |
1093 | 0 | } |
1094 | 0 | str_ptr++; |
1095 | |
|
1096 | 0 | ret = oid_parse_number(&component2, &str_ptr, str_bound); |
1097 | 0 | if (ret != 0) { |
1098 | 0 | goto error; |
1099 | 0 | } |
1100 | 0 | if ((component1 < 2) && (component2 > 39)) { |
1101 | | /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ |
1102 | 0 | ret = MBEDTLS_ERR_ASN1_INVALID_DATA; |
1103 | 0 | goto error; |
1104 | 0 | } |
1105 | 0 | if (str_ptr < str_bound) { |
1106 | 0 | if (*str_ptr == '.') { |
1107 | 0 | str_ptr++; |
1108 | 0 | } else { |
1109 | 0 | ret = MBEDTLS_ERR_ASN1_INVALID_DATA; |
1110 | 0 | goto error; |
1111 | 0 | } |
1112 | 0 | } |
1113 | | |
1114 | 0 | if (component2 > (UINT_MAX - (component1 * 40))) { |
1115 | 0 | ret = MBEDTLS_ERR_ASN1_INVALID_DATA; |
1116 | 0 | goto error; |
1117 | 0 | } |
1118 | 0 | ret = oid_subidentifier_encode_into(&out_ptr, out_bound, |
1119 | 0 | (component1 * 40) + component2); |
1120 | 0 | if (ret != 0) { |
1121 | 0 | goto error; |
1122 | 0 | } |
1123 | | |
1124 | 0 | while (str_ptr < str_bound) { |
1125 | 0 | ret = oid_parse_number(&val, &str_ptr, str_bound); |
1126 | 0 | if (ret != 0) { |
1127 | 0 | goto error; |
1128 | 0 | } |
1129 | 0 | if (str_ptr < str_bound) { |
1130 | 0 | if (*str_ptr == '.') { |
1131 | 0 | str_ptr++; |
1132 | 0 | } else { |
1133 | 0 | ret = MBEDTLS_ERR_ASN1_INVALID_DATA; |
1134 | 0 | goto error; |
1135 | 0 | } |
1136 | 0 | } |
1137 | | |
1138 | 0 | ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val); |
1139 | 0 | if (ret != 0) { |
1140 | 0 | goto error; |
1141 | 0 | } |
1142 | 0 | } |
1143 | | |
1144 | 0 | encoded_len = (size_t) (out_ptr - oid->p); |
1145 | 0 | resized_mem = mbedtls_calloc(encoded_len, 1); |
1146 | 0 | if (resized_mem == NULL) { |
1147 | 0 | ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; |
1148 | 0 | goto error; |
1149 | 0 | } |
1150 | 0 | memcpy(resized_mem, oid->p, encoded_len); |
1151 | 0 | mbedtls_free(oid->p); |
1152 | 0 | oid->p = resized_mem; |
1153 | 0 | oid->len = encoded_len; |
1154 | |
|
1155 | 0 | oid->tag = MBEDTLS_ASN1_OID; |
1156 | |
|
1157 | 0 | return 0; |
1158 | | |
1159 | 0 | error: |
1160 | 0 | mbedtls_free(oid->p); |
1161 | 0 | oid->p = NULL; |
1162 | 0 | oid->len = 0; |
1163 | 0 | return ret; |
1164 | 0 | } |
1165 | | |
1166 | | #endif /* MBEDTLS_OID_C */ |