Coverage Report

Created: 2024-11-21 07:03

/src/mbedtls/library/oid.c
Line
Count
Source (jump to first uncovered line)
1
/**
2
 * \file oid.c
3
 *
4
 * \brief Object Identifier (OID) database
5
 *
6
 *  Copyright The Mbed TLS Contributors
7
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8
 */
9
10
#include "common.h"
11
12
#if defined(MBEDTLS_OID_C)
13
14
#include "mbedtls/oid.h"
15
#include "mbedtls/rsa.h"
16
#include "mbedtls/error.h"
17
#include "mbedtls/pk.h"
18
19
#include <stdio.h>
20
#include <string.h>
21
22
#include "mbedtls/platform.h"
23
24
/*
25
 * Macro to automatically add the size of #define'd OIDs
26
 */
27
#define ADD_LEN(s)      s, MBEDTLS_OID_SIZE(s)
28
29
/*
30
 * Macro to generate mbedtls_oid_descriptor_t
31
 */
32
#if !defined(MBEDTLS_X509_REMOVE_INFO)
33
#define OID_DESCRIPTOR(s, name, description)  { ADD_LEN(s), name, description }
34
#define NULL_OID_DESCRIPTOR                   { NULL, 0, NULL, NULL }
35
#else
36
#define OID_DESCRIPTOR(s, name, description)  { ADD_LEN(s) }
37
#define NULL_OID_DESCRIPTOR                   { NULL, 0 }
38
#endif
39
40
/*
41
 * Macro to generate an internal function for oid_XXX_from_asn1() (used by
42
 * the other functions)
43
 */
44
#define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST)                    \
45
    static const TYPE_T *oid_ ## NAME ## _from_asn1(                   \
46
        const mbedtls_asn1_buf *oid)     \
47
0
    {                                                                   \
48
0
        const TYPE_T *p = (LIST);                                       \
49
0
        const mbedtls_oid_descriptor_t *cur =                           \
50
0
            (const mbedtls_oid_descriptor_t *) p;                       \
51
0
        if (p == NULL || oid == NULL) return NULL;                  \
52
0
        while (cur->asn1 != NULL) {                                    \
53
0
            if (cur->asn1_len == oid->len &&                            \
54
0
                memcmp(cur->asn1, oid->p, oid->len) == 0) {          \
55
0
                return p;                                            \
56
0
            }                                                           \
57
0
            p++;                                                        \
58
0
            cur = (const mbedtls_oid_descriptor_t *) p;                 \
59
0
        }                                                               \
60
0
        return NULL;                                                 \
61
0
    }
Unexecuted instantiation: oid.c:oid_x520_attr_from_asn1
Unexecuted instantiation: oid.c:oid_x509_ext_from_asn1
Unexecuted instantiation: oid.c:oid_ext_key_usage_from_asn1
Unexecuted instantiation: oid.c:oid_certificate_policies_from_asn1
Unexecuted instantiation: oid.c:oid_sig_alg_from_asn1
Unexecuted instantiation: oid.c:oid_pk_alg_from_asn1
Unexecuted instantiation: oid.c:oid_grp_id_from_asn1
Unexecuted instantiation: oid.c:oid_grp_id_algid_from_asn1
Unexecuted instantiation: oid.c:oid_cipher_alg_from_asn1
Unexecuted instantiation: oid.c:oid_md_alg_from_asn1
Unexecuted instantiation: oid.c:oid_md_hmac_from_asn1
Unexecuted instantiation: oid.c:oid_pkcs12_pbe_alg_from_asn1
62
63
#if !defined(MBEDTLS_X509_REMOVE_INFO)
64
/*
65
 * Macro to generate a function for retrieving a single attribute from the
66
 * descriptor of an mbedtls_oid_descriptor_t wrapper.
67
 */
68
#define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
69
    int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1)                  \
70
0
    {                                                                       \
71
0
        const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid);        \
72
0
        if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND;            \
73
0
        *ATTR1 = data->descriptor.ATTR1;                                    \
74
0
        return 0;                                                        \
75
0
    }
76
#endif /* MBEDTLS_X509_REMOVE_INFO */
77
78
/*
79
 * Macro to generate a function for retrieving a single attribute from an
80
 * mbedtls_oid_descriptor_t wrapper.
81
 */
82
#define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
83
    int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1)                  \
84
0
    {                                                                       \
85
0
        const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid);        \
86
0
        if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND;            \
87
0
        *ATTR1 = data->ATTR1;                                               \
88
0
        return 0;                                                        \
89
0
    }
Unexecuted instantiation: mbedtls_oid_get_attr_short_name
Unexecuted instantiation: mbedtls_oid_get_x509_ext_type
Unexecuted instantiation: mbedtls_oid_get_extended_key_usage
Unexecuted instantiation: mbedtls_oid_get_certificate_policies
Unexecuted instantiation: mbedtls_oid_get_pk_alg
Unexecuted instantiation: mbedtls_oid_get_ec_grp
Unexecuted instantiation: mbedtls_oid_get_ec_grp_algid
Unexecuted instantiation: mbedtls_oid_get_cipher_alg
Unexecuted instantiation: mbedtls_oid_get_md_alg
Unexecuted instantiation: mbedtls_oid_get_md_hmac
90
91
/*
92
 * Macro to generate a function for retrieving two attributes from an
93
 * mbedtls_oid_descriptor_t wrapper.
94
 */
95
#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1,     \
96
                         ATTR2_TYPE, ATTR2)                                 \
97
    int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1,               \
98
                ATTR2_TYPE * ATTR2)              \
99
0
    {                                                                           \
100
0
        const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid);            \
101
0
        if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND;                 \
102
0
        *(ATTR1) = data->ATTR1;                                                 \
103
0
        *(ATTR2) = data->ATTR2;                                                 \
104
0
        return 0;                                                            \
105
0
    }
Unexecuted instantiation: mbedtls_oid_get_sig_alg
Unexecuted instantiation: mbedtls_oid_get_pkcs12_pbe_alg
106
107
/*
108
 * Macro to generate a function for retrieving the OID based on a single
109
 * attribute from a mbedtls_oid_descriptor_t wrapper.
110
 */
111
#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1)   \
112
    int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen)             \
113
0
    {                                                                           \
114
0
        const TYPE_T *cur = (LIST);                                             \
115
0
        while (cur->descriptor.asn1 != NULL) {                                 \
116
0
            if (cur->ATTR1 == (ATTR1)) {                                       \
117
0
                *oid = cur->descriptor.asn1;                                    \
118
0
                *olen = cur->descriptor.asn1_len;                               \
119
0
                return 0;                                                    \
120
0
            }                                                                   \
121
0
            cur++;                                                              \
122
0
        }                                                                       \
123
0
        return MBEDTLS_ERR_OID_NOT_FOUND;                                    \
124
0
    }
Unexecuted instantiation: mbedtls_oid_get_oid_by_pk_alg
Unexecuted instantiation: mbedtls_oid_get_oid_by_ec_grp
Unexecuted instantiation: mbedtls_oid_get_oid_by_ec_grp_algid
Unexecuted instantiation: mbedtls_oid_get_oid_by_md
125
126
/*
127
 * Macro to generate a function for retrieving the OID based on two
128
 * attributes from a mbedtls_oid_descriptor_t wrapper.
129
 */
130
#define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1,   \
131
                                ATTR2_TYPE, ATTR2)                          \
132
    int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid,         \
133
                size_t *olen)                                                 \
134
0
    {                                                                           \
135
0
        const TYPE_T *cur = (LIST);                                             \
136
0
        while (cur->descriptor.asn1 != NULL) {                                 \
137
0
            if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) {              \
138
0
                *oid = cur->descriptor.asn1;                                    \
139
0
                *olen = cur->descriptor.asn1_len;                               \
140
0
                return 0;                                                    \
141
0
            }                                                                   \
142
0
            cur++;                                                              \
143
0
        }                                                                       \
144
0
        return MBEDTLS_ERR_OID_NOT_FOUND;                                   \
145
0
    }
146
147
/*
148
 * For X520 attribute types
149
 */
150
typedef struct {
151
    mbedtls_oid_descriptor_t    descriptor;
152
    const char          *short_name;
153
} oid_x520_attr_t;
154
155
static const oid_x520_attr_t oid_x520_attr_type[] =
156
{
157
    {
158
        OID_DESCRIPTOR(MBEDTLS_OID_AT_CN,          "id-at-commonName",               "Common Name"),
159
        "CN",
160
    },
161
    {
162
        OID_DESCRIPTOR(MBEDTLS_OID_AT_COUNTRY,     "id-at-countryName",              "Country"),
163
        "C",
164
    },
165
    {
166
        OID_DESCRIPTOR(MBEDTLS_OID_AT_LOCALITY,    "id-at-locality",                 "Locality"),
167
        "L",
168
    },
169
    {
170
        OID_DESCRIPTOR(MBEDTLS_OID_AT_STATE,       "id-at-state",                    "State"),
171
        "ST",
172
    },
173
    {
174
        OID_DESCRIPTOR(MBEDTLS_OID_AT_ORGANIZATION, "id-at-organizationName",
175
                       "Organization"),
176
        "O",
177
    },
178
    {
179
        OID_DESCRIPTOR(MBEDTLS_OID_AT_ORG_UNIT,    "id-at-organizationalUnitName",   "Org Unit"),
180
        "OU",
181
    },
182
    {
183
        OID_DESCRIPTOR(MBEDTLS_OID_PKCS9_EMAIL,
184
                       "emailAddress",
185
                       "E-mail address"),
186
        "emailAddress",
187
    },
188
    {
189
        OID_DESCRIPTOR(MBEDTLS_OID_AT_SERIAL_NUMBER,
190
                       "id-at-serialNumber",
191
                       "Serial number"),
192
        "serialNumber",
193
    },
194
    {
195
        OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_ADDRESS,
196
                       "id-at-postalAddress",
197
                       "Postal address"),
198
        "postalAddress",
199
    },
200
    {
201
        OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode",               "Postal code"),
202
        "postalCode",
203
    },
204
    {
205
        OID_DESCRIPTOR(MBEDTLS_OID_AT_SUR_NAME,    "id-at-surName",                  "Surname"),
206
        "SN",
207
    },
208
    {
209
        OID_DESCRIPTOR(MBEDTLS_OID_AT_GIVEN_NAME,  "id-at-givenName",                "Given name"),
210
        "GN",
211
    },
212
    {
213
        OID_DESCRIPTOR(MBEDTLS_OID_AT_INITIALS,    "id-at-initials",                 "Initials"),
214
        "initials",
215
    },
216
    {
217
        OID_DESCRIPTOR(MBEDTLS_OID_AT_GENERATION_QUALIFIER,
218
                       "id-at-generationQualifier",
219
                       "Generation qualifier"),
220
        "generationQualifier",
221
    },
222
    {
223
        OID_DESCRIPTOR(MBEDTLS_OID_AT_TITLE,       "id-at-title",                    "Title"),
224
        "title",
225
    },
226
    {
227
        OID_DESCRIPTOR(MBEDTLS_OID_AT_DN_QUALIFIER,
228
                       "id-at-dnQualifier",
229
                       "Distinguished Name qualifier"),
230
        "dnQualifier",
231
    },
232
    {
233
        OID_DESCRIPTOR(MBEDTLS_OID_AT_PSEUDONYM,   "id-at-pseudonym",                "Pseudonym"),
234
        "pseudonym",
235
    },
236
    {
237
        OID_DESCRIPTOR(MBEDTLS_OID_UID,            "id-uid",                         "User Id"),
238
        "uid",
239
    },
240
    {
241
        OID_DESCRIPTOR(MBEDTLS_OID_DOMAIN_COMPONENT,
242
                       "id-domainComponent",
243
                       "Domain component"),
244
        "DC",
245
    },
246
    {
247
        OID_DESCRIPTOR(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER,
248
                       "id-at-uniqueIdentifier",
249
                       "Unique Identifier"),
250
        "uniqueIdentifier",
251
    },
252
    {
253
        NULL_OID_DESCRIPTOR,
254
        NULL,
255
    }
256
};
257
258
FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
259
FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name,
260
                 oid_x520_attr_t,
261
                 x520_attr,
262
                 const char *,
263
                 short_name)
264
265
/*
266
 * For X509 extensions
267
 */
268
typedef struct {
269
    mbedtls_oid_descriptor_t    descriptor;
270
    int                 ext_type;
271
} oid_x509_ext_t;
272
273
static const oid_x509_ext_t oid_x509_ext[] =
274
{
275
    {
276
        OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS,
277
                       "id-ce-basicConstraints",
278
                       "Basic Constraints"),
279
        MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
280
    },
281
    {
282
        OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE,            "id-ce-keyUsage",            "Key Usage"),
283
        MBEDTLS_OID_X509_EXT_KEY_USAGE,
284
    },
285
    {
286
        OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE,
287
                       "id-ce-extKeyUsage",
288
                       "Extended Key Usage"),
289
        MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
290
    },
291
    {
292
        OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME,
293
                       "id-ce-subjectAltName",
294
                       "Subject Alt Name"),
295
        MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
296
    },
297
    {
298
        OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE,
299
                       "id-netscape-certtype",
300
                       "Netscape Certificate Type"),
301
        MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
302
    },
303
    {
304
        OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES,
305
                       "id-ce-certificatePolicies",
306
                       "Certificate Policies"),
307
        MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
308
    },
309
    {
310
        OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
311
                       "id-ce-subjectKeyIdentifier",
312
                       "Subject Key Identifier"),
313
        MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER,
314
    },
315
    {
316
        OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
317
                       "id-ce-authorityKeyIdentifier",
318
                       "Authority Key Identifier"),
319
        MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER,
320
    },
321
    {
322
        NULL_OID_DESCRIPTOR,
323
        0,
324
    },
325
};
326
327
FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
328
FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
329
330
#if !defined(MBEDTLS_X509_REMOVE_INFO)
331
static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
332
{
333
    OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH,
334
                   "id-kp-serverAuth",
335
                   "TLS Web Server Authentication"),
336
    OID_DESCRIPTOR(MBEDTLS_OID_CLIENT_AUTH,
337
                   "id-kp-clientAuth",
338
                   "TLS Web Client Authentication"),
339
    OID_DESCRIPTOR(MBEDTLS_OID_CODE_SIGNING,     "id-kp-codeSigning",     "Code Signing"),
340
    OID_DESCRIPTOR(MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection"),
341
    OID_DESCRIPTOR(MBEDTLS_OID_TIME_STAMPING,    "id-kp-timeStamping",    "Time Stamping"),
342
    OID_DESCRIPTOR(MBEDTLS_OID_OCSP_SIGNING,     "id-kp-OCSPSigning",     "OCSP Signing"),
343
    OID_DESCRIPTOR(MBEDTLS_OID_WISUN_FAN,
344
                   "id-kp-wisun-fan-device",
345
                   "Wi-SUN Alliance Field Area Network (FAN)"),
346
    NULL_OID_DESCRIPTOR,
347
};
348
349
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
350
FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage,
351
                 mbedtls_oid_descriptor_t,
352
                 ext_key_usage,
353
                 const char *,
354
                 description)
355
356
static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
357
{
358
    OID_DESCRIPTOR(MBEDTLS_OID_ANY_POLICY,      "anyPolicy",       "Any Policy"),
359
    NULL_OID_DESCRIPTOR,
360
};
361
362
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
363
FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies,
364
                 mbedtls_oid_descriptor_t,
365
                 certificate_policies,
366
                 const char *,
367
                 description)
368
#endif /* MBEDTLS_X509_REMOVE_INFO */
369
370
/*
371
 * For SignatureAlgorithmIdentifier
372
 */
373
typedef struct {
374
    mbedtls_oid_descriptor_t    descriptor;
375
    mbedtls_md_type_t           md_alg;
376
    mbedtls_pk_type_t           pk_alg;
377
} oid_sig_alg_t;
378
379
static const oid_sig_alg_t oid_sig_alg[] =
380
{
381
#if defined(MBEDTLS_RSA_C)
382
#if defined(MBEDTLS_MD_CAN_MD5)
383
    {
384
        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5,        "md5WithRSAEncryption",     "RSA with MD5"),
385
        MBEDTLS_MD_MD5,      MBEDTLS_PK_RSA,
386
    },
387
#endif /* MBEDTLS_MD_CAN_MD5 */
388
#if defined(MBEDTLS_MD_CAN_SHA1)
389
    {
390
        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1,       "sha-1WithRSAEncryption",   "RSA with SHA1"),
391
        MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
392
    },
393
#endif /* MBEDTLS_MD_CAN_SHA1 */
394
#if defined(MBEDTLS_MD_CAN_SHA224)
395
    {
396
        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224,     "sha224WithRSAEncryption",
397
                       "RSA with SHA-224"),
398
        MBEDTLS_MD_SHA224,   MBEDTLS_PK_RSA,
399
    },
400
#endif /* MBEDTLS_MD_CAN_SHA224 */
401
#if defined(MBEDTLS_MD_CAN_SHA256)
402
    {
403
        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256,     "sha256WithRSAEncryption",
404
                       "RSA with SHA-256"),
405
        MBEDTLS_MD_SHA256,   MBEDTLS_PK_RSA,
406
    },
407
#endif /* MBEDTLS_MD_CAN_SHA256 */
408
#if defined(MBEDTLS_MD_CAN_SHA384)
409
    {
410
        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384,     "sha384WithRSAEncryption",
411
                       "RSA with SHA-384"),
412
        MBEDTLS_MD_SHA384,   MBEDTLS_PK_RSA,
413
    },
414
#endif /* MBEDTLS_MD_CAN_SHA384 */
415
#if defined(MBEDTLS_MD_CAN_SHA512)
416
    {
417
        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512,     "sha512WithRSAEncryption",
418
                       "RSA with SHA-512"),
419
        MBEDTLS_MD_SHA512,   MBEDTLS_PK_RSA,
420
    },
421
#endif /* MBEDTLS_MD_CAN_SHA512 */
422
#if defined(MBEDTLS_MD_CAN_SHA1)
423
    {
424
        OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS,      "sha-1WithRSAEncryption",   "RSA with SHA1"),
425
        MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
426
    },
427
#endif /* MBEDTLS_MD_CAN_SHA1 */
428
#endif /* MBEDTLS_RSA_C */
429
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
430
#if defined(MBEDTLS_MD_CAN_SHA1)
431
    {
432
        OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1,       "ecdsa-with-SHA1",      "ECDSA with SHA1"),
433
        MBEDTLS_MD_SHA1,     MBEDTLS_PK_ECDSA,
434
    },
435
#endif /* MBEDTLS_MD_CAN_SHA1 */
436
#if defined(MBEDTLS_MD_CAN_SHA224)
437
    {
438
        OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224,     "ecdsa-with-SHA224",    "ECDSA with SHA224"),
439
        MBEDTLS_MD_SHA224,   MBEDTLS_PK_ECDSA,
440
    },
441
#endif
442
#if defined(MBEDTLS_MD_CAN_SHA256)
443
    {
444
        OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256,     "ecdsa-with-SHA256",    "ECDSA with SHA256"),
445
        MBEDTLS_MD_SHA256,   MBEDTLS_PK_ECDSA,
446
    },
447
#endif /* MBEDTLS_MD_CAN_SHA256 */
448
#if defined(MBEDTLS_MD_CAN_SHA384)
449
    {
450
        OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384,     "ecdsa-with-SHA384",    "ECDSA with SHA384"),
451
        MBEDTLS_MD_SHA384,   MBEDTLS_PK_ECDSA,
452
    },
453
#endif /* MBEDTLS_MD_CAN_SHA384 */
454
#if defined(MBEDTLS_MD_CAN_SHA512)
455
    {
456
        OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512,     "ecdsa-with-SHA512",    "ECDSA with SHA512"),
457
        MBEDTLS_MD_SHA512,   MBEDTLS_PK_ECDSA,
458
    },
459
#endif /* MBEDTLS_MD_CAN_SHA512 */
460
#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
461
#if defined(MBEDTLS_RSA_C)
462
    {
463
        OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS,        "RSASSA-PSS",           "RSASSA-PSS"),
464
        MBEDTLS_MD_NONE,     MBEDTLS_PK_RSASSA_PSS,
465
    },
466
#endif /* MBEDTLS_RSA_C */
467
    {
468
        NULL_OID_DESCRIPTOR,
469
        MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
470
    },
471
};
472
473
FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
474
475
#if !defined(MBEDTLS_X509_REMOVE_INFO)
476
FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc,
477
                            oid_sig_alg_t,
478
                            sig_alg,
479
                            const char *,
480
                            description)
481
#endif
482
483
FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg,
484
                 oid_sig_alg_t,
485
                 sig_alg,
486
                 mbedtls_md_type_t,
487
                 md_alg,
488
                 mbedtls_pk_type_t,
489
                 pk_alg)
490
FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg,
491
                        oid_sig_alg_t,
492
                        oid_sig_alg,
493
                        mbedtls_pk_type_t,
494
                        pk_alg,
495
                        mbedtls_md_type_t,
496
                        md_alg)
497
498
/*
499
 * For PublicKeyInfo (PKCS1, RFC 5480)
500
 */
501
typedef struct {
502
    mbedtls_oid_descriptor_t    descriptor;
503
    mbedtls_pk_type_t           pk_alg;
504
} oid_pk_alg_t;
505
506
static const oid_pk_alg_t oid_pk_alg[] =
507
{
508
    {
509
        OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_RSA,           "rsaEncryption",    "RSA"),
510
        MBEDTLS_PK_RSA,
511
    },
512
    {
513
        OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey",   "Generic EC key"),
514
        MBEDTLS_PK_ECKEY,
515
    },
516
    {
517
        OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_ECDH,         "id-ecDH",          "EC key for ECDH"),
518
        MBEDTLS_PK_ECKEY_DH,
519
    },
520
    {
521
        NULL_OID_DESCRIPTOR,
522
        MBEDTLS_PK_NONE,
523
    },
524
};
525
526
FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
527
FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
528
FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg,
529
                        oid_pk_alg_t,
530
                        oid_pk_alg,
531
                        mbedtls_pk_type_t,
532
                        pk_alg)
533
534
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
535
/*
536
 * For elliptic curves that use namedCurve inside ECParams (RFC 5480)
537
 */
538
typedef struct {
539
    mbedtls_oid_descriptor_t    descriptor;
540
    mbedtls_ecp_group_id        grp_id;
541
} oid_ecp_grp_t;
542
543
static const oid_ecp_grp_t oid_ecp_grp[] =
544
{
545
#if defined(MBEDTLS_ECP_HAVE_SECP192R1)
546
    {
547
        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1",    "secp192r1"),
548
        MBEDTLS_ECP_DP_SECP192R1,
549
    },
550
#endif /* MBEDTLS_ECP_HAVE_SECP192R1 */
551
#if defined(MBEDTLS_ECP_HAVE_SECP224R1)
552
    {
553
        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1",    "secp224r1"),
554
        MBEDTLS_ECP_DP_SECP224R1,
555
    },
556
#endif /* MBEDTLS_ECP_HAVE_SECP224R1 */
557
#if defined(MBEDTLS_ECP_HAVE_SECP256R1)
558
    {
559
        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1",    "secp256r1"),
560
        MBEDTLS_ECP_DP_SECP256R1,
561
    },
562
#endif /* MBEDTLS_ECP_HAVE_SECP256R1 */
563
#if defined(MBEDTLS_ECP_HAVE_SECP384R1)
564
    {
565
        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1",    "secp384r1"),
566
        MBEDTLS_ECP_DP_SECP384R1,
567
    },
568
#endif /* MBEDTLS_ECP_HAVE_SECP384R1 */
569
#if defined(MBEDTLS_ECP_HAVE_SECP521R1)
570
    {
571
        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1",    "secp521r1"),
572
        MBEDTLS_ECP_DP_SECP521R1,
573
    },
574
#endif /* MBEDTLS_ECP_HAVE_SECP521R1 */
575
#if defined(MBEDTLS_ECP_HAVE_SECP192K1)
576
    {
577
        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1",    "secp192k1"),
578
        MBEDTLS_ECP_DP_SECP192K1,
579
    },
580
#endif /* MBEDTLS_ECP_HAVE_SECP192K1 */
581
#if defined(MBEDTLS_ECP_HAVE_SECP224K1)
582
    {
583
        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1",    "secp224k1"),
584
        MBEDTLS_ECP_DP_SECP224K1,
585
    },
586
#endif /* MBEDTLS_ECP_HAVE_SECP224K1 */
587
#if defined(MBEDTLS_ECP_HAVE_SECP256K1)
588
    {
589
        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1",    "secp256k1"),
590
        MBEDTLS_ECP_DP_SECP256K1,
591
    },
592
#endif /* MBEDTLS_ECP_HAVE_SECP256K1 */
593
#if defined(MBEDTLS_ECP_HAVE_BP256R1)
594
    {
595
        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1,   "brainpoolP256r1", "brainpool256r1"),
596
        MBEDTLS_ECP_DP_BP256R1,
597
    },
598
#endif /* MBEDTLS_ECP_HAVE_BP256R1 */
599
#if defined(MBEDTLS_ECP_HAVE_BP384R1)
600
    {
601
        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1,   "brainpoolP384r1", "brainpool384r1"),
602
        MBEDTLS_ECP_DP_BP384R1,
603
    },
604
#endif /* MBEDTLS_ECP_HAVE_BP384R1 */
605
#if defined(MBEDTLS_ECP_HAVE_BP512R1)
606
    {
607
        OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1,   "brainpoolP512r1", "brainpool512r1"),
608
        MBEDTLS_ECP_DP_BP512R1,
609
    },
610
#endif /* MBEDTLS_ECP_HAVE_BP512R1 */
611
    {
612
        NULL_OID_DESCRIPTOR,
613
        MBEDTLS_ECP_DP_NONE,
614
    },
615
};
616
617
FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
618
FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
619
FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp,
620
                        oid_ecp_grp_t,
621
                        oid_ecp_grp,
622
                        mbedtls_ecp_group_id,
623
                        grp_id)
624
625
/*
626
 * For Elliptic Curve algorithms that are directly
627
 * encoded in the AlgorithmIdentifier (RFC 8410)
628
 */
629
typedef struct {
630
    mbedtls_oid_descriptor_t    descriptor;
631
    mbedtls_ecp_group_id        grp_id;
632
} oid_ecp_grp_algid_t;
633
634
static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] =
635
{
636
#if defined(MBEDTLS_ECP_HAVE_CURVE25519)
637
    {
638
        OID_DESCRIPTOR(MBEDTLS_OID_X25519,               "X25519",       "X25519"),
639
        MBEDTLS_ECP_DP_CURVE25519,
640
    },
641
#endif /* MBEDTLS_ECP_HAVE_CURVE25519 */
642
#if defined(MBEDTLS_ECP_HAVE_CURVE448)
643
    {
644
        OID_DESCRIPTOR(MBEDTLS_OID_X448,                 "X448",         "X448"),
645
        MBEDTLS_ECP_DP_CURVE448,
646
    },
647
#endif /* MBEDTLS_ECP_HAVE_CURVE448 */
648
    {
649
        NULL_OID_DESCRIPTOR,
650
        MBEDTLS_ECP_DP_NONE,
651
    },
652
};
653
654
FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_algid_t, grp_id_algid, oid_ecp_grp_algid)
655
FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp_algid,
656
                 oid_ecp_grp_algid_t,
657
                 grp_id_algid,
658
                 mbedtls_ecp_group_id,
659
                 grp_id)
660
FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid,
661
                        oid_ecp_grp_algid_t,
662
                        oid_ecp_grp_algid,
663
                        mbedtls_ecp_group_id,
664
                        grp_id)
665
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
666
667
#if defined(MBEDTLS_CIPHER_C)
668
/*
669
 * For PKCS#5 PBES2 encryption algorithm
670
 */
671
typedef struct {
672
    mbedtls_oid_descriptor_t    descriptor;
673
    mbedtls_cipher_type_t       cipher_alg;
674
} oid_cipher_alg_t;
675
676
static const oid_cipher_alg_t oid_cipher_alg[] =
677
{
678
    {
679
        OID_DESCRIPTOR(MBEDTLS_OID_DES_CBC,              "desCBC",       "DES-CBC"),
680
        MBEDTLS_CIPHER_DES_CBC,
681
    },
682
    {
683
        OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC,         "des-ede3-cbc", "DES-EDE3-CBC"),
684
        MBEDTLS_CIPHER_DES_EDE3_CBC,
685
    },
686
    {
687
        OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC,          "aes128-cbc", "AES128-CBC"),
688
        MBEDTLS_CIPHER_AES_128_CBC,
689
    },
690
    {
691
        OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC,          "aes192-cbc", "AES192-CBC"),
692
        MBEDTLS_CIPHER_AES_192_CBC,
693
    },
694
    {
695
        OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC,          "aes256-cbc", "AES256-CBC"),
696
        MBEDTLS_CIPHER_AES_256_CBC,
697
    },
698
    {
699
        NULL_OID_DESCRIPTOR,
700
        MBEDTLS_CIPHER_NONE,
701
    },
702
};
703
704
FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
705
FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg,
706
                 oid_cipher_alg_t,
707
                 cipher_alg,
708
                 mbedtls_cipher_type_t,
709
                 cipher_alg)
710
#endif /* MBEDTLS_CIPHER_C */
711
712
/*
713
 * For digestAlgorithm
714
 */
715
typedef struct {
716
    mbedtls_oid_descriptor_t    descriptor;
717
    mbedtls_md_type_t           md_alg;
718
} oid_md_alg_t;
719
720
static const oid_md_alg_t oid_md_alg[] =
721
{
722
#if defined(MBEDTLS_MD_CAN_MD5)
723
    {
724
        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_MD5,       "id-md5",       "MD5"),
725
        MBEDTLS_MD_MD5,
726
    },
727
#endif
728
#if defined(MBEDTLS_MD_CAN_SHA1)
729
    {
730
        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA1,      "id-sha1",      "SHA-1"),
731
        MBEDTLS_MD_SHA1,
732
    },
733
#endif
734
#if defined(MBEDTLS_MD_CAN_SHA224)
735
    {
736
        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224,    "id-sha224",    "SHA-224"),
737
        MBEDTLS_MD_SHA224,
738
    },
739
#endif
740
#if defined(MBEDTLS_MD_CAN_SHA256)
741
    {
742
        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA256,    "id-sha256",    "SHA-256"),
743
        MBEDTLS_MD_SHA256,
744
    },
745
#endif
746
#if defined(MBEDTLS_MD_CAN_SHA384)
747
    {
748
        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384,    "id-sha384",    "SHA-384"),
749
        MBEDTLS_MD_SHA384,
750
    },
751
#endif
752
#if defined(MBEDTLS_MD_CAN_SHA512)
753
    {
754
        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA512,    "id-sha512",    "SHA-512"),
755
        MBEDTLS_MD_SHA512,
756
    },
757
#endif
758
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
759
    {
760
        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"),
761
        MBEDTLS_MD_RIPEMD160,
762
    },
763
#endif
764
#if defined(MBEDTLS_MD_CAN_SHA3_224)
765
    {
766
        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_224,    "id-sha3-224",    "SHA-3-224"),
767
        MBEDTLS_MD_SHA3_224,
768
    },
769
#endif
770
#if defined(MBEDTLS_MD_CAN_SHA3_256)
771
    {
772
        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_256,    "id-sha3-256",    "SHA-3-256"),
773
        MBEDTLS_MD_SHA3_256,
774
    },
775
#endif
776
#if defined(MBEDTLS_MD_CAN_SHA3_384)
777
    {
778
        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_384,    "id-sha3-384",    "SHA-3-384"),
779
        MBEDTLS_MD_SHA3_384,
780
    },
781
#endif
782
#if defined(MBEDTLS_MD_CAN_SHA3_512)
783
    {
784
        OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512,    "id-sha3-512",    "SHA-3-512"),
785
        MBEDTLS_MD_SHA3_512,
786
    },
787
#endif
788
    {
789
        NULL_OID_DESCRIPTOR,
790
        MBEDTLS_MD_NONE,
791
    },
792
};
793
794
FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
795
FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
796
FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md,
797
                        oid_md_alg_t,
798
                        oid_md_alg,
799
                        mbedtls_md_type_t,
800
                        md_alg)
801
802
/*
803
 * For HMAC digestAlgorithm
804
 */
805
typedef struct {
806
    mbedtls_oid_descriptor_t    descriptor;
807
    mbedtls_md_type_t           md_hmac;
808
} oid_md_hmac_t;
809
810
static const oid_md_hmac_t oid_md_hmac[] =
811
{
812
#if defined(MBEDTLS_MD_CAN_SHA1)
813
    {
814
        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA1,      "hmacSHA1",      "HMAC-SHA-1"),
815
        MBEDTLS_MD_SHA1,
816
    },
817
#endif /* MBEDTLS_MD_CAN_SHA1 */
818
#if defined(MBEDTLS_MD_CAN_SHA224)
819
    {
820
        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224,    "hmacSHA224",    "HMAC-SHA-224"),
821
        MBEDTLS_MD_SHA224,
822
    },
823
#endif /* MBEDTLS_MD_CAN_SHA224 */
824
#if defined(MBEDTLS_MD_CAN_SHA256)
825
    {
826
        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256,    "hmacSHA256",    "HMAC-SHA-256"),
827
        MBEDTLS_MD_SHA256,
828
    },
829
#endif /* MBEDTLS_MD_CAN_SHA256 */
830
#if defined(MBEDTLS_MD_CAN_SHA384)
831
    {
832
        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384,    "hmacSHA384",    "HMAC-SHA-384"),
833
        MBEDTLS_MD_SHA384,
834
    },
835
#endif /* MBEDTLS_MD_CAN_SHA384 */
836
#if defined(MBEDTLS_MD_CAN_SHA512)
837
    {
838
        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512,    "hmacSHA512",    "HMAC-SHA-512"),
839
        MBEDTLS_MD_SHA512,
840
    },
841
#endif /* MBEDTLS_MD_CAN_SHA512 */
842
#if defined(MBEDTLS_MD_CAN_SHA3_224)
843
    {
844
        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_224,    "hmacSHA3-224",    "HMAC-SHA3-224"),
845
        MBEDTLS_MD_SHA3_224,
846
    },
847
#endif /* MBEDTLS_MD_CAN_SHA3_224 */
848
#if defined(MBEDTLS_MD_CAN_SHA3_256)
849
    {
850
        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_256,    "hmacSHA3-256",    "HMAC-SHA3-256"),
851
        MBEDTLS_MD_SHA3_256,
852
    },
853
#endif /* MBEDTLS_MD_CAN_SHA3_256 */
854
#if defined(MBEDTLS_MD_CAN_SHA3_384)
855
    {
856
        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_384,    "hmacSHA3-384",    "HMAC-SHA3-384"),
857
        MBEDTLS_MD_SHA3_384,
858
    },
859
#endif /* MBEDTLS_MD_CAN_SHA3_384 */
860
#if defined(MBEDTLS_MD_CAN_SHA3_512)
861
    {
862
        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512,    "hmacSHA3-512",    "HMAC-SHA3-512"),
863
        MBEDTLS_MD_SHA3_512,
864
    },
865
#endif /* MBEDTLS_MD_CAN_SHA3_512 */
866
#if defined(MBEDTLS_MD_CAN_RIPEMD160)
867
    {
868
        OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160,    "hmacRIPEMD160",    "HMAC-RIPEMD160"),
869
        MBEDTLS_MD_RIPEMD160,
870
    },
871
#endif /* MBEDTLS_MD_CAN_RIPEMD160 */
872
    {
873
        NULL_OID_DESCRIPTOR,
874
        MBEDTLS_MD_NONE,
875
    },
876
};
877
878
FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac)
879
FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac)
880
881
#if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_C)
882
/*
883
 * For PKCS#12 PBEs
884
 */
885
typedef struct {
886
    mbedtls_oid_descriptor_t    descriptor;
887
    mbedtls_md_type_t           md_alg;
888
    mbedtls_cipher_type_t       cipher_alg;
889
} oid_pkcs12_pbe_alg_t;
890
891
static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
892
{
893
    {
894
        OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC,
895
                       "pbeWithSHAAnd3-KeyTripleDES-CBC",
896
                       "PBE with SHA1 and 3-Key 3DES"),
897
        MBEDTLS_MD_SHA1,      MBEDTLS_CIPHER_DES_EDE3_CBC,
898
    },
899
    {
900
        OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC,
901
                       "pbeWithSHAAnd2-KeyTripleDES-CBC",
902
                       "PBE with SHA1 and 2-Key 3DES"),
903
        MBEDTLS_MD_SHA1,      MBEDTLS_CIPHER_DES_EDE_CBC,
904
    },
905
    {
906
        NULL_OID_DESCRIPTOR,
907
        MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE,
908
    },
909
};
910
911
FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
912
FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg,
913
                 oid_pkcs12_pbe_alg_t,
914
                 pkcs12_pbe_alg,
915
                 mbedtls_md_type_t,
916
                 md_alg,
917
                 mbedtls_cipher_type_t,
918
                 cipher_alg)
919
#endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_C */
920
921
/* Return the x.y.z.... style numeric string for the given OID */
922
int mbedtls_oid_get_numeric_string(char *buf, size_t size,
923
                                   const mbedtls_asn1_buf *oid)
924
0
{
925
0
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
926
0
    char *p = buf;
927
0
    size_t n = size;
928
0
    unsigned int value = 0;
929
930
0
    if (size > INT_MAX) {
931
        /* Avoid overflow computing return value */
932
0
        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
933
0
    }
934
935
0
    if (oid->len <= 0) {
936
        /* OID must not be empty */
937
0
        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
938
0
    }
939
940
0
    for (size_t i = 0; i < oid->len; i++) {
941
        /* Prevent overflow in value. */
942
0
        if (value > (UINT_MAX >> 7)) {
943
0
            return MBEDTLS_ERR_ASN1_INVALID_DATA;
944
0
        }
945
0
        if ((value == 0) && ((oid->p[i]) == 0x80)) {
946
            /* Overlong encoding is not allowed */
947
0
            return MBEDTLS_ERR_ASN1_INVALID_DATA;
948
0
        }
949
950
0
        value <<= 7;
951
0
        value |= oid->p[i] & 0x7F;
952
953
0
        if (!(oid->p[i] & 0x80)) {
954
            /* Last byte */
955
0
            if (n == size) {
956
0
                int component1;
957
0
                unsigned int component2;
958
                /* First subidentifier contains first two OID components */
959
0
                if (value >= 80) {
960
0
                    component1 = '2';
961
0
                    component2 = value - 80;
962
0
                } else if (value >= 40) {
963
0
                    component1 = '1';
964
0
                    component2 = value - 40;
965
0
                } else {
966
0
                    component1 = '0';
967
0
                    component2 = value;
968
0
                }
969
0
                ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2);
970
0
            } else {
971
0
                ret = mbedtls_snprintf(p, n, ".%u", value);
972
0
            }
973
0
            if (ret < 2 || (size_t) ret >= n) {
974
0
                return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
975
0
            }
976
0
            n -= (size_t) ret;
977
0
            p += ret;
978
0
            value = 0;
979
0
        }
980
0
    }
981
982
0
    if (value != 0) {
983
        /* Unterminated subidentifier */
984
0
        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
985
0
    }
986
987
0
    return (int) (size - n);
988
0
}
989
990
static int oid_parse_number(unsigned int *num, const char **p, const char *bound)
991
0
{
992
0
    int ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
993
994
0
    *num = 0;
995
996
0
    while (*p < bound && **p >= '0' && **p <= '9') {
997
0
        ret = 0;
998
0
        if (*num > (UINT_MAX / 10)) {
999
0
            return MBEDTLS_ERR_ASN1_INVALID_DATA;
1000
0
        }
1001
0
        *num *= 10;
1002
0
        *num += **p - '0';
1003
0
        (*p)++;
1004
0
    }
1005
0
    return ret;
1006
0
}
1007
1008
static size_t oid_subidentifier_num_bytes(unsigned int value)
1009
0
{
1010
0
    size_t num_bytes = 0;
1011
1012
0
    do {
1013
0
        value >>= 7;
1014
0
        num_bytes++;
1015
0
    } while (value != 0);
1016
1017
0
    return num_bytes;
1018
0
}
1019
1020
static int oid_subidentifier_encode_into(unsigned char **p,
1021
                                         unsigned char *bound,
1022
                                         unsigned int value)
1023
0
{
1024
0
    size_t num_bytes = oid_subidentifier_num_bytes(value);
1025
1026
0
    if ((size_t) (bound - *p) < num_bytes) {
1027
0
        return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
1028
0
    }
1029
0
    (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f);
1030
0
    value >>= 7;
1031
1032
0
    for (size_t i = 2; i <= num_bytes; i++) {
1033
0
        (*p)[num_bytes - i] = 0x80 | (unsigned char) (value & 0x7f);
1034
0
        value >>= 7;
1035
0
    }
1036
0
    *p += num_bytes;
1037
1038
0
    return 0;
1039
0
}
1040
1041
/* Return the OID for the given x.y.z.... style numeric string  */
1042
int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid,
1043
                                    const char *oid_str, size_t size)
1044
0
{
1045
0
    int ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
1046
0
    const char *str_ptr = oid_str;
1047
0
    const char *str_bound = oid_str + size;
1048
0
    unsigned int val = 0;
1049
0
    unsigned int component1, component2;
1050
0
    size_t encoded_len;
1051
0
    unsigned char *resized_mem;
1052
1053
    /* Count the number of dots to get a worst-case allocation size. */
1054
0
    size_t num_dots = 0;
1055
0
    for (size_t i = 0; i < size; i++) {
1056
0
        if (oid_str[i] == '.') {
1057
0
            num_dots++;
1058
0
        }
1059
0
    }
1060
    /* Allocate maximum possible required memory:
1061
     * There are (num_dots + 1) integer components, but the first 2 share the
1062
     * same subidentifier, so we only need num_dots subidentifiers maximum. */
1063
0
    if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) {
1064
0
        return MBEDTLS_ERR_ASN1_INVALID_DATA;
1065
0
    }
1066
    /* Each byte can store 7 bits, calculate number of bytes for a
1067
     * subidentifier:
1068
     *
1069
     * bytes = ceil(subidentifer_size * 8 / 7)
1070
     */
1071
0
    size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7)
1072
0
                                     + 1;
1073
0
    size_t max_possible_bytes = num_dots * bytes_per_subidentifier;
1074
0
    oid->p = mbedtls_calloc(max_possible_bytes, 1);
1075
0
    if (oid->p == NULL) {
1076
0
        return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
1077
0
    }
1078
0
    unsigned char *out_ptr = oid->p;
1079
0
    unsigned char *out_bound = oid->p + max_possible_bytes;
1080
1081
0
    ret = oid_parse_number(&component1, &str_ptr, str_bound);
1082
0
    if (ret != 0) {
1083
0
        goto error;
1084
0
    }
1085
0
    if (component1 > 2) {
1086
        /* First component can't be > 2 */
1087
0
        ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
1088
0
        goto error;
1089
0
    }
1090
0
    if (str_ptr >= str_bound || *str_ptr != '.') {
1091
0
        ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
1092
0
        goto error;
1093
0
    }
1094
0
    str_ptr++;
1095
1096
0
    ret = oid_parse_number(&component2, &str_ptr, str_bound);
1097
0
    if (ret != 0) {
1098
0
        goto error;
1099
0
    }
1100
0
    if ((component1 < 2) && (component2 > 39)) {
1101
        /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */
1102
0
        ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
1103
0
        goto error;
1104
0
    }
1105
0
    if (str_ptr < str_bound) {
1106
0
        if (*str_ptr == '.') {
1107
0
            str_ptr++;
1108
0
        } else {
1109
0
            ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
1110
0
            goto error;
1111
0
        }
1112
0
    }
1113
1114
0
    if (component2 > (UINT_MAX - (component1 * 40))) {
1115
0
        ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
1116
0
        goto error;
1117
0
    }
1118
0
    ret = oid_subidentifier_encode_into(&out_ptr, out_bound,
1119
0
                                        (component1 * 40) + component2);
1120
0
    if (ret != 0) {
1121
0
        goto error;
1122
0
    }
1123
1124
0
    while (str_ptr < str_bound) {
1125
0
        ret = oid_parse_number(&val, &str_ptr, str_bound);
1126
0
        if (ret != 0) {
1127
0
            goto error;
1128
0
        }
1129
0
        if (str_ptr < str_bound) {
1130
0
            if (*str_ptr == '.') {
1131
0
                str_ptr++;
1132
0
            } else {
1133
0
                ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
1134
0
                goto error;
1135
0
            }
1136
0
        }
1137
1138
0
        ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val);
1139
0
        if (ret != 0) {
1140
0
            goto error;
1141
0
        }
1142
0
    }
1143
1144
0
    encoded_len = (size_t) (out_ptr - oid->p);
1145
0
    resized_mem = mbedtls_calloc(encoded_len, 1);
1146
0
    if (resized_mem == NULL) {
1147
0
        ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED;
1148
0
        goto error;
1149
0
    }
1150
0
    memcpy(resized_mem, oid->p, encoded_len);
1151
0
    mbedtls_free(oid->p);
1152
0
    oid->p = resized_mem;
1153
0
    oid->len = encoded_len;
1154
1155
0
    oid->tag = MBEDTLS_ASN1_OID;
1156
1157
0
    return 0;
1158
1159
0
error:
1160
0
    mbedtls_free(oid->p);
1161
0
    oid->p = NULL;
1162
0
    oid->len = 0;
1163
0
    return ret;
1164
0
}
1165
1166
#endif /* MBEDTLS_OID_C */