/work/mbedtls-2.28.8/library/oid.c
Line | Count | Source |
1 | | /** |
2 | | * \file oid.c |
3 | | * |
4 | | * \brief Object Identifier (OID) database |
5 | | * |
6 | | * Copyright The Mbed TLS Contributors |
7 | | * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later |
8 | | */ |
9 | | |
10 | | #include "common.h" |
11 | | |
12 | | #if defined(MBEDTLS_OID_C) |
13 | | |
14 | | #include "mbedtls/oid.h" |
15 | | #include "mbedtls/rsa.h" |
16 | | #include "mbedtls/error.h" |
17 | | |
18 | | #include <stdio.h> |
19 | | #include <string.h> |
20 | | |
21 | | #include "mbedtls/platform.h" |
22 | | |
23 | | /* |
24 | | * Macro to automatically add the size of #define'd OIDs |
25 | | */ |
26 | | #define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s) |
27 | | |
28 | | /* |
29 | | * Macro to generate an internal function for oid_XXX_from_asn1() (used by |
30 | | * the other functions) |
31 | | */ |
32 | | #define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST) \ |
33 | | static const TYPE_T *oid_ ## NAME ## _from_asn1( \ |
34 | | const mbedtls_asn1_buf *oid) \ |
35 | 0 | { \ |
36 | 0 | const TYPE_T *p = (LIST); \ |
37 | 0 | const mbedtls_oid_descriptor_t *cur = \ |
38 | 0 | (const mbedtls_oid_descriptor_t *) p; \ |
39 | 0 | if (p == NULL || oid == NULL) return NULL; \ |
40 | 0 | while (cur->asn1 != NULL) { \ |
41 | 0 | if (cur->asn1_len == oid->len && \ |
42 | 0 | memcmp(cur->asn1, oid->p, oid->len) == 0) { \ |
43 | 0 | return p; \ |
44 | 0 | } \ |
45 | 0 | p++; \ |
46 | 0 | cur = (const mbedtls_oid_descriptor_t *) p; \ |
47 | 0 | } \ |
48 | 0 | return NULL; \ |
49 | 0 | } |
50 | | |
51 | | /* |
52 | | * Macro to generate a function for retrieving a single attribute from the |
53 | | * descriptor of an mbedtls_oid_descriptor_t wrapper. |
54 | | */ |
55 | | #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ |
56 | | int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ |
57 | 0 | { \ |
58 | 0 | const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ |
59 | 0 | if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ |
60 | 0 | *ATTR1 = data->descriptor.ATTR1; \ |
61 | 0 | return 0; \ |
62 | 0 | } |
63 | | |
64 | | /* |
65 | | * Macro to generate a function for retrieving a single attribute from an |
66 | | * mbedtls_oid_descriptor_t wrapper. |
67 | | */ |
68 | | #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ |
69 | | int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ |
70 | 0 | { \ |
71 | 0 | const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ |
72 | 0 | if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ |
73 | 0 | *ATTR1 = data->ATTR1; \ |
74 | 0 | return 0; \ |
75 | 0 | } |
76 | | |
77 | | /* |
78 | | * Macro to generate a function for retrieving two attributes from an |
79 | | * mbedtls_oid_descriptor_t wrapper. |
80 | | */ |
81 | | #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \ |
82 | | ATTR2_TYPE, ATTR2) \ |
83 | | int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \ |
84 | | ATTR2_TYPE * ATTR2) \ |
85 | 0 | { \ |
86 | 0 | const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ |
87 | 0 | if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ |
88 | 0 | *(ATTR1) = data->ATTR1; \ |
89 | 0 | *(ATTR2) = data->ATTR2; \ |
90 | 0 | return 0; \ |
91 | 0 | } |
92 | | |
93 | | /* |
94 | | * Macro to generate a function for retrieving the OID based on a single |
95 | | * attribute from a mbedtls_oid_descriptor_t wrapper. |
96 | | */ |
97 | | #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \ |
98 | | int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \ |
99 | 0 | { \ |
100 | 0 | const TYPE_T *cur = (LIST); \ |
101 | 0 | while (cur->descriptor.asn1 != NULL) { \ |
102 | 0 | if (cur->ATTR1 == (ATTR1)) { \ |
103 | 0 | *oid = cur->descriptor.asn1; \ |
104 | 0 | *olen = cur->descriptor.asn1_len; \ |
105 | 0 | return 0; \ |
106 | 0 | } \ |
107 | 0 | cur++; \ |
108 | 0 | } \ |
109 | 0 | return MBEDTLS_ERR_OID_NOT_FOUND; \ |
110 | 0 | } |
111 | | |
112 | | /* |
113 | | * Macro to generate a function for retrieving the OID based on two |
114 | | * attributes from a mbedtls_oid_descriptor_t wrapper. |
115 | | */ |
116 | | #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \ |
117 | | ATTR2_TYPE, ATTR2) \ |
118 | | int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid, \ |
119 | | size_t *olen) \ |
120 | 0 | { \ |
121 | 0 | const TYPE_T *cur = (LIST); \ |
122 | 0 | while (cur->descriptor.asn1 != NULL) { \ |
123 | 0 | if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) { \ |
124 | 0 | *oid = cur->descriptor.asn1; \ |
125 | 0 | *olen = cur->descriptor.asn1_len; \ |
126 | 0 | return 0; \ |
127 | 0 | } \ |
128 | 0 | cur++; \ |
129 | 0 | } \ |
130 | 0 | return MBEDTLS_ERR_OID_NOT_FOUND; \ |
131 | 0 | } |
132 | | |
133 | | /* |
134 | | * For X520 attribute types |
135 | | */ |
136 | | typedef struct { |
137 | | mbedtls_oid_descriptor_t descriptor; |
138 | | const char *short_name; |
139 | | } oid_x520_attr_t; |
140 | | |
141 | | static const oid_x520_attr_t oid_x520_attr_type[] = |
142 | | { |
143 | | { |
144 | | { ADD_LEN(MBEDTLS_OID_AT_CN), "id-at-commonName", "Common Name" }, |
145 | | "CN", |
146 | | }, |
147 | | { |
148 | | { ADD_LEN(MBEDTLS_OID_AT_COUNTRY), "id-at-countryName", "Country" }, |
149 | | "C", |
150 | | }, |
151 | | { |
152 | | { ADD_LEN(MBEDTLS_OID_AT_LOCALITY), "id-at-locality", "Locality" }, |
153 | | "L", |
154 | | }, |
155 | | { |
156 | | { ADD_LEN(MBEDTLS_OID_AT_STATE), "id-at-state", "State" }, |
157 | | "ST", |
158 | | }, |
159 | | { |
160 | | { ADD_LEN(MBEDTLS_OID_AT_ORGANIZATION), "id-at-organizationName", "Organization" }, |
161 | | "O", |
162 | | }, |
163 | | { |
164 | | { ADD_LEN(MBEDTLS_OID_AT_ORG_UNIT), "id-at-organizationalUnitName", "Org Unit" }, |
165 | | "OU", |
166 | | }, |
167 | | { |
168 | | { ADD_LEN(MBEDTLS_OID_PKCS9_EMAIL), "emailAddress", "E-mail address" }, |
169 | | "emailAddress", |
170 | | }, |
171 | | { |
172 | | { ADD_LEN(MBEDTLS_OID_AT_SERIAL_NUMBER), "id-at-serialNumber", "Serial number" }, |
173 | | "serialNumber", |
174 | | }, |
175 | | { |
176 | | { ADD_LEN(MBEDTLS_OID_AT_POSTAL_ADDRESS), "id-at-postalAddress", |
177 | | "Postal address" }, |
178 | | "postalAddress", |
179 | | }, |
180 | | { |
181 | | { ADD_LEN(MBEDTLS_OID_AT_POSTAL_CODE), "id-at-postalCode", "Postal code" }, |
182 | | "postalCode", |
183 | | }, |
184 | | { |
185 | | { ADD_LEN(MBEDTLS_OID_AT_SUR_NAME), "id-at-surName", "Surname" }, |
186 | | "SN", |
187 | | }, |
188 | | { |
189 | | { ADD_LEN(MBEDTLS_OID_AT_GIVEN_NAME), "id-at-givenName", "Given name" }, |
190 | | "GN", |
191 | | }, |
192 | | { |
193 | | { ADD_LEN(MBEDTLS_OID_AT_INITIALS), "id-at-initials", "Initials" }, |
194 | | "initials", |
195 | | }, |
196 | | { |
197 | | { ADD_LEN(MBEDTLS_OID_AT_GENERATION_QUALIFIER), "id-at-generationQualifier", |
198 | | "Generation qualifier" }, |
199 | | "generationQualifier", |
200 | | }, |
201 | | { |
202 | | { ADD_LEN(MBEDTLS_OID_AT_TITLE), "id-at-title", "Title" }, |
203 | | "title", |
204 | | }, |
205 | | { |
206 | | { ADD_LEN(MBEDTLS_OID_AT_DN_QUALIFIER), "id-at-dnQualifier", |
207 | | "Distinguished Name qualifier" }, |
208 | | "dnQualifier", |
209 | | }, |
210 | | { |
211 | | { ADD_LEN(MBEDTLS_OID_AT_PSEUDONYM), "id-at-pseudonym", "Pseudonym" }, |
212 | | "pseudonym", |
213 | | }, |
214 | | { |
215 | | { ADD_LEN(MBEDTLS_OID_DOMAIN_COMPONENT), "id-domainComponent", |
216 | | "Domain component" }, |
217 | | "DC", |
218 | | }, |
219 | | { |
220 | | { ADD_LEN(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER), "id-at-uniqueIdentifier", |
221 | | "Unique Identifier" }, |
222 | | "uniqueIdentifier", |
223 | | }, |
224 | | { |
225 | | { NULL, 0, NULL, NULL }, |
226 | | NULL, |
227 | | } |
228 | | }; |
229 | | |
230 | 0 | FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type) |
231 | 0 | FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, |
232 | | oid_x520_attr_t, |
233 | | x520_attr, |
234 | | const char *, |
235 | | short_name) |
236 | | |
237 | | /* |
238 | | * For X509 extensions |
239 | | */ |
240 | | typedef struct { |
241 | | mbedtls_oid_descriptor_t descriptor; |
242 | | int ext_type; |
243 | | } oid_x509_ext_t; |
244 | | |
245 | | static const oid_x509_ext_t oid_x509_ext[] = |
246 | | { |
247 | | { |
248 | | { ADD_LEN(MBEDTLS_OID_BASIC_CONSTRAINTS), "id-ce-basicConstraints", |
249 | | "Basic Constraints" }, |
250 | | MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, |
251 | | }, |
252 | | { |
253 | | { ADD_LEN(MBEDTLS_OID_KEY_USAGE), "id-ce-keyUsage", "Key Usage" }, |
254 | | MBEDTLS_OID_X509_EXT_KEY_USAGE, |
255 | | }, |
256 | | { |
257 | | { ADD_LEN(MBEDTLS_OID_EXTENDED_KEY_USAGE), "id-ce-extKeyUsage", |
258 | | "Extended Key Usage" }, |
259 | | MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, |
260 | | }, |
261 | | { |
262 | | { ADD_LEN(MBEDTLS_OID_SUBJECT_ALT_NAME), "id-ce-subjectAltName", |
263 | | "Subject Alt Name" }, |
264 | | MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, |
265 | | }, |
266 | | { |
267 | | { ADD_LEN(MBEDTLS_OID_NS_CERT_TYPE), "id-netscape-certtype", |
268 | | "Netscape Certificate Type" }, |
269 | | MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, |
270 | | }, |
271 | | { |
272 | | { ADD_LEN(MBEDTLS_OID_CERTIFICATE_POLICIES), "id-ce-certificatePolicies", |
273 | | "Certificate Policies" }, |
274 | | MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, |
275 | | }, |
276 | | { |
277 | | { NULL, 0, NULL, NULL }, |
278 | | 0, |
279 | | }, |
280 | | }; |
281 | | |
282 | 0 | FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) |
283 | 0 | FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) |
284 | | |
285 | | static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = |
286 | | { |
287 | | { ADD_LEN(MBEDTLS_OID_SERVER_AUTH), "id-kp-serverAuth", |
288 | | "TLS Web Server Authentication" }, |
289 | | { ADD_LEN(MBEDTLS_OID_CLIENT_AUTH), "id-kp-clientAuth", |
290 | | "TLS Web Client Authentication" }, |
291 | | { ADD_LEN(MBEDTLS_OID_CODE_SIGNING), "id-kp-codeSigning", "Code Signing" }, |
292 | | { ADD_LEN(MBEDTLS_OID_EMAIL_PROTECTION), "id-kp-emailProtection", "E-mail Protection" }, |
293 | | { ADD_LEN(MBEDTLS_OID_TIME_STAMPING), "id-kp-timeStamping", "Time Stamping" }, |
294 | | { ADD_LEN(MBEDTLS_OID_OCSP_SIGNING), "id-kp-OCSPSigning", "OCSP Signing" }, |
295 | | { ADD_LEN(MBEDTLS_OID_WISUN_FAN), "id-kp-wisun-fan-device", |
296 | | "Wi-SUN Alliance Field Area Network (FAN)" }, |
297 | | { NULL, 0, NULL, NULL }, |
298 | | }; |
299 | | |
300 | 0 | FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) |
301 | 0 | FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, |
302 | | mbedtls_oid_descriptor_t, |
303 | | ext_key_usage, |
304 | | const char *, |
305 | | description) |
306 | | |
307 | | static const mbedtls_oid_descriptor_t oid_certificate_policies[] = |
308 | | { |
309 | | { ADD_LEN(MBEDTLS_OID_ANY_POLICY), "anyPolicy", "Any Policy" }, |
310 | | { NULL, 0, NULL, NULL }, |
311 | | }; |
312 | | |
313 | 0 | FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies) |
314 | 0 | FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, |
315 | | mbedtls_oid_descriptor_t, |
316 | | certificate_policies, |
317 | | const char *, |
318 | | description) |
319 | | |
320 | | #if defined(MBEDTLS_MD_C) |
321 | | /* |
322 | | * For SignatureAlgorithmIdentifier |
323 | | */ |
324 | | typedef struct { |
325 | | mbedtls_oid_descriptor_t descriptor; |
326 | | mbedtls_md_type_t md_alg; |
327 | | mbedtls_pk_type_t pk_alg; |
328 | | } oid_sig_alg_t; |
329 | | |
330 | | static const oid_sig_alg_t oid_sig_alg[] = |
331 | | { |
332 | | #if defined(MBEDTLS_RSA_C) |
333 | | #if defined(MBEDTLS_MD2_C) |
334 | | { |
335 | | { ADD_LEN(MBEDTLS_OID_PKCS1_MD2), "md2WithRSAEncryption", "RSA with MD2" }, |
336 | | MBEDTLS_MD_MD2, MBEDTLS_PK_RSA, |
337 | | }, |
338 | | #endif /* MBEDTLS_MD2_C */ |
339 | | #if defined(MBEDTLS_MD4_C) |
340 | | { |
341 | | { ADD_LEN(MBEDTLS_OID_PKCS1_MD4), "md4WithRSAEncryption", "RSA with MD4" }, |
342 | | MBEDTLS_MD_MD4, MBEDTLS_PK_RSA, |
343 | | }, |
344 | | #endif /* MBEDTLS_MD4_C */ |
345 | | #if defined(MBEDTLS_MD5_C) |
346 | | { |
347 | | { ADD_LEN(MBEDTLS_OID_PKCS1_MD5), "md5WithRSAEncryption", "RSA with MD5" }, |
348 | | MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, |
349 | | }, |
350 | | #endif /* MBEDTLS_MD5_C */ |
351 | | #if defined(MBEDTLS_SHA1_C) |
352 | | { |
353 | | { ADD_LEN(MBEDTLS_OID_PKCS1_SHA1), "sha-1WithRSAEncryption", "RSA with SHA1" }, |
354 | | MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, |
355 | | }, |
356 | | #endif /* MBEDTLS_SHA1_C */ |
357 | | #if defined(MBEDTLS_SHA256_C) |
358 | | { |
359 | | { ADD_LEN(MBEDTLS_OID_PKCS1_SHA224), "sha224WithRSAEncryption", "RSA with SHA-224" }, |
360 | | MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, |
361 | | }, |
362 | | { |
363 | | { ADD_LEN(MBEDTLS_OID_PKCS1_SHA256), "sha256WithRSAEncryption", "RSA with SHA-256" }, |
364 | | MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, |
365 | | }, |
366 | | #endif /* MBEDTLS_SHA256_C */ |
367 | | #if defined(MBEDTLS_SHA512_C) |
368 | | { |
369 | | { ADD_LEN(MBEDTLS_OID_PKCS1_SHA384), "sha384WithRSAEncryption", "RSA with SHA-384" }, |
370 | | MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, |
371 | | }, |
372 | | { |
373 | | { ADD_LEN(MBEDTLS_OID_PKCS1_SHA512), "sha512WithRSAEncryption", "RSA with SHA-512" }, |
374 | | MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, |
375 | | }, |
376 | | #endif /* MBEDTLS_SHA512_C */ |
377 | | #if defined(MBEDTLS_SHA1_C) |
378 | | { |
379 | | { ADD_LEN(MBEDTLS_OID_RSA_SHA_OBS), "sha-1WithRSAEncryption", "RSA with SHA1" }, |
380 | | MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, |
381 | | }, |
382 | | #endif /* MBEDTLS_SHA1_C */ |
383 | | #endif /* MBEDTLS_RSA_C */ |
384 | | #if defined(MBEDTLS_ECDSA_C) |
385 | | #if defined(MBEDTLS_SHA1_C) |
386 | | { |
387 | | { ADD_LEN(MBEDTLS_OID_ECDSA_SHA1), "ecdsa-with-SHA1", "ECDSA with SHA1" }, |
388 | | MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, |
389 | | }, |
390 | | #endif /* MBEDTLS_SHA1_C */ |
391 | | #if defined(MBEDTLS_SHA256_C) |
392 | | { |
393 | | { ADD_LEN(MBEDTLS_OID_ECDSA_SHA224), "ecdsa-with-SHA224", "ECDSA with SHA224" }, |
394 | | MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, |
395 | | }, |
396 | | { |
397 | | { ADD_LEN(MBEDTLS_OID_ECDSA_SHA256), "ecdsa-with-SHA256", "ECDSA with SHA256" }, |
398 | | MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, |
399 | | }, |
400 | | #endif /* MBEDTLS_SHA256_C */ |
401 | | #if defined(MBEDTLS_SHA512_C) |
402 | | { |
403 | | { ADD_LEN(MBEDTLS_OID_ECDSA_SHA384), "ecdsa-with-SHA384", "ECDSA with SHA384" }, |
404 | | MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, |
405 | | }, |
406 | | { |
407 | | { ADD_LEN(MBEDTLS_OID_ECDSA_SHA512), "ecdsa-with-SHA512", "ECDSA with SHA512" }, |
408 | | MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, |
409 | | }, |
410 | | #endif /* MBEDTLS_SHA512_C */ |
411 | | #endif /* MBEDTLS_ECDSA_C */ |
412 | | #if defined(MBEDTLS_RSA_C) |
413 | | { |
414 | | { ADD_LEN(MBEDTLS_OID_RSASSA_PSS), "RSASSA-PSS", "RSASSA-PSS" }, |
415 | | MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, |
416 | | }, |
417 | | #endif /* MBEDTLS_RSA_C */ |
418 | | { |
419 | | { NULL, 0, NULL, NULL }, |
420 | | MBEDTLS_MD_NONE, MBEDTLS_PK_NONE, |
421 | | }, |
422 | | }; |
423 | | |
424 | 0 | FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) |
425 | 0 | FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, |
426 | | oid_sig_alg_t, |
427 | | sig_alg, |
428 | | const char *, |
429 | | description) |
430 | 0 | FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, |
431 | | oid_sig_alg_t, |
432 | | sig_alg, |
433 | | mbedtls_md_type_t, |
434 | | md_alg, |
435 | | mbedtls_pk_type_t, |
436 | | pk_alg) |
437 | 0 | FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, |
438 | | oid_sig_alg_t, |
439 | | oid_sig_alg, |
440 | | mbedtls_pk_type_t, |
441 | | pk_alg, |
442 | | mbedtls_md_type_t, |
443 | | md_alg) |
444 | | #endif /* MBEDTLS_MD_C */ |
445 | | |
446 | | /* |
447 | | * For PublicKeyInfo (PKCS1, RFC 5480) |
448 | | */ |
449 | | typedef struct { |
450 | | mbedtls_oid_descriptor_t descriptor; |
451 | | mbedtls_pk_type_t pk_alg; |
452 | | } oid_pk_alg_t; |
453 | | |
454 | | static const oid_pk_alg_t oid_pk_alg[] = |
455 | | { |
456 | | { |
457 | | { ADD_LEN(MBEDTLS_OID_PKCS1_RSA), "rsaEncryption", "RSA" }, |
458 | | MBEDTLS_PK_RSA, |
459 | | }, |
460 | | { |
461 | | { ADD_LEN(MBEDTLS_OID_EC_ALG_UNRESTRICTED), "id-ecPublicKey", "Generic EC key" }, |
462 | | MBEDTLS_PK_ECKEY, |
463 | | }, |
464 | | { |
465 | | { ADD_LEN(MBEDTLS_OID_EC_ALG_ECDH), "id-ecDH", "EC key for ECDH" }, |
466 | | MBEDTLS_PK_ECKEY_DH, |
467 | | }, |
468 | | { |
469 | | { NULL, 0, NULL, NULL }, |
470 | | MBEDTLS_PK_NONE, |
471 | | }, |
472 | | }; |
473 | | |
474 | 0 | FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg) |
475 | 0 | FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) |
476 | 0 | FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, |
477 | | oid_pk_alg_t, |
478 | | oid_pk_alg, |
479 | | mbedtls_pk_type_t, |
480 | | pk_alg) |
481 | | |
482 | | #if defined(MBEDTLS_ECP_C) |
483 | | /* |
484 | | * For namedCurve (RFC 5480) |
485 | | */ |
486 | | typedef struct { |
487 | | mbedtls_oid_descriptor_t descriptor; |
488 | | mbedtls_ecp_group_id grp_id; |
489 | | } oid_ecp_grp_t; |
490 | | |
491 | | static const oid_ecp_grp_t oid_ecp_grp[] = |
492 | | { |
493 | | #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) |
494 | | { |
495 | | { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP192R1), "secp192r1", "secp192r1" }, |
496 | | MBEDTLS_ECP_DP_SECP192R1, |
497 | | }, |
498 | | #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ |
499 | | #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) |
500 | | { |
501 | | { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP224R1), "secp224r1", "secp224r1" }, |
502 | | MBEDTLS_ECP_DP_SECP224R1, |
503 | | }, |
504 | | #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ |
505 | | #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) |
506 | | { |
507 | | { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP256R1), "secp256r1", "secp256r1" }, |
508 | | MBEDTLS_ECP_DP_SECP256R1, |
509 | | }, |
510 | | #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ |
511 | | #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) |
512 | | { |
513 | | { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP384R1), "secp384r1", "secp384r1" }, |
514 | | MBEDTLS_ECP_DP_SECP384R1, |
515 | | }, |
516 | | #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ |
517 | | #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) |
518 | | { |
519 | | { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP521R1), "secp521r1", "secp521r1" }, |
520 | | MBEDTLS_ECP_DP_SECP521R1, |
521 | | }, |
522 | | #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ |
523 | | #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) |
524 | | { |
525 | | { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP192K1), "secp192k1", "secp192k1" }, |
526 | | MBEDTLS_ECP_DP_SECP192K1, |
527 | | }, |
528 | | #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ |
529 | | #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) |
530 | | { |
531 | | { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP224K1), "secp224k1", "secp224k1" }, |
532 | | MBEDTLS_ECP_DP_SECP224K1, |
533 | | }, |
534 | | #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ |
535 | | #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) |
536 | | { |
537 | | { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP256K1), "secp256k1", "secp256k1" }, |
538 | | MBEDTLS_ECP_DP_SECP256K1, |
539 | | }, |
540 | | #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ |
541 | | #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) |
542 | | { |
543 | | { ADD_LEN(MBEDTLS_OID_EC_GRP_BP256R1), "brainpoolP256r1", "brainpool256r1" }, |
544 | | MBEDTLS_ECP_DP_BP256R1, |
545 | | }, |
546 | | #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ |
547 | | #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) |
548 | | { |
549 | | { ADD_LEN(MBEDTLS_OID_EC_GRP_BP384R1), "brainpoolP384r1", "brainpool384r1" }, |
550 | | MBEDTLS_ECP_DP_BP384R1, |
551 | | }, |
552 | | #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ |
553 | | #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) |
554 | | { |
555 | | { ADD_LEN(MBEDTLS_OID_EC_GRP_BP512R1), "brainpoolP512r1", "brainpool512r1" }, |
556 | | MBEDTLS_ECP_DP_BP512R1, |
557 | | }, |
558 | | #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ |
559 | | { |
560 | | { NULL, 0, NULL, NULL }, |
561 | | MBEDTLS_ECP_DP_NONE, |
562 | | }, |
563 | | }; |
564 | | |
565 | 0 | FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp) |
566 | 0 | FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) |
567 | 0 | FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, |
568 | | oid_ecp_grp_t, |
569 | | oid_ecp_grp, |
570 | | mbedtls_ecp_group_id, |
571 | | grp_id) |
572 | | #endif /* MBEDTLS_ECP_C */ |
573 | | |
574 | | #if defined(MBEDTLS_CIPHER_C) |
575 | | /* |
576 | | * For PKCS#5 PBES2 encryption algorithm |
577 | | */ |
578 | | typedef struct { |
579 | | mbedtls_oid_descriptor_t descriptor; |
580 | | mbedtls_cipher_type_t cipher_alg; |
581 | | } oid_cipher_alg_t; |
582 | | |
583 | | static const oid_cipher_alg_t oid_cipher_alg[] = |
584 | | { |
585 | | { |
586 | | { ADD_LEN(MBEDTLS_OID_DES_CBC), "desCBC", "DES-CBC" }, |
587 | | MBEDTLS_CIPHER_DES_CBC, |
588 | | }, |
589 | | { |
590 | | { ADD_LEN(MBEDTLS_OID_DES_EDE3_CBC), "des-ede3-cbc", "DES-EDE3-CBC" }, |
591 | | MBEDTLS_CIPHER_DES_EDE3_CBC, |
592 | | }, |
593 | | { |
594 | | { NULL, 0, NULL, NULL }, |
595 | | MBEDTLS_CIPHER_NONE, |
596 | | }, |
597 | | }; |
598 | | |
599 | 0 | FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) |
600 | 0 | FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, |
601 | | oid_cipher_alg_t, |
602 | | cipher_alg, |
603 | | mbedtls_cipher_type_t, |
604 | | cipher_alg) |
605 | | #endif /* MBEDTLS_CIPHER_C */ |
606 | | |
607 | | #if defined(MBEDTLS_MD_C) |
608 | | /* |
609 | | * For digestAlgorithm |
610 | | */ |
611 | | typedef struct { |
612 | | mbedtls_oid_descriptor_t descriptor; |
613 | | mbedtls_md_type_t md_alg; |
614 | | } oid_md_alg_t; |
615 | | |
616 | | static const oid_md_alg_t oid_md_alg[] = |
617 | | { |
618 | | #if defined(MBEDTLS_MD2_C) |
619 | | { |
620 | | { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD2), "id-md2", "MD2" }, |
621 | | MBEDTLS_MD_MD2, |
622 | | }, |
623 | | #endif /* MBEDTLS_MD2_C */ |
624 | | #if defined(MBEDTLS_MD4_C) |
625 | | { |
626 | | { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD4), "id-md4", "MD4" }, |
627 | | MBEDTLS_MD_MD4, |
628 | | }, |
629 | | #endif /* MBEDTLS_MD4_C */ |
630 | | #if defined(MBEDTLS_MD5_C) |
631 | | { |
632 | | { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD5), "id-md5", "MD5" }, |
633 | | MBEDTLS_MD_MD5, |
634 | | }, |
635 | | #endif /* MBEDTLS_MD5_C */ |
636 | | #if defined(MBEDTLS_SHA1_C) |
637 | | { |
638 | | { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA1), "id-sha1", "SHA-1" }, |
639 | | MBEDTLS_MD_SHA1, |
640 | | }, |
641 | | #endif /* MBEDTLS_SHA1_C */ |
642 | | #if defined(MBEDTLS_SHA256_C) |
643 | | { |
644 | | { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA224), "id-sha224", "SHA-224" }, |
645 | | MBEDTLS_MD_SHA224, |
646 | | }, |
647 | | { |
648 | | { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA256), "id-sha256", "SHA-256" }, |
649 | | MBEDTLS_MD_SHA256, |
650 | | }, |
651 | | #endif /* MBEDTLS_SHA256_C */ |
652 | | #if defined(MBEDTLS_SHA512_C) |
653 | | { |
654 | | { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA384), "id-sha384", "SHA-384" }, |
655 | | MBEDTLS_MD_SHA384, |
656 | | }, |
657 | | { |
658 | | { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA512), "id-sha512", "SHA-512" }, |
659 | | MBEDTLS_MD_SHA512, |
660 | | }, |
661 | | #endif /* MBEDTLS_SHA512_C */ |
662 | | #if defined(MBEDTLS_RIPEMD160_C) |
663 | | { |
664 | | { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_RIPEMD160), "id-ripemd160", "RIPEMD-160" }, |
665 | | MBEDTLS_MD_RIPEMD160, |
666 | | }, |
667 | | #endif /* MBEDTLS_RIPEMD160_C */ |
668 | | { |
669 | | { NULL, 0, NULL, NULL }, |
670 | | MBEDTLS_MD_NONE, |
671 | | }, |
672 | | }; |
673 | | |
674 | 0 | FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) |
675 | 0 | FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) |
676 | 0 | FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, |
677 | | oid_md_alg_t, |
678 | | oid_md_alg, |
679 | | mbedtls_md_type_t, |
680 | | md_alg) |
681 | | |
682 | | /* |
683 | | * For HMAC digestAlgorithm |
684 | | */ |
685 | | typedef struct { |
686 | | mbedtls_oid_descriptor_t descriptor; |
687 | | mbedtls_md_type_t md_hmac; |
688 | | } oid_md_hmac_t; |
689 | | |
690 | | static const oid_md_hmac_t oid_md_hmac[] = |
691 | | { |
692 | | #if defined(MBEDTLS_SHA1_C) |
693 | | { |
694 | | { ADD_LEN(MBEDTLS_OID_HMAC_SHA1), "hmacSHA1", "HMAC-SHA-1" }, |
695 | | MBEDTLS_MD_SHA1, |
696 | | }, |
697 | | #endif /* MBEDTLS_SHA1_C */ |
698 | | #if defined(MBEDTLS_SHA256_C) |
699 | | { |
700 | | { ADD_LEN(MBEDTLS_OID_HMAC_SHA224), "hmacSHA224", "HMAC-SHA-224" }, |
701 | | MBEDTLS_MD_SHA224, |
702 | | }, |
703 | | { |
704 | | { ADD_LEN(MBEDTLS_OID_HMAC_SHA256), "hmacSHA256", "HMAC-SHA-256" }, |
705 | | MBEDTLS_MD_SHA256, |
706 | | }, |
707 | | #endif /* MBEDTLS_SHA256_C */ |
708 | | #if defined(MBEDTLS_SHA512_C) |
709 | | { |
710 | | { ADD_LEN(MBEDTLS_OID_HMAC_SHA384), "hmacSHA384", "HMAC-SHA-384" }, |
711 | | MBEDTLS_MD_SHA384, |
712 | | }, |
713 | | { |
714 | | { ADD_LEN(MBEDTLS_OID_HMAC_SHA512), "hmacSHA512", "HMAC-SHA-512" }, |
715 | | MBEDTLS_MD_SHA512, |
716 | | }, |
717 | | #endif /* MBEDTLS_SHA512_C */ |
718 | | { |
719 | | { NULL, 0, NULL, NULL }, |
720 | | MBEDTLS_MD_NONE, |
721 | | }, |
722 | | }; |
723 | | |
724 | 0 | FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) |
725 | 0 | FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) |
726 | | #endif /* MBEDTLS_MD_C */ |
727 | | |
728 | | #if defined(MBEDTLS_PKCS12_C) |
729 | | /* |
730 | | * For PKCS#12 PBEs |
731 | | */ |
732 | | typedef struct { |
733 | | mbedtls_oid_descriptor_t descriptor; |
734 | | mbedtls_md_type_t md_alg; |
735 | | mbedtls_cipher_type_t cipher_alg; |
736 | | } oid_pkcs12_pbe_alg_t; |
737 | | |
738 | | static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = |
739 | | { |
740 | | { |
741 | | { ADD_LEN(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC), "pbeWithSHAAnd3-KeyTripleDES-CBC", |
742 | | "PBE with SHA1 and 3-Key 3DES" }, |
743 | | MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC, |
744 | | }, |
745 | | { |
746 | | { ADD_LEN(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC), "pbeWithSHAAnd2-KeyTripleDES-CBC", |
747 | | "PBE with SHA1 and 2-Key 3DES" }, |
748 | | MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC, |
749 | | }, |
750 | | { |
751 | | { NULL, 0, NULL, NULL }, |
752 | | MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE, |
753 | | }, |
754 | | }; |
755 | | |
756 | 0 | FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg) |
757 | 0 | FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, |
758 | | oid_pkcs12_pbe_alg_t, |
759 | | pkcs12_pbe_alg, |
760 | | mbedtls_md_type_t, |
761 | | md_alg, |
762 | | mbedtls_cipher_type_t, |
763 | | cipher_alg) |
764 | | #endif /* MBEDTLS_PKCS12_C */ |
765 | | |
766 | | /* Return the x.y.z.... style numeric string for the given OID */ |
767 | | int mbedtls_oid_get_numeric_string(char *buf, size_t size, |
768 | | const mbedtls_asn1_buf *oid) |
769 | 0 | { |
770 | 0 | int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; |
771 | 0 | char *p = buf; |
772 | 0 | size_t n = size; |
773 | 0 | unsigned int value = 0; |
774 | |
|
775 | 0 | if (size > INT_MAX) { |
776 | | /* Avoid overflow computing return value */ |
777 | 0 | return MBEDTLS_ERR_ASN1_INVALID_LENGTH; |
778 | 0 | } |
779 | | |
780 | 0 | if (oid->len <= 0) { |
781 | | /* OID must not be empty */ |
782 | 0 | return MBEDTLS_ERR_ASN1_OUT_OF_DATA; |
783 | 0 | } |
784 | | |
785 | 0 | for (size_t i = 0; i < oid->len; i++) { |
786 | | /* Prevent overflow in value. */ |
787 | 0 | if (value > (UINT_MAX >> 7)) { |
788 | 0 | return MBEDTLS_ERR_ASN1_INVALID_DATA; |
789 | 0 | } |
790 | 0 | if ((value == 0) && ((oid->p[i]) == 0x80)) { |
791 | | /* Overlong encoding is not allowed */ |
792 | 0 | return MBEDTLS_ERR_ASN1_INVALID_DATA; |
793 | 0 | } |
794 | | |
795 | 0 | value <<= 7; |
796 | 0 | value |= oid->p[i] & 0x7F; |
797 | |
|
798 | 0 | if (!(oid->p[i] & 0x80)) { |
799 | | /* Last byte */ |
800 | 0 | if (n == size) { |
801 | 0 | int component1; |
802 | 0 | unsigned int component2; |
803 | | /* First subidentifier contains first two OID components */ |
804 | 0 | if (value >= 80) { |
805 | 0 | component1 = '2'; |
806 | 0 | component2 = value - 80; |
807 | 0 | } else if (value >= 40) { |
808 | 0 | component1 = '1'; |
809 | 0 | component2 = value - 40; |
810 | 0 | } else { |
811 | 0 | component1 = '0'; |
812 | 0 | component2 = value; |
813 | 0 | } |
814 | 0 | ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2); |
815 | 0 | } else { |
816 | 0 | ret = mbedtls_snprintf(p, n, ".%u", value); |
817 | 0 | } |
818 | 0 | if (ret < 2 || (size_t) ret >= n) { |
819 | 0 | return MBEDTLS_ERR_OID_BUF_TOO_SMALL; |
820 | 0 | } |
821 | 0 | n -= (size_t) ret; |
822 | 0 | p += ret; |
823 | 0 | value = 0; |
824 | 0 | } |
825 | 0 | } |
826 | | |
827 | 0 | if (value != 0) { |
828 | | /* Unterminated subidentifier */ |
829 | 0 | return MBEDTLS_ERR_ASN1_OUT_OF_DATA; |
830 | 0 | } |
831 | | |
832 | 0 | return (int) (size - n); |
833 | 0 | } |
834 | | |
835 | | #endif /* MBEDTLS_OID_C */ |