/src/gnutls/lib/x509/common.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2003-2012 Free Software Foundation, Inc. |
3 | | * Copyright (C) 2017 Red Hat, Inc. |
4 | | * |
5 | | * Author: Nikos Mavrogiannopoulos |
6 | | * |
7 | | * This file is part of GnuTLS. |
8 | | * |
9 | | * The GnuTLS is free software; you can redistribute it and/or |
10 | | * modify it under the terms of the GNU Lesser General Public License |
11 | | * as published by the Free Software Foundation; either version 2.1 of |
12 | | * the License, or (at your option) any later version. |
13 | | * |
14 | | * This library is distributed in the hope that it will be useful, but |
15 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | | * Lesser General Public License for more details. |
18 | | * |
19 | | * You should have received a copy of the GNU Lesser General Public License |
20 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
21 | | * |
22 | | */ |
23 | | |
24 | | #ifndef GNUTLS_LIB_X509_COMMON_H |
25 | | # define GNUTLS_LIB_X509_COMMON_H |
26 | | |
27 | | # include <algorithms.h> |
28 | | # include <abstract_int.h> |
29 | | # include <x509/x509_int.h> |
30 | | # include <fips.h> |
31 | | |
32 | | # define MAX_STRING_LEN 512 |
33 | | |
34 | | # if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) |
35 | | # define MAX_ITER_COUNT 10*1024 |
36 | | # else |
37 | | /* Set a maximum iteration count over which we refuse to |
38 | | * decode a file. That is to prevent DoS. */ |
39 | 0 | # define MAX_ITER_COUNT (10*1024*1024) |
40 | | # endif |
41 | | |
42 | | # define GNUTLS_XML_SHOW_ALL 1 |
43 | | |
44 | 0 | # define PEM_CRL "X509 CRL" |
45 | 0 | # define PEM_X509_CERT "X509 CERTIFICATE" |
46 | 0 | # define PEM_X509_CERT2 "CERTIFICATE" |
47 | | # define PEM_PKCS7 "PKCS7" |
48 | 0 | # define PEM_PKCS12 "PKCS12" |
49 | 0 | # define PEM_PK "PUBLIC KEY" |
50 | | |
51 | | /* public key algorithm's OIDs |
52 | | */ |
53 | 0 | # define PK_PKIX1_RSA_OID "1.2.840.113549.1.1.1" |
54 | 0 | # define PK_PKIX1_RSA_PSS_OID "1.2.840.113549.1.1.10" |
55 | | # define PK_X509_RSA_OID "2.5.8.1.1" |
56 | | # define PK_DSA_OID "1.2.840.10040.4.1" |
57 | | # define PK_GOST_R3410_94_OID "1.2.643.2.2.20" |
58 | | # define PK_GOST_R3410_2001_OID "1.2.643.2.2.19" |
59 | | # define PK_GOST_R3410_2012_256_OID "1.2.643.7.1.1.1.1" |
60 | | # define PK_GOST_R3410_2012_512_OID "1.2.643.7.1.1.1.2" |
61 | | |
62 | | /* signature OIDs |
63 | | */ |
64 | | # define SIG_DSA_SHA1_OID "1.2.840.10040.4.3" |
65 | | /* those two from draft-ietf-pkix-sha2-dsa-ecdsa-06 */ |
66 | | # define SIG_DSA_SHA224_OID "2.16.840.1.101.3.4.3.1" |
67 | | # define SIG_DSA_SHA256_OID "2.16.840.1.101.3.4.3.2" |
68 | | # define SIG_DSA_SHA384_OID "2.16.840.1.101.3.4.3.3" |
69 | | # define SIG_DSA_SHA512_OID "2.16.840.1.101.3.4.3.4" |
70 | | |
71 | | # define SIG_RSA_MD5_OID "1.2.840.113549.1.1.4" |
72 | | # define SIG_RSA_MD2_OID "1.2.840.113549.1.1.2" |
73 | | # define SIG_RSA_SHA1_OID "1.2.840.113549.1.1.5" |
74 | | # define SIG_RSA_SHA224_OID "1.2.840.113549.1.1.14" |
75 | | # define SIG_RSA_SHA256_OID "1.2.840.113549.1.1.11" |
76 | | # define SIG_RSA_SHA384_OID "1.2.840.113549.1.1.12" |
77 | | # define SIG_RSA_SHA512_OID "1.2.840.113549.1.1.13" |
78 | | # define SIG_RSA_RMD160_OID "1.3.36.3.3.1.2" |
79 | | # define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" |
80 | | # define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" |
81 | | # define SIG_GOST_R3410_2012_256_OID "1.2.643.7.1.1.3.2" |
82 | | # define SIG_GOST_R3410_2012_512_OID "1.2.643.7.1.1.3.3" |
83 | | # define ISO_SIG_RSA_SHA1_OID "1.3.14.3.2.29" |
84 | | |
85 | | # define SIG_DSA_SHA3_224_OID "2.16.840.1.101.3.4.3.5" |
86 | | # define SIG_DSA_SHA3_256_OID "2.16.840.1.101.3.4.3.6" |
87 | | # define SIG_DSA_SHA3_384_OID "2.16.840.1.101.3.4.3.7" |
88 | | # define SIG_DSA_SHA3_512_OID "2.16.840.1.101.3.4.3.8" |
89 | | |
90 | | # define SIG_ECDSA_SHA3_224_OID "2.16.840.1.101.3.4.3.9" |
91 | | # define SIG_ECDSA_SHA3_256_OID "2.16.840.1.101.3.4.3.10" |
92 | | # define SIG_ECDSA_SHA3_384_OID "2.16.840.1.101.3.4.3.11" |
93 | | # define SIG_ECDSA_SHA3_512_OID "2.16.840.1.101.3.4.3.12" |
94 | | |
95 | | # define SIG_RSA_SHA3_224_OID "2.16.840.1.101.3.4.3.13" |
96 | | # define SIG_RSA_SHA3_256_OID "2.16.840.1.101.3.4.3.14" |
97 | | # define SIG_RSA_SHA3_384_OID "2.16.840.1.101.3.4.3.15" |
98 | | # define SIG_RSA_SHA3_512_OID "2.16.840.1.101.3.4.3.16" |
99 | | |
100 | | # define ECDH_X25519_OID "1.3.101.110" |
101 | | # define ECDH_X448_OID "1.3.101.111" |
102 | | |
103 | | # define SIG_EDDSA_SHA512_OID "1.3.101.112" |
104 | | # define SIG_ED448_OID "1.3.101.113" |
105 | | |
106 | 0 | # define XMPP_OID "1.3.6.1.5.5.7.8.5" |
107 | 0 | # define KRB5_PRINCIPAL_OID "1.3.6.1.5.2.2" |
108 | 0 | # define MSUSER_PRINCIPAL_NAME_OID "1.3.6.1.4.1.311.20.2.3" |
109 | 0 | # define PKIX1_RSA_PSS_MGF1_OID "1.2.840.113549.1.1.8" |
110 | | |
111 | 0 | # define GOST28147_89_OID "1.2.643.2.2.21" |
112 | 0 | # define GOST28147_89_TC26Z_OID "1.2.643.7.1.2.5.1.1" |
113 | 0 | # define GOST28147_89_CPA_OID "1.2.643.2.2.31.1" |
114 | 0 | # define GOST28147_89_CPB_OID "1.2.643.2.2.31.2" |
115 | 0 | # define GOST28147_89_CPC_OID "1.2.643.2.2.31.3" |
116 | 0 | # define GOST28147_89_CPD_OID "1.2.643.2.2.31.4" |
117 | | |
118 | 0 | # define ASN1_NULL "\x05\x00" |
119 | 0 | # define ASN1_NULL_SIZE 2 |
120 | | |
121 | | struct oid_to_string { |
122 | | const char *oid; |
123 | | unsigned oid_size; |
124 | | const char *name_desc; |
125 | | unsigned name_desc_size; |
126 | | const char *asn_desc; /* description in the pkix file if complex type */ |
127 | | unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID |
128 | | * if cannot be simply parsed */ |
129 | | }; |
130 | | |
131 | | const struct oid_to_string *_gnutls_oid_get_entry(const struct oid_to_string |
132 | | *ots, const char *oid); |
133 | | |
134 | | const char *_gnutls_oid_get_asn_desc(const char *oid); |
135 | | |
136 | | int _gnutls_x509_set_time(asn1_node c2, const char *where, time_t tim, |
137 | | int force_general); |
138 | | int _gnutls_x509_set_raw_time(asn1_node c2, const char *where, time_t tim); |
139 | | |
140 | | int _gnutls_x509_decode_string(unsigned int etype, |
141 | | const uint8_t * der, size_t der_size, |
142 | | gnutls_datum_t * output, unsigned allow_ber); |
143 | | |
144 | | int _gnutls_x509_encode_string(unsigned int etype, |
145 | | const void *input_data, size_t input_size, |
146 | | gnutls_datum_t * output); |
147 | | |
148 | | int _gnutls_x509_dn_to_string(const char *OID, void *value, |
149 | | int value_size, gnutls_datum_t * out); |
150 | | const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len); |
151 | | |
152 | | time_t _gnutls_x509_get_time(asn1_node c2, const char *when, int general); |
153 | | |
154 | | gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type(char *str_type); |
155 | | |
156 | | int _gnutls_x509_der_encode_and_copy(asn1_node src, const char *src_name, |
157 | | asn1_node dest, const char *dest_name, |
158 | | int str); |
159 | | int _gnutls_x509_der_encode(asn1_node src, const char *src_name, |
160 | | gnutls_datum_t * res, int str); |
161 | | |
162 | | # define _gnutls_x509_export_int(asn1, format, header, out, out_size) \ |
163 | 0 | _gnutls_x509_export_int_named(asn1, "", format, header, out, out_size) |
164 | | |
165 | | int _gnutls_x509_export_int_named(asn1_node asn1_data, const char *name, |
166 | | gnutls_x509_crt_fmt_t format, |
167 | | const char *pem_header, |
168 | | unsigned char *output_data, |
169 | | size_t *output_data_size); |
170 | | |
171 | | # define _gnutls_x509_export_int2(asn1, format, header, out) \ |
172 | 0 | _gnutls_x509_export_int_named2(asn1, "", format, header, out) |
173 | | int _gnutls_x509_export_int_named2(asn1_node asn1_data, const char *name, |
174 | | gnutls_x509_crt_fmt_t format, |
175 | | const char *pem_header, |
176 | | gnutls_datum_t * out); |
177 | | |
178 | | int _gnutls_x509_read_value(asn1_node c, const char *root, |
179 | | gnutls_datum_t * ret); |
180 | | int _gnutls_x509_read_null_value(asn1_node c, const char *root, |
181 | | gnutls_datum_t * ret); |
182 | | int _gnutls_x509_read_string(asn1_node c, const char *root, |
183 | | gnutls_datum_t * ret, unsigned int etype, |
184 | | unsigned allow_ber); |
185 | | int _gnutls_x509_write_value(asn1_node c, const char *root, |
186 | | const gnutls_datum_t * data); |
187 | | |
188 | | int _gnutls_x509_write_string(asn1_node c, const char *root, |
189 | | const gnutls_datum_t * data, unsigned int etype); |
190 | | |
191 | | int _gnutls_x509_encode_and_write_attribute(const char *given_oid, |
192 | | asn1_node asn1_struct, |
193 | | const char *where, |
194 | | const void *data, |
195 | | int sizeof_data, int multi); |
196 | | int _gnutls_x509_decode_and_read_attribute(asn1_node asn1_struct, |
197 | | const char *where, char *oid, |
198 | | int oid_size, |
199 | | gnutls_datum_t * value, |
200 | | int multi, int octet); |
201 | | |
202 | | int _gnutls_x509_get_pk_algorithm(asn1_node src, const char *src_name, |
203 | | gnutls_ecc_curve_t * curve, |
204 | | unsigned int *bits); |
205 | | |
206 | | int _gnutls_x509_get_signature_algorithm(asn1_node src, const char *src_name); |
207 | | |
208 | | int _gnutls_x509_encode_and_copy_PKI_params(asn1_node dst, |
209 | | const char *dst_name, |
210 | | const gnutls_pk_params_st * params); |
211 | | int _gnutls_x509_encode_PKI_params(gnutls_datum_t * der, |
212 | | const gnutls_pk_params_st * params); |
213 | | int _gnutls_asn1_copy_node(asn1_node * dst, const char *dst_name, |
214 | | asn1_node src, const char *src_name); |
215 | | |
216 | | int _gnutls_x509_get_signed_data(asn1_node src, const gnutls_datum_t * der, |
217 | | const char *src_name, |
218 | | gnutls_datum_t * signed_data); |
219 | | int _gnutls_x509_get_signature(asn1_node src, const char *src_name, |
220 | | gnutls_datum_t * signature); |
221 | | |
222 | | int _gnutls_get_asn_mpis(asn1_node asn, const char *root, |
223 | | gnutls_pk_params_st * params); |
224 | | |
225 | | int _gnutls_get_key_id(gnutls_pk_params_st *, |
226 | | unsigned char *output_data, |
227 | | size_t *output_data_size, unsigned flags); |
228 | | |
229 | | void _asnstr_append_name(char *name, size_t name_size, const char *part1, |
230 | | const char *part2); |
231 | | |
232 | | /* Given a @c2 which it returns an allocated DER encoding of @whom in @out */ |
233 | | inline static int |
234 | | _gnutls_x509_get_raw_field(asn1_node c2, const char *whom, gnutls_datum_t * out) |
235 | 0 | { |
236 | 0 | return _gnutls_x509_der_encode(c2, whom, out, 0); |
237 | 0 | } Unexecuted instantiation: cert-cred.c:_gnutls_x509_get_raw_field Unexecuted instantiation: profiles.c:_gnutls_x509_get_raw_field Unexecuted instantiation: cert-cred-x509.c:_gnutls_x509_get_raw_field Unexecuted instantiation: pcert.c:_gnutls_x509_get_raw_field Unexecuted instantiation: pubkey.c:_gnutls_x509_get_raw_field Unexecuted instantiation: common.c:_gnutls_x509_get_raw_field Unexecuted instantiation: crl.c:_gnutls_x509_get_raw_field Unexecuted instantiation: crq.c:_gnutls_x509_get_raw_field Unexecuted instantiation: dn.c:_gnutls_x509_get_raw_field Unexecuted instantiation: extensions.c:_gnutls_x509_get_raw_field Unexecuted instantiation: hostname-verify.c:_gnutls_x509_get_raw_field Unexecuted instantiation: key_decode.c:_gnutls_x509_get_raw_field Unexecuted instantiation: key_encode.c:_gnutls_x509_get_raw_field Unexecuted instantiation: mpi.c:_gnutls_x509_get_raw_field Unexecuted instantiation: ocsp.c:_gnutls_x509_get_raw_field Unexecuted instantiation: output.c:_gnutls_x509_get_raw_field Unexecuted instantiation: pkcs12.c:_gnutls_x509_get_raw_field Unexecuted instantiation: pkcs12_bag.c:_gnutls_x509_get_raw_field Unexecuted instantiation: pkcs7-crypt.c:_gnutls_x509_get_raw_field Unexecuted instantiation: privkey.c:_gnutls_x509_get_raw_field Unexecuted instantiation: privkey_openssl.c:_gnutls_x509_get_raw_field Unexecuted instantiation: privkey_pkcs8.c:_gnutls_x509_get_raw_field Unexecuted instantiation: privkey_pkcs8_pbes1.c:_gnutls_x509_get_raw_field Unexecuted instantiation: prov-seed.c:_gnutls_x509_get_raw_field Unexecuted instantiation: sign.c:_gnutls_x509_get_raw_field Unexecuted instantiation: time.c:_gnutls_x509_get_raw_field Unexecuted instantiation: tls_features.c:_gnutls_x509_get_raw_field Unexecuted instantiation: verify-high.c:_gnutls_x509_get_raw_field Unexecuted instantiation: verify-high2.c:_gnutls_x509_get_raw_field Unexecuted instantiation: verify.c:_gnutls_x509_get_raw_field Unexecuted instantiation: virt-san.c:_gnutls_x509_get_raw_field Unexecuted instantiation: x509.c:_gnutls_x509_get_raw_field Unexecuted instantiation: x509_dn.c:_gnutls_x509_get_raw_field Unexecuted instantiation: x509_ext.c:_gnutls_x509_get_raw_field Unexecuted instantiation: x509_write.c:_gnutls_x509_get_raw_field Unexecuted instantiation: dh.c:_gnutls_x509_get_raw_field Unexecuted instantiation: tls-sig.c:_gnutls_x509_get_raw_field Unexecuted instantiation: attributes.c:_gnutls_x509_get_raw_field Unexecuted instantiation: email-verify.c:_gnutls_x509_get_raw_field Unexecuted instantiation: krb5.c:_gnutls_x509_get_raw_field Unexecuted instantiation: name_constraints.c:_gnutls_x509_get_raw_field Unexecuted instantiation: vko.c:_gnutls_x509_get_raw_field |
238 | | |
239 | | int |
240 | | _gnutls_x509_get_raw_field2(asn1_node c2, const gnutls_datum_t * raw, |
241 | | const char *whom, gnutls_datum_t * dn); |
242 | | |
243 | | unsigned |
244 | | _gnutls_check_if_same_key(gnutls_x509_crt_t cert1, |
245 | | gnutls_x509_crt_t cert2, unsigned is_ca); |
246 | | |
247 | | unsigned |
248 | | _gnutls_check_if_same_key2(gnutls_x509_crt_t cert1, gnutls_datum_t * cert2bin); |
249 | | |
250 | | unsigned |
251 | | _gnutls_check_valid_key_id(const gnutls_datum_t * key_id, |
252 | | gnutls_x509_crt_t cert, time_t now, |
253 | | unsigned *has_ski); |
254 | | |
255 | | unsigned _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, |
256 | | unsigned no_any); |
257 | | |
258 | | time_t _gnutls_x509_generalTime2gtime(const char *ttime); |
259 | | time_t _gnutls_utcTime2gtime(const char *ttime); |
260 | | |
261 | | int _gnutls_get_extension(asn1_node asn, const char *root, |
262 | | const char *extension_id, int indx, |
263 | | gnutls_datum_t * ret, unsigned int *_critical); |
264 | | |
265 | | int _gnutls_set_extension(asn1_node asn, const char *root, |
266 | | const char *ext_id, |
267 | | const gnutls_datum_t * ext_data, |
268 | | unsigned int critical); |
269 | | |
270 | | int _gnutls_strdatum_to_buf(gnutls_datum_t * d, void *buf, size_t *sizeof_buf); |
271 | | |
272 | | unsigned _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2); |
273 | | |
274 | | int _gnutls_copy_string(const gnutls_datum_t * str, uint8_t * out, |
275 | | size_t *out_size); |
276 | | int _gnutls_copy_data(const gnutls_datum_t * str, uint8_t * out, |
277 | | size_t *out_size); |
278 | | |
279 | | int _gnutls_x509_decode_ext(const gnutls_datum_t * der, |
280 | | gnutls_x509_ext_st * out); |
281 | | int _gnutls_x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, |
282 | | gnutls_datum_t * rpubkey); |
283 | | |
284 | | int _gnutls_x509_get_version(asn1_node root, const char *name); |
285 | | |
286 | | int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt, gnutls_datum_t * rpubkey); |
287 | | |
288 | | typedef void (*gnutls_cert_vfunc)(gnutls_x509_crt_t); |
289 | | |
290 | | unsigned int _gnutls_sort_clist(gnutls_x509_crt_t * clist, |
291 | | unsigned int clist_size); |
292 | | |
293 | | int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr); |
294 | | |
295 | | inline static int _asn1_strict_der_decode(asn1_node * element, const void *ider, |
296 | | int len, char *errorDescription) |
297 | 0 | { |
298 | 0 | # if defined(STRICT_DER_TIME) || !defined(ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME) |
299 | 0 | # define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_STRICT_DER |
300 | | # else |
301 | | # define _ASN1_DER_FLAGS (ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME|ASN1_DECODE_FLAG_STRICT_DER) |
302 | | # endif |
303 | 0 | return asn1_der_decoding2(element, ider, &len, _ASN1_DER_FLAGS, |
304 | 0 | errorDescription); |
305 | 0 | } Unexecuted instantiation: cert-cred.c:_asn1_strict_der_decode Unexecuted instantiation: profiles.c:_asn1_strict_der_decode Unexecuted instantiation: cert-cred-x509.c:_asn1_strict_der_decode Unexecuted instantiation: pcert.c:_asn1_strict_der_decode Unexecuted instantiation: pubkey.c:_asn1_strict_der_decode Unexecuted instantiation: common.c:_asn1_strict_der_decode Unexecuted instantiation: crl.c:_asn1_strict_der_decode Unexecuted instantiation: crq.c:_asn1_strict_der_decode Unexecuted instantiation: dn.c:_asn1_strict_der_decode Unexecuted instantiation: extensions.c:_asn1_strict_der_decode Unexecuted instantiation: hostname-verify.c:_asn1_strict_der_decode Unexecuted instantiation: key_decode.c:_asn1_strict_der_decode Unexecuted instantiation: key_encode.c:_asn1_strict_der_decode Unexecuted instantiation: mpi.c:_asn1_strict_der_decode Unexecuted instantiation: ocsp.c:_asn1_strict_der_decode Unexecuted instantiation: output.c:_asn1_strict_der_decode Unexecuted instantiation: pkcs12.c:_asn1_strict_der_decode Unexecuted instantiation: pkcs12_bag.c:_asn1_strict_der_decode Unexecuted instantiation: pkcs7-crypt.c:_asn1_strict_der_decode Unexecuted instantiation: privkey.c:_asn1_strict_der_decode Unexecuted instantiation: privkey_openssl.c:_asn1_strict_der_decode Unexecuted instantiation: privkey_pkcs8.c:_asn1_strict_der_decode Unexecuted instantiation: privkey_pkcs8_pbes1.c:_asn1_strict_der_decode Unexecuted instantiation: prov-seed.c:_asn1_strict_der_decode Unexecuted instantiation: sign.c:_asn1_strict_der_decode Unexecuted instantiation: time.c:_asn1_strict_der_decode Unexecuted instantiation: tls_features.c:_asn1_strict_der_decode Unexecuted instantiation: verify-high.c:_asn1_strict_der_decode Unexecuted instantiation: verify-high2.c:_asn1_strict_der_decode Unexecuted instantiation: verify.c:_asn1_strict_der_decode Unexecuted instantiation: virt-san.c:_asn1_strict_der_decode Unexecuted instantiation: x509.c:_asn1_strict_der_decode Unexecuted instantiation: x509_dn.c:_asn1_strict_der_decode Unexecuted instantiation: x509_ext.c:_asn1_strict_der_decode Unexecuted instantiation: x509_write.c:_asn1_strict_der_decode Unexecuted instantiation: dh.c:_asn1_strict_der_decode Unexecuted instantiation: tls-sig.c:_asn1_strict_der_decode Unexecuted instantiation: attributes.c:_asn1_strict_der_decode Unexecuted instantiation: email-verify.c:_asn1_strict_der_decode Unexecuted instantiation: krb5.c:_asn1_strict_der_decode Unexecuted instantiation: name_constraints.c:_asn1_strict_der_decode Unexecuted instantiation: vko.c:_asn1_strict_der_decode |
306 | | |
307 | | #endif /* GNUTLS_LIB_X509_COMMON_H */ |