TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c70b982056eb4278df32268960d2149e7d337643 / . / library / oid.c
blob: 53c2e5dff1a8b47cd41edb19a779e8b45f3aca44 [file] [log] [blame]
Paul Bakkerc70b9822013-04-07 22:00:46 +0200[diff] [blame^]1/**
2 * \file oid.c
3 *
4 * \brief Object Identifier (OID) database
5 *
6 * Copyright (C) 2006-2013, Brainspark B.V.
7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27
28#include "polarssl/config.h"
29
30#if defined(POLARSSL_OID_C)
31
32#include "polarssl/oid.h"
33#include "polarssl/md.h"
34#include "polarssl/rsa.h"
35
36/*
37 * For X520 attribute types
38 */
39typedef struct {
40 oid_descriptor_t descriptor;
41 const char *short_name;
42} oid_x520_attr_t;
43
44static const oid_x520_attr_t oid_x520_attr_type[] =
45{
46 {
47 { OID_AT_CN, "id-at-commonName", "Common Name" },
48 "CN",
49 },
50 {
51 { OID_AT_COUNTRY, "id-at-countryName", "Country" },
52 "C",
53 },
54 {
55 { OID_AT_LOCALITY, "id-at-locality", "Locality" },
56 "L",
57 },
58 {
59 { OID_AT_STATE, "id-at-state", "State" },
60 "ST",
61 },
62 {
63 { OID_AT_ORGANIZATION,"id-at-organizationName", "Organization" },
64 "O",
65 },
66 {
67 { OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit" },
68 "OU",
69 },
70 {
71 { OID_PKCS9_EMAIL, "emailAddress", "E-mail address" },
72 "emailAddress",
73 },
74 {
75 { NULL, NULL, NULL },
76 NULL,
77 }
78};
79
80/*
81 * For X509 extensions
82 */
83typedef struct {
84 oid_descriptor_t descriptor;
85 int ext_type;
86} oid_x509_ext_t;
87
88static const oid_x509_ext_t oid_x509_ext[] =
89{
90 {
91 { OID_BASIC_CONSTRAINTS, "id-ce-basicConstraints", "Basic Constraints" },
92 EXT_BASIC_CONSTRAINTS,
93 },
94 {
95 { OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage" },
96 EXT_KEY_USAGE,
97 },
98 {
99 { OID_EXTENDED_KEY_USAGE, "id-ce-keyUsage", "Extended Key Usage" },
100 EXT_EXTENDED_KEY_USAGE,
101 },
102 {
103 { OID_SUBJECT_ALT_NAME, "id-ce-subjectAltName", "Subject Alt Name" },
104 EXT_SUBJECT_ALT_NAME,
105 },
106 {
107 { OID_NS_CERT_TYPE, "id-netscape-certtype", "Netscape Certificate Type" },
108 EXT_NS_CERT_TYPE,
109 },
110 {
111 { NULL, NULL, NULL },
112 0,
113 },
114};
115
116static const oid_descriptor_t oid_ext_key_usage[] =
117{
118 { OID_SERVER_AUTH, "id-kp-serverAuth", "TLS Web Server Authentication" },
119 { OID_CLIENT_AUTH, "id-kp-clientAuth", "TLS Web Client Authentication" },
120 { OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing" },
121 { OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection" },
122 { OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping" },
123 { OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing" },
124 { NULL, NULL, NULL },
125};
126
127/*
128 * For SignatureAlgorithmIdentifier
129 */
130typedef struct {
131 oid_descriptor_t descriptor;
132 md_type_t md_alg;
133 pk_type_t pk_alg;
134} oid_sig_alg_t;
135
136static const oid_sig_alg_t oid_sig_alg[] =
137{
138 {
139 { OID_PKCS1_MD2, "md2WithRSAEncryption", "RSA with MD2" },
140 POLARSSL_MD_MD2, POLARSSL_PK_RSA,
141 },
142 {
143 { OID_PKCS1_MD4, "md4WithRSAEncryption", "RSA with MD4" },
144 POLARSSL_MD_MD4, POLARSSL_PK_RSA,
145 },
146 {
147 { OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5" },
148 POLARSSL_MD_MD5, POLARSSL_PK_RSA,
149 },
150 {
151 { OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1" },
152 POLARSSL_MD_SHA1, POLARSSL_PK_RSA,
153 },
154 {
155 { OID_PKCS1_SHA224, "sha224WithRSAEncryption", "RSA with SHA-224" },
156 POLARSSL_MD_SHA224, POLARSSL_PK_RSA,
157 },
158 {
159 { OID_PKCS1_SHA256, "sha256WithRSAEncryption", "RSA with SHA-256" },
160 POLARSSL_MD_SHA256, POLARSSL_PK_RSA,
161 },
162 {
163 { OID_PKCS1_SHA384, "sha384WithRSAEncryption", "RSA with SHA-384" },
164 POLARSSL_MD_SHA384, POLARSSL_PK_RSA,
165 },
166 {
167 { OID_PKCS1_SHA512, "sha512WithRSAEncryption", "RSA with SHA-512" },
168 POLARSSL_MD_SHA512, POLARSSL_PK_RSA,
169 },
170 {
171 { OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1" },
172 POLARSSL_MD_SHA1, POLARSSL_PK_RSA,
173 },
174 {
175 { NULL, NULL, NULL },
176 0, 0,
177 },
178};
179
180/*
181 * For PublicKeyInfo
182 */
183typedef struct {
184 oid_descriptor_t descriptor;
185 pk_type_t pk_alg;
186} oid_pk_alg_t;
187
188static const oid_pk_alg_t oid_pk_alg[] =
189{
190 {
191 { OID_PKCS1_RSA, "rsaEncryption", "RSA" },
192 POLARSSL_PK_RSA,
193 },
194 {
195 { NULL, NULL, NULL },
196 0,
197 },
198};
199
200/*
201 * For digestAlgorithm
202 */
203typedef struct {
204 oid_descriptor_t descriptor;
205 md_type_t md_alg;
206} oid_md_alg_t;
207
208static const oid_md_alg_t oid_md_alg[] =
209{
210 {
211 { OID_DIGEST_ALG_MD2, "id-md2", "MD2" },
212 POLARSSL_MD_MD2,
213 },
214 {
215 { OID_DIGEST_ALG_MD4, "id-md4", "MD4" },
216 POLARSSL_MD_MD4,
217 },
218 {
219 { OID_DIGEST_ALG_MD5, "id-md5", "MD5" },
220 POLARSSL_MD_MD5,
221 },
222 {
223 { OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1" },
224 POLARSSL_MD_SHA1,
225 },
226 {
227 { OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1" },
228 POLARSSL_MD_SHA1,
229 },
230 {
231 { OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224" },
232 POLARSSL_MD_SHA224,
233 },
234 {
235 { OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256" },
236 POLARSSL_MD_SHA256,
237 },
238 {
239 { OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384" },
240 POLARSSL_MD_SHA384,
241 },
242 {
243 { OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512" },
244 POLARSSL_MD_SHA512,
245 },
246 {
247 { NULL, NULL, NULL },
248 0,
249 },
250};
251
252#if defined _MSC_VER && !defined snprintf
253#include <stdarg.h>
254
255#if !defined vsnprintf
256#define vsnprintf _vsnprintf
257#endif // vsnprintf
258
259/*
260 * Windows _snprintf and _vsnprintf are not compatible to linux versions.
261 * Result value is not size of buffer needed, but -1 if no fit is possible.
262 *
263 * This fuction tries to 'fix' this by at least suggesting enlarging the
264 * size by 20.
265 */
266static int compat_snprintf(char *str, size_t size, const char *format, ...)
267{
268 va_list ap;
269 int res = -1;
270
271 va_start( ap, format );
272
273 res = vsnprintf( str, size, format, ap );
274
275 va_end( ap );
276
277 // No quick fix possible
278 if ( res < 0 )
279 return( (int) size + 20 );
280
281 return res;
282}
283
284#define snprintf compat_snprintf
285#endif
286
287#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
288
289#define SAFE_SNPRINTF() \
290{ \
291 if( ret == -1 ) \
292 return( -1 ); \
293 \
294 if ( (unsigned int) ret > n ) { \
295 p[n - 1] = '\0'; \
296 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
297 } \
298 \
299 n -= (unsigned int) ret; \
300 p += (unsigned int) ret; \
301}
302
303/* Return the x.y.z.... style numeric string for the given OID */
304int oid_get_numeric_string( char *buf, size_t size,
305 const asn1_buf *oid )
306{
307 int ret;
308 size_t i, n;
309 unsigned int value;
310 char *p;
311
312 p = buf;
313 n = size;
314
315 /* First byte contains first two dots */
316 if( oid->len > 0 )
317 {
318 ret = snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
319 SAFE_SNPRINTF();
320 }
321
322 /* Prevent overflow in value. */
323 if( oid->len > sizeof(value) )
324 return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
325
326 value = 0;
327 for( i = 1; i < oid->len; i++ )
328 {
329 value <<= 7;
330 value += oid->p[i] & 0x7F;
331
332 if( !( oid->p[i] & 0x80 ) )
333 {
334 /* Last byte */
335 ret = snprintf( p, n, ".%d", value );
336 SAFE_SNPRINTF();
337 value = 0;
338 }
339 }
340
341 return( (int) ( size - n ) );
342}
343
344static const oid_descriptor_t *oid_descriptor_from_buf(
345 const void *struct_set,
346 size_t struct_size,
347 const unsigned char *oid,
348 size_t len )
349{
350 const unsigned char *p = (unsigned char *) struct_set;
351 const oid_descriptor_t *cur;
352
353 if( struct_set == NULL || oid == NULL )
354 return( NULL );
355
356 cur = (const oid_descriptor_t *) p;
357 while( cur->asn1 != NULL )
358 {
359 if( strlen( cur->asn1 ) == len &&
360 memcmp( cur->asn1, oid, len ) == 0 )
361 {
362 return( cur );
363 }
364
365 p += struct_size;
366 cur = (const oid_descriptor_t *) p;
367 }
368
369 return( NULL );
370}
371
372static const oid_descriptor_t *oid_descriptor_from_asn1(
373 const void *struct_set,
374 size_t struct_size,
375 const asn1_buf *oid )
376{
377 return oid_descriptor_from_buf( struct_set, struct_size,
378 oid->p, oid->len );
379}
380
381int oid_get_extended_key_usage( const asn1_buf *oid, const char **desc )
382{
383 const oid_descriptor_t *data = oid_descriptor_from_asn1(
384 oid_ext_key_usage,
385 sizeof(oid_descriptor_t),
386 oid );
387
388 if( data == NULL )
389 return( POLARSSL_ERR_OID_NOT_FOUND );
390
391 *desc = data->description;
392
393 return( 0 );
394}
395
396static const oid_x509_ext_t *oid_x509_ext_from_asn1( const asn1_buf *oid )
397{
398 return (const oid_x509_ext_t *) oid_descriptor_from_asn1(
399 oid_x509_ext,
400 sizeof(oid_x509_ext_t),
401 oid );
402}
403
404static const oid_x520_attr_t *oid_x520_attr_from_asn1( const asn1_buf *oid )
405{
406 return (const oid_x520_attr_t *) oid_descriptor_from_asn1(
407 oid_x520_attr_type,
408 sizeof(oid_x520_attr_t),
409 oid );
410}
411
412static const oid_pk_alg_t *oid_pk_alg_from_asn1( const asn1_buf *oid )
413{
414 return (const oid_pk_alg_t *) oid_descriptor_from_asn1(
415 oid_pk_alg,
416 sizeof(oid_pk_alg_t),
417 oid );
418}
419
420static const oid_sig_alg_t *oid_sig_alg_from_asn1( const asn1_buf *oid )
421{
422 return (const oid_sig_alg_t *) oid_descriptor_from_asn1(
423 oid_sig_alg,
424 sizeof(oid_sig_alg_t),
425 oid );
426}
427
428static const oid_md_alg_t *oid_md_alg_from_asn1( const asn1_buf *oid )
429{
430 return (const oid_md_alg_t *) oid_descriptor_from_asn1(
431 oid_md_alg,
432 sizeof(oid_md_alg_t),
433 oid );
434}
435
436int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type )
437{
438 const oid_x509_ext_t *data = oid_x509_ext_from_asn1( oid );
439
440 if( data == NULL )
441 return( POLARSSL_ERR_OID_NOT_FOUND );
442
443 *ext_type = data->ext_type;
444
445 return( 0 );
446}
447
448int oid_get_attr_short_name( const asn1_buf *oid, const char **short_name )
449{
450 const oid_x520_attr_t *data = oid_x520_attr_from_asn1( oid );
451
452 if( data == NULL )
453 return( POLARSSL_ERR_OID_NOT_FOUND );
454
455 *short_name = data->short_name;
456
457 return( 0 );
458}
459
460int oid_get_pk_alg( const asn1_buf *oid, pk_type_t *pk_alg )
461{
462 const oid_pk_alg_t *data = oid_pk_alg_from_asn1( oid );
463
464 if( data == NULL )
465 return( POLARSSL_ERR_OID_NOT_FOUND );
466
467 *pk_alg = data->pk_alg;
468
469 return( 0 );
470}
471
472int oid_get_sig_alg_desc( const asn1_buf *oid, const char **desc )
473{
474 const oid_sig_alg_t *data = oid_sig_alg_from_asn1( oid );
475
476 if( data == NULL )
477 return( POLARSSL_ERR_OID_NOT_FOUND );
478
479 *desc = data->descriptor.description;
480
481 return( 0 );
482}
483
484int oid_get_sig_alg( const asn1_buf *oid,
485 md_type_t *md_alg, pk_type_t *pk_alg )
486{
487 const oid_sig_alg_t *data = oid_sig_alg_from_asn1( oid );
488
489 if( data == NULL )
490 return( POLARSSL_ERR_OID_NOT_FOUND );
491
492 *md_alg = data->md_alg;
493 *pk_alg = data->pk_alg;
494
495 return( 0 );
496}
497
498int oid_get_oid_by_sig_alg( pk_type_t pk_alg, md_type_t md_alg,
499 const char **oid_str )
500{
501 const oid_sig_alg_t *cur = oid_sig_alg;
502
503 while( cur->descriptor.asn1 != NULL )
504 {
505 if( cur->pk_alg == pk_alg &&
506 cur->md_alg == md_alg )
507 {
508 *oid_str = cur->descriptor.asn1;
509 return( 0 );
510 }
511
512 cur++;
513 }
514
515 return( POLARSSL_ERR_OID_NOT_FOUND );
516}
517
518int oid_get_md_alg( const asn1_buf *oid,
519 md_type_t *md_alg )
520{
521 const oid_md_alg_t *data = oid_md_alg_from_asn1( oid );
522
523 if( data == NULL )
524 return( POLARSSL_ERR_OID_NOT_FOUND );
525
526 *md_alg = data->md_alg;
527
528 return( 0 );
529}
530
531int oid_get_oid_by_md( md_type_t md_alg,
532 const char **oid_str )
533{
534 const oid_md_alg_t *cur = oid_md_alg;
535
536 while( cur->descriptor.asn1 != NULL )
537 {
538 if( cur->md_alg == md_alg )
539 {
540 *oid_str = cur->descriptor.asn1;
541 return( 0 );
542 }
543
544 cur++;
545 }
546
547 return( POLARSSL_ERR_OID_NOT_FOUND );
548}
549
550#endif /* POLARSSL_OID_C */