1 /**
2 * \file oid.c
3 *
4 * \brief Object Identifier (OID) database
5 *
6 * Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #include "common.h"
23
24 #if defined(MBEDTLS_OID_C)
25
26 #include "mbedtls/oid.h"
27 #include "mbedtls/rsa.h"
28 #include "mbedtls/error.h"
29
30 #include <stdio.h>
31 #include <string.h>
32
33 #if defined(VENDOR_POLARSSL_API_C)
34 #include "mbedtls/hw_polarssl_api.h"
35 #endif
36
37 #if defined(MBEDTLS_PLATFORM_C)
38 #include "mbedtls/platform.h"
39 #else
40 #define mbedtls_snprintf snprintf
41 #endif
42
43 /*
44 * Macro to automatically add the size of #define'd OIDs
45 */
46 #define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s)
47
48 /*
49 * Macro to generate mbedtls_oid_descriptor_t
50 */
51 #if !defined(MBEDTLS_X509_REMOVE_INFO)
52 #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description }
53 #define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL }
54 #else
55 #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s) }
56 #define NULL_OID_DESCRIPTOR { NULL, 0 }
57 #endif
58
59 /*
60 * Macro to generate an internal function for oid_XXX_from_asn1() (used by
61 * the other functions)
62 */
63 #define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \
64 static const TYPE_T * oid_ ## NAME ## _from_asn1( \
65 const mbedtls_asn1_buf *oid ) \
66 { \
67 const TYPE_T *p = (LIST); \
68 const mbedtls_oid_descriptor_t *cur = \
69 (const mbedtls_oid_descriptor_t *) p; \
70 if( p == NULL || oid == NULL ) return( NULL ); \
71 while( cur->asn1 != NULL ) { \
72 if( cur->asn1_len == oid->len && \
73 memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \
74 return( p ); \
75 } \
76 p++; \
77 cur = (const mbedtls_oid_descriptor_t *) p; \
78 } \
79 return( NULL ); \
80 }
81
82 #if !defined(MBEDTLS_X509_REMOVE_INFO)
83 /*
84 * Macro to generate a function for retrieving a single attribute from the
85 * descriptor of an mbedtls_oid_descriptor_t wrapper.
86 */
87 #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
88 int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
89 { \
90 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
91 if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
92 *ATTR1 = data->descriptor.ATTR1; \
93 return( 0 ); \
94 }
95 #endif /* MBEDTLS_X509_REMOVE_INFO */
96
97 /*
98 * Macro to generate a function for retrieving a single attribute from an
99 * mbedtls_oid_descriptor_t wrapper.
100 */
101 #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
102 int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
103 { \
104 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
105 if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
106 *ATTR1 = data->ATTR1; \
107 return( 0 ); \
108 }
109
110 /*
111 * Macro to generate a function for retrieving two attributes from an
112 * mbedtls_oid_descriptor_t wrapper.
113 */
114 #if defined(VENDOR_POLARSSL_API_C)
115 #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \
116 ATTR2_TYPE, ATTR2) \
117 int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \
118 ATTR2_TYPE * ATTR2 ) \
119 { \
120 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
121 if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
122 *(ATTR1) = data->ATTR1; \
123 *(ATTR2) = data->ATTR2; \
124 if( polarssl_dgst_check(*(ATTR1)) != 0 ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
125 return( 0 ); \
126 }
127 #else
128 #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \
129 ATTR2_TYPE, ATTR2) \
130 int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \
131 ATTR2_TYPE * ATTR2 ) \
132 { \
133 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
134 if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
135 *(ATTR1) = data->ATTR1; \
136 *(ATTR2) = data->ATTR2; \
137 return( 0 ); \
138 }
139 #endif
140
141 /*
142 * Macro to generate a function for retrieving the OID based on a single
143 * attribute from a mbedtls_oid_descriptor_t wrapper.
144 */
145 #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \
146 int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \
147 { \
148 const TYPE_T *cur = (LIST); \
149 while( cur->descriptor.asn1 != NULL ) { \
150 if( cur->ATTR1 == (ATTR1) ) { \
151 *oid = cur->descriptor.asn1; \
152 *olen = cur->descriptor.asn1_len; \
153 return( 0 ); \
154 } \
155 cur++; \
156 } \
157 return( MBEDTLS_ERR_OID_NOT_FOUND ); \
158 }
159
160 /*
161 * Macro to generate a function for retrieving the OID based on two
162 * attributes from a mbedtls_oid_descriptor_t wrapper.
163 */
164 #if defined(VENDOR_POLARSSL_API_C)
165 #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \
166 ATTR2_TYPE, ATTR2) \
167 int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \
168 size_t *olen ) \
169 { \
170 const TYPE_T *cur = (LIST); \
171 if( polarssl_dgst_check((ATTR2)) != 0 ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
172 while( cur->descriptor.asn1 != NULL ) { \
173 if( cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2) ) { \
174 *oid = cur->descriptor.asn1; \
175 *olen = cur->descriptor.asn1_len; \
176 return( 0 ); \
177 } \
178 cur++; \
179 } \
180 return( MBEDTLS_ERR_OID_NOT_FOUND ); \
181 }
182 #else
183 #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \
184 ATTR2_TYPE, ATTR2) \
185 int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \
186 size_t *olen ) \
187 { \
188 const TYPE_T *cur = (LIST); \
189 while( cur->descriptor.asn1 != NULL ) { \
190 if( cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2) ) { \
191 *oid = cur->descriptor.asn1; \
192 *olen = cur->descriptor.asn1_len; \
193 return( 0 ); \
194 } \
195 cur++; \
196 } \
197 return( MBEDTLS_ERR_OID_NOT_FOUND ); \
198 }
199 #endif
200
201 #if !defined(HW_MBEDTLS_ATLAS_MCU)
202 /*
203 * For X520 attribute types
204 */
205 typedef struct {
206 mbedtls_oid_descriptor_t descriptor;
207 const char *short_name;
208 } oid_x520_attr_t;
209
210 static const oid_x520_attr_t oid_x520_attr_type[] =
211 {
212 {
213 OID_DESCRIPTOR( MBEDTLS_OID_AT_CN, "id-at-commonName", "Common Name" ),
214 "CN",
215 },
216 {
217 OID_DESCRIPTOR( MBEDTLS_OID_AT_COUNTRY, "id-at-countryName", "Country" ),
218 "C",
219 },
220 {
221 OID_DESCRIPTOR( MBEDTLS_OID_AT_LOCALITY, "id-at-locality", "Locality" ),
222 "L",
223 },
224 {
225 OID_DESCRIPTOR( MBEDTLS_OID_AT_STATE, "id-at-state", "State" ),
226 "ST",
227 },
228 {
229 OID_DESCRIPTOR( MBEDTLS_OID_AT_ORGANIZATION,"id-at-organizationName", "Organization" ),
230 "O",
231 },
232 {
233 OID_DESCRIPTOR( MBEDTLS_OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit" ),
234 "OU",
235 },
236 {
237 OID_DESCRIPTOR( MBEDTLS_OID_PKCS9_EMAIL, "emailAddress", "E-mail address" ),
238 "emailAddress",
239 },
240 {
241 OID_DESCRIPTOR( MBEDTLS_OID_AT_SERIAL_NUMBER,"id-at-serialNumber", "Serial number" ),
242 "serialNumber",
243 },
244 {
245 OID_DESCRIPTOR( MBEDTLS_OID_AT_POSTAL_ADDRESS,"id-at-postalAddress", "Postal address" ),
246 "postalAddress",
247 },
248 {
249 OID_DESCRIPTOR( MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode", "Postal code" ),
250 "postalCode",
251 },
252 {
253 OID_DESCRIPTOR( MBEDTLS_OID_AT_SUR_NAME, "id-at-surName", "Surname" ),
254 "SN",
255 },
256 {
257 OID_DESCRIPTOR( MBEDTLS_OID_AT_GIVEN_NAME, "id-at-givenName", "Given name" ),
258 "GN",
259 },
260 {
261 OID_DESCRIPTOR( MBEDTLS_OID_AT_INITIALS, "id-at-initials", "Initials" ),
262 "initials",
263 },
264 {
265 OID_DESCRIPTOR( MBEDTLS_OID_AT_GENERATION_QUALIFIER, "id-at-generationQualifier", "Generation qualifier" ),
266 "generationQualifier",
267 },
268 {
269 OID_DESCRIPTOR( MBEDTLS_OID_AT_TITLE, "id-at-title", "Title" ),
270 "title",
271 },
272 {
273 OID_DESCRIPTOR( MBEDTLS_OID_AT_DN_QUALIFIER,"id-at-dnQualifier", "Distinguished Name qualifier" ),
274 "dnQualifier",
275 },
276 {
277 OID_DESCRIPTOR( MBEDTLS_OID_AT_PSEUDONYM, "id-at-pseudonym", "Pseudonym" ),
278 "pseudonym",
279 },
280 {
281 OID_DESCRIPTOR( MBEDTLS_OID_UID, "id-uid", "User Id" ),
282 "uid",
283 },
284 {
285 OID_DESCRIPTOR( MBEDTLS_OID_DOMAIN_COMPONENT, "id-domainComponent", "Domain component" ),
286 "DC",
287 },
288 {
289 OID_DESCRIPTOR( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER, "id-at-uniqueIdentifier", "Unique Identifier" ),
290 "uniqueIdentifier",
291 },
292 {
293 NULL_OID_DESCRIPTOR,
294 NULL,
295 }
296 };
297
298 FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
299 FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name)
300
301 /*
302 * For X509 extensions
303 */
304 typedef struct {
305 mbedtls_oid_descriptor_t descriptor;
306 int ext_type;
307 } oid_x509_ext_t;
308
309 static const oid_x509_ext_t oid_x509_ext[] =
310 {
311 {
312 OID_DESCRIPTOR( MBEDTLS_OID_BASIC_CONSTRAINTS, "id-ce-basicConstraints", "Basic Constraints" ),
313 MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
314 },
315 {
316 OID_DESCRIPTOR( MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage" ),
317 MBEDTLS_OID_X509_EXT_KEY_USAGE,
318 },
319 {
320 OID_DESCRIPTOR( MBEDTLS_OID_EXTENDED_KEY_USAGE, "id-ce-extKeyUsage", "Extended Key Usage" ),
321 MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
322 },
323 {
324 OID_DESCRIPTOR( MBEDTLS_OID_SUBJECT_ALT_NAME, "id-ce-subjectAltName", "Subject Alt Name" ),
325 MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
326 },
327 {
328 OID_DESCRIPTOR( MBEDTLS_OID_NS_CERT_TYPE, "id-netscape-certtype", "Netscape Certificate Type" ),
329 MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
330 },
331 {
332 OID_DESCRIPTOR( MBEDTLS_OID_CERTIFICATE_POLICIES, "id-ce-certificatePolicies", "Certificate Policies" ),
333 MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
334 },
335 {
336 NULL_OID_DESCRIPTOR,
337 0,
338 },
339 };
340
341 FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
342 FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
343 #endif
344
345 #if !defined(MBEDTLS_X509_REMOVE_INFO)
346 static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
347 {
348 OID_DESCRIPTOR( MBEDTLS_OID_SERVER_AUTH, "id-kp-serverAuth", "TLS Web Server Authentication" ),
349 OID_DESCRIPTOR( MBEDTLS_OID_CLIENT_AUTH, "id-kp-clientAuth", "TLS Web Client Authentication" ),
350 OID_DESCRIPTOR( MBEDTLS_OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing" ),
351 OID_DESCRIPTOR( MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection" ),
352 OID_DESCRIPTOR( MBEDTLS_OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping" ),
353 OID_DESCRIPTOR( MBEDTLS_OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing" ),
354 OID_DESCRIPTOR( MBEDTLS_OID_WISUN_FAN, "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" ),
355 NULL_OID_DESCRIPTOR,
356 };
357
358 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
359 FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
360
361 static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
362 {
363 OID_DESCRIPTOR( MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy" ),
364 NULL_OID_DESCRIPTOR,
365 };
366
367 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
368 FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description)
369 #endif /* MBEDTLS_X509_REMOVE_INFO */
370
371 #if defined(MBEDTLS_MD_C)
372 /*
373 * For SignatureAlgorithmIdentifier
374 */
375 typedef struct {
376 mbedtls_oid_descriptor_t descriptor;
377 mbedtls_md_type_t md_alg;
378 mbedtls_pk_type_t pk_alg;
379 } oid_sig_alg_t;
380
381 static const oid_sig_alg_t oid_sig_alg[] =
382 {
383 #if defined(MBEDTLS_RSA_C)
384 #if defined(MBEDTLS_MD2_C)
385 {
386 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD2, "md2WithRSAEncryption", "RSA with MD2" ),
387 MBEDTLS_MD_MD2, MBEDTLS_PK_RSA,
388 },
389 #endif /* MBEDTLS_MD2_C */
390 #if defined(MBEDTLS_MD4_C)
391 {
392 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD4, "md4WithRSAEncryption", "RSA with MD4" ),
393 MBEDTLS_MD_MD4, MBEDTLS_PK_RSA,
394 },
395 #endif /* MBEDTLS_MD4_C */
396 #if defined(MBEDTLS_MD5_C)
397 {
398 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5" ),
399 MBEDTLS_MD_MD5, MBEDTLS_PK_RSA,
400 },
401 #endif /* MBEDTLS_MD5_C */
402 #if defined(MBEDTLS_SHA1_C)
403 {
404 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1" ),
405 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
406 },
407 #endif /* MBEDTLS_SHA1_C */
408 #if defined(MBEDTLS_SHA224_C)
409 {
410 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", "RSA with SHA-224" ),
411 MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
412 },
413 #endif
414 #if defined(MBEDTLS_SHA256_C)
415 {
416 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", "RSA with SHA-256" ),
417 MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
418 },
419 #endif /* MBEDTLS_SHA256_C */
420 #if defined(MBEDTLS_SHA384_C)
421 {
422 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", "RSA with SHA-384" ),
423 MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA,
424 },
425 #endif /* MBEDTLS_SHA384_C */
426 #if defined(MBEDTLS_SHA512_C)
427 {
428 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", "RSA with SHA-512" ),
429 MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA,
430 },
431 #endif /* MBEDTLS_SHA512_C */
432 #if defined(MBEDTLS_SHA1_C)
433 {
434 OID_DESCRIPTOR( MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1" ),
435 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
436 },
437 #endif /* MBEDTLS_SHA1_C */
438 #endif /* MBEDTLS_RSA_C */
439 #if defined(MBEDTLS_ECDSA_C)
440 #if defined(MBEDTLS_SHA1_C)
441 {
442 OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1" ),
443 MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
444 },
445 #endif /* MBEDTLS_SHA1_C */
446 #if defined(MBEDTLS_SHA224_C)
447 {
448 OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224" ),
449 MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
450 },
451 #endif
452 #if defined(MBEDTLS_SHA256_C)
453 {
454 OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256" ),
455 MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
456 },
457 #endif /* MBEDTLS_SHA256_C */
458 #if defined(MBEDTLS_SHA384_C)
459 {
460 OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384" ),
461 MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA,
462 },
463 #endif /* MBEDTLS_SHA384_C */
464 #if defined(MBEDTLS_SHA512_C)
465 {
466 OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512" ),
467 MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA,
468 },
469 #endif /* MBEDTLS_SHA512_C */
470 #endif /* MBEDTLS_ECDSA_C */
471 #if defined(MBEDTLS_RSA_C)
472 {
473 OID_DESCRIPTOR( MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS" ),
474 MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS,
475 },
476 #endif /* MBEDTLS_RSA_C */
477 {
478 NULL_OID_DESCRIPTOR,
479 MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
480 },
481 };
482
483 FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
484
485 #if !defined(MBEDTLS_X509_REMOVE_INFO)
486 FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description)
487 #endif
488
489 FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg)
490 FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg)
491 #endif /* MBEDTLS_MD_C */
492
493 /*
494 * For PublicKeyInfo (PKCS1, RFC 5480)
495 */
496 typedef struct {
497 mbedtls_oid_descriptor_t descriptor;
498 mbedtls_pk_type_t pk_alg;
499 } oid_pk_alg_t;
500
501 static const oid_pk_alg_t oid_pk_alg[] =
502 {
503 {
504 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA" ),
505 MBEDTLS_PK_RSA,
506 },
507 {
508 OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key" ),
509 MBEDTLS_PK_ECKEY,
510 },
511 {
512 OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH" ),
513 MBEDTLS_PK_ECKEY_DH,
514 },
515 {
516 NULL_OID_DESCRIPTOR,
517 MBEDTLS_PK_NONE,
518 },
519 };
520
521 FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
522 FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
523 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg)
524
525 #if defined(MBEDTLS_ECP_C)
526 /*
527 * For namedCurve (RFC 5480)
528 */
529 typedef struct {
530 mbedtls_oid_descriptor_t descriptor;
531 mbedtls_ecp_group_id grp_id;
532 } oid_ecp_grp_t;
533
534 static const oid_ecp_grp_t oid_ecp_grp[] =
535 {
536 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
537 {
538 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1" ),
539 MBEDTLS_ECP_DP_SECP192R1,
540 },
541 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
542 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
543 {
544 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1" ),
545 MBEDTLS_ECP_DP_SECP224R1,
546 },
547 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
548 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
549 {
550 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1" ),
551 MBEDTLS_ECP_DP_SECP256R1,
552 },
553 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
554 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
555 {
556 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1" ),
557 MBEDTLS_ECP_DP_SECP384R1,
558 },
559 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
560 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
561 {
562 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1" ),
563 MBEDTLS_ECP_DP_SECP521R1,
564 },
565 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
566 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
567 {
568 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1" ),
569 MBEDTLS_ECP_DP_SECP192K1,
570 },
571 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
572 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
573 {
574 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1" ),
575 MBEDTLS_ECP_DP_SECP224K1,
576 },
577 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
578 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
579 {
580 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1" ),
581 MBEDTLS_ECP_DP_SECP256K1,
582 },
583 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
584 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
585 {
586 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1","brainpool256r1" ),
587 MBEDTLS_ECP_DP_BP256R1,
588 },
589 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
590 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
591 {
592 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1","brainpool384r1" ),
593 MBEDTLS_ECP_DP_BP384R1,
594 },
595 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
596 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
597 {
598 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1","brainpool512r1" ),
599 MBEDTLS_ECP_DP_BP512R1,
600 },
601 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
602 {
603 NULL_OID_DESCRIPTOR,
604 MBEDTLS_ECP_DP_NONE,
605 },
606 };
607
608 FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
609 FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
610 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id)
611 #endif /* MBEDTLS_ECP_C */
612
613 #if defined(MBEDTLS_CIPHER_C)
614 /*
615 * For PKCS#5 PBES2 encryption algorithm
616 */
617 typedef struct {
618 mbedtls_oid_descriptor_t descriptor;
619 mbedtls_cipher_type_t cipher_alg;
620 } oid_cipher_alg_t;
621
622 static const oid_cipher_alg_t oid_cipher_alg[] =
623 {
624 {
625 OID_DESCRIPTOR( MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC" ),
626 MBEDTLS_CIPHER_DES_CBC,
627 },
628 {
629 OID_DESCRIPTOR( MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC" ),
630 MBEDTLS_CIPHER_DES_EDE3_CBC,
631 },
632 {
633 NULL_OID_DESCRIPTOR,
634 MBEDTLS_CIPHER_NONE,
635 },
636 };
637
638 FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
639 FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, cipher_alg)
640 #endif /* MBEDTLS_CIPHER_C */
641
642 #if defined(MBEDTLS_MD_C)
643 /*
644 * For digestAlgorithm
645 */
646 typedef struct {
647 mbedtls_oid_descriptor_t descriptor;
648 mbedtls_md_type_t md_alg;
649 } oid_md_alg_t;
650
651 static const oid_md_alg_t oid_md_alg[] =
652 {
653 #if defined(MBEDTLS_MD2_C)
654 {
655 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD2, "id-md2", "MD2" ),
656 MBEDTLS_MD_MD2,
657 },
658 #endif /* MBEDTLS_MD2_C */
659 #if defined(MBEDTLS_MD4_C)
660 {
661 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD4, "id-md4", "MD4" ),
662 MBEDTLS_MD_MD4,
663 },
664 #endif /* MBEDTLS_MD4_C */
665 #if defined(MBEDTLS_MD5_C)
666 {
667 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5" ),
668 MBEDTLS_MD_MD5,
669 },
670 #endif /* MBEDTLS_MD5_C */
671 #if defined(MBEDTLS_SHA1_C)
672 {
673 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1" ),
674 MBEDTLS_MD_SHA1,
675 },
676 #endif /* MBEDTLS_SHA1_C */
677 #if defined(MBEDTLS_SHA224_C)
678 {
679 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224" ),
680 MBEDTLS_MD_SHA224,
681 },
682 #endif
683 #if defined(MBEDTLS_SHA256_C)
684 {
685 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256" ),
686 MBEDTLS_MD_SHA256,
687 },
688 #endif /* MBEDTLS_SHA256_C */
689 #if defined(MBEDTLS_SHA384_C)
690 {
691 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384" ),
692 MBEDTLS_MD_SHA384,
693 },
694 #endif /* MBEDTLS_SHA384_C */
695 #if defined(MBEDTLS_SHA512_C)
696 {
697 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512" ),
698 MBEDTLS_MD_SHA512,
699 },
700 #endif /* MBEDTLS_SHA512_C */
701 #if defined(MBEDTLS_RIPEMD160_C)
702 {
703 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160" ),
704 MBEDTLS_MD_RIPEMD160,
705 },
706 #endif /* MBEDTLS_RIPEMD160_C */
707 {
708 NULL_OID_DESCRIPTOR,
709 MBEDTLS_MD_NONE,
710 },
711 };
712
713 FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
714 FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
715 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
716
717 /*
718 * For HMAC digestAlgorithm
719 */
720 typedef struct {
721 mbedtls_oid_descriptor_t descriptor;
722 mbedtls_md_type_t md_hmac;
723 } oid_md_hmac_t;
724
725 static const oid_md_hmac_t oid_md_hmac[] =
726 {
727 #if defined(MBEDTLS_SHA1_C)
728 {
729 OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1" ),
730 MBEDTLS_MD_SHA1,
731 },
732 #endif /* MBEDTLS_SHA1_C */
733 #if defined(MBEDTLS_SHA224_C)
734 {
735 OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224" ),
736 MBEDTLS_MD_SHA224,
737 },
738 #endif
739 #if defined(MBEDTLS_SHA256_C)
740 {
741 OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256" ),
742 MBEDTLS_MD_SHA256,
743 },
744 #endif /* MBEDTLS_SHA256_C */
745 #if defined(MBEDTLS_SHA384_C)
746 {
747 OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384" ),
748 MBEDTLS_MD_SHA384,
749 },
750 #endif /* MBEDTLS_SHA384_C */
751 #if defined(MBEDTLS_SHA512_C)
752 {
753 OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512" ),
754 MBEDTLS_MD_SHA512,
755 },
756 #endif /* MBEDTLS_SHA512_C */
757 {
758 NULL_OID_DESCRIPTOR,
759 MBEDTLS_MD_NONE,
760 },
761 };
762
763 FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac)
764 FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac)
765 #endif /* MBEDTLS_MD_C */
766
767 #if defined(MBEDTLS_PKCS12_C)
768 /*
769 * For PKCS#12 PBEs
770 */
771 typedef struct {
772 mbedtls_oid_descriptor_t descriptor;
773 mbedtls_md_type_t md_alg;
774 mbedtls_cipher_type_t cipher_alg;
775 } oid_pkcs12_pbe_alg_t;
776
777 static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
778 {
779 {
780 OID_DESCRIPTOR( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" ),
781 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC,
782 },
783 {
784 OID_DESCRIPTOR( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" ),
785 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC,
786 },
787 {
788 NULL_OID_DESCRIPTOR,
789 MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE,
790 },
791 };
792
FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t,pkcs12_pbe_alg,oid_pkcs12_pbe_alg)793 FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
794 FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, md_alg, mbedtls_cipher_type_t, cipher_alg)
795 #endif /* MBEDTLS_PKCS12_C */
796
797 #define OID_SAFE_SNPRINTF \
798 do { \
799 if( ret < 0 || (size_t) ret >= n ) \
800 return( MBEDTLS_ERR_OID_BUF_TOO_SMALL ); \
801 \
802 n -= (size_t) ret; \
803 p += (size_t) ret; \
804 } while( 0 )
805
806 /* Return the x.y.z.... style numeric string for the given OID */
807 int mbedtls_oid_get_numeric_string( char *buf, size_t size,
808 const mbedtls_asn1_buf *oid )
809 {
810 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
811 size_t i, n;
812 unsigned int value;
813 char *p;
814
815 p = buf;
816 n = size;
817
818 /* First byte contains first two dots */
819 if( oid->len > 0 )
820 {
821 ret = mbedtls_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
822 OID_SAFE_SNPRINTF;
823 }
824
825 value = 0;
826 for( i = 1; i < oid->len; i++ )
827 {
828 /* Prevent overflow in value. */
829 if( ( ( value << 7 ) >> 7 ) != value )
830 return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );
831
832 value <<= 7;
833 value += oid->p[i] & 0x7F;
834
835 if( !( oid->p[i] & 0x80 ) )
836 {
837 /* Last byte */
838 ret = mbedtls_snprintf( p, n, ".%u", value );
839 OID_SAFE_SNPRINTF;
840 value = 0;
841 }
842 }
843
844 return( (int) ( size - n ) );
845 }
846
847 #endif /* MBEDTLS_OID_C */
848