1 /**
2 * \file oid.c
3 *
4 * \brief Object Identifier (OID) database
5 *
6 * Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
8 */
9
10 #include "common.h"
11
12 #if defined(MBEDTLS_OID_C)
13
14 #include "mbedtls/oid.h"
15 #include "mbedtls/rsa.h"
16 #include "mbedtls/error.h"
17
18 #include <stdio.h>
19 #include <string.h>
20
21 #include "mbedtls/platform.h"
22
23 /*
24 * Macro to automatically add the size of #define'd OIDs
25 */
26 #define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s)
27
28 /*
29 * Macro to generate an internal function for oid_XXX_from_asn1() (used by
30 * the other functions)
31 */
32 #define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST) \
33 static const TYPE_T *oid_ ## NAME ## _from_asn1( \
34 const mbedtls_asn1_buf *oid) \
35 { \
36 const TYPE_T *p = (LIST); \
37 const mbedtls_oid_descriptor_t *cur = \
38 (const mbedtls_oid_descriptor_t *) p; \
39 if (p == NULL || oid == NULL) return NULL; \
40 while (cur->asn1 != NULL) { \
41 if (cur->asn1_len == oid->len && \
42 memcmp(cur->asn1, oid->p, oid->len) == 0) { \
43 return p; \
44 } \
45 p++; \
46 cur = (const mbedtls_oid_descriptor_t *) p; \
47 } \
48 return NULL; \
49 }
50
51 /*
52 * Macro to generate a function for retrieving a single attribute from the
53 * descriptor of an mbedtls_oid_descriptor_t wrapper.
54 */
55 #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
56 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
57 { \
58 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
59 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
60 *ATTR1 = data->descriptor.ATTR1; \
61 return 0; \
62 }
63
64 /*
65 * Macro to generate a function for retrieving a single attribute from an
66 * mbedtls_oid_descriptor_t wrapper.
67 */
68 #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
69 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
70 { \
71 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
72 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
73 *ATTR1 = data->ATTR1; \
74 return 0; \
75 }
76
77 /*
78 * Macro to generate a function for retrieving two attributes from an
79 * mbedtls_oid_descriptor_t wrapper.
80 */
81 #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \
82 ATTR2_TYPE, ATTR2) \
83 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \
84 ATTR2_TYPE * ATTR2) \
85 { \
86 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
87 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
88 *(ATTR1) = data->ATTR1; \
89 *(ATTR2) = data->ATTR2; \
90 return 0; \
91 }
92
93 /*
94 * Macro to generate a function for retrieving the OID based on a single
95 * attribute from a mbedtls_oid_descriptor_t wrapper.
96 */
97 #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \
98 int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \
99 { \
100 const TYPE_T *cur = (LIST); \
101 while (cur->descriptor.asn1 != NULL) { \
102 if (cur->ATTR1 == (ATTR1)) { \
103 *oid = cur->descriptor.asn1; \
104 *olen = cur->descriptor.asn1_len; \
105 return 0; \
106 } \
107 cur++; \
108 } \
109 return MBEDTLS_ERR_OID_NOT_FOUND; \
110 }
111
112 /*
113 * Macro to generate a function for retrieving the OID based on two
114 * attributes from a mbedtls_oid_descriptor_t wrapper.
115 */
116 #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \
117 ATTR2_TYPE, ATTR2) \
118 int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid, \
119 size_t *olen) \
120 { \
121 const TYPE_T *cur = (LIST); \
122 while (cur->descriptor.asn1 != NULL) { \
123 if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) { \
124 *oid = cur->descriptor.asn1; \
125 *olen = cur->descriptor.asn1_len; \
126 return 0; \
127 } \
128 cur++; \
129 } \
130 return MBEDTLS_ERR_OID_NOT_FOUND; \
131 }
132
133 /*
134 * For X520 attribute types
135 */
136 typedef struct {
137 mbedtls_oid_descriptor_t descriptor;
138 const char *short_name;
139 } oid_x520_attr_t;
140
141 static const oid_x520_attr_t oid_x520_attr_type[] =
142 {
143 {
144 { ADD_LEN(MBEDTLS_OID_AT_CN), "id-at-commonName", "Common Name" },
145 "CN",
146 },
147 {
148 { ADD_LEN(MBEDTLS_OID_AT_COUNTRY), "id-at-countryName", "Country" },
149 "C",
150 },
151 {
152 { ADD_LEN(MBEDTLS_OID_AT_LOCALITY), "id-at-locality", "Locality" },
153 "L",
154 },
155 {
156 { ADD_LEN(MBEDTLS_OID_AT_STATE), "id-at-state", "State" },
157 "ST",
158 },
159 {
160 { ADD_LEN(MBEDTLS_OID_AT_ORGANIZATION), "id-at-organizationName", "Organization" },
161 "O",
162 },
163 {
164 { ADD_LEN(MBEDTLS_OID_AT_ORG_UNIT), "id-at-organizationalUnitName", "Org Unit" },
165 "OU",
166 },
167 {
168 { ADD_LEN(MBEDTLS_OID_PKCS9_EMAIL), "emailAddress", "E-mail address" },
169 "emailAddress",
170 },
171 {
172 { ADD_LEN(MBEDTLS_OID_AT_SERIAL_NUMBER), "id-at-serialNumber", "Serial number" },
173 "serialNumber",
174 },
175 {
176 { ADD_LEN(MBEDTLS_OID_AT_POSTAL_ADDRESS), "id-at-postalAddress",
177 "Postal address" },
178 "postalAddress",
179 },
180 {
181 { ADD_LEN(MBEDTLS_OID_AT_POSTAL_CODE), "id-at-postalCode", "Postal code" },
182 "postalCode",
183 },
184 {
185 { ADD_LEN(MBEDTLS_OID_AT_SUR_NAME), "id-at-surName", "Surname" },
186 "SN",
187 },
188 {
189 { ADD_LEN(MBEDTLS_OID_AT_GIVEN_NAME), "id-at-givenName", "Given name" },
190 "GN",
191 },
192 {
193 { ADD_LEN(MBEDTLS_OID_AT_INITIALS), "id-at-initials", "Initials" },
194 "initials",
195 },
196 {
197 { ADD_LEN(MBEDTLS_OID_AT_GENERATION_QUALIFIER), "id-at-generationQualifier",
198 "Generation qualifier" },
199 "generationQualifier",
200 },
201 {
202 { ADD_LEN(MBEDTLS_OID_AT_TITLE), "id-at-title", "Title" },
203 "title",
204 },
205 {
206 { ADD_LEN(MBEDTLS_OID_AT_DN_QUALIFIER), "id-at-dnQualifier",
207 "Distinguished Name qualifier" },
208 "dnQualifier",
209 },
210 {
211 { ADD_LEN(MBEDTLS_OID_AT_PSEUDONYM), "id-at-pseudonym", "Pseudonym" },
212 "pseudonym",
213 },
214 {
215 { ADD_LEN(MBEDTLS_OID_DOMAIN_COMPONENT), "id-domainComponent",
216 "Domain component" },
217 "DC",
218 },
219 {
220 { ADD_LEN(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER), "id-at-uniqueIdentifier",
221 "Unique Identifier" },
222 "uniqueIdentifier",
223 },
224 {
225 { NULL, 0, NULL, NULL },
226 NULL,
227 }
228 };
229
230 FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
231 FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name,
232 oid_x520_attr_t,
233 x520_attr,
234 const char *,
235 short_name)
236
237 /*
238 * For X509 extensions
239 */
240 typedef struct {
241 mbedtls_oid_descriptor_t descriptor;
242 int ext_type;
243 } oid_x509_ext_t;
244
245 static const oid_x509_ext_t oid_x509_ext[] =
246 {
247 {
248 { ADD_LEN(MBEDTLS_OID_BASIC_CONSTRAINTS), "id-ce-basicConstraints",
249 "Basic Constraints" },
250 MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
251 },
252 {
253 { ADD_LEN(MBEDTLS_OID_KEY_USAGE), "id-ce-keyUsage", "Key Usage" },
254 MBEDTLS_OID_X509_EXT_KEY_USAGE,
255 },
256 {
257 { ADD_LEN(MBEDTLS_OID_EXTENDED_KEY_USAGE), "id-ce-extKeyUsage",
258 "Extended Key Usage" },
259 MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
260 },
261 {
262 { ADD_LEN(MBEDTLS_OID_SUBJECT_ALT_NAME), "id-ce-subjectAltName",
263 "Subject Alt Name" },
264 MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
265 },
266 {
267 { ADD_LEN(MBEDTLS_OID_NS_CERT_TYPE), "id-netscape-certtype",
268 "Netscape Certificate Type" },
269 MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
270 },
271 {
272 { ADD_LEN(MBEDTLS_OID_CERTIFICATE_POLICIES), "id-ce-certificatePolicies",
273 "Certificate Policies" },
274 MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
275 },
276 {
277 { NULL, 0, NULL, NULL },
278 0,
279 },
280 };
281
282 FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
283 FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
284
285 static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
286 {
287 { ADD_LEN(MBEDTLS_OID_SERVER_AUTH), "id-kp-serverAuth",
288 "TLS Web Server Authentication" },
289 { ADD_LEN(MBEDTLS_OID_CLIENT_AUTH), "id-kp-clientAuth",
290 "TLS Web Client Authentication" },
291 { ADD_LEN(MBEDTLS_OID_CODE_SIGNING), "id-kp-codeSigning", "Code Signing" },
292 { ADD_LEN(MBEDTLS_OID_EMAIL_PROTECTION), "id-kp-emailProtection", "E-mail Protection" },
293 { ADD_LEN(MBEDTLS_OID_TIME_STAMPING), "id-kp-timeStamping", "Time Stamping" },
294 { ADD_LEN(MBEDTLS_OID_OCSP_SIGNING), "id-kp-OCSPSigning", "OCSP Signing" },
295 { ADD_LEN(MBEDTLS_OID_WISUN_FAN), "id-kp-wisun-fan-device",
296 "Wi-SUN Alliance Field Area Network (FAN)" },
297 { NULL, 0, NULL, NULL },
298 };
299
300 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
301 FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage,
302 mbedtls_oid_descriptor_t,
303 ext_key_usage,
304 const char *,
305 description)
306
307 static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
308 {
309 { ADD_LEN(MBEDTLS_OID_ANY_POLICY), "anyPolicy", "Any Policy" },
310 { NULL, 0, NULL, NULL },
311 };
312
313 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
314 FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies,
315 mbedtls_oid_descriptor_t,
316 certificate_policies,
317 const char *,
318 description)
319
320 #if defined(MBEDTLS_MD_C)
321 /*
322 * For SignatureAlgorithmIdentifier
323 */
324 typedef struct {
325 mbedtls_oid_descriptor_t descriptor;
326 mbedtls_md_type_t md_alg;
327 mbedtls_pk_type_t pk_alg;
328 } oid_sig_alg_t;
329
330 static const oid_sig_alg_t oid_sig_alg[] =
331 {
332 #if defined(MBEDTLS_RSA_C)
333 #if defined(MBEDTLS_MD2_C)
334 {
335 { ADD_LEN(MBEDTLS_OID_PKCS1_MD2), "md2WithRSAEncryption", "RSA with MD2" },
336 MBEDTLS_MD_MD2, MBEDTLS_PK_RSA,
337 },
338 #endif /* MBEDTLS_MD2_C */
339 #if defined(MBEDTLS_MD4_C)
340 {
341 { ADD_LEN(MBEDTLS_OID_PKCS1_MD4), "md4WithRSAEncryption", "RSA with MD4" },
342 MBEDTLS_MD_MD4, MBEDTLS_PK_RSA,
343 },
344 #endif /* MBEDTLS_MD4_C */
345 #if defined(MBEDTLS_MD5_C)
346 {
347 { ADD_LEN(MBEDTLS_OID_PKCS1_MD5), "md5WithRSAEncryption", "RSA with MD5" },
348 MBEDTLS_MD_MD5, MBEDTLS_PK_RSA,
349 },
350 #endif /* MBEDTLS_MD5_C */
351 #if defined(MBEDTLS_SHA1_C)
352 {
353 { ADD_LEN(MBEDTLS_OID_PKCS1_SHA1), "sha-1WithRSAEncryption", "RSA with SHA1" },
354 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
355 },
356 #endif /* MBEDTLS_SHA1_C */
357 #if defined(MBEDTLS_SHA256_C)
358 {
359 { ADD_LEN(MBEDTLS_OID_PKCS1_SHA224), "sha224WithRSAEncryption", "RSA with SHA-224" },
360 MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
361 },
362 {
363 { ADD_LEN(MBEDTLS_OID_PKCS1_SHA256), "sha256WithRSAEncryption", "RSA with SHA-256" },
364 MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
365 },
366 #endif /* MBEDTLS_SHA256_C */
367 #if defined(MBEDTLS_SHA512_C)
368 {
369 { ADD_LEN(MBEDTLS_OID_PKCS1_SHA384), "sha384WithRSAEncryption", "RSA with SHA-384" },
370 MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA,
371 },
372 {
373 { ADD_LEN(MBEDTLS_OID_PKCS1_SHA512), "sha512WithRSAEncryption", "RSA with SHA-512" },
374 MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA,
375 },
376 #endif /* MBEDTLS_SHA512_C */
377 #if defined(MBEDTLS_SHA1_C)
378 {
379 { ADD_LEN(MBEDTLS_OID_RSA_SHA_OBS), "sha-1WithRSAEncryption", "RSA with SHA1" },
380 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
381 },
382 #endif /* MBEDTLS_SHA1_C */
383 #endif /* MBEDTLS_RSA_C */
384 #if defined(MBEDTLS_ECDSA_C)
385 #if defined(MBEDTLS_SHA1_C)
386 {
387 { ADD_LEN(MBEDTLS_OID_ECDSA_SHA1), "ecdsa-with-SHA1", "ECDSA with SHA1" },
388 MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
389 },
390 #endif /* MBEDTLS_SHA1_C */
391 #if defined(MBEDTLS_SHA256_C)
392 {
393 { ADD_LEN(MBEDTLS_OID_ECDSA_SHA224), "ecdsa-with-SHA224", "ECDSA with SHA224" },
394 MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
395 },
396 {
397 { ADD_LEN(MBEDTLS_OID_ECDSA_SHA256), "ecdsa-with-SHA256", "ECDSA with SHA256" },
398 MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
399 },
400 #endif /* MBEDTLS_SHA256_C */
401 #if defined(MBEDTLS_SHA512_C)
402 {
403 { ADD_LEN(MBEDTLS_OID_ECDSA_SHA384), "ecdsa-with-SHA384", "ECDSA with SHA384" },
404 MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA,
405 },
406 {
407 { ADD_LEN(MBEDTLS_OID_ECDSA_SHA512), "ecdsa-with-SHA512", "ECDSA with SHA512" },
408 MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA,
409 },
410 #endif /* MBEDTLS_SHA512_C */
411 #endif /* MBEDTLS_ECDSA_C */
412 #if defined(MBEDTLS_RSA_C)
413 {
414 { ADD_LEN(MBEDTLS_OID_RSASSA_PSS), "RSASSA-PSS", "RSASSA-PSS" },
415 MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS,
416 },
417 #endif /* MBEDTLS_RSA_C */
418 {
419 { NULL, 0, NULL, NULL },
420 MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
421 },
422 };
423
424 FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
425 FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc,
426 oid_sig_alg_t,
427 sig_alg,
428 const char *,
429 description)
430 FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg,
431 oid_sig_alg_t,
432 sig_alg,
433 mbedtls_md_type_t,
434 md_alg,
435 mbedtls_pk_type_t,
436 pk_alg)
437 FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg,
438 oid_sig_alg_t,
439 oid_sig_alg,
440 mbedtls_pk_type_t,
441 pk_alg,
442 mbedtls_md_type_t,
443 md_alg)
444 #endif /* MBEDTLS_MD_C */
445
446 /*
447 * For PublicKeyInfo (PKCS1, RFC 5480)
448 */
449 typedef struct {
450 mbedtls_oid_descriptor_t descriptor;
451 mbedtls_pk_type_t pk_alg;
452 } oid_pk_alg_t;
453
454 static const oid_pk_alg_t oid_pk_alg[] =
455 {
456 {
457 { ADD_LEN(MBEDTLS_OID_PKCS1_RSA), "rsaEncryption", "RSA" },
458 MBEDTLS_PK_RSA,
459 },
460 {
461 { ADD_LEN(MBEDTLS_OID_EC_ALG_UNRESTRICTED), "id-ecPublicKey", "Generic EC key" },
462 MBEDTLS_PK_ECKEY,
463 },
464 {
465 { ADD_LEN(MBEDTLS_OID_EC_ALG_ECDH), "id-ecDH", "EC key for ECDH" },
466 MBEDTLS_PK_ECKEY_DH,
467 },
468 {
469 { NULL, 0, NULL, NULL },
470 MBEDTLS_PK_NONE,
471 },
472 };
473
474 FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
475 FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
476 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg,
477 oid_pk_alg_t,
478 oid_pk_alg,
479 mbedtls_pk_type_t,
480 pk_alg)
481
482 #if defined(MBEDTLS_ECP_C)
483 /*
484 * For namedCurve (RFC 5480)
485 */
486 typedef struct {
487 mbedtls_oid_descriptor_t descriptor;
488 mbedtls_ecp_group_id grp_id;
489 } oid_ecp_grp_t;
490
491 static const oid_ecp_grp_t oid_ecp_grp[] =
492 {
493 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
494 {
495 { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP192R1), "secp192r1", "secp192r1" },
496 MBEDTLS_ECP_DP_SECP192R1,
497 },
498 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
499 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
500 {
501 { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP224R1), "secp224r1", "secp224r1" },
502 MBEDTLS_ECP_DP_SECP224R1,
503 },
504 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
505 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
506 {
507 { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP256R1), "secp256r1", "secp256r1" },
508 MBEDTLS_ECP_DP_SECP256R1,
509 },
510 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
511 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
512 {
513 { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP384R1), "secp384r1", "secp384r1" },
514 MBEDTLS_ECP_DP_SECP384R1,
515 },
516 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
517 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
518 {
519 { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP521R1), "secp521r1", "secp521r1" },
520 MBEDTLS_ECP_DP_SECP521R1,
521 },
522 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
523 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
524 {
525 { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP192K1), "secp192k1", "secp192k1" },
526 MBEDTLS_ECP_DP_SECP192K1,
527 },
528 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
529 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
530 {
531 { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP224K1), "secp224k1", "secp224k1" },
532 MBEDTLS_ECP_DP_SECP224K1,
533 },
534 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
535 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
536 {
537 { ADD_LEN(MBEDTLS_OID_EC_GRP_SECP256K1), "secp256k1", "secp256k1" },
538 MBEDTLS_ECP_DP_SECP256K1,
539 },
540 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
541 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
542 {
543 { ADD_LEN(MBEDTLS_OID_EC_GRP_BP256R1), "brainpoolP256r1", "brainpool256r1" },
544 MBEDTLS_ECP_DP_BP256R1,
545 },
546 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
547 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
548 {
549 { ADD_LEN(MBEDTLS_OID_EC_GRP_BP384R1), "brainpoolP384r1", "brainpool384r1" },
550 MBEDTLS_ECP_DP_BP384R1,
551 },
552 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
553 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
554 {
555 { ADD_LEN(MBEDTLS_OID_EC_GRP_BP512R1), "brainpoolP512r1", "brainpool512r1" },
556 MBEDTLS_ECP_DP_BP512R1,
557 },
558 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
559 {
560 { NULL, 0, NULL, NULL },
561 MBEDTLS_ECP_DP_NONE,
562 },
563 };
564
565 FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
566 FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
567 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp,
568 oid_ecp_grp_t,
569 oid_ecp_grp,
570 mbedtls_ecp_group_id,
571 grp_id)
572 #endif /* MBEDTLS_ECP_C */
573
574 #if defined(MBEDTLS_CIPHER_C)
575 /*
576 * For PKCS#5 PBES2 encryption algorithm
577 */
578 typedef struct {
579 mbedtls_oid_descriptor_t descriptor;
580 mbedtls_cipher_type_t cipher_alg;
581 } oid_cipher_alg_t;
582
583 static const oid_cipher_alg_t oid_cipher_alg[] =
584 {
585 {
586 { ADD_LEN(MBEDTLS_OID_DES_CBC), "desCBC", "DES-CBC" },
587 MBEDTLS_CIPHER_DES_CBC,
588 },
589 {
590 { ADD_LEN(MBEDTLS_OID_DES_EDE3_CBC), "des-ede3-cbc", "DES-EDE3-CBC" },
591 MBEDTLS_CIPHER_DES_EDE3_CBC,
592 },
593 {
594 { NULL, 0, NULL, NULL },
595 MBEDTLS_CIPHER_NONE,
596 },
597 };
598
599 FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
600 FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg,
601 oid_cipher_alg_t,
602 cipher_alg,
603 mbedtls_cipher_type_t,
604 cipher_alg)
605 #endif /* MBEDTLS_CIPHER_C */
606
607 #if defined(MBEDTLS_MD_C)
608 /*
609 * For digestAlgorithm
610 */
611 typedef struct {
612 mbedtls_oid_descriptor_t descriptor;
613 mbedtls_md_type_t md_alg;
614 } oid_md_alg_t;
615
616 static const oid_md_alg_t oid_md_alg[] =
617 {
618 #if defined(MBEDTLS_MD2_C)
619 {
620 { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD2), "id-md2", "MD2" },
621 MBEDTLS_MD_MD2,
622 },
623 #endif /* MBEDTLS_MD2_C */
624 #if defined(MBEDTLS_MD4_C)
625 {
626 { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD4), "id-md4", "MD4" },
627 MBEDTLS_MD_MD4,
628 },
629 #endif /* MBEDTLS_MD4_C */
630 #if defined(MBEDTLS_MD5_C)
631 {
632 { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_MD5), "id-md5", "MD5" },
633 MBEDTLS_MD_MD5,
634 },
635 #endif /* MBEDTLS_MD5_C */
636 #if defined(MBEDTLS_SHA1_C)
637 {
638 { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA1), "id-sha1", "SHA-1" },
639 MBEDTLS_MD_SHA1,
640 },
641 #endif /* MBEDTLS_SHA1_C */
642 #if defined(MBEDTLS_SHA256_C)
643 {
644 { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA224), "id-sha224", "SHA-224" },
645 MBEDTLS_MD_SHA224,
646 },
647 {
648 { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA256), "id-sha256", "SHA-256" },
649 MBEDTLS_MD_SHA256,
650 },
651 #endif /* MBEDTLS_SHA256_C */
652 #if defined(MBEDTLS_SHA512_C)
653 {
654 { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA384), "id-sha384", "SHA-384" },
655 MBEDTLS_MD_SHA384,
656 },
657 {
658 { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_SHA512), "id-sha512", "SHA-512" },
659 MBEDTLS_MD_SHA512,
660 },
661 #endif /* MBEDTLS_SHA512_C */
662 #if defined(MBEDTLS_RIPEMD160_C)
663 {
664 { ADD_LEN(MBEDTLS_OID_DIGEST_ALG_RIPEMD160), "id-ripemd160", "RIPEMD-160" },
665 MBEDTLS_MD_RIPEMD160,
666 },
667 #endif /* MBEDTLS_RIPEMD160_C */
668 {
669 { NULL, 0, NULL, NULL },
670 MBEDTLS_MD_NONE,
671 },
672 };
673
674 FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
675 FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
676 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md,
677 oid_md_alg_t,
678 oid_md_alg,
679 mbedtls_md_type_t,
680 md_alg)
681
682 /*
683 * For HMAC digestAlgorithm
684 */
685 typedef struct {
686 mbedtls_oid_descriptor_t descriptor;
687 mbedtls_md_type_t md_hmac;
688 } oid_md_hmac_t;
689
690 static const oid_md_hmac_t oid_md_hmac[] =
691 {
692 #if defined(MBEDTLS_SHA1_C)
693 {
694 { ADD_LEN(MBEDTLS_OID_HMAC_SHA1), "hmacSHA1", "HMAC-SHA-1" },
695 MBEDTLS_MD_SHA1,
696 },
697 #endif /* MBEDTLS_SHA1_C */
698 #if defined(MBEDTLS_SHA256_C)
699 {
700 { ADD_LEN(MBEDTLS_OID_HMAC_SHA224), "hmacSHA224", "HMAC-SHA-224" },
701 MBEDTLS_MD_SHA224,
702 },
703 {
704 { ADD_LEN(MBEDTLS_OID_HMAC_SHA256), "hmacSHA256", "HMAC-SHA-256" },
705 MBEDTLS_MD_SHA256,
706 },
707 #endif /* MBEDTLS_SHA256_C */
708 #if defined(MBEDTLS_SHA512_C)
709 {
710 { ADD_LEN(MBEDTLS_OID_HMAC_SHA384), "hmacSHA384", "HMAC-SHA-384" },
711 MBEDTLS_MD_SHA384,
712 },
713 {
714 { ADD_LEN(MBEDTLS_OID_HMAC_SHA512), "hmacSHA512", "HMAC-SHA-512" },
715 MBEDTLS_MD_SHA512,
716 },
717 #endif /* MBEDTLS_SHA512_C */
718 {
719 { NULL, 0, NULL, NULL },
720 MBEDTLS_MD_NONE,
721 },
722 };
723
724 FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac)
725 FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac)
726 #endif /* MBEDTLS_MD_C */
727
728 #if defined(MBEDTLS_PKCS12_C)
729 /*
730 * For PKCS#12 PBEs
731 */
732 typedef struct {
733 mbedtls_oid_descriptor_t descriptor;
734 mbedtls_md_type_t md_alg;
735 mbedtls_cipher_type_t cipher_alg;
736 } oid_pkcs12_pbe_alg_t;
737
738 static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
739 {
740 {
741 { ADD_LEN(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC), "pbeWithSHAAnd3-KeyTripleDES-CBC",
742 "PBE with SHA1 and 3-Key 3DES" },
743 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC,
744 },
745 {
746 { ADD_LEN(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC), "pbeWithSHAAnd2-KeyTripleDES-CBC",
747 "PBE with SHA1 and 2-Key 3DES" },
748 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC,
749 },
750 {
751 { NULL, 0, NULL, NULL },
752 MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE,
753 },
754 };
755
FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t,pkcs12_pbe_alg,oid_pkcs12_pbe_alg)756 FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
757 FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg,
758 oid_pkcs12_pbe_alg_t,
759 pkcs12_pbe_alg,
760 mbedtls_md_type_t,
761 md_alg,
762 mbedtls_cipher_type_t,
763 cipher_alg)
764 #endif /* MBEDTLS_PKCS12_C */
765
766 /* Return the x.y.z.... style numeric string for the given OID */
767 int mbedtls_oid_get_numeric_string(char *buf, size_t size,
768 const mbedtls_asn1_buf *oid)
769 {
770 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
771 char *p = buf;
772 size_t n = size;
773 unsigned int value = 0;
774
775 if (size > INT_MAX) {
776 /* Avoid overflow computing return value */
777 return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
778 }
779
780 if (oid->len <= 0) {
781 /* OID must not be empty */
782 return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
783 }
784
785 for (size_t i = 0; i < oid->len; i++) {
786 /* Prevent overflow in value. */
787 if (value > (UINT_MAX >> 7)) {
788 return MBEDTLS_ERR_ASN1_INVALID_DATA;
789 }
790 if ((value == 0) && ((oid->p[i]) == 0x80)) {
791 /* Overlong encoding is not allowed */
792 return MBEDTLS_ERR_ASN1_INVALID_DATA;
793 }
794
795 value <<= 7;
796 value |= oid->p[i] & 0x7F;
797
798 if (!(oid->p[i] & 0x80)) {
799 /* Last byte */
800 if (n == size) {
801 int component1;
802 unsigned int component2;
803 /* First subidentifier contains first two OID components */
804 if (value >= 80) {
805 component1 = '2';
806 component2 = value - 80;
807 } else if (value >= 40) {
808 component1 = '1';
809 component2 = value - 40;
810 } else {
811 component1 = '0';
812 component2 = value;
813 }
814 ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2);
815 } else {
816 ret = mbedtls_snprintf(p, n, ".%u", value);
817 }
818 if (ret < 2 || (size_t) ret >= n) {
819 return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
820 }
821 n -= (size_t) ret;
822 p += ret;
823 value = 0;
824 }
825 }
826
827 if (value != 0) {
828 /* Unterminated subidentifier */
829 return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
830 }
831
832 return (int) (size - n);
833 }
834
835 #endif /* MBEDTLS_OID_C */
836