1 /**
2 * \file oid.c
3 *
4 * \brief Object Identifier (OID) database
5 *
6 * Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #include "common.h"
23
24 #if defined(MBEDTLS_OID_C)
25
26 #include "mbedtls/oid.h"
27 #include "mbedtls/rsa.h"
28 #include "mbedtls/error.h"
29
30 #include "mbedtls/legacy_or_psa.h"
31
32 #include <stdio.h>
33 #include <string.h>
34
35 #include "mbedtls/platform.h"
36
37 /*
38 * Macro to automatically add the size of #define'd OIDs
39 */
40 #define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s)
41
42 /*
43 * Macro to generate mbedtls_oid_descriptor_t
44 */
45 #if !defined(MBEDTLS_X509_REMOVE_INFO)
46 #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description }
47 #define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL }
48 #else
49 #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s) }
50 #define NULL_OID_DESCRIPTOR { NULL, 0 }
51 #endif
52
53 /*
54 * Macro to generate an internal function for oid_XXX_from_asn1() (used by
55 * the other functions)
56 */
57 #define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST ) \
58 static const TYPE_T * oid_ ## NAME ## _from_asn1( \
59 const mbedtls_asn1_buf *oid ) \
60 { \
61 const TYPE_T *p = (LIST); \
62 const mbedtls_oid_descriptor_t *cur = \
63 (const mbedtls_oid_descriptor_t *) p; \
64 if( p == NULL || oid == NULL ) return( NULL ); \
65 while( cur->asn1 != NULL ) { \
66 if( cur->asn1_len == oid->len && \
67 memcmp( cur->asn1, oid->p, oid->len ) == 0 ) { \
68 return( p ); \
69 } \
70 p++; \
71 cur = (const mbedtls_oid_descriptor_t *) p; \
72 } \
73 return( NULL ); \
74 }
75
76 #if !defined(MBEDTLS_X509_REMOVE_INFO)
77 /*
78 * Macro to generate a function for retrieving a single attribute from the
79 * descriptor of an mbedtls_oid_descriptor_t wrapper.
80 */
81 #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
82 int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
83 { \
84 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
85 if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
86 *ATTR1 = data->descriptor.ATTR1; \
87 return( 0 ); \
88 }
89 #endif /* MBEDTLS_X509_REMOVE_INFO */
90
91 /*
92 * Macro to generate a function for retrieving a single attribute from an
93 * mbedtls_oid_descriptor_t wrapper.
94 */
95 #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
96 int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) \
97 { \
98 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
99 if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
100 *ATTR1 = data->ATTR1; \
101 return( 0 ); \
102 }
103
104 /*
105 * Macro to generate a function for retrieving two attributes from an
106 * mbedtls_oid_descriptor_t wrapper.
107 */
108 #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \
109 ATTR2_TYPE, ATTR2) \
110 int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \
111 ATTR2_TYPE * ATTR2 ) \
112 { \
113 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid ); \
114 if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND ); \
115 *(ATTR1) = data->ATTR1; \
116 *(ATTR2) = data->ATTR2; \
117 return( 0 ); \
118 }
119
120 /*
121 * Macro to generate a function for retrieving the OID based on a single
122 * attribute from a mbedtls_oid_descriptor_t wrapper.
123 */
124 #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \
125 int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen ) \
126 { \
127 const TYPE_T *cur = (LIST); \
128 while( cur->descriptor.asn1 != NULL ) { \
129 if( cur->ATTR1 == (ATTR1) ) { \
130 *oid = cur->descriptor.asn1; \
131 *olen = cur->descriptor.asn1_len; \
132 return( 0 ); \
133 } \
134 cur++; \
135 } \
136 return( MBEDTLS_ERR_OID_NOT_FOUND ); \
137 }
138
139 /*
140 * Macro to generate a function for retrieving the OID based on two
141 * attributes from a mbedtls_oid_descriptor_t wrapper.
142 */
143 #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \
144 ATTR2_TYPE, ATTR2) \
145 int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid , \
146 size_t *olen ) \
147 { \
148 const TYPE_T *cur = (LIST); \
149 while( cur->descriptor.asn1 != NULL ) { \
150 if( cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2) ) { \
151 *oid = cur->descriptor.asn1; \
152 *olen = cur->descriptor.asn1_len; \
153 return( 0 ); \
154 } \
155 cur++; \
156 } \
157 return( MBEDTLS_ERR_OID_NOT_FOUND ); \
158 }
159
160 /*
161 * For X520 attribute types
162 */
163 typedef struct {
164 mbedtls_oid_descriptor_t descriptor;
165 const char *short_name;
166 } oid_x520_attr_t;
167
168 static const oid_x520_attr_t oid_x520_attr_type[] =
169 {
170 {
171 OID_DESCRIPTOR( MBEDTLS_OID_AT_CN, "id-at-commonName", "Common Name" ),
172 "CN",
173 },
174 {
175 OID_DESCRIPTOR( MBEDTLS_OID_AT_COUNTRY, "id-at-countryName", "Country" ),
176 "C",
177 },
178 {
179 OID_DESCRIPTOR( MBEDTLS_OID_AT_LOCALITY, "id-at-locality", "Locality" ),
180 "L",
181 },
182 {
183 OID_DESCRIPTOR( MBEDTLS_OID_AT_STATE, "id-at-state", "State" ),
184 "ST",
185 },
186 {
187 OID_DESCRIPTOR( MBEDTLS_OID_AT_ORGANIZATION,"id-at-organizationName", "Organization" ),
188 "O",
189 },
190 {
191 OID_DESCRIPTOR( MBEDTLS_OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit" ),
192 "OU",
193 },
194 {
195 OID_DESCRIPTOR( MBEDTLS_OID_PKCS9_EMAIL, "emailAddress", "E-mail address" ),
196 "emailAddress",
197 },
198 {
199 OID_DESCRIPTOR( MBEDTLS_OID_AT_SERIAL_NUMBER,"id-at-serialNumber", "Serial number" ),
200 "serialNumber",
201 },
202 {
203 OID_DESCRIPTOR( MBEDTLS_OID_AT_POSTAL_ADDRESS,"id-at-postalAddress", "Postal address" ),
204 "postalAddress",
205 },
206 {
207 OID_DESCRIPTOR( MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode", "Postal code" ),
208 "postalCode",
209 },
210 {
211 OID_DESCRIPTOR( MBEDTLS_OID_AT_SUR_NAME, "id-at-surName", "Surname" ),
212 "SN",
213 },
214 {
215 OID_DESCRIPTOR( MBEDTLS_OID_AT_GIVEN_NAME, "id-at-givenName", "Given name" ),
216 "GN",
217 },
218 {
219 OID_DESCRIPTOR( MBEDTLS_OID_AT_INITIALS, "id-at-initials", "Initials" ),
220 "initials",
221 },
222 {
223 OID_DESCRIPTOR( MBEDTLS_OID_AT_GENERATION_QUALIFIER, "id-at-generationQualifier", "Generation qualifier" ),
224 "generationQualifier",
225 },
226 {
227 OID_DESCRIPTOR( MBEDTLS_OID_AT_TITLE, "id-at-title", "Title" ),
228 "title",
229 },
230 {
231 OID_DESCRIPTOR( MBEDTLS_OID_AT_DN_QUALIFIER,"id-at-dnQualifier", "Distinguished Name qualifier" ),
232 "dnQualifier",
233 },
234 {
235 OID_DESCRIPTOR( MBEDTLS_OID_AT_PSEUDONYM, "id-at-pseudonym", "Pseudonym" ),
236 "pseudonym",
237 },
238 {
239 OID_DESCRIPTOR( MBEDTLS_OID_UID, "id-uid", "User Id" ),
240 "uid",
241 },
242 {
243 OID_DESCRIPTOR( MBEDTLS_OID_DOMAIN_COMPONENT, "id-domainComponent", "Domain component" ),
244 "DC",
245 },
246 {
247 OID_DESCRIPTOR( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER, "id-at-uniqueIdentifier", "Unique Identifier" ),
248 "uniqueIdentifier",
249 },
250 {
251 NULL_OID_DESCRIPTOR,
252 NULL,
253 }
254 };
255
256 FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
257 FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name)
258
259 /*
260 * For X509 extensions
261 */
262 typedef struct {
263 mbedtls_oid_descriptor_t descriptor;
264 int ext_type;
265 } oid_x509_ext_t;
266
267 static const oid_x509_ext_t oid_x509_ext[] =
268 {
269 {
270 OID_DESCRIPTOR( MBEDTLS_OID_BASIC_CONSTRAINTS, "id-ce-basicConstraints", "Basic Constraints" ),
271 MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
272 },
273 {
274 OID_DESCRIPTOR( MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage" ),
275 MBEDTLS_OID_X509_EXT_KEY_USAGE,
276 },
277 {
278 OID_DESCRIPTOR( MBEDTLS_OID_EXTENDED_KEY_USAGE, "id-ce-extKeyUsage", "Extended Key Usage" ),
279 MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
280 },
281 {
282 OID_DESCRIPTOR( MBEDTLS_OID_SUBJECT_ALT_NAME, "id-ce-subjectAltName", "Subject Alt Name" ),
283 MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
284 },
285 {
286 OID_DESCRIPTOR( MBEDTLS_OID_NS_CERT_TYPE, "id-netscape-certtype", "Netscape Certificate Type" ),
287 MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
288 },
289 {
290 OID_DESCRIPTOR( MBEDTLS_OID_CERTIFICATE_POLICIES, "id-ce-certificatePolicies", "Certificate Policies" ),
291 MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
292 },
293 {
294 NULL_OID_DESCRIPTOR,
295 0,
296 },
297 };
298
299 FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
300 FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
301
302 #if !defined(MBEDTLS_X509_REMOVE_INFO)
303 static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
304 {
305 OID_DESCRIPTOR( MBEDTLS_OID_SERVER_AUTH, "id-kp-serverAuth", "TLS Web Server Authentication" ),
306 OID_DESCRIPTOR( MBEDTLS_OID_CLIENT_AUTH, "id-kp-clientAuth", "TLS Web Client Authentication" ),
307 OID_DESCRIPTOR( MBEDTLS_OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing" ),
308 OID_DESCRIPTOR( MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection" ),
309 OID_DESCRIPTOR( MBEDTLS_OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping" ),
310 OID_DESCRIPTOR( MBEDTLS_OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing" ),
311 OID_DESCRIPTOR( MBEDTLS_OID_WISUN_FAN, "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" ),
312 NULL_OID_DESCRIPTOR,
313 };
314
315 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
316 FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
317
318 static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
319 {
320 OID_DESCRIPTOR( MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy" ),
321 NULL_OID_DESCRIPTOR,
322 };
323
324 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
325 FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description)
326 #endif /* MBEDTLS_X509_REMOVE_INFO */
327
328 /*
329 * For SignatureAlgorithmIdentifier
330 */
331 typedef struct {
332 mbedtls_oid_descriptor_t descriptor;
333 mbedtls_md_type_t md_alg;
334 mbedtls_pk_type_t pk_alg;
335 } oid_sig_alg_t;
336
337 static const oid_sig_alg_t oid_sig_alg[] =
338 {
339 #if defined(MBEDTLS_RSA_C)
340 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA)
341 {
342 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5" ),
343 MBEDTLS_MD_MD5, MBEDTLS_PK_RSA,
344 },
345 #endif /* MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA */
346 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
347 {
348 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1" ),
349 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
350 },
351 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
352 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
353 {
354 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", "RSA with SHA-224" ),
355 MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
356 },
357 #endif /* MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA */
358 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
359 {
360 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", "RSA with SHA-256" ),
361 MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
362 },
363 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */
364 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
365 {
366 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", "RSA with SHA-384" ),
367 MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA,
368 },
369 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */
370 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
371 {
372 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", "RSA with SHA-512" ),
373 MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA,
374 },
375 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */
376 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
377 {
378 OID_DESCRIPTOR( MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1" ),
379 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
380 },
381 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
382 #endif /* MBEDTLS_RSA_C */
383 #if defined(MBEDTLS_ECDSA_C)
384 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
385 {
386 OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1" ),
387 MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
388 },
389 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
390 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
391 {
392 OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224" ),
393 MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
394 },
395 #endif
396 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
397 {
398 OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256" ),
399 MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
400 },
401 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */
402 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
403 {
404 OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384" ),
405 MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA,
406 },
407 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */
408 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
409 {
410 OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512" ),
411 MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA,
412 },
413 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */
414 #endif /* MBEDTLS_ECDSA_C */
415 #if defined(MBEDTLS_RSA_C)
416 {
417 OID_DESCRIPTOR( MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS" ),
418 MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS,
419 },
420 #endif /* MBEDTLS_RSA_C */
421 {
422 NULL_OID_DESCRIPTOR,
423 MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
424 },
425 };
426
427 FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
428
429 #if !defined(MBEDTLS_X509_REMOVE_INFO)
430 FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description)
431 #endif
432
433 FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg)
434 FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg)
435
436 /*
437 * For PublicKeyInfo (PKCS1, RFC 5480)
438 */
439 typedef struct {
440 mbedtls_oid_descriptor_t descriptor;
441 mbedtls_pk_type_t pk_alg;
442 } oid_pk_alg_t;
443
444 static const oid_pk_alg_t oid_pk_alg[] =
445 {
446 {
447 OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA" ),
448 MBEDTLS_PK_RSA,
449 },
450 {
451 OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key" ),
452 MBEDTLS_PK_ECKEY,
453 },
454 {
455 OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH" ),
456 MBEDTLS_PK_ECKEY_DH,
457 },
458 {
459 NULL_OID_DESCRIPTOR,
460 MBEDTLS_PK_NONE,
461 },
462 };
463
464 FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
465 FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
466 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg)
467
468 #if defined(MBEDTLS_ECP_C)
469 /*
470 * For namedCurve (RFC 5480)
471 */
472 typedef struct {
473 mbedtls_oid_descriptor_t descriptor;
474 mbedtls_ecp_group_id grp_id;
475 } oid_ecp_grp_t;
476
477 static const oid_ecp_grp_t oid_ecp_grp[] =
478 {
479 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
480 {
481 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1" ),
482 MBEDTLS_ECP_DP_SECP192R1,
483 },
484 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
485 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
486 {
487 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1" ),
488 MBEDTLS_ECP_DP_SECP224R1,
489 },
490 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
491 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
492 {
493 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1" ),
494 MBEDTLS_ECP_DP_SECP256R1,
495 },
496 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
497 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
498 {
499 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1" ),
500 MBEDTLS_ECP_DP_SECP384R1,
501 },
502 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
503 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
504 {
505 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1" ),
506 MBEDTLS_ECP_DP_SECP521R1,
507 },
508 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
509 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
510 {
511 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1" ),
512 MBEDTLS_ECP_DP_SECP192K1,
513 },
514 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
515 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
516 {
517 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1" ),
518 MBEDTLS_ECP_DP_SECP224K1,
519 },
520 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
521 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
522 {
523 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1" ),
524 MBEDTLS_ECP_DP_SECP256K1,
525 },
526 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
527 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
528 {
529 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1","brainpool256r1" ),
530 MBEDTLS_ECP_DP_BP256R1,
531 },
532 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
533 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
534 {
535 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1","brainpool384r1" ),
536 MBEDTLS_ECP_DP_BP384R1,
537 },
538 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
539 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
540 {
541 OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1","brainpool512r1" ),
542 MBEDTLS_ECP_DP_BP512R1,
543 },
544 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
545 {
546 NULL_OID_DESCRIPTOR,
547 MBEDTLS_ECP_DP_NONE,
548 },
549 };
550
551 FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
552 FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
553 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id)
554 #endif /* MBEDTLS_ECP_C */
555
556 #if defined(MBEDTLS_CIPHER_C)
557 /*
558 * For PKCS#5 PBES2 encryption algorithm
559 */
560 typedef struct {
561 mbedtls_oid_descriptor_t descriptor;
562 mbedtls_cipher_type_t cipher_alg;
563 } oid_cipher_alg_t;
564
565 static const oid_cipher_alg_t oid_cipher_alg[] =
566 {
567 {
568 OID_DESCRIPTOR( MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC" ),
569 MBEDTLS_CIPHER_DES_CBC,
570 },
571 {
572 OID_DESCRIPTOR( MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC" ),
573 MBEDTLS_CIPHER_DES_EDE3_CBC,
574 },
575 {
576 NULL_OID_DESCRIPTOR,
577 MBEDTLS_CIPHER_NONE,
578 },
579 };
580
581 FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
582 FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, cipher_alg)
583 #endif /* MBEDTLS_CIPHER_C */
584
585 /*
586 * For digestAlgorithm
587 */
588 typedef struct {
589 mbedtls_oid_descriptor_t descriptor;
590 mbedtls_md_type_t md_alg;
591 } oid_md_alg_t;
592
593 static const oid_md_alg_t oid_md_alg[] =
594 {
595 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA)
596 {
597 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5" ),
598 MBEDTLS_MD_MD5,
599 },
600 #endif
601 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
602 {
603 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1" ),
604 MBEDTLS_MD_SHA1,
605 },
606 #endif
607 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
608 {
609 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224" ),
610 MBEDTLS_MD_SHA224,
611 },
612 #endif
613 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
614 {
615 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256" ),
616 MBEDTLS_MD_SHA256,
617 },
618 #endif
619 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
620 {
621 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384" ),
622 MBEDTLS_MD_SHA384,
623 },
624 #endif
625 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
626 {
627 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512" ),
628 MBEDTLS_MD_SHA512,
629 },
630 #endif
631 #if defined(MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA)
632 {
633 OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160" ),
634 MBEDTLS_MD_RIPEMD160,
635 },
636 #endif
637 {
638 NULL_OID_DESCRIPTOR,
639 MBEDTLS_MD_NONE,
640 },
641 };
642
643 FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
644 FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
645 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
646
647 /*
648 * For HMAC digestAlgorithm
649 */
650 typedef struct {
651 mbedtls_oid_descriptor_t descriptor;
652 mbedtls_md_type_t md_hmac;
653 } oid_md_hmac_t;
654
655 static const oid_md_hmac_t oid_md_hmac[] =
656 {
657 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
658 {
659 OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1" ),
660 MBEDTLS_MD_SHA1,
661 },
662 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
663 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
664 {
665 OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224" ),
666 MBEDTLS_MD_SHA224,
667 },
668 #endif
669 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
670 {
671 OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256" ),
672 MBEDTLS_MD_SHA256,
673 },
674 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */
675 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
676 {
677 OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384" ),
678 MBEDTLS_MD_SHA384,
679 },
680 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */
681 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
682 {
683 OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512" ),
684 MBEDTLS_MD_SHA512,
685 },
686 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */
687 {
688 NULL_OID_DESCRIPTOR,
689 MBEDTLS_MD_NONE,
690 },
691 };
692
693 FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac)
694 FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac)
695
696 #if defined(MBEDTLS_PKCS12_C)
697 /*
698 * For PKCS#12 PBEs
699 */
700 typedef struct {
701 mbedtls_oid_descriptor_t descriptor;
702 mbedtls_md_type_t md_alg;
703 mbedtls_cipher_type_t cipher_alg;
704 } oid_pkcs12_pbe_alg_t;
705
706 static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
707 {
708 {
709 OID_DESCRIPTOR( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" ),
710 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC,
711 },
712 {
713 OID_DESCRIPTOR( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" ),
714 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC,
715 },
716 {
717 NULL_OID_DESCRIPTOR,
718 MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE,
719 },
720 };
721
FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t,pkcs12_pbe_alg,oid_pkcs12_pbe_alg)722 FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
723 FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, md_alg, mbedtls_cipher_type_t, cipher_alg)
724 #endif /* MBEDTLS_PKCS12_C */
725
726 #define OID_SAFE_SNPRINTF \
727 do { \
728 if( ret < 0 || (size_t) ret >= n ) \
729 return( MBEDTLS_ERR_OID_BUF_TOO_SMALL ); \
730 \
731 n -= (size_t) ret; \
732 p += (size_t) ret; \
733 } while( 0 )
734
735 /* Return the x.y.z.... style numeric string for the given OID */
736 int mbedtls_oid_get_numeric_string( char *buf, size_t size,
737 const mbedtls_asn1_buf *oid )
738 {
739 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
740 size_t i, n;
741 unsigned int value;
742 char *p;
743
744 p = buf;
745 n = size;
746
747 /* First byte contains first two dots */
748 if( oid->len > 0 )
749 {
750 ret = mbedtls_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
751 OID_SAFE_SNPRINTF;
752 }
753
754 value = 0;
755 for( i = 1; i < oid->len; i++ )
756 {
757 /* Prevent overflow in value. */
758 if( ( ( value << 7 ) >> 7 ) != value )
759 return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );
760
761 value <<= 7;
762 value += oid->p[i] & 0x7F;
763
764 if( !( oid->p[i] & 0x80 ) )
765 {
766 /* Last byte */
767 ret = mbedtls_snprintf( p, n, ".%u", value );
768 OID_SAFE_SNPRINTF;
769 value = 0;
770 }
771 }
772
773 return( (int) ( size - n ) );
774 }
775
776 #endif /* MBEDTLS_OID_C */
777
