1 /**
2 * \file oid.c
3 *
4 * \brief Object Identifier (OID) database
5 *
6 * Copyright The Mbed TLS Contributors
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 */
21
22 #include "common.h"
23
24 #if defined(MBEDTLS_OID_C)
25
26 #include "mbedtls/oid.h"
27 #include "mbedtls/rsa.h"
28 #include "mbedtls/error.h"
29 #include "mbedtls/pk.h"
30
31 #include "mbedtls/legacy_or_psa.h"
32
33 #include <stdio.h>
34 #include <string.h>
35
36 #include "mbedtls/platform.h"
37
38 /*
39 * Macro to automatically add the size of #define'd OIDs
40 */
41 #define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s)
42
43 /*
44 * Macro to generate mbedtls_oid_descriptor_t
45 */
46 #if !defined(MBEDTLS_X509_REMOVE_INFO)
47 #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description }
48 #define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL }
49 #else
50 #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s) }
51 #define NULL_OID_DESCRIPTOR { NULL, 0 }
52 #endif
53
54 /*
55 * Macro to generate an internal function for oid_XXX_from_asn1() (used by
56 * the other functions)
57 */
58 #define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST) \
59 static const TYPE_T *oid_ ## NAME ## _from_asn1( \
60 const mbedtls_asn1_buf *oid) \
61 { \
62 const TYPE_T *p = (LIST); \
63 const mbedtls_oid_descriptor_t *cur = \
64 (const mbedtls_oid_descriptor_t *) p; \
65 if (p == NULL || oid == NULL) return NULL; \
66 while (cur->asn1 != NULL) { \
67 if (cur->asn1_len == oid->len && \
68 memcmp(cur->asn1, oid->p, oid->len) == 0) { \
69 return p; \
70 } \
71 p++; \
72 cur = (const mbedtls_oid_descriptor_t *) p; \
73 } \
74 return NULL; \
75 }
76
77 #if !defined(MBEDTLS_X509_REMOVE_INFO)
78 /*
79 * Macro to generate a function for retrieving a single attribute from the
80 * descriptor of an mbedtls_oid_descriptor_t wrapper.
81 */
82 #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
83 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
84 { \
85 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
86 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
87 *ATTR1 = data->descriptor.ATTR1; \
88 return 0; \
89 }
90 #endif /* MBEDTLS_X509_REMOVE_INFO */
91
92 /*
93 * Macro to generate a function for retrieving a single attribute from an
94 * mbedtls_oid_descriptor_t wrapper.
95 */
96 #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
97 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
98 { \
99 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
100 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
101 *ATTR1 = data->ATTR1; \
102 return 0; \
103 }
104
105 /*
106 * Macro to generate a function for retrieving two attributes from an
107 * mbedtls_oid_descriptor_t wrapper.
108 */
109 #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \
110 ATTR2_TYPE, ATTR2) \
111 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \
112 ATTR2_TYPE * ATTR2) \
113 { \
114 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
115 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
116 *(ATTR1) = data->ATTR1; \
117 *(ATTR2) = data->ATTR2; \
118 return 0; \
119 }
120
121 /*
122 * Macro to generate a function for retrieving the OID based on a single
123 * attribute from a mbedtls_oid_descriptor_t wrapper.
124 */
125 #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \
126 int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \
127 { \
128 const TYPE_T *cur = (LIST); \
129 while (cur->descriptor.asn1 != NULL) { \
130 if (cur->ATTR1 == (ATTR1)) { \
131 *oid = cur->descriptor.asn1; \
132 *olen = cur->descriptor.asn1_len; \
133 return 0; \
134 } \
135 cur++; \
136 } \
137 return MBEDTLS_ERR_OID_NOT_FOUND; \
138 }
139
140 /*
141 * Macro to generate a function for retrieving the OID based on two
142 * attributes from a mbedtls_oid_descriptor_t wrapper.
143 */
144 #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \
145 ATTR2_TYPE, ATTR2) \
146 int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid, \
147 size_t *olen) \
148 { \
149 const TYPE_T *cur = (LIST); \
150 while (cur->descriptor.asn1 != NULL) { \
151 if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) { \
152 *oid = cur->descriptor.asn1; \
153 *olen = cur->descriptor.asn1_len; \
154 return 0; \
155 } \
156 cur++; \
157 } \
158 return MBEDTLS_ERR_OID_NOT_FOUND; \
159 }
160
161 /*
162 * For X520 attribute types
163 */
164 typedef struct {
165 mbedtls_oid_descriptor_t descriptor;
166 const char *short_name;
167 } oid_x520_attr_t;
168
169 static const oid_x520_attr_t oid_x520_attr_type[] =
170 {
171 {
172 OID_DESCRIPTOR(MBEDTLS_OID_AT_CN, "id-at-commonName", "Common Name"),
173 "CN",
174 },
175 {
176 OID_DESCRIPTOR(MBEDTLS_OID_AT_COUNTRY, "id-at-countryName", "Country"),
177 "C",
178 },
179 {
180 OID_DESCRIPTOR(MBEDTLS_OID_AT_LOCALITY, "id-at-locality", "Locality"),
181 "L",
182 },
183 {
184 OID_DESCRIPTOR(MBEDTLS_OID_AT_STATE, "id-at-state", "State"),
185 "ST",
186 },
187 {
188 OID_DESCRIPTOR(MBEDTLS_OID_AT_ORGANIZATION, "id-at-organizationName",
189 "Organization"),
190 "O",
191 },
192 {
193 OID_DESCRIPTOR(MBEDTLS_OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit"),
194 "OU",
195 },
196 {
197 OID_DESCRIPTOR(MBEDTLS_OID_PKCS9_EMAIL,
198 "emailAddress",
199 "E-mail address"),
200 "emailAddress",
201 },
202 {
203 OID_DESCRIPTOR(MBEDTLS_OID_AT_SERIAL_NUMBER,
204 "id-at-serialNumber",
205 "Serial number"),
206 "serialNumber",
207 },
208 {
209 OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_ADDRESS,
210 "id-at-postalAddress",
211 "Postal address"),
212 "postalAddress",
213 },
214 {
215 OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode", "Postal code"),
216 "postalCode",
217 },
218 {
219 OID_DESCRIPTOR(MBEDTLS_OID_AT_SUR_NAME, "id-at-surName", "Surname"),
220 "SN",
221 },
222 {
223 OID_DESCRIPTOR(MBEDTLS_OID_AT_GIVEN_NAME, "id-at-givenName", "Given name"),
224 "GN",
225 },
226 {
227 OID_DESCRIPTOR(MBEDTLS_OID_AT_INITIALS, "id-at-initials", "Initials"),
228 "initials",
229 },
230 {
231 OID_DESCRIPTOR(MBEDTLS_OID_AT_GENERATION_QUALIFIER,
232 "id-at-generationQualifier",
233 "Generation qualifier"),
234 "generationQualifier",
235 },
236 {
237 OID_DESCRIPTOR(MBEDTLS_OID_AT_TITLE, "id-at-title", "Title"),
238 "title",
239 },
240 {
241 OID_DESCRIPTOR(MBEDTLS_OID_AT_DN_QUALIFIER,
242 "id-at-dnQualifier",
243 "Distinguished Name qualifier"),
244 "dnQualifier",
245 },
246 {
247 OID_DESCRIPTOR(MBEDTLS_OID_AT_PSEUDONYM, "id-at-pseudonym", "Pseudonym"),
248 "pseudonym",
249 },
250 {
251 OID_DESCRIPTOR(MBEDTLS_OID_UID, "id-uid", "User Id"),
252 "uid",
253 },
254 {
255 OID_DESCRIPTOR(MBEDTLS_OID_DOMAIN_COMPONENT,
256 "id-domainComponent",
257 "Domain component"),
258 "DC",
259 },
260 {
261 OID_DESCRIPTOR(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER,
262 "id-at-uniqueIdentifier",
263 "Unique Identifier"),
264 "uniqueIdentifier",
265 },
266 {
267 NULL_OID_DESCRIPTOR,
268 NULL,
269 }
270 };
271
272 FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
273 FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name,
274 oid_x520_attr_t,
275 x520_attr,
276 const char *,
277 short_name)
278
279 /*
280 * For X509 extensions
281 */
282 typedef struct {
283 mbedtls_oid_descriptor_t descriptor;
284 int ext_type;
285 } oid_x509_ext_t;
286
287 static const oid_x509_ext_t oid_x509_ext[] =
288 {
289 {
290 OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS,
291 "id-ce-basicConstraints",
292 "Basic Constraints"),
293 MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
294 },
295 {
296 OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage"),
297 MBEDTLS_OID_X509_EXT_KEY_USAGE,
298 },
299 {
300 OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE,
301 "id-ce-extKeyUsage",
302 "Extended Key Usage"),
303 MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
304 },
305 {
306 OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME,
307 "id-ce-subjectAltName",
308 "Subject Alt Name"),
309 MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
310 },
311 {
312 OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE,
313 "id-netscape-certtype",
314 "Netscape Certificate Type"),
315 MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
316 },
317 {
318 OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES,
319 "id-ce-certificatePolicies",
320 "Certificate Policies"),
321 MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
322 },
323 {
324 NULL_OID_DESCRIPTOR,
325 0,
326 },
327 };
328
329 FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
330 FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
331
332 #if !defined(MBEDTLS_X509_REMOVE_INFO)
333 static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
334 {
335 OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH,
336 "id-kp-serverAuth",
337 "TLS Web Server Authentication"),
338 OID_DESCRIPTOR(MBEDTLS_OID_CLIENT_AUTH,
339 "id-kp-clientAuth",
340 "TLS Web Client Authentication"),
341 OID_DESCRIPTOR(MBEDTLS_OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing"),
342 OID_DESCRIPTOR(MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection"),
343 OID_DESCRIPTOR(MBEDTLS_OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping"),
344 OID_DESCRIPTOR(MBEDTLS_OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing"),
345 OID_DESCRIPTOR(MBEDTLS_OID_WISUN_FAN,
346 "id-kp-wisun-fan-device",
347 "Wi-SUN Alliance Field Area Network (FAN)"),
348 NULL_OID_DESCRIPTOR,
349 };
350
351 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
352 FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage,
353 mbedtls_oid_descriptor_t,
354 ext_key_usage,
355 const char *,
356 description)
357
358 static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
359 {
360 OID_DESCRIPTOR(MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy"),
361 NULL_OID_DESCRIPTOR,
362 };
363
364 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
365 FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies,
366 mbedtls_oid_descriptor_t,
367 certificate_policies,
368 const char *,
369 description)
370 #endif /* MBEDTLS_X509_REMOVE_INFO */
371
372 /*
373 * For SignatureAlgorithmIdentifier
374 */
375 typedef struct {
376 mbedtls_oid_descriptor_t descriptor;
377 mbedtls_md_type_t md_alg;
378 mbedtls_pk_type_t pk_alg;
379 } oid_sig_alg_t;
380
381 static const oid_sig_alg_t oid_sig_alg[] =
382 {
383 #if defined(MBEDTLS_RSA_C)
384 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA)
385 {
386 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"),
387 MBEDTLS_MD_MD5, MBEDTLS_PK_RSA,
388 },
389 #endif /* MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA */
390 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
391 {
392 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1"),
393 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
394 },
395 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
396 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
397 {
398 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption",
399 "RSA with SHA-224"),
400 MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
401 },
402 #endif /* MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA */
403 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
404 {
405 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption",
406 "RSA with SHA-256"),
407 MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
408 },
409 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */
410 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
411 {
412 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption",
413 "RSA with SHA-384"),
414 MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA,
415 },
416 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */
417 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
418 {
419 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption",
420 "RSA with SHA-512"),
421 MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA,
422 },
423 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */
424 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
425 {
426 OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1"),
427 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
428 },
429 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
430 #endif /* MBEDTLS_RSA_C */
431 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
432 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
433 {
434 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1"),
435 MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
436 },
437 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
438 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
439 {
440 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"),
441 MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
442 },
443 #endif
444 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
445 {
446 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256"),
447 MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
448 },
449 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */
450 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
451 {
452 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"),
453 MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA,
454 },
455 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */
456 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
457 {
458 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"),
459 MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA,
460 },
461 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */
462 #endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
463 #if defined(MBEDTLS_RSA_C)
464 {
465 OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"),
466 MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS,
467 },
468 #endif /* MBEDTLS_RSA_C */
469 {
470 NULL_OID_DESCRIPTOR,
471 MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
472 },
473 };
474
475 FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
476
477 #if !defined(MBEDTLS_X509_REMOVE_INFO)
478 FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc,
479 oid_sig_alg_t,
480 sig_alg,
481 const char *,
482 description)
483 #endif
484
485 FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg,
486 oid_sig_alg_t,
487 sig_alg,
488 mbedtls_md_type_t,
489 md_alg,
490 mbedtls_pk_type_t,
491 pk_alg)
492 FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg,
493 oid_sig_alg_t,
494 oid_sig_alg,
495 mbedtls_pk_type_t,
496 pk_alg,
497 mbedtls_md_type_t,
498 md_alg)
499
500 /*
501 * For PublicKeyInfo (PKCS1, RFC 5480)
502 */
503 typedef struct {
504 mbedtls_oid_descriptor_t descriptor;
505 mbedtls_pk_type_t pk_alg;
506 } oid_pk_alg_t;
507
508 static const oid_pk_alg_t oid_pk_alg[] =
509 {
510 {
511 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA"),
512 MBEDTLS_PK_RSA,
513 },
514 {
515 OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key"),
516 MBEDTLS_PK_ECKEY,
517 },
518 {
519 OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH"),
520 MBEDTLS_PK_ECKEY_DH,
521 },
522 {
523 NULL_OID_DESCRIPTOR,
524 MBEDTLS_PK_NONE,
525 },
526 };
527
528 FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
529 FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
530 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg,
531 oid_pk_alg_t,
532 oid_pk_alg,
533 mbedtls_pk_type_t,
534 pk_alg)
535
536 #if defined(MBEDTLS_ECP_C)
537 /*
538 * For namedCurve (RFC 5480)
539 */
540 typedef struct {
541 mbedtls_oid_descriptor_t descriptor;
542 mbedtls_ecp_group_id grp_id;
543 } oid_ecp_grp_t;
544
545 static const oid_ecp_grp_t oid_ecp_grp[] =
546 {
547 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
548 {
549 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1"),
550 MBEDTLS_ECP_DP_SECP192R1,
551 },
552 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
553 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
554 {
555 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1"),
556 MBEDTLS_ECP_DP_SECP224R1,
557 },
558 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
559 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
560 {
561 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1"),
562 MBEDTLS_ECP_DP_SECP256R1,
563 },
564 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
565 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
566 {
567 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1"),
568 MBEDTLS_ECP_DP_SECP384R1,
569 },
570 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
571 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
572 {
573 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"),
574 MBEDTLS_ECP_DP_SECP521R1,
575 },
576 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
577 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
578 {
579 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"),
580 MBEDTLS_ECP_DP_SECP192K1,
581 },
582 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
583 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
584 {
585 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1"),
586 MBEDTLS_ECP_DP_SECP224K1,
587 },
588 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
589 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
590 {
591 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"),
592 MBEDTLS_ECP_DP_SECP256K1,
593 },
594 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
595 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
596 {
597 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"),
598 MBEDTLS_ECP_DP_BP256R1,
599 },
600 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
601 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
602 {
603 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1", "brainpool384r1"),
604 MBEDTLS_ECP_DP_BP384R1,
605 },
606 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
607 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
608 {
609 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1", "brainpool512r1"),
610 MBEDTLS_ECP_DP_BP512R1,
611 },
612 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
613 {
614 NULL_OID_DESCRIPTOR,
615 MBEDTLS_ECP_DP_NONE,
616 },
617 };
618
619 FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
620 FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
621 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp,
622 oid_ecp_grp_t,
623 oid_ecp_grp,
624 mbedtls_ecp_group_id,
625 grp_id)
626 #endif /* MBEDTLS_ECP_C */
627
628 #if defined(MBEDTLS_CIPHER_C)
629 /*
630 * For PKCS#5 PBES2 encryption algorithm
631 */
632 typedef struct {
633 mbedtls_oid_descriptor_t descriptor;
634 mbedtls_cipher_type_t cipher_alg;
635 } oid_cipher_alg_t;
636
637 static const oid_cipher_alg_t oid_cipher_alg[] =
638 {
639 {
640 OID_DESCRIPTOR(MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC"),
641 MBEDTLS_CIPHER_DES_CBC,
642 },
643 {
644 OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC"),
645 MBEDTLS_CIPHER_DES_EDE3_CBC,
646 },
647 {
648 NULL_OID_DESCRIPTOR,
649 MBEDTLS_CIPHER_NONE,
650 },
651 };
652
653 FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
654 FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg,
655 oid_cipher_alg_t,
656 cipher_alg,
657 mbedtls_cipher_type_t,
658 cipher_alg)
659 #endif /* MBEDTLS_CIPHER_C */
660
661 /*
662 * For digestAlgorithm
663 */
664 typedef struct {
665 mbedtls_oid_descriptor_t descriptor;
666 mbedtls_md_type_t md_alg;
667 } oid_md_alg_t;
668
669 static const oid_md_alg_t oid_md_alg[] =
670 {
671 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA)
672 {
673 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5"),
674 MBEDTLS_MD_MD5,
675 },
676 #endif
677 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
678 {
679 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1"),
680 MBEDTLS_MD_SHA1,
681 },
682 #endif
683 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
684 {
685 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224"),
686 MBEDTLS_MD_SHA224,
687 },
688 #endif
689 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
690 {
691 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256"),
692 MBEDTLS_MD_SHA256,
693 },
694 #endif
695 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
696 {
697 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384"),
698 MBEDTLS_MD_SHA384,
699 },
700 #endif
701 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
702 {
703 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512"),
704 MBEDTLS_MD_SHA512,
705 },
706 #endif
707 #if defined(MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA)
708 {
709 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"),
710 MBEDTLS_MD_RIPEMD160,
711 },
712 #endif
713 {
714 NULL_OID_DESCRIPTOR,
715 MBEDTLS_MD_NONE,
716 },
717 };
718
719 FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
720 FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
721 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md,
722 oid_md_alg_t,
723 oid_md_alg,
724 mbedtls_md_type_t,
725 md_alg)
726
727 /*
728 * For HMAC digestAlgorithm
729 */
730 typedef struct {
731 mbedtls_oid_descriptor_t descriptor;
732 mbedtls_md_type_t md_hmac;
733 } oid_md_hmac_t;
734
735 static const oid_md_hmac_t oid_md_hmac[] =
736 {
737 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
738 {
739 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1"),
740 MBEDTLS_MD_SHA1,
741 },
742 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */
743 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
744 {
745 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"),
746 MBEDTLS_MD_SHA224,
747 },
748 #endif
749 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
750 {
751 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"),
752 MBEDTLS_MD_SHA256,
753 },
754 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */
755 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
756 {
757 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384"),
758 MBEDTLS_MD_SHA384,
759 },
760 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */
761 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA)
762 {
763 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512"),
764 MBEDTLS_MD_SHA512,
765 },
766 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */
767 {
768 NULL_OID_DESCRIPTOR,
769 MBEDTLS_MD_NONE,
770 },
771 };
772
773 FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac)
774 FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac)
775
776 #if defined(MBEDTLS_PKCS12_C)
777 /*
778 * For PKCS#12 PBEs
779 */
780 typedef struct {
781 mbedtls_oid_descriptor_t descriptor;
782 mbedtls_md_type_t md_alg;
783 mbedtls_cipher_type_t cipher_alg;
784 } oid_pkcs12_pbe_alg_t;
785
786 static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
787 {
788 {
789 OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC,
790 "pbeWithSHAAnd3-KeyTripleDES-CBC",
791 "PBE with SHA1 and 3-Key 3DES"),
792 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC,
793 },
794 {
795 OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC,
796 "pbeWithSHAAnd2-KeyTripleDES-CBC",
797 "PBE with SHA1 and 2-Key 3DES"),
798 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC,
799 },
800 {
801 NULL_OID_DESCRIPTOR,
802 MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE,
803 },
804 };
805
FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t,pkcs12_pbe_alg,oid_pkcs12_pbe_alg)806 FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
807 FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg,
808 oid_pkcs12_pbe_alg_t,
809 pkcs12_pbe_alg,
810 mbedtls_md_type_t,
811 md_alg,
812 mbedtls_cipher_type_t,
813 cipher_alg)
814 #endif /* MBEDTLS_PKCS12_C */
815
816 /* Return the x.y.z.... style numeric string for the given OID */
817 int mbedtls_oid_get_numeric_string(char *buf, size_t size,
818 const mbedtls_asn1_buf *oid)
819 {
820 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
821 char *p = buf;
822 size_t n = size;
823 unsigned int value = 0;
824
825 if (size > INT_MAX) {
826 /* Avoid overflow computing return value */
827 return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
828 }
829
830 if (oid->len <= 0) {
831 /* OID must not be empty */
832 return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
833 }
834
835 for (size_t i = 0; i < oid->len; i++) {
836 /* Prevent overflow in value. */
837 if (value > (UINT_MAX >> 7)) {
838 return MBEDTLS_ERR_ASN1_INVALID_DATA;
839 }
840 if ((value == 0) && ((oid->p[i]) == 0x80)) {
841 /* Overlong encoding is not allowed */
842 return MBEDTLS_ERR_ASN1_INVALID_DATA;
843 }
844
845 value <<= 7;
846 value |= oid->p[i] & 0x7F;
847
848 if (!(oid->p[i] & 0x80)) {
849 /* Last byte */
850 if (n == size) {
851 int component1;
852 unsigned int component2;
853 /* First subidentifier contains first two OID components */
854 if (value >= 80) {
855 component1 = '2';
856 component2 = value - 80;
857 } else if (value >= 40) {
858 component1 = '1';
859 component2 = value - 40;
860 } else {
861 component1 = '0';
862 component2 = value;
863 }
864 ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2);
865 } else {
866 ret = mbedtls_snprintf(p, n, ".%u", value);
867 }
868 if (ret < 2 || (size_t) ret >= n) {
869 return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
870 }
871 n -= (size_t) ret;
872 p += ret;
873 value = 0;
874 }
875 }
876
877 if (value != 0) {
878 /* Unterminated subidentifier */
879 return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
880 }
881
882 return (int) (size - n);
883 }
884
885 #endif /* MBEDTLS_OID_C */
886
