1 /** 2 * \file oid.c 3 * 4 * \brief Object Identifier (OID) database 5 * 6 * Copyright The Mbed TLS Contributors 7 * SPDX-License-Identifier: Apache-2.0 8 * 9 * Licensed under the Apache License, Version 2.0 (the "License"); you may 10 * not use this file except in compliance with the License. 11 * You may obtain a copy of the License at 12 * 13 * http://www.apache.org/licenses/LICENSE-2.0 14 * 15 * Unless required by applicable law or agreed to in writing, software 16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 18 * See the License for the specific language governing permissions and 19 * limitations under the License. 20 */ 21 22 #include "common.h" 23 24 #if defined(MBEDTLS_OID_C) 25 26 #include "mbedtls/oid.h" 27 #include "mbedtls/rsa.h" 28 #include "mbedtls/error.h" 29 #include "mbedtls/pk.h" 30 31 #include "mbedtls/legacy_or_psa.h" 32 33 #include <stdio.h> 34 #include <string.h> 35 36 #include "mbedtls/platform.h" 37 38 /* 39 * Macro to automatically add the size of #define'd OIDs 40 */ 41 #define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s) 42 43 /* 44 * Macro to generate mbedtls_oid_descriptor_t 45 */ 46 #if !defined(MBEDTLS_X509_REMOVE_INFO) 47 #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description } 48 #define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL } 49 #else 50 #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s) } 51 #define NULL_OID_DESCRIPTOR { NULL, 0 } 52 #endif 53 54 /* 55 * Macro to generate an internal function for oid_XXX_from_asn1() (used by 56 * the other functions) 57 */ 58 #define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST) \ 59 static const TYPE_T *oid_ ## NAME ## _from_asn1( \ 60 const mbedtls_asn1_buf *oid) \ 61 { \ 62 const TYPE_T *p = (LIST); \ 63 const mbedtls_oid_descriptor_t *cur = \ 64 (const mbedtls_oid_descriptor_t *) p; \ 65 if (p == NULL || oid == NULL) return NULL; \ 66 while (cur->asn1 != NULL) { \ 67 if (cur->asn1_len == oid->len && \ 68 memcmp(cur->asn1, oid->p, oid->len) == 0) { \ 69 return p; \ 70 } \ 71 p++; \ 72 cur = (const mbedtls_oid_descriptor_t *) p; \ 73 } \ 74 return NULL; \ 75 } 76 77 #if !defined(MBEDTLS_X509_REMOVE_INFO) 78 /* 79 * Macro to generate a function for retrieving a single attribute from the 80 * descriptor of an mbedtls_oid_descriptor_t wrapper. 81 */ 82 #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ 83 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ 84 { \ 85 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 86 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ 87 *ATTR1 = data->descriptor.ATTR1; \ 88 return 0; \ 89 } 90 #endif /* MBEDTLS_X509_REMOVE_INFO */ 91 92 /* 93 * Macro to generate a function for retrieving a single attribute from an 94 * mbedtls_oid_descriptor_t wrapper. 95 */ 96 #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ 97 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ 98 { \ 99 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 100 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ 101 *ATTR1 = data->ATTR1; \ 102 return 0; \ 103 } 104 105 /* 106 * Macro to generate a function for retrieving two attributes from an 107 * mbedtls_oid_descriptor_t wrapper. 108 */ 109 #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \ 110 ATTR2_TYPE, ATTR2) \ 111 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \ 112 ATTR2_TYPE * ATTR2) \ 113 { \ 114 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 115 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ 116 *(ATTR1) = data->ATTR1; \ 117 *(ATTR2) = data->ATTR2; \ 118 return 0; \ 119 } 120 121 /* 122 * Macro to generate a function for retrieving the OID based on a single 123 * attribute from a mbedtls_oid_descriptor_t wrapper. 124 */ 125 #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \ 126 int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \ 127 { \ 128 const TYPE_T *cur = (LIST); \ 129 while (cur->descriptor.asn1 != NULL) { \ 130 if (cur->ATTR1 == (ATTR1)) { \ 131 *oid = cur->descriptor.asn1; \ 132 *olen = cur->descriptor.asn1_len; \ 133 return 0; \ 134 } \ 135 cur++; \ 136 } \ 137 return MBEDTLS_ERR_OID_NOT_FOUND; \ 138 } 139 140 /* 141 * Macro to generate a function for retrieving the OID based on two 142 * attributes from a mbedtls_oid_descriptor_t wrapper. 143 */ 144 #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \ 145 ATTR2_TYPE, ATTR2) \ 146 int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid, \ 147 size_t *olen) \ 148 { \ 149 const TYPE_T *cur = (LIST); \ 150 while (cur->descriptor.asn1 != NULL) { \ 151 if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) { \ 152 *oid = cur->descriptor.asn1; \ 153 *olen = cur->descriptor.asn1_len; \ 154 return 0; \ 155 } \ 156 cur++; \ 157 } \ 158 return MBEDTLS_ERR_OID_NOT_FOUND; \ 159 } 160 161 /* 162 * For X520 attribute types 163 */ 164 typedef struct { 165 mbedtls_oid_descriptor_t descriptor; 166 const char *short_name; 167 } oid_x520_attr_t; 168 169 static const oid_x520_attr_t oid_x520_attr_type[] = 170 { 171 { 172 OID_DESCRIPTOR(MBEDTLS_OID_AT_CN, "id-at-commonName", "Common Name"), 173 "CN", 174 }, 175 { 176 OID_DESCRIPTOR(MBEDTLS_OID_AT_COUNTRY, "id-at-countryName", "Country"), 177 "C", 178 }, 179 { 180 OID_DESCRIPTOR(MBEDTLS_OID_AT_LOCALITY, "id-at-locality", "Locality"), 181 "L", 182 }, 183 { 184 OID_DESCRIPTOR(MBEDTLS_OID_AT_STATE, "id-at-state", "State"), 185 "ST", 186 }, 187 { 188 OID_DESCRIPTOR(MBEDTLS_OID_AT_ORGANIZATION, "id-at-organizationName", 189 "Organization"), 190 "O", 191 }, 192 { 193 OID_DESCRIPTOR(MBEDTLS_OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit"), 194 "OU", 195 }, 196 { 197 OID_DESCRIPTOR(MBEDTLS_OID_PKCS9_EMAIL, 198 "emailAddress", 199 "E-mail address"), 200 "emailAddress", 201 }, 202 { 203 OID_DESCRIPTOR(MBEDTLS_OID_AT_SERIAL_NUMBER, 204 "id-at-serialNumber", 205 "Serial number"), 206 "serialNumber", 207 }, 208 { 209 OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_ADDRESS, 210 "id-at-postalAddress", 211 "Postal address"), 212 "postalAddress", 213 }, 214 { 215 OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode", "Postal code"), 216 "postalCode", 217 }, 218 { 219 OID_DESCRIPTOR(MBEDTLS_OID_AT_SUR_NAME, "id-at-surName", "Surname"), 220 "SN", 221 }, 222 { 223 OID_DESCRIPTOR(MBEDTLS_OID_AT_GIVEN_NAME, "id-at-givenName", "Given name"), 224 "GN", 225 }, 226 { 227 OID_DESCRIPTOR(MBEDTLS_OID_AT_INITIALS, "id-at-initials", "Initials"), 228 "initials", 229 }, 230 { 231 OID_DESCRIPTOR(MBEDTLS_OID_AT_GENERATION_QUALIFIER, 232 "id-at-generationQualifier", 233 "Generation qualifier"), 234 "generationQualifier", 235 }, 236 { 237 OID_DESCRIPTOR(MBEDTLS_OID_AT_TITLE, "id-at-title", "Title"), 238 "title", 239 }, 240 { 241 OID_DESCRIPTOR(MBEDTLS_OID_AT_DN_QUALIFIER, 242 "id-at-dnQualifier", 243 "Distinguished Name qualifier"), 244 "dnQualifier", 245 }, 246 { 247 OID_DESCRIPTOR(MBEDTLS_OID_AT_PSEUDONYM, "id-at-pseudonym", "Pseudonym"), 248 "pseudonym", 249 }, 250 { 251 OID_DESCRIPTOR(MBEDTLS_OID_UID, "id-uid", "User Id"), 252 "uid", 253 }, 254 { 255 OID_DESCRIPTOR(MBEDTLS_OID_DOMAIN_COMPONENT, 256 "id-domainComponent", 257 "Domain component"), 258 "DC", 259 }, 260 { 261 OID_DESCRIPTOR(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER, 262 "id-at-uniqueIdentifier", 263 "Unique Identifier"), 264 "uniqueIdentifier", 265 }, 266 { 267 NULL_OID_DESCRIPTOR, 268 NULL, 269 } 270 }; 271 272 FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type) 273 FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, 274 oid_x520_attr_t, 275 x520_attr, 276 const char *, 277 short_name) 278 279 /* 280 * For X509 extensions 281 */ 282 typedef struct { 283 mbedtls_oid_descriptor_t descriptor; 284 int ext_type; 285 } oid_x509_ext_t; 286 287 static const oid_x509_ext_t oid_x509_ext[] = 288 { 289 { 290 OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS, 291 "id-ce-basicConstraints", 292 "Basic Constraints"), 293 MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, 294 }, 295 { 296 OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage"), 297 MBEDTLS_OID_X509_EXT_KEY_USAGE, 298 }, 299 { 300 OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE, 301 "id-ce-extKeyUsage", 302 "Extended Key Usage"), 303 MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, 304 }, 305 { 306 OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME, 307 "id-ce-subjectAltName", 308 "Subject Alt Name"), 309 MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, 310 }, 311 { 312 OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE, 313 "id-netscape-certtype", 314 "Netscape Certificate Type"), 315 MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, 316 }, 317 { 318 OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES, 319 "id-ce-certificatePolicies", 320 "Certificate Policies"), 321 MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, 322 }, 323 { 324 NULL_OID_DESCRIPTOR, 325 0, 326 }, 327 }; 328 329 FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) 330 FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) 331 332 #if !defined(MBEDTLS_X509_REMOVE_INFO) 333 static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = 334 { 335 OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH, 336 "id-kp-serverAuth", 337 "TLS Web Server Authentication"), 338 OID_DESCRIPTOR(MBEDTLS_OID_CLIENT_AUTH, 339 "id-kp-clientAuth", 340 "TLS Web Client Authentication"), 341 OID_DESCRIPTOR(MBEDTLS_OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing"), 342 OID_DESCRIPTOR(MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection"), 343 OID_DESCRIPTOR(MBEDTLS_OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping"), 344 OID_DESCRIPTOR(MBEDTLS_OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing"), 345 OID_DESCRIPTOR(MBEDTLS_OID_WISUN_FAN, 346 "id-kp-wisun-fan-device", 347 "Wi-SUN Alliance Field Area Network (FAN)"), 348 NULL_OID_DESCRIPTOR, 349 }; 350 351 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) 352 FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, 353 mbedtls_oid_descriptor_t, 354 ext_key_usage, 355 const char *, 356 description) 357 358 static const mbedtls_oid_descriptor_t oid_certificate_policies[] = 359 { 360 OID_DESCRIPTOR(MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy"), 361 NULL_OID_DESCRIPTOR, 362 }; 363 364 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies) 365 FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, 366 mbedtls_oid_descriptor_t, 367 certificate_policies, 368 const char *, 369 description) 370 #endif /* MBEDTLS_X509_REMOVE_INFO */ 371 372 /* 373 * For SignatureAlgorithmIdentifier 374 */ 375 typedef struct { 376 mbedtls_oid_descriptor_t descriptor; 377 mbedtls_md_type_t md_alg; 378 mbedtls_pk_type_t pk_alg; 379 } oid_sig_alg_t; 380 381 static const oid_sig_alg_t oid_sig_alg[] = 382 { 383 #if defined(MBEDTLS_RSA_C) 384 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA) 385 { 386 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"), 387 MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, 388 }, 389 #endif /* MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA */ 390 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA) 391 { 392 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1"), 393 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, 394 }, 395 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */ 396 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA) 397 { 398 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", 399 "RSA with SHA-224"), 400 MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, 401 }, 402 #endif /* MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA */ 403 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA) 404 { 405 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", 406 "RSA with SHA-256"), 407 MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, 408 }, 409 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */ 410 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA) 411 { 412 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", 413 "RSA with SHA-384"), 414 MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, 415 }, 416 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */ 417 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA) 418 { 419 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", 420 "RSA with SHA-512"), 421 MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, 422 }, 423 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */ 424 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA) 425 { 426 OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1"), 427 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, 428 }, 429 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */ 430 #endif /* MBEDTLS_RSA_C */ 431 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) 432 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA) 433 { 434 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1"), 435 MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, 436 }, 437 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */ 438 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA) 439 { 440 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"), 441 MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, 442 }, 443 #endif 444 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA) 445 { 446 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256"), 447 MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, 448 }, 449 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */ 450 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA) 451 { 452 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"), 453 MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, 454 }, 455 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */ 456 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA) 457 { 458 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"), 459 MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, 460 }, 461 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */ 462 #endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ 463 #if defined(MBEDTLS_RSA_C) 464 { 465 OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"), 466 MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, 467 }, 468 #endif /* MBEDTLS_RSA_C */ 469 { 470 NULL_OID_DESCRIPTOR, 471 MBEDTLS_MD_NONE, MBEDTLS_PK_NONE, 472 }, 473 }; 474 475 FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) 476 477 #if !defined(MBEDTLS_X509_REMOVE_INFO) 478 FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, 479 oid_sig_alg_t, 480 sig_alg, 481 const char *, 482 description) 483 #endif 484 485 FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, 486 oid_sig_alg_t, 487 sig_alg, 488 mbedtls_md_type_t, 489 md_alg, 490 mbedtls_pk_type_t, 491 pk_alg) 492 FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, 493 oid_sig_alg_t, 494 oid_sig_alg, 495 mbedtls_pk_type_t, 496 pk_alg, 497 mbedtls_md_type_t, 498 md_alg) 499 500 /* 501 * For PublicKeyInfo (PKCS1, RFC 5480) 502 */ 503 typedef struct { 504 mbedtls_oid_descriptor_t descriptor; 505 mbedtls_pk_type_t pk_alg; 506 } oid_pk_alg_t; 507 508 static const oid_pk_alg_t oid_pk_alg[] = 509 { 510 { 511 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA"), 512 MBEDTLS_PK_RSA, 513 }, 514 { 515 OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key"), 516 MBEDTLS_PK_ECKEY, 517 }, 518 { 519 OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH"), 520 MBEDTLS_PK_ECKEY_DH, 521 }, 522 { 523 NULL_OID_DESCRIPTOR, 524 MBEDTLS_PK_NONE, 525 }, 526 }; 527 528 FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg) 529 FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) 530 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, 531 oid_pk_alg_t, 532 oid_pk_alg, 533 mbedtls_pk_type_t, 534 pk_alg) 535 536 #if defined(MBEDTLS_ECP_C) 537 /* 538 * For namedCurve (RFC 5480) 539 */ 540 typedef struct { 541 mbedtls_oid_descriptor_t descriptor; 542 mbedtls_ecp_group_id grp_id; 543 } oid_ecp_grp_t; 544 545 static const oid_ecp_grp_t oid_ecp_grp[] = 546 { 547 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) 548 { 549 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1"), 550 MBEDTLS_ECP_DP_SECP192R1, 551 }, 552 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ 553 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) 554 { 555 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1"), 556 MBEDTLS_ECP_DP_SECP224R1, 557 }, 558 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ 559 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) 560 { 561 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1"), 562 MBEDTLS_ECP_DP_SECP256R1, 563 }, 564 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ 565 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) 566 { 567 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1"), 568 MBEDTLS_ECP_DP_SECP384R1, 569 }, 570 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ 571 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) 572 { 573 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"), 574 MBEDTLS_ECP_DP_SECP521R1, 575 }, 576 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ 577 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) 578 { 579 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"), 580 MBEDTLS_ECP_DP_SECP192K1, 581 }, 582 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ 583 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) 584 { 585 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1"), 586 MBEDTLS_ECP_DP_SECP224K1, 587 }, 588 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ 589 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) 590 { 591 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"), 592 MBEDTLS_ECP_DP_SECP256K1, 593 }, 594 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ 595 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) 596 { 597 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"), 598 MBEDTLS_ECP_DP_BP256R1, 599 }, 600 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ 601 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) 602 { 603 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1", "brainpool384r1"), 604 MBEDTLS_ECP_DP_BP384R1, 605 }, 606 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ 607 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) 608 { 609 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1", "brainpool512r1"), 610 MBEDTLS_ECP_DP_BP512R1, 611 }, 612 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ 613 { 614 NULL_OID_DESCRIPTOR, 615 MBEDTLS_ECP_DP_NONE, 616 }, 617 }; 618 619 FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp) 620 FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) 621 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, 622 oid_ecp_grp_t, 623 oid_ecp_grp, 624 mbedtls_ecp_group_id, 625 grp_id) 626 #endif /* MBEDTLS_ECP_C */ 627 628 #if defined(MBEDTLS_CIPHER_C) 629 /* 630 * For PKCS#5 PBES2 encryption algorithm 631 */ 632 typedef struct { 633 mbedtls_oid_descriptor_t descriptor; 634 mbedtls_cipher_type_t cipher_alg; 635 } oid_cipher_alg_t; 636 637 static const oid_cipher_alg_t oid_cipher_alg[] = 638 { 639 { 640 OID_DESCRIPTOR(MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC"), 641 MBEDTLS_CIPHER_DES_CBC, 642 }, 643 { 644 OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC"), 645 MBEDTLS_CIPHER_DES_EDE3_CBC, 646 }, 647 { 648 NULL_OID_DESCRIPTOR, 649 MBEDTLS_CIPHER_NONE, 650 }, 651 }; 652 653 FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) 654 FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, 655 oid_cipher_alg_t, 656 cipher_alg, 657 mbedtls_cipher_type_t, 658 cipher_alg) 659 #endif /* MBEDTLS_CIPHER_C */ 660 661 /* 662 * For digestAlgorithm 663 */ 664 typedef struct { 665 mbedtls_oid_descriptor_t descriptor; 666 mbedtls_md_type_t md_alg; 667 } oid_md_alg_t; 668 669 static const oid_md_alg_t oid_md_alg[] = 670 { 671 #if defined(MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA) 672 { 673 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5"), 674 MBEDTLS_MD_MD5, 675 }, 676 #endif 677 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA) 678 { 679 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1"), 680 MBEDTLS_MD_SHA1, 681 }, 682 #endif 683 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA) 684 { 685 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224"), 686 MBEDTLS_MD_SHA224, 687 }, 688 #endif 689 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA) 690 { 691 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256"), 692 MBEDTLS_MD_SHA256, 693 }, 694 #endif 695 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA) 696 { 697 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384"), 698 MBEDTLS_MD_SHA384, 699 }, 700 #endif 701 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA) 702 { 703 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512"), 704 MBEDTLS_MD_SHA512, 705 }, 706 #endif 707 #if defined(MBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA) 708 { 709 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"), 710 MBEDTLS_MD_RIPEMD160, 711 }, 712 #endif 713 { 714 NULL_OID_DESCRIPTOR, 715 MBEDTLS_MD_NONE, 716 }, 717 }; 718 719 FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) 720 FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) 721 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, 722 oid_md_alg_t, 723 oid_md_alg, 724 mbedtls_md_type_t, 725 md_alg) 726 727 /* 728 * For HMAC digestAlgorithm 729 */ 730 typedef struct { 731 mbedtls_oid_descriptor_t descriptor; 732 mbedtls_md_type_t md_hmac; 733 } oid_md_hmac_t; 734 735 static const oid_md_hmac_t oid_md_hmac[] = 736 { 737 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA) 738 { 739 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1"), 740 MBEDTLS_MD_SHA1, 741 }, 742 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA */ 743 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA) 744 { 745 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"), 746 MBEDTLS_MD_SHA224, 747 }, 748 #endif 749 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA) 750 { 751 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"), 752 MBEDTLS_MD_SHA256, 753 }, 754 #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA */ 755 #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA) 756 { 757 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384"), 758 MBEDTLS_MD_SHA384, 759 }, 760 #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA */ 761 #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA) 762 { 763 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512"), 764 MBEDTLS_MD_SHA512, 765 }, 766 #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA */ 767 { 768 NULL_OID_DESCRIPTOR, 769 MBEDTLS_MD_NONE, 770 }, 771 }; 772 773 FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) 774 FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) 775 776 #if defined(MBEDTLS_PKCS12_C) 777 /* 778 * For PKCS#12 PBEs 779 */ 780 typedef struct { 781 mbedtls_oid_descriptor_t descriptor; 782 mbedtls_md_type_t md_alg; 783 mbedtls_cipher_type_t cipher_alg; 784 } oid_pkcs12_pbe_alg_t; 785 786 static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = 787 { 788 { 789 OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, 790 "pbeWithSHAAnd3-KeyTripleDES-CBC", 791 "PBE with SHA1 and 3-Key 3DES"), 792 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC, 793 }, 794 { 795 OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, 796 "pbeWithSHAAnd2-KeyTripleDES-CBC", 797 "PBE with SHA1 and 2-Key 3DES"), 798 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC, 799 }, 800 { 801 NULL_OID_DESCRIPTOR, 802 MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE, 803 }, 804 }; 805 806 FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg) 807 FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, 808 oid_pkcs12_pbe_alg_t, 809 pkcs12_pbe_alg, 810 mbedtls_md_type_t, 811 md_alg, 812 mbedtls_cipher_type_t, 813 cipher_alg) 814 #endif /* MBEDTLS_PKCS12_C */ 815 816 /* Return the x.y.z.... style numeric string for the given OID */ 817 int mbedtls_oid_get_numeric_string(char *buf, size_t size, 818 const mbedtls_asn1_buf *oid) 819 { 820 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 821 char *p = buf; 822 size_t n = size; 823 unsigned int value = 0; 824 825 if (size > INT_MAX) { 826 /* Avoid overflow computing return value */ 827 return MBEDTLS_ERR_ASN1_INVALID_LENGTH; 828 } 829 830 if (oid->len <= 0) { 831 /* OID must not be empty */ 832 return MBEDTLS_ERR_ASN1_OUT_OF_DATA; 833 } 834 835 for (size_t i = 0; i < oid->len; i++) { 836 /* Prevent overflow in value. */ 837 if (value > (UINT_MAX >> 7)) { 838 return MBEDTLS_ERR_ASN1_INVALID_DATA; 839 } 840 if ((value == 0) && ((oid->p[i]) == 0x80)) { 841 /* Overlong encoding is not allowed */ 842 return MBEDTLS_ERR_ASN1_INVALID_DATA; 843 } 844 845 value <<= 7; 846 value |= oid->p[i] & 0x7F; 847 848 if (!(oid->p[i] & 0x80)) { 849 /* Last byte */ 850 if (n == size) { 851 int component1; 852 unsigned int component2; 853 /* First subidentifier contains first two OID components */ 854 if (value >= 80) { 855 component1 = '2'; 856 component2 = value - 80; 857 } else if (value >= 40) { 858 component1 = '1'; 859 component2 = value - 40; 860 } else { 861 component1 = '0'; 862 component2 = value; 863 } 864 ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2); 865 } else { 866 ret = mbedtls_snprintf(p, n, ".%u", value); 867 } 868 if (ret < 2 || (size_t) ret >= n) { 869 return MBEDTLS_ERR_OID_BUF_TOO_SMALL; 870 } 871 n -= (size_t) ret; 872 p += ret; 873 value = 0; 874 } 875 } 876 877 if (value != 0) { 878 /* Unterminated subidentifier */ 879 return MBEDTLS_ERR_ASN1_OUT_OF_DATA; 880 } 881 882 return (int) (size - n); 883 } 884 885 #endif /* MBEDTLS_OID_C */ 886