oid.c (38475B)
1 /** 2 * \file oid.c 3 * 4 * \brief Object Identifier (OID) database 5 * 6 * Copyright The Mbed TLS Contributors 7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 8 */ 9 10 #include "common.h" 11 12 #if defined(MBEDTLS_OID_C) 13 14 #include "mbedtls/oid.h" 15 #include "mbedtls/rsa.h" 16 #include "mbedtls/error.h" 17 #include "mbedtls/pk.h" 18 19 #include <stdio.h> 20 #include <string.h> 21 22 #include "mbedtls/platform.h" 23 24 /* 25 * Macro to automatically add the size of #define'd OIDs 26 */ 27 #define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s) 28 29 /* 30 * Macro to generate mbedtls_oid_descriptor_t 31 */ 32 #if !defined(MBEDTLS_X509_REMOVE_INFO) 33 #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description } 34 #define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL } 35 #else 36 #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s) } 37 #define NULL_OID_DESCRIPTOR { NULL, 0 } 38 #endif 39 40 /* 41 * Macro to generate an internal function for oid_XXX_from_asn1() (used by 42 * the other functions) 43 */ 44 #define FN_OID_TYPED_FROM_ASN1(TYPE_T, NAME, LIST) \ 45 static const TYPE_T *oid_ ## NAME ## _from_asn1( \ 46 const mbedtls_asn1_buf *oid) \ 47 { \ 48 const TYPE_T *p = (LIST); \ 49 const mbedtls_oid_descriptor_t *cur = \ 50 (const mbedtls_oid_descriptor_t *) p; \ 51 if (p == NULL || oid == NULL) return NULL; \ 52 while (cur->asn1 != NULL) { \ 53 if (cur->asn1_len == oid->len && \ 54 memcmp(cur->asn1, oid->p, oid->len) == 0) { \ 55 return p; \ 56 } \ 57 p++; \ 58 cur = (const mbedtls_oid_descriptor_t *) p; \ 59 } \ 60 return NULL; \ 61 } 62 63 #if !defined(MBEDTLS_X509_REMOVE_INFO) 64 /* 65 * Macro to generate a function for retrieving a single attribute from the 66 * descriptor of an mbedtls_oid_descriptor_t wrapper. 67 */ 68 #define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ 69 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ 70 { \ 71 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 72 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ 73 *ATTR1 = data->descriptor.ATTR1; \ 74 return 0; \ 75 } 76 #endif /* MBEDTLS_X509_REMOVE_INFO */ 77 78 /* 79 * Macro to generate a function for retrieving a single attribute from an 80 * mbedtls_oid_descriptor_t wrapper. 81 */ 82 #define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \ 83 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \ 84 { \ 85 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 86 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ 87 *ATTR1 = data->ATTR1; \ 88 return 0; \ 89 } 90 91 /* 92 * Macro to generate a function for retrieving two attributes from an 93 * mbedtls_oid_descriptor_t wrapper. 94 */ 95 #define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1, \ 96 ATTR2_TYPE, ATTR2) \ 97 int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1, \ 98 ATTR2_TYPE * ATTR2) \ 99 { \ 100 const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 101 if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ 102 *(ATTR1) = data->ATTR1; \ 103 *(ATTR2) = data->ATTR2; \ 104 return 0; \ 105 } 106 107 /* 108 * Macro to generate a function for retrieving the OID based on a single 109 * attribute from a mbedtls_oid_descriptor_t wrapper. 110 */ 111 #define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1) \ 112 int FN_NAME(ATTR1_TYPE ATTR1, const char **oid, size_t *olen) \ 113 { \ 114 const TYPE_T *cur = (LIST); \ 115 while (cur->descriptor.asn1 != NULL) { \ 116 if (cur->ATTR1 == (ATTR1)) { \ 117 *oid = cur->descriptor.asn1; \ 118 *olen = cur->descriptor.asn1_len; \ 119 return 0; \ 120 } \ 121 cur++; \ 122 } \ 123 return MBEDTLS_ERR_OID_NOT_FOUND; \ 124 } 125 126 /* 127 * Macro to generate a function for retrieving the OID based on two 128 * attributes from a mbedtls_oid_descriptor_t wrapper. 129 */ 130 #define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1, \ 131 ATTR2_TYPE, ATTR2) \ 132 int FN_NAME(ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid, \ 133 size_t *olen) \ 134 { \ 135 const TYPE_T *cur = (LIST); \ 136 while (cur->descriptor.asn1 != NULL) { \ 137 if (cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2)) { \ 138 *oid = cur->descriptor.asn1; \ 139 *olen = cur->descriptor.asn1_len; \ 140 return 0; \ 141 } \ 142 cur++; \ 143 } \ 144 return MBEDTLS_ERR_OID_NOT_FOUND; \ 145 } 146 147 /* 148 * For X520 attribute types 149 */ 150 typedef struct { 151 mbedtls_oid_descriptor_t descriptor; 152 const char *short_name; 153 } oid_x520_attr_t; 154 155 static const oid_x520_attr_t oid_x520_attr_type[] = 156 { 157 { 158 OID_DESCRIPTOR(MBEDTLS_OID_AT_CN, "id-at-commonName", "Common Name"), 159 "CN", 160 }, 161 { 162 OID_DESCRIPTOR(MBEDTLS_OID_AT_COUNTRY, "id-at-countryName", "Country"), 163 "C", 164 }, 165 { 166 OID_DESCRIPTOR(MBEDTLS_OID_AT_LOCALITY, "id-at-locality", "Locality"), 167 "L", 168 }, 169 { 170 OID_DESCRIPTOR(MBEDTLS_OID_AT_STATE, "id-at-state", "State"), 171 "ST", 172 }, 173 { 174 OID_DESCRIPTOR(MBEDTLS_OID_AT_ORGANIZATION, "id-at-organizationName", 175 "Organization"), 176 "O", 177 }, 178 { 179 OID_DESCRIPTOR(MBEDTLS_OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit"), 180 "OU", 181 }, 182 { 183 OID_DESCRIPTOR(MBEDTLS_OID_PKCS9_EMAIL, 184 "emailAddress", 185 "E-mail address"), 186 "emailAddress", 187 }, 188 { 189 OID_DESCRIPTOR(MBEDTLS_OID_AT_SERIAL_NUMBER, 190 "id-at-serialNumber", 191 "Serial number"), 192 "serialNumber", 193 }, 194 { 195 OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_ADDRESS, 196 "id-at-postalAddress", 197 "Postal address"), 198 "postalAddress", 199 }, 200 { 201 OID_DESCRIPTOR(MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode", "Postal code"), 202 "postalCode", 203 }, 204 { 205 OID_DESCRIPTOR(MBEDTLS_OID_AT_SUR_NAME, "id-at-surName", "Surname"), 206 "SN", 207 }, 208 { 209 OID_DESCRIPTOR(MBEDTLS_OID_AT_GIVEN_NAME, "id-at-givenName", "Given name"), 210 "GN", 211 }, 212 { 213 OID_DESCRIPTOR(MBEDTLS_OID_AT_INITIALS, "id-at-initials", "Initials"), 214 "initials", 215 }, 216 { 217 OID_DESCRIPTOR(MBEDTLS_OID_AT_GENERATION_QUALIFIER, 218 "id-at-generationQualifier", 219 "Generation qualifier"), 220 "generationQualifier", 221 }, 222 { 223 OID_DESCRIPTOR(MBEDTLS_OID_AT_TITLE, "id-at-title", "Title"), 224 "title", 225 }, 226 { 227 OID_DESCRIPTOR(MBEDTLS_OID_AT_DN_QUALIFIER, 228 "id-at-dnQualifier", 229 "Distinguished Name qualifier"), 230 "dnQualifier", 231 }, 232 { 233 OID_DESCRIPTOR(MBEDTLS_OID_AT_PSEUDONYM, "id-at-pseudonym", "Pseudonym"), 234 "pseudonym", 235 }, 236 { 237 OID_DESCRIPTOR(MBEDTLS_OID_UID, "id-uid", "User Id"), 238 "uid", 239 }, 240 { 241 OID_DESCRIPTOR(MBEDTLS_OID_DOMAIN_COMPONENT, 242 "id-domainComponent", 243 "Domain component"), 244 "DC", 245 }, 246 { 247 OID_DESCRIPTOR(MBEDTLS_OID_AT_UNIQUE_IDENTIFIER, 248 "id-at-uniqueIdentifier", 249 "Unique Identifier"), 250 "uniqueIdentifier", 251 }, 252 { 253 NULL_OID_DESCRIPTOR, 254 NULL, 255 } 256 }; 257 258 FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type) 259 FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, 260 oid_x520_attr_t, 261 x520_attr, 262 const char *, 263 short_name) 264 265 /* 266 * For X509 extensions 267 */ 268 typedef struct { 269 mbedtls_oid_descriptor_t descriptor; 270 int ext_type; 271 } oid_x509_ext_t; 272 273 static const oid_x509_ext_t oid_x509_ext[] = 274 { 275 { 276 OID_DESCRIPTOR(MBEDTLS_OID_BASIC_CONSTRAINTS, 277 "id-ce-basicConstraints", 278 "Basic Constraints"), 279 MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, 280 }, 281 { 282 OID_DESCRIPTOR(MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage"), 283 MBEDTLS_OID_X509_EXT_KEY_USAGE, 284 }, 285 { 286 OID_DESCRIPTOR(MBEDTLS_OID_EXTENDED_KEY_USAGE, 287 "id-ce-extKeyUsage", 288 "Extended Key Usage"), 289 MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, 290 }, 291 { 292 OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_ALT_NAME, 293 "id-ce-subjectAltName", 294 "Subject Alt Name"), 295 MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, 296 }, 297 { 298 OID_DESCRIPTOR(MBEDTLS_OID_NS_CERT_TYPE, 299 "id-netscape-certtype", 300 "Netscape Certificate Type"), 301 MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, 302 }, 303 { 304 OID_DESCRIPTOR(MBEDTLS_OID_CERTIFICATE_POLICIES, 305 "id-ce-certificatePolicies", 306 "Certificate Policies"), 307 MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, 308 }, 309 { 310 OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER, 311 "id-ce-subjectKeyIdentifier", 312 "Subject Key Identifier"), 313 MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER, 314 }, 315 { 316 OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, 317 "id-ce-authorityKeyIdentifier", 318 "Authority Key Identifier"), 319 MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER, 320 }, 321 { 322 NULL_OID_DESCRIPTOR, 323 0, 324 }, 325 }; 326 327 FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) 328 FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) 329 330 #if !defined(MBEDTLS_X509_REMOVE_INFO) 331 static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = 332 { 333 OID_DESCRIPTOR(MBEDTLS_OID_SERVER_AUTH, 334 "id-kp-serverAuth", 335 "TLS Web Server Authentication"), 336 OID_DESCRIPTOR(MBEDTLS_OID_CLIENT_AUTH, 337 "id-kp-clientAuth", 338 "TLS Web Client Authentication"), 339 OID_DESCRIPTOR(MBEDTLS_OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing"), 340 OID_DESCRIPTOR(MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection"), 341 OID_DESCRIPTOR(MBEDTLS_OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping"), 342 OID_DESCRIPTOR(MBEDTLS_OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing"), 343 OID_DESCRIPTOR(MBEDTLS_OID_WISUN_FAN, 344 "id-kp-wisun-fan-device", 345 "Wi-SUN Alliance Field Area Network (FAN)"), 346 NULL_OID_DESCRIPTOR, 347 }; 348 349 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) 350 FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, 351 mbedtls_oid_descriptor_t, 352 ext_key_usage, 353 const char *, 354 description) 355 356 static const mbedtls_oid_descriptor_t oid_certificate_policies[] = 357 { 358 OID_DESCRIPTOR(MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy"), 359 NULL_OID_DESCRIPTOR, 360 }; 361 362 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies) 363 FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, 364 mbedtls_oid_descriptor_t, 365 certificate_policies, 366 const char *, 367 description) 368 #endif /* MBEDTLS_X509_REMOVE_INFO */ 369 370 /* 371 * For SignatureAlgorithmIdentifier 372 */ 373 typedef struct { 374 mbedtls_oid_descriptor_t descriptor; 375 mbedtls_md_type_t md_alg; 376 mbedtls_pk_type_t pk_alg; 377 } oid_sig_alg_t; 378 379 static const oid_sig_alg_t oid_sig_alg[] = 380 { 381 #if defined(MBEDTLS_RSA_C) 382 #if defined(MBEDTLS_MD_CAN_MD5) 383 { 384 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5"), 385 MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, 386 }, 387 #endif /* MBEDTLS_MD_CAN_MD5 */ 388 #if defined(MBEDTLS_MD_CAN_SHA1) 389 { 390 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1"), 391 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, 392 }, 393 #endif /* MBEDTLS_MD_CAN_SHA1 */ 394 #if defined(MBEDTLS_MD_CAN_SHA224) 395 { 396 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", 397 "RSA with SHA-224"), 398 MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, 399 }, 400 #endif /* MBEDTLS_MD_CAN_SHA224 */ 401 #if defined(MBEDTLS_MD_CAN_SHA256) 402 { 403 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", 404 "RSA with SHA-256"), 405 MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, 406 }, 407 #endif /* MBEDTLS_MD_CAN_SHA256 */ 408 #if defined(MBEDTLS_MD_CAN_SHA384) 409 { 410 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", 411 "RSA with SHA-384"), 412 MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, 413 }, 414 #endif /* MBEDTLS_MD_CAN_SHA384 */ 415 #if defined(MBEDTLS_MD_CAN_SHA512) 416 { 417 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", 418 "RSA with SHA-512"), 419 MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, 420 }, 421 #endif /* MBEDTLS_MD_CAN_SHA512 */ 422 #if defined(MBEDTLS_MD_CAN_SHA1) 423 { 424 OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1"), 425 MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, 426 }, 427 #endif /* MBEDTLS_MD_CAN_SHA1 */ 428 #endif /* MBEDTLS_RSA_C */ 429 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) 430 #if defined(MBEDTLS_MD_CAN_SHA1) 431 { 432 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1"), 433 MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, 434 }, 435 #endif /* MBEDTLS_MD_CAN_SHA1 */ 436 #if defined(MBEDTLS_MD_CAN_SHA224) 437 { 438 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"), 439 MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, 440 }, 441 #endif 442 #if defined(MBEDTLS_MD_CAN_SHA256) 443 { 444 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256"), 445 MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, 446 }, 447 #endif /* MBEDTLS_MD_CAN_SHA256 */ 448 #if defined(MBEDTLS_MD_CAN_SHA384) 449 { 450 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"), 451 MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, 452 }, 453 #endif /* MBEDTLS_MD_CAN_SHA384 */ 454 #if defined(MBEDTLS_MD_CAN_SHA512) 455 { 456 OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"), 457 MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, 458 }, 459 #endif /* MBEDTLS_MD_CAN_SHA512 */ 460 #endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ 461 #if defined(MBEDTLS_RSA_C) 462 { 463 OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS"), 464 MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, 465 }, 466 #endif /* MBEDTLS_RSA_C */ 467 { 468 NULL_OID_DESCRIPTOR, 469 MBEDTLS_MD_NONE, MBEDTLS_PK_NONE, 470 }, 471 }; 472 473 FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) 474 475 #if !defined(MBEDTLS_X509_REMOVE_INFO) 476 FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, 477 oid_sig_alg_t, 478 sig_alg, 479 const char *, 480 description) 481 #endif 482 483 FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, 484 oid_sig_alg_t, 485 sig_alg, 486 mbedtls_md_type_t, 487 md_alg, 488 mbedtls_pk_type_t, 489 pk_alg) 490 FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, 491 oid_sig_alg_t, 492 oid_sig_alg, 493 mbedtls_pk_type_t, 494 pk_alg, 495 mbedtls_md_type_t, 496 md_alg) 497 498 /* 499 * For PublicKeyInfo (PKCS1, RFC 5480) 500 */ 501 typedef struct { 502 mbedtls_oid_descriptor_t descriptor; 503 mbedtls_pk_type_t pk_alg; 504 } oid_pk_alg_t; 505 506 static const oid_pk_alg_t oid_pk_alg[] = 507 { 508 { 509 OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA"), 510 MBEDTLS_PK_RSA, 511 }, 512 { 513 OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key"), 514 MBEDTLS_PK_ECKEY, 515 }, 516 { 517 OID_DESCRIPTOR(MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH"), 518 MBEDTLS_PK_ECKEY_DH, 519 }, 520 { 521 NULL_OID_DESCRIPTOR, 522 MBEDTLS_PK_NONE, 523 }, 524 }; 525 526 FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg) 527 FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg) 528 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, 529 oid_pk_alg_t, 530 oid_pk_alg, 531 mbedtls_pk_type_t, 532 pk_alg) 533 534 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 535 /* 536 * For elliptic curves that use namedCurve inside ECParams (RFC 5480) 537 */ 538 typedef struct { 539 mbedtls_oid_descriptor_t descriptor; 540 mbedtls_ecp_group_id grp_id; 541 } oid_ecp_grp_t; 542 543 static const oid_ecp_grp_t oid_ecp_grp[] = 544 { 545 #if defined(MBEDTLS_ECP_HAVE_SECP192R1) 546 { 547 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1"), 548 MBEDTLS_ECP_DP_SECP192R1, 549 }, 550 #endif /* MBEDTLS_ECP_HAVE_SECP192R1 */ 551 #if defined(MBEDTLS_ECP_HAVE_SECP224R1) 552 { 553 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1"), 554 MBEDTLS_ECP_DP_SECP224R1, 555 }, 556 #endif /* MBEDTLS_ECP_HAVE_SECP224R1 */ 557 #if defined(MBEDTLS_ECP_HAVE_SECP256R1) 558 { 559 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1"), 560 MBEDTLS_ECP_DP_SECP256R1, 561 }, 562 #endif /* MBEDTLS_ECP_HAVE_SECP256R1 */ 563 #if defined(MBEDTLS_ECP_HAVE_SECP384R1) 564 { 565 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1"), 566 MBEDTLS_ECP_DP_SECP384R1, 567 }, 568 #endif /* MBEDTLS_ECP_HAVE_SECP384R1 */ 569 #if defined(MBEDTLS_ECP_HAVE_SECP521R1) 570 { 571 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1"), 572 MBEDTLS_ECP_DP_SECP521R1, 573 }, 574 #endif /* MBEDTLS_ECP_HAVE_SECP521R1 */ 575 #if defined(MBEDTLS_ECP_HAVE_SECP192K1) 576 { 577 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1"), 578 MBEDTLS_ECP_DP_SECP192K1, 579 }, 580 #endif /* MBEDTLS_ECP_HAVE_SECP192K1 */ 581 #if defined(MBEDTLS_ECP_HAVE_SECP224K1) 582 { 583 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1"), 584 MBEDTLS_ECP_DP_SECP224K1, 585 }, 586 #endif /* MBEDTLS_ECP_HAVE_SECP224K1 */ 587 #if defined(MBEDTLS_ECP_HAVE_SECP256K1) 588 { 589 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1"), 590 MBEDTLS_ECP_DP_SECP256K1, 591 }, 592 #endif /* MBEDTLS_ECP_HAVE_SECP256K1 */ 593 #if defined(MBEDTLS_ECP_HAVE_BP256R1) 594 { 595 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1", "brainpool256r1"), 596 MBEDTLS_ECP_DP_BP256R1, 597 }, 598 #endif /* MBEDTLS_ECP_HAVE_BP256R1 */ 599 #if defined(MBEDTLS_ECP_HAVE_BP384R1) 600 { 601 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1", "brainpool384r1"), 602 MBEDTLS_ECP_DP_BP384R1, 603 }, 604 #endif /* MBEDTLS_ECP_HAVE_BP384R1 */ 605 #if defined(MBEDTLS_ECP_HAVE_BP512R1) 606 { 607 OID_DESCRIPTOR(MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1", "brainpool512r1"), 608 MBEDTLS_ECP_DP_BP512R1, 609 }, 610 #endif /* MBEDTLS_ECP_HAVE_BP512R1 */ 611 { 612 NULL_OID_DESCRIPTOR, 613 MBEDTLS_ECP_DP_NONE, 614 }, 615 }; 616 617 FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp) 618 FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id) 619 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, 620 oid_ecp_grp_t, 621 oid_ecp_grp, 622 mbedtls_ecp_group_id, 623 grp_id) 624 625 /* 626 * For Elliptic Curve algorithms that are directly 627 * encoded in the AlgorithmIdentifier (RFC 8410) 628 */ 629 typedef struct { 630 mbedtls_oid_descriptor_t descriptor; 631 mbedtls_ecp_group_id grp_id; 632 } oid_ecp_grp_algid_t; 633 634 static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] = 635 { 636 #if defined(MBEDTLS_ECP_HAVE_CURVE25519) 637 { 638 OID_DESCRIPTOR(MBEDTLS_OID_X25519, "X25519", "X25519"), 639 MBEDTLS_ECP_DP_CURVE25519, 640 }, 641 #endif /* MBEDTLS_ECP_HAVE_CURVE25519 */ 642 #if defined(MBEDTLS_ECP_HAVE_CURVE448) 643 { 644 OID_DESCRIPTOR(MBEDTLS_OID_X448, "X448", "X448"), 645 MBEDTLS_ECP_DP_CURVE448, 646 }, 647 #endif /* MBEDTLS_ECP_HAVE_CURVE448 */ 648 { 649 NULL_OID_DESCRIPTOR, 650 MBEDTLS_ECP_DP_NONE, 651 }, 652 }; 653 654 FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_algid_t, grp_id_algid, oid_ecp_grp_algid) 655 FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp_algid, 656 oid_ecp_grp_algid_t, 657 grp_id_algid, 658 mbedtls_ecp_group_id, 659 grp_id) 660 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid, 661 oid_ecp_grp_algid_t, 662 oid_ecp_grp_algid, 663 mbedtls_ecp_group_id, 664 grp_id) 665 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 666 667 #if defined(MBEDTLS_CIPHER_C) 668 /* 669 * For PKCS#5 PBES2 encryption algorithm 670 */ 671 typedef struct { 672 mbedtls_oid_descriptor_t descriptor; 673 mbedtls_cipher_type_t cipher_alg; 674 } oid_cipher_alg_t; 675 676 static const oid_cipher_alg_t oid_cipher_alg[] = 677 { 678 { 679 OID_DESCRIPTOR(MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC"), 680 MBEDTLS_CIPHER_DES_CBC, 681 }, 682 { 683 OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC"), 684 MBEDTLS_CIPHER_DES_EDE3_CBC, 685 }, 686 { 687 OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC, "aes128-cbc", "AES128-CBC"), 688 MBEDTLS_CIPHER_AES_128_CBC, 689 }, 690 { 691 OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC, "aes192-cbc", "AES192-CBC"), 692 MBEDTLS_CIPHER_AES_192_CBC, 693 }, 694 { 695 OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC, "aes256-cbc", "AES256-CBC"), 696 MBEDTLS_CIPHER_AES_256_CBC, 697 }, 698 { 699 NULL_OID_DESCRIPTOR, 700 MBEDTLS_CIPHER_NONE, 701 }, 702 }; 703 704 FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg) 705 FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, 706 oid_cipher_alg_t, 707 cipher_alg, 708 mbedtls_cipher_type_t, 709 cipher_alg) 710 #endif /* MBEDTLS_CIPHER_C */ 711 712 /* 713 * For digestAlgorithm 714 */ 715 typedef struct { 716 mbedtls_oid_descriptor_t descriptor; 717 mbedtls_md_type_t md_alg; 718 } oid_md_alg_t; 719 720 static const oid_md_alg_t oid_md_alg[] = 721 { 722 #if defined(MBEDTLS_MD_CAN_MD5) 723 { 724 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5"), 725 MBEDTLS_MD_MD5, 726 }, 727 #endif 728 #if defined(MBEDTLS_MD_CAN_SHA1) 729 { 730 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1"), 731 MBEDTLS_MD_SHA1, 732 }, 733 #endif 734 #if defined(MBEDTLS_MD_CAN_SHA224) 735 { 736 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224"), 737 MBEDTLS_MD_SHA224, 738 }, 739 #endif 740 #if defined(MBEDTLS_MD_CAN_SHA256) 741 { 742 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256"), 743 MBEDTLS_MD_SHA256, 744 }, 745 #endif 746 #if defined(MBEDTLS_MD_CAN_SHA384) 747 { 748 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384"), 749 MBEDTLS_MD_SHA384, 750 }, 751 #endif 752 #if defined(MBEDTLS_MD_CAN_SHA512) 753 { 754 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512"), 755 MBEDTLS_MD_SHA512, 756 }, 757 #endif 758 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 759 { 760 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"), 761 MBEDTLS_MD_RIPEMD160, 762 }, 763 #endif 764 #if defined(MBEDTLS_MD_CAN_SHA3_224) 765 { 766 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_224, "id-sha3-224", "SHA-3-224"), 767 MBEDTLS_MD_SHA3_224, 768 }, 769 #endif 770 #if defined(MBEDTLS_MD_CAN_SHA3_256) 771 { 772 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_256, "id-sha3-256", "SHA-3-256"), 773 MBEDTLS_MD_SHA3_256, 774 }, 775 #endif 776 #if defined(MBEDTLS_MD_CAN_SHA3_384) 777 { 778 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_384, "id-sha3-384", "SHA-3-384"), 779 MBEDTLS_MD_SHA3_384, 780 }, 781 #endif 782 #if defined(MBEDTLS_MD_CAN_SHA3_512) 783 { 784 OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"), 785 MBEDTLS_MD_SHA3_512, 786 }, 787 #endif 788 { 789 NULL_OID_DESCRIPTOR, 790 MBEDTLS_MD_NONE, 791 }, 792 }; 793 794 FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg) 795 FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg) 796 FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, 797 oid_md_alg_t, 798 oid_md_alg, 799 mbedtls_md_type_t, 800 md_alg) 801 802 /* 803 * For HMAC digestAlgorithm 804 */ 805 typedef struct { 806 mbedtls_oid_descriptor_t descriptor; 807 mbedtls_md_type_t md_hmac; 808 } oid_md_hmac_t; 809 810 static const oid_md_hmac_t oid_md_hmac[] = 811 { 812 #if defined(MBEDTLS_MD_CAN_SHA1) 813 { 814 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1"), 815 MBEDTLS_MD_SHA1, 816 }, 817 #endif /* MBEDTLS_MD_CAN_SHA1 */ 818 #if defined(MBEDTLS_MD_CAN_SHA224) 819 { 820 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"), 821 MBEDTLS_MD_SHA224, 822 }, 823 #endif /* MBEDTLS_MD_CAN_SHA224 */ 824 #if defined(MBEDTLS_MD_CAN_SHA256) 825 { 826 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"), 827 MBEDTLS_MD_SHA256, 828 }, 829 #endif /* MBEDTLS_MD_CAN_SHA256 */ 830 #if defined(MBEDTLS_MD_CAN_SHA384) 831 { 832 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384"), 833 MBEDTLS_MD_SHA384, 834 }, 835 #endif /* MBEDTLS_MD_CAN_SHA384 */ 836 #if defined(MBEDTLS_MD_CAN_SHA512) 837 { 838 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512"), 839 MBEDTLS_MD_SHA512, 840 }, 841 #endif /* MBEDTLS_MD_CAN_SHA512 */ 842 #if defined(MBEDTLS_MD_CAN_SHA3_224) 843 { 844 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_224, "hmacSHA3-224", "HMAC-SHA3-224"), 845 MBEDTLS_MD_SHA3_224, 846 }, 847 #endif /* MBEDTLS_MD_CAN_SHA3_224 */ 848 #if defined(MBEDTLS_MD_CAN_SHA3_256) 849 { 850 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_256, "hmacSHA3-256", "HMAC-SHA3-256"), 851 MBEDTLS_MD_SHA3_256, 852 }, 853 #endif /* MBEDTLS_MD_CAN_SHA3_256 */ 854 #if defined(MBEDTLS_MD_CAN_SHA3_384) 855 { 856 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_384, "hmacSHA3-384", "HMAC-SHA3-384"), 857 MBEDTLS_MD_SHA3_384, 858 }, 859 #endif /* MBEDTLS_MD_CAN_SHA3_384 */ 860 #if defined(MBEDTLS_MD_CAN_SHA3_512) 861 { 862 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"), 863 MBEDTLS_MD_SHA3_512, 864 }, 865 #endif /* MBEDTLS_MD_CAN_SHA3_512 */ 866 #if defined(MBEDTLS_MD_CAN_RIPEMD160) 867 { 868 OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"), 869 MBEDTLS_MD_RIPEMD160, 870 }, 871 #endif /* MBEDTLS_MD_CAN_RIPEMD160 */ 872 { 873 NULL_OID_DESCRIPTOR, 874 MBEDTLS_MD_NONE, 875 }, 876 }; 877 878 FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac) 879 FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac) 880 881 #if defined(MBEDTLS_PKCS12_C) && defined(MBEDTLS_CIPHER_C) 882 /* 883 * For PKCS#12 PBEs 884 */ 885 typedef struct { 886 mbedtls_oid_descriptor_t descriptor; 887 mbedtls_md_type_t md_alg; 888 mbedtls_cipher_type_t cipher_alg; 889 } oid_pkcs12_pbe_alg_t; 890 891 static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = 892 { 893 { 894 OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, 895 "pbeWithSHAAnd3-KeyTripleDES-CBC", 896 "PBE with SHA1 and 3-Key 3DES"), 897 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC, 898 }, 899 { 900 OID_DESCRIPTOR(MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, 901 "pbeWithSHAAnd2-KeyTripleDES-CBC", 902 "PBE with SHA1 and 2-Key 3DES"), 903 MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC, 904 }, 905 { 906 NULL_OID_DESCRIPTOR, 907 MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE, 908 }, 909 }; 910 911 FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg) 912 FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, 913 oid_pkcs12_pbe_alg_t, 914 pkcs12_pbe_alg, 915 mbedtls_md_type_t, 916 md_alg, 917 mbedtls_cipher_type_t, 918 cipher_alg) 919 #endif /* MBEDTLS_PKCS12_C && MBEDTLS_CIPHER_C */ 920 921 /* Return the x.y.z.... style numeric string for the given OID */ 922 int mbedtls_oid_get_numeric_string(char *buf, size_t size, 923 const mbedtls_asn1_buf *oid) 924 { 925 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; 926 char *p = buf; 927 size_t n = size; 928 unsigned int value = 0; 929 930 if (size > INT_MAX) { 931 /* Avoid overflow computing return value */ 932 return MBEDTLS_ERR_ASN1_INVALID_LENGTH; 933 } 934 935 if (oid->len <= 0) { 936 /* OID must not be empty */ 937 return MBEDTLS_ERR_ASN1_OUT_OF_DATA; 938 } 939 940 for (size_t i = 0; i < oid->len; i++) { 941 /* Prevent overflow in value. */ 942 if (value > (UINT_MAX >> 7)) { 943 return MBEDTLS_ERR_ASN1_INVALID_DATA; 944 } 945 if ((value == 0) && ((oid->p[i]) == 0x80)) { 946 /* Overlong encoding is not allowed */ 947 return MBEDTLS_ERR_ASN1_INVALID_DATA; 948 } 949 950 value <<= 7; 951 value |= oid->p[i] & 0x7F; 952 953 if (!(oid->p[i] & 0x80)) { 954 /* Last byte */ 955 if (n == size) { 956 int component1; 957 unsigned int component2; 958 /* First subidentifier contains first two OID components */ 959 if (value >= 80) { 960 component1 = '2'; 961 component2 = value - 80; 962 } else if (value >= 40) { 963 component1 = '1'; 964 component2 = value - 40; 965 } else { 966 component1 = '0'; 967 component2 = value; 968 } 969 ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2); 970 } else { 971 ret = mbedtls_snprintf(p, n, ".%u", value); 972 } 973 if (ret < 2 || (size_t) ret >= n) { 974 return MBEDTLS_ERR_OID_BUF_TOO_SMALL; 975 } 976 n -= (size_t) ret; 977 p += ret; 978 value = 0; 979 } 980 } 981 982 if (value != 0) { 983 /* Unterminated subidentifier */ 984 return MBEDTLS_ERR_ASN1_OUT_OF_DATA; 985 } 986 987 return (int) (size - n); 988 } 989 990 static int oid_parse_number(unsigned int *num, const char **p, const char *bound) 991 { 992 int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; 993 994 *num = 0; 995 996 while (*p < bound && **p >= '0' && **p <= '9') { 997 ret = 0; 998 if (*num > (UINT_MAX / 10)) { 999 return MBEDTLS_ERR_ASN1_INVALID_DATA; 1000 } 1001 *num *= 10; 1002 *num += **p - '0'; 1003 (*p)++; 1004 } 1005 return ret; 1006 } 1007 1008 static size_t oid_subidentifier_num_bytes(unsigned int value) 1009 { 1010 size_t num_bytes = 0; 1011 1012 do { 1013 value >>= 7; 1014 num_bytes++; 1015 } while (value != 0); 1016 1017 return num_bytes; 1018 } 1019 1020 static int oid_subidentifier_encode_into(unsigned char **p, 1021 unsigned char *bound, 1022 unsigned int value) 1023 { 1024 size_t num_bytes = oid_subidentifier_num_bytes(value); 1025 1026 if ((size_t) (bound - *p) < num_bytes) { 1027 return MBEDTLS_ERR_OID_BUF_TOO_SMALL; 1028 } 1029 (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f); 1030 value >>= 7; 1031 1032 for (size_t i = 2; i <= num_bytes; i++) { 1033 (*p)[num_bytes - i] = 0x80 | (unsigned char) (value & 0x7f); 1034 value >>= 7; 1035 } 1036 *p += num_bytes; 1037 1038 return 0; 1039 } 1040 1041 /* Return the OID for the given x.y.z.... style numeric string */ 1042 int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, 1043 const char *oid_str, size_t size) 1044 { 1045 int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; 1046 const char *str_ptr = oid_str; 1047 const char *str_bound = oid_str + size; 1048 unsigned int val = 0; 1049 unsigned int component1, component2; 1050 size_t encoded_len; 1051 unsigned char *resized_mem; 1052 1053 /* Count the number of dots to get a worst-case allocation size. */ 1054 size_t num_dots = 0; 1055 for (size_t i = 0; i < size; i++) { 1056 if (oid_str[i] == '.') { 1057 num_dots++; 1058 } 1059 } 1060 /* Allocate maximum possible required memory: 1061 * There are (num_dots + 1) integer components, but the first 2 share the 1062 * same subidentifier, so we only need num_dots subidentifiers maximum. */ 1063 if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) { 1064 return MBEDTLS_ERR_ASN1_INVALID_DATA; 1065 } 1066 /* Each byte can store 7 bits, calculate number of bytes for a 1067 * subidentifier: 1068 * 1069 * bytes = ceil(subidentifer_size * 8 / 7) 1070 */ 1071 size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7) 1072 + 1; 1073 size_t max_possible_bytes = num_dots * bytes_per_subidentifier; 1074 oid->p = mbedtls_calloc(max_possible_bytes, 1); 1075 if (oid->p == NULL) { 1076 return MBEDTLS_ERR_ASN1_ALLOC_FAILED; 1077 } 1078 unsigned char *out_ptr = oid->p; 1079 unsigned char *out_bound = oid->p + max_possible_bytes; 1080 1081 ret = oid_parse_number(&component1, &str_ptr, str_bound); 1082 if (ret != 0) { 1083 goto error; 1084 } 1085 if (component1 > 2) { 1086 /* First component can't be > 2 */ 1087 ret = MBEDTLS_ERR_ASN1_INVALID_DATA; 1088 goto error; 1089 } 1090 if (str_ptr >= str_bound || *str_ptr != '.') { 1091 ret = MBEDTLS_ERR_ASN1_INVALID_DATA; 1092 goto error; 1093 } 1094 str_ptr++; 1095 1096 ret = oid_parse_number(&component2, &str_ptr, str_bound); 1097 if (ret != 0) { 1098 goto error; 1099 } 1100 if ((component1 < 2) && (component2 > 39)) { 1101 /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ 1102 ret = MBEDTLS_ERR_ASN1_INVALID_DATA; 1103 goto error; 1104 } 1105 if (str_ptr < str_bound) { 1106 if (*str_ptr == '.') { 1107 str_ptr++; 1108 } else { 1109 ret = MBEDTLS_ERR_ASN1_INVALID_DATA; 1110 goto error; 1111 } 1112 } 1113 1114 if (component2 > (UINT_MAX - (component1 * 40))) { 1115 ret = MBEDTLS_ERR_ASN1_INVALID_DATA; 1116 goto error; 1117 } 1118 ret = oid_subidentifier_encode_into(&out_ptr, out_bound, 1119 (component1 * 40) + component2); 1120 if (ret != 0) { 1121 goto error; 1122 } 1123 1124 while (str_ptr < str_bound) { 1125 ret = oid_parse_number(&val, &str_ptr, str_bound); 1126 if (ret != 0) { 1127 goto error; 1128 } 1129 if (str_ptr < str_bound) { 1130 if (*str_ptr == '.') { 1131 str_ptr++; 1132 } else { 1133 ret = MBEDTLS_ERR_ASN1_INVALID_DATA; 1134 goto error; 1135 } 1136 } 1137 1138 ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val); 1139 if (ret != 0) { 1140 goto error; 1141 } 1142 } 1143 1144 encoded_len = (size_t) (out_ptr - oid->p); 1145 resized_mem = mbedtls_calloc(encoded_len, 1); 1146 if (resized_mem == NULL) { 1147 ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; 1148 goto error; 1149 } 1150 memcpy(resized_mem, oid->p, encoded_len); 1151 mbedtls_free(oid->p); 1152 oid->p = resized_mem; 1153 oid->len = encoded_len; 1154 1155 oid->tag = MBEDTLS_ASN1_OID; 1156 1157 return 0; 1158 1159 error: 1160 mbedtls_free(oid->p); 1161 oid->p = NULL; 1162 oid->len = 0; 1163 return ret; 1164 } 1165 1166 #endif /* MBEDTLS_OID_C */