From 5465b2ddec3961aee4931705d60803d9a1c102b1 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Sat, 24 Aug 2019 17:02:33 -0500 Subject: [PATCH] libasn1: Add OID symbol resolution This commit adds functions for finding OIDs by symbolic name, meaning by their symbolic names given in the ASN.1 modules that define them. TBD: - Resolve OIDs to names. - Support a file in /etc for additional OID resolution. - Add support for resolving OID arc names. --- lib/asn1/Makefile.am | 14 +- lib/asn1/NTMakefile | 13 +- lib/asn1/asn1_print.c | 4 +- lib/asn1/crmf.asn1 | 11 +- lib/asn1/gen.c | 14 +- lib/asn1/oid_resolution.c | 292 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 330 insertions(+), 18 deletions(-) create mode 100644 lib/asn1/oid_resolution.c diff --git a/lib/asn1/Makefile.am b/lib/asn1/Makefile.am index 13314fa1d..f4682b5a4 100644 --- a/lib/asn1/Makefile.am +++ b/lib/asn1/Makefile.am @@ -49,6 +49,8 @@ gen_files_test = asn1_test_asn1.x gen_files_digest = asn1_digest_asn1.x gen_files_kx509 = asn1_kx509_asn1.x +oid_resolution.lo: $(BUILT_SOURCES) + noinst_PROGRAMS = asn1_gen libexec_heimdal_PROGRAMS = asn1_compile asn1_print @@ -109,6 +111,8 @@ dist_libasn1base_la_SOURCES = \ template.c \ timegm.c +dist_libasn1_la_SOURCES = oid_resolution.c + nodist_libasn1base_la_SOURCES = \ asn1_err.h \ asn1_err.c @@ -123,7 +127,7 @@ check_der_LDADD = \ $(LIB_roken) check_template_LDADD = $(check_der_LDADD) -asn1_print_LDADD = $(check_der_LDADD) $(LIB_com_err) +asn1_print_LDADD = libasn1.la $(LIB_roken) $(LIB_com_err) asn1_gen_LDADD = $(check_der_LDADD) check_timegm_LDADD = $(check_der_LDADD) @@ -306,8 +310,8 @@ ALL_OBJECTS += $(check_template_OBJECTS) $(ALL_OBJECTS): $(DER_PROTOS) asn1_err.h -$(srcdir)/der-protos.h: $(dist_libasn1base_la_SOURCES) - cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1base_la_SOURCES) || rm -f der-protos.h +$(srcdir)/der-protos.h: $(dist_libasn1base_la_SOURCES) $(dist_libasn1_la_SOURCES) + cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1base_la_SOURCES) $(dist_libasn1_la_SOURCES) || rm -f der-protos.h -$(srcdir)/der-private.h: $(dist_libasn1base_la_SOURCES) - cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p der-private.h $(dist_libasn1base_la_SOURCES) || rm -f der-private.h +$(srcdir)/der-private.h: $(dist_libasn1base_la_SOURCES) $(dist_libasn1_la_SOURCES) + cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p der-private.h $(dist_libasn1base_la_SOURCES) $(dist_libasn1_la_SOURCES) || rm -f der-private.h diff --git a/lib/asn1/NTMakefile b/lib/asn1/NTMakefile index 3b2101061..6429c2144 100644 --- a/lib/asn1/NTMakefile +++ b/lib/asn1/NTMakefile @@ -130,7 +130,9 @@ LIBASN1_OBJS= \ $(gen_files_kx509:.x=.obj) \ $(OBJ)\asn1_err.obj -$(LIBASN1): $(LIBASN1_OBJS) +$(OBJ)\oid_resolution.obj: $(LIBASN1_OBJS) + +$(LIBASN1): $(LIBASN1_OBJS) $(OBJ)\oid_resolution.obj $(LIBCON_C) -out:$@ @<< $(**: = ) @@ -315,7 +317,7 @@ GENINCFILES= \ $(OBJ)\test_asn1.h \ $(OBJ)\test_asn1-priv.h -libasn1_SOURCES= \ +libasn1_base_SOURCES= \ der_locl.h \ der.c \ der.h \ @@ -330,11 +332,14 @@ libasn1_SOURCES= \ extra.c \ timegm.c +libasn1_SOURCES= \ + oid_resolution.c + $(OBJ)\der-protos.h: $(libasn1_SOURCES) - $(PERL) ..\..\cf\make-proto.pl -q -P remove -o $(OBJ)\der-protos.h $(libasn1_SOURCES) || $(RM) $(OBJ)\der-protos.h + $(PERL) ..\..\cf\make-proto.pl -q -P remove -o $(OBJ)\der-protos.h $(libasn1_base_SOURCES) $(libasn1_SOURCES) || $(RM) $(OBJ)\der-protos.h $(OBJ)\der-private.h: $(libasn1_SOURCES) - $(PERL) ..\..\cf\make-proto.pl -q -P remove -p $(OBJ)\der-private.h $(libasn1_SOURCES) || $(RM) $(OBJ)\der-private.h + $(PERL) ..\..\cf\make-proto.pl -q -P remove -p $(OBJ)\der-private.h $(libasn1_base_SOURCES) $(libasn1_SOURCES) || $(RM) $(OBJ)\der-private.h clean:: -$(RM) $(INCDIR)\der-protos.h diff --git a/lib/asn1/asn1_print.c b/lib/asn1/asn1_print.c index e90204f9c..f45983c12 100644 --- a/lib/asn1/asn1_print.c +++ b/lib/asn1/asn1_print.c @@ -247,10 +247,10 @@ loop (unsigned char *buf, size_t len, int indent) ret = der_get_oid(buf, length, &o, NULL); if (ret) errx (1, "der_get_oid: %s", error_message (ret)); - ret = der_print_heim_oid(&o, '.', &p); + ret = der_print_heim_oid_sym(&o, '.', &p); der_free_oid(&o); if (ret) - errx (1, "der_print_heim_oid: %s", error_message (ret)); + errx (1, "der_print_heim_oid_sym: %s", error_message (ret)); printf("%s\n", p); free(p); diff --git a/lib/asn1/crmf.asn1 b/lib/asn1/crmf.asn1 index 3d8403c8e..4ec721bca 100644 --- a/lib/asn1/crmf.asn1 +++ b/lib/asn1/crmf.asn1 @@ -19,12 +19,6 @@ CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName Controls ::= SEQUENCE -- SIZE(1..MAX) -- OF AttributeTypeAndValue --- XXX IMPLICIT brokenness -POPOSigningKey ::= SEQUENCE { - poposkInput [0] IMPLICIT POPOSigningKeyInput OPTIONAL, - algorithmIdentifier AlgorithmIdentifier, - signature BIT STRING } - PKMACValue ::= SEQUENCE { algId AlgorithmIdentifier, value BIT STRING @@ -39,6 +33,11 @@ POPOSigningKeyInput ::= SEQUENCE { publicKey SubjectPublicKeyInfo } -- from CertTemplate +-- XXX IMPLICIT brokenness +POPOSigningKey ::= SEQUENCE { + poposkInput [0] IMPLICIT POPOSigningKeyInput OPTIONAL, + algorithmIdentifier AlgorithmIdentifier, + signature BIT STRING } PBMParameter ::= SEQUENCE { salt OCTET STRING, diff --git a/lib/asn1/gen.c b/lib/asn1/gen.c index e49134751..4df4885d3 100644 --- a/lib/asn1/gen.c +++ b/lib/asn1/gen.c @@ -37,7 +37,7 @@ RCSID("$Id$"); -FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile; +FILE *privheaderfile, *headerfile, *oidsfile, *codefile, *logfile, *templatefile; #define STEM "asn1" @@ -251,6 +251,16 @@ init_generate (const char *filename, const char *base) logfile = fopen(fn, "w"); if (logfile == NULL) err (1, "open %s", fn); + free(fn); + fn = NULL; + + if (asprintf(&fn, "%s_oids.x", base) < 0 || fn == NULL) + errx(1, "malloc"); + oidsfile = fopen(fn, "w"); + if (oidsfile == NULL) + err (1, "open %s", fn); + free(fn); + fn = NULL; /* if one code file, write into the one codefile */ if (one_code_file) @@ -461,6 +471,8 @@ generate_constant (const Symbol *s) "{ %lu, oid_%s_variable_num };\n\n", s->gen_name, (unsigned long)len, s->gen_name); + fprintf(oidsfile, "DEFINE_OID_WITH_NAME(%s)\n", s->gen_name); + free(list); /* header file */ diff --git a/lib/asn1/oid_resolution.c b/lib/asn1/oid_resolution.c new file mode 100644 index 000000000..b0d390263 --- /dev/null +++ b/lib/asn1/oid_resolution.c @@ -0,0 +1,292 @@ +/* + * Copyright (c) 2019 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "der_locl.h" +#include + +#include "cms_asn1.h" +#include "crmf_asn1.h" +#include "digest_asn1.h" +#include "krb5_asn1.h" +#include "kx509_asn1.h" +#include "ocsp_asn1.h" +#include "pkcs10_asn1.h" +#include "pkcs12_asn1.h" +#include "pkcs8_asn1.h" +#include "pkcs9_asn1.h" +#include "pkinit_asn1.h" +#include "rfc2459_asn1.h" + + +struct sym_oid { + const char *sym; + const heim_oid *oid; +}; + +#ifndef WIN32 +#define DEFINE_OID_WITH_NAME(sym) \ + { #sym, &asn1_oid_ ## sym }, + +static const struct sym_oid sym_oids[] = { +#include "cms_asn1_oids.x" +#include "crmf_asn1_oids.x" +#include "digest_asn1_oids.x" +#include "krb5_asn1_oids.x" +#include "kx509_asn1_oids.x" +#include "ocsp_asn1_oids.x" +#include "pkcs10_asn1_oids.x" +#include "pkcs12_asn1_oids.x" +#include "pkcs8_asn1_oids.x" +#include "pkcs9_asn1_oids.x" +#include "pkinit_asn1_oids.x" +#include "rfc2459_asn1_oids.x" +}; + +static size_t num_sym_oids = sizeof(sym_oids) / sizeof(sym_oids[0]); + +#undef DEFINE_OID_WITH_NAME + +#define init_sym_oids() + +#else + +/* + * We can't use C99 non-literal initializers for static objects in the Windows + * build... + */ + +static struct sym_oid *sym_oids; +static size_t num_sym_oids; + +#define DEFINE_OID_WITH_NAME(sym) (c++); +static size_t +count_sym_oids(void) +{ + size_t c = 0; +#include "cms_asn1_oids.x" +#include "crmf_asn1_oids.x" +#include "digest_asn1_oids.x" +#include "krb5_asn1_oids.x" +#include "kx509_asn1_oids.x" +#include "ocsp_asn1_oids.x" +#include "pkcs10_asn1_oids.x" +#include "pkcs12_asn1_oids.x" +#include "pkcs8_asn1_oids.x" +#include "pkcs9_asn1_oids.x" +#include "pkinit_asn1_oids.x" +#include "rfc2459_asn1_oids.x" + return c; +} +#undef DEFINE_OID_WITH_NAME + +#define DEFINE_OID_WITH_NAME(s) \ + tmp[i].sym = #s; \ + tmp[i++].oid = &asn1_oid_ ## s; + +static void +init_sym_oids(void) +{ + static struct sym_oid *tmp; + size_t i = 0; + size_t c; + + if (!sym_oids && + (c = count_sym_oids()) && + (tmp = calloc(c, sizeof(tmp[0])))) { +#include "cms_asn1_oids.x" +#include "crmf_asn1_oids.x" +#include "digest_asn1_oids.x" +#include "krb5_asn1_oids.x" +#include "kx509_asn1_oids.x" +#include "ocsp_asn1_oids.x" +#include "pkcs10_asn1_oids.x" +#include "pkcs12_asn1_oids.x" +#include "pkcs8_asn1_oids.x" +#include "pkcs9_asn1_oids.x" +#include "pkinit_asn1_oids.x" +#include "rfc2459_asn1_oids.x" + num_sym_oids = c; + sym_oids = tmp; + } +} +#undef DEFINE_OID_WITH_NAME + +#endif + +static struct sym_oid *sym_oids_sorted_by_name; +static struct sym_oid *sym_oids_sorted_by_oid; + +static int +sym_cmp_name(const void *va, const void *vb) +{ + const struct sym_oid *a = va; + const struct sym_oid *b = vb; + + return (strcmp(a->sym, b->sym)); +} + +static int +sym_cmp_oid(const void *va, const void *vb) +{ + const struct sym_oid *a = va; + const struct sym_oid *b = vb; + + return der_heim_oid_cmp(a->oid, b->oid); +} + +static struct sym_oid * +sort_sym_oids(int (*cmp)(const void *, const void *)) +{ + struct sym_oid *tmp; + + init_sym_oids(); + if ((tmp = calloc(num_sym_oids, sizeof(tmp[0]))) == NULL) + return NULL; + + memcpy(tmp, sym_oids, num_sym_oids * sizeof(tmp[0])); + qsort(tmp, num_sym_oids, sizeof(struct sym_oid), cmp); + return tmp; +} + +int +der_find_heim_oid_by_name(const char *str, const heim_oid **oid) +{ + size_t right = num_sym_oids; + size_t left = 0; + + *oid = NULL; + if (sym_oids_sorted_by_name == NULL && + (sym_oids_sorted_by_name = sort_sym_oids(sym_cmp_name)) == NULL) + return ENOMEM; + + while (left <= right) { + size_t mid = left + (right - left) / 2; + int cmp; + + cmp = strcmp(str, sym_oids_sorted_by_name[mid].sym); + if (cmp == 0) { + *oid = sym_oids_sorted_by_name[mid].oid; + return 0; + } + if (cmp < 0 && right) + right = mid - 1; + else if (cmp < 0) + return -1; + else if (mid < num_sym_oids - 1) + left = mid + 1; + else + return -1; + } + return -1; +} + +int +der_find_heim_oid_by_oid(const heim_oid *oid, const char **name) +{ + size_t right = num_sym_oids; + size_t left = 0; + + *name = NULL; + if (sym_oids_sorted_by_oid == NULL && + (sym_oids_sorted_by_oid = sort_sym_oids(sym_cmp_oid)) == NULL) + return ENOMEM; + + while (left <= right) { + size_t mid = left + (right - left) / 2; + int cmp; + + cmp = der_heim_oid_cmp(oid, sym_oids_sorted_by_oid[mid].oid); + if (cmp == 0) { + *name = sym_oids_sorted_by_oid[mid].sym; + return 0; + } + if (cmp < 0 && right) + right = mid - 1; + else if (cmp < 0) + return -1; + else if (mid < num_sym_oids - 1) + left = mid + 1; + else + return -1; + } + return -1; +} + +int +der_match_heim_oid_by_name(const char *str, int *c, const heim_oid **oid) +{ + size_t i; + + if (*c < 0) + *c = 0; + + init_sym_oids(); + for (i = (size_t)*c; i < num_sym_oids; i++) { + /* + * XXX We need a lib/roken strcasestr(), or maybe we should support + * globbing here. + */ + if (strstr(sym_oids[i].sym, str)) { + *oid = sym_oids[i].oid; + if (i >= INT_MAX) + return -1; + *c = i + 1; /* num_sym_oids is much less than INT_MAX */ + return 0; + } + } + return -1; +} + +/* Warning: der_print_heim_oid_sym() will not round-trip */ + +int +der_print_heim_oid_sym(const heim_oid *oid, char delim, char **strp) +{ + const char *sym; + char *s1 = NULL; + char *s2 = NULL; + int ret; + + if (der_find_heim_oid_by_oid(oid, &sym)) + return der_print_heim_oid(oid, delim, strp); + + if ((ret = der_print_heim_oid(oid, delim, &s1))) + return ret; + if (asprintf(&s2, "%s (%s)", s1, sym) == -1 || s2 == NULL) { + *strp = s1; + return 0; + } + *strp = s2; + free(s1); + return 0; +}