oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

libasn1: Add OID symbol resolution

Browse Source 
This commit adds functions for finding OIDs by symbolic name, meaning by
their symbolic names given in the ASN.1 modules that define them.

TBD:

 - Resolve OIDs to names.
 - Support a file in /etc for additional OID resolution.
 - Add support for resolving OID arc names.
This commit is contained in:
Nicolas Williams
2019-08-24 17:02:33 -05:00
parent 6471fcaa54
commit 5465b2ddec
6 changed files with 330 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/asn1/Makefile.am
View File

@@ -49,6 +49,8 @@ gen_files_test = asn1_test_asn1.x
gen_files_digest = asn1_digest_asn1.x
gen_files_kx509 = asn1_kx509_asn1.x
oid_resolution.lo: $(BUILT_SOURCES)
noinst_PROGRAMS = asn1_gen
libexec_heimdal_PROGRAMS = asn1_compile asn1_print
@@ -109,6 +111,8 @@ dist_libasn1base_la_SOURCES = \
template.c \
timegm.c
dist_libasn1_la_SOURCES = oid_resolution.c
nodist_libasn1base_la_SOURCES = \
asn1_err.h \
asn1_err.c
@@ -123,7 +127,7 @@ check_der_LDADD = \
$(LIB_roken)
check_template_LDADD = $(check_der_LDADD)
asn1_print_LDADD = $(check_der_LDADD) $(LIB_com_err)
asn1_print_LDADD = libasn1.la $(LIB_roken) $(LIB_com_err)
asn1_gen_LDADD = $(check_der_LDADD)
check_timegm_LDADD = $(check_der_LDADD)
@@ -306,8 +310,8 @@ ALL_OBJECTS += $(check_template_OBJECTS)
$(ALL_OBJECTS): $(DER_PROTOS) asn1_err.h
$(srcdir)/der-protos.h: $(dist_libasn1base_la_SOURCES)
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1base_la_SOURCES) || rm -f der-protos.h
$(srcdir)/der-protos.h: $(dist_libasn1base_la_SOURCES) $(dist_libasn1_la_SOURCES)
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -o der-protos.h $(dist_libasn1base_la_SOURCES) $(dist_libasn1_la_SOURCES) || rm -f der-protos.h
$(srcdir)/der-private.h: $(dist_libasn1base_la_SOURCES)
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p der-private.h $(dist_libasn1base_la_SOURCES) || rm -f der-private.h
$(srcdir)/der-private.h: $(dist_libasn1base_la_SOURCES) $(dist_libasn1_la_SOURCES)
cd $(srcdir) && perl ../../cf/make-proto.pl -q -P comment -p der-private.h $(dist_libasn1base_la_SOURCES) $(dist_libasn1_la_SOURCES) || rm -f der-private.h

13
lib/asn1/NTMakefile
View File

@@ -130,7 +130,9 @@ LIBASN1_OBJS= \
$(gen_files_kx509:.x=.obj) \
$(OBJ)\asn1_err.obj
$(LIBASN1): $(LIBASN1_OBJS)
$(OBJ)\oid_resolution.obj: $(LIBASN1_OBJS)
$(LIBASN1): $(LIBASN1_OBJS) $(OBJ)\oid_resolution.obj
$(LIBCON_C) -out:$@ @<<
$(**: =
)
@@ -315,7 +317,7 @@ GENINCFILES= \
$(OBJ)\test_asn1.h \
$(OBJ)\test_asn1-priv.h
libasn1_SOURCES= \
libasn1_base_SOURCES= \
der_locl.h \
der.c \
der.h \
@@ -330,11 +332,14 @@ libasn1_SOURCES= \
extra.c \
timegm.c
libasn1_SOURCES= \
oid_resolution.c
$(OBJ)\der-protos.h: $(libasn1_SOURCES)
$(PERL) ..\..\cf\make-proto.pl -q -P remove -o $(OBJ)\der-protos.h $(libasn1_SOURCES) || $(RM) $(OBJ)\der-protos.h
$(PERL) ..\..\cf\make-proto.pl -q -P remove -o $(OBJ)\der-protos.h $(libasn1_base_SOURCES) $(libasn1_SOURCES) || $(RM) $(OBJ)\der-protos.h
$(OBJ)\der-private.h: $(libasn1_SOURCES)
$(PERL) ..\..\cf\make-proto.pl -q -P remove -p $(OBJ)\der-private.h $(libasn1_SOURCES) || $(RM) $(OBJ)\der-private.h
$(PERL) ..\..\cf\make-proto.pl -q -P remove -p $(OBJ)\der-private.h $(libasn1_base_SOURCES) $(libasn1_SOURCES) || $(RM) $(OBJ)\der-private.h
clean::
-$(RM) $(INCDIR)\der-protos.h

4
lib/asn1/asn1_print.c
View File

@@ -247,10 +247,10 @@ loop (unsigned char *buf, size_t len, int indent)
ret = der_get_oid(buf, length, &o, NULL);
if (ret)
errx (1, "der_get_oid: %s", error_message (ret));
ret = der_print_heim_oid(&o, '.', &p);
ret = der_print_heim_oid_sym(&o, '.', &p);
der_free_oid(&o);
if (ret)
errx (1, "der_print_heim_oid: %s", error_message (ret));
errx (1, "der_print_heim_oid_sym: %s", error_message (ret));
printf("%s\n", p);
free(p);

11
lib/asn1/crmf.asn1
View File

@@ -19,12 +19,6 @@ CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName
Controls ::= SEQUENCE -- SIZE(1..MAX) -- OF AttributeTypeAndValue
-- XXX IMPLICIT brokenness
POPOSigningKey ::= SEQUENCE {
poposkInput [0] IMPLICIT POPOSigningKeyInput OPTIONAL,
algorithmIdentifier AlgorithmIdentifier,
signature BIT STRING }
PKMACValue ::= SEQUENCE {
algId AlgorithmIdentifier,
value BIT STRING
@@ -39,6 +33,11 @@ POPOSigningKeyInput ::= SEQUENCE {
publicKey SubjectPublicKeyInfo
} -- from CertTemplate
-- XXX IMPLICIT brokenness
POPOSigningKey ::= SEQUENCE {
poposkInput [0] IMPLICIT POPOSigningKeyInput OPTIONAL,
algorithmIdentifier AlgorithmIdentifier,
signature BIT STRING }
PBMParameter ::= SEQUENCE {
salt OCTET STRING,

14
lib/asn1/gen.c
View File

@@ -37,7 +37,7 @@
RCSID("$Id$");
FILE *privheaderfile, *headerfile, *codefile, *logfile, *templatefile;
FILE *privheaderfile, *headerfile, *oidsfile, *codefile, *logfile, *templatefile;
#define STEM "asn1"
@@ -251,6 +251,16 @@ init_generate (const char *filename, const char *base)
logfile = fopen(fn, "w");
if (logfile == NULL)
err (1, "open %s", fn);
free(fn);
fn = NULL;
if (asprintf(&fn, "%s_oids.x", base) < 0 || fn == NULL)
errx(1, "malloc");
oidsfile = fopen(fn, "w");
if (oidsfile == NULL)
err (1, "open %s", fn);
free(fn);
fn = NULL;
/* if one code file, write into the one codefile */
if (one_code_file)
@@ -461,6 +471,8 @@ generate_constant (const Symbol *s)
"{ %lu, oid_%s_variable_num };\n\n",
s->gen_name, (unsigned long)len, s->gen_name);
fprintf(oidsfile, "DEFINE_OID_WITH_NAME(%s)\n", s->gen_name);
free(list);
/* header file */

292
lib/asn1/oid_resolution.c Normal file
View File

@@ -0,0 +1,292 @@
/*
* Copyright (c) 2019 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "der_locl.h"
#include <hex.h>
#include "cms_asn1.h"
#include "crmf_asn1.h"
#include "digest_asn1.h"
#include "krb5_asn1.h"
#include "kx509_asn1.h"
#include "ocsp_asn1.h"
#include "pkcs10_asn1.h"
#include "pkcs12_asn1.h"
#include "pkcs8_asn1.h"
#include "pkcs9_asn1.h"
#include "pkinit_asn1.h"
#include "rfc2459_asn1.h"
struct sym_oid {
const char *sym;
const heim_oid *oid;
};
#ifndef WIN32
#define DEFINE_OID_WITH_NAME(sym) \
{ #sym, &asn1_oid_ ## sym },
static const struct sym_oid sym_oids[] = {
#include "cms_asn1_oids.x"
#include "crmf_asn1_oids.x"
#include "digest_asn1_oids.x"
#include "krb5_asn1_oids.x"
#include "kx509_asn1_oids.x"
#include "ocsp_asn1_oids.x"
#include "pkcs10_asn1_oids.x"
#include "pkcs12_asn1_oids.x"
#include "pkcs8_asn1_oids.x"
#include "pkcs9_asn1_oids.x"
#include "pkinit_asn1_oids.x"
#include "rfc2459_asn1_oids.x"
};
static size_t num_sym_oids = sizeof(sym_oids) / sizeof(sym_oids[0]);
#undef DEFINE_OID_WITH_NAME
#define init_sym_oids()
#else
/*
* We can't use C99 non-literal initializers for static objects in the Windows
* build...
*/
static struct sym_oid *sym_oids;
static size_t num_sym_oids;
#define DEFINE_OID_WITH_NAME(sym) (c++);
static size_t
count_sym_oids(void)
{
size_t c = 0;
#include "cms_asn1_oids.x"
#include "crmf_asn1_oids.x"
#include "digest_asn1_oids.x"
#include "krb5_asn1_oids.x"
#include "kx509_asn1_oids.x"
#include "ocsp_asn1_oids.x"
#include "pkcs10_asn1_oids.x"
#include "pkcs12_asn1_oids.x"
#include "pkcs8_asn1_oids.x"
#include "pkcs9_asn1_oids.x"
#include "pkinit_asn1_oids.x"
#include "rfc2459_asn1_oids.x"
return c;
}
#undef DEFINE_OID_WITH_NAME
#define DEFINE_OID_WITH_NAME(s) \
tmp[i].sym = #s; \
tmp[i++].oid = &asn1_oid_ ## s;
static void
init_sym_oids(void)
{
static struct sym_oid *tmp;
size_t i = 0;
size_t c;
if (!sym_oids &&
(c = count_sym_oids()) &&
(tmp = calloc(c, sizeof(tmp[0])))) {
#include "cms_asn1_oids.x"
#include "crmf_asn1_oids.x"
#include "digest_asn1_oids.x"
#include "krb5_asn1_oids.x"
#include "kx509_asn1_oids.x"
#include "ocsp_asn1_oids.x"
#include "pkcs10_asn1_oids.x"
#include "pkcs12_asn1_oids.x"
#include "pkcs8_asn1_oids.x"
#include "pkcs9_asn1_oids.x"
#include "pkinit_asn1_oids.x"
#include "rfc2459_asn1_oids.x"
num_sym_oids = c;
sym_oids = tmp;
}
}
#undef DEFINE_OID_WITH_NAME
#endif
static struct sym_oid *sym_oids_sorted_by_name;
static struct sym_oid *sym_oids_sorted_by_oid;
static int
sym_cmp_name(const void *va, const void *vb)
{
const struct sym_oid *a = va;
const struct sym_oid *b = vb;
return (strcmp(a->sym, b->sym));
}
static int
sym_cmp_oid(const void *va, const void *vb)
{
const struct sym_oid *a = va;
const struct sym_oid *b = vb;
return der_heim_oid_cmp(a->oid, b->oid);
}
static struct sym_oid *
sort_sym_oids(int (*cmp)(const void *, const void *))
{
struct sym_oid *tmp;
init_sym_oids();
if ((tmp = calloc(num_sym_oids, sizeof(tmp[0]))) == NULL)
return NULL;
memcpy(tmp, sym_oids, num_sym_oids * sizeof(tmp[0]));
qsort(tmp, num_sym_oids, sizeof(struct sym_oid), cmp);
return tmp;
}
int
der_find_heim_oid_by_name(const char *str, const heim_oid **oid)
{
size_t right = num_sym_oids;
size_t left = 0;
*oid = NULL;
if (sym_oids_sorted_by_name == NULL &&
(sym_oids_sorted_by_name = sort_sym_oids(sym_cmp_name)) == NULL)
return ENOMEM;
while (left <= right) {
size_t mid = left + (right - left) / 2;
int cmp;
cmp = strcmp(str, sym_oids_sorted_by_name[mid].sym);
if (cmp == 0) {
*oid = sym_oids_sorted_by_name[mid].oid;
return 0;
}
if (cmp < 0 && right)
right = mid - 1;
else if (cmp < 0)
return -1;
else if (mid < num_sym_oids - 1)
left = mid + 1;
else
return -1;
}
return -1;
}
int
der_find_heim_oid_by_oid(const heim_oid *oid, const char **name)
{
size_t right = num_sym_oids;
size_t left = 0;
*name = NULL;
if (sym_oids_sorted_by_oid == NULL &&
(sym_oids_sorted_by_oid = sort_sym_oids(sym_cmp_oid)) == NULL)
return ENOMEM;
while (left <= right) {
size_t mid = left + (right - left) / 2;
int cmp;
cmp = der_heim_oid_cmp(oid, sym_oids_sorted_by_oid[mid].oid);
if (cmp == 0) {
*name = sym_oids_sorted_by_oid[mid].sym;
return 0;
}
if (cmp < 0 && right)
right = mid - 1;
else if (cmp < 0)
return -1;
else if (mid < num_sym_oids - 1)
left = mid + 1;
else
return -1;
}
return -1;
}
int
der_match_heim_oid_by_name(const char *str, int *c, const heim_oid **oid)
{
size_t i;
if (*c < 0)
*c = 0;
init_sym_oids();
for (i = (size_t)*c; i < num_sym_oids; i++) {
/*
* XXX We need a lib/roken strcasestr(), or maybe we should support
* globbing here.
*/
if (strstr(sym_oids[i].sym, str)) {
*oid = sym_oids[i].oid;
if (i >= INT_MAX)
return -1;
*c = i + 1; /* num_sym_oids is much less than INT_MAX */
return 0;
}
}
return -1;
}
/* Warning: der_print_heim_oid_sym() will not round-trip */
int
der_print_heim_oid_sym(const heim_oid *oid, char delim, char **strp)
{
const char *sym;
char *s1 = NULL;
char *s2 = NULL;
int ret;
if (der_find_heim_oid_by_oid(oid, &sym))
return der_print_heim_oid(oid, delim, strp);
if ((ret = der_print_heim_oid(oid, delim, &s1)))
return ret;
if (asprintf(&s2, "%s (%s)", s1, sym) == -1 || s2 == NULL) {
*strp = s1;
return 0;
}
*strp = s2;
free(s1);
return 0;
}