abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-30 22:44:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update tests and tools

Browse Source
This commit is contained in:
Zhi Guan
2022-03-16 15:12:29 +08:00
parent 2c2425d230
commit ea4cc6585c
52 changed files with 3600 additions and 3216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
src/x509_oid.c
View File

@@ -75,24 +75,25 @@ static uint32_t oid_at_country_name[] = { oid_at,6 };
static uint32_t oid_at_serial_number[] = { oid_at,5 };
static uint32_t oid_at_pseudonym[] = { oid_at,65 };
static uint32_t oid_domain_component[] = { 0,9,2342,19200300,100,1,25 };
static const size_t oid_at_cnt = sizeof(oid_at_name)/sizeof(int);
static const ASN1_OID_INFO x509_name_types[] = {
{ OID_at_name, "name", oid_at_name, 3 },
{ OID_at_surname, "surname", oid_at_surname, 3 },
{ OID_at_given_name, "givenName", oid_at_given_name, 3 },
{ OID_at_initials, "initials", oid_at_initials, 3 },
{ OID_at_generation_qualifier, "generationQualifier", oid_at_generation_qualifier, 3 },
{ OID_at_common_name, "commonName", oid_at_common_name, 3 },
{ OID_at_locality_name, "localityName", oid_at_locality_name, 3 },
{ OID_at_state_or_province_name, "stateOrProvinceName", oid_at_state_or_province_name, 3 },
{ OID_at_organization_name, "organizationName", oid_at_organization_name, 3 },
{ OID_at_organizational_unit_name, "organizationalUnitName", oid_at_organizational_unit_name, 3 },
{ OID_at_title, "title", oid_at_title, 3 },
{ OID_at_dn_qualifier, "dnQualifier", oid_at_dn_qualifier, 3 },
{ OID_at_country_name, "countryName", oid_at_country_name, 3 },
{ OID_at_serial_number, "serialNumber", oid_at_serial_number, 3 },
{ OID_at_pseudonym, "pseudonym", oid_at_pseudonym, 3 },
{ OID_domain_component, "domainComponent", oid_domain_component, 7 },
{ OID_at_name, "name", oid_at_name, oid_at_cnt },
{ OID_at_surname, "surname", oid_at_surname, oid_at_cnt },
{ OID_at_given_name, "givenName", oid_at_given_name, oid_at_cnt },
{ OID_at_initials, "initials", oid_at_initials, oid_at_cnt },
{ OID_at_generation_qualifier, "generationQualifier", oid_at_generation_qualifier, oid_at_cnt },
{ OID_at_common_name, "commonName", oid_at_common_name, oid_at_cnt },
{ OID_at_locality_name, "localityName", oid_at_locality_name, oid_at_cnt },
{ OID_at_state_or_province_name, "stateOrProvinceName", oid_at_state_or_province_name, oid_at_cnt },
{ OID_at_organization_name, "organizationName", oid_at_organization_name, oid_at_cnt },
{ OID_at_organizational_unit_name, "organizationalUnitName", oid_at_organizational_unit_name, oid_at_cnt },
{ OID_at_title, "title", oid_at_title, oid_at_cnt },
{ OID_at_dn_qualifier, "dnQualifier", oid_at_dn_qualifier, oid_at_cnt },
{ OID_at_country_name, "countryName", oid_at_country_name, oid_at_cnt },
{ OID_at_serial_number, "serialNumber", oid_at_serial_number, oid_at_cnt },
{ OID_at_pseudonym, "pseudonym", oid_at_pseudonym, oid_at_cnt },
{ OID_domain_component, "domainComponent", oid_domain_component, sizeof(oid_domain_component)/sizeof(int) },
};
static const int x509_name_types_count
@@ -121,14 +122,11 @@ int x509_name_type_from_name(const char *name)
int x509_name_type_to_der(int oid, uint8_t **out, size_t *outlen)
{
const ASN1_OID_INFO *info;
size_t len = 0;
if (!(info = asn1_oid_info_from_oid(x509_name_types, x509_name_types_count, oid))) {
error_print();
return -1;
}
if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, NULL, &len) != 1
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|| asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
error_print();
return -1;
}
@@ -138,18 +136,11 @@ int x509_name_type_to_der(int oid, uint8_t **out, size_t *outlen)
int x509_name_type_from_der(int *oid, const uint8_t **in, size_t *inlen)
{
int ret;
const uint8_t *d;
size_t dlen;
const ASN1_OID_INFO *info;
*oid = 0;
if ((ret = asn1_sequence_from_der(&d, &dlen, in, inlen)) != 1) {
if ((ret = asn1_oid_info_from_der(&info, x509_name_types, x509_name_types_count, in, inlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
if ((ret = asn1_oid_info_from_der(&info, x509_name_types, x509_name_types_count, &d, &dlen)) != 1
|| asn1_length_is_zero(dlen) != 1) {
error_print();
else *oid = -1;
return ret;
}
*oid = info->oid;
@@ -172,23 +163,24 @@ static uint32_t oid_ce_policy_constraints[] = { oid_ce,36 };
static uint32_t oid_ce_ext_key_usage[] = { oid_ce,37 };
static uint32_t oid_ce_freshest_crl[] = { oid_ce,46 };
static uint32_t oid_ce_inhibit_any_policy[] = { oid_ce,54 };
static const size_t oid_ce_cnt = sizeof(oid_ce_subject_directory_attributes)/sizeof(int);
static const ASN1_OID_INFO x509_ext_ids[] = {
{ OID_ce_authority_key_identifier, "AuthorityKeyIdentifier", oid_ce_authority_key_identifier, 4 },
{ OID_ce_subject_key_identifier, "SubjectKeyIdentifier", oid_ce_subject_key_identifier, 4 },
{ OID_ce_key_usage, "KeyUsage", oid_ce_key_usage, 4 },
{ OID_ce_certificate_policies, "CertificatePolicies", oid_ce_certificate_policies, 4 },
{ OID_ce_policy_mappings, "PolicyMappings", oid_ce_policy_mappings, 4 },
{ OID_ce_subject_alt_name, "SubjectAltName", oid_ce_subject_alt_name, 4 },
{ OID_ce_issuer_alt_name, "IssuerAltName", oid_ce_issuer_alt_name, 4 },
{ OID_ce_subject_directory_attributes, "SubjectDirectoryAttributes", oid_ce_subject_directory_attributes, 4 },
{ OID_ce_basic_constraints, "BasicConstraints", oid_ce_basic_constraints, 4 },
{ OID_ce_name_constraints, "NameConstraints", oid_ce_name_constraints, 4 },
{ OID_ce_policy_constraints, "PolicyConstraints", oid_ce_policy_constraints, 4 },
{ OID_ce_ext_key_usage, "ExtKeyUsage", oid_ce_ext_key_usage, 4 },
{ OID_ce_crl_distribution_points, "CRLDistributionPoints", oid_ce_crl_distribution_points, 4 },
{ OID_ce_inhibit_any_policy, "InhibitAnyPolicy", oid_ce_inhibit_any_policy, 4 },
{ OID_ce_freshest_crl, "FreshestCRL", oid_ce_freshest_crl, 4 },
{ OID_ce_authority_key_identifier, "AuthorityKeyIdentifier", oid_ce_authority_key_identifier, oid_ce_cnt },
{ OID_ce_subject_key_identifier, "SubjectKeyIdentifier", oid_ce_subject_key_identifier, oid_ce_cnt },
{ OID_ce_key_usage, "KeyUsage", oid_ce_key_usage, oid_ce_cnt },
{ OID_ce_certificate_policies, "CertificatePolicies", oid_ce_certificate_policies, oid_ce_cnt },
{ OID_ce_policy_mappings, "PolicyMappings", oid_ce_policy_mappings, oid_ce_cnt },
{ OID_ce_subject_alt_name, "SubjectAltName", oid_ce_subject_alt_name, oid_ce_cnt },
{ OID_ce_issuer_alt_name, "IssuerAltName", oid_ce_issuer_alt_name, oid_ce_cnt },
{ OID_ce_subject_directory_attributes, "SubjectDirectoryAttributes", oid_ce_subject_directory_attributes, oid_ce_cnt },
{ OID_ce_basic_constraints, "BasicConstraints", oid_ce_basic_constraints, oid_ce_cnt },
{ OID_ce_name_constraints, "NameConstraints", oid_ce_name_constraints, oid_ce_cnt },
{ OID_ce_policy_constraints, "PolicyConstraints", oid_ce_policy_constraints, oid_ce_cnt },
{ OID_ce_ext_key_usage, "ExtKeyUsage", oid_ce_ext_key_usage, oid_ce_cnt },
{ OID_ce_crl_distribution_points, "CRLDistributionPoints", oid_ce_crl_distribution_points, oid_ce_cnt },
{ OID_ce_inhibit_any_policy, "InhibitAnyPolicy", oid_ce_inhibit_any_policy, oid_ce_cnt },
{ OID_ce_freshest_crl, "FreshestCRL", oid_ce_freshest_crl, oid_ce_cnt },
};
static const int x509_ext_ids_count =
@@ -217,35 +209,30 @@ int x509_ext_id_from_name(const char *name)
int x509_ext_id_to_der(int oid, uint8_t **out, size_t *outlen)
{
const ASN1_OID_INFO *info;
size_t len = 0;
if (!(info = asn1_oid_info_from_oid(x509_ext_ids, x509_ext_ids_count, oid))) {
error_print();
return -1;
}
if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, NULL, &len) != 1
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|| asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
if (asn1_object_identifier_to_der(info->nodes, info->nodes_cnt, out, outlen) != 1) {
error_print();
return -1;
}
return 1;
}
// 不同于X509算法X509扩展的数量比较多而且很多没有在RFC中而是由某些大公司给出的, 因此这个函数接口要返回nodes
// 如果要支持未知的ext_id应该提供一个callback
int x509_ext_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen)
{
int ret;
const uint8_t *p;
size_t len;
const ASN1_OID_INFO *info;
*oid = 0;
if ((ret = asn1_oid_info_from_der_ex(&info, nodes, nodes_cnt, x509_ext_ids, x509_ext_ids_count, in, inlen)) != 1) {
error_print();
return -1;
if (ret < 0) error_print();
else *oid = -1;
return ret;
}
*oid = info->oid;
return ret;
*oid = info ? info->oid : 0;
return 1;
}
@@ -300,6 +287,7 @@ int x509_qualifier_id_from_der(int *oid, const uint8_t **in, size_t *inlen)
const ASN1_OID_INFO *info;
if ((ret = asn1_oid_info_from_der(&info, x509_qt_ids, x509_qt_ids_count, in, inlen)) != 1) {
if (ret < 0) error_print();
else *oid = -1;
return ret;
}
*oid = info->oid;
@@ -307,6 +295,22 @@ int x509_qualifier_id_from_der(int *oid, const uint8_t **in, size_t *inlen)
}
int x509_cert_policy_id_from_name(const char *name)
{
if (strcmp(name, "anyPolicy") == 0) {
return OID_any_policy;
}
return OID_undef;
}
char *x509_cert_policy_id_name(int oid)
{
switch (oid) {
case OID_any_policy: return "anyPolicy";
}
return NULL;
}
static uint32_t oid_any_policy[] = { oid_ce,32,0 };
int x509_cert_policy_id_to_der(int oid, const uint32_t *nodes, size_t nodes_cnt, uint8_t **out, size_t *outlen)
@@ -334,9 +338,9 @@ int x509_cert_policy_id_to_der(int oid, const uint32_t *nodes, size_t nodes_cnt,
int x509_cert_policy_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, const uint8_t **in, size_t *inlen)
{
int ret;
*oid = OID_undef;
if ((ret = asn1_object_identifier_from_der(nodes, nodes_cnt, in, inlen)) != 1) {
if (ret < 0) error_print();
*oid = -1;
return ret;
}
if (*nodes_cnt == sizeof(oid_any_policy)/sizeof(int)
@@ -346,23 +350,6 @@ int x509_cert_policy_id_from_der(int *oid, uint32_t *nodes, size_t *nodes_cnt, c
return 1;
}
int x509_cert_policy_id_from_name(const char *name)
{
if (strcmp(name, "anyPolicy") == 0) {
return OID_any_policy;
}
return OID_undef;
}
char *x509_cert_policy_id_name(int oid)
{
switch (oid) {
case OID_any_policy: return "anyPolicy";
}
return NULL;
}
#define oid_kp oid_pkix,3
@@ -372,15 +359,16 @@ static uint32_t oid_kp_code_signing[] = { oid_kp,3 };
static uint32_t oid_kp_email_protection[] = { oid_kp,4 };
static uint32_t oid_kp_time_stamping[] = { oid_kp,8 };
static uint32_t oid_kp_ocsp_signing[] = { oid_kp,9 };
static const size_t oid_kp_cnt = sizeof(oid_kp_server_auth)/sizeof(int);
static const ASN1_OID_INFO x509_key_purposes[] = {
{ OID_kp_server_auth, "serverAuth", oid_kp_server_auth, 9, 0, "TLS WWW server authentication" },
{ OID_kp_client_auth, "clientAuth", oid_kp_client_auth, 9, 0, "TLS WWW client authentication" },
{ OID_kp_code_signing, "codeSigning", oid_kp_code_signing, 9, 0, "Signing of downloadable executable code" },
{ OID_kp_email_protection, "emailProtection", oid_kp_email_protection, 9, 0, "Email protection" },
{ OID_kp_time_stamping, "timeStamping", oid_kp_time_stamping, 9, 0, "Binding the hash of an object to a time" },
{ OID_kp_ocsp_signing, "OCSPSigning", oid_kp_ocsp_signing, 9, 0, "Signing OCSP responses" },
{ OID_kp_server_auth, "serverAuth", oid_kp_server_auth, oid_kp_cnt, 0, "TLS WWW server authentication" },
{ OID_kp_client_auth, "clientAuth", oid_kp_client_auth, oid_kp_cnt, 0, "TLS WWW client authentication" },
{ OID_kp_code_signing, "codeSigning", oid_kp_code_signing, oid_kp_cnt, 0, "Signing of downloadable executable code" },
{ OID_kp_email_protection, "emailProtection", oid_kp_email_protection, oid_kp_cnt, 0, "Email protection" },
{ OID_kp_time_stamping, "timeStamping", oid_kp_time_stamping, oid_kp_cnt, 0, "Binding the hash of an object to a time" },
{ OID_kp_ocsp_signing, "OCSPSigning", oid_kp_ocsp_signing, oid_kp_cnt, 0, "Signing OCSP responses" },
};
static const int x509_key_purposes_count =
@@ -434,9 +422,9 @@ int x509_key_purpose_from_der(int *oid, const uint8_t **in, size_t *inlen)
{
int ret;
const ASN1_OID_INFO *info;
if ((ret = asn1_oid_info_from_der(&info, x509_key_purposes, x509_key_purposes_count, in, inlen)) != 1) {
if (ret < 0) error_print();
else *oid = 0;
return ret;
}
*oid = info->oid;