diff options
author | Stef Walter <stef@thewalter.net> | 2013-06-24 13:34:30 +0200 |
---|---|---|
committer | Stef Walter <stef@thewalter.net> | 2013-06-25 13:27:01 +0200 |
commit | 069c52a10cc4c4c06de8a4d83ddb3755e40be7a4 (patch) | |
tree | 039013d0a4c0e53050204c92d4028e2419f80461 /common | |
parent | 5489a1456c5a6f320bd2b3aa849f36f10d538e81 (diff) |
Reorganize various components
* p11-kit library and tool in the p11-kit/ subdirectory
* trust module and new trust tool in trust/ subdirectory
* No more tools/ subdirectory
* Lots less in the common/ subdirectory
Diffstat (limited to 'common')
32 files changed, 373 insertions, 5244 deletions
diff --git a/common/Makefile.am b/common/Makefile.am index b3e4eaf..2df3915 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -13,6 +13,7 @@ noinst_LTLIBRARIES = \ libp11-common.la \ libp11-library.la \ libp11-test.la \ + libp11-tool.la \ $(NULL) libp11_common_la_SOURCES = \ @@ -41,30 +42,6 @@ libp11_test_la_SOURCES = \ test.c test.h \ $(NULL) -if WITH_ASN1 - -noinst_LTLIBRARIES += \ - libp11-data.la \ - $(NULL) - -libp11_data_la_SOURCES = \ - asn1.c asn1.h \ - basic.asn basic.asn.h \ - base64.c base64.h \ - oid.c oid.h \ - openssl.asn openssl.asn.h \ - pem.c pem.h \ - pkix.asn pkix.asn.h \ - utf8.c utf8.h \ - x509.c x509.h \ - $(NULL) - -libp11_data_la_CFLAGS = \ - $(LIBTASN1_CFLAGS) - -asn: - asn1Parser -o pkix.asn.h pkix.asn - asn1Parser -o openssl.asn.h openssl.asn - asn1Parser -o basic.asn.h basic.asn - -endif # WITH_ASN1 +libp11_tool_la_SOURCES = \ + tool.c tool.h \ + $(NULL)
\ No newline at end of file diff --git a/common/asn1.c b/common/asn1.c deleted file mode 100644 index 29cca3a..0000000 --- a/common/asn1.c +++ /dev/null @@ -1,326 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "asn1.h" -#define P11_DEBUG_FLAG P11_DEBUG_TRUST -#include "debug.h" -#include "oid.h" - -#include "openssl.asn.h" -#include "pkix.asn.h" - -#include <assert.h> -#include <stdlib.h> -#include <string.h> - -static void -free_asn1_def (void *data) -{ - node_asn *def = data; - asn1_delete_structure (&def); -} - -struct { - const ASN1_ARRAY_TYPE* tab; - const char *prefix; - int prefix_len; -} asn1_tabs[] = { - { pkix_asn1_tab, "PKIX1.", 6 }, - { openssl_asn1_tab, "OPENSSL.", 8 }, - { NULL, }, -}; - -p11_dict * -p11_asn1_defs_load (void) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *def; - p11_dict *defs; - int ret; - int i; - - defs = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, free_asn1_def); - - for (i = 0; asn1_tabs[i].tab != NULL; i++) { - - def = NULL; - ret = asn1_array2tree (asn1_tabs[i].tab, &def, message); - if (ret != ASN1_SUCCESS) { - p11_debug_precond ("failed to load %s* definitions: %s: %s\n", - asn1_tabs[i].prefix, asn1_strerror (ret), message); - return NULL; - } - - if (!p11_dict_set (defs, (void *)asn1_tabs[i].prefix, def)) - return_val_if_reached (NULL); - } - - return defs; -} - -static node_asn * -lookup_def (p11_dict *asn1_defs, - const char *struct_name) -{ - int i; - - for (i = 0; asn1_tabs[i].tab != NULL; i++) { - if (strncmp (struct_name, asn1_tabs[i].prefix, asn1_tabs[i].prefix_len) == 0) - return p11_dict_get (asn1_defs, asn1_tabs[i].prefix); - } - - p11_debug_precond ("unknown prefix for element: %s\n", struct_name); - return NULL; -} - -node_asn * -p11_asn1_create (p11_dict *asn1_defs, - const char *struct_name) -{ - node_asn *def; - node_asn *asn; - int ret; - - return_val_if_fail (asn1_defs != NULL, NULL); - - def = lookup_def (asn1_defs, struct_name); - return_val_if_fail (def != NULL, NULL); - - ret = asn1_create_element (def, struct_name, &asn); - if (ret != ASN1_SUCCESS) { - p11_debug_precond ("failed to create element %s: %s\n", - struct_name, asn1_strerror (ret)); - return NULL; - } - - return asn; -} - -node_asn * -p11_asn1_decode (p11_dict *asn1_defs, - const char *struct_name, - const unsigned char *der, - size_t der_len, - char *message) -{ - char msg[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - node_asn *asn = NULL; - int ret; - - return_val_if_fail (asn1_defs != NULL, NULL); - - asn = p11_asn1_create (asn1_defs, struct_name); - return_val_if_fail (asn != NULL, NULL); - - /* asn1_der_decoding destroys the element if fails */ - ret = asn1_der_decoding (&asn, der, der_len, message ? message : msg); - - if (ret != ASN1_SUCCESS) { - /* If caller passed in a message buffer, assume they're logging */ - if (!message) { - p11_debug ("couldn't parse %s: %s: %s", - struct_name, asn1_strerror (ret), msg); - } - return NULL; - } - - return asn; -} - -unsigned char * -p11_asn1_encode (node_asn *asn, - size_t *der_len) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - unsigned char *der; - int len; - int ret; - - return_val_if_fail (der_len != NULL, NULL); - - len = 0; - ret = asn1_der_coding (asn, "", NULL, &len, message); - return_val_if_fail (ret != ASN1_SUCCESS, NULL); - - if (ret == ASN1_MEM_ERROR) { - der = malloc (len); - return_val_if_fail (der != NULL, NULL); - - ret = asn1_der_coding (asn, "", der, &len, message); - } - - if (ret != ASN1_SUCCESS) { - p11_debug_precond ("failed to encode: %s\n", message); - return NULL; - } - - if (der_len) - *der_len = len; - return der; -} - -ssize_t -p11_asn1_tlv_length (const unsigned char *data, - size_t length) -{ - unsigned char cls; - int counter = 0; - int cb, len; - unsigned long tag; - - if (asn1_get_tag_der (data, length, &cls, &cb, &tag) == ASN1_SUCCESS) { - counter += cb; - len = asn1_get_length_der (data + cb, length - cb, &cb); - counter += cb; - if (len >= 0) { - len += counter; - if (length >= len) - return len; - } - } - - return -1; -} - -typedef struct { - node_asn *node; - char *struct_name; - size_t length; -} asn1_item; - -static void -free_asn1_item (void *data) -{ - asn1_item *item = data; - free (item->struct_name); - asn1_delete_structure (&item->node); - free (item); -} - -struct _p11_asn1_cache { - p11_dict *defs; - p11_dict *items; -}; - -p11_asn1_cache * -p11_asn1_cache_new (void) -{ - p11_asn1_cache *cache; - - cache = calloc (1, sizeof (p11_asn1_cache)); - return_val_if_fail (cache != NULL, NULL); - - cache->defs = p11_asn1_defs_load (); - return_val_if_fail (cache->defs != NULL, NULL); - - cache->items = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, - NULL, free_asn1_item); - return_val_if_fail (cache->items != NULL, NULL); - - return cache; -} - -node_asn * -p11_asn1_cache_get (p11_asn1_cache *cache, - const char *struct_name, - const unsigned char *der, - size_t der_len) -{ - asn1_item *item; - - return_val_if_fail (cache != NULL, NULL); - return_val_if_fail (struct_name != NULL, NULL); - return_val_if_fail (der != NULL, NULL); - - item = p11_dict_get (cache->items, der); - if (item != NULL) { - return_val_if_fail (item->length == der_len, NULL); - return_val_if_fail (strcmp (item->struct_name, struct_name) == 0, NULL); - return item->node; - } - - return NULL; -} - -void -p11_asn1_cache_take (p11_asn1_cache *cache, - node_asn *node, - const char *struct_name, - const unsigned char *der, - size_t der_len) -{ - asn1_item *item; - - return_if_fail (cache != NULL); - return_if_fail (struct_name != NULL); - return_if_fail (der != NULL); - return_if_fail (der_len != 0); - - item = calloc (1, sizeof (asn1_item)); - return_if_fail (item != NULL); - - item->length = der_len; - item->node = node; - item->struct_name = strdup (struct_name); - return_if_fail (item->struct_name != NULL); - - if (!p11_dict_set (cache->items, (void *)der, item)) - return_if_reached (); -} - -void -p11_asn1_cache_flush (p11_asn1_cache *cache) -{ - return_if_fail (cache != NULL); - p11_dict_clear (cache->items); -} - -p11_dict * -p11_asn1_cache_defs (p11_asn1_cache *cache) -{ - return_val_if_fail (cache != NULL, NULL); - return cache->defs; -} - -void -p11_asn1_cache_free (p11_asn1_cache *cache) -{ - if (!cache) - return; - p11_dict_free (cache->items); - p11_dict_free (cache->defs); - free (cache); -} diff --git a/common/asn1.h b/common/asn1.h deleted file mode 100644 index 1bd7dd1..0000000 --- a/common/asn1.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include <libtasn1.h> - -#include "dict.h" - -#ifndef P11_ASN1_H_ -#define P11_ASN1_H_ - -typedef struct _p11_asn1_cache p11_asn1_cache; - -p11_dict * p11_asn1_defs_load (void); - -node_asn * p11_asn1_decode (p11_dict *asn1_defs, - const char *struct_name, - const unsigned char *der, - size_t der_len, - char *message); - -node_asn * p11_asn1_create (p11_dict *asn1_defs, - const char *struct_name); - -unsigned char * p11_asn1_encode (node_asn *asn, - size_t *der_len); - -ssize_t p11_asn1_tlv_length (const unsigned char *data, - size_t length); - -p11_asn1_cache * p11_asn1_cache_new (void); - -p11_dict * p11_asn1_cache_defs (p11_asn1_cache *cache); - -node_asn * p11_asn1_cache_get (p11_asn1_cache *cache, - const char *struct_name, - const unsigned char *der, - size_t der_len); - -void p11_asn1_cache_take (p11_asn1_cache *cache, - node_asn *node, - const char *struct_name, - const unsigned char *der, - size_t der_len); - -void p11_asn1_cache_flush (p11_asn1_cache *cache); - -void p11_asn1_cache_free (p11_asn1_cache *cache); - -#endif /* P11_ASN1_H_ */ diff --git a/common/base64.c b/common/base64.c deleted file mode 100644 index a9eb966..0000000 --- a/common/base64.c +++ /dev/null @@ -1,251 +0,0 @@ -/* - * Copyright (c) 1996, 1998 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -#include "config.h" - -#include "base64.h" - -#include <assert.h> -#include <ctype.h> -#include <stdlib.h> -#include <string.h> - -static const char Base64[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -static const char Pad64 = '='; - -/* skips all whitespace anywhere. - converts characters, four at a time, starting at (or after) - src from base - 64 numbers into three 8 bit bytes in the target area. - it returns the number of data bytes stored at the target, or -1 on error. - */ - -int -p11_b64_pton (const char *src, - size_t length, - unsigned char *target, - size_t targsize) -{ - int tarindex, state, ch; - char *pos; - const char *end; - - state = 0; - tarindex = 0; - end = src + length; - - /* We can't rely on the null terminator */ - #define next_char(src, end) \ - (((src) == (end)) ? '\0': *(src)++) - - while ((ch = next_char (src, end)) != '\0') { - if (isspace ((unsigned char) ch)) /* Skip whitespace anywhere. */ - continue; - - if (ch == Pad64) - break; - - pos = strchr (Base64, ch); - if (pos == 0) /* A non-base64 character. */ - return (-1); - - switch (state) { - case 0: - if (target) { - if ((size_t)tarindex >= targsize) - return (-1); - target[tarindex] = (pos - Base64) << 2; - } - state = 1; - break; - case 1: - if (target) { - if ((size_t) tarindex + 1 >= targsize) - return (-1); - target[tarindex] |= (pos - Base64) >> 4; - target[tarindex + 1] = ((pos - Base64) & 0x0f) - << 4; - } - tarindex++; - state = 2; - break; - case 2: - if (target) { - if ((size_t) tarindex + 1 >= targsize) - return (-1); - target[tarindex] |= (pos - Base64) >> 2; - target[tarindex + 1] = ((pos - Base64) & 0x03) - << 6; - } - tarindex++; - state = 3; - break; - case 3: - if (target) { - if ((size_t) tarindex >= targsize) - return (-1); - target[tarindex] |= (pos - Base64); - } - tarindex++; - state = 0; - break; - default: - abort(); - } - } - - /* - * We are done decoding Base-64 chars. Let's see if we ended - * on a byte boundary, and/or with erroneous trailing characters. - */ - - if (ch == Pad64) { /* We got a pad char. */ - ch = next_char (src, end); /* Skip it, get next. */ - switch (state) { - case 0: /* Invalid = in first position */ - case 1: /* Invalid = in second position */ - return (-1); - - case 2: /* Valid, means one byte of info */ - /* Skip any number of spaces. */ - for ((void) NULL; ch != '\0'; ch = next_char (src, end)) - if (!isspace((unsigned char) ch)) - break; - /* Make sure there is another trailing = sign. */ - if (ch != Pad64) - return (-1); - ch = next_char (src, end); /* Skip the = */ - /* Fall through to "single trailing =" case. */ - /* FALLTHROUGH */ - - case 3: /* Valid, means two bytes of info */ - /* - * We know this char is an =. Is there anything but - * whitespace after it? - */ - for ((void)NULL; src != end; ch = next_char (src, end)) - if (!isspace((unsigned char) ch)) - return (-1); - - /* - * Now make sure for cases 2 and 3 that the "extra" - * bits that slopped past the last full byte were - * zeros. If we don't check them, they become a - * subliminal channel. - */ - if (target && target[tarindex] != 0) - return (-1); - } - } else { - /* - * We ended by seeing the end of the string. Make sure we - * have no partial bytes lying around. - */ - if (state != 0) - return (-1); - } - - return (tarindex); -} - -int -p11_b64_ntop (const unsigned char *src, - size_t srclength, - char *target, - size_t targsize, - int breakl) -{ - size_t len = 0; - unsigned char input[3]; - unsigned char output[4]; - size_t i; - - while (srclength > 0) { - if (2 < srclength) { - input[0] = *src++; - input[1] = *src++; - input[2] = *src++; - srclength -= 3; - - output[0] = input[0] >> 2; - output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); - output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); - output[3] = input[2] & 0x3f; - - } else if (0 != srclength) { - /* Get what's left. */ - input[0] = input[1] = input[2] = '\0'; - for (i = 0; i < srclength; i++) - input[i] = *src++; - - output[0] = input[0] >> 2; - output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); - if (srclength == 1) - output[2] = 255; - else - output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); - output[3] = 255; - - srclength = 0; - } - - for (i = 0; i < 4; i++) { - if (breakl && len % (breakl + 1) == 0) { - assert (len + 1 < targsize); - target[len++] = '\n'; - } - - assert(output[i] == 255 || output[i] < 64); - assert (len + 1 < targsize); - - if (output[i] == 255) - target[len++] = Pad64; - else - target[len++] = Base64[output[i]]; - } - } - - assert (len < targsize); - target[len] = '\0'; /* Returned value doesn't count \0. */ - return len; -} diff --git a/common/base64.h b/common/base64.h deleted file mode 100644 index cc27afd..0000000 --- a/common/base64.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 1996, 1998 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -#ifndef P11_BASE64_H_ -#define P11_BASE64_H_ - -#include <sys/types.h> - -int p11_b64_pton (const char *src, - size_t length, - unsigned char *target, - size_t targsize); - -int p11_b64_ntop (const unsigned char *src, - size_t srclength, - char *target, - size_t targsize, - int breakl); - -#endif /* P11_BASE64_H_ */ diff --git a/common/basic.asn b/common/basic.asn deleted file mode 100644 index 3c79a4b..0000000 --- a/common/basic.asn +++ /dev/null @@ -1,12 +0,0 @@ - -BASIC { } - -DEFINITIONS EXPLICIT TAGS ::= - -BEGIN - -Any ::= ANY - -ObjectIdentifier ::= OBJECT IDENTIFIER - -END
\ No newline at end of file diff --git a/common/basic.asn.h b/common/basic.asn.h deleted file mode 100644 index b63447b..0000000 --- a/common/basic.asn.h +++ /dev/null @@ -1,13 +0,0 @@ -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include <libtasn1.h> - -const ASN1_ARRAY_TYPE basic_asn1_tab[] = { - { "BASIC", 536872976, NULL }, - { NULL, 1073741836, NULL }, - { "Any", 1073741837, NULL }, - { "ObjectIdentifier", 12, NULL }, - { NULL, 0, NULL } -}; diff --git a/common/oid.c b/common/oid.c deleted file mode 100644 index b4b0bf6..0000000 --- a/common/oid.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "oid.h" - -#include <assert.h> -#include <stdlib.h> -#include <string.h> - -/* - * We deal with OIDs a lot in their DER form. These have the - * advantage of having the length encoded in their second byte, - * at least for all the OIDs we're interested in. - * - * The goal here is to avoid carrying around extra length - * information about DER encoded OIDs. - */ - -bool -p11_oid_simple (const unsigned char *oid, - int len) -{ - return (oid != NULL && - len > 3 && /* minimum length */ - oid[0] == 0x06 && /* simple encoding */ - (oid[1] & 128) == 0 && /* short form length */ - (size_t)oid[1] == len - 2); /* matches length */ -} - -bool -p11_oid_equal (const void *oid_one, - const void *oid_two) -{ - int len_one; - int len_two; - - len_one = p11_oid_length (oid_one); - len_two = p11_oid_length (oid_two); - - return (len_one == len_two && - memcmp (oid_one, oid_two, len_one) == 0); -} - -int -p11_oid_length (const unsigned char *oid) -{ - assert (oid[0] == 0x06); - assert ((oid[1] & 128) == 0); - return (int)oid[1] + 2; -} diff --git a/common/oid.h b/common/oid.h deleted file mode 100644 index dee6b10..0000000 --- a/common/oid.h +++ /dev/null @@ -1,229 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#ifndef P11_OIDS_H_ -#define P11_OIDS_H_ - -#include "compat.h" - -bool p11_oid_simple (const unsigned char *oid, - int len); - -bool p11_oid_equal (const void *oid_one, - const void *oid_two); - -int p11_oid_length (const unsigned char *oid); - -/* - * 2.5.4.3: CN or commonName - */ -static const unsigned char P11_OID_CN[] = - { 0x06, 0x03, 0x55, 0x04, 0x03, }; - -/* - * 2.5.4.10: O or organization - */ -static const unsigned char P11_OID_O[] = - { 0x06, 0x03, 0x55, 0x04, 0x0a, }; - -/* - * 2.5.4.11: OU or organizationalUnit - */ -static const unsigned char P11_OID_OU[] = - { 0x06, 0x03, 0x55, 0x04, 0x0b, }; - -/* - * Our support of certificate extensions and so on is not limited to what is - * listed here. This is simply the OIDs used by the parsing code that generates - * backwards compatible PKCS#11 objects for NSS and the like. - */ - -/* - * 2.5.29.14: SubjectKeyIdentifier - */ -static const unsigned char P11_OID_SUBJECT_KEY_IDENTIFIER[] = - { 0x06, 0x03, 0x55, 0x1d, 0x0e }; - -/* - * 2.5.29.15: KeyUsage - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_KEY_USAGE[] = - { 0x06, 0x03, 0x55, 0x1d, 0x0f }; - -enum { - P11_KU_DIGITAL_SIGNATURE = 128, - P11_KU_NON_REPUDIATION = 64, - P11_KU_KEY_ENCIPHERMENT = 32, - P11_KU_DATA_ENCIPHERMENT = 16, - P11_KU_KEY_AGREEMENT = 8, - P11_KU_KEY_CERT_SIGN = 4, - P11_KU_CRL_SIGN = 2, - P11_KU_ENCIPHER_ONLY = 1, - P11_KU_DECIPHER_ONLY = 32768, -}; - -/* - * 2.5.29.19: BasicConstraints - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_BASIC_CONSTRAINTS[] = - { 0x06, 0x03, 0x55, 0x1d, 0x13 }; - -/* - * 2.5.29.37: ExtendedKeyUsage - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_EXTENDED_KEY_USAGE[] = - { 0x06, 0x03, 0x55, 0x1d, 0x25 }; - -/* - * 1.3.6.1.4.1.3319.6.10.1: OpenSSL reject extension - * - * An internally defined certificate extension. - * - * OpenSSL contains a list of OID extended key usages to reject. - * The normal X.509 model is to only *include* the extended key - * usages that are to be allowed (ie: a whitelist). It's not clear - * exactly how valid and useful the reject per extended key usage - * model is. - * - * However in order to parse openssl trust policy information and - * be able to write it back out in the same way, we define a custom - * certificate extension to store it. - * - * It is not expected (or supported) for others outside of p11-kit - * to read this information at this point. - * - * This extension is never marked critical. It is not necessary to - * respect information in this certificate extension given that the - * ExtendedKeyUsage extension carries the same information as a - * whitelist. - */ -static const unsigned char P11_OID_OPENSSL_REJECT[] = - { 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x01 }; - -/* - * 1.3.6.1.5.5.7.3.1: Server Auth - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_SERVER_AUTH[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01 }; -static const char P11_OID_SERVER_AUTH_STR[] = "1.3.6.1.5.5.7.3.1"; - -/* - * 1.3.6.1.5.5.7.3.2: Client Auth - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_CLIENT_AUTH[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02 }; -static const char P11_OID_CLIENT_AUTH_STR[] = "1.3.6.1.5.5.7.3.2"; - -/* - * 1.3.6.1.5.5.7.3.3: Code Signing - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_CODE_SIGNING[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03 }; -static const char P11_OID_CODE_SIGNING_STR[] = "1.3.6.1.5.5.7.3.3"; - -/* - * 1.3.6.1.5.5.7.3.4: Email Protection - * - * Defined in RFC 5280 - */ -static const unsigned char P11_OID_EMAIL_PROTECTION[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04 }; -static const char P11_OID_EMAIL_PROTECTION_STR[] = "1.3.6.1.5.5.7.3.4"; - -/* - * 1.3.6.1.5.5.7.3.5: IPSec End System - * - * Defined in RFC 2459 - */ -static const unsigned char P11_OID_IPSEC_END_SYSTEM[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x05 }; -static const char P11_OID_IPSEC_END_SYSTEM_STR[] = "1.3.6.1.5.5.7.3.5"; - -/* - * 1.3.6.1.5.5.7.3.6: IPSec Tunnel - * - * Defined in RFC 2459 - */ -static const unsigned char P11_OID_IPSEC_TUNNEL[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x06 }; -static const char P11_OID_IPSEC_TUNNEL_STR[] = "1.3.6.1.5.5.7.3.6"; - -/* - * 1.3.6.1.5.5.7.3.7: IPSec User - * - * Defined in RFC 2459 - */ -static const unsigned char P11_OID_IPSEC_USER[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x07 }; -static const char P11_OID_IPSEC_USER_STR[] = "1.3.6.1.5.5.7.3.7"; - -/* - * 1.3.6.1.5.5.7.3.8: Time Stamping - * - * Defined in RFC 2459 - */ -static const unsigned char P11_OID_TIME_STAMPING[] = - { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08 }; -static const char P11_OID_TIME_STAMPING_STR[] = "1.3.6.1.5.5.7.3.8"; -/* - * 1.3.6.1.4.1.3319.6.10.16: Reserved key purpose - * - * An internally defined reserved/dummy key purpose - * - * This is used with ExtendedKeyUsage certificate extensions to - * be a place holder when no other purposes are defined. - * - * In theory such a certificate should be blacklisted. But in reality - * many implementations use such empty sets of purposes. RFC 5280 requires - * at least one purpose in an ExtendedKeyUsage. - * - * Obviously this purpose should never be checked against. - */ -static const unsigned char P11_OID_RESERVED_PURPOSE[] = - { 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x10 }; -static const char P11_OID_RESERVED_PURPOSE_STR[] = "1.3.6.1.4.1.3319.6.10.16"; - -#endif diff --git a/common/openssl.asn b/common/openssl.asn deleted file mode 100644 index c1f452b..0000000 --- a/common/openssl.asn +++ /dev/null @@ -1,28 +0,0 @@ - -OPENSSL { } - -DEFINITIONS IMPLICIT TAGS ::= - -BEGIN - --- This module contains structures specific to OpenSSL - -CertAux ::= SEQUENCE { - trust SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, - reject [0] SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, - alias UTF8String OPTIONAL, - keyid OCTET STRING OPTIONAL, - other [1] SEQUENCE OF AlgorithmIdentifier OPTIONAL -} - --- Dependencies brought in from other modules - -AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL -} - -UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING - -- The content of this type conforms to RFC 2279. - -END diff --git a/common/openssl.asn.h b/common/openssl.asn.h deleted file mode 100644 index 4e6b240..0000000 --- a/common/openssl.asn.h +++ /dev/null @@ -1,28 +0,0 @@ -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include <libtasn1.h> - -const ASN1_ARRAY_TYPE openssl_asn1_tab[] = { - { "OPENSSL", 536875024, NULL }, - { NULL, 1073741836, NULL }, - { "CertAux", 1610612741, NULL }, - { "trust", 1610629131, NULL }, - { NULL, 12, NULL }, - { "reject", 1610637323, NULL }, - { NULL, 1073745928, "0"}, - { NULL, 12, NULL }, - { "alias", 1073758210, "UTF8String"}, - { "keyid", 1073758215, NULL }, - { "other", 536895499, NULL }, - { NULL, 1073745928, "1"}, - { NULL, 2, "AlgorithmIdentifier"}, - { "AlgorithmIdentifier", 1610612741, NULL }, - { "algorithm", 1073741836, NULL }, - { "parameters", 541081613, NULL }, - { "algorithm", 1, NULL }, - { "UTF8String", 536879111, NULL }, - { NULL, 4360, "12"}, - { NULL, 0, NULL } -}; diff --git a/common/pem.c b/common/pem.c deleted file mode 100644 index 7fe0076..0000000 --- a/common/pem.c +++ /dev/null @@ -1,290 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "compat.h" -#include "base64.h" -#include "buffer.h" -#include "debug.h" -#include "pem.h" - -#include <assert.h> -#include <ctype.h> -#include <stdlib.h> -#include <string.h> - -#define ARMOR_SUFF "-----" -#define ARMOR_SUFF_L 5 -#define ARMOR_PREF_BEGIN "-----BEGIN " -#define ARMOR_PREF_BEGIN_L 11 -#define ARMOR_PREF_END "-----END " -#define ARMOR_PREF_END_L 9 - -enum { - NONE = 0, - TRUSTED_CERTIFICATE, - CERTIFICATE -}; - -static const char * -pem_find_begin (const char *data, - size_t n_data, - char **type) -{ - const char *pref, *suff; - - /* Look for a prefix */ - pref = strnstr ((char *)data, ARMOR_PREF_BEGIN, n_data); - if (!pref) - return NULL; - - n_data -= (pref - data) + ARMOR_PREF_BEGIN_L; - data = pref + ARMOR_PREF_BEGIN_L; - - /* Look for the end of that begin */ - suff = strnstr ((char *)data, ARMOR_SUFF, n_data); - if (!suff) - return NULL; - - /* Make sure on the same line */ - if (memchr (pref, '\n', suff - pref)) - return NULL; - - if (type) { - pref += ARMOR_PREF_BEGIN_L; - assert (suff > pref); - *type = malloc (suff - pref + 1); - return_val_if_fail (*type != NULL, NULL); - memcpy (*type, pref, suff - pref); - (*type)[suff - pref] = 0; - } - - /* The byte after this ---BEGIN--- */ - return suff + ARMOR_SUFF_L; -} - -static const char * -pem_find_end (const char *data, - size_t n_data, - const char *type) -{ - const char *pref; - size_t n_type; - - /* Look for a prefix */ - pref = strnstr (data, ARMOR_PREF_END, n_data); - if (!pref) - return NULL; - - n_data -= (pref - data) + ARMOR_PREF_END_L; - data = pref + ARMOR_PREF_END_L; - - /* Next comes the type string */ - n_type = strlen (type); - if (n_type > n_data || strncmp ((char *)data, type, n_type) != 0) - return NULL; - - n_data -= n_type; - data += n_type; - - /* Next comes the suffix */ - if (ARMOR_SUFF_L > n_data || strncmp ((char *)data, ARMOR_SUFF, ARMOR_SUFF_L) != 0) - return NULL; - - /* The end of the data */ - return pref; -} - -static unsigned char * -pem_parse_block (const char *data, - size_t n_data, - size_t *n_decoded) -{ - const char *x, *hbeg, *hend; - const char *p, *end; - unsigned char *decoded; - size_t length; - int ret; - - assert (data != NULL); - assert (n_data != 0); - assert (n_decoded != NULL); - - p = data; - end = p + n_data; - - hbeg = hend = NULL; - - /* Try and find a pair of blank lines with only white space between */ - while (hend == NULL) { - x = memchr (p, '\n', end - p); - if (!x) - break; - ++x; - while (isspace (*x)) { - /* Found a second line, with only spaces between */ - if (*x == '\n') { - hbeg = data; - hend = x; - break; - /* Found a space between two lines */ - } else { - ++x; - } - } - - /* Try next line */ - p = x; - } - - /* Headers found? */ - if (hbeg && hend) { - data = hend; - n_data = end - data; - } - - length = (n_data * 3) / 4 + 1; - decoded = malloc (length); - return_val_if_fail (decoded != NULL, 0); - - ret = p11_b64_pton (data, n_data, decoded, length); - if (ret < 0) { - free (decoded); - return NULL; - } - - /* No need to parse headers for our use cases */ - - *n_decoded = ret; - return decoded; -} - -unsigned int -p11_pem_parse (const char *data, - size_t n_data, - p11_pem_sink sink, - void *user_data) -{ - const char *beg, *end; - unsigned int nfound = 0; - unsigned char *decoded = NULL; - size_t n_decoded = 0; - char *type; - - assert (data != NULL); - - while (n_data > 0) { - - /* This returns the first character after the PEM BEGIN header */ - beg = pem_find_begin (data, n_data, &type); - if (beg == NULL) - break; - - assert (type != NULL); - - /* This returns the character position before the PEM END header */ - end = pem_find_end (beg, n_data - (beg - data), type); - if (end == NULL) { - free (type); - break; - } - - if (beg != end) { - decoded = pem_parse_block (beg, end - beg, &n_decoded); - if (decoded) { - if (sink != NULL) - (sink) (type, decoded, n_decoded, user_data); - ++nfound; - free (decoded); - } - } - - free (type); - - /* Try for another block */ - end += ARMOR_SUFF_L; - n_data -= (const char *)end - (const char *)data; - data = end; - } - - return nfound; -} - -bool -p11_pem_write (const unsigned char *contents, - size_t length, - const char *type, - p11_buffer *buf) -{ - size_t estimate; - size_t prefix; - char *target; - int len; - - return_val_if_fail (contents || !length, false); - return_val_if_fail (type, false); - return_val_if_fail (buf, false); - - /* Estimate from base64 data. Algorithm from Glib reference */ - estimate = length * 4 / 3 + 7; - estimate += estimate / 64 + 1; - - p11_buffer_add (buf, ARMOR_PREF_BEGIN, ARMOR_PREF_BEGIN_L); - p11_buffer_add (buf, type, -1); - p11_buffer_add (buf, ARMOR_SUFF, ARMOR_SUFF_L); - - prefix = buf->len; - target = p11_buffer_append (buf, estimate); - return_val_if_fail (target != NULL, NULL); - - /* - * OpenSSL is absolutely certain that it wants its PEM base64 - * lines to be 64 characters in len. - */ - - len = p11_b64_ntop (contents, length, target, estimate, 64); - - assert (len > 0); - assert (len <= estimate); - buf->len = prefix + len; - - p11_buffer_add (buf, "\n", 1); - p11_buffer_add (buf, ARMOR_PREF_END, ARMOR_PREF_END_L); - p11_buffer_add (buf, type, -1); - p11_buffer_add (buf, ARMOR_SUFF, ARMOR_SUFF_L); - p11_buffer_add (buf, "\n", 1); - - return p11_buffer_ok (buf); -} diff --git a/common/pkix.asn b/common/pkix.asn deleted file mode 100644 index 38bb028..0000000 --- a/common/pkix.asn +++ /dev/null @@ -1,566 +0,0 @@ - -PKIX1 { } - -DEFINITIONS IMPLICIT TAGS ::= - -BEGIN - --- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules. - -id-pkix OBJECT IDENTIFIER ::= - { iso(1) identified-organization(3) dod(6) internet(1) - security(5) mechanisms(5) pkix(7) } - --- ISO arc for standard certificate and CRL extensions - --- authority key identifier OID and syntax - -AuthorityKeyIdentifier ::= SEQUENCE { - keyIdentifier [0] KeyIdentifier OPTIONAL, - authorityCertIssuer [1] GeneralNames OPTIONAL, - authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } - -- authorityCertIssuer and authorityCertSerialNumber shall both - -- be present or both be absgent - -KeyIdentifier ::= OCTET STRING - --- subject key identifier OID and syntax - -SubjectKeyIdentifier ::= KeyIdentifier - --- key usage extension OID and syntax - -KeyUsage ::= BIT STRING - --- Directory string type -- - -DirectoryString ::= CHOICE { - teletexString TeletexString (SIZE (1..MAX)), - printableString PrintableString (SIZE (1..MAX)), - universalString UniversalString (SIZE (1..MAX)), - utf8String UTF8String (SIZE (1..MAX)), - bmpString BMPString (SIZE(1..MAX)), - -- IA5String is added here to handle old UID encoded as ia5String -- - -- See tests/userid/ for more information. It shouldn't be here, -- - -- so if it causes problems, considering dropping it. -- - ia5String IA5String (SIZE(1..MAX)) } - -SubjectAltName ::= GeneralNames - -GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - -GeneralName ::= CHOICE { - otherName [0] AnotherName, - rfc822Name [1] IA5String, - dNSName [2] IA5String, - x400Address [3] ANY, --- Changed to work with the libtasn1 parser. - directoryName [4] EXPLICIT RDNSequence, --Name, - ediPartyName [5] ANY, --EDIPartyName replaced by ANY to save memory - uniformResourceIdentifier [6] IA5String, - iPAddress [7] OCTET STRING, - registeredID [8] OBJECT IDENTIFIER } - --- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as --- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax - -AnotherName ::= SEQUENCE { - type-id OBJECT IDENTIFIER, - value [0] EXPLICIT ANY DEFINED BY type-id } - --- issuer alternative name extension OID and syntax - -IssuerAltName ::= GeneralNames - --- basic constraints extension OID and syntax - -BasicConstraints ::= SEQUENCE { - cA BOOLEAN DEFAULT FALSE, - pathLenConstraint INTEGER (0..MAX) OPTIONAL } - --- CRL distribution points extension OID and syntax - -CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint - -DistributionPoint ::= SEQUENCE { - distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL, - reasons [1] ReasonFlags OPTIONAL, - cRLIssuer [2] GeneralNames OPTIONAL -} - -DistributionPointName ::= CHOICE { - fullName [0] GeneralNames, - nameRelativeToCRLIssuer [1] RelativeDistinguishedName -} - -ReasonFlags ::= BIT STRING - --- extended key usage extension OID and syntax - -ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId - -KeyPurposeId ::= OBJECT IDENTIFIER - --- CRL number extension OID and syntax - -CRLNumber ::= INTEGER (0..MAX) - --- certificate issuer CRL entry extension OID and syntax - -CertificateIssuer ::= GeneralNames - --- -------------------------------------- --- EXPLICIT --- -------------------------------------- - --- UNIVERSAL Types defined in '93 and '98 ASN.1 --- but required by this specification - -NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING - -IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING - -TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING - -PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING - -UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING - -- UniversalString is defined in ASN.1:1993 - -BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING - -- BMPString is the subtype of UniversalString and models - -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1 - -UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING - -- The content of this type conforms to RFC 2279. - - --- attribute data types -- - -Attribute ::= SEQUENCE { - type AttributeType, - values SET OF AttributeValue - -- at least one value is required -- -} - -AttributeType ::= OBJECT IDENTIFIER - -AttributeValue ::= ANY DEFINED BY type - -AttributeTypeAndValue ::= SEQUENCE { - type AttributeType, - value AttributeValue } - --- suggested naming attributes: Definition of the following --- information object set may be augmented to meet local --- requirements. Note that deleting members of the set may --- prevent interoperability with conforming implementations. --- presented in pairs: the AttributeType followed by the --- type definition for the corresponding AttributeValue - --- Arc for standard naming attributes -id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} - --- Attributes of type NameDirectoryString - --- gnutls: Note that the Object ID (id-at*) is being set just before the --- actual definition. This is done in order for asn1_find_structure_from_oid --- to work (locate structure from OID). --- Maybe this is inefficient and memory consuming. Should we replace with --- a table that maps OIDs to structures? - -PostalAddress ::= SEQUENCE OF DirectoryString - - -- Legacy attributes - -emailAddress AttributeType ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 1 } - -Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length)) - --- naming data types -- - -Name ::= CHOICE { -- only one possibility for now -- - rdnSequence RDNSequence } - -RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - -DistinguishedName ::= RDNSequence - -RelativeDistinguishedName ::= - SET SIZE (1 .. MAX) OF AttributeTypeAndValue - - - --- -------------------------------------------------------- --- certificate and CRL specific structures begin here --- -------------------------------------------------------- - -Certificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING } - -TBSCertificate ::= SEQUENCE { - version [0] EXPLICIT Version DEFAULT v1, - serialNumber CertificateSerialNumber, - signature AlgorithmIdentifier, - issuer Name, - validity Validity, - subject Name, - subjectPublicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - extensions [3] EXPLICIT Extensions OPTIONAL - -- If present, version shall be v3 -- -} - -Version ::= INTEGER { v1(0), v2(1), v3(2) } - -CertificateSerialNumber ::= INTEGER - -Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - -Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - -UniqueIdentifier ::= BIT STRING - -SubjectPublicKeyInfo ::= SEQUENCE { - algorithm AlgorithmIdentifier, - subjectPublicKey BIT STRING } - -Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - -Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING } - - --- ------------------------------------------ --- CRL structures --- ------------------------------------------ - -CertificateList ::= SEQUENCE { - tbsCertList TBSCertList, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING } - -TBSCertList ::= SEQUENCE { - version Version OPTIONAL, - -- if present, shall be v2 - signature AlgorithmIdentifier, - issuer Name, - thisUpdate Time, - nextUpdate Time OPTIONAL, - revokedCertificates SEQUENCE OF SEQUENCE { - userCertificate CertificateSerialNumber, - revocationDate Time, - crlEntryExtensions Extensions OPTIONAL - -- if present, shall be v2 - } OPTIONAL, - crlExtensions [0] EXPLICIT Extensions OPTIONAL - -- if present, shall be v2 -- -} - --- Version, Time, CertificateSerialNumber, and Extensions were --- defined earlier for use in the certificate structure - -AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL } - -- contains a value of the type - -- registered for use with the - -- algorithm object identifier value - --- Algorithm OIDs and parameter structures - -Dss-Sig-Value ::= SEQUENCE { - r INTEGER, - s INTEGER -} - -DomainParameters ::= SEQUENCE { - p INTEGER, -- odd prime, p=jq +1 - g INTEGER, -- generator, g - q INTEGER, -- factor of p-1 - j INTEGER OPTIONAL, -- subgroup factor, j>= 2 - validationParms ValidationParms OPTIONAL } - -ValidationParms ::= SEQUENCE { - seed BIT STRING, - pgenCounter INTEGER } - -Dss-Parms ::= SEQUENCE { - p INTEGER, - q INTEGER, - g INTEGER } - --- x400 address syntax starts here --- OR Names - -CountryName ::= [APPLICATION 1] CHOICE { - x121-dcc-code NumericString - (SIZE (ub-country-name-numeric-length)), - iso-3166-alpha2-code PrintableString - (SIZE (ub-country-name-alpha-length)) } - -OrganizationName ::= PrintableString - (SIZE (1..ub-organization-name-length)) --- see also teletex-organization-name - -NumericUserIdentifier ::= NumericString - (SIZE (1..ub-numeric-user-id-length)) - --- see also teletex-personal-name - -OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) - OF OrganizationalUnitName --- see also teletex-organizational-unit-names - -OrganizationalUnitName ::= PrintableString (SIZE - (1..ub-organizational-unit-name-length)) - --- Extension types and attribute values --- - -CommonName ::= PrintableString - --- END of PKIX1Implicit88 - - --- BEGIN of RFC2630 - --- Cryptographic Message Syntax - -pkcs-7-ContentInfo ::= SEQUENCE { - contentType pkcs-7-ContentType, - content [0] EXPLICIT ANY DEFINED BY contentType } - -pkcs-7-DigestInfo ::= SEQUENCE { - digestAlgorithm pkcs-7-DigestAlgorithmIdentifier, - digest pkcs-7-Digest -} - -pkcs-7-Digest ::= OCTET STRING - -pkcs-7-ContentType ::= OBJECT IDENTIFIER - -pkcs-7-SignedData ::= SEQUENCE { - version pkcs-7-CMSVersion, - digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers, - encapContentInfo pkcs-7-EncapsulatedContentInfo, - certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL, - crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL, - signerInfos pkcs-7-SignerInfos -} - -pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) } - -pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier - -pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier - -pkcs-7-EncapsulatedContentInfo ::= SEQUENCE { - eContentType pkcs-7-ContentType, - eContent [0] EXPLICIT OCTET STRING OPTIONAL } - --- We don't use CertificateList here since we only want --- to read the raw data. -pkcs-7-CertificateRevocationLists ::= SET OF ANY - -pkcs-7-CertificateChoices ::= CHOICE { --- Although the paper uses Certificate type, we --- don't use it since, we don't need to parse it. --- We only need to read and store it. - certificate ANY -} - -pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices - -pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it - -- anyway - - --- BEGIN of RFC2986 - --- Certificate requests -pkcs-10-CertificationRequestInfo ::= SEQUENCE { - version INTEGER { v1(0) }, - subject Name, - subjectPKInfo SubjectPublicKeyInfo, - attributes [0] Attributes -} - -Attributes ::= SET OF Attribute - -pkcs-10-CertificationRequest ::= SEQUENCE { - certificationRequestInfo pkcs-10-CertificationRequestInfo, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING -} - --- stuff from PKCS#9 - -pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 7} - -pkcs-9-challengePassword ::= CHOICE { - printableString PrintableString, - utf8String UTF8String } - -pkcs-9-localKeyId ::= OCTET STRING - --- PKCS #8 stuff - --- Private-key information syntax - -pkcs-8-PrivateKeyInfo ::= SEQUENCE { - version pkcs-8-Version, - privateKeyAlgorithm AlgorithmIdentifier, - privateKey pkcs-8-PrivateKey, - attributes [0] Attributes OPTIONAL } - -pkcs-8-Version ::= INTEGER {v1(0)} - -pkcs-8-PrivateKey ::= OCTET STRING - -pkcs-8-Attributes ::= SET OF Attribute - --- Encrypted private-key information syntax - -pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE { - encryptionAlgorithm AlgorithmIdentifier, - encryptedData pkcs-8-EncryptedData -} - -pkcs-8-EncryptedData ::= OCTET STRING - --- PKCS #5 stuff - -pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8)) -pkcs-5-aes128-CBC-params ::= OCTET STRING (SIZE(16)) -pkcs-5-aes192-CBC-params ::= OCTET STRING (SIZE(16)) -pkcs-5-aes256-CBC-params ::= OCTET STRING (SIZE(16)) - -pkcs-5-PBES2-params ::= SEQUENCE { - keyDerivationFunc AlgorithmIdentifier, - encryptionScheme AlgorithmIdentifier } - --- PBKDF2 - --- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::= --- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL} - -pkcs-5-PBKDF2-params ::= SEQUENCE { - salt CHOICE { - specified OCTET STRING, - otherSource AlgorithmIdentifier - }, - iterationCount INTEGER (1..MAX), - keyLength INTEGER (1..MAX) OPTIONAL, - prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1 -} - --- PKCS #12 stuff - -pkcs-12-PFX ::= SEQUENCE { - version INTEGER {v3(3)}, - authSafe pkcs-7-ContentInfo, - macData pkcs-12-MacData OPTIONAL -} - -pkcs-12-PbeParams ::= SEQUENCE { - salt OCTET STRING, - iterations INTEGER -} - -pkcs-12-MacData ::= SEQUENCE { - mac pkcs-7-DigestInfo, - macSalt OCTET STRING, - iterations INTEGER DEFAULT 1 --- Note: The default is for historical reasons and its use is --- deprecated. A higher value, like 1024 is recommended. -} - -pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo - -- Data if unencrypted - -- EncryptedData if password-encrypted - -- EnvelopedData if public key-encrypted - -pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag - -pkcs-12-SafeBag ::= SEQUENCE { - bagId OBJECT IDENTIFIER, - bagValue [0] EXPLICIT ANY DEFINED BY badId, - bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL -} - --- Bag types - -pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo - --- Shrouded KeyBag - -pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo - --- CertBag - -pkcs-12-CertBag ::= SEQUENCE { - certId OBJECT IDENTIFIER, - certValue [0] EXPLICIT ANY DEFINED BY certId -} - --- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}} --- DER-encoded X.509 certificate stored in OCTET STRING - -pkcs-12-CRLBag ::= SEQUENCE { - crlId OBJECT IDENTIFIER, - crlValue [0] EXPLICIT ANY DEFINED BY crlId -} - -pkcs-12-SecretBag ::= SEQUENCE { - secretTypeId OBJECT IDENTIFIER, - secretValue [0] EXPLICIT ANY DEFINED BY secretTypeId -} - --- x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}} --- DER-encoded X.509 CRL stored in OCTET STRING - -pkcs-12-PKCS12Attribute ::= Attribute - --- PKCS #7 stuff (needed in PKCS 12) - -pkcs-7-Data ::= OCTET STRING - -pkcs-7-EncryptedData ::= SEQUENCE { - version pkcs-7-CMSVersion, - encryptedContentInfo pkcs-7-EncryptedContentInfo, - unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL } - -pkcs-7-EncryptedContentInfo ::= SEQUENCE { - contentType pkcs-7-ContentType, - contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier, - encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL } - -pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier - -pkcs-7-EncryptedContent ::= OCTET STRING - -pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute - --- rfc3820 - -ProxyCertInfo ::= SEQUENCE { - pCPathLenConstraint INTEGER (0..MAX) OPTIONAL, - proxyPolicy ProxyPolicy } - -ProxyPolicy ::= SEQUENCE { - policyLanguage OBJECT IDENTIFIER, - policy OCTET STRING OPTIONAL } - -END diff --git a/common/pkix.asn.h b/common/pkix.asn.h deleted file mode 100644 index d5d5cc4..0000000 --- a/common/pkix.asn.h +++ /dev/null @@ -1,408 +0,0 @@ -#if HAVE_CONFIG_H -# include "config.h" -#endif - -#include <libtasn1.h> - -const ASN1_ARRAY_TYPE pkix_asn1_tab[] = { - { "PKIX1", 536875024, NULL }, - { NULL, 1073741836, NULL }, - { "id-pkix", 1879048204, NULL }, - { "iso", 1073741825, "1"}, - { "identified-organization", 1073741825, "3"}, - { "dod", 1073741825, "6"}, - { "internet", 1073741825, "1"}, - { "security", 1073741825, "5"}, - { "mechanisms", 1073741825, "5"}, - { "pkix", 1, "7"}, - { "AuthorityKeyIdentifier", 1610612741, NULL }, - { "keyIdentifier", 1610637314, "KeyIdentifier"}, - { NULL, 4104, "0"}, - { "authorityCertIssuer", 1610637314, "GeneralNames"}, - { NULL, 4104, "1"}, - { "authorityCertSerialNumber", 536895490, "CertificateSerialNumber"}, - { NULL, 4104, "2"}, - { "KeyIdentifier", 1073741831, NULL }, - { "SubjectKeyIdentifier", 1073741826, "KeyIdentifier"}, - { "KeyUsage", 1073741830, NULL }, - { "DirectoryString", 1610612754, NULL }, - { "teletexString", 1612709890, "TeletexString"}, - { "MAX", 524298, "1"}, - { "printableString", 1612709890, "PrintableString"}, - { "MAX", 524298, "1"}, - { "universalString", 1612709890, "UniversalString"}, - { "MAX", 524298, "1"}, - { "utf8String", 1612709890, "UTF8String"}, - { "MAX", 524298, "1"}, - { "bmpString", 1612709890, "BMPString"}, - { "MAX", 524298, "1"}, - { "ia5String", 538968066, "IA5String"}, - { "MAX", 524298, "1"}, - { "SubjectAltName", 1073741826, "GeneralNames"}, - { "GeneralNames", 1612709899, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "GeneralName"}, - { "GeneralName", 1610612754, NULL }, - { "otherName", 1610620930, "AnotherName"}, - { NULL, 4104, "0"}, - { "rfc822Name", 1610620930, "IA5String"}, - { NULL, 4104, "1"}, - { "dNSName", 1610620930, "IA5String"}, - { NULL, 4104, "2"}, - { "x400Address", 1610620941, NULL }, - { NULL, 4104, "3"}, - { "directoryName", 1610620930, "RDNSequence"}, - { NULL, 2056, "4"}, - { "ediPartyName", 1610620941, NULL }, - { NULL, 4104, "5"}, - { "uniformResourceIdentifier", 1610620930, "IA5String"}, - { NULL, 4104, "6"}, - { "iPAddress", 1610620935, NULL }, - { NULL, 4104, "7"}, - { "registeredID", 536879116, NULL }, - { NULL, 4104, "8"}, - { "AnotherName", 1610612741, NULL }, - { "type-id", 1073741836, NULL }, - { "value", 541073421, NULL }, - { NULL, 1073743880, "0"}, - { "type-id", 1, NULL }, - { "IssuerAltName", 1073741826, "GeneralNames"}, - { "BasicConstraints", 1610612741, NULL }, - { "cA", 1610645508, NULL }, - { NULL, 131081, NULL }, - { "pathLenConstraint", 537411587, NULL }, - { "0", 10, "MAX"}, - { "CRLDistributionPoints", 1612709899, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "DistributionPoint"}, - { "DistributionPoint", 1610612741, NULL }, - { "distributionPoint", 1610637314, "DistributionPointName"}, - { NULL, 2056, "0"}, - { "reasons", 1610637314, "ReasonFlags"}, - { NULL, 4104, "1"}, - { "cRLIssuer", 536895490, "GeneralNames"}, - { NULL, 4104, "2"}, - { "DistributionPointName", 1610612754, NULL }, - { "fullName", 1610620930, "GeneralNames"}, - { NULL, 4104, "0"}, - { "nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"}, - { NULL, 4104, "1"}, - { "ReasonFlags", 1073741830, NULL }, - { "ExtKeyUsageSyntax", 1612709899, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "KeyPurposeId"}, - { "KeyPurposeId", 1073741836, NULL }, - { "CRLNumber", 1611137027, NULL }, - { "0", 10, "MAX"}, - { "CertificateIssuer", 1073741826, "GeneralNames"}, - { "NumericString", 1610620935, NULL }, - { NULL, 4360, "18"}, - { "IA5String", 1610620935, NULL }, - { NULL, 4360, "22"}, - { "TeletexString", 1610620935, NULL }, - { NULL, 4360, "20"}, - { "PrintableString", 1610620935, NULL }, - { NULL, 4360, "19"}, - { "UniversalString", 1610620935, NULL }, - { NULL, 4360, "28"}, - { "BMPString", 1610620935, NULL }, - { NULL, 4360, "30"}, - { "UTF8String", 1610620935, NULL }, - { NULL, 4360, "12"}, - { "Attribute", 1610612741, NULL }, - { "type", 1073741826, "AttributeType"}, - { "values", 536870927, NULL }, - { NULL, 2, "AttributeValue"}, - { "AttributeType", 1073741836, NULL }, - { "AttributeValue", 1614807053, NULL }, - { "type", 1, NULL }, - { "AttributeTypeAndValue", 1610612741, NULL }, - { "type", 1073741826, "AttributeType"}, - { "value", 2, "AttributeValue"}, - { "id-at", 1879048204, NULL }, - { "joint-iso-ccitt", 1073741825, "2"}, - { "ds", 1073741825, "5"}, - { NULL, 1, "4"}, - { "PostalAddress", 1610612747, NULL }, - { NULL, 2, "DirectoryString"}, - { "emailAddress", 1880096780, "AttributeType"}, - { "iso", 1073741825, "1"}, - { "member-body", 1073741825, "2"}, - { "us", 1073741825, "840"}, - { "rsadsi", 1073741825, "113549"}, - { "pkcs", 1073741825, "1"}, - { NULL, 1073741825, "9"}, - { NULL, 1, "1"}, - { "Pkcs9email", 1612709890, "IA5String"}, - { "ub-emailaddress-length", 524298, "1"}, - { "Name", 1610612754, NULL }, - { "rdnSequence", 2, "RDNSequence"}, - { "RDNSequence", 1610612747, NULL }, - { NULL, 2, "RelativeDistinguishedName"}, - { "DistinguishedName", 1073741826, "RDNSequence"}, - { "RelativeDistinguishedName", 1612709903, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "AttributeTypeAndValue"}, - { "Certificate", 1610612741, NULL }, - { "tbsCertificate", 1073741826, "TBSCertificate"}, - { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - { "signature", 6, NULL }, - { "TBSCertificate", 1610612741, NULL }, - { "version", 1610653698, "Version"}, - { NULL, 1073741833, "v1"}, - { NULL, 2056, "0"}, - { "serialNumber", 1073741826, "CertificateSerialNumber"}, - { "signature", 1073741826, "AlgorithmIdentifier"}, - { "issuer", 1073741826, "Name"}, - { "validity", 1073741826, "Validity"}, - { "subject", 1073741826, "Name"}, - { "subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"}, - { "issuerUniqueID", 1610637314, "UniqueIdentifier"}, - { NULL, 4104, "1"}, - { "subjectUniqueID", 1610637314, "UniqueIdentifier"}, - { NULL, 4104, "2"}, - { "extensions", 536895490, "Extensions"}, - { NULL, 2056, "3"}, - { "Version", 1610874883, NULL }, - { "v1", 1073741825, "0"}, - { "v2", 1073741825, "1"}, - { "v3", 1, "2"}, - { "CertificateSerialNumber", 1073741827, NULL }, - { "Validity", 1610612741, NULL }, - { "notBefore", 1073741826, "Time"}, - { "notAfter", 2, "Time"}, - { "Time", 1610612754, NULL }, - { "utcTime", 1090519057, NULL }, - { "generalTime", 8388625, NULL }, - { "UniqueIdentifier", 1073741830, NULL }, - { "SubjectPublicKeyInfo", 1610612741, NULL }, - { "algorithm", 1073741826, "AlgorithmIdentifier"}, - { "subjectPublicKey", 6, NULL }, - { "Extensions", 1612709899, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "Extension"}, - { "Extension", 1610612741, NULL }, - { "extnID", 1073741836, NULL }, - { "critical", 1610645508, NULL }, - { NULL, 131081, NULL }, - { "extnValue", 7, NULL }, - { "CertificateList", 1610612741, NULL }, - { "tbsCertList", 1073741826, "TBSCertList"}, - { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - { "signature", 6, NULL }, - { "TBSCertList", 1610612741, NULL }, - { "version", 1073758210, "Version"}, - { "signature", 1073741826, "AlgorithmIdentifier"}, - { "issuer", 1073741826, "Name"}, - { "thisUpdate", 1073741826, "Time"}, - { "nextUpdate", 1073758210, "Time"}, - { "revokedCertificates", 1610629131, NULL }, - { NULL, 536870917, NULL }, - { "userCertificate", 1073741826, "CertificateSerialNumber"}, - { "revocationDate", 1073741826, "Time"}, - { "crlEntryExtensions", 16386, "Extensions"}, - { "crlExtensions", 536895490, "Extensions"}, - { NULL, 2056, "0"}, - { "AlgorithmIdentifier", 1610612741, NULL }, - { "algorithm", 1073741836, NULL }, - { "parameters", 541081613, NULL }, - { "algorithm", 1, NULL }, - { "Dss-Sig-Value", 1610612741, NULL }, - { "r", 1073741827, NULL }, - { "s", 3, NULL }, - { "DomainParameters", 1610612741, NULL }, - { "p", 1073741827, NULL }, - { "g", 1073741827, NULL }, - { "q", 1073741827, NULL }, - { "j", 1073758211, NULL }, - { "validationParms", 16386, "ValidationParms"}, - { "ValidationParms", 1610612741, NULL }, - { "seed", 1073741830, NULL }, - { "pgenCounter", 3, NULL }, - { "Dss-Parms", 1610612741, NULL }, - { "p", 1073741827, NULL }, - { "q", 1073741827, NULL }, - { "g", 3, NULL }, - { "CountryName", 1610620946, NULL }, - { NULL, 1073746952, "1"}, - { "x121-dcc-code", 1612709890, "NumericString"}, - { NULL, 1048586, "ub-country-name-numeric-length"}, - { "iso-3166-alpha2-code", 538968066, "PrintableString"}, - { NULL, 1048586, "ub-country-name-alpha-length"}, - { "OrganizationName", 1612709890, "PrintableString"}, - { "ub-organization-name-length", 524298, "1"}, - { "NumericUserIdentifier", 1612709890, "NumericString"}, - { "ub-numeric-user-id-length", 524298, "1"}, - { "OrganizationalUnitNames", 1612709899, NULL }, - { "ub-organizational-units", 1074266122, "1"}, - { NULL, 2, "OrganizationalUnitName"}, - { "OrganizationalUnitName", 1612709890, "PrintableString"}, - { "ub-organizational-unit-name-length", 524298, "1"}, - { "CommonName", 1073741826, "PrintableString"}, - { "pkcs-7-ContentInfo", 1610612741, NULL }, - { "contentType", 1073741826, "pkcs-7-ContentType"}, - { "content", 541073421, NULL }, - { NULL, 1073743880, "0"}, - { "contentType", 1, NULL }, - { "pkcs-7-DigestInfo", 1610612741, NULL }, - { "digestAlgorithm", 1073741826, "pkcs-7-DigestAlgorithmIdentifier"}, - { "digest", 2, "pkcs-7-Digest"}, - { "pkcs-7-Digest", 1073741831, NULL }, - { "pkcs-7-ContentType", 1073741836, NULL }, - { "pkcs-7-SignedData", 1610612741, NULL }, - { "version", 1073741826, "pkcs-7-CMSVersion"}, - { "digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"}, - { "encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"}, - { "certificates", 1610637314, "pkcs-7-CertificateSet"}, - { NULL, 4104, "0"}, - { "crls", 1610637314, "pkcs-7-CertificateRevocationLists"}, - { NULL, 4104, "1"}, - { "signerInfos", 2, "pkcs-7-SignerInfos"}, - { "pkcs-7-CMSVersion", 1610874883, NULL }, - { "v0", 1073741825, "0"}, - { "v1", 1073741825, "1"}, - { "v2", 1073741825, "2"}, - { "v3", 1073741825, "3"}, - { "v4", 1, "4"}, - { "pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL }, - { NULL, 2, "pkcs-7-DigestAlgorithmIdentifier"}, - { "pkcs-7-DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, - { "pkcs-7-EncapsulatedContentInfo", 1610612741, NULL }, - { "eContentType", 1073741826, "pkcs-7-ContentType"}, - { "eContent", 536895495, NULL }, - { NULL, 2056, "0"}, - { "pkcs-7-CertificateRevocationLists", 1610612751, NULL }, - { NULL, 13, NULL }, - { "pkcs-7-CertificateChoices", 1610612754, NULL }, - { "certificate", 13, NULL }, - { "pkcs-7-CertificateSet", 1610612751, NULL }, - { NULL, 2, "pkcs-7-CertificateChoices"}, - { "pkcs-7-SignerInfos", 1610612751, NULL }, - { NULL, 13, NULL }, - { "pkcs-10-CertificationRequestInfo", 1610612741, NULL }, - { "version", 1610874883, NULL }, - { "v1", 1, "0"}, - { "subject", 1073741826, "Name"}, - { "subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"}, - { "attributes", 536879106, "Attributes"}, - { NULL, 4104, "0"}, - { "Attributes", 1610612751, NULL }, - { NULL, 2, "Attribute"}, - { "pkcs-10-CertificationRequest", 1610612741, NULL }, - { "certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"}, - { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - { "signature", 6, NULL }, - { "pkcs-9-at-challengePassword", 1879048204, NULL }, - { "iso", 1073741825, "1"}, - { "member-body", 1073741825, "2"}, - { "us", 1073741825, "840"}, - { "rsadsi", 1073741825, "113549"}, - { "pkcs", 1073741825, "1"}, - { NULL, 1073741825, "9"}, - { NULL, 1, "7"}, - { "pkcs-9-challengePassword", 1610612754, NULL }, - { "printableString", 1073741826, "PrintableString"}, - { "utf8String", 2, "UTF8String"}, - { "pkcs-9-localKeyId", 1073741831, NULL }, - { "pkcs-8-PrivateKeyInfo", 1610612741, NULL }, - { "version", 1073741826, "pkcs-8-Version"}, - { "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"}, - { "privateKey", 1073741826, "pkcs-8-PrivateKey"}, - { "attributes", 536895490, "Attributes"}, - { NULL, 4104, "0"}, - { "pkcs-8-Version", 1610874883, NULL }, - { "v1", 1, "0"}, - { "pkcs-8-PrivateKey", 1073741831, NULL }, - { "pkcs-8-Attributes", 1610612751, NULL }, - { NULL, 2, "Attribute"}, - { "pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL }, - { "encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"}, - { "encryptedData", 2, "pkcs-8-EncryptedData"}, - { "pkcs-8-EncryptedData", 1073741831, NULL }, - { "pkcs-5-des-EDE3-CBC-params", 1612709895, NULL }, - { NULL, 1048586, "8"}, - { "pkcs-5-aes128-CBC-params", 1612709895, NULL }, - { NULL, 1048586, "16"}, - { "pkcs-5-aes192-CBC-params", 1612709895, NULL }, - { NULL, 1048586, "16"}, - { "pkcs-5-aes256-CBC-params", 1612709895, NULL }, - { NULL, 1048586, "16"}, - { "pkcs-5-PBES2-params", 1610612741, NULL }, - { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"}, - { "encryptionScheme", 2, "AlgorithmIdentifier"}, - { "pkcs-5-PBKDF2-params", 1610612741, NULL }, - { "salt", 1610612754, NULL }, - { "specified", 1073741831, NULL }, - { "otherSource", 2, "AlgorithmIdentifier"}, - { "iterationCount", 1611137027, NULL }, - { "1", 10, "MAX"}, - { "keyLength", 1611153411, NULL }, - { "1", 10, "MAX"}, - { "prf", 16386, "AlgorithmIdentifier"}, - { "pkcs-12-PFX", 1610612741, NULL }, - { "version", 1610874883, NULL }, - { "v3", 1, "3"}, - { "authSafe", 1073741826, "pkcs-7-ContentInfo"}, - { "macData", 16386, "pkcs-12-MacData"}, - { "pkcs-12-PbeParams", 1610612741, NULL }, - { "salt", 1073741831, NULL }, - { "iterations", 3, NULL }, - { "pkcs-12-MacData", 1610612741, NULL }, - { "mac", 1073741826, "pkcs-7-DigestInfo"}, - { "macSalt", 1073741831, NULL }, - { "iterations", 536903683, NULL }, - { NULL, 9, "1"}, - { "pkcs-12-AuthenticatedSafe", 1610612747, NULL }, - { NULL, 2, "pkcs-7-ContentInfo"}, - { "pkcs-12-SafeContents", 1610612747, NULL }, - { NULL, 2, "pkcs-12-SafeBag"}, - { "pkcs-12-SafeBag", 1610612741, NULL }, - { "bagId", 1073741836, NULL }, - { "bagValue", 1614815245, NULL }, - { NULL, 1073743880, "0"}, - { "badId", 1, NULL }, - { "bagAttributes", 536887311, NULL }, - { NULL, 2, "pkcs-12-PKCS12Attribute"}, - { "pkcs-12-KeyBag", 1073741826, "pkcs-8-PrivateKeyInfo"}, - { "pkcs-12-PKCS8ShroudedKeyBag", 1073741826, "pkcs-8-EncryptedPrivateKeyInfo"}, - { "pkcs-12-CertBag", 1610612741, NULL }, - { "certId", 1073741836, NULL }, - { "certValue", 541073421, NULL }, - { NULL, 1073743880, "0"}, - { "certId", 1, NULL }, - { "pkcs-12-CRLBag", 1610612741, NULL }, - { "crlId", 1073741836, NULL }, - { "crlValue", 541073421, NULL }, - { NULL, 1073743880, "0"}, - { "crlId", 1, NULL }, - { "pkcs-12-SecretBag", 1610612741, NULL }, - { "secretTypeId", 1073741836, NULL }, - { "secretValue", 541073421, NULL }, - { NULL, 1073743880, "0"}, - { "secretTypeId", 1, NULL }, - { "pkcs-12-PKCS12Attribute", 1073741826, "Attribute"}, - { "pkcs-7-Data", 1073741831, NULL }, - { "pkcs-7-EncryptedData", 1610612741, NULL }, - { "version", 1073741826, "pkcs-7-CMSVersion"}, - { "encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"}, - { "unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"}, - { NULL, 4104, "1"}, - { "pkcs-7-EncryptedContentInfo", 1610612741, NULL }, - { "contentType", 1073741826, "pkcs-7-ContentType"}, - { "contentEncryptionAlgorithm", 1073741826, "pkcs-7-ContentEncryptionAlgorithmIdentifier"}, - { "encryptedContent", 536895490, "pkcs-7-EncryptedContent"}, - { NULL, 4104, "0"}, - { "pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, - { "pkcs-7-EncryptedContent", 1073741831, NULL }, - { "pkcs-7-UnprotectedAttributes", 1612709903, NULL }, - { "MAX", 1074266122, "1"}, - { NULL, 2, "Attribute"}, - { "ProxyCertInfo", 1610612741, NULL }, - { "pCPathLenConstraint", 1611153411, NULL }, - { "0", 10, "MAX"}, - { "proxyPolicy", 2, "ProxyPolicy"}, - { "ProxyPolicy", 536870917, NULL }, - { "policyLanguage", 1073741836, NULL }, - { "policy", 16391, NULL }, - { NULL, 0, NULL } -}; diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am index 942bc12..637399b 100644 --- a/common/tests/Makefile.am +++ b/common/tests/Makefile.am @@ -22,42 +22,12 @@ CHECK_PROGS = \ test-buffer \ test-url \ test-path \ + test-lexer \ $(NULL) noinst_PROGRAMS = \ $(CHECK_PROGS) -if WITH_ASN1 - -LDADD += \ - $(top_builddir)/common/libp11-data.la \ - $(LIBTASN1_LIBS) \ - $(NULL) - -AM_CPPFLAGS += \ - $(LIBTASN1_CFLAGS) \ - $(NULL) - -CHECK_PROGS += \ - test-asn1 \ - test-base64 \ - test-lexer \ - test-pem \ - test-oid \ - test-utf8 \ - test-x509 \ - $(NULL) - -noinst_PROGRAMS += \ - frob-cert \ - frob-ku \ - frob-eku \ - frob-cert \ - frob-oid \ - $(NULL) - -endif # WITH_ASN1 - TESTS = $(CHECK_PROGS) LDADD += \ diff --git a/common/tests/frob-cert.c b/common/tests/frob-cert.c deleted file mode 100644 index 71018bd..0000000 --- a/common/tests/frob-cert.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" -#include "compat.h" - -#include <libtasn1.h> - -#include <sys/stat.h> -#include <sys/types.h> - -#include <assert.h> -#include <fcntl.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -static ssize_t -tlv_length (const unsigned char *data, - size_t length) -{ - unsigned char cls; - int counter = 0; - int cb, len; - unsigned long tag; - - if (asn1_get_tag_der (data, length, &cls, &cb, &tag) == ASN1_SUCCESS) { - counter += cb; - len = asn1_get_length_der (data + cb, length - cb, &cb); - counter += cb; - if (len >= 0) { - len += counter; - if (length >= len) - return len; - } - } - - return -1; -} - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *cert = NULL; - p11_mmap *map; - void *data; - size_t size; - int start, end; - ssize_t len; - int ret; - - if (argc != 4) { - fprintf (stderr, "usage: frob-cert struct field filename\n"); - return 2; - } - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - ret = asn1_create_element (definitions, argv[1], &cert); - err_if_fail (ret, "Certificate"); - - map = p11_mmap_open (argv[3], &data, &size); - if (map == NULL) { - fprintf (stderr, "couldn't open file: %s\n", argv[3]); - return 1; - } - - ret = asn1_der_decoding (&cert, data, size, message); - err_if_fail (ret, message); - - ret = asn1_der_decoding_startEnd (cert, data, size, argv[2], &start, &end); - err_if_fail (ret, "asn1_der_decoding_startEnd"); - - len = tlv_length ((unsigned char *)data + start, size - start); - assert (len >= 0); - - fprintf (stderr, "%lu %d %d %ld\n", (unsigned long)size, start, end, (long)len); - fwrite ((unsigned char *)data + start, 1, len, stdout); - fflush (stdout); - - p11_mmap_close (map); - - asn1_delete_structure (&cert); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/common/tests/frob-eku.c b/common/tests/frob-eku.c deleted file mode 100644 index 42bf50b..0000000 --- a/common/tests/frob-eku.c +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" -#include "compat.h" - -#include <libtasn1.h> - -#include <assert.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *ekus = NULL; - char *buf; - int len; - int ret; - int i; - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - ret = asn1_create_element (definitions, "PKIX1.ExtKeyUsageSyntax", &ekus); - err_if_fail (ret, "ExtKeyUsageSyntax"); - - for (i = 1; i < argc; i++) { - ret = asn1_write_value (ekus, "", "NEW", 1); - err_if_fail (ret, "NEW"); - - ret = asn1_write_value (ekus, "?LAST", argv[i], strlen (argv[i])); - err_if_fail (ret, "asn1_write_value"); - } - - len = 0; - ret = asn1_der_coding (ekus, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (ekus, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - - asn1_delete_structure (&ekus); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/common/tests/frob-ku.c b/common/tests/frob-ku.c deleted file mode 100644 index 00d45c6..0000000 --- a/common/tests/frob-ku.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" -#include "compat.h" - -#include "oid.h" - -#include <libtasn1.h> - -#include <assert.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) - -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *ku = NULL; - unsigned int usage = 0; - char bits[2]; - char *buf; - int len; - int ret; - int i; - - for (i = 1; i < argc; i++) { - if (strcmp (argv[i], "digital-signature") == 0) - usage |= P11_KU_DIGITAL_SIGNATURE; - else if (strcmp (argv[i], "non-repudiation") == 0) - usage |= P11_KU_NON_REPUDIATION; - else if (strcmp (argv[i], "key-encipherment") == 0) - usage |= P11_KU_KEY_ENCIPHERMENT; - else if (strcmp (argv[i], "data-encipherment") == 0) - usage |= P11_KU_DATA_ENCIPHERMENT; - else if (strcmp (argv[i], "key-agreement") == 0) - usage |= P11_KU_KEY_AGREEMENT; - else if (strcmp (argv[i], "key-cert-sign") == 0) - usage |= P11_KU_KEY_CERT_SIGN; - else if (strcmp (argv[i], "crl-sign") == 0) - usage |= P11_KU_CRL_SIGN; - else { - fprintf (stderr, "unsupported or unknown key usage: %s\n", argv[i]); - return 2; - } - } - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - ret = asn1_create_element (definitions, "PKIX1.KeyUsage", &ku); - err_if_fail (ret, "KeyUsage"); - - bits[0] = usage & 0xff; - bits[1] = (usage >> 8) & 0xff; - - ret = asn1_write_value (ku, "", bits, 9); - err_if_fail (ret, "asn1_write_value"); - - len = 0; - ret = asn1_der_coding (ku, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (ku, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - - asn1_delete_structure (&ku); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/common/tests/frob-oid.c b/common/tests/frob-oid.c deleted file mode 100644 index b4c7658..0000000 --- a/common/tests/frob-oid.c +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" -#include "compat.h" - -#include <libtasn1.h> - -#include <assert.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "pkix.asn.h" - -#define err_if_fail(ret, msg) \ - do { if ((ret) != ASN1_SUCCESS) { \ - fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \ - exit (1); \ - } } while (0) -int -main (int argc, - char *argv[]) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - node_asn *definitions = NULL; - node_asn *oid = NULL; - char *buf; - int len; - int ret; - - if (argc != 2) { - fprintf (stderr, "usage: frob-oid 1.1.1\n"); - return 2; - } - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "definitions: %s\n", message); - return 1; - } - - /* AttributeType is a OBJECT IDENTIFIER */ - ret = asn1_create_element (definitions, "PKIX1.AttributeType", &oid); - err_if_fail (ret, "AttributeType"); - - ret = asn1_write_value (oid, "", argv[1], strlen (argv[1])); - err_if_fail (ret, "asn1_write_value"); - - len = 0; - ret = asn1_der_coding (oid, "", NULL, &len, message); - assert (ret == ASN1_MEM_ERROR); - - buf = malloc (len); - assert (buf != NULL); - ret = asn1_der_coding (oid, "", buf, &len, message); - if (ret != ASN1_SUCCESS) { - fprintf (stderr, "asn1_der_coding: %s\n", message); - return 1; - } - - fwrite (buf, 1, len, stdout); - fflush (stdout); - - asn1_delete_structure (&oid); - asn1_delete_structure (&definitions); - - return 0; -} diff --git a/common/tests/test-asn1.c b/common/tests/test-asn1.c deleted file mode 100644 index 710928c..0000000 --- a/common/tests/test-asn1.c +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" -#include "test.h" - -#include "asn1.h" -#include "debug.h" -#include "oid.h" -#include "x509.h" - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -struct { - p11_dict *asn1_defs; -} test; - -static void -setup (void *unused) -{ - test.asn1_defs = p11_asn1_defs_load (); - assert_ptr_not_null (test.asn1_defs); -} - -static void -teardown (void *unused) -{ - p11_dict_free (test.asn1_defs); - memset (&test, 0, sizeof (test)); -} - -static void -test_tlv_length (void) -{ - struct { - const char *der; - size_t der_len; - int expected; - } tlv_lengths[] = { - { "\x01\x01\x00", 3, 3 }, - { "\x01\x01\x00\x01\x02", 5, 3 }, - { "\x01\x05\x00", 3, -1 }, - { NULL } - }; - - int length; - int i; - - for (i = 0; tlv_lengths[i].der != NULL; i++) { - length = p11_asn1_tlv_length ((const unsigned char *)tlv_lengths[i].der, tlv_lengths[i].der_len); - assert_num_eq (tlv_lengths[i].expected, length); - } -} - -static const unsigned char test_eku_server_and_client[] = { - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, -}; - -static void -test_asn1_cache (void) -{ - p11_asn1_cache *cache; - p11_dict *defs; - node_asn *asn; - node_asn *check; - - cache = p11_asn1_cache_new (); - assert_ptr_not_null (cache); - - defs = p11_asn1_cache_defs (cache); - assert_ptr_not_null (defs); - - asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client), NULL); - assert_ptr_not_null (defs); - - /* Place the parsed data in the cache */ - p11_asn1_cache_take (cache, asn, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client)); - - /* Get it back out */ - check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client)); - assert_ptr_eq (asn, check); - - /* Flush should remove it */ - p11_asn1_cache_flush (cache); - check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", - test_eku_server_and_client, - sizeof (test_eku_server_and_client)); - assert_ptr_eq (NULL, check); - - p11_asn1_cache_free (cache); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_tlv_length, "/asn1/tlv_length"); - - p11_fixture (NULL, NULL); - p11_test (test_asn1_cache, "/asn1/asn1_cache"); - - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-base64.c b/common/tests/test-base64.c deleted file mode 100644 index ce303e8..0000000 --- a/common/tests/test-base64.c +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Copyright (c) 2013 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" -#include "test.h" - -#include "base64.h" -#include "debug.h" -#include "message.h" - -#include <assert.h> -#include <string.h> -#include <stdio.h> -#include <stdlib.h> - -static void -check_decode_msg (const char *file, - int line, - const char *function, - const char *input, - ssize_t input_len, - const unsigned char *expected, - ssize_t expected_len) -{ - unsigned char decoded[8192]; - int length; - - if (input_len < 0) - input_len = strlen (input); - if (expected_len < 0) - expected_len = strlen ((char *)expected); - length = p11_b64_pton (input, input_len, decoded, sizeof (decoded)); - - if (expected == NULL) { - if (length >= 0) - p11_test_fail (file, line, function, "decoding should have failed"); - - } else { - if (length < 0) - p11_test_fail (file, line, function, "decoding failed"); - if (expected_len != length) - p11_test_fail (file, line, function, "wrong length: (%lu != %lu)", - (unsigned long)expected_len, (unsigned long)length); - if (memcmp (decoded, expected, length) != 0) - p11_test_fail (file, line, function, "decoded wrong"); - } -} - -#define check_decode_success(input, input_len, expected, expected_len) \ - check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len) - -#define check_decode_failure(input, input_len) \ - check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0) - -static void -test_decode_simple (void) -{ - check_decode_success ("", 0, (unsigned char *)"", 0); - check_decode_success ("MQ==", 0, (unsigned char *)"1", 0); - check_decode_success ("YmxhaAo=", -1, (unsigned char *)"blah\n", -1); - check_decode_success ("bGVlbGEK", -1, (unsigned char *)"leela\n", -1); - check_decode_success ("bGVlbG9vCg==", -1, (unsigned char *)"leeloo\n", -1); -} - -static void -test_decode_thawte (void) -{ - const char *input = - "MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB" - "rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf" - "Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw" - "MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV" - "BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa" - "Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl" - "LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u" - "MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl" - "ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm" - "gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8" - "YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf" - "b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9" - "9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S" - "zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk" - "OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV" - "HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA" - "2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW" - "oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu" - "t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c" - "KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM" - "m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu" - "MdRAGmI0Nj81Aa6sY6A="; - - const unsigned char output[] = { - 0x30, 0x82, 0x04, 0x2a, 0x30, 0x82, 0x03, 0x12, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x60, - 0x01, 0x97, 0xb7, 0x46, 0xa7, 0xea, 0xb4, 0xb4, 0x9a, 0xd6, 0x4b, 0x2f, 0xf7, 0x90, 0xfb, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, - 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15, - 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, - 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31, - 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30, - 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20, - 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, - 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, - 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30, - 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x34, 0x30, 0x32, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, - 0x17, 0x0d, 0x33, 0x37, 0x31, 0x32, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, - 0x81, 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, - 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, - 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, - 0x1f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, - 0x30, 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, - 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, - 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, - 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xb2, 0xbf, 0x27, 0x2c, 0xfb, 0xdb, 0xd8, 0x5b, 0xdd, 0x78, 0x7b, 0x1b, 0x9e, 0x77, 0x66, - 0x81, 0xcb, 0x3e, 0xbc, 0x7c, 0xae, 0xf3, 0xa6, 0x27, 0x9a, 0x34, 0xa3, 0x68, 0x31, 0x71, 0x38, - 0x33, 0x62, 0xe4, 0xf3, 0x71, 0x66, 0x79, 0xb1, 0xa9, 0x65, 0xa3, 0xa5, 0x8b, 0xd5, 0x8f, 0x60, - 0x2d, 0x3f, 0x42, 0xcc, 0xaa, 0x6b, 0x32, 0xc0, 0x23, 0xcb, 0x2c, 0x41, 0xdd, 0xe4, 0xdf, 0xfc, - 0x61, 0x9c, 0xe2, 0x73, 0xb2, 0x22, 0x95, 0x11, 0x43, 0x18, 0x5f, 0xc4, 0xb6, 0x1f, 0x57, 0x6c, - 0x0a, 0x05, 0x58, 0x22, 0xc8, 0x36, 0x4c, 0x3a, 0x7c, 0xa5, 0xd1, 0xcf, 0x86, 0xaf, 0x88, 0xa7, - 0x44, 0x02, 0x13, 0x74, 0x71, 0x73, 0x0a, 0x42, 0x59, 0x02, 0xf8, 0x1b, 0x14, 0x6b, 0x42, 0xdf, - 0x6f, 0x5f, 0xba, 0x6b, 0x82, 0xa2, 0x9d, 0x5b, 0xe7, 0x4a, 0xbd, 0x1e, 0x01, 0x72, 0xdb, 0x4b, - 0x74, 0xe8, 0x3b, 0x7f, 0x7f, 0x7d, 0x1f, 0x04, 0xb4, 0x26, 0x9b, 0xe0, 0xb4, 0x5a, 0xac, 0x47, - 0x3d, 0x55, 0xb8, 0xd7, 0xb0, 0x26, 0x52, 0x28, 0x01, 0x31, 0x40, 0x66, 0xd8, 0xd9, 0x24, 0xbd, - 0xf6, 0x2a, 0xd8, 0xec, 0x21, 0x49, 0x5c, 0x9b, 0xf6, 0x7a, 0xe9, 0x7f, 0x55, 0x35, 0x7e, 0x96, - 0x6b, 0x8d, 0x93, 0x93, 0x27, 0xcb, 0x92, 0xbb, 0xea, 0xac, 0x40, 0xc0, 0x9f, 0xc2, 0xf8, 0x80, - 0xcf, 0x5d, 0xf4, 0x5a, 0xdc, 0xce, 0x74, 0x86, 0xa6, 0x3e, 0x6c, 0x0b, 0x53, 0xca, 0xbd, 0x92, - 0xce, 0x19, 0x06, 0x72, 0xe6, 0x0c, 0x5c, 0x38, 0x69, 0xc7, 0x04, 0xd6, 0xbc, 0x6c, 0xce, 0x5b, - 0xf6, 0xf7, 0x68, 0x9c, 0xdc, 0x25, 0x15, 0x48, 0x88, 0xa1, 0xe9, 0xa9, 0xf8, 0x98, 0x9c, 0xe0, - 0xf3, 0xd5, 0x31, 0x28, 0x61, 0x11, 0x6c, 0x67, 0x96, 0x8d, 0x39, 0x99, 0xcb, 0xc2, 0x45, 0x24, - 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x42, 0x30, 0x40, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, - 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xad, 0x6c, 0xaa, 0x94, 0x60, 0x9c, 0xed, 0xe4, 0xff, 0xfa, - 0x3e, 0x0a, 0x74, 0x2b, 0x63, 0x03, 0xf7, 0xb6, 0x59, 0xbf, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x1a, 0x40, - 0xd8, 0x95, 0x65, 0xac, 0x09, 0x92, 0x89, 0xc6, 0x39, 0xf4, 0x10, 0xe5, 0xa9, 0x0e, 0x66, 0x53, - 0x5d, 0x78, 0xde, 0xfa, 0x24, 0x91, 0xbb, 0xe7, 0x44, 0x51, 0xdf, 0xc6, 0x16, 0x34, 0x0a, 0xef, - 0x6a, 0x44, 0x51, 0xea, 0x2b, 0x07, 0x8a, 0x03, 0x7a, 0xc3, 0xeb, 0x3f, 0x0a, 0x2c, 0x52, 0x16, - 0xa0, 0x2b, 0x43, 0xb9, 0x25, 0x90, 0x3f, 0x70, 0xa9, 0x33, 0x25, 0x6d, 0x45, 0x1a, 0x28, 0x3b, - 0x27, 0xcf, 0xaa, 0xc3, 0x29, 0x42, 0x1b, 0xdf, 0x3b, 0x4c, 0xc0, 0x33, 0x34, 0x5b, 0x41, 0x88, - 0xbf, 0x6b, 0x2b, 0x65, 0xaf, 0x28, 0xef, 0xb2, 0xf5, 0xc3, 0xaa, 0x66, 0xce, 0x7b, 0x56, 0xee, - 0xb7, 0xc8, 0xcb, 0x67, 0xc1, 0xc9, 0x9c, 0x1a, 0x18, 0xb8, 0xc4, 0xc3, 0x49, 0x03, 0xf1, 0x60, - 0x0e, 0x50, 0xcd, 0x46, 0xc5, 0xf3, 0x77, 0x79, 0xf7, 0xb6, 0x15, 0xe0, 0x38, 0xdb, 0xc7, 0x2f, - 0x28, 0xa0, 0x0c, 0x3f, 0x77, 0x26, 0x74, 0xd9, 0x25, 0x12, 0xda, 0x31, 0xda, 0x1a, 0x1e, 0xdc, - 0x29, 0x41, 0x91, 0x22, 0x3c, 0x69, 0xa7, 0xbb, 0x02, 0xf2, 0xb6, 0x5c, 0x27, 0x03, 0x89, 0xf4, - 0x06, 0xea, 0x9b, 0xe4, 0x72, 0x82, 0xe3, 0xa1, 0x09, 0xc1, 0xe9, 0x00, 0x19, 0xd3, 0x3e, 0xd4, - 0x70, 0x6b, 0xba, 0x71, 0xa6, 0xaa, 0x58, 0xae, 0xf4, 0xbb, 0xe9, 0x6c, 0xb6, 0xef, 0x87, 0xcc, - 0x9b, 0xbb, 0xff, 0x39, 0xe6, 0x56, 0x61, 0xd3, 0x0a, 0xa7, 0xc4, 0x5c, 0x4c, 0x60, 0x7b, 0x05, - 0x77, 0x26, 0x7a, 0xbf, 0xd8, 0x07, 0x52, 0x2c, 0x62, 0xf7, 0x70, 0x63, 0xd9, 0x39, 0xbc, 0x6f, - 0x1c, 0xc2, 0x79, 0xdc, 0x76, 0x29, 0xaf, 0xce, 0xc5, 0x2c, 0x64, 0x04, 0x5e, 0x88, 0x36, 0x6e, - 0x31, 0xd4, 0x40, 0x1a, 0x62, 0x34, 0x36, 0x3f, 0x35, 0x01, 0xae, 0xac, 0x63, 0xa0, - }; - - check_decode_success (input, -1, output, sizeof (output)); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_decode_simple, "/base64/decode-simple"); - p11_test (test_decode_thawte, "/base64/decode-thawte"); - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-lexer.c b/common/tests/test-lexer.c index ff18a89..7d18e87 100644 --- a/common/tests/test-lexer.c +++ b/common/tests/test-lexer.c @@ -43,7 +43,6 @@ #include "debug.h" #include "lexer.h" #include "message.h" -#include "pem.h" typedef struct { int tok_type; @@ -52,16 +51,6 @@ typedef struct { } expected_tok; static void -on_pem_get_type (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - char **result = (char **)user_data; - *result = strdup (type); -} - -static void check_lex_msg (const char *file, int line, const char *function, @@ -69,9 +58,8 @@ check_lex_msg (const char *file, const char *input, bool failure) { - unsigned int count; p11_lexer lexer; - char *type; + size_t len; bool failed; int i; @@ -99,16 +87,13 @@ check_lex_msg (const char *file, expected[i].name, lexer.tok.field.name); break; case TOK_PEM: - type = NULL; - count = p11_pem_parse (lexer.tok.pem.begin, lexer.tok.pem.length, - on_pem_get_type, &type); - if (count != 1) - p11_test_fail (file, line, function, "more than one PEM block: %d", count); - if (strcmp (expected[i].name, type) != 0) + len = strlen (expected[i].name); + if (lexer.tok.pem.length < len || + strncmp (lexer.tok.pem.begin, expected[i].name, len) != 0) { p11_test_fail (file, line, function, - "wrong type of PEM block: (%s != %s)", - expected[i].name, type); - free (type); + "wrong type of PEM block: %s", + expected[i].name); + } break; case TOK_EOF: p11_test_fail (file, line, function, "eof should not be recieved"); @@ -144,7 +129,7 @@ test_basic (void) const expected_tok expected[] = { { TOK_SECTION, "the header" }, { TOK_FIELD, "field", "value" }, - { TOK_PEM, "BLOCK1", }, + { TOK_PEM, "-----BEGIN BLOCK1-----\n", }, { TOK_EOF } }; @@ -174,7 +159,7 @@ test_corners (void) { TOK_FIELD, "number", "3" }, { TOK_FIELD, "number", "4" }, { TOK_FIELD, "not-a-comment", "# value" }, - { TOK_PEM, "BLOCK1", }, + { TOK_PEM, "-----BEGIN BLOCK1-----\r\n", }, { TOK_EOF } }; @@ -190,7 +175,7 @@ test_following (void) "field: value"; const expected_tok expected[] = { - { TOK_PEM, "BLOCK1", }, + { TOK_PEM, "-----BEGIN BLOCK1-----\n", }, { TOK_FIELD, "field", "value" }, { TOK_EOF } }; diff --git a/common/tests/test-oid.c b/common/tests/test-oid.c deleted file mode 100644 index 05945d9..0000000 --- a/common/tests/test-oid.c +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" -#include "test.h" - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -#include "debug.h" -#include "oid.h" - -#include <libtasn1.h> - -#include "pkix.asn.h" - -static void -test_known_oids (void) -{ - char buffer[128]; - node_asn *definitions = NULL; - node_asn *node; - int ret; - int len; - int i; - - struct { - const unsigned char *oid; - size_t length; - const char *string; - } known_oids[] = { - { P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER), "2.5.29.14", }, - { P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE), "2.5.29.15", }, - { P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS), "2.5.29.19" }, - { P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE), "2.5.29.37" }, - { P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT), "1.3.6.1.4.1.3319.6.10.1" }, - { P11_OID_SERVER_AUTH, sizeof (P11_OID_SERVER_AUTH), P11_OID_SERVER_AUTH_STR }, - { P11_OID_CLIENT_AUTH, sizeof (P11_OID_CLIENT_AUTH), P11_OID_CLIENT_AUTH_STR }, - { P11_OID_CODE_SIGNING, sizeof (P11_OID_CODE_SIGNING), P11_OID_CODE_SIGNING_STR }, - { P11_OID_EMAIL_PROTECTION, sizeof (P11_OID_EMAIL_PROTECTION), P11_OID_EMAIL_PROTECTION_STR }, - { P11_OID_IPSEC_END_SYSTEM, sizeof (P11_OID_IPSEC_END_SYSTEM), P11_OID_IPSEC_END_SYSTEM_STR }, - { P11_OID_IPSEC_TUNNEL, sizeof (P11_OID_IPSEC_TUNNEL), P11_OID_IPSEC_TUNNEL_STR }, - { P11_OID_IPSEC_USER, sizeof (P11_OID_IPSEC_USER), P11_OID_IPSEC_USER_STR }, - { P11_OID_TIME_STAMPING, sizeof (P11_OID_TIME_STAMPING), P11_OID_TIME_STAMPING_STR }, - { P11_OID_RESERVED_PURPOSE, sizeof (P11_OID_RESERVED_PURPOSE), P11_OID_RESERVED_PURPOSE_STR }, - { NULL }, - }; - - ret = asn1_array2tree (pkix_asn1_tab, &definitions, NULL); - assert (ret == ASN1_SUCCESS); - - for (i = 0; known_oids[i].oid != NULL; i++) { - - assert (p11_oid_simple (known_oids[i].oid, known_oids[i].length)); - assert_num_eq (known_oids[i].length, p11_oid_length (known_oids[i].oid)); - assert (p11_oid_equal (known_oids[i].oid, known_oids[i].oid)); - - if (i > 0) - assert (!p11_oid_equal (known_oids[i].oid, known_oids[i - 1].oid)); - - /* AttributeType is a OBJECT IDENTIFIER */ - ret = asn1_create_element (definitions, "PKIX1.AttributeType", &node); - assert (ret == ASN1_SUCCESS); - - ret = asn1_der_decoding (&node, known_oids[i].oid, known_oids[i].length, NULL); - assert (ret == ASN1_SUCCESS); - - len = sizeof (buffer); - ret = asn1_read_value (node, "", buffer, &len); - assert (ret == ASN1_SUCCESS); - - assert_str_eq (known_oids[i].string, buffer); - - asn1_delete_structure (&node); - } - - asn1_delete_structure (&definitions); -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_known_oids, "/oids/known"); - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-pem.c b/common/tests/test-pem.c deleted file mode 100644 index 0c7d60a..0000000 --- a/common/tests/test-pem.c +++ /dev/null @@ -1,341 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" -#include "test.h" - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -#include "compat.h" -#include "pem.h" - -struct { - const char *input; - struct { - const char *type; - const char *data; - unsigned int length; - } output[8]; -} success_fixtures[] = { - { - /* one block */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - { - { - "BLOCK1", - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, - }, - { - NULL, - } - } - }, - - { - /* one block, with header */ - "-----BEGIN BLOCK1-----\n" - "Header1: value1 \n" - " Header2: value2\n" - "\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - { - { - "BLOCK1", - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, - }, - { - NULL, - } - } - }, - - { - /* two blocks, junk data */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n" - "blah blah\n" - "-----BEGIN TWO-----\n" - "oy5L157C671HyJMCf9FiK9prvPZfSch6V4EoUfylFoI1Bq6SbL53kg==\n" - "-----END TWO-----\n" - "trailing data", - { - { - "BLOCK1", - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, - }, - { - "TWO", - "\xa3\x2e\x4b\xd7\x9e\xc2\xeb\xbd\x47\xc8\x93\x02\x7f\xd1\x62\x2b" - "\xda\x6b\xbc\xf6\x5f\x49\xc8\x7a\x57\x81\x28\x51\xfc\xa5\x16\x82" - "\x35\x06\xae\x92\x6c\xbe\x77\x92", - 40 - }, - { - NULL, - } - } - }, - - { - NULL, - } -}; - -typedef struct { - int input_index; - int output_index; - int parsed; -} Closure; - -static void -on_parse_pem_success (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - Closure *cl = user_data; - - assert_num_eq (success_fixtures[cl->input_index].output[cl->output_index].length, length); - assert (memcmp (success_fixtures[cl->input_index].output[cl->output_index].data, contents, - success_fixtures[cl->input_index].output[cl->output_index].length) == 0); - - cl->output_index++; - cl->parsed++; -} - -static void -test_pem_success (void) -{ - Closure cl; - int ret; - int i; - int j; - - for (i = 0; success_fixtures[i].input != NULL; i++) { - cl.input_index = i; - cl.output_index = 0; - cl.parsed = 0; - - ret = p11_pem_parse (success_fixtures[i].input, strlen (success_fixtures[i].input), - on_parse_pem_success, &cl); - - assert (success_fixtures[i].output[cl.output_index].type == NULL); - - /* Count number of outputs, return from p11_pem_parse() should match */ - for (j = 0; success_fixtures[i].output[j].type != NULL; j++); - assert_num_eq (j, ret); - assert_num_eq (ret, cl.parsed); - } -} - -const char *failure_fixtures[] = { - /* too short at end of opening line */ - "-----BEGIN BLOCK1---\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - - /* truncated */ - "-----BEGIN BLOCK1---", - - /* no ending */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n", - - /* wrong ending */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK2-----", - - /* wrong ending */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END INVALID-----", - - /* too short at end of ending line */ - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1---", - - /* invalid base64 data */ - "-----BEGIN BLOCK1-----\n" - "!!!!NNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----", - - NULL, -}; - -static void -on_parse_pem_failure (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - assert (false && "not reached"); -} - -static void -test_pem_failure (void) -{ - int ret; - int i; - - for (i = 0; failure_fixtures[i] != NULL; i++) { - ret = p11_pem_parse (failure_fixtures[i], strlen (failure_fixtures[i]), - on_parse_pem_failure, NULL); - assert_num_eq (0, ret); - } -} - -typedef struct { - const char *input; - size_t length; - const char *type; - const char *output; -} WriteFixture; - -static WriteFixture write_fixtures[] = { - { - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a", - 30, "BLOCK1", - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" - "-----END BLOCK1-----\n", - }, - { - "\x50\x31\x31\x2d\x4b\x49\x54\x0a\x0a\x50\x72\x6f\x76\x69\x64\x65" - "\x73\x20\x61\x20\x77\x61\x79\x20\x74\x6f\x20\x6c\x6f\x61\x64\x20" - "\x61\x6e\x64\x20\x65\x6e\x75\x6d\x65\x72\x61\x74\x65\x20\x50\x4b" - "\x43\x53\x23\x31\x31\x20\x6d\x6f\x64\x75\x6c\x65\x73\x2e\x20\x50" - "\x72\x6f\x76\x69\x64\x65\x73\x20\x61\x20\x73\x74\x61\x6e\x64\x61" - "\x72\x64\x0a\x63\x6f\x6e\x66\x69\x67\x75\x72\x61\x74\x69\x6f\x6e" - "\x20\x73\x65\x74\x75\x70\x20\x66\x6f\x72\x20\x69\x6e\x73\x74\x61" - "\x6c\x6c\x69\x6e\x67\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x6d\x6f" - "\x64\x75\x6c\x65\x73\x20\x69\x6e\x20\x73\x75\x63\x68\x20\x61\x20" - "\x77\x61\x79\x20\x74\x68\x61\x74\x20\x74\x68\x65\x79\x27\x72\x65" - "\x0a\x64\x69\x73\x63\x6f\x76\x65\x72\x61\x62\x6c\x65\x2e\x0a\x0a" - "\x41\x6c\x73\x6f\x20\x73\x6f\x6c\x76\x65\x73\x20\x70\x72\x6f\x62" - "\x6c\x65\x6d\x73\x20\x77\x69\x74\x68\x20\x63\x6f\x6f\x72\x64\x69" - "\x6e\x61\x74\x69\x6e\x67\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f" - "\x66\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x62\x79\x20\x64\x69\x66" - "\x66\x65\x72\x65\x6e\x74\x0a\x63\x6f\x6d\x70\x6f\x6e\x65\x6e\x74" - "\x73\x20\x6f\x72\x20\x6c\x69\x62\x72\x61\x72\x69\x65\x73\x20\x6c" - "\x69\x76\x69\x6e\x67\x20\x69\x6e\x20\x74\x68\x65\x20\x73\x61\x6d" - "\x65\x20\x70\x72\x6f\x63\x65\x73\x73\x2e\x0a", - 299, "LONG TYPE WITH SPACES", - "-----BEGIN LONG TYPE WITH SPACES-----\n" - "UDExLUtJVAoKUHJvdmlkZXMgYSB3YXkgdG8gbG9hZCBhbmQgZW51bWVyYXRlIFBL\n" - "Q1MjMTEgbW9kdWxlcy4gUHJvdmlkZXMgYSBzdGFuZGFyZApjb25maWd1cmF0aW9u\n" - "IHNldHVwIGZvciBpbnN0YWxsaW5nIFBLQ1MjMTEgbW9kdWxlcyBpbiBzdWNoIGEg\n" - "d2F5IHRoYXQgdGhleSdyZQpkaXNjb3ZlcmFibGUuCgpBbHNvIHNvbHZlcyBwcm9i\n" - "bGVtcyB3aXRoIGNvb3JkaW5hdGluZyB0aGUgdXNlIG9mIFBLQ1MjMTEgYnkgZGlm\n" - "ZmVyZW50CmNvbXBvbmVudHMgb3IgbGlicmFyaWVzIGxpdmluZyBpbiB0aGUgc2Ft\n" - "ZSBwcm9jZXNzLgo=\n" - "-----END LONG TYPE WITH SPACES-----\n" - }, - { - "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" - "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf", - 28, "BLOCK1", - "-----BEGIN BLOCK1-----\n" - "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrw==\n" - "-----END BLOCK1-----\n", - }, - { - NULL, - } -}; - -static void -on_parse_written (const char *type, - const unsigned char *contents, - size_t length, - void *user_data) -{ - WriteFixture *fixture = user_data; - - assert_str_eq (fixture->type, type); - assert_num_eq (fixture->length, length); - assert (memcmp (contents, fixture->input, length) == 0); -} - -static void -test_pem_write (void) -{ - WriteFixture *fixture; - p11_buffer buf; - unsigned int count; - int i; - - for (i = 0; write_fixtures[i].input != NULL; i++) { - fixture = write_fixtures + i; - - if (!p11_buffer_init_null (&buf, 0)) - assert_not_reached (); - - if (!p11_pem_write ((unsigned char *)fixture->input, - fixture->length, - fixture->type, &buf)) - assert_not_reached (); - assert_str_eq (fixture->output, buf.data); - assert_num_eq (strlen (fixture->output), buf.len); - - count = p11_pem_parse (buf.data, buf.len, on_parse_written, fixture); - assert_num_eq (1, count); - - p11_buffer_uninit (&buf); - } -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_pem_success, "/pem/success"); - p11_test (test_pem_failure, "/pem/failure"); - p11_test (test_pem_write, "/pem/write"); - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-utf8.c b/common/tests/test-utf8.c deleted file mode 100644 index 9b2c3d5..0000000 --- a/common/tests/test-utf8.c +++ /dev/null @@ -1,244 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@collabora.co.uk> - */ - -#include "config.h" -#include "test.h" - -#include "utf8.h" - -#include <stdio.h> -#include <stdlib.h> - -#define ELEMS(x) (sizeof (x) / sizeof (x[0])) - -static void -test_ucs2be (void) -{ - char *output; - size_t length; - int i; - - struct { - const char *output; - size_t output_len; - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { "This is a test", 14, - { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, 's', 0x00, ' ', 0x00, 'i', 0x00, 's', 0x00, ' ', - 0x00, 'a', 0x00, ' ', 0x00, 't', 0x00, 'e', 0x00, 's', 0x00, 't' }, 28, - }, - { "V\303\266gel", 6, - { 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 10, - }, - { "M\303\244nwich \340\264\205", 12, - { 0x00, 'M', 0x00, 0xE4, 0x00, 'n', 0x00, 'w', 0x00, 'i', 0x00, 'c', 0x00, 'h', - 0x00, ' ', 0x0D, 0x05 }, 18, - } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs2be (fixtures[i].input, - fixtures[i].input_len, - &length); - - assert_num_eq (fixtures[i].output_len, length); - assert_str_eq (fixtures[i].output, output); - free (output); - } -} - -static void -test_ucs2be_fail (void) -{ - char *output; - size_t length; - int i; - - struct { - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, }, 7 /* truncated */ } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs2be (fixtures[i].input, - fixtures[i].input_len, - &length); - assert_ptr_eq (NULL, output); - } -} - -static void -test_ucs4be (void) -{ - char *output; - size_t length; - int i; - - struct { - const char *output; - size_t output_len; - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { "This is a test", 14, - { 0x00, 0x00, 0x00, 'T', - 0x00, 0x00, 0x00, 'h', - 0x00, 0x00, 0x00, 'i', - 0x00, 0x00, 0x00, 's', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x00, 0x00, 'i', - 0x00, 0x00, 0x00, 's', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x00, 0x00, 'a', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x00, 0x00, 't', - 0x00, 0x00, 0x00, 'e', - 0x00, 0x00, 0x00, 's', - 0x00, 0x00, 0x00, 't', - }, 56, - }, - { "Fun \360\220\214\231", 8, - { 0x00, 0x00, 0x00, 'F', - 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', - 0x00, 0x00, 0x00, ' ', - 0x00, 0x01, 0x03, 0x19, /* U+10319: looks like an antenna */ - }, 20, - } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs4be (fixtures[i].input, - fixtures[i].input_len, - &length); - - assert_num_eq (fixtures[i].output_len, length); - assert_str_eq (fixtures[i].output, output); - - free (output); - } -} - -static void -test_ucs4be_fail (void) -{ - char *output; - size_t length; - int i; - - struct { - const unsigned char input[100]; - size_t input_len; - } fixtures[] = { - { { 0x00, 0x00, 'T', - }, 7 /* truncated */ }, - { { 0x00, 0x00, 0x00, 'F', - 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', - 0x00, 0x00, 0x00, ' ', - 0xD8, 0x00, 0xDF, 0x19, - }, 20, - } - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - output = p11_utf8_for_ucs4be (fixtures[i].input, - fixtures[i].input_len, - &length); - assert_ptr_eq (NULL, output); - } -} - -static void -test_utf8 (void) -{ - bool ret; - int i; - - struct { - const char *input; - size_t input_len; - } fixtures[] = { - { "This is a test", 14 }, - { "Good news everyone", -1 }, - { "Fun \360\220\214\231", -1 }, - { "Fun invalid here: \xfe", 4 }, /* but limited length */ - { "V\303\266gel", 6, }, - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - ret = p11_utf8_validate (fixtures[i].input, - fixtures[i].input_len); - assert_num_eq (true, ret); - } -} - -static void -test_utf8_fail (void) -{ - bool ret; - int i; - - struct { - const char *input; - size_t input_len; - } fixtures[] = { - { "This is a test\x80", 15 }, - { "Good news everyone\x88", -1 }, - { "Bad \xe0v following chars should be |0x80", -1 }, - { "Truncated \xe0", -1 }, - }; - - for (i = 0; i < ELEMS (fixtures); i++) { - ret = p11_utf8_validate (fixtures[i].input, - fixtures[i].input_len); - assert_num_eq (false, ret); - } -} - -int -main (int argc, - char *argv[]) -{ - p11_test (test_ucs2be, "/utf8/ucs2be"); - p11_test (test_ucs2be_fail, "/utf8/ucs2be_fail"); - p11_test (test_ucs4be, "/utf8/ucs4be"); - p11_test (test_ucs4be_fail, "/utf8/ucs4be_fail"); - p11_test (test_utf8, "/utf8/utf8"); - p11_test (test_utf8_fail, "/utf8/utf8_fail"); - return p11_test_run (argc, argv); -} diff --git a/common/tests/test-x509.c b/common/tests/test-x509.c deleted file mode 100644 index 9f7d258..0000000 --- a/common/tests/test-x509.c +++ /dev/null @@ -1,416 +0,0 @@ -/* - * Copyright (c) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@gnome.org> - */ - -#include "config.h" -#include "test.h" - -#include "asn1.h" -#include "debug.h" -#include "oid.h" -#include "x509.h" - -#include <stdlib.h> -#include <stdio.h> -#include <string.h> - -#define ELEMS(x) (sizeof (x) / sizeof (x[0])) - -struct { - p11_dict *asn1_defs; -} test; - -static void -setup (void *unused) -{ - test.asn1_defs = p11_asn1_defs_load (); - assert_ptr_not_null (test.asn1_defs); -} - -static void -teardown (void *unused) -{ - p11_dict_free (test.asn1_defs); - memset (&test, 0, sizeof (test)); -} - -static const char test_ku_ds_and_np[] = { - 0x03, 0x03, 0x07, 0xc0, 0x00, -}; - -static const char test_ku_none[] = { - 0x03, 0x03, 0x07, 0x00, 0x00, -}; - -static const char test_ku_cert_crl_sign[] = { - 0x03, 0x03, 0x07, 0x06, 0x00, -}; - -static const char test_eku_server_and_client[] = { - 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, -}; - -static const char test_eku_none[] = { - 0x30, 0x00, -}; - -static const char test_eku_client_email_and_timestamp[] = { - 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06, - 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08, -}; - -static const unsigned char test_cacert3_ca_der[] = { - 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a, - 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, - 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, - 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, - 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, - 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, - 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, - 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32, - 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14, - 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, - 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, - 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f, - 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, - 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, - 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, - 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, - 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, - 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, - 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, - 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, - 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, - 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, - 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, - 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, - 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, - 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, - 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, - 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, - 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, - 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, - 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, - 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, - 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, - 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, - 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, - 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, - 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, - 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, - 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, - 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, - 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, - 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, - 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, - 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, - 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, - 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c, - 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30, - 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16, - 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2, - 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, - 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, - 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, - 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, - 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, - 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, - 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, - 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, - 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63, - 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41, - 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31, - 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, - 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, - 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, - 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27, - 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, - 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, - 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, - 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79, - 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f, - 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, - 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85, - 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c, - 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04, - 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72, - 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47, - 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe, - 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c, - 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8, - 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33, - 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7, - 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7, - 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac, - 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e, - 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a, - 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39, - 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18, - 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56, - 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0, - 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00, - 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed, - 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58, - 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06, - 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3, - 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b, - 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7, - 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7, - 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9, - 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38, - 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3, - 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d, - 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f, - 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4, - 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a, -}; - -struct { - const char *eku; - size_t length; - const char *expected[16]; -} extended_key_usage_fixtures[] = { - { test_eku_server_and_client, sizeof (test_eku_server_and_client), - { P11_OID_SERVER_AUTH_STR, P11_OID_CLIENT_AUTH_STR, NULL }, }, - { test_eku_none, sizeof (test_eku_none), - { NULL, }, }, - { test_eku_client_email_and_timestamp, sizeof (test_eku_client_email_and_timestamp), - { P11_OID_CLIENT_AUTH_STR, P11_OID_EMAIL_PROTECTION_STR, P11_OID_TIME_STAMPING_STR }, }, - { NULL }, -}; - -static void -test_parse_extended_key_usage (void) -{ - p11_array *ekus; - int i, j, count; - - for (i = 0; extended_key_usage_fixtures[i].eku != NULL; i++) { - ekus = p11_x509_parse_extended_key_usage (test.asn1_defs, - (const unsigned char *)extended_key_usage_fixtures[i].eku, - extended_key_usage_fixtures[i].length); - assert_ptr_not_null (ekus); - - for (count = 0; extended_key_usage_fixtures[i].expected[count] != NULL; count++); - - assert_num_eq (count, ekus->num); - for (j = 0; j < count; j++) - assert_str_eq (ekus->elem[j], extended_key_usage_fixtures[i].expected[j]); - - p11_array_free (ekus); - } -} - -struct { - const char *ku; - size_t length; - unsigned int expected; -} key_usage_fixtures[] = { - { test_ku_ds_and_np, sizeof (test_ku_ds_and_np), P11_KU_DIGITAL_SIGNATURE | P11_KU_NON_REPUDIATION }, - { test_ku_none, sizeof (test_ku_none), 0 }, - { test_ku_cert_crl_sign, sizeof (test_ku_cert_crl_sign), P11_KU_KEY_CERT_SIGN | P11_KU_CRL_SIGN }, - { NULL }, -}; - -static void -test_parse_key_usage (void) -{ - unsigned int ku; - int i; - bool ret; - - for (i = 0; key_usage_fixtures[i].ku != NULL; i++) { - ku = 0; - - ret = p11_x509_parse_key_usage (test.asn1_defs, - (const unsigned char *)key_usage_fixtures[i].ku, - key_usage_fixtures[i].length, &ku); - assert_num_eq (true, ret); - - assert_num_eq (key_usage_fixtures[i].expected, ku); - } -} - -static void -test_parse_extension (void) -{ - node_asn *cert; - unsigned char *ext; - size_t length; - bool is_ca; - - cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); - assert_ptr_not_null (cert); - - ext = p11_x509_find_extension (cert, P11_OID_BASIC_CONSTRAINTS, - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), - &length); - assert_ptr_not_null (ext); - assert (length > 0); - - asn1_delete_structure (&cert); - - if (!p11_x509_parse_basic_constraints (test.asn1_defs, ext, length, &is_ca)) - assert_fail ("failed to parse message", "basic constraints"); - - free (ext); -} -static void -test_parse_extension_not_found (void) -{ - node_asn *cert; - unsigned char *ext; - size_t length; - - cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); - assert_ptr_not_null (cert); - - ext = p11_x509_find_extension (cert, P11_OID_OPENSSL_REJECT, - test_cacert3_ca_der, sizeof (test_cacert3_ca_der), - &length); - assert_ptr_eq (NULL, ext); - - asn1_delete_structure (&cert); -} - -static void -test_directory_string (void) -{ - struct { - unsigned char input[100]; - int input_len; - char *output; - int output_len; - } fixtures[] = { - /* UTF8String */ - { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17, - "\xc3\x84 UTF8 string ", 15, - }, - - /* NumericString */ - { { 0x12, 0x04, '0', '1', '2', '3', }, 6, - "0123", 4, - }, - - /* IA5String */ - { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6, - " AB ", 4 - }, - - /* TeletexString */ - { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - "A nice", 7 - }, - - /* PrintableString */ - { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9, - "A nice", 7, - }, - - /* UniversalString */ - { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u', - 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22, - "Fun \xf0\x90\x8c\x99", 8 - }, - - /* BMPString */ - { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12, - "V\xc3\xb6gel", 6 - }, - }; - - char *string; - bool unknown; - size_t length; - int i; - - for (i = 0; i < ELEMS (fixtures); i++) { - string = p11_x509_parse_directory_string (fixtures[i].input, - fixtures[i].input_len, - &unknown, &length); - assert_ptr_not_null (string); - assert_num_eq (false, unknown); - - assert_num_eq (fixtures[i].output_len, length); - assert_str_eq (fixtures[i].output, string); - free (string); - } -} - -static void -test_directory_string_unknown (void) -{ - /* Not a valid choice in DirectoryString */ - unsigned char input[] = { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }; - char *string; - bool unknown = false; - size_t length; - - string = p11_x509_parse_directory_string (input, sizeof (input), &unknown, &length); - assert_ptr_eq (NULL, string); - assert_num_eq (true, unknown); -} - -int -main (int argc, - char *argv[]) -{ - p11_fixture (setup, teardown); - p11_test (test_parse_extended_key_usage, "/x509/parse-extended-key-usage"); - p11_test (test_parse_key_usage, "/x509/parse-key-usage"); - p11_test (test_parse_extension, "/x509/parse-extension"); - p11_test (test_parse_extension_not_found, "/x509/parse-extension-not-found"); - - p11_fixture (NULL, NULL); - p11_test (test_directory_string, "/x509/directory-string"); - p11_test (test_directory_string_unknown, "/x509/directory-string-unknown"); - return p11_test_run (argc, argv); -} diff --git a/common/tool.c b/common/tool.c new file mode 100644 index 0000000..70bb4d2 --- /dev/null +++ b/common/tool.c @@ -0,0 +1,331 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter <stefw@collabora.co.uk> + */ + +#include "config.h" + +#include "buffer.h" +#include "compat.h" +#include "debug.h" +#include "message.h" +#include "path.h" + +#include <assert.h> +#include <ctype.h> +#include <getopt.h> +#include <string.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> + +#include "tool.h" + +static char +short_option (int opt) +{ + if (isalpha (opt) || isdigit (opt)) + return (char)opt; + return 0; +} + +static const struct option * +find_option (const struct option *longopts, + int opt) +{ + int i; + + for (i = 0; longopts[i].name != NULL; i++) { + if (longopts[i].val == opt) + return longopts + i; + } + + return NULL; +} + +void +p11_tool_usage (const p11_tool_desc *usages, + const struct option *longopts) +{ + const struct option *longopt; + const int indent = 22; + const char *long_name; + const char *description; + const char *next; + char short_name; + int spaces; + int len; + int i; + + for (i = 0; usages[i].text != NULL; i++) { + + /* If no option, then this is a heading */ + if (!usages[i].option) { + printf ("%s\n\n", usages[i].text); + continue; + } + + longopt = find_option (longopts, usages[i].option); + long_name = longopt ? longopt->name : NULL; + short_name = short_option (usages[i].option); + description = usages[i].text; + + if (short_name && long_name) + len = printf (" -%c, --%s", (int)short_name, long_name); + else if (long_name) + len = printf (" --%s", long_name); + else + len = printf (" -%c", (int)short_name); + if (longopt && longopt->has_arg) + len += printf ("%s<%s>", + long_name ? "=" : " ", + usages[i].arg ? usages[i].arg : "..."); + if (len < indent) { + spaces = indent - len; + } else { + printf ("\n"); + spaces = indent; + } + while (description) { + while (spaces-- > 0) + fputc (' ', stdout); + next = strchr (description, '\n'); + if (next) { + next += 1; + printf ("%.*s", (int)(next - description), description); + description = next; + spaces = indent; + } else { + printf ("%s\n", description); + break; + } + } + + } +} + +int +p11_tool_getopt (int argc, + char *argv[], + const struct option *longopts) +{ + p11_buffer buf; + int ret; + char opt; + int i; + + if (!p11_buffer_init_null (&buf, 64)) + return_val_if_reached (-1); + + for (i = 0; longopts[i].name != NULL; i++) { + opt = short_option (longopts[i].val); + if (opt != 0) { + p11_buffer_add (&buf, &opt, 1); + assert (longopts[i].has_arg != optional_argument); + if (longopts[i].has_arg == required_argument) + p11_buffer_add (&buf, ":", 1); + } + } + + ret = getopt_long (argc, argv, buf.data, longopts, NULL); + + p11_buffer_uninit (&buf); + + return ret; +} + +static void +command_usage (const p11_tool_command *commands) +{ + const char *progname; + int i; + + progname = getprogname (); + printf ("usage: %s command <args>...\n", progname); + printf ("\nCommon %s commands are:\n", progname); + for (i = 0; commands[i].name != NULL; i++) { + if (strcmp (commands[i].name, P11_TOOL_FALLBACK) != 0) + printf (" %-15s %s\n", commands[i].name, commands[i].text); + } + printf ("\nSee '%s <command> --help' for more information\n", progname); +} + +static void +verbose_arg (void) +{ + putenv ("P11_KIT_DEBUG=all"); + p11_message_loud (); +} + +static void +quiet_arg (void) +{ + putenv ("P11_KIT_DEBUG="); + p11_message_quiet (); +} + +int +p11_tool_main (int argc, + char *argv[], + const p11_tool_command *commands) +{ + const p11_tool_command *fallback = NULL; + char *command = NULL; + bool want_help = false; + bool skip; + int in, out; + int i; + + /* + * Parse the global options. We rearrange the options as + * necessary, in order to pass relevant options through + * to the commands, but also have them take effect globally. + */ + + for (in = 1, out = 1; in < argc; in++, out++) { + + /* The non-option is the command, take it out of the arguments */ + if (argv[in][0] != '-') { + if (!command) { + skip = true; + command = argv[in]; + } else { + skip = false; + } + + /* The global long options */ + } else if (argv[in][1] == '-') { + skip = false; + + if (strcmp (argv[in], "--") == 0) { + if (!command) { + p11_message ("no command specified"); + return 2; + } else { + break; + } + + } else if (strcmp (argv[in], "--verbose") == 0) { + verbose_arg (); + + } else if (strcmp (argv[in], "--quiet") == 0) { + quiet_arg (); + + } else if (strcmp (argv[in], "--help") == 0) { + want_help = true; + + } else if (!command) { + p11_message ("unknown global option: %s", argv[in]); + return 2; + } + + /* The global short options */ + } else { + skip = false; + + for (i = 1; argv[in][i] != '\0'; i++) { + switch (argv[in][i]) { + case 'h': + want_help = true; + break; + + /* Compatibility option */ + case 'l': + command = "list-modules"; + break; + + case 'v': + verbose_arg (); + break; + + case 'q': + quiet_arg (); + break; + + default: + if (!command) { + p11_message ("unknown global option: -%c", (int)argv[in][i]); + return 2; + } + break; + } + } + } + + /* Skipping this argument? */ + if (skip) + out--; + else + argv[out] = argv[in]; + } + + /* Initialize tool's debugging after setting env vars above */ + p11_debug_init (); + + if (command == NULL) { + /* As a special favor if someone just typed the command, help them out */ + if (argc == 1) { + command_usage (commands); + return 2; + } else if (want_help) { + command_usage (commands); + return 0; + } else { + p11_message ("no command specified"); + return 2; + } + } + + argc = out; + + /* Look for the command */ + for (i = 0; commands[i].name != NULL; i++) { + if (strcmp (commands[i].name, P11_TOOL_FALLBACK) == 0) { + fallback = commands + i; + + } else if (strcmp (commands[i].name, command) == 0) { + argv[0] = command; + return (commands[i].function) (argc, argv); + } + } + + /* Got here because no command matched */ + if (fallback != NULL) { + argv[0] = command; + return (fallback->function) (argc, argv); + } + + /* At this point we have no command */ + p11_message ("'%s' is not a valid command. See '%s --help'", + command, getprogname ()); + return 2; +} diff --git a/common/pem.h b/common/tool.h index 7e4ce63..16785da 100644 --- a/common/pem.h +++ b/common/tool.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Red Hat Inc. + * Copyright (c) 2013 Red Hat Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -29,30 +29,37 @@ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * - * Author: Stef Walter <stefw@redhat.com> + * Author: Stef Walter <stefw@collabora.co.uk> */ -#ifndef P11_PEM_H_ -#define P11_PEM_H_ +#ifndef P11_TOOL_H_ +#define P11_TOOL_H_ -#include "buffer.h" -#include "compat.h" +#include <getopt.h> -#include <sys/types.h> +#define P11_TOOL_FALLBACK "" -typedef void (*p11_pem_sink) (const char *type, - const unsigned char *contents, - size_t length, - void *user_data); +typedef struct { + const char *name; + int (*function) (int, char*[]); + const char *text; +} p11_tool_command; -unsigned int p11_pem_parse (const char *input, - size_t length, - p11_pem_sink sink, - void *user_data); +typedef struct { + int option; + const char *text; + const char *arg; +} p11_tool_desc; -bool p11_pem_write (const unsigned char *contents, - size_t length, - const char *type, - p11_buffer *buf); +int p11_tool_main (int argc, + char *argv[], + const p11_tool_command *commands); -#endif /* P11_PEM_H_ */ +int p11_tool_getopt (int argc, + char *argv[], + const struct option *longopts); + +void p11_tool_usage (const p11_tool_desc *usages, + const struct option *longopts); + +#endif /* P11_TOOL_H_ */ diff --git a/common/utf8.c b/common/utf8.c deleted file mode 100644 index b94c3e7..0000000 --- a/common/utf8.c +++ /dev/null @@ -1,329 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "buffer.h" -#include "debug.h" -#include "utf8.h" - -#include <assert.h> -#include <stddef.h> -#include <stdint.h> -#include <string.h> - -/* - * Some parts come from FreeBSD utf8.c - * - * Copyright (c) 2002-2004 Tim J. Robbins - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -static ssize_t -utf8_to_uchar (const char *str, - size_t len, - uint32_t *uc) -{ - int ch, i, mask, want; - uint32_t lbound, uch; - - assert (str != NULL); - assert (len > 0); - assert (uc != NULL); - - if (((ch = (unsigned char)*str) & ~0x7f) == 0) { - /* Fast path for plain ASCII characters. */ - *uc = ch; - return 1; - } - - /* - * Determine the number of octets that make up this character - * from the first octet, and a mask that extracts the - * interesting bits of the first octet. We already know - * the character is at least two bytes long. - * - * We also specify a lower bound for the character code to - * detect redundant, non-"shortest form" encodings. For - * example, the sequence C0 80 is _not_ a legal representation - * of the null character. This enforces a 1-to-1 mapping - * between character codes and their multibyte representations. - */ - ch = (unsigned char)*str; - if ((ch & 0xe0) == 0xc0) { - mask = 0x1f; - want = 2; - lbound = 0x80; - } else if ((ch & 0xf0) == 0xe0) { - mask = 0x0f; - want = 3; - lbound = 0x800; - } else if ((ch & 0xf8) == 0xf0) { - mask = 0x07; - want = 4; - lbound = 0x10000; - } else if ((ch & 0xfc) == 0xf8) { - mask = 0x03; - want = 5; - lbound = 0x200000; - } else if ((ch & 0xfe) == 0xfc) { - mask = 0x01; - want = 6; - lbound = 0x4000000; - } else { - /* - * Malformed input; input is not UTF-8. - */ - return -1; - } - - if (want > len) { - /* Incomplete multibyte sequence. */ - return -1; - } - - /* - * Decode the octet sequence representing the character in chunks - * of 6 bits, most significant first. - */ - uch = (unsigned char)*str++ & mask; - for (i = 1; i < want; i++) { - if ((*str & 0xc0) != 0x80) { - /* - * Malformed input; bad characters in the middle - * of a character. - */ - return -1; - } - uch <<= 6; - uch |= *str++ & 0x3f; - } - if (uch < lbound) { - /* - * Malformed input; redundant encoding. - */ - return -1; - } - - *uc = uch; - return want; -} - -static size_t -utf8_for_uchar (uint32_t uc, - char *str, - size_t len) -{ - unsigned char lead; - int i, want; - - assert (str != NULL); - assert (len >= 6); - - if ((uc & ~0x7f) == 0) { - /* Fast path for plain ASCII characters. */ - *str = (char)uc; - return 1; - } - - /* - * Determine the number of octets needed to represent this character. - * We always output the shortest sequence possible. Also specify the - * first few bits of the first octet, which contains the information - * about the sequence length. - */ - if ((uc & ~0x7ff) == 0) { - lead = 0xc0; - want = 2; - } else if ((uc & ~0xffff) == 0) { - lead = 0xe0; - want = 3; - } else if ((uc & ~0x1fffff) == 0) { - lead = 0xf0; - want = 4; - } else if ((uc & ~0x3ffffff) == 0) { - lead = 0xf8; - want = 5; - } else if ((uc & ~0x7fffffff) == 0) { - lead = 0xfc; - want = 6; - } else { - return -1; - } - - assert (want <= len); - - /* - * Output the octets representing the character in chunks - * of 6 bits, least significant last. The first octet is - * a special case because it contains the sequence length - * information. - */ - for (i = want - 1; i > 0; i--) { - str[i] = (uc & 0x3f) | 0x80; - uc >>= 6; - } - *str = (uc & 0xff) | lead; - return want; -} - -static ssize_t -ucs2be_to_uchar (const unsigned char *str, - size_t len, - uint32_t *wc) -{ - assert (str != NULL); - assert (len != 0); - assert (wc != NULL); - - if (len < 2) - return -1; - - *wc = (str[0] << 8 | str[1]); - return 2; -} - -static ssize_t -ucs4be_to_uchar (const unsigned char *str, - size_t len, - uint32_t *uc) -{ - assert (str != NULL); - assert (len != 0); - assert (uc != NULL); - - if (len < 4) - return -1; - - *uc = (str[0] << 24 | str[1] << 16 | str[2] << 8 | str[3]); - return 4; -} - -bool -p11_utf8_validate (const char *str, - ssize_t len) -{ - uint32_t dummy; - ssize_t ret; - - if (len < 0) - len = strlen (str); - - while (len > 0) { - ret = utf8_to_uchar (str, len, &dummy); - if (ret < 0) - return false; - str += ret; - len -= ret; - } - - return true; -} - -static char * -utf8_for_convert (ssize_t (* convert) (const unsigned char *, size_t, uint32_t *), - const unsigned char *str, - size_t num_bytes, - size_t *ret_len) -{ - p11_buffer buf; - char block[6]; - uint32_t uc; - ssize_t ret; - - assert (convert); - - if (!p11_buffer_init_null (&buf, num_bytes)) - return_val_if_reached (NULL); - - while (num_bytes != 0) { - ret = (convert) (str, num_bytes, &uc); - if (ret < 0) { - p11_buffer_uninit (&buf); - return NULL; - } - - str += ret; - num_bytes -= ret; - - ret = utf8_for_uchar (uc, block, 6); - if (ret < 0) { - p11_buffer_uninit (&buf); - return NULL; - } - p11_buffer_add (&buf, block, ret); - } - - return_val_if_fail (p11_buffer_ok (&buf), NULL); - return p11_buffer_steal (&buf, ret_len); -} - -char * -p11_utf8_for_ucs2be (const unsigned char *str, - size_t num_bytes, - size_t *ret_len) -{ - assert (str != NULL); - return utf8_for_convert (ucs2be_to_uchar, str, num_bytes, ret_len); -} - -char * -p11_utf8_for_ucs4be (const unsigned char *str, - size_t num_bytes, - size_t *ret_len) -{ - assert (str != NULL); - return utf8_for_convert (ucs4be_to_uchar, str, num_bytes, ret_len); -} diff --git a/common/utf8.h b/common/utf8.h deleted file mode 100644 index 8efa66f..0000000 --- a/common/utf8.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2013, Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#ifndef P11_UTF8_H_ -#define P11_UTF8_H_ - -#include "compat.h" - -#include <sys/types.h> - -bool p11_utf8_validate (const char *str, - ssize_t len); - -char * p11_utf8_for_ucs2be (const unsigned char *str, - size_t num_bytes, - size_t *ret_len); - -char * p11_utf8_for_ucs4be (const unsigned char *str, - size_t num_bytes, - size_t *ret_len); - -#endif /* P11_UTF8_H_ */ diff --git a/common/x509.c b/common/x509.c deleted file mode 100644 index aa6e171..0000000 --- a/common/x509.c +++ /dev/null @@ -1,376 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include "config.h" - -#include "asn1.h" -#define P11_DEBUG_FLAG P11_DEBUG_TRUST -#include "debug.h" -#include "hash.h" -#include "oid.h" -#include "utf8.h" -#include "x509.h" - -#include <stdlib.h> -#include <string.h> - -unsigned char * -p11_x509_find_extension (node_asn *cert, - const unsigned char *oid, - const unsigned char *der, - size_t der_len, - size_t *ext_len) -{ - char field[128]; - char *value; - int start; - int end; - int ret; - int len; - int i; - - return_val_if_fail (cert != NULL, NULL); - return_val_if_fail (oid != NULL, NULL); - return_val_if_fail (ext_len != NULL, NULL); - - for (i = 1; ; i++) { - if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnID", i) < 0) - return_val_if_reached (NULL); - - ret = asn1_der_decoding_startEnd (cert, der, der_len, field, &start, &end); - - /* No more extensions */ - if (ret == ASN1_ELEMENT_NOT_FOUND) - break; - - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - /* Make sure it's a straightforward oid with certain assumptions */ - if (!p11_oid_simple (der + start, (end - start) + 1)) - continue; - - /* The one we're lookin for? */ - if (!p11_oid_equal (der + start, oid)) - continue; - - if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnValue", i) < 0) - return_val_if_reached (NULL); - - len = 0; - ret = asn1_read_value (cert, field, NULL, &len); - return_val_if_fail (ret == ASN1_MEM_ERROR, NULL); - - value = malloc (len); - return_val_if_fail (value != NULL, NULL); - - ret = asn1_read_value (cert, field, value, &len); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - *ext_len = len; - return (unsigned char *)value; - } - - return NULL; -} - -bool -p11_x509_calc_keyid (node_asn *cert, - const unsigned char *der, - size_t der_len, - unsigned char *keyid) -{ - int start, end; - int ret; - - return_val_if_fail (cert != NULL, NULL); - return_val_if_fail (der != NULL, NULL); - return_val_if_fail (keyid != NULL, NULL); - - ret = asn1_der_decoding_startEnd (cert, der, der_len, "tbsCertificate.subjectPublicKeyInfo", &start, &end); - return_val_if_fail (ret == ASN1_SUCCESS, false); - return_val_if_fail (end >= start, false); - - p11_hash_sha1 (keyid, (der + start), (end - start) + 1, NULL); - return true; -} - -bool -p11_x509_parse_basic_constraints (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len, - bool *is_ca) -{ - char buffer[8]; - node_asn *ext; - int ret; - int len; - - return_val_if_fail (is_ca != NULL, false); - - ext = p11_asn1_decode (asn1_defs, "PKIX1.BasicConstraints", ext_der, ext_len, NULL); - if (ext == NULL) - return false; - - len = sizeof (buffer); - ret = asn1_read_value (ext, "cA", buffer, &len); - - /* Default value for cA is FALSE */ - if (ret == ASN1_ELEMENT_NOT_FOUND) { - *is_ca = false; - - } else { - return_val_if_fail (ret == ASN1_SUCCESS, false); - *is_ca = (strcmp (buffer, "TRUE") == 0); - } - - asn1_delete_structure (&ext); - - return true; -} - -bool -p11_x509_parse_key_usage (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len, - unsigned int *ku) -{ - char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, }; - unsigned char buf[2]; - node_asn *ext; - int len; - int ret; - - ext = p11_asn1_decode (asn1_defs, "PKIX1.KeyUsage", ext_der, ext_len, message); - if (ext == NULL) - return false; - - len = sizeof (buf); - ret = asn1_read_value (ext, "", buf, &len); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - /* A bit string, so combine into one set of flags */ - *ku = buf[0] | (buf[1] << 8); - - asn1_delete_structure (&ext); - - return true; -} - -p11_array * -p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len) -{ - node_asn *asn; - char field[128]; - p11_array *ekus; - char *eku; - int ret; - int len; - int i; - - asn = p11_asn1_decode (asn1_defs, "PKIX1.ExtKeyUsageSyntax", ext_der, ext_len, NULL); - if (asn == NULL) - return NULL; - - ekus = p11_array_new (free); - - for (i = 1; ; i++) { - if (snprintf (field, sizeof (field), "?%u", i) < 0) - return_val_if_reached (NULL); - - len = 0; - ret = asn1_read_value (asn, field, NULL, &len); - if (ret == ASN1_ELEMENT_NOT_FOUND) - break; - - return_val_if_fail (ret == ASN1_MEM_ERROR, NULL); - - eku = malloc (len + 1); - return_val_if_fail (eku != NULL, NULL); - - ret = asn1_read_value (asn, field, eku, &len); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - eku[len] = 0; - - /* If it's our reserved OID, then skip */ - if (strcmp (eku, P11_OID_RESERVED_PURPOSE_STR) == 0) { - free (eku); - continue; - } - - if (!p11_array_push (ekus, eku)) - return_val_if_reached (NULL); - } - - asn1_delete_structure (&asn); - - return ekus; -} - -char * -p11_x509_parse_directory_string (const unsigned char *input, - size_t input_len, - bool *unknown_string, - size_t *string_len) -{ - unsigned long tag; - unsigned char cls; - int tag_len; - int len_len; - const void *octets; - long octet_len; - int ret; - - ret = asn1_get_tag_der (input, input_len, &cls, &tag_len, &tag); - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - octet_len = asn1_get_length_der (input + tag_len, input_len - tag_len, &len_len); - return_val_if_fail (octet_len >= 0, false); - return_val_if_fail (tag_len + len_len + octet_len == input_len, NULL); - - octets = input + tag_len + len_len; - - if (unknown_string) - *unknown_string = false; - - /* The following strings are the ones we normalize */ - switch (tag) { - case 12: /* UTF8String */ - case 18: /* NumericString */ - case 22: /* IA5String */ - case 20: /* TeletexString */ - case 19: /* PrintableString */ - if (!p11_utf8_validate (octets, octet_len)) - return NULL; - if (string_len) - *string_len = octet_len; - return strndup (octets, octet_len); - - case 28: /* UniversalString */ - return p11_utf8_for_ucs4be (octets, octet_len, string_len); - - case 30: /* BMPString */ - return p11_utf8_for_ucs2be (octets, octet_len, string_len); - - /* Just pass through all the non-string types */ - default: - if (unknown_string) - *unknown_string = true; - return NULL; - } - -} - -char * -p11_x509_parse_dn_name (p11_dict *asn_defs, - const unsigned char *der, - size_t der_len, - const unsigned char *oid) -{ - node_asn *asn; - char *part; - - asn = p11_asn1_decode (asn_defs, "PKIX1.Name", der, der_len, NULL); - if (asn == NULL) - return NULL; - - part = p11_x509_lookup_dn_name (asn, NULL, der, der_len, oid); - asn1_delete_structure (&asn); - return part; -} - -char * -p11_x509_lookup_dn_name (node_asn *asn, - const char *dn_field, - const unsigned char *der, - size_t der_len, - const unsigned char *oid) -{ - unsigned char *value; - char field[128]; - int value_len; - char *part; - int i, j; - int start; - int end; - int ret; - - for (i = 1; true; i++) { - for (j = 1; true; j++) { - snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.type", - dn_field, dn_field ? "." : "", i, j); - - ret = asn1_der_decoding_startEnd (asn, der, der_len, field, &start, &end); - - /* No more dns */ - if (ret == ASN1_ELEMENT_NOT_FOUND) - break; - - return_val_if_fail (ret == ASN1_SUCCESS, NULL); - - /* Make sure it's a straightforward oid with certain assumptions */ - if (!p11_oid_simple (der + start, (end - start) + 1)) - continue; - - /* The one we're lookin for? */ - if (!p11_oid_equal (der + start, oid)) - continue; - - snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.value", - dn_field, dn_field ? "." : "", i, j); - - value_len = 0; - ret = asn1_read_value (asn, field, NULL, &value_len); - return_val_if_fail (ret == ASN1_MEM_ERROR, NULL); - - value = malloc (value_len + 1); - return_val_if_fail (value != NULL, NULL); - - ret = asn1_read_value (asn, field, value, &value_len); - return_val_if_fail (ret == ASN1_SUCCESS, false); - - part = p11_x509_parse_directory_string (value, value_len, NULL, NULL); - free (value); - - return part; - } - - if (j == 1) - break; - } - - return NULL; -} diff --git a/common/x509.h b/common/x509.h deleted file mode 100644 index af91c28..0000000 --- a/common/x509.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (C) 2012 Red Hat Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter <stefw@redhat.com> - */ - -#include <libtasn1.h> - -#include "array.h" -#include "dict.h" - -#ifndef P11_X509_H_ -#define P11_X509_H_ - -unsigned char * p11_x509_find_extension (node_asn *cert, - const unsigned char *oid, - const unsigned char *der, - size_t der_len, - size_t *ext_len); - -bool p11_x509_calc_keyid (node_asn *cert, - const unsigned char *der, - size_t der_len, - unsigned char *keyid); - -bool p11_x509_parse_basic_constraints (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len, - bool *is_ca); - -bool p11_x509_parse_key_usage (p11_dict *asn1_defs, - const unsigned char *data, - size_t length, - unsigned int *ku); - -p11_array * p11_x509_parse_extended_key_usage (p11_dict *asn1_defs, - const unsigned char *ext_der, - size_t ext_len); - -char * p11_x509_parse_dn_name (p11_dict *asn_defs, - const unsigned char *der, - size_t der_len, - const unsigned char *oid); - -char * p11_x509_lookup_dn_name (node_asn *asn, - const char *dn_field, - const unsigned char *der, - size_t der_len, - const unsigned char *oid); - -char * p11_x509_parse_directory_string (const unsigned char *input, - size_t input_len, - bool *unknown_string, - size_t *string_len); - -#endif /* P11_X509_H_ */ |