summaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
Diffstat (limited to 'common')
-rw-r--r--common/Makefile.am1
-rw-r--r--common/compat.c2
-rw-r--r--common/compat.h2
-rw-r--r--common/oid.c100
-rw-r--r--common/oid.h209
-rw-r--r--common/tests/Makefile.am2
-rw-r--r--common/tests/frob-ku.c28
-rw-r--r--common/tests/frob-oid.c100
-rw-r--r--common/tests/test-oid.c133
9 files changed, 556 insertions, 21 deletions
diff --git a/common/Makefile.am b/common/Makefile.am
index d527e95..bed4630 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -41,6 +41,7 @@ noinst_LTLIBRARIES += \
libp11_data_la_SOURCES = \
base64.c base64.h \
checksum.c checksum.h \
+ oid.c oid.h \
openssl.asn openssl.asn.h \
pem.c pem.h \
pkix.asn pkix.asn.h \
diff --git a/common/compat.c b/common/compat.c
index 74fb130..b917cfa 100644
--- a/common/compat.c
+++ b/common/compat.c
@@ -255,7 +255,7 @@ strnstr (const char *s,
#ifndef HAVE_MEMDUP
void *
-memdup (void *data,
+memdup (const void *data,
size_t length)
{
void *dup;
diff --git a/common/compat.h b/common/compat.h
index 68786a7..7f848d2 100644
--- a/common/compat.h
+++ b/common/compat.h
@@ -183,7 +183,7 @@ char * strnstr (const char *s,
#ifndef HAVE_MEMDUP
-void * memdup (void *data,
+void * memdup (const void *data,
size_t length);
#endif /* HAVE_MEMDUP */
diff --git a/common/oid.c b/common/oid.c
new file mode 100644
index 0000000..0c876ec
--- /dev/null
+++ b/common/oid.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2012 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#include "config.h"
+
+#include "oid.h"
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+/*
+ * We deal with OIDs a lot in their DER form. These have the
+ * advantage of having the length encoded in their second byte,
+ * at least for all the OIDs we're interested in.
+ *
+ * The goal here is to avoid carrying around extra length
+ * information about DER encoded OIDs.
+ */
+
+bool
+p11_oid_simple (const unsigned char *oid,
+ int len)
+{
+ return (oid != NULL &&
+ len > 3 && /* minimum length */
+ oid[0] == 0x06 && /* simple encoding */
+ (oid[1] & 128) == 0 && /* short form length */
+ (size_t)oid[1] == len - 2); /* matches length */
+}
+
+unsigned int
+p11_oid_hash (const void *oid)
+{
+ const unsigned char *v = oid;
+ unsigned int hash;
+ int len;
+ int i;
+
+ len = p11_oid_length (v);
+ hash = v[0];
+
+ for (i = 1; i < len; i++)
+ hash = (hash << 5) - hash + v[i];
+
+ return hash;
+}
+
+bool
+p11_oid_equal (const void *oid_one,
+ const void *oid_two)
+{
+ int len_one;
+ int len_two;
+
+ len_one = p11_oid_length (oid_one);
+ len_two = p11_oid_length (oid_two);
+
+ return (len_one == len_two &&
+ memcmp (oid_one, oid_two, len_one) == 0);
+}
+
+int
+p11_oid_length (const unsigned char *oid)
+{
+ assert (oid[0] == 0x06);
+ assert ((oid[1] & 128) == 0);
+ return (int)oid[1] + 2;
+}
diff --git a/common/oid.h b/common/oid.h
new file mode 100644
index 0000000..b0c8538
--- /dev/null
+++ b/common/oid.h
@@ -0,0 +1,209 @@
+/*
+ * Copyright (C) 2012 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#ifndef P11_OIDS_H_
+#define P11_OIDS_H_
+
+#include "compat.h"
+
+bool p11_oid_simple (const unsigned char *oid,
+ int len);
+
+unsigned int p11_oid_hash (const void *oid);
+
+bool p11_oid_equal (const void *oid_one,
+ const void *oid_two);
+
+int p11_oid_length (const unsigned char *oid);
+
+/*
+ * Our support of certificate extensions and so on is not limited to what is
+ * listed here. This is simply the OIDs used by the parsing code that generates
+ * backwards compatible PKCS#11 objects for NSS and the like.
+ */
+
+/*
+ * 2.5.29.14: SubjectKeyIdentifier
+ */
+static const unsigned char P11_OID_SUBJECT_KEY_IDENTIFIER[] =
+ { 0x06, 0x03, 0x55, 0x1d, 0x0e };
+
+/*
+ * 2.5.29.15: KeyUsage
+ *
+ * Defined in RFC 5280
+ */
+static const unsigned char P11_OID_KEY_USAGE[] =
+ { 0x06, 0x03, 0x55, 0x1d, 0x0f };
+
+enum {
+ P11_KU_DIGITAL_SIGNATURE = 128,
+ P11_KU_NON_REPUDIATION = 64,
+ P11_KU_KEY_ENCIPHERMENT = 32,
+ P11_KU_DATA_ENCIPHERMENT = 16,
+ P11_KU_KEY_AGREEMENT = 8,
+ P11_KU_KEY_CERT_SIGN = 4,
+ P11_KU_CRL_SIGN = 2,
+ P11_KU_ENCIPHER_ONLY = 1,
+ P11_KU_DECIPHER_ONLY = 32768,
+};
+
+/*
+ * 2.5.29.19: BasicConstraints
+ *
+ * Defined in RFC 5280
+ */
+static const unsigned char P11_OID_BASIC_CONSTRAINTS[] =
+ { 0x06, 0x03, 0x55, 0x1d, 0x13 };
+
+
+/*
+ * 2.5.29.37: ExtendedKeyUsage
+ *
+ * Defined in RFC 5280
+ */
+static const unsigned char P11_OID_EXTENDED_KEY_USAGE[] =
+ { 0x06, 0x03, 0x55, 0x1d, 0x25 };
+
+/*
+ * 1.3.6.1.4.1.3319.6.10.1: OpenSSL reject extension
+ *
+ * An internally defined certificate extension.
+ *
+ * OpenSSL contains a list of OID extended key usages to reject.
+ * The normal X.509 model is to only *include* the extended key
+ * usages that are to be allowed (ie: a whitelist). It's not clear
+ * exactly how valid and useful the reject per extended key usage
+ * model is. In fact, it appears that openssl does not use this
+ * information.
+ *
+ * However in order to parse openssl trust policy information and
+ * be able to write it back out in the same way, we define a custom
+ * certificate extension to store it.
+ *
+ * It is not expected (or supported) for others outside of p11-kit
+ * to read this information at this point.
+ *
+ * This extension is never marked critical. It is not necessary to
+ * respect information in this certificate extension given that the
+ * ExtendedKeyUsage extension carries the same information as a
+ * whitelist.
+ */
+static const unsigned char P11_OID_OPENSSL_REJECT[] =
+ { 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x01 };
+
+/*
+ * 1.3.6.1.5.5.7.3.1: Server Auth
+ *
+ * Defined in RFC 5280
+ */
+static const unsigned char P11_OID_SERVER_AUTH[] =
+ { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01 };
+
+/*
+ * 1.3.6.1.5.5.7.3.2: Client Auth
+ *
+ * Defined in RFC 5280
+ */
+static const unsigned char P11_OID_CLIENT_AUTH[] =
+ { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02 };
+
+/*
+ * 1.3.6.1.5.5.7.3.3: Code Signing
+ *
+ * Defined in RFC 5280
+ */
+static const unsigned char P11_OID_CODE_SIGNING[] =
+ { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03 };
+
+/*
+ * 1.3.6.1.5.5.7.3.4: Email Protection
+ *
+ * Defined in RFC 5280
+ */
+static const unsigned char P11_OID_EMAIL_PROTECTION[] =
+ { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04 };
+
+/*
+ * 1.3.6.1.5.5.7.3.5: IPSec End System
+ *
+ * Defined in RFC 2459
+ */
+static const unsigned char P11_OID_IPSEC_END_SYSTEM[] =
+ { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x05 };
+
+/*
+ * 1.3.6.1.5.5.7.3.6: IPSec Tunnel
+ *
+ * Defined in RFC 2459
+ */
+static const unsigned char P11_OID_IPSEC_TUNNEL[] =
+ { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x06 };
+
+/*
+ * 1.3.6.1.5.5.7.3.7: IPSec User
+ *
+ * Defined in RFC 2459
+ */
+static const unsigned char P11_OID_IPSEC_USER[] =
+ { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x07 };
+
+/*
+ * 1.3.6.1.5.5.7.3.8: Time Stamping
+ *
+ * Defined in RFC 2459
+ */
+static const unsigned char P11_OID_TIME_STAMPING[] =
+ { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08 };
+
+/*
+ * 1.3.6.1.4.1.3319.6.10.16: Reserved key purpose
+ *
+ * An internally defined reserved/dummy key purpose
+ *
+ * This is used with ExtendedKeyUsage certificate extensions to
+ * be a place holder when no other purposes are defined.
+ *
+ * In theory such a certificate should be blacklisted. But in reality
+ * OpenSSL supports such empty sets of purposes. RFC 5280 requires at
+ * least one purpose in an ExtendedKeyUsage.
+ *
+ * This purpose should never be used or checked.
+ */
+static const unsigned char P11_OID_RESERVED_PURPOSE[] =
+ { 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x10 };
+static const char P11_OID_RESERVED_PURPOSE_STR[] =
+ "1.3.6.1.4.1.3319.6.10.16";
+
+#endif
diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
index ac2ab38..94c6556 100644
--- a/common/tests/Makefile.am
+++ b/common/tests/Makefile.am
@@ -36,12 +36,14 @@ LDADD += \
CHECK_PROGS += \
test-checksum \
test-pem \
+ test-oid \
$(NULL)
noinst_PROGRAMS += \
frob-ku \
frob-eku \
frob-cert \
+ frob-oid \
$(NULL)
endif # WITH_ASN1
diff --git a/common/tests/frob-ku.c b/common/tests/frob-ku.c
index c0abd88..00d45c6 100644
--- a/common/tests/frob-ku.c
+++ b/common/tests/frob-ku.c
@@ -35,6 +35,8 @@
#include "config.h"
#include "compat.h"
+#include "oid.h"
+
#include <libtasn1.h>
#include <assert.h>
@@ -50,18 +52,6 @@
exit (1); \
} } while (0)
-enum {
- KU_DIGITAL_SIGNATURE = 128,
- KU_NON_REPUDIATION = 64,
- KU_KEY_ENCIPHERMENT = 32,
- KU_DATA_ENCIPHERMENT = 16,
- KU_KEY_AGREEMENT = 8,
- KU_KEY_CERT_SIGN = 4,
- KU_CRL_SIGN = 2,
- KU_ENCIPHER_ONLY = 1,
- KU_DECIPHER_ONLY = 32768,
-};
-
int
main (int argc,
char *argv[])
@@ -78,19 +68,19 @@ main (int argc,
for (i = 1; i < argc; i++) {
if (strcmp (argv[i], "digital-signature") == 0)
- usage |= KU_DIGITAL_SIGNATURE;
+ usage |= P11_KU_DIGITAL_SIGNATURE;
else if (strcmp (argv[i], "non-repudiation") == 0)
- usage |= KU_NON_REPUDIATION;
+ usage |= P11_KU_NON_REPUDIATION;
else if (strcmp (argv[i], "key-encipherment") == 0)
- usage |= KU_KEY_ENCIPHERMENT;
+ usage |= P11_KU_KEY_ENCIPHERMENT;
else if (strcmp (argv[i], "data-encipherment") == 0)
- usage |= KU_DATA_ENCIPHERMENT;
+ usage |= P11_KU_DATA_ENCIPHERMENT;
else if (strcmp (argv[i], "key-agreement") == 0)
- usage |= KU_KEY_AGREEMENT;
+ usage |= P11_KU_KEY_AGREEMENT;
else if (strcmp (argv[i], "key-cert-sign") == 0)
- usage |= KU_KEY_CERT_SIGN;
+ usage |= P11_KU_KEY_CERT_SIGN;
else if (strcmp (argv[i], "crl-sign") == 0)
- usage |= KU_CRL_SIGN;
+ usage |= P11_KU_CRL_SIGN;
else {
fprintf (stderr, "unsupported or unknown key usage: %s\n", argv[i]);
return 2;
diff --git a/common/tests/frob-oid.c b/common/tests/frob-oid.c
new file mode 100644
index 0000000..b4c7658
--- /dev/null
+++ b/common/tests/frob-oid.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2012 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@gnome.org>
+ */
+
+#include "config.h"
+#include "compat.h"
+
+#include <libtasn1.h>
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "pkix.asn.h"
+
+#define err_if_fail(ret, msg) \
+ do { if ((ret) != ASN1_SUCCESS) { \
+ fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
+ exit (1); \
+ } } while (0)
+int
+main (int argc,
+ char *argv[])
+{
+ char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
+ node_asn *definitions = NULL;
+ node_asn *oid = NULL;
+ char *buf;
+ int len;
+ int ret;
+
+ if (argc != 2) {
+ fprintf (stderr, "usage: frob-oid 1.1.1\n");
+ return 2;
+ }
+
+ ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
+ if (ret != ASN1_SUCCESS) {
+ fprintf (stderr, "definitions: %s\n", message);
+ return 1;
+ }
+
+ /* AttributeType is a OBJECT IDENTIFIER */
+ ret = asn1_create_element (definitions, "PKIX1.AttributeType", &oid);
+ err_if_fail (ret, "AttributeType");
+
+ ret = asn1_write_value (oid, "", argv[1], strlen (argv[1]));
+ err_if_fail (ret, "asn1_write_value");
+
+ len = 0;
+ ret = asn1_der_coding (oid, "", NULL, &len, message);
+ assert (ret == ASN1_MEM_ERROR);
+
+ buf = malloc (len);
+ assert (buf != NULL);
+ ret = asn1_der_coding (oid, "", buf, &len, message);
+ if (ret != ASN1_SUCCESS) {
+ fprintf (stderr, "asn1_der_coding: %s\n", message);
+ return 1;
+ }
+
+ fwrite (buf, 1, len, stdout);
+ fflush (stdout);
+
+ asn1_delete_structure (&oid);
+ asn1_delete_structure (&definitions);
+
+ return 0;
+}
diff --git a/common/tests/test-oid.c b/common/tests/test-oid.c
new file mode 100644
index 0000000..616512b
--- /dev/null
+++ b/common/tests/test-oid.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2012 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@gnome.org>
+ */
+
+#include "config.h"
+#include "CuTest.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "debug.h"
+#include "oid.h"
+
+#include <libtasn1.h>
+
+#include "pkix.asn.h"
+
+static void
+test_known_oids (CuTest *cu)
+{
+ char buffer[128];
+ node_asn *definitions = NULL;
+ node_asn *node;
+ int ret;
+ int len;
+ int i;
+
+ struct {
+ const unsigned char *oid;
+ size_t length;
+ const char *string;
+ } known_oids[] = {
+ { P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER), "2.5.29.14", },
+ { P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE), "2.5.29.15", },
+ { P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS), "2.5.29.19" },
+ { P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE), "2.5.29.37" },
+ { P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT), "1.3.6.1.4.1.3319.6.10.1" },
+ { P11_OID_SERVER_AUTH, sizeof (P11_OID_SERVER_AUTH), "1.3.6.1.5.5.7.3.1", },
+ { P11_OID_CLIENT_AUTH, sizeof (P11_OID_CLIENT_AUTH), "1.3.6.1.5.5.7.3.2", },
+ { P11_OID_CODE_SIGNING, sizeof (P11_OID_CODE_SIGNING), "1.3.6.1.5.5.7.3.3", },
+ { P11_OID_EMAIL_PROTECTION, sizeof (P11_OID_EMAIL_PROTECTION), "1.3.6.1.5.5.7.3.4", },
+ { P11_OID_IPSEC_END_SYSTEM, sizeof (P11_OID_IPSEC_END_SYSTEM), "1.3.6.1.5.5.7.3.5", },
+ { P11_OID_IPSEC_TUNNEL, sizeof (P11_OID_IPSEC_TUNNEL), "1.3.6.1.5.5.7.3.6", },
+ { P11_OID_IPSEC_USER, sizeof (P11_OID_IPSEC_USER), "1.3.6.1.5.5.7.3.7" },
+ { P11_OID_TIME_STAMPING, sizeof (P11_OID_TIME_STAMPING), "1.3.6.1.5.5.7.3.8" },
+ { P11_OID_RESERVED_PURPOSE, sizeof (P11_OID_RESERVED_PURPOSE), "1.3.6.1.4.1.3319.6.10.16" },
+ { NULL },
+ };
+
+ ret = asn1_array2tree (pkix_asn1_tab, &definitions, NULL);
+ CuAssertTrue (cu, ret == ASN1_SUCCESS);
+
+ for (i = 0; known_oids[i].oid != NULL; i++) {
+
+ CuAssertTrue (cu, p11_oid_simple (known_oids[i].oid, known_oids[i].length));
+ CuAssertIntEquals (cu, known_oids[i].length, p11_oid_length (known_oids[i].oid));
+ CuAssertTrue (cu, p11_oid_equal (known_oids[i].oid, known_oids[i].oid));
+
+ if (i > 0)
+ CuAssertTrue (cu, !p11_oid_equal (known_oids[i].oid, known_oids[i - 1].oid));
+
+ /* AttributeType is a OBJECT IDENTIFIER */
+ ret = asn1_create_element (definitions, "PKIX1.AttributeType", &node);
+ CuAssertTrue (cu, ret == ASN1_SUCCESS);
+
+ ret = asn1_der_decoding (&node, known_oids[i].oid, known_oids[i].length, NULL);
+ CuAssertTrue (cu, ret == ASN1_SUCCESS);
+
+ len = sizeof (buffer);
+ ret = asn1_read_value (node, "", buffer, &len);
+ CuAssertTrue (cu, ret == ASN1_SUCCESS);
+
+ CuAssertStrEquals (cu, known_oids[i].string, buffer);
+
+ asn1_delete_structure (&node);
+ }
+
+ asn1_delete_structure (&definitions);
+}
+
+int
+main (void)
+{
+ CuString *output = CuStringNew ();
+ CuSuite* suite = CuSuiteNew ();
+ int ret;
+
+ setenv ("P11_KIT_STRICT", "1", 1);
+ p11_debug_init ();
+
+ SUITE_ADD_TEST (suite, test_known_oids);
+
+ CuSuiteRun (suite);
+ CuSuiteSummary (suite, output);
+ CuSuiteDetails (suite, output);
+ printf ("%s\n", output->buffer);
+ ret = suite->failCount;
+ CuSuiteDelete (suite);
+ CuStringDelete (output);
+
+ return ret;
+}