search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Added functions to export structures in an allocated buffer.
[gnutls.git] / lib / x509 / dn.c
blob9c6096193de9cf662b88cb827ac78bcf49f0f267
1 /*
2 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #include <gnutls_int.h>
24 #include <libtasn1.h>
25 #include <gnutls_datum.h>
26 #include <gnutls_global.h>
27 #include <gnutls_errors.h>
28 #include <gnutls_str.h>
29 #include <common.h>
30 #include <gnutls_num.h>
31
32 /* This file includes all the required to parse an X.509 Distriguished
33 * Name (you need a parser just to read a name in the X.509 protoocols!!!)
34 */
35
36 /* Escapes a string following the rules from RFC4514.
37 */
38 static char *
39 str_escape (char *str, char *buffer, unsigned int buffer_size)
40 {
41 int str_length, j, i;
42
43 if (str == NULL || buffer == NULL)
44 return NULL;
45
46 str_length = MIN (strlen (str), buffer_size - 1);
47
48 for (i = j = 0; i < str_length; i++)
49 {
50 if (str[i] == ',' || str[i] == '+' || str[i] == '"'
51 || str[i] == '\\' || str[i] == '<' || str[i] == '>'
52 || str[i] == ';')
53 buffer[j++] = '\\';
54
55 buffer[j++] = str[i];
56 }
57
58 /* null terminate the string */
59 buffer[j] = 0;
60
61 return buffer;
62 }
63
64 /* Parses an X509 DN in the asn1_struct, and puts the output into
65 * the string buf. The output is an LDAP encoded DN.
66 *
67 * asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence".
68 * That is to point in the rndSequence.
69 */
70 int
71 _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
72 const char *asn1_rdn_name, char *buf,
73 size_t * sizeof_buf)
74 {
75 gnutls_buffer_st out_str;
76 int k2, k1, result;
77 char tmpbuffer1[ASN1_MAX_NAME_SIZE];
78 char tmpbuffer2[ASN1_MAX_NAME_SIZE];
79 char tmpbuffer3[ASN1_MAX_NAME_SIZE];
80 uint8_t value[MAX_STRING_LEN], *value2 = NULL;
81 char *escaped = NULL;
82 const char *ldap_desc;
83 char oid[MAX_OID_SIZE];
84 int len, printable;
85 char *string = NULL;
86 size_t sizeof_string, sizeof_escaped;
87
88 if (sizeof_buf == NULL)
89 {
90 gnutls_assert ();
91 return GNUTLS_E_INVALID_REQUEST;
92 }
93
94 if (*sizeof_buf > 0 && buf)
95 buf[0] = 0;
96 else
97 *sizeof_buf = 0;
98
99 _gnutls_buffer_init (&out_str);
100
101 k1 = 0;
102 do
103 {
104
105 k1++;
106 /* create a string like "tbsCertList.issuer.rdnSequence.?1"
107 */
108 if (asn1_rdn_name[0] != 0)
109 snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
110 k1);
111 else
112 snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
113
114 len = sizeof (value) - 1;
115 result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
116
117 if (result == ASN1_ELEMENT_NOT_FOUND)
118 {
119 break;
120 }
121
122 if (result != ASN1_VALUE_NOT_FOUND)
123 {
124 gnutls_assert ();
125 result = _gnutls_asn2err (result);
126 goto cleanup;
127 }
128
129 k2 = 0;
130
131 do
132 { /* Move to the attibute type and values
133 */
134 k2++;
135
136 if (tmpbuffer1[0] != 0)
137 snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
138 k2);
139 else
140 snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
141
142 /* Try to read the RelativeDistinguishedName attributes.
143 */
144
145 len = sizeof (value) - 1;
146 result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
147
148 if (result == ASN1_ELEMENT_NOT_FOUND)
149 break;
150 if (result != ASN1_VALUE_NOT_FOUND)
151 {
152 gnutls_assert ();
153 result = _gnutls_asn2err (result);
154 goto cleanup;
155 }
156
157 /* Read the OID
158 */
159 _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
160 _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
161
162 len = sizeof (oid) - 1;
163 result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
164
165 if (result == ASN1_ELEMENT_NOT_FOUND)
166 break;
167 else if (result != ASN1_SUCCESS)
168 {
169 gnutls_assert ();
170 result = _gnutls_asn2err (result);
171 goto cleanup;
172 }
173
174 /* Read the Value
175 */
176 _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
177 _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
178
179 len = 0;
180 result = asn1_read_value (asn1_struct, tmpbuffer3, NULL, &len);
181 if (result != ASN1_MEM_ERROR)
182 {
183 gnutls_assert ();
184 result = _gnutls_asn2err (result);
185 goto cleanup;
186 }
187
188 value2 = gnutls_malloc (len);
189 if (value2 == NULL)
190 {
191 gnutls_assert ();
192 result = GNUTLS_E_MEMORY_ERROR;
193 goto cleanup;
194 }
195
196 result = asn1_read_value (asn1_struct, tmpbuffer3, value2, &len);
197
198 if (result != ASN1_SUCCESS)
199 {
200 gnutls_assert ();
201 result = _gnutls_asn2err (result);
202 goto cleanup;
203 }
204 #define STR_APPEND(y) if ((result=_gnutls_buffer_append_str( &out_str, y)) < 0) { \
205 gnutls_assert(); \
206 goto cleanup; \
207 }
208 /* The encodings of adjoining RelativeDistinguishedNames are separated
209 * by a comma character (',' ASCII 44).
210 */
211
212 /* Where there is a multi-valued RDN, the outputs from adjoining
213 * AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
214 * character.
215 */
216 if (k1 != 1)
217 { /* the first time do not append a comma */
218 if (k2 != 1)
219 { /* adjoining multi-value RDN */
220 STR_APPEND ("+");
221 }
222 else
223 {
224 STR_APPEND (",");
225 }
226 }
227
228 ldap_desc = gnutls_x509_dn_oid_name (oid, GNUTLS_X509_DN_OID_RETURN_OID);
229 printable = _gnutls_x509_oid_data_printable (oid);
230
231 /* leading #, hex encoded value and terminating NULL */
232 sizeof_escaped = 2 * len + 2;
233
234 escaped = gnutls_malloc (sizeof_escaped);
235 if (escaped == NULL)
236 {
237 gnutls_assert ();
238 result = GNUTLS_E_MEMORY_ERROR;
239 goto cleanup;
240 }
241
242 sizeof_string = 2 * len + 2; /* in case it is not printable */
243
244 string = gnutls_malloc (sizeof_string);
245 if (string == NULL)
246 {
247 gnutls_assert ();
248 result = GNUTLS_E_MEMORY_ERROR;
249 goto cleanup;
250 }
251
252 STR_APPEND (ldap_desc);
253 STR_APPEND ("=");
254 result = 0;
255
256 if (printable)
257 result =
258 _gnutls_x509_oid_data2string (oid,
259 value2, len,
260 string, &sizeof_string);
261
262 if (!printable || result < 0)
263 result =
264 _gnutls_x509_data2hex (value2, len, string, &sizeof_string);
265
266 if (result < 0)
267 {
268 gnutls_assert ();
269 _gnutls_debug_log
270 ("Found OID: '%s' with value '%s'\n",
271 oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped,
272 NULL));
273 goto cleanup;
274 }
275 STR_APPEND (str_escape (string, escaped, sizeof_escaped));
276 gnutls_free (string);
277 string = NULL;
278
279 gnutls_free (escaped);
280 escaped = NULL;
281 gnutls_free (value2);
282 value2 = NULL;
283
284 }
285 while (1);
286
287 }
288 while (1);
289
290 if (out_str.length >= (unsigned int) *sizeof_buf)
291 {
292 gnutls_assert ();
293 *sizeof_buf = out_str.length + 1;
294 result = GNUTLS_E_SHORT_MEMORY_BUFFER;
295 goto cleanup;
296 }
297
298 if (buf)
299 {
300 _gnutls_buffer_pop_data (&out_str, buf, sizeof_buf);
301 buf[*sizeof_buf] = 0;
302 }
303 else
304 *sizeof_buf = out_str.length;
305
306 result = 0;
307
308 cleanup:
309 gnutls_free (value2);
310 gnutls_free (string);
311 gnutls_free (escaped);
312 _gnutls_buffer_clear (&out_str);
313 return result;
314 }
315
316 /* Parses an X509 DN in the asn1_struct, and searches for the
317 * given OID in the DN.
318 *
319 * If raw_flag == 0, the output will be encoded in the LDAP way. (#hex for non printable)
320 * Otherwise the raw DER data are returned.
321 *
322 * asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence".
323 * That is to point in the rndSequence.
324 *
325 * indx specifies which OID to return. Ie 0 means return the first specified
326 * OID found, 1 the second etc.
327 */
328 int
329 _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
330 const char *asn1_rdn_name,
331 const char *given_oid, int indx,
332 unsigned int raw_flag,
333 void *buf, size_t * sizeof_buf)
334 {
335 int k2, k1, result;
336 char tmpbuffer1[ASN1_MAX_NAME_SIZE];
337 char tmpbuffer2[ASN1_MAX_NAME_SIZE];
338 char tmpbuffer3[ASN1_MAX_NAME_SIZE];
339 uint8_t value[256];
340 char oid[MAX_OID_SIZE];
341 int len, printable;
342 int i = 0;
343 char *cbuf = buf;
344
345 if (cbuf == NULL)
346 *sizeof_buf = 0;
347 else
348 cbuf[0] = 0;
349
350 k1 = 0;
351 do
352 {
353
354 k1++;
355 /* create a string like "tbsCertList.issuer.rdnSequence.?1"
356 */
357 if (asn1_rdn_name[0] != 0)
358 snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
359 k1);
360 else
361 snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
362
363 len = sizeof (value) - 1;
364 result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
365
366 if (result == ASN1_ELEMENT_NOT_FOUND)
367 {
368 gnutls_assert ();
369 break;
370 }
371
372 if (result != ASN1_VALUE_NOT_FOUND)
373 {
374 gnutls_assert ();
375 result = _gnutls_asn2err (result);
376 goto cleanup;
377 }
378
379 k2 = 0;
380
381 do
382 { /* Move to the attibute type and values
383 */
384 k2++;
385
386 if (tmpbuffer1[0] != 0)
387 snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
388 k2);
389 else
390 snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
391
392 /* Try to read the RelativeDistinguishedName attributes.
393 */
394
395 len = sizeof (value) - 1;
396 result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
397
398 if (result == ASN1_ELEMENT_NOT_FOUND)
399 {
400 break;
401 }
402 if (result != ASN1_VALUE_NOT_FOUND)
403 {
404 gnutls_assert ();
405 result = _gnutls_asn2err (result);
406 goto cleanup;
407 }
408
409 /* Read the OID
410 */
411 _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
412 _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
413
414 len = sizeof (oid) - 1;
415 result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
416
417 if (result == ASN1_ELEMENT_NOT_FOUND)
418 break;
419 else if (result != ASN1_SUCCESS)
420 {
421 gnutls_assert ();
422 result = _gnutls_asn2err (result);
423 goto cleanup;
424 }
425
426 if (strcmp (oid, given_oid) == 0 && indx == i++)
427 { /* Found the OID */
428
429 /* Read the Value
430 */
431 _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
432 _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
433
434 len = *sizeof_buf;
435 result = asn1_read_value (asn1_struct, tmpbuffer3, buf, &len);
436
437 if (result != ASN1_SUCCESS)
438 {
439 gnutls_assert ();
440 if (result == ASN1_MEM_ERROR)
441 *sizeof_buf = len;
442 result = _gnutls_asn2err (result);
443 goto cleanup;
444 }
445
446 if (raw_flag != 0)
447 {
448 if ((unsigned) len > *sizeof_buf)
449 {
450 *sizeof_buf = len;
451 result = GNUTLS_E_SHORT_MEMORY_BUFFER;
452 goto cleanup;
453 }
454 *sizeof_buf = len;
455
456 return 0;
457
458 }
459 else
460 { /* parse data. raw_flag == 0 */
461 printable = _gnutls_x509_oid_data_printable (oid);
462
463 if (printable == 1)
464 result =
465 _gnutls_x509_oid_data2string (oid, buf, len,
466 cbuf, sizeof_buf);
467 else
468 result =
469 _gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf);
470
471 if (result < 0)
472 {
473 gnutls_assert ();
474 goto cleanup;
475 }
476
477 return 0;
478
479 } /* raw_flag == 0 */
480 }
481 }
482 while (1);
483
484 }
485 while (1);
486
487 gnutls_assert ();
488
489 result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
490
491 cleanup:
492 return result;
493 }
494
495
496 /* Parses an X509 DN in the asn1_struct, and returns the requested
497 * DN OID.
498 *
499 * asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence".
500 * That is to point in the rndSequence.
501 *
502 * indx specifies which OID to return. Ie 0 means return the first specified
503 * OID found, 1 the second etc.
504 */
505 int
506 _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
507 const char *asn1_rdn_name,
508 int indx, void *_oid, size_t * sizeof_oid)
509 {
510 int k2, k1, result;
511 char tmpbuffer1[ASN1_MAX_NAME_SIZE];
512 char tmpbuffer2[ASN1_MAX_NAME_SIZE];
513 char tmpbuffer3[ASN1_MAX_NAME_SIZE];
514 char value[256];
515 char oid[MAX_OID_SIZE];
516 int len;
517 int i = 0;
518
519 k1 = 0;
520 do
521 {
522
523 k1++;
524 /* create a string like "tbsCertList.issuer.rdnSequence.?1"
525 */
526 if (asn1_rdn_name[0] != 0)
527 snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
528 k1);
529 else
530 snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
531
532 len = sizeof (value) - 1;
533 result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
534
535 if (result == ASN1_ELEMENT_NOT_FOUND)
536 {
537 gnutls_assert ();
538 break;
539 }
540
541 if (result != ASN1_VALUE_NOT_FOUND)
542 {
543 gnutls_assert ();
544 result = _gnutls_asn2err (result);
545 goto cleanup;
546 }
547
548 k2 = 0;
549
550 do
551 { /* Move to the attibute type and values
552 */
553 k2++;
554
555 if (tmpbuffer1[0] != 0)
556 snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
557 k2);
558 else
559 snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
560
561 /* Try to read the RelativeDistinguishedName attributes.
562 */
563
564 len = sizeof (value) - 1;
565 result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
566
567 if (result == ASN1_ELEMENT_NOT_FOUND)
568 {
569 break;
570 }
571 if (result != ASN1_VALUE_NOT_FOUND)
572 {
573 gnutls_assert ();
574 result = _gnutls_asn2err (result);
575 goto cleanup;
576 }
577
578 /* Read the OID
579 */
580 _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
581 _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
582
583 len = sizeof (oid) - 1;
584 result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
585
586 if (result == ASN1_ELEMENT_NOT_FOUND)
587 break;
588 else if (result != ASN1_SUCCESS)
589 {
590 gnutls_assert ();
591 result = _gnutls_asn2err (result);
592 goto cleanup;
593 }
594
595 if (indx == i++)
596 { /* Found the OID */
597
598 len = strlen (oid) + 1;
599
600 if (*sizeof_oid < (unsigned) len)
601 {
602 *sizeof_oid = len;
603 gnutls_assert ();
604 return GNUTLS_E_SHORT_MEMORY_BUFFER;
605 }
606
607 memcpy (_oid, oid, len);
608 *sizeof_oid = len - 1;
609
610 return 0;
611 }
612 }
613 while (1);
614
615 }
616 while (1);
617
618 gnutls_assert ();
619
620 result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
621
622 cleanup:
623 return result;
624 }
625
626 /* This will encode and write the AttributeTypeAndValue field.
627 * 'multi' must be (0) if writing an AttributeTypeAndValue, and 1 if Attribute.
628 * In all cases only one value is written.
629 */
630 int
631 _gnutls_x509_encode_and_write_attribute (const char *given_oid,
632 ASN1_TYPE asn1_struct,
633 const char *where,
634 const void *_data,
635 int sizeof_data, int multi)
636 {
637 const char *val_name;
638 const uint8_t *data = _data;
639 char tmp[128];
640 ASN1_TYPE c2;
641 int result;
642
643
644 /* Find how to encode the data.
645 */
646 val_name = _gnutls_x509_oid2asn_string (given_oid);
647 if (val_name == NULL)
648 {
649 gnutls_assert ();
650 _gnutls_debug_log ("Cannot find OID: %s\n", given_oid);
651 return GNUTLS_E_X509_UNSUPPORTED_OID;
652 }
653
654 result = asn1_create_element (_gnutls_get_pkix (), val_name, &c2);
655 if (result != ASN1_SUCCESS)
656 {
657 gnutls_assert ();
658 return _gnutls_asn2err (result);
659 }
660
661 tmp[0] = 0;
662
663 if ((result = _gnutls_x509_oid_data_choice (given_oid)) > 0)
664 {
665 const char *string_type;
666 int i;
667
668 string_type = "printableString";
669
670 /* Check if the data is plain ascii, and use
671 * the UTF8 string type if not.
672 */
673 for (i = 0; i < sizeof_data; i++)
674 {
675 if (!isascii (data[i]))
676 {
677 string_type = "utf8String";
678 break;
679 }
680 }
681
682 /* if the type is a CHOICE then write the
683 * type we'll use.
684 */
685 result = asn1_write_value (c2, "", string_type, 1);
686 if (result != ASN1_SUCCESS)
687 {
688 gnutls_assert ();
689 result = _gnutls_asn2err (result);
690 goto error;
691 }
692
693 _gnutls_str_cpy (tmp, sizeof (tmp), string_type);
694 }
695
696 result = asn1_write_value (c2, tmp, data, sizeof_data);
697 if (result != ASN1_SUCCESS)
698 {
699 gnutls_assert ();
700 result = _gnutls_asn2err (result);
701 goto error;
702 }
703
704
705 /* write the data (value)
706 */
707
708 _gnutls_str_cpy (tmp, sizeof (tmp), where);
709 _gnutls_str_cat (tmp, sizeof (tmp), ".value");
710
711 if (multi != 0)
712 { /* if not writing an AttributeTypeAndValue, but an Attribute */
713 _gnutls_str_cat (tmp, sizeof (tmp), "s"); /* values */
714
715 result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
716 if (result != ASN1_SUCCESS)
717 {
718 gnutls_assert ();
719 result = _gnutls_asn2err (result);
720 goto error;
721 }
722
723 _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
724
725 }
726
727 result = _gnutls_x509_der_encode_and_copy (c2, "", asn1_struct, tmp, 0);
728 if (result < 0)
729 {
730 gnutls_assert ();
731 result = _gnutls_asn2err (result);
732 goto error;
733 }
734
735 /* write the type
736 */
737 _gnutls_str_cpy (tmp, sizeof (tmp), where);
738 _gnutls_str_cat (tmp, sizeof (tmp), ".type");
739
740 result = asn1_write_value (asn1_struct, tmp, given_oid, 1);
741 if (result != ASN1_SUCCESS)
742 {
743 gnutls_assert ();
744 result = _gnutls_asn2err (result);
745 goto error;
746 }
747
748 result = 0;
749
750 error:
751 asn1_delete_structure (&c2);
752 return result;
753 }
754
755 /* This will write the AttributeTypeAndValue field. The data must be already DER encoded.
756 * 'multi' must be (0) if writing an AttributeTypeAndValue, and 1 if Attribute.
757 * In all cases only one value is written.
758 */
759 static int
760 _gnutls_x509_write_attribute (const char *given_oid,
761 ASN1_TYPE asn1_struct, const char *where,
762 const void *_data, int sizeof_data)
763 {
764 char tmp[128];
765 int result;
766
767 /* write the data (value)
768 */
769
770 _gnutls_str_cpy (tmp, sizeof (tmp), where);
771 _gnutls_str_cat (tmp, sizeof (tmp), ".value");
772
773 result = asn1_write_value (asn1_struct, tmp, _data, sizeof_data);
774 if (result < 0)
775 {
776 gnutls_assert ();
777 return _gnutls_asn2err (result);
778 }
779
780 /* write the type
781 */
782 _gnutls_str_cpy (tmp, sizeof (tmp), where);
783 _gnutls_str_cat (tmp, sizeof (tmp), ".type");
784
785 result = asn1_write_value (asn1_struct, tmp, given_oid, 1);
786 if (result != ASN1_SUCCESS)
787 {
788 gnutls_assert ();
789 return _gnutls_asn2err (result);
790 }
791
792 return 0;
793 }
794
795
796 /* Decodes an X.509 Attribute (if multi==1) or an AttributeTypeAndValue
797 * otherwise.
798 *
799 * octet_string should be non (0) if we are to decode octet strings after
800 * decoding.
801 *
802 * The output is allocated and stored in value.
803 */
804 int
805 _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
806 const char *where, char *oid,
807 int oid_size, gnutls_datum_t * value,
808 int multi, int octet_string)
809 {
810 char tmpbuffer[128];
811 int len, result;
812
813 /* Read the OID
814 */
815 _gnutls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
816 _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type");
817
818 len = oid_size - 1;
819 result = asn1_read_value (asn1_struct, tmpbuffer, oid, &len);
820
821 if (result != ASN1_SUCCESS)
822 {
823 gnutls_assert ();
824 result = _gnutls_asn2err (result);
825 return result;
826 }
827
828 /* Read the Value
829 */
830
831 _gnutls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
832 _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value");
833
834 if (multi)
835 _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */
836
837 result =
838 _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string);
839 if (result < 0)
840 {
841 gnutls_assert ();
842 return result;
843 }
844
845 return 0;
846
847 }
848
849 /* Sets an X509 DN in the asn1_struct, and puts the given OID in the DN.
850 * The input is assumed to be raw data.
851 *
852 * asn1_rdn_name must be a string in the form "tbsCertificate.issuer".
853 * That is to point before the rndSequence.
854 *
855 */
856 int
857 _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
858 const char *asn1_name, const char *given_oid,
859 int raw_flag, const char *name, int sizeof_name)
860 {
861 int result;
862 char tmp[ASN1_MAX_NAME_SIZE], asn1_rdn_name[ASN1_MAX_NAME_SIZE];
863
864 if (sizeof_name == 0 || name == NULL)
865 {
866 gnutls_assert ();
867 return GNUTLS_E_INVALID_REQUEST;
868 }
869
870 /* create the rdnSequence
871 */
872 result = asn1_write_value (asn1_struct, asn1_name, "rdnSequence", 1);
873 if (result != ASN1_SUCCESS)
874 {
875 gnutls_assert ();
876 return _gnutls_asn2err (result);
877 }
878
879 _gnutls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name);
880 _gnutls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence");
881
882 /* create a new element
883 */
884 result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1);
885 if (result != ASN1_SUCCESS)
886 {
887 gnutls_assert ();
888 return _gnutls_asn2err (result);
889 }
890
891 _gnutls_str_cpy (tmp, sizeof (tmp), asn1_rdn_name);
892 _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
893
894 /* create the set with only one element
895 */
896 result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
897 if (result != ASN1_SUCCESS)
898 {
899 gnutls_assert ();
900 return _gnutls_asn2err (result);
901 }
902
903
904 /* Encode and write the data
905 */
906 _gnutls_str_cpy (tmp, sizeof (tmp), asn1_rdn_name);
907 _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST.?LAST");
908
909 if (!raw_flag)
910 {
911 result =
912 _gnutls_x509_encode_and_write_attribute (given_oid,
913 asn1_struct,
914 tmp, name, sizeof_name, 0);
915 }
916 else
917 {
918 result =
919 _gnutls_x509_write_attribute (given_oid, asn1_struct,
920 tmp, name, sizeof_name);
921 }
922
923 if (result < 0)
924 {
925 gnutls_assert ();
926 return result;
927 }
928
929 return 0;
930 }
931
932 /**
933 * gnutls_x509_dn_init:
934 * @dn: the object to be initialized
935 *
936 * This function initializes a #gnutls_x509_dn_t structure.
937 *
938 * The object returned must be deallocated using
939 * gnutls_x509_dn_deinit().
940 *
941 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
942 * negative error value.
943 *
944 * Since: 2.4.0
945 **/
946 int
947 gnutls_x509_dn_init (gnutls_x509_dn_t * dn)
948 {
949 int result;
950 ASN1_TYPE tmpdn = ASN1_TYPE_EMPTY;
951
952 if ((result =
953 asn1_create_element (_gnutls_get_pkix (),
954 "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS)
955 {
956 gnutls_assert ();
957 return _gnutls_asn2err (result);
958 }
959
960 *dn = tmpdn;
961
962 return 0;
963 }
964
965 /**
966 * gnutls_x509_dn_import:
967 * @dn: the structure that will hold the imported DN
968 * @data: should contain a DER encoded RDN sequence
969 *
970 * This function parses an RDN sequence and stores the result to a
971 * #gnutls_x509_dn_t structure. The structure must have been initialized
972 * with gnutls_x509_dn_init(). You may use gnutls_x509_dn_get_rdn_ava() to
973 * decode the DN.
974 *
975 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
976 * negative error value.
977 *
978 * Since: 2.4.0
979 **/
980 int
981 gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data)
982 {
983 int result;
984 char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
985
986 result = asn1_der_decoding ((ASN1_TYPE *) & dn,
987 data->data, data->size, err);
988 if (result != ASN1_SUCCESS)
989 {
990 /* couldn't decode DER */
991 _gnutls_debug_log ("ASN.1 Decoding error: %s\n", err);
992 gnutls_assert ();
993 return _gnutls_asn2err (result);
994 }
995
996 return 0;
997 }
998
999 /**
1000 * gnutls_x509_dn_deinit:
1001 * @dn: a DN uint8_t object pointer.
1002 *
1003 * This function deallocates the DN object as returned by
1004 * gnutls_x509_dn_import().
1005 *
1006 * Since: 2.4.0
1007 **/
1008 void
1009 gnutls_x509_dn_deinit (gnutls_x509_dn_t dn)
1010 {
1011 asn1_delete_structure ((ASN1_TYPE *) & dn);
1012 }
1013
1014 /**
1015 * gnutls_x509_rdn_get:
1016 * @idn: should contain a DER encoded RDN sequence
1017 * @buf: a pointer to a structure to hold the peer's name
1018 * @sizeof_buf: holds the size of @buf
1019 *
1020 * This function will return the name of the given RDN sequence. The
1021 * name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in
1022 * RFC4514.
1023 *
1024 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or
1025 * %GNUTLS_E_SHORT_MEMORY_BUFFER is returned and *@sizeof_buf is
1026 * updated if the provided buffer is not long enough, otherwise a
1027 * negative error value.
1028 **/
1029 int
1030 gnutls_x509_rdn_get (const gnutls_datum_t * idn,
1031 char *buf, size_t * sizeof_buf)
1032 {
1033 int result;
1034 ASN1_TYPE dn = ASN1_TYPE_EMPTY;
1035
1036 if (sizeof_buf == 0)
1037 {
1038 gnutls_assert ();
1039 return GNUTLS_E_INVALID_REQUEST;
1040 }
1041
1042 if (buf)
1043 buf[0] = 0;
1044
1045
1046 if ((result =
1047 asn1_create_element (_gnutls_get_pkix (),
1048 "PKIX1.Name", &dn)) != ASN1_SUCCESS)
1049 {
1050 gnutls_assert ();
1051 return _gnutls_asn2err (result);
1052 }
1053
1054 result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
1055 if (result != ASN1_SUCCESS)
1056 {
1057 /* couldn't decode DER */
1058 gnutls_assert ();
1059 asn1_delete_structure (&dn);
1060 return _gnutls_asn2err (result);
1061 }
1062
1063 result = _gnutls_x509_parse_dn (dn, "rdnSequence", buf, sizeof_buf);
1064
1065 asn1_delete_structure (&dn);
1066 return result;
1067
1068 }
1069
1070 /**
1071 * gnutls_x509_rdn_get_by_oid:
1072 * @idn: should contain a DER encoded RDN sequence
1073 * @oid: an Object Identifier
1074 * @indx: In case multiple same OIDs exist in the RDN indicates which
1075 * to send. Use 0 for the first one.
1076 * @raw_flag: If non (0) then the raw DER data are returned.
1077 * @buf: a pointer to a structure to hold the peer's name
1078 * @sizeof_buf: holds the size of @buf
1079 *
1080 * This function will return the name of the given Object identifier,
1081 * of the RDN sequence. The name will be encoded using the rules
1082 * from RFC4514.
1083 *
1084 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or
1085 * %GNUTLS_E_SHORT_MEMORY_BUFFER is returned and *@sizeof_buf is
1086 * updated if the provided buffer is not long enough, otherwise a
1087 * negative error value.
1088 **/
1089 int
1090 gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid,
1091 int indx, unsigned int raw_flag,
1092 void *buf, size_t * sizeof_buf)
1093 {
1094 int result;
1095 ASN1_TYPE dn = ASN1_TYPE_EMPTY;
1096
1097 if (sizeof_buf == 0)
1098 {
1099 return GNUTLS_E_INVALID_REQUEST;
1100 }
1101
1102 if ((result =
1103 asn1_create_element (_gnutls_get_pkix (),
1104 "PKIX1.Name", &dn)) != ASN1_SUCCESS)
1105 {
1106 gnutls_assert ();
1107 return _gnutls_asn2err (result);
1108 }
1109
1110 result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
1111 if (result != ASN1_SUCCESS)
1112 {
1113 /* couldn't decode DER */
1114 gnutls_assert ();
1115 asn1_delete_structure (&dn);
1116 return _gnutls_asn2err (result);
1117 }
1118
1119 result =
1120 _gnutls_x509_parse_dn_oid (dn, "rdnSequence", oid, indx,
1121 raw_flag, buf, sizeof_buf);
1122
1123 asn1_delete_structure (&dn);
1124 return result;
1125
1126 }
1127
1128 /**
1129 * gnutls_x509_rdn_get_oid:
1130 * @idn: should contain a DER encoded RDN sequence
1131 * @indx: Indicates which OID to return. Use 0 for the first one.
1132 * @buf: a pointer to a structure to hold the peer's name OID
1133 * @sizeof_buf: holds the size of @buf
1134 *
1135 * This function will return the specified Object identifier, of the
1136 * RDN sequence.
1137 *
1138 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or
1139 * %GNUTLS_E_SHORT_MEMORY_BUFFER is returned and *@sizeof_buf is
1140 * updated if the provided buffer is not long enough, otherwise a
1141 * negative error value.
1142 *
1143 * Since: 2.4.0
1144 **/
1145 int
1146 gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
1147 int indx, void *buf, size_t * sizeof_buf)
1148 {
1149 int result;
1150 ASN1_TYPE dn = ASN1_TYPE_EMPTY;
1151
1152 if (sizeof_buf == 0)
1153 {
1154 return GNUTLS_E_INVALID_REQUEST;
1155 }
1156
1157 if ((result =
1158 asn1_create_element (_gnutls_get_pkix (),
1159 "PKIX1.Name", &dn)) != ASN1_SUCCESS)
1160 {
1161 gnutls_assert ();
1162 return _gnutls_asn2err (result);
1163 }
1164
1165 result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
1166 if (result != ASN1_SUCCESS)
1167 {
1168 /* couldn't decode DER */
1169 gnutls_assert ();
1170 asn1_delete_structure (&dn);
1171 return _gnutls_asn2err (result);
1172 }
1173
1174 result = _gnutls_x509_get_dn_oid (dn, "rdnSequence", indx, buf, sizeof_buf);
1175
1176 asn1_delete_structure (&dn);
1177 return result;
1178
1179 }
1180
1181 /*
1182 * Compares the DER encoded part of a DN.
1183 *
1184 * FIXME: use a real DN comparison algorithm.
1185 *
1186 * Returns 1 if the DN's match and (0) if they don't match. Otherwise
1187 * a negative error code is returned to indicate error.
1188 */
1189 int
1190 _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
1191 const gnutls_datum_t * dn2)
1192 {
1193
1194 if (dn1->size != dn2->size)
1195 {
1196 gnutls_assert ();
1197 return 0;
1198 }
1199 if (memcmp (dn1->data, dn2->data, dn2->size) != 0)
1200 {
1201 gnutls_assert ();
1202 return 0;
1203 }
1204 return 1; /* they match */
1205 }
1206
1207 /**
1208 * gnutls_x509_dn_export:
1209 * @dn: Holds the uint8_t DN object
1210 * @format: the format of output params. One of PEM or DER.
1211 * @output_data: will contain a DN PEM or DER encoded
1212 * @output_data_size: holds the size of output_data (and will be
1213 * replaced by the actual size of parameters)
1214 *
1215 * This function will export the DN to DER or PEM format.
1216 *
1217 * If the buffer provided is not long enough to hold the output, then
1218 * *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER
1219 * will be returned.
1220 *
1221 * If the structure is PEM encoded, it will have a header
1222 * of "BEGIN NAME".
1223 *
1224 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1225 * negative error value.
1226 **/
1227 int
1228 gnutls_x509_dn_export (gnutls_x509_dn_t dn,
1229 gnutls_x509_crt_fmt_t format, void *output_data,
1230 size_t * output_data_size)
1231 {
1232 ASN1_TYPE asn1 = dn;
1233
1234 if (asn1 == NULL)
1235 {
1236 gnutls_assert ();
1237 return GNUTLS_E_INVALID_REQUEST;
1238 }
1239
1240 return _gnutls_x509_export_int_named (asn1, "rdnSequence",
1241 format, "NAME",
1242 output_data, output_data_size);
1243 }
1244
1245 /**
1246 * gnutls_x509_dn_export2:
1247 * @dn: Holds the uint8_t DN object
1248 * @format: the format of output params. One of PEM or DER.
1249 * @out: will contain a DN PEM or DER encoded
1250 *
1251 * This function will export the DN to DER or PEM format.
1252 *
1253 * The output buffer is allocated using gnutls_malloc().
1254 *
1255 * If the structure is PEM encoded, it will have a header
1256 * of "BEGIN NAME".
1257 *
1258 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1259 * negative error value.
1260 **/
1261 int
1262 gnutls_x509_dn_export2 (gnutls_x509_dn_t dn,
1263 gnutls_x509_crt_fmt_t format, gnutls_datum_t *out)
1264 {
1265 ASN1_TYPE asn1 = dn;
1266
1267 if (asn1 == NULL)
1268 {
1269 gnutls_assert ();
1270 return GNUTLS_E_INVALID_REQUEST;
1271 }
1272
1273 return _gnutls_x509_export_int_named2 (asn1, "rdnSequence",
1274 format, "NAME", out);
1275 }
Implementation of the SSL/TLS protocol