diff options
Diffstat (limited to 'source4/heimdal/lib/asn1')
29 files changed, 501 insertions, 1151 deletions
diff --git a/source4/heimdal/lib/asn1/asn1_err.et b/source4/heimdal/lib/asn1/asn1_err.et index 26bda55c19..f1a653b1f9 100644 --- a/source4/heimdal/lib/asn1/asn1_err.et +++ b/source4/heimdal/lib/asn1/asn1_err.et @@ -22,4 +22,6 @@ error_code BAD_CHARACTER, "ASN.1 invalid character in string" error_code MIN_CONSTRAINT, "ASN.1 too few elements" error_code MAX_CONSTRAINT, "ASN.1 too many elements" error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements" +error_code INDEF_OVERRUN, "ASN.1 BER indefinte encoding overrun" +error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underun" end diff --git a/source4/heimdal/lib/asn1/asn1_gen.c b/source4/heimdal/lib/asn1/asn1_gen.c index e25f6d919e..925cc72cb4 100644 --- a/source4/heimdal/lib/asn1/asn1_gen.c +++ b/source4/heimdal/lib/asn1/asn1_gen.c @@ -119,24 +119,24 @@ doit(const char *fn) &sz); if (ret) errx(1, "der_put_length_and_tag: %d", ret); - + if (fwrite(p + sizeof(p) - sz , sz, 1, fout) != 1) err(1, "fwrite length/tag failed"); offset += sz; - + if (data) { size_t datalen; - + datalen = strlen(data) / 2; pdata = emalloc(sz); - + if (hex_decode(data, pdata, datalen) != datalen) errx(1, "failed to decode data"); - + if (fwrite(pdata, datalen, 1, fout) != 1) err(1, "fwrite data failed"); offset += datalen; - + free(pdata); } } diff --git a/source4/heimdal/lib/asn1/canthandle.asn1 b/source4/heimdal/lib/asn1/canthandle.asn1 index 5c2690f9b6..a335ee89e3 100644 --- a/source4/heimdal/lib/asn1/canthandle.asn1 +++ b/source4/heimdal/lib/asn1/canthandle.asn1 @@ -7,7 +7,7 @@ CANTHANDLE DEFINITIONS ::= BEGIN -- Code the tag [2] but it should be primitive since KAKA3 is -- Workaround: use the INTEGER type directly -Kaka2 ::= SEQUENCE { +Kaka2 ::= SEQUENCE { kaka2-1 [0] INTEGER } diff --git a/source4/heimdal/lib/asn1/CMS.asn1 b/source4/heimdal/lib/asn1/cms.asn1 index 65a467521d..1c13d5f387 100644 --- a/source4/heimdal/lib/asn1/CMS.asn1 +++ b/source4/heimdal/lib/asn1/cms.asn1 @@ -18,8 +18,8 @@ id-pkcs7-digestedData OBJECT IDENTIFIER ::= { id-pkcs7 5 } id-pkcs7-encryptedData OBJECT IDENTIFIER ::= { id-pkcs7 6 } CMSVersion ::= INTEGER { - CMSVersion_v0(0), - CMSVersion_v1(1), + CMSVersion_v0(0), + CMSVersion_v1(1), CMSVersion_v2(2), CMSVersion_v3(3), CMSVersion_v4(4) @@ -34,7 +34,7 @@ MessageDigest ::= OCTET STRING ContentInfo ::= SEQUENCE { contentType ContentType, - content [0] EXPLICIT heim_any OPTIONAL -- DEFINED BY contentType + content [0] EXPLICIT heim_any OPTIONAL -- DEFINED BY contentType } EncapsulatedContentInfo ::= SEQUENCE { @@ -53,7 +53,7 @@ IssuerAndSerialNumber ::= SEQUENCE { serialNumber CertificateSerialNumber } --- RecipientIdentifier is same as SignerIdentifier, +-- RecipientIdentifier is same as SignerIdentifier, -- lets glue them togheter and save some bytes and share code for them CMSIdentifier ::= CHOICE { @@ -67,7 +67,7 @@ RecipientIdentifier ::= CMSIdentifier --- CMSAttributes are the combined UnsignedAttributes and SignedAttributes --- to store space and share code -CMSAttributes ::= SET OF Attribute -- SIZE (1..MAX) +CMSAttributes ::= SET OF Attribute -- SIZE (1..MAX) SignatureValue ::= OCTET STRING @@ -79,7 +79,7 @@ SignerInfo ::= SEQUENCE { SET OF Attribute OPTIONAL, signatureAlgorithm SignatureAlgorithmIdentifier, signature SignatureValue, - unsignedAttrs [1] IMPLICIT -- CMSAttributes -- + unsignedAttrs [1] IMPLICIT -- CMSAttributes -- SET OF Attribute OPTIONAL } diff --git a/source4/heimdal/lib/asn1/cms.opt b/source4/heimdal/lib/asn1/cms.opt new file mode 100644 index 0000000000..bf7d396529 --- /dev/null +++ b/source4/heimdal/lib/asn1/cms.opt @@ -0,0 +1 @@ +--decode-dce-ber diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h index 3b6f30887c..5b24b917d8 100644 --- a/source4/heimdal/lib/asn1/der.h +++ b/source4/heimdal/lib/asn1/der.h @@ -52,7 +52,7 @@ typedef enum {PRIM = 0, CONS = 1} Der_type; enum { UT_EndOfContent = 0, UT_Boolean = 1, - UT_Integer = 2, + UT_Integer = 2, UT_BitString = 3, UT_OctetString = 4, UT_Null = 5, diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c index 8a70966413..8144639b9a 100644 --- a/source4/heimdal/lib/asn1/der_get.c +++ b/source4/heimdal/lib/asn1/der_get.c @@ -33,10 +33,6 @@ #include "der_locl.h" -RCSID("$Id$"); - -#include <version.h> - /* * All decoding functions take a pointer `p' to first position in * which to read, from the left, `len' which means the maximum number @@ -252,6 +248,75 @@ der_get_octet_string (const unsigned char *p, size_t len, } int +der_get_octet_string_ber (const unsigned char *p, size_t len, + heim_octet_string *data, size_t *size) +{ + int e; + Der_type type; + Der_class class; + unsigned int tag, depth = 0; + size_t l, datalen, oldlen = len; + + data->length = 0; + data->data = NULL; + + while (len) { + e = der_get_tag (p, len, &class, &type, &tag, &l); + if (e) goto out; + if (class != ASN1_C_UNIV) { + e = ASN1_BAD_ID; + goto out; + } + if (type == PRIM && tag == UT_EndOfContent) { + if (depth == 0) + break; + depth--; + } + if (tag != UT_OctetString) { + e = ASN1_BAD_ID; + goto out; + } + + p += l; + len -= l; + e = der_get_length (p, len, &datalen, &l); + if (e) goto out; + p += l; + len -= l; + + if (datalen > len) + return ASN1_OVERRUN; + + if (type == PRIM) { + void *ptr; + + ptr = realloc(data->data, data->length + datalen); + if (ptr == NULL) { + e = ENOMEM; + goto out; + } + data->data = ptr; + memcpy(((unsigned char *)data->data) + data->length, p, datalen); + data->length += datalen; + } else + depth++; + + p += datalen; + len -= datalen; + } + if (depth != 0) + return ASN1_INDEF_OVERRUN; + if(size) *size = oldlen - len; + return 0; + out: + free(data->data); + data->data = NULL; + data->length = 0; + return e; +} + + +int der_get_heim_integer (const unsigned char *p, size_t len, heim_integer *data, size_t *size) { @@ -397,7 +462,7 @@ der_get_oid (const unsigned char *p, size_t len, ++p; for (n = 2; len > 0; ++n) { unsigned u = 0, u1; - + do { --len; u1 = u * 128 + (*p++ % 128); @@ -457,15 +522,28 @@ der_match_tag (const unsigned char *p, size_t len, Der_class class, Der_type type, unsigned int tag, size_t *size) { + Der_type thistype; + int e; + + e = der_match_tag2(p, len, class, &thistype, tag, size); + if (e) return e; + if (thistype != type) return ASN1_BAD_ID; + return 0; +} + +int +der_match_tag2 (const unsigned char *p, size_t len, + Der_class class, Der_type *type, + unsigned int tag, size_t *size) +{ size_t l; Der_class thisclass; - Der_type thistype; unsigned int thistag; int e; - e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l); + e = der_get_tag (p, len, &thisclass, type, &thistag, &l); if (e) return e; - if (class != thisclass || type != thistype) + if (class != thisclass) return ASN1_BAD_ID; if(tag > thistag) return ASN1_MISPLACED_FIELD; @@ -477,26 +555,25 @@ der_match_tag (const unsigned char *p, size_t len, int der_match_tag_and_length (const unsigned char *p, size_t len, - Der_class class, Der_type type, unsigned int tag, + Der_class class, Der_type *type, unsigned int tag, size_t *length_ret, size_t *size) { size_t l, ret = 0; int e; - e = der_match_tag (p, len, class, type, tag, &l); + e = der_match_tag2 (p, len, class, type, tag, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_length (p, len, length_ret, &l); if (e) return e; - p += l; - len -= l; - ret += l; - if(size) *size = ret; + if(size) *size = ret + l; return 0; } + + /* * Old versions of DCE was based on a very early beta of the MIT code, * which used MAVROS for ASN.1 encoding. MAVROS had the interesting @@ -539,8 +616,11 @@ der_get_bit_string (const unsigned char *p, size_t len, data->data = malloc(len - 1); if (data->data == NULL && (len - 1) != 0) return ENOMEM; - memcpy (data->data, p + 1, len - 1); - data->length -= p[0]; + /* copy data is there is data to copy */ + if (len - 1 != 0) { + memcpy (data->data, p + 1, len - 1); + data->length -= p[0]; + } if(size) *size = len; return 0; } diff --git a/source4/heimdal/lib/asn1/der_locl.h b/source4/heimdal/lib/asn1/der_locl.h index f8a21de71c..1f27e72903 100644 --- a/source4/heimdal/lib/asn1/der_locl.h +++ b/source4/heimdal/lib/asn1/der_locl.h @@ -36,9 +36,9 @@ #ifndef __DER_LOCL_H__ #define __DER_LOCL_H__ -#ifdef HAVE_CONFIG_H + #include <config.h> -#endif + #include <assert.h> #include <stdio.h> #include <stdlib.h> diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c index 5afddb1d05..7e71443da5 100644 --- a/source4/heimdal/lib/asn1/der_put.c +++ b/source4/heimdal/lib/asn1/der_put.c @@ -384,7 +384,7 @@ der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type, } else { size_t ret = 0; unsigned int continuation = 0; - + do { if (len < 1) return ASN1_OVERFLOW; diff --git a/source4/heimdal/lib/asn1/digest.asn1 b/source4/heimdal/lib/asn1/digest.asn1 index 1cf58b4638..5ee5bd4a99 100644 --- a/source4/heimdal/lib/asn1/digest.asn1 +++ b/source4/heimdal/lib/asn1/digest.asn1 @@ -139,7 +139,7 @@ DigestREP ::= [APPLICATION 129] SEQUENCE { -- qop == auth -- A2 = Method ":" digest-uri-value -- qop == auth-int --- A2 = Method ":" digest-uri-value ":" H(entity-body) +-- A2 = Method ":" digest-uri-value ":" H(entity-body) -- request-digest = HEX(KD(HEX(H(A1)), -- unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2)))) diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c index 49240605c8..b244dbb52a 100644 --- a/source4/heimdal/lib/asn1/extra.c +++ b/source4/heimdal/lib/asn1/extra.c @@ -67,15 +67,21 @@ decode_heim_any(const unsigned char *p, size_t len, return ASN1_OVERFLOW; e = der_get_length(p + l, len - l, &length, &len_len); if (e) return e; - if (length + len_len + l > len) - return ASN1_OVERFLOW; - + if (length == ASN1_INDEFINITE) { + if (len < len_len + l) + return ASN1_OVERFLOW; + length = len - (len_len + l); + } else { + if (len < length + len_len + l) + return ASN1_OVERFLOW; + } + data->data = malloc(length + len_len + l); if (data->data == NULL) return ENOMEM; data->length = length + len_len + l; memcpy(data->data, p, length + len_len + l); - + if (size) *size = length + len_len + l; diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c index 52fd0d393b..e156c7cefb 100644 --- a/source4/heimdal/lib/asn1/gen.c +++ b/source4/heimdal/lib/asn1/gen.c @@ -83,12 +83,19 @@ init_generate (const char *filename, const char *base) if (headerbase == NULL) errx(1, "strdup"); } + + /* public header file */ asprintf(&header, "%s.h", headerbase); if (header == NULL) errx(1, "malloc"); - headerfile = fopen (header, "w"); + asprintf(&fn, "%s.hx", headerbase); + if (fn == NULL) + errx(1, "malloc"); + headerfile = fopen (fn, "w"); if (headerfile == NULL) - err (1, "open %s", header); + err (1, "open %s", fn); + free(fn); + fprintf (headerfile, "/* Generated from %s */\n" "/* Do not edit */\n\n", @@ -229,7 +236,7 @@ gen_compare_defval(const char *var, struct value *val) } } -static void +void generate_header_of_codefile(const char *name) { char *filename; @@ -267,7 +274,7 @@ generate_header_of_codefile(const char *name) } -static void +void close_codefile(void) { if (codefile == NULL) @@ -296,7 +303,8 @@ generate_constant (const Symbol *s) struct objid *o, **list; unsigned int i, len; - generate_header_of_codefile(s->gen_name); + if (!one_code_file) + generate_header_of_codefile(s->gen_name); len = 0; for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next) @@ -320,9 +328,13 @@ generate_constant (const Symbol *s) } fprintf (headerfile, "} */\n"); - fprintf (headerfile, "const heim_oid *oid_%s(void);\n\n", + fprintf (headerfile, "const heim_oid *oid_%s(void);\n", + s->gen_name); + fprintf (headerfile, + "extern const heim_oid asn1_oid_%s;\n\n", s->gen_name); + fprintf (codefile, "static unsigned oid_%s_variable_num[%d] = {", s->gen_name, len); for (i = len ; i > 0; i--) { @@ -330,17 +342,20 @@ generate_constant (const Symbol *s) } fprintf(codefile, "};\n"); - fprintf (codefile, "static const heim_oid oid_%s_variable = " + fprintf (codefile, "const heim_oid asn1_oid_%s = " "{ %d, oid_%s_variable_num };\n\n", s->gen_name, len, s->gen_name); fprintf (codefile, "const heim_oid *oid_%s(void)\n" "{\n" - "return &oid_%s_variable;\n" + "return &asn1_oid_%s;\n" "}\n\n", s->gen_name, s->gen_name); - close_codefile(); + free(list); + + if (!one_code_file) + close_codefile(); break; } @@ -587,7 +602,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep) fprintf (headerfile, "struct %s {\n", typedefp ? name : ""); ASN1_TAILQ_FOREACH(m, t->members, members) { char *n; - + asprintf (&n, "%s:1", m->gen_name); if (n == NULL) errx(1, "malloc"); @@ -787,7 +802,8 @@ generate_type_header (const Symbol *s) void generate_type (const Symbol *s) { - generate_header_of_codefile(s->gen_name); + if (!one_code_file) + generate_header_of_codefile(s->gen_name); generate_type_header (s); generate_type_encode (s); @@ -798,5 +814,9 @@ generate_type (const Symbol *s) generate_type_seq (s); generate_glue (s->type, s->gen_name); fprintf(headerfile, "\n\n"); - close_codefile(); + + if (!one_code_file) { + fprintf(codefile, "\n\n"); + close_codefile(); + } } diff --git a/source4/heimdal/lib/asn1/gen_copy.c b/source4/heimdal/lib/asn1/gen_copy.c index 37c9304779..5042ed64ed 100644 --- a/source4/heimdal/lib/asn1/gen_copy.c +++ b/source4/heimdal/lib/asn1/gen_copy.c @@ -149,7 +149,7 @@ copy_type (const char *from, const char *to, const Type *t, int preserve) to, have_ellipsis->gen_name); used_fail++; } - fprintf(codefile, "}\n"); + fprintf(codefile, "}\n"); } break; } diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c index 2bd5acb47e..cf7f0b05dc 100644 --- a/source4/heimdal/lib/asn1/gen_decode.c +++ b/source4/heimdal/lib/asn1/gen_decode.c @@ -230,7 +230,7 @@ range_check(const char *name, static int decode_type (const char *name, const Type *t, int optional, - const char *forwstr, const char *tmpstr) + const char *forwstr, const char *tmpstr, const char *dertype) { switch (t->type) { case TType: { @@ -289,7 +289,17 @@ decode_type (const char *name, const Type *t, int optional, decode_primitive ("enumerated", name, forwstr); break; case TOctetString: + if (dertype) { + fprintf(codefile, + "if (%s == CONS) {\n", + dertype); + decode_primitive("octet_string_ber", name, forwstr); + fprintf(codefile, + "} else {\n"); + } decode_primitive ("octet_string", name, forwstr); + if (dertype) + fprintf(codefile, "}\n"); if (t->range) range_check(name, "length", forwstr, t->range); break; @@ -340,10 +350,10 @@ decode_type (const char *name, const Type *t, int optional, name, m->gen_name); if (s == NULL) errx(1, "malloc"); - decode_type (s, m->type, m->optional, forwstr, m->gen_name); + decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL); free (s); } - + break; } case TSet: { @@ -382,7 +392,7 @@ decode_type (const char *name, const Type *t, int optional, "%s = calloc(1, sizeof(*%s));\n" "if (%s == NULL) { e = ENOMEM; %s; }\n", s, s, s, forwstr); - decode_type (s, m->type, 0, forwstr, m->gen_name); + decode_type (s, m->type, 0, forwstr, m->gen_name, NULL); free (s); fprintf(codefile, "members |= (1 << %d);\n", memno); @@ -458,7 +468,7 @@ decode_type (const char *name, const Type *t, int optional, asprintf (&sname, "%s_s_of", tmpstr); if (sname == NULL) errx(1, "malloc"); - decode_type (n, t->subtype, 0, forwstr, sname); + decode_type (n, t->subtype, 0, forwstr, sname, NULL); fprintf (codefile, "(%s)->len++;\n" "len = %s_origlen - ret;\n" @@ -480,21 +490,37 @@ decode_type (const char *name, const Type *t, int optional, decode_primitive ("general_string", name, forwstr); break; case TTag:{ - char *tname; + char *tname, *typestring; + char *ide = NULL; + + asprintf(&typestring, "%s_type", tmpstr); fprintf(codefile, "{\n" - "size_t %s_datalen, %s_oldlen;\n", - tmpstr, tmpstr); - if(dce_fix) + "size_t %s_datalen, %s_oldlen;\n" + "Der_type %s;\n", + tmpstr, tmpstr, typestring); + if(support_ber) fprintf(codefile, - "int dce_fix;\n"); - fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, %s, %s, " + "int is_indefinite;\n"); + + fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, &%s, %s, " "&%s_datalen, &l);\n", classname(t->tag.tagclass), - is_primitive_type(t->subtype->type) ? "PRIM" : "CONS", + typestring, valuename(t->tag.tagclass, t->tag.tagvalue), tmpstr); + + /* XXX hardcode for now */ + if (support_ber && t->subtype->type == TOctetString) { + ide = typestring; + } else { + fprintf(codefile, + "if (e == 0 && %s != %s) { e = ASN1_BAD_ID; }\n", + typestring, + is_primitive_type(t->subtype->type) ? "PRIM" : "CONS"); + } + if(optional) { fprintf(codefile, "if(e) {\n" @@ -510,11 +536,12 @@ decode_type (const char *name, const Type *t, int optional, "p += l; len -= l; ret += l;\n" "%s_oldlen = len;\n", tmpstr); - if(dce_fix) + if(support_ber) fprintf (codefile, - "if((dce_fix = _heim_fix_dce(%s_datalen, &len)) < 0)\n" - "{ e = ASN1_BAD_FORMAT; %s; }\n", - tmpstr, forwstr); + "if((is_indefinite = _heim_fix_dce(%s_datalen, &len)) < 0)\n" + "{ e = ASN1_BAD_FORMAT; %s; }\n" + "if (is_indefinite) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }", + tmpstr, forwstr, forwstr); else fprintf(codefile, "if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n" @@ -522,15 +549,22 @@ decode_type (const char *name, const Type *t, int optional, asprintf (&tname, "%s_Tag", tmpstr); if (tname == NULL) errx(1, "malloc"); - decode_type (name, t->subtype, 0, forwstr, tname); - if(dce_fix) + decode_type (name, t->subtype, 0, forwstr, tname, ide); + if(support_ber) fprintf(codefile, - "if(dce_fix){\n" - "e = der_match_tag_and_length (p, len, " - "(Der_class)0,(Der_type)0, UT_EndOfContent, " + "if(is_indefinite){\n" + "len += 2;\n" + "e = der_match_tag_and_length(p, len, " + "(Der_class)0, &%s, UT_EndOfContent, " "&%s_datalen, &l);\n" - "if(e) %s;\np += l; len -= l; ret += l;\n" - "} else \n", tmpstr, forwstr); + "if(e) %s;\n" + "p += l; len -= l; ret += l;\n" + "if (%s != (Der_type)0) { e = ASN1_BAD_ID; %s; }\n" + "} else \n", + typestring, + tmpstr, + forwstr, + typestring, forwstr); fprintf(codefile, "len = %s_oldlen - %s_datalen;\n", tmpstr, tmpstr); @@ -540,6 +574,7 @@ decode_type (const char *name, const Type *t, int optional, fprintf(codefile, "}\n"); free(tname); + free(typestring); break; } case TChoice: { @@ -555,7 +590,7 @@ decode_type (const char *name, const Type *t, int optional, Der_class cl; Der_type ty; unsigned tag; - + if (m->ellipsis) { have_ellipsis = m; continue; @@ -573,7 +608,7 @@ decode_type (const char *name, const Type *t, int optional, name, m->gen_name); if (s == NULL) errx(1, "malloc"); - decode_type (s, m->type, m->optional, forwstr, m->gen_name); + decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL); fprintf(codefile, "(%s)->element = %s;\n", name, m->label); @@ -695,7 +730,7 @@ generate_type_decode (const Symbol *s) fprintf (codefile, "\n"); fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */ - decode_type ("data", s->type, 0, "goto fail", "Top"); + decode_type ("data", s->type, 0, "goto fail", "Top", NULL); if (preserve) fprintf (codefile, "data->_save.data = calloc(1, ret);\n" diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c index d80a2f8d1f..1f8078a0ee 100644 --- a/source4/heimdal/lib/asn1/gen_encode.c +++ b/source4/heimdal/lib/asn1/gen_encode.c @@ -257,7 +257,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) if (t->members == NULL) break; - + ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) { char *s; @@ -388,7 +388,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) int c; asprintf (&tname, "%s_tag", tmpstr); if (tname == NULL) - errx(1, "malloc"); + errx(1, "malloc"); c = encode_type (name, t->subtype, tname); fprintf (codefile, "e = der_put_length_and_tag (p, len, ret, %s, %s, %s, &l);\n" diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c index 305d7de247..fac1f6da5d 100644 --- a/source4/heimdal/lib/asn1/gen_free.c +++ b/source4/heimdal/lib/asn1/gen_free.c @@ -110,7 +110,7 @@ free_type (const char *name, const Type *t, int preserve) if(t->type == TChoice) fprintf(codefile, "break;\n"); } - + if(t->type == TChoice) { if (have_ellipsis) fprintf(codefile, diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c index a1df4eef6b..7f9755e2da 100644 --- a/source4/heimdal/lib/asn1/gen_length.c +++ b/source4/heimdal/lib/asn1/gen_length.c @@ -139,7 +139,7 @@ length_type (const char *name, const Type *t, ASN1_TAILQ_FOREACH(m, t->members, members) { char *s; - + if (m->ellipsis) { have_ellipsis = m; continue; diff --git a/source4/heimdal/lib/asn1/gen_locl.h b/source4/heimdal/lib/asn1/gen_locl.h index c8b3896314..2bb64b5a38 100644 --- a/source4/heimdal/lib/asn1/gen_locl.h +++ b/source4/heimdal/lib/asn1/gen_locl.h @@ -36,9 +36,8 @@ #ifndef __GEN_LOCL_H__ #define __GEN_LOCL_H__ -#ifdef HAVE_CONFIG_H #include <config.h> -#endif + #include <assert.h> #include <stdio.h> #include <stdlib.h> @@ -80,9 +79,14 @@ int yyparse(void); int preserve_type(const char *); int seq_type(const char *); +void generate_header_of_codefile(const char *); +void close_codefile(void); + + extern FILE *headerfile, *codefile, *logfile; -extern int dce_fix; +extern int support_ber; extern int rfc1510_bitstring; +extern int one_code_file; extern int error_flag; diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/krb5.asn1 index 9b36498161..8edb0fde69 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/krb5.asn1 @@ -13,6 +13,7 @@ NAME-TYPE ::= INTEGER { KRB5_NT_X500_PRINCIPAL(6), -- PKINIT KRB5_NT_SMTP_NAME(7), -- Name in form of SMTP email name KRB5_NT_ENTERPRISE_PRINCIPAL(10), -- Windows 2000 UPN + KRB5_NT_WELLKNOWN(11), -- Wellknown KRB5_NT_ENT_PRINCIPAL_AND_ID(-130), -- Windows 2000 UPN and SID KRB5_NT_MS_PRINCIPAL(-128), -- NT 4 style name KRB5_NT_MS_PRINCIPAL_AND_ID(-129) -- NT style name and SID @@ -64,6 +65,10 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-GET-FROM-TYPED-DATA(22), KRB5-PADATA-SAM-ETYPE-INFO(23), KRB5-PADATA-SERVER-REFERRAL(25), + KRB5-PADATA-ALT-PRINC(24), -- (crawdad@fnal.gov) + KRB5-PADATA-SAM-CHALLENGE2(30), -- (kenh@pobox.com) + KRB5-PADATA-SAM-RESPONSE2(31), -- (kenh@pobox.com) + KRB5-PA-EXTRA-TGT(41), -- Reserved extra TGT KRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName KRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT KRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT @@ -71,13 +76,30 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com - KRB5-PADATA-S4U2SELF(129), - KRB5-PADATA-EPAC(130), -- EPAK - KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to - -- tell KDC that is supports + KRB5-PADATA-FOR-USER(129), -- MS-KILE + KRB5-PADATA-FOR-X509-USER(130), -- MS-KILE + KRB5-PADATA-FOR-CHECK-DUPS(131), -- MS-KILE + KRB5-PADATA-AS-CHECKSUM(132), -- MS-KILE + KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to + -- tell KDC that is supports -- the asCheckSum in the -- PK-AS-REP - KRB5-PADATA-CLIENT-CANONICALIZED(133) -- + KRB5-PADATA-CLIENT-CANONICALIZED(133), -- referals + KRB5-PADATA-FX-COOKIE(133), -- krb-wg-preauth-framework + KRB5-PADATA-AUTHENTICATION-SET(134), -- krb-wg-preauth-framework + KRB5-PADATA-AUTH-SET-SELECTED(135), -- krb-wg-preauth-framework + KRB5-PADATA-FX-FAST(136), -- krb-wg-preauth-framework + KRB5-PADATA-FX-ERROR(137), -- krb-wg-preauth-framework + KRB5-PADATA-ENCRYPTED-CHALLENGE(138), -- krb-wg-preauth-framework + KRB5-PADATA-OTP-CHALLENGE(141), -- (gareth.richards@rsa.com) + KRB5-PADATA-OTP-REQUEST(142), -- (gareth.richards@rsa.com) + KBB5-PADATA-OTP-CONFIRM(143), -- (gareth.richards@rsa.com) + KRB5-PADATA-OTP-PIN-CHANGE(144), -- (gareth.richards@rsa.com) + KRB5-PADATA-EPAK-AS-REQ(145), + KRB5-PADATA-EPAK-AS-REP(146), + KRB5-PADATA-PKINIT-KX(147), -- krb-wg-anon + KRB5-PADATA-PKU2U-NAME(148), -- zhu-pku2u + KRB5-PADATA-SUPPORTED-ETYPES(165) -- MS-KILE } AUTHDATA-TYPE ::= INTEGER { @@ -174,6 +196,8 @@ Principal ::= SEQUENCE { realm[1] Realm } +Principals ::= SEQUENCE OF Principal + HostAddress ::= SEQUENCE { addr-type[0] krb5int32, address[1] OCTET STRING @@ -387,7 +411,7 @@ PA-ENC-TS-ENC ::= SEQUENCE { -- draft-brezak-win2k-krb-authz-01 PA-PAC-REQUEST ::= SEQUENCE { - include-pac[0] BOOLEAN -- Indicates whether a PAC + include-pac[0] BOOLEAN -- Indicates whether a PAC -- should be included or not } @@ -618,21 +642,19 @@ PA-S4U2Self ::= SEQUENCE { auth[3] GeneralString } -KRB5SignedPathPrincipals ::= SEQUENCE OF Principal - -- never encoded on the wire, just used to checksum over KRB5SignedPathData ::= SEQUENCE { encticket[0] EncTicketPart, - delegated[1] KRB5SignedPathPrincipals OPTIONAL + delegated[1] Principals OPTIONAL } KRB5SignedPath ::= SEQUENCE { -- DERcoded KRB5SignedPathData - -- krbtgt key (etype), KeyUsage = XXX + -- krbtgt key (etype), KeyUsage = XXX etype[0] ENCTYPE, cksum[1] Checksum, -- srvs delegated though - delegated[2] KRB5SignedPathPrincipals OPTIONAL + delegated[2] Principals OPTIONAL } PA-ClientCanonicalizedNames ::= SEQUENCE{ @@ -666,6 +688,63 @@ PA-ServerReferralData ::= SEQUENCE { ... } +FastOptions ::= BIT STRING { + reserved(0), + hide-client-names(1), + kdc-follow--referrals(16) +} + +KrbFastReq ::= SEQUENCE { + fast-options [0] FastOptions, + padata [1] SEQUENCE OF PA-DATA, + req-body [2] KDC-REQ-BODY, + ... +} + +KrbFastArmor ::= SEQUENCE { + armor-type [0] krb5int32, + armor-value [1] OCTET STRING, + ... +} + +KrbFastArmoredReq ::= SEQUENCE { + armor [0] KrbFastArmor OPTIONAL, + req-checksum [1] Checksum, + enc-fast-req [2] EncryptedData -- KrbFastReq -- +} + +PA-FX-FAST-REQUEST ::= CHOICE { + armored-data [0] KrbFastArmoredReq, + ... +} + +KrbFastFinished ::= SEQUENCE { + timestamp [0] KerberosTime, + usec [1] krb5int32, + crealm [2] Realm, + cname [3] PrincipalName, + checksum [4] Checksum, + ticket-checksum [5] Checksum, + ... +} + +KrbFastResponse ::= SEQUENCE { + padata [0] SEQUENCE OF PA-DATA, + rep-key [1] EncryptionKey OPTIONAL, + finished [2] KrbFastFinished OPTIONAL, + ... +} + +KrbFastArmoredRep ::= SEQUENCE { + enc-fast-rep [0] EncryptedData, -- KrbFastResponse -- + ... +} + +PA-FX-FAST-REPLY ::= CHOICE { + armored-data [0] KrbFastArmoredRep, + ... +} + END -- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1 diff --git a/source4/heimdal/lib/asn1/krb5.opt b/source4/heimdal/lib/asn1/krb5.opt new file mode 100644 index 0000000000..1d6d5e8989 --- /dev/null +++ b/source4/heimdal/lib/asn1/krb5.opt @@ -0,0 +1,6 @@ +--encode-rfc1510-bit-string +--sequence=Principals +--sequence=AuthorizationData +--sequence=METHOD-DATA +--sequence=ETYPE-INFO +--sequence=ETYPE-INFO2 diff --git a/source4/heimdal/lib/asn1/kx509.asn1 b/source4/heimdal/lib/asn1/kx509.asn1 index 820abc8106..14ebf50ecd 100644 --- a/source4/heimdal/lib/asn1/kx509.asn1 +++ b/source4/heimdal/lib/asn1/kx509.asn1 @@ -3,6 +3,17 @@ KX509 DEFINITIONS ::= BEGIN +KX509-ERROR-CODE ::= INTEGER { + KX509-STATUS-GOOD(0), + KX509-STATUS-CLIENT-BAD(1), + KX509-STATUS-CLIENT-FIX(2), + KX509-STATUS-CLIENT-TEMP(3), + KX509-STATUS-SERVER-BAD(4), + KX509-STATUS-SERVER-TEMP(5), + -- 6 is used internally in the umich client, avoid that + KX509-STATUS-SERVER-KEY(7) +} + Kx509Request ::= SEQUENCE { authenticator OCTET STRING, pk-hash OCTET STRING, diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l index 1198ef16a6..7bd442bc50 100644 --- a/source4/heimdal/lib/asn1/lex.l +++ b/source4/heimdal/lib/asn1/lex.l @@ -46,7 +46,7 @@ #endif #undef ECHO #include "symbol.h" -#include "parse.h" +#include "asn1parse.h" #include "lex.h" #include "gen_locl.h" @@ -216,7 +216,7 @@ WITH { return kw_WITH; } char *p = buf; int f = 0; int skip_ws = 0; - + while((c = input()) != EOF) { if(isspace(c) && skip_ws) { if(c == '\n') @@ -224,7 +224,7 @@ WITH { return kw_WITH; } continue; } skip_ws = 0; - + if(c == '"') { if(f) { *p++ = '"'; diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c index 6a97634310..115c82a9c7 100644 --- a/source4/heimdal/lib/asn1/main.c +++ b/source4/heimdal/lib/asn1/main.c @@ -62,15 +62,20 @@ seq_type(const char *p) return 0; } -int dce_fix; +int support_ber; int rfc1510_bitstring; +int one_code_file; +char *option_file; int version_flag; int help_flag; struct getargs args[] = { { "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring }, - { "decode-dce-ber", 0, arg_flag, &dce_fix }, + { "decode-dce-ber", 0, arg_flag, &support_ber }, + { "support-ber", 0, arg_flag, &support_ber }, { "preserve-binary", 0, arg_strings, &preserve }, { "sequence", 0, arg_strings, &seq }, + { "one-code-file", 0, arg_flag, &one_code_file }, + { "option-file", 0, arg_string, &option_file }, { "version", 0, arg_flag, &version_flag }, { "help", 0, arg_flag, &help_flag } }; @@ -92,6 +97,8 @@ main(int argc, char **argv) const char *file; const char *name = NULL; int optidx = 0; + char **arg = NULL; + size_t len = 0, i; setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &optidx)) @@ -121,7 +128,58 @@ main(int argc, char **argv) name = argv[optidx + 1]; } + /* + * Parse extra options file + */ + if (option_file) { + char buf[1024]; + FILE *opt; + + opt = fopen(option_file, "r"); + if (opt == NULL) { + perror("open"); + exit(1); + } + + arg = calloc(2, sizeof(arg[0])); + arg[0] = option_file; + arg[1] = NULL; + len = 1; + + while (fgets(buf, sizeof(buf), opt) != NULL) { + buf[strcspn(buf, "\n\r")] = '\0'; + + arg = realloc(arg, (len + 2) * sizeof(arg[0])); + if (argv == NULL) { + perror("malloc"); + exit(1); + } + arg[len] = strdup(buf); + if (arg[len] == NULL) { + perror("strdup"); + exit(1); + } + arg[len + 1] = NULL; + len++; + } + fclose(opt); + + optidx = 0; + if(getarg(args, num_args, len, arg, &optidx)) + usage(1); + + if (len != optidx) { + fprintf(stderr, "extra args"); + exit(1); + } + } + + init_generate (file, name); + + if (one_code_file) + generate_header_of_codefile(name); + initsym (); ret = yyparse (); if(ret != 0 || error_flag != 0) @@ -129,5 +187,15 @@ main(int argc, char **argv) close_generate (); if (argc != optidx) fclose(yyin); + + if (one_code_file) + close_codefile(); + + if (arg) { + for (i = 1; i < len; i++) + free(arg[i]); + free(arg); + } + return 0; } diff --git a/source4/heimdal/lib/asn1/parse.y b/source4/heimdal/lib/asn1/parse.y deleted file mode 100644 index aca4a062b8..0000000000 --- a/source4/heimdal/lib/asn1/parse.y +++ /dev/null @@ -1,1015 +0,0 @@ -/* - * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id$ */ - -%{ -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include "symbol.h" -#include "lex.h" -#include "gen_locl.h" -#include "der.h" - -RCSID("$Id$"); - -static Type *new_type (Typetype t); -static struct constraint_spec *new_constraint_spec(enum ctype); -static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype); -void yyerror (const char *); -static struct objid *new_objid(const char *label, int value); -static void add_oid_to_tail(struct objid *, struct objid *); -static void fix_labels(Symbol *s); - -struct string_list { - char *string; - struct string_list *next; -}; - -%} - -%union { - int constant; - struct value *value; - struct range *range; - char *name; - Type *type; - Member *member; - struct objid *objid; - char *defval; - struct string_list *sl; - struct tagtype tag; - struct memhead *members; - struct constraint_spec *constraint_spec; -} - -%token kw_ABSENT -%token kw_ABSTRACT_SYNTAX -%token kw_ALL -%token kw_APPLICATION -%token kw_AUTOMATIC -%token kw_BEGIN -%token kw_BIT -%token kw_BMPString -%token kw_BOOLEAN -%token kw_BY -%token kw_CHARACTER -%token kw_CHOICE -%token kw_CLASS -%token kw_COMPONENT -%token kw_COMPONENTS -%token kw_CONSTRAINED -%token kw_CONTAINING -%token kw_DEFAULT -%token kw_DEFINITIONS -%token kw_EMBEDDED -%token kw_ENCODED -%token kw_END -%token kw_ENUMERATED -%token kw_EXCEPT -%token kw_EXPLICIT -%token kw_EXPORTS -%token kw_EXTENSIBILITY -%token kw_EXTERNAL -%token kw_FALSE -%token kw_FROM -%token kw_GeneralString -%token kw_GeneralizedTime -%token kw_GraphicString -%token kw_IA5String -%token kw_IDENTIFIER -%token kw_IMPLICIT -%token kw_IMPLIED -%token kw_IMPORTS -%token kw_INCLUDES -%token kw_INSTANCE -%token kw_INTEGER -%token kw_INTERSECTION -%token kw_ISO646String -%token kw_MAX -%token kw_MIN -%token kw_MINUS_INFINITY -%token kw_NULL -%token kw_NumericString -%token kw_OBJECT -%token kw_OCTET -%token kw_OF -%token kw_OPTIONAL -%token kw_ObjectDescriptor -%token kw_PATTERN -%token kw_PDV -%token kw_PLUS_INFINITY -%token kw_PRESENT -%token kw_PRIVATE -%token kw_PrintableString -%token kw_REAL -%token kw_RELATIVE_OID -%token kw_SEQUENCE -%token kw_SET -%token kw_SIZE -%token kw_STRING -%token kw_SYNTAX -%token kw_T61String -%token kw_TAGS -%token kw_TRUE -%token kw_TYPE_IDENTIFIER -%token kw_TeletexString -%token kw_UNION -%token kw_UNIQUE -%token kw_UNIVERSAL -%token kw_UTCTime -%token kw_UTF8String -%token kw_UniversalString -%token kw_VideotexString -%token kw_VisibleString -%token kw_WITH - -%token RANGE -%token EEQUAL -%token ELLIPSIS - -%token <name> IDENTIFIER referencename -%token <name> STRING - -%token <constant> NUMBER -%type <constant> SignedNumber -%type <constant> Class tagenv - -%type <value> Value -%type <value> BuiltinValue -%type <value> IntegerValue -%type <value> BooleanValue -%type <value> ObjectIdentifierValue -%type <value> CharacterStringValue -%type <value> NullValue -%type <value> DefinedValue -%type <value> ReferencedValue -%type <value> Valuereference - -%type <type> Type -%type <type> BuiltinType -%type <type> BitStringType -%type <type> BooleanType -%type <type> ChoiceType -%type <type> ConstrainedType -%type <type> EnumeratedType -%type <type> IntegerType -%type <type> NullType -%type <type> OctetStringType -%type <type> SequenceType -%type <type> SequenceOfType -%type <type> SetType -%type <type> SetOfType -%type <type> TaggedType -%type <type> ReferencedType -%type <type> DefinedType -%type <type> UsefulType -%type <type> ObjectIdentifierType -%type <type> CharacterStringType -%type <type> RestrictedCharactedStringType - -%type <tag> Tag - -%type <member> ComponentType -%type <member> NamedBit -%type <member> NamedNumber -%type <member> NamedType -%type <members> ComponentTypeList -%type <members> Enumerations -%type <members> NamedBitList -%type <members> NamedNumberList - -%type <objid> objid objid_list objid_element objid_opt -%type <range> range size - -%type <sl> referencenames - -%type <constraint_spec> Constraint -%type <constraint_spec> ConstraintSpec -%type <constraint_spec> GeneralConstraint -%type <constraint_spec> ContentsConstraint -%type <constraint_spec> UserDefinedConstraint - - - -%start ModuleDefinition - -%% - -ModuleDefinition: IDENTIFIER objid_opt kw_DEFINITIONS TagDefault ExtensionDefault - EEQUAL kw_BEGIN ModuleBody kw_END - { - checkundefined(); - } - ; - -TagDefault : kw_EXPLICIT kw_TAGS - | kw_IMPLICIT kw_TAGS - { error_message("implicit tagging is not supported"); } - | kw_AUTOMATIC kw_TAGS - { error_message("automatic tagging is not supported"); } - | /* empty */ - ; - -ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED - { error_message("no extensibility options supported"); } - | /* empty */ - ; - -ModuleBody : /* Exports */ Imports AssignmentList - | /* empty */ - ; - -Imports : kw_IMPORTS SymbolsImported ';' - | /* empty */ - ; - -SymbolsImported : SymbolsFromModuleList - | /* empty */ - ; - -SymbolsFromModuleList: SymbolsFromModule - | SymbolsFromModuleList SymbolsFromModule - ; - -SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt - { - struct string_list *sl; - for(sl = $1; sl != NULL; sl = sl->next) { - Symbol *s = addsym(sl->string); - s->stype = Stype; - } - add_import($3); - } - ; - -AssignmentList : Assignment - | Assignment AssignmentList - ; - -Assignment : TypeAssignment - | ValueAssignment - ; - -referencenames : IDENTIFIER ',' referencenames - { - $$ = emalloc(sizeof(*$$)); - $$->string = $1; - $$->next = $3; - } - | IDENTIFIER - { - $$ = emalloc(sizeof(*$$)); - $$->string = $1; - $$->next = NULL; - } - ; - -TypeAssignment : IDENTIFIER EEQUAL Type - { - Symbol *s = addsym ($1); - s->stype = Stype; - s->type = $3; - fix_labels(s); - generate_type (s); - } - ; - -Type : BuiltinType - | ReferencedType - | ConstrainedType - ; - -BuiltinType : BitStringType - | BooleanType - | CharacterStringType - | ChoiceType - | EnumeratedType - | IntegerType - | NullType - | ObjectIdentifierType - | OctetStringType - | SequenceType - | SequenceOfType - | SetType - | SetOfType - | TaggedType - ; - -BooleanType : kw_BOOLEAN - { - $$ = new_tag(ASN1_C_UNIV, UT_Boolean, - TE_EXPLICIT, new_type(TBoolean)); - } - ; - -range : '(' Value RANGE Value ')' - { - if($2->type != integervalue) - error_message("Non-integer used in first part of range"); - if($2->type != integervalue) - error_message("Non-integer in second part of range"); - $$ = ecalloc(1, sizeof(*$$)); - $$->min = $2->u.integervalue; - $$->max = $4->u.integervalue; - } - | '(' Value RANGE kw_MAX ')' - { - if($2->type != integervalue) - error_message("Non-integer in first part of range"); - $$ = ecalloc(1, sizeof(*$$)); - $$->min = $2->u.integervalue; - $$->max = $2->u.integervalue - 1; - } - | '(' kw_MIN RANGE Value ')' - { - if($4->type != integervalue) - error_message("Non-integer in second part of range"); - $$ = ecalloc(1, sizeof(*$$)); - $$->min = $4->u.integervalue + 2; - $$->max = $4->u.integervalue; - } - | '(' Value ')' - { - if($2->type != integervalue) - error_message("Non-integer used in limit"); - $$ = ecalloc(1, sizeof(*$$)); - $$->min = $2->u.integervalue; - $$->max = $2->u.integervalue; - } - ; - - -IntegerType : kw_INTEGER - { - $$ = new_tag(ASN1_C_UNIV, UT_Integer, - TE_EXPLICIT, new_type(TInteger)); - } - | kw_INTEGER range - { - $$ = new_type(TInteger); - $$->range = $2; - $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$); - } - | kw_INTEGER '{' NamedNumberList '}' - { - $$ = new_type(TInteger); - $$->members = $3; - $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$); - } - ; - -NamedNumberList : NamedNumber - { - $$ = emalloc(sizeof(*$$)); - ASN1_TAILQ_INIT($$); - ASN1_TAILQ_INSERT_HEAD($$, $1, members); - } - | NamedNumberList ',' NamedNumber - { - ASN1_TAILQ_INSERT_TAIL($1, $3, members); - $$ = $1; - } - | NamedNumberList ',' ELLIPSIS - { $$ = $1; } /* XXX used for Enumerations */ - ; - -NamedNumber : IDENTIFIER '(' SignedNumber ')' - { - $$ = emalloc(sizeof(*$$)); - $$->name = $1; - $$->gen_name = estrdup($1); - output_name ($$->gen_name); - $$->val = $3; - $$->optional = 0; - $$->ellipsis = 0; - $$->type = NULL; - } - ; - -EnumeratedType : kw_ENUMERATED '{' Enumerations '}' - { - $$ = new_type(TInteger); - $$->members = $3; - $$ = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, $$); - } - ; - -Enumerations : NamedNumberList /* XXX */ - ; - -BitStringType : kw_BIT kw_STRING - { - $$ = new_type(TBitString); - $$->members = emalloc(sizeof(*$$->members)); - ASN1_TAILQ_INIT($$->members); - $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$); - } - | kw_BIT kw_STRING '{' NamedBitList '}' - { - $$ = new_type(TBitString); - $$->members = $4; - $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$); - } - ; - -ObjectIdentifierType: kw_OBJECT kw_IDENTIFIER - { - $$ = new_tag(ASN1_C_UNIV, UT_OID, - TE_EXPLICIT, new_type(TOID)); - } - ; -OctetStringType : kw_OCTET kw_STRING size - { - Type *t = new_type(TOctetString); - t->range = $3; - $$ = new_tag(ASN1_C_UNIV, UT_OctetString, - TE_EXPLICIT, t); - } - ; - -NullType : kw_NULL - { - $$ = new_tag(ASN1_C_UNIV, UT_Null, - TE_EXPLICIT, new_type(TNull)); - } - ; - -size : - { $$ = NULL; } - | kw_SIZE range - { $$ = $2; } - ; - - -SequenceType : kw_SEQUENCE '{' /* ComponentTypeLists */ ComponentTypeList '}' - { - $$ = new_type(TSequence); - $$->members = $3; - $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$); - } - | kw_SEQUENCE '{' '}' - { - $$ = new_type(TSequence); - $$->members = NULL; - $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$); - } - ; - -SequenceOfType : kw_SEQUENCE size kw_OF Type - { - $$ = new_type(TSequenceOf); - $$->range = $2; - $$->subtype = $4; - $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$); - } - ; - -SetType : kw_SET '{' /* ComponentTypeLists */ ComponentTypeList '}' - { - $$ = new_type(TSet); - $$->members = $3; - $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$); - } - | kw_SET '{' '}' - { - $$ = new_type(TSet); - $$->members = NULL; - $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$); - } - ; - -SetOfType : kw_SET kw_OF Type - { - $$ = new_type(TSetOf); - $$->subtype = $3; - $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$); - } - ; - -ChoiceType : kw_CHOICE '{' /* AlternativeTypeLists */ ComponentTypeList '}' - { - $$ = new_type(TChoice); - $$->members = $3; - } - ; - -ReferencedType : DefinedType - | UsefulType - ; - -DefinedType : IDENTIFIER - { - Symbol *s = addsym($1); - $$ = new_type(TType); - if(s->stype != Stype && s->stype != SUndefined) - error_message ("%s is not a type\n", $1); - else - $$->symbol = s; - } - ; - -UsefulType : kw_GeneralizedTime - { - $$ = new_tag(ASN1_C_UNIV, UT_GeneralizedTime, - TE_EXPLICIT, new_type(TGeneralizedTime)); - } - | kw_UTCTime - { - $$ = new_tag(ASN1_C_UNIV, UT_UTCTime, - TE_EXPLICIT, new_type(TUTCTime)); - } - ; - -ConstrainedType : Type Constraint - { - /* if (Constraint.type == contentConstrant) { - assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too - if (Constraint.u.constraint.type) { - assert((Constraint.u.constraint.type.length % 8) == 0); - } - } - if (Constraint.u.constraint.encoding) { - type == der-oid|ber-oid - } - */ - } - ; - - -Constraint : '(' ConstraintSpec ')' - { - $$ = $2; - } - ; - -ConstraintSpec : GeneralConstraint - ; - -GeneralConstraint: ContentsConstraint - | UserDefinedConstraint - ; - -ContentsConstraint: kw_CONTAINING Type - { - $$ = new_constraint_spec(CT_CONTENTS); - $$->u.content.type = $2; - $$->u.content.encoding = NULL; - } - | kw_ENCODED kw_BY Value - { - if ($3->type != objectidentifiervalue) - error_message("Non-OID used in ENCODED BY constraint"); - $$ = new_constraint_spec(CT_CONTENTS); - $$->u.content.type = NULL; - $$->u.content.encoding = $3; - } - | kw_CONTAINING Type kw_ENCODED kw_BY Value - { - if ($5->type != objectidentifiervalue) - error_message("Non-OID used in ENCODED BY constraint"); - $$ = new_constraint_spec(CT_CONTENTS); - $$->u.content.type = $2; - $$->u.content.encoding = $5; - } - ; - -UserDefinedConstraint: kw_CONSTRAINED kw_BY '{' '}' - { - $$ = new_constraint_spec(CT_USER); - } - ; - -TaggedType : Tag tagenv Type - { - $$ = new_type(TTag); - $$->tag = $1; - $$->tag.tagenv = $2; - if($3->type == TTag && $2 == TE_IMPLICIT) { - $$->subtype = $3->subtype; - free($3); - } else - $$->subtype = $3; - } - ; - -Tag : '[' Class NUMBER ']' - { - $$.tagclass = $2; - $$.tagvalue = $3; - $$.tagenv = TE_EXPLICIT; - } - ; - -Class : /* */ - { - $$ = ASN1_C_CONTEXT; - } - | kw_UNIVERSAL - { - $$ = ASN1_C_UNIV; - } - | kw_APPLICATION - { - $$ = ASN1_C_APPL; - } - | kw_PRIVATE - { - $$ = ASN1_C_PRIVATE; - } - ; - -tagenv : /* */ - { - $$ = TE_EXPLICIT; - } - | kw_EXPLICIT - { - $$ = TE_EXPLICIT; - } - | kw_IMPLICIT - { - $$ = TE_IMPLICIT; - } - ; - - -ValueAssignment : IDENTIFIER Type EEQUAL Value - { - Symbol *s; - s = addsym ($1); - - s->stype = SValue; - s->value = $4; - generate_constant (s); - } - ; - -CharacterStringType: RestrictedCharactedStringType - ; - -RestrictedCharactedStringType: kw_GeneralString - { - $$ = new_tag(ASN1_C_UNIV, UT_GeneralString, - TE_EXPLICIT, new_type(TGeneralString)); - } - | kw_UTF8String - { - $$ = new_tag(ASN1_C_UNIV, UT_UTF8String, - TE_EXPLICIT, new_type(TUTF8String)); - } - | kw_PrintableString - { - $$ = new_tag(ASN1_C_UNIV, UT_PrintableString, - TE_EXPLICIT, new_type(TPrintableString)); - } - | kw_VisibleString - { - $$ = new_tag(ASN1_C_UNIV, UT_VisibleString, - TE_EXPLICIT, new_type(TVisibleString)); - } - | kw_IA5String - { - $$ = new_tag(ASN1_C_UNIV, UT_IA5String, - TE_EXPLICIT, new_type(TIA5String)); - } - | kw_BMPString - { - $$ = new_tag(ASN1_C_UNIV, UT_BMPString, - TE_EXPLICIT, new_type(TBMPString)); - } - | kw_UniversalString - { - $$ = new_tag(ASN1_C_UNIV, UT_UniversalString, - TE_EXPLICIT, new_type(TUniversalString)); - } - - ; - -ComponentTypeList: ComponentType - { - $$ = emalloc(sizeof(*$$)); - ASN1_TAILQ_INIT($$); - ASN1_TAILQ_INSERT_HEAD($$, $1, members); - } - | ComponentTypeList ',' ComponentType - { - ASN1_TAILQ_INSERT_TAIL($1, $3, members); - $$ = $1; - } - | ComponentTypeList ',' ELLIPSIS - { - struct member *m = ecalloc(1, sizeof(*m)); - m->name = estrdup("..."); - m->gen_name = estrdup("asn1_ellipsis"); - m->ellipsis = 1; - ASN1_TAILQ_INSERT_TAIL($1, m, members); - $$ = $1; - } - ; - -NamedType : IDENTIFIER Type - { - $$ = emalloc(sizeof(*$$)); - $$->name = $1; - $$->gen_name = estrdup($1); - output_name ($$->gen_name); - $$->type = $2; - $$->ellipsis = 0; - } - ; - -ComponentType : NamedType - { - $$ = $1; - $$->optional = 0; - $$->defval = NULL; - } - | NamedType kw_OPTIONAL - { - $$ = $1; - $$->optional = 1; - $$->defval = NULL; - } - | NamedType kw_DEFAULT Value - { - $$ = $1; - $$->optional = 0; - $$->defval = $3; - } - ; - -NamedBitList : NamedBit - { - $$ = emalloc(sizeof(*$$)); - ASN1_TAILQ_INIT($$); - ASN1_TAILQ_INSERT_HEAD($$, $1, members); - } - | NamedBitList ',' NamedBit - { - ASN1_TAILQ_INSERT_TAIL($1, $3, members); - $$ = $1; - } - ; - -NamedBit : IDENTIFIER '(' NUMBER ')' - { - $$ = emalloc(sizeof(*$$)); - $$->name = $1; - $$->gen_name = estrdup($1); - output_name ($$->gen_name); - $$->val = $3; - $$->optional = 0; - $$->ellipsis = 0; - $$->type = NULL; - } - ; - -objid_opt : objid - | /* empty */ { $$ = NULL; } - ; - -objid : '{' objid_list '}' - { - $$ = $2; - } - ; - -objid_list : /* empty */ - { - $$ = NULL; - } - | objid_element objid_list - { - if ($2) { - $$ = $2; - add_oid_to_tail($2, $1); - } else { - $$ = $1; - } - } - ; - -objid_element : IDENTIFIER '(' NUMBER ')' - { - $$ = new_objid($1, $3); - } - | IDENTIFIER - { - Symbol *s = addsym($1); - if(s->stype != SValue || - s->value->type != objectidentifiervalue) { - error_message("%s is not an object identifier\n", - s->name); - exit(1); - } - $$ = s->value->u.objectidentifiervalue; - } - | NUMBER - { - $$ = new_objid(NULL, $1); - } - ; - -Value : BuiltinValue - | ReferencedValue - ; - -BuiltinValue : BooleanValue - | CharacterStringValue - | IntegerValue - | ObjectIdentifierValue - | NullValue - ; - -ReferencedValue : DefinedValue - ; - -DefinedValue : Valuereference - ; - -Valuereference : IDENTIFIER - { - Symbol *s = addsym($1); - if(s->stype != SValue) - error_message ("%s is not a value\n", - s->name); - else - $$ = s->value; - } - ; - -CharacterStringValue: STRING - { - $$ = emalloc(sizeof(*$$)); - $$->type = stringvalue; - $$->u.stringvalue = $1; - } - ; - -BooleanValue : kw_TRUE - { - $$ = emalloc(sizeof(*$$)); - $$->type = booleanvalue; - $$->u.booleanvalue = 0; - } - | kw_FALSE - { - $$ = emalloc(sizeof(*$$)); - $$->type = booleanvalue; - $$->u.booleanvalue = 0; - } - ; - -IntegerValue : SignedNumber - { - $$ = emalloc(sizeof(*$$)); - $$->type = integervalue; - $$->u.integervalue = $1; - } - ; - -SignedNumber : NUMBER - ; - -NullValue : kw_NULL - { - } - ; - -ObjectIdentifierValue: objid - { - $$ = emalloc(sizeof(*$$)); - $$->type = objectidentifiervalue; - $$->u.objectidentifiervalue = $1; - } - ; - -%% - -void -yyerror (const char *s) -{ - error_message ("%s\n", s); -} - -static Type * -new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype) -{ - Type *t; - if(oldtype->type == TTag && oldtype->tag.tagenv == TE_IMPLICIT) { - t = oldtype; - oldtype = oldtype->subtype; /* XXX */ - } else - t = new_type (TTag); - - t->tag.tagclass = tagclass; - t->tag.tagvalue = tagvalue; - t->tag.tagenv = tagenv; - t->subtype = oldtype; - return t; -} - -static struct objid * -new_objid(const char *label, int value) -{ - struct objid *s; - s = emalloc(sizeof(*s)); - s->label = label; - s->value = value; - s->next = NULL; - return s; -} - -static void -add_oid_to_tail(struct objid *head, struct objid *tail) -{ - struct objid *o; - o = head; - while (o->next) - o = o->next; - o->next = tail; -} - -static Type * -new_type (Typetype tt) -{ - Type *t = ecalloc(1, sizeof(*t)); - t->type = tt; - return t; -} - -static struct constraint_spec * -new_constraint_spec(enum ctype ct) -{ - struct constraint_spec *c = ecalloc(1, sizeof(*c)); - c->ctype = ct; - return c; -} - -static void fix_labels2(Type *t, const char *prefix); -static void fix_labels1(struct memhead *members, const char *prefix) -{ - Member *m; - - if(members == NULL) - return; - ASN1_TAILQ_FOREACH(m, members, members) { - asprintf(&m->label, "%s_%s", prefix, m->gen_name); - if (m->label == NULL) - errx(1, "malloc"); - if(m->type != NULL) - fix_labels2(m->type, m->label); - } -} - -static void fix_labels2(Type *t, const char *prefix) -{ - for(; t; t = t->subtype) - fix_labels1(t->members, prefix); -} - -static void -fix_labels(Symbol *s) -{ - char *p; - asprintf(&p, "choice_%s", s->gen_name); - if (p == NULL) - errx(1, "malloc"); - fix_labels2(s->type, p); - free(p); -} diff --git a/source4/heimdal/lib/asn1/pkcs12.asn1 b/source4/heimdal/lib/asn1/pkcs12.asn1 index 4d6454a08f..8b604c68d7 100644 --- a/source4/heimdal/lib/asn1/pkcs12.asn1 +++ b/source4/heimdal/lib/asn1/pkcs12.asn1 @@ -50,7 +50,7 @@ PKCS12-AuthenticatedSafe ::= SEQUENCE OF ContentInfo PKCS12-Attribute ::= SEQUENCE { attrId OBJECT IDENTIFIER, - attrValues -- SET OF -- heim_any_set + attrValues -- SET OF -- heim_any_set } PKCS12-Attributes ::= SET OF PKCS12-Attribute diff --git a/source4/heimdal/lib/asn1/pkcs8.asn1 b/source4/heimdal/lib/asn1/pkcs8.asn1 index 203d91eef8..45a7d715df 100644 --- a/source4/heimdal/lib/asn1/pkcs8.asn1 +++ b/source4/heimdal/lib/asn1/pkcs8.asn1 @@ -24,7 +24,7 @@ PKCS8EncryptedData ::= OCTET STRING PKCS8EncryptedPrivateKeyInfo ::= SEQUENCE { encryptionAlgorithm AlgorithmIdentifier, - encryptedData PKCS8EncryptedData + encryptedData PKCS8EncryptedData } END diff --git a/source4/heimdal/lib/asn1/pkinit.asn1 b/source4/heimdal/lib/asn1/pkinit.asn1 index 758af6f86e..f36ebf0b32 100644 --- a/source4/heimdal/lib/asn1/pkinit.asn1 +++ b/source4/heimdal/lib/asn1/pkinit.asn1 @@ -27,11 +27,11 @@ id-pkinit-san OBJECT IDENTIFIER ::= x509-sanan(2) } id-pkinit-ms-eku OBJECT IDENTIFIER ::= - { iso(1) org(3) dod(6) internet(1) private(4) + { iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) 20 2 2 } id-pkinit-ms-san OBJECT IDENTIFIER ::= - { iso(1) org(3) dod(6) internet(1) private(4) + { iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) 20 2 3 } MS-UPN-SAN ::= UTF8String @@ -152,19 +152,18 @@ TrustedCA-Win2k ::= CHOICE { issuerAndSerial [2] IssuerAndSerialNumber } -PA-PK-AS-REQ-Win2k ::= SEQUENCE { - signed-auth-pack [0] IMPLICIT OCTET STRING, - trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL, - kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL, +PA-PK-AS-REQ-Win2k ::= SEQUENCE { + signed-auth-pack [0] IMPLICIT OCTET STRING, + trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL, + kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL, encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL } PA-PK-AS-REP-Win2k ::= CHOICE { - dhSignedData [0] IMPLICIT OCTET STRING, + dhSignedData [0] IMPLICIT OCTET STRING, encKeyPack [1] IMPLICIT OCTET STRING } - KDCDHKeyInfo-Win2k ::= SEQUENCE { nonce [0] INTEGER (-2147483648..2147483647), subjectPublicKey [2] BIT STRING @@ -176,12 +175,18 @@ ReplyKeyPack-Win2k ::= SEQUENCE { ... } -PkinitSP80056AOtherInfo ::= SEQUENCE { - algorithmID AlgorithmIdentifier, - partyUInfo [0] OCTET STRING, - partyVInfo [1] OCTET STRING, - suppPubInfo [2] OCTET STRING OPTIONAL, - suppPrivInfo [3] OCTET STRING OPTIONAL +PA-PK-AS-REP-BTMM ::= SEQUENCE { + dhSignedData [0] heim_any OPTIONAL, + encKeyPack [1] heim_any OPTIONAL +} + + +PkinitSP80056AOtherInfo ::= SEQUENCE { + algorithmID AlgorithmIdentifier, + partyUInfo [0] OCTET STRING, + partyVInfo [1] OCTET STRING, + suppPubInfo [2] OCTET STRING OPTIONAL, + suppPrivInfo [3] OCTET STRING OPTIONAL } PkinitSuppPubInfo ::= SEQUENCE { diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1 index 8e24f0740b..51cac55cc0 100644 --- a/source4/heimdal/lib/asn1/rfc2459.asn1 +++ b/source4/heimdal/lib/asn1/rfc2459.asn1 @@ -6,7 +6,7 @@ RFC2459 DEFINITIONS ::= BEGIN IMPORTS heim_any FROM heim; Version ::= INTEGER { - rfc3280_version_1(0), + rfc3280_version_1(0), rfc3280_version_2(1), rfc3280_version_3(2) } @@ -29,7 +29,7 @@ id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 } id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 } id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 } -id-rsa-digestAlgorithm OBJECT IDENTIFIER ::= +id-rsa-digestAlgorithm OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 2 } id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 } @@ -54,7 +54,7 @@ id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) id-nistAlgorithm OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 } - + id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 } id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 } @@ -72,9 +72,42 @@ id-dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 } +-- ECC + +id-ecPublicKey OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } + +id-ecDH OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) schemes(1) + ecdh(12) } + +id-ecMQV OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) schemes(1) + ecmqv(13) } + +id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) + ecdsa-with-SHA2(3) 2 } + +id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } + +-- some EC group ids + +id-ec-group-secp256r1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) + prime(1) 7 } + +id-ec-group-secp160r1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) 0 8 } + +id-ec-group-secp160r2 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) 0 30 } + +-- DSA + id-x9-57 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) ansi-x942(10046) - 4 } + iso(1) member-body(2) us(840) ansi-x942(10046) 4 } id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 } id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 } @@ -256,8 +289,8 @@ KeyIdentifier ::= OCTET STRING AuthorityKeyIdentifier ::= SEQUENCE { keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL, - authorityCertIssuer [1] IMPLICIT -- GeneralName -- - SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, + authorityCertIssuer [1] IMPLICIT -- GeneralName -- + SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL } @@ -269,7 +302,7 @@ id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 } BasicConstraints ::= SEQUENCE { cA BOOLEAN OPTIONAL -- DEFAULT FALSE --, - pathLenConstraint INTEGER (0..4294967295) OPTIONAL + pathLenConstraint INTEGER (0..4294967295) OPTIONAL } id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 } @@ -350,6 +383,21 @@ DSAParams ::= SEQUENCE { g INTEGER } +-- draft-ietf-pkix-ecc-subpubkeyinfo-11 + +ECPoint ::= OCTET STRING + +ECParameters ::= CHOICE { + namedCurve OBJECT IDENTIFIER + -- implicitCurve NULL + -- specifiedCurve SpecifiedECDomain +} + +ECDSA-Sig-Value ::= SEQUENCE { + r INTEGER, + s INTEGER +} + -- really pkcs1 RSAPublicKey ::= SEQUENCE { @@ -382,7 +430,7 @@ DigestInfo ::= SEQUENCE { -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as: --- TemplateVersion ::= INTEGER (0..4294967295) +-- TemplateVersion ::= INTEGER (0..4294967295) -- CertificateTemplate ::= SEQUENCE { -- templateID OBJECT IDENTIFIER, @@ -393,7 +441,7 @@ DigestInfo ::= SEQUENCE { -- -- CRL --- +-- TBSCRLCertList ::= SEQUENCE { version Version OPTIONAL, -- if present, MUST be v2 @@ -489,16 +537,16 @@ id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 } --- Netscape extentions -id-netscape OBJECT IDENTIFIER ::= +id-netscape OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) } id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 } --- MS extentions -id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= +id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::= { 1 3 6 1 4 1 311 20 2 } -id-ms-client-authentication OBJECT IDENTIFIER ::= +id-ms-client-authentication OBJECT IDENTIFIER ::= { 1 3 6 1 5 5 7 3 2 } -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72 diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1 index d07bba6185..f6237b85b8 100644 --- a/source4/heimdal/lib/asn1/test.asn1 +++ b/source4/heimdal/lib/asn1/test.asn1 @@ -20,12 +20,12 @@ TESTSeq ::= SEQUENCE { TESTChoice1 ::= CHOICE { i1[1] INTEGER (-2147483648..2147483647), i2[2] INTEGER (-2147483648..2147483647), - ... + ... } TESTChoice2 ::= CHOICE { i1[1] INTEGER (-2147483648..2147483647), - ... + ... } TESTInteger ::= INTEGER (-2147483648..2147483647) @@ -35,7 +35,7 @@ TESTInteger3 ::= [5] IMPLICIT TESTInteger2 TESTImplicit ::= SEQUENCE { ti1[0] IMPLICIT INTEGER (-2147483648..2147483647), - ti2[1] IMPLICIT SEQUENCE { + ti2[1] IMPLICIT SEQUENCE { foo[127] INTEGER (-2147483648..2147483647) }, ti3[2] IMPLICIT [5] IMPLICIT [4] IMPLICIT INTEGER (-2147483648..2147483647) @@ -59,19 +59,19 @@ TESTAlloc ::= SEQUENCE { TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER ) -TESTENCODEDBY ::= OCTET STRING ( ENCODED BY +TESTENCODEDBY ::= OCTET STRING ( ENCODED BY { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) } ) -TESTDer OBJECT IDENTIFIER ::= { +TESTDer OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) } -TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY +TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY { joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) } ) -TESTCONTAININGENCODEDBY2 ::= OCTET STRING ( +TESTCONTAININGENCODEDBY2 ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY TESTDer ) |