summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/asn1
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/asn1')
-rw-r--r--source4/heimdal/lib/asn1/asn1_err.et2
-rw-r--r--source4/heimdal/lib/asn1/asn1_gen.c12
-rw-r--r--source4/heimdal/lib/asn1/canthandle.asn12
-rw-r--r--source4/heimdal/lib/asn1/cms.asn1 (renamed from source4/heimdal/lib/asn1/CMS.asn1)12
-rw-r--r--source4/heimdal/lib/asn1/cms.opt1
-rw-r--r--source4/heimdal/lib/asn1/der.h2
-rw-r--r--source4/heimdal/lib/asn1/der_get.c112
-rw-r--r--source4/heimdal/lib/asn1/der_locl.h4
-rw-r--r--source4/heimdal/lib/asn1/der_put.c2
-rw-r--r--source4/heimdal/lib/asn1/digest.asn12
-rw-r--r--source4/heimdal/lib/asn1/extra.c14
-rw-r--r--source4/heimdal/lib/asn1/gen.c44
-rw-r--r--source4/heimdal/lib/asn1/gen_copy.c2
-rw-r--r--source4/heimdal/lib/asn1/gen_decode.c87
-rw-r--r--source4/heimdal/lib/asn1/gen_encode.c4
-rw-r--r--source4/heimdal/lib/asn1/gen_free.c2
-rw-r--r--source4/heimdal/lib/asn1/gen_length.c2
-rw-r--r--source4/heimdal/lib/asn1/gen_locl.h10
-rw-r--r--source4/heimdal/lib/asn1/krb5.asn1 (renamed from source4/heimdal/lib/asn1/k5.asn1)101
-rw-r--r--source4/heimdal/lib/asn1/krb5.opt6
-rw-r--r--source4/heimdal/lib/asn1/kx509.asn111
-rw-r--r--source4/heimdal/lib/asn1/lex.l6
-rw-r--r--source4/heimdal/lib/asn1/main.c72
-rw-r--r--source4/heimdal/lib/asn1/parse.y1015
-rw-r--r--source4/heimdal/lib/asn1/pkcs12.asn12
-rw-r--r--source4/heimdal/lib/asn1/pkcs8.asn12
-rw-r--r--source4/heimdal/lib/asn1/pkinit.asn133
-rw-r--r--source4/heimdal/lib/asn1/rfc2459.asn174
-rw-r--r--source4/heimdal/lib/asn1/test.asn114
29 files changed, 501 insertions, 1151 deletions
diff --git a/source4/heimdal/lib/asn1/asn1_err.et b/source4/heimdal/lib/asn1/asn1_err.et
index 26bda55c19..f1a653b1f9 100644
--- a/source4/heimdal/lib/asn1/asn1_err.et
+++ b/source4/heimdal/lib/asn1/asn1_err.et
@@ -22,4 +22,6 @@ error_code BAD_CHARACTER, "ASN.1 invalid character in string"
error_code MIN_CONSTRAINT, "ASN.1 too few elements"
error_code MAX_CONSTRAINT, "ASN.1 too many elements"
error_code EXACT_CONSTRAINT, "ASN.1 wrong number of elements"
+error_code INDEF_OVERRUN, "ASN.1 BER indefinte encoding overrun"
+error_code INDEF_UNDERRUN, "ASN.1 BER indefinte encoding underun"
end
diff --git a/source4/heimdal/lib/asn1/asn1_gen.c b/source4/heimdal/lib/asn1/asn1_gen.c
index e25f6d919e..925cc72cb4 100644
--- a/source4/heimdal/lib/asn1/asn1_gen.c
+++ b/source4/heimdal/lib/asn1/asn1_gen.c
@@ -119,24 +119,24 @@ doit(const char *fn)
&sz);
if (ret)
errx(1, "der_put_length_and_tag: %d", ret);
-
+
if (fwrite(p + sizeof(p) - sz , sz, 1, fout) != 1)
err(1, "fwrite length/tag failed");
offset += sz;
-
+
if (data) {
size_t datalen;
-
+
datalen = strlen(data) / 2;
pdata = emalloc(sz);
-
+
if (hex_decode(data, pdata, datalen) != datalen)
errx(1, "failed to decode data");
-
+
if (fwrite(pdata, datalen, 1, fout) != 1)
err(1, "fwrite data failed");
offset += datalen;
-
+
free(pdata);
}
}
diff --git a/source4/heimdal/lib/asn1/canthandle.asn1 b/source4/heimdal/lib/asn1/canthandle.asn1
index 5c2690f9b6..a335ee89e3 100644
--- a/source4/heimdal/lib/asn1/canthandle.asn1
+++ b/source4/heimdal/lib/asn1/canthandle.asn1
@@ -7,7 +7,7 @@ CANTHANDLE DEFINITIONS ::= BEGIN
-- Code the tag [2] but it should be primitive since KAKA3 is
-- Workaround: use the INTEGER type directly
-Kaka2 ::= SEQUENCE {
+Kaka2 ::= SEQUENCE {
kaka2-1 [0] INTEGER
}
diff --git a/source4/heimdal/lib/asn1/CMS.asn1 b/source4/heimdal/lib/asn1/cms.asn1
index 65a467521d..1c13d5f387 100644
--- a/source4/heimdal/lib/asn1/CMS.asn1
+++ b/source4/heimdal/lib/asn1/cms.asn1
@@ -18,8 +18,8 @@ id-pkcs7-digestedData OBJECT IDENTIFIER ::= { id-pkcs7 5 }
id-pkcs7-encryptedData OBJECT IDENTIFIER ::= { id-pkcs7 6 }
CMSVersion ::= INTEGER {
- CMSVersion_v0(0),
- CMSVersion_v1(1),
+ CMSVersion_v0(0),
+ CMSVersion_v1(1),
CMSVersion_v2(2),
CMSVersion_v3(3),
CMSVersion_v4(4)
@@ -34,7 +34,7 @@ MessageDigest ::= OCTET STRING
ContentInfo ::= SEQUENCE {
contentType ContentType,
- content [0] EXPLICIT heim_any OPTIONAL -- DEFINED BY contentType
+ content [0] EXPLICIT heim_any OPTIONAL -- DEFINED BY contentType
}
EncapsulatedContentInfo ::= SEQUENCE {
@@ -53,7 +53,7 @@ IssuerAndSerialNumber ::= SEQUENCE {
serialNumber CertificateSerialNumber
}
--- RecipientIdentifier is same as SignerIdentifier,
+-- RecipientIdentifier is same as SignerIdentifier,
-- lets glue them togheter and save some bytes and share code for them
CMSIdentifier ::= CHOICE {
@@ -67,7 +67,7 @@ RecipientIdentifier ::= CMSIdentifier
--- CMSAttributes are the combined UnsignedAttributes and SignedAttributes
--- to store space and share code
-CMSAttributes ::= SET OF Attribute -- SIZE (1..MAX)
+CMSAttributes ::= SET OF Attribute -- SIZE (1..MAX)
SignatureValue ::= OCTET STRING
@@ -79,7 +79,7 @@ SignerInfo ::= SEQUENCE {
SET OF Attribute OPTIONAL,
signatureAlgorithm SignatureAlgorithmIdentifier,
signature SignatureValue,
- unsignedAttrs [1] IMPLICIT -- CMSAttributes --
+ unsignedAttrs [1] IMPLICIT -- CMSAttributes --
SET OF Attribute OPTIONAL
}
diff --git a/source4/heimdal/lib/asn1/cms.opt b/source4/heimdal/lib/asn1/cms.opt
new file mode 100644
index 0000000000..bf7d396529
--- /dev/null
+++ b/source4/heimdal/lib/asn1/cms.opt
@@ -0,0 +1 @@
+--decode-dce-ber
diff --git a/source4/heimdal/lib/asn1/der.h b/source4/heimdal/lib/asn1/der.h
index 3b6f30887c..5b24b917d8 100644
--- a/source4/heimdal/lib/asn1/der.h
+++ b/source4/heimdal/lib/asn1/der.h
@@ -52,7 +52,7 @@ typedef enum {PRIM = 0, CONS = 1} Der_type;
enum {
UT_EndOfContent = 0,
UT_Boolean = 1,
- UT_Integer = 2,
+ UT_Integer = 2,
UT_BitString = 3,
UT_OctetString = 4,
UT_Null = 5,
diff --git a/source4/heimdal/lib/asn1/der_get.c b/source4/heimdal/lib/asn1/der_get.c
index 8a70966413..8144639b9a 100644
--- a/source4/heimdal/lib/asn1/der_get.c
+++ b/source4/heimdal/lib/asn1/der_get.c
@@ -33,10 +33,6 @@
#include "der_locl.h"
-RCSID("$Id$");
-
-#include <version.h>
-
/*
* All decoding functions take a pointer `p' to first position in
* which to read, from the left, `len' which means the maximum number
@@ -252,6 +248,75 @@ der_get_octet_string (const unsigned char *p, size_t len,
}
int
+der_get_octet_string_ber (const unsigned char *p, size_t len,
+ heim_octet_string *data, size_t *size)
+{
+ int e;
+ Der_type type;
+ Der_class class;
+ unsigned int tag, depth = 0;
+ size_t l, datalen, oldlen = len;
+
+ data->length = 0;
+ data->data = NULL;
+
+ while (len) {
+ e = der_get_tag (p, len, &class, &type, &tag, &l);
+ if (e) goto out;
+ if (class != ASN1_C_UNIV) {
+ e = ASN1_BAD_ID;
+ goto out;
+ }
+ if (type == PRIM && tag == UT_EndOfContent) {
+ if (depth == 0)
+ break;
+ depth--;
+ }
+ if (tag != UT_OctetString) {
+ e = ASN1_BAD_ID;
+ goto out;
+ }
+
+ p += l;
+ len -= l;
+ e = der_get_length (p, len, &datalen, &l);
+ if (e) goto out;
+ p += l;
+ len -= l;
+
+ if (datalen > len)
+ return ASN1_OVERRUN;
+
+ if (type == PRIM) {
+ void *ptr;
+
+ ptr = realloc(data->data, data->length + datalen);
+ if (ptr == NULL) {
+ e = ENOMEM;
+ goto out;
+ }
+ data->data = ptr;
+ memcpy(((unsigned char *)data->data) + data->length, p, datalen);
+ data->length += datalen;
+ } else
+ depth++;
+
+ p += datalen;
+ len -= datalen;
+ }
+ if (depth != 0)
+ return ASN1_INDEF_OVERRUN;
+ if(size) *size = oldlen - len;
+ return 0;
+ out:
+ free(data->data);
+ data->data = NULL;
+ data->length = 0;
+ return e;
+}
+
+
+int
der_get_heim_integer (const unsigned char *p, size_t len,
heim_integer *data, size_t *size)
{
@@ -397,7 +462,7 @@ der_get_oid (const unsigned char *p, size_t len,
++p;
for (n = 2; len > 0; ++n) {
unsigned u = 0, u1;
-
+
do {
--len;
u1 = u * 128 + (*p++ % 128);
@@ -457,15 +522,28 @@ der_match_tag (const unsigned char *p, size_t len,
Der_class class, Der_type type,
unsigned int tag, size_t *size)
{
+ Der_type thistype;
+ int e;
+
+ e = der_match_tag2(p, len, class, &thistype, tag, size);
+ if (e) return e;
+ if (thistype != type) return ASN1_BAD_ID;
+ return 0;
+}
+
+int
+der_match_tag2 (const unsigned char *p, size_t len,
+ Der_class class, Der_type *type,
+ unsigned int tag, size_t *size)
+{
size_t l;
Der_class thisclass;
- Der_type thistype;
unsigned int thistag;
int e;
- e = der_get_tag (p, len, &thisclass, &thistype, &thistag, &l);
+ e = der_get_tag (p, len, &thisclass, type, &thistag, &l);
if (e) return e;
- if (class != thisclass || type != thistype)
+ if (class != thisclass)
return ASN1_BAD_ID;
if(tag > thistag)
return ASN1_MISPLACED_FIELD;
@@ -477,26 +555,25 @@ der_match_tag (const unsigned char *p, size_t len,
int
der_match_tag_and_length (const unsigned char *p, size_t len,
- Der_class class, Der_type type, unsigned int tag,
+ Der_class class, Der_type *type, unsigned int tag,
size_t *length_ret, size_t *size)
{
size_t l, ret = 0;
int e;
- e = der_match_tag (p, len, class, type, tag, &l);
+ e = der_match_tag2 (p, len, class, type, tag, &l);
if (e) return e;
p += l;
len -= l;
ret += l;
e = der_get_length (p, len, length_ret, &l);
if (e) return e;
- p += l;
- len -= l;
- ret += l;
- if(size) *size = ret;
+ if(size) *size = ret + l;
return 0;
}
+
+
/*
* Old versions of DCE was based on a very early beta of the MIT code,
* which used MAVROS for ASN.1 encoding. MAVROS had the interesting
@@ -539,8 +616,11 @@ der_get_bit_string (const unsigned char *p, size_t len,
data->data = malloc(len - 1);
if (data->data == NULL && (len - 1) != 0)
return ENOMEM;
- memcpy (data->data, p + 1, len - 1);
- data->length -= p[0];
+ /* copy data is there is data to copy */
+ if (len - 1 != 0) {
+ memcpy (data->data, p + 1, len - 1);
+ data->length -= p[0];
+ }
if(size) *size = len;
return 0;
}
diff --git a/source4/heimdal/lib/asn1/der_locl.h b/source4/heimdal/lib/asn1/der_locl.h
index f8a21de71c..1f27e72903 100644
--- a/source4/heimdal/lib/asn1/der_locl.h
+++ b/source4/heimdal/lib/asn1/der_locl.h
@@ -36,9 +36,9 @@
#ifndef __DER_LOCL_H__
#define __DER_LOCL_H__
-#ifdef HAVE_CONFIG_H
+
#include <config.h>
-#endif
+
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
diff --git a/source4/heimdal/lib/asn1/der_put.c b/source4/heimdal/lib/asn1/der_put.c
index 5afddb1d05..7e71443da5 100644
--- a/source4/heimdal/lib/asn1/der_put.c
+++ b/source4/heimdal/lib/asn1/der_put.c
@@ -384,7 +384,7 @@ der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type,
} else {
size_t ret = 0;
unsigned int continuation = 0;
-
+
do {
if (len < 1)
return ASN1_OVERFLOW;
diff --git a/source4/heimdal/lib/asn1/digest.asn1 b/source4/heimdal/lib/asn1/digest.asn1
index 1cf58b4638..5ee5bd4a99 100644
--- a/source4/heimdal/lib/asn1/digest.asn1
+++ b/source4/heimdal/lib/asn1/digest.asn1
@@ -139,7 +139,7 @@ DigestREP ::= [APPLICATION 129] SEQUENCE {
-- qop == auth
-- A2 = Method ":" digest-uri-value
-- qop == auth-int
--- A2 = Method ":" digest-uri-value ":" H(entity-body)
+-- A2 = Method ":" digest-uri-value ":" H(entity-body)
-- request-digest = HEX(KD(HEX(H(A1)),
-- unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2))))
diff --git a/source4/heimdal/lib/asn1/extra.c b/source4/heimdal/lib/asn1/extra.c
index 49240605c8..b244dbb52a 100644
--- a/source4/heimdal/lib/asn1/extra.c
+++ b/source4/heimdal/lib/asn1/extra.c
@@ -67,15 +67,21 @@ decode_heim_any(const unsigned char *p, size_t len,
return ASN1_OVERFLOW;
e = der_get_length(p + l, len - l, &length, &len_len);
if (e) return e;
- if (length + len_len + l > len)
- return ASN1_OVERFLOW;
-
+ if (length == ASN1_INDEFINITE) {
+ if (len < len_len + l)
+ return ASN1_OVERFLOW;
+ length = len - (len_len + l);
+ } else {
+ if (len < length + len_len + l)
+ return ASN1_OVERFLOW;
+ }
+
data->data = malloc(length + len_len + l);
if (data->data == NULL)
return ENOMEM;
data->length = length + len_len + l;
memcpy(data->data, p, length + len_len + l);
-
+
if (size)
*size = length + len_len + l;
diff --git a/source4/heimdal/lib/asn1/gen.c b/source4/heimdal/lib/asn1/gen.c
index 52fd0d393b..e156c7cefb 100644
--- a/source4/heimdal/lib/asn1/gen.c
+++ b/source4/heimdal/lib/asn1/gen.c
@@ -83,12 +83,19 @@ init_generate (const char *filename, const char *base)
if (headerbase == NULL)
errx(1, "strdup");
}
+
+ /* public header file */
asprintf(&header, "%s.h", headerbase);
if (header == NULL)
errx(1, "malloc");
- headerfile = fopen (header, "w");
+ asprintf(&fn, "%s.hx", headerbase);
+ if (fn == NULL)
+ errx(1, "malloc");
+ headerfile = fopen (fn, "w");
if (headerfile == NULL)
- err (1, "open %s", header);
+ err (1, "open %s", fn);
+ free(fn);
+
fprintf (headerfile,
"/* Generated from %s */\n"
"/* Do not edit */\n\n",
@@ -229,7 +236,7 @@ gen_compare_defval(const char *var, struct value *val)
}
}
-static void
+void
generate_header_of_codefile(const char *name)
{
char *filename;
@@ -267,7 +274,7 @@ generate_header_of_codefile(const char *name)
}
-static void
+void
close_codefile(void)
{
if (codefile == NULL)
@@ -296,7 +303,8 @@ generate_constant (const Symbol *s)
struct objid *o, **list;
unsigned int i, len;
- generate_header_of_codefile(s->gen_name);
+ if (!one_code_file)
+ generate_header_of_codefile(s->gen_name);
len = 0;
for (o = s->value->u.objectidentifiervalue; o != NULL; o = o->next)
@@ -320,9 +328,13 @@ generate_constant (const Symbol *s)
}
fprintf (headerfile, "} */\n");
- fprintf (headerfile, "const heim_oid *oid_%s(void);\n\n",
+ fprintf (headerfile, "const heim_oid *oid_%s(void);\n",
+ s->gen_name);
+ fprintf (headerfile,
+ "extern const heim_oid asn1_oid_%s;\n\n",
s->gen_name);
+
fprintf (codefile, "static unsigned oid_%s_variable_num[%d] = {",
s->gen_name, len);
for (i = len ; i > 0; i--) {
@@ -330,17 +342,20 @@ generate_constant (const Symbol *s)
}
fprintf(codefile, "};\n");
- fprintf (codefile, "static const heim_oid oid_%s_variable = "
+ fprintf (codefile, "const heim_oid asn1_oid_%s = "
"{ %d, oid_%s_variable_num };\n\n",
s->gen_name, len, s->gen_name);
fprintf (codefile, "const heim_oid *oid_%s(void)\n"
"{\n"
- "return &oid_%s_variable;\n"
+ "return &asn1_oid_%s;\n"
"}\n\n",
s->gen_name, s->gen_name);
- close_codefile();
+ free(list);
+
+ if (!one_code_file)
+ close_codefile();
break;
}
@@ -587,7 +602,7 @@ define_type (int level, const char *name, Type *t, int typedefp, int preservep)
fprintf (headerfile, "struct %s {\n", typedefp ? name : "");
ASN1_TAILQ_FOREACH(m, t->members, members) {
char *n;
-
+
asprintf (&n, "%s:1", m->gen_name);
if (n == NULL)
errx(1, "malloc");
@@ -787,7 +802,8 @@ generate_type_header (const Symbol *s)
void
generate_type (const Symbol *s)
{
- generate_header_of_codefile(s->gen_name);
+ if (!one_code_file)
+ generate_header_of_codefile(s->gen_name);
generate_type_header (s);
generate_type_encode (s);
@@ -798,5 +814,9 @@ generate_type (const Symbol *s)
generate_type_seq (s);
generate_glue (s->type, s->gen_name);
fprintf(headerfile, "\n\n");
- close_codefile();
+
+ if (!one_code_file) {
+ fprintf(codefile, "\n\n");
+ close_codefile();
+ }
}
diff --git a/source4/heimdal/lib/asn1/gen_copy.c b/source4/heimdal/lib/asn1/gen_copy.c
index 37c9304779..5042ed64ed 100644
--- a/source4/heimdal/lib/asn1/gen_copy.c
+++ b/source4/heimdal/lib/asn1/gen_copy.c
@@ -149,7 +149,7 @@ copy_type (const char *from, const char *to, const Type *t, int preserve)
to, have_ellipsis->gen_name);
used_fail++;
}
- fprintf(codefile, "}\n");
+ fprintf(codefile, "}\n");
}
break;
}
diff --git a/source4/heimdal/lib/asn1/gen_decode.c b/source4/heimdal/lib/asn1/gen_decode.c
index 2bd5acb47e..cf7f0b05dc 100644
--- a/source4/heimdal/lib/asn1/gen_decode.c
+++ b/source4/heimdal/lib/asn1/gen_decode.c
@@ -230,7 +230,7 @@ range_check(const char *name,
static int
decode_type (const char *name, const Type *t, int optional,
- const char *forwstr, const char *tmpstr)
+ const char *forwstr, const char *tmpstr, const char *dertype)
{
switch (t->type) {
case TType: {
@@ -289,7 +289,17 @@ decode_type (const char *name, const Type *t, int optional,
decode_primitive ("enumerated", name, forwstr);
break;
case TOctetString:
+ if (dertype) {
+ fprintf(codefile,
+ "if (%s == CONS) {\n",
+ dertype);
+ decode_primitive("octet_string_ber", name, forwstr);
+ fprintf(codefile,
+ "} else {\n");
+ }
decode_primitive ("octet_string", name, forwstr);
+ if (dertype)
+ fprintf(codefile, "}\n");
if (t->range)
range_check(name, "length", forwstr, t->range);
break;
@@ -340,10 +350,10 @@ decode_type (const char *name, const Type *t, int optional,
name, m->gen_name);
if (s == NULL)
errx(1, "malloc");
- decode_type (s, m->type, m->optional, forwstr, m->gen_name);
+ decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL);
free (s);
}
-
+
break;
}
case TSet: {
@@ -382,7 +392,7 @@ decode_type (const char *name, const Type *t, int optional,
"%s = calloc(1, sizeof(*%s));\n"
"if (%s == NULL) { e = ENOMEM; %s; }\n",
s, s, s, forwstr);
- decode_type (s, m->type, 0, forwstr, m->gen_name);
+ decode_type (s, m->type, 0, forwstr, m->gen_name, NULL);
free (s);
fprintf(codefile, "members |= (1 << %d);\n", memno);
@@ -458,7 +468,7 @@ decode_type (const char *name, const Type *t, int optional,
asprintf (&sname, "%s_s_of", tmpstr);
if (sname == NULL)
errx(1, "malloc");
- decode_type (n, t->subtype, 0, forwstr, sname);
+ decode_type (n, t->subtype, 0, forwstr, sname, NULL);
fprintf (codefile,
"(%s)->len++;\n"
"len = %s_origlen - ret;\n"
@@ -480,21 +490,37 @@ decode_type (const char *name, const Type *t, int optional,
decode_primitive ("general_string", name, forwstr);
break;
case TTag:{
- char *tname;
+ char *tname, *typestring;
+ char *ide = NULL;
+
+ asprintf(&typestring, "%s_type", tmpstr);
fprintf(codefile,
"{\n"
- "size_t %s_datalen, %s_oldlen;\n",
- tmpstr, tmpstr);
- if(dce_fix)
+ "size_t %s_datalen, %s_oldlen;\n"
+ "Der_type %s;\n",
+ tmpstr, tmpstr, typestring);
+ if(support_ber)
fprintf(codefile,
- "int dce_fix;\n");
- fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, %s, %s, "
+ "int is_indefinite;\n");
+
+ fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, &%s, %s, "
"&%s_datalen, &l);\n",
classname(t->tag.tagclass),
- is_primitive_type(t->subtype->type) ? "PRIM" : "CONS",
+ typestring,
valuename(t->tag.tagclass, t->tag.tagvalue),
tmpstr);
+
+ /* XXX hardcode for now */
+ if (support_ber && t->subtype->type == TOctetString) {
+ ide = typestring;
+ } else {
+ fprintf(codefile,
+ "if (e == 0 && %s != %s) { e = ASN1_BAD_ID; }\n",
+ typestring,
+ is_primitive_type(t->subtype->type) ? "PRIM" : "CONS");
+ }
+
if(optional) {
fprintf(codefile,
"if(e) {\n"
@@ -510,11 +536,12 @@ decode_type (const char *name, const Type *t, int optional,
"p += l; len -= l; ret += l;\n"
"%s_oldlen = len;\n",
tmpstr);
- if(dce_fix)
+ if(support_ber)
fprintf (codefile,
- "if((dce_fix = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
- "{ e = ASN1_BAD_FORMAT; %s; }\n",
- tmpstr, forwstr);
+ "if((is_indefinite = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
+ "{ e = ASN1_BAD_FORMAT; %s; }\n"
+ "if (is_indefinite) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }",
+ tmpstr, forwstr, forwstr);
else
fprintf(codefile,
"if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n"
@@ -522,15 +549,22 @@ decode_type (const char *name, const Type *t, int optional,
asprintf (&tname, "%s_Tag", tmpstr);
if (tname == NULL)
errx(1, "malloc");
- decode_type (name, t->subtype, 0, forwstr, tname);
- if(dce_fix)
+ decode_type (name, t->subtype, 0, forwstr, tname, ide);
+ if(support_ber)
fprintf(codefile,
- "if(dce_fix){\n"
- "e = der_match_tag_and_length (p, len, "
- "(Der_class)0,(Der_type)0, UT_EndOfContent, "
+ "if(is_indefinite){\n"
+ "len += 2;\n"
+ "e = der_match_tag_and_length(p, len, "
+ "(Der_class)0, &%s, UT_EndOfContent, "
"&%s_datalen, &l);\n"
- "if(e) %s;\np += l; len -= l; ret += l;\n"
- "} else \n", tmpstr, forwstr);
+ "if(e) %s;\n"
+ "p += l; len -= l; ret += l;\n"
+ "if (%s != (Der_type)0) { e = ASN1_BAD_ID; %s; }\n"
+ "} else \n",
+ typestring,
+ tmpstr,
+ forwstr,
+ typestring, forwstr);
fprintf(codefile,
"len = %s_oldlen - %s_datalen;\n",
tmpstr, tmpstr);
@@ -540,6 +574,7 @@ decode_type (const char *name, const Type *t, int optional,
fprintf(codefile,
"}\n");
free(tname);
+ free(typestring);
break;
}
case TChoice: {
@@ -555,7 +590,7 @@ decode_type (const char *name, const Type *t, int optional,
Der_class cl;
Der_type ty;
unsigned tag;
-
+
if (m->ellipsis) {
have_ellipsis = m;
continue;
@@ -573,7 +608,7 @@ decode_type (const char *name, const Type *t, int optional,
name, m->gen_name);
if (s == NULL)
errx(1, "malloc");
- decode_type (s, m->type, m->optional, forwstr, m->gen_name);
+ decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL);
fprintf(codefile,
"(%s)->element = %s;\n",
name, m->label);
@@ -695,7 +730,7 @@ generate_type_decode (const Symbol *s)
fprintf (codefile, "\n");
fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */
- decode_type ("data", s->type, 0, "goto fail", "Top");
+ decode_type ("data", s->type, 0, "goto fail", "Top", NULL);
if (preserve)
fprintf (codefile,
"data->_save.data = calloc(1, ret);\n"
diff --git a/source4/heimdal/lib/asn1/gen_encode.c b/source4/heimdal/lib/asn1/gen_encode.c
index d80a2f8d1f..1f8078a0ee 100644
--- a/source4/heimdal/lib/asn1/gen_encode.c
+++ b/source4/heimdal/lib/asn1/gen_encode.c
@@ -257,7 +257,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
if (t->members == NULL)
break;
-
+
ASN1_TAILQ_FOREACH_REVERSE(m, t->members, memhead, members) {
char *s;
@@ -388,7 +388,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
int c;
asprintf (&tname, "%s_tag", tmpstr);
if (tname == NULL)
- errx(1, "malloc");
+ errx(1, "malloc");
c = encode_type (name, t->subtype, tname);
fprintf (codefile,
"e = der_put_length_and_tag (p, len, ret, %s, %s, %s, &l);\n"
diff --git a/source4/heimdal/lib/asn1/gen_free.c b/source4/heimdal/lib/asn1/gen_free.c
index 305d7de247..fac1f6da5d 100644
--- a/source4/heimdal/lib/asn1/gen_free.c
+++ b/source4/heimdal/lib/asn1/gen_free.c
@@ -110,7 +110,7 @@ free_type (const char *name, const Type *t, int preserve)
if(t->type == TChoice)
fprintf(codefile, "break;\n");
}
-
+
if(t->type == TChoice) {
if (have_ellipsis)
fprintf(codefile,
diff --git a/source4/heimdal/lib/asn1/gen_length.c b/source4/heimdal/lib/asn1/gen_length.c
index a1df4eef6b..7f9755e2da 100644
--- a/source4/heimdal/lib/asn1/gen_length.c
+++ b/source4/heimdal/lib/asn1/gen_length.c
@@ -139,7 +139,7 @@ length_type (const char *name, const Type *t,
ASN1_TAILQ_FOREACH(m, t->members, members) {
char *s;
-
+
if (m->ellipsis) {
have_ellipsis = m;
continue;
diff --git a/source4/heimdal/lib/asn1/gen_locl.h b/source4/heimdal/lib/asn1/gen_locl.h
index c8b3896314..2bb64b5a38 100644
--- a/source4/heimdal/lib/asn1/gen_locl.h
+++ b/source4/heimdal/lib/asn1/gen_locl.h
@@ -36,9 +36,8 @@
#ifndef __GEN_LOCL_H__
#define __GEN_LOCL_H__
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
+
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
@@ -80,9 +79,14 @@ int yyparse(void);
int preserve_type(const char *);
int seq_type(const char *);
+void generate_header_of_codefile(const char *);
+void close_codefile(void);
+
+
extern FILE *headerfile, *codefile, *logfile;
-extern int dce_fix;
+extern int support_ber;
extern int rfc1510_bitstring;
+extern int one_code_file;
extern int error_flag;
diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/krb5.asn1
index 9b36498161..8edb0fde69 100644
--- a/source4/heimdal/lib/asn1/k5.asn1
+++ b/source4/heimdal/lib/asn1/krb5.asn1
@@ -13,6 +13,7 @@ NAME-TYPE ::= INTEGER {
KRB5_NT_X500_PRINCIPAL(6), -- PKINIT
KRB5_NT_SMTP_NAME(7), -- Name in form of SMTP email name
KRB5_NT_ENTERPRISE_PRINCIPAL(10), -- Windows 2000 UPN
+ KRB5_NT_WELLKNOWN(11), -- Wellknown
KRB5_NT_ENT_PRINCIPAL_AND_ID(-130), -- Windows 2000 UPN and SID
KRB5_NT_MS_PRINCIPAL(-128), -- NT 4 style name
KRB5_NT_MS_PRINCIPAL_AND_ID(-129) -- NT style name and SID
@@ -64,6 +65,10 @@ PADATA-TYPE ::= INTEGER {
KRB5-PADATA-GET-FROM-TYPED-DATA(22),
KRB5-PADATA-SAM-ETYPE-INFO(23),
KRB5-PADATA-SERVER-REFERRAL(25),
+ KRB5-PADATA-ALT-PRINC(24), -- (crawdad@fnal.gov)
+ KRB5-PADATA-SAM-CHALLENGE2(30), -- (kenh@pobox.com)
+ KRB5-PADATA-SAM-RESPONSE2(31), -- (kenh@pobox.com)
+ KRB5-PA-EXTRA-TGT(41), -- Reserved extra TGT
KRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName
KRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT
KRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT
@@ -71,13 +76,30 @@ PADATA-TYPE ::= INTEGER {
KRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER
KRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER
KRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com
- KRB5-PADATA-S4U2SELF(129),
- KRB5-PADATA-EPAC(130), -- EPAK
- KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to
- -- tell KDC that is supports
+ KRB5-PADATA-FOR-USER(129), -- MS-KILE
+ KRB5-PADATA-FOR-X509-USER(130), -- MS-KILE
+ KRB5-PADATA-FOR-CHECK-DUPS(131), -- MS-KILE
+ KRB5-PADATA-AS-CHECKSUM(132), -- MS-KILE
+ KRB5-PADATA-PK-AS-09-BINDING(132), -- client send this to
+ -- tell KDC that is supports
-- the asCheckSum in the
-- PK-AS-REP
- KRB5-PADATA-CLIENT-CANONICALIZED(133) --
+ KRB5-PADATA-CLIENT-CANONICALIZED(133), -- referals
+ KRB5-PADATA-FX-COOKIE(133), -- krb-wg-preauth-framework
+ KRB5-PADATA-AUTHENTICATION-SET(134), -- krb-wg-preauth-framework
+ KRB5-PADATA-AUTH-SET-SELECTED(135), -- krb-wg-preauth-framework
+ KRB5-PADATA-FX-FAST(136), -- krb-wg-preauth-framework
+ KRB5-PADATA-FX-ERROR(137), -- krb-wg-preauth-framework
+ KRB5-PADATA-ENCRYPTED-CHALLENGE(138), -- krb-wg-preauth-framework
+ KRB5-PADATA-OTP-CHALLENGE(141), -- (gareth.richards@rsa.com)
+ KRB5-PADATA-OTP-REQUEST(142), -- (gareth.richards@rsa.com)
+ KBB5-PADATA-OTP-CONFIRM(143), -- (gareth.richards@rsa.com)
+ KRB5-PADATA-OTP-PIN-CHANGE(144), -- (gareth.richards@rsa.com)
+ KRB5-PADATA-EPAK-AS-REQ(145),
+ KRB5-PADATA-EPAK-AS-REP(146),
+ KRB5-PADATA-PKINIT-KX(147), -- krb-wg-anon
+ KRB5-PADATA-PKU2U-NAME(148), -- zhu-pku2u
+ KRB5-PADATA-SUPPORTED-ETYPES(165) -- MS-KILE
}
AUTHDATA-TYPE ::= INTEGER {
@@ -174,6 +196,8 @@ Principal ::= SEQUENCE {
realm[1] Realm
}
+Principals ::= SEQUENCE OF Principal
+
HostAddress ::= SEQUENCE {
addr-type[0] krb5int32,
address[1] OCTET STRING
@@ -387,7 +411,7 @@ PA-ENC-TS-ENC ::= SEQUENCE {
-- draft-brezak-win2k-krb-authz-01
PA-PAC-REQUEST ::= SEQUENCE {
- include-pac[0] BOOLEAN -- Indicates whether a PAC
+ include-pac[0] BOOLEAN -- Indicates whether a PAC
-- should be included or not
}
@@ -618,21 +642,19 @@ PA-S4U2Self ::= SEQUENCE {
auth[3] GeneralString
}
-KRB5SignedPathPrincipals ::= SEQUENCE OF Principal
-
-- never encoded on the wire, just used to checksum over
KRB5SignedPathData ::= SEQUENCE {
encticket[0] EncTicketPart,
- delegated[1] KRB5SignedPathPrincipals OPTIONAL
+ delegated[1] Principals OPTIONAL
}
KRB5SignedPath ::= SEQUENCE {
-- DERcoded KRB5SignedPathData
- -- krbtgt key (etype), KeyUsage = XXX
+ -- krbtgt key (etype), KeyUsage = XXX
etype[0] ENCTYPE,
cksum[1] Checksum,
-- srvs delegated though
- delegated[2] KRB5SignedPathPrincipals OPTIONAL
+ delegated[2] Principals OPTIONAL
}
PA-ClientCanonicalizedNames ::= SEQUENCE{
@@ -666,6 +688,63 @@ PA-ServerReferralData ::= SEQUENCE {
...
}
+FastOptions ::= BIT STRING {
+ reserved(0),
+ hide-client-names(1),
+ kdc-follow--referrals(16)
+}
+
+KrbFastReq ::= SEQUENCE {
+ fast-options [0] FastOptions,
+ padata [1] SEQUENCE OF PA-DATA,
+ req-body [2] KDC-REQ-BODY,
+ ...
+}
+
+KrbFastArmor ::= SEQUENCE {
+ armor-type [0] krb5int32,
+ armor-value [1] OCTET STRING,
+ ...
+}
+
+KrbFastArmoredReq ::= SEQUENCE {
+ armor [0] KrbFastArmor OPTIONAL,
+ req-checksum [1] Checksum,
+ enc-fast-req [2] EncryptedData -- KrbFastReq --
+}
+
+PA-FX-FAST-REQUEST ::= CHOICE {
+ armored-data [0] KrbFastArmoredReq,
+ ...
+}
+
+KrbFastFinished ::= SEQUENCE {
+ timestamp [0] KerberosTime,
+ usec [1] krb5int32,
+ crealm [2] Realm,
+ cname [3] PrincipalName,
+ checksum [4] Checksum,
+ ticket-checksum [5] Checksum,
+ ...
+}
+
+KrbFastResponse ::= SEQUENCE {
+ padata [0] SEQUENCE OF PA-DATA,
+ rep-key [1] EncryptionKey OPTIONAL,
+ finished [2] KrbFastFinished OPTIONAL,
+ ...
+}
+
+KrbFastArmoredRep ::= SEQUENCE {
+ enc-fast-rep [0] EncryptedData, -- KrbFastResponse --
+ ...
+}
+
+PA-FX-FAST-REPLY ::= CHOICE {
+ armored-data [0] KrbFastArmoredRep,
+ ...
+}
+
END
-- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1
diff --git a/source4/heimdal/lib/asn1/krb5.opt b/source4/heimdal/lib/asn1/krb5.opt
new file mode 100644
index 0000000000..1d6d5e8989
--- /dev/null
+++ b/source4/heimdal/lib/asn1/krb5.opt
@@ -0,0 +1,6 @@
+--encode-rfc1510-bit-string
+--sequence=Principals
+--sequence=AuthorizationData
+--sequence=METHOD-DATA
+--sequence=ETYPE-INFO
+--sequence=ETYPE-INFO2
diff --git a/source4/heimdal/lib/asn1/kx509.asn1 b/source4/heimdal/lib/asn1/kx509.asn1
index 820abc8106..14ebf50ecd 100644
--- a/source4/heimdal/lib/asn1/kx509.asn1
+++ b/source4/heimdal/lib/asn1/kx509.asn1
@@ -3,6 +3,17 @@
KX509 DEFINITIONS ::=
BEGIN
+KX509-ERROR-CODE ::= INTEGER {
+ KX509-STATUS-GOOD(0),
+ KX509-STATUS-CLIENT-BAD(1),
+ KX509-STATUS-CLIENT-FIX(2),
+ KX509-STATUS-CLIENT-TEMP(3),
+ KX509-STATUS-SERVER-BAD(4),
+ KX509-STATUS-SERVER-TEMP(5),
+ -- 6 is used internally in the umich client, avoid that
+ KX509-STATUS-SERVER-KEY(7)
+}
+
Kx509Request ::= SEQUENCE {
authenticator OCTET STRING,
pk-hash OCTET STRING,
diff --git a/source4/heimdal/lib/asn1/lex.l b/source4/heimdal/lib/asn1/lex.l
index 1198ef16a6..7bd442bc50 100644
--- a/source4/heimdal/lib/asn1/lex.l
+++ b/source4/heimdal/lib/asn1/lex.l
@@ -46,7 +46,7 @@
#endif
#undef ECHO
#include "symbol.h"
-#include "parse.h"
+#include "asn1parse.h"
#include "lex.h"
#include "gen_locl.h"
@@ -216,7 +216,7 @@ WITH { return kw_WITH; }
char *p = buf;
int f = 0;
int skip_ws = 0;
-
+
while((c = input()) != EOF) {
if(isspace(c) && skip_ws) {
if(c == '\n')
@@ -224,7 +224,7 @@ WITH { return kw_WITH; }
continue;
}
skip_ws = 0;
-
+
if(c == '"') {
if(f) {
*p++ = '"';
diff --git a/source4/heimdal/lib/asn1/main.c b/source4/heimdal/lib/asn1/main.c
index 6a97634310..115c82a9c7 100644
--- a/source4/heimdal/lib/asn1/main.c
+++ b/source4/heimdal/lib/asn1/main.c
@@ -62,15 +62,20 @@ seq_type(const char *p)
return 0;
}
-int dce_fix;
+int support_ber;
int rfc1510_bitstring;
+int one_code_file;
+char *option_file;
int version_flag;
int help_flag;
struct getargs args[] = {
{ "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring },
- { "decode-dce-ber", 0, arg_flag, &dce_fix },
+ { "decode-dce-ber", 0, arg_flag, &support_ber },
+ { "support-ber", 0, arg_flag, &support_ber },
{ "preserve-binary", 0, arg_strings, &preserve },
{ "sequence", 0, arg_strings, &seq },
+ { "one-code-file", 0, arg_flag, &one_code_file },
+ { "option-file", 0, arg_string, &option_file },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
@@ -92,6 +97,8 @@ main(int argc, char **argv)
const char *file;
const char *name = NULL;
int optidx = 0;
+ char **arg = NULL;
+ size_t len = 0, i;
setprogname(argv[0]);
if(getarg(args, num_args, argc, argv, &optidx))
@@ -121,7 +128,58 @@ main(int argc, char **argv)
name = argv[optidx + 1];
}
+ /*
+ * Parse extra options file
+ */
+ if (option_file) {
+ char buf[1024];
+ FILE *opt;
+
+ opt = fopen(option_file, "r");
+ if (opt == NULL) {
+ perror("open");
+ exit(1);
+ }
+
+ arg = calloc(2, sizeof(arg[0]));
+ arg[0] = option_file;
+ arg[1] = NULL;
+ len = 1;
+
+ while (fgets(buf, sizeof(buf), opt) != NULL) {
+ buf[strcspn(buf, "\n\r")] = '\0';
+
+ arg = realloc(arg, (len + 2) * sizeof(arg[0]));
+ if (argv == NULL) {
+ perror("malloc");
+ exit(1);
+ }
+ arg[len] = strdup(buf);
+ if (arg[len] == NULL) {
+ perror("strdup");
+ exit(1);
+ }
+ arg[len + 1] = NULL;
+ len++;
+ }
+ fclose(opt);
+
+ optidx = 0;
+ if(getarg(args, num_args, len, arg, &optidx))
+ usage(1);
+
+ if (len != optidx) {
+ fprintf(stderr, "extra args");
+ exit(1);
+ }
+ }
+
+
init_generate (file, name);
+
+ if (one_code_file)
+ generate_header_of_codefile(name);
+
initsym ();
ret = yyparse ();
if(ret != 0 || error_flag != 0)
@@ -129,5 +187,15 @@ main(int argc, char **argv)
close_generate ();
if (argc != optidx)
fclose(yyin);
+
+ if (one_code_file)
+ close_codefile();
+
+ if (arg) {
+ for (i = 1; i < len; i++)
+ free(arg[i]);
+ free(arg);
+ }
+
return 0;
}
diff --git a/source4/heimdal/lib/asn1/parse.y b/source4/heimdal/lib/asn1/parse.y
deleted file mode 100644
index aca4a062b8..0000000000
--- a/source4/heimdal/lib/asn1/parse.y
+++ /dev/null
@@ -1,1015 +0,0 @@
-/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* $Id$ */
-
-%{
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "symbol.h"
-#include "lex.h"
-#include "gen_locl.h"
-#include "der.h"
-
-RCSID("$Id$");
-
-static Type *new_type (Typetype t);
-static struct constraint_spec *new_constraint_spec(enum ctype);
-static Type *new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype);
-void yyerror (const char *);
-static struct objid *new_objid(const char *label, int value);
-static void add_oid_to_tail(struct objid *, struct objid *);
-static void fix_labels(Symbol *s);
-
-struct string_list {
- char *string;
- struct string_list *next;
-};
-
-%}
-
-%union {
- int constant;
- struct value *value;
- struct range *range;
- char *name;
- Type *type;
- Member *member;
- struct objid *objid;
- char *defval;
- struct string_list *sl;
- struct tagtype tag;
- struct memhead *members;
- struct constraint_spec *constraint_spec;
-}
-
-%token kw_ABSENT
-%token kw_ABSTRACT_SYNTAX
-%token kw_ALL
-%token kw_APPLICATION
-%token kw_AUTOMATIC
-%token kw_BEGIN
-%token kw_BIT
-%token kw_BMPString
-%token kw_BOOLEAN
-%token kw_BY
-%token kw_CHARACTER
-%token kw_CHOICE
-%token kw_CLASS
-%token kw_COMPONENT
-%token kw_COMPONENTS
-%token kw_CONSTRAINED
-%token kw_CONTAINING
-%token kw_DEFAULT
-%token kw_DEFINITIONS
-%token kw_EMBEDDED
-%token kw_ENCODED
-%token kw_END
-%token kw_ENUMERATED
-%token kw_EXCEPT
-%token kw_EXPLICIT
-%token kw_EXPORTS
-%token kw_EXTENSIBILITY
-%token kw_EXTERNAL
-%token kw_FALSE
-%token kw_FROM
-%token kw_GeneralString
-%token kw_GeneralizedTime
-%token kw_GraphicString
-%token kw_IA5String
-%token kw_IDENTIFIER
-%token kw_IMPLICIT
-%token kw_IMPLIED
-%token kw_IMPORTS
-%token kw_INCLUDES
-%token kw_INSTANCE
-%token kw_INTEGER
-%token kw_INTERSECTION
-%token kw_ISO646String
-%token kw_MAX
-%token kw_MIN
-%token kw_MINUS_INFINITY
-%token kw_NULL
-%token kw_NumericString
-%token kw_OBJECT
-%token kw_OCTET
-%token kw_OF
-%token kw_OPTIONAL
-%token kw_ObjectDescriptor
-%token kw_PATTERN
-%token kw_PDV
-%token kw_PLUS_INFINITY
-%token kw_PRESENT
-%token kw_PRIVATE
-%token kw_PrintableString
-%token kw_REAL
-%token kw_RELATIVE_OID
-%token kw_SEQUENCE
-%token kw_SET
-%token kw_SIZE
-%token kw_STRING
-%token kw_SYNTAX
-%token kw_T61String
-%token kw_TAGS
-%token kw_TRUE
-%token kw_TYPE_IDENTIFIER
-%token kw_TeletexString
-%token kw_UNION
-%token kw_UNIQUE
-%token kw_UNIVERSAL
-%token kw_UTCTime
-%token kw_UTF8String
-%token kw_UniversalString
-%token kw_VideotexString
-%token kw_VisibleString
-%token kw_WITH
-
-%token RANGE
-%token EEQUAL
-%token ELLIPSIS
-
-%token <name> IDENTIFIER referencename
-%token <name> STRING
-
-%token <constant> NUMBER
-%type <constant> SignedNumber
-%type <constant> Class tagenv
-
-%type <value> Value
-%type <value> BuiltinValue
-%type <value> IntegerValue
-%type <value> BooleanValue
-%type <value> ObjectIdentifierValue
-%type <value> CharacterStringValue
-%type <value> NullValue
-%type <value> DefinedValue
-%type <value> ReferencedValue
-%type <value> Valuereference
-
-%type <type> Type
-%type <type> BuiltinType
-%type <type> BitStringType
-%type <type> BooleanType
-%type <type> ChoiceType
-%type <type> ConstrainedType
-%type <type> EnumeratedType
-%type <type> IntegerType
-%type <type> NullType
-%type <type> OctetStringType
-%type <type> SequenceType
-%type <type> SequenceOfType
-%type <type> SetType
-%type <type> SetOfType
-%type <type> TaggedType
-%type <type> ReferencedType
-%type <type> DefinedType
-%type <type> UsefulType
-%type <type> ObjectIdentifierType
-%type <type> CharacterStringType
-%type <type> RestrictedCharactedStringType
-
-%type <tag> Tag
-
-%type <member> ComponentType
-%type <member> NamedBit
-%type <member> NamedNumber
-%type <member> NamedType
-%type <members> ComponentTypeList
-%type <members> Enumerations
-%type <members> NamedBitList
-%type <members> NamedNumberList
-
-%type <objid> objid objid_list objid_element objid_opt
-%type <range> range size
-
-%type <sl> referencenames
-
-%type <constraint_spec> Constraint
-%type <constraint_spec> ConstraintSpec
-%type <constraint_spec> GeneralConstraint
-%type <constraint_spec> ContentsConstraint
-%type <constraint_spec> UserDefinedConstraint
-
-
-
-%start ModuleDefinition
-
-%%
-
-ModuleDefinition: IDENTIFIER objid_opt kw_DEFINITIONS TagDefault ExtensionDefault
- EEQUAL kw_BEGIN ModuleBody kw_END
- {
- checkundefined();
- }
- ;
-
-TagDefault : kw_EXPLICIT kw_TAGS
- | kw_IMPLICIT kw_TAGS
- { error_message("implicit tagging is not supported"); }
- | kw_AUTOMATIC kw_TAGS
- { error_message("automatic tagging is not supported"); }
- | /* empty */
- ;
-
-ExtensionDefault: kw_EXTENSIBILITY kw_IMPLIED
- { error_message("no extensibility options supported"); }
- | /* empty */
- ;
-
-ModuleBody : /* Exports */ Imports AssignmentList
- | /* empty */
- ;
-
-Imports : kw_IMPORTS SymbolsImported ';'
- | /* empty */
- ;
-
-SymbolsImported : SymbolsFromModuleList
- | /* empty */
- ;
-
-SymbolsFromModuleList: SymbolsFromModule
- | SymbolsFromModuleList SymbolsFromModule
- ;
-
-SymbolsFromModule: referencenames kw_FROM IDENTIFIER objid_opt
- {
- struct string_list *sl;
- for(sl = $1; sl != NULL; sl = sl->next) {
- Symbol *s = addsym(sl->string);
- s->stype = Stype;
- }
- add_import($3);
- }
- ;
-
-AssignmentList : Assignment
- | Assignment AssignmentList
- ;
-
-Assignment : TypeAssignment
- | ValueAssignment
- ;
-
-referencenames : IDENTIFIER ',' referencenames
- {
- $$ = emalloc(sizeof(*$$));
- $$->string = $1;
- $$->next = $3;
- }
- | IDENTIFIER
- {
- $$ = emalloc(sizeof(*$$));
- $$->string = $1;
- $$->next = NULL;
- }
- ;
-
-TypeAssignment : IDENTIFIER EEQUAL Type
- {
- Symbol *s = addsym ($1);
- s->stype = Stype;
- s->type = $3;
- fix_labels(s);
- generate_type (s);
- }
- ;
-
-Type : BuiltinType
- | ReferencedType
- | ConstrainedType
- ;
-
-BuiltinType : BitStringType
- | BooleanType
- | CharacterStringType
- | ChoiceType
- | EnumeratedType
- | IntegerType
- | NullType
- | ObjectIdentifierType
- | OctetStringType
- | SequenceType
- | SequenceOfType
- | SetType
- | SetOfType
- | TaggedType
- ;
-
-BooleanType : kw_BOOLEAN
- {
- $$ = new_tag(ASN1_C_UNIV, UT_Boolean,
- TE_EXPLICIT, new_type(TBoolean));
- }
- ;
-
-range : '(' Value RANGE Value ')'
- {
- if($2->type != integervalue)
- error_message("Non-integer used in first part of range");
- if($2->type != integervalue)
- error_message("Non-integer in second part of range");
- $$ = ecalloc(1, sizeof(*$$));
- $$->min = $2->u.integervalue;
- $$->max = $4->u.integervalue;
- }
- | '(' Value RANGE kw_MAX ')'
- {
- if($2->type != integervalue)
- error_message("Non-integer in first part of range");
- $$ = ecalloc(1, sizeof(*$$));
- $$->min = $2->u.integervalue;
- $$->max = $2->u.integervalue - 1;
- }
- | '(' kw_MIN RANGE Value ')'
- {
- if($4->type != integervalue)
- error_message("Non-integer in second part of range");
- $$ = ecalloc(1, sizeof(*$$));
- $$->min = $4->u.integervalue + 2;
- $$->max = $4->u.integervalue;
- }
- | '(' Value ')'
- {
- if($2->type != integervalue)
- error_message("Non-integer used in limit");
- $$ = ecalloc(1, sizeof(*$$));
- $$->min = $2->u.integervalue;
- $$->max = $2->u.integervalue;
- }
- ;
-
-
-IntegerType : kw_INTEGER
- {
- $$ = new_tag(ASN1_C_UNIV, UT_Integer,
- TE_EXPLICIT, new_type(TInteger));
- }
- | kw_INTEGER range
- {
- $$ = new_type(TInteger);
- $$->range = $2;
- $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$);
- }
- | kw_INTEGER '{' NamedNumberList '}'
- {
- $$ = new_type(TInteger);
- $$->members = $3;
- $$ = new_tag(ASN1_C_UNIV, UT_Integer, TE_EXPLICIT, $$);
- }
- ;
-
-NamedNumberList : NamedNumber
- {
- $$ = emalloc(sizeof(*$$));
- ASN1_TAILQ_INIT($$);
- ASN1_TAILQ_INSERT_HEAD($$, $1, members);
- }
- | NamedNumberList ',' NamedNumber
- {
- ASN1_TAILQ_INSERT_TAIL($1, $3, members);
- $$ = $1;
- }
- | NamedNumberList ',' ELLIPSIS
- { $$ = $1; } /* XXX used for Enumerations */
- ;
-
-NamedNumber : IDENTIFIER '(' SignedNumber ')'
- {
- $$ = emalloc(sizeof(*$$));
- $$->name = $1;
- $$->gen_name = estrdup($1);
- output_name ($$->gen_name);
- $$->val = $3;
- $$->optional = 0;
- $$->ellipsis = 0;
- $$->type = NULL;
- }
- ;
-
-EnumeratedType : kw_ENUMERATED '{' Enumerations '}'
- {
- $$ = new_type(TInteger);
- $$->members = $3;
- $$ = new_tag(ASN1_C_UNIV, UT_Enumerated, TE_EXPLICIT, $$);
- }
- ;
-
-Enumerations : NamedNumberList /* XXX */
- ;
-
-BitStringType : kw_BIT kw_STRING
- {
- $$ = new_type(TBitString);
- $$->members = emalloc(sizeof(*$$->members));
- ASN1_TAILQ_INIT($$->members);
- $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$);
- }
- | kw_BIT kw_STRING '{' NamedBitList '}'
- {
- $$ = new_type(TBitString);
- $$->members = $4;
- $$ = new_tag(ASN1_C_UNIV, UT_BitString, TE_EXPLICIT, $$);
- }
- ;
-
-ObjectIdentifierType: kw_OBJECT kw_IDENTIFIER
- {
- $$ = new_tag(ASN1_C_UNIV, UT_OID,
- TE_EXPLICIT, new_type(TOID));
- }
- ;
-OctetStringType : kw_OCTET kw_STRING size
- {
- Type *t = new_type(TOctetString);
- t->range = $3;
- $$ = new_tag(ASN1_C_UNIV, UT_OctetString,
- TE_EXPLICIT, t);
- }
- ;
-
-NullType : kw_NULL
- {
- $$ = new_tag(ASN1_C_UNIV, UT_Null,
- TE_EXPLICIT, new_type(TNull));
- }
- ;
-
-size :
- { $$ = NULL; }
- | kw_SIZE range
- { $$ = $2; }
- ;
-
-
-SequenceType : kw_SEQUENCE '{' /* ComponentTypeLists */ ComponentTypeList '}'
- {
- $$ = new_type(TSequence);
- $$->members = $3;
- $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
- }
- | kw_SEQUENCE '{' '}'
- {
- $$ = new_type(TSequence);
- $$->members = NULL;
- $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
- }
- ;
-
-SequenceOfType : kw_SEQUENCE size kw_OF Type
- {
- $$ = new_type(TSequenceOf);
- $$->range = $2;
- $$->subtype = $4;
- $$ = new_tag(ASN1_C_UNIV, UT_Sequence, TE_EXPLICIT, $$);
- }
- ;
-
-SetType : kw_SET '{' /* ComponentTypeLists */ ComponentTypeList '}'
- {
- $$ = new_type(TSet);
- $$->members = $3;
- $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
- }
- | kw_SET '{' '}'
- {
- $$ = new_type(TSet);
- $$->members = NULL;
- $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
- }
- ;
-
-SetOfType : kw_SET kw_OF Type
- {
- $$ = new_type(TSetOf);
- $$->subtype = $3;
- $$ = new_tag(ASN1_C_UNIV, UT_Set, TE_EXPLICIT, $$);
- }
- ;
-
-ChoiceType : kw_CHOICE '{' /* AlternativeTypeLists */ ComponentTypeList '}'
- {
- $$ = new_type(TChoice);
- $$->members = $3;
- }
- ;
-
-ReferencedType : DefinedType
- | UsefulType
- ;
-
-DefinedType : IDENTIFIER
- {
- Symbol *s = addsym($1);
- $$ = new_type(TType);
- if(s->stype != Stype && s->stype != SUndefined)
- error_message ("%s is not a type\n", $1);
- else
- $$->symbol = s;
- }
- ;
-
-UsefulType : kw_GeneralizedTime
- {
- $$ = new_tag(ASN1_C_UNIV, UT_GeneralizedTime,
- TE_EXPLICIT, new_type(TGeneralizedTime));
- }
- | kw_UTCTime
- {
- $$ = new_tag(ASN1_C_UNIV, UT_UTCTime,
- TE_EXPLICIT, new_type(TUTCTime));
- }
- ;
-
-ConstrainedType : Type Constraint
- {
- /* if (Constraint.type == contentConstrant) {
- assert(Constraint.u.constraint.type == octetstring|bitstring-w/o-NamedBitList); // remember to check type reference too
- if (Constraint.u.constraint.type) {
- assert((Constraint.u.constraint.type.length % 8) == 0);
- }
- }
- if (Constraint.u.constraint.encoding) {
- type == der-oid|ber-oid
- }
- */
- }
- ;
-
-
-Constraint : '(' ConstraintSpec ')'
- {
- $$ = $2;
- }
- ;
-
-ConstraintSpec : GeneralConstraint
- ;
-
-GeneralConstraint: ContentsConstraint
- | UserDefinedConstraint
- ;
-
-ContentsConstraint: kw_CONTAINING Type
- {
- $$ = new_constraint_spec(CT_CONTENTS);
- $$->u.content.type = $2;
- $$->u.content.encoding = NULL;
- }
- | kw_ENCODED kw_BY Value
- {
- if ($3->type != objectidentifiervalue)
- error_message("Non-OID used in ENCODED BY constraint");
- $$ = new_constraint_spec(CT_CONTENTS);
- $$->u.content.type = NULL;
- $$->u.content.encoding = $3;
- }
- | kw_CONTAINING Type kw_ENCODED kw_BY Value
- {
- if ($5->type != objectidentifiervalue)
- error_message("Non-OID used in ENCODED BY constraint");
- $$ = new_constraint_spec(CT_CONTENTS);
- $$->u.content.type = $2;
- $$->u.content.encoding = $5;
- }
- ;
-
-UserDefinedConstraint: kw_CONSTRAINED kw_BY '{' '}'
- {
- $$ = new_constraint_spec(CT_USER);
- }
- ;
-
-TaggedType : Tag tagenv Type
- {
- $$ = new_type(TTag);
- $$->tag = $1;
- $$->tag.tagenv = $2;
- if($3->type == TTag && $2 == TE_IMPLICIT) {
- $$->subtype = $3->subtype;
- free($3);
- } else
- $$->subtype = $3;
- }
- ;
-
-Tag : '[' Class NUMBER ']'
- {
- $$.tagclass = $2;
- $$.tagvalue = $3;
- $$.tagenv = TE_EXPLICIT;
- }
- ;
-
-Class : /* */
- {
- $$ = ASN1_C_CONTEXT;
- }
- | kw_UNIVERSAL
- {
- $$ = ASN1_C_UNIV;
- }
- | kw_APPLICATION
- {
- $$ = ASN1_C_APPL;
- }
- | kw_PRIVATE
- {
- $$ = ASN1_C_PRIVATE;
- }
- ;
-
-tagenv : /* */
- {
- $$ = TE_EXPLICIT;
- }
- | kw_EXPLICIT
- {
- $$ = TE_EXPLICIT;
- }
- | kw_IMPLICIT
- {
- $$ = TE_IMPLICIT;
- }
- ;
-
-
-ValueAssignment : IDENTIFIER Type EEQUAL Value
- {
- Symbol *s;
- s = addsym ($1);
-
- s->stype = SValue;
- s->value = $4;
- generate_constant (s);
- }
- ;
-
-CharacterStringType: RestrictedCharactedStringType
- ;
-
-RestrictedCharactedStringType: kw_GeneralString
- {
- $$ = new_tag(ASN1_C_UNIV, UT_GeneralString,
- TE_EXPLICIT, new_type(TGeneralString));
- }
- | kw_UTF8String
- {
- $$ = new_tag(ASN1_C_UNIV, UT_UTF8String,
- TE_EXPLICIT, new_type(TUTF8String));
- }
- | kw_PrintableString
- {
- $$ = new_tag(ASN1_C_UNIV, UT_PrintableString,
- TE_EXPLICIT, new_type(TPrintableString));
- }
- | kw_VisibleString
- {
- $$ = new_tag(ASN1_C_UNIV, UT_VisibleString,
- TE_EXPLICIT, new_type(TVisibleString));
- }
- | kw_IA5String
- {
- $$ = new_tag(ASN1_C_UNIV, UT_IA5String,
- TE_EXPLICIT, new_type(TIA5String));
- }
- | kw_BMPString
- {
- $$ = new_tag(ASN1_C_UNIV, UT_BMPString,
- TE_EXPLICIT, new_type(TBMPString));
- }
- | kw_UniversalString
- {
- $$ = new_tag(ASN1_C_UNIV, UT_UniversalString,
- TE_EXPLICIT, new_type(TUniversalString));
- }
-
- ;
-
-ComponentTypeList: ComponentType
- {
- $$ = emalloc(sizeof(*$$));
- ASN1_TAILQ_INIT($$);
- ASN1_TAILQ_INSERT_HEAD($$, $1, members);
- }
- | ComponentTypeList ',' ComponentType
- {
- ASN1_TAILQ_INSERT_TAIL($1, $3, members);
- $$ = $1;
- }
- | ComponentTypeList ',' ELLIPSIS
- {
- struct member *m = ecalloc(1, sizeof(*m));
- m->name = estrdup("...");
- m->gen_name = estrdup("asn1_ellipsis");
- m->ellipsis = 1;
- ASN1_TAILQ_INSERT_TAIL($1, m, members);
- $$ = $1;
- }
- ;
-
-NamedType : IDENTIFIER Type
- {
- $$ = emalloc(sizeof(*$$));
- $$->name = $1;
- $$->gen_name = estrdup($1);
- output_name ($$->gen_name);
- $$->type = $2;
- $$->ellipsis = 0;
- }
- ;
-
-ComponentType : NamedType
- {
- $$ = $1;
- $$->optional = 0;
- $$->defval = NULL;
- }
- | NamedType kw_OPTIONAL
- {
- $$ = $1;
- $$->optional = 1;
- $$->defval = NULL;
- }
- | NamedType kw_DEFAULT Value
- {
- $$ = $1;
- $$->optional = 0;
- $$->defval = $3;
- }
- ;
-
-NamedBitList : NamedBit
- {
- $$ = emalloc(sizeof(*$$));
- ASN1_TAILQ_INIT($$);
- ASN1_TAILQ_INSERT_HEAD($$, $1, members);
- }
- | NamedBitList ',' NamedBit
- {
- ASN1_TAILQ_INSERT_TAIL($1, $3, members);
- $$ = $1;
- }
- ;
-
-NamedBit : IDENTIFIER '(' NUMBER ')'
- {
- $$ = emalloc(sizeof(*$$));
- $$->name = $1;
- $$->gen_name = estrdup($1);
- output_name ($$->gen_name);
- $$->val = $3;
- $$->optional = 0;
- $$->ellipsis = 0;
- $$->type = NULL;
- }
- ;
-
-objid_opt : objid
- | /* empty */ { $$ = NULL; }
- ;
-
-objid : '{' objid_list '}'
- {
- $$ = $2;
- }
- ;
-
-objid_list : /* empty */
- {
- $$ = NULL;
- }
- | objid_element objid_list
- {
- if ($2) {
- $$ = $2;
- add_oid_to_tail($2, $1);
- } else {
- $$ = $1;
- }
- }
- ;
-
-objid_element : IDENTIFIER '(' NUMBER ')'
- {
- $$ = new_objid($1, $3);
- }
- | IDENTIFIER
- {
- Symbol *s = addsym($1);
- if(s->stype != SValue ||
- s->value->type != objectidentifiervalue) {
- error_message("%s is not an object identifier\n",
- s->name);
- exit(1);
- }
- $$ = s->value->u.objectidentifiervalue;
- }
- | NUMBER
- {
- $$ = new_objid(NULL, $1);
- }
- ;
-
-Value : BuiltinValue
- | ReferencedValue
- ;
-
-BuiltinValue : BooleanValue
- | CharacterStringValue
- | IntegerValue
- | ObjectIdentifierValue
- | NullValue
- ;
-
-ReferencedValue : DefinedValue
- ;
-
-DefinedValue : Valuereference
- ;
-
-Valuereference : IDENTIFIER
- {
- Symbol *s = addsym($1);
- if(s->stype != SValue)
- error_message ("%s is not a value\n",
- s->name);
- else
- $$ = s->value;
- }
- ;
-
-CharacterStringValue: STRING
- {
- $$ = emalloc(sizeof(*$$));
- $$->type = stringvalue;
- $$->u.stringvalue = $1;
- }
- ;
-
-BooleanValue : kw_TRUE
- {
- $$ = emalloc(sizeof(*$$));
- $$->type = booleanvalue;
- $$->u.booleanvalue = 0;
- }
- | kw_FALSE
- {
- $$ = emalloc(sizeof(*$$));
- $$->type = booleanvalue;
- $$->u.booleanvalue = 0;
- }
- ;
-
-IntegerValue : SignedNumber
- {
- $$ = emalloc(sizeof(*$$));
- $$->type = integervalue;
- $$->u.integervalue = $1;
- }
- ;
-
-SignedNumber : NUMBER
- ;
-
-NullValue : kw_NULL
- {
- }
- ;
-
-ObjectIdentifierValue: objid
- {
- $$ = emalloc(sizeof(*$$));
- $$->type = objectidentifiervalue;
- $$->u.objectidentifiervalue = $1;
- }
- ;
-
-%%
-
-void
-yyerror (const char *s)
-{
- error_message ("%s\n", s);
-}
-
-static Type *
-new_tag(int tagclass, int tagvalue, int tagenv, Type *oldtype)
-{
- Type *t;
- if(oldtype->type == TTag && oldtype->tag.tagenv == TE_IMPLICIT) {
- t = oldtype;
- oldtype = oldtype->subtype; /* XXX */
- } else
- t = new_type (TTag);
-
- t->tag.tagclass = tagclass;
- t->tag.tagvalue = tagvalue;
- t->tag.tagenv = tagenv;
- t->subtype = oldtype;
- return t;
-}
-
-static struct objid *
-new_objid(const char *label, int value)
-{
- struct objid *s;
- s = emalloc(sizeof(*s));
- s->label = label;
- s->value = value;
- s->next = NULL;
- return s;
-}
-
-static void
-add_oid_to_tail(struct objid *head, struct objid *tail)
-{
- struct objid *o;
- o = head;
- while (o->next)
- o = o->next;
- o->next = tail;
-}
-
-static Type *
-new_type (Typetype tt)
-{
- Type *t = ecalloc(1, sizeof(*t));
- t->type = tt;
- return t;
-}
-
-static struct constraint_spec *
-new_constraint_spec(enum ctype ct)
-{
- struct constraint_spec *c = ecalloc(1, sizeof(*c));
- c->ctype = ct;
- return c;
-}
-
-static void fix_labels2(Type *t, const char *prefix);
-static void fix_labels1(struct memhead *members, const char *prefix)
-{
- Member *m;
-
- if(members == NULL)
- return;
- ASN1_TAILQ_FOREACH(m, members, members) {
- asprintf(&m->label, "%s_%s", prefix, m->gen_name);
- if (m->label == NULL)
- errx(1, "malloc");
- if(m->type != NULL)
- fix_labels2(m->type, m->label);
- }
-}
-
-static void fix_labels2(Type *t, const char *prefix)
-{
- for(; t; t = t->subtype)
- fix_labels1(t->members, prefix);
-}
-
-static void
-fix_labels(Symbol *s)
-{
- char *p;
- asprintf(&p, "choice_%s", s->gen_name);
- if (p == NULL)
- errx(1, "malloc");
- fix_labels2(s->type, p);
- free(p);
-}
diff --git a/source4/heimdal/lib/asn1/pkcs12.asn1 b/source4/heimdal/lib/asn1/pkcs12.asn1
index 4d6454a08f..8b604c68d7 100644
--- a/source4/heimdal/lib/asn1/pkcs12.asn1
+++ b/source4/heimdal/lib/asn1/pkcs12.asn1
@@ -50,7 +50,7 @@ PKCS12-AuthenticatedSafe ::= SEQUENCE OF ContentInfo
PKCS12-Attribute ::= SEQUENCE {
attrId OBJECT IDENTIFIER,
- attrValues -- SET OF -- heim_any_set
+ attrValues -- SET OF -- heim_any_set
}
PKCS12-Attributes ::= SET OF PKCS12-Attribute
diff --git a/source4/heimdal/lib/asn1/pkcs8.asn1 b/source4/heimdal/lib/asn1/pkcs8.asn1
index 203d91eef8..45a7d715df 100644
--- a/source4/heimdal/lib/asn1/pkcs8.asn1
+++ b/source4/heimdal/lib/asn1/pkcs8.asn1
@@ -24,7 +24,7 @@ PKCS8EncryptedData ::= OCTET STRING
PKCS8EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm AlgorithmIdentifier,
- encryptedData PKCS8EncryptedData
+ encryptedData PKCS8EncryptedData
}
END
diff --git a/source4/heimdal/lib/asn1/pkinit.asn1 b/source4/heimdal/lib/asn1/pkinit.asn1
index 758af6f86e..f36ebf0b32 100644
--- a/source4/heimdal/lib/asn1/pkinit.asn1
+++ b/source4/heimdal/lib/asn1/pkinit.asn1
@@ -27,11 +27,11 @@ id-pkinit-san OBJECT IDENTIFIER ::=
x509-sanan(2) }
id-pkinit-ms-eku OBJECT IDENTIFIER ::=
- { iso(1) org(3) dod(6) internet(1) private(4)
+ { iso(1) org(3) dod(6) internet(1) private(4)
enterprise(1) microsoft(311) 20 2 2 }
id-pkinit-ms-san OBJECT IDENTIFIER ::=
- { iso(1) org(3) dod(6) internet(1) private(4)
+ { iso(1) org(3) dod(6) internet(1) private(4)
enterprise(1) microsoft(311) 20 2 3 }
MS-UPN-SAN ::= UTF8String
@@ -152,19 +152,18 @@ TrustedCA-Win2k ::= CHOICE {
issuerAndSerial [2] IssuerAndSerialNumber
}
-PA-PK-AS-REQ-Win2k ::= SEQUENCE {
- signed-auth-pack [0] IMPLICIT OCTET STRING,
- trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL,
- kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL,
+PA-PK-AS-REQ-Win2k ::= SEQUENCE {
+ signed-auth-pack [0] IMPLICIT OCTET STRING,
+ trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL,
+ kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL,
encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL
}
PA-PK-AS-REP-Win2k ::= CHOICE {
- dhSignedData [0] IMPLICIT OCTET STRING,
+ dhSignedData [0] IMPLICIT OCTET STRING,
encKeyPack [1] IMPLICIT OCTET STRING
}
-
KDCDHKeyInfo-Win2k ::= SEQUENCE {
nonce [0] INTEGER (-2147483648..2147483647),
subjectPublicKey [2] BIT STRING
@@ -176,12 +175,18 @@ ReplyKeyPack-Win2k ::= SEQUENCE {
...
}
-PkinitSP80056AOtherInfo ::= SEQUENCE {
- algorithmID AlgorithmIdentifier,
- partyUInfo [0] OCTET STRING,
- partyVInfo [1] OCTET STRING,
- suppPubInfo [2] OCTET STRING OPTIONAL,
- suppPrivInfo [3] OCTET STRING OPTIONAL
+PA-PK-AS-REP-BTMM ::= SEQUENCE {
+ dhSignedData [0] heim_any OPTIONAL,
+ encKeyPack [1] heim_any OPTIONAL
+}
+
+
+PkinitSP80056AOtherInfo ::= SEQUENCE {
+ algorithmID AlgorithmIdentifier,
+ partyUInfo [0] OCTET STRING,
+ partyVInfo [1] OCTET STRING,
+ suppPubInfo [2] OCTET STRING OPTIONAL,
+ suppPrivInfo [3] OCTET STRING OPTIONAL
}
PkinitSuppPubInfo ::= SEQUENCE {
diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1
index 8e24f0740b..51cac55cc0 100644
--- a/source4/heimdal/lib/asn1/rfc2459.asn1
+++ b/source4/heimdal/lib/asn1/rfc2459.asn1
@@ -6,7 +6,7 @@ RFC2459 DEFINITIONS ::= BEGIN
IMPORTS heim_any FROM heim;
Version ::= INTEGER {
- rfc3280_version_1(0),
+ rfc3280_version_1(0),
rfc3280_version_2(1),
rfc3280_version_3(2)
}
@@ -29,7 +29,7 @@ id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
-id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
+id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) us(840) rsadsi(113549) 2 }
id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
@@ -54,7 +54,7 @@ id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
id-nistAlgorithm OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
-
+
id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
@@ -72,9 +72,42 @@ id-dhpublicnumber OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) ansi-x942(10046)
number-type(2) 1 }
+-- ECC
+
+id-ecPublicKey OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
+
+id-ecDH OBJECT IDENTIFIER ::= {
+ iso(1) identified-organization(3) certicom(132) schemes(1)
+ ecdh(12) }
+
+id-ecMQV OBJECT IDENTIFIER ::= {
+ iso(1) identified-organization(3) certicom(132) schemes(1)
+ ecmqv(13) }
+
+id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
+ ecdsa-with-SHA2(3) 2 }
+
+id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
+
+-- some EC group ids
+
+id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
+ prime(1) 7 }
+
+id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
+ iso(1) identified-organization(3) certicom(132) 0 8 }
+
+id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
+ iso(1) identified-organization(3) certicom(132) 0 30 }
+
+-- DSA
+
id-x9-57 OBJECT IDENTIFIER ::= {
- iso(1) member-body(2) us(840) ansi-x942(10046)
- 4 }
+ iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
@@ -256,8 +289,8 @@ KeyIdentifier ::= OCTET STRING
AuthorityKeyIdentifier ::= SEQUENCE {
keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
- authorityCertIssuer [1] IMPLICIT -- GeneralName --
- SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
+ authorityCertIssuer [1] IMPLICIT -- GeneralName --
+ SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
}
@@ -269,7 +302,7 @@ id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
BasicConstraints ::= SEQUENCE {
cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
- pathLenConstraint INTEGER (0..4294967295) OPTIONAL
+ pathLenConstraint INTEGER (0..4294967295) OPTIONAL
}
id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
@@ -350,6 +383,21 @@ DSAParams ::= SEQUENCE {
g INTEGER
}
+-- draft-ietf-pkix-ecc-subpubkeyinfo-11
+
+ECPoint ::= OCTET STRING
+
+ECParameters ::= CHOICE {
+ namedCurve OBJECT IDENTIFIER
+ -- implicitCurve NULL
+ -- specifiedCurve SpecifiedECDomain
+}
+
+ECDSA-Sig-Value ::= SEQUENCE {
+ r INTEGER,
+ s INTEGER
+}
+
-- really pkcs1
RSAPublicKey ::= SEQUENCE {
@@ -382,7 +430,7 @@ DigestInfo ::= SEQUENCE {
-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
--- TemplateVersion ::= INTEGER (0..4294967295)
+-- TemplateVersion ::= INTEGER (0..4294967295)
-- CertificateTemplate ::= SEQUENCE {
-- templateID OBJECT IDENTIFIER,
@@ -393,7 +441,7 @@ DigestInfo ::= SEQUENCE {
--
-- CRL
---
+--
TBSCRLCertList ::= SEQUENCE {
version Version OPTIONAL, -- if present, MUST be v2
@@ -489,16 +537,16 @@ id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
--- Netscape extentions
-id-netscape OBJECT IDENTIFIER ::=
+id-netscape OBJECT IDENTIFIER ::=
{ joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
--- MS extentions
-id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
+id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
{ 1 3 6 1 4 1 311 20 2 }
-id-ms-client-authentication OBJECT IDENTIFIER ::=
+id-ms-client-authentication OBJECT IDENTIFIER ::=
{ 1 3 6 1 5 5 7 3 2 }
-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
diff --git a/source4/heimdal/lib/asn1/test.asn1 b/source4/heimdal/lib/asn1/test.asn1
index d07bba6185..f6237b85b8 100644
--- a/source4/heimdal/lib/asn1/test.asn1
+++ b/source4/heimdal/lib/asn1/test.asn1
@@ -20,12 +20,12 @@ TESTSeq ::= SEQUENCE {
TESTChoice1 ::= CHOICE {
i1[1] INTEGER (-2147483648..2147483647),
i2[2] INTEGER (-2147483648..2147483647),
- ...
+ ...
}
TESTChoice2 ::= CHOICE {
i1[1] INTEGER (-2147483648..2147483647),
- ...
+ ...
}
TESTInteger ::= INTEGER (-2147483648..2147483647)
@@ -35,7 +35,7 @@ TESTInteger3 ::= [5] IMPLICIT TESTInteger2
TESTImplicit ::= SEQUENCE {
ti1[0] IMPLICIT INTEGER (-2147483648..2147483647),
- ti2[1] IMPLICIT SEQUENCE {
+ ti2[1] IMPLICIT SEQUENCE {
foo[127] INTEGER (-2147483648..2147483647)
},
ti3[2] IMPLICIT [5] IMPLICIT [4] IMPLICIT INTEGER (-2147483648..2147483647)
@@ -59,19 +59,19 @@ TESTAlloc ::= SEQUENCE {
TESTCONTAINING ::= OCTET STRING ( CONTAINING INTEGER )
-TESTENCODEDBY ::= OCTET STRING ( ENCODED BY
+TESTENCODEDBY ::= OCTET STRING ( ENCODED BY
{ joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
)
-TESTDer OBJECT IDENTIFIER ::= {
+TESTDer OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1)
}
-TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY
+TESTCONTAININGENCODEDBY ::= OCTET STRING ( CONTAINING INTEGER ENCODED BY
{ joint-iso-itu-t(2) asn(1) ber-derived(2) distinguished-encoding(1) }
)
-TESTCONTAININGENCODEDBY2 ::= OCTET STRING (
+TESTCONTAININGENCODEDBY2 ::= OCTET STRING (
CONTAINING INTEGER ENCODED BY TESTDer
)