From 54471d4c2c4050760c6cebff74f8d5c69d267b90 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 4 Oct 2010 14:41:01 -0400 Subject: [PATCH 038/150] - move the OID registrations and data to be near the top --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 219 ++++++++++++------------ 1 files changed, 110 insertions(+), 109 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index f862301..9d7df51 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -58,7 +58,6 @@ static krb5_error_code cert_retrieve_cert_sans(krb5_context context, krb5_principal **upn_sans, unsigned char ***kdc_hostname); static int cert_load_default_identity(pkinit_identity_crypto_context id); -static SECItem *get_oid_from_tag(SECOidTag tag); /* Plugin and request state. */ struct _pkinit_plg_crypto_context { @@ -233,6 +232,116 @@ issuer_and_serial_number_template[] = { { 0, 0, NULL, 0}, }; +/* OIDs. */ +static unsigned char oid_pkinit_key_purpose_client_bytes[] = + {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x04}; +static SECItem pkinit_kp_client = { + .data = oid_pkinit_key_purpose_client_bytes, + .len = 7, +}; +static unsigned char oid_pkinit_key_purpose_kdc_bytes[] = + {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x05}; +static SECItem pkinit_kp_kdc = { + .data = oid_pkinit_key_purpose_kdc_bytes, + .len = 7, +}; +static unsigned char oid_ms_sc_login_key_purpose_bytes[] = + {0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x02}; +static SECItem pkinit_kp_mssclogin = { + .data = oid_ms_sc_login_key_purpose_bytes, + .len = 10, +}; +static unsigned char oid_pkinit_name_type_principal_bytes[] = + {0x2b, 0x06, 0x01, 0x05, 0x02, 0x02}; +static SECItem pkinit_nt_principal = { + .data = oid_pkinit_name_type_principal_bytes, + .len = 6, +}; +static unsigned char oid_pkinit_name_type_upn_bytes[] = + {0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x03}; +static SECItem pkinit_nt_upn = { + .data = oid_pkinit_name_type_upn_bytes, + .len = 10, +}; +static unsigned char oid_pkinit_auth_data_bytes[] = + {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x01}; +static const SECOidData +oid_pkinit_auth_data = { + .oid = { + .data = oid_pkinit_auth_data_bytes, + .len = 7, + }, + .offset = 0, + .desc = "PKINIT Authentication Data", + .mechanism = CKM_INVALID_MECHANISM, + .supportedExtension = UNSUPPORTED_CERT_EXTENSION, +}; +static const SECOidTag +get_pkinit_data_auth_data_tag(void) +{ + static SECOidTag tag = 0; + if (tag == 0) { + tag = SECOID_AddEntry(&oid_pkinit_auth_data); + } + return tag; +} +static unsigned char oid_pkinit_rkey_data_bytes[] = + {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x03}; +static const SECOidData +oid_pkinit_rkey_data = { + .oid = { + .data = oid_pkinit_rkey_data_bytes, + .len = 7, + }, + .offset = 0, + .desc = "PKINIT Reply Key Data", + .mechanism = CKM_INVALID_MECHANISM, + .supportedExtension = UNSUPPORTED_CERT_EXTENSION, +}; +static const SECOidTag +get_pkinit_data_rkey_data_tag(void) +{ + static SECOidTag tag = 0; + if (tag == 0) { + tag = SECOID_AddEntry(&oid_pkinit_rkey_data); + } + return tag; +} +static unsigned char oid_pkinit_dhkey_data_bytes[] = + {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x02}; +static const SECOidData +oid_pkinit_dhkey_data = { + .oid = { + .data = oid_pkinit_dhkey_data_bytes, + .len = 7, + }, + .offset = 0, + .desc = "PKINIT DH Reply Key Data", + .mechanism = CKM_INVALID_MECHANISM, + .supportedExtension = UNSUPPORTED_CERT_EXTENSION, +}; +static const SECOidTag +get_pkinit_data_dhkey_data_tag(void) +{ + static SECOidTag tag = 0; + if (tag == 0) { + tag = SECOID_AddEntry(&oid_pkinit_dhkey_data); + } + return tag; +} + +static SECItem * +get_oid_from_tag(SECOidTag tag) +{ + SECOidData *data; + data = SECOID_FindOIDByTag(tag); + if (data != NULL) { + return &data->oid; + } else { + return NULL; + } +} + krb5_error_code pkinit_init_identity_crypto(pkinit_identity_crypto_context *id_cryptoctx) { @@ -1509,36 +1618,6 @@ cert_get_ku_bits(krb5_context context, CERTCertificate *cert) } return ku; } -static unsigned char oid_pkinit_key_purpose_client_bytes[] = - {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x04}; -static SECItem pkinit_kp_client = { - .data = oid_pkinit_key_purpose_client_bytes, - .len = 7, -}; -static unsigned char oid_pkinit_key_purpose_kdc_bytes[] = - {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x05}; -static SECItem pkinit_kp_kdc = { - .data = oid_pkinit_key_purpose_kdc_bytes, - .len = 7, -}; -static unsigned char oid_ms_sc_login_key_purpose_bytes[] = - {0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x02}; -static SECItem pkinit_kp_mssclogin = { - .data = oid_ms_sc_login_key_purpose_bytes, - .len = 10, -}; -static unsigned char oid_pkinit_name_type_principal_bytes[] = - {0x2b, 0x06, 0x01, 0x05, 0x02, 0x02}; -static SECItem pkinit_nt_principal = { - .data = oid_pkinit_name_type_principal_bytes, - .len = 6, -}; -static unsigned char oid_pkinit_name_type_upn_bytes[] = - {0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x03}; -static SECItem pkinit_nt_upn = { - .data = oid_pkinit_name_type_upn_bytes, - .len = 10, -}; static unsigned int cert_get_eku_bits(krb5_context context, CERTCertificate *cert, int kdc) @@ -2348,84 +2427,6 @@ crypto_check_cert_eku(krb5_context context, return 0; } -static unsigned char oid_pkinit_auth_data_bytes[] = - {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x01}; -static const SECOidData -oid_pkinit_auth_data = { - .oid = { - .data = oid_pkinit_auth_data_bytes, - .len = 7, - }, - .offset = 0, - .desc = "PKINIT Authentication Data", - .mechanism = CKM_INVALID_MECHANISM, - .supportedExtension = UNSUPPORTED_CERT_EXTENSION, -}; -static const SECOidTag -get_pkinit_data_auth_data_tag(void) -{ - static SECOidTag tag = 0; - if (tag == 0) { - tag = SECOID_AddEntry(&oid_pkinit_auth_data); - } - return tag; -} -static unsigned char oid_pkinit_rkey_data_bytes[] = - {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x03}; -static const SECOidData -oid_pkinit_rkey_data = { - .oid = { - .data = oid_pkinit_rkey_data_bytes, - .len = 7, - }, - .offset = 0, - .desc = "PKINIT Reply Key Data", - .mechanism = CKM_INVALID_MECHANISM, - .supportedExtension = UNSUPPORTED_CERT_EXTENSION, -}; -static const SECOidTag -get_pkinit_data_rkey_data_tag(void) -{ - static SECOidTag tag = 0; - if (tag == 0) { - tag = SECOID_AddEntry(&oid_pkinit_rkey_data); - } - return tag; -} -static unsigned char oid_pkinit_dhkey_data_bytes[] = - {0x2b, 0x06, 0x01, 0x05, 0x02, 0x03, 0x02}; -static const SECOidData -oid_pkinit_dhkey_data = { - .oid = { - .data = oid_pkinit_dhkey_data_bytes, - .len = 7, - }, - .offset = 0, - .desc = "PKINIT DH Reply Key Data", - .mechanism = CKM_INVALID_MECHANISM, - .supportedExtension = UNSUPPORTED_CERT_EXTENSION, -}; -static const SECOidTag -get_pkinit_data_dhkey_data_tag(void) -{ - static SECOidTag tag = 0; - if (tag == 0) { - tag = SECOID_AddEntry(&oid_pkinit_dhkey_data); - } - return tag; -} -static SECItem * -get_oid_from_tag(SECOidTag tag) -{ - SECOidData *data; - data = SECOID_FindOIDByTag(tag); - if (data != NULL) { - return &data->oid; - } else { - return NULL; - } -} - #ifdef DEBUG_DER static void derdump(unsigned char *data, unsigned int length) -- 1.7.6.4