tor-browser

DottedOIDToCode.py (8001B)

---

# This code is made available to you under your choice of the following sets
# of licensing terms:
###############################################################################
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
###############################################################################
# Copyright 2013 Mozilla Contributors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from __future__ import print_function
import argparse
import itertools
import sys


def base128(value):
   """
   Given an integral value, returns an array of the base-128 representation
   of that value, with all but the last byte having the high bit set as
   required by the DER rules for the nodes of an OID after the first two
   bytes.

   >>> base128(1)
   [1]
   >>> base128(10045)
   [206, 61]
   """

   if value < 0:
       raise ValueError("An OID must have only positive-value nodes.")

   # least significant byte has highest bit unset
   result = [value % 0x80]
   value = value // 0x80

   while value != 0:
       result = [0x80 | (value % 0x80)] + result
       value = value // 0x80

   return result


def dottedOIDToEncodedArray(dottedOID):
   """
   Takes a dotted OID string (e.g. '1.2.840.10045.4.3.4') as input, and
   returns an array that contains the DER encoding of its value, without
   the tag and length (e.g. [0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04]).
   """
   nodes = [int(x) for x in dottedOID.strip().split(".")]
   if len(nodes) < 2:
       raise ValueError("An OID must have at least two nodes.")
   if not (0 <= nodes[0] <= 2):
       raise ValueError("The first node of an OID must be 0, 1, or 2.")
   if not (0 <= nodes[1] <= 39):
       # XXX: Does this restriction apply when the first part is 2?
       raise ValueError("The second node of an OID must be 0-39.")
   firstByte = (40 * nodes[0]) + nodes[1]
   restBase128 = [base128(x) for x in nodes[2:]]
   return [firstByte] + list(itertools.chain.from_iterable(restBase128))


def dottedOIDToCArray(dottedOID, mode):
   """
   Takes a dotted OID string (e.g. '1.2.840.10045.4.3.4') as input, and
   returns a string that contains the hex encoding of the OID in C++ literal
   notation, e.g. '0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04'.
   """
   bytes = dottedOIDToEncodedArray(dottedOID)

   if mode != "value" and mode != "prefixdefine":
       bytes = [0x06, len(bytes)] + bytes

   if mode == "alg":
       # Wrap the DER-encoded OID in a SEQUENCE to create an
       # AlgorithmIdentifier with no parameters.
       bytes = [0x30, len(bytes)] + bytes

   return ", ".join(["0x%.2x" % b for b in bytes])


def specNameToCName(specName):
   """
   Given an string containing an ASN.1 name, returns a string that is a valid
   C++ identifier that is as similar to that name as possible. Since most
   ASN.1 identifiers used in PKIX specifications are legal C++ names except
   for containing hyphens, this function just converts the hyphens to
   underscores. This may need to be improved in the future if we encounter
   names with other funny characters.
   """
   return specName.replace("-", "_")


def toCode(programName, specName, dottedOID, mode):
   """
   Given an ASN.1 name and a string containing the dotted representation of an
   OID, returns a string that contains a C++ declaration for a named constant
   that contains that OID value. If mode is "value" then only the value of
   the OID (without the tag or length) will be included in the output. If mode
   is "tlv" then the value will be prefixed with the tag and length. If mode
   is "alg" then the value will be a complete der-encoded AlgorithmIdentifier
   with no parameters.

   This:

       toCode("DottedOIDToCode.py", "ecdsa-with-SHA512", "1.2.840.10045.4.3.4",
              "value")

   would result in a string like:

       // python DottedOIDToCode.py ecdsa-with-SHA512 1.2.840.10045.4.3.4
       static const uint8_t ecdsa_with_SHA512[] = {
         0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04
       };

   This:

       toCode("DottedOIDToCode.py", "ecdsa-with-SHA512", "1.2.840.10045.4.3.4",
              "tlv")

   would result in a string like:

       // python DottedOIDToCode.py --tlv ecdsa-with-SHA512 1.2.840.10045.4.3.4
       static const uint8_t tlv_ecdsa_with_SHA512[] = {
         0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04
       };

   This:

       toCode("DottedOIDToCode.py", "ecdsa-with-SHA512", "1.2.840.10045.4.3.4",
              "alg")

   would result in a string like:

       // python DottedOIDToCode.py --alg ecdsa-with-SHA512 1.2.840.10045.4.3.4
       static const uint8_t alg_ecdsa_with_SHA512[] = {
         0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04
       };

   This:

       toCode("DottedOIDToCode.py", "PREFIX_1_2_840_10045", "1.2.840.10045",
              "prefixdefine")

   would result in a string like this (note the lack of indention):

     // python DottedOIDToCode.py --prefixdefine PREFIX_1_2_840_10045 1.2.840.10045
     #define PREFIX_1_2_840_10045 0x2a, 0x86, 0x48, 0xce, 0x3d
   """
   programNameWithOptions = programName

   if mode == "prefixdefine":
       programNameWithOptions += " --prefixdefine"
       varName = specName
       return ("// python %s %s %s\n" +
               "#define %s %s\n") % (programNameWithOptions, specName,
                                     dottedOID, varName,
                                     dottedOIDToCArray(dottedOID, mode))

   varName = specNameToCName(specName)
   if mode == "tlv":
       programNameWithOptions += " --tlv"
       varName = "tlv_" + varName
   elif mode == "alg":
       programNameWithOptions += " --alg"
       varName = "alg_" + varName
   elif mode == "prefixdefine":
       programNameWithOptions += " --alg"
       varName = varName

   return ("  // python %s %s %s\n" +
           "  static const uint8_t %s[] = {\n" +
           "    %s\n" +
           "  };\n") % (programNameWithOptions, specName, dottedOID, varName,
                        dottedOIDToCArray(dottedOID, mode))


if __name__ == "__main__":
   parser = argparse.ArgumentParser(
       description="Generate code snippets to handle OIDs in C++",
       epilog="example: python %s ecdsa-with-SHA1 1.2.840.10045.4.1"
       % sys.argv[0])
   group = parser.add_mutually_exclusive_group()
   group.add_argument("--tlv", action='store_true',
                      help="Wrap the encoded OID value with the tag and length")
   group.add_argument("--alg", action='store_true',
                      help="Wrap the encoded OID value in an encoded SignatureAlgorithm")
   group.add_argument("--prefixdefine", action='store_true',
                      help="generate a OID prefix #define")
   parser.add_argument("name",
                       help="The name given to the OID in the specification")
   parser.add_argument("dottedOID", metavar="dotted-oid",
                       help="The OID value, in dotted notation")

   args = parser.parse_args()
   if args.alg:
       mode = 'alg'
   elif args.tlv:
       mode = 'tlv'
   elif args.prefixdefine:
       mode = 'prefixdefine'
   else:
       mode = 'value'

   print(toCode(sys.argv[0], args.name, args.dottedOID, mode))