From e8ad8b9987efdbac4116567e685e6fd8ec28ef48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 2 May 2024 11:56:40 +0200 Subject: crypto: Remove 'crypto-tls-x509-helpers.h' from crypto-tls-psk-helpers.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit crypto-tls-psk-helpers.c doesn't access the declarations of "crypto-tls-x509-helpers.h", remove the include line to avoid when building with GNUTLS but without Libtasn1: In file included from tests/unit/crypto-tls-psk-helpers.c:23: tests/unit/crypto-tls-x509-helpers.h:26:10: fatal error: libtasn1.h: No such file or directory 26 | #include | ^~~~~~~~~~~~ compilation terminated. Fixes: e1a6dc91dd ("crypto: Implement TLS Pre-Shared Keys (PSK).") Suggested-by: Daniel P. Berrangé Reviewed-by: Daniel P. Berrangé Signed-off-by: Philippe Mathieu-Daudé Signed-off-by: Daniel P. Berrangé --- tests/unit/crypto-tls-psk-helpers.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/unit/crypto-tls-psk-helpers.c b/tests/unit/crypto-tls-psk-helpers.c index c6cc740772..36527fd655 100644 --- a/tests/unit/crypto-tls-psk-helpers.c +++ b/tests/unit/crypto-tls-psk-helpers.c @@ -20,7 +20,6 @@ #include "qemu/osdep.h" -#include "crypto-tls-x509-helpers.h" #include "crypto-tls-psk-helpers.h" #include "qemu/sockets.h" -- cgit v1.2.3 From 0e9bb8ad4d907d28aea8336d43ae990d87b1c834 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 2 May 2024 11:56:41 +0200 Subject: crypto: Restrict pkix_asn1_tab[] to crypto-tls-x509-helpers.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit pkix_asn1_tab[] is only accessed by crypto-tls-x509-helpers.c, rename pkix_asn1_tab.c as pkix_asn1_tab.c.inc and include it once. Reviewed-by: Daniel P. Berrangé Signed-off-by: Philippe Mathieu-Daudé [berrange: updated MAINTAINERS for changed filename] Signed-off-by: Daniel P. Berrangé --- MAINTAINERS | 2 +- tests/qtest/meson.build | 3 +- tests/unit/crypto-tls-x509-helpers.c | 6 +- tests/unit/crypto-tls-x509-helpers.h | 3 - tests/unit/meson.build | 6 +- tests/unit/pkix_asn1_tab.c | 1105 ---------------------------------- tests/unit/pkix_asn1_tab.c.inc | 1102 +++++++++++++++++++++++++++++++++ 7 files changed, 1112 insertions(+), 1115 deletions(-) delete mode 100644 tests/unit/pkix_asn1_tab.c create mode 100644 tests/unit/pkix_asn1_tab.c.inc diff --git a/MAINTAINERS b/MAINTAINERS index dd01288992..73040829b1 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3484,7 +3484,7 @@ F: qapi/crypto.json F: tests/unit/test-crypto-* F: tests/bench/benchmark-crypto-* F: tests/unit/crypto-tls-* -F: tests/unit/pkix_asn1_tab.c +F: tests/unit/pkix_asn1_tab.c.inc F: qemu.sasl Coroutines diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index ff9200f882..e7ab2a4312 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -322,8 +322,7 @@ if gnutls.found() migration_files += [files('../unit/crypto-tls-psk-helpers.c'), gnutls] if tasn1.found() - migration_files += [files('../unit/crypto-tls-x509-helpers.c', - '../unit/pkix_asn1_tab.c'), tasn1] + migration_files += [files('../unit/crypto-tls-x509-helpers.c'), tasn1] endif endif diff --git a/tests/unit/crypto-tls-x509-helpers.c b/tests/unit/crypto-tls-x509-helpers.c index e9937f60d8..3e74ec5b5d 100644 --- a/tests/unit/crypto-tls-x509-helpers.c +++ b/tests/unit/crypto-tls-x509-helpers.c @@ -20,15 +20,19 @@ #include "qemu/osdep.h" +#include + #include "crypto-tls-x509-helpers.h" #include "crypto/init.h" #include "qemu/sockets.h" +#include "pkix_asn1_tab.c.inc" + /* * This stores some static data that is needed when * encoding extensions in the x509 certs */ -asn1_node pkix_asn1; +static asn1_node pkix_asn1; /* * To avoid consuming random entropy to generate keys, diff --git a/tests/unit/crypto-tls-x509-helpers.h b/tests/unit/crypto-tls-x509-helpers.h index 247e7160eb..562c160653 100644 --- a/tests/unit/crypto-tls-x509-helpers.h +++ b/tests/unit/crypto-tls-x509-helpers.h @@ -23,7 +23,6 @@ #include #include -#include #define QCRYPTO_TLS_TEST_CLIENT_NAME "ACME QEMU Client" @@ -171,6 +170,4 @@ void test_tls_cleanup(const char *keyfile); }; \ test_tls_generate_cert(&varname, cavarname.crt) -extern const asn1_static_node pkix_asn1_tab[]; - #endif diff --git a/tests/unit/meson.build b/tests/unit/meson.build index 26c109c968..490ab8182d 100644 --- a/tests/unit/meson.build +++ b/tests/unit/meson.build @@ -99,11 +99,11 @@ if have_block tasn1.found() and \ host_os != 'windows' tests += { - 'test-crypto-tlscredsx509': ['crypto-tls-x509-helpers.c', 'pkix_asn1_tab.c', + 'test-crypto-tlscredsx509': ['crypto-tls-x509-helpers.c', tasn1, crypto, gnutls], - 'test-crypto-tlssession': ['crypto-tls-x509-helpers.c', 'pkix_asn1_tab.c', 'crypto-tls-psk-helpers.c', + 'test-crypto-tlssession': ['crypto-tls-x509-helpers.c', 'crypto-tls-psk-helpers.c', tasn1, crypto, gnutls], - 'test-io-channel-tls': ['io-channel-helpers.c', 'crypto-tls-x509-helpers.c', 'pkix_asn1_tab.c', + 'test-io-channel-tls': ['io-channel-helpers.c', 'crypto-tls-x509-helpers.c', tasn1, io, crypto, gnutls]} endif if pam.found() diff --git a/tests/unit/pkix_asn1_tab.c b/tests/unit/pkix_asn1_tab.c deleted file mode 100644 index 89521408a1..0000000000 --- a/tests/unit/pkix_asn1_tab.c +++ /dev/null @@ -1,1105 +0,0 @@ -/* - * This file is taken from gnutls 1.6.3 under the GPLv2+ - * and is under copyright of various GNUTLS contributors. - */ - -#include "qemu/osdep.h" -#include "crypto-tls-x509-helpers.h" - -const asn1_static_node pkix_asn1_tab[] = { - {"PKIX1", 536875024, 0}, - {0, 1073741836, 0}, - {"id-ce", 1879048204, 0}, - {"joint-iso-ccitt", 1073741825, "2"}, - {"ds", 1073741825, "5"}, - {0, 1, "29"}, - {"id-ce-authorityKeyIdentifier", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "35"}, - {"AuthorityKeyIdentifier", 1610612741, 0}, - {"keyIdentifier", 1610637314, "KeyIdentifier"}, - {0, 4104, "0"}, - {"authorityCertIssuer", 1610637314, "GeneralNames"}, - {0, 4104, "1"}, - {"authorityCertSerialNumber", 536895490, "CertificateSerialNumber"}, - {0, 4104, "2"}, - {"KeyIdentifier", 1073741831, 0}, - {"id-ce-subjectKeyIdentifier", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "14"}, - {"SubjectKeyIdentifier", 1073741826, "KeyIdentifier"}, - {"id-ce-keyUsage", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "15"}, - {"KeyUsage", 1610874886, 0}, - {"digitalSignature", 1073741825, "0"}, - {"nonRepudiation", 1073741825, "1"}, - {"keyEncipherment", 1073741825, "2"}, - {"dataEncipherment", 1073741825, "3"}, - {"keyAgreement", 1073741825, "4"}, - {"keyCertSign", 1073741825, "5"}, - {"cRLSign", 1073741825, "6"}, - {"encipherOnly", 1073741825, "7"}, - {"decipherOnly", 1, "8"}, - {"id-ce-privateKeyUsagePeriod", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "16"}, - {"PrivateKeyUsagePeriod", 1610612741, 0}, - {"notBefore", 1619025937, 0}, - {0, 4104, "0"}, - {"notAfter", 545284113, 0}, - {0, 4104, "1"}, - {"id-ce-certificatePolicies", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "32"}, - {"CertificatePolicies", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "PolicyInformation"}, - {"PolicyInformation", 1610612741, 0}, - {"policyIdentifier", 1073741826, "CertPolicyId"}, - {"policyQualifiers", 538984459, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "PolicyQualifierInfo"}, - {"CertPolicyId", 1073741836, 0}, - {"PolicyQualifierInfo", 1610612741, 0}, - {"policyQualifierId", 1073741826, "PolicyQualifierId"}, - {"qualifier", 541065229, 0}, - {"policyQualifierId", 1, 0}, - {"PolicyQualifierId", 1073741836, 0}, - {"CPSuri", 1073741826, "IA5String"}, - {"UserNotice", 1610612741, 0}, - {"noticeRef", 1073758210, "NoticeReference"}, - {"explicitText", 16386, "DisplayText"}, - {"NoticeReference", 1610612741, 0}, - {"organization", 1073741826, "DisplayText"}, - {"noticeNumbers", 536870923, 0}, - {0, 3, 0}, - {"DisplayText", 1610612754, 0}, - {"visibleString", 1612709890, "VisibleString"}, - {"200", 524298, "1"}, - {"bmpString", 1612709890, "BMPString"}, - {"200", 524298, "1"}, - {"utf8String", 538968066, "UTF8String"}, - {"200", 524298, "1"}, - {"id-ce-policyMappings", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "33"}, - {"PolicyMappings", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 536870917, 0}, - {"issuerDomainPolicy", 1073741826, "CertPolicyId"}, - {"subjectDomainPolicy", 2, "CertPolicyId"}, - {"DirectoryString", 1610612754, 0}, - {"teletexString", 1612709890, "TeletexString"}, - {"MAX", 524298, "1"}, - {"printableString", 1612709890, "PrintableString"}, - {"MAX", 524298, "1"}, - {"universalString", 1612709890, "UniversalString"}, - {"MAX", 524298, "1"}, - {"utf8String", 1612709890, "UTF8String"}, - {"MAX", 524298, "1"}, - {"bmpString", 1612709890, "BMPString"}, - {"MAX", 524298, "1"}, - {"ia5String", 538968066, "IA5String"}, - {"MAX", 524298, "1"}, - {"id-ce-subjectAltName", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "17"}, - {"SubjectAltName", 1073741826, "GeneralNames"}, - {"GeneralNames", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "GeneralName"}, - {"GeneralName", 1610612754, 0}, - {"otherName", 1610620930, "AnotherName"}, - {0, 4104, "0"}, - {"rfc822Name", 1610620930, "IA5String"}, - {0, 4104, "1"}, - {"dNSName", 1610620930, "IA5String"}, - {0, 4104, "2"}, - {"x400Address", 1610620930, "ORAddress"}, - {0, 4104, "3"}, - {"directoryName", 1610620930, "RDNSequence"}, - {0, 2056, "4"}, - {"ediPartyName", 1610620930, "EDIPartyName"}, - {0, 4104, "5"}, - {"uniformResourceIdentifier", 1610620930, "IA5String"}, - {0, 4104, "6"}, - {"iPAddress", 1610620935, 0}, - {0, 4104, "7"}, - {"registeredID", 536879116, 0}, - {0, 4104, "8"}, - {"AnotherName", 1610612741, 0}, - {"type-id", 1073741836, 0}, - {"value", 541073421, 0}, - {0, 1073743880, "0"}, - {"type-id", 1, 0}, - {"EDIPartyName", 1610612741, 0}, - {"nameAssigner", 1610637314, "DirectoryString"}, - {0, 4104, "0"}, - {"partyName", 536879106, "DirectoryString"}, - {0, 4104, "1"}, - {"id-ce-issuerAltName", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "18"}, - {"IssuerAltName", 1073741826, "GeneralNames"}, - {"id-ce-subjectDirectoryAttributes", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "9"}, - {"SubjectDirectoryAttributes", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "Attribute"}, - {"id-ce-basicConstraints", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "19"}, - {"BasicConstraints", 1610612741, 0}, - {"cA", 1610645508, 0}, - {0, 131081, 0}, - {"pathLenConstraint", 537411587, 0}, - {"0", 10, "MAX"}, - {"id-ce-nameConstraints", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "30"}, - {"NameConstraints", 1610612741, 0}, - {"permittedSubtrees", 1610637314, "GeneralSubtrees"}, - {0, 4104, "0"}, - {"excludedSubtrees", 536895490, "GeneralSubtrees"}, - {0, 4104, "1"}, - {"GeneralSubtrees", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "GeneralSubtree"}, - {"GeneralSubtree", 1610612741, 0}, - {"base", 1073741826, "GeneralName"}, - {"minimum", 1610653698, "BaseDistance"}, - {0, 1073741833, "0"}, - {0, 4104, "0"}, - {"maximum", 536895490, "BaseDistance"}, - {0, 4104, "1"}, - {"BaseDistance", 1611137027, 0}, - {"0", 10, "MAX"}, - {"id-ce-policyConstraints", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "36"}, - {"PolicyConstraints", 1610612741, 0}, - {"requireExplicitPolicy", 1610637314, "SkipCerts"}, - {0, 4104, "0"}, - {"inhibitPolicyMapping", 536895490, "SkipCerts"}, - {0, 4104, "1"}, - {"SkipCerts", 1611137027, 0}, - {"0", 10, "MAX"}, - {"id-ce-cRLDistributionPoints", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "31"}, - {"CRLDistributionPoints", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "DistributionPoint"}, - {"DistributionPoint", 1610612741, 0}, - {"distributionPoint", 1610637314, "DistributionPointName"}, - {0, 2056, "0"}, - {"reasons", 1610637314, "ReasonFlags"}, - {0, 4104, "1"}, - {"cRLIssuer", 536895490, "GeneralNames"}, - {0, 4104, "2"}, - {"DistributionPointName", 1610612754, 0}, - {"fullName", 1610620930, "GeneralNames"}, - {0, 4104, "0"}, - {"nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"}, - {0, 4104, "1"}, - {"ReasonFlags", 1610874886, 0}, - {"unused", 1073741825, "0"}, - {"keyCompromise", 1073741825, "1"}, - {"cACompromise", 1073741825, "2"}, - {"affiliationChanged", 1073741825, "3"}, - {"superseded", 1073741825, "4"}, - {"cessationOfOperation", 1073741825, "5"}, - {"certificateHold", 1073741825, "6"}, - {"privilegeWithdrawn", 1073741825, "7"}, - {"aACompromise", 1, "8"}, - {"id-ce-extKeyUsage", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "37"}, - {"ExtKeyUsageSyntax", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "KeyPurposeId"}, - {"KeyPurposeId", 1073741836, 0}, - {"id-kp-serverAuth", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "1"}, - {"id-kp-clientAuth", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "2"}, - {"id-kp-codeSigning", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "3"}, - {"id-kp-emailProtection", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "4"}, - {"id-kp-ipsecEndSystem", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "5"}, - {"id-kp-ipsecTunnel", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "6"}, - {"id-kp-ipsecUser", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "7"}, - {"id-kp-timeStamping", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "8"}, - {"id-pe-authorityInfoAccess", 1879048204, 0}, - {0, 1073741825, "id-pe"}, - {0, 1, "1"}, - {"AuthorityInfoAccessSyntax", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "AccessDescription"}, - {"AccessDescription", 1610612741, 0}, - {"accessMethod", 1073741836, 0}, - {"accessLocation", 2, "GeneralName"}, - {"id-ce-cRLNumber", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "20"}, - {"CRLNumber", 1611137027, 0}, - {"0", 10, "MAX"}, - {"id-ce-issuingDistributionPoint", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "28"}, - {"IssuingDistributionPoint", 1610612741, 0}, - {"distributionPoint", 1610637314, "DistributionPointName"}, - {0, 4104, "0"}, - {"onlyContainsUserCerts", 1610653700, 0}, - {0, 1073872905, 0}, - {0, 4104, "1"}, - {"onlyContainsCACerts", 1610653700, 0}, - {0, 1073872905, 0}, - {0, 4104, "2"}, - {"onlySomeReasons", 1610637314, "ReasonFlags"}, - {0, 4104, "3"}, - {"indirectCRL", 536911876, 0}, - {0, 1073872905, 0}, - {0, 4104, "4"}, - {"id-ce-deltaCRLIndicator", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "27"}, - {"BaseCRLNumber", 1073741826, "CRLNumber"}, - {"id-ce-cRLReasons", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "21"}, - {"CRLReason", 1610874901, 0}, - {"unspecified", 1073741825, "0"}, - {"keyCompromise", 1073741825, "1"}, - {"cACompromise", 1073741825, "2"}, - {"affiliationChanged", 1073741825, "3"}, - {"superseded", 1073741825, "4"}, - {"cessationOfOperation", 1073741825, "5"}, - {"certificateHold", 1073741825, "6"}, - {"removeFromCRL", 1, "8"}, - {"id-ce-certificateIssuer", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "29"}, - {"CertificateIssuer", 1073741826, "GeneralNames"}, - {"id-ce-holdInstructionCode", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "23"}, - {"HoldInstructionCode", 1073741836, 0}, - {"holdInstruction", 1879048204, 0}, - {"joint-iso-itu-t", 1073741825, "2"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"x9cm", 1073741825, "10040"}, - {0, 1, "2"}, - {"id-holdinstruction-none", 1879048204, 0}, - {0, 1073741825, "holdInstruction"}, - {0, 1, "1"}, - {"id-holdinstruction-callissuer", 1879048204, 0}, - {0, 1073741825, "holdInstruction"}, - {0, 1, "2"}, - {"id-holdinstruction-reject", 1879048204, 0}, - {0, 1073741825, "holdInstruction"}, - {0, 1, "3"}, - {"id-ce-invalidityDate", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "24"}, - {"InvalidityDate", 1082130449, 0}, - {"VisibleString", 1610620935, 0}, - {0, 4360, "26"}, - {"NumericString", 1610620935, 0}, - {0, 4360, "18"}, - {"IA5String", 1610620935, 0}, - {0, 4360, "22"}, - {"TeletexString", 1610620935, 0}, - {0, 4360, "20"}, - {"PrintableString", 1610620935, 0}, - {0, 4360, "19"}, - {"UniversalString", 1610620935, 0}, - {0, 4360, "28"}, - {"BMPString", 1610620935, 0}, - {0, 4360, "30"}, - {"UTF8String", 1610620935, 0}, - {0, 4360, "12"}, - {"id-pkix", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"identified-organization", 1073741825, "3"}, - {"dod", 1073741825, "6"}, - {"internet", 1073741825, "1"}, - {"security", 1073741825, "5"}, - {"mechanisms", 1073741825, "5"}, - {"pkix", 1, "7"}, - {"id-pe", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1, "1"}, - {"id-qt", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1, "2"}, - {"id-kp", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1, "3"}, - {"id-ad", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1, "48"}, - {"id-qt-cps", 1879048204, 0}, - {0, 1073741825, "id-qt"}, - {0, 1, "1"}, - {"id-qt-unotice", 1879048204, 0}, - {0, 1073741825, "id-qt"}, - {0, 1, "2"}, - {"id-ad-ocsp", 1879048204, 0}, - {0, 1073741825, "id-ad"}, - {0, 1, "1"}, - {"id-ad-caIssuers", 1879048204, 0}, - {0, 1073741825, "id-ad"}, - {0, 1, "2"}, - {"Attribute", 1610612741, 0}, - {"type", 1073741826, "AttributeType"}, - {"values", 536870927, 0}, - {0, 2, "AttributeValue"}, - {"AttributeType", 1073741836, 0}, - {"AttributeValue", 1614807053, 0}, - {"type", 1, 0}, - {"AttributeTypeAndValue", 1610612741, 0}, - {"type", 1073741826, "AttributeType"}, - {"value", 2, "AttributeValue"}, - {"id-at", 1879048204, 0}, - {"joint-iso-ccitt", 1073741825, "2"}, - {"ds", 1073741825, "5"}, - {0, 1, "4"}, - {"id-at-initials", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "43"}, - {"X520initials", 1073741826, "DirectoryString"}, - {"id-at-generationQualifier", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "44"}, - {"X520generationQualifier", 1073741826, "DirectoryString"}, - {"id-at-surname", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "4"}, - {"X520surName", 1073741826, "DirectoryString"}, - {"id-at-givenName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "42"}, - {"X520givenName", 1073741826, "DirectoryString"}, - {"id-at-name", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "41"}, - {"X520name", 1073741826, "DirectoryString"}, - {"id-at-commonName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "3"}, - {"X520CommonName", 1073741826, "DirectoryString"}, - {"id-at-localityName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "7"}, - {"X520LocalityName", 1073741826, "DirectoryString"}, - {"id-at-stateOrProvinceName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "8"}, - {"X520StateOrProvinceName", 1073741826, "DirectoryString"}, - {"id-at-organizationName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "10"}, - {"X520OrganizationName", 1073741826, "DirectoryString"}, - {"id-at-organizationalUnitName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "11"}, - {"X520OrganizationalUnitName", 1073741826, "DirectoryString"}, - {"id-at-title", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "12"}, - {"X520Title", 1073741826, "DirectoryString"}, - {"id-at-description", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "13"}, - {"X520Description", 1073741826, "DirectoryString"}, - {"id-at-dnQualifier", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "46"}, - {"X520dnQualifier", 1073741826, "PrintableString"}, - {"id-at-countryName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "6"}, - {"X520countryName", 1612709890, "PrintableString"}, - {0, 1048586, "2"}, - {"id-at-serialNumber", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "5"}, - {"X520serialNumber", 1073741826, "PrintableString"}, - {"id-at-telephoneNumber", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "20"}, - {"X520telephoneNumber", 1073741826, "PrintableString"}, - {"id-at-facsimileTelephoneNumber", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "23"}, - {"X520facsimileTelephoneNumber", 1073741826, "PrintableString"}, - {"id-at-pseudonym", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "65"}, - {"X520pseudonym", 1073741826, "DirectoryString"}, - {"id-at-name", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "41"}, - {"X520name", 1073741826, "DirectoryString"}, - {"id-at-streetAddress", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "9"}, - {"X520streetAddress", 1073741826, "DirectoryString"}, - {"id-at-postalAddress", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "16"}, - {"X520postalAddress", 1073741826, "PostalAddress"}, - {"PostalAddress", 1610612747, 0}, - {0, 2, "DirectoryString"}, - {"pkcs", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"rsadsi", 1073741825, "113549"}, - {"pkcs", 1, "1"}, - {"pkcs-9", 1879048204, 0}, - {0, 1073741825, "pkcs"}, - {0, 1, "9"}, - {"emailAddress", 1880096780, "AttributeType"}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "1"}, - {"Pkcs9email", 1612709890, "IA5String"}, - {"ub-emailaddress-length", 524298, "1"}, - {"Name", 1610612754, 0}, - {"rdnSequence", 2, "RDNSequence"}, - {"RDNSequence", 1610612747, 0}, - {0, 2, "RelativeDistinguishedName"}, - {"DistinguishedName", 1073741826, "RDNSequence"}, - {"RelativeDistinguishedName", 1612709903, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "AttributeTypeAndValue"}, - {"Certificate", 1610612741, 0}, - {"tbsCertificate", 1073741826, "TBSCertificate"}, - {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - {"signature", 6, 0}, - {"TBSCertificate", 1610612741, 0}, - {"version", 1610653698, "Version"}, - {0, 1073741833, "v1"}, - {0, 2056, "0"}, - {"serialNumber", 1073741826, "CertificateSerialNumber"}, - {"signature", 1073741826, "AlgorithmIdentifier"}, - {"issuer", 1073741826, "Name"}, - {"validity", 1073741826, "Validity"}, - {"subject", 1073741826, "Name"}, - {"subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"}, - {"issuerUniqueID", 1610637314, "UniqueIdentifier"}, - {0, 4104, "1"}, - {"subjectUniqueID", 1610637314, "UniqueIdentifier"}, - {0, 4104, "2"}, - {"extensions", 536895490, "Extensions"}, - {0, 2056, "3"}, - {"Version", 1610874883, 0}, - {"v1", 1073741825, "0"}, - {"v2", 1073741825, "1"}, - {"v3", 1, "2"}, - {"CertificateSerialNumber", 1073741827, 0}, - {"Validity", 1610612741, 0}, - {"notBefore", 1073741826, "Time"}, - {"notAfter", 2, "Time"}, - {"Time", 1610612754, 0}, - {"utcTime", 1090519057, 0}, - {"generalTime", 8388625, 0}, - {"UniqueIdentifier", 1073741830, 0}, - {"SubjectPublicKeyInfo", 1610612741, 0}, - {"algorithm", 1073741826, "AlgorithmIdentifier"}, - {"subjectPublicKey", 6, 0}, - {"Extensions", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "Extension"}, - {"Extension", 1610612741, 0}, - {"extnID", 1073741836, 0}, - {"critical", 1610645508, 0}, - {0, 131081, 0}, - {"extnValue", 7, 0}, - {"CertificateList", 1610612741, 0}, - {"tbsCertList", 1073741826, "TBSCertList"}, - {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - {"signature", 6, 0}, - {"TBSCertList", 1610612741, 0}, - {"version", 1073758210, "Version"}, - {"signature", 1073741826, "AlgorithmIdentifier"}, - {"issuer", 1073741826, "Name"}, - {"thisUpdate", 1073741826, "Time"}, - {"nextUpdate", 1073758210, "Time"}, - {"revokedCertificates", 1610629131, 0}, - {0, 536870917, 0}, - {"userCertificate", 1073741826, "CertificateSerialNumber"}, - {"revocationDate", 1073741826, "Time"}, - {"crlEntryExtensions", 16386, "Extensions"}, - {"crlExtensions", 536895490, "Extensions"}, - {0, 2056, "0"}, - {"AlgorithmIdentifier", 1610612741, 0}, - {"algorithm", 1073741836, 0}, - {"parameters", 541081613, 0}, - {"algorithm", 1, 0}, - {"pkcs-1", 1879048204, 0}, - {0, 1073741825, "pkcs"}, - {0, 1, "1"}, - {"rsaEncryption", 1879048204, 0}, - {0, 1073741825, "pkcs-1"}, - {0, 1, "1"}, - {"md2WithRSAEncryption", 1879048204, 0}, - {0, 1073741825, "pkcs-1"}, - {0, 1, "2"}, - {"md5WithRSAEncryption", 1879048204, 0}, - {0, 1073741825, "pkcs-1"}, - {0, 1, "4"}, - {"sha1WithRSAEncryption", 1879048204, 0}, - {0, 1073741825, "pkcs-1"}, - {0, 1, "5"}, - {"id-dsa-with-sha1", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"x9-57", 1073741825, "10040"}, - {"x9algorithm", 1073741825, "4"}, - {0, 1, "3"}, - {"Dss-Sig-Value", 1610612741, 0}, - {"r", 1073741827, 0}, - {"s", 3, 0}, - {"dhpublicnumber", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"ansi-x942", 1073741825, "10046"}, - {"number-type", 1073741825, "2"}, - {0, 1, "1"}, - {"DomainParameters", 1610612741, 0}, - {"p", 1073741827, 0}, - {"g", 1073741827, 0}, - {"q", 1073741827, 0}, - {"j", 1073758211, 0}, - {"validationParms", 16386, "ValidationParms"}, - {"ValidationParms", 1610612741, 0}, - {"seed", 1073741830, 0}, - {"pgenCounter", 3, 0}, - {"id-dsa", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"x9-57", 1073741825, "10040"}, - {"x9algorithm", 1073741825, "4"}, - {0, 1, "1"}, - {"Dss-Parms", 1610612741, 0}, - {"p", 1073741827, 0}, - {"q", 1073741827, 0}, - {"g", 3, 0}, - {"ORAddress", 1610612741, 0}, - {"built-in-standard-attributes", 1073741826, "BuiltInStandardAttributes"}, - {"built-in-domain-defined-attributes", 1073758210, - "BuiltInDomainDefinedAttributes"}, - {"extension-attributes", 16386, "ExtensionAttributes"}, - {"BuiltInStandardAttributes", 1610612741, 0}, - {"country-name", 1073758210, "CountryName"}, - {"administration-domain-name", 1073758210, "AdministrationDomainName"}, - {"network-address", 1610637314, "NetworkAddress"}, - {0, 2056, "0"}, - {"terminal-identifier", 1610637314, "TerminalIdentifier"}, - {0, 2056, "1"}, - {"private-domain-name", 1610637314, "PrivateDomainName"}, - {0, 2056, "2"}, - {"organization-name", 1610637314, "OrganizationName"}, - {0, 2056, "3"}, - {"numeric-user-identifier", 1610637314, "NumericUserIdentifier"}, - {0, 2056, "4"}, - {"personal-name", 1610637314, "PersonalName"}, - {0, 2056, "5"}, - {"organizational-unit-names", 536895490, "OrganizationalUnitNames"}, - {0, 2056, "6"}, - {"CountryName", 1610620946, 0}, - {0, 1073746952, "1"}, - {"x121-dcc-code", 1612709890, "NumericString"}, - {0, 1048586, "ub-country-name-numeric-length"}, - {"iso-3166-alpha2-code", 538968066, "PrintableString"}, - {0, 1048586, "ub-country-name-alpha-length"}, - {"AdministrationDomainName", 1610620946, 0}, - {0, 1073744904, "2"}, - {"numeric", 1612709890, "NumericString"}, - {"ub-domain-name-length", 524298, "0"}, - {"printable", 538968066, "PrintableString"}, - {"ub-domain-name-length", 524298, "0"}, - {"NetworkAddress", 1073741826, "X121Address"}, - {"X121Address", 1612709890, "NumericString"}, - {"ub-x121-address-length", 524298, "1"}, - {"TerminalIdentifier", 1612709890, "PrintableString"}, - {"ub-terminal-id-length", 524298, "1"}, - {"PrivateDomainName", 1610612754, 0}, - {"numeric", 1612709890, "NumericString"}, - {"ub-domain-name-length", 524298, "1"}, - {"printable", 538968066, "PrintableString"}, - {"ub-domain-name-length", 524298, "1"}, - {"OrganizationName", 1612709890, "PrintableString"}, - {"ub-organization-name-length", 524298, "1"}, - {"NumericUserIdentifier", 1612709890, "NumericString"}, - {"ub-numeric-user-id-length", 524298, "1"}, - {"PersonalName", 1610612750, 0}, - {"surname", 1814044674, "PrintableString"}, - {0, 1073745928, "0"}, - {"ub-surname-length", 524298, "1"}, - {"given-name", 1814061058, "PrintableString"}, - {0, 1073745928, "1"}, - {"ub-given-name-length", 524298, "1"}, - {"initials", 1814061058, "PrintableString"}, - {0, 1073745928, "2"}, - {"ub-initials-length", 524298, "1"}, - {"generation-qualifier", 740319234, "PrintableString"}, - {0, 1073745928, "3"}, - {"ub-generation-qualifier-length", 524298, "1"}, - {"OrganizationalUnitNames", 1612709899, 0}, - {"ub-organizational-units", 1074266122, "1"}, - {0, 2, "OrganizationalUnitName"}, - {"OrganizationalUnitName", 1612709890, "PrintableString"}, - {"ub-organizational-unit-name-length", 524298, "1"}, - {"BuiltInDomainDefinedAttributes", 1612709899, 0}, - {"ub-domain-defined-attributes", 1074266122, "1"}, - {0, 2, "BuiltInDomainDefinedAttribute"}, - {"BuiltInDomainDefinedAttribute", 1610612741, 0}, - {"type", 1612709890, "PrintableString"}, - {"ub-domain-defined-attribute-type-length", 524298, "1"}, - {"value", 538968066, "PrintableString"}, - {"ub-domain-defined-attribute-value-length", 524298, "1"}, - {"ExtensionAttributes", 1612709903, 0}, - {"ub-extension-attributes", 1074266122, "1"}, - {0, 2, "ExtensionAttribute"}, - {"ExtensionAttribute", 1610612741, 0}, - {"extension-attribute-type", 1611145219, 0}, - {0, 1073743880, "0"}, - {"0", 10, "ub-extension-attributes"}, - {"extension-attribute-value", 541073421, 0}, - {0, 1073743880, "1"}, - {"extension-attribute-type", 1, 0}, - {"common-name", 1342177283, "1"}, - {"CommonName", 1612709890, "PrintableString"}, - {"ub-common-name-length", 524298, "1"}, - {"teletex-common-name", 1342177283, "2"}, - {"TeletexCommonName", 1612709890, "TeletexString"}, - {"ub-common-name-length", 524298, "1"}, - {"teletex-organization-name", 1342177283, "3"}, - {"TeletexOrganizationName", 1612709890, "TeletexString"}, - {"ub-organization-name-length", 524298, "1"}, - {"teletex-personal-name", 1342177283, "4"}, - {"TeletexPersonalName", 1610612750, 0}, - {"surname", 1814044674, "TeletexString"}, - {0, 1073743880, "0"}, - {"ub-surname-length", 524298, "1"}, - {"given-name", 1814061058, "TeletexString"}, - {0, 1073743880, "1"}, - {"ub-given-name-length", 524298, "1"}, - {"initials", 1814061058, "TeletexString"}, - {0, 1073743880, "2"}, - {"ub-initials-length", 524298, "1"}, - {"generation-qualifier", 740319234, "TeletexString"}, - {0, 1073743880, "3"}, - {"ub-generation-qualifier-length", 524298, "1"}, - {"teletex-organizational-unit-names", 1342177283, "5"}, - {"TeletexOrganizationalUnitNames", 1612709899, 0}, - {"ub-organizational-units", 1074266122, "1"}, - {0, 2, "TeletexOrganizationalUnitName"}, - {"TeletexOrganizationalUnitName", 1612709890, "TeletexString"}, - {"ub-organizational-unit-name-length", 524298, "1"}, - {"pds-name", 1342177283, "7"}, - {"PDSName", 1612709890, "PrintableString"}, - {"ub-pds-name-length", 524298, "1"}, - {"physical-delivery-country-name", 1342177283, "8"}, - {"PhysicalDeliveryCountryName", 1610612754, 0}, - {"x121-dcc-code", 1612709890, "NumericString"}, - {0, 1048586, "ub-country-name-numeric-length"}, - {"iso-3166-alpha2-code", 538968066, "PrintableString"}, - {0, 1048586, "ub-country-name-alpha-length"}, - {"postal-code", 1342177283, "9"}, - {"PostalCode", 1610612754, 0}, - {"numeric-code", 1612709890, "NumericString"}, - {"ub-postal-code-length", 524298, "1"}, - {"printable-code", 538968066, "PrintableString"}, - {"ub-postal-code-length", 524298, "1"}, - {"physical-delivery-office-name", 1342177283, "10"}, - {"PhysicalDeliveryOfficeName", 1073741826, "PDSParameter"}, - {"physical-delivery-office-number", 1342177283, "11"}, - {"PhysicalDeliveryOfficeNumber", 1073741826, "PDSParameter"}, - {"extension-OR-address-components", 1342177283, "12"}, - {"ExtensionORAddressComponents", 1073741826, "PDSParameter"}, - {"physical-delivery-personal-name", 1342177283, "13"}, - {"PhysicalDeliveryPersonalName", 1073741826, "PDSParameter"}, - {"physical-delivery-organization-name", 1342177283, "14"}, - {"PhysicalDeliveryOrganizationName", 1073741826, "PDSParameter"}, - {"extension-physical-delivery-address-components", 1342177283, "15"}, - {"ExtensionPhysicalDeliveryAddressComponents", 1073741826, "PDSParameter"}, - {"unformatted-postal-address", 1342177283, "16"}, - {"UnformattedPostalAddress", 1610612750, 0}, - {"printable-address", 1814052875, 0}, - {"ub-pds-physical-address-lines", 1074266122, "1"}, - {0, 538968066, "PrintableString"}, - {"ub-pds-parameter-length", 524298, "1"}, - {"teletex-string", 740311042, "TeletexString"}, - {"ub-unformatted-address-length", 524298, "1"}, - {"street-address", 1342177283, "17"}, - {"StreetAddress", 1073741826, "PDSParameter"}, - {"post-office-box-address", 1342177283, "18"}, - {"PostOfficeBoxAddress", 1073741826, "PDSParameter"}, - {"poste-restante-address", 1342177283, "19"}, - {"PosteRestanteAddress", 1073741826, "PDSParameter"}, - {"unique-postal-name", 1342177283, "20"}, - {"UniquePostalName", 1073741826, "PDSParameter"}, - {"local-postal-attributes", 1342177283, "21"}, - {"LocalPostalAttributes", 1073741826, "PDSParameter"}, - {"PDSParameter", 1610612750, 0}, - {"printable-string", 1814052866, "PrintableString"}, - {"ub-pds-parameter-length", 524298, "1"}, - {"teletex-string", 740311042, "TeletexString"}, - {"ub-pds-parameter-length", 524298, "1"}, - {"extended-network-address", 1342177283, "22"}, - {"ExtendedNetworkAddress", 1610612754, 0}, - {"e163-4-address", 1610612741, 0}, - {"number", 1612718082, "NumericString"}, - {0, 1073743880, "0"}, - {"ub-e163-4-number-length", 524298, "1"}, - {"sub-address", 538992642, "NumericString"}, - {0, 1073743880, "1"}, - {"ub-e163-4-sub-address-length", 524298, "1"}, - {"psap-address", 536879106, "PresentationAddress"}, - {0, 2056, "0"}, - {"PresentationAddress", 1610612741, 0}, - {"pSelector", 1610637319, 0}, - {0, 2056, "0"}, - {"sSelector", 1610637319, 0}, - {0, 2056, "1"}, - {"tSelector", 1610637319, 0}, - {0, 2056, "2"}, - {"nAddresses", 538976271, 0}, - {0, 1073743880, "3"}, - {"MAX", 1074266122, "1"}, - {0, 7, 0}, - {"terminal-type", 1342177283, "23"}, - {"TerminalType", 1610874883, 0}, - {"telex", 1073741825, "3"}, - {"teletex", 1073741825, "4"}, - {"g3-facsimile", 1073741825, "5"}, - {"g4-facsimile", 1073741825, "6"}, - {"ia5-terminal", 1073741825, "7"}, - {"videotex", 1, "8"}, - {"teletex-domain-defined-attributes", 1342177283, "6"}, - {"TeletexDomainDefinedAttributes", 1612709899, 0}, - {"ub-domain-defined-attributes", 1074266122, "1"}, - {0, 2, "TeletexDomainDefinedAttribute"}, - {"TeletexDomainDefinedAttribute", 1610612741, 0}, - {"type", 1612709890, "TeletexString"}, - {"ub-domain-defined-attribute-type-length", 524298, "1"}, - {"value", 538968066, "TeletexString"}, - {"ub-domain-defined-attribute-value-length", 524298, "1"}, - {"ub-name", 1342177283, "32768"}, - {"ub-common-name", 1342177283, "64"}, - {"ub-locality-name", 1342177283, "128"}, - {"ub-state-name", 1342177283, "128"}, - {"ub-organization-name", 1342177283, "64"}, - {"ub-organizational-unit-name", 1342177283, "64"}, - {"ub-title", 1342177283, "64"}, - {"ub-match", 1342177283, "128"}, - {"ub-emailaddress-length", 1342177283, "128"}, - {"ub-common-name-length", 1342177283, "64"}, - {"ub-country-name-alpha-length", 1342177283, "2"}, - {"ub-country-name-numeric-length", 1342177283, "3"}, - {"ub-domain-defined-attributes", 1342177283, "4"}, - {"ub-domain-defined-attribute-type-length", 1342177283, "8"}, - {"ub-domain-defined-attribute-value-length", 1342177283, "128"}, - {"ub-domain-name-length", 1342177283, "16"}, - {"ub-extension-attributes", 1342177283, "256"}, - {"ub-e163-4-number-length", 1342177283, "15"}, - {"ub-e163-4-sub-address-length", 1342177283, "40"}, - {"ub-generation-qualifier-length", 1342177283, "3"}, - {"ub-given-name-length", 1342177283, "16"}, - {"ub-initials-length", 1342177283, "5"}, - {"ub-integer-options", 1342177283, "256"}, - {"ub-numeric-user-id-length", 1342177283, "32"}, - {"ub-organization-name-length", 1342177283, "64"}, - {"ub-organizational-unit-name-length", 1342177283, "32"}, - {"ub-organizational-units", 1342177283, "4"}, - {"ub-pds-name-length", 1342177283, "16"}, - {"ub-pds-parameter-length", 1342177283, "30"}, - {"ub-pds-physical-address-lines", 1342177283, "6"}, - {"ub-postal-code-length", 1342177283, "16"}, - {"ub-surname-length", 1342177283, "40"}, - {"ub-terminal-id-length", 1342177283, "24"}, - {"ub-unformatted-address-length", 1342177283, "180"}, - {"ub-x121-address-length", 1342177283, "16"}, - {"pkcs-7-ContentInfo", 1610612741, 0}, - {"contentType", 1073741826, "pkcs-7-ContentType"}, - {"content", 541073421, 0}, - {0, 1073743880, "0"}, - {"contentType", 1, 0}, - {"pkcs-7-DigestInfo", 1610612741, 0}, - {"digestAlgorithm", 1073741826, "pkcs-7-DigestAlgorithmIdentifier"}, - {"digest", 2, "pkcs-7-Digest"}, - {"pkcs-7-Digest", 1073741831, 0}, - {"pkcs-7-ContentType", 1073741836, 0}, - {"pkcs-7-SignedData", 1610612741, 0}, - {"version", 1073741826, "pkcs-7-CMSVersion"}, - {"digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"}, - {"encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"}, - {"certificates", 1610637314, "pkcs-7-CertificateSet"}, - {0, 4104, "0"}, - {"crls", 1610637314, "pkcs-7-CertificateRevocationLists"}, - {0, 4104, "1"}, - {"signerInfos", 2, "pkcs-7-SignerInfos"}, - {"pkcs-7-CMSVersion", 1610874883, 0}, - {"v0", 1073741825, "0"}, - {"v1", 1073741825, "1"}, - {"v2", 1073741825, "2"}, - {"v3", 1073741825, "3"}, - {"v4", 1, "4"}, - {"pkcs-7-DigestAlgorithmIdentifiers", 1610612751, 0}, - {0, 2, "pkcs-7-DigestAlgorithmIdentifier"}, - {"pkcs-7-DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, - {"pkcs-7-EncapsulatedContentInfo", 1610612741, 0}, - {"eContentType", 1073741826, "pkcs-7-ContentType"}, - {"eContent", 536895495, 0}, - {0, 2056, "0"}, - {"pkcs-7-CertificateRevocationLists", 1610612751, 0}, - {0, 13, 0}, - {"pkcs-7-CertificateChoices", 1610612754, 0}, - {"certificate", 13, 0}, - {"pkcs-7-CertificateSet", 1610612751, 0}, - {0, 2, "pkcs-7-CertificateChoices"}, - {"pkcs-7-SignerInfos", 1610612751, 0}, - {0, 13, 0}, - {"pkcs-10-CertificationRequestInfo", 1610612741, 0}, - {"version", 1610874883, 0}, - {"v1", 1, "0"}, - {"subject", 1073741826, "Name"}, - {"subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"}, - {"attributes", 536879106, "Attributes"}, - {0, 4104, "0"}, - {"Attributes", 1610612751, 0}, - {0, 2, "Attribute"}, - {"pkcs-10-CertificationRequest", 1610612741, 0}, - {"certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"}, - {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - {"signature", 6, 0}, - {"pkcs-9-ub-challengePassword", 1342177283, "255"}, - {"pkcs-9-certTypes", 1879048204, 0}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "22"}, - {"pkcs-9-crlTypes", 1879048204, 0}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "23"}, - {"pkcs-9-at-challengePassword", 1879048204, 0}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "7"}, - {"pkcs-9-challengePassword", 1610612754, 0}, - {"printableString", 1612709890, "PrintableString"}, - {"pkcs-9-ub-challengePassword", 524298, "1"}, - {"utf8String", 538968066, "UTF8String"}, - {"pkcs-9-ub-challengePassword", 524298, "1"}, - {"pkcs-9-at-localKeyId", 1879048204, 0}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "21"}, - {"pkcs-9-localKeyId", 1073741831, 0}, - {"pkcs-9-at-friendlyName", 1879048204, 0}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "20"}, - {"pkcs-9-friendlyName", 1612709890, "BMPString"}, - {"255", 524298, "1"}, - {"pkcs-8-PrivateKeyInfo", 1610612741, 0}, - {"version", 1073741826, "pkcs-8-Version"}, - {"privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"}, - {"privateKey", 1073741826, "pkcs-8-PrivateKey"}, - {"attributes", 536895490, "Attributes"}, - {0, 4104, "0"}, - {"pkcs-8-Version", 1610874883, 0}, - {"v1", 1, "0"}, - {"pkcs-8-PrivateKey", 1073741831, 0}, - {"pkcs-8-Attributes", 1610612751, 0}, - {0, 2, "Attribute"}, - {"pkcs-8-EncryptedPrivateKeyInfo", 1610612741, 0}, - {"encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"}, - {"encryptedData", 2, "pkcs-8-EncryptedData"}, - {"pkcs-8-EncryptedData", 1073741831, 0}, - {"pkcs-5", 1879048204, 0}, - {0, 1073741825, "pkcs"}, - {0, 1, "5"}, - {"pkcs-5-encryptionAlgorithm", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"rsadsi", 1073741825, "113549"}, - {0, 1, "3"}, - {"pkcs-5-des-EDE3-CBC", 1879048204, 0}, - {0, 1073741825, "pkcs-5-encryptionAlgorithm"}, - {0, 1, "7"}, - {"pkcs-5-des-EDE3-CBC-params", 1612709895, 0}, - {0, 1048586, "8"}, - {"pkcs-5-id-PBES2", 1879048204, 0}, - {0, 1073741825, "pkcs-5"}, - {0, 1, "13"}, - {"pkcs-5-PBES2-params", 1610612741, 0}, - {"keyDerivationFunc", 1073741826, "AlgorithmIdentifier"}, - {"encryptionScheme", 2, "AlgorithmIdentifier"}, - {"pkcs-5-id-PBKDF2", 1879048204, 0}, - {0, 1073741825, "pkcs-5"}, - {0, 1, "12"}, - {"pkcs-5-PBKDF2-params", 1610612741, 0}, - {"salt", 1610612754, 0}, - {"specified", 1073741831, 0}, - {"otherSource", 2, "AlgorithmIdentifier"}, - {"iterationCount", 1611137027, 0}, - {"1", 10, "MAX"}, - {"keyLength", 1611153411, 0}, - {"1", 10, "MAX"}, - {"prf", 16386, "AlgorithmIdentifier"}, - {"pkcs-12", 1879048204, 0}, - {0, 1073741825, "pkcs"}, - {0, 1, "12"}, - {"pkcs-12-PFX", 1610612741, 0}, - {"version", 1610874883, 0}, - {"v3", 1, "3"}, - {"authSafe", 1073741826, "pkcs-7-ContentInfo"}, - {"macData", 16386, "pkcs-12-MacData"}, - {"pkcs-12-PbeParams", 1610612741, 0}, - {"salt", 1073741831, 0}, - {"iterations", 3, 0}, - {"pkcs-12-MacData", 1610612741, 0}, - {"mac", 1073741826, "pkcs-7-DigestInfo"}, - {"macSalt", 1073741831, 0}, - {"iterations", 536903683, 0}, - {0, 9, "1"}, - {"pkcs-12-AuthenticatedSafe", 1610612747, 0}, - {0, 2, "pkcs-7-ContentInfo"}, - {"pkcs-12-SafeContents", 1610612747, 0}, - {0, 2, "pkcs-12-SafeBag"}, - {"pkcs-12-SafeBag", 1610612741, 0}, - {"bagId", 1073741836, 0}, - {"bagValue", 1614815245, 0}, - {0, 1073743880, "0"}, - {"badId", 1, 0}, - {"bagAttributes", 536887311, 0}, - {0, 2, "pkcs-12-PKCS12Attribute"}, - {"pkcs-12-bagtypes", 1879048204, 0}, - {0, 1073741825, "pkcs-12"}, - {0, 1073741825, "10"}, - {0, 1, "1"}, - {"pkcs-12-keyBag", 1879048204, 0}, - {0, 1073741825, "pkcs-12-bagtypes"}, - {0, 1, "1"}, - {"pkcs-12-pkcs8ShroudedKeyBag", 1879048204, 0}, - {0, 1073741825, "pkcs-12-bagtypes"}, - {0, 1, "2"}, - {"pkcs-12-certBag", 1879048204, 0}, - {0, 1073741825, "pkcs-12-bagtypes"}, - {0, 1, "3"}, - {"pkcs-12-crlBag", 1879048204, 0}, - {0, 1073741825, "pkcs-12-bagtypes"}, - {0, 1, "4"}, - {"pkcs-12-KeyBag", 1073741826, "pkcs-8-PrivateKeyInfo"}, - {"pkcs-12-PKCS8ShroudedKeyBag", 1073741826, "pkcs-8-EncryptedPrivateKeyInfo"}, - {"pkcs-12-CertBag", 1610612741, 0}, - {"certId", 1073741836, 0}, - {"certValue", 541073421, 0}, - {0, 1073743880, "0"}, - {"certId", 1, 0}, - {"pkcs-12-CRLBag", 1610612741, 0}, - {"crlId", 1073741836, 0}, - {"crlValue", 541073421, 0}, - {0, 1073743880, "0"}, - {"crlId", 1, 0}, - {"pkcs-12-PKCS12Attribute", 1073741826, "Attribute"}, - {"pkcs-7-data", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"rsadsi", 1073741825, "113549"}, - {"pkcs", 1073741825, "1"}, - {"pkcs7", 1073741825, "7"}, - {0, 1, "1"}, - {"pkcs-7-encryptedData", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"rsadsi", 1073741825, "113549"}, - {"pkcs", 1073741825, "1"}, - {"pkcs7", 1073741825, "7"}, - {0, 1, "6"}, - {"pkcs-7-Data", 1073741831, 0}, - {"pkcs-7-EncryptedData", 1610612741, 0}, - {"version", 1073741826, "pkcs-7-CMSVersion"}, - {"encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"}, - {"unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"}, - {0, 4104, "1"}, - {"pkcs-7-EncryptedContentInfo", 1610612741, 0}, - {"contentType", 1073741826, "pkcs-7-ContentType"}, - {"contentEncryptionAlgorithm", 1073741826, - "pkcs-7-ContentEncryptionAlgorithmIdentifier"}, - {"encryptedContent", 536895490, "pkcs-7-EncryptedContent"}, - {0, 4104, "0"}, - {"pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, - "AlgorithmIdentifier"}, - {"pkcs-7-EncryptedContent", 1073741831, 0}, - {"pkcs-7-UnprotectedAttributes", 1612709903, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "Attribute"}, - {"id-at-ldap-DC", 1880096780, "AttributeType"}, - {0, 1073741825, "0"}, - {0, 1073741825, "9"}, - {0, 1073741825, "2342"}, - {0, 1073741825, "19200300"}, - {0, 1073741825, "100"}, - {0, 1073741825, "1"}, - {0, 1, "25"}, - {"ldap-DC", 1073741826, "IA5String"}, - {"id-at-ldap-UID", 1880096780, "AttributeType"}, - {0, 1073741825, "0"}, - {0, 1073741825, "9"}, - {0, 1073741825, "2342"}, - {0, 1073741825, "19200300"}, - {0, 1073741825, "100"}, - {0, 1073741825, "1"}, - {0, 1, "1"}, - {"ldap-UID", 1073741826, "DirectoryString"}, - {"id-pda", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1, "9"}, - {"id-pda-dateOfBirth", 1880096780, "AttributeType"}, - {0, 1073741825, "id-pda"}, - {0, 1, "1"}, - {"DateOfBirth", 1082130449, 0}, - {"id-pda-placeOfBirth", 1880096780, "AttributeType"}, - {0, 1073741825, "id-pda"}, - {0, 1, "2"}, - {"PlaceOfBirth", 1073741826, "DirectoryString"}, - {"id-pda-gender", 1880096780, "AttributeType"}, - {0, 1073741825, "id-pda"}, - {0, 1, "3"}, - {"Gender", 1612709890, "PrintableString"}, - {0, 1048586, "1"}, - {"id-pda-countryOfCitizenship", 1880096780, "AttributeType"}, - {0, 1073741825, "id-pda"}, - {0, 1, "4"}, - {"CountryOfCitizenship", 1612709890, "PrintableString"}, - {0, 1048586, "2"}, - {"id-pda-countryOfResidence", 1880096780, "AttributeType"}, - {0, 1073741825, "id-pda"}, - {0, 1, "5"}, - {"CountryOfResidence", 538968066, "PrintableString"}, - {0, 1048586, "2"}, - {0, 0, 0} -}; diff --git a/tests/unit/pkix_asn1_tab.c.inc b/tests/unit/pkix_asn1_tab.c.inc new file mode 100644 index 0000000000..fe29c4102a --- /dev/null +++ b/tests/unit/pkix_asn1_tab.c.inc @@ -0,0 +1,1102 @@ +/* + * This file is taken from gnutls 1.6.3 under the GPLv2+ + * and is under copyright of various GNUTLS contributors. + */ + +static const asn1_static_node pkix_asn1_tab[] = { + {"PKIX1", 536875024, 0}, + {0, 1073741836, 0}, + {"id-ce", 1879048204, 0}, + {"joint-iso-ccitt", 1073741825, "2"}, + {"ds", 1073741825, "5"}, + {0, 1, "29"}, + {"id-ce-authorityKeyIdentifier", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "35"}, + {"AuthorityKeyIdentifier", 1610612741, 0}, + {"keyIdentifier", 1610637314, "KeyIdentifier"}, + {0, 4104, "0"}, + {"authorityCertIssuer", 1610637314, "GeneralNames"}, + {0, 4104, "1"}, + {"authorityCertSerialNumber", 536895490, "CertificateSerialNumber"}, + {0, 4104, "2"}, + {"KeyIdentifier", 1073741831, 0}, + {"id-ce-subjectKeyIdentifier", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "14"}, + {"SubjectKeyIdentifier", 1073741826, "KeyIdentifier"}, + {"id-ce-keyUsage", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "15"}, + {"KeyUsage", 1610874886, 0}, + {"digitalSignature", 1073741825, "0"}, + {"nonRepudiation", 1073741825, "1"}, + {"keyEncipherment", 1073741825, "2"}, + {"dataEncipherment", 1073741825, "3"}, + {"keyAgreement", 1073741825, "4"}, + {"keyCertSign", 1073741825, "5"}, + {"cRLSign", 1073741825, "6"}, + {"encipherOnly", 1073741825, "7"}, + {"decipherOnly", 1, "8"}, + {"id-ce-privateKeyUsagePeriod", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "16"}, + {"PrivateKeyUsagePeriod", 1610612741, 0}, + {"notBefore", 1619025937, 0}, + {0, 4104, "0"}, + {"notAfter", 545284113, 0}, + {0, 4104, "1"}, + {"id-ce-certificatePolicies", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "32"}, + {"CertificatePolicies", 1612709899, 0}, + {"MAX", 1074266122, "1"}, + {0, 2, "PolicyInformation"}, + {"PolicyInformation", 1610612741, 0}, + {"policyIdentifier", 1073741826, "CertPolicyId"}, + {"policyQualifiers", 538984459, 0}, + {"MAX", 1074266122, "1"}, + {0, 2, "PolicyQualifierInfo"}, + {"CertPolicyId", 1073741836, 0}, + {"PolicyQualifierInfo", 1610612741, 0}, + {"policyQualifierId", 1073741826, "PolicyQualifierId"}, + {"qualifier", 541065229, 0}, + {"policyQualifierId", 1, 0}, + {"PolicyQualifierId", 1073741836, 0}, + {"CPSuri", 1073741826, "IA5String"}, + {"UserNotice", 1610612741, 0}, + {"noticeRef", 1073758210, "NoticeReference"}, + {"explicitText", 16386, "DisplayText"}, + {"NoticeReference", 1610612741, 0}, + {"organization", 1073741826, "DisplayText"}, + {"noticeNumbers", 536870923, 0}, + {0, 3, 0}, + {"DisplayText", 1610612754, 0}, + {"visibleString", 1612709890, "VisibleString"}, + {"200", 524298, "1"}, + {"bmpString", 1612709890, "BMPString"}, + {"200", 524298, "1"}, + {"utf8String", 538968066, "UTF8String"}, + {"200", 524298, "1"}, + {"id-ce-policyMappings", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "33"}, + {"PolicyMappings", 1612709899, 0}, + {"MAX", 1074266122, "1"}, + {0, 536870917, 0}, + {"issuerDomainPolicy", 1073741826, "CertPolicyId"}, + {"subjectDomainPolicy", 2, "CertPolicyId"}, + {"DirectoryString", 1610612754, 0}, + {"teletexString", 1612709890, "TeletexString"}, + {"MAX", 524298, "1"}, + {"printableString", 1612709890, "PrintableString"}, + {"MAX", 524298, "1"}, + {"universalString", 1612709890, "UniversalString"}, + {"MAX", 524298, "1"}, + {"utf8String", 1612709890, "UTF8String"}, + {"MAX", 524298, "1"}, + {"bmpString", 1612709890, "BMPString"}, + {"MAX", 524298, "1"}, + {"ia5String", 538968066, "IA5String"}, + {"MAX", 524298, "1"}, + {"id-ce-subjectAltName", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "17"}, + {"SubjectAltName", 1073741826, "GeneralNames"}, + {"GeneralNames", 1612709899, 0}, + {"MAX", 1074266122, "1"}, + {0, 2, "GeneralName"}, + {"GeneralName", 1610612754, 0}, + {"otherName", 1610620930, "AnotherName"}, + {0, 4104, "0"}, + {"rfc822Name", 1610620930, "IA5String"}, + {0, 4104, "1"}, + {"dNSName", 1610620930, "IA5String"}, + {0, 4104, "2"}, + {"x400Address", 1610620930, "ORAddress"}, + {0, 4104, "3"}, + {"directoryName", 1610620930, "RDNSequence"}, + {0, 2056, "4"}, + {"ediPartyName", 1610620930, "EDIPartyName"}, + {0, 4104, "5"}, + {"uniformResourceIdentifier", 1610620930, "IA5String"}, + {0, 4104, "6"}, + {"iPAddress", 1610620935, 0}, + {0, 4104, "7"}, + {"registeredID", 536879116, 0}, + {0, 4104, "8"}, + {"AnotherName", 1610612741, 0}, + {"type-id", 1073741836, 0}, + {"value", 541073421, 0}, + {0, 1073743880, "0"}, + {"type-id", 1, 0}, + {"EDIPartyName", 1610612741, 0}, + {"nameAssigner", 1610637314, "DirectoryString"}, + {0, 4104, "0"}, + {"partyName", 536879106, "DirectoryString"}, + {0, 4104, "1"}, + {"id-ce-issuerAltName", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "18"}, + {"IssuerAltName", 1073741826, "GeneralNames"}, + {"id-ce-subjectDirectoryAttributes", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "9"}, + {"SubjectDirectoryAttributes", 1612709899, 0}, + {"MAX", 1074266122, "1"}, + {0, 2, "Attribute"}, + {"id-ce-basicConstraints", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "19"}, + {"BasicConstraints", 1610612741, 0}, + {"cA", 1610645508, 0}, + {0, 131081, 0}, + {"pathLenConstraint", 537411587, 0}, + {"0", 10, "MAX"}, + {"id-ce-nameConstraints", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "30"}, + {"NameConstraints", 1610612741, 0}, + {"permittedSubtrees", 1610637314, "GeneralSubtrees"}, + {0, 4104, "0"}, + {"excludedSubtrees", 536895490, "GeneralSubtrees"}, + {0, 4104, "1"}, + {"GeneralSubtrees", 1612709899, 0}, + {"MAX", 1074266122, "1"}, + {0, 2, "GeneralSubtree"}, + {"GeneralSubtree", 1610612741, 0}, + {"base", 1073741826, "GeneralName"}, + {"minimum", 1610653698, "BaseDistance"}, + {0, 1073741833, "0"}, + {0, 4104, "0"}, + {"maximum", 536895490, "BaseDistance"}, + {0, 4104, "1"}, + {"BaseDistance", 1611137027, 0}, + {"0", 10, "MAX"}, + {"id-ce-policyConstraints", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "36"}, + {"PolicyConstraints", 1610612741, 0}, + {"requireExplicitPolicy", 1610637314, "SkipCerts"}, + {0, 4104, "0"}, + {"inhibitPolicyMapping", 536895490, "SkipCerts"}, + {0, 4104, "1"}, + {"SkipCerts", 1611137027, 0}, + {"0", 10, "MAX"}, + {"id-ce-cRLDistributionPoints", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "31"}, + {"CRLDistributionPoints", 1612709899, 0}, + {"MAX", 1074266122, "1"}, + {0, 2, "DistributionPoint"}, + {"DistributionPoint", 1610612741, 0}, + {"distributionPoint", 1610637314, "DistributionPointName"}, + {0, 2056, "0"}, + {"reasons", 1610637314, "ReasonFlags"}, + {0, 4104, "1"}, + {"cRLIssuer", 536895490, "GeneralNames"}, + {0, 4104, "2"}, + {"DistributionPointName", 1610612754, 0}, + {"fullName", 1610620930, "GeneralNames"}, + {0, 4104, "0"}, + {"nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"}, + {0, 4104, "1"}, + {"ReasonFlags", 1610874886, 0}, + {"unused", 1073741825, "0"}, + {"keyCompromise", 1073741825, "1"}, + {"cACompromise", 1073741825, "2"}, + {"affiliationChanged", 1073741825, "3"}, + {"superseded", 1073741825, "4"}, + {"cessationOfOperation", 1073741825, "5"}, + {"certificateHold", 1073741825, "6"}, + {"privilegeWithdrawn", 1073741825, "7"}, + {"aACompromise", 1, "8"}, + {"id-ce-extKeyUsage", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "37"}, + {"ExtKeyUsageSyntax", 1612709899, 0}, + {"MAX", 1074266122, "1"}, + {0, 2, "KeyPurposeId"}, + {"KeyPurposeId", 1073741836, 0}, + {"id-kp-serverAuth", 1879048204, 0}, + {0, 1073741825, "id-kp"}, + {0, 1, "1"}, + {"id-kp-clientAuth", 1879048204, 0}, + {0, 1073741825, "id-kp"}, + {0, 1, "2"}, + {"id-kp-codeSigning", 1879048204, 0}, + {0, 1073741825, "id-kp"}, + {0, 1, "3"}, + {"id-kp-emailProtection", 1879048204, 0}, + {0, 1073741825, "id-kp"}, + {0, 1, "4"}, + {"id-kp-ipsecEndSystem", 1879048204, 0}, + {0, 1073741825, "id-kp"}, + {0, 1, "5"}, + {"id-kp-ipsecTunnel", 1879048204, 0}, + {0, 1073741825, "id-kp"}, + {0, 1, "6"}, + {"id-kp-ipsecUser", 1879048204, 0}, + {0, 1073741825, "id-kp"}, + {0, 1, "7"}, + {"id-kp-timeStamping", 1879048204, 0}, + {0, 1073741825, "id-kp"}, + {0, 1, "8"}, + {"id-pe-authorityInfoAccess", 1879048204, 0}, + {0, 1073741825, "id-pe"}, + {0, 1, "1"}, + {"AuthorityInfoAccessSyntax", 1612709899, 0}, + {"MAX", 1074266122, "1"}, + {0, 2, "AccessDescription"}, + {"AccessDescription", 1610612741, 0}, + {"accessMethod", 1073741836, 0}, + {"accessLocation", 2, "GeneralName"}, + {"id-ce-cRLNumber", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "20"}, + {"CRLNumber", 1611137027, 0}, + {"0", 10, "MAX"}, + {"id-ce-issuingDistributionPoint", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "28"}, + {"IssuingDistributionPoint", 1610612741, 0}, + {"distributionPoint", 1610637314, "DistributionPointName"}, + {0, 4104, "0"}, + {"onlyContainsUserCerts", 1610653700, 0}, + {0, 1073872905, 0}, + {0, 4104, "1"}, + {"onlyContainsCACerts", 1610653700, 0}, + {0, 1073872905, 0}, + {0, 4104, "2"}, + {"onlySomeReasons", 1610637314, "ReasonFlags"}, + {0, 4104, "3"}, + {"indirectCRL", 536911876, 0}, + {0, 1073872905, 0}, + {0, 4104, "4"}, + {"id-ce-deltaCRLIndicator", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "27"}, + {"BaseCRLNumber", 1073741826, "CRLNumber"}, + {"id-ce-cRLReasons", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "21"}, + {"CRLReason", 1610874901, 0}, + {"unspecified", 1073741825, "0"}, + {"keyCompromise", 1073741825, "1"}, + {"cACompromise", 1073741825, "2"}, + {"affiliationChanged", 1073741825, "3"}, + {"superseded", 1073741825, "4"}, + {"cessationOfOperation", 1073741825, "5"}, + {"certificateHold", 1073741825, "6"}, + {"removeFromCRL", 1, "8"}, + {"id-ce-certificateIssuer", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "29"}, + {"CertificateIssuer", 1073741826, "GeneralNames"}, + {"id-ce-holdInstructionCode", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "23"}, + {"HoldInstructionCode", 1073741836, 0}, + {"holdInstruction", 1879048204, 0}, + {"joint-iso-itu-t", 1073741825, "2"}, + {"member-body", 1073741825, "2"}, + {"us", 1073741825, "840"}, + {"x9cm", 1073741825, "10040"}, + {0, 1, "2"}, + {"id-holdinstruction-none", 1879048204, 0}, + {0, 1073741825, "holdInstruction"}, + {0, 1, "1"}, + {"id-holdinstruction-callissuer", 1879048204, 0}, + {0, 1073741825, "holdInstruction"}, + {0, 1, "2"}, + {"id-holdinstruction-reject", 1879048204, 0}, + {0, 1073741825, "holdInstruction"}, + {0, 1, "3"}, + {"id-ce-invalidityDate", 1879048204, 0}, + {0, 1073741825, "id-ce"}, + {0, 1, "24"}, + {"InvalidityDate", 1082130449, 0}, + {"VisibleString", 1610620935, 0}, + {0, 4360, "26"}, + {"NumericString", 1610620935, 0}, + {0, 4360, "18"}, + {"IA5String", 1610620935, 0}, + {0, 4360, "22"}, + {"TeletexString", 1610620935, 0}, + {0, 4360, "20"}, + {"PrintableString", 1610620935, 0}, + {0, 4360, "19"}, + {"UniversalString", 1610620935, 0}, + {0, 4360, "28"}, + {"BMPString", 1610620935, 0}, + {0, 4360, "30"}, + {"UTF8String", 1610620935, 0}, + {0, 4360, "12"}, + {"id-pkix", 1879048204, 0}, + {"iso", 1073741825, "1"}, + {"identified-organization", 1073741825, "3"}, + {"dod", 1073741825, "6"}, + {"internet", 1073741825, "1"}, + {"security", 1073741825, "5"}, + {"mechanisms", 1073741825, "5"}, + {"pkix", 1, "7"}, + {"id-pe", 1879048204, 0}, + {0, 1073741825, "id-pkix"}, + {0, 1, "1"}, + {"id-qt", 1879048204, 0}, + {0, 1073741825, "id-pkix"}, + {0, 1, "2"}, + {"id-kp", 1879048204, 0}, + {0, 1073741825, "id-pkix"}, + {0, 1, "3"}, + {"id-ad", 1879048204, 0}, + {0, 1073741825, "id-pkix"}, + {0, 1, "48"}, + {"id-qt-cps", 1879048204, 0}, + {0, 1073741825, "id-qt"}, + {0, 1, "1"}, + {"id-qt-unotice", 1879048204, 0}, + {0, 1073741825, "id-qt"}, + {0, 1, "2"}, + {"id-ad-ocsp", 1879048204, 0}, + {0, 1073741825, "id-ad"}, + {0, 1, "1"}, + {"id-ad-caIssuers", 1879048204, 0}, + {0, 1073741825, "id-ad"}, + {0, 1, "2"}, + {"Attribute", 1610612741, 0}, + {"type", 1073741826, "AttributeType"}, + {"values", 536870927, 0}, + {0, 2, "AttributeValue"}, + {"AttributeType", 1073741836, 0}, + {"AttributeValue", 1614807053, 0}, + {"type", 1, 0}, + {"AttributeTypeAndValue", 1610612741, 0}, + {"type", 1073741826, "AttributeType"}, + {"value", 2, "AttributeValue"}, + {"id-at", 1879048204, 0}, + {"joint-iso-ccitt", 1073741825, "2"}, + {"ds", 1073741825, "5"}, + {0, 1, "4"}, + {"id-at-initials", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "43"}, + {"X520initials", 1073741826, "DirectoryString"}, + {"id-at-generationQualifier", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "44"}, + {"X520generationQualifier", 1073741826, "DirectoryString"}, + {"id-at-surname", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "4"}, + {"X520surName", 1073741826, "DirectoryString"}, + {"id-at-givenName", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "42"}, + {"X520givenName", 1073741826, "DirectoryString"}, + {"id-at-name", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "41"}, + {"X520name", 1073741826, "DirectoryString"}, + {"id-at-commonName", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "3"}, + {"X520CommonName", 1073741826, "DirectoryString"}, + {"id-at-localityName", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "7"}, + {"X520LocalityName", 1073741826, "DirectoryString"}, + {"id-at-stateOrProvinceName", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "8"}, + {"X520StateOrProvinceName", 1073741826, "DirectoryString"}, + {"id-at-organizationName", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "10"}, + {"X520OrganizationName", 1073741826, "DirectoryString"}, + {"id-at-organizationalUnitName", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "11"}, + {"X520OrganizationalUnitName", 1073741826, "DirectoryString"}, + {"id-at-title", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "12"}, + {"X520Title", 1073741826, "DirectoryString"}, + {"id-at-description", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "13"}, + {"X520Description", 1073741826, "DirectoryString"}, + {"id-at-dnQualifier", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "46"}, + {"X520dnQualifier", 1073741826, "PrintableString"}, + {"id-at-countryName", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "6"}, + {"X520countryName", 1612709890, "PrintableString"}, + {0, 1048586, "2"}, + {"id-at-serialNumber", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "5"}, + {"X520serialNumber", 1073741826, "PrintableString"}, + {"id-at-telephoneNumber", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "20"}, + {"X520telephoneNumber", 1073741826, "PrintableString"}, + {"id-at-facsimileTelephoneNumber", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "23"}, + {"X520facsimileTelephoneNumber", 1073741826, "PrintableString"}, + {"id-at-pseudonym", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "65"}, + {"X520pseudonym", 1073741826, "DirectoryString"}, + {"id-at-name", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "41"}, + {"X520name", 1073741826, "DirectoryString"}, + {"id-at-streetAddress", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "9"}, + {"X520streetAddress", 1073741826, "DirectoryString"}, + {"id-at-postalAddress", 1880096780, "AttributeType"}, + {0, 1073741825, "id-at"}, + {0, 1, "16"}, + {"X520postalAddress", 1073741826, "PostalAddress"}, + {"PostalAddress", 1610612747, 0}, + {0, 2, "DirectoryString"}, + {"pkcs", 1879048204, 0}, + {"iso", 1073741825, "1"}, + {"member-body", 1073741825, "2"}, + {"us", 1073741825, "840"}, + {"rsadsi", 1073741825, "113549"}, + {"pkcs", 1, "1"}, + {"pkcs-9", 1879048204, 0}, + {0, 1073741825, "pkcs"}, + {0, 1, "9"}, + {"emailAddress", 1880096780, "AttributeType"}, + {0, 1073741825, "pkcs-9"}, + {0, 1, "1"}, + {"Pkcs9email", 1612709890, "IA5String"}, + {"ub-emailaddress-length", 524298, "1"}, + {"Name", 1610612754, 0}, + {"rdnSequence", 2, "RDNSequence"}, + {"RDNSequence", 1610612747, 0}, + {0, 2, "RelativeDistinguishedName"}, + {"DistinguishedName", 1073741826, "RDNSequence"}, + {"RelativeDistinguishedName", 1612709903, 0}, + {"MAX", 1074266122, "1"}, + {0, 2, "AttributeTypeAndValue"}, + {"Certificate", 1610612741, 0}, + {"tbsCertificate", 1073741826, "TBSCertificate"}, + {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, + {"signature", 6, 0}, + {"TBSCertificate", 1610612741, 0}, + {"version", 1610653698, "Version"}, + {0, 1073741833, "v1"}, + {0, 2056, "0"}, + {"serialNumber", 1073741826, "CertificateSerialNumber"}, + {"signature", 1073741826, "AlgorithmIdentifier"}, + {"issuer", 1073741826, "Name"}, + {"validity", 1073741826, "Validity"}, + {"subject", 1073741826, "Name"}, + {"subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"}, + {"issuerUniqueID", 1610637314, "UniqueIdentifier"}, + {0, 4104, "1"}, + {"subjectUniqueID", 1610637314, "UniqueIdentifier"}, + {0, 4104, "2"}, + {"extensions", 536895490, "Extensions"}, + {0, 2056, "3"}, + {"Version", 1610874883, 0}, + {"v1", 1073741825, "0"}, + {"v2", 1073741825, "1"}, + {"v3", 1, "2"}, + {"CertificateSerialNumber", 1073741827, 0}, + {"Validity", 1610612741, 0}, + {"notBefore", 1073741826, "Time"}, + {"notAfter", 2, "Time"}, + {"Time", 1610612754, 0}, + {"utcTime", 1090519057, 0}, + {"generalTime", 8388625, 0}, + {"UniqueIdentifier", 1073741830, 0}, + {"SubjectPublicKeyInfo", 1610612741, 0}, + {"algorithm", 1073741826, "AlgorithmIdentifier"}, + {"subjectPublicKey", 6, 0}, + {"Extensions", 1612709899, 0}, + {"MAX", 1074266122, "1"}, + {0, 2, "Extension"}, + {"Extension", 1610612741, 0}, + {"extnID", 1073741836, 0}, + {"critical", 1610645508, 0}, + {0, 131081, 0}, + {"extnValue", 7, 0}, + {"CertificateList", 1610612741, 0}, + {"tbsCertList", 1073741826, "TBSCertList"}, + {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, + {"signature", 6, 0}, + {"TBSCertList", 1610612741, 0}, + {"version", 1073758210, "Version"}, + {"signature", 1073741826, "AlgorithmIdentifier"}, + {"issuer", 1073741826, "Name"}, + {"thisUpdate", 1073741826, "Time"}, + {"nextUpdate", 1073758210, "Time"}, + {"revokedCertificates", 1610629131, 0}, + {0, 536870917, 0}, + {"userCertificate", 1073741826, "CertificateSerialNumber"}, + {"revocationDate", 1073741826, "Time"}, + {"crlEntryExtensions", 16386, "Extensions"}, + {"crlExtensions", 536895490, "Extensions"}, + {0, 2056, "0"}, + {"AlgorithmIdentifier", 1610612741, 0}, + {"algorithm", 1073741836, 0}, + {"parameters", 541081613, 0}, + {"algorithm", 1, 0}, + {"pkcs-1", 1879048204, 0}, + {0, 1073741825, "pkcs"}, + {0, 1, "1"}, + {"rsaEncryption", 1879048204, 0}, + {0, 1073741825, "pkcs-1"}, + {0, 1, "1"}, + {"md2WithRSAEncryption", 1879048204, 0}, + {0, 1073741825, "pkcs-1"}, + {0, 1, "2"}, + {"md5WithRSAEncryption", 1879048204, 0}, + {0, 1073741825, "pkcs-1"}, + {0, 1, "4"}, + {"sha1WithRSAEncryption", 1879048204, 0}, + {0, 1073741825, "pkcs-1"}, + {0, 1, "5"}, + {"id-dsa-with-sha1", 1879048204, 0}, + {"iso", 1073741825, "1"}, + {"member-body", 1073741825, "2"}, + {"us", 1073741825, "840"}, + {"x9-57", 1073741825, "10040"}, + {"x9algorithm", 1073741825, "4"}, + {0, 1, "3"}, + {"Dss-Sig-Value", 1610612741, 0}, + {"r", 1073741827, 0}, + {"s", 3, 0}, + {"dhpublicnumber", 1879048204, 0}, + {"iso", 1073741825, "1"}, + {"member-body", 1073741825, "2"}, + {"us", 1073741825, "840"}, + {"ansi-x942", 1073741825, "10046"}, + {"number-type", 1073741825, "2"}, + {0, 1, "1"}, + {"DomainParameters", 1610612741, 0}, + {"p", 1073741827, 0}, + {"g", 1073741827, 0}, + {"q", 1073741827, 0}, + {"j", 1073758211, 0}, + {"validationParms", 16386, "ValidationParms"}, + {"ValidationParms", 1610612741, 0}, + {"seed", 1073741830, 0}, + {"pgenCounter", 3, 0}, + {"id-dsa", 1879048204, 0}, + {"iso", 1073741825, "1"}, + {"member-body", 1073741825, "2"}, + {"us", 1073741825, "840"}, + {"x9-57", 1073741825, "10040"}, + {"x9algorithm", 1073741825, "4"}, + {0, 1, "1"}, + {"Dss-Parms", 1610612741, 0}, + {"p", 1073741827, 0}, + {"q", 1073741827, 0}, + {"g", 3, 0}, + {"ORAddress", 1610612741, 0}, + {"built-in-standard-attributes", 1073741826, "BuiltInStandardAttributes"}, + {"built-in-domain-defined-attributes", 1073758210, + "BuiltInDomainDefinedAttributes"}, + {"extension-attributes", 16386, "ExtensionAttributes"}, + {"BuiltInStandardAttributes", 1610612741, 0}, + {"country-name", 1073758210, "CountryName"}, + {"administration-domain-name", 1073758210, "AdministrationDomainName"}, + {"network-address", 1610637314, "NetworkAddress"}, + {0, 2056, "0"}, + {"terminal-identifier", 1610637314, "TerminalIdentifier"}, + {0, 2056, "1"}, + {"private-domain-name", 1610637314, "PrivateDomainName"}, + {0, 2056, "2"}, + {"organization-name", 1610637314, "OrganizationName"}, + {0, 2056, "3"}, + {"numeric-user-identifier", 1610637314, "NumericUserIdentifier"}, + {0, 2056, "4"}, + {"personal-name", 1610637314, "PersonalName"}, + {0, 2056, "5"}, + {"organizational-unit-names", 536895490, "OrganizationalUnitNames"}, + {0, 2056, "6"}, + {"CountryName", 1610620946, 0}, + {0, 1073746952, "1"}, + {"x121-dcc-code", 1612709890, "NumericString"}, + {0, 1048586, "ub-country-name-numeric-length"}, + {"iso-3166-alpha2-code", 538968066, "PrintableString"}, + {0, 1048586, "ub-country-name-alpha-length"}, + {"AdministrationDomainName", 1610620946, 0}, + {0, 1073744904, "2"}, + {"numeric", 1612709890, "NumericString"}, + {"ub-domain-name-length", 524298, "0"}, + {"printable", 538968066, "PrintableString"}, + {"ub-domain-name-length", 524298, "0"}, + {"NetworkAddress", 1073741826, "X121Address"}, + {"X121Address", 1612709890, "NumericString"}, + {"ub-x121-address-length", 524298, "1"}, + {"TerminalIdentifier", 1612709890, "PrintableString"}, + {"ub-terminal-id-length", 524298, "1"}, + {"PrivateDomainName", 1610612754, 0}, + {"numeric", 1612709890, "NumericString"}, + {"ub-domain-name-length", 524298, "1"}, + {"printable", 538968066, "PrintableString"}, + {"ub-domain-name-length", 524298, "1"}, + {"OrganizationName", 1612709890, "PrintableString"}, + {"ub-organization-name-length", 524298, "1"}, + {"NumericUserIdentifier", 1612709890, "NumericString"}, + {"ub-numeric-user-id-length", 524298, "1"}, + {"PersonalName", 1610612750, 0}, + {"surname", 1814044674, "PrintableString"}, + {0, 1073745928, "0"}, + {"ub-surname-length", 524298, "1"}, + {"given-name", 1814061058, "PrintableString"}, + {0, 1073745928, "1"}, + {"ub-given-name-length", 524298, "1"}, + {"initials", 1814061058, "PrintableString"}, + {0, 1073745928, "2"}, + {"ub-initials-length", 524298, "1"}, + {"generation-qualifier", 740319234, "PrintableString"}, + {0, 1073745928, "3"}, + {"ub-generation-qualifier-length", 524298, "1"}, + {"OrganizationalUnitNames", 1612709899, 0}, + {"ub-organizational-units", 1074266122, "1"}, + {0, 2, "OrganizationalUnitName"}, + {"OrganizationalUnitName", 1612709890, "PrintableString"}, + {"ub-organizational-unit-name-length", 524298, "1"}, + {"BuiltInDomainDefinedAttributes", 1612709899, 0}, + {"ub-domain-defined-attributes", 1074266122, "1"}, + {0, 2, "BuiltInDomainDefinedAttribute"}, + {"BuiltInDomainDefinedAttribute", 1610612741, 0}, + {"type", 1612709890, "PrintableString"}, + {"ub-domain-defined-attribute-type-length", 524298, "1"}, + {"value", 538968066, "PrintableString"}, + {"ub-domain-defined-attribute-value-length", 524298, "1"}, + {"ExtensionAttributes", 1612709903, 0}, + {"ub-extension-attributes", 1074266122, "1"}, + {0, 2, "ExtensionAttribute"}, + {"ExtensionAttribute", 1610612741, 0}, + {"extension-attribute-type", 1611145219, 0}, + {0, 1073743880, "0"}, + {"0", 10, "ub-extension-attributes"}, + {"extension-attribute-value", 541073421, 0}, + {0, 1073743880, "1"}, + {"extension-attribute-type", 1, 0}, + {"common-name", 1342177283, "1"}, + {"CommonName", 1612709890, "PrintableString"}, + {"ub-common-name-length", 524298, "1"}, + {"teletex-common-name", 1342177283, "2"}, + {"TeletexCommonName", 1612709890, "TeletexString"}, + {"ub-common-name-length", 524298, "1"}, + {"teletex-organization-name", 1342177283, "3"}, + {"TeletexOrganizationName", 1612709890, "TeletexString"}, + {"ub-organization-name-length", 524298, "1"}, + {"teletex-personal-name", 1342177283, "4"}, + {"TeletexPersonalName", 1610612750, 0}, + {"surname", 1814044674, "TeletexString"}, + {0, 1073743880, "0"}, + {"ub-surname-length", 524298, "1"}, + {"given-name", 1814061058, "TeletexString"}, + {0, 1073743880, "1"}, + {"ub-given-name-length", 524298, "1"}, + {"initials", 1814061058, "TeletexString"}, + {0, 1073743880, "2"}, + {"ub-initials-length", 524298, "1"}, + {"generation-qualifier", 740319234, "TeletexString"}, + {0, 1073743880, "3"}, + {"ub-generation-qualifier-length", 524298, "1"}, + {"teletex-organizational-unit-names", 1342177283, "5"}, + {"TeletexOrganizationalUnitNames", 1612709899, 0}, + {"ub-organizational-units", 1074266122, "1"}, + {0, 2, "TeletexOrganizationalUnitName"}, + {"TeletexOrganizationalUnitName", 1612709890, "TeletexString"}, + {"ub-organizational-unit-name-length", 524298, "1"}, + {"pds-name", 1342177283, "7"}, + {"PDSName", 1612709890, "PrintableString"}, + {"ub-pds-name-length", 524298, "1"}, + {"physical-delivery-country-name", 1342177283, "8"}, + {"PhysicalDeliveryCountryName", 1610612754, 0}, + {"x121-dcc-code", 1612709890, "NumericString"}, + {0, 1048586, "ub-country-name-numeric-length"}, + {"iso-3166-alpha2-code", 538968066, "PrintableString"}, + {0, 1048586, "ub-country-name-alpha-length"}, + {"postal-code", 1342177283, "9"}, + {"PostalCode", 1610612754, 0}, + {"numeric-code", 1612709890, "NumericString"}, + {"ub-postal-code-length", 524298, "1"}, + {"printable-code", 538968066, "PrintableString"}, + {"ub-postal-code-length", 524298, "1"}, + {"physical-delivery-office-name", 1342177283, "10"}, + {"PhysicalDeliveryOfficeName", 1073741826, "PDSParameter"}, + {"physical-delivery-office-number", 1342177283, "11"}, + {"PhysicalDeliveryOfficeNumber", 1073741826, "PDSParameter"}, + {"extension-OR-address-components", 1342177283, "12"}, + {"ExtensionORAddressComponents", 1073741826, "PDSParameter"}, + {"physical-delivery-personal-name", 1342177283, "13"}, + {"PhysicalDeliveryPersonalName", 1073741826, "PDSParameter"}, + {"physical-delivery-organization-name", 1342177283, "14"}, + {"PhysicalDeliveryOrganizationName", 1073741826, "PDSParameter"}, + {"extension-physical-delivery-address-components", 1342177283, "15"}, + {"ExtensionPhysicalDeliveryAddressComponents", 1073741826, "PDSParameter"}, + {"unformatted-postal-address", 1342177283, "16"}, + {"UnformattedPostalAddress", 1610612750, 0}, + {"printable-address", 1814052875, 0}, + {"ub-pds-physical-address-lines", 1074266122, "1"}, + {0, 538968066, "PrintableString"}, + {"ub-pds-parameter-length", 524298, "1"}, + {"teletex-string", 740311042, "TeletexString"}, + {"ub-unformatted-address-length", 524298, "1"}, + {"street-address", 1342177283, "17"}, + {"StreetAddress", 1073741826, "PDSParameter"}, + {"post-office-box-address", 1342177283, "18"}, + {"PostOfficeBoxAddress", 1073741826, "PDSParameter"}, + {"poste-restante-address", 1342177283, "19"}, + {"PosteRestanteAddress", 1073741826, "PDSParameter"}, + {"unique-postal-name", 1342177283, "20"}, + {"UniquePostalName", 1073741826, "PDSParameter"}, + {"local-postal-attributes", 1342177283, "21"}, + {"LocalPostalAttributes", 1073741826, "PDSParameter"}, + {"PDSParameter", 1610612750, 0}, + {"printable-string", 1814052866, "PrintableString"}, + {"ub-pds-parameter-length", 524298, "1"}, + {"teletex-string", 740311042, "TeletexString"}, + {"ub-pds-parameter-length", 524298, "1"}, + {"extended-network-address", 1342177283, "22"}, + {"ExtendedNetworkAddress", 1610612754, 0}, + {"e163-4-address", 1610612741, 0}, + {"number", 1612718082, "NumericString"}, + {0, 1073743880, "0"}, + {"ub-e163-4-number-length", 524298, "1"}, + {"sub-address", 538992642, "NumericString"}, + {0, 1073743880, "1"}, + {"ub-e163-4-sub-address-length", 524298, "1"}, + {"psap-address", 536879106, "PresentationAddress"}, + {0, 2056, "0"}, + {"PresentationAddress", 1610612741, 0}, + {"pSelector", 1610637319, 0}, + {0, 2056, "0"}, + {"sSelector", 1610637319, 0}, + {0, 2056, "1"}, + {"tSelector", 1610637319, 0}, + {0, 2056, "2"}, + {"nAddresses", 538976271, 0}, + {0, 1073743880, "3"}, + {"MAX", 1074266122, "1"}, + {0, 7, 0}, + {"terminal-type", 1342177283, "23"}, + {"TerminalType", 1610874883, 0}, + {"telex", 1073741825, "3"}, + {"teletex", 1073741825, "4"}, + {"g3-facsimile", 1073741825, "5"}, + {"g4-facsimile", 1073741825, "6"}, + {"ia5-terminal", 1073741825, "7"}, + {"videotex", 1, "8"}, + {"teletex-domain-defined-attributes", 1342177283, "6"}, + {"TeletexDomainDefinedAttributes", 1612709899, 0}, + {"ub-domain-defined-attributes", 1074266122, "1"}, + {0, 2, "TeletexDomainDefinedAttribute"}, + {"TeletexDomainDefinedAttribute", 1610612741, 0}, + {"type", 1612709890, "TeletexString"}, + {"ub-domain-defined-attribute-type-length", 524298, "1"}, + {"value", 538968066, "TeletexString"}, + {"ub-domain-defined-attribute-value-length", 524298, "1"}, + {"ub-name", 1342177283, "32768"}, + {"ub-common-name", 1342177283, "64"}, + {"ub-locality-name", 1342177283, "128"}, + {"ub-state-name", 1342177283, "128"}, + {"ub-organization-name", 1342177283, "64"}, + {"ub-organizational-unit-name", 1342177283, "64"}, + {"ub-title", 1342177283, "64"}, + {"ub-match", 1342177283, "128"}, + {"ub-emailaddress-length", 1342177283, "128"}, + {"ub-common-name-length", 1342177283, "64"}, + {"ub-country-name-alpha-length", 1342177283, "2"}, + {"ub-country-name-numeric-length", 1342177283, "3"}, + {"ub-domain-defined-attributes", 1342177283, "4"}, + {"ub-domain-defined-attribute-type-length", 1342177283, "8"}, + {"ub-domain-defined-attribute-value-length", 1342177283, "128"}, + {"ub-domain-name-length", 1342177283, "16"}, + {"ub-extension-attributes", 1342177283, "256"}, + {"ub-e163-4-number-length", 1342177283, "15"}, + {"ub-e163-4-sub-address-length", 1342177283, "40"}, + {"ub-generation-qualifier-length", 1342177283, "3"}, + {"ub-given-name-length", 1342177283, "16"}, + {"ub-initials-length", 1342177283, "5"}, + {"ub-integer-options", 1342177283, "256"}, + {"ub-numeric-user-id-length", 1342177283, "32"}, + {"ub-organization-name-length", 1342177283, "64"}, + {"ub-organizational-unit-name-length", 1342177283, "32"}, + {"ub-organizational-units", 1342177283, "4"}, + {"ub-pds-name-length", 1342177283, "16"}, + {"ub-pds-parameter-length", 1342177283, "30"}, + {"ub-pds-physical-address-lines", 1342177283, "6"}, + {"ub-postal-code-length", 1342177283, "16"}, + {"ub-surname-length", 1342177283, "40"}, + {"ub-terminal-id-length", 1342177283, "24"}, + {"ub-unformatted-address-length", 1342177283, "180"}, + {"ub-x121-address-length", 1342177283, "16"}, + {"pkcs-7-ContentInfo", 1610612741, 0}, + {"contentType", 1073741826, "pkcs-7-ContentType"}, + {"content", 541073421, 0}, + {0, 1073743880, "0"}, + {"contentType", 1, 0}, + {"pkcs-7-DigestInfo", 1610612741, 0}, + {"digestAlgorithm", 1073741826, "pkcs-7-DigestAlgorithmIdentifier"}, + {"digest", 2, "pkcs-7-Digest"}, + {"pkcs-7-Digest", 1073741831, 0}, + {"pkcs-7-ContentType", 1073741836, 0}, + {"pkcs-7-SignedData", 1610612741, 0}, + {"version", 1073741826, "pkcs-7-CMSVersion"}, + {"digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"}, + {"encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"}, + {"certificates", 1610637314, "pkcs-7-CertificateSet"}, + {0, 4104, "0"}, + {"crls", 1610637314, "pkcs-7-CertificateRevocationLists"}, + {0, 4104, "1"}, + {"signerInfos", 2, "pkcs-7-SignerInfos"}, + {"pkcs-7-CMSVersion", 1610874883, 0}, + {"v0", 1073741825, "0"}, + {"v1", 1073741825, "1"}, + {"v2", 1073741825, "2"}, + {"v3", 1073741825, "3"}, + {"v4", 1, "4"}, + {"pkcs-7-DigestAlgorithmIdentifiers", 1610612751, 0}, + {0, 2, "pkcs-7-DigestAlgorithmIdentifier"}, + {"pkcs-7-DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, + {"pkcs-7-EncapsulatedContentInfo", 1610612741, 0}, + {"eContentType", 1073741826, "pkcs-7-ContentType"}, + {"eContent", 536895495, 0}, + {0, 2056, "0"}, + {"pkcs-7-CertificateRevocationLists", 1610612751, 0}, + {0, 13, 0}, + {"pkcs-7-CertificateChoices", 1610612754, 0}, + {"certificate", 13, 0}, + {"pkcs-7-CertificateSet", 1610612751, 0}, + {0, 2, "pkcs-7-CertificateChoices"}, + {"pkcs-7-SignerInfos", 1610612751, 0}, + {0, 13, 0}, + {"pkcs-10-CertificationRequestInfo", 1610612741, 0}, + {"version", 1610874883, 0}, + {"v1", 1, "0"}, + {"subject", 1073741826, "Name"}, + {"subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"}, + {"attributes", 536879106, "Attributes"}, + {0, 4104, "0"}, + {"Attributes", 1610612751, 0}, + {0, 2, "Attribute"}, + {"pkcs-10-CertificationRequest", 1610612741, 0}, + {"certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"}, + {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, + {"signature", 6, 0}, + {"pkcs-9-ub-challengePassword", 1342177283, "255"}, + {"pkcs-9-certTypes", 1879048204, 0}, + {0, 1073741825, "pkcs-9"}, + {0, 1, "22"}, + {"pkcs-9-crlTypes", 1879048204, 0}, + {0, 1073741825, "pkcs-9"}, + {0, 1, "23"}, + {"pkcs-9-at-challengePassword", 1879048204, 0}, + {0, 1073741825, "pkcs-9"}, + {0, 1, "7"}, + {"pkcs-9-challengePassword", 1610612754, 0}, + {"printableString", 1612709890, "PrintableString"}, + {"pkcs-9-ub-challengePassword", 524298, "1"}, + {"utf8String", 538968066, "UTF8String"}, + {"pkcs-9-ub-challengePassword", 524298, "1"}, + {"pkcs-9-at-localKeyId", 1879048204, 0}, + {0, 1073741825, "pkcs-9"}, + {0, 1, "21"}, + {"pkcs-9-localKeyId", 1073741831, 0}, + {"pkcs-9-at-friendlyName", 1879048204, 0}, + {0, 1073741825, "pkcs-9"}, + {0, 1, "20"}, + {"pkcs-9-friendlyName", 1612709890, "BMPString"}, + {"255", 524298, "1"}, + {"pkcs-8-PrivateKeyInfo", 1610612741, 0}, + {"version", 1073741826, "pkcs-8-Version"}, + {"privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"}, + {"privateKey", 1073741826, "pkcs-8-PrivateKey"}, + {"attributes", 536895490, "Attributes"}, + {0, 4104, "0"}, + {"pkcs-8-Version", 1610874883, 0}, + {"v1", 1, "0"}, + {"pkcs-8-PrivateKey", 1073741831, 0}, + {"pkcs-8-Attributes", 1610612751, 0}, + {0, 2, "Attribute"}, + {"pkcs-8-EncryptedPrivateKeyInfo", 1610612741, 0}, + {"encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"}, + {"encryptedData", 2, "pkcs-8-EncryptedData"}, + {"pkcs-8-EncryptedData", 1073741831, 0}, + {"pkcs-5", 1879048204, 0}, + {0, 1073741825, "pkcs"}, + {0, 1, "5"}, + {"pkcs-5-encryptionAlgorithm", 1879048204, 0}, + {"iso", 1073741825, "1"}, + {"member-body", 1073741825, "2"}, + {"us", 1073741825, "840"}, + {"rsadsi", 1073741825, "113549"}, + {0, 1, "3"}, + {"pkcs-5-des-EDE3-CBC", 1879048204, 0}, + {0, 1073741825, "pkcs-5-encryptionAlgorithm"}, + {0, 1, "7"}, + {"pkcs-5-des-EDE3-CBC-params", 1612709895, 0}, + {0, 1048586, "8"}, + {"pkcs-5-id-PBES2", 1879048204, 0}, + {0, 1073741825, "pkcs-5"}, + {0, 1, "13"}, + {"pkcs-5-PBES2-params", 1610612741, 0}, + {"keyDerivationFunc", 1073741826, "AlgorithmIdentifier"}, + {"encryptionScheme", 2, "AlgorithmIdentifier"}, + {"pkcs-5-id-PBKDF2", 1879048204, 0}, + {0, 1073741825, "pkcs-5"}, + {0, 1, "12"}, + {"pkcs-5-PBKDF2-params", 1610612741, 0}, + {"salt", 1610612754, 0}, + {"specified", 1073741831, 0}, + {"otherSource", 2, "AlgorithmIdentifier"}, + {"iterationCount", 1611137027, 0}, + {"1", 10, "MAX"}, + {"keyLength", 1611153411, 0}, + {"1", 10, "MAX"}, + {"prf", 16386, "AlgorithmIdentifier"}, + {"pkcs-12", 1879048204, 0}, + {0, 1073741825, "pkcs"}, + {0, 1, "12"}, + {"pkcs-12-PFX", 1610612741, 0}, + {"version", 1610874883, 0}, + {"v3", 1, "3"}, + {"authSafe", 1073741826, "pkcs-7-ContentInfo"}, + {"macData", 16386, "pkcs-12-MacData"}, + {"pkcs-12-PbeParams", 1610612741, 0}, + {"salt", 1073741831, 0}, + {"iterations", 3, 0}, + {"pkcs-12-MacData", 1610612741, 0}, + {"mac", 1073741826, "pkcs-7-DigestInfo"}, + {"macSalt", 1073741831, 0}, + {"iterations", 536903683, 0}, + {0, 9, "1"}, + {"pkcs-12-AuthenticatedSafe", 1610612747, 0}, + {0, 2, "pkcs-7-ContentInfo"}, + {"pkcs-12-SafeContents", 1610612747, 0}, + {0, 2, "pkcs-12-SafeBag"}, + {"pkcs-12-SafeBag", 1610612741, 0}, + {"bagId", 1073741836, 0}, + {"bagValue", 1614815245, 0}, + {0, 1073743880, "0"}, + {"badId", 1, 0}, + {"bagAttributes", 536887311, 0}, + {0, 2, "pkcs-12-PKCS12Attribute"}, + {"pkcs-12-bagtypes", 1879048204, 0}, + {0, 1073741825, "pkcs-12"}, + {0, 1073741825, "10"}, + {0, 1, "1"}, + {"pkcs-12-keyBag", 1879048204, 0}, + {0, 1073741825, "pkcs-12-bagtypes"}, + {0, 1, "1"}, + {"pkcs-12-pkcs8ShroudedKeyBag", 1879048204, 0}, + {0, 1073741825, "pkcs-12-bagtypes"}, + {0, 1, "2"}, + {"pkcs-12-certBag", 1879048204, 0}, + {0, 1073741825, "pkcs-12-bagtypes"}, + {0, 1, "3"}, + {"pkcs-12-crlBag", 1879048204, 0}, + {0, 1073741825, "pkcs-12-bagtypes"}, + {0, 1, "4"}, + {"pkcs-12-KeyBag", 1073741826, "pkcs-8-PrivateKeyInfo"}, + {"pkcs-12-PKCS8ShroudedKeyBag", 1073741826, "pkcs-8-EncryptedPrivateKeyInfo"}, + {"pkcs-12-CertBag", 1610612741, 0}, + {"certId", 1073741836, 0}, + {"certValue", 541073421, 0}, + {0, 1073743880, "0"}, + {"certId", 1, 0}, + {"pkcs-12-CRLBag", 1610612741, 0}, + {"crlId", 1073741836, 0}, + {"crlValue", 541073421, 0}, + {0, 1073743880, "0"}, + {"crlId", 1, 0}, + {"pkcs-12-PKCS12Attribute", 1073741826, "Attribute"}, + {"pkcs-7-data", 1879048204, 0}, + {"iso", 1073741825, "1"}, + {"member-body", 1073741825, "2"}, + {"us", 1073741825, "840"}, + {"rsadsi", 1073741825, "113549"}, + {"pkcs", 1073741825, "1"}, + {"pkcs7", 1073741825, "7"}, + {0, 1, "1"}, + {"pkcs-7-encryptedData", 1879048204, 0}, + {"iso", 1073741825, "1"}, + {"member-body", 1073741825, "2"}, + {"us", 1073741825, "840"}, + {"rsadsi", 1073741825, "113549"}, + {"pkcs", 1073741825, "1"}, + {"pkcs7", 1073741825, "7"}, + {0, 1, "6"}, + {"pkcs-7-Data", 1073741831, 0}, + {"pkcs-7-EncryptedData", 1610612741, 0}, + {"version", 1073741826, "pkcs-7-CMSVersion"}, + {"encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"}, + {"unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"}, + {0, 4104, "1"}, + {"pkcs-7-EncryptedContentInfo", 1610612741, 0}, + {"contentType", 1073741826, "pkcs-7-ContentType"}, + {"contentEncryptionAlgorithm", 1073741826, + "pkcs-7-ContentEncryptionAlgorithmIdentifier"}, + {"encryptedContent", 536895490, "pkcs-7-EncryptedContent"}, + {0, 4104, "0"}, + {"pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, + "AlgorithmIdentifier"}, + {"pkcs-7-EncryptedContent", 1073741831, 0}, + {"pkcs-7-UnprotectedAttributes", 1612709903, 0}, + {"MAX", 1074266122, "1"}, + {0, 2, "Attribute"}, + {"id-at-ldap-DC", 1880096780, "AttributeType"}, + {0, 1073741825, "0"}, + {0, 1073741825, "9"}, + {0, 1073741825, "2342"}, + {0, 1073741825, "19200300"}, + {0, 1073741825, "100"}, + {0, 1073741825, "1"}, + {0, 1, "25"}, + {"ldap-DC", 1073741826, "IA5String"}, + {"id-at-ldap-UID", 1880096780, "AttributeType"}, + {0, 1073741825, "0"}, + {0, 1073741825, "9"}, + {0, 1073741825, "2342"}, + {0, 1073741825, "19200300"}, + {0, 1073741825, "100"}, + {0, 1073741825, "1"}, + {0, 1, "1"}, + {"ldap-UID", 1073741826, "DirectoryString"}, + {"id-pda", 1879048204, 0}, + {0, 1073741825, "id-pkix"}, + {0, 1, "9"}, + {"id-pda-dateOfBirth", 1880096780, "AttributeType"}, + {0, 1073741825, "id-pda"}, + {0, 1, "1"}, + {"DateOfBirth", 1082130449, 0}, + {"id-pda-placeOfBirth", 1880096780, "AttributeType"}, + {0, 1073741825, "id-pda"}, + {0, 1, "2"}, + {"PlaceOfBirth", 1073741826, "DirectoryString"}, + {"id-pda-gender", 1880096780, "AttributeType"}, + {0, 1073741825, "id-pda"}, + {0, 1, "3"}, + {"Gender", 1612709890, "PrintableString"}, + {0, 1048586, "1"}, + {"id-pda-countryOfCitizenship", 1880096780, "AttributeType"}, + {0, 1073741825, "id-pda"}, + {0, 1, "4"}, + {"CountryOfCitizenship", 1612709890, "PrintableString"}, + {0, 1048586, "2"}, + {"id-pda-countryOfResidence", 1880096780, "AttributeType"}, + {0, 1073741825, "id-pda"}, + {0, 1, "5"}, + {"CountryOfResidence", 538968066, "PrintableString"}, + {0, 1048586, "2"}, + {0, 0, 0} +}; -- cgit v1.2.3 From dc37d1c56b87c6f4bc354d07791c9e69549e1524 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 2 May 2024 11:56:42 +0200 Subject: crypto: Allow building with GnuTLS but without Libtasn1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We only use Libtasn1 in unit tests. As noted in commit d47b83b118 ("tests: add migration tests of TLS with x509 credentials"), having GnuTLS without Libtasn1 is a valid configuration, so do not require Libtasn1, to avoid: Dependency gnutls found: YES 3.7.1 (cached) Run-time dependency libtasn1 found: NO (tried pkgconfig) ../meson.build:1914:10: ERROR: Dependency "libtasn1" not found, tried pkgconfig Fixes: ba7ed407e6 ("configure, meson: convert libtasn1 detection to meson") Reviewed-by: Daniel P. Berrangé Signed-off-by: Philippe Mathieu-Daudé Signed-off-by: Daniel P. Berrangé --- meson.build | 1 + 1 file changed, 1 insertion(+) diff --git a/meson.build b/meson.build index af9f0380e2..4eca361319 100644 --- a/meson.build +++ b/meson.build @@ -1979,6 +1979,7 @@ endif tasn1 = not_found if gnutls.found() tasn1 = dependency('libtasn1', + required: false, method: 'pkg-config') endif keyutils = not_found -- cgit v1.2.3 From 9263c4173ff5941a8ad1865254131da68d0d7084 Mon Sep 17 00:00:00 2001 From: Hyman Huang Date: Tue, 20 Feb 2024 00:04:42 +0800 Subject: docs/devel: Add introduction to LUKS volume with detached header MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Hyman Huang Signed-off-by: Daniel P. Berrangé --- MAINTAINERS | 1 + docs/devel/crypto.rst | 10 ++ docs/devel/index-internals.rst | 1 + docs/devel/luks-detached-header.rst | 182 ++++++++++++++++++++++++++++++++++++ 4 files changed, 194 insertions(+) create mode 100644 docs/devel/crypto.rst create mode 100644 docs/devel/luks-detached-header.rst diff --git a/MAINTAINERS b/MAINTAINERS index 73040829b1..98eddf7ae1 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3451,6 +3451,7 @@ Detached LUKS header M: Hyman Huang S: Maintained F: tests/qemu-iotests/tests/luks-detached-header +F: docs/devel/luks-detached-header.rst D-Bus M: Marc-André Lureau diff --git a/docs/devel/crypto.rst b/docs/devel/crypto.rst new file mode 100644 index 0000000000..39b1c910e7 --- /dev/null +++ b/docs/devel/crypto.rst @@ -0,0 +1,10 @@ +.. _crypto-ref: + +==================== +Cryptography in QEMU +==================== + +.. toctree:: + :maxdepth: 2 + + luks-detached-header diff --git a/docs/devel/index-internals.rst b/docs/devel/index-internals.rst index 5636e9cf1d..4ac7725d72 100644 --- a/docs/devel/index-internals.rst +++ b/docs/devel/index-internals.rst @@ -20,3 +20,4 @@ Details about QEMU's various subsystems including how to add features to them. vfio-iommufd writing-monitor-commands virtio-backends + crypto diff --git a/docs/devel/luks-detached-header.rst b/docs/devel/luks-detached-header.rst new file mode 100644 index 0000000000..94ec285c27 --- /dev/null +++ b/docs/devel/luks-detached-header.rst @@ -0,0 +1,182 @@ +================================ +LUKS volume with detached header +================================ + +Introduction +============ + +This document gives an overview of the design of LUKS volume with detached +header and how to use it. + +Background +========== + +The LUKS format has ability to store the header in a separate volume from +the payload. We could extend the LUKS driver in QEMU to support this use +case. + +Normally a LUKS volume has a layout: + +:: + + +-----------------------------------------------+ + | | | | + disk | header | key material | disk payload data | + | | | | + +-----------------------------------------------+ + +With a detached LUKS header, you need 2 disks so getting: + +:: + + +--------------------------+ + disk1 | header | key material | + +--------------------------+ + +---------------------+ + disk2 | disk payload data | + +---------------------+ + +There are a variety of benefits to doing this: + + * Secrecy - the disk2 cannot be identified as containing LUKS + volume since there's no header + * Control - if access to the disk1 is restricted, then even + if someone has access to disk2 they can't unlock + it. Might be useful if you have disks on NFS but + want to restrict which host can launch a VM + instance from it, by dynamically providing access + to the header to a designated host + * Flexibility - your application data volume may be a given + size and it is inconvenient to resize it to + add encryption.You can store the LUKS header + separately and use the existing storage + volume for payload + * Recovery - corruption of a bit in the header may make the + entire payload inaccessible. It might be + convenient to take backups of the header. If + your primary disk header becomes corrupt, you + can unlock the data still by pointing to the + backup detached header + +Architecture +============ + +Take the qcow2 encryption, for example. The architecture of the +LUKS volume with detached header is shown in the diagram below. + +There are two children of the root node: a file and a header. +Data from the disk payload is stored in the file node. The +LUKS header and key material are located in the header node, +as previously mentioned. + +:: + + +-----------------------------+ + Root node | foo[luks] | + +-----------------------------+ + | | + file | header | + | | + +---------------------+ +------------------+ + Child node |payload-format[qcow2]| |header-format[raw]| + +---------------------+ +------------------+ + | | + file | file | + | | + +----------------------+ +---------------------+ + Child node |payload-protocol[file]| |header-protocol[file]| + +----------------------+ +---------------------+ + | | + | | + | | + Host storage Host storage + +Usage +===== + +Create a LUKS disk with a detached header using qemu-img +-------------------------------------------------------- + +Shell commandline:: + + # qemu-img create --object secret,id=sec0,data=abc123 -f luks \ + -o cipher-alg=aes-256,cipher-mode=xts -o key-secret=sec0 \ + -o detached-header=true test-header.img + # qemu-img create -f qcow2 test-payload.qcow2 200G + # qemu-img info 'json:{"driver":"luks","file":{"filename": \ + "test-payload.img"},"header":{"filename":"test-header.img"}}' + +Set up a VM's LUKS volume with a detached header +------------------------------------------------ + +Qemu commandline:: + + # qemu-system-x86_64 ... \ + -object '{"qom-type":"secret","id":"libvirt-3-format-secret", \ + "data":"abc123"}' \ + -blockdev '{"driver":"file","filename":"/path/to/test-header.img", \ + "node-name":"libvirt-1-storage"}' \ + -blockdev '{"node-name":"libvirt-1-format","read-only":false, \ + "driver":"raw","file":"libvirt-1-storage"}' \ + -blockdev '{"driver":"file","filename":"/path/to/test-payload.qcow2", \ + "node-name":"libvirt-2-storage"}' \ + -blockdev '{"node-name":"libvirt-2-format","read-only":false, \ + "driver":"qcow2","file":"libvirt-2-storage"}' \ + -blockdev '{"node-name":"libvirt-3-format","driver":"luks", \ + "file":"libvirt-2-format","header":"libvirt-1-format","key-secret": \ + "libvirt-3-format-secret"}' \ + -device '{"driver":"virtio-blk-pci","bus":XXX,"addr":YYY,"drive": \ + "libvirt-3-format","id":"virtio-disk1"}' + +Add LUKS volume to a VM with a detached header +---------------------------------------------- + +1. object-add the secret for decrypting the cipher stored in + LUKS header above:: + + # virsh qemu-monitor-command vm '{"execute":"object-add", \ + "arguments":{"qom-type":"secret", "id": \ + "libvirt-4-format-secret", "data":"abc123"}}' + +2. block-add the protocol node for LUKS header:: + + # virsh qemu-monitor-command vm '{"execute":"blockdev-add", \ + "arguments":{"node-name":"libvirt-1-storage", "driver":"file", \ + "filename": "/path/to/test-header.img" }}' + +3. block-add the raw-drived node for LUKS header:: + + # virsh qemu-monitor-command vm '{"execute":"blockdev-add", \ + "arguments":{"node-name":"libvirt-1-format", "driver":"raw", \ + "file":"libvirt-1-storage"}}' + +4. block-add the protocol node for disk payload image:: + + # virsh qemu-monitor-command vm '{"execute":"blockdev-add", \ + "arguments":{"node-name":"libvirt-2-storage", "driver":"file", \ + "filename":"/path/to/test-payload.qcow2"}}' + +5. block-add the qcow2-drived format node for disk payload data:: + + # virsh qemu-monitor-command vm '{"execute":"blockdev-add", \ + "arguments":{"node-name":"libvirt-2-format", "driver":"qcow2", \ + "file":"libvirt-2-storage"}}' + +6. block-add the luks-drived format node to link the qcow2 disk + with the LUKS header by specifying the field "header":: + + # virsh qemu-monitor-command vm '{"execute":"blockdev-add", \ + "arguments":{"node-name":"libvirt-3-format", "driver":"luks", \ + "file":"libvirt-2-format", "header":"libvirt-1-format", \ + "key-secret":"libvirt-2-format-secret"}}' + +7. hot-plug the virtio-blk device finally:: + + # virsh qemu-monitor-command vm '{"execute":"device_add", \ + "arguments": {"driver":"virtio-blk-pci", \ + "drive": "libvirt-3-format", "id":"virtio-disk2"}} + +TODO +==== + +1. Support the shared detached LUKS header within the VM. -- cgit v1.2.3 From 581b4cd5f16d618787bd1e292b851c62c2626da0 Mon Sep 17 00:00:00 2001 From: Yao Zi Date: Sat, 6 Jul 2024 20:12:26 +0000 Subject: meson.build: fix libgcrypt detection on system without libgcrypt-config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit libgcrypt starts providing correct pkg-config configuration since 1.9, in parallel with libgcrypt-config. Since 1.11 it may also stop installing libgcrypt-config in some scenarios. Use the auto method for detection of libgcrypt, in which meson will try both pkg-config and libgcrypt-config. Auto method for libgcrypt is supported by meson since 0.49.0, which is higher than the version qemu requires. Signed-off-by: Yao Zi Signed-off-by: Daniel P. Berrangé --- meson.build | 1 - 1 file changed, 1 deletion(-) diff --git a/meson.build b/meson.build index 4eca361319..ec6fb7d69c 100644 --- a/meson.build +++ b/meson.build @@ -1696,7 +1696,6 @@ endif if not gnutls_crypto.found() if (not get_option('gcrypt').auto() or have_system) and not get_option('nettle').enabled() gcrypt = dependency('libgcrypt', version: '>=1.8', - method: 'config-tool', required: get_option('gcrypt')) # Debian has removed -lgpg-error from libgcrypt-config # as it "spreads unnecessary dependencies" which in -- cgit v1.2.3 From e818c01ae6e7c54c7019baaf307be59d99ce80b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Mon, 19 Feb 2024 15:12:59 +0000 Subject: qapi: drop unused QCryptoBlockCreateOptionsLUKS.detached-header MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 'detached-header' field in QCryptoBlockCreateOptionsLUKS was left over from earlier patch iterations. Acked-by: Markus Armbruster Signed-off-by: Daniel P. Berrangé --- qapi/crypto.json | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/qapi/crypto.json b/qapi/crypto.json index e102be337b..f03bdab8c9 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -226,8 +226,6 @@ # @iter-time: number of milliseconds to spend in PBKDF passphrase # processing. Currently defaults to 2000. (since 2.8) # -# @detached-header: create a detached LUKS header. (since 9.0) -# # Since: 2.6 ## { 'struct': 'QCryptoBlockCreateOptionsLUKS', @@ -237,8 +235,7 @@ '*ivgen-alg': 'QCryptoIVGenAlgorithm', '*ivgen-hash-alg': 'QCryptoHashAlgorithm', '*hash-alg': 'QCryptoHashAlgorithm', - '*iter-time': 'int', - '*detached-header': 'bool'}} + '*iter-time': 'int' }} ## # @QCryptoBlockOpenOptions: -- cgit v1.2.3 From 48fc887436ce0fa54debec23219554194a13a6f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 23 Jul 2024 11:31:24 +0100 Subject: meson: build chardev trace files when have_block MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The QSD depends on chardev code, and is built when have_tools is true. This means conditionalizing chardev trace on have_system is wrong, we need have_block which is set have_system || have_tools. This latent bug was historically harmless because only the spice chardev included tracing, which wasn't built in a !have_system scenario. Reviewed-by: Marc-André Lureau Signed-off-by: Daniel P. Berrangé --- meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.build b/meson.build index ec6fb7d69c..5613b62a4f 100644 --- a/meson.build +++ b/meson.build @@ -3343,6 +3343,7 @@ if have_block trace_events_subdirs += [ 'authz', 'block', + 'chardev', 'io', 'nbd', 'scsi', @@ -3354,7 +3355,6 @@ if have_system 'audio', 'backends', 'backends/tpm', - 'chardev', 'ebpf', 'hw/9pfs', 'hw/acpi', -- cgit v1.2.3 From 6ffade7974171b9091b3cdd38a76477fd4f71d8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 15 Mar 2024 13:04:44 +0000 Subject: chardev: add tracing of socket error conditions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This adds trace points to every error scenario in the chardev socket backend that can lead to termination of the connection. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Daniel P. Berrangé --- chardev/char-socket.c | 37 ++++++++++++++++++++++++++----------- chardev/trace-events | 10 ++++++++++ 2 files changed, 36 insertions(+), 11 deletions(-) diff --git a/chardev/char-socket.c b/chardev/char-socket.c index 812d7aa38a..1ca9441b1b 100644 --- a/chardev/char-socket.c +++ b/chardev/char-socket.c @@ -33,6 +33,7 @@ #include "qapi/clone-visitor.h" #include "qapi/qapi-visit-sockets.h" #include "qemu/yank.h" +#include "trace.h" #include "chardev/char-io.h" #include "chardev/char-socket.h" @@ -126,6 +127,7 @@ static int tcp_chr_write(Chardev *chr, const uint8_t *buf, int len) if (ret < 0 && errno != EAGAIN) { if (tcp_chr_read_poll(chr) <= 0) { /* Perform disconnect and return error. */ + trace_chr_socket_poll_err(chr, chr->label); tcp_chr_disconnect_locked(chr); } /* else let the read handler finish it properly */ } @@ -279,15 +281,16 @@ static ssize_t tcp_chr_recv(Chardev *chr, char *buf, size_t len) size_t i; int *msgfds = NULL; size_t msgfds_num = 0; + Error *err = NULL; if (qio_channel_has_feature(s->ioc, QIO_CHANNEL_FEATURE_FD_PASS)) { ret = qio_channel_readv_full(s->ioc, &iov, 1, &msgfds, &msgfds_num, - 0, NULL); + 0, &err); } else { ret = qio_channel_readv_full(s->ioc, &iov, 1, NULL, NULL, - 0, NULL); + 0, &err); } if (msgfds_num) { @@ -322,7 +325,11 @@ static ssize_t tcp_chr_recv(Chardev *chr, char *buf, size_t len) errno = EAGAIN; ret = -1; } else if (ret == -1) { + trace_chr_socket_recv_err(chr, chr->label, error_get_pretty(err)); + error_free(err); errno = EIO; + } else if (ret == 0) { + trace_chr_socket_recv_eof(chr, chr->label); } return ret; @@ -463,6 +470,7 @@ static void tcp_chr_disconnect_locked(Chardev *chr) SocketChardev *s = SOCKET_CHARDEV(chr); bool emit_close = s->state == TCP_CHARDEV_STATE_CONNECTED; + trace_chr_socket_disconnect(chr, chr->label); tcp_chr_free_connection(chr); if (s->listener) { @@ -521,6 +529,7 @@ static gboolean tcp_chr_hup(QIOChannel *channel, void *opaque) { Chardev *chr = CHARDEV(opaque); + trace_chr_socket_hangup(chr, chr->label); tcp_chr_disconnect(chr); return G_SOURCE_REMOVE; } @@ -672,15 +681,18 @@ static gboolean tcp_chr_telnet_init_io(QIOChannel *ioc, SocketChardev *s = user_data; Chardev *chr = CHARDEV(s); TCPChardevTelnetInit *init = s->telnet_init; + Error *err = NULL; ssize_t ret; assert(init); - ret = qio_channel_write(ioc, init->buf, init->buflen, NULL); + ret = qio_channel_write(ioc, init->buf, init->buflen, &err); if (ret < 0) { if (ret == QIO_CHANNEL_ERR_BLOCK) { ret = 0; } else { + trace_chr_socket_write_err(chr, chr->label, error_get_pretty(err)); + error_free(err); tcp_chr_disconnect(chr); goto end; } @@ -765,9 +777,9 @@ static void tcp_chr_websock_handshake(QIOTask *task, gpointer user_data) Error *err = NULL; if (qio_task_propagate_error(task, &err)) { - error_reportf_err(err, - "websock handshake of character device %s failed: ", - chr->label); + trace_chr_socket_ws_handshake_err(chr, chr->label, + error_get_pretty(err)); + error_free(err); tcp_chr_disconnect(chr); } else { if (s->do_telnetopt) { @@ -805,9 +817,9 @@ static void tcp_chr_tls_handshake(QIOTask *task, Error *err = NULL; if (qio_task_propagate_error(task, &err)) { - error_reportf_err(err, - "TLS handshake of character device %s failed: ", - chr->label); + trace_chr_socket_tls_handshake_err(chr, chr->label, + error_get_pretty(err)); + error_free(err); tcp_chr_disconnect(chr); } else { if (s->is_websock) { @@ -826,19 +838,22 @@ static void tcp_chr_tls_init(Chardev *chr) SocketChardev *s = SOCKET_CHARDEV(chr); QIOChannelTLS *tioc; gchar *name; + Error *err = NULL; if (s->is_listen) { tioc = qio_channel_tls_new_server( s->ioc, s->tls_creds, s->tls_authz, - NULL); + &err); } else { tioc = qio_channel_tls_new_client( s->ioc, s->tls_creds, s->addr->u.inet.host, - NULL); + &err); } if (tioc == NULL) { + trace_chr_socket_tls_init_err(chr, chr->label, error_get_pretty(err)); + error_free(err); tcp_chr_disconnect(chr); return; } diff --git a/chardev/trace-events b/chardev/trace-events index 027107b0c1..7e97b8a988 100644 --- a/chardev/trace-events +++ b/chardev/trace-events @@ -17,3 +17,13 @@ spice_vmc_register_interface(void *scd) "spice vmc registered interface %p" spice_vmc_unregister_interface(void *scd) "spice vmc unregistered interface %p" spice_vmc_event(int event) "spice vmc event %d" +# char-socket.c +chr_socket_poll_err(void *chrdev, const char *label) "chardev socket poll error %p (%s)" +chr_socket_recv_err(void *chrdev, const char *label, const char *err) "chardev socket recv error %p (%s): %s" +chr_socket_recv_eof(void *chrdev, const char *label) "chardev socket recv end-of-file %p (%s)" +chr_socket_write_err(void *chrdev, const char *label, const char *err) "chardev socket write error %p (%s): %s" +chr_socket_disconnect(void *chrdev, const char *label) "chardev socket disconnect %p (%s)" +chr_socket_hangup(void *chrdev, const char *label) "chardev socket hangup %p (%s)" +chr_socket_ws_handshake_err(void *chrdev, const char *label, const char *err) "chardev socket websock handshake error %p (%s): %s" +chr_socket_tls_handshake_err(void *chrdev, const char *label, const char *err) "chardev socket TLS handshake error %p (%s): %s" +chr_socket_tls_init_err(void *chrdev, const char *label, const char *err) "chardev socket TLS init error %p (%s): %s" -- cgit v1.2.3 From 305233349b471840b00068579d0ab0af50395852 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 15 Mar 2024 13:54:52 +0000 Subject: crypto: drop gnutls debug logging support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GNUTLS already supports dynamically enabling its logging at runtime by setting the env var 'GNUTLS_DEBUG_LEVEL=10', so there is no need to re-invent this logic in QEMU in a way that requires a re-compile. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Daniel P. Berrangé --- crypto/init.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/crypto/init.c b/crypto/init.c index fb7f1bff10..674d237fa9 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -34,14 +34,11 @@ #include "crypto/random.h" -/* #define DEBUG_GNUTLS */ -#ifdef DEBUG_GNUTLS -static void qcrypto_gnutls_log(int level, const char *str) -{ - fprintf(stderr, "%d: %s", level, str); -} -#endif +/* + * To debug GNUTLS see env vars listed in + * https://gnutls.org/manual/html_node/Debugging-and-auditing.html + */ int qcrypto_init(Error **errp) { #ifdef CONFIG_GNUTLS @@ -53,10 +50,6 @@ int qcrypto_init(Error **errp) gnutls_strerror(ret)); return -1; } -#ifdef DEBUG_GNUTLS - gnutls_global_set_log_level(10); - gnutls_global_set_log_function(qcrypto_gnutls_log); -#endif #endif #ifdef CONFIG_GCRYPT -- cgit v1.2.3 From 57941c9c86357a6a642f9ee3279d881df4043b6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 15 Mar 2024 14:07:58 +0000 Subject: crypto: push error reporting into TLS session I/O APIs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The current TLS session I/O APIs just return a synthetic errno value on error, which has been translated from a gnutls error value. This looses a large amount of valuable information that distinguishes different scenarios. Pushing population of the "Error *errp" object into the TLS session I/O APIs gives more detailed error information. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Daniel P. Berrangé --- crypto/tlssession.c | 60 ++++++++++++++++++++++----------------------- include/crypto/tlssession.h | 23 ++++++++++++++--- io/channel-tls.c | 48 +++++++++++++++--------------------- 3 files changed, 68 insertions(+), 63 deletions(-) diff --git a/crypto/tlssession.c b/crypto/tlssession.c index 1e98f44e0d..926f19c115 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -441,23 +441,20 @@ qcrypto_tls_session_set_callbacks(QCryptoTLSSession *session, ssize_t qcrypto_tls_session_write(QCryptoTLSSession *session, const char *buf, - size_t len) + size_t len, + Error **errp) { ssize_t ret = gnutls_record_send(session->handle, buf, len); if (ret < 0) { - switch (ret) { - case GNUTLS_E_AGAIN: - errno = EAGAIN; - break; - case GNUTLS_E_INTERRUPTED: - errno = EINTR; - break; - default: - errno = EIO; - break; + if (ret == GNUTLS_E_AGAIN) { + return QCRYPTO_TLS_SESSION_ERR_BLOCK; + } else { + error_setg(errp, + "Cannot write to TLS channel: %s", + gnutls_strerror(ret)); + return -1; } - ret = -1; } return ret; @@ -467,26 +464,24 @@ qcrypto_tls_session_write(QCryptoTLSSession *session, ssize_t qcrypto_tls_session_read(QCryptoTLSSession *session, char *buf, - size_t len) + size_t len, + bool gracefulTermination, + Error **errp) { ssize_t ret = gnutls_record_recv(session->handle, buf, len); if (ret < 0) { - switch (ret) { - case GNUTLS_E_AGAIN: - errno = EAGAIN; - break; - case GNUTLS_E_INTERRUPTED: - errno = EINTR; - break; - case GNUTLS_E_PREMATURE_TERMINATION: - errno = ECONNABORTED; - break; - default: - errno = EIO; - break; + if (ret == GNUTLS_E_AGAIN) { + return QCRYPTO_TLS_SESSION_ERR_BLOCK; + } else if ((ret == GNUTLS_E_PREMATURE_TERMINATION) && + gracefulTermination){ + return 0; + } else { + error_setg(errp, + "Cannot read from TLS channel: %s", + gnutls_strerror(ret)); + return -1; } - ret = -1; } return ret; @@ -605,9 +600,10 @@ qcrypto_tls_session_set_callbacks( ssize_t qcrypto_tls_session_write(QCryptoTLSSession *sess, const char *buf, - size_t len) + size_t len, + Error **errp) { - errno = -EIO; + error_setg(errp, "TLS requires GNUTLS support"); return -1; } @@ -615,9 +611,11 @@ qcrypto_tls_session_write(QCryptoTLSSession *sess, ssize_t qcrypto_tls_session_read(QCryptoTLSSession *sess, char *buf, - size_t len) + size_t len, + bool gracefulTermination, + Error **errp) { - errno = -EIO; + error_setg(errp, "TLS requires GNUTLS support"); return -1; } diff --git a/include/crypto/tlssession.h b/include/crypto/tlssession.h index 571049bd0e..291e602540 100644 --- a/include/crypto/tlssession.h +++ b/include/crypto/tlssession.h @@ -107,6 +107,7 @@ typedef struct QCryptoTLSSession QCryptoTLSSession; +#define QCRYPTO_TLS_SESSION_ERR_BLOCK -2 /** * qcrypto_tls_session_new: @@ -212,6 +213,7 @@ void qcrypto_tls_session_set_callbacks(QCryptoTLSSession *sess, * @sess: the TLS session object * @buf: the plain text to send * @len: the length of @buf + * @errp: pointer to hold returned error object * * Encrypt @len bytes of the data in @buf and send * it to the remote peer using the callback previously @@ -221,32 +223,45 @@ void qcrypto_tls_session_set_callbacks(QCryptoTLSSession *sess, * qcrypto_tls_session_get_handshake_status() returns * QCRYPTO_TLS_HANDSHAKE_COMPLETE * - * Returns: the number of bytes sent, or -1 on error + * Returns: the number of bytes sent, + * or QCRYPTO_TLS_SESSION_ERR_BLOCK if the write would block, + * or -1 on error. */ ssize_t qcrypto_tls_session_write(QCryptoTLSSession *sess, const char *buf, - size_t len); + size_t len, + Error **errp); /** * qcrypto_tls_session_read: * @sess: the TLS session object * @buf: to fill with plain text received * @len: the length of @buf + * @gracefulTermination: treat premature termination as graceful EOF + * @errp: pointer to hold returned error object * * Receive up to @len bytes of data from the remote peer * using the callback previously registered with * qcrypto_tls_session_set_callbacks(), decrypt it and * store it in @buf. * + * If @gracefulTermination is true, then a premature termination + * of the TLS session will be treated as indicating EOF, as + * opposed to an error. + * * It is an error to call this before * qcrypto_tls_session_get_handshake_status() returns * QCRYPTO_TLS_HANDSHAKE_COMPLETE * - * Returns: the number of bytes received, or -1 on error + * Returns: the number of bytes received, + * or QCRYPTO_TLS_SESSION_ERR_BLOCK if the receive would block, + * or -1 on error. */ ssize_t qcrypto_tls_session_read(QCryptoTLSSession *sess, char *buf, - size_t len); + size_t len, + bool gracefulTermination, + Error **errp); /** * qcrypto_tls_session_check_pending: diff --git a/io/channel-tls.c b/io/channel-tls.c index 67b9700006..9d8bb158d1 100644 --- a/io/channel-tls.c +++ b/io/channel-tls.c @@ -277,24 +277,19 @@ static ssize_t qio_channel_tls_readv(QIOChannel *ioc, ssize_t got = 0; for (i = 0 ; i < niov ; i++) { - ssize_t ret = qcrypto_tls_session_read(tioc->session, - iov[i].iov_base, - iov[i].iov_len); - if (ret < 0) { - if (errno == EAGAIN) { - if (got) { - return got; - } else { - return QIO_CHANNEL_ERR_BLOCK; - } - } else if (errno == ECONNABORTED && - (qatomic_load_acquire(&tioc->shutdown) & - QIO_CHANNEL_SHUTDOWN_READ)) { - return 0; + ssize_t ret = qcrypto_tls_session_read( + tioc->session, + iov[i].iov_base, + iov[i].iov_len, + qatomic_load_acquire(&tioc->shutdown) & QIO_CHANNEL_SHUTDOWN_READ, + errp); + if (ret == QCRYPTO_TLS_SESSION_ERR_BLOCK) { + if (got) { + return got; + } else { + return QIO_CHANNEL_ERR_BLOCK; } - - error_setg_errno(errp, errno, - "Cannot read from TLS channel"); + } else if (ret < 0) { return -1; } got += ret; @@ -321,18 +316,15 @@ static ssize_t qio_channel_tls_writev(QIOChannel *ioc, for (i = 0 ; i < niov ; i++) { ssize_t ret = qcrypto_tls_session_write(tioc->session, iov[i].iov_base, - iov[i].iov_len); - if (ret <= 0) { - if (errno == EAGAIN) { - if (done) { - return done; - } else { - return QIO_CHANNEL_ERR_BLOCK; - } + iov[i].iov_len, + errp); + if (ret == QCRYPTO_TLS_SESSION_ERR_BLOCK) { + if (done) { + return done; + } else { + return QIO_CHANNEL_ERR_BLOCK; } - - error_setg_errno(errp, errno, - "Cannot write to TLS channel"); + } else if (ret < 0) { return -1; } done += ret; -- cgit v1.2.3 From 97f7bf113eb50fcdaf0c73aa2ee01e5355abc073 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Fri, 15 Mar 2024 14:29:11 +0000 Subject: crypto: propagate errors from TLS session I/O callbacks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit GNUTLS doesn't know how to perform I/O on anything other than plain FDs, so the TLS session provides it with some I/O callbacks. The GNUTLS API design requires these callbacks to return a unix errno value, which means we're currently loosing the useful QEMU "Error" object. This changes the I/O callbacks in QEMU to stash the "Error" object in the QCryptoTLSSession class, and fetch it when seeing an I/O error returned from GNUTLS, thus preserving useful error messages. Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Daniel P. Berrangé --- crypto/tlssession.c | 76 ++++++++++++++++++++++++++++++++----- include/crypto/tlssession.h | 10 ++++- io/channel-tls.c | 18 ++++----- tests/unit/test-crypto-tlssession.c | 30 +++++++++++++-- 4 files changed, 108 insertions(+), 26 deletions(-) diff --git a/crypto/tlssession.c b/crypto/tlssession.c index 926f19c115..77286e23f4 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -44,6 +44,13 @@ struct QCryptoTLSSession { QCryptoTLSSessionReadFunc readFunc; void *opaque; char *peername; + + /* + * Allow concurrent reads and writes, so track + * errors separately + */ + Error *rerr; + Error *werr; }; @@ -54,6 +61,9 @@ qcrypto_tls_session_free(QCryptoTLSSession *session) return; } + error_free(session->rerr); + error_free(session->werr); + gnutls_deinit(session->handle); g_free(session->hostname); g_free(session->peername); @@ -67,13 +77,26 @@ static ssize_t qcrypto_tls_session_push(void *opaque, const void *buf, size_t len) { QCryptoTLSSession *session = opaque; + ssize_t ret; if (!session->writeFunc) { errno = EIO; return -1; }; - return session->writeFunc(buf, len, session->opaque); + error_free(session->werr); + session->werr = NULL; + + ret = session->writeFunc(buf, len, session->opaque, &session->werr); + if (ret == QCRYPTO_TLS_SESSION_ERR_BLOCK) { + errno = EAGAIN; + return -1; + } else if (ret < 0) { + errno = EIO; + return -1; + } else { + return ret; + } } @@ -81,13 +104,26 @@ static ssize_t qcrypto_tls_session_pull(void *opaque, void *buf, size_t len) { QCryptoTLSSession *session = opaque; + ssize_t ret; if (!session->readFunc) { errno = EIO; return -1; }; - return session->readFunc(buf, len, session->opaque); + error_free(session->rerr); + session->rerr = NULL; + + ret = session->readFunc(buf, len, session->opaque, &session->rerr); + if (ret == QCRYPTO_TLS_SESSION_ERR_BLOCK) { + errno = EAGAIN; + return -1; + } else if (ret < 0) { + errno = EIO; + return -1; + } else { + return ret; + } } #define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH" @@ -450,9 +486,14 @@ qcrypto_tls_session_write(QCryptoTLSSession *session, if (ret == GNUTLS_E_AGAIN) { return QCRYPTO_TLS_SESSION_ERR_BLOCK; } else { - error_setg(errp, - "Cannot write to TLS channel: %s", - gnutls_strerror(ret)); + if (session->werr) { + error_propagate(errp, session->werr); + session->werr = NULL; + } else { + error_setg(errp, + "Cannot write to TLS channel: %s", + gnutls_strerror(ret)); + } return -1; } } @@ -477,9 +518,14 @@ qcrypto_tls_session_read(QCryptoTLSSession *session, gracefulTermination){ return 0; } else { - error_setg(errp, - "Cannot read from TLS channel: %s", - gnutls_strerror(ret)); + if (session->rerr) { + error_propagate(errp, session->rerr); + session->rerr = NULL; + } else { + error_setg(errp, + "Cannot read from TLS channel: %s", + gnutls_strerror(ret)); + } return -1; } } @@ -507,11 +553,21 @@ qcrypto_tls_session_handshake(QCryptoTLSSession *session, ret == GNUTLS_E_AGAIN) { ret = 1; } else { - error_setg(errp, "TLS handshake failed: %s", - gnutls_strerror(ret)); + if (session->rerr || session->werr) { + error_setg(errp, "TLS handshake failed: %s: %s", + gnutls_strerror(ret), + error_get_pretty(session->rerr ? + session->rerr : session->werr)); + } else { + error_setg(errp, "TLS handshake failed: %s", + gnutls_strerror(ret)); + } ret = -1; } } + error_free(session->rerr); + error_free(session->werr); + session->rerr = session->werr = NULL; return ret; } diff --git a/include/crypto/tlssession.h b/include/crypto/tlssession.h index 291e602540..f694a5c3c5 100644 --- a/include/crypto/tlssession.h +++ b/include/crypto/tlssession.h @@ -178,12 +178,18 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoTLSSession, qcrypto_tls_session_free) int qcrypto_tls_session_check_credentials(QCryptoTLSSession *sess, Error **errp); +/* + * These must return QCRYPTO_TLS_SESSION_ERR_BLOCK if the I/O + * would block, but on other errors, must fill 'errp' + */ typedef ssize_t (*QCryptoTLSSessionWriteFunc)(const char *buf, size_t len, - void *opaque); + void *opaque, + Error **errp); typedef ssize_t (*QCryptoTLSSessionReadFunc)(char *buf, size_t len, - void *opaque); + void *opaque, + Error **errp); /** * qcrypto_tls_session_set_callbacks: diff --git a/io/channel-tls.c b/io/channel-tls.c index 9d8bb158d1..aab630e5ae 100644 --- a/io/channel-tls.c +++ b/io/channel-tls.c @@ -28,17 +28,16 @@ static ssize_t qio_channel_tls_write_handler(const char *buf, size_t len, - void *opaque) + void *opaque, + Error **errp) { QIOChannelTLS *tioc = QIO_CHANNEL_TLS(opaque); ssize_t ret; - ret = qio_channel_write(tioc->master, buf, len, NULL); + ret = qio_channel_write(tioc->master, buf, len, errp); if (ret == QIO_CHANNEL_ERR_BLOCK) { - errno = EAGAIN; - return -1; + return QCRYPTO_TLS_SESSION_ERR_BLOCK; } else if (ret < 0) { - errno = EIO; return -1; } return ret; @@ -46,17 +45,16 @@ static ssize_t qio_channel_tls_write_handler(const char *buf, static ssize_t qio_channel_tls_read_handler(char *buf, size_t len, - void *opaque) + void *opaque, + Error **errp) { QIOChannelTLS *tioc = QIO_CHANNEL_TLS(opaque); ssize_t ret; - ret = qio_channel_read(tioc->master, buf, len, NULL); + ret = qio_channel_read(tioc->master, buf, len, errp); if (ret == QIO_CHANNEL_ERR_BLOCK) { - errno = EAGAIN; - return -1; + return QCRYPTO_TLS_SESSION_ERR_BLOCK; } else if (ret < 0) { - errno = EIO; return -1; } return ret; diff --git a/tests/unit/test-crypto-tlssession.c b/tests/unit/test-crypto-tlssession.c index b12e7b6879..3395f73560 100644 --- a/tests/unit/test-crypto-tlssession.c +++ b/tests/unit/test-crypto-tlssession.c @@ -35,18 +35,40 @@ #define PSKFILE WORKDIR "keys.psk" #define KEYFILE WORKDIR "key-ctx.pem" -static ssize_t testWrite(const char *buf, size_t len, void *opaque) +static ssize_t +testWrite(const char *buf, size_t len, void *opaque, Error **errp) { int *fd = opaque; + int ret; - return write(*fd, buf, len); + ret = write(*fd, buf, len); + if (ret < 0) { + if (errno == EAGAIN) { + return QCRYPTO_TLS_SESSION_ERR_BLOCK; + } else { + error_setg_errno(errp, errno, "unable to write"); + return -1; + } + } + return ret; } -static ssize_t testRead(char *buf, size_t len, void *opaque) +static ssize_t +testRead(char *buf, size_t len, void *opaque, Error **errp) { int *fd = opaque; + int ret; - return read(*fd, buf, len); + ret = read(*fd, buf, len); + if (ret < 0) { + if (errno == EAGAIN) { + return QCRYPTO_TLS_SESSION_ERR_BLOCK; + } else { + error_setg_errno(errp, errno, "unable to read"); + return -1; + } + } + return ret; } static QCryptoTLSCreds *test_tls_creds_psk_create( -- cgit v1.2.3