diff options
38 files changed, 180 insertions, 149 deletions
diff --git a/src/cli/pk_crypt.cpp b/src/cli/pk_crypt.cpp index b7fd62ac1..2189690bd 100644 --- a/src/cli/pk_crypt.cpp +++ b/src/cli/pk_crypt.cpp @@ -59,7 +59,7 @@ class PK_Encrypt final : public Command if(!aead) throw CLI_Usage_Error("The AEAD '" + aead_algo + "' is not available"); - const Botan::OID aead_oid = Botan::OIDS::lookup(aead_algo); + const Botan::OID aead_oid = Botan::OIDS::str2oid_or_empty(aead_algo); if(aead_oid.empty()) throw CLI_Usage_Error("No OID defined for AEAD '" + aead_algo + "'"); @@ -159,14 +159,14 @@ class PK_Decrypt final : public Command return set_return_code(1); } - const std::string aead_algo = Botan::OIDS::lookup(aead_oid); + const std::string aead_algo = Botan::OIDS::oid2str_or_empty(aead_oid); if(aead_algo == "") { error_output() << "Ciphertext was encrypted with an unknown algorithm"; return set_return_code(1); } - if(pk_alg_id.get_oid() != Botan::OIDS::lookup("RSA/OAEP")) + if(pk_alg_id.get_oid() != Botan::OIDS::str2oid_or_throw("RSA/OAEP")) { error_output() << "Ciphertext was encrypted with something other than RSA/OAEP"; return set_return_code(1); @@ -175,7 +175,7 @@ class PK_Decrypt final : public Command Botan::AlgorithmIdentifier oaep_hash_id; Botan::BER_Decoder(pk_alg_id.get_parameters()).decode(oaep_hash_id); - const std::string oaep_hash = Botan::OIDS::lookup(oaep_hash_id.get_oid()); + const std::string oaep_hash = Botan::OIDS::oid2str_or_empty(oaep_hash_id.get_oid()); if(oaep_hash.empty()) { diff --git a/src/lib/asn1/alg_id.cpp b/src/lib/asn1/alg_id.cpp index 0637a8f8d..b475865b5 100644 --- a/src/lib/asn1/alg_id.cpp +++ b/src/lib/asn1/alg_id.cpp @@ -26,8 +26,7 @@ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, */ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id, const std::vector<uint8_t>& param) : - oid(OIDS::lookup(alg_id)), - parameters(param) + AlgorithmIdentifier(OIDS::str2oid_or_throw(alg_id), param) {} /* @@ -49,7 +48,7 @@ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, */ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id, Encoding_Option option) : - oid(OIDS::lookup(alg_id)), + oid(OIDS::str2oid_or_throw(alg_id)), parameters() { const uint8_t DER_NULL[] = { 0x05, 0x00 }; diff --git a/src/lib/asn1/asn1_attribute.cpp b/src/lib/asn1/asn1_attribute.cpp index 8ecd8fd5f..1f07bbd4b 100644 --- a/src/lib/asn1/asn1_attribute.cpp +++ b/src/lib/asn1/asn1_attribute.cpp @@ -25,7 +25,7 @@ Attribute::Attribute(const OID& attr_oid, const std::vector<uint8_t>& attr_value */ Attribute::Attribute(const std::string& attr_oid, const std::vector<uint8_t>& attr_value) : - oid(OIDS::lookup(attr_oid)), + oid(OIDS::str2oid_or_throw(attr_oid)), parameters(attr_value) {} diff --git a/src/lib/asn1/asn1_print.cpp b/src/lib/asn1/asn1_print.cpp index 14f5b71a9..5b22c1d3a 100644 --- a/src/lib/asn1/asn1_print.cpp +++ b/src/lib/asn1/asn1_print.cpp @@ -149,7 +149,7 @@ void ASN1_Formatter::decode(std::ostream& output, OID oid; data.decode(oid); - std::string out = OIDS::lookup(oid); + std::string out = OIDS::oid2str_or_empty(oid); if(out.empty()) { out = oid.to_string(); diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp index 844cdff79..8eae538a1 100644 --- a/src/lib/asn1/oids.cpp +++ b/src/lib/asn1/oids.cpp @@ -10,8 +10,6 @@ namespace Botan { -namespace OIDS { - namespace { class OID_Map final @@ -40,7 +38,7 @@ class OID_Map final m_oid2str.insert(std::make_pair(oid_str, str)); } - std::string lookup(const OID& oid) + std::string oid2str(const OID& oid) { const std::string oid_str = oid.to_string(); @@ -53,7 +51,7 @@ class OID_Map final return ""; } - OID lookup(const std::string& str) + OID str2oid(const std::string& str) { lock_guard_type<mutex_type> lock(m_mutex); auto i = m_str2oid.find(str); @@ -79,8 +77,8 @@ class OID_Map final OID_Map() { - m_str2oid = load_str2oid_map(); - m_oid2str = load_oid2str_map(); + m_str2oid = OIDS::load_str2oid_map(); + m_oid2str = OIDS::load_oid2str_map(); } mutex_type m_mutex; @@ -90,46 +88,63 @@ class OID_Map final } -void add_oid(const OID& oid, const std::string& name) +void OIDS::add_oid(const OID& oid, const std::string& name) { OID_Map::global_registry().add_oid(oid, name); } -void add_oidstr(const char* oidstr, const char* name) +void OIDS::add_oidstr(const char* oidstr, const char* name) { add_oid(OID(oidstr), name); } -void add_oid2str(const OID& oid, const std::string& name) +void OIDS::add_oid2str(const OID& oid, const std::string& name) { OID_Map::global_registry().add_oid2str(oid, name); } -void add_str2oid(const OID& oid, const std::string& name) +void OIDS::add_str2oid(const OID& oid, const std::string& name) { OID_Map::global_registry().add_str2oid(oid, name); } -std::string lookup(const OID& oid) +std::string OIDS::oid2str_or_empty(const OID& oid) { - return OID_Map::global_registry().lookup(oid); + return OID_Map::global_registry().oid2str(oid); } -OID lookup(const std::string& name) +OID OIDS::str2oid_or_empty(const std::string& name) { - return OID_Map::global_registry().lookup(name); + return OID_Map::global_registry().str2oid(name); } -bool have_oid(const std::string& name) +std::string OIDS::oid2str_or_throw(const OID& oid) { - return OID_Map::global_registry().have_oid(name); + const std::string s = OIDS::oid2str_or_empty(oid); + if(s.empty()) + throw Lookup_Error("No name associated with OID " + oid.to_string()); + return s; } -bool name_of(const OID& oid, const std::string& name) +std::string OIDS::oid2str_or_raw(const OID& oid) { - return (oid == lookup(name)); + const std::string s = OIDS::oid2str_or_empty(oid); + if(s.empty()) + return oid.to_string(); + return s; } -} +OID OIDS::str2oid_or_throw(const std::string& name) + { + const OID o = OIDS::str2oid_or_empty(name); + if(o.empty()) + throw Lookup_Error("No OID associated with name " + name); + return o; + } + +bool OIDS::have_oid(const std::string& name) + { + return OID_Map::global_registry().have_oid(name); + } } diff --git a/src/lib/asn1/oids.h b/src/lib/asn1/oids.h index 7b87b5eaf..167d9ade7 100644 --- a/src/lib/asn1/oids.h +++ b/src/lib/asn1/oids.h @@ -33,9 +33,9 @@ std::unordered_map<std::string, OID> load_str2oid_map(); /** * Resolve an OID * @param oid the OID to look up -* @return name associated with this OID +* @return name associated with this OID, or an empty string */ -BOTAN_PUBLIC_API(2,0) std::string lookup(const OID& oid); +BOTAN_UNSTABLE_API std::string oid2str_or_empty(const OID& oid); /** * Find the OID to a name. The lookup will be performed in the @@ -43,17 +43,12 @@ BOTAN_PUBLIC_API(2,0) std::string lookup(const OID& oid); * @param name the name to resolve * @return OID associated with the specified name */ -BOTAN_PUBLIC_API(2,0) OID lookup(const std::string& name); +BOTAN_UNSTABLE_API OID str2oid_or_empty(const std::string& name); -inline std::string oid2str(const OID& oid) - { - return lookup(oid); - } +BOTAN_UNSTABLE_API std::string oid2str_or_throw(const OID& oid); +BOTAN_UNSTABLE_API OID str2oid_or_throw(const std::string& name); -inline OID str2oid(const std::string& name) - { - return lookup(name); - } +BOTAN_UNSTABLE_API std::string oid2str_or_raw(const OID& oid); /** * See if an OID exists in the internal table. @@ -68,7 +63,31 @@ BOTAN_UNSTABLE_API bool have_oid(const std::string& oid); * @param name the name to check * @return true if the specified OID stands for the specified name */ -BOTAN_UNSTABLE_API bool name_of(const OID& oid, const std::string& name); +inline bool BOTAN_DEPRECATED("Use oid == str2oid_or_throw(name)") name_of(const OID& oid, const std::string& name) + { + return (oid == str2oid_or_throw(name)); + } + +inline std::string BOTAN_DEPRECATED("Use oid2str_or_empty") lookup(const OID& oid) + { + return oid2str_or_empty(oid); + } + +inline OID BOTAN_DEPRECATED("Use str2oid_or_empty") lookup(const std::string& name) + { + return str2oid_or_empty(name); + } + +inline std::string BOTAN_DEPRECATED("Use oid2str_or_empty") oid2str(const OID& oid) + { + return oid2str_or_empty(oid); + } + +inline OID BOTAN_DEPRECATED("Use str2oid_or_empty") str2oid(const std::string& name) + { + return str2oid_or_empty(name); + } + } } diff --git a/src/lib/kdf/prf_x942/prf_x942.cpp b/src/lib/kdf/prf_x942/prf_x942.cpp index 1e520ab18..3fe0a682f 100644 --- a/src/lib/kdf/prf_x942/prf_x942.cpp +++ b/src/lib/kdf/prf_x942/prf_x942.cpp @@ -91,7 +91,7 @@ size_t X942_PRF::kdf(uint8_t key[], size_t key_len, X942_PRF::X942_PRF(const std::string& oid) { if(OIDS::have_oid(oid)) - m_key_wrap_oid = OIDS::lookup(oid).to_string(); + m_key_wrap_oid = OIDS::str2oid_or_empty(oid).to_string(); else m_key_wrap_oid = oid; } diff --git a/src/lib/pk_pad/emsa1/emsa1.cpp b/src/lib/pk_pad/emsa1/emsa1.cpp index e1bc8db6e..048c3417c 100644 --- a/src/lib/pk_pad/emsa1/emsa1.cpp +++ b/src/lib/pk_pad/emsa1/emsa1.cpp @@ -111,9 +111,7 @@ AlgorithmIdentifier EMSA1::config_for_x509(const Private_Key& key, const std::string sig_name = key.algo_name() + "/" + name(); AlgorithmIdentifier sig_algo; - sig_algo.oid = OIDS::lookup(sig_name); - if(sig_algo.oid.empty()) - throw Lookup_Error("No OID defined for " + sig_name); + sig_algo.oid = OIDS::str2oid_or_throw(key.algo_name() + "/" + name()); std::string algo_name = key.algo_name(); if(algo_name == "DSA" || diff --git a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp index ddc1e6b27..669025a08 100644 --- a/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp +++ b/src/lib/pk_pad/emsa_pkcs1/emsa_pkcs1.cpp @@ -99,7 +99,7 @@ AlgorithmIdentifier EMSA_PKCS1v15::config_for_x509(const Private_Key& key, AlgorithmIdentifier sig_algo; - sig_algo.oid = OIDS::lookup( key.algo_name() + "/" + name() ); + sig_algo.oid = OIDS::str2oid_or_throw(key.algo_name() + "/" + name()); // for RSA PKCSv1.5 parameters "SHALL" be NULL as configured by // RSA_PublicKey::algorithm_identifier() sig_algo.parameters = key.algorithm_identifier().parameters; diff --git a/src/lib/pk_pad/emsa_pssr/pssr.cpp b/src/lib/pk_pad/emsa_pssr/pssr.cpp index 25c0a191f..9cac2dbf1 100644 --- a/src/lib/pk_pad/emsa_pssr/pssr.cpp +++ b/src/lib/pk_pad/emsa_pssr/pssr.cpp @@ -205,7 +205,7 @@ AlgorithmIdentifier PSSR::config_for_x509(const Private_Key& key, AlgorithmIdentifier sig_algo; // hardcoded as RSA is the only valid algorithm for EMSA4 at the moment - sig_algo.oid = OIDS::lookup( "RSA/EMSA4" ); + sig_algo.oid = OIDS::str2oid_or_throw("RSA/EMSA4"); const AlgorithmIdentifier hash_id(cert_hash_name, AlgorithmIdentifier::USE_NULL_PARAM); const AlgorithmIdentifier mgf_id("MGF1", hash_id.BER_encode()); diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp index 2067d57c4..95a56e473 100644 --- a/src/lib/pubkey/ec_group/ec_group.cpp +++ b/src/lib/pubkey/ec_group/ec_group.cpp @@ -361,8 +361,8 @@ EC_Group::EC_Group(const std::string& str) try { - OID oid = OIDS::lookup(str); - if(oid.empty() == false) + OID oid = OIDS::str2oid_or_empty(str); + if(oid.has_value()) m_data = ec_group_data().lookup(oid); } catch(Invalid_OID&) diff --git a/src/lib/pubkey/gost_3410/gost_3410.h b/src/lib/pubkey/gost_3410/gost_3410.h index 3f475d434..28e8274de 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.h +++ b/src/lib/pubkey/gost_3410/gost_3410.h @@ -53,7 +53,7 @@ class BOTAN_PUBLIC_API(2,0) GOST_3410_PublicKey : public virtual EC_PublicKey size_t message_part_size() const override { return domain().get_order().bytes(); } - Signature_Format default_x509_signature_format() const + Signature_Format default_x509_signature_format() const override { return IEEE_1363; } std::unique_ptr<PK_Ops::Verification> diff --git a/src/lib/pubkey/pbes2/pbes2.cpp b/src/lib/pubkey/pbes2/pbes2.cpp index ce540c932..e9b471597 100644 --- a/src/lib/pubkey/pbes2/pbes2.cpp +++ b/src/lib/pubkey/pbes2/pbes2.cpp @@ -34,7 +34,7 @@ SymmetricKey derive_key(const std::string& passphrase, const AlgorithmIdentifier& kdf_algo, size_t default_key_size) { - if(kdf_algo.get_oid() == OIDS::lookup("PKCS5.PBKDF2")) + if(kdf_algo.get_oid() == OIDS::str2oid_or_throw("PKCS5.PBKDF2")) { secure_vector<uint8_t> salt; size_t iterations = 0, key_length = 0; @@ -56,12 +56,12 @@ SymmetricKey derive_key(const std::string& passphrase, if(key_length == 0) key_length = default_key_size; - const std::string prf = OIDS::lookup(prf_algo.get_oid()); + const std::string prf = OIDS::oid2str_or_throw(prf_algo.get_oid()); std::unique_ptr<PBKDF> pbkdf(get_pbkdf("PBKDF2(" + prf + ")")); return pbkdf->pbkdf_iterations(key_length, passphrase, salt.data(), salt.size(), iterations); } #if defined(BOTAN_HAS_SCRYPT) - else if(kdf_algo.get_oid() == OIDS::lookup("Scrypt")) + else if(kdf_algo.get_oid() == OIDS::str2oid_or_throw("Scrypt")) { secure_vector<uint8_t> salt; size_t N = 0, r = 0, p = 0; @@ -142,7 +142,7 @@ secure_vector<uint8_t> derive_key(const std::string& passphrase, .encode(key_length) .end_cons(); - kdf_algo = AlgorithmIdentifier(OIDS::lookup("Scrypt"), scrypt_params); + kdf_algo = AlgorithmIdentifier(OIDS::str2oid_or_throw("Scrypt"), scrypt_params); return key; #else throw Not_Implemented("Scrypt is not available in this build"); @@ -214,7 +214,7 @@ pbes2_encrypt_shared(const secure_vector<uint8_t>& key_bits, if(!known_pbes_cipher_mode(cipher_spec[1])) throw Encoding_Error("PBE-PKCS5 v2.0: Don't know param format for " + cipher); - const OID cipher_oid = OIDS::lookup(cipher); + const OID cipher_oid = OIDS::str2oid_or_empty(cipher); if(cipher_oid.empty()) throw Encoding_Error("PBE-PKCS5 v2.0: No OID assigned for " + cipher); @@ -251,7 +251,7 @@ pbes2_encrypt_shared(const secure_vector<uint8_t>& key_bits, ) .end_cons(); - AlgorithmIdentifier id(OIDS::lookup("PBE-PKCS5v20"), pbes2_params); + AlgorithmIdentifier id(OIDS::str2oid_or_throw("PBE-PKCS5v20"), pbes2_params); return std::make_pair(id, unlock(ctext)); } @@ -315,7 +315,7 @@ pbes2_decrypt(const secure_vector<uint8_t>& key_bits, .decode(enc_algo) .end_cons(); - const std::string cipher = OIDS::lookup(enc_algo.get_oid()); + const std::string cipher = OIDS::oid2str_or_throw(enc_algo.get_oid()); const std::vector<std::string> cipher_spec = split_on(cipher, '/'); if(cipher_spec.size() != 2) throw Decoding_Error("PBE-PKCS5 v2.0: Invalid cipher spec " + cipher); diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index f59583e1f..074149dac 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -83,11 +83,13 @@ std::unique_ptr<Public_Key> load_public_key(const AlgorithmIdentifier& alg_id, const std::vector<uint8_t>& key_bits) { - const std::vector<std::string> alg_info = split_on(OIDS::lookup(alg_id.get_oid()), '/'); + const std::string oid_str = OIDS::oid2str_or_empty(alg_id.get_oid()); - if(alg_info.empty()) + if(oid_str.empty()) throw Decoding_Error("Unknown algorithm OID: " + alg_id.get_oid().to_string()); + const std::vector<std::string> alg_info = split_on(oid_str, '/'); + const std::string alg_name = alg_info[0]; #if defined(BOTAN_HAS_RSA) @@ -167,8 +169,8 @@ std::unique_ptr<Private_Key> load_private_key(const AlgorithmIdentifier& alg_id, const secure_vector<uint8_t>& key_bits) { - const std::string alg_name = OIDS::lookup(alg_id.get_oid()); - if(alg_name == "") + const std::string alg_name = OIDS::oid2str_or_empty(alg_id.get_oid()); + if(alg_name.empty()) throw Decoding_Error("Unknown algorithm OID: " + alg_id.get_oid().to_string()); #if defined(BOTAN_HAS_RSA) diff --git a/src/lib/pubkey/pk_keys.cpp b/src/lib/pubkey/pk_keys.cpp index ce3eeeb7f..c5a98d72f 100644 --- a/src/lib/pubkey/pk_keys.cpp +++ b/src/lib/pubkey/pk_keys.cpp @@ -52,12 +52,10 @@ std::vector<uint8_t> Public_Key::subject_public_key() const */ OID Public_Key::get_oid() const { - const OID oid = OIDS::lookup(algo_name()); - - if(oid.empty()) + const OID o = OIDS::str2oid_or_empty(algo_name()); + if(o.empty()) throw Lookup_Error("PK algo " + algo_name() + " has no defined OIDs"); - - return oid; + return o; } secure_vector<uint8_t> Private_Key::private_key_info() const diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index 0929769df..0238491dc 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -104,7 +104,7 @@ secure_vector<uint8_t> PKCS8_decode( { if(is_encrypted) { - if(OIDS::lookup(pbe_alg_id.get_oid()) != "PBE-PKCS5v20") + if(OIDS::oid2str_or_throw(pbe_alg_id.get_oid()) != "PBE-PKCS5v20") throw PKCS8_Exception("Unknown PBE type " + pbe_alg_id.get_oid().to_string()); #if defined(BOTAN_HAS_PKCS5_PBES2) key = pbes2_decrypt(key_data, get_passphrase(), pbe_alg_id.get_parameters()); @@ -350,8 +350,8 @@ load_key(DataSource& source, AlgorithmIdentifier alg_id; secure_vector<uint8_t> pkcs8_key = PKCS8_decode(source, get_pass, alg_id, is_encrypted); - const std::string alg_name = OIDS::lookup(alg_id.get_oid()); - if(alg_name.empty() || alg_name == alg_id.get_oid().to_string()) + const std::string alg_name = OIDS::oid2str_or_empty(alg_id.get_oid()); + if(alg_name.empty()) throw PKCS8_Exception("Unknown algorithm OID: " + alg_id.get_oid().to_string()); diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index 18868e0ef..3e288690e 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -177,7 +177,7 @@ std::pair<secure_vector<uint8_t>, std::vector<uint8_t>> TLS::Callbacks::tls_ecdh } else { - EC_Group group(OIDS::lookup(curve_name)); + EC_Group group(OIDS::str2oid_or_throw(curve_name)); ECDH_PublicKey peer_key(group, group.OS2ECP(peer_public_value)); policy.check_peer_key_acceptable(peer_key); ECDH_PrivateKey priv_key(rng, group); diff --git a/src/lib/x509/asn1_alt_name.cpp b/src/lib/x509/asn1_alt_name.cpp index 4e052ca58..60e767543 100644 --- a/src/lib/x509/asn1_alt_name.cpp +++ b/src/lib/x509/asn1_alt_name.cpp @@ -69,10 +69,14 @@ std::multimap<std::string, std::string> AlternativeName::contents() const std::multimap<std::string, std::string> names; for(auto i = m_alt_info.begin(); i != m_alt_info.end(); ++i) + { multimap_insert(names, i->first, i->second); + } for(auto i = m_othernames.begin(); i != m_othernames.end(); ++i) - multimap_insert(names, OIDS::lookup(i->first), i->second.value()); + { + multimap_insert(names, OIDS::oid2str_or_raw(i->first), i->second.value()); + } return names; } diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp index 249ce7817..b119c4490 100644 --- a/src/lib/x509/ocsp.cpp +++ b/src/lib/x509/ocsp.cpp @@ -164,7 +164,7 @@ Certificate_Status_Code Response::verify_signature(const X509_Certificate& issue std::unique_ptr<Public_Key> pub_key(issuer.subject_public_key()); const std::vector<std::string> sig_info = - split_on(OIDS::lookup(m_sig_algo.get_oid()), '/'); + split_on(OIDS::oid2str_or_throw(m_sig_algo.get_oid()), '/'); if(sig_info.size() != 2 || sig_info[0] != pub_key->algo_name()) return Certificate_Status_Code::OCSP_RESPONSE_INVALID; diff --git a/src/lib/x509/ocsp_types.cpp b/src/lib/x509/ocsp_types.cpp index 3eda5c05b..98c63a31b 100644 --- a/src/lib/x509/ocsp_types.cpp +++ b/src/lib/x509/ocsp_types.cpp @@ -39,7 +39,8 @@ bool CertID::is_id_for(const X509_Certificate& issuer, if(BigInt::decode(subject.serial_number()) != m_subject_serial) return false; - std::unique_ptr<HashFunction> hash(HashFunction::create(OIDS::lookup(m_hash_id.get_oid()))); + const std::string hash_algo = OIDS::oid2str_or_throw(m_hash_id.get_oid()); + std::unique_ptr<HashFunction> hash = HashFunction::create(hash_algo); if(m_issuer_dn_hash != unlock(hash->process(subject.raw_issuer_dn()))) return false; diff --git a/src/lib/x509/pkcs10.cpp b/src/lib/x509/pkcs10.cpp index 2da002cd1..1270e4159 100644 --- a/src/lib/x509/pkcs10.cpp +++ b/src/lib/x509/pkcs10.cpp @@ -148,19 +148,19 @@ std::unique_ptr<PKCS10_Data> decode_pkcs10(const std::vector<uint8_t>& body) const OID& oid = attr.get_oid(); BER_Decoder value(attr.get_parameters()); - if(oid == OIDS::lookup("PKCS9.EmailAddress")) + if(oid == OIDS::str2oid_or_throw("PKCS9.EmailAddress")) { ASN1_String email; value.decode(email); pkcs9_email.insert(email.value()); } - else if(oid == OIDS::lookup("PKCS9.ChallengePassword")) + else if(oid == OIDS::str2oid_or_throw("PKCS9.ChallengePassword")) { ASN1_String challenge_password; value.decode(challenge_password); data->m_challenge = challenge_password.value(); } - else if(oid == OIDS::lookup("PKCS9.ExtensionRequest")) + else if(oid == OIDS::str2oid_or_throw("PKCS9.ExtensionRequest")) { value.decode(data->m_extensions).verify_end(); } @@ -260,7 +260,7 @@ const Extensions& PKCS10_Request::extensions() const */ Key_Constraints PKCS10_Request::constraints() const { - if(auto ext = extensions().get(OIDS::lookup("X509v3.KeyUsage"))) + if(auto ext = extensions().get(OIDS::str2oid_or_throw("X509v3.KeyUsage"))) { return dynamic_cast<Cert_Extension::Key_Usage&>(*ext).get_constraints(); } @@ -273,7 +273,7 @@ Key_Constraints PKCS10_Request::constraints() const */ std::vector<OID> PKCS10_Request::ex_constraints() const { - if(auto ext = extensions().get(OIDS::lookup("X509v3.ExtendedKeyUsage"))) + if(auto ext = extensions().get(OIDS::str2oid_or_throw("X509v3.ExtendedKeyUsage"))) { return dynamic_cast<Cert_Extension::Extended_Key_Usage&>(*ext).get_oids(); } @@ -286,7 +286,7 @@ std::vector<OID> PKCS10_Request::ex_constraints() const */ bool PKCS10_Request::is_CA() const { - if(auto ext = extensions().get(OIDS::lookup("X509v3.BasicConstraints"))) + if(auto ext = extensions().get(OIDS::str2oid_or_throw("X509v3.BasicConstraints"))) { return dynamic_cast<Cert_Extension::Basic_Constraints&>(*ext).get_is_ca(); } @@ -299,7 +299,7 @@ bool PKCS10_Request::is_CA() const */ size_t PKCS10_Request::path_limit() const { - if(auto ext = extensions().get(OIDS::lookup("X509v3.BasicConstraints"))) + if(auto ext = extensions().get(OIDS::str2oid_or_throw("X509v3.BasicConstraints"))) { Cert_Extension::Basic_Constraints& basic_constraints = dynamic_cast<Cert_Extension::Basic_Constraints&>(*ext); if(basic_constraints.get_is_ca()) diff --git a/src/lib/x509/x509_ca.cpp b/src/lib/x509/x509_ca.cpp index 73eea4a95..74ca1bcfc 100644 --- a/src/lib/x509/x509_ca.cpp +++ b/src/lib/x509/x509_ca.cpp @@ -40,7 +40,7 @@ X509_CA::X509_CA(const X509_Certificate& c, // constructor without additional options: use the padding used in the CA certificate // sig_oid_str = <sig_alg>/<padding>, so padding with all its options will look // like a cipher mode to the scanner - std::string sig_oid_str = OIDS::lookup(c.signature_algorithm().oid); + std::string sig_oid_str = OIDS::oid2str_or_throw(c.signature_algorithm().oid); SCAN_Name scanner(sig_oid_str); std::string pad = scanner.cipher_mode(); if(!pad.empty()) diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp index 6e2707673..e9d825256 100644 --- a/src/lib/x509/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -23,7 +23,7 @@ namespace Botan { void X509_DN::add_attribute(const std::string& type, const std::string& str) { - add_attribute(OIDS::lookup(type), str); + add_attribute(OIDS::str2oid_or_throw(type), str); } /* @@ -59,10 +59,7 @@ std::multimap<std::string, std::string> X509_DN::contents() const for(auto& i : m_rdn) { - std::string str_value = OIDS::oid2str(i.first); - - if(str_value.empty()) - str_value = i.first.to_string(); + const std::string str_value = OIDS::oid2str_or_raw(i.first); multimap_insert(retval, str_value, i.second.value()); } return retval; @@ -70,7 +67,7 @@ std::multimap<std::string, std::string> X509_DN::contents() const bool X509_DN::has_field(const std::string& attr) const { - return has_field(OIDS::lookup(deref_info_field(attr))); + return has_field(OIDS::str2oid_or_throw(deref_info_field(attr))); } bool X509_DN::has_field(const OID& oid) const @@ -86,7 +83,7 @@ bool X509_DN::has_field(const OID& oid) const std::string X509_DN::get_first_attribute(const std::string& attr) const { - const OID oid = OIDS::lookup(deref_info_field(attr)); + const OID oid = OIDS::str2oid_or_throw(deref_info_field(attr)); return get_first_attribute(oid).value(); } @@ -108,7 +105,7 @@ ASN1_String X509_DN::get_first_attribute(const OID& oid) const */ std::vector<std::string> X509_DN::get_attribute(const std::string& attr) const { - const OID oid = OIDS::lookup(deref_info_field(attr)); + const OID oid = OIDS::str2oid_or_throw(deref_info_field(attr)); std::vector<std::string> values; @@ -304,10 +301,7 @@ namespace { std::string to_short_form(const OID& oid) { - const std::string long_id = OIDS::oid2str(oid); - - if(long_id.empty()) - return oid.to_string(); + const std::string long_id = OIDS::oid2str_or_raw(oid); if(long_id == "X520.CommonName") return "CN"; diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp index 9b938f4d3..cfcc7da59 100644 --- a/src/lib/x509/x509_ext.cpp +++ b/src/lib/x509/x509_ext.cpp @@ -786,7 +786,7 @@ std::vector<uint8_t> Authority_Information_Access::encode_inner() const DER_Encoder(output) .start_cons(SEQUENCE) .start_cons(SEQUENCE) - .encode(OIDS::lookup("PKIX.OCSP")) + .encode(OIDS::str2oid_or_throw("PKIX.OCSP")) .add_object(ASN1_Tag(6), CONTEXT_SPECIFIC, url.value()) .end_cons() .end_cons(); @@ -805,7 +805,7 @@ void Authority_Information_Access::decode_inner(const std::vector<uint8_t>& in) info.decode(oid); - if(oid == OIDS::lookup("PKIX.OCSP")) + if(oid == OIDS::str2oid_or_throw("PKIX.OCSP")) { BER_Object name = info.get_next_object(); @@ -815,7 +815,7 @@ void Authority_Information_Access::decode_inner(const std::vector<uint8_t>& in) } } - if(oid == OIDS::lookup("PKIX.CertificateAuthorityIssuers")) + if(oid == OIDS::str2oid_or_throw("PKIX.CertificateAuthorityIssuers")) { BER_Object name = info.get_next_object(); diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp index dd1e51cd7..dded17b4b 100644 --- a/src/lib/x509/x509_obj.cpp +++ b/src/lib/x509/x509_obj.cpp @@ -139,7 +139,7 @@ std::vector<uint8_t> X509_Object::tbs_data() const std::string X509_Object::hash_used_for_signature() const { const OID& oid = m_sig_algo.get_oid(); - const std::vector<std::string> sig_info = split_on(OIDS::lookup(oid), '/'); + const std::vector<std::string> sig_info = split_on(OIDS::oid2str_or_throw(oid), '/'); if(sig_info.size() == 1 && sig_info[0] == "Ed25519") return "SHA-512"; @@ -148,7 +148,7 @@ std::string X509_Object::hash_used_for_signature() const if(sig_info[1] == "EMSA4") { - return OIDS::lookup(decode_pss_params(signature_algorithm().get_parameters()).hash_algo.get_oid()); + return OIDS::oid2str_or_throw(decode_pss_params(signature_algorithm().get_parameters()).hash_algo.get_oid()); } else { @@ -184,7 +184,7 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const Certificate_Status_Code X509_Object::verify_signature(const Public_Key& pub_key) const { const std::vector<std::string> sig_info = - split_on(OIDS::lookup(m_sig_algo.get_oid()), '/'); + split_on(OIDS::oid2str_or_throw(m_sig_algo.get_oid()), '/'); if(sig_info.size() < 1 || sig_info.size() > 2 || sig_info[0] != pub_key.algo_name()) return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; @@ -210,7 +210,7 @@ Certificate_Status_Code X509_Object::verify_signature(const Public_Key& pub_key) Pss_params pss_parameter = decode_pss_params(signature_algorithm().parameters); // hash_algo must be SHA1, SHA2-224, SHA2-256, SHA2-384 or SHA2-512 - const std::string hash_algo = OIDS::lookup(pss_parameter.hash_algo.oid); + const std::string hash_algo = OIDS::oid2str_or_throw(pss_parameter.hash_algo.oid); if(hash_algo != "SHA-160" && hash_algo != "SHA-224" && hash_algo != "SHA-256" && @@ -220,7 +220,7 @@ Certificate_Status_Code X509_Object::verify_signature(const Public_Key& pub_key) return Certificate_Status_Code::UNTRUSTED_HASH; } - const std::string mgf_algo = OIDS::lookup(pss_parameter.mask_gen_algo.oid); + const std::string mgf_algo = OIDS::oid2str_or_throw(pss_parameter.mask_gen_algo.oid); if(mgf_algo != "MGF1") { return Certificate_Status_Code::SIGNATURE_ALGO_BAD_PARAMS; @@ -354,7 +354,7 @@ std::string choose_sig_algo(AlgorithmIdentifier& sig_algo, } else { - sig_algo = AlgorithmIdentifier(OIDS::lookup("Ed25519"), AlgorithmIdentifier::USE_EMPTY_PARAM); + sig_algo = AlgorithmIdentifier(OIDS::str2oid_or_throw("Ed25519"), AlgorithmIdentifier::USE_EMPTY_PARAM); return "Pure"; } } diff --git a/src/lib/x509/x509cert.cpp b/src/lib/x509/x509cert.cpp index 0212267ec..890360c8a 100644 --- a/src/lib/x509/x509cert.cpp +++ b/src/lib/x509/x509cert.cpp @@ -148,7 +148,7 @@ std::unique_ptr<X509_Certificate_Data> parse_x509_cert_body(const X509_Object& o BER_Decoder(public_key).decode(public_key_alg_id).discard_remaining(); std::vector<std::string> public_key_info = - split_on(OIDS::oid2str(public_key_alg_id.get_oid()), '/'); + split_on(OIDS::oid2str_or_throw(public_key_alg_id.get_oid()), '/'); if(!public_key_info.empty() && public_key_info[0] == "RSA") { @@ -500,7 +500,7 @@ bool X509_Certificate::allowed_usage(Key_Constraints usage) const bool X509_Certificate::allowed_extended_usage(const std::string& usage) const { - return allowed_extended_usage(OIDS::str2oid(usage)); + return allowed_extended_usage(OIDS::str2oid_or_throw(usage)); } bool X509_Certificate::allowed_extended_usage(const OID& usage) const @@ -552,7 +552,7 @@ bool X509_Certificate::has_constraints(Key_Constraints constraints) const bool X509_Certificate::has_ex_constraint(const std::string& ex_constraint) const { - return has_ex_constraint(OIDS::str2oid(ex_constraint)); + return has_ex_constraint(OIDS::str2oid_or_throw(ex_constraint)); } bool X509_Certificate::has_ex_constraint(const OID& usage) const @@ -566,7 +566,7 @@ bool X509_Certificate::has_ex_constraint(const OID& usage) const */ bool X509_Certificate::is_critical(const std::string& ex_name) const { - return v3_extensions().critical_extension_set(OIDS::str2oid(ex_name)); + return v3_extensions().critical_extension_set(OIDS::str2oid_or_throw(ex_name)); } std::string X509_Certificate::ocsp_responder() const @@ -695,7 +695,7 @@ std::vector<std::string> lookup_oids(const std::vector<OID>& oids) for(const OID& oid : oids) { - out.push_back(OIDS::oid2str(oid)); + out.push_back(OIDS::oid2str_or_raw(oid)); } return out; } @@ -823,12 +823,8 @@ std::string X509_Certificate::to_string() const out << "Extended Constraints:\n"; for(auto&& oid : ex_constraints) { - const std::string oid_str = OIDS::oid2str(oid); - - if(oid_str.empty()) - out << " " << oid.to_string() << "\n"; - else - out << " " << oid_str << "\n"; + const std::string oid_str = OIDS::oid2str_or_raw(oid); + out << " " << oid.to_string() << "\n"; } } @@ -874,7 +870,7 @@ std::string X509_Certificate::to_string() const out << "CRL " << crl_distribution_point() << "\n"; out << "Signature algorithm: " << - OIDS::oid2str(this->signature_algorithm().get_oid()) << "\n"; + OIDS::oid2str_or_raw(this->signature_algorithm().get_oid()) << "\n"; out << "Serial number: " << hex_encode(this->serial_number()) << "\n"; diff --git a/src/lib/x509/x509opt.cpp b/src/lib/x509/x509opt.cpp index e31ead91f..723d57742 100644 --- a/src/lib/x509/x509opt.cpp +++ b/src/lib/x509/x509opt.cpp @@ -49,7 +49,7 @@ void X509_Cert_Options::add_ex_constraint(const OID& oid) */ void X509_Cert_Options::add_ex_constraint(const std::string& oid_str) { - ex_constraints.push_back(OIDS::lookup(oid_str)); + ex_constraints.push_back(OIDS::str2oid_or_throw(oid_str)); } /* diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index cecefcc79..52be8263f 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -117,7 +117,7 @@ PKIX::check_chain(const std::vector<std::shared_ptr<const X509_Certificate>>& ce std::unique_ptr<Public_Key> issuer_key(issuer->subject_public_key()); // Check the signature algorithm - if(OIDS::lookup(subject->signature_algorithm().oid).empty()) + if(OIDS::oid2str_or_empty(subject->signature_algorithm().oid).empty()) { status.insert(Certificate_Status_Code::SIGNATURE_ALGO_UNKNOWN); } @@ -298,8 +298,11 @@ PKIX::check_crl(const std::vector<std::shared_ptr<const X509_Certificate>>& cert for(const auto& extension : crls[i]->extensions().extensions()) { + // XXX this is wrong - the OID might be defined but the extention not full parsed + // for example see #1652 + // is the extension critical and unknown? - if(extension.second && OIDS::lookup(extension.first->oid_of()) == "") + if(extension.second && OIDS::oid2str_or_empty(extension.first->oid_of()) == "") { /* NIST Certificate Path Valiadation Testing document: "When an implementation does not recognize a critical extension in the * crlExtensions field, it shall assume that identified certificates have been revoked and are no longer valid" diff --git a/src/lib/x509/x509self.cpp b/src/lib/x509/x509self.cpp index d84544eff..d848185ec 100644 --- a/src/lib/x509/x509self.cpp +++ b/src/lib/x509/x509self.cpp @@ -35,7 +35,7 @@ void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn, subject_dn.add_attribute("X520.SerialNumber", opts.serial_number); subject_alt = AlternativeName(opts.email, opts.uri, opts.dns, opts.ip); - subject_alt.add_othername(OIDS::lookup("PKIX.XMPPAddr"), + subject_alt.add_othername(OIDS::str2oid_or_throw("PKIX.XMPPAddr"), opts.xmpp, UTF8_STRING); for(auto dns : opts.more_dns) diff --git a/src/tests/test_ecc_pointmul.cpp b/src/tests/test_ecc_pointmul.cpp index 5c91f479b..2be321551 100644 --- a/src/tests/test_ecc_pointmul.cpp +++ b/src/tests/test_ecc_pointmul.cpp @@ -29,7 +29,7 @@ class ECC_Pointmult_Tests final : public Text_Based_Test const Botan::BigInt X = vars.get_req_bn("X"); const Botan::BigInt Y = vars.get_req_bn("Y"); - Botan::EC_Group group(Botan::OIDS::lookup(group_id)); + Botan::EC_Group group(Botan::OIDS::str2oid_or_throw(group_id)); const Botan::PointGFp& base_point = group.get_base_point(); diff --git a/src/tests/test_ecdsa.cpp b/src/tests/test_ecdsa.cpp index 296ae5175..4102a3b87 100644 --- a/src/tests/test_ecdsa.cpp +++ b/src/tests/test_ecdsa.cpp @@ -39,7 +39,7 @@ class ECDSA_Verification_Tests final : public PK_Signature_Verification_Test const std::string group_id = vars.get_req_str("Group"); const BigInt px = vars.get_req_bn("Px"); const BigInt py = vars.get_req_bn("Py"); - Botan::EC_Group group(Botan::OIDS::lookup(group_id)); + Botan::EC_Group group(Botan::OIDS::str2oid_or_throw(group_id)); const Botan::PointGFp public_point = group.point(px, py); @@ -79,7 +79,7 @@ class ECDSA_Wycheproof_Verification_Tests final : public PK_Signature_Verificati const std::string group_id = vars.get_req_str("Group"); const BigInt px = vars.get_req_bn("Px"); const BigInt py = vars.get_req_bn("Py"); - Botan::EC_Group group(Botan::OIDS::lookup(group_id)); + Botan::EC_Group group(Botan::OIDS::str2oid_or_throw(group_id)); const Botan::PointGFp public_point = group.point(px, py); @@ -115,7 +115,7 @@ class ECDSA_Signature_KAT_Tests final : public PK_Signature_Generation_Test { const std::string group_id = vars.get_req_str("Group"); const BigInt x = vars.get_req_bn("X"); - Botan::EC_Group group(Botan::OIDS::lookup(group_id)); + Botan::EC_Group group(Botan::OIDS::str2oid_or_throw(group_id)); std::unique_ptr<Botan::Private_Key> key(new Botan::ECDSA_PrivateKey(Test::rng(), group, x)); return key; @@ -218,7 +218,7 @@ class ECDSA_Invalid_Key_Tests final : public Text_Based_Test Test::Result result("ECDSA invalid keys"); const std::string group_id = vars.get_req_str("Group"); - Botan::EC_Group group(Botan::OIDS::lookup(group_id)); + Botan::EC_Group group(Botan::OIDS::str2oid_or_throw(group_id)); const Botan::BigInt x = vars.get_req_bn("InvalidKeyX"); const Botan::BigInt y = vars.get_req_bn("InvalidKeyY"); diff --git a/src/tests/test_ecgdsa.cpp b/src/tests/test_ecgdsa.cpp index 5ddb5b9f8..30f83cb3c 100644 --- a/src/tests/test_ecgdsa.cpp +++ b/src/tests/test_ecgdsa.cpp @@ -37,7 +37,7 @@ class ECGDSA_Signature_KAT_Tests final : public PK_Signature_Generation_Test { const std::string group_id = vars.get_req_str("Group"); const BigInt x = vars.get_req_bn("X"); - Botan::EC_Group group(Botan::OIDS::lookup(group_id)); + Botan::EC_Group group(Botan::OIDS::str2oid_or_throw(group_id)); std::unique_ptr<Botan::Private_Key> key(new Botan::ECGDSA_PrivateKey(Test::rng(), group, x)); return key; diff --git a/src/tests/test_eckcdsa.cpp b/src/tests/test_eckcdsa.cpp index c6a8cdd7b..6c9a33bae 100644 --- a/src/tests/test_eckcdsa.cpp +++ b/src/tests/test_eckcdsa.cpp @@ -38,7 +38,7 @@ class ECKCDSA_Signature_KAT_Tests final : public PK_Signature_Generation_Test { const std::string group_id = vars.get_req_str("Group"); const BigInt x = vars.get_req_bn("X"); - Botan::EC_Group group(Botan::OIDS::lookup(group_id)); + Botan::EC_Group group(Botan::OIDS::str2oid_or_throw(group_id)); std::unique_ptr<Botan::Private_Key> key(new Botan::ECKCDSA_PrivateKey(Test::rng(), group, x)); return key; diff --git a/src/tests/test_hash_id.cpp b/src/tests/test_hash_id.cpp index e58c0a5e7..f98b3277f 100644 --- a/src/tests/test_hash_id.cpp +++ b/src/tests/test_hash_id.cpp @@ -52,7 +52,7 @@ class PKCS_HashID_Test final : public Test { const std::vector<uint8_t> pkcs_id = Botan::pkcs_hash_id(hash_fn); - const Botan::OID oid = Botan::OIDS::lookup(hash_fn); + const Botan::OID oid = Botan::OIDS::str2oid_or_throw(hash_fn); const Botan::AlgorithmIdentifier alg(oid, Botan::AlgorithmIdentifier::USE_NULL_PARAM); const std::vector<uint8_t> dummy_hash(hash_len); diff --git a/src/tests/test_oid.cpp b/src/tests/test_oid.cpp index 42da391e0..b8c6d5d7f 100644 --- a/src/tests/test_oid.cpp +++ b/src/tests/test_oid.cpp @@ -26,8 +26,8 @@ Test::Result test_add_have_OID() result.test_eq("OID 'botan-test-oid1' added successfully", Botan::OIDS::have_oid("botan-test-oid1"), true); - result.test_eq("name of OID '1.2.345.6.666' is 'botan-test-oid1'", Botan::OIDS::name_of(Botan::OID("1.2.345.6.666"), - "botan-test-oid1"), true); + result.test_eq("name of OID '1.2.345.6.666' is 'botan-test-oid1'", + Botan::OIDS::oid2str_or_throw(Botan::OID("1.2.345.6.666")), "botan-test-oid1"); return result; } @@ -42,8 +42,8 @@ Test::Result test_add_have_OID_str() result.test_eq("OID 'botan-test-oid2' added successfully", Botan::OIDS::have_oid("botan-test-oid2"), true); - result.test_eq("name of OID '1.2.345.6.777' is 'botan-test-oid2'", Botan::OIDS::name_of(Botan::OID("1.2.345.6.777"), - "botan-test-oid2"), true); + result.test_eq("name of OID '1.2.345.6.777' is 'botan-test-oid2'", + Botan::OIDS::oid2str_or_throw(Botan::OID("1.2.345.6.777")), "botan-test-oid2"); return result; } @@ -51,21 +51,25 @@ Test::Result test_add_and_lookup() { Test::Result result("OID add and lookup"); - result.test_eq("OIDS::lookup returns empty string for non-existent OID object", - Botan::OIDS::lookup(Botan::OID("1.2.345.6.888")), std::string()); + result.test_eq("OIDS::oid2str_or_empty returns empty string for non-existent OID object", + Botan::OIDS::oid2str_or_empty(Botan::OID("1.2.345.6.888")), std::string()); - result.test_eq("OIDS::lookup returns empty OID for non-existent OID name", Botan::OIDS::lookup("botan-test-oid3").to_string(), Botan::OID().to_string()); + result.test_eq("OIDS::str2oid_or_empty returns empty OID for non-existent OID name", + Botan::OIDS::str2oid_or_empty("botan-test-oid3").to_string(), Botan::OID().to_string()); // add oid -> string mapping Botan::OIDS::add_oid2str(Botan::OID("1.2.345.6.888"), "botan-test-oid3"); - result.test_eq("", Botan::OIDS::lookup(Botan::OID("1.2.345.6.888")), "botan-test-oid3"); + result.test_eq("Lookup works after adding the OID", + Botan::OIDS::oid2str_or_throw(Botan::OID("1.2.345.6.888")), "botan-test-oid3"); // still returns empty OID - result.test_eq("OIDS::lookup still returns empty OID without adding name mapping", Botan::OIDS::lookup("botan-test-oid3").to_string(), Botan::OID().to_string()); + result.test_eq("OIDS::str2oid_or_empty still returns empty OID without adding name mapping", + Botan::OIDS::str2oid_or_empty("botan-test-oid3").to_string(), Botan::OID().to_string()); // add string -> oid mapping Botan::OIDS::add_str2oid(Botan::OID("1.2.345.6.888"), "botan-test-oid3"); - Botan::OIDS::lookup("botan-test-oid3"); + result.test_eq("OIDS::str2oid_or_empty returns value after adding name mapping", + Botan::OIDS::str2oid_or_empty("botan-test-oid3").to_string(), Botan::OID({1,2,345,6,888}).to_string()); return result; } diff --git a/src/tests/unit_ecc.cpp b/src/tests/unit_ecc.cpp index 08d08b516..46aef2b17 100644 --- a/src/tests/unit_ecc.cpp +++ b/src/tests/unit_ecc.cpp @@ -274,7 +274,7 @@ class EC_Group_Tests : public Test { Test::Result result("EC_Group " + group_name); - const Botan::OID oid = Botan::OIDS::lookup(group_name); + const Botan::OID oid = Botan::OIDS::str2oid_or_throw(group_name); const Botan::EC_Group group(oid); diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index ee8ffc375..b397fad2f 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -82,7 +82,7 @@ Test::Result test_decode_ecdsa_X509() Test::Result result("ECDSA Unit"); Botan::X509_Certificate cert(Test::data_file("x509/ecc/CSCA.CSCA.csca-germany.1.crt")); - result.test_eq("correct signature oid", Botan::OIDS::lookup(cert.signature_algorithm().get_oid()), "ECDSA/EMSA1(SHA-224)"); + result.test_eq("correct signature oid", Botan::OIDS::oid2str_or_throw(cert.signature_algorithm().get_oid()), "ECDSA/EMSA1(SHA-224)"); result.test_eq("serial number", cert.serial_number(), Botan::hex_decode("01")); result.test_eq("authority key id", cert.authority_key_id(), cert.subject_key_id()); diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 69ffe3823..6b1b24834 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -8,7 +8,6 @@ #include "tests.h" #if defined(BOTAN_HAS_X509_CERTIFICATES) - #include <botan/calendar.h> #include <botan/pkcs10.h> #include <botan/pkcs8.h> @@ -20,7 +19,6 @@ #include <botan/der_enc.h> #include <botan/oids.h> #include <botan/internal/padding.h> - #endif namespace Botan_Tests { @@ -429,7 +427,7 @@ Test::Result test_rsa_oaep() result.test_not_null("Decoding RSA-OAEP worked", public_key.get()); auto pk_info = cert.subject_public_key_algo(); - result.test_eq("RSA-OAEP OID", pk_info.get_oid().to_string(), Botan::OIDS::lookup("RSA/OAEP").to_string()); + result.test_eq("RSA-OAEP OID", pk_info.get_oid().to_string(), Botan::OIDS::str2oid_or_throw("RSA/OAEP").to_string()); #endif return result; @@ -604,13 +602,13 @@ Test::Result test_verify_gost2012_cert() Botan::X509_Certificate ca_cert_def = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); test_result.test_eq("CA certificate signature algorithm (default)", - Botan::OIDS::lookup(ca_cert_def.signature_algorithm().oid),"RSA/EMSA3(SHA-512)"); + Botan::OIDS::oid2str_or_throw(ca_cert_def.signature_algorithm().oid),"RSA/EMSA3(SHA-512)"); // Create X509 CA certificate; RSA-PSS is explicitly set opt.set_padding_scheme("PSSR"); Botan::X509_Certificate ca_cert_exp = Botan::X509::create_self_signed_cert(opt, (*sk), "SHA-512", Test::rng()); test_result.test_eq("CA certificate signature algorithm (explicit)", - Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); + Botan::OIDS::oid2str_or_throw(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); #if defined(BOTAN_HAS_EMSA1) @@ -630,7 +628,7 @@ Test::Result test_verify_gost2012_cert() #endif test_result.test_eq("CA certificate signature algorithm (explicit)", - Botan::OIDS::lookup(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); + Botan::OIDS::oid2str_or_throw(ca_cert_exp.signature_algorithm().oid),"RSA/EMSA4"); const Botan::X509_Time not_before = from_date(-1, 1, 1); const Botan::X509_Time not_after = from_date(2, 1, 2); @@ -639,7 +637,7 @@ Test::Result test_verify_gost2012_cert() Botan::X509_Cert_Options req_opt("endpoint"); req_opt.set_padding_scheme("EMSA4(SHA-512,MGF1,64)"); Botan::PKCS10_Request end_req = Botan::X509::create_cert_req(req_opt, (*sk), "SHA-512", Test::rng()); - test_result.test_eq("Certificate request signature algorithm", Botan::OIDS::lookup(end_req.signature_algorithm().oid),"RSA/EMSA4"); + test_result.test_eq("Certificate request signature algorithm", Botan::OIDS::oid2str_or_throw(end_req.signature_algorithm().oid),"RSA/EMSA4"); // Create X509 CA object: will fail as the chosen hash functions differ try @@ -657,21 +655,21 @@ Test::Result test_verify_gost2012_cert() // Create X509 CA object: its signer will use the padding scheme from the CA certificate, i.e. EMSA3 Botan::X509_CA ca_def(ca_cert_def, (*sk), "SHA-512", Test::rng()); Botan::X509_Certificate end_cert_emsa3 = ca_def.sign_request(end_req, Test::rng(), not_before, not_after); - test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_emsa3.signature_algorithm().oid), "RSA/EMSA3(SHA-512)"); + test_result.test_eq("End certificate signature algorithm", Botan::OIDS::oid2str_or_throw(end_cert_emsa3.signature_algorithm().oid), "RSA/EMSA3(SHA-512)"); // Create X509 CA object: its signer will use the explicitly configured padding scheme, which is different from the CA certificate's scheme Botan::X509_CA ca_diff(ca_cert_def, (*sk), {{"padding","EMSA-PSS"}}, "SHA-512", Test::rng()); Botan::X509_Certificate end_cert_diff_emsa4 = ca_diff.sign_request(end_req, Test::rng(), not_before, not_after); - test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_diff_emsa4.signature_algorithm().oid), "RSA/EMSA4"); + test_result.test_eq("End certificate signature algorithm", Botan::OIDS::oid2str_or_throw(end_cert_diff_emsa4.signature_algorithm().oid), "RSA/EMSA4"); // Create X509 CA object: its signer will use the explicitly configured padding scheme, which is identical to the CA certificate's scheme Botan::X509_CA ca_exp(ca_cert_exp, (*sk), {{"padding","EMSA4(SHA-512,MGF1,64)"}},"SHA-512", Test::rng()); Botan::X509_Certificate end_cert_emsa4= ca_exp.sign_request(end_req, Test::rng(), not_before, not_after); - test_result.test_eq("End certificate signature algorithm", Botan::OIDS::lookup(end_cert_emsa4.signature_algorithm().oid), "RSA/EMSA4"); + test_result.test_eq("End certificate signature algorithm", Botan::OIDS::oid2str_or_throw(end_cert_emsa4.signature_algorithm().oid), "RSA/EMSA4"); // Check CRL signature algorithm Botan::X509_CRL crl = ca_exp.new_crl(Test::rng()); - test_result.test_eq("CRL signature algorithm", Botan::OIDS::lookup(crl.signature_algorithm().oid), "RSA/EMSA4"); + test_result.test_eq("CRL signature algorithm", Botan::OIDS::oid2str_or_throw(crl.signature_algorithm().oid), "RSA/EMSA4"); // sanity check for verification, the heavy lifting is done in the other unit tests const Botan::Certificate_Store_In_Memory trusted(ca_exp.ca_certificate()); @@ -1392,7 +1390,7 @@ Test::Result test_x509_extensions(const Botan::Private_Key& ca_key, // include a custom extension in the request Botan::Extensions req_extensions; const Botan::OID oid("1.2.3.4.5.6.7.8.9.1"); - const Botan::OID ku_oid = Botan::OIDS::lookup("X509v3.KeyUsage"); + const Botan::OID ku_oid = Botan::OIDS::str2oid_or_throw("X509v3.KeyUsage"); req_extensions.add(new String_Extension("AAAAAAAAAAAAAABCDEF"), false); opts.extensions = req_extensions; opts.set_padding_scheme(sig_padding); |