1// Copyright 2016 The BoringSSL Authors 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// https://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15//go:build ignore 16 17package main 18 19import ( 20 "bufio" 21 "bytes" 22 "errors" 23 "fmt" 24 "os" 25 "os/exec" 26 "sort" 27 "strconv" 28 "strings" 29) 30 31func sanitizeName(in string) string { 32 in = strings.Replace(in, "-", "_", -1) 33 in = strings.Replace(in, ".", "_", -1) 34 in = strings.Replace(in, " ", "_", -1) 35 return in 36} 37 38type object struct { 39 name string 40 // shortName and longName are the short and long names, respectively. If 41 // one is missing, it takes the value of the other, but the 42 // corresponding SN_foo or LN_foo macro is not defined. 43 shortName, longName string 44 hasShortName, hasLongName bool 45 oid []int 46 encoded []byte 47} 48 49type objects struct { 50 // byNID is the list of all objects, indexed by nid. 51 byNID []object 52 // nameToNID is a map from object name to nid. 53 nameToNID map[string]int 54} 55 56func readNumbers(path string) (nameToNID map[string]int, numNIDs int, err error) { 57 in, err := os.Open(path) 58 if err != nil { 59 return nil, 0, err 60 } 61 defer in.Close() 62 63 nameToNID = make(map[string]int) 64 nidsSeen := make(map[int]struct{}) 65 66 // Reserve NID 0 for NID_undef. 67 numNIDs = 1 68 nameToNID["undef"] = 0 69 nidsSeen[0] = struct{}{} 70 71 var lineNo int 72 scanner := bufio.NewScanner(in) 73 for scanner.Scan() { 74 line := scanner.Text() 75 lineNo++ 76 withLine := func(err error) error { 77 return fmt.Errorf("%s:%d: %s", path, lineNo, err) 78 } 79 80 fields := strings.Fields(line) 81 if len(fields) == 0 { 82 // Skip blank lines. 83 continue 84 } 85 86 // Each line is a name and a nid, separated by space. 87 if len(fields) != 2 { 88 return nil, 0, withLine(errors.New("syntax error")) 89 } 90 name := fields[0] 91 nid, err := strconv.Atoi(fields[1]) 92 if err != nil { 93 return nil, 0, withLine(err) 94 } 95 if nid < 0 { 96 return nil, 0, withLine(errors.New("invalid NID")) 97 } 98 99 // NID_undef is implicitly defined. 100 if name == "undef" && nid == 0 { 101 continue 102 } 103 104 // Forbid duplicates. 105 if _, ok := nameToNID[name]; ok { 106 return nil, 0, withLine(fmt.Errorf("duplicate name %q", name)) 107 } 108 if _, ok := nidsSeen[nid]; ok { 109 return nil, 0, withLine(fmt.Errorf("duplicate NID %d", nid)) 110 } 111 112 nameToNID[name] = nid 113 nidsSeen[nid] = struct{}{} 114 115 if nid >= numNIDs { 116 numNIDs = nid + 1 117 } 118 } 119 if err := scanner.Err(); err != nil { 120 return nil, 0, fmt.Errorf("error reading %s: %s", path, err) 121 } 122 123 return nameToNID, numNIDs, nil 124} 125 126func parseOID(aliases map[string][]int, in []string) (oid []int, err error) { 127 if len(in) == 0 { 128 return 129 } 130 131 // The first entry may be a reference to a previous alias. 132 if alias, ok := aliases[sanitizeName(in[0])]; ok { 133 in = in[1:] 134 oid = append(oid, alias...) 135 } 136 137 for _, c := range in { 138 val, err := strconv.Atoi(c) 139 if err != nil { 140 return nil, err 141 } 142 if val < 0 { 143 return nil, fmt.Errorf("negative component") 144 } 145 oid = append(oid, val) 146 } 147 return 148} 149 150func appendBase128(dst []byte, value int) []byte { 151 // Zero is encoded with one, not zero bytes. 152 if value == 0 { 153 return append(dst, 0) 154 } 155 156 // Count how many bytes are needed. 157 var l int 158 for n := value; n != 0; n >>= 7 { 159 l++ 160 } 161 for ; l > 0; l-- { 162 b := byte(value>>uint(7*(l-1))) & 0x7f 163 if l > 1 { 164 b |= 0x80 165 } 166 dst = append(dst, b) 167 } 168 return dst 169} 170 171func encodeOID(oid []int) []byte { 172 if len(oid) < 2 { 173 return nil 174 } 175 176 var der []byte 177 der = appendBase128(der, 40*oid[0]+oid[1]) 178 for _, value := range oid[2:] { 179 der = appendBase128(der, value) 180 } 181 return der 182} 183 184func readObjects(numPath, objectsPath string) (*objects, error) { 185 nameToNID, numNIDs, err := readNumbers(numPath) 186 if err != nil { 187 return nil, err 188 } 189 190 in, err := os.Open(objectsPath) 191 if err != nil { 192 return nil, err 193 } 194 defer in.Close() 195 196 // Implicitly define NID_undef. 197 objs := &objects{ 198 byNID: make([]object, numNIDs), 199 nameToNID: make(map[string]int), 200 } 201 202 objs.byNID[0] = object{ 203 name: "undef", 204 shortName: "UNDEF", 205 longName: "undefined", 206 hasShortName: true, 207 hasLongName: true, 208 } 209 objs.nameToNID["undef"] = 0 210 211 var module, nextName string 212 var lineNo int 213 longNamesSeen := make(map[string]struct{}) 214 shortNamesSeen := make(map[string]struct{}) 215 aliases := make(map[string][]int) 216 scanner := bufio.NewScanner(in) 217 for scanner.Scan() { 218 line := scanner.Text() 219 lineNo++ 220 withLine := func(err error) error { 221 return fmt.Errorf("%s:%d: %s", objectsPath, lineNo, err) 222 } 223 224 // Remove comments. 225 idx := strings.IndexRune(line, '#') 226 if idx >= 0 { 227 line = line[:idx] 228 } 229 230 // Skip empty lines. 231 line = strings.TrimSpace(line) 232 if len(line) == 0 { 233 continue 234 } 235 236 if line[0] == '!' { 237 args := strings.Fields(line) 238 switch args[0] { 239 case "!module": 240 if len(args) != 2 { 241 return nil, withLine(errors.New("too many arguments")) 242 } 243 module = sanitizeName(args[1]) + "_" 244 case "!global": 245 module = "" 246 case "!Cname": 247 // !Cname directives override the name for the 248 // next object. 249 if len(args) != 2 { 250 return nil, withLine(errors.New("too many arguments")) 251 } 252 nextName = sanitizeName(args[1]) 253 case "!Alias": 254 // !Alias directives define an alias for an OID 255 // without emitting an object. 256 if len(nextName) != 0 { 257 return nil, withLine(errors.New("!Cname directives may not modify !Alias directives.")) 258 } 259 if len(args) < 3 { 260 return nil, withLine(errors.New("not enough arguments")) 261 } 262 aliasName := module + sanitizeName(args[1]) 263 oid, err := parseOID(aliases, args[2:]) 264 if err != nil { 265 return nil, withLine(err) 266 } 267 if _, ok := aliases[aliasName]; ok { 268 return nil, withLine(fmt.Errorf("duplicate name '%s'", aliasName)) 269 } 270 aliases[aliasName] = oid 271 default: 272 return nil, withLine(fmt.Errorf("unknown directive '%s'", args[0])) 273 } 274 continue 275 } 276 277 fields := strings.Split(line, ":") 278 if len(fields) < 2 || len(fields) > 3 { 279 return nil, withLine(errors.New("invalid field count")) 280 } 281 282 obj := object{name: nextName} 283 nextName = "" 284 285 var err error 286 obj.oid, err = parseOID(aliases, strings.Fields(fields[0])) 287 if err != nil { 288 return nil, withLine(err) 289 } 290 obj.encoded = encodeOID(obj.oid) 291 292 obj.shortName = strings.TrimSpace(fields[1]) 293 if len(fields) == 3 { 294 obj.longName = strings.TrimSpace(fields[2]) 295 } 296 297 // Long and short names default to each other if missing. 298 if len(obj.shortName) == 0 { 299 obj.shortName = obj.longName 300 } else { 301 obj.hasShortName = true 302 } 303 if len(obj.longName) == 0 { 304 obj.longName = obj.shortName 305 } else { 306 obj.hasLongName = true 307 } 308 if len(obj.shortName) == 0 || len(obj.longName) == 0 { 309 return nil, withLine(errors.New("object with no name")) 310 } 311 312 // If not already specified, prefer the long name if it has no 313 // spaces, otherwise the short name. 314 if len(obj.name) == 0 && strings.IndexRune(obj.longName, ' ') < 0 { 315 obj.name = sanitizeName(obj.longName) 316 } 317 if len(obj.name) == 0 { 318 obj.name = sanitizeName(obj.shortName) 319 } 320 obj.name = module + obj.name 321 322 // Check for duplicate names. 323 if _, ok := aliases[obj.name]; ok { 324 return nil, withLine(fmt.Errorf("duplicate name '%s'", obj.name)) 325 } 326 if _, ok := shortNamesSeen[obj.shortName]; ok && len(obj.shortName) > 0 { 327 return nil, withLine(fmt.Errorf("duplicate short name '%s'", obj.shortName)) 328 } 329 if _, ok := longNamesSeen[obj.longName]; ok && len(obj.longName) > 0 { 330 return nil, withLine(fmt.Errorf("duplicate long name '%s'", obj.longName)) 331 } 332 333 // Allocate a NID. 334 nid, ok := nameToNID[obj.name] 335 if !ok { 336 nid = len(objs.byNID) 337 objs.byNID = append(objs.byNID, object{}) 338 } 339 340 objs.byNID[nid] = obj 341 objs.nameToNID[obj.name] = nid 342 343 longNamesSeen[obj.longName] = struct{}{} 344 shortNamesSeen[obj.shortName] = struct{}{} 345 aliases[obj.name] = obj.oid 346 } 347 if err := scanner.Err(); err != nil { 348 return nil, err 349 } 350 351 // The kNIDsIn*Order constants assume each NID fits in a uint16_t. 352 if len(objs.byNID) > 0xffff { 353 return nil, errors.New("too many NIDs allocated") 354 } 355 356 return objs, nil 357} 358 359func writeNumbers(path string, objs *objects) error { 360 out, err := os.Create(path) 361 if err != nil { 362 return err 363 } 364 defer out.Close() 365 366 for nid, obj := range objs.byNID { 367 if len(obj.name) == 0 { 368 continue 369 } 370 if _, err := fmt.Fprintf(out, "%s\t\t%d\n", obj.name, nid); err != nil { 371 return err 372 } 373 } 374 return nil 375} 376 377func clangFormat(input string) (string, error) { 378 var b bytes.Buffer 379 cmd := exec.Command("clang-format") 380 cmd.Stdin = strings.NewReader(input) 381 cmd.Stdout = &b 382 cmd.Stderr = os.Stderr 383 if err := cmd.Run(); err != nil { 384 return "", err 385 } 386 return b.String(), nil 387} 388 389func writeHeader(path string, objs *objects) error { 390 var b bytes.Buffer 391 fmt.Fprintf(&b, `// Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 392// 393// Licensed under the Apache License, Version 2.0 (the "License"); 394// you may not use this file except in compliance with the License. 395// You may obtain a copy of the License at 396// 397// https://www.apache.org/licenses/LICENSE-2.0 398// 399// Unless required by applicable law or agreed to in writing, software 400// distributed under the License is distributed on an "AS IS" BASIS, 401// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 402// See the License for the specific language governing permissions and 403// limitations under the License. 404 405// This file is generated by crypto/obj/objects.go. 406 407#ifndef OPENSSL_HEADER_NID_H 408#define OPENSSL_HEADER_NID_H 409 410#include <openssl/base.h> // IWYU pragma: export 411 412#if defined(__cplusplus) 413extern "C" { 414#endif 415 416 417// The nid library provides numbered values for ASN.1 object identifiers and 418// other symbols. These values are used by other libraries to identify 419// cryptographic primitives. 420// 421// A separate objects library, obj.h, provides functions for converting between 422// nids and object identifiers. However it depends on large internal tables with 423// the encodings of every nid defined. Consumers concerned with binary size 424// should instead embed the encodings of the few consumed OIDs and compare 425// against those. 426// 427// These values should not be used outside of a single process; they are not 428// stable identifiers. 429 430 431`) 432 433 for nid, obj := range objs.byNID { 434 if len(obj.name) == 0 { 435 continue 436 } 437 438 if obj.hasShortName { 439 fmt.Fprintf(&b, "#define SN_%s \"%s\"\n", obj.name, obj.shortName) 440 } 441 if obj.hasLongName { 442 fmt.Fprintf(&b, "#define LN_%s \"%s\"\n", obj.name, obj.longName) 443 } 444 fmt.Fprintf(&b, "#define NID_%s %d\n", obj.name, nid) 445 446 // Although NID_undef does not have an OID, OpenSSL emits 447 // OBJ_undef as if it were zero. 448 oid := obj.oid 449 if nid == 0 { 450 oid = []int{0} 451 } 452 if len(oid) != 0 { 453 var oidStr string 454 for _, val := range oid { 455 if len(oidStr) != 0 { 456 oidStr += "," 457 } 458 oidStr += fmt.Sprintf("%dL", val) 459 } 460 461 fmt.Fprintf(&b, "#define OBJ_%s %s\n", obj.name, oidStr) 462 } 463 464 fmt.Fprintf(&b, "\n") 465 } 466 467 fmt.Fprintf(&b, ` 468#if defined(__cplusplus) 469} /* extern C */ 470#endif 471 472#endif /* OPENSSL_HEADER_NID_H */ 473`) 474 475 formatted, err := clangFormat(b.String()) 476 if err != nil { 477 return err 478 } 479 480 return os.WriteFile(path, []byte(formatted), 0666) 481} 482 483func sortNIDs(nids []int, objs *objects, cmp func(a, b object) bool) { 484 sort.Slice(nids, func(i, j int) bool { return cmp(objs.byNID[nids[i]], objs.byNID[nids[j]]) }) 485} 486 487func writeData(path string, objs *objects) error { 488 var b bytes.Buffer 489 fmt.Fprintf(&b, `// Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 490// 491// Licensed under the Apache License, Version 2.0 (the "License"); 492// you may not use this file except in compliance with the License. 493// You may obtain a copy of the License at 494// 495// https://www.apache.org/licenses/LICENSE-2.0 496// 497// Unless required by applicable law or agreed to in writing, software 498// distributed under the License is distributed on an "AS IS" BASIS, 499// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 500// See the License for the specific language governing permissions and 501// limitations under the License. 502 503// This file is generated by crypto/obj/objects.go. 504 505 506`) 507 508 fmt.Fprintf(&b, "#define NUM_NID %d\n", len(objs.byNID)) 509 510 // Emit each object's DER encoding, concatenated, and save the offsets. 511 fmt.Fprintf(&b, "\nstatic const uint8_t kObjectData[] = {\n") 512 offsets := make([]int, len(objs.byNID)) 513 var nextOffset int 514 for nid, obj := range objs.byNID { 515 if len(obj.name) == 0 || len(obj.encoded) == 0 { 516 offsets[nid] = -1 517 continue 518 } 519 520 offsets[nid] = nextOffset 521 nextOffset += len(obj.encoded) 522 fmt.Fprintf(&b, "/* NID_%s */\n", obj.name) 523 for _, val := range obj.encoded { 524 fmt.Fprintf(&b, "0x%02x, ", val) 525 } 526 fmt.Fprintf(&b, "\n") 527 } 528 fmt.Fprintf(&b, "};\n") 529 530 // Emit an ASN1_OBJECT for each object. 531 fmt.Fprintf(&b, "\nstatic const ASN1_OBJECT kObjects[NUM_NID] = {\n") 532 for nid, obj := range objs.byNID { 533 // Skip the entry for NID_undef. It is stored separately, so that 534 // OBJ_get_undef avoids pulling in the table. 535 if nid == 0 { 536 continue 537 } 538 539 if len(obj.name) == 0 { 540 fmt.Fprintf(&b, "{NULL, NULL, NID_undef, 0, NULL, 0},\n") 541 continue 542 } 543 544 fmt.Fprintf(&b, "{\"%s\", \"%s\", NID_%s, ", obj.shortName, obj.longName, obj.name) 545 if offset := offsets[nid]; offset >= 0 { 546 fmt.Fprintf(&b, "%d, &kObjectData[%d], 0},\n", len(obj.encoded), offset) 547 } else { 548 fmt.Fprintf(&b, "0, NULL, 0},\n") 549 } 550 } 551 fmt.Fprintf(&b, "};\n") 552 553 // Emit a list of NIDs sorted by short name. 554 var nids []int 555 for nid, obj := range objs.byNID { 556 if len(obj.name) == 0 || len(obj.shortName) == 0 { 557 continue 558 } 559 nids = append(nids, nid) 560 } 561 sortNIDs(nids, objs, func(a, b object) bool { return a.shortName < b.shortName }) 562 563 fmt.Fprintf(&b, "\nstatic const uint16_t kNIDsInShortNameOrder[] = {\n") 564 for _, nid := range nids { 565 // Including NID_undef in the table does not do anything. Whether OBJ_sn2nid 566 // finds the object or not, it will return NID_undef. 567 if nid != 0 { 568 fmt.Fprintf(&b, "%d /* %s */,\n", nid, objs.byNID[nid].shortName) 569 } 570 } 571 fmt.Fprintf(&b, "};\n") 572 573 // Emit a list of NIDs sorted by long name. 574 nids = nil 575 for nid, obj := range objs.byNID { 576 if len(obj.name) == 0 || len(obj.longName) == 0 { 577 continue 578 } 579 nids = append(nids, nid) 580 } 581 sortNIDs(nids, objs, func(a, b object) bool { return a.longName < b.longName }) 582 583 fmt.Fprintf(&b, "\nstatic const uint16_t kNIDsInLongNameOrder[] = {\n") 584 for _, nid := range nids { 585 // Including NID_undef in the table does not do anything. Whether OBJ_ln2nid 586 // finds the object or not, it will return NID_undef. 587 if nid != 0 { 588 fmt.Fprintf(&b, "%d /* %s */,\n", nid, objs.byNID[nid].longName) 589 } 590 } 591 fmt.Fprintf(&b, "};\n") 592 593 // Emit a list of NIDs sorted by OID. 594 nids = nil 595 for nid, obj := range objs.byNID { 596 if len(obj.name) == 0 || len(obj.encoded) == 0 { 597 continue 598 } 599 nids = append(nids, nid) 600 } 601 sortNIDs(nids, objs, func(a, b object) bool { 602 // This comparison must match the definition of |obj_cmp|. 603 if len(a.encoded) < len(b.encoded) { 604 return true 605 } 606 if len(a.encoded) > len(b.encoded) { 607 return false 608 } 609 return bytes.Compare(a.encoded, b.encoded) < 0 610 }) 611 612 fmt.Fprintf(&b, "\nstatic const uint16_t kNIDsInOIDOrder[] = {\n") 613 for _, nid := range nids { 614 obj := objs.byNID[nid] 615 fmt.Fprintf(&b, "%d /* ", nid) 616 for i, c := range obj.oid { 617 if i > 0 { 618 fmt.Fprintf(&b, ".") 619 } 620 fmt.Fprintf(&b, "%d", c) 621 } 622 fmt.Fprintf(&b, " (OBJ_%s) */,\n", obj.name) 623 } 624 fmt.Fprintf(&b, "};\n") 625 626 formatted, err := clangFormat(b.String()) 627 if err != nil { 628 return err 629 } 630 631 return os.WriteFile(path, []byte(formatted), 0666) 632} 633 634func main() { 635 objs, err := readObjects("obj_mac.num", "objects.txt") 636 if err != nil { 637 fmt.Fprintf(os.Stderr, "Error reading objects: %s\n", err) 638 os.Exit(1) 639 } 640 641 if err := writeNumbers("obj_mac.num", objs); err != nil { 642 fmt.Fprintf(os.Stderr, "Error writing numbers: %s\n", err) 643 os.Exit(1) 644 } 645 646 if err := writeHeader("../../include/openssl/nid.h", objs); err != nil { 647 fmt.Fprintf(os.Stderr, "Error writing header: %s\n", err) 648 os.Exit(1) 649 } 650 651 if err := writeData("obj_dat.h", objs); err != nil { 652 fmt.Fprintf(os.Stderr, "Error writing data: %s\n", err) 653 os.Exit(1) 654 } 655} 656