feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

drafted pathlen for cert struct

Browse Source
This commit is contained in:
Stanislav Klima
2022-06-30 17:16:10 +02:00
parent 94e7eacc5f
commit 26a62b4b9e
2 changed files with 55 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
wolfcrypt/src/asn.c
View File

@ -22749,6 +22749,31 @@ static int SetExtensionsHeader(byte* out, word32 outSz, int extSz)
} }
/* encode CA basic constraints true with path length
* return total bytes written */
static int SetCaWithPathLen(byte* out, word32 outSz, char pathLen)
{
/* ASN1->DER sequence for Basic Constraints True and path length */
byte caPathLenBasicConstASN1[] = {
0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04,
0x08, 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01,
0x00
};
if (out == NULL)
return BAD_FUNC_ARG;
if (outSz < sizeof(caPathLenBasicConstASN1))
return BUFFER_E;
caPathLenBasicConstASN1[16U] = pathLen;
XMEMCPY(out, caPathLenBasicConstASN1, sizeof(caPathLenBasicConstASN1));
return (int)sizeof(caPathLenBasicConstASN1);
}
/* encode CA basic constraints true /* encode CA basic constraints true
* return total bytes written */ * return total bytes written */
static int SetCa(byte* out, word32 outSz) static int SetCa(byte* out, word32 outSz)
@ -24911,8 +24936,21 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* set the extensions */ /* set the extensions */
der->extensionsSz = 0; der->extensionsSz = 0;
/* RFC 5280 : 4.2.1.9. Basic Constraints
* The pathLenConstraint field is meaningful only if the cA boolean is
* asserted and the key usage extension, if present, asserts the
* keyCertSign bit */
/* Set CA and path length */
if ((cert->isCA) && (cert->pathLen) &&
((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage))) {
der->caSz = SetCaWithPathLen(der->ca, sizeof(der->ca), cert->pathLen);
if (der->caSz <= 0)
return CA_TRUE_E;
der->extensionsSz += der->caSz;
}
/* Set CA */ /* Set CA */
if (cert->isCA) { else if (cert->isCA) {
der->caSz = SetCa(der->ca, sizeof(der->ca)); der->caSz = SetCa(der->ca, sizeof(der->ca));
if (der->caSz <= 0) if (der->caSz <= 0)
return CA_TRUE_E; return CA_TRUE_E;
@ -26082,8 +26120,21 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
/* set the extensions */ /* set the extensions */
der->extensionsSz = 0; der->extensionsSz = 0;
/* RFC 5280 : 4.2.1.9. Basic Constraints
* The pathLenConstraint field is meaningful only if the cA boolean is
* asserted and the key usage extension, if present, asserts the
* keyCertSign bit */
/* Set CA and path length */
if ((cert->isCA) && (cert->pathLen) &&
((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage))) {
der->caSz = SetCaWithPathLen(der->ca, sizeof(der->ca), cert->pathLen);
if (der->caSz <= 0)
return CA_TRUE_E;
der->extensionsSz += der->caSz;
}
/* Set CA */ /* Set CA */
if (cert->isCA) { else if (cert->isCA) {
der->caSz = SetCa(der->ca, sizeof(der->ca)); der->caSz = SetCa(der->ca, sizeof(der->ca));
if (der->caSz <= 0) if (der->caSz <= 0)
return CA_TRUE_E; return CA_TRUE_E;

2
wolfssl/wolfcrypt/asn_public.h
View File

@ -384,6 +384,8 @@ typedef struct Cert {
int selfSigned; /* self signed flag */ int selfSigned; /* self signed flag */
CertName subject; /* subject info */ CertName subject; /* subject info */
int isCA; /* is this going to be a CA */ int isCA; /* is this going to be a CA */
char pathLen; /* max depth of valid certification
* paths that include this cert */
/* internal use only */ /* internal use only */
int bodySz; /* pre sign total size */ int bodySz; /* pre sign total size */
int keyType; /* public key type of subject */ int keyType; /* public key type of subject */