feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

find the subject id and authority subject id extentions when decoding a certificate

Browse Source
This commit is contained in:
John Safranek
2013-04-24 10:37:11 -07:00
parent d665e16bd8
commit c27ebe546d
2 changed files with 71 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
ctaocrypt/src/asn.c
View File

@ -1218,6 +1218,10 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->extAuthInfoSz = 0; cert->extAuthInfoSz = 0;
cert->extCrlInfo = NULL; cert->extCrlInfo = NULL;
cert->extCrlInfoSz = 0; cert->extCrlInfoSz = 0;
cert->extSubjKeyId = NULL;
cert->extSubjKeyIdSz = 0;
cert->extAuthKeyId = NULL;
cert->extAuthKeyIdSz = 0;
cert->isCA = 0; cert->isCA = 0;
#ifdef CYASSL_CERT_GEN #ifdef CYASSL_CERT_GEN
cert->subjectSN = 0; cert->subjectSN = 0;
@ -2542,6 +2546,58 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert)
} }
static void DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert)
{
word32 idx = 0;
int length = 0;
CYASSL_ENTER("DecodeAuthKeyId");
if (GetSequence(input, &idx, &length, sz) < 0) {
CYASSL_MSG("\tfail: should be a SEQUENCE\n");
return;
}
if (input[idx++] != (ASN_CONTEXT_SPECIFIC | 0)) {
CYASSL_MSG("\tfail: wanted OPTIONAL item 0, not available\n");
}
if (GetLength(input, &idx, &length, sz) < 0) {
CYASSL_MSG("\tfail: extension data length");
return;
}
cert->extAuthKeyId = input + idx;
cert->extAuthKeyIdSz = length;
return;
}
static void DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert)
{
word32 idx = 0;
int length = 0;
CYASSL_ENTER("DecodeSubjKeyId");
if (input[idx++] != ASN_OCTET_STRING) {
CYASSL_MSG("\tfail: should be an OCTET STRING");
return;
}
if (GetLength(input, &idx, &length, sz) < 0) {
CYASSL_MSG("\tfail: extension data length");
return;
}
cert->extSubjKeyId = input + idx;
cert->extSubjKeyIdSz = length;
return;
}
static void DecodeCertExtensions(DecodedCert* cert) static void DecodeCertExtensions(DecodedCert* cert)
/* /*
* Processing the Certificate Extensions. This does not modify the current * Processing the Certificate Extensions. This does not modify the current
@ -2609,6 +2665,14 @@ static void DecodeCertExtensions(DecodedCert* cert)
case ALT_NAMES_OID: case ALT_NAMES_OID:
DecodeAltNames(&input[idx], length, cert); DecodeAltNames(&input[idx], length, cert);
case AUTH_KEY_OID:
DecodeAuthKeyId(&input[idx], length, cert);
break;
case SUBJ_KEY_OID:
DecodeSubjKeyId(&input[idx], length, cert);
break;
default: default:
CYASSL_MSG("\tExtension type not handled, skipping"); CYASSL_MSG("\tExtension type not handled, skipping");
break; break;

8
cyassl/ctaocrypt/asn.h
View File

@ -193,7 +193,9 @@ enum Extensions_Sum {
ALT_NAMES_OID = 131, ALT_NAMES_OID = 131,
CRL_DIST_OID = 145, CRL_DIST_OID = 145,
AUTH_INFO_OID = 69, AUTH_INFO_OID = 69,
CA_ISSUER_OID = 117 CA_ISSUER_OID = 117,
AUTH_KEY_OID = 149,
SUBJ_KEY_OID = 128
}; };
@ -249,6 +251,10 @@ struct DecodedCert {
int extAuthInfoSz; /* length of the URI */ int extAuthInfoSz; /* length of the URI */
byte* extCrlInfo; /* CRL Distribution Points */ byte* extCrlInfo; /* CRL Distribution Points */
int extCrlInfoSz; /* length of the URI */ int extCrlInfoSz; /* length of the URI */
byte* extSubjKeyId; /* Subject Key ID */
int extSubjKeyIdSz; /* length of the ID */
byte* extAuthKeyId; /* Authority Key ID */
int extAuthKeyIdSz; /* length of the ID */
byte isCA; /* CA basic constraint true */ byte isCA; /* CA basic constraint true */
#ifdef CYASSL_CERT_GEN #ifdef CYASSL_CERT_GEN
/* easy access to subject info for other sign */ /* easy access to subject info for other sign */