From 442886a2072aadf05930f6ebeb2e417828b0976c Mon Sep 17 00:00:00 2001 From: John Safranek Date: Sat, 17 Aug 2013 09:01:15 -0700 Subject: [PATCH] Added x509 accessors for the SEP build certificate additions. --- cyassl/internal.h | 8 ++++++++ cyassl/ssl.h | 9 +++++++++ src/internal.c | 26 ++++++++++++++++++++++++++ src/ssl.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 85 insertions(+) diff --git a/cyassl/internal.h b/cyassl/internal.h index 40052d69f..e6a6ced27 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -1648,6 +1648,14 @@ struct CYASSL_X509 { int serialSz; byte serial[EXTERNAL_SERIAL_SIZE]; char subjectCN[ASN_NAME_MAX]; /* common name short cut */ +#ifdef CYASSL_SEP + int deviceTypeSz; + byte deviceType[EXTERNAL_SERIAL_SIZE]; + int hwTypeSz; + byte hwType[EXTERNAL_SERIAL_SIZE]; + int hwSerialNumSz; + byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; +#endif buffer derCert; /* may need */ DNS_entry* altNames; /* alt names list */ DNS_entry* altNamesNext; /* hint for retrieval */ diff --git a/cyassl/ssl.h b/cyassl/ssl.h index d6bda27ba..5c759219d 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -783,6 +783,15 @@ CYASSL_API int CyaSSL_cmp_peer_cert_to_file(CYASSL*, const char*); CYASSL_API char* CyaSSL_X509_get_next_altname(CYASSL_X509*); +#ifdef CYASSL_SEP + CYASSL_API + int CyaSSL_X509_get_device_type(CYASSL_X509*, unsigned char*, int*); + CYASSL_API + int CyaSSL_X509_get_hw_type(CYASSL_X509*, unsigned char*, int*); + CYASSL_API + int CyaSSL_X509_get_hw_serial_number(CYASSL_X509*, unsigned char*, int*); +#endif + /* connect enough to get peer cert */ CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl); diff --git a/src/internal.c b/src/internal.c index 7e1834339..8070eb79b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2925,6 +2925,32 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert) else x509->subjectCN[0] = '\0'; +#ifdef CYASSL_SEP + { + int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE); + if (minSz > 0) { + x509->deviceTypeSz = minSz; + XMEMCPY(x509->deviceType, dCert->deviceType, minSz); + } + else + x509->deviceTypeSz = 0; + minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE); + if (minSz != 0) { + x509->hwTypeSz = minSz; + XMEMCPY(x509->hwType, dCert->hwType, minSz); + } + else + x509->hwTypeSz = 0; + minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE); + if (minSz != 0) { + x509->hwSerialNumSz = minSz; + XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz); + } + else + x509->hwSerialNumSz = 0; + } +#endif /* CYASSL_SEP */ + /* store cert for potential retrieval */ x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL, DYNAMIC_TYPE_CERT); diff --git a/src/ssl.c b/src/ssl.c index ddf60debc..089fe2297 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7011,6 +7011,48 @@ int CyaSSL_set_compression(CYASSL* ssl) return x509->derCert.buffer; } +#ifdef CYASSL_SEP + +int CyaSSL_X509_get_device_type(CYASSL_X509* x509, byte* in, int *inOutSz) +{ + CYASSL_ENTER("CyaSSL_X509_get_dev_type"); + if (x509 == NULL || inOutSz == NULL || *inOutSz < x509->deviceTypeSz) + return BAD_FUNC_ARG; + + XMEMCPY(in, x509->deviceType, x509->deviceTypeSz); + *inOutSz = x509->deviceTypeSz; + + return SSL_SUCCESS; +} + + +int CyaSSL_X509_get_hw_type(CYASSL_X509* x509, byte* in, int *inOutSz) +{ + CYASSL_ENTER("CyaSSL_X509_get_hw_type"); + if (x509 == NULL || inOutSz == NULL || *inOutSz < x509->hwTypeSz) + return BAD_FUNC_ARG; + + XMEMCPY(in, x509->hwType, x509->hwTypeSz); + *inOutSz = x509->hwTypeSz; + + return SSL_SUCCESS; +} + + +int CyaSSL_X509_get_hw_serial_number(CYASSL_X509* x509, byte* in, int *inOutSz) +{ + CYASSL_ENTER("CyaSSL_X509_get_hw_serial_number"); + if (x509 == NULL || inOutSz == NULL || *inOutSz < x509->hwSerialNumSz) + return BAD_FUNC_ARG; + + XMEMCPY(in, x509->hwSerialNum, x509->hwSerialNumSz); + *inOutSz = x509->hwSerialNumSz; + + return SSL_SUCCESS; +} + +#endif /* CYASSL_SEP */ + #endif /* KEEP_PEER_CERT || SESSION_CERTS */