wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4600 from dgarske/cust_oid

Browse Source 
Support for Custom OID in subject and CSR request extension
This commit is contained in:
Sean Parkinson
2021-12-09 11:24:30 +10:00
committed by GitHub
parent dac0c21989 e1b7363647
commit 6da0cc1ced
5 changed files with 486 additions and 428 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
tests/api.c
View File

@ -345,8 +345,7 @@
#if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && \
!defined(WOLFSSL_ASN_TEMPLATE))
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN))
/* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
* or for setting authKeyIdSrc in WOLFSSL_X509 */
#include "wolfssl/internal.h"
@ -41594,24 +41593,25 @@ static void test_wolfSSL_X509_check_ip_asc(void){
static void test_wolfSSL_DC_cert(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_KEY_GEN) && \
defined(WOLFSSL_CERT_EXT)
Cert cert;
RsaKey key;
WC_RNG rng;
byte der[FOURK_BUF];
int certSz;
int ret, idx;
const byte mySerial[8] = {1,2,3,4,5,6,7,8};
const unsigned char* pt;
X509* x509;
X509_NAME* x509name;
X509_NAME_ENTRY* entry;
ASN1_STRING* entryValue;
#if !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
int ret;
Cert cert;
CertName name;
RsaKey key;
WC_RNG rng;
byte der[FOURK_BUF];
word32 idx;
const byte mySerial[8] = {1,2,3,4,5,6,7,8};
#ifdef OPENSSL_EXTRA
const unsigned char* pt;
int certSz;
X509* x509;
X509_NAME* x509name;
X509_NAME_ENTRY* entry;
ASN1_STRING* entryValue;
#endif
printf(testingFmt, "wolfSSL Certs with DC");
XMEMSET(&name, 0, sizeof(CertName));
@ -41658,8 +41658,19 @@ static void test_wolfSSL_DC_cert(void)
#else
AssertIntEQ(wc_InitRng(&rng), 0);
#endif
AssertIntEQ(wc_MakeRsaKey(&key, 2048, 3, &rng), 0);
/* load test RSA key */
idx = 0;
#if defined(USE_CERT_BUFFERS_1024)
AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_1024, &idx, &key,
sizeof_server_key_der_1024), 0);
#elif defined(USE_CERT_BUFFERS_2048)
AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
sizeof_server_key_der_2048), 0);
#else
/* error case, no RSA key loaded, happens later */
(void)idx;
#endif
XMEMSET(&cert, 0 , sizeof(Cert));
AssertIntEQ(wc_InitCert(&cert), 0);
@ -41690,9 +41701,10 @@ static void test_wolfSSL_DC_cert(void)
}
} while (ret == WC_PENDING_E);
AssertIntGT(ret, 0);
certSz = ret;
#ifdef OPENSSL_EXTRA
/* der holds a certificate with DC's now check X509 parsing of it */
certSz = ret;
pt = der;
AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz));
AssertNotNull(x509name = X509_get_subject_name(x509));
@ -41730,8 +41742,9 @@ static void test_wolfSSL_DC_cert(void)
AssertNull(entry = X509_NAME_get_entry(x509name, 11));
AssertNull(entry = X509_NAME_get_entry(x509name, 20));
(void)idx;
X509_free(x509);
#endif /* OPENSSL_EXTRA */
wc_FreeRsaKey(&key);
wc_FreeRng(&rng);
printf(resultFmt, passed);

747
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

83
wolfcrypt/test/test.c
View File

@ -355,7 +355,7 @@ _Pragma("GCC diagnostic ignored \"-Wunused-function\"")
#define NO_INTM_HASH_TEST
#endif
#if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB)
#ifdef WOLFSSL_CERT_GEN
static void initDefaultName(void);
#endif
@ -759,8 +759,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
#endif /* USE_FAST_MATH */
#endif /* !NO_BIG_INT */
#if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB)
initDefaultName();
#ifdef WOLFSSL_CERT_GEN
initDefaultName();
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
@ -12258,14 +12258,19 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void)
#if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
(defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
#ifdef WOLFSSL_MULTI_ATTRIB
static CertName certDefaultName;
static void initDefaultName(void)
{
#if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
NameAttrib* n;
#endif
XMEMCPY(certDefaultName.country, "US", sizeof("US"));
certDefaultName.countryEnc = CTC_PRINTABLE;
XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon"));
certDefaultName.stateEnc = CTC_UTF8;
XMEMCPY(certDefaultName.street, "Main St", sizeof("Main St"));
certDefaultName.streetEnc = CTC_UTF8;
XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland"));
certDefaultName.localityEnc = CTC_UTF8;
XMEMCPY(certDefaultName.sur, "Test", sizeof("Test"));
@ -12278,59 +12283,45 @@ static void initDefaultName(void)
certDefaultName.commonNameEnc = CTC_UTF8;
XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
certDefaultName.serialDevEnc = CTC_PRINTABLE;
XMEMCPY(certDefaultName.postalCode, "12-456", sizeof("12-456"));
certDefaultName.postalCodeEnc = CTC_PRINTABLE;
#ifdef WOLFSSL_CERT_EXT
XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
certDefaultName.busCatEnc = CTC_UTF8;
XMEMCPY(certDefaultName.joiSt, "US", sizeof("US"));
certDefaultName.joiStEnc = CTC_PRINTABLE;
XMEMCPY(certDefaultName.joiC, "Oregon", sizeof("Oregon"));
certDefaultName.joiCEnc = CTC_PRINTABLE;
#endif
XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com"));
#ifdef WOLFSSL_TEST_CERT
{
NameAttrib* n;
/* test having additional OUs and setting DC */
n = &certDefaultName.name[0];
n->id = ASN_ORGUNIT_NAME;
n->type = CTC_UTF8;
n->sz = sizeof("Development-2");
XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
#if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
/* test having additional OUs and setting DC */
n = &certDefaultName.name[0];
n->id = ASN_ORGUNIT_NAME;
n->type = CTC_UTF8;
n->sz = sizeof("Development-2");
XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
#if CTC_MAX_ATTRIB > 3
n = &certDefaultName.name[1];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("com");
XMEMCPY(n->value, "com", sizeof("com"));
n = &certDefaultName.name[2];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("wolfssl");
XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
n = &certDefaultName.name[1];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("com");
XMEMCPY(n->value, "com", sizeof("com"));
n = &certDefaultName.name[2];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("wolfssl");
XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
#endif
}
#endif /* WOLFSSL_TEST_CERT */
}
#else
static const CertName certDefaultName = {
"US", CTC_PRINTABLE, /* country */
"Oregon", CTC_UTF8, /* state */
"Main St", CTC_UTF8, /* street */
"Portland", CTC_UTF8, /* locality */
"Test", CTC_UTF8, /* sur */
"wolfSSL", CTC_UTF8, /* org */
"Development", CTC_UTF8, /* unit */
"www.wolfssl.com", CTC_UTF8, /* commonName */
"wolfSSL12345", CTC_PRINTABLE, /* serial number of device */
"12-456", CTC_PRINTABLE, /* Postal Code */
#ifdef WOLFSSL_CERT_EXT
"Private Organization", CTC_UTF8, /* businessCategory */
"US", CTC_PRINTABLE, /* jurisdiction country */
"Oregon", CTC_PRINTABLE, /* jurisdiction state */
#endif /* WOLFSSL_MULTI_ATTRIB && WOLFSSL_TEST_CERT */
#ifdef WOLFSSL_CUSTOM_OID
/* TODO: Add test case for custom OID's */
#endif
"info@wolfssl.com", /* email */
};
#endif /* WOLFSSL_MULTI_ATTRIB */
}
#ifdef WOLFSSL_CERT_EXT
#if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \

11
wolfssl/wolfcrypt/asn.h
View File

@ -622,7 +622,8 @@ enum DN_Tags {
ASN_ORGUNIT_NAME = 0x0b, /* OU */
ASN_BUS_CAT = 0x0f, /* businessCategory */
ASN_POSTAL_CODE = 0x11, /* postalCode */
ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */
ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */
ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */
/* pilot attribute types
* OID values of 0.9.2342.19200300.100.1.* */
@ -1954,14 +1955,6 @@ WOLFSSL_LOCAL int wc_MIME_free_hdrs(MimeHdr* head);
#ifdef WOLFSSL_CERT_GEN
enum cert_enums {
#ifdef WOLFSSL_CERT_EXT
NAME_ENTRIES = 12,
#else
NAME_ENTRIES = 11,
#endif
JOINT_LEN = 2,
EMAIL_JOINT_LEN = 9,
PILOT_JOINT_LEN = 10,
RSA_KEY = 10,
ECC_KEY = 12,
ED25519_KEY = 13,

16
wolfssl/wolfcrypt/asn_public.h
View File

@ -310,6 +310,15 @@ typedef struct NameAttrib {
} NameAttrib;
#endif /* WOLFSSL_MULTI_ATTRIB */
#ifdef WOLFSSL_CUSTOM_OID
typedef struct CertOidField {
byte* oid;
byte* val;
int oidSz;
int valSz;
char enc;
} CertOidField;
#endif
typedef struct CertName {
char country[CTC_NAME_SIZE];
@ -344,6 +353,9 @@ typedef struct CertName {
#ifdef WOLFSSL_MULTI_ATTRIB
NameAttrib name[CTC_MAX_ATTRIB];
#endif
#ifdef WOLFSSL_CUSTOM_OID
CertOidField custom;
#endif
} CertName;
@ -409,6 +421,10 @@ typedef struct Cert {
char challengePw[CTC_NAME_SIZE];
int challengePwPrintableString; /* encode as PrintableString */
#endif
#ifdef WOLFSSL_CUSTOM_OID
CertOidField extCustom; /* user oid and value to go in req extensions */
#endif
void* decodedCert; /* internal DecodedCert allocated from heap */
byte* der; /* Pointer to buffer of current DecodedCert cache */
void* heap; /* heap hint */