wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 11:44:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4600 from dgarske/cust_oid

Browse Source 
Support for Custom OID in subject and CSR request extension
This commit is contained in:
Sean Parkinson
2021-12-09 11:24:30 +10:00
committed by GitHub
parent dac0c21989 e1b7363647
commit 6da0cc1ced
5 changed files with 486 additions and 428 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
tests/api.c
View File

@@ -345,8 +345,7 @@
#if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \ #if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \
defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \ defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN))
!defined(WOLFSSL_ASN_TEMPLATE))
/* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT, /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT,
* or for setting authKeyIdSrc in WOLFSSL_X509 */ * or for setting authKeyIdSrc in WOLFSSL_X509 */
#include "wolfssl/internal.h" #include "wolfssl/internal.h"
@@ -41594,24 +41593,25 @@ static void test_wolfSSL_X509_check_ip_asc(void){
static void test_wolfSSL_DC_cert(void) static void test_wolfSSL_DC_cert(void)
{ {
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ #if !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_KEY_GEN) && \ int ret;
defined(WOLFSSL_CERT_EXT) Cert cert;
Cert cert;
RsaKey key;
WC_RNG rng;
byte der[FOURK_BUF];
int certSz;
int ret, idx;
const byte mySerial[8] = {1,2,3,4,5,6,7,8};
const unsigned char* pt;
X509* x509;
X509_NAME* x509name;
X509_NAME_ENTRY* entry;
ASN1_STRING* entryValue;
CertName name; CertName name;
RsaKey key;
WC_RNG rng;
byte der[FOURK_BUF];
word32 idx;
const byte mySerial[8] = {1,2,3,4,5,6,7,8};
#ifdef OPENSSL_EXTRA
const unsigned char* pt;
int certSz;
X509* x509;
X509_NAME* x509name;
X509_NAME_ENTRY* entry;
ASN1_STRING* entryValue;
#endif
printf(testingFmt, "wolfSSL Certs with DC"); printf(testingFmt, "wolfSSL Certs with DC");
XMEMSET(&name, 0, sizeof(CertName)); XMEMSET(&name, 0, sizeof(CertName));
@@ -41658,8 +41658,19 @@ static void test_wolfSSL_DC_cert(void)
#else #else
AssertIntEQ(wc_InitRng(&rng), 0); AssertIntEQ(wc_InitRng(&rng), 0);
#endif #endif
AssertIntEQ(wc_MakeRsaKey(&key, 2048, 3, &rng), 0);
/* load test RSA key */
idx = 0;
#if defined(USE_CERT_BUFFERS_1024)
AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_1024, &idx, &key,
sizeof_server_key_der_1024), 0);
#elif defined(USE_CERT_BUFFERS_2048)
AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
sizeof_server_key_der_2048), 0);
#else
/* error case, no RSA key loaded, happens later */
(void)idx;
#endif
XMEMSET(&cert, 0 , sizeof(Cert)); XMEMSET(&cert, 0 , sizeof(Cert));
AssertIntEQ(wc_InitCert(&cert), 0); AssertIntEQ(wc_InitCert(&cert), 0);
@@ -41690,9 +41701,10 @@ static void test_wolfSSL_DC_cert(void)
} }
} while (ret == WC_PENDING_E); } while (ret == WC_PENDING_E);
AssertIntGT(ret, 0); AssertIntGT(ret, 0);
certSz = ret;
#ifdef OPENSSL_EXTRA
/* der holds a certificate with DC's now check X509 parsing of it */ /* der holds a certificate with DC's now check X509 parsing of it */
certSz = ret;
pt = der; pt = der;
AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz)); AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz));
AssertNotNull(x509name = X509_get_subject_name(x509)); AssertNotNull(x509name = X509_get_subject_name(x509));
@@ -41730,8 +41742,9 @@ static void test_wolfSSL_DC_cert(void)
AssertNull(entry = X509_NAME_get_entry(x509name, 11)); AssertNull(entry = X509_NAME_get_entry(x509name, 11));
AssertNull(entry = X509_NAME_get_entry(x509name, 20)); AssertNull(entry = X509_NAME_get_entry(x509name, 20));
(void)idx;
X509_free(x509); X509_free(x509);
#endif /* OPENSSL_EXTRA */
wc_FreeRsaKey(&key); wc_FreeRsaKey(&key);
wc_FreeRng(&rng); wc_FreeRng(&rng);
printf(resultFmt, passed); printf(resultFmt, passed);

747
wolfcrypt/src/asn.c
View File

File diff suppressed because it is too large Load Diff

83
wolfcrypt/test/test.c
View File

@@ -355,7 +355,7 @@ _Pragma("GCC diagnostic ignored \"-Wunused-function\"")
#define NO_INTM_HASH_TEST #define NO_INTM_HASH_TEST
#endif #endif
#if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB) #ifdef WOLFSSL_CERT_GEN
static void initDefaultName(void); static void initDefaultName(void);
#endif #endif
@@ -759,8 +759,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
#endif /* USE_FAST_MATH */ #endif /* USE_FAST_MATH */
#endif /* !NO_BIG_INT */ #endif /* !NO_BIG_INT */
#if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB) #ifdef WOLFSSL_CERT_GEN
initDefaultName(); initDefaultName();
#endif #endif
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
@@ -12258,14 +12258,19 @@ WOLFSSL_TEST_SUBROUTINE int memory_test(void)
#if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \ #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
(defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448))) (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
#ifdef WOLFSSL_MULTI_ATTRIB
static CertName certDefaultName; static CertName certDefaultName;
static void initDefaultName(void) static void initDefaultName(void)
{ {
#if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
NameAttrib* n;
#endif
XMEMCPY(certDefaultName.country, "US", sizeof("US")); XMEMCPY(certDefaultName.country, "US", sizeof("US"));
certDefaultName.countryEnc = CTC_PRINTABLE; certDefaultName.countryEnc = CTC_PRINTABLE;
XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon")); XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon"));
certDefaultName.stateEnc = CTC_UTF8; certDefaultName.stateEnc = CTC_UTF8;
XMEMCPY(certDefaultName.street, "Main St", sizeof("Main St"));
certDefaultName.streetEnc = CTC_UTF8;
XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland")); XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland"));
certDefaultName.localityEnc = CTC_UTF8; certDefaultName.localityEnc = CTC_UTF8;
XMEMCPY(certDefaultName.sur, "Test", sizeof("Test")); XMEMCPY(certDefaultName.sur, "Test", sizeof("Test"));
@@ -12278,59 +12283,45 @@ static void initDefaultName(void)
certDefaultName.commonNameEnc = CTC_UTF8; certDefaultName.commonNameEnc = CTC_UTF8;
XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
certDefaultName.serialDevEnc = CTC_PRINTABLE; certDefaultName.serialDevEnc = CTC_PRINTABLE;
XMEMCPY(certDefaultName.postalCode, "12-456", sizeof("12-456"));
certDefaultName.postalCodeEnc = CTC_PRINTABLE;
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization")); XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
certDefaultName.busCatEnc = CTC_UTF8; certDefaultName.busCatEnc = CTC_UTF8;
XMEMCPY(certDefaultName.joiSt, "US", sizeof("US"));
certDefaultName.joiStEnc = CTC_PRINTABLE;
XMEMCPY(certDefaultName.joiC, "Oregon", sizeof("Oregon"));
certDefaultName.joiCEnc = CTC_PRINTABLE;
#endif #endif
XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com")); XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com"));
#ifdef WOLFSSL_TEST_CERT #if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
{ /* test having additional OUs and setting DC */
NameAttrib* n; n = &certDefaultName.name[0];
/* test having additional OUs and setting DC */ n->id = ASN_ORGUNIT_NAME;
n = &certDefaultName.name[0]; n->type = CTC_UTF8;
n->id = ASN_ORGUNIT_NAME; n->sz = sizeof("Development-2");
n->type = CTC_UTF8; XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
n->sz = sizeof("Development-2");
XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
#if CTC_MAX_ATTRIB > 3 #if CTC_MAX_ATTRIB > 3
n = &certDefaultName.name[1]; n = &certDefaultName.name[1];
n->id = ASN_DOMAIN_COMPONENT; n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8; n->type = CTC_UTF8;
n->sz = sizeof("com"); n->sz = sizeof("com");
XMEMCPY(n->value, "com", sizeof("com")); XMEMCPY(n->value, "com", sizeof("com"));
n = &certDefaultName.name[2];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("wolfssl");
XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
n = &certDefaultName.name[2];
n->id = ASN_DOMAIN_COMPONENT;
n->type = CTC_UTF8;
n->sz = sizeof("wolfssl");
XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
#endif #endif
} #endif /* WOLFSSL_MULTI_ATTRIB && WOLFSSL_TEST_CERT */
#endif /* WOLFSSL_TEST_CERT */
} #ifdef WOLFSSL_CUSTOM_OID
#else /* TODO: Add test case for custom OID's */
static const CertName certDefaultName = {
"US", CTC_PRINTABLE, /* country */
"Oregon", CTC_UTF8, /* state */
"Main St", CTC_UTF8, /* street */
"Portland", CTC_UTF8, /* locality */
"Test", CTC_UTF8, /* sur */
"wolfSSL", CTC_UTF8, /* org */
"Development", CTC_UTF8, /* unit */
"www.wolfssl.com", CTC_UTF8, /* commonName */
"wolfSSL12345", CTC_PRINTABLE, /* serial number of device */
"12-456", CTC_PRINTABLE, /* Postal Code */
#ifdef WOLFSSL_CERT_EXT
"Private Organization", CTC_UTF8, /* businessCategory */
"US", CTC_PRINTABLE, /* jurisdiction country */
"Oregon", CTC_PRINTABLE, /* jurisdiction state */
#endif #endif
"info@wolfssl.com", /* email */ }
};
#endif /* WOLFSSL_MULTI_ATTRIB */
#ifdef WOLFSSL_CERT_EXT #ifdef WOLFSSL_CERT_EXT
#if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \

11
wolfssl/wolfcrypt/asn.h
View File

@@ -622,7 +622,8 @@ enum DN_Tags {
ASN_ORGUNIT_NAME = 0x0b, /* OU */ ASN_ORGUNIT_NAME = 0x0b, /* OU */
ASN_BUS_CAT = 0x0f, /* businessCategory */ ASN_BUS_CAT = 0x0f, /* businessCategory */
ASN_POSTAL_CODE = 0x11, /* postalCode */ ASN_POSTAL_CODE = 0x11, /* postalCode */
ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */ ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */
ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */
/* pilot attribute types /* pilot attribute types
* OID values of 0.9.2342.19200300.100.1.* */ * OID values of 0.9.2342.19200300.100.1.* */
@@ -1954,14 +1955,6 @@ WOLFSSL_LOCAL int wc_MIME_free_hdrs(MimeHdr* head);
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
enum cert_enums { enum cert_enums {
#ifdef WOLFSSL_CERT_EXT
NAME_ENTRIES = 12,
#else
NAME_ENTRIES = 11,
#endif
JOINT_LEN = 2,
EMAIL_JOINT_LEN = 9,
PILOT_JOINT_LEN = 10,
RSA_KEY = 10, RSA_KEY = 10,
ECC_KEY = 12, ECC_KEY = 12,
ED25519_KEY = 13, ED25519_KEY = 13,

16
wolfssl/wolfcrypt/asn_public.h
View File

@@ -310,6 +310,15 @@ typedef struct NameAttrib {
} NameAttrib; } NameAttrib;
#endif /* WOLFSSL_MULTI_ATTRIB */ #endif /* WOLFSSL_MULTI_ATTRIB */
#ifdef WOLFSSL_CUSTOM_OID
typedef struct CertOidField {
byte* oid;
byte* val;
int oidSz;
int valSz;
char enc;
} CertOidField;
#endif
typedef struct CertName { typedef struct CertName {
char country[CTC_NAME_SIZE]; char country[CTC_NAME_SIZE];
@@ -344,6 +353,9 @@ typedef struct CertName {
#ifdef WOLFSSL_MULTI_ATTRIB #ifdef WOLFSSL_MULTI_ATTRIB
NameAttrib name[CTC_MAX_ATTRIB]; NameAttrib name[CTC_MAX_ATTRIB];
#endif #endif
#ifdef WOLFSSL_CUSTOM_OID
CertOidField custom;
#endif
} CertName; } CertName;
@@ -409,6 +421,10 @@ typedef struct Cert {
char challengePw[CTC_NAME_SIZE]; char challengePw[CTC_NAME_SIZE];
int challengePwPrintableString; /* encode as PrintableString */ int challengePwPrintableString; /* encode as PrintableString */
#endif #endif
#ifdef WOLFSSL_CUSTOM_OID
CertOidField extCustom; /* user oid and value to go in req extensions */
#endif
void* decodedCert; /* internal DecodedCert allocated from heap */ void* decodedCert; /* internal DecodedCert allocated from heap */
byte* der; /* Pointer to buffer of current DecodedCert cache */ byte* der; /* Pointer to buffer of current DecodedCert cache */
void* heap; /* heap hint */ void* heap; /* heap hint */