From 84c42f4a4e3980009d4bc65017cf68e43ae47b3e Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 14 Mar 2024 08:41:30 +1000 Subject: [PATCH] ASN.1 template: store issuer common name Under certain configurations the certificate issuer's common name is kept in a DecodedCert. Wasn't implemented in ASN.1 template code. --- wolfcrypt/src/asn.c | 164 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 164 insertions(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e38d8d930..0f984b4cd 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12661,6 +12661,17 @@ static int GetHashId(const byte* id, int length, byte* hash, int hashAlg) (((id) - 3) >= 0 && ((id) - 3) < certNameSubjectSz && \ (certNameSubject[(id) - 3].strLen > 0)) +/* Set the string for a name component into the issuer name. */ +#define SetCertNameIssuer(cert, id, val) \ + *((char**)(((byte *)(cert)) + certNameSubject[(id) - 3].dataI)) = (val) +/* Set the string length for a name component into the issuer name. */ +#define SetCertNameIssuerLen(cert, id, val) \ + *((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].lenI)) = (int)(val) +/* Set the encoding for a name component into the issuer name. */ +#define SetCertNameIssuerEnc(cert, id, val) \ + *((byte*)(((byte *)(cert)) + certNameSubject[(id) - 3].encI)) = (val) + + /* Mapping of certificate name component to useful information. */ typedef struct CertNameData { /* Type string of name component. */ @@ -12674,6 +12685,14 @@ typedef struct CertNameData { size_t len; /* Offset of encoding in subject name component. */ size_t enc; +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + /* Offset of data in subject name component. */ + size_t dataI; + /* Offset of length in subject name component. */ + size_t lenI; + /* Offset of encoding in subject name component. */ + size_t encI; +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE /* NID of type for subject name component. */ @@ -12690,6 +12709,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectCN), OFFSETOF(DecodedCert, subjectCNLen), OFFSETOF(DecodedCert, subjectCNEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + OFFSETOF(DecodedCert, issuerCN), + OFFSETOF(DecodedCert, issuerCNLen), + OFFSETOF(DecodedCert, issuerCNEnc), +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_commonName @@ -12702,6 +12726,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectSN), OFFSETOF(DecodedCert, subjectSNLen), OFFSETOF(DecodedCert, subjectSNEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + OFFSETOF(DecodedCert, issuerSN), + OFFSETOF(DecodedCert, issuerSNLen), + OFFSETOF(DecodedCert, issuerSNEnc), +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_surname @@ -12714,6 +12743,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectSND), OFFSETOF(DecodedCert, subjectSNDLen), OFFSETOF(DecodedCert, subjectSNDEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + OFFSETOF(DecodedCert, issuerSND), + OFFSETOF(DecodedCert, issuerSNDLen), + OFFSETOF(DecodedCert, issuerSNDEnc), +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_serialNumber @@ -12726,6 +12760,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectC), OFFSETOF(DecodedCert, subjectCLen), OFFSETOF(DecodedCert, subjectCEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + OFFSETOF(DecodedCert, issuerC), + OFFSETOF(DecodedCert, issuerCLen), + OFFSETOF(DecodedCert, issuerCEnc), +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_countryName @@ -12738,6 +12777,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectL), OFFSETOF(DecodedCert, subjectLLen), OFFSETOF(DecodedCert, subjectLEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + OFFSETOF(DecodedCert, issuerL), + OFFSETOF(DecodedCert, issuerLLen), + OFFSETOF(DecodedCert, issuerLEnc), +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_localityName @@ -12750,6 +12794,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectST), OFFSETOF(DecodedCert, subjectSTLen), OFFSETOF(DecodedCert, subjectSTEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + OFFSETOF(DecodedCert, issuerST), + OFFSETOF(DecodedCert, issuerSTLen), + OFFSETOF(DecodedCert, issuerSTEnc), +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_stateOrProvinceName @@ -12762,6 +12811,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectStreet), OFFSETOF(DecodedCert, subjectStreetLen), OFFSETOF(DecodedCert, subjectStreetEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_streetAddress @@ -12774,6 +12828,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectO), OFFSETOF(DecodedCert, subjectOLen), OFFSETOF(DecodedCert, subjectOEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + OFFSETOF(DecodedCert, issuerO), + OFFSETOF(DecodedCert, issuerOLen), + OFFSETOF(DecodedCert, issuerOEnc), +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_organizationName @@ -12786,6 +12845,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectOU), OFFSETOF(DecodedCert, subjectOULen), OFFSETOF(DecodedCert, subjectOUEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + OFFSETOF(DecodedCert, issuerOU), + OFFSETOF(DecodedCert, issuerOULen), + OFFSETOF(DecodedCert, issuerOUEnc), +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_organizationalUnitName @@ -12798,6 +12862,11 @@ static const CertNameData certNameSubject[] = { 0, 0, 0, +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE 0, @@ -12810,6 +12879,11 @@ static const CertNameData certNameSubject[] = { 0, 0, 0, +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE 0, @@ -12822,6 +12896,11 @@ static const CertNameData certNameSubject[] = { 0, 0, 0, +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE 0, @@ -12834,6 +12913,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectBC), OFFSETOF(DecodedCert, subjectBCLen), OFFSETOF(DecodedCert, subjectBCEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_businessCategory @@ -12846,6 +12930,11 @@ static const CertNameData certNameSubject[] = { 0, 0, 0, +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE 0, @@ -12858,6 +12947,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectPC), OFFSETOF(DecodedCert, subjectPCLen), OFFSETOF(DecodedCert, subjectPCEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_postalCode @@ -12870,6 +12964,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectUID), OFFSETOF(DecodedCert, subjectUIDLen), OFFSETOF(DecodedCert, subjectUIDEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_userId @@ -12883,6 +12982,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectN), OFFSETOF(DecodedCert, subjectNLen), OFFSETOF(DecodedCert, subjectNEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_name @@ -12895,6 +12999,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectGN), OFFSETOF(DecodedCert, subjectGNLen), OFFSETOF(DecodedCert, subjectGNEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_givenName @@ -12907,6 +13016,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectI), OFFSETOF(DecodedCert, subjectILen), OFFSETOF(DecodedCert, subjectIEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_initials @@ -12919,6 +13033,11 @@ static const CertNameData certNameSubject[] = { OFFSETOF(DecodedCert, subjectDNQ), OFFSETOF(DecodedCert, subjectDNQLen), OFFSETOF(DecodedCert, subjectDNQEnc), +#ifdef WOLFSSL_HAVE_ISSUER_NAMES + 0, + 0, + 0, +#endif #endif #ifdef WOLFSSL_X509_NAME_AVAILABLE NID_dnQualifier @@ -12930,6 +13049,7 @@ static const CertNameData certNameSubject[] = { static const int certNameSubjectSz = (int) (sizeof(certNameSubject) / sizeof(CertNameData)); + /* ASN.1 template for an RDN. * X.509: RFC 5280, 4.1.2.4 - RelativeDistinguishedName */ @@ -13270,6 +13390,43 @@ static int SetSubject(DecodedCert* cert, int id, byte* str, int strLen, return ret; } +#if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \ + defined(WOLFSSL_HAVE_ISSUER_NAMES) +/* Set the details of an issuer name component into a certificate. + * + * @param [in, out] cert Certificate object. + * @param [in] id Id of component. + * @param [in] str String for component. + * @param [in] strLen Length of string. + * @param [in] tag BER tag representing encoding of string. + * @return 0 on success, negative values on failure. + */ +static int SetIssuer(DecodedCert* cert, int id, byte* str, int strLen, + byte tag) +{ + int ret = 0; + + /* Put string and encoding into certificate. */ + if (id == ASN_COMMON_NAME) { + cert->issuerCN = (char *)str; + cert->issuerCNLen = (int)strLen; + cert->issuerCNEnc = (char)tag; + } + else if (id > ASN_COMMON_NAME && id <= ASN_USER_ID) { + /* Use table and offsets to put data into appropriate fields. */ + SetCertNameIssuer(cert, id, (char*)str); + SetCertNameIssuerLen(cert, id, strLen); + SetCertNameIssuerEnc(cert, id, tag); + } + else if (id == ASN_EMAIL) { + cert->issuerEmail = (char*)str; + cert->issuerEmailLen = strLen; + } + + return ret; +} +#endif + /* Get a RelativeDistinguishedName from the encoding and put in certificate. * * @param [in, out] cert Certificate object. @@ -13402,6 +13559,13 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, /* Store subject field components. */ ret = SetSubject(cert, id, str, (int)strLen, tag); } + #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \ + defined(WOLFSSL_HAVE_ISSUER_NAMES) + /* Put issuer common name string and encoding into certificate. */ + else { + ret = SetIssuer(cert, id, str, (int)strLen, tag); + } + #endif if (ret == 0) { /* Check there is space for this in the full name string and * terminating NUL character. */