lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-01-06 11:41:12 +03:00
Code Activity

Suppport otherName of type hardware module name

Browse Source 
Add support of parsing of subject alternative name, of type otherName.
Currently supports only hardware module name, as defined in rfc 4108.
This commit is contained in:
Ron Eldor
2019-03-21 13:40:13 +02:00
parent 75d9a333ce
commit b2dc3fa72e
11 changed files with 565 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
tests/suites/test_suite_x509parse.function
View File

@@ -219,6 +219,79 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint
return( 0 );
}
int verify_parse_san( mbedtls_x509_subject_alternative_name *san,
char **buf, size_t *size )
{
int ret;
size_t i;
char *p = *buf;
size_t n = *size;
ret = mbedtls_snprintf( p, n, "type : %u", san->type );
MBEDTLS_X509_SAFE_SNPRINTF;
switch( san->type )
{
case( MBEDTLS_X509_SAN_OTHER_NAME ):
ret = mbedtls_snprintf( p, n, "\notherName :");
MBEDTLS_X509_SAFE_SNPRINTF;
if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
&san->san.other_name.value.hardware_module_name.oid ) != 0 )
{
ret = mbedtls_snprintf( p, n, " hardware module name :" );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, " hardware type : " );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_oid_get_numeric_string( p, n,
&san->san.other_name.value.hardware_module_name.oid );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
MBEDTLS_X509_SAFE_SNPRINTF;
if( san->san.other_name.value.hardware_module_name.val.len >= n )
{
*p = '\0';
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
}
for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
{
*p++ = san->san.other_name.value.hardware_module_name.val.p[i];
}
n -= san->san.other_name.value.hardware_module_name.val.len;
}
break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
case( MBEDTLS_X509_SAN_DNS_NAME ):
ret = mbedtls_snprintf( p, n, "\ndNSName : " );
MBEDTLS_X509_SAFE_SNPRINTF;
if( san->san.unstructured_name.len >= n )
{
*p = '\0';
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
}
n -= san->san.unstructured_name.len;
for( i = 0; i < san->san.unstructured_name.len; i++ )
*p++ = san->san.unstructured_name.p[i];
break;/* MBEDTLS_X509_SAN_DNS_NAME */
default:
/*
* Should not happen.
*/
return( -1 );
}
ret = mbedtls_snprintf( p, n, "\n" );
MBEDTLS_X509_SAFE_SNPRINTF;
*size = n;
*buf = p;
return( 0 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* END_HEADER */
@@ -227,6 +300,41 @@ int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_parse_san( char * crt_file, char * result_str )
{
mbedtls_x509_crt crt;
mbedtls_x509_subject_alternative_name *cur, *next, *san = NULL;
char buf[2000];
char *p = buf;
size_t n = sizeof( buf );
mbedtls_x509_crt_init( &crt );
memset( buf, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_parse_subject_alternative_name( &crt, &san ) == 0 );
cur = san;
while( cur != NULL )
{
TEST_ASSERT( verify_parse_san( cur, &p, &n ) == 0 );
cur = cur->next;
}
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
exit:
for( cur = san; cur != NULL; cur = next )
{
next = cur->next;
mbedtls_free( cur );
}
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_cert_info( char * crt_file, char * result_str )
{