From b6dc10545645a77098815b7225af9433ea37283e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 1 Apr 2019 18:12:23 +0300 Subject: [PATCH] Add Wisun Fan device extended key usage Add the Wisun extended key usage oid and tests. --- ChangeLog | 1 + include/mbedtls/oid.h | 10 +++++++++- library/oid.c | 13 +++++++------ tests/suites/test_suite_oid.data | 27 +++++++++++++++++++++++++++ tests/suites/test_suite_oid.function | 23 +++++++++++++++++++++++ 5 files changed, 67 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index d4e945a86..1f50ef3ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Add the Any Policy certificate policy oid, as defined in rfc 5280 section 4.2.1.4. + * Add the Wi-SUN Field Area Network (FAN) device extended key usage. Bugfix * Fix private key DER output in the key_app_writer example. File contents diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 342ef754e..55f72c8eb 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -122,7 +122,8 @@ * { iso(1) identified-organization(3) dod(6) internet(1) * security(5) mechanisms(5) pkix(7) } */ -#define MBEDTLS_OID_PKIX MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01\x05\x05\x07" +#define MBEDTLS_OID_INTERNET MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01" +#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07" /* * Arc for standard naming attributes @@ -206,6 +207,13 @@ #define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */ #define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */ +/** + * Wi-SUN Alliance Field Area Network + * { iso(1) identified-organization(3) dod(6) internet(1) + * private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) } + */ +#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01" + /* * PKCS definition OIDs */ diff --git a/library/oid.c b/library/oid.c index 4e10f8a26..8059a336c 100644 --- a/library/oid.c +++ b/library/oid.c @@ -284,12 +284,13 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, e static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = { - { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" }, - { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" }, - { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" }, - { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" }, - { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" }, - { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" }, + { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" }, + { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" }, + { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" }, + { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" }, + { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" }, + { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" }, + { ADD_LEN( MBEDTLS_OID_WISUN_FAN ), "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" }, { NULL, 0, NULL, NULL }, }; diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index 759a01038..625085f16 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -6,3 +6,30 @@ oid_get_certificate_policies:"5533445566":"" OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier oid_get_certificate_policies:"551D23":"" + +OID get Ext Key Usage - id-kp-serverAuth +oid_get_extended_key_usage:"2B06010505070301":"TLS Web Server Authentication" + +OID get Ext Key Usage - id-kp-clientAuth +oid_get_extended_key_usage:"2B06010505070302":"TLS Web Client Authentication" + +OID get Ext Key Usage - id-kp-codeSigning +oid_get_extended_key_usage:"2B06010505070303":"Code Signing" + +OID get Ext Key Usage - id-kp-emailProtection +oid_get_extended_key_usage:"2B06010505070304":"E-mail Protection" + +OID get Ext Key Usage - id-kp-timeStamping +oid_get_extended_key_usage:"2B06010505070308":"Time Stamping" + +OID get Ext Key Usage - id-kp-OCSPSigning +oid_get_extended_key_usage:"2B06010505070309":"OCSP Signing" + +OID get Ext Key Usage - id-kp-wisun-fan-device +oid_get_extended_key_usage:"2B0601040182E42501":"Wi-SUN Alliance Field Area Network (FAN)" + +OID get Ext Key Usage invalid oid +oid_get_extended_key_usage:"5533445566":"" + +OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier +oid_get_extended_key_usage:"551D23":"" diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index e95e48d06..59e700e51 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -32,3 +32,26 @@ void oid_get_certificate_policies( data_t * oid, char * result_str ) } } /* END_CASE */ + +/* BEGIN_CASE */ +void oid_get_extended_key_usage( data_t *oid, char *result_str ) +{ + mbedtls_asn1_buf asn1_buf = { 0, 0, NULL }; + int ret; + const char *desc; + + asn1_buf.tag = MBEDTLS_ASN1_OID; + asn1_buf.p = oid->x; + asn1_buf.len = oid->len; + + ret = mbedtls_oid_get_extended_key_usage( &asn1_buf, &desc ); + if( strlen( result_str ) == 0 ) + { + TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND ); + } + else + { + TEST_ASSERT( strcmp( ( char * )desc, result_str ) == 0 ); + } +} +/* END_CASE */