netxduo
Select one of the symbols to view example projects that use it.
 
Outline
...
...
...
...
#define NX_SECURE_SOURCE_CODE
#include "nx_secure_x509.h"
...
...
_nx_secure_x509_extension_find(NX_SECURE_X509_CERT *, NX_SECURE_X509_EXTENSION *, USHORT)
Files
loading...
CodeScopeSTM32 Libraries and Samplesnetxduonx_secure/src/nx_secure_x509_extension_find.c
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
/**************************************************************************/ /* */ /* Copyright (c) Microsoft Corporation. All rights reserved. */ /* */ /* This software is licensed under the Microsoft Software License */ /* Terms for Microsoft Azure RTOS. Full text of the license can be */ /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */ /* and in the root directory of this software. */ /* */... /**************************************************************************/ ... /**************************************************************************/ /**************************************************************************/ /** */ /** NetX Secure Component */ /** */ /** X.509 Digital Certificates */ /** */... /**************************************************************************/ /**************************************************************************/ #define NX_SECURE_SOURCE_CODE #include "nx_secure_x509.h" ... /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_x509_extension_find PORTABLE C */ /* 6.1.6 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function parses through the list of extensions in an X.509 */ /* certificate looking for a specific extension. The data in the */ /* extension is returned in a structure for use in specific extension */ /* handling functions. */ /* */ /* INPUT */ /* */ /* certificate Certificate to search */ /* extension Return instruction data */ /* extension_id Extension to search for */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* _nx_secure_x509_asn1_tlv_block_parse Parse ASN.1 block */ /* _nx_secure_x509_oid_parse Parse OID in certificate */ /* */ /* CALLED BY */ /* */ /* Application Code */ /* _nx_secure_x509_common_name_dns_check Check Common Name by DNS */ /* _nx_secure_x509_extended_key_usage_extension_parse */ /* Parse Extended KeyUsage */ /* extension */ /* _nx_secure_x509_key_usage_extension_parse */ /* Parse KeyUsage extension */ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* resulting in version 6.1 */ /* 04-02-2021 Timothy Stapko Modified comment(s), */ /* removed dependency on TLS, */ /* resulting in version 6.1.6 */ /* */... /**************************************************************************/ UINT _nx_secure_x509_extension_find(NX_SECURE_X509_CERT *certificate, NX_SECURE_X509_EXTENSION *extension, USHORT extension_id) { USHORT tlv_type; USHORT tlv_type_class; ULONG tlv_length; ULONG extensions_sequence_length; ULONG seq_length; UINT extension_oid = 0; USHORT critical_flag; const UCHAR *tlv_data; const UCHAR *current_buffer; ULONG header_length; UINT status; UINT found_extension = NX_CRYPTO_FALSE; /* Now, parse the extensions. */ /* Extension ASN.1 format: * ASN.1 Sequence: Extension (single) * { * OID: Extension identifier * BOOLEAN: Critical (default=False) * OCTET STRING: DER-encoded specific extension data * } *//* ... */ /* The length of our extensions is the length of the sequence. */ current_buffer = certificate -> nx_secure_x509_extensions_data; extensions_sequence_length = certificate -> nx_secure_x509_extensions_data_length; /* Keep looping until we run out of data to parse. */ while (extensions_sequence_length > 0) { /* Next, parse the single extension sequence. */ status = _nx_secure_x509_asn1_tlv_block_parse(current_buffer, &extensions_sequence_length, &tlv_type, &tlv_type_class, &tlv_length, &tlv_data, &header_length); /* Make sure we parsed the block alright. */ if (status != 0) { return(status); }if (status != 0) { ... } /* If the next item up is not a sequence, then it isn't an extensions block. */ if (!(tlv_type_class == NX_SECURE_ASN_TAG_CLASS_UNIVERSAL && tlv_type == NX_SECURE_ASN_TAG_SEQUENCE)) { /* The extensions sequence isn't empty and we should be seeing another extension sequence but we got something else so something is amiss. *//* ... */ return(NX_SECURE_X509_INVALID_EXTENSION_SEQUENCE); }if (!(tlv_type_class == NX_SECURE_ASN_TAG_CLASS_UNIVERSAL && tlv_type == NX_SECURE_ASN_TAG_SEQUENCE)) { ... } /* Advance our buffer to the next item. We are now in the sequence so advance buffer after this instead of pointing to tlv_data. *//* ... */ current_buffer += header_length + tlv_length; seq_length = tlv_length; /* Parse the OID. */ status = _nx_secure_x509_asn1_tlv_block_parse(tlv_data, &seq_length, &tlv_type, &tlv_type_class, &tlv_length, &tlv_data, &header_length); if (status != 0) { return status; }if (status != 0) { ... } /* Now check out what we got. Should be an OID... */ if (tlv_type == NX_SECURE_ASN_TAG_OID) { /* The OID is in the data we extracted. */ _nx_secure_x509_oid_parse(tlv_data, tlv_length, &extension_oid); }if (tlv_type == NX_SECURE_ASN_TAG_OID) { ... } else { /* Invalid extension, end parsing. */ return(NX_SECURE_X509_INVALID_EXTENSION_SEQUENCE); }else { ... } /* See if we found a match. */ if (extension_oid == extension_id) { /* Advance the working pointer to the data immediately following the OID. */ current_buffer = tlv_data + tlv_length; /* We found a matching extension, break out and populate the return structure. */ found_extension = NX_CRYPTO_TRUE; break; }if (extension_oid == extension_id) { ... } }while (extensions_sequence_length > 0) { ... } /* End while loop. */ /* Did we find the extension we were looking for? */ if (found_extension != NX_CRYPTO_TRUE) { return(NX_SECURE_X509_EXTENSION_NOT_FOUND); }if (found_extension != NX_CRYPTO_TRUE) { ... } /* If we get here, we found a matching extension. */ extension -> nx_secure_x509_extension_id = (USHORT)extension_oid; /* Parse the Critical boolean. */ status = _nx_secure_x509_asn1_tlv_block_parse(current_buffer, &seq_length, &tlv_type, &tlv_type_class, &tlv_length, &tlv_data, &header_length); if (status != 0) { return status; }if (status != 0) { ... } /* Now check out what we got. Possibly a boolean for the critical flag, but if it isn't there, then it's default is FALSE. *//* ... */ critical_flag = NX_CRYPTO_FALSE; if (tlv_type == NX_SECURE_ASN_TAG_BOOLEAN) { /* The boolean is in the data we extracted. Convert ASN.1 boolean TRUE (all bits set) to integer 1. */ critical_flag = tlv_data[0] != 0; /* Advance our buffer to the next item. */ current_buffer += header_length + tlv_length; /* Parse the octet string containing the DER-encoded extension data. */ status = _nx_secure_x509_asn1_tlv_block_parse(current_buffer, &seq_length, &tlv_type, &tlv_type_class, &tlv_length, &tlv_data, &header_length); if (status != 0) { return status; }if (status != 0) { ... } }if (tlv_type == NX_SECURE_ASN_TAG_BOOLEAN) { ... } extension -> nx_secure_x509_extension_critical = critical_flag; /* Now check out what we got. Should be an octet string... */ if (tlv_type != NX_SECURE_ASN_TAG_OCTET_STRING) { /* Invalid extension, end parsing. */ return(NX_SECURE_X509_INVALID_EXTENSION_SEQUENCE); }if (tlv_type != NX_SECURE_ASN_TAG_OCTET_STRING) { ... } /* Save off a pointer to the extension data (format determined by actual extension type). */ extension -> nx_secure_x509_extension_data = tlv_data; extension -> nx_secure_x509_extension_data_length = tlv_length; #if 0 /* Dispatch based on OID to individual parsing routines. */ switch (extension_oid) { case NX_SECURE_TLS_X509_TYPE_AUTHORITY_KEY_ID: /*printf("Got authority key ID extension.\n");*/ break;case NX_SECURE_TLS_X509_TYPE_AUTHORITY_KEY_ID: case NX_SECURE_TLS_X509_TYPE_SUBJECT_KEY_ID: /*printf("Got subject key ID extension.\n");*/ break;case NX_SECURE_TLS_X509_TYPE_SUBJECT_KEY_ID: case NX_SECURE_TLS_X509_TYPE_BASIC_CONSTRAINTS: /*printf("Got basic constraints extension. \n");*/ break;case NX_SECURE_TLS_X509_TYPE_BASIC_CONSTRAINTS: case NX_SECURE_TLS_X509_TYPE_NETSCAPE_COMMENT: /*printf("Got Netscape comment extension. \n");*/ break;case NX_SECURE_TLS_X509_TYPE_NETSCAPE_COMMENT: case NX_SECURE_TLS_X509_TYPE_UNKNOWN: /* Unknown extension, ignore. */ /*printf("Unknown extension OID\n");*/ break;case NX_SECURE_TLS_X509_TYPE_UNKNOWN: default: /* Unsupported extension, ignore. */ /*printf("Unsupported extension OID: %d\n", extension_oid);*/ break;default }switch (extension_oid) { ... } /* ... */#endif return(NX_SECURE_X509_SUCCESS); }{ ... }