netxduo
Select one of the symbols to view example projects that use it.
 
Outline
...
...
...
...
#define NX_SECURE_SOURCE_CODE
#include "nx_secure_x509.h"
...
...
_nx_secure_x509_subject_alt_names_find(NX_SECURE_X509_EXTENSION *, const UCHAR *, UINT, USHORT)
Files
loading...
CodeScopeSTM32 Libraries and Samplesnetxduonx_secure/src/nx_secure_x509_subject_alt_names_find.c
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
/**************************************************************************/ /* */ /* Copyright (c) Microsoft Corporation. All rights reserved. */ /* */ /* This software is licensed under the Microsoft Software License */ /* Terms for Microsoft Azure RTOS. Full text of the license can be */ /* found in the LICENSE file at https://aka.ms/AzureRTOS_EULA */ /* and in the root directory of this software. */ /* */... /**************************************************************************/ ... /**************************************************************************/ /**************************************************************************/ /** */ /** NetX Secure Component */ /** */ /** X.509 Digital Certificates */ /** */... /**************************************************************************/ /**************************************************************************/ #define NX_SECURE_SOURCE_CODE #include "nx_secure_x509.h" ... /**************************************************************************/ /* */ /* FUNCTION RELEASE */ /* */ /* _nx_secure_x509_subject_alt_names_find PORTABLE C */ /* 6.1.6 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ /* */ /* DESCRIPTION */ /* */ /* This function parses through the list of names in an X.509 */ /* subjectAltName extension, looking for a particular name. This is */ /* typically used to see if a DNS name is present in a subjectAltName */ /* extension if the Common Name did not match. */ /* */ /* INPUT */ /* */ /* extension subjectAltName extension data */ /* name Name to search for */ /* name_length Length of name */ /* name_type Type of name */ /* */ /* OUTPUT */ /* */ /* status Completion status */ /* */ /* CALLS */ /* */ /* _nx_secure_x509_asn1_tlv_block_parse Parse ASN.1 block */ /* _nx_secure_x509_wildcard_compare Wildcard compare for names */ /* */ /* CALLED BY */ /* */ /* _nx_secure_x509_common_name_dns_check Check Common Name by DNS */ /* */ /* RELEASE HISTORY */ /* */ /* DATE NAME DESCRIPTION */ /* */ /* 05-19-2020 Timothy Stapko Initial Version 6.0 */ /* 09-30-2020 Timothy Stapko Modified comment(s), */ /* resulting in version 6.1 */ /* 04-02-2021 Timothy Stapko Modified comment(s), */ /* removed dependency on TLS, */ /* resulting in version 6.1.6 */ /* */... /**************************************************************************/ UINT _nx_secure_x509_subject_alt_names_find(NX_SECURE_X509_EXTENSION *extension, const UCHAR *name, UINT name_length, USHORT name_type) { USHORT tlv_type; USHORT tlv_type_class; ULONG tlv_length; const UCHAR *tlv_data; const UCHAR *current_buffer; ULONG length; ULONG header_length; UINT status; const UCHAR *compare_name; ULONG compare_length; INT compare_value; /* Now, parse the subjectAltName extension. */ /* subjectAltName ASN.1 format: SubjectAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER } AnotherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } EDIPartyName ::= SEQUENCE { nameAssigner [0] DirectoryString OPTIONAL, partyName [1] DirectoryString } *//* ... */ /* The length of our extensions is the length of the sequence. */ current_buffer = extension -> nx_secure_x509_extension_data; length = extension -> nx_secure_x509_extension_data_length; /* First, parse the name sequence. */ status = _nx_secure_x509_asn1_tlv_block_parse(current_buffer, &length, &tlv_type, &tlv_type_class, &tlv_length, &tlv_data, &header_length); /* Make sure we parsed the block alright. */ if (status != 0) { return(status); }if (status != 0) { ... } /* If the next item up is not a sequence, then it isn't an extensions block. */ if (!(tlv_type_class == NX_SECURE_ASN_TAG_CLASS_UNIVERSAL && tlv_type == NX_SECURE_ASN_TAG_SEQUENCE)) { /* The extensions sequence isn't empty and we should be seeing another extension sequence but we got something else so something is amiss. *//* ... */ return(NX_SECURE_X509_INVALID_EXTENSION_SEQUENCE); }if (!(tlv_type_class == NX_SECURE_ASN_TAG_CLASS_UNIVERSAL && tlv_type == NX_SECURE_ASN_TAG_SEQUENCE)) { ... } /* The names are in the body of the sequence structure, so use our tlv_data and length. */ current_buffer = tlv_data; length = tlv_length; /* Keep looping until we run out of data to parse. */ while (length > 0) { /* First, parse the context-specific tag (if it exists). */ status = _nx_secure_x509_asn1_tlv_block_parse(current_buffer, &length, &tlv_type, &tlv_type_class, &tlv_length, &tlv_data, &header_length); /* Make sure we parsed the block alright. */ if (status != 0) { return(status); }if (status != 0) { ... } /* If the next item up is not a context-sensitive tag, then not a valid subjectAltName. */ if (!(tlv_type_class == NX_SECURE_ASN_TAG_CLASS_CONTEXT)) { /* No extensions block is OK because it is non-existent in v1 and v2, and OPTIONAL in v3. *//* ... */ return(NX_SECURE_X509_ALT_NAME_NOT_FOUND); }if (!(tlv_type_class == NX_SECURE_ASN_TAG_CLASS_CONTEXT)) { ... } current_buffer += header_length; /* If the name type we are searching for doesn't match what we just parsed, continue to the next entry. *//* ... */ if (tlv_type != name_type) { continue; }if (tlv_type != name_type) { ... } /* Process the name type we found. */ switch (tlv_type) { case NX_SECURE_X509_SUB_ALT_NAME_TAG_DNSNAME: /* Now we have an IA5 string to compare against our name. */ compare_name = tlv_data; compare_length = tlv_length; break;case NX_SECURE_X509_SUB_ALT_NAME_TAG_DNSNAME: case NX_SECURE_X509_SUB_ALT_NAME_TAG_OTHERNAME: case NX_SECURE_X509_SUB_ALT_NAME_TAG_RFC822NAME: case NX_SECURE_X509_SUB_ALT_NAME_TAG_X400ADDRESS: case NX_SECURE_X509_SUB_ALT_NAME_TAG_DIRECTORYNAME: case NX_SECURE_X509_SUB_ALT_NAME_TAG_EDIPARTYNAME: case NX_SECURE_X509_SUB_ALT_NAME_TAG_UNIFORMRESOURCEIDENTIFIER: case NX_SECURE_X509_SUB_ALT_NAME_TAG_IPADDRESS: case NX_SECURE_X509_SUB_ALT_NAME_TAG_REGISTEREDID: default: /* Deliberate fall-through. These name types are not supported. */ continue;default }switch (tlv_type) { ... } /* Compare the names, using wildcard matching. */ compare_value = _nx_secure_x509_wildcard_compare(name, name_length, compare_name, compare_length); if (compare_value == 0) { /* We found a match! */ return(NX_SECURE_X509_SUCCESS); }if (compare_value == 0) { ... } current_buffer += tlv_length; }while (length > 0) { ... } /* End while-loop. */ return(NX_SECURE_X509_ALT_NAME_NOT_FOUND); }{ ... }