mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
feat: support the attributeDescriptor X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25429)
This commit is contained in:
parent
ba6f115ccf
commit
cccdf41010
@ -18,7 +18,7 @@ SOURCE[../../libcrypto]=\
|
||||
v3_soa_id.c v3_no_ass.c v3_group_ac.c v3_single_use.c v3_ind_iss.c \
|
||||
x509_acert.c x509aset.c t_acert.c x_ietfatt.c v3_ac_tgt.c v3_sda.c \
|
||||
v3_usernotice.c v3_battcons.c v3_audit_id.c v3_iobo.c v3_authattid.c \
|
||||
v3_rolespec.c
|
||||
v3_rolespec.c v3_attrdesc.c
|
||||
|
||||
IF[{- !$disabled{'deprecated-3.0'} -}]
|
||||
SOURCE[../../libcrypto]=x509type.c
|
||||
|
@ -44,3 +44,4 @@ extern const X509V3_EXT_METHOD ossl_v3_audit_identity;
|
||||
extern const X509V3_EXT_METHOD ossl_v3_issued_on_behalf_of;
|
||||
extern const X509V3_EXT_METHOD ossl_v3_authority_attribute_identifier;
|
||||
extern const X509V3_EXT_METHOD ossl_v3_role_spec_cert_identifier;
|
||||
extern const X509V3_EXT_METHOD ossl_v3_attribute_descriptor;
|
||||
|
@ -80,6 +80,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
|
||||
&ossl_v3_role_spec_cert_identifier,
|
||||
&ossl_v3_battcons,
|
||||
&ossl_v3_delegated_name_constraints,
|
||||
&ossl_v3_attribute_descriptor,
|
||||
&ossl_v3_user_notice,
|
||||
&ossl_v3_soa_identifier,
|
||||
&ossl_v3_acc_cert_policies,
|
||||
|
191
crypto/x509/v3_attrdesc.c
Normal file
191
crypto/x509/v3_attrdesc.c
Normal file
@ -0,0 +1,191 @@
|
||||
/*
|
||||
* Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/asn1t.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <crypto/x509.h>
|
||||
#include "ext_dat.h"
|
||||
|
||||
ASN1_SEQUENCE(OSSL_HASH) = {
|
||||
ASN1_SIMPLE(OSSL_HASH, algorithmIdentifier, X509_ALGOR),
|
||||
ASN1_OPT(OSSL_HASH, hashValue, ASN1_BIT_STRING),
|
||||
} ASN1_SEQUENCE_END(OSSL_HASH)
|
||||
|
||||
ASN1_SEQUENCE(OSSL_INFO_SYNTAX_POINTER) = {
|
||||
ASN1_SIMPLE(OSSL_INFO_SYNTAX_POINTER, name, GENERAL_NAMES),
|
||||
ASN1_OPT(OSSL_INFO_SYNTAX_POINTER, hash, OSSL_HASH),
|
||||
} ASN1_SEQUENCE_END(OSSL_INFO_SYNTAX_POINTER)
|
||||
|
||||
ASN1_CHOICE(OSSL_INFO_SYNTAX) = {
|
||||
ASN1_SIMPLE(OSSL_INFO_SYNTAX, choice.content, DIRECTORYSTRING),
|
||||
ASN1_SIMPLE(OSSL_INFO_SYNTAX, choice.pointer, OSSL_INFO_SYNTAX_POINTER)
|
||||
} ASN1_CHOICE_END(OSSL_INFO_SYNTAX)
|
||||
|
||||
ASN1_SEQUENCE(OSSL_PRIVILEGE_POLICY_ID) = {
|
||||
ASN1_SIMPLE(OSSL_PRIVILEGE_POLICY_ID, privilegePolicy, ASN1_OBJECT),
|
||||
ASN1_SIMPLE(OSSL_PRIVILEGE_POLICY_ID, privPolSyntax, OSSL_INFO_SYNTAX),
|
||||
} ASN1_SEQUENCE_END(OSSL_PRIVILEGE_POLICY_ID)
|
||||
|
||||
ASN1_SEQUENCE(OSSL_ATTRIBUTE_DESCRIPTOR) = {
|
||||
ASN1_SIMPLE(OSSL_ATTRIBUTE_DESCRIPTOR, identifier, ASN1_OBJECT),
|
||||
ASN1_SIMPLE(OSSL_ATTRIBUTE_DESCRIPTOR, attributeSyntax, ASN1_OCTET_STRING),
|
||||
ASN1_IMP_OPT(OSSL_ATTRIBUTE_DESCRIPTOR, name, ASN1_UTF8STRING, 0),
|
||||
ASN1_IMP_OPT(OSSL_ATTRIBUTE_DESCRIPTOR, description, ASN1_UTF8STRING, 1),
|
||||
ASN1_SIMPLE(OSSL_ATTRIBUTE_DESCRIPTOR, dominationRule, OSSL_PRIVILEGE_POLICY_ID),
|
||||
} ASN1_SEQUENCE_END(OSSL_ATTRIBUTE_DESCRIPTOR)
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_HASH)
|
||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_INFO_SYNTAX)
|
||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_INFO_SYNTAX_POINTER)
|
||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_PRIVILEGE_POLICY_ID)
|
||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_ATTRIBUTE_DESCRIPTOR)
|
||||
|
||||
/* Copied from x_attrib.c */
|
||||
static int print_hex(BIO *out, unsigned char *buf, int len)
|
||||
{
|
||||
int result = 1;
|
||||
char *hexbuf;
|
||||
|
||||
if (len == 0)
|
||||
return 1;
|
||||
|
||||
hexbuf = OPENSSL_buf2hexstr(buf, len);
|
||||
if (hexbuf == NULL)
|
||||
return 0;
|
||||
result = BIO_puts(out, hexbuf) > 0;
|
||||
|
||||
OPENSSL_free(hexbuf);
|
||||
return result;
|
||||
}
|
||||
|
||||
static int i2r_HASH(X509V3_EXT_METHOD *method,
|
||||
OSSL_HASH *hash,
|
||||
BIO *out, int indent)
|
||||
{
|
||||
if (BIO_printf(out, "%*sAlgorithm: ", indent, "") <= 0)
|
||||
return 0;
|
||||
if (i2a_ASN1_OBJECT(out, hash->algorithmIdentifier->algorithm) <= 0)
|
||||
return 0;
|
||||
if (BIO_puts(out, "\n") <= 0)
|
||||
return 0;
|
||||
if (hash->algorithmIdentifier->parameter) {
|
||||
if (BIO_printf(out, "%*sParameter: ", indent, "") <= 0)
|
||||
return 0;
|
||||
if (ossl_print_attribute_value(out, 0, hash->algorithmIdentifier->parameter,
|
||||
indent + 4) <= 0)
|
||||
return 0;
|
||||
if (BIO_puts(out, "\n") <= 0)
|
||||
return 0;
|
||||
}
|
||||
if (BIO_printf(out, "%*sHash Value: ", indent, "") <= 0)
|
||||
return 0;
|
||||
return print_hex(out, hash->hashValue->data, hash->hashValue->length);
|
||||
}
|
||||
|
||||
static int i2r_INFO_SYNTAX_POINTER(X509V3_EXT_METHOD *method,
|
||||
OSSL_INFO_SYNTAX_POINTER *pointer,
|
||||
BIO *out, int indent)
|
||||
{
|
||||
if (BIO_printf(out, "%*sNames:\n", indent, "") <= 0)
|
||||
return 0;
|
||||
if (OSSL_GENERAL_NAMES_print(out, pointer->name, indent) <= 0)
|
||||
return 0;
|
||||
if (BIO_puts(out, "\n") <= 0)
|
||||
return 0;
|
||||
if (pointer->hash != NULL) {
|
||||
if (BIO_printf(out, "%*sHash:\n", indent, "") <= 0)
|
||||
return 0;
|
||||
if (i2r_HASH(method, pointer->hash, out, indent + 4) <= 0)
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int i2r_OSSL_INFO_SYNTAX(X509V3_EXT_METHOD *method,
|
||||
OSSL_INFO_SYNTAX *info,
|
||||
BIO *out, int indent)
|
||||
{
|
||||
switch (info->type) {
|
||||
case (OSSL_INFO_SYNTAX_TYPE_CONTENT):
|
||||
if (BIO_printf(out, "%*sContent: ", indent, "") <= 0)
|
||||
return 0;
|
||||
if (BIO_printf(out, "%.*s", info->choice.content->length, info->choice.content->data) <= 0)
|
||||
return 0;
|
||||
if (BIO_puts(out, "\n") <= 0)
|
||||
return 0;
|
||||
return 1;
|
||||
case (OSSL_INFO_SYNTAX_TYPE_POINTER):
|
||||
if (BIO_printf(out, "%*sPointer:\n", indent, "") <= 0)
|
||||
return 0;
|
||||
return i2r_INFO_SYNTAX_POINTER(method, info->choice.pointer, out, indent + 4);
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int i2r_OSSL_PRIVILEGE_POLICY_ID(X509V3_EXT_METHOD *method,
|
||||
OSSL_PRIVILEGE_POLICY_ID *ppid,
|
||||
BIO *out, int indent)
|
||||
{
|
||||
char buf[80];
|
||||
|
||||
/* Intentionally display the numeric OID, rather than the textual name. */
|
||||
if (OBJ_obj2txt(buf, sizeof(buf), ppid->privilegePolicy, 1) <= 0)
|
||||
return 0;
|
||||
if (BIO_printf(out, "%*sPrivilege Policy Identifier: %s\n", indent, "", buf) <= 0)
|
||||
return 0;
|
||||
if (BIO_printf(out, "%*sPrivilege Policy Syntax:\n", indent, "") <= 0)
|
||||
return 0;
|
||||
return i2r_OSSL_INFO_SYNTAX(method, ppid->privPolSyntax, out, indent + 4);
|
||||
}
|
||||
|
||||
static int i2r_OSSL_ATTRIBUTE_DESCRIPTOR(X509V3_EXT_METHOD *method,
|
||||
OSSL_ATTRIBUTE_DESCRIPTOR *ad,
|
||||
BIO *out, int indent)
|
||||
{
|
||||
char buf[80];
|
||||
|
||||
/* Intentionally display the numeric OID, rather than the textual name. */
|
||||
if (OBJ_obj2txt(buf, sizeof(buf), ad->identifier, 1) <= 0)
|
||||
return 0;
|
||||
if (BIO_printf(out, "%*sIdentifier: %s\n", indent, "", buf) <= 0)
|
||||
return 0;
|
||||
if (BIO_printf(out, "%*sSyntax:\n", indent, "") <= 0)
|
||||
return 0;
|
||||
if (BIO_printf(out, "%*s%.*s", indent + 4, "",
|
||||
ad->attributeSyntax->length, ad->attributeSyntax->data) <= 0)
|
||||
return 0;
|
||||
if (BIO_puts(out, "\n\n") <= 0)
|
||||
return 0;
|
||||
if (ad->name != NULL) {
|
||||
if (BIO_printf(out, "%*sName: %.*s\n", indent, "", ad->name->length, ad->name->data) <= 0)
|
||||
return 0;
|
||||
}
|
||||
if (ad->description != NULL) {
|
||||
if (BIO_printf(out, "%*sDescription: %.*s\n", indent, "",
|
||||
ad->description->length, ad->description->data) <= 0)
|
||||
return 0;
|
||||
}
|
||||
if (BIO_printf(out, "%*sDomination Rule:\n", indent, "") <= 0)
|
||||
return 0;
|
||||
return i2r_OSSL_PRIVILEGE_POLICY_ID(method, ad->dominationRule, out, indent + 4);
|
||||
}
|
||||
|
||||
const X509V3_EXT_METHOD ossl_v3_attribute_descriptor = {
|
||||
NID_attribute_descriptor, X509V3_EXT_MULTILINE,
|
||||
ASN1_ITEM_ref(OSSL_ATTRIBUTE_DESCRIPTOR),
|
||||
0, 0, 0, 0,
|
||||
0, 0,
|
||||
0,
|
||||
0,
|
||||
(X509V3_EXT_I2R)i2r_OSSL_ATTRIBUTE_DESCRIPTOR,
|
||||
NULL,
|
||||
NULL
|
||||
};
|
@ -1052,6 +1052,45 @@ DECLARE_ASN1_FUNCTIONS(OSSL_ROLE_SPEC_CERT_ID)
|
||||
typedef STACK_OF(OSSL_ROLE_SPEC_CERT_ID) OSSL_ROLE_SPEC_CERT_ID_SYNTAX;
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(OSSL_ROLE_SPEC_CERT_ID_SYNTAX)
|
||||
typedef struct OSSL_HASH_st {
|
||||
X509_ALGOR *algorithmIdentifier;
|
||||
ASN1_BIT_STRING *hashValue;
|
||||
} OSSL_HASH;
|
||||
|
||||
typedef struct OSSL_INFO_SYNTAX_POINTER_st {
|
||||
GENERAL_NAMES *name;
|
||||
OSSL_HASH *hash;
|
||||
} OSSL_INFO_SYNTAX_POINTER;
|
||||
|
||||
# define OSSL_INFO_SYNTAX_TYPE_CONTENT 0
|
||||
# define OSSL_INFO_SYNTAX_TYPE_POINTER 1
|
||||
|
||||
typedef struct OSSL_INFO_SYNTAX_st {
|
||||
int type;
|
||||
union {
|
||||
ASN1_STRING *content;
|
||||
OSSL_INFO_SYNTAX_POINTER *pointer;
|
||||
} choice;
|
||||
} OSSL_INFO_SYNTAX;
|
||||
|
||||
typedef struct OSSL_PRIVILEGE_POLICY_ID_st {
|
||||
ASN1_OBJECT *privilegePolicy;
|
||||
OSSL_INFO_SYNTAX *privPolSyntax;
|
||||
} OSSL_PRIVILEGE_POLICY_ID;
|
||||
|
||||
typedef struct OSSL_ATTRIBUTE_DESCRIPTOR_st {
|
||||
ASN1_OBJECT *identifier;
|
||||
ASN1_STRING *attributeSyntax;
|
||||
ASN1_UTF8STRING *name;
|
||||
ASN1_UTF8STRING *description;
|
||||
OSSL_PRIVILEGE_POLICY_ID *dominationRule;
|
||||
} OSSL_ATTRIBUTE_DESCRIPTOR;
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(OSSL_HASH)
|
||||
DECLARE_ASN1_FUNCTIONS(OSSL_INFO_SYNTAX)
|
||||
DECLARE_ASN1_FUNCTIONS(OSSL_INFO_SYNTAX_POINTER)
|
||||
DECLARE_ASN1_FUNCTIONS(OSSL_PRIVILEGE_POLICY_ID)
|
||||
DECLARE_ASN1_FUNCTIONS(OSSL_ATTRIBUTE_DESCRIPTOR)
|
||||
|
||||
# ifdef __cplusplus
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user