Better support for the different Attribute Types from IETF PKIX (RFC 5280)

6384440b · Paul Bakker · 1a1fbba1 · 6384440b · 6384440b · 6384440b
Commit 6384440b authored Apr 30, 2014 by Paul Bakker
Hide whitespace changes
Inline Side-by-side

Showing with 76 additions and 0 deletions

ChangeLog ChangeLog +1 -0

include/polarssl/oid.h include/polarssl/oid.h +9 -0

library/oid.c library/oid.c +32 -0

library/x509_create.c library/x509_create.c +34 -0

No files found.
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,7 @@ Changes
   * POLARSSL_CONFIG_OPTIONS has been removed. All values are individually
     checked and filled in the relevant module headers
   * Debug module only outputs full lines instead of parts
+   * Better support for the different Attribute Types from IETF PKIX (RFC 5280)

 Bugfix
   * Only iterate over actual certificates in ssl_write_certificate_request()

--- a/include/polarssl/oid.h
+++ b/include/polarssl/oid.h
@@ -105,14 +105,23 @@
 */
 #define OID_AT                          OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
 #define OID_AT_CN                       OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
+#define OID_AT_SUR_NAME                 OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
 #define OID_AT_SERIAL_NUMBER            OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
 #define OID_AT_COUNTRY                  OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
 #define OID_AT_LOCALITY                 OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
 #define OID_AT_STATE                    OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
 #define OID_AT_ORGANIZATION             OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
 #define OID_AT_ORG_UNIT                 OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
+#define OID_AT_TITLE                    OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
 #define OID_AT_POSTAL_ADDRESS           OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
 #define OID_AT_POSTAL_CODE              OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
+#define OID_AT_GIVEN_NAME               OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
+#define OID_AT_INITIALS                 OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
+#define OID_AT_GENERATION_QUALIFIER     OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
+#define OID_AT_DN_QUALIFIER             OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
+#define OID_AT_PSEUDONYM                OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
+
+#define OID_DOMAIN_COMPONENT            "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */

 /*
 * OIDs for standard certificate extensions

--- a/library/oid.c
+++ b/library/oid.c
@@ -195,6 +195,38 @@ static const oid_x520_attr_t oid_x520_attr_type[] =
        { ADD_LEN( OID_AT_POSTAL_CODE ), "id-at-postalCode",               "Postal code" },
        "postalCode",
    },
+    {
+        { ADD_LEN( OID_AT_SUR_NAME ),    "id-at-surName",                  "Surname" },
+        "SN",
+    },
+    {
+        { ADD_LEN( OID_AT_GIVEN_NAME ),  "id-at-givenName",                "Given name" },
+        "GN",
+    },
+    {
+        { ADD_LEN( OID_AT_INITIALS ),    "id-at-initials",                 "Initials" },
+        "initials",
+    },
+    {
+        { ADD_LEN( OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" },
+        "generationQualifier",
+    },
+    {
+        { ADD_LEN( OID_AT_TITLE ),       "id-at-title",                    "Title" },
+        "title",
+    },
+    {
+        { ADD_LEN( OID_AT_DN_QUALIFIER ),"id-at-dnQualifier",              "Distinguished Name qualifier" },
+        "dnQualifier",
+    },
+    {
+        { ADD_LEN( OID_AT_PSEUDONYM ),   "id-at-pseudonym",                "Pseudonym" },
+        "pseudonym",
+    },
+    {
+        { ADD_LEN( OID_DOMAIN_COMPONENT ), "id-domainComponent",           "Domain component" },
+        "DC",
+    },
    {
        { NULL, 0, NULL, NULL },
        NULL,

--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -53,18 +53,30 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
        {
            if( c - s == 2 && strncasecmp( s, "CN", 2 ) == 0 )
                oid = OID_AT_CN;
+            else if( c - s == 10 && strncasecmp( s, "commonName", 10 ) == 0 )
+                oid = OID_AT_CN;
            else if( c - s == 1 && strncasecmp( s, "C", 1 ) == 0 )
                oid = OID_AT_COUNTRY;
+            else if( c - s == 11 && strncasecmp( s, "countryName", 11 ) == 0 )
+                oid = OID_AT_COUNTRY;
            else if( c - s == 1 && strncasecmp( s, "O", 1 ) == 0 )
                oid = OID_AT_ORGANIZATION;
+            else if( c - s == 16 && strncasecmp( s, "organizationName", 16 ) == 0 )
+                oid = OID_AT_ORGANIZATION;
            else if( c - s == 1 && strncasecmp( s, "L", 1 ) == 0 )
                oid = OID_AT_LOCALITY;
+            else if( c - s == 8 && strncasecmp( s, "locality", 8 ) == 0 )
+                oid = OID_AT_LOCALITY;
            else if( c - s == 1 && strncasecmp( s, "R", 1 ) == 0 )
                oid = OID_PKCS9_EMAIL;
            else if( c - s == 2 && strncasecmp( s, "OU", 2 ) == 0 )
                oid = OID_AT_ORG_UNIT;
+            else if( c - s == 22 && strncasecmp( s, "organizationalUnitName", 22 ) == 0 )
+                oid = OID_AT_ORG_UNIT;
            else if( c - s == 2 && strncasecmp( s, "ST", 2 ) == 0 )
                oid = OID_AT_STATE;
+            else if( c - s == 19 && strncasecmp( s, "stateOrProvinceName", 19 ) == 0 )
+                oid = OID_AT_STATE;
            else if( c - s == 12 && strncasecmp( s, "emailAddress", 12 ) == 0 )
                oid = OID_PKCS9_EMAIL;
            else if( c - s == 12 && strncasecmp( s, "serialNumber", 12 ) == 0 )
@@ -73,6 +85,28 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
                oid = OID_AT_POSTAL_ADDRESS;
            else if( c - s == 10 && strncasecmp( s, "postalCode", 10 ) == 0 )
                oid = OID_AT_POSTAL_CODE;
+            else if( c - s == 11 && strncasecmp( s, "dnQualifier", 11 ) == 0 )
+                oid = OID_AT_DN_QUALIFIER;
+            else if( c - s == 5 && strncasecmp( s, "title", 5 ) == 0 )
+                oid = OID_AT_TITLE;
+            else if( c - s == 7 && strncasecmp( s, "surName", 7 ) == 0 )
+                oid = OID_AT_SUR_NAME;
+            else if( c - s == 2 && strncasecmp( s, "SN", 2 ) == 0 )
+                oid = OID_AT_SUR_NAME;
+            else if( c - s == 9 && strncasecmp( s, "givenName", 9 ) == 0 )
+                oid = OID_AT_GIVEN_NAME;
+            else if( c - s == 2 && strncasecmp( s, "GN", 2 ) == 0 )
+                oid = OID_AT_GIVEN_NAME;
+            else if( c - s == 8 && strncasecmp( s, "initials", 8 ) == 0 )
+                oid = OID_AT_INITIALS;
+            else if( c - s == 9 && strncasecmp( s, "pseudonym", 9 ) == 0 )
+                oid = OID_AT_PSEUDONYM;
+            else if( c - s == 19 && strncasecmp( s, "generationQualifier", 19 ) == 0 )
+                oid = OID_AT_GENERATION_QUALIFIER;
+            else if( c - s == 15 && strncasecmp( s, "domainComponent", 15 ) == 0 )
+                oid = OID_DOMAIN_COMPONENT;
+            else if( c - s == 2 && strncasecmp( s, "DC", 2 ) == 0 )
+                oid = OID_DOMAIN_COMPONENT;
            else
            {
                ret = POLARSSL_ERR_X509_UNKNOWN_OID;