commit c73fde725b3204bf6f0afa2f55a67636c1128a49
author Jaeden Amero <jaeden.amero@arm.com> Wed Mar 27 14:50:21 2019 +0000
committer Jaeden Amero <jaeden.amero@arm.com> Wed Mar 27 16:52:08 2019 +0000
tree 184a2564a1e80dfb5c046c6fa94f3861c6d39e01
parent 3930e18c3c5598f6f8f3c96c545c8644f5b29c92
parent 3b11c8590e59ae2306f43a84d653c4d1ee916dc8

Merge remote-tracking branch 'origin/pr/2531' into development

Ensure tests pass when the submodule is used by updating the list of
crypto tests to include test_suite_oid in both tests/CMakeLists.txt and
tests/Makefile.

* origin/pr/2531:
  Add changeLog entry
  Add certificate policy of type any policy id

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index b237870..5d9927c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,10 @@
 
 = mbed TLS x.x.x branch released xxxx-xx-xx
 
+Features
+   * Add the Any Policy certificate policy oid, as defined in
+     rfc 5280 section 4.2.1.4.
+
 Bugfix
    * Fix private key DER output in the key_app_writer example. File contents
      were shifted by one byte, creating an invalid ASN.1 tag. Fixed by

include/mbedtls/oid.h

diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 65e626e..342ef75 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -168,6 +168,11 @@
 #define MBEDTLS_OID_FRESHEST_CRL                MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
 
 /*
+ * Certificate policies
+ */
+#define MBEDTLS_OID_ANY_POLICY              MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
+
+/*
  * Netscape certificate extensions
  */
 #define MBEDTLS_OID_NS_CERT                 MBEDTLS_OID_NETSCAPE "\x01"
@@ -577,6 +582,16 @@
 int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
 
 /**
+ * \brief          Translate certificate policies OID into description
+ *
+ * \param oid      OID to use
+ * \param desc     place to store string pointer
+ *
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
+
+/**
  * \brief          Translate md_type into hash algorithm OID
  *
  * \param md_alg   message digest algorithm

library/oid.c

diff --git a/library/oid.c b/library/oid.c
index 294bbd6..4e10f8a 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -296,6 +296,15 @@
 FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
 FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
 
+static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
+{
+    { ADD_LEN( MBEDTLS_OID_ANY_POLICY ),      "anyPolicy",       "Any Policy" },
+    { NULL, 0, NULL, NULL },
+};
+
+FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
+FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description)
+
 #if defined(MBEDTLS_MD_C)
 /*
  * For SignatureAlgorithmIdentifier

tests/CMakeLists.txt

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index ee8ff79..52dac48 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -116,6 +116,7 @@
     add_test_suite(memory_buffer_alloc)
     add_test_suite(mpi)
     add_test_suite(nist_kw)
+    add_test_suite(oid)
     add_test_suite(pem)
     add_test_suite(pkcs1_v15)
     add_test_suite(pkcs1_v21)

tests/Makefile

diff --git a/tests/Makefile b/tests/Makefile
index e2fbff7..f5cc409 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -97,6 +97,7 @@
 		test_suite_memory_buffer_alloc \
 		test_suite_mpi \
 		test_suite_nist_kw \
+		test_suite_oid \
 		test_suite_pem \
 		test_suite_pk \
 		test_suite_pkcs1_v15 \

tests/suites/test_suite_oid.data

diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data
new file mode 100644
index 0000000..759a010
--- /dev/null
+++ b/tests/suites/test_suite_oid.data
@@ -0,0 +1,8 @@
+OID get Any Policy certificate policy
+oid_get_certificate_policies:"551D2000":"Any Policy"
+
+OID get certificate policy invalid oid
+oid_get_certificate_policies:"5533445566":""
+
+OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier
+oid_get_certificate_policies:"551D23":""

tests/suites/test_suite_oid.function

diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
new file mode 100644
index 0000000..e95e48d
--- /dev/null
+++ b/tests/suites/test_suite_oid.function
@@ -0,0 +1,34 @@
+/* BEGIN_HEADER */
+#include "mbedtls/oid.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "string.h"
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_OID_C
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C*/
+void oid_get_certificate_policies( data_t * oid, char * result_str )
+{
+    mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
+    int ret;
+    const char *desc;
+
+    asn1_buf.tag = MBEDTLS_ASN1_OID;
+    asn1_buf.p = oid->x;
+    asn1_buf.len = oid->len;
+
+    ret = mbedtls_oid_get_certificate_policies( &asn1_buf, &desc );
+    if( strlen( result_str ) == 0 )
+    {
+        TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
+    }
+    else
+    {
+        TEST_ASSERT( strcmp( ( char* )desc, result_str ) == 0 );
+    }
+}
+/* END_CASE */