hx509: Add DNSSRV and TCG SAN types and DN attrs

This adds hx509 API and hxtool(1) support for PermanentIdentifier, HardwareModuleName, and DNSSRV SAN types, as well as for serialNumber, TPMManufacturer, TPMModel, and TPMVersion DN attributes.
2021-01-15 13:13:55 -06:00
parent dbb0463ca8
commit 37ab2a5308
10 changed files with 594 additions and 9 deletions
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -1844,6 +1844,14 @@ eval_types(hx509_context contextp,
 	    hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_hostname");
    }

+    for (i = 0; i < opt->dnssrv_strings.num_strings; i++) {
+	const char *dnssrv = opt->dnssrv_strings.strings[i];
+
+	ret = hx509_ca_tbs_add_san_dnssrv(contextp, tbs, dnssrv);
+	if (ret)
+	    hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_dnssrv");
+    }
+
    for (i = 0; i < opt->email_strings.num_strings; i++) {
 	const char *email = opt->email_strings.strings[i];

@@ -2115,6 +2123,20 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)

    eval_types(context, tbs, opt);

+    if (opt->permanent_id_string) {
+        ret = hx509_ca_tbs_add_san_permanentIdentifier_string(context, tbs,
+                                                              opt->permanent_id_string);
+	if (ret)
+	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_permanentIdentifier");
+    }
+
+    if (opt->hardware_module_name_string) {
+        ret = hx509_ca_tbs_add_san_hardwareModuleName_string(context, tbs,
+                                                             opt->hardware_module_name_string);
+	if (ret)
+	    hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hardwareModuleName_string");
+    }
+
    for (i = 0; ret == 0 && i < opt->policy_strings.num_strings; i++) {
        char *oidstr, *uri, *dt;