Additional extension support

[RonEld]

Description

Add support for parsing the following X509 extensions:

1. subject alternative name, of type otherName - HardwareModuleName , as defined in rfc 4108 section 5.
2. certificate policy, only of type "Any Policy", as defined in rfc 5280 section 4.2.1.4

Status

READY

Requires Backporting

NO
This is an enhancement

Migrations

NO

Todos

• Tests
• Documentation
• Changelog updated
• Backported

Steps to test or reproduce

Outline the steps to test or reproduce the PR here.

[hanno-becker]

@RonEld How urgent is this? It would be good to base it on the recent reworkings of the X.509 module, especially #2478, but it's not clear when we'll have time to review and merge the latter.

[RonEld]

@hanno-arm This is targeting 5.13.
I'll rebase, and see if there are differrnces in the behavior

[RonEld]

@hanno-arm I have just checked, and it seems that this is already on top of the latest x509 changes, except for the parsing on demand which is not merged yet

[RonEld]

This is dependent on #2531 to be merged, in order to pass CI

[k-stachowiak]

I have not found any critical issue. However, I am not sure whether the ABI break is feasible at this moment, and I would suggest removing redundant checks. If a rework is done I would also suggest fixing minor formatting issues.

[k-stachowiak]

To my understanding this line breaks the ABI compatibility. Is this intentional and acceptable in this moment in terms of the development cycle?

[RonEld]

Yes, this breaks the ABI. As well as the hardware_module_name introduced in line 80.

Do you see another way to support these new extensions?
I believe that in this development cycle, it is ok to break the ABI in development branch. @Patater please confirm

[k-stachowiak]

I don't know, how else this could be implemented, especially in a natural way. I only wanted to point this out, as it will matter in case of a release. As far as I understand, merging an ABI break into development, effectively makes the next release a breaking one. If this is what we plan (this is what I meant by the development cycle), then it is fine. But if we plan to have non-breaking, minor releases first, then I think this PR should be somehow tagged and the merge should be held until we are ready for an ABI breaking release.

[RonEld]

Thanks,yes, of course.

[RonEld]

The only way to avoid ABI breakage is to add yet another configuration option ( even two for the two additions?), but I don't like adding more configuration options; at least for this purpose

[k-stachowiak]

If there is a rework done, I would suggest removing an extra space before the comma here.

[k-stachowiak]

Minor: the define's value is not aligned to the others.

[k-stachowiak]

Minor: all the description strings could be shifted one space to the right here, to have a space after the comma.

[k-stachowiak]

The function is mis-indented starting from this line until the next return statement.

[k-stachowiak]

It seems to me that this test is not necessary, as it is repeated inside the ...get_tag function below.

[RonEld]

ok

[k-stachowiak]

As above, this test repeats part of the algorithm executed in ...get_tag below.

[RonEld]

@k-stachowiak Thank you for your comments. Yes, this PR will need re work, as the crypto submodule should be updated, once #2531 will be merged into it.

[hanno-becker]

Minor: The indentation is off here.

[RonEld]

yes, the indentation error described in #2530 (comment) is continued until this line

[hanno-becker]

Blocker: This looks like it reads **p before validating that there's space available.

Suggestion (we've had this in other places before, too): Remove the assignment entirely and set hardware_module_name->val.tag to MBEDTLS_ASN1_OCTET_STRING, because a successful call to mbedtls_asn1_get_tag() determines the ASN.1 tag uniquely.

[RonEld]

ok

[hanno-becker]

The indentation is off here.

[RonEld]

This is same indentation as in the switch case in x509_get_crt_ext().
I took the example from that function. Am I missing something?

[hanno-becker]

I noticed a missing bounds check and some style issues.

In general, I am concerned that this is in severe conflict with #2478, and would appreciate if we could rebase it on top of the latter in case #2478 is targeted for the next release, too. Ping @Patater.

[RonEld]

@hanno-arm Thank you for your comments.
As mentioned, if #2478 will be merged prior to this PR, then I will rebase this PR on top of it, and make the necessary adjustments.

[RonEld]

This PR is pending #2535 and #2536 to be merged to the crypto submodule

[hanno-becker]

Note: The storage of names and sequences in mbedtls_x509_name and mbedtls_x509_sequence is very RAM heavy, and I am removing them in #2478, which will also affect these new fields.

[hanno-becker]

I think there is mismatch between the generic name of the function and the specific name of its hardware_module_name argument. However, given that it's static and can change at any time, it's not a blocker.

[RonEld]

Yes, I am aware. My intention was this function can be enhanced to support other "other names" in the future, but currently only hardware module name supported.
In addition, this function parses the other name SAN section, and returns only the hardware module name

[hanno-becker]

Similar to above, I think the naming is not optimal here. Now that we distinguish more than one kind of subject alternative name, with subject_alt_name only holding the dNSName entries, and hardware_module_name the HwModuleName entries, the parameter names should reflect that.

However, again this is not a blocker because the function is static, and is also largely rewritten in #2478 anyway.

[RonEld]

The subject_alt_name should hold more than just dnsName in the future, such as ipAddress.
However, the HardwareModuleName is a different structure, as it is actually a sequence of an oid and an Octet String, while dnsName and iPAddress are strings. We could think of a way to combine the two

[RonEld]

@k-stachowiak Thank you for your comments!
I believe I have addressed them

[k-stachowiak]

@RonEld Thanks for addressing my comments. The issues I raised have been resolved.

[RonEld]

@hanno-arm I have added some negative tests, however I am not sure about how it is correct

[yanesca]

@RonEld Can you please share how you generated the test data. Being a negative test, my generic ASN1 parser chokes on it and I can't confirm that they indeed test what they should. For example osting the correct data that you modified to get them would be very helpful. Best would be to put it in a comment or at least in the commit message.

@andresag01 I am on leave next week, can you please work with @RonEld and double check the test vectors, before you renew your approval?

[RonEld]

@yanesca @andresag01 I have generated the flawd data according to #2530 (comment)
I took the data from the "basic constraints" tests and modified the OID to certificate policies OID, and and manually changed relevant bytes. This is why I am not sure about the data too much, except that it's invalid.. Using the debugger, I saw that the error is returned from the x509_get_crt_ext function, and not the x509_get_certificate_policies function.

[andresag01]

I looked over the PR once again very briefly. Found a small style issue that is not a blocker.

IMHO we could always use more tests, specially negative testing. But these test vectors are extremely hard to create and generally that is better done using something like fuzzing. This PR adds about 6 negative tests (+/- 1). This is not a lot and I would recommend at least a couple more, but I do not think this is a blocker.

[andresag01]

Minor: Please add space before )

[RonEld]

@andresag01 Thank you for your review!
I think that we can always have more tests.
My main concern is whether the test data itself tests what it claims it does, and that it checks the correct error code. For example. the test "(TBSCertificate v3, ext CertificatePolicies tag, data not oid)" I would expect the error to be :MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG instead of MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA which is currently returned. I am investigating if this is an issue with the data or the code

[k-stachowiak]

@RonEld I used a windows' utility program to analyze the certificates that you provided, and it fails for all of them with a following error:

C:\Users\krzsta01\Documents\temp>certutil cert1
OCSP Request:
Cannot decode object: ASN1 bad tag value met. 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG)
CertUtil: -dump command FAILED: 0x8009310b (ASN: 267 CRYPT_E_ASN1_BADTAG)
CertUtil: ASN1 bad tag value met.

I tried generating the binary file from the test string in two ways: with and xxd -r -p command in cygwin, and using an online converter. I have md5 compared them to make sure I'm getting a right certificate file.

I am willing to approve the PR, but I'm not entirely sure that the tests should be added if, as you mentioned, they may not test what they are supposed to. Once this question is resolved, I'll gladly tick it green.

[RonEld]

@andresag01 THank you for your review!
I think that we can always have more tests.
My main concern is whether the test data itself tests what it claims it does, and that it checks the correct error code.

[RonEld]

@andresag01 @k-stachowiak I believe I have fixed the test data to test what it actually intends to test, and fixed the error codes accordingly.

I have also fixed the style fix mentioned in #2530 (comment)

Frankly I think some of the commits require some squashing, but that's up to you to decide

Considering the comments were addressed, dismissing the review, to be re-reviewed if have the capacity

[k-stachowiak]

I checked the new test data files in practice to see, where the parsing fails, and it looked good as far as I could tell.

Regarding the commit history, I would normally advise against the rewriting, but I have noticed there is a conflict on the ChangeLog. If that cannot be resolved without a rebase, the history cleanup may be a reasonable thing to do.

On that account, please note that "style fix" is an incorrect commit message (on the last commit). A minimal change I'd suggest is to make it "Fix style", to put it in the required form.

[Patater]

Thanks all for your reviews. We'll consider @andresag01's review as still valid, since only whitespace changes have been made since. With two approvals, this is ready for merge.