TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 384d4351cebadfc30768022f9e60a5aab9e4d965 / . / library / x509write.c
blob: 3302636459ec21a176059f2440ed16528d9ba1a2 [file] [log] [blame]
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]1/*
2 * X509 buffer writing functionality
3 *
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#include "polarssl/config.h"
27
28#if defined(POLARSSL_X509_WRITE_C)
29
30#include "polarssl/asn1write.h"
31#include "polarssl/x509write.h"
32#include "polarssl/x509.h"
Paul Bakkerc70b9822013-04-07 22:00:46 +0200[diff] [blame]33#include "polarssl/md.h"
34#include "polarssl/oid.h"
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]35
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]36#if defined(POLARSSL_MEMORY_C)
37#include "polarssl/memory.h"
38#else
39#include <stdlib.h>
40#define polarssl_malloc malloc
41#define polarssl_free free
42#endif
43
44void x509cert_req_init( x509_cert_req *ctx )
45{
46 memset( ctx, 0, sizeof(x509_cert_req) );
47}
48
49void x509cert_req_free( x509_cert_req *ctx )
50{
51 x509_req_name *cur;
52
53 while( ( cur = ctx->subject ) != NULL )
54 {
55 ctx->subject = cur->next;
56 polarssl_free( cur );
57 }
58
59 memset( ctx, 0, sizeof(x509_cert_req) );
60}
61
62void x509cert_req_set_md_alg( x509_cert_req *ctx, md_type_t md_alg )
63{
64 ctx->md_alg = md_alg;
65}
66
67void x509cert_req_set_rsa_key( x509_cert_req *ctx, rsa_context *rsa )
68{
69 ctx->rsa = rsa;
70}
71
72int x509cert_req_set_subject_name( x509_cert_req *ctx, char *subject_name )
73{
74 int ret = 0;
75 char *s = subject_name, *c = s;
76 char *end = s + strlen( s );
77 char *oid = NULL;
78 int in_tag = 1;
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]79 x509_req_name *cur;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]80
81 while( ctx->subject )
82 {
83 cur = ctx->subject;
84 ctx->subject = ctx->subject->next;
85 polarssl_free( cur );
86 }
87
88 while( c <= end )
89 {
90 if( in_tag && *c == '=' )
91 {
92 if( memcmp( s, "CN", 2 ) == 0 && c - s == 2 )
93 oid = OID_AT_CN;
94 else if( memcmp( s, "C", 1 ) == 0 && c - s == 1 )
95 oid = OID_AT_COUNTRY;
96 else if( memcmp( s, "O", 1 ) == 0 && c - s == 1 )
97 oid = OID_AT_ORGANIZATION;
98 else if( memcmp( s, "L", 1 ) == 0 && c - s == 1 )
99 oid = OID_AT_LOCALITY;
100 else if( memcmp( s, "R", 1 ) == 0 && c - s == 1 )
101 oid = OID_PKCS9_EMAIL;
102 else if( memcmp( s, "OU", 2 ) == 0 && c - s == 2 )
103 oid = OID_AT_ORG_UNIT;
104 else if( memcmp( s, "ST", 2 ) == 0 && c - s == 2 )
105 oid = OID_AT_STATE;
106 else
107 {
108 ret = POLARSSL_ERR_X509_WRITE_UNKNOWN_OID;
109 goto exit;
110 }
111
112 s = c + 1;
113 in_tag = 0;
114 }
115
116 if( !in_tag && ( *c == ',' || c == end ) )
117 {
118 if( c - s > 127 )
119 {
120 ret = POLARSSL_ERR_X509_WRITE_BAD_INPUT_DATA;
121 goto exit;
122 }
123
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]124 cur = polarssl_malloc( sizeof(x509_req_name) );
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]125
126 if( cur == NULL )
127 {
128 ret = POLARSSL_ERR_X509_WRITE_MALLOC_FAILED;
129 goto exit;
130 }
131
132 memset( cur, 0, sizeof(x509_req_name) );
133
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]134 cur->next = ctx->subject;
135 ctx->subject = cur;
136
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]137 strncpy( cur->oid, oid, strlen( oid ) );
138 strncpy( cur->name, s, c - s );
139
140 s = c + 1;
141 in_tag = 1;
142 }
143 c++;
144 }
145
146exit:
147
148 return( ret );
149}
150
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]151int x509_write_pubkey_der( unsigned char *buf, size_t size, rsa_context *rsa )
152{
153 int ret;
154 unsigned char *c;
155 size_t len = 0;
156
157 c = buf + size - 1;
158
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]159 /*
160 * RSAPublicKey ::= SEQUENCE {
161 * modulus INTEGER, -- n
162 * publicExponent INTEGER -- e
163 * }
164 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]165 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
166 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
167
168 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
169 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
170
171 if( c - buf < 1 )
172 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
173
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]174 /*
175 * SubjectPublicKeyInfo ::= SEQUENCE {
176 * algorithm AlgorithmIdentifier,
177 * subjectPublicKey BIT STRING }
178 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]179 *--c = 0;
180 len += 1;
181
182 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
183 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) );
184
185 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, buf, OID_PKCS1_RSA ) );
186
187 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
188 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
189
190 return( len );
191}
192
193int x509_write_key_der( unsigned char *buf, size_t size, rsa_context *rsa )
194{
195 int ret;
196 unsigned char *c;
197 size_t len = 0;
198
199 c = buf + size - 1;
200
201 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) );
202 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) );
203 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DP ) );
204 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->Q ) );
205 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->P ) );
206 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->D ) );
207 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
208 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
209 ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 0 ) );
210
211 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
212 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
213
214 // TODO: Make NON RSA Specific variant later on
215/* *--c = 0;
216 len += 1;
217
218 len += asn1_write_len( &c, len);
219 len += asn1_write_tag( &c, ASN1_BIT_STRING );
220
221 len += asn1_write_oid( &c, OID_PKCS1_RSA );
222
223 len += asn1_write_int( &c, 0 );
224
225 len += asn1_write_len( &c, len);
226 len += asn1_write_tag( &c, ASN1_CONSTRUCTED | ASN1_SEQUENCE );*/
227
228/* for(i = 0; i < len; ++i)
229 {
230 if (i % 16 == 0 ) printf("\n");
231 printf("%02x ", c[i]);
232 }
233 printf("\n");*/
234
235 return( len );
236}
237
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]238static int x509_write_name( unsigned char **p, unsigned char *start, char *oid,
239 char *name )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]240{
241 int ret;
242 size_t string_len = 0;
243 size_t oid_len = 0;
244 size_t len = 0;
245
Paul Bakker05888152012-02-16 10:26:57 +0000[diff] [blame]246 // Write PrintableString for all except OID_PKCS9_EMAIL
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]247 //
Paul Bakker05888152012-02-16 10:26:57 +0000[diff] [blame]248 if( OID_SIZE( OID_PKCS9_EMAIL ) == strlen( oid ) &&
249 memcmp( oid, OID_PKCS9_EMAIL, strlen( oid ) ) == 0 )
250 {
251 ASN1_CHK_ADD( string_len, asn1_write_ia5_string( p, start, name ) );
252 }
253 else
254 ASN1_CHK_ADD( string_len, asn1_write_printable_string( p, start, name ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]255
256 // Write OID
257 //
258 ASN1_CHK_ADD( oid_len, asn1_write_oid( p, start, oid ) );
259
260 len = oid_len + string_len;
261 ASN1_CHK_ADD( len, asn1_write_len( p, start, oid_len + string_len ) );
262 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
263
264 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
265 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SET ) );
266
267 return( len );
268}
269
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]270static int x509_write_sig( unsigned char **p, unsigned char *start,
271 const char *oid, unsigned char *sig, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]272{
273 int ret;
274 size_t len = 0;
275
276 if( *p - start < (int) size + 1 )
277 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
278
279 len = size;
280 (*p) -= len;
281 memcpy( *p, sig, len );
282
283 *--(*p) = 0;
284 len += 1;
285
286 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
287 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) );
288
289 // Write OID
290 //
291 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( p, start, oid ) );
292
293 return( len );
294}
295
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]296int x509_write_cert_req( x509_cert_req *ctx, unsigned char *buf,
297 size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]298{
299 int ret;
Paul Bakkerc70b9822013-04-07 22:00:46 +0200[diff] [blame]300 const char *sig_oid;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]301 unsigned char *c, *c2;
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]302 unsigned char hash[64];
303 unsigned char sig[POLARSSL_MPI_MAX_SIZE];
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]304 unsigned char tmp_buf[2048];
305 size_t sub_len = 0, pub_len = 0, sig_len = 0;
306 size_t len = 0;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]307 x509_req_name *cur = ctx->subject;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]308
309 c = tmp_buf + 2048 - 1;
310
311 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, 0 ) );
312 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) );
313
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]314 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->E ) );
315 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->N ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]316
317 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
318 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
319
320 if( c - tmp_buf < 1 )
321 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
322
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]323 /*
324 * AlgorithmIdentifier ::= SEQUENCE {
325 * algorithm OBJECT IDENTIFIER,
326 * parameters ANY DEFINED BY algorithm OPTIONAL }
327 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]328 *--c = 0;
329 pub_len += 1;
330
331 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
332 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_BIT_STRING ) );
333
334 ASN1_CHK_ADD( pub_len, asn1_write_algorithm_identifier( &c, tmp_buf, OID_PKCS1_RSA ) );
335
336 len += pub_len;
337 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, pub_len ) );
338 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
339
340 while( cur != NULL )
341 {
342 ASN1_CHK_ADD( sub_len, x509_write_name( &c, tmp_buf, cur->oid, cur->name ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]343
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]344 cur = cur->next;
345 }
346
347 len += sub_len;
348 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
349 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
350
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]351 /*
352 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
353 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]354 ASN1_CHK_ADD( len, asn1_write_int( &c, tmp_buf, 0 ) );
355
356 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
357 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]358
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]359 md( md_info_from_type( ctx->md_alg ), c, len, hash );
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]360
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]361 rsa_pkcs1_sign( ctx->rsa, NULL, NULL, RSA_PRIVATE, ctx->md_alg, 0, hash, sig );
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]362
363 // Generate correct OID
364 //
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]365 ret = oid_get_oid_by_sig_alg( POLARSSL_PK_RSA, ctx->md_alg, &sig_oid );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]366
367 c2 = buf + size - 1;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]368 ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig, ctx->rsa->len ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]369
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]370 c2 -= len;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]371 memcpy( c2, c, len );
372
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]373 len += sig_len;
374 ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) );
375 ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
376
377 return( len );
378}
379
380#endif