TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 82e2945ed2aa42867fb883ed7274f894c3a746d9 / . / library / x509write.c
blob: 0e6e4bf6a69be28d0ed7fb7a7b12e3fcfba214b7 [file] [log] [blame]
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]1/*
2 * X509 buffer writing functionality
3 *
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#include "polarssl/config.h"
27
28#if defined(POLARSSL_X509_WRITE_C)
29
30#include "polarssl/asn1write.h"
31#include "polarssl/x509write.h"
32#include "polarssl/x509.h"
Paul Bakkerc70b9822013-04-07 22:00:46 +0200[diff] [blame]33#include "polarssl/md.h"
34#include "polarssl/oid.h"
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]35
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]36#if defined(POLARSSL_MEMORY_C)
37#include "polarssl/memory.h"
38#else
39#include <stdlib.h>
40#define polarssl_malloc malloc
41#define polarssl_free free
42#endif
43
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame^]44void x509write_csr_init( x509_csr *ctx )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]45{
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame^]46 memset( ctx, 0, sizeof(x509_csr) );
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]47}
48
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame^]49void x509write_csr_free( x509_csr *ctx )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]50{
51 x509_req_name *cur;
52
53 while( ( cur = ctx->subject ) != NULL )
54 {
55 ctx->subject = cur->next;
56 polarssl_free( cur );
57 }
58
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame^]59 memset( ctx, 0, sizeof(x509_csr) );
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]60}
61
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame^]62void x509write_csr_set_md_alg( x509_csr *ctx, md_type_t md_alg )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]63{
64 ctx->md_alg = md_alg;
65}
66
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame^]67void x509write_csr_set_rsa_key( x509_csr *ctx, rsa_context *rsa )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]68{
69 ctx->rsa = rsa;
70}
71
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame^]72int x509write_csr_set_subject_name( x509_csr *ctx, char *subject_name )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]73{
74 int ret = 0;
75 char *s = subject_name, *c = s;
76 char *end = s + strlen( s );
77 char *oid = NULL;
78 int in_tag = 1;
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]79 x509_req_name *cur;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]80
81 while( ctx->subject )
82 {
83 cur = ctx->subject;
84 ctx->subject = ctx->subject->next;
85 polarssl_free( cur );
86 }
87
88 while( c <= end )
89 {
90 if( in_tag && *c == '=' )
91 {
92 if( memcmp( s, "CN", 2 ) == 0 && c - s == 2 )
93 oid = OID_AT_CN;
94 else if( memcmp( s, "C", 1 ) == 0 && c - s == 1 )
95 oid = OID_AT_COUNTRY;
96 else if( memcmp( s, "O", 1 ) == 0 && c - s == 1 )
97 oid = OID_AT_ORGANIZATION;
98 else if( memcmp( s, "L", 1 ) == 0 && c - s == 1 )
99 oid = OID_AT_LOCALITY;
100 else if( memcmp( s, "R", 1 ) == 0 && c - s == 1 )
101 oid = OID_PKCS9_EMAIL;
102 else if( memcmp( s, "OU", 2 ) == 0 && c - s == 2 )
103 oid = OID_AT_ORG_UNIT;
104 else if( memcmp( s, "ST", 2 ) == 0 && c - s == 2 )
105 oid = OID_AT_STATE;
106 else
107 {
108 ret = POLARSSL_ERR_X509_WRITE_UNKNOWN_OID;
109 goto exit;
110 }
111
112 s = c + 1;
113 in_tag = 0;
114 }
115
116 if( !in_tag && ( *c == ',' || c == end ) )
117 {
118 if( c - s > 127 )
119 {
120 ret = POLARSSL_ERR_X509_WRITE_BAD_INPUT_DATA;
121 goto exit;
122 }
123
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]124 cur = polarssl_malloc( sizeof(x509_req_name) );
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]125
126 if( cur == NULL )
127 {
128 ret = POLARSSL_ERR_X509_WRITE_MALLOC_FAILED;
129 goto exit;
130 }
131
132 memset( cur, 0, sizeof(x509_req_name) );
133
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]134 cur->next = ctx->subject;
135 ctx->subject = cur;
136
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]137 strncpy( cur->oid, oid, strlen( oid ) );
138 strncpy( cur->name, s, c - s );
139
140 s = c + 1;
141 in_tag = 1;
142 }
143 c++;
144 }
145
146exit:
147
148 return( ret );
149}
150
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame^]151int x509write_pubkey_der( rsa_context *rsa, unsigned char *buf, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]152{
153 int ret;
154 unsigned char *c;
155 size_t len = 0;
156
157 c = buf + size - 1;
158
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]159 /*
160 * RSAPublicKey ::= SEQUENCE {
161 * modulus INTEGER, -- n
162 * publicExponent INTEGER -- e
163 * }
164 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]165 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
166 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
167
168 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
169 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
170
171 if( c - buf < 1 )
172 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
173
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]174 /*
175 * SubjectPublicKeyInfo ::= SEQUENCE {
176 * algorithm AlgorithmIdentifier,
177 * subjectPublicKey BIT STRING }
178 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]179 *--c = 0;
180 len += 1;
181
182 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
183 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) );
184
185 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, buf, OID_PKCS1_RSA ) );
186
187 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
188 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
189
190 return( len );
191}
192
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame^]193int x509write_key_der( rsa_context *rsa, unsigned char *buf, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]194{
195 int ret;
196 unsigned char *c;
197 size_t len = 0;
198
199 c = buf + size - 1;
200
201 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) );
202 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) );
203 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DP ) );
204 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->Q ) );
205 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->P ) );
206 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->D ) );
207 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
208 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
209 ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 0 ) );
210
211 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
212 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
213
214 // TODO: Make NON RSA Specific variant later on
215/* *--c = 0;
216 len += 1;
217
218 len += asn1_write_len( &c, len);
219 len += asn1_write_tag( &c, ASN1_BIT_STRING );
220
221 len += asn1_write_oid( &c, OID_PKCS1_RSA );
222
223 len += asn1_write_int( &c, 0 );
224
225 len += asn1_write_len( &c, len);
226 len += asn1_write_tag( &c, ASN1_CONSTRUCTED | ASN1_SEQUENCE );*/
227
228/* for(i = 0; i < len; ++i)
229 {
230 if (i % 16 == 0 ) printf("\n");
231 printf("%02x ", c[i]);
232 }
233 printf("\n");*/
234
235 return( len );
236}
237
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]238static int x509_write_name( unsigned char **p, unsigned char *start, char *oid,
239 char *name )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]240{
241 int ret;
242 size_t string_len = 0;
243 size_t oid_len = 0;
244 size_t len = 0;
245
Paul Bakker05888152012-02-16 10:26:57 +0000[diff] [blame]246 // Write PrintableString for all except OID_PKCS9_EMAIL
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]247 //
Paul Bakker05888152012-02-16 10:26:57 +0000[diff] [blame]248 if( OID_SIZE( OID_PKCS9_EMAIL ) == strlen( oid ) &&
249 memcmp( oid, OID_PKCS9_EMAIL, strlen( oid ) ) == 0 )
250 {
251 ASN1_CHK_ADD( string_len, asn1_write_ia5_string( p, start, name ) );
252 }
253 else
254 ASN1_CHK_ADD( string_len, asn1_write_printable_string( p, start, name ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]255
256 // Write OID
257 //
258 ASN1_CHK_ADD( oid_len, asn1_write_oid( p, start, oid ) );
259
260 len = oid_len + string_len;
261 ASN1_CHK_ADD( len, asn1_write_len( p, start, oid_len + string_len ) );
262 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
263
264 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
265 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SET ) );
266
267 return( len );
268}
269
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]270static int x509_write_sig( unsigned char **p, unsigned char *start,
271 const char *oid, unsigned char *sig, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]272{
273 int ret;
274 size_t len = 0;
275
276 if( *p - start < (int) size + 1 )
277 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
278
279 len = size;
280 (*p) -= len;
281 memcpy( *p, sig, len );
282
283 *--(*p) = 0;
284 len += 1;
285
286 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
287 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) );
288
289 // Write OID
290 //
291 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( p, start, oid ) );
292
293 return( len );
294}
295
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame^]296int x509write_csr_der( x509_csr *ctx, unsigned char *buf, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]297{
298 int ret;
Paul Bakkerc70b9822013-04-07 22:00:46 +0200[diff] [blame]299 const char *sig_oid;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]300 unsigned char *c, *c2;
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]301 unsigned char hash[64];
302 unsigned char sig[POLARSSL_MPI_MAX_SIZE];
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]303 unsigned char tmp_buf[2048];
304 size_t sub_len = 0, pub_len = 0, sig_len = 0;
305 size_t len = 0;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]306 x509_req_name *cur = ctx->subject;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]307
308 c = tmp_buf + 2048 - 1;
309
310 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, 0 ) );
311 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) );
312
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]313 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->E ) );
314 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->N ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]315
316 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
317 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
318
319 if( c - tmp_buf < 1 )
320 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
321
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]322 /*
323 * AlgorithmIdentifier ::= SEQUENCE {
324 * algorithm OBJECT IDENTIFIER,
325 * parameters ANY DEFINED BY algorithm OPTIONAL }
326 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]327 *--c = 0;
328 pub_len += 1;
329
330 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
331 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_BIT_STRING ) );
332
333 ASN1_CHK_ADD( pub_len, asn1_write_algorithm_identifier( &c, tmp_buf, OID_PKCS1_RSA ) );
334
335 len += pub_len;
336 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, pub_len ) );
337 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
338
339 while( cur != NULL )
340 {
341 ASN1_CHK_ADD( sub_len, x509_write_name( &c, tmp_buf, cur->oid, cur->name ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]342
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]343 cur = cur->next;
344 }
345
346 len += sub_len;
347 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
348 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
349
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]350 /*
351 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
352 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]353 ASN1_CHK_ADD( len, asn1_write_int( &c, tmp_buf, 0 ) );
354
355 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
356 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]357
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]358 md( md_info_from_type( ctx->md_alg ), c, len, hash );
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]359
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]360 rsa_pkcs1_sign( ctx->rsa, NULL, NULL, RSA_PRIVATE, ctx->md_alg, 0, hash, sig );
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]361
362 // Generate correct OID
363 //
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]364 ret = oid_get_oid_by_sig_alg( POLARSSL_PK_RSA, ctx->md_alg, &sig_oid );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]365
366 c2 = buf + size - 1;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]367 ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig, ctx->rsa->len ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]368
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]369 c2 -= len;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]370 memcpy( c2, c, len );
371
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]372 len += sig_len;
373 ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) );
374 ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
375
376 return( len );
377}
378
379#endif