TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8eabfc14616e746fbf2c1bb87475668cc5572291 / . / library / x509write.c
blob: 213add6a097b1bbd794db2b227206d0ada3073a8 [file] [log] [blame]
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]1/*
2 * X509 buffer writing functionality
3 *
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#include "polarssl/config.h"
27
28#if defined(POLARSSL_X509_WRITE_C)
29
30#include "polarssl/asn1write.h"
31#include "polarssl/x509write.h"
32#include "polarssl/x509.h"
Paul Bakkerc70b9822013-04-07 22:00:46 +0200[diff] [blame]33#include "polarssl/md.h"
34#include "polarssl/oid.h"
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]35
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]36#if defined(POLARSSL_MEMORY_C)
37#include "polarssl/memory.h"
38#else
39#include <stdlib.h>
40#define polarssl_malloc malloc
41#define polarssl_free free
42#endif
43
44void x509cert_req_init( x509_cert_req *ctx )
45{
46 memset( ctx, 0, sizeof(x509_cert_req) );
47}
48
49void x509cert_req_free( x509_cert_req *ctx )
50{
51 x509_req_name *cur;
52
53 while( ( cur = ctx->subject ) != NULL )
54 {
55 ctx->subject = cur->next;
56 polarssl_free( cur );
57 }
58
59 memset( ctx, 0, sizeof(x509_cert_req) );
60}
61
62void x509cert_req_set_md_alg( x509_cert_req *ctx, md_type_t md_alg )
63{
64 ctx->md_alg = md_alg;
65}
66
67void x509cert_req_set_rsa_key( x509_cert_req *ctx, rsa_context *rsa )
68{
69 ctx->rsa = rsa;
70}
71
72int x509cert_req_set_subject_name( x509_cert_req *ctx, char *subject_name )
73{
74 int ret = 0;
75 char *s = subject_name, *c = s;
76 char *end = s + strlen( s );
77 char *oid = NULL;
78 int in_tag = 1;
79 x509_req_name *cur = ctx->subject;
80
81 while( ctx->subject )
82 {
83 cur = ctx->subject;
84 ctx->subject = ctx->subject->next;
85 polarssl_free( cur );
86 }
87
88 while( c <= end )
89 {
90 if( in_tag && *c == '=' )
91 {
92 if( memcmp( s, "CN", 2 ) == 0 && c - s == 2 )
93 oid = OID_AT_CN;
94 else if( memcmp( s, "C", 1 ) == 0 && c - s == 1 )
95 oid = OID_AT_COUNTRY;
96 else if( memcmp( s, "O", 1 ) == 0 && c - s == 1 )
97 oid = OID_AT_ORGANIZATION;
98 else if( memcmp( s, "L", 1 ) == 0 && c - s == 1 )
99 oid = OID_AT_LOCALITY;
100 else if( memcmp( s, "R", 1 ) == 0 && c - s == 1 )
101 oid = OID_PKCS9_EMAIL;
102 else if( memcmp( s, "OU", 2 ) == 0 && c - s == 2 )
103 oid = OID_AT_ORG_UNIT;
104 else if( memcmp( s, "ST", 2 ) == 0 && c - s == 2 )
105 oid = OID_AT_STATE;
106 else
107 {
108 ret = POLARSSL_ERR_X509_WRITE_UNKNOWN_OID;
109 goto exit;
110 }
111
112 s = c + 1;
113 in_tag = 0;
114 }
115
116 if( !in_tag && ( *c == ',' || c == end ) )
117 {
118 if( c - s > 127 )
119 {
120 ret = POLARSSL_ERR_X509_WRITE_BAD_INPUT_DATA;
121 goto exit;
122 }
123
124 if( cur == NULL )
125 {
126 ctx->subject = cur = polarssl_malloc( sizeof(x509_req_name) );
127 }
128 else
129 {
130 cur->next = polarssl_malloc( sizeof(x509_req_name) );
131 cur = cur->next;
132 }
133
134 if( cur == NULL )
135 {
136 ret = POLARSSL_ERR_X509_WRITE_MALLOC_FAILED;
137 goto exit;
138 }
139
140 memset( cur, 0, sizeof(x509_req_name) );
141
142 strncpy( cur->oid, oid, strlen( oid ) );
143 strncpy( cur->name, s, c - s );
144
145 s = c + 1;
146 in_tag = 1;
147 }
148 c++;
149 }
150
151exit:
152
153 return( ret );
154}
155
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]156int x509_write_pubkey_der( unsigned char *buf, size_t size, rsa_context *rsa )
157{
158 int ret;
159 unsigned char *c;
160 size_t len = 0;
161
162 c = buf + size - 1;
163
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]164 /*
165 * RSAPublicKey ::= SEQUENCE {
166 * modulus INTEGER, -- n
167 * publicExponent INTEGER -- e
168 * }
169 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]170 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
171 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
172
173 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
174 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
175
176 if( c - buf < 1 )
177 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
178
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]179 /*
180 * SubjectPublicKeyInfo ::= SEQUENCE {
181 * algorithm AlgorithmIdentifier,
182 * subjectPublicKey BIT STRING }
183 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]184 *--c = 0;
185 len += 1;
186
187 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
188 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) );
189
190 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, buf, OID_PKCS1_RSA ) );
191
192 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
193 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
194
195 return( len );
196}
197
198int x509_write_key_der( unsigned char *buf, size_t size, rsa_context *rsa )
199{
200 int ret;
201 unsigned char *c;
202 size_t len = 0;
203
204 c = buf + size - 1;
205
206 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) );
207 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) );
208 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DP ) );
209 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->Q ) );
210 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->P ) );
211 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->D ) );
212 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
213 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
214 ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 0 ) );
215
216 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
217 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
218
219 // TODO: Make NON RSA Specific variant later on
220/* *--c = 0;
221 len += 1;
222
223 len += asn1_write_len( &c, len);
224 len += asn1_write_tag( &c, ASN1_BIT_STRING );
225
226 len += asn1_write_oid( &c, OID_PKCS1_RSA );
227
228 len += asn1_write_int( &c, 0 );
229
230 len += asn1_write_len( &c, len);
231 len += asn1_write_tag( &c, ASN1_CONSTRUCTED | ASN1_SEQUENCE );*/
232
233/* for(i = 0; i < len; ++i)
234 {
235 if (i % 16 == 0 ) printf("\n");
236 printf("%02x ", c[i]);
237 }
238 printf("\n");*/
239
240 return( len );
241}
242
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]243static int x509_write_name( unsigned char **p, unsigned char *start, char *oid,
244 char *name )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]245{
246 int ret;
247 size_t string_len = 0;
248 size_t oid_len = 0;
249 size_t len = 0;
250
Paul Bakker05888152012-02-16 10:26:57 +0000[diff] [blame]251 // Write PrintableString for all except OID_PKCS9_EMAIL
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]252 //
Paul Bakker05888152012-02-16 10:26:57 +0000[diff] [blame]253 if( OID_SIZE( OID_PKCS9_EMAIL ) == strlen( oid ) &&
254 memcmp( oid, OID_PKCS9_EMAIL, strlen( oid ) ) == 0 )
255 {
256 ASN1_CHK_ADD( string_len, asn1_write_ia5_string( p, start, name ) );
257 }
258 else
259 ASN1_CHK_ADD( string_len, asn1_write_printable_string( p, start, name ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]260
261 // Write OID
262 //
263 ASN1_CHK_ADD( oid_len, asn1_write_oid( p, start, oid ) );
264
265 len = oid_len + string_len;
266 ASN1_CHK_ADD( len, asn1_write_len( p, start, oid_len + string_len ) );
267 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
268
269 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
270 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SET ) );
271
272 return( len );
273}
274
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]275static int x509_write_sig( unsigned char **p, unsigned char *start,
276 const char *oid, unsigned char *sig, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]277{
278 int ret;
279 size_t len = 0;
280
281 if( *p - start < (int) size + 1 )
282 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
283
284 len = size;
285 (*p) -= len;
286 memcpy( *p, sig, len );
287
288 *--(*p) = 0;
289 len += 1;
290
291 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
292 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) );
293
294 // Write OID
295 //
296 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( p, start, oid ) );
297
298 return( len );
299}
300
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]301int x509_write_cert_req( x509_cert_req *ctx, unsigned char *buf,
302 size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]303{
304 int ret;
Paul Bakkerc70b9822013-04-07 22:00:46 +0200[diff] [blame]305 const char *sig_oid;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]306 unsigned char *c, *c2;
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]307 unsigned char hash[64];
308 unsigned char sig[POLARSSL_MPI_MAX_SIZE];
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]309 unsigned char tmp_buf[2048];
310 size_t sub_len = 0, pub_len = 0, sig_len = 0;
311 size_t len = 0;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]312 x509_req_name *cur = ctx->subject;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]313
314 c = tmp_buf + 2048 - 1;
315
316 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, 0 ) );
317 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) );
318
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]319 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->E ) );
320 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->N ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]321
322 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
323 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
324
325 if( c - tmp_buf < 1 )
326 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
327
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]328 /*
329 * AlgorithmIdentifier ::= SEQUENCE {
330 * algorithm OBJECT IDENTIFIER,
331 * parameters ANY DEFINED BY algorithm OPTIONAL }
332 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]333 *--c = 0;
334 pub_len += 1;
335
336 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
337 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_BIT_STRING ) );
338
339 ASN1_CHK_ADD( pub_len, asn1_write_algorithm_identifier( &c, tmp_buf, OID_PKCS1_RSA ) );
340
341 len += pub_len;
342 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, pub_len ) );
343 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
344
345 while( cur != NULL )
346 {
347 ASN1_CHK_ADD( sub_len, x509_write_name( &c, tmp_buf, cur->oid, cur->name ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]348
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]349 cur = cur->next;
350 }
351
352 len += sub_len;
353 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
354 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
355
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]356 /*
357 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
358 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]359 ASN1_CHK_ADD( len, asn1_write_int( &c, tmp_buf, 0 ) );
360
361 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
362 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]363
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]364 md( md_info_from_type( ctx->md_alg ), c, len, hash );
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]365
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]366 rsa_pkcs1_sign( ctx->rsa, NULL, NULL, RSA_PRIVATE, ctx->md_alg, 0, hash, sig );
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]367
368 // Generate correct OID
369 //
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]370 ret = oid_get_oid_by_sig_alg( POLARSSL_PK_RSA, ctx->md_alg, &sig_oid );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]371
372 c2 = buf + size - 1;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame^]373 ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig, ctx->rsa->len ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]374
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]375 c2 -= len;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]376 memcpy( c2, c, len );
377
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]378 len += sig_len;
379 ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) );
380 ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
381
382 return( len );
383}
384
385#endif