TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 9c208aabc83262515aa4c9a529e09969907f912d / . / library / x509write.c
blob: d025abb05fe2953e715252e6e54d627347d911d9 [file] [log] [blame]
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]1/*
2 * X509 buffer writing functionality
3 *
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]4 * Copyright (C) 2006-2013, Brainspark B.V.
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26#include "polarssl/config.h"
27
28#if defined(POLARSSL_X509_WRITE_C)
29
30#include "polarssl/asn1write.h"
31#include "polarssl/x509write.h"
32#include "polarssl/x509.h"
Paul Bakkerc70b9822013-04-07 22:00:46 +0200[diff] [blame]33#include "polarssl/md.h"
34#include "polarssl/oid.h"
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]35
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]36#include "polarssl/sha1.h"
37
Paul Bakker135f1e92013-08-26 16:54:13 +0200[diff] [blame]38#if defined(POLARSSL_BASE64_C)
39#include "polarssl/base64.h"
40#endif
41
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]42#if defined(POLARSSL_MEMORY_C)
43#include "polarssl/memory.h"
44#else
45#include <stdlib.h>
46#define polarssl_malloc malloc
47#define polarssl_free free
48#endif
49
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]50static int x509write_string_to_names( x509_req_name **head, char *name )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]51{
52 int ret = 0;
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]53 char *s = name, *c = s;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]54 char *end = s + strlen( s );
55 char *oid = NULL;
56 int in_tag = 1;
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]57 x509_req_name *cur;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]58
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]59 while( *head != NULL )
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]60 {
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]61 cur = *head;
62 *head = cur->next;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]63 polarssl_free( cur );
64 }
65
66 while( c <= end )
67 {
68 if( in_tag && *c == '=' )
69 {
70 if( memcmp( s, "CN", 2 ) == 0 && c - s == 2 )
71 oid = OID_AT_CN;
72 else if( memcmp( s, "C", 1 ) == 0 && c - s == 1 )
73 oid = OID_AT_COUNTRY;
74 else if( memcmp( s, "O", 1 ) == 0 && c - s == 1 )
75 oid = OID_AT_ORGANIZATION;
76 else if( memcmp( s, "L", 1 ) == 0 && c - s == 1 )
77 oid = OID_AT_LOCALITY;
78 else if( memcmp( s, "R", 1 ) == 0 && c - s == 1 )
79 oid = OID_PKCS9_EMAIL;
80 else if( memcmp( s, "OU", 2 ) == 0 && c - s == 2 )
81 oid = OID_AT_ORG_UNIT;
82 else if( memcmp( s, "ST", 2 ) == 0 && c - s == 2 )
83 oid = OID_AT_STATE;
84 else
85 {
Paul Bakker0e06c0f2013-08-25 11:21:30 +0200[diff] [blame]86 ret = POLARSSL_ERR_X509WRITE_UNKNOWN_OID;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]87 goto exit;
88 }
89
90 s = c + 1;
91 in_tag = 0;
92 }
93
94 if( !in_tag && ( *c == ',' || c == end ) )
95 {
96 if( c - s > 127 )
97 {
Paul Bakker0e06c0f2013-08-25 11:21:30 +0200[diff] [blame]98 ret = POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]99 goto exit;
100 }
101
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]102 cur = polarssl_malloc( sizeof(x509_req_name) );
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]103
104 if( cur == NULL )
105 {
Paul Bakker0e06c0f2013-08-25 11:21:30 +0200[diff] [blame]106 ret = POLARSSL_ERR_X509WRITE_MALLOC_FAILED;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]107 goto exit;
108 }
109
110 memset( cur, 0, sizeof(x509_req_name) );
111
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]112 cur->next = *head;
113 *head = cur;
Paul Bakker21307962013-08-25 10:33:27 +0200[diff] [blame]114
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]115 strncpy( cur->oid, oid, strlen( oid ) );
116 strncpy( cur->name, s, c - s );
117
118 s = c + 1;
119 in_tag = 1;
120 }
121 c++;
122 }
123
124exit:
125
126 return( ret );
127}
128
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]129/*
130 * RSAPublicKey ::= SEQUENCE {
131 * modulus INTEGER, -- n
132 * publicExponent INTEGER -- e
133 * }
134 */
135static int x509_write_rsa_pubkey( unsigned char **p, unsigned char *start,
136 rsa_context *rsa )
137{
138 int ret;
139 size_t len = 0;
140
141 ASN1_CHK_ADD( len, asn1_write_mpi( p, start, &rsa->E ) );
142 ASN1_CHK_ADD( len, asn1_write_mpi( p, start, &rsa->N ) );
143
144 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
145 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
146
147 return( len );
148}
149
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]150void x509write_csr_init( x509_csr *ctx )
151{
152 memset( ctx, 0, sizeof(x509_csr) );
153}
154
155void x509write_csr_free( x509_csr *ctx )
156{
157 x509_req_name *cur;
158 asn1_named_data *cur_ext;
159
160 while( ( cur = ctx->subject ) != NULL )
161 {
162 ctx->subject = cur->next;
163 polarssl_free( cur );
164 }
165
166 while( ( cur_ext = ctx->extensions ) != NULL )
167 {
168 ctx->extensions = cur_ext->next;
169 asn1_free_named_data( cur_ext );
170 polarssl_free( cur_ext );
171 }
172
173 memset( ctx, 0, sizeof(x509_csr) );
174}
175
176void x509write_csr_set_md_alg( x509_csr *ctx, md_type_t md_alg )
177{
178 ctx->md_alg = md_alg;
179}
180
181void x509write_csr_set_rsa_key( x509_csr *ctx, rsa_context *rsa )
182{
183 ctx->rsa = rsa;
184}
185
186int x509write_csr_set_subject_name( x509_csr *ctx, char *subject_name )
187{
188 return x509write_string_to_names( &ctx->subject, subject_name );
189}
190
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]191/* The first byte of the value in the asn1_named_data structure is reserved
192 * to store the critical boolean for us
193 */
194static int x509_set_extension( asn1_named_data **head,
195 const char *oid, size_t oid_len,
196 int critical,
197 const unsigned char *val, size_t val_len )
Paul Bakkerfde42702013-08-25 14:47:27 +0200[diff] [blame]198{
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]199 asn1_named_data *cur;
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]200
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]201 if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]202 {
203 cur = polarssl_malloc( sizeof(asn1_named_data) );
204 if( cur == NULL )
205 return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
206
207 memset( cur, 0, sizeof(asn1_named_data) );
208
Paul Bakker1c0e5502013-08-26 13:41:01 +0200[diff] [blame]209 cur->oid.len = oid_len;
210 cur->oid.p = polarssl_malloc( oid_len );
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]211 if( cur->oid.p == NULL )
212 {
Paul Bakker1c0e5502013-08-26 13:41:01 +0200[diff] [blame]213 polarssl_free( cur );
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]214 return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
215 }
216
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]217 cur->val.len = val_len + 1;
218 cur->val.p = polarssl_malloc( val_len + 1 );
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]219 if( cur->val.p == NULL )
220 {
Paul Bakker1c0e5502013-08-26 13:41:01 +0200[diff] [blame]221 polarssl_free( cur->oid.p );
222 polarssl_free( cur );
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]223 return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
224 }
225
Paul Bakker1c0e5502013-08-26 13:41:01 +0200[diff] [blame]226 memcpy( cur->oid.p, oid, oid_len );
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]227
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]228 cur->next = *head;
229 *head = cur;
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]230 }
231
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]232 if( cur->val.len != val_len + 1 )
Paul Bakker1c0e5502013-08-26 13:41:01 +0200[diff] [blame]233 {
234 polarssl_free( cur->val.p );
235
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]236 cur->val.len = val_len + 1;
237 cur->val.p = polarssl_malloc( val_len + 1);
Paul Bakker1c0e5502013-08-26 13:41:01 +0200[diff] [blame]238 if( cur->val.p == NULL )
239 {
240 polarssl_free( cur->oid.p );
241 polarssl_free( cur );
242 return( POLARSSL_ERR_X509WRITE_MALLOC_FAILED );
243 }
244 }
245
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]246 cur->val.p[0] = critical;
247 memcpy( cur->val.p + 1, val, val_len );
Paul Bakker1c0e5502013-08-26 13:41:01 +0200[diff] [blame]248
249 return( 0 );
250}
251
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]252int x509write_csr_set_extension( x509_csr *ctx,
253 const char *oid, size_t oid_len,
254 const unsigned char *val, size_t val_len )
255{
256 return x509_set_extension( &ctx->extensions, oid, oid_len,
257 0, val, val_len );
258}
259
Paul Bakker1c0e5502013-08-26 13:41:01 +0200[diff] [blame]260int x509write_csr_set_key_usage( x509_csr *ctx, unsigned char key_usage )
261{
262 unsigned char buf[4];
263 unsigned char *c;
264 int ret;
265
266 c = buf + 4;
267
Paul Bakker624d03a2013-08-26 14:12:57 +0200[diff] [blame]268 if( ( ret = asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
Paul Bakker1c0e5502013-08-26 13:41:01 +0200[diff] [blame]269 return( ret );
270
271 ret = x509write_csr_set_extension( ctx, OID_KEY_USAGE,
272 OID_SIZE( OID_KEY_USAGE ),
273 buf, 4 );
274 if( ret != 0 )
275 return( ret );
276
277 return( 0 );
278}
279
280int x509write_csr_set_ns_cert_type( x509_csr *ctx, unsigned char ns_cert_type )
281{
282 unsigned char buf[4];
283 unsigned char *c;
284 int ret;
285
286 c = buf + 4;
287
288 if( ( ret = asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
289 return( ret );
290
291 ret = x509write_csr_set_extension( ctx, OID_NS_CERT_TYPE,
292 OID_SIZE( OID_NS_CERT_TYPE ),
293 buf, 4 );
294 if( ret != 0 )
295 return( ret );
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]296
297 return( 0 );
Paul Bakkerfde42702013-08-25 14:47:27 +0200[diff] [blame]298}
299
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]300void x509write_crt_init( x509write_cert *ctx )
301{
302 memset( ctx, 0, sizeof(x509write_cert) );
303
304 mpi_init( &ctx->serial );
305 ctx->version = X509_CRT_VERSION_3;
306}
307
308void x509write_crt_free( x509write_cert *ctx )
309{
310 x509_req_name *cur;
311 asn1_named_data *cur_ext;
312
313 mpi_free( &ctx->serial );
314
315 while( ( cur = ctx->subject ) != NULL )
316 {
317 ctx->subject = cur->next;
318 polarssl_free( cur );
319 }
320
321 while( ( cur = ctx->issuer ) != NULL )
322 {
323 ctx->issuer = cur->next;
324 polarssl_free( cur );
325 }
326
327 while( ( cur_ext = ctx->extensions ) != NULL )
328 {
329 ctx->extensions = cur_ext->next;
330 asn1_free_named_data( cur_ext );
331 polarssl_free( cur_ext );
332 }
333
334 memset( ctx, 0, sizeof(x509_csr) );
335}
336
337void x509write_crt_set_md_alg( x509write_cert *ctx, md_type_t md_alg )
338{
339 ctx->md_alg = md_alg;
340}
341
342void x509write_crt_set_subject_key( x509write_cert *ctx, rsa_context *rsa )
343{
344 ctx->subject_key = rsa;
345}
346
347void x509write_crt_set_issuer_key( x509write_cert *ctx, rsa_context *rsa )
348{
349 ctx->issuer_key = rsa;
350}
351
352int x509write_crt_set_subject_name( x509write_cert *ctx, char *subject_name )
353{
354 return x509write_string_to_names( &ctx->subject, subject_name );
355}
356
357int x509write_crt_set_issuer_name( x509write_cert *ctx, char *issuer_name )
358{
359 return x509write_string_to_names( &ctx->issuer, issuer_name );
360}
361
362int x509write_crt_set_serial( x509write_cert *ctx, const mpi *serial )
363{
364 int ret;
365
366 if( ( ret = mpi_copy( &ctx->serial, serial ) ) != 0 )
367 return( ret );
368
369 return( 0 );
370}
371
372int x509write_crt_set_validity( x509write_cert *ctx, char *not_before,
373 char *not_after )
374{
375 if( strlen(not_before) != X509_RFC5280_UTC_TIME_LEN - 1 ||
376 strlen(not_after) != X509_RFC5280_UTC_TIME_LEN - 1 )
377 {
378 return( POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA );
379 }
380 strncpy( ctx->not_before, not_before, X509_RFC5280_UTC_TIME_LEN );
381 strncpy( ctx->not_after , not_after , X509_RFC5280_UTC_TIME_LEN );
382 ctx->not_before[X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
383 ctx->not_after[X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
384
385 return( 0 );
386}
387
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]388int x509write_crt_set_extension( x509write_cert *ctx,
389 const char *oid, size_t oid_len,
390 int critical,
391 const unsigned char *val, size_t val_len )
392{
393 return x509_set_extension( &ctx->extensions, oid, oid_len,
394 critical, val, val_len );
395}
396
397int x509write_crt_set_basic_constraints( x509write_cert *ctx,
398 int is_ca, int max_pathlen )
399{
400 int ret;
401 unsigned char buf[9];
402 unsigned char *c = buf + sizeof(buf);
403 size_t len = 0;
404
405 memset( buf, 0, sizeof(buf) );
406
407 if( is_ca && max_pathlen > 127 )
408 return( POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA );
409
410 if( is_ca )
411 {
412 if( max_pathlen >= 0 )
413 {
414 ASN1_CHK_ADD( len, asn1_write_int( &c, buf, max_pathlen ) );
415 }
416 ASN1_CHK_ADD( len, asn1_write_bool( &c, buf, 1 ) );
417 }
418
419 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
420 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
421
422 return x509write_crt_set_extension( ctx, OID_BASIC_CONSTRAINTS,
423 OID_SIZE( OID_BASIC_CONSTRAINTS ),
424 0, buf + sizeof(buf) - len, len );
425}
426
427int x509write_crt_set_subject_key_identifier( x509write_cert *ctx )
428{
429 int ret;
430 unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
431 unsigned char *c = buf + sizeof(buf);
432 size_t len = 0;
433
434 memset( buf, 0, sizeof(buf));
435 ASN1_CHK_ADD( len, x509_write_rsa_pubkey( &c, buf, ctx->subject_key ) );
436
437 sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
438 c = buf + sizeof(buf) - 20;
439 len = 20;
440
441 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
442 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_OCTET_STRING ) );
443
444 return x509write_crt_set_extension( ctx, OID_SUBJECT_KEY_IDENTIFIER,
445 OID_SIZE( OID_SUBJECT_KEY_IDENTIFIER ),
446 0, buf + sizeof(buf) - len, len );
447}
448
449int x509write_crt_set_authority_key_identifier( x509write_cert *ctx )
450{
451 int ret;
452 unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
453 unsigned char *c = buf + sizeof(buf);
454 size_t len = 0;
455
456 memset( buf, 0, sizeof(buf));
457 ASN1_CHK_ADD( len, x509_write_rsa_pubkey( &c, buf, ctx->issuer_key ) );
458
459 sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
460 c = buf + sizeof(buf) - 20;
461 len = 20;
462
463 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
464 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONTEXT_SPECIFIC | 0 ) );
465
466 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
467 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
468
469 return x509write_crt_set_extension( ctx, OID_AUTHORITY_KEY_IDENTIFIER,
470 OID_SIZE( OID_AUTHORITY_KEY_IDENTIFIER ),
471 0, buf + sizeof(buf) - len, len );
472}
473
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]474int x509write_pubkey_der( rsa_context *rsa, unsigned char *buf, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]475{
476 int ret;
477 unsigned char *c;
478 size_t len = 0;
479
480 c = buf + size - 1;
481
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]482 ASN1_CHK_ADD( len, x509_write_rsa_pubkey( &c, buf, rsa ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]483
484 if( c - buf < 1 )
485 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
486
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]487 /*
488 * SubjectPublicKeyInfo ::= SEQUENCE {
489 * algorithm AlgorithmIdentifier,
490 * subjectPublicKey BIT STRING }
491 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]492 *--c = 0;
493 len += 1;
494
495 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
496 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) );
497
498 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, buf, OID_PKCS1_RSA ) );
499
500 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
501 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
502
503 return( len );
504}
505
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]506int x509write_key_der( rsa_context *rsa, unsigned char *buf, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]507{
508 int ret;
509 unsigned char *c;
510 size_t len = 0;
511
512 c = buf + size - 1;
513
514 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) );
515 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) );
516 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DP ) );
517 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->Q ) );
518 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->P ) );
519 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->D ) );
520 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) );
521 ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) );
522 ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 0 ) );
523
524 ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
525 ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
526
527 // TODO: Make NON RSA Specific variant later on
528/* *--c = 0;
529 len += 1;
530
531 len += asn1_write_len( &c, len);
532 len += asn1_write_tag( &c, ASN1_BIT_STRING );
533
534 len += asn1_write_oid( &c, OID_PKCS1_RSA );
535
536 len += asn1_write_int( &c, 0 );
537
538 len += asn1_write_len( &c, len);
539 len += asn1_write_tag( &c, ASN1_CONSTRUCTED | ASN1_SEQUENCE );*/
540
541/* for(i = 0; i < len; ++i)
542 {
543 if (i % 16 == 0 ) printf("\n");
544 printf("%02x ", c[i]);
545 }
546 printf("\n");*/
547
548 return( len );
549}
550
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]551/*
552 * RelativeDistinguishedName ::=
553 * SET OF AttributeTypeAndValue
554 *
555 * AttributeTypeAndValue ::= SEQUENCE {
556 * type AttributeType,
557 * value AttributeValue }
558 *
559 * AttributeType ::= OBJECT IDENTIFIER
560 *
561 * AttributeValue ::= ANY DEFINED BY AttributeType
562 */
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]563static int x509_write_name( unsigned char **p, unsigned char *start, char *oid,
564 char *name )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]565{
566 int ret;
567 size_t string_len = 0;
568 size_t oid_len = 0;
569 size_t len = 0;
570
Paul Bakker05888152012-02-16 10:26:57 +0000[diff] [blame]571 // Write PrintableString for all except OID_PKCS9_EMAIL
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]572 //
Paul Bakker05888152012-02-16 10:26:57 +0000[diff] [blame]573 if( OID_SIZE( OID_PKCS9_EMAIL ) == strlen( oid ) &&
574 memcmp( oid, OID_PKCS9_EMAIL, strlen( oid ) ) == 0 )
575 {
576 ASN1_CHK_ADD( string_len, asn1_write_ia5_string( p, start, name ) );
577 }
578 else
579 ASN1_CHK_ADD( string_len, asn1_write_printable_string( p, start, name ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]580
581 // Write OID
582 //
583 ASN1_CHK_ADD( oid_len, asn1_write_oid( p, start, oid ) );
584
585 len = oid_len + string_len;
586 ASN1_CHK_ADD( len, asn1_write_len( p, start, oid_len + string_len ) );
587 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
588
589 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
590 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SET ) );
591
592 return( len );
593}
594
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]595static int x509_write_names( unsigned char **p, unsigned char *start,
596 x509_req_name *first )
597{
598 int ret;
599 size_t len = 0;
600 x509_req_name *cur = first;
601
602 while( cur != NULL )
603 {
604 ASN1_CHK_ADD( len, x509_write_name( p, start, cur->oid, cur->name ) );
605 cur = cur->next;
606 }
607
608 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
609 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
610
611 return( len );
612}
613
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]614static int x509_write_sig( unsigned char **p, unsigned char *start,
615 const char *oid, unsigned char *sig, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]616{
617 int ret;
618 size_t len = 0;
619
620 if( *p - start < (int) size + 1 )
621 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
622
623 len = size;
624 (*p) -= len;
625 memcpy( *p, sig, len );
626
627 *--(*p) = 0;
628 len += 1;
629
630 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
631 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) );
632
633 // Write OID
634 //
635 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( p, start, oid ) );
636
637 return( len );
638}
639
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]640static int x509_write_time( unsigned char **p, unsigned char *start,
641 const char *time, size_t size )
642{
643 int ret;
644 size_t len = 0;
645
Paul Bakker9c208aa2013-09-08 15:44:31 +0200[diff] [blame^]646 /*
647 * write ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
648 */
649 if( time[0] == '2' && time[1] == '0' && time [2] < '5' )
650 {
651 ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start,
652 (const unsigned char *) time + 2,
653 size - 2 ) );
654 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
655 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_UTC_TIME ) );
656 }
657 else
658 {
659 ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start,
660 (const unsigned char *) time,
661 size ) );
662 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
663 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_GENERALIZED_TIME ) );
664 }
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]665
666 return( len );
667}
668
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]669static int x509_write_extension( unsigned char **p, unsigned char *start,
670 asn1_named_data *ext )
671{
672 int ret;
673 size_t len = 0;
674
675 ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, ext->val.p + 1,
676 ext->val.len - 1 ) );
677 ASN1_CHK_ADD( len, asn1_write_len( p, start, ext->val.len - 1 ) );
678 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_OCTET_STRING ) );
679
680 if( ext->val.p[0] != 0 )
681 {
682 ASN1_CHK_ADD( len, asn1_write_bool( p, start, 1 ) );
683 }
684
685 ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, ext->oid.p,
686 ext->oid.len ) );
687 ASN1_CHK_ADD( len, asn1_write_len( p, start, ext->oid.len ) );
688 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_OID ) );
689
690 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
691 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
692
693 return( len );
694}
695
696/*
697 * Extension ::= SEQUENCE {
698 * extnID OBJECT IDENTIFIER,
699 * critical BOOLEAN DEFAULT FALSE,
700 * extnValue OCTET STRING
701 * -- contains the DER encoding of an ASN.1 value
702 * -- corresponding to the extension type identified
703 * -- by extnID
704 * }
705 */
706static int x509_write_extensions( unsigned char **p, unsigned char *start,
707 asn1_named_data *first )
708{
709 int ret;
710 size_t len = 0;
711 asn1_named_data *cur_ext = first;
712
713 while( cur_ext != NULL )
714 {
715 ASN1_CHK_ADD( len, x509_write_extension( p, start, cur_ext ) );
716 cur_ext = cur_ext->next;
717 }
718
719 return( len );
720}
721
Paul Bakker82e29452013-08-25 11:01:31 +0200[diff] [blame]722int x509write_csr_der( x509_csr *ctx, unsigned char *buf, size_t size )
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]723{
724 int ret;
Paul Bakkerc70b9822013-04-07 22:00:46 +0200[diff] [blame]725 const char *sig_oid;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]726 unsigned char *c, *c2;
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]727 unsigned char hash[64];
728 unsigned char sig[POLARSSL_MPI_MAX_SIZE];
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]729 unsigned char tmp_buf[2048];
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]730 size_t pub_len = 0, sig_len = 0;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]731 size_t len = 0;
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]732
733 c = tmp_buf + 2048 - 1;
734
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]735 ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
Paul Bakkerfde42702013-08-25 14:47:27 +0200[diff] [blame]736
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]737 if( len )
Paul Bakkerfde42702013-08-25 14:47:27 +0200[diff] [blame]738 {
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]739 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
740 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
Paul Bakkerfde42702013-08-25 14:47:27 +0200[diff] [blame]741
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]742 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
743 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SET ) );
Paul Bakkerfde42702013-08-25 14:47:27 +0200[diff] [blame]744
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]745 ASN1_CHK_ADD( len, asn1_write_oid( &c, tmp_buf, OID_PKCS9_CSR_EXT_REQ ) );
Paul Bakkerfde42702013-08-25 14:47:27 +0200[diff] [blame]746
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]747 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
748 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
Paul Bakkerfde42702013-08-25 14:47:27 +0200[diff] [blame]749 }
750
Paul Bakkere5eae762013-08-26 12:05:14 +0200[diff] [blame]751 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]752 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) );
753
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]754 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->E ) );
755 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->rsa->N ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]756
757 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
758 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
759
760 if( c - tmp_buf < 1 )
761 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
762
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]763 /*
764 * AlgorithmIdentifier ::= SEQUENCE {
765 * algorithm OBJECT IDENTIFIER,
766 * parameters ANY DEFINED BY algorithm OPTIONAL }
767 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]768 *--c = 0;
769 pub_len += 1;
770
771 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
772 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_BIT_STRING ) );
773
774 ASN1_CHK_ADD( pub_len, asn1_write_algorithm_identifier( &c, tmp_buf, OID_PKCS1_RSA ) );
775
776 len += pub_len;
777 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, pub_len ) );
778 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
779
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]780 /*
781 * Subject ::= Name
782 */
783 ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->subject ) );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]784
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]785 /*
786 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
787 */
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]788 ASN1_CHK_ADD( len, asn1_write_int( &c, tmp_buf, 0 ) );
789
790 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
791 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]792
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]793 md( md_info_from_type( ctx->md_alg ), c, len, hash );
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]794
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]795 rsa_pkcs1_sign( ctx->rsa, NULL, NULL, RSA_PRIVATE, ctx->md_alg, 0, hash, sig );
Paul Bakker3cac5e02012-02-16 14:08:06 +0000[diff] [blame]796
797 // Generate correct OID
798 //
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]799 ret = oid_get_oid_by_sig_alg( POLARSSL_PK_RSA, ctx->md_alg, &sig_oid );
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]800
801 c2 = buf + size - 1;
Paul Bakker8eabfc12013-08-25 10:18:25 +0200[diff] [blame]802 ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig, ctx->rsa->len ) );
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]803
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]804 c2 -= len;
Paul Bakkerb6c5d2e2013-06-25 16:25:17 +0200[diff] [blame]805 memcpy( c2, c, len );
806
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]807 len += sig_len;
808 ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) );
809 ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
810
811 return( len );
812}
813
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]814int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size )
815{
816 int ret;
817 const char *sig_oid;
818 unsigned char *c, *c2;
819 unsigned char hash[64];
820 unsigned char sig[POLARSSL_MPI_MAX_SIZE];
821 unsigned char tmp_buf[2048];
822 size_t sub_len = 0, pub_len = 0, sig_len = 0;
823 size_t len = 0;
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]824
825 c = tmp_buf + 2048 - 1;
826
827 // Generate correct OID
828 //
829 ret = oid_get_oid_by_sig_alg( POLARSSL_PK_RSA, ctx->md_alg, &sig_oid );
830 if( ret != 0 )
831 return( ret );
832
Paul Bakker15162a02013-09-06 19:27:21 +0200[diff] [blame]833 /*
834 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
835 */
836 ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
837 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
838 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
839 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
840 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) );
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]841
842 /*
843 * SubjectPublicKeyInfo ::= SEQUENCE {
844 * algorithm AlgorithmIdentifier,
845 * subjectPublicKey BIT STRING }
846 */
847 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->subject_key->E ) );
848 ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &ctx->subject_key->N ) );
849
850 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
851 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
852
853 if( c - tmp_buf < 1 )
854 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
855
856 *--c = 0;
857 pub_len += 1;
858
859 ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) );
860 ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_BIT_STRING ) );
861
862 ASN1_CHK_ADD( pub_len, asn1_write_algorithm_identifier( &c, tmp_buf, OID_PKCS1_RSA ) );
863
864 len += pub_len;
865 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, pub_len ) );
866 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
867
868 /*
869 * Subject ::= Name
870 */
871 ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->subject ) );
872
873 /*
874 * Validity ::= SEQUENCE {
875 * notBefore Time,
876 * notAfter Time }
877 */
878 sub_len = 0;
879
880 ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after,
881 X509_RFC5280_UTC_TIME_LEN ) );
882
883 ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before,
884 X509_RFC5280_UTC_TIME_LEN ) );
885
886 len += sub_len;
887 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
888 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
889
890 /*
891 * Issuer ::= Name
892 */
893 ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->issuer ) );
894
895 /*
896 * Signature ::= AlgorithmIdentifier
897 */
898 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, tmp_buf,
899 sig_oid ) );
900
901 /*
902 * Serial ::= INTEGER
903 */
904 ASN1_CHK_ADD( len, asn1_write_mpi( &c, tmp_buf, &ctx->serial ) );
905
906 /*
907 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
908 */
909 sub_len = 0;
910 ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) );
911 len += sub_len;
912 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
913 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) );
914
915 ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
916 ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
917
918 md( md_info_from_type( ctx->md_alg ), c, len, hash );
919
920 rsa_pkcs1_sign( ctx->issuer_key, NULL, NULL, RSA_PRIVATE, ctx->md_alg, 0, hash, sig );
921
922 c2 = buf + size - 1;
923 ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig, ctx->issuer_key->len ) );
924
925 c2 -= len;
926 memcpy( c2, c, len );
927
928 len += sig_len;
929 ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) );
930 ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
931
932 return( len );
933}
934
935#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n"
936#define PEM_END_CRT "-----END CERTIFICATE-----\n"
937
Paul Bakkerf3df61a2013-08-26 17:22:23 +0200[diff] [blame]938#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n"
939#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
940
941#define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----\n"
942#define PEM_END_PUBLIC_KEY "-----END PUBLIC KEY-----\n"
943
944#define PEM_BEGIN_PRIVATE_KEY "-----BEGIN RSA PRIVATE KEY-----\n"
945#define PEM_END_PRIVATE_KEY "-----END RSA PRIVATE KEY-----\n"
Paul Bakker135f1e92013-08-26 16:54:13 +0200[diff] [blame]946
947#if defined(POLARSSL_BASE64_C)
Paul Bakkerf3df61a2013-08-26 17:22:23 +0200[diff] [blame]948static int x509write_pemify( const char *begin_str, const char *end_str,
949 const unsigned char *der_data, size_t der_len,
950 unsigned char *buf, size_t size )
Paul Bakker135f1e92013-08-26 16:54:13 +0200[diff] [blame]951{
952 int ret;
Paul Bakker135f1e92013-08-26 16:54:13 +0200[diff] [blame]953 unsigned char base_buf[4096];
Paul Bakkerf3df61a2013-08-26 17:22:23 +0200[diff] [blame]954 unsigned char *c = base_buf, *p = buf;
955 size_t len = 0, olen = sizeof(base_buf);
Paul Bakker135f1e92013-08-26 16:54:13 +0200[diff] [blame]956
Paul Bakkerf3df61a2013-08-26 17:22:23 +0200[diff] [blame]957 if( ( ret = base64_encode( base_buf, &olen, der_data, der_len ) ) != 0 )
Paul Bakker135f1e92013-08-26 16:54:13 +0200[diff] [blame]958 return( ret );
959
Paul Bakkerf3df61a2013-08-26 17:22:23 +0200[diff] [blame]960 if( olen + strlen( begin_str ) + strlen( end_str ) +
Paul Bakker135f1e92013-08-26 16:54:13 +0200[diff] [blame]961 olen / 64 > size )
962 {
963 return( POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL );
964 }
965
Paul Bakkerf3df61a2013-08-26 17:22:23 +0200[diff] [blame]966 memcpy( p, begin_str, strlen( begin_str ) );
967 p += strlen( begin_str );
Paul Bakker135f1e92013-08-26 16:54:13 +0200[diff] [blame]968
969 while( olen )
970 {
971 len = ( olen > 64 ) ? 64 : olen;
972 memcpy( p, c, len );
973 olen -= len;
974 p += len;
975 c += len;
976 *p++ = '\n';
977 }
978
Paul Bakkerf3df61a2013-08-26 17:22:23 +0200[diff] [blame]979 memcpy( p, end_str, strlen( end_str ) );
980 p += strlen( end_str );
Paul Bakker135f1e92013-08-26 16:54:13 +0200[diff] [blame]981
982 *p = '\0';
983
984 return( 0 );
985}
Paul Bakkerf3df61a2013-08-26 17:22:23 +0200[diff] [blame]986
Paul Bakker9397dcb2013-09-06 09:55:26 +0200[diff] [blame]987int x509write_crt_pem( x509write_cert *crt, unsigned char *buf, size_t size )
988{
989 int ret;
990 unsigned char output_buf[4096];
991
992 if( ( ret = x509write_crt_der( crt, output_buf,
993 sizeof(output_buf) ) ) < 0 )
994 {
995 return( ret );
996 }
997
998 if( ( ret = x509write_pemify( PEM_BEGIN_CRT, PEM_END_CRT,
999 output_buf + sizeof(output_buf) - 1 - ret,
1000 ret, buf, size ) ) != 0 )
1001 {
1002 return( ret );
1003 }
1004
1005 return( 0 );
1006}
1007
Paul Bakkerf3df61a2013-08-26 17:22:23 +0200[diff] [blame]1008int x509write_pubkey_pem( rsa_context *rsa, unsigned char *buf, size_t size )
1009{
1010 int ret;
1011 unsigned char output_buf[4096];
1012
1013 if( ( ret = x509write_pubkey_der( rsa, output_buf,
1014 sizeof(output_buf) ) ) < 0 )
1015 {
1016 return( ret );
1017 }
1018
1019 if( ( ret = x509write_pemify( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
1020 output_buf + sizeof(output_buf) - 1 - ret,
1021 ret, buf, size ) ) != 0 )
1022 {
1023 return( ret );
1024 }
1025
1026 return( 0 );
1027}
1028
1029int x509write_key_pem( rsa_context *rsa, unsigned char *buf, size_t size )
1030{
1031 int ret;
1032 unsigned char output_buf[4096];
1033
1034 if( ( ret = x509write_key_der( rsa, output_buf,
1035 sizeof(output_buf) ) ) < 0 )
1036 {
1037 return( ret );
1038 }
1039
1040 if( ( ret = x509write_pemify( PEM_BEGIN_PRIVATE_KEY, PEM_END_PRIVATE_KEY,
1041 output_buf + sizeof(output_buf) - 1 - ret,
1042 ret, buf, size ) ) != 0 )
1043 {
1044 return( ret );
1045 }
1046
1047 return( 0 );
1048}
1049
1050int x509write_csr_pem( x509_csr *ctx, unsigned char *buf, size_t size )
1051{
1052 int ret;
1053 unsigned char output_buf[4096];
1054
1055 if( ( ret = x509write_csr_der( ctx, output_buf,
1056 sizeof(output_buf) ) ) < 0 )
1057 {
1058 return( ret );
1059 }
1060
1061 if( ( ret = x509write_pemify( PEM_BEGIN_CSR, PEM_END_CSR,
1062 output_buf + sizeof(output_buf) - 1 - ret,
1063 ret, buf, size ) ) != 0 )
1064 {
1065 return( ret );
1066 }
1067
1068 return( 0 );
1069}
Paul Bakker135f1e92013-08-26 16:54:13 +0200[diff] [blame]1070#endif /* POLARSSL_BASE64_C */
1071
Paul Bakkerbdb912d2012-02-13 23:11:30 +0000[diff] [blame]1072#endif