EL4121 Embedded System / mbed-os

mbed-os

Dependents:   cobaLCDJoyMotor_Thread odometry_omni_3roda_v3 odometry_omni_3roda_v1 odometry_omni_3roda_v2 ... more

features/mbedtls/src/x509_csr.c@0:b74591d5ab33, 2017-12-11 (annotated)

Committer:
be_bryan
Date:
Mon Dec 11 17:54:04 2017 +0000
Revision:
0:b74591d5ab33
motor ++

Who changed what in which revision?

UserRevisionLine numberNew contents of line
be_bryan 0:b74591d5ab33 1 /*
be_bryan 0:b74591d5ab33 2 * X.509 Certificate Signing Request (CSR) parsing
be_bryan 0:b74591d5ab33 3 *
be_bryan 0:b74591d5ab33 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
be_bryan 0:b74591d5ab33 5 * SPDX-License-Identifier: Apache-2.0
be_bryan 0:b74591d5ab33 6 *
be_bryan 0:b74591d5ab33 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
be_bryan 0:b74591d5ab33 8 * not use this file except in compliance with the License.
be_bryan 0:b74591d5ab33 9 * You may obtain a copy of the License at
be_bryan 0:b74591d5ab33 10 *
be_bryan 0:b74591d5ab33 11 * http://www.apache.org/licenses/LICENSE-2.0
be_bryan 0:b74591d5ab33 12 *
be_bryan 0:b74591d5ab33 13 * Unless required by applicable law or agreed to in writing, software
be_bryan 0:b74591d5ab33 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
be_bryan 0:b74591d5ab33 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
be_bryan 0:b74591d5ab33 16 * See the License for the specific language governing permissions and
be_bryan 0:b74591d5ab33 17 * limitations under the License.
be_bryan 0:b74591d5ab33 18 *
be_bryan 0:b74591d5ab33 19 * This file is part of mbed TLS (https://tls.mbed.org)
be_bryan 0:b74591d5ab33 20 */
be_bryan 0:b74591d5ab33 21 /*
be_bryan 0:b74591d5ab33 22 * The ITU-T X.509 standard defines a certificate format for PKI.
be_bryan 0:b74591d5ab33 23 *
be_bryan 0:b74591d5ab33 24 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
be_bryan 0:b74591d5ab33 25 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
be_bryan 0:b74591d5ab33 26 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
be_bryan 0:b74591d5ab33 27 *
be_bryan 0:b74591d5ab33 28 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
be_bryan 0:b74591d5ab33 29 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
be_bryan 0:b74591d5ab33 30 */
be_bryan 0:b74591d5ab33 31
be_bryan 0:b74591d5ab33 32 #if !defined(MBEDTLS_CONFIG_FILE)
be_bryan 0:b74591d5ab33 33 #include "mbedtls/config.h"
be_bryan 0:b74591d5ab33 34 #else
be_bryan 0:b74591d5ab33 35 #include MBEDTLS_CONFIG_FILE
be_bryan 0:b74591d5ab33 36 #endif
be_bryan 0:b74591d5ab33 37
be_bryan 0:b74591d5ab33 38 #if defined(MBEDTLS_X509_CSR_PARSE_C)
be_bryan 0:b74591d5ab33 39
be_bryan 0:b74591d5ab33 40 #include "mbedtls/x509_csr.h"
be_bryan 0:b74591d5ab33 41 #include "mbedtls/oid.h"
be_bryan 0:b74591d5ab33 42
be_bryan 0:b74591d5ab33 43 #include <string.h>
be_bryan 0:b74591d5ab33 44
be_bryan 0:b74591d5ab33 45 #if defined(MBEDTLS_PEM_PARSE_C)
be_bryan 0:b74591d5ab33 46 #include "mbedtls/pem.h"
be_bryan 0:b74591d5ab33 47 #endif
be_bryan 0:b74591d5ab33 48
be_bryan 0:b74591d5ab33 49 #if defined(MBEDTLS_PLATFORM_C)
be_bryan 0:b74591d5ab33 50 #include "mbedtls/platform.h"
be_bryan 0:b74591d5ab33 51 #else
be_bryan 0:b74591d5ab33 52 #include <stdlib.h>
be_bryan 0:b74591d5ab33 53 #include <stdio.h>
be_bryan 0:b74591d5ab33 54 #define mbedtls_free free
be_bryan 0:b74591d5ab33 55 #define mbedtls_calloc calloc
be_bryan 0:b74591d5ab33 56 #define mbedtls_snprintf snprintf
be_bryan 0:b74591d5ab33 57 #endif
be_bryan 0:b74591d5ab33 58
be_bryan 0:b74591d5ab33 59 #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
be_bryan 0:b74591d5ab33 60 #include <stdio.h>
be_bryan 0:b74591d5ab33 61 #endif
be_bryan 0:b74591d5ab33 62
be_bryan 0:b74591d5ab33 63 /* Implementation that should never be optimized out by the compiler */
be_bryan 0:b74591d5ab33 64 static void mbedtls_zeroize( void *v, size_t n ) {
be_bryan 0:b74591d5ab33 65 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
be_bryan 0:b74591d5ab33 66 }
be_bryan 0:b74591d5ab33 67
be_bryan 0:b74591d5ab33 68 /*
be_bryan 0:b74591d5ab33 69 * Version ::= INTEGER { v1(0) }
be_bryan 0:b74591d5ab33 70 */
be_bryan 0:b74591d5ab33 71 static int x509_csr_get_version( unsigned char **p,
be_bryan 0:b74591d5ab33 72 const unsigned char *end,
be_bryan 0:b74591d5ab33 73 int *ver )
be_bryan 0:b74591d5ab33 74 {
be_bryan 0:b74591d5ab33 75 int ret;
be_bryan 0:b74591d5ab33 76
be_bryan 0:b74591d5ab33 77 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
be_bryan 0:b74591d5ab33 78 {
be_bryan 0:b74591d5ab33 79 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
be_bryan 0:b74591d5ab33 80 {
be_bryan 0:b74591d5ab33 81 *ver = 0;
be_bryan 0:b74591d5ab33 82 return( 0 );
be_bryan 0:b74591d5ab33 83 }
be_bryan 0:b74591d5ab33 84
be_bryan 0:b74591d5ab33 85 return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
be_bryan 0:b74591d5ab33 86 }
be_bryan 0:b74591d5ab33 87
be_bryan 0:b74591d5ab33 88 return( 0 );
be_bryan 0:b74591d5ab33 89 }
be_bryan 0:b74591d5ab33 90
be_bryan 0:b74591d5ab33 91 /*
be_bryan 0:b74591d5ab33 92 * Parse a CSR in DER format
be_bryan 0:b74591d5ab33 93 */
be_bryan 0:b74591d5ab33 94 int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
be_bryan 0:b74591d5ab33 95 const unsigned char *buf, size_t buflen )
be_bryan 0:b74591d5ab33 96 {
be_bryan 0:b74591d5ab33 97 int ret;
be_bryan 0:b74591d5ab33 98 size_t len;
be_bryan 0:b74591d5ab33 99 unsigned char *p, *end;
be_bryan 0:b74591d5ab33 100 mbedtls_x509_buf sig_params;
be_bryan 0:b74591d5ab33 101
be_bryan 0:b74591d5ab33 102 memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) );
be_bryan 0:b74591d5ab33 103
be_bryan 0:b74591d5ab33 104 /*
be_bryan 0:b74591d5ab33 105 * Check for valid input
be_bryan 0:b74591d5ab33 106 */
be_bryan 0:b74591d5ab33 107 if( csr == NULL || buf == NULL || buflen == 0 )
be_bryan 0:b74591d5ab33 108 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
be_bryan 0:b74591d5ab33 109
be_bryan 0:b74591d5ab33 110 mbedtls_x509_csr_init( csr );
be_bryan 0:b74591d5ab33 111
be_bryan 0:b74591d5ab33 112 /*
be_bryan 0:b74591d5ab33 113 * first copy the raw DER data
be_bryan 0:b74591d5ab33 114 */
be_bryan 0:b74591d5ab33 115 p = mbedtls_calloc( 1, len = buflen );
be_bryan 0:b74591d5ab33 116
be_bryan 0:b74591d5ab33 117 if( p == NULL )
be_bryan 0:b74591d5ab33 118 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
be_bryan 0:b74591d5ab33 119
be_bryan 0:b74591d5ab33 120 memcpy( p, buf, buflen );
be_bryan 0:b74591d5ab33 121
be_bryan 0:b74591d5ab33 122 csr->raw.p = p;
be_bryan 0:b74591d5ab33 123 csr->raw.len = len;
be_bryan 0:b74591d5ab33 124 end = p + len;
be_bryan 0:b74591d5ab33 125
be_bryan 0:b74591d5ab33 126 /*
be_bryan 0:b74591d5ab33 127 * CertificationRequest ::= SEQUENCE {
be_bryan 0:b74591d5ab33 128 * certificationRequestInfo CertificationRequestInfo,
be_bryan 0:b74591d5ab33 129 * signatureAlgorithm AlgorithmIdentifier,
be_bryan 0:b74591d5ab33 130 * signature BIT STRING
be_bryan 0:b74591d5ab33 131 * }
be_bryan 0:b74591d5ab33 132 */
be_bryan 0:b74591d5ab33 133 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
be_bryan 0:b74591d5ab33 134 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
be_bryan 0:b74591d5ab33 135 {
be_bryan 0:b74591d5ab33 136 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 137 return( MBEDTLS_ERR_X509_INVALID_FORMAT );
be_bryan 0:b74591d5ab33 138 }
be_bryan 0:b74591d5ab33 139
be_bryan 0:b74591d5ab33 140 if( len != (size_t) ( end - p ) )
be_bryan 0:b74591d5ab33 141 {
be_bryan 0:b74591d5ab33 142 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 143 return( MBEDTLS_ERR_X509_INVALID_FORMAT +
be_bryan 0:b74591d5ab33 144 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
be_bryan 0:b74591d5ab33 145 }
be_bryan 0:b74591d5ab33 146
be_bryan 0:b74591d5ab33 147 /*
be_bryan 0:b74591d5ab33 148 * CertificationRequestInfo ::= SEQUENCE {
be_bryan 0:b74591d5ab33 149 */
be_bryan 0:b74591d5ab33 150 csr->cri.p = p;
be_bryan 0:b74591d5ab33 151
be_bryan 0:b74591d5ab33 152 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
be_bryan 0:b74591d5ab33 153 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
be_bryan 0:b74591d5ab33 154 {
be_bryan 0:b74591d5ab33 155 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 156 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
be_bryan 0:b74591d5ab33 157 }
be_bryan 0:b74591d5ab33 158
be_bryan 0:b74591d5ab33 159 end = p + len;
be_bryan 0:b74591d5ab33 160 csr->cri.len = end - csr->cri.p;
be_bryan 0:b74591d5ab33 161
be_bryan 0:b74591d5ab33 162 /*
be_bryan 0:b74591d5ab33 163 * Version ::= INTEGER { v1(0) }
be_bryan 0:b74591d5ab33 164 */
be_bryan 0:b74591d5ab33 165 if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 )
be_bryan 0:b74591d5ab33 166 {
be_bryan 0:b74591d5ab33 167 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 168 return( ret );
be_bryan 0:b74591d5ab33 169 }
be_bryan 0:b74591d5ab33 170
be_bryan 0:b74591d5ab33 171 if( csr->version != 0 )
be_bryan 0:b74591d5ab33 172 {
be_bryan 0:b74591d5ab33 173 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 174 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
be_bryan 0:b74591d5ab33 175 }
be_bryan 0:b74591d5ab33 176
be_bryan 0:b74591d5ab33 177 csr->version++;
be_bryan 0:b74591d5ab33 178
be_bryan 0:b74591d5ab33 179 /*
be_bryan 0:b74591d5ab33 180 * subject Name
be_bryan 0:b74591d5ab33 181 */
be_bryan 0:b74591d5ab33 182 csr->subject_raw.p = p;
be_bryan 0:b74591d5ab33 183
be_bryan 0:b74591d5ab33 184 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
be_bryan 0:b74591d5ab33 185 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
be_bryan 0:b74591d5ab33 186 {
be_bryan 0:b74591d5ab33 187 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 188 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
be_bryan 0:b74591d5ab33 189 }
be_bryan 0:b74591d5ab33 190
be_bryan 0:b74591d5ab33 191 if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
be_bryan 0:b74591d5ab33 192 {
be_bryan 0:b74591d5ab33 193 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 194 return( ret );
be_bryan 0:b74591d5ab33 195 }
be_bryan 0:b74591d5ab33 196
be_bryan 0:b74591d5ab33 197 csr->subject_raw.len = p - csr->subject_raw.p;
be_bryan 0:b74591d5ab33 198
be_bryan 0:b74591d5ab33 199 /*
be_bryan 0:b74591d5ab33 200 * subjectPKInfo SubjectPublicKeyInfo
be_bryan 0:b74591d5ab33 201 */
be_bryan 0:b74591d5ab33 202 if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 )
be_bryan 0:b74591d5ab33 203 {
be_bryan 0:b74591d5ab33 204 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 205 return( ret );
be_bryan 0:b74591d5ab33 206 }
be_bryan 0:b74591d5ab33 207
be_bryan 0:b74591d5ab33 208 /*
be_bryan 0:b74591d5ab33 209 * attributes [0] Attributes
be_bryan 0:b74591d5ab33 210 *
be_bryan 0:b74591d5ab33 211 * The list of possible attributes is open-ended, though RFC 2985
be_bryan 0:b74591d5ab33 212 * (PKCS#9) defines a few in section 5.4. We currently don't support any,
be_bryan 0:b74591d5ab33 213 * so we just ignore them. This is a safe thing to do as the worst thing
be_bryan 0:b74591d5ab33 214 * that could happen is that we issue a certificate that does not match
be_bryan 0:b74591d5ab33 215 * the requester's expectations - this cannot cause a violation of our
be_bryan 0:b74591d5ab33 216 * signature policies.
be_bryan 0:b74591d5ab33 217 */
be_bryan 0:b74591d5ab33 218 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
be_bryan 0:b74591d5ab33 219 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
be_bryan 0:b74591d5ab33 220 {
be_bryan 0:b74591d5ab33 221 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 222 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
be_bryan 0:b74591d5ab33 223 }
be_bryan 0:b74591d5ab33 224
be_bryan 0:b74591d5ab33 225 p += len;
be_bryan 0:b74591d5ab33 226
be_bryan 0:b74591d5ab33 227 end = csr->raw.p + csr->raw.len;
be_bryan 0:b74591d5ab33 228
be_bryan 0:b74591d5ab33 229 /*
be_bryan 0:b74591d5ab33 230 * signatureAlgorithm AlgorithmIdentifier,
be_bryan 0:b74591d5ab33 231 * signature BIT STRING
be_bryan 0:b74591d5ab33 232 */
be_bryan 0:b74591d5ab33 233 if( ( ret = mbedtls_x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 )
be_bryan 0:b74591d5ab33 234 {
be_bryan 0:b74591d5ab33 235 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 236 return( ret );
be_bryan 0:b74591d5ab33 237 }
be_bryan 0:b74591d5ab33 238
be_bryan 0:b74591d5ab33 239 if( ( ret = mbedtls_x509_get_sig_alg( &csr->sig_oid, &sig_params,
be_bryan 0:b74591d5ab33 240 &csr->sig_md, &csr->sig_pk,
be_bryan 0:b74591d5ab33 241 &csr->sig_opts ) ) != 0 )
be_bryan 0:b74591d5ab33 242 {
be_bryan 0:b74591d5ab33 243 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 244 return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
be_bryan 0:b74591d5ab33 245 }
be_bryan 0:b74591d5ab33 246
be_bryan 0:b74591d5ab33 247 if( ( ret = mbedtls_x509_get_sig( &p, end, &csr->sig ) ) != 0 )
be_bryan 0:b74591d5ab33 248 {
be_bryan 0:b74591d5ab33 249 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 250 return( ret );
be_bryan 0:b74591d5ab33 251 }
be_bryan 0:b74591d5ab33 252
be_bryan 0:b74591d5ab33 253 if( p != end )
be_bryan 0:b74591d5ab33 254 {
be_bryan 0:b74591d5ab33 255 mbedtls_x509_csr_free( csr );
be_bryan 0:b74591d5ab33 256 return( MBEDTLS_ERR_X509_INVALID_FORMAT +
be_bryan 0:b74591d5ab33 257 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
be_bryan 0:b74591d5ab33 258 }
be_bryan 0:b74591d5ab33 259
be_bryan 0:b74591d5ab33 260 return( 0 );
be_bryan 0:b74591d5ab33 261 }
be_bryan 0:b74591d5ab33 262
be_bryan 0:b74591d5ab33 263 /*
be_bryan 0:b74591d5ab33 264 * Parse a CSR, allowing for PEM or raw DER encoding
be_bryan 0:b74591d5ab33 265 */
be_bryan 0:b74591d5ab33 266 int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen )
be_bryan 0:b74591d5ab33 267 {
be_bryan 0:b74591d5ab33 268 #if defined(MBEDTLS_PEM_PARSE_C)
be_bryan 0:b74591d5ab33 269 int ret;
be_bryan 0:b74591d5ab33 270 size_t use_len;
be_bryan 0:b74591d5ab33 271 mbedtls_pem_context pem;
be_bryan 0:b74591d5ab33 272 #endif
be_bryan 0:b74591d5ab33 273
be_bryan 0:b74591d5ab33 274 /*
be_bryan 0:b74591d5ab33 275 * Check for valid input
be_bryan 0:b74591d5ab33 276 */
be_bryan 0:b74591d5ab33 277 if( csr == NULL || buf == NULL || buflen == 0 )
be_bryan 0:b74591d5ab33 278 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
be_bryan 0:b74591d5ab33 279
be_bryan 0:b74591d5ab33 280 #if defined(MBEDTLS_PEM_PARSE_C)
be_bryan 0:b74591d5ab33 281 mbedtls_pem_init( &pem );
be_bryan 0:b74591d5ab33 282
be_bryan 0:b74591d5ab33 283 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
be_bryan 0:b74591d5ab33 284 if( buf[buflen - 1] != '\0' )
be_bryan 0:b74591d5ab33 285 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
be_bryan 0:b74591d5ab33 286 else
be_bryan 0:b74591d5ab33 287 ret = mbedtls_pem_read_buffer( &pem,
be_bryan 0:b74591d5ab33 288 "-----BEGIN CERTIFICATE REQUEST-----",
be_bryan 0:b74591d5ab33 289 "-----END CERTIFICATE REQUEST-----",
be_bryan 0:b74591d5ab33 290 buf, NULL, 0, &use_len );
be_bryan 0:b74591d5ab33 291
be_bryan 0:b74591d5ab33 292 if( ret == 0 )
be_bryan 0:b74591d5ab33 293 {
be_bryan 0:b74591d5ab33 294 /*
be_bryan 0:b74591d5ab33 295 * Was PEM encoded, parse the result
be_bryan 0:b74591d5ab33 296 */
be_bryan 0:b74591d5ab33 297 if( ( ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen ) ) != 0 )
be_bryan 0:b74591d5ab33 298 return( ret );
be_bryan 0:b74591d5ab33 299
be_bryan 0:b74591d5ab33 300 mbedtls_pem_free( &pem );
be_bryan 0:b74591d5ab33 301 return( 0 );
be_bryan 0:b74591d5ab33 302 }
be_bryan 0:b74591d5ab33 303 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
be_bryan 0:b74591d5ab33 304 {
be_bryan 0:b74591d5ab33 305 mbedtls_pem_free( &pem );
be_bryan 0:b74591d5ab33 306 return( ret );
be_bryan 0:b74591d5ab33 307 }
be_bryan 0:b74591d5ab33 308 else
be_bryan 0:b74591d5ab33 309 #endif /* MBEDTLS_PEM_PARSE_C */
be_bryan 0:b74591d5ab33 310 return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) );
be_bryan 0:b74591d5ab33 311 }
be_bryan 0:b74591d5ab33 312
be_bryan 0:b74591d5ab33 313 #if defined(MBEDTLS_FS_IO)
be_bryan 0:b74591d5ab33 314 /*
be_bryan 0:b74591d5ab33 315 * Load a CSR into the structure
be_bryan 0:b74591d5ab33 316 */
be_bryan 0:b74591d5ab33 317 int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path )
be_bryan 0:b74591d5ab33 318 {
be_bryan 0:b74591d5ab33 319 int ret;
be_bryan 0:b74591d5ab33 320 size_t n;
be_bryan 0:b74591d5ab33 321 unsigned char *buf;
be_bryan 0:b74591d5ab33 322
be_bryan 0:b74591d5ab33 323 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
be_bryan 0:b74591d5ab33 324 return( ret );
be_bryan 0:b74591d5ab33 325
be_bryan 0:b74591d5ab33 326 ret = mbedtls_x509_csr_parse( csr, buf, n );
be_bryan 0:b74591d5ab33 327
be_bryan 0:b74591d5ab33 328 mbedtls_zeroize( buf, n );
be_bryan 0:b74591d5ab33 329 mbedtls_free( buf );
be_bryan 0:b74591d5ab33 330
be_bryan 0:b74591d5ab33 331 return( ret );
be_bryan 0:b74591d5ab33 332 }
be_bryan 0:b74591d5ab33 333 #endif /* MBEDTLS_FS_IO */
be_bryan 0:b74591d5ab33 334
be_bryan 0:b74591d5ab33 335 #define BEFORE_COLON 14
be_bryan 0:b74591d5ab33 336 #define BC "14"
be_bryan 0:b74591d5ab33 337 /*
be_bryan 0:b74591d5ab33 338 * Return an informational string about the CSR.
be_bryan 0:b74591d5ab33 339 */
be_bryan 0:b74591d5ab33 340 int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
be_bryan 0:b74591d5ab33 341 const mbedtls_x509_csr *csr )
be_bryan 0:b74591d5ab33 342 {
be_bryan 0:b74591d5ab33 343 int ret;
be_bryan 0:b74591d5ab33 344 size_t n;
be_bryan 0:b74591d5ab33 345 char *p;
be_bryan 0:b74591d5ab33 346 char key_size_str[BEFORE_COLON];
be_bryan 0:b74591d5ab33 347
be_bryan 0:b74591d5ab33 348 p = buf;
be_bryan 0:b74591d5ab33 349 n = size;
be_bryan 0:b74591d5ab33 350
be_bryan 0:b74591d5ab33 351 ret = mbedtls_snprintf( p, n, "%sCSR version : %d",
be_bryan 0:b74591d5ab33 352 prefix, csr->version );
be_bryan 0:b74591d5ab33 353 MBEDTLS_X509_SAFE_SNPRINTF;
be_bryan 0:b74591d5ab33 354
be_bryan 0:b74591d5ab33 355 ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix );
be_bryan 0:b74591d5ab33 356 MBEDTLS_X509_SAFE_SNPRINTF;
be_bryan 0:b74591d5ab33 357 ret = mbedtls_x509_dn_gets( p, n, &csr->subject );
be_bryan 0:b74591d5ab33 358 MBEDTLS_X509_SAFE_SNPRINTF;
be_bryan 0:b74591d5ab33 359
be_bryan 0:b74591d5ab33 360 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
be_bryan 0:b74591d5ab33 361 MBEDTLS_X509_SAFE_SNPRINTF;
be_bryan 0:b74591d5ab33 362
be_bryan 0:b74591d5ab33 363 ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
be_bryan 0:b74591d5ab33 364 csr->sig_opts );
be_bryan 0:b74591d5ab33 365 MBEDTLS_X509_SAFE_SNPRINTF;
be_bryan 0:b74591d5ab33 366
be_bryan 0:b74591d5ab33 367 if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
be_bryan 0:b74591d5ab33 368 mbedtls_pk_get_name( &csr->pk ) ) ) != 0 )
be_bryan 0:b74591d5ab33 369 {
be_bryan 0:b74591d5ab33 370 return( ret );
be_bryan 0:b74591d5ab33 371 }
be_bryan 0:b74591d5ab33 372
be_bryan 0:b74591d5ab33 373 ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
be_bryan 0:b74591d5ab33 374 (int) mbedtls_pk_get_bitlen( &csr->pk ) );
be_bryan 0:b74591d5ab33 375 MBEDTLS_X509_SAFE_SNPRINTF;
be_bryan 0:b74591d5ab33 376
be_bryan 0:b74591d5ab33 377 return( (int) ( size - n ) );
be_bryan 0:b74591d5ab33 378 }
be_bryan 0:b74591d5ab33 379
be_bryan 0:b74591d5ab33 380 /*
be_bryan 0:b74591d5ab33 381 * Initialize a CSR
be_bryan 0:b74591d5ab33 382 */
be_bryan 0:b74591d5ab33 383 void mbedtls_x509_csr_init( mbedtls_x509_csr *csr )
be_bryan 0:b74591d5ab33 384 {
be_bryan 0:b74591d5ab33 385 memset( csr, 0, sizeof(mbedtls_x509_csr) );
be_bryan 0:b74591d5ab33 386 }
be_bryan 0:b74591d5ab33 387
be_bryan 0:b74591d5ab33 388 /*
be_bryan 0:b74591d5ab33 389 * Unallocate all CSR data
be_bryan 0:b74591d5ab33 390 */
be_bryan 0:b74591d5ab33 391 void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
be_bryan 0:b74591d5ab33 392 {
be_bryan 0:b74591d5ab33 393 mbedtls_x509_name *name_cur;
be_bryan 0:b74591d5ab33 394 mbedtls_x509_name *name_prv;
be_bryan 0:b74591d5ab33 395
be_bryan 0:b74591d5ab33 396 if( csr == NULL )
be_bryan 0:b74591d5ab33 397 return;
be_bryan 0:b74591d5ab33 398
be_bryan 0:b74591d5ab33 399 mbedtls_pk_free( &csr->pk );
be_bryan 0:b74591d5ab33 400
be_bryan 0:b74591d5ab33 401 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
be_bryan 0:b74591d5ab33 402 mbedtls_free( csr->sig_opts );
be_bryan 0:b74591d5ab33 403 #endif
be_bryan 0:b74591d5ab33 404
be_bryan 0:b74591d5ab33 405 name_cur = csr->subject.next;
be_bryan 0:b74591d5ab33 406 while( name_cur != NULL )
be_bryan 0:b74591d5ab33 407 {
be_bryan 0:b74591d5ab33 408 name_prv = name_cur;
be_bryan 0:b74591d5ab33 409 name_cur = name_cur->next;
be_bryan 0:b74591d5ab33 410 mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
be_bryan 0:b74591d5ab33 411 mbedtls_free( name_prv );
be_bryan 0:b74591d5ab33 412 }
be_bryan 0:b74591d5ab33 413
be_bryan 0:b74591d5ab33 414 if( csr->raw.p != NULL )
be_bryan 0:b74591d5ab33 415 {
be_bryan 0:b74591d5ab33 416 mbedtls_zeroize( csr->raw.p, csr->raw.len );
be_bryan 0:b74591d5ab33 417 mbedtls_free( csr->raw.p );
be_bryan 0:b74591d5ab33 418 }
be_bryan 0:b74591d5ab33 419
be_bryan 0:b74591d5ab33 420 mbedtls_zeroize( csr, sizeof( mbedtls_x509_csr ) );
be_bryan 0:b74591d5ab33 421 }
be_bryan 0:b74591d5ab33 422
be_bryan 0:b74591d5ab33 423 #endif /* MBEDTLS_X509_CSR_PARSE_C */