sandbox / mbedtls

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Fork of mbedtls by Christopher Haster

source/x509_create.c@1:24750b9ad5ef, 2016-01-22 (annotated)

Committer:
Christopher Haster
Date:
Fri Jan 22 16:44:49 2016 -0600
Revision:
1:24750b9ad5ef
Initial move of mbedtls to mercurial

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Christopher Haster 1:24750b9ad5ef 1 /*
Christopher Haster 1:24750b9ad5ef 2 * X.509 base functions for creating certificates / CSRs
Christopher Haster 1:24750b9ad5ef 3 *
Christopher Haster 1:24750b9ad5ef 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Christopher Haster 1:24750b9ad5ef 5 * SPDX-License-Identifier: Apache-2.0
Christopher Haster 1:24750b9ad5ef 6 *
Christopher Haster 1:24750b9ad5ef 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
Christopher Haster 1:24750b9ad5ef 8 * not use this file except in compliance with the License.
Christopher Haster 1:24750b9ad5ef 9 * You may obtain a copy of the License at
Christopher Haster 1:24750b9ad5ef 10 *
Christopher Haster 1:24750b9ad5ef 11 * http://www.apache.org/licenses/LICENSE-2.0
Christopher Haster 1:24750b9ad5ef 12 *
Christopher Haster 1:24750b9ad5ef 13 * Unless required by applicable law or agreed to in writing, software
Christopher Haster 1:24750b9ad5ef 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
Christopher Haster 1:24750b9ad5ef 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Christopher Haster 1:24750b9ad5ef 16 * See the License for the specific language governing permissions and
Christopher Haster 1:24750b9ad5ef 17 * limitations under the License.
Christopher Haster 1:24750b9ad5ef 18 *
Christopher Haster 1:24750b9ad5ef 19 * This file is part of mbed TLS (https://tls.mbed.org)
Christopher Haster 1:24750b9ad5ef 20 */
Christopher Haster 1:24750b9ad5ef 21
Christopher Haster 1:24750b9ad5ef 22 #if !defined(MBEDTLS_CONFIG_FILE)
Christopher Haster 1:24750b9ad5ef 23 #include "mbedtls/config.h"
Christopher Haster 1:24750b9ad5ef 24 #else
Christopher Haster 1:24750b9ad5ef 25 #include MBEDTLS_CONFIG_FILE
Christopher Haster 1:24750b9ad5ef 26 #endif
Christopher Haster 1:24750b9ad5ef 27
Christopher Haster 1:24750b9ad5ef 28 #if defined(MBEDTLS_X509_CREATE_C)
Christopher Haster 1:24750b9ad5ef 29
Christopher Haster 1:24750b9ad5ef 30 #include "mbedtls/x509.h"
Christopher Haster 1:24750b9ad5ef 31 #include "mbedtls/asn1write.h"
Christopher Haster 1:24750b9ad5ef 32 #include "mbedtls/oid.h"
Christopher Haster 1:24750b9ad5ef 33
Christopher Haster 1:24750b9ad5ef 34 #include <string.h>
Christopher Haster 1:24750b9ad5ef 35
Christopher Haster 1:24750b9ad5ef 36 typedef struct {
Christopher Haster 1:24750b9ad5ef 37 const char *name;
Christopher Haster 1:24750b9ad5ef 38 size_t name_len;
Christopher Haster 1:24750b9ad5ef 39 const char*oid;
Christopher Haster 1:24750b9ad5ef 40 } x509_attr_descriptor_t;
Christopher Haster 1:24750b9ad5ef 41
Christopher Haster 1:24750b9ad5ef 42 #define ADD_STRLEN( s ) s, sizeof( s ) - 1
Christopher Haster 1:24750b9ad5ef 43
Christopher Haster 1:24750b9ad5ef 44 static const x509_attr_descriptor_t x509_attrs[] =
Christopher Haster 1:24750b9ad5ef 45 {
Christopher Haster 1:24750b9ad5ef 46 { ADD_STRLEN( "CN" ), MBEDTLS_OID_AT_CN },
Christopher Haster 1:24750b9ad5ef 47 { ADD_STRLEN( "commonName" ), MBEDTLS_OID_AT_CN },
Christopher Haster 1:24750b9ad5ef 48 { ADD_STRLEN( "C" ), MBEDTLS_OID_AT_COUNTRY },
Christopher Haster 1:24750b9ad5ef 49 { ADD_STRLEN( "countryName" ), MBEDTLS_OID_AT_COUNTRY },
Christopher Haster 1:24750b9ad5ef 50 { ADD_STRLEN( "O" ), MBEDTLS_OID_AT_ORGANIZATION },
Christopher Haster 1:24750b9ad5ef 51 { ADD_STRLEN( "organizationName" ), MBEDTLS_OID_AT_ORGANIZATION },
Christopher Haster 1:24750b9ad5ef 52 { ADD_STRLEN( "L" ), MBEDTLS_OID_AT_LOCALITY },
Christopher Haster 1:24750b9ad5ef 53 { ADD_STRLEN( "locality" ), MBEDTLS_OID_AT_LOCALITY },
Christopher Haster 1:24750b9ad5ef 54 { ADD_STRLEN( "R" ), MBEDTLS_OID_PKCS9_EMAIL },
Christopher Haster 1:24750b9ad5ef 55 { ADD_STRLEN( "OU" ), MBEDTLS_OID_AT_ORG_UNIT },
Christopher Haster 1:24750b9ad5ef 56 { ADD_STRLEN( "organizationalUnitName" ), MBEDTLS_OID_AT_ORG_UNIT },
Christopher Haster 1:24750b9ad5ef 57 { ADD_STRLEN( "ST" ), MBEDTLS_OID_AT_STATE },
Christopher Haster 1:24750b9ad5ef 58 { ADD_STRLEN( "stateOrProvinceName" ), MBEDTLS_OID_AT_STATE },
Christopher Haster 1:24750b9ad5ef 59 { ADD_STRLEN( "emailAddress" ), MBEDTLS_OID_PKCS9_EMAIL },
Christopher Haster 1:24750b9ad5ef 60 { ADD_STRLEN( "serialNumber" ), MBEDTLS_OID_AT_SERIAL_NUMBER },
Christopher Haster 1:24750b9ad5ef 61 { ADD_STRLEN( "postalAddress" ), MBEDTLS_OID_AT_POSTAL_ADDRESS },
Christopher Haster 1:24750b9ad5ef 62 { ADD_STRLEN( "postalCode" ), MBEDTLS_OID_AT_POSTAL_CODE },
Christopher Haster 1:24750b9ad5ef 63 { ADD_STRLEN( "dnQualifier" ), MBEDTLS_OID_AT_DN_QUALIFIER },
Christopher Haster 1:24750b9ad5ef 64 { ADD_STRLEN( "title" ), MBEDTLS_OID_AT_TITLE },
Christopher Haster 1:24750b9ad5ef 65 { ADD_STRLEN( "surName" ), MBEDTLS_OID_AT_SUR_NAME },
Christopher Haster 1:24750b9ad5ef 66 { ADD_STRLEN( "SN" ), MBEDTLS_OID_AT_SUR_NAME },
Christopher Haster 1:24750b9ad5ef 67 { ADD_STRLEN( "givenName" ), MBEDTLS_OID_AT_GIVEN_NAME },
Christopher Haster 1:24750b9ad5ef 68 { ADD_STRLEN( "GN" ), MBEDTLS_OID_AT_GIVEN_NAME },
Christopher Haster 1:24750b9ad5ef 69 { ADD_STRLEN( "initials" ), MBEDTLS_OID_AT_INITIALS },
Christopher Haster 1:24750b9ad5ef 70 { ADD_STRLEN( "pseudonym" ), MBEDTLS_OID_AT_PSEUDONYM },
Christopher Haster 1:24750b9ad5ef 71 { ADD_STRLEN( "generationQualifier" ), MBEDTLS_OID_AT_GENERATION_QUALIFIER },
Christopher Haster 1:24750b9ad5ef 72 { ADD_STRLEN( "domainComponent" ), MBEDTLS_OID_DOMAIN_COMPONENT },
Christopher Haster 1:24750b9ad5ef 73 { ADD_STRLEN( "DC" ), MBEDTLS_OID_DOMAIN_COMPONENT },
Christopher Haster 1:24750b9ad5ef 74 { NULL, 0, NULL }
Christopher Haster 1:24750b9ad5ef 75 };
Christopher Haster 1:24750b9ad5ef 76
Christopher Haster 1:24750b9ad5ef 77 static const char *x509_at_oid_from_name( const char *name, size_t name_len )
Christopher Haster 1:24750b9ad5ef 78 {
Christopher Haster 1:24750b9ad5ef 79 const x509_attr_descriptor_t *cur;
Christopher Haster 1:24750b9ad5ef 80
Christopher Haster 1:24750b9ad5ef 81 for( cur = x509_attrs; cur->name != NULL; cur++ )
Christopher Haster 1:24750b9ad5ef 82 if( cur->name_len == name_len &&
Christopher Haster 1:24750b9ad5ef 83 strncmp( cur->name, name, name_len ) == 0 )
Christopher Haster 1:24750b9ad5ef 84 break;
Christopher Haster 1:24750b9ad5ef 85
Christopher Haster 1:24750b9ad5ef 86 return( cur->oid );
Christopher Haster 1:24750b9ad5ef 87 }
Christopher Haster 1:24750b9ad5ef 88
Christopher Haster 1:24750b9ad5ef 89 int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name )
Christopher Haster 1:24750b9ad5ef 90 {
Christopher Haster 1:24750b9ad5ef 91 int ret = 0;
Christopher Haster 1:24750b9ad5ef 92 const char *s = name, *c = s;
Christopher Haster 1:24750b9ad5ef 93 const char *end = s + strlen( s );
Christopher Haster 1:24750b9ad5ef 94 const char *oid = NULL;
Christopher Haster 1:24750b9ad5ef 95 int in_tag = 1;
Christopher Haster 1:24750b9ad5ef 96 char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
Christopher Haster 1:24750b9ad5ef 97 char *d = data;
Christopher Haster 1:24750b9ad5ef 98
Christopher Haster 1:24750b9ad5ef 99 /* Clear existing chain if present */
Christopher Haster 1:24750b9ad5ef 100 mbedtls_asn1_free_named_data_list( head );
Christopher Haster 1:24750b9ad5ef 101
Christopher Haster 1:24750b9ad5ef 102 while( c <= end )
Christopher Haster 1:24750b9ad5ef 103 {
Christopher Haster 1:24750b9ad5ef 104 if( in_tag && *c == '=' )
Christopher Haster 1:24750b9ad5ef 105 {
Christopher Haster 1:24750b9ad5ef 106 if( ( oid = x509_at_oid_from_name( s, c - s ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 107 {
Christopher Haster 1:24750b9ad5ef 108 ret = MBEDTLS_ERR_X509_UNKNOWN_OID;
Christopher Haster 1:24750b9ad5ef 109 goto exit;
Christopher Haster 1:24750b9ad5ef 110 }
Christopher Haster 1:24750b9ad5ef 111
Christopher Haster 1:24750b9ad5ef 112 s = c + 1;
Christopher Haster 1:24750b9ad5ef 113 in_tag = 0;
Christopher Haster 1:24750b9ad5ef 114 d = data;
Christopher Haster 1:24750b9ad5ef 115 }
Christopher Haster 1:24750b9ad5ef 116
Christopher Haster 1:24750b9ad5ef 117 if( !in_tag && *c == '\\' && c != end )
Christopher Haster 1:24750b9ad5ef 118 {
Christopher Haster 1:24750b9ad5ef 119 c++;
Christopher Haster 1:24750b9ad5ef 120
Christopher Haster 1:24750b9ad5ef 121 /* Check for valid escaped characters */
Christopher Haster 1:24750b9ad5ef 122 if( c == end || *c != ',' )
Christopher Haster 1:24750b9ad5ef 123 {
Christopher Haster 1:24750b9ad5ef 124 ret = MBEDTLS_ERR_X509_INVALID_NAME;
Christopher Haster 1:24750b9ad5ef 125 goto exit;
Christopher Haster 1:24750b9ad5ef 126 }
Christopher Haster 1:24750b9ad5ef 127 }
Christopher Haster 1:24750b9ad5ef 128 else if( !in_tag && ( *c == ',' || c == end ) )
Christopher Haster 1:24750b9ad5ef 129 {
Christopher Haster 1:24750b9ad5ef 130 if( mbedtls_asn1_store_named_data( head, oid, strlen( oid ),
Christopher Haster 1:24750b9ad5ef 131 (unsigned char *) data,
Christopher Haster 1:24750b9ad5ef 132 d - data ) == NULL )
Christopher Haster 1:24750b9ad5ef 133 {
Christopher Haster 1:24750b9ad5ef 134 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 135 }
Christopher Haster 1:24750b9ad5ef 136
Christopher Haster 1:24750b9ad5ef 137 while( c < end && *(c + 1) == ' ' )
Christopher Haster 1:24750b9ad5ef 138 c++;
Christopher Haster 1:24750b9ad5ef 139
Christopher Haster 1:24750b9ad5ef 140 s = c + 1;
Christopher Haster 1:24750b9ad5ef 141 in_tag = 1;
Christopher Haster 1:24750b9ad5ef 142 }
Christopher Haster 1:24750b9ad5ef 143
Christopher Haster 1:24750b9ad5ef 144 if( !in_tag && s != c + 1 )
Christopher Haster 1:24750b9ad5ef 145 {
Christopher Haster 1:24750b9ad5ef 146 *(d++) = *c;
Christopher Haster 1:24750b9ad5ef 147
Christopher Haster 1:24750b9ad5ef 148 if( d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE )
Christopher Haster 1:24750b9ad5ef 149 {
Christopher Haster 1:24750b9ad5ef 150 ret = MBEDTLS_ERR_X509_INVALID_NAME;
Christopher Haster 1:24750b9ad5ef 151 goto exit;
Christopher Haster 1:24750b9ad5ef 152 }
Christopher Haster 1:24750b9ad5ef 153 }
Christopher Haster 1:24750b9ad5ef 154
Christopher Haster 1:24750b9ad5ef 155 c++;
Christopher Haster 1:24750b9ad5ef 156 }
Christopher Haster 1:24750b9ad5ef 157
Christopher Haster 1:24750b9ad5ef 158 exit:
Christopher Haster 1:24750b9ad5ef 159
Christopher Haster 1:24750b9ad5ef 160 return( ret );
Christopher Haster 1:24750b9ad5ef 161 }
Christopher Haster 1:24750b9ad5ef 162
Christopher Haster 1:24750b9ad5ef 163 /* The first byte of the value in the mbedtls_asn1_named_data structure is reserved
Christopher Haster 1:24750b9ad5ef 164 * to store the critical boolean for us
Christopher Haster 1:24750b9ad5ef 165 */
Christopher Haster 1:24750b9ad5ef 166 int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
Christopher Haster 1:24750b9ad5ef 167 int critical, const unsigned char *val, size_t val_len )
Christopher Haster 1:24750b9ad5ef 168 {
Christopher Haster 1:24750b9ad5ef 169 mbedtls_asn1_named_data *cur;
Christopher Haster 1:24750b9ad5ef 170
Christopher Haster 1:24750b9ad5ef 171 if( ( cur = mbedtls_asn1_store_named_data( head, oid, oid_len,
Christopher Haster 1:24750b9ad5ef 172 NULL, val_len + 1 ) ) == NULL )
Christopher Haster 1:24750b9ad5ef 173 {
Christopher Haster 1:24750b9ad5ef 174 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 175 }
Christopher Haster 1:24750b9ad5ef 176
Christopher Haster 1:24750b9ad5ef 177 cur->val.p[0] = critical;
Christopher Haster 1:24750b9ad5ef 178 memcpy( cur->val.p + 1, val, val_len );
Christopher Haster 1:24750b9ad5ef 179
Christopher Haster 1:24750b9ad5ef 180 return( 0 );
Christopher Haster 1:24750b9ad5ef 181 }
Christopher Haster 1:24750b9ad5ef 182
Christopher Haster 1:24750b9ad5ef 183 /*
Christopher Haster 1:24750b9ad5ef 184 * RelativeDistinguishedName ::=
Christopher Haster 1:24750b9ad5ef 185 * SET OF AttributeTypeAndValue
Christopher Haster 1:24750b9ad5ef 186 *
Christopher Haster 1:24750b9ad5ef 187 * AttributeTypeAndValue ::= SEQUENCE {
Christopher Haster 1:24750b9ad5ef 188 * type AttributeType,
Christopher Haster 1:24750b9ad5ef 189 * value AttributeValue }
Christopher Haster 1:24750b9ad5ef 190 *
Christopher Haster 1:24750b9ad5ef 191 * AttributeType ::= OBJECT IDENTIFIER
Christopher Haster 1:24750b9ad5ef 192 *
Christopher Haster 1:24750b9ad5ef 193 * AttributeValue ::= ANY DEFINED BY AttributeType
Christopher Haster 1:24750b9ad5ef 194 */
Christopher Haster 1:24750b9ad5ef 195 static int x509_write_name( unsigned char **p, unsigned char *start,
Christopher Haster 1:24750b9ad5ef 196 const char *oid, size_t oid_len,
Christopher Haster 1:24750b9ad5ef 197 const unsigned char *name, size_t name_len )
Christopher Haster 1:24750b9ad5ef 198 {
Christopher Haster 1:24750b9ad5ef 199 int ret;
Christopher Haster 1:24750b9ad5ef 200 size_t len = 0;
Christopher Haster 1:24750b9ad5ef 201
Christopher Haster 1:24750b9ad5ef 202 // Write PrintableString for all except MBEDTLS_OID_PKCS9_EMAIL
Christopher Haster 1:24750b9ad5ef 203 //
Christopher Haster 1:24750b9ad5ef 204 if( MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_EMAIL ) == oid_len &&
Christopher Haster 1:24750b9ad5ef 205 memcmp( oid, MBEDTLS_OID_PKCS9_EMAIL, oid_len ) == 0 )
Christopher Haster 1:24750b9ad5ef 206 {
Christopher Haster 1:24750b9ad5ef 207 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_ia5_string( p, start,
Christopher Haster 1:24750b9ad5ef 208 (const char *) name,
Christopher Haster 1:24750b9ad5ef 209 name_len ) );
Christopher Haster 1:24750b9ad5ef 210 }
Christopher Haster 1:24750b9ad5ef 211 else
Christopher Haster 1:24750b9ad5ef 212 {
Christopher Haster 1:24750b9ad5ef 213 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_printable_string( p, start,
Christopher Haster 1:24750b9ad5ef 214 (const char *) name,
Christopher Haster 1:24750b9ad5ef 215 name_len ) );
Christopher Haster 1:24750b9ad5ef 216 }
Christopher Haster 1:24750b9ad5ef 217
Christopher Haster 1:24750b9ad5ef 218 // Write OID
Christopher Haster 1:24750b9ad5ef 219 //
Christopher Haster 1:24750b9ad5ef 220 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
Christopher Haster 1:24750b9ad5ef 221
Christopher Haster 1:24750b9ad5ef 222 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
Christopher Haster 1:24750b9ad5ef 223 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
Christopher Haster 1:24750b9ad5ef 224 MBEDTLS_ASN1_SEQUENCE ) );
Christopher Haster 1:24750b9ad5ef 225
Christopher Haster 1:24750b9ad5ef 226 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
Christopher Haster 1:24750b9ad5ef 227 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
Christopher Haster 1:24750b9ad5ef 228 MBEDTLS_ASN1_SET ) );
Christopher Haster 1:24750b9ad5ef 229
Christopher Haster 1:24750b9ad5ef 230 return( (int) len );
Christopher Haster 1:24750b9ad5ef 231 }
Christopher Haster 1:24750b9ad5ef 232
Christopher Haster 1:24750b9ad5ef 233 int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
Christopher Haster 1:24750b9ad5ef 234 mbedtls_asn1_named_data *first )
Christopher Haster 1:24750b9ad5ef 235 {
Christopher Haster 1:24750b9ad5ef 236 int ret;
Christopher Haster 1:24750b9ad5ef 237 size_t len = 0;
Christopher Haster 1:24750b9ad5ef 238 mbedtls_asn1_named_data *cur = first;
Christopher Haster 1:24750b9ad5ef 239
Christopher Haster 1:24750b9ad5ef 240 while( cur != NULL )
Christopher Haster 1:24750b9ad5ef 241 {
Christopher Haster 1:24750b9ad5ef 242 MBEDTLS_ASN1_CHK_ADD( len, x509_write_name( p, start, (char *) cur->oid.p,
Christopher Haster 1:24750b9ad5ef 243 cur->oid.len,
Christopher Haster 1:24750b9ad5ef 244 cur->val.p, cur->val.len ) );
Christopher Haster 1:24750b9ad5ef 245 cur = cur->next;
Christopher Haster 1:24750b9ad5ef 246 }
Christopher Haster 1:24750b9ad5ef 247
Christopher Haster 1:24750b9ad5ef 248 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
Christopher Haster 1:24750b9ad5ef 249 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
Christopher Haster 1:24750b9ad5ef 250 MBEDTLS_ASN1_SEQUENCE ) );
Christopher Haster 1:24750b9ad5ef 251
Christopher Haster 1:24750b9ad5ef 252 return( (int) len );
Christopher Haster 1:24750b9ad5ef 253 }
Christopher Haster 1:24750b9ad5ef 254
Christopher Haster 1:24750b9ad5ef 255 int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
Christopher Haster 1:24750b9ad5ef 256 const char *oid, size_t oid_len,
Christopher Haster 1:24750b9ad5ef 257 unsigned char *sig, size_t size )
Christopher Haster 1:24750b9ad5ef 258 {
Christopher Haster 1:24750b9ad5ef 259 int ret;
Christopher Haster 1:24750b9ad5ef 260 size_t len = 0;
Christopher Haster 1:24750b9ad5ef 261
Christopher Haster 1:24750b9ad5ef 262 if( *p < start || (size_t)( *p - start ) < size )
Christopher Haster 1:24750b9ad5ef 263 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
Christopher Haster 1:24750b9ad5ef 264
Christopher Haster 1:24750b9ad5ef 265 len = size;
Christopher Haster 1:24750b9ad5ef 266 (*p) -= len;
Christopher Haster 1:24750b9ad5ef 267 memcpy( *p, sig, len );
Christopher Haster 1:24750b9ad5ef 268
Christopher Haster 1:24750b9ad5ef 269 if( *p - start < 1 )
Christopher Haster 1:24750b9ad5ef 270 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
Christopher Haster 1:24750b9ad5ef 271
Christopher Haster 1:24750b9ad5ef 272 *--(*p) = 0;
Christopher Haster 1:24750b9ad5ef 273 len += 1;
Christopher Haster 1:24750b9ad5ef 274
Christopher Haster 1:24750b9ad5ef 275 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
Christopher Haster 1:24750b9ad5ef 276 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
Christopher Haster 1:24750b9ad5ef 277
Christopher Haster 1:24750b9ad5ef 278 // Write OID
Christopher Haster 1:24750b9ad5ef 279 //
Christopher Haster 1:24750b9ad5ef 280 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( p, start, oid,
Christopher Haster 1:24750b9ad5ef 281 oid_len, 0 ) );
Christopher Haster 1:24750b9ad5ef 282
Christopher Haster 1:24750b9ad5ef 283 return( (int) len );
Christopher Haster 1:24750b9ad5ef 284 }
Christopher Haster 1:24750b9ad5ef 285
Christopher Haster 1:24750b9ad5ef 286 static int x509_write_extension( unsigned char **p, unsigned char *start,
Christopher Haster 1:24750b9ad5ef 287 mbedtls_asn1_named_data *ext )
Christopher Haster 1:24750b9ad5ef 288 {
Christopher Haster 1:24750b9ad5ef 289 int ret;
Christopher Haster 1:24750b9ad5ef 290 size_t len = 0;
Christopher Haster 1:24750b9ad5ef 291
Christopher Haster 1:24750b9ad5ef 292 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->val.p + 1,
Christopher Haster 1:24750b9ad5ef 293 ext->val.len - 1 ) );
Christopher Haster 1:24750b9ad5ef 294 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->val.len - 1 ) );
Christopher Haster 1:24750b9ad5ef 295 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) );
Christopher Haster 1:24750b9ad5ef 296
Christopher Haster 1:24750b9ad5ef 297 if( ext->val.p[0] != 0 )
Christopher Haster 1:24750b9ad5ef 298 {
Christopher Haster 1:24750b9ad5ef 299 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_bool( p, start, 1 ) );
Christopher Haster 1:24750b9ad5ef 300 }
Christopher Haster 1:24750b9ad5ef 301
Christopher Haster 1:24750b9ad5ef 302 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->oid.p,
Christopher Haster 1:24750b9ad5ef 303 ext->oid.len ) );
Christopher Haster 1:24750b9ad5ef 304 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, ext->oid.len ) );
Christopher Haster 1:24750b9ad5ef 305 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) );
Christopher Haster 1:24750b9ad5ef 306
Christopher Haster 1:24750b9ad5ef 307 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
Christopher Haster 1:24750b9ad5ef 308 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
Christopher Haster 1:24750b9ad5ef 309 MBEDTLS_ASN1_SEQUENCE ) );
Christopher Haster 1:24750b9ad5ef 310
Christopher Haster 1:24750b9ad5ef 311 return( (int) len );
Christopher Haster 1:24750b9ad5ef 312 }
Christopher Haster 1:24750b9ad5ef 313
Christopher Haster 1:24750b9ad5ef 314 /*
Christopher Haster 1:24750b9ad5ef 315 * Extension ::= SEQUENCE {
Christopher Haster 1:24750b9ad5ef 316 * extnID OBJECT IDENTIFIER,
Christopher Haster 1:24750b9ad5ef 317 * critical BOOLEAN DEFAULT FALSE,
Christopher Haster 1:24750b9ad5ef 318 * extnValue OCTET STRING
Christopher Haster 1:24750b9ad5ef 319 * -- contains the DER encoding of an ASN.1 value
Christopher Haster 1:24750b9ad5ef 320 * -- corresponding to the extension type identified
Christopher Haster 1:24750b9ad5ef 321 * -- by extnID
Christopher Haster 1:24750b9ad5ef 322 * }
Christopher Haster 1:24750b9ad5ef 323 */
Christopher Haster 1:24750b9ad5ef 324 int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
Christopher Haster 1:24750b9ad5ef 325 mbedtls_asn1_named_data *first )
Christopher Haster 1:24750b9ad5ef 326 {
Christopher Haster 1:24750b9ad5ef 327 int ret;
Christopher Haster 1:24750b9ad5ef 328 size_t len = 0;
Christopher Haster 1:24750b9ad5ef 329 mbedtls_asn1_named_data *cur_ext = first;
Christopher Haster 1:24750b9ad5ef 330
Christopher Haster 1:24750b9ad5ef 331 while( cur_ext != NULL )
Christopher Haster 1:24750b9ad5ef 332 {
Christopher Haster 1:24750b9ad5ef 333 MBEDTLS_ASN1_CHK_ADD( len, x509_write_extension( p, start, cur_ext ) );
Christopher Haster 1:24750b9ad5ef 334 cur_ext = cur_ext->next;
Christopher Haster 1:24750b9ad5ef 335 }
Christopher Haster 1:24750b9ad5ef 336
Christopher Haster 1:24750b9ad5ef 337 return( (int) len );
Christopher Haster 1:24750b9ad5ef 338 }
Christopher Haster 1:24750b9ad5ef 339
Christopher Haster 1:24750b9ad5ef 340 #endif /* MBEDTLS_X509_CREATE_C */