sandbox / mbedtls

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Fork of mbedtls by Christopher Haster

source/x509_csr.c@1:24750b9ad5ef, 2016-01-22 (annotated)

Committer:
Christopher Haster
Date:
Fri Jan 22 16:44:49 2016 -0600
Revision:
1:24750b9ad5ef
Initial move of mbedtls to mercurial

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Christopher Haster 1:24750b9ad5ef 1 /*
Christopher Haster 1:24750b9ad5ef 2 * X.509 Certificate Signing Request (CSR) parsing
Christopher Haster 1:24750b9ad5ef 3 *
Christopher Haster 1:24750b9ad5ef 4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Christopher Haster 1:24750b9ad5ef 5 * SPDX-License-Identifier: Apache-2.0
Christopher Haster 1:24750b9ad5ef 6 *
Christopher Haster 1:24750b9ad5ef 7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
Christopher Haster 1:24750b9ad5ef 8 * not use this file except in compliance with the License.
Christopher Haster 1:24750b9ad5ef 9 * You may obtain a copy of the License at
Christopher Haster 1:24750b9ad5ef 10 *
Christopher Haster 1:24750b9ad5ef 11 * http://www.apache.org/licenses/LICENSE-2.0
Christopher Haster 1:24750b9ad5ef 12 *
Christopher Haster 1:24750b9ad5ef 13 * Unless required by applicable law or agreed to in writing, software
Christopher Haster 1:24750b9ad5ef 14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
Christopher Haster 1:24750b9ad5ef 15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Christopher Haster 1:24750b9ad5ef 16 * See the License for the specific language governing permissions and
Christopher Haster 1:24750b9ad5ef 17 * limitations under the License.
Christopher Haster 1:24750b9ad5ef 18 *
Christopher Haster 1:24750b9ad5ef 19 * This file is part of mbed TLS (https://tls.mbed.org)
Christopher Haster 1:24750b9ad5ef 20 */
Christopher Haster 1:24750b9ad5ef 21 /*
Christopher Haster 1:24750b9ad5ef 22 * The ITU-T X.509 standard defines a certificate format for PKI.
Christopher Haster 1:24750b9ad5ef 23 *
Christopher Haster 1:24750b9ad5ef 24 * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
Christopher Haster 1:24750b9ad5ef 25 * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
Christopher Haster 1:24750b9ad5ef 26 * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
Christopher Haster 1:24750b9ad5ef 27 *
Christopher Haster 1:24750b9ad5ef 28 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
Christopher Haster 1:24750b9ad5ef 29 * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
Christopher Haster 1:24750b9ad5ef 30 */
Christopher Haster 1:24750b9ad5ef 31
Christopher Haster 1:24750b9ad5ef 32 #if !defined(MBEDTLS_CONFIG_FILE)
Christopher Haster 1:24750b9ad5ef 33 #include "mbedtls/config.h"
Christopher Haster 1:24750b9ad5ef 34 #else
Christopher Haster 1:24750b9ad5ef 35 #include MBEDTLS_CONFIG_FILE
Christopher Haster 1:24750b9ad5ef 36 #endif
Christopher Haster 1:24750b9ad5ef 37
Christopher Haster 1:24750b9ad5ef 38 #if defined(MBEDTLS_X509_CSR_PARSE_C)
Christopher Haster 1:24750b9ad5ef 39
Christopher Haster 1:24750b9ad5ef 40 #include "mbedtls/x509_csr.h"
Christopher Haster 1:24750b9ad5ef 41 #include "mbedtls/oid.h"
Christopher Haster 1:24750b9ad5ef 42
Christopher Haster 1:24750b9ad5ef 43 #include <string.h>
Christopher Haster 1:24750b9ad5ef 44
Christopher Haster 1:24750b9ad5ef 45 #if defined(MBEDTLS_PEM_PARSE_C)
Christopher Haster 1:24750b9ad5ef 46 #include "mbedtls/pem.h"
Christopher Haster 1:24750b9ad5ef 47 #endif
Christopher Haster 1:24750b9ad5ef 48
Christopher Haster 1:24750b9ad5ef 49 #if defined(MBEDTLS_PLATFORM_C)
Christopher Haster 1:24750b9ad5ef 50 #include "mbedtls/platform.h"
Christopher Haster 1:24750b9ad5ef 51 #else
Christopher Haster 1:24750b9ad5ef 52 #include <stdlib.h>
Christopher Haster 1:24750b9ad5ef 53 #include <stdio.h>
Christopher Haster 1:24750b9ad5ef 54 #define mbedtls_free free
Christopher Haster 1:24750b9ad5ef 55 #define mbedtls_calloc calloc
Christopher Haster 1:24750b9ad5ef 56 #define mbedtls_snprintf snprintf
Christopher Haster 1:24750b9ad5ef 57 #endif
Christopher Haster 1:24750b9ad5ef 58
Christopher Haster 1:24750b9ad5ef 59 #if defined(MBEDTLS_FS_IO) || defined(EFIX64) || defined(EFI32)
Christopher Haster 1:24750b9ad5ef 60 #include <stdio.h>
Christopher Haster 1:24750b9ad5ef 61 #endif
Christopher Haster 1:24750b9ad5ef 62
Christopher Haster 1:24750b9ad5ef 63 /* Implementation that should never be optimized out by the compiler */
Christopher Haster 1:24750b9ad5ef 64 static void mbedtls_zeroize( void *v, size_t n ) {
Christopher Haster 1:24750b9ad5ef 65 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
Christopher Haster 1:24750b9ad5ef 66 }
Christopher Haster 1:24750b9ad5ef 67
Christopher Haster 1:24750b9ad5ef 68 /*
Christopher Haster 1:24750b9ad5ef 69 * Version ::= INTEGER { v1(0) }
Christopher Haster 1:24750b9ad5ef 70 */
Christopher Haster 1:24750b9ad5ef 71 static int x509_csr_get_version( unsigned char **p,
Christopher Haster 1:24750b9ad5ef 72 const unsigned char *end,
Christopher Haster 1:24750b9ad5ef 73 int *ver )
Christopher Haster 1:24750b9ad5ef 74 {
Christopher Haster 1:24750b9ad5ef 75 int ret;
Christopher Haster 1:24750b9ad5ef 76
Christopher Haster 1:24750b9ad5ef 77 if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 78 {
Christopher Haster 1:24750b9ad5ef 79 if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
Christopher Haster 1:24750b9ad5ef 80 {
Christopher Haster 1:24750b9ad5ef 81 *ver = 0;
Christopher Haster 1:24750b9ad5ef 82 return( 0 );
Christopher Haster 1:24750b9ad5ef 83 }
Christopher Haster 1:24750b9ad5ef 84
Christopher Haster 1:24750b9ad5ef 85 return( MBEDTLS_ERR_X509_INVALID_VERSION + ret );
Christopher Haster 1:24750b9ad5ef 86 }
Christopher Haster 1:24750b9ad5ef 87
Christopher Haster 1:24750b9ad5ef 88 return( 0 );
Christopher Haster 1:24750b9ad5ef 89 }
Christopher Haster 1:24750b9ad5ef 90
Christopher Haster 1:24750b9ad5ef 91 /*
Christopher Haster 1:24750b9ad5ef 92 * Parse a CSR in DER format
Christopher Haster 1:24750b9ad5ef 93 */
Christopher Haster 1:24750b9ad5ef 94 int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
Christopher Haster 1:24750b9ad5ef 95 const unsigned char *buf, size_t buflen )
Christopher Haster 1:24750b9ad5ef 96 {
Christopher Haster 1:24750b9ad5ef 97 int ret;
Christopher Haster 1:24750b9ad5ef 98 size_t len;
Christopher Haster 1:24750b9ad5ef 99 unsigned char *p, *end;
Christopher Haster 1:24750b9ad5ef 100 mbedtls_x509_buf sig_params;
Christopher Haster 1:24750b9ad5ef 101
Christopher Haster 1:24750b9ad5ef 102 memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) );
Christopher Haster 1:24750b9ad5ef 103
Christopher Haster 1:24750b9ad5ef 104 /*
Christopher Haster 1:24750b9ad5ef 105 * Check for valid input
Christopher Haster 1:24750b9ad5ef 106 */
Christopher Haster 1:24750b9ad5ef 107 if( csr == NULL || buf == NULL )
Christopher Haster 1:24750b9ad5ef 108 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 109
Christopher Haster 1:24750b9ad5ef 110 mbedtls_x509_csr_init( csr );
Christopher Haster 1:24750b9ad5ef 111
Christopher Haster 1:24750b9ad5ef 112 /*
Christopher Haster 1:24750b9ad5ef 113 * first copy the raw DER data
Christopher Haster 1:24750b9ad5ef 114 */
Christopher Haster 1:24750b9ad5ef 115 p = mbedtls_calloc( 1, len = buflen );
Christopher Haster 1:24750b9ad5ef 116
Christopher Haster 1:24750b9ad5ef 117 if( p == NULL )
Christopher Haster 1:24750b9ad5ef 118 return( MBEDTLS_ERR_X509_ALLOC_FAILED );
Christopher Haster 1:24750b9ad5ef 119
Christopher Haster 1:24750b9ad5ef 120 memcpy( p, buf, buflen );
Christopher Haster 1:24750b9ad5ef 121
Christopher Haster 1:24750b9ad5ef 122 csr->raw.p = p;
Christopher Haster 1:24750b9ad5ef 123 csr->raw.len = len;
Christopher Haster 1:24750b9ad5ef 124 end = p + len;
Christopher Haster 1:24750b9ad5ef 125
Christopher Haster 1:24750b9ad5ef 126 /*
Christopher Haster 1:24750b9ad5ef 127 * CertificationRequest ::= SEQUENCE {
Christopher Haster 1:24750b9ad5ef 128 * certificationRequestInfo CertificationRequestInfo,
Christopher Haster 1:24750b9ad5ef 129 * signatureAlgorithm AlgorithmIdentifier,
Christopher Haster 1:24750b9ad5ef 130 * signature BIT STRING
Christopher Haster 1:24750b9ad5ef 131 * }
Christopher Haster 1:24750b9ad5ef 132 */
Christopher Haster 1:24750b9ad5ef 133 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
Christopher Haster 1:24750b9ad5ef 134 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 135 {
Christopher Haster 1:24750b9ad5ef 136 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 137 return( MBEDTLS_ERR_X509_INVALID_FORMAT );
Christopher Haster 1:24750b9ad5ef 138 }
Christopher Haster 1:24750b9ad5ef 139
Christopher Haster 1:24750b9ad5ef 140 if( len != (size_t) ( end - p ) )
Christopher Haster 1:24750b9ad5ef 141 {
Christopher Haster 1:24750b9ad5ef 142 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 143 return( MBEDTLS_ERR_X509_INVALID_FORMAT +
Christopher Haster 1:24750b9ad5ef 144 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Christopher Haster 1:24750b9ad5ef 145 }
Christopher Haster 1:24750b9ad5ef 146
Christopher Haster 1:24750b9ad5ef 147 /*
Christopher Haster 1:24750b9ad5ef 148 * CertificationRequestInfo ::= SEQUENCE {
Christopher Haster 1:24750b9ad5ef 149 */
Christopher Haster 1:24750b9ad5ef 150 csr->cri.p = p;
Christopher Haster 1:24750b9ad5ef 151
Christopher Haster 1:24750b9ad5ef 152 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
Christopher Haster 1:24750b9ad5ef 153 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 154 {
Christopher Haster 1:24750b9ad5ef 155 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 156 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
Christopher Haster 1:24750b9ad5ef 157 }
Christopher Haster 1:24750b9ad5ef 158
Christopher Haster 1:24750b9ad5ef 159 end = p + len;
Christopher Haster 1:24750b9ad5ef 160 csr->cri.len = end - csr->cri.p;
Christopher Haster 1:24750b9ad5ef 161
Christopher Haster 1:24750b9ad5ef 162 /*
Christopher Haster 1:24750b9ad5ef 163 * Version ::= INTEGER { v1(0) }
Christopher Haster 1:24750b9ad5ef 164 */
Christopher Haster 1:24750b9ad5ef 165 if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 166 {
Christopher Haster 1:24750b9ad5ef 167 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 168 return( ret );
Christopher Haster 1:24750b9ad5ef 169 }
Christopher Haster 1:24750b9ad5ef 170
Christopher Haster 1:24750b9ad5ef 171 csr->version++;
Christopher Haster 1:24750b9ad5ef 172
Christopher Haster 1:24750b9ad5ef 173 if( csr->version != 1 )
Christopher Haster 1:24750b9ad5ef 174 {
Christopher Haster 1:24750b9ad5ef 175 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 176 return( MBEDTLS_ERR_X509_UNKNOWN_VERSION );
Christopher Haster 1:24750b9ad5ef 177 }
Christopher Haster 1:24750b9ad5ef 178
Christopher Haster 1:24750b9ad5ef 179 /*
Christopher Haster 1:24750b9ad5ef 180 * subject Name
Christopher Haster 1:24750b9ad5ef 181 */
Christopher Haster 1:24750b9ad5ef 182 csr->subject_raw.p = p;
Christopher Haster 1:24750b9ad5ef 183
Christopher Haster 1:24750b9ad5ef 184 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
Christopher Haster 1:24750b9ad5ef 185 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 186 {
Christopher Haster 1:24750b9ad5ef 187 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 188 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
Christopher Haster 1:24750b9ad5ef 189 }
Christopher Haster 1:24750b9ad5ef 190
Christopher Haster 1:24750b9ad5ef 191 if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 192 {
Christopher Haster 1:24750b9ad5ef 193 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 194 return( ret );
Christopher Haster 1:24750b9ad5ef 195 }
Christopher Haster 1:24750b9ad5ef 196
Christopher Haster 1:24750b9ad5ef 197 csr->subject_raw.len = p - csr->subject_raw.p;
Christopher Haster 1:24750b9ad5ef 198
Christopher Haster 1:24750b9ad5ef 199 /*
Christopher Haster 1:24750b9ad5ef 200 * subjectPKInfo SubjectPublicKeyInfo
Christopher Haster 1:24750b9ad5ef 201 */
Christopher Haster 1:24750b9ad5ef 202 if( ( ret = mbedtls_pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 203 {
Christopher Haster 1:24750b9ad5ef 204 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 205 return( ret );
Christopher Haster 1:24750b9ad5ef 206 }
Christopher Haster 1:24750b9ad5ef 207
Christopher Haster 1:24750b9ad5ef 208 /*
Christopher Haster 1:24750b9ad5ef 209 * attributes [0] Attributes
Christopher Haster 1:24750b9ad5ef 210 */
Christopher Haster 1:24750b9ad5ef 211 if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
Christopher Haster 1:24750b9ad5ef 212 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 213 {
Christopher Haster 1:24750b9ad5ef 214 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 215 return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret );
Christopher Haster 1:24750b9ad5ef 216 }
Christopher Haster 1:24750b9ad5ef 217 // TODO Parse Attributes / extension requests
Christopher Haster 1:24750b9ad5ef 218
Christopher Haster 1:24750b9ad5ef 219 p += len;
Christopher Haster 1:24750b9ad5ef 220
Christopher Haster 1:24750b9ad5ef 221 end = csr->raw.p + csr->raw.len;
Christopher Haster 1:24750b9ad5ef 222
Christopher Haster 1:24750b9ad5ef 223 /*
Christopher Haster 1:24750b9ad5ef 224 * signatureAlgorithm AlgorithmIdentifier,
Christopher Haster 1:24750b9ad5ef 225 * signature BIT STRING
Christopher Haster 1:24750b9ad5ef 226 */
Christopher Haster 1:24750b9ad5ef 227 if( ( ret = mbedtls_x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 228 {
Christopher Haster 1:24750b9ad5ef 229 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 230 return( ret );
Christopher Haster 1:24750b9ad5ef 231 }
Christopher Haster 1:24750b9ad5ef 232
Christopher Haster 1:24750b9ad5ef 233 if( ( ret = mbedtls_x509_get_sig_alg( &csr->sig_oid, &sig_params,
Christopher Haster 1:24750b9ad5ef 234 &csr->sig_md, &csr->sig_pk,
Christopher Haster 1:24750b9ad5ef 235 &csr->sig_opts ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 236 {
Christopher Haster 1:24750b9ad5ef 237 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 238 return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG );
Christopher Haster 1:24750b9ad5ef 239 }
Christopher Haster 1:24750b9ad5ef 240
Christopher Haster 1:24750b9ad5ef 241 if( ( ret = mbedtls_x509_get_sig( &p, end, &csr->sig ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 242 {
Christopher Haster 1:24750b9ad5ef 243 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 244 return( ret );
Christopher Haster 1:24750b9ad5ef 245 }
Christopher Haster 1:24750b9ad5ef 246
Christopher Haster 1:24750b9ad5ef 247 if( p != end )
Christopher Haster 1:24750b9ad5ef 248 {
Christopher Haster 1:24750b9ad5ef 249 mbedtls_x509_csr_free( csr );
Christopher Haster 1:24750b9ad5ef 250 return( MBEDTLS_ERR_X509_INVALID_FORMAT +
Christopher Haster 1:24750b9ad5ef 251 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
Christopher Haster 1:24750b9ad5ef 252 }
Christopher Haster 1:24750b9ad5ef 253
Christopher Haster 1:24750b9ad5ef 254 return( 0 );
Christopher Haster 1:24750b9ad5ef 255 }
Christopher Haster 1:24750b9ad5ef 256
Christopher Haster 1:24750b9ad5ef 257 /*
Christopher Haster 1:24750b9ad5ef 258 * Parse a CSR, allowing for PEM or raw DER encoding
Christopher Haster 1:24750b9ad5ef 259 */
Christopher Haster 1:24750b9ad5ef 260 int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen )
Christopher Haster 1:24750b9ad5ef 261 {
Christopher Haster 1:24750b9ad5ef 262 int ret;
Christopher Haster 1:24750b9ad5ef 263 #if defined(MBEDTLS_PEM_PARSE_C)
Christopher Haster 1:24750b9ad5ef 264 size_t use_len;
Christopher Haster 1:24750b9ad5ef 265 mbedtls_pem_context pem;
Christopher Haster 1:24750b9ad5ef 266 #endif
Christopher Haster 1:24750b9ad5ef 267
Christopher Haster 1:24750b9ad5ef 268 /*
Christopher Haster 1:24750b9ad5ef 269 * Check for valid input
Christopher Haster 1:24750b9ad5ef 270 */
Christopher Haster 1:24750b9ad5ef 271 if( csr == NULL || buf == NULL )
Christopher Haster 1:24750b9ad5ef 272 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
Christopher Haster 1:24750b9ad5ef 273
Christopher Haster 1:24750b9ad5ef 274 #if defined(MBEDTLS_PEM_PARSE_C)
Christopher Haster 1:24750b9ad5ef 275 mbedtls_pem_init( &pem );
Christopher Haster 1:24750b9ad5ef 276
Christopher Haster 1:24750b9ad5ef 277 /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
Christopher Haster 1:24750b9ad5ef 278 if( buflen == 0 || buf[buflen - 1] != '\0' )
Christopher Haster 1:24750b9ad5ef 279 ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
Christopher Haster 1:24750b9ad5ef 280 else
Christopher Haster 1:24750b9ad5ef 281 ret = mbedtls_pem_read_buffer( &pem,
Christopher Haster 1:24750b9ad5ef 282 "-----BEGIN CERTIFICATE REQUEST-----",
Christopher Haster 1:24750b9ad5ef 283 "-----END CERTIFICATE REQUEST-----",
Christopher Haster 1:24750b9ad5ef 284 buf, NULL, 0, &use_len );
Christopher Haster 1:24750b9ad5ef 285
Christopher Haster 1:24750b9ad5ef 286 if( ret == 0 )
Christopher Haster 1:24750b9ad5ef 287 {
Christopher Haster 1:24750b9ad5ef 288 /*
Christopher Haster 1:24750b9ad5ef 289 * Was PEM encoded, parse the result
Christopher Haster 1:24750b9ad5ef 290 */
Christopher Haster 1:24750b9ad5ef 291 if( ( ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 292 return( ret );
Christopher Haster 1:24750b9ad5ef 293
Christopher Haster 1:24750b9ad5ef 294 mbedtls_pem_free( &pem );
Christopher Haster 1:24750b9ad5ef 295 return( 0 );
Christopher Haster 1:24750b9ad5ef 296 }
Christopher Haster 1:24750b9ad5ef 297 else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
Christopher Haster 1:24750b9ad5ef 298 {
Christopher Haster 1:24750b9ad5ef 299 mbedtls_pem_free( &pem );
Christopher Haster 1:24750b9ad5ef 300 return( ret );
Christopher Haster 1:24750b9ad5ef 301 }
Christopher Haster 1:24750b9ad5ef 302 else
Christopher Haster 1:24750b9ad5ef 303 #endif /* MBEDTLS_PEM_PARSE_C */
Christopher Haster 1:24750b9ad5ef 304 return( mbedtls_x509_csr_parse_der( csr, buf, buflen ) );
Christopher Haster 1:24750b9ad5ef 305 }
Christopher Haster 1:24750b9ad5ef 306
Christopher Haster 1:24750b9ad5ef 307 #if defined(MBEDTLS_FS_IO)
Christopher Haster 1:24750b9ad5ef 308 /*
Christopher Haster 1:24750b9ad5ef 309 * Load a CSR into the structure
Christopher Haster 1:24750b9ad5ef 310 */
Christopher Haster 1:24750b9ad5ef 311 int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path )
Christopher Haster 1:24750b9ad5ef 312 {
Christopher Haster 1:24750b9ad5ef 313 int ret;
Christopher Haster 1:24750b9ad5ef 314 size_t n;
Christopher Haster 1:24750b9ad5ef 315 unsigned char *buf;
Christopher Haster 1:24750b9ad5ef 316
Christopher Haster 1:24750b9ad5ef 317 if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 318 return( ret );
Christopher Haster 1:24750b9ad5ef 319
Christopher Haster 1:24750b9ad5ef 320 ret = mbedtls_x509_csr_parse( csr, buf, n );
Christopher Haster 1:24750b9ad5ef 321
Christopher Haster 1:24750b9ad5ef 322 mbedtls_zeroize( buf, n );
Christopher Haster 1:24750b9ad5ef 323 mbedtls_free( buf );
Christopher Haster 1:24750b9ad5ef 324
Christopher Haster 1:24750b9ad5ef 325 return( ret );
Christopher Haster 1:24750b9ad5ef 326 }
Christopher Haster 1:24750b9ad5ef 327 #endif /* MBEDTLS_FS_IO */
Christopher Haster 1:24750b9ad5ef 328
Christopher Haster 1:24750b9ad5ef 329 #define BEFORE_COLON 14
Christopher Haster 1:24750b9ad5ef 330 #define BC "14"
Christopher Haster 1:24750b9ad5ef 331 /*
Christopher Haster 1:24750b9ad5ef 332 * Return an informational string about the CSR.
Christopher Haster 1:24750b9ad5ef 333 */
Christopher Haster 1:24750b9ad5ef 334 int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
Christopher Haster 1:24750b9ad5ef 335 const mbedtls_x509_csr *csr )
Christopher Haster 1:24750b9ad5ef 336 {
Christopher Haster 1:24750b9ad5ef 337 int ret;
Christopher Haster 1:24750b9ad5ef 338 size_t n;
Christopher Haster 1:24750b9ad5ef 339 char *p;
Christopher Haster 1:24750b9ad5ef 340 char key_size_str[BEFORE_COLON];
Christopher Haster 1:24750b9ad5ef 341
Christopher Haster 1:24750b9ad5ef 342 p = buf;
Christopher Haster 1:24750b9ad5ef 343 n = size;
Christopher Haster 1:24750b9ad5ef 344
Christopher Haster 1:24750b9ad5ef 345 ret = mbedtls_snprintf( p, n, "%sCSR version : %d",
Christopher Haster 1:24750b9ad5ef 346 prefix, csr->version );
Christopher Haster 1:24750b9ad5ef 347 MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster 1:24750b9ad5ef 348
Christopher Haster 1:24750b9ad5ef 349 ret = mbedtls_snprintf( p, n, "\n%ssubject name : ", prefix );
Christopher Haster 1:24750b9ad5ef 350 MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster 1:24750b9ad5ef 351 ret = mbedtls_x509_dn_gets( p, n, &csr->subject );
Christopher Haster 1:24750b9ad5ef 352 MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster 1:24750b9ad5ef 353
Christopher Haster 1:24750b9ad5ef 354 ret = mbedtls_snprintf( p, n, "\n%ssigned using : ", prefix );
Christopher Haster 1:24750b9ad5ef 355 MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster 1:24750b9ad5ef 356
Christopher Haster 1:24750b9ad5ef 357 ret = mbedtls_x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, csr->sig_md,
Christopher Haster 1:24750b9ad5ef 358 csr->sig_opts );
Christopher Haster 1:24750b9ad5ef 359 MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster 1:24750b9ad5ef 360
Christopher Haster 1:24750b9ad5ef 361 if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON,
Christopher Haster 1:24750b9ad5ef 362 mbedtls_pk_get_name( &csr->pk ) ) ) != 0 )
Christopher Haster 1:24750b9ad5ef 363 {
Christopher Haster 1:24750b9ad5ef 364 return( ret );
Christopher Haster 1:24750b9ad5ef 365 }
Christopher Haster 1:24750b9ad5ef 366
Christopher Haster 1:24750b9ad5ef 367 ret = mbedtls_snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
Christopher Haster 1:24750b9ad5ef 368 (int) mbedtls_pk_get_bitlen( &csr->pk ) );
Christopher Haster 1:24750b9ad5ef 369 MBEDTLS_X509_SAFE_SNPRINTF;
Christopher Haster 1:24750b9ad5ef 370
Christopher Haster 1:24750b9ad5ef 371 return( (int) ( size - n ) );
Christopher Haster 1:24750b9ad5ef 372 }
Christopher Haster 1:24750b9ad5ef 373
Christopher Haster 1:24750b9ad5ef 374 /*
Christopher Haster 1:24750b9ad5ef 375 * Initialize a CSR
Christopher Haster 1:24750b9ad5ef 376 */
Christopher Haster 1:24750b9ad5ef 377 void mbedtls_x509_csr_init( mbedtls_x509_csr *csr )
Christopher Haster 1:24750b9ad5ef 378 {
Christopher Haster 1:24750b9ad5ef 379 memset( csr, 0, sizeof(mbedtls_x509_csr) );
Christopher Haster 1:24750b9ad5ef 380 }
Christopher Haster 1:24750b9ad5ef 381
Christopher Haster 1:24750b9ad5ef 382 /*
Christopher Haster 1:24750b9ad5ef 383 * Unallocate all CSR data
Christopher Haster 1:24750b9ad5ef 384 */
Christopher Haster 1:24750b9ad5ef 385 void mbedtls_x509_csr_free( mbedtls_x509_csr *csr )
Christopher Haster 1:24750b9ad5ef 386 {
Christopher Haster 1:24750b9ad5ef 387 mbedtls_x509_name *name_cur;
Christopher Haster 1:24750b9ad5ef 388 mbedtls_x509_name *name_prv;
Christopher Haster 1:24750b9ad5ef 389
Christopher Haster 1:24750b9ad5ef 390 if( csr == NULL )
Christopher Haster 1:24750b9ad5ef 391 return;
Christopher Haster 1:24750b9ad5ef 392
Christopher Haster 1:24750b9ad5ef 393 mbedtls_pk_free( &csr->pk );
Christopher Haster 1:24750b9ad5ef 394
Christopher Haster 1:24750b9ad5ef 395 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
Christopher Haster 1:24750b9ad5ef 396 mbedtls_free( csr->sig_opts );
Christopher Haster 1:24750b9ad5ef 397 #endif
Christopher Haster 1:24750b9ad5ef 398
Christopher Haster 1:24750b9ad5ef 399 name_cur = csr->subject.next;
Christopher Haster 1:24750b9ad5ef 400 while( name_cur != NULL )
Christopher Haster 1:24750b9ad5ef 401 {
Christopher Haster 1:24750b9ad5ef 402 name_prv = name_cur;
Christopher Haster 1:24750b9ad5ef 403 name_cur = name_cur->next;
Christopher Haster 1:24750b9ad5ef 404 mbedtls_zeroize( name_prv, sizeof( mbedtls_x509_name ) );
Christopher Haster 1:24750b9ad5ef 405 mbedtls_free( name_prv );
Christopher Haster 1:24750b9ad5ef 406 }
Christopher Haster 1:24750b9ad5ef 407
Christopher Haster 1:24750b9ad5ef 408 if( csr->raw.p != NULL )
Christopher Haster 1:24750b9ad5ef 409 {
Christopher Haster 1:24750b9ad5ef 410 mbedtls_zeroize( csr->raw.p, csr->raw.len );
Christopher Haster 1:24750b9ad5ef 411 mbedtls_free( csr->raw.p );
Christopher Haster 1:24750b9ad5ef 412 }
Christopher Haster 1:24750b9ad5ef 413
Christopher Haster 1:24750b9ad5ef 414 mbedtls_zeroize( csr, sizeof( mbedtls_x509_csr ) );
Christopher Haster 1:24750b9ad5ef 415 }
Christopher Haster 1:24750b9ad5ef 416
Christopher Haster 1:24750b9ad5ef 417 #endif /* MBEDTLS_X509_CSR_PARSE_C */