Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
Embed:
(wiki syntax)
Show/hide line numbers
x509_create.c
00001 /* 00002 * X.509 base functions for creating certificates / CSRs 00003 * 00004 * Copyright (C) 2006-2013, Brainspark B.V. 00005 * 00006 * This file is part of PolarSSL (http://www.polarssl.org) 00007 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00008 * 00009 * All rights reserved. 00010 * 00011 * This program is free software; you can redistribute it and/or modify 00012 * it under the terms of the GNU General Public License as published by 00013 * the Free Software Foundation; either version 2 of the License, or 00014 * (at your option) any later version. 00015 * 00016 * This program is distributed in the hope that it will be useful, 00017 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00018 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00019 * GNU General Public License for more details. 00020 * 00021 * You should have received a copy of the GNU General Public License along 00022 * with this program; if not, write to the Free Software Foundation, Inc., 00023 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00024 */ 00025 00026 #if !defined(POLARSSL_CONFIG_FILE) 00027 #include "polarssl/config.h" 00028 #else 00029 #include POLARSSL_CONFIG_FILE 00030 #endif 00031 00032 #if defined(POLARSSL_X509_CREATE_C) 00033 00034 #include "polarssl/x509.h" 00035 #include "polarssl/asn1write.h" 00036 #include "polarssl/oid.h" 00037 00038 #if defined(_MSC_VER) && !defined strncasecmp && !defined(EFIX64) && \ 00039 !defined(EFI32) 00040 #define strncasecmp _strnicmp 00041 #endif 00042 00043 int x509_string_to_names( asn1_named_data **head, const char *name ) 00044 { 00045 int ret = 0; 00046 const char *s = name, *c = s; 00047 const char *end = s + strlen( s ); 00048 const char *oid = NULL; 00049 int in_tag = 1; 00050 00051 /* Clear existing chain if present */ 00052 asn1_free_named_data_list( head ); 00053 00054 while( c <= end ) 00055 { 00056 if( in_tag && *c == '=' ) 00057 { 00058 if( c - s == 2 && strncasecmp( s, "CN", 2 ) == 0 ) 00059 oid = OID_AT_CN; 00060 else if( c - s == 10 && strncasecmp( s, "commonName", 10 ) == 0 ) 00061 oid = OID_AT_CN; 00062 else if( c - s == 1 && strncasecmp( s, "C", 1 ) == 0 ) 00063 oid = OID_AT_COUNTRY; 00064 else if( c - s == 11 && strncasecmp( s, "countryName", 11 ) == 0 ) 00065 oid = OID_AT_COUNTRY; 00066 else if( c - s == 1 && strncasecmp( s, "O", 1 ) == 0 ) 00067 oid = OID_AT_ORGANIZATION; 00068 else if( c - s == 16 && 00069 strncasecmp( s, "organizationName", 16 ) == 0 ) 00070 oid = OID_AT_ORGANIZATION; 00071 else if( c - s == 1 && strncasecmp( s, "L", 1 ) == 0 ) 00072 oid = OID_AT_LOCALITY; 00073 else if( c - s == 8 && strncasecmp( s, "locality", 8 ) == 0 ) 00074 oid = OID_AT_LOCALITY; 00075 else if( c - s == 1 && strncasecmp( s, "R", 1 ) == 0 ) 00076 oid = OID_PKCS9_EMAIL; 00077 else if( c - s == 2 && strncasecmp( s, "OU", 2 ) == 0 ) 00078 oid = OID_AT_ORG_UNIT; 00079 else if( c - s == 22 && 00080 strncasecmp( s, "organizationalUnitName", 22 ) == 0 ) 00081 oid = OID_AT_ORG_UNIT; 00082 else if( c - s == 2 && strncasecmp( s, "ST", 2 ) == 0 ) 00083 oid = OID_AT_STATE; 00084 else if( c - s == 19 && 00085 strncasecmp( s, "stateOrProvinceName", 19 ) == 0 ) 00086 oid = OID_AT_STATE; 00087 else if( c - s == 12 && strncasecmp( s, "emailAddress", 12 ) == 0 ) 00088 oid = OID_PKCS9_EMAIL; 00089 else if( c - s == 12 && strncasecmp( s, "serialNumber", 12 ) == 0 ) 00090 oid = OID_AT_SERIAL_NUMBER; 00091 else if( c - s == 13 && strncasecmp( s, "postalAddress", 13 ) == 0 ) 00092 oid = OID_AT_POSTAL_ADDRESS; 00093 else if( c - s == 10 && strncasecmp( s, "postalCode", 10 ) == 0 ) 00094 oid = OID_AT_POSTAL_CODE; 00095 else if( c - s == 11 && strncasecmp( s, "dnQualifier", 11 ) == 0 ) 00096 oid = OID_AT_DN_QUALIFIER; 00097 else if( c - s == 5 && strncasecmp( s, "title", 5 ) == 0 ) 00098 oid = OID_AT_TITLE; 00099 else if( c - s == 7 && strncasecmp( s, "surName", 7 ) == 0 ) 00100 oid = OID_AT_SUR_NAME; 00101 else if( c - s == 2 && strncasecmp( s, "SN", 2 ) == 0 ) 00102 oid = OID_AT_SUR_NAME; 00103 else if( c - s == 9 && strncasecmp( s, "givenName", 9 ) == 0 ) 00104 oid = OID_AT_GIVEN_NAME; 00105 else if( c - s == 2 && strncasecmp( s, "GN", 2 ) == 0 ) 00106 oid = OID_AT_GIVEN_NAME; 00107 else if( c - s == 8 && strncasecmp( s, "initials", 8 ) == 0 ) 00108 oid = OID_AT_INITIALS; 00109 else if( c - s == 9 && strncasecmp( s, "pseudonym", 9 ) == 0 ) 00110 oid = OID_AT_PSEUDONYM; 00111 else if( c - s == 19 && 00112 strncasecmp( s, "generationQualifier", 19 ) == 0 ) 00113 oid = OID_AT_GENERATION_QUALIFIER; 00114 else if( c - s == 15 && 00115 strncasecmp( s, "domainComponent", 15 ) == 0 ) 00116 oid = OID_DOMAIN_COMPONENT; 00117 else if( c - s == 2 && strncasecmp( s, "DC", 2 ) == 0 ) 00118 oid = OID_DOMAIN_COMPONENT; 00119 else 00120 { 00121 ret = POLARSSL_ERR_X509_UNKNOWN_OID; 00122 goto exit; 00123 } 00124 00125 s = c + 1; 00126 in_tag = 0; 00127 } 00128 00129 if( !in_tag && ( *c == ',' || c == end ) ) 00130 { 00131 if( asn1_store_named_data( head, oid, strlen( oid ), 00132 (unsigned char *) s, 00133 c - s ) == NULL ) 00134 { 00135 return( POLARSSL_ERR_X509_MALLOC_FAILED ); 00136 } 00137 00138 while( c < end && *(c + 1) == ' ' ) 00139 c++; 00140 00141 s = c + 1; 00142 in_tag = 1; 00143 } 00144 c++; 00145 } 00146 00147 exit: 00148 00149 return( ret ); 00150 } 00151 00152 /* The first byte of the value in the asn1_named_data structure is reserved 00153 * to store the critical boolean for us 00154 */ 00155 int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid_len, 00156 int critical, const unsigned char *val, size_t val_len ) 00157 { 00158 asn1_named_data *cur; 00159 00160 if( ( cur = asn1_store_named_data( head, oid, oid_len, 00161 NULL, val_len + 1 ) ) == NULL ) 00162 { 00163 return( POLARSSL_ERR_X509_MALLOC_FAILED ); 00164 } 00165 00166 cur->val.p[0] = critical; 00167 memcpy( cur->val.p + 1, val, val_len ); 00168 00169 return( 0 ); 00170 } 00171 00172 /* 00173 * RelativeDistinguishedName ::= 00174 * SET OF AttributeTypeAndValue 00175 * 00176 * AttributeTypeAndValue ::= SEQUENCE { 00177 * type AttributeType, 00178 * value AttributeValue } 00179 * 00180 * AttributeType ::= OBJECT IDENTIFIER 00181 * 00182 * AttributeValue ::= ANY DEFINED BY AttributeType 00183 */ 00184 static int x509_write_name( unsigned char **p, unsigned char *start, 00185 const char *oid, size_t oid_len, 00186 const unsigned char *name, size_t name_len ) 00187 { 00188 int ret; 00189 size_t len = 0; 00190 00191 // Write PrintableString for all except OID_PKCS9_EMAIL 00192 // 00193 if( OID_SIZE( OID_PKCS9_EMAIL ) == oid_len && 00194 memcmp( oid, OID_PKCS9_EMAIL, oid_len ) == 0 ) 00195 { 00196 ASN1_CHK_ADD( len, asn1_write_ia5_string( p, start, 00197 (const char *) name, 00198 name_len ) ); 00199 } 00200 else 00201 { 00202 ASN1_CHK_ADD( len, asn1_write_printable_string( p, start, 00203 (const char *) name, 00204 name_len ) ); 00205 } 00206 00207 // Write OID 00208 // 00209 ASN1_CHK_ADD( len, asn1_write_oid( p, start, oid, oid_len ) ); 00210 00211 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); 00212 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | 00213 ASN1_SEQUENCE ) ); 00214 00215 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); 00216 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | 00217 ASN1_SET ) ); 00218 00219 return( (int) len ); 00220 } 00221 00222 int x509_write_names( unsigned char **p, unsigned char *start, 00223 asn1_named_data *first ) 00224 { 00225 int ret; 00226 size_t len = 0; 00227 asn1_named_data *cur = first; 00228 00229 while( cur != NULL ) 00230 { 00231 ASN1_CHK_ADD( len, x509_write_name( p, start, (char *) cur->oid.p, 00232 cur->oid.len, 00233 cur->val.p, cur->val.len ) ); 00234 cur = cur->next; 00235 } 00236 00237 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); 00238 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | 00239 ASN1_SEQUENCE ) ); 00240 00241 return( (int) len ); 00242 } 00243 00244 int x509_write_sig( unsigned char **p, unsigned char *start, 00245 const char *oid, size_t oid_len, 00246 unsigned char *sig, size_t size ) 00247 { 00248 int ret; 00249 size_t len = 0; 00250 00251 if( *p - start < (int) size + 1 ) 00252 return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); 00253 00254 len = size; 00255 (*p) -= len; 00256 memcpy( *p, sig, len ); 00257 00258 *--(*p) = 0; 00259 len += 1; 00260 00261 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); 00262 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) ); 00263 00264 // Write OID 00265 // 00266 ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( p, start, oid, 00267 oid_len, 0 ) ); 00268 00269 return( (int) len ); 00270 } 00271 00272 static int x509_write_extension( unsigned char **p, unsigned char *start, 00273 asn1_named_data *ext ) 00274 { 00275 int ret; 00276 size_t len = 0; 00277 00278 ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, ext->val.p + 1, 00279 ext->val.len - 1 ) ); 00280 ASN1_CHK_ADD( len, asn1_write_len( p, start, ext->val.len - 1 ) ); 00281 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_OCTET_STRING ) ); 00282 00283 if( ext->val.p[0] != 0 ) 00284 { 00285 ASN1_CHK_ADD( len, asn1_write_bool( p, start, 1 ) ); 00286 } 00287 00288 ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, ext->oid.p, 00289 ext->oid.len ) ); 00290 ASN1_CHK_ADD( len, asn1_write_len( p, start, ext->oid.len ) ); 00291 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_OID ) ); 00292 00293 ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); 00294 ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | 00295 ASN1_SEQUENCE ) ); 00296 00297 return( (int) len ); 00298 } 00299 00300 /* 00301 * Extension ::= SEQUENCE { 00302 * extnID OBJECT IDENTIFIER, 00303 * critical BOOLEAN DEFAULT FALSE, 00304 * extnValue OCTET STRING 00305 * -- contains the DER encoding of an ASN.1 value 00306 * -- corresponding to the extension type identified 00307 * -- by extnID 00308 * } 00309 */ 00310 int x509_write_extensions( unsigned char **p, unsigned char *start, 00311 asn1_named_data *first ) 00312 { 00313 int ret; 00314 size_t len = 0; 00315 asn1_named_data *cur_ext = first; 00316 00317 while( cur_ext != NULL ) 00318 { 00319 ASN1_CHK_ADD( len, x509_write_extension( p, start, cur_ext ) ); 00320 cur_ext = cur_ext->next; 00321 } 00322 00323 return( (int) len ); 00324 } 00325 00326 #endif /* POLARSSL_X509_CREATE_C */ 00327 00328
Generated on Tue Jul 12 2022 19:40:21 by
1.7.2