Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
x509write_csr.c
00001 /* 00002 * X.509 Certificate Signing Request writing 00003 * 00004 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 00005 * SPDX-License-Identifier: Apache-2.0 00006 * 00007 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00008 * not use this file except in compliance with the License. 00009 * You may obtain a copy of the License at 00010 * 00011 * http://www.apache.org/licenses/LICENSE-2.0 00012 * 00013 * Unless required by applicable law or agreed to in writing, software 00014 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00015 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00016 * See the License for the specific language governing permissions and 00017 * limitations under the License. 00018 * 00019 * This file is part of mbed TLS (https://tls.mbed.org) 00020 */ 00021 /* 00022 * References: 00023 * - CSRs: PKCS#10 v1.7 aka RFC 2986 00024 * - attributes: PKCS#9 v2.0 aka RFC 2985 00025 */ 00026 00027 #if !defined(MBEDTLS_CONFIG_FILE) 00028 #include "mbedtls/config.h" 00029 #else 00030 #include MBEDTLS_CONFIG_FILE 00031 #endif 00032 00033 #if defined(MBEDTLS_X509_CSR_WRITE_C) 00034 00035 #include "mbedtls/x509_csr.h" 00036 #include "mbedtls/oid.h" 00037 #include "mbedtls/asn1write.h" 00038 #include "mbedtls/platform_util.h" 00039 00040 #include <string.h> 00041 #include <stdlib.h> 00042 00043 #if defined(MBEDTLS_PEM_WRITE_C) 00044 #include "mbedtls/pem.h" 00045 #endif 00046 00047 void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) 00048 { 00049 memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); 00050 } 00051 00052 void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) 00053 { 00054 mbedtls_asn1_free_named_data_list( &ctx->subject ); 00055 mbedtls_asn1_free_named_data_list( &ctx->extensions ); 00056 00057 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); 00058 } 00059 00060 void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ) 00061 { 00062 ctx->md_alg = md_alg; 00063 } 00064 00065 void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key ) 00066 { 00067 ctx->key = key; 00068 } 00069 00070 int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx, 00071 const char *subject_name ) 00072 { 00073 return mbedtls_x509_string_to_names( &ctx->subject, subject_name ); 00074 } 00075 00076 int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx, 00077 const char *oid, size_t oid_len, 00078 const unsigned char *val, size_t val_len ) 00079 { 00080 return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len, 00081 0, val, val_len ); 00082 } 00083 00084 int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage ) 00085 { 00086 unsigned char buf[4]; 00087 unsigned char *c; 00088 int ret; 00089 00090 c = buf + 4; 00091 00092 if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 ) 00093 return( ret ); 00094 00095 ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE, 00096 MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ), 00097 buf, 4 ); 00098 if( ret != 0 ) 00099 return( ret ); 00100 00101 return( 0 ); 00102 } 00103 00104 int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, 00105 unsigned char ns_cert_type ) 00106 { 00107 unsigned char buf[4]; 00108 unsigned char *c; 00109 int ret; 00110 00111 c = buf + 4; 00112 00113 if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 ) 00114 return( ret ); 00115 00116 ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE, 00117 MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ), 00118 buf, 4 ); 00119 if( ret != 0 ) 00120 return( ret ); 00121 00122 return( 0 ); 00123 } 00124 00125 int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, 00126 int (*f_rng)(void *, unsigned char *, size_t), 00127 void *p_rng ) 00128 { 00129 int ret; 00130 const char *sig_oid; 00131 size_t sig_oid_len = 0; 00132 unsigned char *c, *c2; 00133 unsigned char hash[64]; 00134 unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; 00135 unsigned char tmp_buf[2048]; 00136 size_t pub_len = 0, sig_and_oid_len = 0, sig_len; 00137 size_t len = 0; 00138 mbedtls_pk_type_t pk_alg; 00139 00140 /* 00141 * Prepare data to be signed in tmp_buf 00142 */ 00143 c = tmp_buf + sizeof( tmp_buf ); 00144 00145 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); 00146 00147 if( len ) 00148 { 00149 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); 00150 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | 00151 MBEDTLS_ASN1_SEQUENCE ) ); 00152 00153 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); 00154 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | 00155 MBEDTLS_ASN1_SET ) ); 00156 00157 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &c, tmp_buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, 00158 MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) ); 00159 00160 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); 00161 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | 00162 MBEDTLS_ASN1_SEQUENCE ) ); 00163 } 00164 00165 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); 00166 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | 00167 MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ); 00168 00169 MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key, 00170 tmp_buf, c - tmp_buf ) ); 00171 c -= pub_len; 00172 len += pub_len; 00173 00174 /* 00175 * Subject ::= Name 00176 */ 00177 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) ); 00178 00179 /* 00180 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 00181 */ 00182 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, tmp_buf, 0 ) ); 00183 00184 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); 00185 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | 00186 MBEDTLS_ASN1_SEQUENCE ) ); 00187 00188 /* 00189 * Prepare signature 00190 */ 00191 mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); 00192 00193 if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, 00194 f_rng, p_rng ) ) != 0 ) 00195 { 00196 return( ret ); 00197 } 00198 00199 if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_RSA ) ) 00200 pk_alg = MBEDTLS_PK_RSA; 00201 else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) ) 00202 pk_alg = MBEDTLS_PK_ECDSA; 00203 else 00204 return( MBEDTLS_ERR_X509_INVALID_ALG ); 00205 00206 if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, 00207 &sig_oid, &sig_oid_len ) ) != 0 ) 00208 { 00209 return( ret ); 00210 } 00211 00212 /* 00213 * Write data to output buffer 00214 */ 00215 c2 = buf + size; 00216 MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf, 00217 sig_oid, sig_oid_len, sig, sig_len ) ); 00218 00219 if( len > (size_t)( c2 - buf ) ) 00220 return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); 00221 00222 c2 -= len; 00223 memcpy( c2, c, len ); 00224 00225 len += sig_and_oid_len; 00226 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) ); 00227 MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED | 00228 MBEDTLS_ASN1_SEQUENCE ) ); 00229 00230 return( (int) len ); 00231 } 00232 00233 #define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n" 00234 #define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" 00235 00236 #if defined(MBEDTLS_PEM_WRITE_C) 00237 int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, 00238 int (*f_rng)(void *, unsigned char *, size_t), 00239 void *p_rng ) 00240 { 00241 int ret; 00242 unsigned char output_buf[4096]; 00243 size_t olen = 0; 00244 00245 if( ( ret = mbedtls_x509write_csr_der( ctx, output_buf, sizeof(output_buf), 00246 f_rng, p_rng ) ) < 0 ) 00247 { 00248 return( ret ); 00249 } 00250 00251 if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CSR, PEM_END_CSR, 00252 output_buf + sizeof(output_buf) - ret, 00253 ret, buf, size, &olen ) ) != 0 ) 00254 { 00255 return( ret ); 00256 } 00257 00258 return( 0 ); 00259 } 00260 #endif /* MBEDTLS_PEM_WRITE_C */ 00261 00262 #endif /* MBEDTLS_X509_CSR_WRITE_C */
Generated on Tue Jul 12 2022 12:46:20 by
