result_t X509Cert::get_serial(exlib::string &retVal)
{
mbedtls_x509_crt *crt = get_crt();
if (!crt)
return CHECK_ERROR(CALL_E_INVALID_CALL);
int32_t ret;
mbedtls_mpi serial;
mbedtls_mpi_init(&serial);
ret = mbedtls_mpi_read_binary(&serial, crt->serial.p, crt->serial.len);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
retVal.resize(8192);
size_t sz = retVal.length();
ret = mbedtls_mpi_write_string(&serial, 10, &retVal[0], sz, &sz);
mbedtls_mpi_free(&serial);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
retVal.resize(sz - 1);
return 0;
}
/* write one */
static int write_radix(void *a, char *b, int radix)
{
size_t ol = SIZE_MAX;
int res = mbedtls_mpi_write_string(a, radix, b, ol, &ol);
if (res == MBEDTLS_ERR_MPI_ALLOC_FAILED)
return CRYPT_MEM;
if (res)
return CRYPT_ERROR;
return CRYPT_OK;
}
char *ssh_mbedcry_bn2num(bignum num, int radix)
{
char *buf = NULL;
size_t olen;
int rc;
rc = mbedtls_mpi_write_string(num, radix, buf, 0, &olen);
if (rc != 0) {
return NULL;
}
buf = malloc(olen);
if (buf == NULL) {
return NULL;
}
rc = mbedtls_mpi_write_string(num, radix, buf, olen, &olen);
if (rc != 0) {
SAFE_FREE(buf);
return NULL;
}
return buf;
}
static int
lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type,
union lws_tls_cert_info_results *buf, size_t len)
{
if (!x509)
return -1;
switch (type) {
case LWS_TLS_CERT_INFO_VALIDITY_FROM:
buf->time = lws_tls_mbedtls_time_to_unix(&x509->valid_from);
if (buf->time == (time_t)(long long)-1)
return -1;
break;
case LWS_TLS_CERT_INFO_VALIDITY_TO:
buf->time = lws_tls_mbedtls_time_to_unix(&x509->valid_to);
if (buf->time == (time_t)(long long)-1)
return -1;
break;
case LWS_TLS_CERT_INFO_COMMON_NAME:
return lws_tls_mbedtls_get_x509_name(&x509->subject, buf, len);
case LWS_TLS_CERT_INFO_ISSUER_NAME:
return lws_tls_mbedtls_get_x509_name(&x509->issuer, buf, len);
case LWS_TLS_CERT_INFO_USAGE:
buf->usage = x509->key_usage;
break;
case LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY:
{
char *p = buf->ns.name;
size_t r = len, u;
switch (mbedtls_pk_get_type(&x509->pk)) {
case MBEDTLS_PK_RSA:
{
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(x509->pk);
if (mbedtls_mpi_write_string(&rsa->N, 16, p, r, &u))
return -1;
r -= u;
p += u;
if (mbedtls_mpi_write_string(&rsa->E, 16, p, r, &u))
return -1;
p += u;
buf->ns.len = lws_ptr_diff(p, buf->ns.name);
break;
}
case MBEDTLS_PK_ECKEY:
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(x509->pk);
if (mbedtls_mpi_write_string(&ecp->Q.X, 16, p, r, &u))
return -1;
r -= u;
p += u;
if (mbedtls_mpi_write_string(&ecp->Q.Y, 16, p, r, &u))
return -1;
r -= u;
p += u;
if (mbedtls_mpi_write_string(&ecp->Q.Z, 16, p, r, &u))
return -1;
p += u;
buf->ns.len = lws_ptr_diff(p, buf->ns.name);
break;
}
default:
lwsl_notice("%s: x509 has unsupported pubkey type %d\n",
__func__,
mbedtls_pk_get_type(&x509->pk));
return -1;
}
break;
}
default:
return -1;
}
return 0;
}
