static int x509_write_time( unsigned char **p, unsigned char *start, const char *time, size_t size ) { int ret; size_t len = 0; /* * write ASN1_UTC_TIME if year < 2050 (2 bytes shorter) */ if( time[0] == '2' && time[1] == '0' && time [2] < '5' ) { ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, (const unsigned char *) time + 2, size - 2 ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_UTC_TIME ) ); } else { ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, (const unsigned char *) time, size ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_GENERALIZED_TIME ) ); } return( (int) len ); }
int x509write_crt_set_authority_key_identifier( x509write_cert *ctx ) { int ret; unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof(buf); size_t len = 0; memset( buf, 0, sizeof(buf)); ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->issuer_key ) ); sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); c = buf + sizeof(buf) - 20; len = 20; ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONTEXT_SPECIFIC | 0 ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return x509write_crt_set_extension( ctx, OID_AUTHORITY_KEY_IDENTIFIER, OID_SIZE( OID_AUTHORITY_KEY_IDENTIFIER ), 0, buf + sizeof(buf) - len, len ); }
static int x509_write_extension( unsigned char **p, unsigned char *start, asn1_named_data *ext ) { int ret; size_t len = 0; ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, ext->val.p + 1, ext->val.len - 1 ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, ext->val.len - 1 ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_OCTET_STRING ) ); if( ext->val.p[0] != 0 ) { ASN1_CHK_ADD( len, asn1_write_bool( p, start, 1 ) ); } ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, ext->oid.p, ext->oid.len ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, ext->oid.len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_OID ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return( (int) len ); }
int x509_write_pubkey_der( unsigned char *buf, size_t size, rsa_context *rsa ) { int ret; unsigned char *c; size_t len = 0; c = buf + size - 1; ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); if( c - buf < 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); *--c = 0; len += 1; ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) ); ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, buf, OID_PKCS1_RSA ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return( len ); }
/* * RelativeDistinguishedName ::= * SET OF AttributeTypeAndValue * * AttributeTypeAndValue ::= SEQUENCE { * type AttributeType, * value AttributeValue } * * AttributeType ::= OBJECT IDENTIFIER * * AttributeValue ::= ANY DEFINED BY AttributeType */ static int x509_write_name( unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, const unsigned char *name, size_t name_len ) { int ret; size_t len = 0; // Write PrintableString for all except OID_PKCS9_EMAIL // if( OID_SIZE( OID_PKCS9_EMAIL ) == oid_len && memcmp( oid, OID_PKCS9_EMAIL, oid_len ) == 0 ) { ASN1_CHK_ADD( len, asn1_write_ia5_string( p, start, (const char *) name, name_len ) ); } else { ASN1_CHK_ADD( len, asn1_write_printable_string( p, start, (const char *) name, name_len ) ); } // Write OID // ASN1_CHK_ADD( len, asn1_write_oid( p, start, oid, oid_len ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SET ) ); return( (int) len ); }
int x509_write_name( unsigned char **p, unsigned char *start, char *oid, char *name ) { int ret; size_t string_len = 0; size_t oid_len = 0; size_t len = 0; // Write PrintableString for all except OID_PKCS9_EMAIL // if( OID_SIZE( OID_PKCS9_EMAIL ) == strlen( oid ) && memcmp( oid, OID_PKCS9_EMAIL, strlen( oid ) ) == 0 ) { ASN1_CHK_ADD( string_len, asn1_write_ia5_string( p, start, name ) ); } else ASN1_CHK_ADD( string_len, asn1_write_printable_string( p, start, name ) ); // Write OID // ASN1_CHK_ADD( oid_len, asn1_write_oid( p, start, oid ) ); len = oid_len + string_len; ASN1_CHK_ADD( len, asn1_write_len( p, start, oid_len + string_len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SET ) ); return( len ); }
int pk_write_pubkey_der( pk_context *key, unsigned char *buf, size_t size ) { int ret; unsigned char *c; size_t len = 0, par_len = 0, oid_len; const char *oid; c = buf + size; ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, key ) ); if( c - buf < 1 ) { return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); } /* * SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } */ *--c = 0; len += 1; ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) ); /* If we return here (do not write OID) * the result will look OK... */ /* return len; */ if( ( ret = oid_get_oid_by_pk_alg( pk_get_type( key ), &oid, &oid_len ) ) != 0 ) { return( ret ); } #if defined(POLARSSL_ECP_C) if( pk_get_type( key ) == POLARSSL_PK_ECKEY ) { ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, pk_ec( *key ) ) ); } #endif ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, buf, oid, oid_len, par_len ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return( (int) len ); }
int x509write_crt_set_basic_constraints( x509write_cert *ctx, int is_ca, int max_pathlen ) { int ret; unsigned char buf[9]; unsigned char *c = buf + sizeof(buf); size_t len = 0; memset( buf, 0, sizeof(buf) ); if( is_ca && max_pathlen > 127 ) return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); if( is_ca ) { if( max_pathlen >= 0 ) { ASN1_CHK_ADD( len, asn1_write_int( &c, buf, max_pathlen ) ); } ASN1_CHK_ADD( len, asn1_write_bool( &c, buf, 1 ) ); } ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return x509write_crt_set_extension( ctx, OID_BASIC_CONSTRAINTS, OID_SIZE( OID_BASIC_CONSTRAINTS ), 0, buf + sizeof(buf) - len, len ); }
int x509_write_sig( unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size ) { int ret; size_t len = 0; if( *p - start < (int) size + 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); len = size; (*p) -= len; memcpy( *p, sig, len ); *--(*p) = 0; len += 1; ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) ); // Write OID // ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( p, start, oid, oid_len, 0 ) ); return( (int) len ); }
int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X ) { int ret; size_t len = 0; // Write the MPI // len = mpi_size( X ); if( *p - start < (int) len ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); (*p) -= len; MPI_CHK( mpi_write_binary( X, *p, len ) ); // DER format assumes 2s complement for numbers, so the leftmost bit // should be 0 for positive numbers and 1 for negative numbers. // if ( X->s ==1 && **p & 0x80 ) { if( *p - start < 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); *--(*p) = 0x00; len += 1; } ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_INTEGER ) ); ret = (int) len; cleanup: return( ret ); }
int asn1_write_int( unsigned char **p, unsigned char *start, int val ) { int ret; size_t len = 0; // TODO negative values and values larger than 128 // DER format assumes 2s complement for numbers, so the leftmost bit // should be 0 for positive numbers and 1 for negative numbers. // if( *p - start < 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); len += 1; *--(*p) = val; if ( val > 0 && **p & 0x80 ) { if( *p - start < 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); *--(*p) = 0x00; len += 1; } ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_INTEGER ) ); return( (int) len ); }
int asn1_write_bitstring( unsigned char **p, unsigned char *start, const unsigned char *buf, size_t bits ) { int ret; size_t len = 0, size; size = ( bits / 8 ) + ( ( bits % 8 ) ? 1 : 0 ); // Calculate byte length // if( *p - start < (int) size + 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); len = size + 1; (*p) -= size; memcpy( *p, buf, size ); // Write unused bits // *--(*p) = (unsigned char) (size * 8 - bits); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) ); return( (int) len ); }
int asn1_write_null( unsigned char **p, unsigned char *start ) { int ret; size_t len = 0; // Write NULL // ASN1_CHK_ADD( len, asn1_write_len( p, start, 0) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_NULL ) ); return( (int) len ); }
int asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid, size_t oid_len ) { int ret; size_t len = 0; ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, (const unsigned char *) oid, oid_len ) ); ASN1_CHK_ADD( len , asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len , asn1_write_tag( p, start, ASN1_OID ) ); return( (int) len ); }
int asn1_write_octet_string( unsigned char **p, unsigned char *start, const unsigned char *buf, size_t size ) { int ret; size_t len = 0; ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, buf, size ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_OCTET_STRING ) ); return( (int) len ); }
int asn1_write_ia5_string( unsigned char **p, unsigned char *start, const char *text, size_t text_len ) { int ret; size_t len = 0; ASN1_CHK_ADD( len, asn1_write_raw_buffer( p, start, (const unsigned char *) text, text_len ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_IA5_STRING ) ); return( (int) len ); }
/* * RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n * publicExponent INTEGER -- e * } */ static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, rsa_context *rsa ) { int ret; size_t len = 0; ASN1_CHK_ADD( len, asn1_write_mpi( p, start, &rsa->E ) ); ASN1_CHK_ADD( len, asn1_write_mpi( p, start, &rsa->N ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return( (int) len ); }
int asn1_write_bool( unsigned char **p, unsigned char *start, int boolean ) { int ret; size_t len = 0; if( *p - start < 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); *--(*p) = (boolean) ? 1 : 0; len++; ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BOOLEAN ) ); return( (int) len ); }
static int pk_write_rb2_pubkey( unsigned char **p, unsigned char *start, rainbow2_context *rb2 ) { int ret = 0; size_t len = RB2_PUBKEY_SIZE_BYTE; if( *p - start < (int) len ) { return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); } *p -= len; memcpy( *p, &rb2->pk, len ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_BIT_STRING ) ); return (int) len; }
int x509_write_key_der( unsigned char *buf, size_t size, rsa_context *rsa ) { int ret; unsigned char *c; size_t len = 0; c = buf + size - 1; ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DP ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->Q ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->P ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->D ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) ); ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 0 ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); // TODO: Make NON RSA Specific variant later on /* *--c = 0; len += 1; len += asn1_write_len( &c, len); len += asn1_write_tag( &c, ASN1_BIT_STRING ); len += asn1_write_oid( &c, OID_PKCS1_RSA ); len += asn1_write_int( &c, 0 ); len += asn1_write_len( &c, len); len += asn1_write_tag( &c, ASN1_CONSTRUCTED | ASN1_SEQUENCE );*/ /* for(i = 0; i < len; ++i) { if (i % 16 == 0 ) printf("\n"); printf("%02x ", c[i]); } printf("\n");*/ return( len ); }
int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, size_t par_len ) { int ret; size_t len = 0; if( par_len == 0 ) ASN1_CHK_ADD( len, asn1_write_null( p, start ) ); else len += par_len; ASN1_CHK_ADD( len, asn1_write_oid( p, start, oid, oid_len ) ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return( (int) len ); }
int x509_write_names( unsigned char **p, unsigned char *start, asn1_named_data *first ) { int ret; size_t len = 0; asn1_named_data *cur = first; while( cur != NULL ) { ASN1_CHK_ADD( len, x509_write_name( p, start, (char *) cur->oid.p, cur->oid.len, cur->val.p, cur->val.len ) ); cur = cur->next; } ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return( (int) len ); }
int asn1_write_oid( unsigned char **p, unsigned char *start, char *oid ) { int ret; size_t len = 0; // Write OID // len = strlen( oid ); if( *p - start < (int) len ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); (*p) -= len; memcpy( *p, oid, len ); ASN1_CHK_ADD( len , asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len , asn1_write_tag( p, start, ASN1_OID ) ); return( len ); }
int asn1_write_ia5_string( unsigned char **p, unsigned char *start, char *text ) { int ret; size_t len = 0; // Write string // len = strlen( text ); if( *p - start < (int) len ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); (*p) -= len; memcpy( *p, text, len ); ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_IA5_STRING ) ); return( len ); }
int x509write_crt_set_subject_key_identifier( x509write_cert *ctx ) { int ret; unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof(buf); size_t len = 0; memset( buf, 0, sizeof(buf)); ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->subject_key ) ); sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); c = buf + sizeof(buf) - 20; len = 20; ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_OCTET_STRING ) ); return x509write_crt_set_extension( ctx, OID_SUBJECT_KEY_IDENTIFIER, OID_SIZE( OID_SUBJECT_KEY_IDENTIFIER ), 0, buf + sizeof(buf) - len, len ); }
int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, char *algorithm_oid ) { int ret; size_t null_len = 0; size_t oid_len = 0; size_t len = 0; // Write NULL // ASN1_CHK_ADD( null_len, asn1_write_null( p, start ) ); // Write OID // ASN1_CHK_ADD( oid_len, asn1_write_oid( p, start, algorithm_oid ) ); len = oid_len + null_len; ASN1_CHK_ADD( len, asn1_write_len( p, start, oid_len + null_len ) ); ASN1_CHK_ADD( len, asn1_write_tag( p, start, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return( len ); }
int pk_write_key_der( pk_context *key, unsigned char *buf, size_t size ) { int ret; unsigned char *c = buf + size; size_t len = 0; #if defined(POLARSSL_RSA_C) if( pk_get_type( key ) == POLARSSL_PK_RSA ) { rsa_context *rsa = pk_rsa( *key ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->QP ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DQ ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->DP ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->Q ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->P ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->D ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->E ) ); ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &rsa->N ) ); ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 0 ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); } else #endif /* POLARSSL_RSA_C */ #if defined(POLARSSL_ECP_C) if( pk_get_type( key ) == POLARSSL_PK_ECKEY ) { ecp_keypair *ec = pk_ec( *key ); size_t pub_len = 0, par_len = 0; /* * RFC 5915, or SEC1 Appendix C.4 * * ECPrivateKey ::= SEQUENCE { * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), * privateKey OCTET STRING, * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, * publicKey [1] BIT STRING OPTIONAL * } */ /* publicKey */ ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) ); if( c - buf < 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); *--c = 0; pub_len += 1; ASN1_CHK_ADD( pub_len, asn1_write_len( &c, buf, pub_len ) ); ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) ); ASN1_CHK_ADD( pub_len, asn1_write_len( &c, buf, pub_len ) ); ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, buf, ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ); len += pub_len; /* parameters */ ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) ); ASN1_CHK_ADD( par_len, asn1_write_len( &c, buf, par_len ) ); ASN1_CHK_ADD( par_len, asn1_write_tag( &c, buf, ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ); len += par_len; /* privateKey: write as MPI then fix tag */ ASN1_CHK_ADD( len, asn1_write_mpi( &c, buf, &ec->d ) ); *c = ASN1_OCTET_STRING; /* version */ ASN1_CHK_ADD( len, asn1_write_int( &c, buf, 1 ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); } else #endif /* POLARSSL_ECP_C */ #if defined(__TTS__) if( pk_get_type( key ) == OUR_PK_TTS ) { len += TTS_SECKEY_SIZE_BYTE + TTS_PUBKEY_SIZE_BYTE; if( c - buf < (int) len ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); c -= len; memcpy( c, &pk_tts( *key )->sk, TTS_SECKEY_SIZE_BYTE ); memcpy( c + TTS_SECKEY_SIZE_BYTE, &pk_tts( *key )->pk, TTS_PUBKEY_SIZE_BYTE ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) ); return (int) len; } else #endif /* __TTS__ */ #if defined(__TTS_2__) if( pk_get_type( key ) == OUR_PK_TTS2 ) { len += TTS2_SECKEY_SIZE_BYTE + TTS2_PUBKEY_SIZE_BYTE; if( c - buf < (int) len ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); c -= len; memcpy( c, &pk_tts2( *key )->sk, TTS2_SECKEY_SIZE_BYTE ); memcpy( c + TTS2_SECKEY_SIZE_BYTE, &pk_tts2( *key )->pk, TTS2_PUBKEY_SIZE_BYTE ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) ); return (int) len; } else #endif /* __TTS_2__ */ #if defined(__RAINBOW__) if( pk_get_type( key ) == OUR_PK_RAINBOW ) { len += RB_SECKEY_SIZE_BYTE + RB_PUBKEY_SIZE_BYTE; if( c - buf < (int) len ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); c -= len; memcpy( c, &pk_rainbow( *key )->sk, RB_SECKEY_SIZE_BYTE ); memcpy( c + RB_SECKEY_SIZE_BYTE, &pk_rainbow( *key )->pk, RB_PUBKEY_SIZE_BYTE ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) ); return (int) len; } else #endif /* __RAINBOW__ */ #if defined(__RAINBOW_2__) if( pk_get_type( key ) == OUR_PK_RAINBOW2 ) { len += RB2_SECKEY_SIZE_BYTE + RB2_PUBKEY_SIZE_BYTE; if( c - buf < (int) len ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); c -= len; memcpy( c, &pk_rainbow2( *key )->sk, RB2_SECKEY_SIZE_BYTE ); memcpy( c + RB2_SECKEY_SIZE_BYTE, &pk_rainbow2( *key )->pk, RB2_PUBKEY_SIZE_BYTE ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_BIT_STRING ) ); return (int) len; } else #endif /* __RAINBOW_2__ */ return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE ); return( (int) len ); }
int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret; const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; unsigned char hash[64]; unsigned char sig[POLARSSL_MPI_MAX_SIZE]; unsigned char tmp_buf[2048]; size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; pk_type_t pk_alg; /* * Prepare data to be signed in tmp_buf */ c = tmp_buf + sizeof( tmp_buf ); /* Signature algorithm needed in TBS, and later for actual signature */ pk_alg = pk_get_type( ctx->issuer_key ); if( pk_alg == POLARSSL_PK_ECKEY ) pk_alg = POLARSSL_PK_ECDSA; if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret ); } /* * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */ ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ); /* * SubjectPublicKeyInfo */ ASN1_CHK_ADD( pub_len, pk_write_pubkey_der( ctx->subject_key, tmp_buf, c - tmp_buf ) ); c -= pub_len; len += pub_len; /* * Subject ::= Name */ ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->subject ) ); /* * Validity ::= SEQUENCE { * notBefore Time, * notAfter Time } */ sub_len = 0; ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after, X509_RFC5280_UTC_TIME_LEN ) ); ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before, X509_RFC5280_UTC_TIME_LEN ) ); len += sub_len; ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); /* * Issuer ::= Name */ ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->issuer ) ); /* * Signature ::= AlgorithmIdentifier */ ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, tmp_buf, sig_oid, strlen( sig_oid ), 0 ) ); /* * Serial ::= INTEGER */ ASN1_CHK_ADD( len, asn1_write_mpi( &c, tmp_buf, &ctx->serial ) ); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ sub_len = 0; ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) ); len += sub_len; ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); /* * Make signature */ md( md_info_from_type( ctx->md_alg ), c, len, hash ); if( ( ret = pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len, f_rng, p_rng ) ) != 0 ) { return( ret ); } /* * Write data to output buffer */ c2 = buf + size; ASN1_CHK_ADD( sig_and_oid_len, x509_write_sig( &c2, buf, sig_oid, sig_oid_len, sig, sig_len ) ); c2 -= len; memcpy( c2, c, len ); len += sig_and_oid_len; ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return( (int) len ); }
int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa, x509_req_name *req_name, int hash_id ) { int ret; char sig_oid[10]; unsigned char *c, *c2; unsigned char hash[64]; unsigned char sig[POLARSSL_MPI_MAX_SIZE]; unsigned char tmp_buf[2048]; size_t sub_len = 0, pub_len = 0, sig_len = 0; size_t len = 0; x509_req_name *cur = req_name; c = tmp_buf + 2048 - 1; ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, 0 ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) ); ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &rsa->E ) ); ASN1_CHK_ADD( pub_len, asn1_write_mpi( &c, tmp_buf, &rsa->N ) ); ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) ); ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); if( c - tmp_buf < 1 ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); *--c = 0; pub_len += 1; ASN1_CHK_ADD( pub_len, asn1_write_len( &c, tmp_buf, pub_len ) ); ASN1_CHK_ADD( pub_len, asn1_write_tag( &c, tmp_buf, ASN1_BIT_STRING ) ); ASN1_CHK_ADD( pub_len, asn1_write_algorithm_identifier( &c, tmp_buf, OID_PKCS1_RSA ) ); len += pub_len; ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, pub_len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); while( cur != NULL ) { ASN1_CHK_ADD( sub_len, x509_write_name( &c, tmp_buf, cur->oid, cur->name ) ); cur = cur->next; } len += sub_len; ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); ASN1_CHK_ADD( len, asn1_write_int( &c, tmp_buf, 0 ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); x509_hash( c, len, hash_id, hash ); rsa_pkcs1_sign( rsa, NULL, NULL, RSA_PRIVATE, hash_id, 0, hash, sig ); // Generate correct OID // memcpy( sig_oid, OID_PKCS1, 8 ); sig_oid[8] = hash_id; sig_oid[9] = '\0'; c2 = buf + size - 1; ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig, rsa->len ) ); c2 -= len; memcpy( c2, c, len ); len += sig_len; ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return( len ); }
int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret; const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; unsigned char hash[64]; unsigned char sig[POLARSSL_MPI_MAX_SIZE]; unsigned char tmp_buf[2048]; size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; pk_type_t pk_alg; /* * Prepare data to be signed in tmp_buf */ c = tmp_buf + sizeof( tmp_buf ); ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); if( len ) { ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SET ) ); ASN1_CHK_ADD( len, asn1_write_oid( &c, tmp_buf, OID_PKCS9_CSR_EXT_REQ, OID_SIZE( OID_PKCS9_CSR_EXT_REQ ) ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); } ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) ); ASN1_CHK_ADD( pub_len, pk_write_pubkey_der( ctx->key, tmp_buf, c - tmp_buf ) ); c -= pub_len; len += pub_len; /* * Subject ::= Name */ ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->subject ) ); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ ASN1_CHK_ADD( len, asn1_write_int( &c, tmp_buf, 0 ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); /* * Prepare signature */ md( md_info_from_type( ctx->md_alg ), c, len, hash ); if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, f_rng, p_rng ) ) != 0 ) { return( ret ); } if( pk_can_do( ctx->key, POLARSSL_PK_RSA ) ) pk_alg = POLARSSL_PK_RSA; else if( pk_can_do( ctx->key, POLARSSL_PK_ECDSA ) ) pk_alg = POLARSSL_PK_ECDSA; else return( POLARSSL_ERR_X509_INVALID_ALG ); if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret ); } /* * Write data to output buffer */ c2 = buf + size; ASN1_CHK_ADD( sig_and_oid_len, x509_write_sig( &c2, buf, sig_oid, sig_oid_len, sig, sig_len ) ); if( len > (size_t)( c2 - buf ) ) return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL ); c2 -= len; memcpy( c2, c, len ); len += sig_and_oid_len; ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return( (int) len ); }