int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
const char *sig_oid;
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
unsigned char sig[POLARSSL_MPI_MAX_SIZE];
unsigned char tmp_buf[2048];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
pk_type_t pk_alg;
/*
* Prepare data to be signed in tmp_buf
*/
c = tmp_buf + sizeof( tmp_buf );
ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
if( len )
{
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
ASN1_SEQUENCE ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
ASN1_SET ) );
ASN1_CHK_ADD( len, asn1_write_oid( &c, tmp_buf, OID_PKCS9_CSR_EXT_REQ,
OID_SIZE( OID_PKCS9_CSR_EXT_REQ ) ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
ASN1_SEQUENCE ) );
}
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
ASN1_CONTEXT_SPECIFIC ) );
ASN1_CHK_ADD( pub_len, pk_write_pubkey_der( ctx->key,
tmp_buf, c - tmp_buf ) );
c -= pub_len;
len += pub_len;
/*
* Subject ::= Name
*/
ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->subject ) );
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
ASN1_CHK_ADD( len, asn1_write_int( &c, tmp_buf, 0 ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
ASN1_SEQUENCE ) );
/*
* Prepare signature
*/
md( md_info_from_type( ctx->md_alg ), c, len, hash );
if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
f_rng, p_rng ) ) != 0 )
{
return( ret );
}
if( pk_can_do( ctx->key, POLARSSL_PK_RSA ) )
pk_alg = POLARSSL_PK_RSA;
else if( pk_can_do( ctx->key, POLARSSL_PK_ECDSA ) )
pk_alg = POLARSSL_PK_ECDSA;
else
return( POLARSSL_ERR_X509_INVALID_ALG );
if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
&sig_oid, &sig_oid_len ) ) != 0 )
{
return( ret );
}
/*
* Write data to output buffer
*/
c2 = buf + size;
ASN1_CHK_ADD( sig_and_oid_len, x509_write_sig( &c2, buf,
sig_oid, sig_oid_len, sig, sig_len ) );
if( len > (size_t)( c2 - buf ) )
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
c2 -= len;
memcpy( c2, c, len );
len += sig_and_oid_len;
ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED |
ASN1_SEQUENCE ) );
return( (int) len );
}
int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
const char *sig_oid;
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
unsigned char sig[POLARSSL_MPI_MAX_SIZE];
unsigned char tmp_buf[2048];
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
pk_type_t pk_alg;
/*
* Prepare data to be signed in tmp_buf
*/
c = tmp_buf + sizeof( tmp_buf );
/* Signature algorithm needed in TBS, and later for actual signature */
pk_alg = pk_get_type( ctx->issuer_key );
if( pk_alg == POLARSSL_PK_ECKEY )
pk_alg = POLARSSL_PK_ECDSA;
if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
&sig_oid, &sig_oid_len ) ) != 0 )
{
return( ret );
}
/*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*/
ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) );
/*
* SubjectPublicKeyInfo
*/
ASN1_CHK_ADD( pub_len, pk_write_pubkey_der( ctx->subject_key,
tmp_buf, c - tmp_buf ) );
c -= pub_len;
len += pub_len;
/*
* Subject ::= Name
*/
ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->subject ) );
/*
* Validity ::= SEQUENCE {
* notBefore Time,
* notAfter Time }
*/
sub_len = 0;
ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_after,
X509_RFC5280_UTC_TIME_LEN ) );
ASN1_CHK_ADD( sub_len, x509_write_time( &c, tmp_buf, ctx->not_before,
X509_RFC5280_UTC_TIME_LEN ) );
len += sub_len;
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
/*
* Issuer ::= Name
*/
ASN1_CHK_ADD( len, x509_write_names( &c, tmp_buf, ctx->issuer ) );
/*
* Signature ::= AlgorithmIdentifier
*/
ASN1_CHK_ADD( len, asn1_write_algorithm_identifier( &c, tmp_buf,
sig_oid, strlen( sig_oid ), 0 ) );
/*
* Serial ::= INTEGER
*/
ASN1_CHK_ADD( len, asn1_write_mpi( &c, tmp_buf, &ctx->serial ) );
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
sub_len = 0;
ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) );
len += sub_len;
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
/*
* Make signature
*/
md( md_info_from_type( ctx->md_alg ), c, len, hash );
if( ( ret = pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len,
f_rng, p_rng ) ) != 0 )
{
return( ret );
}
/*
* Write data to output buffer
*/
c2 = buf + size;
ASN1_CHK_ADD( sig_and_oid_len, x509_write_sig( &c2, buf,
sig_oid, sig_oid_len, sig, sig_len ) );
c2 -= len;
memcpy( c2, c, len );
len += sig_and_oid_len;
ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
return( (int) len );
}
