/* If OPTIONAL fields have not been initialized then
* disable them.
*/
static void disable_optional_stuff(gnutls_x509_crt_t cert)
{
asn1_data_node_st n;
asn1_node node;
unsigned remove_subject_unique_id = 1;
unsigned remove_issuer_unique_id = 1;
node = asn1_find_node(cert->cert, "tbsCertificate.issuerUniqueID");
if (node) {
if (asn1_read_node_value(node, &n) == ASN1_SUCCESS && n.value_len != 0)
remove_issuer_unique_id = 0;
}
node = asn1_find_node(cert->cert, "tbsCertificate.subjectUniqueID");
if (node) {
if (asn1_read_node_value(node, &n) == ASN1_SUCCESS && n.value_len != 0)
remove_subject_unique_id = 0;
}
if (remove_issuer_unique_id)
asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL,
0);
if (remove_subject_unique_id)
asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID",
NULL, 0);
if (cert->use_extensions == 0) {
_gnutls_debug_log("Disabling X.509 extensions.\n");
asn1_write_value(cert->cert, "tbsCertificate.extensions",
NULL, 0);
}
return;
}
/* This will write the AttributeTypeAndValue field. The data must be already DER encoded.
* 'multi' must be (0) if writing an AttributeTypeAndValue, and 1 if Attribute.
* In all cases only one value is written.
*/
static int
_gnutls_x509_write_attribute(const char *given_oid,
ASN1_TYPE asn1_struct, const char *where,
const void *_data, int sizeof_data)
{
char tmp[128];
int result;
/* write the data (value)
*/
_gnutls_str_cpy(tmp, sizeof(tmp), where);
_gnutls_str_cat(tmp, sizeof(tmp), ".value");
result = asn1_write_value(asn1_struct, tmp, _data, sizeof_data);
if (result < 0) {
gnutls_assert();
return _gnutls_asn2err(result);
}
/* write the type
*/
_gnutls_str_cpy(tmp, sizeof(tmp), where);
_gnutls_str_cat(tmp, sizeof(tmp), ".type");
result = asn1_write_value(asn1_struct, tmp, given_oid, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
return 0;
}
/* Writes the value of the datum in the given ASN1_TYPE. If str is non
* (0) it encodes it as OCTET STRING.
*/
int
_gnutls_x509_write_value (ASN1_TYPE c, const char *root,
const gnutls_datum_t * data, int str)
{
int result;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
gnutls_datum_t val = { NULL, 0 };
if (str)
{
/* Convert it to OCTET STRING
*/
if ((result = asn1_create_element
(_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
goto cleanup;
}
result = asn1_write_value (c2, "", data->data, data->size);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
goto cleanup;
}
result = _gnutls_x509_der_encode (c2, "", &val, 0);
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
}
else
{
val.data = data->data;
val.size = data->size;
}
/* Write the data.
*/
result = asn1_write_value (c, root, val.data, val.size);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
goto cleanup;
}
result = 0;
cleanup:
asn1_delete_structure (&c2);
if (val.data != data->data)
_gnutls_free_datum (&val);
return result;
}
static void
build_personal_name (void)
{
ASN1_TYPE asn1_pkix = NULL, asn;
guchar buffer[10024];
int res, len;
res = asn1_array2tree (pkix_asn1_tab, &asn1_pkix, NULL);
g_assert (res == ASN1_SUCCESS);
res = asn1_create_element (asn1_pkix, "PKIX1.PersonalName", &asn);
g_assert (res == ASN1_SUCCESS);
asn1_write_value (asn, "surname", "Turanga", 7);
asn1_write_value (asn, "given-name", "Leela", 5);
asn1_write_value (asn, "initials", NULL, 0);
asn1_write_value (asn, "generation-qualifier", "Alien", 5);
len = sizeof (buffer);
res = asn1_der_coding (asn, "", buffer, &len, NULL);
g_assert (res == ASN1_SUCCESS);
asn1_delete_structure (&asn);
asn1_delete_structure (&asn1_pkix);
if (!g_file_set_contents ("/tmp/personal-name.der", (gchar*)buffer, len, NULL))
g_assert (FALSE);
}
/* Sets the time in time_t in the ASN1_TYPE given. Where should
* be something like "tbsCertList.thisUpdate".
*/
int
_gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim)
{
char str_time[MAX_TIME];
char name[128];
int result, len;
_gnutls_str_cpy (name, sizeof (name), where);
if ((result = asn1_write_value (c2, name, "utcTime", 1)) < 0)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
result = _gnutls_x509_gtime2utcTime (tim, str_time, sizeof (str_time));
if (result < 0)
{
gnutls_assert ();
return result;
}
_gnutls_str_cat (name, sizeof (name), ".utcTime");
len = strlen (str_time);
result = asn1_write_value (c2, name, str_time, len);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
return 0;
}
static bool
write_usages (node_asn *asn,
const char *field,
p11_array *oids)
{
char *last;
int ret;
int i;
/*
* No oids? Then doing this will make the entire optional
* field go away
*/
if (oids == NULL) {
ret = asn1_write_value (asn, field, NULL, 0);
return_val_if_fail (ret == ASN1_SUCCESS, false);
} else {
if (asprintf (&last, "%s.?LAST", field) < 0)
return_val_if_reached (false);
for (i = 0; i < oids->num; i++) {
ret = asn1_write_value (asn, field, "NEW", 1);
return_val_if_fail (ret == ASN1_SUCCESS, false);
ret = asn1_write_value (asn, last, oids->elem[i], -1);
return_val_if_fail (ret == ASN1_SUCCESS, false);
}
free (last);
}
return true;
}
/* generate the proxyCertInfo in a DER encoded extension
*/
int
_gnutls_x509_ext_gen_proxyCertInfo(int pathLenConstraint,
const char *policyLanguage,
const char *policy,
size_t sizeof_policy,
gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int result;
result = asn1_create_element(_gnutls_get_pkix(),
"PKIX1.ProxyCertInfo", &ext);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
if (pathLenConstraint < 0) {
result =
asn1_write_value(ext, "pCPathLenConstraint", NULL, 0);
if (result != ASN1_SUCCESS)
result = _gnutls_asn2err(result);
} else
result =
_gnutls_x509_write_uint32(ext, "pCPathLenConstraint",
pathLenConstraint);
if (result < 0) {
gnutls_assert();
asn1_delete_structure(&ext);
return result;
}
result = asn1_write_value(ext, "proxyPolicy.policyLanguage",
policyLanguage, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
result = asn1_write_value(ext, "proxyPolicy.policy",
policy, sizeof_policy);
if (result != ASN1_SUCCESS) {
gnutls_assert();
asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
asn1_delete_structure(&ext);
if (result < 0) {
gnutls_assert();
return result;
}
return 0;
}
/* This function will attempt to set the requested extension in
* the given X509v3 certificate.
*
* Critical will be either 0 or 1.
*/
static int
add_extension(ASN1_TYPE asn, const char *root, const char *extension_id,
const gnutls_datum_t * ext_data, unsigned int critical)
{
int result;
const char *str;
char name[ASN1_MAX_NAME_SIZE];
snprintf(name, sizeof(name), "%s", root);
/* Add a new extension in the list.
*/
result = asn1_write_value(asn, name, "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
if (root[0] != 0)
snprintf(name, sizeof(name), "%s.?LAST.extnID", root);
else
snprintf(name, sizeof(name), "?LAST.extnID");
result = asn1_write_value(asn, name, extension_id, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
if (critical == 0)
str = "FALSE";
else
str = "TRUE";
if (root[0] != 0)
snprintf(name, sizeof(name), "%s.?LAST.critical", root);
else
snprintf(name, sizeof(name), "?LAST.critical");
result = asn1_write_value(asn, name, str, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
if (root[0] != 0)
snprintf(name, sizeof(name), "%s.?LAST.extnValue", root);
else
snprintf(name, sizeof(name), "?LAST.extnValue");
result = _gnutls_x509_write_value(asn, name, ext_data);
if (result < 0) {
gnutls_assert();
return result;
}
return 0;
}
/* generate the basicConstraints in a DER encoded extension
* Use 0 or 1 (TRUE) for CA.
* Use negative error codes for pathLenConstraint to indicate that the field
* should not be present, >= 0 to indicate set values.
*/
int
_gnutls_x509_ext_gen_basicConstraints (int CA,
int pathLenConstraint,
gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
const char *str;
int result;
if (CA == 0)
str = "FALSE";
else
str = "TRUE";
result =
asn1_create_element (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
result = asn1_write_value (ext, "cA", str, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
asn1_delete_structure (&ext);
return _gnutls_asn2err (result);
}
if (pathLenConstraint < 0)
{
result = asn1_write_value (ext, "pathLenConstraint", NULL, 0);
if (result < 0)
result = _gnutls_asn2err (result);
}
else
result = _gnutls_x509_write_uint32 (ext, "pathLenConstraint",
pathLenConstraint);
if (result < 0)
{
gnutls_assert ();
asn1_delete_structure (&ext);
return result;
}
result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
asn1_delete_structure (&ext);
if (result < 0)
{
gnutls_assert ();
return result;
}
return 0;
}
static int
write_new_general_name(ASN1_TYPE ext, const char *ext_name,
gnutls_x509_subject_alt_name_t type,
const void *data, unsigned int data_size)
{
const char *str;
int result;
char name[128];
result = asn1_write_value(ext, ext_name, "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
switch (type) {
case GNUTLS_SAN_DNSNAME:
str = "dNSName";
break;
case GNUTLS_SAN_RFC822NAME:
str = "rfc822Name";
break;
case GNUTLS_SAN_URI:
str = "uniformResourceIdentifier";
break;
case GNUTLS_SAN_IPADDRESS:
str = "iPAddress";
break;
default:
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
if (ext_name[0] == 0) { /* no dot */
_gnutls_str_cpy(name, sizeof(name), "?LAST");
} else {
_gnutls_str_cpy(name, sizeof(name), ext_name);
_gnutls_str_cat(name, sizeof(name), ".?LAST");
}
result = asn1_write_value(ext, name, str, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
_gnutls_str_cat(name, sizeof(name), ".");
_gnutls_str_cat(name, sizeof(name), str);
result = asn1_write_value(ext, name, data, data_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
return 0;
}
/* Creates an empty PFX structure for the PKCS12 structure.
*/
static int
create_empty_pfx (ASN1_TYPE pkcs12)
{
uint8_t three = 3;
int result;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
/* Use version 3
*/
result = asn1_write_value (pkcs12, "version", &three, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
goto cleanup;
}
/* Write the content type of the data
*/
result = asn1_write_value (pkcs12, "authSafe.contentType", DATA_OID, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
goto cleanup;
}
/* Check if the authenticatedSafe content is empty, and encode a
* null one in that case.
*/
if ((result = asn1_create_element
(_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe",
&c2)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
goto cleanup;
}
result =
_gnutls_x509_der_encode_and_copy (c2, "", pkcs12, "authSafe.content", 1);
if (result < 0)
{
gnutls_assert ();
goto cleanup;
}
asn1_delete_structure (&c2);
return 0;
cleanup:
asn1_delete_structure (&c2);
return result;
}
/**
* gnutls_x509_crl_set_crt_serial - This function will set a revoked certificate's serial number
* @crl: should contain a gnutls_x509_crl_t structure
* @serial: The revoked certificate's serial number
* @serial_size: Holds the size of the serial field.
* @revocation_time: The time this certificate was revoked
*
* This function will set a revoked certificate's serial number to the CRL.
*
* Returns 0 on success, or a negative value in case of an error.
*
**/
int
gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
const void *serial, size_t serial_size,
time_t revocation_time)
{
int ret;
if (crl == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
ret =
asn1_write_value (crl->crl, "tbsCertList.revokedCertificates", "NEW", 1);
if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (ret);
}
ret =
asn1_write_value (crl->crl,
"tbsCertList.revokedCertificates.?LAST.userCertificate",
serial, serial_size);
if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (ret);
}
ret =
_gnutls_x509_set_time (crl->crl,
"tbsCertList.revokedCertificates.?LAST.revocationDate",
revocation_time);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret =
asn1_write_value (crl->crl,
"tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
NULL, 0);
if (ret != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (ret);
}
return 0;
}
static int encode_user_notice(const gnutls_datum_t * txt,
gnutls_datum_t * der_data)
{
int result;
ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
if ((result =
asn1_create_element(_gnutls_get_pkix(),
"PKIX1.UserNotice",
&c2)) != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto error;
}
/* delete noticeRef */
result = asn1_write_value(c2, "noticeRef", NULL, 0);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto error;
}
result = asn1_write_value(c2, "explicitText", "utf8String", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto error;
}
result =
asn1_write_value(c2, "explicitText.utf8String", txt->data,
txt->size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto error;
}
result = _gnutls_x509_der_encode(c2, "", der_data, 0);
if (result < 0) {
gnutls_assert();
goto error;
}
result = 0;
error:
asn1_delete_structure(&c2);
return result;
}
/*
* This function writes and encodes the parameters for DSS or RSA keys.
* This is the "signatureAlgorithm" fields.
*/
int
_gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
gnutls_pk_algorithm_t pk_algorithm,
gnutls_digest_algorithm_t dig)
{
int result;
char name[128];
const char *pk;
_gnutls_str_cpy (name, sizeof (name), dst_name);
_gnutls_str_cat (name, sizeof (name), ".algorithm");
pk = _gnutls_x509_sign_to_oid (pk_algorithm, HASH2MAC (dig));
if (pk == NULL)
{
gnutls_assert ();
_gnutls_debug_log
("Cannot find OID for sign algorithm pk: %d dig: %d\n",
(int) pk_algorithm, (int) dig);
return GNUTLS_E_INVALID_REQUEST;
}
/* write the OID.
*/
result = asn1_write_value (dst, name, pk, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
_gnutls_str_cpy (name, sizeof (name), dst_name);
_gnutls_str_cat (name, sizeof (name), ".parameters");
if (pk_algorithm == GNUTLS_PK_RSA)
result = asn1_write_value (dst, name, ASN1_NULL, ASN1_NULL_SIZE);
else
result = asn1_write_value (dst, name, NULL, 0);
if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
{
/* Here we ignore the element not found error, since this
* may have been disabled before.
*/
gnutls_assert ();
return _gnutls_asn2err (result);
}
return 0;
}
int
_gnutls_write_general_name(ASN1_TYPE ext, const char *ext_name,
gnutls_x509_subject_alt_name_t type,
const void *data, unsigned int data_size)
{
const char *str;
int result;
char name[128];
if (data == NULL) {
if (data_size == 0)
data = (void*)"";
else
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
switch (type) {
case GNUTLS_SAN_DNSNAME:
str = "dNSName";
break;
case GNUTLS_SAN_RFC822NAME:
str = "rfc822Name";
break;
case GNUTLS_SAN_URI:
str = "uniformResourceIdentifier";
break;
case GNUTLS_SAN_IPADDRESS:
str = "iPAddress";
break;
default:
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
}
result = asn1_write_value(ext, ext_name, str, 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
snprintf(name, sizeof(name), "%s.%s", ext_name, str);
result = asn1_write_value(ext, name, data, data_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
return 0;
}
/*
* This function writes the parameters for ECC keys.
* That is the ECParameters struct.
*
* Allocates the space used to store the DER data.
*/
int
_gnutls_x509_write_ecc_params(gnutls_ecc_curve_t curve,
gnutls_datum_t * der)
{
int result;
ASN1_TYPE spk = ASN1_TYPE_EMPTY;
const char *oid;
der->data = NULL;
der->size = 0;
oid = _gnutls_ecc_curve_get_oid(curve);
if (oid == NULL)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
if ((result = asn1_create_element
(_gnutls_get_gnutls_asn(), "GNUTLS.ECParameters", &spk))
!= ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
if ((result =
asn1_write_value(spk, "", "namedCurve", 1)) != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto cleanup;
}
if ((result =
asn1_write_value(spk, "namedCurve", oid,
1)) != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto cleanup;
}
result = _gnutls_x509_der_encode(spk, "", der, 0);
if (result < 0) {
gnutls_assert();
goto cleanup;
}
result = 0;
cleanup:
asn1_delete_structure(&spk);
return result;
}
/* This will write the AttributeTypeAndValue field. The data must be already DER encoded.
* 'multi' must be zero if writing an AttributeTypeAndValue, and 1 if Attribute.
* In all cases only one value is written.
*/
int
_gnutls_x509_write_attribute (const char *given_oid,
ASN1_TYPE asn1_struct, const char *where,
const void *_data, int sizeof_data, int multi)
{
char tmp[128];
int result;
/* write the data (value)
*/
_gnutls_str_cpy (tmp, sizeof (tmp), where);
_gnutls_str_cat (tmp, sizeof (tmp), ".value");
if (multi != 0)
{ /* if not writing an AttributeTypeAndValue, but an Attribute */
_gnutls_str_cat (tmp, sizeof (tmp), "s"); /* values */
result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
_gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
}
result = asn1_write_value (asn1_struct, tmp, _data, sizeof_data);
if (result < 0)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
/* write the type
*/
_gnutls_str_cpy (tmp, sizeof (tmp), where);
_gnutls_str_cat (tmp, sizeof (tmp), ".type");
result = asn1_write_value (asn1_struct, tmp, given_oid, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
return 0;
}
/* Writes the value of the datum in the given ASN1_TYPE as a string.
*/
int
_gnutls_x509_write_string(ASN1_TYPE c, const char *root,
const gnutls_datum_t * data, unsigned int etype)
{
int ret;
gnutls_datum_t val = { NULL, 0 };
ret =
_gnutls_x509_encode_string(etype, data->data, data->size,
&val);
if (ret < 0)
return gnutls_assert_val(ret);
/* Write the data.
*/
ret = asn1_write_value(c, root, val.data, val.size);
if (ret != ASN1_SUCCESS) {
gnutls_assert();
ret = _gnutls_asn2err(ret);
goto cleanup;
}
ret = 0;
cleanup:
_gnutls_free_datum(&val);
return ret;
}
/* If OPTIONAL fields have not been initialized then
* disable them.
*/
static void disable_optional_stuff(gnutls_x509_crl_t crl)
{
time_t t;
t = _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate", 0);
if (t == (time_t)-1) {
(void)asn1_write_value(crl->crl, "tbsCertList.nextUpdate", NULL, 0);
}
if (crl->use_extensions == 0) {
(void)asn1_write_value(crl->crl, "tbsCertList.crlExtensions",
NULL, 0);
}
return;
}
/* generate the SubjectKeyID in a DER encoded extension
*/
int
_gnutls_x509_ext_gen_key_id(const void *id, size_t id_size,
gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int result;
result =
asn1_create_element(_gnutls_get_pkix(),
"PKIX1.SubjectKeyIdentifier", &ext);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
result = asn1_write_value(ext, "", id, id_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
asn1_delete_structure(&ext);
if (result < 0) {
gnutls_assert();
return result;
}
return 0;
}
/* generate an INTEGER in a DER encoded extension
*/
int
_gnutls_x509_ext_gen_number(const uint8_t * number, size_t nr_size,
gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int result;
result =
asn1_create_element(_gnutls_get_pkix(),
"PKIX1.CertificateSerialNumber", &ext);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
result = asn1_write_value(ext, "", number, nr_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
asn1_delete_structure(&ext);
if (result < 0) {
gnutls_assert();
return result;
}
return 0;
}
int
_gnutls_write_new_general_name(ASN1_TYPE ext, const char *ext_name,
gnutls_x509_subject_alt_name_t type,
const void *data, unsigned int data_size)
{
int result;
char name[128];
result = asn1_write_value(ext, ext_name, "NEW", 1);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
if (ext_name[0] == 0) { /* no dot */
_gnutls_str_cpy(name, sizeof(name), "?LAST");
} else {
_gnutls_str_cpy(name, sizeof(name), ext_name);
_gnutls_str_cat(name, sizeof(name), ".?LAST");
}
result = _gnutls_write_general_name(ext, name, type,
data, data_size);
if (result < 0) {
gnutls_assert();
return result;
}
return 0;
}
/* generate the keyUsage in a DER encoded extension
* Use an ORed SEQUENCE of GNUTLS_KEY_* for usage.
*/
int _gnutls_x509_ext_gen_keyUsage(uint16_t usage, gnutls_datum_t * der_ext)
{
ASN1_TYPE ext = ASN1_TYPE_EMPTY;
int result;
uint8_t str[2];
result =
asn1_create_element(_gnutls_get_pkix(), "PKIX1.KeyUsage",
&ext);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
str[0] = usage & 0xff;
str[1] = usage >> 8;
result = asn1_write_value(ext, "", str, 9);
if (result != ASN1_SUCCESS) {
gnutls_assert();
asn1_delete_structure(&ext);
return _gnutls_asn2err(result);
}
result = _gnutls_x509_der_encode(ext, "", der_ext, 0);
asn1_delete_structure(&ext);
if (result < 0) {
gnutls_assert();
return result;
}
return 0;
}
/**
* gnutls_x509_crl_set_version - This function will set the CRL version
* @crl: should contain a gnutls_x509_crl_t structure
* @version: holds the version number. For CRLv1 crls must be 1.
*
* This function will set the version of the CRL. This
* must be one for CRL version 1, and so on. The CRLs generated
* by gnutls should have a version number of 2.
*
* Returns 0 on success.
*
**/
int
gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version)
{
int result;
char null = version;
if (crl == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
null -= 1;
if (null < 0)
null = 0;
result = asn1_write_value (crl->crl, "tbsCertList.version", &null, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
return 0;
}
/**
* gnutls_x509_crq_set_version - This function will set the Certificate request version
* @crq: should contain a gnutls_x509_crq_t structure
* @version: holds the version number. For v1 Requests must be 1.
*
* This function will set the version of the certificate request. For
* version 1 requests this must be one.
*
* Returns 0 on success.
*
**/
int
gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, unsigned int version)
{
int result;
unsigned char null = version;
if (crq == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
if (null > 0)
null--;
result =
asn1_write_value (crq->crq, "certificationRequestInfo.version", &null, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
return 0;
}
/* DER Encodes the src ASN1_TYPE and stores it to
* dest in dest_name. Useful to encode something and store it
* as OCTET. If str is non null then the data are encoded as
* an OCTET STRING.
*/
int
_gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name,
ASN1_TYPE dest, const char *dest_name,
int str)
{
int result;
gnutls_datum_t encoded;
result = _gnutls_x509_der_encode (src, src_name, &encoded, str);
if (result < 0)
{
gnutls_assert ();
return result;
}
/* Write the data.
*/
result = asn1_write_value (dest, dest_name, encoded.data, encoded.size);
_gnutls_free_datum (&encoded);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
return 0;
}
/* If OPTIONAL fields have not been initialized then
* disable them.
*/
static void
disable_optional_stuff (gnutls_x509_crl_t crl)
{
asn1_write_value (crl->crl, "tbsCertList.crlExtensions", NULL, 0);
return;
}
/* If OPTIONAL fields have not been initialized then
* disable them.
*/
static void disable_optional_stuff(gnutls_x509_crt_t cert)
{
asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL,
0);
asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID",
NULL, 0);
if (cert->use_extensions == 0) {
_gnutls_debug_log("Disabling X.509 extensions.\n");
asn1_write_value(cert->cert, "tbsCertificate.extensions",
NULL, 0);
}
return;
}
/* Sets the time in time_t in the ASN1_TYPE given. Where should
* be something like "tbsCertList.thisUpdate".
*/
int
_gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim,
int nochoice)
{
char str_time[MAX_TIME];
char name[128];
int result, len;
if (nochoice != 0) {
result =
gtime2generalTime(tim, str_time, sizeof(str_time));
if (result < 0)
return gnutls_assert_val(result);
len = strlen(str_time);
result = asn1_write_value(c2, where, str_time, len);
if (result != ASN1_SUCCESS)
return gnutls_assert_val(_gnutls_asn2err(result));
return 0;
}
_gnutls_str_cpy(name, sizeof(name), where);
if ((result = asn1_write_value(c2, name, "generalTime", 1)) < 0) {
gnutls_assert();
return _gnutls_asn2err(result);
}
result = gtime2generalTime(tim, str_time, sizeof(str_time));
if (result < 0) {
gnutls_assert();
return result;
}
_gnutls_str_cat(name, sizeof(name), ".generalTime");
len = strlen(str_time);
result = asn1_write_value(c2, name, str_time, len);
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
return 0;
}
static bool
write_alias (p11_enumerate *ex,
node_asn *asn)
{
CK_ATTRIBUTE *label;
int ret;
label = p11_attrs_find_valid (ex->attrs, CKA_LABEL);
if (label == NULL) {
ret = asn1_write_value (asn, "alias", NULL, 0);
return_val_if_fail (ret == ASN1_SUCCESS, false);
} else {
ret = asn1_write_value (asn, "alias", label->pValue, label->ulValueLen);
return_val_if_fail (ret == ASN1_SUCCESS, false);
}
return true;
}