int x509write_crt_set_basic_constraints( x509write_cert *ctx, int is_ca, int max_pathlen ) { int ret; unsigned char buf[9]; unsigned char *c = buf + sizeof(buf); size_t len = 0; memset( buf, 0, sizeof(buf) ); if( is_ca && max_pathlen > 127 ) return( POLARSSL_ERR_X509_BAD_INPUT_DATA ); if( is_ca ) { if( max_pathlen >= 0 ) { ASN1_CHK_ADD( len, asn1_write_int( &c, buf, max_pathlen ) ); } ASN1_CHK_ADD( len, asn1_write_bool( &c, buf, 1 ) ); } ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return x509write_crt_set_extension( ctx, OID_BASIC_CONSTRAINTS, OID_SIZE( OID_BASIC_CONSTRAINTS ), 0, buf + sizeof(buf) - len, len ); }
int x509write_crt_set_authority_key_identifier( x509write_cert *ctx ) { int ret; unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof(buf); size_t len = 0; memset( buf, 0, sizeof(buf)); ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->issuer_key ) ); sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); c = buf + sizeof(buf) - 20; len = 20; ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONTEXT_SPECIFIC | 0 ) ); ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ); return x509write_crt_set_extension( ctx, OID_AUTHORITY_KEY_IDENTIFIER, OID_SIZE( OID_AUTHORITY_KEY_IDENTIFIER ), 0, buf + sizeof(buf) - len, len ); }
int x509write_crt_set_key_usage( x509write_cert *ctx, unsigned char key_usage ) { unsigned char buf[4]; unsigned char *c; int ret; c = buf + 4; if( ( ret = asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 ) return( ret ); ret = x509write_crt_set_extension( ctx, OID_KEY_USAGE, OID_SIZE( OID_KEY_USAGE ), 1, buf, 4 ); if( ret != 0 ) return( ret ); return( 0 ); }
int x509write_crt_set_ns_cert_type( x509write_cert *ctx, unsigned char ns_cert_type ) { unsigned char buf[4]; unsigned char *c; int ret; c = buf + 4; if( ( ret = asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 ) return( ret ); ret = x509write_crt_set_extension( ctx, OID_NS_CERT_TYPE, OID_SIZE( OID_NS_CERT_TYPE ), 0, buf, 4 ); if( ret != 0 ) return( ret ); return( 0 ); }
int x509write_crt_set_subject_key_identifier( x509write_cert *ctx ) { int ret; unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof(buf); size_t len = 0; memset( buf, 0, sizeof(buf)); ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->subject_key ) ); sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); c = buf + sizeof(buf) - 20; len = 20; ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) ); ASN1_CHK_ADD( len, asn1_write_tag( &c, buf, ASN1_OCTET_STRING ) ); return x509write_crt_set_extension( ctx, OID_SUBJECT_KEY_IDENTIFIER, OID_SIZE( OID_SUBJECT_KEY_IDENTIFIER ), 0, buf + sizeof(buf) - len, len ); }