53#if !defined(MBEDTLS_CONFIG_FILE)
56#include MBEDTLS_CONFIG_FILE
59#if defined(MBEDTLS_X509_CRT_WRITE_C)
69#if defined(MBEDTLS_PEM_WRITE_C)
77#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
78#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
80#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
111 ctx->md_alg = md_alg;
127 const char *subject_name )
133 const char *issuer_name )
150 const char *not_before,
151 const char *not_after )
167 const char *oid,
size_t oid_len,
169 const unsigned char *
val,
size_t val_len )
172 critical,
val, val_len ) );
176 int is_ca,
int max_pathlen )
179 unsigned char buf[9];
180 unsigned char *
c =
buf +
sizeof(
buf);
185 if( is_ca && max_pathlen > 127 )
190 if( max_pathlen >= 0 )
209#if defined(MBEDTLS_SHA1_C)
214 unsigned char *
c =
buf +
sizeof(
buf);
219 mbedtls_pk_write_pubkey( &
c,
buf,
ctx->subject_key ) );
222 buf +
sizeof(
buf ) - 20 );
232 return mbedtls_x509write_crt_set_extension(
ctx,
242 unsigned char *
c =
buf +
sizeof(
buf );
247 mbedtls_pk_write_pubkey( &
c,
buf,
ctx->issuer_key ) );
250 buf +
sizeof(
buf ) - 20 );
266 return mbedtls_x509write_crt_set_extension(
273static size_t crt_get_unused_bits_for_named_bitstring(
unsigned char bitstring,
279 for( unused_bits = bit_offset; unused_bits < 8; unused_bits++ )
280 if( ( ( bitstring >> unused_bits ) & 0x1 ) != 0 )
283 return( unused_bits );
287 unsigned int key_usage )
289 unsigned char buf[4], ku;
302 if( ( key_usage & ~allowed_bits ) != 0 )
306 ku = (
unsigned char)key_usage;
307 unused_bits = crt_get_unused_bits_for_named_bitstring( ku, 1 );
312 else if( ret < 3 || ret > 4 )
325 unsigned char ns_cert_type )
327 unsigned char buf[4];
334 unused_bits = crt_get_unused_bits_for_named_bitstring( ns_cert_type, 0 );
339 if( ret < 3 || ret > 4 )
351static int x509_write_time(
unsigned char **
p,
unsigned char *
start,
352 const char *
t,
size_t size )
360 if(
t[0] ==
'2' &&
t[1] ==
'0' &&
t[2] <
'5' )
363 (
const unsigned char *)
t + 2,
372 (
const unsigned char *)
t,
383 unsigned char *
buf,
size_t size,
384 int (*f_rng)(
void *,
unsigned char *,
size_t),
389 size_t sig_oid_len = 0;
390 unsigned char *
c, *c2;
391 unsigned char hash[64];
392 unsigned char sig[SIGNATURE_MAX_SIZE];
393 size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
414 &sig_oid, &sig_oid_len ) ) != 0 )
445 mbedtls_pk_write_pubkey_der(
ctx->subject_key,
465 x509_write_time( &
c,
buf,
ctx->not_after,
469 x509_write_time( &
c,
buf,
ctx->not_before,
490 sig_oid,
strlen( sig_oid ), 0 ) );
534 hash, 0, sig, &sig_len,
535 f_rng, p_rng ) ) != 0 )
550 sig_oid, sig_oid_len, sig, sig_len ) );
563 len += sig_and_oid_len;
572#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n"
573#define PEM_END_CRT "-----END CERTIFICATE-----\n"
575#if defined(MBEDTLS_PEM_WRITE_C)
577 unsigned char *
buf,
size_t size,
578 int (*f_rng)(
void *,
unsigned char *,
size_t),
584 if( (
ret = mbedtls_x509write_crt_der( crt,
buf,
size,
585 f_rng, p_rng ) ) < 0 )
590 if( (
ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
ACPI_SIZE strlen(const char *String)
char * strncpy(char *DstString, const char *SrcString, ACPI_SIZE Count)
ASN.1 buffer writing functionality.
int mbedtls_asn1_write_raw_buffer(unsigned char **p, unsigned char *start, const unsigned char *buf, size_t size)
Write raw buffer data.
int mbedtls_asn1_write_tag(unsigned char **p, unsigned char *start, unsigned char tag)
Write an ASN.1 tag in ASN.1 format.
int mbedtls_asn1_write_bitstring(unsigned char **p, unsigned char *start, const unsigned char *buf, size_t bits)
Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and value in ASN.1 format.
#define MBEDTLS_ASN1_CHK_ADD(g, f)
int mbedtls_asn1_write_int(unsigned char **p, unsigned char *start, int val)
Write an int tag (MBEDTLS_ASN1_INTEGER) and value in ASN.1 format.
int mbedtls_asn1_write_len(unsigned char **p, unsigned char *start, size_t len)
Write a length field in ASN.1 format.
int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, size_t par_len)
Write an AlgorithmIdentifier sequence in ASN.1 format.
int mbedtls_asn1_write_mpi(unsigned char **p, unsigned char *start, const mbedtls_mpi *X)
Write a arbitrary-precision number (MBEDTLS_ASN1_INTEGER) in ASN.1 format.
int mbedtls_asn1_write_bool(unsigned char **p, unsigned char *start, int boolean)
Write a boolean tag (MBEDTLS_ASN1_BOOLEAN) and value in ASN.1 format.
#define MBEDTLS_MPI_MAX_SIZE
int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y)
Make a copy of an MPI.
void mbedtls_mpi_init(mbedtls_mpi *X)
Initialize an MPI context.
void mbedtls_mpi_free(mbedtls_mpi *X)
This function frees the components of an MPI context.
static const WCHAR version[]
GLenum GLuint GLenum GLsizei const GLchar * buf
#define MBEDTLS_ASN1_OCTET_STRING
#define MBEDTLS_ASN1_GENERALIZED_TIME
#define MBEDTLS_ASN1_SEQUENCE
#define MBEDTLS_ASN1_CONTEXT_SPECIFIC
#define MBEDTLS_ASN1_CONSTRUCTED
#define MBEDTLS_OID_SIZE(x)
#define MBEDTLS_ASN1_UTC_TIME
void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head)
Free all entries in a mbedtls_asn1_named_data list Head will be set to NULL.
int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size)
#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE
int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
#define MBEDTLS_ERR_X509_INVALID_FORMAT
int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
#define MBEDTLS_X509_KU_KEY_CERT_SIGN
#define MBEDTLS_X509_CRT_VERSION_3
#define MBEDTLS_X509_CRT_VERSION_1
#define MBEDTLS_X509_KU_CRL_SIGN
#define MBEDTLS_X509_KU_NON_REPUDIATION
#define MBEDTLS_X509_KU_KEY_AGREEMENT
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT
#define MBEDTLS_ERR_X509_INVALID_ALG
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA
int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name)
This file contains SHA-1 definitions and functions.
int mbedtls_sha1_ret(const unsigned char *input, size_t ilen, unsigned char output[20])
This function calculates the SHA-1 checksum of a buffer.
mbedtls_md_type_t
Supported message digests.
int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output)
This function calculates the message-digest of a buffer, with respect to a configurable message-diges...
#define memmove(s1, s2, n)
Object Identifier (OID) database.
#define MBEDTLS_OID_BASIC_CONSTRAINTS
#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER
#define MBEDTLS_OID_KEY_USAGE
#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER
#define MBEDTLS_OID_NS_CERT_TYPE
int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const char **oid, size_t *olen)
Translate md_type and pk_type into SignatureAlgorithm OID.
Privacy Enhanced Mail (PEM) decoding.
int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type)
Tell if a context can do the operation given by type.
mbedtls_pk_type_t
Public key types.
int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Make signature, including padding if relevant.
#define mbedtls_md_info_from_type
Configuration options (set of defines)
X.509 certificate parsing and writing.