ReactOS 0.4.16-dev-340-g0540c21
x509_create.c
Go to the documentation of this file.
1/*
2 * X.509 base functions for creating certificates / CSRs
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 *
7 * This file is provided under the Apache License 2.0, or the
8 * GNU General Public License v2.0 or later.
9 *
10 * **********
11 * Apache License 2.0:
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
24 *
25 * **********
26 *
27 * **********
28 * GNU General Public License v2.0 or later:
29 *
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
34 *
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
39 *
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43 *
44 * **********
45 */
46
47#if !defined(MBEDTLS_CONFIG_FILE)
48#include "mbedtls/config.h"
49#else
50#include MBEDTLS_CONFIG_FILE
51#endif
52
53#if defined(MBEDTLS_X509_CREATE_C)
54
55#include "mbedtls/x509.h"
56#include "mbedtls/asn1write.h"
57#include "mbedtls/oid.h"
58
59#include <string.h>
60
61/* Structure linking OIDs for X.509 DN AttributeTypes to their
62 * string representations and default string encodings used by Mbed TLS. */
63typedef struct {
64 const char *name; /* String representation of AttributeType, e.g.
65 * "CN" or "emailAddress". */
66 size_t name_len; /* Length of 'name', without trailing 0 byte. */
67 const char *oid; /* String representation of OID of AttributeType,
68 * as per RFC 5280, Appendix A.1. */
69 int default_tag; /* The default character encoding used for the
70 * given attribute type, e.g.
71 * MBEDTLS_ASN1_UTF8_STRING for UTF-8. */
72} x509_attr_descriptor_t;
73
74#define ADD_STRLEN( s ) s, sizeof( s ) - 1
75
76/* X.509 DN attributes from RFC 5280, Appendix A.1. */
77static const x509_attr_descriptor_t x509_attrs[] =
78{
79 { ADD_STRLEN( "CN" ),
81 { ADD_STRLEN( "commonName" ),
83 { ADD_STRLEN( "C" ),
85 { ADD_STRLEN( "countryName" ),
87 { ADD_STRLEN( "O" ),
89 { ADD_STRLEN( "organizationName" ),
91 { ADD_STRLEN( "L" ),
93 { ADD_STRLEN( "locality" ),
95 { ADD_STRLEN( "R" ),
97 { ADD_STRLEN( "OU" ),
99 { ADD_STRLEN( "organizationalUnitName" ),
101 { ADD_STRLEN( "ST" ),
103 { ADD_STRLEN( "stateOrProvinceName" ),
105 { ADD_STRLEN( "emailAddress" ),
107 { ADD_STRLEN( "serialNumber" ),
109 { ADD_STRLEN( "postalAddress" ),
111 { ADD_STRLEN( "postalCode" ),
113 { ADD_STRLEN( "dnQualifier" ),
115 { ADD_STRLEN( "title" ),
117 { ADD_STRLEN( "surName" ),
119 { ADD_STRLEN( "SN" ),
121 { ADD_STRLEN( "givenName" ),
123 { ADD_STRLEN( "GN" ),
125 { ADD_STRLEN( "initials" ),
127 { ADD_STRLEN( "pseudonym" ),
129 { ADD_STRLEN( "generationQualifier" ),
131 { ADD_STRLEN( "domainComponent" ),
133 { ADD_STRLEN( "DC" ),
136};
137
138static const x509_attr_descriptor_t *x509_attr_descr_from_name( const char *name, size_t name_len )
139{
140 const x509_attr_descriptor_t *cur;
141
142 for( cur = x509_attrs; cur->name != NULL; cur++ )
143 if( cur->name_len == name_len &&
144 strncmp( cur->name, name, name_len ) == 0 )
145 break;
146
147 if ( cur->name == NULL )
148 return( NULL );
149
150 return( cur );
151}
152
154{
155 int ret = 0;
156 const char *s = name, *c = s;
157 const char *end = s + strlen( s );
158 const char *oid = NULL;
159 const x509_attr_descriptor_t* attr_descr = NULL;
160 int in_tag = 1;
162 char *d = data;
163
164 /* Clear existing chain if present */
166
167 while( c <= end )
168 {
169 if( in_tag && *c == '=' )
170 {
171 if( ( attr_descr = x509_attr_descr_from_name( s, c - s ) ) == NULL )
172 {
174 goto exit;
175 }
176
177 oid = attr_descr->oid;
178 s = c + 1;
179 in_tag = 0;
180 d = data;
181 }
182
183 if( !in_tag && *c == '\\' && c != end )
184 {
185 c++;
186
187 /* Check for valid escaped characters */
188 if( c == end || *c != ',' )
189 {
191 goto exit;
192 }
193 }
194 else if( !in_tag && ( *c == ',' || c == end ) )
195 {
198 (unsigned char *) data,
199 d - data );
200
201 if(cur == NULL )
202 {
204 }
205
206 // set tagType
207 cur->val.tag = attr_descr->default_tag;
208
209 while( c < end && *(c + 1) == ' ' )
210 c++;
211
212 s = c + 1;
213 in_tag = 1;
214 }
215
216 if( !in_tag && s != c + 1 )
217 {
218 *(d++) = *c;
219
221 {
223 goto exit;
224 }
225 }
226
227 c++;
228 }
229
230exit:
231
232 return( ret );
233}
234
235/* The first byte of the value in the mbedtls_asn1_named_data structure is reserved
236 * to store the critical boolean for us
237 */
238int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
239 int critical, const unsigned char *val, size_t val_len )
240{
242
243 if( ( cur = mbedtls_asn1_store_named_data( head, oid, oid_len,
244 NULL, val_len + 1 ) ) == NULL )
245 {
247 }
248
249 cur->val.p[0] = critical;
250 memcpy( cur->val.p + 1, val, val_len );
251
252 return( 0 );
253}
254
255/*
256 * RelativeDistinguishedName ::=
257 * SET OF AttributeTypeAndValue
258 *
259 * AttributeTypeAndValue ::= SEQUENCE {
260 * type AttributeType,
261 * value AttributeValue }
262 *
263 * AttributeType ::= OBJECT IDENTIFIER
264 *
265 * AttributeValue ::= ANY DEFINED BY AttributeType
266 */
267static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data* cur_name)
268{
269 int ret;
270 size_t len = 0;
271 const char *oid = (const char*)cur_name->oid.p;
272 size_t oid_len = cur_name->oid.len;
273 const unsigned char *name = cur_name->val.p;
274 size_t name_len = cur_name->val.len;
275
276 // Write correct string tag and value
278 cur_name->val.tag,
279 (const char *) name,
280 name_len ) );
281 // Write OID
282 //
284 oid_len ) );
285
290
295
296 return( (int) len );
297}
298
299int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
301{
302 int ret;
303 size_t len = 0;
305
306 while( cur != NULL )
307 {
308 MBEDTLS_ASN1_CHK_ADD( len, x509_write_name( p, start, cur ) );
309 cur = cur->next;
310 }
311
315
316 return( (int) len );
317}
318
319int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
320 const char *oid, size_t oid_len,
321 unsigned char *sig, size_t size )
322{
323 int ret;
324 size_t len = 0;
325
326 if( *p < start || (size_t)( *p - start ) < size )
328
329 len = size;
330 (*p) -= len;
331 memcpy( *p, sig, len );
332
333 if( *p - start < 1 )
335
336 *--(*p) = 0;
337 len += 1;
338
341
342 // Write OID
343 //
345 oid_len, 0 ) );
346
347 return( (int) len );
348}
349
350static int x509_write_extension( unsigned char **p, unsigned char *start,
352{
353 int ret;
354 size_t len = 0;
355
357 ext->val.len - 1 ) );
360
361 if( ext->val.p[0] != 0 )
362 {
364 }
365
367 ext->oid.len ) );
370
374
375 return( (int) len );
376}
377
378/*
379 * Extension ::= SEQUENCE {
380 * extnID OBJECT IDENTIFIER,
381 * critical BOOLEAN DEFAULT FALSE,
382 * extnValue OCTET STRING
383 * -- contains the DER encoding of an ASN.1 value
384 * -- corresponding to the extension type identified
385 * -- by extnID
386 * }
387 */
388int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
390{
391 int ret;
392 size_t len = 0;
394
395 while( cur_ext != NULL )
396 {
397 MBEDTLS_ASN1_CHK_ADD( len, x509_write_extension( p, start, cur_ext ) );
398 cur_ext = cur_ext->next;
399 }
400
401 return( (int) len );
402}
403
404#endif /* MBEDTLS_X509_CREATE_C */
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
int strncmp(const char *String1, const char *String2, ACPI_SIZE Count)
Definition: utclib.c:534
struct outqueuenode * head
Definition: adnsresfilter.c:66
ASN.1 buffer writing functionality.
int mbedtls_asn1_write_raw_buffer(unsigned char **p, unsigned char *start, const unsigned char *buf, size_t size)
Write raw buffer data.
int mbedtls_asn1_write_tag(unsigned char **p, unsigned char *start, unsigned char tag)
Write an ASN.1 tag in ASN.1 format.
#define MBEDTLS_ASN1_CHK_ADD(g, f)
Definition: asn1write.h:60
mbedtls_asn1_named_data * mbedtls_asn1_store_named_data(mbedtls_asn1_named_data **list, const char *oid, size_t oid_len, const unsigned char *val, size_t val_len)
Create or find a specific named_data entry for writing in a sequence or list based on the OID....
int mbedtls_asn1_write_len(unsigned char **p, unsigned char *start, size_t len)
Write a length field in ASN.1 format.
int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, size_t par_len)
Write an AlgorithmIdentifier sequence in ASN.1 format.
int mbedtls_asn1_write_oid(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len)
Write an OID tag (MBEDTLS_ASN1_OID) and data in ASN.1 format.
int mbedtls_asn1_write_tagged_string(unsigned char **p, unsigned char *start, int tag, const char *text, size_t text_len)
Write a string in ASN.1 format using a specific string encoding tag.
int mbedtls_asn1_write_bool(unsigned char **p, unsigned char *start, int boolean)
Write a boolean tag (MBEDTLS_ASN1_BOOLEAN) and value in ASN.1 format.
#define NULL
Definition: types.h:112
static const WCHAR *const ext[]
Definition: module.c:53
FxCollectionEntry * cur
GLuint start
Definition: gl.h:1545
GLdouble s
Definition: gl.h:2039
GLuint GLuint end
Definition: gl.h:1545
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
GLsizeiptr size
Definition: glext.h:5919
const GLubyte * c
Definition: glext.h:8905
const GLint * first
Definition: glext.h:5794
GLuint GLfloat * val
Definition: glext.h:7180
GLfloat GLfloat p
Definition: glext.h:8902
GLenum GLsizei len
Definition: glext.h:6722
size_t len
Definition: asn1.h:162
#define MBEDTLS_ASN1_OCTET_STRING
Definition: asn1.h:100
mbedtls_asn1_buf oid
Definition: asn1.h:193
unsigned char * p
Definition: asn1.h:163
#define MBEDTLS_ASN1_IA5_STRING
Definition: asn1.h:108
struct mbedtls_asn1_named_data * next
Definition: asn1.h:195
#define MBEDTLS_ASN1_PRINTABLE_STRING
Definition: asn1.h:106
#define MBEDTLS_ASN1_SEQUENCE
Definition: asn1.h:104
#define MBEDTLS_ASN1_SET
Definition: asn1.h:105
#define MBEDTLS_ASN1_CONSTRUCTED
Definition: asn1.h:114
#define MBEDTLS_ASN1_OID
Definition: asn1.h:102
mbedtls_asn1_buf val
Definition: asn1.h:194
#define MBEDTLS_ASN1_NULL
Definition: asn1.h:101
#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
Definition: asn1.h:82
#define MBEDTLS_ASN1_UTF8_STRING
Definition: asn1.h:103
void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head)
Free all entries in a mbedtls_asn1_named_data list Head will be set to NULL.
#define MBEDTLS_ASN1_BIT_STRING
Definition: asn1.h:99
int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size)
int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
#define MBEDTLS_ERR_X509_INVALID_NAME
Definition: x509.h:92
#define MBEDTLS_ERR_X509_UNKNOWN_OID
Definition: x509.h:87
#define MBEDTLS_ERR_X509_ALLOC_FAILED
Definition: x509.h:102
#define MBEDTLS_X509_MAX_DN_NAME_SIZE
Definition: x509.h:196
int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name)
#define d
Definition: ke_i.h:81
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
Object Identifier (OID) database.
#define MBEDTLS_OID_AT_GENERATION_QUALIFIER
Definition: oid.h:151
#define MBEDTLS_OID_AT_POSTAL_ADDRESS
Definition: oid.h:147
#define MBEDTLS_OID_AT_SERIAL_NUMBER
Definition: oid.h:140
#define MBEDTLS_OID_AT_DN_QUALIFIER
Definition: oid.h:153
#define MBEDTLS_OID_AT_INITIALS
Definition: oid.h:150
#define MBEDTLS_OID_AT_LOCALITY
Definition: oid.h:142
#define MBEDTLS_OID_AT_POSTAL_CODE
Definition: oid.h:148
#define MBEDTLS_OID_AT_SUR_NAME
Definition: oid.h:139
#define MBEDTLS_OID_AT_STATE
Definition: oid.h:143
#define MBEDTLS_OID_PKCS9_EMAIL
Definition: oid.h:236
#define MBEDTLS_OID_AT_TITLE
Definition: oid.h:146
#define MBEDTLS_OID_AT_COUNTRY
Definition: oid.h:141
#define MBEDTLS_OID_AT_PSEUDONYM
Definition: oid.h:154
#define MBEDTLS_OID_DOMAIN_COMPONENT
Definition: oid.h:156
#define MBEDTLS_OID_AT_GIVEN_NAME
Definition: oid.h:149
#define MBEDTLS_OID_AT_ORGANIZATION
Definition: oid.h:144
#define MBEDTLS_OID_AT_CN
Definition: oid.h:138
#define MBEDTLS_OID_AT_ORG_UNIT
Definition: oid.h:145
Configuration options (set of defines)
#define exit(n)
Definition: config.h:202
Definition: name.c:39
int ret
X.509 generic defines and structures.