eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merged refactored x509write module into development

Browse source
This commit is contained in:
Paul Bakker 2013-08-28 16:31:30 +02:00
commit ca174fef80
21 changed files with 1442 additions and 321 deletions
Download patch file Download diff file Expand all files Collapse all files

35
include/polarssl/asn1.h
View file

@ -93,7 +93,10 @@
/** Returns the size of the binary string, without the trailing \\0 */
#define OID_SIZE(x) (sizeof(x) - 1)
/** Compares two asn1_buf structures for the same OID */
/** Compares two asn1_buf structures for the same OID. Only works for
* 'defined' oid_str values (OID_HMAC_SHA1), you cannot use a 'unsigned
* char *oid' here!
*/
#define OID_CMP(oid_str, oid_buf) \
( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) == 0 )
@ -139,6 +142,17 @@ typedef struct _asn1_sequence
}
asn1_sequence;
/**
* Container for a sequence or list of 'named' ASN.1 data items
*/
typedef struct _asn1_named_data
{
asn1_buf oid; /**< The object identifier. */
asn1_buf val; /**< The named value. */
struct _asn1_named_data *next; /**< The next entry in the sequence. */
}
asn1_named_data;
/**
* Get the length of an ASN.1 element.
* Updates the pointer to immediately behind the length.
@ -286,6 +300,25 @@ int asn1_get_alg_null( unsigned char **p,
const unsigned char *end,
asn1_buf *alg );
/**
* Find a specific named_data entry in a sequence or list based on the OID.
*
* \param list The list to seek through
* \param oid The OID to look for
* \param len Size of the OID
*
* \return NULL if not found, or a pointer to the existing entry.
*/
asn1_named_data *asn1_find_named_data( asn1_named_data *list,
const char *oid, size_t len );
/**
* Free a asn1_named_data entry
*
* \param entry The named data entry to free
*/
void asn1_free_named_data( asn1_named_data *entry );
#ifdef __cplusplus
}
#endif

146
include/polarssl/asn1write.h
View file

@ -35,20 +35,164 @@
extern "C" {
#endif
/**
* \brief Write a length field in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param len the length to write
*
* \return the length written or a negative error code
*/
int asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
/**
* \brief Write a ASN.1 tag in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param tag the tag to write
*
* \return the length written or a negative error code
*/
int asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag );
/**
* \brief Write raw buffer data
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param buf data buffer to write
* \param size length of the data buffer
*
* \return the length written or a negative error code
*/
int asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t size );
#if defined(POLARSSL_BIGNUM_C)
/**
* \brief Write a big number (ASN1_INTEGER) in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param X the MPI to write
*
* \return the length written or a negative error code
*/
int asn1_write_mpi( unsigned char **p, unsigned char *start, mpi *X );
#endif
/**
* \brief Write a NULL tag (ASN1_NULL) with zero data in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
*
* \return the length written or a negative error code
*/
int asn1_write_null( unsigned char **p, unsigned char *start );
/**
* \brief Write an OID tag (ASN1_OID) and data in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param oid the OID to write
*
* \return the length written or a negative error code
*/
int asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid );
int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start, const char *algorithm_oid );
/**
* \brief Write an AlgorithmIdentifier sequence in ASN.1 format
* Note: function works backwards in data buffer
* Note: Uses NULL as algorithm parameter
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param oid the OID of the algorithm
*
* \return the length written or a negative error code
*/
int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
const char *oid );
/**
* \brief Write an int tag (ASN1_INTEGER) and value in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param val the integer value
*
* \return the length written or a negative error code
*/
int asn1_write_int( unsigned char **p, unsigned char *start, int val );
/**
* \brief Write a printable string tag (ASN1_PRINTABLE_STRING) and
* value in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param text the text to write
*
* \return the length written or a negative error code
*/
int asn1_write_printable_string( unsigned char **p, unsigned char *start,
char *text );
/**
* \brief Write an IA5 string tag (ASN1_IA5_STRING) and
* value in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param text the text to write
*
* \return the length written or a negative error code
*/
int asn1_write_ia5_string( unsigned char **p, unsigned char *start,
char *text );
/**
* \brief Write a bitstring tag (ASN1_BIT_STRING) and
* value in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param buf the bitstring
* \param bits the total number of bits in the bitstring
*
* \return the length written or a negative error code
*/
int asn1_write_bitstring( unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t bits );
/**
* \brief Write an octet string tag (ASN1_OCTET_STRING) and
* value in ASN.1 format
* Note: function works backwards in data buffer
*
* \param p reference to current position pointer
* \param start start of the buffer (for bounds-checking)
* \param buf data buffer to write
* \param size length of the data buffer
*
* \return the length written or a negative error code
*/
int asn1_write_octet_string( unsigned char **p, unsigned char *start,
const unsigned char *buf, size_t size );
#ifdef __cplusplus
}
#endif

27
include/polarssl/error.h
View file

@ -73,19 +73,20 @@
* PBKDF2 1 0x007C-0x007C
*
* High-level module nr (3 bits - 0x1...-0x8...)
* Name ID Nr of Errors
* PEM 1 9
* PKCS#12 1 4 (Started from top)
* X509 2 25
* PK 2 3 (Started from top)
* DHM 3 6
* PKCS5 3 4 (Started from top)
* RSA 4 9
* ECP 4 4 (Started from top)
* MD 5 4
* CIPHER 6 5
* SSL 6 6 (Started from top)
* SSL 7 31
* Name ID Nr of Errors
* PEM 1 9
* PKCS#12 1 4 (Started from top)
* X509 2 25
* PK 2 3 (Started from top)
* DHM 3 6
* PKCS5 3 4 (Started from top)
* RSA 4 9
* ECP 4 4 (Started from top)
* MD 5 4
* X509WRITE 5 3 (Started from top)
* CIPHER 6 5
* SSL 6 6 (Started from top)
* SSL 7 31
*
* Module dependent error code (5 bits 0x.08.-0x.F8.)
*/

5
include/polarssl/oid.h
View file

@ -227,6 +227,11 @@
#define OID_PKCS5_PBE_SHA1_DES_CBC OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
#define OID_PKCS5_PBE_SHA1_RC2_CBC OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
/*
* PKCS#8 OIDs
*/
#define OID_PKCS9_CSR_EXT_REQ OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
/*
* PKCS#12 PBE OIDs
*/

54
include/polarssl/x509.h
View file

@ -146,7 +146,7 @@
extern "C" {
#endif
/**
/**
* \addtogroup x509_module
* \{ */
@ -154,8 +154,8 @@ extern "C" {
* \name Structures for parsing X.509 certificates and CRLs
* \{
*/
/**
/**
* Type-length-value structure that allows for ASN1 using DER.
*/
typedef asn1_buf x509_buf;
@ -166,16 +166,10 @@ typedef asn1_buf x509_buf;
typedef asn1_bitstring x509_bitstring;
/**
* Container for ASN1 named information objects.
* Container for ASN1 named information objects.
* It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc.).
*/
typedef struct _x509_name
{
x509_buf oid; /**< The object identifier. */
x509_buf val; /**< The named value. */
struct _x509_name *next; /**< The next named information object. */
}
x509_name;
typedef asn1_named_data x509_name;
/**
* Container for a sequence of ASN.1 items
@ -190,7 +184,7 @@ typedef struct _x509_time
}
x509_time;
/**
/**
* Container for an X.509 certificate. The certificate may be chained.
*/
typedef struct _x509_cert
@ -289,42 +283,6 @@ x509_crl;
/** \} name Structures for parsing X.509 certificates and CRLs */
/** \} addtogroup x509_module */
/**
* \name Structures for writing X.509 certificates.
* XvP: commented out as they are not used.
* - <tt>typedef struct _x509_node x509_node;</tt>
* - <tt>typedef struct _x509_raw x509_raw;</tt>
*/
/*
typedef struct _x509_node
{
unsigned char *data;
unsigned char *p;
unsigned char *end;
size_t len;
}
x509_node;
typedef struct _x509_raw
{
x509_node raw;
x509_node tbs;
x509_node version;
x509_node serial;
x509_node tbs_signalg;
x509_node issuer;
x509_node validity;
x509_node subject;
x509_node subpubkey;
x509_node signalg;
x509_node sign;
}
x509_raw;
*/
/**
* \name Functions to read in DHM parameters, a certificate, CRL or private RSA key
* \{

214
include/polarssl/x509write.h
View file

@ -29,14 +29,40 @@
#include "config.h"
#if defined(POLARSSL_X509_WRITE_C)
#include "x509.h"
#include "rsa.h"
/**
* \addtogroup x509_module
* \{
*/
/**
* \name X509 Write Error codes
* \{
*/
#define POLARSSL_ERR_X509WRITE_UNKNOWN_OID -0x5F80 /**< Requested OID is unknown. */
#define POLARSSL_ERR_X509WRITE_BAD_INPUT_DATA -0x5F00 /**< Failed to allocate memory. */
#define POLARSSL_ERR_X509WRITE_MALLOC_FAILED -0x5E80 /**< Failed to allocate memory. */
/* \} name */
/* \} addtogroup x509_module */
#ifdef __cplusplus
extern "C" {
#endif
/**
* \addtogroup x509_module
* \{
*/
/**
* \name Structures for writing X.509 CSRs (Certificate Signing Request)
* \{
*/
/**
* Container for CSR named objects
*/
typedef struct _x509_req_name
{
char oid[128];
@ -46,15 +72,187 @@ typedef struct _x509_req_name
}
x509_req_name;
int x509_write_pubkey_der( unsigned char *buf, size_t size, rsa_context *rsa );
int x509_write_key_der( unsigned char *buf, size_t size, rsa_context *rsa );
int x509_write_cert_req( unsigned char *buf, size_t size, rsa_context *rsa,
x509_req_name *req_name, md_type_t md_alg );
/**
* Container for a CSR
*/
typedef struct _x509_csr
{
rsa_context *rsa;
x509_req_name *subject;
md_type_t md_alg;
asn1_named_data *extensions;
}
x509_csr;
/* \} addtogroup x509_module */
/**
* \brief Initialize a CSR context
*
* \param ctx CSR context to initialize
*/
void x509write_csr_init( x509_csr *ctx );
/**
* \brief Set the subject name for a CSR
* Subject names should contain a comma-separated list
* of OID types and values:
* e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1"
*
* \param ctx CSR context to use
* \param subject_name subject name to set
*
* \return 0 if subject name was parsed successfully, or
* a specific error code
*/
int x509write_csr_set_subject_name( x509_csr *ctx, char *subject_name );
/**
* \brief Set the RSA key for a CSR (public key will be included,
* private key used to sign the CSR when writing it)
*
* \param ctx CSR context to use
* \param rsa RSA key to include
*/
void x509write_csr_set_rsa_key( x509_csr *ctx, rsa_context *rsa );
/**
* \brief Set the MD algorithm to use for the signature
* (e.g. POLARSSL_MD_SHA1)
*
* \param ctx CSR context to use
* \param md_ald MD algorithm to use
*/
void x509write_csr_set_md_alg( x509_csr *ctx, md_type_t md_alg );
/**
* \brief Set the Key Usage Extension flags
* (e.g. KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)
*
* \param ctx CSR context to use
* \param key_usage key usage flags to set
*
* \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
*/
int x509write_csr_set_key_usage( x509_csr *ctx, unsigned char key_usage );
/**
* \brief Set the Netscape Cert Type flags
* (e.g. NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)
*
* \param ctx CSR context to use
* \param ns_cert_type Netscape Cert Type flags to set
*
* \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
*/
int x509write_csr_set_ns_cert_type( x509_csr *ctx, unsigned char ns_cert_type );
/**
* \brief Generic function to add to or replace an extension in the CSR
*
* \param ctx CSR context to use
* \param oid OID of the extension
* \param oid_len length of the OID
* \param val value of the extension OCTET STRING
* \param val_len length of the value data
*
* \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
*/
int x509write_csr_set_extension( x509_csr *ctx,
const char *oid, size_t oid_len,
const unsigned char *val, size_t val_len );
/**
* \brief Free the contents of a CSR context
*
* \param ctx CSR context to free
*/
void x509write_csr_free( x509_csr *ctx );
/**
* \brief Write a RSA public key to a PKCS#1 DER structure
* Note: data is written at the end of the buffer! Use the
* return value to determine where you should start
* using the buffer
*
* \param rsa RSA to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return length of data written if successful, or a specific
* error code
*/
int x509write_pubkey_der( rsa_context *rsa, unsigned char *buf, size_t size );
/**
* \brief Write a RSA key to a PKCS#1 DER structure
* Note: data is written at the end of the buffer! Use the
* return value to determine where you should start
* using the buffer
*
* \param rsa RSA to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return length of data written if successful, or a specific
* error code
*/
int x509write_key_der( rsa_context *rsa, unsigned char *buf, size_t size );
/**
* \brief Write a CSR (Certificate Signing Request) to a
* DER structure
* Note: data is written at the end of the buffer! Use the
* return value to determine where you should start
* using the buffer
*
* \param rsa CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return length of data written if successful, or a specific
* error code
*/
int x509write_csr_der( x509_csr *ctx, unsigned char *buf, size_t size );
#if defined(POLARSSL_BASE64_C)
/**
* \brief Write a RSA public key to a PKCS#1 PEM string
*
* \param rsa RSA to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return 0 successful, or a specific error code
*/
int x509write_pubkey_pem( rsa_context *rsa, unsigned char *buf, size_t size );
/**
* \brief Write a RSA key to a PKCS#1 PEM string
*
* \param rsa RSA to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return 0 successful, or a specific error code
*/
int x509write_key_pem( rsa_context *rsa, unsigned char *buf, size_t size );
/**
* \brief Write a CSR (Certificate Signing Request) to a
* PEM string
*
* \param rsa CSR to write away
* \param buf buffer to write to
* \param size size of the buffer
*
* \return 0 successful, or a specific error code
*/
int x509write_csr_pem( x509_csr *ctx, unsigned char *buf, size_t size );
#endif /* POLARSSL_BASE64_C */
#ifdef __cplusplus
}
#endif
#endif /* POLARSSL_X509_WRITE_C */
#endif /* POLARSSL_X509_WRITE_H */