x509_csr_format.c
Go to the documentation of this file.
1 /**
2  * @file x509_csr_format.c
3  * @brief CSR (Certificate Signing Request) formatting
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.4
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkix/x509_cert_format.h"
37 #include "pkix/x509_cert_ext_format.h"
38 #include "pkix/x509_csr_format.h"
39 #include "pkix/x509_key_format.h"
40 #include "encoding/asn1.h"
41 #include "debug.h"
42 
43 //Check crypto library configuration
44 #if (X509_SUPPORT == ENABLED)
45 
46 
47 /**
48  * @brief Format CertificationRequestInfo structure
49  * @param[in] certReqInfo Certification request information
50  * @param[in] publicKey Pointer to the subject's public key
51  * @param[out] output Buffer where to format the ASN.1 structure
52  * @param[out] written Length of the resulting ASN.1 structure
53  * @return Error code
54  **/
55 
56 error_t x509FormatCertRequestInfo(const X509CertRequestInfo *certReqInfo,
57  const void *publicKey, uint8_t *output, size_t *written)
58 {
59  error_t error;
60  size_t n;
61  size_t length;
62  uint8_t *p;
63  Asn1Tag tag;
64 
65  //Point to the buffer where to write the ASN.1 structure
66  p = output;
67  //Length of the ASN.1 structure
68  length = 0;
69 
70  //Format Version field
71  error = asn1WriteInt32(certReqInfo->version, FALSE, p, &n);
72  //Any error to report?
73  if(error)
74  return error;
75 
76  //Advance data pointer
77  p += n;
78  length += n;
79 
80  //Format Subject field
81  error = x509FormatName(&certReqInfo->subject, p, &n);
82  //Any error to report?
83  if(error)
84  return error;
85 
86  //Advance data pointer
87  p += n;
88  length += n;
89 
90  //Format SubjectPublicKeyInfo field
91  error = x509FormatSubjectPublicKeyInfo(&certReqInfo->subjectPublicKeyInfo,
92  publicKey, NULL, p, &n);
93  //Any error to report?
94  if(error)
95  return error;
96 
97  //Advance data pointer
98  p += n;
99  length += n;
100 
101  //Format Attributes field
102  error = x509FormatAttributes(&certReqInfo->attributes, p, &n);
103  //Any error to report?
104  if(error)
105  return error;
106 
107  //Advance data pointer
108  p += n;
109  length += n;
110 
111  //The CertificationRequestInfo structure is encapsulated within a sequence
112  tag.constructed = TRUE;
113  tag.objClass = ASN1_CLASS_UNIVERSAL;
114  tag.objType = ASN1_TYPE_SEQUENCE;
115  tag.length = length;
116  tag.value = output;
117 
118  //Write the corresponding ASN.1 tag
119  error = asn1WriteTag(&tag, FALSE, output, &n);
120  //Any error to report?
121  if(error)
122  return error;
123 
124  //Total number of bytes that have been written
125  *written = n;
126 
127  //Successful processing
128  return NO_ERROR;
129 }
130 
131 
132 /**
133  * @brief Format CSR attributes
134  * @param[in] attributes Pointer to the CSR attributes
135  * @param[out] output Buffer where to format the ASN.1 structure
136  * @param[out] written Length of the resulting ASN.1 structure
137  * @return Error code
138  **/
139 
140 error_t x509FormatAttributes(const X509Attributes *attributes,
141  uint8_t *output, size_t *written)
142 {
143  error_t error;
144  size_t n;
145  size_t length;
146  uint8_t *p;
147  Asn1Tag tag;
148 
149  //Point to the buffer where to write the ASN.1 structure
150  p = output;
151  //Length of the ASN.1 structure
152  length = 0;
153 
154  //Format PKCS#9 Challenge Password attribute
155  error = x509FormatChallengePassword(&attributes->challengePwd, p, &n);
156  //Any error to report?
157  if(error)
158  return error;
159 
160  //Advance data pointer
161  p += n;
162  length += n;
163 
164  //Format PKCS#9 Extension Request attribute
165  error = x509FormatExtensionRequest(&attributes->extensionReq, p, &n);
166  //Any error to report?
167  if(error)
168  return error;
169 
170  //Advance data pointer
171  p += n;
172  length += n;
173 
174  //Explicit tagging shall be used to encode the Extensions structure
175  tag.constructed = TRUE;
176  tag.objClass = ASN1_CLASS_CONTEXT_SPECIFIC;
177  tag.objType = 0;
178  tag.length = length;
179  tag.value = output;
180 
181  //Write the corresponding ASN.1 tag
182  error = asn1WriteTag(&tag, FALSE, output, &length);
183  //Any error to report?
184  if(error)
185  return error;
186 
187  //Total number of bytes that have been written
188  *written = length;
189 
190  //Successful processing
191  return NO_ERROR;
192 }
193 
194 
195 /**
196  * @brief Format ChallengePassword attribute
197  * @param[in] challengePwd Value of the attribute
198  * @param[out] output Buffer where to format the ASN.1 structure
199  * @param[out] written Length of the resulting ASN.1 structure
200  * @return Error code
201  **/
202 
203 error_t x509FormatChallengePassword(const X509ChallengePassword *challengePwd,
204  uint8_t *output, size_t *written)
205 {
206  error_t error;
207  size_t n;
208  size_t length;
209  uint8_t *p;
210  Asn1Tag tag;
211 
212  //Point to the buffer where to write the ASN.1 structure
213  p = output;
214  //Length of the ASN.1 structure
215  length = 0;
216 
217  //Valid challenge password?
218  if(challengePwd->value != NULL && challengePwd->length > 0)
219  {
220  //Format attribute identifier
221  tag.constructed = FALSE;
222  tag.objClass = ASN1_CLASS_UNIVERSAL;
223  tag.objType = ASN1_TYPE_OBJECT_IDENTIFIER;
224  tag.length = sizeof(X509_CHALLENGE_PASSWORD_OID);
225  tag.value = X509_CHALLENGE_PASSWORD_OID;
226 
227  //Write the corresponding ASN.1 tag
228  error = asn1WriteTag(&tag, FALSE, p, &n);
229  //Any error to report?
230  if(error)
231  return error;
232 
233  //Advance data pointer
234  p += n;
235  length += n;
236 
237  //Format challenge password
238  tag.constructed = FALSE;
239  tag.objClass = ASN1_CLASS_UNIVERSAL;
240  tag.objType = ASN1_TYPE_UTF8_STRING;
241  tag.length = challengePwd->length;
242  tag.value = (uint8_t *) challengePwd->value;
243 
244  //Write the corresponding ASN.1 tag
245  error = asn1WriteTag(&tag, FALSE, p, &n);
246  //Any error to report?
247  if(error)
248  return error;
249 
250  //Attribute value is encapsulated within a set
251  tag.constructed = TRUE;
252  tag.objClass = ASN1_CLASS_UNIVERSAL;
253  tag.objType = ASN1_TYPE_SET;
254  tag.length = n;
255  tag.value = p;
256 
257  //Write the corresponding ASN.1 tag
258  error = asn1WriteTag(&tag, FALSE, p, &n);
259  //Any error to report?
260  if(error)
261  return error;
262 
263  //The attribute is encapsulated within a sequence
264  tag.constructed = TRUE;
265  tag.objClass = ASN1_CLASS_UNIVERSAL;
266  tag.objType = ASN1_TYPE_SEQUENCE;
267  tag.length = length + n;
268  tag.value = output;
269 
270  //Write the corresponding ASN.1 tag
271  error = asn1WriteTag(&tag, FALSE, output, &length);
272  //Any error to report?
273  if(error)
274  return error;
275  }
276 
277  //Total number of bytes that have been written
278  *written = length;
279 
280  //Successful processing
281  return NO_ERROR;
282 }
283 
284 
285 /**
286  * @brief Format ExtensionRequest attribute
287  * @param[in] extensionReq Value of the attribute
288  * @param[out] output Buffer where to format the ASN.1 structure
289  * @param[out] written Length of the resulting ASN.1 structure
290  * @return Error code
291  **/
292 
293 error_t x509FormatExtensionRequest(const X509Extensions *extensionReq,
294  uint8_t *output, size_t *written)
295 {
296  error_t error;
297  size_t n;
298  size_t m;
299  size_t length;
300  uint8_t *p;
301  Asn1Tag tag;
302 
303  //Point to the buffer where to write the ASN.1 structure
304  p = output;
305  //Length of the ASN.1 structure
306  length = 0;
307 
308  //Format attribute identifier
309  tag.constructed = FALSE;
310  tag.objClass = ASN1_CLASS_UNIVERSAL;
311  tag.objType = ASN1_TYPE_OBJECT_IDENTIFIER;
312  tag.length = sizeof(X509_EXTENSION_REQUEST_OID);
313  tag.value = X509_EXTENSION_REQUEST_OID;
314 
315  //Write the corresponding ASN.1 tag
316  error = asn1WriteTag(&tag, FALSE, p, &m);
317  //Any error to report?
318  if(error)
319  return error;
320 
321  //Advance data pointer
322  p += m;
323 
324  //Format NetscapeCertType extension
325  error = x509FormatNsCertType(&extensionReq->nsCertType, p, &n);
326  //Any error to report?
327  if(error)
328  return error;
329 
330  //Advance data pointer
331  p += n;
332  length += n;
333 
334  //Format BasicConstraints extension
335  error = x509FormatBasicConstraints(&extensionReq->basicConstraints,
336  p, &n);
337  //Any error to report?
338  if(error)
339  return error;
340 
341  //Advance data pointer
342  p += n;
343  length += n;
344 
345  //Format KeyUsage extension
346  error = x509FormatKeyUsage(&extensionReq->keyUsage, p, &n);
347  //Any error to report?
348  if(error)
349  return error;
350 
351  //Advance data pointer
352  p += n;
353  length += n;
354 
355  //Format SubjectAltName extension
356  error = x509FormatSubjectAltName(&extensionReq->subjectAltName, p, &n);
357  //Any error to report?
358  if(error)
359  return error;
360 
361  //Advance data pointer
362  p += n;
363  length += n;
364 
365  //Format SubjectKeyIdentifier extension
366  error = x509FormatSubjectKeyId(&extensionReq->subjectKeyId, p, &n);
367  //Any error to report?
368  if(error)
369  return error;
370 
371  //Advance data pointer
372  p += n;
373  length += n;
374 
375  //Format AuthorityKeyIdentifier extension
376  error = x509FormatAuthorityKeyId(&extensionReq->authKeyId, p, &n);
377  //Any error to report?
378  if(error)
379  return error;
380 
381  //Advance data pointer
382  p += n;
383  length += n;
384 
385  //Any extensions written?
386  if(length > 0)
387  {
388  //Point to the first certificate extension
389  p = output + m;
390 
391  //Certificate extensions are encapsulated within a sequence
392  tag.constructed = TRUE;
393  tag.objClass = ASN1_CLASS_UNIVERSAL;
394  tag.objType = ASN1_TYPE_SEQUENCE;
395  tag.length = length;
396  tag.value = p;
397 
398  //Write the corresponding ASN.1 tag
399  error = asn1WriteTag(&tag, FALSE, p, &length);
400  //Any error to report?
401  if(error)
402  return error;
403 
404  //Attribute value is encapsulated within a set
405  tag.constructed = TRUE;
406  tag.objClass = ASN1_CLASS_UNIVERSAL;
407  tag.objType = ASN1_TYPE_SET;
408  tag.length = length;
409  tag.value = p;
410 
411  //Write the corresponding ASN.1 tag
412  error = asn1WriteTag(&tag, FALSE, p, &length);
413  //Any error to report?
414  if(error)
415  return error;
416 
417  //The attribute is encapsulated within a sequence
418  tag.constructed = TRUE;
419  tag.objClass = ASN1_CLASS_UNIVERSAL;
420  tag.objType = ASN1_TYPE_SEQUENCE;
421  tag.length = length + m;
422  tag.value = output;
423 
424  //Write the corresponding ASN.1 tag
425  error = asn1WriteTag(&tag, FALSE, output, &length);
426  //Any error to report?
427  if(error)
428  return error;
429  }
430 
431  //Total number of bytes that have been written
432  *written = length;
433 
434  //Successful processing
435  return NO_ERROR;
436 }
437 
438 #endif
x509FormatSubjectKeyId
error_t x509FormatSubjectKeyId(const X509SubjectKeyId *subjectKeyId, uint8_t *output, size_t *written)
Format SubjectKeyIdentifier extension.
Definition: x509_cert_ext_format.c:1033
p
uint8_t p
Definition: ndp.h:300
x509FormatBasicConstraints
error_t x509FormatBasicConstraints(const X509BasicConstraints *basicConstraints, uint8_t *output, size_t *written)
Format BasicConstraints extension.
Definition: x509_cert_ext_format.c:302
X509Extensions::keyUsage
X509KeyUsage keyUsage
Definition: x509_common.h:1007
TRUE
#define TRUE
Definition: os_port.h:50
ASN1_TYPE_UTF8_STRING
@ ASN1_TYPE_UTF8_STRING
Definition: asn1.h:79
X509ChallengePassword::value
const char_t * value
Definition: x509_common.h:1226
X509Extensions::nsCertType
X509NsCertType nsCertType
Definition: x509_common.h:1015
attributes
uint8_t attributes[]
Definition: radius.h:88
X509_CHALLENGE_PASSWORD_OID
const uint8_t X509_CHALLENGE_PASSWORD_OID[9]
Definition: x509_common.c:164
X509_EXTENSION_REQUEST_OID
const uint8_t X509_EXTENSION_REQUEST_OID[9]
Definition: x509_common.c:166
X509Extensions::authKeyId
X509AuthKeyId authKeyId
Definition: x509_common.h:1011
x509_cert_format.h
X.509 certificate formatting.
x509FormatSubjectAltName
error_t x509FormatSubjectAltName(const X509SubjectAltName *subjectAltName, uint8_t *output, size_t *written)
Format SubjectAltName extension.
Definition: x509_cert_ext_format.c:909
x509FormatSubjectPublicKeyInfo
error_t x509FormatSubjectPublicKeyInfo(const X509SubjectPublicKeyInfo *publicKeyInfo, const void *publicKey, uint8_t *keyId, uint8_t *output, size_t *written)
Format SubjectPublicKeyInfo structure.
Definition: x509_key_format.c:57
Asn1Tag::length
size_t length
Definition: asn1.h:106
X509CertRequestInfo::subjectPublicKeyInfo
X509SubjectPublicKeyInfo subjectPublicKeyInfo
Definition: x509_common.h:1263
FALSE
#define FALSE
Definition: os_port.h:46
error_t
error_t
Error codes.
Definition: error.h:43
ASN1_CLASS_UNIVERSAL
#define ASN1_CLASS_UNIVERSAL
Definition: asn1.h:52
X509Extensions::basicConstraints
X509BasicConstraints basicConstraints
Definition: x509_common.h:1005
Asn1Tag
ASN.1 tag.
Definition: asn1.h:102
x509_csr_format.h
CSR (Certificate Signing Request) formatting.
crypto.h
General definitions for cryptographic algorithms.
X509CertRequestInfo::version
X509Version version
Definition: x509_common.h:1261
asn1WriteTag
error_t asn1WriteTag(Asn1Tag *tag, bool_t reverse, uint8_t *data, size_t *written)
Write an ASN.1 tag.
Definition: asn1.c:334
Asn1Tag::objClass
uint_t objClass
Definition: asn1.h:104
length
uint8_t length
Definition: tcp.h:368
X509CertRequestInfo
CertificationRequestInfo structure.
Definition: x509_common.h:1259
X509Extensions::subjectAltName
X509SubjectAltName subjectAltName
Definition: x509_common.h:1009
x509FormatExtensionRequest
error_t x509FormatExtensionRequest(const X509Extensions *extensionReq, uint8_t *output, size_t *written)
Format ExtensionRequest attribute.
Definition: x509_csr_format.c:293
x509FormatChallengePassword
error_t x509FormatChallengePassword(const X509ChallengePassword *challengePwd, uint8_t *output, size_t *written)
Format ChallengePassword attribute.
Definition: x509_csr_format.c:203
x509_key_format.h
Formatting of ASN.1 encoded keys.
x509FormatAuthorityKeyId
error_t x509FormatAuthorityKeyId(const X509AuthKeyId *authKeyId, uint8_t *output, size_t *written)
Format AuthorityKeyIdentifier extension.
Definition: x509_cert_ext_format.c:1130
m
uint8_t m
Definition: ndp.h:304
n
uint8_t n
Definition: dhcpv6_common.h:416
ASN1_CLASS_CONTEXT_SPECIFIC
#define ASN1_CLASS_CONTEXT_SPECIFIC
Definition: asn1.h:54
x509FormatName
error_t x509FormatName(const X509Name *name, uint8_t *output, size_t *written)
Format Name structure.
Definition: x509_cert_format.c:306
X509Attributes
CSR attributes.
Definition: x509_common.h:1247
Asn1Tag::constructed
bool_t constructed
Definition: asn1.h:103
x509FormatKeyUsage
error_t x509FormatKeyUsage(const X509KeyUsage *keyUsage, uint8_t *output, size_t *written)
Format KeyUsage extension.
Definition: x509_cert_ext_format.c:468
ASN1_TYPE_OBJECT_IDENTIFIER
@ ASN1_TYPE_OBJECT_IDENTIFIER
Definition: asn1.h:74
ASN1_TYPE_SEQUENCE
@ ASN1_TYPE_SEQUENCE
Definition: asn1.h:80
X509Extensions
X.509 certificate extensions.
Definition: x509_common.h:1003
x509FormatAttributes
error_t x509FormatAttributes(const X509Attributes *attributes, uint8_t *output, size_t *written)
Format CSR attributes.
Definition: x509_csr_format.c:140
x509_cert_ext_format.h
X.509 extension formatting.
x509FormatNsCertType
error_t x509FormatNsCertType(const X509NsCertType *nsCertType, uint8_t *output, size_t *written)
Format NetscapeCertType extension.
Definition: x509_cert_ext_format.c:1240
x509FormatCertRequestInfo
error_t x509FormatCertRequestInfo(const X509CertRequestInfo *certReqInfo, const void *publicKey, uint8_t *output, size_t *written)
Format CertificationRequestInfo structure.
Definition: x509_csr_format.c:56
asn1WriteInt32
error_t asn1WriteInt32(int32_t value, bool_t reverse, uint8_t *data, size_t *written)
Write a 32-bit integer to the output stream.
Definition: asn1.c:495
X509Extensions::subjectKeyId
X509SubjectKeyId subjectKeyId
Definition: x509_common.h:1010
X509CertRequestInfo::attributes
X509Attributes attributes
Definition: x509_common.h:1264
ASN1_TYPE_SET
@ ASN1_TYPE_SET
Definition: asn1.h:81
Asn1Tag::value
const uint8_t * value
Definition: asn1.h:107
X509ChallengePassword
PKCS #9 ChallengePassword attribute.
Definition: x509_common.h:1225
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
debug.h
Debugging facilities.
Asn1Tag::objType
uint_t objType
Definition: asn1.h:105
asn1.h
ASN.1 (Abstract Syntax Notation One)