x509_csr_format.c
Go to the documentation of this file.
1 /**
2  * @file x509_csr_format.c
3  * @brief CSR (Certificate Signing Request) formatting
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.2
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkix/x509_cert_format.h"
37 #include "pkix/x509_cert_ext_format.h"
38 #include "pkix/x509_csr_format.h"
39 #include "pkix/x509_key_format.h"
40 #include "encoding/asn1.h"
41 #include "debug.h"
42 
43 //Check crypto library configuration
44 #if (X509_SUPPORT == ENABLED)
45 
46 
47 /**
48  * @brief Format CertificationRequestInfo structure
49  * @param[in] certReqInfo Certification request information
50  * @param[in] publicKey Pointer to the subject's public key
51  * @param[out] output Buffer where to format the ASN.1 structure
52  * @param[out] written Length of the resulting ASN.1 structure
53  * @return Error code
54  **/
55 
56 error_t x509FormatCertRequestInfo(const X509CertRequestInfo *certReqInfo,
57  const void *publicKey, uint8_t *output, size_t *written)
58 {
59  error_t error;
60  size_t n;
61  size_t length;
62  uint8_t *p;
63  Asn1Tag tag;
64 
65  //Point to the buffer where to write the ASN.1 structure
66  p = output;
67  //Length of the ASN.1 structure
68  length = 0;
69 
70  //Format Version field
71  error = asn1WriteInt32(certReqInfo->version, FALSE, p, &n);
72  //Any error to report?
73  if(error)
74  return error;
75 
76  //Advance data pointer
77  ASN1_INC_POINTER(p, n);
78  length += n;
79 
80  //Format Subject field
81  error = x509FormatName(&certReqInfo->subject, p, &n);
82  //Any error to report?
83  if(error)
84  return error;
85 
86  //Advance data pointer
87  ASN1_INC_POINTER(p, n);
88  length += n;
89 
90  //Format SubjectPublicKeyInfo field
91  error = x509FormatSubjectPublicKeyInfo(&certReqInfo->subjectPublicKeyInfo,
92  publicKey, NULL, p, &n);
93  //Any error to report?
94  if(error)
95  return error;
96 
97  //Advance data pointer
98  ASN1_INC_POINTER(p, n);
99  length += n;
100 
101  //Format Attributes field
102  error = x509FormatAttributes(&certReqInfo->attributes, p, &n);
103  //Any error to report?
104  if(error)
105  return error;
106 
107  //Advance data pointer
108  ASN1_INC_POINTER(p, n);
109  length += n;
110 
111  //The CertificationRequestInfo structure is encapsulated within a sequence
112  tag.constructed = TRUE;
113  tag.objClass = ASN1_CLASS_UNIVERSAL;
114  tag.objType = ASN1_TYPE_SEQUENCE;
115  tag.length = length;
116 
117  //Write the corresponding ASN.1 tag
118  error = asn1InsertHeader(&tag, output, &n);
119  //Any error to report?
120  if(error)
121  return error;
122 
123  //Total number of bytes that have been written
124  *written = tag.totalLength;
125 
126  //Successful processing
127  return NO_ERROR;
128 }
129 
130 
131 /**
132  * @brief Format CSR attributes
133  * @param[in] attributes Pointer to the CSR attributes
134  * @param[out] output Buffer where to format the ASN.1 structure
135  * @param[out] written Length of the resulting ASN.1 structure
136  * @return Error code
137  **/
138 
139 error_t x509FormatAttributes(const X509Attributes *attributes,
140  uint8_t *output, size_t *written)
141 {
142  error_t error;
143  size_t n;
144  size_t length;
145  uint8_t *p;
146  Asn1Tag tag;
147 
148  //Point to the buffer where to write the ASN.1 structure
149  p = output;
150  //Length of the ASN.1 structure
151  length = 0;
152 
153  //Format PKCS #9 Challenge Password attribute
154  error = x509FormatChallengePassword(&attributes->challengePwd, p, &n);
155  //Any error to report?
156  if(error)
157  return error;
158 
159  //Advance data pointer
160  ASN1_INC_POINTER(p, n);
161  length += n;
162 
163  //Format PKCS #9 Extension Request attribute
164  error = x509FormatExtensionRequest(&attributes->extensionReq, p, &n);
165  //Any error to report?
166  if(error)
167  return error;
168 
169  //Advance data pointer
170  ASN1_INC_POINTER(p, n);
171  length += n;
172 
173  //Explicit tagging shall be used to encode the Extensions structure
174  tag.constructed = TRUE;
175  tag.objClass = ASN1_CLASS_CONTEXT_SPECIFIC;
176  tag.objType = 0;
177  tag.length = length;
178 
179  //Write the corresponding ASN.1 tag
180  error = asn1InsertHeader(&tag, output, &n);
181  //Any error to report?
182  if(error)
183  return error;
184 
185  //Total number of bytes that have been written
186  *written = tag.totalLength;
187 
188  //Successful processing
189  return NO_ERROR;
190 }
191 
192 
193 /**
194  * @brief Format ChallengePassword attribute
195  * @param[in] challengePwd Value of the attribute
196  * @param[out] output Buffer where to format the ASN.1 structure
197  * @param[out] written Length of the resulting ASN.1 structure
198  * @return Error code
199  **/
200 
201 error_t x509FormatChallengePassword(const X509ChallengePassword *challengePwd,
202  uint8_t *output, size_t *written)
203 {
204  error_t error;
205  size_t n;
206  size_t length;
207  uint8_t *p;
208  Asn1Tag tag;
209 
210  //Point to the buffer where to write the ASN.1 structure
211  p = output;
212  //Length of the ASN.1 structure
213  length = 0;
214 
215  //Valid challenge password?
216  if(challengePwd->value != NULL && challengePwd->length > 0)
217  {
218  //Format attribute identifier
219  tag.constructed = FALSE;
220  tag.objClass = ASN1_CLASS_UNIVERSAL;
221  tag.objType = ASN1_TYPE_OBJECT_IDENTIFIER;
222  tag.length = sizeof(PKCS9_CHALLENGE_PASSWORD_OID);
223  tag.value = PKCS9_CHALLENGE_PASSWORD_OID;
224 
225  //Write the corresponding ASN.1 tag
226  error = asn1WriteTag(&tag, FALSE, p, &n);
227  //Any error to report?
228  if(error)
229  return error;
230 
231  //Advance data pointer
232  ASN1_INC_POINTER(p, n);
233  length += n;
234 
235  //ChallengePassword attribute values should use the PrintableString
236  //encoding whenever possible (refer to RFC 2985, section 5.4.1)
237  tag.constructed = FALSE;
238  tag.objClass = ASN1_CLASS_UNIVERSAL;
239  tag.objType = ASN1_TYPE_PRINTABLE_STRING;
240  tag.length = challengePwd->length;
241  tag.value = (uint8_t *) challengePwd->value;
242 
243  //Write the corresponding ASN.1 tag
244  error = asn1WriteTag(&tag, FALSE, p, &n);
245  //Any error to report?
246  if(error)
247  return error;
248 
249  //Attribute value is encapsulated within a set
250  tag.constructed = TRUE;
251  tag.objClass = ASN1_CLASS_UNIVERSAL;
252  tag.objType = ASN1_TYPE_SET;
253  tag.length = n;
254 
255  //Write the corresponding ASN.1 tag
256  error = asn1InsertHeader(&tag, p, &n);
257  //Any error to report?
258  if(error)
259  return error;
260 
261  //Get the length of the resulting tag
262  n = tag.totalLength;
263 
264  //The attribute is encapsulated within a sequence
265  tag.constructed = TRUE;
266  tag.objClass = ASN1_CLASS_UNIVERSAL;
267  tag.objType = ASN1_TYPE_SEQUENCE;
268  tag.length = length + n;
269 
270  //Write the corresponding ASN.1 tag
271  error = asn1InsertHeader(&tag, output, &n);
272  //Any error to report?
273  if(error)
274  return error;
275 
276  //Get the length of the resulting sequence
277  length = tag.totalLength;
278  }
279 
280  //Total number of bytes that have been written
281  *written = length;
282 
283  //Successful processing
284  return NO_ERROR;
285 }
286 
287 
288 /**
289  * @brief Format ExtensionRequest attribute
290  * @param[in] extensionReq Value of the attribute
291  * @param[out] output Buffer where to format the ASN.1 structure
292  * @param[out] written Length of the resulting ASN.1 structure
293  * @return Error code
294  **/
295 
296 error_t x509FormatExtensionRequest(const X509Extensions *extensionReq,
297  uint8_t *output, size_t *written)
298 {
299  error_t error;
300  size_t n;
301  size_t m;
302  size_t length;
303  uint8_t *p;
304  Asn1Tag tag;
305 
306  //Point to the buffer where to write the ASN.1 structure
307  p = output;
308  //Length of the ASN.1 structure
309  length = 0;
310 
311  //Format attribute identifier
312  tag.constructed = FALSE;
313  tag.objClass = ASN1_CLASS_UNIVERSAL;
314  tag.objType = ASN1_TYPE_OBJECT_IDENTIFIER;
315  tag.length = sizeof(PKCS9_EXTENSION_REQUEST_OID);
316  tag.value = PKCS9_EXTENSION_REQUEST_OID;
317 
318  //Write the corresponding ASN.1 tag
319  error = asn1WriteTag(&tag, FALSE, p, &m);
320  //Any error to report?
321  if(error)
322  return error;
323 
324  //Advance data pointer
325  ASN1_INC_POINTER(p, m);
326 
327  //Format NetscapeCertType extension
328  error = x509FormatNsCertType(&extensionReq->nsCertType, p, &n);
329  //Any error to report?
330  if(error)
331  return error;
332 
333  //Advance data pointer
334  ASN1_INC_POINTER(p, n);
335  length += n;
336 
337  //Format BasicConstraints extension
338  error = x509FormatBasicConstraints(&extensionReq->basicConstraints,
339  p, &n);
340  //Any error to report?
341  if(error)
342  return error;
343 
344  //Advance data pointer
345  ASN1_INC_POINTER(p, n);
346  length += n;
347 
348  //Format KeyUsage extension
349  error = x509FormatKeyUsage(&extensionReq->keyUsage, p, &n);
350  //Any error to report?
351  if(error)
352  return error;
353 
354  //Advance data pointer
355  ASN1_INC_POINTER(p, n);
356  length += n;
357 
358  //Format SubjectAltName extension
359  error = x509FormatSubjectAltName(&extensionReq->subjectAltName, p, &n);
360  //Any error to report?
361  if(error)
362  return error;
363 
364  //Advance data pointer
365  ASN1_INC_POINTER(p, n);
366  length += n;
367 
368  //Format SubjectKeyIdentifier extension
369  error = x509FormatSubjectKeyId(&extensionReq->subjectKeyId, p, &n);
370  //Any error to report?
371  if(error)
372  return error;
373 
374  //Advance data pointer
375  ASN1_INC_POINTER(p, n);
376  length += n;
377 
378  //Format AuthorityKeyIdentifier extension
379  error = x509FormatAuthorityKeyId(&extensionReq->authKeyId, p, &n);
380  //Any error to report?
381  if(error)
382  return error;
383 
384  //Advance data pointer
385  ASN1_INC_POINTER(p, n);
386  length += n;
387 
388  //Any extensions written?
389  if(length > 0)
390  {
391  //Point to the first certificate extension
392  if(output != NULL)
393  {
394  p = output + m;
395  }
396  else
397  {
398  p = NULL;
399  }
400 
401  //Certificate extensions are encapsulated within a sequence
402  tag.constructed = TRUE;
403  tag.objClass = ASN1_CLASS_UNIVERSAL;
404  tag.objType = ASN1_TYPE_SEQUENCE;
405  tag.length = length;
406 
407  //Write the corresponding ASN.1 tag
408  error = asn1InsertHeader(&tag, p, &n);
409  //Any error to report?
410  if(error)
411  return error;
412 
413  //Get the length of the resulting sequence
414  length = tag.totalLength;
415 
416  //Attribute value is encapsulated within a set
417  tag.constructed = TRUE;
418  tag.objClass = ASN1_CLASS_UNIVERSAL;
419  tag.objType = ASN1_TYPE_SET;
420  tag.length = length;
421 
422  //Write the corresponding ASN.1 tag
423  error = asn1InsertHeader(&tag, p, &n);
424  //Any error to report?
425  if(error)
426  return error;
427 
428  //Get the length of the resulting tag
429  length = tag.totalLength;
430 
431  //The attribute is encapsulated within a sequence
432  tag.constructed = TRUE;
433  tag.objClass = ASN1_CLASS_UNIVERSAL;
434  tag.objType = ASN1_TYPE_SEQUENCE;
435  tag.length = length + m;
436 
437  //Write the corresponding ASN.1 tag
438  error = asn1InsertHeader(&tag, output, &n);
439  //Any error to report?
440  if(error)
441  return error;
442 
443  //Get the length of the resulting sequence
444  length = tag.totalLength;
445  }
446 
447  //Total number of bytes that have been written
448  *written = length;
449 
450  //Successful processing
451  return NO_ERROR;
452 }
453 
454 #endif
x509FormatSubjectKeyId
error_t x509FormatSubjectKeyId(const X509SubjectKeyId *subjectKeyId, uint8_t *output, size_t *written)
Format SubjectKeyIdentifier extension.
Definition: x509_cert_ext_format.c:1065
p
uint8_t p
Definition: ndp.h:300
x509FormatBasicConstraints
error_t x509FormatBasicConstraints(const X509BasicConstraints *basicConstraints, uint8_t *output, size_t *written)
Format BasicConstraints extension.
Definition: x509_cert_ext_format.c:305
X509Extensions::keyUsage
X509KeyUsage keyUsage
Definition: x509_common.h:1055
TRUE
#define TRUE
Definition: os_port.h:50
asn1InsertHeader
error_t asn1InsertHeader(Asn1Tag *tag, uint8_t *data, size_t *written)
Insert an ASN.1 tag header.
Definition: asn1.c:643
X509ChallengePassword::value
const char_t * value
Definition: x509_common.h:1275
X509Extensions::nsCertType
X509NsCertType nsCertType
Definition: x509_common.h:1063
attributes
uint8_t attributes[]
Definition: radius.h:88
PKCS9_CHALLENGE_PASSWORD_OID
const uint8_t PKCS9_CHALLENGE_PASSWORD_OID[9]
Definition: x509_common.c:164
X509Extensions::authKeyId
X509AuthKeyId authKeyId
Definition: x509_common.h:1059
x509_cert_format.h
X.509 certificate formatting.
x509FormatSubjectAltName
error_t x509FormatSubjectAltName(const X509SubjectAltName *subjectAltName, uint8_t *output, size_t *written)
Format SubjectAltName extension.
Definition: x509_cert_ext_format.c:931
x509FormatSubjectPublicKeyInfo
error_t x509FormatSubjectPublicKeyInfo(const X509SubjectPublicKeyInfo *publicKeyInfo, const void *publicKey, uint8_t *keyId, uint8_t *output, size_t *written)
Format SubjectPublicKeyInfo structure.
Definition: x509_key_format.c:57
Asn1Tag::totalLength
size_t totalLength
Definition: asn1.h:111
Asn1Tag::length
size_t length
Definition: asn1.h:109
X509CertRequestInfo::subjectPublicKeyInfo
X509SubjectPublicKeyInfo subjectPublicKeyInfo
Definition: x509_common.h:1312
FALSE
#define FALSE
Definition: os_port.h:46
error_t
error_t
Error codes.
Definition: error.h:43
ASN1_CLASS_UNIVERSAL
#define ASN1_CLASS_UNIVERSAL
Definition: asn1.h:52
X509Extensions::basicConstraints
X509BasicConstraints basicConstraints
Definition: x509_common.h:1053
Asn1Tag
ASN.1 tag.
Definition: asn1.h:105
ASN1_INC_POINTER
#define ASN1_INC_POINTER(p, n)
Definition: asn1.h:58
x509_csr_format.h
CSR (Certificate Signing Request) formatting.
crypto.h
General definitions for cryptographic algorithms.
X509CertRequestInfo::version
X509Version version
Definition: x509_common.h:1310
asn1WriteTag
error_t asn1WriteTag(Asn1Tag *tag, bool_t reverse, uint8_t *data, size_t *written)
Write an ASN.1 tag.
Definition: asn1.c:334
Asn1Tag::objClass
uint_t objClass
Definition: asn1.h:107
ASN1_TYPE_PRINTABLE_STRING
@ ASN1_TYPE_PRINTABLE_STRING
Definition: asn1.h:86
length
uint8_t length
Definition: tcp.h:375
X509CertRequestInfo
CertificationRequestInfo structure.
Definition: x509_common.h:1308
X509Extensions::subjectAltName
X509SubjectAltName subjectAltName
Definition: x509_common.h:1057
x509FormatExtensionRequest
error_t x509FormatExtensionRequest(const X509Extensions *extensionReq, uint8_t *output, size_t *written)
Format ExtensionRequest attribute.
Definition: x509_csr_format.c:296
x509FormatChallengePassword
error_t x509FormatChallengePassword(const X509ChallengePassword *challengePwd, uint8_t *output, size_t *written)
Format ChallengePassword attribute.
Definition: x509_csr_format.c:201
x509_key_format.h
Formatting of ASN.1 encoded keys.
x509FormatAuthorityKeyId
error_t x509FormatAuthorityKeyId(const X509AuthKeyId *authKeyId, uint8_t *output, size_t *written)
Format AuthorityKeyIdentifier extension.
Definition: x509_cert_ext_format.c:1163
m
uint8_t m
Definition: ndp.h:304
n
uint8_t n
Definition: dhcpv6_common.h:416
ASN1_CLASS_CONTEXT_SPECIFIC
#define ASN1_CLASS_CONTEXT_SPECIFIC
Definition: asn1.h:54
x509FormatName
error_t x509FormatName(const X509Name *name, uint8_t *output, size_t *written)
Format Name structure.
Definition: x509_cert_format.c:321
X509Attributes
CSR attributes.
Definition: x509_common.h:1296
Asn1Tag::constructed
bool_t constructed
Definition: asn1.h:106
x509FormatKeyUsage
error_t x509FormatKeyUsage(const X509KeyUsage *keyUsage, uint8_t *output, size_t *written)
Format KeyUsage extension.
Definition: x509_cert_ext_format.c:489
ASN1_TYPE_OBJECT_IDENTIFIER
@ ASN1_TYPE_OBJECT_IDENTIFIER
Definition: asn1.h:77
ASN1_TYPE_SEQUENCE
@ ASN1_TYPE_SEQUENCE
Definition: asn1.h:83
X509Extensions
X.509 certificate extensions.
Definition: x509_common.h:1051
x509FormatAttributes
error_t x509FormatAttributes(const X509Attributes *attributes, uint8_t *output, size_t *written)
Format CSR attributes.
Definition: x509_csr_format.c:139
x509_cert_ext_format.h
X.509 extension formatting.
x509FormatNsCertType
error_t x509FormatNsCertType(const X509NsCertType *nsCertType, uint8_t *output, size_t *written)
Format NetscapeCertType extension.
Definition: x509_cert_ext_format.c:1276
x509FormatCertRequestInfo
error_t x509FormatCertRequestInfo(const X509CertRequestInfo *certReqInfo, const void *publicKey, uint8_t *output, size_t *written)
Format CertificationRequestInfo structure.
Definition: x509_csr_format.c:56
asn1WriteInt32
error_t asn1WriteInt32(int32_t value, bool_t reverse, uint8_t *data, size_t *written)
Write a 32-bit integer to the output stream.
Definition: asn1.c:781
X509Extensions::subjectKeyId
X509SubjectKeyId subjectKeyId
Definition: x509_common.h:1058
X509CertRequestInfo::attributes
X509Attributes attributes
Definition: x509_common.h:1313
ASN1_TYPE_SET
@ ASN1_TYPE_SET
Definition: asn1.h:84
Asn1Tag::value
const uint8_t * value
Definition: asn1.h:110
PKCS9_EXTENSION_REQUEST_OID
const uint8_t PKCS9_EXTENSION_REQUEST_OID[9]
Definition: x509_common.c:166
X509ChallengePassword
PKCS #9 ChallengePassword attribute.
Definition: x509_common.h:1274
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
debug.h
Debugging facilities.
Asn1Tag::objType
uint_t objType
Definition: asn1.h:108
asn1.h
ASN.1 (Abstract Syntax Notation One)