34 #if defined(POLARSSL_X509_CRT_WRITE_C)
41 #if defined(POLARSSL_PEM_WRITE_C)
85 const char *subject_name )
91 const char *issuer_name )
107 const char *not_after )
123 const char *oid,
size_t oid_len,
125 const unsigned char *val,
size_t val_len )
128 critical, val, val_len );
132 int is_ca,
int max_pathlen )
135 unsigned char buf[9];
136 unsigned char *c = buf +
sizeof(buf);
139 memset( buf, 0,
sizeof(buf) );
141 if( is_ca && max_pathlen > 127 )
146 if( max_pathlen >= 0 )
158 0, buf +
sizeof(buf) - len, len );
161 #if defined(POLARSSL_SHA1_C)
166 unsigned char *c = buf +
sizeof(buf);
169 memset( buf, 0,
sizeof(buf));
172 sha1( buf +
sizeof(buf) - len, len, buf +
sizeof(buf) - 20 );
173 c = buf +
sizeof(buf) - 20;
181 0, buf +
sizeof(buf) - len, len );
188 unsigned char *c = buf +
sizeof(buf);
191 memset( buf, 0,
sizeof(buf));
194 sha1( buf +
sizeof(buf) - len, len, buf +
sizeof(buf) - 20 );
195 c = buf +
sizeof(buf) - 20;
206 0, buf +
sizeof(buf) - len, len );
212 unsigned char buf[4];
231 unsigned char ns_cert_type )
233 unsigned char buf[4];
251 static int x509_write_time(
unsigned char **p,
unsigned char *start,
252 const char *time,
size_t size )
260 if( time[0] ==
'2' && time[1] ==
'0' && time [2] <
'5' )
263 (
const unsigned char *) time + 2,
271 (
const unsigned char *) time,
281 int (*f_rng)(
void *,
unsigned char *,
size_t),
286 size_t sig_oid_len = 0;
287 unsigned char *c, *c2;
288 unsigned char hash[64];
290 unsigned char tmp_buf[2048];
291 size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
298 c = tmp_buf +
sizeof( tmp_buf );
306 &sig_oid, &sig_oid_len ) ) != 0 )
324 tmp_buf, c - tmp_buf ) );
359 sig_oid, strlen( sig_oid ), 0 ) );
384 f_rng, p_rng ) ) != 0 )
394 sig_oid, sig_oid_len, sig, sig_len ) );
397 memcpy( c2, c, len );
399 len += sig_and_oid_len;
406 #define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n"
407 #define PEM_END_CRT "-----END CERTIFICATE-----\n"
409 #if defined(POLARSSL_PEM_WRITE_C)
411 int (*f_rng)(
void *,
unsigned char *,
size_t),
415 unsigned char output_buf[4096];
419 f_rng, p_rng ) ) < 0 )
424 if( ( ret = pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
425 output_buf +
sizeof(output_buf) - ret,
426 ret, buf, size, &olen ) ) != 0 )
int md(const md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output)
Output = message_digest( input buffer )
void x509write_crt_set_version(x509write_cert *ctx, int version)
Set the verion for a Certificate Default: X509_CRT_VERSION_3.
int x509write_crt_der(x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! ...
int x509_set_extension(asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
int x509_string_to_names(asn1_named_data **head, const char *name)
int x509write_crt_set_validity(x509write_cert *ctx, const char *not_before, const char *not_after)
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i...
#define ASN1_GENERALIZED_TIME
char not_after[X509_RFC5280_UTC_TIME_LEN+1]
#define POLARSSL_MPI_MAX_SIZE
Maximum number of bytes for usable MPIs.
void sha1(const unsigned char *input, size_t ilen, unsigned char output[20])
Output = SHA-1( input buffer )
asn1_named_data * extensions
Configuration options (set of defines)
void x509write_crt_set_md_alg(x509write_cert *ctx, md_type_t md_alg)
Set the MD algorithm to use for the signature (e.g.
pk_type_t pk_get_type(const pk_context *ctx)
Get the key type.
void mpi_init(mpi *X)
Initialize one MPI.
Object Identifier (OID) database.
#define OID_SIZE(x)
Returns the size of the binary string, without the trailing \0.
int asn1_write_len(unsigned char **p, unsigned char *start, size_t len)
Write a length field in ASN.1 format Note: function works backwards in data buffer.
int x509_write_names(unsigned char **p, unsigned char *start, asn1_named_data *first)
const md_info_t * md_info_from_type(md_type_t md_type)
Returns the message digest information associated with the given digest type.
int pk_write_pubkey(unsigned char **p, unsigned char *start, const pk_context *key)
Write a subjectPublicKey to ASN.1 data Note: function works backwards in data buffer.
int x509write_crt_set_key_usage(x509write_cert *ctx, unsigned char key_usage)
Set the Key Usage Extension flags (e.g.
void x509write_crt_free(x509write_cert *ctx)
Free the contents of a CRT write context.
Privacy Enhanced Mail (PEM) decoding.
#define X509_CRT_VERSION_3
int x509write_crt_set_subject_key_identifier(x509write_cert *ctx)
Set the subjectKeyIdentifier extension for a CRT Requires that x509write_crt_set_subject_key() has be...
char not_before[X509_RFC5280_UTC_TIME_LEN+1]
int asn1_write_raw_buffer(unsigned char **p, unsigned char *start, const unsigned char *buf, size_t size)
Write raw buffer data Note: function works backwards in data buffer.
int x509write_crt_set_extension(x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
Generic function to add to or replace an extension in the CRT.
int x509write_crt_set_issuer_name(x509write_cert *ctx, const char *issuer_name)
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types...
#define OID_AUTHORITY_KEY_IDENTIFIER
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
void mpi_free(mpi *X)
Unallocate one MPI.
int x509_write_extensions(unsigned char **p, unsigned char *start, asn1_named_data *first)
#define OID_BASIC_CONSTRAINTS
id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
X.509 certificate parsing and writing.
void x509write_crt_set_issuer_key(x509write_cert *ctx, pk_context *key)
Set the issuer key used for signing the certificate.
pk_type_t
Public key types.
int x509write_crt_set_serial(x509write_cert *ctx, const mpi *serial)
Set the serial number for a Certificate.
int pk_write_pubkey_der(pk_context *key, unsigned char *buf, size_t size)
Write a public key to a SubjectPublicKeyInfo DER structure Note: data is written at the end of the bu...
#define ASN1_CONTEXT_SPECIFIC
int asn1_write_mpi(unsigned char **p, unsigned char *start, mpi *X)
Write a big number (ASN1_INTEGER) in ASN.1 format Note: function works backwards in data buffer...
int x509write_crt_set_authority_key_identifier(x509write_cert *ctx)
Set the authorityKeyIdentifier extension for a CRT Requires that x509write_crt_set_issuer_key() has b...
int x509write_crt_set_ns_cert_type(x509write_cert *ctx, unsigned char ns_cert_type)
Set the Netscape Cert Type flags (e.g.
int asn1_write_bitstring(unsigned char **p, unsigned char *start, const unsigned char *buf, size_t bits)
Write a bitstring tag (ASN1_BIT_STRING) and value in ASN.1 format Note: function works backwards in d...
Container for writing a certificate (CRT)
int asn1_write_int(unsigned char **p, unsigned char *start, int val)
Write an int tag (ASN1_INTEGER) and value in ASN.1 format Note: function works backwards in data buff...
#define OID_SUBJECT_KEY_IDENTIFIER
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
int x509write_crt_set_subject_name(x509write_cert *ctx, const char *subject_name)
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID typ...
void asn1_free_named_data_list(asn1_named_data **head)
Free all entries in a asn1_named_data list Head will be set to NULL.
#define ASN1_CHK_ADD(g, f)
int asn1_write_algorithm_identifier(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, size_t par_len)
Write an AlgorithmIdentifier sequence in ASN.1 format Note: function works backwards in data buffer...
int pk_sign(pk_context *ctx, md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Make signature.
SHA-1 cryptographic hash function.
int x509write_crt_set_basic_constraints(x509write_cert *ctx, int is_ca, int max_pathlen)
Set the basicConstraints extension for a CRT.
int mpi_copy(mpi *X, const mpi *Y)
Copy the contents of Y into X.
int asn1_write_bool(unsigned char **p, unsigned char *start, int boolean)
Write a boolean tag (ASN1_BOOLEAN) and value in ASN.1 format Note: function works backwards in data b...
int x509_write_sig(unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size)
ASN.1 buffer writing functionality.
#define ASN1_OCTET_STRING
void x509write_crt_init(x509write_cert *ctx)
Initialize a CRT writing context.
#define POLARSSL_ERR_X509_BAD_INPUT_DATA
Input invalid.
int asn1_write_tag(unsigned char **p, unsigned char *start, unsigned char tag)
Write a ASN.1 tag in ASN.1 format Note: function works backwards in data buffer.
void x509write_crt_set_subject_key(x509write_cert *ctx, pk_context *key)
Set the subject public key for the certificate.
int x509write_crt_pem(x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 PEM string.
#define X509_RFC5280_UTC_TIME_LEN
int oid_get_oid_by_sig_alg(pk_type_t pk_alg, md_type_t md_alg, const char **oid, size_t *olen)
Translate md_type and pk_type into SignatureAlgorithm OID.
asn1_named_data * subject
#define OID_KEY_USAGE
id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }