1/*
2 * X.509 certificate writing
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19/*
20 * References:
21 * - certificates: RFC 5280, updated by RFC 6818
22 * - CSRs: PKCS#10 v1.7 aka RFC 2986
23 * - attributes: PKCS#9 v2.0 aka RFC 2985
24 */
25
26#include "common.h"
27
28#if defined(MBEDTLS_X509_CRT_WRITE_C)
29
30#include "mbedtls/x509_crt.h"
31#include "mbedtls/asn1write.h"
32#include "mbedtls/error.h"
33#include "mbedtls/oid.h"
34#include "mbedtls/platform_util.h"
35#include "mbedtls/sha1.h"
36
37#include <string.h>
38
39#if defined(MBEDTLS_PEM_WRITE_C)
40#include "mbedtls/pem.h"
41#endif /* MBEDTLS_PEM_WRITE_C */
42
43void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
44{
45 memset(ctx, 0, sizeof(mbedtls_x509write_cert));
46
47 mbedtls_mpi_init(&ctx->serial);
48 ctx->version = MBEDTLS_X509_CRT_VERSION_3;
49}
50
51void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
52{
53 mbedtls_mpi_free(&ctx->serial);
54
55 mbedtls_asn1_free_named_data_list(&ctx->subject);
56 mbedtls_asn1_free_named_data_list(&ctx->issuer);
57 mbedtls_asn1_free_named_data_list(&ctx->extensions);
58
59 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_cert));
60}
61
62void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx,
63 int version)
64{
65 ctx->version = version;
66}
67
68void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx,
69 mbedtls_md_type_t md_alg)
70{
71 ctx->md_alg = md_alg;
72}
73
74void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx,
75 mbedtls_pk_context *key)
76{
77 ctx->subject_key = key;
78}
79
80void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx,
81 mbedtls_pk_context *key)
82{
83 ctx->issuer_key = key;
84}
85
86int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx,
87 const char *subject_name)
88{
89 return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
90}
91
92int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
93 const char *issuer_name)
94{
95 return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name);
96}
97
98int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
99 const mbedtls_mpi *serial)
100{
101 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
102
103 if (mbedtls_mpi_size(serial) > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
104 return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
105 }
106
107 if ((ret = mbedtls_mpi_copy(&ctx->serial, serial)) != 0) {
108 return ret;
109 }
110
111 return 0;
112}
113
114int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx,
115 const char *not_before,
116 const char *not_after)
117{
118 if (strlen(not_before) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
119 strlen(not_after) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1) {
120 return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
121 }
122 strncpy(ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN);
123 strncpy(ctx->not_after, not_after, MBEDTLS_X509_RFC5280_UTC_TIME_LEN);
124 ctx->not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
125 ctx->not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
126
127 return 0;
128}
129
130int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
131 const char *oid, size_t oid_len,
132 int critical,
133 const unsigned char *val, size_t val_len)
134{
135 return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len,
136 critical, val, val_len);
137}
138
139int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
140 int is_ca, int max_pathlen)
141{
142 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
143 unsigned char buf[9];
144 unsigned char *c = buf + sizeof(buf);
145 size_t len = 0;
146
147 memset(buf, 0, sizeof(buf));
148
149 if (is_ca && max_pathlen > 127) {
150 return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
151 }
152
153 if (is_ca) {
154 if (max_pathlen >= 0) {
155 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf,
156 max_pathlen));
157 }
158 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(&c, buf, 1));
159 }
160
161 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
162 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
163 MBEDTLS_ASN1_CONSTRUCTED |
164 MBEDTLS_ASN1_SEQUENCE));
165
166 return
167 mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
168 MBEDTLS_OID_SIZE(MBEDTLS_OID_BASIC_CONSTRAINTS),
169 is_ca, buf + sizeof(buf) - len, len);
170}
171
172#if defined(MBEDTLS_SHA1_C)
173int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
174{
175 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
176 unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
177 unsigned char *c = buf + sizeof(buf);
178 size_t len = 0;
179
180 memset(buf, 0, sizeof(buf));
181 MBEDTLS_ASN1_CHK_ADD(len,
182 mbedtls_pk_write_pubkey(&c, buf, ctx->subject_key));
183
184 ret = mbedtls_sha1_ret(buf + sizeof(buf) - len, len,
185 buf + sizeof(buf) - 20);
186 if (ret != 0) {
187 return ret;
188 }
189 c = buf + sizeof(buf) - 20;
190 len = 20;
191
192 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
193 MBEDTLS_ASN1_CHK_ADD(len,
194 mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_OCTET_STRING));
195
196 return mbedtls_x509write_crt_set_extension(ctx,
197 MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
198 MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER),
199 0, buf + sizeof(buf) - len, len);
200}
201
202int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
203{
204 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
205 unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
206 unsigned char *c = buf + sizeof(buf);
207 size_t len = 0;
208
209 memset(buf, 0, sizeof(buf));
210 MBEDTLS_ASN1_CHK_ADD(len,
211 mbedtls_pk_write_pubkey(&c, buf, ctx->issuer_key));
212
213 ret = mbedtls_sha1_ret(buf + sizeof(buf) - len, len,
214 buf + sizeof(buf) - 20);
215 if (ret != 0) {
216 return ret;
217 }
218 c = buf + sizeof(buf) - 20;
219 len = 20;
220
221 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
222 MBEDTLS_ASN1_CHK_ADD(len,
223 mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0));
224
225 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
226 MBEDTLS_ASN1_CHK_ADD(len,
227 mbedtls_asn1_write_tag(&c, buf,
228 MBEDTLS_ASN1_CONSTRUCTED |
229 MBEDTLS_ASN1_SEQUENCE));
230
231 return mbedtls_x509write_crt_set_extension(
232 ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
233 MBEDTLS_OID_SIZE(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER),
234 0, buf + sizeof(buf) - len, len);
235}
236#endif /* MBEDTLS_SHA1_C */
237
238int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
239 unsigned int key_usage)
240{
241 unsigned char buf[5] = { 0 }, ku[2] = { 0 };
242 unsigned char *c;
243 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
244 const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
245 MBEDTLS_X509_KU_NON_REPUDIATION |
246 MBEDTLS_X509_KU_KEY_ENCIPHERMENT |
247 MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
248 MBEDTLS_X509_KU_KEY_AGREEMENT |
249 MBEDTLS_X509_KU_KEY_CERT_SIGN |
250 MBEDTLS_X509_KU_CRL_SIGN |
251 MBEDTLS_X509_KU_ENCIPHER_ONLY |
252 MBEDTLS_X509_KU_DECIPHER_ONLY;
253
254 /* Check that nothing other than the allowed flags is set */
255 if ((key_usage & ~allowed_bits) != 0) {
256 return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
257 }
258
259 c = buf + 5;
260 MBEDTLS_PUT_UINT16_LE(key_usage, ku, 0);
261 ret = mbedtls_asn1_write_named_bitstring(&c, buf, ku, 9);
262
263 if (ret < 0) {
264 return ret;
265 } else if (ret < 3 || ret > 5) {
266 return MBEDTLS_ERR_X509_INVALID_FORMAT;
267 }
268
269 ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_KEY_USAGE,
270 MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE),
271 1, c, (size_t) ret);
272 if (ret != 0) {
273 return ret;
274 }
275
276 return 0;
277}
278
279int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
280 unsigned char ns_cert_type)
281{
282 unsigned char buf[4] = { 0 };
283 unsigned char *c;
284 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
285
286 c = buf + 4;
287
288 ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8);
289 if (ret < 3 || ret > 4) {
290 return ret;
291 }
292
293 ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE,
294 MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE),
295 0, c, (size_t) ret);
296 if (ret != 0) {
297 return ret;
298 }
299
300 return 0;
301}
302
303static int x509_write_time(unsigned char **p, unsigned char *start,
304 const char *t, size_t size)
305{
306 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
307 size_t len = 0;
308
309 /*
310 * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
311 */
312 if (t[0] < '2' || (t[0] == '2' && t[1] == '0' && t[2] < '5')) {
313 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
314 (const unsigned char *) t + 2,
315 size - 2));
316 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
317 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
318 MBEDTLS_ASN1_UTC_TIME));
319 } else {
320 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
321 (const unsigned char *) t,
322 size));
323 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
324 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
325 MBEDTLS_ASN1_GENERALIZED_TIME));
326 }
327
328 return (int) len;
329}
330
331int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
332 unsigned char *buf, size_t size,
333 int (*f_rng)(void *, unsigned char *, size_t),
334 void *p_rng)
335{
336 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
337 const char *sig_oid;
338 size_t sig_oid_len = 0;
339 unsigned char *c, *c2;
340 unsigned char hash[64];
341 unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
342 size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
343 size_t len = 0;
344 mbedtls_pk_type_t pk_alg;
345
346 /*
347 * Prepare data to be signed at the end of the target buffer
348 */
349 c = buf + size;
350
351 /* Signature algorithm needed in TBS, and later for actual signature */
352
353 /* There's no direct way of extracting a signature algorithm
354 * (represented as an element of mbedtls_pk_type_t) from a PK instance. */
355 if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) {
356 pk_alg = MBEDTLS_PK_RSA;
357 } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) {
358 pk_alg = MBEDTLS_PK_ECDSA;
359 } else {
360 return MBEDTLS_ERR_X509_INVALID_ALG;
361 }
362
363 if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
364 &sig_oid, &sig_oid_len)) != 0) {
365 return ret;
366 }
367
368 /*
369 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
370 */
371
372 /* Only for v3 */
373 if (ctx->version == MBEDTLS_X509_CRT_VERSION_3) {
374 MBEDTLS_ASN1_CHK_ADD(len,
375 mbedtls_x509_write_extensions(&c,
376 buf, ctx->extensions));
377 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
378 MBEDTLS_ASN1_CHK_ADD(len,
379 mbedtls_asn1_write_tag(&c, buf,
380 MBEDTLS_ASN1_CONSTRUCTED |
381 MBEDTLS_ASN1_SEQUENCE));
382 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
383 MBEDTLS_ASN1_CHK_ADD(len,
384 mbedtls_asn1_write_tag(&c, buf,
385 MBEDTLS_ASN1_CONTEXT_SPECIFIC |
386 MBEDTLS_ASN1_CONSTRUCTED | 3));
387 }
388
389 /*
390 * SubjectPublicKeyInfo
391 */
392 MBEDTLS_ASN1_CHK_ADD(pub_len,
393 mbedtls_pk_write_pubkey_der(ctx->subject_key,
394 buf, c - buf));
395 c -= pub_len;
396 len += pub_len;
397
398 /*
399 * Subject ::= Name
400 */
401 MBEDTLS_ASN1_CHK_ADD(len,
402 mbedtls_x509_write_names(&c, buf,
403 ctx->subject));
404
405 /*
406 * Validity ::= SEQUENCE {
407 * notBefore Time,
408 * notAfter Time }
409 */
410 sub_len = 0;
411
412 MBEDTLS_ASN1_CHK_ADD(sub_len,
413 x509_write_time(&c, buf, ctx->not_after,
414 MBEDTLS_X509_RFC5280_UTC_TIME_LEN));
415
416 MBEDTLS_ASN1_CHK_ADD(sub_len,
417 x509_write_time(&c, buf, ctx->not_before,
418 MBEDTLS_X509_RFC5280_UTC_TIME_LEN));
419
420 len += sub_len;
421 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, sub_len));
422 MBEDTLS_ASN1_CHK_ADD(len,
423 mbedtls_asn1_write_tag(&c, buf,
424 MBEDTLS_ASN1_CONSTRUCTED |
425 MBEDTLS_ASN1_SEQUENCE));
426
427 /*
428 * Issuer ::= Name
429 */
430 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf,
431 ctx->issuer));
432
433 /*
434 * Signature ::= AlgorithmIdentifier
435 */
436 MBEDTLS_ASN1_CHK_ADD(len,
437 mbedtls_asn1_write_algorithm_identifier(&c, buf,
438 sig_oid, strlen(sig_oid), 0));
439
440 /*
441 * Serial ::= INTEGER
442 */
443 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&c, buf,
444 &ctx->serial));
445
446 /*
447 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
448 */
449
450 /* Can be omitted for v1 */
451 if (ctx->version != MBEDTLS_X509_CRT_VERSION_1) {
452 sub_len = 0;
453 MBEDTLS_ASN1_CHK_ADD(sub_len,
454 mbedtls_asn1_write_int(&c, buf, ctx->version));
455 len += sub_len;
456 MBEDTLS_ASN1_CHK_ADD(len,
457 mbedtls_asn1_write_len(&c, buf, sub_len));
458 MBEDTLS_ASN1_CHK_ADD(len,
459 mbedtls_asn1_write_tag(&c, buf,
460 MBEDTLS_ASN1_CONTEXT_SPECIFIC |
461 MBEDTLS_ASN1_CONSTRUCTED | 0));
462 }
463
464 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
465 MBEDTLS_ASN1_CHK_ADD(len,
466 mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
467 MBEDTLS_ASN1_SEQUENCE));
468
469 /*
470 * Make signature
471 */
472
473 /* Compute hash of CRT. */
474 if ((ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c,
475 len, hash)) != 0) {
476 return ret;
477 }
478
479 if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
480 hash, 0, sig, &sig_len,
481 f_rng, p_rng)) != 0) {
482 return ret;
483 }
484
485 /* Move CRT to the front of the buffer to have space
486 * for the signature. */
487 memmove(buf, c, len);
488 c = buf + len;
489
490 /* Add signature at the end of the buffer,
491 * making sure that it doesn't underflow
492 * into the CRT buffer. */
493 c2 = buf + size;
494 MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c,
495 sig_oid, sig_oid_len, sig,
496 sig_len));
497
498 /*
499 * Memory layout after this step:
500 *
501 * buf c=buf+len c2 buf+size
502 * [CRT0,...,CRTn, UNUSED, ..., UNUSED, SIG0, ..., SIGm]
503 */
504
505 /* Move raw CRT to just before the signature. */
506 c = c2 - len;
507 memmove(c, buf, len);
508
509 len += sig_and_oid_len;
510 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
511 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
512 MBEDTLS_ASN1_CONSTRUCTED |
513 MBEDTLS_ASN1_SEQUENCE));
514
515 return (int) len;
516}
517
518#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n"
519#define PEM_END_CRT "-----END CERTIFICATE-----\n"
520
521#if defined(MBEDTLS_PEM_WRITE_C)
522int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt,
523 unsigned char *buf, size_t size,
524 int (*f_rng)(void *, unsigned char *, size_t),
525 void *p_rng)
526{
527 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
528 size_t olen;
529
530 if ((ret = mbedtls_x509write_crt_der(crt, buf, size,
531 f_rng, p_rng)) < 0) {
532 return ret;
533 }
534
535 if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT,
536 buf + size - ret, ret,
537 buf, size, &olen)) != 0) {
538 return ret;
539 }
540
541 return 0;
542}
543#endif /* MBEDTLS_PEM_WRITE_C */
544
545#endif /* MBEDTLS_X509_CRT_WRITE_C */
546