1/*
2 * X.509 Certificate Signing Request writing
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19/*
20 * References:
21 * - CSRs: PKCS#10 v1.7 aka RFC 2986
22 * - attributes: PKCS#9 v2.0 aka RFC 2985
23 */
24
25#include "common.h"
26
27#if defined(MBEDTLS_X509_CSR_WRITE_C)
28
29#include "mbedtls/x509_csr.h"
30#include "mbedtls/asn1write.h"
31#include "mbedtls/error.h"
32#include "mbedtls/oid.h"
33#include "mbedtls/platform_util.h"
34
35#if defined(MBEDTLS_USE_PSA_CRYPTO)
36#include "psa/crypto.h"
37#include "mbedtls/psa_util.h"
38#endif
39
40#include <string.h>
41#include <stdlib.h>
42
43#if defined(MBEDTLS_PEM_WRITE_C)
44#include "mbedtls/pem.h"
45#endif
46
47#include "mbedtls/platform.h"
48
49void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx)
50{
51 memset(ctx, 0, sizeof(mbedtls_x509write_csr));
52}
53
54void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx)
55{
56 mbedtls_asn1_free_named_data_list(&ctx->subject);
57 mbedtls_asn1_free_named_data_list(&ctx->extensions);
58
59 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_csr));
60}
61
62void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg)
63{
64 ctx->md_alg = md_alg;
65}
66
67void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key)
68{
69 ctx->key = key;
70}
71
72int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx,
73 const char *subject_name)
74{
75 return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
76}
77
78int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx,
79 const char *oid, size_t oid_len,
80 const unsigned char *val, size_t val_len)
81{
82 return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len,
83 0, val, val_len);
84}
85
86int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage)
87{
88 unsigned char buf[4] = { 0 };
89 unsigned char *c;
90 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
91
92 c = buf + 4;
93
94 ret = mbedtls_asn1_write_named_bitstring(&c, buf, &key_usage, 8);
95 if (ret < 3 || ret > 4) {
96 return ret;
97 }
98
99 ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_KEY_USAGE,
100 MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE),
101 c, (size_t) ret);
102 if (ret != 0) {
103 return ret;
104 }
105
106 return 0;
107}
108
109int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
110 unsigned char ns_cert_type)
111{
112 unsigned char buf[4] = { 0 };
113 unsigned char *c;
114 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
115
116 c = buf + 4;
117
118 ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8);
119 if (ret < 3 || ret > 4) {
120 return ret;
121 }
122
123 ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE,
124 MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE),
125 c, (size_t) ret);
126 if (ret != 0) {
127 return ret;
128 }
129
130 return 0;
131}
132
133static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
134 unsigned char *buf,
135 size_t size,
136 unsigned char *sig,
137 int (*f_rng)(void *, unsigned char *, size_t),
138 void *p_rng)
139{
140 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
141 const char *sig_oid;
142 size_t sig_oid_len = 0;
143 unsigned char *c, *c2;
144 unsigned char hash[64];
145 size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
146 size_t len = 0;
147 mbedtls_pk_type_t pk_alg;
148#if defined(MBEDTLS_USE_PSA_CRYPTO)
149 psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
150 size_t hash_len;
151 psa_algorithm_t hash_alg = mbedtls_psa_translate_md(ctx->md_alg);
152#endif /* MBEDTLS_USE_PSA_CRYPTO */
153
154 /* Write the CSR backwards starting from the end of buf */
155 c = buf + size;
156
157 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_extensions(&c, buf,
158 ctx->extensions));
159
160 if (len) {
161 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
162 MBEDTLS_ASN1_CHK_ADD(len,
163 mbedtls_asn1_write_tag(
164 &c, buf,
165 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
166
167 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
168 MBEDTLS_ASN1_CHK_ADD(len,
169 mbedtls_asn1_write_tag(
170 &c, buf,
171 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET));
172
173 MBEDTLS_ASN1_CHK_ADD(len,
174 mbedtls_asn1_write_oid(
175 &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
176 MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS9_CSR_EXT_REQ)));
177
178 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
179 MBEDTLS_ASN1_CHK_ADD(len,
180 mbedtls_asn1_write_tag(
181 &c, buf,
182 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
183 }
184
185 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
186 MBEDTLS_ASN1_CHK_ADD(len,
187 mbedtls_asn1_write_tag(
188 &c, buf,
189 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC));
190
191 MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key,
192 buf, c - buf));
193 c -= pub_len;
194 len += pub_len;
195
196 /*
197 * Subject ::= Name
198 */
199 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf,
200 ctx->subject));
201
202 /*
203 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
204 */
205 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0));
206
207 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
208 MBEDTLS_ASN1_CHK_ADD(len,
209 mbedtls_asn1_write_tag(
210 &c, buf,
211 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
212
213 /*
214 * Sign the written CSR data into the sig buffer
215 * Note: hash errors can happen only after an internal error
216 */
217#if defined(MBEDTLS_USE_PSA_CRYPTO)
218 if (psa_hash_setup(&hash_operation, hash_alg) != PSA_SUCCESS) {
219 return MBEDTLS_ERR_X509_FATAL_ERROR;
220 }
221
222 if (psa_hash_update(&hash_operation, c, len) != PSA_SUCCESS) {
223 return MBEDTLS_ERR_X509_FATAL_ERROR;
224 }
225
226 if (psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_len)
227 != PSA_SUCCESS) {
228 return MBEDTLS_ERR_X509_FATAL_ERROR;
229 }
230#else /* MBEDTLS_USE_PSA_CRYPTO */
231 ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash);
232 if (ret != 0) {
233 return ret;
234 }
235#endif
236 if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
237 f_rng, p_rng)) != 0) {
238 return ret;
239 }
240
241 if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) {
242 pk_alg = MBEDTLS_PK_RSA;
243 } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) {
244 pk_alg = MBEDTLS_PK_ECDSA;
245 } else {
246 return MBEDTLS_ERR_X509_INVALID_ALG;
247 }
248
249 if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
250 &sig_oid, &sig_oid_len)) != 0) {
251 return ret;
252 }
253
254 /*
255 * Move the written CSR data to the start of buf to create space for
256 * writing the signature into buf.
257 */
258 memmove(buf, c, len);
259
260 /*
261 * Write sig and its OID into buf backwards from the end of buf.
262 * Note: mbedtls_x509_write_sig will check for c2 - ( buf + len ) < sig_len
263 * and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed.
264 */
265 c2 = buf + size;
266 MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len,
267 mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len,
268 sig, sig_len));
269
270 /*
271 * Compact the space between the CSR data and signature by moving the
272 * CSR data to the start of the signature.
273 */
274 c2 -= len;
275 memmove(c2, buf, len);
276
277 /* ASN encode the total size and tag the CSR data with it. */
278 len += sig_and_oid_len;
279 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c2, buf, len));
280 MBEDTLS_ASN1_CHK_ADD(len,
281 mbedtls_asn1_write_tag(
282 &c2, buf,
283 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
284
285 /* Zero the unused bytes at the start of buf */
286 memset(buf, 0, c2 - buf);
287
288 return (int) len;
289}
290
291int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
292 size_t size,
293 int (*f_rng)(void *, unsigned char *, size_t),
294 void *p_rng)
295{
296 int ret;
297 unsigned char *sig;
298
299 if ((sig = mbedtls_calloc(1, MBEDTLS_PK_SIGNATURE_MAX_SIZE)) == NULL) {
300 return MBEDTLS_ERR_X509_ALLOC_FAILED;
301 }
302
303 ret = x509write_csr_der_internal(ctx, buf, size, sig, f_rng, p_rng);
304
305 mbedtls_free(sig);
306
307 return ret;
308}
309
310#define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n"
311#define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
312
313#if defined(MBEDTLS_PEM_WRITE_C)
314int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
315 int (*f_rng)(void *, unsigned char *, size_t),
316 void *p_rng)
317{
318 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
319 size_t olen = 0;
320
321 if ((ret = mbedtls_x509write_csr_der(ctx, buf, size,
322 f_rng, p_rng)) < 0) {
323 return ret;
324 }
325
326 if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CSR, PEM_END_CSR,
327 buf + size - ret,
328 ret, buf, size, &olen)) != 0) {
329 return ret;
330 }
331
332 return 0;
333}
334#endif /* MBEDTLS_PEM_WRITE_C */
335
336#endif /* MBEDTLS_X509_CSR_WRITE_C */
337