• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  X.509 certificate writing
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 /*
20  * References:
21  * - certificates: RFC 5280, updated by RFC 6818
22  * - CSRs: PKCS#10 v1.7 aka RFC 2986
23  * - attributes: PKCS#9 v2.0 aka RFC 2985
24  */
25 
26 #include "common.h"
27 
28 #if defined(MBEDTLS_X509_CRT_WRITE_C)
29 
30 #include "mbedtls/x509_crt.h"
31 #include "mbedtls/asn1write.h"
32 #include "mbedtls/error.h"
33 #include "mbedtls/oid.h"
34 #include "mbedtls/platform_util.h"
35 #include "mbedtls/md.h"
36 
37 #include <string.h>
38 
39 #if defined(MBEDTLS_PEM_WRITE_C)
40 #include "mbedtls/pem.h"
41 #endif /* MBEDTLS_PEM_WRITE_C */
42 
43 #if defined(MBEDTLS_USE_PSA_CRYPTO)
44 #include "psa/crypto.h"
45 #include "mbedtls/psa_util.h"
46 #endif /* MBEDTLS_USE_PSA_CRYPTO */
47 
48 #include "hash_info.h"
49 #include "mbedtls/legacy_or_psa.h"
50 
mbedtls_x509write_crt_init(mbedtls_x509write_cert * ctx)51 void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
52 {
53     memset(ctx, 0, sizeof(mbedtls_x509write_cert));
54 
55     ctx->version = MBEDTLS_X509_CRT_VERSION_3;
56 }
57 
mbedtls_x509write_crt_free(mbedtls_x509write_cert * ctx)58 void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
59 {
60     mbedtls_asn1_free_named_data_list(&ctx->subject);
61     mbedtls_asn1_free_named_data_list(&ctx->issuer);
62     mbedtls_asn1_free_named_data_list(&ctx->extensions);
63 
64     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_cert));
65 }
66 
mbedtls_x509write_crt_set_version(mbedtls_x509write_cert * ctx,int version)67 void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx,
68                                        int version)
69 {
70     ctx->version = version;
71 }
72 
mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert * ctx,mbedtls_md_type_t md_alg)73 void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx,
74                                       mbedtls_md_type_t md_alg)
75 {
76     ctx->md_alg = md_alg;
77 }
78 
mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert * ctx,mbedtls_pk_context * key)79 void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx,
80                                            mbedtls_pk_context *key)
81 {
82     ctx->subject_key = key;
83 }
84 
mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert * ctx,mbedtls_pk_context * key)85 void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx,
86                                           mbedtls_pk_context *key)
87 {
88     ctx->issuer_key = key;
89 }
90 
mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert * ctx,const char * subject_name)91 int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx,
92                                            const char *subject_name)
93 {
94     return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
95 }
96 
mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert * ctx,const char * issuer_name)97 int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
98                                           const char *issuer_name)
99 {
100     return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name);
101 }
102 
103 #if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert * ctx,const mbedtls_mpi * serial)104 int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
105                                      const mbedtls_mpi *serial)
106 {
107     int ret;
108     size_t tmp_len;
109 
110     /* Ensure that the MPI value fits into the buffer */
111     tmp_len = mbedtls_mpi_size(serial);
112     if (tmp_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
113         return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
114     }
115 
116     ctx->serial_len = tmp_len;
117 
118     ret = mbedtls_mpi_write_binary(serial, ctx->serial, tmp_len);
119     if (ret < 0) {
120         return ret;
121     }
122 
123     return 0;
124 }
125 #endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
126 
mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert * ctx,unsigned char * serial,size_t serial_len)127 int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
128                                          unsigned char *serial, size_t serial_len)
129 {
130     if (serial_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
131         return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
132     }
133 
134     ctx->serial_len = serial_len;
135     memcpy(ctx->serial, serial, serial_len);
136 
137     return 0;
138 }
139 
mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert * ctx,const char * not_before,const char * not_after)140 int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx,
141                                        const char *not_before,
142                                        const char *not_after)
143 {
144     if (strlen(not_before) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
145         strlen(not_after)  != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1) {
146         return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
147     }
148     strncpy(ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN);
149     strncpy(ctx->not_after, not_after, MBEDTLS_X509_RFC5280_UTC_TIME_LEN);
150     ctx->not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
151     ctx->not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1] = 'Z';
152 
153     return 0;
154 }
155 
mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert * ctx,const char * oid,size_t oid_len,int critical,const unsigned char * val,size_t val_len)156 int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
157                                         const char *oid, size_t oid_len,
158                                         int critical,
159                                         const unsigned char *val, size_t val_len)
160 {
161     return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len,
162                                       critical, val, val_len);
163 }
164 
mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert * ctx,int is_ca,int max_pathlen)165 int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
166                                                 int is_ca, int max_pathlen)
167 {
168     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
169     unsigned char buf[9];
170     unsigned char *c = buf + sizeof(buf);
171     size_t len = 0;
172 
173     memset(buf, 0, sizeof(buf));
174 
175     if (is_ca && max_pathlen > 127) {
176         return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
177     }
178 
179     if (is_ca) {
180         if (max_pathlen >= 0) {
181             MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf,
182                                                              max_pathlen));
183         }
184         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_bool(&c, buf, 1));
185     }
186 
187     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
188     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
189                                                      MBEDTLS_ASN1_CONSTRUCTED |
190                                                      MBEDTLS_ASN1_SEQUENCE));
191 
192     return
193         mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
194                                             MBEDTLS_OID_SIZE(MBEDTLS_OID_BASIC_CONSTRAINTS),
195                                             is_ca, buf + sizeof(buf) - len, len);
196 }
197 
198 #if defined(MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert * ctx,int is_ca,unsigned char tag)199 static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx,
200                                                     int is_ca,
201                                                     unsigned char tag)
202 {
203     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
204     unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
205     unsigned char *c = buf + sizeof(buf);
206     size_t len = 0;
207 #if defined(MBEDTLS_USE_PSA_CRYPTO)
208     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
209     size_t hash_length;
210 #endif /* MBEDTLS_USE_PSA_CRYPTO */
211 
212     memset(buf, 0, sizeof(buf));
213     MBEDTLS_ASN1_CHK_ADD(len,
214                          mbedtls_pk_write_pubkey(&c,
215                                                  buf,
216                                                  is_ca ?
217                                                  ctx->issuer_key :
218                                                  ctx->subject_key));
219 
220 
221 #if defined(MBEDTLS_USE_PSA_CRYPTO)
222     status = psa_hash_compute(PSA_ALG_SHA_1,
223                               buf + sizeof(buf) - len,
224                               len,
225                               buf + sizeof(buf) - 20,
226                               20,
227                               &hash_length);
228     if (status != PSA_SUCCESS) {
229         return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
230     }
231 #else
232     ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1),
233                      buf + sizeof(buf) - len, len,
234                      buf + sizeof(buf) - 20);
235     if (ret != 0) {
236         return ret;
237     }
238 #endif /* MBEDTLS_USE_PSA_CRYPTO */
239 
240     c = buf + sizeof(buf) - 20;
241     len = 20;
242 
243     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
244     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, tag));
245 
246     if (is_ca) { // writes AuthorityKeyIdentifier sequence
247         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
248         MBEDTLS_ASN1_CHK_ADD(len,
249                              mbedtls_asn1_write_tag(&c,
250                                                     buf,
251                                                     MBEDTLS_ASN1_CONSTRUCTED |
252                                                     MBEDTLS_ASN1_SEQUENCE));
253     }
254 
255     if (is_ca) {
256         return mbedtls_x509write_crt_set_extension(ctx,
257                                                    MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
258                                                    MBEDTLS_OID_SIZE(
259                                                        MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER),
260                                                    0, buf + sizeof(buf) - len, len);
261     } else {
262         return mbedtls_x509write_crt_set_extension(ctx,
263                                                    MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
264                                                    MBEDTLS_OID_SIZE(
265                                                        MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER),
266                                                    0, buf + sizeof(buf) - len, len);
267     }
268 }
269 
mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert * ctx)270 int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
271 {
272     return mbedtls_x509write_crt_set_key_identifier(ctx,
273                                                     0,
274                                                     MBEDTLS_ASN1_OCTET_STRING);
275 }
276 
mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert * ctx)277 int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
278 {
279     return mbedtls_x509write_crt_set_key_identifier(ctx,
280                                                     1,
281                                                     (MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0));
282 }
283 #endif /* MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
284 
mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert * ctx,unsigned int key_usage)285 int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
286                                         unsigned int key_usage)
287 {
288     unsigned char buf[5] = { 0 }, ku[2] = { 0 };
289     unsigned char *c;
290     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
291     const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
292                                       MBEDTLS_X509_KU_NON_REPUDIATION   |
293                                       MBEDTLS_X509_KU_KEY_ENCIPHERMENT  |
294                                       MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
295                                       MBEDTLS_X509_KU_KEY_AGREEMENT     |
296                                       MBEDTLS_X509_KU_KEY_CERT_SIGN     |
297                                       MBEDTLS_X509_KU_CRL_SIGN          |
298                                       MBEDTLS_X509_KU_ENCIPHER_ONLY     |
299                                       MBEDTLS_X509_KU_DECIPHER_ONLY;
300 
301     /* Check that nothing other than the allowed flags is set */
302     if ((key_usage & ~allowed_bits) != 0) {
303         return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
304     }
305 
306     c = buf + 5;
307     MBEDTLS_PUT_UINT16_LE(key_usage, ku, 0);
308     ret = mbedtls_asn1_write_named_bitstring(&c, buf, ku, 9);
309 
310     if (ret < 0) {
311         return ret;
312     } else if (ret < 3 || ret > 5) {
313         return MBEDTLS_ERR_X509_INVALID_FORMAT;
314     }
315 
316     ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_KEY_USAGE,
317                                               MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE),
318                                               1, c, (size_t) ret);
319     if (ret != 0) {
320         return ret;
321     }
322 
323     return 0;
324 }
325 
mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert * ctx,const mbedtls_asn1_sequence * exts)326 int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx,
327                                             const mbedtls_asn1_sequence *exts)
328 {
329     unsigned char buf[256];
330     unsigned char *c = buf + sizeof(buf);
331     int ret;
332     size_t len = 0;
333     const mbedtls_asn1_sequence *last_ext = NULL;
334     const mbedtls_asn1_sequence *ext;
335 
336     memset(buf, 0, sizeof(buf));
337 
338     /* We need at least one extension: SEQUENCE SIZE (1..MAX) OF KeyPurposeId */
339     if (exts == NULL) {
340         return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
341     }
342 
343     /* Iterate over exts backwards, so we write them out in the requested order */
344     while (last_ext != exts) {
345         for (ext = exts; ext->next != last_ext; ext = ext->next) {
346         }
347         if (ext->buf.tag != MBEDTLS_ASN1_OID) {
348             return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
349         }
350         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf, ext->buf.p, ext->buf.len));
351         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, ext->buf.len));
352         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_OID));
353         last_ext = ext;
354     }
355 
356     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
357     MBEDTLS_ASN1_CHK_ADD(len,
358                          mbedtls_asn1_write_tag(&c, buf,
359                                                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
360 
361     return mbedtls_x509write_crt_set_extension(ctx,
362                                                MBEDTLS_OID_EXTENDED_KEY_USAGE,
363                                                MBEDTLS_OID_SIZE(MBEDTLS_OID_EXTENDED_KEY_USAGE),
364                                                1, c, len);
365 }
366 
mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert * ctx,unsigned char ns_cert_type)367 int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
368                                            unsigned char ns_cert_type)
369 {
370     unsigned char buf[4] = { 0 };
371     unsigned char *c;
372     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
373 
374     c = buf + 4;
375 
376     ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8);
377     if (ret < 3 || ret > 4) {
378         return ret;
379     }
380 
381     ret = mbedtls_x509write_crt_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE,
382                                               MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE),
383                                               0, c, (size_t) ret);
384     if (ret != 0) {
385         return ret;
386     }
387 
388     return 0;
389 }
390 
x509_write_time(unsigned char ** p,unsigned char * start,const char * t,size_t size)391 static int x509_write_time(unsigned char **p, unsigned char *start,
392                            const char *t, size_t size)
393 {
394     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
395     size_t len = 0;
396 
397     /*
398      * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
399      */
400     if (t[0] < '2' || (t[0] == '2' && t[1] == '0' && t[2] < '5')) {
401         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
402                                                                 (const unsigned char *) t + 2,
403                                                                 size - 2));
404         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
405         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
406                                                          MBEDTLS_ASN1_UTC_TIME));
407     } else {
408         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
409                                                                 (const unsigned char *) t,
410                                                                 size));
411         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
412         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
413                                                          MBEDTLS_ASN1_GENERALIZED_TIME));
414     }
415 
416     return (int) len;
417 }
418 
mbedtls_x509write_crt_der(mbedtls_x509write_cert * ctx,unsigned char * buf,size_t size,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)419 int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
420                               unsigned char *buf, size_t size,
421                               int (*f_rng)(void *, unsigned char *, size_t),
422                               void *p_rng)
423 {
424     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
425     const char *sig_oid;
426     size_t sig_oid_len = 0;
427     unsigned char *c, *c2;
428     unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
429     size_t hash_length = 0;
430     unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
431 #if defined(MBEDTLS_USE_PSA_CRYPTO)
432     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
433     psa_algorithm_t psa_algorithm;
434 #endif /* MBEDTLS_USE_PSA_CRYPTO */
435 
436     size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
437     size_t len = 0;
438     mbedtls_pk_type_t pk_alg;
439 
440     /*
441      * Prepare data to be signed at the end of the target buffer
442      */
443     c = buf + size;
444 
445     /* Signature algorithm needed in TBS, and later for actual signature */
446 
447     /* There's no direct way of extracting a signature algorithm
448      * (represented as an element of mbedtls_pk_type_t) from a PK instance. */
449     if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_RSA)) {
450         pk_alg = MBEDTLS_PK_RSA;
451     } else if (mbedtls_pk_can_do(ctx->issuer_key, MBEDTLS_PK_ECDSA)) {
452         pk_alg = MBEDTLS_PK_ECDSA;
453     } else {
454         return MBEDTLS_ERR_X509_INVALID_ALG;
455     }
456 
457     if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
458                                               &sig_oid, &sig_oid_len)) != 0) {
459         return ret;
460     }
461 
462     /*
463      *  Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
464      */
465 
466     /* Only for v3 */
467     if (ctx->version == MBEDTLS_X509_CRT_VERSION_3) {
468         MBEDTLS_ASN1_CHK_ADD(len,
469                              mbedtls_x509_write_extensions(&c,
470                                                            buf, ctx->extensions));
471         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
472         MBEDTLS_ASN1_CHK_ADD(len,
473                              mbedtls_asn1_write_tag(&c, buf,
474                                                     MBEDTLS_ASN1_CONSTRUCTED |
475                                                     MBEDTLS_ASN1_SEQUENCE));
476         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
477         MBEDTLS_ASN1_CHK_ADD(len,
478                              mbedtls_asn1_write_tag(&c, buf,
479                                                     MBEDTLS_ASN1_CONTEXT_SPECIFIC |
480                                                     MBEDTLS_ASN1_CONSTRUCTED | 3));
481     }
482 
483     /*
484      *  SubjectPublicKeyInfo
485      */
486     MBEDTLS_ASN1_CHK_ADD(pub_len,
487                          mbedtls_pk_write_pubkey_der(ctx->subject_key,
488                                                      buf, c - buf));
489     c -= pub_len;
490     len += pub_len;
491 
492     /*
493      *  Subject  ::=  Name
494      */
495     MBEDTLS_ASN1_CHK_ADD(len,
496                          mbedtls_x509_write_names(&c, buf,
497                                                   ctx->subject));
498 
499     /*
500      *  Validity ::= SEQUENCE {
501      *       notBefore      Time,
502      *       notAfter       Time }
503      */
504     sub_len = 0;
505 
506     MBEDTLS_ASN1_CHK_ADD(sub_len,
507                          x509_write_time(&c, buf, ctx->not_after,
508                                          MBEDTLS_X509_RFC5280_UTC_TIME_LEN));
509 
510     MBEDTLS_ASN1_CHK_ADD(sub_len,
511                          x509_write_time(&c, buf, ctx->not_before,
512                                          MBEDTLS_X509_RFC5280_UTC_TIME_LEN));
513 
514     len += sub_len;
515     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, sub_len));
516     MBEDTLS_ASN1_CHK_ADD(len,
517                          mbedtls_asn1_write_tag(&c, buf,
518                                                 MBEDTLS_ASN1_CONSTRUCTED |
519                                                 MBEDTLS_ASN1_SEQUENCE));
520 
521     /*
522      *  Issuer  ::=  Name
523      */
524     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf,
525                                                        ctx->issuer));
526 
527     /*
528      *  Signature   ::=  AlgorithmIdentifier
529      */
530     MBEDTLS_ASN1_CHK_ADD(len,
531                          mbedtls_asn1_write_algorithm_identifier(&c, buf,
532                                                                  sig_oid, strlen(sig_oid), 0));
533 
534     /*
535      *  Serial   ::=  INTEGER
536      *
537      * Written data is:
538      * - "ctx->serial_len" bytes for the raw serial buffer
539      *   - if MSb of "serial" is 1, then prepend an extra 0x00 byte
540      * - 1 byte for the length
541      * - 1 byte for the TAG
542      */
543     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf,
544                                                             ctx->serial, ctx->serial_len));
545     if (*c & 0x80) {
546         if (c - buf < 1) {
547             return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
548         }
549         *(--c) = 0x0;
550         len++;
551         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf,
552                                                          ctx->serial_len + 1));
553     } else {
554         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf,
555                                                          ctx->serial_len));
556     }
557     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
558                                                      MBEDTLS_ASN1_INTEGER));
559 
560     /*
561      *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
562      */
563 
564     /* Can be omitted for v1 */
565     if (ctx->version != MBEDTLS_X509_CRT_VERSION_1) {
566         sub_len = 0;
567         MBEDTLS_ASN1_CHK_ADD(sub_len,
568                              mbedtls_asn1_write_int(&c, buf, ctx->version));
569         len += sub_len;
570         MBEDTLS_ASN1_CHK_ADD(len,
571                              mbedtls_asn1_write_len(&c, buf, sub_len));
572         MBEDTLS_ASN1_CHK_ADD(len,
573                              mbedtls_asn1_write_tag(&c, buf,
574                                                     MBEDTLS_ASN1_CONTEXT_SPECIFIC |
575                                                     MBEDTLS_ASN1_CONSTRUCTED | 0));
576     }
577 
578     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
579     MBEDTLS_ASN1_CHK_ADD(len,
580                          mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
581                                                 MBEDTLS_ASN1_SEQUENCE));
582 
583     /*
584      * Make signature
585      */
586 
587     /* Compute hash of CRT. */
588 #if defined(MBEDTLS_USE_PSA_CRYPTO)
589     psa_algorithm = mbedtls_hash_info_psa_from_md(ctx->md_alg);
590 
591     status = psa_hash_compute(psa_algorithm,
592                               c,
593                               len,
594                               hash,
595                               sizeof(hash),
596                               &hash_length);
597     if (status != PSA_SUCCESS) {
598         return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
599     }
600 #else
601     if ((ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c,
602                           len, hash)) != 0) {
603         return ret;
604     }
605 #endif /* MBEDTLS_USE_PSA_CRYPTO */
606 
607 
608     if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
609                                hash, hash_length, sig, sizeof(sig), &sig_len,
610                                f_rng, p_rng)) != 0) {
611         return ret;
612     }
613 
614     /* Move CRT to the front of the buffer to have space
615      * for the signature. */
616     memmove(buf, c, len);
617     c = buf + len;
618 
619     /* Add signature at the end of the buffer,
620      * making sure that it doesn't underflow
621      * into the CRT buffer. */
622     c2 = buf + size;
623     MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c,
624                                                                  sig_oid, sig_oid_len, sig,
625                                                                  sig_len));
626 
627     /*
628      * Memory layout after this step:
629      *
630      * buf       c=buf+len                c2            buf+size
631      * [CRT0,...,CRTn, UNUSED, ..., UNUSED, SIG0, ..., SIGm]
632      */
633 
634     /* Move raw CRT to just before the signature. */
635     c = c2 - len;
636     memmove(c, buf, len);
637 
638     len += sig_and_oid_len;
639     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
640     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
641                                                      MBEDTLS_ASN1_CONSTRUCTED |
642                                                      MBEDTLS_ASN1_SEQUENCE));
643 
644     return (int) len;
645 }
646 
647 #define PEM_BEGIN_CRT           "-----BEGIN CERTIFICATE-----\n"
648 #define PEM_END_CRT             "-----END CERTIFICATE-----\n"
649 
650 #if defined(MBEDTLS_PEM_WRITE_C)
mbedtls_x509write_crt_pem(mbedtls_x509write_cert * crt,unsigned char * buf,size_t size,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)651 int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *crt,
652                               unsigned char *buf, size_t size,
653                               int (*f_rng)(void *, unsigned char *, size_t),
654                               void *p_rng)
655 {
656     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
657     size_t olen;
658 
659     if ((ret = mbedtls_x509write_crt_der(crt, buf, size,
660                                          f_rng, p_rng)) < 0) {
661         return ret;
662     }
663 
664     if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT,
665                                         buf + size - ret, ret,
666                                         buf, size, &olen)) != 0) {
667         return ret;
668     }
669 
670     return 0;
671 }
672 #endif /* MBEDTLS_PEM_WRITE_C */
673 
674 #endif /* MBEDTLS_X509_CRT_WRITE_C */
675