1 /*
2 * X.509 Certificate Signing Request writing
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 */
7 /*
8 * References:
9 * - CSRs: PKCS#10 v1.7 aka RFC 2986
10 * - attributes: PKCS#9 v2.0 aka RFC 2985
11 */
12
13 #include "common.h"
14
15 #if defined(MBEDTLS_X509_CSR_WRITE_C)
16
17 #include "mbedtls/x509_csr.h"
18 #include "mbedtls/asn1write.h"
19 #include "mbedtls/error.h"
20 #include "mbedtls/oid.h"
21 #include "mbedtls/platform_util.h"
22
23 #if defined(MBEDTLS_USE_PSA_CRYPTO)
24 #include "psa/crypto.h"
25 #include "mbedtls/psa_util.h"
26 #endif
27
28 #include <string.h>
29 #include <stdlib.h>
30
31 #if defined(MBEDTLS_PEM_WRITE_C)
32 #include "mbedtls/pem.h"
33 #endif
34
35 #include "mbedtls/platform.h"
36
mbedtls_x509write_csr_init(mbedtls_x509write_csr * ctx)37 void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx)
38 {
39 memset(ctx, 0, sizeof(mbedtls_x509write_csr));
40 }
41
mbedtls_x509write_csr_free(mbedtls_x509write_csr * ctx)42 void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx)
43 {
44 mbedtls_asn1_free_named_data_list(&ctx->subject);
45 mbedtls_asn1_free_named_data_list(&ctx->extensions);
46
47 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_x509write_csr));
48 }
49
mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr * ctx,mbedtls_md_type_t md_alg)50 void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg)
51 {
52 ctx->md_alg = md_alg;
53 }
54
mbedtls_x509write_csr_set_key(mbedtls_x509write_csr * ctx,mbedtls_pk_context * key)55 void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx, mbedtls_pk_context *key)
56 {
57 ctx->key = key;
58 }
59
mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr * ctx,const char * subject_name)60 int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx,
61 const char *subject_name)
62 {
63 return mbedtls_x509_string_to_names(&ctx->subject, subject_name);
64 }
65
mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr * ctx,const char * oid,size_t oid_len,const unsigned char * val,size_t val_len)66 int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx,
67 const char *oid, size_t oid_len,
68 const unsigned char *val, size_t val_len)
69 {
70 return mbedtls_x509_set_extension(&ctx->extensions, oid, oid_len,
71 0, val, val_len);
72 }
73
mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr * ctx,unsigned char key_usage)74 int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned char key_usage)
75 {
76 unsigned char buf[4] = { 0 };
77 unsigned char *c;
78 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
79
80 c = buf + 4;
81
82 ret = mbedtls_asn1_write_named_bitstring(&c, buf, &key_usage, 8);
83 if (ret < 3 || ret > 4) {
84 return ret;
85 }
86
87 ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_KEY_USAGE,
88 MBEDTLS_OID_SIZE(MBEDTLS_OID_KEY_USAGE),
89 c, (size_t) ret);
90 if (ret != 0) {
91 return ret;
92 }
93
94 return 0;
95 }
96
mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr * ctx,unsigned char ns_cert_type)97 int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
98 unsigned char ns_cert_type)
99 {
100 unsigned char buf[4] = { 0 };
101 unsigned char *c;
102 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
103
104 c = buf + 4;
105
106 ret = mbedtls_asn1_write_named_bitstring(&c, buf, &ns_cert_type, 8);
107 if (ret < 3 || ret > 4) {
108 return ret;
109 }
110
111 ret = mbedtls_x509write_csr_set_extension(ctx, MBEDTLS_OID_NS_CERT_TYPE,
112 MBEDTLS_OID_SIZE(MBEDTLS_OID_NS_CERT_TYPE),
113 c, (size_t) ret);
114 if (ret != 0) {
115 return ret;
116 }
117
118 return 0;
119 }
120
x509write_csr_der_internal(mbedtls_x509write_csr * ctx,unsigned char * buf,size_t size,unsigned char * sig,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)121 static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
122 unsigned char *buf,
123 size_t size,
124 unsigned char *sig,
125 int (*f_rng)(void *, unsigned char *, size_t),
126 void *p_rng)
127 {
128 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
129 const char *sig_oid;
130 size_t sig_oid_len = 0;
131 unsigned char *c, *c2;
132 unsigned char hash[64];
133 size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
134 size_t len = 0;
135 mbedtls_pk_type_t pk_alg;
136 #if defined(MBEDTLS_USE_PSA_CRYPTO)
137 psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
138 size_t hash_len;
139 psa_algorithm_t hash_alg = mbedtls_psa_translate_md(ctx->md_alg);
140 #endif /* MBEDTLS_USE_PSA_CRYPTO */
141
142 /* Write the CSR backwards starting from the end of buf */
143 c = buf + size;
144
145 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_extensions(&c, buf,
146 ctx->extensions));
147
148 if (len) {
149 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
150 MBEDTLS_ASN1_CHK_ADD(len,
151 mbedtls_asn1_write_tag(
152 &c, buf,
153 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
154
155 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
156 MBEDTLS_ASN1_CHK_ADD(len,
157 mbedtls_asn1_write_tag(
158 &c, buf,
159 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET));
160
161 MBEDTLS_ASN1_CHK_ADD(len,
162 mbedtls_asn1_write_oid(
163 &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
164 MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS9_CSR_EXT_REQ)));
165
166 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
167 MBEDTLS_ASN1_CHK_ADD(len,
168 mbedtls_asn1_write_tag(
169 &c, buf,
170 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
171 }
172
173 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
174 MBEDTLS_ASN1_CHK_ADD(len,
175 mbedtls_asn1_write_tag(
176 &c, buf,
177 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC));
178
179 MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_pk_write_pubkey_der(ctx->key,
180 buf, c - buf));
181 c -= pub_len;
182 len += pub_len;
183
184 /*
185 * Subject ::= Name
186 */
187 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_x509_write_names(&c, buf,
188 ctx->subject));
189
190 /*
191 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
192 */
193 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0));
194
195 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
196 MBEDTLS_ASN1_CHK_ADD(len,
197 mbedtls_asn1_write_tag(
198 &c, buf,
199 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
200
201 /*
202 * Sign the written CSR data into the sig buffer
203 * Note: hash errors can happen only after an internal error
204 */
205 #if defined(MBEDTLS_USE_PSA_CRYPTO)
206 if (psa_hash_setup(&hash_operation, hash_alg) != PSA_SUCCESS) {
207 return MBEDTLS_ERR_X509_FATAL_ERROR;
208 }
209
210 if (psa_hash_update(&hash_operation, c, len) != PSA_SUCCESS) {
211 return MBEDTLS_ERR_X509_FATAL_ERROR;
212 }
213
214 if (psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_len)
215 != PSA_SUCCESS) {
216 return MBEDTLS_ERR_X509_FATAL_ERROR;
217 }
218 #else /* MBEDTLS_USE_PSA_CRYPTO */
219 ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash);
220 if (ret != 0) {
221 return ret;
222 }
223 #endif
224 if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
225 f_rng, p_rng)) != 0) {
226 return ret;
227 }
228
229 if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_RSA)) {
230 pk_alg = MBEDTLS_PK_RSA;
231 } else if (mbedtls_pk_can_do(ctx->key, MBEDTLS_PK_ECDSA)) {
232 pk_alg = MBEDTLS_PK_ECDSA;
233 } else {
234 return MBEDTLS_ERR_X509_INVALID_ALG;
235 }
236
237 if ((ret = mbedtls_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
238 &sig_oid, &sig_oid_len)) != 0) {
239 return ret;
240 }
241
242 /*
243 * Move the written CSR data to the start of buf to create space for
244 * writing the signature into buf.
245 */
246 memmove(buf, c, len);
247
248 /*
249 * Write sig and its OID into buf backwards from the end of buf.
250 * Note: mbedtls_x509_write_sig will check for c2 - ( buf + len ) < sig_len
251 * and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed.
252 */
253 c2 = buf + size;
254 MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len,
255 mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len,
256 sig, sig_len, pk_alg));
257
258 /*
259 * Compact the space between the CSR data and signature by moving the
260 * CSR data to the start of the signature.
261 */
262 c2 -= len;
263 memmove(c2, buf, len);
264
265 /* ASN encode the total size and tag the CSR data with it. */
266 len += sig_and_oid_len;
267 MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c2, buf, len));
268 MBEDTLS_ASN1_CHK_ADD(len,
269 mbedtls_asn1_write_tag(
270 &c2, buf,
271 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE));
272
273 /* Zero the unused bytes at the start of buf */
274 memset(buf, 0, c2 - buf);
275
276 return (int) len;
277 }
278
mbedtls_x509write_csr_der(mbedtls_x509write_csr * ctx,unsigned char * buf,size_t size,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)279 int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf,
280 size_t size,
281 int (*f_rng)(void *, unsigned char *, size_t),
282 void *p_rng)
283 {
284 int ret;
285 unsigned char *sig;
286
287 if ((sig = mbedtls_calloc(1, MBEDTLS_PK_SIGNATURE_MAX_SIZE)) == NULL) {
288 return MBEDTLS_ERR_X509_ALLOC_FAILED;
289 }
290
291 ret = x509write_csr_der_internal(ctx, buf, size, sig, f_rng, p_rng);
292
293 mbedtls_free(sig);
294
295 return ret;
296 }
297
298 #define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n"
299 #define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n"
300
301 #if defined(MBEDTLS_PEM_WRITE_C)
mbedtls_x509write_csr_pem(mbedtls_x509write_csr * ctx,unsigned char * buf,size_t size,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)302 int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
303 int (*f_rng)(void *, unsigned char *, size_t),
304 void *p_rng)
305 {
306 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
307 size_t olen = 0;
308
309 if ((ret = mbedtls_x509write_csr_der(ctx, buf, size,
310 f_rng, p_rng)) < 0) {
311 return ret;
312 }
313
314 if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CSR, PEM_END_CSR,
315 buf + size - ret,
316 ret, buf, size, &olen)) != 0) {
317 return ret;
318 }
319
320 return 0;
321 }
322 #endif /* MBEDTLS_PEM_WRITE_C */
323
324 #endif /* MBEDTLS_X509_CSR_WRITE_C */
325