00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037 #include "polarssl/config.h"
00038
00039 #if defined(POLARSSL_X509_CSR_PARSE_C)
00040
00041 #include "polarssl/x509_csr.h"
00042 #include "polarssl/oid.h"
00043 #if defined(POLARSSL_PEM_PARSE_C)
00044 #include "polarssl/pem.h"
00045 #endif
00046
00047 #if defined(POLARSSL_MEMORY_C)
00048 #include "polarssl/memory.h"
00049 #else
00050 #define polarssl_malloc malloc
00051 #define polarssl_free free
00052 #endif
00053
00054 #include <string.h>
00055 #include <stdlib.h>
00056
00057 #if defined(POLARSSL_FS_IO) || defined(EFIX64) || defined(EFI32)
00058 #include <stdio.h>
00059 #endif
00060
00061
00062
00063
00064 static int x509_csr_get_version( unsigned char **p,
00065 const unsigned char *end,
00066 int *ver )
00067 {
00068 int ret;
00069
00070 if( ( ret = asn1_get_int( p, end, ver ) ) != 0 )
00071 {
00072 if( ret == POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
00073 {
00074 *ver = 0;
00075 return( 0 );
00076 }
00077
00078 return( POLARSSL_ERR_X509_INVALID_VERSION + ret );
00079 }
00080
00081 return( 0 );
00082 }
00083
00084
00085
00086
00087 int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen )
00088 {
00089 int ret;
00090 size_t len;
00091 unsigned char *p, *end;
00092 #if defined(POLARSSL_PEM_PARSE_C)
00093 size_t use_len;
00094 pem_context pem;
00095 #endif
00096
00097
00098
00099
00100 if( csr == NULL || buf == NULL )
00101 return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
00102
00103 x509_csr_init( csr );
00104
00105 #if defined(POLARSSL_PEM_PARSE_C)
00106 pem_init( &pem );
00107 ret = pem_read_buffer( &pem,
00108 "-----BEGIN CERTIFICATE REQUEST-----",
00109 "-----END CERTIFICATE REQUEST-----",
00110 buf, NULL, 0, &use_len );
00111
00112 if( ret == 0 )
00113 {
00114
00115
00116
00117 buflen -= use_len;
00118 buf += use_len;
00119
00120
00121
00122
00123 p = pem.buf;
00124 pem.buf = NULL;
00125 len = pem.buflen;
00126 pem_free( &pem );
00127 }
00128 else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
00129 {
00130 pem_free( &pem );
00131 return( ret );
00132 }
00133 else
00134 #endif
00135 {
00136
00137
00138
00139 p = (unsigned char *) polarssl_malloc( len = buflen );
00140
00141 if( p == NULL )
00142 return( POLARSSL_ERR_X509_MALLOC_FAILED );
00143
00144 memcpy( p, buf, buflen );
00145
00146 buflen = 0;
00147 }
00148
00149 csr->raw.p = p;
00150 csr->raw.len = len;
00151 end = p + len;
00152
00153
00154
00155
00156
00157
00158
00159
00160 if( ( ret = asn1_get_tag( &p, end, &len,
00161 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00162 {
00163 x509_csr_free( csr );
00164 return( POLARSSL_ERR_X509_INVALID_FORMAT );
00165 }
00166
00167 if( len != (size_t) ( end - p ) )
00168 {
00169 x509_csr_free( csr );
00170 return( POLARSSL_ERR_X509_INVALID_FORMAT +
00171 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00172 }
00173
00174
00175
00176
00177 csr->cri.p = p;
00178
00179 if( ( ret = asn1_get_tag( &p, end, &len,
00180 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00181 {
00182 x509_csr_free( csr );
00183 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
00184 }
00185
00186 end = p + len;
00187 csr->cri.len = end - csr->cri.p;
00188
00189
00190
00191
00192 if( ( ret = x509_csr_get_version( &p, end, &csr->version ) ) != 0 )
00193 {
00194 x509_csr_free( csr );
00195 return( ret );
00196 }
00197
00198 csr->version++;
00199
00200 if( csr->version != 1 )
00201 {
00202 x509_csr_free( csr );
00203 return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
00204 }
00205
00206
00207
00208
00209 csr->subject_raw.p = p;
00210
00211 if( ( ret = asn1_get_tag( &p, end, &len,
00212 ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
00213 {
00214 x509_csr_free( csr );
00215 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
00216 }
00217
00218 if( ( ret = x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
00219 {
00220 x509_csr_free( csr );
00221 return( ret );
00222 }
00223
00224 csr->subject_raw.len = p - csr->subject_raw.p;
00225
00226
00227
00228
00229 if( ( ret = pk_parse_subpubkey( &p, end, &csr->pk ) ) != 0 )
00230 {
00231 x509_csr_free( csr );
00232 return( ret );
00233 }
00234
00235
00236
00237
00238 if( ( ret = asn1_get_tag( &p, end, &len,
00239 ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) ) != 0 )
00240 {
00241 x509_csr_free( csr );
00242 return( POLARSSL_ERR_X509_INVALID_FORMAT + ret );
00243 }
00244
00245
00246 p += len;
00247
00248 end = csr->raw.p + csr->raw.len;
00249
00250
00251
00252
00253
00254 if( ( ret = x509_get_alg_null( &p, end, &csr->sig_oid ) ) != 0 )
00255 {
00256 x509_csr_free( csr );
00257 return( ret );
00258 }
00259
00260 if( ( ret = x509_get_sig_alg( &csr->sig_oid, &csr->sig_md,
00261 &csr->sig_pk ) ) != 0 )
00262 {
00263 x509_csr_free( csr );
00264 return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
00265 }
00266
00267 if( ( ret = x509_get_sig( &p, end, &csr->sig ) ) != 0 )
00268 {
00269 x509_csr_free( csr );
00270 return( ret );
00271 }
00272
00273 if( p != end )
00274 {
00275 x509_csr_free( csr );
00276 return( POLARSSL_ERR_X509_INVALID_FORMAT +
00277 POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
00278 }
00279
00280 return( 0 );
00281 }
00282
00283 #if defined(POLARSSL_FS_IO)
00284
00285
00286
00287 int x509_csr_parse_file( x509_csr *csr, const char *path )
00288 {
00289 int ret;
00290 size_t n;
00291 unsigned char *buf;
00292
00293 if ( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
00294 return( ret );
00295
00296 ret = x509_csr_parse( csr, buf, n );
00297
00298 memset( buf, 0, n + 1 );
00299 polarssl_free( buf );
00300
00301 return( ret );
00302 }
00303 #endif
00304
00305 #if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
00306 !defined(EFI32)
00307 #include <stdarg.h>
00308
00309 #if !defined vsnprintf
00310 #define vsnprintf _vsnprintf
00311 #endif // vsnprintf
00312
00313
00314
00315
00316
00317
00318
00319
00320 static int compat_snprintf(char *str, size_t size, const char *format, ...)
00321 {
00322 va_list ap;
00323 int res = -1;
00324
00325 va_start( ap, format );
00326
00327 res = vsnprintf( str, size, format, ap );
00328
00329 va_end( ap );
00330
00331
00332 if ( res < 0 )
00333 return( (int) size + 20 );
00334
00335 return res;
00336 }
00337
00338 #define snprintf compat_snprintf
00339 #endif
00340
00341 #define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
00342
00343 #define SAFE_SNPRINTF() \
00344 { \
00345 if( ret == -1 ) \
00346 return( -1 ); \
00347 \
00348 if ( (unsigned int) ret > n ) { \
00349 p[n - 1] = '\0'; \
00350 return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
00351 } \
00352 \
00353 n -= (unsigned int) ret; \
00354 p += (unsigned int) ret; \
00355 }
00356
00357 #define BEFORE_COLON 14
00358 #define BC "14"
00359
00360
00361
00362 int x509_csr_info( char *buf, size_t size, const char *prefix,
00363 const x509_csr *csr )
00364 {
00365 int ret;
00366 size_t n;
00367 char *p;
00368 const char *desc;
00369 char key_size_str[BEFORE_COLON];
00370
00371 p = buf;
00372 n = size;
00373
00374 ret = snprintf( p, n, "%sCSR version : %d",
00375 prefix, csr->version );
00376 SAFE_SNPRINTF();
00377
00378 ret = snprintf( p, n, "\n%ssubject name : ", prefix );
00379 SAFE_SNPRINTF();
00380 ret = x509_dn_gets( p, n, &csr->subject );
00381 SAFE_SNPRINTF();
00382
00383 ret = snprintf( p, n, "\n%ssigned using : ", prefix );
00384 SAFE_SNPRINTF();
00385
00386 ret = oid_get_sig_alg_desc( &csr->sig_oid, &desc );
00387 if( ret != 0 )
00388 ret = snprintf( p, n, "???" );
00389 else
00390 ret = snprintf( p, n, "%s", desc );
00391 SAFE_SNPRINTF();
00392
00393 if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
00394 pk_get_name( &csr->pk ) ) ) != 0 )
00395 {
00396 return( ret );
00397 }
00398
00399 ret = snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
00400 (int) pk_get_size( &csr->pk ) );
00401 SAFE_SNPRINTF();
00402
00403 return( (int) ( size - n ) );
00404 }
00405
00406
00407
00408
00409 void x509_csr_init( x509_csr *csr )
00410 {
00411 memset( csr, 0, sizeof(x509_csr) );
00412 }
00413
00414
00415
00416
00417 void x509_csr_free( x509_csr *csr )
00418 {
00419 x509_name *name_cur;
00420 x509_name *name_prv;
00421
00422 if( csr == NULL )
00423 return;
00424
00425 pk_free( &csr->pk );
00426
00427 name_cur = csr->subject.next;
00428 while( name_cur != NULL )
00429 {
00430 name_prv = name_cur;
00431 name_cur = name_cur->next;
00432 memset( name_prv, 0, sizeof( x509_name ) );
00433 polarssl_free( name_prv );
00434 }
00435
00436 if( csr->raw.p != NULL )
00437 {
00438 memset( csr->raw.p, 0, csr->raw.len );
00439 polarssl_free( csr->raw.p );
00440 }
00441
00442 memset( csr, 0, sizeof( x509_csr ) );
00443 }
00444
00445 #endif