1 /*
2  *  X.509 Certificate Signing Request writing
3  *
4  *  Copyright The Mbed TLS Contributors
5  *  SPDX-License-Identifier: Apache-2.0
6  *
7  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
8  *  not use this file except in compliance with the License.
9  *  You may obtain a copy of the License at
10  *
11  *  http://www.apache.org/licenses/LICENSE-2.0
12  *
13  *  Unless required by applicable law or agreed to in writing, software
14  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  *  See the License for the specific language governing permissions and
17  *  limitations under the License.
18  */
19 /*
20  * References:
21  * - CSRs: PKCS#10 v1.7 aka RFC 2986
22  * - attributes: PKCS#9 v2.0 aka RFC 2985
23  */
24 
25 #include "common.h"
26 
27 #if defined(MBEDTLS_X509_CSR_WRITE_C)
28 
29 #include "mbedtls/x509_csr.h"
30 #include "mbedtls/asn1write.h"
31 #include "mbedtls/error.h"
32 #include "mbedtls/oid.h"
33 #include "mbedtls/platform_util.h"
34 
35 #if defined(MBEDTLS_USE_PSA_CRYPTO)
36 #include "psa/crypto.h"
37 #include "mbedtls/psa_util.h"
38 #endif
39 
40 #include <string.h>
41 #include <stdlib.h>
42 
43 #if defined(MBEDTLS_PEM_WRITE_C)
44 #include "mbedtls/pem.h"
45 #endif
46 
47 #if defined(MBEDTLS_PLATFORM_C)
48 #include "mbedtls/platform.h"
49 #else
50 #include <stdlib.h>
51 #define mbedtls_calloc    calloc
52 #define mbedtls_free      free
53 #endif
54 
mbedtls_x509write_csr_init(mbedtls_x509write_csr * ctx)55 void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
56 {
57     memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
58 }
59 
mbedtls_x509write_csr_free(mbedtls_x509write_csr * ctx)60 void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
61 {
62     mbedtls_asn1_free_named_data_list( &ctx->subject );
63     mbedtls_asn1_free_named_data_list( &ctx->extensions );
64 
65     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) );
66 }
67 
mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr * ctx,mbedtls_md_type_t md_alg)68 void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg )
69 {
70     ctx->md_alg = md_alg;
71 }
72 
mbedtls_x509write_csr_set_key(mbedtls_x509write_csr * ctx,mbedtls_pk_context * key)73 void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key )
74 {
75     ctx->key = key;
76 }
77 
mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr * ctx,const char * subject_name)78 int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
79                                     const char *subject_name )
80 {
81     return mbedtls_x509_string_to_names( &ctx->subject, subject_name );
82 }
83 
mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr * ctx,const char * oid,size_t oid_len,const unsigned char * val,size_t val_len)84 int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
85                                  const char *oid, size_t oid_len,
86                                  const unsigned char *val, size_t val_len )
87 {
88     return mbedtls_x509_set_extension( &ctx->extensions, oid, oid_len,
89                                0, val, val_len );
90 }
91 
mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr * ctx,unsigned char key_usage)92 int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage )
93 {
94     unsigned char buf[4];
95     unsigned char *c;
96     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
97 
98     c = buf + 4;
99 
100     ret = mbedtls_asn1_write_named_bitstring( &c, buf, &key_usage, 8 );
101     if( ret < 3 || ret > 4 )
102         return( ret );
103 
104     ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
105                                        MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
106                                        c, (size_t)ret );
107     if( ret != 0 )
108         return( ret );
109 
110     return( 0 );
111 }
112 
mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr * ctx,unsigned char ns_cert_type)113 int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
114                                     unsigned char ns_cert_type )
115 {
116     unsigned char buf[4];
117     unsigned char *c;
118     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
119 
120     c = buf + 4;
121 
122     ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 );
123     if( ret < 3 || ret > 4 )
124         return( ret );
125 
126     ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
127                                        MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
128                                        c, (size_t)ret );
129     if( ret != 0 )
130         return( ret );
131 
132     return( 0 );
133 }
134 
x509write_csr_der_internal(mbedtls_x509write_csr * ctx,unsigned char * buf,size_t size,unsigned char * sig,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)135 static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx,
136                                  unsigned char *buf,
137                                  size_t size,
138                                  unsigned char *sig,
139                                  int (*f_rng)(void *, unsigned char *, size_t),
140                                  void *p_rng )
141 {
142     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
143     const char *sig_oid;
144     size_t sig_oid_len = 0;
145     unsigned char *c, *c2;
146     unsigned char hash[64];
147     size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
148     size_t len = 0;
149     mbedtls_pk_type_t pk_alg;
150 #if defined(MBEDTLS_USE_PSA_CRYPTO)
151     psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
152     size_t hash_len;
153     psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg );
154 #endif /* MBEDTLS_USE_PSA_CRYPTO */
155 
156     /* Write the CSR backwards starting from the end of buf */
157     c = buf + size;
158 
159     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, buf,
160                                                            ctx->extensions ) );
161 
162     if( len )
163     {
164         MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
165         MBEDTLS_ASN1_CHK_ADD( len,
166             mbedtls_asn1_write_tag(
167                 &c, buf,
168                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
169 
170         MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
171         MBEDTLS_ASN1_CHK_ADD( len,
172             mbedtls_asn1_write_tag(
173                 &c, buf,
174                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) );
175 
176         MBEDTLS_ASN1_CHK_ADD( len,
177             mbedtls_asn1_write_oid(
178                 &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ,
179                 MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) );
180 
181         MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
182         MBEDTLS_ASN1_CHK_ADD( len,
183             mbedtls_asn1_write_tag(
184                 &c, buf,
185                 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
186     }
187 
188     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
189     MBEDTLS_ASN1_CHK_ADD( len,
190         mbedtls_asn1_write_tag(
191             &c, buf,
192             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) );
193 
194     MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key,
195                                                               buf, c - buf ) );
196     c -= pub_len;
197     len += pub_len;
198 
199     /*
200      *  Subject  ::=  Name
201      */
202     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf,
203                                                          ctx->subject ) );
204 
205     /*
206      *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
207      */
208     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
209 
210     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
211     MBEDTLS_ASN1_CHK_ADD( len,
212         mbedtls_asn1_write_tag(
213             &c, buf,
214             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
215 
216     /*
217      * Sign the written CSR data into the sig buffer
218      * Note: hash errors can happen only after an internal error
219      */
220 #if defined(MBEDTLS_USE_PSA_CRYPTO)
221     if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS )
222         return( MBEDTLS_ERR_X509_FATAL_ERROR );
223 
224     if( psa_hash_update( &hash_operation, c, len ) != PSA_SUCCESS )
225         return( MBEDTLS_ERR_X509_FATAL_ERROR );
226 
227     if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len )
228         != PSA_SUCCESS )
229     {
230         return( MBEDTLS_ERR_X509_FATAL_ERROR );
231     }
232 #else /* MBEDTLS_USE_PSA_CRYPTO */
233     ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
234     if( ret != 0 )
235         return( ret );
236 #endif
237     if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
238                                  f_rng, p_rng ) ) != 0 )
239     {
240         return( ret );
241     }
242 
243     if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_RSA ) )
244         pk_alg = MBEDTLS_PK_RSA;
245     else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) )
246         pk_alg = MBEDTLS_PK_ECDSA;
247     else
248         return( MBEDTLS_ERR_X509_INVALID_ALG );
249 
250     if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
251                                               &sig_oid, &sig_oid_len ) ) != 0 )
252     {
253         return( ret );
254     }
255 
256     /*
257      * Move the written CSR data to the start of buf to create space for
258      * writing the signature into buf.
259      */
260     memmove( buf, c, len );
261 
262     /*
263      * Write sig and its OID into buf backwards from the end of buf.
264      * Note: mbedtls_x509_write_sig will check for c2 - ( buf + len ) < sig_len
265      * and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed.
266      */
267     c2 = buf + size;
268     MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len,
269         mbedtls_x509_write_sig( &c2, buf + len, sig_oid, sig_oid_len,
270                                 sig, sig_len ) );
271 
272     /*
273      * Compact the space between the CSR data and signature by moving the
274      * CSR data to the start of the signature.
275      */
276     c2 -= len;
277     memmove( c2, buf, len );
278 
279     /* ASN encode the total size and tag the CSR data with it. */
280     len += sig_and_oid_len;
281     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) );
282     MBEDTLS_ASN1_CHK_ADD( len,
283         mbedtls_asn1_write_tag(
284             &c2, buf,
285             MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
286 
287     /* Zero the unused bytes at the start of buf */
288     memset( buf, 0, c2 - buf);
289 
290     return( (int) len );
291 }
292 
mbedtls_x509write_csr_der(mbedtls_x509write_csr * ctx,unsigned char * buf,size_t size,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)293 int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf,
294                                size_t size,
295                                int (*f_rng)(void *, unsigned char *, size_t),
296                                void *p_rng )
297 {
298     int ret;
299     unsigned char *sig;
300 
301     if( ( sig = mbedtls_calloc( 1, MBEDTLS_PK_SIGNATURE_MAX_SIZE ) ) == NULL )
302     {
303         return( MBEDTLS_ERR_X509_ALLOC_FAILED );
304     }
305 
306     ret = x509write_csr_der_internal( ctx, buf, size, sig, f_rng, p_rng );
307 
308     mbedtls_free( sig );
309 
310     return( ret );
311 }
312 
313 #define PEM_BEGIN_CSR           "-----BEGIN CERTIFICATE REQUEST-----\n"
314 #define PEM_END_CSR             "-----END CERTIFICATE REQUEST-----\n"
315 
316 #if defined(MBEDTLS_PEM_WRITE_C)
mbedtls_x509write_csr_pem(mbedtls_x509write_csr * ctx,unsigned char * buf,size_t size,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)317 int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
318                        int (*f_rng)(void *, unsigned char *, size_t),
319                        void *p_rng )
320 {
321     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
322     size_t olen = 0;
323 
324     if( ( ret = mbedtls_x509write_csr_der( ctx, buf, size,
325                                    f_rng, p_rng ) ) < 0 )
326     {
327         return( ret );
328     }
329 
330     if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CSR, PEM_END_CSR,
331                                   buf + size - ret,
332                                   ret, buf, size, &olen ) ) != 0 )
333     {
334         return( ret );
335     }
336 
337     return( 0 );
338 }
339 #endif /* MBEDTLS_PEM_WRITE_C */
340 
341 #endif /* MBEDTLS_X509_CSR_WRITE_C */
342