From f9e73a8aeb328681a80909ded9ca5444702de86f Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 9 Jan 2014 14:17:55 -0800 Subject: [PATCH] Added setting the cert req challenge password. --- ctaocrypt/src/asn.c | 99 ++++++++++++++++++++++++++--------- ctaocrypt/test/test.c | 1 + cyassl/ctaocrypt/asn.h | 6 ++- cyassl/ctaocrypt/asn_public.h | 3 ++ 4 files changed, 82 insertions(+), 27 deletions(-) diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index a0f1516ff..bc4cd815c 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -3845,6 +3845,18 @@ static word32 SetSet(word32 len, byte* output) } +#ifdef CYASSL_CERT_REQ + +/* Write a set header to output */ +static word32 SetUTF8String(word32 len, byte* output) +{ + output[0] = ASN_UTF8STRING; + return SetLength(len, output + 1) + 1; +} + +#endif /* CYASSL_CERT_REQ */ + + /* Write a serial number to output */ static int SetSerial(const byte* serial, byte* output) { @@ -4624,37 +4636,71 @@ int MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz, #ifdef CYASSL_CERT_REQ -static int SetReqAttrib(byte* output, int extSz) +static int SetReqAttrib(byte* output, char* pw, int extSz) { - int sz = 0; + static const byte cpOid[] = + { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x09, 0x07 }; + static const byte erOid[] = + { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x09, 0x0e }; + + int sz = 0; /* overall size */ + int cpSz = 0; /* Challenge Password section size */ + int cpSeqSz = 0; + int cpSetSz = 0; + int cpStrSz = 0; + int pwSz = 0; + int erSz = 0; /* Extension Request section size */ + int erSeqSz = 0; + int erSetSz = 0; + byte cpSeq[MAX_SEQ_SZ]; + byte cpSet[MAX_SET_SZ]; + byte cpStr[MAX_PRSTR_SZ]; + byte erSeq[MAX_SEQ_SZ]; + byte erSet[MAX_SET_SZ]; output[0] = 0xa0; sz++; - if (extSz) { - byte extSet[MAX_SET_SZ]; - byte extSeq[MAX_SEQ_SZ]; - int extSetSz; - int extSeqSz; - static const byte extReqOid[] = { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x0e }; - - extSetSz = SetSet(extSz, extSet); - extSeqSz = SetSequence(extSetSz + sizeof(extReqOid) + extSz, extSeq); - - sz += SetLength(extSeqSz + extSeqSz + sizeof(extReqOid) + extSz, - &output[sz]); - XMEMCPY(&output[sz], extSeq, extSeqSz); - sz += extSeqSz; - XMEMCPY(&output[sz], extReqOid, sizeof(extReqOid)); - sz += sizeof(extReqOid); - XMEMCPY(&output[sz], extSet, extSetSz); - sz += extSetSz; - /* The actual extension data will be tacked onto the output later. */ + if (pw && pw[0]) { + pwSz = (int)XSTRLEN(pw); + cpStrSz = SetUTF8String(pwSz, cpStr); + cpSetSz = SetSet(cpStrSz + pwSz, cpSet); + cpSeqSz = SetSequence(sizeof(cpOid) + cpSetSz + cpStrSz + pwSz, cpSeq); + cpSz = cpSeqSz + sizeof(cpOid) + cpSetSz + cpStrSz + pwSz; } - else { - output[sz] = 0x00; - sz++; + + if (extSz) { + erSetSz = SetSet(extSz, erSet); + erSeqSz = SetSequence(erSetSz + sizeof(erOid) + extSz, erSeq); + erSz = extSz + erSetSz + erSeqSz + sizeof(erOid); + } + + /* Put the pieces together. */ + sz += SetLength(cpSz + erSz, &output[sz]); + + if (cpSz) { + XMEMCPY(&output[sz], cpSeq, cpSeqSz); + sz += cpSeqSz; + XMEMCPY(&output[sz], cpOid, sizeof(cpOid)); + sz += sizeof(cpOid); + XMEMCPY(&output[sz], cpSet, cpSetSz); + sz += cpSetSz; + XMEMCPY(&output[sz], cpStr, cpStrSz); + sz += cpStrSz; + XMEMCPY(&output[sz], pw, pwSz); + sz += pwSz; + } + + if (erSz) { + XMEMCPY(&output[sz], erSeq, erSeqSz); + sz += erSeqSz; + XMEMCPY(&output[sz], erOid, sizeof(erOid)); + sz += sizeof(erOid); + XMEMCPY(&output[sz], erSet, erSetSz); + sz += erSetSz; + /* The actual extension data will be tacked onto the output later. */ } return sz; @@ -4716,7 +4762,8 @@ static int EncodeCertReq(Cert* cert, DerCert* der, else der->extensionsSz = 0; - der->attribSz = SetReqAttrib(der->attrib, der->extensionsSz); + der->attribSz = SetReqAttrib(der->attrib, + cert->challengePw, der->extensionsSz); if (der->attribSz == 0) return REQ_ATTRIBUTE_E; diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 4269c2c76..3d0f52ae3 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -3063,6 +3063,7 @@ int rsa_test(void) req.version = 0; req.isCA = 1; + strncpy(req.challengePw, "yassl123", CTC_NAME_SIZE); strncpy(req.subject.country, "US", CTC_NAME_SIZE); strncpy(req.subject.state, "OR", CTC_NAME_SIZE); strncpy(req.subject.locality, "Portland", CTC_NAME_SIZE); diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index 8454a40fb..febef2432 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -59,6 +59,7 @@ enum ASN_Tags { ASN_TAG_NULL = 0x05, ASN_OBJECT_ID = 0x06, ASN_ENUMERATED = 0x0a, + ASN_UTF8STRING = 0x0c, ASN_SEQUENCE = 0x10, ASN_SET = 0x11, ASN_UTC_TIME = 0x17, @@ -125,6 +126,7 @@ enum Misc_ASN { MAX_ALGO_SZ = 20, MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ + MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */ MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ @@ -136,7 +138,9 @@ enum Misc_ASN { MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ #ifdef CYASSL_CERT_GEN #ifdef CYASSL_CERT_REQ - MAX_ATTRIB_SZ = 24, /* Max encoded cert req attributes length */ + /* Max encoded cert req attributes length */ + MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + + MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ #endif #ifdef CYASSL_ALT_NAMES MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index 4cf3e30bb..24c6a79e5 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -109,6 +109,9 @@ typedef struct Cert { byte afterDate[CTC_DATE_SIZE]; /* after date copy */ int afterDateSz; /* size of copy */ #endif +#ifdef CYASSL_CERT_REQ + char challengePw[CTC_NAME_SIZE]; +#endif } Cert;