forked from wolfSSL/wolfssl
Added setting the cert req challenge password.
This commit is contained in:
John Safranek
@ -3845,6 +3845,18 @@ static word32 SetSet(word32 len, byte* output)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef CYASSL_CERT_REQ
|
||||||
|
|
||||||
|
/* Write a set header to output */
|
||||||
|
static word32 SetUTF8String(word32 len, byte* output)
|
||||||
|
{
|
||||||
|
output[0] = ASN_UTF8STRING;
|
||||||
|
return SetLength(len, output + 1) + 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* CYASSL_CERT_REQ */
|
||||||
|
|
||||||
|
|
||||||
/* Write a serial number to output */
|
/* Write a serial number to output */
|
||||||
static int SetSerial(const byte* serial, byte* output)
|
static int SetSerial(const byte* serial, byte* output)
|
||||||
{
|
{
|
||||||
@ -4624,37 +4636,71 @@ int MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz,
|
|||||||
|
|
||||||
#ifdef CYASSL_CERT_REQ
|
#ifdef CYASSL_CERT_REQ
|
||||||
|
|
||||||
static int SetReqAttrib(byte* output, int extSz)
|
static int SetReqAttrib(byte* output, char* pw, int extSz)
|
||||||
{
|
{
|
||||||
int sz = 0;
|
static const byte cpOid[] =
|
||||||
|
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
|
||||||
|
0x09, 0x07 };
|
||||||
|
static const byte erOid[] =
|
||||||
|
{ ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
|
||||||
|
0x09, 0x0e };
|
||||||
|
|
||||||
|
int sz = 0; /* overall size */
|
||||||
|
int cpSz = 0; /* Challenge Password section size */
|
||||||
|
int cpSeqSz = 0;
|
||||||
|
int cpSetSz = 0;
|
||||||
|
int cpStrSz = 0;
|
||||||
|
int pwSz = 0;
|
||||||
|
int erSz = 0; /* Extension Request section size */
|
||||||
|
int erSeqSz = 0;
|
||||||
|
int erSetSz = 0;
|
||||||
|
byte cpSeq[MAX_SEQ_SZ];
|
||||||
|
byte cpSet[MAX_SET_SZ];
|
||||||
|
byte cpStr[MAX_PRSTR_SZ];
|
||||||
|
byte erSeq[MAX_SEQ_SZ];
|
||||||
|
byte erSet[MAX_SET_SZ];
|
||||||
|
|
||||||
output[0] = 0xa0;
|
output[0] = 0xa0;
|
||||||
sz++;
|
sz++;
|
||||||
|
|
||||||
if (extSz) {
|
if (pw && pw[0]) {
|
||||||
byte extSet[MAX_SET_SZ];
|
pwSz = (int)XSTRLEN(pw);
|
||||||
byte extSeq[MAX_SEQ_SZ];
|
cpStrSz = SetUTF8String(pwSz, cpStr);
|
||||||
int extSetSz;
|
cpSetSz = SetSet(cpStrSz + pwSz, cpSet);
|
||||||
int extSeqSz;
|
cpSeqSz = SetSequence(sizeof(cpOid) + cpSetSz + cpStrSz + pwSz, cpSeq);
|
||||||
static const byte extReqOid[] = { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48,
|
cpSz = cpSeqSz + sizeof(cpOid) + cpSetSz + cpStrSz + pwSz;
|
||||||
0x86, 0xf7, 0x0d, 0x01, 0x09, 0x0e };
|
|
||||||
|
|
||||||
extSetSz = SetSet(extSz, extSet);
|
|
||||||
extSeqSz = SetSequence(extSetSz + sizeof(extReqOid) + extSz, extSeq);
|
|
||||||
|
|
||||||
sz += SetLength(extSeqSz + extSeqSz + sizeof(extReqOid) + extSz,
|
|
||||||
&output[sz]);
|
|
||||||
XMEMCPY(&output[sz], extSeq, extSeqSz);
|
|
||||||
sz += extSeqSz;
|
|
||||||
XMEMCPY(&output[sz], extReqOid, sizeof(extReqOid));
|
|
||||||
sz += sizeof(extReqOid);
|
|
||||||
XMEMCPY(&output[sz], extSet, extSetSz);
|
|
||||||
sz += extSetSz;
|
|
||||||
/* The actual extension data will be tacked onto the output later. */
|
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
output[sz] = 0x00;
|
if (extSz) {
|
||||||
sz++;
|
erSetSz = SetSet(extSz, erSet);
|
||||||
|
erSeqSz = SetSequence(erSetSz + sizeof(erOid) + extSz, erSeq);
|
||||||
|
erSz = extSz + erSetSz + erSeqSz + sizeof(erOid);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Put the pieces together. */
|
||||||
|
sz += SetLength(cpSz + erSz, &output[sz]);
|
||||||
|
|
||||||
|
if (cpSz) {
|
||||||
|
XMEMCPY(&output[sz], cpSeq, cpSeqSz);
|
||||||
|
sz += cpSeqSz;
|
||||||
|
XMEMCPY(&output[sz], cpOid, sizeof(cpOid));
|
||||||
|
sz += sizeof(cpOid);
|
||||||
|
XMEMCPY(&output[sz], cpSet, cpSetSz);
|
||||||
|
sz += cpSetSz;
|
||||||
|
XMEMCPY(&output[sz], cpStr, cpStrSz);
|
||||||
|
sz += cpStrSz;
|
||||||
|
XMEMCPY(&output[sz], pw, pwSz);
|
||||||
|
sz += pwSz;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (erSz) {
|
||||||
|
XMEMCPY(&output[sz], erSeq, erSeqSz);
|
||||||
|
sz += erSeqSz;
|
||||||
|
XMEMCPY(&output[sz], erOid, sizeof(erOid));
|
||||||
|
sz += sizeof(erOid);
|
||||||
|
XMEMCPY(&output[sz], erSet, erSetSz);
|
||||||
|
sz += erSetSz;
|
||||||
|
/* The actual extension data will be tacked onto the output later. */
|
||||||
}
|
}
|
||||||
|
|
||||||
return sz;
|
return sz;
|
||||||
@ -4716,7 +4762,8 @@ static int EncodeCertReq(Cert* cert, DerCert* der,
|
|||||||
else
|
else
|
||||||
der->extensionsSz = 0;
|
der->extensionsSz = 0;
|
||||||
|
|
||||||
der->attribSz = SetReqAttrib(der->attrib, der->extensionsSz);
|
der->attribSz = SetReqAttrib(der->attrib,
|
||||||
|
cert->challengePw, der->extensionsSz);
|
||||||
if (der->attribSz == 0)
|
if (der->attribSz == 0)
|
||||||
return REQ_ATTRIBUTE_E;
|
return REQ_ATTRIBUTE_E;
|
||||||
|
|
||||||
|
|||||||
@ -3063,6 +3063,7 @@ int rsa_test(void)
|
|||||||
|
|
||||||
req.version = 0;
|
req.version = 0;
|
||||||
req.isCA = 1;
|
req.isCA = 1;
|
||||||
|
strncpy(req.challengePw, "yassl123", CTC_NAME_SIZE);
|
||||||
strncpy(req.subject.country, "US", CTC_NAME_SIZE);
|
strncpy(req.subject.country, "US", CTC_NAME_SIZE);
|
||||||
strncpy(req.subject.state, "OR", CTC_NAME_SIZE);
|
strncpy(req.subject.state, "OR", CTC_NAME_SIZE);
|
||||||
strncpy(req.subject.locality, "Portland", CTC_NAME_SIZE);
|
strncpy(req.subject.locality, "Portland", CTC_NAME_SIZE);
|
||||||
|
|||||||
@ -59,6 +59,7 @@ enum ASN_Tags {
|
|||||||
ASN_TAG_NULL = 0x05,
|
ASN_TAG_NULL = 0x05,
|
||||||
ASN_OBJECT_ID = 0x06,
|
ASN_OBJECT_ID = 0x06,
|
||||||
ASN_ENUMERATED = 0x0a,
|
ASN_ENUMERATED = 0x0a,
|
||||||
|
ASN_UTF8STRING = 0x0c,
|
||||||
ASN_SEQUENCE = 0x10,
|
ASN_SEQUENCE = 0x10,
|
||||||
ASN_SET = 0x11,
|
ASN_SET = 0x11,
|
||||||
ASN_UTC_TIME = 0x17,
|
ASN_UTC_TIME = 0x17,
|
||||||
@ -125,6 +126,7 @@ enum Misc_ASN {
|
|||||||
MAX_ALGO_SZ = 20,
|
MAX_ALGO_SZ = 20,
|
||||||
MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
|
MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
|
||||||
MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
|
MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
|
||||||
|
MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */
|
||||||
MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
|
MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
|
||||||
MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */
|
MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */
|
||||||
MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
|
MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
|
||||||
@ -136,7 +138,9 @@ enum Misc_ASN {
|
|||||||
MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
|
MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
|
||||||
#ifdef CYASSL_CERT_GEN
|
#ifdef CYASSL_CERT_GEN
|
||||||
#ifdef CYASSL_CERT_REQ
|
#ifdef CYASSL_CERT_REQ
|
||||||
MAX_ATTRIB_SZ = 24, /* Max encoded cert req attributes length */
|
/* Max encoded cert req attributes length */
|
||||||
|
MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 +
|
||||||
|
MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */
|
||||||
#endif
|
#endif
|
||||||
#ifdef CYASSL_ALT_NAMES
|
#ifdef CYASSL_ALT_NAMES
|
||||||
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
|
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
|
||||||
|
|||||||
@ -109,6 +109,9 @@ typedef struct Cert {
|
|||||||
byte afterDate[CTC_DATE_SIZE]; /* after date copy */
|
byte afterDate[CTC_DATE_SIZE]; /* after date copy */
|
||||||
int afterDateSz; /* size of copy */
|
int afterDateSz; /* size of copy */
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef CYASSL_CERT_REQ
|
||||||
|
char challengePw[CTC_NAME_SIZE];
|
||||||
|
#endif
|
||||||
} Cert;
|
} Cert;
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user