wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

add cert gen CA extenstion basic constraint true

Browse Source
This commit is contained in:
Todd A Ouska
2011-09-06 17:30:57 -07:00
parent 8c55e4883e
commit 1f2109e5fd
5 changed files with 83 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
ctaocrypt/src/asn.c
View File

@@ -2106,6 +2106,14 @@ void CTaoCryptErrorString(int error, char* buffer)
XSTRNCPY(buffer, "Setting Cert Issuer name error", max); XSTRNCPY(buffer, "Setting Cert Issuer name error", max);
break; break;
case CA_TRUE_E :
XSTRNCPY(buffer, "Setting basic constraint CA true error", max);
break;
case EXTENSIONS_E :
XSTRNCPY(buffer, "Setting extensions error", max);
break;
case ASN_PARSE_E : case ASN_PARSE_E :
XSTRNCPY(buffer, "ASN parsing error, invalid input", max); XSTRNCPY(buffer, "ASN parsing error, invalid input", max);
break; break;
@@ -2401,6 +2409,7 @@ void InitCert(Cert* cert)
cert->sigType = MD5wRSA; cert->sigType = MD5wRSA;
cert->daysValid = 500; cert->daysValid = 500;
cert->selfSigned = 1; cert->selfSigned = 1;
cert->isCA = 0;
cert->bodySz = 0; cert->bodySz = 0;
cert->keyType = RSA_KEY; cert->keyType = RSA_KEY;
XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE); XMEMSET(cert->serial, 0, CTC_SERIAL_SIZE);
@@ -2435,6 +2444,8 @@ typedef struct DerCert {
byte subject[ASN_NAME_MAX]; /* subject encoded */ byte subject[ASN_NAME_MAX]; /* subject encoded */
byte validity[MAX_DATE_SIZE*2 + MAX_SEQ_SZ*2]; /* before and after dates */ byte validity[MAX_DATE_SIZE*2 + MAX_SEQ_SZ*2]; /* before and after dates */
byte publicKey[MAX_PUBLIC_KEY_SZ]; /* rsa / ntru public key encoded */ byte publicKey[MAX_PUBLIC_KEY_SZ]; /* rsa / ntru public key encoded */
byte ca[MAX_CA_SZ]; /* basic constraint CA true size */
byte extensions[MAX_EXTENSIONS_SZ]; /* all extensions */
int sizeSz; /* encoded size length */ int sizeSz; /* encoded size length */
int versionSz; /* encoded version length */ int versionSz; /* encoded version length */
int serialSz; /* encoded serial length */ int serialSz; /* encoded serial length */
@@ -2443,6 +2454,8 @@ typedef struct DerCert {
int subjectSz; /* encoded subject length */ int subjectSz; /* encoded subject length */
int validitySz; /* encoded validity length */ int validitySz; /* encoded validity length */
int publicKeySz; /* encoded public key length */ int publicKeySz; /* encoded public key length */
int caSz; /* encoded CA extension length */
int extensionsSz; /* encoded extensions total length */
int total; /* total encoded lengths */ int total; /* total encoded lengths */
} DerCert; } DerCert;
@@ -2717,6 +2730,41 @@ static byte GetNameId(int idx)
} }
/* encode all extensions, return total bytes written */
static int SetExtensions(byte* output, const byte* ca, int caSz)
{
byte sequence[MAX_SEQ_SZ];
byte len[MAX_LENGTH_SZ];
int sz = 0;
int seqSz = SetSequence(caSz, sequence);
int lenSz = SetLength(seqSz + caSz, len);
output[0] = 0xa3; /* extensions id */
sz++;
memcpy(&output[sz], len, lenSz); /* length */
sz += lenSz;
memcpy(&output[sz], sequence, seqSz); /* sequence */
sz += seqSz;
memcpy(&output[sz], ca, caSz); /* ca */
sz += caSz;
return sz;
}
/* encode CA basic constraint true, return total bytes written */
static int SetCa(byte* output)
{
static const byte ca[] = { 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,
0x05, 0x30, 0x03, 0x01, 0x01, 0xff };
memcpy(output, ca, sizeof(ca));
return (int)sizeof(ca);
}
/* encode CertName into output, return total bytes written */ /* encode CertName into output, return total bytes written */
static int SetName(byte* output, CertName* name) static int SetName(byte* output, CertName* name)
{ {
@@ -2888,8 +2936,27 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, RNG* rng,
if (der->issuerSz == 0) if (der->issuerSz == 0)
return ISSUER_E; return ISSUER_E;
/* CA */
if (cert->isCA) {
der->caSz = SetCa(der->ca);
if (der->caSz == 0)
return CA_TRUE_E;
}
else
der->caSz = 0;
/* extensions, just CA now */
if (cert->isCA) {
der->extensionsSz = SetExtensions(der->extensions, der->ca, der->caSz);
if (der->extensionsSz == 0)
return EXTENSIONS_E;
}
else
der->extensionsSz = 0;
der->total = der->versionSz + der->serialSz + der->sigAlgoSz + der->total = der->versionSz + der->serialSz + der->sigAlgoSz +
der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz; der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz +
der->extensionsSz;
return 0; return 0;
} }
@@ -2923,6 +2990,11 @@ static int WriteCertBody(DerCert* der, byte* buffer)
/* public key */ /* public key */
XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz); XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz);
idx += der->publicKeySz; idx += der->publicKeySz;
if (der->extensionsSz) {
/* extensions */
XMEMCPY(buffer + idx, der->extensions, der->extensionsSz);
idx += der->extensionsSz;
}
return idx; return idx;
} }

1
ctaocrypt/test/test.c
View File

@@ -1220,6 +1220,7 @@ int rsa_test()
strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE); strncpy(myCert.subject.unit, "Development", CTC_NAME_SIZE);
strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE); strncpy(myCert.subject.commonName, "www.yassl.com", CTC_NAME_SIZE);
strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE); strncpy(myCert.subject.email, "info@yassl.com", CTC_NAME_SIZE);
myCert.isCA = 1;
certSz = MakeSelfCert(&myCert, derCert, sizeof(derCert), &key, &rng); certSz = MakeSelfCert(&myCert, derCert, sizeof(derCert), &key, &rng);
if (certSz < 0) if (certSz < 0)

7
cyassl/ctaocrypt/asn.h
View File

@@ -115,10 +115,13 @@ enum Misc_ASN {
MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
MAX_RSA_E_SZ = 16, /* Max RSA public e size */ MAX_RSA_E_SZ = 16, /* Max RSA public e size */
MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
/* Max total extensions, id + len + others */
MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2
/* use bigger NTRU size */ /* use bigger NTRU size */
MAX_LENGTH_SZ = 4
}; };

2
cyassl/ctaocrypt/asn_public.h
View File

@@ -69,6 +69,7 @@ typedef struct Cert {
int daysValid; /* validity days */ int daysValid; /* validity days */
int selfSigned; /* self signed flag */ int selfSigned; /* self signed flag */
CertName subject; /* subject info */ CertName subject; /* subject info */
int isCA; /* is this going to be a CA */
/* internal use only */ /* internal use only */
int bodySz; /* pre sign total size */ int bodySz; /* pre sign total size */
int keyType; /* public key type of subject */ int keyType; /* public key type of subject */
@@ -85,6 +86,7 @@ typedef struct Cert {
daysValid = 500 daysValid = 500
selfSigned = 1 (true) use subject as issuer selfSigned = 1 (true) use subject as issuer
subject = blank subject = blank
isCA = 0 (false)
keyType = RSA_KEY (default) keyType = RSA_KEY (default)
*/ */
CYASSL_API void InitCert(Cert*); CYASSL_API void InitCert(Cert*);

2
cyassl/ctaocrypt/error.h
View File

@@ -65,6 +65,8 @@ enum {
DATE_E = -135, /* setting date validity error */ DATE_E = -135, /* setting date validity error */
SUBJECT_E = -136, /* setting subject name error */ SUBJECT_E = -136, /* setting subject name error */
ISSUER_E = -137, /* setting issuer name error */ ISSUER_E = -137, /* setting issuer name error */
CA_TRUE_E = -138, /* setting CA basic constraint true error */
EXTENSIONS_E = -139, /* setting extensions error */
ASN_PARSE_E = -140, /* ASN parsing error, invalid input */ ASN_PARSE_E = -140, /* ASN parsing error, invalid input */
ASN_VERSION_E = -141, /* ASN version error, invalid number */ ASN_VERSION_E = -141, /* ASN version error, invalid number */