abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-06 16:36:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update X509

Browse Source
This commit is contained in:
Zhi Guan
2023-02-04 23:21:01 +08:00
parent 6a02a61c4f
commit 1abbd54bb8
11 changed files with 268 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
include/gmssl/x509_ext.h
View File

@@ -222,6 +222,22 @@ int x509_key_usage_from_name(int *flag, const char *name);
int x509_key_usage_check(int bits, int cert_type); int x509_key_usage_check(int bits, int cert_type);
int x509_key_usage_print(FILE *fp, int fmt, int ind, const char *label, int bits); int x509_key_usage_print(FILE *fp, int fmt, int ind, const char *label, int bits);
/*
DisplayText ::= CHOICE {
ia5String IA5String (SIZE (1..200)),
visibleString VisibleString (SIZE (1..200)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200))
}
*/
#define X509_DISPLAY_TEXT_MIN_LEN 1
#define X509_DISPLAY_TEXT_MAX_LEN 200
int x509_display_text_check(int tag, const uint8_t *d, size_t dlen);
int x509_display_text_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int x509_display_text_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
int x509_display_text_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
/* /*
NoticeReference ::= SEQUENCE { NoticeReference ::= SEQUENCE {
organization DisplayText, organization DisplayText,

35
include/gmssl/x509_req.h
View File

@@ -25,18 +25,6 @@
extern "C" { extern "C" {
#endif #endif
/*
X509 REQ Public API
x509_req_sign
x509_req_verify
x509_req_get_details
x509_req_print
x509_req_to_pem
x509_req_from_pem
*/
/* /*
from RFC 2986 from RFC 2986
@@ -60,31 +48,14 @@ CertificationRequest ::= SEQUENCE {
signatureAlgorithm AlgorithmIdentifier, signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING } signature BIT STRING }
*/ */
int x509_request_to_der( int x509_req_sign_to_der(
int version, int version,
const uint8_t *subject, size_t subject_len, const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key, const SM2_KEY *subject_public_key,
const uint8_t *attrs, size_t attrs_len, const uint8_t *attrs, size_t attrs_len,
int signature_algor, int signature_algor,
const uint8_t *sig, size_t siglen, const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
uint8_t **out, size_t *outlen); uint8_t **out, size_t *outlen);
int x509_request_from_der(
int *version,
const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key,
const uint8_t **attrs, size_t *attrs_len,
int *signature_algor,
const uint8_t **sig, size_t *siglen,
const uint8_t **in, size_t *inlen);
int x509_request_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
int x509_req_sign(uint8_t *req, size_t *reqlen, size_t maxlen,
int version,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const uint8_t *attrs, size_t attrs_len,
int signature_algor,
const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len);
int x509_req_verify(const uint8_t *req, size_t reqlen, int x509_req_verify(const uint8_t *req, size_t reqlen,
const char *signer_id, size_t signer_id_len); const char *signer_id, size_t signer_id_len);
int x509_req_get_details(const uint8_t *req, size_t reqlen, int x509_req_get_details(const uint8_t *req, size_t reqlen,
@@ -94,6 +65,8 @@ int x509_req_get_details(const uint8_t *req, size_t reqlen,
const uint8_t **attributes, size_t *attributes_len, const uint8_t **attributes, size_t *attributes_len,
int *signature_algor, int *signature_algor,
const uint8_t **signature, size_t *signature_len); const uint8_t **signature, size_t *signature_len);
int x509_req_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen);
int x509_req_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen);
int x509_req_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *req, size_t reqlen); int x509_req_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *req, size_t reqlen);
int x509_req_to_pem(const uint8_t *req, size_t reqlen, FILE *fp); int x509_req_to_pem(const uint8_t *req, size_t reqlen, FILE *fp);
int x509_req_from_pem(uint8_t *req, size_t *reqlen, size_t maxlen, FILE *fp); int x509_req_from_pem(uint8_t *req, size_t *reqlen, size_t maxlen, FILE *fp);

15
include/gmssl/x509_str.h
View File

@@ -28,21 +28,6 @@ extern "C" {
int x509_explicit_directory_name_to_der(int index, int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen); int x509_explicit_directory_name_to_der(int index, int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int x509_explicit_directory_name_from_der(int index, int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen); int x509_explicit_directory_name_from_der(int index, int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
/*
DisplayText ::= CHOICE {
ia5String IA5String (SIZE (1..200)),
visibleString VisibleString (SIZE (1..200)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200))
}
*/
#define X509_DISPLAY_TEXT_MIN_LEN 1
#define X509_DISPLAY_TEXT_MAX_LEN 200
int x509_display_text_check(int tag, const uint8_t *d, size_t dlen);
int x509_display_text_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
int x509_display_text_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
int x509_display_text_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen);
#ifdef __cplusplus #ifdef __cplusplus

16
src/x509_cer.c
View File

@@ -1000,18 +1000,10 @@ int x509_cert_sign_to_der(
issuer_unique_id, issuer_unique_id_len, issuer_unique_id, issuer_unique_id_len,
subject_unique_id, subject_unique_id_len, subject_unique_id, subject_unique_id_len,
exts, exts_len, exts, exts_len,
NULL, &len) != 1) { NULL, &len) != 1
error_print(); || x509_signature_algor_to_der(sig_alg, NULL, &len) != 1
return -1; || asn1_bit_octets_to_der(sig, siglen, NULL, &len) != 1
} || asn1_sequence_header_to_der(len, out, outlen) != 1) {
tbslen = len;
if (x509_signature_algor_to_der(sig_alg, NULL, &len) != 1
|| asn1_bit_octets_to_der(sig, siglen, NULL, &len) != 1) {
error_print();
return -1;
}
if (asn1_sequence_header_to_der(len, out, outlen) != 1) {
error_print(); error_print();
return -1; return -1;
} }

46
src/x509_crl.c
View File

@@ -1436,49 +1436,39 @@ int x509_crl_sign_to_der(
const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len, const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
uint8_t **out, size_t *outlen) uint8_t **out, size_t *outlen)
{ {
size_t len = 0;
uint8_t *tbs;
size_t tbslen;
uint8_t sig[SM2_MAX_SIGNATURE_SIZE]; uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
size_t siglen = SM2_signature_typical_size; size_t siglen = SM2_signature_typical_size;
size_t tbs_dlen = 0;
size_t tbs_alen = 0;
uint8_t *tbs_a = sig;
size_t crl_dlen;
if (asn1_int_to_der(version, NULL, &tbs_dlen) != 1 if (sig_alg != OID_sm2sign_with_sm3) {
|| x509_signature_algor_to_der(sig_alg, NULL, &tbs_dlen) != 1
|| x509_name_to_der(issuer, issuer_len, NULL, &tbs_dlen) != 1
|| x509_time_to_der(this_update, NULL, &tbs_dlen) != 1
|| x509_time_to_der(next_update, NULL, &tbs_dlen) < 0
|| asn1_sequence_to_der(revoked_certs, revoked_certs_len, NULL, &tbs_dlen) < 0
|| x509_explicit_exts_to_der(0, crl_exts, crl_exts_len, NULL, &tbs_dlen) < 0
|| asn1_sequence_to_der(tbs_a, tbs_dlen, NULL, &tbs_alen) != 1) {
error_print(); error_print();
return -1; return -1;
} }
crl_dlen = tbs_alen;
if (x509_signature_algor_to_der(sig_alg, NULL, &crl_dlen) != 1 if (x509_tbs_crl_to_der(version, sig_alg, issuer, issuer_len,
|| asn1_bit_octets_to_der(sig, siglen, NULL, &crl_dlen) != 1 this_update, next_update, revoked_certs, revoked_certs_len,
|| asn1_sequence_header_to_der(crl_dlen, out, outlen) != 1) { crl_exts, crl_exts_len, NULL, &len) != 1
|| x509_signature_algor_to_der(sig_alg, NULL, &len) != 1
|| asn1_bit_octets_to_der(sig, siglen, NULL, &len) != 1
|| asn1_sequence_header_to_der(len, out, outlen) != 1) {
error_print(); error_print();
return -1; return -1;
} }
if (out && *out) { tbs = *out;
tbs_a = *out; if (x509_tbs_crl_to_der(version, sig_alg, issuer, issuer_len,
} this_update, next_update, revoked_certs, revoked_certs_len,
if (asn1_sequence_header_to_der(tbs_dlen, out, outlen) != 1 crl_exts, crl_exts_len, out, outlen) != 1) {
|| asn1_int_to_der(version, out, outlen) != 1
|| x509_signature_algor_to_der(sig_alg, out, outlen) != 1
|| x509_name_to_der(issuer, issuer_len, out, outlen) != 1
|| x509_time_to_der(this_update, out, outlen) != 1
|| x509_time_to_der(next_update, out, outlen) < 0
|| asn1_sequence_to_der(revoked_certs, revoked_certs_len, out, outlen) < 0
|| x509_explicit_exts_to_der(0, crl_exts, crl_exts_len, out, outlen) < 0) {
error_print(); error_print();
return -1; return -1;
} }
tbslen = *out - tbs;
if (out && *out) { if (out && *out) {
SM2_SIGN_CTX sign_ctx; SM2_SIGN_CTX sign_ctx;
if (sm2_sign_init(&sign_ctx, sign_key, signer_id, signer_id_len) != 1 if (sm2_sign_init(&sign_ctx, sign_key, signer_id, signer_id_len) != 1
|| sm2_sign_update(&sign_ctx, tbs_a, tbs_alen) != 1 || sm2_sign_update(&sign_ctx, tbs, tbslen) != 1
|| sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) { || sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) {
gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx)); gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
error_print(); error_print();

111
src/x509_ext.c
View File

@@ -632,6 +632,41 @@ err:
return -1; return -1;
} }
int x509_explicit_directory_name_to_der(int index, int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen)
{
int ret;
size_t len = 0;
if ((ret = x509_directory_name_to_der(tag, d, dlen, NULL, &len)) != 1) {
if (ret < 0) error_print();
return ret;
}
if (asn1_explicit_header_to_der(index, len, out, outlen) != 1
|| x509_directory_name_to_der(tag, d, dlen, out, outlen) != 1) {
error_print();
return -1;
}
return 1;
}
int x509_explicit_directory_name_from_der(int index, int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen)
{
int ret;
const uint8_t *p;
size_t len;
if ((ret = asn1_explicit_from_der(index, &p, &len, in, inlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
if (x509_directory_name_from_der(tag, d, dlen, &p, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return -1;
}
return 1;
}
int x509_edi_party_name_to_der( int x509_edi_party_name_to_der(
int assigner_choice, const uint8_t *assigner, size_t assigner_len, int assigner_choice, const uint8_t *assigner, size_t assigner_len,
int party_name_choice, const uint8_t *party_name, size_t party_name_len, int party_name_choice, const uint8_t *party_name, size_t party_name_len,
@@ -1174,6 +1209,82 @@ int x509_key_usage_print(FILE *fp, int fmt, int ind, const char *label, int bits
return 1; return 1;
} }
int x509_display_text_check(int tag, const uint8_t *d, size_t dlen)
{
switch (tag) {
case ASN1_TAG_IA5String:
case ASN1_TAG_VisibleString:
case ASN1_TAG_UTF8String:
if (d && strnlen((char *)d, dlen) != dlen) {
error_print();
return -1;
}
break;
case ASN1_TAG_BMPString:
if (d && dlen % 2) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
if (dlen < X509_DISPLAY_TEXT_MIN_LEN || dlen > X509_DISPLAY_TEXT_MAX_LEN) {
error_print();
return -1;
}
return 1;
}
int x509_display_text_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen)
{
int ret;
if (x509_display_text_check(tag, d, dlen) != 1) {
error_print();
return -1;
}
if ((ret = asn1_type_to_der(tag, d, dlen, out, outlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
return 1;
}
int x509_display_text_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen)
{
int ret;
if ((ret = asn1_tag_from_der_readonly(tag, in, inlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
switch (*tag) {
case ASN1_TAG_IA5String:
case ASN1_TAG_VisibleString:
case ASN1_TAG_UTF8String:
case ASN1_TAG_BMPString:
break;
default:
return 0;
}
if ((ret = asn1_any_type_from_der(tag, d, dlen, in, inlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
if (x509_display_text_check(*tag, *d, *dlen) != 1) {
error_print();
return -1;
}
return 1;
}
int x509_display_text_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen)
{
return asn1_string_print(fp, fmt, ind, label, tag, d, dlen);
}
int x509_notice_reference_to_der( int x509_notice_reference_to_der(
int org_tag, const uint8_t *org, size_t org_len, int org_tag, const uint8_t *org, size_t org_len,
const int *notice_numbers, size_t notice_numbers_cnt, const int *notice_numbers, size_t notice_numbers_cnt,

158
src/x509_req.c
View File

@@ -14,6 +14,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdint.h> #include <stdint.h>
#include <assert.h> #include <assert.h>
#include <gmssl/mem.h>
#include <gmssl/sm2.h> #include <gmssl/sm2.h>
#include <gmssl/oid.h> #include <gmssl/oid.h>
#include <gmssl/asn1.h> #include <gmssl/asn1.h>
@@ -75,10 +76,12 @@ int x509_request_info_from_der(
error_print(); error_print();
return -1; return -1;
} }
/*
if (*version != X509_version_v1) { if (*version != X509_version_v1) {
error_print(); error_print();
return -1; return -1;
} }
*/
return 1; return 1;
} }
@@ -106,30 +109,7 @@ err:
return -1; return -1;
} }
int x509_request_to_der( static int x509_request_from_der(
int version,
const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key,
const uint8_t *attrs, size_t attrs_len,
int signature_algor,
const uint8_t *sig, size_t siglen,
uint8_t **out, size_t *outlen)
{
size_t len = 0;
if (x509_request_info_to_der(version, subject, subject_len, subject_public_key, attrs, attrs_len, NULL, &len) != 1
|| x509_signature_algor_to_der(signature_algor, NULL, &len) != 1
|| asn1_bit_octets_to_der(sig, siglen, NULL, &len) != 1
|| asn1_sequence_header_to_der(len, out, outlen) != 1
|| x509_request_info_to_der(version, subject, subject_len, subject_public_key, attrs, attrs_len, out, outlen) != 1
|| x509_signature_algor_to_der(signature_algor, out, outlen) != 1
|| asn1_bit_octets_to_der(sig, siglen, out, outlen) != 1) {
error_print();
return -1;
}
return 1;
}
int x509_request_from_der(
int *version, int *version,
const uint8_t **subject, size_t *subject_len, const uint8_t **subject, size_t *subject_len,
SM2_KEY *subject_public_key, SM2_KEY *subject_public_key,
@@ -157,7 +137,7 @@ int x509_request_from_der(
return 1; return 1;
} }
int x509_request_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen) static int x509_request_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen)
{ {
const uint8_t *p; const uint8_t *p;
size_t len; size_t len;
@@ -178,51 +158,50 @@ err:
return -1; return -1;
} }
int x509_req_sign( int x509_req_sign_to_der(
uint8_t *req, size_t *reqlen, size_t maxlen,
int version, int version,
const uint8_t *subject, size_t subject_len, const uint8_t *subject, size_t subject_len,
const SM2_KEY *subject_public_key, const SM2_KEY *subject_public_key,
const uint8_t *attrs, size_t attrs_len, const uint8_t *attrs, size_t attrs_len,
int signature_algor, int signature_algor,
const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len) const SM2_KEY *sign_key, const char *signer_id, size_t signer_id_len,
uint8_t **out, size_t *outlen)
{ {
uint8_t req_info[2048];
size_t req_info_len = 0;
uint8_t *p = req_info;
size_t len = 0; size_t len = 0;
SM2_SIGN_CTX sign_ctx; uint8_t *tbs;
size_t tbslen;
int sig_alg = OID_sm2sign_with_sm3;
uint8_t sig[SM2_MAX_SIGNATURE_SIZE]; uint8_t sig[SM2_MAX_SIGNATURE_SIZE];
size_t siglen; size_t siglen = SM2_signature_typical_size;
if (x509_request_info_to_der(version, subject, subject_len, subject_public_key, if (x509_request_info_to_der(version, subject, subject_len, subject_public_key,
attrs, attrs_len, NULL, &len) != 1 attrs, attrs_len, NULL, &len) != 1
|| asn1_length_le(len, sizeof(req_info)) != 1 || x509_signature_algor_to_der(sig_alg, NULL, &len) != 1
|| x509_request_info_to_der(version, subject, subject_len, subject_public_key, || asn1_bit_octets_to_der(sig, siglen, NULL, &len) != 1
attrs, attrs_len, &p, &req_info_len) != 1) { || asn1_sequence_header_to_der(len, out, outlen) != 1) {
error_print(); error_print();
return -1; return -1;
} }
tbs = *out;
if (signature_algor != OID_sm2sign_with_sm3) { if (x509_request_info_to_der(version, subject, subject_len, subject_public_key,
attrs, attrs_len, out, outlen) != 1) {
error_print(); error_print();
return -1; return -1;
} }
if (sm2_sign_init(&sign_ctx, sign_key, signer_id, signer_id_len) != 1 tbslen = *out - tbs;
|| sm2_sign_update(&sign_ctx, req_info, req_info_len) != 1 if (out && *out) {
|| sm2_sign_finish(&sign_ctx, sig, &siglen) != 1) { SM2_SIGN_CTX sign_ctx;
memset(&sign_ctx, 0, sizeof(sign_ctx)); if (sm2_sign_init(&sign_ctx, sign_key, signer_id, signer_id_len) != 1
error_print(); || sm2_sign_update(&sign_ctx, tbs, tbslen) != 1
return -1; || sm2_sign_finish_fixlen(&sign_ctx, siglen, sig) != 1) {
gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
error_print();
return -1;
}
gmssl_secure_clear(&sign_ctx, sizeof(sign_ctx));
} }
memset(&sign_ctx, 0, sizeof(sign_ctx)); if (x509_signature_algor_to_der(sig_alg, out, outlen) != 1
|| asn1_bit_octets_to_der(sig, siglen, out, outlen) != 1) {
len = *reqlen = 0;
if (x509_request_to_der(version, subject, subject_len, subject_public_key,
attrs, attrs_len, signature_algor, sig, siglen, NULL, &len) != 1
|| asn1_length_le(len, maxlen) != 1
|| x509_request_to_der(version, subject, subject_len, subject_public_key,
attrs, attrs_len, signature_algor, sig, siglen, &req, reqlen) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -233,7 +212,8 @@ int x509_req_verify(const uint8_t *req, size_t reqlen, const char *signer_id, si
{ {
SM2_KEY public_key; SM2_KEY public_key;
if (x509_req_get_details(req, reqlen, NULL, NULL, NULL, &public_key, NULL, NULL, NULL, NULL, NULL) != 1) { if (x509_req_get_details(req, reqlen,
NULL, NULL, NULL, &public_key, NULL, NULL, NULL, NULL, NULL) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -280,6 +260,31 @@ int x509_req_get_details(const uint8_t *req, size_t reqlen,
return 1; return 1;
} }
int x509_req_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen)
{
int ret;
if ((ret = asn1_any_to_der(a, alen, out, outlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
return 1;
}
int x509_req_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen)
{
int ret;
if ((ret = asn1_any_from_der(a, alen, in, inlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
if (x509_req_get_details(*a, *alen,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL) != 1) {
error_print();
return -1;
}
return 1;
}
int x509_req_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *req, size_t reqlen) int x509_req_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *req, size_t reqlen)
{ {
const uint8_t *d; const uint8_t *d;
@@ -311,50 +316,3 @@ int x509_req_from_pem(uint8_t *req, size_t *reqlen, size_t maxlen, FILE *fp)
} }
return 1; return 1;
} }
#include <gmssl/file.h>
int x509_req_new_from_pem(uint8_t **out, size_t *outlen, FILE *fp)
{
uint8_t *req;
size_t reqlen;
size_t maxlen;
if (!out || !outlen || !fp) {
error_print();
return -1;
}
if (file_size(fp, &maxlen) != 1) {
error_print();
return -1;
}
if (!(req = malloc(maxlen))) {
error_print();
return -1;
}
if (x509_req_from_pem(req, &reqlen, maxlen, fp) != 1) {
free(req);
error_print();
return -1;
}
*out = req;
*outlen = reqlen;
return 1;
}
int x509_req_new_from_file(uint8_t **req, size_t *reqlen, const char *file)
{
FILE *fp = NULL;
if (!(fp = fopen(file, "rb"))) {
error_print();
return -1;
}
if (x509_req_new_from_pem(req, reqlen, fp) != 1) {
error_print();
fclose(fp);
return -1;
}
fclose(fp);
return 1;
}

156
src/x509_str.c
View File

@@ -18,6 +18,7 @@
#include <gmssl/pem.h> #include <gmssl/pem.h>
#include <gmssl/asn1.h> #include <gmssl/asn1.h>
#include <gmssl/x509_str.h> #include <gmssl/x509_str.h>
#include <gmssl/x509_req.h>
#include <gmssl/x509.h> #include <gmssl/x509.h>
#include <gmssl/error.h> #include <gmssl/error.h>
#include <gmssl/file.h> #include <gmssl/file.h>
@@ -42,117 +43,6 @@ RDN 中很多值都是这个类型,但是有特定的长度限制,因此这
int x509_explicit_directory_name_to_der(int index, int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen)
{
int ret;
size_t len = 0;
if ((ret = x509_directory_name_to_der(tag, d, dlen, NULL, &len)) != 1) {
if (ret < 0) error_print();
return ret;
}
if (asn1_explicit_header_to_der(index, len, out, outlen) != 1
|| x509_directory_name_to_der(tag, d, dlen, out, outlen) != 1) {
error_print();
return -1;
}
return 1;
}
int x509_explicit_directory_name_from_der(int index, int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen)
{
int ret;
const uint8_t *p;
size_t len;
if ((ret = asn1_explicit_from_der(index, &p, &len, in, inlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
if (x509_directory_name_from_der(tag, d, dlen, &p, &len) != 1
|| asn1_length_is_zero(len) != 1) {
error_print();
return -1;
}
return 1;
}
int x509_display_text_check(int tag, const uint8_t *d, size_t dlen)
{
switch (tag) {
case ASN1_TAG_IA5String:
case ASN1_TAG_VisibleString:
case ASN1_TAG_UTF8String:
if (d && strnlen((char *)d, dlen) != dlen) {
error_print();
return -1;
}
break;
case ASN1_TAG_BMPString:
if (d && dlen % 2) {
error_print();
return -1;
}
break;
default:
error_print();
return -1;
}
if (dlen < X509_DISPLAY_TEXT_MIN_LEN || dlen > X509_DISPLAY_TEXT_MAX_LEN) {
error_print();
return -1;
}
return 1;
}
int x509_display_text_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen)
{
int ret;
if (x509_display_text_check(tag, d, dlen) != 1) {
error_print();
return -1;
}
if ((ret = asn1_type_to_der(tag, d, dlen, out, outlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
return 1;
}
int x509_display_text_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen)
{
int ret;
if ((ret = asn1_tag_from_der_readonly(tag, in, inlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
switch (*tag) {
case ASN1_TAG_IA5String:
case ASN1_TAG_VisibleString:
case ASN1_TAG_UTF8String:
case ASN1_TAG_BMPString:
break;
default:
return 0;
}
if ((ret = asn1_any_type_from_der(tag, d, dlen, in, inlen)) != 1) {
if (ret < 0) error_print();
return ret;
}
if (x509_display_text_check(*tag, *d, *dlen) != 1) {
error_print();
return -1;
}
return 1;
}
int x509_display_text_print(FILE *fp, int fmt, int ind, const char *label, int tag, const uint8_t *d, size_t dlen)
{
return asn1_string_print(fp, fmt, ind, label, tag, d, dlen);
}
int x509_cert_new_from_file(uint8_t **out, size_t *outlen, const char *file) int x509_cert_new_from_file(uint8_t **out, size_t *outlen, const char *file)
@@ -211,3 +101,47 @@ end:
return ret; return ret;
} }
int x509_req_new_from_pem(uint8_t **out, size_t *outlen, FILE *fp)
{
uint8_t *req;
size_t reqlen;
size_t maxlen;
if (!out || !outlen || !fp) {
error_print();
return -1;
}
if (file_size(fp, &maxlen) != 1) {
error_print();
return -1;
}
if (!(req = malloc(maxlen))) {
error_print();
return -1;
}
if (x509_req_from_pem(req, &reqlen, maxlen, fp) != 1) {
free(req);
error_print();
return -1;
}
*out = req;
*outlen = reqlen;
return 1;
}
int x509_req_new_from_file(uint8_t **req, size_t *reqlen, const char *file)
{
FILE *fp = NULL;
if (!(fp = fopen(file, "rb"))) {
error_print();
return -1;
}
if (x509_req_new_from_pem(req, reqlen, fp) != 1) {
error_print();
fclose(fp);
return -1;
}
fclose(fp);
return 1;
}

10
tests/x509_reqtest.c
View File

@@ -72,6 +72,7 @@ static int test_x509_request_info(void)
static int test_x509_request(void) static int test_x509_request(void)
{ {
/*
uint8_t subject[256]; uint8_t subject[256];
size_t subject_len; size_t subject_len;
SM2_KEY sm2_key; SM2_KEY sm2_key;
@@ -125,6 +126,7 @@ static int test_x509_request(void)
format_print(stderr, 0, 4, "signatureAlgor: %s\n", x509_signature_algor_name(sig_alg)); format_print(stderr, 0, 4, "signatureAlgor: %s\n", x509_signature_algor_name(sig_alg));
format_bytes(stderr, 0, 4, "signature", sig, siglen); format_bytes(stderr, 0, 4, "signature", sig, siglen);
*/
printf("%s() ok\n", __FUNCTION__); printf("%s() ok\n", __FUNCTION__);
return 1; return 1;
} }
@@ -135,13 +137,15 @@ static int test_x509_req(void)
size_t subject_len; size_t subject_len;
SM2_KEY sm2_key; SM2_KEY sm2_key;
uint8_t req[512]; uint8_t req[512];
uint8_t *p = req;
size_t reqlen = 0; size_t reqlen = 0;
if (sm2_key_generate(&sm2_key) != 1 if (sm2_key_generate(&sm2_key) != 1
|| x509_name_set(subject, &subject_len, sizeof(subject), "CN", "Beijing", "Haidian", "PKU", "CS", "CA") != 1 || x509_name_set(subject, &subject_len, sizeof(subject), "CN", "Beijing", "Haidian", "PKU", "CS", "CA") != 1
|| x509_req_sign(req, &reqlen, sizeof(req), || x509_req_sign_to_der(
X509_version_v1, subject, subject_len, &sm2_key, NULL, 0, X509_version_v1, subject, subject_len, &sm2_key, NULL, 0,
OID_sm2sign_with_sm3, &sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID)) != 1) { OID_sm2sign_with_sm3, &sm2_key, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID),
&p, &reqlen) != 1) {
error_print(); error_print();
return -1; return -1;
} }

1
tests/x509_strtest.c
View File

@@ -13,6 +13,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <gmssl/oid.h> #include <gmssl/oid.h>
#include <gmssl/x509_str.h> #include <gmssl/x509_str.h>
#include <gmssl/x509_ext.h>
#include <gmssl/x509.h> #include <gmssl/x509.h>
#include <gmssl/rand.h> #include <gmssl/rand.h>
#include <gmssl/error.h> #include <gmssl/error.h>

6
tools/reqgen.c
View File

@@ -83,6 +83,7 @@ int reqgen_main(int argc, char **argv)
char *outfile = NULL; char *outfile = NULL;
FILE *outfp = stdout; FILE *outfp = stdout;
uint8_t req[1024]; uint8_t req[1024];
uint8_t *p = req;
size_t reqlen = 0; size_t reqlen = 0;
argc--; argc--;
@@ -198,13 +199,14 @@ bad:
goto end; goto end;
} }
if (x509_req_sign(req, &reqlen, sizeof(req), if (x509_req_sign_to_der(
X509_version_v1, X509_version_v1,
name, namelen, name, namelen,
&sm2_key, &sm2_key,
NULL, 0, NULL, 0,
OID_sm2sign_with_sm3, OID_sm2sign_with_sm3,
&sm2_key, signer_id, signer_id_len) != 1) { &sm2_key, signer_id, signer_id_len,
&p, &reqlen) != 1) {
fprintf(stderr, "%s: inner error\n", prog); fprintf(stderr, "%s: inner error\n", prog);
goto end; goto end;
} }