crypto/x509/v3_ist.c

   1 /*
   2  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include "internal/cryptlib.h"
  12 #include <openssl/conf.h>
  13 #include <openssl/asn1.h>
  14 #include <openssl/asn1t.h>
  15 #include <openssl/x509v3.h>
  16 #include "ext_dat.h"
  17
  18 DEFINE_STACK_OF(CONF_VALUE)
  19
  20 /*
  21  * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE)
  22  * This extention is required to obtain the status of a qualified certificate at Russian Federation.
  23  * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
  24  * Russian Federal Law 63 "Digital Sign" is available here:  http://www.consultant.ru/document/cons_doc_LAW_112701/
  25  */
  26
  27 ASN1_SEQUENCE(ISSUER_SIGN_TOOL) = {
  28         ASN1_SIMPLE(ISSUER_SIGN_TOOL, signTool, ASN1_UTF8STRING),
  29         ASN1_SIMPLE(ISSUER_SIGN_TOOL, cATool, ASN1_UTF8STRING),
  30         ASN1_SIMPLE(ISSUER_SIGN_TOOL, signToolCert, ASN1_UTF8STRING),
  31         ASN1_SIMPLE(ISSUER_SIGN_TOOL, cAToolCert, ASN1_UTF8STRING)
  32 } ASN1_SEQUENCE_END(ISSUER_SIGN_TOOL)
  33
  34 IMPLEMENT_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL)
  35
  36
  37 static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
  38                         STACK_OF(CONF_VALUE) *nval)
  39 {
  40     ISSUER_SIGN_TOOL *ist = ISSUER_SIGN_TOOL_new();
  41     int i;
  42
  43     if (ist == NULL) {
  44         X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_MALLOC_FAILURE);
  45         return NULL;
  46     }
  47     for (i = 0; i < sk_CONF_VALUE_num(nval); ++i) {
  48         CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
  49
  50         if (cnf == NULL) {
  51             continue;
  52         }
  53         if (strcmp(cnf->name, "signTool") == 0) {
  54             ist->signTool = ASN1_UTF8STRING_new();
  55             if (ist->signTool == NULL) {
  56                 X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_MALLOC_FAILURE);
  57                 ISSUER_SIGN_TOOL_free(ist);
  58                 return NULL;
  59             }
  60             ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value));
  61         } else if (strcmp(cnf->name, "cATool") == 0) {
  62             ist->cATool = ASN1_UTF8STRING_new();
  63             if (ist->cATool == NULL) {
  64                 X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_MALLOC_FAILURE);
  65                 ISSUER_SIGN_TOOL_free(ist);
  66                 return NULL;
  67             }
  68             ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value));
  69         } else if (strcmp(cnf->name, "signToolCert") == 0) {
  70             ist->signToolCert = ASN1_UTF8STRING_new();
  71             if (ist->signToolCert == NULL) {
  72                 X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_MALLOC_FAILURE);
  73                 ISSUER_SIGN_TOOL_free(ist);
  74                 return NULL;
  75             }
  76             ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value));
  77         } else if (strcmp(cnf->name, "cAToolCert") == 0) {
  78             ist->cAToolCert = ASN1_UTF8STRING_new();
  79             if (ist->cAToolCert == NULL) {
  80                 X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_MALLOC_FAILURE);
  81                 ISSUER_SIGN_TOOL_free(ist);
  82                 return NULL;
  83             }
  84             ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value));
  85         } else {
  86             X509V3err(X509V3_F_V2I_ISSUER_SIGN_TOOL, ERR_R_PASSED_INVALID_ARGUMENT);
  87             ISSUER_SIGN_TOOL_free(ist);
  88             return NULL;
  89         }
  90     }
  91     return ist;
  92 }
  93
  94 static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method,
  95                                  ISSUER_SIGN_TOOL *ist, BIO *out,
  96                                  int indent)
  97 {
  98     int new_line = 0;
  99
 100     if (ist == NULL) {
 101         X509V3err(X509V3_F_I2R_ISSUER_SIGN_TOOL, ERR_R_PASSED_INVALID_ARGUMENT);
 102         return 0;
 103     }
 104     if (ist->signTool != NULL) {
 105         if (new_line == 1) {
 106             BIO_write(out, "\n", 1);
 107         }
 108         BIO_printf(out, "%*ssignTool    : ", indent, "");
 109         BIO_write(out, ist->signTool->data, ist->signTool->length);
 110         new_line = 1;
 111     }
 112     if (ist->cATool != NULL) {
 113         if (new_line == 1) {
 114             BIO_write(out, "\n", 1);
 115         }
 116         BIO_printf(out, "%*scATool      : ", indent, "");
 117         BIO_write(out, ist->cATool->data, ist->cATool->length);
 118         new_line = 1;
 119     }
 120     if (ist->signToolCert != NULL) {
 121         if (new_line == 1) {
 122             BIO_write(out, "\n", 1);
 123         }
 124         BIO_printf(out, "%*ssignToolCert: ", indent, "");
 125         BIO_write(out, ist->signToolCert->data, ist->signToolCert->length);
 126         new_line = 1;
 127     }
 128     if (ist->cAToolCert != NULL) {
 129         if (new_line == 1) {
 130             BIO_write(out, "\n", 1);
 131         }
 132         BIO_printf(out, "%*scAToolCert  : ", indent, "");
 133         BIO_write(out, ist->cAToolCert->data, ist->cAToolCert->length);
 134         new_line = 1;
 135     }
 136     return 1;
 137 }
 138
 139 const X509V3_EXT_METHOD v3_issuer_sign_tool = {
 140     NID_issuerSignTool,                   /* nid */
 141     X509V3_EXT_MULTILINE,                 /* flags */
 142     ASN1_ITEM_ref(ISSUER_SIGN_TOOL),      /* template */
 143     0, 0, 0, 0,                           /* old functions, ignored */
 144     0,                                    /* i2s */
 145     0,                                    /* s2i */
 146     0,                                    /* i2v */
 147     (X509V3_EXT_V2I)v2i_issuer_sign_tool, /* v2i */
 148     (X509V3_EXT_I2R)i2r_issuer_sign_tool, /* i2r */
 149     0,                                    /* r2i */
 150     NULL                                  /* extension-specific data */
 151 };