A library for setting up Secure Socket Layer (SSL) connections and verifying remote hosts using certificates. Contains only the source files for mbed platform implementation of the library.

Dependents:   HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL

Committer:
Mike Fiore
Date:
Mon Mar 23 16:51:07 2015 -0500
Revision:
6:cf58d49e1a86
Parent:
0:b86d15c6ba29
fix whitespace in sha512.c

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Vanger 0:b86d15c6ba29 1 /* asn.h
Vanger 0:b86d15c6ba29 2 *
Vanger 0:b86d15c6ba29 3 * Copyright (C) 2006-2014 wolfSSL Inc.
Vanger 0:b86d15c6ba29 4 *
Vanger 0:b86d15c6ba29 5 * This file is part of CyaSSL.
Vanger 0:b86d15c6ba29 6 *
Vanger 0:b86d15c6ba29 7 * CyaSSL is free software; you can redistribute it and/or modify
Vanger 0:b86d15c6ba29 8 * it under the terms of the GNU General Public License as published by
Vanger 0:b86d15c6ba29 9 * the Free Software Foundation; either version 2 of the License, or
Vanger 0:b86d15c6ba29 10 * (at your option) any later version.
Vanger 0:b86d15c6ba29 11 *
Vanger 0:b86d15c6ba29 12 * CyaSSL is distributed in the hope that it will be useful,
Vanger 0:b86d15c6ba29 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
Vanger 0:b86d15c6ba29 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Vanger 0:b86d15c6ba29 15 * GNU General Public License for more details.
Vanger 0:b86d15c6ba29 16 *
Vanger 0:b86d15c6ba29 17 * You should have received a copy of the GNU General Public License
Vanger 0:b86d15c6ba29 18 * along with this program; if not, write to the Free Software
Vanger 0:b86d15c6ba29 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Vanger 0:b86d15c6ba29 20 */
Vanger 0:b86d15c6ba29 21
Vanger 0:b86d15c6ba29 22 #ifndef NO_ASN
Vanger 0:b86d15c6ba29 23
Vanger 0:b86d15c6ba29 24 #ifndef CTAO_CRYPT_ASN_H
Vanger 0:b86d15c6ba29 25 #define CTAO_CRYPT_ASN_H
Vanger 0:b86d15c6ba29 26
Vanger 0:b86d15c6ba29 27 #include <cyassl/ctaocrypt/types.h>
Vanger 0:b86d15c6ba29 28 #include <cyassl/ctaocrypt/rsa.h>
Vanger 0:b86d15c6ba29 29 #include <cyassl/ctaocrypt/dh.h>
Vanger 0:b86d15c6ba29 30 #include <cyassl/ctaocrypt/dsa.h>
Vanger 0:b86d15c6ba29 31 #include <cyassl/ctaocrypt/sha.h>
Vanger 0:b86d15c6ba29 32 #include <cyassl/ctaocrypt/md5.h>
Vanger 0:b86d15c6ba29 33 #include <cyassl/ctaocrypt/asn_public.h> /* public interface */
Vanger 0:b86d15c6ba29 34 #ifdef HAVE_ECC
Vanger 0:b86d15c6ba29 35 #include <cyassl/ctaocrypt/ecc.h>
Vanger 0:b86d15c6ba29 36 #endif
Vanger 0:b86d15c6ba29 37
Vanger 0:b86d15c6ba29 38 #ifdef __cplusplus
Vanger 0:b86d15c6ba29 39 extern "C" {
Vanger 0:b86d15c6ba29 40 #endif
Vanger 0:b86d15c6ba29 41
Vanger 0:b86d15c6ba29 42
Vanger 0:b86d15c6ba29 43 enum {
Vanger 0:b86d15c6ba29 44 ISSUER = 0,
Vanger 0:b86d15c6ba29 45 SUBJECT = 1,
Vanger 0:b86d15c6ba29 46
Vanger 0:b86d15c6ba29 47 EXTERNAL_SERIAL_SIZE = 32,
Vanger 0:b86d15c6ba29 48
Vanger 0:b86d15c6ba29 49 BEFORE = 0,
Vanger 0:b86d15c6ba29 50 AFTER = 1
Vanger 0:b86d15c6ba29 51 };
Vanger 0:b86d15c6ba29 52
Vanger 0:b86d15c6ba29 53 /* ASN Tags */
Vanger 0:b86d15c6ba29 54 enum ASN_Tags {
Vanger 0:b86d15c6ba29 55 ASN_BOOLEAN = 0x01,
Vanger 0:b86d15c6ba29 56 ASN_INTEGER = 0x02,
Vanger 0:b86d15c6ba29 57 ASN_BIT_STRING = 0x03,
Vanger 0:b86d15c6ba29 58 ASN_OCTET_STRING = 0x04,
Vanger 0:b86d15c6ba29 59 ASN_TAG_NULL = 0x05,
Vanger 0:b86d15c6ba29 60 ASN_OBJECT_ID = 0x06,
Vanger 0:b86d15c6ba29 61 ASN_ENUMERATED = 0x0a,
Vanger 0:b86d15c6ba29 62 ASN_UTF8STRING = 0x0c,
Vanger 0:b86d15c6ba29 63 ASN_SEQUENCE = 0x10,
Vanger 0:b86d15c6ba29 64 ASN_SET = 0x11,
Vanger 0:b86d15c6ba29 65 ASN_UTC_TIME = 0x17,
Vanger 0:b86d15c6ba29 66 ASN_OTHER_TYPE = 0x00,
Vanger 0:b86d15c6ba29 67 ASN_RFC822_TYPE = 0x01,
Vanger 0:b86d15c6ba29 68 ASN_DNS_TYPE = 0x02,
Vanger 0:b86d15c6ba29 69 ASN_DIR_TYPE = 0x04,
Vanger 0:b86d15c6ba29 70 ASN_GENERALIZED_TIME = 0x18,
Vanger 0:b86d15c6ba29 71 CRL_EXTENSIONS = 0xa0,
Vanger 0:b86d15c6ba29 72 ASN_EXTENSIONS = 0xa3,
Vanger 0:b86d15c6ba29 73 ASN_LONG_LENGTH = 0x80
Vanger 0:b86d15c6ba29 74 };
Vanger 0:b86d15c6ba29 75
Vanger 0:b86d15c6ba29 76 enum ASN_Flags{
Vanger 0:b86d15c6ba29 77 ASN_CONSTRUCTED = 0x20,
Vanger 0:b86d15c6ba29 78 ASN_CONTEXT_SPECIFIC = 0x80
Vanger 0:b86d15c6ba29 79 };
Vanger 0:b86d15c6ba29 80
Vanger 0:b86d15c6ba29 81 enum DN_Tags {
Vanger 0:b86d15c6ba29 82 ASN_COMMON_NAME = 0x03, /* CN */
Vanger 0:b86d15c6ba29 83 ASN_SUR_NAME = 0x04, /* SN */
Vanger 0:b86d15c6ba29 84 ASN_SERIAL_NUMBER = 0x05, /* serialNumber */
Vanger 0:b86d15c6ba29 85 ASN_COUNTRY_NAME = 0x06, /* C */
Vanger 0:b86d15c6ba29 86 ASN_LOCALITY_NAME = 0x07, /* L */
Vanger 0:b86d15c6ba29 87 ASN_STATE_NAME = 0x08, /* ST */
Vanger 0:b86d15c6ba29 88 ASN_ORG_NAME = 0x0a, /* O */
Vanger 0:b86d15c6ba29 89 ASN_ORGUNIT_NAME = 0x0b /* OU */
Vanger 0:b86d15c6ba29 90 };
Vanger 0:b86d15c6ba29 91
Vanger 0:b86d15c6ba29 92 enum PBES {
Vanger 0:b86d15c6ba29 93 PBE_MD5_DES = 0,
Vanger 0:b86d15c6ba29 94 PBE_SHA1_DES = 1,
Vanger 0:b86d15c6ba29 95 PBE_SHA1_DES3 = 2,
Vanger 0:b86d15c6ba29 96 PBE_SHA1_RC4_128 = 3,
Vanger 0:b86d15c6ba29 97 PBES2 = 13 /* algo ID */
Vanger 0:b86d15c6ba29 98 };
Vanger 0:b86d15c6ba29 99
Vanger 0:b86d15c6ba29 100 enum ENCRYPTION_TYPES {
Vanger 0:b86d15c6ba29 101 DES_TYPE = 0,
Vanger 0:b86d15c6ba29 102 DES3_TYPE = 1,
Vanger 0:b86d15c6ba29 103 RC4_TYPE = 2
Vanger 0:b86d15c6ba29 104 };
Vanger 0:b86d15c6ba29 105
Vanger 0:b86d15c6ba29 106 enum ECC_TYPES {
Vanger 0:b86d15c6ba29 107 ECC_PREFIX_0 = 160,
Vanger 0:b86d15c6ba29 108 ECC_PREFIX_1 = 161
Vanger 0:b86d15c6ba29 109 };
Vanger 0:b86d15c6ba29 110
Vanger 0:b86d15c6ba29 111 enum Misc_ASN {
Vanger 0:b86d15c6ba29 112 ASN_NAME_MAX = 256,
Vanger 0:b86d15c6ba29 113 MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
Vanger 0:b86d15c6ba29 114 MAX_IV_SIZE = 64, /* MAX PKCS Iv length */
Vanger 0:b86d15c6ba29 115 MAX_KEY_SIZE = 64, /* MAX PKCS Key length */
Vanger 0:b86d15c6ba29 116 PKCS5 = 5, /* PKCS oid tag */
Vanger 0:b86d15c6ba29 117 PKCS5v2 = 6, /* PKCS #5 v2.0 */
Vanger 0:b86d15c6ba29 118 PKCS12 = 12, /* PKCS #12 */
Vanger 0:b86d15c6ba29 119 MAX_UNICODE_SZ = 256,
Vanger 0:b86d15c6ba29 120 ASN_BOOL_SIZE = 2, /* including type */
Vanger 0:b86d15c6ba29 121 ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
Vanger 0:b86d15c6ba29 122 ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
Vanger 0:b86d15c6ba29 123 SHA_SIZE = 20,
Vanger 0:b86d15c6ba29 124 RSA_INTS = 8, /* RSA ints in private key */
Vanger 0:b86d15c6ba29 125 MIN_DATE_SIZE = 13,
Vanger 0:b86d15c6ba29 126 MAX_DATE_SIZE = 32,
Vanger 0:b86d15c6ba29 127 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
Vanger 0:b86d15c6ba29 128 MAX_ENCODED_SIG_SZ = 512,
Vanger 0:b86d15c6ba29 129 MAX_SIG_SZ = 256,
Vanger 0:b86d15c6ba29 130 MAX_ALGO_SZ = 20,
Vanger 0:b86d15c6ba29 131 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
Vanger 0:b86d15c6ba29 132 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
Vanger 0:b86d15c6ba29 133 MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */
Vanger 0:b86d15c6ba29 134 MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */
Vanger 0:b86d15c6ba29 135 MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */
Vanger 0:b86d15c6ba29 136 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
Vanger 0:b86d15c6ba29 137 MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */
Vanger 0:b86d15c6ba29 138 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
Vanger 0:b86d15c6ba29 139 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
Vanger 0:b86d15c6ba29 140 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
Vanger 0:b86d15c6ba29 141 MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
Vanger 0:b86d15c6ba29 142 MAX_RSA_E_SZ = 16, /* Max RSA public e size */
Vanger 0:b86d15c6ba29 143 MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
Vanger 0:b86d15c6ba29 144 MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
Vanger 0:b86d15c6ba29 145 #ifdef CYASSL_CERT_GEN
Vanger 0:b86d15c6ba29 146 #ifdef CYASSL_CERT_REQ
Vanger 0:b86d15c6ba29 147 /* Max encoded cert req attributes length */
Vanger 0:b86d15c6ba29 148 MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 +
Vanger 0:b86d15c6ba29 149 MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */
Vanger 0:b86d15c6ba29 150 #endif
Vanger 0:b86d15c6ba29 151 #ifdef CYASSL_ALT_NAMES
Vanger 0:b86d15c6ba29 152 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
Vanger 0:b86d15c6ba29 153 #else
Vanger 0:b86d15c6ba29 154 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
Vanger 0:b86d15c6ba29 155 #endif
Vanger 0:b86d15c6ba29 156 /* Max total extensions, id + len + others */
Vanger 0:b86d15c6ba29 157 #endif
Vanger 0:b86d15c6ba29 158 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
Vanger 0:b86d15c6ba29 159 MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */
Vanger 0:b86d15c6ba29 160 EIGHTK_BUF = 8192, /* Tmp buffer size */
Vanger 0:b86d15c6ba29 161 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2
Vanger 0:b86d15c6ba29 162 /* use bigger NTRU size */
Vanger 0:b86d15c6ba29 163 };
Vanger 0:b86d15c6ba29 164
Vanger 0:b86d15c6ba29 165
Vanger 0:b86d15c6ba29 166 enum Oid_Types {
Vanger 0:b86d15c6ba29 167 hashType = 0,
Vanger 0:b86d15c6ba29 168 sigType = 1,
Vanger 0:b86d15c6ba29 169 keyType = 2,
Vanger 0:b86d15c6ba29 170 curveType = 3,
Vanger 0:b86d15c6ba29 171 blkType = 4
Vanger 0:b86d15c6ba29 172 };
Vanger 0:b86d15c6ba29 173
Vanger 0:b86d15c6ba29 174
Vanger 0:b86d15c6ba29 175 enum Hash_Sum {
Vanger 0:b86d15c6ba29 176 MD2h = 646,
Vanger 0:b86d15c6ba29 177 MD5h = 649,
Vanger 0:b86d15c6ba29 178 SHAh = 88,
Vanger 0:b86d15c6ba29 179 SHA256h = 414,
Vanger 0:b86d15c6ba29 180 SHA384h = 415,
Vanger 0:b86d15c6ba29 181 SHA512h = 416
Vanger 0:b86d15c6ba29 182 };
Vanger 0:b86d15c6ba29 183
Vanger 0:b86d15c6ba29 184
Vanger 0:b86d15c6ba29 185 enum Block_Sum {
Vanger 0:b86d15c6ba29 186 DESb = 69,
Vanger 0:b86d15c6ba29 187 DES3b = 652
Vanger 0:b86d15c6ba29 188 };
Vanger 0:b86d15c6ba29 189
Vanger 0:b86d15c6ba29 190
Vanger 0:b86d15c6ba29 191 enum Key_Sum {
Vanger 0:b86d15c6ba29 192 DSAk = 515,
Vanger 0:b86d15c6ba29 193 RSAk = 645,
Vanger 0:b86d15c6ba29 194 NTRUk = 274,
Vanger 0:b86d15c6ba29 195 ECDSAk = 518
Vanger 0:b86d15c6ba29 196 };
Vanger 0:b86d15c6ba29 197
Vanger 0:b86d15c6ba29 198
Vanger 0:b86d15c6ba29 199 enum Ecc_Sum {
Vanger 0:b86d15c6ba29 200 ECC_256R1 = 526,
Vanger 0:b86d15c6ba29 201 ECC_384R1 = 210,
Vanger 0:b86d15c6ba29 202 ECC_521R1 = 211,
Vanger 0:b86d15c6ba29 203 ECC_160R1 = 184,
Vanger 0:b86d15c6ba29 204 ECC_192R1 = 520,
Vanger 0:b86d15c6ba29 205 ECC_224R1 = 209
Vanger 0:b86d15c6ba29 206 };
Vanger 0:b86d15c6ba29 207
Vanger 0:b86d15c6ba29 208
Vanger 0:b86d15c6ba29 209 enum KDF_Sum {
Vanger 0:b86d15c6ba29 210 PBKDF2_OID = 660
Vanger 0:b86d15c6ba29 211 };
Vanger 0:b86d15c6ba29 212
Vanger 0:b86d15c6ba29 213
Vanger 0:b86d15c6ba29 214 enum Extensions_Sum {
Vanger 0:b86d15c6ba29 215 BASIC_CA_OID = 133,
Vanger 0:b86d15c6ba29 216 ALT_NAMES_OID = 131,
Vanger 0:b86d15c6ba29 217 CRL_DIST_OID = 145,
Vanger 0:b86d15c6ba29 218 AUTH_INFO_OID = 69,
Vanger 0:b86d15c6ba29 219 CA_ISSUER_OID = 117,
Vanger 0:b86d15c6ba29 220 AUTH_KEY_OID = 149,
Vanger 0:b86d15c6ba29 221 SUBJ_KEY_OID = 128,
Vanger 0:b86d15c6ba29 222 CERT_POLICY_OID = 146,
Vanger 0:b86d15c6ba29 223 KEY_USAGE_OID = 129, /* 2.5.29.15 */
Vanger 0:b86d15c6ba29 224 INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
Vanger 0:b86d15c6ba29 225 EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
Vanger 0:b86d15c6ba29 226 NAME_CONS_OID = 144 /* 2.5.29.30 */
Vanger 0:b86d15c6ba29 227 };
Vanger 0:b86d15c6ba29 228
Vanger 0:b86d15c6ba29 229 enum CertificatePolicy_Sum {
Vanger 0:b86d15c6ba29 230 CP_ANY_OID = 146 /* id-ce 32 0 */
Vanger 0:b86d15c6ba29 231 };
Vanger 0:b86d15c6ba29 232
Vanger 0:b86d15c6ba29 233 enum SepHardwareName_Sum {
Vanger 0:b86d15c6ba29 234 HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
Vanger 0:b86d15c6ba29 235 };
Vanger 0:b86d15c6ba29 236
Vanger 0:b86d15c6ba29 237 enum AuthInfo_Sum {
Vanger 0:b86d15c6ba29 238 AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
Vanger 0:b86d15c6ba29 239 AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
Vanger 0:b86d15c6ba29 240 };
Vanger 0:b86d15c6ba29 241
Vanger 0:b86d15c6ba29 242 enum ExtKeyUsage_Sum { /* From RFC 5280 */
Vanger 0:b86d15c6ba29 243 EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */
Vanger 0:b86d15c6ba29 244 EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */
Vanger 0:b86d15c6ba29 245 EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */
Vanger 0:b86d15c6ba29 246 EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, OCSPSigning */
Vanger 0:b86d15c6ba29 247 };
Vanger 0:b86d15c6ba29 248
Vanger 0:b86d15c6ba29 249
Vanger 0:b86d15c6ba29 250 enum VerifyType {
Vanger 0:b86d15c6ba29 251 NO_VERIFY = 0,
Vanger 0:b86d15c6ba29 252 VERIFY = 1
Vanger 0:b86d15c6ba29 253 };
Vanger 0:b86d15c6ba29 254
Vanger 0:b86d15c6ba29 255
Vanger 0:b86d15c6ba29 256 /* Key usage extension bits */
Vanger 0:b86d15c6ba29 257 #define KEYUSE_DIGITAL_SIG 0x0100
Vanger 0:b86d15c6ba29 258 #define KEYUSE_CONTENT_COMMIT 0x0080
Vanger 0:b86d15c6ba29 259 #define KEYUSE_KEY_ENCIPHER 0x0040
Vanger 0:b86d15c6ba29 260 #define KEYUSE_DATA_ENCIPHER 0x0020
Vanger 0:b86d15c6ba29 261 #define KEYUSE_KEY_AGREE 0x0010
Vanger 0:b86d15c6ba29 262 #define KEYUSE_KEY_CERT_SIGN 0x0008
Vanger 0:b86d15c6ba29 263 #define KEYUSE_CRL_SIGN 0x0004
Vanger 0:b86d15c6ba29 264 #define KEYUSE_ENCIPHER_ONLY 0x0002
Vanger 0:b86d15c6ba29 265 #define KEYUSE_DECIPHER_ONLY 0x0001
Vanger 0:b86d15c6ba29 266
Vanger 0:b86d15c6ba29 267 #define EXTKEYUSE_ANY 0x08
Vanger 0:b86d15c6ba29 268 #define EXTKEYUSE_OCSP_SIGN 0x04
Vanger 0:b86d15c6ba29 269 #define EXTKEYUSE_CLIENT_AUTH 0x02
Vanger 0:b86d15c6ba29 270 #define EXTKEYUSE_SERVER_AUTH 0x01
Vanger 0:b86d15c6ba29 271
Vanger 0:b86d15c6ba29 272 typedef struct DNS_entry DNS_entry;
Vanger 0:b86d15c6ba29 273
Vanger 0:b86d15c6ba29 274 struct DNS_entry {
Vanger 0:b86d15c6ba29 275 DNS_entry* next; /* next on DNS list */
Vanger 0:b86d15c6ba29 276 char* name; /* actual DNS name */
Vanger 0:b86d15c6ba29 277 };
Vanger 0:b86d15c6ba29 278
Vanger 0:b86d15c6ba29 279
Vanger 0:b86d15c6ba29 280 typedef struct Base_entry Base_entry;
Vanger 0:b86d15c6ba29 281
Vanger 0:b86d15c6ba29 282 struct Base_entry {
Vanger 0:b86d15c6ba29 283 Base_entry* next; /* next on name base list */
Vanger 0:b86d15c6ba29 284 char* name; /* actual name base */
Vanger 0:b86d15c6ba29 285 int nameSz; /* name length */
Vanger 0:b86d15c6ba29 286 byte type; /* Name base type (DNS or RFC822) */
Vanger 0:b86d15c6ba29 287 };
Vanger 0:b86d15c6ba29 288
Vanger 0:b86d15c6ba29 289
Vanger 0:b86d15c6ba29 290 struct DecodedName {
Vanger 0:b86d15c6ba29 291 char* fullName;
Vanger 0:b86d15c6ba29 292 int fullNameLen;
Vanger 0:b86d15c6ba29 293 int entryCount;
Vanger 0:b86d15c6ba29 294 int cnIdx;
Vanger 0:b86d15c6ba29 295 int cnLen;
Vanger 0:b86d15c6ba29 296 int snIdx;
Vanger 0:b86d15c6ba29 297 int snLen;
Vanger 0:b86d15c6ba29 298 int cIdx;
Vanger 0:b86d15c6ba29 299 int cLen;
Vanger 0:b86d15c6ba29 300 int lIdx;
Vanger 0:b86d15c6ba29 301 int lLen;
Vanger 0:b86d15c6ba29 302 int stIdx;
Vanger 0:b86d15c6ba29 303 int stLen;
Vanger 0:b86d15c6ba29 304 int oIdx;
Vanger 0:b86d15c6ba29 305 int oLen;
Vanger 0:b86d15c6ba29 306 int ouIdx;
Vanger 0:b86d15c6ba29 307 int ouLen;
Vanger 0:b86d15c6ba29 308 int emailIdx;
Vanger 0:b86d15c6ba29 309 int emailLen;
Vanger 0:b86d15c6ba29 310 int uidIdx;
Vanger 0:b86d15c6ba29 311 int uidLen;
Vanger 0:b86d15c6ba29 312 int serialIdx;
Vanger 0:b86d15c6ba29 313 int serialLen;
Vanger 0:b86d15c6ba29 314 };
Vanger 0:b86d15c6ba29 315
Vanger 0:b86d15c6ba29 316
Vanger 0:b86d15c6ba29 317 typedef struct DecodedCert DecodedCert;
Vanger 0:b86d15c6ba29 318 typedef struct DecodedName DecodedName;
Vanger 0:b86d15c6ba29 319 typedef struct Signer Signer;
Vanger 0:b86d15c6ba29 320
Vanger 0:b86d15c6ba29 321
Vanger 0:b86d15c6ba29 322 struct DecodedCert {
Vanger 0:b86d15c6ba29 323 byte* publicKey;
Vanger 0:b86d15c6ba29 324 word32 pubKeySize;
Vanger 0:b86d15c6ba29 325 int pubKeyStored;
Vanger 0:b86d15c6ba29 326 word32 certBegin; /* offset to start of cert */
Vanger 0:b86d15c6ba29 327 word32 sigIndex; /* offset to start of signature */
Vanger 0:b86d15c6ba29 328 word32 sigLength; /* length of signature */
Vanger 0:b86d15c6ba29 329 word32 signatureOID; /* sum of algorithm object id */
Vanger 0:b86d15c6ba29 330 word32 keyOID; /* sum of key algo object id */
Vanger 0:b86d15c6ba29 331 int version; /* cert version, 1 or 3 */
Vanger 0:b86d15c6ba29 332 DNS_entry* altNames; /* alt names list of dns entries */
Vanger 0:b86d15c6ba29 333 #ifndef IGNORE_NAME_CONSTRAINTS
Vanger 0:b86d15c6ba29 334 DNS_entry* altEmailNames; /* alt names list of RFC822 entries */
Vanger 0:b86d15c6ba29 335 Base_entry* permittedNames; /* Permitted name bases */
Vanger 0:b86d15c6ba29 336 Base_entry* excludedNames; /* Excluded name bases */
Vanger 0:b86d15c6ba29 337 #endif /* IGNORE_NAME_CONSTRAINTS */
Vanger 0:b86d15c6ba29 338 byte subjectHash[SHA_SIZE]; /* hash of all Names */
Vanger 0:b86d15c6ba29 339 byte issuerHash[SHA_SIZE]; /* hash of all Names */
Vanger 0:b86d15c6ba29 340 #ifdef HAVE_OCSP
Vanger 0:b86d15c6ba29 341 byte issuerKeyHash[SHA_SIZE]; /* hash of the public Key */
Vanger 0:b86d15c6ba29 342 #endif /* HAVE_OCSP */
Vanger 0:b86d15c6ba29 343 byte* signature; /* not owned, points into raw cert */
Vanger 0:b86d15c6ba29 344 char* subjectCN; /* CommonName */
Vanger 0:b86d15c6ba29 345 int subjectCNLen; /* CommonName Length */
Vanger 0:b86d15c6ba29 346 char subjectCNEnc; /* CommonName Encoding */
Vanger 0:b86d15c6ba29 347 int subjectCNStored; /* have we saved a copy we own */
Vanger 0:b86d15c6ba29 348 char issuer[ASN_NAME_MAX]; /* full name including common name */
Vanger 0:b86d15c6ba29 349 char subject[ASN_NAME_MAX]; /* full name including common name */
Vanger 0:b86d15c6ba29 350 int verify; /* Default to yes, but could be off */
Vanger 0:b86d15c6ba29 351 byte* source; /* byte buffer holder cert, NOT owner */
Vanger 0:b86d15c6ba29 352 word32 srcIdx; /* current offset into buffer */
Vanger 0:b86d15c6ba29 353 word32 maxIdx; /* max offset based on init size */
Vanger 0:b86d15c6ba29 354 void* heap; /* for user memory overrides */
Vanger 0:b86d15c6ba29 355 byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */
Vanger 0:b86d15c6ba29 356 int serialSz; /* raw serial bytes stored */
Vanger 0:b86d15c6ba29 357 byte* extensions; /* not owned, points into raw cert */
Vanger 0:b86d15c6ba29 358 int extensionsSz; /* length of cert extensions */
Vanger 0:b86d15c6ba29 359 word32 extensionsIdx; /* if want to go back and parse later */
Vanger 0:b86d15c6ba29 360 byte* extAuthInfo; /* Authority Information Access URI */
Vanger 0:b86d15c6ba29 361 int extAuthInfoSz; /* length of the URI */
Vanger 0:b86d15c6ba29 362 byte* extCrlInfo; /* CRL Distribution Points */
Vanger 0:b86d15c6ba29 363 int extCrlInfoSz; /* length of the URI */
Vanger 0:b86d15c6ba29 364 byte extSubjKeyId[SHA_SIZE]; /* Subject Key ID */
Vanger 0:b86d15c6ba29 365 byte extSubjKeyIdSet; /* Set when the SKID was read from cert */
Vanger 0:b86d15c6ba29 366 byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */
Vanger 0:b86d15c6ba29 367 byte extAuthKeyIdSet; /* Set when the AKID was read from cert */
Vanger 0:b86d15c6ba29 368 #ifndef IGNORE_NAME_CONSTRAINTS
Vanger 0:b86d15c6ba29 369 byte extNameConstraintSet;
Vanger 0:b86d15c6ba29 370 #endif /* IGNORE_NAME_CONSTRAINTS */
Vanger 0:b86d15c6ba29 371 byte isCA; /* CA basic constraint true */
Vanger 0:b86d15c6ba29 372 byte extKeyUsageSet;
Vanger 0:b86d15c6ba29 373 word16 extKeyUsage; /* Key usage bitfield */
Vanger 0:b86d15c6ba29 374 byte extExtKeyUsageSet; /* Extended Key Usage */
Vanger 0:b86d15c6ba29 375 byte extExtKeyUsage; /* Extended Key usage bitfield */
Vanger 0:b86d15c6ba29 376 #ifdef OPENSSL_EXTRA
Vanger 0:b86d15c6ba29 377 byte extBasicConstSet;
Vanger 0:b86d15c6ba29 378 byte extBasicConstCrit;
Vanger 0:b86d15c6ba29 379 byte extBasicConstPlSet;
Vanger 0:b86d15c6ba29 380 word32 pathLength; /* CA basic constraint path length, opt */
Vanger 0:b86d15c6ba29 381 byte extSubjAltNameSet;
Vanger 0:b86d15c6ba29 382 byte extSubjAltNameCrit;
Vanger 0:b86d15c6ba29 383 byte extAuthKeyIdCrit;
Vanger 0:b86d15c6ba29 384 #ifndef IGNORE_NAME_CONSTRAINTS
Vanger 0:b86d15c6ba29 385 byte extNameConstraintCrit;
Vanger 0:b86d15c6ba29 386 #endif /* IGNORE_NAME_CONSTRAINTS */
Vanger 0:b86d15c6ba29 387 byte extSubjKeyIdCrit;
Vanger 0:b86d15c6ba29 388 byte extKeyUsageCrit;
Vanger 0:b86d15c6ba29 389 byte extExtKeyUsageCrit;
Vanger 0:b86d15c6ba29 390 byte* extExtKeyUsageSrc;
Vanger 0:b86d15c6ba29 391 word32 extExtKeyUsageSz;
Vanger 0:b86d15c6ba29 392 word32 extExtKeyUsageCount;
Vanger 0:b86d15c6ba29 393 byte* extAuthKeyIdSrc;
Vanger 0:b86d15c6ba29 394 word32 extAuthKeyIdSz;
Vanger 0:b86d15c6ba29 395 byte* extSubjKeyIdSrc;
Vanger 0:b86d15c6ba29 396 word32 extSubjKeyIdSz;
Vanger 0:b86d15c6ba29 397 #endif
Vanger 0:b86d15c6ba29 398 #ifdef HAVE_ECC
Vanger 0:b86d15c6ba29 399 word32 pkCurveOID; /* Public Key's curve OID */
Vanger 0:b86d15c6ba29 400 #endif /* HAVE_ECC */
Vanger 0:b86d15c6ba29 401 byte* beforeDate;
Vanger 0:b86d15c6ba29 402 int beforeDateLen;
Vanger 0:b86d15c6ba29 403 byte* afterDate;
Vanger 0:b86d15c6ba29 404 int afterDateLen;
Vanger 0:b86d15c6ba29 405 #ifdef HAVE_PKCS7
Vanger 0:b86d15c6ba29 406 byte* issuerRaw; /* pointer to issuer inside source */
Vanger 0:b86d15c6ba29 407 int issuerRawLen;
Vanger 0:b86d15c6ba29 408 #endif
Vanger 0:b86d15c6ba29 409 #ifndef IGNORE_NAME_CONSTRAINT
Vanger 0:b86d15c6ba29 410 byte* subjectRaw; /* pointer to subject inside source */
Vanger 0:b86d15c6ba29 411 int subjectRawLen;
Vanger 0:b86d15c6ba29 412 #endif
Vanger 0:b86d15c6ba29 413 #if defined(CYASSL_CERT_GEN)
Vanger 0:b86d15c6ba29 414 /* easy access to subject info for other sign */
Vanger 0:b86d15c6ba29 415 char* subjectSN;
Vanger 0:b86d15c6ba29 416 int subjectSNLen;
Vanger 0:b86d15c6ba29 417 char subjectSNEnc;
Vanger 0:b86d15c6ba29 418 char* subjectC;
Vanger 0:b86d15c6ba29 419 int subjectCLen;
Vanger 0:b86d15c6ba29 420 char subjectCEnc;
Vanger 0:b86d15c6ba29 421 char* subjectL;
Vanger 0:b86d15c6ba29 422 int subjectLLen;
Vanger 0:b86d15c6ba29 423 char subjectLEnc;
Vanger 0:b86d15c6ba29 424 char* subjectST;
Vanger 0:b86d15c6ba29 425 int subjectSTLen;
Vanger 0:b86d15c6ba29 426 char subjectSTEnc;
Vanger 0:b86d15c6ba29 427 char* subjectO;
Vanger 0:b86d15c6ba29 428 int subjectOLen;
Vanger 0:b86d15c6ba29 429 char subjectOEnc;
Vanger 0:b86d15c6ba29 430 char* subjectOU;
Vanger 0:b86d15c6ba29 431 int subjectOULen;
Vanger 0:b86d15c6ba29 432 char subjectOUEnc;
Vanger 0:b86d15c6ba29 433 char* subjectEmail;
Vanger 0:b86d15c6ba29 434 int subjectEmailLen;
Vanger 0:b86d15c6ba29 435 #endif /* CYASSL_CERT_GEN */
Vanger 0:b86d15c6ba29 436 #ifdef OPENSSL_EXTRA
Vanger 0:b86d15c6ba29 437 DecodedName issuerName;
Vanger 0:b86d15c6ba29 438 DecodedName subjectName;
Vanger 0:b86d15c6ba29 439 #endif /* OPENSSL_EXTRA */
Vanger 0:b86d15c6ba29 440 #ifdef CYASSL_SEP
Vanger 0:b86d15c6ba29 441 int deviceTypeSz;
Vanger 0:b86d15c6ba29 442 byte* deviceType;
Vanger 0:b86d15c6ba29 443 int hwTypeSz;
Vanger 0:b86d15c6ba29 444 byte* hwType;
Vanger 0:b86d15c6ba29 445 int hwSerialNumSz;
Vanger 0:b86d15c6ba29 446 byte* hwSerialNum;
Vanger 0:b86d15c6ba29 447 #ifdef OPENSSL_EXTRA
Vanger 0:b86d15c6ba29 448 byte extCertPolicySet;
Vanger 0:b86d15c6ba29 449 byte extCertPolicyCrit;
Vanger 0:b86d15c6ba29 450 #endif /* OPENSSL_EXTRA */
Vanger 0:b86d15c6ba29 451 #endif /* CYASSL_SEP */
Vanger 0:b86d15c6ba29 452 };
Vanger 0:b86d15c6ba29 453
Vanger 0:b86d15c6ba29 454
Vanger 0:b86d15c6ba29 455 #ifdef SHA_DIGEST_SIZE
Vanger 0:b86d15c6ba29 456 #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
Vanger 0:b86d15c6ba29 457 #else
Vanger 0:b86d15c6ba29 458 #define SIGNER_DIGEST_SIZE 20
Vanger 0:b86d15c6ba29 459 #endif
Vanger 0:b86d15c6ba29 460
Vanger 0:b86d15c6ba29 461 /* CA Signers */
Vanger 0:b86d15c6ba29 462 /* if change layout change PERSIST_CERT_CACHE functions too */
Vanger 0:b86d15c6ba29 463 struct Signer {
Vanger 0:b86d15c6ba29 464 word32 pubKeySize;
Vanger 0:b86d15c6ba29 465 word32 keyOID; /* key type */
Vanger 0:b86d15c6ba29 466 word16 keyUsage;
Vanger 0:b86d15c6ba29 467 byte* publicKey;
Vanger 0:b86d15c6ba29 468 int nameLen;
Vanger 0:b86d15c6ba29 469 char* name; /* common name */
Vanger 0:b86d15c6ba29 470 #ifndef IGNORE_NAME_CONSTRAINTS
Vanger 0:b86d15c6ba29 471 Base_entry* permittedNames;
Vanger 0:b86d15c6ba29 472 Base_entry* excludedNames;
Vanger 0:b86d15c6ba29 473 #endif /* IGNORE_NAME_CONSTRAINTS */
Vanger 0:b86d15c6ba29 474 byte subjectNameHash[SIGNER_DIGEST_SIZE];
Vanger 0:b86d15c6ba29 475 /* sha hash of names in certificate */
Vanger 0:b86d15c6ba29 476 #ifndef NO_SKID
Vanger 0:b86d15c6ba29 477 byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
Vanger 0:b86d15c6ba29 478 /* sha hash of names in certificate */
Vanger 0:b86d15c6ba29 479 #endif
Vanger 0:b86d15c6ba29 480 Signer* next;
Vanger 0:b86d15c6ba29 481 };
Vanger 0:b86d15c6ba29 482
Vanger 0:b86d15c6ba29 483
Vanger 0:b86d15c6ba29 484 /* not for public consumption but may use for testing sometimes */
Vanger 0:b86d15c6ba29 485 #ifdef CYASSL_TEST_CERT
Vanger 0:b86d15c6ba29 486 #define CYASSL_TEST_API CYASSL_API
Vanger 0:b86d15c6ba29 487 #else
Vanger 0:b86d15c6ba29 488 #define CYASSL_TEST_API CYASSL_LOCAL
Vanger 0:b86d15c6ba29 489 #endif
Vanger 0:b86d15c6ba29 490
Vanger 0:b86d15c6ba29 491 CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*);
Vanger 0:b86d15c6ba29 492 #ifndef IGNORE_NAME_CONSTRAINTS
Vanger 0:b86d15c6ba29 493 CYASSL_TEST_API void FreeNameSubtrees(Base_entry*, void*);
Vanger 0:b86d15c6ba29 494 #endif /* IGNORE_NAME_CONSTRAINTS */
Vanger 0:b86d15c6ba29 495 CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
Vanger 0:b86d15c6ba29 496 CYASSL_TEST_API void FreeDecodedCert(DecodedCert*);
Vanger 0:b86d15c6ba29 497 CYASSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
Vanger 0:b86d15c6ba29 498
Vanger 0:b86d15c6ba29 499 CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm);
Vanger 0:b86d15c6ba29 500 CYASSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
Vanger 0:b86d15c6ba29 501
Vanger 0:b86d15c6ba29 502 CYASSL_LOCAL Signer* MakeSigner(void*);
Vanger 0:b86d15c6ba29 503 CYASSL_LOCAL void FreeSigner(Signer*, void*);
Vanger 0:b86d15c6ba29 504 CYASSL_LOCAL void FreeSignerTable(Signer**, int, void*);
Vanger 0:b86d15c6ba29 505
Vanger 0:b86d15c6ba29 506
Vanger 0:b86d15c6ba29 507 CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length);
Vanger 0:b86d15c6ba29 508 CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int);
Vanger 0:b86d15c6ba29 509
Vanger 0:b86d15c6ba29 510 CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
Vanger 0:b86d15c6ba29 511
Vanger 0:b86d15c6ba29 512 /* ASN.1 helper functions */
Vanger 0:b86d15c6ba29 513 CYASSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
Vanger 0:b86d15c6ba29 514 word32 maxIdx);
Vanger 0:b86d15c6ba29 515 CYASSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
Vanger 0:b86d15c6ba29 516 word32 maxIdx);
Vanger 0:b86d15c6ba29 517 CYASSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
Vanger 0:b86d15c6ba29 518 word32 maxIdx);
Vanger 0:b86d15c6ba29 519 CYASSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
Vanger 0:b86d15c6ba29 520 int* version);
Vanger 0:b86d15c6ba29 521 CYASSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
Vanger 0:b86d15c6ba29 522 word32 maxIdx);
Vanger 0:b86d15c6ba29 523 CYASSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
Vanger 0:b86d15c6ba29 524 word32 maxIdx);
Vanger 0:b86d15c6ba29 525 CYASSL_LOCAL word32 SetLength(word32 length, byte* output);
Vanger 0:b86d15c6ba29 526 CYASSL_LOCAL word32 SetSequence(word32 len, byte* output);
Vanger 0:b86d15c6ba29 527 CYASSL_LOCAL word32 SetOctetString(word32 len, byte* output);
Vanger 0:b86d15c6ba29 528 CYASSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len,byte* output);
Vanger 0:b86d15c6ba29 529 CYASSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
Vanger 0:b86d15c6ba29 530 CYASSL_LOCAL word32 SetSet(word32 len, byte* output);
Vanger 0:b86d15c6ba29 531 CYASSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz);
Vanger 0:b86d15c6ba29 532 CYASSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
Vanger 0:b86d15c6ba29 533 CYASSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output);
Vanger 0:b86d15c6ba29 534 CYASSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
Vanger 0:b86d15c6ba29 535 int maxIdx);
Vanger 0:b86d15c6ba29 536
Vanger 0:b86d15c6ba29 537 #ifdef HAVE_ECC
Vanger 0:b86d15c6ba29 538 /* ASN sig helpers */
Vanger 0:b86d15c6ba29 539 CYASSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
Vanger 0:b86d15c6ba29 540 mp_int* s);
Vanger 0:b86d15c6ba29 541 CYASSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
Vanger 0:b86d15c6ba29 542 mp_int* r, mp_int* s);
Vanger 0:b86d15c6ba29 543 #endif
Vanger 0:b86d15c6ba29 544
Vanger 0:b86d15c6ba29 545 #ifdef CYASSL_CERT_GEN
Vanger 0:b86d15c6ba29 546
Vanger 0:b86d15c6ba29 547 enum cert_enums {
Vanger 0:b86d15c6ba29 548 NAME_ENTRIES = 8,
Vanger 0:b86d15c6ba29 549 JOINT_LEN = 2,
Vanger 0:b86d15c6ba29 550 EMAIL_JOINT_LEN = 9,
Vanger 0:b86d15c6ba29 551 RSA_KEY = 10,
Vanger 0:b86d15c6ba29 552 NTRU_KEY = 11,
Vanger 0:b86d15c6ba29 553 ECC_KEY = 12
Vanger 0:b86d15c6ba29 554 };
Vanger 0:b86d15c6ba29 555
Vanger 0:b86d15c6ba29 556 #ifndef CYASSL_PEMCERT_TODER_DEFINED
Vanger 0:b86d15c6ba29 557 #ifndef NO_FILESYSTEM
Vanger 0:b86d15c6ba29 558 /* forward from CyaSSL */
Vanger 0:b86d15c6ba29 559 CYASSL_API
Vanger 0:b86d15c6ba29 560 int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz);
Vanger 0:b86d15c6ba29 561 #define CYASSL_PEMCERT_TODER_DEFINED
Vanger 0:b86d15c6ba29 562 #endif
Vanger 0:b86d15c6ba29 563 #endif
Vanger 0:b86d15c6ba29 564
Vanger 0:b86d15c6ba29 565 #endif /* CYASSL_CERT_GEN */
Vanger 0:b86d15c6ba29 566
Vanger 0:b86d15c6ba29 567
Vanger 0:b86d15c6ba29 568
Vanger 0:b86d15c6ba29 569 /* for pointer use */
Vanger 0:b86d15c6ba29 570 typedef struct CertStatus CertStatus;
Vanger 0:b86d15c6ba29 571
Vanger 0:b86d15c6ba29 572 #ifdef HAVE_OCSP
Vanger 0:b86d15c6ba29 573
Vanger 0:b86d15c6ba29 574 enum Ocsp_Response_Status {
Vanger 0:b86d15c6ba29 575 OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */
Vanger 0:b86d15c6ba29 576 OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */
Vanger 0:b86d15c6ba29 577 OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */
Vanger 0:b86d15c6ba29 578 OCSP_TRY_LATER = 3, /* Try again later */
Vanger 0:b86d15c6ba29 579 OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */
Vanger 0:b86d15c6ba29 580 OCSP_UNAUTHROIZED = 6 /* Request unauthorized */
Vanger 0:b86d15c6ba29 581 };
Vanger 0:b86d15c6ba29 582
Vanger 0:b86d15c6ba29 583
Vanger 0:b86d15c6ba29 584 enum Ocsp_Cert_Status {
Vanger 0:b86d15c6ba29 585 CERT_GOOD = 0,
Vanger 0:b86d15c6ba29 586 CERT_REVOKED = 1,
Vanger 0:b86d15c6ba29 587 CERT_UNKNOWN = 2
Vanger 0:b86d15c6ba29 588 };
Vanger 0:b86d15c6ba29 589
Vanger 0:b86d15c6ba29 590
Vanger 0:b86d15c6ba29 591 enum Ocsp_Sums {
Vanger 0:b86d15c6ba29 592 OCSP_BASIC_OID = 117,
Vanger 0:b86d15c6ba29 593 OCSP_NONCE_OID = 118
Vanger 0:b86d15c6ba29 594 };
Vanger 0:b86d15c6ba29 595
Vanger 0:b86d15c6ba29 596
Vanger 0:b86d15c6ba29 597 typedef struct OcspRequest OcspRequest;
Vanger 0:b86d15c6ba29 598 typedef struct OcspResponse OcspResponse;
Vanger 0:b86d15c6ba29 599
Vanger 0:b86d15c6ba29 600
Vanger 0:b86d15c6ba29 601 struct CertStatus {
Vanger 0:b86d15c6ba29 602 CertStatus* next;
Vanger 0:b86d15c6ba29 603
Vanger 0:b86d15c6ba29 604 byte serial[EXTERNAL_SERIAL_SIZE];
Vanger 0:b86d15c6ba29 605 int serialSz;
Vanger 0:b86d15c6ba29 606
Vanger 0:b86d15c6ba29 607 int status;
Vanger 0:b86d15c6ba29 608
Vanger 0:b86d15c6ba29 609 byte thisDate[MAX_DATE_SIZE];
Vanger 0:b86d15c6ba29 610 byte nextDate[MAX_DATE_SIZE];
Vanger 0:b86d15c6ba29 611 byte thisDateFormat;
Vanger 0:b86d15c6ba29 612 byte nextDateFormat;
Vanger 0:b86d15c6ba29 613 };
Vanger 0:b86d15c6ba29 614
Vanger 0:b86d15c6ba29 615
Vanger 0:b86d15c6ba29 616 struct OcspResponse {
Vanger 0:b86d15c6ba29 617 int responseStatus; /* return code from Responder */
Vanger 0:b86d15c6ba29 618
Vanger 0:b86d15c6ba29 619 byte* response; /* Pointer to beginning of OCSP Response */
Vanger 0:b86d15c6ba29 620 word32 responseSz; /* length of the OCSP Response */
Vanger 0:b86d15c6ba29 621
Vanger 0:b86d15c6ba29 622 byte producedDate[MAX_DATE_SIZE];
Vanger 0:b86d15c6ba29 623 /* Date at which this response was signed */
Vanger 0:b86d15c6ba29 624 byte producedDateFormat; /* format of the producedDate */
Vanger 0:b86d15c6ba29 625 byte* issuerHash;
Vanger 0:b86d15c6ba29 626 byte* issuerKeyHash;
Vanger 0:b86d15c6ba29 627
Vanger 0:b86d15c6ba29 628 byte* cert;
Vanger 0:b86d15c6ba29 629 word32 certSz;
Vanger 0:b86d15c6ba29 630
Vanger 0:b86d15c6ba29 631 byte* sig; /* Pointer to sig in source */
Vanger 0:b86d15c6ba29 632 word32 sigSz; /* Length in octets for the sig */
Vanger 0:b86d15c6ba29 633 word32 sigOID; /* OID for hash used for sig */
Vanger 0:b86d15c6ba29 634
Vanger 0:b86d15c6ba29 635 CertStatus* status; /* certificate status to fill out */
Vanger 0:b86d15c6ba29 636
Vanger 0:b86d15c6ba29 637 byte* nonce; /* pointer to nonce inside ASN.1 response */
Vanger 0:b86d15c6ba29 638 int nonceSz; /* length of the nonce string */
Vanger 0:b86d15c6ba29 639
Vanger 0:b86d15c6ba29 640 byte* source; /* pointer to source buffer, not owned */
Vanger 0:b86d15c6ba29 641 word32 maxIdx; /* max offset based on init size */
Vanger 0:b86d15c6ba29 642 };
Vanger 0:b86d15c6ba29 643
Vanger 0:b86d15c6ba29 644
Vanger 0:b86d15c6ba29 645 struct OcspRequest {
Vanger 0:b86d15c6ba29 646 DecodedCert* cert;
Vanger 0:b86d15c6ba29 647
Vanger 0:b86d15c6ba29 648 byte useNonce;
Vanger 0:b86d15c6ba29 649 byte nonce[MAX_OCSP_NONCE_SZ];
Vanger 0:b86d15c6ba29 650 int nonceSz;
Vanger 0:b86d15c6ba29 651
Vanger 0:b86d15c6ba29 652 byte* issuerHash; /* pointer to issuerHash in source cert */
Vanger 0:b86d15c6ba29 653 byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */
Vanger 0:b86d15c6ba29 654 byte* serial; /* pointer to serial number in source cert */
Vanger 0:b86d15c6ba29 655 int serialSz; /* length of the serial number */
Vanger 0:b86d15c6ba29 656
Vanger 0:b86d15c6ba29 657 byte* dest; /* pointer to the destination ASN.1 buffer */
Vanger 0:b86d15c6ba29 658 word32 destSz; /* length of the destination buffer */
Vanger 0:b86d15c6ba29 659 };
Vanger 0:b86d15c6ba29 660
Vanger 0:b86d15c6ba29 661
Vanger 0:b86d15c6ba29 662 CYASSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
Vanger 0:b86d15c6ba29 663 CYASSL_LOCAL int OcspResponseDecode(OcspResponse*);
Vanger 0:b86d15c6ba29 664
Vanger 0:b86d15c6ba29 665 CYASSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*,
Vanger 0:b86d15c6ba29 666 byte, byte*, word32);
Vanger 0:b86d15c6ba29 667 CYASSL_LOCAL int EncodeOcspRequest(OcspRequest*);
Vanger 0:b86d15c6ba29 668
Vanger 0:b86d15c6ba29 669 CYASSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*);
Vanger 0:b86d15c6ba29 670
Vanger 0:b86d15c6ba29 671
Vanger 0:b86d15c6ba29 672 #endif /* HAVE_OCSP */
Vanger 0:b86d15c6ba29 673
Vanger 0:b86d15c6ba29 674
Vanger 0:b86d15c6ba29 675 /* for pointer use */
Vanger 0:b86d15c6ba29 676 typedef struct RevokedCert RevokedCert;
Vanger 0:b86d15c6ba29 677
Vanger 0:b86d15c6ba29 678 #ifdef HAVE_CRL
Vanger 0:b86d15c6ba29 679
Vanger 0:b86d15c6ba29 680 struct RevokedCert {
Vanger 0:b86d15c6ba29 681 byte serialNumber[EXTERNAL_SERIAL_SIZE];
Vanger 0:b86d15c6ba29 682 int serialSz;
Vanger 0:b86d15c6ba29 683 RevokedCert* next;
Vanger 0:b86d15c6ba29 684 };
Vanger 0:b86d15c6ba29 685
Vanger 0:b86d15c6ba29 686 typedef struct DecodedCRL DecodedCRL;
Vanger 0:b86d15c6ba29 687
Vanger 0:b86d15c6ba29 688 struct DecodedCRL {
Vanger 0:b86d15c6ba29 689 word32 certBegin; /* offset to start of cert */
Vanger 0:b86d15c6ba29 690 word32 sigIndex; /* offset to start of signature */
Vanger 0:b86d15c6ba29 691 word32 sigLength; /* length of signature */
Vanger 0:b86d15c6ba29 692 word32 signatureOID; /* sum of algorithm object id */
Vanger 0:b86d15c6ba29 693 byte* signature; /* pointer into raw source, not owned */
Vanger 0:b86d15c6ba29 694 byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
Vanger 0:b86d15c6ba29 695 byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */
Vanger 0:b86d15c6ba29 696 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
Vanger 0:b86d15c6ba29 697 byte nextDate[MAX_DATE_SIZE]; /* next update date */
Vanger 0:b86d15c6ba29 698 byte lastDateFormat; /* format of last date */
Vanger 0:b86d15c6ba29 699 byte nextDateFormat; /* format of next date */
Vanger 0:b86d15c6ba29 700 RevokedCert* certs; /* revoked cert list */
Vanger 0:b86d15c6ba29 701 int totalCerts; /* number on list */
Vanger 0:b86d15c6ba29 702 };
Vanger 0:b86d15c6ba29 703
Vanger 0:b86d15c6ba29 704 CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*);
Vanger 0:b86d15c6ba29 705 CYASSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm);
Vanger 0:b86d15c6ba29 706 CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
Vanger 0:b86d15c6ba29 707
Vanger 0:b86d15c6ba29 708
Vanger 0:b86d15c6ba29 709 #endif /* HAVE_CRL */
Vanger 0:b86d15c6ba29 710
Vanger 0:b86d15c6ba29 711
Vanger 0:b86d15c6ba29 712 #ifdef __cplusplus
Vanger 0:b86d15c6ba29 713 } /* extern "C" */
Vanger 0:b86d15c6ba29 714 #endif
Vanger 0:b86d15c6ba29 715
Vanger 0:b86d15c6ba29 716 #endif /* CTAO_CRYPT_ASN_H */
Vanger 0:b86d15c6ba29 717
Vanger 0:b86d15c6ba29 718 #endif /* !NO_ASN */