MultiTech
/
CyaSSL
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL
Embed:
(wiki syntax)
Show/hide line numbers
asn.h
00001 /* asn.h 00002 * 00003 * Copyright (C) 2006-2014 wolfSSL Inc. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA 00020 */ 00021 00022 #ifndef NO_ASN 00023 00024 #ifndef CTAO_CRYPT_ASN_H 00025 #define CTAO_CRYPT_ASN_H 00026 00027 #include <cyassl/ctaocrypt/types.h> 00028 #include <cyassl/ctaocrypt/rsa.h> 00029 #include <cyassl/ctaocrypt/dh.h> 00030 #include <cyassl/ctaocrypt/dsa.h> 00031 #include <cyassl/ctaocrypt/sha.h> 00032 #include <cyassl/ctaocrypt/md5.h> 00033 #include <cyassl/ctaocrypt/asn_public.h> /* public interface */ 00034 #ifdef HAVE_ECC 00035 #include <cyassl/ctaocrypt/ecc.h> 00036 #endif 00037 00038 #ifdef __cplusplus 00039 extern "C" { 00040 #endif 00041 00042 00043 enum { 00044 ISSUER = 0, 00045 SUBJECT = 1, 00046 00047 EXTERNAL_SERIAL_SIZE = 32, 00048 00049 BEFORE = 0, 00050 AFTER = 1 00051 }; 00052 00053 /* ASN Tags */ 00054 enum ASN_Tags { 00055 ASN_BOOLEAN = 0x01, 00056 ASN_INTEGER = 0x02, 00057 ASN_BIT_STRING = 0x03, 00058 ASN_OCTET_STRING = 0x04, 00059 ASN_TAG_NULL = 0x05, 00060 ASN_OBJECT_ID = 0x06, 00061 ASN_ENUMERATED = 0x0a, 00062 ASN_UTF8STRING = 0x0c, 00063 ASN_SEQUENCE = 0x10, 00064 ASN_SET = 0x11, 00065 ASN_UTC_TIME = 0x17, 00066 ASN_OTHER_TYPE = 0x00, 00067 ASN_RFC822_TYPE = 0x01, 00068 ASN_DNS_TYPE = 0x02, 00069 ASN_DIR_TYPE = 0x04, 00070 ASN_GENERALIZED_TIME = 0x18, 00071 CRL_EXTENSIONS = 0xa0, 00072 ASN_EXTENSIONS = 0xa3, 00073 ASN_LONG_LENGTH = 0x80 00074 }; 00075 00076 enum ASN_Flags{ 00077 ASN_CONSTRUCTED = 0x20, 00078 ASN_CONTEXT_SPECIFIC = 0x80 00079 }; 00080 00081 enum DN_Tags { 00082 ASN_COMMON_NAME = 0x03, /* CN */ 00083 ASN_SUR_NAME = 0x04, /* SN */ 00084 ASN_SERIAL_NUMBER = 0x05, /* serialNumber */ 00085 ASN_COUNTRY_NAME = 0x06, /* C */ 00086 ASN_LOCALITY_NAME = 0x07, /* L */ 00087 ASN_STATE_NAME = 0x08, /* ST */ 00088 ASN_ORG_NAME = 0x0a, /* O */ 00089 ASN_ORGUNIT_NAME = 0x0b /* OU */ 00090 }; 00091 00092 enum PBES { 00093 PBE_MD5_DES = 0, 00094 PBE_SHA1_DES = 1, 00095 PBE_SHA1_DES3 = 2, 00096 PBE_SHA1_RC4_128 = 3, 00097 PBES2 = 13 /* algo ID */ 00098 }; 00099 00100 enum ENCRYPTION_TYPES { 00101 DES_TYPE = 0, 00102 DES3_TYPE = 1, 00103 RC4_TYPE = 2 00104 }; 00105 00106 enum ECC_TYPES { 00107 ECC_PREFIX_0 = 160, 00108 ECC_PREFIX_1 = 161 00109 }; 00110 00111 enum Misc_ASN { 00112 ASN_NAME_MAX = 256, 00113 MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ 00114 MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ 00115 MAX_KEY_SIZE = 64, /* MAX PKCS Key length */ 00116 PKCS5 = 5, /* PKCS oid tag */ 00117 PKCS5v2 = 6, /* PKCS #5 v2.0 */ 00118 PKCS12 = 12, /* PKCS #12 */ 00119 MAX_UNICODE_SZ = 256, 00120 ASN_BOOL_SIZE = 2, /* including type */ 00121 ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ 00122 ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ 00123 SHA_SIZE = 20, 00124 RSA_INTS = 8, /* RSA ints in private key */ 00125 MIN_DATE_SIZE = 13, 00126 MAX_DATE_SIZE = 32, 00127 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ 00128 MAX_ENCODED_SIG_SZ = 512, 00129 MAX_SIG_SZ = 256, 00130 MAX_ALGO_SZ = 20, 00131 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ 00132 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ 00133 MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ 00134 MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */ 00135 MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ 00136 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ 00137 MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */ 00138 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ 00139 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ 00140 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ 00141 MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ 00142 MAX_RSA_E_SZ = 16, /* Max RSA public e size */ 00143 MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ 00144 MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ 00145 #ifdef CYASSL_CERT_GEN 00146 #ifdef CYASSL_CERT_REQ 00147 /* Max encoded cert req attributes length */ 00148 MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + 00149 MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ 00150 #endif 00151 #ifdef CYASSL_ALT_NAMES 00152 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, 00153 #else 00154 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, 00155 #endif 00156 /* Max total extensions, id + len + others */ 00157 #endif 00158 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ 00159 MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */ 00160 EIGHTK_BUF = 8192, /* Tmp buffer size */ 00161 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2 00162 /* use bigger NTRU size */ 00163 }; 00164 00165 00166 enum Oid_Types { 00167 hashType = 0, 00168 sigType = 1, 00169 keyType = 2, 00170 curveType = 3, 00171 blkType = 4 00172 }; 00173 00174 00175 enum Hash_Sum { 00176 MD2h = 646, 00177 MD5h = 649, 00178 SHAh = 88, 00179 SHA256h = 414, 00180 SHA384h = 415, 00181 SHA512h = 416 00182 }; 00183 00184 00185 enum Block_Sum { 00186 DESb = 69, 00187 DES3b = 652 00188 }; 00189 00190 00191 enum Key_Sum { 00192 DSAk = 515, 00193 RSAk = 645, 00194 NTRUk = 274, 00195 ECDSAk = 518 00196 }; 00197 00198 00199 enum Ecc_Sum { 00200 ECC_256R1 = 526, 00201 ECC_384R1 = 210, 00202 ECC_521R1 = 211, 00203 ECC_160R1 = 184, 00204 ECC_192R1 = 520, 00205 ECC_224R1 = 209 00206 }; 00207 00208 00209 enum KDF_Sum { 00210 PBKDF2_OID = 660 00211 }; 00212 00213 00214 enum Extensions_Sum { 00215 BASIC_CA_OID = 133, 00216 ALT_NAMES_OID = 131, 00217 CRL_DIST_OID = 145, 00218 AUTH_INFO_OID = 69, 00219 CA_ISSUER_OID = 117, 00220 AUTH_KEY_OID = 149, 00221 SUBJ_KEY_OID = 128, 00222 CERT_POLICY_OID = 146, 00223 KEY_USAGE_OID = 129, /* 2.5.29.15 */ 00224 INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ 00225 EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ 00226 NAME_CONS_OID = 144 /* 2.5.29.30 */ 00227 }; 00228 00229 enum CertificatePolicy_Sum { 00230 CP_ANY_OID = 146 /* id-ce 32 0 */ 00231 }; 00232 00233 enum SepHardwareName_Sum { 00234 HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ 00235 }; 00236 00237 enum AuthInfo_Sum { 00238 AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ 00239 AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */ 00240 }; 00241 00242 enum ExtKeyUsage_Sum { /* From RFC 5280 */ 00243 EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */ 00244 EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */ 00245 EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */ 00246 EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, OCSPSigning */ 00247 }; 00248 00249 00250 enum VerifyType { 00251 NO_VERIFY = 0, 00252 VERIFY = 1 00253 }; 00254 00255 00256 /* Key usage extension bits */ 00257 #define KEYUSE_DIGITAL_SIG 0x0100 00258 #define KEYUSE_CONTENT_COMMIT 0x0080 00259 #define KEYUSE_KEY_ENCIPHER 0x0040 00260 #define KEYUSE_DATA_ENCIPHER 0x0020 00261 #define KEYUSE_KEY_AGREE 0x0010 00262 #define KEYUSE_KEY_CERT_SIGN 0x0008 00263 #define KEYUSE_CRL_SIGN 0x0004 00264 #define KEYUSE_ENCIPHER_ONLY 0x0002 00265 #define KEYUSE_DECIPHER_ONLY 0x0001 00266 00267 #define EXTKEYUSE_ANY 0x08 00268 #define EXTKEYUSE_OCSP_SIGN 0x04 00269 #define EXTKEYUSE_CLIENT_AUTH 0x02 00270 #define EXTKEYUSE_SERVER_AUTH 0x01 00271 00272 typedef struct DNS_entry DNS_entry; 00273 00274 struct DNS_entry { 00275 DNS_entry* next; /* next on DNS list */ 00276 char* name; /* actual DNS name */ 00277 }; 00278 00279 00280 typedef struct Base_entry Base_entry; 00281 00282 struct Base_entry { 00283 Base_entry* next; /* next on name base list */ 00284 char* name; /* actual name base */ 00285 int nameSz; /* name length */ 00286 byte type; /* Name base type (DNS or RFC822) */ 00287 }; 00288 00289 00290 struct DecodedName { 00291 char* fullName; 00292 int fullNameLen; 00293 int entryCount; 00294 int cnIdx; 00295 int cnLen; 00296 int snIdx; 00297 int snLen; 00298 int cIdx; 00299 int cLen; 00300 int lIdx; 00301 int lLen; 00302 int stIdx; 00303 int stLen; 00304 int oIdx; 00305 int oLen; 00306 int ouIdx; 00307 int ouLen; 00308 int emailIdx; 00309 int emailLen; 00310 int uidIdx; 00311 int uidLen; 00312 int serialIdx; 00313 int serialLen; 00314 }; 00315 00316 00317 typedef struct DecodedCert DecodedCert; 00318 typedef struct DecodedName DecodedName; 00319 typedef struct Signer Signer; 00320 00321 00322 struct DecodedCert { 00323 byte* publicKey; 00324 word32 pubKeySize; 00325 int pubKeyStored; 00326 word32 certBegin; /* offset to start of cert */ 00327 word32 sigIndex; /* offset to start of signature */ 00328 word32 sigLength; /* length of signature */ 00329 word32 signatureOID; /* sum of algorithm object id */ 00330 word32 keyOID; /* sum of key algo object id */ 00331 int version; /* cert version, 1 or 3 */ 00332 DNS_entry* altNames; /* alt names list of dns entries */ 00333 #ifndef IGNORE_NAME_CONSTRAINTS 00334 DNS_entry* altEmailNames; /* alt names list of RFC822 entries */ 00335 Base_entry* permittedNames; /* Permitted name bases */ 00336 Base_entry* excludedNames; /* Excluded name bases */ 00337 #endif /* IGNORE_NAME_CONSTRAINTS */ 00338 byte subjectHash[SHA_SIZE]; /* hash of all Names */ 00339 byte issuerHash[SHA_SIZE]; /* hash of all Names */ 00340 #ifdef HAVE_OCSP 00341 byte issuerKeyHash[SHA_SIZE]; /* hash of the public Key */ 00342 #endif /* HAVE_OCSP */ 00343 byte* signature; /* not owned, points into raw cert */ 00344 char* subjectCN; /* CommonName */ 00345 int subjectCNLen; /* CommonName Length */ 00346 char subjectCNEnc; /* CommonName Encoding */ 00347 int subjectCNStored; /* have we saved a copy we own */ 00348 char issuer[ASN_NAME_MAX]; /* full name including common name */ 00349 char subject[ASN_NAME_MAX]; /* full name including common name */ 00350 int verify; /* Default to yes, but could be off */ 00351 byte* source; /* byte buffer holder cert, NOT owner */ 00352 word32 srcIdx; /* current offset into buffer */ 00353 word32 maxIdx; /* max offset based on init size */ 00354 void* heap; /* for user memory overrides */ 00355 byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ 00356 int serialSz; /* raw serial bytes stored */ 00357 byte* extensions; /* not owned, points into raw cert */ 00358 int extensionsSz; /* length of cert extensions */ 00359 word32 extensionsIdx; /* if want to go back and parse later */ 00360 byte* extAuthInfo; /* Authority Information Access URI */ 00361 int extAuthInfoSz; /* length of the URI */ 00362 byte* extCrlInfo; /* CRL Distribution Points */ 00363 int extCrlInfoSz; /* length of the URI */ 00364 byte extSubjKeyId[SHA_SIZE]; /* Subject Key ID */ 00365 byte extSubjKeyIdSet; /* Set when the SKID was read from cert */ 00366 byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */ 00367 byte extAuthKeyIdSet; /* Set when the AKID was read from cert */ 00368 #ifndef IGNORE_NAME_CONSTRAINTS 00369 byte extNameConstraintSet; 00370 #endif /* IGNORE_NAME_CONSTRAINTS */ 00371 byte isCA; /* CA basic constraint true */ 00372 byte extKeyUsageSet; 00373 word16 extKeyUsage; /* Key usage bitfield */ 00374 byte extExtKeyUsageSet; /* Extended Key Usage */ 00375 byte extExtKeyUsage; /* Extended Key usage bitfield */ 00376 #ifdef OPENSSL_EXTRA 00377 byte extBasicConstSet; 00378 byte extBasicConstCrit; 00379 byte extBasicConstPlSet; 00380 word32 pathLength; /* CA basic constraint path length, opt */ 00381 byte extSubjAltNameSet; 00382 byte extSubjAltNameCrit; 00383 byte extAuthKeyIdCrit; 00384 #ifndef IGNORE_NAME_CONSTRAINTS 00385 byte extNameConstraintCrit; 00386 #endif /* IGNORE_NAME_CONSTRAINTS */ 00387 byte extSubjKeyIdCrit; 00388 byte extKeyUsageCrit; 00389 byte extExtKeyUsageCrit; 00390 byte* extExtKeyUsageSrc; 00391 word32 extExtKeyUsageSz; 00392 word32 extExtKeyUsageCount; 00393 byte* extAuthKeyIdSrc; 00394 word32 extAuthKeyIdSz; 00395 byte* extSubjKeyIdSrc; 00396 word32 extSubjKeyIdSz; 00397 #endif 00398 #ifdef HAVE_ECC 00399 word32 pkCurveOID; /* Public Key's curve OID */ 00400 #endif /* HAVE_ECC */ 00401 byte* beforeDate; 00402 int beforeDateLen; 00403 byte* afterDate; 00404 int afterDateLen; 00405 #ifdef HAVE_PKCS7 00406 byte* issuerRaw; /* pointer to issuer inside source */ 00407 int issuerRawLen; 00408 #endif 00409 #ifndef IGNORE_NAME_CONSTRAINT 00410 byte* subjectRaw; /* pointer to subject inside source */ 00411 int subjectRawLen; 00412 #endif 00413 #if defined(CYASSL_CERT_GEN) 00414 /* easy access to subject info for other sign */ 00415 char* subjectSN; 00416 int subjectSNLen; 00417 char subjectSNEnc; 00418 char* subjectC; 00419 int subjectCLen; 00420 char subjectCEnc; 00421 char* subjectL; 00422 int subjectLLen; 00423 char subjectLEnc; 00424 char* subjectST; 00425 int subjectSTLen; 00426 char subjectSTEnc; 00427 char* subjectO; 00428 int subjectOLen; 00429 char subjectOEnc; 00430 char* subjectOU; 00431 int subjectOULen; 00432 char subjectOUEnc; 00433 char* subjectEmail; 00434 int subjectEmailLen; 00435 #endif /* CYASSL_CERT_GEN */ 00436 #ifdef OPENSSL_EXTRA 00437 DecodedName issuerName; 00438 DecodedName subjectName; 00439 #endif /* OPENSSL_EXTRA */ 00440 #ifdef CYASSL_SEP 00441 int deviceTypeSz; 00442 byte* deviceType; 00443 int hwTypeSz; 00444 byte* hwType; 00445 int hwSerialNumSz; 00446 byte* hwSerialNum; 00447 #ifdef OPENSSL_EXTRA 00448 byte extCertPolicySet; 00449 byte extCertPolicyCrit; 00450 #endif /* OPENSSL_EXTRA */ 00451 #endif /* CYASSL_SEP */ 00452 }; 00453 00454 00455 #ifdef SHA_DIGEST_SIZE 00456 #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE 00457 #else 00458 #define SIGNER_DIGEST_SIZE 20 00459 #endif 00460 00461 /* CA Signers */ 00462 /* if change layout change PERSIST_CERT_CACHE functions too */ 00463 struct Signer { 00464 word32 pubKeySize; 00465 word32 keyOID; /* key type */ 00466 word16 keyUsage; 00467 byte* publicKey; 00468 int nameLen; 00469 char* name; /* common name */ 00470 #ifndef IGNORE_NAME_CONSTRAINTS 00471 Base_entry* permittedNames; 00472 Base_entry* excludedNames; 00473 #endif /* IGNORE_NAME_CONSTRAINTS */ 00474 byte subjectNameHash[SIGNER_DIGEST_SIZE]; 00475 /* sha hash of names in certificate */ 00476 #ifndef NO_SKID 00477 byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; 00478 /* sha hash of names in certificate */ 00479 #endif 00480 Signer* next; 00481 }; 00482 00483 00484 /* not for public consumption but may use for testing sometimes */ 00485 #ifdef CYASSL_TEST_CERT 00486 #define CYASSL_TEST_API CYASSL_API 00487 #else 00488 #define CYASSL_TEST_API CYASSL_LOCAL 00489 #endif 00490 00491 CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*); 00492 #ifndef IGNORE_NAME_CONSTRAINTS 00493 CYASSL_TEST_API void FreeNameSubtrees(Base_entry*, void*); 00494 #endif /* IGNORE_NAME_CONSTRAINTS */ 00495 CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); 00496 CYASSL_TEST_API void FreeDecodedCert(DecodedCert*); 00497 CYASSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm); 00498 00499 CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm); 00500 CYASSL_LOCAL int DecodeToKey(DecodedCert*, int verify); 00501 00502 CYASSL_LOCAL Signer* MakeSigner(void*); 00503 CYASSL_LOCAL void FreeSigner(Signer*, void*); 00504 CYASSL_LOCAL void FreeSignerTable(Signer**, int, void*); 00505 00506 00507 CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length); 00508 CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int); 00509 00510 CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); 00511 00512 /* ASN.1 helper functions */ 00513 CYASSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, 00514 word32 maxIdx); 00515 CYASSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, 00516 word32 maxIdx); 00517 CYASSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, 00518 word32 maxIdx); 00519 CYASSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, 00520 int* version); 00521 CYASSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, 00522 word32 maxIdx); 00523 CYASSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, 00524 word32 maxIdx); 00525 CYASSL_LOCAL word32 SetLength(word32 length, byte* output); 00526 CYASSL_LOCAL word32 SetSequence(word32 len, byte* output); 00527 CYASSL_LOCAL word32 SetOctetString(word32 len, byte* output); 00528 CYASSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len,byte* output); 00529 CYASSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); 00530 CYASSL_LOCAL word32 SetSet(word32 len, byte* output); 00531 CYASSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz); 00532 CYASSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); 00533 CYASSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output); 00534 CYASSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, 00535 int maxIdx); 00536 00537 #ifdef HAVE_ECC 00538 /* ASN sig helpers */ 00539 CYASSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, 00540 mp_int* s); 00541 CYASSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, 00542 mp_int* r, mp_int* s); 00543 #endif 00544 00545 #ifdef CYASSL_CERT_GEN 00546 00547 enum cert_enums { 00548 NAME_ENTRIES = 8, 00549 JOINT_LEN = 2, 00550 EMAIL_JOINT_LEN = 9, 00551 RSA_KEY = 10, 00552 NTRU_KEY = 11, 00553 ECC_KEY = 12 00554 }; 00555 00556 #ifndef CYASSL_PEMCERT_TODER_DEFINED 00557 #ifndef NO_FILESYSTEM 00558 /* forward from CyaSSL */ 00559 CYASSL_API 00560 int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz); 00561 #define CYASSL_PEMCERT_TODER_DEFINED 00562 #endif 00563 #endif 00564 00565 #endif /* CYASSL_CERT_GEN */ 00566 00567 00568 00569 /* for pointer use */ 00570 typedef struct CertStatus CertStatus; 00571 00572 #ifdef HAVE_OCSP 00573 00574 enum Ocsp_Response_Status { 00575 OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */ 00576 OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */ 00577 OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */ 00578 OCSP_TRY_LATER = 3, /* Try again later */ 00579 OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */ 00580 OCSP_UNAUTHROIZED = 6 /* Request unauthorized */ 00581 }; 00582 00583 00584 enum Ocsp_Cert_Status { 00585 CERT_GOOD = 0, 00586 CERT_REVOKED = 1, 00587 CERT_UNKNOWN = 2 00588 }; 00589 00590 00591 enum Ocsp_Sums { 00592 OCSP_BASIC_OID = 117, 00593 OCSP_NONCE_OID = 118 00594 }; 00595 00596 00597 typedef struct OcspRequest OcspRequest; 00598 typedef struct OcspResponse OcspResponse; 00599 00600 00601 struct CertStatus { 00602 CertStatus* next; 00603 00604 byte serial[EXTERNAL_SERIAL_SIZE]; 00605 int serialSz; 00606 00607 int status; 00608 00609 byte thisDate[MAX_DATE_SIZE]; 00610 byte nextDate[MAX_DATE_SIZE]; 00611 byte thisDateFormat; 00612 byte nextDateFormat; 00613 }; 00614 00615 00616 struct OcspResponse { 00617 int responseStatus; /* return code from Responder */ 00618 00619 byte* response; /* Pointer to beginning of OCSP Response */ 00620 word32 responseSz; /* length of the OCSP Response */ 00621 00622 byte producedDate[MAX_DATE_SIZE]; 00623 /* Date at which this response was signed */ 00624 byte producedDateFormat; /* format of the producedDate */ 00625 byte* issuerHash; 00626 byte* issuerKeyHash; 00627 00628 byte* cert; 00629 word32 certSz; 00630 00631 byte* sig; /* Pointer to sig in source */ 00632 word32 sigSz; /* Length in octets for the sig */ 00633 word32 sigOID; /* OID for hash used for sig */ 00634 00635 CertStatus* status; /* certificate status to fill out */ 00636 00637 byte* nonce; /* pointer to nonce inside ASN.1 response */ 00638 int nonceSz; /* length of the nonce string */ 00639 00640 byte* source; /* pointer to source buffer, not owned */ 00641 word32 maxIdx; /* max offset based on init size */ 00642 }; 00643 00644 00645 struct OcspRequest { 00646 DecodedCert* cert; 00647 00648 byte useNonce; 00649 byte nonce[MAX_OCSP_NONCE_SZ]; 00650 int nonceSz; 00651 00652 byte* issuerHash; /* pointer to issuerHash in source cert */ 00653 byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */ 00654 byte* serial; /* pointer to serial number in source cert */ 00655 int serialSz; /* length of the serial number */ 00656 00657 byte* dest; /* pointer to the destination ASN.1 buffer */ 00658 word32 destSz; /* length of the destination buffer */ 00659 }; 00660 00661 00662 CYASSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); 00663 CYASSL_LOCAL int OcspResponseDecode(OcspResponse*); 00664 00665 CYASSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*, 00666 byte, byte*, word32); 00667 CYASSL_LOCAL int EncodeOcspRequest(OcspRequest*); 00668 00669 CYASSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*); 00670 00671 00672 #endif /* HAVE_OCSP */ 00673 00674 00675 /* for pointer use */ 00676 typedef struct RevokedCert RevokedCert; 00677 00678 #ifdef HAVE_CRL 00679 00680 struct RevokedCert { 00681 byte serialNumber[EXTERNAL_SERIAL_SIZE]; 00682 int serialSz; 00683 RevokedCert* next; 00684 }; 00685 00686 typedef struct DecodedCRL DecodedCRL; 00687 00688 struct DecodedCRL { 00689 word32 certBegin; /* offset to start of cert */ 00690 word32 sigIndex; /* offset to start of signature */ 00691 word32 sigLength; /* length of signature */ 00692 word32 signatureOID; /* sum of algorithm object id */ 00693 byte* signature; /* pointer into raw source, not owned */ 00694 byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */ 00695 byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */ 00696 byte lastDate[MAX_DATE_SIZE]; /* last date updated */ 00697 byte nextDate[MAX_DATE_SIZE]; /* next update date */ 00698 byte lastDateFormat; /* format of last date */ 00699 byte nextDateFormat; /* format of next date */ 00700 RevokedCert* certs; /* revoked cert list */ 00701 int totalCerts; /* number on list */ 00702 }; 00703 00704 CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*); 00705 CYASSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm); 00706 CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*); 00707 00708 00709 #endif /* HAVE_CRL */ 00710 00711 00712 #ifdef __cplusplus 00713 } /* extern "C" */ 00714 #endif 00715 00716 #endif /* CTAO_CRYPT_ASN_H */ 00717 00718 #endif /* !NO_ASN */
Generated on Wed Jul 13 2022 02:33:55 by
1.7.2