Renesas
/
SecureDweet
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
asn_public.h
00001 /* asn_public.h 00002 * 00003 * Copyright (C) 2006-2016 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSL. 00006 * 00007 * wolfSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 00020 */ 00021 00022 00023 00024 #ifndef WOLF_CRYPT_ASN_PUBLIC_H 00025 #define WOLF_CRYPT_ASN_PUBLIC_H 00026 00027 #include <wolfssl/wolfcrypt/types.h> 00028 #ifdef HAVE_ECC 00029 #include <wolfssl/wolfcrypt/ecc.h> 00030 #endif 00031 #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) 00032 #include <wolfssl/wolfcrypt/rsa.h> 00033 #endif 00034 00035 #ifdef __cplusplus 00036 extern "C" { 00037 #endif 00038 00039 /* Certificate file Type */ 00040 enum CertType { 00041 CERT_TYPE = 0, 00042 PRIVATEKEY_TYPE, 00043 DH_PARAM_TYPE, 00044 CRL_TYPE, 00045 CA_TYPE, 00046 ECC_PRIVATEKEY_TYPE, 00047 DSA_PRIVATEKEY_TYPE, 00048 CERTREQ_TYPE, 00049 DSA_TYPE, 00050 ECC_TYPE, 00051 RSA_TYPE, 00052 PUBLICKEY_TYPE, 00053 RSA_PUBLICKEY_TYPE, 00054 ECC_PUBLICKEY_TYPE, 00055 TRUSTED_PEER_TYPE 00056 }; 00057 00058 00059 /* Signature type, by OID sum */ 00060 enum Ctc_SigType { 00061 CTC_SHAwDSA = 517, 00062 CTC_MD2wRSA = 646, 00063 CTC_MD5wRSA = 648, 00064 CTC_SHAwRSA = 649, 00065 CTC_SHAwECDSA = 520, 00066 CTC_SHA256wRSA = 655, 00067 CTC_SHA256wECDSA = 524, 00068 CTC_SHA384wRSA = 656, 00069 CTC_SHA384wECDSA = 525, 00070 CTC_SHA512wRSA = 657, 00071 CTC_SHA512wECDSA = 526 00072 }; 00073 00074 enum Ctc_Encoding { 00075 CTC_UTF8 = 0x0c, /* utf8 */ 00076 CTC_PRINTABLE = 0x13 /* printable */ 00077 }; 00078 00079 enum Ctc_Misc { 00080 CTC_NAME_SIZE = 64, 00081 CTC_DATE_SIZE = 32, 00082 CTC_MAX_ALT_SIZE = 16384, /* may be huge */ 00083 CTC_SERIAL_SIZE = 8, 00084 #ifdef WOLFSSL_CERT_EXT 00085 /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum 00086 * We support only hash */ 00087 CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ 00088 CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ 00089 CTC_MAX_CERTPOL_SZ = 64, 00090 CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */ 00091 #endif /* WOLFSSL_CERT_EXT */ 00092 }; 00093 00094 #ifdef WOLFSSL_CERT_GEN 00095 00096 #ifndef HAVE_ECC 00097 typedef struct ecc_key ecc_key; 00098 #endif 00099 00100 typedef struct CertName { 00101 char country[CTC_NAME_SIZE]; 00102 char countryEnc; 00103 char state[CTC_NAME_SIZE]; 00104 char stateEnc; 00105 char locality[CTC_NAME_SIZE]; 00106 char localityEnc; 00107 char sur[CTC_NAME_SIZE]; 00108 char surEnc; 00109 char org[CTC_NAME_SIZE]; 00110 char orgEnc; 00111 char unit[CTC_NAME_SIZE]; 00112 char unitEnc; 00113 char commonName[CTC_NAME_SIZE]; 00114 char commonNameEnc; 00115 char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */ 00116 } CertName; 00117 00118 00119 /* for user to fill for certificate generation */ 00120 typedef struct Cert { 00121 int version; /* x509 version */ 00122 byte serial[CTC_SERIAL_SIZE]; /* serial number */ 00123 int sigType; /* signature algo type */ 00124 CertName issuer; /* issuer info */ 00125 int daysValid; /* validity days */ 00126 int selfSigned; /* self signed flag */ 00127 CertName subject; /* subject info */ 00128 int isCA; /* is this going to be a CA */ 00129 /* internal use only */ 00130 int bodySz; /* pre sign total size */ 00131 int keyType; /* public key type of subject */ 00132 #ifdef WOLFSSL_ALT_NAMES 00133 byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */ 00134 int altNamesSz; /* altNames size in bytes */ 00135 byte beforeDate[CTC_DATE_SIZE]; /* before date copy */ 00136 int beforeDateSz; /* size of copy */ 00137 byte afterDate[CTC_DATE_SIZE]; /* after date copy */ 00138 int afterDateSz; /* size of copy */ 00139 #endif 00140 #ifdef WOLFSSL_CERT_EXT 00141 byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */ 00142 int skidSz; /* SKID size in bytes */ 00143 byte akid[CTC_MAX_AKID_SIZE]; /* Authority Key Identifier */ 00144 int akidSz; /* AKID size in bytes */ 00145 word16 keyUsage; /* Key Usage */ 00146 char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ]; 00147 word16 certPoliciesNb; /* Number of Cert Policy */ 00148 #endif 00149 #ifdef WOLFSSL_CERT_REQ 00150 char challengePw[CTC_NAME_SIZE]; 00151 #endif 00152 } Cert; 00153 #endif /* WOLFSSL_CERT_GEN */ 00154 00155 00156 #ifdef WOLFSSL_CERT_GEN 00157 00158 00159 00160 /* Initialize and Set Certificate defaults: 00161 version = 3 (0x2) 00162 serial = 0 (Will be randomly generated) 00163 sigType = SHA_WITH_RSA 00164 issuer = blank 00165 daysValid = 500 00166 selfSigned = 1 (true) use subject as issuer 00167 subject = blank 00168 isCA = 0 (false) 00169 keyType = RSA_KEY (default) 00170 */ 00171 WOLFSSL_API void wc_InitCert(Cert*); 00172 WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, 00173 ecc_key*, WC_RNG*); 00174 #ifdef WOLFSSL_CERT_REQ 00175 WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, 00176 RsaKey*, ecc_key*); 00177 #endif 00178 WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, 00179 word32 derSz, RsaKey*, ecc_key*, WC_RNG*); 00180 WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, 00181 WC_RNG*); 00182 WOLFSSL_API int wc_SetIssuer(Cert*, const char*); 00183 WOLFSSL_API int wc_SetSubject(Cert*, const char*); 00184 #ifdef WOLFSSL_ALT_NAMES 00185 WOLFSSL_API int wc_SetAltNames(Cert*, const char*); 00186 #endif 00187 WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int); 00188 WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int); 00189 WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int); 00190 WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); 00191 00192 #ifdef WOLFSSL_CERT_EXT 00193 WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, 00194 ecc_key *eckey); 00195 WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz); 00196 WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file); 00197 WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, 00198 ecc_key *eckey); 00199 WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file); 00200 00201 #ifdef HAVE_NTRU 00202 WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey, 00203 word16 ntruKeySz); 00204 #endif 00205 00206 /* Set the KeyUsage. 00207 * Value is a string separated tokens with ','. Accepted tokens are : 00208 * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign, 00209 * dataEncipherment,keyAgreement,keyEncipherment,encipherOnly and decipherOnly. 00210 * 00211 * nonRepudiation and contentCommitment are for the same usage. 00212 */ 00213 WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value); 00214 00215 /* encode Certificate Policies, return total bytes written 00216 * each input value must be ITU-T X.690 formatted : a.b.c... 00217 * input must be an array of values with a NULL terminated for the latest 00218 * RFC5280 : non-critical */ 00219 WOLFSSL_API int wc_SetCertificatePolicies(Cert *cert, const char **input); 00220 00221 #endif /* WOLFSSL_CERT_EXT */ 00222 00223 #ifdef HAVE_NTRU 00224 WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, 00225 const byte* ntruKey, word16 keySz, 00226 WC_RNG*); 00227 #endif 00228 00229 #endif /* WOLFSSL_CERT_GEN */ 00230 00231 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) 00232 #ifndef WOLFSSL_PEMPUBKEY_TODER_DEFINED 00233 #ifndef NO_FILESYSTEM 00234 /* forward from wolfssl */ 00235 WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, 00236 unsigned char* derBuf, int derSz); 00237 #endif 00238 00239 /* forward from wolfssl */ 00240 WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, 00241 unsigned char*, int); 00242 #define WOLFSSL_PEMPUBKEY_TODER_DEFINED 00243 #endif /* WOLFSSL_PEMPUBKEY_TODER_DEFINED */ 00244 #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */ 00245 00246 #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || !defined(NO_DSA) 00247 WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, 00248 word32 outputSz, int type); 00249 WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, 00250 word32 outputSz, byte *cipherIno, int type); 00251 #endif 00252 00253 #ifdef HAVE_ECC 00254 /* private key helpers */ 00255 WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*, 00256 ecc_key*, word32); 00257 WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen); 00258 00259 /* public key helper */ 00260 WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*, 00261 ecc_key*, word32); 00262 #endif 00263 00264 /* DER encode signature */ 00265 WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, 00266 word32 digSz, int hashOID); 00267 WOLFSSL_API int wc_GetCTC_HashOID(int type); 00268 00269 #ifdef __cplusplus 00270 } /* extern "C" */ 00271 #endif 00272 00273 #endif /* WOLF_CRYPT_ASN_PUBLIC_H */ 00274 00275
Generated on Tue Jul 12 2022 15:55:17 by
1.7.2