Ashley Mills
cyassl re-port with cellular comms, PSK test
Dependencies: VodafoneUSBModem_bleedingedge2 mbed-rtos mbed-src
Embed:
(wiki syntax)
Show/hide line numbers
asn.h
00001 /* asn.h 00002 * 00003 * Copyright (C) 2006-2012 Sawtooth Consulting Ltd. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 00020 */ 00021 00022 #ifndef NO_ASN 00023 00024 #ifndef CTAO_CRYPT_ASN_H 00025 #define CTAO_CRYPT_ASN_H 00026 00027 #include <cyassl/ctaocrypt/types.h> 00028 #include <cyassl/ctaocrypt/rsa.h> 00029 #include <cyassl/ctaocrypt/dh.h> 00030 #include <cyassl/ctaocrypt/dsa.h> 00031 #include <cyassl/ctaocrypt/sha.h> 00032 #include <cyassl/ctaocrypt/md5.h> 00033 #include <cyassl/ctaocrypt/asn_public.h> /* public interface */ 00034 #ifdef HAVE_ECC 00035 #include <cyassl/ctaocrypt/ecc.h> 00036 #endif 00037 00038 #ifdef __cplusplus 00039 extern "C" { 00040 #endif 00041 00042 00043 enum { 00044 ISSUER = 0, 00045 SUBJECT = 1, 00046 00047 EXTERNAL_SERIAL_SIZE = 32, 00048 00049 BEFORE = 0, 00050 AFTER = 1 00051 }; 00052 00053 /* ASN Tags */ 00054 enum ASN_Tags { 00055 ASN_BOOLEAN = 0x01, 00056 ASN_INTEGER = 0x02, 00057 ASN_BIT_STRING = 0x03, 00058 ASN_OCTET_STRING = 0x04, 00059 ASN_TAG_NULL = 0x05, 00060 ASN_OBJECT_ID = 0x06, 00061 ASN_ENUMERATED = 0x0a, 00062 ASN_SEQUENCE = 0x10, 00063 ASN_SET = 0x11, 00064 ASN_UTC_TIME = 0x17, 00065 ASN_DNS_TYPE = 0x02, 00066 ASN_GENERALIZED_TIME = 0x18, 00067 CRL_EXTENSIONS = 0xa0, 00068 ASN_EXTENSIONS = 0xa3, 00069 ASN_LONG_LENGTH = 0x80 00070 }; 00071 00072 enum ASN_Flags{ 00073 ASN_CONSTRUCTED = 0x20, 00074 ASN_CONTEXT_SPECIFIC = 0x80 00075 }; 00076 00077 enum DN_Tags { 00078 ASN_COMMON_NAME = 0x03, /* CN */ 00079 ASN_SUR_NAME = 0x04, /* SN */ 00080 ASN_COUNTRY_NAME = 0x06, /* C */ 00081 ASN_LOCALITY_NAME = 0x07, /* L */ 00082 ASN_STATE_NAME = 0x08, /* ST */ 00083 ASN_ORG_NAME = 0x0a, /* O */ 00084 ASN_ORGUNIT_NAME = 0x0b /* OU */ 00085 }; 00086 00087 enum PBES { 00088 PBE_MD5_DES = 0, 00089 PBE_SHA1_DES = 1, 00090 PBE_SHA1_DES3 = 2, 00091 PBE_SHA1_RC4_128 = 3, 00092 PBES2 = 13 /* algo ID */ 00093 }; 00094 00095 enum ENCRYPTION_TYPES { 00096 DES_TYPE = 0, 00097 DES3_TYPE = 1, 00098 RC4_TYPE = 2 00099 }; 00100 00101 enum ECC_TYPES { 00102 ECC_PREFIX_0 = 160, 00103 ECC_PREFIX_1 = 161 00104 }; 00105 00106 enum Misc_ASN { 00107 ASN_NAME_MAX = 256, 00108 MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ 00109 MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ 00110 MAX_KEY_SIZE = 64, /* MAX PKCS Key length */ 00111 PKCS5 = 5, /* PKCS oid tag */ 00112 PKCS5v2 = 6, /* PKCS #5 v2.0 */ 00113 PKCS12 = 12, /* PKCS #12 */ 00114 MAX_UNICODE_SZ = 256, 00115 ASN_BOOL_SIZE = 2, /* including type */ 00116 SHA_SIZE = 20, 00117 RSA_INTS = 8, /* RSA ints in private key */ 00118 MIN_DATE_SIZE = 13, 00119 MAX_DATE_SIZE = 32, 00120 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ 00121 MAX_ENCODED_SIG_SZ = 512, 00122 MAX_SIG_SZ = 256, 00123 MAX_ALGO_SZ = 20, 00124 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ 00125 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ 00126 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ 00127 MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */ 00128 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ 00129 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ 00130 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ 00131 MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ 00132 MAX_RSA_E_SZ = 16, /* Max RSA public e size */ 00133 MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ 00134 MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ 00135 #ifdef CYASSL_CERT_GEN 00136 #ifdef CYASSL_ALT_NAMES 00137 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, 00138 #else 00139 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, 00140 #endif 00141 /* Max total extensions, id + len + others */ 00142 #endif 00143 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ 00144 MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */ 00145 EIGHTK_BUF = 8192, /* Tmp buffer size */ 00146 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2 00147 /* use bigger NTRU size */ 00148 }; 00149 00150 00151 enum Oid_Types { 00152 hashType = 0, 00153 sigType = 1, 00154 keyType = 2 00155 }; 00156 00157 00158 enum Hash_Sum { 00159 MD2h = 646, 00160 MD5h = 649, 00161 SHAh = 88, 00162 SHA256h = 414, 00163 SHA384h = 415, 00164 SHA512h = 416 00165 }; 00166 00167 00168 enum Key_Sum { 00169 DSAk = 515, 00170 RSAk = 645, 00171 NTRUk = 364, 00172 ECDSAk = 518 00173 }; 00174 00175 00176 enum Ecc_Sum { 00177 ECC_256R1 = 526, 00178 ECC_384R1 = 210, 00179 ECC_521R1 = 211, 00180 ECC_160R1 = 184, 00181 ECC_192R1 = 520, 00182 ECC_224R1 = 209 00183 }; 00184 00185 00186 enum KDF_Sum { 00187 PBKDF2_OID = 660 00188 }; 00189 00190 00191 enum Extensions_Sum { 00192 BASIC_CA_OID = 133, 00193 ALT_NAMES_OID = 131, 00194 CRL_DIST_OID = 145, 00195 AUTH_INFO_OID = 69, 00196 CA_ISSUER_OID = 117 00197 }; 00198 00199 00200 enum VerifyType { 00201 NO_VERIFY = 0, 00202 VERIFY = 1 00203 }; 00204 00205 00206 typedef struct DNS_entry DNS_entry; 00207 00208 struct DNS_entry { 00209 DNS_entry* next; /* next on DNS list */ 00210 char* name; /* actual DNS name */ 00211 }; 00212 00213 typedef struct DecodedCert DecodedCert; 00214 typedef struct Signer Signer; 00215 00216 00217 struct DecodedCert { 00218 byte* publicKey; 00219 word32 pubKeySize; 00220 int pubKeyStored; 00221 word32 certBegin; /* offset to start of cert */ 00222 word32 sigIndex; /* offset to start of signature */ 00223 word32 sigLength; /* length of signature */ 00224 word32 signatureOID; /* sum of algorithm object id */ 00225 word32 keyOID; /* sum of key algo object id */ 00226 DNS_entry* altNames; /* alt names list of dns entries */ 00227 byte subjectHash[SHA_SIZE]; /* hash of all Names */ 00228 byte issuerHash[SHA_SIZE]; /* hash of all Names */ 00229 #ifdef HAVE_OCSP 00230 byte issuerKeyHash[SHA_SIZE]; /* hash of the public Key */ 00231 #endif /* HAVE_OCSP */ 00232 byte* signature; /* not owned, points into raw cert */ 00233 char* subjectCN; /* CommonName */ 00234 int subjectCNLen; 00235 int subjectCNStored; /* have we saved a copy we own */ 00236 char issuer[ASN_NAME_MAX]; /* full name including common name */ 00237 char subject[ASN_NAME_MAX]; /* full name including common name */ 00238 int verify; /* Default to yes, but could be off */ 00239 byte* source; /* byte buffer holder cert, NOT owner */ 00240 word32 srcIdx; /* current offset into buffer */ 00241 word32 maxIdx; /* max offset based on init size */ 00242 void* heap; /* for user memory overrides */ 00243 byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ 00244 int serialSz; /* raw serial bytes stored */ 00245 byte* extensions; /* not owned, points into raw cert */ 00246 int extensionsSz; /* length of cert extensions */ 00247 word32 extensionsIdx; /* if want to go back and parse later */ 00248 byte* extAuthInfo; /* Authority Information Access URI */ 00249 int extAuthInfoSz; /* length of the URI */ 00250 byte* extCrlInfo; /* CRL Distribution Points */ 00251 int extCrlInfoSz; /* length of the URI */ 00252 byte isCA; /* CA basic constraint true */ 00253 #ifdef CYASSL_CERT_GEN 00254 /* easy access to subject info for other sign */ 00255 char* subjectSN; 00256 int subjectSNLen; 00257 char* subjectC; 00258 int subjectCLen; 00259 char* subjectL; 00260 int subjectLLen; 00261 char* subjectST; 00262 int subjectSTLen; 00263 char* subjectO; 00264 int subjectOLen; 00265 char* subjectOU; 00266 int subjectOULen; 00267 char* subjectEmail; 00268 int subjectEmailLen; 00269 byte* beforeDate; 00270 int beforeDateLen; 00271 byte* afterDate; 00272 int afterDateLen; 00273 #endif /* CYASSL_CERT_GEN */ 00274 }; 00275 00276 00277 /* CA Signers */ 00278 struct Signer { 00279 byte* publicKey; 00280 word32 pubKeySize; 00281 word32 keyOID; /* key type */ 00282 char* name; /* common name */ 00283 byte hash[SHA_DIGEST_SIZE]; /* sha hash of names in certificate */ 00284 Signer* next; 00285 }; 00286 00287 00288 /* not for public consumption but may use for testing sometimes */ 00289 #ifdef CYASSL_TEST_CERT 00290 #define CYASSL_TEST_API CYASSL_API 00291 #else 00292 #define CYASSL_TEST_API CYASSL_LOCAL 00293 #endif 00294 00295 CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*); 00296 CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); 00297 CYASSL_TEST_API void FreeDecodedCert(DecodedCert*); 00298 CYASSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm); 00299 00300 CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm); 00301 CYASSL_LOCAL int DecodeToKey(DecodedCert*, int verify); 00302 00303 CYASSL_LOCAL word32 EncodeSignature(byte* out, const byte* digest, word32 digSz, 00304 int hashOID); 00305 00306 CYASSL_LOCAL Signer* MakeSigner(void*); 00307 CYASSL_LOCAL void FreeSigners(Signer*, void*); 00308 00309 00310 CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length); 00311 CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int); 00312 00313 CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); 00314 00315 #ifdef HAVE_ECC 00316 /* ASN sig helpers */ 00317 CYASSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, 00318 mp_int* s); 00319 CYASSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, 00320 mp_int* r, mp_int* s); 00321 /* private key helpers */ 00322 CYASSL_LOCAL int EccPrivateKeyDecode(const byte* input,word32* inOutIdx, 00323 ecc_key*,word32); 00324 #endif 00325 00326 #ifdef CYASSL_CERT_GEN 00327 00328 enum cert_enums { 00329 NAME_ENTRIES = 8, 00330 JOINT_LEN = 2, 00331 EMAIL_JOINT_LEN = 9, 00332 RSA_KEY = 10, 00333 NTRU_KEY = 11 00334 }; 00335 00336 00337 #endif /* CYASSL_CERT_GEN */ 00338 00339 00340 00341 /* for pointer use */ 00342 typedef struct CertStatus CertStatus; 00343 00344 #ifdef HAVE_OCSP 00345 00346 enum Ocsp_Response_Status { 00347 OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */ 00348 OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */ 00349 OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */ 00350 OCSP_TRY_LATER = 3, /* Try again later */ 00351 OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */ 00352 OCSP_UNAUTHROIZED = 6 /* Request unauthorized */ 00353 }; 00354 00355 00356 enum Ocsp_Cert_Status { 00357 CERT_GOOD = 0, 00358 CERT_REVOKED = 1, 00359 CERT_UNKNOWN = 2 00360 }; 00361 00362 00363 enum Ocsp_Sums { 00364 OCSP_BASIC_OID = 117, 00365 OCSP_NONCE_OID = 118 00366 }; 00367 00368 00369 typedef struct OcspRequest OcspRequest; 00370 typedef struct OcspResponse OcspResponse; 00371 00372 00373 struct CertStatus { 00374 CertStatus* next; 00375 00376 byte serial[EXTERNAL_SERIAL_SIZE]; 00377 int serialSz; 00378 00379 int status; 00380 00381 byte thisDate[MAX_DATE_SIZE]; 00382 byte nextDate[MAX_DATE_SIZE]; 00383 byte thisDateFormat; 00384 byte nextDateFormat; 00385 }; 00386 00387 00388 struct OcspResponse { 00389 int responseStatus; /* return code from Responder */ 00390 00391 byte* response; /* Pointer to beginning of OCSP Response */ 00392 word32 responseSz; /* length of the OCSP Response */ 00393 00394 byte producedDate[MAX_DATE_SIZE]; 00395 /* Date at which this response was signed */ 00396 byte producedDateFormat; /* format of the producedDate */ 00397 byte* issuerHash; 00398 byte* issuerKeyHash; 00399 00400 byte* cert; 00401 word32 certSz; 00402 00403 byte* sig; /* Pointer to sig in source */ 00404 word32 sigSz; /* Length in octets for the sig */ 00405 word32 sigOID; /* OID for hash used for sig */ 00406 00407 CertStatus* status; /* certificate status to fill out */ 00408 00409 byte* nonce; /* pointer to nonce inside ASN.1 response */ 00410 int nonceSz; /* length of the nonce string */ 00411 00412 byte* source; /* pointer to source buffer, not owned */ 00413 word32 maxIdx; /* max offset based on init size */ 00414 }; 00415 00416 00417 struct OcspRequest { 00418 DecodedCert* cert; 00419 00420 byte useNonce; 00421 byte nonce[MAX_OCSP_NONCE_SZ]; 00422 int nonceSz; 00423 00424 byte* issuerHash; /* pointer to issuerHash in source cert */ 00425 byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */ 00426 byte* serial; /* pointer to serial number in source cert */ 00427 int serialSz; /* length of the serial number */ 00428 00429 byte* dest; /* pointer to the destination ASN.1 buffer */ 00430 word32 destSz; /* length of the destination buffer */ 00431 }; 00432 00433 00434 CYASSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); 00435 CYASSL_LOCAL int OcspResponseDecode(OcspResponse*); 00436 00437 CYASSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*, 00438 byte, byte*, word32); 00439 CYASSL_LOCAL int EncodeOcspRequest(OcspRequest*); 00440 00441 CYASSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*); 00442 00443 00444 #endif /* HAVE_OCSP */ 00445 00446 00447 /* for pointer use */ 00448 typedef struct RevokedCert RevokedCert; 00449 00450 #ifdef HAVE_CRL 00451 00452 struct RevokedCert { 00453 byte serialNumber[EXTERNAL_SERIAL_SIZE]; 00454 int serialSz; 00455 RevokedCert* next; 00456 }; 00457 00458 typedef struct DecodedCRL DecodedCRL; 00459 00460 struct DecodedCRL { 00461 word32 certBegin; /* offset to start of cert */ 00462 word32 sigIndex; /* offset to start of signature */ 00463 word32 sigLength; /* length of signature */ 00464 word32 signatureOID; /* sum of algorithm object id */ 00465 byte* signature; /* pointer into raw source, not owned */ 00466 byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */ 00467 byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */ 00468 byte lastDate[MAX_DATE_SIZE]; /* last date updated */ 00469 byte nextDate[MAX_DATE_SIZE]; /* next update date */ 00470 byte lastDateFormat; /* format of last date */ 00471 byte nextDateFormat; /* format of next date */ 00472 RevokedCert* certs; /* revoked cert list */ 00473 int totalCerts; /* number on list */ 00474 }; 00475 00476 CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*); 00477 CYASSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm); 00478 CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*); 00479 00480 00481 #endif /* HAVE_CRL */ 00482 00483 00484 #ifdef __cplusplus 00485 } /* extern "C" */ 00486 #endif 00487 00488 #endif /* CTAO_CRYPT_ASN_H */ 00489 00490 #endif /* !NO_ASN */
Generated on Thu Jul 14 2022 00:25:23 by
1.7.2