d 0773d
/
CyaSSL
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
asn.h
00001 /* asn.h 00002 * 00003 * Copyright (C) 2006-2014 wolfSSL Inc. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA 00020 */ 00021 00022 #ifndef NO_ASN 00023 00024 #ifndef CTAO_CRYPT_ASN_H 00025 #define CTAO_CRYPT_ASN_H 00026 00027 #include <cyassl/ctaocrypt/types.h> 00028 #include <cyassl/ctaocrypt/rsa.h> 00029 #include <cyassl/ctaocrypt/dh.h> 00030 #include <cyassl/ctaocrypt/dsa.h> 00031 #include <cyassl/ctaocrypt/sha.h> 00032 #include <cyassl/ctaocrypt/md5.h> 00033 #include <cyassl/ctaocrypt/asn_public.h> /* public interface */ 00034 #ifdef HAVE_ECC 00035 #include <cyassl/ctaocrypt/ecc.h> 00036 #endif 00037 00038 #ifdef __cplusplus 00039 extern "C" { 00040 #endif 00041 00042 00043 enum { 00044 ISSUER = 0, 00045 SUBJECT = 1, 00046 00047 EXTERNAL_SERIAL_SIZE = 32, 00048 00049 BEFORE = 0, 00050 AFTER = 1 00051 }; 00052 00053 /* ASN Tags */ 00054 enum ASN_Tags { 00055 ASN_BOOLEAN = 0x01, 00056 ASN_INTEGER = 0x02, 00057 ASN_BIT_STRING = 0x03, 00058 ASN_OCTET_STRING = 0x04, 00059 ASN_TAG_NULL = 0x05, 00060 ASN_OBJECT_ID = 0x06, 00061 ASN_ENUMERATED = 0x0a, 00062 ASN_UTF8STRING = 0x0c, 00063 ASN_SEQUENCE = 0x10, 00064 ASN_SET = 0x11, 00065 ASN_UTC_TIME = 0x17, 00066 ASN_OTHER_TYPE = 0x00, 00067 ASN_RFC822_TYPE = 0x01, 00068 ASN_DNS_TYPE = 0x02, 00069 ASN_DIR_TYPE = 0x04, 00070 ASN_GENERALIZED_TIME = 0x18, 00071 CRL_EXTENSIONS = 0xa0, 00072 ASN_EXTENSIONS = 0xa3, 00073 ASN_LONG_LENGTH = 0x80 00074 }; 00075 00076 enum ASN_Flags{ 00077 ASN_CONSTRUCTED = 0x20, 00078 ASN_CONTEXT_SPECIFIC = 0x80 00079 }; 00080 00081 enum DN_Tags { 00082 ASN_COMMON_NAME = 0x03, /* CN */ 00083 ASN_SUR_NAME = 0x04, /* SN */ 00084 ASN_SERIAL_NUMBER = 0x05, /* serialNumber */ 00085 ASN_COUNTRY_NAME = 0x06, /* C */ 00086 ASN_LOCALITY_NAME = 0x07, /* L */ 00087 ASN_STATE_NAME = 0x08, /* ST */ 00088 ASN_ORG_NAME = 0x0a, /* O */ 00089 ASN_ORGUNIT_NAME = 0x0b /* OU */ 00090 }; 00091 00092 enum PBES { 00093 PBE_MD5_DES = 0, 00094 PBE_SHA1_DES = 1, 00095 PBE_SHA1_DES3 = 2, 00096 PBE_SHA1_RC4_128 = 3, 00097 PBES2 = 13 /* algo ID */ 00098 }; 00099 00100 enum ENCRYPTION_TYPES { 00101 DES_TYPE = 0, 00102 DES3_TYPE = 1, 00103 RC4_TYPE = 2 00104 }; 00105 00106 enum ECC_TYPES { 00107 ECC_PREFIX_0 = 160, 00108 ECC_PREFIX_1 = 161 00109 }; 00110 00111 enum Misc_ASN { 00112 ASN_NAME_MAX = 256, 00113 MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ 00114 MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ 00115 MAX_KEY_SIZE = 64, /* MAX PKCS Key length */ 00116 PKCS5 = 5, /* PKCS oid tag */ 00117 PKCS5v2 = 6, /* PKCS #5 v2.0 */ 00118 PKCS12 = 12, /* PKCS #12 */ 00119 MAX_UNICODE_SZ = 256, 00120 ASN_BOOL_SIZE = 2, /* including type */ 00121 SHA_SIZE = 20, 00122 RSA_INTS = 8, /* RSA ints in private key */ 00123 MIN_DATE_SIZE = 13, 00124 MAX_DATE_SIZE = 32, 00125 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ 00126 MAX_ENCODED_SIG_SZ = 512, 00127 MAX_SIG_SZ = 256, 00128 MAX_ALGO_SZ = 20, 00129 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ 00130 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ 00131 MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ 00132 MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */ 00133 MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ 00134 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ 00135 MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */ 00136 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ 00137 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ 00138 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ 00139 MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ 00140 MAX_RSA_E_SZ = 16, /* Max RSA public e size */ 00141 MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ 00142 MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ 00143 #ifdef CYASSL_CERT_GEN 00144 #ifdef CYASSL_CERT_REQ 00145 /* Max encoded cert req attributes length */ 00146 MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + 00147 MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ 00148 #endif 00149 #ifdef CYASSL_ALT_NAMES 00150 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, 00151 #else 00152 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, 00153 #endif 00154 /* Max total extensions, id + len + others */ 00155 #endif 00156 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ 00157 MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */ 00158 EIGHTK_BUF = 8192, /* Tmp buffer size */ 00159 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2 00160 /* use bigger NTRU size */ 00161 }; 00162 00163 00164 enum Oid_Types { 00165 hashType = 0, 00166 sigType = 1, 00167 keyType = 2, 00168 curveType = 3, 00169 blkType = 4 00170 }; 00171 00172 00173 enum Hash_Sum { 00174 MD2h = 646, 00175 MD5h = 649, 00176 SHAh = 88, 00177 SHA256h = 414, 00178 SHA384h = 415, 00179 SHA512h = 416 00180 }; 00181 00182 00183 enum Block_Sum { 00184 DESb = 69, 00185 DES3b = 652 00186 }; 00187 00188 00189 enum Key_Sum { 00190 DSAk = 515, 00191 RSAk = 645, 00192 NTRUk = 364, 00193 ECDSAk = 518 00194 }; 00195 00196 00197 enum Ecc_Sum { 00198 ECC_256R1 = 526, 00199 ECC_384R1 = 210, 00200 ECC_521R1 = 211, 00201 ECC_160R1 = 184, 00202 ECC_192R1 = 520, 00203 ECC_224R1 = 209 00204 }; 00205 00206 00207 enum KDF_Sum { 00208 PBKDF2_OID = 660 00209 }; 00210 00211 00212 enum Extensions_Sum { 00213 BASIC_CA_OID = 133, 00214 ALT_NAMES_OID = 131, 00215 CRL_DIST_OID = 145, 00216 AUTH_INFO_OID = 69, 00217 CA_ISSUER_OID = 117, 00218 AUTH_KEY_OID = 149, 00219 SUBJ_KEY_OID = 128, 00220 CERT_POLICY_OID = 146, 00221 KEY_USAGE_OID = 129, /* 2.5.29.15 */ 00222 INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ 00223 EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ 00224 NAME_CONS_OID = 144 /* 2.5.29.30 */ 00225 }; 00226 00227 enum CertificatePolicy_Sum { 00228 CP_ANY_OID = 146 /* id-ce 32 0 */ 00229 }; 00230 00231 enum SepHardwareName_Sum { 00232 HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ 00233 }; 00234 00235 enum AuthInfo_Sum { 00236 AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ 00237 AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */ 00238 }; 00239 00240 enum ExtKeyUsage_Sum { /* From RFC 5280 */ 00241 EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */ 00242 EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */ 00243 EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */ 00244 EKU_OCSP_SIGN_OID = 79, /* 1.3.6.1.5.5.7.3.9, OCSPSigning */ 00245 }; 00246 00247 00248 enum VerifyType { 00249 NO_VERIFY = 0, 00250 VERIFY = 1 00251 }; 00252 00253 00254 /* Key usage extension bits */ 00255 #define KEYUSE_DIGITAL_SIG 0x0100 00256 #define KEYUSE_CONTENT_COMMIT 0x0080 00257 #define KEYUSE_KEY_ENCIPHER 0x0040 00258 #define KEYUSE_DATA_ENCIPHER 0x0020 00259 #define KEYUSE_KEY_AGREE 0x0010 00260 #define KEYUSE_KEY_CERT_SIGN 0x0008 00261 #define KEYUSE_CRL_SIGN 0x0004 00262 #define KEYUSE_ENCIPHER_ONLY 0x0002 00263 #define KEYUSE_DECIPHER_ONLY 0x0001 00264 00265 #define EXTKEYUSE_ANY 0x08 00266 #define EXTKEYUSE_OCSP_SIGN 0x04 00267 #define EXTKEYUSE_CLIENT_AUTH 0x02 00268 #define EXTKEYUSE_SERVER_AUTH 0x01 00269 00270 typedef struct DNS_entry DNS_entry; 00271 00272 struct DNS_entry { 00273 DNS_entry* next; /* next on DNS list */ 00274 char* name; /* actual DNS name */ 00275 }; 00276 00277 00278 typedef struct Base_entry Base_entry; 00279 00280 struct Base_entry { 00281 Base_entry* next; /* next on name base list */ 00282 char* name; /* actual name base */ 00283 int nameSz; /* name length */ 00284 byte type; /* Name base type (DNS or RFC822) */ 00285 }; 00286 00287 00288 struct DecodedName { 00289 char* fullName; 00290 int fullNameLen; 00291 int entryCount; 00292 int cnIdx; 00293 int cnLen; 00294 int snIdx; 00295 int snLen; 00296 int cIdx; 00297 int cLen; 00298 int lIdx; 00299 int lLen; 00300 int stIdx; 00301 int stLen; 00302 int oIdx; 00303 int oLen; 00304 int ouIdx; 00305 int ouLen; 00306 int emailIdx; 00307 int emailLen; 00308 int uidIdx; 00309 int uidLen; 00310 int serialIdx; 00311 int serialLen; 00312 }; 00313 00314 00315 typedef struct DecodedCert DecodedCert; 00316 typedef struct DecodedName DecodedName; 00317 typedef struct Signer Signer; 00318 00319 00320 struct DecodedCert { 00321 byte* publicKey; 00322 word32 pubKeySize; 00323 int pubKeyStored; 00324 word32 certBegin; /* offset to start of cert */ 00325 word32 sigIndex; /* offset to start of signature */ 00326 word32 sigLength; /* length of signature */ 00327 word32 signatureOID; /* sum of algorithm object id */ 00328 word32 keyOID; /* sum of key algo object id */ 00329 int version; /* cert version, 1 or 3 */ 00330 DNS_entry* altNames; /* alt names list of dns entries */ 00331 #ifndef IGNORE_NAME_CONSTRAINTS 00332 DNS_entry* altEmailNames; /* alt names list of RFC822 entries */ 00333 Base_entry* permittedNames; /* Permitted name bases */ 00334 Base_entry* excludedNames; /* Excluded name bases */ 00335 #endif /* IGNORE_NAME_CONSTRAINTS */ 00336 byte subjectHash[SHA_SIZE]; /* hash of all Names */ 00337 byte issuerHash[SHA_SIZE]; /* hash of all Names */ 00338 #ifdef HAVE_OCSP 00339 byte issuerKeyHash[SHA_SIZE]; /* hash of the public Key */ 00340 #endif /* HAVE_OCSP */ 00341 byte* signature; /* not owned, points into raw cert */ 00342 char* subjectCN; /* CommonName */ 00343 int subjectCNLen; 00344 int subjectCNStored; /* have we saved a copy we own */ 00345 char issuer[ASN_NAME_MAX]; /* full name including common name */ 00346 char subject[ASN_NAME_MAX]; /* full name including common name */ 00347 int verify; /* Default to yes, but could be off */ 00348 byte* source; /* byte buffer holder cert, NOT owner */ 00349 word32 srcIdx; /* current offset into buffer */ 00350 word32 maxIdx; /* max offset based on init size */ 00351 void* heap; /* for user memory overrides */ 00352 byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ 00353 int serialSz; /* raw serial bytes stored */ 00354 byte* extensions; /* not owned, points into raw cert */ 00355 int extensionsSz; /* length of cert extensions */ 00356 word32 extensionsIdx; /* if want to go back and parse later */ 00357 byte* extAuthInfo; /* Authority Information Access URI */ 00358 int extAuthInfoSz; /* length of the URI */ 00359 byte* extCrlInfo; /* CRL Distribution Points */ 00360 int extCrlInfoSz; /* length of the URI */ 00361 byte extSubjKeyId[SHA_SIZE]; /* Subject Key ID */ 00362 byte extSubjKeyIdSet; /* Set when the SKID was read from cert */ 00363 byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */ 00364 byte extAuthKeyIdSet; /* Set when the AKID was read from cert */ 00365 #ifndef IGNORE_NAME_CONSTRAINTS 00366 byte extNameConstraintSet; 00367 #endif /* IGNORE_NAME_CONSTRAINTS */ 00368 byte isCA; /* CA basic constraint true */ 00369 byte extKeyUsageSet; 00370 word16 extKeyUsage; /* Key usage bitfield */ 00371 byte extExtKeyUsageSet; /* Extended Key Usage */ 00372 byte extExtKeyUsage; /* Extended Key usage bitfield */ 00373 #ifdef OPENSSL_EXTRA 00374 byte extBasicConstSet; 00375 byte extBasicConstCrit; 00376 byte extBasicConstPlSet; 00377 word32 pathLength; /* CA basic constraint path length, opt */ 00378 byte extSubjAltNameSet; 00379 byte extSubjAltNameCrit; 00380 byte extAuthKeyIdCrit; 00381 #ifndef IGNORE_NAME_CONSTRAINTS 00382 byte extNameConstraintCrit; 00383 #endif /* IGNORE_NAME_CONSTRAINTS */ 00384 byte extSubjKeyIdCrit; 00385 byte extKeyUsageCrit; 00386 byte extExtKeyUsageCrit; 00387 byte* extExtKeyUsageSrc; 00388 word32 extExtKeyUsageSz; 00389 word32 extExtKeyUsageCount; 00390 byte* extAuthKeyIdSrc; 00391 word32 extAuthKeyIdSz; 00392 byte* extSubjKeyIdSrc; 00393 word32 extSubjKeyIdSz; 00394 #endif 00395 #ifdef HAVE_ECC 00396 word32 pkCurveOID; /* Public Key's curve OID */ 00397 #endif /* HAVE_ECC */ 00398 byte* beforeDate; 00399 int beforeDateLen; 00400 byte* afterDate; 00401 int afterDateLen; 00402 #ifdef HAVE_PKCS7 00403 byte* issuerRaw; /* pointer to issuer inside source */ 00404 int issuerRawLen; 00405 #endif 00406 #ifndef IGNORE_NAME_CONSTRAINT 00407 byte* subjectRaw; /* pointer to subject inside source */ 00408 int subjectRawLen; 00409 #endif 00410 #if defined(CYASSL_CERT_GEN) 00411 /* easy access to subject info for other sign */ 00412 char* subjectSN; 00413 int subjectSNLen; 00414 char* subjectC; 00415 int subjectCLen; 00416 char* subjectL; 00417 int subjectLLen; 00418 char* subjectST; 00419 int subjectSTLen; 00420 char* subjectO; 00421 int subjectOLen; 00422 char* subjectOU; 00423 int subjectOULen; 00424 char* subjectEmail; 00425 int subjectEmailLen; 00426 #endif /* CYASSL_CERT_GEN */ 00427 #ifdef OPENSSL_EXTRA 00428 DecodedName issuerName; 00429 DecodedName subjectName; 00430 #endif /* OPENSSL_EXTRA */ 00431 #ifdef CYASSL_SEP 00432 int deviceTypeSz; 00433 byte* deviceType; 00434 int hwTypeSz; 00435 byte* hwType; 00436 int hwSerialNumSz; 00437 byte* hwSerialNum; 00438 #ifdef OPENSSL_EXTRA 00439 byte extCertPolicySet; 00440 byte extCertPolicyCrit; 00441 #endif /* OPENSSL_EXTRA */ 00442 #endif /* CYASSL_SEP */ 00443 }; 00444 00445 00446 #ifdef SHA_DIGEST_SIZE 00447 #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE 00448 #else 00449 #define SIGNER_DIGEST_SIZE 20 00450 #endif 00451 00452 /* CA Signers */ 00453 /* if change layout change PERSIST_CERT_CACHE functions too */ 00454 struct Signer { 00455 word32 pubKeySize; 00456 word32 keyOID; /* key type */ 00457 word16 keyUsage; 00458 byte* publicKey; 00459 int nameLen; 00460 char* name; /* common name */ 00461 #ifndef IGNORE_NAME_CONSTRAINTS 00462 Base_entry* permittedNames; 00463 Base_entry* excludedNames; 00464 #endif /* IGNORE_NAME_CONSTRAINTS */ 00465 byte subjectNameHash[SIGNER_DIGEST_SIZE]; 00466 /* sha hash of names in certificate */ 00467 #ifndef NO_SKID 00468 byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; 00469 /* sha hash of names in certificate */ 00470 #endif 00471 Signer* next; 00472 }; 00473 00474 00475 /* not for public consumption but may use for testing sometimes */ 00476 #ifdef CYASSL_TEST_CERT 00477 #define CYASSL_TEST_API CYASSL_API 00478 #else 00479 #define CYASSL_TEST_API CYASSL_LOCAL 00480 #endif 00481 00482 CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*); 00483 #ifndef IGNORE_NAME_CONSTRAINTS 00484 CYASSL_TEST_API void FreeNameSubtrees(Base_entry*, void*); 00485 #endif /* IGNORE_NAME_CONSTRAINTS */ 00486 CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); 00487 CYASSL_TEST_API void FreeDecodedCert(DecodedCert*); 00488 CYASSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm); 00489 00490 CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm); 00491 CYASSL_LOCAL int DecodeToKey(DecodedCert*, int verify); 00492 00493 CYASSL_LOCAL word32 EncodeSignature(byte* out, const byte* digest, word32 digSz, 00494 int hashOID); 00495 00496 CYASSL_LOCAL Signer* MakeSigner(void*); 00497 CYASSL_LOCAL void FreeSigner(Signer*, void*); 00498 CYASSL_LOCAL void FreeSignerTable(Signer**, int, void*); 00499 00500 00501 CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length); 00502 CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int); 00503 00504 CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); 00505 00506 /* ASN.1 helper functions */ 00507 CYASSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, 00508 word32 maxIdx); 00509 CYASSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, 00510 word32 maxIdx); 00511 CYASSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, 00512 word32 maxIdx); 00513 CYASSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, 00514 int* version); 00515 CYASSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, 00516 word32 maxIdx); 00517 CYASSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, 00518 word32 maxIdx); 00519 CYASSL_LOCAL word32 SetLength(word32 length, byte* output); 00520 CYASSL_LOCAL word32 SetSequence(word32 len, byte* output); 00521 CYASSL_LOCAL word32 SetOctetString(word32 len, byte* output); 00522 CYASSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len,byte* output); 00523 CYASSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); 00524 CYASSL_LOCAL word32 SetSet(word32 len, byte* output); 00525 CYASSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz); 00526 CYASSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); 00527 CYASSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output); 00528 CYASSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, 00529 int maxIdx); 00530 00531 #ifdef HAVE_ECC 00532 /* ASN sig helpers */ 00533 CYASSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, 00534 mp_int* s); 00535 CYASSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, 00536 mp_int* r, mp_int* s); 00537 #endif 00538 00539 #ifdef CYASSL_CERT_GEN 00540 00541 enum cert_enums { 00542 NAME_ENTRIES = 8, 00543 JOINT_LEN = 2, 00544 EMAIL_JOINT_LEN = 9, 00545 RSA_KEY = 10, 00546 NTRU_KEY = 11, 00547 ECC_KEY = 12 00548 }; 00549 00550 00551 #endif /* CYASSL_CERT_GEN */ 00552 00553 00554 00555 /* for pointer use */ 00556 typedef struct CertStatus CertStatus; 00557 00558 #ifdef HAVE_OCSP 00559 00560 enum Ocsp_Response_Status { 00561 OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */ 00562 OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */ 00563 OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */ 00564 OCSP_TRY_LATER = 3, /* Try again later */ 00565 OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */ 00566 OCSP_UNAUTHROIZED = 6 /* Request unauthorized */ 00567 }; 00568 00569 00570 enum Ocsp_Cert_Status { 00571 CERT_GOOD = 0, 00572 CERT_REVOKED = 1, 00573 CERT_UNKNOWN = 2 00574 }; 00575 00576 00577 enum Ocsp_Sums { 00578 OCSP_BASIC_OID = 117, 00579 OCSP_NONCE_OID = 118 00580 }; 00581 00582 00583 typedef struct OcspRequest OcspRequest; 00584 typedef struct OcspResponse OcspResponse; 00585 00586 00587 struct CertStatus { 00588 CertStatus* next; 00589 00590 byte serial[EXTERNAL_SERIAL_SIZE]; 00591 int serialSz; 00592 00593 int status; 00594 00595 byte thisDate[MAX_DATE_SIZE]; 00596 byte nextDate[MAX_DATE_SIZE]; 00597 byte thisDateFormat; 00598 byte nextDateFormat; 00599 }; 00600 00601 00602 struct OcspResponse { 00603 int responseStatus; /* return code from Responder */ 00604 00605 byte* response; /* Pointer to beginning of OCSP Response */ 00606 word32 responseSz; /* length of the OCSP Response */ 00607 00608 byte producedDate[MAX_DATE_SIZE]; 00609 /* Date at which this response was signed */ 00610 byte producedDateFormat; /* format of the producedDate */ 00611 byte* issuerHash; 00612 byte* issuerKeyHash; 00613 00614 byte* cert; 00615 word32 certSz; 00616 00617 byte* sig; /* Pointer to sig in source */ 00618 word32 sigSz; /* Length in octets for the sig */ 00619 word32 sigOID; /* OID for hash used for sig */ 00620 00621 CertStatus* status; /* certificate status to fill out */ 00622 00623 byte* nonce; /* pointer to nonce inside ASN.1 response */ 00624 int nonceSz; /* length of the nonce string */ 00625 00626 byte* source; /* pointer to source buffer, not owned */ 00627 word32 maxIdx; /* max offset based on init size */ 00628 }; 00629 00630 00631 struct OcspRequest { 00632 DecodedCert* cert; 00633 00634 byte useNonce; 00635 byte nonce[MAX_OCSP_NONCE_SZ]; 00636 int nonceSz; 00637 00638 byte* issuerHash; /* pointer to issuerHash in source cert */ 00639 byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */ 00640 byte* serial; /* pointer to serial number in source cert */ 00641 int serialSz; /* length of the serial number */ 00642 00643 byte* dest; /* pointer to the destination ASN.1 buffer */ 00644 word32 destSz; /* length of the destination buffer */ 00645 }; 00646 00647 00648 CYASSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); 00649 CYASSL_LOCAL int OcspResponseDecode(OcspResponse*); 00650 00651 CYASSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*, 00652 byte, byte*, word32); 00653 CYASSL_LOCAL int EncodeOcspRequest(OcspRequest*); 00654 00655 CYASSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*); 00656 00657 00658 #endif /* HAVE_OCSP */ 00659 00660 00661 /* for pointer use */ 00662 typedef struct RevokedCert RevokedCert; 00663 00664 #ifdef HAVE_CRL 00665 00666 struct RevokedCert { 00667 byte serialNumber[EXTERNAL_SERIAL_SIZE]; 00668 int serialSz; 00669 RevokedCert* next; 00670 }; 00671 00672 typedef struct DecodedCRL DecodedCRL; 00673 00674 struct DecodedCRL { 00675 word32 certBegin; /* offset to start of cert */ 00676 word32 sigIndex; /* offset to start of signature */ 00677 word32 sigLength; /* length of signature */ 00678 word32 signatureOID; /* sum of algorithm object id */ 00679 byte* signature; /* pointer into raw source, not owned */ 00680 byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */ 00681 byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */ 00682 byte lastDate[MAX_DATE_SIZE]; /* last date updated */ 00683 byte nextDate[MAX_DATE_SIZE]; /* next update date */ 00684 byte lastDateFormat; /* format of last date */ 00685 byte nextDateFormat; /* format of next date */ 00686 RevokedCert* certs; /* revoked cert list */ 00687 int totalCerts; /* number on list */ 00688 }; 00689 00690 CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*); 00691 CYASSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm); 00692 CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*); 00693 00694 00695 #endif /* HAVE_CRL */ 00696 00697 00698 #ifdef __cplusplus 00699 } /* extern "C" */ 00700 #endif 00701 00702 #endif /* CTAO_CRYPT_ASN_H */ 00703 00704 #endif /* !NO_ASN */ 00705
Generated on Tue Jul 12 2022 21:40:04 by
1.7.2