Francois Berder
/
cyassl-lib
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TLS_cyassl TLS_cyassl
Embed:
(wiki syntax)
Show/hide line numbers
asn.h
00001 /* asn.h 00002 * 00003 * Copyright (C) 2006-2013 wolfSSL Inc. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 00020 */ 00021 00022 #ifndef NO_ASN 00023 00024 #ifndef CTAO_CRYPT_ASN_H 00025 #define CTAO_CRYPT_ASN_H 00026 00027 #include <cyassl/ctaocrypt/types.h> 00028 #include <cyassl/ctaocrypt/rsa.h> 00029 #include <cyassl/ctaocrypt/dh.h> 00030 #include <cyassl/ctaocrypt/dsa.h> 00031 #include <cyassl/ctaocrypt/sha.h> 00032 #include <cyassl/ctaocrypt/md5.h> 00033 #include <cyassl/ctaocrypt/asn_public.h> /* public interface */ 00034 #ifdef HAVE_ECC 00035 #include <cyassl/ctaocrypt/ecc.h> 00036 #endif 00037 00038 #ifdef __cplusplus 00039 extern "C" { 00040 #endif 00041 00042 00043 enum { 00044 ISSUER = 0, 00045 SUBJECT = 1, 00046 00047 EXTERNAL_SERIAL_SIZE = 32, 00048 00049 BEFORE = 0, 00050 AFTER = 1 00051 }; 00052 00053 /* ASN Tags */ 00054 enum ASN_Tags { 00055 ASN_BOOLEAN = 0x01, 00056 ASN_INTEGER = 0x02, 00057 ASN_BIT_STRING = 0x03, 00058 ASN_OCTET_STRING = 0x04, 00059 ASN_TAG_NULL = 0x05, 00060 ASN_OBJECT_ID = 0x06, 00061 ASN_ENUMERATED = 0x0a, 00062 ASN_SEQUENCE = 0x10, 00063 ASN_SET = 0x11, 00064 ASN_UTC_TIME = 0x17, 00065 ASN_DNS_TYPE = 0x02, 00066 ASN_GENERALIZED_TIME = 0x18, 00067 CRL_EXTENSIONS = 0xa0, 00068 ASN_EXTENSIONS = 0xa3, 00069 ASN_LONG_LENGTH = 0x80 00070 }; 00071 00072 enum ASN_Flags{ 00073 ASN_CONSTRUCTED = 0x20, 00074 ASN_CONTEXT_SPECIFIC = 0x80 00075 }; 00076 00077 enum DN_Tags { 00078 ASN_COMMON_NAME = 0x03, /* CN */ 00079 ASN_SUR_NAME = 0x04, /* SN */ 00080 ASN_COUNTRY_NAME = 0x06, /* C */ 00081 ASN_LOCALITY_NAME = 0x07, /* L */ 00082 ASN_STATE_NAME = 0x08, /* ST */ 00083 ASN_ORG_NAME = 0x0a, /* O */ 00084 ASN_ORGUNIT_NAME = 0x0b /* OU */ 00085 }; 00086 00087 enum PBES { 00088 PBE_MD5_DES = 0, 00089 PBE_SHA1_DES = 1, 00090 PBE_SHA1_DES3 = 2, 00091 PBE_SHA1_RC4_128 = 3, 00092 PBES2 = 13 /* algo ID */ 00093 }; 00094 00095 enum ENCRYPTION_TYPES { 00096 DES_TYPE = 0, 00097 DES3_TYPE = 1, 00098 RC4_TYPE = 2 00099 }; 00100 00101 enum ECC_TYPES { 00102 ECC_PREFIX_0 = 160, 00103 ECC_PREFIX_1 = 161 00104 }; 00105 00106 enum Misc_ASN { 00107 ASN_NAME_MAX = 256, 00108 MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ 00109 MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ 00110 MAX_KEY_SIZE = 64, /* MAX PKCS Key length */ 00111 PKCS5 = 5, /* PKCS oid tag */ 00112 PKCS5v2 = 6, /* PKCS #5 v2.0 */ 00113 PKCS12 = 12, /* PKCS #12 */ 00114 MAX_UNICODE_SZ = 256, 00115 ASN_BOOL_SIZE = 2, /* including type */ 00116 SHA_SIZE = 20, 00117 RSA_INTS = 8, /* RSA ints in private key */ 00118 MIN_DATE_SIZE = 13, 00119 MAX_DATE_SIZE = 32, 00120 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ 00121 MAX_ENCODED_SIG_SZ = 512, 00122 MAX_SIG_SZ = 256, 00123 MAX_ALGO_SZ = 20, 00124 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ 00125 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ 00126 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ 00127 MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */ 00128 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ 00129 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ 00130 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ 00131 MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ 00132 MAX_RSA_E_SZ = 16, /* Max RSA public e size */ 00133 MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ 00134 MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ 00135 #ifdef CYASSL_CERT_GEN 00136 #ifdef CYASSL_ALT_NAMES 00137 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, 00138 #else 00139 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, 00140 #endif 00141 /* Max total extensions, id + len + others */ 00142 #endif 00143 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ 00144 MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */ 00145 EIGHTK_BUF = 8192, /* Tmp buffer size */ 00146 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2 00147 /* use bigger NTRU size */ 00148 }; 00149 00150 00151 enum Oid_Types { 00152 hashType = 0, 00153 sigType = 1, 00154 keyType = 2 00155 }; 00156 00157 00158 enum Hash_Sum { 00159 MD2h = 646, 00160 MD5h = 649, 00161 SHAh = 88, 00162 SHA256h = 414, 00163 SHA384h = 415, 00164 SHA512h = 416 00165 }; 00166 00167 00168 enum Key_Sum { 00169 DSAk = 515, 00170 RSAk = 645, 00171 NTRUk = 364, 00172 ECDSAk = 518 00173 }; 00174 00175 00176 enum Ecc_Sum { 00177 ECC_256R1 = 526, 00178 ECC_384R1 = 210, 00179 ECC_521R1 = 211, 00180 ECC_160R1 = 184, 00181 ECC_192R1 = 520, 00182 ECC_224R1 = 209 00183 }; 00184 00185 00186 enum KDF_Sum { 00187 PBKDF2_OID = 660 00188 }; 00189 00190 00191 enum Extensions_Sum { 00192 BASIC_CA_OID = 133, 00193 ALT_NAMES_OID = 131, 00194 CRL_DIST_OID = 145, 00195 AUTH_INFO_OID = 69, 00196 CA_ISSUER_OID = 117, 00197 AUTH_KEY_OID = 149, 00198 SUBJ_KEY_OID = 128 00199 }; 00200 00201 00202 enum VerifyType { 00203 NO_VERIFY = 0, 00204 VERIFY = 1 00205 }; 00206 00207 00208 typedef struct DNS_entry DNS_entry; 00209 00210 struct DNS_entry { 00211 DNS_entry* next; /* next on DNS list */ 00212 char* name; /* actual DNS name */ 00213 }; 00214 00215 typedef struct DecodedCert DecodedCert; 00216 typedef struct Signer Signer; 00217 00218 00219 struct DecodedCert { 00220 byte* publicKey; 00221 word32 pubKeySize; 00222 int pubKeyStored; 00223 word32 certBegin; /* offset to start of cert */ 00224 word32 sigIndex; /* offset to start of signature */ 00225 word32 sigLength; /* length of signature */ 00226 word32 signatureOID; /* sum of algorithm object id */ 00227 word32 keyOID; /* sum of key algo object id */ 00228 DNS_entry* altNames; /* alt names list of dns entries */ 00229 byte subjectHash[SHA_SIZE]; /* hash of all Names */ 00230 byte issuerHash[SHA_SIZE]; /* hash of all Names */ 00231 #ifdef HAVE_OCSP 00232 byte issuerKeyHash[SHA_SIZE]; /* hash of the public Key */ 00233 #endif /* HAVE_OCSP */ 00234 byte* signature; /* not owned, points into raw cert */ 00235 char* subjectCN; /* CommonName */ 00236 int subjectCNLen; 00237 int subjectCNStored; /* have we saved a copy we own */ 00238 char issuer[ASN_NAME_MAX]; /* full name including common name */ 00239 char subject[ASN_NAME_MAX]; /* full name including common name */ 00240 int verify; /* Default to yes, but could be off */ 00241 byte* source; /* byte buffer holder cert, NOT owner */ 00242 word32 srcIdx; /* current offset into buffer */ 00243 word32 maxIdx; /* max offset based on init size */ 00244 void* heap; /* for user memory overrides */ 00245 byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ 00246 int serialSz; /* raw serial bytes stored */ 00247 byte* extensions; /* not owned, points into raw cert */ 00248 int extensionsSz; /* length of cert extensions */ 00249 word32 extensionsIdx; /* if want to go back and parse later */ 00250 byte* extAuthInfo; /* Authority Information Access URI */ 00251 int extAuthInfoSz; /* length of the URI */ 00252 byte* extCrlInfo; /* CRL Distribution Points */ 00253 int extCrlInfoSz; /* length of the URI */ 00254 byte extSubjKeyId[SHA_SIZE]; /* Subject Key ID */ 00255 byte extSubjKeyIdSet; /* Set when the SKID was read from cert */ 00256 byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */ 00257 byte extAuthKeyIdSet; /* Set when the AKID was read from cert */ 00258 byte isCA; /* CA basic constraint true */ 00259 #ifdef CYASSL_CERT_GEN 00260 /* easy access to subject info for other sign */ 00261 char* subjectSN; 00262 int subjectSNLen; 00263 char* subjectC; 00264 int subjectCLen; 00265 char* subjectL; 00266 int subjectLLen; 00267 char* subjectST; 00268 int subjectSTLen; 00269 char* subjectO; 00270 int subjectOLen; 00271 char* subjectOU; 00272 int subjectOULen; 00273 char* subjectEmail; 00274 int subjectEmailLen; 00275 byte* beforeDate; 00276 int beforeDateLen; 00277 byte* afterDate; 00278 int afterDateLen; 00279 #endif /* CYASSL_CERT_GEN */ 00280 }; 00281 00282 #ifdef SHA_DIGEST_SIZE 00283 #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE 00284 #else 00285 #define SIGNER_DIGEST_SIZE 20 00286 #endif 00287 00288 /* CA Signers */ 00289 /* if change layout change PERSIST_CERT_CACHE functions too */ 00290 struct Signer { 00291 word32 pubKeySize; 00292 word32 keyOID; /* key type */ 00293 byte* publicKey; 00294 int nameLen; 00295 char* name; /* common name */ 00296 byte subjectNameHash[SIGNER_DIGEST_SIZE]; 00297 /* sha hash of names in certificate */ 00298 #ifndef NO_SKID 00299 byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; 00300 /* sha hash of names in certificate */ 00301 #endif 00302 Signer* next; 00303 }; 00304 00305 00306 /* not for public consumption but may use for testing sometimes */ 00307 #ifdef CYASSL_TEST_CERT 00308 #define CYASSL_TEST_API CYASSL_API 00309 #else 00310 #define CYASSL_TEST_API CYASSL_LOCAL 00311 #endif 00312 00313 CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*); 00314 CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); 00315 CYASSL_TEST_API void FreeDecodedCert(DecodedCert*); 00316 CYASSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm); 00317 00318 CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm); 00319 CYASSL_LOCAL int DecodeToKey(DecodedCert*, int verify); 00320 00321 CYASSL_LOCAL word32 EncodeSignature(byte* out, const byte* digest, word32 digSz, 00322 int hashOID); 00323 00324 CYASSL_LOCAL Signer* MakeSigner(void*); 00325 CYASSL_LOCAL void FreeSigner(Signer*, void*); 00326 CYASSL_LOCAL void FreeSignerTable(Signer**, int, void*); 00327 00328 00329 CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length); 00330 CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int); 00331 00332 CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); 00333 00334 #ifdef HAVE_ECC 00335 /* ASN sig helpers */ 00336 CYASSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, 00337 mp_int* s); 00338 CYASSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, 00339 mp_int* r, mp_int* s); 00340 /* private key helpers */ 00341 CYASSL_LOCAL int EccPrivateKeyDecode(const byte* input,word32* inOutIdx, 00342 ecc_key*,word32); 00343 #endif 00344 00345 #ifdef CYASSL_CERT_GEN 00346 00347 enum cert_enums { 00348 NAME_ENTRIES = 8, 00349 JOINT_LEN = 2, 00350 EMAIL_JOINT_LEN = 9, 00351 RSA_KEY = 10, 00352 NTRU_KEY = 11 00353 }; 00354 00355 00356 #endif /* CYASSL_CERT_GEN */ 00357 00358 00359 00360 /* for pointer use */ 00361 typedef struct CertStatus CertStatus; 00362 00363 #ifdef HAVE_OCSP 00364 00365 enum Ocsp_Response_Status { 00366 OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */ 00367 OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */ 00368 OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */ 00369 OCSP_TRY_LATER = 3, /* Try again later */ 00370 OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */ 00371 OCSP_UNAUTHROIZED = 6 /* Request unauthorized */ 00372 }; 00373 00374 00375 enum Ocsp_Cert_Status { 00376 CERT_GOOD = 0, 00377 CERT_REVOKED = 1, 00378 CERT_UNKNOWN = 2 00379 }; 00380 00381 00382 enum Ocsp_Sums { 00383 OCSP_BASIC_OID = 117, 00384 OCSP_NONCE_OID = 118 00385 }; 00386 00387 00388 typedef struct OcspRequest OcspRequest; 00389 typedef struct OcspResponse OcspResponse; 00390 00391 00392 struct CertStatus { 00393 CertStatus* next; 00394 00395 byte serial[EXTERNAL_SERIAL_SIZE]; 00396 int serialSz; 00397 00398 int status; 00399 00400 byte thisDate[MAX_DATE_SIZE]; 00401 byte nextDate[MAX_DATE_SIZE]; 00402 byte thisDateFormat; 00403 byte nextDateFormat; 00404 }; 00405 00406 00407 struct OcspResponse { 00408 int responseStatus; /* return code from Responder */ 00409 00410 byte* response; /* Pointer to beginning of OCSP Response */ 00411 word32 responseSz; /* length of the OCSP Response */ 00412 00413 byte producedDate[MAX_DATE_SIZE]; 00414 /* Date at which this response was signed */ 00415 byte producedDateFormat; /* format of the producedDate */ 00416 byte* issuerHash; 00417 byte* issuerKeyHash; 00418 00419 byte* cert; 00420 word32 certSz; 00421 00422 byte* sig; /* Pointer to sig in source */ 00423 word32 sigSz; /* Length in octets for the sig */ 00424 word32 sigOID; /* OID for hash used for sig */ 00425 00426 CertStatus* status; /* certificate status to fill out */ 00427 00428 byte* nonce; /* pointer to nonce inside ASN.1 response */ 00429 int nonceSz; /* length of the nonce string */ 00430 00431 byte* source; /* pointer to source buffer, not owned */ 00432 word32 maxIdx; /* max offset based on init size */ 00433 }; 00434 00435 00436 struct OcspRequest { 00437 DecodedCert* cert; 00438 00439 byte useNonce; 00440 byte nonce[MAX_OCSP_NONCE_SZ]; 00441 int nonceSz; 00442 00443 byte* issuerHash; /* pointer to issuerHash in source cert */ 00444 byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */ 00445 byte* serial; /* pointer to serial number in source cert */ 00446 int serialSz; /* length of the serial number */ 00447 00448 byte* dest; /* pointer to the destination ASN.1 buffer */ 00449 word32 destSz; /* length of the destination buffer */ 00450 }; 00451 00452 00453 CYASSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); 00454 CYASSL_LOCAL int OcspResponseDecode(OcspResponse*); 00455 00456 CYASSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*, 00457 byte, byte*, word32); 00458 CYASSL_LOCAL int EncodeOcspRequest(OcspRequest*); 00459 00460 CYASSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*); 00461 00462 00463 #endif /* HAVE_OCSP */ 00464 00465 00466 /* for pointer use */ 00467 typedef struct RevokedCert RevokedCert; 00468 00469 #ifdef HAVE_CRL 00470 00471 struct RevokedCert { 00472 byte serialNumber[EXTERNAL_SERIAL_SIZE]; 00473 int serialSz; 00474 RevokedCert* next; 00475 }; 00476 00477 typedef struct DecodedCRL DecodedCRL; 00478 00479 struct DecodedCRL { 00480 word32 certBegin; /* offset to start of cert */ 00481 word32 sigIndex; /* offset to start of signature */ 00482 word32 sigLength; /* length of signature */ 00483 word32 signatureOID; /* sum of algorithm object id */ 00484 byte* signature; /* pointer into raw source, not owned */ 00485 byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */ 00486 byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */ 00487 byte lastDate[MAX_DATE_SIZE]; /* last date updated */ 00488 byte nextDate[MAX_DATE_SIZE]; /* next update date */ 00489 byte lastDateFormat; /* format of last date */ 00490 byte nextDateFormat; /* format of next date */ 00491 RevokedCert* certs; /* revoked cert list */ 00492 int totalCerts; /* number on list */ 00493 }; 00494 00495 CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*); 00496 CYASSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm); 00497 CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*); 00498 00499 00500 #endif /* HAVE_CRL */ 00501 00502 00503 #ifdef __cplusplus 00504 } /* extern "C" */ 00505 #endif 00506 00507 #endif /* CTAO_CRYPT_ASN_H */ 00508 00509 #endif /* !NO_ASN */
Generated on Thu Jul 14 2022 20:26:02 by
1.7.2