ssh lib
wolfcrypt/asn.h@1:e4ea39eba2fb, 2019-11-25 (annotated)
- Committer:
- sPymbed
- Date:
- Mon Nov 25 14:23:49 2019 +0000
- Revision:
- 1:e4ea39eba2fb
- Parent:
- 0:1387ff3eed4a
improved
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
sPymbed | 0:1387ff3eed4a | 1 | /* asn.h |
sPymbed | 0:1387ff3eed4a | 2 | * |
sPymbed | 0:1387ff3eed4a | 3 | * Copyright (C) 2006-2017 wolfSSL Inc. |
sPymbed | 0:1387ff3eed4a | 4 | * |
sPymbed | 0:1387ff3eed4a | 5 | * This file is part of wolfSSL. |
sPymbed | 0:1387ff3eed4a | 6 | * |
sPymbed | 0:1387ff3eed4a | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
sPymbed | 0:1387ff3eed4a | 8 | * it under the terms of the GNU General Public License as published by |
sPymbed | 0:1387ff3eed4a | 9 | * the Free Software Foundation; either version 2 of the License, or |
sPymbed | 0:1387ff3eed4a | 10 | * (at your option) any later version. |
sPymbed | 0:1387ff3eed4a | 11 | * |
sPymbed | 0:1387ff3eed4a | 12 | * wolfSSL is distributed in the hope that it will be useful, |
sPymbed | 0:1387ff3eed4a | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
sPymbed | 0:1387ff3eed4a | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
sPymbed | 0:1387ff3eed4a | 15 | * GNU General Public License for more details. |
sPymbed | 0:1387ff3eed4a | 16 | * |
sPymbed | 0:1387ff3eed4a | 17 | * You should have received a copy of the GNU General Public License |
sPymbed | 0:1387ff3eed4a | 18 | * along with this program; if not, write to the Free Software |
sPymbed | 0:1387ff3eed4a | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
sPymbed | 0:1387ff3eed4a | 20 | */ |
sPymbed | 0:1387ff3eed4a | 21 | |
sPymbed | 0:1387ff3eed4a | 22 | /*! |
sPymbed | 0:1387ff3eed4a | 23 | \file wolfssl/wolfcrypt/asn.h |
sPymbed | 0:1387ff3eed4a | 24 | */ |
sPymbed | 0:1387ff3eed4a | 25 | |
sPymbed | 0:1387ff3eed4a | 26 | #ifndef WOLF_CRYPT_ASN_H |
sPymbed | 0:1387ff3eed4a | 27 | #define WOLF_CRYPT_ASN_H |
sPymbed | 0:1387ff3eed4a | 28 | |
sPymbed | 0:1387ff3eed4a | 29 | #include <wolfcrypt/types.h> |
sPymbed | 0:1387ff3eed4a | 30 | |
sPymbed | 0:1387ff3eed4a | 31 | #ifndef NO_ASN |
sPymbed | 0:1387ff3eed4a | 32 | |
sPymbed | 0:1387ff3eed4a | 33 | |
sPymbed | 0:1387ff3eed4a | 34 | #if !defined(NO_ASN_TIME) && defined(NO_TIME_H) |
sPymbed | 0:1387ff3eed4a | 35 | #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */ |
sPymbed | 0:1387ff3eed4a | 36 | #endif |
sPymbed | 0:1387ff3eed4a | 37 | |
sPymbed | 0:1387ff3eed4a | 38 | #include <wolfcrypt/integer.h> |
sPymbed | 0:1387ff3eed4a | 39 | |
sPymbed | 0:1387ff3eed4a | 40 | /* fips declare of RsaPrivateKeyDecode @wc_fips */ |
sPymbed | 0:1387ff3eed4a | 41 | #if defined(HAVE_FIPS) && !defined(NO_RSA) && \ |
sPymbed | 0:1387ff3eed4a | 42 | (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) |
sPymbed | 0:1387ff3eed4a | 43 | #include <cyassl/ctaocrypt/rsa.h> |
sPymbed | 0:1387ff3eed4a | 44 | #endif |
sPymbed | 0:1387ff3eed4a | 45 | |
sPymbed | 0:1387ff3eed4a | 46 | #ifndef NO_DH |
sPymbed | 0:1387ff3eed4a | 47 | #include <wolfcrypt/dh.h> |
sPymbed | 0:1387ff3eed4a | 48 | #endif |
sPymbed | 0:1387ff3eed4a | 49 | #ifndef NO_DSA |
sPymbed | 0:1387ff3eed4a | 50 | #include <wolfcrypt/dsa.h> |
sPymbed | 0:1387ff3eed4a | 51 | #endif |
sPymbed | 0:1387ff3eed4a | 52 | #ifndef NO_SHA |
sPymbed | 0:1387ff3eed4a | 53 | #include <wolfcrypt/sha.h> |
sPymbed | 0:1387ff3eed4a | 54 | #endif |
sPymbed | 0:1387ff3eed4a | 55 | #ifndef NO_MD5 |
sPymbed | 0:1387ff3eed4a | 56 | #include <wolfcrypt/md5.h> |
sPymbed | 0:1387ff3eed4a | 57 | #endif |
sPymbed | 0:1387ff3eed4a | 58 | #include <wolfcrypt/sha256.h> |
sPymbed | 0:1387ff3eed4a | 59 | #include <wolfcrypt/asn_public.h> /* public interface */ |
sPymbed | 0:1387ff3eed4a | 60 | |
sPymbed | 0:1387ff3eed4a | 61 | |
sPymbed | 0:1387ff3eed4a | 62 | #ifdef __cplusplus |
sPymbed | 0:1387ff3eed4a | 63 | extern "C" { |
sPymbed | 0:1387ff3eed4a | 64 | #endif |
sPymbed | 0:1387ff3eed4a | 65 | |
sPymbed | 0:1387ff3eed4a | 66 | enum { |
sPymbed | 0:1387ff3eed4a | 67 | ISSUER = 0, |
sPymbed | 0:1387ff3eed4a | 68 | SUBJECT = 1, |
sPymbed | 0:1387ff3eed4a | 69 | |
sPymbed | 0:1387ff3eed4a | 70 | EXTERNAL_SERIAL_SIZE = 32, |
sPymbed | 0:1387ff3eed4a | 71 | |
sPymbed | 0:1387ff3eed4a | 72 | BEFORE = 0, |
sPymbed | 0:1387ff3eed4a | 73 | AFTER = 1 |
sPymbed | 0:1387ff3eed4a | 74 | }; |
sPymbed | 0:1387ff3eed4a | 75 | |
sPymbed | 0:1387ff3eed4a | 76 | /* ASN Tags */ |
sPymbed | 0:1387ff3eed4a | 77 | enum ASN_Tags { |
sPymbed | 0:1387ff3eed4a | 78 | ASN_BOOLEAN = 0x01, |
sPymbed | 0:1387ff3eed4a | 79 | ASN_INTEGER = 0x02, |
sPymbed | 0:1387ff3eed4a | 80 | ASN_BIT_STRING = 0x03, |
sPymbed | 0:1387ff3eed4a | 81 | ASN_OCTET_STRING = 0x04, |
sPymbed | 0:1387ff3eed4a | 82 | ASN_TAG_NULL = 0x05, |
sPymbed | 0:1387ff3eed4a | 83 | ASN_OBJECT_ID = 0x06, |
sPymbed | 0:1387ff3eed4a | 84 | ASN_ENUMERATED = 0x0a, |
sPymbed | 0:1387ff3eed4a | 85 | ASN_UTF8STRING = 0x0c, |
sPymbed | 0:1387ff3eed4a | 86 | ASN_SEQUENCE = 0x10, |
sPymbed | 0:1387ff3eed4a | 87 | ASN_SET = 0x11, |
sPymbed | 0:1387ff3eed4a | 88 | ASN_UTC_TIME = 0x17, |
sPymbed | 0:1387ff3eed4a | 89 | ASN_OTHER_TYPE = 0x00, |
sPymbed | 0:1387ff3eed4a | 90 | ASN_RFC822_TYPE = 0x01, |
sPymbed | 0:1387ff3eed4a | 91 | ASN_DNS_TYPE = 0x02, |
sPymbed | 0:1387ff3eed4a | 92 | ASN_DIR_TYPE = 0x04, |
sPymbed | 0:1387ff3eed4a | 93 | ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */ |
sPymbed | 0:1387ff3eed4a | 94 | ASN_GENERALIZED_TIME = 0x18, |
sPymbed | 0:1387ff3eed4a | 95 | CRL_EXTENSIONS = 0xa0, |
sPymbed | 0:1387ff3eed4a | 96 | ASN_EXTENSIONS = 0xa3, |
sPymbed | 0:1387ff3eed4a | 97 | ASN_LONG_LENGTH = 0x80, |
sPymbed | 0:1387ff3eed4a | 98 | ASN_INDEF_LENGTH = 0x80, |
sPymbed | 0:1387ff3eed4a | 99 | |
sPymbed | 0:1387ff3eed4a | 100 | /* ASN_Flags - Bitmask */ |
sPymbed | 0:1387ff3eed4a | 101 | ASN_CONSTRUCTED = 0x20, |
sPymbed | 0:1387ff3eed4a | 102 | ASN_CONTEXT_SPECIFIC = 0x80, |
sPymbed | 0:1387ff3eed4a | 103 | }; |
sPymbed | 0:1387ff3eed4a | 104 | |
sPymbed | 0:1387ff3eed4a | 105 | #define ASN_UTC_TIME_SIZE 14 |
sPymbed | 0:1387ff3eed4a | 106 | #define ASN_GENERALIZED_TIME_SIZE 16 |
sPymbed | 0:1387ff3eed4a | 107 | |
sPymbed | 0:1387ff3eed4a | 108 | enum DN_Tags { |
sPymbed | 0:1387ff3eed4a | 109 | ASN_COMMON_NAME = 0x03, /* CN */ |
sPymbed | 0:1387ff3eed4a | 110 | ASN_SUR_NAME = 0x04, /* SN */ |
sPymbed | 0:1387ff3eed4a | 111 | ASN_SERIAL_NUMBER = 0x05, /* serialNumber */ |
sPymbed | 0:1387ff3eed4a | 112 | ASN_COUNTRY_NAME = 0x06, /* C */ |
sPymbed | 0:1387ff3eed4a | 113 | ASN_LOCALITY_NAME = 0x07, /* L */ |
sPymbed | 0:1387ff3eed4a | 114 | ASN_STATE_NAME = 0x08, /* ST */ |
sPymbed | 0:1387ff3eed4a | 115 | ASN_ORG_NAME = 0x0a, /* O */ |
sPymbed | 0:1387ff3eed4a | 116 | ASN_ORGUNIT_NAME = 0x0b, /* OU */ |
sPymbed | 0:1387ff3eed4a | 117 | ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */ |
sPymbed | 0:1387ff3eed4a | 118 | |
sPymbed | 0:1387ff3eed4a | 119 | /* pilot attribute types |
sPymbed | 0:1387ff3eed4a | 120 | * OID values of 0.9.2342.19200300.100.1.* */ |
sPymbed | 0:1387ff3eed4a | 121 | ASN_USER_ID = 0x01, /* UID */ |
sPymbed | 0:1387ff3eed4a | 122 | ASN_DOMAIN_COMPONENT = 0x19 /* DC */ |
sPymbed | 0:1387ff3eed4a | 123 | }; |
sPymbed | 0:1387ff3eed4a | 124 | |
sPymbed | 0:1387ff3eed4a | 125 | /* DN Tag Strings */ |
sPymbed | 0:1387ff3eed4a | 126 | #define WOLFSSL_COMMON_NAME "/CN=" |
sPymbed | 0:1387ff3eed4a | 127 | #define WOLFSSL_SUR_NAME "/SN=" |
sPymbed | 0:1387ff3eed4a | 128 | #define WOLFSSL_SERIAL_NUMBER "/serialNumber=" |
sPymbed | 0:1387ff3eed4a | 129 | #define WOLFSSL_COUNTRY_NAME "/C=" |
sPymbed | 0:1387ff3eed4a | 130 | #define WOLFSSL_LOCALITY_NAME "/L=" |
sPymbed | 0:1387ff3eed4a | 131 | #define WOLFSSL_STATE_NAME "/ST=" |
sPymbed | 0:1387ff3eed4a | 132 | #define WOLFSSL_ORG_NAME "/O=" |
sPymbed | 0:1387ff3eed4a | 133 | #define WOLFSSL_ORGUNIT_NAME "/OU=" |
sPymbed | 0:1387ff3eed4a | 134 | #define WOLFSSL_DOMAIN_COMPONENT "/DC=" |
sPymbed | 0:1387ff3eed4a | 135 | |
sPymbed | 0:1387ff3eed4a | 136 | enum ECC_TYPES { |
sPymbed | 0:1387ff3eed4a | 137 | ECC_PREFIX_0 = 160, |
sPymbed | 0:1387ff3eed4a | 138 | ECC_PREFIX_1 = 161 |
sPymbed | 0:1387ff3eed4a | 139 | }; |
sPymbed | 0:1387ff3eed4a | 140 | |
sPymbed | 0:1387ff3eed4a | 141 | enum Misc_ASN { |
sPymbed | 0:1387ff3eed4a | 142 | ASN_NAME_MAX = 256, |
sPymbed | 0:1387ff3eed4a | 143 | MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ |
sPymbed | 0:1387ff3eed4a | 144 | MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ |
sPymbed | 0:1387ff3eed4a | 145 | ASN_BOOL_SIZE = 2, /* including type */ |
sPymbed | 0:1387ff3eed4a | 146 | ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ |
sPymbed | 0:1387ff3eed4a | 147 | ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ |
sPymbed | 0:1387ff3eed4a | 148 | #ifdef NO_SHA |
sPymbed | 0:1387ff3eed4a | 149 | KEYID_SIZE = WC_SHA256_DIGEST_SIZE, |
sPymbed | 0:1387ff3eed4a | 150 | #else |
sPymbed | 0:1387ff3eed4a | 151 | KEYID_SIZE = WC_SHA_DIGEST_SIZE, |
sPymbed | 0:1387ff3eed4a | 152 | #endif |
sPymbed | 0:1387ff3eed4a | 153 | RSA_INTS = 8, /* RSA ints in private key */ |
sPymbed | 0:1387ff3eed4a | 154 | DSA_INTS = 5, /* DSA ints in private key */ |
sPymbed | 0:1387ff3eed4a | 155 | MIN_DATE_SIZE = 13, |
sPymbed | 0:1387ff3eed4a | 156 | MAX_DATE_SIZE = 32, |
sPymbed | 0:1387ff3eed4a | 157 | ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ |
sPymbed | 0:1387ff3eed4a | 158 | MAX_ENCODED_SIG_SZ = 512, |
sPymbed | 0:1387ff3eed4a | 159 | MAX_SIG_SZ = 256, |
sPymbed | 0:1387ff3eed4a | 160 | MAX_ALGO_SZ = 20, |
sPymbed | 0:1387ff3eed4a | 161 | MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */ |
sPymbed | 0:1387ff3eed4a | 162 | MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ |
sPymbed | 0:1387ff3eed4a | 163 | MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ |
sPymbed | 0:1387ff3eed4a | 164 | MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ |
sPymbed | 0:1387ff3eed4a | 165 | MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */ |
sPymbed | 0:1387ff3eed4a | 166 | MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ |
sPymbed | 0:1387ff3eed4a | 167 | MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ |
sPymbed | 0:1387ff3eed4a | 168 | MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + length(4) */ |
sPymbed | 0:1387ff3eed4a | 169 | MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ |
sPymbed | 0:1387ff3eed4a | 170 | MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ |
sPymbed | 0:1387ff3eed4a | 171 | MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ |
sPymbed | 0:1387ff3eed4a | 172 | MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ |
sPymbed | 0:1387ff3eed4a | 173 | MAX_RSA_E_SZ = 16, /* Max RSA public e size */ |
sPymbed | 0:1387ff3eed4a | 174 | MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ |
sPymbed | 0:1387ff3eed4a | 175 | MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ |
sPymbed | 0:1387ff3eed4a | 176 | MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, /* Maximum DER digest size */ |
sPymbed | 0:1387ff3eed4a | 177 | #ifdef WOLFSSL_CERT_GEN |
sPymbed | 0:1387ff3eed4a | 178 | #ifdef WOLFSSL_CERT_REQ |
sPymbed | 0:1387ff3eed4a | 179 | /* Max encoded cert req attributes length */ |
sPymbed | 0:1387ff3eed4a | 180 | MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + |
sPymbed | 0:1387ff3eed4a | 181 | MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ |
sPymbed | 0:1387ff3eed4a | 182 | #endif |
sPymbed | 0:1387ff3eed4a | 183 | #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT) |
sPymbed | 0:1387ff3eed4a | 184 | MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, |
sPymbed | 0:1387ff3eed4a | 185 | #else |
sPymbed | 0:1387ff3eed4a | 186 | MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, |
sPymbed | 0:1387ff3eed4a | 187 | #endif |
sPymbed | 0:1387ff3eed4a | 188 | /* Max total extensions, id + len + others */ |
sPymbed | 0:1387ff3eed4a | 189 | #endif |
sPymbed | 0:1387ff3eed4a | 190 | #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) |
sPymbed | 0:1387ff3eed4a | 191 | MAX_OID_SZ = 32, /* Max DER length of OID*/ |
sPymbed | 0:1387ff3eed4a | 192 | MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ |
sPymbed | 0:1387ff3eed4a | 193 | #endif |
sPymbed | 0:1387ff3eed4a | 194 | #ifdef WOLFSSL_CERT_EXT |
sPymbed | 0:1387ff3eed4a | 195 | MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ |
sPymbed | 0:1387ff3eed4a | 196 | MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ |
sPymbed | 0:1387ff3eed4a | 197 | MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) + |
sPymbed | 0:1387ff3eed4a | 198 | CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage |
sPymbed | 0:1387ff3eed4a | 199 | (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ + (6 * (SEQ + OID))) */ |
sPymbed | 0:1387ff3eed4a | 200 | MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ |
sPymbed | 0:1387ff3eed4a | 201 | MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, |
sPymbed | 0:1387ff3eed4a | 202 | #endif |
sPymbed | 0:1387ff3eed4a | 203 | MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */ |
sPymbed | 0:1387ff3eed4a | 204 | OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ |
sPymbed | 0:1387ff3eed4a | 205 | MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ |
sPymbed | 0:1387ff3eed4a | 206 | MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ |
sPymbed | 0:1387ff3eed4a | 207 | EIGHTK_BUF = 8192, /* Tmp buffer size */ |
sPymbed | 0:1387ff3eed4a | 208 | MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, |
sPymbed | 0:1387ff3eed4a | 209 | /* use bigger NTRU size */ |
sPymbed | 0:1387ff3eed4a | 210 | #ifdef WOLFSSL_ENCRYPTED_KEYS |
sPymbed | 0:1387ff3eed4a | 211 | HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ |
sPymbed | 0:1387ff3eed4a | 212 | #else |
sPymbed | 0:1387ff3eed4a | 213 | HEADER_ENCRYPTED_KEY_SIZE = 0, |
sPymbed | 0:1387ff3eed4a | 214 | #endif |
sPymbed | 0:1387ff3eed4a | 215 | TRAILING_ZERO = 1, /* Used for size of zero pad */ |
sPymbed | 0:1387ff3eed4a | 216 | MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ |
sPymbed | 0:1387ff3eed4a | 217 | #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ |
sPymbed | 0:1387ff3eed4a | 218 | defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) |
sPymbed | 0:1387ff3eed4a | 219 | MAX_TIME_STRING_SZ = 25, /* Max length of formatted time string */ |
sPymbed | 0:1387ff3eed4a | 220 | #endif |
sPymbed | 0:1387ff3eed4a | 221 | |
sPymbed | 0:1387ff3eed4a | 222 | PKCS5_SALT_SZ = 8, |
sPymbed | 0:1387ff3eed4a | 223 | |
sPymbed | 0:1387ff3eed4a | 224 | PEM_LINE_LEN = 80, /* PEM line max + fudge */ |
sPymbed | 0:1387ff3eed4a | 225 | }; |
sPymbed | 0:1387ff3eed4a | 226 | |
sPymbed | 0:1387ff3eed4a | 227 | |
sPymbed | 0:1387ff3eed4a | 228 | enum Oid_Types { |
sPymbed | 0:1387ff3eed4a | 229 | oidHashType = 0, |
sPymbed | 0:1387ff3eed4a | 230 | oidSigType = 1, |
sPymbed | 0:1387ff3eed4a | 231 | oidKeyType = 2, |
sPymbed | 0:1387ff3eed4a | 232 | oidCurveType = 3, |
sPymbed | 0:1387ff3eed4a | 233 | oidBlkType = 4, |
sPymbed | 0:1387ff3eed4a | 234 | oidOcspType = 5, |
sPymbed | 0:1387ff3eed4a | 235 | oidCertExtType = 6, |
sPymbed | 0:1387ff3eed4a | 236 | oidCertAuthInfoType = 7, |
sPymbed | 0:1387ff3eed4a | 237 | oidCertPolicyType = 8, |
sPymbed | 0:1387ff3eed4a | 238 | oidCertAltNameType = 9, |
sPymbed | 0:1387ff3eed4a | 239 | oidCertKeyUseType = 10, |
sPymbed | 0:1387ff3eed4a | 240 | oidKdfType = 11, |
sPymbed | 0:1387ff3eed4a | 241 | oidKeyWrapType = 12, |
sPymbed | 0:1387ff3eed4a | 242 | oidCmsKeyAgreeType = 13, |
sPymbed | 0:1387ff3eed4a | 243 | oidPBEType = 14, |
sPymbed | 0:1387ff3eed4a | 244 | oidHmacType = 15, |
sPymbed | 0:1387ff3eed4a | 245 | oidIgnoreType |
sPymbed | 0:1387ff3eed4a | 246 | }; |
sPymbed | 0:1387ff3eed4a | 247 | |
sPymbed | 0:1387ff3eed4a | 248 | |
sPymbed | 0:1387ff3eed4a | 249 | enum Hash_Sum { |
sPymbed | 0:1387ff3eed4a | 250 | MD2h = 646, |
sPymbed | 0:1387ff3eed4a | 251 | MD5h = 649, |
sPymbed | 0:1387ff3eed4a | 252 | SHAh = 88, |
sPymbed | 0:1387ff3eed4a | 253 | SHA224h = 417, |
sPymbed | 0:1387ff3eed4a | 254 | SHA256h = 414, |
sPymbed | 0:1387ff3eed4a | 255 | SHA384h = 415, |
sPymbed | 0:1387ff3eed4a | 256 | SHA512h = 416 |
sPymbed | 0:1387ff3eed4a | 257 | }; |
sPymbed | 0:1387ff3eed4a | 258 | |
sPymbed | 0:1387ff3eed4a | 259 | |
sPymbed | 0:1387ff3eed4a | 260 | #if !defined(NO_DES3) || !defined(NO_AES) |
sPymbed | 0:1387ff3eed4a | 261 | enum Block_Sum { |
sPymbed | 0:1387ff3eed4a | 262 | #ifdef WOLFSSL_AES_128 |
sPymbed | 0:1387ff3eed4a | 263 | AES128CBCb = 414, |
sPymbed | 0:1387ff3eed4a | 264 | #endif |
sPymbed | 0:1387ff3eed4a | 265 | #ifdef WOLFSSL_AES_192 |
sPymbed | 0:1387ff3eed4a | 266 | AES192CBCb = 434, |
sPymbed | 0:1387ff3eed4a | 267 | #endif |
sPymbed | 0:1387ff3eed4a | 268 | #ifdef WOLFSSL_AES_256 |
sPymbed | 0:1387ff3eed4a | 269 | AES256CBCb = 454, |
sPymbed | 0:1387ff3eed4a | 270 | #endif |
sPymbed | 0:1387ff3eed4a | 271 | #ifndef NO_DES3 |
sPymbed | 0:1387ff3eed4a | 272 | DESb = 69, |
sPymbed | 0:1387ff3eed4a | 273 | DES3b = 652 |
sPymbed | 0:1387ff3eed4a | 274 | #endif |
sPymbed | 0:1387ff3eed4a | 275 | }; |
sPymbed | 0:1387ff3eed4a | 276 | #endif /* !NO_DES3 || !NO_AES */ |
sPymbed | 0:1387ff3eed4a | 277 | |
sPymbed | 0:1387ff3eed4a | 278 | |
sPymbed | 0:1387ff3eed4a | 279 | enum Key_Sum { |
sPymbed | 0:1387ff3eed4a | 280 | DSAk = 515, |
sPymbed | 0:1387ff3eed4a | 281 | RSAk = 645, |
sPymbed | 0:1387ff3eed4a | 282 | NTRUk = 274, |
sPymbed | 0:1387ff3eed4a | 283 | ECDSAk = 518, |
sPymbed | 0:1387ff3eed4a | 284 | ED25519k = 256 |
sPymbed | 0:1387ff3eed4a | 285 | }; |
sPymbed | 0:1387ff3eed4a | 286 | |
sPymbed | 0:1387ff3eed4a | 287 | |
sPymbed | 0:1387ff3eed4a | 288 | #ifndef NO_AES |
sPymbed | 0:1387ff3eed4a | 289 | enum KeyWrap_Sum { |
sPymbed | 0:1387ff3eed4a | 290 | #ifdef WOLFSSL_AES_128 |
sPymbed | 0:1387ff3eed4a | 291 | AES128_WRAP = 417, |
sPymbed | 0:1387ff3eed4a | 292 | #endif |
sPymbed | 0:1387ff3eed4a | 293 | #ifdef WOLFSSL_AES_192 |
sPymbed | 0:1387ff3eed4a | 294 | AES192_WRAP = 437, |
sPymbed | 0:1387ff3eed4a | 295 | #endif |
sPymbed | 0:1387ff3eed4a | 296 | #ifdef WOLFSSL_AES_256 |
sPymbed | 0:1387ff3eed4a | 297 | AES256_WRAP = 457 |
sPymbed | 0:1387ff3eed4a | 298 | #endif |
sPymbed | 0:1387ff3eed4a | 299 | }; |
sPymbed | 0:1387ff3eed4a | 300 | #endif /* !NO_AES */ |
sPymbed | 0:1387ff3eed4a | 301 | |
sPymbed | 0:1387ff3eed4a | 302 | enum Key_Agree { |
sPymbed | 0:1387ff3eed4a | 303 | dhSinglePass_stdDH_sha1kdf_scheme = 464, |
sPymbed | 0:1387ff3eed4a | 304 | dhSinglePass_stdDH_sha224kdf_scheme = 188, |
sPymbed | 0:1387ff3eed4a | 305 | dhSinglePass_stdDH_sha256kdf_scheme = 189, |
sPymbed | 0:1387ff3eed4a | 306 | dhSinglePass_stdDH_sha384kdf_scheme = 190, |
sPymbed | 0:1387ff3eed4a | 307 | dhSinglePass_stdDH_sha512kdf_scheme = 191, |
sPymbed | 0:1387ff3eed4a | 308 | }; |
sPymbed | 0:1387ff3eed4a | 309 | |
sPymbed | 0:1387ff3eed4a | 310 | |
sPymbed | 0:1387ff3eed4a | 311 | enum Ecc_Sum { |
sPymbed | 0:1387ff3eed4a | 312 | ECC_SECP112R1_OID = 182, |
sPymbed | 0:1387ff3eed4a | 313 | ECC_SECP112R2_OID = 183, |
sPymbed | 0:1387ff3eed4a | 314 | ECC_SECP128R1_OID = 204, |
sPymbed | 0:1387ff3eed4a | 315 | ECC_SECP128R2_OID = 205, |
sPymbed | 0:1387ff3eed4a | 316 | ECC_SECP160R1_OID = 184, |
sPymbed | 0:1387ff3eed4a | 317 | ECC_SECP160R2_OID = 206, |
sPymbed | 0:1387ff3eed4a | 318 | ECC_SECP160K1_OID = 185, |
sPymbed | 0:1387ff3eed4a | 319 | ECC_BRAINPOOLP160R1_OID = 98, |
sPymbed | 0:1387ff3eed4a | 320 | ECC_SECP192R1_OID = 520, |
sPymbed | 0:1387ff3eed4a | 321 | ECC_PRIME192V2_OID = 521, |
sPymbed | 0:1387ff3eed4a | 322 | ECC_PRIME192V3_OID = 522, |
sPymbed | 0:1387ff3eed4a | 323 | ECC_SECP192K1_OID = 207, |
sPymbed | 0:1387ff3eed4a | 324 | ECC_BRAINPOOLP192R1_OID = 100, |
sPymbed | 0:1387ff3eed4a | 325 | ECC_SECP224R1_OID = 209, |
sPymbed | 0:1387ff3eed4a | 326 | ECC_SECP224K1_OID = 208, |
sPymbed | 0:1387ff3eed4a | 327 | ECC_BRAINPOOLP224R1_OID = 102, |
sPymbed | 0:1387ff3eed4a | 328 | ECC_PRIME239V1_OID = 523, |
sPymbed | 0:1387ff3eed4a | 329 | ECC_PRIME239V2_OID = 524, |
sPymbed | 0:1387ff3eed4a | 330 | ECC_PRIME239V3_OID = 525, |
sPymbed | 0:1387ff3eed4a | 331 | ECC_SECP256R1_OID = 526, |
sPymbed | 0:1387ff3eed4a | 332 | ECC_SECP256K1_OID = 186, |
sPymbed | 0:1387ff3eed4a | 333 | ECC_BRAINPOOLP256R1_OID = 104, |
sPymbed | 0:1387ff3eed4a | 334 | ECC_X25519_OID = 365, |
sPymbed | 0:1387ff3eed4a | 335 | ECC_ED25519_OID = 256, |
sPymbed | 0:1387ff3eed4a | 336 | ECC_BRAINPOOLP320R1_OID = 106, |
sPymbed | 0:1387ff3eed4a | 337 | ECC_SECP384R1_OID = 210, |
sPymbed | 0:1387ff3eed4a | 338 | ECC_BRAINPOOLP384R1_OID = 108, |
sPymbed | 0:1387ff3eed4a | 339 | ECC_BRAINPOOLP512R1_OID = 110, |
sPymbed | 0:1387ff3eed4a | 340 | ECC_SECP521R1_OID = 211, |
sPymbed | 0:1387ff3eed4a | 341 | }; |
sPymbed | 0:1387ff3eed4a | 342 | |
sPymbed | 0:1387ff3eed4a | 343 | |
sPymbed | 0:1387ff3eed4a | 344 | enum KDF_Sum { |
sPymbed | 0:1387ff3eed4a | 345 | PBKDF2_OID = 660 |
sPymbed | 0:1387ff3eed4a | 346 | }; |
sPymbed | 0:1387ff3eed4a | 347 | |
sPymbed | 0:1387ff3eed4a | 348 | |
sPymbed | 0:1387ff3eed4a | 349 | enum HMAC_Sum { |
sPymbed | 0:1387ff3eed4a | 350 | HMAC_SHA224_OID = 652, |
sPymbed | 0:1387ff3eed4a | 351 | HMAC_SHA256_OID = 653, |
sPymbed | 0:1387ff3eed4a | 352 | HMAC_SHA384_OID = 654, |
sPymbed | 0:1387ff3eed4a | 353 | HMAC_SHA512_OID = 655 |
sPymbed | 0:1387ff3eed4a | 354 | }; |
sPymbed | 0:1387ff3eed4a | 355 | |
sPymbed | 0:1387ff3eed4a | 356 | |
sPymbed | 0:1387ff3eed4a | 357 | enum Extensions_Sum { |
sPymbed | 0:1387ff3eed4a | 358 | BASIC_CA_OID = 133, |
sPymbed | 0:1387ff3eed4a | 359 | ALT_NAMES_OID = 131, |
sPymbed | 0:1387ff3eed4a | 360 | CRL_DIST_OID = 145, |
sPymbed | 0:1387ff3eed4a | 361 | AUTH_INFO_OID = 69, /* id-pe 1 */ |
sPymbed | 0:1387ff3eed4a | 362 | AUTH_KEY_OID = 149, |
sPymbed | 0:1387ff3eed4a | 363 | SUBJ_KEY_OID = 128, |
sPymbed | 0:1387ff3eed4a | 364 | CERT_POLICY_OID = 146, |
sPymbed | 0:1387ff3eed4a | 365 | KEY_USAGE_OID = 129, /* 2.5.29.15 */ |
sPymbed | 0:1387ff3eed4a | 366 | INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ |
sPymbed | 0:1387ff3eed4a | 367 | EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ |
sPymbed | 0:1387ff3eed4a | 368 | NAME_CONS_OID = 144, /* 2.5.29.30 */ |
sPymbed | 0:1387ff3eed4a | 369 | PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */ |
sPymbed | 0:1387ff3eed4a | 370 | SUBJECT_INFO_ACCESS = 79, /* id-pe 11 */ |
sPymbed | 0:1387ff3eed4a | 371 | POLICY_MAP_OID = 147, |
sPymbed | 0:1387ff3eed4a | 372 | POLICY_CONST_OID = 150, |
sPymbed | 0:1387ff3eed4a | 373 | ISSUE_ALT_NAMES_OID = 132, |
sPymbed | 0:1387ff3eed4a | 374 | TLS_FEATURE_OID = 92 /* id-pe 24 */ |
sPymbed | 0:1387ff3eed4a | 375 | }; |
sPymbed | 0:1387ff3eed4a | 376 | |
sPymbed | 0:1387ff3eed4a | 377 | enum CertificatePolicy_Sum { |
sPymbed | 0:1387ff3eed4a | 378 | CP_ANY_OID = 146 /* id-ce 32 0 */ |
sPymbed | 0:1387ff3eed4a | 379 | }; |
sPymbed | 0:1387ff3eed4a | 380 | |
sPymbed | 0:1387ff3eed4a | 381 | enum SepHardwareName_Sum { |
sPymbed | 0:1387ff3eed4a | 382 | HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ |
sPymbed | 0:1387ff3eed4a | 383 | }; |
sPymbed | 0:1387ff3eed4a | 384 | |
sPymbed | 0:1387ff3eed4a | 385 | enum AuthInfo_Sum { |
sPymbed | 0:1387ff3eed4a | 386 | AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ |
sPymbed | 0:1387ff3eed4a | 387 | AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */ |
sPymbed | 0:1387ff3eed4a | 388 | }; |
sPymbed | 0:1387ff3eed4a | 389 | |
sPymbed | 0:1387ff3eed4a | 390 | enum ExtKeyUsage_Sum { /* From RFC 5280 */ |
sPymbed | 0:1387ff3eed4a | 391 | EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */ |
sPymbed | 0:1387ff3eed4a | 392 | EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */ |
sPymbed | 0:1387ff3eed4a | 393 | EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */ |
sPymbed | 0:1387ff3eed4a | 394 | EKU_CODESIGNING_OID = 73, /* 1.3.6.1.5.5.7.3.3, id-kp-codeSigning */ |
sPymbed | 0:1387ff3eed4a | 395 | EKU_EMAILPROTECT_OID = 74, /* 1.3.6.1.5.5.7.3.4, id-kp-emailProtection */ |
sPymbed | 0:1387ff3eed4a | 396 | EKU_TIMESTAMP_OID = 78, /* 1.3.6.1.5.5.7.3.8, id-kp-timeStamping */ |
sPymbed | 0:1387ff3eed4a | 397 | EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, id-kp-OCSPSigning */ |
sPymbed | 0:1387ff3eed4a | 398 | }; |
sPymbed | 0:1387ff3eed4a | 399 | |
sPymbed | 0:1387ff3eed4a | 400 | |
sPymbed | 0:1387ff3eed4a | 401 | enum VerifyType { |
sPymbed | 0:1387ff3eed4a | 402 | NO_VERIFY = 0, |
sPymbed | 0:1387ff3eed4a | 403 | VERIFY = 1, |
sPymbed | 0:1387ff3eed4a | 404 | VERIFY_CRL = 2, |
sPymbed | 0:1387ff3eed4a | 405 | VERIFY_OCSP = 3 |
sPymbed | 0:1387ff3eed4a | 406 | }; |
sPymbed | 0:1387ff3eed4a | 407 | |
sPymbed | 0:1387ff3eed4a | 408 | #ifdef WOLFSSL_CERT_EXT |
sPymbed | 0:1387ff3eed4a | 409 | enum KeyIdType { |
sPymbed | 0:1387ff3eed4a | 410 | SKID_TYPE = 0, |
sPymbed | 0:1387ff3eed4a | 411 | AKID_TYPE = 1 |
sPymbed | 0:1387ff3eed4a | 412 | }; |
sPymbed | 0:1387ff3eed4a | 413 | #endif |
sPymbed | 0:1387ff3eed4a | 414 | |
sPymbed | 0:1387ff3eed4a | 415 | /* Key usage extension bits (based on RFC 5280) */ |
sPymbed | 0:1387ff3eed4a | 416 | #define KEYUSE_DIGITAL_SIG 0x0080 |
sPymbed | 0:1387ff3eed4a | 417 | #define KEYUSE_CONTENT_COMMIT 0x0040 |
sPymbed | 0:1387ff3eed4a | 418 | #define KEYUSE_KEY_ENCIPHER 0x0020 |
sPymbed | 0:1387ff3eed4a | 419 | #define KEYUSE_DATA_ENCIPHER 0x0010 |
sPymbed | 0:1387ff3eed4a | 420 | #define KEYUSE_KEY_AGREE 0x0008 |
sPymbed | 0:1387ff3eed4a | 421 | #define KEYUSE_KEY_CERT_SIGN 0x0004 |
sPymbed | 0:1387ff3eed4a | 422 | #define KEYUSE_CRL_SIGN 0x0002 |
sPymbed | 0:1387ff3eed4a | 423 | #define KEYUSE_ENCIPHER_ONLY 0x0001 |
sPymbed | 0:1387ff3eed4a | 424 | #define KEYUSE_DECIPHER_ONLY 0x8000 |
sPymbed | 0:1387ff3eed4a | 425 | |
sPymbed | 0:1387ff3eed4a | 426 | /* Extended Key Usage bits (internal mapping only) */ |
sPymbed | 0:1387ff3eed4a | 427 | #define EXTKEYUSE_USER 0x80 |
sPymbed | 0:1387ff3eed4a | 428 | #define EXTKEYUSE_OCSP_SIGN 0x40 |
sPymbed | 0:1387ff3eed4a | 429 | #define EXTKEYUSE_TIMESTAMP 0x20 |
sPymbed | 0:1387ff3eed4a | 430 | #define EXTKEYUSE_EMAILPROT 0x10 |
sPymbed | 0:1387ff3eed4a | 431 | #define EXTKEYUSE_CODESIGN 0x08 |
sPymbed | 0:1387ff3eed4a | 432 | #define EXTKEYUSE_CLIENT_AUTH 0x04 |
sPymbed | 0:1387ff3eed4a | 433 | #define EXTKEYUSE_SERVER_AUTH 0x02 |
sPymbed | 0:1387ff3eed4a | 434 | #define EXTKEYUSE_ANY 0x01 |
sPymbed | 0:1387ff3eed4a | 435 | |
sPymbed | 0:1387ff3eed4a | 436 | typedef struct DNS_entry DNS_entry; |
sPymbed | 0:1387ff3eed4a | 437 | |
sPymbed | 0:1387ff3eed4a | 438 | struct DNS_entry { |
sPymbed | 0:1387ff3eed4a | 439 | DNS_entry* next; /* next on DNS list */ |
sPymbed | 0:1387ff3eed4a | 440 | int type; /* i.e. ASN_DNS_TYPE */ |
sPymbed | 0:1387ff3eed4a | 441 | int len; /* actual DNS len */ |
sPymbed | 0:1387ff3eed4a | 442 | char* name; /* actual DNS name */ |
sPymbed | 0:1387ff3eed4a | 443 | }; |
sPymbed | 0:1387ff3eed4a | 444 | |
sPymbed | 0:1387ff3eed4a | 445 | |
sPymbed | 0:1387ff3eed4a | 446 | typedef struct Base_entry Base_entry; |
sPymbed | 0:1387ff3eed4a | 447 | |
sPymbed | 0:1387ff3eed4a | 448 | struct Base_entry { |
sPymbed | 0:1387ff3eed4a | 449 | Base_entry* next; /* next on name base list */ |
sPymbed | 0:1387ff3eed4a | 450 | char* name; /* actual name base */ |
sPymbed | 0:1387ff3eed4a | 451 | int nameSz; /* name length */ |
sPymbed | 0:1387ff3eed4a | 452 | byte type; /* Name base type (DNS or RFC822) */ |
sPymbed | 0:1387ff3eed4a | 453 | }; |
sPymbed | 0:1387ff3eed4a | 454 | |
sPymbed | 0:1387ff3eed4a | 455 | #define DOMAIN_COMPONENT_MAX 10 |
sPymbed | 0:1387ff3eed4a | 456 | |
sPymbed | 0:1387ff3eed4a | 457 | struct DecodedName { |
sPymbed | 0:1387ff3eed4a | 458 | char* fullName; |
sPymbed | 0:1387ff3eed4a | 459 | int fullNameLen; |
sPymbed | 0:1387ff3eed4a | 460 | int entryCount; |
sPymbed | 0:1387ff3eed4a | 461 | int cnIdx; |
sPymbed | 0:1387ff3eed4a | 462 | int cnLen; |
sPymbed | 0:1387ff3eed4a | 463 | int snIdx; |
sPymbed | 0:1387ff3eed4a | 464 | int snLen; |
sPymbed | 0:1387ff3eed4a | 465 | int cIdx; |
sPymbed | 0:1387ff3eed4a | 466 | int cLen; |
sPymbed | 0:1387ff3eed4a | 467 | int lIdx; |
sPymbed | 0:1387ff3eed4a | 468 | int lLen; |
sPymbed | 0:1387ff3eed4a | 469 | int stIdx; |
sPymbed | 0:1387ff3eed4a | 470 | int stLen; |
sPymbed | 0:1387ff3eed4a | 471 | int oIdx; |
sPymbed | 0:1387ff3eed4a | 472 | int oLen; |
sPymbed | 0:1387ff3eed4a | 473 | int ouIdx; |
sPymbed | 0:1387ff3eed4a | 474 | int ouLen; |
sPymbed | 0:1387ff3eed4a | 475 | int emailIdx; |
sPymbed | 0:1387ff3eed4a | 476 | int emailLen; |
sPymbed | 0:1387ff3eed4a | 477 | int uidIdx; |
sPymbed | 0:1387ff3eed4a | 478 | int uidLen; |
sPymbed | 0:1387ff3eed4a | 479 | int serialIdx; |
sPymbed | 0:1387ff3eed4a | 480 | int serialLen; |
sPymbed | 0:1387ff3eed4a | 481 | int dcIdx[DOMAIN_COMPONENT_MAX]; |
sPymbed | 0:1387ff3eed4a | 482 | int dcLen[DOMAIN_COMPONENT_MAX]; |
sPymbed | 0:1387ff3eed4a | 483 | int dcNum; |
sPymbed | 0:1387ff3eed4a | 484 | int dcMode; |
sPymbed | 0:1387ff3eed4a | 485 | }; |
sPymbed | 0:1387ff3eed4a | 486 | |
sPymbed | 0:1387ff3eed4a | 487 | enum SignatureState { |
sPymbed | 0:1387ff3eed4a | 488 | SIG_STATE_BEGIN, |
sPymbed | 0:1387ff3eed4a | 489 | SIG_STATE_HASH, |
sPymbed | 0:1387ff3eed4a | 490 | SIG_STATE_KEY, |
sPymbed | 0:1387ff3eed4a | 491 | SIG_STATE_DO, |
sPymbed | 0:1387ff3eed4a | 492 | SIG_STATE_CHECK, |
sPymbed | 0:1387ff3eed4a | 493 | }; |
sPymbed | 0:1387ff3eed4a | 494 | |
sPymbed | 0:1387ff3eed4a | 495 | |
sPymbed | 0:1387ff3eed4a | 496 | #ifdef HAVE_PK_CALLBACKS |
sPymbed | 0:1387ff3eed4a | 497 | #ifdef HAVE_ECC |
sPymbed | 0:1387ff3eed4a | 498 | typedef int (*wc_CallbackEccVerify)( |
sPymbed | 0:1387ff3eed4a | 499 | const unsigned char* sig, unsigned int sigSz, |
sPymbed | 0:1387ff3eed4a | 500 | const unsigned char* hash, unsigned int hashSz, |
sPymbed | 0:1387ff3eed4a | 501 | const unsigned char* keyDer, unsigned int keySz, |
sPymbed | 0:1387ff3eed4a | 502 | int* result, void* ctx); |
sPymbed | 0:1387ff3eed4a | 503 | #endif |
sPymbed | 0:1387ff3eed4a | 504 | #ifndef NO_RSA |
sPymbed | 0:1387ff3eed4a | 505 | typedef int (*wc_CallbackRsaVerify)( |
sPymbed | 0:1387ff3eed4a | 506 | unsigned char* sig, unsigned int sigSz, |
sPymbed | 0:1387ff3eed4a | 507 | unsigned char** out, |
sPymbed | 0:1387ff3eed4a | 508 | const unsigned char* keyDer, unsigned int keySz, |
sPymbed | 0:1387ff3eed4a | 509 | void* ctx); |
sPymbed | 0:1387ff3eed4a | 510 | #endif |
sPymbed | 0:1387ff3eed4a | 511 | #endif /* HAVE_PK_CALLBACKS */ |
sPymbed | 0:1387ff3eed4a | 512 | |
sPymbed | 0:1387ff3eed4a | 513 | struct SignatureCtx { |
sPymbed | 0:1387ff3eed4a | 514 | void* heap; |
sPymbed | 0:1387ff3eed4a | 515 | byte* digest; |
sPymbed | 0:1387ff3eed4a | 516 | #ifndef NO_RSA |
sPymbed | 0:1387ff3eed4a | 517 | byte* out; |
sPymbed | 0:1387ff3eed4a | 518 | byte* plain; |
sPymbed | 0:1387ff3eed4a | 519 | #endif |
sPymbed | 0:1387ff3eed4a | 520 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
sPymbed | 0:1387ff3eed4a | 521 | int verify; |
sPymbed | 0:1387ff3eed4a | 522 | #endif |
sPymbed | 0:1387ff3eed4a | 523 | union { |
sPymbed | 0:1387ff3eed4a | 524 | #ifndef NO_RSA |
sPymbed | 0:1387ff3eed4a | 525 | struct RsaKey* rsa; |
sPymbed | 0:1387ff3eed4a | 526 | #endif |
sPymbed | 0:1387ff3eed4a | 527 | #ifdef HAVE_ECC |
sPymbed | 0:1387ff3eed4a | 528 | struct ecc_key* ecc; |
sPymbed | 0:1387ff3eed4a | 529 | #endif |
sPymbed | 0:1387ff3eed4a | 530 | #ifdef HAVE_ED25519 |
sPymbed | 0:1387ff3eed4a | 531 | struct ed25519_key* ed25519; |
sPymbed | 0:1387ff3eed4a | 532 | #endif |
sPymbed | 0:1387ff3eed4a | 533 | void* ptr; |
sPymbed | 0:1387ff3eed4a | 534 | } key; |
sPymbed | 0:1387ff3eed4a | 535 | int devId; |
sPymbed | 0:1387ff3eed4a | 536 | int state; |
sPymbed | 0:1387ff3eed4a | 537 | int typeH; |
sPymbed | 0:1387ff3eed4a | 538 | int digestSz; |
sPymbed | 0:1387ff3eed4a | 539 | word32 keyOID; |
sPymbed | 0:1387ff3eed4a | 540 | #ifdef WOLFSSL_ASYNC_CRYPT |
sPymbed | 0:1387ff3eed4a | 541 | WC_ASYNC_DEV* asyncDev; |
sPymbed | 0:1387ff3eed4a | 542 | void* asyncCtx; |
sPymbed | 0:1387ff3eed4a | 543 | #endif |
sPymbed | 0:1387ff3eed4a | 544 | |
sPymbed | 0:1387ff3eed4a | 545 | #ifdef HAVE_PK_CALLBACKS |
sPymbed | 0:1387ff3eed4a | 546 | #ifdef HAVE_ECC |
sPymbed | 0:1387ff3eed4a | 547 | wc_CallbackEccVerify pkCbEcc; |
sPymbed | 0:1387ff3eed4a | 548 | void* pkCtxEcc; |
sPymbed | 0:1387ff3eed4a | 549 | #endif |
sPymbed | 0:1387ff3eed4a | 550 | #ifndef NO_RSA |
sPymbed | 0:1387ff3eed4a | 551 | wc_CallbackRsaVerify pkCbRsa; |
sPymbed | 0:1387ff3eed4a | 552 | void* pkCtxRsa; |
sPymbed | 0:1387ff3eed4a | 553 | #endif |
sPymbed | 0:1387ff3eed4a | 554 | #endif /* HAVE_PK_CALLBACKS */ |
sPymbed | 0:1387ff3eed4a | 555 | }; |
sPymbed | 0:1387ff3eed4a | 556 | |
sPymbed | 0:1387ff3eed4a | 557 | enum CertSignState { |
sPymbed | 0:1387ff3eed4a | 558 | CERTSIGN_STATE_BEGIN, |
sPymbed | 0:1387ff3eed4a | 559 | CERTSIGN_STATE_DIGEST, |
sPymbed | 0:1387ff3eed4a | 560 | CERTSIGN_STATE_ENCODE, |
sPymbed | 0:1387ff3eed4a | 561 | CERTSIGN_STATE_DO, |
sPymbed | 0:1387ff3eed4a | 562 | }; |
sPymbed | 0:1387ff3eed4a | 563 | |
sPymbed | 0:1387ff3eed4a | 564 | struct CertSignCtx { |
sPymbed | 0:1387ff3eed4a | 565 | byte* sig; |
sPymbed | 0:1387ff3eed4a | 566 | byte* digest; |
sPymbed | 0:1387ff3eed4a | 567 | #ifndef NO_RSA |
sPymbed | 0:1387ff3eed4a | 568 | byte* encSig; |
sPymbed | 0:1387ff3eed4a | 569 | int encSigSz; |
sPymbed | 0:1387ff3eed4a | 570 | #endif |
sPymbed | 0:1387ff3eed4a | 571 | int state; /* enum CertSignState */ |
sPymbed | 0:1387ff3eed4a | 572 | }; |
sPymbed | 0:1387ff3eed4a | 573 | |
sPymbed | 0:1387ff3eed4a | 574 | |
sPymbed | 0:1387ff3eed4a | 575 | typedef struct DecodedCert DecodedCert; |
sPymbed | 0:1387ff3eed4a | 576 | typedef struct DecodedName DecodedName; |
sPymbed | 0:1387ff3eed4a | 577 | typedef struct Signer Signer; |
sPymbed | 0:1387ff3eed4a | 578 | #ifdef WOLFSSL_TRUST_PEER_CERT |
sPymbed | 0:1387ff3eed4a | 579 | typedef struct TrustedPeerCert TrustedPeerCert; |
sPymbed | 0:1387ff3eed4a | 580 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
sPymbed | 0:1387ff3eed4a | 581 | typedef struct SignatureCtx SignatureCtx; |
sPymbed | 0:1387ff3eed4a | 582 | typedef struct CertSignCtx CertSignCtx; |
sPymbed | 0:1387ff3eed4a | 583 | |
sPymbed | 0:1387ff3eed4a | 584 | |
sPymbed | 0:1387ff3eed4a | 585 | struct DecodedCert { |
sPymbed | 0:1387ff3eed4a | 586 | byte* publicKey; |
sPymbed | 0:1387ff3eed4a | 587 | word32 pubKeySize; |
sPymbed | 0:1387ff3eed4a | 588 | int pubKeyStored; |
sPymbed | 0:1387ff3eed4a | 589 | word32 certBegin; /* offset to start of cert */ |
sPymbed | 0:1387ff3eed4a | 590 | word32 sigIndex; /* offset to start of signature */ |
sPymbed | 0:1387ff3eed4a | 591 | word32 sigLength; /* length of signature */ |
sPymbed | 0:1387ff3eed4a | 592 | word32 signatureOID; /* sum of algorithm object id */ |
sPymbed | 0:1387ff3eed4a | 593 | word32 keyOID; /* sum of key algo object id */ |
sPymbed | 0:1387ff3eed4a | 594 | int version; /* cert version, 1 or 3 */ |
sPymbed | 0:1387ff3eed4a | 595 | DNS_entry* altNames; /* alt names list of dns entries */ |
sPymbed | 0:1387ff3eed4a | 596 | #ifndef IGNORE_NAME_CONSTRAINTS |
sPymbed | 0:1387ff3eed4a | 597 | DNS_entry* altEmailNames; /* alt names list of RFC822 entries */ |
sPymbed | 0:1387ff3eed4a | 598 | Base_entry* permittedNames; /* Permitted name bases */ |
sPymbed | 0:1387ff3eed4a | 599 | Base_entry* excludedNames; /* Excluded name bases */ |
sPymbed | 0:1387ff3eed4a | 600 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
sPymbed | 0:1387ff3eed4a | 601 | byte subjectHash[KEYID_SIZE]; /* hash of all Names */ |
sPymbed | 0:1387ff3eed4a | 602 | byte issuerHash[KEYID_SIZE]; /* hash of all Names */ |
sPymbed | 0:1387ff3eed4a | 603 | #ifdef HAVE_OCSP |
sPymbed | 0:1387ff3eed4a | 604 | byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ |
sPymbed | 0:1387ff3eed4a | 605 | #endif /* HAVE_OCSP */ |
sPymbed | 0:1387ff3eed4a | 606 | byte* signature; /* not owned, points into raw cert */ |
sPymbed | 0:1387ff3eed4a | 607 | char* subjectCN; /* CommonName */ |
sPymbed | 0:1387ff3eed4a | 608 | int subjectCNLen; /* CommonName Length */ |
sPymbed | 0:1387ff3eed4a | 609 | char subjectCNEnc; /* CommonName Encoding */ |
sPymbed | 0:1387ff3eed4a | 610 | char issuer[ASN_NAME_MAX]; /* full name including common name */ |
sPymbed | 0:1387ff3eed4a | 611 | char subject[ASN_NAME_MAX]; /* full name including common name */ |
sPymbed | 0:1387ff3eed4a | 612 | int verify; /* Default to yes, but could be off */ |
sPymbed | 0:1387ff3eed4a | 613 | byte* source; /* byte buffer holder cert, NOT owner */ |
sPymbed | 0:1387ff3eed4a | 614 | word32 srcIdx; /* current offset into buffer */ |
sPymbed | 0:1387ff3eed4a | 615 | word32 maxIdx; /* max offset based on init size */ |
sPymbed | 0:1387ff3eed4a | 616 | void* heap; /* for user memory overrides */ |
sPymbed | 0:1387ff3eed4a | 617 | byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ |
sPymbed | 0:1387ff3eed4a | 618 | int serialSz; /* raw serial bytes stored */ |
sPymbed | 0:1387ff3eed4a | 619 | byte* extensions; /* not owned, points into raw cert */ |
sPymbed | 0:1387ff3eed4a | 620 | int extensionsSz; /* length of cert extensions */ |
sPymbed | 0:1387ff3eed4a | 621 | word32 extensionsIdx; /* if want to go back and parse later */ |
sPymbed | 0:1387ff3eed4a | 622 | byte* extAuthInfo; /* Authority Information Access URI */ |
sPymbed | 0:1387ff3eed4a | 623 | int extAuthInfoSz; /* length of the URI */ |
sPymbed | 0:1387ff3eed4a | 624 | byte* extCrlInfo; /* CRL Distribution Points */ |
sPymbed | 0:1387ff3eed4a | 625 | int extCrlInfoSz; /* length of the URI */ |
sPymbed | 0:1387ff3eed4a | 626 | byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */ |
sPymbed | 0:1387ff3eed4a | 627 | byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */ |
sPymbed | 0:1387ff3eed4a | 628 | byte pathLength; /* CA basic constraint path length */ |
sPymbed | 0:1387ff3eed4a | 629 | word16 extKeyUsage; /* Key usage bitfield */ |
sPymbed | 0:1387ff3eed4a | 630 | byte extExtKeyUsage; /* Extended Key usage bitfield */ |
sPymbed | 0:1387ff3eed4a | 631 | |
sPymbed | 0:1387ff3eed4a | 632 | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
sPymbed | 0:1387ff3eed4a | 633 | byte* extExtKeyUsageSrc; |
sPymbed | 0:1387ff3eed4a | 634 | word32 extExtKeyUsageSz; |
sPymbed | 0:1387ff3eed4a | 635 | word32 extExtKeyUsageCount; |
sPymbed | 0:1387ff3eed4a | 636 | byte* extAuthKeyIdSrc; |
sPymbed | 0:1387ff3eed4a | 637 | word32 extAuthKeyIdSz; |
sPymbed | 0:1387ff3eed4a | 638 | byte* extSubjKeyIdSrc; |
sPymbed | 0:1387ff3eed4a | 639 | word32 extSubjKeyIdSz; |
sPymbed | 0:1387ff3eed4a | 640 | #endif |
sPymbed | 0:1387ff3eed4a | 641 | |
sPymbed | 0:1387ff3eed4a | 642 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
sPymbed | 0:1387ff3eed4a | 643 | word32 pkCurveOID; /* Public Key's curve OID */ |
sPymbed | 0:1387ff3eed4a | 644 | #endif /* HAVE_ECC */ |
sPymbed | 0:1387ff3eed4a | 645 | byte* beforeDate; |
sPymbed | 0:1387ff3eed4a | 646 | int beforeDateLen; |
sPymbed | 0:1387ff3eed4a | 647 | byte* afterDate; |
sPymbed | 0:1387ff3eed4a | 648 | int afterDateLen; |
sPymbed | 0:1387ff3eed4a | 649 | #ifdef HAVE_PKCS7 |
sPymbed | 0:1387ff3eed4a | 650 | byte* issuerRaw; /* pointer to issuer inside source */ |
sPymbed | 0:1387ff3eed4a | 651 | int issuerRawLen; |
sPymbed | 0:1387ff3eed4a | 652 | #endif |
sPymbed | 0:1387ff3eed4a | 653 | #ifndef IGNORE_NAME_CONSTRAINT |
sPymbed | 0:1387ff3eed4a | 654 | byte* subjectRaw; /* pointer to subject inside source */ |
sPymbed | 0:1387ff3eed4a | 655 | int subjectRawLen; |
sPymbed | 0:1387ff3eed4a | 656 | #endif |
sPymbed | 0:1387ff3eed4a | 657 | #ifdef WOLFSSL_CERT_GEN |
sPymbed | 0:1387ff3eed4a | 658 | /* easy access to subject info for other sign */ |
sPymbed | 0:1387ff3eed4a | 659 | char* subjectSN; |
sPymbed | 0:1387ff3eed4a | 660 | int subjectSNLen; |
sPymbed | 0:1387ff3eed4a | 661 | char subjectSNEnc; |
sPymbed | 0:1387ff3eed4a | 662 | char* subjectC; |
sPymbed | 0:1387ff3eed4a | 663 | int subjectCLen; |
sPymbed | 0:1387ff3eed4a | 664 | char subjectCEnc; |
sPymbed | 0:1387ff3eed4a | 665 | char* subjectL; |
sPymbed | 0:1387ff3eed4a | 666 | int subjectLLen; |
sPymbed | 0:1387ff3eed4a | 667 | char subjectLEnc; |
sPymbed | 0:1387ff3eed4a | 668 | char* subjectST; |
sPymbed | 0:1387ff3eed4a | 669 | int subjectSTLen; |
sPymbed | 0:1387ff3eed4a | 670 | char subjectSTEnc; |
sPymbed | 0:1387ff3eed4a | 671 | char* subjectO; |
sPymbed | 0:1387ff3eed4a | 672 | int subjectOLen; |
sPymbed | 0:1387ff3eed4a | 673 | char subjectOEnc; |
sPymbed | 0:1387ff3eed4a | 674 | char* subjectOU; |
sPymbed | 0:1387ff3eed4a | 675 | int subjectOULen; |
sPymbed | 0:1387ff3eed4a | 676 | char subjectOUEnc; |
sPymbed | 0:1387ff3eed4a | 677 | char* subjectEmail; |
sPymbed | 0:1387ff3eed4a | 678 | int subjectEmailLen; |
sPymbed | 0:1387ff3eed4a | 679 | #endif /* WOLFSSL_CERT_GEN */ |
sPymbed | 0:1387ff3eed4a | 680 | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
sPymbed | 0:1387ff3eed4a | 681 | DecodedName issuerName; |
sPymbed | 0:1387ff3eed4a | 682 | DecodedName subjectName; |
sPymbed | 0:1387ff3eed4a | 683 | #endif /* OPENSSL_EXTRA */ |
sPymbed | 0:1387ff3eed4a | 684 | #ifdef WOLFSSL_SEP |
sPymbed | 0:1387ff3eed4a | 685 | int deviceTypeSz; |
sPymbed | 0:1387ff3eed4a | 686 | byte* deviceType; |
sPymbed | 0:1387ff3eed4a | 687 | int hwTypeSz; |
sPymbed | 0:1387ff3eed4a | 688 | byte* hwType; |
sPymbed | 0:1387ff3eed4a | 689 | int hwSerialNumSz; |
sPymbed | 0:1387ff3eed4a | 690 | byte* hwSerialNum; |
sPymbed | 0:1387ff3eed4a | 691 | #endif /* WOLFSSL_SEP */ |
sPymbed | 0:1387ff3eed4a | 692 | #ifdef WOLFSSL_CERT_EXT |
sPymbed | 0:1387ff3eed4a | 693 | char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; |
sPymbed | 0:1387ff3eed4a | 694 | int extCertPoliciesNb; |
sPymbed | 0:1387ff3eed4a | 695 | #endif /* WOLFSSL_CERT_EXT */ |
sPymbed | 0:1387ff3eed4a | 696 | |
sPymbed | 0:1387ff3eed4a | 697 | Signer* ca; |
sPymbed | 0:1387ff3eed4a | 698 | SignatureCtx sigCtx; |
sPymbed | 0:1387ff3eed4a | 699 | |
sPymbed | 0:1387ff3eed4a | 700 | /* Option Bits */ |
sPymbed | 0:1387ff3eed4a | 701 | byte subjectCNStored : 1; /* have we saved a copy we own */ |
sPymbed | 0:1387ff3eed4a | 702 | byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */ |
sPymbed | 0:1387ff3eed4a | 703 | byte extAuthKeyIdSet : 1; /* Set when the AKID was read from cert */ |
sPymbed | 0:1387ff3eed4a | 704 | #ifndef IGNORE_NAME_CONSTRAINTS |
sPymbed | 0:1387ff3eed4a | 705 | byte extNameConstraintSet : 1; |
sPymbed | 0:1387ff3eed4a | 706 | #endif |
sPymbed | 0:1387ff3eed4a | 707 | byte isCA : 1; /* CA basic constraint true */ |
sPymbed | 0:1387ff3eed4a | 708 | byte pathLengthSet : 1; /* CA basic const path length set */ |
sPymbed | 0:1387ff3eed4a | 709 | byte weOwnAltNames : 1; /* altNames haven't been given to copy */ |
sPymbed | 0:1387ff3eed4a | 710 | byte extKeyUsageSet : 1; |
sPymbed | 0:1387ff3eed4a | 711 | byte extExtKeyUsageSet : 1; /* Extended Key Usage set */ |
sPymbed | 0:1387ff3eed4a | 712 | byte extCRLdistSet : 1; |
sPymbed | 0:1387ff3eed4a | 713 | byte extAuthInfoSet : 1; |
sPymbed | 0:1387ff3eed4a | 714 | byte extBasicConstSet : 1; |
sPymbed | 0:1387ff3eed4a | 715 | byte extSubjAltNameSet : 1; |
sPymbed | 0:1387ff3eed4a | 716 | byte inhibitAnyOidSet : 1; |
sPymbed | 0:1387ff3eed4a | 717 | #ifdef WOLFSSL_SEP |
sPymbed | 0:1387ff3eed4a | 718 | byte extCertPolicySet : 1; |
sPymbed | 0:1387ff3eed4a | 719 | #endif |
sPymbed | 0:1387ff3eed4a | 720 | #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) |
sPymbed | 0:1387ff3eed4a | 721 | byte extCRLdistCrit : 1; |
sPymbed | 0:1387ff3eed4a | 722 | byte extAuthInfoCrit : 1; |
sPymbed | 0:1387ff3eed4a | 723 | byte extBasicConstCrit : 1; |
sPymbed | 0:1387ff3eed4a | 724 | byte extSubjAltNameCrit : 1; |
sPymbed | 0:1387ff3eed4a | 725 | byte extAuthKeyIdCrit : 1; |
sPymbed | 0:1387ff3eed4a | 726 | #ifndef IGNORE_NAME_CONSTRAINTS |
sPymbed | 0:1387ff3eed4a | 727 | byte extNameConstraintCrit : 1; |
sPymbed | 0:1387ff3eed4a | 728 | #endif |
sPymbed | 0:1387ff3eed4a | 729 | byte extSubjKeyIdCrit : 1; |
sPymbed | 0:1387ff3eed4a | 730 | byte extKeyUsageCrit : 1; |
sPymbed | 0:1387ff3eed4a | 731 | byte extExtKeyUsageCrit : 1; |
sPymbed | 0:1387ff3eed4a | 732 | #endif /* OPENSSL_EXTRA */ |
sPymbed | 0:1387ff3eed4a | 733 | #ifdef WOLFSSL_SEP |
sPymbed | 0:1387ff3eed4a | 734 | byte extCertPolicyCrit : 1; |
sPymbed | 0:1387ff3eed4a | 735 | #endif |
sPymbed | 0:1387ff3eed4a | 736 | |
sPymbed | 0:1387ff3eed4a | 737 | }; |
sPymbed | 0:1387ff3eed4a | 738 | |
sPymbed | 0:1387ff3eed4a | 739 | |
sPymbed | 0:1387ff3eed4a | 740 | #ifdef NO_SHA |
sPymbed | 0:1387ff3eed4a | 741 | #define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE |
sPymbed | 0:1387ff3eed4a | 742 | #else |
sPymbed | 0:1387ff3eed4a | 743 | #define SIGNER_DIGEST_SIZE WC_SHA_DIGEST_SIZE |
sPymbed | 0:1387ff3eed4a | 744 | #endif |
sPymbed | 0:1387ff3eed4a | 745 | |
sPymbed | 0:1387ff3eed4a | 746 | /* CA Signers */ |
sPymbed | 0:1387ff3eed4a | 747 | /* if change layout change PERSIST_CERT_CACHE functions too */ |
sPymbed | 0:1387ff3eed4a | 748 | struct Signer { |
sPymbed | 0:1387ff3eed4a | 749 | word32 pubKeySize; |
sPymbed | 0:1387ff3eed4a | 750 | word32 keyOID; /* key type */ |
sPymbed | 0:1387ff3eed4a | 751 | word16 keyUsage; |
sPymbed | 0:1387ff3eed4a | 752 | byte pathLength; |
sPymbed | 0:1387ff3eed4a | 753 | byte pathLengthSet; |
sPymbed | 0:1387ff3eed4a | 754 | byte* publicKey; |
sPymbed | 0:1387ff3eed4a | 755 | int nameLen; |
sPymbed | 0:1387ff3eed4a | 756 | char* name; /* common name */ |
sPymbed | 0:1387ff3eed4a | 757 | #ifndef IGNORE_NAME_CONSTRAINTS |
sPymbed | 0:1387ff3eed4a | 758 | Base_entry* permittedNames; |
sPymbed | 0:1387ff3eed4a | 759 | Base_entry* excludedNames; |
sPymbed | 0:1387ff3eed4a | 760 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
sPymbed | 0:1387ff3eed4a | 761 | byte subjectNameHash[SIGNER_DIGEST_SIZE]; |
sPymbed | 0:1387ff3eed4a | 762 | /* sha hash of names in certificate */ |
sPymbed | 0:1387ff3eed4a | 763 | #ifndef NO_SKID |
sPymbed | 0:1387ff3eed4a | 764 | byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; |
sPymbed | 0:1387ff3eed4a | 765 | /* sha hash of names in certificate */ |
sPymbed | 0:1387ff3eed4a | 766 | #endif |
sPymbed | 0:1387ff3eed4a | 767 | #ifdef WOLFSSL_SIGNER_DER_CERT |
sPymbed | 0:1387ff3eed4a | 768 | DerBuffer* derCert; |
sPymbed | 0:1387ff3eed4a | 769 | #endif |
sPymbed | 0:1387ff3eed4a | 770 | Signer* next; |
sPymbed | 0:1387ff3eed4a | 771 | }; |
sPymbed | 0:1387ff3eed4a | 772 | |
sPymbed | 0:1387ff3eed4a | 773 | |
sPymbed | 0:1387ff3eed4a | 774 | #ifdef WOLFSSL_TRUST_PEER_CERT |
sPymbed | 0:1387ff3eed4a | 775 | /* used for having trusted peer certs rather then CA */ |
sPymbed | 0:1387ff3eed4a | 776 | struct TrustedPeerCert { |
sPymbed | 0:1387ff3eed4a | 777 | int nameLen; |
sPymbed | 0:1387ff3eed4a | 778 | char* name; /* common name */ |
sPymbed | 0:1387ff3eed4a | 779 | #ifndef IGNORE_NAME_CONSTRAINTS |
sPymbed | 0:1387ff3eed4a | 780 | Base_entry* permittedNames; |
sPymbed | 0:1387ff3eed4a | 781 | Base_entry* excludedNames; |
sPymbed | 0:1387ff3eed4a | 782 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
sPymbed | 0:1387ff3eed4a | 783 | byte subjectNameHash[SIGNER_DIGEST_SIZE]; |
sPymbed | 0:1387ff3eed4a | 784 | /* sha hash of names in certificate */ |
sPymbed | 0:1387ff3eed4a | 785 | #ifndef NO_SKID |
sPymbed | 0:1387ff3eed4a | 786 | byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; |
sPymbed | 0:1387ff3eed4a | 787 | /* sha hash of names in certificate */ |
sPymbed | 0:1387ff3eed4a | 788 | #endif |
sPymbed | 0:1387ff3eed4a | 789 | word32 sigLen; |
sPymbed | 0:1387ff3eed4a | 790 | byte* sig; |
sPymbed | 0:1387ff3eed4a | 791 | struct TrustedPeerCert* next; |
sPymbed | 0:1387ff3eed4a | 792 | }; |
sPymbed | 0:1387ff3eed4a | 793 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
sPymbed | 0:1387ff3eed4a | 794 | |
sPymbed | 0:1387ff3eed4a | 795 | |
sPymbed | 0:1387ff3eed4a | 796 | /* for testing or custom openssl wrappers */ |
sPymbed | 0:1387ff3eed4a | 797 | #if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ |
sPymbed | 0:1387ff3eed4a | 798 | defined(OPENSSL_EXTRA_X509_SMALL) |
sPymbed | 0:1387ff3eed4a | 799 | #define WOLFSSL_ASN_API WOLFSSL_API |
sPymbed | 0:1387ff3eed4a | 800 | #else |
sPymbed | 0:1387ff3eed4a | 801 | #define WOLFSSL_ASN_API WOLFSSL_LOCAL |
sPymbed | 0:1387ff3eed4a | 802 | #endif |
sPymbed | 0:1387ff3eed4a | 803 | |
sPymbed | 0:1387ff3eed4a | 804 | WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, |
sPymbed | 0:1387ff3eed4a | 805 | word32* derSz); |
sPymbed | 0:1387ff3eed4a | 806 | |
sPymbed | 0:1387ff3eed4a | 807 | WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*); |
sPymbed | 0:1387ff3eed4a | 808 | #ifndef IGNORE_NAME_CONSTRAINTS |
sPymbed | 0:1387ff3eed4a | 809 | WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*); |
sPymbed | 0:1387ff3eed4a | 810 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
sPymbed | 0:1387ff3eed4a | 811 | WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); |
sPymbed | 0:1387ff3eed4a | 812 | WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*); |
sPymbed | 0:1387ff3eed4a | 813 | WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm); |
sPymbed | 0:1387ff3eed4a | 814 | |
sPymbed | 0:1387ff3eed4a | 815 | WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz, byte *in, word32 inSz); |
sPymbed | 0:1387ff3eed4a | 816 | WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); |
sPymbed | 0:1387ff3eed4a | 817 | WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); |
sPymbed | 0:1387ff3eed4a | 818 | |
sPymbed | 0:1387ff3eed4a | 819 | WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz); |
sPymbed | 0:1387ff3eed4a | 820 | WOLFSSL_LOCAL Signer* MakeSigner(void*); |
sPymbed | 0:1387ff3eed4a | 821 | WOLFSSL_LOCAL void FreeSigner(Signer*, void*); |
sPymbed | 0:1387ff3eed4a | 822 | WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*); |
sPymbed | 0:1387ff3eed4a | 823 | #ifdef WOLFSSL_TRUST_PEER_CERT |
sPymbed | 0:1387ff3eed4a | 824 | WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*); |
sPymbed | 0:1387ff3eed4a | 825 | WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*); |
sPymbed | 0:1387ff3eed4a | 826 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
sPymbed | 0:1387ff3eed4a | 827 | |
sPymbed | 0:1387ff3eed4a | 828 | WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length); |
sPymbed | 0:1387ff3eed4a | 829 | WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx, |
sPymbed | 0:1387ff3eed4a | 830 | word32 length); |
sPymbed | 0:1387ff3eed4a | 831 | WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int); |
sPymbed | 0:1387ff3eed4a | 832 | WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out, |
sPymbed | 0:1387ff3eed4a | 833 | word32* outSz, const char* password, int passwordSz, int vPKCS, |
sPymbed | 0:1387ff3eed4a | 834 | int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap); |
sPymbed | 0:1387ff3eed4a | 835 | WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz); |
sPymbed | 0:1387ff3eed4a | 836 | WOLFSSL_LOCAL int EncryptContent(byte* input, word32 sz, byte* out, word32* outSz, |
sPymbed | 0:1387ff3eed4a | 837 | const char* password,int passwordSz, int vPKCS, int vAlgo, |
sPymbed | 0:1387ff3eed4a | 838 | byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap); |
sPymbed | 0:1387ff3eed4a | 839 | WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, |
sPymbed | 0:1387ff3eed4a | 840 | word32* oidSz, int* algoID, void* heap); |
sPymbed | 0:1387ff3eed4a | 841 | |
sPymbed | 0:1387ff3eed4a | 842 | typedef struct tm wolfssl_tm; |
sPymbed | 0:1387ff3eed4a | 843 | #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \ |
sPymbed | 0:1387ff3eed4a | 844 | defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
sPymbed | 0:1387ff3eed4a | 845 | WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); |
sPymbed | 0:1387ff3eed4a | 846 | #endif |
sPymbed | 0:1387ff3eed4a | 847 | WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, |
sPymbed | 0:1387ff3eed4a | 848 | wolfssl_tm* certTime, int* idx); |
sPymbed | 0:1387ff3eed4a | 849 | WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); |
sPymbed | 0:1387ff3eed4a | 850 | |
sPymbed | 0:1387ff3eed4a | 851 | /* ASN.1 helper functions */ |
sPymbed | 0:1387ff3eed4a | 852 | #ifdef WOLFSSL_CERT_GEN |
sPymbed | 0:1387ff3eed4a | 853 | WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name); |
sPymbed | 0:1387ff3eed4a | 854 | #endif |
sPymbed | 0:1387ff3eed4a | 855 | WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, |
sPymbed | 0:1387ff3eed4a | 856 | word32 maxIdx); |
sPymbed | 0:1387ff3eed4a | 857 | WOLFSSL_LOCAL char* GetSigName(int oid); |
sPymbed | 0:1387ff3eed4a | 858 | WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, |
sPymbed | 0:1387ff3eed4a | 859 | word32 maxIdx); |
sPymbed | 0:1387ff3eed4a | 860 | WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, |
sPymbed | 0:1387ff3eed4a | 861 | word32 maxIdx); |
sPymbed | 0:1387ff3eed4a | 862 | WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, |
sPymbed | 0:1387ff3eed4a | 863 | word32 maxIdx); |
sPymbed | 0:1387ff3eed4a | 864 | WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, |
sPymbed | 0:1387ff3eed4a | 865 | int* version, word32 maxIdx); |
sPymbed | 0:1387ff3eed4a | 866 | WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, |
sPymbed | 0:1387ff3eed4a | 867 | word32 maxIdx); |
sPymbed | 0:1387ff3eed4a | 868 | #ifdef HAVE_OID_ENCODING |
sPymbed | 0:1387ff3eed4a | 869 | WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, |
sPymbed | 0:1387ff3eed4a | 870 | byte* out, word32* outSz); |
sPymbed | 0:1387ff3eed4a | 871 | #endif |
sPymbed | 0:1387ff3eed4a | 872 | #ifdef HAVE_OID_DECODING |
sPymbed | 0:1387ff3eed4a | 873 | WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz, |
sPymbed | 0:1387ff3eed4a | 874 | word16* out, word32* outSz); |
sPymbed | 0:1387ff3eed4a | 875 | #endif |
sPymbed | 0:1387ff3eed4a | 876 | WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, |
sPymbed | 0:1387ff3eed4a | 877 | word32 oidType, word32 maxIdx); |
sPymbed | 0:1387ff3eed4a | 878 | WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, |
sPymbed | 0:1387ff3eed4a | 879 | word32 oidType, word32 maxIdx); |
sPymbed | 0:1387ff3eed4a | 880 | WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); |
sPymbed | 0:1387ff3eed4a | 881 | WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); |
sPymbed | 0:1387ff3eed4a | 882 | WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); |
sPymbed | 0:1387ff3eed4a | 883 | WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output); |
sPymbed | 0:1387ff3eed4a | 884 | WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); |
sPymbed | 0:1387ff3eed4a | 885 | WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); |
sPymbed | 0:1387ff3eed4a | 886 | WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz); |
sPymbed | 0:1387ff3eed4a | 887 | WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); |
sPymbed | 0:1387ff3eed4a | 888 | WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output, |
sPymbed | 0:1387ff3eed4a | 889 | int maxSnSz); |
sPymbed | 0:1387ff3eed4a | 890 | WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, |
sPymbed | 0:1387ff3eed4a | 891 | byte* serial, int* serialSz, word32 maxIdx); |
sPymbed | 0:1387ff3eed4a | 892 | WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, |
sPymbed | 0:1387ff3eed4a | 893 | int maxIdx); |
sPymbed | 0:1387ff3eed4a | 894 | WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); |
sPymbed | 0:1387ff3eed4a | 895 | WOLFSSL_LOCAL int RsaPublicKeyDerSize(RsaKey* key, int with_header); |
sPymbed | 0:1387ff3eed4a | 896 | |
sPymbed | 0:1387ff3eed4a | 897 | #ifdef HAVE_ECC |
sPymbed | 0:1387ff3eed4a | 898 | /* ASN sig helpers */ |
sPymbed | 0:1387ff3eed4a | 899 | WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, |
sPymbed | 0:1387ff3eed4a | 900 | mp_int* s); |
sPymbed | 0:1387ff3eed4a | 901 | WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, |
sPymbed | 0:1387ff3eed4a | 902 | mp_int* r, mp_int* s); |
sPymbed | 0:1387ff3eed4a | 903 | #endif |
sPymbed | 0:1387ff3eed4a | 904 | |
sPymbed | 0:1387ff3eed4a | 905 | WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId); |
sPymbed | 0:1387ff3eed4a | 906 | WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx); |
sPymbed | 0:1387ff3eed4a | 907 | |
sPymbed | 0:1387ff3eed4a | 908 | #ifndef NO_CERTS |
sPymbed | 0:1387ff3eed4a | 909 | |
sPymbed | 0:1387ff3eed4a | 910 | WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, |
sPymbed | 0:1387ff3eed4a | 911 | DerBuffer** pDer, void* heap, EncryptedInfo* info, |
sPymbed | 0:1387ff3eed4a | 912 | int* eccKey); |
sPymbed | 0:1387ff3eed4a | 913 | WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap); |
sPymbed | 0:1387ff3eed4a | 914 | WOLFSSL_LOCAL void FreeDer(DerBuffer** der); |
sPymbed | 0:1387ff3eed4a | 915 | |
sPymbed | 0:1387ff3eed4a | 916 | #endif /* !NO_CERTS */ |
sPymbed | 0:1387ff3eed4a | 917 | |
sPymbed | 0:1387ff3eed4a | 918 | #ifdef WOLFSSL_CERT_GEN |
sPymbed | 0:1387ff3eed4a | 919 | |
sPymbed | 0:1387ff3eed4a | 920 | enum cert_enums { |
sPymbed | 0:1387ff3eed4a | 921 | NAME_ENTRIES = 8, |
sPymbed | 0:1387ff3eed4a | 922 | JOINT_LEN = 2, |
sPymbed | 0:1387ff3eed4a | 923 | EMAIL_JOINT_LEN = 9, |
sPymbed | 0:1387ff3eed4a | 924 | PILOT_JOINT_LEN = 10, |
sPymbed | 0:1387ff3eed4a | 925 | RSA_KEY = 10, |
sPymbed | 0:1387ff3eed4a | 926 | NTRU_KEY = 11, |
sPymbed | 0:1387ff3eed4a | 927 | ECC_KEY = 12, |
sPymbed | 0:1387ff3eed4a | 928 | ED25519_KEY = 13 |
sPymbed | 0:1387ff3eed4a | 929 | }; |
sPymbed | 0:1387ff3eed4a | 930 | |
sPymbed | 0:1387ff3eed4a | 931 | #endif /* WOLFSSL_CERT_GEN */ |
sPymbed | 0:1387ff3eed4a | 932 | |
sPymbed | 0:1387ff3eed4a | 933 | |
sPymbed | 0:1387ff3eed4a | 934 | |
sPymbed | 0:1387ff3eed4a | 935 | /* for pointer use */ |
sPymbed | 0:1387ff3eed4a | 936 | typedef struct CertStatus CertStatus; |
sPymbed | 0:1387ff3eed4a | 937 | |
sPymbed | 0:1387ff3eed4a | 938 | #ifdef HAVE_OCSP |
sPymbed | 0:1387ff3eed4a | 939 | |
sPymbed | 0:1387ff3eed4a | 940 | enum Ocsp_Response_Status { |
sPymbed | 0:1387ff3eed4a | 941 | OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */ |
sPymbed | 0:1387ff3eed4a | 942 | OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */ |
sPymbed | 0:1387ff3eed4a | 943 | OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */ |
sPymbed | 0:1387ff3eed4a | 944 | OCSP_TRY_LATER = 3, /* Try again later */ |
sPymbed | 0:1387ff3eed4a | 945 | OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */ |
sPymbed | 0:1387ff3eed4a | 946 | OCSP_UNAUTHROIZED = 6 /* Request unauthorized */ |
sPymbed | 0:1387ff3eed4a | 947 | }; |
sPymbed | 0:1387ff3eed4a | 948 | |
sPymbed | 0:1387ff3eed4a | 949 | |
sPymbed | 0:1387ff3eed4a | 950 | enum Ocsp_Cert_Status { |
sPymbed | 0:1387ff3eed4a | 951 | CERT_GOOD = 0, |
sPymbed | 0:1387ff3eed4a | 952 | CERT_REVOKED = 1, |
sPymbed | 0:1387ff3eed4a | 953 | CERT_UNKNOWN = 2 |
sPymbed | 0:1387ff3eed4a | 954 | }; |
sPymbed | 0:1387ff3eed4a | 955 | |
sPymbed | 0:1387ff3eed4a | 956 | |
sPymbed | 0:1387ff3eed4a | 957 | enum Ocsp_Sums { |
sPymbed | 0:1387ff3eed4a | 958 | OCSP_BASIC_OID = 117, |
sPymbed | 0:1387ff3eed4a | 959 | OCSP_NONCE_OID = 118 |
sPymbed | 0:1387ff3eed4a | 960 | }; |
sPymbed | 0:1387ff3eed4a | 961 | |
sPymbed | 0:1387ff3eed4a | 962 | #ifdef OPENSSL_EXTRA |
sPymbed | 0:1387ff3eed4a | 963 | enum Ocsp_Verify_Error { |
sPymbed | 0:1387ff3eed4a | 964 | OCSP_VERIFY_ERROR_NONE = 0, |
sPymbed | 0:1387ff3eed4a | 965 | OCSP_BAD_ISSUER = 1 |
sPymbed | 0:1387ff3eed4a | 966 | }; |
sPymbed | 0:1387ff3eed4a | 967 | #endif |
sPymbed | 0:1387ff3eed4a | 968 | |
sPymbed | 0:1387ff3eed4a | 969 | |
sPymbed | 0:1387ff3eed4a | 970 | typedef struct OcspRequest OcspRequest; |
sPymbed | 0:1387ff3eed4a | 971 | typedef struct OcspResponse OcspResponse; |
sPymbed | 0:1387ff3eed4a | 972 | |
sPymbed | 0:1387ff3eed4a | 973 | |
sPymbed | 0:1387ff3eed4a | 974 | struct CertStatus { |
sPymbed | 0:1387ff3eed4a | 975 | CertStatus* next; |
sPymbed | 0:1387ff3eed4a | 976 | |
sPymbed | 0:1387ff3eed4a | 977 | byte serial[EXTERNAL_SERIAL_SIZE]; |
sPymbed | 0:1387ff3eed4a | 978 | int serialSz; |
sPymbed | 0:1387ff3eed4a | 979 | |
sPymbed | 0:1387ff3eed4a | 980 | int status; |
sPymbed | 0:1387ff3eed4a | 981 | |
sPymbed | 0:1387ff3eed4a | 982 | byte thisDate[MAX_DATE_SIZE]; |
sPymbed | 0:1387ff3eed4a | 983 | byte nextDate[MAX_DATE_SIZE]; |
sPymbed | 0:1387ff3eed4a | 984 | byte thisDateFormat; |
sPymbed | 0:1387ff3eed4a | 985 | byte nextDateFormat; |
sPymbed | 0:1387ff3eed4a | 986 | #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
sPymbed | 0:1387ff3eed4a | 987 | byte* thisDateAsn; |
sPymbed | 0:1387ff3eed4a | 988 | byte* nextDateAsn; |
sPymbed | 0:1387ff3eed4a | 989 | #endif |
sPymbed | 0:1387ff3eed4a | 990 | |
sPymbed | 0:1387ff3eed4a | 991 | byte* rawOcspResponse; |
sPymbed | 0:1387ff3eed4a | 992 | word32 rawOcspResponseSz; |
sPymbed | 0:1387ff3eed4a | 993 | }; |
sPymbed | 0:1387ff3eed4a | 994 | |
sPymbed | 0:1387ff3eed4a | 995 | |
sPymbed | 0:1387ff3eed4a | 996 | struct OcspResponse { |
sPymbed | 0:1387ff3eed4a | 997 | int responseStatus; /* return code from Responder */ |
sPymbed | 0:1387ff3eed4a | 998 | |
sPymbed | 0:1387ff3eed4a | 999 | byte* response; /* Pointer to beginning of OCSP Response */ |
sPymbed | 0:1387ff3eed4a | 1000 | word32 responseSz; /* length of the OCSP Response */ |
sPymbed | 0:1387ff3eed4a | 1001 | |
sPymbed | 0:1387ff3eed4a | 1002 | byte producedDate[MAX_DATE_SIZE]; |
sPymbed | 0:1387ff3eed4a | 1003 | /* Date at which this response was signed */ |
sPymbed | 0:1387ff3eed4a | 1004 | byte producedDateFormat; /* format of the producedDate */ |
sPymbed | 0:1387ff3eed4a | 1005 | byte* issuerHash; |
sPymbed | 0:1387ff3eed4a | 1006 | byte* issuerKeyHash; |
sPymbed | 0:1387ff3eed4a | 1007 | |
sPymbed | 0:1387ff3eed4a | 1008 | byte* cert; |
sPymbed | 0:1387ff3eed4a | 1009 | word32 certSz; |
sPymbed | 0:1387ff3eed4a | 1010 | |
sPymbed | 0:1387ff3eed4a | 1011 | byte* sig; /* Pointer to sig in source */ |
sPymbed | 0:1387ff3eed4a | 1012 | word32 sigSz; /* Length in octets for the sig */ |
sPymbed | 0:1387ff3eed4a | 1013 | word32 sigOID; /* OID for hash used for sig */ |
sPymbed | 0:1387ff3eed4a | 1014 | |
sPymbed | 0:1387ff3eed4a | 1015 | CertStatus* status; /* certificate status to fill out */ |
sPymbed | 0:1387ff3eed4a | 1016 | |
sPymbed | 0:1387ff3eed4a | 1017 | byte* nonce; /* pointer to nonce inside ASN.1 response */ |
sPymbed | 0:1387ff3eed4a | 1018 | int nonceSz; /* length of the nonce string */ |
sPymbed | 0:1387ff3eed4a | 1019 | |
sPymbed | 0:1387ff3eed4a | 1020 | byte* source; /* pointer to source buffer, not owned */ |
sPymbed | 0:1387ff3eed4a | 1021 | word32 maxIdx; /* max offset based on init size */ |
sPymbed | 0:1387ff3eed4a | 1022 | |
sPymbed | 0:1387ff3eed4a | 1023 | #ifdef OPENSSL_EXTRA |
sPymbed | 0:1387ff3eed4a | 1024 | int verifyError; |
sPymbed | 0:1387ff3eed4a | 1025 | #endif |
sPymbed | 0:1387ff3eed4a | 1026 | }; |
sPymbed | 0:1387ff3eed4a | 1027 | |
sPymbed | 0:1387ff3eed4a | 1028 | |
sPymbed | 0:1387ff3eed4a | 1029 | struct OcspRequest { |
sPymbed | 0:1387ff3eed4a | 1030 | byte issuerHash[KEYID_SIZE]; |
sPymbed | 0:1387ff3eed4a | 1031 | byte issuerKeyHash[KEYID_SIZE]; |
sPymbed | 0:1387ff3eed4a | 1032 | byte* serial; /* copy of the serial number in source cert */ |
sPymbed | 0:1387ff3eed4a | 1033 | int serialSz; |
sPymbed | 0:1387ff3eed4a | 1034 | byte* url; /* copy of the extAuthInfo in source cert */ |
sPymbed | 0:1387ff3eed4a | 1035 | int urlSz; |
sPymbed | 0:1387ff3eed4a | 1036 | |
sPymbed | 0:1387ff3eed4a | 1037 | byte nonce[MAX_OCSP_NONCE_SZ]; |
sPymbed | 0:1387ff3eed4a | 1038 | int nonceSz; |
sPymbed | 0:1387ff3eed4a | 1039 | void* heap; |
sPymbed | 0:1387ff3eed4a | 1040 | void* ssl; |
sPymbed | 0:1387ff3eed4a | 1041 | }; |
sPymbed | 0:1387ff3eed4a | 1042 | |
sPymbed | 0:1387ff3eed4a | 1043 | |
sPymbed | 0:1387ff3eed4a | 1044 | WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); |
sPymbed | 0:1387ff3eed4a | 1045 | WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int); |
sPymbed | 0:1387ff3eed4a | 1046 | |
sPymbed | 0:1387ff3eed4a | 1047 | WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*); |
sPymbed | 0:1387ff3eed4a | 1048 | WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*); |
sPymbed | 0:1387ff3eed4a | 1049 | WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32); |
sPymbed | 0:1387ff3eed4a | 1050 | WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32); |
sPymbed | 0:1387ff3eed4a | 1051 | |
sPymbed | 0:1387ff3eed4a | 1052 | |
sPymbed | 0:1387ff3eed4a | 1053 | WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*); |
sPymbed | 0:1387ff3eed4a | 1054 | |
sPymbed | 0:1387ff3eed4a | 1055 | |
sPymbed | 0:1387ff3eed4a | 1056 | #endif /* HAVE_OCSP */ |
sPymbed | 0:1387ff3eed4a | 1057 | |
sPymbed | 0:1387ff3eed4a | 1058 | |
sPymbed | 0:1387ff3eed4a | 1059 | /* for pointer use */ |
sPymbed | 0:1387ff3eed4a | 1060 | typedef struct RevokedCert RevokedCert; |
sPymbed | 0:1387ff3eed4a | 1061 | |
sPymbed | 0:1387ff3eed4a | 1062 | #ifdef HAVE_CRL |
sPymbed | 0:1387ff3eed4a | 1063 | |
sPymbed | 0:1387ff3eed4a | 1064 | struct RevokedCert { |
sPymbed | 0:1387ff3eed4a | 1065 | byte serialNumber[EXTERNAL_SERIAL_SIZE]; |
sPymbed | 0:1387ff3eed4a | 1066 | int serialSz; |
sPymbed | 0:1387ff3eed4a | 1067 | RevokedCert* next; |
sPymbed | 0:1387ff3eed4a | 1068 | }; |
sPymbed | 0:1387ff3eed4a | 1069 | |
sPymbed | 0:1387ff3eed4a | 1070 | typedef struct DecodedCRL DecodedCRL; |
sPymbed | 0:1387ff3eed4a | 1071 | |
sPymbed | 0:1387ff3eed4a | 1072 | struct DecodedCRL { |
sPymbed | 0:1387ff3eed4a | 1073 | word32 certBegin; /* offset to start of cert */ |
sPymbed | 0:1387ff3eed4a | 1074 | word32 sigIndex; /* offset to start of signature */ |
sPymbed | 0:1387ff3eed4a | 1075 | word32 sigLength; /* length of signature */ |
sPymbed | 0:1387ff3eed4a | 1076 | word32 signatureOID; /* sum of algorithm object id */ |
sPymbed | 0:1387ff3eed4a | 1077 | byte* signature; /* pointer into raw source, not owned */ |
sPymbed | 0:1387ff3eed4a | 1078 | byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */ |
sPymbed | 0:1387ff3eed4a | 1079 | byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */ |
sPymbed | 0:1387ff3eed4a | 1080 | byte lastDate[MAX_DATE_SIZE]; /* last date updated */ |
sPymbed | 0:1387ff3eed4a | 1081 | byte nextDate[MAX_DATE_SIZE]; /* next update date */ |
sPymbed | 0:1387ff3eed4a | 1082 | byte lastDateFormat; /* format of last date */ |
sPymbed | 0:1387ff3eed4a | 1083 | byte nextDateFormat; /* format of next date */ |
sPymbed | 0:1387ff3eed4a | 1084 | RevokedCert* certs; /* revoked cert list */ |
sPymbed | 0:1387ff3eed4a | 1085 | int totalCerts; /* number on list */ |
sPymbed | 0:1387ff3eed4a | 1086 | void* heap; |
sPymbed | 0:1387ff3eed4a | 1087 | }; |
sPymbed | 0:1387ff3eed4a | 1088 | |
sPymbed | 0:1387ff3eed4a | 1089 | WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*, void* heap); |
sPymbed | 0:1387ff3eed4a | 1090 | WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx, |
sPymbed | 0:1387ff3eed4a | 1091 | const byte* toBeSigned, word32 tbsSz, |
sPymbed | 0:1387ff3eed4a | 1092 | const byte* signature, word32 sigSz, |
sPymbed | 0:1387ff3eed4a | 1093 | word32 signatureOID, Signer *ca, |
sPymbed | 0:1387ff3eed4a | 1094 | void* heap); |
sPymbed | 0:1387ff3eed4a | 1095 | WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm); |
sPymbed | 0:1387ff3eed4a | 1096 | WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*); |
sPymbed | 0:1387ff3eed4a | 1097 | |
sPymbed | 0:1387ff3eed4a | 1098 | |
sPymbed | 0:1387ff3eed4a | 1099 | #endif /* HAVE_CRL */ |
sPymbed | 0:1387ff3eed4a | 1100 | |
sPymbed | 0:1387ff3eed4a | 1101 | |
sPymbed | 0:1387ff3eed4a | 1102 | #ifdef __cplusplus |
sPymbed | 0:1387ff3eed4a | 1103 | } /* extern "C" */ |
sPymbed | 0:1387ff3eed4a | 1104 | #endif |
sPymbed | 0:1387ff3eed4a | 1105 | |
sPymbed | 0:1387ff3eed4a | 1106 | #endif /* !NO_ASN */ |
sPymbed | 0:1387ff3eed4a | 1107 | |
sPymbed | 0:1387ff3eed4a | 1108 | |
sPymbed | 0:1387ff3eed4a | 1109 | #if !defined(NO_ASN) || !defined(NO_PWDBASED) |
sPymbed | 0:1387ff3eed4a | 1110 | |
sPymbed | 0:1387ff3eed4a | 1111 | #ifndef MAX_KEY_SIZE |
sPymbed | 0:1387ff3eed4a | 1112 | #define MAX_KEY_SIZE 64 /* MAX PKCS Key length */ |
sPymbed | 0:1387ff3eed4a | 1113 | #endif |
sPymbed | 0:1387ff3eed4a | 1114 | #ifndef MAX_UNICODE_SZ |
sPymbed | 0:1387ff3eed4a | 1115 | #define MAX_UNICODE_SZ 256 |
sPymbed | 0:1387ff3eed4a | 1116 | #endif |
sPymbed | 0:1387ff3eed4a | 1117 | |
sPymbed | 0:1387ff3eed4a | 1118 | enum PBESTypes { |
sPymbed | 0:1387ff3eed4a | 1119 | PBE_MD5_DES = 0, |
sPymbed | 0:1387ff3eed4a | 1120 | PBE_SHA1_RC4_128 = 1, |
sPymbed | 0:1387ff3eed4a | 1121 | PBE_SHA1_DES = 2, |
sPymbed | 0:1387ff3eed4a | 1122 | PBE_SHA1_DES3 = 3, |
sPymbed | 0:1387ff3eed4a | 1123 | PBE_AES256_CBC = 4, |
sPymbed | 0:1387ff3eed4a | 1124 | |
sPymbed | 0:1387ff3eed4a | 1125 | PBE_SHA1_RC4_128_SUM = 657, |
sPymbed | 0:1387ff3eed4a | 1126 | PBE_SHA1_DES3_SUM = 659, |
sPymbed | 0:1387ff3eed4a | 1127 | PBES2 = 13 /* algo ID */ |
sPymbed | 0:1387ff3eed4a | 1128 | }; |
sPymbed | 0:1387ff3eed4a | 1129 | |
sPymbed | 0:1387ff3eed4a | 1130 | enum PKCSTypes { |
sPymbed | 0:1387ff3eed4a | 1131 | PKCS5v2 = 6, /* PKCS #5 v2.0 */ |
sPymbed | 0:1387ff3eed4a | 1132 | PKCS12v1 = 12, /* PKCS #12 */ |
sPymbed | 0:1387ff3eed4a | 1133 | PKCS5 = 5, /* PKCS oid tag */ |
sPymbed | 0:1387ff3eed4a | 1134 | PKCS8v0 = 0, /* default PKCS#8 version */ |
sPymbed | 0:1387ff3eed4a | 1135 | }; |
sPymbed | 0:1387ff3eed4a | 1136 | |
sPymbed | 0:1387ff3eed4a | 1137 | #endif /* !NO_ASN || !NO_PWDBASED */ |
sPymbed | 0:1387ff3eed4a | 1138 | |
sPymbed | 0:1387ff3eed4a | 1139 | #endif /* WOLF_CRYPT_ASN_H */ |
sPymbed | 0:1387ff3eed4a | 1140 |