Todd Ouska / CyaSSL

CyaSSL is an SSL library for devices like mbed.

Dependents:   cyassl-client Sync

asn.h@0:5045d2638c29, 2011-02-05 (annotated)

Committer:
toddouska
Date:
Sat Feb 05 01:09:17 2011 +0000
Revision:
0:5045d2638c29
Beta Version

Who changed what in which revision?

UserRevisionLine numberNew contents of line
toddouska 0:5045d2638c29 1 /* asn.h
toddouska 0:5045d2638c29 2 *
toddouska 0:5045d2638c29 3 * Copyright (C) 2006-2009 Sawtooth Consulting Ltd.
toddouska 0:5045d2638c29 4 *
toddouska 0:5045d2638c29 5 * This file is part of CyaSSL.
toddouska 0:5045d2638c29 6 *
toddouska 0:5045d2638c29 7 * CyaSSL is free software; you can redistribute it and/or modify
toddouska 0:5045d2638c29 8 * it under the terms of the GNU General Public License as published by
toddouska 0:5045d2638c29 9 * the Free Software Foundation; either version 2 of the License, or
toddouska 0:5045d2638c29 10 * (at your option) any later version.
toddouska 0:5045d2638c29 11 *
toddouska 0:5045d2638c29 12 * CyaSSL is distributed in the hope that it will be useful,
toddouska 0:5045d2638c29 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
toddouska 0:5045d2638c29 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
toddouska 0:5045d2638c29 15 * GNU General Public License for more details.
toddouska 0:5045d2638c29 16 *
toddouska 0:5045d2638c29 17 * You should have received a copy of the GNU General Public License
toddouska 0:5045d2638c29 18 * along with this program; if not, write to the Free Software
toddouska 0:5045d2638c29 19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
toddouska 0:5045d2638c29 20 */
toddouska 0:5045d2638c29 21
toddouska 0:5045d2638c29 22
toddouska 0:5045d2638c29 23 #ifndef CTAO_CRYPT_ASN_H
toddouska 0:5045d2638c29 24 #define CTAO_CRYPT_ASN_H
toddouska 0:5045d2638c29 25
toddouska 0:5045d2638c29 26 #include "types.h"
toddouska 0:5045d2638c29 27 #include "ctc_rsa.h"
toddouska 0:5045d2638c29 28 #include "ctc_dh.h"
toddouska 0:5045d2638c29 29 #include "ctc_dsa.h"
toddouska 0:5045d2638c29 30 #include "ctc_sha.h"
toddouska 0:5045d2638c29 31
toddouska 0:5045d2638c29 32
toddouska 0:5045d2638c29 33 #ifdef __cplusplus
toddouska 0:5045d2638c29 34 extern "C" {
toddouska 0:5045d2638c29 35 #endif
toddouska 0:5045d2638c29 36
toddouska 0:5045d2638c29 37 /* ASN Tags */
toddouska 0:5045d2638c29 38 enum ASN_Tags {
toddouska 0:5045d2638c29 39 ASN_INTEGER = 0x02,
toddouska 0:5045d2638c29 40 ASN_BIT_STRING = 0x03,
toddouska 0:5045d2638c29 41 ASN_OCTET_STRING = 0x04,
toddouska 0:5045d2638c29 42 ASN_TAG_NULL = 0x05,
toddouska 0:5045d2638c29 43 ASN_OBJECT_ID = 0x06,
toddouska 0:5045d2638c29 44 ASN_SEQUENCE = 0x10,
toddouska 0:5045d2638c29 45 ASN_SET = 0x11,
toddouska 0:5045d2638c29 46 ASN_UTC_TIME = 0x17,
toddouska 0:5045d2638c29 47 ASN_GENERALIZED_TIME = 0x18,
toddouska 0:5045d2638c29 48 ASN_LONG_LENGTH = 0x80
toddouska 0:5045d2638c29 49 };
toddouska 0:5045d2638c29 50
toddouska 0:5045d2638c29 51
toddouska 0:5045d2638c29 52 enum ASN_Flags{
toddouska 0:5045d2638c29 53 ASN_CONSTRUCTED = 0x20,
toddouska 0:5045d2638c29 54 ASN_CONTEXT_SPECIFIC = 0x80
toddouska 0:5045d2638c29 55 };
toddouska 0:5045d2638c29 56
toddouska 0:5045d2638c29 57 enum DN_Tags {
toddouska 0:5045d2638c29 58 ASN_COMMON_NAME = 0x03, /* CN */
toddouska 0:5045d2638c29 59 ASN_SUR_NAME = 0x04, /* SN */
toddouska 0:5045d2638c29 60 ASN_COUNTRY_NAME = 0x06, /* C */
toddouska 0:5045d2638c29 61 ASN_LOCALITY_NAME = 0x07, /* L */
toddouska 0:5045d2638c29 62 ASN_STATE_NAME = 0x08, /* ST */
toddouska 0:5045d2638c29 63 ASN_ORG_NAME = 0x0a, /* O */
toddouska 0:5045d2638c29 64 ASN_ORGUNIT_NAME = 0x0b /* OU */
toddouska 0:5045d2638c29 65 };
toddouska 0:5045d2638c29 66
toddouska 0:5045d2638c29 67 enum Misc_ASN {
toddouska 0:5045d2638c29 68 ASN_NAME_MAX = 256,
toddouska 0:5045d2638c29 69 SHA_SIZE = 20,
toddouska 0:5045d2638c29 70 RSA_INTS = 8, /* RSA ints in private key */
toddouska 0:5045d2638c29 71 MIN_DATE_SIZE = 13,
toddouska 0:5045d2638c29 72 MAX_DATE_SIZE = 32,
toddouska 0:5045d2638c29 73 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
toddouska 0:5045d2638c29 74 MAX_ENCODED_SIG_SZ = 512,
toddouska 0:5045d2638c29 75 MAX_SIG_SZ = 256,
toddouska 0:5045d2638c29 76 MAX_ALGO_SZ = 20,
toddouska 0:5045d2638c29 77 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
toddouska 0:5045d2638c29 78 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
toddouska 0:5045d2638c29 79 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
toddouska 0:5045d2638c29 80 MAX_ENCODED_DIG_SZ = 25, /* sha + enum(bit or octet) + legnth(4) */
toddouska 0:5045d2638c29 81 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
toddouska 0:5045d2638c29 82 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
toddouska 0:5045d2638c29 83 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
toddouska 0:5045d2638c29 84 MAX_RSA_E_SZ = 16, /* Max RSA public e size */
toddouska 0:5045d2638c29 85 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
toddouska 0:5045d2638c29 86 /* use bigger NTRU size */
toddouska 0:5045d2638c29 87 MAX_LENGTH_SZ = 4
toddouska 0:5045d2638c29 88 };
toddouska 0:5045d2638c29 89
toddouska 0:5045d2638c29 90
toddouska 0:5045d2638c29 91 enum Oid_Types {
toddouska 0:5045d2638c29 92 hashType = 0,
toddouska 0:5045d2638c29 93 sigType = 1,
toddouska 0:5045d2638c29 94 keyType = 2
toddouska 0:5045d2638c29 95 };
toddouska 0:5045d2638c29 96
toddouska 0:5045d2638c29 97
toddouska 0:5045d2638c29 98 enum Sig_Sum {
toddouska 0:5045d2638c29 99 SHAwDSA = 517,
toddouska 0:5045d2638c29 100 MD2wRSA = 646,
toddouska 0:5045d2638c29 101 MD5wRSA = 648,
toddouska 0:5045d2638c29 102 SHAwRSA = 649
toddouska 0:5045d2638c29 103 };
toddouska 0:5045d2638c29 104
toddouska 0:5045d2638c29 105 enum Hash_Sum {
toddouska 0:5045d2638c29 106 MD2h = 646,
toddouska 0:5045d2638c29 107 MD5h = 649,
toddouska 0:5045d2638c29 108 SHAh = 88
toddouska 0:5045d2638c29 109 };
toddouska 0:5045d2638c29 110
toddouska 0:5045d2638c29 111 enum Key_Sum {
toddouska 0:5045d2638c29 112 DSAk = 515,
toddouska 0:5045d2638c29 113 RSAk = 645,
toddouska 0:5045d2638c29 114 NTRUk = 364
toddouska 0:5045d2638c29 115 };
toddouska 0:5045d2638c29 116
toddouska 0:5045d2638c29 117
toddouska 0:5045d2638c29 118 /* Certificate file Type */
toddouska 0:5045d2638c29 119 enum CertType {
toddouska 0:5045d2638c29 120 CERT_TYPE = 0,
toddouska 0:5045d2638c29 121 PRIVATEKEY_TYPE,
toddouska 0:5045d2638c29 122 CA_TYPE
toddouska 0:5045d2638c29 123 };
toddouska 0:5045d2638c29 124
toddouska 0:5045d2638c29 125
toddouska 0:5045d2638c29 126 enum VerifyType {
toddouska 0:5045d2638c29 127 NO_VERIFY = 0,
toddouska 0:5045d2638c29 128 VERIFY = 1
toddouska 0:5045d2638c29 129 };
toddouska 0:5045d2638c29 130
toddouska 0:5045d2638c29 131
toddouska 0:5045d2638c29 132 typedef struct DecodedCert {
toddouska 0:5045d2638c29 133 byte* publicKey;
toddouska 0:5045d2638c29 134 word32 pubKeySize;
toddouska 0:5045d2638c29 135 int pubKeyStored;
toddouska 0:5045d2638c29 136 word32 certBegin; /* offset to start of cert */
toddouska 0:5045d2638c29 137 word32 sigIndex; /* offset to start of signature */
toddouska 0:5045d2638c29 138 word32 sigLength; /* length of signature */
toddouska 0:5045d2638c29 139 word32 signatureOID; /* sum of algorithm object id */
toddouska 0:5045d2638c29 140 word32 keyOID; /* sum of key algo object id */
toddouska 0:5045d2638c29 141 byte subjectHash[SHA_SIZE]; /* hash of all Names */
toddouska 0:5045d2638c29 142 byte issuerHash[SHA_SIZE]; /* hash of all Names */
toddouska 0:5045d2638c29 143 byte* signature; /* not owned, points into raw cert */
toddouska 0:5045d2638c29 144 char* subjectCN; /* CommonName */
toddouska 0:5045d2638c29 145 int subjectCNLen;
toddouska 0:5045d2638c29 146 char issuer[ASN_NAME_MAX]; /* full name including common name */
toddouska 0:5045d2638c29 147 char subject[ASN_NAME_MAX]; /* full name including common name */
toddouska 0:5045d2638c29 148 int verify; /* Default to yes, but could be off */
toddouska 0:5045d2638c29 149 byte* source; /* byte buffer holder cert, NOT owner */
toddouska 0:5045d2638c29 150 word32 srcIdx; /* current offset into buffer */
toddouska 0:5045d2638c29 151 void* heap; /* for user memory overrides */
toddouska 0:5045d2638c29 152 #ifdef CYASSL_CERT_GEN
toddouska 0:5045d2638c29 153 /* easy access to sujbect info for other sign */
toddouska 0:5045d2638c29 154 char* subjectSN;
toddouska 0:5045d2638c29 155 int subjectSNLen;
toddouska 0:5045d2638c29 156 char* subjectC;
toddouska 0:5045d2638c29 157 int subjectCLen;
toddouska 0:5045d2638c29 158 char* subjectL;
toddouska 0:5045d2638c29 159 int subjectLLen;
toddouska 0:5045d2638c29 160 char* subjectST;
toddouska 0:5045d2638c29 161 int subjectSTLen;
toddouska 0:5045d2638c29 162 char* subjectO;
toddouska 0:5045d2638c29 163 int subjectOLen;
toddouska 0:5045d2638c29 164 char* subjectOU;
toddouska 0:5045d2638c29 165 int subjectOULen;
toddouska 0:5045d2638c29 166 char* subjectEmail;
toddouska 0:5045d2638c29 167 int subjectEmailLen;
toddouska 0:5045d2638c29 168 #endif /* CYASSL_CERT_GEN */
toddouska 0:5045d2638c29 169 } DecodedCert;
toddouska 0:5045d2638c29 170
toddouska 0:5045d2638c29 171
toddouska 0:5045d2638c29 172 typedef struct Signer Signer;
toddouska 0:5045d2638c29 173
toddouska 0:5045d2638c29 174 /* CA Signers */
toddouska 0:5045d2638c29 175 struct Signer {
toddouska 0:5045d2638c29 176 byte* publicKey;
toddouska 0:5045d2638c29 177 word32 pubKeySize;
toddouska 0:5045d2638c29 178 word32 keyOID; /* key type */
toddouska 0:5045d2638c29 179 char* name; /* common name */
toddouska 0:5045d2638c29 180 byte hash[SHA_DIGEST_SIZE]; /* sha hash of names in certificate */
toddouska 0:5045d2638c29 181 Signer* next;
toddouska 0:5045d2638c29 182 };
toddouska 0:5045d2638c29 183
toddouska 0:5045d2638c29 184
toddouska 0:5045d2638c29 185 void InitDecodedCert(DecodedCert*, byte*, void*);
toddouska 0:5045d2638c29 186 void FreeDecodedCert(DecodedCert*);
toddouska 0:5045d2638c29 187 int ParseCert(DecodedCert*, word32, int type, int verify, Signer* signer);
toddouska 0:5045d2638c29 188 int ParseCertRelative(DecodedCert*, word32, int type, int verify,
toddouska 0:5045d2638c29 189 Signer* signer);
toddouska 0:5045d2638c29 190
toddouska 0:5045d2638c29 191 word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,int hashOID);
toddouska 0:5045d2638c29 192
toddouska 0:5045d2638c29 193 Signer* MakeSigner(void*);
toddouska 0:5045d2638c29 194 void FreeSigners(Signer*, void*);
toddouska 0:5045d2638c29 195
toddouska 0:5045d2638c29 196
toddouska 0:5045d2638c29 197 int RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32);
toddouska 0:5045d2638c29 198 int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32);
toddouska 0:5045d2638c29 199 int ToTraditional(byte* buffer, word32 length);
toddouska 0:5045d2638c29 200
toddouska 0:5045d2638c29 201 #ifndef NO_DH
toddouska 0:5045d2638c29 202 int DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32);
toddouska 0:5045d2638c29 203 int DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz);
toddouska 0:5045d2638c29 204 #endif
toddouska 0:5045d2638c29 205
toddouska 0:5045d2638c29 206 #ifndef NO_DSA
toddouska 0:5045d2638c29 207 int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32);
toddouska 0:5045d2638c29 208 int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32);
toddouska 0:5045d2638c29 209 #endif
toddouska 0:5045d2638c29 210
toddouska 0:5045d2638c29 211 #ifdef CYASSL_KEY_GEN
toddouska 0:5045d2638c29 212 int RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
toddouska 0:5045d2638c29 213 #endif
toddouska 0:5045d2638c29 214
toddouska 0:5045d2638c29 215
toddouska 0:5045d2638c29 216 #if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN)
toddouska 0:5045d2638c29 217 int DerToPem(const byte* der, word32 derSz, byte* output, word32 outputSz,
toddouska 0:5045d2638c29 218 int type);
toddouska 0:5045d2638c29 219 #endif
toddouska 0:5045d2638c29 220
toddouska 0:5045d2638c29 221 #ifdef CYASSL_CERT_GEN
toddouska 0:5045d2638c29 222
toddouska 0:5045d2638c29 223 enum cert_enums {
toddouska 0:5045d2638c29 224 SERIAL_SIZE = 8,
toddouska 0:5045d2638c29 225 NAME_SIZE = 64,
toddouska 0:5045d2638c29 226 NAME_ENTRIES = 8,
toddouska 0:5045d2638c29 227 JOINT_LEN = 2,
toddouska 0:5045d2638c29 228 EMAIL_JOINT_LEN = 9,
toddouska 0:5045d2638c29 229 RSA_KEY = 10,
toddouska 0:5045d2638c29 230 NTRU_KEY = 11
toddouska 0:5045d2638c29 231 };
toddouska 0:5045d2638c29 232
toddouska 0:5045d2638c29 233
toddouska 0:5045d2638c29 234 typedef struct CertName {
toddouska 0:5045d2638c29 235 char country[NAME_SIZE];
toddouska 0:5045d2638c29 236 char state[NAME_SIZE];
toddouska 0:5045d2638c29 237 char locality[NAME_SIZE];
toddouska 0:5045d2638c29 238 char sur[NAME_SIZE];
toddouska 0:5045d2638c29 239 char org[NAME_SIZE];
toddouska 0:5045d2638c29 240 char unit[NAME_SIZE];
toddouska 0:5045d2638c29 241 char commonName[NAME_SIZE];
toddouska 0:5045d2638c29 242 char email[NAME_SIZE]; /* !!!! email has to be last !!!! */
toddouska 0:5045d2638c29 243 } CertName;
toddouska 0:5045d2638c29 244
toddouska 0:5045d2638c29 245
toddouska 0:5045d2638c29 246 /* for user to fill for certificate generation */
toddouska 0:5045d2638c29 247 typedef struct Cert {
toddouska 0:5045d2638c29 248 int version; /* x509 version */
toddouska 0:5045d2638c29 249 byte serial[SERIAL_SIZE]; /* serial number */
toddouska 0:5045d2638c29 250 int sigType; /* signature algo type */
toddouska 0:5045d2638c29 251 CertName issuer; /* issuer info */
toddouska 0:5045d2638c29 252 int daysValid; /* validity days */
toddouska 0:5045d2638c29 253 int selfSigned; /* self signed flag */
toddouska 0:5045d2638c29 254 CertName subject; /* subject info */
toddouska 0:5045d2638c29 255 /* internal use only */
toddouska 0:5045d2638c29 256 int bodySz; /* pre sign total size */
toddouska 0:5045d2638c29 257 int keyType; /* public key type of subject */
toddouska 0:5045d2638c29 258 } Cert;
toddouska 0:5045d2638c29 259
toddouska 0:5045d2638c29 260
toddouska 0:5045d2638c29 261 /* Initialize and Set Certficate defaults:
toddouska 0:5045d2638c29 262 version = 3 (0x2)
toddouska 0:5045d2638c29 263 serial = 0 (Will be randomly generated)
toddouska 0:5045d2638c29 264 sigType = MD5_WITH_RSA
toddouska 0:5045d2638c29 265 issuer = blank
toddouska 0:5045d2638c29 266 daysValid = 500
toddouska 0:5045d2638c29 267 selfSigned = 1 (true) use subject as issuer
toddouska 0:5045d2638c29 268 subject = blank
toddouska 0:5045d2638c29 269 keyType = RSA_KEY (default)
toddouska 0:5045d2638c29 270 */
toddouska 0:5045d2638c29 271 void InitCert(Cert*);
toddouska 0:5045d2638c29 272 int MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
toddouska 0:5045d2638c29 273 int SignCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
toddouska 0:5045d2638c29 274 int MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*);
toddouska 0:5045d2638c29 275 int SetIssuer(Cert*, const char*);
toddouska 0:5045d2638c29 276 #ifdef HAVE_NTRU
toddouska 0:5045d2638c29 277 int MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, const byte* ntruKey,
toddouska 0:5045d2638c29 278 word16 keySz, RNG*);
toddouska 0:5045d2638c29 279 #endif
toddouska 0:5045d2638c29 280
toddouska 0:5045d2638c29 281
toddouska 0:5045d2638c29 282 #endif /* CYASSL_CERT_GEN */
toddouska 0:5045d2638c29 283
toddouska 0:5045d2638c29 284
toddouska 0:5045d2638c29 285 #ifdef __cplusplus
toddouska 0:5045d2638c29 286 } /* extern "C" */
toddouska 0:5045d2638c29 287 #endif
toddouska 0:5045d2638c29 288
toddouska 0:5045d2638c29 289 #endif /* CTAO_CRYPT_ASN_H */
toddouska 0:5045d2638c29 290