wolf SSL
/
CyaSSL-2.9.4
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
asn.h
00001 /* asn.h 00002 * 00003 * Copyright (C) 2006-2013 wolfSSL Inc. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 00020 */ 00021 00022 #ifndef NO_ASN 00023 00024 #ifndef CTAO_CRYPT_ASN_H 00025 #define CTAO_CRYPT_ASN_H 00026 00027 #include <cyassl/ctaocrypt/types.h> 00028 #include <cyassl/ctaocrypt/rsa.h> 00029 #include <cyassl/ctaocrypt/dh.h> 00030 #include <cyassl/ctaocrypt/dsa.h> 00031 #include <cyassl/ctaocrypt/sha.h> 00032 #include <cyassl/ctaocrypt/md5.h> 00033 #include <cyassl/ctaocrypt/asn_public.h> /* public interface */ 00034 #ifdef HAVE_ECC 00035 #include <cyassl/ctaocrypt/ecc.h> 00036 #endif 00037 00038 #ifdef __cplusplus 00039 extern "C" { 00040 #endif 00041 00042 00043 enum { 00044 ISSUER = 0, 00045 SUBJECT = 1, 00046 00047 EXTERNAL_SERIAL_SIZE = 32, 00048 00049 BEFORE = 0, 00050 AFTER = 1 00051 }; 00052 00053 /* ASN Tags */ 00054 enum ASN_Tags { 00055 ASN_BOOLEAN = 0x01, 00056 ASN_INTEGER = 0x02, 00057 ASN_BIT_STRING = 0x03, 00058 ASN_OCTET_STRING = 0x04, 00059 ASN_TAG_NULL = 0x05, 00060 ASN_OBJECT_ID = 0x06, 00061 ASN_ENUMERATED = 0x0a, 00062 ASN_UTF8STRING = 0x0c, 00063 ASN_SEQUENCE = 0x10, 00064 ASN_SET = 0x11, 00065 ASN_UTC_TIME = 0x17, 00066 ASN_OTHER_TYPE = 0x00, 00067 ASN_DNS_TYPE = 0x02, 00068 ASN_GENERALIZED_TIME = 0x18, 00069 CRL_EXTENSIONS = 0xa0, 00070 ASN_EXTENSIONS = 0xa3, 00071 ASN_LONG_LENGTH = 0x80 00072 }; 00073 00074 enum ASN_Flags{ 00075 ASN_CONSTRUCTED = 0x20, 00076 ASN_CONTEXT_SPECIFIC = 0x80 00077 }; 00078 00079 enum DN_Tags { 00080 ASN_COMMON_NAME = 0x03, /* CN */ 00081 ASN_SUR_NAME = 0x04, /* SN */ 00082 ASN_SERIAL_NUMBER = 0x05, /* serialNumber */ 00083 ASN_COUNTRY_NAME = 0x06, /* C */ 00084 ASN_LOCALITY_NAME = 0x07, /* L */ 00085 ASN_STATE_NAME = 0x08, /* ST */ 00086 ASN_ORG_NAME = 0x0a, /* O */ 00087 ASN_ORGUNIT_NAME = 0x0b /* OU */ 00088 }; 00089 00090 enum PBES { 00091 PBE_MD5_DES = 0, 00092 PBE_SHA1_DES = 1, 00093 PBE_SHA1_DES3 = 2, 00094 PBE_SHA1_RC4_128 = 3, 00095 PBES2 = 13 /* algo ID */ 00096 }; 00097 00098 enum ENCRYPTION_TYPES { 00099 DES_TYPE = 0, 00100 DES3_TYPE = 1, 00101 RC4_TYPE = 2 00102 }; 00103 00104 enum ECC_TYPES { 00105 ECC_PREFIX_0 = 160, 00106 ECC_PREFIX_1 = 161 00107 }; 00108 00109 enum Misc_ASN { 00110 ASN_NAME_MAX = 256, 00111 MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ 00112 MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ 00113 MAX_KEY_SIZE = 64, /* MAX PKCS Key length */ 00114 PKCS5 = 5, /* PKCS oid tag */ 00115 PKCS5v2 = 6, /* PKCS #5 v2.0 */ 00116 PKCS12 = 12, /* PKCS #12 */ 00117 MAX_UNICODE_SZ = 256, 00118 ASN_BOOL_SIZE = 2, /* including type */ 00119 SHA_SIZE = 20, 00120 RSA_INTS = 8, /* RSA ints in private key */ 00121 MIN_DATE_SIZE = 13, 00122 MAX_DATE_SIZE = 32, 00123 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ 00124 MAX_ENCODED_SIG_SZ = 512, 00125 MAX_SIG_SZ = 256, 00126 MAX_ALGO_SZ = 20, 00127 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ 00128 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ 00129 MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ 00130 MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */ 00131 MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ 00132 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ 00133 MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */ 00134 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ 00135 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ 00136 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ 00137 MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ 00138 MAX_RSA_E_SZ = 16, /* Max RSA public e size */ 00139 MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ 00140 MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ 00141 #ifdef CYASSL_CERT_GEN 00142 #ifdef CYASSL_CERT_REQ 00143 /* Max encoded cert req attributes length */ 00144 MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + 00145 MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ 00146 #endif 00147 #ifdef CYASSL_ALT_NAMES 00148 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, 00149 #else 00150 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, 00151 #endif 00152 /* Max total extensions, id + len + others */ 00153 #endif 00154 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ 00155 MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */ 00156 EIGHTK_BUF = 8192, /* Tmp buffer size */ 00157 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2 00158 /* use bigger NTRU size */ 00159 }; 00160 00161 00162 enum Oid_Types { 00163 hashType = 0, 00164 sigType = 1, 00165 keyType = 2, 00166 curveType = 3, 00167 blkType = 4 00168 }; 00169 00170 00171 enum Hash_Sum { 00172 MD2h = 646, 00173 MD5h = 649, 00174 SHAh = 88, 00175 SHA256h = 414, 00176 SHA384h = 415, 00177 SHA512h = 416 00178 }; 00179 00180 00181 enum Block_Sum { 00182 DESb = 69, 00183 DES3b = 652 00184 }; 00185 00186 00187 enum Key_Sum { 00188 DSAk = 515, 00189 RSAk = 645, 00190 NTRUk = 364, 00191 ECDSAk = 518 00192 }; 00193 00194 00195 enum Ecc_Sum { 00196 ECC_256R1 = 526, 00197 ECC_384R1 = 210, 00198 ECC_521R1 = 211, 00199 ECC_160R1 = 184, 00200 ECC_192R1 = 520, 00201 ECC_224R1 = 209 00202 }; 00203 00204 00205 enum KDF_Sum { 00206 PBKDF2_OID = 660 00207 }; 00208 00209 00210 enum Extensions_Sum { 00211 BASIC_CA_OID = 133, 00212 ALT_NAMES_OID = 131, 00213 CRL_DIST_OID = 145, 00214 AUTH_INFO_OID = 69, 00215 CA_ISSUER_OID = 117, 00216 AUTH_KEY_OID = 149, 00217 SUBJ_KEY_OID = 128, 00218 CERT_POLICY_OID = 146, 00219 KEY_USAGE_OID = 129, /* 2.5.29.15 */ 00220 INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ 00221 EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ 00222 }; 00223 00224 enum CertificatePolicy_Sum { 00225 CP_ANY_OID = 146 /* id-ce 32 0 */ 00226 }; 00227 00228 enum SepHardwareName_Sum { 00229 HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ 00230 }; 00231 00232 enum AuthInfo_Sum { 00233 AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ 00234 AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */ 00235 }; 00236 00237 enum ExtKeyUsage_Sum { /* From RFC 5280 */ 00238 EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */ 00239 EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */ 00240 EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */ 00241 EKU_OCSP_SIGN_OID = 79, /* 1.3.6.1.5.5.7.3.9, OCSPSigning */ 00242 }; 00243 00244 00245 enum VerifyType { 00246 NO_VERIFY = 0, 00247 VERIFY = 1 00248 }; 00249 00250 00251 /* Key usage extension bits */ 00252 #define KEYUSE_DIGITAL_SIG 0x0100 00253 #define KEYUSE_CONTENT_COMMIT 0x0080 00254 #define KEYUSE_KEY_ENCIPHER 0x0040 00255 #define KEYUSE_DATA_ENCIPHER 0x0020 00256 #define KEYUSE_KEY_AGREE 0x0010 00257 #define KEYUSE_KEY_CERT_SIGN 0x0008 00258 #define KEYUSE_CRL_SIGN 0x0004 00259 #define KEYUSE_ENCIPHER_ONLY 0x0002 00260 #define KEYUSE_DECIPHER_ONLY 0x0001 00261 00262 #define EXTKEYUSE_ANY 0x08 00263 #define EXTKEYUSE_OCSP_SIGN 0x04 00264 #define EXTKEYUSE_CLIENT_AUTH 0x02 00265 #define EXTKEYUSE_SERVER_AUTH 0x01 00266 00267 typedef struct DNS_entry DNS_entry; 00268 00269 struct DNS_entry { 00270 DNS_entry* next; /* next on DNS list */ 00271 char* name; /* actual DNS name */ 00272 }; 00273 00274 00275 struct DecodedName { 00276 char* fullName; 00277 int fullNameLen; 00278 int entryCount; 00279 int cnIdx; 00280 int cnLen; 00281 int snIdx; 00282 int snLen; 00283 int cIdx; 00284 int cLen; 00285 int lIdx; 00286 int lLen; 00287 int stIdx; 00288 int stLen; 00289 int oIdx; 00290 int oLen; 00291 int ouIdx; 00292 int ouLen; 00293 int emailIdx; 00294 int emailLen; 00295 int uidIdx; 00296 int uidLen; 00297 int serialIdx; 00298 int serialLen; 00299 }; 00300 00301 00302 typedef struct DecodedCert DecodedCert; 00303 typedef struct DecodedName DecodedName; 00304 typedef struct Signer Signer; 00305 00306 00307 struct DecodedCert { 00308 byte* publicKey; 00309 word32 pubKeySize; 00310 int pubKeyStored; 00311 word32 certBegin; /* offset to start of cert */ 00312 word32 sigIndex; /* offset to start of signature */ 00313 word32 sigLength; /* length of signature */ 00314 word32 signatureOID; /* sum of algorithm object id */ 00315 word32 keyOID; /* sum of key algo object id */ 00316 int version; /* cert version, 1 or 3 */ 00317 DNS_entry* altNames; /* alt names list of dns entries */ 00318 byte subjectHash[SHA_SIZE]; /* hash of all Names */ 00319 byte issuerHash[SHA_SIZE]; /* hash of all Names */ 00320 #ifdef HAVE_OCSP 00321 byte issuerKeyHash[SHA_SIZE]; /* hash of the public Key */ 00322 #endif /* HAVE_OCSP */ 00323 byte* signature; /* not owned, points into raw cert */ 00324 char* subjectCN; /* CommonName */ 00325 int subjectCNLen; 00326 int subjectCNStored; /* have we saved a copy we own */ 00327 char issuer[ASN_NAME_MAX]; /* full name including common name */ 00328 char subject[ASN_NAME_MAX]; /* full name including common name */ 00329 int verify; /* Default to yes, but could be off */ 00330 byte* source; /* byte buffer holder cert, NOT owner */ 00331 word32 srcIdx; /* current offset into buffer */ 00332 word32 maxIdx; /* max offset based on init size */ 00333 void* heap; /* for user memory overrides */ 00334 byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ 00335 int serialSz; /* raw serial bytes stored */ 00336 byte* extensions; /* not owned, points into raw cert */ 00337 int extensionsSz; /* length of cert extensions */ 00338 word32 extensionsIdx; /* if want to go back and parse later */ 00339 byte* extAuthInfo; /* Authority Information Access URI */ 00340 int extAuthInfoSz; /* length of the URI */ 00341 byte* extCrlInfo; /* CRL Distribution Points */ 00342 int extCrlInfoSz; /* length of the URI */ 00343 byte extSubjKeyId[SHA_SIZE]; /* Subject Key ID */ 00344 byte extSubjKeyIdSet; /* Set when the SKID was read from cert */ 00345 byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */ 00346 byte extAuthKeyIdSet; /* Set when the AKID was read from cert */ 00347 byte isCA; /* CA basic constraint true */ 00348 byte extKeyUsageSet; 00349 word16 extKeyUsage; /* Key usage bitfield */ 00350 byte extExtKeyUsageSet; /* Extended Key Usage */ 00351 byte extExtKeyUsage; /* Extended Key usage bitfield */ 00352 #ifdef OPENSSL_EXTRA 00353 byte extBasicConstSet; 00354 byte extBasicConstCrit; 00355 byte extBasicConstPlSet; 00356 word32 pathLength; /* CA basic constraint path length, opt */ 00357 byte extSubjAltNameSet; 00358 byte extSubjAltNameCrit; 00359 byte extAuthKeyIdCrit; 00360 byte extSubjKeyIdCrit; 00361 byte extKeyUsageCrit; 00362 byte extExtKeyUsageCrit; 00363 byte* extExtKeyUsageSrc; 00364 word32 extExtKeyUsageSz; 00365 word32 extExtKeyUsageCount; 00366 byte* extAuthKeyIdSrc; 00367 word32 extAuthKeyIdSz; 00368 byte* extSubjKeyIdSrc; 00369 word32 extSubjKeyIdSz; 00370 #endif 00371 #ifdef HAVE_ECC 00372 word32 pkCurveOID; /* Public Key's curve OID */ 00373 #endif /* HAVE_ECC */ 00374 byte* beforeDate; 00375 int beforeDateLen; 00376 byte* afterDate; 00377 int afterDateLen; 00378 #ifdef HAVE_PKCS7 00379 byte* issuerRaw; /* pointer to issuer inside source */ 00380 int issuerRawLen; 00381 #endif 00382 #if defined(CYASSL_CERT_GEN) 00383 /* easy access to subject info for other sign */ 00384 char* subjectSN; 00385 int subjectSNLen; 00386 char* subjectC; 00387 int subjectCLen; 00388 char* subjectL; 00389 int subjectLLen; 00390 char* subjectST; 00391 int subjectSTLen; 00392 char* subjectO; 00393 int subjectOLen; 00394 char* subjectOU; 00395 int subjectOULen; 00396 char* subjectEmail; 00397 int subjectEmailLen; 00398 #endif /* CYASSL_CERT_GEN */ 00399 #ifdef OPENSSL_EXTRA 00400 DecodedName issuerName; 00401 DecodedName subjectName; 00402 #endif /* OPENSSL_EXTRA */ 00403 #ifdef CYASSL_SEP 00404 int deviceTypeSz; 00405 byte* deviceType; 00406 int hwTypeSz; 00407 byte* hwType; 00408 int hwSerialNumSz; 00409 byte* hwSerialNum; 00410 #ifdef OPENSSL_EXTRA 00411 byte extCertPolicySet; 00412 byte extCertPolicyCrit; 00413 #endif /* OPENSSL_EXTRA */ 00414 #endif /* CYASSL_SEP */ 00415 }; 00416 00417 00418 #ifdef SHA_DIGEST_SIZE 00419 #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE 00420 #else 00421 #define SIGNER_DIGEST_SIZE 20 00422 #endif 00423 00424 /* CA Signers */ 00425 /* if change layout change PERSIST_CERT_CACHE functions too */ 00426 struct Signer { 00427 word32 pubKeySize; 00428 word32 keyOID; /* key type */ 00429 byte* publicKey; 00430 int nameLen; 00431 char* name; /* common name */ 00432 byte subjectNameHash[SIGNER_DIGEST_SIZE]; 00433 /* sha hash of names in certificate */ 00434 #ifndef NO_SKID 00435 byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; 00436 /* sha hash of names in certificate */ 00437 #endif 00438 Signer* next; 00439 }; 00440 00441 00442 /* not for public consumption but may use for testing sometimes */ 00443 #ifdef CYASSL_TEST_CERT 00444 #define CYASSL_TEST_API CYASSL_API 00445 #else 00446 #define CYASSL_TEST_API CYASSL_LOCAL 00447 #endif 00448 00449 CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*); 00450 CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); 00451 CYASSL_TEST_API void FreeDecodedCert(DecodedCert*); 00452 CYASSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm); 00453 00454 CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm); 00455 CYASSL_LOCAL int DecodeToKey(DecodedCert*, int verify); 00456 00457 CYASSL_LOCAL word32 EncodeSignature(byte* out, const byte* digest, word32 digSz, 00458 int hashOID); 00459 00460 CYASSL_LOCAL Signer* MakeSigner(void*); 00461 CYASSL_LOCAL void FreeSigner(Signer*, void*); 00462 CYASSL_LOCAL void FreeSignerTable(Signer**, int, void*); 00463 00464 00465 CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length); 00466 CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int); 00467 00468 CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); 00469 00470 /* ASN.1 helper functions */ 00471 CYASSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, 00472 word32 maxIdx); 00473 CYASSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, 00474 word32 maxIdx); 00475 CYASSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, 00476 word32 maxIdx); 00477 CYASSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, 00478 int* version); 00479 CYASSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, 00480 word32 maxIdx); 00481 CYASSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, 00482 word32 maxIdx); 00483 CYASSL_LOCAL word32 SetLength(word32 length, byte* output); 00484 CYASSL_LOCAL word32 SetSequence(word32 len, byte* output); 00485 CYASSL_LOCAL word32 SetOctetString(word32 len, byte* output); 00486 CYASSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len,byte* output); 00487 CYASSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); 00488 CYASSL_LOCAL word32 SetSet(word32 len, byte* output); 00489 CYASSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz); 00490 CYASSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); 00491 CYASSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output); 00492 CYASSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, 00493 int maxIdx); 00494 00495 #ifdef HAVE_ECC 00496 /* ASN sig helpers */ 00497 CYASSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, 00498 mp_int* s); 00499 CYASSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, 00500 mp_int* r, mp_int* s); 00501 #endif 00502 00503 #ifdef CYASSL_CERT_GEN 00504 00505 enum cert_enums { 00506 NAME_ENTRIES = 8, 00507 JOINT_LEN = 2, 00508 EMAIL_JOINT_LEN = 9, 00509 RSA_KEY = 10, 00510 NTRU_KEY = 11, 00511 ECC_KEY = 12 00512 }; 00513 00514 00515 #endif /* CYASSL_CERT_GEN */ 00516 00517 00518 00519 /* for pointer use */ 00520 typedef struct CertStatus CertStatus; 00521 00522 #ifdef HAVE_OCSP 00523 00524 enum Ocsp_Response_Status { 00525 OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */ 00526 OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */ 00527 OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */ 00528 OCSP_TRY_LATER = 3, /* Try again later */ 00529 OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */ 00530 OCSP_UNAUTHROIZED = 6 /* Request unauthorized */ 00531 }; 00532 00533 00534 enum Ocsp_Cert_Status { 00535 CERT_GOOD = 0, 00536 CERT_REVOKED = 1, 00537 CERT_UNKNOWN = 2 00538 }; 00539 00540 00541 enum Ocsp_Sums { 00542 OCSP_BASIC_OID = 117, 00543 OCSP_NONCE_OID = 118 00544 }; 00545 00546 00547 typedef struct OcspRequest OcspRequest; 00548 typedef struct OcspResponse OcspResponse; 00549 00550 00551 struct CertStatus { 00552 CertStatus* next; 00553 00554 byte serial[EXTERNAL_SERIAL_SIZE]; 00555 int serialSz; 00556 00557 int status; 00558 00559 byte thisDate[MAX_DATE_SIZE]; 00560 byte nextDate[MAX_DATE_SIZE]; 00561 byte thisDateFormat; 00562 byte nextDateFormat; 00563 }; 00564 00565 00566 struct OcspResponse { 00567 int responseStatus; /* return code from Responder */ 00568 00569 byte* response; /* Pointer to beginning of OCSP Response */ 00570 word32 responseSz; /* length of the OCSP Response */ 00571 00572 byte producedDate[MAX_DATE_SIZE]; 00573 /* Date at which this response was signed */ 00574 byte producedDateFormat; /* format of the producedDate */ 00575 byte* issuerHash; 00576 byte* issuerKeyHash; 00577 00578 byte* cert; 00579 word32 certSz; 00580 00581 byte* sig; /* Pointer to sig in source */ 00582 word32 sigSz; /* Length in octets for the sig */ 00583 word32 sigOID; /* OID for hash used for sig */ 00584 00585 CertStatus* status; /* certificate status to fill out */ 00586 00587 byte* nonce; /* pointer to nonce inside ASN.1 response */ 00588 int nonceSz; /* length of the nonce string */ 00589 00590 byte* source; /* pointer to source buffer, not owned */ 00591 word32 maxIdx; /* max offset based on init size */ 00592 }; 00593 00594 00595 struct OcspRequest { 00596 DecodedCert* cert; 00597 00598 byte useNonce; 00599 byte nonce[MAX_OCSP_NONCE_SZ]; 00600 int nonceSz; 00601 00602 byte* issuerHash; /* pointer to issuerHash in source cert */ 00603 byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */ 00604 byte* serial; /* pointer to serial number in source cert */ 00605 int serialSz; /* length of the serial number */ 00606 00607 byte* dest; /* pointer to the destination ASN.1 buffer */ 00608 word32 destSz; /* length of the destination buffer */ 00609 }; 00610 00611 00612 CYASSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); 00613 CYASSL_LOCAL int OcspResponseDecode(OcspResponse*); 00614 00615 CYASSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*, 00616 byte, byte*, word32); 00617 CYASSL_LOCAL int EncodeOcspRequest(OcspRequest*); 00618 00619 CYASSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*); 00620 00621 00622 #endif /* HAVE_OCSP */ 00623 00624 00625 /* for pointer use */ 00626 typedef struct RevokedCert RevokedCert; 00627 00628 #ifdef HAVE_CRL 00629 00630 struct RevokedCert { 00631 byte serialNumber[EXTERNAL_SERIAL_SIZE]; 00632 int serialSz; 00633 RevokedCert* next; 00634 }; 00635 00636 typedef struct DecodedCRL DecodedCRL; 00637 00638 struct DecodedCRL { 00639 word32 certBegin; /* offset to start of cert */ 00640 word32 sigIndex; /* offset to start of signature */ 00641 word32 sigLength; /* length of signature */ 00642 word32 signatureOID; /* sum of algorithm object id */ 00643 byte* signature; /* pointer into raw source, not owned */ 00644 byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */ 00645 byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */ 00646 byte lastDate[MAX_DATE_SIZE]; /* last date updated */ 00647 byte nextDate[MAX_DATE_SIZE]; /* next update date */ 00648 byte lastDateFormat; /* format of last date */ 00649 byte nextDateFormat; /* format of next date */ 00650 RevokedCert* certs; /* revoked cert list */ 00651 int totalCerts; /* number on list */ 00652 }; 00653 00654 CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*); 00655 CYASSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm); 00656 CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*); 00657 00658 00659 #endif /* HAVE_CRL */ 00660 00661 00662 #ifdef __cplusplus 00663 } /* extern "C" */ 00664 #endif 00665 00666 #endif /* CTAO_CRYPT_ASN_H */ 00667 00668 #endif /* !NO_ASN */
Generated on Tue Jul 12 2022 20:12:50 by
1.7.2