wolf SSL / CyaSSL

CyaSSL 3.0.0

Dependents:   HTTPClient-SSL HTTPClient HTTPClient-SSL http_access ... more

cyassl/ctaocrypt/asn.h@3:64d4f7cb83d5, 2014-12-03 (annotated)

Committer:
wolfSSL
Date:
Wed Dec 03 05:24:18 2014 +0000
Revision:
3:64d4f7cb83d5
Parent:
0:1239e9b70ca2 
added IGNORE_KEY_EXTENSIONS

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 0:1239e9b70ca2 1 /* asn.h
wolfSSL 0:1239e9b70ca2 2 *
wolfSSL 0:1239e9b70ca2 3 * Copyright (C) 2006-2014 wolfSSL Inc.
wolfSSL 0:1239e9b70ca2 4 *
wolfSSL 0:1239e9b70ca2 5 * This file is part of CyaSSL.
wolfSSL 0:1239e9b70ca2 6 *
wolfSSL 0:1239e9b70ca2 7 * CyaSSL is free software; you can redistribute it and/or modify
wolfSSL 0:1239e9b70ca2 8 * it under the terms of the GNU General Public License as published by
wolfSSL 0:1239e9b70ca2 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 0:1239e9b70ca2 10 * (at your option) any later version.
wolfSSL 0:1239e9b70ca2 11 *
wolfSSL 0:1239e9b70ca2 12 * CyaSSL is distributed in the hope that it will be useful,
wolfSSL 0:1239e9b70ca2 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 0:1239e9b70ca2 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 0:1239e9b70ca2 15 * GNU General Public License for more details.
wolfSSL 0:1239e9b70ca2 16 *
wolfSSL 0:1239e9b70ca2 17 * You should have received a copy of the GNU General Public License
wolfSSL 0:1239e9b70ca2 18 * along with this program; if not, write to the Free Software
wolfSSL 0:1239e9b70ca2 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
wolfSSL 0:1239e9b70ca2 20 */
wolfSSL 0:1239e9b70ca2 21
wolfSSL 0:1239e9b70ca2 22 #ifndef NO_ASN
wolfSSL 0:1239e9b70ca2 23
wolfSSL 0:1239e9b70ca2 24 #ifndef CTAO_CRYPT_ASN_H
wolfSSL 0:1239e9b70ca2 25 #define CTAO_CRYPT_ASN_H
wolfSSL 0:1239e9b70ca2 26
wolfSSL 0:1239e9b70ca2 27 #include <cyassl/ctaocrypt/types.h>
wolfSSL 0:1239e9b70ca2 28 #include <cyassl/ctaocrypt/rsa.h>
wolfSSL 0:1239e9b70ca2 29 #include <cyassl/ctaocrypt/dh.h>
wolfSSL 0:1239e9b70ca2 30 #include <cyassl/ctaocrypt/dsa.h>
wolfSSL 0:1239e9b70ca2 31 #include <cyassl/ctaocrypt/sha.h>
wolfSSL 0:1239e9b70ca2 32 #include <cyassl/ctaocrypt/md5.h>
wolfSSL 0:1239e9b70ca2 33 #include <cyassl/ctaocrypt/asn_public.h> /* public interface */
wolfSSL 0:1239e9b70ca2 34 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 35 #include <cyassl/ctaocrypt/ecc.h>
wolfSSL 0:1239e9b70ca2 36 #endif
wolfSSL 0:1239e9b70ca2 37
wolfSSL 0:1239e9b70ca2 38 #ifdef __cplusplus
wolfSSL 0:1239e9b70ca2 39 extern "C" {
wolfSSL 0:1239e9b70ca2 40 #endif
wolfSSL 0:1239e9b70ca2 41
wolfSSL 0:1239e9b70ca2 42
wolfSSL 0:1239e9b70ca2 43 enum {
wolfSSL 0:1239e9b70ca2 44 ISSUER = 0,
wolfSSL 0:1239e9b70ca2 45 SUBJECT = 1,
wolfSSL 0:1239e9b70ca2 46
wolfSSL 0:1239e9b70ca2 47 EXTERNAL_SERIAL_SIZE = 32,
wolfSSL 0:1239e9b70ca2 48
wolfSSL 0:1239e9b70ca2 49 BEFORE = 0,
wolfSSL 0:1239e9b70ca2 50 AFTER = 1
wolfSSL 0:1239e9b70ca2 51 };
wolfSSL 0:1239e9b70ca2 52
wolfSSL 0:1239e9b70ca2 53 /* ASN Tags */
wolfSSL 0:1239e9b70ca2 54 enum ASN_Tags {
wolfSSL 0:1239e9b70ca2 55 ASN_BOOLEAN = 0x01,
wolfSSL 0:1239e9b70ca2 56 ASN_INTEGER = 0x02,
wolfSSL 0:1239e9b70ca2 57 ASN_BIT_STRING = 0x03,
wolfSSL 0:1239e9b70ca2 58 ASN_OCTET_STRING = 0x04,
wolfSSL 0:1239e9b70ca2 59 ASN_TAG_NULL = 0x05,
wolfSSL 0:1239e9b70ca2 60 ASN_OBJECT_ID = 0x06,
wolfSSL 0:1239e9b70ca2 61 ASN_ENUMERATED = 0x0a,
wolfSSL 0:1239e9b70ca2 62 ASN_UTF8STRING = 0x0c,
wolfSSL 0:1239e9b70ca2 63 ASN_SEQUENCE = 0x10,
wolfSSL 0:1239e9b70ca2 64 ASN_SET = 0x11,
wolfSSL 0:1239e9b70ca2 65 ASN_UTC_TIME = 0x17,
wolfSSL 0:1239e9b70ca2 66 ASN_OTHER_TYPE = 0x00,
wolfSSL 0:1239e9b70ca2 67 ASN_RFC822_TYPE = 0x01,
wolfSSL 0:1239e9b70ca2 68 ASN_DNS_TYPE = 0x02,
wolfSSL 0:1239e9b70ca2 69 ASN_DIR_TYPE = 0x04,
wolfSSL 0:1239e9b70ca2 70 ASN_GENERALIZED_TIME = 0x18,
wolfSSL 0:1239e9b70ca2 71 CRL_EXTENSIONS = 0xa0,
wolfSSL 0:1239e9b70ca2 72 ASN_EXTENSIONS = 0xa3,
wolfSSL 0:1239e9b70ca2 73 ASN_LONG_LENGTH = 0x80
wolfSSL 0:1239e9b70ca2 74 };
wolfSSL 0:1239e9b70ca2 75
wolfSSL 0:1239e9b70ca2 76 enum ASN_Flags{
wolfSSL 0:1239e9b70ca2 77 ASN_CONSTRUCTED = 0x20,
wolfSSL 0:1239e9b70ca2 78 ASN_CONTEXT_SPECIFIC = 0x80
wolfSSL 0:1239e9b70ca2 79 };
wolfSSL 0:1239e9b70ca2 80
wolfSSL 0:1239e9b70ca2 81 enum DN_Tags {
wolfSSL 0:1239e9b70ca2 82 ASN_COMMON_NAME = 0x03, /* CN */
wolfSSL 0:1239e9b70ca2 83 ASN_SUR_NAME = 0x04, /* SN */
wolfSSL 0:1239e9b70ca2 84 ASN_SERIAL_NUMBER = 0x05, /* serialNumber */
wolfSSL 0:1239e9b70ca2 85 ASN_COUNTRY_NAME = 0x06, /* C */
wolfSSL 0:1239e9b70ca2 86 ASN_LOCALITY_NAME = 0x07, /* L */
wolfSSL 0:1239e9b70ca2 87 ASN_STATE_NAME = 0x08, /* ST */
wolfSSL 0:1239e9b70ca2 88 ASN_ORG_NAME = 0x0a, /* O */
wolfSSL 0:1239e9b70ca2 89 ASN_ORGUNIT_NAME = 0x0b /* OU */
wolfSSL 0:1239e9b70ca2 90 };
wolfSSL 0:1239e9b70ca2 91
wolfSSL 0:1239e9b70ca2 92 enum PBES {
wolfSSL 0:1239e9b70ca2 93 PBE_MD5_DES = 0,
wolfSSL 0:1239e9b70ca2 94 PBE_SHA1_DES = 1,
wolfSSL 0:1239e9b70ca2 95 PBE_SHA1_DES3 = 2,
wolfSSL 0:1239e9b70ca2 96 PBE_SHA1_RC4_128 = 3,
wolfSSL 0:1239e9b70ca2 97 PBES2 = 13 /* algo ID */
wolfSSL 0:1239e9b70ca2 98 };
wolfSSL 0:1239e9b70ca2 99
wolfSSL 0:1239e9b70ca2 100 enum ENCRYPTION_TYPES {
wolfSSL 0:1239e9b70ca2 101 DES_TYPE = 0,
wolfSSL 0:1239e9b70ca2 102 DES3_TYPE = 1,
wolfSSL 0:1239e9b70ca2 103 RC4_TYPE = 2
wolfSSL 0:1239e9b70ca2 104 };
wolfSSL 0:1239e9b70ca2 105
wolfSSL 0:1239e9b70ca2 106 enum ECC_TYPES {
wolfSSL 0:1239e9b70ca2 107 ECC_PREFIX_0 = 160,
wolfSSL 0:1239e9b70ca2 108 ECC_PREFIX_1 = 161
wolfSSL 0:1239e9b70ca2 109 };
wolfSSL 0:1239e9b70ca2 110
wolfSSL 0:1239e9b70ca2 111 enum Misc_ASN {
wolfSSL 0:1239e9b70ca2 112 ASN_NAME_MAX = 256,
wolfSSL 0:1239e9b70ca2 113 MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
wolfSSL 0:1239e9b70ca2 114 MAX_IV_SIZE = 64, /* MAX PKCS Iv length */
wolfSSL 0:1239e9b70ca2 115 MAX_KEY_SIZE = 64, /* MAX PKCS Key length */
wolfSSL 0:1239e9b70ca2 116 PKCS5 = 5, /* PKCS oid tag */
wolfSSL 0:1239e9b70ca2 117 PKCS5v2 = 6, /* PKCS #5 v2.0 */
wolfSSL 0:1239e9b70ca2 118 PKCS12 = 12, /* PKCS #12 */
wolfSSL 0:1239e9b70ca2 119 MAX_UNICODE_SZ = 256,
wolfSSL 0:1239e9b70ca2 120 ASN_BOOL_SIZE = 2, /* including type */
wolfSSL 0:1239e9b70ca2 121 SHA_SIZE = 20,
wolfSSL 0:1239e9b70ca2 122 RSA_INTS = 8, /* RSA ints in private key */
wolfSSL 0:1239e9b70ca2 123 MIN_DATE_SIZE = 13,
wolfSSL 0:1239e9b70ca2 124 MAX_DATE_SIZE = 32,
wolfSSL 0:1239e9b70ca2 125 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
wolfSSL 0:1239e9b70ca2 126 MAX_ENCODED_SIG_SZ = 512,
wolfSSL 0:1239e9b70ca2 127 MAX_SIG_SZ = 256,
wolfSSL 0:1239e9b70ca2 128 MAX_ALGO_SZ = 20,
wolfSSL 0:1239e9b70ca2 129 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
wolfSSL 0:1239e9b70ca2 130 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
wolfSSL 0:1239e9b70ca2 131 MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */
wolfSSL 0:1239e9b70ca2 132 MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */
wolfSSL 0:1239e9b70ca2 133 MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */
wolfSSL 0:1239e9b70ca2 134 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
wolfSSL 0:1239e9b70ca2 135 MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */
wolfSSL 0:1239e9b70ca2 136 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
wolfSSL 0:1239e9b70ca2 137 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
wolfSSL 0:1239e9b70ca2 138 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
wolfSSL 0:1239e9b70ca2 139 MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
wolfSSL 0:1239e9b70ca2 140 MAX_RSA_E_SZ = 16, /* Max RSA public e size */
wolfSSL 0:1239e9b70ca2 141 MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
wolfSSL 0:1239e9b70ca2 142 MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
wolfSSL 0:1239e9b70ca2 143 #ifdef CYASSL_CERT_GEN
wolfSSL 0:1239e9b70ca2 144 #ifdef CYASSL_CERT_REQ
wolfSSL 0:1239e9b70ca2 145 /* Max encoded cert req attributes length */
wolfSSL 0:1239e9b70ca2 146 MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 +
wolfSSL 0:1239e9b70ca2 147 MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */
wolfSSL 0:1239e9b70ca2 148 #endif
wolfSSL 0:1239e9b70ca2 149 #ifdef CYASSL_ALT_NAMES
wolfSSL 0:1239e9b70ca2 150 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
wolfSSL 0:1239e9b70ca2 151 #else
wolfSSL 0:1239e9b70ca2 152 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
wolfSSL 0:1239e9b70ca2 153 #endif
wolfSSL 0:1239e9b70ca2 154 /* Max total extensions, id + len + others */
wolfSSL 0:1239e9b70ca2 155 #endif
wolfSSL 0:1239e9b70ca2 156 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
wolfSSL 0:1239e9b70ca2 157 MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */
wolfSSL 0:1239e9b70ca2 158 EIGHTK_BUF = 8192, /* Tmp buffer size */
wolfSSL 0:1239e9b70ca2 159 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2
wolfSSL 0:1239e9b70ca2 160 /* use bigger NTRU size */
wolfSSL 0:1239e9b70ca2 161 };
wolfSSL 0:1239e9b70ca2 162
wolfSSL 0:1239e9b70ca2 163
wolfSSL 0:1239e9b70ca2 164 enum Oid_Types {
wolfSSL 0:1239e9b70ca2 165 hashType = 0,
wolfSSL 0:1239e9b70ca2 166 sigType = 1,
wolfSSL 0:1239e9b70ca2 167 keyType = 2,
wolfSSL 0:1239e9b70ca2 168 curveType = 3,
wolfSSL 0:1239e9b70ca2 169 blkType = 4
wolfSSL 0:1239e9b70ca2 170 };
wolfSSL 0:1239e9b70ca2 171
wolfSSL 0:1239e9b70ca2 172
wolfSSL 0:1239e9b70ca2 173 enum Hash_Sum {
wolfSSL 0:1239e9b70ca2 174 MD2h = 646,
wolfSSL 0:1239e9b70ca2 175 MD5h = 649,
wolfSSL 0:1239e9b70ca2 176 SHAh = 88,
wolfSSL 0:1239e9b70ca2 177 SHA256h = 414,
wolfSSL 0:1239e9b70ca2 178 SHA384h = 415,
wolfSSL 0:1239e9b70ca2 179 SHA512h = 416
wolfSSL 0:1239e9b70ca2 180 };
wolfSSL 0:1239e9b70ca2 181
wolfSSL 0:1239e9b70ca2 182
wolfSSL 0:1239e9b70ca2 183 enum Block_Sum {
wolfSSL 0:1239e9b70ca2 184 DESb = 69,
wolfSSL 0:1239e9b70ca2 185 DES3b = 652
wolfSSL 0:1239e9b70ca2 186 };
wolfSSL 0:1239e9b70ca2 187
wolfSSL 0:1239e9b70ca2 188
wolfSSL 0:1239e9b70ca2 189 enum Key_Sum {
wolfSSL 0:1239e9b70ca2 190 DSAk = 515,
wolfSSL 0:1239e9b70ca2 191 RSAk = 645,
wolfSSL 0:1239e9b70ca2 192 NTRUk = 364,
wolfSSL 0:1239e9b70ca2 193 ECDSAk = 518
wolfSSL 0:1239e9b70ca2 194 };
wolfSSL 0:1239e9b70ca2 195
wolfSSL 0:1239e9b70ca2 196
wolfSSL 0:1239e9b70ca2 197 enum Ecc_Sum {
wolfSSL 0:1239e9b70ca2 198 ECC_256R1 = 526,
wolfSSL 0:1239e9b70ca2 199 ECC_384R1 = 210,
wolfSSL 0:1239e9b70ca2 200 ECC_521R1 = 211,
wolfSSL 0:1239e9b70ca2 201 ECC_160R1 = 184,
wolfSSL 0:1239e9b70ca2 202 ECC_192R1 = 520,
wolfSSL 0:1239e9b70ca2 203 ECC_224R1 = 209
wolfSSL 0:1239e9b70ca2 204 };
wolfSSL 0:1239e9b70ca2 205
wolfSSL 0:1239e9b70ca2 206
wolfSSL 0:1239e9b70ca2 207 enum KDF_Sum {
wolfSSL 0:1239e9b70ca2 208 PBKDF2_OID = 660
wolfSSL 0:1239e9b70ca2 209 };
wolfSSL 0:1239e9b70ca2 210
wolfSSL 0:1239e9b70ca2 211
wolfSSL 0:1239e9b70ca2 212 enum Extensions_Sum {
wolfSSL 0:1239e9b70ca2 213 BASIC_CA_OID = 133,
wolfSSL 0:1239e9b70ca2 214 ALT_NAMES_OID = 131,
wolfSSL 0:1239e9b70ca2 215 CRL_DIST_OID = 145,
wolfSSL 0:1239e9b70ca2 216 AUTH_INFO_OID = 69,
wolfSSL 0:1239e9b70ca2 217 CA_ISSUER_OID = 117,
wolfSSL 0:1239e9b70ca2 218 AUTH_KEY_OID = 149,
wolfSSL 0:1239e9b70ca2 219 SUBJ_KEY_OID = 128,
wolfSSL 0:1239e9b70ca2 220 CERT_POLICY_OID = 146,
wolfSSL 0:1239e9b70ca2 221 KEY_USAGE_OID = 129, /* 2.5.29.15 */
wolfSSL 0:1239e9b70ca2 222 INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
wolfSSL 0:1239e9b70ca2 223 EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
wolfSSL 0:1239e9b70ca2 224 NAME_CONS_OID = 144 /* 2.5.29.30 */
wolfSSL 0:1239e9b70ca2 225 };
wolfSSL 0:1239e9b70ca2 226
wolfSSL 0:1239e9b70ca2 227 enum CertificatePolicy_Sum {
wolfSSL 0:1239e9b70ca2 228 CP_ANY_OID = 146 /* id-ce 32 0 */
wolfSSL 0:1239e9b70ca2 229 };
wolfSSL 0:1239e9b70ca2 230
wolfSSL 0:1239e9b70ca2 231 enum SepHardwareName_Sum {
wolfSSL 0:1239e9b70ca2 232 HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
wolfSSL 0:1239e9b70ca2 233 };
wolfSSL 0:1239e9b70ca2 234
wolfSSL 0:1239e9b70ca2 235 enum AuthInfo_Sum {
wolfSSL 0:1239e9b70ca2 236 AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
wolfSSL 0:1239e9b70ca2 237 AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
wolfSSL 0:1239e9b70ca2 238 };
wolfSSL 0:1239e9b70ca2 239
wolfSSL 0:1239e9b70ca2 240 enum ExtKeyUsage_Sum { /* From RFC 5280 */
wolfSSL 0:1239e9b70ca2 241 EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */
wolfSSL 0:1239e9b70ca2 242 EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */
wolfSSL 0:1239e9b70ca2 243 EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */
wolfSSL 0:1239e9b70ca2 244 EKU_OCSP_SIGN_OID = 79, /* 1.3.6.1.5.5.7.3.9, OCSPSigning */
wolfSSL 0:1239e9b70ca2 245 };
wolfSSL 0:1239e9b70ca2 246
wolfSSL 0:1239e9b70ca2 247
wolfSSL 0:1239e9b70ca2 248 enum VerifyType {
wolfSSL 0:1239e9b70ca2 249 NO_VERIFY = 0,
wolfSSL 0:1239e9b70ca2 250 VERIFY = 1
wolfSSL 0:1239e9b70ca2 251 };
wolfSSL 0:1239e9b70ca2 252
wolfSSL 0:1239e9b70ca2 253
wolfSSL 0:1239e9b70ca2 254 /* Key usage extension bits */
wolfSSL 0:1239e9b70ca2 255 #define KEYUSE_DIGITAL_SIG 0x0100
wolfSSL 0:1239e9b70ca2 256 #define KEYUSE_CONTENT_COMMIT 0x0080
wolfSSL 0:1239e9b70ca2 257 #define KEYUSE_KEY_ENCIPHER 0x0040
wolfSSL 0:1239e9b70ca2 258 #define KEYUSE_DATA_ENCIPHER 0x0020
wolfSSL 0:1239e9b70ca2 259 #define KEYUSE_KEY_AGREE 0x0010
wolfSSL 0:1239e9b70ca2 260 #define KEYUSE_KEY_CERT_SIGN 0x0008
wolfSSL 0:1239e9b70ca2 261 #define KEYUSE_CRL_SIGN 0x0004
wolfSSL 0:1239e9b70ca2 262 #define KEYUSE_ENCIPHER_ONLY 0x0002
wolfSSL 0:1239e9b70ca2 263 #define KEYUSE_DECIPHER_ONLY 0x0001
wolfSSL 0:1239e9b70ca2 264
wolfSSL 0:1239e9b70ca2 265 #define EXTKEYUSE_ANY 0x08
wolfSSL 0:1239e9b70ca2 266 #define EXTKEYUSE_OCSP_SIGN 0x04
wolfSSL 0:1239e9b70ca2 267 #define EXTKEYUSE_CLIENT_AUTH 0x02
wolfSSL 0:1239e9b70ca2 268 #define EXTKEYUSE_SERVER_AUTH 0x01
wolfSSL 0:1239e9b70ca2 269
wolfSSL 0:1239e9b70ca2 270 typedef struct DNS_entry DNS_entry;
wolfSSL 0:1239e9b70ca2 271
wolfSSL 0:1239e9b70ca2 272 struct DNS_entry {
wolfSSL 0:1239e9b70ca2 273 DNS_entry* next; /* next on DNS list */
wolfSSL 0:1239e9b70ca2 274 char* name; /* actual DNS name */
wolfSSL 0:1239e9b70ca2 275 };
wolfSSL 0:1239e9b70ca2 276
wolfSSL 0:1239e9b70ca2 277
wolfSSL 0:1239e9b70ca2 278 typedef struct Base_entry Base_entry;
wolfSSL 0:1239e9b70ca2 279
wolfSSL 0:1239e9b70ca2 280 struct Base_entry {
wolfSSL 0:1239e9b70ca2 281 Base_entry* next; /* next on name base list */
wolfSSL 0:1239e9b70ca2 282 char* name; /* actual name base */
wolfSSL 0:1239e9b70ca2 283 int nameSz; /* name length */
wolfSSL 0:1239e9b70ca2 284 byte type; /* Name base type (DNS or RFC822) */
wolfSSL 0:1239e9b70ca2 285 };
wolfSSL 0:1239e9b70ca2 286
wolfSSL 0:1239e9b70ca2 287
wolfSSL 0:1239e9b70ca2 288 struct DecodedName {
wolfSSL 0:1239e9b70ca2 289 char* fullName;
wolfSSL 0:1239e9b70ca2 290 int fullNameLen;
wolfSSL 0:1239e9b70ca2 291 int entryCount;
wolfSSL 0:1239e9b70ca2 292 int cnIdx;
wolfSSL 0:1239e9b70ca2 293 int cnLen;
wolfSSL 0:1239e9b70ca2 294 int snIdx;
wolfSSL 0:1239e9b70ca2 295 int snLen;
wolfSSL 0:1239e9b70ca2 296 int cIdx;
wolfSSL 0:1239e9b70ca2 297 int cLen;
wolfSSL 0:1239e9b70ca2 298 int lIdx;
wolfSSL 0:1239e9b70ca2 299 int lLen;
wolfSSL 0:1239e9b70ca2 300 int stIdx;
wolfSSL 0:1239e9b70ca2 301 int stLen;
wolfSSL 0:1239e9b70ca2 302 int oIdx;
wolfSSL 0:1239e9b70ca2 303 int oLen;
wolfSSL 0:1239e9b70ca2 304 int ouIdx;
wolfSSL 0:1239e9b70ca2 305 int ouLen;
wolfSSL 0:1239e9b70ca2 306 int emailIdx;
wolfSSL 0:1239e9b70ca2 307 int emailLen;
wolfSSL 0:1239e9b70ca2 308 int uidIdx;
wolfSSL 0:1239e9b70ca2 309 int uidLen;
wolfSSL 0:1239e9b70ca2 310 int serialIdx;
wolfSSL 0:1239e9b70ca2 311 int serialLen;
wolfSSL 0:1239e9b70ca2 312 };
wolfSSL 0:1239e9b70ca2 313
wolfSSL 0:1239e9b70ca2 314
wolfSSL 0:1239e9b70ca2 315 typedef struct DecodedCert DecodedCert;
wolfSSL 0:1239e9b70ca2 316 typedef struct DecodedName DecodedName;
wolfSSL 0:1239e9b70ca2 317 typedef struct Signer Signer;
wolfSSL 0:1239e9b70ca2 318
wolfSSL 0:1239e9b70ca2 319
wolfSSL 0:1239e9b70ca2 320 struct DecodedCert {
wolfSSL 0:1239e9b70ca2 321 byte* publicKey;
wolfSSL 0:1239e9b70ca2 322 word32 pubKeySize;
wolfSSL 0:1239e9b70ca2 323 int pubKeyStored;
wolfSSL 0:1239e9b70ca2 324 word32 certBegin; /* offset to start of cert */
wolfSSL 0:1239e9b70ca2 325 word32 sigIndex; /* offset to start of signature */
wolfSSL 0:1239e9b70ca2 326 word32 sigLength; /* length of signature */
wolfSSL 0:1239e9b70ca2 327 word32 signatureOID; /* sum of algorithm object id */
wolfSSL 0:1239e9b70ca2 328 word32 keyOID; /* sum of key algo object id */
wolfSSL 0:1239e9b70ca2 329 int version; /* cert version, 1 or 3 */
wolfSSL 0:1239e9b70ca2 330 DNS_entry* altNames; /* alt names list of dns entries */
wolfSSL 0:1239e9b70ca2 331 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 0:1239e9b70ca2 332 DNS_entry* altEmailNames; /* alt names list of RFC822 entries */
wolfSSL 0:1239e9b70ca2 333 Base_entry* permittedNames; /* Permitted name bases */
wolfSSL 0:1239e9b70ca2 334 Base_entry* excludedNames; /* Excluded name bases */
wolfSSL 0:1239e9b70ca2 335 #endif /* IGNORE_NAME_CONSTRAINTS */
wolfSSL 0:1239e9b70ca2 336 byte subjectHash[SHA_SIZE]; /* hash of all Names */
wolfSSL 0:1239e9b70ca2 337 byte issuerHash[SHA_SIZE]; /* hash of all Names */
wolfSSL 0:1239e9b70ca2 338 #ifdef HAVE_OCSP
wolfSSL 0:1239e9b70ca2 339 byte issuerKeyHash[SHA_SIZE]; /* hash of the public Key */
wolfSSL 0:1239e9b70ca2 340 #endif /* HAVE_OCSP */
wolfSSL 0:1239e9b70ca2 341 byte* signature; /* not owned, points into raw cert */
wolfSSL 0:1239e9b70ca2 342 char* subjectCN; /* CommonName */
wolfSSL 0:1239e9b70ca2 343 int subjectCNLen;
wolfSSL 0:1239e9b70ca2 344 int subjectCNStored; /* have we saved a copy we own */
wolfSSL 0:1239e9b70ca2 345 char issuer[ASN_NAME_MAX]; /* full name including common name */
wolfSSL 0:1239e9b70ca2 346 char subject[ASN_NAME_MAX]; /* full name including common name */
wolfSSL 0:1239e9b70ca2 347 int verify; /* Default to yes, but could be off */
wolfSSL 0:1239e9b70ca2 348 byte* source; /* byte buffer holder cert, NOT owner */
wolfSSL 0:1239e9b70ca2 349 word32 srcIdx; /* current offset into buffer */
wolfSSL 0:1239e9b70ca2 350 word32 maxIdx; /* max offset based on init size */
wolfSSL 0:1239e9b70ca2 351 void* heap; /* for user memory overrides */
wolfSSL 0:1239e9b70ca2 352 byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */
wolfSSL 0:1239e9b70ca2 353 int serialSz; /* raw serial bytes stored */
wolfSSL 0:1239e9b70ca2 354 byte* extensions; /* not owned, points into raw cert */
wolfSSL 0:1239e9b70ca2 355 int extensionsSz; /* length of cert extensions */
wolfSSL 0:1239e9b70ca2 356 word32 extensionsIdx; /* if want to go back and parse later */
wolfSSL 0:1239e9b70ca2 357 byte* extAuthInfo; /* Authority Information Access URI */
wolfSSL 0:1239e9b70ca2 358 int extAuthInfoSz; /* length of the URI */
wolfSSL 0:1239e9b70ca2 359 byte* extCrlInfo; /* CRL Distribution Points */
wolfSSL 0:1239e9b70ca2 360 int extCrlInfoSz; /* length of the URI */
wolfSSL 0:1239e9b70ca2 361 byte extSubjKeyId[SHA_SIZE]; /* Subject Key ID */
wolfSSL 0:1239e9b70ca2 362 byte extSubjKeyIdSet; /* Set when the SKID was read from cert */
wolfSSL 0:1239e9b70ca2 363 byte extAuthKeyId[SHA_SIZE]; /* Authority Key ID */
wolfSSL 0:1239e9b70ca2 364 byte extAuthKeyIdSet; /* Set when the AKID was read from cert */
wolfSSL 0:1239e9b70ca2 365 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 0:1239e9b70ca2 366 byte extNameConstraintSet;
wolfSSL 0:1239e9b70ca2 367 #endif /* IGNORE_NAME_CONSTRAINTS */
wolfSSL 0:1239e9b70ca2 368 byte isCA; /* CA basic constraint true */
wolfSSL 0:1239e9b70ca2 369 byte extKeyUsageSet;
wolfSSL 0:1239e9b70ca2 370 word16 extKeyUsage; /* Key usage bitfield */
wolfSSL 0:1239e9b70ca2 371 byte extExtKeyUsageSet; /* Extended Key Usage */
wolfSSL 0:1239e9b70ca2 372 byte extExtKeyUsage; /* Extended Key usage bitfield */
wolfSSL 0:1239e9b70ca2 373 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 374 byte extBasicConstSet;
wolfSSL 0:1239e9b70ca2 375 byte extBasicConstCrit;
wolfSSL 0:1239e9b70ca2 376 byte extBasicConstPlSet;
wolfSSL 0:1239e9b70ca2 377 word32 pathLength; /* CA basic constraint path length, opt */
wolfSSL 0:1239e9b70ca2 378 byte extSubjAltNameSet;
wolfSSL 0:1239e9b70ca2 379 byte extSubjAltNameCrit;
wolfSSL 0:1239e9b70ca2 380 byte extAuthKeyIdCrit;
wolfSSL 0:1239e9b70ca2 381 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 0:1239e9b70ca2 382 byte extNameConstraintCrit;
wolfSSL 0:1239e9b70ca2 383 #endif /* IGNORE_NAME_CONSTRAINTS */
wolfSSL 0:1239e9b70ca2 384 byte extSubjKeyIdCrit;
wolfSSL 0:1239e9b70ca2 385 byte extKeyUsageCrit;
wolfSSL 0:1239e9b70ca2 386 byte extExtKeyUsageCrit;
wolfSSL 0:1239e9b70ca2 387 byte* extExtKeyUsageSrc;
wolfSSL 0:1239e9b70ca2 388 word32 extExtKeyUsageSz;
wolfSSL 0:1239e9b70ca2 389 word32 extExtKeyUsageCount;
wolfSSL 0:1239e9b70ca2 390 byte* extAuthKeyIdSrc;
wolfSSL 0:1239e9b70ca2 391 word32 extAuthKeyIdSz;
wolfSSL 0:1239e9b70ca2 392 byte* extSubjKeyIdSrc;
wolfSSL 0:1239e9b70ca2 393 word32 extSubjKeyIdSz;
wolfSSL 0:1239e9b70ca2 394 #endif
wolfSSL 0:1239e9b70ca2 395 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 396 word32 pkCurveOID; /* Public Key's curve OID */
wolfSSL 0:1239e9b70ca2 397 #endif /* HAVE_ECC */
wolfSSL 0:1239e9b70ca2 398 byte* beforeDate;
wolfSSL 0:1239e9b70ca2 399 int beforeDateLen;
wolfSSL 0:1239e9b70ca2 400 byte* afterDate;
wolfSSL 0:1239e9b70ca2 401 int afterDateLen;
wolfSSL 0:1239e9b70ca2 402 #ifdef HAVE_PKCS7
wolfSSL 0:1239e9b70ca2 403 byte* issuerRaw; /* pointer to issuer inside source */
wolfSSL 0:1239e9b70ca2 404 int issuerRawLen;
wolfSSL 0:1239e9b70ca2 405 #endif
wolfSSL 0:1239e9b70ca2 406 #ifndef IGNORE_NAME_CONSTRAINT
wolfSSL 0:1239e9b70ca2 407 byte* subjectRaw; /* pointer to subject inside source */
wolfSSL 0:1239e9b70ca2 408 int subjectRawLen;
wolfSSL 0:1239e9b70ca2 409 #endif
wolfSSL 0:1239e9b70ca2 410 #if defined(CYASSL_CERT_GEN)
wolfSSL 0:1239e9b70ca2 411 /* easy access to subject info for other sign */
wolfSSL 0:1239e9b70ca2 412 char* subjectSN;
wolfSSL 0:1239e9b70ca2 413 int subjectSNLen;
wolfSSL 0:1239e9b70ca2 414 char* subjectC;
wolfSSL 0:1239e9b70ca2 415 int subjectCLen;
wolfSSL 0:1239e9b70ca2 416 char* subjectL;
wolfSSL 0:1239e9b70ca2 417 int subjectLLen;
wolfSSL 0:1239e9b70ca2 418 char* subjectST;
wolfSSL 0:1239e9b70ca2 419 int subjectSTLen;
wolfSSL 0:1239e9b70ca2 420 char* subjectO;
wolfSSL 0:1239e9b70ca2 421 int subjectOLen;
wolfSSL 0:1239e9b70ca2 422 char* subjectOU;
wolfSSL 0:1239e9b70ca2 423 int subjectOULen;
wolfSSL 0:1239e9b70ca2 424 char* subjectEmail;
wolfSSL 0:1239e9b70ca2 425 int subjectEmailLen;
wolfSSL 0:1239e9b70ca2 426 #endif /* CYASSL_CERT_GEN */
wolfSSL 0:1239e9b70ca2 427 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 428 DecodedName issuerName;
wolfSSL 0:1239e9b70ca2 429 DecodedName subjectName;
wolfSSL 0:1239e9b70ca2 430 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 431 #ifdef CYASSL_SEP
wolfSSL 0:1239e9b70ca2 432 int deviceTypeSz;
wolfSSL 0:1239e9b70ca2 433 byte* deviceType;
wolfSSL 0:1239e9b70ca2 434 int hwTypeSz;
wolfSSL 0:1239e9b70ca2 435 byte* hwType;
wolfSSL 0:1239e9b70ca2 436 int hwSerialNumSz;
wolfSSL 0:1239e9b70ca2 437 byte* hwSerialNum;
wolfSSL 0:1239e9b70ca2 438 #ifdef OPENSSL_EXTRA
wolfSSL 0:1239e9b70ca2 439 byte extCertPolicySet;
wolfSSL 0:1239e9b70ca2 440 byte extCertPolicyCrit;
wolfSSL 0:1239e9b70ca2 441 #endif /* OPENSSL_EXTRA */
wolfSSL 0:1239e9b70ca2 442 #endif /* CYASSL_SEP */
wolfSSL 0:1239e9b70ca2 443 };
wolfSSL 0:1239e9b70ca2 444
wolfSSL 0:1239e9b70ca2 445
wolfSSL 0:1239e9b70ca2 446 #ifdef SHA_DIGEST_SIZE
wolfSSL 0:1239e9b70ca2 447 #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
wolfSSL 0:1239e9b70ca2 448 #else
wolfSSL 0:1239e9b70ca2 449 #define SIGNER_DIGEST_SIZE 20
wolfSSL 0:1239e9b70ca2 450 #endif
wolfSSL 0:1239e9b70ca2 451
wolfSSL 0:1239e9b70ca2 452 /* CA Signers */
wolfSSL 0:1239e9b70ca2 453 /* if change layout change PERSIST_CERT_CACHE functions too */
wolfSSL 0:1239e9b70ca2 454 struct Signer {
wolfSSL 0:1239e9b70ca2 455 word32 pubKeySize;
wolfSSL 0:1239e9b70ca2 456 word32 keyOID; /* key type */
wolfSSL 0:1239e9b70ca2 457 word16 keyUsage;
wolfSSL 0:1239e9b70ca2 458 byte* publicKey;
wolfSSL 0:1239e9b70ca2 459 int nameLen;
wolfSSL 0:1239e9b70ca2 460 char* name; /* common name */
wolfSSL 0:1239e9b70ca2 461 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 0:1239e9b70ca2 462 Base_entry* permittedNames;
wolfSSL 0:1239e9b70ca2 463 Base_entry* excludedNames;
wolfSSL 0:1239e9b70ca2 464 #endif /* IGNORE_NAME_CONSTRAINTS */
wolfSSL 0:1239e9b70ca2 465 byte subjectNameHash[SIGNER_DIGEST_SIZE];
wolfSSL 0:1239e9b70ca2 466 /* sha hash of names in certificate */
wolfSSL 0:1239e9b70ca2 467 #ifndef NO_SKID
wolfSSL 0:1239e9b70ca2 468 byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
wolfSSL 0:1239e9b70ca2 469 /* sha hash of names in certificate */
wolfSSL 0:1239e9b70ca2 470 #endif
wolfSSL 0:1239e9b70ca2 471 Signer* next;
wolfSSL 0:1239e9b70ca2 472 };
wolfSSL 0:1239e9b70ca2 473
wolfSSL 0:1239e9b70ca2 474
wolfSSL 0:1239e9b70ca2 475 /* not for public consumption but may use for testing sometimes */
wolfSSL 0:1239e9b70ca2 476 #ifdef CYASSL_TEST_CERT
wolfSSL 0:1239e9b70ca2 477 #define CYASSL_TEST_API CYASSL_API
wolfSSL 0:1239e9b70ca2 478 #else
wolfSSL 0:1239e9b70ca2 479 #define CYASSL_TEST_API CYASSL_LOCAL
wolfSSL 0:1239e9b70ca2 480 #endif
wolfSSL 0:1239e9b70ca2 481
wolfSSL 0:1239e9b70ca2 482 CYASSL_TEST_API void FreeAltNames(DNS_entry*, void*);
wolfSSL 0:1239e9b70ca2 483 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 0:1239e9b70ca2 484 CYASSL_TEST_API void FreeNameSubtrees(Base_entry*, void*);
wolfSSL 0:1239e9b70ca2 485 #endif /* IGNORE_NAME_CONSTRAINTS */
wolfSSL 0:1239e9b70ca2 486 CYASSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
wolfSSL 0:1239e9b70ca2 487 CYASSL_TEST_API void FreeDecodedCert(DecodedCert*);
wolfSSL 0:1239e9b70ca2 488 CYASSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
wolfSSL 0:1239e9b70ca2 489
wolfSSL 0:1239e9b70ca2 490 CYASSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm);
wolfSSL 0:1239e9b70ca2 491 CYASSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
wolfSSL 0:1239e9b70ca2 492
wolfSSL 0:1239e9b70ca2 493 CYASSL_LOCAL word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,
wolfSSL 0:1239e9b70ca2 494 int hashOID);
wolfSSL 0:1239e9b70ca2 495
wolfSSL 0:1239e9b70ca2 496 CYASSL_LOCAL Signer* MakeSigner(void*);
wolfSSL 0:1239e9b70ca2 497 CYASSL_LOCAL void FreeSigner(Signer*, void*);
wolfSSL 0:1239e9b70ca2 498 CYASSL_LOCAL void FreeSignerTable(Signer**, int, void*);
wolfSSL 0:1239e9b70ca2 499
wolfSSL 0:1239e9b70ca2 500
wolfSSL 0:1239e9b70ca2 501 CYASSL_LOCAL int ToTraditional(byte* buffer, word32 length);
wolfSSL 0:1239e9b70ca2 502 CYASSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int);
wolfSSL 0:1239e9b70ca2 503
wolfSSL 0:1239e9b70ca2 504 CYASSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
wolfSSL 0:1239e9b70ca2 505
wolfSSL 0:1239e9b70ca2 506 /* ASN.1 helper functions */
wolfSSL 0:1239e9b70ca2 507 CYASSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
wolfSSL 0:1239e9b70ca2 508 word32 maxIdx);
wolfSSL 0:1239e9b70ca2 509 CYASSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
wolfSSL 0:1239e9b70ca2 510 word32 maxIdx);
wolfSSL 0:1239e9b70ca2 511 CYASSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
wolfSSL 0:1239e9b70ca2 512 word32 maxIdx);
wolfSSL 0:1239e9b70ca2 513 CYASSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
wolfSSL 0:1239e9b70ca2 514 int* version);
wolfSSL 0:1239e9b70ca2 515 CYASSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
wolfSSL 0:1239e9b70ca2 516 word32 maxIdx);
wolfSSL 0:1239e9b70ca2 517 CYASSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
wolfSSL 0:1239e9b70ca2 518 word32 maxIdx);
wolfSSL 0:1239e9b70ca2 519 CYASSL_LOCAL word32 SetLength(word32 length, byte* output);
wolfSSL 0:1239e9b70ca2 520 CYASSL_LOCAL word32 SetSequence(word32 len, byte* output);
wolfSSL 0:1239e9b70ca2 521 CYASSL_LOCAL word32 SetOctetString(word32 len, byte* output);
wolfSSL 0:1239e9b70ca2 522 CYASSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len,byte* output);
wolfSSL 0:1239e9b70ca2 523 CYASSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
wolfSSL 0:1239e9b70ca2 524 CYASSL_LOCAL word32 SetSet(word32 len, byte* output);
wolfSSL 0:1239e9b70ca2 525 CYASSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz);
wolfSSL 0:1239e9b70ca2 526 CYASSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
wolfSSL 0:1239e9b70ca2 527 CYASSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output);
wolfSSL 0:1239e9b70ca2 528 CYASSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
wolfSSL 0:1239e9b70ca2 529 int maxIdx);
wolfSSL 0:1239e9b70ca2 530
wolfSSL 0:1239e9b70ca2 531 #ifdef HAVE_ECC
wolfSSL 0:1239e9b70ca2 532 /* ASN sig helpers */
wolfSSL 0:1239e9b70ca2 533 CYASSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
wolfSSL 0:1239e9b70ca2 534 mp_int* s);
wolfSSL 0:1239e9b70ca2 535 CYASSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
wolfSSL 0:1239e9b70ca2 536 mp_int* r, mp_int* s);
wolfSSL 0:1239e9b70ca2 537 #endif
wolfSSL 0:1239e9b70ca2 538
wolfSSL 0:1239e9b70ca2 539 #ifdef CYASSL_CERT_GEN
wolfSSL 0:1239e9b70ca2 540
wolfSSL 0:1239e9b70ca2 541 enum cert_enums {
wolfSSL 0:1239e9b70ca2 542 NAME_ENTRIES = 8,
wolfSSL 0:1239e9b70ca2 543 JOINT_LEN = 2,
wolfSSL 0:1239e9b70ca2 544 EMAIL_JOINT_LEN = 9,
wolfSSL 0:1239e9b70ca2 545 RSA_KEY = 10,
wolfSSL 0:1239e9b70ca2 546 NTRU_KEY = 11,
wolfSSL 0:1239e9b70ca2 547 ECC_KEY = 12
wolfSSL 0:1239e9b70ca2 548 };
wolfSSL 0:1239e9b70ca2 549
wolfSSL 0:1239e9b70ca2 550
wolfSSL 0:1239e9b70ca2 551 #endif /* CYASSL_CERT_GEN */
wolfSSL 0:1239e9b70ca2 552
wolfSSL 0:1239e9b70ca2 553
wolfSSL 0:1239e9b70ca2 554
wolfSSL 0:1239e9b70ca2 555 /* for pointer use */
wolfSSL 0:1239e9b70ca2 556 typedef struct CertStatus CertStatus;
wolfSSL 0:1239e9b70ca2 557
wolfSSL 0:1239e9b70ca2 558 #ifdef HAVE_OCSP
wolfSSL 0:1239e9b70ca2 559
wolfSSL 0:1239e9b70ca2 560 enum Ocsp_Response_Status {
wolfSSL 0:1239e9b70ca2 561 OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */
wolfSSL 0:1239e9b70ca2 562 OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */
wolfSSL 0:1239e9b70ca2 563 OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */
wolfSSL 0:1239e9b70ca2 564 OCSP_TRY_LATER = 3, /* Try again later */
wolfSSL 0:1239e9b70ca2 565 OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */
wolfSSL 0:1239e9b70ca2 566 OCSP_UNAUTHROIZED = 6 /* Request unauthorized */
wolfSSL 0:1239e9b70ca2 567 };
wolfSSL 0:1239e9b70ca2 568
wolfSSL 0:1239e9b70ca2 569
wolfSSL 0:1239e9b70ca2 570 enum Ocsp_Cert_Status {
wolfSSL 0:1239e9b70ca2 571 CERT_GOOD = 0,
wolfSSL 0:1239e9b70ca2 572 CERT_REVOKED = 1,
wolfSSL 0:1239e9b70ca2 573 CERT_UNKNOWN = 2
wolfSSL 0:1239e9b70ca2 574 };
wolfSSL 0:1239e9b70ca2 575
wolfSSL 0:1239e9b70ca2 576
wolfSSL 0:1239e9b70ca2 577 enum Ocsp_Sums {
wolfSSL 0:1239e9b70ca2 578 OCSP_BASIC_OID = 117,
wolfSSL 0:1239e9b70ca2 579 OCSP_NONCE_OID = 118
wolfSSL 0:1239e9b70ca2 580 };
wolfSSL 0:1239e9b70ca2 581
wolfSSL 0:1239e9b70ca2 582
wolfSSL 0:1239e9b70ca2 583 typedef struct OcspRequest OcspRequest;
wolfSSL 0:1239e9b70ca2 584 typedef struct OcspResponse OcspResponse;
wolfSSL 0:1239e9b70ca2 585
wolfSSL 0:1239e9b70ca2 586
wolfSSL 0:1239e9b70ca2 587 struct CertStatus {
wolfSSL 0:1239e9b70ca2 588 CertStatus* next;
wolfSSL 0:1239e9b70ca2 589
wolfSSL 0:1239e9b70ca2 590 byte serial[EXTERNAL_SERIAL_SIZE];
wolfSSL 0:1239e9b70ca2 591 int serialSz;
wolfSSL 0:1239e9b70ca2 592
wolfSSL 0:1239e9b70ca2 593 int status;
wolfSSL 0:1239e9b70ca2 594
wolfSSL 0:1239e9b70ca2 595 byte thisDate[MAX_DATE_SIZE];
wolfSSL 0:1239e9b70ca2 596 byte nextDate[MAX_DATE_SIZE];
wolfSSL 0:1239e9b70ca2 597 byte thisDateFormat;
wolfSSL 0:1239e9b70ca2 598 byte nextDateFormat;
wolfSSL 0:1239e9b70ca2 599 };
wolfSSL 0:1239e9b70ca2 600
wolfSSL 0:1239e9b70ca2 601
wolfSSL 0:1239e9b70ca2 602 struct OcspResponse {
wolfSSL 0:1239e9b70ca2 603 int responseStatus; /* return code from Responder */
wolfSSL 0:1239e9b70ca2 604
wolfSSL 0:1239e9b70ca2 605 byte* response; /* Pointer to beginning of OCSP Response */
wolfSSL 0:1239e9b70ca2 606 word32 responseSz; /* length of the OCSP Response */
wolfSSL 0:1239e9b70ca2 607
wolfSSL 0:1239e9b70ca2 608 byte producedDate[MAX_DATE_SIZE];
wolfSSL 0:1239e9b70ca2 609 /* Date at which this response was signed */
wolfSSL 0:1239e9b70ca2 610 byte producedDateFormat; /* format of the producedDate */
wolfSSL 0:1239e9b70ca2 611 byte* issuerHash;
wolfSSL 0:1239e9b70ca2 612 byte* issuerKeyHash;
wolfSSL 0:1239e9b70ca2 613
wolfSSL 0:1239e9b70ca2 614 byte* cert;
wolfSSL 0:1239e9b70ca2 615 word32 certSz;
wolfSSL 0:1239e9b70ca2 616
wolfSSL 0:1239e9b70ca2 617 byte* sig; /* Pointer to sig in source */
wolfSSL 0:1239e9b70ca2 618 word32 sigSz; /* Length in octets for the sig */
wolfSSL 0:1239e9b70ca2 619 word32 sigOID; /* OID for hash used for sig */
wolfSSL 0:1239e9b70ca2 620
wolfSSL 0:1239e9b70ca2 621 CertStatus* status; /* certificate status to fill out */
wolfSSL 0:1239e9b70ca2 622
wolfSSL 0:1239e9b70ca2 623 byte* nonce; /* pointer to nonce inside ASN.1 response */
wolfSSL 0:1239e9b70ca2 624 int nonceSz; /* length of the nonce string */
wolfSSL 0:1239e9b70ca2 625
wolfSSL 0:1239e9b70ca2 626 byte* source; /* pointer to source buffer, not owned */
wolfSSL 0:1239e9b70ca2 627 word32 maxIdx; /* max offset based on init size */
wolfSSL 0:1239e9b70ca2 628 };
wolfSSL 0:1239e9b70ca2 629
wolfSSL 0:1239e9b70ca2 630
wolfSSL 0:1239e9b70ca2 631 struct OcspRequest {
wolfSSL 0:1239e9b70ca2 632 DecodedCert* cert;
wolfSSL 0:1239e9b70ca2 633
wolfSSL 0:1239e9b70ca2 634 byte useNonce;
wolfSSL 0:1239e9b70ca2 635 byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL 0:1239e9b70ca2 636 int nonceSz;
wolfSSL 0:1239e9b70ca2 637
wolfSSL 0:1239e9b70ca2 638 byte* issuerHash; /* pointer to issuerHash in source cert */
wolfSSL 0:1239e9b70ca2 639 byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */
wolfSSL 0:1239e9b70ca2 640 byte* serial; /* pointer to serial number in source cert */
wolfSSL 0:1239e9b70ca2 641 int serialSz; /* length of the serial number */
wolfSSL 0:1239e9b70ca2 642
wolfSSL 0:1239e9b70ca2 643 byte* dest; /* pointer to the destination ASN.1 buffer */
wolfSSL 0:1239e9b70ca2 644 word32 destSz; /* length of the destination buffer */
wolfSSL 0:1239e9b70ca2 645 };
wolfSSL 0:1239e9b70ca2 646
wolfSSL 0:1239e9b70ca2 647
wolfSSL 0:1239e9b70ca2 648 CYASSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
wolfSSL 0:1239e9b70ca2 649 CYASSL_LOCAL int OcspResponseDecode(OcspResponse*);
wolfSSL 0:1239e9b70ca2 650
wolfSSL 0:1239e9b70ca2 651 CYASSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*,
wolfSSL 0:1239e9b70ca2 652 byte, byte*, word32);
wolfSSL 0:1239e9b70ca2 653 CYASSL_LOCAL int EncodeOcspRequest(OcspRequest*);
wolfSSL 0:1239e9b70ca2 654
wolfSSL 0:1239e9b70ca2 655 CYASSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*);
wolfSSL 0:1239e9b70ca2 656
wolfSSL 0:1239e9b70ca2 657
wolfSSL 0:1239e9b70ca2 658 #endif /* HAVE_OCSP */
wolfSSL 0:1239e9b70ca2 659
wolfSSL 0:1239e9b70ca2 660
wolfSSL 0:1239e9b70ca2 661 /* for pointer use */
wolfSSL 0:1239e9b70ca2 662 typedef struct RevokedCert RevokedCert;
wolfSSL 0:1239e9b70ca2 663
wolfSSL 0:1239e9b70ca2 664 #ifdef HAVE_CRL
wolfSSL 0:1239e9b70ca2 665
wolfSSL 0:1239e9b70ca2 666 struct RevokedCert {
wolfSSL 0:1239e9b70ca2 667 byte serialNumber[EXTERNAL_SERIAL_SIZE];
wolfSSL 0:1239e9b70ca2 668 int serialSz;
wolfSSL 0:1239e9b70ca2 669 RevokedCert* next;
wolfSSL 0:1239e9b70ca2 670 };
wolfSSL 0:1239e9b70ca2 671
wolfSSL 0:1239e9b70ca2 672 typedef struct DecodedCRL DecodedCRL;
wolfSSL 0:1239e9b70ca2 673
wolfSSL 0:1239e9b70ca2 674 struct DecodedCRL {
wolfSSL 0:1239e9b70ca2 675 word32 certBegin; /* offset to start of cert */
wolfSSL 0:1239e9b70ca2 676 word32 sigIndex; /* offset to start of signature */
wolfSSL 0:1239e9b70ca2 677 word32 sigLength; /* length of signature */
wolfSSL 0:1239e9b70ca2 678 word32 signatureOID; /* sum of algorithm object id */
wolfSSL 0:1239e9b70ca2 679 byte* signature; /* pointer into raw source, not owned */
wolfSSL 0:1239e9b70ca2 680 byte issuerHash[SHA_DIGEST_SIZE]; /* issuer hash */
wolfSSL 0:1239e9b70ca2 681 byte crlHash[SHA_DIGEST_SIZE]; /* raw crl data hash */
wolfSSL 0:1239e9b70ca2 682 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
wolfSSL 0:1239e9b70ca2 683 byte nextDate[MAX_DATE_SIZE]; /* next update date */
wolfSSL 0:1239e9b70ca2 684 byte lastDateFormat; /* format of last date */
wolfSSL 0:1239e9b70ca2 685 byte nextDateFormat; /* format of next date */
wolfSSL 0:1239e9b70ca2 686 RevokedCert* certs; /* revoked cert list */
wolfSSL 0:1239e9b70ca2 687 int totalCerts; /* number on list */
wolfSSL 0:1239e9b70ca2 688 };
wolfSSL 0:1239e9b70ca2 689
wolfSSL 0:1239e9b70ca2 690 CYASSL_LOCAL void InitDecodedCRL(DecodedCRL*);
wolfSSL 0:1239e9b70ca2 691 CYASSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm);
wolfSSL 0:1239e9b70ca2 692 CYASSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
wolfSSL 0:1239e9b70ca2 693
wolfSSL 0:1239e9b70ca2 694
wolfSSL 0:1239e9b70ca2 695 #endif /* HAVE_CRL */
wolfSSL 0:1239e9b70ca2 696
wolfSSL 0:1239e9b70ca2 697
wolfSSL 0:1239e9b70ca2 698 #ifdef __cplusplus
wolfSSL 0:1239e9b70ca2 699 } /* extern "C" */
wolfSSL 0:1239e9b70ca2 700 #endif
wolfSSL 0:1239e9b70ca2 701
wolfSSL 0:1239e9b70ca2 702 #endif /* CTAO_CRYPT_ASN_H */
wolfSSL 0:1239e9b70ca2 703
wolfSSL 0:1239e9b70ca2 704 #endif /* !NO_ASN */
wolfSSL 0:1239e9b70ca2 705