asn_public.h

00001 /* asn_public.h
00002  *
00003  * Copyright (C) 2006-2016 wolfSSL Inc.
00004  *
00005  * This file is part of wolfSSL.
00006  *
00007  * wolfSSL is free software; you can redistribute it and/or modify
00008  * it under the terms of the GNU General Public License as published by
00009  * the Free Software Foundation; either version 2 of the License, or
00010  * (at your option) any later version.
00011  *
00012  * wolfSSL is distributed in the hope that it will be useful,
00013  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00014  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00015  * GNU General Public License for more details.
00016  *
00017  * You should have received a copy of the GNU General Public License
00018  * along with this program; if not, write to the Free Software
00019  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
00020  */
00021 
00022 
00023 
00024 #ifndef WOLF_CRYPT_ASN_PUBLIC_H
00025 #define WOLF_CRYPT_ASN_PUBLIC_H
00026 
00027 #include <wolfssl/wolfcrypt/types.h>
00028 
00029 #ifdef __cplusplus
00030     extern "C" {
00031 #endif
00032 
00033 /* guard on redeclaration */
00034 #ifndef WC_ECCKEY_TYPE_DEFINED
00035     typedef struct ecc_key ecc_key;
00036     #define WC_ECCKEY_TYPE_DEFINED
00037 #endif
00038 #ifndef WC_RSAKEY_TYPE_DEFINED
00039     typedef struct RsaKey RsaKey;
00040     #define WC_RSAKEY_TYPE_DEFINED
00041 #endif
00042 #ifndef WC_RNG_TYPE_DEFINED
00043     typedef struct WC_RNG WC_RNG;
00044     #define WC_RNG_TYPE_DEFINED
00045 #endif
00046 
00047 /* Certificate file Type */
00048 enum CertType {
00049     CERT_TYPE       = 0,
00050     PRIVATEKEY_TYPE,
00051     DH_PARAM_TYPE,
00052     DSA_PARAM_TYPE,
00053     CRL_TYPE,
00054     CA_TYPE,
00055     ECC_PRIVATEKEY_TYPE,
00056     DSA_PRIVATEKEY_TYPE,
00057     CERTREQ_TYPE,
00058     DSA_TYPE,
00059     ECC_TYPE,
00060     RSA_TYPE,
00061     PUBLICKEY_TYPE,
00062     RSA_PUBLICKEY_TYPE,
00063     ECC_PUBLICKEY_TYPE,
00064     TRUSTED_PEER_TYPE
00065 };
00066 
00067 
00068 /* Signature type, by OID sum */
00069 enum Ctc_SigType {
00070     CTC_SHAwDSA      = 517,
00071     CTC_MD2wRSA      = 646,
00072     CTC_MD5wRSA      = 648,
00073     CTC_SHAwRSA      = 649,
00074     CTC_SHAwECDSA    = 520,
00075     CTC_SHA224wRSA   = 658,
00076     CTC_SHA224wECDSA = 527,
00077     CTC_SHA256wRSA   = 655,
00078     CTC_SHA256wECDSA = 524,
00079     CTC_SHA384wRSA   = 656,
00080     CTC_SHA384wECDSA = 525,
00081     CTC_SHA512wRSA   = 657,
00082     CTC_SHA512wECDSA = 526
00083 };
00084 
00085 enum Ctc_Encoding {
00086     CTC_UTF8       = 0x0c, /* utf8      */
00087     CTC_PRINTABLE  = 0x13  /* printable */
00088 };
00089 
00090 enum Ctc_Misc {
00091     CTC_COUNTRY_SIZE  =     2,
00092     CTC_NAME_SIZE     =    64,
00093     CTC_DATE_SIZE     =    32,
00094     CTC_MAX_ALT_SIZE  = 16384,   /* may be huge */
00095     CTC_SERIAL_SIZE   =     8,
00096 #ifdef WOLFSSL_CERT_EXT
00097     /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum
00098      * We support only hash */
00099     CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
00100     CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
00101     CTC_MAX_CERTPOL_SZ = 64,
00102     CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */
00103 #endif /* WOLFSSL_CERT_EXT */
00104 };
00105 
00106 
00107 #ifdef WOLFSSL_CERT_GEN
00108 
00109 typedef struct CertName {
00110     char country[CTC_NAME_SIZE];
00111     char countryEnc;
00112     char state[CTC_NAME_SIZE];
00113     char stateEnc;
00114     char locality[CTC_NAME_SIZE];
00115     char localityEnc;
00116     char sur[CTC_NAME_SIZE];
00117     char surEnc;
00118     char org[CTC_NAME_SIZE];
00119     char orgEnc;
00120     char unit[CTC_NAME_SIZE];
00121     char unitEnc;
00122     char commonName[CTC_NAME_SIZE];
00123     char commonNameEnc;
00124     char email[CTC_NAME_SIZE];  /* !!!! email has to be last !!!! */
00125 } CertName;
00126 
00127 
00128 /* for user to fill for certificate generation */
00129 typedef struct Cert {
00130     int      version;                   /* x509 version  */
00131     byte     serial[CTC_SERIAL_SIZE];   /* serial number */
00132     int      sigType;                   /* signature algo type */
00133     CertName issuer;                    /* issuer info */
00134     int      daysValid;                 /* validity days */
00135     int      selfSigned;                /* self signed flag */
00136     CertName subject;                   /* subject info */
00137     int      isCA;                      /* is this going to be a CA */
00138     /* internal use only */
00139     int      bodySz;                    /* pre sign total size */
00140     int      keyType;                   /* public key type of subject */
00141 #ifdef WOLFSSL_ALT_NAMES
00142     byte     altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
00143     int      altNamesSz;                 /* altNames size in bytes */
00144     byte     beforeDate[CTC_DATE_SIZE];  /* before date copy */
00145     int      beforeDateSz;               /* size of copy */
00146     byte     afterDate[CTC_DATE_SIZE];   /* after date copy */
00147     int      afterDateSz;                /* size of copy */
00148 #endif
00149 #ifdef WOLFSSL_CERT_EXT
00150     byte    skid[CTC_MAX_SKID_SIZE];     /* Subject Key Identifier */
00151     int     skidSz;                      /* SKID size in bytes */
00152     byte    akid[CTC_MAX_AKID_SIZE];     /* Authority Key Identifier */
00153     int     akidSz;                      /* AKID size in bytes */
00154     word16  keyUsage;                    /* Key Usage */
00155     char    certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ];
00156     word16  certPoliciesNb;              /* Number of Cert Policy */
00157 #endif
00158 #ifdef WOLFSSL_CERT_REQ
00159     char     challengePw[CTC_NAME_SIZE];
00160 #endif
00161     void*   heap; /* heap hint */
00162 } Cert;
00163 
00164 
00165 /* Initialize and Set Certificate defaults:
00166    version    = 3 (0x2)
00167    serial     = 0 (Will be randomly generated)
00168    sigType    = SHA_WITH_RSA
00169    issuer     = blank
00170    daysValid  = 500
00171    selfSigned = 1 (true) use subject as issuer
00172    subject    = blank
00173    isCA       = 0 (false)
00174    keyType    = RSA_KEY (default)
00175 */
00176 WOLFSSL_API void wc_InitCert(Cert*);
00177 WOLFSSL_API int  wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
00178                          ecc_key*, WC_RNG*);
00179 #ifdef WOLFSSL_CERT_REQ
00180     WOLFSSL_API int  wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
00181                                     RsaKey*, ecc_key*);
00182 #endif
00183 WOLFSSL_API int  wc_SignCert(int requestSz, int sigType, byte* derBuffer,
00184                          word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
00185 WOLFSSL_API int  wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
00186                              WC_RNG*);
00187 WOLFSSL_API int  wc_SetIssuer(Cert*, const char*);
00188 WOLFSSL_API int  wc_SetSubject(Cert*, const char*);
00189 #ifdef WOLFSSL_ALT_NAMES
00190     WOLFSSL_API int  wc_SetAltNames(Cert*, const char*);
00191 #endif
00192 WOLFSSL_API int  wc_SetIssuerBuffer(Cert*, const byte*, int);
00193 WOLFSSL_API int  wc_SetSubjectBuffer(Cert*, const byte*, int);
00194 WOLFSSL_API int  wc_SetAltNamesBuffer(Cert*, const byte*, int);
00195 WOLFSSL_API int  wc_SetDatesBuffer(Cert*, const byte*, int);
00196 
00197 #ifdef WOLFSSL_CERT_EXT
00198 WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
00199                                              ecc_key *eckey);
00200 WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz);
00201 WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file);
00202 WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
00203                                                 ecc_key *eckey);
00204 WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file);
00205 
00206 #ifdef HAVE_NTRU
00207 WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,
00208                                                     word16 ntruKeySz);
00209 #endif
00210 
00211 /* Set the KeyUsage.
00212  * Value is a string separated tokens with ','. Accepted tokens are :
00213  * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign,
00214  * dataEncipherment,keyAgreement,keyEncipherment,encipherOnly and decipherOnly.
00215  *
00216  * nonRepudiation and contentCommitment are for the same usage.
00217  */
00218 WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
00219 
00220 #endif /* WOLFSSL_CERT_EXT */
00221 
00222     #ifdef HAVE_NTRU
00223         WOLFSSL_API int  wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
00224                                      const byte* ntruKey, word16 keySz,
00225                                      WC_RNG*);
00226     #endif
00227 
00228 #endif /* WOLFSSL_CERT_GEN */
00229 
00230 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
00231     #ifndef WOLFSSL_PEMPUBKEY_TODER_DEFINED
00232         #ifndef NO_FILESYSTEM
00233         /* forward from wolfssl */
00234         WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName,
00235                                                unsigned char* derBuf, int derSz);
00236         #endif
00237 
00238         /* forward from wolfssl */
00239         WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
00240                                                unsigned char*, int);
00241         #define WOLFSSL_PEMPUBKEY_TODER_DEFINED
00242     #endif /* WOLFSSL_PEMPUBKEY_TODER_DEFINED */
00243 #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
00244 
00245 #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || !defined(NO_DSA) \
00246                              || defined(OPENSSL_EXTRA)
00247     WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
00248                                 word32 outputSz, int type);
00249     WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
00250                                 word32 outputSz, byte *cipherIno, int type);
00251 #endif
00252 
00253 #ifdef HAVE_ECC
00254     /* private key helpers */
00255     WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,
00256                                            ecc_key*, word32);
00257     WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen);
00258     WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output,
00259                                           word32 inLen);
00260 
00261     /* public key helper */
00262     WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*,
00263                                               ecc_key*, word32);
00264     #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
00265         WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output,
00266                                                word32 inLen, int with_AlgCurve);
00267     #endif
00268 #endif
00269 
00270 /* DER encode signature */
00271 WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest,
00272                                       word32 digSz, int hashOID);
00273 WOLFSSL_API int wc_GetCTC_HashOID(int type);
00274 
00275 WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input,
00276                                              word32* inOutIdx, word32 sz);
00277 WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz,
00278        byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz);
00279 
00280 /* Time */
00281 /* Returns seconds (Epoch/UTC)
00282  * timePtr: is "time_t", which is typically "long"
00283  * Example:
00284     long lTime;
00285     rc = wc_GetTime(&lTime, (word32)sizeof(lTime));
00286 */
00287 WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize);
00288 
00289 #ifdef __cplusplus
00290     } /* extern "C" */
00291 #endif
00292 
00293 #endif /* WOLF_CRYPT_ASN_PUBLIC_H */
00294 
00295