wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfssl/wolfcrypt/asn.h@4:1b0d80432c79, 2016-04-28 (annotated)
- Committer:
- wolfSSL
- Date:
- Thu Apr 28 00:57:21 2016 +0000
- Revision:
- 4:1b0d80432c79
wolfSSL 3.9.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 4:1b0d80432c79 | 1 | /* asn.h |
wolfSSL | 4:1b0d80432c79 | 2 | * |
wolfSSL | 4:1b0d80432c79 | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 4:1b0d80432c79 | 4 | * |
wolfSSL | 4:1b0d80432c79 | 5 | * This file is part of wolfSSL. |
wolfSSL | 4:1b0d80432c79 | 6 | * |
wolfSSL | 4:1b0d80432c79 | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 4:1b0d80432c79 | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 4:1b0d80432c79 | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 4:1b0d80432c79 | 10 | * (at your option) any later version. |
wolfSSL | 4:1b0d80432c79 | 11 | * |
wolfSSL | 4:1b0d80432c79 | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 4:1b0d80432c79 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 4:1b0d80432c79 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 4:1b0d80432c79 | 15 | * GNU General Public License for more details. |
wolfSSL | 4:1b0d80432c79 | 16 | * |
wolfSSL | 4:1b0d80432c79 | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 4:1b0d80432c79 | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 4:1b0d80432c79 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 4:1b0d80432c79 | 20 | */ |
wolfSSL | 4:1b0d80432c79 | 21 | |
wolfSSL | 4:1b0d80432c79 | 22 | |
wolfSSL | 4:1b0d80432c79 | 23 | #ifndef WOLF_CRYPT_ASN_H |
wolfSSL | 4:1b0d80432c79 | 24 | #define WOLF_CRYPT_ASN_H |
wolfSSL | 4:1b0d80432c79 | 25 | |
wolfSSL | 4:1b0d80432c79 | 26 | #include <wolfssl/wolfcrypt/types.h> |
wolfSSL | 4:1b0d80432c79 | 27 | |
wolfSSL | 4:1b0d80432c79 | 28 | #ifndef NO_ASN |
wolfSSL | 4:1b0d80432c79 | 29 | |
wolfSSL | 4:1b0d80432c79 | 30 | #include <wolfssl/wolfcrypt/integer.h> |
wolfSSL | 4:1b0d80432c79 | 31 | #ifndef NO_RSA |
wolfSSL | 4:1b0d80432c79 | 32 | #include <wolfssl/wolfcrypt/rsa.h> |
wolfSSL | 4:1b0d80432c79 | 33 | #endif |
wolfSSL | 4:1b0d80432c79 | 34 | |
wolfSSL | 4:1b0d80432c79 | 35 | /* fips declare of RsaPrivateKeyDecode @wc_fips */ |
wolfSSL | 4:1b0d80432c79 | 36 | #if defined(HAVE_FIPS) && !defined(NO_RSA) |
wolfSSL | 4:1b0d80432c79 | 37 | #include <cyassl/ctaocrypt/rsa.h> |
wolfSSL | 4:1b0d80432c79 | 38 | #endif |
wolfSSL | 4:1b0d80432c79 | 39 | |
wolfSSL | 4:1b0d80432c79 | 40 | #ifndef NO_DH |
wolfSSL | 4:1b0d80432c79 | 41 | #include <wolfssl/wolfcrypt/dh.h> |
wolfSSL | 4:1b0d80432c79 | 42 | #endif |
wolfSSL | 4:1b0d80432c79 | 43 | #ifndef NO_DSA |
wolfSSL | 4:1b0d80432c79 | 44 | #include <wolfssl/wolfcrypt/dsa.h> |
wolfSSL | 4:1b0d80432c79 | 45 | #endif |
wolfSSL | 4:1b0d80432c79 | 46 | #ifndef NO_SHA |
wolfSSL | 4:1b0d80432c79 | 47 | #include <wolfssl/wolfcrypt/sha.h> |
wolfSSL | 4:1b0d80432c79 | 48 | #endif |
wolfSSL | 4:1b0d80432c79 | 49 | #ifndef NO_MD5 |
wolfSSL | 4:1b0d80432c79 | 50 | #include <wolfssl/wolfcrypt/md5.h> |
wolfSSL | 4:1b0d80432c79 | 51 | #endif |
wolfSSL | 4:1b0d80432c79 | 52 | #include <wolfssl/wolfcrypt/sha256.h> |
wolfSSL | 4:1b0d80432c79 | 53 | #include <wolfssl/wolfcrypt/asn_public.h> /* public interface */ |
wolfSSL | 4:1b0d80432c79 | 54 | #ifdef HAVE_ECC |
wolfSSL | 4:1b0d80432c79 | 55 | #include <wolfssl/wolfcrypt/ecc.h> |
wolfSSL | 4:1b0d80432c79 | 56 | #endif |
wolfSSL | 4:1b0d80432c79 | 57 | |
wolfSSL | 4:1b0d80432c79 | 58 | #ifdef __cplusplus |
wolfSSL | 4:1b0d80432c79 | 59 | extern "C" { |
wolfSSL | 4:1b0d80432c79 | 60 | #endif |
wolfSSL | 4:1b0d80432c79 | 61 | |
wolfSSL | 4:1b0d80432c79 | 62 | |
wolfSSL | 4:1b0d80432c79 | 63 | enum { |
wolfSSL | 4:1b0d80432c79 | 64 | ISSUER = 0, |
wolfSSL | 4:1b0d80432c79 | 65 | SUBJECT = 1, |
wolfSSL | 4:1b0d80432c79 | 66 | |
wolfSSL | 4:1b0d80432c79 | 67 | EXTERNAL_SERIAL_SIZE = 32, |
wolfSSL | 4:1b0d80432c79 | 68 | |
wolfSSL | 4:1b0d80432c79 | 69 | BEFORE = 0, |
wolfSSL | 4:1b0d80432c79 | 70 | AFTER = 1 |
wolfSSL | 4:1b0d80432c79 | 71 | }; |
wolfSSL | 4:1b0d80432c79 | 72 | |
wolfSSL | 4:1b0d80432c79 | 73 | /* ASN Tags */ |
wolfSSL | 4:1b0d80432c79 | 74 | enum ASN_Tags { |
wolfSSL | 4:1b0d80432c79 | 75 | ASN_BOOLEAN = 0x01, |
wolfSSL | 4:1b0d80432c79 | 76 | ASN_INTEGER = 0x02, |
wolfSSL | 4:1b0d80432c79 | 77 | ASN_BIT_STRING = 0x03, |
wolfSSL | 4:1b0d80432c79 | 78 | ASN_OCTET_STRING = 0x04, |
wolfSSL | 4:1b0d80432c79 | 79 | ASN_TAG_NULL = 0x05, |
wolfSSL | 4:1b0d80432c79 | 80 | ASN_OBJECT_ID = 0x06, |
wolfSSL | 4:1b0d80432c79 | 81 | ASN_ENUMERATED = 0x0a, |
wolfSSL | 4:1b0d80432c79 | 82 | ASN_UTF8STRING = 0x0c, |
wolfSSL | 4:1b0d80432c79 | 83 | ASN_SEQUENCE = 0x10, |
wolfSSL | 4:1b0d80432c79 | 84 | ASN_SET = 0x11, |
wolfSSL | 4:1b0d80432c79 | 85 | ASN_UTC_TIME = 0x17, |
wolfSSL | 4:1b0d80432c79 | 86 | ASN_OTHER_TYPE = 0x00, |
wolfSSL | 4:1b0d80432c79 | 87 | ASN_RFC822_TYPE = 0x01, |
wolfSSL | 4:1b0d80432c79 | 88 | ASN_DNS_TYPE = 0x02, |
wolfSSL | 4:1b0d80432c79 | 89 | ASN_DIR_TYPE = 0x04, |
wolfSSL | 4:1b0d80432c79 | 90 | ASN_GENERALIZED_TIME = 0x18, |
wolfSSL | 4:1b0d80432c79 | 91 | CRL_EXTENSIONS = 0xa0, |
wolfSSL | 4:1b0d80432c79 | 92 | ASN_EXTENSIONS = 0xa3, |
wolfSSL | 4:1b0d80432c79 | 93 | ASN_LONG_LENGTH = 0x80 |
wolfSSL | 4:1b0d80432c79 | 94 | }; |
wolfSSL | 4:1b0d80432c79 | 95 | |
wolfSSL | 4:1b0d80432c79 | 96 | enum ASN_Flags{ |
wolfSSL | 4:1b0d80432c79 | 97 | ASN_CONSTRUCTED = 0x20, |
wolfSSL | 4:1b0d80432c79 | 98 | ASN_CONTEXT_SPECIFIC = 0x80 |
wolfSSL | 4:1b0d80432c79 | 99 | }; |
wolfSSL | 4:1b0d80432c79 | 100 | |
wolfSSL | 4:1b0d80432c79 | 101 | enum DN_Tags { |
wolfSSL | 4:1b0d80432c79 | 102 | ASN_COMMON_NAME = 0x03, /* CN */ |
wolfSSL | 4:1b0d80432c79 | 103 | ASN_SUR_NAME = 0x04, /* SN */ |
wolfSSL | 4:1b0d80432c79 | 104 | ASN_SERIAL_NUMBER = 0x05, /* serialNumber */ |
wolfSSL | 4:1b0d80432c79 | 105 | ASN_COUNTRY_NAME = 0x06, /* C */ |
wolfSSL | 4:1b0d80432c79 | 106 | ASN_LOCALITY_NAME = 0x07, /* L */ |
wolfSSL | 4:1b0d80432c79 | 107 | ASN_STATE_NAME = 0x08, /* ST */ |
wolfSSL | 4:1b0d80432c79 | 108 | ASN_ORG_NAME = 0x0a, /* O */ |
wolfSSL | 4:1b0d80432c79 | 109 | ASN_ORGUNIT_NAME = 0x0b /* OU */ |
wolfSSL | 4:1b0d80432c79 | 110 | }; |
wolfSSL | 4:1b0d80432c79 | 111 | |
wolfSSL | 4:1b0d80432c79 | 112 | enum PBES { |
wolfSSL | 4:1b0d80432c79 | 113 | PBE_MD5_DES = 0, |
wolfSSL | 4:1b0d80432c79 | 114 | PBE_SHA1_DES = 1, |
wolfSSL | 4:1b0d80432c79 | 115 | PBE_SHA1_DES3 = 2, |
wolfSSL | 4:1b0d80432c79 | 116 | PBE_SHA1_RC4_128 = 3, |
wolfSSL | 4:1b0d80432c79 | 117 | PBES2 = 13 /* algo ID */ |
wolfSSL | 4:1b0d80432c79 | 118 | }; |
wolfSSL | 4:1b0d80432c79 | 119 | |
wolfSSL | 4:1b0d80432c79 | 120 | enum ENCRYPTION_TYPES { |
wolfSSL | 4:1b0d80432c79 | 121 | DES_TYPE = 0, |
wolfSSL | 4:1b0d80432c79 | 122 | DES3_TYPE = 1, |
wolfSSL | 4:1b0d80432c79 | 123 | RC4_TYPE = 2 |
wolfSSL | 4:1b0d80432c79 | 124 | }; |
wolfSSL | 4:1b0d80432c79 | 125 | |
wolfSSL | 4:1b0d80432c79 | 126 | enum ECC_TYPES { |
wolfSSL | 4:1b0d80432c79 | 127 | ECC_PREFIX_0 = 160, |
wolfSSL | 4:1b0d80432c79 | 128 | ECC_PREFIX_1 = 161 |
wolfSSL | 4:1b0d80432c79 | 129 | }; |
wolfSSL | 4:1b0d80432c79 | 130 | |
wolfSSL | 4:1b0d80432c79 | 131 | enum Misc_ASN { |
wolfSSL | 4:1b0d80432c79 | 132 | ASN_NAME_MAX = 256, |
wolfSSL | 4:1b0d80432c79 | 133 | MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ |
wolfSSL | 4:1b0d80432c79 | 134 | MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ |
wolfSSL | 4:1b0d80432c79 | 135 | MAX_KEY_SIZE = 64, /* MAX PKCS Key length */ |
wolfSSL | 4:1b0d80432c79 | 136 | PKCS5 = 5, /* PKCS oid tag */ |
wolfSSL | 4:1b0d80432c79 | 137 | PKCS5v2 = 6, /* PKCS #5 v2.0 */ |
wolfSSL | 4:1b0d80432c79 | 138 | PKCS12 = 12, /* PKCS #12 */ |
wolfSSL | 4:1b0d80432c79 | 139 | MAX_UNICODE_SZ = 256, |
wolfSSL | 4:1b0d80432c79 | 140 | ASN_BOOL_SIZE = 2, /* including type */ |
wolfSSL | 4:1b0d80432c79 | 141 | ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ |
wolfSSL | 4:1b0d80432c79 | 142 | ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ |
wolfSSL | 4:1b0d80432c79 | 143 | #ifdef NO_SHA |
wolfSSL | 4:1b0d80432c79 | 144 | KEYID_SIZE = SHA256_DIGEST_SIZE, |
wolfSSL | 4:1b0d80432c79 | 145 | #else |
wolfSSL | 4:1b0d80432c79 | 146 | KEYID_SIZE = SHA_DIGEST_SIZE, |
wolfSSL | 4:1b0d80432c79 | 147 | #endif |
wolfSSL | 4:1b0d80432c79 | 148 | RSA_INTS = 8, /* RSA ints in private key */ |
wolfSSL | 4:1b0d80432c79 | 149 | DSA_INTS = 5, /* DSA ints in private key */ |
wolfSSL | 4:1b0d80432c79 | 150 | MIN_DATE_SIZE = 13, |
wolfSSL | 4:1b0d80432c79 | 151 | MAX_DATE_SIZE = 32, |
wolfSSL | 4:1b0d80432c79 | 152 | ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ |
wolfSSL | 4:1b0d80432c79 | 153 | MAX_ENCODED_SIG_SZ = 512, |
wolfSSL | 4:1b0d80432c79 | 154 | MAX_SIG_SZ = 256, |
wolfSSL | 4:1b0d80432c79 | 155 | MAX_ALGO_SZ = 20, |
wolfSSL | 4:1b0d80432c79 | 156 | MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ |
wolfSSL | 4:1b0d80432c79 | 157 | MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ |
wolfSSL | 4:1b0d80432c79 | 158 | MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ |
wolfSSL | 4:1b0d80432c79 | 159 | MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */ |
wolfSSL | 4:1b0d80432c79 | 160 | MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ |
wolfSSL | 4:1b0d80432c79 | 161 | MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ |
wolfSSL | 4:1b0d80432c79 | 162 | MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + length(4) */ |
wolfSSL | 4:1b0d80432c79 | 163 | MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ |
wolfSSL | 4:1b0d80432c79 | 164 | MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ |
wolfSSL | 4:1b0d80432c79 | 165 | MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ |
wolfSSL | 4:1b0d80432c79 | 166 | MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ |
wolfSSL | 4:1b0d80432c79 | 167 | MAX_RSA_E_SZ = 16, /* Max RSA public e size */ |
wolfSSL | 4:1b0d80432c79 | 168 | MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ |
wolfSSL | 4:1b0d80432c79 | 169 | MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ |
wolfSSL | 4:1b0d80432c79 | 170 | MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, /* Maximum DER digest size */ |
wolfSSL | 4:1b0d80432c79 | 171 | #ifdef WOLFSSL_CERT_GEN |
wolfSSL | 4:1b0d80432c79 | 172 | #ifdef WOLFSSL_CERT_REQ |
wolfSSL | 4:1b0d80432c79 | 173 | /* Max encoded cert req attributes length */ |
wolfSSL | 4:1b0d80432c79 | 174 | MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + |
wolfSSL | 4:1b0d80432c79 | 175 | MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ |
wolfSSL | 4:1b0d80432c79 | 176 | #endif |
wolfSSL | 4:1b0d80432c79 | 177 | #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT) |
wolfSSL | 4:1b0d80432c79 | 178 | MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, |
wolfSSL | 4:1b0d80432c79 | 179 | #else |
wolfSSL | 4:1b0d80432c79 | 180 | MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, |
wolfSSL | 4:1b0d80432c79 | 181 | #endif |
wolfSSL | 4:1b0d80432c79 | 182 | /* Max total extensions, id + len + others */ |
wolfSSL | 4:1b0d80432c79 | 183 | #endif |
wolfSSL | 4:1b0d80432c79 | 184 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 4:1b0d80432c79 | 185 | MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ |
wolfSSL | 4:1b0d80432c79 | 186 | MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ |
wolfSSL | 4:1b0d80432c79 | 187 | MAX_OID_SZ = 32, /* Max DER length of OID*/ |
wolfSSL | 4:1b0d80432c79 | 188 | MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ |
wolfSSL | 4:1b0d80432c79 | 189 | MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ |
wolfSSL | 4:1b0d80432c79 | 190 | MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, |
wolfSSL | 4:1b0d80432c79 | 191 | #endif |
wolfSSL | 4:1b0d80432c79 | 192 | OCSP_NONCE_EXT_SZ = 37, /* OCSP Nonce Extension size */ |
wolfSSL | 4:1b0d80432c79 | 193 | MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ |
wolfSSL | 4:1b0d80432c79 | 194 | MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ |
wolfSSL | 4:1b0d80432c79 | 195 | EIGHTK_BUF = 8192, /* Tmp buffer size */ |
wolfSSL | 4:1b0d80432c79 | 196 | MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, |
wolfSSL | 4:1b0d80432c79 | 197 | /* use bigger NTRU size */ |
wolfSSL | 4:1b0d80432c79 | 198 | HEADER_ENCRYPTED_KEY_SIZE = 88 /* Extra header size for encrypted key */ |
wolfSSL | 4:1b0d80432c79 | 199 | }; |
wolfSSL | 4:1b0d80432c79 | 200 | |
wolfSSL | 4:1b0d80432c79 | 201 | |
wolfSSL | 4:1b0d80432c79 | 202 | enum Oid_Types { |
wolfSSL | 4:1b0d80432c79 | 203 | hashType = 0, |
wolfSSL | 4:1b0d80432c79 | 204 | sigType = 1, |
wolfSSL | 4:1b0d80432c79 | 205 | keyType = 2, |
wolfSSL | 4:1b0d80432c79 | 206 | curveType = 3, |
wolfSSL | 4:1b0d80432c79 | 207 | blkType = 4, |
wolfSSL | 4:1b0d80432c79 | 208 | ocspType = 5, |
wolfSSL | 4:1b0d80432c79 | 209 | certExtType = 6, |
wolfSSL | 4:1b0d80432c79 | 210 | certAuthInfoType = 7, |
wolfSSL | 4:1b0d80432c79 | 211 | certPolicyType = 8, |
wolfSSL | 4:1b0d80432c79 | 212 | certAltNameType = 9, |
wolfSSL | 4:1b0d80432c79 | 213 | certKeyUseType = 10, |
wolfSSL | 4:1b0d80432c79 | 214 | kdfType = 11, |
wolfSSL | 4:1b0d80432c79 | 215 | ignoreType |
wolfSSL | 4:1b0d80432c79 | 216 | }; |
wolfSSL | 4:1b0d80432c79 | 217 | |
wolfSSL | 4:1b0d80432c79 | 218 | |
wolfSSL | 4:1b0d80432c79 | 219 | enum Hash_Sum { |
wolfSSL | 4:1b0d80432c79 | 220 | MD2h = 646, |
wolfSSL | 4:1b0d80432c79 | 221 | MD5h = 649, |
wolfSSL | 4:1b0d80432c79 | 222 | SHAh = 88, |
wolfSSL | 4:1b0d80432c79 | 223 | SHA256h = 414, |
wolfSSL | 4:1b0d80432c79 | 224 | SHA384h = 415, |
wolfSSL | 4:1b0d80432c79 | 225 | SHA512h = 416 |
wolfSSL | 4:1b0d80432c79 | 226 | }; |
wolfSSL | 4:1b0d80432c79 | 227 | |
wolfSSL | 4:1b0d80432c79 | 228 | |
wolfSSL | 4:1b0d80432c79 | 229 | enum Block_Sum { |
wolfSSL | 4:1b0d80432c79 | 230 | DESb = 69, |
wolfSSL | 4:1b0d80432c79 | 231 | DES3b = 652 |
wolfSSL | 4:1b0d80432c79 | 232 | }; |
wolfSSL | 4:1b0d80432c79 | 233 | |
wolfSSL | 4:1b0d80432c79 | 234 | |
wolfSSL | 4:1b0d80432c79 | 235 | enum Key_Sum { |
wolfSSL | 4:1b0d80432c79 | 236 | DSAk = 515, |
wolfSSL | 4:1b0d80432c79 | 237 | RSAk = 645, |
wolfSSL | 4:1b0d80432c79 | 238 | NTRUk = 274, |
wolfSSL | 4:1b0d80432c79 | 239 | ECDSAk = 518 |
wolfSSL | 4:1b0d80432c79 | 240 | }; |
wolfSSL | 4:1b0d80432c79 | 241 | |
wolfSSL | 4:1b0d80432c79 | 242 | |
wolfSSL | 4:1b0d80432c79 | 243 | enum Ecc_Sum { |
wolfSSL | 4:1b0d80432c79 | 244 | ECC_256R1 = 526, |
wolfSSL | 4:1b0d80432c79 | 245 | ECC_384R1 = 210, |
wolfSSL | 4:1b0d80432c79 | 246 | ECC_521R1 = 211, |
wolfSSL | 4:1b0d80432c79 | 247 | ECC_160R1 = 184, |
wolfSSL | 4:1b0d80432c79 | 248 | ECC_192R1 = 520, |
wolfSSL | 4:1b0d80432c79 | 249 | ECC_224R1 = 209 |
wolfSSL | 4:1b0d80432c79 | 250 | }; |
wolfSSL | 4:1b0d80432c79 | 251 | |
wolfSSL | 4:1b0d80432c79 | 252 | |
wolfSSL | 4:1b0d80432c79 | 253 | enum KDF_Sum { |
wolfSSL | 4:1b0d80432c79 | 254 | PBKDF2_OID = 660 |
wolfSSL | 4:1b0d80432c79 | 255 | }; |
wolfSSL | 4:1b0d80432c79 | 256 | |
wolfSSL | 4:1b0d80432c79 | 257 | |
wolfSSL | 4:1b0d80432c79 | 258 | enum Extensions_Sum { |
wolfSSL | 4:1b0d80432c79 | 259 | BASIC_CA_OID = 133, |
wolfSSL | 4:1b0d80432c79 | 260 | ALT_NAMES_OID = 131, |
wolfSSL | 4:1b0d80432c79 | 261 | CRL_DIST_OID = 145, |
wolfSSL | 4:1b0d80432c79 | 262 | AUTH_INFO_OID = 69, |
wolfSSL | 4:1b0d80432c79 | 263 | AUTH_KEY_OID = 149, |
wolfSSL | 4:1b0d80432c79 | 264 | SUBJ_KEY_OID = 128, |
wolfSSL | 4:1b0d80432c79 | 265 | CERT_POLICY_OID = 146, |
wolfSSL | 4:1b0d80432c79 | 266 | KEY_USAGE_OID = 129, /* 2.5.29.15 */ |
wolfSSL | 4:1b0d80432c79 | 267 | INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ |
wolfSSL | 4:1b0d80432c79 | 268 | EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ |
wolfSSL | 4:1b0d80432c79 | 269 | NAME_CONS_OID = 144 /* 2.5.29.30 */ |
wolfSSL | 4:1b0d80432c79 | 270 | }; |
wolfSSL | 4:1b0d80432c79 | 271 | |
wolfSSL | 4:1b0d80432c79 | 272 | enum CertificatePolicy_Sum { |
wolfSSL | 4:1b0d80432c79 | 273 | CP_ANY_OID = 146 /* id-ce 32 0 */ |
wolfSSL | 4:1b0d80432c79 | 274 | }; |
wolfSSL | 4:1b0d80432c79 | 275 | |
wolfSSL | 4:1b0d80432c79 | 276 | enum SepHardwareName_Sum { |
wolfSSL | 4:1b0d80432c79 | 277 | HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ |
wolfSSL | 4:1b0d80432c79 | 278 | }; |
wolfSSL | 4:1b0d80432c79 | 279 | |
wolfSSL | 4:1b0d80432c79 | 280 | enum AuthInfo_Sum { |
wolfSSL | 4:1b0d80432c79 | 281 | AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ |
wolfSSL | 4:1b0d80432c79 | 282 | AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */ |
wolfSSL | 4:1b0d80432c79 | 283 | }; |
wolfSSL | 4:1b0d80432c79 | 284 | |
wolfSSL | 4:1b0d80432c79 | 285 | enum ExtKeyUsage_Sum { /* From RFC 5280 */ |
wolfSSL | 4:1b0d80432c79 | 286 | EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */ |
wolfSSL | 4:1b0d80432c79 | 287 | EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */ |
wolfSSL | 4:1b0d80432c79 | 288 | EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */ |
wolfSSL | 4:1b0d80432c79 | 289 | EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, OCSPSigning */ |
wolfSSL | 4:1b0d80432c79 | 290 | }; |
wolfSSL | 4:1b0d80432c79 | 291 | |
wolfSSL | 4:1b0d80432c79 | 292 | |
wolfSSL | 4:1b0d80432c79 | 293 | enum VerifyType { |
wolfSSL | 4:1b0d80432c79 | 294 | NO_VERIFY = 0, |
wolfSSL | 4:1b0d80432c79 | 295 | VERIFY = 1 |
wolfSSL | 4:1b0d80432c79 | 296 | }; |
wolfSSL | 4:1b0d80432c79 | 297 | |
wolfSSL | 4:1b0d80432c79 | 298 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 4:1b0d80432c79 | 299 | enum KeyIdType { |
wolfSSL | 4:1b0d80432c79 | 300 | SKID_TYPE = 0, |
wolfSSL | 4:1b0d80432c79 | 301 | AKID_TYPE = 1 |
wolfSSL | 4:1b0d80432c79 | 302 | }; |
wolfSSL | 4:1b0d80432c79 | 303 | #endif |
wolfSSL | 4:1b0d80432c79 | 304 | |
wolfSSL | 4:1b0d80432c79 | 305 | /* Key usage extension bits */ |
wolfSSL | 4:1b0d80432c79 | 306 | #define KEYUSE_DIGITAL_SIG 0x0080 |
wolfSSL | 4:1b0d80432c79 | 307 | #define KEYUSE_CONTENT_COMMIT 0x0040 |
wolfSSL | 4:1b0d80432c79 | 308 | #define KEYUSE_KEY_ENCIPHER 0x0020 |
wolfSSL | 4:1b0d80432c79 | 309 | #define KEYUSE_DATA_ENCIPHER 0x0010 |
wolfSSL | 4:1b0d80432c79 | 310 | #define KEYUSE_KEY_AGREE 0x0008 |
wolfSSL | 4:1b0d80432c79 | 311 | #define KEYUSE_KEY_CERT_SIGN 0x0004 |
wolfSSL | 4:1b0d80432c79 | 312 | #define KEYUSE_CRL_SIGN 0x0002 |
wolfSSL | 4:1b0d80432c79 | 313 | #define KEYUSE_ENCIPHER_ONLY 0x0001 |
wolfSSL | 4:1b0d80432c79 | 314 | #define KEYUSE_DECIPHER_ONLY 0x8000 |
wolfSSL | 4:1b0d80432c79 | 315 | |
wolfSSL | 4:1b0d80432c79 | 316 | #define EXTKEYUSE_ANY 0x08 |
wolfSSL | 4:1b0d80432c79 | 317 | #define EXTKEYUSE_OCSP_SIGN 0x04 |
wolfSSL | 4:1b0d80432c79 | 318 | #define EXTKEYUSE_CLIENT_AUTH 0x02 |
wolfSSL | 4:1b0d80432c79 | 319 | #define EXTKEYUSE_SERVER_AUTH 0x01 |
wolfSSL | 4:1b0d80432c79 | 320 | |
wolfSSL | 4:1b0d80432c79 | 321 | typedef struct DNS_entry DNS_entry; |
wolfSSL | 4:1b0d80432c79 | 322 | |
wolfSSL | 4:1b0d80432c79 | 323 | struct DNS_entry { |
wolfSSL | 4:1b0d80432c79 | 324 | DNS_entry* next; /* next on DNS list */ |
wolfSSL | 4:1b0d80432c79 | 325 | char* name; /* actual DNS name */ |
wolfSSL | 4:1b0d80432c79 | 326 | }; |
wolfSSL | 4:1b0d80432c79 | 327 | |
wolfSSL | 4:1b0d80432c79 | 328 | |
wolfSSL | 4:1b0d80432c79 | 329 | typedef struct Base_entry Base_entry; |
wolfSSL | 4:1b0d80432c79 | 330 | |
wolfSSL | 4:1b0d80432c79 | 331 | struct Base_entry { |
wolfSSL | 4:1b0d80432c79 | 332 | Base_entry* next; /* next on name base list */ |
wolfSSL | 4:1b0d80432c79 | 333 | char* name; /* actual name base */ |
wolfSSL | 4:1b0d80432c79 | 334 | int nameSz; /* name length */ |
wolfSSL | 4:1b0d80432c79 | 335 | byte type; /* Name base type (DNS or RFC822) */ |
wolfSSL | 4:1b0d80432c79 | 336 | }; |
wolfSSL | 4:1b0d80432c79 | 337 | |
wolfSSL | 4:1b0d80432c79 | 338 | |
wolfSSL | 4:1b0d80432c79 | 339 | struct DecodedName { |
wolfSSL | 4:1b0d80432c79 | 340 | char* fullName; |
wolfSSL | 4:1b0d80432c79 | 341 | int fullNameLen; |
wolfSSL | 4:1b0d80432c79 | 342 | int entryCount; |
wolfSSL | 4:1b0d80432c79 | 343 | int cnIdx; |
wolfSSL | 4:1b0d80432c79 | 344 | int cnLen; |
wolfSSL | 4:1b0d80432c79 | 345 | int snIdx; |
wolfSSL | 4:1b0d80432c79 | 346 | int snLen; |
wolfSSL | 4:1b0d80432c79 | 347 | int cIdx; |
wolfSSL | 4:1b0d80432c79 | 348 | int cLen; |
wolfSSL | 4:1b0d80432c79 | 349 | int lIdx; |
wolfSSL | 4:1b0d80432c79 | 350 | int lLen; |
wolfSSL | 4:1b0d80432c79 | 351 | int stIdx; |
wolfSSL | 4:1b0d80432c79 | 352 | int stLen; |
wolfSSL | 4:1b0d80432c79 | 353 | int oIdx; |
wolfSSL | 4:1b0d80432c79 | 354 | int oLen; |
wolfSSL | 4:1b0d80432c79 | 355 | int ouIdx; |
wolfSSL | 4:1b0d80432c79 | 356 | int ouLen; |
wolfSSL | 4:1b0d80432c79 | 357 | int emailIdx; |
wolfSSL | 4:1b0d80432c79 | 358 | int emailLen; |
wolfSSL | 4:1b0d80432c79 | 359 | int uidIdx; |
wolfSSL | 4:1b0d80432c79 | 360 | int uidLen; |
wolfSSL | 4:1b0d80432c79 | 361 | int serialIdx; |
wolfSSL | 4:1b0d80432c79 | 362 | int serialLen; |
wolfSSL | 4:1b0d80432c79 | 363 | }; |
wolfSSL | 4:1b0d80432c79 | 364 | |
wolfSSL | 4:1b0d80432c79 | 365 | |
wolfSSL | 4:1b0d80432c79 | 366 | typedef struct DecodedCert DecodedCert; |
wolfSSL | 4:1b0d80432c79 | 367 | typedef struct DecodedName DecodedName; |
wolfSSL | 4:1b0d80432c79 | 368 | typedef struct Signer Signer; |
wolfSSL | 4:1b0d80432c79 | 369 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 4:1b0d80432c79 | 370 | typedef struct TrustedPeerCert TrustedPeerCert; |
wolfSSL | 4:1b0d80432c79 | 371 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
wolfSSL | 4:1b0d80432c79 | 372 | |
wolfSSL | 4:1b0d80432c79 | 373 | |
wolfSSL | 4:1b0d80432c79 | 374 | struct DecodedCert { |
wolfSSL | 4:1b0d80432c79 | 375 | byte* publicKey; |
wolfSSL | 4:1b0d80432c79 | 376 | word32 pubKeySize; |
wolfSSL | 4:1b0d80432c79 | 377 | int pubKeyStored; |
wolfSSL | 4:1b0d80432c79 | 378 | word32 certBegin; /* offset to start of cert */ |
wolfSSL | 4:1b0d80432c79 | 379 | word32 sigIndex; /* offset to start of signature */ |
wolfSSL | 4:1b0d80432c79 | 380 | word32 sigLength; /* length of signature */ |
wolfSSL | 4:1b0d80432c79 | 381 | word32 signatureOID; /* sum of algorithm object id */ |
wolfSSL | 4:1b0d80432c79 | 382 | word32 keyOID; /* sum of key algo object id */ |
wolfSSL | 4:1b0d80432c79 | 383 | int version; /* cert version, 1 or 3 */ |
wolfSSL | 4:1b0d80432c79 | 384 | DNS_entry* altNames; /* alt names list of dns entries */ |
wolfSSL | 4:1b0d80432c79 | 385 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 4:1b0d80432c79 | 386 | DNS_entry* altEmailNames; /* alt names list of RFC822 entries */ |
wolfSSL | 4:1b0d80432c79 | 387 | Base_entry* permittedNames; /* Permitted name bases */ |
wolfSSL | 4:1b0d80432c79 | 388 | Base_entry* excludedNames; /* Excluded name bases */ |
wolfSSL | 4:1b0d80432c79 | 389 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 4:1b0d80432c79 | 390 | byte subjectHash[KEYID_SIZE]; /* hash of all Names */ |
wolfSSL | 4:1b0d80432c79 | 391 | byte issuerHash[KEYID_SIZE]; /* hash of all Names */ |
wolfSSL | 4:1b0d80432c79 | 392 | #ifdef HAVE_OCSP |
wolfSSL | 4:1b0d80432c79 | 393 | byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ |
wolfSSL | 4:1b0d80432c79 | 394 | #endif /* HAVE_OCSP */ |
wolfSSL | 4:1b0d80432c79 | 395 | byte* signature; /* not owned, points into raw cert */ |
wolfSSL | 4:1b0d80432c79 | 396 | char* subjectCN; /* CommonName */ |
wolfSSL | 4:1b0d80432c79 | 397 | int subjectCNLen; /* CommonName Length */ |
wolfSSL | 4:1b0d80432c79 | 398 | char subjectCNEnc; /* CommonName Encoding */ |
wolfSSL | 4:1b0d80432c79 | 399 | int subjectCNStored; /* have we saved a copy we own */ |
wolfSSL | 4:1b0d80432c79 | 400 | char issuer[ASN_NAME_MAX]; /* full name including common name */ |
wolfSSL | 4:1b0d80432c79 | 401 | char subject[ASN_NAME_MAX]; /* full name including common name */ |
wolfSSL | 4:1b0d80432c79 | 402 | int verify; /* Default to yes, but could be off */ |
wolfSSL | 4:1b0d80432c79 | 403 | byte* source; /* byte buffer holder cert, NOT owner */ |
wolfSSL | 4:1b0d80432c79 | 404 | word32 srcIdx; /* current offset into buffer */ |
wolfSSL | 4:1b0d80432c79 | 405 | word32 maxIdx; /* max offset based on init size */ |
wolfSSL | 4:1b0d80432c79 | 406 | void* heap; /* for user memory overrides */ |
wolfSSL | 4:1b0d80432c79 | 407 | byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ |
wolfSSL | 4:1b0d80432c79 | 408 | int serialSz; /* raw serial bytes stored */ |
wolfSSL | 4:1b0d80432c79 | 409 | byte* extensions; /* not owned, points into raw cert */ |
wolfSSL | 4:1b0d80432c79 | 410 | int extensionsSz; /* length of cert extensions */ |
wolfSSL | 4:1b0d80432c79 | 411 | word32 extensionsIdx; /* if want to go back and parse later */ |
wolfSSL | 4:1b0d80432c79 | 412 | byte* extAuthInfo; /* Authority Information Access URI */ |
wolfSSL | 4:1b0d80432c79 | 413 | int extAuthInfoSz; /* length of the URI */ |
wolfSSL | 4:1b0d80432c79 | 414 | byte* extCrlInfo; /* CRL Distribution Points */ |
wolfSSL | 4:1b0d80432c79 | 415 | int extCrlInfoSz; /* length of the URI */ |
wolfSSL | 4:1b0d80432c79 | 416 | byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */ |
wolfSSL | 4:1b0d80432c79 | 417 | byte extSubjKeyIdSet; /* Set when the SKID was read from cert */ |
wolfSSL | 4:1b0d80432c79 | 418 | byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */ |
wolfSSL | 4:1b0d80432c79 | 419 | byte extAuthKeyIdSet; /* Set when the AKID was read from cert */ |
wolfSSL | 4:1b0d80432c79 | 420 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 4:1b0d80432c79 | 421 | byte extNameConstraintSet; |
wolfSSL | 4:1b0d80432c79 | 422 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 4:1b0d80432c79 | 423 | byte isCA; /* CA basic constraint true */ |
wolfSSL | 4:1b0d80432c79 | 424 | byte weOwnAltNames; /* altNames haven't been given to copy */ |
wolfSSL | 4:1b0d80432c79 | 425 | byte extKeyUsageSet; |
wolfSSL | 4:1b0d80432c79 | 426 | word16 extKeyUsage; /* Key usage bitfield */ |
wolfSSL | 4:1b0d80432c79 | 427 | byte extExtKeyUsageSet; /* Extended Key Usage */ |
wolfSSL | 4:1b0d80432c79 | 428 | byte extExtKeyUsage; /* Extended Key usage bitfield */ |
wolfSSL | 4:1b0d80432c79 | 429 | #ifdef OPENSSL_EXTRA |
wolfSSL | 4:1b0d80432c79 | 430 | byte extBasicConstSet; |
wolfSSL | 4:1b0d80432c79 | 431 | byte extBasicConstCrit; |
wolfSSL | 4:1b0d80432c79 | 432 | byte extBasicConstPlSet; |
wolfSSL | 4:1b0d80432c79 | 433 | word32 pathLength; /* CA basic constraint path length, opt */ |
wolfSSL | 4:1b0d80432c79 | 434 | byte extSubjAltNameSet; |
wolfSSL | 4:1b0d80432c79 | 435 | byte extSubjAltNameCrit; |
wolfSSL | 4:1b0d80432c79 | 436 | byte extAuthKeyIdCrit; |
wolfSSL | 4:1b0d80432c79 | 437 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 4:1b0d80432c79 | 438 | byte extNameConstraintCrit; |
wolfSSL | 4:1b0d80432c79 | 439 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 4:1b0d80432c79 | 440 | byte extSubjKeyIdCrit; |
wolfSSL | 4:1b0d80432c79 | 441 | byte extKeyUsageCrit; |
wolfSSL | 4:1b0d80432c79 | 442 | byte extExtKeyUsageCrit; |
wolfSSL | 4:1b0d80432c79 | 443 | byte* extExtKeyUsageSrc; |
wolfSSL | 4:1b0d80432c79 | 444 | word32 extExtKeyUsageSz; |
wolfSSL | 4:1b0d80432c79 | 445 | word32 extExtKeyUsageCount; |
wolfSSL | 4:1b0d80432c79 | 446 | byte* extAuthKeyIdSrc; |
wolfSSL | 4:1b0d80432c79 | 447 | word32 extAuthKeyIdSz; |
wolfSSL | 4:1b0d80432c79 | 448 | byte* extSubjKeyIdSrc; |
wolfSSL | 4:1b0d80432c79 | 449 | word32 extSubjKeyIdSz; |
wolfSSL | 4:1b0d80432c79 | 450 | #endif |
wolfSSL | 4:1b0d80432c79 | 451 | #ifdef HAVE_ECC |
wolfSSL | 4:1b0d80432c79 | 452 | word32 pkCurveOID; /* Public Key's curve OID */ |
wolfSSL | 4:1b0d80432c79 | 453 | #endif /* HAVE_ECC */ |
wolfSSL | 4:1b0d80432c79 | 454 | byte* beforeDate; |
wolfSSL | 4:1b0d80432c79 | 455 | int beforeDateLen; |
wolfSSL | 4:1b0d80432c79 | 456 | byte* afterDate; |
wolfSSL | 4:1b0d80432c79 | 457 | int afterDateLen; |
wolfSSL | 4:1b0d80432c79 | 458 | #ifdef HAVE_PKCS7 |
wolfSSL | 4:1b0d80432c79 | 459 | byte* issuerRaw; /* pointer to issuer inside source */ |
wolfSSL | 4:1b0d80432c79 | 460 | int issuerRawLen; |
wolfSSL | 4:1b0d80432c79 | 461 | #endif |
wolfSSL | 4:1b0d80432c79 | 462 | #ifndef IGNORE_NAME_CONSTRAINT |
wolfSSL | 4:1b0d80432c79 | 463 | byte* subjectRaw; /* pointer to subject inside source */ |
wolfSSL | 4:1b0d80432c79 | 464 | int subjectRawLen; |
wolfSSL | 4:1b0d80432c79 | 465 | #endif |
wolfSSL | 4:1b0d80432c79 | 466 | #if defined(WOLFSSL_CERT_GEN) |
wolfSSL | 4:1b0d80432c79 | 467 | /* easy access to subject info for other sign */ |
wolfSSL | 4:1b0d80432c79 | 468 | char* subjectSN; |
wolfSSL | 4:1b0d80432c79 | 469 | int subjectSNLen; |
wolfSSL | 4:1b0d80432c79 | 470 | char subjectSNEnc; |
wolfSSL | 4:1b0d80432c79 | 471 | char* subjectC; |
wolfSSL | 4:1b0d80432c79 | 472 | int subjectCLen; |
wolfSSL | 4:1b0d80432c79 | 473 | char subjectCEnc; |
wolfSSL | 4:1b0d80432c79 | 474 | char* subjectL; |
wolfSSL | 4:1b0d80432c79 | 475 | int subjectLLen; |
wolfSSL | 4:1b0d80432c79 | 476 | char subjectLEnc; |
wolfSSL | 4:1b0d80432c79 | 477 | char* subjectST; |
wolfSSL | 4:1b0d80432c79 | 478 | int subjectSTLen; |
wolfSSL | 4:1b0d80432c79 | 479 | char subjectSTEnc; |
wolfSSL | 4:1b0d80432c79 | 480 | char* subjectO; |
wolfSSL | 4:1b0d80432c79 | 481 | int subjectOLen; |
wolfSSL | 4:1b0d80432c79 | 482 | char subjectOEnc; |
wolfSSL | 4:1b0d80432c79 | 483 | char* subjectOU; |
wolfSSL | 4:1b0d80432c79 | 484 | int subjectOULen; |
wolfSSL | 4:1b0d80432c79 | 485 | char subjectOUEnc; |
wolfSSL | 4:1b0d80432c79 | 486 | char* subjectEmail; |
wolfSSL | 4:1b0d80432c79 | 487 | int subjectEmailLen; |
wolfSSL | 4:1b0d80432c79 | 488 | #endif /* WOLFSSL_CERT_GEN */ |
wolfSSL | 4:1b0d80432c79 | 489 | #ifdef OPENSSL_EXTRA |
wolfSSL | 4:1b0d80432c79 | 490 | DecodedName issuerName; |
wolfSSL | 4:1b0d80432c79 | 491 | DecodedName subjectName; |
wolfSSL | 4:1b0d80432c79 | 492 | #endif /* OPENSSL_EXTRA */ |
wolfSSL | 4:1b0d80432c79 | 493 | #ifdef WOLFSSL_SEP |
wolfSSL | 4:1b0d80432c79 | 494 | int deviceTypeSz; |
wolfSSL | 4:1b0d80432c79 | 495 | byte* deviceType; |
wolfSSL | 4:1b0d80432c79 | 496 | int hwTypeSz; |
wolfSSL | 4:1b0d80432c79 | 497 | byte* hwType; |
wolfSSL | 4:1b0d80432c79 | 498 | int hwSerialNumSz; |
wolfSSL | 4:1b0d80432c79 | 499 | byte* hwSerialNum; |
wolfSSL | 4:1b0d80432c79 | 500 | #ifdef OPENSSL_EXTRA |
wolfSSL | 4:1b0d80432c79 | 501 | byte extCertPolicySet; |
wolfSSL | 4:1b0d80432c79 | 502 | byte extCertPolicyCrit; |
wolfSSL | 4:1b0d80432c79 | 503 | #endif /* OPENSSL_EXTRA */ |
wolfSSL | 4:1b0d80432c79 | 504 | #endif /* WOLFSSL_SEP */ |
wolfSSL | 4:1b0d80432c79 | 505 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 4:1b0d80432c79 | 506 | char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; |
wolfSSL | 4:1b0d80432c79 | 507 | int extCertPoliciesNb; |
wolfSSL | 4:1b0d80432c79 | 508 | #endif /* WOLFSSL_CERT_EXT */ |
wolfSSL | 4:1b0d80432c79 | 509 | }; |
wolfSSL | 4:1b0d80432c79 | 510 | |
wolfSSL | 4:1b0d80432c79 | 511 | extern const char* BEGIN_CERT; |
wolfSSL | 4:1b0d80432c79 | 512 | extern const char* END_CERT; |
wolfSSL | 4:1b0d80432c79 | 513 | extern const char* BEGIN_CERT_REQ; |
wolfSSL | 4:1b0d80432c79 | 514 | extern const char* END_CERT_REQ; |
wolfSSL | 4:1b0d80432c79 | 515 | extern const char* BEGIN_DH_PARAM; |
wolfSSL | 4:1b0d80432c79 | 516 | extern const char* END_DH_PARAM; |
wolfSSL | 4:1b0d80432c79 | 517 | extern const char* BEGIN_X509_CRL; |
wolfSSL | 4:1b0d80432c79 | 518 | extern const char* END_X509_CRL; |
wolfSSL | 4:1b0d80432c79 | 519 | extern const char* BEGIN_RSA_PRIV; |
wolfSSL | 4:1b0d80432c79 | 520 | extern const char* END_RSA_PRIV; |
wolfSSL | 4:1b0d80432c79 | 521 | extern const char* BEGIN_PRIV_KEY; |
wolfSSL | 4:1b0d80432c79 | 522 | extern const char* END_PRIV_KEY; |
wolfSSL | 4:1b0d80432c79 | 523 | extern const char* BEGIN_ENC_PRIV_KEY; |
wolfSSL | 4:1b0d80432c79 | 524 | extern const char* END_ENC_PRIV_KEY; |
wolfSSL | 4:1b0d80432c79 | 525 | extern const char* BEGIN_EC_PRIV; |
wolfSSL | 4:1b0d80432c79 | 526 | extern const char* END_EC_PRIV; |
wolfSSL | 4:1b0d80432c79 | 527 | extern const char* BEGIN_DSA_PRIV; |
wolfSSL | 4:1b0d80432c79 | 528 | extern const char* END_DSA_PRIV; |
wolfSSL | 4:1b0d80432c79 | 529 | extern const char* BEGIN_PUB_KEY; |
wolfSSL | 4:1b0d80432c79 | 530 | extern const char* END_PUB_KEY; |
wolfSSL | 4:1b0d80432c79 | 531 | |
wolfSSL | 4:1b0d80432c79 | 532 | #ifdef NO_SHA |
wolfSSL | 4:1b0d80432c79 | 533 | #define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE |
wolfSSL | 4:1b0d80432c79 | 534 | #else |
wolfSSL | 4:1b0d80432c79 | 535 | #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE |
wolfSSL | 4:1b0d80432c79 | 536 | #endif |
wolfSSL | 4:1b0d80432c79 | 537 | |
wolfSSL | 4:1b0d80432c79 | 538 | /* CA Signers */ |
wolfSSL | 4:1b0d80432c79 | 539 | /* if change layout change PERSIST_CERT_CACHE functions too */ |
wolfSSL | 4:1b0d80432c79 | 540 | struct Signer { |
wolfSSL | 4:1b0d80432c79 | 541 | word32 pubKeySize; |
wolfSSL | 4:1b0d80432c79 | 542 | word32 keyOID; /* key type */ |
wolfSSL | 4:1b0d80432c79 | 543 | word16 keyUsage; |
wolfSSL | 4:1b0d80432c79 | 544 | byte* publicKey; |
wolfSSL | 4:1b0d80432c79 | 545 | int nameLen; |
wolfSSL | 4:1b0d80432c79 | 546 | char* name; /* common name */ |
wolfSSL | 4:1b0d80432c79 | 547 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 4:1b0d80432c79 | 548 | Base_entry* permittedNames; |
wolfSSL | 4:1b0d80432c79 | 549 | Base_entry* excludedNames; |
wolfSSL | 4:1b0d80432c79 | 550 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 4:1b0d80432c79 | 551 | byte subjectNameHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 552 | /* sha hash of names in certificate */ |
wolfSSL | 4:1b0d80432c79 | 553 | #ifndef NO_SKID |
wolfSSL | 4:1b0d80432c79 | 554 | byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 555 | /* sha hash of names in certificate */ |
wolfSSL | 4:1b0d80432c79 | 556 | #endif |
wolfSSL | 4:1b0d80432c79 | 557 | Signer* next; |
wolfSSL | 4:1b0d80432c79 | 558 | }; |
wolfSSL | 4:1b0d80432c79 | 559 | |
wolfSSL | 4:1b0d80432c79 | 560 | |
wolfSSL | 4:1b0d80432c79 | 561 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 4:1b0d80432c79 | 562 | /* used for having trusted peer certs rather then CA */ |
wolfSSL | 4:1b0d80432c79 | 563 | struct TrustedPeerCert { |
wolfSSL | 4:1b0d80432c79 | 564 | int nameLen; |
wolfSSL | 4:1b0d80432c79 | 565 | char* name; /* common name */ |
wolfSSL | 4:1b0d80432c79 | 566 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 4:1b0d80432c79 | 567 | Base_entry* permittedNames; |
wolfSSL | 4:1b0d80432c79 | 568 | Base_entry* excludedNames; |
wolfSSL | 4:1b0d80432c79 | 569 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 4:1b0d80432c79 | 570 | byte subjectNameHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 571 | /* sha hash of names in certificate */ |
wolfSSL | 4:1b0d80432c79 | 572 | #ifndef NO_SKID |
wolfSSL | 4:1b0d80432c79 | 573 | byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 574 | /* sha hash of names in certificate */ |
wolfSSL | 4:1b0d80432c79 | 575 | #endif |
wolfSSL | 4:1b0d80432c79 | 576 | word32 sigLen; |
wolfSSL | 4:1b0d80432c79 | 577 | byte* sig; |
wolfSSL | 4:1b0d80432c79 | 578 | struct TrustedPeerCert* next; |
wolfSSL | 4:1b0d80432c79 | 579 | }; |
wolfSSL | 4:1b0d80432c79 | 580 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
wolfSSL | 4:1b0d80432c79 | 581 | |
wolfSSL | 4:1b0d80432c79 | 582 | |
wolfSSL | 4:1b0d80432c79 | 583 | /* not for public consumption but may use for testing sometimes */ |
wolfSSL | 4:1b0d80432c79 | 584 | #ifdef WOLFSSL_TEST_CERT |
wolfSSL | 4:1b0d80432c79 | 585 | #define WOLFSSL_TEST_API WOLFSSL_API |
wolfSSL | 4:1b0d80432c79 | 586 | #else |
wolfSSL | 4:1b0d80432c79 | 587 | #define WOLFSSL_TEST_API WOLFSSL_LOCAL |
wolfSSL | 4:1b0d80432c79 | 588 | #endif |
wolfSSL | 4:1b0d80432c79 | 589 | |
wolfSSL | 4:1b0d80432c79 | 590 | WOLFSSL_TEST_API void FreeAltNames(DNS_entry*, void*); |
wolfSSL | 4:1b0d80432c79 | 591 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 4:1b0d80432c79 | 592 | WOLFSSL_TEST_API void FreeNameSubtrees(Base_entry*, void*); |
wolfSSL | 4:1b0d80432c79 | 593 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 4:1b0d80432c79 | 594 | WOLFSSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); |
wolfSSL | 4:1b0d80432c79 | 595 | WOLFSSL_TEST_API void FreeDecodedCert(DecodedCert*); |
wolfSSL | 4:1b0d80432c79 | 596 | WOLFSSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm); |
wolfSSL | 4:1b0d80432c79 | 597 | |
wolfSSL | 4:1b0d80432c79 | 598 | WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); |
wolfSSL | 4:1b0d80432c79 | 599 | WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); |
wolfSSL | 4:1b0d80432c79 | 600 | |
wolfSSL | 4:1b0d80432c79 | 601 | WOLFSSL_LOCAL Signer* MakeSigner(void*); |
wolfSSL | 4:1b0d80432c79 | 602 | WOLFSSL_LOCAL void FreeSigner(Signer*, void*); |
wolfSSL | 4:1b0d80432c79 | 603 | WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*); |
wolfSSL | 4:1b0d80432c79 | 604 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 4:1b0d80432c79 | 605 | WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*); |
wolfSSL | 4:1b0d80432c79 | 606 | WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*); |
wolfSSL | 4:1b0d80432c79 | 607 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
wolfSSL | 4:1b0d80432c79 | 608 | |
wolfSSL | 4:1b0d80432c79 | 609 | WOLFSSL_LOCAL int ToTraditional(byte* buffer, word32 length); |
wolfSSL | 4:1b0d80432c79 | 610 | WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int); |
wolfSSL | 4:1b0d80432c79 | 611 | |
wolfSSL | 4:1b0d80432c79 | 612 | WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); |
wolfSSL | 4:1b0d80432c79 | 613 | |
wolfSSL | 4:1b0d80432c79 | 614 | /* ASN.1 helper functions */ |
wolfSSL | 4:1b0d80432c79 | 615 | WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, |
wolfSSL | 4:1b0d80432c79 | 616 | word32 maxIdx); |
wolfSSL | 4:1b0d80432c79 | 617 | WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, |
wolfSSL | 4:1b0d80432c79 | 618 | word32 maxIdx); |
wolfSSL | 4:1b0d80432c79 | 619 | WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, |
wolfSSL | 4:1b0d80432c79 | 620 | word32 maxIdx); |
wolfSSL | 4:1b0d80432c79 | 621 | WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, |
wolfSSL | 4:1b0d80432c79 | 622 | int* version); |
wolfSSL | 4:1b0d80432c79 | 623 | WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, |
wolfSSL | 4:1b0d80432c79 | 624 | word32 maxIdx); |
wolfSSL | 4:1b0d80432c79 | 625 | WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, |
wolfSSL | 4:1b0d80432c79 | 626 | word32 oidType, word32 maxIdx); |
wolfSSL | 4:1b0d80432c79 | 627 | WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, |
wolfSSL | 4:1b0d80432c79 | 628 | word32 oidType, word32 maxIdx); |
wolfSSL | 4:1b0d80432c79 | 629 | WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); |
wolfSSL | 4:1b0d80432c79 | 630 | WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); |
wolfSSL | 4:1b0d80432c79 | 631 | WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); |
wolfSSL | 4:1b0d80432c79 | 632 | WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output); |
wolfSSL | 4:1b0d80432c79 | 633 | WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); |
wolfSSL | 4:1b0d80432c79 | 634 | WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); |
wolfSSL | 4:1b0d80432c79 | 635 | WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz); |
wolfSSL | 4:1b0d80432c79 | 636 | WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); |
wolfSSL | 4:1b0d80432c79 | 637 | WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output); |
wolfSSL | 4:1b0d80432c79 | 638 | WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, |
wolfSSL | 4:1b0d80432c79 | 639 | int maxIdx); |
wolfSSL | 4:1b0d80432c79 | 640 | |
wolfSSL | 4:1b0d80432c79 | 641 | #ifdef HAVE_ECC |
wolfSSL | 4:1b0d80432c79 | 642 | /* ASN sig helpers */ |
wolfSSL | 4:1b0d80432c79 | 643 | WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, |
wolfSSL | 4:1b0d80432c79 | 644 | mp_int* s); |
wolfSSL | 4:1b0d80432c79 | 645 | WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, |
wolfSSL | 4:1b0d80432c79 | 646 | mp_int* r, mp_int* s); |
wolfSSL | 4:1b0d80432c79 | 647 | #endif |
wolfSSL | 4:1b0d80432c79 | 648 | |
wolfSSL | 4:1b0d80432c79 | 649 | #ifdef WOLFSSL_CERT_GEN |
wolfSSL | 4:1b0d80432c79 | 650 | |
wolfSSL | 4:1b0d80432c79 | 651 | enum cert_enums { |
wolfSSL | 4:1b0d80432c79 | 652 | NAME_ENTRIES = 8, |
wolfSSL | 4:1b0d80432c79 | 653 | JOINT_LEN = 2, |
wolfSSL | 4:1b0d80432c79 | 654 | EMAIL_JOINT_LEN = 9, |
wolfSSL | 4:1b0d80432c79 | 655 | RSA_KEY = 10, |
wolfSSL | 4:1b0d80432c79 | 656 | NTRU_KEY = 11, |
wolfSSL | 4:1b0d80432c79 | 657 | ECC_KEY = 12 |
wolfSSL | 4:1b0d80432c79 | 658 | }; |
wolfSSL | 4:1b0d80432c79 | 659 | |
wolfSSL | 4:1b0d80432c79 | 660 | #ifndef WOLFSSL_PEMCERT_TODER_DEFINED |
wolfSSL | 4:1b0d80432c79 | 661 | #ifndef NO_FILESYSTEM |
wolfSSL | 4:1b0d80432c79 | 662 | /* forward from wolfSSL */ |
wolfSSL | 4:1b0d80432c79 | 663 | WOLFSSL_API |
wolfSSL | 4:1b0d80432c79 | 664 | int wolfSSL_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz); |
wolfSSL | 4:1b0d80432c79 | 665 | #define WOLFSSL_PEMCERT_TODER_DEFINED |
wolfSSL | 4:1b0d80432c79 | 666 | #endif |
wolfSSL | 4:1b0d80432c79 | 667 | #endif |
wolfSSL | 4:1b0d80432c79 | 668 | |
wolfSSL | 4:1b0d80432c79 | 669 | #endif /* WOLFSSL_CERT_GEN */ |
wolfSSL | 4:1b0d80432c79 | 670 | |
wolfSSL | 4:1b0d80432c79 | 671 | |
wolfSSL | 4:1b0d80432c79 | 672 | |
wolfSSL | 4:1b0d80432c79 | 673 | /* for pointer use */ |
wolfSSL | 4:1b0d80432c79 | 674 | typedef struct CertStatus CertStatus; |
wolfSSL | 4:1b0d80432c79 | 675 | |
wolfSSL | 4:1b0d80432c79 | 676 | #ifdef HAVE_OCSP |
wolfSSL | 4:1b0d80432c79 | 677 | |
wolfSSL | 4:1b0d80432c79 | 678 | enum Ocsp_Response_Status { |
wolfSSL | 4:1b0d80432c79 | 679 | OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */ |
wolfSSL | 4:1b0d80432c79 | 680 | OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */ |
wolfSSL | 4:1b0d80432c79 | 681 | OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */ |
wolfSSL | 4:1b0d80432c79 | 682 | OCSP_TRY_LATER = 3, /* Try again later */ |
wolfSSL | 4:1b0d80432c79 | 683 | OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */ |
wolfSSL | 4:1b0d80432c79 | 684 | OCSP_UNAUTHROIZED = 6 /* Request unauthorized */ |
wolfSSL | 4:1b0d80432c79 | 685 | }; |
wolfSSL | 4:1b0d80432c79 | 686 | |
wolfSSL | 4:1b0d80432c79 | 687 | |
wolfSSL | 4:1b0d80432c79 | 688 | enum Ocsp_Cert_Status { |
wolfSSL | 4:1b0d80432c79 | 689 | CERT_GOOD = 0, |
wolfSSL | 4:1b0d80432c79 | 690 | CERT_REVOKED = 1, |
wolfSSL | 4:1b0d80432c79 | 691 | CERT_UNKNOWN = 2 |
wolfSSL | 4:1b0d80432c79 | 692 | }; |
wolfSSL | 4:1b0d80432c79 | 693 | |
wolfSSL | 4:1b0d80432c79 | 694 | |
wolfSSL | 4:1b0d80432c79 | 695 | enum Ocsp_Sums { |
wolfSSL | 4:1b0d80432c79 | 696 | OCSP_BASIC_OID = 117, |
wolfSSL | 4:1b0d80432c79 | 697 | OCSP_NONCE_OID = 118 |
wolfSSL | 4:1b0d80432c79 | 698 | }; |
wolfSSL | 4:1b0d80432c79 | 699 | |
wolfSSL | 4:1b0d80432c79 | 700 | |
wolfSSL | 4:1b0d80432c79 | 701 | typedef struct OcspRequest OcspRequest; |
wolfSSL | 4:1b0d80432c79 | 702 | typedef struct OcspResponse OcspResponse; |
wolfSSL | 4:1b0d80432c79 | 703 | |
wolfSSL | 4:1b0d80432c79 | 704 | |
wolfSSL | 4:1b0d80432c79 | 705 | struct CertStatus { |
wolfSSL | 4:1b0d80432c79 | 706 | CertStatus* next; |
wolfSSL | 4:1b0d80432c79 | 707 | |
wolfSSL | 4:1b0d80432c79 | 708 | byte serial[EXTERNAL_SERIAL_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 709 | int serialSz; |
wolfSSL | 4:1b0d80432c79 | 710 | |
wolfSSL | 4:1b0d80432c79 | 711 | int status; |
wolfSSL | 4:1b0d80432c79 | 712 | |
wolfSSL | 4:1b0d80432c79 | 713 | byte thisDate[MAX_DATE_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 714 | byte nextDate[MAX_DATE_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 715 | byte thisDateFormat; |
wolfSSL | 4:1b0d80432c79 | 716 | byte nextDateFormat; |
wolfSSL | 4:1b0d80432c79 | 717 | |
wolfSSL | 4:1b0d80432c79 | 718 | byte* rawOcspResponse; |
wolfSSL | 4:1b0d80432c79 | 719 | word32 rawOcspResponseSz; |
wolfSSL | 4:1b0d80432c79 | 720 | }; |
wolfSSL | 4:1b0d80432c79 | 721 | |
wolfSSL | 4:1b0d80432c79 | 722 | |
wolfSSL | 4:1b0d80432c79 | 723 | struct OcspResponse { |
wolfSSL | 4:1b0d80432c79 | 724 | int responseStatus; /* return code from Responder */ |
wolfSSL | 4:1b0d80432c79 | 725 | |
wolfSSL | 4:1b0d80432c79 | 726 | byte* response; /* Pointer to beginning of OCSP Response */ |
wolfSSL | 4:1b0d80432c79 | 727 | word32 responseSz; /* length of the OCSP Response */ |
wolfSSL | 4:1b0d80432c79 | 728 | |
wolfSSL | 4:1b0d80432c79 | 729 | byte producedDate[MAX_DATE_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 730 | /* Date at which this response was signed */ |
wolfSSL | 4:1b0d80432c79 | 731 | byte producedDateFormat; /* format of the producedDate */ |
wolfSSL | 4:1b0d80432c79 | 732 | byte* issuerHash; |
wolfSSL | 4:1b0d80432c79 | 733 | byte* issuerKeyHash; |
wolfSSL | 4:1b0d80432c79 | 734 | |
wolfSSL | 4:1b0d80432c79 | 735 | byte* cert; |
wolfSSL | 4:1b0d80432c79 | 736 | word32 certSz; |
wolfSSL | 4:1b0d80432c79 | 737 | |
wolfSSL | 4:1b0d80432c79 | 738 | byte* sig; /* Pointer to sig in source */ |
wolfSSL | 4:1b0d80432c79 | 739 | word32 sigSz; /* Length in octets for the sig */ |
wolfSSL | 4:1b0d80432c79 | 740 | word32 sigOID; /* OID for hash used for sig */ |
wolfSSL | 4:1b0d80432c79 | 741 | |
wolfSSL | 4:1b0d80432c79 | 742 | CertStatus* status; /* certificate status to fill out */ |
wolfSSL | 4:1b0d80432c79 | 743 | |
wolfSSL | 4:1b0d80432c79 | 744 | byte* nonce; /* pointer to nonce inside ASN.1 response */ |
wolfSSL | 4:1b0d80432c79 | 745 | int nonceSz; /* length of the nonce string */ |
wolfSSL | 4:1b0d80432c79 | 746 | |
wolfSSL | 4:1b0d80432c79 | 747 | byte* source; /* pointer to source buffer, not owned */ |
wolfSSL | 4:1b0d80432c79 | 748 | word32 maxIdx; /* max offset based on init size */ |
wolfSSL | 4:1b0d80432c79 | 749 | }; |
wolfSSL | 4:1b0d80432c79 | 750 | |
wolfSSL | 4:1b0d80432c79 | 751 | |
wolfSSL | 4:1b0d80432c79 | 752 | struct OcspRequest { |
wolfSSL | 4:1b0d80432c79 | 753 | byte issuerHash[KEYID_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 754 | byte issuerKeyHash[KEYID_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 755 | byte* serial; /* copy of the serial number in source cert */ |
wolfSSL | 4:1b0d80432c79 | 756 | int serialSz; |
wolfSSL | 4:1b0d80432c79 | 757 | byte* url; /* copy of the extAuthInfo in source cert */ |
wolfSSL | 4:1b0d80432c79 | 758 | int urlSz; |
wolfSSL | 4:1b0d80432c79 | 759 | |
wolfSSL | 4:1b0d80432c79 | 760 | byte nonce[MAX_OCSP_NONCE_SZ]; |
wolfSSL | 4:1b0d80432c79 | 761 | int nonceSz; |
wolfSSL | 4:1b0d80432c79 | 762 | }; |
wolfSSL | 4:1b0d80432c79 | 763 | |
wolfSSL | 4:1b0d80432c79 | 764 | |
wolfSSL | 4:1b0d80432c79 | 765 | WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); |
wolfSSL | 4:1b0d80432c79 | 766 | WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*); |
wolfSSL | 4:1b0d80432c79 | 767 | |
wolfSSL | 4:1b0d80432c79 | 768 | WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte); |
wolfSSL | 4:1b0d80432c79 | 769 | WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*); |
wolfSSL | 4:1b0d80432c79 | 770 | WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32); |
wolfSSL | 4:1b0d80432c79 | 771 | WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32); |
wolfSSL | 4:1b0d80432c79 | 772 | |
wolfSSL | 4:1b0d80432c79 | 773 | |
wolfSSL | 4:1b0d80432c79 | 774 | WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*); |
wolfSSL | 4:1b0d80432c79 | 775 | |
wolfSSL | 4:1b0d80432c79 | 776 | |
wolfSSL | 4:1b0d80432c79 | 777 | #endif /* HAVE_OCSP */ |
wolfSSL | 4:1b0d80432c79 | 778 | |
wolfSSL | 4:1b0d80432c79 | 779 | |
wolfSSL | 4:1b0d80432c79 | 780 | /* for pointer use */ |
wolfSSL | 4:1b0d80432c79 | 781 | typedef struct RevokedCert RevokedCert; |
wolfSSL | 4:1b0d80432c79 | 782 | |
wolfSSL | 4:1b0d80432c79 | 783 | #ifdef HAVE_CRL |
wolfSSL | 4:1b0d80432c79 | 784 | |
wolfSSL | 4:1b0d80432c79 | 785 | struct RevokedCert { |
wolfSSL | 4:1b0d80432c79 | 786 | byte serialNumber[EXTERNAL_SERIAL_SIZE]; |
wolfSSL | 4:1b0d80432c79 | 787 | int serialSz; |
wolfSSL | 4:1b0d80432c79 | 788 | RevokedCert* next; |
wolfSSL | 4:1b0d80432c79 | 789 | }; |
wolfSSL | 4:1b0d80432c79 | 790 | |
wolfSSL | 4:1b0d80432c79 | 791 | typedef struct DecodedCRL DecodedCRL; |
wolfSSL | 4:1b0d80432c79 | 792 | |
wolfSSL | 4:1b0d80432c79 | 793 | struct DecodedCRL { |
wolfSSL | 4:1b0d80432c79 | 794 | word32 certBegin; /* offset to start of cert */ |
wolfSSL | 4:1b0d80432c79 | 795 | word32 sigIndex; /* offset to start of signature */ |
wolfSSL | 4:1b0d80432c79 | 796 | word32 sigLength; /* length of signature */ |
wolfSSL | 4:1b0d80432c79 | 797 | word32 signatureOID; /* sum of algorithm object id */ |
wolfSSL | 4:1b0d80432c79 | 798 | byte* signature; /* pointer into raw source, not owned */ |
wolfSSL | 4:1b0d80432c79 | 799 | byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */ |
wolfSSL | 4:1b0d80432c79 | 800 | byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */ |
wolfSSL | 4:1b0d80432c79 | 801 | byte lastDate[MAX_DATE_SIZE]; /* last date updated */ |
wolfSSL | 4:1b0d80432c79 | 802 | byte nextDate[MAX_DATE_SIZE]; /* next update date */ |
wolfSSL | 4:1b0d80432c79 | 803 | byte lastDateFormat; /* format of last date */ |
wolfSSL | 4:1b0d80432c79 | 804 | byte nextDateFormat; /* format of next date */ |
wolfSSL | 4:1b0d80432c79 | 805 | RevokedCert* certs; /* revoked cert list */ |
wolfSSL | 4:1b0d80432c79 | 806 | int totalCerts; /* number on list */ |
wolfSSL | 4:1b0d80432c79 | 807 | }; |
wolfSSL | 4:1b0d80432c79 | 808 | |
wolfSSL | 4:1b0d80432c79 | 809 | WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*); |
wolfSSL | 4:1b0d80432c79 | 810 | WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm); |
wolfSSL | 4:1b0d80432c79 | 811 | WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*); |
wolfSSL | 4:1b0d80432c79 | 812 | |
wolfSSL | 4:1b0d80432c79 | 813 | |
wolfSSL | 4:1b0d80432c79 | 814 | #endif /* HAVE_CRL */ |
wolfSSL | 4:1b0d80432c79 | 815 | |
wolfSSL | 4:1b0d80432c79 | 816 | |
wolfSSL | 4:1b0d80432c79 | 817 | #ifdef __cplusplus |
wolfSSL | 4:1b0d80432c79 | 818 | } /* extern "C" */ |
wolfSSL | 4:1b0d80432c79 | 819 | #endif |
wolfSSL | 4:1b0d80432c79 | 820 | |
wolfSSL | 4:1b0d80432c79 | 821 | #endif /* !NO_ASN */ |
wolfSSL | 4:1b0d80432c79 | 822 | #endif /* WOLF_CRYPT_ASN_H */ |
wolfSSL | 4:1b0d80432c79 | 823 |