wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfssl/wolfcrypt/asn.h@11:cee25a834751, 2017-05-30 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue May 30 01:44:10 2017 +0000
- Revision:
- 11:cee25a834751
wolfSSL 3.11.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 11:cee25a834751 | 1 | /* asn.h |
wolfSSL | 11:cee25a834751 | 2 | * |
wolfSSL | 11:cee25a834751 | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 11:cee25a834751 | 4 | * |
wolfSSL | 11:cee25a834751 | 5 | * This file is part of wolfSSL. |
wolfSSL | 11:cee25a834751 | 6 | * |
wolfSSL | 11:cee25a834751 | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 11:cee25a834751 | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 11:cee25a834751 | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 11:cee25a834751 | 10 | * (at your option) any later version. |
wolfSSL | 11:cee25a834751 | 11 | * |
wolfSSL | 11:cee25a834751 | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 11:cee25a834751 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 11:cee25a834751 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 11:cee25a834751 | 15 | * GNU General Public License for more details. |
wolfSSL | 11:cee25a834751 | 16 | * |
wolfSSL | 11:cee25a834751 | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 11:cee25a834751 | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 11:cee25a834751 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 11:cee25a834751 | 20 | */ |
wolfSSL | 11:cee25a834751 | 21 | |
wolfSSL | 11:cee25a834751 | 22 | |
wolfSSL | 11:cee25a834751 | 23 | #ifndef WOLF_CRYPT_ASN_H |
wolfSSL | 11:cee25a834751 | 24 | #define WOLF_CRYPT_ASN_H |
wolfSSL | 11:cee25a834751 | 25 | |
wolfSSL | 11:cee25a834751 | 26 | #include <wolfssl/wolfcrypt/types.h> |
wolfSSL | 11:cee25a834751 | 27 | |
wolfSSL | 11:cee25a834751 | 28 | #ifndef NO_ASN |
wolfSSL | 11:cee25a834751 | 29 | |
wolfSSL | 11:cee25a834751 | 30 | #include <wolfssl/wolfcrypt/integer.h> |
wolfSSL | 11:cee25a834751 | 31 | |
wolfSSL | 11:cee25a834751 | 32 | /* fips declare of RsaPrivateKeyDecode @wc_fips */ |
wolfSSL | 11:cee25a834751 | 33 | #if defined(HAVE_FIPS) && !defined(NO_RSA) |
wolfSSL | 11:cee25a834751 | 34 | #include <cyassl/ctaocrypt/rsa.h> |
wolfSSL | 11:cee25a834751 | 35 | #endif |
wolfSSL | 11:cee25a834751 | 36 | |
wolfSSL | 11:cee25a834751 | 37 | #ifndef NO_DH |
wolfSSL | 11:cee25a834751 | 38 | #include <wolfssl/wolfcrypt/dh.h> |
wolfSSL | 11:cee25a834751 | 39 | #endif |
wolfSSL | 11:cee25a834751 | 40 | #ifndef NO_DSA |
wolfSSL | 11:cee25a834751 | 41 | #include <wolfssl/wolfcrypt/dsa.h> |
wolfSSL | 11:cee25a834751 | 42 | #endif |
wolfSSL | 11:cee25a834751 | 43 | #ifndef NO_SHA |
wolfSSL | 11:cee25a834751 | 44 | #include <wolfssl/wolfcrypt/sha.h> |
wolfSSL | 11:cee25a834751 | 45 | #endif |
wolfSSL | 11:cee25a834751 | 46 | #ifndef NO_MD5 |
wolfSSL | 11:cee25a834751 | 47 | #include <wolfssl/wolfcrypt/md5.h> |
wolfSSL | 11:cee25a834751 | 48 | #endif |
wolfSSL | 11:cee25a834751 | 49 | #include <wolfssl/wolfcrypt/sha256.h> |
wolfSSL | 11:cee25a834751 | 50 | #include <wolfssl/wolfcrypt/asn_public.h> /* public interface */ |
wolfSSL | 11:cee25a834751 | 51 | |
wolfSSL | 11:cee25a834751 | 52 | |
wolfSSL | 11:cee25a834751 | 53 | #ifdef __cplusplus |
wolfSSL | 11:cee25a834751 | 54 | extern "C" { |
wolfSSL | 11:cee25a834751 | 55 | #endif |
wolfSSL | 11:cee25a834751 | 56 | |
wolfSSL | 11:cee25a834751 | 57 | enum { |
wolfSSL | 11:cee25a834751 | 58 | ISSUER = 0, |
wolfSSL | 11:cee25a834751 | 59 | SUBJECT = 1, |
wolfSSL | 11:cee25a834751 | 60 | |
wolfSSL | 11:cee25a834751 | 61 | EXTERNAL_SERIAL_SIZE = 32, |
wolfSSL | 11:cee25a834751 | 62 | |
wolfSSL | 11:cee25a834751 | 63 | BEFORE = 0, |
wolfSSL | 11:cee25a834751 | 64 | AFTER = 1 |
wolfSSL | 11:cee25a834751 | 65 | }; |
wolfSSL | 11:cee25a834751 | 66 | |
wolfSSL | 11:cee25a834751 | 67 | /* ASN Tags */ |
wolfSSL | 11:cee25a834751 | 68 | enum ASN_Tags { |
wolfSSL | 11:cee25a834751 | 69 | ASN_BOOLEAN = 0x01, |
wolfSSL | 11:cee25a834751 | 70 | ASN_INTEGER = 0x02, |
wolfSSL | 11:cee25a834751 | 71 | ASN_BIT_STRING = 0x03, |
wolfSSL | 11:cee25a834751 | 72 | ASN_OCTET_STRING = 0x04, |
wolfSSL | 11:cee25a834751 | 73 | ASN_TAG_NULL = 0x05, |
wolfSSL | 11:cee25a834751 | 74 | ASN_OBJECT_ID = 0x06, |
wolfSSL | 11:cee25a834751 | 75 | ASN_ENUMERATED = 0x0a, |
wolfSSL | 11:cee25a834751 | 76 | ASN_UTF8STRING = 0x0c, |
wolfSSL | 11:cee25a834751 | 77 | ASN_SEQUENCE = 0x10, |
wolfSSL | 11:cee25a834751 | 78 | ASN_SET = 0x11, |
wolfSSL | 11:cee25a834751 | 79 | ASN_UTC_TIME = 0x17, |
wolfSSL | 11:cee25a834751 | 80 | ASN_OTHER_TYPE = 0x00, |
wolfSSL | 11:cee25a834751 | 81 | ASN_RFC822_TYPE = 0x01, |
wolfSSL | 11:cee25a834751 | 82 | ASN_DNS_TYPE = 0x02, |
wolfSSL | 11:cee25a834751 | 83 | ASN_DIR_TYPE = 0x04, |
wolfSSL | 11:cee25a834751 | 84 | ASN_GENERALIZED_TIME = 0x18, |
wolfSSL | 11:cee25a834751 | 85 | CRL_EXTENSIONS = 0xa0, |
wolfSSL | 11:cee25a834751 | 86 | ASN_EXTENSIONS = 0xa3, |
wolfSSL | 11:cee25a834751 | 87 | ASN_LONG_LENGTH = 0x80 |
wolfSSL | 11:cee25a834751 | 88 | }; |
wolfSSL | 11:cee25a834751 | 89 | |
wolfSSL | 11:cee25a834751 | 90 | enum ASN_Flags{ |
wolfSSL | 11:cee25a834751 | 91 | ASN_CONSTRUCTED = 0x20, |
wolfSSL | 11:cee25a834751 | 92 | ASN_CONTEXT_SPECIFIC = 0x80 |
wolfSSL | 11:cee25a834751 | 93 | }; |
wolfSSL | 11:cee25a834751 | 94 | |
wolfSSL | 11:cee25a834751 | 95 | enum DN_Tags { |
wolfSSL | 11:cee25a834751 | 96 | ASN_COMMON_NAME = 0x03, /* CN */ |
wolfSSL | 11:cee25a834751 | 97 | ASN_SUR_NAME = 0x04, /* SN */ |
wolfSSL | 11:cee25a834751 | 98 | ASN_SERIAL_NUMBER = 0x05, /* serialNumber */ |
wolfSSL | 11:cee25a834751 | 99 | ASN_COUNTRY_NAME = 0x06, /* C */ |
wolfSSL | 11:cee25a834751 | 100 | ASN_LOCALITY_NAME = 0x07, /* L */ |
wolfSSL | 11:cee25a834751 | 101 | ASN_STATE_NAME = 0x08, /* ST */ |
wolfSSL | 11:cee25a834751 | 102 | ASN_ORG_NAME = 0x0a, /* O */ |
wolfSSL | 11:cee25a834751 | 103 | ASN_ORGUNIT_NAME = 0x0b /* OU */ |
wolfSSL | 11:cee25a834751 | 104 | }; |
wolfSSL | 11:cee25a834751 | 105 | |
wolfSSL | 11:cee25a834751 | 106 | enum PBES { |
wolfSSL | 11:cee25a834751 | 107 | PBE_MD5_DES = 0, |
wolfSSL | 11:cee25a834751 | 108 | PBE_SHA1_DES = 1, |
wolfSSL | 11:cee25a834751 | 109 | PBE_SHA1_DES3 = 2, |
wolfSSL | 11:cee25a834751 | 110 | PBE_SHA1_RC4_128 = 3, |
wolfSSL | 11:cee25a834751 | 111 | PBES2 = 13 /* algo ID */ |
wolfSSL | 11:cee25a834751 | 112 | }; |
wolfSSL | 11:cee25a834751 | 113 | |
wolfSSL | 11:cee25a834751 | 114 | enum ENCRYPTION_TYPES { |
wolfSSL | 11:cee25a834751 | 115 | DES_TYPE = 0, |
wolfSSL | 11:cee25a834751 | 116 | DES3_TYPE = 1, |
wolfSSL | 11:cee25a834751 | 117 | RC4_TYPE = 2 |
wolfSSL | 11:cee25a834751 | 118 | }; |
wolfSSL | 11:cee25a834751 | 119 | |
wolfSSL | 11:cee25a834751 | 120 | enum ECC_TYPES { |
wolfSSL | 11:cee25a834751 | 121 | ECC_PREFIX_0 = 160, |
wolfSSL | 11:cee25a834751 | 122 | ECC_PREFIX_1 = 161 |
wolfSSL | 11:cee25a834751 | 123 | }; |
wolfSSL | 11:cee25a834751 | 124 | |
wolfSSL | 11:cee25a834751 | 125 | enum Misc_ASN { |
wolfSSL | 11:cee25a834751 | 126 | ASN_NAME_MAX = 256, |
wolfSSL | 11:cee25a834751 | 127 | MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ |
wolfSSL | 11:cee25a834751 | 128 | MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ |
wolfSSL | 11:cee25a834751 | 129 | MAX_KEY_SIZE = 64, /* MAX PKCS Key length */ |
wolfSSL | 11:cee25a834751 | 130 | PKCS5 = 5, /* PKCS oid tag */ |
wolfSSL | 11:cee25a834751 | 131 | PKCS5v2 = 6, /* PKCS #5 v2.0 */ |
wolfSSL | 11:cee25a834751 | 132 | PKCS8v0 = 0, /* default PKCS#8 version */ |
wolfSSL | 11:cee25a834751 | 133 | PKCS12v1 = 12, /* PKCS #12 */ |
wolfSSL | 11:cee25a834751 | 134 | MAX_UNICODE_SZ = 256, |
wolfSSL | 11:cee25a834751 | 135 | ASN_BOOL_SIZE = 2, /* including type */ |
wolfSSL | 11:cee25a834751 | 136 | ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ |
wolfSSL | 11:cee25a834751 | 137 | ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ |
wolfSSL | 11:cee25a834751 | 138 | #ifdef NO_SHA |
wolfSSL | 11:cee25a834751 | 139 | KEYID_SIZE = SHA256_DIGEST_SIZE, |
wolfSSL | 11:cee25a834751 | 140 | #else |
wolfSSL | 11:cee25a834751 | 141 | KEYID_SIZE = SHA_DIGEST_SIZE, |
wolfSSL | 11:cee25a834751 | 142 | #endif |
wolfSSL | 11:cee25a834751 | 143 | RSA_INTS = 8, /* RSA ints in private key */ |
wolfSSL | 11:cee25a834751 | 144 | DSA_INTS = 5, /* DSA ints in private key */ |
wolfSSL | 11:cee25a834751 | 145 | MIN_DATE_SIZE = 13, |
wolfSSL | 11:cee25a834751 | 146 | MAX_DATE_SIZE = 32, |
wolfSSL | 11:cee25a834751 | 147 | ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ |
wolfSSL | 11:cee25a834751 | 148 | MAX_ENCODED_SIG_SZ = 512, |
wolfSSL | 11:cee25a834751 | 149 | MAX_SIG_SZ = 256, |
wolfSSL | 11:cee25a834751 | 150 | MAX_ALGO_SZ = 20, |
wolfSSL | 11:cee25a834751 | 151 | MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ |
wolfSSL | 11:cee25a834751 | 152 | MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ |
wolfSSL | 11:cee25a834751 | 153 | MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ |
wolfSSL | 11:cee25a834751 | 154 | MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */ |
wolfSSL | 11:cee25a834751 | 155 | MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ |
wolfSSL | 11:cee25a834751 | 156 | MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ |
wolfSSL | 11:cee25a834751 | 157 | MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + length(4) */ |
wolfSSL | 11:cee25a834751 | 158 | MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ |
wolfSSL | 11:cee25a834751 | 159 | MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ |
wolfSSL | 11:cee25a834751 | 160 | MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ |
wolfSSL | 11:cee25a834751 | 161 | MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ |
wolfSSL | 11:cee25a834751 | 162 | MAX_RSA_E_SZ = 16, /* Max RSA public e size */ |
wolfSSL | 11:cee25a834751 | 163 | MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ |
wolfSSL | 11:cee25a834751 | 164 | MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ |
wolfSSL | 11:cee25a834751 | 165 | MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, /* Maximum DER digest size */ |
wolfSSL | 11:cee25a834751 | 166 | #ifdef WOLFSSL_CERT_GEN |
wolfSSL | 11:cee25a834751 | 167 | #ifdef WOLFSSL_CERT_REQ |
wolfSSL | 11:cee25a834751 | 168 | /* Max encoded cert req attributes length */ |
wolfSSL | 11:cee25a834751 | 169 | MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + |
wolfSSL | 11:cee25a834751 | 170 | MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ |
wolfSSL | 11:cee25a834751 | 171 | #endif |
wolfSSL | 11:cee25a834751 | 172 | #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT) |
wolfSSL | 11:cee25a834751 | 173 | MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, |
wolfSSL | 11:cee25a834751 | 174 | #else |
wolfSSL | 11:cee25a834751 | 175 | MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, |
wolfSSL | 11:cee25a834751 | 176 | #endif |
wolfSSL | 11:cee25a834751 | 177 | /* Max total extensions, id + len + others */ |
wolfSSL | 11:cee25a834751 | 178 | #endif |
wolfSSL | 11:cee25a834751 | 179 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 11:cee25a834751 | 180 | MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ |
wolfSSL | 11:cee25a834751 | 181 | MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ |
wolfSSL | 11:cee25a834751 | 182 | MAX_OID_SZ = 32, /* Max DER length of OID*/ |
wolfSSL | 11:cee25a834751 | 183 | MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ |
wolfSSL | 11:cee25a834751 | 184 | MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ |
wolfSSL | 11:cee25a834751 | 185 | MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, |
wolfSSL | 11:cee25a834751 | 186 | #endif |
wolfSSL | 11:cee25a834751 | 187 | OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ |
wolfSSL | 11:cee25a834751 | 188 | MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ |
wolfSSL | 11:cee25a834751 | 189 | MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ |
wolfSSL | 11:cee25a834751 | 190 | EIGHTK_BUF = 8192, /* Tmp buffer size */ |
wolfSSL | 11:cee25a834751 | 191 | MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, |
wolfSSL | 11:cee25a834751 | 192 | /* use bigger NTRU size */ |
wolfSSL | 11:cee25a834751 | 193 | HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ |
wolfSSL | 11:cee25a834751 | 194 | TRAILING_ZERO = 1, /* Used for size of zero pad */ |
wolfSSL | 11:cee25a834751 | 195 | MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ |
wolfSSL | 11:cee25a834751 | 196 | #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 11:cee25a834751 | 197 | MAX_TIME_STRING_SZ = 21, /* Max length of formatted time string */ |
wolfSSL | 11:cee25a834751 | 198 | #endif |
wolfSSL | 11:cee25a834751 | 199 | }; |
wolfSSL | 11:cee25a834751 | 200 | |
wolfSSL | 11:cee25a834751 | 201 | |
wolfSSL | 11:cee25a834751 | 202 | enum Oid_Types { |
wolfSSL | 11:cee25a834751 | 203 | oidHashType = 0, |
wolfSSL | 11:cee25a834751 | 204 | oidSigType = 1, |
wolfSSL | 11:cee25a834751 | 205 | oidKeyType = 2, |
wolfSSL | 11:cee25a834751 | 206 | oidCurveType = 3, |
wolfSSL | 11:cee25a834751 | 207 | oidBlkType = 4, |
wolfSSL | 11:cee25a834751 | 208 | oidOcspType = 5, |
wolfSSL | 11:cee25a834751 | 209 | oidCertExtType = 6, |
wolfSSL | 11:cee25a834751 | 210 | oidCertAuthInfoType = 7, |
wolfSSL | 11:cee25a834751 | 211 | oidCertPolicyType = 8, |
wolfSSL | 11:cee25a834751 | 212 | oidCertAltNameType = 9, |
wolfSSL | 11:cee25a834751 | 213 | oidCertKeyUseType = 10, |
wolfSSL | 11:cee25a834751 | 214 | oidKdfType = 11, |
wolfSSL | 11:cee25a834751 | 215 | oidKeyWrapType = 12, |
wolfSSL | 11:cee25a834751 | 216 | oidCmsKeyAgreeType = 13, |
wolfSSL | 11:cee25a834751 | 217 | oidIgnoreType |
wolfSSL | 11:cee25a834751 | 218 | }; |
wolfSSL | 11:cee25a834751 | 219 | |
wolfSSL | 11:cee25a834751 | 220 | |
wolfSSL | 11:cee25a834751 | 221 | enum Hash_Sum { |
wolfSSL | 11:cee25a834751 | 222 | MD2h = 646, |
wolfSSL | 11:cee25a834751 | 223 | MD5h = 649, |
wolfSSL | 11:cee25a834751 | 224 | SHAh = 88, |
wolfSSL | 11:cee25a834751 | 225 | SHA224h = 417, |
wolfSSL | 11:cee25a834751 | 226 | SHA256h = 414, |
wolfSSL | 11:cee25a834751 | 227 | SHA384h = 415, |
wolfSSL | 11:cee25a834751 | 228 | SHA512h = 416 |
wolfSSL | 11:cee25a834751 | 229 | }; |
wolfSSL | 11:cee25a834751 | 230 | |
wolfSSL | 11:cee25a834751 | 231 | |
wolfSSL | 11:cee25a834751 | 232 | enum Block_Sum { |
wolfSSL | 11:cee25a834751 | 233 | AES128CBCb = 414, |
wolfSSL | 11:cee25a834751 | 234 | AES192CBCb = 434, |
wolfSSL | 11:cee25a834751 | 235 | AES256CBCb = 454, |
wolfSSL | 11:cee25a834751 | 236 | DESb = 69, |
wolfSSL | 11:cee25a834751 | 237 | DES3b = 652 |
wolfSSL | 11:cee25a834751 | 238 | }; |
wolfSSL | 11:cee25a834751 | 239 | |
wolfSSL | 11:cee25a834751 | 240 | |
wolfSSL | 11:cee25a834751 | 241 | enum Key_Sum { |
wolfSSL | 11:cee25a834751 | 242 | DSAk = 515, |
wolfSSL | 11:cee25a834751 | 243 | RSAk = 645, |
wolfSSL | 11:cee25a834751 | 244 | NTRUk = 274, |
wolfSSL | 11:cee25a834751 | 245 | ECDSAk = 518 |
wolfSSL | 11:cee25a834751 | 246 | }; |
wolfSSL | 11:cee25a834751 | 247 | |
wolfSSL | 11:cee25a834751 | 248 | |
wolfSSL | 11:cee25a834751 | 249 | enum KeyWrap_Sum { |
wolfSSL | 11:cee25a834751 | 250 | AES128_WRAP = 417, |
wolfSSL | 11:cee25a834751 | 251 | AES192_WRAP = 437, |
wolfSSL | 11:cee25a834751 | 252 | AES256_WRAP = 457 |
wolfSSL | 11:cee25a834751 | 253 | }; |
wolfSSL | 11:cee25a834751 | 254 | |
wolfSSL | 11:cee25a834751 | 255 | |
wolfSSL | 11:cee25a834751 | 256 | enum Key_Agree { |
wolfSSL | 11:cee25a834751 | 257 | dhSinglePass_stdDH_sha1kdf_scheme = 464, |
wolfSSL | 11:cee25a834751 | 258 | dhSinglePass_stdDH_sha224kdf_scheme = 188, |
wolfSSL | 11:cee25a834751 | 259 | dhSinglePass_stdDH_sha256kdf_scheme = 189, |
wolfSSL | 11:cee25a834751 | 260 | dhSinglePass_stdDH_sha384kdf_scheme = 190, |
wolfSSL | 11:cee25a834751 | 261 | dhSinglePass_stdDH_sha512kdf_scheme = 191, |
wolfSSL | 11:cee25a834751 | 262 | }; |
wolfSSL | 11:cee25a834751 | 263 | |
wolfSSL | 11:cee25a834751 | 264 | |
wolfSSL | 11:cee25a834751 | 265 | enum Ecc_Sum { |
wolfSSL | 11:cee25a834751 | 266 | ECC_SECP112R1_OID = 182, |
wolfSSL | 11:cee25a834751 | 267 | ECC_SECP112R2_OID = 183, |
wolfSSL | 11:cee25a834751 | 268 | ECC_SECP128R1_OID = 204, |
wolfSSL | 11:cee25a834751 | 269 | ECC_SECP128R2_OID = 205, |
wolfSSL | 11:cee25a834751 | 270 | ECC_SECP160R1_OID = 184, |
wolfSSL | 11:cee25a834751 | 271 | ECC_SECP160R2_OID = 206, |
wolfSSL | 11:cee25a834751 | 272 | ECC_SECP160K1_OID = 185, |
wolfSSL | 11:cee25a834751 | 273 | ECC_BRAINPOOLP160R1_OID = 98, |
wolfSSL | 11:cee25a834751 | 274 | ECC_SECP192R1_OID = 520, |
wolfSSL | 11:cee25a834751 | 275 | ECC_PRIME192V2_OID = 521, |
wolfSSL | 11:cee25a834751 | 276 | ECC_PRIME192V3_OID = 522, |
wolfSSL | 11:cee25a834751 | 277 | ECC_SECP192K1_OID = 207, |
wolfSSL | 11:cee25a834751 | 278 | ECC_BRAINPOOLP192R1_OID = 100, |
wolfSSL | 11:cee25a834751 | 279 | ECC_SECP224R1_OID = 209, |
wolfSSL | 11:cee25a834751 | 280 | ECC_SECP224K1_OID = 208, |
wolfSSL | 11:cee25a834751 | 281 | ECC_BRAINPOOLP224R1_OID = 102, |
wolfSSL | 11:cee25a834751 | 282 | ECC_PRIME239V1_OID = 523, |
wolfSSL | 11:cee25a834751 | 283 | ECC_PRIME239V2_OID = 524, |
wolfSSL | 11:cee25a834751 | 284 | ECC_PRIME239V3_OID = 525, |
wolfSSL | 11:cee25a834751 | 285 | ECC_SECP256R1_OID = 526, |
wolfSSL | 11:cee25a834751 | 286 | ECC_SECP256K1_OID = 186, |
wolfSSL | 11:cee25a834751 | 287 | ECC_BRAINPOOLP256R1_OID = 104, |
wolfSSL | 11:cee25a834751 | 288 | ECC_BRAINPOOLP320R1_OID = 106, |
wolfSSL | 11:cee25a834751 | 289 | ECC_SECP384R1_OID = 210, |
wolfSSL | 11:cee25a834751 | 290 | ECC_BRAINPOOLP384R1_OID = 108, |
wolfSSL | 11:cee25a834751 | 291 | ECC_BRAINPOOLP512R1_OID = 110, |
wolfSSL | 11:cee25a834751 | 292 | ECC_SECP521R1_OID = 211, |
wolfSSL | 11:cee25a834751 | 293 | }; |
wolfSSL | 11:cee25a834751 | 294 | |
wolfSSL | 11:cee25a834751 | 295 | |
wolfSSL | 11:cee25a834751 | 296 | enum KDF_Sum { |
wolfSSL | 11:cee25a834751 | 297 | PBKDF2_OID = 660 |
wolfSSL | 11:cee25a834751 | 298 | }; |
wolfSSL | 11:cee25a834751 | 299 | |
wolfSSL | 11:cee25a834751 | 300 | |
wolfSSL | 11:cee25a834751 | 301 | enum Extensions_Sum { |
wolfSSL | 11:cee25a834751 | 302 | BASIC_CA_OID = 133, |
wolfSSL | 11:cee25a834751 | 303 | ALT_NAMES_OID = 131, |
wolfSSL | 11:cee25a834751 | 304 | CRL_DIST_OID = 145, |
wolfSSL | 11:cee25a834751 | 305 | AUTH_INFO_OID = 69, /* id-pe 1 */ |
wolfSSL | 11:cee25a834751 | 306 | AUTH_KEY_OID = 149, |
wolfSSL | 11:cee25a834751 | 307 | SUBJ_KEY_OID = 128, |
wolfSSL | 11:cee25a834751 | 308 | CERT_POLICY_OID = 146, |
wolfSSL | 11:cee25a834751 | 309 | KEY_USAGE_OID = 129, /* 2.5.29.15 */ |
wolfSSL | 11:cee25a834751 | 310 | INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ |
wolfSSL | 11:cee25a834751 | 311 | EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ |
wolfSSL | 11:cee25a834751 | 312 | NAME_CONS_OID = 144, /* 2.5.29.30 */ |
wolfSSL | 11:cee25a834751 | 313 | PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */ |
wolfSSL | 11:cee25a834751 | 314 | SUBJECT_INFO_ACCESS = 79, /* id-pe 11 */ |
wolfSSL | 11:cee25a834751 | 315 | POLICY_MAP_OID = 147, |
wolfSSL | 11:cee25a834751 | 316 | POLICY_CONST_OID = 150, |
wolfSSL | 11:cee25a834751 | 317 | ISSUE_ALT_NAMES_OID = 132, |
wolfSSL | 11:cee25a834751 | 318 | TLS_FEATURE_OID = 92 /* id-pe 24 */ |
wolfSSL | 11:cee25a834751 | 319 | }; |
wolfSSL | 11:cee25a834751 | 320 | |
wolfSSL | 11:cee25a834751 | 321 | enum CertificatePolicy_Sum { |
wolfSSL | 11:cee25a834751 | 322 | CP_ANY_OID = 146 /* id-ce 32 0 */ |
wolfSSL | 11:cee25a834751 | 323 | }; |
wolfSSL | 11:cee25a834751 | 324 | |
wolfSSL | 11:cee25a834751 | 325 | enum SepHardwareName_Sum { |
wolfSSL | 11:cee25a834751 | 326 | HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ |
wolfSSL | 11:cee25a834751 | 327 | }; |
wolfSSL | 11:cee25a834751 | 328 | |
wolfSSL | 11:cee25a834751 | 329 | enum AuthInfo_Sum { |
wolfSSL | 11:cee25a834751 | 330 | AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ |
wolfSSL | 11:cee25a834751 | 331 | AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */ |
wolfSSL | 11:cee25a834751 | 332 | }; |
wolfSSL | 11:cee25a834751 | 333 | |
wolfSSL | 11:cee25a834751 | 334 | enum ExtKeyUsage_Sum { /* From RFC 5280 */ |
wolfSSL | 11:cee25a834751 | 335 | EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */ |
wolfSSL | 11:cee25a834751 | 336 | EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */ |
wolfSSL | 11:cee25a834751 | 337 | EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */ |
wolfSSL | 11:cee25a834751 | 338 | EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, OCSPSigning */ |
wolfSSL | 11:cee25a834751 | 339 | }; |
wolfSSL | 11:cee25a834751 | 340 | |
wolfSSL | 11:cee25a834751 | 341 | |
wolfSSL | 11:cee25a834751 | 342 | enum VerifyType { |
wolfSSL | 11:cee25a834751 | 343 | NO_VERIFY = 0, |
wolfSSL | 11:cee25a834751 | 344 | VERIFY = 1, |
wolfSSL | 11:cee25a834751 | 345 | VERIFY_CRL = 2, |
wolfSSL | 11:cee25a834751 | 346 | VERIFY_OCSP = 3 |
wolfSSL | 11:cee25a834751 | 347 | }; |
wolfSSL | 11:cee25a834751 | 348 | |
wolfSSL | 11:cee25a834751 | 349 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 11:cee25a834751 | 350 | enum KeyIdType { |
wolfSSL | 11:cee25a834751 | 351 | SKID_TYPE = 0, |
wolfSSL | 11:cee25a834751 | 352 | AKID_TYPE = 1 |
wolfSSL | 11:cee25a834751 | 353 | }; |
wolfSSL | 11:cee25a834751 | 354 | #endif |
wolfSSL | 11:cee25a834751 | 355 | |
wolfSSL | 11:cee25a834751 | 356 | /* Key usage extension bits */ |
wolfSSL | 11:cee25a834751 | 357 | #define KEYUSE_DIGITAL_SIG 0x0080 |
wolfSSL | 11:cee25a834751 | 358 | #define KEYUSE_CONTENT_COMMIT 0x0040 |
wolfSSL | 11:cee25a834751 | 359 | #define KEYUSE_KEY_ENCIPHER 0x0020 |
wolfSSL | 11:cee25a834751 | 360 | #define KEYUSE_DATA_ENCIPHER 0x0010 |
wolfSSL | 11:cee25a834751 | 361 | #define KEYUSE_KEY_AGREE 0x0008 |
wolfSSL | 11:cee25a834751 | 362 | #define KEYUSE_KEY_CERT_SIGN 0x0004 |
wolfSSL | 11:cee25a834751 | 363 | #define KEYUSE_CRL_SIGN 0x0002 |
wolfSSL | 11:cee25a834751 | 364 | #define KEYUSE_ENCIPHER_ONLY 0x0001 |
wolfSSL | 11:cee25a834751 | 365 | #define KEYUSE_DECIPHER_ONLY 0x8000 |
wolfSSL | 11:cee25a834751 | 366 | |
wolfSSL | 11:cee25a834751 | 367 | #define EXTKEYUSE_ANY 0x08 |
wolfSSL | 11:cee25a834751 | 368 | #define EXTKEYUSE_OCSP_SIGN 0x04 |
wolfSSL | 11:cee25a834751 | 369 | #define EXTKEYUSE_CLIENT_AUTH 0x02 |
wolfSSL | 11:cee25a834751 | 370 | #define EXTKEYUSE_SERVER_AUTH 0x01 |
wolfSSL | 11:cee25a834751 | 371 | |
wolfSSL | 11:cee25a834751 | 372 | typedef struct DNS_entry DNS_entry; |
wolfSSL | 11:cee25a834751 | 373 | |
wolfSSL | 11:cee25a834751 | 374 | struct DNS_entry { |
wolfSSL | 11:cee25a834751 | 375 | DNS_entry* next; /* next on DNS list */ |
wolfSSL | 11:cee25a834751 | 376 | char* name; /* actual DNS name */ |
wolfSSL | 11:cee25a834751 | 377 | }; |
wolfSSL | 11:cee25a834751 | 378 | |
wolfSSL | 11:cee25a834751 | 379 | |
wolfSSL | 11:cee25a834751 | 380 | typedef struct Base_entry Base_entry; |
wolfSSL | 11:cee25a834751 | 381 | |
wolfSSL | 11:cee25a834751 | 382 | struct Base_entry { |
wolfSSL | 11:cee25a834751 | 383 | Base_entry* next; /* next on name base list */ |
wolfSSL | 11:cee25a834751 | 384 | char* name; /* actual name base */ |
wolfSSL | 11:cee25a834751 | 385 | int nameSz; /* name length */ |
wolfSSL | 11:cee25a834751 | 386 | byte type; /* Name base type (DNS or RFC822) */ |
wolfSSL | 11:cee25a834751 | 387 | }; |
wolfSSL | 11:cee25a834751 | 388 | |
wolfSSL | 11:cee25a834751 | 389 | |
wolfSSL | 11:cee25a834751 | 390 | struct DecodedName { |
wolfSSL | 11:cee25a834751 | 391 | char* fullName; |
wolfSSL | 11:cee25a834751 | 392 | int fullNameLen; |
wolfSSL | 11:cee25a834751 | 393 | int entryCount; |
wolfSSL | 11:cee25a834751 | 394 | int cnIdx; |
wolfSSL | 11:cee25a834751 | 395 | int cnLen; |
wolfSSL | 11:cee25a834751 | 396 | int snIdx; |
wolfSSL | 11:cee25a834751 | 397 | int snLen; |
wolfSSL | 11:cee25a834751 | 398 | int cIdx; |
wolfSSL | 11:cee25a834751 | 399 | int cLen; |
wolfSSL | 11:cee25a834751 | 400 | int lIdx; |
wolfSSL | 11:cee25a834751 | 401 | int lLen; |
wolfSSL | 11:cee25a834751 | 402 | int stIdx; |
wolfSSL | 11:cee25a834751 | 403 | int stLen; |
wolfSSL | 11:cee25a834751 | 404 | int oIdx; |
wolfSSL | 11:cee25a834751 | 405 | int oLen; |
wolfSSL | 11:cee25a834751 | 406 | int ouIdx; |
wolfSSL | 11:cee25a834751 | 407 | int ouLen; |
wolfSSL | 11:cee25a834751 | 408 | int emailIdx; |
wolfSSL | 11:cee25a834751 | 409 | int emailLen; |
wolfSSL | 11:cee25a834751 | 410 | int uidIdx; |
wolfSSL | 11:cee25a834751 | 411 | int uidLen; |
wolfSSL | 11:cee25a834751 | 412 | int serialIdx; |
wolfSSL | 11:cee25a834751 | 413 | int serialLen; |
wolfSSL | 11:cee25a834751 | 414 | }; |
wolfSSL | 11:cee25a834751 | 415 | |
wolfSSL | 11:cee25a834751 | 416 | enum SignatureState { |
wolfSSL | 11:cee25a834751 | 417 | SIG_STATE_BEGIN, |
wolfSSL | 11:cee25a834751 | 418 | SIG_STATE_HASH, |
wolfSSL | 11:cee25a834751 | 419 | SIG_STATE_KEY, |
wolfSSL | 11:cee25a834751 | 420 | SIG_STATE_DO, |
wolfSSL | 11:cee25a834751 | 421 | SIG_STATE_CHECK, |
wolfSSL | 11:cee25a834751 | 422 | }; |
wolfSSL | 11:cee25a834751 | 423 | |
wolfSSL | 11:cee25a834751 | 424 | struct SignatureCtx { |
wolfSSL | 11:cee25a834751 | 425 | void* heap; |
wolfSSL | 11:cee25a834751 | 426 | byte* digest; |
wolfSSL | 11:cee25a834751 | 427 | #ifndef NO_RSA |
wolfSSL | 11:cee25a834751 | 428 | byte* out; |
wolfSSL | 11:cee25a834751 | 429 | byte* plain; |
wolfSSL | 11:cee25a834751 | 430 | #endif |
wolfSSL | 11:cee25a834751 | 431 | #ifdef HAVE_ECC |
wolfSSL | 11:cee25a834751 | 432 | int verify; |
wolfSSL | 11:cee25a834751 | 433 | #endif |
wolfSSL | 11:cee25a834751 | 434 | union { |
wolfSSL | 11:cee25a834751 | 435 | #ifndef NO_RSA |
wolfSSL | 11:cee25a834751 | 436 | struct RsaKey* rsa; |
wolfSSL | 11:cee25a834751 | 437 | #endif |
wolfSSL | 11:cee25a834751 | 438 | #ifdef HAVE_ECC |
wolfSSL | 11:cee25a834751 | 439 | struct ecc_key* ecc; |
wolfSSL | 11:cee25a834751 | 440 | #endif |
wolfSSL | 11:cee25a834751 | 441 | void* ptr; |
wolfSSL | 11:cee25a834751 | 442 | } key; |
wolfSSL | 11:cee25a834751 | 443 | int devId; |
wolfSSL | 11:cee25a834751 | 444 | int state; |
wolfSSL | 11:cee25a834751 | 445 | int typeH; |
wolfSSL | 11:cee25a834751 | 446 | int digestSz; |
wolfSSL | 11:cee25a834751 | 447 | word32 keyOID; |
wolfSSL | 11:cee25a834751 | 448 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 11:cee25a834751 | 449 | WC_ASYNC_DEV* asyncDev; |
wolfSSL | 11:cee25a834751 | 450 | #endif |
wolfSSL | 11:cee25a834751 | 451 | }; |
wolfSSL | 11:cee25a834751 | 452 | |
wolfSSL | 11:cee25a834751 | 453 | enum CertSignState { |
wolfSSL | 11:cee25a834751 | 454 | CERTSIGN_STATE_BEGIN, |
wolfSSL | 11:cee25a834751 | 455 | CERTSIGN_STATE_DIGEST, |
wolfSSL | 11:cee25a834751 | 456 | CERTSIGN_STATE_ENCODE, |
wolfSSL | 11:cee25a834751 | 457 | CERTSIGN_STATE_DO, |
wolfSSL | 11:cee25a834751 | 458 | }; |
wolfSSL | 11:cee25a834751 | 459 | |
wolfSSL | 11:cee25a834751 | 460 | struct CertSignCtx { |
wolfSSL | 11:cee25a834751 | 461 | byte* sig; |
wolfSSL | 11:cee25a834751 | 462 | byte* digest; |
wolfSSL | 11:cee25a834751 | 463 | #ifndef NO_RSA |
wolfSSL | 11:cee25a834751 | 464 | byte* encSig; |
wolfSSL | 11:cee25a834751 | 465 | int encSigSz; |
wolfSSL | 11:cee25a834751 | 466 | #endif |
wolfSSL | 11:cee25a834751 | 467 | int state; /* enum CertSignState */ |
wolfSSL | 11:cee25a834751 | 468 | }; |
wolfSSL | 11:cee25a834751 | 469 | |
wolfSSL | 11:cee25a834751 | 470 | |
wolfSSL | 11:cee25a834751 | 471 | typedef struct DecodedCert DecodedCert; |
wolfSSL | 11:cee25a834751 | 472 | typedef struct DecodedName DecodedName; |
wolfSSL | 11:cee25a834751 | 473 | typedef struct Signer Signer; |
wolfSSL | 11:cee25a834751 | 474 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 11:cee25a834751 | 475 | typedef struct TrustedPeerCert TrustedPeerCert; |
wolfSSL | 11:cee25a834751 | 476 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
wolfSSL | 11:cee25a834751 | 477 | typedef struct SignatureCtx SignatureCtx; |
wolfSSL | 11:cee25a834751 | 478 | typedef struct CertSignCtx CertSignCtx; |
wolfSSL | 11:cee25a834751 | 479 | |
wolfSSL | 11:cee25a834751 | 480 | |
wolfSSL | 11:cee25a834751 | 481 | struct DecodedCert { |
wolfSSL | 11:cee25a834751 | 482 | byte* publicKey; |
wolfSSL | 11:cee25a834751 | 483 | word32 pubKeySize; |
wolfSSL | 11:cee25a834751 | 484 | int pubKeyStored; |
wolfSSL | 11:cee25a834751 | 485 | word32 certBegin; /* offset to start of cert */ |
wolfSSL | 11:cee25a834751 | 486 | word32 sigIndex; /* offset to start of signature */ |
wolfSSL | 11:cee25a834751 | 487 | word32 sigLength; /* length of signature */ |
wolfSSL | 11:cee25a834751 | 488 | word32 signatureOID; /* sum of algorithm object id */ |
wolfSSL | 11:cee25a834751 | 489 | word32 keyOID; /* sum of key algo object id */ |
wolfSSL | 11:cee25a834751 | 490 | int version; /* cert version, 1 or 3 */ |
wolfSSL | 11:cee25a834751 | 491 | DNS_entry* altNames; /* alt names list of dns entries */ |
wolfSSL | 11:cee25a834751 | 492 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 11:cee25a834751 | 493 | DNS_entry* altEmailNames; /* alt names list of RFC822 entries */ |
wolfSSL | 11:cee25a834751 | 494 | Base_entry* permittedNames; /* Permitted name bases */ |
wolfSSL | 11:cee25a834751 | 495 | Base_entry* excludedNames; /* Excluded name bases */ |
wolfSSL | 11:cee25a834751 | 496 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 11:cee25a834751 | 497 | byte subjectHash[KEYID_SIZE]; /* hash of all Names */ |
wolfSSL | 11:cee25a834751 | 498 | byte issuerHash[KEYID_SIZE]; /* hash of all Names */ |
wolfSSL | 11:cee25a834751 | 499 | #ifdef HAVE_OCSP |
wolfSSL | 11:cee25a834751 | 500 | byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ |
wolfSSL | 11:cee25a834751 | 501 | #endif /* HAVE_OCSP */ |
wolfSSL | 11:cee25a834751 | 502 | byte* signature; /* not owned, points into raw cert */ |
wolfSSL | 11:cee25a834751 | 503 | char* subjectCN; /* CommonName */ |
wolfSSL | 11:cee25a834751 | 504 | int subjectCNLen; /* CommonName Length */ |
wolfSSL | 11:cee25a834751 | 505 | char subjectCNEnc; /* CommonName Encoding */ |
wolfSSL | 11:cee25a834751 | 506 | int subjectCNStored; /* have we saved a copy we own */ |
wolfSSL | 11:cee25a834751 | 507 | char issuer[ASN_NAME_MAX]; /* full name including common name */ |
wolfSSL | 11:cee25a834751 | 508 | char subject[ASN_NAME_MAX]; /* full name including common name */ |
wolfSSL | 11:cee25a834751 | 509 | int verify; /* Default to yes, but could be off */ |
wolfSSL | 11:cee25a834751 | 510 | byte* source; /* byte buffer holder cert, NOT owner */ |
wolfSSL | 11:cee25a834751 | 511 | word32 srcIdx; /* current offset into buffer */ |
wolfSSL | 11:cee25a834751 | 512 | word32 maxIdx; /* max offset based on init size */ |
wolfSSL | 11:cee25a834751 | 513 | void* heap; /* for user memory overrides */ |
wolfSSL | 11:cee25a834751 | 514 | byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ |
wolfSSL | 11:cee25a834751 | 515 | int serialSz; /* raw serial bytes stored */ |
wolfSSL | 11:cee25a834751 | 516 | byte* extensions; /* not owned, points into raw cert */ |
wolfSSL | 11:cee25a834751 | 517 | int extensionsSz; /* length of cert extensions */ |
wolfSSL | 11:cee25a834751 | 518 | word32 extensionsIdx; /* if want to go back and parse later */ |
wolfSSL | 11:cee25a834751 | 519 | byte* extAuthInfo; /* Authority Information Access URI */ |
wolfSSL | 11:cee25a834751 | 520 | int extAuthInfoSz; /* length of the URI */ |
wolfSSL | 11:cee25a834751 | 521 | byte* extCrlInfo; /* CRL Distribution Points */ |
wolfSSL | 11:cee25a834751 | 522 | int extCrlInfoSz; /* length of the URI */ |
wolfSSL | 11:cee25a834751 | 523 | byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */ |
wolfSSL | 11:cee25a834751 | 524 | byte extSubjKeyIdSet; /* Set when the SKID was read from cert */ |
wolfSSL | 11:cee25a834751 | 525 | byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */ |
wolfSSL | 11:cee25a834751 | 526 | byte extAuthKeyIdSet; /* Set when the AKID was read from cert */ |
wolfSSL | 11:cee25a834751 | 527 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 11:cee25a834751 | 528 | byte extNameConstraintSet; |
wolfSSL | 11:cee25a834751 | 529 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 11:cee25a834751 | 530 | byte isCA; /* CA basic constraint true */ |
wolfSSL | 11:cee25a834751 | 531 | byte pathLengthSet; /* CA basic const path length set */ |
wolfSSL | 11:cee25a834751 | 532 | byte pathLength; /* CA basic constraint path length */ |
wolfSSL | 11:cee25a834751 | 533 | byte weOwnAltNames; /* altNames haven't been given to copy */ |
wolfSSL | 11:cee25a834751 | 534 | byte extKeyUsageSet; |
wolfSSL | 11:cee25a834751 | 535 | word16 extKeyUsage; /* Key usage bitfield */ |
wolfSSL | 11:cee25a834751 | 536 | byte extExtKeyUsageSet; /* Extended Key Usage */ |
wolfSSL | 11:cee25a834751 | 537 | byte extExtKeyUsage; /* Extended Key usage bitfield */ |
wolfSSL | 11:cee25a834751 | 538 | #ifdef OPENSSL_EXTRA |
wolfSSL | 11:cee25a834751 | 539 | byte extCRLdistSet; |
wolfSSL | 11:cee25a834751 | 540 | byte extCRLdistCrit; |
wolfSSL | 11:cee25a834751 | 541 | byte extAuthInfoSet; |
wolfSSL | 11:cee25a834751 | 542 | byte extAuthInfoCrit; |
wolfSSL | 11:cee25a834751 | 543 | byte extBasicConstSet; |
wolfSSL | 11:cee25a834751 | 544 | byte extBasicConstCrit; |
wolfSSL | 11:cee25a834751 | 545 | byte extSubjAltNameSet; |
wolfSSL | 11:cee25a834751 | 546 | byte extSubjAltNameCrit; |
wolfSSL | 11:cee25a834751 | 547 | byte extAuthKeyIdCrit; |
wolfSSL | 11:cee25a834751 | 548 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 11:cee25a834751 | 549 | byte extNameConstraintCrit; |
wolfSSL | 11:cee25a834751 | 550 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 11:cee25a834751 | 551 | byte extSubjKeyIdCrit; |
wolfSSL | 11:cee25a834751 | 552 | byte extKeyUsageCrit; |
wolfSSL | 11:cee25a834751 | 553 | byte extExtKeyUsageCrit; |
wolfSSL | 11:cee25a834751 | 554 | byte* extExtKeyUsageSrc; |
wolfSSL | 11:cee25a834751 | 555 | word32 extExtKeyUsageSz; |
wolfSSL | 11:cee25a834751 | 556 | word32 extExtKeyUsageCount; |
wolfSSL | 11:cee25a834751 | 557 | byte* extAuthKeyIdSrc; |
wolfSSL | 11:cee25a834751 | 558 | word32 extAuthKeyIdSz; |
wolfSSL | 11:cee25a834751 | 559 | byte* extSubjKeyIdSrc; |
wolfSSL | 11:cee25a834751 | 560 | word32 extSubjKeyIdSz; |
wolfSSL | 11:cee25a834751 | 561 | #endif |
wolfSSL | 11:cee25a834751 | 562 | #ifdef HAVE_ECC |
wolfSSL | 11:cee25a834751 | 563 | word32 pkCurveOID; /* Public Key's curve OID */ |
wolfSSL | 11:cee25a834751 | 564 | #endif /* HAVE_ECC */ |
wolfSSL | 11:cee25a834751 | 565 | byte* beforeDate; |
wolfSSL | 11:cee25a834751 | 566 | int beforeDateLen; |
wolfSSL | 11:cee25a834751 | 567 | byte* afterDate; |
wolfSSL | 11:cee25a834751 | 568 | int afterDateLen; |
wolfSSL | 11:cee25a834751 | 569 | #ifdef HAVE_PKCS7 |
wolfSSL | 11:cee25a834751 | 570 | byte* issuerRaw; /* pointer to issuer inside source */ |
wolfSSL | 11:cee25a834751 | 571 | int issuerRawLen; |
wolfSSL | 11:cee25a834751 | 572 | #endif |
wolfSSL | 11:cee25a834751 | 573 | #ifndef IGNORE_NAME_CONSTRAINT |
wolfSSL | 11:cee25a834751 | 574 | byte* subjectRaw; /* pointer to subject inside source */ |
wolfSSL | 11:cee25a834751 | 575 | int subjectRawLen; |
wolfSSL | 11:cee25a834751 | 576 | #endif |
wolfSSL | 11:cee25a834751 | 577 | #if defined(WOLFSSL_CERT_GEN) |
wolfSSL | 11:cee25a834751 | 578 | /* easy access to subject info for other sign */ |
wolfSSL | 11:cee25a834751 | 579 | char* subjectSN; |
wolfSSL | 11:cee25a834751 | 580 | int subjectSNLen; |
wolfSSL | 11:cee25a834751 | 581 | char subjectSNEnc; |
wolfSSL | 11:cee25a834751 | 582 | char* subjectC; |
wolfSSL | 11:cee25a834751 | 583 | int subjectCLen; |
wolfSSL | 11:cee25a834751 | 584 | char subjectCEnc; |
wolfSSL | 11:cee25a834751 | 585 | char* subjectL; |
wolfSSL | 11:cee25a834751 | 586 | int subjectLLen; |
wolfSSL | 11:cee25a834751 | 587 | char subjectLEnc; |
wolfSSL | 11:cee25a834751 | 588 | char* subjectST; |
wolfSSL | 11:cee25a834751 | 589 | int subjectSTLen; |
wolfSSL | 11:cee25a834751 | 590 | char subjectSTEnc; |
wolfSSL | 11:cee25a834751 | 591 | char* subjectO; |
wolfSSL | 11:cee25a834751 | 592 | int subjectOLen; |
wolfSSL | 11:cee25a834751 | 593 | char subjectOEnc; |
wolfSSL | 11:cee25a834751 | 594 | char* subjectOU; |
wolfSSL | 11:cee25a834751 | 595 | int subjectOULen; |
wolfSSL | 11:cee25a834751 | 596 | char subjectOUEnc; |
wolfSSL | 11:cee25a834751 | 597 | char* subjectEmail; |
wolfSSL | 11:cee25a834751 | 598 | int subjectEmailLen; |
wolfSSL | 11:cee25a834751 | 599 | #endif /* WOLFSSL_CERT_GEN */ |
wolfSSL | 11:cee25a834751 | 600 | #ifdef OPENSSL_EXTRA |
wolfSSL | 11:cee25a834751 | 601 | DecodedName issuerName; |
wolfSSL | 11:cee25a834751 | 602 | DecodedName subjectName; |
wolfSSL | 11:cee25a834751 | 603 | #endif /* OPENSSL_EXTRA */ |
wolfSSL | 11:cee25a834751 | 604 | #ifdef WOLFSSL_SEP |
wolfSSL | 11:cee25a834751 | 605 | int deviceTypeSz; |
wolfSSL | 11:cee25a834751 | 606 | byte* deviceType; |
wolfSSL | 11:cee25a834751 | 607 | int hwTypeSz; |
wolfSSL | 11:cee25a834751 | 608 | byte* hwType; |
wolfSSL | 11:cee25a834751 | 609 | int hwSerialNumSz; |
wolfSSL | 11:cee25a834751 | 610 | byte* hwSerialNum; |
wolfSSL | 11:cee25a834751 | 611 | #ifdef OPENSSL_EXTRA |
wolfSSL | 11:cee25a834751 | 612 | byte extCertPolicySet; |
wolfSSL | 11:cee25a834751 | 613 | byte extCertPolicyCrit; |
wolfSSL | 11:cee25a834751 | 614 | #endif /* OPENSSL_EXTRA */ |
wolfSSL | 11:cee25a834751 | 615 | #endif /* WOLFSSL_SEP */ |
wolfSSL | 11:cee25a834751 | 616 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 11:cee25a834751 | 617 | char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; |
wolfSSL | 11:cee25a834751 | 618 | int extCertPoliciesNb; |
wolfSSL | 11:cee25a834751 | 619 | #endif /* WOLFSSL_CERT_EXT */ |
wolfSSL | 11:cee25a834751 | 620 | |
wolfSSL | 11:cee25a834751 | 621 | Signer* ca; |
wolfSSL | 11:cee25a834751 | 622 | SignatureCtx sigCtx; |
wolfSSL | 11:cee25a834751 | 623 | }; |
wolfSSL | 11:cee25a834751 | 624 | |
wolfSSL | 11:cee25a834751 | 625 | |
wolfSSL | 11:cee25a834751 | 626 | struct WOLFSSL_ASN1_OBJECT { |
wolfSSL | 11:cee25a834751 | 627 | void* heap; |
wolfSSL | 11:cee25a834751 | 628 | byte* obj; |
wolfSSL | 11:cee25a834751 | 629 | int type; /* oid */ |
wolfSSL | 11:cee25a834751 | 630 | word32 objSz; |
wolfSSL | 11:cee25a834751 | 631 | byte dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */ |
wolfSSL | 11:cee25a834751 | 632 | }; |
wolfSSL | 11:cee25a834751 | 633 | |
wolfSSL | 11:cee25a834751 | 634 | |
wolfSSL | 11:cee25a834751 | 635 | extern const char* BEGIN_CERT; |
wolfSSL | 11:cee25a834751 | 636 | extern const char* END_CERT; |
wolfSSL | 11:cee25a834751 | 637 | extern const char* BEGIN_CERT_REQ; |
wolfSSL | 11:cee25a834751 | 638 | extern const char* END_CERT_REQ; |
wolfSSL | 11:cee25a834751 | 639 | extern const char* BEGIN_DSA_PARAM; |
wolfSSL | 11:cee25a834751 | 640 | extern const char* END_DSA_PARAM; |
wolfSSL | 11:cee25a834751 | 641 | extern const char* BEGIN_DH_PARAM; |
wolfSSL | 11:cee25a834751 | 642 | extern const char* END_DH_PARAM; |
wolfSSL | 11:cee25a834751 | 643 | extern const char* BEGIN_X509_CRL; |
wolfSSL | 11:cee25a834751 | 644 | extern const char* END_X509_CRL; |
wolfSSL | 11:cee25a834751 | 645 | extern const char* BEGIN_RSA_PRIV; |
wolfSSL | 11:cee25a834751 | 646 | extern const char* END_RSA_PRIV; |
wolfSSL | 11:cee25a834751 | 647 | extern const char* BEGIN_PRIV_KEY; |
wolfSSL | 11:cee25a834751 | 648 | extern const char* END_PRIV_KEY; |
wolfSSL | 11:cee25a834751 | 649 | extern const char* BEGIN_ENC_PRIV_KEY; |
wolfSSL | 11:cee25a834751 | 650 | extern const char* END_ENC_PRIV_KEY; |
wolfSSL | 11:cee25a834751 | 651 | extern const char* BEGIN_EC_PRIV; |
wolfSSL | 11:cee25a834751 | 652 | extern const char* END_EC_PRIV; |
wolfSSL | 11:cee25a834751 | 653 | extern const char* BEGIN_DSA_PRIV; |
wolfSSL | 11:cee25a834751 | 654 | extern const char* END_DSA_PRIV; |
wolfSSL | 11:cee25a834751 | 655 | extern const char* BEGIN_PUB_KEY; |
wolfSSL | 11:cee25a834751 | 656 | extern const char* END_PUB_KEY; |
wolfSSL | 11:cee25a834751 | 657 | |
wolfSSL | 11:cee25a834751 | 658 | #ifdef NO_SHA |
wolfSSL | 11:cee25a834751 | 659 | #define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE |
wolfSSL | 11:cee25a834751 | 660 | #else |
wolfSSL | 11:cee25a834751 | 661 | #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE |
wolfSSL | 11:cee25a834751 | 662 | #endif |
wolfSSL | 11:cee25a834751 | 663 | |
wolfSSL | 11:cee25a834751 | 664 | /* CA Signers */ |
wolfSSL | 11:cee25a834751 | 665 | /* if change layout change PERSIST_CERT_CACHE functions too */ |
wolfSSL | 11:cee25a834751 | 666 | struct Signer { |
wolfSSL | 11:cee25a834751 | 667 | word32 pubKeySize; |
wolfSSL | 11:cee25a834751 | 668 | word32 keyOID; /* key type */ |
wolfSSL | 11:cee25a834751 | 669 | word16 keyUsage; |
wolfSSL | 11:cee25a834751 | 670 | byte pathLength; |
wolfSSL | 11:cee25a834751 | 671 | byte pathLengthSet; |
wolfSSL | 11:cee25a834751 | 672 | byte* publicKey; |
wolfSSL | 11:cee25a834751 | 673 | int nameLen; |
wolfSSL | 11:cee25a834751 | 674 | char* name; /* common name */ |
wolfSSL | 11:cee25a834751 | 675 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 11:cee25a834751 | 676 | Base_entry* permittedNames; |
wolfSSL | 11:cee25a834751 | 677 | Base_entry* excludedNames; |
wolfSSL | 11:cee25a834751 | 678 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 11:cee25a834751 | 679 | byte subjectNameHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 11:cee25a834751 | 680 | /* sha hash of names in certificate */ |
wolfSSL | 11:cee25a834751 | 681 | #ifndef NO_SKID |
wolfSSL | 11:cee25a834751 | 682 | byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 11:cee25a834751 | 683 | /* sha hash of names in certificate */ |
wolfSSL | 11:cee25a834751 | 684 | #endif |
wolfSSL | 11:cee25a834751 | 685 | Signer* next; |
wolfSSL | 11:cee25a834751 | 686 | }; |
wolfSSL | 11:cee25a834751 | 687 | |
wolfSSL | 11:cee25a834751 | 688 | |
wolfSSL | 11:cee25a834751 | 689 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 11:cee25a834751 | 690 | /* used for having trusted peer certs rather then CA */ |
wolfSSL | 11:cee25a834751 | 691 | struct TrustedPeerCert { |
wolfSSL | 11:cee25a834751 | 692 | int nameLen; |
wolfSSL | 11:cee25a834751 | 693 | char* name; /* common name */ |
wolfSSL | 11:cee25a834751 | 694 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 11:cee25a834751 | 695 | Base_entry* permittedNames; |
wolfSSL | 11:cee25a834751 | 696 | Base_entry* excludedNames; |
wolfSSL | 11:cee25a834751 | 697 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 11:cee25a834751 | 698 | byte subjectNameHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 11:cee25a834751 | 699 | /* sha hash of names in certificate */ |
wolfSSL | 11:cee25a834751 | 700 | #ifndef NO_SKID |
wolfSSL | 11:cee25a834751 | 701 | byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 11:cee25a834751 | 702 | /* sha hash of names in certificate */ |
wolfSSL | 11:cee25a834751 | 703 | #endif |
wolfSSL | 11:cee25a834751 | 704 | word32 sigLen; |
wolfSSL | 11:cee25a834751 | 705 | byte* sig; |
wolfSSL | 11:cee25a834751 | 706 | struct TrustedPeerCert* next; |
wolfSSL | 11:cee25a834751 | 707 | }; |
wolfSSL | 11:cee25a834751 | 708 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
wolfSSL | 11:cee25a834751 | 709 | |
wolfSSL | 11:cee25a834751 | 710 | |
wolfSSL | 11:cee25a834751 | 711 | /* for testing or custom openssl wrappers */ |
wolfSSL | 11:cee25a834751 | 712 | #if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) |
wolfSSL | 11:cee25a834751 | 713 | #define WOLFSSL_ASN_API WOLFSSL_API |
wolfSSL | 11:cee25a834751 | 714 | #else |
wolfSSL | 11:cee25a834751 | 715 | #define WOLFSSL_ASN_API WOLFSSL_LOCAL |
wolfSSL | 11:cee25a834751 | 716 | #endif |
wolfSSL | 11:cee25a834751 | 717 | |
wolfSSL | 11:cee25a834751 | 718 | WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*); |
wolfSSL | 11:cee25a834751 | 719 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 11:cee25a834751 | 720 | WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*); |
wolfSSL | 11:cee25a834751 | 721 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 11:cee25a834751 | 722 | WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); |
wolfSSL | 11:cee25a834751 | 723 | WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*); |
wolfSSL | 11:cee25a834751 | 724 | WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm); |
wolfSSL | 11:cee25a834751 | 725 | |
wolfSSL | 11:cee25a834751 | 726 | WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); |
wolfSSL | 11:cee25a834751 | 727 | WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); |
wolfSSL | 11:cee25a834751 | 728 | |
wolfSSL | 11:cee25a834751 | 729 | WOLFSSL_LOCAL Signer* MakeSigner(void*); |
wolfSSL | 11:cee25a834751 | 730 | WOLFSSL_LOCAL void FreeSigner(Signer*, void*); |
wolfSSL | 11:cee25a834751 | 731 | WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*); |
wolfSSL | 11:cee25a834751 | 732 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 11:cee25a834751 | 733 | WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*); |
wolfSSL | 11:cee25a834751 | 734 | WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*); |
wolfSSL | 11:cee25a834751 | 735 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
wolfSSL | 11:cee25a834751 | 736 | |
wolfSSL | 11:cee25a834751 | 737 | WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length); |
wolfSSL | 11:cee25a834751 | 738 | WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx, |
wolfSSL | 11:cee25a834751 | 739 | word32 length); |
wolfSSL | 11:cee25a834751 | 740 | WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int); |
wolfSSL | 11:cee25a834751 | 741 | WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz); |
wolfSSL | 11:cee25a834751 | 742 | WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, |
wolfSSL | 11:cee25a834751 | 743 | word32* oidSz, int* algoID, void* heap); |
wolfSSL | 11:cee25a834751 | 744 | |
wolfSSL | 11:cee25a834751 | 745 | typedef struct tm wolfssl_tm; |
wolfSSL | 11:cee25a834751 | 746 | #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 11:cee25a834751 | 747 | WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); |
wolfSSL | 11:cee25a834751 | 748 | #endif |
wolfSSL | 11:cee25a834751 | 749 | WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, |
wolfSSL | 11:cee25a834751 | 750 | wolfssl_tm* certTime, int* idx); |
wolfSSL | 11:cee25a834751 | 751 | WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); |
wolfSSL | 11:cee25a834751 | 752 | |
wolfSSL | 11:cee25a834751 | 753 | /* ASN.1 helper functions */ |
wolfSSL | 11:cee25a834751 | 754 | #ifdef WOLFSSL_CERT_GEN |
wolfSSL | 11:cee25a834751 | 755 | WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name); |
wolfSSL | 11:cee25a834751 | 756 | #endif |
wolfSSL | 11:cee25a834751 | 757 | WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, |
wolfSSL | 11:cee25a834751 | 758 | word32 maxIdx); |
wolfSSL | 11:cee25a834751 | 759 | WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, |
wolfSSL | 11:cee25a834751 | 760 | word32 maxIdx); |
wolfSSL | 11:cee25a834751 | 761 | WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, |
wolfSSL | 11:cee25a834751 | 762 | word32 maxIdx); |
wolfSSL | 11:cee25a834751 | 763 | WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, |
wolfSSL | 11:cee25a834751 | 764 | word32 maxIdx); |
wolfSSL | 11:cee25a834751 | 765 | WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, |
wolfSSL | 11:cee25a834751 | 766 | int* version, word32 maxIdx); |
wolfSSL | 11:cee25a834751 | 767 | WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, |
wolfSSL | 11:cee25a834751 | 768 | word32 maxIdx); |
wolfSSL | 11:cee25a834751 | 769 | #ifdef HAVE_OID_ENCODING |
wolfSSL | 11:cee25a834751 | 770 | WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, |
wolfSSL | 11:cee25a834751 | 771 | byte* out, word32* outSz); |
wolfSSL | 11:cee25a834751 | 772 | #endif |
wolfSSL | 11:cee25a834751 | 773 | #ifdef HAVE_OID_DECODING |
wolfSSL | 11:cee25a834751 | 774 | WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz, |
wolfSSL | 11:cee25a834751 | 775 | word16* out, word32* outSz); |
wolfSSL | 11:cee25a834751 | 776 | #endif |
wolfSSL | 11:cee25a834751 | 777 | WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, |
wolfSSL | 11:cee25a834751 | 778 | word32 oidType, word32 maxIdx); |
wolfSSL | 11:cee25a834751 | 779 | WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, |
wolfSSL | 11:cee25a834751 | 780 | word32 oidType, word32 maxIdx); |
wolfSSL | 11:cee25a834751 | 781 | WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); |
wolfSSL | 11:cee25a834751 | 782 | WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); |
wolfSSL | 11:cee25a834751 | 783 | WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); |
wolfSSL | 11:cee25a834751 | 784 | WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output); |
wolfSSL | 11:cee25a834751 | 785 | WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); |
wolfSSL | 11:cee25a834751 | 786 | WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); |
wolfSSL | 11:cee25a834751 | 787 | WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz); |
wolfSSL | 11:cee25a834751 | 788 | WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); |
wolfSSL | 11:cee25a834751 | 789 | WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output); |
wolfSSL | 11:cee25a834751 | 790 | WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, |
wolfSSL | 11:cee25a834751 | 791 | byte* serial, int* serialSz, word32 maxIdx); |
wolfSSL | 11:cee25a834751 | 792 | WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, |
wolfSSL | 11:cee25a834751 | 793 | int maxIdx); |
wolfSSL | 11:cee25a834751 | 794 | WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); |
wolfSSL | 11:cee25a834751 | 795 | |
wolfSSL | 11:cee25a834751 | 796 | #ifdef HAVE_ECC |
wolfSSL | 11:cee25a834751 | 797 | /* ASN sig helpers */ |
wolfSSL | 11:cee25a834751 | 798 | WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, |
wolfSSL | 11:cee25a834751 | 799 | mp_int* s); |
wolfSSL | 11:cee25a834751 | 800 | WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, |
wolfSSL | 11:cee25a834751 | 801 | mp_int* r, mp_int* s); |
wolfSSL | 11:cee25a834751 | 802 | #endif |
wolfSSL | 11:cee25a834751 | 803 | |
wolfSSL | 11:cee25a834751 | 804 | WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId); |
wolfSSL | 11:cee25a834751 | 805 | WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx); |
wolfSSL | 11:cee25a834751 | 806 | |
wolfSSL | 11:cee25a834751 | 807 | |
wolfSSL | 11:cee25a834751 | 808 | #ifdef WOLFSSL_CERT_GEN |
wolfSSL | 11:cee25a834751 | 809 | |
wolfSSL | 11:cee25a834751 | 810 | enum cert_enums { |
wolfSSL | 11:cee25a834751 | 811 | NAME_ENTRIES = 8, |
wolfSSL | 11:cee25a834751 | 812 | JOINT_LEN = 2, |
wolfSSL | 11:cee25a834751 | 813 | EMAIL_JOINT_LEN = 9, |
wolfSSL | 11:cee25a834751 | 814 | RSA_KEY = 10, |
wolfSSL | 11:cee25a834751 | 815 | NTRU_KEY = 11, |
wolfSSL | 11:cee25a834751 | 816 | ECC_KEY = 12 |
wolfSSL | 11:cee25a834751 | 817 | }; |
wolfSSL | 11:cee25a834751 | 818 | |
wolfSSL | 11:cee25a834751 | 819 | #ifndef WOLFSSL_PEMCERT_TODER_DEFINED |
wolfSSL | 11:cee25a834751 | 820 | #ifndef NO_FILESYSTEM |
wolfSSL | 11:cee25a834751 | 821 | /* forward from wolfSSL */ |
wolfSSL | 11:cee25a834751 | 822 | WOLFSSL_API |
wolfSSL | 11:cee25a834751 | 823 | int wolfSSL_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz); |
wolfSSL | 11:cee25a834751 | 824 | #define WOLFSSL_PEMCERT_TODER_DEFINED |
wolfSSL | 11:cee25a834751 | 825 | #endif |
wolfSSL | 11:cee25a834751 | 826 | #endif |
wolfSSL | 11:cee25a834751 | 827 | |
wolfSSL | 11:cee25a834751 | 828 | #endif /* WOLFSSL_CERT_GEN */ |
wolfSSL | 11:cee25a834751 | 829 | |
wolfSSL | 11:cee25a834751 | 830 | |
wolfSSL | 11:cee25a834751 | 831 | |
wolfSSL | 11:cee25a834751 | 832 | /* for pointer use */ |
wolfSSL | 11:cee25a834751 | 833 | typedef struct CertStatus CertStatus; |
wolfSSL | 11:cee25a834751 | 834 | |
wolfSSL | 11:cee25a834751 | 835 | #ifdef HAVE_OCSP |
wolfSSL | 11:cee25a834751 | 836 | |
wolfSSL | 11:cee25a834751 | 837 | enum Ocsp_Response_Status { |
wolfSSL | 11:cee25a834751 | 838 | OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */ |
wolfSSL | 11:cee25a834751 | 839 | OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */ |
wolfSSL | 11:cee25a834751 | 840 | OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */ |
wolfSSL | 11:cee25a834751 | 841 | OCSP_TRY_LATER = 3, /* Try again later */ |
wolfSSL | 11:cee25a834751 | 842 | OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */ |
wolfSSL | 11:cee25a834751 | 843 | OCSP_UNAUTHROIZED = 6 /* Request unauthorized */ |
wolfSSL | 11:cee25a834751 | 844 | }; |
wolfSSL | 11:cee25a834751 | 845 | |
wolfSSL | 11:cee25a834751 | 846 | |
wolfSSL | 11:cee25a834751 | 847 | enum Ocsp_Cert_Status { |
wolfSSL | 11:cee25a834751 | 848 | CERT_GOOD = 0, |
wolfSSL | 11:cee25a834751 | 849 | CERT_REVOKED = 1, |
wolfSSL | 11:cee25a834751 | 850 | CERT_UNKNOWN = 2 |
wolfSSL | 11:cee25a834751 | 851 | }; |
wolfSSL | 11:cee25a834751 | 852 | |
wolfSSL | 11:cee25a834751 | 853 | |
wolfSSL | 11:cee25a834751 | 854 | enum Ocsp_Sums { |
wolfSSL | 11:cee25a834751 | 855 | OCSP_BASIC_OID = 117, |
wolfSSL | 11:cee25a834751 | 856 | OCSP_NONCE_OID = 118 |
wolfSSL | 11:cee25a834751 | 857 | }; |
wolfSSL | 11:cee25a834751 | 858 | |
wolfSSL | 11:cee25a834751 | 859 | |
wolfSSL | 11:cee25a834751 | 860 | typedef struct OcspRequest OcspRequest; |
wolfSSL | 11:cee25a834751 | 861 | typedef struct OcspResponse OcspResponse; |
wolfSSL | 11:cee25a834751 | 862 | |
wolfSSL | 11:cee25a834751 | 863 | |
wolfSSL | 11:cee25a834751 | 864 | struct CertStatus { |
wolfSSL | 11:cee25a834751 | 865 | CertStatus* next; |
wolfSSL | 11:cee25a834751 | 866 | |
wolfSSL | 11:cee25a834751 | 867 | byte serial[EXTERNAL_SERIAL_SIZE]; |
wolfSSL | 11:cee25a834751 | 868 | int serialSz; |
wolfSSL | 11:cee25a834751 | 869 | |
wolfSSL | 11:cee25a834751 | 870 | int status; |
wolfSSL | 11:cee25a834751 | 871 | |
wolfSSL | 11:cee25a834751 | 872 | byte thisDate[MAX_DATE_SIZE]; |
wolfSSL | 11:cee25a834751 | 873 | byte nextDate[MAX_DATE_SIZE]; |
wolfSSL | 11:cee25a834751 | 874 | byte thisDateFormat; |
wolfSSL | 11:cee25a834751 | 875 | byte nextDateFormat; |
wolfSSL | 11:cee25a834751 | 876 | #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 11:cee25a834751 | 877 | byte* thisDateAsn; |
wolfSSL | 11:cee25a834751 | 878 | byte* nextDateAsn; |
wolfSSL | 11:cee25a834751 | 879 | #endif |
wolfSSL | 11:cee25a834751 | 880 | |
wolfSSL | 11:cee25a834751 | 881 | byte* rawOcspResponse; |
wolfSSL | 11:cee25a834751 | 882 | word32 rawOcspResponseSz; |
wolfSSL | 11:cee25a834751 | 883 | }; |
wolfSSL | 11:cee25a834751 | 884 | |
wolfSSL | 11:cee25a834751 | 885 | |
wolfSSL | 11:cee25a834751 | 886 | struct OcspResponse { |
wolfSSL | 11:cee25a834751 | 887 | int responseStatus; /* return code from Responder */ |
wolfSSL | 11:cee25a834751 | 888 | |
wolfSSL | 11:cee25a834751 | 889 | byte* response; /* Pointer to beginning of OCSP Response */ |
wolfSSL | 11:cee25a834751 | 890 | word32 responseSz; /* length of the OCSP Response */ |
wolfSSL | 11:cee25a834751 | 891 | |
wolfSSL | 11:cee25a834751 | 892 | byte producedDate[MAX_DATE_SIZE]; |
wolfSSL | 11:cee25a834751 | 893 | /* Date at which this response was signed */ |
wolfSSL | 11:cee25a834751 | 894 | byte producedDateFormat; /* format of the producedDate */ |
wolfSSL | 11:cee25a834751 | 895 | byte* issuerHash; |
wolfSSL | 11:cee25a834751 | 896 | byte* issuerKeyHash; |
wolfSSL | 11:cee25a834751 | 897 | |
wolfSSL | 11:cee25a834751 | 898 | byte* cert; |
wolfSSL | 11:cee25a834751 | 899 | word32 certSz; |
wolfSSL | 11:cee25a834751 | 900 | |
wolfSSL | 11:cee25a834751 | 901 | byte* sig; /* Pointer to sig in source */ |
wolfSSL | 11:cee25a834751 | 902 | word32 sigSz; /* Length in octets for the sig */ |
wolfSSL | 11:cee25a834751 | 903 | word32 sigOID; /* OID for hash used for sig */ |
wolfSSL | 11:cee25a834751 | 904 | |
wolfSSL | 11:cee25a834751 | 905 | CertStatus* status; /* certificate status to fill out */ |
wolfSSL | 11:cee25a834751 | 906 | |
wolfSSL | 11:cee25a834751 | 907 | byte* nonce; /* pointer to nonce inside ASN.1 response */ |
wolfSSL | 11:cee25a834751 | 908 | int nonceSz; /* length of the nonce string */ |
wolfSSL | 11:cee25a834751 | 909 | |
wolfSSL | 11:cee25a834751 | 910 | byte* source; /* pointer to source buffer, not owned */ |
wolfSSL | 11:cee25a834751 | 911 | word32 maxIdx; /* max offset based on init size */ |
wolfSSL | 11:cee25a834751 | 912 | }; |
wolfSSL | 11:cee25a834751 | 913 | |
wolfSSL | 11:cee25a834751 | 914 | |
wolfSSL | 11:cee25a834751 | 915 | struct OcspRequest { |
wolfSSL | 11:cee25a834751 | 916 | byte issuerHash[KEYID_SIZE]; |
wolfSSL | 11:cee25a834751 | 917 | byte issuerKeyHash[KEYID_SIZE]; |
wolfSSL | 11:cee25a834751 | 918 | byte* serial; /* copy of the serial number in source cert */ |
wolfSSL | 11:cee25a834751 | 919 | int serialSz; |
wolfSSL | 11:cee25a834751 | 920 | byte* url; /* copy of the extAuthInfo in source cert */ |
wolfSSL | 11:cee25a834751 | 921 | int urlSz; |
wolfSSL | 11:cee25a834751 | 922 | |
wolfSSL | 11:cee25a834751 | 923 | byte nonce[MAX_OCSP_NONCE_SZ]; |
wolfSSL | 11:cee25a834751 | 924 | int nonceSz; |
wolfSSL | 11:cee25a834751 | 925 | void* heap; |
wolfSSL | 11:cee25a834751 | 926 | |
wolfSSL | 11:cee25a834751 | 927 | #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 11:cee25a834751 | 928 | void* ssl; |
wolfSSL | 11:cee25a834751 | 929 | #endif |
wolfSSL | 11:cee25a834751 | 930 | }; |
wolfSSL | 11:cee25a834751 | 931 | |
wolfSSL | 11:cee25a834751 | 932 | |
wolfSSL | 11:cee25a834751 | 933 | WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); |
wolfSSL | 11:cee25a834751 | 934 | WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int); |
wolfSSL | 11:cee25a834751 | 935 | |
wolfSSL | 11:cee25a834751 | 936 | WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*); |
wolfSSL | 11:cee25a834751 | 937 | WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*); |
wolfSSL | 11:cee25a834751 | 938 | WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32); |
wolfSSL | 11:cee25a834751 | 939 | WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32); |
wolfSSL | 11:cee25a834751 | 940 | |
wolfSSL | 11:cee25a834751 | 941 | |
wolfSSL | 11:cee25a834751 | 942 | WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*); |
wolfSSL | 11:cee25a834751 | 943 | |
wolfSSL | 11:cee25a834751 | 944 | |
wolfSSL | 11:cee25a834751 | 945 | #endif /* HAVE_OCSP */ |
wolfSSL | 11:cee25a834751 | 946 | |
wolfSSL | 11:cee25a834751 | 947 | |
wolfSSL | 11:cee25a834751 | 948 | /* for pointer use */ |
wolfSSL | 11:cee25a834751 | 949 | typedef struct RevokedCert RevokedCert; |
wolfSSL | 11:cee25a834751 | 950 | |
wolfSSL | 11:cee25a834751 | 951 | #ifdef HAVE_CRL |
wolfSSL | 11:cee25a834751 | 952 | |
wolfSSL | 11:cee25a834751 | 953 | struct RevokedCert { |
wolfSSL | 11:cee25a834751 | 954 | byte serialNumber[EXTERNAL_SERIAL_SIZE]; |
wolfSSL | 11:cee25a834751 | 955 | int serialSz; |
wolfSSL | 11:cee25a834751 | 956 | RevokedCert* next; |
wolfSSL | 11:cee25a834751 | 957 | }; |
wolfSSL | 11:cee25a834751 | 958 | |
wolfSSL | 11:cee25a834751 | 959 | typedef struct DecodedCRL DecodedCRL; |
wolfSSL | 11:cee25a834751 | 960 | |
wolfSSL | 11:cee25a834751 | 961 | struct DecodedCRL { |
wolfSSL | 11:cee25a834751 | 962 | word32 certBegin; /* offset to start of cert */ |
wolfSSL | 11:cee25a834751 | 963 | word32 sigIndex; /* offset to start of signature */ |
wolfSSL | 11:cee25a834751 | 964 | word32 sigLength; /* length of signature */ |
wolfSSL | 11:cee25a834751 | 965 | word32 signatureOID; /* sum of algorithm object id */ |
wolfSSL | 11:cee25a834751 | 966 | byte* signature; /* pointer into raw source, not owned */ |
wolfSSL | 11:cee25a834751 | 967 | byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */ |
wolfSSL | 11:cee25a834751 | 968 | byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */ |
wolfSSL | 11:cee25a834751 | 969 | byte lastDate[MAX_DATE_SIZE]; /* last date updated */ |
wolfSSL | 11:cee25a834751 | 970 | byte nextDate[MAX_DATE_SIZE]; /* next update date */ |
wolfSSL | 11:cee25a834751 | 971 | byte lastDateFormat; /* format of last date */ |
wolfSSL | 11:cee25a834751 | 972 | byte nextDateFormat; /* format of next date */ |
wolfSSL | 11:cee25a834751 | 973 | RevokedCert* certs; /* revoked cert list */ |
wolfSSL | 11:cee25a834751 | 974 | int totalCerts; /* number on list */ |
wolfSSL | 11:cee25a834751 | 975 | void* heap; |
wolfSSL | 11:cee25a834751 | 976 | }; |
wolfSSL | 11:cee25a834751 | 977 | |
wolfSSL | 11:cee25a834751 | 978 | WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*, void* heap); |
wolfSSL | 11:cee25a834751 | 979 | WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm); |
wolfSSL | 11:cee25a834751 | 980 | WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*); |
wolfSSL | 11:cee25a834751 | 981 | |
wolfSSL | 11:cee25a834751 | 982 | |
wolfSSL | 11:cee25a834751 | 983 | #endif /* HAVE_CRL */ |
wolfSSL | 11:cee25a834751 | 984 | |
wolfSSL | 11:cee25a834751 | 985 | |
wolfSSL | 11:cee25a834751 | 986 | #ifdef __cplusplus |
wolfSSL | 11:cee25a834751 | 987 | } /* extern "C" */ |
wolfSSL | 11:cee25a834751 | 988 | #endif |
wolfSSL | 11:cee25a834751 | 989 | |
wolfSSL | 11:cee25a834751 | 990 | #endif /* !NO_ASN */ |
wolfSSL | 11:cee25a834751 | 991 | #endif /* WOLF_CRYPT_ASN_H */ |
wolfSSL | 11:cee25a834751 | 992 |