wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfssl/wolfcrypt/asn.h@13:f67a6c6013ca, 2017-08-22 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue Aug 22 10:48:22 2017 +0000
- Revision:
- 13:f67a6c6013ca
wolfSSL3.12.0 with TLS1.3
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 13:f67a6c6013ca | 1 | /* asn.h |
wolfSSL | 13:f67a6c6013ca | 2 | * |
wolfSSL | 13:f67a6c6013ca | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 13:f67a6c6013ca | 4 | * |
wolfSSL | 13:f67a6c6013ca | 5 | * This file is part of wolfSSL. |
wolfSSL | 13:f67a6c6013ca | 6 | * |
wolfSSL | 13:f67a6c6013ca | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 13:f67a6c6013ca | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 13:f67a6c6013ca | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 13:f67a6c6013ca | 10 | * (at your option) any later version. |
wolfSSL | 13:f67a6c6013ca | 11 | * |
wolfSSL | 13:f67a6c6013ca | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 13:f67a6c6013ca | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 13:f67a6c6013ca | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 13:f67a6c6013ca | 15 | * GNU General Public License for more details. |
wolfSSL | 13:f67a6c6013ca | 16 | * |
wolfSSL | 13:f67a6c6013ca | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 13:f67a6c6013ca | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 13:f67a6c6013ca | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 13:f67a6c6013ca | 20 | */ |
wolfSSL | 13:f67a6c6013ca | 21 | |
wolfSSL | 13:f67a6c6013ca | 22 | |
wolfSSL | 13:f67a6c6013ca | 23 | #ifndef WOLF_CRYPT_ASN_H |
wolfSSL | 13:f67a6c6013ca | 24 | #define WOLF_CRYPT_ASN_H |
wolfSSL | 13:f67a6c6013ca | 25 | |
wolfSSL | 13:f67a6c6013ca | 26 | #include <wolfssl/wolfcrypt/types.h> |
wolfSSL | 13:f67a6c6013ca | 27 | |
wolfSSL | 13:f67a6c6013ca | 28 | #ifndef NO_ASN |
wolfSSL | 13:f67a6c6013ca | 29 | |
wolfSSL | 13:f67a6c6013ca | 30 | #include <wolfssl/wolfcrypt/integer.h> |
wolfSSL | 13:f67a6c6013ca | 31 | |
wolfSSL | 13:f67a6c6013ca | 32 | /* fips declare of RsaPrivateKeyDecode @wc_fips */ |
wolfSSL | 13:f67a6c6013ca | 33 | #if defined(HAVE_FIPS) && !defined(NO_RSA) |
wolfSSL | 13:f67a6c6013ca | 34 | #include <cyassl/ctaocrypt/rsa.h> |
wolfSSL | 13:f67a6c6013ca | 35 | #endif |
wolfSSL | 13:f67a6c6013ca | 36 | |
wolfSSL | 13:f67a6c6013ca | 37 | #ifndef NO_DH |
wolfSSL | 13:f67a6c6013ca | 38 | #include <wolfssl/wolfcrypt/dh.h> |
wolfSSL | 13:f67a6c6013ca | 39 | #endif |
wolfSSL | 13:f67a6c6013ca | 40 | #ifndef NO_DSA |
wolfSSL | 13:f67a6c6013ca | 41 | #include <wolfssl/wolfcrypt/dsa.h> |
wolfSSL | 13:f67a6c6013ca | 42 | #endif |
wolfSSL | 13:f67a6c6013ca | 43 | #ifndef NO_SHA |
wolfSSL | 13:f67a6c6013ca | 44 | #include <wolfssl/wolfcrypt/sha.h> |
wolfSSL | 13:f67a6c6013ca | 45 | #endif |
wolfSSL | 13:f67a6c6013ca | 46 | #ifndef NO_MD5 |
wolfSSL | 13:f67a6c6013ca | 47 | #include <wolfssl/wolfcrypt/md5.h> |
wolfSSL | 13:f67a6c6013ca | 48 | #endif |
wolfSSL | 13:f67a6c6013ca | 49 | #include <wolfssl/wolfcrypt/sha256.h> |
wolfSSL | 13:f67a6c6013ca | 50 | #include <wolfssl/wolfcrypt/asn_public.h> /* public interface */ |
wolfSSL | 13:f67a6c6013ca | 51 | |
wolfSSL | 13:f67a6c6013ca | 52 | |
wolfSSL | 13:f67a6c6013ca | 53 | #ifdef __cplusplus |
wolfSSL | 13:f67a6c6013ca | 54 | extern "C" { |
wolfSSL | 13:f67a6c6013ca | 55 | #endif |
wolfSSL | 13:f67a6c6013ca | 56 | |
wolfSSL | 13:f67a6c6013ca | 57 | enum { |
wolfSSL | 13:f67a6c6013ca | 58 | ISSUER = 0, |
wolfSSL | 13:f67a6c6013ca | 59 | SUBJECT = 1, |
wolfSSL | 13:f67a6c6013ca | 60 | |
wolfSSL | 13:f67a6c6013ca | 61 | EXTERNAL_SERIAL_SIZE = 32, |
wolfSSL | 13:f67a6c6013ca | 62 | |
wolfSSL | 13:f67a6c6013ca | 63 | BEFORE = 0, |
wolfSSL | 13:f67a6c6013ca | 64 | AFTER = 1 |
wolfSSL | 13:f67a6c6013ca | 65 | }; |
wolfSSL | 13:f67a6c6013ca | 66 | |
wolfSSL | 13:f67a6c6013ca | 67 | /* ASN Tags */ |
wolfSSL | 13:f67a6c6013ca | 68 | enum ASN_Tags { |
wolfSSL | 13:f67a6c6013ca | 69 | ASN_BOOLEAN = 0x01, |
wolfSSL | 13:f67a6c6013ca | 70 | ASN_INTEGER = 0x02, |
wolfSSL | 13:f67a6c6013ca | 71 | ASN_BIT_STRING = 0x03, |
wolfSSL | 13:f67a6c6013ca | 72 | ASN_OCTET_STRING = 0x04, |
wolfSSL | 13:f67a6c6013ca | 73 | ASN_TAG_NULL = 0x05, |
wolfSSL | 13:f67a6c6013ca | 74 | ASN_OBJECT_ID = 0x06, |
wolfSSL | 13:f67a6c6013ca | 75 | ASN_ENUMERATED = 0x0a, |
wolfSSL | 13:f67a6c6013ca | 76 | ASN_UTF8STRING = 0x0c, |
wolfSSL | 13:f67a6c6013ca | 77 | ASN_SEQUENCE = 0x10, |
wolfSSL | 13:f67a6c6013ca | 78 | ASN_SET = 0x11, |
wolfSSL | 13:f67a6c6013ca | 79 | ASN_UTC_TIME = 0x17, |
wolfSSL | 13:f67a6c6013ca | 80 | ASN_OTHER_TYPE = 0x00, |
wolfSSL | 13:f67a6c6013ca | 81 | ASN_RFC822_TYPE = 0x01, |
wolfSSL | 13:f67a6c6013ca | 82 | ASN_DNS_TYPE = 0x02, |
wolfSSL | 13:f67a6c6013ca | 83 | ASN_DIR_TYPE = 0x04, |
wolfSSL | 13:f67a6c6013ca | 84 | ASN_GENERALIZED_TIME = 0x18, |
wolfSSL | 13:f67a6c6013ca | 85 | CRL_EXTENSIONS = 0xa0, |
wolfSSL | 13:f67a6c6013ca | 86 | ASN_EXTENSIONS = 0xa3, |
wolfSSL | 13:f67a6c6013ca | 87 | ASN_LONG_LENGTH = 0x80 |
wolfSSL | 13:f67a6c6013ca | 88 | }; |
wolfSSL | 13:f67a6c6013ca | 89 | |
wolfSSL | 13:f67a6c6013ca | 90 | enum ASN_Flags { |
wolfSSL | 13:f67a6c6013ca | 91 | ASN_CONSTRUCTED = 0x20, |
wolfSSL | 13:f67a6c6013ca | 92 | ASN_CONTEXT_SPECIFIC = 0x80 |
wolfSSL | 13:f67a6c6013ca | 93 | }; |
wolfSSL | 13:f67a6c6013ca | 94 | |
wolfSSL | 13:f67a6c6013ca | 95 | enum DN_Tags { |
wolfSSL | 13:f67a6c6013ca | 96 | ASN_COMMON_NAME = 0x03, /* CN */ |
wolfSSL | 13:f67a6c6013ca | 97 | ASN_SUR_NAME = 0x04, /* SN */ |
wolfSSL | 13:f67a6c6013ca | 98 | ASN_SERIAL_NUMBER = 0x05, /* serialNumber */ |
wolfSSL | 13:f67a6c6013ca | 99 | ASN_COUNTRY_NAME = 0x06, /* C */ |
wolfSSL | 13:f67a6c6013ca | 100 | ASN_LOCALITY_NAME = 0x07, /* L */ |
wolfSSL | 13:f67a6c6013ca | 101 | ASN_STATE_NAME = 0x08, /* ST */ |
wolfSSL | 13:f67a6c6013ca | 102 | ASN_ORG_NAME = 0x0a, /* O */ |
wolfSSL | 13:f67a6c6013ca | 103 | ASN_ORGUNIT_NAME = 0x0b /* OU */ |
wolfSSL | 13:f67a6c6013ca | 104 | }; |
wolfSSL | 13:f67a6c6013ca | 105 | |
wolfSSL | 13:f67a6c6013ca | 106 | enum PBES { |
wolfSSL | 13:f67a6c6013ca | 107 | PBE_MD5_DES = 0, |
wolfSSL | 13:f67a6c6013ca | 108 | PBE_SHA1_DES = 1, |
wolfSSL | 13:f67a6c6013ca | 109 | PBE_SHA1_DES3 = 2, |
wolfSSL | 13:f67a6c6013ca | 110 | PBE_SHA1_RC4_128 = 3, |
wolfSSL | 13:f67a6c6013ca | 111 | PBES2 = 13 /* algo ID */ |
wolfSSL | 13:f67a6c6013ca | 112 | }; |
wolfSSL | 13:f67a6c6013ca | 113 | |
wolfSSL | 13:f67a6c6013ca | 114 | enum ENCRYPTION_TYPES { |
wolfSSL | 13:f67a6c6013ca | 115 | DES_TYPE = 0, |
wolfSSL | 13:f67a6c6013ca | 116 | DES3_TYPE = 1, |
wolfSSL | 13:f67a6c6013ca | 117 | RC4_TYPE = 2 |
wolfSSL | 13:f67a6c6013ca | 118 | }; |
wolfSSL | 13:f67a6c6013ca | 119 | |
wolfSSL | 13:f67a6c6013ca | 120 | enum ECC_TYPES { |
wolfSSL | 13:f67a6c6013ca | 121 | ECC_PREFIX_0 = 160, |
wolfSSL | 13:f67a6c6013ca | 122 | ECC_PREFIX_1 = 161 |
wolfSSL | 13:f67a6c6013ca | 123 | }; |
wolfSSL | 13:f67a6c6013ca | 124 | |
wolfSSL | 13:f67a6c6013ca | 125 | enum Misc_ASN { |
wolfSSL | 13:f67a6c6013ca | 126 | ASN_NAME_MAX = 256, |
wolfSSL | 13:f67a6c6013ca | 127 | MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ |
wolfSSL | 13:f67a6c6013ca | 128 | MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ |
wolfSSL | 13:f67a6c6013ca | 129 | MAX_KEY_SIZE = 64, /* MAX PKCS Key length */ |
wolfSSL | 13:f67a6c6013ca | 130 | PKCS5 = 5, /* PKCS oid tag */ |
wolfSSL | 13:f67a6c6013ca | 131 | PKCS5v2 = 6, /* PKCS #5 v2.0 */ |
wolfSSL | 13:f67a6c6013ca | 132 | PKCS8v0 = 0, /* default PKCS#8 version */ |
wolfSSL | 13:f67a6c6013ca | 133 | PKCS12v1 = 12, /* PKCS #12 */ |
wolfSSL | 13:f67a6c6013ca | 134 | MAX_UNICODE_SZ = 256, |
wolfSSL | 13:f67a6c6013ca | 135 | ASN_BOOL_SIZE = 2, /* including type */ |
wolfSSL | 13:f67a6c6013ca | 136 | ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ |
wolfSSL | 13:f67a6c6013ca | 137 | ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ |
wolfSSL | 13:f67a6c6013ca | 138 | #ifdef NO_SHA |
wolfSSL | 13:f67a6c6013ca | 139 | KEYID_SIZE = SHA256_DIGEST_SIZE, |
wolfSSL | 13:f67a6c6013ca | 140 | #else |
wolfSSL | 13:f67a6c6013ca | 141 | KEYID_SIZE = SHA_DIGEST_SIZE, |
wolfSSL | 13:f67a6c6013ca | 142 | #endif |
wolfSSL | 13:f67a6c6013ca | 143 | RSA_INTS = 8, /* RSA ints in private key */ |
wolfSSL | 13:f67a6c6013ca | 144 | DSA_INTS = 5, /* DSA ints in private key */ |
wolfSSL | 13:f67a6c6013ca | 145 | MIN_DATE_SIZE = 13, |
wolfSSL | 13:f67a6c6013ca | 146 | MAX_DATE_SIZE = 32, |
wolfSSL | 13:f67a6c6013ca | 147 | ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ |
wolfSSL | 13:f67a6c6013ca | 148 | MAX_ENCODED_SIG_SZ = 512, |
wolfSSL | 13:f67a6c6013ca | 149 | MAX_SIG_SZ = 256, |
wolfSSL | 13:f67a6c6013ca | 150 | MAX_ALGO_SZ = 20, |
wolfSSL | 13:f67a6c6013ca | 151 | MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ |
wolfSSL | 13:f67a6c6013ca | 152 | MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ |
wolfSSL | 13:f67a6c6013ca | 153 | MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */ |
wolfSSL | 13:f67a6c6013ca | 154 | MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */ |
wolfSSL | 13:f67a6c6013ca | 155 | MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ |
wolfSSL | 13:f67a6c6013ca | 156 | MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ |
wolfSSL | 13:f67a6c6013ca | 157 | MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + length(4) */ |
wolfSSL | 13:f67a6c6013ca | 158 | MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ |
wolfSSL | 13:f67a6c6013ca | 159 | MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ |
wolfSSL | 13:f67a6c6013ca | 160 | MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ |
wolfSSL | 13:f67a6c6013ca | 161 | MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ |
wolfSSL | 13:f67a6c6013ca | 162 | MAX_RSA_E_SZ = 16, /* Max RSA public e size */ |
wolfSSL | 13:f67a6c6013ca | 163 | MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ |
wolfSSL | 13:f67a6c6013ca | 164 | MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ |
wolfSSL | 13:f67a6c6013ca | 165 | MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, /* Maximum DER digest size */ |
wolfSSL | 13:f67a6c6013ca | 166 | #ifdef WOLFSSL_CERT_GEN |
wolfSSL | 13:f67a6c6013ca | 167 | #ifdef WOLFSSL_CERT_REQ |
wolfSSL | 13:f67a6c6013ca | 168 | /* Max encoded cert req attributes length */ |
wolfSSL | 13:f67a6c6013ca | 169 | MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 + |
wolfSSL | 13:f67a6c6013ca | 170 | MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */ |
wolfSSL | 13:f67a6c6013ca | 171 | #endif |
wolfSSL | 13:f67a6c6013ca | 172 | #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT) |
wolfSSL | 13:f67a6c6013ca | 173 | MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE, |
wolfSSL | 13:f67a6c6013ca | 174 | #else |
wolfSSL | 13:f67a6c6013ca | 175 | MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ, |
wolfSSL | 13:f67a6c6013ca | 176 | #endif |
wolfSSL | 13:f67a6c6013ca | 177 | /* Max total extensions, id + len + others */ |
wolfSSL | 13:f67a6c6013ca | 178 | #endif |
wolfSSL | 13:f67a6c6013ca | 179 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 13:f67a6c6013ca | 180 | MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ |
wolfSSL | 13:f67a6c6013ca | 181 | MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ |
wolfSSL | 13:f67a6c6013ca | 182 | MAX_OID_SZ = 32, /* Max DER length of OID*/ |
wolfSSL | 13:f67a6c6013ca | 183 | MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ |
wolfSSL | 13:f67a6c6013ca | 184 | MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ |
wolfSSL | 13:f67a6c6013ca | 185 | MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, |
wolfSSL | 13:f67a6c6013ca | 186 | #endif |
wolfSSL | 13:f67a6c6013ca | 187 | OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ |
wolfSSL | 13:f67a6c6013ca | 188 | MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ |
wolfSSL | 13:f67a6c6013ca | 189 | MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */ |
wolfSSL | 13:f67a6c6013ca | 190 | EIGHTK_BUF = 8192, /* Tmp buffer size */ |
wolfSSL | 13:f67a6c6013ca | 191 | MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, |
wolfSSL | 13:f67a6c6013ca | 192 | /* use bigger NTRU size */ |
wolfSSL | 13:f67a6c6013ca | 193 | HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ |
wolfSSL | 13:f67a6c6013ca | 194 | TRAILING_ZERO = 1, /* Used for size of zero pad */ |
wolfSSL | 13:f67a6c6013ca | 195 | MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ |
wolfSSL | 13:f67a6c6013ca | 196 | #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 13:f67a6c6013ca | 197 | MAX_TIME_STRING_SZ = 21, /* Max length of formatted time string */ |
wolfSSL | 13:f67a6c6013ca | 198 | #endif |
wolfSSL | 13:f67a6c6013ca | 199 | }; |
wolfSSL | 13:f67a6c6013ca | 200 | |
wolfSSL | 13:f67a6c6013ca | 201 | |
wolfSSL | 13:f67a6c6013ca | 202 | enum Oid_Types { |
wolfSSL | 13:f67a6c6013ca | 203 | oidHashType = 0, |
wolfSSL | 13:f67a6c6013ca | 204 | oidSigType = 1, |
wolfSSL | 13:f67a6c6013ca | 205 | oidKeyType = 2, |
wolfSSL | 13:f67a6c6013ca | 206 | oidCurveType = 3, |
wolfSSL | 13:f67a6c6013ca | 207 | oidBlkType = 4, |
wolfSSL | 13:f67a6c6013ca | 208 | oidOcspType = 5, |
wolfSSL | 13:f67a6c6013ca | 209 | oidCertExtType = 6, |
wolfSSL | 13:f67a6c6013ca | 210 | oidCertAuthInfoType = 7, |
wolfSSL | 13:f67a6c6013ca | 211 | oidCertPolicyType = 8, |
wolfSSL | 13:f67a6c6013ca | 212 | oidCertAltNameType = 9, |
wolfSSL | 13:f67a6c6013ca | 213 | oidCertKeyUseType = 10, |
wolfSSL | 13:f67a6c6013ca | 214 | oidKdfType = 11, |
wolfSSL | 13:f67a6c6013ca | 215 | oidKeyWrapType = 12, |
wolfSSL | 13:f67a6c6013ca | 216 | oidCmsKeyAgreeType = 13, |
wolfSSL | 13:f67a6c6013ca | 217 | oidIgnoreType |
wolfSSL | 13:f67a6c6013ca | 218 | }; |
wolfSSL | 13:f67a6c6013ca | 219 | |
wolfSSL | 13:f67a6c6013ca | 220 | |
wolfSSL | 13:f67a6c6013ca | 221 | enum Hash_Sum { |
wolfSSL | 13:f67a6c6013ca | 222 | MD2h = 646, |
wolfSSL | 13:f67a6c6013ca | 223 | MD5h = 649, |
wolfSSL | 13:f67a6c6013ca | 224 | SHAh = 88, |
wolfSSL | 13:f67a6c6013ca | 225 | SHA224h = 417, |
wolfSSL | 13:f67a6c6013ca | 226 | SHA256h = 414, |
wolfSSL | 13:f67a6c6013ca | 227 | SHA384h = 415, |
wolfSSL | 13:f67a6c6013ca | 228 | SHA512h = 416 |
wolfSSL | 13:f67a6c6013ca | 229 | }; |
wolfSSL | 13:f67a6c6013ca | 230 | |
wolfSSL | 13:f67a6c6013ca | 231 | |
wolfSSL | 13:f67a6c6013ca | 232 | enum Block_Sum { |
wolfSSL | 13:f67a6c6013ca | 233 | AES128CBCb = 414, |
wolfSSL | 13:f67a6c6013ca | 234 | AES192CBCb = 434, |
wolfSSL | 13:f67a6c6013ca | 235 | AES256CBCb = 454, |
wolfSSL | 13:f67a6c6013ca | 236 | DESb = 69, |
wolfSSL | 13:f67a6c6013ca | 237 | DES3b = 652 |
wolfSSL | 13:f67a6c6013ca | 238 | }; |
wolfSSL | 13:f67a6c6013ca | 239 | |
wolfSSL | 13:f67a6c6013ca | 240 | |
wolfSSL | 13:f67a6c6013ca | 241 | enum Key_Sum { |
wolfSSL | 13:f67a6c6013ca | 242 | DSAk = 515, |
wolfSSL | 13:f67a6c6013ca | 243 | RSAk = 645, |
wolfSSL | 13:f67a6c6013ca | 244 | NTRUk = 274, |
wolfSSL | 13:f67a6c6013ca | 245 | ECDSAk = 518, |
wolfSSL | 13:f67a6c6013ca | 246 | ED25519k = 256 |
wolfSSL | 13:f67a6c6013ca | 247 | }; |
wolfSSL | 13:f67a6c6013ca | 248 | |
wolfSSL | 13:f67a6c6013ca | 249 | |
wolfSSL | 13:f67a6c6013ca | 250 | enum KeyWrap_Sum { |
wolfSSL | 13:f67a6c6013ca | 251 | AES128_WRAP = 417, |
wolfSSL | 13:f67a6c6013ca | 252 | AES192_WRAP = 437, |
wolfSSL | 13:f67a6c6013ca | 253 | AES256_WRAP = 457 |
wolfSSL | 13:f67a6c6013ca | 254 | }; |
wolfSSL | 13:f67a6c6013ca | 255 | |
wolfSSL | 13:f67a6c6013ca | 256 | |
wolfSSL | 13:f67a6c6013ca | 257 | enum Key_Agree { |
wolfSSL | 13:f67a6c6013ca | 258 | dhSinglePass_stdDH_sha1kdf_scheme = 464, |
wolfSSL | 13:f67a6c6013ca | 259 | dhSinglePass_stdDH_sha224kdf_scheme = 188, |
wolfSSL | 13:f67a6c6013ca | 260 | dhSinglePass_stdDH_sha256kdf_scheme = 189, |
wolfSSL | 13:f67a6c6013ca | 261 | dhSinglePass_stdDH_sha384kdf_scheme = 190, |
wolfSSL | 13:f67a6c6013ca | 262 | dhSinglePass_stdDH_sha512kdf_scheme = 191, |
wolfSSL | 13:f67a6c6013ca | 263 | }; |
wolfSSL | 13:f67a6c6013ca | 264 | |
wolfSSL | 13:f67a6c6013ca | 265 | |
wolfSSL | 13:f67a6c6013ca | 266 | enum Ecc_Sum { |
wolfSSL | 13:f67a6c6013ca | 267 | ECC_SECP112R1_OID = 182, |
wolfSSL | 13:f67a6c6013ca | 268 | ECC_SECP112R2_OID = 183, |
wolfSSL | 13:f67a6c6013ca | 269 | ECC_SECP128R1_OID = 204, |
wolfSSL | 13:f67a6c6013ca | 270 | ECC_SECP128R2_OID = 205, |
wolfSSL | 13:f67a6c6013ca | 271 | ECC_SECP160R1_OID = 184, |
wolfSSL | 13:f67a6c6013ca | 272 | ECC_SECP160R2_OID = 206, |
wolfSSL | 13:f67a6c6013ca | 273 | ECC_SECP160K1_OID = 185, |
wolfSSL | 13:f67a6c6013ca | 274 | ECC_BRAINPOOLP160R1_OID = 98, |
wolfSSL | 13:f67a6c6013ca | 275 | ECC_SECP192R1_OID = 520, |
wolfSSL | 13:f67a6c6013ca | 276 | ECC_PRIME192V2_OID = 521, |
wolfSSL | 13:f67a6c6013ca | 277 | ECC_PRIME192V3_OID = 522, |
wolfSSL | 13:f67a6c6013ca | 278 | ECC_SECP192K1_OID = 207, |
wolfSSL | 13:f67a6c6013ca | 279 | ECC_BRAINPOOLP192R1_OID = 100, |
wolfSSL | 13:f67a6c6013ca | 280 | ECC_SECP224R1_OID = 209, |
wolfSSL | 13:f67a6c6013ca | 281 | ECC_SECP224K1_OID = 208, |
wolfSSL | 13:f67a6c6013ca | 282 | ECC_BRAINPOOLP224R1_OID = 102, |
wolfSSL | 13:f67a6c6013ca | 283 | ECC_PRIME239V1_OID = 523, |
wolfSSL | 13:f67a6c6013ca | 284 | ECC_PRIME239V2_OID = 524, |
wolfSSL | 13:f67a6c6013ca | 285 | ECC_PRIME239V3_OID = 525, |
wolfSSL | 13:f67a6c6013ca | 286 | ECC_SECP256R1_OID = 526, |
wolfSSL | 13:f67a6c6013ca | 287 | ECC_SECP256K1_OID = 186, |
wolfSSL | 13:f67a6c6013ca | 288 | ECC_BRAINPOOLP256R1_OID = 104, |
wolfSSL | 13:f67a6c6013ca | 289 | ECC_X25519_OID = 365, |
wolfSSL | 13:f67a6c6013ca | 290 | ECC_ED25519_OID = 256, |
wolfSSL | 13:f67a6c6013ca | 291 | ECC_BRAINPOOLP320R1_OID = 106, |
wolfSSL | 13:f67a6c6013ca | 292 | ECC_SECP384R1_OID = 210, |
wolfSSL | 13:f67a6c6013ca | 293 | ECC_BRAINPOOLP384R1_OID = 108, |
wolfSSL | 13:f67a6c6013ca | 294 | ECC_BRAINPOOLP512R1_OID = 110, |
wolfSSL | 13:f67a6c6013ca | 295 | ECC_SECP521R1_OID = 211, |
wolfSSL | 13:f67a6c6013ca | 296 | }; |
wolfSSL | 13:f67a6c6013ca | 297 | |
wolfSSL | 13:f67a6c6013ca | 298 | |
wolfSSL | 13:f67a6c6013ca | 299 | enum KDF_Sum { |
wolfSSL | 13:f67a6c6013ca | 300 | PBKDF2_OID = 660 |
wolfSSL | 13:f67a6c6013ca | 301 | }; |
wolfSSL | 13:f67a6c6013ca | 302 | |
wolfSSL | 13:f67a6c6013ca | 303 | |
wolfSSL | 13:f67a6c6013ca | 304 | enum Extensions_Sum { |
wolfSSL | 13:f67a6c6013ca | 305 | BASIC_CA_OID = 133, |
wolfSSL | 13:f67a6c6013ca | 306 | ALT_NAMES_OID = 131, |
wolfSSL | 13:f67a6c6013ca | 307 | CRL_DIST_OID = 145, |
wolfSSL | 13:f67a6c6013ca | 308 | AUTH_INFO_OID = 69, /* id-pe 1 */ |
wolfSSL | 13:f67a6c6013ca | 309 | AUTH_KEY_OID = 149, |
wolfSSL | 13:f67a6c6013ca | 310 | SUBJ_KEY_OID = 128, |
wolfSSL | 13:f67a6c6013ca | 311 | CERT_POLICY_OID = 146, |
wolfSSL | 13:f67a6c6013ca | 312 | KEY_USAGE_OID = 129, /* 2.5.29.15 */ |
wolfSSL | 13:f67a6c6013ca | 313 | INHIBIT_ANY_OID = 168, /* 2.5.29.54 */ |
wolfSSL | 13:f67a6c6013ca | 314 | EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */ |
wolfSSL | 13:f67a6c6013ca | 315 | NAME_CONS_OID = 144, /* 2.5.29.30 */ |
wolfSSL | 13:f67a6c6013ca | 316 | PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */ |
wolfSSL | 13:f67a6c6013ca | 317 | SUBJECT_INFO_ACCESS = 79, /* id-pe 11 */ |
wolfSSL | 13:f67a6c6013ca | 318 | POLICY_MAP_OID = 147, |
wolfSSL | 13:f67a6c6013ca | 319 | POLICY_CONST_OID = 150, |
wolfSSL | 13:f67a6c6013ca | 320 | ISSUE_ALT_NAMES_OID = 132, |
wolfSSL | 13:f67a6c6013ca | 321 | TLS_FEATURE_OID = 92 /* id-pe 24 */ |
wolfSSL | 13:f67a6c6013ca | 322 | }; |
wolfSSL | 13:f67a6c6013ca | 323 | |
wolfSSL | 13:f67a6c6013ca | 324 | enum CertificatePolicy_Sum { |
wolfSSL | 13:f67a6c6013ca | 325 | CP_ANY_OID = 146 /* id-ce 32 0 */ |
wolfSSL | 13:f67a6c6013ca | 326 | }; |
wolfSSL | 13:f67a6c6013ca | 327 | |
wolfSSL | 13:f67a6c6013ca | 328 | enum SepHardwareName_Sum { |
wolfSSL | 13:f67a6c6013ca | 329 | HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ |
wolfSSL | 13:f67a6c6013ca | 330 | }; |
wolfSSL | 13:f67a6c6013ca | 331 | |
wolfSSL | 13:f67a6c6013ca | 332 | enum AuthInfo_Sum { |
wolfSSL | 13:f67a6c6013ca | 333 | AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ |
wolfSSL | 13:f67a6c6013ca | 334 | AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */ |
wolfSSL | 13:f67a6c6013ca | 335 | }; |
wolfSSL | 13:f67a6c6013ca | 336 | |
wolfSSL | 13:f67a6c6013ca | 337 | enum ExtKeyUsage_Sum { /* From RFC 5280 */ |
wolfSSL | 13:f67a6c6013ca | 338 | EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */ |
wolfSSL | 13:f67a6c6013ca | 339 | EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */ |
wolfSSL | 13:f67a6c6013ca | 340 | EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */ |
wolfSSL | 13:f67a6c6013ca | 341 | EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, OCSPSigning */ |
wolfSSL | 13:f67a6c6013ca | 342 | }; |
wolfSSL | 13:f67a6c6013ca | 343 | |
wolfSSL | 13:f67a6c6013ca | 344 | |
wolfSSL | 13:f67a6c6013ca | 345 | enum VerifyType { |
wolfSSL | 13:f67a6c6013ca | 346 | NO_VERIFY = 0, |
wolfSSL | 13:f67a6c6013ca | 347 | VERIFY = 1, |
wolfSSL | 13:f67a6c6013ca | 348 | VERIFY_CRL = 2, |
wolfSSL | 13:f67a6c6013ca | 349 | VERIFY_OCSP = 3 |
wolfSSL | 13:f67a6c6013ca | 350 | }; |
wolfSSL | 13:f67a6c6013ca | 351 | |
wolfSSL | 13:f67a6c6013ca | 352 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 13:f67a6c6013ca | 353 | enum KeyIdType { |
wolfSSL | 13:f67a6c6013ca | 354 | SKID_TYPE = 0, |
wolfSSL | 13:f67a6c6013ca | 355 | AKID_TYPE = 1 |
wolfSSL | 13:f67a6c6013ca | 356 | }; |
wolfSSL | 13:f67a6c6013ca | 357 | #endif |
wolfSSL | 13:f67a6c6013ca | 358 | |
wolfSSL | 13:f67a6c6013ca | 359 | /* Key usage extension bits */ |
wolfSSL | 13:f67a6c6013ca | 360 | #define KEYUSE_DIGITAL_SIG 0x0080 |
wolfSSL | 13:f67a6c6013ca | 361 | #define KEYUSE_CONTENT_COMMIT 0x0040 |
wolfSSL | 13:f67a6c6013ca | 362 | #define KEYUSE_KEY_ENCIPHER 0x0020 |
wolfSSL | 13:f67a6c6013ca | 363 | #define KEYUSE_DATA_ENCIPHER 0x0010 |
wolfSSL | 13:f67a6c6013ca | 364 | #define KEYUSE_KEY_AGREE 0x0008 |
wolfSSL | 13:f67a6c6013ca | 365 | #define KEYUSE_KEY_CERT_SIGN 0x0004 |
wolfSSL | 13:f67a6c6013ca | 366 | #define KEYUSE_CRL_SIGN 0x0002 |
wolfSSL | 13:f67a6c6013ca | 367 | #define KEYUSE_ENCIPHER_ONLY 0x0001 |
wolfSSL | 13:f67a6c6013ca | 368 | #define KEYUSE_DECIPHER_ONLY 0x8000 |
wolfSSL | 13:f67a6c6013ca | 369 | |
wolfSSL | 13:f67a6c6013ca | 370 | #define EXTKEYUSE_ANY 0x08 |
wolfSSL | 13:f67a6c6013ca | 371 | #define EXTKEYUSE_OCSP_SIGN 0x04 |
wolfSSL | 13:f67a6c6013ca | 372 | #define EXTKEYUSE_CLIENT_AUTH 0x02 |
wolfSSL | 13:f67a6c6013ca | 373 | #define EXTKEYUSE_SERVER_AUTH 0x01 |
wolfSSL | 13:f67a6c6013ca | 374 | |
wolfSSL | 13:f67a6c6013ca | 375 | typedef struct DNS_entry DNS_entry; |
wolfSSL | 13:f67a6c6013ca | 376 | |
wolfSSL | 13:f67a6c6013ca | 377 | struct DNS_entry { |
wolfSSL | 13:f67a6c6013ca | 378 | DNS_entry* next; /* next on DNS list */ |
wolfSSL | 13:f67a6c6013ca | 379 | char* name; /* actual DNS name */ |
wolfSSL | 13:f67a6c6013ca | 380 | }; |
wolfSSL | 13:f67a6c6013ca | 381 | |
wolfSSL | 13:f67a6c6013ca | 382 | |
wolfSSL | 13:f67a6c6013ca | 383 | typedef struct Base_entry Base_entry; |
wolfSSL | 13:f67a6c6013ca | 384 | |
wolfSSL | 13:f67a6c6013ca | 385 | struct Base_entry { |
wolfSSL | 13:f67a6c6013ca | 386 | Base_entry* next; /* next on name base list */ |
wolfSSL | 13:f67a6c6013ca | 387 | char* name; /* actual name base */ |
wolfSSL | 13:f67a6c6013ca | 388 | int nameSz; /* name length */ |
wolfSSL | 13:f67a6c6013ca | 389 | byte type; /* Name base type (DNS or RFC822) */ |
wolfSSL | 13:f67a6c6013ca | 390 | }; |
wolfSSL | 13:f67a6c6013ca | 391 | |
wolfSSL | 13:f67a6c6013ca | 392 | |
wolfSSL | 13:f67a6c6013ca | 393 | struct DecodedName { |
wolfSSL | 13:f67a6c6013ca | 394 | char* fullName; |
wolfSSL | 13:f67a6c6013ca | 395 | int fullNameLen; |
wolfSSL | 13:f67a6c6013ca | 396 | int entryCount; |
wolfSSL | 13:f67a6c6013ca | 397 | int cnIdx; |
wolfSSL | 13:f67a6c6013ca | 398 | int cnLen; |
wolfSSL | 13:f67a6c6013ca | 399 | int snIdx; |
wolfSSL | 13:f67a6c6013ca | 400 | int snLen; |
wolfSSL | 13:f67a6c6013ca | 401 | int cIdx; |
wolfSSL | 13:f67a6c6013ca | 402 | int cLen; |
wolfSSL | 13:f67a6c6013ca | 403 | int lIdx; |
wolfSSL | 13:f67a6c6013ca | 404 | int lLen; |
wolfSSL | 13:f67a6c6013ca | 405 | int stIdx; |
wolfSSL | 13:f67a6c6013ca | 406 | int stLen; |
wolfSSL | 13:f67a6c6013ca | 407 | int oIdx; |
wolfSSL | 13:f67a6c6013ca | 408 | int oLen; |
wolfSSL | 13:f67a6c6013ca | 409 | int ouIdx; |
wolfSSL | 13:f67a6c6013ca | 410 | int ouLen; |
wolfSSL | 13:f67a6c6013ca | 411 | int emailIdx; |
wolfSSL | 13:f67a6c6013ca | 412 | int emailLen; |
wolfSSL | 13:f67a6c6013ca | 413 | int uidIdx; |
wolfSSL | 13:f67a6c6013ca | 414 | int uidLen; |
wolfSSL | 13:f67a6c6013ca | 415 | int serialIdx; |
wolfSSL | 13:f67a6c6013ca | 416 | int serialLen; |
wolfSSL | 13:f67a6c6013ca | 417 | }; |
wolfSSL | 13:f67a6c6013ca | 418 | |
wolfSSL | 13:f67a6c6013ca | 419 | enum SignatureState { |
wolfSSL | 13:f67a6c6013ca | 420 | SIG_STATE_BEGIN, |
wolfSSL | 13:f67a6c6013ca | 421 | SIG_STATE_HASH, |
wolfSSL | 13:f67a6c6013ca | 422 | SIG_STATE_KEY, |
wolfSSL | 13:f67a6c6013ca | 423 | SIG_STATE_DO, |
wolfSSL | 13:f67a6c6013ca | 424 | SIG_STATE_CHECK, |
wolfSSL | 13:f67a6c6013ca | 425 | }; |
wolfSSL | 13:f67a6c6013ca | 426 | |
wolfSSL | 13:f67a6c6013ca | 427 | struct SignatureCtx { |
wolfSSL | 13:f67a6c6013ca | 428 | void* heap; |
wolfSSL | 13:f67a6c6013ca | 429 | byte* digest; |
wolfSSL | 13:f67a6c6013ca | 430 | #ifndef NO_RSA |
wolfSSL | 13:f67a6c6013ca | 431 | byte* out; |
wolfSSL | 13:f67a6c6013ca | 432 | byte* plain; |
wolfSSL | 13:f67a6c6013ca | 433 | #endif |
wolfSSL | 13:f67a6c6013ca | 434 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
wolfSSL | 13:f67a6c6013ca | 435 | int verify; |
wolfSSL | 13:f67a6c6013ca | 436 | #endif |
wolfSSL | 13:f67a6c6013ca | 437 | union { |
wolfSSL | 13:f67a6c6013ca | 438 | #ifndef NO_RSA |
wolfSSL | 13:f67a6c6013ca | 439 | struct RsaKey* rsa; |
wolfSSL | 13:f67a6c6013ca | 440 | #endif |
wolfSSL | 13:f67a6c6013ca | 441 | #ifdef HAVE_ECC |
wolfSSL | 13:f67a6c6013ca | 442 | struct ecc_key* ecc; |
wolfSSL | 13:f67a6c6013ca | 443 | #endif |
wolfSSL | 13:f67a6c6013ca | 444 | #ifdef HAVE_ED25519 |
wolfSSL | 13:f67a6c6013ca | 445 | struct ed25519_key* ed25519; |
wolfSSL | 13:f67a6c6013ca | 446 | #endif |
wolfSSL | 13:f67a6c6013ca | 447 | void* ptr; |
wolfSSL | 13:f67a6c6013ca | 448 | } key; |
wolfSSL | 13:f67a6c6013ca | 449 | int devId; |
wolfSSL | 13:f67a6c6013ca | 450 | int state; |
wolfSSL | 13:f67a6c6013ca | 451 | int typeH; |
wolfSSL | 13:f67a6c6013ca | 452 | int digestSz; |
wolfSSL | 13:f67a6c6013ca | 453 | word32 keyOID; |
wolfSSL | 13:f67a6c6013ca | 454 | #ifdef WOLFSSL_ASYNC_CRYPT |
wolfSSL | 13:f67a6c6013ca | 455 | WC_ASYNC_DEV* asyncDev; |
wolfSSL | 13:f67a6c6013ca | 456 | #endif |
wolfSSL | 13:f67a6c6013ca | 457 | }; |
wolfSSL | 13:f67a6c6013ca | 458 | |
wolfSSL | 13:f67a6c6013ca | 459 | enum CertSignState { |
wolfSSL | 13:f67a6c6013ca | 460 | CERTSIGN_STATE_BEGIN, |
wolfSSL | 13:f67a6c6013ca | 461 | CERTSIGN_STATE_DIGEST, |
wolfSSL | 13:f67a6c6013ca | 462 | CERTSIGN_STATE_ENCODE, |
wolfSSL | 13:f67a6c6013ca | 463 | CERTSIGN_STATE_DO, |
wolfSSL | 13:f67a6c6013ca | 464 | }; |
wolfSSL | 13:f67a6c6013ca | 465 | |
wolfSSL | 13:f67a6c6013ca | 466 | struct CertSignCtx { |
wolfSSL | 13:f67a6c6013ca | 467 | byte* sig; |
wolfSSL | 13:f67a6c6013ca | 468 | byte* digest; |
wolfSSL | 13:f67a6c6013ca | 469 | #ifndef NO_RSA |
wolfSSL | 13:f67a6c6013ca | 470 | byte* encSig; |
wolfSSL | 13:f67a6c6013ca | 471 | int encSigSz; |
wolfSSL | 13:f67a6c6013ca | 472 | #endif |
wolfSSL | 13:f67a6c6013ca | 473 | int state; /* enum CertSignState */ |
wolfSSL | 13:f67a6c6013ca | 474 | }; |
wolfSSL | 13:f67a6c6013ca | 475 | |
wolfSSL | 13:f67a6c6013ca | 476 | |
wolfSSL | 13:f67a6c6013ca | 477 | typedef struct DecodedCert DecodedCert; |
wolfSSL | 13:f67a6c6013ca | 478 | typedef struct DecodedName DecodedName; |
wolfSSL | 13:f67a6c6013ca | 479 | typedef struct Signer Signer; |
wolfSSL | 13:f67a6c6013ca | 480 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 13:f67a6c6013ca | 481 | typedef struct TrustedPeerCert TrustedPeerCert; |
wolfSSL | 13:f67a6c6013ca | 482 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
wolfSSL | 13:f67a6c6013ca | 483 | typedef struct SignatureCtx SignatureCtx; |
wolfSSL | 13:f67a6c6013ca | 484 | typedef struct CertSignCtx CertSignCtx; |
wolfSSL | 13:f67a6c6013ca | 485 | |
wolfSSL | 13:f67a6c6013ca | 486 | |
wolfSSL | 13:f67a6c6013ca | 487 | struct DecodedCert { |
wolfSSL | 13:f67a6c6013ca | 488 | byte* publicKey; |
wolfSSL | 13:f67a6c6013ca | 489 | word32 pubKeySize; |
wolfSSL | 13:f67a6c6013ca | 490 | int pubKeyStored; |
wolfSSL | 13:f67a6c6013ca | 491 | word32 certBegin; /* offset to start of cert */ |
wolfSSL | 13:f67a6c6013ca | 492 | word32 sigIndex; /* offset to start of signature */ |
wolfSSL | 13:f67a6c6013ca | 493 | word32 sigLength; /* length of signature */ |
wolfSSL | 13:f67a6c6013ca | 494 | word32 signatureOID; /* sum of algorithm object id */ |
wolfSSL | 13:f67a6c6013ca | 495 | word32 keyOID; /* sum of key algo object id */ |
wolfSSL | 13:f67a6c6013ca | 496 | int version; /* cert version, 1 or 3 */ |
wolfSSL | 13:f67a6c6013ca | 497 | DNS_entry* altNames; /* alt names list of dns entries */ |
wolfSSL | 13:f67a6c6013ca | 498 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 13:f67a6c6013ca | 499 | DNS_entry* altEmailNames; /* alt names list of RFC822 entries */ |
wolfSSL | 13:f67a6c6013ca | 500 | Base_entry* permittedNames; /* Permitted name bases */ |
wolfSSL | 13:f67a6c6013ca | 501 | Base_entry* excludedNames; /* Excluded name bases */ |
wolfSSL | 13:f67a6c6013ca | 502 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 13:f67a6c6013ca | 503 | byte subjectHash[KEYID_SIZE]; /* hash of all Names */ |
wolfSSL | 13:f67a6c6013ca | 504 | byte issuerHash[KEYID_SIZE]; /* hash of all Names */ |
wolfSSL | 13:f67a6c6013ca | 505 | #ifdef HAVE_OCSP |
wolfSSL | 13:f67a6c6013ca | 506 | byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ |
wolfSSL | 13:f67a6c6013ca | 507 | #endif /* HAVE_OCSP */ |
wolfSSL | 13:f67a6c6013ca | 508 | byte* signature; /* not owned, points into raw cert */ |
wolfSSL | 13:f67a6c6013ca | 509 | char* subjectCN; /* CommonName */ |
wolfSSL | 13:f67a6c6013ca | 510 | int subjectCNLen; /* CommonName Length */ |
wolfSSL | 13:f67a6c6013ca | 511 | char subjectCNEnc; /* CommonName Encoding */ |
wolfSSL | 13:f67a6c6013ca | 512 | int subjectCNStored; /* have we saved a copy we own */ |
wolfSSL | 13:f67a6c6013ca | 513 | char issuer[ASN_NAME_MAX]; /* full name including common name */ |
wolfSSL | 13:f67a6c6013ca | 514 | char subject[ASN_NAME_MAX]; /* full name including common name */ |
wolfSSL | 13:f67a6c6013ca | 515 | int verify; /* Default to yes, but could be off */ |
wolfSSL | 13:f67a6c6013ca | 516 | byte* source; /* byte buffer holder cert, NOT owner */ |
wolfSSL | 13:f67a6c6013ca | 517 | word32 srcIdx; /* current offset into buffer */ |
wolfSSL | 13:f67a6c6013ca | 518 | word32 maxIdx; /* max offset based on init size */ |
wolfSSL | 13:f67a6c6013ca | 519 | void* heap; /* for user memory overrides */ |
wolfSSL | 13:f67a6c6013ca | 520 | byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ |
wolfSSL | 13:f67a6c6013ca | 521 | int serialSz; /* raw serial bytes stored */ |
wolfSSL | 13:f67a6c6013ca | 522 | byte* extensions; /* not owned, points into raw cert */ |
wolfSSL | 13:f67a6c6013ca | 523 | int extensionsSz; /* length of cert extensions */ |
wolfSSL | 13:f67a6c6013ca | 524 | word32 extensionsIdx; /* if want to go back and parse later */ |
wolfSSL | 13:f67a6c6013ca | 525 | byte* extAuthInfo; /* Authority Information Access URI */ |
wolfSSL | 13:f67a6c6013ca | 526 | int extAuthInfoSz; /* length of the URI */ |
wolfSSL | 13:f67a6c6013ca | 527 | byte* extCrlInfo; /* CRL Distribution Points */ |
wolfSSL | 13:f67a6c6013ca | 528 | int extCrlInfoSz; /* length of the URI */ |
wolfSSL | 13:f67a6c6013ca | 529 | byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */ |
wolfSSL | 13:f67a6c6013ca | 530 | byte extSubjKeyIdSet; /* Set when the SKID was read from cert */ |
wolfSSL | 13:f67a6c6013ca | 531 | byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */ |
wolfSSL | 13:f67a6c6013ca | 532 | byte extAuthKeyIdSet; /* Set when the AKID was read from cert */ |
wolfSSL | 13:f67a6c6013ca | 533 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 13:f67a6c6013ca | 534 | byte extNameConstraintSet; |
wolfSSL | 13:f67a6c6013ca | 535 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 13:f67a6c6013ca | 536 | byte isCA; /* CA basic constraint true */ |
wolfSSL | 13:f67a6c6013ca | 537 | byte pathLengthSet; /* CA basic const path length set */ |
wolfSSL | 13:f67a6c6013ca | 538 | byte pathLength; /* CA basic constraint path length */ |
wolfSSL | 13:f67a6c6013ca | 539 | byte weOwnAltNames; /* altNames haven't been given to copy */ |
wolfSSL | 13:f67a6c6013ca | 540 | byte extKeyUsageSet; |
wolfSSL | 13:f67a6c6013ca | 541 | word16 extKeyUsage; /* Key usage bitfield */ |
wolfSSL | 13:f67a6c6013ca | 542 | byte extExtKeyUsageSet; /* Extended Key Usage */ |
wolfSSL | 13:f67a6c6013ca | 543 | byte extExtKeyUsage; /* Extended Key usage bitfield */ |
wolfSSL | 13:f67a6c6013ca | 544 | #ifdef OPENSSL_EXTRA |
wolfSSL | 13:f67a6c6013ca | 545 | byte extCRLdistSet; |
wolfSSL | 13:f67a6c6013ca | 546 | byte extCRLdistCrit; |
wolfSSL | 13:f67a6c6013ca | 547 | byte extAuthInfoSet; |
wolfSSL | 13:f67a6c6013ca | 548 | byte extAuthInfoCrit; |
wolfSSL | 13:f67a6c6013ca | 549 | byte extBasicConstSet; |
wolfSSL | 13:f67a6c6013ca | 550 | byte extBasicConstCrit; |
wolfSSL | 13:f67a6c6013ca | 551 | byte extSubjAltNameSet; |
wolfSSL | 13:f67a6c6013ca | 552 | byte extSubjAltNameCrit; |
wolfSSL | 13:f67a6c6013ca | 553 | byte extAuthKeyIdCrit; |
wolfSSL | 13:f67a6c6013ca | 554 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 13:f67a6c6013ca | 555 | byte extNameConstraintCrit; |
wolfSSL | 13:f67a6c6013ca | 556 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 13:f67a6c6013ca | 557 | byte extSubjKeyIdCrit; |
wolfSSL | 13:f67a6c6013ca | 558 | byte extKeyUsageCrit; |
wolfSSL | 13:f67a6c6013ca | 559 | byte extExtKeyUsageCrit; |
wolfSSL | 13:f67a6c6013ca | 560 | byte* extExtKeyUsageSrc; |
wolfSSL | 13:f67a6c6013ca | 561 | word32 extExtKeyUsageSz; |
wolfSSL | 13:f67a6c6013ca | 562 | word32 extExtKeyUsageCount; |
wolfSSL | 13:f67a6c6013ca | 563 | byte* extAuthKeyIdSrc; |
wolfSSL | 13:f67a6c6013ca | 564 | word32 extAuthKeyIdSz; |
wolfSSL | 13:f67a6c6013ca | 565 | byte* extSubjKeyIdSrc; |
wolfSSL | 13:f67a6c6013ca | 566 | word32 extSubjKeyIdSz; |
wolfSSL | 13:f67a6c6013ca | 567 | #endif |
wolfSSL | 13:f67a6c6013ca | 568 | #if defined(HAVE_ECC) || defined(HAVE_ED25519) |
wolfSSL | 13:f67a6c6013ca | 569 | word32 pkCurveOID; /* Public Key's curve OID */ |
wolfSSL | 13:f67a6c6013ca | 570 | #endif /* HAVE_ECC */ |
wolfSSL | 13:f67a6c6013ca | 571 | byte* beforeDate; |
wolfSSL | 13:f67a6c6013ca | 572 | int beforeDateLen; |
wolfSSL | 13:f67a6c6013ca | 573 | byte* afterDate; |
wolfSSL | 13:f67a6c6013ca | 574 | int afterDateLen; |
wolfSSL | 13:f67a6c6013ca | 575 | #ifdef HAVE_PKCS7 |
wolfSSL | 13:f67a6c6013ca | 576 | byte* issuerRaw; /* pointer to issuer inside source */ |
wolfSSL | 13:f67a6c6013ca | 577 | int issuerRawLen; |
wolfSSL | 13:f67a6c6013ca | 578 | #endif |
wolfSSL | 13:f67a6c6013ca | 579 | #ifndef IGNORE_NAME_CONSTRAINT |
wolfSSL | 13:f67a6c6013ca | 580 | byte* subjectRaw; /* pointer to subject inside source */ |
wolfSSL | 13:f67a6c6013ca | 581 | int subjectRawLen; |
wolfSSL | 13:f67a6c6013ca | 582 | #endif |
wolfSSL | 13:f67a6c6013ca | 583 | #if defined(WOLFSSL_CERT_GEN) |
wolfSSL | 13:f67a6c6013ca | 584 | /* easy access to subject info for other sign */ |
wolfSSL | 13:f67a6c6013ca | 585 | char* subjectSN; |
wolfSSL | 13:f67a6c6013ca | 586 | int subjectSNLen; |
wolfSSL | 13:f67a6c6013ca | 587 | char subjectSNEnc; |
wolfSSL | 13:f67a6c6013ca | 588 | char* subjectC; |
wolfSSL | 13:f67a6c6013ca | 589 | int subjectCLen; |
wolfSSL | 13:f67a6c6013ca | 590 | char subjectCEnc; |
wolfSSL | 13:f67a6c6013ca | 591 | char* subjectL; |
wolfSSL | 13:f67a6c6013ca | 592 | int subjectLLen; |
wolfSSL | 13:f67a6c6013ca | 593 | char subjectLEnc; |
wolfSSL | 13:f67a6c6013ca | 594 | char* subjectST; |
wolfSSL | 13:f67a6c6013ca | 595 | int subjectSTLen; |
wolfSSL | 13:f67a6c6013ca | 596 | char subjectSTEnc; |
wolfSSL | 13:f67a6c6013ca | 597 | char* subjectO; |
wolfSSL | 13:f67a6c6013ca | 598 | int subjectOLen; |
wolfSSL | 13:f67a6c6013ca | 599 | char subjectOEnc; |
wolfSSL | 13:f67a6c6013ca | 600 | char* subjectOU; |
wolfSSL | 13:f67a6c6013ca | 601 | int subjectOULen; |
wolfSSL | 13:f67a6c6013ca | 602 | char subjectOUEnc; |
wolfSSL | 13:f67a6c6013ca | 603 | char* subjectEmail; |
wolfSSL | 13:f67a6c6013ca | 604 | int subjectEmailLen; |
wolfSSL | 13:f67a6c6013ca | 605 | #endif /* WOLFSSL_CERT_GEN */ |
wolfSSL | 13:f67a6c6013ca | 606 | #ifdef OPENSSL_EXTRA |
wolfSSL | 13:f67a6c6013ca | 607 | DecodedName issuerName; |
wolfSSL | 13:f67a6c6013ca | 608 | DecodedName subjectName; |
wolfSSL | 13:f67a6c6013ca | 609 | #endif /* OPENSSL_EXTRA */ |
wolfSSL | 13:f67a6c6013ca | 610 | #ifdef WOLFSSL_SEP |
wolfSSL | 13:f67a6c6013ca | 611 | int deviceTypeSz; |
wolfSSL | 13:f67a6c6013ca | 612 | byte* deviceType; |
wolfSSL | 13:f67a6c6013ca | 613 | int hwTypeSz; |
wolfSSL | 13:f67a6c6013ca | 614 | byte* hwType; |
wolfSSL | 13:f67a6c6013ca | 615 | int hwSerialNumSz; |
wolfSSL | 13:f67a6c6013ca | 616 | byte* hwSerialNum; |
wolfSSL | 13:f67a6c6013ca | 617 | #ifdef OPENSSL_EXTRA |
wolfSSL | 13:f67a6c6013ca | 618 | byte extCertPolicySet; |
wolfSSL | 13:f67a6c6013ca | 619 | byte extCertPolicyCrit; |
wolfSSL | 13:f67a6c6013ca | 620 | #endif /* OPENSSL_EXTRA */ |
wolfSSL | 13:f67a6c6013ca | 621 | #endif /* WOLFSSL_SEP */ |
wolfSSL | 13:f67a6c6013ca | 622 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 13:f67a6c6013ca | 623 | char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; |
wolfSSL | 13:f67a6c6013ca | 624 | int extCertPoliciesNb; |
wolfSSL | 13:f67a6c6013ca | 625 | #endif /* WOLFSSL_CERT_EXT */ |
wolfSSL | 13:f67a6c6013ca | 626 | |
wolfSSL | 13:f67a6c6013ca | 627 | Signer* ca; |
wolfSSL | 13:f67a6c6013ca | 628 | SignatureCtx sigCtx; |
wolfSSL | 13:f67a6c6013ca | 629 | }; |
wolfSSL | 13:f67a6c6013ca | 630 | |
wolfSSL | 13:f67a6c6013ca | 631 | |
wolfSSL | 13:f67a6c6013ca | 632 | struct WOLFSSL_ASN1_OBJECT { |
wolfSSL | 13:f67a6c6013ca | 633 | void* heap; |
wolfSSL | 13:f67a6c6013ca | 634 | byte* obj; |
wolfSSL | 13:f67a6c6013ca | 635 | int type; /* oid */ |
wolfSSL | 13:f67a6c6013ca | 636 | word32 objSz; |
wolfSSL | 13:f67a6c6013ca | 637 | byte dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */ |
wolfSSL | 13:f67a6c6013ca | 638 | }; |
wolfSSL | 13:f67a6c6013ca | 639 | |
wolfSSL | 13:f67a6c6013ca | 640 | |
wolfSSL | 13:f67a6c6013ca | 641 | extern const char* BEGIN_CERT; |
wolfSSL | 13:f67a6c6013ca | 642 | extern const char* END_CERT; |
wolfSSL | 13:f67a6c6013ca | 643 | extern const char* BEGIN_CERT_REQ; |
wolfSSL | 13:f67a6c6013ca | 644 | extern const char* END_CERT_REQ; |
wolfSSL | 13:f67a6c6013ca | 645 | extern const char* BEGIN_DSA_PARAM; |
wolfSSL | 13:f67a6c6013ca | 646 | extern const char* END_DSA_PARAM; |
wolfSSL | 13:f67a6c6013ca | 647 | extern const char* BEGIN_DH_PARAM; |
wolfSSL | 13:f67a6c6013ca | 648 | extern const char* END_DH_PARAM; |
wolfSSL | 13:f67a6c6013ca | 649 | extern const char* BEGIN_X509_CRL; |
wolfSSL | 13:f67a6c6013ca | 650 | extern const char* END_X509_CRL; |
wolfSSL | 13:f67a6c6013ca | 651 | extern const char* BEGIN_RSA_PRIV; |
wolfSSL | 13:f67a6c6013ca | 652 | extern const char* END_RSA_PRIV; |
wolfSSL | 13:f67a6c6013ca | 653 | extern const char* BEGIN_PRIV_KEY; |
wolfSSL | 13:f67a6c6013ca | 654 | extern const char* END_PRIV_KEY; |
wolfSSL | 13:f67a6c6013ca | 655 | extern const char* BEGIN_ENC_PRIV_KEY; |
wolfSSL | 13:f67a6c6013ca | 656 | extern const char* END_ENC_PRIV_KEY; |
wolfSSL | 13:f67a6c6013ca | 657 | extern const char* BEGIN_EC_PRIV; |
wolfSSL | 13:f67a6c6013ca | 658 | extern const char* END_EC_PRIV; |
wolfSSL | 13:f67a6c6013ca | 659 | extern const char* BEGIN_DSA_PRIV; |
wolfSSL | 13:f67a6c6013ca | 660 | extern const char* END_DSA_PRIV; |
wolfSSL | 13:f67a6c6013ca | 661 | extern const char* BEGIN_PUB_KEY; |
wolfSSL | 13:f67a6c6013ca | 662 | extern const char* END_PUB_KEY; |
wolfSSL | 13:f67a6c6013ca | 663 | extern const char* BEGIN_EDDSA_PRIV; |
wolfSSL | 13:f67a6c6013ca | 664 | extern const char* END_EDDSA_PRIV; |
wolfSSL | 13:f67a6c6013ca | 665 | |
wolfSSL | 13:f67a6c6013ca | 666 | #ifdef NO_SHA |
wolfSSL | 13:f67a6c6013ca | 667 | #define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE |
wolfSSL | 13:f67a6c6013ca | 668 | #else |
wolfSSL | 13:f67a6c6013ca | 669 | #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE |
wolfSSL | 13:f67a6c6013ca | 670 | #endif |
wolfSSL | 13:f67a6c6013ca | 671 | |
wolfSSL | 13:f67a6c6013ca | 672 | /* CA Signers */ |
wolfSSL | 13:f67a6c6013ca | 673 | /* if change layout change PERSIST_CERT_CACHE functions too */ |
wolfSSL | 13:f67a6c6013ca | 674 | struct Signer { |
wolfSSL | 13:f67a6c6013ca | 675 | word32 pubKeySize; |
wolfSSL | 13:f67a6c6013ca | 676 | word32 keyOID; /* key type */ |
wolfSSL | 13:f67a6c6013ca | 677 | word16 keyUsage; |
wolfSSL | 13:f67a6c6013ca | 678 | byte pathLength; |
wolfSSL | 13:f67a6c6013ca | 679 | byte pathLengthSet; |
wolfSSL | 13:f67a6c6013ca | 680 | byte* publicKey; |
wolfSSL | 13:f67a6c6013ca | 681 | int nameLen; |
wolfSSL | 13:f67a6c6013ca | 682 | char* name; /* common name */ |
wolfSSL | 13:f67a6c6013ca | 683 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 13:f67a6c6013ca | 684 | Base_entry* permittedNames; |
wolfSSL | 13:f67a6c6013ca | 685 | Base_entry* excludedNames; |
wolfSSL | 13:f67a6c6013ca | 686 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 13:f67a6c6013ca | 687 | byte subjectNameHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 688 | /* sha hash of names in certificate */ |
wolfSSL | 13:f67a6c6013ca | 689 | #ifndef NO_SKID |
wolfSSL | 13:f67a6c6013ca | 690 | byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 691 | /* sha hash of names in certificate */ |
wolfSSL | 13:f67a6c6013ca | 692 | #endif |
wolfSSL | 13:f67a6c6013ca | 693 | Signer* next; |
wolfSSL | 13:f67a6c6013ca | 694 | }; |
wolfSSL | 13:f67a6c6013ca | 695 | |
wolfSSL | 13:f67a6c6013ca | 696 | |
wolfSSL | 13:f67a6c6013ca | 697 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 13:f67a6c6013ca | 698 | /* used for having trusted peer certs rather then CA */ |
wolfSSL | 13:f67a6c6013ca | 699 | struct TrustedPeerCert { |
wolfSSL | 13:f67a6c6013ca | 700 | int nameLen; |
wolfSSL | 13:f67a6c6013ca | 701 | char* name; /* common name */ |
wolfSSL | 13:f67a6c6013ca | 702 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 13:f67a6c6013ca | 703 | Base_entry* permittedNames; |
wolfSSL | 13:f67a6c6013ca | 704 | Base_entry* excludedNames; |
wolfSSL | 13:f67a6c6013ca | 705 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 13:f67a6c6013ca | 706 | byte subjectNameHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 707 | /* sha hash of names in certificate */ |
wolfSSL | 13:f67a6c6013ca | 708 | #ifndef NO_SKID |
wolfSSL | 13:f67a6c6013ca | 709 | byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 710 | /* sha hash of names in certificate */ |
wolfSSL | 13:f67a6c6013ca | 711 | #endif |
wolfSSL | 13:f67a6c6013ca | 712 | word32 sigLen; |
wolfSSL | 13:f67a6c6013ca | 713 | byte* sig; |
wolfSSL | 13:f67a6c6013ca | 714 | struct TrustedPeerCert* next; |
wolfSSL | 13:f67a6c6013ca | 715 | }; |
wolfSSL | 13:f67a6c6013ca | 716 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
wolfSSL | 13:f67a6c6013ca | 717 | |
wolfSSL | 13:f67a6c6013ca | 718 | |
wolfSSL | 13:f67a6c6013ca | 719 | /* for testing or custom openssl wrappers */ |
wolfSSL | 13:f67a6c6013ca | 720 | #if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) |
wolfSSL | 13:f67a6c6013ca | 721 | #define WOLFSSL_ASN_API WOLFSSL_API |
wolfSSL | 13:f67a6c6013ca | 722 | #else |
wolfSSL | 13:f67a6c6013ca | 723 | #define WOLFSSL_ASN_API WOLFSSL_LOCAL |
wolfSSL | 13:f67a6c6013ca | 724 | #endif |
wolfSSL | 13:f67a6c6013ca | 725 | |
wolfSSL | 13:f67a6c6013ca | 726 | WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*); |
wolfSSL | 13:f67a6c6013ca | 727 | #ifndef IGNORE_NAME_CONSTRAINTS |
wolfSSL | 13:f67a6c6013ca | 728 | WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*); |
wolfSSL | 13:f67a6c6013ca | 729 | #endif /* IGNORE_NAME_CONSTRAINTS */ |
wolfSSL | 13:f67a6c6013ca | 730 | WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); |
wolfSSL | 13:f67a6c6013ca | 731 | WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*); |
wolfSSL | 13:f67a6c6013ca | 732 | WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm); |
wolfSSL | 13:f67a6c6013ca | 733 | |
wolfSSL | 13:f67a6c6013ca | 734 | WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); |
wolfSSL | 13:f67a6c6013ca | 735 | WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); |
wolfSSL | 13:f67a6c6013ca | 736 | |
wolfSSL | 13:f67a6c6013ca | 737 | WOLFSSL_LOCAL Signer* MakeSigner(void*); |
wolfSSL | 13:f67a6c6013ca | 738 | WOLFSSL_LOCAL void FreeSigner(Signer*, void*); |
wolfSSL | 13:f67a6c6013ca | 739 | WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*); |
wolfSSL | 13:f67a6c6013ca | 740 | #ifdef WOLFSSL_TRUST_PEER_CERT |
wolfSSL | 13:f67a6c6013ca | 741 | WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*); |
wolfSSL | 13:f67a6c6013ca | 742 | WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*); |
wolfSSL | 13:f67a6c6013ca | 743 | #endif /* WOLFSSL_TRUST_PEER_CERT */ |
wolfSSL | 13:f67a6c6013ca | 744 | |
wolfSSL | 13:f67a6c6013ca | 745 | WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length); |
wolfSSL | 13:f67a6c6013ca | 746 | WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx, |
wolfSSL | 13:f67a6c6013ca | 747 | word32 length); |
wolfSSL | 13:f67a6c6013ca | 748 | WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int); |
wolfSSL | 13:f67a6c6013ca | 749 | WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz); |
wolfSSL | 13:f67a6c6013ca | 750 | WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, |
wolfSSL | 13:f67a6c6013ca | 751 | word32* oidSz, int* algoID, void* heap); |
wolfSSL | 13:f67a6c6013ca | 752 | |
wolfSSL | 13:f67a6c6013ca | 753 | typedef struct tm wolfssl_tm; |
wolfSSL | 13:f67a6c6013ca | 754 | #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 13:f67a6c6013ca | 755 | WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); |
wolfSSL | 13:f67a6c6013ca | 756 | #endif |
wolfSSL | 13:f67a6c6013ca | 757 | WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, |
wolfSSL | 13:f67a6c6013ca | 758 | wolfssl_tm* certTime, int* idx); |
wolfSSL | 13:f67a6c6013ca | 759 | WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); |
wolfSSL | 13:f67a6c6013ca | 760 | |
wolfSSL | 13:f67a6c6013ca | 761 | /* ASN.1 helper functions */ |
wolfSSL | 13:f67a6c6013ca | 762 | #ifdef WOLFSSL_CERT_GEN |
wolfSSL | 13:f67a6c6013ca | 763 | WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name); |
wolfSSL | 13:f67a6c6013ca | 764 | #endif |
wolfSSL | 13:f67a6c6013ca | 765 | WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, |
wolfSSL | 13:f67a6c6013ca | 766 | word32 maxIdx); |
wolfSSL | 13:f67a6c6013ca | 767 | WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, |
wolfSSL | 13:f67a6c6013ca | 768 | word32 maxIdx); |
wolfSSL | 13:f67a6c6013ca | 769 | WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, |
wolfSSL | 13:f67a6c6013ca | 770 | word32 maxIdx); |
wolfSSL | 13:f67a6c6013ca | 771 | WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, |
wolfSSL | 13:f67a6c6013ca | 772 | word32 maxIdx); |
wolfSSL | 13:f67a6c6013ca | 773 | WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, |
wolfSSL | 13:f67a6c6013ca | 774 | int* version, word32 maxIdx); |
wolfSSL | 13:f67a6c6013ca | 775 | WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, |
wolfSSL | 13:f67a6c6013ca | 776 | word32 maxIdx); |
wolfSSL | 13:f67a6c6013ca | 777 | #ifdef HAVE_OID_ENCODING |
wolfSSL | 13:f67a6c6013ca | 778 | WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz, |
wolfSSL | 13:f67a6c6013ca | 779 | byte* out, word32* outSz); |
wolfSSL | 13:f67a6c6013ca | 780 | #endif |
wolfSSL | 13:f67a6c6013ca | 781 | #ifdef HAVE_OID_DECODING |
wolfSSL | 13:f67a6c6013ca | 782 | WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz, |
wolfSSL | 13:f67a6c6013ca | 783 | word16* out, word32* outSz); |
wolfSSL | 13:f67a6c6013ca | 784 | #endif |
wolfSSL | 13:f67a6c6013ca | 785 | WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, |
wolfSSL | 13:f67a6c6013ca | 786 | word32 oidType, word32 maxIdx); |
wolfSSL | 13:f67a6c6013ca | 787 | WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, |
wolfSSL | 13:f67a6c6013ca | 788 | word32 oidType, word32 maxIdx); |
wolfSSL | 13:f67a6c6013ca | 789 | WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); |
wolfSSL | 13:f67a6c6013ca | 790 | WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); |
wolfSSL | 13:f67a6c6013ca | 791 | WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); |
wolfSSL | 13:f67a6c6013ca | 792 | WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output); |
wolfSSL | 13:f67a6c6013ca | 793 | WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); |
wolfSSL | 13:f67a6c6013ca | 794 | WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); |
wolfSSL | 13:f67a6c6013ca | 795 | WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz); |
wolfSSL | 13:f67a6c6013ca | 796 | WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); |
wolfSSL | 13:f67a6c6013ca | 797 | WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output); |
wolfSSL | 13:f67a6c6013ca | 798 | WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, |
wolfSSL | 13:f67a6c6013ca | 799 | byte* serial, int* serialSz, word32 maxIdx); |
wolfSSL | 13:f67a6c6013ca | 800 | WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, |
wolfSSL | 13:f67a6c6013ca | 801 | int maxIdx); |
wolfSSL | 13:f67a6c6013ca | 802 | WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); |
wolfSSL | 13:f67a6c6013ca | 803 | |
wolfSSL | 13:f67a6c6013ca | 804 | #ifdef HAVE_ECC |
wolfSSL | 13:f67a6c6013ca | 805 | /* ASN sig helpers */ |
wolfSSL | 13:f67a6c6013ca | 806 | WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, |
wolfSSL | 13:f67a6c6013ca | 807 | mp_int* s); |
wolfSSL | 13:f67a6c6013ca | 808 | WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, |
wolfSSL | 13:f67a6c6013ca | 809 | mp_int* r, mp_int* s); |
wolfSSL | 13:f67a6c6013ca | 810 | #endif |
wolfSSL | 13:f67a6c6013ca | 811 | |
wolfSSL | 13:f67a6c6013ca | 812 | WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId); |
wolfSSL | 13:f67a6c6013ca | 813 | WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx); |
wolfSSL | 13:f67a6c6013ca | 814 | |
wolfSSL | 13:f67a6c6013ca | 815 | |
wolfSSL | 13:f67a6c6013ca | 816 | #ifdef WOLFSSL_CERT_GEN |
wolfSSL | 13:f67a6c6013ca | 817 | |
wolfSSL | 13:f67a6c6013ca | 818 | enum cert_enums { |
wolfSSL | 13:f67a6c6013ca | 819 | NAME_ENTRIES = 8, |
wolfSSL | 13:f67a6c6013ca | 820 | JOINT_LEN = 2, |
wolfSSL | 13:f67a6c6013ca | 821 | EMAIL_JOINT_LEN = 9, |
wolfSSL | 13:f67a6c6013ca | 822 | RSA_KEY = 10, |
wolfSSL | 13:f67a6c6013ca | 823 | NTRU_KEY = 11, |
wolfSSL | 13:f67a6c6013ca | 824 | ECC_KEY = 12, |
wolfSSL | 13:f67a6c6013ca | 825 | ED25519_KEY = 13 |
wolfSSL | 13:f67a6c6013ca | 826 | }; |
wolfSSL | 13:f67a6c6013ca | 827 | |
wolfSSL | 13:f67a6c6013ca | 828 | #ifndef WOLFSSL_PEMCERT_TODER_DEFINED |
wolfSSL | 13:f67a6c6013ca | 829 | #ifndef NO_FILESYSTEM |
wolfSSL | 13:f67a6c6013ca | 830 | /* forward from wolfSSL */ |
wolfSSL | 13:f67a6c6013ca | 831 | WOLFSSL_API |
wolfSSL | 13:f67a6c6013ca | 832 | int wolfSSL_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz); |
wolfSSL | 13:f67a6c6013ca | 833 | #define WOLFSSL_PEMCERT_TODER_DEFINED |
wolfSSL | 13:f67a6c6013ca | 834 | #endif |
wolfSSL | 13:f67a6c6013ca | 835 | #endif |
wolfSSL | 13:f67a6c6013ca | 836 | |
wolfSSL | 13:f67a6c6013ca | 837 | #endif /* WOLFSSL_CERT_GEN */ |
wolfSSL | 13:f67a6c6013ca | 838 | |
wolfSSL | 13:f67a6c6013ca | 839 | |
wolfSSL | 13:f67a6c6013ca | 840 | |
wolfSSL | 13:f67a6c6013ca | 841 | /* for pointer use */ |
wolfSSL | 13:f67a6c6013ca | 842 | typedef struct CertStatus CertStatus; |
wolfSSL | 13:f67a6c6013ca | 843 | |
wolfSSL | 13:f67a6c6013ca | 844 | #ifdef HAVE_OCSP |
wolfSSL | 13:f67a6c6013ca | 845 | |
wolfSSL | 13:f67a6c6013ca | 846 | enum Ocsp_Response_Status { |
wolfSSL | 13:f67a6c6013ca | 847 | OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */ |
wolfSSL | 13:f67a6c6013ca | 848 | OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */ |
wolfSSL | 13:f67a6c6013ca | 849 | OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */ |
wolfSSL | 13:f67a6c6013ca | 850 | OCSP_TRY_LATER = 3, /* Try again later */ |
wolfSSL | 13:f67a6c6013ca | 851 | OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */ |
wolfSSL | 13:f67a6c6013ca | 852 | OCSP_UNAUTHROIZED = 6 /* Request unauthorized */ |
wolfSSL | 13:f67a6c6013ca | 853 | }; |
wolfSSL | 13:f67a6c6013ca | 854 | |
wolfSSL | 13:f67a6c6013ca | 855 | |
wolfSSL | 13:f67a6c6013ca | 856 | enum Ocsp_Cert_Status { |
wolfSSL | 13:f67a6c6013ca | 857 | CERT_GOOD = 0, |
wolfSSL | 13:f67a6c6013ca | 858 | CERT_REVOKED = 1, |
wolfSSL | 13:f67a6c6013ca | 859 | CERT_UNKNOWN = 2 |
wolfSSL | 13:f67a6c6013ca | 860 | }; |
wolfSSL | 13:f67a6c6013ca | 861 | |
wolfSSL | 13:f67a6c6013ca | 862 | |
wolfSSL | 13:f67a6c6013ca | 863 | enum Ocsp_Sums { |
wolfSSL | 13:f67a6c6013ca | 864 | OCSP_BASIC_OID = 117, |
wolfSSL | 13:f67a6c6013ca | 865 | OCSP_NONCE_OID = 118 |
wolfSSL | 13:f67a6c6013ca | 866 | }; |
wolfSSL | 13:f67a6c6013ca | 867 | |
wolfSSL | 13:f67a6c6013ca | 868 | |
wolfSSL | 13:f67a6c6013ca | 869 | typedef struct OcspRequest OcspRequest; |
wolfSSL | 13:f67a6c6013ca | 870 | typedef struct OcspResponse OcspResponse; |
wolfSSL | 13:f67a6c6013ca | 871 | |
wolfSSL | 13:f67a6c6013ca | 872 | |
wolfSSL | 13:f67a6c6013ca | 873 | struct CertStatus { |
wolfSSL | 13:f67a6c6013ca | 874 | CertStatus* next; |
wolfSSL | 13:f67a6c6013ca | 875 | |
wolfSSL | 13:f67a6c6013ca | 876 | byte serial[EXTERNAL_SERIAL_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 877 | int serialSz; |
wolfSSL | 13:f67a6c6013ca | 878 | |
wolfSSL | 13:f67a6c6013ca | 879 | int status; |
wolfSSL | 13:f67a6c6013ca | 880 | |
wolfSSL | 13:f67a6c6013ca | 881 | byte thisDate[MAX_DATE_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 882 | byte nextDate[MAX_DATE_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 883 | byte thisDateFormat; |
wolfSSL | 13:f67a6c6013ca | 884 | byte nextDateFormat; |
wolfSSL | 13:f67a6c6013ca | 885 | #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 13:f67a6c6013ca | 886 | byte* thisDateAsn; |
wolfSSL | 13:f67a6c6013ca | 887 | byte* nextDateAsn; |
wolfSSL | 13:f67a6c6013ca | 888 | #endif |
wolfSSL | 13:f67a6c6013ca | 889 | |
wolfSSL | 13:f67a6c6013ca | 890 | byte* rawOcspResponse; |
wolfSSL | 13:f67a6c6013ca | 891 | word32 rawOcspResponseSz; |
wolfSSL | 13:f67a6c6013ca | 892 | }; |
wolfSSL | 13:f67a6c6013ca | 893 | |
wolfSSL | 13:f67a6c6013ca | 894 | |
wolfSSL | 13:f67a6c6013ca | 895 | struct OcspResponse { |
wolfSSL | 13:f67a6c6013ca | 896 | int responseStatus; /* return code from Responder */ |
wolfSSL | 13:f67a6c6013ca | 897 | |
wolfSSL | 13:f67a6c6013ca | 898 | byte* response; /* Pointer to beginning of OCSP Response */ |
wolfSSL | 13:f67a6c6013ca | 899 | word32 responseSz; /* length of the OCSP Response */ |
wolfSSL | 13:f67a6c6013ca | 900 | |
wolfSSL | 13:f67a6c6013ca | 901 | byte producedDate[MAX_DATE_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 902 | /* Date at which this response was signed */ |
wolfSSL | 13:f67a6c6013ca | 903 | byte producedDateFormat; /* format of the producedDate */ |
wolfSSL | 13:f67a6c6013ca | 904 | byte* issuerHash; |
wolfSSL | 13:f67a6c6013ca | 905 | byte* issuerKeyHash; |
wolfSSL | 13:f67a6c6013ca | 906 | |
wolfSSL | 13:f67a6c6013ca | 907 | byte* cert; |
wolfSSL | 13:f67a6c6013ca | 908 | word32 certSz; |
wolfSSL | 13:f67a6c6013ca | 909 | |
wolfSSL | 13:f67a6c6013ca | 910 | byte* sig; /* Pointer to sig in source */ |
wolfSSL | 13:f67a6c6013ca | 911 | word32 sigSz; /* Length in octets for the sig */ |
wolfSSL | 13:f67a6c6013ca | 912 | word32 sigOID; /* OID for hash used for sig */ |
wolfSSL | 13:f67a6c6013ca | 913 | |
wolfSSL | 13:f67a6c6013ca | 914 | CertStatus* status; /* certificate status to fill out */ |
wolfSSL | 13:f67a6c6013ca | 915 | |
wolfSSL | 13:f67a6c6013ca | 916 | byte* nonce; /* pointer to nonce inside ASN.1 response */ |
wolfSSL | 13:f67a6c6013ca | 917 | int nonceSz; /* length of the nonce string */ |
wolfSSL | 13:f67a6c6013ca | 918 | |
wolfSSL | 13:f67a6c6013ca | 919 | byte* source; /* pointer to source buffer, not owned */ |
wolfSSL | 13:f67a6c6013ca | 920 | word32 maxIdx; /* max offset based on init size */ |
wolfSSL | 13:f67a6c6013ca | 921 | }; |
wolfSSL | 13:f67a6c6013ca | 922 | |
wolfSSL | 13:f67a6c6013ca | 923 | |
wolfSSL | 13:f67a6c6013ca | 924 | struct OcspRequest { |
wolfSSL | 13:f67a6c6013ca | 925 | byte issuerHash[KEYID_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 926 | byte issuerKeyHash[KEYID_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 927 | byte* serial; /* copy of the serial number in source cert */ |
wolfSSL | 13:f67a6c6013ca | 928 | int serialSz; |
wolfSSL | 13:f67a6c6013ca | 929 | byte* url; /* copy of the extAuthInfo in source cert */ |
wolfSSL | 13:f67a6c6013ca | 930 | int urlSz; |
wolfSSL | 13:f67a6c6013ca | 931 | |
wolfSSL | 13:f67a6c6013ca | 932 | byte nonce[MAX_OCSP_NONCE_SZ]; |
wolfSSL | 13:f67a6c6013ca | 933 | int nonceSz; |
wolfSSL | 13:f67a6c6013ca | 934 | void* heap; |
wolfSSL | 13:f67a6c6013ca | 935 | |
wolfSSL | 13:f67a6c6013ca | 936 | #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) |
wolfSSL | 13:f67a6c6013ca | 937 | void* ssl; |
wolfSSL | 13:f67a6c6013ca | 938 | #endif |
wolfSSL | 13:f67a6c6013ca | 939 | }; |
wolfSSL | 13:f67a6c6013ca | 940 | |
wolfSSL | 13:f67a6c6013ca | 941 | |
wolfSSL | 13:f67a6c6013ca | 942 | WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); |
wolfSSL | 13:f67a6c6013ca | 943 | WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int); |
wolfSSL | 13:f67a6c6013ca | 944 | |
wolfSSL | 13:f67a6c6013ca | 945 | WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*); |
wolfSSL | 13:f67a6c6013ca | 946 | WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*); |
wolfSSL | 13:f67a6c6013ca | 947 | WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32); |
wolfSSL | 13:f67a6c6013ca | 948 | WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32); |
wolfSSL | 13:f67a6c6013ca | 949 | |
wolfSSL | 13:f67a6c6013ca | 950 | |
wolfSSL | 13:f67a6c6013ca | 951 | WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*); |
wolfSSL | 13:f67a6c6013ca | 952 | |
wolfSSL | 13:f67a6c6013ca | 953 | |
wolfSSL | 13:f67a6c6013ca | 954 | #endif /* HAVE_OCSP */ |
wolfSSL | 13:f67a6c6013ca | 955 | |
wolfSSL | 13:f67a6c6013ca | 956 | |
wolfSSL | 13:f67a6c6013ca | 957 | /* for pointer use */ |
wolfSSL | 13:f67a6c6013ca | 958 | typedef struct RevokedCert RevokedCert; |
wolfSSL | 13:f67a6c6013ca | 959 | |
wolfSSL | 13:f67a6c6013ca | 960 | #ifdef HAVE_CRL |
wolfSSL | 13:f67a6c6013ca | 961 | |
wolfSSL | 13:f67a6c6013ca | 962 | struct RevokedCert { |
wolfSSL | 13:f67a6c6013ca | 963 | byte serialNumber[EXTERNAL_SERIAL_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 964 | int serialSz; |
wolfSSL | 13:f67a6c6013ca | 965 | RevokedCert* next; |
wolfSSL | 13:f67a6c6013ca | 966 | }; |
wolfSSL | 13:f67a6c6013ca | 967 | |
wolfSSL | 13:f67a6c6013ca | 968 | typedef struct DecodedCRL DecodedCRL; |
wolfSSL | 13:f67a6c6013ca | 969 | |
wolfSSL | 13:f67a6c6013ca | 970 | struct DecodedCRL { |
wolfSSL | 13:f67a6c6013ca | 971 | word32 certBegin; /* offset to start of cert */ |
wolfSSL | 13:f67a6c6013ca | 972 | word32 sigIndex; /* offset to start of signature */ |
wolfSSL | 13:f67a6c6013ca | 973 | word32 sigLength; /* length of signature */ |
wolfSSL | 13:f67a6c6013ca | 974 | word32 signatureOID; /* sum of algorithm object id */ |
wolfSSL | 13:f67a6c6013ca | 975 | byte* signature; /* pointer into raw source, not owned */ |
wolfSSL | 13:f67a6c6013ca | 976 | byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */ |
wolfSSL | 13:f67a6c6013ca | 977 | byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */ |
wolfSSL | 13:f67a6c6013ca | 978 | byte lastDate[MAX_DATE_SIZE]; /* last date updated */ |
wolfSSL | 13:f67a6c6013ca | 979 | byte nextDate[MAX_DATE_SIZE]; /* next update date */ |
wolfSSL | 13:f67a6c6013ca | 980 | byte lastDateFormat; /* format of last date */ |
wolfSSL | 13:f67a6c6013ca | 981 | byte nextDateFormat; /* format of next date */ |
wolfSSL | 13:f67a6c6013ca | 982 | RevokedCert* certs; /* revoked cert list */ |
wolfSSL | 13:f67a6c6013ca | 983 | int totalCerts; /* number on list */ |
wolfSSL | 13:f67a6c6013ca | 984 | void* heap; |
wolfSSL | 13:f67a6c6013ca | 985 | }; |
wolfSSL | 13:f67a6c6013ca | 986 | |
wolfSSL | 13:f67a6c6013ca | 987 | WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*, void* heap); |
wolfSSL | 13:f67a6c6013ca | 988 | WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx, |
wolfSSL | 13:f67a6c6013ca | 989 | const byte* toBeSigned, word32 tbsSz, |
wolfSSL | 13:f67a6c6013ca | 990 | const byte* signature, word32 sigSz, |
wolfSSL | 13:f67a6c6013ca | 991 | word32 signatureOID, Signer *ca, |
wolfSSL | 13:f67a6c6013ca | 992 | void* heap); |
wolfSSL | 13:f67a6c6013ca | 993 | WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm); |
wolfSSL | 13:f67a6c6013ca | 994 | WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*); |
wolfSSL | 13:f67a6c6013ca | 995 | |
wolfSSL | 13:f67a6c6013ca | 996 | |
wolfSSL | 13:f67a6c6013ca | 997 | #endif /* HAVE_CRL */ |
wolfSSL | 13:f67a6c6013ca | 998 | |
wolfSSL | 13:f67a6c6013ca | 999 | |
wolfSSL | 13:f67a6c6013ca | 1000 | #ifdef __cplusplus |
wolfSSL | 13:f67a6c6013ca | 1001 | } /* extern "C" */ |
wolfSSL | 13:f67a6c6013ca | 1002 | #endif |
wolfSSL | 13:f67a6c6013ca | 1003 | |
wolfSSL | 13:f67a6c6013ca | 1004 | #endif /* !NO_ASN */ |
wolfSSL | 13:f67a6c6013ca | 1005 | #endif /* WOLF_CRYPT_ASN_H */ |
wolfSSL | 13:f67a6c6013ca | 1006 |