wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfssl/wolfcrypt/asn_public.h@13:f67a6c6013ca, 2017-08-22 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue Aug 22 10:48:22 2017 +0000
- Revision:
- 13:f67a6c6013ca
wolfSSL3.12.0 with TLS1.3
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 13:f67a6c6013ca | 1 | /* asn_public.h |
wolfSSL | 13:f67a6c6013ca | 2 | * |
wolfSSL | 13:f67a6c6013ca | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 13:f67a6c6013ca | 4 | * |
wolfSSL | 13:f67a6c6013ca | 5 | * This file is part of wolfSSL. |
wolfSSL | 13:f67a6c6013ca | 6 | * |
wolfSSL | 13:f67a6c6013ca | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 13:f67a6c6013ca | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 13:f67a6c6013ca | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 13:f67a6c6013ca | 10 | * (at your option) any later version. |
wolfSSL | 13:f67a6c6013ca | 11 | * |
wolfSSL | 13:f67a6c6013ca | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 13:f67a6c6013ca | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 13:f67a6c6013ca | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 13:f67a6c6013ca | 15 | * GNU General Public License for more details. |
wolfSSL | 13:f67a6c6013ca | 16 | * |
wolfSSL | 13:f67a6c6013ca | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 13:f67a6c6013ca | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 13:f67a6c6013ca | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 13:f67a6c6013ca | 20 | */ |
wolfSSL | 13:f67a6c6013ca | 21 | |
wolfSSL | 13:f67a6c6013ca | 22 | |
wolfSSL | 13:f67a6c6013ca | 23 | |
wolfSSL | 13:f67a6c6013ca | 24 | #ifndef WOLF_CRYPT_ASN_PUBLIC_H |
wolfSSL | 13:f67a6c6013ca | 25 | #define WOLF_CRYPT_ASN_PUBLIC_H |
wolfSSL | 13:f67a6c6013ca | 26 | |
wolfSSL | 13:f67a6c6013ca | 27 | #include <wolfssl/wolfcrypt/types.h> |
wolfSSL | 13:f67a6c6013ca | 28 | |
wolfSSL | 13:f67a6c6013ca | 29 | #ifdef __cplusplus |
wolfSSL | 13:f67a6c6013ca | 30 | extern "C" { |
wolfSSL | 13:f67a6c6013ca | 31 | #endif |
wolfSSL | 13:f67a6c6013ca | 32 | |
wolfSSL | 13:f67a6c6013ca | 33 | /* guard on redeclaration */ |
wolfSSL | 13:f67a6c6013ca | 34 | #ifndef WC_ECCKEY_TYPE_DEFINED |
wolfSSL | 13:f67a6c6013ca | 35 | typedef struct ecc_key ecc_key; |
wolfSSL | 13:f67a6c6013ca | 36 | #define WC_ECCKEY_TYPE_DEFINED |
wolfSSL | 13:f67a6c6013ca | 37 | #endif |
wolfSSL | 13:f67a6c6013ca | 38 | #ifndef WC_ED25519KEY_TYPE_DEFINED |
wolfSSL | 13:f67a6c6013ca | 39 | typedef struct ed25519_key ed25519_key; |
wolfSSL | 13:f67a6c6013ca | 40 | #define WC_ED25519KEY_TYPE_DEFINED |
wolfSSL | 13:f67a6c6013ca | 41 | #endif |
wolfSSL | 13:f67a6c6013ca | 42 | #ifndef WC_RSAKEY_TYPE_DEFINED |
wolfSSL | 13:f67a6c6013ca | 43 | typedef struct RsaKey RsaKey; |
wolfSSL | 13:f67a6c6013ca | 44 | #define WC_RSAKEY_TYPE_DEFINED |
wolfSSL | 13:f67a6c6013ca | 45 | #endif |
wolfSSL | 13:f67a6c6013ca | 46 | #ifndef WC_RNG_TYPE_DEFINED |
wolfSSL | 13:f67a6c6013ca | 47 | typedef struct WC_RNG WC_RNG; |
wolfSSL | 13:f67a6c6013ca | 48 | #define WC_RNG_TYPE_DEFINED |
wolfSSL | 13:f67a6c6013ca | 49 | #endif |
wolfSSL | 13:f67a6c6013ca | 50 | |
wolfSSL | 13:f67a6c6013ca | 51 | /* Certificate file Type */ |
wolfSSL | 13:f67a6c6013ca | 52 | enum CertType { |
wolfSSL | 13:f67a6c6013ca | 53 | CERT_TYPE = 0, |
wolfSSL | 13:f67a6c6013ca | 54 | PRIVATEKEY_TYPE, |
wolfSSL | 13:f67a6c6013ca | 55 | DH_PARAM_TYPE, |
wolfSSL | 13:f67a6c6013ca | 56 | DSA_PARAM_TYPE, |
wolfSSL | 13:f67a6c6013ca | 57 | CRL_TYPE, |
wolfSSL | 13:f67a6c6013ca | 58 | CA_TYPE, |
wolfSSL | 13:f67a6c6013ca | 59 | ECC_PRIVATEKEY_TYPE, |
wolfSSL | 13:f67a6c6013ca | 60 | DSA_PRIVATEKEY_TYPE, |
wolfSSL | 13:f67a6c6013ca | 61 | CERTREQ_TYPE, |
wolfSSL | 13:f67a6c6013ca | 62 | DSA_TYPE, |
wolfSSL | 13:f67a6c6013ca | 63 | ECC_TYPE, |
wolfSSL | 13:f67a6c6013ca | 64 | RSA_TYPE, |
wolfSSL | 13:f67a6c6013ca | 65 | PUBLICKEY_TYPE, |
wolfSSL | 13:f67a6c6013ca | 66 | RSA_PUBLICKEY_TYPE, |
wolfSSL | 13:f67a6c6013ca | 67 | ECC_PUBLICKEY_TYPE, |
wolfSSL | 13:f67a6c6013ca | 68 | TRUSTED_PEER_TYPE, |
wolfSSL | 13:f67a6c6013ca | 69 | EDDSA_PRIVATEKEY_TYPE, |
wolfSSL | 13:f67a6c6013ca | 70 | ED25519_TYPE |
wolfSSL | 13:f67a6c6013ca | 71 | }; |
wolfSSL | 13:f67a6c6013ca | 72 | |
wolfSSL | 13:f67a6c6013ca | 73 | |
wolfSSL | 13:f67a6c6013ca | 74 | /* Signature type, by OID sum */ |
wolfSSL | 13:f67a6c6013ca | 75 | enum Ctc_SigType { |
wolfSSL | 13:f67a6c6013ca | 76 | CTC_SHAwDSA = 517, |
wolfSSL | 13:f67a6c6013ca | 77 | CTC_MD2wRSA = 646, |
wolfSSL | 13:f67a6c6013ca | 78 | CTC_MD5wRSA = 648, |
wolfSSL | 13:f67a6c6013ca | 79 | CTC_SHAwRSA = 649, |
wolfSSL | 13:f67a6c6013ca | 80 | CTC_SHAwECDSA = 520, |
wolfSSL | 13:f67a6c6013ca | 81 | CTC_SHA224wRSA = 658, |
wolfSSL | 13:f67a6c6013ca | 82 | CTC_SHA224wECDSA = 527, |
wolfSSL | 13:f67a6c6013ca | 83 | CTC_SHA256wRSA = 655, |
wolfSSL | 13:f67a6c6013ca | 84 | CTC_SHA256wECDSA = 524, |
wolfSSL | 13:f67a6c6013ca | 85 | CTC_SHA384wRSA = 656, |
wolfSSL | 13:f67a6c6013ca | 86 | CTC_SHA384wECDSA = 525, |
wolfSSL | 13:f67a6c6013ca | 87 | CTC_SHA512wRSA = 657, |
wolfSSL | 13:f67a6c6013ca | 88 | CTC_SHA512wECDSA = 526, |
wolfSSL | 13:f67a6c6013ca | 89 | CTC_ED25519 = 256 |
wolfSSL | 13:f67a6c6013ca | 90 | }; |
wolfSSL | 13:f67a6c6013ca | 91 | |
wolfSSL | 13:f67a6c6013ca | 92 | enum Ctc_Encoding { |
wolfSSL | 13:f67a6c6013ca | 93 | CTC_UTF8 = 0x0c, /* utf8 */ |
wolfSSL | 13:f67a6c6013ca | 94 | CTC_PRINTABLE = 0x13 /* printable */ |
wolfSSL | 13:f67a6c6013ca | 95 | }; |
wolfSSL | 13:f67a6c6013ca | 96 | |
wolfSSL | 13:f67a6c6013ca | 97 | enum Ctc_Misc { |
wolfSSL | 13:f67a6c6013ca | 98 | CTC_COUNTRY_SIZE = 2, |
wolfSSL | 13:f67a6c6013ca | 99 | CTC_NAME_SIZE = 64, |
wolfSSL | 13:f67a6c6013ca | 100 | CTC_DATE_SIZE = 32, |
wolfSSL | 13:f67a6c6013ca | 101 | CTC_MAX_ALT_SIZE = 16384, /* may be huge */ |
wolfSSL | 13:f67a6c6013ca | 102 | CTC_SERIAL_SIZE = 8, |
wolfSSL | 13:f67a6c6013ca | 103 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 13:f67a6c6013ca | 104 | /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum |
wolfSSL | 13:f67a6c6013ca | 105 | * We support only hash */ |
wolfSSL | 13:f67a6c6013ca | 106 | CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ |
wolfSSL | 13:f67a6c6013ca | 107 | CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */ |
wolfSSL | 13:f67a6c6013ca | 108 | CTC_MAX_CERTPOL_SZ = 64, |
wolfSSL | 13:f67a6c6013ca | 109 | CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */ |
wolfSSL | 13:f67a6c6013ca | 110 | #endif /* WOLFSSL_CERT_EXT */ |
wolfSSL | 13:f67a6c6013ca | 111 | }; |
wolfSSL | 13:f67a6c6013ca | 112 | |
wolfSSL | 13:f67a6c6013ca | 113 | |
wolfSSL | 13:f67a6c6013ca | 114 | #ifdef WOLFSSL_CERT_GEN |
wolfSSL | 13:f67a6c6013ca | 115 | |
wolfSSL | 13:f67a6c6013ca | 116 | typedef struct CertName { |
wolfSSL | 13:f67a6c6013ca | 117 | char country[CTC_NAME_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 118 | char countryEnc; |
wolfSSL | 13:f67a6c6013ca | 119 | char state[CTC_NAME_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 120 | char stateEnc; |
wolfSSL | 13:f67a6c6013ca | 121 | char locality[CTC_NAME_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 122 | char localityEnc; |
wolfSSL | 13:f67a6c6013ca | 123 | char sur[CTC_NAME_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 124 | char surEnc; |
wolfSSL | 13:f67a6c6013ca | 125 | char org[CTC_NAME_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 126 | char orgEnc; |
wolfSSL | 13:f67a6c6013ca | 127 | char unit[CTC_NAME_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 128 | char unitEnc; |
wolfSSL | 13:f67a6c6013ca | 129 | char commonName[CTC_NAME_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 130 | char commonNameEnc; |
wolfSSL | 13:f67a6c6013ca | 131 | char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */ |
wolfSSL | 13:f67a6c6013ca | 132 | } CertName; |
wolfSSL | 13:f67a6c6013ca | 133 | |
wolfSSL | 13:f67a6c6013ca | 134 | |
wolfSSL | 13:f67a6c6013ca | 135 | /* for user to fill for certificate generation */ |
wolfSSL | 13:f67a6c6013ca | 136 | typedef struct Cert { |
wolfSSL | 13:f67a6c6013ca | 137 | int version; /* x509 version */ |
wolfSSL | 13:f67a6c6013ca | 138 | byte serial[CTC_SERIAL_SIZE]; /* serial number */ |
wolfSSL | 13:f67a6c6013ca | 139 | int sigType; /* signature algo type */ |
wolfSSL | 13:f67a6c6013ca | 140 | CertName issuer; /* issuer info */ |
wolfSSL | 13:f67a6c6013ca | 141 | int daysValid; /* validity days */ |
wolfSSL | 13:f67a6c6013ca | 142 | int selfSigned; /* self signed flag */ |
wolfSSL | 13:f67a6c6013ca | 143 | CertName subject; /* subject info */ |
wolfSSL | 13:f67a6c6013ca | 144 | int isCA; /* is this going to be a CA */ |
wolfSSL | 13:f67a6c6013ca | 145 | /* internal use only */ |
wolfSSL | 13:f67a6c6013ca | 146 | int bodySz; /* pre sign total size */ |
wolfSSL | 13:f67a6c6013ca | 147 | int keyType; /* public key type of subject */ |
wolfSSL | 13:f67a6c6013ca | 148 | #ifdef WOLFSSL_ALT_NAMES |
wolfSSL | 13:f67a6c6013ca | 149 | byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */ |
wolfSSL | 13:f67a6c6013ca | 150 | int altNamesSz; /* altNames size in bytes */ |
wolfSSL | 13:f67a6c6013ca | 151 | byte beforeDate[CTC_DATE_SIZE]; /* before date copy */ |
wolfSSL | 13:f67a6c6013ca | 152 | int beforeDateSz; /* size of copy */ |
wolfSSL | 13:f67a6c6013ca | 153 | byte afterDate[CTC_DATE_SIZE]; /* after date copy */ |
wolfSSL | 13:f67a6c6013ca | 154 | int afterDateSz; /* size of copy */ |
wolfSSL | 13:f67a6c6013ca | 155 | #endif |
wolfSSL | 13:f67a6c6013ca | 156 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 13:f67a6c6013ca | 157 | byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */ |
wolfSSL | 13:f67a6c6013ca | 158 | int skidSz; /* SKID size in bytes */ |
wolfSSL | 13:f67a6c6013ca | 159 | byte akid[CTC_MAX_AKID_SIZE]; /* Authority Key Identifier */ |
wolfSSL | 13:f67a6c6013ca | 160 | int akidSz; /* AKID size in bytes */ |
wolfSSL | 13:f67a6c6013ca | 161 | word16 keyUsage; /* Key Usage */ |
wolfSSL | 13:f67a6c6013ca | 162 | char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ]; |
wolfSSL | 13:f67a6c6013ca | 163 | word16 certPoliciesNb; /* Number of Cert Policy */ |
wolfSSL | 13:f67a6c6013ca | 164 | #endif |
wolfSSL | 13:f67a6c6013ca | 165 | #ifdef WOLFSSL_CERT_REQ |
wolfSSL | 13:f67a6c6013ca | 166 | char challengePw[CTC_NAME_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 167 | #endif |
wolfSSL | 13:f67a6c6013ca | 168 | void* heap; /* heap hint */ |
wolfSSL | 13:f67a6c6013ca | 169 | } Cert; |
wolfSSL | 13:f67a6c6013ca | 170 | |
wolfSSL | 13:f67a6c6013ca | 171 | |
wolfSSL | 13:f67a6c6013ca | 172 | /* Initialize and Set Certificate defaults: |
wolfSSL | 13:f67a6c6013ca | 173 | version = 3 (0x2) |
wolfSSL | 13:f67a6c6013ca | 174 | serial = 0 (Will be randomly generated) |
wolfSSL | 13:f67a6c6013ca | 175 | sigType = SHA_WITH_RSA |
wolfSSL | 13:f67a6c6013ca | 176 | issuer = blank |
wolfSSL | 13:f67a6c6013ca | 177 | daysValid = 500 |
wolfSSL | 13:f67a6c6013ca | 178 | selfSigned = 1 (true) use subject as issuer |
wolfSSL | 13:f67a6c6013ca | 179 | subject = blank |
wolfSSL | 13:f67a6c6013ca | 180 | isCA = 0 (false) |
wolfSSL | 13:f67a6c6013ca | 181 | keyType = RSA_KEY (default) |
wolfSSL | 13:f67a6c6013ca | 182 | */ |
wolfSSL | 13:f67a6c6013ca | 183 | WOLFSSL_API int wc_InitCert(Cert*); |
wolfSSL | 13:f67a6c6013ca | 184 | WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, |
wolfSSL | 13:f67a6c6013ca | 185 | int keyType, void* key, WC_RNG* rng); |
wolfSSL | 13:f67a6c6013ca | 186 | WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, |
wolfSSL | 13:f67a6c6013ca | 187 | ecc_key*, WC_RNG*); |
wolfSSL | 13:f67a6c6013ca | 188 | #ifdef WOLFSSL_CERT_REQ |
wolfSSL | 13:f67a6c6013ca | 189 | WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz, |
wolfSSL | 13:f67a6c6013ca | 190 | int, void*); |
wolfSSL | 13:f67a6c6013ca | 191 | WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, |
wolfSSL | 13:f67a6c6013ca | 192 | RsaKey*, ecc_key*); |
wolfSSL | 13:f67a6c6013ca | 193 | #endif |
wolfSSL | 13:f67a6c6013ca | 194 | WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer, |
wolfSSL | 13:f67a6c6013ca | 195 | word32 buffSz, int keyType, void* key, |
wolfSSL | 13:f67a6c6013ca | 196 | WC_RNG* rng); |
wolfSSL | 13:f67a6c6013ca | 197 | WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, |
wolfSSL | 13:f67a6c6013ca | 198 | word32 derSz, RsaKey*, ecc_key*, WC_RNG*); |
wolfSSL | 13:f67a6c6013ca | 199 | WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, |
wolfSSL | 13:f67a6c6013ca | 200 | WC_RNG*); |
wolfSSL | 13:f67a6c6013ca | 201 | WOLFSSL_API int wc_SetIssuer(Cert*, const char*); |
wolfSSL | 13:f67a6c6013ca | 202 | WOLFSSL_API int wc_SetSubject(Cert*, const char*); |
wolfSSL | 13:f67a6c6013ca | 203 | #ifdef WOLFSSL_ALT_NAMES |
wolfSSL | 13:f67a6c6013ca | 204 | WOLFSSL_API int wc_SetAltNames(Cert*, const char*); |
wolfSSL | 13:f67a6c6013ca | 205 | #endif |
wolfSSL | 13:f67a6c6013ca | 206 | WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int); |
wolfSSL | 13:f67a6c6013ca | 207 | WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int); |
wolfSSL | 13:f67a6c6013ca | 208 | WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int); |
wolfSSL | 13:f67a6c6013ca | 209 | WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); |
wolfSSL | 13:f67a6c6013ca | 210 | |
wolfSSL | 13:f67a6c6013ca | 211 | #ifdef WOLFSSL_CERT_EXT |
wolfSSL | 13:f67a6c6013ca | 212 | WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, |
wolfSSL | 13:f67a6c6013ca | 213 | void* key); |
wolfSSL | 13:f67a6c6013ca | 214 | WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, |
wolfSSL | 13:f67a6c6013ca | 215 | ecc_key *eckey); |
wolfSSL | 13:f67a6c6013ca | 216 | WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz); |
wolfSSL | 13:f67a6c6013ca | 217 | WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file); |
wolfSSL | 13:f67a6c6013ca | 218 | WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, |
wolfSSL | 13:f67a6c6013ca | 219 | void* key); |
wolfSSL | 13:f67a6c6013ca | 220 | WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, |
wolfSSL | 13:f67a6c6013ca | 221 | ecc_key *eckey); |
wolfSSL | 13:f67a6c6013ca | 222 | WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file); |
wolfSSL | 13:f67a6c6013ca | 223 | |
wolfSSL | 13:f67a6c6013ca | 224 | #ifdef HAVE_NTRU |
wolfSSL | 13:f67a6c6013ca | 225 | WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey, |
wolfSSL | 13:f67a6c6013ca | 226 | word16 ntruKeySz); |
wolfSSL | 13:f67a6c6013ca | 227 | #endif |
wolfSSL | 13:f67a6c6013ca | 228 | |
wolfSSL | 13:f67a6c6013ca | 229 | /* Set the KeyUsage. |
wolfSSL | 13:f67a6c6013ca | 230 | * Value is a string separated tokens with ','. Accepted tokens are : |
wolfSSL | 13:f67a6c6013ca | 231 | * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign, |
wolfSSL | 13:f67a6c6013ca | 232 | * dataEncipherment,keyAgreement,keyEncipherment,encipherOnly and decipherOnly. |
wolfSSL | 13:f67a6c6013ca | 233 | * |
wolfSSL | 13:f67a6c6013ca | 234 | * nonRepudiation and contentCommitment are for the same usage. |
wolfSSL | 13:f67a6c6013ca | 235 | */ |
wolfSSL | 13:f67a6c6013ca | 236 | WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value); |
wolfSSL | 13:f67a6c6013ca | 237 | |
wolfSSL | 13:f67a6c6013ca | 238 | #endif /* WOLFSSL_CERT_EXT */ |
wolfSSL | 13:f67a6c6013ca | 239 | |
wolfSSL | 13:f67a6c6013ca | 240 | #ifdef HAVE_NTRU |
wolfSSL | 13:f67a6c6013ca | 241 | WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, |
wolfSSL | 13:f67a6c6013ca | 242 | const byte* ntruKey, word16 keySz, |
wolfSSL | 13:f67a6c6013ca | 243 | WC_RNG*); |
wolfSSL | 13:f67a6c6013ca | 244 | #endif |
wolfSSL | 13:f67a6c6013ca | 245 | |
wolfSSL | 13:f67a6c6013ca | 246 | #endif /* WOLFSSL_CERT_GEN */ |
wolfSSL | 13:f67a6c6013ca | 247 | |
wolfSSL | 13:f67a6c6013ca | 248 | #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER) |
wolfSSL | 13:f67a6c6013ca | 249 | #ifndef WOLFSSL_PEMPUBKEY_TODER_DEFINED |
wolfSSL | 13:f67a6c6013ca | 250 | #ifndef NO_FILESYSTEM |
wolfSSL | 13:f67a6c6013ca | 251 | /* forward from wolfssl */ |
wolfSSL | 13:f67a6c6013ca | 252 | WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName, |
wolfSSL | 13:f67a6c6013ca | 253 | unsigned char* derBuf, int derSz); |
wolfSSL | 13:f67a6c6013ca | 254 | #endif |
wolfSSL | 13:f67a6c6013ca | 255 | |
wolfSSL | 13:f67a6c6013ca | 256 | /* forward from wolfssl */ |
wolfSSL | 13:f67a6c6013ca | 257 | WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int, |
wolfSSL | 13:f67a6c6013ca | 258 | unsigned char*, int); |
wolfSSL | 13:f67a6c6013ca | 259 | #define WOLFSSL_PEMPUBKEY_TODER_DEFINED |
wolfSSL | 13:f67a6c6013ca | 260 | #endif /* WOLFSSL_PEMPUBKEY_TODER_DEFINED */ |
wolfSSL | 13:f67a6c6013ca | 261 | #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */ |
wolfSSL | 13:f67a6c6013ca | 262 | |
wolfSSL | 13:f67a6c6013ca | 263 | #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || !defined(NO_DSA) \ |
wolfSSL | 13:f67a6c6013ca | 264 | || defined(OPENSSL_EXTRA) |
wolfSSL | 13:f67a6c6013ca | 265 | WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output, |
wolfSSL | 13:f67a6c6013ca | 266 | word32 outputSz, int type); |
wolfSSL | 13:f67a6c6013ca | 267 | WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, |
wolfSSL | 13:f67a6c6013ca | 268 | word32 outputSz, byte *cipherIno, int type); |
wolfSSL | 13:f67a6c6013ca | 269 | #endif |
wolfSSL | 13:f67a6c6013ca | 270 | |
wolfSSL | 13:f67a6c6013ca | 271 | #ifdef HAVE_ECC |
wolfSSL | 13:f67a6c6013ca | 272 | /* private key helpers */ |
wolfSSL | 13:f67a6c6013ca | 273 | WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*, |
wolfSSL | 13:f67a6c6013ca | 274 | ecc_key*, word32); |
wolfSSL | 13:f67a6c6013ca | 275 | WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen); |
wolfSSL | 13:f67a6c6013ca | 276 | WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, |
wolfSSL | 13:f67a6c6013ca | 277 | word32 inLen); |
wolfSSL | 13:f67a6c6013ca | 278 | |
wolfSSL | 13:f67a6c6013ca | 279 | /* public key helper */ |
wolfSSL | 13:f67a6c6013ca | 280 | WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*, |
wolfSSL | 13:f67a6c6013ca | 281 | ecc_key*, word32); |
wolfSSL | 13:f67a6c6013ca | 282 | #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) |
wolfSSL | 13:f67a6c6013ca | 283 | WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output, |
wolfSSL | 13:f67a6c6013ca | 284 | word32 inLen, int with_AlgCurve); |
wolfSSL | 13:f67a6c6013ca | 285 | #endif |
wolfSSL | 13:f67a6c6013ca | 286 | #endif |
wolfSSL | 13:f67a6c6013ca | 287 | |
wolfSSL | 13:f67a6c6013ca | 288 | #ifdef HAVE_ED25519 |
wolfSSL | 13:f67a6c6013ca | 289 | /* private key helpers */ |
wolfSSL | 13:f67a6c6013ca | 290 | WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*, |
wolfSSL | 13:f67a6c6013ca | 291 | ed25519_key*, word32); |
wolfSSL | 13:f67a6c6013ca | 292 | WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output, |
wolfSSL | 13:f67a6c6013ca | 293 | word32 inLen); |
wolfSSL | 13:f67a6c6013ca | 294 | WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output, |
wolfSSL | 13:f67a6c6013ca | 295 | word32 inLen); |
wolfSSL | 13:f67a6c6013ca | 296 | |
wolfSSL | 13:f67a6c6013ca | 297 | /* public key helper */ |
wolfSSL | 13:f67a6c6013ca | 298 | WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*, |
wolfSSL | 13:f67a6c6013ca | 299 | ed25519_key*, word32); |
wolfSSL | 13:f67a6c6013ca | 300 | #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) |
wolfSSL | 13:f67a6c6013ca | 301 | WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte* output, |
wolfSSL | 13:f67a6c6013ca | 302 | word32 inLen, int with_AlgCurve); |
wolfSSL | 13:f67a6c6013ca | 303 | #endif |
wolfSSL | 13:f67a6c6013ca | 304 | #endif |
wolfSSL | 13:f67a6c6013ca | 305 | |
wolfSSL | 13:f67a6c6013ca | 306 | /* DER encode signature */ |
wolfSSL | 13:f67a6c6013ca | 307 | WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, |
wolfSSL | 13:f67a6c6013ca | 308 | word32 digSz, int hashOID); |
wolfSSL | 13:f67a6c6013ca | 309 | WOLFSSL_API int wc_GetCTC_HashOID(int type); |
wolfSSL | 13:f67a6c6013ca | 310 | |
wolfSSL | 13:f67a6c6013ca | 311 | WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input, |
wolfSSL | 13:f67a6c6013ca | 312 | word32* inOutIdx, word32 sz); |
wolfSSL | 13:f67a6c6013ca | 313 | WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz, |
wolfSSL | 13:f67a6c6013ca | 314 | byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz); |
wolfSSL | 13:f67a6c6013ca | 315 | |
wolfSSL | 13:f67a6c6013ca | 316 | /* Time */ |
wolfSSL | 13:f67a6c6013ca | 317 | /* Returns seconds (Epoch/UTC) |
wolfSSL | 13:f67a6c6013ca | 318 | * timePtr: is "time_t", which is typically "long" |
wolfSSL | 13:f67a6c6013ca | 319 | * Example: |
wolfSSL | 13:f67a6c6013ca | 320 | long lTime; |
wolfSSL | 13:f67a6c6013ca | 321 | rc = wc_GetTime(&lTime, (word32)sizeof(lTime)); |
wolfSSL | 13:f67a6c6013ca | 322 | */ |
wolfSSL | 13:f67a6c6013ca | 323 | WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize); |
wolfSSL | 13:f67a6c6013ca | 324 | |
wolfSSL | 13:f67a6c6013ca | 325 | #ifdef __cplusplus |
wolfSSL | 13:f67a6c6013ca | 326 | } /* extern "C" */ |
wolfSSL | 13:f67a6c6013ca | 327 | #endif |
wolfSSL | 13:f67a6c6013ca | 328 | |
wolfSSL | 13:f67a6c6013ca | 329 | #endif /* WOLF_CRYPT_ASN_PUBLIC_H */ |
wolfSSL | 13:f67a6c6013ca | 330 | |
wolfSSL | 13:f67a6c6013ca | 331 |