wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfssl/wolfcrypt/asn.h@17:a5f916481144, 2020-06-05 (annotated)

Committer:
wolfSSL
Date:
Fri Jun 05 00:11:07 2020 +0000
Revision:
17:a5f916481144
Parent:
16:8e0d178b1d1e 
wolfSSL 4.4.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 15:117db924cf7c 1 /* asn.h
wolfSSL 15:117db924cf7c 2 *
wolfSSL 16:8e0d178b1d1e 3 * Copyright (C) 2006-2020 wolfSSL Inc.
wolfSSL 15:117db924cf7c 4 *
wolfSSL 15:117db924cf7c 5 * This file is part of wolfSSL.
wolfSSL 15:117db924cf7c 6 *
wolfSSL 15:117db924cf7c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 15:117db924cf7c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 15:117db924cf7c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 15:117db924cf7c 10 * (at your option) any later version.
wolfSSL 15:117db924cf7c 11 *
wolfSSL 15:117db924cf7c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 15:117db924cf7c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 15:117db924cf7c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 15:117db924cf7c 15 * GNU General Public License for more details.
wolfSSL 15:117db924cf7c 16 *
wolfSSL 15:117db924cf7c 17 * You should have received a copy of the GNU General Public License
wolfSSL 15:117db924cf7c 18 * along with this program; if not, write to the Free Software
wolfSSL 15:117db924cf7c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 15:117db924cf7c 20 */
wolfSSL 15:117db924cf7c 21
wolfSSL 15:117db924cf7c 22 /*!
wolfSSL 15:117db924cf7c 23 \file wolfssl/wolfcrypt/asn.h
wolfSSL 15:117db924cf7c 24 */
wolfSSL 15:117db924cf7c 25
wolfSSL 15:117db924cf7c 26 #ifndef WOLF_CRYPT_ASN_H
wolfSSL 15:117db924cf7c 27 #define WOLF_CRYPT_ASN_H
wolfSSL 15:117db924cf7c 28
wolfSSL 15:117db924cf7c 29 #include <wolfssl/wolfcrypt/types.h>
wolfSSL 15:117db924cf7c 30
wolfSSL 15:117db924cf7c 31 #ifndef NO_ASN
wolfSSL 15:117db924cf7c 32
wolfSSL 15:117db924cf7c 33
wolfSSL 15:117db924cf7c 34 #if !defined(NO_ASN_TIME) && defined(NO_TIME_H)
wolfSSL 15:117db924cf7c 35 #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */
wolfSSL 15:117db924cf7c 36 #endif
wolfSSL 15:117db924cf7c 37
wolfSSL 15:117db924cf7c 38 #include <wolfssl/wolfcrypt/integer.h>
wolfSSL 15:117db924cf7c 39
wolfSSL 15:117db924cf7c 40 /* fips declare of RsaPrivateKeyDecode @wc_fips */
wolfSSL 15:117db924cf7c 41 #if defined(HAVE_FIPS) && !defined(NO_RSA) && \
wolfSSL 15:117db924cf7c 42 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
wolfSSL 15:117db924cf7c 43 #include <cyassl/ctaocrypt/rsa.h>
wolfSSL 15:117db924cf7c 44 #endif
wolfSSL 15:117db924cf7c 45
wolfSSL 15:117db924cf7c 46 #ifndef NO_DH
wolfSSL 15:117db924cf7c 47 #include <wolfssl/wolfcrypt/dh.h>
wolfSSL 15:117db924cf7c 48 #endif
wolfSSL 15:117db924cf7c 49 #ifndef NO_DSA
wolfSSL 15:117db924cf7c 50 #include <wolfssl/wolfcrypt/dsa.h>
wolfSSL 15:117db924cf7c 51 #endif
wolfSSL 15:117db924cf7c 52 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 53 #include <wolfssl/wolfcrypt/sha.h>
wolfSSL 15:117db924cf7c 54 #endif
wolfSSL 15:117db924cf7c 55 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 56 #include <wolfssl/wolfcrypt/md5.h>
wolfSSL 15:117db924cf7c 57 #endif
wolfSSL 15:117db924cf7c 58 #include <wolfssl/wolfcrypt/sha256.h>
wolfSSL 15:117db924cf7c 59 #include <wolfssl/wolfcrypt/asn_public.h> /* public interface */
wolfSSL 15:117db924cf7c 60
wolfSSL 16:8e0d178b1d1e 61 #if defined(NO_SHA) && defined(NO_SHA256)
wolfSSL 16:8e0d178b1d1e 62 #define WC_SHA256_DIGEST_SIZE 32
wolfSSL 16:8e0d178b1d1e 63 #endif
wolfSSL 15:117db924cf7c 64
wolfSSL 15:117db924cf7c 65 #ifdef __cplusplus
wolfSSL 15:117db924cf7c 66 extern "C" {
wolfSSL 15:117db924cf7c 67 #endif
wolfSSL 15:117db924cf7c 68
wolfSSL 16:8e0d178b1d1e 69 #ifndef EXTERNAL_SERIAL_SIZE
wolfSSL 16:8e0d178b1d1e 70 #define EXTERNAL_SERIAL_SIZE 32
wolfSSL 16:8e0d178b1d1e 71 #endif
wolfSSL 16:8e0d178b1d1e 72
wolfSSL 15:117db924cf7c 73 enum {
wolfSSL 15:117db924cf7c 74 ISSUER = 0,
wolfSSL 15:117db924cf7c 75 SUBJECT = 1,
wolfSSL 15:117db924cf7c 76
wolfSSL 15:117db924cf7c 77 BEFORE = 0,
wolfSSL 15:117db924cf7c 78 AFTER = 1
wolfSSL 15:117db924cf7c 79 };
wolfSSL 15:117db924cf7c 80
wolfSSL 15:117db924cf7c 81 /* ASN Tags */
wolfSSL 15:117db924cf7c 82 enum ASN_Tags {
wolfSSL 16:8e0d178b1d1e 83 ASN_EOC = 0x00,
wolfSSL 15:117db924cf7c 84 ASN_BOOLEAN = 0x01,
wolfSSL 15:117db924cf7c 85 ASN_INTEGER = 0x02,
wolfSSL 15:117db924cf7c 86 ASN_BIT_STRING = 0x03,
wolfSSL 15:117db924cf7c 87 ASN_OCTET_STRING = 0x04,
wolfSSL 15:117db924cf7c 88 ASN_TAG_NULL = 0x05,
wolfSSL 15:117db924cf7c 89 ASN_OBJECT_ID = 0x06,
wolfSSL 15:117db924cf7c 90 ASN_ENUMERATED = 0x0a,
wolfSSL 15:117db924cf7c 91 ASN_UTF8STRING = 0x0c,
wolfSSL 15:117db924cf7c 92 ASN_SEQUENCE = 0x10,
wolfSSL 15:117db924cf7c 93 ASN_SET = 0x11,
wolfSSL 16:8e0d178b1d1e 94 ASN_PRINTABLE_STRING = 0x13,
wolfSSL 15:117db924cf7c 95 ASN_UTC_TIME = 0x17,
wolfSSL 15:117db924cf7c 96 ASN_OTHER_TYPE = 0x00,
wolfSSL 15:117db924cf7c 97 ASN_RFC822_TYPE = 0x01,
wolfSSL 15:117db924cf7c 98 ASN_DNS_TYPE = 0x02,
wolfSSL 15:117db924cf7c 99 ASN_DIR_TYPE = 0x04,
wolfSSL 15:117db924cf7c 100 ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */
wolfSSL 16:8e0d178b1d1e 101 ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */
wolfSSL 15:117db924cf7c 102 ASN_GENERALIZED_TIME = 0x18,
wolfSSL 15:117db924cf7c 103 CRL_EXTENSIONS = 0xa0,
wolfSSL 15:117db924cf7c 104 ASN_EXTENSIONS = 0xa3,
wolfSSL 15:117db924cf7c 105 ASN_LONG_LENGTH = 0x80,
wolfSSL 15:117db924cf7c 106 ASN_INDEF_LENGTH = 0x80,
wolfSSL 15:117db924cf7c 107
wolfSSL 15:117db924cf7c 108 /* ASN_Flags - Bitmask */
wolfSSL 15:117db924cf7c 109 ASN_CONSTRUCTED = 0x20,
wolfSSL 16:8e0d178b1d1e 110 ASN_APPLICATION = 0x40,
wolfSSL 15:117db924cf7c 111 ASN_CONTEXT_SPECIFIC = 0x80,
wolfSSL 15:117db924cf7c 112 };
wolfSSL 15:117db924cf7c 113
wolfSSL 15:117db924cf7c 114 #define ASN_UTC_TIME_SIZE 14
wolfSSL 15:117db924cf7c 115 #define ASN_GENERALIZED_TIME_SIZE 16
wolfSSL 16:8e0d178b1d1e 116 #define ASN_GENERALIZED_TIME_MAX 68
wolfSSL 15:117db924cf7c 117
wolfSSL 15:117db924cf7c 118 enum DN_Tags {
wolfSSL 16:8e0d178b1d1e 119 ASN_DN_NULL = 0x00,
wolfSSL 15:117db924cf7c 120 ASN_COMMON_NAME = 0x03, /* CN */
wolfSSL 15:117db924cf7c 121 ASN_SUR_NAME = 0x04, /* SN */
wolfSSL 15:117db924cf7c 122 ASN_SERIAL_NUMBER = 0x05, /* serialNumber */
wolfSSL 15:117db924cf7c 123 ASN_COUNTRY_NAME = 0x06, /* C */
wolfSSL 15:117db924cf7c 124 ASN_LOCALITY_NAME = 0x07, /* L */
wolfSSL 15:117db924cf7c 125 ASN_STATE_NAME = 0x08, /* ST */
wolfSSL 15:117db924cf7c 126 ASN_ORG_NAME = 0x0a, /* O */
wolfSSL 16:8e0d178b1d1e 127 ASN_ORGUNIT_NAME = 0x0b, /* OU */
wolfSSL 16:8e0d178b1d1e 128 ASN_BUS_CAT = 0x0f, /* businessCategory */
wolfSSL 16:8e0d178b1d1e 129 ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */
wolfSSL 15:117db924cf7c 130
wolfSSL 15:117db924cf7c 131 /* pilot attribute types
wolfSSL 15:117db924cf7c 132 * OID values of 0.9.2342.19200300.100.1.* */
wolfSSL 15:117db924cf7c 133 ASN_USER_ID = 0x01, /* UID */
wolfSSL 15:117db924cf7c 134 ASN_DOMAIN_COMPONENT = 0x19 /* DC */
wolfSSL 15:117db924cf7c 135 };
wolfSSL 15:117db924cf7c 136
wolfSSL 16:8e0d178b1d1e 137 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 16:8e0d178b1d1e 138 typedef struct WOLFSSL_ObjectInfo {
wolfSSL 16:8e0d178b1d1e 139 int nid;
wolfSSL 16:8e0d178b1d1e 140 int id;
wolfSSL 16:8e0d178b1d1e 141 word32 type;
wolfSSL 16:8e0d178b1d1e 142 const char* sName;
wolfSSL 16:8e0d178b1d1e 143 const char* lName;
wolfSSL 16:8e0d178b1d1e 144 } WOLFSSL_ObjectInfo;
wolfSSL 16:8e0d178b1d1e 145 extern const size_t wolfssl_object_info_sz;
wolfSSL 16:8e0d178b1d1e 146 extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
wolfSSL 16:8e0d178b1d1e 147 #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) */
wolfSSL 16:8e0d178b1d1e 148
wolfSSL 15:117db924cf7c 149 /* DN Tag Strings */
wolfSSL 15:117db924cf7c 150 #define WOLFSSL_COMMON_NAME "/CN="
wolfSSL 16:8e0d178b1d1e 151 #define WOLFSSL_LN_COMMON_NAME "/commonName="
wolfSSL 15:117db924cf7c 152 #define WOLFSSL_SUR_NAME "/SN="
wolfSSL 15:117db924cf7c 153 #define WOLFSSL_SERIAL_NUMBER "/serialNumber="
wolfSSL 15:117db924cf7c 154 #define WOLFSSL_COUNTRY_NAME "/C="
wolfSSL 16:8e0d178b1d1e 155 #define WOLFSSL_LN_COUNTRY_NAME "/countryName="
wolfSSL 15:117db924cf7c 156 #define WOLFSSL_LOCALITY_NAME "/L="
wolfSSL 16:8e0d178b1d1e 157 #define WOLFSSL_LN_LOCALITY_NAME "/localityName="
wolfSSL 15:117db924cf7c 158 #define WOLFSSL_STATE_NAME "/ST="
wolfSSL 16:8e0d178b1d1e 159 #define WOLFSSL_LN_STATE_NAME "/stateOrProvinceName="
wolfSSL 15:117db924cf7c 160 #define WOLFSSL_ORG_NAME "/O="
wolfSSL 16:8e0d178b1d1e 161 #define WOLFSSL_LN_ORG_NAME "/organizationName="
wolfSSL 15:117db924cf7c 162 #define WOLFSSL_ORGUNIT_NAME "/OU="
wolfSSL 16:8e0d178b1d1e 163 #define WOLFSSL_LN_ORGUNIT_NAME "/organizationalUnitName="
wolfSSL 16:8e0d178b1d1e 164 #define WOLFSSL_DOMAIN_COMPONENT "/DC="
wolfSSL 16:8e0d178b1d1e 165 #define WOLFSSL_LN_DOMAIN_COMPONENT "/domainComponent="
wolfSSL 16:8e0d178b1d1e 166 #define WOLFSSL_BUS_CAT "/businessCategory="
wolfSSL 16:8e0d178b1d1e 167 #define WOLFSSL_JOI_C "/jurisdictionC="
wolfSSL 16:8e0d178b1d1e 168 #define WOLFSSL_JOI_ST "/jurisdictionST="
wolfSSL 16:8e0d178b1d1e 169 #define WOLFSSL_EMAIL_ADDR "/emailAddress="
wolfSSL 16:8e0d178b1d1e 170
wolfSSL 16:8e0d178b1d1e 171 #define WOLFSSL_USER_ID "/UID="
wolfSSL 15:117db924cf7c 172 #define WOLFSSL_DOMAIN_COMPONENT "/DC="
wolfSSL 15:117db924cf7c 173
wolfSSL 16:8e0d178b1d1e 174 #if defined(WOLFSSL_APACHE_HTTPD)
wolfSSL 16:8e0d178b1d1e 175 /* otherName strings */
wolfSSL 16:8e0d178b1d1e 176 #define WOLFSSL_SN_MS_UPN "msUPN"
wolfSSL 16:8e0d178b1d1e 177 #define WOLFSSL_LN_MS_UPN "Microsoft User Principal Name"
wolfSSL 16:8e0d178b1d1e 178 #define WOLFSSL_MS_UPN_SUM 265
wolfSSL 16:8e0d178b1d1e 179 #define WOLFSSL_SN_DNS_SRV "id-on-dnsSRV"
wolfSSL 16:8e0d178b1d1e 180 #define WOLFSSL_LN_DNS_SRV "SRVName"
wolfSSL 16:8e0d178b1d1e 181 /* TLS features extension strings */
wolfSSL 16:8e0d178b1d1e 182 #define WOLFSSL_SN_TLS_FEATURE "tlsfeature"
wolfSSL 16:8e0d178b1d1e 183 #define WOLFSSL_LN_TLS_FEATURE "TLS Feature"
wolfSSL 16:8e0d178b1d1e 184 #define WOLFSSL_TLS_FEATURE_SUM 92
wolfSSL 16:8e0d178b1d1e 185 #endif
wolfSSL 16:8e0d178b1d1e 186
wolfSSL 16:8e0d178b1d1e 187 /* NIDs */
wolfSSL 16:8e0d178b1d1e 188 enum
wolfSSL 16:8e0d178b1d1e 189 {
wolfSSL 16:8e0d178b1d1e 190 NID_undef = 0,
wolfSSL 16:8e0d178b1d1e 191 NID_netscape_cert_type = NID_undef,
wolfSSL 16:8e0d178b1d1e 192 NID_des = 66,
wolfSSL 16:8e0d178b1d1e 193 NID_des3 = 67,
wolfSSL 16:8e0d178b1d1e 194 NID_sha256 = 672,
wolfSSL 16:8e0d178b1d1e 195 NID_sha384 = 673,
wolfSSL 16:8e0d178b1d1e 196 NID_sha512 = 674,
wolfSSL 16:8e0d178b1d1e 197 NID_hw_name_oid = 73,
wolfSSL 16:8e0d178b1d1e 198 NID_id_pkix_OCSP_basic = 74,
wolfSSL 16:8e0d178b1d1e 199 NID_any_policy = 75,
wolfSSL 16:8e0d178b1d1e 200 NID_anyExtendedKeyUsage = 76,
wolfSSL 16:8e0d178b1d1e 201 NID_givenName = 99,
wolfSSL 16:8e0d178b1d1e 202 NID_initials = 101,
wolfSSL 16:8e0d178b1d1e 203 NID_title = 106,
wolfSSL 16:8e0d178b1d1e 204 NID_description = 107,
wolfSSL 16:8e0d178b1d1e 205 NID_basic_constraints = 133,
wolfSSL 16:8e0d178b1d1e 206 NID_key_usage = 129, /* 2.5.29.15 */
wolfSSL 16:8e0d178b1d1e 207 NID_ext_key_usage = 151, /* 2.5.29.37 */
wolfSSL 16:8e0d178b1d1e 208 NID_subject_key_identifier = 128,
wolfSSL 16:8e0d178b1d1e 209 NID_authority_key_identifier = 149,
wolfSSL 16:8e0d178b1d1e 210 NID_private_key_usage_period = 130, /* 2.5.29.16 */
wolfSSL 16:8e0d178b1d1e 211 NID_subject_alt_name = 131,
wolfSSL 16:8e0d178b1d1e 212 NID_issuer_alt_name = 132,
wolfSSL 16:8e0d178b1d1e 213 NID_info_access = 69,
wolfSSL 16:8e0d178b1d1e 214 NID_sinfo_access = 79, /* id-pe 11 */
wolfSSL 16:8e0d178b1d1e 215 NID_name_constraints = 144, /* 2.5.29.30 */
wolfSSL 16:8e0d178b1d1e 216 NID_crl_distribution_points = 145, /* 2.5.29.31 */
wolfSSL 16:8e0d178b1d1e 217 NID_certificate_policies = 146,
wolfSSL 16:8e0d178b1d1e 218 NID_policy_mappings = 147,
wolfSSL 16:8e0d178b1d1e 219 NID_policy_constraints = 150,
wolfSSL 16:8e0d178b1d1e 220 NID_inhibit_any_policy = 168, /* 2.5.29.54 */
wolfSSL 16:8e0d178b1d1e 221 NID_tlsfeature = 1020, /* id-pe 24 */
wolfSSL 16:8e0d178b1d1e 222 NID_commonName = 0x03, /* matches ASN_COMMON_NAME in asn.h */
wolfSSL 16:8e0d178b1d1e 223
wolfSSL 16:8e0d178b1d1e 224
wolfSSL 16:8e0d178b1d1e 225 NID_surname = 0x04, /* SN */
wolfSSL 16:8e0d178b1d1e 226 NID_serialNumber = 0x05, /* serialNumber */
wolfSSL 16:8e0d178b1d1e 227 NID_countryName = 0x06, /* C */
wolfSSL 16:8e0d178b1d1e 228 NID_localityName = 0x07, /* L */
wolfSSL 16:8e0d178b1d1e 229 NID_stateOrProvinceName = 0x08, /* ST */
wolfSSL 16:8e0d178b1d1e 230 NID_organizationName = 0x0a, /* O */
wolfSSL 16:8e0d178b1d1e 231 NID_organizationalUnitName = 0x0b, /* OU */
wolfSSL 16:8e0d178b1d1e 232 NID_jurisdictionCountryName = 0xc,
wolfSSL 16:8e0d178b1d1e 233 NID_jurisdictionStateOrProvinceName = 0xd,
wolfSSL 16:8e0d178b1d1e 234 NID_businessCategory = ASN_BUS_CAT,
wolfSSL 16:8e0d178b1d1e 235 NID_domainComponent = ASN_DOMAIN_COMPONENT,
wolfSSL 16:8e0d178b1d1e 236 NID_emailAddress = 0x30, /* emailAddress */
wolfSSL 16:8e0d178b1d1e 237 NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
wolfSSL 16:8e0d178b1d1e 238 NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
wolfSSL 16:8e0d178b1d1e 239
wolfSSL 16:8e0d178b1d1e 240 NID_X9_62_prime_field = 406 /* 1.2.840.10045.1.1 */
wolfSSL 16:8e0d178b1d1e 241 };
wolfSSL 16:8e0d178b1d1e 242
wolfSSL 16:8e0d178b1d1e 243 enum ECC_TYPES
wolfSSL 16:8e0d178b1d1e 244 {
wolfSSL 15:117db924cf7c 245 ECC_PREFIX_0 = 160,
wolfSSL 15:117db924cf7c 246 ECC_PREFIX_1 = 161
wolfSSL 15:117db924cf7c 247 };
wolfSSL 15:117db924cf7c 248
wolfSSL 16:8e0d178b1d1e 249 #ifdef WOLFSSL_CERT_PIV
wolfSSL 16:8e0d178b1d1e 250 enum PIV_Tags {
wolfSSL 16:8e0d178b1d1e 251 ASN_PIV_CERT = 0x0A,
wolfSSL 16:8e0d178b1d1e 252 ASN_PIV_NONCE = 0x0B,
wolfSSL 16:8e0d178b1d1e 253 ASN_PIV_SIGNED_NONCE = 0x0C,
wolfSSL 16:8e0d178b1d1e 254
wolfSSL 16:8e0d178b1d1e 255 ASN_PIV_TAG_CERT = 0x70,
wolfSSL 16:8e0d178b1d1e 256 ASN_PIV_TAG_CERT_INFO = 0x71,
wolfSSL 16:8e0d178b1d1e 257 ASN_PIV_TAG_MSCUID = 0x72,
wolfSSL 16:8e0d178b1d1e 258 ASN_PIV_TAG_ERR_DET = 0xFE,
wolfSSL 16:8e0d178b1d1e 259
wolfSSL 16:8e0d178b1d1e 260 /* certificate info masks */
wolfSSL 16:8e0d178b1d1e 261 ASN_PIV_CERT_INFO_COMPRESSED = 0x03,
wolfSSL 16:8e0d178b1d1e 262 ASN_PIV_CERT_INFO_ISX509 = 0x04,
wolfSSL 16:8e0d178b1d1e 263 };
wolfSSL 16:8e0d178b1d1e 264 #endif /* WOLFSSL_CERT_PIV */
wolfSSL 16:8e0d178b1d1e 265
wolfSSL 16:8e0d178b1d1e 266
wolfSSL 16:8e0d178b1d1e 267 #define ASN_JOI_PREFIX_SZ 10
wolfSSL 16:8e0d178b1d1e 268 #define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01"
wolfSSL 16:8e0d178b1d1e 269 #define ASN_JOI_C 0x3
wolfSSL 16:8e0d178b1d1e 270 #define ASN_JOI_ST 0x2
wolfSSL 16:8e0d178b1d1e 271
wolfSSL 16:8e0d178b1d1e 272 #ifndef WC_ASN_NAME_MAX
wolfSSL 16:8e0d178b1d1e 273 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 274 #define WC_ASN_NAME_MAX 300
wolfSSL 16:8e0d178b1d1e 275 #else
wolfSSL 16:8e0d178b1d1e 276 #define WC_ASN_NAME_MAX 256
wolfSSL 16:8e0d178b1d1e 277 #endif
wolfSSL 16:8e0d178b1d1e 278 #endif
wolfSSL 16:8e0d178b1d1e 279 #define ASN_NAME_MAX WC_ASN_NAME_MAX
wolfSSL 16:8e0d178b1d1e 280
wolfSSL 15:117db924cf7c 281 enum Misc_ASN {
wolfSSL 15:117db924cf7c 282 MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
wolfSSL 15:117db924cf7c 283 MAX_IV_SIZE = 64, /* MAX PKCS Iv length */
wolfSSL 15:117db924cf7c 284 ASN_BOOL_SIZE = 2, /* including type */
wolfSSL 15:117db924cf7c 285 ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
wolfSSL 15:117db924cf7c 286 ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
wolfSSL 15:117db924cf7c 287 #ifdef NO_SHA
wolfSSL 15:117db924cf7c 288 KEYID_SIZE = WC_SHA256_DIGEST_SIZE,
wolfSSL 15:117db924cf7c 289 #else
wolfSSL 15:117db924cf7c 290 KEYID_SIZE = WC_SHA_DIGEST_SIZE,
wolfSSL 15:117db924cf7c 291 #endif
wolfSSL 15:117db924cf7c 292 RSA_INTS = 8, /* RSA ints in private key */
wolfSSL 15:117db924cf7c 293 DSA_INTS = 5, /* DSA ints in private key */
wolfSSL 15:117db924cf7c 294 MIN_DATE_SIZE = 13,
wolfSSL 15:117db924cf7c 295 MAX_DATE_SIZE = 32,
wolfSSL 15:117db924cf7c 296 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
wolfSSL 16:8e0d178b1d1e 297 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 298 MAX_ENCODED_SIG_SZ = 512,
wolfSSL 16:8e0d178b1d1e 299 #elif defined(HAVE_ECC)
wolfSSL 16:8e0d178b1d1e 300 MAX_ENCODED_SIG_SZ = 140,
wolfSSL 16:8e0d178b1d1e 301 #elif defined(HAVE_CURVE448)
wolfSSL 16:8e0d178b1d1e 302 MAX_ENCODED_SIG_SZ = 114,
wolfSSL 16:8e0d178b1d1e 303 #else
wolfSSL 16:8e0d178b1d1e 304 MAX_ENCODED_SIG_SZ = 64,
wolfSSL 16:8e0d178b1d1e 305 #endif
wolfSSL 15:117db924cf7c 306 MAX_SIG_SZ = 256,
wolfSSL 15:117db924cf7c 307 MAX_ALGO_SZ = 20,
wolfSSL 15:117db924cf7c 308 MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */
wolfSSL 15:117db924cf7c 309 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
wolfSSL 15:117db924cf7c 310 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
wolfSSL 15:117db924cf7c 311 MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */
wolfSSL 15:117db924cf7c 312 MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */
wolfSSL 15:117db924cf7c 313 MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */
wolfSSL 15:117db924cf7c 314 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
wolfSSL 16:8e0d178b1d1e 315 MAX_ENCODED_DIG_ASN_SZ= 9, /* enum(bit or octet) + length(4) */
wolfSSL 16:8e0d178b1d1e 316 MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */
wolfSSL 15:117db924cf7c 317 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
wolfSSL 16:8e0d178b1d1e 318 MAX_DSA_INT_SZ = 261, /* DSA raw sz 2048 for bits + tag + len(4) */
wolfSSL 15:117db924cf7c 319 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
wolfSSL 15:117db924cf7c 320 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
wolfSSL 15:117db924cf7c 321 MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
wolfSSL 15:117db924cf7c 322 MAX_RSA_E_SZ = 16, /* Max RSA public e size */
wolfSSL 15:117db924cf7c 323 MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
wolfSSL 15:117db924cf7c 324 MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
wolfSSL 16:8e0d178b1d1e 325 MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
wolfSSL 16:8e0d178b1d1e 326 /* Maximum DER digest size */
wolfSSL 16:8e0d178b1d1e 327 MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
wolfSSL 16:8e0d178b1d1e 328 /* Maximum DER digest ASN header size */
wolfSSL 15:117db924cf7c 329 #ifdef WOLFSSL_CERT_GEN
wolfSSL 15:117db924cf7c 330 #ifdef WOLFSSL_CERT_REQ
wolfSSL 15:117db924cf7c 331 /* Max encoded cert req attributes length */
wolfSSL 15:117db924cf7c 332 MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 +
wolfSSL 15:117db924cf7c 333 MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */
wolfSSL 15:117db924cf7c 334 #endif
wolfSSL 15:117db924cf7c 335 #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT)
wolfSSL 15:117db924cf7c 336 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
wolfSSL 15:117db924cf7c 337 #else
wolfSSL 15:117db924cf7c 338 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
wolfSSL 15:117db924cf7c 339 #endif
wolfSSL 15:117db924cf7c 340 /* Max total extensions, id + len + others */
wolfSSL 15:117db924cf7c 341 #endif
wolfSSL 16:8e0d178b1d1e 342 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
wolfSSL 15:117db924cf7c 343 MAX_OID_SZ = 32, /* Max DER length of OID*/
wolfSSL 15:117db924cf7c 344 MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
wolfSSL 15:117db924cf7c 345 #endif
wolfSSL 15:117db924cf7c 346 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 347 MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */
wolfSSL 15:117db924cf7c 348 MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */
wolfSSL 15:117db924cf7c 349 MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) +
wolfSSL 15:117db924cf7c 350 CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage
wolfSSL 16:8e0d178b1d1e 351 (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ +
wolfSSL 16:8e0d178b1d1e 352 (6 * (SEQ + OID))) */
wolfSSL 15:117db924cf7c 353 MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
wolfSSL 15:117db924cf7c 354 MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
wolfSSL 15:117db924cf7c 355 #endif
wolfSSL 16:8e0d178b1d1e 356 MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
wolfSSL 15:117db924cf7c 357 MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */
wolfSSL 15:117db924cf7c 358 OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
wolfSSL 15:117db924cf7c 359 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
wolfSSL 15:117db924cf7c 360 MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
wolfSSL 15:117db924cf7c 361 EIGHTK_BUF = 8192, /* Tmp buffer size */
wolfSSL 15:117db924cf7c 362 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
wolfSSL 15:117db924cf7c 363 /* use bigger NTRU size */
wolfSSL 15:117db924cf7c 364 #ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL 15:117db924cf7c 365 HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */
wolfSSL 15:117db924cf7c 366 #else
wolfSSL 15:117db924cf7c 367 HEADER_ENCRYPTED_KEY_SIZE = 0,
wolfSSL 15:117db924cf7c 368 #endif
wolfSSL 15:117db924cf7c 369 TRAILING_ZERO = 1, /* Used for size of zero pad */
wolfSSL 16:8e0d178b1d1e 370 ASN_TAG_SZ = 1, /* single byte ASN.1 tag */
wolfSSL 15:117db924cf7c 371 MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
wolfSSL 16:8e0d178b1d1e 372 #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
wolfSSL 16:8e0d178b1d1e 373 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
wolfSSL 16:8e0d178b1d1e 374 defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
wolfSSL 15:117db924cf7c 375 MAX_TIME_STRING_SZ = 25, /* Max length of formatted time string */
wolfSSL 15:117db924cf7c 376 #endif
wolfSSL 15:117db924cf7c 377
wolfSSL 15:117db924cf7c 378 PKCS5_SALT_SZ = 8,
wolfSSL 15:117db924cf7c 379
wolfSSL 15:117db924cf7c 380 PEM_LINE_LEN = 80, /* PEM line max + fudge */
wolfSSL 15:117db924cf7c 381 };
wolfSSL 15:117db924cf7c 382
wolfSSL 15:117db924cf7c 383
wolfSSL 15:117db924cf7c 384 enum Oid_Types {
wolfSSL 15:117db924cf7c 385 oidHashType = 0,
wolfSSL 15:117db924cf7c 386 oidSigType = 1,
wolfSSL 15:117db924cf7c 387 oidKeyType = 2,
wolfSSL 15:117db924cf7c 388 oidCurveType = 3,
wolfSSL 15:117db924cf7c 389 oidBlkType = 4,
wolfSSL 15:117db924cf7c 390 oidOcspType = 5,
wolfSSL 15:117db924cf7c 391 oidCertExtType = 6,
wolfSSL 15:117db924cf7c 392 oidCertAuthInfoType = 7,
wolfSSL 15:117db924cf7c 393 oidCertPolicyType = 8,
wolfSSL 15:117db924cf7c 394 oidCertAltNameType = 9,
wolfSSL 15:117db924cf7c 395 oidCertKeyUseType = 10,
wolfSSL 15:117db924cf7c 396 oidKdfType = 11,
wolfSSL 15:117db924cf7c 397 oidKeyWrapType = 12,
wolfSSL 15:117db924cf7c 398 oidCmsKeyAgreeType = 13,
wolfSSL 15:117db924cf7c 399 oidPBEType = 14,
wolfSSL 15:117db924cf7c 400 oidHmacType = 15,
wolfSSL 16:8e0d178b1d1e 401 oidCompressType = 16,
wolfSSL 16:8e0d178b1d1e 402 oidCertNameType = 17,
wolfSSL 16:8e0d178b1d1e 403 oidTlsExtType = 18,
wolfSSL 16:8e0d178b1d1e 404 oidCrlExtType = 19,
wolfSSL 15:117db924cf7c 405 oidIgnoreType
wolfSSL 15:117db924cf7c 406 };
wolfSSL 15:117db924cf7c 407
wolfSSL 15:117db924cf7c 408
wolfSSL 15:117db924cf7c 409 enum Hash_Sum {
wolfSSL 16:8e0d178b1d1e 410 MD2h = 646,
wolfSSL 16:8e0d178b1d1e 411 MD5h = 649,
wolfSSL 16:8e0d178b1d1e 412 SHAh = 88,
wolfSSL 16:8e0d178b1d1e 413 SHA224h = 417,
wolfSSL 16:8e0d178b1d1e 414 SHA256h = 414,
wolfSSL 16:8e0d178b1d1e 415 SHA384h = 415,
wolfSSL 16:8e0d178b1d1e 416 SHA512h = 416,
wolfSSL 16:8e0d178b1d1e 417 SHA3_224h = 420,
wolfSSL 16:8e0d178b1d1e 418 SHA3_256h = 421,
wolfSSL 16:8e0d178b1d1e 419 SHA3_384h = 422,
wolfSSL 16:8e0d178b1d1e 420 SHA3_512h = 423
wolfSSL 15:117db924cf7c 421 };
wolfSSL 15:117db924cf7c 422
wolfSSL 15:117db924cf7c 423
wolfSSL 15:117db924cf7c 424 #if !defined(NO_DES3) || !defined(NO_AES)
wolfSSL 15:117db924cf7c 425 enum Block_Sum {
wolfSSL 15:117db924cf7c 426 #ifdef WOLFSSL_AES_128
wolfSSL 15:117db924cf7c 427 AES128CBCb = 414,
wolfSSL 16:8e0d178b1d1e 428 AES128GCMb = 418,
wolfSSL 16:8e0d178b1d1e 429 AES128CCMb = 419,
wolfSSL 15:117db924cf7c 430 #endif
wolfSSL 15:117db924cf7c 431 #ifdef WOLFSSL_AES_192
wolfSSL 15:117db924cf7c 432 AES192CBCb = 434,
wolfSSL 16:8e0d178b1d1e 433 AES192GCMb = 438,
wolfSSL 16:8e0d178b1d1e 434 AES192CCMb = 439,
wolfSSL 15:117db924cf7c 435 #endif
wolfSSL 15:117db924cf7c 436 #ifdef WOLFSSL_AES_256
wolfSSL 15:117db924cf7c 437 AES256CBCb = 454,
wolfSSL 16:8e0d178b1d1e 438 AES256GCMb = 458,
wolfSSL 16:8e0d178b1d1e 439 AES256CCMb = 459,
wolfSSL 15:117db924cf7c 440 #endif
wolfSSL 15:117db924cf7c 441 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 442 DESb = 69,
wolfSSL 15:117db924cf7c 443 DES3b = 652
wolfSSL 15:117db924cf7c 444 #endif
wolfSSL 15:117db924cf7c 445 };
wolfSSL 15:117db924cf7c 446 #endif /* !NO_DES3 || !NO_AES */
wolfSSL 15:117db924cf7c 447
wolfSSL 15:117db924cf7c 448
wolfSSL 15:117db924cf7c 449 enum Key_Sum {
wolfSSL 15:117db924cf7c 450 DSAk = 515,
wolfSSL 15:117db924cf7c 451 RSAk = 645,
wolfSSL 15:117db924cf7c 452 NTRUk = 274,
wolfSSL 15:117db924cf7c 453 ECDSAk = 518,
wolfSSL 16:8e0d178b1d1e 454 ED25519k = 256,
wolfSSL 16:8e0d178b1d1e 455 ED448k = 257,
wolfSSL 16:8e0d178b1d1e 456 DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
wolfSSL 15:117db924cf7c 457 };
wolfSSL 15:117db924cf7c 458
wolfSSL 16:8e0d178b1d1e 459 #if !defined(NO_AES) || defined(HAVE_PKCS7)
wolfSSL 15:117db924cf7c 460 enum KeyWrap_Sum {
wolfSSL 15:117db924cf7c 461 #ifdef WOLFSSL_AES_128
wolfSSL 16:8e0d178b1d1e 462 AES128_WRAP = 417,
wolfSSL 15:117db924cf7c 463 #endif
wolfSSL 15:117db924cf7c 464 #ifdef WOLFSSL_AES_192
wolfSSL 16:8e0d178b1d1e 465 AES192_WRAP = 437,
wolfSSL 15:117db924cf7c 466 #endif
wolfSSL 15:117db924cf7c 467 #ifdef WOLFSSL_AES_256
wolfSSL 16:8e0d178b1d1e 468 AES256_WRAP = 457,
wolfSSL 16:8e0d178b1d1e 469 #endif
wolfSSL 16:8e0d178b1d1e 470 #ifdef HAVE_PKCS7
wolfSSL 16:8e0d178b1d1e 471 PWRI_KEK_WRAP = 680 /*id-alg-PWRI-KEK, 1.2.840.113549.1.9.16.3.9 */
wolfSSL 15:117db924cf7c 472 #endif
wolfSSL 15:117db924cf7c 473 };
wolfSSL 16:8e0d178b1d1e 474 #endif /* !NO_AES || PKCS7 */
wolfSSL 15:117db924cf7c 475
wolfSSL 15:117db924cf7c 476 enum Key_Agree {
wolfSSL 15:117db924cf7c 477 dhSinglePass_stdDH_sha1kdf_scheme = 464,
wolfSSL 15:117db924cf7c 478 dhSinglePass_stdDH_sha224kdf_scheme = 188,
wolfSSL 15:117db924cf7c 479 dhSinglePass_stdDH_sha256kdf_scheme = 189,
wolfSSL 15:117db924cf7c 480 dhSinglePass_stdDH_sha384kdf_scheme = 190,
wolfSSL 15:117db924cf7c 481 dhSinglePass_stdDH_sha512kdf_scheme = 191,
wolfSSL 15:117db924cf7c 482 };
wolfSSL 15:117db924cf7c 483
wolfSSL 15:117db924cf7c 484
wolfSSL 15:117db924cf7c 485
wolfSSL 15:117db924cf7c 486 enum KDF_Sum {
wolfSSL 15:117db924cf7c 487 PBKDF2_OID = 660
wolfSSL 15:117db924cf7c 488 };
wolfSSL 15:117db924cf7c 489
wolfSSL 15:117db924cf7c 490
wolfSSL 15:117db924cf7c 491 enum HMAC_Sum {
wolfSSL 16:8e0d178b1d1e 492 HMAC_SHA224_OID = 652,
wolfSSL 16:8e0d178b1d1e 493 HMAC_SHA256_OID = 653,
wolfSSL 16:8e0d178b1d1e 494 HMAC_SHA384_OID = 654,
wolfSSL 16:8e0d178b1d1e 495 HMAC_SHA512_OID = 655,
wolfSSL 16:8e0d178b1d1e 496 HMAC_SHA3_224_OID = 426,
wolfSSL 16:8e0d178b1d1e 497 HMAC_SHA3_256_OID = 427,
wolfSSL 16:8e0d178b1d1e 498 HMAC_SHA3_384_OID = 428,
wolfSSL 16:8e0d178b1d1e 499 HMAC_SHA3_512_OID = 429
wolfSSL 15:117db924cf7c 500 };
wolfSSL 15:117db924cf7c 501
wolfSSL 15:117db924cf7c 502
wolfSSL 15:117db924cf7c 503 enum Extensions_Sum {
wolfSSL 15:117db924cf7c 504 BASIC_CA_OID = 133,
wolfSSL 15:117db924cf7c 505 ALT_NAMES_OID = 131,
wolfSSL 15:117db924cf7c 506 CRL_DIST_OID = 145,
wolfSSL 15:117db924cf7c 507 AUTH_INFO_OID = 69, /* id-pe 1 */
wolfSSL 15:117db924cf7c 508 AUTH_KEY_OID = 149,
wolfSSL 15:117db924cf7c 509 SUBJ_KEY_OID = 128,
wolfSSL 15:117db924cf7c 510 CERT_POLICY_OID = 146,
wolfSSL 15:117db924cf7c 511 KEY_USAGE_OID = 129, /* 2.5.29.15 */
wolfSSL 15:117db924cf7c 512 INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
wolfSSL 15:117db924cf7c 513 EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
wolfSSL 15:117db924cf7c 514 NAME_CONS_OID = 144, /* 2.5.29.30 */
wolfSSL 15:117db924cf7c 515 PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */
wolfSSL 15:117db924cf7c 516 SUBJECT_INFO_ACCESS = 79, /* id-pe 11 */
wolfSSL 15:117db924cf7c 517 POLICY_MAP_OID = 147,
wolfSSL 15:117db924cf7c 518 POLICY_CONST_OID = 150,
wolfSSL 15:117db924cf7c 519 ISSUE_ALT_NAMES_OID = 132,
wolfSSL 16:8e0d178b1d1e 520 TLS_FEATURE_OID = 92, /* id-pe 24 */
wolfSSL 16:8e0d178b1d1e 521 NETSCAPE_CT_OID = 753 /* 2.16.840.1.113730.1.1 */
wolfSSL 15:117db924cf7c 522 };
wolfSSL 15:117db924cf7c 523
wolfSSL 15:117db924cf7c 524 enum CertificatePolicy_Sum {
wolfSSL 15:117db924cf7c 525 CP_ANY_OID = 146 /* id-ce 32 0 */
wolfSSL 15:117db924cf7c 526 };
wolfSSL 15:117db924cf7c 527
wolfSSL 15:117db924cf7c 528 enum SepHardwareName_Sum {
wolfSSL 15:117db924cf7c 529 HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
wolfSSL 15:117db924cf7c 530 };
wolfSSL 15:117db924cf7c 531
wolfSSL 15:117db924cf7c 532 enum AuthInfo_Sum {
wolfSSL 15:117db924cf7c 533 AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
wolfSSL 15:117db924cf7c 534 AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
wolfSSL 15:117db924cf7c 535 };
wolfSSL 15:117db924cf7c 536
wolfSSL 15:117db924cf7c 537 enum ExtKeyUsage_Sum { /* From RFC 5280 */
wolfSSL 15:117db924cf7c 538 EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */
wolfSSL 15:117db924cf7c 539 EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */
wolfSSL 15:117db924cf7c 540 EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */
wolfSSL 15:117db924cf7c 541 EKU_CODESIGNING_OID = 73, /* 1.3.6.1.5.5.7.3.3, id-kp-codeSigning */
wolfSSL 15:117db924cf7c 542 EKU_EMAILPROTECT_OID = 74, /* 1.3.6.1.5.5.7.3.4, id-kp-emailProtection */
wolfSSL 15:117db924cf7c 543 EKU_TIMESTAMP_OID = 78, /* 1.3.6.1.5.5.7.3.8, id-kp-timeStamping */
wolfSSL 15:117db924cf7c 544 EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, id-kp-OCSPSigning */
wolfSSL 15:117db924cf7c 545 };
wolfSSL 15:117db924cf7c 546
wolfSSL 16:8e0d178b1d1e 547 #ifdef HAVE_LIBZ
wolfSSL 16:8e0d178b1d1e 548 enum CompressAlg_Sum {
wolfSSL 16:8e0d178b1d1e 549 ZLIBc = 679 /* 1.2.840.113549.1.9.16.3.8, id-alg-zlibCompress */
wolfSSL 16:8e0d178b1d1e 550 };
wolfSSL 16:8e0d178b1d1e 551 #endif
wolfSSL 15:117db924cf7c 552
wolfSSL 15:117db924cf7c 553 enum VerifyType {
wolfSSL 15:117db924cf7c 554 NO_VERIFY = 0,
wolfSSL 15:117db924cf7c 555 VERIFY = 1,
wolfSSL 15:117db924cf7c 556 VERIFY_CRL = 2,
wolfSSL 16:8e0d178b1d1e 557 VERIFY_OCSP = 3,
wolfSSL 16:8e0d178b1d1e 558 VERIFY_NAME = 4,
wolfSSL 16:8e0d178b1d1e 559 VERIFY_SKIP_DATE = 5,
wolfSSL 15:117db924cf7c 560 };
wolfSSL 15:117db924cf7c 561
wolfSSL 15:117db924cf7c 562 #ifdef WOLFSSL_CERT_EXT
wolfSSL 15:117db924cf7c 563 enum KeyIdType {
wolfSSL 15:117db924cf7c 564 SKID_TYPE = 0,
wolfSSL 15:117db924cf7c 565 AKID_TYPE = 1
wolfSSL 15:117db924cf7c 566 };
wolfSSL 15:117db924cf7c 567 #endif
wolfSSL 15:117db924cf7c 568
wolfSSL 15:117db924cf7c 569 /* Key usage extension bits (based on RFC 5280) */
wolfSSL 15:117db924cf7c 570 #define KEYUSE_DIGITAL_SIG 0x0080
wolfSSL 15:117db924cf7c 571 #define KEYUSE_CONTENT_COMMIT 0x0040
wolfSSL 15:117db924cf7c 572 #define KEYUSE_KEY_ENCIPHER 0x0020
wolfSSL 15:117db924cf7c 573 #define KEYUSE_DATA_ENCIPHER 0x0010
wolfSSL 15:117db924cf7c 574 #define KEYUSE_KEY_AGREE 0x0008
wolfSSL 15:117db924cf7c 575 #define KEYUSE_KEY_CERT_SIGN 0x0004
wolfSSL 15:117db924cf7c 576 #define KEYUSE_CRL_SIGN 0x0002
wolfSSL 15:117db924cf7c 577 #define KEYUSE_ENCIPHER_ONLY 0x0001
wolfSSL 15:117db924cf7c 578 #define KEYUSE_DECIPHER_ONLY 0x8000
wolfSSL 15:117db924cf7c 579
wolfSSL 15:117db924cf7c 580 /* Extended Key Usage bits (internal mapping only) */
wolfSSL 15:117db924cf7c 581 #define EXTKEYUSE_USER 0x80
wolfSSL 15:117db924cf7c 582 #define EXTKEYUSE_OCSP_SIGN 0x40
wolfSSL 15:117db924cf7c 583 #define EXTKEYUSE_TIMESTAMP 0x20
wolfSSL 15:117db924cf7c 584 #define EXTKEYUSE_EMAILPROT 0x10
wolfSSL 15:117db924cf7c 585 #define EXTKEYUSE_CODESIGN 0x08
wolfSSL 15:117db924cf7c 586 #define EXTKEYUSE_CLIENT_AUTH 0x04
wolfSSL 15:117db924cf7c 587 #define EXTKEYUSE_SERVER_AUTH 0x02
wolfSSL 15:117db924cf7c 588 #define EXTKEYUSE_ANY 0x01
wolfSSL 15:117db924cf7c 589
wolfSSL 15:117db924cf7c 590 typedef struct DNS_entry DNS_entry;
wolfSSL 15:117db924cf7c 591
wolfSSL 15:117db924cf7c 592 struct DNS_entry {
wolfSSL 15:117db924cf7c 593 DNS_entry* next; /* next on DNS list */
wolfSSL 15:117db924cf7c 594 int type; /* i.e. ASN_DNS_TYPE */
wolfSSL 15:117db924cf7c 595 int len; /* actual DNS len */
wolfSSL 15:117db924cf7c 596 char* name; /* actual DNS name */
wolfSSL 15:117db924cf7c 597 };
wolfSSL 15:117db924cf7c 598
wolfSSL 15:117db924cf7c 599
wolfSSL 15:117db924cf7c 600 typedef struct Base_entry Base_entry;
wolfSSL 15:117db924cf7c 601
wolfSSL 15:117db924cf7c 602 struct Base_entry {
wolfSSL 15:117db924cf7c 603 Base_entry* next; /* next on name base list */
wolfSSL 15:117db924cf7c 604 char* name; /* actual name base */
wolfSSL 15:117db924cf7c 605 int nameSz; /* name length */
wolfSSL 15:117db924cf7c 606 byte type; /* Name base type (DNS or RFC822) */
wolfSSL 15:117db924cf7c 607 };
wolfSSL 15:117db924cf7c 608
wolfSSL 15:117db924cf7c 609 #define DOMAIN_COMPONENT_MAX 10
wolfSSL 16:8e0d178b1d1e 610 #define DN_NAMES_MAX 9
wolfSSL 15:117db924cf7c 611
wolfSSL 15:117db924cf7c 612 struct DecodedName {
wolfSSL 15:117db924cf7c 613 char* fullName;
wolfSSL 15:117db924cf7c 614 int fullNameLen;
wolfSSL 15:117db924cf7c 615 int entryCount;
wolfSSL 15:117db924cf7c 616 int cnIdx;
wolfSSL 15:117db924cf7c 617 int cnLen;
wolfSSL 16:8e0d178b1d1e 618 int cnNid;
wolfSSL 15:117db924cf7c 619 int snIdx;
wolfSSL 15:117db924cf7c 620 int snLen;
wolfSSL 16:8e0d178b1d1e 621 int snNid;
wolfSSL 15:117db924cf7c 622 int cIdx;
wolfSSL 15:117db924cf7c 623 int cLen;
wolfSSL 16:8e0d178b1d1e 624 int cNid;
wolfSSL 15:117db924cf7c 625 int lIdx;
wolfSSL 15:117db924cf7c 626 int lLen;
wolfSSL 16:8e0d178b1d1e 627 int lNid;
wolfSSL 15:117db924cf7c 628 int stIdx;
wolfSSL 15:117db924cf7c 629 int stLen;
wolfSSL 16:8e0d178b1d1e 630 int stNid;
wolfSSL 15:117db924cf7c 631 int oIdx;
wolfSSL 15:117db924cf7c 632 int oLen;
wolfSSL 16:8e0d178b1d1e 633 int oNid;
wolfSSL 15:117db924cf7c 634 int ouIdx;
wolfSSL 15:117db924cf7c 635 int ouLen;
wolfSSL 16:8e0d178b1d1e 636 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 637 int bcIdx;
wolfSSL 16:8e0d178b1d1e 638 int bcLen;
wolfSSL 16:8e0d178b1d1e 639 int jcIdx;
wolfSSL 16:8e0d178b1d1e 640 int jcLen;
wolfSSL 16:8e0d178b1d1e 641 int jsIdx;
wolfSSL 16:8e0d178b1d1e 642 int jsLen;
wolfSSL 16:8e0d178b1d1e 643 #endif
wolfSSL 16:8e0d178b1d1e 644 int ouNid;
wolfSSL 15:117db924cf7c 645 int emailIdx;
wolfSSL 15:117db924cf7c 646 int emailLen;
wolfSSL 16:8e0d178b1d1e 647 int emailNid;
wolfSSL 15:117db924cf7c 648 int uidIdx;
wolfSSL 15:117db924cf7c 649 int uidLen;
wolfSSL 16:8e0d178b1d1e 650 int uidNid;
wolfSSL 15:117db924cf7c 651 int serialIdx;
wolfSSL 15:117db924cf7c 652 int serialLen;
wolfSSL 16:8e0d178b1d1e 653 int serialNid;
wolfSSL 15:117db924cf7c 654 int dcIdx[DOMAIN_COMPONENT_MAX];
wolfSSL 15:117db924cf7c 655 int dcLen[DOMAIN_COMPONENT_MAX];
wolfSSL 15:117db924cf7c 656 int dcNum;
wolfSSL 15:117db924cf7c 657 int dcMode;
wolfSSL 16:8e0d178b1d1e 658 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 16:8e0d178b1d1e 659 /* hold the location / order with which each of the DN tags was found
wolfSSL 16:8e0d178b1d1e 660 *
wolfSSL 16:8e0d178b1d1e 661 * example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.
wolfSSL 16:8e0d178b1d1e 662 */
wolfSSL 16:8e0d178b1d1e 663 int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX];
wolfSSL 16:8e0d178b1d1e 664 int locSz;
wolfSSL 16:8e0d178b1d1e 665 #endif
wolfSSL 15:117db924cf7c 666 };
wolfSSL 15:117db924cf7c 667
wolfSSL 15:117db924cf7c 668 enum SignatureState {
wolfSSL 15:117db924cf7c 669 SIG_STATE_BEGIN,
wolfSSL 15:117db924cf7c 670 SIG_STATE_HASH,
wolfSSL 15:117db924cf7c 671 SIG_STATE_KEY,
wolfSSL 15:117db924cf7c 672 SIG_STATE_DO,
wolfSSL 15:117db924cf7c 673 SIG_STATE_CHECK,
wolfSSL 15:117db924cf7c 674 };
wolfSSL 15:117db924cf7c 675
wolfSSL 15:117db924cf7c 676
wolfSSL 15:117db924cf7c 677 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 678 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 679 typedef int (*wc_CallbackEccVerify)(
wolfSSL 15:117db924cf7c 680 const unsigned char* sig, unsigned int sigSz,
wolfSSL 15:117db924cf7c 681 const unsigned char* hash, unsigned int hashSz,
wolfSSL 15:117db924cf7c 682 const unsigned char* keyDer, unsigned int keySz,
wolfSSL 15:117db924cf7c 683 int* result, void* ctx);
wolfSSL 15:117db924cf7c 684 #endif
wolfSSL 15:117db924cf7c 685 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 686 typedef int (*wc_CallbackRsaVerify)(
wolfSSL 15:117db924cf7c 687 unsigned char* sig, unsigned int sigSz,
wolfSSL 15:117db924cf7c 688 unsigned char** out,
wolfSSL 15:117db924cf7c 689 const unsigned char* keyDer, unsigned int keySz,
wolfSSL 15:117db924cf7c 690 void* ctx);
wolfSSL 15:117db924cf7c 691 #endif
wolfSSL 15:117db924cf7c 692 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 15:117db924cf7c 693
wolfSSL 15:117db924cf7c 694 struct SignatureCtx {
wolfSSL 15:117db924cf7c 695 void* heap;
wolfSSL 15:117db924cf7c 696 byte* digest;
wolfSSL 15:117db924cf7c 697 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 698 byte* out;
wolfSSL 15:117db924cf7c 699 byte* plain;
wolfSSL 15:117db924cf7c 700 #endif
wolfSSL 16:8e0d178b1d1e 701 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
wolfSSL 15:117db924cf7c 702 int verify;
wolfSSL 15:117db924cf7c 703 #endif
wolfSSL 15:117db924cf7c 704 union {
wolfSSL 15:117db924cf7c 705 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 706 struct RsaKey* rsa;
wolfSSL 15:117db924cf7c 707 #endif
wolfSSL 15:117db924cf7c 708 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 709 struct ecc_key* ecc;
wolfSSL 15:117db924cf7c 710 #endif
wolfSSL 15:117db924cf7c 711 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 712 struct ed25519_key* ed25519;
wolfSSL 15:117db924cf7c 713 #endif
wolfSSL 16:8e0d178b1d1e 714 #ifdef HAVE_ED448
wolfSSL 16:8e0d178b1d1e 715 struct ed448_key* ed448;
wolfSSL 16:8e0d178b1d1e 716 #endif
wolfSSL 15:117db924cf7c 717 void* ptr;
wolfSSL 15:117db924cf7c 718 } key;
wolfSSL 15:117db924cf7c 719 int devId;
wolfSSL 15:117db924cf7c 720 int state;
wolfSSL 15:117db924cf7c 721 int typeH;
wolfSSL 15:117db924cf7c 722 int digestSz;
wolfSSL 15:117db924cf7c 723 word32 keyOID;
wolfSSL 15:117db924cf7c 724 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 725 WC_ASYNC_DEV* asyncDev;
wolfSSL 15:117db924cf7c 726 void* asyncCtx;
wolfSSL 15:117db924cf7c 727 #endif
wolfSSL 15:117db924cf7c 728
wolfSSL 15:117db924cf7c 729 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 730 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 731 wc_CallbackEccVerify pkCbEcc;
wolfSSL 15:117db924cf7c 732 void* pkCtxEcc;
wolfSSL 15:117db924cf7c 733 #endif
wolfSSL 15:117db924cf7c 734 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 735 wc_CallbackRsaVerify pkCbRsa;
wolfSSL 15:117db924cf7c 736 void* pkCtxRsa;
wolfSSL 15:117db924cf7c 737 #endif
wolfSSL 15:117db924cf7c 738 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 16:8e0d178b1d1e 739 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 740 #ifdef WOLFSSL_RENESAS_TSIP_TLS
wolfSSL 16:8e0d178b1d1e 741 byte verifyByTSIP;
wolfSSL 16:8e0d178b1d1e 742 word32 certBegin;
wolfSSL 16:8e0d178b1d1e 743 word32 pubkey_n_start;
wolfSSL 16:8e0d178b1d1e 744 word32 pubkey_n_len;
wolfSSL 16:8e0d178b1d1e 745 word32 pubkey_e_start;
wolfSSL 16:8e0d178b1d1e 746 word32 pubkey_e_len;
wolfSSL 16:8e0d178b1d1e 747 #endif
wolfSSL 16:8e0d178b1d1e 748 #endif
wolfSSL 15:117db924cf7c 749 };
wolfSSL 15:117db924cf7c 750
wolfSSL 15:117db924cf7c 751 enum CertSignState {
wolfSSL 15:117db924cf7c 752 CERTSIGN_STATE_BEGIN,
wolfSSL 15:117db924cf7c 753 CERTSIGN_STATE_DIGEST,
wolfSSL 15:117db924cf7c 754 CERTSIGN_STATE_ENCODE,
wolfSSL 15:117db924cf7c 755 CERTSIGN_STATE_DO,
wolfSSL 15:117db924cf7c 756 };
wolfSSL 15:117db924cf7c 757
wolfSSL 15:117db924cf7c 758 struct CertSignCtx {
wolfSSL 15:117db924cf7c 759 byte* sig;
wolfSSL 15:117db924cf7c 760 byte* digest;
wolfSSL 15:117db924cf7c 761 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 762 byte* encSig;
wolfSSL 15:117db924cf7c 763 int encSigSz;
wolfSSL 15:117db924cf7c 764 #endif
wolfSSL 15:117db924cf7c 765 int state; /* enum CertSignState */
wolfSSL 15:117db924cf7c 766 };
wolfSSL 15:117db924cf7c 767
wolfSSL 16:8e0d178b1d1e 768 #ifndef WOLFSSL_MAX_PATH_LEN
wolfSSL 16:8e0d178b1d1e 769 /* RFC 5280 Section 6.1.2. "Initialization" - item (k) defines
wolfSSL 16:8e0d178b1d1e 770 * (k) max_path_length: this integer is initialized to "n", is
wolfSSL 16:8e0d178b1d1e 771 * decremented for each non-self-issued certificate in the path,
wolfSSL 16:8e0d178b1d1e 772 * and may be reduced to the value in the path length constraint
wolfSSL 16:8e0d178b1d1e 773 * field within the basic constraints extension of a CA
wolfSSL 16:8e0d178b1d1e 774 * certificate.
wolfSSL 16:8e0d178b1d1e 775 *
wolfSSL 16:8e0d178b1d1e 776 * wolfSSL has arbitrarily selected the value 127 for "n" in the above
wolfSSL 16:8e0d178b1d1e 777 * description. Users can modify the maximum path length by setting
wolfSSL 16:8e0d178b1d1e 778 * WOLFSSL_MAX_PATH_LEN to a preferred value at build time
wolfSSL 16:8e0d178b1d1e 779 */
wolfSSL 16:8e0d178b1d1e 780 #define WOLFSSL_MAX_PATH_LEN 127
wolfSSL 16:8e0d178b1d1e 781 #endif
wolfSSL 15:117db924cf7c 782
wolfSSL 15:117db924cf7c 783 typedef struct DecodedCert DecodedCert;
wolfSSL 15:117db924cf7c 784 typedef struct DecodedName DecodedName;
wolfSSL 15:117db924cf7c 785 typedef struct Signer Signer;
wolfSSL 15:117db924cf7c 786 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 787 typedef struct TrustedPeerCert TrustedPeerCert;
wolfSSL 15:117db924cf7c 788 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 15:117db924cf7c 789 typedef struct SignatureCtx SignatureCtx;
wolfSSL 15:117db924cf7c 790 typedef struct CertSignCtx CertSignCtx;
wolfSSL 15:117db924cf7c 791
wolfSSL 15:117db924cf7c 792
wolfSSL 15:117db924cf7c 793 struct DecodedCert {
wolfSSL 16:8e0d178b1d1e 794 const byte* publicKey;
wolfSSL 15:117db924cf7c 795 word32 pubKeySize;
wolfSSL 15:117db924cf7c 796 int pubKeyStored;
wolfSSL 15:117db924cf7c 797 word32 certBegin; /* offset to start of cert */
wolfSSL 15:117db924cf7c 798 word32 sigIndex; /* offset to start of signature */
wolfSSL 15:117db924cf7c 799 word32 sigLength; /* length of signature */
wolfSSL 15:117db924cf7c 800 word32 signatureOID; /* sum of algorithm object id */
wolfSSL 15:117db924cf7c 801 word32 keyOID; /* sum of key algo object id */
wolfSSL 15:117db924cf7c 802 int version; /* cert version, 1 or 3 */
wolfSSL 15:117db924cf7c 803 DNS_entry* altNames; /* alt names list of dns entries */
wolfSSL 15:117db924cf7c 804 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 15:117db924cf7c 805 DNS_entry* altEmailNames; /* alt names list of RFC822 entries */
wolfSSL 15:117db924cf7c 806 Base_entry* permittedNames; /* Permitted name bases */
wolfSSL 15:117db924cf7c 807 Base_entry* excludedNames; /* Excluded name bases */
wolfSSL 15:117db924cf7c 808 #endif /* IGNORE_NAME_CONSTRAINTS */
wolfSSL 15:117db924cf7c 809 byte subjectHash[KEYID_SIZE]; /* hash of all Names */
wolfSSL 15:117db924cf7c 810 byte issuerHash[KEYID_SIZE]; /* hash of all Names */
wolfSSL 15:117db924cf7c 811 #ifdef HAVE_OCSP
wolfSSL 16:8e0d178b1d1e 812 byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */
wolfSSL 15:117db924cf7c 813 byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
wolfSSL 15:117db924cf7c 814 #endif /* HAVE_OCSP */
wolfSSL 16:8e0d178b1d1e 815 const byte* signature; /* not owned, points into raw cert */
wolfSSL 15:117db924cf7c 816 char* subjectCN; /* CommonName */
wolfSSL 15:117db924cf7c 817 int subjectCNLen; /* CommonName Length */
wolfSSL 15:117db924cf7c 818 char subjectCNEnc; /* CommonName Encoding */
wolfSSL 15:117db924cf7c 819 char issuer[ASN_NAME_MAX]; /* full name including common name */
wolfSSL 15:117db924cf7c 820 char subject[ASN_NAME_MAX]; /* full name including common name */
wolfSSL 15:117db924cf7c 821 int verify; /* Default to yes, but could be off */
wolfSSL 16:8e0d178b1d1e 822 const byte* source; /* byte buffer holder cert, NOT owner */
wolfSSL 15:117db924cf7c 823 word32 srcIdx; /* current offset into buffer */
wolfSSL 15:117db924cf7c 824 word32 maxIdx; /* max offset based on init size */
wolfSSL 15:117db924cf7c 825 void* heap; /* for user memory overrides */
wolfSSL 15:117db924cf7c 826 byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */
wolfSSL 15:117db924cf7c 827 int serialSz; /* raw serial bytes stored */
wolfSSL 16:8e0d178b1d1e 828 const byte* extensions; /* not owned, points into raw cert */
wolfSSL 15:117db924cf7c 829 int extensionsSz; /* length of cert extensions */
wolfSSL 15:117db924cf7c 830 word32 extensionsIdx; /* if want to go back and parse later */
wolfSSL 16:8e0d178b1d1e 831 const byte* extAuthInfo; /* Authority Information Access URI */
wolfSSL 15:117db924cf7c 832 int extAuthInfoSz; /* length of the URI */
wolfSSL 16:8e0d178b1d1e 833 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 834 const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */
wolfSSL 16:8e0d178b1d1e 835 int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */
wolfSSL 16:8e0d178b1d1e 836 #endif
wolfSSL 16:8e0d178b1d1e 837 const byte* extCrlInfo; /* CRL Distribution Points */
wolfSSL 15:117db924cf7c 838 int extCrlInfoSz; /* length of the URI */
wolfSSL 15:117db924cf7c 839 byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
wolfSSL 15:117db924cf7c 840 byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */
wolfSSL 15:117db924cf7c 841 byte pathLength; /* CA basic constraint path length */
wolfSSL 16:8e0d178b1d1e 842 byte maxPathLen; /* max_path_len see RFC 5280 section
wolfSSL 16:8e0d178b1d1e 843 * 6.1.2 "Initialization" - (k) for
wolfSSL 16:8e0d178b1d1e 844 * description of max_path_len */
wolfSSL 15:117db924cf7c 845 word16 extKeyUsage; /* Key usage bitfield */
wolfSSL 15:117db924cf7c 846 byte extExtKeyUsage; /* Extended Key usage bitfield */
wolfSSL 15:117db924cf7c 847
wolfSSL 15:117db924cf7c 848 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 16:8e0d178b1d1e 849 const byte* extExtKeyUsageSrc;
wolfSSL 15:117db924cf7c 850 word32 extExtKeyUsageSz;
wolfSSL 15:117db924cf7c 851 word32 extExtKeyUsageCount;
wolfSSL 16:8e0d178b1d1e 852 const byte* extAuthKeyIdSrc;
wolfSSL 15:117db924cf7c 853 word32 extAuthKeyIdSz;
wolfSSL 16:8e0d178b1d1e 854 const byte* extSubjKeyIdSrc;
wolfSSL 15:117db924cf7c 855 word32 extSubjKeyIdSz;
wolfSSL 15:117db924cf7c 856 #endif
wolfSSL 15:117db924cf7c 857
wolfSSL 16:8e0d178b1d1e 858 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
wolfSSL 15:117db924cf7c 859 word32 pkCurveOID; /* Public Key's curve OID */
wolfSSL 15:117db924cf7c 860 #endif /* HAVE_ECC */
wolfSSL 16:8e0d178b1d1e 861 const byte* beforeDate;
wolfSSL 15:117db924cf7c 862 int beforeDateLen;
wolfSSL 16:8e0d178b1d1e 863 const byte* afterDate;
wolfSSL 15:117db924cf7c 864 int afterDateLen;
wolfSSL 16:8e0d178b1d1e 865 #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
wolfSSL 16:8e0d178b1d1e 866 const byte* issuerRaw; /* pointer to issuer inside source */
wolfSSL 15:117db924cf7c 867 int issuerRawLen;
wolfSSL 15:117db924cf7c 868 #endif
wolfSSL 16:8e0d178b1d1e 869 #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
wolfSSL 16:8e0d178b1d1e 870 const byte* subjectRaw; /* pointer to subject inside source */
wolfSSL 15:117db924cf7c 871 int subjectRawLen;
wolfSSL 15:117db924cf7c 872 #endif
wolfSSL 16:8e0d178b1d1e 873 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
wolfSSL 15:117db924cf7c 874 /* easy access to subject info for other sign */
wolfSSL 15:117db924cf7c 875 char* subjectSN;
wolfSSL 15:117db924cf7c 876 int subjectSNLen;
wolfSSL 15:117db924cf7c 877 char subjectSNEnc;
wolfSSL 15:117db924cf7c 878 char* subjectC;
wolfSSL 15:117db924cf7c 879 int subjectCLen;
wolfSSL 15:117db924cf7c 880 char subjectCEnc;
wolfSSL 15:117db924cf7c 881 char* subjectL;
wolfSSL 15:117db924cf7c 882 int subjectLLen;
wolfSSL 15:117db924cf7c 883 char subjectLEnc;
wolfSSL 15:117db924cf7c 884 char* subjectST;
wolfSSL 15:117db924cf7c 885 int subjectSTLen;
wolfSSL 15:117db924cf7c 886 char subjectSTEnc;
wolfSSL 15:117db924cf7c 887 char* subjectO;
wolfSSL 15:117db924cf7c 888 int subjectOLen;
wolfSSL 15:117db924cf7c 889 char subjectOEnc;
wolfSSL 15:117db924cf7c 890 char* subjectOU;
wolfSSL 15:117db924cf7c 891 int subjectOULen;
wolfSSL 15:117db924cf7c 892 char subjectOUEnc;
wolfSSL 16:8e0d178b1d1e 893 char* subjectSND;
wolfSSL 16:8e0d178b1d1e 894 int subjectSNDLen;
wolfSSL 16:8e0d178b1d1e 895 char subjectSNDEnc;
wolfSSL 16:8e0d178b1d1e 896 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 897 char* subjectBC;
wolfSSL 16:8e0d178b1d1e 898 int subjectBCLen;
wolfSSL 16:8e0d178b1d1e 899 char subjectBCEnc;
wolfSSL 16:8e0d178b1d1e 900 char* subjectJC;
wolfSSL 16:8e0d178b1d1e 901 int subjectJCLen;
wolfSSL 16:8e0d178b1d1e 902 char subjectJCEnc;
wolfSSL 16:8e0d178b1d1e 903 char* subjectJS;
wolfSSL 16:8e0d178b1d1e 904 int subjectJSLen;
wolfSSL 16:8e0d178b1d1e 905 char subjectJSEnc;
wolfSSL 16:8e0d178b1d1e 906 #endif
wolfSSL 15:117db924cf7c 907 char* subjectEmail;
wolfSSL 15:117db924cf7c 908 int subjectEmailLen;
wolfSSL 15:117db924cf7c 909 #endif /* WOLFSSL_CERT_GEN */
wolfSSL 15:117db924cf7c 910 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 15:117db924cf7c 911 DecodedName issuerName;
wolfSSL 15:117db924cf7c 912 DecodedName subjectName;
wolfSSL 15:117db924cf7c 913 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 914 #ifdef WOLFSSL_SEP
wolfSSL 15:117db924cf7c 915 int deviceTypeSz;
wolfSSL 15:117db924cf7c 916 byte* deviceType;
wolfSSL 15:117db924cf7c 917 int hwTypeSz;
wolfSSL 15:117db924cf7c 918 byte* hwType;
wolfSSL 15:117db924cf7c 919 int hwSerialNumSz;
wolfSSL 15:117db924cf7c 920 byte* hwSerialNum;
wolfSSL 15:117db924cf7c 921 #endif /* WOLFSSL_SEP */
wolfSSL 15:117db924cf7c 922 #ifdef WOLFSSL_CERT_EXT
wolfSSL 15:117db924cf7c 923 char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
wolfSSL 15:117db924cf7c 924 int extCertPoliciesNb;
wolfSSL 16:8e0d178b1d1e 925 #endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
wolfSSL 15:117db924cf7c 926
wolfSSL 15:117db924cf7c 927 Signer* ca;
wolfSSL 16:8e0d178b1d1e 928 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 929 SignatureCtx sigCtx;
wolfSSL 16:8e0d178b1d1e 930 #endif
wolfSSL 16:8e0d178b1d1e 931 #ifdef WOLFSSL_RENESAS_TSIP
wolfSSL 16:8e0d178b1d1e 932 byte* tsip_encRsaKeyIdx;
wolfSSL 16:8e0d178b1d1e 933 #endif
wolfSSL 16:8e0d178b1d1e 934
wolfSSL 16:8e0d178b1d1e 935 int badDate;
wolfSSL 16:8e0d178b1d1e 936 int criticalExt;
wolfSSL 15:117db924cf7c 937
wolfSSL 15:117db924cf7c 938 /* Option Bits */
wolfSSL 15:117db924cf7c 939 byte subjectCNStored : 1; /* have we saved a copy we own */
wolfSSL 15:117db924cf7c 940 byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */
wolfSSL 15:117db924cf7c 941 byte extAuthKeyIdSet : 1; /* Set when the AKID was read from cert */
wolfSSL 15:117db924cf7c 942 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 15:117db924cf7c 943 byte extNameConstraintSet : 1;
wolfSSL 15:117db924cf7c 944 #endif
wolfSSL 15:117db924cf7c 945 byte isCA : 1; /* CA basic constraint true */
wolfSSL 15:117db924cf7c 946 byte pathLengthSet : 1; /* CA basic const path length set */
wolfSSL 15:117db924cf7c 947 byte weOwnAltNames : 1; /* altNames haven't been given to copy */
wolfSSL 15:117db924cf7c 948 byte extKeyUsageSet : 1;
wolfSSL 15:117db924cf7c 949 byte extExtKeyUsageSet : 1; /* Extended Key Usage set */
wolfSSL 15:117db924cf7c 950 byte extCRLdistSet : 1;
wolfSSL 15:117db924cf7c 951 byte extAuthInfoSet : 1;
wolfSSL 15:117db924cf7c 952 byte extBasicConstSet : 1;
wolfSSL 15:117db924cf7c 953 byte extSubjAltNameSet : 1;
wolfSSL 15:117db924cf7c 954 byte inhibitAnyOidSet : 1;
wolfSSL 16:8e0d178b1d1e 955 byte selfSigned : 1; /* Indicates subject and issuer are same */
wolfSSL 16:8e0d178b1d1e 956 #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
wolfSSL 15:117db924cf7c 957 byte extCertPolicySet : 1;
wolfSSL 15:117db924cf7c 958 #endif
wolfSSL 15:117db924cf7c 959 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 15:117db924cf7c 960 byte extCRLdistCrit : 1;
wolfSSL 15:117db924cf7c 961 byte extAuthInfoCrit : 1;
wolfSSL 15:117db924cf7c 962 byte extBasicConstCrit : 1;
wolfSSL 15:117db924cf7c 963 byte extSubjAltNameCrit : 1;
wolfSSL 15:117db924cf7c 964 byte extAuthKeyIdCrit : 1;
wolfSSL 15:117db924cf7c 965 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 15:117db924cf7c 966 byte extNameConstraintCrit : 1;
wolfSSL 15:117db924cf7c 967 #endif
wolfSSL 15:117db924cf7c 968 byte extSubjKeyIdCrit : 1;
wolfSSL 15:117db924cf7c 969 byte extKeyUsageCrit : 1;
wolfSSL 15:117db924cf7c 970 byte extExtKeyUsageCrit : 1;
wolfSSL 15:117db924cf7c 971 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 972 #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
wolfSSL 15:117db924cf7c 973 byte extCertPolicyCrit : 1;
wolfSSL 15:117db924cf7c 974 #endif
wolfSSL 15:117db924cf7c 975
wolfSSL 15:117db924cf7c 976 };
wolfSSL 15:117db924cf7c 977
wolfSSL 15:117db924cf7c 978
wolfSSL 15:117db924cf7c 979 #ifdef NO_SHA
wolfSSL 15:117db924cf7c 980 #define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
wolfSSL 15:117db924cf7c 981 #else
wolfSSL 15:117db924cf7c 982 #define SIGNER_DIGEST_SIZE WC_SHA_DIGEST_SIZE
wolfSSL 15:117db924cf7c 983 #endif
wolfSSL 15:117db924cf7c 984
wolfSSL 15:117db924cf7c 985 /* CA Signers */
wolfSSL 15:117db924cf7c 986 /* if change layout change PERSIST_CERT_CACHE functions too */
wolfSSL 15:117db924cf7c 987 struct Signer {
wolfSSL 15:117db924cf7c 988 word32 pubKeySize;
wolfSSL 15:117db924cf7c 989 word32 keyOID; /* key type */
wolfSSL 15:117db924cf7c 990 word16 keyUsage;
wolfSSL 16:8e0d178b1d1e 991 byte maxPathLen;
wolfSSL 15:117db924cf7c 992 byte pathLength;
wolfSSL 16:8e0d178b1d1e 993 byte pathLengthSet : 1;
wolfSSL 16:8e0d178b1d1e 994 byte selfSigned : 1;
wolfSSL 16:8e0d178b1d1e 995 const byte* publicKey;
wolfSSL 15:117db924cf7c 996 int nameLen;
wolfSSL 15:117db924cf7c 997 char* name; /* common name */
wolfSSL 15:117db924cf7c 998 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 15:117db924cf7c 999 Base_entry* permittedNames;
wolfSSL 15:117db924cf7c 1000 Base_entry* excludedNames;
wolfSSL 15:117db924cf7c 1001 #endif /* IGNORE_NAME_CONSTRAINTS */
wolfSSL 15:117db924cf7c 1002 byte subjectNameHash[SIGNER_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 1003 /* sha hash of names in certificate */
wolfSSL 15:117db924cf7c 1004 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 1005 byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 1006 /* sha hash of names in certificate */
wolfSSL 15:117db924cf7c 1007 #endif
wolfSSL 16:8e0d178b1d1e 1008 #ifdef HAVE_OCSP
wolfSSL 16:8e0d178b1d1e 1009 byte subjectKeyHash[KEYID_SIZE];
wolfSSL 16:8e0d178b1d1e 1010 #endif
wolfSSL 15:117db924cf7c 1011 #ifdef WOLFSSL_SIGNER_DER_CERT
wolfSSL 15:117db924cf7c 1012 DerBuffer* derCert;
wolfSSL 15:117db924cf7c 1013 #endif
wolfSSL 16:8e0d178b1d1e 1014 #ifdef WOLFSSL_RENESAS_TSIP_TLS
wolfSSL 16:8e0d178b1d1e 1015 word32 cm_idx;
wolfSSL 16:8e0d178b1d1e 1016 #endif
wolfSSL 15:117db924cf7c 1017 Signer* next;
wolfSSL 15:117db924cf7c 1018 };
wolfSSL 15:117db924cf7c 1019
wolfSSL 15:117db924cf7c 1020
wolfSSL 15:117db924cf7c 1021 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 1022 /* used for having trusted peer certs rather then CA */
wolfSSL 15:117db924cf7c 1023 struct TrustedPeerCert {
wolfSSL 15:117db924cf7c 1024 int nameLen;
wolfSSL 15:117db924cf7c 1025 char* name; /* common name */
wolfSSL 15:117db924cf7c 1026 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 15:117db924cf7c 1027 Base_entry* permittedNames;
wolfSSL 15:117db924cf7c 1028 Base_entry* excludedNames;
wolfSSL 15:117db924cf7c 1029 #endif /* IGNORE_NAME_CONSTRAINTS */
wolfSSL 15:117db924cf7c 1030 byte subjectNameHash[SIGNER_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 1031 /* sha hash of names in certificate */
wolfSSL 15:117db924cf7c 1032 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 1033 byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 1034 /* sha hash of names in certificate */
wolfSSL 15:117db924cf7c 1035 #endif
wolfSSL 15:117db924cf7c 1036 word32 sigLen;
wolfSSL 15:117db924cf7c 1037 byte* sig;
wolfSSL 15:117db924cf7c 1038 struct TrustedPeerCert* next;
wolfSSL 15:117db924cf7c 1039 };
wolfSSL 15:117db924cf7c 1040 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 15:117db924cf7c 1041
wolfSSL 15:117db924cf7c 1042
wolfSSL 15:117db924cf7c 1043 /* for testing or custom openssl wrappers */
wolfSSL 15:117db924cf7c 1044 #if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
wolfSSL 15:117db924cf7c 1045 defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 15:117db924cf7c 1046 #define WOLFSSL_ASN_API WOLFSSL_API
wolfSSL 15:117db924cf7c 1047 #else
wolfSSL 15:117db924cf7c 1048 #define WOLFSSL_ASN_API WOLFSSL_LOCAL
wolfSSL 15:117db924cf7c 1049 #endif
wolfSSL 15:117db924cf7c 1050
wolfSSL 16:8e0d178b1d1e 1051 WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash);
wolfSSL 16:8e0d178b1d1e 1052
wolfSSL 15:117db924cf7c 1053 WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
wolfSSL 15:117db924cf7c 1054 word32* derSz);
wolfSSL 15:117db924cf7c 1055
wolfSSL 15:117db924cf7c 1056 WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*);
wolfSSL 15:117db924cf7c 1057 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 15:117db924cf7c 1058 WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*);
wolfSSL 15:117db924cf7c 1059 #endif /* IGNORE_NAME_CONSTRAINTS */
wolfSSL 16:8e0d178b1d1e 1060 WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, const byte*, word32, void*);
wolfSSL 15:117db924cf7c 1061 WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*);
wolfSSL 15:117db924cf7c 1062 WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
wolfSSL 15:117db924cf7c 1063
wolfSSL 16:8e0d178b1d1e 1064 WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz,
wolfSSL 16:8e0d178b1d1e 1065 const byte *in, word32 inSz);
wolfSSL 16:8e0d178b1d1e 1066 WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
wolfSSL 16:8e0d178b1d1e 1067 const char *in, void* heap);
wolfSSL 16:8e0d178b1d1e 1068 WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
wolfSSL 16:8e0d178b1d1e 1069 WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
wolfSSL 16:8e0d178b1d1e 1070 void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
wolfSSL 15:117db924cf7c 1071 WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
wolfSSL 15:117db924cf7c 1072 WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
wolfSSL 16:8e0d178b1d1e 1073 WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
wolfSSL 15:117db924cf7c 1074
wolfSSL 15:117db924cf7c 1075 WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz);
wolfSSL 15:117db924cf7c 1076 WOLFSSL_LOCAL Signer* MakeSigner(void*);
wolfSSL 15:117db924cf7c 1077 WOLFSSL_LOCAL void FreeSigner(Signer*, void*);
wolfSSL 15:117db924cf7c 1078 WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*);
wolfSSL 15:117db924cf7c 1079 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 1080 WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*);
wolfSSL 15:117db924cf7c 1081 WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*);
wolfSSL 15:117db924cf7c 1082 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 15:117db924cf7c 1083
wolfSSL 15:117db924cf7c 1084 WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length);
wolfSSL 16:8e0d178b1d1e 1085 WOLFSSL_ASN_API int ToTraditional_ex(byte* buffer, word32 length,
wolfSSL 16:8e0d178b1d1e 1086 word32* algId);
wolfSSL 15:117db924cf7c 1087 WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx,
wolfSSL 15:117db924cf7c 1088 word32 length);
wolfSSL 16:8e0d178b1d1e 1089 WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx,
wolfSSL 16:8e0d178b1d1e 1090 word32 length, word32* algId);
wolfSSL 16:8e0d178b1d1e 1091 WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int,
wolfSSL 16:8e0d178b1d1e 1092 word32* algId);
wolfSSL 15:117db924cf7c 1093 WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out,
wolfSSL 15:117db924cf7c 1094 word32* outSz, const char* password, int passwordSz, int vPKCS,
wolfSSL 15:117db924cf7c 1095 int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap);
wolfSSL 16:8e0d178b1d1e 1096 WOLFSSL_ASN_API int TraditionalEnc(byte* key, word32 keySz, byte* out,
wolfSSL 16:8e0d178b1d1e 1097 word32* outSz, const char* password, int passwordSz, int vPKCS,
wolfSSL 16:8e0d178b1d1e 1098 int vAlgo, int encAlgId, byte* salt, word32 saltSz, int itt,
wolfSSL 16:8e0d178b1d1e 1099 WC_RNG* rng, void* heap);
wolfSSL 15:117db924cf7c 1100 WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz);
wolfSSL 15:117db924cf7c 1101 WOLFSSL_LOCAL int EncryptContent(byte* input, word32 sz, byte* out, word32* outSz,
wolfSSL 15:117db924cf7c 1102 const char* password,int passwordSz, int vPKCS, int vAlgo,
wolfSSL 15:117db924cf7c 1103 byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap);
wolfSSL 15:117db924cf7c 1104 WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID,
wolfSSL 15:117db924cf7c 1105 word32* oidSz, int* algoID, void* heap);
wolfSSL 15:117db924cf7c 1106
wolfSSL 15:117db924cf7c 1107 typedef struct tm wolfssl_tm;
wolfSSL 15:117db924cf7c 1108 #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
wolfSSL 15:117db924cf7c 1109 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 1110 WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
wolfSSL 15:117db924cf7c 1111 #endif
wolfSSL 16:8e0d178b1d1e 1112 #if !defined(NO_ASN_TIME) && defined(HAVE_PKCS7)
wolfSSL 16:8e0d178b1d1e 1113 WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len);
wolfSSL 16:8e0d178b1d1e 1114 #endif
wolfSSL 15:117db924cf7c 1115 WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
wolfSSL 15:117db924cf7c 1116 wolfssl_tm* certTime, int* idx);
wolfSSL 16:8e0d178b1d1e 1117 WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
wolfSSL 15:117db924cf7c 1118 WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
wolfSSL 16:8e0d178b1d1e 1119 WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
wolfSSL 15:117db924cf7c 1120
wolfSSL 15:117db924cf7c 1121 /* ASN.1 helper functions */
wolfSSL 15:117db924cf7c 1122 #ifdef WOLFSSL_CERT_GEN
wolfSSL 15:117db924cf7c 1123 WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
wolfSSL 15:117db924cf7c 1124 #endif
wolfSSL 15:117db924cf7c 1125 WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
wolfSSL 15:117db924cf7c 1126 word32 maxIdx);
wolfSSL 16:8e0d178b1d1e 1127 WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number,
wolfSSL 16:8e0d178b1d1e 1128 word32 maxIdx);
wolfSSL 16:8e0d178b1d1e 1129
wolfSSL 16:8e0d178b1d1e 1130 WOLFSSL_LOCAL const char* GetSigName(int oid);
wolfSSL 15:117db924cf7c 1131 WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
wolfSSL 15:117db924cf7c 1132 word32 maxIdx);
wolfSSL 16:8e0d178b1d1e 1133 WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len,
wolfSSL 16:8e0d178b1d1e 1134 word32 maxIdx, int check);
wolfSSL 15:117db924cf7c 1135 WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
wolfSSL 15:117db924cf7c 1136 word32 maxIdx);
wolfSSL 16:8e0d178b1d1e 1137 WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
wolfSSL 16:8e0d178b1d1e 1138 word32 maxIdx, int check);
wolfSSL 16:8e0d178b1d1e 1139 WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len,
wolfSSL 16:8e0d178b1d1e 1140 word32 maxIdx);
wolfSSL 15:117db924cf7c 1141 WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
wolfSSL 15:117db924cf7c 1142 word32 maxIdx);
wolfSSL 16:8e0d178b1d1e 1143 WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
wolfSSL 16:8e0d178b1d1e 1144 word32 maxIdx, int check);
wolfSSL 15:117db924cf7c 1145 WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
wolfSSL 15:117db924cf7c 1146 int* version, word32 maxIdx);
wolfSSL 15:117db924cf7c 1147 WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
wolfSSL 15:117db924cf7c 1148 word32 maxIdx);
wolfSSL 15:117db924cf7c 1149 #ifdef HAVE_OID_ENCODING
wolfSSL 15:117db924cf7c 1150 WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz,
wolfSSL 15:117db924cf7c 1151 byte* out, word32* outSz);
wolfSSL 15:117db924cf7c 1152 #endif
wolfSSL 15:117db924cf7c 1153 #ifdef HAVE_OID_DECODING
wolfSSL 15:117db924cf7c 1154 WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz,
wolfSSL 15:117db924cf7c 1155 word16* out, word32* outSz);
wolfSSL 15:117db924cf7c 1156 #endif
wolfSSL 16:8e0d178b1d1e 1157 WOLFSSL_LOCAL int GetASNObjectId(const byte* input, word32* inOutIdx, int* len,
wolfSSL 16:8e0d178b1d1e 1158 word32 maxIdx);
wolfSSL 16:8e0d178b1d1e 1159 WOLFSSL_LOCAL int SetObjectId(int len, byte* output);
wolfSSL 15:117db924cf7c 1160 WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
wolfSSL 15:117db924cf7c 1161 word32 oidType, word32 maxIdx);
wolfSSL 15:117db924cf7c 1162 WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
wolfSSL 15:117db924cf7c 1163 word32 oidType, word32 maxIdx);
wolfSSL 16:8e0d178b1d1e 1164 WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
wolfSSL 16:8e0d178b1d1e 1165 word32 inputSz);
wolfSSL 15:117db924cf7c 1166 WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
wolfSSL 15:117db924cf7c 1167 WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
wolfSSL 15:117db924cf7c 1168 WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
wolfSSL 16:8e0d178b1d1e 1169 #if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_DH) \
wolfSSL 16:8e0d178b1d1e 1170 || defined(WOLFSSL_OPENSSH)
wolfSSL 16:8e0d178b1d1e 1171 WOLFSSL_LOCAL int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz);
wolfSSL 16:8e0d178b1d1e 1172 WOLFSSL_LOCAL int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz);
wolfSSL 16:8e0d178b1d1e 1173 WOLFSSL_LOCAL int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
wolfSSL 16:8e0d178b1d1e 1174 #endif
wolfSSL 16:8e0d178b1d1e 1175 WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output);
wolfSSL 15:117db924cf7c 1176 WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
wolfSSL 15:117db924cf7c 1177 WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
wolfSSL 15:117db924cf7c 1178 WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
wolfSSL 15:117db924cf7c 1179 WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
wolfSSL 15:117db924cf7c 1180 WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
wolfSSL 15:117db924cf7c 1181 WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
wolfSSL 16:8e0d178b1d1e 1182 word32 outputSz, int maxSnSz);
wolfSSL 15:117db924cf7c 1183 WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
wolfSSL 15:117db924cf7c 1184 byte* serial, int* serialSz, word32 maxIdx);
wolfSSL 15:117db924cf7c 1185 WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
wolfSSL 15:117db924cf7c 1186 int maxIdx);
wolfSSL 15:117db924cf7c 1187 WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der);
wolfSSL 16:8e0d178b1d1e 1188 WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
wolfSSL 16:8e0d178b1d1e 1189 WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
wolfSSL 15:117db924cf7c 1190
wolfSSL 15:117db924cf7c 1191 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 1192 /* ASN sig helpers */
wolfSSL 15:117db924cf7c 1193 WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
wolfSSL 15:117db924cf7c 1194 mp_int* s);
wolfSSL 15:117db924cf7c 1195 WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
wolfSSL 15:117db924cf7c 1196 mp_int* r, mp_int* s);
wolfSSL 15:117db924cf7c 1197 #endif
wolfSSL 16:8e0d178b1d1e 1198 #if defined HAVE_ECC && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
wolfSSL 16:8e0d178b1d1e 1199 WOLFSSL_API int EccEnumToNID(int n);
wolfSSL 16:8e0d178b1d1e 1200 #endif
wolfSSL 15:117db924cf7c 1201
wolfSSL 15:117db924cf7c 1202 WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId);
wolfSSL 15:117db924cf7c 1203 WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx);
wolfSSL 15:117db924cf7c 1204
wolfSSL 15:117db924cf7c 1205 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 1206
wolfSSL 16:8e0d178b1d1e 1207 WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info, char** pBuffer,
wolfSSL 16:8e0d178b1d1e 1208 size_t bufSz);
wolfSSL 16:8e0d178b1d1e 1209
wolfSSL 15:117db924cf7c 1210 WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
wolfSSL 15:117db924cf7c 1211 DerBuffer** pDer, void* heap, EncryptedInfo* info,
wolfSSL 15:117db924cf7c 1212 int* eccKey);
wolfSSL 15:117db924cf7c 1213 WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap);
wolfSSL 15:117db924cf7c 1214 WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
wolfSSL 15:117db924cf7c 1215
wolfSSL 15:117db924cf7c 1216 #endif /* !NO_CERTS */
wolfSSL 15:117db924cf7c 1217
wolfSSL 15:117db924cf7c 1218 #ifdef WOLFSSL_CERT_GEN
wolfSSL 15:117db924cf7c 1219
wolfSSL 15:117db924cf7c 1220 enum cert_enums {
wolfSSL 16:8e0d178b1d1e 1221 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 1222 NAME_ENTRIES = 10,
wolfSSL 16:8e0d178b1d1e 1223 #else
wolfSSL 16:8e0d178b1d1e 1224 NAME_ENTRIES = 9,
wolfSSL 16:8e0d178b1d1e 1225 #endif
wolfSSL 15:117db924cf7c 1226 JOINT_LEN = 2,
wolfSSL 15:117db924cf7c 1227 EMAIL_JOINT_LEN = 9,
wolfSSL 15:117db924cf7c 1228 PILOT_JOINT_LEN = 10,
wolfSSL 15:117db924cf7c 1229 RSA_KEY = 10,
wolfSSL 15:117db924cf7c 1230 NTRU_KEY = 11,
wolfSSL 15:117db924cf7c 1231 ECC_KEY = 12,
wolfSSL 16:8e0d178b1d1e 1232 ED25519_KEY = 13,
wolfSSL 16:8e0d178b1d1e 1233 ED448_KEY = 14
wolfSSL 15:117db924cf7c 1234 };
wolfSSL 15:117db924cf7c 1235
wolfSSL 15:117db924cf7c 1236 #endif /* WOLFSSL_CERT_GEN */
wolfSSL 15:117db924cf7c 1237
wolfSSL 15:117db924cf7c 1238
wolfSSL 15:117db924cf7c 1239
wolfSSL 15:117db924cf7c 1240 /* for pointer use */
wolfSSL 15:117db924cf7c 1241 typedef struct CertStatus CertStatus;
wolfSSL 15:117db924cf7c 1242
wolfSSL 15:117db924cf7c 1243 #ifdef HAVE_OCSP
wolfSSL 15:117db924cf7c 1244
wolfSSL 15:117db924cf7c 1245 enum Ocsp_Response_Status {
wolfSSL 15:117db924cf7c 1246 OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */
wolfSSL 15:117db924cf7c 1247 OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */
wolfSSL 15:117db924cf7c 1248 OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */
wolfSSL 15:117db924cf7c 1249 OCSP_TRY_LATER = 3, /* Try again later */
wolfSSL 15:117db924cf7c 1250 OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */
wolfSSL 15:117db924cf7c 1251 OCSP_UNAUTHROIZED = 6 /* Request unauthorized */
wolfSSL 15:117db924cf7c 1252 };
wolfSSL 15:117db924cf7c 1253
wolfSSL 15:117db924cf7c 1254
wolfSSL 15:117db924cf7c 1255 enum Ocsp_Cert_Status {
wolfSSL 15:117db924cf7c 1256 CERT_GOOD = 0,
wolfSSL 15:117db924cf7c 1257 CERT_REVOKED = 1,
wolfSSL 15:117db924cf7c 1258 CERT_UNKNOWN = 2
wolfSSL 15:117db924cf7c 1259 };
wolfSSL 15:117db924cf7c 1260
wolfSSL 15:117db924cf7c 1261
wolfSSL 15:117db924cf7c 1262 enum Ocsp_Sums {
wolfSSL 15:117db924cf7c 1263 OCSP_BASIC_OID = 117,
wolfSSL 15:117db924cf7c 1264 OCSP_NONCE_OID = 118
wolfSSL 15:117db924cf7c 1265 };
wolfSSL 15:117db924cf7c 1266
wolfSSL 15:117db924cf7c 1267 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 1268 enum Ocsp_Verify_Error {
wolfSSL 15:117db924cf7c 1269 OCSP_VERIFY_ERROR_NONE = 0,
wolfSSL 15:117db924cf7c 1270 OCSP_BAD_ISSUER = 1
wolfSSL 15:117db924cf7c 1271 };
wolfSSL 15:117db924cf7c 1272 #endif
wolfSSL 15:117db924cf7c 1273
wolfSSL 15:117db924cf7c 1274
wolfSSL 15:117db924cf7c 1275 typedef struct OcspRequest OcspRequest;
wolfSSL 15:117db924cf7c 1276 typedef struct OcspResponse OcspResponse;
wolfSSL 15:117db924cf7c 1277
wolfSSL 15:117db924cf7c 1278
wolfSSL 15:117db924cf7c 1279 struct CertStatus {
wolfSSL 15:117db924cf7c 1280 CertStatus* next;
wolfSSL 15:117db924cf7c 1281
wolfSSL 15:117db924cf7c 1282 byte serial[EXTERNAL_SERIAL_SIZE];
wolfSSL 15:117db924cf7c 1283 int serialSz;
wolfSSL 15:117db924cf7c 1284
wolfSSL 15:117db924cf7c 1285 int status;
wolfSSL 15:117db924cf7c 1286
wolfSSL 15:117db924cf7c 1287 byte thisDate[MAX_DATE_SIZE];
wolfSSL 15:117db924cf7c 1288 byte nextDate[MAX_DATE_SIZE];
wolfSSL 15:117db924cf7c 1289 byte thisDateFormat;
wolfSSL 15:117db924cf7c 1290 byte nextDateFormat;
wolfSSL 15:117db924cf7c 1291 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 16:8e0d178b1d1e 1292 WOLFSSL_ASN1_TIME thisDateParsed;
wolfSSL 16:8e0d178b1d1e 1293 WOLFSSL_ASN1_TIME nextDateParsed;
wolfSSL 15:117db924cf7c 1294 byte* thisDateAsn;
wolfSSL 15:117db924cf7c 1295 byte* nextDateAsn;
wolfSSL 15:117db924cf7c 1296 #endif
wolfSSL 15:117db924cf7c 1297
wolfSSL 15:117db924cf7c 1298 byte* rawOcspResponse;
wolfSSL 15:117db924cf7c 1299 word32 rawOcspResponseSz;
wolfSSL 15:117db924cf7c 1300 };
wolfSSL 15:117db924cf7c 1301
wolfSSL 15:117db924cf7c 1302
wolfSSL 15:117db924cf7c 1303 struct OcspResponse {
wolfSSL 15:117db924cf7c 1304 int responseStatus; /* return code from Responder */
wolfSSL 15:117db924cf7c 1305
wolfSSL 15:117db924cf7c 1306 byte* response; /* Pointer to beginning of OCSP Response */
wolfSSL 15:117db924cf7c 1307 word32 responseSz; /* length of the OCSP Response */
wolfSSL 15:117db924cf7c 1308
wolfSSL 15:117db924cf7c 1309 byte producedDate[MAX_DATE_SIZE];
wolfSSL 15:117db924cf7c 1310 /* Date at which this response was signed */
wolfSSL 15:117db924cf7c 1311 byte producedDateFormat; /* format of the producedDate */
wolfSSL 15:117db924cf7c 1312 byte* issuerHash;
wolfSSL 15:117db924cf7c 1313 byte* issuerKeyHash;
wolfSSL 15:117db924cf7c 1314
wolfSSL 15:117db924cf7c 1315 byte* cert;
wolfSSL 15:117db924cf7c 1316 word32 certSz;
wolfSSL 15:117db924cf7c 1317
wolfSSL 15:117db924cf7c 1318 byte* sig; /* Pointer to sig in source */
wolfSSL 15:117db924cf7c 1319 word32 sigSz; /* Length in octets for the sig */
wolfSSL 15:117db924cf7c 1320 word32 sigOID; /* OID for hash used for sig */
wolfSSL 15:117db924cf7c 1321
wolfSSL 15:117db924cf7c 1322 CertStatus* status; /* certificate status to fill out */
wolfSSL 15:117db924cf7c 1323
wolfSSL 15:117db924cf7c 1324 byte* nonce; /* pointer to nonce inside ASN.1 response */
wolfSSL 15:117db924cf7c 1325 int nonceSz; /* length of the nonce string */
wolfSSL 15:117db924cf7c 1326
wolfSSL 15:117db924cf7c 1327 byte* source; /* pointer to source buffer, not owned */
wolfSSL 15:117db924cf7c 1328 word32 maxIdx; /* max offset based on init size */
wolfSSL 15:117db924cf7c 1329
wolfSSL 15:117db924cf7c 1330 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 1331 int verifyError;
wolfSSL 15:117db924cf7c 1332 #endif
wolfSSL 15:117db924cf7c 1333 };
wolfSSL 15:117db924cf7c 1334
wolfSSL 15:117db924cf7c 1335
wolfSSL 15:117db924cf7c 1336 struct OcspRequest {
wolfSSL 15:117db924cf7c 1337 byte issuerHash[KEYID_SIZE];
wolfSSL 15:117db924cf7c 1338 byte issuerKeyHash[KEYID_SIZE];
wolfSSL 15:117db924cf7c 1339 byte* serial; /* copy of the serial number in source cert */
wolfSSL 15:117db924cf7c 1340 int serialSz;
wolfSSL 16:8e0d178b1d1e 1341 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 1342 WOLFSSL_ASN1_INTEGER* serialInt;
wolfSSL 16:8e0d178b1d1e 1343 #endif
wolfSSL 15:117db924cf7c 1344 byte* url; /* copy of the extAuthInfo in source cert */
wolfSSL 15:117db924cf7c 1345 int urlSz;
wolfSSL 15:117db924cf7c 1346
wolfSSL 15:117db924cf7c 1347 byte nonce[MAX_OCSP_NONCE_SZ];
wolfSSL 15:117db924cf7c 1348 int nonceSz;
wolfSSL 15:117db924cf7c 1349 void* heap;
wolfSSL 15:117db924cf7c 1350 void* ssl;
wolfSSL 15:117db924cf7c 1351 };
wolfSSL 15:117db924cf7c 1352
wolfSSL 16:8e0d178b1d1e 1353 typedef struct OcspEntry OcspEntry;
wolfSSL 16:8e0d178b1d1e 1354
wolfSSL 16:8e0d178b1d1e 1355 #ifdef NO_SHA
wolfSSL 16:8e0d178b1d1e 1356 #define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
wolfSSL 16:8e0d178b1d1e 1357 #else
wolfSSL 16:8e0d178b1d1e 1358 #define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
wolfSSL 16:8e0d178b1d1e 1359 #endif
wolfSSL 16:8e0d178b1d1e 1360
wolfSSL 16:8e0d178b1d1e 1361 struct OcspEntry
wolfSSL 16:8e0d178b1d1e 1362 {
wolfSSL 16:8e0d178b1d1e 1363 OcspEntry *next; /* next entry */
wolfSSL 16:8e0d178b1d1e 1364 byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
wolfSSL 16:8e0d178b1d1e 1365 byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
wolfSSL 16:8e0d178b1d1e 1366 CertStatus *status; /* OCSP response list */
wolfSSL 16:8e0d178b1d1e 1367 int totalStatus; /* number on list */
wolfSSL 16:8e0d178b1d1e 1368 };
wolfSSL 15:117db924cf7c 1369
wolfSSL 15:117db924cf7c 1370 WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
wolfSSL 15:117db924cf7c 1371 WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int);
wolfSSL 15:117db924cf7c 1372
wolfSSL 15:117db924cf7c 1373 WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*);
wolfSSL 15:117db924cf7c 1374 WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*);
wolfSSL 15:117db924cf7c 1375 WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32);
wolfSSL 15:117db924cf7c 1376 WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32);
wolfSSL 15:117db924cf7c 1377
wolfSSL 15:117db924cf7c 1378
wolfSSL 15:117db924cf7c 1379 WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*);
wolfSSL 15:117db924cf7c 1380
wolfSSL 15:117db924cf7c 1381
wolfSSL 15:117db924cf7c 1382 #endif /* HAVE_OCSP */
wolfSSL 15:117db924cf7c 1383
wolfSSL 15:117db924cf7c 1384
wolfSSL 15:117db924cf7c 1385 /* for pointer use */
wolfSSL 15:117db924cf7c 1386 typedef struct RevokedCert RevokedCert;
wolfSSL 15:117db924cf7c 1387
wolfSSL 15:117db924cf7c 1388 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 1389
wolfSSL 15:117db924cf7c 1390 struct RevokedCert {
wolfSSL 15:117db924cf7c 1391 byte serialNumber[EXTERNAL_SERIAL_SIZE];
wolfSSL 15:117db924cf7c 1392 int serialSz;
wolfSSL 15:117db924cf7c 1393 RevokedCert* next;
wolfSSL 15:117db924cf7c 1394 };
wolfSSL 15:117db924cf7c 1395
wolfSSL 15:117db924cf7c 1396 typedef struct DecodedCRL DecodedCRL;
wolfSSL 15:117db924cf7c 1397
wolfSSL 15:117db924cf7c 1398 struct DecodedCRL {
wolfSSL 15:117db924cf7c 1399 word32 certBegin; /* offset to start of cert */
wolfSSL 15:117db924cf7c 1400 word32 sigIndex; /* offset to start of signature */
wolfSSL 15:117db924cf7c 1401 word32 sigLength; /* length of signature */
wolfSSL 15:117db924cf7c 1402 word32 signatureOID; /* sum of algorithm object id */
wolfSSL 15:117db924cf7c 1403 byte* signature; /* pointer into raw source, not owned */
wolfSSL 16:8e0d178b1d1e 1404 byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */
wolfSSL 15:117db924cf7c 1405 byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
wolfSSL 15:117db924cf7c 1406 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
wolfSSL 15:117db924cf7c 1407 byte nextDate[MAX_DATE_SIZE]; /* next update date */
wolfSSL 15:117db924cf7c 1408 byte lastDateFormat; /* format of last date */
wolfSSL 15:117db924cf7c 1409 byte nextDateFormat; /* format of next date */
wolfSSL 15:117db924cf7c 1410 RevokedCert* certs; /* revoked cert list */
wolfSSL 15:117db924cf7c 1411 int totalCerts; /* number on list */
wolfSSL 15:117db924cf7c 1412 void* heap;
wolfSSL 16:8e0d178b1d1e 1413 #ifndef NO_SKID
wolfSSL 16:8e0d178b1d1e 1414 byte extAuthKeyIdSet;
wolfSSL 16:8e0d178b1d1e 1415 byte extAuthKeyId[SIGNER_DIGEST_SIZE]; /* Authority Key ID */
wolfSSL 16:8e0d178b1d1e 1416 #endif
wolfSSL 15:117db924cf7c 1417 };
wolfSSL 15:117db924cf7c 1418
wolfSSL 15:117db924cf7c 1419 WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*, void* heap);
wolfSSL 15:117db924cf7c 1420 WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx,
wolfSSL 15:117db924cf7c 1421 const byte* toBeSigned, word32 tbsSz,
wolfSSL 15:117db924cf7c 1422 const byte* signature, word32 sigSz,
wolfSSL 15:117db924cf7c 1423 word32 signatureOID, Signer *ca,
wolfSSL 15:117db924cf7c 1424 void* heap);
wolfSSL 15:117db924cf7c 1425 WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm);
wolfSSL 15:117db924cf7c 1426 WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
wolfSSL 15:117db924cf7c 1427
wolfSSL 15:117db924cf7c 1428
wolfSSL 15:117db924cf7c 1429 #endif /* HAVE_CRL */
wolfSSL 15:117db924cf7c 1430
wolfSSL 15:117db924cf7c 1431
wolfSSL 15:117db924cf7c 1432 #ifdef __cplusplus
wolfSSL 15:117db924cf7c 1433 } /* extern "C" */
wolfSSL 15:117db924cf7c 1434 #endif
wolfSSL 15:117db924cf7c 1435
wolfSSL 15:117db924cf7c 1436 #endif /* !NO_ASN */
wolfSSL 15:117db924cf7c 1437
wolfSSL 15:117db924cf7c 1438
wolfSSL 15:117db924cf7c 1439 #if !defined(NO_ASN) || !defined(NO_PWDBASED)
wolfSSL 15:117db924cf7c 1440
wolfSSL 15:117db924cf7c 1441 #ifndef MAX_KEY_SIZE
wolfSSL 15:117db924cf7c 1442 #define MAX_KEY_SIZE 64 /* MAX PKCS Key length */
wolfSSL 15:117db924cf7c 1443 #endif
wolfSSL 15:117db924cf7c 1444 #ifndef MAX_UNICODE_SZ
wolfSSL 15:117db924cf7c 1445 #define MAX_UNICODE_SZ 256
wolfSSL 15:117db924cf7c 1446 #endif
wolfSSL 15:117db924cf7c 1447
wolfSSL 15:117db924cf7c 1448 enum PBESTypes {
wolfSSL 15:117db924cf7c 1449 PBE_MD5_DES = 0,
wolfSSL 15:117db924cf7c 1450 PBE_SHA1_RC4_128 = 1,
wolfSSL 15:117db924cf7c 1451 PBE_SHA1_DES = 2,
wolfSSL 15:117db924cf7c 1452 PBE_SHA1_DES3 = 3,
wolfSSL 15:117db924cf7c 1453 PBE_AES256_CBC = 4,
wolfSSL 16:8e0d178b1d1e 1454 PBE_AES128_CBC = 5,
wolfSSL 15:117db924cf7c 1455
wolfSSL 15:117db924cf7c 1456 PBE_SHA1_RC4_128_SUM = 657,
wolfSSL 15:117db924cf7c 1457 PBE_SHA1_DES3_SUM = 659,
wolfSSL 15:117db924cf7c 1458 PBES2 = 13 /* algo ID */
wolfSSL 15:117db924cf7c 1459 };
wolfSSL 15:117db924cf7c 1460
wolfSSL 15:117db924cf7c 1461 enum PKCSTypes {
wolfSSL 15:117db924cf7c 1462 PKCS5v2 = 6, /* PKCS #5 v2.0 */
wolfSSL 15:117db924cf7c 1463 PKCS12v1 = 12, /* PKCS #12 */
wolfSSL 15:117db924cf7c 1464 PKCS5 = 5, /* PKCS oid tag */
wolfSSL 15:117db924cf7c 1465 PKCS8v0 = 0, /* default PKCS#8 version */
wolfSSL 15:117db924cf7c 1466 };
wolfSSL 15:117db924cf7c 1467
wolfSSL 15:117db924cf7c 1468 #endif /* !NO_ASN || !NO_PWDBASED */
wolfSSL 15:117db924cf7c 1469
wolfSSL 15:117db924cf7c 1470 #endif /* WOLF_CRYPT_ASN_H */
wolfSSL 15:117db924cf7c 1471