Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

asn.h

Last change on this file was 167, checked in by coas-nagasima, 8 years ago
MIMEにSJISを設定
Property svn:eol-style set to `native` Property svn:keywords set to `Id` Property svn:mime-type set to `text/x-chdr; charset=SHIFT_JIS`
File size: 24.8 KB

Line
1	/* asn.h
2	*
3	* Copyright (C) 2006-2015 wolfSSL Inc.
4	*
5	* This file is part of wolfSSL. (formerly known as CyaSSL)
6	*
7	* wolfSSL is free software; you can redistribute it and/or modify
8	* it under the terms of the GNU General Public License as published by
9	* the Free Software Foundation; either version 2 of the License, or
10	* (at your option) any later version.
11	*
12	* wolfSSL is distributed in the hope that it will be useful,
13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15	* GNU General Public License for more details.
16	*
17	* You should have received a copy of the GNU General Public License
18	* along with this program; if not, write to the Free Software
19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
20	*/
21
22	#ifndef WOLF_CRYPT_ASN_H
23	#define WOLF_CRYPT_ASN_H
24
25	#include <wolfssl/wolfcrypt/types.h>
26
27	#ifndef NO_ASN
28
29	#include <wolfssl/wolfcrypt/integer.h>
30	#ifndef NO_RSA
31	#include <wolfssl/wolfcrypt/rsa.h>
32	#endif
33
34	/* fips declare of RsaPrivateKeyDecode @wc_fips */
35	#if defined(HAVE_FIPS) && !defined(NO_RSA)
36	#include <cyassl/ctaocrypt/rsa.h>
37	#endif
38
39	#ifndef NO_DH
40	#include <wolfssl/wolfcrypt/dh.h>
41	#endif
42	#ifndef NO_DSA
43	#include <wolfssl/wolfcrypt/dsa.h>
44	#endif
45	#ifndef NO_SHA
46	#include <wolfssl/wolfcrypt/sha.h>
47	#endif
48	#ifndef NO_MD5
49	#include <wolfssl/wolfcrypt/md5.h>
50	#endif
51	#include <wolfssl/wolfcrypt/sha256.h>
52	#include <wolfssl/wolfcrypt/asn_public.h> /* public interface */
53	#ifdef HAVE_ECC
54	#include <wolfssl/wolfcrypt/ecc.h>
55	#endif
56
57	#ifdef __cplusplus
58	extern "C" {
59	#endif
60
61
62	enum {
63	ISSUER = 0,
64	SUBJECT = 1,
65
66	EXTERNAL_SERIAL_SIZE = 32,
67
68	BEFORE = 0,
69	AFTER = 1
70	};
71
72	/* ASN Tags */
73	enum ASN_Tags {
74	ASN_BOOLEAN = 0x01,
75	ASN_INTEGER = 0x02,
76	ASN_BIT_STRING = 0x03,
77	ASN_OCTET_STRING = 0x04,
78	ASN_TAG_NULL = 0x05,
79	ASN_OBJECT_ID = 0x06,
80	ASN_ENUMERATED = 0x0a,
81	ASN_UTF8STRING = 0x0c,
82	ASN_SEQUENCE = 0x10,
83	ASN_SET = 0x11,
84	ASN_UTC_TIME = 0x17,
85	ASN_OTHER_TYPE = 0x00,
86	ASN_RFC822_TYPE = 0x01,
87	ASN_DNS_TYPE = 0x02,
88	ASN_DIR_TYPE = 0x04,
89	ASN_GENERALIZED_TIME = 0x18,
90	CRL_EXTENSIONS = 0xa0,
91	ASN_EXTENSIONS = 0xa3,
92	ASN_LONG_LENGTH = 0x80
93	};
94
95	enum ASN_Flags{
96	ASN_CONSTRUCTED = 0x20,
97	ASN_CONTEXT_SPECIFIC = 0x80
98	};
99
100	enum DN_Tags {
101	ASN_COMMON_NAME = 0x03, /* CN */
102	ASN_SUR_NAME = 0x04, /* SN */
103	ASN_SERIAL_NUMBER = 0x05, /* serialNumber */
104	ASN_COUNTRY_NAME = 0x06, /* C */
105	ASN_LOCALITY_NAME = 0x07, /* L */
106	ASN_STATE_NAME = 0x08, /* ST */
107	ASN_ORG_NAME = 0x0a, /* O */
108	ASN_ORGUNIT_NAME = 0x0b /* OU */
109	};
110
111	enum PBES {
112	PBE_MD5_DES = 0,
113	PBE_SHA1_DES = 1,
114	PBE_SHA1_DES3 = 2,
115	PBE_SHA1_RC4_128 = 3,
116	PBES2 = 13 /* algo ID */
117	};
118
119	enum ENCRYPTION_TYPES {
120	DES_TYPE = 0,
121	DES3_TYPE = 1,
122	RC4_TYPE = 2
123	};
124
125	enum ECC_TYPES {
126	ECC_PREFIX_0 = 160,
127	ECC_PREFIX_1 = 161
128	};
129
130	enum Misc_ASN {
131	ASN_NAME_MAX = 256,
132	MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
133	MAX_IV_SIZE = 64, /* MAX PKCS Iv length */
134	MAX_KEY_SIZE = 64, /* MAX PKCS Key length */
135	PKCS5 = 5, /* PKCS oid tag */
136	PKCS5v2 = 6, /* PKCS #5 v2.0 */
137	PKCS12 = 12, /* PKCS #12 */
138	MAX_UNICODE_SZ = 256,
139	ASN_BOOL_SIZE = 2, /* including type */
140	ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
141	ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
142	#ifdef NO_SHA
143	KEYID_SIZE = SHA256_DIGEST_SIZE,
144	#else
145	KEYID_SIZE = SHA_DIGEST_SIZE,
146	#endif
147	RSA_INTS = 8, /* RSA ints in private key */
148	DSA_INTS = 5, /* DSA ints in private key */
149	MIN_DATE_SIZE = 13,
150	MAX_DATE_SIZE = 32,
151	ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
152	MAX_ENCODED_SIG_SZ = 512,
153	MAX_SIG_SZ = 256,
154	MAX_ALGO_SZ = 20,
155	MAX_SEQ_SZ = 5, /* enum(seq \| con) + length(4) */
156	MAX_SET_SZ = 5, /* enum(set \| con) + length(4) */
157	MAX_OCTET_STR_SZ = 5, /* enum(set \| con) + length(4) */
158	MAX_EXP_SZ = 5, /* enum(contextspec\|con\|exp) + length(4) */
159	MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */
160	MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
161	MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */
162	MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
163	MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
164	MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
165	MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
166	MAX_RSA_E_SZ = 16, /* Max RSA public e size */
167	MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
168	MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
169	#ifdef WOLFSSL_CERT_GEN
170	#ifdef WOLFSSL_CERT_REQ
171	/* Max encoded cert req attributes length */
172	MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 +
173	MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */
174	#endif
175	#if defined(WOLFSSL_ALT_NAMES) \|\| defined(WOLFSSL_CERT_EXT)
176	MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
177	#else
178	MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
179	#endif
180	/* Max total extensions, id + len + others */
181	#endif
182	#ifdef WOLFSSL_CERT_EXT
183	MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */
184	MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */
185	MAX_OID_SZ = 32, /* Max DER length of OID*/
186	MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
187	MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
188	MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
189	#endif
190	MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
191	MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */
192	EIGHTK_BUF = 8192, /* Tmp buffer size */
193	MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
194	/* use bigger NTRU size */
195	HEADER_ENCRYPTED_KEY_SIZE = 88 /* Extra header size for encrypted key */
196	};
197
198
199	enum Oid_Types {
200	hashType = 0,
201	sigType = 1,
202	keyType = 2,
203	curveType = 3,
204	blkType = 4
205	};
206
207
208	enum Hash_Sum {
209	MD2h = 646,
210	MD5h = 649,
211	SHAh = 88,
212	SHA256h = 414,
213	SHA384h = 415,
214	SHA512h = 416
215	};
216
217
218	enum Block_Sum {
219	DESb = 69,
220	DES3b = 652
221	};
222
223
224	enum Key_Sum {
225	DSAk = 515,
226	RSAk = 645,
227	NTRUk = 274,
228	ECDSAk = 518
229	};
230
231
232	enum Ecc_Sum {
233	ECC_256R1 = 526,
234	ECC_384R1 = 210,
235	ECC_521R1 = 211,
236	ECC_160R1 = 184,
237	ECC_192R1 = 520,
238	ECC_224R1 = 209
239	};
240
241
242	enum KDF_Sum {
243	PBKDF2_OID = 660
244	};
245
246
247	enum Extensions_Sum {
248	BASIC_CA_OID = 133,
249	ALT_NAMES_OID = 131,
250	CRL_DIST_OID = 145,
251	AUTH_INFO_OID = 69,
252	CA_ISSUER_OID = 117,
253	AUTH_KEY_OID = 149,
254	SUBJ_KEY_OID = 128,
255	CERT_POLICY_OID = 146,
256	KEY_USAGE_OID = 129, /* 2.5.29.15 */
257	INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
258	EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
259	NAME_CONS_OID = 144 /* 2.5.29.30 */
260	};
261
262	enum CertificatePolicy_Sum {
263	CP_ANY_OID = 146 /* id-ce 32 0 */
264	};
265
266	enum SepHardwareName_Sum {
267	HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
268	};
269
270	enum AuthInfo_Sum {
271	AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
272	AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
273	};
274
275	enum ExtKeyUsage_Sum { /* From RFC 5280 */
276	EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */
277	EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */
278	EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */
279	EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, OCSPSigning */
280	};
281
282
283	enum VerifyType {
284	NO_VERIFY = 0,
285	VERIFY = 1
286	};
287
288	#ifdef WOLFSSL_CERT_EXT
289	enum KeyIdType {
290	SKID_TYPE = 0,
291	AKID_TYPE = 1
292	};
293	#endif
294
295	/* Key usage extension bits */
296	#define KEYUSE_DIGITAL_SIG 0x0080
297	#define KEYUSE_CONTENT_COMMIT 0x0040
298	#define KEYUSE_KEY_ENCIPHER 0x0020
299	#define KEYUSE_DATA_ENCIPHER 0x0010
300	#define KEYUSE_KEY_AGREE 0x0008
301	#define KEYUSE_KEY_CERT_SIGN 0x0004
302	#define KEYUSE_CRL_SIGN 0x0002
303	#define KEYUSE_ENCIPHER_ONLY 0x0001
304	#define KEYUSE_DECIPHER_ONLY 0x8000
305
306	#define EXTKEYUSE_ANY 0x08
307	#define EXTKEYUSE_OCSP_SIGN 0x04
308	#define EXTKEYUSE_CLIENT_AUTH 0x02
309	#define EXTKEYUSE_SERVER_AUTH 0x01
310
311	typedef struct DNS_entry DNS_entry;
312
313	struct DNS_entry {
314	DNS_entry* next; /* next on DNS list */
315	char* name; /* actual DNS name */
316	};
317
318
319	typedef struct Base_entry Base_entry;
320
321	struct Base_entry {
322	Base_entry* next; /* next on name base list */
323	char* name; /* actual name base */
324	int nameSz; /* name length */
325	byte type; /* Name base type (DNS or RFC822) */
326	};
327
328
329	struct DecodedName {
330	char* fullName;
331	int fullNameLen;
332	int entryCount;
333	int cnIdx;
334	int cnLen;
335	int snIdx;
336	int snLen;
337	int cIdx;
338	int cLen;
339	int lIdx;
340	int lLen;
341	int stIdx;
342	int stLen;
343	int oIdx;
344	int oLen;
345	int ouIdx;
346	int ouLen;
347	int emailIdx;
348	int emailLen;
349	int uidIdx;
350	int uidLen;
351	int serialIdx;
352	int serialLen;
353	};
354
355
356	typedef struct DecodedCert DecodedCert;
357	typedef struct DecodedName DecodedName;
358	typedef struct Signer Signer;
359
360
361	struct DecodedCert {
362	byte* publicKey;
363	word32 pubKeySize;
364	int pubKeyStored;
365	word32 certBegin; /* offset to start of cert */
366	word32 sigIndex; /* offset to start of signature */
367	word32 sigLength; /* length of signature */
368	word32 signatureOID; /* sum of algorithm object id */
369	word32 keyOID; /* sum of key algo object id */
370	int version; /* cert version, 1 or 3 */
371	DNS_entry* altNames; /* alt names list of dns entries */
372	#ifndef IGNORE_NAME_CONSTRAINTS
373	DNS_entry* altEmailNames; /* alt names list of RFC822 entries */
374	Base_entry* permittedNames; /* Permitted name bases */
375	Base_entry* excludedNames; /* Excluded name bases */
376	#endif /* IGNORE_NAME_CONSTRAINTS */
377	byte subjectHash[KEYID_SIZE]; /* hash of all Names */
378	byte issuerHash[KEYID_SIZE]; /* hash of all Names */
379	#ifdef HAVE_OCSP
380	byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
381	#endif /* HAVE_OCSP */
382	byte* signature; /* not owned, points into raw cert */
383	char* subjectCN; /* CommonName */
384	int subjectCNLen; /* CommonName Length */
385	char subjectCNEnc; /* CommonName Encoding */
386	int subjectCNStored; /* have we saved a copy we own */
387	char issuer[ASN_NAME_MAX]; /* full name including common name */
388	char subject[ASN_NAME_MAX]; /* full name including common name */
389	int verify; /* Default to yes, but could be off */
390	byte* source; /* byte buffer holder cert, NOT owner */
391	word32 srcIdx; /* current offset into buffer */
392	word32 maxIdx; /* max offset based on init size */
393	void* heap; /* for user memory overrides */
394	byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */
395	int serialSz; /* raw serial bytes stored */
396	byte* extensions; /* not owned, points into raw cert */
397	int extensionsSz; /* length of cert extensions */
398	word32 extensionsIdx; /* if want to go back and parse later */
399	byte* extAuthInfo; /* Authority Information Access URI */
400	int extAuthInfoSz; /* length of the URI */
401	byte* extCrlInfo; /* CRL Distribution Points */
402	int extCrlInfoSz; /* length of the URI */
403	byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
404	byte extSubjKeyIdSet; /* Set when the SKID was read from cert */
405	byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */
406	byte extAuthKeyIdSet; /* Set when the AKID was read from cert */
407	#ifndef IGNORE_NAME_CONSTRAINTS
408	byte extNameConstraintSet;
409	#endif /* IGNORE_NAME_CONSTRAINTS */
410	byte isCA; /* CA basic constraint true */
411	byte weOwnAltNames; /* altNames haven't been given to copy */
412	byte extKeyUsageSet;
413	word16 extKeyUsage; /* Key usage bitfield */
414	byte extExtKeyUsageSet; /* Extended Key Usage */
415	byte extExtKeyUsage; /* Extended Key usage bitfield */
416	#ifdef OPENSSL_EXTRA
417	byte extBasicConstSet;
418	byte extBasicConstCrit;
419	byte extBasicConstPlSet;
420	word32 pathLength; /* CA basic constraint path length, opt */
421	byte extSubjAltNameSet;
422	byte extSubjAltNameCrit;
423	byte extAuthKeyIdCrit;
424	#ifndef IGNORE_NAME_CONSTRAINTS
425	byte extNameConstraintCrit;
426	#endif /* IGNORE_NAME_CONSTRAINTS */
427	byte extSubjKeyIdCrit;
428	byte extKeyUsageCrit;
429	byte extExtKeyUsageCrit;
430	byte* extExtKeyUsageSrc;
431	word32 extExtKeyUsageSz;
432	word32 extExtKeyUsageCount;
433	byte* extAuthKeyIdSrc;
434	word32 extAuthKeyIdSz;
435	byte* extSubjKeyIdSrc;
436	word32 extSubjKeyIdSz;
437	#endif
438	#ifdef HAVE_ECC
439	word32 pkCurveOID; /* Public Key's curve OID */
440	#endif /* HAVE_ECC */
441	byte* beforeDate;
442	int beforeDateLen;
443	byte* afterDate;
444	int afterDateLen;
445	#ifdef HAVE_PKCS7
446	byte* issuerRaw; /* pointer to issuer inside source */
447	int issuerRawLen;
448	#endif
449	#ifndef IGNORE_NAME_CONSTRAINT
450	byte* subjectRaw; /* pointer to subject inside source */
451	int subjectRawLen;
452	#endif
453	#if defined(WOLFSSL_CERT_GEN)
454	/* easy access to subject info for other sign */
455	char* subjectSN;
456	int subjectSNLen;
457	char subjectSNEnc;
458	char* subjectC;
459	int subjectCLen;
460	char subjectCEnc;
461	char* subjectL;
462	int subjectLLen;
463	char subjectLEnc;
464	char* subjectST;
465	int subjectSTLen;
466	char subjectSTEnc;
467	char* subjectO;
468	int subjectOLen;
469	char subjectOEnc;
470	char* subjectOU;
471	int subjectOULen;
472	char subjectOUEnc;
473	char* subjectEmail;
474	int subjectEmailLen;
475	#endif /* WOLFSSL_CERT_GEN */
476	#ifdef OPENSSL_EXTRA
477	DecodedName issuerName;
478	DecodedName subjectName;
479	#endif /* OPENSSL_EXTRA */
480	#ifdef WOLFSSL_SEP
481	int deviceTypeSz;
482	byte* deviceType;
483	int hwTypeSz;
484	byte* hwType;
485	int hwSerialNumSz;
486	byte* hwSerialNum;
487	#ifdef OPENSSL_EXTRA
488	byte extCertPolicySet;
489	byte extCertPolicyCrit;
490	#endif /* OPENSSL_EXTRA */
491	#endif /* WOLFSSL_SEP */
492	#ifdef WOLFSSL_CERT_EXT
493	char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
494	int extCertPoliciesNb;
495	#endif /* WOLFSSL_CERT_EXT */
496	};
497
498	extern const char* BEGIN_CERT;
499	extern const char* END_CERT;
500	extern const char* BEGIN_CERT_REQ;
501	extern const char* END_CERT_REQ;
502	extern const char* BEGIN_DH_PARAM;
503	extern const char* END_DH_PARAM;
504	extern const char* BEGIN_X509_CRL;
505	extern const char* END_X509_CRL;
506	extern const char* BEGIN_RSA_PRIV;
507	extern const char* END_RSA_PRIV;
508	extern const char* BEGIN_PRIV_KEY;
509	extern const char* END_PRIV_KEY;
510	extern const char* BEGIN_ENC_PRIV_KEY;
511	extern const char* END_ENC_PRIV_KEY;
512	extern const char* BEGIN_EC_PRIV;
513	extern const char* END_EC_PRIV;
514	extern const char* BEGIN_DSA_PRIV;
515	extern const char* END_DSA_PRIV;
516	extern const char* BEGIN_PUB_KEY;
517	extern const char* END_PUB_KEY;
518
519	#ifdef NO_SHA
520	#define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE
521	#else
522	#define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
523	#endif
524
525	/* CA Signers */
526	/* if change layout change PERSIST_CERT_CACHE functions too */
527	struct Signer {
528	word32 pubKeySize;
529	word32 keyOID; /* key type */
530	word16 keyUsage;
531	byte* publicKey;
532	int nameLen;
533	char* name; /* common name */
534	#ifndef IGNORE_NAME_CONSTRAINTS
535	Base_entry* permittedNames;
536	Base_entry* excludedNames;
537	#endif /* IGNORE_NAME_CONSTRAINTS */
538	byte subjectNameHash[SIGNER_DIGEST_SIZE];
539	/* sha hash of names in certificate */
540	#ifndef NO_SKID
541	byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
542	/* sha hash of names in certificate */
543	#endif
544	Signer* next;
545	};
546
547
548	/* not for public consumption but may use for testing sometimes */
549	#ifdef WOLFSSL_TEST_CERT
550	#define WOLFSSL_TEST_API WOLFSSL_API
551	#else
552	#define WOLFSSL_TEST_API WOLFSSL_LOCAL
553	#endif
554
555	WOLFSSL_TEST_API void FreeAltNames(DNS_entry, void);
556	#ifndef IGNORE_NAME_CONSTRAINTS
557	WOLFSSL_TEST_API void FreeNameSubtrees(Base_entry, void);
558	#endif /* IGNORE_NAME_CONSTRAINTS */
559	WOLFSSL_TEST_API void InitDecodedCert(DecodedCert, byte, word32, void*);
560	WOLFSSL_TEST_API void FreeDecodedCert(DecodedCert*);
561	WOLFSSL_TEST_API int ParseCert(DecodedCert, int type, int verify, void cm);
562
563	WOLFSSL_LOCAL int ParseCertRelative(DecodedCert,int type,int verify,void cm);
564	WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
565
566	WOLFSSL_LOCAL Signer* MakeSigner(void*);
567	WOLFSSL_LOCAL void FreeSigner(Signer, void);
568	WOLFSSL_LOCAL void FreeSignerTable(Signer*, int, void);
569
570
571	WOLFSSL_LOCAL int ToTraditional(byte* buffer, word32 length);
572	WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int);
573
574	WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
575
576	/* ASN.1 helper functions */
577	WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
578	word32 maxIdx);
579	WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
580	word32 maxIdx);
581	WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
582	word32 maxIdx);
583	WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
584	int* version);
585	WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
586	word32 maxIdx);
587	WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
588	word32 maxIdx);
589	WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
590	WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
591	WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
592	WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
593	WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
594	WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
595	WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
596	WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
597	WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output);
598	WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
599	int maxIdx);
600
601	#ifdef HAVE_ECC
602	/* ASN sig helpers */
603	WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
604	mp_int* s);
605	WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
606	mp_int* r, mp_int* s);
607	#endif
608
609	#ifdef WOLFSSL_CERT_GEN
610
611	enum cert_enums {
612	NAME_ENTRIES = 8,
613	JOINT_LEN = 2,
614	EMAIL_JOINT_LEN = 9,
615	RSA_KEY = 10,
616	NTRU_KEY = 11,
617	ECC_KEY = 12
618	};
619
620	#ifndef WOLFSSL_PEMCERT_TODER_DEFINED
621	#ifndef NO_FILESYSTEM
622	/* forward from wolfSSL */
623	WOLFSSL_API
624	int wolfSSL_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz);
625	#define WOLFSSL_PEMCERT_TODER_DEFINED
626	#endif
627	#endif
628
629	#endif /* WOLFSSL_CERT_GEN */
630
631
632
633	/* for pointer use */
634	typedef struct CertStatus CertStatus;
635
636	#ifdef HAVE_OCSP
637
638	enum Ocsp_Response_Status {
639	OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */
640	OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */
641	OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */
642	OCSP_TRY_LATER = 3, /* Try again later */
643	OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */
644	OCSP_UNAUTHROIZED = 6 /* Request unauthorized */
645	};
646
647
648	enum Ocsp_Cert_Status {
649	CERT_GOOD = 0,
650	CERT_REVOKED = 1,
651	CERT_UNKNOWN = 2
652	};
653
654
655	enum Ocsp_Sums {
656	OCSP_BASIC_OID = 117,
657	OCSP_NONCE_OID = 118
658	};
659
660
661	typedef struct OcspRequest OcspRequest;
662	typedef struct OcspResponse OcspResponse;
663
664
665	struct CertStatus {
666	CertStatus* next;
667
668	byte serial[EXTERNAL_SERIAL_SIZE];
669	int serialSz;
670
671	int status;
672
673	byte thisDate[MAX_DATE_SIZE];
674	byte nextDate[MAX_DATE_SIZE];
675	byte thisDateFormat;
676	byte nextDateFormat;
677	};
678
679
680	struct OcspResponse {
681	int responseStatus; /* return code from Responder */
682
683	byte* response; /* Pointer to beginning of OCSP Response */
684	word32 responseSz; /* length of the OCSP Response */
685
686	byte producedDate[MAX_DATE_SIZE];
687	/* Date at which this response was signed */
688	byte producedDateFormat; /* format of the producedDate */
689	byte* issuerHash;
690	byte* issuerKeyHash;
691
692	byte* cert;
693	word32 certSz;
694
695	byte* sig; /* Pointer to sig in source */
696	word32 sigSz; /* Length in octets for the sig */
697	word32 sigOID; /* OID for hash used for sig */
698
699	CertStatus* status; /* certificate status to fill out */
700
701	byte* nonce; /* pointer to nonce inside ASN.1 response */
702	int nonceSz; /* length of the nonce string */
703
704	byte* source; /* pointer to source buffer, not owned */
705	word32 maxIdx; /* max offset based on init size */
706	};
707
708
709	struct OcspRequest {
710	DecodedCert* cert;
711
712	byte useNonce;
713	byte nonce[MAX_OCSP_NONCE_SZ];
714	int nonceSz;
715
716	byte* issuerHash; /* pointer to issuerHash in source cert */
717	byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */
718	byte* serial; /* pointer to serial number in source cert */
719	int serialSz; /* length of the serial number */
720
721	byte* dest; /* pointer to the destination ASN.1 buffer */
722	word32 destSz; /* length of the destination buffer */
723	};
724
725
726	WOLFSSL_LOCAL void InitOcspResponse(OcspResponse, CertStatus, byte*, word32);
727	WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*);
728
729	WOLFSSL_LOCAL void InitOcspRequest(OcspRequest, DecodedCert,
730	byte, byte*, word32);
731	WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*);
732
733	WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest, OcspResponse);
734
735
736	#endif /* HAVE_OCSP */
737
738
739	/* for pointer use */
740	typedef struct RevokedCert RevokedCert;
741
742	#ifdef HAVE_CRL
743
744	struct RevokedCert {
745	byte serialNumber[EXTERNAL_SERIAL_SIZE];
746	int serialSz;
747	RevokedCert* next;
748	};
749
750	typedef struct DecodedCRL DecodedCRL;
751
752	struct DecodedCRL {
753	word32 certBegin; /* offset to start of cert */
754	word32 sigIndex; /* offset to start of signature */
755	word32 sigLength; /* length of signature */
756	word32 signatureOID; /* sum of algorithm object id */
757	byte* signature; /* pointer into raw source, not owned */
758	byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */
759	byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
760	byte lastDate[MAX_DATE_SIZE]; /* last date updated */
761	byte nextDate[MAX_DATE_SIZE]; /* next update date */
762	byte lastDateFormat; /* format of last date */
763	byte nextDateFormat; /* format of next date */
764	RevokedCert* certs; /* revoked cert list */
765	int totalCerts; /* number on list */
766	};
767
768	WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*);
769	WOLFSSL_LOCAL int ParseCRL(DecodedCRL, const byte buff, word32 sz, void* cm);
770	WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
771
772
773	#endif /* HAVE_CRL */
774
775
776	#ifdef __cplusplus
777	} /* extern "C" */
778	#endif
779
780	#endif /* !NO_ASN */
781	#endif /* WOLF_CRYPT_ASN_H */
782

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: UsbWattMeter/trunk/wolfssl-3.7.0/wolfssl/wolfcrypt/asn.h

Download in other formats: