source: UsbWattMeter/trunk/wolfssl-3.7.0/wolfssl/wolfcrypt/asn.h@ 164

Last change on this file since 164 was 164, checked in by coas-nagasima, 6 years ago

TOPPERS/ECNLサンプルアプリ「USB充電器電力計」を追加

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
  • Property svn:mime-type set to text/x-chdr
File size: 24.8 KB
Line 
1/* asn.h
2 *
3 * Copyright (C) 2006-2015 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL. (formerly known as CyaSSL)
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
20 */
21
22#ifndef WOLF_CRYPT_ASN_H
23#define WOLF_CRYPT_ASN_H
24
25#include <wolfssl/wolfcrypt/types.h>
26
27#ifndef NO_ASN
28
29#include <wolfssl/wolfcrypt/integer.h>
30#ifndef NO_RSA
31 #include <wolfssl/wolfcrypt/rsa.h>
32#endif
33
34/* fips declare of RsaPrivateKeyDecode @wc_fips */
35#if defined(HAVE_FIPS) && !defined(NO_RSA)
36 #include <cyassl/ctaocrypt/rsa.h>
37#endif
38
39#ifndef NO_DH
40 #include <wolfssl/wolfcrypt/dh.h>
41#endif
42#ifndef NO_DSA
43 #include <wolfssl/wolfcrypt/dsa.h>
44#endif
45#ifndef NO_SHA
46 #include <wolfssl/wolfcrypt/sha.h>
47#endif
48#ifndef NO_MD5
49 #include <wolfssl/wolfcrypt/md5.h>
50#endif
51#include <wolfssl/wolfcrypt/sha256.h>
52#include <wolfssl/wolfcrypt/asn_public.h> /* public interface */
53#ifdef HAVE_ECC
54 #include <wolfssl/wolfcrypt/ecc.h>
55#endif
56
57#ifdef __cplusplus
58 extern "C" {
59#endif
60
61
62enum {
63 ISSUER = 0,
64 SUBJECT = 1,
65
66 EXTERNAL_SERIAL_SIZE = 32,
67
68 BEFORE = 0,
69 AFTER = 1
70};
71
72/* ASN Tags */
73enum ASN_Tags {
74 ASN_BOOLEAN = 0x01,
75 ASN_INTEGER = 0x02,
76 ASN_BIT_STRING = 0x03,
77 ASN_OCTET_STRING = 0x04,
78 ASN_TAG_NULL = 0x05,
79 ASN_OBJECT_ID = 0x06,
80 ASN_ENUMERATED = 0x0a,
81 ASN_UTF8STRING = 0x0c,
82 ASN_SEQUENCE = 0x10,
83 ASN_SET = 0x11,
84 ASN_UTC_TIME = 0x17,
85 ASN_OTHER_TYPE = 0x00,
86 ASN_RFC822_TYPE = 0x01,
87 ASN_DNS_TYPE = 0x02,
88 ASN_DIR_TYPE = 0x04,
89 ASN_GENERALIZED_TIME = 0x18,
90 CRL_EXTENSIONS = 0xa0,
91 ASN_EXTENSIONS = 0xa3,
92 ASN_LONG_LENGTH = 0x80
93};
94
95enum ASN_Flags{
96 ASN_CONSTRUCTED = 0x20,
97 ASN_CONTEXT_SPECIFIC = 0x80
98};
99
100enum DN_Tags {
101 ASN_COMMON_NAME = 0x03, /* CN */
102 ASN_SUR_NAME = 0x04, /* SN */
103 ASN_SERIAL_NUMBER = 0x05, /* serialNumber */
104 ASN_COUNTRY_NAME = 0x06, /* C */
105 ASN_LOCALITY_NAME = 0x07, /* L */
106 ASN_STATE_NAME = 0x08, /* ST */
107 ASN_ORG_NAME = 0x0a, /* O */
108 ASN_ORGUNIT_NAME = 0x0b /* OU */
109};
110
111enum PBES {
112 PBE_MD5_DES = 0,
113 PBE_SHA1_DES = 1,
114 PBE_SHA1_DES3 = 2,
115 PBE_SHA1_RC4_128 = 3,
116 PBES2 = 13 /* algo ID */
117};
118
119enum ENCRYPTION_TYPES {
120 DES_TYPE = 0,
121 DES3_TYPE = 1,
122 RC4_TYPE = 2
123};
124
125enum ECC_TYPES {
126 ECC_PREFIX_0 = 160,
127 ECC_PREFIX_1 = 161
128};
129
130enum Misc_ASN {
131 ASN_NAME_MAX = 256,
132 MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
133 MAX_IV_SIZE = 64, /* MAX PKCS Iv length */
134 MAX_KEY_SIZE = 64, /* MAX PKCS Key length */
135 PKCS5 = 5, /* PKCS oid tag */
136 PKCS5v2 = 6, /* PKCS #5 v2.0 */
137 PKCS12 = 12, /* PKCS #12 */
138 MAX_UNICODE_SZ = 256,
139 ASN_BOOL_SIZE = 2, /* including type */
140 ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
141 ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
142#ifdef NO_SHA
143 KEYID_SIZE = SHA256_DIGEST_SIZE,
144#else
145 KEYID_SIZE = SHA_DIGEST_SIZE,
146#endif
147 RSA_INTS = 8, /* RSA ints in private key */
148 DSA_INTS = 5, /* DSA ints in private key */
149 MIN_DATE_SIZE = 13,
150 MAX_DATE_SIZE = 32,
151 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
152 MAX_ENCODED_SIG_SZ = 512,
153 MAX_SIG_SZ = 256,
154 MAX_ALGO_SZ = 20,
155 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
156 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
157 MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */
158 MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */
159 MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */
160 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
161 MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */
162 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
163 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
164 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
165 MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
166 MAX_RSA_E_SZ = 16, /* Max RSA public e size */
167 MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
168 MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
169#ifdef WOLFSSL_CERT_GEN
170 #ifdef WOLFSSL_CERT_REQ
171 /* Max encoded cert req attributes length */
172 MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 +
173 MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */
174 #endif
175 #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT)
176 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
177 #else
178 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
179 #endif
180 /* Max total extensions, id + len + others */
181#endif
182#ifdef WOLFSSL_CERT_EXT
183 MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */
184 MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */
185 MAX_OID_SZ = 32, /* Max DER length of OID*/
186 MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
187 MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
188 MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
189#endif
190 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
191 MAX_OCSP_NONCE_SZ = 18, /* OCSP Nonce size */
192 EIGHTK_BUF = 8192, /* Tmp buffer size */
193 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
194 /* use bigger NTRU size */
195 HEADER_ENCRYPTED_KEY_SIZE = 88 /* Extra header size for encrypted key */
196};
197
198
199enum Oid_Types {
200 hashType = 0,
201 sigType = 1,
202 keyType = 2,
203 curveType = 3,
204 blkType = 4
205};
206
207
208enum Hash_Sum {
209 MD2h = 646,
210 MD5h = 649,
211 SHAh = 88,
212 SHA256h = 414,
213 SHA384h = 415,
214 SHA512h = 416
215};
216
217
218enum Block_Sum {
219 DESb = 69,
220 DES3b = 652
221};
222
223
224enum Key_Sum {
225 DSAk = 515,
226 RSAk = 645,
227 NTRUk = 274,
228 ECDSAk = 518
229};
230
231
232enum Ecc_Sum {
233 ECC_256R1 = 526,
234 ECC_384R1 = 210,
235 ECC_521R1 = 211,
236 ECC_160R1 = 184,
237 ECC_192R1 = 520,
238 ECC_224R1 = 209
239};
240
241
242enum KDF_Sum {
243 PBKDF2_OID = 660
244};
245
246
247enum Extensions_Sum {
248 BASIC_CA_OID = 133,
249 ALT_NAMES_OID = 131,
250 CRL_DIST_OID = 145,
251 AUTH_INFO_OID = 69,
252 CA_ISSUER_OID = 117,
253 AUTH_KEY_OID = 149,
254 SUBJ_KEY_OID = 128,
255 CERT_POLICY_OID = 146,
256 KEY_USAGE_OID = 129, /* 2.5.29.15 */
257 INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
258 EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
259 NAME_CONS_OID = 144 /* 2.5.29.30 */
260};
261
262enum CertificatePolicy_Sum {
263 CP_ANY_OID = 146 /* id-ce 32 0 */
264};
265
266enum SepHardwareName_Sum {
267 HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
268};
269
270enum AuthInfo_Sum {
271 AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
272 AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
273};
274
275enum ExtKeyUsage_Sum { /* From RFC 5280 */
276 EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */
277 EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */
278 EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */
279 EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, OCSPSigning */
280};
281
282
283enum VerifyType {
284 NO_VERIFY = 0,
285 VERIFY = 1
286};
287
288#ifdef WOLFSSL_CERT_EXT
289enum KeyIdType {
290 SKID_TYPE = 0,
291 AKID_TYPE = 1
292};
293#endif
294
295/* Key usage extension bits */
296#define KEYUSE_DIGITAL_SIG 0x0080
297#define KEYUSE_CONTENT_COMMIT 0x0040
298#define KEYUSE_KEY_ENCIPHER 0x0020
299#define KEYUSE_DATA_ENCIPHER 0x0010
300#define KEYUSE_KEY_AGREE 0x0008
301#define KEYUSE_KEY_CERT_SIGN 0x0004
302#define KEYUSE_CRL_SIGN 0x0002
303#define KEYUSE_ENCIPHER_ONLY 0x0001
304#define KEYUSE_DECIPHER_ONLY 0x8000
305
306#define EXTKEYUSE_ANY 0x08
307#define EXTKEYUSE_OCSP_SIGN 0x04
308#define EXTKEYUSE_CLIENT_AUTH 0x02
309#define EXTKEYUSE_SERVER_AUTH 0x01
310
311typedef struct DNS_entry DNS_entry;
312
313struct DNS_entry {
314 DNS_entry* next; /* next on DNS list */
315 char* name; /* actual DNS name */
316};
317
318
319typedef struct Base_entry Base_entry;
320
321struct Base_entry {
322 Base_entry* next; /* next on name base list */
323 char* name; /* actual name base */
324 int nameSz; /* name length */
325 byte type; /* Name base type (DNS or RFC822) */
326};
327
328
329struct DecodedName {
330 char* fullName;
331 int fullNameLen;
332 int entryCount;
333 int cnIdx;
334 int cnLen;
335 int snIdx;
336 int snLen;
337 int cIdx;
338 int cLen;
339 int lIdx;
340 int lLen;
341 int stIdx;
342 int stLen;
343 int oIdx;
344 int oLen;
345 int ouIdx;
346 int ouLen;
347 int emailIdx;
348 int emailLen;
349 int uidIdx;
350 int uidLen;
351 int serialIdx;
352 int serialLen;
353};
354
355
356typedef struct DecodedCert DecodedCert;
357typedef struct DecodedName DecodedName;
358typedef struct Signer Signer;
359
360
361struct DecodedCert {
362 byte* publicKey;
363 word32 pubKeySize;
364 int pubKeyStored;
365 word32 certBegin; /* offset to start of cert */
366 word32 sigIndex; /* offset to start of signature */
367 word32 sigLength; /* length of signature */
368 word32 signatureOID; /* sum of algorithm object id */
369 word32 keyOID; /* sum of key algo object id */
370 int version; /* cert version, 1 or 3 */
371 DNS_entry* altNames; /* alt names list of dns entries */
372#ifndef IGNORE_NAME_CONSTRAINTS
373 DNS_entry* altEmailNames; /* alt names list of RFC822 entries */
374 Base_entry* permittedNames; /* Permitted name bases */
375 Base_entry* excludedNames; /* Excluded name bases */
376#endif /* IGNORE_NAME_CONSTRAINTS */
377 byte subjectHash[KEYID_SIZE]; /* hash of all Names */
378 byte issuerHash[KEYID_SIZE]; /* hash of all Names */
379#ifdef HAVE_OCSP
380 byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
381#endif /* HAVE_OCSP */
382 byte* signature; /* not owned, points into raw cert */
383 char* subjectCN; /* CommonName */
384 int subjectCNLen; /* CommonName Length */
385 char subjectCNEnc; /* CommonName Encoding */
386 int subjectCNStored; /* have we saved a copy we own */
387 char issuer[ASN_NAME_MAX]; /* full name including common name */
388 char subject[ASN_NAME_MAX]; /* full name including common name */
389 int verify; /* Default to yes, but could be off */
390 byte* source; /* byte buffer holder cert, NOT owner */
391 word32 srcIdx; /* current offset into buffer */
392 word32 maxIdx; /* max offset based on init size */
393 void* heap; /* for user memory overrides */
394 byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */
395 int serialSz; /* raw serial bytes stored */
396 byte* extensions; /* not owned, points into raw cert */
397 int extensionsSz; /* length of cert extensions */
398 word32 extensionsIdx; /* if want to go back and parse later */
399 byte* extAuthInfo; /* Authority Information Access URI */
400 int extAuthInfoSz; /* length of the URI */
401 byte* extCrlInfo; /* CRL Distribution Points */
402 int extCrlInfoSz; /* length of the URI */
403 byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
404 byte extSubjKeyIdSet; /* Set when the SKID was read from cert */
405 byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */
406 byte extAuthKeyIdSet; /* Set when the AKID was read from cert */
407#ifndef IGNORE_NAME_CONSTRAINTS
408 byte extNameConstraintSet;
409#endif /* IGNORE_NAME_CONSTRAINTS */
410 byte isCA; /* CA basic constraint true */
411 byte weOwnAltNames; /* altNames haven't been given to copy */
412 byte extKeyUsageSet;
413 word16 extKeyUsage; /* Key usage bitfield */
414 byte extExtKeyUsageSet; /* Extended Key Usage */
415 byte extExtKeyUsage; /* Extended Key usage bitfield */
416#ifdef OPENSSL_EXTRA
417 byte extBasicConstSet;
418 byte extBasicConstCrit;
419 byte extBasicConstPlSet;
420 word32 pathLength; /* CA basic constraint path length, opt */
421 byte extSubjAltNameSet;
422 byte extSubjAltNameCrit;
423 byte extAuthKeyIdCrit;
424#ifndef IGNORE_NAME_CONSTRAINTS
425 byte extNameConstraintCrit;
426#endif /* IGNORE_NAME_CONSTRAINTS */
427 byte extSubjKeyIdCrit;
428 byte extKeyUsageCrit;
429 byte extExtKeyUsageCrit;
430 byte* extExtKeyUsageSrc;
431 word32 extExtKeyUsageSz;
432 word32 extExtKeyUsageCount;
433 byte* extAuthKeyIdSrc;
434 word32 extAuthKeyIdSz;
435 byte* extSubjKeyIdSrc;
436 word32 extSubjKeyIdSz;
437#endif
438#ifdef HAVE_ECC
439 word32 pkCurveOID; /* Public Key's curve OID */
440#endif /* HAVE_ECC */
441 byte* beforeDate;
442 int beforeDateLen;
443 byte* afterDate;
444 int afterDateLen;
445#ifdef HAVE_PKCS7
446 byte* issuerRaw; /* pointer to issuer inside source */
447 int issuerRawLen;
448#endif
449#ifndef IGNORE_NAME_CONSTRAINT
450 byte* subjectRaw; /* pointer to subject inside source */
451 int subjectRawLen;
452#endif
453#if defined(WOLFSSL_CERT_GEN)
454 /* easy access to subject info for other sign */
455 char* subjectSN;
456 int subjectSNLen;
457 char subjectSNEnc;
458 char* subjectC;
459 int subjectCLen;
460 char subjectCEnc;
461 char* subjectL;
462 int subjectLLen;
463 char subjectLEnc;
464 char* subjectST;
465 int subjectSTLen;
466 char subjectSTEnc;
467 char* subjectO;
468 int subjectOLen;
469 char subjectOEnc;
470 char* subjectOU;
471 int subjectOULen;
472 char subjectOUEnc;
473 char* subjectEmail;
474 int subjectEmailLen;
475#endif /* WOLFSSL_CERT_GEN */
476#ifdef OPENSSL_EXTRA
477 DecodedName issuerName;
478 DecodedName subjectName;
479#endif /* OPENSSL_EXTRA */
480#ifdef WOLFSSL_SEP
481 int deviceTypeSz;
482 byte* deviceType;
483 int hwTypeSz;
484 byte* hwType;
485 int hwSerialNumSz;
486 byte* hwSerialNum;
487 #ifdef OPENSSL_EXTRA
488 byte extCertPolicySet;
489 byte extCertPolicyCrit;
490 #endif /* OPENSSL_EXTRA */
491#endif /* WOLFSSL_SEP */
492#ifdef WOLFSSL_CERT_EXT
493 char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
494 int extCertPoliciesNb;
495#endif /* WOLFSSL_CERT_EXT */
496};
497
498extern const char* BEGIN_CERT;
499extern const char* END_CERT;
500extern const char* BEGIN_CERT_REQ;
501extern const char* END_CERT_REQ;
502extern const char* BEGIN_DH_PARAM;
503extern const char* END_DH_PARAM;
504extern const char* BEGIN_X509_CRL;
505extern const char* END_X509_CRL;
506extern const char* BEGIN_RSA_PRIV;
507extern const char* END_RSA_PRIV;
508extern const char* BEGIN_PRIV_KEY;
509extern const char* END_PRIV_KEY;
510extern const char* BEGIN_ENC_PRIV_KEY;
511extern const char* END_ENC_PRIV_KEY;
512extern const char* BEGIN_EC_PRIV;
513extern const char* END_EC_PRIV;
514extern const char* BEGIN_DSA_PRIV;
515extern const char* END_DSA_PRIV;
516extern const char* BEGIN_PUB_KEY;
517extern const char* END_PUB_KEY;
518
519#ifdef NO_SHA
520 #define SIGNER_DIGEST_SIZE SHA256_DIGEST_SIZE
521#else
522 #define SIGNER_DIGEST_SIZE SHA_DIGEST_SIZE
523#endif
524
525/* CA Signers */
526/* if change layout change PERSIST_CERT_CACHE functions too */
527struct Signer {
528 word32 pubKeySize;
529 word32 keyOID; /* key type */
530 word16 keyUsage;
531 byte* publicKey;
532 int nameLen;
533 char* name; /* common name */
534#ifndef IGNORE_NAME_CONSTRAINTS
535 Base_entry* permittedNames;
536 Base_entry* excludedNames;
537#endif /* IGNORE_NAME_CONSTRAINTS */
538 byte subjectNameHash[SIGNER_DIGEST_SIZE];
539 /* sha hash of names in certificate */
540 #ifndef NO_SKID
541 byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
542 /* sha hash of names in certificate */
543 #endif
544 Signer* next;
545};
546
547
548/* not for public consumption but may use for testing sometimes */
549#ifdef WOLFSSL_TEST_CERT
550 #define WOLFSSL_TEST_API WOLFSSL_API
551#else
552 #define WOLFSSL_TEST_API WOLFSSL_LOCAL
553#endif
554
555WOLFSSL_TEST_API void FreeAltNames(DNS_entry*, void*);
556#ifndef IGNORE_NAME_CONSTRAINTS
557 WOLFSSL_TEST_API void FreeNameSubtrees(Base_entry*, void*);
558#endif /* IGNORE_NAME_CONSTRAINTS */
559WOLFSSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);
560WOLFSSL_TEST_API void FreeDecodedCert(DecodedCert*);
561WOLFSSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
562
563WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
564WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
565
566WOLFSSL_LOCAL Signer* MakeSigner(void*);
567WOLFSSL_LOCAL void FreeSigner(Signer*, void*);
568WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*);
569
570
571WOLFSSL_LOCAL int ToTraditional(byte* buffer, word32 length);
572WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int);
573
574WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);
575
576/* ASN.1 helper functions */
577WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
578 word32 maxIdx);
579WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
580 word32 maxIdx);
581WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
582 word32 maxIdx);
583WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
584 int* version);
585WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
586 word32 maxIdx);
587WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
588 word32 maxIdx);
589WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
590WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
591WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
592WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
593WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
594WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
595WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
596WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
597WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output);
598WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
599 int maxIdx);
600
601#ifdef HAVE_ECC
602 /* ASN sig helpers */
603 WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
604 mp_int* s);
605 WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
606 mp_int* r, mp_int* s);
607#endif
608
609#ifdef WOLFSSL_CERT_GEN
610
611enum cert_enums {
612 NAME_ENTRIES = 8,
613 JOINT_LEN = 2,
614 EMAIL_JOINT_LEN = 9,
615 RSA_KEY = 10,
616 NTRU_KEY = 11,
617 ECC_KEY = 12
618};
619
620#ifndef WOLFSSL_PEMCERT_TODER_DEFINED
621#ifndef NO_FILESYSTEM
622/* forward from wolfSSL */
623WOLFSSL_API
624int wolfSSL_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz);
625#define WOLFSSL_PEMCERT_TODER_DEFINED
626#endif
627#endif
628
629#endif /* WOLFSSL_CERT_GEN */
630
631
632
633/* for pointer use */
634typedef struct CertStatus CertStatus;
635
636#ifdef HAVE_OCSP
637
638enum Ocsp_Response_Status {
639 OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */
640 OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */
641 OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */
642 OCSP_TRY_LATER = 3, /* Try again later */
643 OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */
644 OCSP_UNAUTHROIZED = 6 /* Request unauthorized */
645};
646
647
648enum Ocsp_Cert_Status {
649 CERT_GOOD = 0,
650 CERT_REVOKED = 1,
651 CERT_UNKNOWN = 2
652};
653
654
655enum Ocsp_Sums {
656 OCSP_BASIC_OID = 117,
657 OCSP_NONCE_OID = 118
658};
659
660
661typedef struct OcspRequest OcspRequest;
662typedef struct OcspResponse OcspResponse;
663
664
665struct CertStatus {
666 CertStatus* next;
667
668 byte serial[EXTERNAL_SERIAL_SIZE];
669 int serialSz;
670
671 int status;
672
673 byte thisDate[MAX_DATE_SIZE];
674 byte nextDate[MAX_DATE_SIZE];
675 byte thisDateFormat;
676 byte nextDateFormat;
677};
678
679
680struct OcspResponse {
681 int responseStatus; /* return code from Responder */
682
683 byte* response; /* Pointer to beginning of OCSP Response */
684 word32 responseSz; /* length of the OCSP Response */
685
686 byte producedDate[MAX_DATE_SIZE];
687 /* Date at which this response was signed */
688 byte producedDateFormat; /* format of the producedDate */
689 byte* issuerHash;
690 byte* issuerKeyHash;
691
692 byte* cert;
693 word32 certSz;
694
695 byte* sig; /* Pointer to sig in source */
696 word32 sigSz; /* Length in octets for the sig */
697 word32 sigOID; /* OID for hash used for sig */
698
699 CertStatus* status; /* certificate status to fill out */
700
701 byte* nonce; /* pointer to nonce inside ASN.1 response */
702 int nonceSz; /* length of the nonce string */
703
704 byte* source; /* pointer to source buffer, not owned */
705 word32 maxIdx; /* max offset based on init size */
706};
707
708
709struct OcspRequest {
710 DecodedCert* cert;
711
712 byte useNonce;
713 byte nonce[MAX_OCSP_NONCE_SZ];
714 int nonceSz;
715
716 byte* issuerHash; /* pointer to issuerHash in source cert */
717 byte* issuerKeyHash; /* pointer to issuerKeyHash in source cert */
718 byte* serial; /* pointer to serial number in source cert */
719 int serialSz; /* length of the serial number */
720
721 byte* dest; /* pointer to the destination ASN.1 buffer */
722 word32 destSz; /* length of the destination buffer */
723};
724
725
726WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32);
727WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*);
728
729WOLFSSL_LOCAL void InitOcspRequest(OcspRequest*, DecodedCert*,
730 byte, byte*, word32);
731WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*);
732
733WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*);
734
735
736#endif /* HAVE_OCSP */
737
738
739/* for pointer use */
740typedef struct RevokedCert RevokedCert;
741
742#ifdef HAVE_CRL
743
744struct RevokedCert {
745 byte serialNumber[EXTERNAL_SERIAL_SIZE];
746 int serialSz;
747 RevokedCert* next;
748};
749
750typedef struct DecodedCRL DecodedCRL;
751
752struct DecodedCRL {
753 word32 certBegin; /* offset to start of cert */
754 word32 sigIndex; /* offset to start of signature */
755 word32 sigLength; /* length of signature */
756 word32 signatureOID; /* sum of algorithm object id */
757 byte* signature; /* pointer into raw source, not owned */
758 byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer hash */
759 byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
760 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
761 byte nextDate[MAX_DATE_SIZE]; /* next update date */
762 byte lastDateFormat; /* format of last date */
763 byte nextDateFormat; /* format of next date */
764 RevokedCert* certs; /* revoked cert list */
765 int totalCerts; /* number on list */
766};
767
768WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*);
769WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm);
770WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
771
772
773#endif /* HAVE_CRL */
774
775
776#ifdef __cplusplus
777 } /* extern "C" */
778#endif
779
780#endif /* !NO_ASN */
781#endif /* WOLF_CRYPT_ASN_H */
782
Note: See TracBrowser for help on using the repository browser.