- Timestamp:
- Jun 22, 2021, 9:00:19 PM (3 years ago)
- Location:
- azure_iot_hub_f767zi/trunk/wolfssl-4.7.0
- Files:
-
- 1 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfssl/wolfcrypt/asn.h
r457 r464 24 24 */ 25 25 26 /* 27 28 DESCRIPTION 29 This library provides the interface to Abstract Syntax Notation One (ASN.1) objects. 30 ASN.1 is a standard interface description language for defining data structures 31 that can be serialized and deserialized in a cross-platform way. 32 33 */ 26 34 #ifndef WOLF_CRYPT_ASN_H 27 35 #define WOLF_CRYPT_ASN_H … … 93 101 ASN_SET = 0x11, 94 102 ASN_PRINTABLE_STRING = 0x13, 103 ASN_IA5_STRING = 0x16, 95 104 ASN_UTC_TIME = 0x17, 96 105 ASN_OTHER_TYPE = 0x00, … … 134 143 ASN_DOMAIN_COMPONENT = 0x19 /* DC */ 135 144 }; 145 146 /* This is the size of the smallest possible PEM header and footer */ 147 extern const int pem_struct_min_sz; 136 148 137 149 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) … … 195 207 NID_sha384 = 673, 196 208 NID_sha512 = 674, 209 NID_pkcs9_challengePassword = 54, 197 210 NID_hw_name_oid = 73, 198 211 NID_id_pkix_OCSP_basic = 74, … … 221 234 NID_tlsfeature = 1020, /* id-pe 24 */ 222 235 NID_commonName = 0x03, /* matches ASN_COMMON_NAME in asn.h */ 236 NID_buildingName = 1494, 223 237 224 238 … … 234 248 NID_businessCategory = ASN_BUS_CAT, 235 249 NID_domainComponent = ASN_DOMAIN_COMPONENT, 250 NID_userId = 458, 236 251 NID_emailAddress = 0x30, /* emailAddress */ 237 252 NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */ … … 292 307 RSA_INTS = 8, /* RSA ints in private key */ 293 308 DSA_INTS = 5, /* DSA ints in private key */ 294 MIN_DATE_SIZE = 1 3,309 MIN_DATE_SIZE = 12, 295 310 MAX_DATE_SIZE = 32, 296 311 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ … … 327 342 MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, 328 343 /* Maximum DER digest ASN header size */ 344 /* Max X509 header length indicates the max length + 2 ('\n', '\0') */ 345 MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */ 329 346 #ifdef WOLFSSL_CERT_GEN 330 347 #ifdef WOLFSSL_CERT_REQ … … 340 357 /* Max total extensions, id + len + others */ 341 358 #endif 342 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) 359 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ 360 defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL) 343 361 MAX_OID_SZ = 32, /* Max DER length of OID*/ 344 362 MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ … … 355 373 #endif 356 374 MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/ 357 MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */358 375 OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ 359 376 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ … … 370 387 ASN_TAG_SZ = 1, /* single byte ASN.1 tag */ 371 388 MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ 389 MAX_X509_VERSION = 3, /* Max X509 version allowed */ 390 MIN_X509_VERSION = 0, /* Min X509 version allowed */ 391 WOLFSSL_X509_V1 = 0, 392 WOLFSSL_X509_V2 = 1, 393 WOLFSSL_X509_V3 = 2, 372 394 #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ 373 395 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ … … 378 400 PKCS5_SALT_SZ = 8, 379 401 380 PEM_LINE_LEN = 80, /* PEM line max + fudge */ 381 }; 402 PEM_LINE_SZ = 64, /* Length of Base64 encoded line, not including new line */ 403 PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */ 404 }; 405 406 #ifndef WC_MAX_NAME_ENTRIES 407 /* entries added to x509 name struct */ 408 #define WC_MAX_NAME_ENTRIES 13 409 #endif 410 #define MAX_NAME_ENTRIES WC_MAX_NAME_ENTRIES 382 411 383 412 … … 403 432 oidTlsExtType = 18, 404 433 oidCrlExtType = 19, 434 oidCsrAttrType = 20, 405 435 oidIgnoreType 406 436 }; … … 519 549 ISSUE_ALT_NAMES_OID = 132, 520 550 TLS_FEATURE_OID = 92, /* id-pe 24 */ 521 NETSCAPE_CT_OID = 753 /* 2.16.840.1.113730.1.1 */ 551 NETSCAPE_CT_OID = 753, /* 2.16.840.1.113730.1.1 */ 552 OCSP_NOCHECK_OID = 121 /* 1.3.6.1.5.5.7.48.1.5 553 id-pkix-ocsp-nocheck */ 522 554 }; 523 555 … … 564 596 SKID_TYPE = 0, 565 597 AKID_TYPE = 1 598 }; 599 #endif 600 601 #ifdef WOLFSSL_CERT_REQ 602 enum CsrAttrType { 603 CHALLENGE_PASSWORD_OID = 659, 604 SERIAL_NUMBER_OID = 94, 605 EXTENSION_REQUEST_OID = 666, 566 606 }; 567 607 #endif … … 607 647 }; 608 648 609 #define DOMAIN_COMPONENT_MAX 10610 #define DN_NAMES_MAX 9611 612 struct DecodedName {613 char* fullName;614 int fullNameLen;615 int entryCount;616 int cnIdx;617 int cnLen;618 int cnNid;619 int snIdx;620 int snLen;621 int snNid;622 int cIdx;623 int cLen;624 int cNid;625 int lIdx;626 int lLen;627 int lNid;628 int stIdx;629 int stLen;630 int stNid;631 int oIdx;632 int oLen;633 int oNid;634 int ouIdx;635 int ouLen;636 #ifdef WOLFSSL_CERT_EXT637 int bcIdx;638 int bcLen;639 int jcIdx;640 int jcLen;641 int jsIdx;642 int jsLen;643 #endif644 int ouNid;645 int emailIdx;646 int emailLen;647 int emailNid;648 int uidIdx;649 int uidLen;650 int uidNid;651 int serialIdx;652 int serialLen;653 int serialNid;654 int dcIdx[DOMAIN_COMPONENT_MAX];655 int dcLen[DOMAIN_COMPONENT_MAX];656 int dcNum;657 int dcMode;658 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)659 /* hold the location / order with which each of the DN tags was found660 *661 * example of ASN_DOMAIN_COMPONENT at index 0 if first found and so on.662 */663 int loc[DOMAIN_COMPONENT_MAX + DN_NAMES_MAX];664 int locSz;665 #endif666 };667 649 668 650 enum SignatureState { … … 697 679 #ifndef NO_RSA 698 680 byte* out; 699 byte* plain; 700 #endif 701 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 681 #endif 682 #if !(defined(NO_RSA) && defined(NO_DSA)) 683 byte* sigCpy; 684 #endif 685 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ 686 !defined(NO_DSA) 702 687 int verify; 703 688 #endif … … 705 690 #ifndef NO_RSA 706 691 struct RsaKey* rsa; 692 #endif 693 #ifndef NO_DSA 694 struct DsaKey* dsa; 707 695 #endif 708 696 #ifdef HAVE_ECC … … 782 770 783 771 typedef struct DecodedCert DecodedCert; 784 typedef struct DecodedName DecodedName;785 772 typedef struct Signer Signer; 786 773 #ifdef WOLFSSL_TRUST_PEER_CERT … … 804 791 #ifndef IGNORE_NAME_CONSTRAINTS 805 792 DNS_entry* altEmailNames; /* alt names list of RFC822 entries */ 793 DNS_entry* altDirNames; /* alt names list of DIR entries */ 806 794 Base_entry* permittedNames; /* Permitted name bases */ 807 795 Base_entry* excludedNames; /* Excluded name bases */ … … 909 897 #endif /* WOLFSSL_CERT_GEN */ 910 898 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 911 DecodedName issuerName; 912 DecodedName subjectName; 899 /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */ 900 void* issuerName; 901 void* subjectName; 913 902 #endif /* OPENSSL_EXTRA */ 914 903 #ifdef WOLFSSL_SEP … … 925 914 #endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */ 926 915 916 #ifdef WOLFSSL_CERT_REQ 917 /* CSR attributes */ 918 char* cPwd; /* challengePassword */ 919 int cPwdLen; 920 char* sNum; /* Serial Number */ 921 int sNumLen; 922 #endif /* WOLFSSL_CERT_REQ */ 923 927 924 Signer* ca; 928 925 #ifndef NO_CERTS … … 948 945 byte extKeyUsageSet : 1; 949 946 byte extExtKeyUsageSet : 1; /* Extended Key Usage set */ 947 #ifdef HAVE_OCSP 948 byte ocspNoCheckSet : 1; /* id-pkix-ocsp-nocheck set */ 949 #endif 950 950 byte extCRLdistSet : 1; 951 951 byte extAuthInfoSet : 1; … … 973 973 byte extCertPolicyCrit : 1; 974 974 #endif 975 975 #ifdef WOLFSSL_CERT_REQ 976 byte isCSR : 1; /* Do we intend on parsing a CSR? */ 977 #endif 976 978 }; 977 979 … … 1049 1051 #endif 1050 1052 1053 #ifdef HAVE_SMIME 1054 #define MIME_HEADER_ASCII_MIN 33 1055 #define MIME_HEADER_ASCII_MAX 126 1056 1057 typedef struct MimeParam MimeParam; 1058 typedef struct MimeHdr MimeHdr; 1059 1060 struct MimeParam 1061 { 1062 MimeParam* next; 1063 char* attribute; 1064 char* value; 1065 }; 1066 1067 struct MimeHdr 1068 { 1069 MimeHdr* next; 1070 MimeParam* params; 1071 char* name; 1072 char* body; 1073 }; 1074 1075 typedef enum MimeTypes 1076 { 1077 MIME_HDR, 1078 MIME_PARAM 1079 } MimeTypes; 1080 1081 typedef enum MimeStatus 1082 { 1083 MIME_NAMEATTR, 1084 MIME_BODYVAL 1085 } MimeStatus; 1086 #endif /* HAVE_SMIME */ 1087 1088 1051 1089 WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash); 1090 WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx); 1052 1091 1053 1092 WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, … … 1069 1108 WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz, 1070 1109 void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID); 1110 #ifdef WOLFSSL_CERT_REQ 1111 WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap, 1112 const byte* pubKey, word32 pubKeySz, int pubKeyOID); 1113 #endif /* WOLFSSL_CERT_REQ */ 1114 WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, 1115 int sigAlgoType); 1071 1116 WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); 1072 1117 WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); … … 1116 1161 wolfssl_tm* certTime, int* idx); 1117 1162 WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b); 1118 WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType);1163 WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType); 1119 1164 WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn); 1120 1165 … … 1122 1167 #ifdef WOLFSSL_CERT_GEN 1123 1168 WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name); 1169 WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx); 1170 WOLFSSL_LOCAL byte GetCertNameId(int idx); 1124 1171 #endif 1125 1172 WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, … … 1139 1186 WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len, 1140 1187 word32 maxIdx); 1188 WOLFSSL_LOCAL int CheckBitString(const byte* input, word32* inOutIdx, int* len, 1189 word32 maxIdx, int zeroBits, byte* unusedBits); 1141 1190 WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, 1142 1191 word32 maxIdx); … … 1173 1222 WOLFSSL_LOCAL int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); 1174 1223 #endif 1224 WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output); 1175 1225 WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output); 1176 1226 WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output); … … 1185 1235 WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, 1186 1236 int maxIdx); 1187 WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); 1237 WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der); 1238 WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, 1239 const byte* pubKey, word32 pubKeySz, enum Key_Sum ks); 1188 1240 WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g); 1189 1241 WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*); … … 1193 1245 WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, 1194 1246 mp_int* s); 1247 WOLFSSL_LOCAL int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, 1248 const byte* r, word32 rLen, const byte* s, word32 sLen); 1249 WOLFSSL_LOCAL int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, 1250 byte* r, word32* rLen, byte* s, word32* sLen); 1251 #endif 1252 #if defined(HAVE_ECC) || !defined(NO_DSA) 1195 1253 WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, 1196 1254 mp_int* r, mp_int* s); … … 1215 1273 1216 1274 #endif /* !NO_CERTS */ 1275 1276 #ifdef HAVE_SMIME 1277 WOLFSSL_LOCAL int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** hdrs); 1278 WOLFSSL_LOCAL int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end); 1279 WOLFSSL_LOCAL int wc_MIME_create_header(char* name, char* body, MimeHdr** hdr); 1280 WOLFSSL_LOCAL int wc_MIME_create_parameter(char* attribute, char* value, MimeParam** param); 1281 WOLFSSL_LOCAL MimeHdr* wc_MIME_find_header_name(const char* name, MimeHdr* hdr); 1282 WOLFSSL_LOCAL MimeParam* wc_MIME_find_param_attr(const char* attribute, MimeParam* param); 1283 WOLFSSL_LOCAL int wc_MIME_free_hdrs(MimeHdr* head); 1284 #endif /* HAVE_SMIME */ 1217 1285 1218 1286 #ifdef WOLFSSL_CERT_GEN … … 1231 1299 ECC_KEY = 12, 1232 1300 ED25519_KEY = 13, 1233 ED448_KEY = 14 1301 ED448_KEY = 14, 1302 DSA_KEY = 15 1234 1303 }; 1235 1304 … … 1282 1351 byte serial[EXTERNAL_SERIAL_SIZE]; 1283 1352 int serialSz; 1353 #ifdef OPENSSL_EXTRA 1354 WOLFSSL_ASN1_INTEGER* serialInt; 1355 #endif 1284 1356 1285 1357 int status; … … 1289 1361 byte thisDateFormat; 1290 1362 byte nextDateFormat; 1291 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 1363 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) 1292 1364 WOLFSSL_ASN1_TIME thisDateParsed; 1293 1365 WOLFSSL_ASN1_TIME nextDateParsed; … … 1300 1372 }; 1301 1373 1302 1374 typedef struct OcspEntry OcspEntry; 1375 1376 #ifdef NO_SHA 1377 #define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE 1378 #else 1379 #define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE 1380 #endif 1381 1382 struct OcspEntry 1383 { 1384 OcspEntry *next; /* next entry */ 1385 word32 hashAlgoOID; /* hash algo ID */ 1386 byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ 1387 byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ 1388 CertStatus *status; /* OCSP response list */ 1389 int totalStatus; /* number on list */ 1390 byte* rawCertId; /* raw bytes of the CertID */ 1391 int rawCertIdSize; /* num bytes in raw CertID */ 1392 /* option bits - using 32-bit for alignment */ 1393 word32 isDynamic:1; /* was dynamically allocated */ 1394 1395 }; 1396 1397 /* TODO: Long-term, it would be helpful if we made this struct and other OCSP 1398 structs conform to the ASN spec as described in RFC 6960. It will help 1399 with readability and with implementing OpenSSL compatibility API 1400 functions, because OpenSSL's OCSP data structures conform to the 1401 RFC. */ 1303 1402 struct OcspResponse { 1304 1403 int responseStatus; /* return code from Responder */ … … 1310 1409 /* Date at which this response was signed */ 1311 1410 byte producedDateFormat; /* format of the producedDate */ 1312 byte* issuerHash;1313 byte* issuerKeyHash;1314 1411 1315 1412 byte* cert; … … 1320 1417 word32 sigOID; /* OID for hash used for sig */ 1321 1418 1322 CertStatus* status; /* certificate status to fill out*/1419 OcspEntry* single; /* chain of OCSP single responses */ 1323 1420 1324 1421 byte* nonce; /* pointer to nonce inside ASN.1 response */ … … 1331 1428 int verifyError; 1332 1429 #endif 1430 void* heap; 1333 1431 }; 1334 1432 … … 1351 1449 }; 1352 1450 1353 typedef struct OcspEntry OcspEntry; 1354 1355 #ifdef NO_SHA 1356 #define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE 1357 #else 1358 #define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE 1359 #endif 1360 1361 struct OcspEntry 1362 { 1363 OcspEntry *next; /* next entry */ 1364 byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ 1365 byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ 1366 CertStatus *status; /* OCSP response list */ 1367 int totalStatus; /* number on list */ 1368 }; 1369 1370 WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, CertStatus*, byte*, word32); 1371 WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int); 1451 WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, OcspEntry*, CertStatus*, byte*, word32, void*); 1452 WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse*); 1453 WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int); 1372 1454 1373 1455 WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*); … … 1447 1529 1448 1530 enum PBESTypes { 1449 PBE_MD5_DES = 0, 1450 PBE_SHA1_RC4_128 = 1, 1451 PBE_SHA1_DES = 2, 1452 PBE_SHA1_DES3 = 3, 1453 PBE_AES256_CBC = 4, 1454 PBE_AES128_CBC = 5, 1531 PBE_MD5_DES = 0, 1532 PBE_SHA1_RC4_128 = 1, 1533 PBE_SHA1_DES = 2, 1534 PBE_SHA1_DES3 = 3, 1535 PBE_AES256_CBC = 4, 1536 PBE_AES128_CBC = 5, 1537 PBE_SHA1_40RC2_CBC = 6, 1455 1538 1456 1539 PBE_SHA1_RC4_128_SUM = 657,
Note:
See TracChangeset
for help on using the changeset viewer.