- Timestamp:
- Feb 7, 2019, 8:36:33 AM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/wolfssl/wolfcrypt/asn.h
r352 r372 20 20 */ 21 21 22 /*! 23 \file wolfssl/wolfcrypt/asn.h 24 */ 22 25 23 26 #ifndef WOLF_CRYPT_ASN_H … … 28 31 #ifndef NO_ASN 29 32 33 34 #if !defined(NO_ASN_TIME) && defined(NO_TIME_H) 35 #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */ 36 #endif 37 30 38 #include <wolfssl/wolfcrypt/integer.h> 31 39 32 40 /* fips declare of RsaPrivateKeyDecode @wc_fips */ 33 #if defined(HAVE_FIPS) && !defined(NO_RSA) 41 #if defined(HAVE_FIPS) && !defined(NO_RSA) && \ 42 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) 34 43 #include <cyassl/ctaocrypt/rsa.h> 35 44 #endif … … 50 59 #include <wolfssl/wolfcrypt/asn_public.h> /* public interface */ 51 60 61 #if defined(NO_SHA) && defined(NO_SHA256) 62 #define WC_SHA256_DIGEST_SIZE 32 63 #endif 52 64 53 65 #ifdef __cplusplus … … 77 89 ASN_SEQUENCE = 0x10, 78 90 ASN_SET = 0x11, 91 ASN_PRINTABLE_STRING = 0x13, 79 92 ASN_UTC_TIME = 0x17, 80 93 ASN_OTHER_TYPE = 0x00, … … 82 95 ASN_DNS_TYPE = 0x02, 83 96 ASN_DIR_TYPE = 0x04, 97 ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */ 84 98 ASN_GENERALIZED_TIME = 0x18, 85 99 CRL_EXTENSIONS = 0xa0, 86 100 ASN_EXTENSIONS = 0xa3, 87 ASN_LONG_LENGTH = 0x80 88 }; 89 90 enum ASN_Flags { 101 ASN_LONG_LENGTH = 0x80, 102 ASN_INDEF_LENGTH = 0x80, 103 104 /* ASN_Flags - Bitmask */ 91 105 ASN_CONSTRUCTED = 0x20, 92 ASN_CONTEXT_SPECIFIC = 0x80 93 }; 106 ASN_APPLICATION = 0x40, 107 ASN_CONTEXT_SPECIFIC = 0x80, 108 }; 109 110 #define ASN_UTC_TIME_SIZE 14 111 #define ASN_GENERALIZED_TIME_SIZE 16 112 #define ASN_GENERALIZED_TIME_MAX 68 94 113 95 114 enum DN_Tags { … … 101 120 ASN_STATE_NAME = 0x08, /* ST */ 102 121 ASN_ORG_NAME = 0x0a, /* O */ 103 ASN_ORGUNIT_NAME = 0x0b /* OU */ 104 }; 105 106 enum PBES { 107 PBE_MD5_DES = 0, 108 PBE_SHA1_DES = 1, 109 PBE_SHA1_DES3 = 2, 110 PBE_SHA1_RC4_128 = 3, 111 PBES2 = 13 /* algo ID */ 112 }; 113 114 enum ENCRYPTION_TYPES { 115 DES_TYPE = 0, 116 DES3_TYPE = 1, 117 RC4_TYPE = 2 118 }; 119 120 enum ECC_TYPES { 122 ASN_ORGUNIT_NAME = 0x0b, /* OU */ 123 ASN_BUS_CAT = 0x0f, /* businessCategory */ 124 ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */ 125 126 /* pilot attribute types 127 * OID values of 0.9.2342.19200300.100.1.* */ 128 ASN_USER_ID = 0x01, /* UID */ 129 ASN_DOMAIN_COMPONENT = 0x19 /* DC */ 130 }; 131 132 /* DN Tag Strings */ 133 #define WOLFSSL_COMMON_NAME "/CN=" 134 #define WOLFSSL_SUR_NAME "/SN=" 135 #define WOLFSSL_SERIAL_NUMBER "/serialNumber=" 136 #define WOLFSSL_COUNTRY_NAME "/C=" 137 #define WOLFSSL_LOCALITY_NAME "/L=" 138 #define WOLFSSL_STATE_NAME "/ST=" 139 #define WOLFSSL_ORG_NAME "/O=" 140 #define WOLFSSL_ORGUNIT_NAME "/OU=" 141 #define WOLFSSL_DOMAIN_COMPONENT "/DC=" 142 #define WOLFSSL_BUS_CAT "/businessCategory=" 143 #define WOLFSSL_JOI_C "/jurisdictionC=" 144 #define WOLFSSL_JOI_ST "/jurisdictionST=" 145 #define WOLFSSL_EMAIL_ADDR "/emailAddress=" 146 147 /* NIDs */ 148 enum 149 { 150 NID_undef = 0, 151 NID_des = 66, 152 NID_des3 = 67, 153 NID_sha256 = 672, 154 NID_sha384 = 673, 155 NID_sha512 = 674, 156 NID_hw_name_oid = 73, 157 NID_id_pkix_OCSP_basic = 74, 158 NID_any_policy = 75, 159 NID_anyExtendedKeyUsage = 76, 160 NID_basic_constraints = 133, 161 NID_key_usage = 129, /* 2.5.29.15 */ 162 NID_ext_key_usage = 151, /* 2.5.29.37 */ 163 NID_subject_key_identifier = 128, 164 NID_authority_key_identifier = 149, 165 NID_private_key_usage_period = 130, /* 2.5.29.16 */ 166 NID_subject_alt_name = 131, 167 NID_issuer_alt_name = 132, 168 NID_info_access = 69, 169 NID_sinfo_access = 79, /* id-pe 11 */ 170 NID_name_constraints = 144, /* 2.5.29.30 */ 171 NID_certificate_policies = 146, 172 NID_policy_mappings = 147, 173 NID_policy_constraints = 150, 174 NID_inhibit_any_policy = 168, /* 2.5.29.54 */ 175 NID_tlsfeature = 92, /* id-pe 24 */ 176 NID_commonName = 0x03, /* matchs ASN_COMMON_NAME in asn.h */ 177 NID_surname = 0x04, /* SN */ 178 NID_serialNumber = 0x05, /* serialNumber */ 179 NID_countryName = 0x06, /* C */ 180 NID_localityName = 0x07, /* L */ 181 NID_stateOrProvinceName = 0x08, /* ST */ 182 NID_organizationName = 0x0a, /* O */ 183 NID_organizationalUnitName = 0x0b, /* OU */ 184 NID_domainComponent = 0x19, /* matchs ASN_DOMAIN_COMPONENT in asn.h */ 185 NID_emailAddress = 0x30, /* emailAddress */ 186 }; 187 188 enum ECC_TYPES 189 { 121 190 ECC_PREFIX_0 = 160, 122 191 ECC_PREFIX_1 = 161 123 192 }; 124 193 194 #ifdef WOLFSSL_CERT_PIV 195 enum PIV_Tags { 196 ASN_PIV_CERT = 0x0A, 197 ASN_PIV_NONCE = 0x0B, 198 ASN_PIV_SIGNED_NONCE = 0x0C, 199 200 ASN_PIV_TAG_CERT = 0x70, 201 ASN_PIV_TAG_CERT_INFO = 0x71, 202 ASN_PIV_TAG_MSCUID = 0x72, 203 ASN_PIV_TAG_ERR_DET = 0xFE, 204 205 /* certificate info masks */ 206 ASN_PIV_CERT_INFO_COMPRESSED = 0x03, 207 ASN_PIV_CERT_INFO_ISX509 = 0x04, 208 }; 209 #endif /* WOLFSSL_CERT_PIV */ 210 211 212 #define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01" 213 #define ASN_JOI_C 0x3 214 #define ASN_JOI_ST 0x2 215 216 #ifndef WC_ASN_NAME_MAX 217 #define WC_ASN_NAME_MAX 256 218 #endif 219 125 220 enum Misc_ASN { 126 ASN_NAME_MAX = 256,221 ASN_NAME_MAX = WC_ASN_NAME_MAX, 127 222 MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */ 128 223 MAX_IV_SIZE = 64, /* MAX PKCS Iv length */ 129 MAX_KEY_SIZE = 64, /* MAX PKCS Key length */130 PKCS5 = 5, /* PKCS oid tag */131 PKCS5v2 = 6, /* PKCS #5 v2.0 */132 PKCS8v0 = 0, /* default PKCS#8 version */133 PKCS12v1 = 12, /* PKCS #12 */134 MAX_UNICODE_SZ = 256,135 224 ASN_BOOL_SIZE = 2, /* including type */ 136 225 ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ … … 146 235 MAX_DATE_SIZE = 32, 147 236 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ 237 #ifndef NO_RSA 148 238 MAX_ENCODED_SIG_SZ = 512, 239 #elif defined(HAVE_ECC) 240 MAX_ENCODED_SIG_SZ = 140, 241 #else 242 MAX_ENCODED_SIG_SZ = 64, 243 #endif 149 244 MAX_SIG_SZ = 256, 150 245 MAX_ALGO_SZ = 20, 246 MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */ 151 247 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ 152 248 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ … … 155 251 MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */ 156 252 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ 157 MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + length(4) */ 253 MAX_ENCODED_DIG_ASN_SZ= 9, /* enum(bit or octet) + length(4) */ 254 MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */ 158 255 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ 159 256 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ … … 163 260 MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */ 164 261 MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */ 165 MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, /* Maximum DER digest size */ 262 MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, 263 /* Maximum DER digest size */ 264 MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ, 265 /* Maximum DER digest ASN header size */ 166 266 #ifdef WOLFSSL_CERT_GEN 167 267 #ifdef WOLFSSL_CERT_REQ … … 177 277 /* Max total extensions, id + len + others */ 178 278 #endif 279 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) 280 MAX_OID_SZ = 32, /* Max DER length of OID*/ 281 MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ 282 #endif 179 283 #ifdef WOLFSSL_CERT_EXT 180 284 MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ 181 285 MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ 182 MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) , /* Max encoded ExtKeyUsage183 (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ + (6 * (SEQ + OID))) */184 MAX_OID_SZ = 32, /* Max DER length of OID*/185 MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/286 MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) + 287 CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage 288 (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ + 289 (6 * (SEQ + OID))) */ 186 290 MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ 187 291 MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, 188 292 #endif 293 MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */ 189 294 OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ 190 295 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ … … 193 298 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, 194 299 /* use bigger NTRU size */ 300 #ifdef WOLFSSL_ENCRYPTED_KEYS 195 301 HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */ 302 #else 303 HEADER_ENCRYPTED_KEY_SIZE = 0, 304 #endif 196 305 TRAILING_ZERO = 1, /* Used for size of zero pad */ 306 ASN_TAG_SZ = 1, /* single byte ASN.1 tag */ 197 307 MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */ 198 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 308 #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ 309 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ 310 defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7) 199 311 MAX_TIME_STRING_SZ = 25, /* Max length of formatted time string */ 200 312 #endif 313 314 PKCS5_SALT_SZ = 8, 315 316 PEM_LINE_LEN = 80, /* PEM line max + fudge */ 201 317 }; 202 318 … … 217 333 oidKeyWrapType = 12, 218 334 oidCmsKeyAgreeType = 13, 335 oidPBEType = 14, 336 oidHmacType = 15, 337 oidCompressType = 16, 338 oidCertNameType = 17, 219 339 oidIgnoreType 220 340 }; … … 232 352 233 353 354 #if !defined(NO_DES3) || !defined(NO_AES) 234 355 enum Block_Sum { 356 #ifdef WOLFSSL_AES_128 235 357 AES128CBCb = 414, 358 AES128GCMb = 418, 359 AES128CCMb = 419, 360 #endif 361 #ifdef WOLFSSL_AES_192 236 362 AES192CBCb = 434, 363 AES192GCMb = 438, 364 AES192CCMb = 439, 365 #endif 366 #ifdef WOLFSSL_AES_256 237 367 AES256CBCb = 454, 368 AES256GCMb = 458, 369 AES256CCMb = 459, 370 #endif 371 #ifndef NO_DES3 238 372 DESb = 69, 239 373 DES3b = 652 240 }; 374 #endif 375 }; 376 #endif /* !NO_DES3 || !NO_AES */ 241 377 242 378 … … 250 386 251 387 388 #if !defined(NO_AES) || defined(HAVE_PKCS7) 252 389 enum KeyWrap_Sum { 390 #ifdef WOLFSSL_AES_128 253 391 AES128_WRAP = 417, 392 #endif 393 #ifdef WOLFSSL_AES_192 254 394 AES192_WRAP = 437, 255 AES256_WRAP = 457 256 }; 257 395 #endif 396 #ifdef WOLFSSL_AES_256 397 AES256_WRAP = 457, 398 #endif 399 #ifdef HAVE_PKCS7 400 PWRI_KEK_WRAP = 680 /*id-alg-PWRI-KEK, 1.2.840.113549.1.9.16.3.9 */ 401 #endif 402 }; 403 #endif /* !NO_AES || PKCS7 */ 258 404 259 405 enum Key_Agree { … … 304 450 305 451 452 enum HMAC_Sum { 453 HMAC_SHA224_OID = 652, 454 HMAC_SHA256_OID = 653, 455 HMAC_SHA384_OID = 654, 456 HMAC_SHA512_OID = 655 457 }; 458 459 306 460 enum Extensions_Sum { 307 461 BASIC_CA_OID = 133, … … 347 501 }; 348 502 503 #ifdef HAVE_LIBZ 504 enum CompressAlg_Sum { 505 ZLIBc = 679 /* 1.2.840.113549.1.9.16.3.8, id-alg-zlibCompress */ 506 }; 507 #endif 349 508 350 509 enum VerifyType { … … 352 511 VERIFY = 1, 353 512 VERIFY_CRL = 2, 354 VERIFY_OCSP = 3 513 VERIFY_OCSP = 3, 514 VERIFY_NAME = 4 355 515 }; 356 516 … … 374 534 375 535 /* Extended Key Usage bits (internal mapping only) */ 536 #define EXTKEYUSE_USER 0x80 376 537 #define EXTKEYUSE_OCSP_SIGN 0x40 377 538 #define EXTKEYUSE_TIMESTAMP 0x20 … … 386 547 struct DNS_entry { 387 548 DNS_entry* next; /* next on DNS list */ 549 int type; /* i.e. ASN_DNS_TYPE */ 550 int len; /* actual DNS len */ 388 551 char* name; /* actual DNS name */ 389 552 }; … … 399 562 }; 400 563 564 #define DOMAIN_COMPONENT_MAX 10 401 565 402 566 struct DecodedName { … … 406 570 int cnIdx; 407 571 int cnLen; 572 int cnNid; 408 573 int snIdx; 409 574 int snLen; 575 int snNid; 410 576 int cIdx; 411 577 int cLen; 578 int cNid; 412 579 int lIdx; 413 580 int lLen; 581 int lNid; 414 582 int stIdx; 415 583 int stLen; 584 int stNid; 416 585 int oIdx; 417 586 int oLen; 587 int oNid; 418 588 int ouIdx; 419 589 int ouLen; 590 #ifdef WOLFSSL_CERT_EXT 591 int bcIdx; 592 int bcLen; 593 int jcIdx; 594 int jcLen; 595 int jsIdx; 596 int jsLen; 597 #endif 598 int ouNid; 420 599 int emailIdx; 421 600 int emailLen; 601 int emailNid; 422 602 int uidIdx; 423 603 int uidLen; 604 int uidNid; 424 605 int serialIdx; 425 606 int serialLen; 607 int serialNid; 608 int dcIdx[DOMAIN_COMPONENT_MAX]; 609 int dcLen[DOMAIN_COMPONENT_MAX]; 610 int dcNum; 611 int dcMode; 426 612 }; 427 613 … … 433 619 SIG_STATE_CHECK, 434 620 }; 621 622 623 #ifdef HAVE_PK_CALLBACKS 624 #ifdef HAVE_ECC 625 typedef int (*wc_CallbackEccVerify)( 626 const unsigned char* sig, unsigned int sigSz, 627 const unsigned char* hash, unsigned int hashSz, 628 const unsigned char* keyDer, unsigned int keySz, 629 int* result, void* ctx); 630 #endif 631 #ifndef NO_RSA 632 typedef int (*wc_CallbackRsaVerify)( 633 unsigned char* sig, unsigned int sigSz, 634 unsigned char** out, 635 const unsigned char* keyDer, unsigned int keySz, 636 void* ctx); 637 #endif 638 #endif /* HAVE_PK_CALLBACKS */ 435 639 436 640 struct SignatureCtx { … … 465 669 void* asyncCtx; 466 670 #endif 671 672 #ifdef HAVE_PK_CALLBACKS 673 #ifdef HAVE_ECC 674 wc_CallbackEccVerify pkCbEcc; 675 void* pkCtxEcc; 676 #endif 677 #ifndef NO_RSA 678 wc_CallbackRsaVerify pkCbRsa; 679 void* pkCtxRsa; 680 #endif 681 #endif /* HAVE_PK_CALLBACKS */ 467 682 }; 468 683 … … 496 711 497 712 struct DecodedCert { 498 byte*publicKey;713 const byte* publicKey; 499 714 word32 pubKeySize; 500 715 int pubKeyStored; … … 516 731 byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ 517 732 #endif /* HAVE_OCSP */ 518 byte* signature;/* not owned, points into raw cert */733 const byte* signature; /* not owned, points into raw cert */ 519 734 char* subjectCN; /* CommonName */ 520 735 int subjectCNLen; /* CommonName Length */ 521 736 char subjectCNEnc; /* CommonName Encoding */ 522 int subjectCNStored; /* have we saved a copy we own */523 737 char issuer[ASN_NAME_MAX]; /* full name including common name */ 524 738 char subject[ASN_NAME_MAX]; /* full name including common name */ 525 739 int verify; /* Default to yes, but could be off */ 526 byte* source;/* byte buffer holder cert, NOT owner */740 const byte* source; /* byte buffer holder cert, NOT owner */ 527 741 word32 srcIdx; /* current offset into buffer */ 528 742 word32 maxIdx; /* max offset based on init size */ … … 530 744 byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */ 531 745 int serialSz; /* raw serial bytes stored */ 532 byte* extensions;/* not owned, points into raw cert */746 const byte* extensions; /* not owned, points into raw cert */ 533 747 int extensionsSz; /* length of cert extensions */ 534 748 word32 extensionsIdx; /* if want to go back and parse later */ 535 byte* extAuthInfo;/* Authority Information Access URI */749 const byte* extAuthInfo; /* Authority Information Access URI */ 536 750 int extAuthInfoSz; /* length of the URI */ 537 byte* extCrlInfo;/* CRL Distribution Points */751 const byte* extCrlInfo; /* CRL Distribution Points */ 538 752 int extCrlInfoSz; /* length of the URI */ 539 753 byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */ 540 byte extSubjKeyIdSet; /* Set when the SKID was read from cert */541 754 byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */ 542 byte extAuthKeyIdSet; /* Set when the AKID was read from cert */543 #ifndef IGNORE_NAME_CONSTRAINTS544 byte extNameConstraintSet;545 #endif /* IGNORE_NAME_CONSTRAINTS */546 byte isCA; /* CA basic constraint true */547 byte pathLengthSet; /* CA basic const path length set */548 755 byte pathLength; /* CA basic constraint path length */ 549 byte weOwnAltNames; /* altNames haven't been given to copy */550 byte extKeyUsageSet;551 756 word16 extKeyUsage; /* Key usage bitfield */ 552 byte extExtKeyUsageSet; /* Extended Key Usage */553 757 byte extExtKeyUsage; /* Extended Key usage bitfield */ 554 #ifdef OPENSSL_EXTRA 555 byte extCRLdistSet; 556 byte extCRLdistCrit; 557 byte extAuthInfoSet; 558 byte extAuthInfoCrit; 559 byte extBasicConstSet; 560 byte extBasicConstCrit; 561 byte extSubjAltNameSet; 562 byte extSubjAltNameCrit; 563 byte extAuthKeyIdCrit; 564 #ifndef IGNORE_NAME_CONSTRAINTS 565 byte extNameConstraintCrit; 566 #endif /* IGNORE_NAME_CONSTRAINTS */ 567 byte extSubjKeyIdCrit; 568 byte extKeyUsageCrit; 569 byte extExtKeyUsageCrit; 570 byte* extExtKeyUsageSrc; 758 759 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 760 const byte* extExtKeyUsageSrc; 571 761 word32 extExtKeyUsageSz; 572 762 word32 extExtKeyUsageCount; 573 byte*extAuthKeyIdSrc;763 const byte* extAuthKeyIdSrc; 574 764 word32 extAuthKeyIdSz; 575 byte*extSubjKeyIdSrc;765 const byte* extSubjKeyIdSrc; 576 766 word32 extSubjKeyIdSz; 577 767 #endif 768 578 769 #if defined(HAVE_ECC) || defined(HAVE_ED25519) 579 770 word32 pkCurveOID; /* Public Key's curve OID */ 580 771 #endif /* HAVE_ECC */ 581 byte*beforeDate;772 const byte* beforeDate; 582 773 int beforeDateLen; 583 byte*afterDate;774 const byte* afterDate; 584 775 int afterDateLen; 585 #if def HAVE_PKCS7586 byte* issuerRaw;/* pointer to issuer inside source */776 #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) 777 const byte* issuerRaw; /* pointer to issuer inside source */ 587 778 int issuerRawLen; 588 779 #endif 589 780 #ifndef IGNORE_NAME_CONSTRAINT 590 byte* subjectRaw;/* pointer to subject inside source */781 const byte* subjectRaw; /* pointer to subject inside source */ 591 782 int subjectRawLen; 592 783 #endif 593 #if defined(WOLFSSL_CERT_GEN) 784 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) 594 785 /* easy access to subject info for other sign */ 595 786 char* subjectSN; … … 611 802 int subjectOULen; 612 803 char subjectOUEnc; 804 char* subjectSND; 805 int subjectSNDLen; 806 char subjectSNDEnc; 807 #ifdef WOLFSSL_CERT_EXT 808 char* subjectBC; 809 int subjectBCLen; 810 char subjectBCEnc; 811 char* subjectJC; 812 int subjectJCLen; 813 char subjectJCEnc; 814 char* subjectJS; 815 int subjectJSLen; 816 char subjectJSEnc; 817 #endif 613 818 char* subjectEmail; 614 819 int subjectEmailLen; 615 820 #endif /* WOLFSSL_CERT_GEN */ 616 #if def OPENSSL_EXTRA821 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 617 822 DecodedName issuerName; 618 823 DecodedName subjectName; … … 625 830 int hwSerialNumSz; 626 831 byte* hwSerialNum; 627 #ifdef OPENSSL_EXTRA628 byte extCertPolicySet;629 byte extCertPolicyCrit;630 #endif /* OPENSSL_EXTRA */631 832 #endif /* WOLFSSL_SEP */ 632 833 #ifdef WOLFSSL_CERT_EXT 633 834 char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; 634 835 int extCertPoliciesNb; 635 #endif /* WOLFSSL_CERT_EXT*/836 #endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */ 636 837 637 838 Signer* ca; 638 839 SignatureCtx sigCtx; 639 }; 640 641 642 struct WOLFSSL_ASN1_OBJECT { 643 void* heap; 644 byte* obj; 645 int type; /* oid */ 646 word32 objSz; 647 byte dynamic; /* if 1 then obj was dynamiclly created, 0 otherwise */ 648 }; 649 650 651 extern const char* BEGIN_CERT; 652 extern const char* END_CERT; 653 extern const char* BEGIN_CERT_REQ; 654 extern const char* END_CERT_REQ; 655 extern const char* BEGIN_DSA_PARAM; 656 extern const char* END_DSA_PARAM; 657 extern const char* BEGIN_DH_PARAM; 658 extern const char* END_DH_PARAM; 659 extern const char* BEGIN_X509_CRL; 660 extern const char* END_X509_CRL; 661 extern const char* BEGIN_RSA_PRIV; 662 extern const char* END_RSA_PRIV; 663 extern const char* BEGIN_PRIV_KEY; 664 extern const char* END_PRIV_KEY; 665 extern const char* BEGIN_ENC_PRIV_KEY; 666 extern const char* END_ENC_PRIV_KEY; 667 extern const char* BEGIN_EC_PRIV; 668 extern const char* END_EC_PRIV; 669 extern const char* BEGIN_DSA_PRIV; 670 extern const char* END_DSA_PRIV; 671 extern const char* BEGIN_PUB_KEY; 672 extern const char* END_PUB_KEY; 673 extern const char* BEGIN_EDDSA_PRIV; 674 extern const char* END_EDDSA_PRIV; 840 841 /* Option Bits */ 842 byte subjectCNStored : 1; /* have we saved a copy we own */ 843 byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */ 844 byte extAuthKeyIdSet : 1; /* Set when the AKID was read from cert */ 845 #ifndef IGNORE_NAME_CONSTRAINTS 846 byte extNameConstraintSet : 1; 847 #endif 848 byte isCA : 1; /* CA basic constraint true */ 849 byte pathLengthSet : 1; /* CA basic const path length set */ 850 byte weOwnAltNames : 1; /* altNames haven't been given to copy */ 851 byte extKeyUsageSet : 1; 852 byte extExtKeyUsageSet : 1; /* Extended Key Usage set */ 853 byte extCRLdistSet : 1; 854 byte extAuthInfoSet : 1; 855 byte extBasicConstSet : 1; 856 byte extSubjAltNameSet : 1; 857 byte inhibitAnyOidSet : 1; 858 #ifdef WOLFSSL_SEP 859 byte extCertPolicySet : 1; 860 #endif 861 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 862 byte extCRLdistCrit : 1; 863 byte extAuthInfoCrit : 1; 864 byte extBasicConstCrit : 1; 865 byte extSubjAltNameCrit : 1; 866 byte extAuthKeyIdCrit : 1; 867 #ifndef IGNORE_NAME_CONSTRAINTS 868 byte extNameConstraintCrit : 1; 869 #endif 870 byte extSubjKeyIdCrit : 1; 871 byte extKeyUsageCrit : 1; 872 byte extExtKeyUsageCrit : 1; 873 #endif /* OPENSSL_EXTRA */ 874 #ifdef WOLFSSL_SEP 875 byte extCertPolicyCrit : 1; 876 #endif 877 878 }; 879 675 880 676 881 #ifdef NO_SHA … … 688 893 byte pathLength; 689 894 byte pathLengthSet; 690 byte*publicKey;895 const byte* publicKey; 691 896 int nameLen; 692 897 char* name; /* common name */ … … 701 906 /* sha hash of names in certificate */ 702 907 #endif 908 #ifdef WOLFSSL_SIGNER_DER_CERT 909 DerBuffer* derCert; 910 #endif 703 911 Signer* next; 704 912 }; … … 728 936 729 937 /* for testing or custom openssl wrappers */ 730 #if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) 938 #if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ 939 defined(OPENSSL_EXTRA_X509_SMALL) 731 940 #define WOLFSSL_ASN_API WOLFSSL_API 732 941 #else 733 942 #define WOLFSSL_ASN_API WOLFSSL_LOCAL 734 943 #endif 944 945 /* Macro for calculating hashId */ 946 #if defined(NO_SHA) && defined(NO_SHA256) 947 #ifdef WOLF_CRYPTO_DEV 948 #define CalcHashId(data, len, hash) wc_CryptoDevSha256Hash(data, len, hash) 949 #else 950 #define CalcHashId(data, len, hash) NOT_COMPILED_IN 951 #endif 952 #elif defined(NO_SHA) 953 #define CalcHashId(data, len, hash) wc_Sha256Hash(data, len, hash) 954 #else 955 #define CalcHashId(data, len, hash) wc_ShaHash(data, len, hash) 956 #endif 957 958 959 WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, 960 word32* derSz); 735 961 736 962 WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*); … … 738 964 WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*); 739 965 #endif /* IGNORE_NAME_CONSTRAINTS */ 740 WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, byte*, word32, void*);966 WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, const byte*, word32, void*); 741 967 WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*); 742 968 WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm); 743 969 970 WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz, 971 const byte *in, word32 inSz); 972 WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm); 744 973 WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); 745 974 WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); 746 975 976 WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz); 747 977 WOLFSSL_LOCAL Signer* MakeSigner(void*); 748 978 WOLFSSL_LOCAL void FreeSigner(Signer*, void*); … … 754 984 755 985 WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length); 986 WOLFSSL_ASN_API int ToTraditional_ex(byte* buffer, word32 length, 987 word32* algId); 756 988 WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx, 757 989 word32 length); 758 WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int); 990 WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, 991 word32 length, word32* algId); 992 WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int, 993 word32* algId); 994 WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out, 995 word32* outSz, const char* password, int passwordSz, int vPKCS, 996 int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap); 997 WOLFSSL_ASN_API int TraditionalEnc(byte* key, word32 keySz, byte* out, 998 word32* outSz, const char* password, int passwordSz, int vPKCS, 999 int vAlgo, int encAlgId, byte* salt, word32 saltSz, int itt, 1000 WC_RNG* rng, void* heap); 759 1001 WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz); 1002 WOLFSSL_LOCAL int EncryptContent(byte* input, word32 sz, byte* out, word32* outSz, 1003 const char* password,int passwordSz, int vPKCS, int vAlgo, 1004 byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap); 760 1005 WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, 761 1006 word32* oidSz, int* algoID, void* heap); 762 1007 763 1008 typedef struct tm wolfssl_tm; 764 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 1009 #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \ 1010 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 765 1011 WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); 1012 #endif 1013 #if !defined(NO_ASN_TIME) && defined(HAVE_PKCS7) 1014 WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len); 766 1015 #endif 767 1016 WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, 768 1017 wolfssl_tm* certTime, int* idx); 769 1018 WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); 1019 WOLFSSL_LOCAL int OBJ_sn2nid(const char *sn); 770 1020 771 1021 /* ASN.1 helper functions */ … … 775 1025 WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number, 776 1026 word32 maxIdx); 1027 WOLFSSL_LOCAL char* GetSigName(int oid); 777 1028 WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, 778 1029 word32 maxIdx); 1030 WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len, 1031 word32 maxIdx, int check); 779 1032 WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, 780 1033 word32 maxIdx); 1034 WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, 1035 word32 maxIdx, int check); 781 1036 WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, 782 1037 word32 maxIdx); … … 793 1048 word16* out, word32* outSz); 794 1049 #endif 1050 WOLFSSL_LOCAL int GetASNObjectId(const byte* input, word32* inOutIdx, int* len, 1051 word32 maxIdx); 1052 WOLFSSL_LOCAL int SetObjectId(int len, byte* output); 795 1053 WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, 796 1054 word32 oidType, word32 maxIdx); … … 812 1070 int maxIdx); 813 1071 WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); 1072 WOLFSSL_LOCAL int RsaPublicKeyDerSize(RsaKey* key, int with_header); 814 1073 815 1074 #ifdef HAVE_ECC … … 824 1083 WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx); 825 1084 1085 #ifndef NO_CERTS 1086 1087 WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info, char** pBuffer, 1088 size_t bufSz); 1089 1090 WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type, 1091 DerBuffer** pDer, void* heap, EncryptedInfo* info, 1092 int* eccKey); 1093 WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap); 1094 WOLFSSL_LOCAL void FreeDer(DerBuffer** der); 1095 1096 #endif /* !NO_CERTS */ 826 1097 827 1098 #ifdef WOLFSSL_CERT_GEN 828 1099 829 1100 enum cert_enums { 830 NAME_ENTRIES = 8, 1101 #ifdef WOLFSSL_CERT_EXT 1102 NAME_ENTRIES = 10, 1103 #else 1104 NAME_ENTRIES = 9, 1105 #endif 831 1106 JOINT_LEN = 2, 832 1107 EMAIL_JOINT_LEN = 9, 1108 PILOT_JOINT_LEN = 10, 833 1109 RSA_KEY = 10, 834 1110 NTRU_KEY = 11, … … 836 1112 ED25519_KEY = 13 837 1113 }; 838 839 #ifndef WOLFSSL_PEMCERT_TODER_DEFINED840 #ifndef NO_FILESYSTEM841 /* forward from wolfSSL */842 WOLFSSL_API843 int wolfSSL_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz);844 #define WOLFSSL_PEMCERT_TODER_DEFINED845 #endif846 #endif847 1114 848 1115 #endif /* WOLFSSL_CERT_GEN */ … … 877 1144 }; 878 1145 1146 #ifdef OPENSSL_EXTRA 1147 enum Ocsp_Verify_Error { 1148 OCSP_VERIFY_ERROR_NONE = 0, 1149 OCSP_BAD_ISSUER = 1 1150 }; 1151 #endif 1152 879 1153 880 1154 typedef struct OcspRequest OcspRequest; … … 894 1168 byte thisDateFormat; 895 1169 byte nextDateFormat; 896 #if defined( WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)1170 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 897 1171 byte* thisDateAsn; 898 1172 byte* nextDateAsn; … … 930 1204 byte* source; /* pointer to source buffer, not owned */ 931 1205 word32 maxIdx; /* max offset based on init size */ 1206 1207 #ifdef OPENSSL_EXTRA 1208 int verifyError; 1209 #endif 932 1210 }; 933 1211 … … 1011 1289 1012 1290 #endif /* !NO_ASN */ 1291 1292 1293 #if !defined(NO_ASN) || !defined(NO_PWDBASED) 1294 1295 #ifndef MAX_KEY_SIZE 1296 #define MAX_KEY_SIZE 64 /* MAX PKCS Key length */ 1297 #endif 1298 #ifndef MAX_UNICODE_SZ 1299 #define MAX_UNICODE_SZ 256 1300 #endif 1301 1302 enum PBESTypes { 1303 PBE_MD5_DES = 0, 1304 PBE_SHA1_RC4_128 = 1, 1305 PBE_SHA1_DES = 2, 1306 PBE_SHA1_DES3 = 3, 1307 PBE_AES256_CBC = 4, 1308 1309 PBE_SHA1_RC4_128_SUM = 657, 1310 PBE_SHA1_DES3_SUM = 659, 1311 PBES2 = 13 /* algo ID */ 1312 }; 1313 1314 enum PKCSTypes { 1315 PKCS5v2 = 6, /* PKCS #5 v2.0 */ 1316 PKCS12v1 = 12, /* PKCS #12 */ 1317 PKCS5 = 5, /* PKCS oid tag */ 1318 PKCS8v0 = 0, /* default PKCS#8 version */ 1319 }; 1320 1321 #endif /* !NO_ASN || !NO_PWDBASED */ 1322 1013 1323 #endif /* WOLF_CRYPT_ASN_H */
Note:
See TracChangeset
for help on using the changeset viewer.