Todd Ouska
CyaSSL is an SSL library for devices like mbed.
Dependents: cyassl-client Sync
Embed:
(wiki syntax)
Show/hide line numbers
asn.h
00001 /* asn.h 00002 * 00003 * Copyright (C) 2006-2009 Sawtooth Consulting Ltd. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 00020 */ 00021 00022 00023 #ifndef CTAO_CRYPT_ASN_H 00024 #define CTAO_CRYPT_ASN_H 00025 00026 #include "types.h" 00027 #include "ctc_rsa.h" 00028 #include "ctc_dh.h" 00029 #include "ctc_dsa.h" 00030 #include "ctc_sha.h" 00031 00032 00033 #ifdef __cplusplus 00034 extern "C" { 00035 #endif 00036 00037 /* ASN Tags */ 00038 enum ASN_Tags { 00039 ASN_INTEGER = 0x02, 00040 ASN_BIT_STRING = 0x03, 00041 ASN_OCTET_STRING = 0x04, 00042 ASN_TAG_NULL = 0x05, 00043 ASN_OBJECT_ID = 0x06, 00044 ASN_SEQUENCE = 0x10, 00045 ASN_SET = 0x11, 00046 ASN_UTC_TIME = 0x17, 00047 ASN_GENERALIZED_TIME = 0x18, 00048 ASN_LONG_LENGTH = 0x80 00049 }; 00050 00051 00052 enum ASN_Flags{ 00053 ASN_CONSTRUCTED = 0x20, 00054 ASN_CONTEXT_SPECIFIC = 0x80 00055 }; 00056 00057 enum DN_Tags { 00058 ASN_COMMON_NAME = 0x03, /* CN */ 00059 ASN_SUR_NAME = 0x04, /* SN */ 00060 ASN_COUNTRY_NAME = 0x06, /* C */ 00061 ASN_LOCALITY_NAME = 0x07, /* L */ 00062 ASN_STATE_NAME = 0x08, /* ST */ 00063 ASN_ORG_NAME = 0x0a, /* O */ 00064 ASN_ORGUNIT_NAME = 0x0b /* OU */ 00065 }; 00066 00067 enum Misc_ASN { 00068 ASN_NAME_MAX = 256, 00069 SHA_SIZE = 20, 00070 RSA_INTS = 8, /* RSA ints in private key */ 00071 MIN_DATE_SIZE = 13, 00072 MAX_DATE_SIZE = 32, 00073 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ 00074 MAX_ENCODED_SIG_SZ = 512, 00075 MAX_SIG_SZ = 256, 00076 MAX_ALGO_SZ = 20, 00077 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ 00078 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ 00079 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ 00080 MAX_ENCODED_DIG_SZ = 25, /* sha + enum(bit or octet) + legnth(4) */ 00081 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ 00082 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ 00083 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ 00084 MAX_RSA_E_SZ = 16, /* Max RSA public e size */ 00085 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2, 00086 /* use bigger NTRU size */ 00087 MAX_LENGTH_SZ = 4 00088 }; 00089 00090 00091 enum Oid_Types { 00092 hashType = 0, 00093 sigType = 1, 00094 keyType = 2 00095 }; 00096 00097 00098 enum Sig_Sum { 00099 SHAwDSA = 517, 00100 MD2wRSA = 646, 00101 MD5wRSA = 648, 00102 SHAwRSA = 649 00103 }; 00104 00105 enum Hash_Sum { 00106 MD2h = 646, 00107 MD5h = 649, 00108 SHAh = 88 00109 }; 00110 00111 enum Key_Sum { 00112 DSAk = 515, 00113 RSAk = 645, 00114 NTRUk = 364 00115 }; 00116 00117 00118 /* Certificate file Type */ 00119 enum CertType { 00120 CERT_TYPE = 0, 00121 PRIVATEKEY_TYPE, 00122 CA_TYPE 00123 }; 00124 00125 00126 enum VerifyType { 00127 NO_VERIFY = 0, 00128 VERIFY = 1 00129 }; 00130 00131 00132 typedef struct DecodedCert { 00133 byte* publicKey; 00134 word32 pubKeySize; 00135 int pubKeyStored; 00136 word32 certBegin; /* offset to start of cert */ 00137 word32 sigIndex; /* offset to start of signature */ 00138 word32 sigLength; /* length of signature */ 00139 word32 signatureOID; /* sum of algorithm object id */ 00140 word32 keyOID; /* sum of key algo object id */ 00141 byte subjectHash[SHA_SIZE]; /* hash of all Names */ 00142 byte issuerHash[SHA_SIZE]; /* hash of all Names */ 00143 byte* signature; /* not owned, points into raw cert */ 00144 char* subjectCN; /* CommonName */ 00145 int subjectCNLen; 00146 char issuer[ASN_NAME_MAX]; /* full name including common name */ 00147 char subject[ASN_NAME_MAX]; /* full name including common name */ 00148 int verify; /* Default to yes, but could be off */ 00149 byte* source; /* byte buffer holder cert, NOT owner */ 00150 word32 srcIdx; /* current offset into buffer */ 00151 void* heap; /* for user memory overrides */ 00152 #ifdef CYASSL_CERT_GEN 00153 /* easy access to sujbect info for other sign */ 00154 char* subjectSN; 00155 int subjectSNLen; 00156 char* subjectC; 00157 int subjectCLen; 00158 char* subjectL; 00159 int subjectLLen; 00160 char* subjectST; 00161 int subjectSTLen; 00162 char* subjectO; 00163 int subjectOLen; 00164 char* subjectOU; 00165 int subjectOULen; 00166 char* subjectEmail; 00167 int subjectEmailLen; 00168 #endif /* CYASSL_CERT_GEN */ 00169 } DecodedCert; 00170 00171 00172 typedef struct Signer Signer; 00173 00174 /* CA Signers */ 00175 struct Signer { 00176 byte* publicKey; 00177 word32 pubKeySize; 00178 word32 keyOID; /* key type */ 00179 char* name; /* common name */ 00180 byte hash[SHA_DIGEST_SIZE]; /* sha hash of names in certificate */ 00181 Signer* next; 00182 }; 00183 00184 00185 void InitDecodedCert(DecodedCert*, byte*, void*); 00186 void FreeDecodedCert(DecodedCert*); 00187 int ParseCert(DecodedCert*, word32, int type, int verify, Signer* signer); 00188 int ParseCertRelative(DecodedCert*, word32, int type, int verify, 00189 Signer* signer); 00190 00191 word32 EncodeSignature(byte* out, const byte* digest, word32 digSz,int hashOID); 00192 00193 Signer* MakeSigner(void*); 00194 void FreeSigners(Signer*, void*); 00195 00196 00197 int RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32); 00198 int RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32); 00199 int ToTraditional(byte* buffer, word32 length); 00200 00201 #ifndef NO_DH 00202 int DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32); 00203 int DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz); 00204 #endif 00205 00206 #ifndef NO_DSA 00207 int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32); 00208 int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32); 00209 #endif 00210 00211 #ifdef CYASSL_KEY_GEN 00212 int RsaKeyToDer(RsaKey*, byte* output, word32 inLen); 00213 #endif 00214 00215 00216 #if defined(CYASSL_KEY_GEN) || defined(CYASSL_CERT_GEN) 00217 int DerToPem(const byte* der, word32 derSz, byte* output, word32 outputSz, 00218 int type); 00219 #endif 00220 00221 #ifdef CYASSL_CERT_GEN 00222 00223 enum cert_enums { 00224 SERIAL_SIZE = 8, 00225 NAME_SIZE = 64, 00226 NAME_ENTRIES = 8, 00227 JOINT_LEN = 2, 00228 EMAIL_JOINT_LEN = 9, 00229 RSA_KEY = 10, 00230 NTRU_KEY = 11 00231 }; 00232 00233 00234 typedef struct CertName { 00235 char country[NAME_SIZE]; 00236 char state[NAME_SIZE]; 00237 char locality[NAME_SIZE]; 00238 char sur[NAME_SIZE]; 00239 char org[NAME_SIZE]; 00240 char unit[NAME_SIZE]; 00241 char commonName[NAME_SIZE]; 00242 char email[NAME_SIZE]; /* !!!! email has to be last !!!! */ 00243 } CertName; 00244 00245 00246 /* for user to fill for certificate generation */ 00247 typedef struct Cert { 00248 int version; /* x509 version */ 00249 byte serial[SERIAL_SIZE]; /* serial number */ 00250 int sigType; /* signature algo type */ 00251 CertName issuer; /* issuer info */ 00252 int daysValid; /* validity days */ 00253 int selfSigned; /* self signed flag */ 00254 CertName subject; /* subject info */ 00255 /* internal use only */ 00256 int bodySz; /* pre sign total size */ 00257 int keyType; /* public key type of subject */ 00258 } Cert; 00259 00260 00261 /* Initialize and Set Certficate defaults: 00262 version = 3 (0x2) 00263 serial = 0 (Will be randomly generated) 00264 sigType = MD5_WITH_RSA 00265 issuer = blank 00266 daysValid = 500 00267 selfSigned = 1 (true) use subject as issuer 00268 subject = blank 00269 keyType = RSA_KEY (default) 00270 */ 00271 void InitCert(Cert*); 00272 int MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*); 00273 int SignCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*); 00274 int MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, RNG*); 00275 int SetIssuer(Cert*, const char*); 00276 #ifdef HAVE_NTRU 00277 int MakeNtruCert(Cert*, byte* derBuffer, word32 derSz, const byte* ntruKey, 00278 word16 keySz, RNG*); 00279 #endif 00280 00281 00282 #endif /* CYASSL_CERT_GEN */ 00283 00284 00285 #ifdef __cplusplus 00286 } /* extern "C" */ 00287 #endif 00288 00289 #endif /* CTAO_CRYPT_ASN_H */ 00290
Generated on Tue Jul 12 2022 18:43:19 by
1.7.2