x509_common.c
Go to the documentation of this file.
1 /**
2  * @file x509_common.c
3  * @brief X.509 common definitions
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.4
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkix/x509_common.h"
37 #include "encoding/asn1.h"
38 #include "encoding/oid.h"
39 #include "hash/hash_algorithms.h"
40 #include "debug.h"
41 
42 //Check crypto library configuration
43 #if (X509_SUPPORT == ENABLED)
44 
45 //Common Name OID (2.5.4.3)
46 const uint8_t X509_COMMON_NAME_OID[3] = {0x55, 0x04, 0x03};
47 //Surname OID (2.5.4.4)
48 const uint8_t X509_SURNAME_OID[3] = {0x55, 0x04, 0x04};
49 //Serial Number OID (2.5.4.5)
50 const uint8_t X509_SERIAL_NUMBER_OID[3] = {0x55, 0x04, 0x05};
51 //Country Name OID (2.5.4.6)
52 const uint8_t X509_COUNTRY_NAME_OID[3] = {0x55, 0x04, 0x06};
53 //Locality Name OID (2.5.4.7)
54 const uint8_t X509_LOCALITY_NAME_OID[3] = {0x55, 0x04, 0x07};
55 //State Or Province Name OID (2.5.4.8)
56 const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[] = {0x55, 0x04, 0x08};
57 //Organization Name OID (2.5.4.10)
58 const uint8_t X509_ORGANIZATION_NAME_OID[3] = {0x55, 0x04, 0x0A};
59 //Organizational Unit Name OID (2.5.4.11)
60 const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3] = {0x55, 0x04, 0x0B};
61 //Title OID (2.5.4.12)
62 const uint8_t X509_TITLE_OID[3] = {0x55, 0x04, 0x0C};
63 //Name OID (2.5.4.41)
64 const uint8_t X509_NAME_OID[3] = {0x55, 0x04, 0x29};
65 //Given Name OID (2.5.4.42)
66 const uint8_t X509_GIVEN_NAME_OID[3] = {0x55, 0x04, 0x2A};
67 //Initials OID (2.5.4.43)
68 const uint8_t X509_INITIALS_OID[3] = {0x55, 0x04, 0x2B};
69 //Generation Qualifier OID (2.5.4.44)
70 const uint8_t X509_GENERATION_QUALIFIER_OID[3] = {0x55, 0x04, 0x2C};
71 //DN Qualifier OID (2.5.4.46)
72 const uint8_t X509_DN_QUALIFIER_OID[3] = {0x55, 0x04, 0x2E};
73 //Pseudonym OID (2.5.4.65)
74 const uint8_t X509_PSEUDONYM_OID[3] = {0x55, 0x04, 0x41};
75 //Domain Component OID (0.9.2342.19200300.100.1.25)
76 const uint8_t X509_DOMAIN_COMPONENT_OID[10] = {0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19};
77 
78 //Subject Directory Attributes OID (2.5.29.9)
79 const uint8_t X509_SUBJECT_DIR_ATTR_OID[3] = {0x55, 0x1D, 0x09};
80 //Subject Key Identifier OID (2.5.29.14)
81 const uint8_t X509_SUBJECT_KEY_ID_OID[3] = {0x55, 0x1D, 0x0E};
82 //Key Usage OID (2.5.29.15)
83 const uint8_t X509_KEY_USAGE_OID[3] = {0x55, 0x1D, 0x0F};
84 //Subject Alternative Name OID (2.5.29.17)
85 const uint8_t X509_SUBJECT_ALT_NAME_OID[3] = {0x55, 0x1D, 0x11};
86 //Issuer Alternative Name OID (2.5.29.18)
87 const uint8_t X509_ISSUER_ALT_NAME_OID[3] = {0x55, 0x1D, 0x12};
88 //Basic Constraints OID (2.5.29.19)
89 const uint8_t X509_BASIC_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x13};
90 //CRL Number OID (2.5.29.20)
91 const uint8_t X509_CRL_NUMBER_OID[3] = {0x55, 0x1D, 0x14};
92 //Reason Code OID (2.5.29.21)
93 const uint8_t X509_REASON_CODE_OID[3] = {0x55, 0x1D, 0x15};
94 //Invalidity Date OID (2.5.29.24)
95 const uint8_t X509_INVALIDITY_DATE_OID[3] = {0x55, 0x1D, 0x18};
96 //Delta CRL Indicator OID (2.5.29.27)
97 const uint8_t X509_DELTA_CRL_INDICATOR_OID[3] = {0x55, 0x1D, 0x1B};
98 //Issuing Distribution Point OID (2.5.29.28)
99 const uint8_t X509_ISSUING_DISTR_POINT_OID[3] = {0x55, 0x1D, 0x1C};
100 //Certificate Issuer OID (2.5.29.29)
101 const uint8_t X509_CERTIFICATE_ISSUER_OID[3] = {0x55, 0x1D, 0x1D};
102 //Name Constraints OID (2.5.29.30)
103 const uint8_t X509_NAME_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x1E};
104 //CRL Distribution Points OID (2.5.29.31)
105 const uint8_t X509_CRL_DISTR_POINTS_OID[3] = {0x55, 0x1D, 0x1F};
106 //Certificate Policies OID (2.5.29.32)
107 const uint8_t X509_CERTIFICATE_POLICIES_OID[3] = {0x55, 0x1D, 0x20};
108 //Policy Mappings OID (2.5.29.33)
109 const uint8_t X509_POLICY_MAPPINGS_OID[3] = {0x55, 0x1D, 0x21};
110 //Authority Key Identifier OID (2.5.29.35)
111 const uint8_t X509_AUTHORITY_KEY_ID_OID[3] = {0x55, 0x1D, 0x23};
112 //Policy Constraints OID (2.5.29.36)
113 const uint8_t X509_POLICY_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x24};
114 //Extended Key Usage OID (2.5.29.37)
115 const uint8_t X509_EXTENDED_KEY_USAGE_OID[3] = {0x55, 0x1D, 0x25};
116 //Freshest CRL OID (2.5.29.46)
117 const uint8_t X509_FRESHEST_CRL_OID[3] = {0x55, 0x1D, 0x2E};
118 //Inhibit Any-Policy OID (2.5.29.54)
119 const uint8_t X509_INHIBIT_ANY_POLICY_OID[3] = {0x55, 0x1D, 0x36};
120 //Authority Information Access OID (1.3.6.1.5.5.7.1.1)
121 const uint8_t X509_AUTH_INFO_ACCESS_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01};
122 //PKIX OCSP No Check OID (1.3.6.1.5.5.7.48.1.5)
123 const uint8_t X509_PKIX_OCSP_NO_CHECK_OID[9] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x05};
124 //Netscape Certificate Type OID (2.16.840.1.113730.1.1)
125 const uint8_t X509_NS_CERT_TYPE_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x01};
126 
127 //Any Extended Key Usage OID (2.5.29.37.0)
128 const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4] = {0x55, 0x1D, 0x25, 0x00};
129 //Key Purpose Server Auth OID (1.3.6.1.5.5.7.3.1)
130 const uint8_t X509_KP_SERVER_AUTH_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01};
131 //Key Purpose Client Auth OID (1.3.6.1.5.5.7.3.2)
132 const uint8_t X509_KP_CLIENT_AUTH_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02};
133 //Key Purpose Code Signing OID (1.3.6.1.5.5.7.3.3)
134 const uint8_t X509_KP_CODE_SIGNING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03};
135 //Key Purpose Email Protection OID (1.3.6.1.5.5.7.3.4)
136 const uint8_t X509_KP_EMAIL_PROTECTION_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04};
137 //Key Purpose IPsec End System OID (1.3.6.1.5.5.7.3.5)
138 const uint8_t X509_KP_IPSEC_END_SYSTEM_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x05};
139 //Key Purpose IPsec Tunnel OID (1.3.6.1.5.5.7.3.6)
140 const uint8_t X509_KP_IPSEC_TUNNEL_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x06};
141 //Key Purpose IPsec User OID (1.3.6.1.5.5.7.3.7)
142 const uint8_t X509_KP_IPSEC_USER_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x07};
143 //Key Purpose Time Stamping OID (1.3.6.1.5.5.7.3.8)
144 const uint8_t X509_KP_TIME_STAMPING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08};
145 //Key Purpose OCSP Signing OID (1.3.6.1.5.5.7.3.9)
146 const uint8_t X509_KP_OCSP_SIGNING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09};
147 //Key Purpose IPsec IKE OID (1.3.6.1.5.5.7.3.17)
148 const uint8_t X509_KP_IPSEC_IKE_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x11};
149 //Key Purpose Secure Shell Client OID (1.3.6.1.5.5.7.3.21)
150 const uint8_t X509_KP_SSH_CLIENT_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x15};
151 //Key Purpose Secure Shell Client OID (1.3.6.1.5.5.7.3.22)
152 const uint8_t X509_KP_SSH_SERVER_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x16};
153 //Key Purpose Document Signing OID (1.3.6.1.5.5.7.3.36)
154 const uint8_t X509_KP_DOC_SIGNING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x24};
155 
156 //Access Description CA Issuers OID (1.3.6.1.5.5.7.48.1)
157 const uint8_t X509_AD_CA_ISSUERS[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01};
158 //Access Description OCSP (1.3.6.1.5.5.7.48.2)
159 const uint8_t X509_AD_OCSP[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02};
160 
161 //PKCS #9 e-mail address OID (1.2.840.113549.1.9.1)
162 const uint8_t X509_EMAIL_ADDRESS_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01};
163 //PKCS #9 Challenge Password OID (1.2.840.113549.1.9.7)
164 const uint8_t X509_CHALLENGE_PASSWORD_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07};
165 //PKCS #9 Extension Request OID (1.2.840.113549.1.9.14)
166 const uint8_t X509_EXTENSION_REQUEST_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E};
167 
168 
169 /**
170  * @brief Check whether a given signature algorithm is supported
171  * @param[in] signAlgo signature algorithm
172  * @return TRUE is the signature algorithm is supported, else FALSE
173  **/
174 
176 {
177  bool_t acceptable;
178 
179  //Invalid signature algorithm?
180  if(signAlgo == X509_SIGN_ALGO_NONE)
181  {
182  acceptable = FALSE;
183  }
184 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
185  //RSA signature algorithm?
186  else if(signAlgo == X509_SIGN_ALGO_RSA)
187  {
188  acceptable = TRUE;
189  }
190 #endif
191 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
192  //RSA-PSS signature algorithm?
193  else if(signAlgo == X509_SIGN_ALGO_RSA_PSS)
194  {
195  acceptable = TRUE;
196  }
197 #endif
198 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
199  //DSA signature algorithm?
200  else if(signAlgo == X509_SIGN_ALGO_DSA)
201  {
202  acceptable = TRUE;
203  }
204 #endif
205 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
206  //ECDSA signature algorithm?
207  else if(signAlgo == X509_SIGN_ALGO_ECDSA)
208  {
209  acceptable = TRUE;
210  }
211 #endif
212 #if (X509_SM2_SUPPORT == ENABLED && SM2_SUPPORT == ENABLED)
213  //SM2 signature algorithm?
214  else if(signAlgo == X509_SIGN_ALGO_SM2)
215  {
216  acceptable = TRUE;
217  }
218 #endif
219 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
220  //Ed25519 signature algorithm?
221  else if(signAlgo == X509_SIGN_ALGO_ED25519)
222  {
223  acceptable = TRUE;
224  }
225 #endif
226 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
227  //Ed448 signature algorithm?
228  else if(signAlgo == X509_SIGN_ALGO_ED448)
229  {
230  acceptable = TRUE;
231  }
232 #endif
233  //Invalid signature algorithm?
234  else
235  {
236  acceptable = FALSE;
237  }
238 
239  //Return TRUE is the signature algorithm is supported
240  return acceptable;
241 }
242 
243 
244 /**
245  * @brief Check whether a given hash algorithm is supported
246  * @param[in] hashAlgo signature hash
247  * @return TRUE is the signature hash is supported, else FALSE
248  **/
249 
251 {
252  bool_t acceptable;
253 
254  //Invalid hash algorithm?
255  if(hashAlgo == X509_HASH_ALGO_NONE)
256  {
257  acceptable = FALSE;
258  }
259 #if (X509_MD5_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
260  //MD5 hash algorithm?
261  else if(hashAlgo == X509_HASH_ALGO_MD5)
262  {
263  acceptable = TRUE;
264  }
265 #endif
266 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
267  //SHA-1 hash algorithm?
268  else if(hashAlgo == X509_HASH_ALGO_SHA1)
269  {
270  acceptable = TRUE;
271  }
272 #endif
273 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
274  //SHA-224 hash algorithm?
275  else if(hashAlgo == X509_HASH_ALGO_SHA224)
276  {
277  acceptable = TRUE;
278  }
279 #endif
280 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
281  //SHA-256 hash algorithm?
282  else if(hashAlgo == X509_HASH_ALGO_SHA256)
283  {
284  acceptable = TRUE;
285  }
286 #endif
287 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
288  //SHA-384 hash algorithm?
289  else if(hashAlgo == X509_HASH_ALGO_SHA384)
290  {
291  acceptable = TRUE;
292  }
293 #endif
294 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
295  //SHA-512 hash algorithm?
296  else if(hashAlgo == X509_HASH_ALGO_SHA512)
297  {
298  acceptable = TRUE;
299  }
300 #endif
301 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
302  //SHA3-224 hash algorithm?
303  else if(hashAlgo == X509_HASH_ALGO_SHA3_224)
304  {
305  acceptable = TRUE;
306  }
307 #endif
308 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
309  //SHA3-256 hash algorithm?
310  else if(hashAlgo == X509_HASH_ALGO_SHA3_256)
311  {
312  acceptable = TRUE;
313  }
314 #endif
315 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
316  //SHA3-384 hash algorithm?
317  else if(hashAlgo == X509_HASH_ALGO_SHA3_384)
318  {
319  acceptable = TRUE;
320  }
321 #endif
322 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
323  //SHA3-512 hash algorithm?
324  else if(hashAlgo == X509_HASH_ALGO_SHA3_512)
325  {
326  acceptable = TRUE;
327  }
328 #endif
329 #if (X509_SM3_SUPPORT == ENABLED && SM3_SUPPORT == ENABLED)
330  //SM3 hash algorithm?
331  else if(hashAlgo == X509_HASH_ALGO_SM3)
332  {
333  acceptable = TRUE;
334  }
335 #endif
336  //Invalid hash algorithm?
337  else
338  {
339  acceptable = FALSE;
340  }
341 
342  //Return TRUE is the hash algorithm is supported
343  return acceptable;
344 }
345 
346 
347 /**
348  * @brief Check whether a given elliptic curve is supported
349  * @param[in] oid Object identifier
350  * @param[in] length Length of the OID, in bytes
351  * @return TRUE is the elliptic curve is supported, else FALSE
352  **/
353 
354 bool_t x509IsCurveSupported(const uint8_t *oid, size_t length)
355 {
356  //Return TRUE is the elliptic curve is supported
357  if(x509GetCurveInfo(oid, length) != NULL)
358  {
359  return TRUE;
360  }
361  else
362  {
363  return FALSE;
364  }
365 }
366 
367 
368 /**
369  * @brief Get the signature and hash algorithms that match the specified
370  * identifier
371  * @param[in] signAlgoId Signature algorithm identifier
372  * @param[out] signAlgo Signature algorithm
373  * @param[out] hashAlgo Hash algorithm
374  * @return Error code
375  **/
376 
378  X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
379 {
380  error_t error;
381  size_t oidLen;
382  const uint8_t *oid;
383 
384  //Initialize status code
385  error = NO_ERROR;
386 
387  //Point to the object identifier
388  oid = signAlgoId->oid.value;
389  oidLen = signAlgoId->oid.length;
390 
391 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
392 #if (X509_MD5_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
393  //RSA with MD5 signature algorithm?
396  {
397  *signAlgo = X509_SIGN_ALGO_RSA;
398  *hashAlgo = MD5_HASH_ALGO;
399  }
400  else
401 #endif
402 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
403  //RSA with SHA-1 signature algorithm?
406  {
407  *signAlgo = X509_SIGN_ALGO_RSA;
408  *hashAlgo = SHA1_HASH_ALGO;
409  }
410  else
411 #endif
412 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
413  //RSA with SHA-224 signature algorithm?
416  {
417  *signAlgo = X509_SIGN_ALGO_RSA;
418  *hashAlgo = SHA224_HASH_ALGO;
419  }
420  else
421 #endif
422 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
423  //RSA with SHA-256 signature algorithm?
426  {
427  *signAlgo = X509_SIGN_ALGO_RSA;
428  *hashAlgo = SHA256_HASH_ALGO;
429  }
430  else
431 #endif
432 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
433  //RSA with SHA-384 signature algorithm?
436  {
437  *signAlgo = X509_SIGN_ALGO_RSA;
438  *hashAlgo = SHA384_HASH_ALGO;
439  }
440  else
441 #endif
442 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
443  //RSA with SHA-512 signature algorithm?
446  {
447  *signAlgo = X509_SIGN_ALGO_RSA;
448  *hashAlgo = SHA512_HASH_ALGO;
449  }
450  else
451 #endif
452 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
453  //RSA with SHA3-224 signature algorithm?
456  {
457  *signAlgo = X509_SIGN_ALGO_RSA;
458  *hashAlgo = SHA3_224_HASH_ALGO;
459  }
460  else
461 #endif
462 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
463  //RSA with SHA3-256 signature algorithm?
466  {
467  *signAlgo = X509_SIGN_ALGO_RSA;
468  *hashAlgo = SHA3_256_HASH_ALGO;
469  }
470  else
471 #endif
472 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
473  //RSA with SHA3-384 signature algorithm?
476  {
477  *signAlgo = X509_SIGN_ALGO_RSA;
478  *hashAlgo = SHA3_384_HASH_ALGO;
479  }
480  else
481 #endif
482 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
483  //RSA with SHA3-512 signature algorithm?
486  {
487  *signAlgo = X509_SIGN_ALGO_RSA;
488  *hashAlgo = SHA3_512_HASH_ALGO;
489  }
490  else
491 #endif
492 #endif
493 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
494  //RSA-PSS signature algorithm
496  sizeof(RSASSA_PSS_OID)))
497  {
498  //Get the OID of the hash algorithm
499  oid = signAlgoId->rsaPssParams.hashAlgo.value;
500  oidLen = signAlgoId->rsaPssParams.hashAlgo.length;
501 
502 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
503  //SHA-1 hash algorithm identifier?
504  if(!oidComp(oid, oidLen, SHA1_OID, sizeof(SHA1_OID)))
505  {
506  //RSA-PSS with SHA-1 signature algorithm
507  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
508  *hashAlgo = SHA1_HASH_ALGO;
509  }
510  else
511 #endif
512 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
513  //SHA-224 hash algorithm identifier?
514  if(!oidComp(oid, oidLen, SHA224_OID, sizeof(SHA224_OID)))
515  {
516  //RSA-PSS with SHA-224 signature algorithm
517  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
518  *hashAlgo = SHA224_HASH_ALGO;
519  }
520  else
521 #endif
522 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
523  //SHA-256 hash algorithm identifier?
524  if(!oidComp(oid, oidLen, SHA256_OID, sizeof(SHA256_OID)))
525  {
526  //RSA-PSS with SHA-256 signature algorithm
527  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
528  *hashAlgo = SHA256_HASH_ALGO;
529  }
530  else
531 #endif
532 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
533  //SHA-384 hash algorithm identifier?
534  if(!oidComp(oid, oidLen, SHA384_OID, sizeof(SHA384_OID)))
535  {
536  //RSA-PSS with SHA-384 signature algorithm
537  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
538  *hashAlgo = SHA384_HASH_ALGO;
539  }
540  else
541 #endif
542 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
543  //SHA-512 hash algorithm identifier?
544  if(!oidComp(oid, oidLen, SHA512_OID, sizeof(SHA512_OID)))
545  {
546  //RSA-PSS with SHA-512 signature algorithm
547  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
548  *hashAlgo = SHA512_HASH_ALGO;
549  }
550  else
551 #endif
552 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
553  //SHA3-224 hash algorithm identifier?
554  if(!oidComp(oid, oidLen, SHA3_224_OID, sizeof(SHA3_224_OID)))
555  {
556  //RSA-PSS with SHA3-224 signature algorithm
557  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
558  *hashAlgo = SHA3_224_HASH_ALGO;
559  }
560  else
561 #endif
562 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
563  //SHA3-256 hash algorithm identifier?
564  if(!oidComp(oid, oidLen, SHA3_256_OID, sizeof(SHA3_256_OID)))
565  {
566  //RSA-PSS with SHA3-256 signature algorithm
567  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
568  *hashAlgo = SHA3_256_HASH_ALGO;
569  }
570  else
571 #endif
572 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
573  //SHA3-384 hash algorithm identifier?
574  if(!oidComp(oid, oidLen, SHA3_384_OID, sizeof(SHA3_384_OID)))
575  {
576  //RSA-PSS with SHA3-384 signature algorithm
577  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
578  *hashAlgo = SHA3_384_HASH_ALGO;
579  }
580  else
581 #endif
582 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
583  //SHA3-512 hash algorithm identifier?
584  if(!oidComp(oid, oidLen, SHA3_512_OID, sizeof(SHA3_512_OID)))
585  {
586  //RSA-PSS with SHA3-512 signature algorithm
587  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
588  *hashAlgo = SHA3_512_HASH_ALGO;
589  }
590  else
591 #endif
592  //Unknown hash algorithm identifier?
593  {
594  //The specified signature algorithm is not supported
596  }
597  }
598  else
599 #endif
600 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
601 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
602  //DSA with SHA-1 signature algorithm?
604  sizeof(DSA_WITH_SHA1_OID)))
605  {
606  *signAlgo = X509_SIGN_ALGO_DSA;
607  *hashAlgo = SHA1_HASH_ALGO;
608  }
609  else
610 #endif
611 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
612  //DSA with SHA-224 signature algorithm?
614  sizeof(DSA_WITH_SHA224_OID)))
615  {
616  *signAlgo = X509_SIGN_ALGO_DSA;
617  *hashAlgo = SHA224_HASH_ALGO;
618  }
619  else
620 #endif
621 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
622  //DSA with SHA-256 signature algorithm?
624  sizeof(DSA_WITH_SHA256_OID)))
625  {
626  *signAlgo = X509_SIGN_ALGO_DSA;
627  *hashAlgo = SHA256_HASH_ALGO;
628  }
629  else
630 #endif
631 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
632  //DSA with SHA-384 signature algorithm?
634  sizeof(DSA_WITH_SHA384_OID)))
635  {
636  *signAlgo = X509_SIGN_ALGO_DSA;
637  *hashAlgo = SHA384_HASH_ALGO;
638  }
639  else
640 #endif
641 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
642  //DSA with SHA-512 signature algorithm?
644  sizeof(DSA_WITH_SHA512_OID)))
645  {
646  *signAlgo = X509_SIGN_ALGO_DSA;
647  *hashAlgo = SHA512_HASH_ALGO;
648  }
649  else
650 #endif
651 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
652  //DSA with SHA3-224 signature algorithm?
654  sizeof(DSA_WITH_SHA3_224_OID)))
655  {
656  *signAlgo = X509_SIGN_ALGO_DSA;
657  *hashAlgo = SHA3_224_HASH_ALGO;
658  }
659  else
660 #endif
661 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
662  //DSA with SHA3-256 signature algorithm?
664  sizeof(DSA_WITH_SHA3_256_OID)))
665  {
666  *signAlgo = X509_SIGN_ALGO_DSA;
667  *hashAlgo = SHA3_256_HASH_ALGO;
668  }
669  else
670 #endif
671 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
672  //DSA with SHA3-384 signature algorithm?
674  sizeof(DSA_WITH_SHA3_384_OID)))
675  {
676  *signAlgo = X509_SIGN_ALGO_DSA;
677  *hashAlgo = SHA3_384_HASH_ALGO;
678  }
679  else
680 #endif
681 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
682  //DSA with SHA3-512 signature algorithm?
684  sizeof(DSA_WITH_SHA3_512_OID)))
685  {
686  *signAlgo = X509_SIGN_ALGO_DSA;
687  *hashAlgo = SHA3_512_HASH_ALGO;
688  }
689  else
690 #endif
691 #endif
692 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
693 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
694  //ECDSA with SHA-1 signature algorithm?
696  sizeof(ECDSA_WITH_SHA1_OID)))
697  {
698  *signAlgo = X509_SIGN_ALGO_ECDSA;
699  *hashAlgo = SHA1_HASH_ALGO;
700  }
701  else
702 #endif
703 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
704  //ECDSA with SHA-224 signature algorithm?
706  sizeof(ECDSA_WITH_SHA224_OID)))
707  {
708  *signAlgo = X509_SIGN_ALGO_ECDSA;
709  *hashAlgo = SHA224_HASH_ALGO;
710  }
711  else
712 #endif
713 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
714  //ECDSA with SHA-256 signature algorithm?
716  sizeof(ECDSA_WITH_SHA256_OID)))
717  {
718  *signAlgo = X509_SIGN_ALGO_ECDSA;
719  *hashAlgo = SHA256_HASH_ALGO;
720  }
721  else
722 #endif
723 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
724  //ECDSA with SHA-384 signature algorithm?
726  sizeof(ECDSA_WITH_SHA384_OID)))
727  {
728  *signAlgo = X509_SIGN_ALGO_ECDSA;
729  *hashAlgo = SHA384_HASH_ALGO;
730  }
731  else
732 #endif
733 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
734  //ECDSA with SHA-512 signature algorithm?
736  sizeof(ECDSA_WITH_SHA512_OID)))
737  {
738  *signAlgo = X509_SIGN_ALGO_ECDSA;
739  *hashAlgo = SHA512_HASH_ALGO;
740  }
741  else
742 #endif
743 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
744  //ECDSA with SHA3-224 signature algorithm?
746  sizeof(ECDSA_WITH_SHA3_224_OID)))
747  {
748  *signAlgo = X509_SIGN_ALGO_ECDSA;
749  *hashAlgo = SHA3_224_HASH_ALGO;
750  }
751  else
752 #endif
753 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
754  //ECDSA with SHA3-256 signature algorithm?
756  sizeof(ECDSA_WITH_SHA3_256_OID)))
757  {
758  *signAlgo = X509_SIGN_ALGO_ECDSA;
759  *hashAlgo = SHA3_256_HASH_ALGO;
760  }
761  else
762 #endif
763 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
764  //ECDSA with SHA3-384 signature algorithm?
766  sizeof(ECDSA_WITH_SHA3_384_OID)))
767  {
768  *signAlgo = X509_SIGN_ALGO_ECDSA;
769  *hashAlgo = SHA3_384_HASH_ALGO;
770  }
771  else
772 #endif
773 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
774  //ECDSA with SHA3-512 signature algorithm?
776  sizeof(ECDSA_WITH_SHA3_512_OID)))
777  {
778  *signAlgo = X509_SIGN_ALGO_ECDSA;
779  *hashAlgo = SHA3_512_HASH_ALGO;
780  }
781  else
782 #endif
783 #endif
784 #if (X509_SM2_SUPPORT == ENABLED && SM2_SUPPORT == ENABLED && \
785  X509_SM3_SUPPORT == ENABLED && SM3_SUPPORT == ENABLED)
786  //SM2 with SM3 signature algorithm?
788  {
789  *signAlgo = X509_SIGN_ALGO_SM2;
790  *hashAlgo = SM3_HASH_ALGO;
791  }
792  else
793 #endif
794 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
795  //Ed25519 signature algorithm?
796  if(!oidComp(oid, oidLen, ED25519_OID, sizeof(ED25519_OID)))
797  {
798  *signAlgo = X509_SIGN_ALGO_ED25519;
799  *hashAlgo = NULL;
800  }
801  else
802 #endif
803 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
804  //Ed448 signature algorithm?
805  if(!oidComp(oid, oidLen, ED448_OID, sizeof(ED448_OID)))
806  {
807  *signAlgo = X509_SIGN_ALGO_ED448;
808  *hashAlgo = NULL;
809  }
810  else
811 #endif
812  //Unknown signature algorithm?
813  {
815  }
816 
817  //Return status code
818  return error;
819 }
820 
821 
822 /**
823  * @brief Get the public key type that matches the specified OID
824  * @param[in] oid Object identifier
825  * @param[in] length OID length
826  * @return Public key type
827  **/
828 
830 {
831  X509KeyType keyType;
832 
833  //Invalid parameters?
834  if(oid == NULL || length == 0)
835  {
836  keyType = X509_KEY_TYPE_UNKNOWN;
837  }
838 #if (RSA_SUPPORT == ENABLED)
839  //RSA algorithm identifier?
841  {
842  keyType = X509_KEY_TYPE_RSA;
843  }
844  //RSA-PSS algorithm identifier?
845  else if(!oidComp(oid, length, RSASSA_PSS_OID, sizeof(RSASSA_PSS_OID)))
846  {
847  keyType = X509_KEY_TYPE_RSA_PSS;
848  }
849 #endif
850 #if (DSA_SUPPORT == ENABLED)
851  //DSA algorithm identifier?
852  else if(!oidComp(oid, length, DSA_OID, sizeof(DSA_OID)))
853  {
854  keyType = X509_KEY_TYPE_DSA;
855  }
856 #endif
857 #if (EC_SUPPORT == ENABLED)
858  //EC public key identifier?
860  {
861  keyType = X509_KEY_TYPE_EC;
862  }
863 #endif
864 #if (X25519_SUPPORT == ENABLED)
865  //X25519 algorithm identifier?
866  else if(!oidComp(oid, length, X25519_OID, sizeof(X25519_OID)))
867  {
868  keyType = X509_KEY_TYPE_X25519;
869  }
870 #endif
871 #if (ED25519_SUPPORT == ENABLED)
872  //Ed25519 algorithm identifier?
873  else if(!oidComp(oid, length, ED25519_OID, sizeof(ED25519_OID)))
874  {
875  keyType = X509_KEY_TYPE_ED25519;
876  }
877 #endif
878 #if (X448_SUPPORT == ENABLED)
879  //X448 algorithm identifier?
880  else if(!oidComp(oid, length, X448_OID, sizeof(X448_OID)))
881  {
882  keyType = X509_KEY_TYPE_X448;
883  }
884 #endif
885 #if (ED448_SUPPORT == ENABLED)
886  //Ed448 algorithm identifier?
887  else if(!oidComp(oid, length, ED448_OID, sizeof(ED448_OID)))
888  {
889  keyType = X509_KEY_TYPE_ED448;
890  }
891 #endif
892  //Unknown algorithm identifier?
893  else
894  {
895  keyType = X509_KEY_TYPE_UNKNOWN;
896  }
897 
898  //Return public key type
899  return keyType;
900 }
901 
902 
903 /**
904  * @brief Get the elliptic curve that matches the specified OID
905  * @param[in] oid Object identifier
906  * @param[in] length Length of the OID, in bytes
907  * @return Elliptic curve domain parameters
908  **/
909 
910 const EcCurveInfo *x509GetCurveInfo(const uint8_t *oid, size_t length)
911 {
912  const EcCurveInfo *curveInfo;
913 
914  //Default elliptic curve domain parameters
915  curveInfo = NULL;
916 
917 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
918  //Invalid parameters?
919  if(oid == NULL || length == 0)
920  {
921  curveInfo = NULL;
922  }
923 #if (X509_SECP112R1_SUPPORT == ENABLED)
924  //secp112r1 elliptic curve?
925  else if(!oidComp(oid, length, SECP112R1_OID, sizeof(SECP112R1_OID)))
926  {
927  curveInfo = ecGetCurveInfo(oid, length);
928  }
929 #endif
930 #if (X509_SECP112R2_SUPPORT == ENABLED)
931  //secp112r2 elliptic curve?
932  else if(!oidComp(oid, length, SECP112R2_OID, sizeof(SECP112R2_OID)))
933  {
934  curveInfo = ecGetCurveInfo(oid, length);
935  }
936 #endif
937 #if (X509_SECP128R1_SUPPORT == ENABLED)
938  //secp128r1 elliptic curve?
939  else if(!oidComp(oid, length, SECP128R1_OID, sizeof(SECP128R1_OID)))
940  {
941  curveInfo = ecGetCurveInfo(oid, length);
942  }
943 #endif
944 #if (X509_SECP128R2_SUPPORT == ENABLED)
945  //secp128r2 elliptic curve?
946  else if(!oidComp(oid, length, SECP128R2_OID, sizeof(SECP128R2_OID)))
947  {
948  curveInfo = ecGetCurveInfo(oid, length);
949  }
950 #endif
951 #if (X509_SECP160K1_SUPPORT == ENABLED)
952  //secp160k1 elliptic curve?
953  else if(!oidComp(oid, length, SECP160K1_OID, sizeof(SECP160K1_OID)))
954  {
955  curveInfo = ecGetCurveInfo(oid, length);
956  }
957 #endif
958 #if (X509_SECP160R1_SUPPORT == ENABLED)
959  //secp160r1 elliptic curve?
960  else if(!oidComp(oid, length, SECP160R1_OID, sizeof(SECP160R1_OID)))
961  {
962  curveInfo = ecGetCurveInfo(oid, length);
963  }
964 #endif
965 #if (X509_SECP160R2_SUPPORT == ENABLED)
966  //secp160r2 elliptic curve?
967  else if(!oidComp(oid, length, SECP160R2_OID, sizeof(SECP160R2_OID)))
968  {
969  curveInfo = ecGetCurveInfo(oid, length);
970  }
971 #endif
972 #if (X509_SECP192K1_SUPPORT == ENABLED)
973  //secp192k1 elliptic curve?
974  else if(!oidComp(oid, length, SECP192K1_OID, sizeof(SECP192K1_OID)))
975  {
976  curveInfo = ecGetCurveInfo(oid, length);
977  }
978 #endif
979 #if (X509_SECP192R1_SUPPORT == ENABLED)
980  //secp192r1 elliptic curve?
981  else if(!oidComp(oid, length, SECP192R1_OID, sizeof(SECP192R1_OID)))
982  {
983  curveInfo = ecGetCurveInfo(oid, length);
984  }
985 #endif
986 #if (X509_SECP224K1_SUPPORT == ENABLED)
987  //secp224k1 elliptic curve?
988  else if(!oidComp(oid, length, SECP224K1_OID, sizeof(SECP224K1_OID)))
989  {
990  curveInfo = ecGetCurveInfo(oid, length);
991  }
992 #endif
993 #if (X509_SECP224R1_SUPPORT == ENABLED)
994  //secp224r1 elliptic curve?
995  else if(!oidComp(oid, length, SECP224R1_OID, sizeof(SECP224R1_OID)))
996  {
997  curveInfo = ecGetCurveInfo(oid, length);
998  }
999 #endif
1000 #if (X509_SECP256K1_SUPPORT == ENABLED)
1001  //secp256k1 elliptic curve?
1002  else if(!oidComp(oid, length, SECP256K1_OID, sizeof(SECP256K1_OID)))
1003  {
1004  curveInfo = ecGetCurveInfo(oid, length);
1005  }
1006 #endif
1007 #if (X509_SECP256R1_SUPPORT == ENABLED)
1008  //secp256r1 elliptic curve?
1009  else if(!oidComp(oid, length, SECP256R1_OID, sizeof(SECP256R1_OID)))
1010  {
1011  curveInfo = ecGetCurveInfo(oid, length);
1012  }
1013 #endif
1014 #if (X509_SECP384R1_SUPPORT == ENABLED)
1015  //secp384r1 elliptic curve?
1016  else if(!oidComp(oid, length, SECP384R1_OID, sizeof(SECP384R1_OID)))
1017  {
1018  curveInfo = ecGetCurveInfo(oid, length);
1019  }
1020 #endif
1021 #if (X509_SECP521R1_SUPPORT == ENABLED)
1022  //secp521r1 elliptic curve?
1023  else if(!oidComp(oid, length, SECP521R1_OID, sizeof(SECP521R1_OID)))
1024  {
1025  curveInfo = ecGetCurveInfo(oid, length);
1026  }
1027 #endif
1028 #if (X509_BRAINPOOLP160R1_SUPPORT == ENABLED)
1029  //brainpoolP160r1 elliptic curve?
1031  {
1032  curveInfo = ecGetCurveInfo(oid, length);
1033  }
1034 #endif
1035 #if (X509_BRAINPOOLP192R1_SUPPORT == ENABLED)
1036  //brainpoolP192r1 elliptic curve?
1038  {
1039  curveInfo = ecGetCurveInfo(oid, length);
1040  }
1041 #endif
1042 #if (X509_BRAINPOOLP224R1_SUPPORT == ENABLED)
1043  //brainpoolP224r1 elliptic curve?
1045  {
1046  curveInfo = ecGetCurveInfo(oid, length);
1047  }
1048 #endif
1049 #if (X509_BRAINPOOLP256R1_SUPPORT == ENABLED)
1050  //brainpoolP256r1 elliptic curve?
1052  {
1053  curveInfo = ecGetCurveInfo(oid, length);
1054  }
1055 #endif
1056 #if (X509_BRAINPOOLP320R1_SUPPORT == ENABLED)
1057  //brainpoolP320r1 elliptic curve?
1059  {
1060  curveInfo = ecGetCurveInfo(oid, length);
1061  }
1062 #endif
1063 #if (X509_BRAINPOOLP384R1_SUPPORT == ENABLED)
1064  //brainpoolP384r1 elliptic curve?
1066  {
1067  curveInfo = ecGetCurveInfo(oid, length);
1068  }
1069 #endif
1070 #if (X509_BRAINPOOLP512R1_SUPPORT == ENABLED)
1071  //brainpoolP512r1 elliptic curve?
1073  {
1074  curveInfo = ecGetCurveInfo(oid, length);
1075  }
1076 #endif
1077 #if (X509_FRP256V1_SUPPORT == ENABLED)
1078  //FRP256v1 elliptic curve?
1079  else if(!oidComp(oid, length, FRP256V1_OID, sizeof(FRP256V1_OID)))
1080  {
1081  curveInfo = ecGetCurveInfo(oid, length);
1082  }
1083 #endif
1084 #if (X509_SM2_SUPPORT == ENABLED)
1085  //SM2 elliptic curve?
1086  else if(!oidComp(oid, length, SM2_OID, sizeof(SM2_OID)))
1087  {
1088  curveInfo = ecGetCurveInfo(oid, length);
1089  }
1090 #endif
1091 #if (X509_ED25519_SUPPORT == ENABLED)
1092  //Ed25519 elliptic curve?
1093  else if(!oidComp(oid, length, ED25519_OID, sizeof(ED25519_OID)))
1094  {
1095  curveInfo = ecGetCurveInfo(oid, length);
1096  }
1097 #endif
1098 #if (X509_ED448_SUPPORT == ENABLED)
1099  //Ed448 elliptic curve?
1100  else if(!oidComp(oid, length, ED448_OID, sizeof(ED448_OID)))
1101  {
1102  curveInfo = ecGetCurveInfo(oid, length);
1103  }
1104 #endif
1105  //Unknown elliptic curve?
1106  else
1107  {
1108  curveInfo = NULL;
1109  }
1110 #endif
1111 
1112  //Return the elliptic curve domain parameters, if any
1113  return curveInfo;
1114 }
1115 
1116 #endif
const uint8_t X509_EMAIL_ADDRESS_OID[9]
Definition: x509_common.c:162
const uint8_t X509_POLICY_MAPPINGS_OID[3]
Definition: x509_common.c:109
bool_t x509IsCurveSupported(const uint8_t *oid, size_t length)
Check whether a given elliptic curve is supported.
Definition: x509_common.c:354
#define SHA3_512_HASH_ALGO
Definition: sha3_512.h:45
X.509 common definitions.
@ X509_KEY_TYPE_RSA
Definition: x509_common.h:587
const uint8_t X509_DOMAIN_COMPONENT_OID[10]
Definition: x509_common.c:76
const uint8_t X509_CERTIFICATE_POLICIES_OID[3]
Definition: x509_common.c:107
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_512_OID[9]
Definition: rsa.c:85
#define SHA256_HASH_ALGO
Definition: sha256.h:49
int bool_t
Definition: compiler_port.h:53
const EcCurveInfo * ecGetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: ec_curves.c:2422
const uint8_t X509_KP_DOC_SIGNING_OID[8]
Definition: x509_common.c:154
#define SHA1_HASH_ALGO
Definition: sha1.h:49
const uint8_t X509_KP_SERVER_AUTH_OID[8]
Definition: x509_common.c:130
const uint8_t SHA3_384_OID[9]
Definition: sha3_384.c:47
const uint8_t DSA_WITH_SHA224_OID[9]
Definition: dsa.c:55
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
Definition: x509_common.c:175
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
Definition: x509_common.c:250
const uint8_t X509_ISSUER_ALT_NAME_OID[3]
Definition: x509_common.c:87
#define SHA512_HASH_ALGO
Definition: sha512.h:49
const EcCurveInfo * x509GetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: x509_common.c:910
const uint8_t X25519_OID[3]
Definition: ec_curves.c:96
const uint8_t MD5_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:62
const uint8_t X509_SUBJECT_ALT_NAME_OID[3]
Definition: x509_common.c:85
const uint8_t SHA512_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:72
@ X509_KEY_TYPE_X448
Definition: x509_common.h:594
const uint8_t X509_ORGANIZATION_NAME_OID[3]
Definition: x509_common.c:58
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_384_OID[9]
Definition: rsa.c:83
X509OctetString hashAlgo
Definition: x509_common.h:1028
const uint8_t X509_KP_CODE_SIGNING_OID[8]
Definition: x509_common.c:134
OID (Object Identifier)
#define TRUE
Definition: os_port.h:50
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_224_OID[9]
Definition: rsa.c:79
const uint8_t ECDSA_WITH_SHA3_512_OID[9]
Definition: ecdsa.c:61
const uint8_t EC_PUBLIC_KEY_OID[7]
Definition: ec.c:43
const uint8_t X509_EXTENDED_KEY_USAGE_OID[3]
Definition: x509_common.c:115
const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4]
Definition: x509_common.c:128
const uint8_t SECP224R1_OID[5]
Definition: ec_curves.c:68
const uint8_t BRAINPOOLP512R1_OID[9]
Definition: ec_curves.c:90
const uint8_t X509_INVALIDITY_DATE_OID[3]
Definition: x509_common.c:95
const uint8_t SECP160K1_OID[5]
Definition: ec_curves.c:56
const uint8_t X509_POLICY_CONSTRAINTS_OID[3]
Definition: x509_common.c:113
const uint8_t SECP256K1_OID[5]
Definition: ec_curves.c:70
const uint8_t ECDSA_WITH_SHA3_256_OID[9]
Definition: ecdsa.c:57
const uint8_t X509_KEY_USAGE_OID[3]
Definition: x509_common.c:83
const uint8_t X509_KP_TIME_STAMPING_OID[8]
Definition: x509_common.c:144
#define SM3_HASH_ALGO
Definition: sm3.h:49
const uint8_t X509_CHALLENGE_PASSWORD_OID[9]
Definition: x509_common.c:164
const uint8_t X509_EXTENSION_REQUEST_OID[9]
Definition: x509_common.c:166
const uint8_t BRAINPOOLP384R1_OID[9]
Definition: ec_curves.c:88
const uint8_t X509_ISSUING_DISTR_POINT_OID[3]
Definition: x509_common.c:99
const uint8_t X509_NAME_CONSTRAINTS_OID[3]
Definition: x509_common.c:103
const uint8_t RSASSA_PSS_OID[9]
Definition: rsa.c:88
const uint8_t X509_KP_OCSP_SIGNING_OID[8]
Definition: x509_common.c:146
const uint8_t X509_COUNTRY_NAME_OID[3]
Definition: x509_common.c:52
const uint8_t ECDSA_WITH_SHA256_OID[8]
Definition: ecdsa.c:49
const uint8_t BRAINPOOLP320R1_OID[9]
Definition: ec_curves.c:86
const uint8_t SECP256R1_OID[8]
Definition: ec_curves.c:72
int_t oidComp(const uint8_t *oid1, size_t oidLen1, const uint8_t *oid2, size_t oidLen2)
Compare object identifiers.
Definition: oid.c:103
uint8_t oid[]
Definition: lldp_tlv.h:300
const uint8_t X509_INHIBIT_ANY_POLICY_OID[3]
Definition: x509_common.c:119
const uint8_t DSA_WITH_SHA3_512_OID[9]
Definition: dsa.c:69
const uint8_t X509_PSEUDONYM_OID[3]
Definition: x509_common.c:74
const uint8_t SECP224K1_OID[5]
Definition: ec_curves.c:66
const uint8_t X509_DELTA_CRL_INDICATOR_OID[3]
Definition: x509_common.c:97
const uint8_t DSA_OID[7]
Definition: dsa.c:51
const uint8_t X509_BASIC_CONSTRAINTS_OID[3]
Definition: x509_common.c:89
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_256_OID[9]
Definition: rsa.c:81
#define SHA3_224_HASH_ALGO
Definition: sha3_224.h:45
const uint8_t X509_TITLE_OID[3]
Definition: x509_common.c:62
const uint8_t SHA384_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:70
const uint8_t SECP112R1_OID[5]
Definition: ec_curves.c:48
const uint8_t SECP521R1_OID[5]
Definition: ec_curves.c:76
@ X509_KEY_TYPE_EC
Definition: x509_common.h:590
#define FALSE
Definition: os_port.h:46
X509SignatureAlgo
Signature algorithms.
Definition: x509_common.h:604
Elliptic curve parameters.
Definition: ec_curves.h:302
const uint8_t X509_AUTH_INFO_ACCESS_OID[8]
Definition: x509_common.c:121
const uint8_t BRAINPOOLP160R1_OID[9]
Definition: ec_curves.c:78
error_t
Error codes.
Definition: error.h:43
const uint8_t DSA_WITH_SHA3_256_OID[9]
Definition: dsa.c:65
const uint8_t X509_INITIALS_OID[3]
Definition: x509_common.c:68
const uint8_t DSA_WITH_SHA384_OID[9]
Definition: dsa.c:59
const uint8_t X509_DN_QUALIFIER_OID[3]
Definition: x509_common.c:72
const uint8_t X509_SUBJECT_DIR_ATTR_OID[3]
Definition: x509_common.c:79
@ X509_SIGN_ALGO_ECDSA
Definition: x509_common.h:609
@ X509_HASH_ALGO_NONE
Definition: x509_common.h:622
const uint8_t SHA256_OID[9]
Definition: sha256.c:80
const uint8_t X509_LOCALITY_NAME_OID[3]
Definition: x509_common.c:54
#define MD5_HASH_ALGO
Definition: md5.h:49
const uint8_t X509_REASON_CODE_OID[3]
Definition: x509_common.c:93
const uint8_t X509_KP_EMAIL_PROTECTION_OID[8]
Definition: x509_common.c:136
const uint8_t X509_SERIAL_NUMBER_OID[3]
Definition: x509_common.c:50
const uint8_t ECDSA_WITH_SHA384_OID[8]
Definition: ecdsa.c:51
const uint8_t X509_AUTHORITY_KEY_ID_OID[3]
Definition: x509_common.c:111
@ X509_HASH_ALGO_SHA1
Definition: x509_common.h:624
const uint8_t SHA3_512_OID[9]
Definition: sha3_512.c:47
const uint8_t DSA_WITH_SHA512_OID[9]
Definition: dsa.c:61
const uint8_t X509_COMMON_NAME_OID[3]
Definition: x509_common.c:46
General definitions for cryptographic algorithms.
error_t x509GetSignHashAlgo(const X509SignAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
Definition: x509_common.c:377
const uint8_t X509_KP_IPSEC_USER_OID[8]
Definition: x509_common.c:142
const uint8_t SHA3_224_OID[9]
Definition: sha3_224.c:47
@ X509_HASH_ALGO_SHA3_224
Definition: x509_common.h:629
const uint8_t SECP128R2_OID[5]
Definition: ec_curves.c:54
const uint8_t SECP160R1_OID[5]
Definition: ec_curves.c:58
const uint8_t X509_PKIX_OCSP_NO_CHECK_OID[9]
Definition: x509_common.c:123
@ X509_KEY_TYPE_RSA_PSS
Definition: x509_common.h:588
const uint8_t X509_AD_OCSP[8]
Definition: x509_common.c:159
const uint8_t X509_KP_IPSEC_IKE_OID[8]
Definition: x509_common.c:148
@ X509_HASH_ALGO_SHA224
Definition: x509_common.h:625
uint8_t length
Definition: tcp.h:368
const uint8_t X509_CRL_NUMBER_OID[3]
Definition: x509_common.c:91
const uint8_t SM2_WITH_SM3_OID[8]
Definition: sm2.c:44
X509OctetString oid
Definition: x509_common.h:1041
const uint8_t X509_CERTIFICATE_ISSUER_OID[3]
Definition: x509_common.c:101
const uint8_t ECDSA_WITH_SHA3_224_OID[9]
Definition: ecdsa.c:55
X509HashAlgo
Hash algorithms.
Definition: x509_common.h:621
const uint8_t X509_KP_CLIENT_AUTH_OID[8]
Definition: x509_common.c:132
const uint8_t ECDSA_WITH_SHA1_OID[7]
Definition: ecdsa.c:45
const uint8_t ECDSA_WITH_SHA224_OID[8]
Definition: ecdsa.c:47
@ X509_SIGN_ALGO_RSA
Definition: x509_common.h:606
const uint8_t X509_CRL_DISTR_POINTS_OID[3]
Definition: x509_common.c:105
const uint8_t SHA256_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:68
const uint8_t SECP192R1_OID[8]
Definition: ec_curves.c:64
const uint8_t ED448_OID[3]
Definition: ec_curves.c:102
const uint8_t ECDSA_WITH_SHA512_OID[8]
Definition: ecdsa.c:53
const uint8_t SECP384R1_OID[5]
Definition: ec_curves.c:74
Collection of hash algorithms.
const uint8_t ED25519_OID[3]
Definition: ec_curves.c:100
const uint8_t RSA_ENCRYPTION_OID[9]
Definition: rsa.c:57
const uint8_t X448_OID[3]
Definition: ec_curves.c:98
const uint8_t DSA_WITH_SHA3_384_OID[9]
Definition: dsa.c:67
@ X509_HASH_ALGO_SHA3_512
Definition: x509_common.h:632
#define SHA384_HASH_ALGO
Definition: sha384.h:45
const uint8_t SECP192K1_OID[5]
Definition: ec_curves.c:62
const uint8_t X509_KP_SSH_SERVER_OID[8]
Definition: x509_common.c:152
const uint8_t DSA_WITH_SHA3_224_OID[9]
Definition: dsa.c:63
@ X509_HASH_ALGO_MD5
Definition: x509_common.h:623
#define SHA3_256_HASH_ALGO
Definition: sha3_256.h:45
const uint8_t X509_FRESHEST_CRL_OID[3]
Definition: x509_common.c:117
const uint8_t SECP112R2_OID[5]
Definition: ec_curves.c:50
@ X509_SIGN_ALGO_RSA_PSS
Definition: x509_common.h:607
@ X509_KEY_TYPE_ED448
Definition: x509_common.h:595
@ X509_HASH_ALGO_SHA3_256
Definition: x509_common.h:630
@ X509_HASH_ALGO_SHA3_384
Definition: x509_common.h:631
const uint8_t X509_NAME_OID[3]
Definition: x509_common.c:64
const uint8_t SHA3_256_OID[9]
Definition: sha3_256.c:47
const uint8_t X509_AD_CA_ISSUERS[8]
Definition: x509_common.c:157
const uint8_t ECDSA_WITH_SHA3_384_OID[9]
Definition: ecdsa.c:59
@ X509_HASH_ALGO_SHA512
Definition: x509_common.h:628
const uint8_t X509_NS_CERT_TYPE_OID[9]
Definition: x509_common.c:125
@ X509_KEY_TYPE_DSA
Definition: x509_common.h:589
const uint8_t BRAINPOOLP224R1_OID[9]
Definition: ec_curves.c:82
const uint8_t FRP256V1_OID[10]
Definition: ec_curves.c:92
const uint8_t DSA_WITH_SHA1_OID[7]
Definition: dsa.c:53
const uint8_t DSA_WITH_SHA256_OID[9]
Definition: dsa.c:57
const uint8_t X509_GENERATION_QUALIFIER_OID[3]
Definition: x509_common.c:70
uint8_t oidLen
Definition: lldp_tlv.h:299
@ X509_HASH_ALGO_SHA384
Definition: x509_common.h:627
@ X509_HASH_ALGO_SHA256
Definition: x509_common.h:626
const uint8_t BRAINPOOLP192R1_OID[9]
Definition: ec_curves.c:80
const uint8_t SHA512_OID[9]
Definition: sha512.c:97
const uint8_t X509_KP_IPSEC_TUNNEL_OID[8]
Definition: x509_common.c:140
const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3]
Definition: x509_common.c:60
const uint8_t SECP160R2_OID[5]
Definition: ec_curves.c:60
const uint8_t X509_SURNAME_OID[3]
Definition: x509_common.c:48
const uint8_t SHA1_OID[5]
Definition: sha1.c:73
#define SHA224_HASH_ALGO
Definition: sha224.h:45
const uint8_t SHA224_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:66
const uint8_t X509_GIVEN_NAME_OID[3]
Definition: x509_common.c:66
const uint8_t X509_SUBJECT_KEY_ID_OID[3]
Definition: x509_common.c:81
const uint8_t * value
Definition: x509_common.h:654
Common interface for hash algorithms.
Definition: crypto.h:1046
@ X509_KEY_TYPE_UNKNOWN
Definition: x509_common.h:586
const uint8_t SHA224_OID[9]
Definition: sha224.c:47
const uint8_t X509_KP_IPSEC_END_SYSTEM_OID[8]
Definition: x509_common.c:138
@ ERROR_UNSUPPORTED_SIGNATURE_ALGO
Definition: error.h:132
@ X509_SIGN_ALGO_SM2
Definition: x509_common.h:610
@ X509_SIGN_ALGO_ED25519
Definition: x509_common.h:611
@ X509_KEY_TYPE_ED25519
Definition: x509_common.h:593
X509KeyType
Public Key types.
Definition: x509_common.h:585
@ X509_SIGN_ALGO_NONE
Definition: x509_common.h:605
X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length)
Get the public key type that matches the specified OID.
Definition: x509_common.c:829
const uint8_t SHA384_OID[9]
Definition: sha384.c:47
@ X509_HASH_ALGO_SM3
Definition: x509_common.h:633
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:1043
const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[]
Definition: x509_common.c:56
const uint8_t SHA1_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:64
#define SHA3_384_HASH_ALGO
Definition: sha3_384.h:45
Signature algorithm identifier.
Definition: x509_common.h:1040
@ NO_ERROR
Success.
Definition: error.h:44
const uint8_t SECP128R1_OID[5]
Definition: ec_curves.c:52
Debugging facilities.
@ X509_KEY_TYPE_X25519
Definition: x509_common.h:592
ASN.1 (Abstract Syntax Notation One)
@ X509_SIGN_ALGO_DSA
Definition: x509_common.h:608
@ X509_SIGN_ALGO_ED448
Definition: x509_common.h:612
const uint8_t BRAINPOOLP256R1_OID[9]
Definition: ec_curves.c:84
const uint8_t X509_KP_SSH_CLIENT_OID[8]
Definition: x509_common.c:150
const uint8_t SM2_OID[8]
Definition: ec_curves.c:94