x509_common.c
Go to the documentation of this file.
1 /**
2  * @file x509_common.c
3  * @brief X.509 common definitions
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2020 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.8
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkix/x509_common.h"
37 #include "encoding/asn1.h"
38 #include "encoding/oid.h"
39 #include "pkc/rsa.h"
40 #include "pkc/dsa.h"
41 #include "hash/md5.h"
42 #include "hash/sha1.h"
43 #include "hash/sha224.h"
44 #include "hash/sha256.h"
45 #include "hash/sha384.h"
46 #include "hash/sha512.h"
47 #include "debug.h"
48 
49 //SHA-3 dependencies
50 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
51  #include "hash/sha3_224.h"
52 #endif
53 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
54  #include "hash/sha3_256.h"
55 #endif
56 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
57  #include "hash/sha3_384.h"
58 #endif
59 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
60  #include "hash/sha3_512.h"
61 #endif
62 
63 //Check crypto library configuration
64 #if (X509_SUPPORT == ENABLED)
65 
66 //Common Name OID (2.5.4.3)
67 const uint8_t X509_COMMON_NAME_OID[3] = {0x55, 0x04, 0x03};
68 //Surname OID (2.5.4.4)
69 const uint8_t X509_SURNAME_OID[3] = {0x55, 0x04, 0x04};
70 //Serial Number OID (2.5.4.5)
71 const uint8_t X509_SERIAL_NUMBER_OID[3] = {0x55, 0x04, 0x05};
72 //Country Name OID (2.5.4.6)
73 const uint8_t X509_COUNTRY_NAME_OID[3] = {0x55, 0x04, 0x06};
74 //Locality Name OID (2.5.4.7)
75 const uint8_t X509_LOCALITY_NAME_OID[3] = {0x55, 0x04, 0x07};
76 //State Or Province Name OID (2.5.4.8)
77 const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[] = {0x55, 0x04, 0x08};
78 //Organization Name OID (2.5.4.10)
79 const uint8_t X509_ORGANIZATION_NAME_OID[3] = {0x55, 0x04, 0x0A};
80 //Organizational Unit Name OID (2.5.4.11)
81 const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3] = {0x55, 0x04, 0x0B};
82 //Title OID (2.5.4.12)
83 const uint8_t X509_TITLE_OID[3] = {0x55, 0x04, 0x0C};
84 //Name OID (2.5.4.41)
85 const uint8_t X509_NAME_OID[3] = {0x55, 0x04, 0x29};
86 //Given Name OID (2.5.4.42)
87 const uint8_t X509_GIVEN_NAME_OID[3] = {0x55, 0x04, 0x2A};
88 //Initials OID (2.5.4.43)
89 const uint8_t X509_INITIALS_OID[3] = {0x55, 0x04, 0x2B};
90 //Generation Qualifier OID (2.5.4.44)
91 const uint8_t X509_GENERATION_QUALIFIER_OID[3] = {0x55, 0x04, 0x2C};
92 //DN Qualifier OID (2.5.4.46)
93 const uint8_t X509_DN_QUALIFIER_OID[3] = {0x55, 0x04, 0x2E};
94 //Pseudonym OID (2.5.4.65)
95 const uint8_t X509_PSEUDONYM_OID[3] = {0x55, 0x04, 0x41};
96 
97 //Subject Directory Attributes OID (2.5.29.9)
98 const uint8_t X509_SUBJECT_DIRECTORY_ATTR_OID[3] = {0x55, 0x1D, 0x09};
99 //Subject Key Identifier OID (2.5.29.14)
100 const uint8_t X509_SUBJECT_KEY_ID_OID[3] = {0x55, 0x1D, 0x0E};
101 //Key Usage OID (2.5.29.15)
102 const uint8_t X509_KEY_USAGE_OID[3] = {0x55, 0x1D, 0x0F};
103 //Subject Alternative Name OID (2.5.29.17)
104 const uint8_t X509_SUBJECT_ALT_NAME_OID[3] = {0x55, 0x1D, 0x11};
105 //Issuer Alternative Name OID (2.5.29.18)
106 const uint8_t X509_ISSUER_ALT_NAME_OID[3] = {0x55, 0x1D, 0x12};
107 //Basic Constraints OID (2.5.29.19)
108 const uint8_t X509_BASIC_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x13};
109 //CRL Number OID (2.5.29.20)
110 const uint8_t X509_CRL_NUMBER_OID[3] = {0x55, 0x1D, 0x14};
111 //Reason Code OID (2.5.29.21)
112 const uint8_t X509_REASON_CODE_OID[3] = {0x55, 0x1D, 0x15};
113 //Invalidity Date OID (2.5.29.24)
114 const uint8_t X509_INVALIDITY_DATE_OID[3] = {0x55, 0x1D, 0x18};
115 //Delta CRL Indicator OID (2.5.29.27)
116 const uint8_t X509_DELTA_CRL_INDICATOR_OID[3] = {0x55, 0x1D, 0x1B};
117 //Issuing Distribution Point OID (2.5.29.28)
118 const uint8_t X509_ISSUING_DISTR_POINT_OID[3] = {0x55, 0x1D, 0x1C};
119 //Certificate Issuer OID (2.5.29.29)
120 const uint8_t X509_CERTIFICATE_ISSUER_OID[3] = {0x55, 0x1D, 0x1D};
121 //Name Constraints OID (2.5.29.30)
122 const uint8_t X509_NAME_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x1E};
123 //CRL Distribution Points OID (2.5.29.31)
124 const uint8_t X509_CRL_DISTR_POINTS_OID[3] = {0x55, 0x1D, 0x1F};
125 //Certificate Policies OID (2.5.29.32)
126 const uint8_t X509_CERTIFICATE_POLICIES_OID[3] = {0x55, 0x1D, 0x20};
127 //Policy Mappings OID (2.5.29.33)
128 const uint8_t X509_POLICY_MAPPINGS_OID[3] = {0x55, 0x1D, 0x21};
129 //Authority Key Identifier OID (2.5.29.35)
130 const uint8_t X509_AUTHORITY_KEY_ID_OID[3] = {0x55, 0x1D, 0x23};
131 //Policy Constraints OID (2.5.29.36)
132 const uint8_t X509_POLICY_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x24};
133 //Extended Key Usage OID (2.5.29.37)
134 const uint8_t X509_EXTENDED_KEY_USAGE_OID[3] = {0x55, 0x1D, 0x25};
135 //Freshest CRL OID (2.5.29.46)
136 const uint8_t X509_FRESHEST_CRL_OID[3] = {0x55, 0x1D, 0x2E};
137 //Inhibit Any-Policy OID (2.5.29.54)
138 const uint8_t X509_INHIBIT_ANY_POLICY_OID[3] = {0x55, 0x1D, 0x36};
139 
140 //Netscape Certificate Type OID (2.16.840.1.113730.1.1)
141 const uint8_t X509_NS_CERT_TYPE_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x01};
142 
143 //Any Extended Key Usage OID (2.5.29.37.0)
144 const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4] = {0x55, 0x1D, 0x25, 0x00};
145 //Key Purpose Server Auth OID (1.3.6.1.5.5.7.3.1)
146 const uint8_t X509_KP_SERVER_AUTH_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01};
147 //Key Purpose Client Auth OID (1.3.6.1.5.5.7.3.2)
148 const uint8_t X509_KP_CLIENT_AUTH_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02};
149 //Key Purpose Code Signing OID (1.3.6.1.5.5.7.3.3)
150 const uint8_t X509_KP_CODE_SIGNING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03};
151 //Key Purpose Email Protection OID (1.3.6.1.5.5.7.3.4)
152 const uint8_t X509_KP_EMAIL_PROTECTION_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04};
153 //Key Purpose Time Stamping OID (1.3.6.1.5.5.7.3.8)
154 const uint8_t X509_KP_TIME_STAMPING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08};
155 //Key Purpose OCSP Signing OID (1.3.6.1.5.5.7.3.9)
156 const uint8_t X509_KP_OCSP_SIGNING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09};
157 
158 //PKCS#9 Challenge Password OID (1.2.840.113549.1.9.7)
159 const uint8_t X509_CHALLENGE_PASSWORD_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07};
160 //PKCS#9 Extension Request OID (1.2.840.113549.1.9.14)
161 const uint8_t X509_EXTENSION_REQUEST_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E};
162 
163 
164 /**
165  * @brief Check whether a given signature algorithm is supported
166  * @param[in] signAlgo signature algorithm
167  * @return TRUE is the signature algorithm is supported, else FALSE
168  **/
169 
170 bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
171 {
172  bool_t acceptable;
173 
174  //Invalid signature algorithm?
175  if(signAlgo == X509_SIGN_ALGO_NONE)
176  {
177  acceptable = FALSE;
178  }
179 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
180  //RSA signature algorithm?
181  else if(signAlgo == X509_SIGN_ALGO_RSA)
182  {
183  acceptable = TRUE;
184  }
185 #endif
186 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
187  //RSA-PSS signature algorithm?
188  else if(signAlgo == X509_SIGN_ALGO_RSA_PSS)
189  {
190  acceptable = TRUE;
191  }
192 #endif
193 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
194  //DSA signature algorithm?
195  else if(signAlgo == X509_SIGN_ALGO_DSA)
196  {
197  acceptable = TRUE;
198  }
199 #endif
200 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
201  //ECDSA signature algorithm?
202  else if(signAlgo == X509_SIGN_ALGO_ECDSA)
203  {
204  acceptable = TRUE;
205  }
206 #endif
207 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
208  //Ed25519 signature algorithm?
209  else if(signAlgo == X509_SIGN_ALGO_ED25519)
210  {
211  acceptable = TRUE;
212  }
213 #endif
214 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
215  //Ed448 signature algorithm?
216  else if(signAlgo == X509_SIGN_ALGO_ED448)
217  {
218  acceptable = TRUE;
219  }
220 #endif
221  //Invalid signature algorithm?
222  else
223  {
224  acceptable = FALSE;
225  }
226 
227  //Return TRUE is the signature algorithm is supported
228  return acceptable;
229 }
230 
231 
232 /**
233  * @brief Check whether a given hash algorithm is supported
234  * @param[in] hashAlgo signature hash
235  * @return TRUE is the signature hash is supported, else FALSE
236  **/
237 
238 bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
239 {
240  bool_t acceptable;
241 
242  //Invalid hash algorithm?
243  if(hashAlgo == X509_HASH_ALGO_NONE)
244  {
245  acceptable = FALSE;
246  }
247 #if (X509_MD5_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
248  //MD5 hash algorithm?
249  else if(hashAlgo == X509_HASH_ALGO_MD5)
250  {
251  acceptable = TRUE;
252  }
253 #endif
254 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
255  //SHA-1 hash algorithm?
256  else if(hashAlgo == X509_HASH_ALGO_SHA1)
257  {
258  acceptable = TRUE;
259  }
260 #endif
261 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
262  //SHA-224 hash algorithm?
263  else if(hashAlgo == X509_HASH_ALGO_SHA224)
264  {
265  acceptable = TRUE;
266  }
267 #endif
268 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
269  //SHA-256 hash algorithm?
270  else if(hashAlgo == X509_HASH_ALGO_SHA256)
271  {
272  acceptable = TRUE;
273  }
274 #endif
275 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
276  //SHA-384 hash algorithm?
277  else if(hashAlgo == X509_HASH_ALGO_SHA384)
278  {
279  acceptable = TRUE;
280  }
281 #endif
282 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
283  //SHA-512 hash algorithm?
284  else if(hashAlgo == X509_HASH_ALGO_SHA512)
285  {
286  acceptable = TRUE;
287  }
288 #endif
289 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
290  //SHA3-224 hash algorithm?
291  else if(hashAlgo == X509_HASH_ALGO_SHA3_224)
292  {
293  acceptable = TRUE;
294  }
295 #endif
296 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
297  //SHA3-256 hash algorithm?
298  else if(hashAlgo == X509_HASH_ALGO_SHA3_256)
299  {
300  acceptable = TRUE;
301  }
302 #endif
303 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
304  //SHA3-384 hash algorithm?
305  else if(hashAlgo == X509_HASH_ALGO_SHA3_384)
306  {
307  acceptable = TRUE;
308  }
309 #endif
310 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
311  //SHA3-512 hash algorithm?
312  else if(hashAlgo == X509_HASH_ALGO_SHA3_512)
313  {
314  acceptable = TRUE;
315  }
316 #endif
317  //Invalid hash algorithm?
318  else
319  {
320  acceptable = FALSE;
321  }
322 
323  //Return TRUE is the hash algorithm is supported
324  return acceptable;
325 }
326 
327 
328 /**
329  * @brief Get the signature and hash algorithms that match the specified
330  * identifier
331  * @param[in] signAlgoId Signature algorithm identifier
332  * @param[out] signAlgo Signature algorithm
333  * @param[out] hashAlgo Hash algorithm
334  * @return Error code
335  **/
336 
337 error_t x509GetSignHashAlgo(const X509SignatureAlgoId *signAlgoId,
338  X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
339 {
340  error_t error;
341  size_t oidLen;
342  const uint8_t *oid;
343 
344  //Initialize status code
345  error = NO_ERROR;
346 
347  //Point to the object identifier
348  oid = signAlgoId->oid;
349  oidLen = signAlgoId->oidLen;
350 
351 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
352 #if (X509_MD5_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
353  //RSA with MD5 signature algorithm?
354  if(!oidComp(oid, oidLen, MD5_WITH_RSA_ENCRYPTION_OID,
355  sizeof(MD5_WITH_RSA_ENCRYPTION_OID)))
356  {
357  *signAlgo = X509_SIGN_ALGO_RSA;
358  *hashAlgo = MD5_HASH_ALGO;
359  }
360  else
361 #endif
362 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
363  //RSA with SHA-1 signature algorithm?
364  if(!oidComp(oid, oidLen, SHA1_WITH_RSA_ENCRYPTION_OID,
365  sizeof(SHA1_WITH_RSA_ENCRYPTION_OID)))
366  {
367  *signAlgo = X509_SIGN_ALGO_RSA;
368  *hashAlgo = SHA1_HASH_ALGO;
369  }
370  else
371 #endif
372 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
373  //RSA with SHA-224 signature algorithm?
374  if(!oidComp(oid, oidLen, SHA224_WITH_RSA_ENCRYPTION_OID,
375  sizeof(SHA224_WITH_RSA_ENCRYPTION_OID)))
376  {
377  *signAlgo = X509_SIGN_ALGO_RSA;
378  *hashAlgo = SHA224_HASH_ALGO;
379  }
380  else
381 #endif
382 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
383  //RSA with SHA-256 signature algorithm?
384  if(!oidComp(oid, oidLen, SHA256_WITH_RSA_ENCRYPTION_OID,
385  sizeof(SHA256_WITH_RSA_ENCRYPTION_OID)))
386  {
387  *signAlgo = X509_SIGN_ALGO_RSA;
388  *hashAlgo = SHA256_HASH_ALGO;
389  }
390  else
391 #endif
392 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
393  //RSA with SHA-384 signature algorithm?
394  if(!oidComp(oid, oidLen, SHA384_WITH_RSA_ENCRYPTION_OID,
395  sizeof(SHA384_WITH_RSA_ENCRYPTION_OID)))
396  {
397  *signAlgo = X509_SIGN_ALGO_RSA;
398  *hashAlgo = SHA384_HASH_ALGO;
399  }
400  else
401 #endif
402 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
403  //RSA with SHA-512 signature algorithm?
404  if(!oidComp(oid, oidLen, SHA512_WITH_RSA_ENCRYPTION_OID,
405  sizeof(SHA512_WITH_RSA_ENCRYPTION_OID)))
406  {
407  *signAlgo = X509_SIGN_ALGO_RSA;
408  *hashAlgo = SHA512_HASH_ALGO;
409  }
410  else
411 #endif
412 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
413  //RSA with SHA3-224 signature algorithm?
414  if(!oidComp(oid, oidLen, RSASSA_PKCS1_V1_5_WITH_SHA3_224_OID,
415  sizeof(RSASSA_PKCS1_V1_5_WITH_SHA3_224_OID)))
416  {
417  *signAlgo = X509_SIGN_ALGO_RSA;
418  *hashAlgo = SHA3_224_HASH_ALGO;
419  }
420  else
421 #endif
422 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
423  //RSA with SHA3-256 signature algorithm?
424  if(!oidComp(oid, oidLen, RSASSA_PKCS1_V1_5_WITH_SHA3_256_OID,
425  sizeof(RSASSA_PKCS1_V1_5_WITH_SHA3_256_OID)))
426  {
427  *signAlgo = X509_SIGN_ALGO_RSA;
428  *hashAlgo = SHA3_256_HASH_ALGO;
429  }
430  else
431 #endif
432 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
433  //RSA with SHA3-384 signature algorithm?
434  if(!oidComp(oid, oidLen, RSASSA_PKCS1_V1_5_WITH_SHA3_384_OID,
435  sizeof(RSASSA_PKCS1_V1_5_WITH_SHA3_384_OID)))
436  {
437  *signAlgo = X509_SIGN_ALGO_RSA;
438  *hashAlgo = SHA3_384_HASH_ALGO;
439  }
440  else
441 #endif
442 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
443  //RSA with SHA3-512 signature algorithm?
444  if(!oidComp(oid, oidLen, RSASSA_PKCS1_V1_5_WITH_SHA3_512_OID,
445  sizeof(RSASSA_PKCS1_V1_5_WITH_SHA3_512_OID)))
446  {
447  *signAlgo = X509_SIGN_ALGO_RSA;
448  *hashAlgo = SHA3_512_HASH_ALGO;
449  }
450  else
451 #endif
452 #endif
453 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
454  //RSA-PSS signature algorithm
455  if(!oidComp(oid, oidLen, RSASSA_PSS_OID,
456  sizeof(RSASSA_PSS_OID)))
457  {
458  //Get the OID of the hash algorithm
459  oid = signAlgoId->rsaPssParams.hashAlgo;
460  oidLen = signAlgoId->rsaPssParams.hashAlgoLen;
461 
462 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
463  //SHA-1 hash algorithm identifier?
464  if(!oidComp(oid, oidLen, SHA1_OID, sizeof(SHA1_OID)))
465  {
466  //RSA-PSS with SHA-1 signature algorithm
467  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
468  *hashAlgo = SHA1_HASH_ALGO;
469  }
470  else
471 #endif
472 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
473  //SHA-224 hash algorithm identifier?
474  if(!oidComp(oid, oidLen, SHA224_OID, sizeof(SHA224_OID)))
475  {
476  //RSA-PSS with SHA-224 signature algorithm
477  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
478  *hashAlgo = SHA224_HASH_ALGO;
479  }
480  else
481 #endif
482 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
483  //SHA-256 hash algorithm identifier?
484  if(!oidComp(oid, oidLen, SHA256_OID, sizeof(SHA256_OID)))
485  {
486  //RSA-PSS with SHA-256 signature algorithm
487  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
488  *hashAlgo = SHA256_HASH_ALGO;
489  }
490  else
491 #endif
492 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
493  //SHA-384 hash algorithm identifier?
494  if(!oidComp(oid, oidLen, SHA384_OID, sizeof(SHA384_OID)))
495  {
496  //RSA-PSS with SHA-384 signature algorithm
497  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
498  *hashAlgo = SHA384_HASH_ALGO;
499  }
500  else
501 #endif
502 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
503  //SHA-512 hash algorithm identifier?
504  if(!oidComp(oid, oidLen, SHA512_OID, sizeof(SHA512_OID)))
505  {
506  //RSA-PSS with SHA-512 signature algorithm
507  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
508  *hashAlgo = SHA512_HASH_ALGO;
509  }
510  else
511 #endif
512 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
513  //SHA3-224 hash algorithm identifier?
514  if(!oidComp(oid, oidLen, SHA3_224_OID, sizeof(SHA3_224_OID)))
515  {
516  //RSA-PSS with SHA3-224 signature algorithm
517  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
518  *hashAlgo = SHA3_224_HASH_ALGO;
519  }
520  else
521 #endif
522 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
523  //SHA3-256 hash algorithm identifier?
524  if(!oidComp(oid, oidLen, SHA3_256_OID, sizeof(SHA3_256_OID)))
525  {
526  //RSA-PSS with SHA3-256 signature algorithm
527  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
528  *hashAlgo = SHA3_256_HASH_ALGO;
529  }
530  else
531 #endif
532 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
533  //SHA3-384 hash algorithm identifier?
534  if(!oidComp(oid, oidLen, SHA3_384_OID, sizeof(SHA3_384_OID)))
535  {
536  //RSA-PSS with SHA3-384 signature algorithm
537  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
538  *hashAlgo = SHA3_384_HASH_ALGO;
539  }
540  else
541 #endif
542 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
543  //SHA3-512 hash algorithm identifier?
544  if(!oidComp(oid, oidLen, SHA3_512_OID, sizeof(SHA3_512_OID)))
545  {
546  //RSA-PSS with SHA3-512 signature algorithm
547  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
548  *hashAlgo = SHA3_512_HASH_ALGO;
549  }
550  else
551 #endif
552  //Unknown hash algorithm identifier?
553  {
554  //The specified signature algorithm is not supported
555  error = ERROR_UNSUPPORTED_SIGNATURE_ALGO;
556  }
557  }
558  else
559 #endif
560 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
561 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
562  //DSA with SHA-1 signature algorithm?
563  if(!oidComp(oid, oidLen, DSA_WITH_SHA1_OID,
564  sizeof(DSA_WITH_SHA1_OID)))
565  {
566  *signAlgo = X509_SIGN_ALGO_DSA;
567  *hashAlgo = SHA1_HASH_ALGO;
568  }
569  else
570 #endif
571 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
572  //DSA with SHA-224 signature algorithm?
573  if(!oidComp(oid, oidLen, DSA_WITH_SHA224_OID,
574  sizeof(DSA_WITH_SHA224_OID)))
575  {
576  *signAlgo = X509_SIGN_ALGO_DSA;
577  *hashAlgo = SHA224_HASH_ALGO;
578  }
579  else
580 #endif
581 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
582  //DSA with SHA-256 signature algorithm?
583  if(!oidComp(oid, oidLen, DSA_WITH_SHA256_OID,
584  sizeof(DSA_WITH_SHA256_OID)))
585  {
586  *signAlgo = X509_SIGN_ALGO_DSA;
587  *hashAlgo = SHA256_HASH_ALGO;
588  }
589  else
590 #endif
591 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
592  //DSA with SHA-384 signature algorithm?
593  if(!oidComp(oid, oidLen, DSA_WITH_SHA384_OID,
594  sizeof(DSA_WITH_SHA384_OID)))
595  {
596  *signAlgo = X509_SIGN_ALGO_DSA;
597  *hashAlgo = SHA384_HASH_ALGO;
598  }
599  else
600 #endif
601 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
602  //DSA with SHA-512 signature algorithm?
603  if(!oidComp(oid, oidLen, DSA_WITH_SHA512_OID,
604  sizeof(DSA_WITH_SHA512_OID)))
605  {
606  *signAlgo = X509_SIGN_ALGO_DSA;
607  *hashAlgo = SHA512_HASH_ALGO;
608  }
609  else
610 #endif
611 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
612  //DSA with SHA3-224 signature algorithm?
613  if(!oidComp(oid, oidLen, DSA_WITH_SHA3_224_OID,
614  sizeof(DSA_WITH_SHA3_224_OID)))
615  {
616  *signAlgo = X509_SIGN_ALGO_DSA;
617  *hashAlgo = SHA3_224_HASH_ALGO;
618  }
619  else
620 #endif
621 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
622  //DSA with SHA3-256 signature algorithm?
623  if(!oidComp(oid, oidLen, DSA_WITH_SHA3_256_OID,
624  sizeof(DSA_WITH_SHA3_256_OID)))
625  {
626  *signAlgo = X509_SIGN_ALGO_DSA;
627  *hashAlgo = SHA3_256_HASH_ALGO;
628  }
629  else
630 #endif
631 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
632  //DSA with SHA3-384 signature algorithm?
633  if(!oidComp(oid, oidLen, DSA_WITH_SHA3_384_OID,
634  sizeof(DSA_WITH_SHA3_384_OID)))
635  {
636  *signAlgo = X509_SIGN_ALGO_DSA;
637  *hashAlgo = SHA3_384_HASH_ALGO;
638  }
639  else
640 #endif
641 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
642  //DSA with SHA3-512 signature algorithm?
643  if(!oidComp(oid, oidLen, DSA_WITH_SHA3_512_OID,
644  sizeof(DSA_WITH_SHA3_512_OID)))
645  {
646  *signAlgo = X509_SIGN_ALGO_DSA;
647  *hashAlgo = SHA3_512_HASH_ALGO;
648  }
649  else
650 #endif
651 #endif
652 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
653 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
654  //ECDSA with SHA-1 signature algorithm?
655  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA1_OID,
656  sizeof(ECDSA_WITH_SHA1_OID)))
657  {
658  *signAlgo = X509_SIGN_ALGO_ECDSA;
659  *hashAlgo = SHA1_HASH_ALGO;
660  }
661  else
662 #endif
663 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
664  //ECDSA with SHA-224 signature algorithm?
665  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA224_OID,
666  sizeof(ECDSA_WITH_SHA224_OID)))
667  {
668  *signAlgo = X509_SIGN_ALGO_ECDSA;
669  *hashAlgo = SHA224_HASH_ALGO;
670  }
671  else
672 #endif
673 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
674  //ECDSA with SHA-256 signature algorithm?
675  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA256_OID,
676  sizeof(ECDSA_WITH_SHA256_OID)))
677  {
678  *signAlgo = X509_SIGN_ALGO_ECDSA;
679  *hashAlgo = SHA256_HASH_ALGO;
680  }
681  else
682 #endif
683 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
684  //ECDSA with SHA-384 signature algorithm?
685  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA384_OID,
686  sizeof(ECDSA_WITH_SHA384_OID)))
687  {
688  *signAlgo = X509_SIGN_ALGO_ECDSA;
689  *hashAlgo = SHA384_HASH_ALGO;
690  }
691  else
692 #endif
693 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
694  //ECDSA with SHA-512 signature algorithm?
695  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA512_OID,
696  sizeof(ECDSA_WITH_SHA512_OID)))
697  {
698  *signAlgo = X509_SIGN_ALGO_ECDSA;
699  *hashAlgo = SHA512_HASH_ALGO;
700  }
701  else
702 #endif
703 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
704  //ECDSA with SHA3-224 signature algorithm?
705  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA3_224_OID,
706  sizeof(ECDSA_WITH_SHA3_224_OID)))
707  {
708  *signAlgo = X509_SIGN_ALGO_ECDSA;
709  *hashAlgo = SHA3_224_HASH_ALGO;
710  }
711  else
712 #endif
713 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
714  //ECDSA with SHA3-256 signature algorithm?
715  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA3_256_OID,
716  sizeof(ECDSA_WITH_SHA3_256_OID)))
717  {
718  *signAlgo = X509_SIGN_ALGO_ECDSA;
719  *hashAlgo = SHA3_256_HASH_ALGO;
720  }
721  else
722 #endif
723 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
724  //ECDSA with SHA3-384 signature algorithm?
725  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA3_384_OID,
726  sizeof(ECDSA_WITH_SHA3_384_OID)))
727  {
728  *signAlgo = X509_SIGN_ALGO_ECDSA;
729  *hashAlgo = SHA3_384_HASH_ALGO;
730  }
731  else
732 #endif
733 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
734  //ECDSA with SHA3-512 signature algorithm?
735  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA3_512_OID,
736  sizeof(ECDSA_WITH_SHA3_512_OID)))
737  {
738  *signAlgo = X509_SIGN_ALGO_ECDSA;
739  *hashAlgo = SHA3_512_HASH_ALGO;
740  }
741  else
742 #endif
743 #endif
744 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
745  //Ed25519 signature algorithm?
746  if(!oidComp(oid, oidLen, ED25519_OID, sizeof(ED25519_OID)))
747  {
748  *signAlgo = X509_SIGN_ALGO_ED25519;
749  *hashAlgo = NULL;
750  }
751  else
752 #endif
753 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
754  //Ed448 signature algorithm?
755  if(!oidComp(oid, oidLen, ED448_OID, sizeof(ED448_OID)))
756  {
757  *signAlgo = X509_SIGN_ALGO_ED448;
758  *hashAlgo = NULL;
759  }
760  else
761 #endif
762  //Unknown signature algorithm?
763  {
764  error = ERROR_UNSUPPORTED_SIGNATURE_ALGO;
765  }
766 
767  //Return status code
768  return error;
769 }
770 
771 
772 /**
773  * @brief Get the public key type that matches the specified OID
774  * @param[in] oid Object identifier
775  * @param[in] length OID length
776  * @return Public key type
777  **/
778 
779 X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length)
780 {
781  X509KeyType keyType;
782 
783  //Invalid parameters?
784  if(oid == NULL || length == 0)
785  {
786  keyType = X509_KEY_TYPE_UNKNOWN;
787  }
788 #if (RSA_SUPPORT == ENABLED)
789  //RSA algorithm identifier?
790  else if(!oidComp(oid, length, RSA_ENCRYPTION_OID, sizeof(RSA_ENCRYPTION_OID)))
791  {
792  keyType = X509_KEY_TYPE_RSA;
793  }
794  //RSA-PSS algorithm identifier?
795  else if(!oidComp(oid, length, RSASSA_PSS_OID, sizeof(RSASSA_PSS_OID)))
796  {
797  keyType = X509_KEY_TYPE_RSA_PSS;
798  }
799 #endif
800 #if (DSA_SUPPORT == ENABLED)
801  //DSA algorithm identifier?
802  else if(!oidComp(oid, length, DSA_OID, sizeof(DSA_OID)))
803  {
804  keyType = X509_KEY_TYPE_DSA;
805  }
806 #endif
807 #if (EC_SUPPORT == ENABLED)
808  //EC public key identifier?
809  else if(!oidComp(oid, length, EC_PUBLIC_KEY_OID, sizeof(EC_PUBLIC_KEY_OID)))
810  {
811  keyType = X509_KEY_TYPE_EC;
812  }
813 #endif
814 #if (X25519_SUPPORT == ENABLED)
815  //X25519 algorithm identifier?
816  else if(!oidComp(oid, length, X25519_OID, sizeof(X25519_OID)))
817  {
818  keyType = X509_KEY_TYPE_X25519;
819  }
820 #endif
821 #if (ED25519_SUPPORT == ENABLED)
822  //Ed25519 algorithm identifier?
823  else if(!oidComp(oid, length, ED25519_OID, sizeof(ED25519_OID)))
824  {
825  keyType = X509_KEY_TYPE_ED25519;
826  }
827 #endif
828 #if (X448_SUPPORT == ENABLED)
829  //X448 algorithm identifier?
830  else if(!oidComp(oid, length, X448_OID, sizeof(X448_OID)))
831  {
832  keyType = X509_KEY_TYPE_X448;
833  }
834 #endif
835 #if (ED448_SUPPORT == ENABLED)
836  //Ed448 algorithm identifier?
837  else if(!oidComp(oid, length, ED448_OID, sizeof(ED448_OID)))
838  {
839  keyType = X509_KEY_TYPE_ED448;
840  }
841 #endif
842  //Unknown algorithm identifier?
843  else
844  {
845  keyType = X509_KEY_TYPE_UNKNOWN;
846  }
847 
848  //Return public key type
849  return keyType;
850 }
851 
852 
853 /**
854  * @brief Get the elliptic curve that matches the specified OID
855  * @param[in] oid Object identifier
856  * @param[in] length OID length
857  * @return Elliptic curve domain parameters
858  **/
859 
860 const EcCurveInfo *x509GetCurveInfo(const uint8_t *oid, size_t length)
861 {
862  const EcCurveInfo *curveInfo;
863 
864  //Default elliptic curve domain parameters
865  curveInfo = NULL;
866 
867 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
868  //Invalid parameters?
869  if(oid == NULL || length == 0)
870  {
871  curveInfo = NULL;
872  }
873 #if (X509_SECP112R1_SUPPORT == ENABLED)
874  //secp112r1 elliptic curve?
875  else if(!oidComp(oid, length, SECP112R1_OID, sizeof(SECP112R1_OID)))
876  {
877  curveInfo = ecGetCurveInfo(oid, length);
878  }
879 #endif
880 #if (X509_SECP112R2_SUPPORT == ENABLED)
881  //secp112r2 elliptic curve?
882  else if(!oidComp(oid, length, SECP112R2_OID, sizeof(SECP112R2_OID)))
883  {
884  curveInfo = ecGetCurveInfo(oid, length);
885  }
886 #endif
887 #if (X509_SECP128R1_SUPPORT == ENABLED)
888  //secp128r1 elliptic curve?
889  else if(!oidComp(oid, length, SECP128R1_OID, sizeof(SECP128R1_OID)))
890  {
891  curveInfo = ecGetCurveInfo(oid, length);
892  }
893 #endif
894 #if (X509_SECP128R2_SUPPORT == ENABLED)
895  //secp128r2 elliptic curve?
896  else if(!oidComp(oid, length, SECP128R2_OID, sizeof(SECP128R2_OID)))
897  {
898  curveInfo = ecGetCurveInfo(oid, length);
899  }
900 #endif
901 #if (X509_SECP160K1_SUPPORT == ENABLED)
902  //secp160k1 elliptic curve?
903  else if(!oidComp(oid, length, SECP160K1_OID, sizeof(SECP160K1_OID)))
904  {
905  curveInfo = ecGetCurveInfo(oid, length);
906  }
907 #endif
908 #if (X509_SECP160R1_SUPPORT == ENABLED)
909  //secp160r1 elliptic curve?
910  else if(!oidComp(oid, length, SECP160R1_OID, sizeof(SECP160R1_OID)))
911  {
912  curveInfo = ecGetCurveInfo(oid, length);
913  }
914 #endif
915 #if (X509_SECP160R2_SUPPORT == ENABLED)
916  //secp160r2 elliptic curve?
917  else if(!oidComp(oid, length, SECP160R2_OID, sizeof(SECP160R2_OID)))
918  {
919  curveInfo = ecGetCurveInfo(oid, length);
920  }
921 #endif
922 #if (X509_SECP192K1_SUPPORT == ENABLED)
923  //secp192k1 elliptic curve?
924  else if(!oidComp(oid, length, SECP192K1_OID, sizeof(SECP192K1_OID)))
925  {
926  curveInfo = ecGetCurveInfo(oid, length);
927  }
928 #endif
929 #if (X509_SECP192R1_SUPPORT == ENABLED)
930  //secp192r1 elliptic curve?
931  else if(!oidComp(oid, length, SECP192R1_OID, sizeof(SECP192R1_OID)))
932  {
933  curveInfo = ecGetCurveInfo(oid, length);
934  }
935 #endif
936 #if (X509_SECP224K1_SUPPORT == ENABLED)
937  //secp224k1 elliptic curve?
938  else if(!oidComp(oid, length, SECP224K1_OID, sizeof(SECP224K1_OID)))
939  {
940  curveInfo = ecGetCurveInfo(oid, length);
941  }
942 #endif
943 #if (X509_SECP224R1_SUPPORT == ENABLED)
944  //secp224r1 elliptic curve?
945  else if(!oidComp(oid, length, SECP224R1_OID, sizeof(SECP224R1_OID)))
946  {
947  curveInfo = ecGetCurveInfo(oid, length);
948  }
949 #endif
950 #if (X509_SECP256K1_SUPPORT == ENABLED)
951  //secp256k1 elliptic curve?
952  else if(!oidComp(oid, length, SECP256K1_OID, sizeof(SECP256K1_OID)))
953  {
954  curveInfo = ecGetCurveInfo(oid, length);
955  }
956 #endif
957 #if (X509_SECP256R1_SUPPORT == ENABLED)
958  //secp256r1 elliptic curve?
959  else if(!oidComp(oid, length, SECP256R1_OID, sizeof(SECP256R1_OID)))
960  {
961  curveInfo = ecGetCurveInfo(oid, length);
962  }
963 #endif
964 #if (X509_SECP384R1_SUPPORT == ENABLED)
965  //secp384r1 elliptic curve?
966  else if(!oidComp(oid, length, SECP384R1_OID, sizeof(SECP384R1_OID)))
967  {
968  curveInfo = ecGetCurveInfo(oid, length);
969  }
970 #endif
971 #if (X509_SECP521R1_SUPPORT == ENABLED)
972  //secp521r1 elliptic curve?
973  else if(!oidComp(oid, length, SECP521R1_OID, sizeof(SECP521R1_OID)))
974  {
975  curveInfo = ecGetCurveInfo(oid, length);
976  }
977 #endif
978 #if (X509_BRAINPOOLP160R1_SUPPORT == ENABLED)
979  //brainpoolP160r1 elliptic curve?
980  else if(!oidComp(oid, length, BRAINPOOLP160R1_OID, sizeof(BRAINPOOLP160R1_OID)))
981  {
982  curveInfo = ecGetCurveInfo(oid, length);
983  }
984 #endif
985 #if (X509_BRAINPOOLP192R1_SUPPORT == ENABLED)
986  //brainpoolP192r1 elliptic curve?
987  else if(!oidComp(oid, length, BRAINPOOLP192R1_OID, sizeof(BRAINPOOLP192R1_OID)))
988  {
989  curveInfo = ecGetCurveInfo(oid, length);
990  }
991 #endif
992 #if (X509_BRAINPOOLP224R1_SUPPORT == ENABLED)
993  //brainpoolP224r1 elliptic curve?
994  else if(!oidComp(oid, length, BRAINPOOLP224R1_OID, sizeof(BRAINPOOLP224R1_OID)))
995  {
996  curveInfo = ecGetCurveInfo(oid, length);
997  }
998 #endif
999 #if (X509_BRAINPOOLP256R1_SUPPORT == ENABLED)
1000  //brainpoolP256r1 elliptic curve?
1001  else if(!oidComp(oid, length, BRAINPOOLP256R1_OID, sizeof(BRAINPOOLP256R1_OID)))
1002  {
1003  curveInfo = ecGetCurveInfo(oid, length);
1004  }
1005 #endif
1006 #if (X509_BRAINPOOLP320R1_SUPPORT == ENABLED)
1007  //brainpoolP320r1 elliptic curve?
1008  else if(!oidComp(oid, length, BRAINPOOLP320R1_OID, sizeof(BRAINPOOLP320R1_OID)))
1009  {
1010  curveInfo = ecGetCurveInfo(oid, length);
1011  }
1012 #endif
1013 #if (X509_BRAINPOOLP384R1_SUPPORT == ENABLED)
1014  //brainpoolP384r1 elliptic curve?
1015  else if(!oidComp(oid, length, BRAINPOOLP384R1_OID, sizeof(BRAINPOOLP384R1_OID)))
1016  {
1017  curveInfo = ecGetCurveInfo(oid, length);
1018  }
1019 #endif
1020 #if (X509_BRAINPOOLP512R1_SUPPORT == ENABLED)
1021  //brainpoolP512r1 elliptic curve?
1022  else if(!oidComp(oid, length, BRAINPOOLP512R1_OID, sizeof(BRAINPOOLP512R1_OID)))
1023  {
1024  curveInfo = ecGetCurveInfo(oid, length);
1025  }
1026 #endif
1027 #if (X509_ED25519_SUPPORT == ENABLED)
1028  //Ed25519 elliptic curve?
1029  else if(!oidComp(oid, length, ED25519_OID, sizeof(ED25519_OID)))
1030  {
1031  curveInfo = ecGetCurveInfo(oid, length);
1032  }
1033 #endif
1034 #if (X509_ED448_SUPPORT == ENABLED)
1035  //Ed448 elliptic curve?
1036  else if(!oidComp(oid, length, ED448_OID, sizeof(ED448_OID)))
1037  {
1038  curveInfo = ecGetCurveInfo(oid, length);
1039  }
1040 #endif
1041  //Unknown elliptic curve?
1042  else
1043  {
1044  curveInfo = NULL;
1045  }
1046 #endif
1047 
1048  //Return the elliptic curve domain parameters, if any
1049  return curveInfo;
1050 }
1051 
1052 #endif
X509_POLICY_MAPPINGS_OID
const uint8_t X509_POLICY_MAPPINGS_OID[3]
Definition: x509_common.c:128
length
uint8_t length
Definition: coap_common.h:190
SHA3_512_HASH_ALGO
#define SHA3_512_HASH_ALGO
Definition: sha3_512.h:47
SHA3_384_OID
#define SHA3_384_OID
Definition: sha3_384.h:45
x509_common.h
X.509 common definitions.
X509_KEY_TYPE_RSA
Definition: x509_common.h:513
SHA3_224_OID
#define SHA3_224_OID
Definition: sha3_224.h:45
X509_CERTIFICATE_POLICIES_OID
const uint8_t X509_CERTIFICATE_POLICIES_OID[3]
Definition: x509_common.c:126
sha3_512.h
SHA3-512 hash function (SHA-3 with 512-bit output)
X509SignatureAlgoId::oid
const uint8_t * oid
Definition: x509_common.h:887
RSASSA_PKCS1_V1_5_WITH_SHA3_512_OID
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_512_OID[9]
Definition: rsa.c:85
SHA256_HASH_ALGO
#define SHA256_HASH_ALGO
Definition: sha256.h:46
bool_t
int bool_t
Definition: compiler_port.h:49
SHA512_OID
#define SHA512_OID
Definition: sha512.h:44
ecGetCurveInfo
const EcCurveInfo * ecGetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: ec_curves.c:2172
SHA1_HASH_ALGO
#define SHA1_HASH_ALGO
Definition: sha1.h:46
X509_KP_SERVER_AUTH_OID
const uint8_t X509_KP_SERVER_AUTH_OID[8]
Definition: x509_common.c:146
DSA_WITH_SHA224_OID
const uint8_t DSA_WITH_SHA224_OID[9]
Definition: dsa.c:55
x509IsSignAlgoSupported
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
Definition: x509_common.c:170
x509IsHashAlgoSupported
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
Definition: x509_common.c:238
X509_ISSUER_ALT_NAME_OID
const uint8_t X509_ISSUER_ALT_NAME_OID[3]
Definition: x509_common.c:106
SHA512_HASH_ALGO
#define SHA512_HASH_ALGO
Definition: sha512.h:46
x509GetCurveInfo
const EcCurveInfo * x509GetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: x509_common.c:860
X25519_OID
const uint8_t X25519_OID[3]
Definition: ec_curves.c:92
MD5_WITH_RSA_ENCRYPTION_OID
const uint8_t MD5_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:62
X509_SUBJECT_ALT_NAME_OID
const uint8_t X509_SUBJECT_ALT_NAME_OID[3]
Definition: x509_common.c:104
SHA512_WITH_RSA_ENCRYPTION_OID
const uint8_t SHA512_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:72
X509_SUBJECT_DIRECTORY_ATTR_OID
const uint8_t X509_SUBJECT_DIRECTORY_ATTR_OID[3]
Definition: x509_common.c:98
X509_KEY_TYPE_X448
Definition: x509_common.h:519
X509SignatureAlgoId
Signature algorithm identifier.
Definition: x509_common.h:885
X509_ORGANIZATION_NAME_OID
const uint8_t X509_ORGANIZATION_NAME_OID[3]
Definition: x509_common.c:79
RSASSA_PKCS1_V1_5_WITH_SHA3_384_OID
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_384_OID[9]
Definition: rsa.c:83
X509_KP_CODE_SIGNING_OID
const uint8_t X509_KP_CODE_SIGNING_OID[8]
Definition: x509_common.c:150
oid.h
OID (Object Identifier)
sha3_224.h
SHA3-224 hash function (SHA-3 with 224-bit output)
sha1.h
SHA-1 (Secure Hash Algorithm 1)
sha3_384.h
SHA3-384 hash function (SHA-3 with 384-bit output)
TRUE
#define TRUE
Definition: os_port.h:50
RSASSA_PKCS1_V1_5_WITH_SHA3_224_OID
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_224_OID[9]
Definition: rsa.c:79
X509SignatureAlgoId::rsaPssParams
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:890
ECDSA_WITH_SHA3_512_OID
const uint8_t ECDSA_WITH_SHA3_512_OID[9]
Definition: ecdsa.c:61
EC_PUBLIC_KEY_OID
const uint8_t EC_PUBLIC_KEY_OID[7]
Definition: ec.c:47
X509_EXTENDED_KEY_USAGE_OID
const uint8_t X509_EXTENDED_KEY_USAGE_OID[3]
Definition: x509_common.c:134
X509_ANY_EXT_KEY_USAGE_OID
const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4]
Definition: x509_common.c:144
SECP224R1_OID
const uint8_t SECP224R1_OID[5]
Definition: ec_curves.c:68
BRAINPOOLP512R1_OID
const uint8_t BRAINPOOLP512R1_OID[9]
Definition: ec_curves.c:90
X509_INVALIDITY_DATE_OID
const uint8_t X509_INVALIDITY_DATE_OID[3]
Definition: x509_common.c:114
SECP160K1_OID
const uint8_t SECP160K1_OID[5]
Definition: ec_curves.c:56
sha512.h
SHA-512 (Secure Hash Algorithm 512)
X509_POLICY_CONSTRAINTS_OID
const uint8_t X509_POLICY_CONSTRAINTS_OID[3]
Definition: x509_common.c:132
SECP256K1_OID
const uint8_t SECP256K1_OID[5]
Definition: ec_curves.c:70
ECDSA_WITH_SHA3_256_OID
const uint8_t ECDSA_WITH_SHA3_256_OID[9]
Definition: ecdsa.c:57
X509_KEY_USAGE_OID
const uint8_t X509_KEY_USAGE_OID[3]
Definition: x509_common.c:102
X509_KP_TIME_STAMPING_OID
const uint8_t X509_KP_TIME_STAMPING_OID[8]
Definition: x509_common.c:154
X509_CHALLENGE_PASSWORD_OID
const uint8_t X509_CHALLENGE_PASSWORD_OID[9]
Definition: x509_common.c:159
X509_EXTENSION_REQUEST_OID
const uint8_t X509_EXTENSION_REQUEST_OID[9]
Definition: x509_common.c:161
x509GetSignHashAlgo
error_t x509GetSignHashAlgo(const X509SignatureAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
Definition: x509_common.c:337
BRAINPOOLP384R1_OID
const uint8_t BRAINPOOLP384R1_OID[9]
Definition: ec_curves.c:88
X509_ISSUING_DISTR_POINT_OID
const uint8_t X509_ISSUING_DISTR_POINT_OID[3]
Definition: x509_common.c:118
X509_NAME_CONSTRAINTS_OID
const uint8_t X509_NAME_CONSTRAINTS_OID[3]
Definition: x509_common.c:122
RSASSA_PSS_OID
const uint8_t RSASSA_PSS_OID[9]
Definition: rsa.c:88
X509_KP_OCSP_SIGNING_OID
const uint8_t X509_KP_OCSP_SIGNING_OID[8]
Definition: x509_common.c:156
X509_COUNTRY_NAME_OID
const uint8_t X509_COUNTRY_NAME_OID[3]
Definition: x509_common.c:73
ECDSA_WITH_SHA256_OID
const uint8_t ECDSA_WITH_SHA256_OID[8]
Definition: ecdsa.c:49
BRAINPOOLP320R1_OID
const uint8_t BRAINPOOLP320R1_OID[9]
Definition: ec_curves.c:86
SECP256R1_OID
const uint8_t SECP256R1_OID[8]
Definition: ec_curves.c:72
oidComp
int_t oidComp(const uint8_t *oid1, size_t oidLen1, const uint8_t *oid2, size_t oidLen2)
Compare object identifiers.
Definition: oid.c:101
X509_INHIBIT_ANY_POLICY_OID
const uint8_t X509_INHIBIT_ANY_POLICY_OID[3]
Definition: x509_common.c:138
DSA_WITH_SHA3_512_OID
const uint8_t DSA_WITH_SHA3_512_OID[9]
Definition: dsa.c:69
X509_PSEUDONYM_OID
const uint8_t X509_PSEUDONYM_OID[3]
Definition: x509_common.c:95
SECP224K1_OID
const uint8_t SECP224K1_OID[5]
Definition: ec_curves.c:66
X509_DELTA_CRL_INDICATOR_OID
const uint8_t X509_DELTA_CRL_INDICATOR_OID[3]
Definition: x509_common.c:116
DSA_OID
const uint8_t DSA_OID[7]
Definition: dsa.c:51
X509_BASIC_CONSTRAINTS_OID
const uint8_t X509_BASIC_CONSTRAINTS_OID[3]
Definition: x509_common.c:108
RSASSA_PKCS1_V1_5_WITH_SHA3_256_OID
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_256_OID[9]
Definition: rsa.c:81
SHA3_224_HASH_ALGO
#define SHA3_224_HASH_ALGO
Definition: sha3_224.h:47
X509_TITLE_OID
const uint8_t X509_TITLE_OID[3]
Definition: x509_common.c:83
SHA256_OID
#define SHA256_OID
Definition: sha256.h:44
SHA384_WITH_RSA_ENCRYPTION_OID
const uint8_t SHA384_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:70
SECP112R1_OID
const uint8_t SECP112R1_OID[5]
Definition: ec_curves.c:48
SECP521R1_OID
const uint8_t SECP521R1_OID[5]
Definition: ec_curves.c:76
X509_KEY_TYPE_EC
Definition: x509_common.h:516
FALSE
#define FALSE
Definition: os_port.h:46
X509SignatureAlgo
X509SignatureAlgo
Signature algorithms.
Definition: x509_common.h:528
EcCurveInfo
Elliptic curve parameters.
Definition: ec_curves.h:292
BRAINPOOLP160R1_OID
const uint8_t BRAINPOOLP160R1_OID[9]
Definition: ec_curves.c:78
error_t
error_t
Error codes.
Definition: error.h:42
DSA_WITH_SHA3_256_OID
const uint8_t DSA_WITH_SHA3_256_OID[9]
Definition: dsa.c:65
X509_INITIALS_OID
const uint8_t X509_INITIALS_OID[3]
Definition: x509_common.c:89
DSA_WITH_SHA384_OID
const uint8_t DSA_WITH_SHA384_OID[9]
Definition: dsa.c:59
X509_DN_QUALIFIER_OID
const uint8_t X509_DN_QUALIFIER_OID[3]
Definition: x509_common.c:93
X509_SIGN_ALGO_ECDSA
Definition: x509_common.h:534
X509_HASH_ALGO_NONE
Definition: x509_common.h:546
X509_LOCALITY_NAME_OID
const uint8_t X509_LOCALITY_NAME_OID[3]
Definition: x509_common.c:75
MD5_HASH_ALGO
#define MD5_HASH_ALGO
Definition: md5.h:46
X509_REASON_CODE_OID
const uint8_t X509_REASON_CODE_OID[3]
Definition: x509_common.c:112
X509_KP_EMAIL_PROTECTION_OID
const uint8_t X509_KP_EMAIL_PROTECTION_OID[8]
Definition: x509_common.c:152
X509_SERIAL_NUMBER_OID
const uint8_t X509_SERIAL_NUMBER_OID[3]
Definition: x509_common.c:71
ECDSA_WITH_SHA384_OID
const uint8_t ECDSA_WITH_SHA384_OID[8]
Definition: ecdsa.c:51
X509_AUTHORITY_KEY_ID_OID
const uint8_t X509_AUTHORITY_KEY_ID_OID[3]
Definition: x509_common.c:130
X509_HASH_ALGO_SHA1
Definition: x509_common.h:548
DSA_WITH_SHA512_OID
const uint8_t DSA_WITH_SHA512_OID[9]
Definition: dsa.c:61
X509_COMMON_NAME_OID
const uint8_t X509_COMMON_NAME_OID[3]
Definition: x509_common.c:67
crypto.h
General definitions for cryptographic algorithms.
rsa.h
RSA public-key cryptography standard.
oid
uint8_t oid[1]
Definition: mib_common.h:186
X509_HASH_ALGO_SHA3_224
Definition: x509_common.h:553
dsa.h
DSA (Digital Signature Algorithm)
SECP128R2_OID
const uint8_t SECP128R2_OID[5]
Definition: ec_curves.c:54
SECP160R1_OID
const uint8_t SECP160R1_OID[5]
Definition: ec_curves.c:58
X509_KEY_TYPE_RSA_PSS
Definition: x509_common.h:514
X509_HASH_ALGO_SHA224
Definition: x509_common.h:549
X509_CRL_NUMBER_OID
const uint8_t X509_CRL_NUMBER_OID[3]
Definition: x509_common.c:110
sha384.h
SHA-384 (Secure Hash Algorithm 384)
X509_CERTIFICATE_ISSUER_OID
const uint8_t X509_CERTIFICATE_ISSUER_OID[3]
Definition: x509_common.c:120
ECDSA_WITH_SHA3_224_OID
const uint8_t ECDSA_WITH_SHA3_224_OID[9]
Definition: ecdsa.c:55
X509HashAlgo
X509HashAlgo
Hash algorithms.
Definition: x509_common.h:544
X509_KP_CLIENT_AUTH_OID
const uint8_t X509_KP_CLIENT_AUTH_OID[8]
Definition: x509_common.c:148
ECDSA_WITH_SHA1_OID
const uint8_t ECDSA_WITH_SHA1_OID[7]
Definition: ecdsa.c:45
ECDSA_WITH_SHA224_OID
const uint8_t ECDSA_WITH_SHA224_OID[8]
Definition: ecdsa.c:47
X509_SIGN_ALGO_RSA
Definition: x509_common.h:531
X509_CRL_DISTR_POINTS_OID
const uint8_t X509_CRL_DISTR_POINTS_OID[3]
Definition: x509_common.c:124
SHA256_WITH_RSA_ENCRYPTION_OID
const uint8_t SHA256_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:68
SECP192R1_OID
const uint8_t SECP192R1_OID[8]
Definition: ec_curves.c:64
ED448_OID
const uint8_t ED448_OID[3]
Definition: ec_curves.c:98
ECDSA_WITH_SHA512_OID
const uint8_t ECDSA_WITH_SHA512_OID[8]
Definition: ecdsa.c:53
SECP384R1_OID
const uint8_t SECP384R1_OID[5]
Definition: ec_curves.c:74
ED25519_OID
const uint8_t ED25519_OID[3]
Definition: ec_curves.c:96
RSA_ENCRYPTION_OID
const uint8_t RSA_ENCRYPTION_OID[9]
Definition: rsa.c:57
X448_OID
const uint8_t X448_OID[3]
Definition: ec_curves.c:94
DSA_WITH_SHA3_384_OID
const uint8_t DSA_WITH_SHA3_384_OID[9]
Definition: dsa.c:67
X509_HASH_ALGO_SHA3_512
Definition: x509_common.h:556
SHA3_512_OID
#define SHA3_512_OID
Definition: sha3_512.h:45
SHA384_HASH_ALGO
#define SHA384_HASH_ALGO
Definition: sha384.h:47
SECP192K1_OID
const uint8_t SECP192K1_OID[5]
Definition: ec_curves.c:62
sha256.h
SHA-256 (Secure Hash Algorithm 256)
DSA_WITH_SHA3_224_OID
const uint8_t DSA_WITH_SHA3_224_OID[9]
Definition: dsa.c:63
X509_HASH_ALGO_MD5
Definition: x509_common.h:547
SHA3_256_HASH_ALGO
#define SHA3_256_HASH_ALGO
Definition: sha3_256.h:47
X509_FRESHEST_CRL_OID
const uint8_t X509_FRESHEST_CRL_OID[3]
Definition: x509_common.c:136
SECP112R2_OID
const uint8_t SECP112R2_OID[5]
Definition: ec_curves.c:50
X509_SIGN_ALGO_RSA_PSS
Definition: x509_common.h:532
X509_KEY_TYPE_ED448
Definition: x509_common.h:520
X509_HASH_ALGO_SHA3_256
Definition: x509_common.h:554
X509_HASH_ALGO_SHA3_384
Definition: x509_common.h:555
X509_NAME_OID
const uint8_t X509_NAME_OID[3]
Definition: x509_common.c:85
ECDSA_WITH_SHA3_384_OID
const uint8_t ECDSA_WITH_SHA3_384_OID[9]
Definition: ecdsa.c:59
X509_HASH_ALGO_SHA512
Definition: x509_common.h:552
md5.h
MD5 (Message-Digest Algorithm)
X509_NS_CERT_TYPE_OID
const uint8_t X509_NS_CERT_TYPE_OID[9]
Definition: x509_common.c:141
X509_KEY_TYPE_DSA
Definition: x509_common.h:515
SHA1_OID
#define SHA1_OID
Definition: sha1.h:44
SHA224_OID
#define SHA224_OID
Definition: sha224.h:45
BRAINPOOLP224R1_OID
const uint8_t BRAINPOOLP224R1_OID[9]
Definition: ec_curves.c:82
DSA_WITH_SHA1_OID
const uint8_t DSA_WITH_SHA1_OID[7]
Definition: dsa.c:53
DSA_WITH_SHA256_OID
const uint8_t DSA_WITH_SHA256_OID[9]
Definition: dsa.c:57
X509_GENERATION_QUALIFIER_OID
const uint8_t X509_GENERATION_QUALIFIER_OID[3]
Definition: x509_common.c:91
X509_HASH_ALGO_SHA384
Definition: x509_common.h:551
X509_HASH_ALGO_SHA256
Definition: x509_common.h:550
BRAINPOOLP192R1_OID
const uint8_t BRAINPOOLP192R1_OID[9]
Definition: ec_curves.c:80
X509_ORGANIZATIONAL_UNIT_NAME_OID
const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3]
Definition: x509_common.c:81
SECP160R2_OID
const uint8_t SECP160R2_OID[5]
Definition: ec_curves.c:60
X509_SURNAME_OID
const uint8_t X509_SURNAME_OID[3]
Definition: x509_common.c:69
SHA224_HASH_ALGO
#define SHA224_HASH_ALGO
Definition: sha224.h:47
SHA224_WITH_RSA_ENCRYPTION_OID
const uint8_t SHA224_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:66
X509_GIVEN_NAME_OID
const uint8_t X509_GIVEN_NAME_OID[3]
Definition: x509_common.c:87
X509_SUBJECT_KEY_ID_OID
const uint8_t X509_SUBJECT_KEY_ID_OID[3]
Definition: x509_common.c:100
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1062
X509_KEY_TYPE_UNKNOWN
Definition: x509_common.h:512
X509_SIGN_ALGO_ED25519
Definition: x509_common.h:535
X509_KEY_TYPE_ED25519
Definition: x509_common.h:518
X509KeyType
X509KeyType
Public Key types.
Definition: x509_common.h:510
sha3_256.h
SHA3-256 hash function (SHA-3 with 256-bit output)
X509_SIGN_ALGO_NONE
Definition: x509_common.h:530
x509GetPublicKeyType
X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length)
Get the public key type that matches the specified OID.
Definition: x509_common.c:779
X509_STATE_OR_PROVINCE_NAME_OID
const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[]
Definition: x509_common.c:77
SHA3_256_OID
#define SHA3_256_OID
Definition: sha3_256.h:45
SHA384_OID
#define SHA384_OID
Definition: sha384.h:45
SHA1_WITH_RSA_ENCRYPTION_OID
const uint8_t SHA1_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:64
SHA3_384_HASH_ALGO
#define SHA3_384_HASH_ALGO
Definition: sha3_384.h:47
NO_ERROR
Success.
Definition: error.h:44
SECP128R1_OID
const uint8_t SECP128R1_OID[5]
Definition: ec_curves.c:52
debug.h
Debugging facilities.
X509_KEY_TYPE_X25519
Definition: x509_common.h:517
asn1.h
ASN.1 (Abstract Syntax Notation One)
X509_SIGN_ALGO_DSA
Definition: x509_common.h:533
X509RsaPssParameters::hashAlgo
const uint8_t * hashAlgo
Definition: x509_common.h:871
X509_SIGN_ALGO_ED448
Definition: x509_common.h:536
BRAINPOOLP256R1_OID
const uint8_t BRAINPOOLP256R1_OID[9]
Definition: ec_curves.c:84
sha224.h
SHA-224 (Secure Hash Algorithm 224)