x509_common.c
Go to the documentation of this file.
1 /**
2  * @file x509_common.c
3  * @brief X.509 common definitions
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneCrypto Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @author Oryx Embedded SARL (www.oryx-embedded.com)
26  * @version 1.9.0
27  **/
28 
29 //Switch to the appropriate trace level
30 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
31 
32 //Dependencies
33 #include "core/crypto.h"
35 #include "encoding/oid.h"
36 #include "pkc/rsa.h"
37 #include "pkc/dsa.h"
38 #include "hash/md5.h"
39 #include "hash/sha1.h"
40 #include "hash/sha224.h"
41 #include "hash/sha256.h"
42 #include "hash/sha384.h"
43 #include "hash/sha512.h"
44 #include "debug.h"
45 
46 //SHA-3 dependencies
47 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
48  #include "hash/sha3_224.h"
49 #endif
50 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
51  #include "hash/sha3_256.h"
52 #endif
53 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
54  #include "hash/sha3_384.h"
55 #endif
56 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
57  #include "hash/sha3_512.h"
58 #endif
59 
60 //Check crypto library configuration
61 #if (X509_SUPPORT == ENABLED)
62 
63 //Common Name OID (2.5.4.3)
64 const uint8_t X509_COMMON_NAME_OID[3] = {0x55, 0x04, 0x03};
65 //Surname OID (2.5.4.4)
66 const uint8_t X509_SURNAME_OID[3] = {0x55, 0x04, 0x04};
67 //Serial Number OID (2.5.4.5)
68 const uint8_t X509_SERIAL_NUMBER_OID[3] = {0x55, 0x04, 0x05};
69 //Country Name OID (2.5.4.6)
70 const uint8_t X509_COUNTRY_NAME_OID[3] = {0x55, 0x04, 0x06};
71 //Locality Name OID (2.5.4.7)
72 const uint8_t X509_LOCALITY_NAME_OID[3] = {0x55, 0x04, 0x07};
73 //State Or Province Name OID (2.5.4.8)
74 const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[] = {0x55, 0x04, 0x08};
75 //Organization Name OID (2.5.4.10)
76 const uint8_t X509_ORGANIZATION_NAME_OID[3] = {0x55, 0x04, 0x0A};
77 //Organizational Unit Name OID (2.5.4.11)
78 const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3] = {0x55, 0x04, 0x0B};
79 //Title OID (2.5.4.12)
80 const uint8_t X509_TITLE_OID[3] = {0x55, 0x04, 0x0C};
81 //Name OID (2.5.4.41)
82 const uint8_t X509_NAME_OID[3] = {0x55, 0x04, 0x29};
83 //Given Name OID (2.5.4.42)
84 const uint8_t X509_GIVEN_NAME_OID[3] = {0x55, 0x04, 0x2A};
85 //Initials OID (2.5.4.43)
86 const uint8_t X509_INITIALS_OID[3] = {0x55, 0x04, 0x2B};
87 //Generation Qualifier OID (2.5.4.44)
88 const uint8_t X509_GENERATION_QUALIFIER_OID[3] = {0x55, 0x04, 0x2C};
89 //DN Qualifier OID (2.5.4.46)
90 const uint8_t X509_DN_QUALIFIER_OID[3] = {0x55, 0x04, 0x2E};
91 //Pseudonym OID (2.5.4.65)
92 const uint8_t X509_PSEUDONYM_OID[3] = {0x55, 0x04, 0x41};
93 
94 //Subject Directory Attributes OID (2.5.29.9)
95 const uint8_t X509_SUBJECT_DIRECTORY_ATTR_OID[3] = {0x55, 0x1D, 0x09};
96 //Subject Key Identifier OID (2.5.29.14)
97 const uint8_t X509_SUBJECT_KEY_ID_OID[3] = {0x55, 0x1D, 0x0E};
98 //Key Usage OID (2.5.29.15)
99 const uint8_t X509_KEY_USAGE_OID[3] = {0x55, 0x1D, 0x0F};
100 //Subject Alternative Name OID (2.5.29.17)
101 const uint8_t X509_SUBJECT_ALT_NAME_OID[3] = {0x55, 0x1D, 0x11};
102 //Issuer Alternative Name OID (2.5.29.18)
103 const uint8_t X509_ISSUER_ALT_NAME_OID[3] = {0x55, 0x1D, 0x12};
104 //Basic Constraints OID (2.5.29.19)
105 const uint8_t X509_BASIC_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x13};
106 //Name Constraints OID (2.5.29.30)
107 const uint8_t X509_NAME_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x1E};
108 //CRL Distribution Points OID (2.5.29.31)
109 const uint8_t X509_CRL_DISTR_POINTS_OID[3] = {0x55, 0x1D, 0x1F};
110 //Certificate Policies OID (2.5.29.32)
111 const uint8_t X509_CERTIFICATE_POLICIES_OID[3] = {0x55, 0x1D, 0x20};
112 //Policy Mappings OID (2.5.29.33)
113 const uint8_t X509_POLICY_MAPPINGS_OID[3] = {0x55, 0x1D, 0x21};
114 //Authority Key Identifier OID (2.5.29.35)
115 const uint8_t X509_AUTHORITY_KEY_ID_OID[3] = {0x55, 0x1D, 0x23};
116 //Policy Constraints OID (2.5.29.36)
117 const uint8_t X509_POLICY_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x24};
118 //Extended Key Usage OID (2.5.29.37)
119 const uint8_t X509_EXTENDED_KEY_USAGE_OID[3] = {0x55, 0x1D, 0x25};
120 //Freshest CRL OID (2.5.29.46)
121 const uint8_t X509_FRESHEST_CRL_OID[3] = {0x55, 0x1D, 0x2E};
122 //Inhibit Any-Policy OID (2.5.29.54)
123 const uint8_t X509_INHIBIT_ANY_POLICY_OID[3] = {0x55, 0x1D, 0x36};
124 
125 //Netscape Certificate Type OID (2.16.840.1.113730.1.1)
126 const uint8_t X509_NS_CERT_TYPE_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x01};
127 
128 //Any Extended Key Usage OID (2.5.29.37.0)
129 const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4] = {0x55, 0x1D, 0x25, 0x00};
130 //Key Purpose Server Auth OID (1.3.6.1.5.5.7.3.1)
131 const uint8_t X509_KP_SERVER_AUTH_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01};
132 //Key Purpose Client Auth OID (1.3.6.1.5.5.7.3.2)
133 const uint8_t X509_KP_CLIENT_AUTH_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02};
134 //Key Purpose Code Signing OID (1.3.6.1.5.5.7.3.3)
135 const uint8_t X509_KP_CODE_SIGNING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03};
136 //Key Purpose Email Protection OID (1.3.6.1.5.5.7.3.4)
137 const uint8_t X509_KP_EMAIL_PROTECTION_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04};
138 //Key Purpose Time Stamping OID (1.3.6.1.5.5.7.3.8)
139 const uint8_t X509_KP_TIME_STAMPING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08};
140 //Key Purpose OCSP Signing OID (1.3.6.1.5.5.7.3.9)
141 const uint8_t X509_KP_OCSP_SIGNING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09};
142 
143 
144 /**
145  * @brief Convert string to integer
146  * @param[in] data String containing the representation of an integral number
147  * @param[in] length Length of the string
148  * @param[out] value On success, the function returns the converted integral number
149  * @return Error code
150  **/
151 
152 error_t x509ReadInt(const uint8_t *data, size_t length, uint_t *value)
153 {
154  //Initialize integer value
155  *value = 0;
156 
157  //Parse the string
158  while(length > 0)
159  {
160  //Check whether the character is decimal digit
161  if(!cryptoIsdigit(*data))
162  return ERROR_FAILURE;
163 
164  //Convert the string to integer
165  *value = *value * 10 + (*data - '0');
166 
167  //Next character
168  data++;
169  length--;
170  }
171 
172  //Successful processing
173  return NO_ERROR;
174 }
175 
176 
177 /**
178  * @brief Read a RSA public key
179  * @param[in] subjectPublicKeyInfo Pointer to the SubjectPublicKeyInfo structure
180  * @param[out] key RSA public key
181  * @return Error code
182  **/
183 
185  RsaPublicKey *key)
186 {
187 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
188  error_t error;
189 
190  //The certificate shall contain a valid RSA public key
191  if(subjectPublicKeyInfo->rsaPublicKey.n == NULL ||
192  subjectPublicKeyInfo->rsaPublicKey.e == NULL)
193  {
194  //Report an error
195  return ERROR_INVALID_KEY;
196  }
197 
198  //Convert the modulus to a big number
199  error = mpiReadRaw(&key->n, subjectPublicKeyInfo->rsaPublicKey.n,
200  subjectPublicKeyInfo->rsaPublicKey.nLen);
201  //Convertion failed?
202  if(error)
203  return error;
204 
205  //Convert the public exponent to a big number
206  error = mpiReadRaw(&key->e, subjectPublicKeyInfo->rsaPublicKey.e,
207  subjectPublicKeyInfo->rsaPublicKey.eLen);
208  //Convertion failed?
209  if(error)
210  return error;
211 
212  //Debug message
213  TRACE_DEBUG("RSA public key:\r\n");
214  TRACE_DEBUG(" Modulus:\r\n");
215  TRACE_DEBUG_MPI(" ", &key->n);
216  TRACE_DEBUG(" Public exponent:\r\n");
217  TRACE_DEBUG_MPI(" ", &key->e);
218 
219  //Successful processing
220  return NO_ERROR;
221 #else
222  //Not implemented
223  return ERROR_NOT_IMPLEMENTED;
224 #endif
225 }
226 
227 
228 /**
229  * @brief Read a DSA public key
230  * @param[in] subjectPublicKeyInfo Pointer to the SubjectPublicKeyInfo structure
231  * @param[out] key DSA public key
232  * @return Error code
233  **/
234 
236  DsaPublicKey *key)
237 {
238 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
239  error_t error;
240 
241  //The certificate shall contain a valid DSA public key
242  if(subjectPublicKeyInfo->dsaParams.p == NULL ||
243  subjectPublicKeyInfo->dsaParams.q == NULL ||
244  subjectPublicKeyInfo->dsaParams.g == NULL ||
245  subjectPublicKeyInfo->dsaPublicKey.y == NULL)
246  {
247  //Report an error
248  return ERROR_INVALID_KEY;
249  }
250 
251  //Convert the parameter p to a big number
252  error = mpiReadRaw(&key->p, subjectPublicKeyInfo->dsaParams.p,
253  subjectPublicKeyInfo->dsaParams.pLen);
254  //Convertion failed?
255  if(error)
256  return error;
257 
258  //Convert the parameter q to a big number
259  error = mpiReadRaw(&key->q, subjectPublicKeyInfo->dsaParams.q,
260  subjectPublicKeyInfo->dsaParams.qLen);
261  //Convertion failed?
262  if(error)
263  return error;
264 
265  //Convert the parameter g to a big number
266  error = mpiReadRaw(&key->g, subjectPublicKeyInfo->dsaParams.g,
267  subjectPublicKeyInfo->dsaParams.gLen);
268  //Convertion failed?
269  if(error)
270  return error;
271 
272  //Convert the public value to a big number
273  error = mpiReadRaw(&key->y, subjectPublicKeyInfo->dsaPublicKey.y,
274  subjectPublicKeyInfo->dsaPublicKey.yLen);
275  //Convertion failed?
276  if(error)
277  return error;
278 
279  //Debug message
280  TRACE_DEBUG("DSA public key:\r\n");
281  TRACE_DEBUG(" Parameter p:\r\n");
282  TRACE_DEBUG_MPI(" ", &key->p);
283  TRACE_DEBUG(" Parameter q:\r\n");
284  TRACE_DEBUG_MPI(" ", &key->q);
285  TRACE_DEBUG(" Parameter g:\r\n");
286  TRACE_DEBUG_MPI(" ", &key->g);
287  TRACE_DEBUG(" Public value y:\r\n");
288  TRACE_DEBUG_MPI(" ", &key->y);
289 
290  //Successful processing
291  return NO_ERROR;
292 #else
293  //Not implemented
294  return ERROR_NOT_IMPLEMENTED;
295 #endif
296 }
297 
298 
299 /**
300  * @brief Check whether a given signature algorithm is supported
301  * @param[in] signAlgo signature algorithm
302  * @return TRUE is the signature algorithm is supported, else FALSE
303  **/
304 
306 {
307  bool_t acceptable;
308 
309  //Invalid signature algorithm?
310  if(signAlgo == X509_SIGN_ALGO_NONE)
311  {
312  acceptable = FALSE;
313  }
314 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
315  //RSA signature algorithm?
316  else if(signAlgo == X509_SIGN_ALGO_RSA)
317  {
318  acceptable = TRUE;
319  }
320 #endif
321 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
322  //RSA-PSS signature algorithm?
323  else if(signAlgo == X509_SIGN_ALGO_RSA_PSS)
324  {
325  acceptable = TRUE;
326  }
327 #endif
328 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
329  //DSA signature algorithm?
330  else if(signAlgo == X509_SIGN_ALGO_DSA)
331  {
332  acceptable = TRUE;
333  }
334 #endif
335 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
336  //ECDSA signature algorithm?
337  else if(signAlgo == X509_SIGN_ALGO_ECDSA)
338  {
339  acceptable = TRUE;
340  }
341 #endif
342 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
343  //Ed25519 signature algorithm?
344  else if(signAlgo == X509_SIGN_ALGO_ED25519)
345  {
346  acceptable = TRUE;
347  }
348 #endif
349 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
350  //Ed448 signature algorithm?
351  else if(signAlgo == X509_SIGN_ALGO_ED448)
352  {
353  acceptable = TRUE;
354  }
355 #endif
356  //Invalid signature algorithm?
357  else
358  {
359  acceptable = FALSE;
360  }
361 
362  //Return TRUE is the signature algorithm is supported
363  return acceptable;
364 }
365 
366 
367 /**
368  * @brief Check whether a given hash algorithm is supported
369  * @param[in] hashAlgo signature hash
370  * @return TRUE is the signature hash is supported, else FALSE
371  **/
372 
374 {
375  bool_t acceptable;
376 
377  //Invalid hash algorithm?
378  if(hashAlgo == X509_HASH_ALGO_NONE)
379  {
380  acceptable = FALSE;
381  }
382 #if (X509_MD5_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
383  //MD5 hash algorithm?
384  else if(hashAlgo == X509_HASH_ALGO_MD5)
385  {
386  acceptable = TRUE;
387  }
388 #endif
389 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
390  //SHA-1 hash algorithm?
391  else if(hashAlgo == X509_HASH_ALGO_SHA1)
392  {
393  acceptable = TRUE;
394  }
395 #endif
396 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
397  //SHA-224 hash algorithm?
398  else if(hashAlgo == X509_HASH_ALGO_SHA224)
399  {
400  acceptable = TRUE;
401  }
402 #endif
403 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
404  //SHA-256 hash algorithm?
405  else if(hashAlgo == X509_HASH_ALGO_SHA256)
406  {
407  acceptable = TRUE;
408  }
409 #endif
410 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
411  //SHA-384 hash algorithm?
412  else if(hashAlgo == X509_HASH_ALGO_SHA384)
413  {
414  acceptable = TRUE;
415  }
416 #endif
417 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
418  //SHA-512 hash algorithm?
419  else if(hashAlgo == X509_HASH_ALGO_SHA512)
420  {
421  acceptable = TRUE;
422  }
423 #endif
424 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
425  //SHA3-224 hash algorithm?
426  else if(hashAlgo == X509_HASH_ALGO_SHA3_224)
427  {
428  acceptable = TRUE;
429  }
430 #endif
431 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
432  //SHA3-256 hash algorithm?
433  else if(hashAlgo == X509_HASH_ALGO_SHA3_256)
434  {
435  acceptable = TRUE;
436  }
437 #endif
438 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
439  //SHA3-384 hash algorithm?
440  else if(hashAlgo == X509_HASH_ALGO_SHA3_384)
441  {
442  acceptable = TRUE;
443  }
444 #endif
445 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
446  //SHA3-512 hash algorithm?
447  else if(hashAlgo == X509_HASH_ALGO_SHA3_512)
448  {
449  acceptable = TRUE;
450  }
451 #endif
452  //Invalid hash algorithm?
453  else
454  {
455  acceptable = FALSE;
456  }
457 
458  //Return TRUE is the hash algorithm is supported
459  return acceptable;
460 }
461 
462 
463 /**
464  * @brief Get the signature and hash algorithms that match the specified
465  * identifier
466  * @param[in] signAlgoId Signature algorithm identifier
467  * @param[out] signAlgo Signature algorithm
468  * @param[out] hashAlgo Hash algorithm
469  * @return Error code
470  **/
471 
473  X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
474 {
475  error_t error;
476  size_t oidLen;
477  const uint8_t *oid;
478 
479  //Initialize status code
480  error = NO_ERROR;
481 
482  //Point to the object identifier
483  oid = signAlgoId->oid;
484  oidLen = signAlgoId->oidLen;
485 
486  //Check the OID against registered objects
487 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
488 #if (X509_MD5_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
491  {
492  //RSA with MD5 signature algorithm
493  *signAlgo = X509_SIGN_ALGO_RSA;
494  *hashAlgo = MD5_HASH_ALGO;
495  }
496  else
497 #endif
498 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
501  {
502  //RSA with SHA-1 signature algorithm
503  *signAlgo = X509_SIGN_ALGO_RSA;
504  *hashAlgo = SHA1_HASH_ALGO;
505  }
506  else
507 #endif
508 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
511  {
512  //RSA with SHA-256 signature algorithm
513  *signAlgo = X509_SIGN_ALGO_RSA;
514  *hashAlgo = SHA256_HASH_ALGO;
515  }
516  else
517 #endif
518 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
521  {
522  //RSA with SHA-384 signature algorithm
523  *signAlgo = X509_SIGN_ALGO_RSA;
524  *hashAlgo = SHA384_HASH_ALGO;
525  }
526  else
527 #endif
528 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
531  {
532  //RSA with SHA-512 signature algorithm
533  *signAlgo = X509_SIGN_ALGO_RSA;
534  *hashAlgo = SHA512_HASH_ALGO;
535  }
536  else
537 #endif
538 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
541  {
542  //RSA with SHA3-224 signature algorithm
543  *signAlgo = X509_SIGN_ALGO_RSA;
544  *hashAlgo = SHA3_224_HASH_ALGO;
545  }
546  else
547 #endif
548 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
551  {
552  //RSA with SHA3-256 signature algorithm
553  *signAlgo = X509_SIGN_ALGO_RSA;
554  *hashAlgo = SHA3_256_HASH_ALGO;
555  }
556  else
557 #endif
558 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
561  {
562  //RSA with SHA3-384 signature algorithm
563  *signAlgo = X509_SIGN_ALGO_RSA;
564  *hashAlgo = SHA3_384_HASH_ALGO;
565  }
566  else
567 #endif
568 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
571  {
572  //RSA with SHA3-512 signature algorithm
573  *signAlgo = X509_SIGN_ALGO_RSA;
574  *hashAlgo = SHA3_512_HASH_ALGO;
575  }
576  else
577 #endif
578 #endif
579 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
580  if(!oidComp(oid, oidLen, RSASSA_PSS_OID,
581  sizeof(RSASSA_PSS_OID)))
582  {
583  //Get the OID of the hash algorithm
584  oid = signAlgoId->rsaPssParams.hashAlgo;
585  oidLen = signAlgoId->rsaPssParams.hashAlgoLen;
586 
587 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
588  //SHA-256 hash algorithm identifier?
589  if(!oidComp(oid, oidLen, SHA256_OID, sizeof(SHA256_OID)))
590  {
591  //RSA-PSS with SHA-256 signature algorithm
592  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
593  *hashAlgo = SHA256_HASH_ALGO;
594  }
595  else
596 #endif
597 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
598  //SHA-384 hash algorithm identifier?
599  if(!oidComp(oid, oidLen, SHA384_OID, sizeof(SHA384_OID)))
600  {
601  //RSA-PSS with SHA-384 signature algorithm
602  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
603  *hashAlgo = SHA384_HASH_ALGO;
604  }
605  else
606 #endif
607 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
608  //SHA-512 hash algorithm identifier?
609  if(!oidComp(oid, oidLen, SHA512_OID, sizeof(SHA512_OID)))
610  {
611  //RSA-PSS with SHA-512 signature algorithm
612  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
613  *hashAlgo = SHA512_HASH_ALGO;
614  }
615  else
616 #endif
617  //Unknown hash algorithm identifier?
618  {
619  //The specified signature algorithm is not supported
621  }
622  }
623  else
624 #endif
625 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
626 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
627  if(!oidComp(oid, oidLen, DSA_WITH_SHA1_OID,
628  sizeof(DSA_WITH_SHA1_OID)))
629  {
630  //DSA with SHA-1 signature algorithm
631  *signAlgo = X509_SIGN_ALGO_DSA;
632  *hashAlgo = SHA1_HASH_ALGO;
633  }
634  else
635 #endif
636 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
637  if(!oidComp(oid, oidLen, DSA_WITH_SHA224_OID,
638  sizeof(DSA_WITH_SHA224_OID)))
639  {
640  //DSA with SHA-224 signature algorithm
641  *signAlgo = X509_SIGN_ALGO_DSA;
642  *hashAlgo = SHA224_HASH_ALGO;
643  }
644  else
645 #endif
646 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
647  if(!oidComp(oid, oidLen, DSA_WITH_SHA256_OID,
648  sizeof(DSA_WITH_SHA256_OID)))
649  {
650  //DSA with SHA-256 signature algorithm
651  *signAlgo = X509_SIGN_ALGO_DSA;
652  *hashAlgo = SHA256_HASH_ALGO;
653  }
654  else
655 #endif
656 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
657  if(!oidComp(oid, oidLen, DSA_WITH_SHA384_OID,
658  sizeof(DSA_WITH_SHA384_OID)))
659  {
660  //DSA with SHA-384 signature algorithm
661  *signAlgo = X509_SIGN_ALGO_DSA;
662  *hashAlgo = SHA384_HASH_ALGO;
663  }
664  else
665 #endif
666 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
667  if(!oidComp(oid, oidLen, DSA_WITH_SHA512_OID,
668  sizeof(DSA_WITH_SHA512_OID)))
669  {
670  //DSA with SHA-512 signature algorithm
671  *signAlgo = X509_SIGN_ALGO_DSA;
672  *hashAlgo = SHA512_HASH_ALGO;
673  }
674  else
675 #endif
676 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
677  if(!oidComp(oid, oidLen, DSA_WITH_SHA3_224_OID,
678  sizeof(DSA_WITH_SHA3_224_OID)))
679  {
680  //DSA with SHA3-224 signature algorithm
681  *signAlgo = X509_SIGN_ALGO_DSA;
682  *hashAlgo = SHA3_224_HASH_ALGO;
683  }
684  else
685 #endif
686 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
687  if(!oidComp(oid, oidLen, DSA_WITH_SHA3_256_OID,
688  sizeof(DSA_WITH_SHA3_256_OID)))
689  {
690  //DSA with SHA3-256 signature algorithm
691  *signAlgo = X509_SIGN_ALGO_DSA;
692  *hashAlgo = SHA3_256_HASH_ALGO;
693  }
694  else
695 #endif
696 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
697  if(!oidComp(oid, oidLen, DSA_WITH_SHA3_384_OID,
698  sizeof(DSA_WITH_SHA3_384_OID)))
699  {
700  //DSA with SHA3-384 signature algorithm
701  *signAlgo = X509_SIGN_ALGO_DSA;
702  *hashAlgo = SHA3_384_HASH_ALGO;
703  }
704  else
705 #endif
706 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
707  if(!oidComp(oid, oidLen, DSA_WITH_SHA3_512_OID,
708  sizeof(DSA_WITH_SHA3_512_OID)))
709  {
710  //DSA with SHA3-512 signature algorithm
711  *signAlgo = X509_SIGN_ALGO_DSA;
712  *hashAlgo = SHA3_512_HASH_ALGO;
713  }
714  else
715 #endif
716 #endif
717 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
718 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
719  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA1_OID,
720  sizeof(ECDSA_WITH_SHA1_OID)))
721  {
722  //ECDSA with SHA-1 signature algorithm
723  *signAlgo = X509_SIGN_ALGO_ECDSA;
724  *hashAlgo = SHA1_HASH_ALGO;
725  }
726  else
727 #endif
728 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
729  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA224_OID,
730  sizeof(ECDSA_WITH_SHA224_OID)))
731  {
732  //ECDSA with SHA-224 signature algorithm
733  *signAlgo = X509_SIGN_ALGO_ECDSA;
734  *hashAlgo = SHA224_HASH_ALGO;
735  }
736  else
737 #endif
738 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
739  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA256_OID,
740  sizeof(ECDSA_WITH_SHA256_OID)))
741  {
742  //ECDSA with SHA-256 signature algorithm
743  *signAlgo = X509_SIGN_ALGO_ECDSA;
744  *hashAlgo = SHA256_HASH_ALGO;
745  }
746  else
747 #endif
748 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
749  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA384_OID,
750  sizeof(ECDSA_WITH_SHA384_OID)))
751  {
752  //ECDSA with SHA-384 signature algorithm
753  *signAlgo = X509_SIGN_ALGO_ECDSA;
754  *hashAlgo = SHA384_HASH_ALGO;
755  }
756  else
757 #endif
758 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
759  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA512_OID,
760  sizeof(ECDSA_WITH_SHA512_OID)))
761  {
762  //ECDSA with SHA-512 signature algorithm
763  *signAlgo = X509_SIGN_ALGO_ECDSA;
764  *hashAlgo = SHA512_HASH_ALGO;
765  }
766  else
767 #endif
768 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
769  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA3_224_OID,
770  sizeof(ECDSA_WITH_SHA3_224_OID)))
771  {
772  //ECDSA with SHA3-224 signature algorithm
773  *signAlgo = X509_SIGN_ALGO_ECDSA;
774  *hashAlgo = SHA3_224_HASH_ALGO;
775  }
776  else
777 #endif
778 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
779  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA3_256_OID,
780  sizeof(ECDSA_WITH_SHA3_256_OID)))
781  {
782  //ECDSA with SHA3-256 signature algorithm
783  *signAlgo = X509_SIGN_ALGO_ECDSA;
784  *hashAlgo = SHA3_256_HASH_ALGO;
785  }
786  else
787 #endif
788 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
789  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA3_384_OID,
790  sizeof(ECDSA_WITH_SHA3_384_OID)))
791  {
792  //ECDSA with SHA3-384 signature algorithm
793  *signAlgo = X509_SIGN_ALGO_ECDSA;
794  *hashAlgo = SHA3_384_HASH_ALGO;
795  }
796  else
797 #endif
798 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
799  if(!oidComp(oid, oidLen, ECDSA_WITH_SHA3_512_OID,
800  sizeof(ECDSA_WITH_SHA3_512_OID)))
801  {
802  //ECDSA with SHA3-512 signature algorithm
803  *signAlgo = X509_SIGN_ALGO_ECDSA;
804  *hashAlgo = SHA3_512_HASH_ALGO;
805  }
806  else
807 #endif
808 #endif
809 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
810  //Ed25519 algorithm identifier?
811  if(!oidComp(oid, oidLen, ED25519_OID, sizeof(ED25519_OID)))
812  {
813  //Ed25519 signature algorithm
814  *signAlgo = X509_SIGN_ALGO_ED25519;
815  *hashAlgo = NULL;
816  }
817  else
818 #endif
819 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
820  //Ed448 algorithm identifier?
821  if(!oidComp(oid, oidLen, ED448_OID, sizeof(ED448_OID)))
822  {
823  //Ed448 signature algorithm
824  *signAlgo = X509_SIGN_ALGO_ED448;
825  *hashAlgo = NULL;
826  }
827  else
828 #endif
829  {
830  //The specified signature algorithm is not supported
832  }
833 
834  //Return status code
835  return error;
836 }
837 
838 
839 /**
840  * @brief Get the elliptic curve that matches the specified OID
841  * @param[in] oid Object identifier
842  * @param[in] length OID length
843  * @return Elliptic curve domain parameters
844  **/
845 
846 const EcCurveInfo *x509GetCurveInfo(const uint8_t *oid, size_t length)
847 {
848  const EcCurveInfo *curveInfo;
849 
850  //Default elliptic curve domain parameters
851  curveInfo = NULL;
852 
853 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
854  //Invalid parameters?
855  if(oid == NULL || length == 0)
856  {
857  curveInfo = NULL;
858  }
859 #if (X509_SECP112R1_SUPPORT == ENABLED)
860  //secp112r1 elliptic curve?
861  else if(!oidComp(oid, length, SECP112R1_OID, sizeof(SECP112R1_OID)))
862  {
863  curveInfo = ecGetCurveInfo(oid, length);
864  }
865 #endif
866 #if (X509_SECP112R2_SUPPORT == ENABLED)
867  //secp112r2 elliptic curve?
868  else if(!oidComp(oid, length, SECP112R2_OID, sizeof(SECP112R2_OID)))
869  {
870  curveInfo = ecGetCurveInfo(oid, length);
871  }
872 #endif
873 #if (X509_SECP128R1_SUPPORT == ENABLED)
874  //secp128r1 elliptic curve?
875  else if(!oidComp(oid, length, SECP128R1_OID, sizeof(SECP128R1_OID)))
876  {
877  curveInfo = ecGetCurveInfo(oid, length);
878  }
879 #endif
880 #if (X509_SECP128R2_SUPPORT == ENABLED)
881  //secp128r2 elliptic curve?
882  else if(!oidComp(oid, length, SECP128R2_OID, sizeof(SECP128R2_OID)))
883  {
884  curveInfo = ecGetCurveInfo(oid, length);
885  }
886 #endif
887 #if (X509_SECP160K1_SUPPORT == ENABLED)
888  //secp160k1 elliptic curve?
889  else if(!oidComp(oid, length, SECP160K1_OID, sizeof(SECP160K1_OID)))
890  {
891  curveInfo = ecGetCurveInfo(oid, length);
892  }
893 #endif
894 #if (X509_SECP160R1_SUPPORT == ENABLED)
895  //secp160r1 elliptic curve?
896  else if(!oidComp(oid, length, SECP160R1_OID, sizeof(SECP160R1_OID)))
897  {
898  curveInfo = ecGetCurveInfo(oid, length);
899  }
900 #endif
901 #if (X509_SECP160R2_SUPPORT == ENABLED)
902  //secp160r2 elliptic curve?
903  else if(!oidComp(oid, length, SECP160R2_OID, sizeof(SECP160R2_OID)))
904  {
905  curveInfo = ecGetCurveInfo(oid, length);
906  }
907 #endif
908 #if (X509_SECP192K1_SUPPORT == ENABLED)
909  //secp192k1 elliptic curve?
910  else if(!oidComp(oid, length, SECP192K1_OID, sizeof(SECP192K1_OID)))
911  {
912  curveInfo = ecGetCurveInfo(oid, length);
913  }
914 #endif
915 #if (X509_SECP192R1_SUPPORT == ENABLED)
916  //secp192r1 elliptic curve?
917  else if(!oidComp(oid, length, SECP192R1_OID, sizeof(SECP192R1_OID)))
918  {
919  curveInfo = ecGetCurveInfo(oid, length);
920  }
921 #endif
922 #if (X509_SECP224K1_SUPPORT == ENABLED)
923  //secp224k1 elliptic curve?
924  else if(!oidComp(oid, length, SECP224K1_OID, sizeof(SECP224K1_OID)))
925  {
926  curveInfo = ecGetCurveInfo(oid, length);
927  }
928 #endif
929 #if (X509_SECP224R1_SUPPORT == ENABLED)
930  //secp224r1 elliptic curve?
931  else if(!oidComp(oid, length, SECP224R1_OID, sizeof(SECP224R1_OID)))
932  {
933  curveInfo = ecGetCurveInfo(oid, length);
934  }
935 #endif
936 #if (X509_SECP256K1_SUPPORT == ENABLED)
937  //secp256k1 elliptic curve?
938  else if(!oidComp(oid, length, SECP256K1_OID, sizeof(SECP256K1_OID)))
939  {
940  curveInfo = ecGetCurveInfo(oid, length);
941  }
942 #endif
943 #if (X509_SECP256R1_SUPPORT == ENABLED)
944  //secp256r1 elliptic curve?
945  else if(!oidComp(oid, length, SECP256R1_OID, sizeof(SECP256R1_OID)))
946  {
947  curveInfo = ecGetCurveInfo(oid, length);
948  }
949 #endif
950 #if (X509_SECP384R1_SUPPORT == ENABLED)
951  //secp384r1 elliptic curve?
952  else if(!oidComp(oid, length, SECP384R1_OID, sizeof(SECP384R1_OID)))
953  {
954  curveInfo = ecGetCurveInfo(oid, length);
955  }
956 #endif
957 #if (X509_SECP521R1_SUPPORT == ENABLED)
958  //secp521r1 elliptic curve?
959  else if(!oidComp(oid, length, SECP521R1_OID, sizeof(SECP521R1_OID)))
960  {
961  curveInfo = ecGetCurveInfo(oid, length);
962  }
963 #endif
964 #if (X509_BRAINPOOLP160R1_SUPPORT == ENABLED)
965  //brainpoolP160r1 elliptic curve?
967  {
968  curveInfo = ecGetCurveInfo(oid, length);
969  }
970 #endif
971 #if (X509_BRAINPOOLP192R1_SUPPORT == ENABLED)
972  //brainpoolP192r1 elliptic curve?
974  {
975  curveInfo = ecGetCurveInfo(oid, length);
976  }
977 #endif
978 #if (X509_BRAINPOOLP224R1_SUPPORT == ENABLED)
979  //brainpoolP224r1 elliptic curve?
981  {
982  curveInfo = ecGetCurveInfo(oid, length);
983  }
984 #endif
985 #if (X509_BRAINPOOLP256R1_SUPPORT == ENABLED)
986  //brainpoolP256r1 elliptic curve?
988  {
989  curveInfo = ecGetCurveInfo(oid, length);
990  }
991 #endif
992 #if (X509_BRAINPOOLP320R1_SUPPORT == ENABLED)
993  //brainpoolP320r1 elliptic curve?
995  {
996  curveInfo = ecGetCurveInfo(oid, length);
997  }
998 #endif
999 #if (X509_BRAINPOOLP384R1_SUPPORT == ENABLED)
1000  //brainpoolP384r1 elliptic curve?
1002  {
1003  curveInfo = ecGetCurveInfo(oid, length);
1004  }
1005 #endif
1006 #if (X509_BRAINPOOLP512R1_SUPPORT == ENABLED)
1007  //brainpoolP512r1 elliptic curve?
1009  {
1010  curveInfo = ecGetCurveInfo(oid, length);
1011  }
1012 #endif
1013 #if (X509_ED25519_SUPPORT == ENABLED)
1014  //Ed25519 elliptic curve?
1015  else if(!oidComp(oid, length, ED25519_OID, sizeof(ED25519_OID)))
1016  {
1017  curveInfo = ecGetCurveInfo(oid, length);
1018  }
1019 #endif
1020 #if (X509_ED448_SUPPORT == ENABLED)
1021  //Ed448 elliptic curve?
1022  else if(!oidComp(oid, length, ED448_OID, sizeof(ED448_OID)))
1023  {
1024  curveInfo = ecGetCurveInfo(oid, length);
1025  }
1026 #endif
1027  else
1028  {
1029  curveInfo = NULL;
1030  }
1031 #endif
1032 
1033  //Return the elliptic curve domain parameters, if any
1034  return curveInfo;
1035 }
1036 
1037 #endif
const uint8_t ECDSA_WITH_SHA512_OID[8]
Definition: ecdsa.c:51
const uint8_t ECDSA_WITH_SHA3_512_OID[9]
Definition: ecdsa.c:59
#define SHA3_224_HASH_ALGO
Definition: sha3_224.h:43
const uint8_t ECDSA_WITH_SHA3_384_OID[9]
Definition: ecdsa.c:57
const uint8_t X509_COMMON_NAME_OID[3]
Definition: x509_common.c:64
const uint8_t X509_NAME_OID[3]
Definition: x509_common.c:82
const uint8_t X509_SURNAME_OID[3]
Definition: x509_common.c:66
const uint8_t SECP256R1_OID[8]
Definition: ec_curves.c:70
error_t x509ReadRsaPublicKey(const X509SubjectPublicKeyInfo *subjectPublicKeyInfo, RsaPublicKey *key)
Read a RSA public key.
Definition: x509_common.c:184
const uint8_t DSA_WITH_SHA3_224_OID[9]
Definition: dsa.c:61
const uint8_t X509_DN_QUALIFIER_OID[3]
Definition: x509_common.c:90
const uint8_t X509_PSEUDONYM_OID[3]
Definition: x509_common.c:92
X509DsaParameters dsaParams
Definition: x509_common.h:609
SHA-224 (Secure Hash Algorithm 224)
const uint8_t X509_LOCALITY_NAME_OID[3]
Definition: x509_common.c:72
const uint8_t X509_NAME_CONSTRAINTS_OID[3]
Definition: x509_common.c:107
const uint8_t ECDSA_WITH_SHA224_OID[8]
Definition: ecdsa.c:45
const uint8_t X509_TITLE_OID[3]
Definition: x509_common.c:80
Mpi g
Generator of the subgroup.
Definition: dsa.h:50
Debugging facilities.
Mpi n
Modulus.
Definition: rsa.h:48
const uint8_t X509_INHIBIT_ANY_POLICY_OID[3]
Definition: x509_common.c:123
const uint8_t DSA_WITH_SHA3_384_OID[9]
Definition: dsa.c:65
const uint8_t * q
Definition: x509_common.h:555
Generic error code.
Definition: error.h:43
const uint8_t DSA_WITH_SHA256_OID[9]
Definition: dsa.c:55
const uint8_t DSA_WITH_SHA1_OID[7]
Definition: dsa.c:51
const uint8_t SHA384_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:68
const uint8_t X509_EXTENDED_KEY_USAGE_OID[3]
Definition: x509_common.c:119
const uint8_t SECP256K1_OID[5]
Definition: ec_curves.c:68
#define SHA224_HASH_ALGO
Definition: sha224.h:43
const uint8_t RSASSA_PSS_OID[9]
Definition: rsa.c:86
General definitions for cryptographic algorithms.
const uint8_t X509_ORGANIZATION_NAME_OID[3]
Definition: x509_common.c:76
const uint8_t X509_KP_SERVER_AUTH_OID[8]
Definition: x509_common.c:131
Elliptic curve parameters.
Definition: ec_curves.h:290
const uint8_t X509_CERTIFICATE_POLICIES_OID[3]
Definition: x509_common.c:111
const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[]
Definition: x509_common.c:74
const uint8_t DSA_WITH_SHA384_OID[9]
Definition: dsa.c:57
const uint8_t X509_ISSUER_ALT_NAME_OID[3]
Definition: x509_common.c:103
const uint8_t X509_SERIAL_NUMBER_OID[3]
Definition: x509_common.c:68
X509RsaPublicKey rsaPublicKey
Definition: x509_common.h:606
const EcCurveInfo * x509GetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: x509_common.c:846
const uint8_t BRAINPOOLP160R1_OID[9]
Definition: ec_curves.c:76
const uint8_t SECP112R1_OID[5]
Definition: ec_curves.c:46
const uint8_t SECP160K1_OID[5]
Definition: ec_curves.c:54
const uint8_t SECP224K1_OID[5]
Definition: ec_curves.c:64
const uint8_t * p
Definition: x509_common.h:553
const uint8_t SECP224R1_OID[5]
Definition: ec_curves.c:66
const uint8_t X509_KP_CODE_SIGNING_OID[8]
Definition: x509_common.c:135
const uint8_t DSA_WITH_SHA224_OID[9]
Definition: dsa.c:53
Mpi e
Public exponent.
Definition: rsa.h:49
SHA-384 (Secure Hash Algorithm 384)
const uint8_t ECDSA_WITH_SHA3_256_OID[9]
Definition: ecdsa.c:55
error_t x509ReadDsaPublicKey(const X509SubjectPublicKeyInfo *subjectPublicKeyInfo, DsaPublicKey *key)
Read a DSA public key.
Definition: x509_common.c:235
const uint8_t * oid
Definition: x509_common.h:725
#define cryptoIsdigit(c)
Definition: crypto.h:632
const uint8_t X509_KP_EMAIL_PROTECTION_OID[8]
Definition: x509_common.c:137
const uint8_t SECP521R1_OID[5]
Definition: ec_curves.c:74
const uint8_t BRAINPOOLP384R1_OID[9]
Definition: ec_curves.c:86
OID (Object Identifier)
#define TRUE
Definition: os_port.h:48
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_384_OID[9]
Definition: rsa.c:81
#define TRACE_DEBUG_MPI(p, a)
Definition: debug.h:101
DSA public key.
Definition: dsa.h:46
X509DsaPublicKey dsaPublicKey
Definition: x509_common.h:610
const uint8_t BRAINPOOLP320R1_OID[9]
Definition: ec_curves.c:84
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_512_OID[9]
Definition: rsa.c:83
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_224_OID[9]
Definition: rsa.c:77
#define SHA384_OID
Definition: sha384.h:41
#define SHA512_OID
Definition: sha512.h:40
#define SHA256_HASH_ALGO
Definition: sha256.h:42
const uint8_t SHA512_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:70
const uint8_t SECP192K1_OID[5]
Definition: ec_curves.c:60
const uint8_t * e
Definition: x509_common.h:542
const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4]
Definition: x509_common.c:129
#define mpiReadRaw(r, data, length)
Definition: crypto_legacy.h:33
X509HashAlgo
Hash algorithms.
Definition: x509_common.h:442
const uint8_t ECDSA_WITH_SHA384_OID[8]
Definition: ecdsa.c:49
const uint8_t DSA_WITH_SHA512_OID[9]
Definition: dsa.c:59
const uint8_t X509_KP_OCSP_SIGNING_OID[8]
Definition: x509_common.c:141
#define SHA3_384_HASH_ALGO
Definition: sha3_384.h:43
RSA public key.
Definition: rsa.h:46
#define SHA384_HASH_ALGO
Definition: sha384.h:43
Mpi q
Prime divisor.
Definition: dsa.h:49
#define SHA3_512_HASH_ALGO
Definition: sha3_512.h:43
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
Definition: x509_common.c:373
const uint8_t ED448_OID[3]
Definition: ec_curves.c:96
const uint8_t X509_CRL_DISTR_POINTS_OID[3]
Definition: x509_common.c:109
const uint8_t X509_SUBJECT_DIRECTORY_ATTR_OID[3]
Definition: x509_common.c:95
const uint8_t X509_KEY_USAGE_OID[3]
Definition: x509_common.c:99
const uint8_t DSA_WITH_SHA3_512_OID[9]
Definition: dsa.c:67
X.509 common definitions.
const uint8_t BRAINPOOLP192R1_OID[9]
Definition: ec_curves.c:78
DSA (Digital Signature Algorithm)
#define SHA256_OID
Definition: sha256.h:40
SHA3-256 hash function (SHA-3 with 256-bit output)
const uint8_t SECP128R2_OID[5]
Definition: ec_curves.c:52
error_t x509ReadInt(const uint8_t *data, size_t length, uint_t *value)
Convert string to integer.
Definition: x509_common.c:152
int_t oidComp(const uint8_t *oid1, size_t oidLen1, const uint8_t *oid2, size_t oidLen2)
Compare object identifiers.
Definition: oid.c:99
Mpi p
Prime modulus.
Definition: dsa.h:48
const uint8_t SHA1_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:62
const uint8_t * n
Definition: x509_common.h:540
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
Definition: x509_common.c:305
const uint8_t X509_GENERATION_QUALIFIER_OID[3]
Definition: x509_common.c:88
const uint8_t ED25519_OID[3]
Definition: ec_curves.c:94
const uint8_t SECP160R1_OID[5]
Definition: ec_curves.c:56
error_t x509GetSignHashAlgo(const X509SignatureAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
Definition: x509_common.c:472
Success.
Definition: error.h:42
Subject public key info.
Definition: x509_common.h:599
const uint8_t X509_INITIALS_OID[3]
Definition: x509_common.c:86
error_t
Error codes.
Definition: error.h:40
const uint8_t SECP160R2_OID[5]
Definition: ec_curves.c:58
RSA public-key cryptography standard.
Mpi y
Public key.
Definition: dsa.h:51
unsigned int uint_t
Definition: compiler_port.h:43
const uint8_t SECP192R1_OID[8]
Definition: ec_curves.c:62
SHA3-512 hash function (SHA-3 with 512-bit output)
const uint8_t SECP384R1_OID[5]
Definition: ec_curves.c:72
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:728
uint8_t data[]
Definition: dtls_misc.h:167
const uint8_t MD5_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:60
const uint8_t SECP112R2_OID[5]
Definition: ec_curves.c:48
const uint8_t X509_POLICY_CONSTRAINTS_OID[3]
Definition: x509_common.c:117
SHA-1 (Secure Hash Algorithm 1)
const uint8_t * hashAlgo
Definition: x509_common.h:713
uint8_t value[]
Definition: dtls_misc.h:141
const uint8_t BRAINPOOLP224R1_OID[9]
Definition: ec_curves.c:80
const uint8_t X509_POLICY_MAPPINGS_OID[3]
Definition: x509_common.c:113
X509SignatureAlgo
Signature algorithms.
Definition: x509_common.h:426
const uint8_t X509_KP_CLIENT_AUTH_OID[8]
Definition: x509_common.c:133
const uint8_t X509_FRESHEST_CRL_OID[3]
Definition: x509_common.c:121
const uint8_t X509_COUNTRY_NAME_OID[3]
Definition: x509_common.c:70
SHA-512 (Secure Hash Algorithm 512)
#define SHA1_HASH_ALGO
Definition: sha1.h:42
SHA3-224 hash function (SHA-3 with 224-bit output)
SHA3-384 hash function (SHA-3 with 384-bit output)
#define SHA512_HASH_ALGO
Definition: sha512.h:42
const uint8_t X509_SUBJECT_ALT_NAME_OID[3]
Definition: x509_common.c:101
const uint8_t ECDSA_WITH_SHA1_OID[7]
Definition: ecdsa.c:43
const uint8_t SHA256_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:66
const EcCurveInfo * ecGetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: ec_curves.c:2170
Signature algorithm identifier.
Definition: x509_common.h:723
const uint8_t SECP128R1_OID[5]
Definition: ec_curves.c:50
const uint8_t ECDSA_WITH_SHA3_224_OID[9]
Definition: ecdsa.c:53
Common interface for hash algorithms.
Definition: crypto.h:1054
uint8_t length
Definition: dtls_misc.h:140
const uint8_t BRAINPOOLP256R1_OID[9]
Definition: ec_curves.c:82
uint8_t oid[1]
Definition: mib_common.h:184
const uint8_t * y
Definition: x509_common.h:568
MD5 (Message-Digest Algorithm)
SHA-256 (Secure Hash Algorithm 256)
const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3]
Definition: x509_common.c:78
#define FALSE
Definition: os_port.h:44
const uint8_t X509_AUTHORITY_KEY_ID_OID[3]
Definition: x509_common.c:115
int bool_t
Definition: compiler_port.h:47
const uint8_t X509_BASIC_CONSTRAINTS_OID[3]
Definition: x509_common.c:105
const uint8_t X509_GIVEN_NAME_OID[3]
Definition: x509_common.c:84
const uint8_t BRAINPOOLP512R1_OID[9]
Definition: ec_curves.c:88
#define SHA3_256_HASH_ALGO
Definition: sha3_256.h:43
#define MD5_HASH_ALGO
Definition: md5.h:42
const uint8_t * g
Definition: x509_common.h:557
const uint8_t ECDSA_WITH_SHA256_OID[8]
Definition: ecdsa.c:47
const uint8_t X509_KP_TIME_STAMPING_OID[8]
Definition: x509_common.c:139
const uint8_t X509_SUBJECT_KEY_ID_OID[3]
Definition: x509_common.c:97
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_256_OID[9]
Definition: rsa.c:79
#define TRACE_DEBUG(...)
Definition: debug.h:98
const uint8_t X509_NS_CERT_TYPE_OID[9]
Definition: x509_common.c:126
const uint8_t DSA_WITH_SHA3_256_OID[9]
Definition: dsa.c:63