x509_common.c
Go to the documentation of this file.
1 /**
2  * @file x509_common.c
3  * @brief X.509 common definitions
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.2
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkix/x509_common.h"
37 #include "encoding/asn1.h"
38 #include "encoding/oid.h"
39 #include "hash/hash_algorithms.h"
40 #include "debug.h"
41 
42 //Check crypto library configuration
43 #if (X509_SUPPORT == ENABLED)
44 
45 //Common Name OID (2.5.4.3)
46 const uint8_t X509_COMMON_NAME_OID[3] = {0x55, 0x04, 0x03};
47 //Surname OID (2.5.4.4)
48 const uint8_t X509_SURNAME_OID[3] = {0x55, 0x04, 0x04};
49 //Serial Number OID (2.5.4.5)
50 const uint8_t X509_SERIAL_NUMBER_OID[3] = {0x55, 0x04, 0x05};
51 //Country Name OID (2.5.4.6)
52 const uint8_t X509_COUNTRY_NAME_OID[3] = {0x55, 0x04, 0x06};
53 //Locality Name OID (2.5.4.7)
54 const uint8_t X509_LOCALITY_NAME_OID[3] = {0x55, 0x04, 0x07};
55 //State Or Province Name OID (2.5.4.8)
56 const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[] = {0x55, 0x04, 0x08};
57 //Organization Name OID (2.5.4.10)
58 const uint8_t X509_ORGANIZATION_NAME_OID[3] = {0x55, 0x04, 0x0A};
59 //Organizational Unit Name OID (2.5.4.11)
60 const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3] = {0x55, 0x04, 0x0B};
61 //Title OID (2.5.4.12)
62 const uint8_t X509_TITLE_OID[3] = {0x55, 0x04, 0x0C};
63 //Name OID (2.5.4.41)
64 const uint8_t X509_NAME_OID[3] = {0x55, 0x04, 0x29};
65 //Given Name OID (2.5.4.42)
66 const uint8_t X509_GIVEN_NAME_OID[3] = {0x55, 0x04, 0x2A};
67 //Initials OID (2.5.4.43)
68 const uint8_t X509_INITIALS_OID[3] = {0x55, 0x04, 0x2B};
69 //Generation Qualifier OID (2.5.4.44)
70 const uint8_t X509_GENERATION_QUALIFIER_OID[3] = {0x55, 0x04, 0x2C};
71 //DN Qualifier OID (2.5.4.46)
72 const uint8_t X509_DN_QUALIFIER_OID[3] = {0x55, 0x04, 0x2E};
73 //Pseudonym OID (2.5.4.65)
74 const uint8_t X509_PSEUDONYM_OID[3] = {0x55, 0x04, 0x41};
75 //Domain Component OID (0.9.2342.19200300.100.1.25)
76 const uint8_t X509_DOMAIN_COMPONENT_OID[10] = {0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19};
77 
78 //Subject Directory Attributes OID (2.5.29.9)
79 const uint8_t X509_SUBJECT_DIR_ATTR_OID[3] = {0x55, 0x1D, 0x09};
80 //Subject Key Identifier OID (2.5.29.14)
81 const uint8_t X509_SUBJECT_KEY_ID_OID[3] = {0x55, 0x1D, 0x0E};
82 //Key Usage OID (2.5.29.15)
83 const uint8_t X509_KEY_USAGE_OID[3] = {0x55, 0x1D, 0x0F};
84 //Subject Alternative Name OID (2.5.29.17)
85 const uint8_t X509_SUBJECT_ALT_NAME_OID[3] = {0x55, 0x1D, 0x11};
86 //Issuer Alternative Name OID (2.5.29.18)
87 const uint8_t X509_ISSUER_ALT_NAME_OID[3] = {0x55, 0x1D, 0x12};
88 //Basic Constraints OID (2.5.29.19)
89 const uint8_t X509_BASIC_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x13};
90 //CRL Number OID (2.5.29.20)
91 const uint8_t X509_CRL_NUMBER_OID[3] = {0x55, 0x1D, 0x14};
92 //Reason Code OID (2.5.29.21)
93 const uint8_t X509_REASON_CODE_OID[3] = {0x55, 0x1D, 0x15};
94 //Invalidity Date OID (2.5.29.24)
95 const uint8_t X509_INVALIDITY_DATE_OID[3] = {0x55, 0x1D, 0x18};
96 //Delta CRL Indicator OID (2.5.29.27)
97 const uint8_t X509_DELTA_CRL_INDICATOR_OID[3] = {0x55, 0x1D, 0x1B};
98 //Issuing Distribution Point OID (2.5.29.28)
99 const uint8_t X509_ISSUING_DISTR_POINT_OID[3] = {0x55, 0x1D, 0x1C};
100 //Certificate Issuer OID (2.5.29.29)
101 const uint8_t X509_CERTIFICATE_ISSUER_OID[3] = {0x55, 0x1D, 0x1D};
102 //Name Constraints OID (2.5.29.30)
103 const uint8_t X509_NAME_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x1E};
104 //CRL Distribution Points OID (2.5.29.31)
105 const uint8_t X509_CRL_DISTR_POINTS_OID[3] = {0x55, 0x1D, 0x1F};
106 //Certificate Policies OID (2.5.29.32)
107 const uint8_t X509_CERTIFICATE_POLICIES_OID[3] = {0x55, 0x1D, 0x20};
108 //Policy Mappings OID (2.5.29.33)
109 const uint8_t X509_POLICY_MAPPINGS_OID[3] = {0x55, 0x1D, 0x21};
110 //Authority Key Identifier OID (2.5.29.35)
111 const uint8_t X509_AUTHORITY_KEY_ID_OID[3] = {0x55, 0x1D, 0x23};
112 //Policy Constraints OID (2.5.29.36)
113 const uint8_t X509_POLICY_CONSTRAINTS_OID[3] = {0x55, 0x1D, 0x24};
114 //Extended Key Usage OID (2.5.29.37)
115 const uint8_t X509_EXTENDED_KEY_USAGE_OID[3] = {0x55, 0x1D, 0x25};
116 //Freshest CRL OID (2.5.29.46)
117 const uint8_t X509_FRESHEST_CRL_OID[3] = {0x55, 0x1D, 0x2E};
118 //Inhibit Any-Policy OID (2.5.29.54)
119 const uint8_t X509_INHIBIT_ANY_POLICY_OID[3] = {0x55, 0x1D, 0x36};
120 //Authority Information Access OID (1.3.6.1.5.5.7.1.1)
121 const uint8_t X509_AUTH_INFO_ACCESS_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01};
122 //PKIX OCSP No Check OID (1.3.6.1.5.5.7.48.1.5)
123 const uint8_t X509_PKIX_OCSP_NO_CHECK_OID[9] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x05};
124 //Netscape Certificate Type OID (2.16.840.1.113730.1.1)
125 const uint8_t X509_NS_CERT_TYPE_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x01};
126 
127 //Any Extended Key Usage OID (2.5.29.37.0)
128 const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4] = {0x55, 0x1D, 0x25, 0x00};
129 //Key Purpose Server Auth OID (1.3.6.1.5.5.7.3.1)
130 const uint8_t X509_KP_SERVER_AUTH_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01};
131 //Key Purpose Client Auth OID (1.3.6.1.5.5.7.3.2)
132 const uint8_t X509_KP_CLIENT_AUTH_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02};
133 //Key Purpose Code Signing OID (1.3.6.1.5.5.7.3.3)
134 const uint8_t X509_KP_CODE_SIGNING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03};
135 //Key Purpose Email Protection OID (1.3.6.1.5.5.7.3.4)
136 const uint8_t X509_KP_EMAIL_PROTECTION_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04};
137 //Key Purpose IPsec End System OID (1.3.6.1.5.5.7.3.5)
138 const uint8_t X509_KP_IPSEC_END_SYSTEM_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x05};
139 //Key Purpose IPsec Tunnel OID (1.3.6.1.5.5.7.3.6)
140 const uint8_t X509_KP_IPSEC_TUNNEL_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x06};
141 //Key Purpose IPsec User OID (1.3.6.1.5.5.7.3.7)
142 const uint8_t X509_KP_IPSEC_USER_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x07};
143 //Key Purpose Time Stamping OID (1.3.6.1.5.5.7.3.8)
144 const uint8_t X509_KP_TIME_STAMPING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08};
145 //Key Purpose OCSP Signing OID (1.3.6.1.5.5.7.3.9)
146 const uint8_t X509_KP_OCSP_SIGNING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09};
147 //Key Purpose IPsec IKE OID (1.3.6.1.5.5.7.3.17)
148 const uint8_t X509_KP_IPSEC_IKE_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x11};
149 //Key Purpose Secure Shell Client OID (1.3.6.1.5.5.7.3.21)
150 const uint8_t X509_KP_SSH_CLIENT_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x15};
151 //Key Purpose Secure Shell Client OID (1.3.6.1.5.5.7.3.22)
152 const uint8_t X509_KP_SSH_SERVER_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x16};
153 //Key Purpose Document Signing OID (1.3.6.1.5.5.7.3.36)
154 const uint8_t X509_KP_DOC_SIGNING_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x24};
155 
156 //Access Description CA Issuers OID (1.3.6.1.5.5.7.48.1)
157 const uint8_t X509_AD_CA_ISSUERS[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01};
158 //Access Description OCSP (1.3.6.1.5.5.7.48.2)
159 const uint8_t X509_AD_OCSP[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02};
160 
161 //PKCS #9 E-mail Address OID (1.2.840.113549.1.9.1)
162 const uint8_t PKCS9_EMAIL_ADDR_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01};
163 //PKCS #9 Challenge Password OID (1.2.840.113549.1.9.7)
164 const uint8_t PKCS9_CHALLENGE_PASSWORD_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07};
165 //PKCS #9 Extension Request OID (1.2.840.113549.1.9.14)
166 const uint8_t PKCS9_EXTENSION_REQUEST_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E};
167 
168 //Default certificate parsing options
170 {
171  FALSE //Ignore unknown extensions
172 };
173 
174 
175 /**
176  * @brief Compare distinguished names
177  * @param[in] name1 Pointer to the first distinguished name
178  * @param[in] nameLen1 Length of the first distinguished name
179  * @param[in] name2 Pointer to the second distinguished name
180  * @param[in] nameLen2 Length of the second distinguished name
181  * @return Comparison result
182  **/
183 
184 bool_t x509CompareName(const uint8_t *name1, size_t nameLen1,
185  const uint8_t *name2, size_t nameLen2)
186 {
187  //Compare the length of the distinguished names
188  if(nameLen1 != nameLen2)
189  return FALSE;
190 
191  //Compare the contents of the distinguished names
192  if(osMemcmp(name1, name2, nameLen1))
193  return FALSE;
194 
195  //The distinguished names match
196  return TRUE;
197 }
198 
199 
200 /**
201  * @brief Check whether a given signature algorithm is supported
202  * @param[in] signAlgo signature algorithm
203  * @return TRUE is the signature algorithm is supported, else FALSE
204  **/
205 
207 {
208  bool_t acceptable;
209 
210  //Invalid signature algorithm?
211  if(signAlgo == X509_SIGN_ALGO_NONE)
212  {
213  acceptable = FALSE;
214  }
215 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
216  //RSA signature algorithm?
217  else if(signAlgo == X509_SIGN_ALGO_RSA)
218  {
219  acceptable = TRUE;
220  }
221 #endif
222 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
223  //RSA-PSS signature algorithm?
224  else if(signAlgo == X509_SIGN_ALGO_RSA_PSS)
225  {
226  acceptable = TRUE;
227  }
228 #endif
229 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
230  //DSA signature algorithm?
231  else if(signAlgo == X509_SIGN_ALGO_DSA)
232  {
233  acceptable = TRUE;
234  }
235 #endif
236 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
237  //ECDSA signature algorithm?
238  else if(signAlgo == X509_SIGN_ALGO_ECDSA)
239  {
240  acceptable = TRUE;
241  }
242 #endif
243 #if (X509_SM2_SUPPORT == ENABLED && SM2_SUPPORT == ENABLED)
244  //SM2 signature algorithm?
245  else if(signAlgo == X509_SIGN_ALGO_SM2)
246  {
247  acceptable = TRUE;
248  }
249 #endif
250 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
251  //Ed25519 signature algorithm?
252  else if(signAlgo == X509_SIGN_ALGO_ED25519)
253  {
254  acceptable = TRUE;
255  }
256 #endif
257 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
258  //Ed448 signature algorithm?
259  else if(signAlgo == X509_SIGN_ALGO_ED448)
260  {
261  acceptable = TRUE;
262  }
263 #endif
264  //Invalid signature algorithm?
265  else
266  {
267  acceptable = FALSE;
268  }
269 
270  //Return TRUE is the signature algorithm is supported
271  return acceptable;
272 }
273 
274 
275 /**
276  * @brief Check whether a given hash algorithm is supported
277  * @param[in] hashAlgo signature hash
278  * @return TRUE is the signature hash is supported, else FALSE
279  **/
280 
282 {
283  bool_t acceptable;
284 
285  //Invalid hash algorithm?
286  if(hashAlgo == X509_HASH_ALGO_NONE)
287  {
288  acceptable = FALSE;
289  }
290 #if (X509_MD5_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
291  //MD5 hash algorithm?
292  else if(hashAlgo == X509_HASH_ALGO_MD5)
293  {
294  acceptable = TRUE;
295  }
296 #endif
297 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
298  //SHA-1 hash algorithm?
299  else if(hashAlgo == X509_HASH_ALGO_SHA1)
300  {
301  acceptable = TRUE;
302  }
303 #endif
304 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
305  //SHA-224 hash algorithm?
306  else if(hashAlgo == X509_HASH_ALGO_SHA224)
307  {
308  acceptable = TRUE;
309  }
310 #endif
311 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
312  //SHA-256 hash algorithm?
313  else if(hashAlgo == X509_HASH_ALGO_SHA256)
314  {
315  acceptable = TRUE;
316  }
317 #endif
318 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
319  //SHA-384 hash algorithm?
320  else if(hashAlgo == X509_HASH_ALGO_SHA384)
321  {
322  acceptable = TRUE;
323  }
324 #endif
325 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
326  //SHA-512 hash algorithm?
327  else if(hashAlgo == X509_HASH_ALGO_SHA512)
328  {
329  acceptable = TRUE;
330  }
331 #endif
332 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
333  //SHA3-224 hash algorithm?
334  else if(hashAlgo == X509_HASH_ALGO_SHA3_224)
335  {
336  acceptable = TRUE;
337  }
338 #endif
339 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
340  //SHA3-256 hash algorithm?
341  else if(hashAlgo == X509_HASH_ALGO_SHA3_256)
342  {
343  acceptable = TRUE;
344  }
345 #endif
346 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
347  //SHA3-384 hash algorithm?
348  else if(hashAlgo == X509_HASH_ALGO_SHA3_384)
349  {
350  acceptable = TRUE;
351  }
352 #endif
353 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
354  //SHA3-512 hash algorithm?
355  else if(hashAlgo == X509_HASH_ALGO_SHA3_512)
356  {
357  acceptable = TRUE;
358  }
359 #endif
360 #if (X509_SM3_SUPPORT == ENABLED && SM3_SUPPORT == ENABLED)
361  //SM3 hash algorithm?
362  else if(hashAlgo == X509_HASH_ALGO_SM3)
363  {
364  acceptable = TRUE;
365  }
366 #endif
367  //Invalid hash algorithm?
368  else
369  {
370  acceptable = FALSE;
371  }
372 
373  //Return TRUE is the hash algorithm is supported
374  return acceptable;
375 }
376 
377 
378 /**
379  * @brief Check whether a given elliptic curve is supported
380  * @param[in] oid Object identifier
381  * @param[in] length Length of the OID, in bytes
382  * @return TRUE is the elliptic curve is supported, else FALSE
383  **/
384 
385 bool_t x509IsCurveSupported(const uint8_t *oid, size_t length)
386 {
387  //Return TRUE is the elliptic curve is supported
388  if(x509GetCurve(oid, length) != NULL)
389  {
390  return TRUE;
391  }
392  else
393  {
394  return FALSE;
395  }
396 }
397 
398 
399 /**
400  * @brief Get the signature and hash algorithms that match the specified
401  * identifier
402  * @param[in] signAlgoId Signature algorithm identifier
403  * @param[out] signAlgo Signature algorithm
404  * @param[out] hashAlgo Hash algorithm
405  * @return Error code
406  **/
407 
409  X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
410 {
411  error_t error;
412  size_t oidLen;
413  const uint8_t *oid;
414 
415  //Initialize status code
416  error = NO_ERROR;
417 
418  //Point to the object identifier
419  oid = signAlgoId->oid.value;
420  oidLen = signAlgoId->oid.length;
421 
422  //Just for sanity
423  (void) oid;
424  (void) oidLen;
425 
426 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
427 #if (X509_MD5_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
428  //RSA with MD5 signature algorithm?
430  {
431  *signAlgo = X509_SIGN_ALGO_RSA;
432  *hashAlgo = MD5_HASH_ALGO;
433  }
434  else
435 #endif
436 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
437  //RSA with SHA-1 signature algorithm?
439  {
440  *signAlgo = X509_SIGN_ALGO_RSA;
441  *hashAlgo = SHA1_HASH_ALGO;
442  }
443  else
444 #endif
445 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
446  //RSA with SHA-224 signature algorithm?
448  {
449  *signAlgo = X509_SIGN_ALGO_RSA;
450  *hashAlgo = SHA224_HASH_ALGO;
451  }
452  else
453 #endif
454 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
455  //RSA with SHA-256 signature algorithm?
457  {
458  *signAlgo = X509_SIGN_ALGO_RSA;
459  *hashAlgo = SHA256_HASH_ALGO;
460  }
461  else
462 #endif
463 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
464  //RSA with SHA-384 signature algorithm?
466  {
467  *signAlgo = X509_SIGN_ALGO_RSA;
468  *hashAlgo = SHA384_HASH_ALGO;
469  }
470  else
471 #endif
472 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
473  //RSA with SHA-512 signature algorithm?
475  {
476  *signAlgo = X509_SIGN_ALGO_RSA;
477  *hashAlgo = SHA512_HASH_ALGO;
478  }
479  else
480 #endif
481 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
482  //RSA with SHA3-224 signature algorithm?
484  {
485  *signAlgo = X509_SIGN_ALGO_RSA;
486  *hashAlgo = SHA3_224_HASH_ALGO;
487  }
488  else
489 #endif
490 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
491  //RSA with SHA3-256 signature algorithm?
493  {
494  *signAlgo = X509_SIGN_ALGO_RSA;
495  *hashAlgo = SHA3_256_HASH_ALGO;
496  }
497  else
498 #endif
499 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
500  //RSA with SHA3-384 signature algorithm?
502  {
503  *signAlgo = X509_SIGN_ALGO_RSA;
504  *hashAlgo = SHA3_384_HASH_ALGO;
505  }
506  else
507 #endif
508 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
509  //RSA with SHA3-512 signature algorithm?
511  {
512  *signAlgo = X509_SIGN_ALGO_RSA;
513  *hashAlgo = SHA3_512_HASH_ALGO;
514  }
515  else
516 #endif
517 #endif
518 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
519  //RSA-PSS signature algorithm
520  if(OID_COMP(oid, oidLen, RSASSA_PSS_OID) == 0)
521  {
522  //Get the OID of the hash algorithm
523  oid = signAlgoId->rsaPssParams.hashAlgo.value;
524  oidLen = signAlgoId->rsaPssParams.hashAlgo.length;
525 
526 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
527  //SHA-1 hash algorithm identifier?
528  if(OID_COMP(oid, oidLen, SHA1_OID) == 0)
529  {
530  //RSA-PSS with SHA-1 signature algorithm
531  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
532  *hashAlgo = SHA1_HASH_ALGO;
533  }
534  else
535 #endif
536 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
537  //SHA-224 hash algorithm identifier?
538  if(OID_COMP(oid, oidLen, SHA224_OID) == 0)
539  {
540  //RSA-PSS with SHA-224 signature algorithm
541  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
542  *hashAlgo = SHA224_HASH_ALGO;
543  }
544  else
545 #endif
546 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
547  //SHA-256 hash algorithm identifier?
548  if(OID_COMP(oid, oidLen, SHA256_OID) == 0)
549  {
550  //RSA-PSS with SHA-256 signature algorithm
551  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
552  *hashAlgo = SHA256_HASH_ALGO;
553  }
554  else
555 #endif
556 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
557  //SHA-384 hash algorithm identifier?
558  if(OID_COMP(oid, oidLen, SHA384_OID) == 0)
559  {
560  //RSA-PSS with SHA-384 signature algorithm
561  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
562  *hashAlgo = SHA384_HASH_ALGO;
563  }
564  else
565 #endif
566 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
567  //SHA-512 hash algorithm identifier?
568  if(OID_COMP(oid, oidLen, SHA512_OID) == 0)
569  {
570  //RSA-PSS with SHA-512 signature algorithm
571  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
572  *hashAlgo = SHA512_HASH_ALGO;
573  }
574  else
575 #endif
576 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
577  //SHA3-224 hash algorithm identifier?
578  if(OID_COMP(oid, oidLen, SHA3_224_OID) == 0)
579  {
580  //RSA-PSS with SHA3-224 signature algorithm
581  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
582  *hashAlgo = SHA3_224_HASH_ALGO;
583  }
584  else
585 #endif
586 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
587  //SHA3-256 hash algorithm identifier?
588  if(OID_COMP(oid, oidLen, SHA3_256_OID) == 0)
589  {
590  //RSA-PSS with SHA3-256 signature algorithm
591  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
592  *hashAlgo = SHA3_256_HASH_ALGO;
593  }
594  else
595 #endif
596 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
597  //SHA3-384 hash algorithm identifier?
598  if(OID_COMP(oid, oidLen, SHA3_384_OID) == 0)
599  {
600  //RSA-PSS with SHA3-384 signature algorithm
601  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
602  *hashAlgo = SHA3_384_HASH_ALGO;
603  }
604  else
605 #endif
606 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
607  //SHA3-512 hash algorithm identifier?
608  if(OID_COMP(oid, oidLen, SHA3_512_OID) == 0)
609  {
610  //RSA-PSS with SHA3-512 signature algorithm
611  *signAlgo = X509_SIGN_ALGO_RSA_PSS;
612  *hashAlgo = SHA3_512_HASH_ALGO;
613  }
614  else
615 #endif
616  //Unknown hash algorithm identifier?
617  {
618  //The specified signature algorithm is not supported
620  }
621  }
622  else
623 #endif
624 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
625 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
626  //DSA with SHA-1 signature algorithm?
628  {
629  *signAlgo = X509_SIGN_ALGO_DSA;
630  *hashAlgo = SHA1_HASH_ALGO;
631  }
632  else
633 #endif
634 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
635  //DSA with SHA-224 signature algorithm?
637  {
638  *signAlgo = X509_SIGN_ALGO_DSA;
639  *hashAlgo = SHA224_HASH_ALGO;
640  }
641  else
642 #endif
643 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
644  //DSA with SHA-256 signature algorithm?
646  {
647  *signAlgo = X509_SIGN_ALGO_DSA;
648  *hashAlgo = SHA256_HASH_ALGO;
649  }
650  else
651 #endif
652 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
653  //DSA with SHA-384 signature algorithm?
655  {
656  *signAlgo = X509_SIGN_ALGO_DSA;
657  *hashAlgo = SHA384_HASH_ALGO;
658  }
659  else
660 #endif
661 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
662  //DSA with SHA-512 signature algorithm?
664  {
665  *signAlgo = X509_SIGN_ALGO_DSA;
666  *hashAlgo = SHA512_HASH_ALGO;
667  }
668  else
669 #endif
670 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
671  //DSA with SHA3-224 signature algorithm?
673  {
674  *signAlgo = X509_SIGN_ALGO_DSA;
675  *hashAlgo = SHA3_224_HASH_ALGO;
676  }
677  else
678 #endif
679 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
680  //DSA with SHA3-256 signature algorithm?
682  {
683  *signAlgo = X509_SIGN_ALGO_DSA;
684  *hashAlgo = SHA3_256_HASH_ALGO;
685  }
686  else
687 #endif
688 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
689  //DSA with SHA3-384 signature algorithm?
691  {
692  *signAlgo = X509_SIGN_ALGO_DSA;
693  *hashAlgo = SHA3_384_HASH_ALGO;
694  }
695  else
696 #endif
697 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
698  //DSA with SHA3-512 signature algorithm?
700  {
701  *signAlgo = X509_SIGN_ALGO_DSA;
702  *hashAlgo = SHA3_512_HASH_ALGO;
703  }
704  else
705 #endif
706 #endif
707 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
708 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
709  //ECDSA with SHA-1 signature algorithm?
711  {
712  *signAlgo = X509_SIGN_ALGO_ECDSA;
713  *hashAlgo = SHA1_HASH_ALGO;
714  }
715  else
716 #endif
717 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
718  //ECDSA with SHA-224 signature algorithm?
720  {
721  *signAlgo = X509_SIGN_ALGO_ECDSA;
722  *hashAlgo = SHA224_HASH_ALGO;
723  }
724  else
725 #endif
726 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
727  //ECDSA with SHA-256 signature algorithm?
729  {
730  *signAlgo = X509_SIGN_ALGO_ECDSA;
731  *hashAlgo = SHA256_HASH_ALGO;
732  }
733  else
734 #endif
735 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
736  //ECDSA with SHA-384 signature algorithm?
738  {
739  *signAlgo = X509_SIGN_ALGO_ECDSA;
740  *hashAlgo = SHA384_HASH_ALGO;
741  }
742  else
743 #endif
744 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
745  //ECDSA with SHA-512 signature algorithm?
747  {
748  *signAlgo = X509_SIGN_ALGO_ECDSA;
749  *hashAlgo = SHA512_HASH_ALGO;
750  }
751  else
752 #endif
753 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
754  //ECDSA with SHA3-224 signature algorithm?
756  {
757  *signAlgo = X509_SIGN_ALGO_ECDSA;
758  *hashAlgo = SHA3_224_HASH_ALGO;
759  }
760  else
761 #endif
762 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
763  //ECDSA with SHA3-256 signature algorithm?
765  {
766  *signAlgo = X509_SIGN_ALGO_ECDSA;
767  *hashAlgo = SHA3_256_HASH_ALGO;
768  }
769  else
770 #endif
771 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
772  //ECDSA with SHA3-384 signature algorithm?
774  {
775  *signAlgo = X509_SIGN_ALGO_ECDSA;
776  *hashAlgo = SHA3_384_HASH_ALGO;
777  }
778  else
779 #endif
780 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
781  //ECDSA with SHA3-512 signature algorithm?
783  {
784  *signAlgo = X509_SIGN_ALGO_ECDSA;
785  *hashAlgo = SHA3_512_HASH_ALGO;
786  }
787  else
788 #endif
789 #endif
790 #if (X509_SM2_SUPPORT == ENABLED && SM2_SUPPORT == ENABLED && \
791  X509_SM3_SUPPORT == ENABLED && SM3_SUPPORT == ENABLED)
792  //SM2 with SM3 signature algorithm?
793  if(OID_COMP(oid, oidLen, SM2_WITH_SM3_OID) == 0)
794  {
795  *signAlgo = X509_SIGN_ALGO_SM2;
796  *hashAlgo = SM3_HASH_ALGO;
797  }
798  else
799 #endif
800 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
801  //Ed25519 signature algorithm?
802  if(OID_COMP(oid, oidLen, ED25519_OID) == 0)
803  {
804  *signAlgo = X509_SIGN_ALGO_ED25519;
805  *hashAlgo = NULL;
806  }
807  else
808 #endif
809 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
810  //Ed448 signature algorithm?
811  if(OID_COMP(oid, oidLen, ED448_OID) == 0)
812  {
813  *signAlgo = X509_SIGN_ALGO_ED448;
814  *hashAlgo = NULL;
815  }
816  else
817 #endif
818  //Unknown signature algorithm?
819  {
821  }
822 
823  //Return status code
824  return error;
825 }
826 
827 
828 /**
829  * @brief Get the public key type that matches the specified OID
830  * @param[in] oid Object identifier
831  * @param[in] length OID length
832  * @return Public key type
833  **/
834 
836 {
837  X509KeyType keyType;
838 
839  //Invalid parameters?
840  if(oid == NULL || length == 0)
841  {
842  keyType = X509_KEY_TYPE_UNKNOWN;
843  }
844 #if (RSA_SUPPORT == ENABLED)
845  //RSA algorithm identifier?
846  else if(OID_COMP(oid, length, RSA_ENCRYPTION_OID) == 0)
847  {
848  keyType = X509_KEY_TYPE_RSA;
849  }
850  //RSA-PSS algorithm identifier?
851  else if(OID_COMP(oid, length, RSASSA_PSS_OID) == 0)
852  {
853  keyType = X509_KEY_TYPE_RSA_PSS;
854  }
855 #endif
856 #if (DSA_SUPPORT == ENABLED)
857  //DSA algorithm identifier?
858  else if(OID_COMP(oid, length, DSA_OID) == 0)
859  {
860  keyType = X509_KEY_TYPE_DSA;
861  }
862 #endif
863 #if (EC_SUPPORT == ENABLED)
864  //EC public key identifier?
865  else if(OID_COMP(oid, length, EC_PUBLIC_KEY_OID) == 0)
866  {
867  keyType = X509_KEY_TYPE_EC;
868  }
869 #endif
870 #if (X25519_SUPPORT == ENABLED)
871  //X25519 algorithm identifier?
872  else if(OID_COMP(oid, length, X25519_OID) == 0)
873  {
874  keyType = X509_KEY_TYPE_X25519;
875  }
876 #endif
877 #if (ED25519_SUPPORT == ENABLED)
878  //Ed25519 algorithm identifier?
879  else if(OID_COMP(oid, length, ED25519_OID) == 0)
880  {
881  keyType = X509_KEY_TYPE_ED25519;
882  }
883 #endif
884 #if (X448_SUPPORT == ENABLED)
885  //X448 algorithm identifier?
886  else if(OID_COMP(oid, length, X448_OID) == 0)
887  {
888  keyType = X509_KEY_TYPE_X448;
889  }
890 #endif
891 #if (ED448_SUPPORT == ENABLED)
892  //Ed448 algorithm identifier?
893  else if(OID_COMP(oid, length, ED448_OID) == 0)
894  {
895  keyType = X509_KEY_TYPE_ED448;
896  }
897 #endif
898  //Unknown algorithm identifier?
899  else
900  {
901  keyType = X509_KEY_TYPE_UNKNOWN;
902  }
903 
904  //Return public key type
905  return keyType;
906 }
907 
908 
909 /**
910  * @brief Get the elliptic curve that matches the specified OID
911  * @param[in] oid Object identifier
912  * @param[in] length Length of the OID, in bytes
913  * @return Elliptic curve parameters
914  **/
915 
916 const EcCurve *x509GetCurve(const uint8_t *oid, size_t length)
917 {
918  const EcCurve *curve;
919 
920  //Default elliptic curve parameters
921  curve = NULL;
922 
923 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
924  //Invalid parameters?
925  if(oid == NULL || length == 0)
926  {
927  curve = NULL;
928  }
929 #if (X509_SECP112R1_SUPPORT == ENABLED)
930  //secp112r1 elliptic curve?
931  else if(OID_COMP(oid, length, SECP112R1_OID) == 0)
932  {
933  curve = ecGetCurve(oid, length);
934  }
935 #endif
936 #if (X509_SECP112R2_SUPPORT == ENABLED)
937  //secp112r2 elliptic curve?
938  else if(OID_COMP(oid, length, SECP112R2_OID) == 0)
939  {
940  curve = ecGetCurve(oid, length);
941  }
942 #endif
943 #if (X509_SECP128R1_SUPPORT == ENABLED)
944  //secp128r1 elliptic curve?
945  else if(OID_COMP(oid, length, SECP128R1_OID) == 0)
946  {
947  curve = ecGetCurve(oid, length);
948  }
949 #endif
950 #if (X509_SECP128R2_SUPPORT == ENABLED)
951  //secp128r2 elliptic curve?
952  else if(OID_COMP(oid, length, SECP128R2_OID) == 0)
953  {
954  curve = ecGetCurve(oid, length);
955  }
956 #endif
957 #if (X509_SECP160K1_SUPPORT == ENABLED)
958  //secp160k1 elliptic curve?
959  else if(OID_COMP(oid, length, SECP160K1_OID) == 0)
960  {
961  curve = ecGetCurve(oid, length);
962  }
963 #endif
964 #if (X509_SECP160R1_SUPPORT == ENABLED)
965  //secp160r1 elliptic curve?
966  else if(OID_COMP(oid, length, SECP160R1_OID) == 0)
967  {
968  curve = ecGetCurve(oid, length);
969  }
970 #endif
971 #if (X509_SECP160R2_SUPPORT == ENABLED)
972  //secp160r2 elliptic curve?
973  else if(OID_COMP(oid, length, SECP160R2_OID) == 0)
974  {
975  curve = ecGetCurve(oid, length);
976  }
977 #endif
978 #if (X509_SECP192K1_SUPPORT == ENABLED)
979  //secp192k1 elliptic curve?
980  else if(OID_COMP(oid, length, SECP192K1_OID) == 0)
981  {
982  curve = ecGetCurve(oid, length);
983  }
984 #endif
985 #if (X509_SECP192R1_SUPPORT == ENABLED)
986  //secp192r1 elliptic curve?
987  else if(OID_COMP(oid, length, SECP192R1_OID) == 0)
988  {
989  curve = ecGetCurve(oid, length);
990  }
991 #endif
992 #if (X509_SECP224K1_SUPPORT == ENABLED)
993  //secp224k1 elliptic curve?
994  else if(OID_COMP(oid, length, SECP224K1_OID) == 0)
995  {
996  curve = ecGetCurve(oid, length);
997  }
998 #endif
999 #if (X509_SECP224R1_SUPPORT == ENABLED)
1000  //secp224r1 elliptic curve?
1001  else if(OID_COMP(oid, length, SECP224R1_OID) == 0)
1002  {
1003  curve = ecGetCurve(oid, length);
1004  }
1005 #endif
1006 #if (X509_SECP256K1_SUPPORT == ENABLED)
1007  //secp256k1 elliptic curve?
1008  else if(OID_COMP(oid, length, SECP256K1_OID) == 0)
1009  {
1010  curve = ecGetCurve(oid, length);
1011  }
1012 #endif
1013 #if (X509_SECP256R1_SUPPORT == ENABLED)
1014  //secp256r1 elliptic curve?
1015  else if(OID_COMP(oid, length, SECP256R1_OID) == 0)
1016  {
1017  curve = ecGetCurve(oid, length);
1018  }
1019 #endif
1020 #if (X509_SECP384R1_SUPPORT == ENABLED)
1021  //secp384r1 elliptic curve?
1022  else if(OID_COMP(oid, length, SECP384R1_OID) == 0)
1023  {
1024  curve = ecGetCurve(oid, length);
1025  }
1026 #endif
1027 #if (X509_SECP521R1_SUPPORT == ENABLED)
1028  //secp521r1 elliptic curve?
1029  else if(OID_COMP(oid, length, SECP521R1_OID) == 0)
1030  {
1031  curve = ecGetCurve(oid, length);
1032  }
1033 #endif
1034 #if (X509_BRAINPOOLP160R1_SUPPORT == ENABLED)
1035  //brainpoolP160r1 elliptic curve?
1036  else if(OID_COMP(oid, length, BRAINPOOLP160R1_OID) == 0)
1037  {
1038  curve = ecGetCurve(oid, length);
1039  }
1040 #endif
1041 #if (X509_BRAINPOOLP160T1_SUPPORT == ENABLED)
1042  //brainpoolP160t1 elliptic curve?
1043  else if(OID_COMP(oid, length, BRAINPOOLP160T1_OID) == 0)
1044  {
1045  curve = ecGetCurve(oid, length);
1046  }
1047 #endif
1048 #if (X509_BRAINPOOLP192R1_SUPPORT == ENABLED)
1049  //brainpoolP192r1 elliptic curve?
1050  else if(OID_COMP(oid, length, BRAINPOOLP192R1_OID) == 0)
1051  {
1052  curve = ecGetCurve(oid, length);
1053  }
1054 #endif
1055 #if (X509_BRAINPOOLP192T1_SUPPORT == ENABLED)
1056  //brainpoolP192t1 elliptic curve?
1057  else if(OID_COMP(oid, length, BRAINPOOLP192T1_OID) == 0)
1058  {
1059  curve = ecGetCurve(oid, length);
1060  }
1061 #endif
1062 #if (X509_BRAINPOOLP224R1_SUPPORT == ENABLED)
1063  //brainpoolP224r1 elliptic curve?
1064  else if(OID_COMP(oid, length, BRAINPOOLP224R1_OID) == 0)
1065  {
1066  curve = ecGetCurve(oid, length);
1067  }
1068 #endif
1069 #if (X509_BRAINPOOLP224T1_SUPPORT == ENABLED)
1070  //brainpoolP224t1 elliptic curve?
1071  else if(OID_COMP(oid, length, BRAINPOOLP224T1_OID) == 0)
1072  {
1073  curve = ecGetCurve(oid, length);
1074  }
1075 #endif
1076 #if (X509_BRAINPOOLP256R1_SUPPORT == ENABLED)
1077  //brainpoolP256r1 elliptic curve?
1078  else if(OID_COMP(oid, length, BRAINPOOLP256R1_OID) == 0)
1079  {
1080  curve = ecGetCurve(oid, length);
1081  }
1082 #endif
1083 #if (X509_BRAINPOOLP256T1_SUPPORT == ENABLED)
1084  //brainpoolP256t1 elliptic curve?
1085  else if(OID_COMP(oid, length, BRAINPOOLP256T1_OID) == 0)
1086  {
1087  curve = ecGetCurve(oid, length);
1088  }
1089 #endif
1090 #if (X509_BRAINPOOLP320R1_SUPPORT == ENABLED)
1091  //brainpoolP320r1 elliptic curve?
1092  else if(OID_COMP(oid, length, BRAINPOOLP320R1_OID) == 0)
1093  {
1094  curve = ecGetCurve(oid, length);
1095  }
1096 #endif
1097 #if (X509_BRAINPOOLP320T1_SUPPORT == ENABLED)
1098  //brainpoolP320t1 elliptic curve?
1099  else if(OID_COMP(oid, length, BRAINPOOLP320T1_OID) == 0)
1100  {
1101  curve = ecGetCurve(oid, length);
1102  }
1103 #endif
1104 #if (X509_BRAINPOOLP384R1_SUPPORT == ENABLED)
1105  //brainpoolP384r1 elliptic curve?
1106  else if(OID_COMP(oid, length, BRAINPOOLP384R1_OID) == 0)
1107  {
1108  curve = ecGetCurve(oid, length);
1109  }
1110 #endif
1111 #if (X509_BRAINPOOLP384T1_SUPPORT == ENABLED)
1112  //brainpoolP384t1 elliptic curve?
1113  else if(OID_COMP(oid, length, BRAINPOOLP384T1_OID) == 0)
1114  {
1115  curve = ecGetCurve(oid, length);
1116  }
1117 #endif
1118 #if (X509_BRAINPOOLP512R1_SUPPORT == ENABLED)
1119  //brainpoolP512r1 elliptic curve?
1120  else if(OID_COMP(oid, length, BRAINPOOLP512R1_OID) == 0)
1121  {
1122  curve = ecGetCurve(oid, length);
1123  }
1124 #endif
1125 #if (X509_BRAINPOOLP512T1_SUPPORT == ENABLED)
1126  //brainpoolP512t1 elliptic curve?
1127  else if(OID_COMP(oid, length, BRAINPOOLP512T1_OID) == 0)
1128  {
1129  curve = ecGetCurve(oid, length);
1130  }
1131 #endif
1132 #if (X509_FRP256V1_SUPPORT == ENABLED)
1133  //FRP256v1 elliptic curve?
1134  else if(OID_COMP(oid, length, FRP256V1_OID) == 0)
1135  {
1136  curve = ecGetCurve(oid, length);
1137  }
1138 #endif
1139 #if (X509_SM2_SUPPORT == ENABLED)
1140  //SM2 elliptic curve?
1141  else if(OID_COMP(oid, length, SM2_OID) == 0)
1142  {
1143  curve = ecGetCurve(oid, length);
1144  }
1145 #endif
1146 #if (X509_ED25519_SUPPORT == ENABLED)
1147  //Ed25519 elliptic curve?
1148  else if(OID_COMP(oid, length, ED25519_OID) == 0)
1149  {
1150  curve = ecGetCurve(oid, length);
1151  }
1152 #endif
1153 #if (X509_ED448_SUPPORT == ENABLED)
1154  //Ed448 elliptic curve?
1155  else if(OID_COMP(oid, length, ED448_OID) == 0)
1156  {
1157  curve = ecGetCurve(oid, length);
1158  }
1159 #endif
1160  //Unknown elliptic curve?
1161  else
1162  {
1163  curve = NULL;
1164  }
1165 #endif
1166 
1167  //Return the elliptic curve parameters, if any
1168  return curve;
1169 }
1170 
1171 #endif
const uint8_t X509_POLICY_MAPPINGS_OID[3]
Definition: x509_common.c:109
bool_t x509IsCurveSupported(const uint8_t *oid, size_t length)
Check whether a given elliptic curve is supported.
Definition: x509_common.c:385
#define SHA3_512_HASH_ALGO
Definition: sha3_512.h:45
X.509 common definitions.
@ X509_KEY_TYPE_RSA
Definition: x509_common.h:635
const uint8_t X509_DOMAIN_COMPONENT_OID[10]
Definition: x509_common.c:76
const uint8_t X509_CERTIFICATE_POLICIES_OID[3]
Definition: x509_common.c:107
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_512_OID[9]
Definition: rsa.c:82
#define SHA256_HASH_ALGO
Definition: sha256.h:49
int bool_t
Definition: compiler_port.h:61
const uint8_t X509_KP_DOC_SIGNING_OID[8]
Definition: x509_common.c:154
#define SHA1_HASH_ALGO
Definition: sha1.h:49
const uint8_t X509_KP_SERVER_AUTH_OID[8]
Definition: x509_common.c:130
const uint8_t SHA3_384_OID[9]
Definition: sha3_384.c:47
const uint8_t DSA_WITH_SHA224_OID[9]
Definition: dsa.c:55
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
Definition: x509_common.c:206
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
Definition: x509_common.c:281
const uint8_t X509_ISSUER_ALT_NAME_OID[3]
Definition: x509_common.c:87
#define SHA512_HASH_ALGO
Definition: sha512.h:49
const uint8_t X25519_OID[3]
Definition: ec_curves.c:108
const uint8_t MD5_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:59
const uint8_t X509_SUBJECT_ALT_NAME_OID[3]
Definition: x509_common.c:85
const uint8_t SHA512_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:69
@ X509_KEY_TYPE_X448
Definition: x509_common.h:642
const uint8_t X509_ORGANIZATION_NAME_OID[3]
Definition: x509_common.c:58
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_384_OID[9]
Definition: rsa.c:80
X509OctetString hashAlgo
Definition: x509_common.h:1076
const uint8_t X509_KP_CODE_SIGNING_OID[8]
Definition: x509_common.c:134
OID (Object Identifier)
#define TRUE
Definition: os_port.h:50
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_224_OID[9]
Definition: rsa.c:76
const uint8_t BRAINPOOLP512T1_OID[9]
Definition: ec_curves.c:102
const uint8_t ECDSA_WITH_SHA3_512_OID[9]
Definition: ecdsa.c:61
const uint8_t EC_PUBLIC_KEY_OID[7]
Definition: ec.c:44
const uint8_t X509_EXTENDED_KEY_USAGE_OID[3]
Definition: x509_common.c:115
const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4]
Definition: x509_common.c:128
const uint8_t SECP224R1_OID[5]
Definition: ec_curves.c:66
const uint8_t BRAINPOOLP512R1_OID[9]
Definition: ec_curves.c:100
const uint8_t X509_INVALIDITY_DATE_OID[3]
Definition: x509_common.c:95
const uint8_t BRAINPOOLP224T1_OID[9]
Definition: ec_curves.c:86
const uint8_t SECP160K1_OID[5]
Definition: ec_curves.c:54
const uint8_t X509_POLICY_CONSTRAINTS_OID[3]
Definition: x509_common.c:113
const uint8_t SECP256K1_OID[5]
Definition: ec_curves.c:68
const uint8_t ECDSA_WITH_SHA3_256_OID[9]
Definition: ecdsa.c:57
#define osMemcmp(p1, p2, length)
Definition: os_port.h:156
const uint8_t X509_KEY_USAGE_OID[3]
Definition: x509_common.c:83
const uint8_t X509_KP_TIME_STAMPING_OID[8]
Definition: x509_common.c:144
#define SM3_HASH_ALGO
Definition: sm3.h:49
const uint8_t BRAINPOOLP384R1_OID[9]
Definition: ec_curves.c:96
const uint8_t PKCS9_CHALLENGE_PASSWORD_OID[9]
Definition: x509_common.c:164
const uint8_t X509_ISSUING_DISTR_POINT_OID[3]
Definition: x509_common.c:99
const uint8_t X509_NAME_CONSTRAINTS_OID[3]
Definition: x509_common.c:103
const uint8_t RSASSA_PSS_OID[9]
Definition: rsa.c:85
const uint8_t X509_KP_OCSP_SIGNING_OID[8]
Definition: x509_common.c:146
const uint8_t X509_COUNTRY_NAME_OID[3]
Definition: x509_common.c:52
const uint8_t ECDSA_WITH_SHA256_OID[8]
Definition: ecdsa.c:49
const uint8_t BRAINPOOLP320R1_OID[9]
Definition: ec_curves.c:92
const uint8_t SECP256R1_OID[8]
Definition: ec_curves.c:70
uint8_t oid[]
Definition: lldp_tlv.h:300
const uint8_t X509_INHIBIT_ANY_POLICY_OID[3]
Definition: x509_common.c:119
const uint8_t DSA_WITH_SHA3_512_OID[9]
Definition: dsa.c:69
const uint8_t X509_PSEUDONYM_OID[3]
Definition: x509_common.c:74
const uint8_t SECP224K1_OID[5]
Definition: ec_curves.c:64
const uint8_t BRAINPOOLP256T1_OID[9]
Definition: ec_curves.c:90
Certificate parsing options.
Definition: x509_common.h:1334
const uint8_t X509_DELTA_CRL_INDICATOR_OID[3]
Definition: x509_common.c:97
const uint8_t DSA_OID[7]
Definition: dsa.c:51
const uint8_t X509_BASIC_CONSTRAINTS_OID[3]
Definition: x509_common.c:89
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_256_OID[9]
Definition: rsa.c:78
#define SHA3_224_HASH_ALGO
Definition: sha3_224.h:45
const uint8_t X509_TITLE_OID[3]
Definition: x509_common.c:62
const uint8_t SHA384_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:67
const uint8_t SECP112R1_OID[5]
Definition: ec_curves.c:46
const uint8_t SECP521R1_OID[5]
Definition: ec_curves.c:74
@ X509_KEY_TYPE_EC
Definition: x509_common.h:638
#define FALSE
Definition: os_port.h:46
X509SignatureAlgo
Signature algorithms.
Definition: x509_common.h:652
const uint8_t X509_AUTH_INFO_ACCESS_OID[8]
Definition: x509_common.c:121
const uint8_t BRAINPOOLP160R1_OID[9]
Definition: ec_curves.c:76
const X509Options X509_DEFAULT_OPTIONS
Definition: x509_common.c:169
const EcCurve * x509GetCurve(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: x509_common.c:916
error_t
Error codes.
Definition: error.h:43
const uint8_t DSA_WITH_SHA3_256_OID[9]
Definition: dsa.c:65
const uint8_t X509_INITIALS_OID[3]
Definition: x509_common.c:68
const uint8_t DSA_WITH_SHA384_OID[9]
Definition: dsa.c:59
const uint8_t X509_DN_QUALIFIER_OID[3]
Definition: x509_common.c:72
const uint8_t X509_SUBJECT_DIR_ATTR_OID[3]
Definition: x509_common.c:79
@ X509_SIGN_ALGO_ECDSA
Definition: x509_common.h:657
@ X509_HASH_ALGO_NONE
Definition: x509_common.h:670
const uint8_t SHA256_OID[9]
Definition: sha256.c:80
const uint8_t X509_LOCALITY_NAME_OID[3]
Definition: x509_common.c:54
const uint8_t BRAINPOOLP192T1_OID[9]
Definition: ec_curves.c:82
#define MD5_HASH_ALGO
Definition: md5.h:49
const uint8_t X509_REASON_CODE_OID[3]
Definition: x509_common.c:93
const uint8_t X509_KP_EMAIL_PROTECTION_OID[8]
Definition: x509_common.c:136
const uint8_t X509_SERIAL_NUMBER_OID[3]
Definition: x509_common.c:50
const uint8_t ECDSA_WITH_SHA384_OID[8]
Definition: ecdsa.c:51
const uint8_t X509_AUTHORITY_KEY_ID_OID[3]
Definition: x509_common.c:111
@ X509_HASH_ALGO_SHA1
Definition: x509_common.h:672
const uint8_t SHA3_512_OID[9]
Definition: sha3_512.c:47
const uint8_t DSA_WITH_SHA512_OID[9]
Definition: dsa.c:61
const uint8_t X509_COMMON_NAME_OID[3]
Definition: x509_common.c:46
General definitions for cryptographic algorithms.
error_t x509GetSignHashAlgo(const X509SignAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
Definition: x509_common.c:408
const uint8_t X509_KP_IPSEC_USER_OID[8]
Definition: x509_common.c:142
const uint8_t SHA3_224_OID[9]
Definition: sha3_224.c:47
@ X509_HASH_ALGO_SHA3_224
Definition: x509_common.h:677
const uint8_t SECP128R2_OID[5]
Definition: ec_curves.c:52
const uint8_t SECP160R1_OID[5]
Definition: ec_curves.c:56
const uint8_t X509_PKIX_OCSP_NO_CHECK_OID[9]
Definition: x509_common.c:123
@ X509_KEY_TYPE_RSA_PSS
Definition: x509_common.h:636
const uint8_t X509_AD_OCSP[8]
Definition: x509_common.c:159
const uint8_t X509_KP_IPSEC_IKE_OID[8]
Definition: x509_common.c:148
@ X509_HASH_ALGO_SHA224
Definition: x509_common.h:673
uint8_t length
Definition: tcp.h:375
const uint8_t X509_CRL_NUMBER_OID[3]
Definition: x509_common.c:91
const uint8_t SM2_WITH_SM3_OID[8]
Definition: sm2.c:45
X509OctetString oid
Definition: x509_common.h:1089
const uint8_t X509_CERTIFICATE_ISSUER_OID[3]
Definition: x509_common.c:101
const uint8_t ECDSA_WITH_SHA3_224_OID[9]
Definition: ecdsa.c:55
X509HashAlgo
Hash algorithms.
Definition: x509_common.h:669
const uint8_t X509_KP_CLIENT_AUTH_OID[8]
Definition: x509_common.c:132
const uint8_t ECDSA_WITH_SHA1_OID[7]
Definition: ecdsa.c:45
const uint8_t ECDSA_WITH_SHA224_OID[8]
Definition: ecdsa.c:47
@ X509_SIGN_ALGO_RSA
Definition: x509_common.h:654
const uint8_t X509_CRL_DISTR_POINTS_OID[3]
Definition: x509_common.c:105
const uint8_t SHA256_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:65
const uint8_t PKCS9_EMAIL_ADDR_OID[9]
Definition: x509_common.c:162
const uint8_t SECP192R1_OID[8]
Definition: ec_curves.c:62
const uint8_t ED448_OID[3]
Definition: ec_curves.c:114
const uint8_t ECDSA_WITH_SHA512_OID[8]
Definition: ecdsa.c:53
const uint8_t SECP384R1_OID[5]
Definition: ec_curves.c:72
Collection of hash algorithms.
const uint8_t ED25519_OID[3]
Definition: ec_curves.c:112
const uint8_t RSA_ENCRYPTION_OID[9]
Definition: rsa.c:54
const uint8_t X448_OID[3]
Definition: ec_curves.c:110
const uint8_t DSA_WITH_SHA3_384_OID[9]
Definition: dsa.c:67
@ X509_HASH_ALGO_SHA3_512
Definition: x509_common.h:680
#define SHA384_HASH_ALGO
Definition: sha384.h:45
const uint8_t BRAINPOOLP384T1_OID[9]
Definition: ec_curves.c:98
const uint8_t SECP192K1_OID[5]
Definition: ec_curves.c:60
const uint8_t X509_KP_SSH_SERVER_OID[8]
Definition: x509_common.c:152
const uint8_t DSA_WITH_SHA3_224_OID[9]
Definition: dsa.c:63
@ X509_HASH_ALGO_MD5
Definition: x509_common.h:671
const uint8_t BRAINPOOLP160T1_OID[9]
Definition: ec_curves.c:78
#define SHA3_256_HASH_ALGO
Definition: sha3_256.h:45
const uint8_t X509_FRESHEST_CRL_OID[3]
Definition: x509_common.c:117
const uint8_t SECP112R2_OID[5]
Definition: ec_curves.c:48
@ X509_SIGN_ALGO_RSA_PSS
Definition: x509_common.h:655
@ X509_KEY_TYPE_ED448
Definition: x509_common.h:643
@ X509_HASH_ALGO_SHA3_256
Definition: x509_common.h:678
@ X509_HASH_ALGO_SHA3_384
Definition: x509_common.h:679
const uint8_t BRAINPOOLP320T1_OID[9]
Definition: ec_curves.c:94
const uint8_t X509_NAME_OID[3]
Definition: x509_common.c:64
const uint8_t SHA3_256_OID[9]
Definition: sha3_256.c:47
#define OID_COMP(oid1, oidLen1, oid2)
Definition: oid.h:42
const uint8_t X509_AD_CA_ISSUERS[8]
Definition: x509_common.c:157
const uint8_t ECDSA_WITH_SHA3_384_OID[9]
Definition: ecdsa.c:59
@ X509_HASH_ALGO_SHA512
Definition: x509_common.h:676
const uint8_t X509_NS_CERT_TYPE_OID[9]
Definition: x509_common.c:125
@ X509_KEY_TYPE_DSA
Definition: x509_common.h:637
const uint8_t BRAINPOOLP224R1_OID[9]
Definition: ec_curves.c:84
const uint8_t FRP256V1_OID[10]
Definition: ec_curves.c:104
const uint8_t DSA_WITH_SHA1_OID[7]
Definition: dsa.c:53
const uint8_t DSA_WITH_SHA256_OID[9]
Definition: dsa.c:57
const uint8_t X509_GENERATION_QUALIFIER_OID[3]
Definition: x509_common.c:70
uint8_t oidLen
Definition: lldp_tlv.h:299
@ X509_HASH_ALGO_SHA384
Definition: x509_common.h:675
@ X509_HASH_ALGO_SHA256
Definition: x509_common.h:674
const uint8_t BRAINPOOLP192R1_OID[9]
Definition: ec_curves.c:80
const uint8_t SHA512_OID[9]
Definition: sha512.c:97
const uint8_t X509_KP_IPSEC_TUNNEL_OID[8]
Definition: x509_common.c:140
const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3]
Definition: x509_common.c:60
const EcCurve * ecGetCurve(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: ec_curves.c:5888
const uint8_t SECP160R2_OID[5]
Definition: ec_curves.c:58
const uint8_t X509_SURNAME_OID[3]
Definition: x509_common.c:48
const uint8_t SHA1_OID[5]
Definition: sha1.c:73
#define SHA224_HASH_ALGO
Definition: sha224.h:45
const uint8_t SHA224_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:63
const uint8_t X509_GIVEN_NAME_OID[3]
Definition: x509_common.c:66
const uint8_t X509_SUBJECT_KEY_ID_OID[3]
Definition: x509_common.c:81
const uint8_t * value
Definition: x509_common.h:702
Common interface for hash algorithms.
Definition: crypto.h:1089
@ X509_KEY_TYPE_UNKNOWN
Definition: x509_common.h:634
#define EcCurve
Definition: ec.h:346
const uint8_t SHA224_OID[9]
Definition: sha224.c:47
const uint8_t X509_KP_IPSEC_END_SYSTEM_OID[8]
Definition: x509_common.c:138
bool_t x509CompareName(const uint8_t *name1, size_t nameLen1, const uint8_t *name2, size_t nameLen2)
Compare distinguished names.
Definition: x509_common.c:184
@ ERROR_UNSUPPORTED_SIGNATURE_ALGO
Definition: error.h:132
@ X509_SIGN_ALGO_SM2
Definition: x509_common.h:658
@ X509_SIGN_ALGO_ED25519
Definition: x509_common.h:659
@ X509_KEY_TYPE_ED25519
Definition: x509_common.h:641
X509KeyType
Public Key types.
Definition: x509_common.h:633
@ X509_SIGN_ALGO_NONE
Definition: x509_common.h:653
X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length)
Get the public key type that matches the specified OID.
Definition: x509_common.c:835
const uint8_t SHA384_OID[9]
Definition: sha384.c:47
@ X509_HASH_ALGO_SM3
Definition: x509_common.h:681
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:1091
const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[]
Definition: x509_common.c:56
const uint8_t SHA1_WITH_RSA_ENCRYPTION_OID[9]
Definition: rsa.c:61
const uint8_t PKCS9_EXTENSION_REQUEST_OID[9]
Definition: x509_common.c:166
#define SHA3_384_HASH_ALGO
Definition: sha3_384.h:45
Signature algorithm identifier.
Definition: x509_common.h:1088
@ NO_ERROR
Success.
Definition: error.h:44
const uint8_t SECP128R1_OID[5]
Definition: ec_curves.c:50
Debugging facilities.
@ X509_KEY_TYPE_X25519
Definition: x509_common.h:640
ASN.1 (Abstract Syntax Notation One)
@ X509_SIGN_ALGO_DSA
Definition: x509_common.h:656
@ X509_SIGN_ALGO_ED448
Definition: x509_common.h:660
const uint8_t BRAINPOOLP256R1_OID[9]
Definition: ec_curves.c:88
const uint8_t X509_KP_SSH_CLIENT_OID[8]
Definition: x509_common.c:150
const uint8_t SM2_OID[8]
Definition: ec_curves.c:106