Go to the documentation of this file.
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
43 #if (X509_SUPPORT == ENABLED)
159 const uint8_t
X509_AD_OCSP[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02};
185 const uint8_t *name2,
size_t nameLen2)
188 if(nameLen1 != nameLen2)
192 if(
osMemcmp(name1, name2, nameLen1))
215 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
222 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
229 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
236 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
243 #if (X509_SM2_SUPPORT == ENABLED && SM2_SUPPORT == ENABLED)
250 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
257 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
290 #if (X509_MD5_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
297 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
304 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
311 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
318 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
325 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
332 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
339 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
346 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
353 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
360 #if (X509_SM3_SUPPORT == ENABLED && SM3_SUPPORT == ENABLED)
426 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
427 #if (X509_MD5_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
436 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
445 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
454 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
463 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
472 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
481 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
490 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
499 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
508 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
518 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
526 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
536 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
546 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
556 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
566 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
576 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
586 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
596 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
606 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
624 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
625 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
634 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
643 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
652 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
661 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
670 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
679 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
688 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
697 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
707 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
708 #if (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
717 #if (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
726 #if (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
735 #if (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
744 #if (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
753 #if (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
762 #if (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
771 #if (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
780 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
790 #if (X509_SM2_SUPPORT == ENABLED && SM2_SUPPORT == ENABLED && \
791 X509_SM3_SUPPORT == ENABLED && SM3_SUPPORT == ENABLED)
800 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
809 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
844 #if (RSA_SUPPORT == ENABLED)
856 #if (DSA_SUPPORT == ENABLED)
863 #if (EC_SUPPORT == ENABLED)
870 #if (X25519_SUPPORT == ENABLED)
877 #if (ED25519_SUPPORT == ENABLED)
884 #if (X448_SUPPORT == ENABLED)
891 #if (ED448_SUPPORT == ENABLED)
923 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
929 #if (X509_SECP112R1_SUPPORT == ENABLED)
936 #if (X509_SECP112R2_SUPPORT == ENABLED)
943 #if (X509_SECP128R1_SUPPORT == ENABLED)
950 #if (X509_SECP128R2_SUPPORT == ENABLED)
957 #if (X509_SECP160K1_SUPPORT == ENABLED)
964 #if (X509_SECP160R1_SUPPORT == ENABLED)
971 #if (X509_SECP160R2_SUPPORT == ENABLED)
978 #if (X509_SECP192K1_SUPPORT == ENABLED)
985 #if (X509_SECP192R1_SUPPORT == ENABLED)
992 #if (X509_SECP224K1_SUPPORT == ENABLED)
999 #if (X509_SECP224R1_SUPPORT == ENABLED)
1006 #if (X509_SECP256K1_SUPPORT == ENABLED)
1013 #if (X509_SECP256R1_SUPPORT == ENABLED)
1020 #if (X509_SECP384R1_SUPPORT == ENABLED)
1027 #if (X509_SECP521R1_SUPPORT == ENABLED)
1034 #if (X509_BRAINPOOLP160R1_SUPPORT == ENABLED)
1041 #if (X509_BRAINPOOLP160T1_SUPPORT == ENABLED)
1048 #if (X509_BRAINPOOLP192R1_SUPPORT == ENABLED)
1055 #if (X509_BRAINPOOLP192T1_SUPPORT == ENABLED)
1062 #if (X509_BRAINPOOLP224R1_SUPPORT == ENABLED)
1069 #if (X509_BRAINPOOLP224T1_SUPPORT == ENABLED)
1076 #if (X509_BRAINPOOLP256R1_SUPPORT == ENABLED)
1083 #if (X509_BRAINPOOLP256T1_SUPPORT == ENABLED)
1090 #if (X509_BRAINPOOLP320R1_SUPPORT == ENABLED)
1097 #if (X509_BRAINPOOLP320T1_SUPPORT == ENABLED)
1104 #if (X509_BRAINPOOLP384R1_SUPPORT == ENABLED)
1111 #if (X509_BRAINPOOLP384T1_SUPPORT == ENABLED)
1118 #if (X509_BRAINPOOLP512R1_SUPPORT == ENABLED)
1125 #if (X509_BRAINPOOLP512T1_SUPPORT == ENABLED)
1132 #if (X509_FRP256V1_SUPPORT == ENABLED)
1139 #if (X509_SM2_SUPPORT == ENABLED)
1146 #if (X509_ED25519_SUPPORT == ENABLED)
1153 #if (X509_ED448_SUPPORT == ENABLED)
const uint8_t X509_POLICY_MAPPINGS_OID[3]
bool_t x509IsCurveSupported(const uint8_t *oid, size_t length)
Check whether a given elliptic curve is supported.
#define SHA3_512_HASH_ALGO
X.509 common definitions.
const uint8_t X509_DOMAIN_COMPONENT_OID[10]
const uint8_t X509_CERTIFICATE_POLICIES_OID[3]
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_512_OID[9]
const uint8_t X509_KP_DOC_SIGNING_OID[8]
const uint8_t X509_KP_SERVER_AUTH_OID[8]
const uint8_t SHA3_384_OID[9]
const uint8_t DSA_WITH_SHA224_OID[9]
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
const uint8_t X509_ISSUER_ALT_NAME_OID[3]
const uint8_t X25519_OID[3]
const uint8_t MD5_WITH_RSA_ENCRYPTION_OID[9]
const uint8_t X509_SUBJECT_ALT_NAME_OID[3]
const uint8_t SHA512_WITH_RSA_ENCRYPTION_OID[9]
const uint8_t X509_ORGANIZATION_NAME_OID[3]
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_384_OID[9]
const uint8_t X509_KP_CODE_SIGNING_OID[8]
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_224_OID[9]
const uint8_t BRAINPOOLP512T1_OID[9]
const uint8_t ECDSA_WITH_SHA3_512_OID[9]
const uint8_t EC_PUBLIC_KEY_OID[7]
const uint8_t X509_EXTENDED_KEY_USAGE_OID[3]
const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4]
const uint8_t SECP224R1_OID[5]
const uint8_t BRAINPOOLP512R1_OID[9]
const uint8_t X509_INVALIDITY_DATE_OID[3]
const uint8_t BRAINPOOLP224T1_OID[9]
const uint8_t SECP160K1_OID[5]
const uint8_t X509_POLICY_CONSTRAINTS_OID[3]
const uint8_t SECP256K1_OID[5]
const uint8_t ECDSA_WITH_SHA3_256_OID[9]
#define osMemcmp(p1, p2, length)
const uint8_t X509_KEY_USAGE_OID[3]
const uint8_t X509_KP_TIME_STAMPING_OID[8]
const uint8_t BRAINPOOLP384R1_OID[9]
const uint8_t PKCS9_CHALLENGE_PASSWORD_OID[9]
const uint8_t X509_ISSUING_DISTR_POINT_OID[3]
const uint8_t X509_NAME_CONSTRAINTS_OID[3]
const uint8_t RSASSA_PSS_OID[9]
const uint8_t X509_KP_OCSP_SIGNING_OID[8]
const uint8_t X509_COUNTRY_NAME_OID[3]
const uint8_t ECDSA_WITH_SHA256_OID[8]
const uint8_t BRAINPOOLP320R1_OID[9]
const uint8_t SECP256R1_OID[8]
const uint8_t X509_INHIBIT_ANY_POLICY_OID[3]
const uint8_t DSA_WITH_SHA3_512_OID[9]
const uint8_t X509_PSEUDONYM_OID[3]
const uint8_t SECP224K1_OID[5]
const uint8_t BRAINPOOLP256T1_OID[9]
Certificate parsing options.
const uint8_t X509_DELTA_CRL_INDICATOR_OID[3]
const uint8_t X509_BASIC_CONSTRAINTS_OID[3]
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_256_OID[9]
#define SHA3_224_HASH_ALGO
const uint8_t X509_TITLE_OID[3]
const uint8_t SHA384_WITH_RSA_ENCRYPTION_OID[9]
const uint8_t SECP112R1_OID[5]
const uint8_t SECP521R1_OID[5]
X509SignatureAlgo
Signature algorithms.
const uint8_t X509_AUTH_INFO_ACCESS_OID[8]
const uint8_t BRAINPOOLP160R1_OID[9]
const X509Options X509_DEFAULT_OPTIONS
const EcCurve * x509GetCurve(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
const uint8_t DSA_WITH_SHA3_256_OID[9]
const uint8_t X509_INITIALS_OID[3]
const uint8_t DSA_WITH_SHA384_OID[9]
const uint8_t X509_DN_QUALIFIER_OID[3]
const uint8_t X509_SUBJECT_DIR_ATTR_OID[3]
const uint8_t SHA256_OID[9]
const uint8_t X509_LOCALITY_NAME_OID[3]
const uint8_t BRAINPOOLP192T1_OID[9]
const uint8_t X509_REASON_CODE_OID[3]
const uint8_t X509_KP_EMAIL_PROTECTION_OID[8]
const uint8_t X509_SERIAL_NUMBER_OID[3]
const uint8_t ECDSA_WITH_SHA384_OID[8]
const uint8_t X509_AUTHORITY_KEY_ID_OID[3]
const uint8_t SHA3_512_OID[9]
const uint8_t DSA_WITH_SHA512_OID[9]
const uint8_t X509_COMMON_NAME_OID[3]
General definitions for cryptographic algorithms.
error_t x509GetSignHashAlgo(const X509SignAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
const uint8_t X509_KP_IPSEC_USER_OID[8]
const uint8_t SHA3_224_OID[9]
@ X509_HASH_ALGO_SHA3_224
const uint8_t SECP128R2_OID[5]
const uint8_t SECP160R1_OID[5]
const uint8_t X509_PKIX_OCSP_NO_CHECK_OID[9]
const uint8_t X509_AD_OCSP[8]
const uint8_t X509_KP_IPSEC_IKE_OID[8]
const uint8_t X509_CRL_NUMBER_OID[3]
const uint8_t SM2_WITH_SM3_OID[8]
const uint8_t X509_CERTIFICATE_ISSUER_OID[3]
const uint8_t ECDSA_WITH_SHA3_224_OID[9]
X509HashAlgo
Hash algorithms.
const uint8_t X509_KP_CLIENT_AUTH_OID[8]
const uint8_t ECDSA_WITH_SHA1_OID[7]
const uint8_t ECDSA_WITH_SHA224_OID[8]
const uint8_t X509_CRL_DISTR_POINTS_OID[3]
const uint8_t SHA256_WITH_RSA_ENCRYPTION_OID[9]
const uint8_t PKCS9_EMAIL_ADDR_OID[9]
const uint8_t SECP192R1_OID[8]
const uint8_t ED448_OID[3]
const uint8_t ECDSA_WITH_SHA512_OID[8]
const uint8_t SECP384R1_OID[5]
Collection of hash algorithms.
const uint8_t ED25519_OID[3]
const uint8_t RSA_ENCRYPTION_OID[9]
const uint8_t X448_OID[3]
const uint8_t DSA_WITH_SHA3_384_OID[9]
@ X509_HASH_ALGO_SHA3_512
const uint8_t BRAINPOOLP384T1_OID[9]
const uint8_t SECP192K1_OID[5]
const uint8_t X509_KP_SSH_SERVER_OID[8]
const uint8_t DSA_WITH_SHA3_224_OID[9]
const uint8_t BRAINPOOLP160T1_OID[9]
#define SHA3_256_HASH_ALGO
const uint8_t X509_FRESHEST_CRL_OID[3]
const uint8_t SECP112R2_OID[5]
@ X509_HASH_ALGO_SHA3_256
@ X509_HASH_ALGO_SHA3_384
const uint8_t BRAINPOOLP320T1_OID[9]
const uint8_t X509_NAME_OID[3]
const uint8_t SHA3_256_OID[9]
#define OID_COMP(oid1, oidLen1, oid2)
const uint8_t X509_AD_CA_ISSUERS[8]
const uint8_t ECDSA_WITH_SHA3_384_OID[9]
const uint8_t X509_NS_CERT_TYPE_OID[9]
const uint8_t BRAINPOOLP224R1_OID[9]
const uint8_t FRP256V1_OID[10]
const uint8_t DSA_WITH_SHA1_OID[7]
const uint8_t DSA_WITH_SHA256_OID[9]
const uint8_t X509_GENERATION_QUALIFIER_OID[3]
const uint8_t BRAINPOOLP192R1_OID[9]
const uint8_t SHA512_OID[9]
const uint8_t X509_KP_IPSEC_TUNNEL_OID[8]
const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3]
const EcCurve * ecGetCurve(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
const uint8_t SECP160R2_OID[5]
const uint8_t X509_SURNAME_OID[3]
const uint8_t SHA1_OID[5]
const uint8_t SHA224_WITH_RSA_ENCRYPTION_OID[9]
const uint8_t X509_GIVEN_NAME_OID[3]
const uint8_t X509_SUBJECT_KEY_ID_OID[3]
Common interface for hash algorithms.
const uint8_t SHA224_OID[9]
const uint8_t X509_KP_IPSEC_END_SYSTEM_OID[8]
bool_t x509CompareName(const uint8_t *name1, size_t nameLen1, const uint8_t *name2, size_t nameLen2)
Compare distinguished names.
@ ERROR_UNSUPPORTED_SIGNATURE_ALGO
X509KeyType
Public Key types.
X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length)
Get the public key type that matches the specified OID.
const uint8_t SHA384_OID[9]
X509RsaPssParameters rsaPssParams
const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[]
const uint8_t SHA1_WITH_RSA_ENCRYPTION_OID[9]
const uint8_t PKCS9_EXTENSION_REQUEST_OID[9]
#define SHA3_384_HASH_ALGO
Signature algorithm identifier.
const uint8_t SECP128R1_OID[5]
ASN.1 (Abstract Syntax Notation One)
const uint8_t BRAINPOOLP256R1_OID[9]
const uint8_t X509_KP_SSH_CLIENT_OID[8]