x509_common.h
Go to the documentation of this file.
1 /**
2  * @file x509_common.h
3  * @brief X.509 common definitions
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneCrypto Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @author Oryx Embedded SARL (www.oryx-embedded.com)
26  * @version 1.9.0
27  **/
28 
29 #ifndef _X509_COMMON_H
30 #define _X509_COMMON_H
31 
32 //Dependencies
33 #include "core/crypto.h"
34 #include "pkc/rsa.h"
35 #include "pkc/dsa.h"
36 #include "ecc/ecdsa.h"
37 #include "date_time.h"
38 
39 //RSA certificate support
40 #ifndef X509_RSA_SUPPORT
41  #define X509_RSA_SUPPORT ENABLED
42 #elif (X509_RSA_SUPPORT != ENABLED && X509_RSA_SUPPORT != DISABLED)
43  #error X509_RSA_SUPPORT
44 #endif
45 
46 //RSA-PSS certificate support
47 #ifndef X509_RSA_PSS_SUPPORT
48  #define X509_RSA_PSS_SUPPORT DISABLED
49 #elif (X509_RSA_PSS_SUPPORT != ENABLED && X509_RSA_PSS_SUPPORT != DISABLED)
50  #error X509_RSA_PSS_SUPPORT
51 #endif
52 
53 //DSA certificate support
54 #ifndef X509_DSA_SUPPORT
55  #define X509_DSA_SUPPORT DISABLED
56 #elif (X509_DSA_SUPPORT != ENABLED && X509_DSA_SUPPORT != DISABLED)
57  #error X509_DSA_SUPPORT parameter is not valid
58 #endif
59 
60 //ECDSA certificate support
61 #ifndef X509_ECDSA_SUPPORT
62  #define X509_ECDSA_SUPPORT ENABLED
63 #elif (X509_ECDSA_SUPPORT != ENABLED && X509_ECDSA_SUPPORT != DISABLED)
64  #error X509_ECDSA_SUPPORT parameter is not valid
65 #endif
66 
67 //MD5 hash support (insecure)
68 #ifndef X509_MD5_SUPPORT
69  #define X509_MD5_SUPPORT DISABLED
70 #elif (X509_MD5_SUPPORT != ENABLED && X509_MD5_SUPPORT != DISABLED)
71  #error X509_MD5_SUPPORT parameter is not valid
72 #endif
73 
74 //SHA-1 hash support (weak)
75 #ifndef X509_SHA1_SUPPORT
76  #define X509_SHA1_SUPPORT ENABLED
77 #elif (X509_SHA1_SUPPORT != ENABLED && X509_SHA1_SUPPORT != DISABLED)
78  #error X509_SHA1_SUPPORT parameter is not valid
79 #endif
80 
81 //SHA-224 hash support (weak)
82 #ifndef X509_SHA224_SUPPORT
83  #define X509_SHA224_SUPPORT DISABLED
84 #elif (X509_SHA224_SUPPORT != ENABLED && X509_SHA224_SUPPORT != DISABLED)
85  #error X509_SHA224_SUPPORT parameter is not valid
86 #endif
87 
88 //SHA-256 hash support
89 #ifndef X509_SHA256_SUPPORT
90  #define X509_SHA256_SUPPORT ENABLED
91 #elif (X509_SHA256_SUPPORT != ENABLED && X509_SHA256_SUPPORT != DISABLED)
92  #error X509_SHA256_SUPPORT parameter is not valid
93 #endif
94 
95 //SHA-384 hash support
96 #ifndef X509_SHA384_SUPPORT
97  #define X509_SHA384_SUPPORT ENABLED
98 #elif (X509_SHA384_SUPPORT != ENABLED && X509_SHA384_SUPPORT != DISABLED)
99  #error X509_SHA384_SUPPORT parameter is not valid
100 #endif
101 
102 //SHA-512 hash support
103 #ifndef X509_SHA512_SUPPORT
104  #define X509_SHA512_SUPPORT ENABLED
105 #elif (X509_SHA512_SUPPORT != ENABLED && X509_SHA512_SUPPORT != DISABLED)
106  #error X509_SHA512_SUPPORT parameter is not valid
107 #endif
108 
109 //SHA3-224 hash support
110 #ifndef X509_SHA3_224_SUPPORT
111  #define X509_SHA3_224_SUPPORT DISABLED
112 #elif (X509_SHA3_224_SUPPORT != ENABLED && X509_SHA3_224_SUPPORT != DISABLED)
113  #error X509_SHA3_224_SUPPORT parameter is not valid
114 #endif
115 
116 //SHA3-256 hash support
117 #ifndef X509_SHA3_256_SUPPORT
118  #define X509_SHA3_256_SUPPORT DISABLED
119 #elif (X509_SHA3_256_SUPPORT != ENABLED && X509_SHA3_256_SUPPORT != DISABLED)
120  #error X509_SHA3_256_SUPPORT parameter is not valid
121 #endif
122 
123 //SHA3-384 hash support
124 #ifndef X509_SHA3_384_SUPPORT
125  #define X509_SHA3_384_SUPPORT DISABLED
126 #elif (X509_SHA3_384_SUPPORT != ENABLED && X509_SHA3_384_SUPPORT != DISABLED)
127  #error X509_SHA3_384_SUPPORT parameter is not valid
128 #endif
129 
130 //SHA3-512 hash support
131 #ifndef X509_SHA3_512_SUPPORT
132  #define X509_SHA3_512_SUPPORT DISABLED
133 #elif (X509_SHA3_512_SUPPORT != ENABLED && X509_SHA3_512_SUPPORT != DISABLED)
134  #error X509_SHA3_512_SUPPORT parameter is not valid
135 #endif
136 
137 //secp112r1 elliptic curve support (weak)
138 #ifndef X509_SECP112R1_SUPPORT
139  #define X509_SECP112R1_SUPPORT DISABLED
140 #elif (X509_SECP112R1_SUPPORT != ENABLED && X509_SECP112R1_SUPPORT != DISABLED)
141  #error X509_SECP112R1_SUPPORT parameter is not valid
142 #endif
143 
144 //secp112r2 elliptic curve support (weak)
145 #ifndef X509_SECP112R2_SUPPORT
146  #define X509_SECP112R2_SUPPORT DISABLED
147 #elif (X509_SECP112R2_SUPPORT != ENABLED && X509_SECP112R2_SUPPORT != DISABLED)
148  #error X509_SECP112R2_SUPPORT parameter is not valid
149 #endif
150 
151 //secp128r1 elliptic curve support (weak)
152 #ifndef X509_SECP128R1_SUPPORT
153  #define X509_SECP128R1_SUPPORT DISABLED
154 #elif (X509_SECP128R1_SUPPORT != ENABLED && X509_SECP128R1_SUPPORT != DISABLED)
155  #error X509_SECP128R1_SUPPORT parameter is not valid
156 #endif
157 
158 //secp128r2 elliptic curve support (weak)
159 #ifndef X509_SECP128R2_SUPPORT
160  #define X509_SECP128R2_SUPPORT DISABLED
161 #elif (X509_SECP128R2_SUPPORT != ENABLED && X509_SECP128R2_SUPPORT != DISABLED)
162  #error X509_SECP128R2_SUPPORT parameter is not valid
163 #endif
164 
165 //secp160k1 elliptic curve support (weak)
166 #ifndef X509_SECP160K1_SUPPORT
167  #define X509_SECP160K1_SUPPORT DISABLED
168 #elif (X509_SECP160K1_SUPPORT != ENABLED && X509_SECP160K1_SUPPORT != DISABLED)
169  #error X509_SECP160K1_SUPPORT parameter is not valid
170 #endif
171 
172 //secp160r1 elliptic curve support (weak)
173 #ifndef X509_SECP160R1_SUPPORT
174  #define X509_SECP160R1_SUPPORT DISABLED
175 #elif (X509_SECP160R1_SUPPORT != ENABLED && X509_SECP160R1_SUPPORT != DISABLED)
176  #error X509_SECP160R1_SUPPORT parameter is not valid
177 #endif
178 
179 //secp160r2 elliptic curve support (weak)
180 #ifndef X509_SECP160R2_SUPPORT
181  #define X509_SECP160R2_SUPPORT DISABLED
182 #elif (X509_SECP160R2_SUPPORT != ENABLED && X509_SECP160R2_SUPPORT != DISABLED)
183  #error X509_SECP160R2_SUPPORT parameter is not valid
184 #endif
185 
186 //secp192k1 elliptic curve support
187 #ifndef X509_SECP192K1_SUPPORT
188  #define X509_SECP192K1_SUPPORT DISABLED
189 #elif (X509_SECP192K1_SUPPORT != ENABLED && X509_SECP192K1_SUPPORT != DISABLED)
190  #error X509_SECP192K1_SUPPORT parameter is not valid
191 #endif
192 
193 //secp192r1 elliptic curve support (NIST P-192)
194 #ifndef X509_SECP192R1_SUPPORT
195  #define X509_SECP192R1_SUPPORT ENABLED
196 #elif (X509_SECP192R1_SUPPORT != ENABLED && X509_SECP192R1_SUPPORT != DISABLED)
197  #error X509_SECP192R1_SUPPORT parameter is not valid
198 #endif
199 
200 //secp224k1 elliptic curve support
201 #ifndef X509_SECP224K1_SUPPORT
202  #define X509_SECP224K1_SUPPORT DISABLED
203 #elif (X509_SECP224K1_SUPPORT != ENABLED && X509_SECP224K1_SUPPORT != DISABLED)
204  #error X509_SECP224K1_SUPPORT parameter is not valid
205 #endif
206 
207 //secp224r1 elliptic curve support (NIST P-224)
208 #ifndef X509_SECP224R1_SUPPORT
209  #define X509_SECP224R1_SUPPORT ENABLED
210 #elif (X509_SECP224R1_SUPPORT != ENABLED && X509_SECP224R1_SUPPORT != DISABLED)
211  #error X509_SECP224R1_SUPPORT parameter is not valid
212 #endif
213 
214 //secp256k1 elliptic curve support
215 #ifndef X509_SECP256K1_SUPPORT
216  #define X509_SECP256K1_SUPPORT DISABLED
217 #elif (X509_SECP256K1_SUPPORT != ENABLED && X509_SECP256K1_SUPPORT != DISABLED)
218  #error X509_SECP256K1_SUPPORT parameter is not valid
219 #endif
220 
221 //secp256r1 elliptic curve support (NIST P-256)
222 #ifndef X509_SECP256R1_SUPPORT
223  #define X509_SECP256R1_SUPPORT ENABLED
224 #elif (X509_SECP256R1_SUPPORT != ENABLED && X509_SECP256R1_SUPPORT != DISABLED)
225  #error X509_SECP256R1_SUPPORT parameter is not valid
226 #endif
227 
228 //secp384r1 elliptic curve support (NIST P-384)
229 #ifndef X509_SECP384R1_SUPPORT
230  #define X509_SECP384R1_SUPPORT ENABLED
231 #elif (X509_SECP384R1_SUPPORT != ENABLED && X509_SECP384R1_SUPPORT != DISABLED)
232  #error X509_SECP384R1_SUPPORT parameter is not valid
233 #endif
234 
235 //secp521r1 elliptic curve support (NIST P-521)
236 #ifndef X509_SECP521R1_SUPPORT
237  #define X509_SECP521R1_SUPPORT ENABLED
238 #elif (X509_SECP521R1_SUPPORT != ENABLED && X509_SECP521R1_SUPPORT != DISABLED)
239  #error X509_SECP521R1_SUPPORT parameter is not valid
240 #endif
241 
242 //brainpoolP160r1 elliptic curve support
243 #ifndef X509_BRAINPOOLP160R1_SUPPORT
244  #define X509_BRAINPOOLP160R1_SUPPORT DISABLED
245 #elif (X509_BRAINPOOLP160R1_SUPPORT != ENABLED && X509_BRAINPOOLP160R1_SUPPORT != DISABLED)
246  #error X509_BRAINPOOLP160R1_SUPPORT parameter is not valid
247 #endif
248 
249 //brainpoolP192r1 elliptic curve support
250 #ifndef X509_BRAINPOOLP192R1_SUPPORT
251  #define X509_BRAINPOOLP192R1_SUPPORT DISABLED
252 #elif (X509_BRAINPOOLP192R1_SUPPORT != ENABLED && X509_BRAINPOOLP192R1_SUPPORT != DISABLED)
253  #error X509_BRAINPOOLP192R1_SUPPORT parameter is not valid
254 #endif
255 
256 //brainpoolP224r1 elliptic curve support
257 #ifndef X509_BRAINPOOLP224R1_SUPPORT
258  #define X509_BRAINPOOLP224R1_SUPPORT DISABLED
259 #elif (X509_BRAINPOOLP224R1_SUPPORT != ENABLED && X509_BRAINPOOLP224R1_SUPPORT != DISABLED)
260  #error X509_BRAINPOOLP224R1_SUPPORT parameter is not valid
261 #endif
262 
263 //brainpoolP256r1 elliptic curve support
264 #ifndef X509_BRAINPOOLP256R1_SUPPORT
265  #define X509_BRAINPOOLP256R1_SUPPORT DISABLED
266 #elif (X509_BRAINPOOLP256R1_SUPPORT != ENABLED && X509_BRAINPOOLP256R1_SUPPORT != DISABLED)
267  #error X509_BRAINPOOLP256R1_SUPPORT parameter is not valid
268 #endif
269 
270 //brainpoolP320r1 elliptic curve support
271 #ifndef X509_BRAINPOOLP320R1_SUPPORT
272  #define X509_BRAINPOOLP320R1_SUPPORT DISABLED
273 #elif (X509_BRAINPOOLP320R1_SUPPORT != ENABLED && X509_BRAINPOOLP320R1_SUPPORT != DISABLED)
274  #error X509_BRAINPOOLP320R1_SUPPORT parameter is not valid
275 #endif
276 
277 //brainpoolP384r1 elliptic curve support
278 #ifndef X509_BRAINPOOLP384R1_SUPPORT
279  #define X509_BRAINPOOLP384R1_SUPPORT DISABLED
280 #elif (X509_BRAINPOOLP384R1_SUPPORT != ENABLED && X509_BRAINPOOLP384R1_SUPPORT != DISABLED)
281  #error X509_BRAINPOOLP384R1_SUPPORT parameter is not valid
282 #endif
283 
284 //brainpoolP512r1 elliptic curve support
285 #ifndef X509_BRAINPOOLP512R1_SUPPORT
286  #define X509_BRAINPOOLP512R1_SUPPORT DISABLED
287 #elif (X509_BRAINPOOLP512R1_SUPPORT != ENABLED && X509_BRAINPOOLP512R1_SUPPORT != DISABLED)
288  #error X509_BRAINPOOLP512R1_SUPPORT parameter is not valid
289 #endif
290 
291 //Ed25519 elliptic curve support
292 #ifndef X509_ED25519_SUPPORT
293  #define X509_ED25519_SUPPORT DISABLED
294 #elif (X509_ED25519_SUPPORT != ENABLED && X509_ED25519_SUPPORT != DISABLED)
295  #error X509_ED25519_SUPPORT parameter is not valid
296 #endif
297 
298 //Ed448 elliptic curve support
299 #ifndef X509_ED448_SUPPORT
300  #define X509_ED448_SUPPORT DISABLED
301 #elif (X509_ED448_SUPPORT != ENABLED && X509_ED448_SUPPORT != DISABLED)
302  #error X509_ED448_SUPPORT parameter is not valid
303 #endif
304 
305 //Minimum acceptable size for RSA modulus
306 #ifndef X509_MIN_RSA_MODULUS_SIZE
307  #define X509_MIN_RSA_MODULUS_SIZE 1024
308 #elif (X509_MIN_RSA_MODULUS_SIZE < 512)
309  #error X509_MIN_RSA_MODULUS_SIZE parameter is not valid
310 #endif
311 
312 //Maximum acceptable size for RSA modulus
313 #ifndef X509_MAX_RSA_MODULUS_SIZE
314  #define X509_MAX_RSA_MODULUS_SIZE 4096
315 #elif (X509_MAX_RSA_MODULUS_SIZE < X509_MIN_RSA_MODULUS_SIZE)
316  #error X509_MAX_RSA_MODULUS_SIZE parameter is not valid
317 #endif
318 
319 //Minimum acceptable size for DSA prime modulus
320 #ifndef X509_MIN_DSA_MODULUS_SIZE
321  #define X509_MIN_DSA_MODULUS_SIZE 1024
322 #elif (X509_MIN_DSA_MODULUS_SIZE < 512)
323  #error X509_MIN_DSA_MODULUS_SIZE parameter is not valid
324 #endif
325 
326 //Maximum acceptable size for DSA prime modulus
327 #ifndef X509_MAX_DSA_MODULUS_SIZE
328  #define X509_MAX_DSA_MODULUS_SIZE 4096
329 #elif (X509_MAX_DSA_MODULUS_SIZE < X509_MIN_DSA_MODULUS_SIZE)
330  #error X509_MAX_DSA_MODULUS_SIZE parameter is not valid
331 #endif
332 
333 //Maximum number of subject alternative names
334 #ifndef X509_MAX_SUBJECT_ALT_NAMES
335  #define X509_MAX_SUBJECT_ALT_NAMES 4
336 #elif (X509_MAX_SUBJECT_ALT_NAMES < 1)
337  #error X509_MAX_SUBJECT_ALT_NAMES parameter is not valid
338 #endif
339 
340 //C++ guard
341 #ifdef __cplusplus
342  extern "C" {
343 #endif
344 
345 
346 /**
347  * @brief X.509 versions
348  **/
349 
350 typedef enum
351 {
355 } X509Version;
356 
357 
358 /**
359  * @brief Key usage
360  **/
361 
362 typedef enum
363 {
373 } X509KeyUsage;
374 
375 
376 /**
377  * @brief Extended key usage
378  **/
379 
380 typedef enum
381 {
390 
391 
392 /**
393  * @brief General name types
394  **/
395 
396 typedef enum
397 {
408 
409 
410 /**
411  * @brief Netscape certificate types
412  **/
413 
414 typedef enum
415 {
420 
421 
422 /**
423  * @brief Signature algorithms
424  **/
425 
426 typedef enum
427 {
436 
437 
438 /**
439  * @brief Hash algorithms
440  **/
441 
442 typedef enum
443 {
455 } X509HashAlgo;
456 
457 
458 /**
459  * @brief Serial number
460  **/
461 
462 typedef struct
463 {
464  const uint8_t *data;
465  size_t length;
467 
468 
469 /**
470  * @brief Issuer or subject name
471  **/
472 
473 typedef struct
474 {
475  const uint8_t *rawData;
476  size_t rawDataLen;
479  const char_t *surname;
480  size_t surnameLen;
493  const char_t *title;
494  size_t titleLen;
495  const char_t *name;
496  size_t nameLen;
498  size_t givenNameLen;
499  const char_t *initials;
500  size_t initialsLen;
506  size_t pseudonymLen;
507 } X509Name;
508 
509 
510 /**
511  * @brief Name attribute
512  **/
513 
514 typedef struct
515 {
516  const uint8_t *type;
517  size_t typeLen;
518  const char_t *value;
519  size_t valueLen;
521 
522 
523 /**
524  * @brief Validity
525  **/
526 
527 typedef struct
528 {
531 } X509Validity;
532 
533 
534 /**
535  * @brief RSA public key
536  **/
537 
538 typedef struct
539 {
540  const uint8_t *n;
541  size_t nLen;
542  const uint8_t *e;
543  size_t eLen;
545 
546 
547 /**
548  * @brief DSA domain parameters
549  **/
550 
551 typedef struct
552 {
553  const uint8_t *p;
554  size_t pLen;
555  const uint8_t *q;
556  size_t qLen;
557  const uint8_t *g;
558  size_t gLen;
560 
561 
562 /**
563  * @brief DSA public key
564  **/
565 
566 typedef struct
567 {
568  const uint8_t *y;
569  size_t yLen;
571 
572 
573 /**
574  * @brief EC parameters
575  **/
576 
577 typedef struct
578 {
579  const uint8_t *namedCurve;
582 
583 
584 /**
585  * @brief EC public key
586  **/
587 
588 typedef struct
589 {
590  const uint8_t *q;
591  size_t qLen;
593 
594 
595 /**
596  * @brief Subject public key info
597  **/
598 
599 typedef struct
600 {
601  const uint8_t *rawData;
602  size_t rawDataLen;
603  const uint8_t *oid;
604  size_t oidLen;
605 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
607 #endif
608 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
611 #endif
612 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
615 #endif
617 
618 
619 /**
620  * @brief Basic constraints
621  **/
622 
623 typedef struct
624 {
628 
629 
630 /**
631  * @brief Name constraints
632  **/
633 
634 typedef struct
635 {
636  const uint8_t *permittedSubtrees;
638  const uint8_t *excludedSubtrees;
641 
642 
643 /**
644  * @brief General name
645  **/
646 
647 typedef struct
648 {
650  const char_t *value;
651  size_t length;
653 
654 
655 /**
656  * @brief Subject alternative name
657  **/
658 
659 typedef struct
660 {
661  const uint8_t *rawData;
662  size_t rawDataLen;
666 
667 
668 /**
669  * @brief Subject key identifier
670  **/
671 
672 typedef struct
673 {
674  const uint8_t *value;
675  size_t length;
677 
678 
679 /**
680  * @brief Authority key identifier
681  **/
682 
683 typedef struct
684 {
685  const uint8_t *value;
686  size_t length;
688 
689 
690 /**
691  * @brief Extensions
692  **/
693 
694 typedef struct
695 {
698  uint16_t keyUsage;
699  uint8_t extKeyUsage;
703  uint8_t nsCertType;
705 
706 
707 /**
708  * @brief RSASSA-PSS parameters
709  **/
710 
711 typedef struct
712 {
713  const uint8_t *hashAlgo;
714  size_t hashAlgoLen;
715  size_t saltLen;
717 
718 
719 /**
720  * @brief Signature algorithm identifier
721  **/
722 
723 typedef struct
724 {
725  const uint8_t *oid;
726  size_t oidLen;
727 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
729 #endif
731 
732 
733 /**
734  * @brief Signature value
735  **/
736 
737 typedef struct
738 {
739  const uint8_t *data;
740  size_t length;
742 
743 
744 /**
745  * @brief X.509 certificate
746  **/
747 
748 typedef struct
749 {
750  const uint8_t *tbsCertificate;
762 
763 
764 /**
765  * @brief Revoked certificate
766  **/
767 
768 typedef struct
769 {
773 
774 
775 /**
776  * @brief X.509 CRL
777  **/
778 
779 typedef struct
780 {
781  const uint8_t *tbsCertList;
787  const uint8_t *revokedCerts;
791 } X509CrlInfo;
792 
793 
794 //X.509 related constants
795 extern const uint8_t X509_COMMON_NAME_OID[3];
796 extern const uint8_t X509_SURNAME_OID[3];
797 extern const uint8_t X509_SERIAL_NUMBER_OID[3];
798 extern const uint8_t X509_COUNTRY_NAME_OID[3];
799 extern const uint8_t X509_LOCALITY_NAME_OID[3];
800 extern const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[3];
801 extern const uint8_t X509_ORGANIZATION_NAME_OID[3];
802 extern const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3];
803 extern const uint8_t X509_TITLE_OID[3];
804 extern const uint8_t X509_NAME_OID[3];
805 extern const uint8_t X509_GIVEN_NAME_OID[3];
806 extern const uint8_t X509_INITIALS_OID[3];
807 extern const uint8_t X509_GENERATION_QUALIFIER_OID[3];
808 extern const uint8_t X509_DN_QUALIFIER_OID[3];
809 extern const uint8_t X509_PSEUDONYM_OID[3];
810 
811 extern const uint8_t X509_SUBJECT_DIRECTORY_ATTR_OID[3];
812 extern const uint8_t X509_SUBJECT_KEY_ID_OID[3];
813 extern const uint8_t X509_KEY_USAGE_OID[3];
814 extern const uint8_t X509_SUBJECT_ALT_NAME_OID[3];
815 extern const uint8_t X509_ISSUER_ALT_NAME_OID[3];
816 extern const uint8_t X509_BASIC_CONSTRAINTS_OID[3];
817 extern const uint8_t X509_NAME_CONSTRAINTS_OID[3];
818 extern const uint8_t X509_CRL_DISTR_POINTS_OID[3];
819 extern const uint8_t X509_CERTIFICATE_POLICIES_OID[3];
820 extern const uint8_t X509_POLICY_MAPPINGS_OID[3];
821 extern const uint8_t X509_AUTHORITY_KEY_ID_OID[3];
822 extern const uint8_t X509_POLICY_CONSTRAINTS_OID[3];
823 extern const uint8_t X509_EXTENDED_KEY_USAGE_OID[3];
824 extern const uint8_t X509_FRESHEST_CRL_OID[3];
825 extern const uint8_t X509_INHIBIT_ANY_POLICY_OID[3];
826 
827 extern const uint8_t X509_NS_CERT_TYPE_OID[9];
828 
829 extern const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4];
830 extern const uint8_t X509_KP_SERVER_AUTH_OID[8];
831 extern const uint8_t X509_KP_CLIENT_AUTH_OID[8];
832 extern const uint8_t X509_KP_CODE_SIGNING_OID[8];
833 extern const uint8_t X509_KP_EMAIL_PROTECTION_OID[8];
834 extern const uint8_t X509_KP_TIME_STAMPING_OID[8];
835 extern const uint8_t X509_KP_OCSP_SIGNING_OID[8];
836 
837 //X.509 related functions
838 error_t x509ReadInt(const uint8_t *data, size_t length, uint_t *value);
839 
840 error_t x509ReadRsaPublicKey(const X509SubjectPublicKeyInfo *subjectPublicKeyInfo,
841  RsaPublicKey *key);
842 
843 error_t x509ReadDsaPublicKey(const X509SubjectPublicKeyInfo *subjectPublicKeyInfo,
844  DsaPublicKey *key);
845 
848 
850  X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo);
851 
852 const EcCurveInfo *x509GetCurveInfo(const uint8_t *oid, size_t length);
853 
854 //C++ guard
855 #ifdef __cplusplus
856  }
857 #endif
858 
859 #endif
const uint8_t * revokedCerts
Definition: x509_common.h:787
const uint8_t X509_FRESHEST_CRL_OID[3]
Definition: x509_common.c:121
const char_t * givenName
Definition: x509_common.h:497
const uint8_t X509_NS_CERT_TYPE_OID[9]
Definition: x509_common.c:126
char char_t
Definition: compiler_port.h:41
const uint8_t * rawData
Definition: x509_common.h:601
Basic constraints.
Definition: x509_common.h:623
DateTime notAfter
Definition: x509_common.h:530
const char_t * surname
Definition: x509_common.h:479
X509GeneralNameType type
Definition: x509_common.h:649
X509DsaParameters dsaParams
Definition: x509_common.h:609
const uint8_t X509_INITIALS_OID[3]
Definition: x509_common.c:86
X.509 CRL.
Definition: x509_common.h:779
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
Definition: x509_common.c:373
X509NsCertType
Netscape certificate types.
Definition: x509_common.h:414
Serial number.
Definition: x509_common.h:462
X509SerialNumber userCertificate
Definition: x509_common.h:770
const uint8_t X509_EXTENDED_KEY_USAGE_OID[3]
Definition: x509_common.c:119
EC parameters.
Definition: x509_common.h:577
size_t permittedSubtreesLen
Definition: x509_common.h:637
const uint8_t X509_KP_SERVER_AUTH_OID[8]
Definition: x509_common.c:131
DateTime thisUpdate
Definition: x509_common.h:785
const uint8_t X509_CERTIFICATE_POLICIES_OID[3]
Definition: x509_common.c:111
const char_t * organizationalUnitName
Definition: x509_common.h:491
const uint8_t * q
Definition: x509_common.h:555
const uint8_t * data
Definition: x509_common.h:739
General name.
Definition: x509_common.h:647
size_t tbsCertListLen
Definition: x509_common.h:782
const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3]
Definition: x509_common.c:78
ECDSA (Elliptic Curve Digital Signature Algorithm)
const uint8_t X509_POLICY_MAPPINGS_OID[3]
Definition: x509_common.c:113
General definitions for cryptographic algorithms.
Issuer or subject name.
Definition: x509_common.h:473
Elliptic curve parameters.
Definition: ec_curves.h:290
size_t rawDataLen
Definition: x509_common.h:476
Subject key identifier.
Definition: x509_common.h:672
const char_t * stateOrProvinceName
Definition: x509_common.h:487
const uint8_t * data
Definition: x509_common.h:464
X509RsaPublicKey rsaPublicKey
Definition: x509_common.h:606
const uint8_t X509_ORGANIZATION_NAME_OID[3]
Definition: x509_common.c:76
Signature value.
Definition: x509_common.h:737
X509EcParameters ecParams
Definition: x509_common.h:613
const uint8_t X509_TITLE_OID[3]
Definition: x509_common.c:80
error_t x509ReadDsaPublicKey(const X509SubjectPublicKeyInfo *subjectPublicKeyInfo, DsaPublicKey *key)
Read a DSA public key.
Definition: x509_common.c:235
RSA public key.
Definition: x509_common.h:538
X509BasicConstraints basicConstraints
Definition: x509_common.h:696
const uint8_t * tbsCertList
Definition: x509_common.h:781
X509EcPublicKey ecPublicKey
Definition: x509_common.h:614
X509SerialNumber serialNumber
Definition: x509_common.h:753
const uint8_t X509_COMMON_NAME_OID[3]
Definition: x509_common.c:64
const uint8_t * p
Definition: x509_common.h:553
const uint8_t * oid
Definition: x509_common.h:603
const uint8_t * namedCurve
Definition: x509_common.h:579
const uint8_t * oid
Definition: x509_common.h:725
size_t excludedSubtreesLen
Definition: x509_common.h:639
Name constraints.
Definition: x509_common.h:634
RSASSA-PSS parameters.
Definition: x509_common.h:711
const char_t * name
Definition: x509_common.h:495
const uint8_t X509_LOCALITY_NAME_OID[3]
Definition: x509_common.c:72
const uint8_t X509_KP_CODE_SIGNING_OID[8]
Definition: x509_common.c:135
const uint8_t X509_NAME_CONSTRAINTS_OID[3]
Definition: x509_common.c:107
X509Version
X.509 versions.
Definition: x509_common.h:350
const uint8_t * value
Definition: x509_common.h:685
const uint8_t X509_KP_EMAIL_PROTECTION_OID[8]
Definition: x509_common.c:137
Name attribute.
Definition: x509_common.h:514
DSA public key.
Definition: dsa.h:46
const uint8_t X509_GIVEN_NAME_OID[3]
Definition: x509_common.c:84
X509DsaPublicKey dsaPublicKey
Definition: x509_common.h:610
const uint8_t X509_KP_TIME_STAMPING_OID[8]
Definition: x509_common.c:139
const uint8_t X509_COUNTRY_NAME_OID[3]
Definition: x509_common.c:70
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
Definition: x509_common.c:305
size_t nameLen
Definition: x509_common.h:496
const uint8_t X509_KP_OCSP_SIGNING_OID[8]
Definition: x509_common.c:141
Extensions.
Definition: x509_common.h:694
const uint8_t X509_KEY_USAGE_OID[3]
Definition: x509_common.c:99
const uint8_t * e
Definition: x509_common.h:542
Revoked certificate.
Definition: x509_common.h:768
X509KeyUsage
Key usage.
Definition: x509_common.h:362
X509HashAlgo
Hash algorithms.
Definition: x509_common.h:442
signed int int_t
Definition: compiler_port.h:42
Authority key identifier.
Definition: x509_common.h:683
RSA public key.
Definition: rsa.h:46
const char_t * value
Definition: x509_common.h:650
const EcCurveInfo * x509GetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: x509_common.c:846
Date and time management.
const uint8_t * rawData
Definition: x509_common.h:661
const uint8_t X509_CRL_DISTR_POINTS_OID[3]
Definition: x509_common.c:109
size_t namedCurveLen
Definition: x509_common.h:580
const uint8_t X509_PSEUDONYM_OID[3]
Definition: x509_common.c:92
X509Extensions extensions
Definition: x509_common.h:758
X509SignatureValue signatureValue
Definition: x509_common.h:760
X509Version version
Definition: x509_common.h:752
const uint8_t * permittedSubtrees
Definition: x509_common.h:636
size_t surnameLen
Definition: x509_common.h:480
X509SubjectAltName subjectAltName
Definition: x509_common.h:700
const uint8_t X509_BASIC_CONSTRAINTS_OID[3]
Definition: x509_common.c:105
size_t commonNameLen
Definition: x509_common.h:478
Subject alternative name.
Definition: x509_common.h:659
const uint8_t * q
Definition: x509_common.h:590
size_t dnQualifierLen
Definition: x509_common.h:504
const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4]
Definition: x509_common.c:129
DateTime nextUpdate
Definition: x509_common.h:786
size_t localityNameLen
Definition: x509_common.h:486
X509Name issuer
Definition: x509_common.h:784
DSA (Digital Signature Algorithm)
Date and time representation.
Definition: date_time.h:44
size_t serialNumberLen
Definition: x509_common.h:482
const uint8_t * rawData
Definition: x509_common.h:475
DateTime notBefore
Definition: x509_common.h:529
const char_t * generationQualifier
Definition: x509_common.h:501
const uint8_t * n
Definition: x509_common.h:540
const uint8_t X509_NAME_OID[3]
Definition: x509_common.c:82
size_t titleLen
Definition: x509_common.h:494
X509Validity validity
Definition: x509_common.h:755
X509ExtKeyUsage
Extended key usage.
Definition: x509_common.h:380
const uint8_t * tbsCertificate
Definition: x509_common.h:750
const uint8_t X509_SUBJECT_DIRECTORY_ATTR_OID[3]
Definition: x509_common.c:95
Subject public key info.
Definition: x509_common.h:599
X509NameConstraints nameConstraints
Definition: x509_common.h:697
size_t givenNameLen
Definition: x509_common.h:498
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:789
error_t
Error codes.
Definition: error.h:40
DSA domain parameters.
Definition: x509_common.h:551
error_t x509GetSignHashAlgo(const X509SignatureAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
Definition: x509_common.c:472
X509GeneralNameType
General name types.
Definition: x509_common.h:396
const uint8_t * excludedSubtrees
Definition: x509_common.h:638
RSA public-key cryptography standard.
const uint8_t X509_POLICY_CONSTRAINTS_OID[3]
Definition: x509_common.c:117
size_t revokedCertsLen
Definition: x509_common.h:788
const uint8_t X509_AUTHORITY_KEY_ID_OID[3]
Definition: x509_common.c:115
unsigned int uint_t
Definition: compiler_port.h:43
const char_t * commonName
Definition: x509_common.h:477
size_t initialsLen
Definition: x509_common.h:500
DSA public key.
Definition: x509_common.h:566
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:728
uint8_t data[]
Definition: dtls_misc.h:167
uint8_t extKeyUsage
Definition: x509_common.h:699
const char_t * serialNumber
Definition: x509_common.h:481
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:759
const uint8_t * hashAlgo
Definition: x509_common.h:713
const char_t * dnQualifier
Definition: x509_common.h:503
X509AuthorityKeyId authorityKeyId
Definition: x509_common.h:702
X.509 certificate.
Definition: x509_common.h:748
uint8_t value[]
Definition: dtls_misc.h:141
X509Version version
Definition: x509_common.h:783
X509SignatureAlgo
Signature algorithms.
Definition: x509_common.h:426
const char_t * title
Definition: x509_common.h:493
X509SubjectPublicKeyInfo subjectPublicKeyInfo
Definition: x509_common.h:757
size_t generationQualifierLen
Definition: x509_common.h:502
const uint8_t X509_ISSUER_ALT_NAME_OID[3]
Definition: x509_common.c:103
const uint8_t * type
Definition: x509_common.h:516
const char_t * pseudonym
Definition: x509_common.h:505
const char_t * organizationName
Definition: x509_common.h:489
#define X509_MAX_SUBJECT_ALT_NAMES
Definition: x509_common.h:335
error_t x509ReadInt(const uint8_t *data, size_t length, uint_t *value)
Convert string to integer.
Definition: x509_common.c:152
error_t x509ReadRsaPublicKey(const X509SubjectPublicKeyInfo *subjectPublicKeyInfo, RsaPublicKey *key)
Read a RSA public key.
Definition: x509_common.c:184
const char_t * countryName
Definition: x509_common.h:483
const uint8_t X509_DN_QUALIFIER_OID[3]
Definition: x509_common.c:90
const uint8_t X509_GENERATION_QUALIFIER_OID[3]
Definition: x509_common.c:88
size_t stateOrProvinceNameLen
Definition: x509_common.h:488
const char_t * value
Definition: x509_common.h:518
X509SubjectKeyId subjectKeyId
Definition: x509_common.h:701
size_t countryNameLen
Definition: x509_common.h:484
Signature algorithm identifier.
Definition: x509_common.h:723
const uint8_t * value
Definition: x509_common.h:674
const uint8_t X509_INHIBIT_ANY_POLICY_OID[3]
Definition: x509_common.c:123
Common interface for hash algorithms.
Definition: crypto.h:1054
uint8_t length
Definition: dtls_misc.h:140
uint8_t oid[1]
Definition: mib_common.h:184
uint8_t nsCertType
Definition: x509_common.h:703
const uint8_t * y
Definition: x509_common.h:568
const uint8_t X509_SURNAME_OID[3]
Definition: x509_common.c:66
X509SignatureValue signatureValue
Definition: x509_common.h:790
const char_t * localityName
Definition: x509_common.h:485
const uint8_t X509_SUBJECT_KEY_ID_OID[3]
Definition: x509_common.c:97
size_t organizationNameLen
Definition: x509_common.h:490
const uint8_t X509_KP_CLIENT_AUTH_OID[8]
Definition: x509_common.c:133
const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[3]
Definition: x509_common.c:74
size_t organizationalUnitNameLen
Definition: x509_common.h:492
EC public key.
Definition: x509_common.h:588
int bool_t
Definition: compiler_port.h:47
const uint8_t X509_SUBJECT_ALT_NAME_OID[3]
Definition: x509_common.c:101
const uint8_t * g
Definition: x509_common.h:557
Validity.
Definition: x509_common.h:527
size_t pseudonymLen
Definition: x509_common.h:506
uint16_t keyUsage
Definition: x509_common.h:698
const uint8_t X509_SERIAL_NUMBER_OID[3]
Definition: x509_common.c:68
const char_t * initials
Definition: x509_common.h:499