x509_common.h
Go to the documentation of this file.
1 /**
2  * @file x509_common.h
3  * @brief X.509 common definitions
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCrypto Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.6
29  **/
30 
31 #ifndef _X509_COMMON_H
32 #define _X509_COMMON_H
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkc/rsa.h"
37 #include "pkc/dsa.h"
38 #include "ecc/ecdsa.h"
39 #include "ecc/eddsa.h"
40 #include "date_time.h"
41 
42 //RSA certificate support
43 #ifndef X509_RSA_SUPPORT
44  #define X509_RSA_SUPPORT ENABLED
45 #elif (X509_RSA_SUPPORT != ENABLED && X509_RSA_SUPPORT != DISABLED)
46  #error X509_RSA_SUPPORT
47 #endif
48 
49 //RSA-PSS certificate support
50 #ifndef X509_RSA_PSS_SUPPORT
51  #define X509_RSA_PSS_SUPPORT DISABLED
52 #elif (X509_RSA_PSS_SUPPORT != ENABLED && X509_RSA_PSS_SUPPORT != DISABLED)
53  #error X509_RSA_PSS_SUPPORT
54 #endif
55 
56 //DSA certificate support
57 #ifndef X509_DSA_SUPPORT
58  #define X509_DSA_SUPPORT DISABLED
59 #elif (X509_DSA_SUPPORT != ENABLED && X509_DSA_SUPPORT != DISABLED)
60  #error X509_DSA_SUPPORT parameter is not valid
61 #endif
62 
63 //ECDSA certificate support
64 #ifndef X509_ECDSA_SUPPORT
65  #define X509_ECDSA_SUPPORT ENABLED
66 #elif (X509_ECDSA_SUPPORT != ENABLED && X509_ECDSA_SUPPORT != DISABLED)
67  #error X509_ECDSA_SUPPORT parameter is not valid
68 #endif
69 
70 //MD5 hash support (insecure)
71 #ifndef X509_MD5_SUPPORT
72  #define X509_MD5_SUPPORT DISABLED
73 #elif (X509_MD5_SUPPORT != ENABLED && X509_MD5_SUPPORT != DISABLED)
74  #error X509_MD5_SUPPORT parameter is not valid
75 #endif
76 
77 //SHA-1 hash support (weak)
78 #ifndef X509_SHA1_SUPPORT
79  #define X509_SHA1_SUPPORT ENABLED
80 #elif (X509_SHA1_SUPPORT != ENABLED && X509_SHA1_SUPPORT != DISABLED)
81  #error X509_SHA1_SUPPORT parameter is not valid
82 #endif
83 
84 //SHA-224 hash support (weak)
85 #ifndef X509_SHA224_SUPPORT
86  #define X509_SHA224_SUPPORT DISABLED
87 #elif (X509_SHA224_SUPPORT != ENABLED && X509_SHA224_SUPPORT != DISABLED)
88  #error X509_SHA224_SUPPORT parameter is not valid
89 #endif
90 
91 //SHA-256 hash support
92 #ifndef X509_SHA256_SUPPORT
93  #define X509_SHA256_SUPPORT ENABLED
94 #elif (X509_SHA256_SUPPORT != ENABLED && X509_SHA256_SUPPORT != DISABLED)
95  #error X509_SHA256_SUPPORT parameter is not valid
96 #endif
97 
98 //SHA-384 hash support
99 #ifndef X509_SHA384_SUPPORT
100  #define X509_SHA384_SUPPORT ENABLED
101 #elif (X509_SHA384_SUPPORT != ENABLED && X509_SHA384_SUPPORT != DISABLED)
102  #error X509_SHA384_SUPPORT parameter is not valid
103 #endif
104 
105 //SHA-512 hash support
106 #ifndef X509_SHA512_SUPPORT
107  #define X509_SHA512_SUPPORT ENABLED
108 #elif (X509_SHA512_SUPPORT != ENABLED && X509_SHA512_SUPPORT != DISABLED)
109  #error X509_SHA512_SUPPORT parameter is not valid
110 #endif
111 
112 //SHA3-224 hash support
113 #ifndef X509_SHA3_224_SUPPORT
114  #define X509_SHA3_224_SUPPORT DISABLED
115 #elif (X509_SHA3_224_SUPPORT != ENABLED && X509_SHA3_224_SUPPORT != DISABLED)
116  #error X509_SHA3_224_SUPPORT parameter is not valid
117 #endif
118 
119 //SHA3-256 hash support
120 #ifndef X509_SHA3_256_SUPPORT
121  #define X509_SHA3_256_SUPPORT DISABLED
122 #elif (X509_SHA3_256_SUPPORT != ENABLED && X509_SHA3_256_SUPPORT != DISABLED)
123  #error X509_SHA3_256_SUPPORT parameter is not valid
124 #endif
125 
126 //SHA3-384 hash support
127 #ifndef X509_SHA3_384_SUPPORT
128  #define X509_SHA3_384_SUPPORT DISABLED
129 #elif (X509_SHA3_384_SUPPORT != ENABLED && X509_SHA3_384_SUPPORT != DISABLED)
130  #error X509_SHA3_384_SUPPORT parameter is not valid
131 #endif
132 
133 //SHA3-512 hash support
134 #ifndef X509_SHA3_512_SUPPORT
135  #define X509_SHA3_512_SUPPORT DISABLED
136 #elif (X509_SHA3_512_SUPPORT != ENABLED && X509_SHA3_512_SUPPORT != DISABLED)
137  #error X509_SHA3_512_SUPPORT parameter is not valid
138 #endif
139 
140 //secp112r1 elliptic curve support (weak)
141 #ifndef X509_SECP112R1_SUPPORT
142  #define X509_SECP112R1_SUPPORT DISABLED
143 #elif (X509_SECP112R1_SUPPORT != ENABLED && X509_SECP112R1_SUPPORT != DISABLED)
144  #error X509_SECP112R1_SUPPORT parameter is not valid
145 #endif
146 
147 //secp112r2 elliptic curve support (weak)
148 #ifndef X509_SECP112R2_SUPPORT
149  #define X509_SECP112R2_SUPPORT DISABLED
150 #elif (X509_SECP112R2_SUPPORT != ENABLED && X509_SECP112R2_SUPPORT != DISABLED)
151  #error X509_SECP112R2_SUPPORT parameter is not valid
152 #endif
153 
154 //secp128r1 elliptic curve support (weak)
155 #ifndef X509_SECP128R1_SUPPORT
156  #define X509_SECP128R1_SUPPORT DISABLED
157 #elif (X509_SECP128R1_SUPPORT != ENABLED && X509_SECP128R1_SUPPORT != DISABLED)
158  #error X509_SECP128R1_SUPPORT parameter is not valid
159 #endif
160 
161 //secp128r2 elliptic curve support (weak)
162 #ifndef X509_SECP128R2_SUPPORT
163  #define X509_SECP128R2_SUPPORT DISABLED
164 #elif (X509_SECP128R2_SUPPORT != ENABLED && X509_SECP128R2_SUPPORT != DISABLED)
165  #error X509_SECP128R2_SUPPORT parameter is not valid
166 #endif
167 
168 //secp160k1 elliptic curve support (weak)
169 #ifndef X509_SECP160K1_SUPPORT
170  #define X509_SECP160K1_SUPPORT DISABLED
171 #elif (X509_SECP160K1_SUPPORT != ENABLED && X509_SECP160K1_SUPPORT != DISABLED)
172  #error X509_SECP160K1_SUPPORT parameter is not valid
173 #endif
174 
175 //secp160r1 elliptic curve support (weak)
176 #ifndef X509_SECP160R1_SUPPORT
177  #define X509_SECP160R1_SUPPORT DISABLED
178 #elif (X509_SECP160R1_SUPPORT != ENABLED && X509_SECP160R1_SUPPORT != DISABLED)
179  #error X509_SECP160R1_SUPPORT parameter is not valid
180 #endif
181 
182 //secp160r2 elliptic curve support (weak)
183 #ifndef X509_SECP160R2_SUPPORT
184  #define X509_SECP160R2_SUPPORT DISABLED
185 #elif (X509_SECP160R2_SUPPORT != ENABLED && X509_SECP160R2_SUPPORT != DISABLED)
186  #error X509_SECP160R2_SUPPORT parameter is not valid
187 #endif
188 
189 //secp192k1 elliptic curve support
190 #ifndef X509_SECP192K1_SUPPORT
191  #define X509_SECP192K1_SUPPORT DISABLED
192 #elif (X509_SECP192K1_SUPPORT != ENABLED && X509_SECP192K1_SUPPORT != DISABLED)
193  #error X509_SECP192K1_SUPPORT parameter is not valid
194 #endif
195 
196 //secp192r1 elliptic curve support (NIST P-192)
197 #ifndef X509_SECP192R1_SUPPORT
198  #define X509_SECP192R1_SUPPORT ENABLED
199 #elif (X509_SECP192R1_SUPPORT != ENABLED && X509_SECP192R1_SUPPORT != DISABLED)
200  #error X509_SECP192R1_SUPPORT parameter is not valid
201 #endif
202 
203 //secp224k1 elliptic curve support
204 #ifndef X509_SECP224K1_SUPPORT
205  #define X509_SECP224K1_SUPPORT DISABLED
206 #elif (X509_SECP224K1_SUPPORT != ENABLED && X509_SECP224K1_SUPPORT != DISABLED)
207  #error X509_SECP224K1_SUPPORT parameter is not valid
208 #endif
209 
210 //secp224r1 elliptic curve support (NIST P-224)
211 #ifndef X509_SECP224R1_SUPPORT
212  #define X509_SECP224R1_SUPPORT ENABLED
213 #elif (X509_SECP224R1_SUPPORT != ENABLED && X509_SECP224R1_SUPPORT != DISABLED)
214  #error X509_SECP224R1_SUPPORT parameter is not valid
215 #endif
216 
217 //secp256k1 elliptic curve support
218 #ifndef X509_SECP256K1_SUPPORT
219  #define X509_SECP256K1_SUPPORT DISABLED
220 #elif (X509_SECP256K1_SUPPORT != ENABLED && X509_SECP256K1_SUPPORT != DISABLED)
221  #error X509_SECP256K1_SUPPORT parameter is not valid
222 #endif
223 
224 //secp256r1 elliptic curve support (NIST P-256)
225 #ifndef X509_SECP256R1_SUPPORT
226  #define X509_SECP256R1_SUPPORT ENABLED
227 #elif (X509_SECP256R1_SUPPORT != ENABLED && X509_SECP256R1_SUPPORT != DISABLED)
228  #error X509_SECP256R1_SUPPORT parameter is not valid
229 #endif
230 
231 //secp384r1 elliptic curve support (NIST P-384)
232 #ifndef X509_SECP384R1_SUPPORT
233  #define X509_SECP384R1_SUPPORT ENABLED
234 #elif (X509_SECP384R1_SUPPORT != ENABLED && X509_SECP384R1_SUPPORT != DISABLED)
235  #error X509_SECP384R1_SUPPORT parameter is not valid
236 #endif
237 
238 //secp521r1 elliptic curve support (NIST P-521)
239 #ifndef X509_SECP521R1_SUPPORT
240  #define X509_SECP521R1_SUPPORT ENABLED
241 #elif (X509_SECP521R1_SUPPORT != ENABLED && X509_SECP521R1_SUPPORT != DISABLED)
242  #error X509_SECP521R1_SUPPORT parameter is not valid
243 #endif
244 
245 //brainpoolP160r1 elliptic curve support
246 #ifndef X509_BRAINPOOLP160R1_SUPPORT
247  #define X509_BRAINPOOLP160R1_SUPPORT DISABLED
248 #elif (X509_BRAINPOOLP160R1_SUPPORT != ENABLED && X509_BRAINPOOLP160R1_SUPPORT != DISABLED)
249  #error X509_BRAINPOOLP160R1_SUPPORT parameter is not valid
250 #endif
251 
252 //brainpoolP192r1 elliptic curve support
253 #ifndef X509_BRAINPOOLP192R1_SUPPORT
254  #define X509_BRAINPOOLP192R1_SUPPORT DISABLED
255 #elif (X509_BRAINPOOLP192R1_SUPPORT != ENABLED && X509_BRAINPOOLP192R1_SUPPORT != DISABLED)
256  #error X509_BRAINPOOLP192R1_SUPPORT parameter is not valid
257 #endif
258 
259 //brainpoolP224r1 elliptic curve support
260 #ifndef X509_BRAINPOOLP224R1_SUPPORT
261  #define X509_BRAINPOOLP224R1_SUPPORT DISABLED
262 #elif (X509_BRAINPOOLP224R1_SUPPORT != ENABLED && X509_BRAINPOOLP224R1_SUPPORT != DISABLED)
263  #error X509_BRAINPOOLP224R1_SUPPORT parameter is not valid
264 #endif
265 
266 //brainpoolP256r1 elliptic curve support
267 #ifndef X509_BRAINPOOLP256R1_SUPPORT
268  #define X509_BRAINPOOLP256R1_SUPPORT DISABLED
269 #elif (X509_BRAINPOOLP256R1_SUPPORT != ENABLED && X509_BRAINPOOLP256R1_SUPPORT != DISABLED)
270  #error X509_BRAINPOOLP256R1_SUPPORT parameter is not valid
271 #endif
272 
273 //brainpoolP320r1 elliptic curve support
274 #ifndef X509_BRAINPOOLP320R1_SUPPORT
275  #define X509_BRAINPOOLP320R1_SUPPORT DISABLED
276 #elif (X509_BRAINPOOLP320R1_SUPPORT != ENABLED && X509_BRAINPOOLP320R1_SUPPORT != DISABLED)
277  #error X509_BRAINPOOLP320R1_SUPPORT parameter is not valid
278 #endif
279 
280 //brainpoolP384r1 elliptic curve support
281 #ifndef X509_BRAINPOOLP384R1_SUPPORT
282  #define X509_BRAINPOOLP384R1_SUPPORT DISABLED
283 #elif (X509_BRAINPOOLP384R1_SUPPORT != ENABLED && X509_BRAINPOOLP384R1_SUPPORT != DISABLED)
284  #error X509_BRAINPOOLP384R1_SUPPORT parameter is not valid
285 #endif
286 
287 //brainpoolP512r1 elliptic curve support
288 #ifndef X509_BRAINPOOLP512R1_SUPPORT
289  #define X509_BRAINPOOLP512R1_SUPPORT DISABLED
290 #elif (X509_BRAINPOOLP512R1_SUPPORT != ENABLED && X509_BRAINPOOLP512R1_SUPPORT != DISABLED)
291  #error X509_BRAINPOOLP512R1_SUPPORT parameter is not valid
292 #endif
293 
294 //Ed25519 elliptic curve support
295 #ifndef X509_ED25519_SUPPORT
296  #define X509_ED25519_SUPPORT DISABLED
297 #elif (X509_ED25519_SUPPORT != ENABLED && X509_ED25519_SUPPORT != DISABLED)
298  #error X509_ED25519_SUPPORT parameter is not valid
299 #endif
300 
301 //Ed448 elliptic curve support
302 #ifndef X509_ED448_SUPPORT
303  #define X509_ED448_SUPPORT DISABLED
304 #elif (X509_ED448_SUPPORT != ENABLED && X509_ED448_SUPPORT != DISABLED)
305  #error X509_ED448_SUPPORT parameter is not valid
306 #endif
307 
308 //Minimum acceptable size for RSA modulus
309 #ifndef X509_MIN_RSA_MODULUS_SIZE
310  #define X509_MIN_RSA_MODULUS_SIZE 1024
311 #elif (X509_MIN_RSA_MODULUS_SIZE < 512)
312  #error X509_MIN_RSA_MODULUS_SIZE parameter is not valid
313 #endif
314 
315 //Maximum acceptable size for RSA modulus
316 #ifndef X509_MAX_RSA_MODULUS_SIZE
317  #define X509_MAX_RSA_MODULUS_SIZE 4096
318 #elif (X509_MAX_RSA_MODULUS_SIZE < X509_MIN_RSA_MODULUS_SIZE)
319  #error X509_MAX_RSA_MODULUS_SIZE parameter is not valid
320 #endif
321 
322 //Minimum acceptable size for DSA prime modulus
323 #ifndef X509_MIN_DSA_MODULUS_SIZE
324  #define X509_MIN_DSA_MODULUS_SIZE 1024
325 #elif (X509_MIN_DSA_MODULUS_SIZE < 512)
326  #error X509_MIN_DSA_MODULUS_SIZE parameter is not valid
327 #endif
328 
329 //Maximum acceptable size for DSA prime modulus
330 #ifndef X509_MAX_DSA_MODULUS_SIZE
331  #define X509_MAX_DSA_MODULUS_SIZE 4096
332 #elif (X509_MAX_DSA_MODULUS_SIZE < X509_MIN_DSA_MODULUS_SIZE)
333  #error X509_MAX_DSA_MODULUS_SIZE parameter is not valid
334 #endif
335 
336 //Default size of serial numbers
337 #ifndef X509_SERIAL_NUMBER_SIZE
338  #define X509_SERIAL_NUMBER_SIZE 20
339 #elif (X509_SERIAL_NUMBER_SIZE < 1)
340  #error X509_SERIAL_NUMBER_SIZE parameter is not valid
341 #endif
342 
343 //Maximum number of subject alternative names
344 #ifndef X509_MAX_SUBJECT_ALT_NAMES
345  #define X509_MAX_SUBJECT_ALT_NAMES 4
346 #elif (X509_MAX_SUBJECT_ALT_NAMES < 1)
347  #error X509_MAX_SUBJECT_ALT_NAMES parameter is not valid
348 #endif
349 
350 //Maximum number of certificate issuer names
351 #ifndef X509_MAX_CERT_ISSUER_NAMES
352  #define X509_MAX_CERT_ISSUER_NAMES 4
353 #elif (X509_MAX_CERT_ISSUER_NAMES < 1)
354  #error X509_MAX_CERT_ISSUER_NAMES parameter is not valid
355 #endif
356 
357 //Maximum digest size
358 #if (X509_SHA3_512_SUPPORT == ENABLED && SHA3_512_SUPPORT == ENABLED)
359  #define X509_MAX_HASH_DIGEST_SIZE 64
360 #elif (X509_SHA512_SUPPORT == ENABLED && SHA512_SUPPORT == ENABLED)
361  #define X509_MAX_HASH_DIGEST_SIZE 64
362 #elif (X509_SHA3_384_SUPPORT == ENABLED && SHA3_384_SUPPORT == ENABLED)
363  #define X509_MAX_HASH_DIGEST_SIZE 48
364 #elif (X509_SHA384_SUPPORT == ENABLED && SHA384_SUPPORT == ENABLED)
365  #define X509_MAX_HASH_DIGEST_SIZE 48
366 #elif (X509_SHA3_256_SUPPORT == ENABLED && SHA3_256_SUPPORT == ENABLED)
367  #define X509_MAX_HASH_DIGEST_SIZE 32
368 #elif (X509_SHA256_SUPPORT == ENABLED && SHA256_SUPPORT == ENABLED)
369  #define X509_MAX_HASH_DIGEST_SIZE 32
370 #elif (X509_SHA3_224_SUPPORT == ENABLED && SHA3_224_SUPPORT == ENABLED)
371  #define X509_MAX_HASH_DIGEST_SIZE 28
372 #elif (X509_SHA224_SUPPORT == ENABLED && SHA224_SUPPORT == ENABLED)
373  #define X509_MAX_HASH_DIGEST_SIZE 28
374 #elif (X509_SHA1_SUPPORT == ENABLED && SHA1_SUPPORT == ENABLED)
375  #define X509_MAX_HASH_DIGEST_SIZE 20
376 #elif (X509_MD5_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
377  #define X509_MAX_HASH_DIGEST_SIZE 16
378 #endif
379 
380 //C++ guard
381 #ifdef __cplusplus
382 extern "C" {
383 #endif
384 
385 
386 /**
387  * @brief X.509 versions
388  **/
389 
390 typedef enum
391 {
395 } X509Version;
396 
397 
398 /**
399  * @brief Key usage
400  **/
401 
402 typedef enum
403 {
414 
415 
416 /**
417  * @brief Extended key usage
418  **/
419 
420 typedef enum
421 {
430 
431 
432 /**
433  * @brief General name types
434  **/
435 
436 typedef enum
437 {
448 
449 
450 /**
451  * @brief Netscape certificate types
452  **/
453 
454 typedef enum
455 {
460 
461 
462 /**
463  * @brief Reason flags
464  **/
465 
466 typedef enum
467 {
478 
479 
480 /**
481  * @brief CRL reasons
482  **/
483 
484 typedef enum
485 {
497 
498 
499 /**
500  * @brief Public Key types
501  **/
502 
503 typedef enum
504 {
514 } X509KeyType;
515 
516 
517 /**
518  * @brief Signature algorithms
519  **/
520 
521 typedef enum
522 {
531 
532 
533 /**
534  * @brief Hash algorithms
535  **/
536 
537 typedef enum
538 {
550 } X509HashAlgo;
551 
552 
553 /**
554  * @brief Serial number
555  **/
556 
557 typedef struct
558 {
559  const uint8_t *data;
560  size_t length;
562 
563 
564 /**
565  * @brief Issuer or subject name
566  **/
567 
568 typedef struct
569 {
570  const uint8_t *rawData;
571  size_t rawDataLen;
574  const char_t *surname;
575  size_t surnameLen;
588  const char_t *title;
589  size_t titleLen;
590  const char_t *name;
591  size_t nameLen;
593  size_t givenNameLen;
594  const char_t *initials;
595  size_t initialsLen;
601  size_t pseudonymLen;
602 } X509Name;
603 
604 
605 /**
606  * @brief Name attribute
607  **/
608 
609 typedef struct
610 {
611  const uint8_t *type;
612  size_t typeLen;
613  const char_t *value;
614  size_t valueLen;
616 
617 
618 /**
619  * @brief Validity
620  **/
621 
622 typedef struct
623 {
626 } X509Validity;
627 
628 
629 /**
630  * @brief RSA public key
631  **/
632 
633 typedef struct
634 {
635  const uint8_t *n;
636  size_t nLen;
637  const uint8_t *e;
638  size_t eLen;
640 
641 
642 /**
643  * @brief DSA domain parameters
644  **/
645 
646 typedef struct
647 {
648  const uint8_t *p;
649  size_t pLen;
650  const uint8_t *q;
651  size_t qLen;
652  const uint8_t *g;
653  size_t gLen;
655 
656 
657 /**
658  * @brief DSA public key
659  **/
660 
661 typedef struct
662 {
663  const uint8_t *y;
664  size_t yLen;
666 
667 
668 /**
669  * @brief EC parameters
670  **/
671 
672 typedef struct
673 {
674  const uint8_t *namedCurve;
677 
678 
679 /**
680  * @brief EC public key
681  **/
682 
683 typedef struct
684 {
685  const uint8_t *q;
686  size_t qLen;
688 
689 
690 /**
691  * @brief Subject public key information
692  **/
693 
694 typedef struct
695 {
696  const uint8_t *rawData;
697  size_t rawDataLen;
698  const uint8_t *oid;
699  size_t oidLen;
700 #if (RSA_SUPPORT == ENABLED)
702 #endif
703 #if (DSA_SUPPORT == ENABLED)
706 #endif
707 #if (EC_SUPPORT == ENABLED || ED25519_SUPPORT == ENABLED || ED448_SUPPORT == ENABLED)
710 #endif
712 
713 
714 /**
715  * @brief Basic constraints
716  **/
717 
718 typedef struct
719 {
724 
725 
726 /**
727  * @brief Name constraints
728  **/
729 
730 typedef struct
731 {
733  const uint8_t *permittedSubtrees;
735  const uint8_t *excludedSubtrees;
738 
739 
740 /**
741  * @brief Key usage
742  **/
743 
744 typedef struct
745 {
747  uint16_t bitmap;
748 } X509KeyUsage;
749 
750 
751 /**
752  * @brief Extended key usage
753  **/
754 
755 typedef struct
756 {
758  uint8_t bitmap;
760 
761 
762 /**
763  * @brief General name
764  **/
765 
766 typedef struct
767 {
769  const char_t *value;
770  size_t length;
772 
773 
774 /**
775  * @brief Subject alternative name
776  **/
777 
778 typedef struct
779 {
781  const uint8_t *rawData;
782  size_t rawDataLen;
786 
787 
788 /**
789  * @brief Subject key identifier
790  **/
791 
792 typedef struct
793 {
795  const uint8_t *value;
796  size_t length;
798 
799 
800 /**
801  * @brief Authority key identifier
802  **/
803 
804 typedef struct
805 {
807  const uint8_t *keyId;
808  size_t keyIdLen;
810 
811 
812 /**
813  * @brief Netscape certificate type
814  **/
815 
816 typedef struct
817 {
819  uint8_t bitmap;
821 
822 
823 /**
824  * @brief X.509 certificate extension
825  **/
826 
827 typedef struct
828 {
829  const uint8_t *oid;
830  size_t oidLen;
832  const uint8_t *value;
833  size_t valueLen;
834 } X509Extension;
835 
836 
837 /**
838  * @brief X.509 certificate extensions
839  **/
840 
841 typedef struct
842 {
843  const uint8_t *rawData;
844  size_t rawDataLen;
854 
855 
856 /**
857  * @brief RSASSA-PSS parameters
858  **/
859 
860 typedef struct
861 {
862  const uint8_t *hashAlgo;
863  size_t hashAlgoLen;
864  const uint8_t *maskGenAlgo;
866  const uint8_t *maskGenHashAlgo;
868  size_t saltLen;
870 
871 
872 /**
873  * @brief Signature algorithm identifier
874  **/
875 
876 typedef struct
877 {
878  const uint8_t *oid;
879  size_t oidLen;
880 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
882 #endif
884 
885 
886 /**
887  * @brief Signature value
888  **/
889 
890 typedef struct
891 {
892  const uint8_t *data;
893  size_t length;
895 
896 
897 /**
898  * @brief TBSCertificate structure
899  **/
900 
901 typedef struct
902 {
903  const uint8_t *rawData;
904  size_t rawDataLen;
914 
915 
916 /**
917  * @brief X.509 certificate
918  **/
919 
920 typedef struct
921 {
926 
927 
928 /**
929  * @brief CRL reason
930  **/
931 
932 typedef struct
933 {
935  uint8_t value;
936 } X509CrlReason;
937 
938 
939 /**
940  * @brief Invalidity date
941  **/
942 
943 typedef struct
944 {
948 
949 
950 /**
951  * @brief Certificate issuer
952  **/
953 
954 typedef struct
955 {
957  const uint8_t *rawData;
958  size_t rawDataLen;
962 
963 
964 /**
965  * @brief CRL extensions
966  **/
967 
968 typedef struct
969 {
970  const uint8_t *rawData;
971  size_t rawDataLen;
976 
977 
978 /**
979  * @brief Revoked certificate
980  **/
981 
982 typedef struct
983 {
988 
989 
990 /**
991  * @brief CRL number
992  **/
993 
994 typedef struct
995 {
997  const uint8_t *value;
998  size_t length;
999 } X509CrlNumber;
1000 
1001 
1002 /**
1003  * @brief Delta CRL indicator
1004  **/
1005 
1006 typedef struct
1007 {
1009  const uint8_t *baseCrlNumber;
1012 
1013 
1014 /**
1015  * @brief Distribution point name
1016  **/
1017 
1018 typedef struct
1019 {
1021  const uint8_t *fullName;
1022  size_t fullNameLen;
1023  const uint8_t *nameRelativeToCrlIssuer;
1026 
1027 
1028 /**
1029  * @brief Issuing distribution point
1030  **/
1031 
1032 typedef struct
1033 {
1042 
1043 
1044 /**
1045  * @brief CRL extensions
1046  **/
1047 
1048 typedef struct
1049 {
1050  const uint8_t *rawData;
1051  size_t rawDataLen;
1057 
1058 
1059 /**
1060  * @brief TBSCertList structure
1061  **/
1062 
1063 typedef struct
1064 {
1065  const uint8_t *rawData;
1066  size_t rawDataLen;
1072  const uint8_t *revokedCerts;
1075 } X509TbsCertList;
1076 
1077 
1078 /**
1079  * @brief CRL (Certificate Revocation List)
1080  **/
1081 
1082 typedef struct
1083 {
1087 } X509CrlInfo;
1088 
1089 
1090 /**
1091  * @brief PKCS#9 ChallengePassword attribute
1092  **/
1093 
1094 typedef struct
1095 {
1096  const char_t *value;
1097  size_t length;
1099 
1100 
1101 /**
1102  * @brief CSR attribute
1103  **/
1104 
1105 typedef struct
1106 {
1107  const uint8_t *oid;
1108  size_t oidLen;
1109  const uint8_t *value;
1110  size_t valueLen;
1111 } X509Attribute;
1112 
1113 
1114 /**
1115  * @brief CSR attributes
1116  **/
1117 
1118 typedef struct
1119 {
1120  const uint8_t *rawData;
1121  size_t rawDataLen;
1124 } X509Attributes;
1125 
1126 
1127 /**
1128  * @brief CertificationRequestInfo structure
1129  **/
1130 
1131 typedef struct
1132 {
1133  const uint8_t *rawData;
1134  size_t rawDataLen;
1140 
1141 
1142 /**
1143  * @brief CSR (Certificate Signing Request)
1144  **/
1145 
1146 typedef struct
1147 {
1151 } X509CsrInfo;
1152 
1153 
1154 //X.509 related constants
1155 extern const uint8_t X509_COMMON_NAME_OID[3];
1156 extern const uint8_t X509_SURNAME_OID[3];
1157 extern const uint8_t X509_SERIAL_NUMBER_OID[3];
1158 extern const uint8_t X509_COUNTRY_NAME_OID[3];
1159 extern const uint8_t X509_LOCALITY_NAME_OID[3];
1160 extern const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[3];
1161 extern const uint8_t X509_ORGANIZATION_NAME_OID[3];
1162 extern const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3];
1163 extern const uint8_t X509_TITLE_OID[3];
1164 extern const uint8_t X509_NAME_OID[3];
1165 extern const uint8_t X509_GIVEN_NAME_OID[3];
1166 extern const uint8_t X509_INITIALS_OID[3];
1167 extern const uint8_t X509_GENERATION_QUALIFIER_OID[3];
1168 extern const uint8_t X509_DN_QUALIFIER_OID[3];
1169 extern const uint8_t X509_PSEUDONYM_OID[3];
1170 
1171 extern const uint8_t X509_SUBJECT_DIRECTORY_ATTR_OID[3];
1172 extern const uint8_t X509_SUBJECT_KEY_ID_OID[3];
1173 extern const uint8_t X509_KEY_USAGE_OID[3];
1174 extern const uint8_t X509_SUBJECT_ALT_NAME_OID[3];
1175 extern const uint8_t X509_ISSUER_ALT_NAME_OID[3];
1176 extern const uint8_t X509_BASIC_CONSTRAINTS_OID[3];
1177 extern const uint8_t X509_CRL_NUMBER_OID[3];
1178 extern const uint8_t X509_REASON_CODE_OID[3];
1179 extern const uint8_t X509_INVALIDITY_DATE_OID[3];
1180 extern const uint8_t X509_DELTA_CRL_INDICATOR_OID[3];
1181 extern const uint8_t X509_ISSUING_DISTR_POINT_OID[3];
1182 extern const uint8_t X509_CERTIFICATE_ISSUER_OID[3];
1183 extern const uint8_t X509_NAME_CONSTRAINTS_OID[3];
1184 extern const uint8_t X509_CRL_DISTR_POINTS_OID[3];
1185 extern const uint8_t X509_CERTIFICATE_POLICIES_OID[3];
1186 extern const uint8_t X509_POLICY_MAPPINGS_OID[3];
1187 extern const uint8_t X509_AUTHORITY_KEY_ID_OID[3];
1188 extern const uint8_t X509_POLICY_CONSTRAINTS_OID[3];
1189 extern const uint8_t X509_EXTENDED_KEY_USAGE_OID[3];
1190 extern const uint8_t X509_FRESHEST_CRL_OID[3];
1191 extern const uint8_t X509_INHIBIT_ANY_POLICY_OID[3];
1192 
1193 extern const uint8_t X509_NS_CERT_TYPE_OID[9];
1194 
1195 extern const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4];
1196 extern const uint8_t X509_KP_SERVER_AUTH_OID[8];
1197 extern const uint8_t X509_KP_CLIENT_AUTH_OID[8];
1198 extern const uint8_t X509_KP_CODE_SIGNING_OID[8];
1199 extern const uint8_t X509_KP_EMAIL_PROTECTION_OID[8];
1200 extern const uint8_t X509_KP_TIME_STAMPING_OID[8];
1201 extern const uint8_t X509_KP_OCSP_SIGNING_OID[8];
1202 
1203 extern const uint8_t X509_CHALLENGE_PASSWORD_OID[9];
1204 extern const uint8_t X509_EXTENSION_REQUEST_OID[9];
1205 
1206 //X.509 related functions
1209 
1211  X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo);
1212 
1213 X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length);
1214 const EcCurveInfo *x509GetCurveInfo(const uint8_t *oid, size_t length);
1215 
1216 //C++ guard
1217 #ifdef __cplusplus
1218 }
1219 #endif
1220 
1221 #endif
@ X509_GENERAL_NAME_TYPE_REGISTERED_ID
Definition: x509_common.h:446
X509Validity validity
Definition: x509_common.h:909
const uint8_t X509_KP_SERVER_AUTH_OID[8]
Definition: x509_common.c:146
@ X509_GENERAL_NAME_TYPE_X400_ADDRESS
Definition: x509_common.h:441
@ X509_KEY_TYPE_RSA
Definition: x509_common.h:506
@ X509_EXT_KEY_USAGE_ANY
Definition: x509_common.h:428
uint8_t length
Definition: dtls_misc.h:149
Date and time management.
const uint8_t * maskGenHashAlgo
Definition: x509_common.h:866
CRL extensions.
Definition: x509_common.h:968
const uint8_t * rawData
Definition: x509_common.h:957
const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3]
Definition: x509_common.c:81
const uint8_t * oid
Definition: x509_common.h:698
X509AuthorityKeyId authKeyId
Definition: x509_common.h:851
const uint8_t * oid
Definition: x509_common.h:878
X509GeneralNameType type
Definition: x509_common.h:768
@ X509_NS_CERT_TYPE_SSL_SERVER
Definition: x509_common.h:457
int bool_t
Definition: compiler_port.h:49
const uint8_t * q
Definition: x509_common.h:650
const uint8_t X509_INHIBIT_ANY_POLICY_OID[3]
Definition: x509_common.c:138
const char_t * stateOrProvinceName
Definition: x509_common.h:582
const uint8_t X509_KEY_USAGE_OID[3]
Definition: x509_common.c:102
X509ReasonFlags
Reason flags.
Definition: x509_common.h:466
X509SignatureValue signatureValue
Definition: x509_common.h:1150
@ X509_CRL_REASON_CA_COMPROMISE
Definition: x509_common.h:488
const char_t * localityName
Definition: x509_common.h:580
size_t permittedSubtreesLen
Definition: x509_common.h:734
const uint8_t * maskGenAlgo
Definition: x509_common.h:864
TBSCertificate structure.
Definition: x509_common.h:901
signed int int_t
Definition: compiler_port.h:44
const uint8_t * data
Definition: x509_common.h:892
const uint8_t * type
Definition: x509_common.h:611
@ X509_KEY_TYPE_X448
Definition: x509_common.h:512
Signature algorithm identifier.
Definition: x509_common.h:876
X509Extensions extensions
Definition: x509_common.h:912
const uint8_t * rawData
Definition: x509_common.h:843
X509DsaPublicKey dsaPublicKey
Definition: x509_common.h:705
@ X509_REASON_FLAGS_PRIVILEGE_WITHDRAWN
Definition: x509_common.h:475
const uint8_t X509_EXTENDED_KEY_USAGE_OID[3]
Definition: x509_common.c:134
ECDSA (Elliptic Curve Digital Signature Algorithm)
Validity.
Definition: x509_common.h:622
X509KeyUsage keyUsage
Definition: x509_common.h:847
const uint8_t * keyId
Definition: x509_common.h:807
size_t pseudonymLen
Definition: x509_common.h:601
X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length)
Get the public key type that matches the specified OID.
Definition: x509_common.c:779
const uint8_t X509_POLICY_CONSTRAINTS_OID[3]
Definition: x509_common.c:132
size_t rawDataLen
Definition: x509_common.h:571
const uint8_t * fullName
Definition: x509_common.h:1021
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:881
@ X509_REASON_FLAGS_AFFILIATION_CHANGED
Definition: x509_common.h:471
bool_t critical
Definition: x509_common.h:831
const char_t * initials
Definition: x509_common.h:594
const uint8_t X509_CHALLENGE_PASSWORD_OID[9]
Definition: x509_common.c:159
const uint8_t X509_ORGANIZATION_NAME_OID[3]
Definition: x509_common.c:79
const uint8_t X509_KP_CODE_SIGNING_OID[8]
Definition: x509_common.c:150
X.509 certificate.
Definition: x509_common.h:920
size_t valueLen
Definition: x509_common.h:833
const uint8_t * value
Definition: x509_common.h:832
X509EcParameters ecParams
Definition: x509_common.h:708
const char_t * value
Definition: x509_common.h:1096
@ X509_GENERAL_NAME_TYPE_RFC822
Definition: x509_common.h:439
X509ExtendedKeyUsage extKeyUsage
Definition: x509_common.h:848
const uint8_t X509_KP_OCSP_SIGNING_OID[8]
Definition: x509_common.c:156
X509NsCertType nsCertType
Definition: x509_common.h:852
bool_t critical
Definition: x509_common.h:934
const uint8_t X509_DN_QUALIFIER_OID[3]
Definition: x509_common.c:93
@ X509_KEY_USAGE_DATA_ENCIPHERMENT
Definition: x509_common.h:407
@ X509_GENERAL_NAME_TYPE_URI
Definition: x509_common.h:444
X509Extensions extensionReq
Definition: x509_common.h:1123
size_t rawDataLen
Definition: x509_common.h:844
const uint8_t X509_SUBJECT_ALT_NAME_OID[3]
Definition: x509_common.c:104
@ X509_VERSION_1
Definition: x509_common.h:392
const uint8_t X509_SUBJECT_DIRECTORY_ATTR_OID[3]
Definition: x509_common.c:98
const uint8_t * q
Definition: x509_common.h:685
@ X509_EXT_KEY_USAGE_CLIENT_AUTH
Definition: x509_common.h:423
CRL (Certificate Revocation List)
Definition: x509_common.h:1082
Invalidity date.
Definition: x509_common.h:943
const uint8_t * rawData
Definition: x509_common.h:1065
const uint8_t X509_GIVEN_NAME_OID[3]
Definition: x509_common.c:87
const uint8_t X509_SERIAL_NUMBER_OID[3]
Definition: x509_common.c:71
const uint8_t * rawData
Definition: x509_common.h:903
error_t x509GetSignHashAlgo(const X509SignatureAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
Definition: x509_common.c:337
const uint8_t X509_AUTHORITY_KEY_ID_OID[3]
Definition: x509_common.c:130
#define X509_MAX_SUBJECT_ALT_NAMES
Definition: x509_common.h:345
@ X509_CRL_REASON_AA_COMPROMISE
Definition: x509_common.h:495
@ X509_KEY_USAGE_ENCIPHER_ONLY
Definition: x509_common.h:411
Subject key identifier.
Definition: x509_common.h:792
@ X509_GENERAL_NAME_TYPE_DIRECTORY
Definition: x509_common.h:442
X509DeltaCrlIndicator deltaCrlIndicator
Definition: x509_common.h:1053
const uint8_t X509_NAME_OID[3]
Definition: x509_common.c:85
@ X509_CRL_REASON_SUPERSEDED
Definition: x509_common.h:490
EC public key.
Definition: x509_common.h:683
const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4]
Definition: x509_common.c:144
@ X509_CRL_REASON_AFFILIATION_CHANGED
Definition: x509_common.h:489
Distribution point name.
Definition: x509_common.h:1018
@ X509_GENERAL_NAME_TYPE_EDI_PARTY
Definition: x509_common.h:443
const EcCurveInfo * x509GetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: x509_common.c:860
X509CrlReasons
CRL reasons.
Definition: x509_common.h:484
@ X509_KEY_TYPE_EC
Definition: x509_common.h:509
X509SubjectPublicKeyInfo subjectPublicKeyInfo
Definition: x509_common.h:1137
const uint8_t * rawData
Definition: x509_common.h:781
DateTime notAfter
Definition: x509_common.h:625
Certificate issuer.
Definition: x509_common.h:954
X509SignatureAlgo
Signature algorithms.
Definition: x509_common.h:521
@ X509_KEY_USAGE_NON_REPUDIATION
Definition: x509_common.h:405
Elliptic curve parameters.
Definition: ec_curves.h:292
const uint8_t X509_DELTA_CRL_INDICATOR_OID[3]
Definition: x509_common.c:116
General name.
Definition: x509_common.h:766
bool_t critical
Definition: x509_common.h:746
const uint8_t * permittedSubtrees
Definition: x509_common.h:733
size_t surnameLen
Definition: x509_common.h:575
const uint8_t * value
Definition: x509_common.h:997
X509CrlNumber crlNumber
Definition: x509_common.h:1052
@ X509_GENERAL_NAME_TYPE_DNS
Definition: x509_common.h:440
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:907
error_t
Error codes.
Definition: error.h:42
const uint8_t * rawData
Definition: x509_common.h:970
const uint8_t * n
Definition: x509_common.h:635
EC parameters.
Definition: x509_common.h:672
size_t nameRelativeToCrlIssuerLen
Definition: x509_common.h:1024
const uint8_t X509_POLICY_MAPPINGS_OID[3]
Definition: x509_common.c:128
const uint8_t X509_REASON_CODE_OID[3]
Definition: x509_common.c:112
const uint8_t * g
Definition: x509_common.h:652
const uint8_t X509_CRL_NUMBER_OID[3]
Definition: x509_common.c:110
Name attribute.
Definition: x509_common.h:609
Extended key usage.
Definition: x509_common.h:755
X509BasicConstraints basicConstraints
Definition: x509_common.h:845
RSA public key.
Definition: x509_common.h:633
X509Version
X.509 versions.
Definition: x509_common.h:390
const uint8_t * rawData
Definition: x509_common.h:696
@ X509_KEY_USAGE_DECIPHER_ONLY
Definition: x509_common.h:412
X509InvalidityDate invalidityDate
Definition: x509_common.h:973
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:1149
X509Version version
Definition: x509_common.h:905
X509CrlEntryExtensions crlEntryExtensions
Definition: x509_common.h:986
size_t serialNumberLen
Definition: x509_common.h:577
size_t nameLen
Definition: x509_common.h:591
@ X509_SIGN_ALGO_ECDSA
Definition: x509_common.h:527
@ X509_CRL_REASON_CESSATION_OF_OPERATION
Definition: x509_common.h:491
@ X509_HASH_ALGO_NONE
Definition: x509_common.h:539
CSR attribute.
Definition: x509_common.h:1105
TBSCertList structure.
Definition: x509_common.h:1063
const uint8_t X509_TITLE_OID[3]
Definition: x509_common.c:83
uint8_t value
Definition: x509_common.h:935
size_t excludedSubtreesLen
Definition: x509_common.h:736
const uint8_t X509_NAME_CONSTRAINTS_OID[3]
Definition: x509_common.c:122
@ X509_REASON_FLAGS_CERTIFICATE_HOLD
Definition: x509_common.h:474
X509RsaPublicKey rsaPublicKey
Definition: x509_common.h:701
@ X509_KEY_USAGE_KEY_AGREEMENT
Definition: x509_common.h:408
X509SignatureValue signatureValue
Definition: x509_common.h:924
@ X509_REASON_FLAGS_CA_COMPROMISE
Definition: x509_common.h:470
const uint8_t * nameRelativeToCrlIssuer
Definition: x509_common.h:1023
EdDSA (Edwards-Curve Digital Signature Algorithm)
@ X509_VERSION_3
Definition: x509_common.h:394
X.509 certificate extension.
Definition: x509_common.h:827
const uint8_t * e
Definition: x509_common.h:637
@ X509_HASH_ALGO_SHA1
Definition: x509_common.h:541
size_t titleLen
Definition: x509_common.h:589
const char_t * name
Definition: x509_common.h:590
General definitions for cryptographic algorithms.
X509Version version
Definition: x509_common.h:1135
X509CertRequestInfo certReqInfo
Definition: x509_common.h:1148
RSA public-key cryptography standard.
uint8_t oid[1]
Definition: mib_common.h:186
X509SerialNumber serialNumber
Definition: x509_common.h:906
@ X509_HASH_ALGO_SHA3_224
Definition: x509_common.h:546
size_t rawDataLen
Definition: x509_common.h:971
DSA (Digital Signature Algorithm)
size_t revokedCertsLen
Definition: x509_common.h:1073
@ X509_REASON_FLAGS_AA_COMPROMISE
Definition: x509_common.h:476
const uint8_t X509_KP_EMAIL_PROTECTION_OID[8]
Definition: x509_common.c:152
@ X509_KEY_TYPE_RSA_PSS
Definition: x509_common.h:507
@ X509_EXT_KEY_USAGE_SERVER_AUTH
Definition: x509_common.h:422
X509DsaParameters dsaParams
Definition: x509_common.h:704
Date and time representation.
Definition: date_time.h:46
@ X509_KEY_USAGE_DIGITAL_SIGNATURE
Definition: x509_common.h:404
const uint8_t * rawData
Definition: x509_common.h:570
const uint8_t * rawData
Definition: x509_common.h:1050
const uint8_t * excludedSubtrees
Definition: x509_common.h:735
@ X509_HASH_ALGO_SHA224
Definition: x509_common.h:542
size_t namedCurveLen
Definition: x509_common.h:675
Revoked certificate.
Definition: x509_common.h:982
const uint8_t X509_CRL_DISTR_POINTS_OID[3]
Definition: x509_common.c:124
@ X509_CRL_REASON_CERTIFICATE_HOLD
Definition: x509_common.h:492
Signature value.
Definition: x509_common.h:890
uint16_t bitmap
Definition: x509_common.h:747
const uint8_t * oid
Definition: x509_common.h:1107
X509TbsCertList tbsCertList
Definition: x509_common.h:1084
X509HashAlgo
Hash algorithms.
Definition: x509_common.h:537
CertificationRequestInfo structure.
Definition: x509_common.h:1131
X509CrlExtensions crlExtensions
Definition: x509_common.h:1074
X509SubjectAltName subjectAltName
Definition: x509_common.h:849
Subject alternative name.
Definition: x509_common.h:778
@ X509_SIGN_ALGO_RSA
Definition: x509_common.h:524
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:1068
const uint8_t X509_INVALIDITY_DATE_OID[3]
Definition: x509_common.c:114
#define X509_MAX_CERT_ISSUER_NAMES
Definition: x509_common.h:352
@ X509_EXT_KEY_USAGE_TIME_STAMPING
Definition: x509_common.h:426
X509KeyUsageBitmap
Key usage.
Definition: x509_common.h:402
const char_t * value
Definition: x509_common.h:613
const uint8_t X509_KP_TIME_STAMPING_OID[8]
Definition: x509_common.c:154
Netscape certificate type.
Definition: x509_common.h:816
@ X509_NS_CERT_TYPE_SSL_CLIENT
Definition: x509_common.h:456
size_t dnQualifierLen
Definition: x509_common.h:599
const char_t * value
Definition: x509_common.h:769
bool_t onlyContainsAttributeCerts
Definition: x509_common.h:1040
@ X509_HASH_ALGO_SHA3_512
Definition: x509_common.h:549
size_t localityNameLen
Definition: x509_common.h:581
const uint8_t * data
Definition: x509_common.h:559
const char_t * title
Definition: x509_common.h:588
size_t givenNameLen
Definition: x509_common.h:593
char char_t
Definition: compiler_port.h:43
@ X509_HASH_ALGO_MD5
Definition: x509_common.h:540
@ X509_VERSION_2
Definition: x509_common.h:393
X509IssuingDistrPoint issuingDistrPoint
Definition: x509_common.h:1054
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
Definition: x509_common.c:238
const char_t * commonName
Definition: x509_common.h:572
@ X509_REASON_FLAGS_SUPERSEDED
Definition: x509_common.h:472
const uint8_t X509_ISSUER_ALT_NAME_OID[3]
Definition: x509_common.c:106
X509ExtKeyUsageBitmap
Extended key usage.
Definition: x509_common.h:420
DateTime notBefore
Definition: x509_common.h:624
size_t initialsLen
Definition: x509_common.h:595
@ X509_SIGN_ALGO_RSA_PSS
Definition: x509_common.h:525
const uint8_t X509_LOCALITY_NAME_OID[3]
Definition: x509_common.c:75
const uint8_t X509_SURNAME_OID[3]
Definition: x509_common.c:69
size_t commonNameLen
Definition: x509_common.h:573
@ X509_KEY_TYPE_ED448
Definition: x509_common.h:513
@ X509_HASH_ALGO_SHA3_256
Definition: x509_common.h:547
@ X509_HASH_ALGO_SHA3_384
Definition: x509_common.h:548
const uint8_t X509_PSEUDONYM_OID[3]
Definition: x509_common.c:95
const uint8_t X509_KP_CLIENT_AUTH_OID[8]
Definition: x509_common.c:148
Issuer or subject name.
Definition: x509_common.h:568
X509CertificateIssuer certIssuer
Definition: x509_common.h:974
Subject public key information.
Definition: x509_common.h:694
@ X509_CRL_REASON_KEY_COMPROMISE
Definition: x509_common.h:487
@ X509_HASH_ALGO_SHA512
Definition: x509_common.h:545
const uint8_t * oid
Definition: x509_common.h:829
const uint8_t X509_COMMON_NAME_OID[3]
Definition: x509_common.c:67
X509SignatureValue signatureValue
Definition: x509_common.h:1086
CRL extensions.
Definition: x509_common.h:1048
DSA domain parameters.
Definition: x509_common.h:646
X509CrlReason reasonCode
Definition: x509_common.h:972
@ X509_KEY_TYPE_DSA
Definition: x509_common.h:508
@ X509_REASON_FLAGS_KEY_COMPROMISE
Definition: x509_common.h:469
size_t generationQualifierLen
Definition: x509_common.h:597
X509DistrPointName distributionPoint
Definition: x509_common.h:1035
const uint8_t * revokedCerts
Definition: x509_common.h:1072
const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[3]
Definition: x509_common.c:77
const char_t * generationQualifier
Definition: x509_common.h:596
CRL reason.
Definition: x509_common.h:932
bool_t critical
Definition: x509_common.h:996
@ X509_REASON_FLAGS_CESSATION_OF_OPERATION
Definition: x509_common.h:473
Basic constraints.
Definition: x509_common.h:718
CSR attributes.
Definition: x509_common.h:1118
@ X509_NS_CERT_TYPE_SSL_CA
Definition: x509_common.h:458
Delta CRL indicator.
Definition: x509_common.h:1006
@ X509_HASH_ALGO_SHA384
Definition: x509_common.h:544
const uint8_t X509_NS_CERT_TYPE_OID[9]
Definition: x509_common.c:141
DateTime thisUpdate
Definition: x509_common.h:1070
const uint8_t X509_CERTIFICATE_ISSUER_OID[3]
Definition: x509_common.c:120
@ X509_HASH_ALGO_SHA256
Definition: x509_common.h:543
const uint8_t X509_SUBJECT_KEY_ID_OID[3]
Definition: x509_common.c:100
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:1085
const char_t * countryName
Definition: x509_common.h:578
const uint8_t X509_EXTENSION_REQUEST_OID[9]
Definition: x509_common.c:161
RSASSA-PSS parameters.
Definition: x509_common.h:860
@ X509_EXT_KEY_USAGE_OCSP_SIGNING
Definition: x509_common.h:427
Name constraints.
Definition: x509_common.h:730
X.509 certificate extensions.
Definition: x509_common.h:841
const uint8_t X509_ISSUING_DISTR_POINT_OID[3]
Definition: x509_common.c:118
X509NameConstraints nameConstraints
Definition: x509_common.h:846
const uint8_t X509_INITIALS_OID[3]
Definition: x509_common.c:89
size_t countryNameLen
Definition: x509_common.h:579
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:923
const uint8_t X509_COUNTRY_NAME_OID[3]
Definition: x509_common.c:73
@ X509_EXT_KEY_USAGE_CODE_SIGNING
Definition: x509_common.h:424
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
Definition: x509_common.c:170
Common interface for hash algorithms.
Definition: crypto.h:1128
CRL number.
Definition: x509_common.h:994
const uint8_t * value
Definition: x509_common.h:795
@ X509_KEY_TYPE_UNKNOWN
Definition: x509_common.h:505
@ X509_CRL_REASON_PRIVILEGE_WITHDRAWN
Definition: x509_common.h:494
@ X509_CRL_REMOVE_FROM_CRL
Definition: x509_common.h:493
const uint8_t * p
Definition: x509_common.h:648
X509SerialNumber userCert
Definition: x509_common.h:984
const uint8_t * y
Definition: x509_common.h:663
@ X509_GENERAL_NAME_TYPE_OTHER
Definition: x509_common.h:438
X509ChallengePassword challengePwd
Definition: x509_common.h:1122
@ X509_CRL_REASON_UNSPECIFIED
Definition: x509_common.h:486
const char_t * givenName
Definition: x509_common.h:592
Serial number.
Definition: x509_common.h:557
size_t organizationNameLen
Definition: x509_common.h:585
@ X509_REASON_FLAGS_UNUSED
Definition: x509_common.h:468
@ X509_SIGN_ALGO_ED25519
Definition: x509_common.h:528
unsigned int uint_t
Definition: compiler_port.h:45
Issuing distribution point.
Definition: x509_common.h:1032
DateTime nextUpdate
Definition: x509_common.h:1071
const uint8_t X509_FRESHEST_CRL_OID[3]
Definition: x509_common.c:136
uint8_t bitmap
Definition: x509_common.h:819
@ X509_KEY_TYPE_ED25519
Definition: x509_common.h:511
@ X509_GENERAL_NAME_TYPE_IP_ADDRESS
Definition: x509_common.h:445
@ X509_KEY_USAGE_KEY_ENCIPHERMENT
Definition: x509_common.h:406
const uint8_t X509_BASIC_CONSTRAINTS_OID[3]
Definition: x509_common.c:108
X509KeyType
Public Key types.
Definition: x509_common.h:503
X509EcPublicKey ecPublicKey
Definition: x509_common.h:709
X509SubjectPublicKeyInfo subjectPublicKeyInfo
Definition: x509_common.h:911
const uint8_t * rawData
Definition: x509_common.h:1120
const char_t * serialNumber
Definition: x509_common.h:576
DSA public key.
Definition: x509_common.h:661
X509GeneralNameType
General name types.
Definition: x509_common.h:436
X509SubjectKeyId subjectKeyId
Definition: x509_common.h:850
X509Version version
Definition: x509_common.h:1067
CSR (Certificate Signing Request)
Definition: x509_common.h:1146
size_t stateOrProvinceNameLen
Definition: x509_common.h:583
@ X509_SIGN_ALGO_NONE
Definition: x509_common.h:523
const char_t * surname
Definition: x509_common.h:574
const char_t * dnQualifier
Definition: x509_common.h:598
X509AuthorityKeyId authKeyId
Definition: x509_common.h:1055
const uint8_t * value
Definition: x509_common.h:1109
X509Attributes attributes
Definition: x509_common.h:1138
@ X509_EXT_KEY_USAGE_EMAIL_PROTECTION
Definition: x509_common.h:425
Authority key identifier.
Definition: x509_common.h:804
const uint8_t * namedCurve
Definition: x509_common.h:674
@ X509_KEY_USAGE_CRL_SIGN
Definition: x509_common.h:410
const char_t * pseudonym
Definition: x509_common.h:600
PKCS#9 ChallengePassword attribute.
Definition: x509_common.h:1094
const uint8_t * baseCrlNumber
Definition: x509_common.h:1009
X509TbsCertificate tbsCert
Definition: x509_common.h:922
X509NsCertTypeBitmap
Netscape certificate types.
Definition: x509_common.h:454
const char_t * organizationName
Definition: x509_common.h:584
const uint8_t * rawData
Definition: x509_common.h:1133
@ X509_KEY_TYPE_X25519
Definition: x509_common.h:510
@ X509_SIGN_ALGO_DSA
Definition: x509_common.h:526
size_t organizationalUnitNameLen
Definition: x509_common.h:587
const uint8_t * hashAlgo
Definition: x509_common.h:862
@ X509_KEY_USAGE_KEY_CERT_SIGN
Definition: x509_common.h:409
@ X509_SIGN_ALGO_ED448
Definition: x509_common.h:529
const char_t * organizationalUnitName
Definition: x509_common.h:586
Key usage.
Definition: x509_common.h:744
const uint8_t X509_CERTIFICATE_POLICIES_OID[3]
Definition: x509_common.c:126
const uint8_t X509_GENERATION_QUALIFIER_OID[3]
Definition: x509_common.c:91