asn_public.h
Go to the documentation of this file.
1 /* asn_public.h
2  *
3  * Copyright (C) 2006-2020 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
21 
26 #ifndef WOLF_CRYPT_ASN_PUBLIC_H
27 #define WOLF_CRYPT_ASN_PUBLIC_H
28 
29 #include <wolfssl/wolfcrypt/types.h>
30 
31 #ifdef __cplusplus
32  extern "C" {
33 #endif
34 
35 /* guard on redeclaration */
36 #ifndef WC_ECCKEY_TYPE_DEFINED
37  typedef struct ecc_key ecc_key;
38  #define WC_ECCKEY_TYPE_DEFINED
39 #endif
40 #ifndef WC_ED25519KEY_TYPE_DEFINED
41  typedef struct ed25519_key ed25519_key;
42  #define WC_ED25519KEY_TYPE_DEFINED
43 #endif
44 #ifndef WC_ED448KEY_TYPE_DEFINED
45  typedef struct ed448_key ed448_key;
46  #define WC_ED448KEY_TYPE_DEFINED
47 #endif
48 #ifndef WC_RSAKEY_TYPE_DEFINED
49  typedef struct RsaKey RsaKey;
50  #define WC_RSAKEY_TYPE_DEFINED
51 #endif
52 #ifndef WC_RNG_TYPE_DEFINED
53  typedef struct WC_RNG WC_RNG;
54  #define WC_RNG_TYPE_DEFINED
55 #endif
56 
57 enum Ecc_Sum {
58  ECC_SECP112R1_OID = 182,
59  ECC_SECP112R2_OID = 183,
60  ECC_SECP128R1_OID = 204,
61  ECC_SECP128R2_OID = 205,
62  ECC_SECP160R1_OID = 184,
63  ECC_SECP160R2_OID = 206,
64  ECC_SECP160K1_OID = 185,
65  ECC_BRAINPOOLP160R1_OID = 98,
66  ECC_SECP192R1_OID = 520,
67  ECC_PRIME192V2_OID = 521,
68  ECC_PRIME192V3_OID = 522,
69  ECC_SECP192K1_OID = 207,
70  ECC_BRAINPOOLP192R1_OID = 100,
71  ECC_SECP224R1_OID = 209,
72  ECC_SECP224K1_OID = 208,
73  ECC_BRAINPOOLP224R1_OID = 102,
74  ECC_PRIME239V1_OID = 523,
75  ECC_PRIME239V2_OID = 524,
76  ECC_PRIME239V3_OID = 525,
77  ECC_SECP256R1_OID = 526,
78  ECC_SECP256K1_OID = 186,
79  ECC_BRAINPOOLP256R1_OID = 104,
80  ECC_X25519_OID = 365,
81  ECC_ED25519_OID = 256,
82  ECC_BRAINPOOLP320R1_OID = 106,
83  ECC_X448_OID = 362,
84  ECC_ED448_OID = 257,
85  ECC_SECP384R1_OID = 210,
86  ECC_BRAINPOOLP384R1_OID = 108,
87  ECC_BRAINPOOLP512R1_OID = 110,
88  ECC_SECP521R1_OID = 211,
89 };
90 
91 
92 /* Certificate file Type */
93 enum CertType {
94  CERT_TYPE = 0,
95  PRIVATEKEY_TYPE,
96  DH_PARAM_TYPE,
97  DSA_PARAM_TYPE,
98  CRL_TYPE,
99  CA_TYPE,
100  ECC_PRIVATEKEY_TYPE,
101  DSA_PRIVATEKEY_TYPE,
102  CERTREQ_TYPE,
103  DSA_TYPE,
104  ECC_TYPE,
105  RSA_TYPE,
106  PUBLICKEY_TYPE,
107  RSA_PUBLICKEY_TYPE,
108  ECC_PUBLICKEY_TYPE,
109  TRUSTED_PEER_TYPE,
110  EDDSA_PRIVATEKEY_TYPE,
111  ED25519_TYPE,
112  ED448_TYPE,
113  PKCS12_TYPE,
114  PKCS8_PRIVATEKEY_TYPE,
115  PKCS8_ENC_PRIVATEKEY_TYPE,
116  DETECT_CERT_TYPE,
117  DH_PRIVATEKEY_TYPE,
118 };
119 
120 
121 /* Signature type, by OID sum */
122 enum Ctc_SigType {
123  CTC_SHAwDSA = 517,
124  CTC_MD2wRSA = 646,
125  CTC_MD5wRSA = 648,
126  CTC_SHAwRSA = 649,
127  CTC_SHAwECDSA = 520,
128  CTC_SHA224wRSA = 658,
129  CTC_SHA224wECDSA = 523,
130  CTC_SHA256wRSA = 655,
131  CTC_SHA256wECDSA = 524,
132  CTC_SHA384wRSA = 656,
133  CTC_SHA384wECDSA = 525,
134  CTC_SHA512wRSA = 657,
135  CTC_SHA512wECDSA = 526,
136  CTC_ED25519 = 256,
137  CTC_ED448 = 257
138 };
139 
140 enum Ctc_Encoding {
141  CTC_UTF8 = 0x0c, /* utf8 */
142  CTC_PRINTABLE = 0x13 /* printable */
143 };
144 
145 #ifndef WC_CTC_NAME_SIZE
146  #define WC_CTC_NAME_SIZE 64
147 #endif
148 #ifndef WC_CTC_MAX_ALT_SIZE
149  #define WC_CTC_MAX_ALT_SIZE 16384
150 #endif
151 
152 enum Ctc_Misc {
153  CTC_COUNTRY_SIZE = 2,
154  CTC_NAME_SIZE = WC_CTC_NAME_SIZE,
155  CTC_DATE_SIZE = 32,
156  CTC_MAX_ALT_SIZE = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */
157  CTC_SERIAL_SIZE = 20,
158  CTC_GEN_SERIAL_SZ = 16,
159 #ifdef WOLFSSL_CERT_EXT
160  /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum
161  * We support only hash */
162  CTC_MAX_SKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
163  CTC_MAX_AKID_SIZE = 32, /* SHA256_DIGEST_SIZE */
164  CTC_MAX_CERTPOL_SZ = 64,
165  CTC_MAX_CERTPOL_NB = 2 /* Max number of Certificate Policy */
166 #endif /* WOLFSSL_CERT_EXT */
167 };
168 
169 /* DER buffer */
170 typedef struct DerBuffer {
171  byte* buffer;
172  void* heap;
173  word32 length;
174  int type; /* enum CertType */
175  int dynType; /* DYNAMIC_TYPE_* */
176 } DerBuffer;
177 
178 typedef struct WOLFSSL_ASN1_TIME {
179  unsigned char data[CTC_DATE_SIZE]; /* date bytes */
180  int length;
181  int type;
182 } WOLFSSL_ASN1_TIME;
183 
184 enum {
185  IV_SZ = 32, /* max iv sz */
186  NAME_SZ = 80, /* max one line */
187 
188  PEM_PASS_READ = 0,
189  PEM_PASS_WRITE = 1,
190 };
191 
192 
193 typedef int (pem_password_cb)(char* passwd, int sz, int rw, void* userdata);
194 
195 typedef struct EncryptedInfo {
196  pem_password_cb* passwd_cb;
197  void* passwd_userdata;
198 
199  long consumed; /* tracks PEM bytes consumed */
200 
201  int cipherType;
202  word32 keySz;
203  word32 ivSz; /* salt or encrypted IV size */
204 
205  char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */
206  byte iv[IV_SZ]; /* salt or encrypted IV */
207 
208  word16 set:1; /* if encryption set */
209 } EncryptedInfo;
210 
211 
212 #define WOLFSSL_ASN1_INTEGER_MAX 20
213 typedef struct WOLFSSL_ASN1_INTEGER {
214  /* size can be increased set at 20 for tag, length then to hold at least 16
215  * byte type */
216  unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX];
217  /* ASN_INTEGER | LENGTH | hex of number */
218  unsigned char negative; /* negative number flag */
219 
220  unsigned char* data;
221  unsigned int dataMax; /* max size of data buffer */
222  unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */
223 
224  int length;
225  int type;
226 } WOLFSSL_ASN1_INTEGER;
227 
228 
229 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
230 #ifdef WOLFSSL_EKU_OID
231  #ifndef CTC_MAX_EKU_NB
232  #define CTC_MAX_EKU_NB 1
233  #endif
234  #ifndef CTC_MAX_EKU_OID_SZ
235  #define CTC_MAX_EKU_OID_SZ 30
236  #endif
237 #else
238  #undef CTC_MAX_EKU_OID_SZ
239  #define CTC_MAX_EKU_OID_SZ 0
240 #endif
241 #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
242 
243 #ifdef WOLFSSL_CERT_GEN
244 
245 #ifdef WOLFSSL_MULTI_ATTRIB
246 #ifndef CTC_MAX_ATTRIB
247  #define CTC_MAX_ATTRIB 4
248 #endif
249 
250 /* ASN Encoded Name field */
251 typedef struct NameAttrib {
252  int sz; /* actual string value length */
253  int id; /* id of name */
254  int type; /* enc of name */
255  char value[CTC_NAME_SIZE]; /* name */
256 } NameAttrib;
257 #endif /* WOLFSSL_MULTI_ATTRIB */
258 
259 
260 typedef struct CertName {
261  char country[CTC_NAME_SIZE];
262  char countryEnc;
263  char state[CTC_NAME_SIZE];
264  char stateEnc;
265  char locality[CTC_NAME_SIZE];
266  char localityEnc;
267  char sur[CTC_NAME_SIZE];
268  char surEnc;
269  char org[CTC_NAME_SIZE];
270  char orgEnc;
271  char unit[CTC_NAME_SIZE];
272  char unitEnc;
273  char commonName[CTC_NAME_SIZE];
274  char commonNameEnc;
275  char serialDev[CTC_NAME_SIZE];
276  char serialDevEnc;
277 #ifdef WOLFSSL_CERT_EXT
278  char busCat[CTC_NAME_SIZE];
279  char busCatEnc;
280  char joiC[CTC_NAME_SIZE];
281  char joiCEnc;
282  char joiSt[CTC_NAME_SIZE];
283  char joiStEnc;
284 #endif
285  char email[CTC_NAME_SIZE]; /* !!!! email has to be last !!!! */
286 #ifdef WOLFSSL_MULTI_ATTRIB
287  NameAttrib name[CTC_MAX_ATTRIB];
288 #endif
289 } CertName;
290 
291 
292 /* for user to fill for certificate generation */
293 typedef struct Cert {
294  int version; /* x509 version */
295  byte serial[CTC_SERIAL_SIZE]; /* serial number */
296  int serialSz; /* serial size */
297  int sigType; /* signature algo type */
298  CertName issuer; /* issuer info */
299  int daysValid; /* validity days */
300  int selfSigned; /* self signed flag */
301  CertName subject; /* subject info */
302  int isCA; /* is this going to be a CA */
303  /* internal use only */
304  int bodySz; /* pre sign total size */
305  int keyType; /* public key type of subject */
306 #ifdef WOLFSSL_ALT_NAMES
307  byte altNames[CTC_MAX_ALT_SIZE]; /* altNames copy */
308  int altNamesSz; /* altNames size in bytes */
309  byte beforeDate[CTC_DATE_SIZE]; /* before date copy */
310  int beforeDateSz; /* size of copy */
311  byte afterDate[CTC_DATE_SIZE]; /* after date copy */
312  int afterDateSz; /* size of copy */
313 #endif
314 #ifdef WOLFSSL_CERT_EXT
315  byte skid[CTC_MAX_SKID_SIZE]; /* Subject Key Identifier */
316  int skidSz; /* SKID size in bytes */
317  byte akid[CTC_MAX_AKID_SIZE]; /* Authority Key Identifier */
318  int akidSz; /* AKID size in bytes */
319  word16 keyUsage; /* Key Usage */
320  byte extKeyUsage; /* Extended Key Usage */
321 #ifdef WOLFSSL_EKU_OID
322  /* Extended Key Usage OIDs */
323  byte extKeyUsageOID[CTC_MAX_EKU_NB][CTC_MAX_EKU_OID_SZ];
324  byte extKeyUsageOIDSz[CTC_MAX_EKU_NB];
325 #endif
326  char certPolicies[CTC_MAX_CERTPOL_NB][CTC_MAX_CERTPOL_SZ];
327  word16 certPoliciesNb; /* Number of Cert Policy */
328  byte issRaw[sizeof(CertName)]; /* raw issuer info */
329  byte sbjRaw[sizeof(CertName)]; /* raw subject info */
330 #endif
331 #ifdef WOLFSSL_CERT_REQ
332  char challengePw[CTC_NAME_SIZE];
333  int challengePwPrintableString; /* encode as PrintableString */
334 #endif
335  void* decodedCert; /* internal DecodedCert allocated from heap */
336  byte* der; /* Pointer to buffer of current DecodedCert cache */
337  void* heap; /* heap hint */
338 } Cert;
339 
340 
341 /* Initialize and Set Certificate defaults:
342  version = 3 (0x2)
343  serial = 0 (Will be randomly generated)
344  sigType = SHA_WITH_RSA
345  issuer = blank
346  daysValid = 500
347  selfSigned = 1 (true) use subject as issuer
348  subject = blank
349  isCA = 0 (false)
350  keyType = RSA_KEY (default)
351 */
352 WOLFSSL_API int wc_InitCert(Cert*);
353 WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz,
354  int keyType, void* key, WC_RNG* rng);
355 WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
356  ecc_key*, WC_RNG*);
357 #ifdef WOLFSSL_CERT_REQ
358  WOLFSSL_API int wc_MakeCertReq_ex(Cert*, byte* derBuffer, word32 derSz,
359  int, void*);
360  WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
361  RsaKey*, ecc_key*);
362 #endif
363 WOLFSSL_API int wc_SignCert_ex(int requestSz, int sType, byte* buffer,
364  word32 buffSz, int keyType, void* key,
365  WC_RNG* rng);
366 WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
367  word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
368 WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
369  WC_RNG*);
370 WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
371 WOLFSSL_API int wc_SetSubject(Cert*, const char*);
372 #ifdef WOLFSSL_ALT_NAMES
373  WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
374 #endif
375 
376 #ifdef WOLFSSL_CERT_GEN_CACHE
377 WOLFSSL_API void wc_SetCert_Free(Cert* cert);
378 #endif
379 
380 WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
381 WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int);
382 WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
383 WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int);
384 
385 #ifndef NO_ASN_TIME
386 WOLFSSL_API int wc_GetCertDates(Cert* cert, struct tm* before,
387  struct tm* after);
388 #endif
389 
390 #ifdef WOLFSSL_CERT_EXT
391 WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType,
392  void* key);
393 WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
394  ecc_key *eckey);
395 WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz);
396 WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file);
397 WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType,
398  void* key);
399 WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
400  ecc_key *eckey);
401 WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file);
402 WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert);
403 WOLFSSL_API int wc_SetSubjectRaw(Cert* cert, const byte* der, int derSz);
404 WOLFSSL_API int wc_SetIssuerRaw(Cert* cert, const byte* der, int derSz);
405 
406 #ifdef HAVE_NTRU
407 WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,
408  word16 ntruKeySz);
409 #endif
410 
411 /* Set the KeyUsage.
412  * Value is a string separated tokens with ','. Accepted tokens are :
413  * digitalSignature,nonRepudiation,contentCommitment,keyCertSign,cRLSign,
414  * dataEncipherment,keyAgreement,keyEncipherment,encipherOnly and decipherOnly.
415  *
416  * nonRepudiation and contentCommitment are for the same usage.
417  */
418 WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
419 
420 /* Set ExtendedKeyUsage
421  * Value is a string separated tokens with ','. Accepted tokens are :
422  * any,serverAuth,clientAuth,codeSigning,emailProtection,timeStamping,OCSPSigning
423  */
424 WOLFSSL_API int wc_SetExtKeyUsage(Cert *cert, const char *value);
425 
426 
427 #ifdef WOLFSSL_EKU_OID
428 /* Set ExtendedKeyUsage with unique OID
429  * oid is expected to be in byte representation
430  */
431 WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz,
432  byte idx, void* heap);
433 #endif /* WOLFSSL_EKU_OID */
434 #endif /* WOLFSSL_CERT_EXT */
435 
436  #ifdef HAVE_NTRU
437  WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
438  const byte* ntruKey, word16 keySz,
439  WC_RNG*);
440  #endif
441 
442 #endif /* WOLFSSL_CERT_GEN */
443 
444 WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz,
445  const byte** date, byte* format, int* length);
446 #ifndef NO_ASN_TIME
447 WOLFSSL_API int wc_GetDateAsCalendarTime(const byte* date, int length,
448  byte format, struct tm* time);
449 #endif
450 
451 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
452 
453  WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header,
454  const char** footer);
455 
456 #endif
457 
458 WOLFSSL_API int wc_AllocDer(DerBuffer** pDer, word32 length, int type, void* heap);
459 WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
460 
461 #ifdef WOLFSSL_PEM_TO_DER
462  WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type,
463  DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey);
464 
465  WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int,
466  unsigned char*, int, const char*);
467  WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
468  unsigned char*, int, int);
469 #endif /* WOLFSSL_PEM_TO_DER */
470 
471 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
472  #ifndef NO_FILESYSTEM
473  WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName,
474  unsigned char* derBuf, int derSz);
475  #endif
476 
477  WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
478  unsigned char*, int);
479 #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
480 
481 #ifdef WOLFSSL_CERT_GEN
482  #ifndef NO_FILESYSTEM
483  WOLFSSL_API int wc_PemCertToDer(const char* fileName,
484  unsigned char* derBuf, int derSz);
485  #endif
486 #endif /* WOLFSSL_CERT_GEN */
487 
488 #ifdef WOLFSSL_DER_TO_PEM
489  WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
490  word32 outputSz, int type);
491  WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
492  word32 outputSz, byte *cipherIno, int type);
493 #endif
494 
495 #ifndef NO_RSA
496  #if !defined(HAVE_USER_RSA)
497  WOLFSSL_API int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx,
498  word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz);
499  #endif
500  WOLFSSL_API int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header);
501 #endif
502 
503 #ifdef HAVE_ECC
504  /* private key helpers */
505  WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,
506  ecc_key*, word32);
507  WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen);
508  WOLFSSL_API int wc_EccPrivateKeyToDer(ecc_key* key, byte* output,
509  word32 inLen);
510  WOLFSSL_API int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output,
511  word32* outLen);
512 
513  /* public key helper */
514  WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*,
515  ecc_key*, word32);
516  WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output,
517  word32 inLen, int with_AlgCurve);
518  WOLFSSL_API int wc_EccPublicKeyDerSize(ecc_key*, int with_AlgCurve);
519 #endif
520 
521 #ifdef HAVE_ED25519
522  /* private key helpers */
523  WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*,
524  ed25519_key*, word32);
525  WOLFSSL_API int wc_Ed25519KeyToDer(ed25519_key* key, byte* output,
526  word32 inLen);
527  WOLFSSL_API int wc_Ed25519PrivateKeyToDer(ed25519_key* key, byte* output,
528  word32 inLen);
529 
530  /* public key helper */
531  WOLFSSL_API int wc_Ed25519PublicKeyDecode(const byte*, word32*,
532  ed25519_key*, word32);
533  #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
534  WOLFSSL_API int wc_Ed25519PublicKeyToDer(ed25519_key*, byte* output,
535  word32 inLen, int with_AlgCurve);
536  #endif
537 #endif
538 
539 #ifdef HAVE_ED448
540  /* private key helpers */
541  WOLFSSL_API int wc_Ed448PrivateKeyDecode(const byte*, word32*,
542  ed448_key*, word32);
543  WOLFSSL_API int wc_Ed448KeyToDer(ed448_key* key, byte* output,
544  word32 inLen);
545  WOLFSSL_API int wc_Ed448PrivateKeyToDer(ed448_key* key, byte* output,
546  word32 inLen);
547 
548  /* public key helper */
549  WOLFSSL_API int wc_Ed448PublicKeyDecode(const byte*, word32*,
550  ed448_key*, word32);
551  #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN))
552  WOLFSSL_API int wc_Ed448PublicKeyToDer(ed448_key*, byte* output,
553  word32 inLen, int with_AlgCurve);
554  #endif
555 #endif
556 
557 /* DER encode signature */
558 WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest,
559  word32 digSz, int hashOID);
560 WOLFSSL_API int wc_GetCTC_HashOID(int type);
561 
562 WOLFSSL_API int wc_GetPkcs8TraditionalOffset(byte* input,
563  word32* inOutIdx, word32 sz);
564 WOLFSSL_API int wc_CreatePKCS8Key(byte* out, word32* outSz,
565  byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz);
566 
567 #ifndef NO_ASN_TIME
568 /* Time */
569 /* Returns seconds (Epoch/UTC)
570  * timePtr: is "time_t", which is typically "long"
571  * Example:
572  long lTime;
573  rc = wc_GetTime(&lTime, (word32)sizeof(lTime));
574 */
575 WOLFSSL_API int wc_GetTime(void* timePtr, word32 timeSize);
576 #endif
577 
578 #ifdef WOLFSSL_ENCRYPTED_KEYS
579  WOLFSSL_API int wc_EncryptedInfoGet(EncryptedInfo* info,
580  const char* cipherInfo);
581 #endif
582 
583 
584 #ifdef WOLFSSL_CERT_PIV
585 
586 typedef struct _wc_CertPIV {
587  const byte* cert;
588  word32 certSz;
589  const byte* certErrDet;
590  word32 certErrDetSz;
591  const byte* nonce; /* Identiv Only */
592  word32 nonceSz; /* Identiv Only */
593  const byte* signedNonce; /* Identiv Only */
594  word32 signedNonceSz; /* Identiv Only */
595 
596  /* flags */
597  word16 compression:2;
598  word16 isX509:1;
599  word16 isIdentiv:1;
600 } wc_CertPIV;
601 
602 WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz);
603 #endif /* WOLFSSL_CERT_PIV */
604 
605 
606 #ifdef __cplusplus
607  } /* extern "C" */
608 #endif
609 
610 #endif /* WOLF_CRYPT_ASN_PUBLIC_H */
wc_EccPublicKeyToDer
WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key *, byte *output, word32 inLen, int with_AlgCurve)
This function converts the ECC public key to DER format. It returns the size of buffer used...
Definition: asn.c:11565
ed448_key
Definition: ed448.h:77
wc_MakeNtruCert
WOLFSSL_API int wc_MakeNtruCert(Cert *, byte *derBuffer, word32 derSz, const byte *ntruKey, word16 keySz, WC_RNG *)
Used to make CA signed certs. Called after the subject information has been entered. This function makes an NTRU Certificate from a cert input. It then writes this cert to derBuffer. It takes in an ntruKey and a rng to generate the certificate. The certificate must be initialized with wc_InitCert before this method is called.
Definition: asn.c:13440
wc_PemCertToDer
WOLFSSL_API int wc_PemCertToDer(const char *fileName, unsigned char *derBuf, int derSz)
This function converts a pem certificate to a der certificate, and places the resulting certificate i...
Definition: asn.c:10776
wc_EncodeSignature
WOLFSSL_API word32 wc_EncodeSignature(byte *out, const byte *digest, word32 digSz, int hashOID)
This function encodes a digital signature into the output buffer, and returns the size of the encoded...
Definition: asn.c:6852
wc_CertPemToDer
WOLFSSL_API int wc_CertPemToDer(const unsigned char *, int, unsigned char *, int, int)
This function converts a PEM formatted certificate to DER format. Calls OpenSSL function PemToDer...
Definition: asn.c:10692
wc_MakeCert
WOLFSSL_API int wc_MakeCert(Cert *, byte *derBuffer, word32 derSz, RsaKey *, ecc_key *, WC_RNG *)
Used to make CA signed certs. Called after the subject information has been entered. This function makes an x509 Certificate v3 RSA or ECC from a cert input. It then writes this cert to derBuffer. It takes in either an rsaKey or an eccKey to generate the certificate. The certificate must be initialized with wc_InitCert before this method is called.
Definition: asn.c:13430
wc_KeyPemToDer
WOLFSSL_API int wc_KeyPemToDer(const unsigned char *, int, unsigned char *, int, const char *)
Converts a key in PEM format to DER format.
Definition: asn.c:10636
wc_GetSubjectRaw
WOLFSSL_API int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert)
This function gets the raw subject from the certificate structure.
Definition: asn.c:13943
wc_MakeCertReq
WOLFSSL_API int wc_MakeCertReq(Cert *, byte *derBuffer, word32 derSz, RsaKey *, ecc_key *)
This function makes a certificate signing request using the input certificate and writes the output t...
Definition: asn.c:13810
wc_SetSubjectKeyId
WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char *file)
Set SKID from public key file in PEM format. Both arguments are required.
Definition: asn.c:14097
_wc_CertPIV
Definition: asn_public.h:586
wc_SetSubjectKeyIdFromPublicKey
WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey)
Set SKID from RSA or ECC public key.
Definition: asn.c:14050
wc_SetSubjectKeyIdFromNtruPublicKey
WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey, word16 ntruKeySz)
Set SKID from NTRU public key.
Definition: asn.c:14058
EncryptedInfo
Definition: asn_public.h:195
wc_SetIssuer
WOLFSSL_API int wc_SetIssuer(Cert *, const char *)
This function sets the issuer for a certificate to the issuer in the provided pem issuerFile...
Definition: asn.c:14701
CertName
Definition: asn_public.h:260
wc_SetAuthKeyIdFromPublicKey
WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey)
Set AKID from either an RSA or ECC public key. note: Only set one of rsakey or eckey, not both.
Definition: asn.c:14087
wc_SetDatesBuffer
WOLFSSL_API int wc_SetDatesBuffer(Cert *, const byte *, int)
This function sets the dates for a certificate from the date range in the provided der buffer...
Definition: asn.c:14925
wc_SetAltNamesBuffer
WOLFSSL_API int wc_SetAltNamesBuffer(Cert *, const byte *, int)
This function sets the alternate names for a certificate from the alternate names in the provided der...
Definition: asn.c:14899
wc_DerToPemEx
WOLFSSL_API int wc_DerToPemEx(const byte *der, word32 derSz, byte *output, word32 outputSz, byte *cipherIno, int type)
This function converts a der formatted input certificate, contained in the der buffer, into a pem formatted output certificate, contained in the output buffer. It should be noted that this is not an in place conversion, and a separate buffer must be utilized to store the pem formatted output. Allows setting cipher info.
Definition: asn.c:10173
wc_GetCTC_HashOID
WOLFSSL_API int wc_GetCTC_HashOID(int type)
This function returns the hash OID that corresponds to a hashing type. For example, when given the type: SHA512, this function returns the identifier corresponding to a SHA512 hash, SHA512h.
Definition: asn.c:6874
wc_SetSubjectRaw
WOLFSSL_API int wc_SetSubjectRaw(Cert *cert, const byte *der, int derSz)
This function sets the raw subject for a certificate from the subject in the provided der buffer...
Definition: asn.c:14833
wc_SetAuthKeyId
WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char *file)
Set AKID from certificate file in PEM format.
Definition: asn.c:14250
wc_SetSubject
WOLFSSL_API int wc_SetSubject(Cert *, const char *)
This function sets the subject for a certificate to the subject in the provided pem subjectFile...
Definition: asn.c:14726
wc_SetIssuerBuffer
WOLFSSL_API int wc_SetIssuerBuffer(Cert *, const byte *, int)
This function sets the issuer for a certificate from the issuer in the provided der buffer...
Definition: asn.c:14779
WOLFSSL_ASN1_TIME
Definition: asn_public.h:178
wc_SetAuthKeyIdFromCert
WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz)
Set AKID from from DER encoded certificate.
Definition: asn.c:14221
ecc_key
Definition: ecc.h:357
wc_EccPublicKeyDecode
WOLFSSL_API int wc_EccPublicKeyDecode(const byte *, word32 *, ecc_key *, word32)
Decodes an ECC public key from an input buffer. It will parse an ASN sequence to retrieve the ECC key...
Definition: asn.c:15369
wc_SignCert
WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte *derBuffer, word32 derSz, RsaKey *, ecc_key *, WC_RNG *)
This function signs buffer and adds the signature to the end of buffer. It takes in a signature type...
Definition: asn.c:13918
WC_RNG
Definition: random.h:153
wc_EccPrivateKeyDecode
WOLFSSL_API int wc_EccPrivateKeyDecode(const byte *, word32 *, ecc_key *, word32)
This function reads in an ECC private key from the input buffer, input, parses the private key...
Definition: asn.c:15166
wc_SetSubjectBuffer
WOLFSSL_API int wc_SetSubjectBuffer(Cert *, const byte *, int)
This function sets the subject for a certificate from the subject in the provided der buffer...
Definition: asn.c:14807
wc_SetKeyUsage
WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value)
This function allows you to set the key usage using a comma delimited string of tokens. Accepted tokens are: digitalSignature, nonRepudiation, contentCommitment, keyCertSign, cRLSign, dataEncipherment, keyAgreement, keyEncipherment, encipherOnly, decipherOnly. Example: "digitalSignature,nonRepudiation" nonRepudiation and contentCommitment are for the same usage.
Definition: asn.c:14281
wc_InitCert
WOLFSSL_API int wc_InitCert(Cert *)
This function initializes a default cert, with the default options: version = 3 (0x2), serial = 0, sigType = SHA_WITH_RSA, issuer = blank, daysValid = 500, selfSigned = 1 (true) use subject as issuer, subject = blank.
Definition: asn.c:11273
wc_SetIssuerRaw
WOLFSSL_API int wc_SetIssuerRaw(Cert *cert, const byte *der, int derSz)
This function sets the raw issuer for a certificate from the issuer in the provided der buffer...
Definition: asn.c:14865
NameAttrib
Definition: asn_public.h:251
wc_SetAltNames
WOLFSSL_API int wc_SetAltNames(Cert *, const char *)
This function sets the alternate names for a certificate to the alternate names in the provided pem f...
Definition: asn.c:14752
ed25519_key
Definition: ed25519.h:78
wc_PemPubKeyToDer
WOLFSSL_API int wc_PemPubKeyToDer(const char *fileName, unsigned char *derBuf, int derSz)
Loads a PEM key from a file and converts to a DER encoded buffer.
Definition: asn.c:10856
Cert
Definition: asn_public.h:293
RsaKey
Definition: user_rsa.h:60
wc_MakeSelfCert
WOLFSSL_API int wc_MakeSelfCert(Cert *, byte *derBuffer, word32 derSz, RsaKey *, WC_RNG *)
This function is a combination of the previous two functions, wc_MakeCert and wc_SignCert for self si...
Definition: asn.c:13925
wc_EccKeyToDer
WOLFSSL_API int wc_EccKeyToDer(ecc_key *, byte *output, word32 inLen)
This function writes a private ECC key to der format.
Definition: asn.c:15685
wc_DerToPem
WOLFSSL_API int wc_DerToPem(const byte *der, word32 derSz, byte *output, word32 outputSz, int type)
This function converts a der formatted input certificate, contained in the der buffer, into a pem formatted output certificate, contained in the output buffer. It should be noted that this is not an in place conversion, and a separate buffer must be utilized to store the pem formatted output.
Definition: asn.c:10165
DerBuffer
Definition: asn_public.h:170
wc_SetCert_Free
WOLFSSL_API void wc_SetCert_Free(Cert *cert)
This function cleans up memory and resources used by the certificate structure&#39;s decoded cert cache...
wc_PubKeyPemToDer
WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char *, int, unsigned char *, int)
Convert a PEM encoded public key to DER. Returns the number of bytes written to the buffer or a negat...
Definition: asn.c:10738
WOLFSSL_ASN1_INTEGER
Definition: asn_public.h:213