x509_common.h
Go to the documentation of this file.
1 /**
2  * @file x509_common.h
3  * @brief X.509 common definitions
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2023 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.2.4
29  **/
30 
31 #ifndef _X509_COMMON_H
32 #define _X509_COMMON_H
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkc/rsa.h"
37 #include "pkc/dsa.h"
38 #include "ecc/ecdsa.h"
39 #include "ecc/eddsa.h"
40 #include "date_time.h"
41 
42 //Signature generation/verification callback functions
43 #ifndef X509_SIGN_CALLBACK_SUPPORT
44  #define X509_SIGN_CALLBACK_SUPPORT DISABLED
45 #elif (X509_SIGN_CALLBACK_SUPPORT != ENABLED && X509_SIGN_CALLBACK_SUPPORT != DISABLED)
46  #error X509_SIGN_CALLBACK_SUPPORT parameter is not valid
47 #endif
48 
49 //RSA certificate support
50 #ifndef X509_RSA_SUPPORT
51  #define X509_RSA_SUPPORT ENABLED
52 #elif (X509_RSA_SUPPORT != ENABLED && X509_RSA_SUPPORT != DISABLED)
53  #error X509_RSA_SUPPORT
54 #endif
55 
56 //RSA-PSS certificate support
57 #ifndef X509_RSA_PSS_SUPPORT
58  #define X509_RSA_PSS_SUPPORT DISABLED
59 #elif (X509_RSA_PSS_SUPPORT != ENABLED && X509_RSA_PSS_SUPPORT != DISABLED)
60  #error X509_RSA_PSS_SUPPORT
61 #endif
62 
63 //DSA certificate support
64 #ifndef X509_DSA_SUPPORT
65  #define X509_DSA_SUPPORT DISABLED
66 #elif (X509_DSA_SUPPORT != ENABLED && X509_DSA_SUPPORT != DISABLED)
67  #error X509_DSA_SUPPORT parameter is not valid
68 #endif
69 
70 //ECDSA certificate support
71 #ifndef X509_ECDSA_SUPPORT
72  #define X509_ECDSA_SUPPORT ENABLED
73 #elif (X509_ECDSA_SUPPORT != ENABLED && X509_ECDSA_SUPPORT != DISABLED)
74  #error X509_ECDSA_SUPPORT parameter is not valid
75 #endif
76 
77 //MD5 hash support (insecure)
78 #ifndef X509_MD5_SUPPORT
79  #define X509_MD5_SUPPORT DISABLED
80 #elif (X509_MD5_SUPPORT != ENABLED && X509_MD5_SUPPORT != DISABLED)
81  #error X509_MD5_SUPPORT parameter is not valid
82 #endif
83 
84 //SHA-1 hash support (weak)
85 #ifndef X509_SHA1_SUPPORT
86  #define X509_SHA1_SUPPORT DISABLED
87 #elif (X509_SHA1_SUPPORT != ENABLED && X509_SHA1_SUPPORT != DISABLED)
88  #error X509_SHA1_SUPPORT parameter is not valid
89 #endif
90 
91 //SHA-224 hash support (weak)
92 #ifndef X509_SHA224_SUPPORT
93  #define X509_SHA224_SUPPORT DISABLED
94 #elif (X509_SHA224_SUPPORT != ENABLED && X509_SHA224_SUPPORT != DISABLED)
95  #error X509_SHA224_SUPPORT parameter is not valid
96 #endif
97 
98 //SHA-256 hash support
99 #ifndef X509_SHA256_SUPPORT
100  #define X509_SHA256_SUPPORT ENABLED
101 #elif (X509_SHA256_SUPPORT != ENABLED && X509_SHA256_SUPPORT != DISABLED)
102  #error X509_SHA256_SUPPORT parameter is not valid
103 #endif
104 
105 //SHA-384 hash support
106 #ifndef X509_SHA384_SUPPORT
107  #define X509_SHA384_SUPPORT ENABLED
108 #elif (X509_SHA384_SUPPORT != ENABLED && X509_SHA384_SUPPORT != DISABLED)
109  #error X509_SHA384_SUPPORT parameter is not valid
110 #endif
111 
112 //SHA-512 hash support
113 #ifndef X509_SHA512_SUPPORT
114  #define X509_SHA512_SUPPORT ENABLED
115 #elif (X509_SHA512_SUPPORT != ENABLED && X509_SHA512_SUPPORT != DISABLED)
116  #error X509_SHA512_SUPPORT parameter is not valid
117 #endif
118 
119 //SHA3-224 hash support
120 #ifndef X509_SHA3_224_SUPPORT
121  #define X509_SHA3_224_SUPPORT DISABLED
122 #elif (X509_SHA3_224_SUPPORT != ENABLED && X509_SHA3_224_SUPPORT != DISABLED)
123  #error X509_SHA3_224_SUPPORT parameter is not valid
124 #endif
125 
126 //SHA3-256 hash support
127 #ifndef X509_SHA3_256_SUPPORT
128  #define X509_SHA3_256_SUPPORT DISABLED
129 #elif (X509_SHA3_256_SUPPORT != ENABLED && X509_SHA3_256_SUPPORT != DISABLED)
130  #error X509_SHA3_256_SUPPORT parameter is not valid
131 #endif
132 
133 //SHA3-384 hash support
134 #ifndef X509_SHA3_384_SUPPORT
135  #define X509_SHA3_384_SUPPORT DISABLED
136 #elif (X509_SHA3_384_SUPPORT != ENABLED && X509_SHA3_384_SUPPORT != DISABLED)
137  #error X509_SHA3_384_SUPPORT parameter is not valid
138 #endif
139 
140 //SHA3-512 hash support
141 #ifndef X509_SHA3_512_SUPPORT
142  #define X509_SHA3_512_SUPPORT DISABLED
143 #elif (X509_SHA3_512_SUPPORT != ENABLED && X509_SHA3_512_SUPPORT != DISABLED)
144  #error X509_SHA3_512_SUPPORT parameter is not valid
145 #endif
146 
147 //secp112r1 elliptic curve support (weak)
148 #ifndef X509_SECP112R1_SUPPORT
149  #define X509_SECP112R1_SUPPORT DISABLED
150 #elif (X509_SECP112R1_SUPPORT != ENABLED && X509_SECP112R1_SUPPORT != DISABLED)
151  #error X509_SECP112R1_SUPPORT parameter is not valid
152 #endif
153 
154 //secp112r2 elliptic curve support (weak)
155 #ifndef X509_SECP112R2_SUPPORT
156  #define X509_SECP112R2_SUPPORT DISABLED
157 #elif (X509_SECP112R2_SUPPORT != ENABLED && X509_SECP112R2_SUPPORT != DISABLED)
158  #error X509_SECP112R2_SUPPORT parameter is not valid
159 #endif
160 
161 //secp128r1 elliptic curve support (weak)
162 #ifndef X509_SECP128R1_SUPPORT
163  #define X509_SECP128R1_SUPPORT DISABLED
164 #elif (X509_SECP128R1_SUPPORT != ENABLED && X509_SECP128R1_SUPPORT != DISABLED)
165  #error X509_SECP128R1_SUPPORT parameter is not valid
166 #endif
167 
168 //secp128r2 elliptic curve support (weak)
169 #ifndef X509_SECP128R2_SUPPORT
170  #define X509_SECP128R2_SUPPORT DISABLED
171 #elif (X509_SECP128R2_SUPPORT != ENABLED && X509_SECP128R2_SUPPORT != DISABLED)
172  #error X509_SECP128R2_SUPPORT parameter is not valid
173 #endif
174 
175 //secp160k1 elliptic curve support (weak)
176 #ifndef X509_SECP160K1_SUPPORT
177  #define X509_SECP160K1_SUPPORT DISABLED
178 #elif (X509_SECP160K1_SUPPORT != ENABLED && X509_SECP160K1_SUPPORT != DISABLED)
179  #error X509_SECP160K1_SUPPORT parameter is not valid
180 #endif
181 
182 //secp160r1 elliptic curve support (weak)
183 #ifndef X509_SECP160R1_SUPPORT
184  #define X509_SECP160R1_SUPPORT DISABLED
185 #elif (X509_SECP160R1_SUPPORT != ENABLED && X509_SECP160R1_SUPPORT != DISABLED)
186  #error X509_SECP160R1_SUPPORT parameter is not valid
187 #endif
188 
189 //secp160r2 elliptic curve support (weak)
190 #ifndef X509_SECP160R2_SUPPORT
191  #define X509_SECP160R2_SUPPORT DISABLED
192 #elif (X509_SECP160R2_SUPPORT != ENABLED && X509_SECP160R2_SUPPORT != DISABLED)
193  #error X509_SECP160R2_SUPPORT parameter is not valid
194 #endif
195 
196 //secp192k1 elliptic curve support
197 #ifndef X509_SECP192K1_SUPPORT
198  #define X509_SECP192K1_SUPPORT DISABLED
199 #elif (X509_SECP192K1_SUPPORT != ENABLED && X509_SECP192K1_SUPPORT != DISABLED)
200  #error X509_SECP192K1_SUPPORT parameter is not valid
201 #endif
202 
203 //secp192r1 elliptic curve support (NIST P-192)
204 #ifndef X509_SECP192R1_SUPPORT
205  #define X509_SECP192R1_SUPPORT DISABLED
206 #elif (X509_SECP192R1_SUPPORT != ENABLED && X509_SECP192R1_SUPPORT != DISABLED)
207  #error X509_SECP192R1_SUPPORT parameter is not valid
208 #endif
209 
210 //secp224k1 elliptic curve support
211 #ifndef X509_SECP224K1_SUPPORT
212  #define X509_SECP224K1_SUPPORT DISABLED
213 #elif (X509_SECP224K1_SUPPORT != ENABLED && X509_SECP224K1_SUPPORT != DISABLED)
214  #error X509_SECP224K1_SUPPORT parameter is not valid
215 #endif
216 
217 //secp224r1 elliptic curve support (NIST P-224)
218 #ifndef X509_SECP224R1_SUPPORT
219  #define X509_SECP224R1_SUPPORT DISABLED
220 #elif (X509_SECP224R1_SUPPORT != ENABLED && X509_SECP224R1_SUPPORT != DISABLED)
221  #error X509_SECP224R1_SUPPORT parameter is not valid
222 #endif
223 
224 //secp256k1 elliptic curve support
225 #ifndef X509_SECP256K1_SUPPORT
226  #define X509_SECP256K1_SUPPORT DISABLED
227 #elif (X509_SECP256K1_SUPPORT != ENABLED && X509_SECP256K1_SUPPORT != DISABLED)
228  #error X509_SECP256K1_SUPPORT parameter is not valid
229 #endif
230 
231 //secp256r1 elliptic curve support (NIST P-256)
232 #ifndef X509_SECP256R1_SUPPORT
233  #define X509_SECP256R1_SUPPORT ENABLED
234 #elif (X509_SECP256R1_SUPPORT != ENABLED && X509_SECP256R1_SUPPORT != DISABLED)
235  #error X509_SECP256R1_SUPPORT parameter is not valid
236 #endif
237 
238 //secp384r1 elliptic curve support (NIST P-384)
239 #ifndef X509_SECP384R1_SUPPORT
240  #define X509_SECP384R1_SUPPORT ENABLED
241 #elif (X509_SECP384R1_SUPPORT != ENABLED && X509_SECP384R1_SUPPORT != DISABLED)
242  #error X509_SECP384R1_SUPPORT parameter is not valid
243 #endif
244 
245 //secp521r1 elliptic curve support (NIST P-521)
246 #ifndef X509_SECP521R1_SUPPORT
247  #define X509_SECP521R1_SUPPORT ENABLED
248 #elif (X509_SECP521R1_SUPPORT != ENABLED && X509_SECP521R1_SUPPORT != DISABLED)
249  #error X509_SECP521R1_SUPPORT parameter is not valid
250 #endif
251 
252 //brainpoolP160r1 elliptic curve support
253 #ifndef X509_BRAINPOOLP160R1_SUPPORT
254  #define X509_BRAINPOOLP160R1_SUPPORT DISABLED
255 #elif (X509_BRAINPOOLP160R1_SUPPORT != ENABLED && X509_BRAINPOOLP160R1_SUPPORT != DISABLED)
256  #error X509_BRAINPOOLP160R1_SUPPORT parameter is not valid
257 #endif
258 
259 //brainpoolP192r1 elliptic curve support
260 #ifndef X509_BRAINPOOLP192R1_SUPPORT
261  #define X509_BRAINPOOLP192R1_SUPPORT DISABLED
262 #elif (X509_BRAINPOOLP192R1_SUPPORT != ENABLED && X509_BRAINPOOLP192R1_SUPPORT != DISABLED)
263  #error X509_BRAINPOOLP192R1_SUPPORT parameter is not valid
264 #endif
265 
266 //brainpoolP224r1 elliptic curve support
267 #ifndef X509_BRAINPOOLP224R1_SUPPORT
268  #define X509_BRAINPOOLP224R1_SUPPORT DISABLED
269 #elif (X509_BRAINPOOLP224R1_SUPPORT != ENABLED && X509_BRAINPOOLP224R1_SUPPORT != DISABLED)
270  #error X509_BRAINPOOLP224R1_SUPPORT parameter is not valid
271 #endif
272 
273 //brainpoolP256r1 elliptic curve support
274 #ifndef X509_BRAINPOOLP256R1_SUPPORT
275  #define X509_BRAINPOOLP256R1_SUPPORT DISABLED
276 #elif (X509_BRAINPOOLP256R1_SUPPORT != ENABLED && X509_BRAINPOOLP256R1_SUPPORT != DISABLED)
277  #error X509_BRAINPOOLP256R1_SUPPORT parameter is not valid
278 #endif
279 
280 //brainpoolP320r1 elliptic curve support
281 #ifndef X509_BRAINPOOLP320R1_SUPPORT
282  #define X509_BRAINPOOLP320R1_SUPPORT DISABLED
283 #elif (X509_BRAINPOOLP320R1_SUPPORT != ENABLED && X509_BRAINPOOLP320R1_SUPPORT != DISABLED)
284  #error X509_BRAINPOOLP320R1_SUPPORT parameter is not valid
285 #endif
286 
287 //brainpoolP384r1 elliptic curve support
288 #ifndef X509_BRAINPOOLP384R1_SUPPORT
289  #define X509_BRAINPOOLP384R1_SUPPORT DISABLED
290 #elif (X509_BRAINPOOLP384R1_SUPPORT != ENABLED && X509_BRAINPOOLP384R1_SUPPORT != DISABLED)
291  #error X509_BRAINPOOLP384R1_SUPPORT parameter is not valid
292 #endif
293 
294 //brainpoolP512r1 elliptic curve support
295 #ifndef X509_BRAINPOOLP512R1_SUPPORT
296  #define X509_BRAINPOOLP512R1_SUPPORT DISABLED
297 #elif (X509_BRAINPOOLP512R1_SUPPORT != ENABLED && X509_BRAINPOOLP512R1_SUPPORT != DISABLED)
298  #error X509_BRAINPOOLP512R1_SUPPORT parameter is not valid
299 #endif
300 
301 //Ed25519 elliptic curve support
302 #ifndef X509_ED25519_SUPPORT
303  #define X509_ED25519_SUPPORT DISABLED
304 #elif (X509_ED25519_SUPPORT != ENABLED && X509_ED25519_SUPPORT != DISABLED)
305  #error X509_ED25519_SUPPORT parameter is not valid
306 #endif
307 
308 //Ed448 elliptic curve support
309 #ifndef X509_ED448_SUPPORT
310  #define X509_ED448_SUPPORT DISABLED
311 #elif (X509_ED448_SUPPORT != ENABLED && X509_ED448_SUPPORT != DISABLED)
312  #error X509_ED448_SUPPORT parameter is not valid
313 #endif
314 
315 //Minimum acceptable size for RSA modulus
316 #ifndef X509_MIN_RSA_MODULUS_SIZE
317  #define X509_MIN_RSA_MODULUS_SIZE 1024
318 #elif (X509_MIN_RSA_MODULUS_SIZE < 512)
319  #error X509_MIN_RSA_MODULUS_SIZE parameter is not valid
320 #endif
321 
322 //Maximum acceptable size for RSA modulus
323 #ifndef X509_MAX_RSA_MODULUS_SIZE
324  #define X509_MAX_RSA_MODULUS_SIZE 4096
325 #elif (X509_MAX_RSA_MODULUS_SIZE < X509_MIN_RSA_MODULUS_SIZE)
326  #error X509_MAX_RSA_MODULUS_SIZE parameter is not valid
327 #endif
328 
329 //Minimum acceptable size for DSA prime modulus
330 #ifndef X509_MIN_DSA_MODULUS_SIZE
331  #define X509_MIN_DSA_MODULUS_SIZE 1024
332 #elif (X509_MIN_DSA_MODULUS_SIZE < 512)
333  #error X509_MIN_DSA_MODULUS_SIZE parameter is not valid
334 #endif
335 
336 //Maximum acceptable size for DSA prime modulus
337 #ifndef X509_MAX_DSA_MODULUS_SIZE
338  #define X509_MAX_DSA_MODULUS_SIZE 4096
339 #elif (X509_MAX_DSA_MODULUS_SIZE < X509_MIN_DSA_MODULUS_SIZE)
340  #error X509_MAX_DSA_MODULUS_SIZE parameter is not valid
341 #endif
342 
343 //Default size of serial numbers
344 #ifndef X509_SERIAL_NUMBER_SIZE
345  #define X509_SERIAL_NUMBER_SIZE 20
346 #elif (X509_SERIAL_NUMBER_SIZE < 1)
347  #error X509_SERIAL_NUMBER_SIZE parameter is not valid
348 #endif
349 
350 //Maximum number of subject alternative names
351 #ifndef X509_MAX_SUBJECT_ALT_NAMES
352  #define X509_MAX_SUBJECT_ALT_NAMES 4
353 #elif (X509_MAX_SUBJECT_ALT_NAMES < 1)
354  #error X509_MAX_SUBJECT_ALT_NAMES parameter is not valid
355 #endif
356 
357 //Maximum number of certificate issuer names
358 #ifndef X509_MAX_CERT_ISSUER_NAMES
359  #define X509_MAX_CERT_ISSUER_NAMES 4
360 #elif (X509_MAX_CERT_ISSUER_NAMES < 1)
361  #error X509_MAX_CERT_ISSUER_NAMES parameter is not valid
362 #endif
363 
364 //Maximum number of custom extensions
365 #ifndef X509_MAX_CUSTOM_EXTENSIONS
366  #define X509_MAX_CUSTOM_EXTENSIONS 2
367 #elif (X509_MAX_CUSTOM_EXTENSIONS < 1)
368  #error X509_MAX_CUSTOM_EXTENSIONS parameter is not valid
369 #endif
370 
371 //Application specific extensions
372 #ifndef X509_PRIVATE_EXTENSIONS
373  #define X509_PRIVATE_EXTENSIONS
374 #endif
375 
376 //C++ guard
377 #ifdef __cplusplus
378 extern "C" {
379 #endif
380 
381 
382 /**
383  * @brief X.509 versions
384  **/
385 
386 typedef enum
387 {
391 } X509Version;
392 
393 
394 /**
395  * @brief Key usage
396  **/
397 
398 typedef enum
399 {
410 
411 
412 /**
413  * @brief Extended key usage
414  **/
415 
416 typedef enum
417 {
431  X509_EXT_KEY_USAGE_ANY = 0x00001FFF
433 
434 
435 /**
436  * @brief General name types
437  **/
438 
439 typedef enum
440 {
451 
452 
453 /**
454  * @brief Netscape certificate types
455  **/
456 
457 typedef enum
458 {
463 
464 
465 /**
466  * @brief Reason flags
467  **/
468 
469 typedef enum
470 {
481 
482 
483 /**
484  * @brief CRL reasons
485  **/
486 
487 typedef enum
488 {
500 
501 
502 /**
503  * @brief Public Key types
504  **/
505 
506 typedef enum
507 {
518 
519 
520 /**
521  * @brief Signature algorithms
522  **/
523 
524 typedef enum
525 {
534 
535 
536 /**
537  * @brief Hash algorithms
538  **/
539 
540 typedef enum
541 {
554 
555 
556 /**
557  * @brief Serial number
558  **/
559 
560 typedef struct
561 {
562  const uint8_t *data;
563  size_t length;
565 
566 
567 /**
568  * @brief Issuer or subject name
569  **/
570 
571 typedef struct
572 {
573  const uint8_t *rawData;
574  size_t rawDataLen;
577  const char_t *surname;
578  size_t surnameLen;
591  const char_t *title;
592  size_t titleLen;
593  const char_t *name;
594  size_t nameLen;
596  size_t givenNameLen;
597  const char_t *initials;
598  size_t initialsLen;
604  size_t pseudonymLen;
605 } X509Name;
606 
607 
608 /**
609  * @brief Name attribute
610  **/
611 
612 typedef struct
613 {
614  const uint8_t *type;
615  size_t typeLen;
616  const char_t *value;
617  size_t valueLen;
619 
620 
621 /**
622  * @brief Validity
623  **/
624 
625 typedef struct
626 {
629 } X509Validity;
630 
631 
632 /**
633  * @brief Algorithm identifier
634  **/
635 
636 typedef struct
637 {
638  const uint8_t *oid;
639  size_t oidLen;
640  const uint8_t *params;
641  size_t paramsLen;
642 } X509AlgoId;
643 
644 
645 /**
646  * @brief RSA public key
647  **/
648 
649 typedef struct
650 {
651  const uint8_t *n;
652  size_t nLen;
653  const uint8_t *e;
654  size_t eLen;
656 
657 
658 /**
659  * @brief DSA domain parameters
660  **/
661 
662 typedef struct
663 {
664  const uint8_t *p;
665  size_t pLen;
666  const uint8_t *q;
667  size_t qLen;
668  const uint8_t *g;
669  size_t gLen;
671 
672 
673 /**
674  * @brief DSA public key
675  **/
676 
677 typedef struct
678 {
679  const uint8_t *y;
680  size_t yLen;
682 
683 
684 /**
685  * @brief EC parameters
686  **/
687 
688 typedef struct
689 {
690  const uint8_t *namedCurve;
693 
694 
695 /**
696  * @brief EC public key
697  **/
698 
699 typedef struct
700 {
701  const uint8_t *q;
702  size_t qLen;
704 
705 
706 /**
707  * @brief Subject public key information
708  **/
709 
710 typedef struct
711 {
712  const uint8_t *rawData;
713  size_t rawDataLen;
714  const uint8_t *oid;
715  size_t oidLen;
716 #if (RSA_SUPPORT == ENABLED)
718 #endif
719 #if (DSA_SUPPORT == ENABLED)
722 #endif
723 #if (EC_SUPPORT == ENABLED || ED25519_SUPPORT == ENABLED || ED448_SUPPORT == ENABLED)
726 #endif
728 
729 
730 /**
731  * @brief Basic constraints
732  **/
733 
734 typedef struct
735 {
740 
741 
742 /**
743  * @brief Name constraints
744  **/
745 
746 typedef struct
747 {
749  const uint8_t *permittedSubtrees;
751  const uint8_t *excludedSubtrees;
754 
755 
756 /**
757  * @brief Key usage
758  **/
759 
760 typedef struct
761 {
763  uint16_t bitmap;
764 } X509KeyUsage;
765 
766 
767 /**
768  * @brief Extended key usage
769  **/
770 
771 typedef struct
772 {
774  uint16_t bitmap;
776 
777 
778 /**
779  * @brief General name
780  **/
781 
782 typedef struct
783 {
785  const char_t *value;
786  size_t length;
788 
789 
790 /**
791  * @brief Subject alternative name
792  **/
793 
794 typedef struct
795 {
797  const uint8_t *rawData;
798  size_t rawDataLen;
802 
803 
804 /**
805  * @brief Subject key identifier
806  **/
807 
808 typedef struct
809 {
811  const uint8_t *value;
812  size_t length;
814 
815 
816 /**
817  * @brief Authority key identifier
818  **/
819 
820 typedef struct
821 {
823  const uint8_t *keyId;
824  size_t keyIdLen;
826 
827 
828 /**
829  * @brief Netscape certificate type
830  **/
831 
832 typedef struct
833 {
835  uint8_t bitmap;
837 
838 
839 /**
840  * @brief X.509 certificate extension
841  **/
842 
843 typedef struct
844 {
845  const uint8_t *oid;
846  size_t oidLen;
848  const uint8_t *value;
849  size_t valueLen;
850 } X509Extension;
851 
852 
853 /**
854  * @brief X.509 certificate extensions
855  **/
856 
857 typedef struct
858 {
859  const uint8_t *rawData;
860  size_t rawDataLen;
873 
874 
875 /**
876  * @brief RSASSA-PSS parameters
877  **/
878 
879 typedef struct
880 {
881  const uint8_t *hashAlgo;
882  size_t hashAlgoLen;
883  const uint8_t *maskGenAlgo;
885  const uint8_t *maskGenHashAlgo;
887  size_t saltLen;
889 
890 
891 /**
892  * @brief Signature algorithm identifier
893  **/
894 
895 typedef struct
896 {
897  const uint8_t *oid;
898  size_t oidLen;
899 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
901 #endif
903 
904 
905 /**
906  * @brief Signature value
907  **/
908 
909 typedef struct
910 {
911  const uint8_t *data;
912  size_t length;
914 
915 
916 /**
917  * @brief TBSCertificate structure
918  **/
919 
920 typedef struct
921 {
922  const uint8_t *rawData;
923  size_t rawDataLen;
933 
934 
935 /**
936  * @brief X.509 certificate
937  **/
938 
939 typedef struct
940 {
945 
946 
947 /**
948  * @brief CRL reason
949  **/
950 
951 typedef struct
952 {
954  uint8_t value;
955 } X509CrlReason;
956 
957 
958 /**
959  * @brief Invalidity date
960  **/
961 
962 typedef struct
963 {
967 
968 
969 /**
970  * @brief Certificate issuer
971  **/
972 
973 typedef struct
974 {
976  const uint8_t *rawData;
977  size_t rawDataLen;
981 
982 
983 /**
984  * @brief CRL extensions
985  **/
986 
987 typedef struct
988 {
989  const uint8_t *rawData;
990  size_t rawDataLen;
995 
996 
997 /**
998  * @brief Revoked certificate
999  **/
1000 
1001 typedef struct
1002 {
1007 
1008 
1009 /**
1010  * @brief CRL number
1011  **/
1012 
1013 typedef struct
1014 {
1016  const uint8_t *value;
1017  size_t length;
1018 } X509CrlNumber;
1019 
1020 
1021 /**
1022  * @brief Delta CRL indicator
1023  **/
1024 
1025 typedef struct
1026 {
1028  const uint8_t *baseCrlNumber;
1031 
1032 
1033 /**
1034  * @brief Distribution point name
1035  **/
1036 
1037 typedef struct
1038 {
1040  const uint8_t *fullName;
1041  size_t fullNameLen;
1042  const uint8_t *nameRelativeToCrlIssuer;
1045 
1046 
1047 /**
1048  * @brief Issuing distribution point
1049  **/
1050 
1051 typedef struct
1052 {
1061 
1062 
1063 /**
1064  * @brief CRL extensions
1065  **/
1066 
1067 typedef struct
1068 {
1069  const uint8_t *rawData;
1070  size_t rawDataLen;
1076 
1077 
1078 /**
1079  * @brief TBSCertList structure
1080  **/
1081 
1082 typedef struct
1083 {
1084  const uint8_t *rawData;
1085  size_t rawDataLen;
1091  const uint8_t *revokedCerts;
1094 } X509TbsCertList;
1095 
1096 
1097 /**
1098  * @brief CRL (Certificate Revocation List)
1099  **/
1100 
1101 typedef struct
1102 {
1106 } X509CrlInfo;
1107 
1108 
1109 /**
1110  * @brief PKCS #9 ChallengePassword attribute
1111  **/
1112 
1113 typedef struct
1114 {
1115  const char_t *value;
1116  size_t length;
1118 
1119 
1120 /**
1121  * @brief CSR attribute
1122  **/
1123 
1124 typedef struct
1125 {
1126  const uint8_t *oid;
1127  size_t oidLen;
1128  const uint8_t *value;
1129  size_t valueLen;
1130 } X509Attribute;
1131 
1132 
1133 /**
1134  * @brief CSR attributes
1135  **/
1136 
1137 typedef struct
1138 {
1139  const uint8_t *rawData;
1140  size_t rawDataLen;
1143 } X509Attributes;
1144 
1145 
1146 /**
1147  * @brief CertificationRequestInfo structure
1148  **/
1149 
1150 typedef struct
1151 {
1152  const uint8_t *rawData;
1153  size_t rawDataLen;
1159 
1160 
1161 /**
1162  * @brief CSR (Certificate Signing Request)
1163  **/
1164 
1165 typedef struct
1166 {
1170 } X509CsrInfo;
1171 
1172 
1173 //X.509 related constants
1174 extern const uint8_t X509_COMMON_NAME_OID[3];
1175 extern const uint8_t X509_SURNAME_OID[3];
1176 extern const uint8_t X509_SERIAL_NUMBER_OID[3];
1177 extern const uint8_t X509_COUNTRY_NAME_OID[3];
1178 extern const uint8_t X509_LOCALITY_NAME_OID[3];
1179 extern const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[3];
1180 extern const uint8_t X509_ORGANIZATION_NAME_OID[3];
1181 extern const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3];
1182 extern const uint8_t X509_TITLE_OID[3];
1183 extern const uint8_t X509_NAME_OID[3];
1184 extern const uint8_t X509_GIVEN_NAME_OID[3];
1185 extern const uint8_t X509_INITIALS_OID[3];
1186 extern const uint8_t X509_GENERATION_QUALIFIER_OID[3];
1187 extern const uint8_t X509_DN_QUALIFIER_OID[3];
1188 extern const uint8_t X509_PSEUDONYM_OID[3];
1189 
1190 extern const uint8_t X509_SUBJECT_DIR_ATTR_OID[3];
1191 extern const uint8_t X509_SUBJECT_KEY_ID_OID[3];
1192 extern const uint8_t X509_KEY_USAGE_OID[3];
1193 extern const uint8_t X509_SUBJECT_ALT_NAME_OID[3];
1194 extern const uint8_t X509_ISSUER_ALT_NAME_OID[3];
1195 extern const uint8_t X509_BASIC_CONSTRAINTS_OID[3];
1196 extern const uint8_t X509_CRL_NUMBER_OID[3];
1197 extern const uint8_t X509_REASON_CODE_OID[3];
1198 extern const uint8_t X509_INVALIDITY_DATE_OID[3];
1199 extern const uint8_t X509_DELTA_CRL_INDICATOR_OID[3];
1200 extern const uint8_t X509_ISSUING_DISTR_POINT_OID[3];
1201 extern const uint8_t X509_CERTIFICATE_ISSUER_OID[3];
1202 extern const uint8_t X509_NAME_CONSTRAINTS_OID[3];
1203 extern const uint8_t X509_CRL_DISTR_POINTS_OID[3];
1204 extern const uint8_t X509_CERTIFICATE_POLICIES_OID[3];
1205 extern const uint8_t X509_POLICY_MAPPINGS_OID[3];
1206 extern const uint8_t X509_AUTHORITY_KEY_ID_OID[3];
1207 extern const uint8_t X509_POLICY_CONSTRAINTS_OID[3];
1208 extern const uint8_t X509_EXTENDED_KEY_USAGE_OID[3];
1209 extern const uint8_t X509_FRESHEST_CRL_OID[3];
1210 extern const uint8_t X509_INHIBIT_ANY_POLICY_OID[3];
1211 
1212 extern const uint8_t X509_NS_CERT_TYPE_OID[9];
1213 
1214 extern const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4];
1215 extern const uint8_t X509_KP_SERVER_AUTH_OID[8];
1216 extern const uint8_t X509_KP_CLIENT_AUTH_OID[8];
1217 extern const uint8_t X509_KP_CODE_SIGNING_OID[8];
1218 extern const uint8_t X509_KP_EMAIL_PROTECTION_OID[8];
1219 extern const uint8_t X509_KP_IPSEC_END_SYSTEM_OID[8];
1220 extern const uint8_t X509_KP_IPSEC_TUNNEL_OID[8];
1221 extern const uint8_t X509_KP_IPSEC_USER_OID[8];
1222 extern const uint8_t X509_KP_TIME_STAMPING_OID[8];
1223 extern const uint8_t X509_KP_OCSP_SIGNING_OID[8];
1224 extern const uint8_t X509_KP_IPSEC_IKE_OID[8];
1225 extern const uint8_t X509_KP_SSH_CLIENT_OID[8];
1226 extern const uint8_t X509_KP_SSH_SERVER_OID[8];
1227 extern const uint8_t X509_KP_DOC_SIGNING_OID[8];
1228 
1229 extern const uint8_t X509_CHALLENGE_PASSWORD_OID[9];
1230 extern const uint8_t X509_EXTENSION_REQUEST_OID[9];
1231 
1232 //X.509 related functions
1235 
1237  X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo);
1238 
1239 X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length);
1240 const EcCurveInfo *x509GetCurveInfo(const uint8_t *oid, size_t length);
1241 
1242 //C++ guard
1243 #ifdef __cplusplus
1244 }
1245 #endif
1246 
1247 #endif
@ X509_GENERAL_NAME_TYPE_REGISTERED_ID
Definition: x509_common.h:449
uint8_t length
Definition: coap_common.h:193
X509Validity validity
Definition: x509_common.h:928
const uint8_t X509_KP_SERVER_AUTH_OID[8]
Definition: x509_common.c:125
@ X509_GENERAL_NAME_TYPE_X400_ADDRESS
Definition: x509_common.h:444
@ X509_KEY_TYPE_RSA
Definition: x509_common.h:509
@ X509_EXT_KEY_USAGE_ANY
Definition: x509_common.h:431
Date and time management.
const uint8_t * maskGenHashAlgo
Definition: x509_common.h:885
CRL extensions.
Definition: x509_common.h:988
const uint8_t * rawData
Definition: x509_common.h:976
const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3]
Definition: x509_common.c:60
const uint8_t * oid
Definition: x509_common.h:714
@ X509_EXT_KEY_USAGE_SSH_CLIENT
Definition: x509_common.h:428
X509AuthorityKeyId authKeyId
Definition: x509_common.h:867
const uint8_t * oid
Definition: x509_common.h:897
X509GeneralNameType type
Definition: x509_common.h:784
@ X509_NS_CERT_TYPE_SSL_SERVER
Definition: x509_common.h:460
@ X509_EXT_KEY_USAGE_IPSEC_IKE
Definition: x509_common.h:427
int bool_t
Definition: compiler_port.h:53
const uint8_t * q
Definition: x509_common.h:666
const uint8_t X509_INHIBIT_ANY_POLICY_OID[3]
Definition: x509_common.c:117
const char_t * stateOrProvinceName
Definition: x509_common.h:585
const uint8_t X509_KEY_USAGE_OID[3]
Definition: x509_common.c:81
X509ReasonFlags
Reason flags.
Definition: x509_common.h:470
X509SignatureValue signatureValue
Definition: x509_common.h:1169
@ X509_CRL_REASON_CA_COMPROMISE
Definition: x509_common.h:491
const char_t * localityName
Definition: x509_common.h:583
size_t permittedSubtreesLen
Definition: x509_common.h:750
const uint8_t * maskGenAlgo
Definition: x509_common.h:883
TBSCertificate structure.
Definition: x509_common.h:921
signed int int_t
Definition: compiler_port.h:49
const uint8_t * data
Definition: x509_common.h:911
const uint8_t * type
Definition: x509_common.h:614
@ X509_KEY_TYPE_X448
Definition: x509_common.h:515
const uint8_t * params
Definition: x509_common.h:640
Signature algorithm identifier.
Definition: x509_common.h:896
X509Extensions extensions
Definition: x509_common.h:931
const uint8_t * rawData
Definition: x509_common.h:859
X509DsaPublicKey dsaPublicKey
Definition: x509_common.h:721
@ X509_REASON_FLAGS_PRIVILEGE_WITHDRAWN
Definition: x509_common.h:478
const uint8_t X509_EXTENDED_KEY_USAGE_OID[3]
Definition: x509_common.c:113
ECDSA (Elliptic Curve Digital Signature Algorithm)
const uint8_t X509_KP_SSH_CLIENT_OID[8]
Definition: x509_common.c:145
Validity.
Definition: x509_common.h:626
X509KeyUsage keyUsage
Definition: x509_common.h:863
const uint8_t * keyId
Definition: x509_common.h:823
size_t pseudonymLen
Definition: x509_common.h:604
X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length)
Get the public key type that matches the specified OID.
Definition: x509_common.c:772
const uint8_t X509_POLICY_CONSTRAINTS_OID[3]
Definition: x509_common.c:111
size_t rawDataLen
Definition: x509_common.h:574
const uint8_t * fullName
Definition: x509_common.h:1040
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:900
@ X509_REASON_FLAGS_AFFILIATION_CHANGED
Definition: x509_common.h:474
bool_t critical
Definition: x509_common.h:847
const char_t * initials
Definition: x509_common.h:597
const uint8_t X509_CHALLENGE_PASSWORD_OID[9]
Definition: x509_common.c:152
const uint8_t X509_ORGANIZATION_NAME_OID[3]
Definition: x509_common.c:58
const uint8_t X509_KP_CODE_SIGNING_OID[8]
Definition: x509_common.c:129
X.509 certificate.
Definition: x509_common.h:940
size_t valueLen
Definition: x509_common.h:849
const uint8_t * value
Definition: x509_common.h:848
X509EcParameters ecParams
Definition: x509_common.h:724
const char_t * value
Definition: x509_common.h:1115
@ X509_GENERAL_NAME_TYPE_RFC822
Definition: x509_common.h:442
X509ExtendedKeyUsage extKeyUsage
Definition: x509_common.h:864
const uint8_t X509_KP_OCSP_SIGNING_OID[8]
Definition: x509_common.c:141
X509NsCertType nsCertType
Definition: x509_common.h:868
bool_t critical
Definition: x509_common.h:953
const uint8_t X509_DN_QUALIFIER_OID[3]
Definition: x509_common.c:72
@ X509_KEY_USAGE_DATA_ENCIPHERMENT
Definition: x509_common.h:403
@ X509_GENERAL_NAME_TYPE_URI
Definition: x509_common.h:447
#define X509_PRIVATE_EXTENSIONS
Definition: x509_common.h:373
@ X509_EXT_KEY_USAGE_IPSEC_USER
Definition: x509_common.h:424
X509Extensions extensionReq
Definition: x509_common.h:1142
const uint8_t X509_SUBJECT_DIR_ATTR_OID[3]
Definition: x509_common.c:77
size_t rawDataLen
Definition: x509_common.h:860
const uint8_t X509_SUBJECT_ALT_NAME_OID[3]
Definition: x509_common.c:83
@ X509_VERSION_1
Definition: x509_common.h:388
const uint8_t * q
Definition: x509_common.h:701
@ X509_EXT_KEY_USAGE_CLIENT_AUTH
Definition: x509_common.h:419
CRL (Certificate Revocation List)
Definition: x509_common.h:1102
@ X509_EXT_KEY_USAGE_SSH_SERVER
Definition: x509_common.h:429
@ X509_EXT_KEY_USAGE_IPSEC_END_SYSTEM
Definition: x509_common.h:422
Invalidity date.
Definition: x509_common.h:963
const uint8_t * rawData
Definition: x509_common.h:1084
const uint8_t X509_GIVEN_NAME_OID[3]
Definition: x509_common.c:66
const uint8_t X509_SERIAL_NUMBER_OID[3]
Definition: x509_common.c:50
const uint8_t * rawData
Definition: x509_common.h:922
error_t x509GetSignHashAlgo(const X509SignatureAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
Definition: x509_common.c:330
const uint8_t X509_AUTHORITY_KEY_ID_OID[3]
Definition: x509_common.c:109
#define X509_MAX_SUBJECT_ALT_NAMES
Definition: x509_common.h:352
@ X509_CRL_REASON_AA_COMPROMISE
Definition: x509_common.h:498
@ X509_KEY_USAGE_ENCIPHER_ONLY
Definition: x509_common.h:407
Subject key identifier.
Definition: x509_common.h:809
@ X509_GENERAL_NAME_TYPE_DIRECTORY
Definition: x509_common.h:445
uint8_t oid[]
Definition: lldp_tlv.h:298
X509DeltaCrlIndicator deltaCrlIndicator
Definition: x509_common.h:1072
const uint8_t X509_NAME_OID[3]
Definition: x509_common.c:64
@ X509_CRL_REASON_SUPERSEDED
Definition: x509_common.h:493
EC public key.
Definition: x509_common.h:700
const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4]
Definition: x509_common.c:123
@ X509_CRL_REASON_AFFILIATION_CHANGED
Definition: x509_common.h:492
Distribution point name.
Definition: x509_common.h:1038
@ X509_GENERAL_NAME_TYPE_EDI_PARTY
Definition: x509_common.h:446
const EcCurveInfo * x509GetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: x509_common.c:853
X509CrlReasons
CRL reasons.
Definition: x509_common.h:488
size_t oidLen
Definition: x509_common.h:639
@ X509_KEY_TYPE_EC
Definition: x509_common.h:512
X509SubjectPublicKeyInfo subjectPublicKeyInfo
Definition: x509_common.h:1156
const uint8_t * rawData
Definition: x509_common.h:797
DateTime notAfter
Definition: x509_common.h:628
Certificate issuer.
Definition: x509_common.h:974
X509SignatureAlgo
Signature algorithms.
Definition: x509_common.h:525
@ X509_KEY_USAGE_NON_REPUDIATION
Definition: x509_common.h:401
Elliptic curve parameters.
Definition: ec_curves.h:293
const uint8_t X509_DELTA_CRL_INDICATOR_OID[3]
Definition: x509_common.c:95
General name.
Definition: x509_common.h:783
bool_t critical
Definition: x509_common.h:762
const uint8_t * permittedSubtrees
Definition: x509_common.h:749
size_t surnameLen
Definition: x509_common.h:578
const uint8_t * value
Definition: x509_common.h:1016
X509CrlNumber crlNumber
Definition: x509_common.h:1071
@ X509_GENERAL_NAME_TYPE_DNS
Definition: x509_common.h:443
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:926
error_t
Error codes.
Definition: error.h:43
size_t paramsLen
Definition: x509_common.h:641
const uint8_t * rawData
Definition: x509_common.h:989
const uint8_t * n
Definition: x509_common.h:651
EC parameters.
Definition: x509_common.h:689
size_t nameRelativeToCrlIssuerLen
Definition: x509_common.h:1043
const uint8_t X509_POLICY_MAPPINGS_OID[3]
Definition: x509_common.c:107
const uint8_t X509_REASON_CODE_OID[3]
Definition: x509_common.c:91
const uint8_t * g
Definition: x509_common.h:668
const uint8_t X509_CRL_NUMBER_OID[3]
Definition: x509_common.c:89
Name attribute.
Definition: x509_common.h:613
Extended key usage.
Definition: x509_common.h:772
X509BasicConstraints basicConstraints
Definition: x509_common.h:861
RSA public key.
Definition: x509_common.h:650
X509Version
X.509 versions.
Definition: x509_common.h:387
const uint8_t * rawData
Definition: x509_common.h:712
@ X509_KEY_USAGE_DECIPHER_ONLY
Definition: x509_common.h:408
X509InvalidityDate invalidityDate
Definition: x509_common.h:992
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:1168
X509Version version
Definition: x509_common.h:924
X509CrlEntryExtensions crlEntryExtensions
Definition: x509_common.h:1005
size_t serialNumberLen
Definition: x509_common.h:580
size_t nameLen
Definition: x509_common.h:594
@ X509_SIGN_ALGO_ECDSA
Definition: x509_common.h:530
@ X509_CRL_REASON_CESSATION_OF_OPERATION
Definition: x509_common.h:494
@ X509_HASH_ALGO_NONE
Definition: x509_common.h:542
CSR attribute.
Definition: x509_common.h:1125
TBSCertList structure.
Definition: x509_common.h:1083
const uint8_t X509_TITLE_OID[3]
Definition: x509_common.c:62
uint8_t value
Definition: x509_common.h:954
size_t excludedSubtreesLen
Definition: x509_common.h:752
const uint8_t X509_NAME_CONSTRAINTS_OID[3]
Definition: x509_common.c:101
@ X509_REASON_FLAGS_CERTIFICATE_HOLD
Definition: x509_common.h:477
X509RsaPublicKey rsaPublicKey
Definition: x509_common.h:717
@ X509_KEY_USAGE_KEY_AGREEMENT
Definition: x509_common.h:404
X509SignatureValue signatureValue
Definition: x509_common.h:943
@ X509_REASON_FLAGS_CA_COMPROMISE
Definition: x509_common.h:473
const uint8_t * nameRelativeToCrlIssuer
Definition: x509_common.h:1042
EdDSA (Edwards-Curve Digital Signature Algorithm)
@ X509_VERSION_3
Definition: x509_common.h:390
X.509 certificate extension.
Definition: x509_common.h:844
const uint8_t * e
Definition: x509_common.h:653
@ X509_HASH_ALGO_SHA1
Definition: x509_common.h:544
size_t titleLen
Definition: x509_common.h:592
const char_t * name
Definition: x509_common.h:593
General definitions for cryptographic algorithms.
X509Version version
Definition: x509_common.h:1154
X509CertRequestInfo certReqInfo
Definition: x509_common.h:1167
RSA public-key cryptography standard.
X509SerialNumber serialNumber
Definition: x509_common.h:925
@ X509_HASH_ALGO_SHA3_224
Definition: x509_common.h:549
size_t rawDataLen
Definition: x509_common.h:990
DSA (Digital Signature Algorithm)
size_t revokedCertsLen
Definition: x509_common.h:1092
@ X509_REASON_FLAGS_AA_COMPROMISE
Definition: x509_common.h:479
const uint8_t X509_KP_EMAIL_PROTECTION_OID[8]
Definition: x509_common.c:131
@ X509_KEY_TYPE_RSA_PSS
Definition: x509_common.h:510
@ X509_EXT_KEY_USAGE_SERVER_AUTH
Definition: x509_common.h:418
X509DsaParameters dsaParams
Definition: x509_common.h:720
Date and time representation.
Definition: date_time.h:47
@ X509_KEY_USAGE_DIGITAL_SIGNATURE
Definition: x509_common.h:400
#define X509_MAX_CUSTOM_EXTENSIONS
Definition: x509_common.h:366
const uint8_t * rawData
Definition: x509_common.h:573
const uint8_t * rawData
Definition: x509_common.h:1069
const uint8_t * excludedSubtrees
Definition: x509_common.h:751
@ X509_HASH_ALGO_SHA224
Definition: x509_common.h:545
size_t namedCurveLen
Definition: x509_common.h:691
Revoked certificate.
Definition: x509_common.h:1002
const uint8_t X509_CRL_DISTR_POINTS_OID[3]
Definition: x509_common.c:103
@ X509_CRL_REASON_CERTIFICATE_HOLD
Definition: x509_common.h:495
Signature value.
Definition: x509_common.h:910
uint16_t bitmap
Definition: x509_common.h:763
const uint8_t * oid
Definition: x509_common.h:1126
X509TbsCertList tbsCertList
Definition: x509_common.h:1103
X509HashAlgo
Hash algorithms.
Definition: x509_common.h:541
CertificationRequestInfo structure.
Definition: x509_common.h:1151
X509CrlExtensions crlExtensions
Definition: x509_common.h:1093
X509SubjectAltName subjectAltName
Definition: x509_common.h:865
Subject alternative name.
Definition: x509_common.h:795
@ X509_EXT_KEY_USAGE_DOC_SIGNING
Definition: x509_common.h:430
const uint8_t X509_KP_IPSEC_TUNNEL_OID[8]
Definition: x509_common.c:135
@ X509_SIGN_ALGO_RSA
Definition: x509_common.h:527
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:1087
const uint8_t X509_INVALIDITY_DATE_OID[3]
Definition: x509_common.c:93
const uint8_t X509_KP_IPSEC_IKE_OID[8]
Definition: x509_common.c:143
#define X509_MAX_CERT_ISSUER_NAMES
Definition: x509_common.h:359
const uint8_t * oid
Definition: x509_common.h:638
@ X509_EXT_KEY_USAGE_TIME_STAMPING
Definition: x509_common.h:425
X509KeyUsageBitmap
Key usage.
Definition: x509_common.h:399
const char_t * value
Definition: x509_common.h:616
const uint8_t X509_KP_TIME_STAMPING_OID[8]
Definition: x509_common.c:139
Netscape certificate type.
Definition: x509_common.h:833
@ X509_EXT_KEY_USAGE_IPSEC_TUNNEL
Definition: x509_common.h:423
@ X509_NS_CERT_TYPE_SSL_CLIENT
Definition: x509_common.h:459
size_t dnQualifierLen
Definition: x509_common.h:602
const char_t * value
Definition: x509_common.h:785
bool_t onlyContainsAttributeCerts
Definition: x509_common.h:1059
@ X509_HASH_ALGO_SHA3_512
Definition: x509_common.h:552
size_t localityNameLen
Definition: x509_common.h:584
const uint8_t * data
Definition: x509_common.h:562
const char_t * title
Definition: x509_common.h:591
size_t givenNameLen
Definition: x509_common.h:596
char char_t
Definition: compiler_port.h:48
@ X509_HASH_ALGO_MD5
Definition: x509_common.h:543
@ X509_VERSION_2
Definition: x509_common.h:389
X509IssuingDistrPoint issuingDistrPoint
Definition: x509_common.h:1073
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
Definition: x509_common.c:231
const char_t * commonName
Definition: x509_common.h:575
@ X509_REASON_FLAGS_SUPERSEDED
Definition: x509_common.h:475
const uint8_t X509_ISSUER_ALT_NAME_OID[3]
Definition: x509_common.c:85
uint_t numCustomExtensions
Definition: x509_common.h:869
X509ExtKeyUsageBitmap
Extended key usage.
Definition: x509_common.h:417
DateTime notBefore
Definition: x509_common.h:627
size_t initialsLen
Definition: x509_common.h:598
@ X509_SIGN_ALGO_RSA_PSS
Definition: x509_common.h:528
const uint8_t X509_LOCALITY_NAME_OID[3]
Definition: x509_common.c:54
const uint8_t X509_SURNAME_OID[3]
Definition: x509_common.c:48
size_t commonNameLen
Definition: x509_common.h:576
@ X509_KEY_TYPE_ED448
Definition: x509_common.h:516
@ X509_HASH_ALGO_SHA3_256
Definition: x509_common.h:550
@ X509_HASH_ALGO_SHA3_384
Definition: x509_common.h:551
const uint8_t X509_PSEUDONYM_OID[3]
Definition: x509_common.c:74
const uint8_t X509_KP_CLIENT_AUTH_OID[8]
Definition: x509_common.c:127
Issuer or subject name.
Definition: x509_common.h:572
X509CertificateIssuer certIssuer
Definition: x509_common.h:993
Subject public key information.
Definition: x509_common.h:711
@ X509_CRL_REASON_KEY_COMPROMISE
Definition: x509_common.h:490
@ X509_HASH_ALGO_SHA512
Definition: x509_common.h:548
const uint8_t * oid
Definition: x509_common.h:845
const uint8_t X509_COMMON_NAME_OID[3]
Definition: x509_common.c:46
X509SignatureValue signatureValue
Definition: x509_common.h:1105
CRL extensions.
Definition: x509_common.h:1068
DSA domain parameters.
Definition: x509_common.h:663
const uint8_t X509_KP_IPSEC_END_SYSTEM_OID[8]
Definition: x509_common.c:133
X509CrlReason reasonCode
Definition: x509_common.h:991
@ X509_KEY_TYPE_DSA
Definition: x509_common.h:511
@ X509_REASON_FLAGS_KEY_COMPROMISE
Definition: x509_common.h:472
size_t generationQualifierLen
Definition: x509_common.h:600
X509DistrPointName distributionPoint
Definition: x509_common.h:1054
const uint8_t * revokedCerts
Definition: x509_common.h:1091
const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[3]
Definition: x509_common.c:56
const char_t * generationQualifier
Definition: x509_common.h:599
CRL reason.
Definition: x509_common.h:952
@ X509_REASON_FLAGS_CESSATION_OF_OPERATION
Definition: x509_common.h:476
Basic constraints.
Definition: x509_common.h:735
CSR attributes.
Definition: x509_common.h:1138
@ X509_NS_CERT_TYPE_SSL_CA
Definition: x509_common.h:461
Delta CRL indicator.
Definition: x509_common.h:1026
@ X509_HASH_ALGO_SHA384
Definition: x509_common.h:547
const uint8_t X509_NS_CERT_TYPE_OID[9]
Definition: x509_common.c:120
DateTime thisUpdate
Definition: x509_common.h:1089
const uint8_t X509_CERTIFICATE_ISSUER_OID[3]
Definition: x509_common.c:99
@ X509_HASH_ALGO_SHA256
Definition: x509_common.h:546
const uint8_t X509_SUBJECT_KEY_ID_OID[3]
Definition: x509_common.c:79
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:1104
const char_t * countryName
Definition: x509_common.h:581
const uint8_t X509_EXTENSION_REQUEST_OID[9]
Definition: x509_common.c:154
RSASSA-PSS parameters.
Definition: x509_common.h:880
@ X509_EXT_KEY_USAGE_OCSP_SIGNING
Definition: x509_common.h:426
Name constraints.
Definition: x509_common.h:747
X.509 certificate extensions.
Definition: x509_common.h:858
const uint8_t X509_ISSUING_DISTR_POINT_OID[3]
Definition: x509_common.c:97
X509NameConstraints nameConstraints
Definition: x509_common.h:862
const uint8_t X509_INITIALS_OID[3]
Definition: x509_common.c:68
const uint8_t X509_KP_DOC_SIGNING_OID[8]
Definition: x509_common.c:149
size_t countryNameLen
Definition: x509_common.h:582
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:942
const uint8_t X509_COUNTRY_NAME_OID[3]
Definition: x509_common.c:52
@ X509_EXT_KEY_USAGE_CODE_SIGNING
Definition: x509_common.h:420
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
Definition: x509_common.c:163
Common interface for hash algorithms.
Definition: crypto.h:958
CRL number.
Definition: x509_common.h:1014
const uint8_t * value
Definition: x509_common.h:811
@ X509_KEY_TYPE_UNKNOWN
Definition: x509_common.h:508
@ X509_CRL_REASON_PRIVILEGE_WITHDRAWN
Definition: x509_common.h:497
@ X509_CRL_REMOVE_FROM_CRL
Definition: x509_common.h:496
const uint8_t * p
Definition: x509_common.h:664
X509SerialNumber userCert
Definition: x509_common.h:1003
const uint8_t * y
Definition: x509_common.h:679
@ X509_GENERAL_NAME_TYPE_OTHER
Definition: x509_common.h:441
X509ChallengePassword challengePwd
Definition: x509_common.h:1141
@ X509_CRL_REASON_UNSPECIFIED
Definition: x509_common.h:489
const char_t * givenName
Definition: x509_common.h:595
const uint8_t X509_KP_SSH_SERVER_OID[8]
Definition: x509_common.c:147
Serial number.
Definition: x509_common.h:561
size_t organizationNameLen
Definition: x509_common.h:588
@ X509_REASON_FLAGS_UNUSED
Definition: x509_common.h:471
@ X509_SIGN_ALGO_ED25519
Definition: x509_common.h:531
unsigned int uint_t
Definition: compiler_port.h:50
Issuing distribution point.
Definition: x509_common.h:1052
DateTime nextUpdate
Definition: x509_common.h:1090
const uint8_t X509_FRESHEST_CRL_OID[3]
Definition: x509_common.c:115
uint8_t bitmap
Definition: x509_common.h:835
@ X509_KEY_TYPE_ED25519
Definition: x509_common.h:514
@ X509_GENERAL_NAME_TYPE_IP_ADDRESS
Definition: x509_common.h:448
@ X509_KEY_USAGE_KEY_ENCIPHERMENT
Definition: x509_common.h:402
const uint8_t X509_BASIC_CONSTRAINTS_OID[3]
Definition: x509_common.c:87
X509KeyType
Public Key types.
Definition: x509_common.h:507
X509EcPublicKey ecPublicKey
Definition: x509_common.h:725
X509SubjectPublicKeyInfo subjectPublicKeyInfo
Definition: x509_common.h:930
const uint8_t * rawData
Definition: x509_common.h:1139
const char_t * serialNumber
Definition: x509_common.h:579
DSA public key.
Definition: x509_common.h:678
const uint8_t X509_KP_IPSEC_USER_OID[8]
Definition: x509_common.c:137
X509GeneralNameType
General name types.
Definition: x509_common.h:440
X509SubjectKeyId subjectKeyId
Definition: x509_common.h:866
X509Version version
Definition: x509_common.h:1086
CSR (Certificate Signing Request)
Definition: x509_common.h:1166
size_t stateOrProvinceNameLen
Definition: x509_common.h:586
@ X509_SIGN_ALGO_NONE
Definition: x509_common.h:526
const char_t * surname
Definition: x509_common.h:577
const char_t * dnQualifier
Definition: x509_common.h:601
X509AuthorityKeyId authKeyId
Definition: x509_common.h:1074
const uint8_t * value
Definition: x509_common.h:1128
X509Attributes attributes
Definition: x509_common.h:1157
@ X509_EXT_KEY_USAGE_EMAIL_PROTECTION
Definition: x509_common.h:421
Authority key identifier.
Definition: x509_common.h:821
const uint8_t * namedCurve
Definition: x509_common.h:690
@ X509_KEY_USAGE_CRL_SIGN
Definition: x509_common.h:406
const char_t * pseudonym
Definition: x509_common.h:603
PKCS #9 ChallengePassword attribute.
Definition: x509_common.h:1114
const uint8_t * baseCrlNumber
Definition: x509_common.h:1028
X509TbsCertificate tbsCert
Definition: x509_common.h:941
X509NsCertTypeBitmap
Netscape certificate types.
Definition: x509_common.h:458
Algorithm identifier.
Definition: x509_common.h:637
const char_t * organizationName
Definition: x509_common.h:587
const uint8_t * rawData
Definition: x509_common.h:1152
@ X509_KEY_TYPE_X25519
Definition: x509_common.h:513
@ X509_SIGN_ALGO_DSA
Definition: x509_common.h:529
size_t organizationalUnitNameLen
Definition: x509_common.h:590
const uint8_t * hashAlgo
Definition: x509_common.h:881
@ X509_KEY_USAGE_KEY_CERT_SIGN
Definition: x509_common.h:405
@ X509_SIGN_ALGO_ED448
Definition: x509_common.h:532
const char_t * organizationalUnitName
Definition: x509_common.h:589
Key usage.
Definition: x509_common.h:761
const uint8_t X509_CERTIFICATE_POLICIES_OID[3]
Definition: x509_common.c:105
const uint8_t X509_GENERATION_QUALIFIER_OID[3]
Definition: x509_common.c:70