x509_common.h
Go to the documentation of this file.
1 /**
2  * @file x509_common.h
3  * @brief X.509 common definitions
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2023 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.2.2
29  **/
30 
31 #ifndef _X509_COMMON_H
32 #define _X509_COMMON_H
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkc/rsa.h"
37 #include "pkc/dsa.h"
38 #include "ecc/ecdsa.h"
39 #include "ecc/eddsa.h"
40 #include "date_time.h"
41 
42 //RSA certificate support
43 #ifndef X509_RSA_SUPPORT
44  #define X509_RSA_SUPPORT ENABLED
45 #elif (X509_RSA_SUPPORT != ENABLED && X509_RSA_SUPPORT != DISABLED)
46  #error X509_RSA_SUPPORT
47 #endif
48 
49 //RSA-PSS certificate support
50 #ifndef X509_RSA_PSS_SUPPORT
51  #define X509_RSA_PSS_SUPPORT DISABLED
52 #elif (X509_RSA_PSS_SUPPORT != ENABLED && X509_RSA_PSS_SUPPORT != DISABLED)
53  #error X509_RSA_PSS_SUPPORT
54 #endif
55 
56 //DSA certificate support
57 #ifndef X509_DSA_SUPPORT
58  #define X509_DSA_SUPPORT DISABLED
59 #elif (X509_DSA_SUPPORT != ENABLED && X509_DSA_SUPPORT != DISABLED)
60  #error X509_DSA_SUPPORT parameter is not valid
61 #endif
62 
63 //ECDSA certificate support
64 #ifndef X509_ECDSA_SUPPORT
65  #define X509_ECDSA_SUPPORT ENABLED
66 #elif (X509_ECDSA_SUPPORT != ENABLED && X509_ECDSA_SUPPORT != DISABLED)
67  #error X509_ECDSA_SUPPORT parameter is not valid
68 #endif
69 
70 //MD5 hash support (insecure)
71 #ifndef X509_MD5_SUPPORT
72  #define X509_MD5_SUPPORT DISABLED
73 #elif (X509_MD5_SUPPORT != ENABLED && X509_MD5_SUPPORT != DISABLED)
74  #error X509_MD5_SUPPORT parameter is not valid
75 #endif
76 
77 //SHA-1 hash support (weak)
78 #ifndef X509_SHA1_SUPPORT
79  #define X509_SHA1_SUPPORT DISABLED
80 #elif (X509_SHA1_SUPPORT != ENABLED && X509_SHA1_SUPPORT != DISABLED)
81  #error X509_SHA1_SUPPORT parameter is not valid
82 #endif
83 
84 //SHA-224 hash support (weak)
85 #ifndef X509_SHA224_SUPPORT
86  #define X509_SHA224_SUPPORT DISABLED
87 #elif (X509_SHA224_SUPPORT != ENABLED && X509_SHA224_SUPPORT != DISABLED)
88  #error X509_SHA224_SUPPORT parameter is not valid
89 #endif
90 
91 //SHA-256 hash support
92 #ifndef X509_SHA256_SUPPORT
93  #define X509_SHA256_SUPPORT ENABLED
94 #elif (X509_SHA256_SUPPORT != ENABLED && X509_SHA256_SUPPORT != DISABLED)
95  #error X509_SHA256_SUPPORT parameter is not valid
96 #endif
97 
98 //SHA-384 hash support
99 #ifndef X509_SHA384_SUPPORT
100  #define X509_SHA384_SUPPORT ENABLED
101 #elif (X509_SHA384_SUPPORT != ENABLED && X509_SHA384_SUPPORT != DISABLED)
102  #error X509_SHA384_SUPPORT parameter is not valid
103 #endif
104 
105 //SHA-512 hash support
106 #ifndef X509_SHA512_SUPPORT
107  #define X509_SHA512_SUPPORT ENABLED
108 #elif (X509_SHA512_SUPPORT != ENABLED && X509_SHA512_SUPPORT != DISABLED)
109  #error X509_SHA512_SUPPORT parameter is not valid
110 #endif
111 
112 //SHA3-224 hash support
113 #ifndef X509_SHA3_224_SUPPORT
114  #define X509_SHA3_224_SUPPORT DISABLED
115 #elif (X509_SHA3_224_SUPPORT != ENABLED && X509_SHA3_224_SUPPORT != DISABLED)
116  #error X509_SHA3_224_SUPPORT parameter is not valid
117 #endif
118 
119 //SHA3-256 hash support
120 #ifndef X509_SHA3_256_SUPPORT
121  #define X509_SHA3_256_SUPPORT DISABLED
122 #elif (X509_SHA3_256_SUPPORT != ENABLED && X509_SHA3_256_SUPPORT != DISABLED)
123  #error X509_SHA3_256_SUPPORT parameter is not valid
124 #endif
125 
126 //SHA3-384 hash support
127 #ifndef X509_SHA3_384_SUPPORT
128  #define X509_SHA3_384_SUPPORT DISABLED
129 #elif (X509_SHA3_384_SUPPORT != ENABLED && X509_SHA3_384_SUPPORT != DISABLED)
130  #error X509_SHA3_384_SUPPORT parameter is not valid
131 #endif
132 
133 //SHA3-512 hash support
134 #ifndef X509_SHA3_512_SUPPORT
135  #define X509_SHA3_512_SUPPORT DISABLED
136 #elif (X509_SHA3_512_SUPPORT != ENABLED && X509_SHA3_512_SUPPORT != DISABLED)
137  #error X509_SHA3_512_SUPPORT parameter is not valid
138 #endif
139 
140 //secp112r1 elliptic curve support (weak)
141 #ifndef X509_SECP112R1_SUPPORT
142  #define X509_SECP112R1_SUPPORT DISABLED
143 #elif (X509_SECP112R1_SUPPORT != ENABLED && X509_SECP112R1_SUPPORT != DISABLED)
144  #error X509_SECP112R1_SUPPORT parameter is not valid
145 #endif
146 
147 //secp112r2 elliptic curve support (weak)
148 #ifndef X509_SECP112R2_SUPPORT
149  #define X509_SECP112R2_SUPPORT DISABLED
150 #elif (X509_SECP112R2_SUPPORT != ENABLED && X509_SECP112R2_SUPPORT != DISABLED)
151  #error X509_SECP112R2_SUPPORT parameter is not valid
152 #endif
153 
154 //secp128r1 elliptic curve support (weak)
155 #ifndef X509_SECP128R1_SUPPORT
156  #define X509_SECP128R1_SUPPORT DISABLED
157 #elif (X509_SECP128R1_SUPPORT != ENABLED && X509_SECP128R1_SUPPORT != DISABLED)
158  #error X509_SECP128R1_SUPPORT parameter is not valid
159 #endif
160 
161 //secp128r2 elliptic curve support (weak)
162 #ifndef X509_SECP128R2_SUPPORT
163  #define X509_SECP128R2_SUPPORT DISABLED
164 #elif (X509_SECP128R2_SUPPORT != ENABLED && X509_SECP128R2_SUPPORT != DISABLED)
165  #error X509_SECP128R2_SUPPORT parameter is not valid
166 #endif
167 
168 //secp160k1 elliptic curve support (weak)
169 #ifndef X509_SECP160K1_SUPPORT
170  #define X509_SECP160K1_SUPPORT DISABLED
171 #elif (X509_SECP160K1_SUPPORT != ENABLED && X509_SECP160K1_SUPPORT != DISABLED)
172  #error X509_SECP160K1_SUPPORT parameter is not valid
173 #endif
174 
175 //secp160r1 elliptic curve support (weak)
176 #ifndef X509_SECP160R1_SUPPORT
177  #define X509_SECP160R1_SUPPORT DISABLED
178 #elif (X509_SECP160R1_SUPPORT != ENABLED && X509_SECP160R1_SUPPORT != DISABLED)
179  #error X509_SECP160R1_SUPPORT parameter is not valid
180 #endif
181 
182 //secp160r2 elliptic curve support (weak)
183 #ifndef X509_SECP160R2_SUPPORT
184  #define X509_SECP160R2_SUPPORT DISABLED
185 #elif (X509_SECP160R2_SUPPORT != ENABLED && X509_SECP160R2_SUPPORT != DISABLED)
186  #error X509_SECP160R2_SUPPORT parameter is not valid
187 #endif
188 
189 //secp192k1 elliptic curve support
190 #ifndef X509_SECP192K1_SUPPORT
191  #define X509_SECP192K1_SUPPORT DISABLED
192 #elif (X509_SECP192K1_SUPPORT != ENABLED && X509_SECP192K1_SUPPORT != DISABLED)
193  #error X509_SECP192K1_SUPPORT parameter is not valid
194 #endif
195 
196 //secp192r1 elliptic curve support (NIST P-192)
197 #ifndef X509_SECP192R1_SUPPORT
198  #define X509_SECP192R1_SUPPORT DISABLED
199 #elif (X509_SECP192R1_SUPPORT != ENABLED && X509_SECP192R1_SUPPORT != DISABLED)
200  #error X509_SECP192R1_SUPPORT parameter is not valid
201 #endif
202 
203 //secp224k1 elliptic curve support
204 #ifndef X509_SECP224K1_SUPPORT
205  #define X509_SECP224K1_SUPPORT DISABLED
206 #elif (X509_SECP224K1_SUPPORT != ENABLED && X509_SECP224K1_SUPPORT != DISABLED)
207  #error X509_SECP224K1_SUPPORT parameter is not valid
208 #endif
209 
210 //secp224r1 elliptic curve support (NIST P-224)
211 #ifndef X509_SECP224R1_SUPPORT
212  #define X509_SECP224R1_SUPPORT DISABLED
213 #elif (X509_SECP224R1_SUPPORT != ENABLED && X509_SECP224R1_SUPPORT != DISABLED)
214  #error X509_SECP224R1_SUPPORT parameter is not valid
215 #endif
216 
217 //secp256k1 elliptic curve support
218 #ifndef X509_SECP256K1_SUPPORT
219  #define X509_SECP256K1_SUPPORT DISABLED
220 #elif (X509_SECP256K1_SUPPORT != ENABLED && X509_SECP256K1_SUPPORT != DISABLED)
221  #error X509_SECP256K1_SUPPORT parameter is not valid
222 #endif
223 
224 //secp256r1 elliptic curve support (NIST P-256)
225 #ifndef X509_SECP256R1_SUPPORT
226  #define X509_SECP256R1_SUPPORT ENABLED
227 #elif (X509_SECP256R1_SUPPORT != ENABLED && X509_SECP256R1_SUPPORT != DISABLED)
228  #error X509_SECP256R1_SUPPORT parameter is not valid
229 #endif
230 
231 //secp384r1 elliptic curve support (NIST P-384)
232 #ifndef X509_SECP384R1_SUPPORT
233  #define X509_SECP384R1_SUPPORT ENABLED
234 #elif (X509_SECP384R1_SUPPORT != ENABLED && X509_SECP384R1_SUPPORT != DISABLED)
235  #error X509_SECP384R1_SUPPORT parameter is not valid
236 #endif
237 
238 //secp521r1 elliptic curve support (NIST P-521)
239 #ifndef X509_SECP521R1_SUPPORT
240  #define X509_SECP521R1_SUPPORT ENABLED
241 #elif (X509_SECP521R1_SUPPORT != ENABLED && X509_SECP521R1_SUPPORT != DISABLED)
242  #error X509_SECP521R1_SUPPORT parameter is not valid
243 #endif
244 
245 //brainpoolP160r1 elliptic curve support
246 #ifndef X509_BRAINPOOLP160R1_SUPPORT
247  #define X509_BRAINPOOLP160R1_SUPPORT DISABLED
248 #elif (X509_BRAINPOOLP160R1_SUPPORT != ENABLED && X509_BRAINPOOLP160R1_SUPPORT != DISABLED)
249  #error X509_BRAINPOOLP160R1_SUPPORT parameter is not valid
250 #endif
251 
252 //brainpoolP192r1 elliptic curve support
253 #ifndef X509_BRAINPOOLP192R1_SUPPORT
254  #define X509_BRAINPOOLP192R1_SUPPORT DISABLED
255 #elif (X509_BRAINPOOLP192R1_SUPPORT != ENABLED && X509_BRAINPOOLP192R1_SUPPORT != DISABLED)
256  #error X509_BRAINPOOLP192R1_SUPPORT parameter is not valid
257 #endif
258 
259 //brainpoolP224r1 elliptic curve support
260 #ifndef X509_BRAINPOOLP224R1_SUPPORT
261  #define X509_BRAINPOOLP224R1_SUPPORT DISABLED
262 #elif (X509_BRAINPOOLP224R1_SUPPORT != ENABLED && X509_BRAINPOOLP224R1_SUPPORT != DISABLED)
263  #error X509_BRAINPOOLP224R1_SUPPORT parameter is not valid
264 #endif
265 
266 //brainpoolP256r1 elliptic curve support
267 #ifndef X509_BRAINPOOLP256R1_SUPPORT
268  #define X509_BRAINPOOLP256R1_SUPPORT DISABLED
269 #elif (X509_BRAINPOOLP256R1_SUPPORT != ENABLED && X509_BRAINPOOLP256R1_SUPPORT != DISABLED)
270  #error X509_BRAINPOOLP256R1_SUPPORT parameter is not valid
271 #endif
272 
273 //brainpoolP320r1 elliptic curve support
274 #ifndef X509_BRAINPOOLP320R1_SUPPORT
275  #define X509_BRAINPOOLP320R1_SUPPORT DISABLED
276 #elif (X509_BRAINPOOLP320R1_SUPPORT != ENABLED && X509_BRAINPOOLP320R1_SUPPORT != DISABLED)
277  #error X509_BRAINPOOLP320R1_SUPPORT parameter is not valid
278 #endif
279 
280 //brainpoolP384r1 elliptic curve support
281 #ifndef X509_BRAINPOOLP384R1_SUPPORT
282  #define X509_BRAINPOOLP384R1_SUPPORT DISABLED
283 #elif (X509_BRAINPOOLP384R1_SUPPORT != ENABLED && X509_BRAINPOOLP384R1_SUPPORT != DISABLED)
284  #error X509_BRAINPOOLP384R1_SUPPORT parameter is not valid
285 #endif
286 
287 //brainpoolP512r1 elliptic curve support
288 #ifndef X509_BRAINPOOLP512R1_SUPPORT
289  #define X509_BRAINPOOLP512R1_SUPPORT DISABLED
290 #elif (X509_BRAINPOOLP512R1_SUPPORT != ENABLED && X509_BRAINPOOLP512R1_SUPPORT != DISABLED)
291  #error X509_BRAINPOOLP512R1_SUPPORT parameter is not valid
292 #endif
293 
294 //Ed25519 elliptic curve support
295 #ifndef X509_ED25519_SUPPORT
296  #define X509_ED25519_SUPPORT DISABLED
297 #elif (X509_ED25519_SUPPORT != ENABLED && X509_ED25519_SUPPORT != DISABLED)
298  #error X509_ED25519_SUPPORT parameter is not valid
299 #endif
300 
301 //Ed448 elliptic curve support
302 #ifndef X509_ED448_SUPPORT
303  #define X509_ED448_SUPPORT DISABLED
304 #elif (X509_ED448_SUPPORT != ENABLED && X509_ED448_SUPPORT != DISABLED)
305  #error X509_ED448_SUPPORT parameter is not valid
306 #endif
307 
308 //Minimum acceptable size for RSA modulus
309 #ifndef X509_MIN_RSA_MODULUS_SIZE
310  #define X509_MIN_RSA_MODULUS_SIZE 1024
311 #elif (X509_MIN_RSA_MODULUS_SIZE < 512)
312  #error X509_MIN_RSA_MODULUS_SIZE parameter is not valid
313 #endif
314 
315 //Maximum acceptable size for RSA modulus
316 #ifndef X509_MAX_RSA_MODULUS_SIZE
317  #define X509_MAX_RSA_MODULUS_SIZE 4096
318 #elif (X509_MAX_RSA_MODULUS_SIZE < X509_MIN_RSA_MODULUS_SIZE)
319  #error X509_MAX_RSA_MODULUS_SIZE parameter is not valid
320 #endif
321 
322 //Minimum acceptable size for DSA prime modulus
323 #ifndef X509_MIN_DSA_MODULUS_SIZE
324  #define X509_MIN_DSA_MODULUS_SIZE 1024
325 #elif (X509_MIN_DSA_MODULUS_SIZE < 512)
326  #error X509_MIN_DSA_MODULUS_SIZE parameter is not valid
327 #endif
328 
329 //Maximum acceptable size for DSA prime modulus
330 #ifndef X509_MAX_DSA_MODULUS_SIZE
331  #define X509_MAX_DSA_MODULUS_SIZE 4096
332 #elif (X509_MAX_DSA_MODULUS_SIZE < X509_MIN_DSA_MODULUS_SIZE)
333  #error X509_MAX_DSA_MODULUS_SIZE parameter is not valid
334 #endif
335 
336 //Default size of serial numbers
337 #ifndef X509_SERIAL_NUMBER_SIZE
338  #define X509_SERIAL_NUMBER_SIZE 20
339 #elif (X509_SERIAL_NUMBER_SIZE < 1)
340  #error X509_SERIAL_NUMBER_SIZE parameter is not valid
341 #endif
342 
343 //Maximum number of subject alternative names
344 #ifndef X509_MAX_SUBJECT_ALT_NAMES
345  #define X509_MAX_SUBJECT_ALT_NAMES 4
346 #elif (X509_MAX_SUBJECT_ALT_NAMES < 1)
347  #error X509_MAX_SUBJECT_ALT_NAMES parameter is not valid
348 #endif
349 
350 //Maximum number of certificate issuer names
351 #ifndef X509_MAX_CERT_ISSUER_NAMES
352  #define X509_MAX_CERT_ISSUER_NAMES 4
353 #elif (X509_MAX_CERT_ISSUER_NAMES < 1)
354  #error X509_MAX_CERT_ISSUER_NAMES parameter is not valid
355 #endif
356 
357 //Maximum number of custom extensions
358 #ifndef X509_MAX_CUSTOM_EXTENSIONS
359  #define X509_MAX_CUSTOM_EXTENSIONS 2
360 #elif (X509_MAX_CUSTOM_EXTENSIONS < 1)
361  #error X509_MAX_CUSTOM_EXTENSIONS parameter is not valid
362 #endif
363 
364 //Application specific extensions
365 #ifndef X509_PRIVATE_EXTENSIONS
366  #define X509_PRIVATE_EXTENSIONS
367 #endif
368 
369 //C++ guard
370 #ifdef __cplusplus
371 extern "C" {
372 #endif
373 
374 
375 /**
376  * @brief X.509 versions
377  **/
378 
379 typedef enum
380 {
384 } X509Version;
385 
386 
387 /**
388  * @brief Key usage
389  **/
390 
391 typedef enum
392 {
403 
404 
405 /**
406  * @brief Extended key usage
407  **/
408 
409 typedef enum
410 {
421 
422 
423 /**
424  * @brief General name types
425  **/
426 
427 typedef enum
428 {
439 
440 
441 /**
442  * @brief Netscape certificate types
443  **/
444 
445 typedef enum
446 {
451 
452 
453 /**
454  * @brief Reason flags
455  **/
456 
457 typedef enum
458 {
469 
470 
471 /**
472  * @brief CRL reasons
473  **/
474 
475 typedef enum
476 {
488 
489 
490 /**
491  * @brief Public Key types
492  **/
493 
494 typedef enum
495 {
506 
507 
508 /**
509  * @brief Signature algorithms
510  **/
511 
512 typedef enum
513 {
522 
523 
524 /**
525  * @brief Hash algorithms
526  **/
527 
528 typedef enum
529 {
542 
543 
544 /**
545  * @brief Serial number
546  **/
547 
548 typedef struct
549 {
550  const uint8_t *data;
551  size_t length;
553 
554 
555 /**
556  * @brief Issuer or subject name
557  **/
558 
559 typedef struct
560 {
561  const uint8_t *rawData;
562  size_t rawDataLen;
565  const char_t *surname;
566  size_t surnameLen;
579  const char_t *title;
580  size_t titleLen;
581  const char_t *name;
582  size_t nameLen;
584  size_t givenNameLen;
585  const char_t *initials;
586  size_t initialsLen;
592  size_t pseudonymLen;
593 } X509Name;
594 
595 
596 /**
597  * @brief Name attribute
598  **/
599 
600 typedef struct
601 {
602  const uint8_t *type;
603  size_t typeLen;
604  const char_t *value;
605  size_t valueLen;
607 
608 
609 /**
610  * @brief Validity
611  **/
612 
613 typedef struct
614 {
617 } X509Validity;
618 
619 
620 /**
621  * @brief Algorithm identifier
622  **/
623 
624 typedef struct
625 {
626  const uint8_t *oid;
627  size_t oidLen;
628  const uint8_t *params;
629  size_t paramsLen;
630 } X509AlgoId;
631 
632 
633 /**
634  * @brief RSA public key
635  **/
636 
637 typedef struct
638 {
639  const uint8_t *n;
640  size_t nLen;
641  const uint8_t *e;
642  size_t eLen;
644 
645 
646 /**
647  * @brief DSA domain parameters
648  **/
649 
650 typedef struct
651 {
652  const uint8_t *p;
653  size_t pLen;
654  const uint8_t *q;
655  size_t qLen;
656  const uint8_t *g;
657  size_t gLen;
659 
660 
661 /**
662  * @brief DSA public key
663  **/
664 
665 typedef struct
666 {
667  const uint8_t *y;
668  size_t yLen;
670 
671 
672 /**
673  * @brief EC parameters
674  **/
675 
676 typedef struct
677 {
678  const uint8_t *namedCurve;
681 
682 
683 /**
684  * @brief EC public key
685  **/
686 
687 typedef struct
688 {
689  const uint8_t *q;
690  size_t qLen;
692 
693 
694 /**
695  * @brief Subject public key information
696  **/
697 
698 typedef struct
699 {
700  const uint8_t *rawData;
701  size_t rawDataLen;
702  const uint8_t *oid;
703  size_t oidLen;
704 #if (RSA_SUPPORT == ENABLED)
706 #endif
707 #if (DSA_SUPPORT == ENABLED)
710 #endif
711 #if (EC_SUPPORT == ENABLED || ED25519_SUPPORT == ENABLED || ED448_SUPPORT == ENABLED)
714 #endif
716 
717 
718 /**
719  * @brief Basic constraints
720  **/
721 
722 typedef struct
723 {
728 
729 
730 /**
731  * @brief Name constraints
732  **/
733 
734 typedef struct
735 {
737  const uint8_t *permittedSubtrees;
739  const uint8_t *excludedSubtrees;
742 
743 
744 /**
745  * @brief Key usage
746  **/
747 
748 typedef struct
749 {
751  uint16_t bitmap;
752 } X509KeyUsage;
753 
754 
755 /**
756  * @brief Extended key usage
757  **/
758 
759 typedef struct
760 {
762  uint8_t bitmap;
764 
765 
766 /**
767  * @brief General name
768  **/
769 
770 typedef struct
771 {
773  const char_t *value;
774  size_t length;
776 
777 
778 /**
779  * @brief Subject alternative name
780  **/
781 
782 typedef struct
783 {
785  const uint8_t *rawData;
786  size_t rawDataLen;
790 
791 
792 /**
793  * @brief Subject key identifier
794  **/
795 
796 typedef struct
797 {
799  const uint8_t *value;
800  size_t length;
802 
803 
804 /**
805  * @brief Authority key identifier
806  **/
807 
808 typedef struct
809 {
811  const uint8_t *keyId;
812  size_t keyIdLen;
814 
815 
816 /**
817  * @brief Netscape certificate type
818  **/
819 
820 typedef struct
821 {
823  uint8_t bitmap;
825 
826 
827 /**
828  * @brief X.509 certificate extension
829  **/
830 
831 typedef struct
832 {
833  const uint8_t *oid;
834  size_t oidLen;
836  const uint8_t *value;
837  size_t valueLen;
838 } X509Extension;
839 
840 
841 /**
842  * @brief X.509 certificate extensions
843  **/
844 
845 typedef struct
846 {
847  const uint8_t *rawData;
848  size_t rawDataLen;
861 
862 
863 /**
864  * @brief RSASSA-PSS parameters
865  **/
866 
867 typedef struct
868 {
869  const uint8_t *hashAlgo;
870  size_t hashAlgoLen;
871  const uint8_t *maskGenAlgo;
873  const uint8_t *maskGenHashAlgo;
875  size_t saltLen;
877 
878 
879 /**
880  * @brief Signature algorithm identifier
881  **/
882 
883 typedef struct
884 {
885  const uint8_t *oid;
886  size_t oidLen;
887 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
889 #endif
891 
892 
893 /**
894  * @brief Signature value
895  **/
896 
897 typedef struct
898 {
899  const uint8_t *data;
900  size_t length;
902 
903 
904 /**
905  * @brief TBSCertificate structure
906  **/
907 
908 typedef struct
909 {
910  const uint8_t *rawData;
911  size_t rawDataLen;
921 
922 
923 /**
924  * @brief X.509 certificate
925  **/
926 
927 typedef struct
928 {
933 
934 
935 /**
936  * @brief CRL reason
937  **/
938 
939 typedef struct
940 {
942  uint8_t value;
943 } X509CrlReason;
944 
945 
946 /**
947  * @brief Invalidity date
948  **/
949 
950 typedef struct
951 {
955 
956 
957 /**
958  * @brief Certificate issuer
959  **/
960 
961 typedef struct
962 {
964  const uint8_t *rawData;
965  size_t rawDataLen;
969 
970 
971 /**
972  * @brief CRL extensions
973  **/
974 
975 typedef struct
976 {
977  const uint8_t *rawData;
978  size_t rawDataLen;
983 
984 
985 /**
986  * @brief Revoked certificate
987  **/
988 
989 typedef struct
990 {
995 
996 
997 /**
998  * @brief CRL number
999  **/
1000 
1001 typedef struct
1002 {
1004  const uint8_t *value;
1005  size_t length;
1006 } X509CrlNumber;
1007 
1008 
1009 /**
1010  * @brief Delta CRL indicator
1011  **/
1012 
1013 typedef struct
1014 {
1016  const uint8_t *baseCrlNumber;
1019 
1020 
1021 /**
1022  * @brief Distribution point name
1023  **/
1024 
1025 typedef struct
1026 {
1028  const uint8_t *fullName;
1029  size_t fullNameLen;
1030  const uint8_t *nameRelativeToCrlIssuer;
1033 
1034 
1035 /**
1036  * @brief Issuing distribution point
1037  **/
1038 
1039 typedef struct
1040 {
1049 
1050 
1051 /**
1052  * @brief CRL extensions
1053  **/
1054 
1055 typedef struct
1056 {
1057  const uint8_t *rawData;
1058  size_t rawDataLen;
1064 
1065 
1066 /**
1067  * @brief TBSCertList structure
1068  **/
1069 
1070 typedef struct
1071 {
1072  const uint8_t *rawData;
1073  size_t rawDataLen;
1079  const uint8_t *revokedCerts;
1082 } X509TbsCertList;
1083 
1084 
1085 /**
1086  * @brief CRL (Certificate Revocation List)
1087  **/
1088 
1089 typedef struct
1090 {
1094 } X509CrlInfo;
1095 
1096 
1097 /**
1098  * @brief PKCS #9 ChallengePassword attribute
1099  **/
1100 
1101 typedef struct
1102 {
1103  const char_t *value;
1104  size_t length;
1106 
1107 
1108 /**
1109  * @brief CSR attribute
1110  **/
1111 
1112 typedef struct
1113 {
1114  const uint8_t *oid;
1115  size_t oidLen;
1116  const uint8_t *value;
1117  size_t valueLen;
1118 } X509Attribute;
1119 
1120 
1121 /**
1122  * @brief CSR attributes
1123  **/
1124 
1125 typedef struct
1126 {
1127  const uint8_t *rawData;
1128  size_t rawDataLen;
1131 } X509Attributes;
1132 
1133 
1134 /**
1135  * @brief CertificationRequestInfo structure
1136  **/
1137 
1138 typedef struct
1139 {
1140  const uint8_t *rawData;
1141  size_t rawDataLen;
1147 
1148 
1149 /**
1150  * @brief CSR (Certificate Signing Request)
1151  **/
1152 
1153 typedef struct
1154 {
1158 } X509CsrInfo;
1159 
1160 
1161 //X.509 related constants
1162 extern const uint8_t X509_COMMON_NAME_OID[3];
1163 extern const uint8_t X509_SURNAME_OID[3];
1164 extern const uint8_t X509_SERIAL_NUMBER_OID[3];
1165 extern const uint8_t X509_COUNTRY_NAME_OID[3];
1166 extern const uint8_t X509_LOCALITY_NAME_OID[3];
1167 extern const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[3];
1168 extern const uint8_t X509_ORGANIZATION_NAME_OID[3];
1169 extern const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3];
1170 extern const uint8_t X509_TITLE_OID[3];
1171 extern const uint8_t X509_NAME_OID[3];
1172 extern const uint8_t X509_GIVEN_NAME_OID[3];
1173 extern const uint8_t X509_INITIALS_OID[3];
1174 extern const uint8_t X509_GENERATION_QUALIFIER_OID[3];
1175 extern const uint8_t X509_DN_QUALIFIER_OID[3];
1176 extern const uint8_t X509_PSEUDONYM_OID[3];
1177 
1178 extern const uint8_t X509_SUBJECT_DIR_ATTR_OID[3];
1179 extern const uint8_t X509_SUBJECT_KEY_ID_OID[3];
1180 extern const uint8_t X509_KEY_USAGE_OID[3];
1181 extern const uint8_t X509_SUBJECT_ALT_NAME_OID[3];
1182 extern const uint8_t X509_ISSUER_ALT_NAME_OID[3];
1183 extern const uint8_t X509_BASIC_CONSTRAINTS_OID[3];
1184 extern const uint8_t X509_CRL_NUMBER_OID[3];
1185 extern const uint8_t X509_REASON_CODE_OID[3];
1186 extern const uint8_t X509_INVALIDITY_DATE_OID[3];
1187 extern const uint8_t X509_DELTA_CRL_INDICATOR_OID[3];
1188 extern const uint8_t X509_ISSUING_DISTR_POINT_OID[3];
1189 extern const uint8_t X509_CERTIFICATE_ISSUER_OID[3];
1190 extern const uint8_t X509_NAME_CONSTRAINTS_OID[3];
1191 extern const uint8_t X509_CRL_DISTR_POINTS_OID[3];
1192 extern const uint8_t X509_CERTIFICATE_POLICIES_OID[3];
1193 extern const uint8_t X509_POLICY_MAPPINGS_OID[3];
1194 extern const uint8_t X509_AUTHORITY_KEY_ID_OID[3];
1195 extern const uint8_t X509_POLICY_CONSTRAINTS_OID[3];
1196 extern const uint8_t X509_EXTENDED_KEY_USAGE_OID[3];
1197 extern const uint8_t X509_FRESHEST_CRL_OID[3];
1198 extern const uint8_t X509_INHIBIT_ANY_POLICY_OID[3];
1199 
1200 extern const uint8_t X509_NS_CERT_TYPE_OID[9];
1201 
1202 extern const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4];
1203 extern const uint8_t X509_KP_SERVER_AUTH_OID[8];
1204 extern const uint8_t X509_KP_CLIENT_AUTH_OID[8];
1205 extern const uint8_t X509_KP_CODE_SIGNING_OID[8];
1206 extern const uint8_t X509_KP_EMAIL_PROTECTION_OID[8];
1207 extern const uint8_t X509_KP_TIME_STAMPING_OID[8];
1208 extern const uint8_t X509_KP_OCSP_SIGNING_OID[8];
1209 extern const uint8_t X509_KP_SSH_CLIENT_OID[8];
1210 extern const uint8_t X509_KP_SSH_SERVER_OID[8];
1211 
1212 extern const uint8_t X509_CHALLENGE_PASSWORD_OID[9];
1213 extern const uint8_t X509_EXTENSION_REQUEST_OID[9];
1214 
1215 //X.509 related functions
1218 
1220  X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo);
1221 
1222 X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length);
1223 const EcCurveInfo *x509GetCurveInfo(const uint8_t *oid, size_t length);
1224 
1225 //C++ guard
1226 #ifdef __cplusplus
1227 }
1228 #endif
1229 
1230 #endif
@ X509_GENERAL_NAME_TYPE_REGISTERED_ID
Definition: x509_common.h:437
uint8_t length
Definition: coap_common.h:193
X509Validity validity
Definition: x509_common.h:916
const uint8_t X509_KP_SERVER_AUTH_OID[8]
Definition: x509_common.c:125
@ X509_GENERAL_NAME_TYPE_X400_ADDRESS
Definition: x509_common.h:432
@ X509_KEY_TYPE_RSA
Definition: x509_common.h:497
@ X509_EXT_KEY_USAGE_ANY
Definition: x509_common.h:419
Date and time management.
const uint8_t * maskGenHashAlgo
Definition: x509_common.h:873
CRL extensions.
Definition: x509_common.h:976
const uint8_t * rawData
Definition: x509_common.h:964
const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3]
Definition: x509_common.c:60
const uint8_t * oid
Definition: x509_common.h:702
@ X509_EXT_KEY_USAGE_SSH_CLIENT
Definition: x509_common.h:417
X509AuthorityKeyId authKeyId
Definition: x509_common.h:855
const uint8_t * oid
Definition: x509_common.h:885
X509GeneralNameType type
Definition: x509_common.h:772
@ X509_NS_CERT_TYPE_SSL_SERVER
Definition: x509_common.h:448
int bool_t
Definition: compiler_port.h:53
const uint8_t * q
Definition: x509_common.h:654
const uint8_t X509_INHIBIT_ANY_POLICY_OID[3]
Definition: x509_common.c:117
const char_t * stateOrProvinceName
Definition: x509_common.h:573
const uint8_t X509_KEY_USAGE_OID[3]
Definition: x509_common.c:81
X509ReasonFlags
Reason flags.
Definition: x509_common.h:458
X509SignatureValue signatureValue
Definition: x509_common.h:1157
@ X509_CRL_REASON_CA_COMPROMISE
Definition: x509_common.h:479
const char_t * localityName
Definition: x509_common.h:571
size_t permittedSubtreesLen
Definition: x509_common.h:738
const uint8_t * maskGenAlgo
Definition: x509_common.h:871
TBSCertificate structure.
Definition: x509_common.h:909
signed int int_t
Definition: compiler_port.h:49
const uint8_t * data
Definition: x509_common.h:899
const uint8_t * type
Definition: x509_common.h:602
@ X509_KEY_TYPE_X448
Definition: x509_common.h:503
const uint8_t * params
Definition: x509_common.h:628
Signature algorithm identifier.
Definition: x509_common.h:884
X509Extensions extensions
Definition: x509_common.h:919
const uint8_t * rawData
Definition: x509_common.h:847
X509DsaPublicKey dsaPublicKey
Definition: x509_common.h:709
@ X509_REASON_FLAGS_PRIVILEGE_WITHDRAWN
Definition: x509_common.h:466
const uint8_t X509_EXTENDED_KEY_USAGE_OID[3]
Definition: x509_common.c:113
ECDSA (Elliptic Curve Digital Signature Algorithm)
const uint8_t X509_KP_SSH_CLIENT_OID[8]
Definition: x509_common.c:137
Validity.
Definition: x509_common.h:614
X509KeyUsage keyUsage
Definition: x509_common.h:851
const uint8_t * keyId
Definition: x509_common.h:811
size_t pseudonymLen
Definition: x509_common.h:592
X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length)
Get the public key type that matches the specified OID.
Definition: x509_common.c:762
const uint8_t X509_POLICY_CONSTRAINTS_OID[3]
Definition: x509_common.c:111
size_t rawDataLen
Definition: x509_common.h:562
const uint8_t * fullName
Definition: x509_common.h:1028
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:888
@ X509_REASON_FLAGS_AFFILIATION_CHANGED
Definition: x509_common.h:462
bool_t critical
Definition: x509_common.h:835
const char_t * initials
Definition: x509_common.h:585
const uint8_t X509_CHALLENGE_PASSWORD_OID[9]
Definition: x509_common.c:142
const uint8_t X509_ORGANIZATION_NAME_OID[3]
Definition: x509_common.c:58
const uint8_t X509_KP_CODE_SIGNING_OID[8]
Definition: x509_common.c:129
X.509 certificate.
Definition: x509_common.h:928
size_t valueLen
Definition: x509_common.h:837
const uint8_t * value
Definition: x509_common.h:836
X509EcParameters ecParams
Definition: x509_common.h:712
const char_t * value
Definition: x509_common.h:1103
@ X509_GENERAL_NAME_TYPE_RFC822
Definition: x509_common.h:430
X509ExtendedKeyUsage extKeyUsage
Definition: x509_common.h:852
const uint8_t X509_KP_OCSP_SIGNING_OID[8]
Definition: x509_common.c:135
X509NsCertType nsCertType
Definition: x509_common.h:856
bool_t critical
Definition: x509_common.h:941
const uint8_t X509_DN_QUALIFIER_OID[3]
Definition: x509_common.c:72
@ X509_KEY_USAGE_DATA_ENCIPHERMENT
Definition: x509_common.h:396
@ X509_GENERAL_NAME_TYPE_URI
Definition: x509_common.h:435
#define X509_PRIVATE_EXTENSIONS
Definition: x509_common.h:366
X509Extensions extensionReq
Definition: x509_common.h:1130
const uint8_t X509_SUBJECT_DIR_ATTR_OID[3]
Definition: x509_common.c:77
size_t rawDataLen
Definition: x509_common.h:848
const uint8_t X509_SUBJECT_ALT_NAME_OID[3]
Definition: x509_common.c:83
@ X509_VERSION_1
Definition: x509_common.h:381
const uint8_t * q
Definition: x509_common.h:689
@ X509_EXT_KEY_USAGE_CLIENT_AUTH
Definition: x509_common.h:412
CRL (Certificate Revocation List)
Definition: x509_common.h:1090
@ X509_EXT_KEY_USAGE_SSH_SERVER
Definition: x509_common.h:418
Invalidity date.
Definition: x509_common.h:951
const uint8_t * rawData
Definition: x509_common.h:1072
const uint8_t X509_GIVEN_NAME_OID[3]
Definition: x509_common.c:66
const uint8_t X509_SERIAL_NUMBER_OID[3]
Definition: x509_common.c:50
const uint8_t * rawData
Definition: x509_common.h:910
error_t x509GetSignHashAlgo(const X509SignatureAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
Definition: x509_common.c:320
const uint8_t X509_AUTHORITY_KEY_ID_OID[3]
Definition: x509_common.c:109
#define X509_MAX_SUBJECT_ALT_NAMES
Definition: x509_common.h:345
@ X509_CRL_REASON_AA_COMPROMISE
Definition: x509_common.h:486
@ X509_KEY_USAGE_ENCIPHER_ONLY
Definition: x509_common.h:400
Subject key identifier.
Definition: x509_common.h:797
@ X509_GENERAL_NAME_TYPE_DIRECTORY
Definition: x509_common.h:433
uint8_t oid[]
Definition: lldp_tlv.h:298
X509DeltaCrlIndicator deltaCrlIndicator
Definition: x509_common.h:1060
const uint8_t X509_NAME_OID[3]
Definition: x509_common.c:64
@ X509_CRL_REASON_SUPERSEDED
Definition: x509_common.h:481
EC public key.
Definition: x509_common.h:688
const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4]
Definition: x509_common.c:123
@ X509_CRL_REASON_AFFILIATION_CHANGED
Definition: x509_common.h:480
Distribution point name.
Definition: x509_common.h:1026
@ X509_GENERAL_NAME_TYPE_EDI_PARTY
Definition: x509_common.h:434
const EcCurveInfo * x509GetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: x509_common.c:843
X509CrlReasons
CRL reasons.
Definition: x509_common.h:476
size_t oidLen
Definition: x509_common.h:627
@ X509_KEY_TYPE_EC
Definition: x509_common.h:500
X509SubjectPublicKeyInfo subjectPublicKeyInfo
Definition: x509_common.h:1144
const uint8_t * rawData
Definition: x509_common.h:785
DateTime notAfter
Definition: x509_common.h:616
Certificate issuer.
Definition: x509_common.h:962
X509SignatureAlgo
Signature algorithms.
Definition: x509_common.h:513
@ X509_KEY_USAGE_NON_REPUDIATION
Definition: x509_common.h:394
Elliptic curve parameters.
Definition: ec_curves.h:293
const uint8_t X509_DELTA_CRL_INDICATOR_OID[3]
Definition: x509_common.c:95
General name.
Definition: x509_common.h:771
bool_t critical
Definition: x509_common.h:750
const uint8_t * permittedSubtrees
Definition: x509_common.h:737
size_t surnameLen
Definition: x509_common.h:566
const uint8_t * value
Definition: x509_common.h:1004
X509CrlNumber crlNumber
Definition: x509_common.h:1059
@ X509_GENERAL_NAME_TYPE_DNS
Definition: x509_common.h:431
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:914
error_t
Error codes.
Definition: error.h:43
size_t paramsLen
Definition: x509_common.h:629
const uint8_t * rawData
Definition: x509_common.h:977
const uint8_t * n
Definition: x509_common.h:639
EC parameters.
Definition: x509_common.h:677
size_t nameRelativeToCrlIssuerLen
Definition: x509_common.h:1031
const uint8_t X509_POLICY_MAPPINGS_OID[3]
Definition: x509_common.c:107
const uint8_t X509_REASON_CODE_OID[3]
Definition: x509_common.c:91
const uint8_t * g
Definition: x509_common.h:656
const uint8_t X509_CRL_NUMBER_OID[3]
Definition: x509_common.c:89
Name attribute.
Definition: x509_common.h:601
Extended key usage.
Definition: x509_common.h:760
X509BasicConstraints basicConstraints
Definition: x509_common.h:849
RSA public key.
Definition: x509_common.h:638
X509Version
X.509 versions.
Definition: x509_common.h:380
const uint8_t * rawData
Definition: x509_common.h:700
@ X509_KEY_USAGE_DECIPHER_ONLY
Definition: x509_common.h:401
X509InvalidityDate invalidityDate
Definition: x509_common.h:980
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:1156
X509Version version
Definition: x509_common.h:912
X509CrlEntryExtensions crlEntryExtensions
Definition: x509_common.h:993
size_t serialNumberLen
Definition: x509_common.h:568
size_t nameLen
Definition: x509_common.h:582
@ X509_SIGN_ALGO_ECDSA
Definition: x509_common.h:518
@ X509_CRL_REASON_CESSATION_OF_OPERATION
Definition: x509_common.h:482
@ X509_HASH_ALGO_NONE
Definition: x509_common.h:530
CSR attribute.
Definition: x509_common.h:1113
TBSCertList structure.
Definition: x509_common.h:1071
const uint8_t X509_TITLE_OID[3]
Definition: x509_common.c:62
uint8_t value
Definition: x509_common.h:942
size_t excludedSubtreesLen
Definition: x509_common.h:740
const uint8_t X509_NAME_CONSTRAINTS_OID[3]
Definition: x509_common.c:101
@ X509_REASON_FLAGS_CERTIFICATE_HOLD
Definition: x509_common.h:465
X509RsaPublicKey rsaPublicKey
Definition: x509_common.h:705
@ X509_KEY_USAGE_KEY_AGREEMENT
Definition: x509_common.h:397
X509SignatureValue signatureValue
Definition: x509_common.h:931
@ X509_REASON_FLAGS_CA_COMPROMISE
Definition: x509_common.h:461
const uint8_t * nameRelativeToCrlIssuer
Definition: x509_common.h:1030
EdDSA (Edwards-Curve Digital Signature Algorithm)
@ X509_VERSION_3
Definition: x509_common.h:383
X.509 certificate extension.
Definition: x509_common.h:832
const uint8_t * e
Definition: x509_common.h:641
@ X509_HASH_ALGO_SHA1
Definition: x509_common.h:532
size_t titleLen
Definition: x509_common.h:580
const char_t * name
Definition: x509_common.h:581
General definitions for cryptographic algorithms.
X509Version version
Definition: x509_common.h:1142
X509CertRequestInfo certReqInfo
Definition: x509_common.h:1155
RSA public-key cryptography standard.
X509SerialNumber serialNumber
Definition: x509_common.h:913
@ X509_HASH_ALGO_SHA3_224
Definition: x509_common.h:537
size_t rawDataLen
Definition: x509_common.h:978
DSA (Digital Signature Algorithm)
size_t revokedCertsLen
Definition: x509_common.h:1080
@ X509_REASON_FLAGS_AA_COMPROMISE
Definition: x509_common.h:467
const uint8_t X509_KP_EMAIL_PROTECTION_OID[8]
Definition: x509_common.c:131
@ X509_KEY_TYPE_RSA_PSS
Definition: x509_common.h:498
@ X509_EXT_KEY_USAGE_SERVER_AUTH
Definition: x509_common.h:411
X509DsaParameters dsaParams
Definition: x509_common.h:708
Date and time representation.
Definition: date_time.h:47
@ X509_KEY_USAGE_DIGITAL_SIGNATURE
Definition: x509_common.h:393
#define X509_MAX_CUSTOM_EXTENSIONS
Definition: x509_common.h:359
const uint8_t * rawData
Definition: x509_common.h:561
const uint8_t * rawData
Definition: x509_common.h:1057
const uint8_t * excludedSubtrees
Definition: x509_common.h:739
@ X509_HASH_ALGO_SHA224
Definition: x509_common.h:533
size_t namedCurveLen
Definition: x509_common.h:679
Revoked certificate.
Definition: x509_common.h:990
const uint8_t X509_CRL_DISTR_POINTS_OID[3]
Definition: x509_common.c:103
@ X509_CRL_REASON_CERTIFICATE_HOLD
Definition: x509_common.h:483
Signature value.
Definition: x509_common.h:898
uint16_t bitmap
Definition: x509_common.h:751
const uint8_t * oid
Definition: x509_common.h:1114
X509TbsCertList tbsCertList
Definition: x509_common.h:1091
X509HashAlgo
Hash algorithms.
Definition: x509_common.h:529
CertificationRequestInfo structure.
Definition: x509_common.h:1139
X509CrlExtensions crlExtensions
Definition: x509_common.h:1081
X509SubjectAltName subjectAltName
Definition: x509_common.h:853
Subject alternative name.
Definition: x509_common.h:783
@ X509_SIGN_ALGO_RSA
Definition: x509_common.h:515
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:1075
const uint8_t X509_INVALIDITY_DATE_OID[3]
Definition: x509_common.c:93
#define X509_MAX_CERT_ISSUER_NAMES
Definition: x509_common.h:352
const uint8_t * oid
Definition: x509_common.h:626
@ X509_EXT_KEY_USAGE_TIME_STAMPING
Definition: x509_common.h:415
X509KeyUsageBitmap
Key usage.
Definition: x509_common.h:392
const char_t * value
Definition: x509_common.h:604
const uint8_t X509_KP_TIME_STAMPING_OID[8]
Definition: x509_common.c:133
Netscape certificate type.
Definition: x509_common.h:821
@ X509_NS_CERT_TYPE_SSL_CLIENT
Definition: x509_common.h:447
size_t dnQualifierLen
Definition: x509_common.h:590
const char_t * value
Definition: x509_common.h:773
bool_t onlyContainsAttributeCerts
Definition: x509_common.h:1047
@ X509_HASH_ALGO_SHA3_512
Definition: x509_common.h:540
size_t localityNameLen
Definition: x509_common.h:572
const uint8_t * data
Definition: x509_common.h:550
const char_t * title
Definition: x509_common.h:579
size_t givenNameLen
Definition: x509_common.h:584
char char_t
Definition: compiler_port.h:48
@ X509_HASH_ALGO_MD5
Definition: x509_common.h:531
@ X509_VERSION_2
Definition: x509_common.h:382
X509IssuingDistrPoint issuingDistrPoint
Definition: x509_common.h:1061
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
Definition: x509_common.c:221
const char_t * commonName
Definition: x509_common.h:563
@ X509_REASON_FLAGS_SUPERSEDED
Definition: x509_common.h:463
const uint8_t X509_ISSUER_ALT_NAME_OID[3]
Definition: x509_common.c:85
uint_t numCustomExtensions
Definition: x509_common.h:857
X509ExtKeyUsageBitmap
Extended key usage.
Definition: x509_common.h:410
DateTime notBefore
Definition: x509_common.h:615
size_t initialsLen
Definition: x509_common.h:586
@ X509_SIGN_ALGO_RSA_PSS
Definition: x509_common.h:516
const uint8_t X509_LOCALITY_NAME_OID[3]
Definition: x509_common.c:54
const uint8_t X509_SURNAME_OID[3]
Definition: x509_common.c:48
size_t commonNameLen
Definition: x509_common.h:564
@ X509_KEY_TYPE_ED448
Definition: x509_common.h:504
@ X509_HASH_ALGO_SHA3_256
Definition: x509_common.h:538
@ X509_HASH_ALGO_SHA3_384
Definition: x509_common.h:539
const uint8_t X509_PSEUDONYM_OID[3]
Definition: x509_common.c:74
const uint8_t X509_KP_CLIENT_AUTH_OID[8]
Definition: x509_common.c:127
Issuer or subject name.
Definition: x509_common.h:560
X509CertificateIssuer certIssuer
Definition: x509_common.h:981
Subject public key information.
Definition: x509_common.h:699
@ X509_CRL_REASON_KEY_COMPROMISE
Definition: x509_common.h:478
@ X509_HASH_ALGO_SHA512
Definition: x509_common.h:536
const uint8_t * oid
Definition: x509_common.h:833
const uint8_t X509_COMMON_NAME_OID[3]
Definition: x509_common.c:46
X509SignatureValue signatureValue
Definition: x509_common.h:1093
CRL extensions.
Definition: x509_common.h:1056
DSA domain parameters.
Definition: x509_common.h:651
X509CrlReason reasonCode
Definition: x509_common.h:979
@ X509_KEY_TYPE_DSA
Definition: x509_common.h:499
@ X509_REASON_FLAGS_KEY_COMPROMISE
Definition: x509_common.h:460
size_t generationQualifierLen
Definition: x509_common.h:588
X509DistrPointName distributionPoint
Definition: x509_common.h:1042
const uint8_t * revokedCerts
Definition: x509_common.h:1079
const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[3]
Definition: x509_common.c:56
const char_t * generationQualifier
Definition: x509_common.h:587
CRL reason.
Definition: x509_common.h:940
@ X509_REASON_FLAGS_CESSATION_OF_OPERATION
Definition: x509_common.h:464
Basic constraints.
Definition: x509_common.h:723
CSR attributes.
Definition: x509_common.h:1126
@ X509_NS_CERT_TYPE_SSL_CA
Definition: x509_common.h:449
Delta CRL indicator.
Definition: x509_common.h:1014
@ X509_HASH_ALGO_SHA384
Definition: x509_common.h:535
const uint8_t X509_NS_CERT_TYPE_OID[9]
Definition: x509_common.c:120
DateTime thisUpdate
Definition: x509_common.h:1077
const uint8_t X509_CERTIFICATE_ISSUER_OID[3]
Definition: x509_common.c:99
@ X509_HASH_ALGO_SHA256
Definition: x509_common.h:534
const uint8_t X509_SUBJECT_KEY_ID_OID[3]
Definition: x509_common.c:79
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:1092
const char_t * countryName
Definition: x509_common.h:569
const uint8_t X509_EXTENSION_REQUEST_OID[9]
Definition: x509_common.c:144
RSASSA-PSS parameters.
Definition: x509_common.h:868
@ X509_EXT_KEY_USAGE_OCSP_SIGNING
Definition: x509_common.h:416
Name constraints.
Definition: x509_common.h:735
X.509 certificate extensions.
Definition: x509_common.h:846
const uint8_t X509_ISSUING_DISTR_POINT_OID[3]
Definition: x509_common.c:97
X509NameConstraints nameConstraints
Definition: x509_common.h:850
const uint8_t X509_INITIALS_OID[3]
Definition: x509_common.c:68
size_t countryNameLen
Definition: x509_common.h:570
X509SignatureAlgoId signatureAlgo
Definition: x509_common.h:930
const uint8_t X509_COUNTRY_NAME_OID[3]
Definition: x509_common.c:52
@ X509_EXT_KEY_USAGE_CODE_SIGNING
Definition: x509_common.h:413
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
Definition: x509_common.c:153
Common interface for hash algorithms.
Definition: crypto.h:937
CRL number.
Definition: x509_common.h:1002
const uint8_t * value
Definition: x509_common.h:799
@ X509_KEY_TYPE_UNKNOWN
Definition: x509_common.h:496
@ X509_CRL_REASON_PRIVILEGE_WITHDRAWN
Definition: x509_common.h:485
@ X509_CRL_REMOVE_FROM_CRL
Definition: x509_common.h:484
const uint8_t * p
Definition: x509_common.h:652
X509SerialNumber userCert
Definition: x509_common.h:991
const uint8_t * y
Definition: x509_common.h:667
@ X509_GENERAL_NAME_TYPE_OTHER
Definition: x509_common.h:429
X509ChallengePassword challengePwd
Definition: x509_common.h:1129
@ X509_CRL_REASON_UNSPECIFIED
Definition: x509_common.h:477
const char_t * givenName
Definition: x509_common.h:583
const uint8_t X509_KP_SSH_SERVER_OID[8]
Definition: x509_common.c:139
Serial number.
Definition: x509_common.h:549
size_t organizationNameLen
Definition: x509_common.h:576
@ X509_REASON_FLAGS_UNUSED
Definition: x509_common.h:459
@ X509_SIGN_ALGO_ED25519
Definition: x509_common.h:519
unsigned int uint_t
Definition: compiler_port.h:50
Issuing distribution point.
Definition: x509_common.h:1040
DateTime nextUpdate
Definition: x509_common.h:1078
const uint8_t X509_FRESHEST_CRL_OID[3]
Definition: x509_common.c:115
uint8_t bitmap
Definition: x509_common.h:823
@ X509_KEY_TYPE_ED25519
Definition: x509_common.h:502
@ X509_GENERAL_NAME_TYPE_IP_ADDRESS
Definition: x509_common.h:436
@ X509_KEY_USAGE_KEY_ENCIPHERMENT
Definition: x509_common.h:395
const uint8_t X509_BASIC_CONSTRAINTS_OID[3]
Definition: x509_common.c:87
X509KeyType
Public Key types.
Definition: x509_common.h:495
X509EcPublicKey ecPublicKey
Definition: x509_common.h:713
X509SubjectPublicKeyInfo subjectPublicKeyInfo
Definition: x509_common.h:918
const uint8_t * rawData
Definition: x509_common.h:1127
const char_t * serialNumber
Definition: x509_common.h:567
DSA public key.
Definition: x509_common.h:666
X509GeneralNameType
General name types.
Definition: x509_common.h:428
X509SubjectKeyId subjectKeyId
Definition: x509_common.h:854
X509Version version
Definition: x509_common.h:1074
CSR (Certificate Signing Request)
Definition: x509_common.h:1154
size_t stateOrProvinceNameLen
Definition: x509_common.h:574
@ X509_SIGN_ALGO_NONE
Definition: x509_common.h:514
const char_t * surname
Definition: x509_common.h:565
const char_t * dnQualifier
Definition: x509_common.h:589
X509AuthorityKeyId authKeyId
Definition: x509_common.h:1062
const uint8_t * value
Definition: x509_common.h:1116
X509Attributes attributes
Definition: x509_common.h:1145
@ X509_EXT_KEY_USAGE_EMAIL_PROTECTION
Definition: x509_common.h:414
Authority key identifier.
Definition: x509_common.h:809
const uint8_t * namedCurve
Definition: x509_common.h:678
@ X509_KEY_USAGE_CRL_SIGN
Definition: x509_common.h:399
const char_t * pseudonym
Definition: x509_common.h:591
PKCS #9 ChallengePassword attribute.
Definition: x509_common.h:1102
const uint8_t * baseCrlNumber
Definition: x509_common.h:1016
X509TbsCertificate tbsCert
Definition: x509_common.h:929
X509NsCertTypeBitmap
Netscape certificate types.
Definition: x509_common.h:446
Algorithm identifier.
Definition: x509_common.h:625
const char_t * organizationName
Definition: x509_common.h:575
const uint8_t * rawData
Definition: x509_common.h:1140
@ X509_KEY_TYPE_X25519
Definition: x509_common.h:501
@ X509_SIGN_ALGO_DSA
Definition: x509_common.h:517
size_t organizationalUnitNameLen
Definition: x509_common.h:578
const uint8_t * hashAlgo
Definition: x509_common.h:869
@ X509_KEY_USAGE_KEY_CERT_SIGN
Definition: x509_common.h:398
@ X509_SIGN_ALGO_ED448
Definition: x509_common.h:520
const char_t * organizationalUnitName
Definition: x509_common.h:577
Key usage.
Definition: x509_common.h:749
const uint8_t X509_CERTIFICATE_POLICIES_OID[3]
Definition: x509_common.c:105
const uint8_t X509_GENERATION_QUALIFIER_OID[3]
Definition: x509_common.c:70