x509_common.h
Go to the documentation of this file.
1 /**
2  * @file x509_common.h
3  * @brief X.509 common definitions
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2023 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.3.2
29  **/
30 
31 #ifndef _X509_COMMON_H
32 #define _X509_COMMON_H
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkc/rsa.h"
37 #include "pkc/dsa.h"
38 #include "ecc/ecdsa.h"
39 #include "ecc/eddsa.h"
40 #include "date_time.h"
41 
42 //Signature generation/verification callback functions
43 #ifndef X509_SIGN_CALLBACK_SUPPORT
44  #define X509_SIGN_CALLBACK_SUPPORT DISABLED
45 #elif (X509_SIGN_CALLBACK_SUPPORT != ENABLED && X509_SIGN_CALLBACK_SUPPORT != DISABLED)
46  #error X509_SIGN_CALLBACK_SUPPORT parameter is not valid
47 #endif
48 
49 //RSA certificate support
50 #ifndef X509_RSA_SUPPORT
51  #define X509_RSA_SUPPORT ENABLED
52 #elif (X509_RSA_SUPPORT != ENABLED && X509_RSA_SUPPORT != DISABLED)
53  #error X509_RSA_SUPPORT
54 #endif
55 
56 //RSA-PSS certificate support
57 #ifndef X509_RSA_PSS_SUPPORT
58  #define X509_RSA_PSS_SUPPORT DISABLED
59 #elif (X509_RSA_PSS_SUPPORT != ENABLED && X509_RSA_PSS_SUPPORT != DISABLED)
60  #error X509_RSA_PSS_SUPPORT
61 #endif
62 
63 //DSA certificate support
64 #ifndef X509_DSA_SUPPORT
65  #define X509_DSA_SUPPORT DISABLED
66 #elif (X509_DSA_SUPPORT != ENABLED && X509_DSA_SUPPORT != DISABLED)
67  #error X509_DSA_SUPPORT parameter is not valid
68 #endif
69 
70 //ECDSA certificate support
71 #ifndef X509_ECDSA_SUPPORT
72  #define X509_ECDSA_SUPPORT ENABLED
73 #elif (X509_ECDSA_SUPPORT != ENABLED && X509_ECDSA_SUPPORT != DISABLED)
74  #error X509_ECDSA_SUPPORT parameter is not valid
75 #endif
76 
77 //MD5 hash support (insecure)
78 #ifndef X509_MD5_SUPPORT
79  #define X509_MD5_SUPPORT DISABLED
80 #elif (X509_MD5_SUPPORT != ENABLED && X509_MD5_SUPPORT != DISABLED)
81  #error X509_MD5_SUPPORT parameter is not valid
82 #endif
83 
84 //SHA-1 hash support (weak)
85 #ifndef X509_SHA1_SUPPORT
86  #define X509_SHA1_SUPPORT DISABLED
87 #elif (X509_SHA1_SUPPORT != ENABLED && X509_SHA1_SUPPORT != DISABLED)
88  #error X509_SHA1_SUPPORT parameter is not valid
89 #endif
90 
91 //SHA-224 hash support (weak)
92 #ifndef X509_SHA224_SUPPORT
93  #define X509_SHA224_SUPPORT DISABLED
94 #elif (X509_SHA224_SUPPORT != ENABLED && X509_SHA224_SUPPORT != DISABLED)
95  #error X509_SHA224_SUPPORT parameter is not valid
96 #endif
97 
98 //SHA-256 hash support
99 #ifndef X509_SHA256_SUPPORT
100  #define X509_SHA256_SUPPORT ENABLED
101 #elif (X509_SHA256_SUPPORT != ENABLED && X509_SHA256_SUPPORT != DISABLED)
102  #error X509_SHA256_SUPPORT parameter is not valid
103 #endif
104 
105 //SHA-384 hash support
106 #ifndef X509_SHA384_SUPPORT
107  #define X509_SHA384_SUPPORT ENABLED
108 #elif (X509_SHA384_SUPPORT != ENABLED && X509_SHA384_SUPPORT != DISABLED)
109  #error X509_SHA384_SUPPORT parameter is not valid
110 #endif
111 
112 //SHA-512 hash support
113 #ifndef X509_SHA512_SUPPORT
114  #define X509_SHA512_SUPPORT ENABLED
115 #elif (X509_SHA512_SUPPORT != ENABLED && X509_SHA512_SUPPORT != DISABLED)
116  #error X509_SHA512_SUPPORT parameter is not valid
117 #endif
118 
119 //SHA3-224 hash support
120 #ifndef X509_SHA3_224_SUPPORT
121  #define X509_SHA3_224_SUPPORT DISABLED
122 #elif (X509_SHA3_224_SUPPORT != ENABLED && X509_SHA3_224_SUPPORT != DISABLED)
123  #error X509_SHA3_224_SUPPORT parameter is not valid
124 #endif
125 
126 //SHA3-256 hash support
127 #ifndef X509_SHA3_256_SUPPORT
128  #define X509_SHA3_256_SUPPORT DISABLED
129 #elif (X509_SHA3_256_SUPPORT != ENABLED && X509_SHA3_256_SUPPORT != DISABLED)
130  #error X509_SHA3_256_SUPPORT parameter is not valid
131 #endif
132 
133 //SHA3-384 hash support
134 #ifndef X509_SHA3_384_SUPPORT
135  #define X509_SHA3_384_SUPPORT DISABLED
136 #elif (X509_SHA3_384_SUPPORT != ENABLED && X509_SHA3_384_SUPPORT != DISABLED)
137  #error X509_SHA3_384_SUPPORT parameter is not valid
138 #endif
139 
140 //SHA3-512 hash support
141 #ifndef X509_SHA3_512_SUPPORT
142  #define X509_SHA3_512_SUPPORT DISABLED
143 #elif (X509_SHA3_512_SUPPORT != ENABLED && X509_SHA3_512_SUPPORT != DISABLED)
144  #error X509_SHA3_512_SUPPORT parameter is not valid
145 #endif
146 
147 //SM3 hash support
148 #ifndef X509_SM3_SUPPORT
149  #define X509_SM3_SUPPORT DISABLED
150 #elif (X509_SM3_SUPPORT != ENABLED && X509_SM3_SUPPORT != DISABLED)
151  #error X509_SM3_SUPPORT parameter is not valid
152 #endif
153 
154 //secp112r1 elliptic curve support (weak)
155 #ifndef X509_SECP112R1_SUPPORT
156  #define X509_SECP112R1_SUPPORT DISABLED
157 #elif (X509_SECP112R1_SUPPORT != ENABLED && X509_SECP112R1_SUPPORT != DISABLED)
158  #error X509_SECP112R1_SUPPORT parameter is not valid
159 #endif
160 
161 //secp112r2 elliptic curve support (weak)
162 #ifndef X509_SECP112R2_SUPPORT
163  #define X509_SECP112R2_SUPPORT DISABLED
164 #elif (X509_SECP112R2_SUPPORT != ENABLED && X509_SECP112R2_SUPPORT != DISABLED)
165  #error X509_SECP112R2_SUPPORT parameter is not valid
166 #endif
167 
168 //secp128r1 elliptic curve support (weak)
169 #ifndef X509_SECP128R1_SUPPORT
170  #define X509_SECP128R1_SUPPORT DISABLED
171 #elif (X509_SECP128R1_SUPPORT != ENABLED && X509_SECP128R1_SUPPORT != DISABLED)
172  #error X509_SECP128R1_SUPPORT parameter is not valid
173 #endif
174 
175 //secp128r2 elliptic curve support (weak)
176 #ifndef X509_SECP128R2_SUPPORT
177  #define X509_SECP128R2_SUPPORT DISABLED
178 #elif (X509_SECP128R2_SUPPORT != ENABLED && X509_SECP128R2_SUPPORT != DISABLED)
179  #error X509_SECP128R2_SUPPORT parameter is not valid
180 #endif
181 
182 //secp160k1 elliptic curve support (weak)
183 #ifndef X509_SECP160K1_SUPPORT
184  #define X509_SECP160K1_SUPPORT DISABLED
185 #elif (X509_SECP160K1_SUPPORT != ENABLED && X509_SECP160K1_SUPPORT != DISABLED)
186  #error X509_SECP160K1_SUPPORT parameter is not valid
187 #endif
188 
189 //secp160r1 elliptic curve support (weak)
190 #ifndef X509_SECP160R1_SUPPORT
191  #define X509_SECP160R1_SUPPORT DISABLED
192 #elif (X509_SECP160R1_SUPPORT != ENABLED && X509_SECP160R1_SUPPORT != DISABLED)
193  #error X509_SECP160R1_SUPPORT parameter is not valid
194 #endif
195 
196 //secp160r2 elliptic curve support (weak)
197 #ifndef X509_SECP160R2_SUPPORT
198  #define X509_SECP160R2_SUPPORT DISABLED
199 #elif (X509_SECP160R2_SUPPORT != ENABLED && X509_SECP160R2_SUPPORT != DISABLED)
200  #error X509_SECP160R2_SUPPORT parameter is not valid
201 #endif
202 
203 //secp192k1 elliptic curve support
204 #ifndef X509_SECP192K1_SUPPORT
205  #define X509_SECP192K1_SUPPORT DISABLED
206 #elif (X509_SECP192K1_SUPPORT != ENABLED && X509_SECP192K1_SUPPORT != DISABLED)
207  #error X509_SECP192K1_SUPPORT parameter is not valid
208 #endif
209 
210 //secp192r1 elliptic curve support (NIST P-192)
211 #ifndef X509_SECP192R1_SUPPORT
212  #define X509_SECP192R1_SUPPORT DISABLED
213 #elif (X509_SECP192R1_SUPPORT != ENABLED && X509_SECP192R1_SUPPORT != DISABLED)
214  #error X509_SECP192R1_SUPPORT parameter is not valid
215 #endif
216 
217 //secp224k1 elliptic curve support
218 #ifndef X509_SECP224K1_SUPPORT
219  #define X509_SECP224K1_SUPPORT DISABLED
220 #elif (X509_SECP224K1_SUPPORT != ENABLED && X509_SECP224K1_SUPPORT != DISABLED)
221  #error X509_SECP224K1_SUPPORT parameter is not valid
222 #endif
223 
224 //secp224r1 elliptic curve support (NIST P-224)
225 #ifndef X509_SECP224R1_SUPPORT
226  #define X509_SECP224R1_SUPPORT DISABLED
227 #elif (X509_SECP224R1_SUPPORT != ENABLED && X509_SECP224R1_SUPPORT != DISABLED)
228  #error X509_SECP224R1_SUPPORT parameter is not valid
229 #endif
230 
231 //secp256k1 elliptic curve support
232 #ifndef X509_SECP256K1_SUPPORT
233  #define X509_SECP256K1_SUPPORT DISABLED
234 #elif (X509_SECP256K1_SUPPORT != ENABLED && X509_SECP256K1_SUPPORT != DISABLED)
235  #error X509_SECP256K1_SUPPORT parameter is not valid
236 #endif
237 
238 //secp256r1 elliptic curve support (NIST P-256)
239 #ifndef X509_SECP256R1_SUPPORT
240  #define X509_SECP256R1_SUPPORT ENABLED
241 #elif (X509_SECP256R1_SUPPORT != ENABLED && X509_SECP256R1_SUPPORT != DISABLED)
242  #error X509_SECP256R1_SUPPORT parameter is not valid
243 #endif
244 
245 //secp384r1 elliptic curve support (NIST P-384)
246 #ifndef X509_SECP384R1_SUPPORT
247  #define X509_SECP384R1_SUPPORT ENABLED
248 #elif (X509_SECP384R1_SUPPORT != ENABLED && X509_SECP384R1_SUPPORT != DISABLED)
249  #error X509_SECP384R1_SUPPORT parameter is not valid
250 #endif
251 
252 //secp521r1 elliptic curve support (NIST P-521)
253 #ifndef X509_SECP521R1_SUPPORT
254  #define X509_SECP521R1_SUPPORT ENABLED
255 #elif (X509_SECP521R1_SUPPORT != ENABLED && X509_SECP521R1_SUPPORT != DISABLED)
256  #error X509_SECP521R1_SUPPORT parameter is not valid
257 #endif
258 
259 //brainpoolP160r1 elliptic curve support
260 #ifndef X509_BRAINPOOLP160R1_SUPPORT
261  #define X509_BRAINPOOLP160R1_SUPPORT DISABLED
262 #elif (X509_BRAINPOOLP160R1_SUPPORT != ENABLED && X509_BRAINPOOLP160R1_SUPPORT != DISABLED)
263  #error X509_BRAINPOOLP160R1_SUPPORT parameter is not valid
264 #endif
265 
266 //brainpoolP192r1 elliptic curve support
267 #ifndef X509_BRAINPOOLP192R1_SUPPORT
268  #define X509_BRAINPOOLP192R1_SUPPORT DISABLED
269 #elif (X509_BRAINPOOLP192R1_SUPPORT != ENABLED && X509_BRAINPOOLP192R1_SUPPORT != DISABLED)
270  #error X509_BRAINPOOLP192R1_SUPPORT parameter is not valid
271 #endif
272 
273 //brainpoolP224r1 elliptic curve support
274 #ifndef X509_BRAINPOOLP224R1_SUPPORT
275  #define X509_BRAINPOOLP224R1_SUPPORT DISABLED
276 #elif (X509_BRAINPOOLP224R1_SUPPORT != ENABLED && X509_BRAINPOOLP224R1_SUPPORT != DISABLED)
277  #error X509_BRAINPOOLP224R1_SUPPORT parameter is not valid
278 #endif
279 
280 //brainpoolP256r1 elliptic curve support
281 #ifndef X509_BRAINPOOLP256R1_SUPPORT
282  #define X509_BRAINPOOLP256R1_SUPPORT DISABLED
283 #elif (X509_BRAINPOOLP256R1_SUPPORT != ENABLED && X509_BRAINPOOLP256R1_SUPPORT != DISABLED)
284  #error X509_BRAINPOOLP256R1_SUPPORT parameter is not valid
285 #endif
286 
287 //brainpoolP320r1 elliptic curve support
288 #ifndef X509_BRAINPOOLP320R1_SUPPORT
289  #define X509_BRAINPOOLP320R1_SUPPORT DISABLED
290 #elif (X509_BRAINPOOLP320R1_SUPPORT != ENABLED && X509_BRAINPOOLP320R1_SUPPORT != DISABLED)
291  #error X509_BRAINPOOLP320R1_SUPPORT parameter is not valid
292 #endif
293 
294 //brainpoolP384r1 elliptic curve support
295 #ifndef X509_BRAINPOOLP384R1_SUPPORT
296  #define X509_BRAINPOOLP384R1_SUPPORT DISABLED
297 #elif (X509_BRAINPOOLP384R1_SUPPORT != ENABLED && X509_BRAINPOOLP384R1_SUPPORT != DISABLED)
298  #error X509_BRAINPOOLP384R1_SUPPORT parameter is not valid
299 #endif
300 
301 //brainpoolP512r1 elliptic curve support
302 #ifndef X509_BRAINPOOLP512R1_SUPPORT
303  #define X509_BRAINPOOLP512R1_SUPPORT DISABLED
304 #elif (X509_BRAINPOOLP512R1_SUPPORT != ENABLED && X509_BRAINPOOLP512R1_SUPPORT != DISABLED)
305  #error X509_BRAINPOOLP512R1_SUPPORT parameter is not valid
306 #endif
307 
308 //SM2 elliptic curve support
309 #ifndef X509_SM2_SUPPORT
310  #define X509_SM2_SUPPORT DISABLED
311 #elif (X509_SM2_SUPPORT != ENABLED && X509_SM2_SUPPORT != DISABLED)
312  #error X509_SM2_SUPPORT parameter is not valid
313 #endif
314 
315 //Ed25519 elliptic curve support
316 #ifndef X509_ED25519_SUPPORT
317  #define X509_ED25519_SUPPORT DISABLED
318 #elif (X509_ED25519_SUPPORT != ENABLED && X509_ED25519_SUPPORT != DISABLED)
319  #error X509_ED25519_SUPPORT parameter is not valid
320 #endif
321 
322 //Ed448 elliptic curve support
323 #ifndef X509_ED448_SUPPORT
324  #define X509_ED448_SUPPORT DISABLED
325 #elif (X509_ED448_SUPPORT != ENABLED && X509_ED448_SUPPORT != DISABLED)
326  #error X509_ED448_SUPPORT parameter is not valid
327 #endif
328 
329 //Minimum acceptable size for RSA modulus
330 #ifndef X509_MIN_RSA_MODULUS_SIZE
331  #define X509_MIN_RSA_MODULUS_SIZE 1024
332 #elif (X509_MIN_RSA_MODULUS_SIZE < 512)
333  #error X509_MIN_RSA_MODULUS_SIZE parameter is not valid
334 #endif
335 
336 //Maximum acceptable size for RSA modulus
337 #ifndef X509_MAX_RSA_MODULUS_SIZE
338  #define X509_MAX_RSA_MODULUS_SIZE 4096
339 #elif (X509_MAX_RSA_MODULUS_SIZE < X509_MIN_RSA_MODULUS_SIZE)
340  #error X509_MAX_RSA_MODULUS_SIZE parameter is not valid
341 #endif
342 
343 //Minimum acceptable size for DSA prime modulus
344 #ifndef X509_MIN_DSA_MODULUS_SIZE
345  #define X509_MIN_DSA_MODULUS_SIZE 1024
346 #elif (X509_MIN_DSA_MODULUS_SIZE < 512)
347  #error X509_MIN_DSA_MODULUS_SIZE parameter is not valid
348 #endif
349 
350 //Maximum acceptable size for DSA prime modulus
351 #ifndef X509_MAX_DSA_MODULUS_SIZE
352  #define X509_MAX_DSA_MODULUS_SIZE 4096
353 #elif (X509_MAX_DSA_MODULUS_SIZE < X509_MIN_DSA_MODULUS_SIZE)
354  #error X509_MAX_DSA_MODULUS_SIZE parameter is not valid
355 #endif
356 
357 //Default size of serial numbers
358 #ifndef X509_SERIAL_NUMBER_SIZE
359  #define X509_SERIAL_NUMBER_SIZE 20
360 #elif (X509_SERIAL_NUMBER_SIZE < 1)
361  #error X509_SERIAL_NUMBER_SIZE parameter is not valid
362 #endif
363 
364 //Maximum number of domain components
365 #ifndef X509_MAX_DOMAIN_COMPONENTS
366  #define X509_MAX_DOMAIN_COMPONENTS 4
367 #elif (X509_MAX_DOMAIN_COMPONENTS < 1)
368  #error X509_MAX_DOMAIN_COMPONENTS parameter is not valid
369 #endif
370 
371 //Maximum number of subject alternative names
372 #ifndef X509_MAX_SUBJECT_ALT_NAMES
373  #define X509_MAX_SUBJECT_ALT_NAMES 4
374 #elif (X509_MAX_SUBJECT_ALT_NAMES < 1)
375  #error X509_MAX_SUBJECT_ALT_NAMES parameter is not valid
376 #endif
377 
378 //Maximum number of certificate issuers
379 #ifndef X509_MAX_CERT_ISSUERS
380  #define X509_MAX_CERT_ISSUERS 4
381 #elif (X509_MAX_CERT_ISSUERS < 1)
382  #error X509_MAX_CERT_ISSUERS parameter is not valid
383 #endif
384 
385 //Maximum number of CRL issuers
386 #ifndef X509_MAX_CRL_ISSUERS
387  #define X509_MAX_CRL_ISSUERS 2
388 #elif (X509_MAX_CRL_ISSUERS < 1)
389  #error X509_MAX_CRL_ISSUERS parameter is not valid
390 #endif
391 
392 //Maximum number of distribution points
393 #ifndef X509_MAX_DISTR_POINTS
394  #define X509_MAX_DISTR_POINTS 2
395 #elif (X509_MAX_DISTR_POINTS < 1)
396  #error X509_MAX_DISTR_POINTS parameter is not valid
397 #endif
398 
399 //Maximum number of full names
400 #ifndef X509_MAX_FULL_NAMES
401  #define X509_MAX_FULL_NAMES 2
402 #elif (X509_MAX_FULL_NAMES < 1)
403  #error X509_MAX_FULL_NAMES parameter is not valid
404 #endif
405 
406 //Maximum number of access descriptions
407 #ifndef X509_MAX_ACCESS_DESCRIPTIONS
408  #define X509_MAX_ACCESS_DESCRIPTIONS 2
409 #elif (X509_MAX_ACCESS_DESCRIPTIONS < 1)
410  #error X509_MAX_ACCESS_DESCRIPTIONS parameter is not valid
411 #endif
412 
413 //Maximum number of custom extensions
414 #ifndef X509_MAX_CUSTOM_EXTENSIONS
415  #define X509_MAX_CUSTOM_EXTENSIONS 2
416 #elif (X509_MAX_CUSTOM_EXTENSIONS < 1)
417  #error X509_MAX_CUSTOM_EXTENSIONS parameter is not valid
418 #endif
419 
420 //Application specific extensions
421 #ifndef X509_PRIVATE_EXTENSIONS
422  #define X509_PRIVATE_EXTENSIONS
423 #endif
424 
425 //C++ guard
426 #ifdef __cplusplus
427 extern "C" {
428 #endif
429 
430 
431 /**
432  * @brief PKCS #1 versions
433  **/
434 
435 typedef enum
436 {
437  PKCS1_VERSION_1 = 0
439 
440 
441 /**
442  * @brief PKCS #8 versions
443  **/
444 
445 typedef enum
446 {
448  PKCS8_VERSION_2 = 1
450 
451 
452 /**
453  * @brief X.509 versions
454  **/
455 
456 typedef enum
457 {
460  X509_VERSION_3 = 2
462 
463 
464 /**
465  * @brief Key usage
466  **/
467 
468 typedef enum
469 {
480 
481 
482 /**
483  * @brief Extended key usage
484  **/
485 
486 typedef enum
487 {
501  X509_EXT_KEY_USAGE_ANY = 0x00001FFF
503 
504 
505 /**
506  * @brief General name types
507  **/
508 
509 typedef enum
510 {
521 
522 
523 /**
524  * @brief Netscape certificate types
525  **/
526 
527 typedef enum
528 {
533 
534 
535 /**
536  * @brief Reason flags
537  **/
538 
539 typedef enum
540 {
551 
552 
553 /**
554  * @brief CRL reasons
555  **/
556 
557 typedef enum
558 {
570 
571 
572 /**
573  * @brief Public Key types
574  **/
575 
576 typedef enum
577 {
589 
590 
591 /**
592  * @brief Signature algorithms
593  **/
594 
595 typedef enum
596 {
606 
607 
608 /**
609  * @brief Hash algorithms
610  **/
611 
612 typedef enum
613 {
625  X509_HASH_ALGO_SM3 = 11
627 
628 
629 /**
630  * @brief String
631  **/
632 
633 typedef struct
634 {
635  const char_t *value;
636  size_t length;
637 } X509String;
638 
639 
640 /**
641  * @brief Octet string
642  **/
643 
644 typedef struct
645 {
646  const uint8_t *value;
647  size_t length;
649 
650 
651 /**
652  * @brief Serial number
653  **/
654 
655 typedef struct
656 {
657  const uint8_t *value;
658  size_t length;
660 
661 
662 /**
663  * @brief Issuer or subject name
664  **/
665 
666 typedef struct
667 {
686 } X509Name;
687 
688 
689 /**
690  * @brief Name attribute
691  **/
692 
693 typedef struct
694 {
699 
700 
701 /**
702  * @brief Validity
703  **/
704 
705 typedef struct
706 {
709 } X509Validity;
710 
711 
712 /**
713  * @brief Algorithm identifier
714  **/
715 
716 typedef struct
717 {
720 } X509AlgoId;
721 
722 
723 /**
724  * @brief RSA public key
725  **/
726 
727 typedef struct
728 {
732 
733 
734 /**
735  * @brief DSA domain parameters
736  **/
737 
738 typedef struct
739 {
744 
745 
746 /**
747  * @brief DSA public key
748  **/
749 
750 typedef struct
751 {
754 
755 
756 /**
757  * @brief EC parameters
758  **/
759 
760 typedef struct
761 {
764 
765 
766 /**
767  * @brief EC public key
768  **/
769 
770 typedef struct
771 {
774 
775 
776 /**
777  * @brief Subject Public Key Information extension
778  **/
779 
780 typedef struct
781 {
785 #if (RSA_SUPPORT == ENABLED)
787 #endif
788 #if (DSA_SUPPORT == ENABLED)
791 #endif
792 #if (EC_SUPPORT == ENABLED || ED25519_SUPPORT == ENABLED || ED448_SUPPORT == ENABLED)
795 #endif
797 
798 
799 /**
800  * @brief Basic Constraints extension
801  **/
802 
803 typedef struct
804 {
809 
810 
811 /**
812  * @brief Name Constraints extension
813  **/
814 
815 typedef struct
816 {
821 
822 
823 /**
824  * @brief Key Usage extension
825  **/
826 
827 typedef struct
828 {
830  uint16_t bitmap;
831 } X509KeyUsage;
832 
833 
834 /**
835  * @brief Extended Key Usage extension
836  **/
837 
838 typedef struct
839 {
841  uint16_t bitmap;
843 
844 
845 /**
846  * @brief General name
847  **/
848 
849 typedef struct
850 {
852  const char_t *value;
853  size_t length;
855 
856 
857 /**
858  * @brief Subject Alternative Name extension
859  **/
860 
861 typedef struct
862 {
868 
869 
870 /**
871  * @brief Subject Key Identifier extension
872  **/
873 
874 typedef struct
875 {
877  const uint8_t *value;
878  size_t length;
880 
881 
882 /**
883  * @brief Authority Key Identifier extension
884  **/
885 
886 typedef struct
887 {
890 } X509AuthKeyId;
891 
892 
893 /**
894  * @brief Distribution Point Name structure
895  **/
896 
897 typedef struct
898 {
903 
904 
905 /**
906  * @brief Distribution Point structure
907  **/
908 
909 typedef struct
910 {
912  uint16_t reasonFlags;
916 
917 
918 /**
919  * @brief CRL Distribution Points extension
920  **/
921 
922 typedef struct
923 {
929 
930 
931 /**
932  * @brief Access Description extension
933  **/
934 
935 typedef struct
936 {
940 
941 
942 /**
943  * @brief Authority Information Access extension
944  **/
945 
946 typedef struct
947 {
953 
954 
955 /**
956  * @brief PKIX OCSP No Check extension
957  **/
958 
959 typedef struct
960 {
964 
965 
966 /**
967  * @brief Netscape certificate type
968  **/
969 
970 typedef struct
971 {
973  uint8_t bitmap;
975 
976 
977 /**
978  * @brief X.509 certificate extension
979  **/
980 
981 typedef struct
982 {
986 } X509Extension;
987 
988 
989 /**
990  * @brief X.509 certificate extensions
991  **/
992 
993 typedef struct
994 {
1010 } X509Extensions;
1011 
1012 
1013 /**
1014  * @brief RSASSA-PSS parameters
1015  **/
1016 
1017 typedef struct
1018 {
1022  size_t saltLen;
1024 
1025 
1026 /**
1027  * @brief Signature algorithm identifier
1028  **/
1029 
1030 typedef struct
1031 {
1033 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
1035 #endif
1036 } X509SignAlgoId;
1037 
1038 
1039 /**
1040  * @brief TBSCertificate structure
1041  **/
1042 
1043 typedef struct
1044 {
1055 
1056 
1057 /**
1058  * @brief X.509 certificate
1059  **/
1060 
1061 typedef struct
1062 {
1066 } X509CertInfo;
1067 
1068 
1069 /**
1070  * @brief CRL Reason extension
1071  **/
1072 
1073 typedef struct
1074 {
1076  uint8_t value;
1077 } X509CrlReason;
1078 
1079 
1080 /**
1081  * @brief Invalidity Date extension
1082  **/
1083 
1084 typedef struct
1085 {
1089 
1090 
1091 /**
1092  * @brief Certificate Issuer extension
1093  **/
1094 
1095 typedef struct
1096 {
1102 
1103 
1104 /**
1105  * @brief CRL entry extensions
1106  **/
1107 
1108 typedef struct
1109 {
1115 
1116 
1117 /**
1118  * @brief Revoked certificate
1119  **/
1120 
1121 typedef struct
1122 {
1127 
1128 
1129 /**
1130  * @brief CRL number
1131  **/
1132 
1133 typedef struct
1134 {
1136  const uint8_t *value;
1137  size_t length;
1138 } X509CrlNumber;
1139 
1140 
1141 /**
1142  * @brief Delta CRL Indicator extension
1143  **/
1144 
1145 typedef struct
1146 {
1150 
1151 
1152 /**
1153  * @brief Issuing Distribution Point extension
1154  **/
1155 
1156 typedef struct
1157 {
1166 
1167 
1168 /**
1169  * @brief CRL extensions
1170  **/
1171 
1172 typedef struct
1173 {
1180 
1181 
1182 /**
1183  * @brief TBSCertList structure
1184  **/
1185 
1186 typedef struct
1187 {
1196 } X509TbsCertList;
1197 
1198 
1199 /**
1200  * @brief CRL (Certificate Revocation List)
1201  **/
1202 
1203 typedef struct
1204 {
1208 } X509CrlInfo;
1209 
1210 
1211 /**
1212  * @brief PKCS #9 ChallengePassword attribute
1213  **/
1214 
1215 typedef struct
1216 {
1217  const char_t *value;
1218  size_t length;
1220 
1221 
1222 /**
1223  * @brief CSR attribute
1224  **/
1225 
1226 typedef struct
1227 {
1230 } X509Attribute;
1231 
1232 
1233 /**
1234  * @brief CSR attributes
1235  **/
1236 
1237 typedef struct
1238 {
1242 } X509Attributes;
1243 
1244 
1245 /**
1246  * @brief CertificationRequestInfo structure
1247  **/
1248 
1249 typedef struct
1250 {
1257 
1258 
1259 /**
1260  * @brief CSR (Certificate Signing Request)
1261  **/
1262 
1263 typedef struct
1264 {
1268 } X509CsrInfo;
1269 
1270 
1271 //X.509 related constants
1272 extern const uint8_t X509_COMMON_NAME_OID[3];
1273 extern const uint8_t X509_SURNAME_OID[3];
1274 extern const uint8_t X509_SERIAL_NUMBER_OID[3];
1275 extern const uint8_t X509_COUNTRY_NAME_OID[3];
1276 extern const uint8_t X509_LOCALITY_NAME_OID[3];
1277 extern const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[3];
1278 extern const uint8_t X509_ORGANIZATION_NAME_OID[3];
1279 extern const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3];
1280 extern const uint8_t X509_TITLE_OID[3];
1281 extern const uint8_t X509_NAME_OID[3];
1282 extern const uint8_t X509_GIVEN_NAME_OID[3];
1283 extern const uint8_t X509_INITIALS_OID[3];
1284 extern const uint8_t X509_GENERATION_QUALIFIER_OID[3];
1285 extern const uint8_t X509_DN_QUALIFIER_OID[3];
1286 extern const uint8_t X509_PSEUDONYM_OID[3];
1287 extern const uint8_t X509_DOMAIN_COMPONENT_OID[10];
1288 
1289 extern const uint8_t X509_SUBJECT_DIR_ATTR_OID[3];
1290 extern const uint8_t X509_SUBJECT_KEY_ID_OID[3];
1291 extern const uint8_t X509_KEY_USAGE_OID[3];
1292 extern const uint8_t X509_SUBJECT_ALT_NAME_OID[3];
1293 extern const uint8_t X509_ISSUER_ALT_NAME_OID[3];
1294 extern const uint8_t X509_BASIC_CONSTRAINTS_OID[3];
1295 extern const uint8_t X509_CRL_NUMBER_OID[3];
1296 extern const uint8_t X509_REASON_CODE_OID[3];
1297 extern const uint8_t X509_INVALIDITY_DATE_OID[3];
1298 extern const uint8_t X509_DELTA_CRL_INDICATOR_OID[3];
1299 extern const uint8_t X509_ISSUING_DISTR_POINT_OID[3];
1300 extern const uint8_t X509_CERTIFICATE_ISSUER_OID[3];
1301 extern const uint8_t X509_NAME_CONSTRAINTS_OID[3];
1302 extern const uint8_t X509_CRL_DISTR_POINTS_OID[3];
1303 extern const uint8_t X509_CERTIFICATE_POLICIES_OID[3];
1304 extern const uint8_t X509_POLICY_MAPPINGS_OID[3];
1305 extern const uint8_t X509_AUTHORITY_KEY_ID_OID[3];
1306 extern const uint8_t X509_POLICY_CONSTRAINTS_OID[3];
1307 extern const uint8_t X509_EXTENDED_KEY_USAGE_OID[3];
1308 extern const uint8_t X509_FRESHEST_CRL_OID[3];
1309 extern const uint8_t X509_INHIBIT_ANY_POLICY_OID[3];
1310 extern const uint8_t X509_AUTH_INFO_ACCESS_OID[8];
1311 extern const uint8_t X509_PKIX_OCSP_NO_CHECK_OID[9];
1312 extern const uint8_t X509_NS_CERT_TYPE_OID[9];
1313 
1314 extern const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4];
1315 extern const uint8_t X509_KP_SERVER_AUTH_OID[8];
1316 extern const uint8_t X509_KP_CLIENT_AUTH_OID[8];
1317 extern const uint8_t X509_KP_CODE_SIGNING_OID[8];
1318 extern const uint8_t X509_KP_EMAIL_PROTECTION_OID[8];
1319 extern const uint8_t X509_KP_IPSEC_END_SYSTEM_OID[8];
1320 extern const uint8_t X509_KP_IPSEC_TUNNEL_OID[8];
1321 extern const uint8_t X509_KP_IPSEC_USER_OID[8];
1322 extern const uint8_t X509_KP_TIME_STAMPING_OID[8];
1323 extern const uint8_t X509_KP_OCSP_SIGNING_OID[8];
1324 extern const uint8_t X509_KP_IPSEC_IKE_OID[8];
1325 extern const uint8_t X509_KP_SSH_CLIENT_OID[8];
1326 extern const uint8_t X509_KP_SSH_SERVER_OID[8];
1327 extern const uint8_t X509_KP_DOC_SIGNING_OID[8];
1328 
1329 extern const uint8_t X509_AD_CA_ISSUERS[8];
1330 extern const uint8_t X509_AD_OCSP[8];
1331 
1332 extern const uint8_t X509_CHALLENGE_PASSWORD_OID[9];
1333 extern const uint8_t X509_EXTENSION_REQUEST_OID[9];
1334 
1335 //X.509 related functions
1338 
1339 error_t x509GetSignHashAlgo(const X509SignAlgoId *signAlgoId,
1340  X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo);
1341 
1342 X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length);
1343 const EcCurveInfo *x509GetCurveInfo(const uint8_t *oid, size_t length);
1344 
1345 //C++ guard
1346 #ifdef __cplusplus
1347 }
1348 #endif
1349 
1350 #endif
signed int int_t
Definition: compiler_port.h:49
unsigned int uint_t
Definition: compiler_port.h:50
char char_t
Definition: compiler_port.h:48
int bool_t
Definition: compiler_port.h:53
General definitions for cryptographic algorithms.
Date and time management.
DSA (Digital Signature Algorithm)
ECDSA (Elliptic Curve Digital Signature Algorithm)
EdDSA (Edwards-Curve Digital Signature Algorithm)
error_t
Error codes.
Definition: error.h:43
uint8_t oid[]
Definition: lldp_tlv.h:298
RSA public-key cryptography standard.
Date and time representation.
Definition: date_time.h:47
Elliptic curve parameters.
Definition: ec_curves.h:300
Common interface for hash algorithms.
Definition: crypto.h:1007
Access Description extension.
Definition: x509_common.h:936
X509GeneralName accessLocation
Definition: x509_common.h:938
X509OctetString accessMethod
Definition: x509_common.h:937
Algorithm identifier.
Definition: x509_common.h:717
X509OctetString oid
Definition: x509_common.h:718
X509OctetString params
Definition: x509_common.h:719
CSR attribute.
Definition: x509_common.h:1227
X509OctetString data
Definition: x509_common.h:1229
X509OctetString oid
Definition: x509_common.h:1228
CSR attributes.
Definition: x509_common.h:1238
X509OctetString raw
Definition: x509_common.h:1239
X509Extensions extensionReq
Definition: x509_common.h:1241
X509ChallengePassword challengePwd
Definition: x509_common.h:1240
Authority Information Access extension.
Definition: x509_common.h:947
uint_t numAccessDescriptions
Definition: x509_common.h:950
X509OctetString raw
Definition: x509_common.h:949
Authority Key Identifier extension.
Definition: x509_common.h:887
bool_t critical
Definition: x509_common.h:888
X509OctetString keyId
Definition: x509_common.h:889
Basic Constraints extension.
Definition: x509_common.h:804
X.509 certificate.
Definition: x509_common.h:1062
X509OctetString signatureValue
Definition: x509_common.h:1065
X509SignAlgoId signatureAlgo
Definition: x509_common.h:1064
X509TbsCertificate tbsCert
Definition: x509_common.h:1063
CertificationRequestInfo structure.
Definition: x509_common.h:1250
X509Version version
Definition: x509_common.h:1252
X509OctetString raw
Definition: x509_common.h:1251
X509Attributes attributes
Definition: x509_common.h:1255
X509SubjectPublicKeyInfo subjectPublicKeyInfo
Definition: x509_common.h:1254
Certificate Issuer extension.
Definition: x509_common.h:1096
X509OctetString raw
Definition: x509_common.h:1098
PKCS #9 ChallengePassword attribute.
Definition: x509_common.h:1216
const char_t * value
Definition: x509_common.h:1217
CRL Distribution Points extension.
Definition: x509_common.h:923
X509OctetString raw
Definition: x509_common.h:925
CRL entry extensions.
Definition: x509_common.h:1109
X509CertificateIssuer certIssuer
Definition: x509_common.h:1113
X509OctetString raw
Definition: x509_common.h:1110
X509InvalidityDate invalidityDate
Definition: x509_common.h:1112
X509CrlReason reasonCode
Definition: x509_common.h:1111
CRL extensions.
Definition: x509_common.h:1173
X509OctetString raw
Definition: x509_common.h:1174
X509DeltaCrlIndicator deltaCrlIndicator
Definition: x509_common.h:1176
X509CrlNumber crlNumber
Definition: x509_common.h:1175
X509AuthKeyId authKeyId
Definition: x509_common.h:1178
X509IssuingDistrPoint issuingDistrPoint
Definition: x509_common.h:1177
CRL (Certificate Revocation List)
Definition: x509_common.h:1204
X509TbsCertList tbsCertList
Definition: x509_common.h:1205
X509OctetString signatureValue
Definition: x509_common.h:1207
X509SignAlgoId signatureAlgo
Definition: x509_common.h:1206
CRL number.
Definition: x509_common.h:1134
const uint8_t * value
Definition: x509_common.h:1136
CRL Reason extension.
Definition: x509_common.h:1074
CSR (Certificate Signing Request)
Definition: x509_common.h:1264
X509CertRequestInfo certReqInfo
Definition: x509_common.h:1265
X509OctetString signatureValue
Definition: x509_common.h:1267
X509SignAlgoId signatureAlgo
Definition: x509_common.h:1266
Delta CRL Indicator extension.
Definition: x509_common.h:1146
X509OctetString baseCrlNumber
Definition: x509_common.h:1148
Distribution Point structure.
Definition: x509_common.h:910
X509DistrPointName distrPointName
Definition: x509_common.h:911
uint_t numCrlIssuers
Definition: x509_common.h:913
uint16_t reasonFlags
Definition: x509_common.h:912
Distribution Point Name structure.
Definition: x509_common.h:898
X509NameAttribute relativeName
Definition: x509_common.h:901
DSA domain parameters.
Definition: x509_common.h:739
X509OctetString p
Definition: x509_common.h:740
X509OctetString q
Definition: x509_common.h:741
X509OctetString g
Definition: x509_common.h:742
DSA public key.
Definition: x509_common.h:751
X509OctetString y
Definition: x509_common.h:752
EC parameters.
Definition: x509_common.h:761
X509OctetString namedCurve
Definition: x509_common.h:762
EC public key.
Definition: x509_common.h:771
X509OctetString q
Definition: x509_common.h:772
Extended Key Usage extension.
Definition: x509_common.h:839
X.509 certificate extension.
Definition: x509_common.h:982
X509OctetString data
Definition: x509_common.h:985
bool_t critical
Definition: x509_common.h:984
X509OctetString oid
Definition: x509_common.h:983
X.509 certificate extensions.
Definition: x509_common.h:994
X509CrlDistrPoints crlDistrPoints
Definition: x509_common.h:1003
X509KeyUsage keyUsage
Definition: x509_common.h:998
X509NsCertType nsCertType
Definition: x509_common.h:1006
X509SubjectKeyId subjectKeyId
Definition: x509_common.h:1001
X509OctetString raw
Definition: x509_common.h:995
X509BasicConstraints basicConstraints
Definition: x509_common.h:996
uint_t numCustomExtensions
Definition: x509_common.h:1007
X509ExtendedKeyUsage extKeyUsage
Definition: x509_common.h:999
X509SubjectAltName subjectAltName
Definition: x509_common.h:1000
X509PkixOcspNoCheck pkixOcspNoCheck
Definition: x509_common.h:1005
X509AuthInfoAccess authInfoAccess
Definition: x509_common.h:1004
X509NameConstraints nameConstraints
Definition: x509_common.h:997
X509AuthKeyId authKeyId
Definition: x509_common.h:1002
General name.
Definition: x509_common.h:850
X509GeneralNameType type
Definition: x509_common.h:851
const char_t * value
Definition: x509_common.h:852
Invalidity Date extension.
Definition: x509_common.h:1085
Issuing Distribution Point extension.
Definition: x509_common.h:1157
X509DistrPointName distributionPoint
Definition: x509_common.h:1159
bool_t onlyContainsAttributeCerts
Definition: x509_common.h:1164
Key Usage extension.
Definition: x509_common.h:828
uint16_t bitmap
Definition: x509_common.h:830
bool_t critical
Definition: x509_common.h:829
Name attribute.
Definition: x509_common.h:694
X509String data
Definition: x509_common.h:697
X509OctetString oid
Definition: x509_common.h:695
Name Constraints extension.
Definition: x509_common.h:816
X509OctetString excludedSubtrees
Definition: x509_common.h:819
X509OctetString permittedSubtrees
Definition: x509_common.h:818
Issuer or subject name.
Definition: x509_common.h:667
X509String organizationName
Definition: x509_common.h:675
uint_t numDomainComponents
Definition: x509_common.h:684
X509String name
Definition: x509_common.h:678
X509String organizationalUnitName
Definition: x509_common.h:676
X509OctetString raw
Definition: x509_common.h:668
X509String serialNumber
Definition: x509_common.h:671
X509String countryName
Definition: x509_common.h:672
X509String commonName
Definition: x509_common.h:669
X509String initials
Definition: x509_common.h:680
X509String generationQualifier
Definition: x509_common.h:681
X509String title
Definition: x509_common.h:677
X509String dnQualifier
Definition: x509_common.h:682
X509String surname
Definition: x509_common.h:670
X509String localityName
Definition: x509_common.h:673
X509String givenName
Definition: x509_common.h:679
X509String pseudonym
Definition: x509_common.h:683
X509String stateOrProvinceName
Definition: x509_common.h:674
Netscape certificate type.
Definition: x509_common.h:971
uint8_t bitmap
Definition: x509_common.h:973
Octet string.
Definition: x509_common.h:645
const uint8_t * value
Definition: x509_common.h:646
PKIX OCSP No Check extension.
Definition: x509_common.h:960
Revoked certificate.
Definition: x509_common.h:1122
X509SerialNumber userCert
Definition: x509_common.h:1123
X509CrlEntryExtensions crlEntryExtensions
Definition: x509_common.h:1125
RSASSA-PSS parameters.
Definition: x509_common.h:1018
X509OctetString maskGenHashAlgo
Definition: x509_common.h:1021
X509OctetString hashAlgo
Definition: x509_common.h:1019
X509OctetString maskGenAlgo
Definition: x509_common.h:1020
RSA public key.
Definition: x509_common.h:728
X509OctetString n
Definition: x509_common.h:729
X509OctetString e
Definition: x509_common.h:730
Serial number.
Definition: x509_common.h:656
const uint8_t * value
Definition: x509_common.h:657
Signature algorithm identifier.
Definition: x509_common.h:1031
X509OctetString oid
Definition: x509_common.h:1032
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:1034
String.
Definition: x509_common.h:634
const char_t * value
Definition: x509_common.h:635
size_t length
Definition: x509_common.h:636
Subject Alternative Name extension.
Definition: x509_common.h:862
X509OctetString raw
Definition: x509_common.h:864
Subject Key Identifier extension.
Definition: x509_common.h:875
const uint8_t * value
Definition: x509_common.h:877
Subject Public Key Information extension.
Definition: x509_common.h:781
X509RsaPublicKey rsaPublicKey
Definition: x509_common.h:786
X509OctetString rawSubjectPublicKey
Definition: x509_common.h:784
X509DsaPublicKey dsaPublicKey
Definition: x509_common.h:790
X509OctetString raw
Definition: x509_common.h:782
X509EcPublicKey ecPublicKey
Definition: x509_common.h:794
X509OctetString oid
Definition: x509_common.h:783
X509DsaParameters dsaParams
Definition: x509_common.h:789
X509EcParameters ecParams
Definition: x509_common.h:793
TBSCertList structure.
Definition: x509_common.h:1187
X509Version version
Definition: x509_common.h:1189
DateTime thisUpdate
Definition: x509_common.h:1192
X509OctetString raw
Definition: x509_common.h:1188
X509CrlExtensions crlExtensions
Definition: x509_common.h:1195
DateTime nextUpdate
Definition: x509_common.h:1193
X509OctetString revokedCerts
Definition: x509_common.h:1194
X509SignAlgoId signatureAlgo
Definition: x509_common.h:1190
TBSCertificate structure.
Definition: x509_common.h:1044
X509Version version
Definition: x509_common.h:1046
X509Extensions extensions
Definition: x509_common.h:1053
X509OctetString raw
Definition: x509_common.h:1045
X509Validity validity
Definition: x509_common.h:1050
X509SerialNumber serialNumber
Definition: x509_common.h:1047
X509SubjectPublicKeyInfo subjectPublicKeyInfo
Definition: x509_common.h:1052
X509SignAlgoId signatureAlgo
Definition: x509_common.h:1048
Validity.
Definition: x509_common.h:706
DateTime notAfter
Definition: x509_common.h:708
DateTime notBefore
Definition: x509_common.h:707
uint8_t length
Definition: tcp.h:366
const uint8_t X509_SUBJECT_KEY_ID_OID[3]
Definition: x509_common.c:81
error_t x509GetSignHashAlgo(const X509SignAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
Definition: x509_common.c:340
const uint8_t X509_LOCALITY_NAME_OID[3]
Definition: x509_common.c:54
const uint8_t X509_CERTIFICATE_ISSUER_OID[3]
Definition: x509_common.c:101
X509ExtKeyUsageBitmap
Extended key usage.
Definition: x509_common.h:487
@ X509_EXT_KEY_USAGE_DOC_SIGNING
Definition: x509_common.h:500
@ X509_EXT_KEY_USAGE_IPSEC_IKE
Definition: x509_common.h:497
@ X509_EXT_KEY_USAGE_TIME_STAMPING
Definition: x509_common.h:495
@ X509_EXT_KEY_USAGE_IPSEC_END_SYSTEM
Definition: x509_common.h:492
@ X509_EXT_KEY_USAGE_SERVER_AUTH
Definition: x509_common.h:488
@ X509_EXT_KEY_USAGE_CODE_SIGNING
Definition: x509_common.h:490
@ X509_EXT_KEY_USAGE_IPSEC_USER
Definition: x509_common.h:494
@ X509_EXT_KEY_USAGE_ANY
Definition: x509_common.h:501
@ X509_EXT_KEY_USAGE_OCSP_SIGNING
Definition: x509_common.h:496
@ X509_EXT_KEY_USAGE_IPSEC_TUNNEL
Definition: x509_common.h:493
@ X509_EXT_KEY_USAGE_SSH_CLIENT
Definition: x509_common.h:498
@ X509_EXT_KEY_USAGE_EMAIL_PROTECTION
Definition: x509_common.h:491
@ X509_EXT_KEY_USAGE_CLIENT_AUTH
Definition: x509_common.h:489
@ X509_EXT_KEY_USAGE_SSH_SERVER
Definition: x509_common.h:499
const uint8_t X509_NAME_CONSTRAINTS_OID[3]
Definition: x509_common.c:103
const uint8_t X509_PKIX_OCSP_NO_CHECK_OID[9]
Definition: x509_common.c:123
const uint8_t X509_KP_CODE_SIGNING_OID[8]
Definition: x509_common.c:134
const uint8_t X509_NS_CERT_TYPE_OID[9]
Definition: x509_common.c:125
#define X509_MAX_CRL_ISSUERS
Definition: x509_common.h:387
X509NsCertTypeBitmap
Netscape certificate types.
Definition: x509_common.h:528
@ X509_NS_CERT_TYPE_SSL_CA
Definition: x509_common.h:531
@ X509_NS_CERT_TYPE_SSL_SERVER
Definition: x509_common.h:530
@ X509_NS_CERT_TYPE_SSL_CLIENT
Definition: x509_common.h:529
const uint8_t X509_COMMON_NAME_OID[3]
Definition: x509_common.c:46
const uint8_t X509_ISSUER_ALT_NAME_OID[3]
Definition: x509_common.c:87
X509CrlReasons
CRL reasons.
Definition: x509_common.h:558
@ X509_CRL_REASON_PRIVILEGE_WITHDRAWN
Definition: x509_common.h:567
@ X509_CRL_REASON_AA_COMPROMISE
Definition: x509_common.h:568
@ X509_CRL_REASON_CESSATION_OF_OPERATION
Definition: x509_common.h:564
@ X509_CRL_REASON_UNSPECIFIED
Definition: x509_common.h:559
@ X509_CRL_REASON_CERTIFICATE_HOLD
Definition: x509_common.h:565
@ X509_CRL_REASON_SUPERSEDED
Definition: x509_common.h:563
@ X509_CRL_REMOVE_FROM_CRL
Definition: x509_common.h:566
@ X509_CRL_REASON_AFFILIATION_CHANGED
Definition: x509_common.h:562
@ X509_CRL_REASON_CA_COMPROMISE
Definition: x509_common.h:561
@ X509_CRL_REASON_KEY_COMPROMISE
Definition: x509_common.h:560
const uint8_t X509_COUNTRY_NAME_OID[3]
Definition: x509_common.c:52
X509KeyUsageBitmap
Key usage.
Definition: x509_common.h:469
@ X509_KEY_USAGE_KEY_ENCIPHERMENT
Definition: x509_common.h:472
@ X509_KEY_USAGE_DIGITAL_SIGNATURE
Definition: x509_common.h:470
@ X509_KEY_USAGE_KEY_CERT_SIGN
Definition: x509_common.h:475
@ X509_KEY_USAGE_ENCIPHER_ONLY
Definition: x509_common.h:477
@ X509_KEY_USAGE_DATA_ENCIPHERMENT
Definition: x509_common.h:473
@ X509_KEY_USAGE_DECIPHER_ONLY
Definition: x509_common.h:478
@ X509_KEY_USAGE_NON_REPUDIATION
Definition: x509_common.h:471
@ X509_KEY_USAGE_KEY_AGREEMENT
Definition: x509_common.h:474
@ X509_KEY_USAGE_CRL_SIGN
Definition: x509_common.h:476
X509Version
X.509 versions.
Definition: x509_common.h:457
@ X509_VERSION_1
Definition: x509_common.h:458
@ X509_VERSION_2
Definition: x509_common.h:459
@ X509_VERSION_3
Definition: x509_common.h:460
const uint8_t X509_BASIC_CONSTRAINTS_OID[3]
Definition: x509_common.c:89
const uint8_t X509_SERIAL_NUMBER_OID[3]
Definition: x509_common.c:50
const uint8_t X509_SUBJECT_DIR_ATTR_OID[3]
Definition: x509_common.c:79
const uint8_t X509_SUBJECT_ALT_NAME_OID[3]
Definition: x509_common.c:85
X509ReasonFlags
Reason flags.
Definition: x509_common.h:540
@ X509_REASON_FLAGS_AA_COMPROMISE
Definition: x509_common.h:549
@ X509_REASON_FLAGS_KEY_COMPROMISE
Definition: x509_common.h:542
@ X509_REASON_FLAGS_SUPERSEDED
Definition: x509_common.h:545
@ X509_REASON_FLAGS_PRIVILEGE_WITHDRAWN
Definition: x509_common.h:548
@ X509_REASON_FLAGS_CESSATION_OF_OPERATION
Definition: x509_common.h:546
@ X509_REASON_FLAGS_CA_COMPROMISE
Definition: x509_common.h:543
@ X509_REASON_FLAGS_UNUSED
Definition: x509_common.h:541
@ X509_REASON_FLAGS_CERTIFICATE_HOLD
Definition: x509_common.h:547
@ X509_REASON_FLAGS_AFFILIATION_CHANGED
Definition: x509_common.h:544
const uint8_t X509_ORGANIZATIONAL_UNIT_NAME_OID[3]
Definition: x509_common.c:60
const uint8_t X509_KP_EMAIL_PROTECTION_OID[8]
Definition: x509_common.c:136
const uint8_t X509_STATE_OR_PROVINCE_NAME_OID[3]
Definition: x509_common.c:56
Pkcs1Version
PKCS #1 versions.
Definition: x509_common.h:436
@ PKCS1_VERSION_1
Definition: x509_common.h:437
const uint8_t X509_ANY_EXT_KEY_USAGE_OID[4]
Definition: x509_common.c:128
X509GeneralNameType
General name types.
Definition: x509_common.h:510
@ X509_GENERAL_NAME_TYPE_DNS
Definition: x509_common.h:513
@ X509_GENERAL_NAME_TYPE_IP_ADDRESS
Definition: x509_common.h:518
@ X509_GENERAL_NAME_TYPE_RFC822
Definition: x509_common.h:512
@ X509_GENERAL_NAME_TYPE_EDI_PARTY
Definition: x509_common.h:516
@ X509_GENERAL_NAME_TYPE_DIRECTORY
Definition: x509_common.h:515
@ X509_GENERAL_NAME_TYPE_URI
Definition: x509_common.h:517
@ X509_GENERAL_NAME_TYPE_REGISTERED_ID
Definition: x509_common.h:519
@ X509_GENERAL_NAME_TYPE_OTHER
Definition: x509_common.h:511
@ X509_GENERAL_NAME_TYPE_X400_ADDRESS
Definition: x509_common.h:514
X509HashAlgo
Hash algorithms.
Definition: x509_common.h:613
@ X509_HASH_ALGO_SHA256
Definition: x509_common.h:618
@ X509_HASH_ALGO_SM3
Definition: x509_common.h:625
@ X509_HASH_ALGO_SHA3_256
Definition: x509_common.h:622
@ X509_HASH_ALGO_MD5
Definition: x509_common.h:615
@ X509_HASH_ALGO_SHA512
Definition: x509_common.h:620
@ X509_HASH_ALGO_SHA3_512
Definition: x509_common.h:624
@ X509_HASH_ALGO_SHA224
Definition: x509_common.h:617
@ X509_HASH_ALGO_SHA3_384
Definition: x509_common.h:623
@ X509_HASH_ALGO_NONE
Definition: x509_common.h:614
@ X509_HASH_ALGO_SHA384
Definition: x509_common.h:619
@ X509_HASH_ALGO_SHA1
Definition: x509_common.h:616
@ X509_HASH_ALGO_SHA3_224
Definition: x509_common.h:621
const uint8_t X509_KP_IPSEC_TUNNEL_OID[8]
Definition: x509_common.c:140
const uint8_t X509_INITIALS_OID[3]
Definition: x509_common.c:68
const uint8_t X509_GIVEN_NAME_OID[3]
Definition: x509_common.c:66
const EcCurveInfo * x509GetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: x509_common.c:863
const uint8_t X509_KP_SSH_CLIENT_OID[8]
Definition: x509_common.c:150
#define X509_MAX_CERT_ISSUERS
Definition: x509_common.h:380
const uint8_t X509_DN_QUALIFIER_OID[3]
Definition: x509_common.c:72
const uint8_t X509_DELTA_CRL_INDICATOR_OID[3]
Definition: x509_common.c:97
const uint8_t X509_KP_CLIENT_AUTH_OID[8]
Definition: x509_common.c:132
const uint8_t X509_AD_CA_ISSUERS[8]
Definition: x509_common.c:157
const uint8_t X509_KP_SSH_SERVER_OID[8]
Definition: x509_common.c:152
const uint8_t X509_EXTENSION_REQUEST_OID[9]
Definition: x509_common.c:164
#define X509_MAX_ACCESS_DESCRIPTIONS
Definition: x509_common.h:408
const uint8_t X509_INVALIDITY_DATE_OID[3]
Definition: x509_common.c:95
const uint8_t X509_KP_IPSEC_IKE_OID[8]
Definition: x509_common.c:148
const uint8_t X509_EXTENDED_KEY_USAGE_OID[3]
Definition: x509_common.c:115
const uint8_t X509_SURNAME_OID[3]
Definition: x509_common.c:48
const uint8_t X509_POLICY_MAPPINGS_OID[3]
Definition: x509_common.c:109
const uint8_t X509_ISSUING_DISTR_POINT_OID[3]
Definition: x509_common.c:99
const uint8_t X509_KP_IPSEC_END_SYSTEM_OID[8]
Definition: x509_common.c:138
const uint8_t X509_DOMAIN_COMPONENT_OID[10]
Definition: x509_common.c:76
#define X509_MAX_FULL_NAMES
Definition: x509_common.h:401
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
Definition: x509_common.c:173
Pkcs8Version
PKCS #8 versions.
Definition: x509_common.h:446
@ PKCS8_VERSION_2
Definition: x509_common.h:448
@ PKCS8_VERSION_1
Definition: x509_common.h:447
const uint8_t X509_KEY_USAGE_OID[3]
Definition: x509_common.c:83
const uint8_t X509_CRL_NUMBER_OID[3]
Definition: x509_common.c:91
const uint8_t X509_KP_IPSEC_USER_OID[8]
Definition: x509_common.c:142
#define X509_MAX_CUSTOM_EXTENSIONS
Definition: x509_common.h:415
const uint8_t X509_ORGANIZATION_NAME_OID[3]
Definition: x509_common.c:58
const uint8_t X509_AD_OCSP[8]
Definition: x509_common.c:159
const uint8_t X509_CHALLENGE_PASSWORD_OID[9]
Definition: x509_common.c:162
const uint8_t X509_PSEUDONYM_OID[3]
Definition: x509_common.c:74
X509SignatureAlgo
Signature algorithms.
Definition: x509_common.h:596
@ X509_SIGN_ALGO_ED448
Definition: x509_common.h:604
@ X509_SIGN_ALGO_ED25519
Definition: x509_common.h:603
@ X509_SIGN_ALGO_SM2
Definition: x509_common.h:602
@ X509_SIGN_ALGO_RSA
Definition: x509_common.h:598
@ X509_SIGN_ALGO_DSA
Definition: x509_common.h:600
@ X509_SIGN_ALGO_ECDSA
Definition: x509_common.h:601
@ X509_SIGN_ALGO_RSA_PSS
Definition: x509_common.h:599
@ X509_SIGN_ALGO_NONE
Definition: x509_common.h:597
const uint8_t X509_KP_DOC_SIGNING_OID[8]
Definition: x509_common.c:154
#define X509_PRIVATE_EXTENSIONS
Definition: x509_common.h:422
const uint8_t X509_INHIBIT_ANY_POLICY_OID[3]
Definition: x509_common.c:119
X509KeyType
Public Key types.
Definition: x509_common.h:577
@ X509_KEY_TYPE_X25519
Definition: x509_common.h:584
@ X509_KEY_TYPE_X448
Definition: x509_common.h:586
@ X509_KEY_TYPE_DSA
Definition: x509_common.h:581
@ X509_KEY_TYPE_RSA_PSS
Definition: x509_common.h:580
@ X509_KEY_TYPE_UNKNOWN
Definition: x509_common.h:578
@ X509_KEY_TYPE_SM2
Definition: x509_common.h:583
@ X509_KEY_TYPE_RSA
Definition: x509_common.h:579
@ X509_KEY_TYPE_ED25519
Definition: x509_common.h:585
@ X509_KEY_TYPE_ED448
Definition: x509_common.h:587
@ X509_KEY_TYPE_EC
Definition: x509_common.h:582
const uint8_t X509_KP_OCSP_SIGNING_OID[8]
Definition: x509_common.c:146
#define X509_MAX_SUBJECT_ALT_NAMES
Definition: x509_common.h:373
const uint8_t X509_CRL_DISTR_POINTS_OID[3]
Definition: x509_common.c:105
const uint8_t X509_POLICY_CONSTRAINTS_OID[3]
Definition: x509_common.c:113
X509KeyType x509GetPublicKeyType(const uint8_t *oid, size_t length)
Get the public key type that matches the specified OID.
Definition: x509_common.c:782
const uint8_t X509_AUTH_INFO_ACCESS_OID[8]
Definition: x509_common.c:121
const uint8_t X509_REASON_CODE_OID[3]
Definition: x509_common.c:93
const uint8_t X509_AUTHORITY_KEY_ID_OID[3]
Definition: x509_common.c:111
#define X509_MAX_DOMAIN_COMPONENTS
Definition: x509_common.h:366
const uint8_t X509_KP_SERVER_AUTH_OID[8]
Definition: x509_common.c:130
const uint8_t X509_FRESHEST_CRL_OID[3]
Definition: x509_common.c:117
const uint8_t X509_CERTIFICATE_POLICIES_OID[3]
Definition: x509_common.c:107
const uint8_t X509_KP_TIME_STAMPING_OID[8]
Definition: x509_common.c:144
const uint8_t X509_NAME_OID[3]
Definition: x509_common.c:64
const uint8_t X509_GENERATION_QUALIFIER_OID[3]
Definition: x509_common.c:70
#define X509_MAX_DISTR_POINTS
Definition: x509_common.h:394
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
Definition: x509_common.c:241
const uint8_t X509_TITLE_OID[3]
Definition: x509_common.c:62