Gitiles
Code Review Sign In
192.168.1.100 / R306 / 1287788b29ff3df8561e18d63a3dc03b0ec2b272 / . / ap / lib / libwolfssl / install / include / wolfssl / wolfcrypt / asn.h
blob: d46cbbddd6a981b2e2bb7f6ecb994883df42b697 [file] [log] [blame]
yuezonghe824eb0c2024-06-27 02:32:26 -0700[diff] [blame]1/* asn.h
2 *
3 * Copyright (C) 2006-2021 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22/*!
23 \file wolfssl/wolfcrypt/asn.h
24*/
25
26/*
27
28DESCRIPTION
29This library provides the interface to Abstract Syntax Notation One (ASN.1) objects.
30ASN.1 is a standard interface description language for defining data structures
31that can be serialized and deserialized in a cross-platform way.
32
33*/
34#ifndef WOLF_CRYPT_ASN_H
35#define WOLF_CRYPT_ASN_H
36
37#include <wolfssl/wolfcrypt/types.h>
38
39#ifndef NO_ASN
40
41
42#if !defined(NO_ASN_TIME) && defined(NO_TIME_H)
43 #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */
44#endif
45
46#include <wolfssl/wolfcrypt/integer.h>
47
48/* fips declare of RsaPrivateKeyDecode @wc_fips */
49#if defined(HAVE_FIPS) && !defined(NO_RSA) && \
50 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
51 #include <cyassl/ctaocrypt/rsa.h>
52#endif
53
54#ifndef NO_DH
55 #include <wolfssl/wolfcrypt/dh.h>
56#endif
57#ifndef NO_DSA
58 #include <wolfssl/wolfcrypt/dsa.h>
59#endif
60#ifndef NO_SHA
61 #include <wolfssl/wolfcrypt/sha.h>
62#endif
63#ifndef NO_MD5
64 #include <wolfssl/wolfcrypt/md5.h>
65#endif
66#include <wolfssl/wolfcrypt/sha256.h>
67#include <wolfssl/wolfcrypt/asn_public.h> /* public interface */
68
69#if defined(NO_SHA) && defined(NO_SHA256)
70 #define WC_SHA256_DIGEST_SIZE 32
71#endif
72
73#ifdef __cplusplus
74 extern "C" {
75#endif
76
77#ifndef EXTERNAL_SERIAL_SIZE
78 #define EXTERNAL_SERIAL_SIZE 32
79#endif
80
81enum {
82 ISSUER = 0,
83 SUBJECT = 1,
84
85 BEFORE = 0,
86 AFTER = 1
87};
88
89/* ASN Tags */
90enum ASN_Tags {
91 ASN_EOC = 0x00,
92 ASN_BOOLEAN = 0x01,
93 ASN_INTEGER = 0x02,
94 ASN_BIT_STRING = 0x03,
95 ASN_OCTET_STRING = 0x04,
96 ASN_TAG_NULL = 0x05,
97 ASN_OBJECT_ID = 0x06,
98 ASN_ENUMERATED = 0x0a,
99 ASN_UTF8STRING = 0x0c,
100 ASN_SEQUENCE = 0x10,
101 ASN_SET = 0x11,
102 ASN_PRINTABLE_STRING = 0x13,
103 ASN_IA5_STRING = 0x16,
104 ASN_UTC_TIME = 0x17,
105 ASN_OTHER_TYPE = 0x00,
106 ASN_RFC822_TYPE = 0x01,
107 ASN_DNS_TYPE = 0x02,
108 ASN_DIR_TYPE = 0x04,
109 ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */
110 ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */
111 ASN_GENERALIZED_TIME = 0x18,
112 CRL_EXTENSIONS = 0xa0,
113 ASN_EXTENSIONS = 0xa3,
114 ASN_LONG_LENGTH = 0x80,
115 ASN_INDEF_LENGTH = 0x80,
116
117 /* ASN_Flags - Bitmask */
118 ASN_CONSTRUCTED = 0x20,
119 ASN_APPLICATION = 0x40,
120 ASN_CONTEXT_SPECIFIC = 0x80,
121};
122
123#define ASN_UTC_TIME_SIZE 14
124#define ASN_GENERALIZED_TIME_SIZE 16
125#define ASN_GENERALIZED_TIME_MAX 68
126
127enum DN_Tags {
128 ASN_DN_NULL = 0x00,
129 ASN_COMMON_NAME = 0x03, /* CN */
130 ASN_SUR_NAME = 0x04, /* SN */
131 ASN_SERIAL_NUMBER = 0x05, /* serialNumber */
132 ASN_COUNTRY_NAME = 0x06, /* C */
133 ASN_LOCALITY_NAME = 0x07, /* L */
134 ASN_STATE_NAME = 0x08, /* ST */
135 ASN_ORG_NAME = 0x0a, /* O */
136 ASN_ORGUNIT_NAME = 0x0b, /* OU */
137 ASN_BUS_CAT = 0x0f, /* businessCategory */
138 ASN_EMAIL_NAME = 0x98, /* not oid number there is 97 in 2.5.4.0-97 */
139
140 /* pilot attribute types
141 * OID values of 0.9.2342.19200300.100.1.* */
142 ASN_USER_ID = 0x01, /* UID */
143 ASN_FAVOURITE_DRINK = 0x05, /* favouriteDrink */
144 ASN_DOMAIN_COMPONENT = 0x19 /* DC */
145};
146
147/* This is the size of the smallest possible PEM header and footer */
148extern const int pem_struct_min_sz;
149
150#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
151typedef struct WOLFSSL_ObjectInfo {
152 int nid;
153 int id;
154 word32 type;
155 const char* sName;
156 const char* lName;
157} WOLFSSL_ObjectInfo;
158extern const size_t wolfssl_object_info_sz;
159extern const WOLFSSL_ObjectInfo wolfssl_object_info[];
160#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) */
161
162/* DN Tag Strings */
163#define WOLFSSL_COMMON_NAME "/CN="
164#define WOLFSSL_LN_COMMON_NAME "/commonName="
165#define WOLFSSL_SUR_NAME "/SN="
166#define WOLFSSL_SERIAL_NUMBER "/serialNumber="
167#define WOLFSSL_COUNTRY_NAME "/C="
168#define WOLFSSL_LN_COUNTRY_NAME "/countryName="
169#define WOLFSSL_LOCALITY_NAME "/L="
170#define WOLFSSL_LN_LOCALITY_NAME "/localityName="
171#define WOLFSSL_STATE_NAME "/ST="
172#define WOLFSSL_LN_STATE_NAME "/stateOrProvinceName="
173#define WOLFSSL_ORG_NAME "/O="
174#define WOLFSSL_LN_ORG_NAME "/organizationName="
175#define WOLFSSL_ORGUNIT_NAME "/OU="
176#define WOLFSSL_LN_ORGUNIT_NAME "/organizationalUnitName="
177#define WOLFSSL_DOMAIN_COMPONENT "/DC="
178#define WOLFSSL_LN_DOMAIN_COMPONENT "/domainComponent="
179#define WOLFSSL_BUS_CAT "/businessCategory="
180#define WOLFSSL_JOI_C "/jurisdictionC="
181#define WOLFSSL_JOI_ST "/jurisdictionST="
182#define WOLFSSL_EMAIL_ADDR "/emailAddress="
183
184#define WOLFSSL_USER_ID "/UID="
185#define WOLFSSL_DOMAIN_COMPONENT "/DC="
186#define WOLFSSL_FAVOURITE_DRINK "/favouriteDrink="
187
188#if defined(WOLFSSL_APACHE_HTTPD)
189 /* otherName strings */
190 #define WOLFSSL_SN_MS_UPN "msUPN"
191 #define WOLFSSL_LN_MS_UPN "Microsoft User Principal Name"
192 #define WOLFSSL_MS_UPN_SUM 265
193 #define WOLFSSL_SN_DNS_SRV "id-on-dnsSRV"
194 #define WOLFSSL_LN_DNS_SRV "SRVName"
195 /* TLS features extension strings */
196 #define WOLFSSL_SN_TLS_FEATURE "tlsfeature"
197 #define WOLFSSL_LN_TLS_FEATURE "TLS Feature"
198 #define WOLFSSL_TLS_FEATURE_SUM 92
199#endif
200
201#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
202/* NIDs */
203enum
204{
205 NID_undef = 0,
206 NID_netscape_cert_type = NID_undef,
207 NID_des = 66,
208 NID_des3 = 67,
209 NID_sha256 = 672,
210 NID_sha384 = 673,
211 NID_sha512 = 674,
212 NID_pkcs9_challengePassword = 54,
213 NID_hw_name_oid = 73,
214 NID_id_pkix_OCSP_basic = 74,
215 NID_any_policy = 75,
216 NID_anyExtendedKeyUsage = 76,
217 NID_givenName = 99,
218 NID_initials = 101,
219 NID_title = 106,
220 NID_description = 107,
221 NID_basic_constraints = 133,
222 NID_key_usage = 129, /* 2.5.29.15 */
223 NID_ext_key_usage = 151, /* 2.5.29.37 */
224 NID_subject_key_identifier = 128,
225 NID_authority_key_identifier = 149,
226 NID_private_key_usage_period = 130, /* 2.5.29.16 */
227 NID_subject_alt_name = 131,
228 NID_issuer_alt_name = 132,
229 NID_info_access = 69,
230 NID_sinfo_access = 79, /* id-pe 11 */
231 NID_name_constraints = 144, /* 2.5.29.30 */
232 NID_crl_distribution_points = 145, /* 2.5.29.31 */
233 NID_certificate_policies = 146,
234 NID_policy_mappings = 147,
235 NID_policy_constraints = 150,
236 NID_inhibit_any_policy = 168, /* 2.5.29.54 */
237 NID_tlsfeature = 1020, /* id-pe 24 */
238 NID_commonName = 0x03, /* matches ASN_COMMON_NAME in asn.h */
239 NID_buildingName = 1494,
240
241
242 NID_surname = 0x04, /* SN */
243 NID_serialNumber = 0x05, /* serialNumber */
244 NID_countryName = 0x06, /* C */
245 NID_localityName = 0x07, /* L */
246 NID_stateOrProvinceName = 0x08, /* ST */
247 NID_organizationName = 0x0a, /* O */
248 NID_organizationalUnitName = 0x0b, /* OU */
249 NID_jurisdictionCountryName = 0xc,
250 NID_jurisdictionStateOrProvinceName = 0xd,
251 NID_businessCategory = ASN_BUS_CAT,
252 NID_domainComponent = ASN_DOMAIN_COMPONENT,
253 NID_favouriteDrink = 462,
254 NID_userId = 458,
255 NID_emailAddress = 0x30, /* emailAddress */
256 NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
257 NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
258
259 NID_X9_62_prime_field = 406 /* 1.2.840.10045.1.1 */
260};
261#endif /* OPENSSL_EXTRA */
262
263enum ECC_TYPES
264{
265 ECC_PREFIX_0 = 160,
266 ECC_PREFIX_1 = 161
267};
268
269#ifdef WOLFSSL_CERT_PIV
270 enum PIV_Tags {
271 ASN_PIV_CERT = 0x0A,
272 ASN_PIV_NONCE = 0x0B,
273 ASN_PIV_SIGNED_NONCE = 0x0C,
274
275 ASN_PIV_TAG_CERT = 0x70,
276 ASN_PIV_TAG_CERT_INFO = 0x71,
277 ASN_PIV_TAG_MSCUID = 0x72,
278 ASN_PIV_TAG_ERR_DET = 0xFE,
279
280 /* certificate info masks */
281 ASN_PIV_CERT_INFO_COMPRESSED = 0x03,
282 ASN_PIV_CERT_INFO_ISX509 = 0x04,
283 };
284#endif /* WOLFSSL_CERT_PIV */
285
286
287#define ASN_JOI_PREFIX_SZ 10
288#define ASN_JOI_PREFIX "\x2b\x06\x01\x04\x01\x82\x37\x3c\x02\x01"
289#define ASN_JOI_C 0x3
290#define ASN_JOI_ST 0x2
291
292#ifndef WC_ASN_NAME_MAX
293 #ifdef OPENSSL_EXTRA
294 #define WC_ASN_NAME_MAX 300
295 #else
296 #define WC_ASN_NAME_MAX 256
297 #endif
298#endif
299#define ASN_NAME_MAX WC_ASN_NAME_MAX
300
301enum Misc_ASN {
302 MAX_SALT_SIZE = 64, /* MAX PKCS Salt length */
303 MAX_IV_SIZE = 64, /* MAX PKCS Iv length */
304 ASN_BOOL_SIZE = 2, /* including type */
305 ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
306 ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
307#ifdef NO_SHA
308 KEYID_SIZE = WC_SHA256_DIGEST_SIZE,
309#else
310 KEYID_SIZE = WC_SHA_DIGEST_SIZE,
311#endif
312 RSA_INTS = 8, /* RSA ints in private key */
313 DSA_PARAM_INTS = 3, /* DSA paramater ints */
314 DSA_INTS = 5, /* DSA ints in private key */
315 MIN_DATE_SIZE = 12,
316 MAX_DATE_SIZE = 32,
317 ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */
318#ifndef NO_RSA
319 MAX_ENCODED_SIG_SZ = 512,
320#elif defined(HAVE_ECC)
321 MAX_ENCODED_SIG_SZ = 140,
322#elif defined(HAVE_CURVE448)
323 MAX_ENCODED_SIG_SZ = 114,
324#else
325 MAX_ENCODED_SIG_SZ = 64,
326#endif
327 MAX_SIG_SZ = 256,
328 MAX_ALGO_SZ = 20,
329 MAX_SHORT_SZ = 6, /* asn int + byte len + 4 byte length */
330 MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
331 MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
332 MAX_OCTET_STR_SZ = 5, /* enum(set | con) + length(4) */
333 MAX_EXP_SZ = 5, /* enum(contextspec|con|exp) + length(4) */
334 MAX_PRSTR_SZ = 5, /* enum(prstr) + length(4) */
335 MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
336 MAX_ENCODED_DIG_ASN_SZ= 9, /* enum(bit or octet) + length(4) */
337 MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */
338 MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
339 MAX_DSA_INT_SZ = 389, /* DSA raw sz 3072 for bits + tag + len(4) */
340 MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
341 MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
342 MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */
343 MAX_RSA_E_SZ = 16, /* Max RSA public e size */
344 MAX_CA_SZ = 32, /* Max encoded CA basic constraint length */
345 MAX_SN_SZ = 35, /* Max encoded serial number (INT) length */
346 MAX_DER_DIGEST_SZ = MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
347 /* Maximum DER digest size */
348 MAX_DER_DIGEST_ASN_SZ = MAX_ENCODED_DIG_ASN_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ,
349 /* Maximum DER digest ASN header size */
350 /* Max X509 header length indicates the max length + 2 ('\n', '\0') */
351 MAX_X509_HEADER_SZ = (37 + 2), /* Maximum PEM Header/Footer Size */
352#ifdef WOLFSSL_CERT_GEN
353 #ifdef WOLFSSL_CERT_REQ
354 /* Max encoded cert req attributes length */
355 MAX_ATTRIB_SZ = MAX_SEQ_SZ * 3 + (11 + MAX_SEQ_SZ) * 2 +
356 MAX_PRSTR_SZ + CTC_NAME_SIZE, /* 11 is the OID size */
357 #endif
358 #if defined(WOLFSSL_ALT_NAMES) || defined(WOLFSSL_CERT_EXT)
359 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + CTC_MAX_ALT_SIZE,
360 #else
361 MAX_EXTENSIONS_SZ = 1 + MAX_LENGTH_SZ + MAX_CA_SZ,
362 #endif
363 /* Max total extensions, id + len + others */
364#endif
365#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
366 defined(HAVE_PKCS7) || defined(OPENSSL_EXTRA_X509_SMALL)
367 MAX_OID_SZ = 32, /* Max DER length of OID*/
368 MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/
369#endif
370#ifdef WOLFSSL_CERT_EXT
371 MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */
372 MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */
373 MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) +
374 CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage
375 (SEQ/LEN + OBJID + OCTSTR/LEN + SEQ +
376 (6 * (SEQ + OID))) */
377 MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
378 MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ,
379#endif
380 MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/
381 OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */
382 MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */
383 MAX_OCSP_NONCE_SZ = 16, /* OCSP Nonce size */
384 EIGHTK_BUF = 8192, /* Tmp buffer size */
385 MAX_PUBLIC_KEY_SZ = MAX_NTRU_ENC_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ * 2,
386 /* use bigger NTRU size */
387#ifdef WOLFSSL_ENCRYPTED_KEYS
388 HEADER_ENCRYPTED_KEY_SIZE = 88,/* Extra header size for encrypted key */
389#else
390 HEADER_ENCRYPTED_KEY_SIZE = 0,
391#endif
392 TRAILING_ZERO = 1, /* Used for size of zero pad */
393 ASN_TAG_SZ = 1, /* single byte ASN.1 tag */
394 MIN_VERSION_SZ = 3, /* Min bytes needed for GetMyVersion */
395 MAX_X509_VERSION = 3, /* Max X509 version allowed */
396 MIN_X509_VERSION = 0, /* Min X509 version allowed */
397 WOLFSSL_X509_V1 = 0,
398 WOLFSSL_X509_V2 = 1,
399 WOLFSSL_X509_V3 = 2,
400#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
401 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
402 defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)
403 MAX_TIME_STRING_SZ = 25, /* Max length of formatted time string */
404#endif
405
406 PKCS5_SALT_SZ = 8,
407
408 PEM_LINE_SZ = 64, /* Length of Base64 encoded line, not including new line */
409 PEM_LINE_LEN = PEM_LINE_SZ + 12, /* PEM line max + fudge */
410};
411
412#ifndef WC_MAX_NAME_ENTRIES
413 /* entries added to x509 name struct */
414 #define WC_MAX_NAME_ENTRIES 13
415#endif
416#define MAX_NAME_ENTRIES WC_MAX_NAME_ENTRIES
417
418
419enum Oid_Types {
420 oidHashType = 0,
421 oidSigType = 1,
422 oidKeyType = 2,
423 oidCurveType = 3,
424 oidBlkType = 4,
425 oidOcspType = 5,
426 oidCertExtType = 6,
427 oidCertAuthInfoType = 7,
428 oidCertPolicyType = 8,
429 oidCertAltNameType = 9,
430 oidCertKeyUseType = 10,
431 oidKdfType = 11,
432 oidKeyWrapType = 12,
433 oidCmsKeyAgreeType = 13,
434 oidPBEType = 14,
435 oidHmacType = 15,
436 oidCompressType = 16,
437 oidCertNameType = 17,
438 oidTlsExtType = 18,
439 oidCrlExtType = 19,
440 oidCsrAttrType = 20,
441 oidIgnoreType
442};
443
444
445enum Hash_Sum {
446 MD2h = 646,
447 MD5h = 649,
448 SHAh = 88,
449 SHA224h = 417,
450 SHA256h = 414,
451 SHA384h = 415,
452 SHA512h = 416,
453 SHA3_224h = 420,
454 SHA3_256h = 421,
455 SHA3_384h = 422,
456 SHA3_512h = 423
457};
458
459
460#if !defined(NO_DES3) || !defined(NO_AES)
461enum Block_Sum {
462#ifdef WOLFSSL_AES_128
463 AES128CBCb = 414,
464 AES128GCMb = 418,
465 AES128CCMb = 419,
466#endif
467#ifdef WOLFSSL_AES_192
468 AES192CBCb = 434,
469 AES192GCMb = 438,
470 AES192CCMb = 439,
471#endif
472#ifdef WOLFSSL_AES_256
473 AES256CBCb = 454,
474 AES256GCMb = 458,
475 AES256CCMb = 459,
476#endif
477#ifndef NO_DES3
478 DESb = 69,
479 DES3b = 652
480#endif
481};
482#endif /* !NO_DES3 || !NO_AES */
483
484
485enum Key_Sum {
486 DSAk = 515,
487 RSAk = 645,
488 NTRUk = 274,
489 ECDSAk = 518,
490 ED25519k = 256,
491 ED448k = 257,
492 DHk = 647, /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */
493};
494
495#if !defined(NO_AES) || defined(HAVE_PKCS7)
496enum KeyWrap_Sum {
497#ifdef WOLFSSL_AES_128
498 AES128_WRAP = 417,
499#endif
500#ifdef WOLFSSL_AES_192
501 AES192_WRAP = 437,
502#endif
503#ifdef WOLFSSL_AES_256
504 AES256_WRAP = 457,
505#endif
506#ifdef HAVE_PKCS7
507 PWRI_KEK_WRAP = 680 /*id-alg-PWRI-KEK, 1.2.840.113549.1.9.16.3.9 */
508#endif
509};
510#endif /* !NO_AES || PKCS7 */
511
512enum Key_Agree {
513 dhSinglePass_stdDH_sha1kdf_scheme = 464,
514 dhSinglePass_stdDH_sha224kdf_scheme = 188,
515 dhSinglePass_stdDH_sha256kdf_scheme = 189,
516 dhSinglePass_stdDH_sha384kdf_scheme = 190,
517 dhSinglePass_stdDH_sha512kdf_scheme = 191,
518};
519
520
521
522enum KDF_Sum {
523 PBKDF2_OID = 660
524};
525
526
527enum HMAC_Sum {
528 HMAC_SHA224_OID = 652,
529 HMAC_SHA256_OID = 653,
530 HMAC_SHA384_OID = 654,
531 HMAC_SHA512_OID = 655,
532 HMAC_SHA3_224_OID = 426,
533 HMAC_SHA3_256_OID = 427,
534 HMAC_SHA3_384_OID = 428,
535 HMAC_SHA3_512_OID = 429
536};
537
538
539enum Extensions_Sum {
540 BASIC_CA_OID = 133, /* 2.5.29.19 */
541 ALT_NAMES_OID = 131, /* 2.5.29.17 */
542 CRL_DIST_OID = 145, /* 2.5.29.31 */
543 AUTH_INFO_OID = 69, /* 1.3.6.1.5.5.7.1.1 */
544 AUTH_KEY_OID = 149, /* 2.5.29.35 */
545 SUBJ_KEY_OID = 128, /* 2.5.29.14 */
546 CERT_POLICY_OID = 146, /* 2.5.29.32 */
547 KEY_USAGE_OID = 129, /* 2.5.29.15 */
548 INHIBIT_ANY_OID = 168, /* 2.5.29.54 */
549 EXT_KEY_USAGE_OID = 151, /* 2.5.29.37 */
550 NAME_CONS_OID = 144, /* 2.5.29.30 */
551 PRIV_KEY_USAGE_PERIOD_OID = 130, /* 2.5.29.16 */
552 SUBJECT_INFO_ACCESS = 79, /* 1.3.6.1.5.5.7.1.11 */
553 POLICY_MAP_OID = 147, /* 2.5.29.33 */
554 POLICY_CONST_OID = 150, /* 2.5.29.36 */
555 ISSUE_ALT_NAMES_OID = 132, /* 2.5.29.18 */
556 TLS_FEATURE_OID = 92, /* 1.3.6.1.5.5.7.1.24 */
557 NETSCAPE_CT_OID = 753, /* 2.16.840.1.113730.1.1 */
558 OCSP_NOCHECK_OID = 121 /* 1.3.6.1.5.5.7.48.1.5
559 id-pkix-ocsp-nocheck */
560};
561
562enum CertificatePolicy_Sum {
563 CP_ANY_OID = 146 /* id-ce 32 0 */
564};
565
566enum SepHardwareName_Sum {
567 HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/
568};
569
570enum AuthInfo_Sum {
571 AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */
572 AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */
573};
574
575enum ExtKeyUsage_Sum { /* From RFC 5280 */
576 EKU_ANY_OID = 151, /* 2.5.29.37.0, anyExtendedKeyUsage */
577 EKU_SERVER_AUTH_OID = 71, /* 1.3.6.1.5.5.7.3.1, id-kp-serverAuth */
578 EKU_CLIENT_AUTH_OID = 72, /* 1.3.6.1.5.5.7.3.2, id-kp-clientAuth */
579 EKU_CODESIGNING_OID = 73, /* 1.3.6.1.5.5.7.3.3, id-kp-codeSigning */
580 EKU_EMAILPROTECT_OID = 74, /* 1.3.6.1.5.5.7.3.4, id-kp-emailProtection */
581 EKU_TIMESTAMP_OID = 78, /* 1.3.6.1.5.5.7.3.8, id-kp-timeStamping */
582 EKU_OCSP_SIGN_OID = 79 /* 1.3.6.1.5.5.7.3.9, id-kp-OCSPSigning */
583};
584
585#ifdef HAVE_LIBZ
586enum CompressAlg_Sum {
587 ZLIBc = 679 /* 1.2.840.113549.1.9.16.3.8, id-alg-zlibCompress */
588};
589#endif
590
591enum VerifyType {
592 NO_VERIFY = 0,
593 VERIFY = 1,
594 VERIFY_CRL = 2,
595 VERIFY_OCSP = 3,
596 VERIFY_NAME = 4,
597 VERIFY_SKIP_DATE = 5,
598 VERIFY_OCSP_CERT = 6,
599};
600
601#ifdef WOLFSSL_CERT_EXT
602enum KeyIdType {
603 SKID_TYPE = 0,
604 AKID_TYPE = 1
605};
606#endif
607
608#ifdef WOLFSSL_CERT_REQ
609enum CsrAttrType {
610 CHALLENGE_PASSWORD_OID = 659,
611 SERIAL_NUMBER_OID = 94,
612 EXTENSION_REQUEST_OID = 666,
613};
614#endif
615
616/* Key usage extension bits (based on RFC 5280) */
617#define KEYUSE_DIGITAL_SIG 0x0080
618#define KEYUSE_CONTENT_COMMIT 0x0040
619#define KEYUSE_KEY_ENCIPHER 0x0020
620#define KEYUSE_DATA_ENCIPHER 0x0010
621#define KEYUSE_KEY_AGREE 0x0008
622#define KEYUSE_KEY_CERT_SIGN 0x0004
623#define KEYUSE_CRL_SIGN 0x0002
624#define KEYUSE_ENCIPHER_ONLY 0x0001
625#define KEYUSE_DECIPHER_ONLY 0x8000
626
627/* Extended Key Usage bits (internal mapping only) */
628#define EXTKEYUSE_USER 0x80
629#define EXTKEYUSE_OCSP_SIGN 0x40
630#define EXTKEYUSE_TIMESTAMP 0x20
631#define EXTKEYUSE_EMAILPROT 0x10
632#define EXTKEYUSE_CODESIGN 0x08
633#define EXTKEYUSE_CLIENT_AUTH 0x04
634#define EXTKEYUSE_SERVER_AUTH 0x02
635#define EXTKEYUSE_ANY 0x01
636
637typedef struct DNS_entry DNS_entry;
638
639struct DNS_entry {
640 DNS_entry* next; /* next on DNS list */
641 int type; /* i.e. ASN_DNS_TYPE */
642 int len; /* actual DNS len */
643 char* name; /* actual DNS name */
644};
645
646
647typedef struct Base_entry Base_entry;
648
649struct Base_entry {
650 Base_entry* next; /* next on name base list */
651 char* name; /* actual name base */
652 int nameSz; /* name length */
653 byte type; /* Name base type (DNS or RFC822) */
654};
655
656
657enum SignatureState {
658 SIG_STATE_BEGIN,
659 SIG_STATE_HASH,
660 SIG_STATE_KEY,
661 SIG_STATE_DO,
662 SIG_STATE_CHECK,
663};
664
665
666#ifdef HAVE_PK_CALLBACKS
667#ifdef HAVE_ECC
668 typedef int (*wc_CallbackEccVerify)(
669 const unsigned char* sig, unsigned int sigSz,
670 const unsigned char* hash, unsigned int hashSz,
671 const unsigned char* keyDer, unsigned int keySz,
672 int* result, void* ctx);
673#endif
674#ifndef NO_RSA
675 typedef int (*wc_CallbackRsaVerify)(
676 unsigned char* sig, unsigned int sigSz,
677 unsigned char** out,
678 const unsigned char* keyDer, unsigned int keySz,
679 void* ctx);
680#endif
681#endif /* HAVE_PK_CALLBACKS */
682
683struct SignatureCtx {
684 void* heap;
685 byte* digest;
686#ifndef NO_RSA
687 byte* out;
688#endif
689#if !(defined(NO_RSA) && defined(NO_DSA))
690 byte* sigCpy;
691#endif
692#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
693 !defined(NO_DSA)
694 int verify;
695#endif
696 union {
697 #ifndef NO_RSA
698 struct RsaKey* rsa;
699 #endif
700 #ifndef NO_DSA
701 struct DsaKey* dsa;
702 #endif
703 #ifdef HAVE_ECC
704 struct ecc_key* ecc;
705 #endif
706 #ifdef HAVE_ED25519
707 struct ed25519_key* ed25519;
708 #endif
709 #ifdef HAVE_ED448
710 struct ed448_key* ed448;
711 #endif
712 void* ptr;
713 } key;
714 int devId;
715 int state;
716 int typeH;
717 int digestSz;
718 word32 keyOID;
719#ifdef WOLFSSL_ASYNC_CRYPT
720 WC_ASYNC_DEV* asyncDev;
721 void* asyncCtx;
722#endif
723
724#ifdef HAVE_PK_CALLBACKS
725#ifdef HAVE_ECC
726 wc_CallbackEccVerify pkCbEcc;
727 void* pkCtxEcc;
728#endif
729#ifndef NO_RSA
730 wc_CallbackRsaVerify pkCbRsa;
731 void* pkCtxRsa;
732#endif
733#endif /* HAVE_PK_CALLBACKS */
734#ifndef NO_RSA
735#ifdef WOLFSSL_RENESAS_TSIP_TLS
736 byte verifyByTSIP;
737 word32 certBegin;
738 word32 pubkey_n_start;
739 word32 pubkey_n_len;
740 word32 pubkey_e_start;
741 word32 pubkey_e_len;
742#endif
743#endif
744};
745
746enum CertSignState {
747 CERTSIGN_STATE_BEGIN,
748 CERTSIGN_STATE_DIGEST,
749 CERTSIGN_STATE_ENCODE,
750 CERTSIGN_STATE_DO,
751};
752
753struct CertSignCtx {
754 byte* sig;
755 byte* digest;
756 #ifndef NO_RSA
757 byte* encSig;
758 int encSigSz;
759 #endif
760 int state; /* enum CertSignState */
761};
762
763#ifndef WOLFSSL_MAX_PATH_LEN
764 /* RFC 5280 Section 6.1.2. "Initialization" - item (k) defines
765 * (k) max_path_length: this integer is initialized to "n", is
766 * decremented for each non-self-issued certificate in the path,
767 * and may be reduced to the value in the path length constraint
768 * field within the basic constraints extension of a CA
769 * certificate.
770 *
771 * wolfSSL has arbitrarily selected the value 127 for "n" in the above
772 * description. Users can modify the maximum path length by setting
773 * WOLFSSL_MAX_PATH_LEN to a preferred value at build time
774 */
775 #define WOLFSSL_MAX_PATH_LEN 127
776#endif
777
778typedef struct DecodedCert DecodedCert;
779typedef struct Signer Signer;
780#ifdef WOLFSSL_TRUST_PEER_CERT
781typedef struct TrustedPeerCert TrustedPeerCert;
782#endif /* WOLFSSL_TRUST_PEER_CERT */
783typedef struct SignatureCtx SignatureCtx;
784typedef struct CertSignCtx CertSignCtx;
785
786
787struct DecodedCert {
788 const byte* publicKey;
789 word32 pubKeySize;
790 int pubKeyStored;
791 word32 certBegin; /* offset to start of cert */
792 word32 sigIndex; /* offset to start of signature */
793 word32 sigLength; /* length of signature */
794 word32 signatureOID; /* sum of algorithm object id */
795 word32 keyOID; /* sum of key algo object id */
796 int version; /* cert version, 1 or 3 */
797 DNS_entry* altNames; /* alt names list of dns entries */
798#ifndef IGNORE_NAME_CONSTRAINTS
799 DNS_entry* altEmailNames; /* alt names list of RFC822 entries */
800 DNS_entry* altDirNames; /* alt names list of DIR entries */
801 Base_entry* permittedNames; /* Permitted name bases */
802 Base_entry* excludedNames; /* Excluded name bases */
803#endif /* IGNORE_NAME_CONSTRAINTS */
804 byte subjectHash[KEYID_SIZE]; /* hash of all Names */
805 byte issuerHash[KEYID_SIZE]; /* hash of all Names */
806#ifdef HAVE_OCSP
807 byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */
808 byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
809#endif /* HAVE_OCSP */
810 const byte* signature; /* not owned, points into raw cert */
811 char* subjectCN; /* CommonName */
812 int subjectCNLen; /* CommonName Length */
813 char subjectCNEnc; /* CommonName Encoding */
814 char issuer[ASN_NAME_MAX]; /* full name including common name */
815 char subject[ASN_NAME_MAX]; /* full name including common name */
816 int verify; /* Default to yes, but could be off */
817 const byte* source; /* byte buffer holder cert, NOT owner */
818 word32 srcIdx; /* current offset into buffer */
819 word32 maxIdx; /* max offset based on init size */
820 void* heap; /* for user memory overrides */
821 byte serial[EXTERNAL_SERIAL_SIZE]; /* raw serial number */
822 int serialSz; /* raw serial bytes stored */
823 const byte* extensions; /* not owned, points into raw cert */
824 int extensionsSz; /* length of cert extensions */
825 word32 extensionsIdx; /* if want to go back and parse later */
826 const byte* extAuthInfo; /* Authority Information Access URI */
827 int extAuthInfoSz; /* length of the URI */
828#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
829 const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */
830 int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */
831#endif
832 const byte* extCrlInfo; /* CRL Distribution Points */
833 int extCrlInfoSz; /* length of the URI */
834 byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */
835 byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */
836 byte pathLength; /* CA basic constraint path length */
837 byte maxPathLen; /* max_path_len see RFC 5280 section
838 * 6.1.2 "Initialization" - (k) for
839 * description of max_path_len */
840 byte policyConstSkip; /* Policy Constraints skip certs value */
841 word16 extKeyUsage; /* Key usage bitfield */
842 byte extExtKeyUsage; /* Extended Key usage bitfield */
843
844#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
845 const byte* extExtKeyUsageSrc;
846 word32 extExtKeyUsageSz;
847 word32 extExtKeyUsageCount;
848 const byte* extAuthKeyIdSrc;
849 word32 extAuthKeyIdSz;
850 const byte* extSubjKeyIdSrc;
851 word32 extSubjKeyIdSz;
852#endif
853
854#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
855 word32 pkCurveOID; /* Public Key's curve OID */
856#endif /* HAVE_ECC */
857 const byte* beforeDate;
858 int beforeDateLen;
859 const byte* afterDate;
860 int afterDateLen;
861#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)
862 const byte* issuerRaw; /* pointer to issuer inside source */
863 int issuerRawLen;
864#endif
865#if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT)
866 const byte* subjectRaw; /* pointer to subject inside source */
867 int subjectRawLen;
868#endif
869#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
870 /* easy access to subject info for other sign */
871 char* subjectSN;
872 int subjectSNLen;
873 char subjectSNEnc;
874 char* subjectC;
875 int subjectCLen;
876 char subjectCEnc;
877 char* subjectL;
878 int subjectLLen;
879 char subjectLEnc;
880 char* subjectST;
881 int subjectSTLen;
882 char subjectSTEnc;
883 char* subjectO;
884 int subjectOLen;
885 char subjectOEnc;
886 char* subjectOU;
887 int subjectOULen;
888 char subjectOUEnc;
889 char* subjectSND;
890 int subjectSNDLen;
891 char subjectSNDEnc;
892#ifdef WOLFSSL_CERT_EXT
893 char* subjectBC;
894 int subjectBCLen;
895 char subjectBCEnc;
896 char* subjectJC;
897 int subjectJCLen;
898 char subjectJCEnc;
899 char* subjectJS;
900 int subjectJSLen;
901 char subjectJSEnc;
902#endif
903 char* subjectEmail;
904 int subjectEmailLen;
905#endif /* WOLFSSL_CERT_GEN */
906#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
907 /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */
908 void* issuerName;
909 void* subjectName;
910#endif /* OPENSSL_EXTRA */
911#ifdef WOLFSSL_SEP
912 int deviceTypeSz;
913 byte* deviceType;
914 int hwTypeSz;
915 byte* hwType;
916 int hwSerialNumSz;
917 byte* hwSerialNum;
918#endif /* WOLFSSL_SEP */
919#ifdef WOLFSSL_CERT_EXT
920 char extCertPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
921 int extCertPoliciesNb;
922#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */
923
924#ifdef WOLFSSL_CERT_REQ
925 /* CSR attributes */
926 char* cPwd; /* challengePassword */
927 int cPwdLen;
928 char* sNum; /* Serial Number */
929 int sNumLen;
930#endif /* WOLFSSL_CERT_REQ */
931
932 Signer* ca;
933#ifndef NO_CERTS
934 SignatureCtx sigCtx;
935#endif
936#ifdef WOLFSSL_RENESAS_TSIP
937 byte* tsip_encRsaKeyIdx;
938#endif
939
940 int badDate;
941 int criticalExt;
942
943 /* Option Bits */
944 byte subjectCNStored : 1; /* have we saved a copy we own */
945 byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */
946 byte extAuthKeyIdSet : 1; /* Set when the AKID was read from cert */
947#ifndef IGNORE_NAME_CONSTRAINTS
948 byte extNameConstraintSet : 1;
949#endif
950 byte isCA : 1; /* CA basic constraint true */
951 byte pathLengthSet : 1; /* CA basic const path length set */
952 byte weOwnAltNames : 1; /* altNames haven't been given to copy */
953 byte extKeyUsageSet : 1;
954 byte extExtKeyUsageSet : 1; /* Extended Key Usage set */
955#ifdef HAVE_OCSP
956 byte ocspNoCheckSet : 1; /* id-pkix-ocsp-nocheck set */
957#endif
958 byte extCRLdistSet : 1;
959 byte extAuthInfoSet : 1;
960 byte extBasicConstSet : 1;
961 byte extPolicyConstSet : 1;
962 byte extPolicyConstRxpSet : 1; /* requireExplicitPolicy set */
963 byte extPolicyConstIpmSet : 1; /* inhibitPolicyMapping set */
964 byte extSubjAltNameSet : 1;
965 byte inhibitAnyOidSet : 1;
966 byte selfSigned : 1; /* Indicates subject and issuer are same */
967#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
968 byte extCertPolicySet : 1;
969#endif
970#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
971 byte extCRLdistCrit : 1;
972 byte extAuthInfoCrit : 1;
973 byte extBasicConstCrit : 1;
974 byte extPolicyConstCrit : 1;
975 byte extSubjAltNameCrit : 1;
976 byte extAuthKeyIdCrit : 1;
977 #ifndef IGNORE_NAME_CONSTRAINTS
978 byte extNameConstraintCrit : 1;
979 #endif
980 byte extSubjKeyIdCrit : 1;
981 byte extKeyUsageCrit : 1;
982 byte extExtKeyUsageCrit : 1;
983#endif /* OPENSSL_EXTRA */
984#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
985 byte extCertPolicyCrit : 1;
986#endif
987#ifdef WOLFSSL_CERT_REQ
988 byte isCSR : 1; /* Do we intend on parsing a CSR? */
989#endif
990};
991
992/* ASN Encoded Name field */
993typedef struct EncodedName {
994 int nameLen; /* actual string value length */
995 int totalLen; /* total encoded length */
996 int type; /* type of name */
997 int used; /* are we actually using this one */
998 byte encoded[CTC_NAME_SIZE * 2]; /* encoding */
999} EncodedName;
1000
1001#ifdef NO_SHA
1002 #define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
1003#else
1004 #define SIGNER_DIGEST_SIZE WC_SHA_DIGEST_SIZE
1005#endif
1006
1007/* CA Signers */
1008/* if change layout change PERSIST_CERT_CACHE functions too */
1009struct Signer {
1010 word32 pubKeySize;
1011 word32 keyOID; /* key type */
1012 word16 keyUsage;
1013 byte maxPathLen;
1014 byte pathLength;
1015 byte pathLengthSet : 1;
1016 byte selfSigned : 1;
1017 const byte* publicKey;
1018 int nameLen;
1019 char* name; /* common name */
1020#ifndef IGNORE_NAME_CONSTRAINTS
1021 Base_entry* permittedNames;
1022 Base_entry* excludedNames;
1023#endif /* IGNORE_NAME_CONSTRAINTS */
1024 byte subjectNameHash[SIGNER_DIGEST_SIZE];
1025 /* sha hash of names in certificate */
1026 #ifndef NO_SKID
1027 byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
1028 /* sha hash of names in certificate */
1029 #endif
1030 #ifdef HAVE_OCSP
1031 byte subjectKeyHash[KEYID_SIZE];
1032 #endif
1033#ifdef WOLFSSL_SIGNER_DER_CERT
1034 DerBuffer* derCert;
1035#endif
1036#ifdef WOLFSSL_RENESAS_TSIP_TLS
1037 word32 cm_idx;
1038#endif
1039 Signer* next;
1040};
1041
1042
1043#ifdef WOLFSSL_TRUST_PEER_CERT
1044/* used for having trusted peer certs rather then CA */
1045struct TrustedPeerCert {
1046 int nameLen;
1047 char* name; /* common name */
1048 #ifndef IGNORE_NAME_CONSTRAINTS
1049 Base_entry* permittedNames;
1050 Base_entry* excludedNames;
1051 #endif /* IGNORE_NAME_CONSTRAINTS */
1052 byte subjectNameHash[SIGNER_DIGEST_SIZE];
1053 /* sha hash of names in certificate */
1054 #ifndef NO_SKID
1055 byte subjectKeyIdHash[SIGNER_DIGEST_SIZE];
1056 /* sha hash of names in certificate */
1057 #endif
1058 word32 sigLen;
1059 byte* sig;
1060 struct TrustedPeerCert* next;
1061};
1062#endif /* WOLFSSL_TRUST_PEER_CERT */
1063
1064
1065/* for testing or custom openssl wrappers */
1066#if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
1067 defined(OPENSSL_EXTRA_X509_SMALL)
1068 #define WOLFSSL_ASN_API WOLFSSL_API
1069#else
1070 #define WOLFSSL_ASN_API WOLFSSL_LOCAL
1071#endif
1072
1073#ifdef HAVE_SMIME
1074#define MIME_HEADER_ASCII_MIN 33
1075#define MIME_HEADER_ASCII_MAX 126
1076
1077typedef struct MimeParam MimeParam;
1078typedef struct MimeHdr MimeHdr;
1079
1080struct MimeParam
1081{
1082 MimeParam* next;
1083 char* attribute;
1084 char* value;
1085};
1086
1087struct MimeHdr
1088{
1089 MimeHdr* next;
1090 MimeParam* params;
1091 char* name;
1092 char* body;
1093};
1094
1095typedef enum MimeTypes
1096{
1097 MIME_HDR,
1098 MIME_PARAM
1099} MimeTypes;
1100
1101typedef enum MimeStatus
1102{
1103 MIME_NAMEATTR,
1104 MIME_BODYVAL
1105} MimeStatus;
1106#endif /* HAVE_SMIME */
1107
1108
1109WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash);
1110WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx);
1111
1112WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der,
1113 word32* derSz);
1114
1115WOLFSSL_ASN_API void FreeAltNames(DNS_entry*, void*);
1116#ifndef IGNORE_NAME_CONSTRAINTS
1117 WOLFSSL_ASN_API void FreeNameSubtrees(Base_entry*, void*);
1118#endif /* IGNORE_NAME_CONSTRAINTS */
1119WOLFSSL_ASN_API void InitDecodedCert(DecodedCert*, const byte*, word32, void*);
1120WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert*);
1121WOLFSSL_ASN_API int ParseCert(DecodedCert*, int type, int verify, void* cm);
1122
1123WOLFSSL_LOCAL int DecodePolicyOID(char *o, word32 oSz,
1124 const byte *in, word32 inSz);
1125WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
1126 const char *in, void* heap);
1127WOLFSSL_API int CheckCertSignature(const byte*,word32,void*,void* cm);
1128WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
1129 void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
1130#ifdef WOLFSSL_CERT_REQ
1131WOLFSSL_LOCAL int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap,
1132 const byte* pubKey, word32 pubKeySz, int pubKeyOID);
1133#endif /* WOLFSSL_CERT_REQ */
1134WOLFSSL_LOCAL int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
1135 int sigAlgoType);
1136WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm);
1137WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify);
1138WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
1139
1140WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz);
1141WOLFSSL_LOCAL Signer* MakeSigner(void*);
1142WOLFSSL_LOCAL void FreeSigner(Signer*, void*);
1143WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*);
1144#ifdef WOLFSSL_TRUST_PEER_CERT
1145WOLFSSL_LOCAL void FreeTrustedPeer(TrustedPeerCert*, void*);
1146WOLFSSL_LOCAL void FreeTrustedPeerTable(TrustedPeerCert**, int, void*);
1147#endif /* WOLFSSL_TRUST_PEER_CERT */
1148
1149WOLFSSL_ASN_API int ToTraditional(byte* buffer, word32 length);
1150WOLFSSL_ASN_API int ToTraditional_ex(byte* buffer, word32 length,
1151 word32* algId);
1152WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx,
1153 word32 length);
1154WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx,
1155 word32 length, word32* algId);
1156WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int,
1157 word32* algId);
1158WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out,
1159 word32* outSz, const char* password, int passwordSz, int vPKCS,
1160 int vAlgo, byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap);
1161WOLFSSL_ASN_API int TraditionalEnc(byte* key, word32 keySz, byte* out,
1162 word32* outSz, const char* password, int passwordSz, int vPKCS,
1163 int vAlgo, int encAlgId, byte* salt, word32 saltSz, int itt,
1164 WC_RNG* rng, void* heap);
1165WOLFSSL_LOCAL int DecryptContent(byte* input, word32 sz,const char* psw,int pswSz);
1166WOLFSSL_LOCAL int EncryptContent(byte* input, word32 sz, byte* out, word32* outSz,
1167 const char* password,int passwordSz, int vPKCS, int vAlgo,
1168 byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap);
1169WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID,
1170 word32* oidSz, int* algoID, void* heap);
1171
1172typedef struct tm wolfssl_tm;
1173#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \
1174 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
1175WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len);
1176#endif
1177#if !defined(NO_ASN_TIME) && defined(HAVE_PKCS7)
1178WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len);
1179#endif
1180WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format,
1181 wolfssl_tm* certTime, int* idx);
1182WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b);
1183WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType);
1184WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn);
1185
1186WOLFSSL_LOCAL int wc_EncodeName(EncodedName* name, const char* nameStr,
1187 char nameType, byte type);
1188WOLFSSL_LOCAL int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr,
1189 char nameType, byte type);
1190/* ASN.1 helper functions */
1191#ifdef WOLFSSL_CERT_GEN
1192WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
1193WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
1194WOLFSSL_LOCAL byte GetCertNameId(int idx);
1195#endif
1196WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
1197 word32 maxIdx);
1198WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number,
1199 word32 maxIdx);
1200
1201WOLFSSL_LOCAL const char* GetSigName(int oid);
1202WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
1203 word32 maxIdx);
1204WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len,
1205 word32 maxIdx, int check);
1206WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
1207 word32 maxIdx);
1208WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
1209 word32 maxIdx, int check);
1210WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len,
1211 word32 maxIdx);
1212WOLFSSL_LOCAL int CheckBitString(const byte* input, word32* inOutIdx, int* len,
1213 word32 maxIdx, int zeroBits, byte* unusedBits);
1214WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len,
1215 word32 maxIdx);
1216WOLFSSL_LOCAL int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
1217 word32 maxIdx, int check);
1218WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
1219 int* version, word32 maxIdx);
1220WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
1221 word32 maxIdx);
1222#ifdef HAVE_OID_ENCODING
1223 WOLFSSL_LOCAL int EncodeObjectId(const word16* in, word32 inSz,
1224 byte* out, word32* outSz);
1225#endif
1226#ifdef HAVE_OID_DECODING
1227 WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz,
1228 word16* out, word32* outSz);
1229#endif
1230WOLFSSL_LOCAL int GetASNObjectId(const byte* input, word32* inOutIdx, int* len,
1231 word32 maxIdx);
1232WOLFSSL_LOCAL int SetObjectId(int len, byte* output);
1233WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid,
1234 word32 oidType, word32 maxIdx);
1235WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid,
1236 word32 oidType, word32 maxIdx);
1237WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
1238 word32 inputSz);
1239WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
1240WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
1241WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
1242WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output);
1243WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output);
1244WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
1245WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output);
1246WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output);
1247WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz);
1248WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header);
1249WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output,
1250 word32 outputSz, int maxSnSz);
1251WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
1252 byte* serial, int* serialSz, word32 maxIdx);
1253WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash,
1254 int maxIdx);
1255WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der);
1256WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
1257 const byte* pubKey, word32 pubKeySz, enum Key_Sum ks);
1258WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
1259WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
1260
1261#ifdef HAVE_ECC
1262 /* ASN sig helpers */
1263 WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
1264 mp_int* s);
1265 WOLFSSL_LOCAL int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen,
1266 const byte* r, word32 rLen, const byte* s, word32 sLen);
1267 WOLFSSL_LOCAL int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen,
1268 byte* r, word32* rLen, byte* s, word32* sLen);
1269#endif
1270#if defined(HAVE_ECC) || !defined(NO_DSA)
1271 WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
1272 mp_int* r, mp_int* s);
1273#endif
1274#if defined HAVE_ECC && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
1275WOLFSSL_API int EccEnumToNID(int n);
1276#endif
1277
1278WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId);
1279WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx);
1280
1281#ifndef NO_CERTS
1282
1283WOLFSSL_LOCAL int wc_EncryptedInfoParse(EncryptedInfo* info,
1284 const char** pBuffer, size_t bufSz);
1285
1286WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long sz, int type,
1287 DerBuffer** pDer, void* heap, EncryptedInfo* info,
1288 int* eccKey);
1289WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, void* heap);
1290WOLFSSL_LOCAL void FreeDer(DerBuffer** der);
1291
1292#endif /* !NO_CERTS */
1293
1294#ifdef HAVE_SMIME
1295WOLFSSL_LOCAL int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** hdrs);
1296WOLFSSL_LOCAL int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end);
1297WOLFSSL_LOCAL int wc_MIME_create_header(char* name, char* body, MimeHdr** hdr);
1298WOLFSSL_LOCAL int wc_MIME_create_parameter(char* attribute, char* value, MimeParam** param);
1299WOLFSSL_LOCAL MimeHdr* wc_MIME_find_header_name(const char* name, MimeHdr* hdr);
1300WOLFSSL_LOCAL MimeParam* wc_MIME_find_param_attr(const char* attribute, MimeParam* param);
1301WOLFSSL_LOCAL char* wc_MIME_canonicalize(const char* line);
1302WOLFSSL_LOCAL int wc_MIME_free_hdrs(MimeHdr* head);
1303#endif /* HAVE_SMIME */
1304
1305#ifdef WOLFSSL_CERT_GEN
1306
1307enum cert_enums {
1308#ifdef WOLFSSL_CERT_EXT
1309 NAME_ENTRIES = 10,
1310#else
1311 NAME_ENTRIES = 9,
1312#endif
1313 JOINT_LEN = 2,
1314 EMAIL_JOINT_LEN = 9,
1315 PILOT_JOINT_LEN = 10,
1316 RSA_KEY = 10,
1317 NTRU_KEY = 11,
1318 ECC_KEY = 12,
1319 ED25519_KEY = 13,
1320 ED448_KEY = 14,
1321 DSA_KEY = 15
1322};
1323
1324#endif /* WOLFSSL_CERT_GEN */
1325
1326
1327
1328/* for pointer use */
1329typedef struct CertStatus CertStatus;
1330
1331#ifdef HAVE_OCSP
1332
1333enum Ocsp_Response_Status {
1334 OCSP_SUCCESSFUL = 0, /* Response has valid confirmations */
1335 OCSP_MALFORMED_REQUEST = 1, /* Illegal confirmation request */
1336 OCSP_INTERNAL_ERROR = 2, /* Internal error in issuer */
1337 OCSP_TRY_LATER = 3, /* Try again later */
1338 OCSP_SIG_REQUIRED = 5, /* Must sign the request (4 is skipped) */
1339 OCSP_UNAUTHROIZED = 6 /* Request unauthorized */
1340};
1341
1342
1343enum Ocsp_Cert_Status {
1344 CERT_GOOD = 0,
1345 CERT_REVOKED = 1,
1346 CERT_UNKNOWN = 2
1347};
1348
1349
1350enum Ocsp_Sums {
1351 OCSP_BASIC_OID = 117,
1352 OCSP_NONCE_OID = 118
1353};
1354
1355#ifdef OPENSSL_EXTRA
1356enum Ocsp_Verify_Error {
1357 OCSP_VERIFY_ERROR_NONE = 0,
1358 OCSP_BAD_ISSUER = 1
1359};
1360#endif
1361
1362
1363typedef struct OcspRequest OcspRequest;
1364typedef struct OcspResponse OcspResponse;
1365
1366
1367struct CertStatus {
1368 CertStatus* next;
1369
1370 byte serial[EXTERNAL_SERIAL_SIZE];
1371 int serialSz;
1372#ifdef OPENSSL_EXTRA
1373 WOLFSSL_ASN1_INTEGER* serialInt;
1374#endif
1375
1376 int status;
1377
1378 byte thisDate[MAX_DATE_SIZE];
1379 byte nextDate[MAX_DATE_SIZE];
1380 byte thisDateFormat;
1381 byte nextDateFormat;
1382#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
1383 WOLFSSL_ASN1_TIME thisDateParsed;
1384 WOLFSSL_ASN1_TIME nextDateParsed;
1385 byte* thisDateAsn;
1386 byte* nextDateAsn;
1387#endif
1388
1389 byte* rawOcspResponse;
1390 word32 rawOcspResponseSz;
1391};
1392
1393typedef struct OcspEntry OcspEntry;
1394
1395#ifdef NO_SHA
1396#define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
1397#else
1398#define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
1399#endif
1400
1401struct OcspEntry
1402{
1403 OcspEntry *next; /* next entry */
1404 word32 hashAlgoOID; /* hash algo ID */
1405 byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
1406 byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
1407 CertStatus *status; /* OCSP response list */
1408 int totalStatus; /* number on list */
1409 byte* rawCertId; /* raw bytes of the CertID */
1410 int rawCertIdSize; /* num bytes in raw CertID */
1411 /* option bits - using 32-bit for alignment */
1412 word32 ownStatus:1; /* do we need to free the status
1413 * response list */
1414 word32 isDynamic:1; /* was dynamically allocated */
1415
1416};
1417
1418/* TODO: Long-term, it would be helpful if we made this struct and other OCSP
1419 structs conform to the ASN spec as described in RFC 6960. It will help
1420 with readability and with implementing OpenSSL compatibility API
1421 functions, because OpenSSL's OCSP data structures conform to the
1422 RFC. */
1423struct OcspResponse {
1424 int responseStatus; /* return code from Responder */
1425
1426 byte* response; /* Pointer to beginning of OCSP Response */
1427 word32 responseSz; /* length of the OCSP Response */
1428
1429 byte producedDate[MAX_DATE_SIZE];
1430 /* Date at which this response was signed */
1431 byte producedDateFormat; /* format of the producedDate */
1432
1433 byte* cert;
1434 word32 certSz;
1435
1436 byte* sig; /* Pointer to sig in source */
1437 word32 sigSz; /* Length in octets for the sig */
1438 word32 sigOID; /* OID for hash used for sig */
1439
1440 OcspEntry* single; /* chain of OCSP single responses */
1441
1442 byte* nonce; /* pointer to nonce inside ASN.1 response */
1443 int nonceSz; /* length of the nonce string */
1444
1445 byte* source; /* pointer to source buffer, not owned */
1446 word32 maxIdx; /* max offset based on init size */
1447
1448#ifdef OPENSSL_EXTRA
1449 int verifyError;
1450#endif
1451 void* heap;
1452};
1453
1454
1455struct OcspRequest {
1456 byte issuerHash[KEYID_SIZE];
1457 byte issuerKeyHash[KEYID_SIZE];
1458 byte* serial; /* copy of the serial number in source cert */
1459 int serialSz;
1460#ifdef OPENSSL_EXTRA
1461 WOLFSSL_ASN1_INTEGER* serialInt;
1462#endif
1463 byte* url; /* copy of the extAuthInfo in source cert */
1464 int urlSz;
1465
1466 byte nonce[MAX_OCSP_NONCE_SZ];
1467 int nonceSz;
1468 void* heap;
1469 void* ssl;
1470};
1471
1472WOLFSSL_LOCAL void InitOcspResponse(OcspResponse*, OcspEntry*, CertStatus*, byte*, word32, void*);
1473WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse*);
1474WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse*, void*, void* heap, int);
1475
1476WOLFSSL_LOCAL int InitOcspRequest(OcspRequest*, DecodedCert*, byte, void*);
1477WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest*);
1478WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest*, byte*, word32);
1479WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest*, byte*, word32);
1480
1481
1482WOLFSSL_LOCAL int CompareOcspReqResp(OcspRequest*, OcspResponse*);
1483
1484
1485#endif /* HAVE_OCSP */
1486
1487
1488/* for pointer use */
1489typedef struct RevokedCert RevokedCert;
1490
1491#ifdef HAVE_CRL
1492
1493struct RevokedCert {
1494 byte serialNumber[EXTERNAL_SERIAL_SIZE];
1495 int serialSz;
1496 RevokedCert* next;
1497};
1498
1499typedef struct DecodedCRL DecodedCRL;
1500
1501struct DecodedCRL {
1502 word32 certBegin; /* offset to start of cert */
1503 word32 sigIndex; /* offset to start of signature */
1504 word32 sigLength; /* length of signature */
1505 word32 signatureOID; /* sum of algorithm object id */
1506 byte* signature; /* pointer into raw source, not owned */
1507 byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */
1508 byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */
1509 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
1510 byte nextDate[MAX_DATE_SIZE]; /* next update date */
1511 byte lastDateFormat; /* format of last date */
1512 byte nextDateFormat; /* format of next date */
1513 RevokedCert* certs; /* revoked cert list */
1514 int totalCerts; /* number on list */
1515 void* heap;
1516#ifndef NO_SKID
1517 byte extAuthKeyIdSet;
1518 byte extAuthKeyId[SIGNER_DIGEST_SIZE]; /* Authority Key ID */
1519#endif
1520};
1521
1522WOLFSSL_LOCAL void InitDecodedCRL(DecodedCRL*, void* heap);
1523WOLFSSL_LOCAL int VerifyCRL_Signature(SignatureCtx* sigCtx,
1524 const byte* toBeSigned, word32 tbsSz,
1525 const byte* signature, word32 sigSz,
1526 word32 signatureOID, Signer *ca,
1527 void* heap);
1528WOLFSSL_LOCAL int ParseCRL(DecodedCRL*, const byte* buff, word32 sz, void* cm);
1529WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL*);
1530
1531
1532#endif /* HAVE_CRL */
1533
1534
1535#ifdef __cplusplus
1536 } /* extern "C" */
1537#endif
1538
1539#endif /* !NO_ASN */
1540
1541
1542#if !defined(NO_ASN) || !defined(NO_PWDBASED)
1543
1544#ifndef MAX_KEY_SIZE
1545 #define MAX_KEY_SIZE 64 /* MAX PKCS Key length */
1546#endif
1547#ifndef MAX_UNICODE_SZ
1548 #define MAX_UNICODE_SZ 256
1549#endif
1550
1551enum PBESTypes {
1552 PBE_MD5_DES = 0,
1553 PBE_SHA1_RC4_128 = 1,
1554 PBE_SHA1_DES = 2,
1555 PBE_SHA1_DES3 = 3,
1556 PBE_AES256_CBC = 4,
1557 PBE_AES128_CBC = 5,
1558 PBE_SHA1_40RC2_CBC = 6,
1559
1560 PBE_SHA1_RC4_128_SUM = 657,
1561 PBE_SHA1_DES3_SUM = 659,
1562 PBES2 = 13 /* algo ID */
1563};
1564
1565enum PKCSTypes {
1566 PKCS5v2 = 6, /* PKCS #5 v2.0 */
1567 PKCS12v1 = 12, /* PKCS #12 */
1568 PKCS5 = 5, /* PKCS oid tag */
1569 PKCS8v0 = 0, /* default PKCS#8 version */
1570};
1571
1572#endif /* !NO_ASN || !NO_PWDBASED */
1573
1574#endif /* WOLF_CRYPT_ASN_H */