1/*
2 * Copyright (c) 2007-2017, Cameron Rich
3 *
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are met:
8 *
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * * Neither the name of the axTLS project nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29*/
30
31/**
32 * @file crypto_misc.h
33 */
34
35#ifndef HEADER_CRYPTO_MISC_H
36#define HEADER_CRYPTO_MISC_H
37
38#ifdef __cplusplus
39extern "C" {
40#endif
41
42#include <stdbool.h>
43#include "crypto.h"
44#include "bigint.h"
45
46/**************************************************************************
47 * X509 declarations
48 **************************************************************************/
49#define X509_OK 0
50#define X509_NOT_OK -1
51#define X509_VFY_ERROR_NO_TRUSTED_CERT -2
52#define X509_VFY_ERROR_BAD_SIGNATURE -3
53#define X509_VFY_ERROR_NOT_YET_VALID -4
54#define X509_VFY_ERROR_EXPIRED -5
55#define X509_VFY_ERROR_SELF_SIGNED -6
56#define X509_VFY_ERROR_INVALID_CHAIN -7
57#define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8
58#define X509_INVALID_PRIV_KEY -9
59#define X509_MAX_CERTS -10
60#define X509_VFY_ERROR_BASIC_CONSTRAINT -11
61
62/*
63 * The Distinguished Name
64 */
65#define X509_NUM_DN_TYPES 6
66#define X509_COMMON_NAME 0
67#define X509_ORGANIZATION 1
68#define X509_ORGANIZATIONAL_UNIT 2
69#define X509_LOCATION 3
70#define X509_COUNTRY 4
71#define X509_STATE 5
72
73/*
74 * Key Usage bits
75 */
76#define IS_SET_KEY_USAGE_FLAG(A, B) (A->key_usage & B)
77
78#define KEY_USAGE_DIGITAL_SIGNATURE 0x0080
79#define KEY_USAGE_NON_REPUDIATION 0x0040
80#define KEY_USAGE_KEY_ENCIPHERMENT 0x0020
81#define KEY_USAGE_DATA_ENCIPHERMENT 0x0010
82#define KEY_USAGE_KEY_AGREEMENT 0x0008
83#define KEY_USAGE_KEY_CERT_SIGN 0x0004
84#define KEY_USAGE_CRL_SIGN 0x0002
85#define KEY_USAGE_ENCIPHER_ONLY 0x0001
86#define KEY_USAGE_DECIPHER_ONLY 0x8000
87
88struct _x509_ctx
89{
90 char *ca_cert_dn[X509_NUM_DN_TYPES];
91 char *cert_dn[X509_NUM_DN_TYPES];
92 char **subject_alt_dnsnames;
93 time_t not_before;
94 time_t not_after;
95 uint8_t *signature;
96 RSA_CTX *rsa_ctx;
97 bigint *digest;
98 uint16_t sig_len;
99 uint8_t sig_type;
100 bool basic_constraint_present;
101 bool basic_constraint_is_critical;
102 bool key_usage_present;
103 bool key_usage_is_critical;
104 bool subject_alt_name_present;
105 bool subject_alt_name_is_critical;
106 bool basic_constraint_cA;
107 int basic_constraint_pathLenConstraint;
108 uint32_t key_usage;
109 struct _x509_ctx *next;
110};
111
112typedef struct _x509_ctx X509_CTX;
113
114//#ifdef CONFIG_SSL_CERT_VERIFICATION
115typedef struct
116{
117 X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
118} CA_CERT_CTX;
119//#endif
120
121int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
122void x509_free(X509_CTX *x509_ctx);
123//#ifdef CONFIG_SSL_CERT_VERIFICATION
124int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert,
125 int *pathLenConstraint);
126//#endif
127//#ifdef CONFIG_SSL_FULL_MODE
128void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
129const char * x509_display_error(int error);
130//#endif
131
132/**************************************************************************
133 * ASN1 declarations
134 **************************************************************************/
135#define ASN1_BOOLEAN 0x01
136#define ASN1_INTEGER 0x02
137#define ASN1_BIT_STRING 0x03
138#define ASN1_OCTET_STRING 0x04
139#define ASN1_NULL 0x05
140#define ASN1_PRINTABLE_STR2 0x0C
141#define ASN1_OID 0x06
142#define ASN1_PRINTABLE_STR2 0x0C
143#define ASN1_PRINTABLE_STR 0x13
144#define ASN1_TELETEX_STR 0x14
145#define ASN1_IA5_STR 0x16
146#define ASN1_UTC_TIME 0x17
147#define ASN1_GENERALIZED_TIME 0x18
148#define ASN1_UNICODE_STR 0x1e
149#define ASN1_SEQUENCE 0x30
150#define ASN1_CONTEXT_DNSNAME 0x82
151#define ASN1_SET 0x31
152#define ASN1_V3_DATA 0xa3
153#define ASN1_IMPLICIT_TAG 0x80
154#define ASN1_CONTEXT_DNSNAME 0x82
155#define ASN1_EXPLICIT_TAG 0xa0
156#define ASN1_V3_DATA 0xa3
157
158#define SIG_TYPE_MD5 0x04
159#define SIG_TYPE_SHA1 0x05
160#define SIG_TYPE_SHA256 0x0b
161#define SIG_TYPE_SHA384 0x0c
162#define SIG_TYPE_SHA512 0x0d
163
164uint32_t get_asn1_length(const uint8_t *buf, int *offset);
165int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
166int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
167int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
168int asn1_get_big_int(const uint8_t *buf, int *offset, uint8_t **object);
169int asn1_get_int(const uint8_t *buf, int *offset, int32_t *val);
170int asn1_get_bool(const uint8_t *buf, int *offset, bool *val);
171int asn1_get_bit_string_as_int(const uint8_t *buf, int *offset, uint32_t *val);
172int asn1_version(const uint8_t *cert, int *offset, int *val);
173int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
174int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
175int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
176#ifdef CONFIG_SSL_CERT_VERIFICATION
177int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
178int asn1_compare_dn(char * const dn1[], char * const dn2[]);
179int asn1_is_subject_alt_name(const uint8_t *cert, int offset);
180int asn1_is_basic_constraints(const uint8_t *cert, int offset);
181int asn1_is_key_usage(const uint8_t *cert, int offset);
182bool asn1_is_critical_ext(const uint8_t *buf, int *offset);
183#endif /* CONFIG_SSL_CERT_VERIFICATION */
184int asn1_signature_type(const uint8_t *cert,
185 int *offset, X509_CTX *x509_ctx);
186
187/**************************************************************************
188 * MISC declarations
189 **************************************************************************/
190#define SALT_SIZE 8
191
192extern const char * const unsupported_str;
193
194typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
195typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,
196 int key_len, uint8_t *digest);
197
198int get_file(const char *filename, uint8_t **buf);
199
200#if defined(CONFIG_SSL_DIAGNOSTICS) || defined(WIN32) || defined(CONFIG_DEBUG)
201EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
202#else
203 #define print_blob(...)
204#endif
205
206EXP_FUNC int STDCALL base64_decode(const char *in, int len,
207 uint8_t *out, int *outlen);
208
209#ifdef __cplusplus
210}
211#endif
212
213#endif
214