/* asn.h

*

* Copyright (C) 2006-2025 wolfSSL Inc.

*

* This file is part of wolfSSL.

*

* wolfSSL is free software; you can redistribute it and/or modify

* it under the terms of the GNU General Public License as published by

* the Free Software Foundation; either version 3 of the License, or

* (at your option) any later version.

*

* wolfSSL is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

* GNU General Public License for more details.

*

* You should have received a copy of the GNU General Public License

* along with this program; if not, write to the Free Software

* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA

*/

/*!

\file wolfssl/wolfcrypt/asn.h

*/

/*

DESCRIPTION

This library provides the interface to Abstract Syntax Notation One (ASN.1) objects.

ASN.1 is a standard interface description language for defining data structures

that can be serialized and deserialized in a cross-platform way.

*/

#ifndef WOLF_CRYPT_ASN_H

#define WOLF_CRYPT_ASN_H

#include <wolfssl/wolfcrypt/types.h>

#if !defined(NO_ASN) || !defined(NO_PWDBASED)

#if !defined(NO_ASN_TIME) && defined(NO_TIME_H)

#define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */

#endif

#include <wolfssl/wolfcrypt/wolfmath.h>

#ifdef WOLFSSL_ASYNC_CRYPT

#include <wolfssl/wolfcrypt/async.h>

#endif

#ifndef NO_DH

#include <wolfssl/wolfcrypt/dh.h>

#endif

#ifndef NO_DSA

#include <wolfssl/wolfcrypt/dsa.h>

#endif

#ifndef NO_RSA

#include <wolfssl/wolfcrypt/rsa.h>

#endif

#ifdef HAVE_ECC

#include <wolfssl/wolfcrypt/ecc.h>

#endif

#ifdef HAVE_ED25519

#include <wolfssl/wolfcrypt/ed25519.h>

#endif

#ifdef HAVE_ED448

#include <wolfssl/wolfcrypt/ed448.h>

#endif

#ifdef HAVE_SPHINCS

#include <wolfssl/wolfcrypt/sphincs.h>

#endif

#ifdef HAVE_FALCON

#include <wolfssl/wolfcrypt/falcon.h>

#endif

#ifdef HAVE_DILITHIUM

#include <wolfssl/wolfcrypt/dilithium.h>

#endif

#ifndef NO_SHA

#include <wolfssl/wolfcrypt/sha.h>

#endif

#ifndef NO_MD5

#include <wolfssl/wolfcrypt/md5.h>

#endif

#include <wolfssl/wolfcrypt/sha256.h>

#ifdef WOLFSSL_SM3

#include <wolfssl/wolfcrypt/sm3.h>

#endif

#include <wolfssl/wolfcrypt/asn_public.h> /* public interface */

#if defined(NO_SHA) && defined(NO_SHA256)

#define WC_SHA256_DIGEST_SIZE 32

#endif

#ifdef __cplusplus

extern "C" {

#endif

#ifndef NO_ASN

#ifndef EXTERNAL_SERIAL_SIZE

#define EXTERNAL_SERIAL_SIZE 32

#endif

enum {

ASN_ISSUER = 0,

ASN_SUBJECT = 1,

ASN_BEFORE = 0,

ASN_AFTER = 1

};

#ifndef NO_ASN_OLD_TYPE_NAMES

#ifndef ISSUER

#define ISSUER ASN_ISSUER

#endif

#ifndef SUBJECT

#define SUBJECT ASN_SUBJECT

#endif

#ifndef BEFORE

#define BEFORE ASN_BEFORE

#endif

#ifndef AFTER

#define AFTER ASN_AFTER

#endif

#endif

/* ASN Tags */

enum ASN_Tags {

ASN_EOC = 0x00,

ASN_BOOLEAN = 0x01,

ASN_INTEGER = 0x02,

ASN_BIT_STRING = 0x03,

ASN_OCTET_STRING = 0x04,

ASN_TAG_NULL = 0x05,

ASN_OBJECT_ID = 0x06,

ASN_OBJECT_DESC = 0x07,

ASN_INSTANCE_OF = 0x08,

ASN_REAL = 0x09,

ASN_ENUMERATED = 0x0a,

ASN_EMBEDDED_PDV = 0x0b,

ASN_UTF8STRING = 0x0c,

ASN_RELATIVE_OID = 0x0d,

ASN_SEQUENCE = 0x10,

ASN_SET = 0x11,

ASN_NUMERICSTRING = 0x12,

ASN_PRINTABLE_STRING = 0x13,

ASN_T61STRING = 0x14,

ASN_VIDEOTEXSTRING = 0x15,

ASN_IA5_STRING = 0x16,

ASN_UTC_TIME = 0x17,

ASN_GENERALIZED_TIME = 0x18,

ASN_GRAPHICSTRING = 0x19,

ASN_ISO646STRING = 0x1a,

ASN_GENERALSTRING = 0x1b,

ASN_UNIVERSALSTRING = 0x1c,

ASN_CHARACTER_STRING = 0x1d,

ASN_BMPSTRING = 0x1e,

ASN_TYPE_MASK = 0x1f,

ASN_LONG_LENGTH = 0x80,

ASN_INDEF_LENGTH = 0x80,

/* ASN_Flags - Bitmask */

ASN_CONSTRUCTED = 0x20,

ASN_APPLICATION = 0x40,

ASN_CONTEXT_SPECIFIC = 0x80,

ASN_PRIVATE = 0xC0,

ASN_CLASS_MASK = 0xC0,

CRL_EXTENSIONS = 0xa0,

ASN_EXTENSIONS = 0xa3,

/* GeneralName types */

ASN_OTHER_TYPE = 0x00,

ASN_RFC822_TYPE = 0x01,

ASN_DNS_TYPE = 0x02,

ASN_DIR_TYPE = 0x04,

ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */

ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */

ASN_RID_TYPE = 0x08,

/* PKCS #7 types */

ASN_ENC_CONTENT = 0x00,

ASN_OTHERNAME_VALUE = 0x00,

/* AuthorityKeyIdentifier fields */

ASN_AUTHKEYID_KEYID = 0x00,

ASN_AUTHKEYID_ISSUER = 0x01,

ASN_AUTHKEYID_SERIAL = 0x02,

/* GeneralSubtree fields */

ASN_SUBTREE_MIN = 0x00,

ASN_SUBTREE_MAX = 0x01,

/* x509 Cert Fields */

ASN_X509_CERT_VERSION = 0x00,

/* x509 Cert Extension Fields */

ASN_AKID_KEYID = 0x00,

/* ECC Key Fields */

ASN_ECC_PARAMS = 0x00,

ASN_ECC_PUBKEY = 0x01,

/* OneAsymmetricKey Fields */

ASN_ASYMKEY_ATTRS = 0x00,

ASN_ASYMKEY_PUBKEY = 0x01,

/* PKEY Fields */

ASN_PKEY_SEED = 0x00

};

/* NOTE: If ASN_UTC_TIME_SIZE or ASN_GENERALIZED_TIME_SIZE are ever modified

* one needs to update the logic in asn.c function GetAsnTimeString()

* which depends on the size 14 and/or 16 to determine which format to

* place in the "buf" (output)

*/

#define ASN_UTC_TIME_SIZE 14 /* Read note above before modifying */

#define ASN_GENERALIZED_TIME_SIZE 16 /* Read note above before modifying */

#define ASN_GENERALIZED_TIME_MAX 68

#ifdef WOLFSSL_ASN_TEMPLATE

/* Different data types that can be stored in ASNGetData/ASNSetData. */

enum ASNItem_DataType {

/* Default for tag type. */

ASN_DATA_TYPE_NONE = 0,

/* 8-bit integer value. */

ASN_DATA_TYPE_WORD8 = 1,

/* 16-bit integer value. */

ASN_DATA_TYPE_WORD16 = 2,

/* 32-bit integer value. */

ASN_DATA_TYPE_WORD32 = 4,

/* Buffer with data and length. */

ASN_DATA_TYPE_BUFFER = 5,

/* An expected/required buffer with data and length. */

ASN_DATA_TYPE_EXP_BUFFER = 6,

/* Replace the item with buffer (data and length). */

ASN_DATA_TYPE_REPLACE_BUFFER = 7,

/* Big number as an mp_int. */

ASN_DATA_TYPE_MP = 8,

/* Big number as an mp_int that has already been initialized. */

ASN_DATA_TYPE_MP_INITED = 9,

/* Big number as a positive or negative mp_int. */

ASN_DATA_TYPE_MP_POS_NEG = 10,

/* ASN.1 CHOICE. A 0 terminated list of tags that are valid. */

ASN_DATA_TYPE_CHOICE = 11

};

/* A template entry describing an ASN.1 item. */

typedef struct ASNItem {

/* Depth of ASN.1 item - how many constructed ASN.1 items above. */

byte depth;

/* BER/DER tag to expect. */

byte tag;

/* Whether the ASN.1 item is constructed. */

WC_BITFIELD constructed:1;

/* Whether to parse the header only or skip data. If

* ASNSetData.data.buffer.data is supplied then this option gets

* overwritten and the child nodes get ignored. */

WC_BITFIELD headerOnly:1;

/* Whether ASN.1 item is optional.

* - 0 means not optional

* - 1 means is optional

* - 2+ means one of these at the same level with same value must appear.

*/

byte optional;

} ASNItem;

/* Dynamic data for setting (encoding) an ASN.1 item. */

typedef struct ASNSetData {

/* Reverse offset into buffer of ASN.1 item - calculated in SizeASN_Items().

* SetASN_Items() subtracts from total length to get usable value.

*/

word32 offset;

/* Length of data in ASN.1 item - calculated in SizeASN_Items(). */

word32 length;

/* Different data type representation. */

union {

/* 8-bit integer value. */

byte u8;

/* 16-bit integer value. */

word16 u16;

/* 32-bit integer value. */

word32 u32;

/* Big number as an mp_int. */

mp_int* mp;

/* Buffer as data pointer and length. */

struct {

/* Data to write out. */

const byte* data;

/* Length of data to write out. */

word32 length;

} buffer;

} data;

/* Type of data stored in data field - enum ASNItem_DataType. */

byte dataType;

/* Don't write this ASN.1 item out.

* Optional items are dependent on the data being encoded.

*/

byte noOut;

} ASNSetData;

/* Dynamic data for getting (decoding) an ASN.1 item. */

typedef struct ASNGetData {

/* Offset into buffer where encoding starts. */

word32 offset;

/* Total length of data in ASN.1 item.

* BIT_STRING and INTEGER lengths include leading byte. */

word32 length;

union {

/* Pointer to 8-bit integer. */

byte* u8;

/* Pointer to 16-bit integer. */

word16* u16;

/* Pointer to 32-bit integer. */

word32* u32;

/* Pointer to mp_int for big number. */

mp_int* mp;

/* List of possible tags. Useful for CHOICE ASN.1 items. */

const byte* choice;

/* Buffer to copy into. */

struct {

/* Buffer to hold ASN.1 data. */

byte* data;

/* Maximum length of buffer. */

word32* length;

} buffer;

/* Reference to ASN.1 item's data. */

struct {

/* Pointer reference into input buffer. */

const byte* data;

/* Length of data. */

word32 length;

} ref;

/* Data of an OBJECT_ID. */

struct {

/* OID data reference into input buffer. */

const byte* data;

/* Length of OID data. */

word32 length;

/* Type of OID expected. */

word32 type;

/* OID sum - 32-bit id. */

word32 sum;

} oid;

} data;

/* Type of data stored in data field - enum ASNItem_DataType. */

byte dataType;

/* Tag found in BER/DER item. */

byte tag;

} ASNGetData;

WOLFSSL_LOCAL int SizeASN_Items(const ASNItem* asn, ASNSetData *data,

int count, int* encSz);

WOLFSSL_LOCAL int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count,

byte* output);

WOLFSSL_LOCAL int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count,

int complete, const byte* input, word32* inOutIdx, word32 length);

#ifdef WOLFSSL_ASN_TEMPLATE_TYPE_CHECK

WOLFSSL_LOCAL void GetASN_Int8Bit(ASNGetData *dataASN, byte* num);

WOLFSSL_LOCAL void GetASN_Int16Bit(ASNGetData *dataASN, word16* num);

WOLFSSL_LOCAL void GetASN_Int32Bit(ASNGetData *dataASN, word32* num);

WOLFSSL_LOCAL void GetASN_Buffer(ASNGetData *dataASN, byte* data,

word32* length);

WOLFSSL_LOCAL void GetASN_ExpBuffer(ASNGetData *dataASN, const byte* data,

word32 length);

WOLFSSL_LOCAL void GetASN_MP(ASNGetData *dataASN, mp_int* num);

WOLFSSL_LOCAL void GetASN_MP_Inited(ASNGetData *dataASN, mp_int* num);

WOLFSSL_LOCAL void GetASN_MP_PosNeg(ASNGetData *dataASN, mp_int* num);

WOLFSSL_LOCAL void GetASN_Choice(ASNGetData *dataASN, const byte* options);

WOLFSSL_LOCAL void GetASN_Boolean(ASNGetData *dataASN, byte* num);

WOLFSSL_LOCAL void GetASN_OID(ASNGetData *dataASN, int oidType);

WOLFSSL_LOCAL void GetASN_GetConstRef(ASNGetData * dataASN, const byte** data,

word32* length);

WOLFSSL_LOCAL void GetASN_GetRef(ASNGetData * dataASN, byte** data,

word32* length);

WOLFSSL_LOCAL void GetASN_OIDData(ASNGetData * dataASN, byte** data,

word32* length);

WOLFSSL_LOCAL void SetASN_Boolean(ASNSetData *dataASN, byte val);

WOLFSSL_LOCAL void SetASN_Int8Bit(ASNSetData *dataASN, byte num);

WOLFSSL_LOCAL void SetASN_Int16Bit(ASNSetData *dataASN, word16 num);

WOLFSSL_LOCAL void SetASN_Buffer(ASNSetData *dataASN, const byte* data,

word32 length);

WOLFSSL_LOCAL void SetASN_ReplaceBuffer(ASNSetData *dataASN, const byte* data,

word32 length);

WOLFSSL_LOCAL void SetASN_MP(ASNSetData *dataASN, mp_int* num);

WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType);

#else

/* Setup ASN data item to get an 8-bit number.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] num Pointer to an 8-bit variable.

*/

#define GetASN_Int8Bit(dataASN, num) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_WORD8; \

(dataASN)->data.u8 = (num); \

} while (0)

/* Setup ASN data item to get a 16-bit number.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] num Pointer to a 16-bit variable.

*/

#define GetASN_Int16Bit(dataASN, num) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_WORD16; \

(dataASN)->data.u16 = (num); \

} while (0)

/* Setup ASN data item to get a 32-bit number.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] num Pointer to a 32-bit variable.

*/

#define GetASN_Int32Bit(dataASN, num) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_WORD32; \

(dataASN)->data.u32 = (num); \

} while (0)

/* Setup ASN data item to get data into a buffer of a specific length.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] d Buffer to hold data.

* @param [in] l Length of buffer in bytes.

*/

#define GetASN_Buffer(dataASN, d, l) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_BUFFER; \

(dataASN)->data.buffer.data = (d); \

(dataASN)->data.buffer.length = (l); \

} while (0)

/* Setup ASN data item to check parsed data against expected buffer.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] d Buffer containing expected data.

* @param [in] l Length of buffer in bytes.

*/

#define GetASN_ExpBuffer(dataASN, d, l) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_EXP_BUFFER; \

(dataASN)->data.ref.data = (d); \

(dataASN)->data.ref.length = (l); \

} while (0)

/* Setup ASN data item to get a number into an mp_int.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] num Multi-precision number object.

*/

#define GetASN_MP(dataASN, num) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_MP; \

(dataASN)->data.mp = (num); \

} while (0)

/* Setup ASN data item to get a number into an mp_int that is initialized.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] num Multi-precision number object.

*/

#define GetASN_MP_Inited(dataASN, num) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_MP_INITED; \

(dataASN)->data.mp = (num); \

} while (0)

/* Setup ASN data item to get a positive or negative number into an mp_int.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] num Multi-precision number object.

*/

#define GetASN_MP_PosNeg(dataASN, num) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_MP_POS_NEG; \

(dataASN)->data.mp = (num); \

} while (0)

/* Setup ASN data item to be a choice of tags.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] choice 0 terminated list of tags that are valid.

*/

#define GetASN_Choice(dataASN, options) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_CHOICE; \

(dataASN)->data.choice = (options); \

} while (0)

/* Setup ASN data item to get a boolean value.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] num Pointer to an 8-bit variable.

*/

#define GetASN_Boolean(dataASN, num) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_NONE; \

(dataASN)->data.u8 = (num); \

} while (0)

/* Setup ASN data item to be a an OID of a specific type.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] oidType Type of OID to expect.

*/

#define GetASN_OID(dataASN, oidType) \

(dataASN)->data.oid.type = (oidType)

/* Get the data and length from an ASN data item.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [out] d Pointer to data of item.

* @param [out] l Length of buffer in bytes.

*/

#define GetASN_GetConstRef(dataASN, d, l) \

do { \

*(d) = (dataASN)->data.ref.data; \

*(l) = (dataASN)->data.ref.length; \

} while (0)

/* Get the data and length from an ASN data item.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [out] d Pointer to data of item.

* @param [out] l Length of buffer in bytes.

*/

#define GetASN_GetRef(dataASN, d, l) \

do { \

*(d) = (byte*)(dataASN)->data.ref.data; \

*(l) = (dataASN)->data.ref.length; \

} while (0)

/* Get the data and length from an ASN data item that is an OID.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [out] d Pointer to .

* @param [out] l Length of buffer in bytes.

*/

#define GetASN_OIDData(dataASN, d, l) \

do { \

*(d) = (byte*)(dataASN)->data.oid.data; \

*(l) = (dataASN)->data.oid.length; \

} while (0)

/* Setup an ASN data item to set a boolean.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] val Boolean value.

*/

#define SetASN_Boolean(dataASN, val) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_NONE; \

(dataASN)->data.u8 = (val); \

} while (0)

/* Setup an ASN data item to set an 8-bit number.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] num 8-bit number to set.

*/

#define SetASN_Int8Bit(dataASN, num) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_WORD8; \

(dataASN)->data.u8 = (num); \

} while (0)

/* Setup an ASN data item to set a 16-bit number.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] num 16-bit number to set.

*/

#define SetASN_Int16Bit(dataASN, num) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_WORD16; \

(dataASN)->data.u16 = (num); \

} while (0)

/* Setup an ASN data item to set the data in a buffer.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] d Buffer containing data to set.

* @param [in] l Length of data in buffer in bytes.

*/

#define SetASN_Buffer(dataASN, d, l) \

do { \

(dataASN)->data.buffer.data = (d); \

(dataASN)->data.buffer.length = (word32)(l); \

} while (0)

/* Setup an ASN data item to set the DER encode data in a buffer.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] d Buffer containing BER encoded data to set.

* @param [in] l Length of data in buffer in bytes.

*/

#define SetASN_ReplaceBuffer(dataASN, d, l) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_REPLACE_BUFFER; \

(dataASN)->data.buffer.data = (d); \

(dataASN)->data.buffer.length = (l); \

} while (0)

/* Setup an ASN data item to set an muli-precision number.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] num Multi-precision number.

*/

#define SetASN_MP(dataASN, num) \

do { \

(dataASN)->dataType = ASN_DATA_TYPE_MP; \

(dataASN)->data.mp = (num); \

} while (0)

/* Setup an ASN data item to set an OID based on id and type.

*

* oid and oidType pair are unique.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] oid OID identifier.

* @param [in] oidType Type of OID.

*/

#define SetASN_OID(dataASN, oid, oidType) \

(dataASN)->data.buffer.data = OidFromId(oid, oidType, \

&(dataASN)->data.buffer.length)

#endif /* WOLFSSL_ASN_TEMPLATE_TYPE_CHECK */

/* Get address at the start of the BER item.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] in Input buffer.

* @return Address at start of BER item.

*/

#define GetASNItem_Addr(dataASN, in) \

((in) + (dataASN).offset)

/* Get length of a BER item - including tag and length.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] in Input buffer.

* @return Length of a BER item.

*/

#define GetASNItem_Length(dataASN, in) \

((dataASN).length + (word32)((dataASN).data.buffer.data - (in)) - \

(dataASN).offset)

/* Get the index of a BER item's data.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] in Input buffer.

* @return Index of a BER item's data.

*/

#define GetASNItem_DataIdx(dataASN, in) \

(word32)((dataASN).data.ref.data - (in))

/* Get the end index of a BER item - index of the start of the next item.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] in Input buffer.

* @return End index of a BER item.

*/

#define GetASNItem_EndIdx(dataASN, in) \

((word32)((dataASN).data.ref.data - (in)) + \

(dataASN).data.ref.length)

/* For a BIT_STRING, get the unused bits byte.

*

* @param [in] dataASN Dynamic ASN data item.

* @return Unused bits byte in BIT_STRING.

*/

#define GetASNItem_UnusedBits(dataASN) \

(*((dataASN).data.ref.data - 1))

/* Set the data items at indices start to end inclusive to not be encoded.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] start First item not to be encoded.

* @param [in] end Last item not to be encoded.

*/

#define SetASNItem_NoOut(dataASN, start, end) \

do { \

int ii; \

for (ii = (start); ii <= (end); ii++) { \

(dataASN)[ii].noOut = 1; \

} \

} \

while (0)

/* Set the data items below node to not be encoded.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] node Node who's children should not be encoded.

* @param [in] dataASNLen Number of items in dataASN.

*/

#define SetASNItem_NoOutBelow(dataASN, asn, node, dataASNLen) \

do { \

int ii; \

for (ii = (node) + 1; ii < (int)(dataASNLen); ii++) { \

if ((asn)[ii].depth <= (asn)[node].depth) \

break; \

(dataASN)[ii].noOut = 1; \

} \

} \

while (0)

/* Set the node and all nodes below to not be encoded.

*

* @param [in] dataASN Dynamic ASN data item.

* @param [in] node Node which should not be encoded. Child nodes will

* also not be encoded.

* @param [in] dataASNLen Number of items in dataASN.

*/

#define SetASNItem_NoOutNode(dataASN, asn, node, dataASNLen) \

do { \

int ii; \

(dataASN)[node].noOut = 1; \

for (ii = (node) + 1; ii < (int)(dataASNLen); ii++) { \

if ((asn)[ii].depth <= (asn)[node].depth) \

break; \

(dataASN)[ii].noOut = 1; \

} \

} \

while (0)

#endif /* WOLFSSL_ASN_TEMPLATE */

enum DN_Tags {

ASN_DN_NULL = 0x00,

ASN_COMMON_NAME = 0x03, /* CN */

ASN_SUR_NAME = 0x04, /* SN */

ASN_SERIAL_NUMBER = 0x05, /* serialNumber */

ASN_COUNTRY_NAME = 0x06, /* C */

ASN_LOCALITY_NAME = 0x07, /* L */

ASN_STATE_NAME = 0x08, /* ST */

ASN_STREET_ADDR = 0x09, /* street */

ASN_ORG_NAME = 0x0a, /* O */

ASN_ORGUNIT_NAME = 0x0b, /* OU */

ASN_BUS_CAT = 0x0f, /* businessCategory */

ASN_POSTAL_CODE = 0x11, /* postalCode */

ASN_USER_ID = 0x12, /* UserID */

#ifdef WOLFSSL_CERT_NAME_ALL

ASN_NAME = 0x29, /* name */

ASN_GIVEN_NAME = 0x2a, /* GN */

ASN_INITIALS = 0x2b, /* initials */

ASN_DNQUALIFIER = 0x2e, /* dnQualifier */

#endif /* WOLFSSL_CERT_NAME_ALL */

ASN_CONTENT_TYPE = 0x97, /* not actual OID (see attrPkcs9ContentTypeOid) */

ASN_EMAIL_NAME = 0x98, /* not actual OID (see attrEmailOid) */

ASN_CUSTOM_NAME = 0x99, /* not actual OID (see CertOidField) */

/* pilot attribute types

* OID values of 0.9.2342.19200300.100.1.* */

ASN_FAVOURITE_DRINK = 0x13, /* favouriteDrink */

ASN_RFC822_MAILBOX = 0x14, /* rfc822Mailbox */

ASN_DOMAIN_COMPONENT = 0x19 /* DC */

};

/* This is the size of the smallest possible PEM header and footer */

extern const int pem_struct_min_sz;

#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)

typedef struct WOLFSSL_ObjectInfo {

int nid;

int id;

word32 type;

const char* sName;

const char* lName;

} WOLFSSL_ObjectInfo;

extern const size_t wolfssl_object_info_sz;

extern const WOLFSSL_ObjectInfo wolfssl_object_info[];

#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */

/* DN Tag Strings */

#define WOLFSSL_COMMON_NAME "/CN="

#define WOLFSSL_LN_COMMON_NAME "/commonName="

#define WOLFSSL_SUR_NAME "/SN="

#ifdef WOLFSSL_CERT_NAME_ALL

#define WOLFSSL_NAME "/N="

#define WOLFSSL_INITIALS "/initials="

#define WOLFSSL_GIVEN_NAME "/GN="

#define WOLFSSL_DNQUALIFIER "/dnQualifier="

#endif /* WOLFSSL_CERT_NAME_ALL */

#define WOLFSSL_SERIAL_NUMBER "/serialNumber="

#define WOLFSSL_COUNTRY_NAME "/C="

#define WOLFSSL_LN_COUNTRY_NAME "/countryName="

#define WOLFSSL_LOCALITY_NAME "/L="

#define WOLFSSL_LN_LOCALITY_NAME "/localityName="

#define WOLFSSL_STATE_NAME "/ST="

#define WOLFSSL_LN_STATE_NAME "/stateOrProvinceName="

#define WOLFSSL_STREET_ADDR_NAME "/street="

#define WOLFSSL_LN_STREET_ADDR_NAME "/streetAddress="

#define WOLFSSL_POSTAL_NAME "/postalCode="

#define WOLFSSL_ORG_NAME "/O="

#define WOLFSSL_LN_ORG_NAME "/organizationName="

#define WOLFSSL_ORGUNIT_NAME "/OU="

#define WOLFSSL_LN_ORGUNIT_NAME "/organizationalUnitName="

#define WOLFSSL_DOMAIN_COMPONENT "/DC="

#define WOLFSSL_LN_DOMAIN_COMPONENT "/domainComponent="

#define WOLFSSL_BUS_CAT "/businessCategory="

#define WOLFSSL_JOI_C "/jurisdictionC="

#define WOLFSSL_JOI_ST "/jurisdictionST="

#define WOLFSSL_EMAIL_ADDR "/emailAddress="

#define WOLFSSL_USER_ID "/UID="

#define WOLFSSL_DOMAIN_COMPONENT "/DC="

#define WOLFSSL_RFC822_MAILBOX "/rfc822Mailbox="

#define WOLFSSL_FAVOURITE_DRINK "/favouriteDrink="

#define WOLFSSL_CONTENT_TYPE "/contentType="

#if defined(WOLFSSL_APACHE_HTTPD)

/* otherName strings */

#define WOLFSSL_SN_MS_UPN "msUPN"

#define WOLFSSL_LN_MS_UPN "Microsoft User Principal Name"

#define WOLFSSL_MS_UPN_SUM UPN_OID

#define WOLFSSL_SN_DNS_SRV "id-on-dnsSRV"

#define WOLFSSL_LN_DNS_SRV "SRVName"

#define WOLFSSL_DNS_SRV_SUM DNS_SRV_OID

/* TLS features extension strings */

#define WOLFSSL_SN_TLS_FEATURE "tlsfeature"

#define WOLFSSL_LN_TLS_FEATURE "TLS Feature"

#define WOLFSSL_TLS_FEATURE_SUM TLS_FEATURE_OID

#endif

/* Maximum number of allowed subject alternative names in a certificate.

* Any certificate containing more than this number of subject

* alternative names will cause an error when attempting to parse. */

#ifndef WOLFSSL_MAX_ALT_NAMES

#define WOLFSSL_MAX_ALT_NAMES 1024

#endif

/* Maximum number of allowed name constraints in a certificate.

* Any certificate containing more than this number of name constraints

* will cause an error when attempting to parse. */

#ifndef WOLFSSL_MAX_NAME_CONSTRAINTS

#define WOLFSSL_MAX_NAME_CONSTRAINTS 128

#endif

#define WC_NID_undef 0

/* Setup for WC_MAX_RSA_BITS needs to be here, rather than rsa.h, because

* FIPS headers don't have it. And it needs to be here, rather than internal.h,

* so that setup occurs even in cryptonly builds.

*/

#ifndef NO_RSA

#ifndef WC_MAX_RSA_BITS

#ifdef USE_FAST_MATH

/* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */

#define WC_MAX_RSA_BITS (FP_MAX_BITS / 2)

#elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)

/* SP implementation supports numbers of SP_INT_BITS bits. */

#define WC_MAX_RSA_BITS (((SP_INT_BITS + 7) / 8) * 8)

#else

/* Integer maths is dynamic but we only go up to 4096 bits. */

#define WC_MAX_RSA_BITS 4096

#endif

#endif

#if (WC_MAX_RSA_BITS % 8)

#error RSA maximum bit size must be multiple of 8

#endif

#endif

#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)

#define WC_MAX_CERT_VERIFY_SZ 6000 /* For Dilithium */

#elif defined(WOLFSSL_CERT_EXT)

#define WC_MAX_CERT_VERIFY_SZ 2048 /* For larger extensions */

#elif !defined(NO_RSA) && defined(WC_MAX_RSA_BITS)

#define WC_MAX_CERT_VERIFY_SZ (WC_MAX_RSA_BITS / 8) /* max RSA bytes */

#elif defined(HAVE_ECC)

#define WC_MAX_CERT_VERIFY_SZ ECC_MAX_SIG_SIZE /* max ECC */

#elif defined(HAVE_ED448)

#define WC_MAX_CERT_VERIFY_SZ ED448_SIG_SIZE /* max Ed448 */

#elif defined(HAVE_ED25519)

#define WC_MAX_CERT_VERIFY_SZ ED25519_SIG_SIZE /* max Ed25519 */

#else

#define WC_MAX_CERT_VERIFY_SZ 1024 /* max default */

#endif

#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)

/* short names */

#define WC_SN_md4 "MD4"

#define WC_SN_md5 "MD5"

#define WC_SN_sha1 "SHA1"

#define WC_SN_sha224 "SHA224"

#define WC_SN_sha256 "SHA256"

#define WC_SN_sha384 "SHA384"

#define WC_SN_sha512 "SHA512"

#define WC_SN_sha512_224 "SHA512-224"

#define WC_SN_sha512_256 "SHA512-256"

#define WC_SN_sha3_224 "SHA3-224"

#define WC_SN_sha3_256 "SHA3-256"

#define WC_SN_sha3_384 "SHA3-384"

#define WC_SN_sha3_512 "SHA3-512"

#define WC_SN_shake128 "SHAKE128"

#define WC_SN_shake256 "SHAKE256"

#define WC_SN_blake2s256 "BLAKE2s256"

#define WC_SN_blake2s512 "BLAKE2s512"

#define WC_SN_blake2b512 "BLAKE2b512"

#define WC_SN_sm3 "SM3"

/* NIDs */

#define WC_NID_netscape_cert_type 71

#define WC_NID_des 66

#define WC_NID_des3 67

#define WC_NID_sha256 672

#define WC_NID_sha384 673

#define WC_NID_sha512 674

#define WC_NID_sha512_224 1094

#define WC_NID_sha512_256 1095

#define WC_NID_pkcs7_signed 22

#define WC_NID_pkcs7_enveloped 23

#define WC_NID_pkcs7_signedAndEnveloped 24

#define WC_NID_pkcs9_emailAddress 48

#define WC_NID_pkcs9_unstructuredName 49

#define WC_NID_pkcs9_contentType 50 /* 1.2.840.113549.1.9.3 */

#define WC_NID_pkcs9_challengePassword 54

#define WC_NID_hw_name_oid 73

#define WC_NID_id_pkix_OCSP_basic 74

#define WC_NID_any_policy 75

#define WC_NID_anyExtendedKeyUsage 76

#define WC_NID_givenName 100 /* 2.5.4.42 */

#define WC_NID_initials 101 /* 2.5.4.43 */

#define WC_NID_title 106

#define WC_NID_description 107

#define WC_NID_basic_constraints BASIC_CA_OID

#define WC_NID_key_usage KEY_USAGE_OID /* 2.5.29.15 */

#define WC_NID_ext_key_usage EXT_KEY_USAGE_OID /* 2.5.29.37 */

#define WC_NID_subject_key_identifier SUBJ_KEY_OID

#define WC_NID_authority_key_identifier AUTH_KEY_OID

#define WC_NID_private_key_usage_period PRIV_KEY_USAGE_PERIOD_OID

#define WC_NID_subject_alt_name ALT_NAMES_OID

#define WC_NID_issuer_alt_name ISSUE_ALT_NAMES_OID

#define WC_NID_info_access AUTH_INFO_OID

#define WC_NID_sinfo_access SUBJ_INFO_ACC_OID /* id-pe 11 */

#define WC_NID_name_constraints NAME_CONS_OID /* 2.5.29.30 */

#define WC_NID_crl_distribution_points CRL_DIST_OID /* 2.5.29.31 */

#define WC_NID_certificate_policies CERT_POLICY_OID

#define WC_NID_policy_mappings POLICY_MAP_OID

#define WC_NID_policy_constraints POLICY_CONST_OID

#define WC_NID_inhibit_any_policy INHIBIT_ANY_OID /* 2.5.29.54 */

#define WC_NID_tlsfeature TLS_FEATURE_OID /* id-pe 24 */

#define WC_NID_buildingName 1494

#define WC_NID_dnQualifier 174 /* 2.5.4.46 */

#define WC_NID_commonName 14 /* CN Changed to not conflict

* with PBE_SHA1_DES3 */

#define WC_NID_name 173 /* N , OID = 2.5.4.41 */

#define WC_NID_surname 0x04 /* SN */

#define WC_NID_serialNumber 0x05 /* serialNumber */

#define WC_NID_countryName 0x06 /* C */

#define WC_NID_localityName 0x07 /* L */

#define WC_NID_stateOrProvinceName 0x08 /* ST */

#define WC_NID_streetAddress ASN_STREET_ADDR /* street */

#define WC_NID_organizationName 0x0a /* O */

#define WC_NID_organizationalUnitName 0x0b /* OU */

#define WC_NID_jurisdictionCountryName 0xc

#define WC_NID_jurisdictionStateOrProvinceName 0xd

#define WC_NID_businessCategory ASN_BUS_CAT

#define WC_NID_domainComponent ASN_DOMAIN_COMPONENT

#define WC_NID_postalCode ASN_POSTAL_CODE /* postalCode */

#define WC_NID_rfc822Mailbox 460

#define WC_NID_favouriteDrink 462

#define WC_NID_userId 458

#define WC_NID_registeredAddress 870

#define WC_NID_emailAddress 0x30 /* emailAddress */

#define WC_NID_id_on_dnsSRV 82 /* 1.3.6.1.5.5.7.8.7 */

#define WC_NID_ms_upn UPN_OID /* 1.3.6.1.4.1.311.20.2.3 */

#define WC_NID_X9_62_prime_field 406 /* 1.2.840.10045.1.1 */

#define WC_NID_id_GostR3410_2001 811

#define WC_NID_id_GostR3410_2012_256 979

#define WC_NID_id_GostR3410_2012_512 980

#ifndef OPENSSL_COEXIST

#define NID_undef WC_NID_undef

#define NID_netscape_cert_type WC_NID_netscape_cert_type

#define NID_des WC_NID_des

#define NID_des3 WC_NID_des3

#define NID_sha256 WC_NID_sha256

#define NID_sha384 WC_NID_sha384

#define NID_sha512 WC_NID_sha512

#define NID_sha512_224 WC_NID_sha512_224

#define NID_sha512_256 WC_NID_sha512_256

#define NID_pkcs7_signed WC_NID_pkcs7_signed

#define NID_pkcs7_enveloped WC_NID_pkcs7_enveloped

#define NID_pkcs7_signedAndEnveloped WC_NID_pkcs7_signedAndEnveloped

#define NID_pkcs9_unstructuredName WC_NID_pkcs9_unstructuredName

#define NID_pkcs9_contentType WC_NID_pkcs9_contentType

#define NID_pkcs9_challengePassword WC_NID_pkcs9_challengePassword

#define NID_hw_name_oid WC_NID_hw_name_oid

#define NID_id_pkix_OCSP_basic WC_NID_id_pkix_OCSP_basic

#define NID_any_policy WC_NID_any_policy

#define NID_anyExtendedKeyUsage WC_NID_anyExtendedKeyUsage