asn_public.h 52 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437
  1. /*!
  2. \ingroup ASN
  3. \brief This function initializes a default cert, with the default options:
  4. version = 3 (0x2), serial = 0, sigType = SHA_WITH_RSA, issuer = blank,
  5. daysValid = 500, selfSigned = 1 (true) use subject as issuer,
  6. subject = blank
  7. \return none No returns.
  8. \param cert pointer to an uninitialized cert structure to initialize
  9. _Example_
  10. \code
  11. Cert myCert;
  12. wc_InitCert(&myCert);
  13. \endcode
  14. \sa wc_MakeCert
  15. \sa wc_MakeCertReq
  16. */
  17. WOLFSSL_API int wc_InitCert(Cert*);
  18. /*!
  19. \ingroup ASN
  20. \brief Used to make CA signed certs. Called after the subject information
  21. has been entered. This function makes an x509 Certificate v3 RSA or ECC
  22. from a cert input. It then writes this cert to derBuffer. It takes in
  23. either an rsaKey or an eccKey to generate the certificate. The certificate
  24. must be initialized with wc_InitCert before this method is called.
  25. \return Success On successfully making an x509 certificate from the
  26. specified input cert, returns the size of the cert generated.
  27. \return MEMORY_E Returned if there is an error allocating memory
  28. with XMALLOC
  29. \return BUFFER_E Returned if the provided derBuffer is too small to
  30. store the generated certificate
  31. \return Others Additional error messages may be returned if the cert
  32. generation is not successful.
  33. \param cert pointer to an initialized cert structure
  34. \param derBuffer pointer to the buffer in which to hold the generated cert
  35. \param derSz size of the buffer in which to store the cert
  36. \param rsaKey pointer to an RsaKey structure containing the rsa key used
  37. to generate the certificate
  38. \param eccKey pointer to an EccKey structure containing the ecc key used
  39. to generate the certificate
  40. \param rng pointer to the random number generator used to make the cert
  41. _Example_
  42. \code
  43. Cert myCert;
  44. wc_InitCert(&myCert);
  45. WC_RNG rng;
  46. //initialize rng;
  47. RsaKey key;
  48. //initialize key;
  49. byte * derCert = malloc(FOURK_BUF);
  50. word32 certSz;
  51. certSz = wc_MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng);
  52. \endcode
  53. \sa wc_InitCert
  54. \sa wc_MakeCertReq
  55. */
  56. WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
  57. ecc_key*, WC_RNG*);
  58. /*!
  59. \ingroup ASN
  60. \brief This function makes a certificate signing request using the input
  61. certificate and writes the output to derBuffer. It takes in either an
  62. rsaKey or an eccKey to generate the certificate request. wc_SignCert()
  63. will need to be called after this function to sign the certificate request.
  64. Please see the wolfCrypt test application (./wolfcrypt/test/test.c) for an
  65. example usage of this function.
  66. \return Success On successfully making an X.509 certificate request from
  67. the specified input cert, returns the size of the certificate
  68. request generated.
  69. \return MEMORY_E Returned if there is an error allocating memory
  70. with XMALLOC
  71. \return BUFFER_E Returned if the provided derBuffer is too small to store
  72. the generated certificate
  73. \return Other Additional error messages may be returned if the certificate
  74. request generation is not successful.
  75. \param cert pointer to an initialized cert structure
  76. \param derBuffer pointer to the buffer in which to hold the generated
  77. certificate request
  78. \param derSz size of the buffer in which to store the certificate request
  79. \param rsaKey pointer to an RsaKey structure containing the rsa key used
  80. to generate the certificate request
  81. \param eccKey pointer to an EccKey structure containing the ecc key used
  82. to generate the certificate request
  83. _Example_
  84. \code
  85. Cert myCert;
  86. // initialize myCert
  87. EccKey key;
  88. //initialize key;
  89. byte* derCert = (byte*)malloc(FOURK_BUF);
  90. word32 certSz;
  91. certSz = wc_MakeCertReq(&myCert, derCert, FOURK_BUF, NULL, &key);
  92. \endcode
  93. \sa wc_InitCert
  94. \sa wc_MakeCert
  95. */
  96. WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz,
  97. RsaKey*, ecc_key*);
  98. /*!
  99. \ingroup ASN
  100. \brief This function signs buffer and adds the signature to the end of
  101. buffer. It takes in a signature type. Must be called after wc_MakeCert()
  102. or wc_MakeCertReq() if creating a CA signed cert.
  103. \return Success On successfully signing the certificate, returns the new
  104. size of the cert (including signature).
  105. \return MEMORY_E Returned if there is an error allocating
  106. memory with XMALLOC
  107. \return BUFFER_E Returned if the provided buffer is too small to store
  108. the generated certificate
  109. \return Other Additional error messages may be returned if the cert
  110. generation is not successful.
  111. \param requestSz the size of the certificate body we’re requesting
  112. to have signed
  113. \param sType Type of signature to create. Valid options are: CTC_MD5wRSA,
  114. CTC_SHAwRSA, CTC_SHAwECDSA, CTC_SHA256wECDSA, andCTC_SHA256wRSA
  115. \param buffer pointer to the buffer containing the certificate to be
  116. signed. On success: will hold the newly signed certificate
  117. \param buffSz the (total) size of the buffer in which to store the newly
  118. signed certificate
  119. \param rsaKey pointer to an RsaKey structure containing the rsa key
  120. to used to sign the certificate
  121. \param eccKey pointer to an EccKey structure containing the ecc key
  122. to used to sign the certificate
  123. \param rng pointer to the random number generator used to sign
  124. the certificate
  125. _Example_
  126. \code
  127. Cert myCert;
  128. byte* derCert = (byte*)malloc(FOURK_BUF);
  129. // initialize myCert, derCert
  130. RsaKey key;
  131. // initialize key;
  132. WC_RNG rng;
  133. // initialize rng
  134. word32 certSz;
  135. certSz = wc_SignCert(myCert.bodySz, myCert.sigType,derCert,FOURK_BUF,
  136. &key, NULL,
  137. &rng);
  138. \endcode
  139. \sa wc_InitCert
  140. \sa wc_MakeCert
  141. */
  142. WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer,
  143. word32 derSz, RsaKey*, ecc_key*, WC_RNG*);
  144. /*!
  145. \ingroup ASN
  146. \brief This function is a combination of the previous two functions,
  147. wc_MakeCert and wc_SignCert for self signing (the previous functions may
  148. be used for CA requests). It makes a certificate, and then signs it,
  149. generating a self-signed certificate.
  150. \return Success On successfully signing the certificate, returns the
  151. new size of the cert.
  152. \return MEMORY_E Returned if there is an error allocating memory
  153. with XMALLOC
  154. \return BUFFER_E Returned if the provided buffer is too small to store
  155. the generated certificate
  156. \return Other Additional error messages may be returned if the cert
  157. generation is not successful.
  158. \param cert pointer to the cert to make and sign
  159. \param buffer pointer to the buffer in which to hold the signed certificate
  160. \param buffSz size of the buffer in which to store the signed certificate
  161. \param key pointer to an RsaKey structure containing the rsa key to
  162. used to sign the certificate
  163. \param rng pointer to the random number generator used to generate
  164. and sign the certificate
  165. _Example_
  166. \code
  167. Cert myCert;
  168. byte* derCert = (byte*)malloc(FOURK_BUF);
  169. // initialize myCert, derCert
  170. RsaKey key;
  171. // initialize key;
  172. WC_RNG rng;
  173. // initialize rng
  174. word32 certSz;
  175. certSz = wc_MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng);
  176. \endcode
  177. \sa wc_InitCert
  178. \sa wc_MakeCert
  179. \sa wc_SignCert
  180. */
  181. WOLFSSL_API int wc_MakeSelfCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,
  182. WC_RNG*);
  183. /*!
  184. \ingroup ASN
  185. \brief This function sets the issuer for a certificate to the issuer
  186. in the provided pem issuerFile. It also changes the certificate’s
  187. self-signed attribute to false. The issuer specified in issuerFile is
  188. verified prior to setting the cert issuer. This method is used to set
  189. fields prior to signing.
  190. \return 0 Returned on successfully setting the issuer for the certificate
  191. \return MEMORY_E Returned if there is an error allocating memory
  192. with XMALLOC
  193. \return ASN_PARSE_E Returned if there is an error parsing the
  194. cert header file
  195. \return ASN_OBJECT_ID_E Returned if there is an error parsing the
  196. encryption type from the cert
  197. \return ASN_EXPECT_0_E Returned if there is a formatting error in
  198. the encryption specification of the cert file
  199. \return ASN_BEFORE_DATE_E Returned if the date is before the certificate
  200. start date
  201. \return ASN_AFTER_DATE_E Returned if the date is after the certificate
  202. expiration date
  203. \return ASN_BITSTR_E Returned if there is an error parsing a bit string
  204. from the certificate
  205. \return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
  206. from the certificate
  207. \return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
  208. from the certificate
  209. \return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
  210. key object id
  211. \return ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not
  212. defined and the certificate is a V1 or V2 certificate
  213. \return BAD_FUNC_ARG Returned if there is an error processing the
  214. certificate extension
  215. \return ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is
  216. encountered in processing the certificate
  217. \return ASN_SIG_OID_E Returned if the signature encryption type is not
  218. the same as the encryption type of the certificate in the provided file
  219. \return ASN_SIG_CONFIRM_E Returned if confirming the certification
  220. signature fails
  221. \return ASN_NAME_INVALID_E Returned if the certificate’s name is not
  222. permitted by the CA name constraints
  223. \return ASN_NO_SIGNER_E Returned if there is no CA signer to verify
  224. the certificate’s authenticity
  225. \param cert pointer to the cert for which to set the issuer
  226. \param issuerFile path of the file containing the pem formatted certificate
  227. _Example_
  228. \code
  229. Cert myCert;
  230. // initialize myCert
  231. if(wc_SetIssuer(&myCert, ”./path/to/ca-cert.pem”) != 0) {
  232. // error setting issuer
  233. }
  234. \endcode
  235. \sa wc_InitCert
  236. \sa wc_SetSubject
  237. \sa wc_SetIssuerBuffer
  238. */
  239. WOLFSSL_API int wc_SetIssuer(Cert*, const char*);
  240. /*!
  241. \ingroup ASN
  242. \brief This function sets the subject for a certificate to the subject
  243. in the provided pem subjectFile. This method is used to set fields prior
  244. to signing.
  245. \return 0 Returned on successfully setting the issuer for the certificate
  246. \return MEMORY_E Returned if there is an error allocating memory with XMALLOC
  247. \return ASN_PARSE_E Returned if there is an error parsing the cert
  248. header file
  249. \return ASN_OBJECT_ID_E Returned if there is an error parsing the
  250. encryption type from the cert
  251. \return ASN_EXPECT_0_E Returned if there is a formatting error in the
  252. encryption specification of the cert file
  253. \return ASN_BEFORE_DATE_E Returned if the date is before the certificate
  254. start date
  255. \return ASN_AFTER_DATE_E Returned if the date is after the certificate
  256. expiration date
  257. \return ASN_BITSTR_E Returned if there is an error parsing a bit string
  258. from the certificate
  259. \return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
  260. from the certificate
  261. \return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
  262. from the certificate
  263. \return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
  264. key object id
  265. \return ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not
  266. defined and the certificate is a V1 or V2 certificate
  267. \return BAD_FUNC_ARG Returned if there is an error processing the
  268. certificate extension
  269. \return ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is
  270. encountered in processing the certificate
  271. \return ASN_SIG_OID_E Returned if the signature encryption type is not
  272. the same as the encryption type of the certificate in the provided file
  273. \return ASN_SIG_CONFIRM_E Returned if confirming the certification
  274. signature fails
  275. \return ASN_NAME_INVALID_E Returned if the certificate’s name is not
  276. permitted by the CA name constraints
  277. \return ASN_NO_SIGNER_E Returned if there is no CA signer to verify the
  278. certificate’s authenticity
  279. \param cert pointer to the cert for which to set the issuer
  280. \param subjectFile path of the file containing the pem formatted certificate
  281. _Example_
  282. \code
  283. Cert myCert;
  284. // initialize myCert
  285. if(wc_SetSubject(&myCert, ”./path/to/ca-cert.pem”) != 0) {
  286. // error setting subject
  287. }
  288. \endcode
  289. \sa wc_InitCert
  290. \sa wc_SetIssuer
  291. */
  292. WOLFSSL_API int wc_SetSubject(Cert*, const char*);
  293. /*!
  294. \ingroup ASN
  295. \brief This function sets the alternate names for a certificate to the
  296. alternate names in the provided pem file. This is useful in the case that
  297. one wishes to secure multiple domains with the same certificate. This
  298. method is used to set fields prior to signing.
  299. \return 0 Returned on successfully setting the alt names for the certificate
  300. \return MEMORY_E Returned if there is an error allocating memory
  301. with XMALLOC
  302. \return ASN_PARSE_E Returned if there is an error parsing the cert
  303. header file
  304. \return ASN_OBJECT_ID_E Returned if there is an error parsing the
  305. encryption type from the cert
  306. \return ASN_EXPECT_0_E Returned if there is a formatting error in the
  307. encryption specification of the cert file
  308. \return ASN_BEFORE_DATE_E Returned if the date is before the certificate
  309. start date
  310. \return ASN_AFTER_DATE_E Returned if the date is after the certificate
  311. expiration date
  312. \return ASN_BITSTR_E Returned if there is an error parsing a bit string
  313. from the certificate
  314. \return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
  315. from the certificate
  316. \return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
  317. from the certificate
  318. \return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
  319. key object id
  320. \return ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not
  321. defined and the certificate is a V1 or V2 certificate
  322. \return BAD_FUNC_ARG Returned if there is an error processing the
  323. certificate extension
  324. \return ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is
  325. encountered in processing the certificate
  326. \return ASN_SIG_OID_E Returned if the signature encryption type is not
  327. the same as the encryption type of the certificate in the provided file
  328. \return ASN_SIG_CONFIRM_E Returned if confirming the certification
  329. signature fails
  330. \return ASN_NAME_INVALID_E Returned if the certificate’s name is not
  331. permitted by the CA name constraints
  332. \return ASN_NO_SIGNER_E Returned if there is no CA signer to verify the
  333. certificate’s authenticity
  334. \param cert pointer to the cert for which to set the alt names
  335. \param file path of the file containing the pem formatted certificate
  336. _Example_
  337. \code
  338. Cert myCert;
  339. // initialize myCert
  340. if(wc_SetSubject(&myCert, ”./path/to/ca-cert.pem”) != 0) {
  341. // error setting alt names
  342. }
  343. \endcode
  344. \sa wc_InitCert
  345. \sa wc_SetIssuer
  346. */
  347. WOLFSSL_API int wc_SetAltNames(Cert*, const char*);
  348. /*!
  349. \ingroup ASN
  350. \brief This function sets the issuer for a certificate from the issuer in
  351. the provided der buffer. It also changes the certificate’s self-signed
  352. attribute to false. This method is used to set fields prior to signing.
  353. \return 0 Returned on successfully setting the issuer for the certificate
  354. \return MEMORY_E Returned if there is an error allocating memory
  355. with XMALLOC
  356. \return ASN_PARSE_E Returned if there is an error parsing the cert
  357. header file
  358. \return ASN_OBJECT_ID_E Returned if there is an error parsing the
  359. encryption type from the cert
  360. \return ASN_EXPECT_0_E Returned if there is a formatting error in the
  361. encryption specification of the cert file
  362. \return ASN_BEFORE_DATE_E Returned if the date is before the certificate
  363. start date
  364. \return ASN_AFTER_DATE_E Returned if the date is after the certificate
  365. expiration date
  366. \return ASN_BITSTR_E Returned if there is an error parsing a bit string
  367. from the certificate
  368. \return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU
  369. key from the certificate
  370. \return ECC_CURVE_OID_E Returned if there is an error parsing the ECC
  371. key from the certificate
  372. \return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
  373. key object id
  374. \return ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not
  375. defined and the certificate is a V1 or V2 certificate
  376. \return BAD_FUNC_ARG Returned if there is an error processing the
  377. certificate extension
  378. \return ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is
  379. encountered in processing the certificate
  380. \return ASN_SIG_OID_E Returned if the signature encryption type is not
  381. the same as the encryption type of the certificate in the provided file
  382. \return ASN_SIG_CONFIRM_E Returned if confirming the certification
  383. signature fails
  384. \return ASN_NAME_INVALID_E Returned if the certificate’s name is not
  385. permitted by the CA name constraints
  386. \return ASN_NO_SIGNER_E Returned if there is no CA signer to verify
  387. the certificate’s authenticity
  388. \param cert pointer to the cert for which to set the issuer
  389. \param der pointer to the buffer containing the der formatted certificate
  390. from which to grab the issuer
  391. \param derSz size of the buffer containing the der formatted certificate
  392. from which to grab the issuer
  393. _Example_
  394. \code
  395. Cert myCert;
  396. // initialize myCert
  397. byte* der;
  398. der = (byte*)malloc(FOURK_BUF);
  399. // initialize der
  400. if(wc_SetIssuerBuffer(&myCert, der, FOURK_BUF) != 0) {
  401. // error setting issuer
  402. }
  403. \endcode
  404. \sa wc_InitCert
  405. \sa wc_SetIssuer
  406. */
  407. WOLFSSL_API int wc_SetIssuerBuffer(Cert*, const byte*, int);
  408. /*!
  409. \ingroup ASN
  410. \brief This function sets the subject for a certificate from the subject in
  411. the provided der buffer. This method is used to set fields prior to signing.
  412. \return 0 Returned on successfully setting the subject for the certificate
  413. \return MEMORY_E Returned if there is an error allocating memory
  414. with XMALLOC
  415. \return ASN_PARSE_E Returned if there is an error parsing the cert
  416. header file
  417. \return ASN_OBJECT_ID_E Returned if there is an error parsing the
  418. encryption type from the cert
  419. \return ASN_EXPECT_0_E Returned if there is a formatting error in the
  420. encryption specification of the cert file
  421. \return ASN_BEFORE_DATE_E Returned if the date is before the certificate
  422. start date
  423. \return ASN_AFTER_DATE_E Returned if the date is after the certificate
  424. expiration date
  425. \return ASN_BITSTR_E Returned if there is an error parsing a bit string
  426. from the certificate
  427. \return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
  428. from the certificate
  429. \return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
  430. from the certificate
  431. \return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
  432. key object id
  433. \return ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not
  434. defined and the certificate is a V1 or V2 certificate
  435. \return BAD_FUNC_ARG Returned if there is an error processing the
  436. certificate extension
  437. \return ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is
  438. encountered in processing the certificate
  439. \return ASN_SIG_OID_E Returned if the signature encryption type is not
  440. the same as the encryption type of the certificate in the provided file
  441. \return ASN_SIG_CONFIRM_E Returned if confirming the certification
  442. signature fails
  443. \return ASN_NAME_INVALID_E Returned if the certificate’s name is not
  444. permitted by the CA name constraints
  445. \return ASN_NO_SIGNER_E Returned if there is no CA signer to verify the
  446. certificate’s authenticity
  447. \param cert pointer to the cert for which to set the subject
  448. \param der pointer to the buffer containing the der formatted certificate
  449. from which to grab the subject
  450. \param derSz size of the buffer containing the der formatted certificate
  451. from which to grab the subject
  452. _Example_
  453. \code
  454. Cert myCert;
  455. // initialize myCert
  456. byte* der;
  457. der = (byte*)malloc(FOURK_BUF);
  458. // initialize der
  459. if(wc_SetSubjectBuffer(&myCert, der, FOURK_BUF) != 0) {
  460. // error setting subject
  461. }
  462. \endcode
  463. \sa wc_InitCert
  464. \sa wc_SetSubject
  465. */
  466. WOLFSSL_API int wc_SetSubjectBuffer(Cert*, const byte*, int);
  467. /*!
  468. \ingroup ASN
  469. \brief This function sets the alternate names for a certificate from the
  470. alternate names in the provided der buffer. This is useful in the case that
  471. one wishes to secure multiple domains with the same certificate. This
  472. method is used to set fields prior to signing.
  473. \return 0 Returned on successfully setting the alternate names for the
  474. certificate
  475. \return MEMORY_E Returned if there is an error allocating memory with
  476. XMALLOC
  477. \return ASN_PARSE_E Returned if there is an error parsing the cert
  478. header file
  479. \return ASN_OBJECT_ID_E Returned if there is an error parsing the
  480. encryption type from the cert
  481. \return ASN_EXPECT_0_E Returned if there is a formatting error in the
  482. encryption specification of the cert file
  483. \return ASN_BEFORE_DATE_E Returned if the date is before the
  484. certificate start date
  485. \return ASN_AFTER_DATE_E Returned if the date is after the certificate
  486. expiration date
  487. \return ASN_BITSTR_E Returned if there is an error parsing a bit string
  488. from the certificate
  489. \return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
  490. from the certificate
  491. \return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
  492. from the certificate
  493. \return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
  494. key object id
  495. \return ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not
  496. defined and the certificate is a V1 or V2 certificate
  497. \return BAD_FUNC_ARG Returned if there is an error processing the
  498. certificate extension
  499. \return ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is
  500. encountered in processing the certificate
  501. \return ASN_SIG_OID_E Returned if the signature encryption type is not the
  502. same as the encryption type of the certificate in the provided file
  503. \return ASN_SIG_CONFIRM_E Returned if confirming the certification
  504. signature fails
  505. \return ASN_NAME_INVALID_E Returned if the certificate’s name is not
  506. permitted by the CA name constraints
  507. \return ASN_NO_SIGNER_E Returned if there is no CA signer to verify the
  508. certificate’s authenticity
  509. \param cert pointer to the cert for which to set the alternate names
  510. \param der pointer to the buffer containing the der formatted certificate
  511. from which to grab the alternate names
  512. \param derSz size of the buffer containing the der formatted certificate
  513. from which to grab the alternate names
  514. _Example_
  515. \code
  516. Cert myCert;
  517. // initialize myCert
  518. byte* der;
  519. der = (byte*)malloc(FOURK_BUF);
  520. // initialize der
  521. if(wc_SetAltNamesBuffer(&myCert, der, FOURK_BUF) != 0) {
  522. // error setting subject
  523. }
  524. \endcode
  525. \sa wc_InitCert
  526. \sa wc_SetAltNames
  527. */
  528. WOLFSSL_API int wc_SetAltNamesBuffer(Cert*, const byte*, int);
  529. /*!
  530. \ingroup ASN
  531. \brief This function sets the dates for a certificate from the date range
  532. in the provided der buffer. This method is used to set fields prior
  533. to signing.
  534. \return 0 Returned on successfully setting the dates for the certificate
  535. \return MEMORY_E Returned if there is an error allocating memory
  536. with XMALLOC
  537. \return ASN_PARSE_E Returned if there is an error parsing the cert
  538. header file
  539. \return ASN_OBJECT_ID_E Returned if there is an error parsing the
  540. encryption type from the cert
  541. \return ASN_EXPECT_0_E Returned if there is a formatting error in the
  542. encryption specification of the cert file
  543. \return ASN_BEFORE_DATE_E Returned if the date is before the certificate
  544. start date
  545. \return ASN_AFTER_DATE_E Returned if the date is after the certificate
  546. expiration date
  547. \return ASN_BITSTR_E Returned if there is an error parsing a bit string
  548. from the certificate
  549. \return ASN_NTRU_KEY_E Returned if there is an error parsing the NTRU key
  550. from the certificate
  551. \return ECC_CURVE_OID_E Returned if there is an error parsing the ECC key
  552. from the certificate
  553. \return ASN_UNKNOWN_OID_E Returned if the certificate is using an unknown
  554. key object id
  555. \return ASN_VERSION_E Returned if the ALLOW_V1_EXTENSIONS option is not
  556. defined and the certificate is a V1 or V2 certificate
  557. \return BAD_FUNC_ARG Returned if there is an error processing the
  558. certificate extension
  559. \return ASN_CRIT_EXT_E Returned if an unfamiliar critical extension is
  560. encountered in processing the certificate
  561. \return ASN_SIG_OID_E Returned if the signature encryption type is not
  562. the same as the encryption type of the certificate in the provided file
  563. \return ASN_SIG_CONFIRM_E Returned if confirming the certification
  564. signature fails
  565. \return ASN_NAME_INVALID_E Returned if the certificate’s name is not
  566. permitted by the CA name constraints
  567. \return ASN_NO_SIGNER_E Returned if there is no CA signer to verify the
  568. certificate’s authenticity
  569. \param cert pointer to the cert for which to set the dates
  570. \param der pointer to the buffer containing the der formatted certificate
  571. from which to grab the date range
  572. \param derSz size of the buffer containing the der formatted certificate
  573. from which to grab the date range
  574. _Example_
  575. \code
  576. Cert myCert;
  577. // initialize myCert
  578. byte* der;
  579. der = (byte*)malloc(FOURK_BUF);
  580. // initialize der
  581. if(wc_SetDatesBuffer(&myCert, der, FOURK_BUF) != 0) {
  582. // error setting subject
  583. }
  584. \endcode
  585. \sa wc_InitCert
  586. */
  587. WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int);
  588. /*!
  589. \ingroup ASN
  590. \brief Set AKID from either an RSA or ECC public key. note: Only set one of
  591. rsakey or eckey, not both.
  592. \return 0 Success
  593. \return BAD_FUNC_ARG Either cert is null or both rsakey and eckey are null.
  594. \return MEMORY_E Error allocating memory.
  595. \return PUBLIC_KEY_E Error writing to the key.
  596. \param cert Pointer to the certificate to set the SKID.
  597. \param rsakey Pointer to the RsaKey struct to read from.
  598. \param eckey Pointer to the ecc_key to read from.
  599. _Example_
  600. \code
  601. Cert myCert;
  602. RsaKey keypub;
  603. wc_InitRsaKey(&keypub, 0);
  604. if (wc_SetAuthKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0)
  605. {
  606. // Handle error
  607. }
  608. \endcode
  609. \sa wc_SetSubjectKeyId
  610. \sa wc_SetAuthKeyId
  611. \sa wc_SetAuthKeyIdFromCert
  612. */
  613. WOLFSSL_API int wc_SetAuthKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
  614. ecc_key *eckey);
  615. /*!
  616. \ingroup ASN
  617. \brief Set AKID from from DER encoded certificate.
  618. \return 0 Success
  619. \return BAD_FUNC_ARG Error if any argument is null or derSz is less than 0.
  620. \return MEMORY_E Error if problem allocating memory.
  621. \return ASN_NO_SKID No subject key ID found.
  622. \param cert The Cert struct to write to.
  623. \param der The DER encoded certificate buffer.
  624. \param derSz Size of der in bytes.
  625. _Example_
  626. \code
  627. Cert some_cert;
  628. byte some_der[] = { // Initialize a DER buffer };
  629. wc_InitCert(&some_cert);
  630. if(wc_SetAuthKeyIdFromCert(&some_cert, some_der, sizeof(some_der) != 0)
  631. {
  632. // Handle error
  633. }
  634. \endcode
  635. \sa wc_SetAuthKeyIdFromPublicKey
  636. \sa wc_SetAuthKeyId
  637. */
  638. WOLFSSL_API int wc_SetAuthKeyIdFromCert(Cert *cert, const byte *der, int derSz);
  639. /*!
  640. \ingroup ASN
  641. \brief Set AKID from certificate file in PEM format.
  642. \return 0 Success
  643. \return BAD_FUNC_ARG Error if cert or file is null.
  644. \return MEMORY_E Error if problem allocating memory.
  645. \param cert Cert struct you want to set the AKID of.
  646. \param file Buffer containing PEM cert file.
  647. _Example_
  648. \code
  649. char* file_name = "/path/to/file";
  650. cert some_cert;
  651. wc_InitCert(&some_cert);
  652. if(wc_SetAuthKeyId(&some_cert, file_name) != 0)
  653. {
  654. // Handle Error
  655. }
  656. \endcode
  657. \sa wc_SetAuthKeyIdFromPublicKey
  658. \sa wc_SetAuthKeyIdFromCert
  659. */
  660. WOLFSSL_API int wc_SetAuthKeyId(Cert *cert, const char* file);
  661. /*!
  662. \ingroup ASN
  663. \brief Set SKID from RSA or ECC public key.
  664. \return 0 Success
  665. \return BAD_FUNC_ARG Returned if cert or rsakey and eckey is null.
  666. \return MEMORY_E Returned if there is an error allocating memory.
  667. \return PUBLIC_KEY_E Returned if there is an error getting the public key.
  668. \param cert Pointer to a Cert structure to be used.
  669. \param rsakey Pointer to an RsaKey structure
  670. \param eckey Pointer to an ecc_key structure
  671. _Example_
  672. \code
  673. Cert some_cert;
  674. RsaKey some_key;
  675. wc_InitCert(&some_cert);
  676. wc_InitRsaKey(&some_key);
  677. if(wc_SetSubjectKeyIdFromPublicKey(&some_cert,&some_key, NULL) != 0)
  678. {
  679. // Handle Error
  680. }
  681. \endcode
  682. \sa wc_SetSubjectKeyId
  683. \sa wc_SetSubjectKeyIdFromNtruPublicKey
  684. */
  685. WOLFSSL_API int wc_SetSubjectKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey,
  686. ecc_key *eckey);
  687. /*!
  688. \ingroup ASN
  689. \brief Set SKID from public key file in PEM format. Both arguments
  690. are required.
  691. \return 0 Success
  692. \return BAD_FUNC_ARG Returns if cert or file is null.
  693. \return MEMORY_E Returns if there is a problem allocating memory for key.
  694. \return PUBLIC_KEY_E Returns if there is an error decoding the public key.
  695. \param cert Cert structure to set the SKID of.
  696. \param file Contains the PEM encoded file.
  697. _Example_
  698. \code
  699. const char* file_name = "path/to/file";
  700. Cert some_cert;
  701. wc_InitCert(&some_cert);
  702. if(wc_SetSubjectKeyId(&some_cert, file_name) != 0)
  703. {
  704. // Handle Error
  705. }
  706. \endcode
  707. \sa wc_SetSubjectKeyIdFromNtruPublicKey
  708. \sa wc_SetSubjectKeyIdFromPublicKey
  709. */
  710. WOLFSSL_API int wc_SetSubjectKeyId(Cert *cert, const char* file);
  711. /*!
  712. \ingroup ASN
  713. \brief Set SKID from NTRU public key.
  714. \return 0 Success
  715. \return BAD_FUNC_ARG Returned if cert or ntruKey is null.
  716. \return MEMORY_E Returned if there is an error allocating memory.
  717. \return PUBLIC_KEY_E Returned if there is an error getting the public key.
  718. \param cert Pointer to a Cert structure to be used.
  719. \param ntruKey Pointer to the NTRU public key in a byte array.
  720. \param ntruKeySz Size of the NTRU byte array.
  721. _Example_
  722. \code
  723. Cert some_cert;
  724. wc_InitCert(&some_cert);
  725. byte some_ntru_key[] = { // Load an NTRU key };
  726. word32 ntru_size = sizeof(some_ntru_key);
  727. if(wc_SetSubjectKeyIdFromNtruPublicKey(&some_cert,
  728. some_ntru_key, ntru_size) != 0)
  729. {
  730. // Handle error
  731. }
  732. \endcode
  733. \sa SetKeyIdFromPublicKey
  734. */
  735. WOLFSSL_API int wc_SetSubjectKeyIdFromNtruPublicKey(Cert *cert, byte *ntruKey,
  736. word16 ntruKeySz);
  737. /*!
  738. \ingroup RSA
  739. \brief This function allows you to set the key usage using a comma
  740. delimited string of tokens. Accepted tokens are: digitalSignature,
  741. nonRepudiation, contentCommitment, keyCertSign, cRLSign, dataEncipherment,
  742. keyAgreement, keyEncipherment, encipherOnly, decipherOnly. Example:
  743. "digitalSignature,nonRepudiation" nonRepudiation and contentCommitment
  744. are for the same usage.
  745. \return 0 Success
  746. \return BAD_FUNC_ARG Returned when either arg is null.
  747. \return MEMORY_E Returned when there is an error allocating memory.
  748. \return KEYUSAGE_E Returned if an unrecognized token is entered.
  749. \param cert Pointer to initialized Cert structure.
  750. \param value Comma delimited string of tokens to set usage.
  751. _Example_
  752. \code
  753. Cert cert;
  754. wc_InitCert(&cert);
  755. if(wc_SetKeyUsage(&cert, "cRLSign,keyCertSign") != 0)
  756. {
  757. // Handle error
  758. }
  759. \endcode
  760. \sa wc_InitCert
  761. \sa wc_MakeRsaKey
  762. */
  763. WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
  764. /*!
  765. \ingroup ASN
  766. \brief Used to make CA signed certs. Called after the subject information
  767. has been entered. This function makes an NTRU Certificate from a cert
  768. input. It then writes this cert to derBuffer. It takes in an ntruKey and
  769. a rng to generate the certificate. The certificate must be initialized
  770. with wc_InitCert before this method is called.
  771. \return Success On successfully making a NTRU certificate from the
  772. specified input cert, returns the size of the cert generated.
  773. \return MEMORY_E Returned if there is an error allocating memory
  774. with XMALLOC
  775. \return BUFFER_E Returned if the provided derBuffer is too small to
  776. store the generated certificate
  777. \return Other Additional error messages may be returned if the cert
  778. generation is not successful.
  779. \param cert pointer to an initialized cert structure
  780. \param derBuffer pointer to the buffer in which to store
  781. the generated certificate
  782. \param derSz size of the buffer in which to store the generated
  783. certificate
  784. \param ntruKey pointer to the key to be used to generate the NTRU
  785. certificate
  786. \param keySz size of the key used to generate the NTRU certificate
  787. \param rng pointer to the random number generator used to generate
  788. the NTRU certificate
  789. _Example_
  790. \code
  791. Cert myCert;
  792. // initialize myCert
  793. WC_RNG rng;
  794. //initialize rng;
  795. byte ntruPublicKey[NTRU_KEY_SIZE];
  796. //initialize ntruPublicKey;
  797. byte * derCert = malloc(FOURK_BUF);
  798. word32 certSz;
  799. certSz = wc_MakeNtruCert(&myCert, derCert, FOURK_BUF, &ntruPublicKey,
  800. NTRU_KEY_SIZE, &rng);
  801. \endcode
  802. \sa wc_InitCert
  803. \sa wc_MakeCert
  804. */
  805. WOLFSSL_API int wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
  806. const byte* ntruKey, word16 keySz,
  807. WC_RNG*);
  808. /*!
  809. \ingroup ASN
  810. \brief Loads a PEM key from a file and converts to a DER encoded buffer.
  811. \return 0 Success
  812. \return <0 Error
  813. \return SSL_BAD_FILE There is a problem with opening the file.
  814. \return MEMORY_E There is an error allocating memory for the file buffer.
  815. \return BUFFER_E derBuf is not large enough to hold the converted key.
  816. \param fileName Name of the file to load.
  817. \param derBuf Buffer for DER encoded key.
  818. \param derSz Size of DER buffer.
  819. _Example_
  820. \code
  821. char* some_file = "filename";
  822. unsigned char der[];
  823. if(wc_PemPubKeyToDer(some_file, der, sizeof(der)) != 0)
  824. {
  825. //Handle Error
  826. }
  827. \endcode
  828. \sa wc_PubKeyPemToDer
  829. */
  830. WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName,
  831. unsigned char* derBuf, int derSz);
  832. /*!
  833. \ingroup ASN
  834. \brief Convert a PEM encoded public key to DER. Returns the number of
  835. bytes written to the buffer or a negative value for an error.
  836. \return >0 Success, number of bytes written.
  837. \return BAD_FUNC_ARG Returns if pem, buff, or buffSz are null
  838. \return <0 An error occurred in the function.
  839. \param pem PEM encoded key
  840. \param pemSz Size of pem
  841. \param buff Pointer to buffer for output.
  842. \param buffSz Size of buffer.
  843. _Example_
  844. \code
  845. byte some_pem[] = { Initialize with PEM key }
  846. unsigned char out_buffer[1024]; // Ensure buffer is large enough to fit DER
  847. if(wc_PubKeyPemToDer(some_pem, sizeof(some_pem), out_buffer,
  848. sizeof(out_buffer)) < 0)
  849. {
  850. // Handle error
  851. }
  852. \endcode
  853. \sa wc_PemPubKeyToDer
  854. */
  855. WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
  856. unsigned char*, int);
  857. /*!
  858. \ingroup ASN
  859. \brief This function converts a pem certificate to a der certificate,
  860. and places the resulting certificate in the derBuf buffer provided.
  861. \return Success On success returns the size of the derBuf generated
  862. \return BUFFER_E Returned if the size of derBuf is too small to hold
  863. the certificate generated
  864. \return MEMORY_E Returned if the call to XMALLOC fails
  865. \param fileName path to the file containing a pem certificate to
  866. convert to a der certificate
  867. \param derBuf pointer to a char buffer in which to store the
  868. converted certificate
  869. \param derSz size of the char buffer in which to store the
  870. converted certificate
  871. _Example_
  872. \code
  873. char * file = “./certs/client-cert.pem”;
  874. int derSz;
  875. byte * der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
  876. derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
  877. if(derSz <= 0) {
  878. //PemCertToDer error
  879. }
  880. \endcode
  881. \sa none
  882. */
  883. WOLFSSL_API
  884. int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz);
  885. /*!
  886. \ingroup ASN
  887. \brief This function converts a der formatted input certificate, contained
  888. in the der buffer, into a pem formatted output certificate, contained in
  889. the output buffer. It should be noted that this is not an in place
  890. conversion, and a separate buffer must be utilized to store the pem
  891. formatted output.
  892. \return Success On successfully making a pem certificate from the input
  893. der cert, returns the size of the pem cert generated.
  894. \return BAD_FUNC_ARG Returned if there is an error parsing the der file
  895. and storing it as a pem file
  896. \return MEMORY_E Returned if there is an error allocating memory
  897. with XMALLOC
  898. \return ASN_INPUT_E Returned in the case of a base 64 encoding error
  899. \return BUFFER_E May be returned if the output buffer is too small to
  900. store the pem formatted certificate
  901. \param der pointer to the buffer of the certificate to convert
  902. \param derSz size of the the certificate to convert
  903. \param output pointer to the buffer in which to store the pem
  904. formatted certificate
  905. \param outSz size of the buffer in which to store the pem formatted
  906. certificate
  907. \param type the type of certificate to generate. Valid types are:
  908. CERT_TYPE, PRIVATEKEY_TYPE, ECC_PRIVATEKEY_TYPE, and CERTREQ_TYPE.
  909. _Example_
  910. \code
  911. byte* der;
  912. // initialize der with certificate
  913. byte* pemFormatted[FOURK_BUF];
  914. word32 pemSz;
  915. pemSz = wc_DerToPem(der, derSz,pemFormatted,FOURK_BUF, CERT_TYPE);
  916. \endcode
  917. \sa wc_PemCertToDer
  918. */
  919. WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
  920. word32 outputSz, int type);
  921. /*!
  922. \ingroup ASN
  923. \brief This function converts a der formatted input certificate,
  924. contained in the der buffer, into a pem formatted output certificate,
  925. contained in the output buffer. It should be noted that this is not an
  926. in place conversion, and a separate buffer must be utilized to store the
  927. pem formatted output. Allows setting cipher info.
  928. \return Success On successfully making a pem certificate from the input
  929. der cert, returns the size of the pem cert generated.
  930. \return BAD_FUNC_ARG Returned if there is an error parsing the der file
  931. and storing it as a pem file
  932. \return MEMORY_E Returned if there is an error allocating memory
  933. with XMALLOC
  934. \return ASN_INPUT_E Returned in the case of a base 64 encoding error
  935. \return BUFFER_E May be returned if the output buffer is too small to
  936. store the pem formatted certificate
  937. \param der pointer to the buffer of the certificate to convert
  938. \param derSz size of the the certificate to convert
  939. \param output pointer to the buffer in which to store the pem
  940. formatted certificate
  941. \param outSz size of the buffer in which to store the pem formatted
  942. certificate
  943. \param cipher_inf Additional cipher information.
  944. \param type the type of certificate to generate. Valid types are:
  945. CERT_TYPE, PRIVATEKEY_TYPE, ECC_PRIVATEKEY_TYPE, and CERTREQ_TYPE.
  946. _Example_
  947. \code
  948. byte* der;
  949. // initialize der with certificate
  950. byte* pemFormatted[FOURK_BUF];
  951. word32 pemSz;
  952. byte* cipher_info[] { Additional cipher info. }
  953. pemSz = wc_DerToPemEx(der, derSz,pemFormatted,FOURK_BUF, ,CERT_TYPE);
  954. \endcode
  955. \sa wc_PemCertToDer
  956. */
  957. WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
  958. word32 outputSz, byte *cipherIno, int type);
  959. /*!
  960. \ingroup CertsKeys
  961. \brief Converts a key in PEM format to DER format.
  962. \return int the function returns the number of bytes written to
  963. the buffer on successful execution.
  964. \return int negative int returned indicating an error.
  965. \param pem a pointer to the PEM encoded certificate.
  966. \param pemSz the size of the PEM buffer (pem)
  967. \param buff a pointer to the copy of the buffer member of the
  968. DerBuffer struct.
  969. \param buffSz size of the buffer space allocated in the DerBuffer struct.
  970. \param pass password passed into the function.
  971. _Example_
  972. \code
  973. byte* loadBuf;
  974. long fileSz = 0;
  975. byte* bufSz;
  976. static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
  977. const char* keyFile,
  978. int typeKey, const char* pasword);
  979. bufSz = wc_KeyPemToDer(loadBuf, (int)fileSz, saveBuf,
  980. (int)fileSz, password);
  981. if(saveBufSz > 0){
  982. // Bytes were written to the buffer.
  983. }
  984. \endcode
  985. \sa wc_PemToDer
  986. */
  987. WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int,
  988. unsigned char*, int, const char*);
  989. /*!
  990. \ingroup CertsKeys
  991. \brief This function converts a PEM formatted certificate to DER
  992. format. Calls OpenSSL function PemToDer.
  993. \return buffer returns the bytes written to the buffer.
  994. \param pem pointer PEM formatted certificate.
  995. \param pemSz size of the certificate.
  996. \param buff buffer to be copied to DER format.
  997. \param buffSz size of the buffer.
  998. \param type Certificate file type found in asn_public.h enum CertType.
  999. _Example_
  1000. \code
  1001. const unsigned char* pem;
  1002. int pemSz;
  1003. unsigned char buff[BUFSIZE];
  1004. int buffSz = sizeof(buff)/sizeof(char);
  1005. int type;
  1006. ...
  1007. if(wc_CertPemToDer(pem, pemSz, buff, buffSz, type) <= 0) {
  1008. // There were bytes written to buffer
  1009. }
  1010. \endcode
  1011. \sa wc_PemToDer
  1012. */
  1013. WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
  1014. unsigned char*, int, int);
  1015. /*!
  1016. \ingroup ASN
  1017. \brief This function reads in an ECC private key from the input buffer,
  1018. input, parses the private key, and uses it to generate an ecc_key object,
  1019. which it stores in key.
  1020. \return 0 On successfully decoding the private key and storing the result
  1021. in the ecc_key struct
  1022. \return ASN_PARSE_E: Returned if there is an error parsing the der file
  1023. and storing it as a pem file
  1024. \return MEMORY_E Returned if there is an error allocating memory
  1025. with XMALLOC
  1026. \return BUFFER_E Returned if the certificate to convert is large than
  1027. the specified max certificate size
  1028. \return ASN_OBJECT_ID_E Returned if the certificate encoding has an
  1029. invalid object id
  1030. \return ECC_CURVE_OID_E Returned if the ECC curve of the provided key is
  1031. not supported
  1032. \return ECC_BAD_ARG_E Returned if there is an error in the ECC key format
  1033. \return NOT_COMPILED_IN Returned if the private key is compressed, and no
  1034. compression key is provided
  1035. \return MP_MEM Returned if there is an error in the math library used
  1036. while parsing the private key
  1037. \return MP_VAL Returned if there is an error in the math library used
  1038. while parsing the private key
  1039. \return MP_RANGE Returned if there is an error in the math library used
  1040. while parsing the private key
  1041. \param input pointer to the buffer containing the input private key
  1042. \param inOutIdx pointer to a word32 object containing the index in
  1043. the buffer at which to start
  1044. \param key pointer to an initialized ecc object, on which to store
  1045. the decoded private key
  1046. \param inSz size of the input buffer containing the private key
  1047. _Example_
  1048. \code
  1049. int ret, idx=0;
  1050. ecc_key key; // to store key in
  1051. byte* tmp; // tmp buffer to read key from
  1052. tmp = (byte*) malloc(FOURK_BUF);
  1053. int inSz;
  1054. inSz = fread(tmp, 1, FOURK_BUF, privateKeyFile);
  1055. // read key into tmp buffer
  1056. wc_ecc_init(&key); // initialize key
  1057. ret = wc_EccPrivateKeyDecode(tmp, &idx, &key, (word32)inSz);
  1058. if(ret < 0) {
  1059. // error decoding ecc key
  1060. }
  1061. \endcode
  1062. \sa wc_RSA_PrivateKeyDecode
  1063. */
  1064. WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,
  1065. ecc_key*, word32);
  1066. /*!
  1067. \ingroup ASN
  1068. \brief This function writes a private ECC key to der format.
  1069. \return Success On successfully writing the ECC key to der format,
  1070. returns the length written to the buffer
  1071. \return BAD_FUNC_ARG Returned if key or output is null, or inLen equals zero
  1072. \return MEMORY_E Returned if there is an error allocating memory
  1073. with XMALLOC
  1074. \return BUFFER_E Returned if the converted certificate is too large
  1075. to store in the output buffer
  1076. \return ASN_UNKNOWN_OID_E Returned if the ECC key used is of an
  1077. unknown type
  1078. \return MP_MEM Returned if there is an error in the math library used
  1079. while parsing the private key
  1080. \return MP_VAL Returned if there is an error in the math library used
  1081. while parsing the private key
  1082. \return MP_RANGE Returned if there is an error in the math library used
  1083. while parsing the private key
  1084. \param key pointer to the buffer containing the input ecc key
  1085. \param output pointer to a buffer in which to store the der formatted key
  1086. \param inLen the length of the buffer in which to store the
  1087. der formatted key
  1088. _Example_
  1089. \code
  1090. int derSz;
  1091. ecc_key key;
  1092. // initialize and make key
  1093. byte der[FOURK_BUF];
  1094. // store der formatted key here
  1095. derSz = wc_EccKeyToDer(&key, der, FOURK_BUF);
  1096. if(derSz < 0) {
  1097. // error converting ecc key to der buffer
  1098. }
  1099. \endcode
  1100. \sa wc_RsaKeyToDer
  1101. */
  1102. WOLFSSL_API int wc_EccKeyToDer(ecc_key*, byte* output, word32 inLen);
  1103. /*!
  1104. \ingroup ASN
  1105. \brief Decodes an ECC public key from an input buffer. It will parse an
  1106. ASN sequence to retrieve the ECC key.
  1107. \return 0 Success
  1108. \return BAD_FUNC_ARG Returns if any arguments are null.
  1109. \return ASN_PARSE_E Returns if there is an error parsing
  1110. \return ASN_ECC_KEY_E Returns if there is an error importing the key.
  1111. See wc_ecc_import_x963 for possible reasons.
  1112. \param input Buffer containing DER encoded key to decode.
  1113. \param inOutIdx Index to start reading input buffer from. On output,
  1114. index is set to last position parsed of input buffer.
  1115. \param key Pointer to ecc_key struct to store the public key.
  1116. \param inSz Size of the input buffer.
  1117. _Example_
  1118. \code
  1119. int ret;
  1120. word32 idx = 0;
  1121. byte buff[] = { // initialize with key };
  1122. ecc_key pubKey;
  1123. wc_ecc_init_key(&pubKey);
  1124. if ( wc_EccPublicKeyDecode(buff, &idx, &pubKey, sizeof(buff)) != 0) {
  1125. // error decoding key
  1126. }
  1127. \endcode
  1128. \sa wc_ecc_import_x963
  1129. */
  1130. WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*,
  1131. ecc_key*, word32);
  1132. /*!
  1133. \ingroup ASN
  1134. \brief This function converts the ECC public key to DER format. It
  1135. returns the size of buffer used. The public ECC key in DER format is stored
  1136. in output buffer. with_AlgCurve is a flag for when to include a header that
  1137. has the Algorithm and Curve information.
  1138. \return >0 Success, size of buffer used
  1139. \return BAD_FUNC_ARG Returned if output or key is null.
  1140. \return LENGTH_ONLY_E Error in getting ECC public key size.
  1141. \return BUFFER_E Returned when output buffer is too small.
  1142. \param key Pointer to ECC key
  1143. \param output Pointer to output buffer to write to.
  1144. \param inLen Size of buffer.
  1145. \param with_AlgCurve a flag for when to include a header that has the
  1146. Algorithm and Curve information.
  1147. _Example_
  1148. \code
  1149. ecc_key key;
  1150. wc_ecc_init(&key);
  1151. WC_WC_RNG rng;
  1152. wc_InitRng(&rng);
  1153. wc_ecc_make_key(&rng, 24, &key);
  1154. int derSz = // Some appropriate size for der;
  1155. byte der[derSz];
  1156. if(wc_EccPublicKeyToDer(&key, der, derSz, 1) < 0)
  1157. {
  1158. // Error converting ECC public key to der
  1159. }
  1160. \endcode
  1161. \sa wc_EccKeyToDer
  1162. \sa wc_EccPrivateKeyDecode
  1163. */
  1164. WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output,
  1165. word32 inLen, int with_AlgCurve);
  1166. /*!
  1167. \ingroup ASN
  1168. \brief This function encodes a digital signature into the output buffer,
  1169. and returns the size of the encoded signature created.
  1170. \return Success On successfully writing the encoded signature to output,
  1171. returns the length written to the buffer
  1172. \param out pointer to the buffer where the encoded signature will be written
  1173. \param digest pointer to the digest to use to encode the signature
  1174. \param digSz the length of the buffer containing the digest
  1175. \param hashOID OID identifying the hash type used to generate the
  1176. signature. Valid options, depending on build configurations, are: SHAh,
  1177. SHA256h, SHA384h, SHA512h, MD2h, MD5h, DESb, DES3b, CTC_MD5wRSA,
  1178. CTC_SHAwRSA, CTC_SHA256wRSA, CTC_SHA384wRSA, CTC_SHA512wRSA, CTC_SHAwECDSA,
  1179. CTC_SHA256wECDSA, CTC_SHA384wECDSA, and CTC_SHA512wECDSA.
  1180. \endcode
  1181. \code
  1182. int signSz;
  1183. byte encodedSig[MAX_ENCODED_SIG_SZ];
  1184. Sha256 sha256;
  1185. // initialize sha256 for hashing
  1186. byte* dig = = (byte*)malloc(SHA256_DIGEST_SIZE);
  1187. // perform hashing and hash updating so dig stores SHA-256 hash
  1188. // (see wc_InitSha256, wc_Sha256Update and wc_Sha256Final)
  1189. signSz = wc_EncodeSignature(encodedSig, dig, SHA256_DIGEST_SIZE,SHA256h);
  1190. \endcode
  1191. \sa none
  1192. */
  1193. WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest,
  1194. word32 digSz, int hashOID);
  1195. /*!
  1196. \ingroup ASN
  1197. \brief This function returns the hash OID that corresponds to a hashing
  1198. type. For example, when given the type: SHA512, this function returns the
  1199. identifier corresponding to a SHA512 hash, SHA512h.
  1200. \return Success On success, returns the OID corresponding to the
  1201. appropriate hash to use with that encryption type.
  1202. \return 0 Returned if an unrecognized hash type is passed in as argument.
  1203. \param type the hash type for which to find the OID. Valid options,
  1204. depending on build configuration, include: MD2, MD5, SHA, SHA256, SHA512,
  1205. SHA384, and SHA512.
  1206. _Example_
  1207. \code
  1208. int hashOID;
  1209. hashOID = wc_GetCTC_HashOID(SHA512);
  1210. if (hashOID == 0) {
  1211. // WOLFSSL_SHA512 not defined
  1212. }
  1213. \endcode
  1214. \sa none
  1215. */
  1216. WOLFSSL_API int wc_GetCTC_HashOID(int type);