/src/BearSSL/inc/bearssl_x509.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org> |
3 | | * |
4 | | * Permission is hereby granted, free of charge, to any person obtaining |
5 | | * a copy of this software and associated documentation files (the |
6 | | * "Software"), to deal in the Software without restriction, including |
7 | | * without limitation the rights to use, copy, modify, merge, publish, |
8 | | * distribute, sublicense, and/or sell copies of the Software, and to |
9 | | * permit persons to whom the Software is furnished to do so, subject to |
10 | | * the following conditions: |
11 | | * |
12 | | * The above copyright notice and this permission notice shall be |
13 | | * included in all copies or substantial portions of the Software. |
14 | | * |
15 | | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
16 | | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
17 | | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
18 | | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
19 | | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
20 | | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
21 | | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
22 | | * SOFTWARE. |
23 | | */ |
24 | | |
25 | | #ifndef BR_BEARSSL_X509_H__ |
26 | | #define BR_BEARSSL_X509_H__ |
27 | | |
28 | | #include <stddef.h> |
29 | | #include <stdint.h> |
30 | | |
31 | | #include "bearssl_ec.h" |
32 | | #include "bearssl_hash.h" |
33 | | #include "bearssl_rsa.h" |
34 | | |
35 | | #ifdef __cplusplus |
36 | | extern "C" { |
37 | | #endif |
38 | | |
39 | | /** \file bearssl_x509.h |
40 | | * |
41 | | * # X.509 Certificate Chain Processing |
42 | | * |
43 | | * An X.509 processing engine receives an X.509 chain, chunk by chunk, |
44 | | * as received from a SSL/TLS client or server (the client receives the |
45 | | * server's certificate chain, and the server receives the client's |
46 | | * certificate chain if it requested a client certificate). The chain |
47 | | * is thus injected in the engine in SSL order (end-entity first). |
48 | | * |
49 | | * The engine's job is to return the public key to use for SSL/TLS. |
50 | | * How exactly that key is obtained and verified is entirely up to the |
51 | | * engine. |
52 | | * |
53 | | * **The "known key" engine** returns a public key which is already known |
54 | | * from out-of-band information (e.g. the client _remembers_ the key from |
55 | | * a previous connection, as in the usual SSH model). This is the simplest |
56 | | * engine since it simply ignores the chain, thereby avoiding the need |
57 | | * for any decoding logic. |
58 | | * |
59 | | * **The "minimal" engine** implements minimal X.509 decoding and chain |
60 | | * validation: |
61 | | * |
62 | | * - The provided chain should validate "as is". There is no attempt |
63 | | * at reordering, skipping or downloading extra certificates. |
64 | | * |
65 | | * - X.509 v1, v2 and v3 certificates are supported. |
66 | | * |
67 | | * - Trust anchors are a DN and a public key. Each anchor is either a |
68 | | * "CA" anchor, or a non-CA. |
69 | | * |
70 | | * - If the end-entity certificate matches a non-CA anchor (subject DN |
71 | | * is equal to the non-CA name, and public key is also identical to |
72 | | * the anchor key), then this is a _direct trust_ case and the |
73 | | * remaining certificates are ignored. |
74 | | * |
75 | | * - Unless direct trust is applied, the chain must be verifiable up to |
76 | | * a certificate whose issuer DN matches the DN from a "CA" trust anchor, |
77 | | * and whose signature is verifiable against that anchor's public key. |
78 | | * Subsequent certificates in the chain are ignored. |
79 | | * |
80 | | * - The engine verifies subject/issuer DN matching, and enforces |
81 | | * processing of Basic Constraints and Key Usage extensions. The |
82 | | * Authority Key Identifier, Subject Key Identifier, Issuer Alt Name, |
83 | | * Subject Directory Attribute, CRL Distribution Points, Freshest CRL, |
84 | | * Authority Info Access and Subject Info Access extensions are |
85 | | * ignored. The Subject Alt Name is decoded for the end-entity |
86 | | * certificate under some conditions (see below). Other extensions |
87 | | * are ignored if non-critical, or imply chain rejection if critical. |
88 | | * |
89 | | * - The Subject Alt Name extension is parsed for names of type `dNSName` |
90 | | * when decoding the end-entity certificate, and only if there is a |
91 | | * server name to match. If there is no SAN extension, then the |
92 | | * Common Name from the subjectDN is used. That name matching is |
93 | | * case-insensitive and honours a single starting wildcard (i.e. if |
94 | | * the name in the certificate starts with "`*.`" then this matches |
95 | | * any word as first element). Note: this name matching is performed |
96 | | * also in the "direct trust" model. |
97 | | * |
98 | | * - DN matching is byte-to-byte equality (a future version might |
99 | | * include some limited processing for case-insensitive matching and |
100 | | * whitespace normalisation). |
101 | | * |
102 | | * - Successful validation produces a public key type but also a set |
103 | | * of allowed usages (`BR_KEYTYPE_KEYX` and/or `BR_KEYTYPE_SIGN`). |
104 | | * The caller is responsible for checking that the key type and |
105 | | * usages are compatible with the expected values (e.g. with the |
106 | | * selected cipher suite, when the client validates the server's |
107 | | * certificate). |
108 | | * |
109 | | * **Important caveats:** |
110 | | * |
111 | | * - The "minimal" engine does not check revocation status. The relevant |
112 | | * extensions are ignored, and CRL or OCSP responses are not gathered |
113 | | * or checked. |
114 | | * |
115 | | * - The "minimal" engine does not currently support Name Constraints |
116 | | * (some basic functionality to handle sub-domains may be added in a |
117 | | * later version). |
118 | | * |
119 | | * - The decoder is not "validating" in the sense that it won't reject |
120 | | * some certificates with invalid field values when these fields are |
121 | | * not actually processed. |
122 | | */ |
123 | | |
124 | | /* |
125 | | * X.509 error codes are in the 32..63 range. |
126 | | */ |
127 | | |
128 | | /** \brief X.509 status: validation was successful; this is not actually |
129 | | an error. */ |
130 | | #define BR_ERR_X509_OK 32 |
131 | | |
132 | | /** \brief X.509 status: invalid value in an ASN.1 structure. */ |
133 | | #define BR_ERR_X509_INVALID_VALUE 33 |
134 | | |
135 | | /** \brief X.509 status: truncated certificate. */ |
136 | | #define BR_ERR_X509_TRUNCATED 34 |
137 | | |
138 | | /** \brief X.509 status: empty certificate chain (no certificate at all). */ |
139 | | #define BR_ERR_X509_EMPTY_CHAIN 35 |
140 | | |
141 | | /** \brief X.509 status: decoding error: inner element extends beyond |
142 | | outer element size. */ |
143 | | #define BR_ERR_X509_INNER_TRUNC 36 |
144 | | |
145 | | /** \brief X.509 status: decoding error: unsupported tag class (application |
146 | | or private). */ |
147 | | #define BR_ERR_X509_BAD_TAG_CLASS 37 |
148 | | |
149 | | /** \brief X.509 status: decoding error: unsupported tag value. */ |
150 | | #define BR_ERR_X509_BAD_TAG_VALUE 38 |
151 | | |
152 | | /** \brief X.509 status: decoding error: indefinite length. */ |
153 | | #define BR_ERR_X509_INDEFINITE_LENGTH 39 |
154 | | |
155 | | /** \brief X.509 status: decoding error: extraneous element. */ |
156 | | #define BR_ERR_X509_EXTRA_ELEMENT 40 |
157 | | |
158 | | /** \brief X.509 status: decoding error: unexpected element. */ |
159 | | #define BR_ERR_X509_UNEXPECTED 41 |
160 | | |
161 | | /** \brief X.509 status: decoding error: expected constructed element, but |
162 | | is primitive. */ |
163 | | #define BR_ERR_X509_NOT_CONSTRUCTED 42 |
164 | | |
165 | | /** \brief X.509 status: decoding error: expected primitive element, but |
166 | | is constructed. */ |
167 | | #define BR_ERR_X509_NOT_PRIMITIVE 43 |
168 | | |
169 | | /** \brief X.509 status: decoding error: BIT STRING length is not multiple |
170 | | of 8. */ |
171 | | #define BR_ERR_X509_PARTIAL_BYTE 44 |
172 | | |
173 | | /** \brief X.509 status: decoding error: BOOLEAN value has invalid length. */ |
174 | | #define BR_ERR_X509_BAD_BOOLEAN 45 |
175 | | |
176 | | /** \brief X.509 status: decoding error: value is off-limits. */ |
177 | | #define BR_ERR_X509_OVERFLOW 46 |
178 | | |
179 | | /** \brief X.509 status: invalid distinguished name. */ |
180 | | #define BR_ERR_X509_BAD_DN 47 |
181 | | |
182 | | /** \brief X.509 status: invalid date/time representation. */ |
183 | | #define BR_ERR_X509_BAD_TIME 48 |
184 | | |
185 | | /** \brief X.509 status: certificate contains unsupported features that |
186 | | cannot be ignored. */ |
187 | | #define BR_ERR_X509_UNSUPPORTED 49 |
188 | | |
189 | | /** \brief X.509 status: key or signature size exceeds internal limits. */ |
190 | | #define BR_ERR_X509_LIMIT_EXCEEDED 50 |
191 | | |
192 | | /** \brief X.509 status: key type does not match that which was expected. */ |
193 | | #define BR_ERR_X509_WRONG_KEY_TYPE 51 |
194 | | |
195 | | /** \brief X.509 status: signature is invalid. */ |
196 | | #define BR_ERR_X509_BAD_SIGNATURE 52 |
197 | | |
198 | | /** \brief X.509 status: validation time is unknown. */ |
199 | | #define BR_ERR_X509_TIME_UNKNOWN 53 |
200 | | |
201 | | /** \brief X.509 status: certificate is expired or not yet valid. */ |
202 | | #define BR_ERR_X509_EXPIRED 54 |
203 | | |
204 | | /** \brief X.509 status: issuer/subject DN mismatch in the chain. */ |
205 | | #define BR_ERR_X509_DN_MISMATCH 55 |
206 | | |
207 | | /** \brief X.509 status: expected server name was not found in the chain. */ |
208 | | #define BR_ERR_X509_BAD_SERVER_NAME 56 |
209 | | |
210 | | /** \brief X.509 status: unknown critical extension in certificate. */ |
211 | | #define BR_ERR_X509_CRITICAL_EXTENSION 57 |
212 | | |
213 | | /** \brief X.509 status: not a CA, or path length constraint violation */ |
214 | | #define BR_ERR_X509_NOT_CA 58 |
215 | | |
216 | | /** \brief X.509 status: Key Usage extension prohibits intended usage. */ |
217 | | #define BR_ERR_X509_FORBIDDEN_KEY_USAGE 59 |
218 | | |
219 | | /** \brief X.509 status: public key found in certificate is too small. */ |
220 | | #define BR_ERR_X509_WEAK_PUBLIC_KEY 60 |
221 | | |
222 | | /** \brief X.509 status: chain could not be linked to a trust anchor. */ |
223 | | #define BR_ERR_X509_NOT_TRUSTED 62 |
224 | | |
225 | | /** |
226 | | * \brief Aggregate structure for public keys. |
227 | | */ |
228 | | typedef struct { |
229 | | /** \brief Key type: `BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC` */ |
230 | | unsigned char key_type; |
231 | | /** \brief Actual public key. */ |
232 | | union { |
233 | | /** \brief RSA public key. */ |
234 | | br_rsa_public_key rsa; |
235 | | /** \brief EC public key. */ |
236 | | br_ec_public_key ec; |
237 | | } key; |
238 | | } br_x509_pkey; |
239 | | |
240 | | /** |
241 | | * \brief Distinguished Name (X.500) structure. |
242 | | * |
243 | | * The DN is DER-encoded. |
244 | | */ |
245 | | typedef struct { |
246 | | /** \brief Encoded DN data. */ |
247 | | unsigned char *data; |
248 | | /** \brief Encoded DN length (in bytes). */ |
249 | | size_t len; |
250 | | } br_x500_name; |
251 | | |
252 | | /** |
253 | | * \brief Trust anchor structure. |
254 | | */ |
255 | | typedef struct { |
256 | | /** \brief Encoded DN (X.500 name). */ |
257 | | br_x500_name dn; |
258 | | /** \brief Anchor flags (e.g. `BR_X509_TA_CA`). */ |
259 | | unsigned flags; |
260 | | /** \brief Anchor public key. */ |
261 | | br_x509_pkey pkey; |
262 | | } br_x509_trust_anchor; |
263 | | |
264 | | /** |
265 | | * \brief Trust anchor flag: CA. |
266 | | * |
267 | | * A "CA" anchor is deemed fit to verify signatures on certificates. |
268 | | * A "non-CA" anchor is accepted only for direct trust (server's |
269 | | * certificate name and key match the anchor). |
270 | | */ |
271 | | #define BR_X509_TA_CA 0x0001 |
272 | | |
273 | | /* |
274 | | * Key type: combination of a basic key type (low 4 bits) and some |
275 | | * optional flags. |
276 | | * |
277 | | * For a public key, the basic key type only is set. |
278 | | * |
279 | | * For an expected key type, the flags indicate the intended purpose(s) |
280 | | * for the key; the basic key type may be set to 0 to indicate that any |
281 | | * key type compatible with the indicated purpose is acceptable. |
282 | | */ |
283 | | /** \brief Key type: algorithm is RSA. */ |
284 | | #define BR_KEYTYPE_RSA 1 |
285 | | /** \brief Key type: algorithm is EC. */ |
286 | | #define BR_KEYTYPE_EC 2 |
287 | | |
288 | | /** |
289 | | * \brief Key type: usage is "key exchange". |
290 | | * |
291 | | * This value is combined (with bitwise OR) with the algorithm |
292 | | * (`BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`) when informing the X.509 |
293 | | * validation engine that it should find a public key of that type, |
294 | | * fit for key exchanges (e.g. `TLS_RSA_*` and `TLS_ECDH_*` cipher |
295 | | * suites). |
296 | | */ |
297 | | #define BR_KEYTYPE_KEYX 0x10 |
298 | | |
299 | | /** |
300 | | * \brief Key type: usage is "signature". |
301 | | * |
302 | | * This value is combined (with bitwise OR) with the algorithm |
303 | | * (`BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`) when informing the X.509 |
304 | | * validation engine that it should find a public key of that type, |
305 | | * fit for signatures (e.g. `TLS_ECDHE_*` cipher suites). |
306 | | */ |
307 | | #define BR_KEYTYPE_SIGN 0x20 |
308 | | |
309 | | /* |
310 | | * start_chain Called when a new chain is started. If 'server_name' |
311 | | * is not NULL and non-empty, then it is a name that |
312 | | * should be looked for in the EE certificate (in the |
313 | | * SAN extension as dNSName, or in the subjectDN's CN |
314 | | * if there is no SAN extension). |
315 | | * The caller ensures that the provided 'server_name' |
316 | | * pointer remains valid throughout validation. |
317 | | * |
318 | | * start_cert Begins a new certificate in the chain. The provided |
319 | | * length is in bytes; this is the total certificate length. |
320 | | * |
321 | | * append Get some additional bytes for the current certificate. |
322 | | * |
323 | | * end_cert Ends the current certificate. |
324 | | * |
325 | | * end_chain Called at the end of the chain. Returned value is |
326 | | * 0 on success, or a non-zero error code. |
327 | | * |
328 | | * get_pkey Returns the EE certificate public key. |
329 | | * |
330 | | * For a complete chain, start_chain() and end_chain() are always |
331 | | * called. For each certificate, start_cert(), some append() calls, then |
332 | | * end_cert() are called, in that order. There may be no append() call |
333 | | * at all if the certificate is empty (which is not valid but may happen |
334 | | * if the peer sends exactly that). |
335 | | * |
336 | | * get_pkey() shall return a pointer to a structure that is valid as |
337 | | * long as a new chain is not started. This may be a sub-structure |
338 | | * within the context for the engine. This function MAY return a valid |
339 | | * pointer to a public key even in some cases of validation failure, |
340 | | * depending on the validation engine. |
341 | | */ |
342 | | |
343 | | /** |
344 | | * \brief Class type for an X.509 engine. |
345 | | * |
346 | | * A certificate chain validation uses a caller-allocated context, which |
347 | | * contains the running state for that validation. Methods are called |
348 | | * in due order: |
349 | | * |
350 | | * - `start_chain()` is called at the start of the validation. |
351 | | * - Certificates are processed one by one, in SSL order (end-entity |
352 | | * comes first). For each certificate, the following methods are |
353 | | * called: |
354 | | * |
355 | | * - `start_cert()` at the beginning of the certificate. |
356 | | * - `append()` is called zero, one or more times, to provide |
357 | | * the certificate (possibly in chunks). |
358 | | * - `end_cert()` at the end of the certificate. |
359 | | * |
360 | | * - `end_chain()` is called when the last certificate in the chain |
361 | | * was processed. |
362 | | * - `get_pkey()` is called after chain processing, if the chain |
363 | | * validation was successful. |
364 | | * |
365 | | * A context structure may be reused; the `start_chain()` method shall |
366 | | * ensure (re)initialisation. |
367 | | */ |
368 | | typedef struct br_x509_class_ br_x509_class; |
369 | | struct br_x509_class_ { |
370 | | /** |
371 | | * \brief X.509 context size, in bytes. |
372 | | */ |
373 | | size_t context_size; |
374 | | |
375 | | /** |
376 | | * \brief Start a new chain. |
377 | | * |
378 | | * This method shall set the vtable (first field) of the context |
379 | | * structure. |
380 | | * |
381 | | * The `server_name`, if not `NULL`, will be considered as a |
382 | | * fully qualified domain name, to be matched against the `dNSName` |
383 | | * elements of the end-entity certificate's SAN extension (if there |
384 | | * is no SAN, then the Common Name from the subjectDN will be used). |
385 | | * If `server_name` is `NULL` then no such matching is performed. |
386 | | * |
387 | | * \param ctx validation context. |
388 | | * \param server_name server name to match (or `NULL`). |
389 | | */ |
390 | | void (*start_chain)(const br_x509_class **ctx, |
391 | | const char *server_name); |
392 | | |
393 | | /** |
394 | | * \brief Start a new certificate. |
395 | | * |
396 | | * \param ctx validation context. |
397 | | * \param length new certificate length (in bytes). |
398 | | */ |
399 | | void (*start_cert)(const br_x509_class **ctx, uint32_t length); |
400 | | |
401 | | /** |
402 | | * \brief Receive some bytes for the current certificate. |
403 | | * |
404 | | * This function may be called several times in succession for |
405 | | * a given certificate. The caller guarantees that for each |
406 | | * call, `len` is not zero, and the sum of all chunk lengths |
407 | | * for a certificate matches the total certificate length which |
408 | | * was provided in the previous `start_cert()` call. |
409 | | * |
410 | | * If the new certificate is empty (no byte at all) then this |
411 | | * function won't be called at all. |
412 | | * |
413 | | * \param ctx validation context. |
414 | | * \param buf certificate data chunk. |
415 | | * \param len certificate data chunk length (in bytes). |
416 | | */ |
417 | | void (*append)(const br_x509_class **ctx, |
418 | | const unsigned char *buf, size_t len); |
419 | | |
420 | | /** |
421 | | * \brief Finish the current certificate. |
422 | | * |
423 | | * This function is called when the end of the current certificate |
424 | | * is reached. |
425 | | * |
426 | | * \param ctx validation context. |
427 | | */ |
428 | | void (*end_cert)(const br_x509_class **ctx); |
429 | | |
430 | | /** |
431 | | * \brief Finish the chain. |
432 | | * |
433 | | * This function is called at the end of the chain. It shall |
434 | | * return either 0 if the validation was successful, or a |
435 | | * non-zero error code. The `BR_ERR_X509_*` constants are |
436 | | * error codes, though other values may be possible. |
437 | | * |
438 | | * \param ctx validation context. |
439 | | * \return 0 on success, or a non-zero error code. |
440 | | */ |
441 | | unsigned (*end_chain)(const br_x509_class **ctx); |
442 | | |
443 | | /** |
444 | | * \brief Get the resulting end-entity public key. |
445 | | * |
446 | | * The decoded public key is returned. The returned pointer |
447 | | * may be valid only as long as the context structure is |
448 | | * unmodified, i.e. it may cease to be valid if the context |
449 | | * is released or reused. |
450 | | * |
451 | | * This function _may_ return `NULL` if the validation failed. |
452 | | * However, returning a public key does not mean that the |
453 | | * validation was wholly successful; some engines may return |
454 | | * a decoded public key even if the chain did not end on a |
455 | | * trusted anchor. |
456 | | * |
457 | | * If validation succeeded and `usage` is not `NULL`, then |
458 | | * `*usage` is filled with a combination of `BR_KEYTYPE_SIGN` |
459 | | * and/or `BR_KEYTYPE_KEYX` that specifies the validated key |
460 | | * usage types. It is the caller's responsibility to check |
461 | | * that value against the intended use of the public key. |
462 | | * |
463 | | * \param ctx validation context. |
464 | | * \return the end-entity public key, or `NULL`. |
465 | | */ |
466 | | const br_x509_pkey *(*get_pkey)( |
467 | | const br_x509_class *const *ctx, unsigned *usages); |
468 | | }; |
469 | | |
470 | | /** |
471 | | * \brief The "known key" X.509 engine structure. |
472 | | * |
473 | | * The structure contents are opaque (they shall not be accessed directly), |
474 | | * except for the first field (the vtable). |
475 | | * |
476 | | * The "known key" engine returns an externally configured public key, |
477 | | * and totally ignores the certificate contents. |
478 | | */ |
479 | | typedef struct { |
480 | | /** \brief Reference to the context vtable. */ |
481 | | const br_x509_class *vtable; |
482 | | #ifndef BR_DOXYGEN_IGNORE |
483 | | br_x509_pkey pkey; |
484 | | unsigned usages; |
485 | | #endif |
486 | | } br_x509_knownkey_context; |
487 | | |
488 | | /** |
489 | | * \brief Class instance for the "known key" X.509 engine. |
490 | | */ |
491 | | extern const br_x509_class br_x509_knownkey_vtable; |
492 | | |
493 | | /** |
494 | | * \brief Initialize a "known key" X.509 engine with a known RSA public key. |
495 | | * |
496 | | * The `usages` parameter indicates the allowed key usages for that key |
497 | | * (`BR_KEYTYPE_KEYX` and/or `BR_KEYTYPE_SIGN`). |
498 | | * |
499 | | * The provided pointers are linked in, not copied, so they must remain |
500 | | * valid while the public key may be in usage. |
501 | | * |
502 | | * \param ctx context to initialise. |
503 | | * \param pk known public key. |
504 | | * \param usages allowed key usages. |
505 | | */ |
506 | | void br_x509_knownkey_init_rsa(br_x509_knownkey_context *ctx, |
507 | | const br_rsa_public_key *pk, unsigned usages); |
508 | | |
509 | | /** |
510 | | * \brief Initialize a "known key" X.509 engine with a known EC public key. |
511 | | * |
512 | | * The `usages` parameter indicates the allowed key usages for that key |
513 | | * (`BR_KEYTYPE_KEYX` and/or `BR_KEYTYPE_SIGN`). |
514 | | * |
515 | | * The provided pointers are linked in, not copied, so they must remain |
516 | | * valid while the public key may be in usage. |
517 | | * |
518 | | * \param ctx context to initialise. |
519 | | * \param pk known public key. |
520 | | * \param usages allowed key usages. |
521 | | */ |
522 | | void br_x509_knownkey_init_ec(br_x509_knownkey_context *ctx, |
523 | | const br_ec_public_key *pk, unsigned usages); |
524 | | |
525 | | #ifndef BR_DOXYGEN_IGNORE |
526 | | /* |
527 | | * The minimal X.509 engine has some state buffers which must be large |
528 | | * enough to simultaneously accommodate: |
529 | | * -- the public key extracted from the current certificate; |
530 | | * -- the signature on the current certificate or on the previous |
531 | | * certificate; |
532 | | * -- the public key extracted from the EE certificate. |
533 | | * |
534 | | * We store public key elements in their raw unsigned big-endian |
535 | | * encoding. We want to support up to RSA-4096 with a short (up to 64 |
536 | | * bits) public exponent, thus a buffer for a public key must have |
537 | | * length at least 520 bytes. Similarly, a RSA-4096 signature has length |
538 | | * 512 bytes. |
539 | | * |
540 | | * Though RSA public exponents can formally be as large as the modulus |
541 | | * (mathematically, even larger exponents would work, but PKCS#1 forbids |
542 | | * them), exponents that do not fit on 32 bits are extremely rare, |
543 | | * notably because some widespread implementations (e.g. Microsoft's |
544 | | * CryptoAPI) don't support them. Moreover, large public exponent do not |
545 | | * seem to imply any tangible security benefit, and they increase the |
546 | | * cost of public key operations. The X.509 "minimal" engine will tolerate |
547 | | * public exponents of arbitrary size as long as the modulus and the |
548 | | * exponent can fit together in the dedicated buffer. |
549 | | * |
550 | | * EC public keys are shorter than RSA public keys; even with curve |
551 | | * NIST P-521 (the largest curve we care to support), a public key is |
552 | | * encoded over 133 bytes only. |
553 | | */ |
554 | | #define BR_X509_BUFSIZE_KEY 520 |
555 | | #define BR_X509_BUFSIZE_SIG 512 |
556 | | #endif |
557 | | |
558 | | /** |
559 | | * \brief Type for receiving a name element. |
560 | | * |
561 | | * An array of such structures can be provided to the X.509 decoding |
562 | | * engines. If the specified elements are found in the certificate |
563 | | * subject DN or the SAN extension, then the name contents are copied |
564 | | * as zero-terminated strings into the buffer. |
565 | | * |
566 | | * The decoder converts TeletexString and BMPString to UTF8String, and |
567 | | * ensures that the resulting string is zero-terminated. If the string |
568 | | * does not fit in the provided buffer, then the copy is aborted and an |
569 | | * error is reported. |
570 | | */ |
571 | | typedef struct { |
572 | | /** |
573 | | * \brief Element OID. |
574 | | * |
575 | | * For X.500 name elements (to be extracted from the subject DN), |
576 | | * this is the encoded OID for the requested name element; the |
577 | | * first byte shall contain the length of the DER-encoded OID |
578 | | * value, followed by the OID value (for instance, OID 2.5.4.3, |
579 | | * for id-at-commonName, will be `03 55 04 03`). This is |
580 | | * equivalent to full DER encoding with the length but without |
581 | | * the tag. |
582 | | * |
583 | | * For SAN name elements, the first byte (`oid[0]`) has value 0, |
584 | | * followed by another byte that matches the expected GeneralName |
585 | | * tag. Allowed second byte values are then: |
586 | | * |
587 | | * - 1: `rfc822Name` |
588 | | * |
589 | | * - 2: `dNSName` |
590 | | * |
591 | | * - 6: `uniformResourceIdentifier` |
592 | | * |
593 | | * - 0: `otherName` |
594 | | * |
595 | | * If first and second byte are 0, then this is a SAN element of |
596 | | * type `otherName`; the `oid[]` array should then contain, right |
597 | | * after the two bytes of value 0, an encoded OID (with the same |
598 | | * conventions as for X.500 name elements). If a match is found |
599 | | * for that OID, then the corresponding name element will be |
600 | | * extracted, as long as it is a supported string type. |
601 | | */ |
602 | | const unsigned char *oid; |
603 | | |
604 | | /** |
605 | | * \brief Destination buffer. |
606 | | */ |
607 | | char *buf; |
608 | | |
609 | | /** |
610 | | * \brief Length (in bytes) of the destination buffer. |
611 | | * |
612 | | * The buffer MUST NOT be smaller than 1 byte. |
613 | | */ |
614 | | size_t len; |
615 | | |
616 | | /** |
617 | | * \brief Decoding status. |
618 | | * |
619 | | * Status is 0 if the name element was not found, 1 if it was |
620 | | * found and decoded, or -1 on error. Error conditions include |
621 | | * an unrecognised encoding, an invalid encoding, or a string |
622 | | * too large for the destination buffer. |
623 | | */ |
624 | | int status; |
625 | | |
626 | | } br_name_element; |
627 | | |
628 | | /** |
629 | | * \brief Callback for validity date checks. |
630 | | * |
631 | | * The function receives as parameter an arbitrary user-provided context, |
632 | | * and the notBefore and notAfter dates specified in an X.509 certificate, |
633 | | * both expressed as a number of days and a number of seconds: |
634 | | * |
635 | | * - Days are counted in a proleptic Gregorian calendar since |
636 | | * January 1st, 0 AD. Year "0 AD" is the one that preceded "1 AD"; |
637 | | * it is also traditionally known as "1 BC". |
638 | | * |
639 | | * - Seconds are counted since midnight, from 0 to 86400 (a count of |
640 | | * 86400 is possible only if a leap second happened). |
641 | | * |
642 | | * Each date and time is understood in the UTC time zone. The "Unix |
643 | | * Epoch" (January 1st, 1970, 00:00 UTC) corresponds to days=719528 and |
644 | | * seconds=0; the "Windows Epoch" (January 1st, 1601, 00:00 UTC) is |
645 | | * days=584754, seconds=0. |
646 | | * |
647 | | * This function must return -1 if the current date is strictly before |
648 | | * the "notBefore" time, or +1 if the current date is strictly after the |
649 | | * "notAfter" time. If neither condition holds, then the function returns |
650 | | * 0, which means that the current date falls within the validity range of |
651 | | * the certificate. If the function returns a value distinct from -1, 0 |
652 | | * and +1, then this is interpreted as an unavailability of the current |
653 | | * time, which normally ends the validation process with a |
654 | | * `BR_ERR_X509_TIME_UNKNOWN` error. |
655 | | * |
656 | | * During path validation, this callback will be invoked for each |
657 | | * considered X.509 certificate. Validation fails if any of the calls |
658 | | * returns a non-zero value. |
659 | | * |
660 | | * The context value is an abritrary pointer set by the caller when |
661 | | * configuring this callback. |
662 | | * |
663 | | * \param tctx context pointer. |
664 | | * \param not_before_days notBefore date (days since Jan 1st, 0 AD). |
665 | | * \param not_before_seconds notBefore time (seconds, at most 86400). |
666 | | * \param not_after_days notAfter date (days since Jan 1st, 0 AD). |
667 | | * \param not_after_seconds notAfter time (seconds, at most 86400). |
668 | | * \return -1, 0 or +1. |
669 | | */ |
670 | | typedef int (*br_x509_time_check)(void *tctx, |
671 | | uint32_t not_before_days, uint32_t not_before_seconds, |
672 | | uint32_t not_after_days, uint32_t not_after_seconds); |
673 | | |
674 | | /** |
675 | | * \brief The "minimal" X.509 engine structure. |
676 | | * |
677 | | * The structure contents are opaque (they shall not be accessed directly), |
678 | | * except for the first field (the vtable). |
679 | | * |
680 | | * The "minimal" engine performs a rudimentary but serviceable X.509 path |
681 | | * validation. |
682 | | */ |
683 | | typedef struct { |
684 | | const br_x509_class *vtable; |
685 | | |
686 | | #ifndef BR_DOXYGEN_IGNORE |
687 | | /* Structure for returning the EE public key. */ |
688 | | br_x509_pkey pkey; |
689 | | |
690 | | /* CPU for the T0 virtual machine. */ |
691 | | struct { |
692 | | uint32_t *dp; |
693 | | uint32_t *rp; |
694 | | const unsigned char *ip; |
695 | | } cpu; |
696 | | uint32_t dp_stack[31]; |
697 | | uint32_t rp_stack[31]; |
698 | | int err; |
699 | | |
700 | | /* Server name to match with the SAN / CN of the EE certificate. */ |
701 | | const char *server_name; |
702 | | |
703 | | /* Validated key usages. */ |
704 | | unsigned char key_usages; |
705 | | |
706 | | /* Explicitly set date and time. */ |
707 | | uint32_t days, seconds; |
708 | | |
709 | | /* Current certificate length (in bytes). Set to 0 when the |
710 | | certificate has been fully processed. */ |
711 | | uint32_t cert_length; |
712 | | |
713 | | /* Number of certificates processed so far in the current chain. |
714 | | It is incremented at the end of the processing of a certificate, |
715 | | so it is 0 for the EE. */ |
716 | | uint32_t num_certs; |
717 | | |
718 | | /* Certificate data chunk. */ |
719 | | const unsigned char *hbuf; |
720 | | size_t hlen; |
721 | | |
722 | | /* The pad serves as destination for various operations. */ |
723 | | unsigned char pad[256]; |
724 | | |
725 | | /* Buffer for EE public key data. */ |
726 | | unsigned char ee_pkey_data[BR_X509_BUFSIZE_KEY]; |
727 | | |
728 | | /* Buffer for currently decoded public key. */ |
729 | | unsigned char pkey_data[BR_X509_BUFSIZE_KEY]; |
730 | | |
731 | | /* Signature type: signer key type, offset to the hash |
732 | | function OID (in the T0 data block) and hash function |
733 | | output length (TBS hash length). */ |
734 | | unsigned char cert_signer_key_type; |
735 | | uint16_t cert_sig_hash_oid; |
736 | | unsigned char cert_sig_hash_len; |
737 | | |
738 | | /* Current/last certificate signature. */ |
739 | | unsigned char cert_sig[BR_X509_BUFSIZE_SIG]; |
740 | | uint16_t cert_sig_len; |
741 | | |
742 | | /* Minimum RSA key length (difference in bytes from 128). */ |
743 | | int16_t min_rsa_size; |
744 | | |
745 | | /* Configured trust anchors. */ |
746 | | const br_x509_trust_anchor *trust_anchors; |
747 | | size_t trust_anchors_num; |
748 | | |
749 | | /* |
750 | | * Multi-hasher for the TBS. |
751 | | */ |
752 | | unsigned char do_mhash; |
753 | | br_multihash_context mhash; |
754 | | unsigned char tbs_hash[64]; |
755 | | |
756 | | /* |
757 | | * Simple hasher for the subject/issuer DN. |
758 | | */ |
759 | | unsigned char do_dn_hash; |
760 | | const br_hash_class *dn_hash_impl; |
761 | | br_hash_compat_context dn_hash; |
762 | | unsigned char current_dn_hash[64]; |
763 | | unsigned char next_dn_hash[64]; |
764 | | unsigned char saved_dn_hash[64]; |
765 | | |
766 | | /* |
767 | | * Name elements to gather. |
768 | | */ |
769 | | br_name_element *name_elts; |
770 | | size_t num_name_elts; |
771 | | |
772 | | /* |
773 | | * Callback function (and context) to get the current date. |
774 | | */ |
775 | | void *itime_ctx; |
776 | | br_x509_time_check itime; |
777 | | |
778 | | /* |
779 | | * Public key cryptography implementations (signature verification). |
780 | | */ |
781 | | br_rsa_pkcs1_vrfy irsa; |
782 | | br_ecdsa_vrfy iecdsa; |
783 | | const br_ec_impl *iec; |
784 | | #endif |
785 | | |
786 | | } br_x509_minimal_context; |
787 | | |
788 | | /** |
789 | | * \brief Class instance for the "minimal" X.509 engine. |
790 | | */ |
791 | | extern const br_x509_class br_x509_minimal_vtable; |
792 | | |
793 | | /** |
794 | | * \brief Initialise a "minimal" X.509 engine. |
795 | | * |
796 | | * The `dn_hash_impl` parameter shall be a hash function internally used |
797 | | * to match X.500 names (subject/issuer DN, and anchor names). Any standard |
798 | | * hash function may be used, but a collision-resistant hash function is |
799 | | * advised. |
800 | | * |
801 | | * After initialization, some implementations for signature verification |
802 | | * (hash functions and signature algorithms) MUST be added. |
803 | | * |
804 | | * \param ctx context to initialise. |
805 | | * \param dn_hash_impl hash function for DN comparisons. |
806 | | * \param trust_anchors trust anchors. |
807 | | * \param trust_anchors_num number of trust anchors. |
808 | | */ |
809 | | void br_x509_minimal_init(br_x509_minimal_context *ctx, |
810 | | const br_hash_class *dn_hash_impl, |
811 | | const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num); |
812 | | |
813 | | /** |
814 | | * \brief Set a supported hash function in an X.509 "minimal" engine. |
815 | | * |
816 | | * Hash functions are used with signature verification algorithms. |
817 | | * Once initialised (with `br_x509_minimal_init()`), the context must |
818 | | * be configured with the hash functions it shall support for that |
819 | | * purpose. The hash function identifier MUST be one of the standard |
820 | | * hash function identifiers (1 to 6, for MD5, SHA-1, SHA-224, SHA-256, |
821 | | * SHA-384 and SHA-512). |
822 | | * |
823 | | * If `impl` is `NULL`, this _removes_ support for the designated |
824 | | * hash function. |
825 | | * |
826 | | * \param ctx validation context. |
827 | | * \param id hash function identifier (from 1 to 6). |
828 | | * \param impl hash function implementation (or `NULL`). |
829 | | */ |
830 | | static inline void |
831 | | br_x509_minimal_set_hash(br_x509_minimal_context *ctx, |
832 | | int id, const br_hash_class *impl) |
833 | 0 | { |
834 | 0 | br_multihash_setimpl(&ctx->mhash, id, impl); |
835 | 0 | } Unexecuted instantiation: module.cpp:br_x509_minimal_set_hash(br_x509_minimal_context*, int, br_hash_class_ const*) Unexecuted instantiation: poly1305_ctmul.c:br_x509_minimal_set_hash Unexecuted instantiation: chacha20_sse2.c:br_x509_minimal_set_hash Unexecuted instantiation: chacha20_ct.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_x86ni.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_ct_ctr.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_ct64.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_ct.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_common.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_minimal_set_hash Unexecuted instantiation: prf_md5sha1.c:br_x509_minimal_set_hash Unexecuted instantiation: prf.c:br_x509_minimal_set_hash Unexecuted instantiation: sysrng.c:br_x509_minimal_set_hash Unexecuted instantiation: hmac_drbg.c:br_x509_minimal_set_hash Unexecuted instantiation: hmac.c:br_x509_minimal_set_hash Unexecuted instantiation: shake.c:br_x509_minimal_set_hash Unexecuted instantiation: hkdf.c:br_x509_minimal_set_hash Unexecuted instantiation: sha2small.c:br_x509_minimal_set_hash Unexecuted instantiation: sha2big.c:br_x509_minimal_set_hash Unexecuted instantiation: sha1.c:br_x509_minimal_set_hash Unexecuted instantiation: md5sha1.c:br_x509_minimal_set_hash Unexecuted instantiation: md5.c:br_x509_minimal_set_hash Unexecuted instantiation: ghash_ctmul32.c:br_x509_minimal_set_hash Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_minimal_set_hash Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_minimal_set_hash Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_minimal_set_hash Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_minimal_set_hash Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_minimal_set_hash Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_secp521r1.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_secp384r1.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_secp256r1.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_pubkey.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_prime_i31.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_prime_i15.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_p256_m64.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_p256_m62.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_p256_m31.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_p256_m15.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_keygen.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_default.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_c25519_m64.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_c25519_m62.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_c25519_m31.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_c25519_m15.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_c25519_i31.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_c25519_i15.c:br_x509_minimal_set_hash Unexecuted instantiation: ec_all_m31.c:br_x509_minimal_set_hash Unexecuted instantiation: enc64be.c:br_x509_minimal_set_hash Unexecuted instantiation: enc32le.c:br_x509_minimal_set_hash Unexecuted instantiation: enc32be.c:br_x509_minimal_set_hash Unexecuted instantiation: dec64be.c:br_x509_minimal_set_hash Unexecuted instantiation: dec32le.c:br_x509_minimal_set_hash Unexecuted instantiation: dec32be.c:br_x509_minimal_set_hash Unexecuted instantiation: ccopy.c:br_x509_minimal_set_hash Unexecuted instantiation: gcm.c:br_x509_minimal_set_hash Unexecuted instantiation: ccm.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_small_enc.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_ct_enc.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_ct64_enc.c:br_x509_minimal_set_hash Unexecuted instantiation: aes_big_enc.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_sub.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_rshift.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_ninv31.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_montmul.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_modpow.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_iszero.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_fmont.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_encode.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_decode.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_decmod.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_bitlen.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_add.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_sub.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_rshift.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_ninv15.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_montmul.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_modpow.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_iszero.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_fmont.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_encode.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_decode.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_decmod.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_bitlen.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_add.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_tmont.c:br_x509_minimal_set_hash Unexecuted instantiation: i31_muladd.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_tmont.c:br_x509_minimal_set_hash Unexecuted instantiation: i15_muladd.c:br_x509_minimal_set_hash Unexecuted instantiation: i32_div32.c:br_x509_minimal_set_hash |
836 | | |
837 | | /** |
838 | | * \brief Set a RSA signature verification implementation in the X.509 |
839 | | * "minimal" engine. |
840 | | * |
841 | | * Once initialised (with `br_x509_minimal_init()`), the context must |
842 | | * be configured with the signature verification implementations that |
843 | | * it is supposed to support. If `irsa` is `0`, then the RSA support |
844 | | * is disabled. |
845 | | * |
846 | | * \param ctx validation context. |
847 | | * \param irsa RSA signature verification implementation (or `0`). |
848 | | */ |
849 | | static inline void |
850 | | br_x509_minimal_set_rsa(br_x509_minimal_context *ctx, |
851 | | br_rsa_pkcs1_vrfy irsa) |
852 | 0 | { |
853 | 0 | ctx->irsa = irsa; |
854 | 0 | } Unexecuted instantiation: module.cpp:br_x509_minimal_set_rsa(br_x509_minimal_context*, unsigned int (*)(unsigned char const*, unsigned long, unsigned char const*, unsigned long, br_rsa_public_key const*, unsigned char*)) Unexecuted instantiation: poly1305_ctmul.c:br_x509_minimal_set_rsa Unexecuted instantiation: chacha20_sse2.c:br_x509_minimal_set_rsa Unexecuted instantiation: chacha20_ct.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_x86ni.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_ct_ctr.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_ct64.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_ct.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_common.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_minimal_set_rsa Unexecuted instantiation: prf_md5sha1.c:br_x509_minimal_set_rsa Unexecuted instantiation: prf.c:br_x509_minimal_set_rsa Unexecuted instantiation: sysrng.c:br_x509_minimal_set_rsa Unexecuted instantiation: hmac_drbg.c:br_x509_minimal_set_rsa Unexecuted instantiation: hmac.c:br_x509_minimal_set_rsa Unexecuted instantiation: shake.c:br_x509_minimal_set_rsa Unexecuted instantiation: hkdf.c:br_x509_minimal_set_rsa Unexecuted instantiation: sha2small.c:br_x509_minimal_set_rsa Unexecuted instantiation: sha2big.c:br_x509_minimal_set_rsa Unexecuted instantiation: sha1.c:br_x509_minimal_set_rsa Unexecuted instantiation: md5sha1.c:br_x509_minimal_set_rsa Unexecuted instantiation: md5.c:br_x509_minimal_set_rsa Unexecuted instantiation: ghash_ctmul32.c:br_x509_minimal_set_rsa Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_minimal_set_rsa Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_minimal_set_rsa Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_minimal_set_rsa Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_minimal_set_rsa Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_minimal_set_rsa Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_secp521r1.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_secp384r1.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_secp256r1.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_pubkey.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_prime_i31.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_prime_i15.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_p256_m64.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_p256_m62.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_p256_m31.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_p256_m15.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_keygen.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_default.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_c25519_m64.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_c25519_m62.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_c25519_m31.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_c25519_m15.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_c25519_i31.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_c25519_i15.c:br_x509_minimal_set_rsa Unexecuted instantiation: ec_all_m31.c:br_x509_minimal_set_rsa Unexecuted instantiation: enc64be.c:br_x509_minimal_set_rsa Unexecuted instantiation: enc32le.c:br_x509_minimal_set_rsa Unexecuted instantiation: enc32be.c:br_x509_minimal_set_rsa Unexecuted instantiation: dec64be.c:br_x509_minimal_set_rsa Unexecuted instantiation: dec32le.c:br_x509_minimal_set_rsa Unexecuted instantiation: dec32be.c:br_x509_minimal_set_rsa Unexecuted instantiation: ccopy.c:br_x509_minimal_set_rsa Unexecuted instantiation: gcm.c:br_x509_minimal_set_rsa Unexecuted instantiation: ccm.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_small_enc.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_ct_enc.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_ct64_enc.c:br_x509_minimal_set_rsa Unexecuted instantiation: aes_big_enc.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_sub.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_rshift.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_ninv31.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_montmul.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_modpow.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_iszero.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_fmont.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_encode.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_decode.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_decmod.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_bitlen.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_add.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_sub.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_rshift.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_ninv15.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_montmul.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_modpow.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_iszero.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_fmont.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_encode.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_decode.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_decmod.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_bitlen.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_add.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_tmont.c:br_x509_minimal_set_rsa Unexecuted instantiation: i31_muladd.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_tmont.c:br_x509_minimal_set_rsa Unexecuted instantiation: i15_muladd.c:br_x509_minimal_set_rsa Unexecuted instantiation: i32_div32.c:br_x509_minimal_set_rsa |
855 | | |
856 | | /** |
857 | | * \brief Set a ECDSA signature verification implementation in the X.509 |
858 | | * "minimal" engine. |
859 | | * |
860 | | * Once initialised (with `br_x509_minimal_init()`), the context must |
861 | | * be configured with the signature verification implementations that |
862 | | * it is supposed to support. |
863 | | * |
864 | | * If `iecdsa` is `0`, then this call disables ECDSA support; in that |
865 | | * case, `iec` may be `NULL`. Otherwise, `iecdsa` MUST point to a function |
866 | | * that verifies ECDSA signatures with format "asn1", and it will use |
867 | | * `iec` as underlying elliptic curve support. |
868 | | * |
869 | | * \param ctx validation context. |
870 | | * \param iec elliptic curve implementation (or `NULL`). |
871 | | * \param iecdsa ECDSA implementation (or `0`). |
872 | | */ |
873 | | static inline void |
874 | | br_x509_minimal_set_ecdsa(br_x509_minimal_context *ctx, |
875 | | const br_ec_impl *iec, br_ecdsa_vrfy iecdsa) |
876 | 0 | { |
877 | 0 | ctx->iecdsa = iecdsa; |
878 | 0 | ctx->iec = iec; |
879 | 0 | } Unexecuted instantiation: module.cpp:br_x509_minimal_set_ecdsa(br_x509_minimal_context*, br_ec_impl const*, unsigned int (*)(br_ec_impl const*, void const*, unsigned long, br_ec_public_key const*, void const*, unsigned long)) Unexecuted instantiation: poly1305_ctmul.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: chacha20_sse2.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: chacha20_ct.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_x86ni.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_ct_ctr.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_ct64.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_ct.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_common.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: prf_md5sha1.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: prf.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: sysrng.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: hmac_drbg.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: hmac.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: shake.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: hkdf.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: sha2small.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: sha2big.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: sha1.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: md5sha1.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: md5.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ghash_ctmul32.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_secp521r1.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_secp384r1.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_secp256r1.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_pubkey.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_prime_i31.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_prime_i15.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_p256_m64.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_p256_m62.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_p256_m31.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_p256_m15.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_keygen.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_default.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_c25519_m64.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_c25519_m62.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_c25519_m31.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_c25519_m15.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_c25519_i31.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_c25519_i15.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ec_all_m31.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: enc64be.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: enc32le.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: enc32be.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: dec64be.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: dec32le.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: dec32be.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ccopy.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: gcm.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: ccm.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_small_enc.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_ct_enc.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_ct64_enc.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: aes_big_enc.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_sub.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_rshift.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_ninv31.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_montmul.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_modpow.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_iszero.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_fmont.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_encode.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_decode.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_decmod.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_bitlen.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_add.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_sub.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_rshift.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_ninv15.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_montmul.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_modpow.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_iszero.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_fmont.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_encode.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_decode.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_decmod.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_bitlen.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_add.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_tmont.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i31_muladd.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_tmont.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i15_muladd.c:br_x509_minimal_set_ecdsa Unexecuted instantiation: i32_div32.c:br_x509_minimal_set_ecdsa |
880 | | |
881 | | /** |
882 | | * \brief Initialise a "minimal" X.509 engine with default algorithms. |
883 | | * |
884 | | * This function performs the same job as `br_x509_minimal_init()`, but |
885 | | * also sets implementations for RSA, ECDSA, and the standard hash |
886 | | * functions. |
887 | | * |
888 | | * \param ctx context to initialise. |
889 | | * \param trust_anchors trust anchors. |
890 | | * \param trust_anchors_num number of trust anchors. |
891 | | */ |
892 | | void br_x509_minimal_init_full(br_x509_minimal_context *ctx, |
893 | | const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num); |
894 | | |
895 | | /** |
896 | | * \brief Set the validation time for the X.509 "minimal" engine. |
897 | | * |
898 | | * The validation time is set as two 32-bit integers, for days and |
899 | | * seconds since a fixed epoch: |
900 | | * |
901 | | * - Days are counted in a proleptic Gregorian calendar since |
902 | | * January 1st, 0 AD. Year "0 AD" is the one that preceded "1 AD"; |
903 | | * it is also traditionally known as "1 BC". |
904 | | * |
905 | | * - Seconds are counted since midnight, from 0 to 86400 (a count of |
906 | | * 86400 is possible only if a leap second happened). |
907 | | * |
908 | | * The validation date and time is understood in the UTC time zone. The |
909 | | * "Unix Epoch" (January 1st, 1970, 00:00 UTC) corresponds to days=719528 |
910 | | * and seconds=0; the "Windows Epoch" (January 1st, 1601, 00:00 UTC) is |
911 | | * days=584754, seconds=0. |
912 | | * |
913 | | * If the validation date and time are not explicitly set, but BearSSL |
914 | | * was compiled with support for the system clock on the underlying |
915 | | * platform, then the current time will automatically be used. Otherwise, |
916 | | * not setting the validation date and time implies a validation |
917 | | * failure (except in case of direct trust of the EE key). |
918 | | * |
919 | | * \param ctx validation context. |
920 | | * \param days days since January 1st, 0 AD (Gregorian calendar). |
921 | | * \param seconds seconds since midnight (0 to 86400). |
922 | | */ |
923 | | static inline void |
924 | | br_x509_minimal_set_time(br_x509_minimal_context *ctx, |
925 | | uint32_t days, uint32_t seconds) |
926 | 0 | { |
927 | 0 | ctx->days = days; |
928 | 0 | ctx->seconds = seconds; |
929 | 0 | ctx->itime = 0; |
930 | 0 | } Unexecuted instantiation: module.cpp:br_x509_minimal_set_time(br_x509_minimal_context*, unsigned int, unsigned int) Unexecuted instantiation: poly1305_ctmul.c:br_x509_minimal_set_time Unexecuted instantiation: chacha20_sse2.c:br_x509_minimal_set_time Unexecuted instantiation: chacha20_ct.c:br_x509_minimal_set_time Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_minimal_set_time Unexecuted instantiation: aes_x86ni.c:br_x509_minimal_set_time Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_minimal_set_time Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_minimal_set_time Unexecuted instantiation: aes_ct_ctr.c:br_x509_minimal_set_time Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_minimal_set_time Unexecuted instantiation: aes_ct64.c:br_x509_minimal_set_time Unexecuted instantiation: aes_ct.c:br_x509_minimal_set_time Unexecuted instantiation: aes_common.c:br_x509_minimal_set_time Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_minimal_set_time Unexecuted instantiation: prf_md5sha1.c:br_x509_minimal_set_time Unexecuted instantiation: prf.c:br_x509_minimal_set_time Unexecuted instantiation: sysrng.c:br_x509_minimal_set_time Unexecuted instantiation: hmac_drbg.c:br_x509_minimal_set_time Unexecuted instantiation: hmac.c:br_x509_minimal_set_time Unexecuted instantiation: shake.c:br_x509_minimal_set_time Unexecuted instantiation: hkdf.c:br_x509_minimal_set_time Unexecuted instantiation: sha2small.c:br_x509_minimal_set_time Unexecuted instantiation: sha2big.c:br_x509_minimal_set_time Unexecuted instantiation: sha1.c:br_x509_minimal_set_time Unexecuted instantiation: md5sha1.c:br_x509_minimal_set_time Unexecuted instantiation: md5.c:br_x509_minimal_set_time Unexecuted instantiation: ghash_ctmul32.c:br_x509_minimal_set_time Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_minimal_set_time Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_minimal_set_time Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_minimal_set_time Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_minimal_set_time Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_minimal_set_time Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_minimal_set_time Unexecuted instantiation: ec_secp521r1.c:br_x509_minimal_set_time Unexecuted instantiation: ec_secp384r1.c:br_x509_minimal_set_time Unexecuted instantiation: ec_secp256r1.c:br_x509_minimal_set_time Unexecuted instantiation: ec_pubkey.c:br_x509_minimal_set_time Unexecuted instantiation: ec_prime_i31.c:br_x509_minimal_set_time Unexecuted instantiation: ec_prime_i15.c:br_x509_minimal_set_time Unexecuted instantiation: ec_p256_m64.c:br_x509_minimal_set_time Unexecuted instantiation: ec_p256_m62.c:br_x509_minimal_set_time Unexecuted instantiation: ec_p256_m31.c:br_x509_minimal_set_time Unexecuted instantiation: ec_p256_m15.c:br_x509_minimal_set_time Unexecuted instantiation: ec_keygen.c:br_x509_minimal_set_time Unexecuted instantiation: ec_default.c:br_x509_minimal_set_time Unexecuted instantiation: ec_c25519_m64.c:br_x509_minimal_set_time Unexecuted instantiation: ec_c25519_m62.c:br_x509_minimal_set_time Unexecuted instantiation: ec_c25519_m31.c:br_x509_minimal_set_time Unexecuted instantiation: ec_c25519_m15.c:br_x509_minimal_set_time Unexecuted instantiation: ec_c25519_i31.c:br_x509_minimal_set_time Unexecuted instantiation: ec_c25519_i15.c:br_x509_minimal_set_time Unexecuted instantiation: ec_all_m31.c:br_x509_minimal_set_time Unexecuted instantiation: enc64be.c:br_x509_minimal_set_time Unexecuted instantiation: enc32le.c:br_x509_minimal_set_time Unexecuted instantiation: enc32be.c:br_x509_minimal_set_time Unexecuted instantiation: dec64be.c:br_x509_minimal_set_time Unexecuted instantiation: dec32le.c:br_x509_minimal_set_time Unexecuted instantiation: dec32be.c:br_x509_minimal_set_time Unexecuted instantiation: ccopy.c:br_x509_minimal_set_time Unexecuted instantiation: gcm.c:br_x509_minimal_set_time Unexecuted instantiation: ccm.c:br_x509_minimal_set_time Unexecuted instantiation: aes_small_enc.c:br_x509_minimal_set_time Unexecuted instantiation: aes_ct_enc.c:br_x509_minimal_set_time Unexecuted instantiation: aes_ct64_enc.c:br_x509_minimal_set_time Unexecuted instantiation: aes_big_enc.c:br_x509_minimal_set_time Unexecuted instantiation: i31_sub.c:br_x509_minimal_set_time Unexecuted instantiation: i31_rshift.c:br_x509_minimal_set_time Unexecuted instantiation: i31_ninv31.c:br_x509_minimal_set_time Unexecuted instantiation: i31_montmul.c:br_x509_minimal_set_time Unexecuted instantiation: i31_modpow.c:br_x509_minimal_set_time Unexecuted instantiation: i31_iszero.c:br_x509_minimal_set_time Unexecuted instantiation: i31_fmont.c:br_x509_minimal_set_time Unexecuted instantiation: i31_encode.c:br_x509_minimal_set_time Unexecuted instantiation: i31_decode.c:br_x509_minimal_set_time Unexecuted instantiation: i31_decmod.c:br_x509_minimal_set_time Unexecuted instantiation: i31_bitlen.c:br_x509_minimal_set_time Unexecuted instantiation: i31_add.c:br_x509_minimal_set_time Unexecuted instantiation: i15_sub.c:br_x509_minimal_set_time Unexecuted instantiation: i15_rshift.c:br_x509_minimal_set_time Unexecuted instantiation: i15_ninv15.c:br_x509_minimal_set_time Unexecuted instantiation: i15_montmul.c:br_x509_minimal_set_time Unexecuted instantiation: i15_modpow.c:br_x509_minimal_set_time Unexecuted instantiation: i15_iszero.c:br_x509_minimal_set_time Unexecuted instantiation: i15_fmont.c:br_x509_minimal_set_time Unexecuted instantiation: i15_encode.c:br_x509_minimal_set_time Unexecuted instantiation: i15_decode.c:br_x509_minimal_set_time Unexecuted instantiation: i15_decmod.c:br_x509_minimal_set_time Unexecuted instantiation: i15_bitlen.c:br_x509_minimal_set_time Unexecuted instantiation: i15_add.c:br_x509_minimal_set_time Unexecuted instantiation: i31_tmont.c:br_x509_minimal_set_time Unexecuted instantiation: i31_muladd.c:br_x509_minimal_set_time Unexecuted instantiation: i15_tmont.c:br_x509_minimal_set_time Unexecuted instantiation: i15_muladd.c:br_x509_minimal_set_time Unexecuted instantiation: i32_div32.c:br_x509_minimal_set_time |
931 | | |
932 | | /** |
933 | | * \brief Set the validity range callback function for the X.509 |
934 | | * "minimal" engine. |
935 | | * |
936 | | * The provided function will be invoked to check whether the validation |
937 | | * date is within the validity range for a given X.509 certificate; a |
938 | | * call will be issued for each considered certificate. The provided |
939 | | * context pointer (itime_ctx) will be passed as first parameter to the |
940 | | * callback. |
941 | | * |
942 | | * \param tctx context for callback invocation. |
943 | | * \param cb callback function. |
944 | | */ |
945 | | static inline void |
946 | | br_x509_minimal_set_time_callback(br_x509_minimal_context *ctx, |
947 | | void *itime_ctx, br_x509_time_check itime) |
948 | 0 | { |
949 | 0 | ctx->itime_ctx = itime_ctx; |
950 | 0 | ctx->itime = itime; |
951 | 0 | } Unexecuted instantiation: module.cpp:br_x509_minimal_set_time_callback(br_x509_minimal_context*, void*, int (*)(void*, unsigned int, unsigned int, unsigned int, unsigned int)) Unexecuted instantiation: poly1305_ctmul.c:br_x509_minimal_set_time_callback Unexecuted instantiation: chacha20_sse2.c:br_x509_minimal_set_time_callback Unexecuted instantiation: chacha20_ct.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_x86ni.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_ct_ctr.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_ct64.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_ct.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_common.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_minimal_set_time_callback Unexecuted instantiation: prf_md5sha1.c:br_x509_minimal_set_time_callback Unexecuted instantiation: prf.c:br_x509_minimal_set_time_callback Unexecuted instantiation: sysrng.c:br_x509_minimal_set_time_callback Unexecuted instantiation: hmac_drbg.c:br_x509_minimal_set_time_callback Unexecuted instantiation: hmac.c:br_x509_minimal_set_time_callback Unexecuted instantiation: shake.c:br_x509_minimal_set_time_callback Unexecuted instantiation: hkdf.c:br_x509_minimal_set_time_callback Unexecuted instantiation: sha2small.c:br_x509_minimal_set_time_callback Unexecuted instantiation: sha2big.c:br_x509_minimal_set_time_callback Unexecuted instantiation: sha1.c:br_x509_minimal_set_time_callback Unexecuted instantiation: md5sha1.c:br_x509_minimal_set_time_callback Unexecuted instantiation: md5.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ghash_ctmul32.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_secp521r1.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_secp384r1.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_secp256r1.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_pubkey.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_prime_i31.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_prime_i15.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_p256_m64.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_p256_m62.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_p256_m31.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_p256_m15.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_keygen.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_default.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_c25519_m64.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_c25519_m62.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_c25519_m31.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_c25519_m15.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_c25519_i31.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_c25519_i15.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ec_all_m31.c:br_x509_minimal_set_time_callback Unexecuted instantiation: enc64be.c:br_x509_minimal_set_time_callback Unexecuted instantiation: enc32le.c:br_x509_minimal_set_time_callback Unexecuted instantiation: enc32be.c:br_x509_minimal_set_time_callback Unexecuted instantiation: dec64be.c:br_x509_minimal_set_time_callback Unexecuted instantiation: dec32le.c:br_x509_minimal_set_time_callback Unexecuted instantiation: dec32be.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ccopy.c:br_x509_minimal_set_time_callback Unexecuted instantiation: gcm.c:br_x509_minimal_set_time_callback Unexecuted instantiation: ccm.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_small_enc.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_ct_enc.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_ct64_enc.c:br_x509_minimal_set_time_callback Unexecuted instantiation: aes_big_enc.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_sub.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_rshift.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_ninv31.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_montmul.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_modpow.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_iszero.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_fmont.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_encode.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_decode.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_decmod.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_bitlen.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_add.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_sub.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_rshift.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_ninv15.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_montmul.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_modpow.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_iszero.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_fmont.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_encode.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_decode.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_decmod.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_bitlen.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_add.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_tmont.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i31_muladd.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_tmont.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i15_muladd.c:br_x509_minimal_set_time_callback Unexecuted instantiation: i32_div32.c:br_x509_minimal_set_time_callback |
952 | | |
953 | | /** |
954 | | * \brief Set the minimal acceptable length for RSA keys (X.509 "minimal" |
955 | | * engine). |
956 | | * |
957 | | * The RSA key length is expressed in bytes. The default minimum key |
958 | | * length is 128 bytes, corresponding to 1017 bits. RSA keys shorter |
959 | | * than the configured length will be rejected, implying validation |
960 | | * failure. This setting applies to keys extracted from certificates |
961 | | * (both end-entity, and intermediate CA) but not to "CA" trust anchors. |
962 | | * |
963 | | * \param ctx validation context. |
964 | | * \param byte_length minimum RSA key length, **in bytes** (not bits). |
965 | | */ |
966 | | static inline void |
967 | | br_x509_minimal_set_minrsa(br_x509_minimal_context *ctx, int byte_length) |
968 | 0 | { |
969 | 0 | ctx->min_rsa_size = (int16_t)(byte_length - 128); |
970 | 0 | } Unexecuted instantiation: module.cpp:br_x509_minimal_set_minrsa(br_x509_minimal_context*, int) Unexecuted instantiation: poly1305_ctmul.c:br_x509_minimal_set_minrsa Unexecuted instantiation: chacha20_sse2.c:br_x509_minimal_set_minrsa Unexecuted instantiation: chacha20_ct.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_x86ni.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_ct_ctr.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_ct64.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_ct.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_common.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_minimal_set_minrsa Unexecuted instantiation: prf_md5sha1.c:br_x509_minimal_set_minrsa Unexecuted instantiation: prf.c:br_x509_minimal_set_minrsa Unexecuted instantiation: sysrng.c:br_x509_minimal_set_minrsa Unexecuted instantiation: hmac_drbg.c:br_x509_minimal_set_minrsa Unexecuted instantiation: hmac.c:br_x509_minimal_set_minrsa Unexecuted instantiation: shake.c:br_x509_minimal_set_minrsa Unexecuted instantiation: hkdf.c:br_x509_minimal_set_minrsa Unexecuted instantiation: sha2small.c:br_x509_minimal_set_minrsa Unexecuted instantiation: sha2big.c:br_x509_minimal_set_minrsa Unexecuted instantiation: sha1.c:br_x509_minimal_set_minrsa Unexecuted instantiation: md5sha1.c:br_x509_minimal_set_minrsa Unexecuted instantiation: md5.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ghash_ctmul32.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_secp521r1.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_secp384r1.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_secp256r1.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_pubkey.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_prime_i31.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_prime_i15.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_p256_m64.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_p256_m62.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_p256_m31.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_p256_m15.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_keygen.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_default.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_c25519_m64.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_c25519_m62.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_c25519_m31.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_c25519_m15.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_c25519_i31.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_c25519_i15.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ec_all_m31.c:br_x509_minimal_set_minrsa Unexecuted instantiation: enc64be.c:br_x509_minimal_set_minrsa Unexecuted instantiation: enc32le.c:br_x509_minimal_set_minrsa Unexecuted instantiation: enc32be.c:br_x509_minimal_set_minrsa Unexecuted instantiation: dec64be.c:br_x509_minimal_set_minrsa Unexecuted instantiation: dec32le.c:br_x509_minimal_set_minrsa Unexecuted instantiation: dec32be.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ccopy.c:br_x509_minimal_set_minrsa Unexecuted instantiation: gcm.c:br_x509_minimal_set_minrsa Unexecuted instantiation: ccm.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_small_enc.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_ct_enc.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_ct64_enc.c:br_x509_minimal_set_minrsa Unexecuted instantiation: aes_big_enc.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_sub.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_rshift.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_ninv31.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_montmul.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_modpow.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_iszero.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_fmont.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_encode.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_decode.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_decmod.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_bitlen.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_add.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_sub.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_rshift.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_ninv15.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_montmul.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_modpow.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_iszero.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_fmont.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_encode.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_decode.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_decmod.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_bitlen.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_add.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_tmont.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i31_muladd.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_tmont.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i15_muladd.c:br_x509_minimal_set_minrsa Unexecuted instantiation: i32_div32.c:br_x509_minimal_set_minrsa |
971 | | |
972 | | /** |
973 | | * \brief Set the name elements to gather. |
974 | | * |
975 | | * The provided array is linked in the context. The elements are |
976 | | * gathered from the EE certificate. If the same element type is |
977 | | * requested several times, then the relevant structures will be filled |
978 | | * in the order the matching values are encountered in the certificate. |
979 | | * |
980 | | * \param ctx validation context. |
981 | | * \param elts array of name element structures to fill. |
982 | | * \param num_elts number of name element structures to fill. |
983 | | */ |
984 | | static inline void |
985 | | br_x509_minimal_set_name_elements(br_x509_minimal_context *ctx, |
986 | | br_name_element *elts, size_t num_elts) |
987 | 0 | { |
988 | 0 | ctx->name_elts = elts; |
989 | 0 | ctx->num_name_elts = num_elts; |
990 | 0 | } Unexecuted instantiation: module.cpp:br_x509_minimal_set_name_elements(br_x509_minimal_context*, br_name_element*, unsigned long) Unexecuted instantiation: poly1305_ctmul.c:br_x509_minimal_set_name_elements Unexecuted instantiation: chacha20_sse2.c:br_x509_minimal_set_name_elements Unexecuted instantiation: chacha20_ct.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_x86ni.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_ct_ctr.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_ct64.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_ct.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_common.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_minimal_set_name_elements Unexecuted instantiation: prf_md5sha1.c:br_x509_minimal_set_name_elements Unexecuted instantiation: prf.c:br_x509_minimal_set_name_elements Unexecuted instantiation: sysrng.c:br_x509_minimal_set_name_elements Unexecuted instantiation: hmac_drbg.c:br_x509_minimal_set_name_elements Unexecuted instantiation: hmac.c:br_x509_minimal_set_name_elements Unexecuted instantiation: shake.c:br_x509_minimal_set_name_elements Unexecuted instantiation: hkdf.c:br_x509_minimal_set_name_elements Unexecuted instantiation: sha2small.c:br_x509_minimal_set_name_elements Unexecuted instantiation: sha2big.c:br_x509_minimal_set_name_elements Unexecuted instantiation: sha1.c:br_x509_minimal_set_name_elements Unexecuted instantiation: md5sha1.c:br_x509_minimal_set_name_elements Unexecuted instantiation: md5.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ghash_ctmul32.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_secp521r1.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_secp384r1.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_secp256r1.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_pubkey.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_prime_i31.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_prime_i15.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_p256_m64.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_p256_m62.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_p256_m31.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_p256_m15.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_keygen.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_default.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_c25519_m64.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_c25519_m62.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_c25519_m31.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_c25519_m15.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_c25519_i31.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_c25519_i15.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ec_all_m31.c:br_x509_minimal_set_name_elements Unexecuted instantiation: enc64be.c:br_x509_minimal_set_name_elements Unexecuted instantiation: enc32le.c:br_x509_minimal_set_name_elements Unexecuted instantiation: enc32be.c:br_x509_minimal_set_name_elements Unexecuted instantiation: dec64be.c:br_x509_minimal_set_name_elements Unexecuted instantiation: dec32le.c:br_x509_minimal_set_name_elements Unexecuted instantiation: dec32be.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ccopy.c:br_x509_minimal_set_name_elements Unexecuted instantiation: gcm.c:br_x509_minimal_set_name_elements Unexecuted instantiation: ccm.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_small_enc.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_ct_enc.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_ct64_enc.c:br_x509_minimal_set_name_elements Unexecuted instantiation: aes_big_enc.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_sub.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_rshift.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_ninv31.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_montmul.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_modpow.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_iszero.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_fmont.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_encode.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_decode.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_decmod.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_bitlen.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_add.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_sub.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_rshift.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_ninv15.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_montmul.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_modpow.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_iszero.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_fmont.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_encode.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_decode.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_decmod.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_bitlen.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_add.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_tmont.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i31_muladd.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_tmont.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i15_muladd.c:br_x509_minimal_set_name_elements Unexecuted instantiation: i32_div32.c:br_x509_minimal_set_name_elements |
991 | | |
992 | | /** |
993 | | * \brief X.509 decoder context. |
994 | | * |
995 | | * This structure is _not_ for X.509 validation, but for extracting |
996 | | * names and public keys from encoded certificates. Intended usage is |
997 | | * to use (self-signed) certificates as trust anchors. |
998 | | * |
999 | | * Contents are opaque and shall not be accessed directly. |
1000 | | */ |
1001 | | typedef struct { |
1002 | | |
1003 | | #ifndef BR_DOXYGEN_IGNORE |
1004 | | /* Structure for returning the public key. */ |
1005 | | br_x509_pkey pkey; |
1006 | | |
1007 | | /* CPU for the T0 virtual machine. */ |
1008 | | struct { |
1009 | | uint32_t *dp; |
1010 | | uint32_t *rp; |
1011 | | const unsigned char *ip; |
1012 | | } cpu; |
1013 | | uint32_t dp_stack[32]; |
1014 | | uint32_t rp_stack[32]; |
1015 | | int err; |
1016 | | |
1017 | | /* The pad serves as destination for various operations. */ |
1018 | | unsigned char pad[256]; |
1019 | | |
1020 | | /* Flag set when decoding succeeds. */ |
1021 | | unsigned char decoded; |
1022 | | |
1023 | | /* Validity dates. */ |
1024 | | uint32_t notbefore_days, notbefore_seconds; |
1025 | | uint32_t notafter_days, notafter_seconds; |
1026 | | |
1027 | | /* The "CA" flag. This is set to true if the certificate contains |
1028 | | a Basic Constraints extension that asserts CA status. */ |
1029 | | unsigned char isCA; |
1030 | | |
1031 | | /* DN processing: the subject DN is extracted and pushed to the |
1032 | | provided callback. */ |
1033 | | unsigned char copy_dn; |
1034 | | void *append_dn_ctx; |
1035 | | void (*append_dn)(void *ctx, const void *buf, size_t len); |
1036 | | |
1037 | | /* Certificate data chunk. */ |
1038 | | const unsigned char *hbuf; |
1039 | | size_t hlen; |
1040 | | |
1041 | | /* Buffer for decoded public key. */ |
1042 | | unsigned char pkey_data[BR_X509_BUFSIZE_KEY]; |
1043 | | |
1044 | | /* Type of key and hash function used in the certificate signature. */ |
1045 | | unsigned char signer_key_type; |
1046 | | unsigned char signer_hash_id; |
1047 | | #endif |
1048 | | |
1049 | | } br_x509_decoder_context; |
1050 | | |
1051 | | /** |
1052 | | * \brief Initialise an X.509 decoder context for processing a new |
1053 | | * certificate. |
1054 | | * |
1055 | | * The `append_dn()` callback (with opaque context `append_dn_ctx`) |
1056 | | * will be invoked to receive, chunk by chunk, the certificate's |
1057 | | * subject DN. If `append_dn` is `0` then the subject DN will be |
1058 | | * ignored. |
1059 | | * |
1060 | | * \param ctx X.509 decoder context to initialise. |
1061 | | * \param append_dn DN receiver callback (or `0`). |
1062 | | * \param append_dn_ctx context for the DN receiver callback. |
1063 | | */ |
1064 | | void br_x509_decoder_init(br_x509_decoder_context *ctx, |
1065 | | void (*append_dn)(void *ctx, const void *buf, size_t len), |
1066 | | void *append_dn_ctx); |
1067 | | |
1068 | | /** |
1069 | | * \brief Push some certificate bytes into a decoder context. |
1070 | | * |
1071 | | * If `len` is non-zero, then that many bytes are pushed, from address |
1072 | | * `data`, into the provided decoder context. |
1073 | | * |
1074 | | * \param ctx X.509 decoder context. |
1075 | | * \param data certificate data chunk. |
1076 | | * \param len certificate data chunk length (in bytes). |
1077 | | */ |
1078 | | void br_x509_decoder_push(br_x509_decoder_context *ctx, |
1079 | | const void *data, size_t len); |
1080 | | |
1081 | | /** |
1082 | | * \brief Obtain the decoded public key. |
1083 | | * |
1084 | | * Returned value is a pointer to a structure internal to the decoder |
1085 | | * context; releasing or reusing the decoder context invalidates that |
1086 | | * structure. |
1087 | | * |
1088 | | * If decoding was not finished, or failed, then `NULL` is returned. |
1089 | | * |
1090 | | * \param ctx X.509 decoder context. |
1091 | | * \return the public key, or `NULL` on unfinished/error. |
1092 | | */ |
1093 | | static inline br_x509_pkey * |
1094 | | br_x509_decoder_get_pkey(br_x509_decoder_context *ctx) |
1095 | 0 | { |
1096 | 0 | if (ctx->decoded && ctx->err == 0) { |
1097 | 0 | return &ctx->pkey; |
1098 | 0 | } else { |
1099 | 0 | return NULL; |
1100 | 0 | } |
1101 | 0 | } Unexecuted instantiation: module.cpp:br_x509_decoder_get_pkey(br_x509_decoder_context*) Unexecuted instantiation: poly1305_ctmul.c:br_x509_decoder_get_pkey Unexecuted instantiation: chacha20_sse2.c:br_x509_decoder_get_pkey Unexecuted instantiation: chacha20_ct.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_x86ni.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_ct_ctr.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_ct64.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_ct.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_common.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_decoder_get_pkey Unexecuted instantiation: prf_md5sha1.c:br_x509_decoder_get_pkey Unexecuted instantiation: prf.c:br_x509_decoder_get_pkey Unexecuted instantiation: sysrng.c:br_x509_decoder_get_pkey Unexecuted instantiation: hmac_drbg.c:br_x509_decoder_get_pkey Unexecuted instantiation: hmac.c:br_x509_decoder_get_pkey Unexecuted instantiation: shake.c:br_x509_decoder_get_pkey Unexecuted instantiation: hkdf.c:br_x509_decoder_get_pkey Unexecuted instantiation: sha2small.c:br_x509_decoder_get_pkey Unexecuted instantiation: sha2big.c:br_x509_decoder_get_pkey Unexecuted instantiation: sha1.c:br_x509_decoder_get_pkey Unexecuted instantiation: md5sha1.c:br_x509_decoder_get_pkey Unexecuted instantiation: md5.c:br_x509_decoder_get_pkey Unexecuted instantiation: ghash_ctmul32.c:br_x509_decoder_get_pkey Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_decoder_get_pkey Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_decoder_get_pkey Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_decoder_get_pkey Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_decoder_get_pkey Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_decoder_get_pkey Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_secp521r1.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_secp384r1.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_secp256r1.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_pubkey.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_prime_i31.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_prime_i15.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_p256_m64.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_p256_m62.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_p256_m31.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_p256_m15.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_keygen.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_default.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_c25519_m64.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_c25519_m62.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_c25519_m31.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_c25519_m15.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_c25519_i31.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_c25519_i15.c:br_x509_decoder_get_pkey Unexecuted instantiation: ec_all_m31.c:br_x509_decoder_get_pkey Unexecuted instantiation: enc64be.c:br_x509_decoder_get_pkey Unexecuted instantiation: enc32le.c:br_x509_decoder_get_pkey Unexecuted instantiation: enc32be.c:br_x509_decoder_get_pkey Unexecuted instantiation: dec64be.c:br_x509_decoder_get_pkey Unexecuted instantiation: dec32le.c:br_x509_decoder_get_pkey Unexecuted instantiation: dec32be.c:br_x509_decoder_get_pkey Unexecuted instantiation: ccopy.c:br_x509_decoder_get_pkey Unexecuted instantiation: gcm.c:br_x509_decoder_get_pkey Unexecuted instantiation: ccm.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_small_enc.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_ct_enc.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_ct64_enc.c:br_x509_decoder_get_pkey Unexecuted instantiation: aes_big_enc.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_sub.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_rshift.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_ninv31.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_montmul.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_modpow.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_iszero.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_fmont.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_encode.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_decode.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_decmod.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_bitlen.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_add.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_sub.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_rshift.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_ninv15.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_montmul.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_modpow.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_iszero.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_fmont.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_encode.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_decode.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_decmod.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_bitlen.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_add.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_tmont.c:br_x509_decoder_get_pkey Unexecuted instantiation: i31_muladd.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_tmont.c:br_x509_decoder_get_pkey Unexecuted instantiation: i15_muladd.c:br_x509_decoder_get_pkey Unexecuted instantiation: i32_div32.c:br_x509_decoder_get_pkey |
1102 | | |
1103 | | /** |
1104 | | * \brief Get decoder error status. |
1105 | | * |
1106 | | * If no error was reported yet but the certificate decoding is not |
1107 | | * finished, then the error code is `BR_ERR_X509_TRUNCATED`. If decoding |
1108 | | * was successful, then 0 is returned. |
1109 | | * |
1110 | | * \param ctx X.509 decoder context. |
1111 | | * \return 0 on successful decoding, or a non-zero error code. |
1112 | | */ |
1113 | | static inline int |
1114 | | br_x509_decoder_last_error(br_x509_decoder_context *ctx) |
1115 | 0 | { |
1116 | 0 | if (ctx->err != 0) { |
1117 | 0 | return ctx->err; |
1118 | 0 | } |
1119 | 0 | if (!ctx->decoded) { |
1120 | 0 | return BR_ERR_X509_TRUNCATED; |
1121 | 0 | } |
1122 | 0 | return 0; |
1123 | 0 | } Unexecuted instantiation: module.cpp:br_x509_decoder_last_error(br_x509_decoder_context*) Unexecuted instantiation: poly1305_ctmul.c:br_x509_decoder_last_error Unexecuted instantiation: chacha20_sse2.c:br_x509_decoder_last_error Unexecuted instantiation: chacha20_ct.c:br_x509_decoder_last_error Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_decoder_last_error Unexecuted instantiation: aes_x86ni.c:br_x509_decoder_last_error Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_decoder_last_error Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_decoder_last_error Unexecuted instantiation: aes_ct_ctr.c:br_x509_decoder_last_error Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_decoder_last_error Unexecuted instantiation: aes_ct64.c:br_x509_decoder_last_error Unexecuted instantiation: aes_ct.c:br_x509_decoder_last_error Unexecuted instantiation: aes_common.c:br_x509_decoder_last_error Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_decoder_last_error Unexecuted instantiation: prf_md5sha1.c:br_x509_decoder_last_error Unexecuted instantiation: prf.c:br_x509_decoder_last_error Unexecuted instantiation: sysrng.c:br_x509_decoder_last_error Unexecuted instantiation: hmac_drbg.c:br_x509_decoder_last_error Unexecuted instantiation: hmac.c:br_x509_decoder_last_error Unexecuted instantiation: shake.c:br_x509_decoder_last_error Unexecuted instantiation: hkdf.c:br_x509_decoder_last_error Unexecuted instantiation: sha2small.c:br_x509_decoder_last_error Unexecuted instantiation: sha2big.c:br_x509_decoder_last_error Unexecuted instantiation: sha1.c:br_x509_decoder_last_error Unexecuted instantiation: md5sha1.c:br_x509_decoder_last_error Unexecuted instantiation: md5.c:br_x509_decoder_last_error Unexecuted instantiation: ghash_ctmul32.c:br_x509_decoder_last_error Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_decoder_last_error Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_decoder_last_error Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_decoder_last_error Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_decoder_last_error Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_decoder_last_error Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_decoder_last_error Unexecuted instantiation: ec_secp521r1.c:br_x509_decoder_last_error Unexecuted instantiation: ec_secp384r1.c:br_x509_decoder_last_error Unexecuted instantiation: ec_secp256r1.c:br_x509_decoder_last_error Unexecuted instantiation: ec_pubkey.c:br_x509_decoder_last_error Unexecuted instantiation: ec_prime_i31.c:br_x509_decoder_last_error Unexecuted instantiation: ec_prime_i15.c:br_x509_decoder_last_error Unexecuted instantiation: ec_p256_m64.c:br_x509_decoder_last_error Unexecuted instantiation: ec_p256_m62.c:br_x509_decoder_last_error Unexecuted instantiation: ec_p256_m31.c:br_x509_decoder_last_error Unexecuted instantiation: ec_p256_m15.c:br_x509_decoder_last_error Unexecuted instantiation: ec_keygen.c:br_x509_decoder_last_error Unexecuted instantiation: ec_default.c:br_x509_decoder_last_error Unexecuted instantiation: ec_c25519_m64.c:br_x509_decoder_last_error Unexecuted instantiation: ec_c25519_m62.c:br_x509_decoder_last_error Unexecuted instantiation: ec_c25519_m31.c:br_x509_decoder_last_error Unexecuted instantiation: ec_c25519_m15.c:br_x509_decoder_last_error Unexecuted instantiation: ec_c25519_i31.c:br_x509_decoder_last_error Unexecuted instantiation: ec_c25519_i15.c:br_x509_decoder_last_error Unexecuted instantiation: ec_all_m31.c:br_x509_decoder_last_error Unexecuted instantiation: enc64be.c:br_x509_decoder_last_error Unexecuted instantiation: enc32le.c:br_x509_decoder_last_error Unexecuted instantiation: enc32be.c:br_x509_decoder_last_error Unexecuted instantiation: dec64be.c:br_x509_decoder_last_error Unexecuted instantiation: dec32le.c:br_x509_decoder_last_error Unexecuted instantiation: dec32be.c:br_x509_decoder_last_error Unexecuted instantiation: ccopy.c:br_x509_decoder_last_error Unexecuted instantiation: gcm.c:br_x509_decoder_last_error Unexecuted instantiation: ccm.c:br_x509_decoder_last_error Unexecuted instantiation: aes_small_enc.c:br_x509_decoder_last_error Unexecuted instantiation: aes_ct_enc.c:br_x509_decoder_last_error Unexecuted instantiation: aes_ct64_enc.c:br_x509_decoder_last_error Unexecuted instantiation: aes_big_enc.c:br_x509_decoder_last_error Unexecuted instantiation: i31_sub.c:br_x509_decoder_last_error Unexecuted instantiation: i31_rshift.c:br_x509_decoder_last_error Unexecuted instantiation: i31_ninv31.c:br_x509_decoder_last_error Unexecuted instantiation: i31_montmul.c:br_x509_decoder_last_error Unexecuted instantiation: i31_modpow.c:br_x509_decoder_last_error Unexecuted instantiation: i31_iszero.c:br_x509_decoder_last_error Unexecuted instantiation: i31_fmont.c:br_x509_decoder_last_error Unexecuted instantiation: i31_encode.c:br_x509_decoder_last_error Unexecuted instantiation: i31_decode.c:br_x509_decoder_last_error Unexecuted instantiation: i31_decmod.c:br_x509_decoder_last_error Unexecuted instantiation: i31_bitlen.c:br_x509_decoder_last_error Unexecuted instantiation: i31_add.c:br_x509_decoder_last_error Unexecuted instantiation: i15_sub.c:br_x509_decoder_last_error Unexecuted instantiation: i15_rshift.c:br_x509_decoder_last_error Unexecuted instantiation: i15_ninv15.c:br_x509_decoder_last_error Unexecuted instantiation: i15_montmul.c:br_x509_decoder_last_error Unexecuted instantiation: i15_modpow.c:br_x509_decoder_last_error Unexecuted instantiation: i15_iszero.c:br_x509_decoder_last_error Unexecuted instantiation: i15_fmont.c:br_x509_decoder_last_error Unexecuted instantiation: i15_encode.c:br_x509_decoder_last_error Unexecuted instantiation: i15_decode.c:br_x509_decoder_last_error Unexecuted instantiation: i15_decmod.c:br_x509_decoder_last_error Unexecuted instantiation: i15_bitlen.c:br_x509_decoder_last_error Unexecuted instantiation: i15_add.c:br_x509_decoder_last_error Unexecuted instantiation: i31_tmont.c:br_x509_decoder_last_error Unexecuted instantiation: i31_muladd.c:br_x509_decoder_last_error Unexecuted instantiation: i15_tmont.c:br_x509_decoder_last_error Unexecuted instantiation: i15_muladd.c:br_x509_decoder_last_error Unexecuted instantiation: i32_div32.c:br_x509_decoder_last_error |
1124 | | |
1125 | | /** |
1126 | | * \brief Get the "isCA" flag from an X.509 decoder context. |
1127 | | * |
1128 | | * This flag is set if the decoded certificate claims to be a CA through |
1129 | | * a Basic Constraints extension. This flag should not be read before |
1130 | | * decoding completed successfully. |
1131 | | * |
1132 | | * \param ctx X.509 decoder context. |
1133 | | * \return the "isCA" flag. |
1134 | | */ |
1135 | | static inline int |
1136 | | br_x509_decoder_isCA(br_x509_decoder_context *ctx) |
1137 | 0 | { |
1138 | 0 | return ctx->isCA; |
1139 | 0 | } Unexecuted instantiation: module.cpp:br_x509_decoder_isCA(br_x509_decoder_context*) Unexecuted instantiation: poly1305_ctmul.c:br_x509_decoder_isCA Unexecuted instantiation: chacha20_sse2.c:br_x509_decoder_isCA Unexecuted instantiation: chacha20_ct.c:br_x509_decoder_isCA Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_decoder_isCA Unexecuted instantiation: aes_x86ni.c:br_x509_decoder_isCA Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_decoder_isCA Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_decoder_isCA Unexecuted instantiation: aes_ct_ctr.c:br_x509_decoder_isCA Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_decoder_isCA Unexecuted instantiation: aes_ct64.c:br_x509_decoder_isCA Unexecuted instantiation: aes_ct.c:br_x509_decoder_isCA Unexecuted instantiation: aes_common.c:br_x509_decoder_isCA Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_decoder_isCA Unexecuted instantiation: prf_md5sha1.c:br_x509_decoder_isCA Unexecuted instantiation: prf.c:br_x509_decoder_isCA Unexecuted instantiation: sysrng.c:br_x509_decoder_isCA Unexecuted instantiation: hmac_drbg.c:br_x509_decoder_isCA Unexecuted instantiation: hmac.c:br_x509_decoder_isCA Unexecuted instantiation: shake.c:br_x509_decoder_isCA Unexecuted instantiation: hkdf.c:br_x509_decoder_isCA Unexecuted instantiation: sha2small.c:br_x509_decoder_isCA Unexecuted instantiation: sha2big.c:br_x509_decoder_isCA Unexecuted instantiation: sha1.c:br_x509_decoder_isCA Unexecuted instantiation: md5sha1.c:br_x509_decoder_isCA Unexecuted instantiation: md5.c:br_x509_decoder_isCA Unexecuted instantiation: ghash_ctmul32.c:br_x509_decoder_isCA Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_decoder_isCA Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_decoder_isCA Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_decoder_isCA Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_decoder_isCA Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_decoder_isCA Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_decoder_isCA Unexecuted instantiation: ec_secp521r1.c:br_x509_decoder_isCA Unexecuted instantiation: ec_secp384r1.c:br_x509_decoder_isCA Unexecuted instantiation: ec_secp256r1.c:br_x509_decoder_isCA Unexecuted instantiation: ec_pubkey.c:br_x509_decoder_isCA Unexecuted instantiation: ec_prime_i31.c:br_x509_decoder_isCA Unexecuted instantiation: ec_prime_i15.c:br_x509_decoder_isCA Unexecuted instantiation: ec_p256_m64.c:br_x509_decoder_isCA Unexecuted instantiation: ec_p256_m62.c:br_x509_decoder_isCA Unexecuted instantiation: ec_p256_m31.c:br_x509_decoder_isCA Unexecuted instantiation: ec_p256_m15.c:br_x509_decoder_isCA Unexecuted instantiation: ec_keygen.c:br_x509_decoder_isCA Unexecuted instantiation: ec_default.c:br_x509_decoder_isCA Unexecuted instantiation: ec_c25519_m64.c:br_x509_decoder_isCA Unexecuted instantiation: ec_c25519_m62.c:br_x509_decoder_isCA Unexecuted instantiation: ec_c25519_m31.c:br_x509_decoder_isCA Unexecuted instantiation: ec_c25519_m15.c:br_x509_decoder_isCA Unexecuted instantiation: ec_c25519_i31.c:br_x509_decoder_isCA Unexecuted instantiation: ec_c25519_i15.c:br_x509_decoder_isCA Unexecuted instantiation: ec_all_m31.c:br_x509_decoder_isCA Unexecuted instantiation: enc64be.c:br_x509_decoder_isCA Unexecuted instantiation: enc32le.c:br_x509_decoder_isCA Unexecuted instantiation: enc32be.c:br_x509_decoder_isCA Unexecuted instantiation: dec64be.c:br_x509_decoder_isCA Unexecuted instantiation: dec32le.c:br_x509_decoder_isCA Unexecuted instantiation: dec32be.c:br_x509_decoder_isCA Unexecuted instantiation: ccopy.c:br_x509_decoder_isCA Unexecuted instantiation: gcm.c:br_x509_decoder_isCA Unexecuted instantiation: ccm.c:br_x509_decoder_isCA Unexecuted instantiation: aes_small_enc.c:br_x509_decoder_isCA Unexecuted instantiation: aes_ct_enc.c:br_x509_decoder_isCA Unexecuted instantiation: aes_ct64_enc.c:br_x509_decoder_isCA Unexecuted instantiation: aes_big_enc.c:br_x509_decoder_isCA Unexecuted instantiation: i31_sub.c:br_x509_decoder_isCA Unexecuted instantiation: i31_rshift.c:br_x509_decoder_isCA Unexecuted instantiation: i31_ninv31.c:br_x509_decoder_isCA Unexecuted instantiation: i31_montmul.c:br_x509_decoder_isCA Unexecuted instantiation: i31_modpow.c:br_x509_decoder_isCA Unexecuted instantiation: i31_iszero.c:br_x509_decoder_isCA Unexecuted instantiation: i31_fmont.c:br_x509_decoder_isCA Unexecuted instantiation: i31_encode.c:br_x509_decoder_isCA Unexecuted instantiation: i31_decode.c:br_x509_decoder_isCA Unexecuted instantiation: i31_decmod.c:br_x509_decoder_isCA Unexecuted instantiation: i31_bitlen.c:br_x509_decoder_isCA Unexecuted instantiation: i31_add.c:br_x509_decoder_isCA Unexecuted instantiation: i15_sub.c:br_x509_decoder_isCA Unexecuted instantiation: i15_rshift.c:br_x509_decoder_isCA Unexecuted instantiation: i15_ninv15.c:br_x509_decoder_isCA Unexecuted instantiation: i15_montmul.c:br_x509_decoder_isCA Unexecuted instantiation: i15_modpow.c:br_x509_decoder_isCA Unexecuted instantiation: i15_iszero.c:br_x509_decoder_isCA Unexecuted instantiation: i15_fmont.c:br_x509_decoder_isCA Unexecuted instantiation: i15_encode.c:br_x509_decoder_isCA Unexecuted instantiation: i15_decode.c:br_x509_decoder_isCA Unexecuted instantiation: i15_decmod.c:br_x509_decoder_isCA Unexecuted instantiation: i15_bitlen.c:br_x509_decoder_isCA Unexecuted instantiation: i15_add.c:br_x509_decoder_isCA Unexecuted instantiation: i31_tmont.c:br_x509_decoder_isCA Unexecuted instantiation: i31_muladd.c:br_x509_decoder_isCA Unexecuted instantiation: i15_tmont.c:br_x509_decoder_isCA Unexecuted instantiation: i15_muladd.c:br_x509_decoder_isCA Unexecuted instantiation: i32_div32.c:br_x509_decoder_isCA |
1140 | | |
1141 | | /** |
1142 | | * \brief Get the issuing CA key type (type of algorithm used to sign the |
1143 | | * decoded certificate). |
1144 | | * |
1145 | | * This is `BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`. The value 0 is returned |
1146 | | * if the signature type was not recognised. |
1147 | | * |
1148 | | * \param ctx X.509 decoder context. |
1149 | | * \return the issuing CA key type. |
1150 | | */ |
1151 | | static inline int |
1152 | | br_x509_decoder_get_signer_key_type(br_x509_decoder_context *ctx) |
1153 | 0 | { |
1154 | 0 | return ctx->signer_key_type; |
1155 | 0 | } Unexecuted instantiation: module.cpp:br_x509_decoder_get_signer_key_type(br_x509_decoder_context*) Unexecuted instantiation: poly1305_ctmul.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: chacha20_sse2.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: chacha20_ct.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_x86ni.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_ct_ctr.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_ct64.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_ct.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_common.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: prf_md5sha1.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: prf.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: sysrng.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: hmac_drbg.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: hmac.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: shake.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: hkdf.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: sha2small.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: sha2big.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: sha1.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: md5sha1.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: md5.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ghash_ctmul32.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_secp521r1.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_secp384r1.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_secp256r1.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_pubkey.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_prime_i31.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_prime_i15.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_p256_m64.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_p256_m62.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_p256_m31.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_p256_m15.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_keygen.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_default.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_c25519_m64.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_c25519_m62.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_c25519_m31.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_c25519_m15.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_c25519_i31.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_c25519_i15.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ec_all_m31.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: enc64be.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: enc32le.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: enc32be.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: dec64be.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: dec32le.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: dec32be.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ccopy.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: gcm.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: ccm.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_small_enc.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_ct_enc.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_ct64_enc.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: aes_big_enc.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_sub.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_rshift.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_ninv31.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_montmul.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_modpow.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_iszero.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_fmont.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_encode.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_decode.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_decmod.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_bitlen.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_add.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_sub.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_rshift.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_ninv15.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_montmul.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_modpow.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_iszero.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_fmont.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_encode.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_decode.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_decmod.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_bitlen.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_add.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_tmont.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i31_muladd.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_tmont.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i15_muladd.c:br_x509_decoder_get_signer_key_type Unexecuted instantiation: i32_div32.c:br_x509_decoder_get_signer_key_type |
1156 | | |
1157 | | /** |
1158 | | * \brief Get the identifier for the hash function used to sign the decoded |
1159 | | * certificate. |
1160 | | * |
1161 | | * This is 0 if the hash function was not recognised. |
1162 | | * |
1163 | | * \param ctx X.509 decoder context. |
1164 | | * \return the signature hash function identifier. |
1165 | | */ |
1166 | | static inline int |
1167 | | br_x509_decoder_get_signer_hash_id(br_x509_decoder_context *ctx) |
1168 | 0 | { |
1169 | 0 | return ctx->signer_hash_id; |
1170 | 0 | } Unexecuted instantiation: module.cpp:br_x509_decoder_get_signer_hash_id(br_x509_decoder_context*) Unexecuted instantiation: poly1305_ctmul.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: chacha20_sse2.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: chacha20_ct.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_x86ni.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_small_ctrcbc.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_ct_ctrcbc.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_ct_ctr.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_ct64_ctrcbc.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_ct64.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_ct.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_common.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_big_ctrcbc.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: prf_md5sha1.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: prf.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: sysrng.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: hmac_drbg.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: hmac.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: shake.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: hkdf.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: sha2small.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: sha2big.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: sha1.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: md5sha1.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: md5.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ghash_ctmul32.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ecdsa_i31_bits.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ecdsa_i15_bits.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_secp521r1.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_secp384r1.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_secp256r1.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_pubkey.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_prime_i31.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_prime_i15.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_p256_m64.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_p256_m62.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_p256_m31.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_p256_m15.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_keygen.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_default.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_c25519_m64.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_c25519_m62.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_c25519_m31.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_c25519_m15.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_c25519_i31.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_c25519_i15.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ec_all_m31.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: enc64be.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: enc32le.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: enc32be.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: dec64be.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: dec32le.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: dec32be.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ccopy.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: gcm.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: ccm.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_small_enc.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_ct_enc.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_ct64_enc.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: aes_big_enc.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_sub.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_rshift.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_ninv31.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_montmul.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_modpow.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_iszero.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_fmont.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_encode.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_decode.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_decmod.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_bitlen.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_add.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_sub.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_rshift.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_ninv15.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_montmul.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_modpow.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_iszero.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_fmont.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_encode.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_decode.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_decmod.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_bitlen.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_add.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_tmont.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i31_muladd.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_tmont.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i15_muladd.c:br_x509_decoder_get_signer_hash_id Unexecuted instantiation: i32_div32.c:br_x509_decoder_get_signer_hash_id |
1171 | | |
1172 | | /** |
1173 | | * \brief Type for an X.509 certificate (DER-encoded). |
1174 | | */ |
1175 | | typedef struct { |
1176 | | /** \brief The DER-encoded certificate data. */ |
1177 | | unsigned char *data; |
1178 | | /** \brief The DER-encoded certificate length (in bytes). */ |
1179 | | size_t data_len; |
1180 | | } br_x509_certificate; |
1181 | | |
1182 | | /** |
1183 | | * \brief Private key decoder context. |
1184 | | * |
1185 | | * The private key decoder recognises RSA and EC private keys, either in |
1186 | | * their raw, DER-encoded format, or wrapped in an unencrypted PKCS#8 |
1187 | | * archive (again DER-encoded). |
1188 | | * |
1189 | | * Structure contents are opaque and shall not be accessed directly. |
1190 | | */ |
1191 | | typedef struct { |
1192 | | #ifndef BR_DOXYGEN_IGNORE |
1193 | | /* Structure for returning the private key. */ |
1194 | | union { |
1195 | | br_rsa_private_key rsa; |
1196 | | br_ec_private_key ec; |
1197 | | } key; |
1198 | | |
1199 | | /* CPU for the T0 virtual machine. */ |
1200 | | struct { |
1201 | | uint32_t *dp; |
1202 | | uint32_t *rp; |
1203 | | const unsigned char *ip; |
1204 | | } cpu; |
1205 | | uint32_t dp_stack[32]; |
1206 | | uint32_t rp_stack[32]; |
1207 | | int err; |
1208 | | |
1209 | | /* Private key data chunk. */ |
1210 | | const unsigned char *hbuf; |
1211 | | size_t hlen; |
1212 | | |
1213 | | /* The pad serves as destination for various operations. */ |
1214 | | unsigned char pad[256]; |
1215 | | |
1216 | | /* Decoded key type; 0 until decoding is complete. */ |
1217 | | unsigned char key_type; |
1218 | | |
1219 | | /* Buffer for the private key elements. It shall be large enough |
1220 | | to accommodate all elements for a RSA-4096 private key (roughly |
1221 | | five 2048-bit integers, possibly a bit more). */ |
1222 | | unsigned char key_data[3 * BR_X509_BUFSIZE_SIG]; |
1223 | | #endif |
1224 | | } br_skey_decoder_context; |
1225 | | |
1226 | | /** |
1227 | | * \brief Initialise a private key decoder context. |
1228 | | * |
1229 | | * \param ctx key decoder context to initialise. |
1230 | | */ |
1231 | | void br_skey_decoder_init(br_skey_decoder_context *ctx); |
1232 | | |
1233 | | /** |
1234 | | * \brief Push some data bytes into a private key decoder context. |
1235 | | * |
1236 | | * If `len` is non-zero, then that many data bytes, starting at address |
1237 | | * `data`, are pushed into the decoder. |
1238 | | * |
1239 | | * \param ctx key decoder context. |
1240 | | * \param data private key data chunk. |
1241 | | * \param len private key data chunk length (in bytes). |
1242 | | */ |
1243 | | void br_skey_decoder_push(br_skey_decoder_context *ctx, |
1244 | | const void *data, size_t len); |
1245 | | |
1246 | | /** |
1247 | | * \brief Get the decoding status for a private key. |
1248 | | * |
1249 | | * Decoding status is 0 on success, or a non-zero error code. If the |
1250 | | * decoding is unfinished when this function is called, then the |
1251 | | * status code `BR_ERR_X509_TRUNCATED` is returned. |
1252 | | * |
1253 | | * \param ctx key decoder context. |
1254 | | * \return 0 on successful decoding, or a non-zero error code. |
1255 | | */ |
1256 | | static inline int |
1257 | | br_skey_decoder_last_error(const br_skey_decoder_context *ctx) |
1258 | 0 | { |
1259 | 0 | if (ctx->err != 0) { |
1260 | 0 | return ctx->err; |
1261 | 0 | } |
1262 | 0 | if (ctx->key_type == 0) { |
1263 | 0 | return BR_ERR_X509_TRUNCATED; |
1264 | 0 | } |
1265 | 0 | return 0; |
1266 | 0 | } Unexecuted instantiation: module.cpp:br_skey_decoder_last_error(br_skey_decoder_context const*) Unexecuted instantiation: poly1305_ctmul.c:br_skey_decoder_last_error Unexecuted instantiation: chacha20_sse2.c:br_skey_decoder_last_error Unexecuted instantiation: chacha20_ct.c:br_skey_decoder_last_error Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_skey_decoder_last_error Unexecuted instantiation: aes_x86ni.c:br_skey_decoder_last_error Unexecuted instantiation: aes_small_ctrcbc.c:br_skey_decoder_last_error Unexecuted instantiation: aes_ct_ctrcbc.c:br_skey_decoder_last_error Unexecuted instantiation: aes_ct_ctr.c:br_skey_decoder_last_error Unexecuted instantiation: aes_ct64_ctrcbc.c:br_skey_decoder_last_error Unexecuted instantiation: aes_ct64.c:br_skey_decoder_last_error Unexecuted instantiation: aes_ct.c:br_skey_decoder_last_error Unexecuted instantiation: aes_common.c:br_skey_decoder_last_error Unexecuted instantiation: aes_big_ctrcbc.c:br_skey_decoder_last_error Unexecuted instantiation: prf_md5sha1.c:br_skey_decoder_last_error Unexecuted instantiation: prf.c:br_skey_decoder_last_error Unexecuted instantiation: sysrng.c:br_skey_decoder_last_error Unexecuted instantiation: hmac_drbg.c:br_skey_decoder_last_error Unexecuted instantiation: hmac.c:br_skey_decoder_last_error Unexecuted instantiation: shake.c:br_skey_decoder_last_error Unexecuted instantiation: hkdf.c:br_skey_decoder_last_error Unexecuted instantiation: sha2small.c:br_skey_decoder_last_error Unexecuted instantiation: sha2big.c:br_skey_decoder_last_error Unexecuted instantiation: sha1.c:br_skey_decoder_last_error Unexecuted instantiation: md5sha1.c:br_skey_decoder_last_error Unexecuted instantiation: md5.c:br_skey_decoder_last_error Unexecuted instantiation: ghash_ctmul32.c:br_skey_decoder_last_error Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_skey_decoder_last_error Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_skey_decoder_last_error Unexecuted instantiation: ecdsa_i31_bits.c:br_skey_decoder_last_error Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_skey_decoder_last_error Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_skey_decoder_last_error Unexecuted instantiation: ecdsa_i15_bits.c:br_skey_decoder_last_error Unexecuted instantiation: ec_secp521r1.c:br_skey_decoder_last_error Unexecuted instantiation: ec_secp384r1.c:br_skey_decoder_last_error Unexecuted instantiation: ec_secp256r1.c:br_skey_decoder_last_error Unexecuted instantiation: ec_pubkey.c:br_skey_decoder_last_error Unexecuted instantiation: ec_prime_i31.c:br_skey_decoder_last_error Unexecuted instantiation: ec_prime_i15.c:br_skey_decoder_last_error Unexecuted instantiation: ec_p256_m64.c:br_skey_decoder_last_error Unexecuted instantiation: ec_p256_m62.c:br_skey_decoder_last_error Unexecuted instantiation: ec_p256_m31.c:br_skey_decoder_last_error Unexecuted instantiation: ec_p256_m15.c:br_skey_decoder_last_error Unexecuted instantiation: ec_keygen.c:br_skey_decoder_last_error Unexecuted instantiation: ec_default.c:br_skey_decoder_last_error Unexecuted instantiation: ec_c25519_m64.c:br_skey_decoder_last_error Unexecuted instantiation: ec_c25519_m62.c:br_skey_decoder_last_error Unexecuted instantiation: ec_c25519_m31.c:br_skey_decoder_last_error Unexecuted instantiation: ec_c25519_m15.c:br_skey_decoder_last_error Unexecuted instantiation: ec_c25519_i31.c:br_skey_decoder_last_error Unexecuted instantiation: ec_c25519_i15.c:br_skey_decoder_last_error Unexecuted instantiation: ec_all_m31.c:br_skey_decoder_last_error Unexecuted instantiation: enc64be.c:br_skey_decoder_last_error Unexecuted instantiation: enc32le.c:br_skey_decoder_last_error Unexecuted instantiation: enc32be.c:br_skey_decoder_last_error Unexecuted instantiation: dec64be.c:br_skey_decoder_last_error Unexecuted instantiation: dec32le.c:br_skey_decoder_last_error Unexecuted instantiation: dec32be.c:br_skey_decoder_last_error Unexecuted instantiation: ccopy.c:br_skey_decoder_last_error Unexecuted instantiation: gcm.c:br_skey_decoder_last_error Unexecuted instantiation: ccm.c:br_skey_decoder_last_error Unexecuted instantiation: aes_small_enc.c:br_skey_decoder_last_error Unexecuted instantiation: aes_ct_enc.c:br_skey_decoder_last_error Unexecuted instantiation: aes_ct64_enc.c:br_skey_decoder_last_error Unexecuted instantiation: aes_big_enc.c:br_skey_decoder_last_error Unexecuted instantiation: i31_sub.c:br_skey_decoder_last_error Unexecuted instantiation: i31_rshift.c:br_skey_decoder_last_error Unexecuted instantiation: i31_ninv31.c:br_skey_decoder_last_error Unexecuted instantiation: i31_montmul.c:br_skey_decoder_last_error Unexecuted instantiation: i31_modpow.c:br_skey_decoder_last_error Unexecuted instantiation: i31_iszero.c:br_skey_decoder_last_error Unexecuted instantiation: i31_fmont.c:br_skey_decoder_last_error Unexecuted instantiation: i31_encode.c:br_skey_decoder_last_error Unexecuted instantiation: i31_decode.c:br_skey_decoder_last_error Unexecuted instantiation: i31_decmod.c:br_skey_decoder_last_error Unexecuted instantiation: i31_bitlen.c:br_skey_decoder_last_error Unexecuted instantiation: i31_add.c:br_skey_decoder_last_error Unexecuted instantiation: i15_sub.c:br_skey_decoder_last_error Unexecuted instantiation: i15_rshift.c:br_skey_decoder_last_error Unexecuted instantiation: i15_ninv15.c:br_skey_decoder_last_error Unexecuted instantiation: i15_montmul.c:br_skey_decoder_last_error Unexecuted instantiation: i15_modpow.c:br_skey_decoder_last_error Unexecuted instantiation: i15_iszero.c:br_skey_decoder_last_error Unexecuted instantiation: i15_fmont.c:br_skey_decoder_last_error Unexecuted instantiation: i15_encode.c:br_skey_decoder_last_error Unexecuted instantiation: i15_decode.c:br_skey_decoder_last_error Unexecuted instantiation: i15_decmod.c:br_skey_decoder_last_error Unexecuted instantiation: i15_bitlen.c:br_skey_decoder_last_error Unexecuted instantiation: i15_add.c:br_skey_decoder_last_error Unexecuted instantiation: i31_tmont.c:br_skey_decoder_last_error Unexecuted instantiation: i31_muladd.c:br_skey_decoder_last_error Unexecuted instantiation: i15_tmont.c:br_skey_decoder_last_error Unexecuted instantiation: i15_muladd.c:br_skey_decoder_last_error Unexecuted instantiation: i32_div32.c:br_skey_decoder_last_error |
1267 | | |
1268 | | /** |
1269 | | * \brief Get the decoded private key type. |
1270 | | * |
1271 | | * Private key type is `BR_KEYTYPE_RSA` or `BR_KEYTYPE_EC`. If decoding is |
1272 | | * not finished or failed, then 0 is returned. |
1273 | | * |
1274 | | * \param ctx key decoder context. |
1275 | | * \return decoded private key type, or 0. |
1276 | | */ |
1277 | | static inline int |
1278 | | br_skey_decoder_key_type(const br_skey_decoder_context *ctx) |
1279 | 0 | { |
1280 | 0 | if (ctx->err == 0) { |
1281 | 0 | return ctx->key_type; |
1282 | 0 | } else { |
1283 | 0 | return 0; |
1284 | 0 | } |
1285 | 0 | } Unexecuted instantiation: module.cpp:br_skey_decoder_key_type(br_skey_decoder_context const*) Unexecuted instantiation: poly1305_ctmul.c:br_skey_decoder_key_type Unexecuted instantiation: chacha20_sse2.c:br_skey_decoder_key_type Unexecuted instantiation: chacha20_ct.c:br_skey_decoder_key_type Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_skey_decoder_key_type Unexecuted instantiation: aes_x86ni.c:br_skey_decoder_key_type Unexecuted instantiation: aes_small_ctrcbc.c:br_skey_decoder_key_type Unexecuted instantiation: aes_ct_ctrcbc.c:br_skey_decoder_key_type Unexecuted instantiation: aes_ct_ctr.c:br_skey_decoder_key_type Unexecuted instantiation: aes_ct64_ctrcbc.c:br_skey_decoder_key_type Unexecuted instantiation: aes_ct64.c:br_skey_decoder_key_type Unexecuted instantiation: aes_ct.c:br_skey_decoder_key_type Unexecuted instantiation: aes_common.c:br_skey_decoder_key_type Unexecuted instantiation: aes_big_ctrcbc.c:br_skey_decoder_key_type Unexecuted instantiation: prf_md5sha1.c:br_skey_decoder_key_type Unexecuted instantiation: prf.c:br_skey_decoder_key_type Unexecuted instantiation: sysrng.c:br_skey_decoder_key_type Unexecuted instantiation: hmac_drbg.c:br_skey_decoder_key_type Unexecuted instantiation: hmac.c:br_skey_decoder_key_type Unexecuted instantiation: shake.c:br_skey_decoder_key_type Unexecuted instantiation: hkdf.c:br_skey_decoder_key_type Unexecuted instantiation: sha2small.c:br_skey_decoder_key_type Unexecuted instantiation: sha2big.c:br_skey_decoder_key_type Unexecuted instantiation: sha1.c:br_skey_decoder_key_type Unexecuted instantiation: md5sha1.c:br_skey_decoder_key_type Unexecuted instantiation: md5.c:br_skey_decoder_key_type Unexecuted instantiation: ghash_ctmul32.c:br_skey_decoder_key_type Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_skey_decoder_key_type Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_skey_decoder_key_type Unexecuted instantiation: ecdsa_i31_bits.c:br_skey_decoder_key_type Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_skey_decoder_key_type Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_skey_decoder_key_type Unexecuted instantiation: ecdsa_i15_bits.c:br_skey_decoder_key_type Unexecuted instantiation: ec_secp521r1.c:br_skey_decoder_key_type Unexecuted instantiation: ec_secp384r1.c:br_skey_decoder_key_type Unexecuted instantiation: ec_secp256r1.c:br_skey_decoder_key_type Unexecuted instantiation: ec_pubkey.c:br_skey_decoder_key_type Unexecuted instantiation: ec_prime_i31.c:br_skey_decoder_key_type Unexecuted instantiation: ec_prime_i15.c:br_skey_decoder_key_type Unexecuted instantiation: ec_p256_m64.c:br_skey_decoder_key_type Unexecuted instantiation: ec_p256_m62.c:br_skey_decoder_key_type Unexecuted instantiation: ec_p256_m31.c:br_skey_decoder_key_type Unexecuted instantiation: ec_p256_m15.c:br_skey_decoder_key_type Unexecuted instantiation: ec_keygen.c:br_skey_decoder_key_type Unexecuted instantiation: ec_default.c:br_skey_decoder_key_type Unexecuted instantiation: ec_c25519_m64.c:br_skey_decoder_key_type Unexecuted instantiation: ec_c25519_m62.c:br_skey_decoder_key_type Unexecuted instantiation: ec_c25519_m31.c:br_skey_decoder_key_type Unexecuted instantiation: ec_c25519_m15.c:br_skey_decoder_key_type Unexecuted instantiation: ec_c25519_i31.c:br_skey_decoder_key_type Unexecuted instantiation: ec_c25519_i15.c:br_skey_decoder_key_type Unexecuted instantiation: ec_all_m31.c:br_skey_decoder_key_type Unexecuted instantiation: enc64be.c:br_skey_decoder_key_type Unexecuted instantiation: enc32le.c:br_skey_decoder_key_type Unexecuted instantiation: enc32be.c:br_skey_decoder_key_type Unexecuted instantiation: dec64be.c:br_skey_decoder_key_type Unexecuted instantiation: dec32le.c:br_skey_decoder_key_type Unexecuted instantiation: dec32be.c:br_skey_decoder_key_type Unexecuted instantiation: ccopy.c:br_skey_decoder_key_type Unexecuted instantiation: gcm.c:br_skey_decoder_key_type Unexecuted instantiation: ccm.c:br_skey_decoder_key_type Unexecuted instantiation: aes_small_enc.c:br_skey_decoder_key_type Unexecuted instantiation: aes_ct_enc.c:br_skey_decoder_key_type Unexecuted instantiation: aes_ct64_enc.c:br_skey_decoder_key_type Unexecuted instantiation: aes_big_enc.c:br_skey_decoder_key_type Unexecuted instantiation: i31_sub.c:br_skey_decoder_key_type Unexecuted instantiation: i31_rshift.c:br_skey_decoder_key_type Unexecuted instantiation: i31_ninv31.c:br_skey_decoder_key_type Unexecuted instantiation: i31_montmul.c:br_skey_decoder_key_type Unexecuted instantiation: i31_modpow.c:br_skey_decoder_key_type Unexecuted instantiation: i31_iszero.c:br_skey_decoder_key_type Unexecuted instantiation: i31_fmont.c:br_skey_decoder_key_type Unexecuted instantiation: i31_encode.c:br_skey_decoder_key_type Unexecuted instantiation: i31_decode.c:br_skey_decoder_key_type Unexecuted instantiation: i31_decmod.c:br_skey_decoder_key_type Unexecuted instantiation: i31_bitlen.c:br_skey_decoder_key_type Unexecuted instantiation: i31_add.c:br_skey_decoder_key_type Unexecuted instantiation: i15_sub.c:br_skey_decoder_key_type Unexecuted instantiation: i15_rshift.c:br_skey_decoder_key_type Unexecuted instantiation: i15_ninv15.c:br_skey_decoder_key_type Unexecuted instantiation: i15_montmul.c:br_skey_decoder_key_type Unexecuted instantiation: i15_modpow.c:br_skey_decoder_key_type Unexecuted instantiation: i15_iszero.c:br_skey_decoder_key_type Unexecuted instantiation: i15_fmont.c:br_skey_decoder_key_type Unexecuted instantiation: i15_encode.c:br_skey_decoder_key_type Unexecuted instantiation: i15_decode.c:br_skey_decoder_key_type Unexecuted instantiation: i15_decmod.c:br_skey_decoder_key_type Unexecuted instantiation: i15_bitlen.c:br_skey_decoder_key_type Unexecuted instantiation: i15_add.c:br_skey_decoder_key_type Unexecuted instantiation: i31_tmont.c:br_skey_decoder_key_type Unexecuted instantiation: i31_muladd.c:br_skey_decoder_key_type Unexecuted instantiation: i15_tmont.c:br_skey_decoder_key_type Unexecuted instantiation: i15_muladd.c:br_skey_decoder_key_type Unexecuted instantiation: i32_div32.c:br_skey_decoder_key_type |
1286 | | |
1287 | | /** |
1288 | | * \brief Get the decoded RSA private key. |
1289 | | * |
1290 | | * This function returns `NULL` if the decoding failed, or is not |
1291 | | * finished, or the key is not RSA. The returned pointer references |
1292 | | * structures within the context that can become invalid if the context |
1293 | | * is reused or released. |
1294 | | * |
1295 | | * \param ctx key decoder context. |
1296 | | * \return decoded RSA private key, or `NULL`. |
1297 | | */ |
1298 | | static inline const br_rsa_private_key * |
1299 | | br_skey_decoder_get_rsa(const br_skey_decoder_context *ctx) |
1300 | 0 | { |
1301 | 0 | if (ctx->err == 0 && ctx->key_type == BR_KEYTYPE_RSA) { |
1302 | 0 | return &ctx->key.rsa; |
1303 | 0 | } else { |
1304 | 0 | return NULL; |
1305 | 0 | } |
1306 | 0 | } Unexecuted instantiation: module.cpp:br_skey_decoder_get_rsa(br_skey_decoder_context const*) Unexecuted instantiation: poly1305_ctmul.c:br_skey_decoder_get_rsa Unexecuted instantiation: chacha20_sse2.c:br_skey_decoder_get_rsa Unexecuted instantiation: chacha20_ct.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_x86ni.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_small_ctrcbc.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_ct_ctrcbc.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_ct_ctr.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_ct64_ctrcbc.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_ct64.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_ct.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_common.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_big_ctrcbc.c:br_skey_decoder_get_rsa Unexecuted instantiation: prf_md5sha1.c:br_skey_decoder_get_rsa Unexecuted instantiation: prf.c:br_skey_decoder_get_rsa Unexecuted instantiation: sysrng.c:br_skey_decoder_get_rsa Unexecuted instantiation: hmac_drbg.c:br_skey_decoder_get_rsa Unexecuted instantiation: hmac.c:br_skey_decoder_get_rsa Unexecuted instantiation: shake.c:br_skey_decoder_get_rsa Unexecuted instantiation: hkdf.c:br_skey_decoder_get_rsa Unexecuted instantiation: sha2small.c:br_skey_decoder_get_rsa Unexecuted instantiation: sha2big.c:br_skey_decoder_get_rsa Unexecuted instantiation: sha1.c:br_skey_decoder_get_rsa Unexecuted instantiation: md5sha1.c:br_skey_decoder_get_rsa Unexecuted instantiation: md5.c:br_skey_decoder_get_rsa Unexecuted instantiation: ghash_ctmul32.c:br_skey_decoder_get_rsa Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_skey_decoder_get_rsa Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_skey_decoder_get_rsa Unexecuted instantiation: ecdsa_i31_bits.c:br_skey_decoder_get_rsa Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_skey_decoder_get_rsa Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_skey_decoder_get_rsa Unexecuted instantiation: ecdsa_i15_bits.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_secp521r1.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_secp384r1.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_secp256r1.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_pubkey.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_prime_i31.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_prime_i15.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_p256_m64.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_p256_m62.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_p256_m31.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_p256_m15.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_keygen.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_default.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_c25519_m64.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_c25519_m62.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_c25519_m31.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_c25519_m15.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_c25519_i31.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_c25519_i15.c:br_skey_decoder_get_rsa Unexecuted instantiation: ec_all_m31.c:br_skey_decoder_get_rsa Unexecuted instantiation: enc64be.c:br_skey_decoder_get_rsa Unexecuted instantiation: enc32le.c:br_skey_decoder_get_rsa Unexecuted instantiation: enc32be.c:br_skey_decoder_get_rsa Unexecuted instantiation: dec64be.c:br_skey_decoder_get_rsa Unexecuted instantiation: dec32le.c:br_skey_decoder_get_rsa Unexecuted instantiation: dec32be.c:br_skey_decoder_get_rsa Unexecuted instantiation: ccopy.c:br_skey_decoder_get_rsa Unexecuted instantiation: gcm.c:br_skey_decoder_get_rsa Unexecuted instantiation: ccm.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_small_enc.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_ct_enc.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_ct64_enc.c:br_skey_decoder_get_rsa Unexecuted instantiation: aes_big_enc.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_sub.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_rshift.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_ninv31.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_montmul.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_modpow.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_iszero.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_fmont.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_encode.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_decode.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_decmod.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_bitlen.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_add.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_sub.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_rshift.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_ninv15.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_montmul.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_modpow.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_iszero.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_fmont.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_encode.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_decode.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_decmod.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_bitlen.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_add.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_tmont.c:br_skey_decoder_get_rsa Unexecuted instantiation: i31_muladd.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_tmont.c:br_skey_decoder_get_rsa Unexecuted instantiation: i15_muladd.c:br_skey_decoder_get_rsa Unexecuted instantiation: i32_div32.c:br_skey_decoder_get_rsa |
1307 | | |
1308 | | /** |
1309 | | * \brief Get the decoded EC private key. |
1310 | | * |
1311 | | * This function returns `NULL` if the decoding failed, or is not |
1312 | | * finished, or the key is not EC. The returned pointer references |
1313 | | * structures within the context that can become invalid if the context |
1314 | | * is reused or released. |
1315 | | * |
1316 | | * \param ctx key decoder context. |
1317 | | * \return decoded EC private key, or `NULL`. |
1318 | | */ |
1319 | | static inline const br_ec_private_key * |
1320 | | br_skey_decoder_get_ec(const br_skey_decoder_context *ctx) |
1321 | 0 | { |
1322 | 0 | if (ctx->err == 0 && ctx->key_type == BR_KEYTYPE_EC) { |
1323 | 0 | return &ctx->key.ec; |
1324 | 0 | } else { |
1325 | 0 | return NULL; |
1326 | 0 | } |
1327 | 0 | } Unexecuted instantiation: module.cpp:br_skey_decoder_get_ec(br_skey_decoder_context const*) Unexecuted instantiation: poly1305_ctmul.c:br_skey_decoder_get_ec Unexecuted instantiation: chacha20_sse2.c:br_skey_decoder_get_ec Unexecuted instantiation: chacha20_ct.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_x86ni_ctrcbc.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_x86ni.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_small_ctrcbc.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_ct_ctrcbc.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_ct_ctr.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_ct64_ctrcbc.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_ct64.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_ct.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_common.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_big_ctrcbc.c:br_skey_decoder_get_ec Unexecuted instantiation: prf_md5sha1.c:br_skey_decoder_get_ec Unexecuted instantiation: prf.c:br_skey_decoder_get_ec Unexecuted instantiation: sysrng.c:br_skey_decoder_get_ec Unexecuted instantiation: hmac_drbg.c:br_skey_decoder_get_ec Unexecuted instantiation: hmac.c:br_skey_decoder_get_ec Unexecuted instantiation: shake.c:br_skey_decoder_get_ec Unexecuted instantiation: hkdf.c:br_skey_decoder_get_ec Unexecuted instantiation: sha2small.c:br_skey_decoder_get_ec Unexecuted instantiation: sha2big.c:br_skey_decoder_get_ec Unexecuted instantiation: sha1.c:br_skey_decoder_get_ec Unexecuted instantiation: md5sha1.c:br_skey_decoder_get_ec Unexecuted instantiation: md5.c:br_skey_decoder_get_ec Unexecuted instantiation: ghash_ctmul32.c:br_skey_decoder_get_ec Unexecuted instantiation: ecdsa_i31_vrfy_raw.c:br_skey_decoder_get_ec Unexecuted instantiation: ecdsa_i31_sign_raw.c:br_skey_decoder_get_ec Unexecuted instantiation: ecdsa_i31_bits.c:br_skey_decoder_get_ec Unexecuted instantiation: ecdsa_i15_vrfy_raw.c:br_skey_decoder_get_ec Unexecuted instantiation: ecdsa_i15_sign_raw.c:br_skey_decoder_get_ec Unexecuted instantiation: ecdsa_i15_bits.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_secp521r1.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_secp384r1.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_secp256r1.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_pubkey.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_prime_i31.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_prime_i15.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_p256_m64.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_p256_m62.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_p256_m31.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_p256_m15.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_keygen.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_default.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_c25519_m64.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_c25519_m62.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_c25519_m31.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_c25519_m15.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_c25519_i31.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_c25519_i15.c:br_skey_decoder_get_ec Unexecuted instantiation: ec_all_m31.c:br_skey_decoder_get_ec Unexecuted instantiation: enc64be.c:br_skey_decoder_get_ec Unexecuted instantiation: enc32le.c:br_skey_decoder_get_ec Unexecuted instantiation: enc32be.c:br_skey_decoder_get_ec Unexecuted instantiation: dec64be.c:br_skey_decoder_get_ec Unexecuted instantiation: dec32le.c:br_skey_decoder_get_ec Unexecuted instantiation: dec32be.c:br_skey_decoder_get_ec Unexecuted instantiation: ccopy.c:br_skey_decoder_get_ec Unexecuted instantiation: gcm.c:br_skey_decoder_get_ec Unexecuted instantiation: ccm.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_small_enc.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_ct_enc.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_ct64_enc.c:br_skey_decoder_get_ec Unexecuted instantiation: aes_big_enc.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_sub.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_rshift.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_ninv31.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_montmul.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_modpow.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_iszero.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_fmont.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_encode.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_decode.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_decmod.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_bitlen.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_add.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_sub.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_rshift.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_ninv15.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_montmul.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_modpow.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_iszero.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_fmont.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_encode.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_decode.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_decmod.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_bitlen.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_add.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_tmont.c:br_skey_decoder_get_ec Unexecuted instantiation: i31_muladd.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_tmont.c:br_skey_decoder_get_ec Unexecuted instantiation: i15_muladd.c:br_skey_decoder_get_ec Unexecuted instantiation: i32_div32.c:br_skey_decoder_get_ec |
1328 | | |
1329 | | /** |
1330 | | * \brief Encode an RSA private key (raw DER format). |
1331 | | * |
1332 | | * This function encodes the provided key into the "raw" format specified |
1333 | | * in PKCS#1 (RFC 8017, Appendix C, type `RSAPrivateKey`), with DER |
1334 | | * encoding rules. |
1335 | | * |
1336 | | * The key elements are: |
1337 | | * |
1338 | | * - `sk`: the private key (`p`, `q`, `dp`, `dq` and `iq`) |
1339 | | * |
1340 | | * - `pk`: the public key (`n` and `e`) |
1341 | | * |
1342 | | * - `d` (size: `dlen` bytes): the private exponent |
1343 | | * |
1344 | | * The public key elements, and the private exponent `d`, can be |
1345 | | * recomputed from the private key (see `br_rsa_compute_modulus()`, |
1346 | | * `br_rsa_compute_pubexp()` and `br_rsa_compute_privexp()`). |
1347 | | * |
1348 | | * If `dest` is not `NULL`, then the encoded key is written at that |
1349 | | * address, and the encoded length (in bytes) is returned. If `dest` is |
1350 | | * `NULL`, then nothing is written, but the encoded length is still |
1351 | | * computed and returned. |
1352 | | * |
1353 | | * \param dest the destination buffer (or `NULL`). |
1354 | | * \param sk the RSA private key. |
1355 | | * \param pk the RSA public key. |
1356 | | * \param d the RSA private exponent. |
1357 | | * \param dlen the RSA private exponent length (in bytes). |
1358 | | * \return the encoded key length (in bytes). |
1359 | | */ |
1360 | | size_t br_encode_rsa_raw_der(void *dest, const br_rsa_private_key *sk, |
1361 | | const br_rsa_public_key *pk, const void *d, size_t dlen); |
1362 | | |
1363 | | /** |
1364 | | * \brief Encode an RSA private key (PKCS#8 DER format). |
1365 | | * |
1366 | | * This function encodes the provided key into the PKCS#8 format |
1367 | | * (RFC 5958, type `OneAsymmetricKey`). It wraps around the "raw DER" |
1368 | | * format for the RSA key, as implemented by `br_encode_rsa_raw_der()`. |
1369 | | * |
1370 | | * The key elements are: |
1371 | | * |
1372 | | * - `sk`: the private key (`p`, `q`, `dp`, `dq` and `iq`) |
1373 | | * |
1374 | | * - `pk`: the public key (`n` and `e`) |
1375 | | * |
1376 | | * - `d` (size: `dlen` bytes): the private exponent |
1377 | | * |
1378 | | * The public key elements, and the private exponent `d`, can be |
1379 | | * recomputed from the private key (see `br_rsa_compute_modulus()`, |
1380 | | * `br_rsa_compute_pubexp()` and `br_rsa_compute_privexp()`). |
1381 | | * |
1382 | | * If `dest` is not `NULL`, then the encoded key is written at that |
1383 | | * address, and the encoded length (in bytes) is returned. If `dest` is |
1384 | | * `NULL`, then nothing is written, but the encoded length is still |
1385 | | * computed and returned. |
1386 | | * |
1387 | | * \param dest the destination buffer (or `NULL`). |
1388 | | * \param sk the RSA private key. |
1389 | | * \param pk the RSA public key. |
1390 | | * \param d the RSA private exponent. |
1391 | | * \param dlen the RSA private exponent length (in bytes). |
1392 | | * \return the encoded key length (in bytes). |
1393 | | */ |
1394 | | size_t br_encode_rsa_pkcs8_der(void *dest, const br_rsa_private_key *sk, |
1395 | | const br_rsa_public_key *pk, const void *d, size_t dlen); |
1396 | | |
1397 | | /** |
1398 | | * \brief Encode an EC private key (raw DER format). |
1399 | | * |
1400 | | * This function encodes the provided key into the "raw" format specified |
1401 | | * in RFC 5915 (type `ECPrivateKey`), with DER encoding rules. |
1402 | | * |
1403 | | * The private key is provided in `sk`, the public key being `pk`. If |
1404 | | * `pk` is `NULL`, then the encoded key will not include the public key |
1405 | | * in its `publicKey` field (which is nominally optional). |
1406 | | * |
1407 | | * If `dest` is not `NULL`, then the encoded key is written at that |
1408 | | * address, and the encoded length (in bytes) is returned. If `dest` is |
1409 | | * `NULL`, then nothing is written, but the encoded length is still |
1410 | | * computed and returned. |
1411 | | * |
1412 | | * If the key cannot be encoded (e.g. because there is no known OBJECT |
1413 | | * IDENTIFIER for the used curve), then 0 is returned. |
1414 | | * |
1415 | | * \param dest the destination buffer (or `NULL`). |
1416 | | * \param sk the EC private key. |
1417 | | * \param pk the EC public key (or `NULL`). |
1418 | | * \return the encoded key length (in bytes), or 0. |
1419 | | */ |
1420 | | size_t br_encode_ec_raw_der(void *dest, |
1421 | | const br_ec_private_key *sk, const br_ec_public_key *pk); |
1422 | | |
1423 | | /** |
1424 | | * \brief Encode an EC private key (PKCS#8 DER format). |
1425 | | * |
1426 | | * This function encodes the provided key into the PKCS#8 format |
1427 | | * (RFC 5958, type `OneAsymmetricKey`). The curve is identified |
1428 | | * by an OID provided as parameters to the `privateKeyAlgorithm` |
1429 | | * field. The private key value (contents of the `privateKey` field) |
1430 | | * contains the DER encoding of the `ECPrivateKey` type defined in |
1431 | | * RFC 5915, without the `parameters` field (since they would be |
1432 | | * redundant with the information in `privateKeyAlgorithm`). |
1433 | | * |
1434 | | * The private key is provided in `sk`, the public key being `pk`. If |
1435 | | * `pk` is not `NULL`, then the encoded public key is included in the |
1436 | | * `publicKey` field of the private key value (but not in the `publicKey` |
1437 | | * field of the PKCS#8 `OneAsymmetricKey` wrapper). |
1438 | | * |
1439 | | * If `dest` is not `NULL`, then the encoded key is written at that |
1440 | | * address, and the encoded length (in bytes) is returned. If `dest` is |
1441 | | * `NULL`, then nothing is written, but the encoded length is still |
1442 | | * computed and returned. |
1443 | | * |
1444 | | * If the key cannot be encoded (e.g. because there is no known OBJECT |
1445 | | * IDENTIFIER for the used curve), then 0 is returned. |
1446 | | * |
1447 | | * \param dest the destination buffer (or `NULL`). |
1448 | | * \param sk the EC private key. |
1449 | | * \param pk the EC public key (or `NULL`). |
1450 | | * \return the encoded key length (in bytes), or 0. |
1451 | | */ |
1452 | | size_t br_encode_ec_pkcs8_der(void *dest, |
1453 | | const br_ec_private_key *sk, const br_ec_public_key *pk); |
1454 | | |
1455 | | /** |
1456 | | * \brief PEM banner for RSA private key (raw). |
1457 | | */ |
1458 | | #define BR_ENCODE_PEM_RSA_RAW "RSA PRIVATE KEY" |
1459 | | |
1460 | | /** |
1461 | | * \brief PEM banner for EC private key (raw). |
1462 | | */ |
1463 | | #define BR_ENCODE_PEM_EC_RAW "EC PRIVATE KEY" |
1464 | | |
1465 | | /** |
1466 | | * \brief PEM banner for an RSA or EC private key in PKCS#8 format. |
1467 | | */ |
1468 | | #define BR_ENCODE_PEM_PKCS8 "PRIVATE KEY" |
1469 | | |
1470 | | #ifdef __cplusplus |
1471 | | } |
1472 | | #endif |
1473 | | |
1474 | | #endif |