Coverage Report

Created: 2023-11-19 07:08

/src/wolfssl/wolfcrypt/src/asn.c
Line
Count
Source (jump to first uncovered line)
1
/* asn.c
2
 *
3
 * Copyright (C) 2006-2023 wolfSSL Inc.
4
 *
5
 * This file is part of wolfSSL.
6
 *
7
 * wolfSSL is free software; you can redistribute it and/or modify
8
 * it under the terms of the GNU General Public License as published by
9
 * the Free Software Foundation; either version 2 of the License, or
10
 * (at your option) any later version.
11
 *
12
 * wolfSSL is distributed in the hope that it will be useful,
13
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15
 * GNU General Public License for more details.
16
 *
17
 * You should have received a copy of the GNU General Public License
18
 * along with this program; if not, write to the Free Software
19
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20
 */
21
22
/*
23
 * DESCRIPTION
24
 * This library provides the interface to Abstract Syntax Notation One (ASN.1)
25
 * objects.
26
 * ASN.1 is a standard interface description language for defining data
27
 * structures that can be serialized and deserialized in a cross-platform way.
28
 *
29
 * Encoding of ASN.1 is either using Basic Encoding Rules (BER) or
30
 * Distinguished Encoding Rules (DER). DER has only one possible encoding for a
31
 * ASN.1 description and the data.
32
 * Encode using DER and decode BER or DER.
33
 *
34
 * Provides routines to convert BER into DER. Replaces indefinite length
35
 * encoded items with explicit lengths.
36
 */
37
#ifdef HAVE_CONFIG_H
38
    #include <config.h>
39
#endif
40
41
#include <wolfssl/wolfcrypt/settings.h>
42
43
/*
44
ASN Options:
45
 * NO_ASN_TIME_CHECK: Disables ASN time checks (avoiding the ASN_BEFORE_DATE_E
46
 * and ASN_AFTER_DATE_E errors). Safer ways to avoid date errors would be to
47
 * set the WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY flag when calling the _ex versions of
48
 * cert loading functions or to define the WOLFSSL_NO_OCSP_DATE_CHECK macro to
49
 * skip OCSP date errors. Defining NO_ASN_TIME_CHECK will skip ALL date checks
50
 * and could pose a security risk.
51
 * NO_ASN_TIME: Disables time parts of the ASN code for systems without an RTC
52
    or wishing to save space.
53
 * IGNORE_NAME_CONSTRAINTS: Skip ASN name checks.
54
 * ASN_DUMP_OID: Allows dump of OID information for debugging.
55
 * RSA_DECODE_EXTRA: Decodes extra information in RSA public key.
56
 * WOLFSSL_CERT_GEN: Cert generation. Saves extra certificate info in GetName.
57
 * WOLFSSL_NO_ASN_STRICT: Disable strict RFC compliance checks to
58
    restore 3.13.0 behavior.
59
 * WOLFSSL_NO_OCSP_OPTIONAL_CERTS: Skip optional OCSP certs (responder issuer
60
    must still be trusted)
61
 * WOLFSSL_NO_TRUSTED_CERTS_VERIFY: Workaround for situation where entire cert
62
    chain is not loaded. This only matches on subject and public key and
63
    does not perform a PKI validation, so it is not a secure solution.
64
    Only enabled for OCSP.
65
 * WOLFSSL_NO_OCSP_ISSUER_CHECK: Can be defined for backwards compatibility to
66
    disable checking of https://www.rfc-editor.org/rfc/rfc6960#section-4.2.2.2.
67
 * WOLFSSL_SMALL_CERT_VERIFY: Verify the certificate signature without using
68
    DecodedCert. Doubles up on some code but allows smaller dynamic memory
69
    usage.
70
 * WOLFSSL_NO_OCSP_DATE_CHECK: Disable date checks for OCSP responses. This
71
    may be required when the system's real-time clock is not very accurate.
72
    It is recommended to enforce the nonce check instead if possible.
73
 * WOLFSSL_FORCE_OCSP_NONCE_CHECK: Require nonces to be available in OCSP
74
    responses. The nonces are optional and may not be supported by all
75
    responders. If it can be ensured that the used responder sends nonces this
76
    option may improve security.
77
 * WOLFSSL_ASN_TEMPLATE: Encoding and decoding using a template.
78
 * WOLFSSL_DEBUG_ASN_TEMPLATE: Enables debugging output when using ASN.1
79
    templates.
80
 * WOLFSSL_ASN_TEMPLATE_TYPE_CHECK: Use ASN functions to better test compiler
81
    type issues for testing
82
 * CRLDP_VALIDATE_DATA: For ASN template only, validates the reason data
83
 * WOLFSSL_AKID_NAME: Enable support for full AuthorityKeyIdentifier extension.
84
    Only supports copying full AKID from an existing certificate.
85
 * WOLFSSL_CUSTOM_OID: Enable custom OID support for subject and request
86
    extensions
87
 * WOLFSSL_HAVE_ISSUER_NAMES: Store pointers to issuer name components and their
88
    lengths and encodings.
89
 * WOLFSSL_SUBJ_DIR_ATTR: Enable support for SubjectDirectoryAttributes
90
    extension.
91
 * WOLFSSL_SUBJ_INFO_ACC: Enable support for SubjectInfoAccess extension.
92
 * WOLFSSL_FPKI: Enable support for FPKI (Federal PKI) extensions.
93
 * WOLFSSL_CERT_NAME_ALL: Adds more certificate name capability at the
94
    cost of taking up more memory. Adds initials, givenname, dnQualifer for
95
    example.
96
 * WC_ASN_HASH_SHA256: Force use of SHA2-256 for the internal hash ID calcs.
97
*/
98
99
#include <wolfssl/wolfcrypt/error-crypt.h>
100
#ifndef NO_RSA
101
    #include <wolfssl/wolfcrypt/rsa.h>
102
    #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL)
103
        extern int wc_InitRsaHw(RsaKey* key);
104
    #endif
105
#endif
106
107
#ifndef NO_ASN
108
109
#include <wolfssl/wolfcrypt/asn.h>
110
#include <wolfssl/wolfcrypt/coding.h>
111
#include <wolfssl/wolfcrypt/md2.h>
112
#include <wolfssl/wolfcrypt/hmac.h>
113
#include <wolfssl/wolfcrypt/pwdbased.h>
114
#include <wolfssl/wolfcrypt/des3.h>
115
#include <wolfssl/wolfcrypt/aes.h>
116
#include <wolfssl/wolfcrypt/rc2.h>
117
#include <wolfssl/wolfcrypt/wc_encrypt.h>
118
#include <wolfssl/wolfcrypt/logging.h>
119
120
#include <wolfssl/wolfcrypt/random.h>
121
#include <wolfssl/wolfcrypt/hash.h>
122
#ifdef NO_INLINE
123
    #include <wolfssl/wolfcrypt/misc.h>
124
#else
125
    #define WOLFSSL_MISC_INCLUDED
126
    #include <wolfcrypt/src/misc.c>
127
#endif
128
129
#ifndef NO_RC4
130
    #include <wolfssl/wolfcrypt/arc4.h>
131
#endif
132
133
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
134
    #include <wolfssl/wolfcrypt/sha512.h>
135
#endif
136
137
#ifndef NO_SHA256
138
    #include <wolfssl/wolfcrypt/sha256.h>
139
#endif
140
141
#ifdef HAVE_ECC
142
    #include <wolfssl/wolfcrypt/ecc.h>
143
#endif
144
145
#ifdef WOLFSSL_SM2
146
    #include <wolfssl/wolfcrypt/sm2.h>
147
#endif
148
149
#ifdef HAVE_ED25519
150
    #include <wolfssl/wolfcrypt/ed25519.h>
151
#endif
152
#ifdef HAVE_CURVE25519
153
    #include <wolfssl/wolfcrypt/curve25519.h>
154
#endif
155
156
#ifdef HAVE_ED448
157
    #include <wolfssl/wolfcrypt/ed448.h>
158
#endif
159
#ifdef HAVE_CURVE448
160
    #include <wolfssl/wolfcrypt/curve448.h>
161
#endif
162
163
#ifdef HAVE_PQC
164
    #if defined(HAVE_FALCON)
165
    #include <wolfssl/wolfcrypt/falcon.h>
166
    #endif
167
    #if defined(HAVE_DILITHIUM)
168
    #include <wolfssl/wolfcrypt/dilithium.h>
169
    #endif
170
    #if defined(HAVE_SPHINCS)
171
    #include <wolfssl/wolfcrypt/sphincs.h>
172
    #endif
173
#endif
174
175
#ifdef WOLFSSL_QNX_CAAM
176
    #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
177
#endif
178
179
#if defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_TSIP_TLS)
180
    #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
181
#endif
182
183
#ifndef NO_DSA
184
    #include <wolfssl/wolfcrypt/dsa.h>
185
#else
186
    typedef void* DsaKey;
187
#endif
188
189
#ifdef WOLF_CRYPTO_CB
190
    #include <wolfssl/wolfcrypt/cryptocb.h>
191
#endif
192
193
#ifndef WOLFCRYPT_ONLY
194
    #include <wolfssl/internal.h>
195
#endif
196
197
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
198
    #include <wolfssl/openssl/objects.h>
199
#endif
200
201
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
202
        !defined(WOLFCRYPT_ONLY)
203
    #define WOLFSSL_X509_NAME_AVAILABLE
204
#endif
205
206
#ifdef _MSC_VER
207
    /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */
208
    #pragma warning(disable: 4996)
209
#endif
210
211
0
#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
212
213
#if !defined(NO_SKID) && (!defined(HAVE_FIPS) || !defined(HAVE_FIPS_VERSION))
214
    #if !defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST) && \
215
                                   (!defined(HAVE_SELFTEST_VERSION) || \
216
                                    HAVE_SELFTEST_VERSION < 2))
217
    #ifndef WOLFSSL_AES_KEY_SIZE_ENUM
218
    #define WOLFSSL_AES_KEY_SIZE_ENUM
219
    enum Asn_Misc {
220
        AES_IV_SIZE         = 16,
221
        AES_128_KEY_SIZE    = 16,
222
        AES_192_KEY_SIZE    = 24,
223
        AES_256_KEY_SIZE    = 32
224
    };
225
    #endif
226
    #endif /* HAVE_SELFTEST */
227
#endif
228
229
#if defined(WOLFSSL_ASN_PRINT) || defined(WOLFSSL_DEBUG_ASN_TEMPLATE)
230
231
/* String representations of tags. */
232
static const char* tagString[4][32] = {
233
    /* Universal */
234
    {
235
        "EOC",
236
        "BOOLEAN",
237
        "INTEGER",
238
        "BIT STRING",
239
        "OCTET STRING",
240
        "NULL",
241
        "OBJECT ID",
242
        "ObjectDescriptor",
243
        "INSTANCE OF",
244
        "REAL",
245
        "ENUMERATED",
246
        "EMBEDDED PDV",
247
        "UT8String",
248
        "RELATIVE-OID",
249
        "(0x0e) 14",
250
        "(0x0f) 15",
251
        "SEQUENCE",
252
        "SET",
253
        "NumericString",
254
        "PrintableString",
255
        "T61String",
256
        "VideotexString",
257
        "IA5String",
258
        "UTCTime",
259
        "GeneralizedTime",
260
        "GraphicString",
261
        "ISO646String",
262
        "GeneralString",
263
        "UniversalString",
264
        "CHARACTER STRING",
265
        "BMPString",
266
        "(0x1f) 31",
267
    },
268
    /* Application */
269
    {
270
         "[A 0]",  "[A 1]",  "[A 2]",  "[A 3]",
271
         "[A 4]",  "[A 5]",  "[A 6]",  "[A 7]",
272
         "[A 8]",  "[A 9]", "[A 10]", "[A 11]",
273
        "[A 12]", "[A 13]", "[A 14]", "[A 15]",
274
        "[A 16]", "[A 17]", "[A 18]", "[A 19]",
275
        "[A 20]", "[A 21]", "[A 22]", "[A 23]",
276
        "[A 24]", "[A 25]", "[A 26]", "[A 27]",
277
        "[A 28]", "[A 20]", "[A 30]", "[A 31]"
278
    },
279
    /* Context-Specific */
280
    {
281
         "[0]",  "[1]",  "[2]",  "[3]",  "[4]",  "[5]",  "[6]",  "[7]",
282
         "[8]",  "[9]", "[10]", "[11]", "[12]", "[13]", "[14]", "[15]",
283
        "[16]", "[17]", "[18]", "[19]", "[20]", "[21]", "[22]", "[23]",
284
        "[24]", "[25]", "[26]", "[27]", "[28]", "[20]", "[30]", "[31]"
285
    },
286
    /* Private */
287
    {
288
         "[P 0]",  "[P 1]",  "[P 2]",  "[P 3]",
289
         "[P 4]",  "[P 5]",  "[P 6]",  "[P 7]",
290
         "[P 8]",  "[P 9]", "[P 10]", "[P 11]",
291
        "[P 12]", "[P 13]", "[P 14]", "[P 15]",
292
        "[P 16]", "[P 17]", "[P 18]", "[P 19]",
293
        "[P 20]", "[P 21]", "[P 22]", "[P 23]",
294
        "[P 24]", "[P 25]", "[P 26]", "[P 27]",
295
        "[P 28]", "[P 20]", "[P 30]", "[P 31]"
296
    }
297
};
298
299
/* Converts a tag byte to string.
300
 *
301
 * @param [in] tag  BER tag value to interpret.
302
 * @return  String corresponding to tag.
303
 */
304
static const char* TagString(byte tag)
305
0
{
306
0
    return tagString[tag >> 6][tag & ASN_TYPE_MASK];
307
0
}
308
309
#endif
310
311
312
/* Calculates the minimum number of bytes required to encode the value.
313
 *
314
 * Only support up to 2^24-1.
315
 *
316
 * @param [in] value  Value to be encoded.
317
 * @return  Number of bytes to encode value.
318
 */
319
static word32 BytePrecision(word32 value)
320
304
{
321
304
    word32 i;
322
903
    for (i = (word32)sizeof(value) - 1; i; --i)
323
903
        if (value >> ((i - 1) * WOLFSSL_BIT_SIZE))
324
304
            break;
325
326
304
    return i;
327
304
}
328
329
/* DER encodes the length value in output buffer.
330
 *
331
 *    0 ->  2^7-1: <len byte>.
332
 *  2^7 ->       : <0x80 + #bytes> <len big-endian bytes>
333
 *
334
 * @param [in]      length  Value to encode.
335
 * @param [in, out] output  Buffer to encode into.
336
 * @return  Number of bytes used in encoding.
337
 */
338
WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output)
339
1.62k
{
340
1.62k
    word32 i = 0;
341
342
1.62k
    if (length < ASN_LONG_LENGTH)
343
1.52k
        output[i++] = (byte)length;
344
94
    else {
345
94
        word32 j;
346
347
94
        output[i++] = (byte)(BytePrecision(length) | ASN_LONG_LENGTH);
348
349
188
        for (j = BytePrecision(length); j; --j) {
350
94
            output[i] = (byte)(length >> ((j - 1) * WOLFSSL_BIT_SIZE));
351
94
            i++;
352
94
        }
353
94
    }
354
355
1.62k
    return i;
356
1.62k
}
357
358
#ifdef WOLFSSL_ASN_TEMPLATE
359
/* Calculate the size of a DER encoded length value.
360
 *
361
 *    0 ->  2^7-1: <length byte>.
362
 *  2^7 ->       : <0x80 + #bytes> <big-endian length bytes>
363
 *
364
 * @param [in] length  Value to encode.
365
 * @return  Number of bytes required to encode.
366
 */
367
static word32 SizeASNLength(word32 length)
368
1.68k
{
369
1.68k
    return 1 + ((length >= ASN_LONG_LENGTH) ? BytePrecision(length) : 0);
370
1.68k
}
371
372
/* Calculate the size of a DER encoded header.
373
 *
374
 * Header = Tag | Encoded length
375
 *
376
 * @param [in] length  Length value to encode.
377
 * @return  Number of bytes required to encode a DER header.
378
 */
379
#define SizeASNHeader(length) \
380
1.68k
    (1 + SizeASNLength(length))
381
#endif
382
383
#ifdef WOLFSSL_ASN_TEMPLATE
384
#ifdef WOLFSSL_SMALL_STACK
385
    /* Declare the variable that is the dynamic data for decoding BER data.
386
     *
387
     * @param [in] name  Variable name to declare.
388
     * @param [in] cnt   Number of elements required.
389
     */
390
    #define DECL_ASNGETDATA(name, cnt)                                         \
391
0
        ASNGetData* name = NULL
392
393
    /* Allocates the dynamic BER decoding data.
394
     *
395
     * @param [in]      name  Variable name to declare.
396
     * @param [in]      cnt   Number of elements required.
397
     * @param [in, out] err   Error variable.
398
     * @param [in]      heap  Dynamic memory allocation hint.
399
     */
400
    #define ALLOC_ASNGETDATA(name, cnt, err, heap)                             \
401
0
    do {                                                                       \
402
0
        if ((err) == 0) {                                                      \
403
0
            (name) = (ASNGetData*)XMALLOC(sizeof(ASNGetData) * (cnt), (heap),  \
404
0
                                        DYNAMIC_TYPE_TMP_BUFFER);              \
405
0
            if ((name) == NULL) {                                              \
406
0
                (err) = MEMORY_E;                                              \
407
0
            }                                                                  \
408
0
        }                                                                      \
409
0
    }                                                                          \
410
0
    while (0)
411
412
    /* Allocates the dynamic BER decoding data and clears the memory.
413
     *
414
     * @param [in]      name  Variable name to declare.
415
     * @param [in]      cnt   Number of elements required.
416
     * @param [in, out] err   Error variable.
417
     * @param [in]      heap  Dynamic memory allocation hint.
418
     */
419
    #define CALLOC_ASNGETDATA(name, cnt, err, heap)                            \
420
0
    do {                                                                       \
421
0
        ALLOC_ASNGETDATA(name, cnt, err, heap);                                \
422
0
        if ((err) == 0) {                                                      \
423
0
            XMEMSET((name), 0, sizeof(ASNGetData) * (cnt));                    \
424
0
        }                                                                      \
425
0
    }                                                                          \
426
0
    while (0)
427
428
    /* Disposes of the dynamic BER decoding data.
429
     *
430
     * @param [in]      name  Variable name to declare.
431
     * @param [in]      heap  Dynamic memory allocation hint.
432
     */
433
    #define FREE_ASNGETDATA(name, heap)                                        \
434
0
    do {                                                                       \
435
0
        if ((name) != NULL) {                                                  \
436
0
            XFREE((name), (heap), DYNAMIC_TYPE_TMP_BUFFER);                    \
437
0
        }                                                                      \
438
0
    }                                                                          \
439
0
    while (0)
440
441
    /* Declare the variable that is the dynamic data for encoding DER data.
442
     *
443
     * @param [in] name  Variable name to declare.
444
     * @param [in] cnt   Number of elements required.
445
     */
446
    #define DECL_ASNSETDATA(name, cnt)                                         \
447
0
        ASNSetData* name = NULL
448
449
    /* Allocates the dynamic DER encoding data.
450
     *
451
     * @param [in]      name  Variable name to declare.
452
     * @param [in]      cnt   Number of elements required.
453
     * @param [in, out] err   Error variable.
454
     * @param [in]      heap  Dynamic memory allocation hint.
455
     */
456
    #define ALLOC_ASNSETDATA(name, cnt, err, heap)                             \
457
0
    do {                                                                       \
458
0
        if ((err) == 0) {                                                      \
459
0
            (name) = (ASNSetData*)XMALLOC(sizeof(ASNGetData) * (cnt), (heap),  \
460
0
                                    DYNAMIC_TYPE_TMP_BUFFER);                  \
461
0
            if ((name) == NULL) {                                              \
462
0
                (err) = MEMORY_E;                                              \
463
0
            }                                                                  \
464
0
        }                                                                      \
465
0
    }                                                                          \
466
0
    while (0)
467
468
    /* Allocates the dynamic DER encoding data and clears the memory.
469
     *
470
     * @param [in]      name  Variable name to declare.
471
     * @param [in]      cnt   Number of elements required.
472
     * @param [in, out] err   Error variable.
473
     * @param [in]      heap  Dynamic memory allocation hint.
474
     */
475
    #define CALLOC_ASNSETDATA(name, cnt, err, heap)                            \
476
0
    do {                                                                       \
477
0
        ALLOC_ASNSETDATA(name, cnt, err, heap);                                \
478
0
        if ((err) == 0) {                                                      \
479
0
            XMEMSET(name, 0, sizeof(ASNSetData) * (cnt));                      \
480
0
        }                                                                      \
481
0
    }                                                                          \
482
0
    while (0)
483
484
    /* Disposes of the dynamic DER encoding data.
485
     *
486
     * @param [in]      name  Variable name to declare.
487
     * @param [in]      heap  Dynamic memory allocation hint.
488
     */
489
    #define FREE_ASNSETDATA(name, heap)                                        \
490
0
    do {                                                                       \
491
0
        if ((name) != NULL) {                                                  \
492
0
            XFREE(name, heap, DYNAMIC_TYPE_TMP_BUFFER);                        \
493
0
        }                                                                      \
494
0
    }                                                                          \
495
0
    while (0)
496
#else
497
    /* Declare the variable that is the dynamic data for decoding BER data.
498
     *
499
     * @param [in] name  Variable name to declare.
500
     * @param [in] cnt   Number of elements required.
501
     */
502
    #define DECL_ASNGETDATA(name, cnt)                  \
503
        ASNGetData name[cnt]
504
505
    /* No implementation as declaration is static.
506
     *
507
     * @param [in]      name  Variable name to declare.
508
     * @param [in]      cnt   Number of elements required.
509
     * @param [in, out] err   Error variable.
510
     * @param [in]      heap  Dynamic memory allocation hint.
511
     */
512
    #define ALLOC_ASNGETDATA(name, cnt, err, heap)
513
514
    /* Clears the memory of the dynamic BER encoding data.
515
     *
516
     * @param [in]      name  Variable name to declare.
517
     * @param [in]      cnt   Number of elements required.
518
     * @param [in, out] err   Error variable.
519
     * @param [in]      heap  Dynamic memory allocation hint.
520
     */
521
    #define CALLOC_ASNGETDATA(name, cnt, err, heap)     \
522
        XMEMSET(name, 0, sizeof(name))
523
524
    /* No implementation as declaration is static.
525
     *
526
     * @param [in]      name  Variable name to declare.
527
     * @param [in]      heap  Dynamic memory allocation hint.
528
     */
529
    #define FREE_ASNGETDATA(name, heap)
530
531
    /* Declare the variable that is the dynamic data for encoding DER data.
532
     *
533
     * @param [in] name  Variable name to declare.
534
     * @param [in] cnt   Number of elements required.
535
     */
536
    #define DECL_ASNSETDATA(name, cnt)                  \
537
        ASNSetData name[cnt]
538
539
    /* No implementation as declaration is static.
540
     *
541
     * @param [in]      name  Variable name to declare.
542
     * @param [in]      cnt   Number of elements required.
543
     * @param [in, out] err   Error variable.
544
     * @param [in]      heap  Dynamic memory allocation hint.
545
     */
546
    #define ALLOC_ASNSETDATA(name, cnt, err, heap)
547
548
    /* Clears the memory of the dynamic BER encoding data.
549
     *
550
     * @param [in]      name  Variable name to declare.
551
     * @param [in]      cnt   Number of elements required.
552
     * @param [in, out] err   Error variable.
553
     * @param [in]      heap  Dynamic memory allocation hint.
554
     */
555
    #define CALLOC_ASNSETDATA(name, cnt, err, heap)     \
556
        XMEMSET(name, 0, sizeof(name))
557
558
    /* No implementation as declaration is static.
559
     *
560
     * @param [in]      name  Variable name to declare.
561
     * @param [in]      heap  Dynamic memory allocation hint.
562
     */
563
    #define FREE_ASNSETDATA(name, heap)
564
#endif
565
566
567
#ifdef DEBUG_WOLFSSL
568
    /* Enable this when debugging the parsing or creation of ASN.1 data. */
569
    #if 0
570
        #define WOLFSSL_DEBUG_ASN_TEMPLATE
571
    #endif
572
#endif
573
574
#ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
575
576
#include <stdarg.h>
577
578
/* Log a message that has the printf format string.
579
 *
580
 * @param [in] <va_args>  printf style arguments.
581
 */
582
#define WOLFSSL_MSG_VSNPRINTF(...)                    \
583
    do {                                              \
584
      char line[81];                                  \
585
      snprintf(line, sizeof(line) - 1, __VA_ARGS__);  \
586
      line[sizeof(line) - 1] = '\0';                  \
587
      WOLFSSL_MSG(line);                              \
588
    }                                                 \
589
    while (0)
590
#endif
591
592
/* Returns whether ASN.1 item is an integer and the Most-Significant Bit is set.
593
 *
594
 * @param [in] asn     ASN.1 items to encode.
595
 * @param [in] data_a  Data to place in each item. Lengths set were not known.
596
 * @param [in] i       Index of item to check.
597
 * @return  1 when ASN.1 item is an integer and MSB is 1.
598
 * @erturn  0 otherwise.
599
 */
600
#define ASNIntMSBSet(asn, data_a, i)                  \
601
1.64k
    (((asn)[i].tag == ASN_INTEGER) &&                 \
602
1.64k
      ((data_a)[i].data.buffer.data != NULL &&        \
603
0
      ((data_a)[i].data.buffer.data[0] & 0x80) == 0x80))
604
605
606
/* Calculate the size of a DER encoded number.
607
 *
608
 * @param [in] n     Number to be encoded.
609
 * @param [in] bits  Maximum number of bits to encode.
610
 * @param [in] tag   BER tag e.g. INTEGER, BIT_STRING, etc.
611
 * @return  Number of bytes to the ASN.1 item.
612
 */
613
static word32 SizeASN_Num(word32 n, int bits, byte tag)
614
0
{
615
0
    int    j;
616
0
    word32 len;
617
618
0
    len = 1 + 1 + (word32)bits / 8;
619
    /* Discover actual size by checking for high zeros. */
620
0
    for (j = bits - 8; j > 0; j -= 8) {
621
0
        if (n >> j)
622
0
            break;
623
0
        len--;
624
0
    }
625
0
    if (tag == ASN_BIT_STRING)
626
0
        len++;
627
0
    else if ((tag == ASN_INTEGER) && (((n >> j) & 0x80) == 0x80))
628
0
        len++;
629
630
0
    return len;
631
0
}
632
633
/* Calculate the size of the data in the constructed item based on the
634
 * length of the ASN.1 items below.
635
 *
636
 * @param [in]      asn    ASN.1 items to encode.
637
 * @param [in, out] data   Data to place in each item. Lengths set were not
638
 *                         known.
639
 * @param [in]      idx    Index of item working on.
640
 */
641
static void SizeASN_CalcDataLength(const ASNItem* asn, ASNSetData *data,
642
                                   int idx, int max)
643
562
{
644
562
    int j;
645
646
562
    data[idx].data.buffer.length = 0;
647
    /* Sum the item length of all items underneath. */
648
1.68k
    for (j = idx + 1; j < max; j++) {
649
        /* Stop looking if the next ASN.1 is same level or higher. */
650
1.12k
        if (asn[j].depth <= asn[idx].depth)
651
0
            break;
652
        /* Only add in length if it is one level below. */
653
1.12k
        if (asn[j].depth - 1 == asn[idx].depth) {
654
1.12k
            data[idx].data.buffer.length += data[j].length;
655
            /* The length of a header only item doesn't include the data unless
656
             * a replacement buffer is supplied.
657
             */
658
1.12k
            if (asn[j].headerOnly && data[j].data.buffer.data == NULL &&
659
1.12k
                    data[j].dataType != ASN_DATA_TYPE_REPLACE_BUFFER) {
660
0
                data[idx].data.buffer.length += data[j].data.buffer.length;
661
0
            }
662
1.12k
        }
663
1.12k
    }
664
562
}
665
666
/* Calculate the size of the DER encoding.
667
 *
668
 * Call SetASN_Items() to write encoding to a buffer.
669
 *
670
 * @param [in]      asn    ASN.1 items to encode.
671
 * @param [in, out] data   Data to place in each item. Lengths set where not
672
 *                         known.
673
 * @param [in]      count  Count of items to encode.
674
 * @param [out]     encSz  Length of the DER encoding.
675
 * @return  0 on success.
676
 * @return  BAD_STATE_E when the data type is not supported.
677
 */
678
int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, int* encSz)
679
562
{
680
562
    int    i;
681
562
    word32 sz = 0;
682
562
    word32 len;
683
562
    word32 dataLen;
684
562
    int    length;
685
686
#ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
687
    WOLFSSL_ENTER("SizeASN_Items");
688
#endif
689
690
2.24k
    for (i = count - 1; i >= 0; i--) {
691
        /* Skip this ASN.1 item when encoding. */
692
1.68k
        if (data[i].noOut) {
693
            /* Set the offset to the current size - used in writing DER. */
694
0
            data[i].offset = sz;
695
0
            continue;
696
0
        }
697
698
1.68k
        len = 0;
699
1.68k
        switch (data[i].dataType) {
700
            /* Calculate the size of the number of different sizes. */
701
0
            case ASN_DATA_TYPE_WORD8:
702
0
                len = SizeASN_Num(data[i].data.u8, 8, asn[i].tag);
703
0
                break;
704
0
            case ASN_DATA_TYPE_WORD16:
705
0
                len = SizeASN_Num(data[i].data.u16, 16, asn[i].tag);
706
0
                break;
707
        #ifdef WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
708
            /* Not used yet! */
709
            case ASN_DATA_TYPE_WORD32:
710
                len = SizeASN_Num(data[i].data.u32, 32, asn[i].tag);
711
                break;
712
        #endif
713
714
1.12k
            case ASN_DATA_TYPE_MP:
715
                /* Calculate the size of the MP integer data. */
716
1.12k
                length = mp_unsigned_bin_size(data[i].data.mp);
717
1.12k
                length += mp_leading_bit(data[i].data.mp) ? 1 : 0;
718
1.12k
                len = (word32)SizeASNHeader((word32)length) + (word32)length;
719
1.12k
                break;
720
721
0
            case ASN_DATA_TYPE_REPLACE_BUFFER:
722
                /* Buffer is put in directly - use the length. */
723
0
                len = data[i].data.buffer.length;
724
0
                break;
725
726
562
            case ASN_DATA_TYPE_NONE:
727
                /* Calculate the size based on the data to be included.
728
                 * Mostly used for constructed items.
729
                 */
730
562
                if (asn[i].headerOnly) {
731
562
                    if (data[i].data.buffer.data != NULL) {
732
                        /* Force all child nodes to be ignored. Buffer
733
                         * overwrites children. */
734
0
                        {
735
0
                            int ii;
736
0
                            for (ii = i + 1; ii < count; ii++) {
737
0
                                if (asn[ii].depth <= asn[i].depth)
738
0
                                    break;
739
0
                                sz -= data[ii].length;
740
0
                                data[ii].noOut = 1;
741
0
                            }
742
0
                        }
743
0
                    }
744
562
                    else {
745
                        /* Calculate data length from items below if no buffer
746
                         * supplied. */
747
562
                        SizeASN_CalcDataLength(asn, data, i, count);
748
562
                    }
749
562
                }
750
562
                if (asn[i].tag == ASN_BOOLEAN) {
751
0
                    dataLen = 1;
752
0
                }
753
562
                else {
754
562
                    dataLen = data[i].data.buffer.length;
755
562
                }
756
                /* BIT_STRING and INTEGER have one byte prepended. */
757
562
                if ((asn[i].tag == ASN_BIT_STRING) ||
758
562
                                                   ASNIntMSBSet(asn, data, i)) {
759
0
                    dataLen++;
760
                    /* ASN.1 items are below and cannot include extra byte. */
761
0
                    if (asn[i].headerOnly) {
762
0
                        len++;
763
0
                    }
764
0
                }
765
                /* Add in the size of tag and length. */
766
562
                len += SizeASNHeader(dataLen);
767
                /* Include data in length if not header only or if
768
                 * buffer supplied. */
769
562
                if (!asn[i].headerOnly || data[i].data.buffer.data != NULL) {
770
0
                    len += dataLen;
771
0
                }
772
562
                break;
773
774
        #ifdef DEBUG_WOLFSSL
775
            default:
776
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
777
                WOLFSSL_MSG_VSNPRINTF("%2d: %d", i, data[i].dataType);
778
                WOLFSSL_MSG("Bad data type");
779
            #endif
780
                return BAD_STATE_E;
781
        #endif
782
1.68k
        }
783
784
        /* Set the total length of the item. */
785
1.68k
        data[i].length = len;
786
        /* Add length to total size. */
787
1.68k
        sz += len;
788
        /* Set the offset to the current size - used in writing DER. */
789
1.68k
        data[i].offset = sz;
790
791
    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
792
        WOLFSSL_MSG_VSNPRINTF("%2d: %4d %4d %c %*s %-16s", i,
793
                data[i].offset, data[i].length, asn[i].constructed ? '+' : ' ',
794
                asn[i].depth, "", TagString(asn[i].tag));
795
    #endif
796
1.68k
    }
797
798
562
    *encSz = (int)sz;
799
562
    return 0;
800
562
}
801
802
/* Create the DER encoding of a number.
803
 *
804
 * Assumes that the out buffer is large enough for encoding.
805
 *
806
 * @param [in] n     Number to be encoded.
807
 * @param [in] bits  Maximum number of bits to encode.
808
 * @param [in] tag   DER tag e.g. INTEGER, BIT_STRING, etc.
809
 */
810
static void SetASN_Num(word32 n, int bits, byte* out, byte tag)
811
0
{
812
0
    int    j;
813
0
    word32 idx;
814
0
    byte   len;
815
816
    /* Encoding: Tag (1 byte) | Length (1 byte) | Data (number) */
817
818
    /* Data will start at index 2 unless BIT_STRING or INTEGER */
819
0
    idx = 2;
820
821
    /* Set the length of the number based on maximum bit length. */
822
0
    len = (byte)(bits / 8);
823
    /* Discover actual size by checking for leading zero bytes. */
824
0
    for (j = bits - 8; j > 0; j -= 8) {
825
0
        if ((n >> j) != 0) {
826
0
            break;
827
0
        }
828
0
        len--;
829
0
    }
830
    /* Keep j, index of first non-zero byte, for writing out. */
831
832
    /* A BIT_STRING has the number of unused bits in last byte prepended to
833
     * data.
834
     */
835
0
    if (tag == ASN_BIT_STRING) {
836
0
        byte unusedBits = 0;
837
0
        byte lastByte = (byte)(n >> j);
838
839
        /* Quick check last bit. */
840
0
        if ((lastByte & 0x01) == 0x00) {
841
0
            unusedBits++;
842
            /* Check each bit for first least significant bit set. */
843
0
            while (((lastByte >> unusedBits) & 0x01) == 0x00)
844
0
                unusedBits++;
845
0
        }
846
        /* Add unused bits byte. */
847
0
        len++;
848
0
        out[idx++] = unusedBits;
849
0
    }
850
851
    /* An INTEGER has a prepended byte if MSB of number is 1 - makes encoded
852
     * value positive. */
853
0
    if ((tag == ASN_INTEGER) && (((n >> j) & 0x80) == 0x80)) {
854
0
        len++;
855
0
        out[idx++] = 0;
856
0
    }
857
858
    /* Go back and put in length. */
859
0
    out[1] = len;
860
    /* Place in the required bytes of the number. */
861
0
    for (; j >= 0; j -= 8)
862
0
        out[idx++] = (byte)(n >> j);
863
0
}
864
865
/* Creates the DER encoding of the ASN.1 items.
866
 *
867
 * Assumes the output buffer is large enough to hold encoding.
868
 * Must call SizeASN_Items() to determine size of encoding and offsets.
869
 *
870
 * @param [in]      asn     ASN.1 items to encode.
871
 * @param [in]      data    Data to place in each item.
872
 * @param [in]      count   Count of items to encode.
873
 * @param [in, out] output  Buffer to write encoding into.
874
 * @return  Size of the DER encoding in bytes.
875
 */
876
int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count, byte* output)
877
541
{
878
541
    int    i;
879
541
    int    length;
880
541
    int    err;
881
541
    word32 sz;
882
541
    word32 idx;
883
541
    byte*  out;
884
885
#ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
886
    WOLFSSL_ENTER("SetASN_Items");
887
#endif
888
889
    /* Offset of first item is the total length.
890
     * SizeASN_Items() calculated this. */
891
541
    sz = data[0].offset;
892
893
    /* Write out each item. */
894
2.16k
    for (i = 0; i < count; i++) {
895
        /* Skip items not writing out. */
896
1.62k
        if (data[i].noOut)
897
0
            continue;
898
899
        /* Start position to write item based on reverse offsets. */
900
1.62k
        out = output + sz - data[i].offset;
901
        /* Index from start of item out. */
902
1.62k
        idx = 0;
903
904
1.62k
        if (data[i].dataType != ASN_DATA_TYPE_REPLACE_BUFFER) {
905
            /* Put in the tag - not dumping in DER from buffer. */
906
1.62k
            out[idx++] = asn[i].tag |
907
1.62k
                         (asn[i].constructed ? ASN_CONSTRUCTED : 0);
908
1.62k
        }
909
910
    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
911
        WOLFSSL_MSG_VSNPRINTF("%2d: %4d %4d %c %*s %-16s", i,
912
                sz - data[i].offset,
913
                data[i].length, asn[i].constructed ? '+' : ' ', asn[i].depth,
914
                "", TagString(asn[i].tag));
915
    #endif
916
917
1.62k
        switch (data[i].dataType) {
918
            /* Write out the length and data of a number. */
919
0
            case ASN_DATA_TYPE_WORD8:
920
0
                SetASN_Num(data[i].data.u8, 8, out, asn[i].tag);
921
0
                break;
922
0
            case ASN_DATA_TYPE_WORD16:
923
0
                SetASN_Num(data[i].data.u16, 16, out, asn[i].tag);
924
0
                break;
925
        #ifdef WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
926
            /* Not used yet! */
927
            case ASN_DATA_TYPE_WORD32:
928
                SetASN_Num(data[i].data.u32, 32, out, asn[i].tag);
929
                break;
930
        #endif
931
932
            /* Write out the length and data of a multi-precision number. */
933
1.08k
            case ASN_DATA_TYPE_MP:
934
                /* Get length in bytes. */
935
1.08k
                length = mp_unsigned_bin_size(data[i].data.mp);
936
                /* Add one for leading zero to make encoding a positive num. */
937
1.08k
                length += mp_leading_bit(data[i].data.mp) ? 1 : 0;
938
                /* Write out length. */
939
1.08k
                idx += SetASNLength((word32)length, out + idx);
940
                /* Write out leading zero to make positive. */
941
1.08k
                if (mp_leading_bit(data[i].data.mp)) {
942
416
                    out[idx++] = 0;
943
416
                }
944
                /* Encode number in big-endian byte array. */
945
1.08k
                err = mp_to_unsigned_bin(data[i].data.mp, out + idx);
946
1.08k
                if (err != MP_OKAY) {
947
0
                    WOLFSSL_MSG("SetASN_Items: Failed to write mp_int");
948
0
                    return MP_TO_E;
949
0
                }
950
1.08k
                break;
951
952
1.08k
            case ASN_DATA_TYPE_REPLACE_BUFFER:
953
0
                if (data[i].data.buffer.data == NULL) {
954
                    /* Return pointer for caller to use. */
955
0
                    data[i].data.buffer.data = out + idx;
956
0
                }
957
0
                else {
958
                    /* Dump in the DER encoded data. */
959
0
                    XMEMCPY(out + idx, data[i].data.buffer.data,
960
0
                            data[i].data.buffer.length);
961
0
                }
962
0
                break;
963
964
541
            case ASN_DATA_TYPE_NONE:
965
541
                if (asn[i].tag == ASN_BOOLEAN) {
966
                    /* Always one byte of data. */
967
0
                    out[idx++] = 1;
968
                    /* TRUE = 0xff, FALSE = 0x00 */
969
0
                    out[idx] = data[i].data.u8 ? 0xffU : 0x00U;
970
0
                }
971
541
                else if (asn[i].tag == ASN_TAG_NULL) {
972
                    /* NULL tag is always a zero length item. */
973
0
                    out[idx] = 0;
974
0
                }
975
541
                else {
976
541
                    word32 dataLen = data[i].data.buffer.length;
977
                    /* Add one to data length for BIT_STRING unused bits and
978
                     * INTEGER leading zero to make positive.
979
                     */
980
541
                    if ((asn[i].tag == ASN_BIT_STRING) ||
981
541
                                                   ASNIntMSBSet(asn, data, i)) {
982
0
                        dataLen++;
983
0
                    }
984
                    /* Write out length. */
985
541
                    idx += SetASNLength(dataLen, out + idx);
986
541
                    if ((asn[i].tag == ASN_BIT_STRING) ||
987
541
                                                   ASNIntMSBSet(asn, data, i)) {
988
                       /* Write out leading byte. BIT_STRING has no unused bits
989
                        * - use number data types if needed. */
990
0
                        out[idx++] = 0x00;
991
0
                    }
992
                    /* Record pointer for caller if data not supplied. */
993
541
                    if (data[i].data.buffer.data == NULL) {
994
541
                        data[i].data.buffer.data = out + idx;
995
541
                    }
996
                    /* Copy supplied data if not putting out header only or
997
                     * if buffer supplied. */
998
0
                    else if (!asn[i].headerOnly ||
999
0
                            data[i].data.buffer.data != NULL) {
1000
                        /* Allow data to come from output buffer. */
1001
0
                        XMEMMOVE(out + idx, data[i].data.buffer.data,
1002
0
                                 data[i].data.buffer.length);
1003
0
                    }
1004
541
                }
1005
541
                break;
1006
1007
        #ifdef DEBUG_WOLFSSL
1008
            default:
1009
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1010
                WOLFSSL_MSG_VSNPRINTF("Bad data type: %d", data[i].dataType);
1011
            #endif
1012
                return BAD_STATE_E;
1013
        #endif
1014
1.62k
        }
1015
1.62k
    }
1016
1017
541
    return (int)sz;
1018
541
}
1019
1020
1021
static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
1022
                  word32 oidType, int length);
1023
1024
/* Maximum supported depth in ASN.1 description. */
1025
#define GET_ASN_MAX_DEPTH          7
1026
/* Maximum number of checked numbered choices. Only one of the items with the
1027
 * number is allowed.
1028
 */
1029
2.29k
#define GET_ASN_MAX_CHOICES        2
1030
1031
/* Use existing function to decode BER length encoding. */
1032
2.30k
#define GetASN_Length GetLength_ex
1033
1034
/* Check an INTEGER's first byte - must be a positive number.
1035
 *
1036
 * @param [in] input    BER encoded data.
1037
 * @param [in] idx      Index of BIT_STRING data.
1038
 * @param [in] length   Length of input data.
1039
 * @param [in] positive Indicates number must be positive.
1040
 * @return  0 on success.
1041
 * @return  ASN_PARSE_E when 0 is not required but seen.
1042
 * @return  ASN_EXPECT_0_E when 0 is required and not seen.
1043
 */
1044
static int GetASN_Integer(const byte* input, word32 idx, int length,
1045
                          int positive)
1046
1.53k
{
1047
1.53k
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) || \
1048
1.53k
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
1049
    /* Check contents consist of one or more octets. */
1050
1.53k
    if (length == 0) {
1051
0
        WOLFSSL_MSG("Zero length INTEGER not allowed");
1052
0
        return ASN_PARSE_E;
1053
0
    }
1054
1.53k
#endif
1055
1.53k
    if (input[idx] == 0) {
1056
        /* Check leading zero byte required. */
1057
602
        if ((length > 1) && ((input[idx + 1] & 0x80) == 0)) {
1058
0
            WOLFSSL_MSG("Zero not required on INTEGER");
1059
0
        #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
1060
0
            return ASN_PARSE_E;
1061
0
        #endif
1062
0
        }
1063
602
    }
1064
    /* Check whether a leading zero byte was required. */
1065
935
    else if (positive && (input[idx] & 0x80)) {
1066
0
        WOLFSSL_MSG("INTEGER is negative");
1067
0
    #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
1068
0
        return ASN_EXPECT_0_E;
1069
0
    #endif /* WOLFSSL_ASN_INT_LEAD_0_ANY */
1070
0
    }
1071
1072
1.53k
    return 0;
1073
1.53k
}
1074
1075
/* Check a BIT_STRING's first byte - unused bits.
1076
 *
1077
 * @param [in] input   BER encoded data.
1078
 * @param [in] idx     Index of BIT_STRING data.
1079
 * @param [in] length  Length of input data.
1080
 * @return  0 on success.
1081
 * @return  ASN_PARSE_E when unused bits is invalid.
1082
 */
1083
static int GetASN_BitString(const byte* input, word32 idx, int length)
1084
0
{
1085
0
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) || \
1086
0
    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
1087
    /* Check contents consist of one or more octets. */
1088
0
    if (length == 0) {
1089
    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1090
        WOLFSSL_MSG("Zero length BIT STRING not allowed");
1091
    #endif
1092
0
        return ASN_PARSE_E;
1093
0
    }
1094
0
#endif
1095
    /* Ensure unused bits value is valid range. */
1096
0
    if (input[idx] > 7) {
1097
    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1098
        WOLFSSL_MSG_VSNPRINTF("BIT STRING unused bits too big: %d > 7",
1099
                input[idx]);
1100
    #endif
1101
0
        return ASN_PARSE_E;
1102
0
    }
1103
    /* Ensure unused bits are zero. */
1104
0
    if ((byte)(input[idx + (word32)length - 1] << (8 - input[idx])) != 0) {
1105
    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1106
        WOLFSSL_MSG_VSNPRINTF("BIT STRING unused bits used: %d %02x",
1107
                input[idx], input[idx + length - 1]);
1108
    #endif
1109
0
        return ASN_PARSE_E;
1110
0
    }
1111
1112
0
    return 0;
1113
0
}
1114
1115
/* Get the ASN.1 items from the BER encoding.
1116
 *
1117
 * @param [in] asn         ASN.1 item expected.
1118
 * @param [in] data        Data array to place found item into.
1119
 * @param [in] input       BER encoded data.
1120
 * @param [in] idx         Starting index of item data.
1121
 * @param [in] len         Length of input buffer upto end of this item's data.
1122
 * @param [in] zeroPadded  INTEGER was zero padded to make positive.
1123
 * @return  0 on success.
1124
 * @return  ASN_PARSE_E when BER encoded data is invalid.
1125
 * @return  ASN_EXPECT_0_E when NULL tagged item has a non-zero length.
1126
 * @return  MP_INIT_E when the unable to initialize an mp_int.
1127
 * @return  ASN_GETINT_E when the unable to convert data to an mp_int.
1128
 * @return  BAD_STATE_E when the data type is not supported.
1129
 * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
1130
 */
1131
static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
1132
                            const byte* input, word32 idx, int len,
1133
                            int zeroPadded)
1134
1.53k
{
1135
1.53k
    int i;
1136
1.53k
    int err;
1137
1138
    /* Parse data based on data type to extract. */
1139
1.53k
    switch (data->dataType) {
1140
        /* Parse a data into a number of specified bits. */
1141
0
        case ASN_DATA_TYPE_WORD8:
1142
            /* Check data is small enough to fit. */
1143
0
            if (len != 1) {
1144
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1145
                WOLFSSL_MSG_VSNPRINTF("Expecting one byte: %d", len);
1146
            #endif
1147
0
                return ASN_PARSE_E;
1148
0
            }
1149
            /* Fill number with all of data. */
1150
0
            *data->data.u8 = input[idx];
1151
0
            break;
1152
0
        case ASN_DATA_TYPE_WORD16:
1153
            /* Check data is small enough to fit. */
1154
0
            if (len == 0 || len > 2) {
1155
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1156
                WOLFSSL_MSG_VSNPRINTF("Expecting 1 or 2 bytes: %d", len);
1157
            #endif
1158
0
                return ASN_PARSE_E;
1159
0
            }
1160
            /* Fill number with all of data. */
1161
0
            *data->data.u16 = 0;
1162
0
            for (i = 0; i < len; i++) {
1163
0
                *data->data.u16 <<= 8;
1164
0
                *data->data.u16 |= input[idx + (word32)i] ;
1165
0
            }
1166
0
            break;
1167
0
        case ASN_DATA_TYPE_WORD32:
1168
            /* Check data is small enough to fit. */
1169
0
            if (len == 0 || len > 4) {
1170
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1171
                WOLFSSL_MSG_VSNPRINTF("Expecting 1 to 4 bytes: %d", len);
1172
            #endif
1173
0
                return ASN_PARSE_E;
1174
0
            }
1175
            /* Fill number with all of data. */
1176
0
            *data->data.u32 = 0;
1177
0
            for (i = 0; i < len; i++) {
1178
0
                *data->data.u32 <<= 8;
1179
0
                *data->data.u32 |= input[idx + (word32)i] ;
1180
0
            }
1181
0
            break;
1182
1183
0
        case ASN_DATA_TYPE_BUFFER:
1184
            /* Check buffer is big enough to hold data. */
1185
0
            if (len > (int)*data->data.buffer.length) {
1186
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1187
                WOLFSSL_MSG_VSNPRINTF("Buffer too small for data: %d %d", len,
1188
                        *data->data.buffer.length);
1189
            #endif
1190
0
                return ASN_PARSE_E;
1191
0
            }
1192
            /* Copy in data and record actual length seen. */
1193
0
            XMEMCPY(data->data.buffer.data, input + idx, (size_t)len);
1194
0
            *data->data.buffer.length = (word32)len;
1195
0
            break;
1196
1197
0
        case ASN_DATA_TYPE_EXP_BUFFER:
1198
            /* Check data is same size expected. */
1199
0
            if (len != (int)data->data.ref.length) {
1200
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1201
                WOLFSSL_MSG_VSNPRINTF("Data not expected length: %d %d", len,
1202
                        data->data.ref.length);
1203
            #endif
1204
0
                return ASN_PARSE_E;
1205
0
            }
1206
            /* Check data is same as expected. */
1207
0
            if (XMEMCMP(data->data.ref.data, input + idx, (size_t)len) != 0) {
1208
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1209
                WOLFSSL_MSG("Data not as expected");
1210
            #endif
1211
0
                return ASN_PARSE_E;
1212
0
            }
1213
0
            break;
1214
1215
480
        case ASN_DATA_TYPE_MP:
1216
480
        case ASN_DATA_TYPE_MP_POS_NEG:
1217
            /* Initialize mp_int and read in big-endian byte array. */
1218
480
            if (mp_init(data->data.mp) != MP_OKAY) {
1219
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1220
                WOLFSSL_MSG_VSNPRINTF("Failed to init mp: %p", data->data.mp);
1221
            #endif
1222
0
                return MP_INIT_E;
1223
0
            }
1224
480
            FALL_THROUGH;
1225
1.53k
        case ASN_DATA_TYPE_MP_INITED:
1226
1.53k
            err = mp_read_unsigned_bin(data->data.mp, (byte*)input + idx,
1227
1.53k
                                       (word32)len);
1228
1.53k
            if (err != 0) {
1229
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1230
                WOLFSSL_MSG_VSNPRINTF("Failed to read mp: %d", err);
1231
            #endif
1232
3
                mp_clear(data->data.mp);
1233
3
                return ASN_GETINT_E;
1234
3
            }
1235
        #ifdef HAVE_WOLF_BIGINT
1236
            err = wc_bigint_from_unsigned_bin(&data->data.mp->raw, input + idx,
1237
                    len);
1238
            if (err != 0) {
1239
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1240
                WOLFSSL_MSG_VSNPRINTF("Failed to create bigint: %d", err);
1241
            #endif
1242
                mp_clear(data->data.mp);
1243
                return ASN_GETINT_E;
1244
            }
1245
        #endif /* HAVE_WOLF_BIGINT */
1246
1247
1.53k
        #ifdef WOLFSSL_SP_INT_NEGATIVE
1248
            /* Don't always read as positive. */
1249
1.53k
            if ((data->dataType == ASN_DATA_TYPE_MP_POS_NEG) && (!zeroPadded) &&
1250
1.53k
                (input[idx] & 0x80)) {
1251
0
                #ifdef MP_NEG
1252
0
                    data->data.mp->sign = MP_NEG;
1253
                #else
1254
                    #ifdef OPENSSL_EXTRA
1255
                        /* public API wolfSSL_ASN1_INTEGER_get() depends
1256
                         * indirectly on negative bignum handling here.
1257
                         */
1258
                        #error OPENSSL_EXTRA requires negative bignum support.
1259
                    #endif
1260
                    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1261
                    WOLFSSL_MSG_VSNPRINTF("ASN negative integer without bignum support.");
1262
                    #endif
1263
                    mp_clear(data->data.mp);
1264
                    return ASN_GETINT_E;
1265
                #endif
1266
0
            }
1267
        #else
1268
            (void)zeroPadded;
1269
        #endif
1270
1.53k
            break;
1271
1272
0
        case ASN_DATA_TYPE_CHOICE:
1273
            /* Check if tag matched any of the choices specified. */
1274
0
            for (i = 0; data->data.choice[i] != 0; i++)
1275
0
                if (data->data.choice[i] == data->tag)
1276
0
                    break;
1277
0
            if (data->data.choice[i] == 0) {
1278
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1279
                WOLFSSL_MSG("Tag didn't match a choice");
1280
            #endif
1281
0
                return ASN_PARSE_E;
1282
0
            }
1283
1284
            /* Store data pointer and length for caller. */
1285
0
            data->data.ref.data = input + idx;
1286
0
            data->data.ref.length = (word32)len;
1287
0
            break;
1288
1289
0
        case ASN_DATA_TYPE_NONE:
1290
            /* Default behaviour based on tag. */
1291
0
            if (asn->tag == ASN_BOOLEAN) {
1292
                /* BOOLEAN has only one byte of data in BER. */
1293
0
                if (len != 1) {
1294
                #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1295
                    WOLFSSL_MSG_VSNPRINTF("BOOLEAN length too long: %d", len);
1296
                #endif
1297
0
                    return ASN_PARSE_E;
1298
0
                }
1299
0
                if (data->data.u8 == NULL)
1300
0
                    return BAD_STATE_E;
1301
                /* Store C boolean value. */
1302
0
                *data->data.u8 = (input[idx] != 0);
1303
0
                break;
1304
0
            }
1305
0
            if (asn->tag == ASN_TAG_NULL) {
1306
                /* NULL has no data in BER. */
1307
0
                if (len != 0) {
1308
                #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1309
                    WOLFSSL_MSG_VSNPRINTF("NULL length too long: %d", len);
1310
                #endif
1311
0
                    return ASN_EXPECT_0_E;
1312
0
                }
1313
0
                data->data.ref.data = input + idx;
1314
0
                break;
1315
0
            }
1316
0
            if (asn->tag == ASN_OBJECT_ID) {
1317
0
                word32 oidIdx = 0;
1318
                /* Store OID data pointer and length */
1319
0
                data->data.oid.data = input + idx;
1320
0
                data->data.oid.length = (word32)len;
1321
                /* Get the OID sum. */
1322
0
                err = GetOID(input + idx, &oidIdx, &data->data.oid.sum,
1323
0
                        data->data.oid.type, len);
1324
0
                if (err < 0) {
1325
                #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1326
                    WOLFSSL_MSG_VSNPRINTF("OID check failed: %d", err);
1327
                #endif
1328
0
                    return err;
1329
0
                }
1330
0
                break;
1331
0
            }
1332
1333
            /* Otherwise store data pointer and length. */
1334
0
            data->data.ref.data = input + idx;
1335
0
            data->data.ref.length = (word32)len;
1336
0
            break;
1337
1338
    #ifdef DEBUG_WOLFSSL
1339
        default:
1340
            /* Bad ASN data type. */
1341
        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1342
            WOLFSSL_MSG_VSNPRINTF("Bad data type: %d", data->dataType);
1343
        #endif
1344
            return BAD_STATE_E;
1345
    #endif
1346
1.53k
    }
1347
1348
1.53k
    return 0;
1349
1.53k
}
1350
1351
/* Get the ASN.1 items from the BER encoding.
1352
 *
1353
 * @param [in]      asn       ASN.1 items expected.
1354
 * @param [in]      data      Data array to place found items into.
1355
 * @param [in]      count     Count of items to parse.
1356
 * @param [in]      complete  Whether the whole buffer is to be used up.
1357
 * @param [in]      input     BER encoded data.
1358
 * @param [in, out] inOutIdx  On in, starting index of data.
1359
 *                            On out, end of parsed data.
1360
 * @param [in]      length    Length of input buffer.
1361
 * @return  0 on success.
1362
 * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
1363
 *          is invalid.
1364
 * @return  BUFFER_E when data in buffer is too small.
1365
 * @return  ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
1366
 * @return  ASN_BITSTR_E when the expected BIT_STRING tag is not found.
1367
 * @return  ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
1368
 *          non-zero length.
1369
 * @return  MP_INIT_E when the unable to initialize an mp_int.
1370
 * @return  ASN_GETINT_E when the unable to convert data to an mp_int.
1371
 * @return  BAD_STATE_E when the data type is not supported.
1372
 * @return  ASN_UNKNOWN_OID_E when the OID cannot be verified.
1373
 */
1374
int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete,
1375
                 const byte* input, word32* inOutIdx, word32 length)
1376
769
{
1377
769
    int    i;
1378
769
    int    j;
1379
769
    int    err;
1380
769
    int    len;
1381
    /* Current index into buffer. */
1382
769
    word32 idx = *inOutIdx;
1383
    /* Initialize the end index at each depth to be the length. */
1384
769
    word32 endIdx[GET_ASN_MAX_DEPTH] = { length, length, length, length, length,
1385
769
                                         length, length };
1386
    /* Set choices to -1 to indicate they haven't been seen or found. */
1387
769
    signed char   choiceMet[GET_ASN_MAX_CHOICES] = { -1, -1 };
1388
    /* Not matching a choice right now. */
1389
769
    int    choice = 0;
1390
    /* Current depth of ASN.1 item. */
1391
769
    int    depth;
1392
    /* Minimum depth value seen. */
1393
769
    int    minDepth;
1394
    /* Integer had a zero prepended. */
1395
769
    int    zeroPadded;
1396
1397
#ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1398
    WOLFSSL_ENTER("GetASN_Items");
1399
#endif
1400
1401
    /* Start depth at first items depth. */
1402
769
    minDepth = depth = asn[0].depth;
1403
    /* Check every ASN.1 item. */
1404
3.07k
    for (i = 0; i < count; i++) {
1405
        /* Store offset of ASN.1 item. */
1406
2.30k
        data[i].offset = idx;
1407
        /* Length of data in ASN.1 item starts empty. */
1408
2.30k
        data[i].length = 0;
1409
        /* Get current item depth. */
1410
2.30k
        depth = asn[i].depth;
1411
    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1412
        if (depth > GET_ASN_MAX_DEPTH) {
1413
            WOLFSSL_MSG("Depth in template too large");
1414
            return ASN_PARSE_E;
1415
        }
1416
    #endif
1417
        /* Keep track of minimum depth. */
1418
2.30k
        if (depth < minDepth) {
1419
0
            minDepth = depth;
1420
0
        }
1421
1422
        /* Reset choice if different from previous. */
1423
2.30k
        if (choice > 0 && asn[i].optional != choice) {
1424
0
            choice = 0;
1425
0
        }
1426
        /* Check if first of numbered choice. */
1427
2.30k
        if (choice == 0 && asn[i].optional > 1) {
1428
0
            choice = asn[i].optional;
1429
0
            if (choiceMet[choice - 2] == -1) {
1430
                /* Choice seen but not found a match yet. */
1431
0
                choiceMet[choice - 2] = 0;
1432
0
            }
1433
0
        }
1434
1435
        /* Check for end of data or not a choice and tag not matching. */
1436
2.30k
        if (idx == endIdx[depth] || (data[i].dataType != ASN_DATA_TYPE_CHOICE &&
1437
2.30k
                              (input[idx] & ~ASN_CONSTRUCTED) != asn[i].tag)) {
1438
0
            if (asn[i].optional) {
1439
                /* Skip over ASN.1 items underneath this optional item. */
1440
0
                for (j = i + 1; j < count; j++) {
1441
0
                    if (asn[i].depth >= asn[j].depth)
1442
0
                        break;
1443
0
                    data[j].offset = idx;
1444
0
                    data[j].length = 0;
1445
0
                }
1446
0
                i = j - 1;
1447
0
                continue;
1448
0
            }
1449
1450
            /* Check for end of data. */
1451
0
            if (idx == length) {
1452
        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1453
                WOLFSSL_MSG_VSNPRINTF(
1454
                    "%2d: %4d %4d %c %*s %-16s%*s  (index past end)",
1455
                    i, data[i].offset, data[i].length,
1456
                    asn[i].constructed ? '+' : ' ', asn[i].depth, "",
1457
                    TagString(asn[i].tag), 6 - asn[i].depth, "");
1458
                WOLFSSL_MSG_VSNPRINTF("Index past end of data: %d %d", idx,
1459
                        length);
1460
        #endif
1461
0
                return BUFFER_E;
1462
0
            }
1463
        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1464
            /* Show expected versus found. */
1465
            WOLFSSL_MSG_VSNPRINTF(
1466
                "%2d: %4d %4d %c %*s %-16s%*s  Tag=0x%02x (%s)",
1467
                i, data[i].offset, data[i].length,
1468
                asn[i].constructed ? '+' : ' ', asn[i].depth, "",
1469
                TagString(asn[i].tag), 6 - asn[i].depth, "",
1470
                input[idx], TagString(input[idx]));
1471
        #endif
1472
            /* Check for end of data at this depth. */
1473
0
            if (idx == endIdx[depth]) {
1474
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1475
                WOLFSSL_MSG_VSNPRINTF("Index past outer item: %d %d", idx,
1476
                        endIdx[depth]);
1477
            #endif
1478
0
                return ASN_PARSE_E;
1479
0
            }
1480
1481
            /* Expecting an OBJECT_ID */
1482
0
            if (asn[i].tag == ASN_OBJECT_ID) {
1483
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1484
                WOLFSSL_MSG("Expecting OBJECT ID");
1485
            #endif
1486
0
                return ASN_OBJECT_ID_E;
1487
0
            }
1488
            /* Expecting a BIT_STRING */
1489
0
            if (asn[i].tag == ASN_BIT_STRING) {
1490
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1491
                WOLFSSL_MSG("Expecting BIT STRING");
1492
            #endif
1493
0
                return ASN_BITSTR_E;
1494
0
            }
1495
            /* Not the expected tag. */
1496
        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1497
            WOLFSSL_MSG("Bad tag");
1498
        #endif
1499
0
            return ASN_PARSE_E;
1500
0
        }
1501
1502
        /* Store found tag in data. */
1503
2.30k
        data[i].tag = input[idx];
1504
2.30k
        if (data[i].dataType != ASN_DATA_TYPE_CHOICE) {
1505
2.30k
            int constructed = (input[idx] & ASN_CONSTRUCTED) == ASN_CONSTRUCTED;
1506
            /* Check constructed match expected for non-choice ASN.1 item. */
1507
2.30k
            if (asn[i].constructed != constructed) {
1508
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1509
                WOLFSSL_MSG_VSNPRINTF(
1510
                        "%2d: %4d %4d %c %*s %-16s%*s  Tag=0x%02x (%s)",
1511
                        i, data[i].offset, data[i].length,
1512
                        asn[i].constructed ? '+' : ' ', asn[i].depth, "",
1513
                        TagString(asn[i].tag), 6 - asn[i].depth, "",
1514
                        input[idx], TagString(input[idx]));
1515
                if (!constructed) {
1516
                    WOLFSSL_MSG("Not constructed");
1517
                }
1518
                else {
1519
                    WOLFSSL_MSG("Not expected to be constructed");
1520
                }
1521
            #endif
1522
0
                return ASN_PARSE_E;
1523
0
            }
1524
2.30k
        }
1525
        /* Move index to start of length. */
1526
2.30k
        idx++;
1527
        /* Get the encoded length. */
1528
2.30k
        if (GetASN_Length(input, &idx, &len, endIdx[depth], 1) < 0) {
1529
        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1530
            WOLFSSL_MSG_VSNPRINTF("%2d: idx=%d len=%d end=%d", i, idx, len,
1531
                    endIdx[depth]);
1532
        #endif
1533
0
            return ASN_PARSE_E;
1534
0
        }
1535
        /* Store length of data. */
1536
2.30k
        data[i].length = (word32)len;
1537
        /* Note the max length of items under this one. */
1538
2.30k
        endIdx[depth + 1] = idx + (word32)len;
1539
2.30k
        if (choice > 1) {
1540
            /* Note we found a number choice. */
1541
0
            choiceMet[choice - 2] = 1;
1542
0
        }
1543
1544
    #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1545
        WOLFSSL_MSG_VSNPRINTF("%2d: %4d %4d %c %*s %-16s", i,
1546
                data[i].offset, data[i].length, asn[i].constructed ? '+' : ' ',
1547
                asn[i].depth, "", TagString(data[i].tag));
1548
    #endif
1549
1550
        /* Assume no zero padding on INTEGER. */
1551
2.30k
        zeroPadded = 0;
1552
        /* Check data types that prepended a byte. */
1553
2.30k
        if (asn[i].tag == ASN_INTEGER) {
1554
            /* Check validity of first byte. */
1555
1.53k
            err = GetASN_Integer(input, idx, len,
1556
1.53k
                    data[i].dataType == ASN_DATA_TYPE_MP ||
1557
1.53k
                    data[i].dataType == ASN_DATA_TYPE_MP_INITED);
1558
1.53k
            if (err != 0)
1559
0
                return err;
1560
1.53k
            if (len > 1 && input[idx] == 0) {
1561
602
                zeroPadded = 1;
1562
                /* Move over prepended byte. */
1563
602
                idx++;
1564
602
                len--;
1565
602
            }
1566
1.53k
        }
1567
769
        else if (asn[i].tag == ASN_BIT_STRING) {
1568
            /* Check prepended byte is correct. */
1569
0
            err = GetASN_BitString(input, idx, len);
1570
0
            if (err != 0)
1571
0
                return err;
1572
            /* Move over prepended byte. */
1573
0
            idx++;
1574
0
            len--;
1575
0
        }
1576
769
        else if ((asn[i].tag == ASN_OBJECT_ID) && (len < 3)) {
1577
        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1578
            WOLFSSL_MSG_VSNPRINTF("OID length must be 3 or more: %d", len);
1579
        #endif
1580
0
            return ASN_PARSE_E;
1581
0
        }
1582
1583
        /* Don't parse data if only header required. */
1584
2.30k
        if (asn[i].headerOnly) {
1585
            /* Store reference to data and length. */
1586
769
            data[i].data.ref.data = input + idx;
1587
769
            data[i].data.ref.length = (word32)len;
1588
769
            continue;
1589
769
        }
1590
1591
        /* Store the data at idx in the ASN data item. */
1592
1.53k
        err = GetASN_StoreData(&asn[i], &data[i], input, idx, len, zeroPadded);
1593
1.53k
        if (err != 0) {
1594
3
            return err;
1595
3
        }
1596
1597
        /* Move index to next item. */
1598
1.53k
        idx += (word32)len;
1599
1600
        /* When matched numbered choice ... */
1601
1.53k
        if (asn[i].optional > 1) {
1602
            /* Skip over other ASN.1 items of the same number. */
1603
0
            for (j = i + 1; j < count; j++) {
1604
0
                if (asn[j].depth <= asn[i].depth &&
1605
0
                                           asn[j].optional != asn[i].optional) {
1606
0
                   break;
1607
0
                }
1608
0
            }
1609
0
            i = j - 1;
1610
0
        }
1611
1.53k
    }
1612
1613
766
    if (complete) {
1614
        /* When expecting ASN.1 items to completely use data, check we did. */
1615
0
        for (j = depth; j > minDepth; j--) {
1616
0
            if (idx < endIdx[j]) {
1617
            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1618
                WOLFSSL_MSG_VSNPRINTF(
1619
                    "More data in constructed item at depth: %d", j - 1);
1620
            #endif
1621
0
                return ASN_PARSE_E;
1622
0
            }
1623
0
        }
1624
0
    }
1625
1626
    /* Check all choices where met - found an item for them. */
1627
2.29k
    for (j = 0; j < GET_ASN_MAX_CHOICES; j++) {
1628
1.53k
        if (choiceMet[j] == 0) {
1629
        #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1630
            WOLFSSL_MSG_VSNPRINTF("No choice seen: %d", j + 2);
1631
        #endif
1632
0
            return ASN_PARSE_E;
1633
0
        }
1634
1.53k
    }
1635
1636
    /* Return index after ASN.1 data has been parsed. */
1637
766
    *inOutIdx = idx;
1638
1639
766
    return 0;
1640
766
}
1641
1642
#ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
1643
/* Calculate the size of the DER encoding.
1644
 *
1645
 * Call SetASN_Items() to write encoding to a buffer.
1646
 *
1647
 * @param [in]      asn    ASN.1 items to encode.
1648
 * @param [in, out] data   Data to place in each item. Lengths set were not
1649
 *                         known.
1650
 * @param [in]      count  Count of items to encode.
1651
 * @param [out]     len    Length of the DER encoding.
1652
 * @return  Size of the DER encoding in bytes.
1653
 */
1654
static int SizeASN_ItemsDebug(const char* name, const ASNItem* asn,
1655
    ASNSetData *data, int count, int* encSz)
1656
{
1657
    WOLFSSL_MSG_VSNPRINTF("TEMPLATE: %s", name);
1658
    return SizeASN_Items(asn, data, count, encSz);
1659
}
1660
1661
/* Creates the DER encoding of the ASN.1 items.
1662
 *
1663
 * Assumes the output buffer is large enough to hold encoding.
1664
 * Must call SizeASN_Items() to determine size of encoding and offsets.
1665
 *
1666
 * Displays the template name first.
1667
 *
1668
 * @param [in]      name    Name of ASN.1 template.
1669
 * @param [in]      asn     ASN.1 items to encode.
1670
 * @param [in]      data    Data to place in each item.
1671
 * @param [in]      count   Count of items to encode.
1672
 * @param [in, out] output  Buffer to write encoding into.
1673
 * @return  Size of the DER encoding in bytes.
1674
 */
1675
static int SetASN_ItemsDebug(const char* name, const ASNItem* asn,
1676
    ASNSetData *data, int count, byte* output)
1677
{
1678
    WOLFSSL_MSG_VSNPRINTF("TEMPLATE: %s", name);
1679
    return SetASN_Items(asn, data, count, output);
1680
}
1681
1682
/* Get the ASN.1 items from the BER encoding.
1683
 *
1684
 * Displays the template name first.
1685
 *
1686
 * @param [in]      name      Name of ASN.1 template.
1687
 * @param [in]      asn       ASN.1 items expected.
1688
 * @param [in]      data      Data array to place found items into.
1689
 * @param [in]      count     Count of items to parse.
1690
 * @param [in]      complete  Whether the whole buffer is to be used up.
1691
 * @param [in]      input     BER encoded data.
1692
 * @param [in, out] inOutIdx  On in, starting index of data.
1693
 *                            On out, end of parsed data.
1694
 * @param [in]      maxIdx    Maximum index of input data.
1695
 * @return  0 on success.
1696
 * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
1697
 * is invalid.
1698
 * @return  BUFFER_E when data in buffer is too small.
1699
 * @return  ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
1700
 * @return  ASN_BITSTR_E when the expected BIT_STRING tag is not found.
1701
 * @return  ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
1702
 *          non-zero length.
1703
 * @return  MP_INIT_E when the unable to initialize an mp_int.
1704
 * @return  ASN_GETINT_E when the unable to convert data to an mp_int.
1705
 * @return  BAD_STATE_E when the data type is not supported.
1706
 */
1707
static int GetASN_ItemsDebug(const char* name, const ASNItem* asn,
1708
    ASNGetData *data, int count, int complete, const byte* input,
1709
    word32* inOutIdx, word32 maxIdx)
1710
{
1711
    WOLFSSL_MSG_VSNPRINTF("TEMPLATE: %s", name);
1712
    return GetASN_Items(asn, data, count, complete, input, inOutIdx, maxIdx);
1713
}
1714
1715
/* Calculate the size of the DER encoding.
1716
 *
1717
 * Call SetASN_Items() to write encoding to a buffer.
1718
 *
1719
 * @param [in]      asn    ASN.1 items to encode.
1720
 * @param [in, out] data   Data to place in each item. Lengths set were not
1721
 *                         known.
1722
 * @param [in]      count  Count of items to encode.
1723
 * @param [out]     len    Length of the DER encoding.
1724
 * @return  Size of the DER encoding in bytes.
1725
 */
1726
#define SizeASN_Items(asn, data, count, encSz)  \
1727
    SizeASN_ItemsDebug(#asn, asn, data, count, encSz)
1728
1729
/* Creates the DER encoding of the ASN.1 items.
1730
 *
1731
 * Assumes the output buffer is large enough to hold encoding.
1732
 * Must call SizeASN_Items() to determine size of encoding and offsets.
1733
 *
1734
 * Displays the template name first.
1735
 *
1736
 * @param [in]      name    Name of ASN.1 template.
1737
 * @param [in]      asn     ASN.1 items to encode.
1738
 * @param [in]      data    Data to place in each item.
1739
 * @param [in]      count   Count of items to encode.
1740
 * @param [in, out] output  Buffer to write encoding into.
1741
 * @return  Size of the DER encoding in bytes.
1742
 */
1743
#define SetASN_Items(asn, data, count, output)  \
1744
    SetASN_ItemsDebug(#asn, asn, data, count, output)
1745
1746
/* Get the ASN.1 items from the BER encoding.
1747
 *
1748
 * Displays the template name first.
1749
 *
1750
 * @param [in]      name      Name of ASN.1 template.
1751
 * @param [in]      asn       ASN.1 items expected.
1752
 * @param [in]      data      Data array to place found items into.
1753
 * @param [in]      count     Count of items to parse.
1754
 * @param [in]      complete  Whether the whole buffer is to be used up.
1755
 * @param [in]      input     BER encoded data.
1756
 * @param [in, out] inOutIdx  On in, starting index of data.
1757
 *                            On out, end of parsed data.
1758
 * @param [in]      maxIdx    Maximum index of input data.
1759
 * @return  0 on success.
1760
 * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
1761
 * is invalid.
1762
 * @return  BUFFER_E when data in buffer is too small.
1763
 * @return  ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found.
1764
 * @return  ASN_BITSTR_E when the expected BIT_STRING tag is not found.
1765
 * @return  ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
1766
 *          non-zero length.
1767
 * @return  MP_INIT_E when the unable to initialize an mp_int.
1768
 * @return  ASN_GETINT_E when the unable to convert data to an mp_int.
1769
 * @return  BAD_STATE_E when the data type is not supported.
1770
 */
1771
#define GetASN_Items(asn, data, count, complete, input, inOutIdx, maxIdx)  \
1772
    GetASN_ItemsDebug(#asn, asn, data, count, complete, input, inOutIdx, maxIdx)
1773
#endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */
1774
1775
/* Decode a BER encoded constructed sequence.
1776
 *
1777
 * @param [in]       input     Buffer of BER encoded data.
1778
 * @param [in, out]  inOutIdx  On in, index to start decoding from.
1779
 *                             On out, index of next encoded byte.
1780
 * @param [out]      len       Length of data under SEQUENCE.
1781
 * @param [in]       maxIdx    Maximim index of data. Index of byte after SEQ.
1782
 * @param [in]       complete  All data used with SEQUENCE and data under.
1783
 * @return  0 on success.
1784
 * @return  BUFFER_E when not enough data to complete decode.
1785
 * @return  ASN_PARSE when decoding failed.
1786
 */
1787
static int GetASN_Sequence(const byte* input, word32* inOutIdx, int* len,
1788
                           word32 maxIdx, int complete)
1789
0
{
1790
0
    int ret = 0;
1791
0
    word32 idx = *inOutIdx;
1792
1793
    /* Check buffer big enough for tag. */
1794
0
    if (idx + 1 > maxIdx) {
1795
0
        ret = BUFFER_E;
1796
0
    }
1797
    /* Check it is a constructed SEQUENCE. */
1798
0
    if ((ret == 0) && (input[idx++] != (ASN_SEQUENCE | ASN_CONSTRUCTED))) {
1799
0
        ret = ASN_PARSE_E;
1800
0
    }
1801
    /* Get the length. */
1802
0
    if ((ret == 0) && (GetASN_Length(input, &idx, len, maxIdx, 1) < 0)) {
1803
0
        ret = ASN_PARSE_E;
1804
0
    }
1805
    /* Check all data used if complete set. */
1806
0
    if ((ret == 0) && complete && (idx + (word32)*len != maxIdx)) {
1807
0
        ret = ASN_PARSE_E;
1808
0
    }
1809
0
    if (ret == 0) {
1810
        /* Return index of next byte of encoded data. */
1811
0
        *inOutIdx = idx;
1812
0
    }
1813
1814
0
    return ret;
1815
0
}
1816
1817
1818
#ifdef WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
1819
/* Setup ASN data item to get an 8-bit number.
1820
 *
1821
 * @param [in] dataASN  Dynamic ASN data item.
1822
 * @param [in] num      Pointer to an 8-bit variable.
1823
 */
1824
void GetASN_Int8Bit(ASNGetData *dataASN, byte* num)
1825
{
1826
    dataASN->dataType = ASN_DATA_TYPE_WORD8;
1827
    dataASN->data.u8  = num;
1828
}
1829
1830
/* Setup ASN data item to get a 16-bit number.
1831
 *
1832
 * @param [in] dataASN  Dynamic ASN data item.
1833
 * @param [in] num      Pointer to a 16-bit variable.
1834
 */
1835
void GetASN_Int16Bit(ASNGetData *dataASN, word16* num)
1836
{
1837
    dataASN->dataType = ASN_DATA_TYPE_WORD16;
1838
    dataASN->data.u16 = num;
1839
}
1840
1841
/* Setup ASN data item to get a 32-bit number.
1842
 *
1843
 * @param [in] dataASN  Dynamic ASN data item.
1844
 * @param [in] num      Pointer to a 32-bit variable.
1845
 */
1846
void GetASN_Int32Bit(ASNGetData *dataASN, word32* num)
1847
{
1848
    dataASN->dataType = ASN_DATA_TYPE_WORD32;
1849
    dataASN->data.u32 = num;
1850
}
1851
1852
/* Setup ASN data item to get data into a buffer of a specific length.
1853
 *
1854
 * @param [in] dataASN  Dynamic ASN data item.
1855
 * @param [in] data     Buffer to hold data.
1856
 * @param [in] length   Length of buffer in bytes.
1857
 */
1858
void GetASN_Buffer(ASNGetData *dataASN, byte* data, word32* length)
1859
{
1860
    dataASN->dataType           = ASN_DATA_TYPE_BUFFER;
1861
    dataASN->data.buffer.data   = data;
1862
    dataASN->data.buffer.length = length;
1863
}
1864
1865
/* Setup ASN data item to check parsed data against expected buffer.
1866
 *
1867
 * @param [in] dataASN  Dynamic ASN data item.
1868
 * @param [in] data     Buffer containing expected data.
1869
 * @param [in] length   Length of buffer in bytes.
1870
 */
1871
void GetASN_ExpBuffer(ASNGetData *dataASN, const byte* data, word32 length)
1872
{
1873
    dataASN->dataType        = ASN_DATA_TYPE_EXP_BUFFER;
1874
    dataASN->data.ref.data   = data;
1875
    dataASN->data.ref.length = length;
1876
}
1877
1878
/* Setup ASN data item to get a number into an mp_int.
1879
 *
1880
 * @param [in] dataASN  Dynamic ASN data item.
1881
 * @param [in] num      Multi-precision number object.
1882
 */
1883
void GetASN_MP(ASNGetData *dataASN, mp_int* num)
1884
{
1885
    dataASN->dataType = ASN_DATA_TYPE_MP;
1886
    dataASN->data.mp  = num;
1887
}
1888
1889
/* Setup ASN data item to get a number into an mp_int that is initialized.
1890
 *
1891
 * @param [in] dataASN  Dynamic ASN data item.
1892
 * @param [in] num      Multi-precision number object.
1893
 */
1894
void GetASN_MP_Inited(ASNGetData *dataASN, mp_int* num)
1895
{
1896
    dataASN->dataType = ASN_DATA_TYPE_MP_INITED;
1897
    dataASN->data.mp  = num;
1898
}
1899
1900
/* Setup ASN data item to get a positive or negative number into an mp_int.
1901
 *
1902
 * @param [in] dataASN  Dynamic ASN data item.
1903
 * @param [in] num      Multi-precision number object.
1904
 */
1905
void GetASN_MP_PosNeg(ASNGetData *dataASN, mp_int* num)
1906
{
1907
    dataASN->dataType = ASN_DATA_TYPE_MP_POS_NEG;
1908
    dataASN->data.mp  = num;
1909
}
1910
1911
/* Setup ASN data item to be a choice of tags.
1912
 *
1913
 * @param [in] dataASN  Dynamic ASN data item.
1914
 * @param [in] options  0 terminated list of tags that are valid.
1915
 */
1916
void GetASN_Choice(ASNGetData *dataASN, const byte* options)
1917
{
1918
    dataASN->dataType    = ASN_DATA_TYPE_CHOICE;
1919
    dataASN->data.choice = options;
1920
}
1921
1922
/* Setup ASN data item to get a boolean value.
1923
 *
1924
 * @param [in] dataASN  Dynamic ASN data item.
1925
 * @param [in] num      Pointer to an 8-bit variable.
1926
 */
1927
void GetASN_Boolean(ASNGetData *dataASN, byte* num)
1928
{
1929
    dataASN->dataType    = ASN_DATA_TYPE_NONE;
1930
    dataASN->data.choice = num;
1931
}
1932
1933
/* Setup ASN data item to be a an OID of a specific type.
1934
 *
1935
 * @param [in] dataASN  Dynamic ASN data item.
1936
 * @param [in] oidType  Type of OID to expect.
1937
 */
1938
void GetASN_OID(ASNGetData *dataASN, int oidType)
1939
{
1940
    dataASN->data.oid.type = oidType;
1941
}
1942
1943
/* Get the data and length from an ASN data item.
1944
 *
1945
 * @param [in]  dataASN  Dynamic ASN data item.
1946
 * @param [out] data     Pointer to data of item.
1947
 * @param [out] length   Length of buffer in bytes.
1948
 */
1949
void GetASN_GetConstRef(ASNGetData * dataASN, const byte** data, word32* length)
1950
{
1951
    *data   = dataASN->data.ref.data;
1952
    *length = dataASN->data.ref.length;
1953
}
1954
1955
/* Get the data and length from an ASN data item.
1956
 *
1957
 * @param [in]  dataASN  Dynamic ASN data item.
1958
 * @param [out] data     Pointer to data of item.
1959
 * @param [out] length   Length of buffer in bytes.
1960
 */
1961
void GetASN_GetRef(ASNGetData * dataASN, byte** data, word32* length)
1962
{
1963
    *data   = (byte*)dataASN->data.ref.data;
1964
    *length =        dataASN->data.ref.length;
1965
}
1966
1967
/* Get the data and length from an ASN data item that is an OID.
1968
 *
1969
 * @param [in]  dataASN  Dynamic ASN data item.
1970
 * @param [out] data     Pointer to .
1971
 * @param [out] length   Length of buffer in bytes.
1972
 */
1973
void GetASN_OIDData(ASNGetData * dataASN, byte** data, word32* length)
1974
{
1975
    *data   = (byte*)dataASN->data.oid.data;
1976
    *length =        dataASN->data.oid.length;
1977
}
1978
1979
/* Setup an ASN data item to set a boolean.
1980
 *
1981
 * @param [in] dataASN  Dynamic ASN data item.
1982
 * @param [in] val      Boolean value.
1983
 */
1984
void SetASN_Boolean(ASNSetData *dataASN, byte val)
1985
{
1986
    dataASN->dataType = ASN_DATA_TYPE_NONE;
1987
    dataASN->data.u8  = val;
1988
}
1989
1990
/* Setup an ASN data item to set an 8-bit number.
1991
 *
1992
 * @param [in] dataASN  Dynamic ASN data item.
1993
 * @param [in] num      8-bit number to set.
1994
 */
1995
void SetASN_Int8Bit(ASNSetData *dataASN, byte num)
1996
{
1997
    dataASN->dataType = ASN_DATA_TYPE_WORD8;
1998
    dataASN->data.u8  = num;
1999
}
2000
2001
/* Setup an ASN data item to set a 16-bit number.
2002
 *
2003
 * @param [in] dataASN  Dynamic ASN data item.
2004
 * @param [in] num      16-bit number to set.
2005
 */
2006
void SetASN_Int16Bit(ASNSetData *dataASN, word16 num)
2007
{
2008
    dataASN->dataType = ASN_DATA_TYPE_WORD16;
2009
    dataASN->data.u16 = num;
2010
}
2011
2012
/* Setup an ASN data item to set the data in a buffer.
2013
 *
2014
 * @param [in] dataASN  Dynamic ASN data item.
2015
 * @param [in] data     Buffer containing data to set.
2016
 * @param [in] length   Length of data in buffer in bytes.
2017
 */
2018
void SetASN_Buffer(ASNSetData *dataASN, const byte* data, word32 length)
2019
{
2020
    dataASN->data.buffer.data   = data;
2021
    dataASN->data.buffer.length = length;
2022
}
2023
2024
/* Setup an ASN data item to set the DER encode data in a buffer.
2025
 *
2026
 * @param [in] dataASN  Dynamic ASN data item.
2027
 * @param [in] data     Buffer containing BER encoded data to set.
2028
 * @param [in] length   Length of data in buffer in bytes.
2029
 */
2030
void SetASN_ReplaceBuffer(ASNSetData *dataASN, const byte* data, word32 length)
2031
{
2032
    dataASN->dataType           = ASN_DATA_TYPE_REPLACE_BUFFER;
2033
    dataASN->data.buffer.data   = data;
2034
    dataASN->data.buffer.length = length;
2035
}
2036
2037
/* Setup an ASN data item to set an multi-precision number.
2038
 *
2039
 * @param [in] dataASN  Dynamic ASN data item.
2040
 * @param [in] num      Multi-precision number.
2041
 */
2042
void SetASN_MP(ASNSetData *dataASN, mp_int* num)
2043
{
2044
    dataASN->dataType = ASN_DATA_TYPE_MP;
2045
    dataASN->data.mp  = num;
2046
}
2047
2048
/* Setup an ASN data item to set an OID based on id and type.
2049
 *
2050
 * oid and oidType pair are unique.
2051
 *
2052
 * @param [in] dataASN  Dynamic ASN data item.
2053
 * @param [in] oid      OID identifier.
2054
 * @param [in] oidType  Type of OID.
2055
 */
2056
void SetASN_OID(ASNSetData *dataASN, int oid, int oidType)
2057
{
2058
    dataASN->data.buffer.data = OidFromId(oid, oidType,
2059
                                                  &dataASN->data.buffer.length);
2060
}
2061
#endif /* WOLFSSL_ASN_TEMPLATE_TYPE_CHECK */
2062
2063
#ifdef CRLDP_VALIDATE_DATA
2064
/* Get the data of the BIT_STRING as a 16-bit number.
2065
 *
2066
 * @param [in]  dataASN  Dynamic ASN data item.
2067
 * @param [out] val      ASN.1 item's data as a 16-bit number.
2068
 * @return  0 on success.
2069
 * @return  ASN_PARSE_E when BITSTRING value is more than 2 bytes.
2070
 * @return  ASN_PARSE_E when unused bits of BITSTRING is invalid.
2071
 */
2072
static int GetASN_BitString_Int16Bit(ASNGetData* dataASN, word16* val)
2073
{
2074
    int ret;
2075
    int i;
2076
    const byte* input = dataASN->data.ref.data;
2077
    int length = dataASN->data.ref.length;
2078
2079
    /* Validate the BIT_STRING data. */
2080
    ret = GetASN_BitString(input, 0, length);
2081
    if (ret == 0) {
2082
        /* Skip unused bits byte. */
2083
        input++;
2084
        length--;
2085
2086
        /* Check the data is usable. */
2087
        if (length == 0 || length > 2) {
2088
#ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
2089
            WOLFSSL_MSG_VSNPRINTF("Expecting 1 or 2 bytes: %d", length);
2090
#endif
2091
            ret = ASN_PARSE_E;
2092
        }
2093
    }
2094
    if (ret == 0) {
2095
        /* Fill 16-bit var with all the data. */
2096
        *val = 0;
2097
        for (i = 0; i < length; i++) {
2098
            *val <<= 8;
2099
            *val |= input[i];
2100
        }
2101
    }
2102
    return ret;
2103
}
2104
#endif /* CRLDP_VALIDATE_DATA */
2105
2106
#endif /* WOLFSSL_ASN_TEMPLATE */
2107
2108
2109
/* Decode the BER/DER length field.
2110
 *
2111
 * @param [in]      input     BER encoded data.
2112
 * @param [in, out] inOutIdx  On in, starting index of length.
2113
 *                            On out, end of parsed length.
2114
 * @param [out]     len       Length value decoded.
2115
 * @param [in]      maxIdx    Maximum index of input data.
2116
 * @return  Length on success.
2117
 * @return  ASN_PARSE_E if the encoding is invalid.
2118
 * @return  BUFFER_E when not enough data to complete decode.
2119
 */
2120
int GetLength(const byte* input, word32* inOutIdx, int* len, word32 maxIdx)
2121
0
{
2122
0
    return GetLength_ex(input, inOutIdx, len, maxIdx, 1);
2123
0
}
2124
2125
2126
/* Decode the BER/DER length field and check the length is valid on request.
2127
 *
2128
 * BER/DER has Type-Length-Value triplets.
2129
 * When requested will check that the Length decoded, indicating the number
2130
 * of bytes in the Value, is available in the buffer after the Length bytes.
2131
 *
2132
 * Only supporting a length upto INT_MAX.
2133
 *
2134
 * @param [in]      input     BER encoded data.
2135
 * @param [in, out] inOutIdx  On in, starting index of length.
2136
 *                            On out, end of parsed length.
2137
 * @param [out]     len       Length value decoded.
2138
 * @param [in]      maxIdx    Maximum index of input data.
2139
 * @param [in]      check     Whether to check the buffer has at least the
2140
 *                            decoded length of bytes remaining.
2141
 * @return  Length on success.
2142
 * @return  ASN_PARSE_E if the encoding is invalid.
2143
 * @return  BUFFER_E when not enough data to complete decode.
2144
 */
2145
int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx,
2146
                 int check)
2147
2.30k
{
2148
2.30k
    int     length = 0;
2149
2.30k
    word32  idx = (word32)*inOutIdx;
2150
2.30k
    byte    b;
2151
2152
    /* Ensure zero return length on error. */
2153
2.30k
    *len = 0;
2154
2155
    /* Check there is at least one byte available containing length information.
2156
     */
2157
2.30k
    if ((idx + 1) > maxIdx) {
2158
0
        WOLFSSL_MSG("GetLength - bad index on input");
2159
0
        return BUFFER_E;
2160
0
    }
2161
2162
    /* Get the first length byte. */
2163
2.30k
    b = input[idx++];
2164
    /* Check if the first byte indicates the count of bytes. */
2165
2.30k
    if (b >= ASN_LONG_LENGTH) {
2166
        /* Bottom 7 bits are the number of bytes to calculate length with.
2167
         * Note: 0 indicates indefinite length encoding *not* 0 bytes of length.
2168
         */
2169
140
        word32 bytes = (word32)b & 0x7FU;
2170
140
        int minLen;
2171
2172
        /* Calculate minimum length to be encoded with bytes. */
2173
140
        if (b == ASN_INDEF_LENGTH) {
2174
            /* Indefinite length encoding - no length bytes. */
2175
0
            minLen = 0;
2176
0
        }
2177
140
        else if (bytes == 1) {
2178
140
            minLen = 0x80;
2179
140
        }
2180
        /* Only support up to the number of bytes that fit into return var. */
2181
0
        else if (bytes > sizeof(length)) {
2182
0
            WOLFSSL_MSG("GetLength - overlong data length spec");
2183
0
            return ASN_PARSE_E;
2184
0
        } else {
2185
0
            minLen = 1 << ((bytes - 1) * 8);
2186
0
        }
2187
2188
        /* Check the number of bytes required are available. */
2189
140
        if ((idx + bytes) > maxIdx) {
2190
0
            WOLFSSL_MSG("GetLength - bad long length");
2191
0
            return BUFFER_E;
2192
0
        }
2193
2194
        /* Big-endian encoding of number. */
2195
280
        while (bytes--) {
2196
140
            b = input[idx++];
2197
140
            length = (length << 8) | b;
2198
140
        }
2199
        /* Negative value indicates we overflowed the signed int. */
2200
140
        if (length < 0) {
2201
0
            return ASN_PARSE_E;
2202
0
        }
2203
        /* Don't allow lengths that are longer than strictly required. */
2204
140
        if (length < minLen) {
2205
0
            return ASN_PARSE_E;
2206
0
        }
2207
140
    }
2208
2.16k
    else {
2209
        /* Length in first byte. */
2210
2.16k
        length = b;
2211
2.16k
    }
2212
2213
    /* When requested, check the buffer has at least length bytes left. */
2214
2.30k
    if (check && ((idx + (word32)length) > maxIdx)) {
2215
0
        WOLFSSL_MSG("GetLength - value exceeds buffer length");
2216
0
        return BUFFER_E;
2217
0
    }
2218
2219
    /* Return index after length encoding. */
2220
2.30k
    *inOutIdx = idx;
2221
    /* Return length if valid. */
2222
2.30k
    if (length > 0) {
2223
2.30k
        *len = length;
2224
2.30k
    }
2225
2226
    /* Return length calculated or error code. */
2227
2.30k
    return length;
2228
2.30k
}
2229
2230
2231
/* Gets the tag of next BER/DER encoded item.
2232
 *
2233
 * Checks there is enough data in the buffer for the tag byte.
2234
 *
2235
 * @param [in]      input     BER encoded data.
2236
 * @param [in, out] inOutIdx  On in, starting index of tag.
2237
 *                            On out, end of parsed tag.
2238
 * @param [out]     tag       Tag value found.
2239
 * @param [in]      maxIdx    Maximum index of input data.
2240
 *
2241
 * return  0 on success
2242
 * return  BAD_FUNC_ARG when tag, inOutIdx or input is NULL.
2243
 * return  BUFFER_E when not enough space in buffer for tag.
2244
 */
2245
int GetASNTag(const byte* input, word32* inOutIdx, byte* tag, word32 maxIdx)
2246
0
{
2247
0
    int ret = 0;
2248
0
    word32 idx = 0;
2249
2250
    /* Check validity of parameters. */
2251
0
    if ((tag == NULL) || (inOutIdx == NULL) || (input == NULL)) {
2252
0
        ret = BAD_FUNC_ARG;
2253
0
    }
2254
0
    if (ret == 0) {
2255
        /* Get index and ensure space for tag. */
2256
0
        idx = *inOutIdx;
2257
0
        if (idx + ASN_TAG_SZ > maxIdx) {
2258
0
            WOLFSSL_MSG("Buffer too small for ASN tag");
2259
0
            ret = BUFFER_E;
2260
0
        }
2261
0
    }
2262
0
    if (ret == 0) {
2263
        /* Return the tag and the index after tag. */
2264
0
        *tag = input[idx];
2265
0
        *inOutIdx = idx + ASN_TAG_SZ;
2266
0
    }
2267
    /* Return error code. */
2268
0
    return ret;
2269
0
}
2270
2271
2272
/* Decode the DER/BER header (Type-Length) and check the length when requested.
2273
 *
2274
 * BER/DER has Type-Length-Value triplets.
2275
 * Check that the tag/type is the required value.
2276
 * When requested will check that the Length decoded, indicating the number
2277
 * of bytes in the Value, is available in the buffer after the Length bytes.
2278
 *
2279
 * Only supporting a length upto INT_MAX.
2280
 *
2281
 * @param [in]      input     Buffer holding DER/BER encoded data.
2282
 * @param [in]      tag       ASN.1 tag value expected in header.
2283
 * @param [in, out] inOutIdx  On in, starting index of header.
2284
 *                            On out, end of parsed header.
2285
 * @param [out]     len       Number of bytes in the ASN.1 data.
2286
 * @param [in]      maxIdx    Length of data in buffer.
2287
 * @param [in]      check     Whether to check the buffer has at least the
2288
 *                            decoded length of bytes remaining.
2289
 * @return  Number of bytes in the ASN.1 data on success.
2290
 * @return  BUFFER_E when there is not enough data to parse.
2291
 * @return  ASN_PARSE_E when the expected tag is not found or length is invalid.
2292
 */
2293
static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx,
2294
                           int* len, word32 maxIdx, int check)
2295
0
{
2296
0
    int    ret = 0;
2297
0
    word32 idx = *inOutIdx;
2298
0
    byte   tagFound;
2299
0
    int    length = 0;
2300
2301
    /* Get tag/type. */
2302
0
    if (GetASNTag(input, &idx, &tagFound, maxIdx) != 0) {
2303
0
        ret = ASN_PARSE_E;
2304
0
    }
2305
    /* Ensure tag is the expected value. */
2306
0
    if ((ret == 0) && (tagFound != tag)) {
2307
0
        ret = ASN_PARSE_E;
2308
0
    }
2309
    /* Get the encoded length. */
2310
0
    if ((ret == 0) && (GetLength_ex(input, &idx, &length, maxIdx, check) < 0)) {
2311
0
        ret = ASN_PARSE_E;
2312
0
    }
2313
0
    if (ret == 0) {
2314
        /* Return the length of data and index after header. */
2315
0
        *len      = length;
2316
0
        *inOutIdx = idx;
2317
0
        ret = length;
2318
0
    }
2319
    /* Return number of data bytes or error code. */
2320
0
    return ret;
2321
0
}
2322
2323
2324
/* Decode the DER/BER header (Type-Length) and check the length.
2325
 *
2326
 * BER/DER has Type-Length-Value triplets.
2327
 * Check that the tag/type is the required value.
2328
 * Checks that the Length decoded, indicating the number of bytes in the Value,
2329
 * is available in the buffer after the Length bytes.
2330
 *
2331
 * @param [in]      input     Buffer holding DER/BER encoded data.
2332
 * @param [in]      tag       ASN.1 tag value expected in header.
2333
 * @param [in, out] inOutIdx  On in, starting index of header.
2334
 *                            On out, end of parsed header.
2335
 * @param [out]     len       Number of bytes in the ASN.1 data.
2336
 * @param [in]      maxIdx    Length of data in buffer.
2337
 * @return  Number of bytes in the ASN.1 data on success.
2338
 * @return  BUFFER_E when there is not enough data to parse.
2339
 * @return  ASN_PARSE_E when the expected tag is not found or length is invalid.
2340
 */
2341
static int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len,
2342
                        word32 maxIdx)
2343
0
{
2344
0
    return GetASNHeader_ex(input, tag, inOutIdx, len, maxIdx, 1);
2345
0
}
2346
2347
#ifndef WOLFSSL_ASN_TEMPLATE
2348
static int GetHeader(const byte* input, byte* tag, word32* inOutIdx, int* len,
2349
                     word32 maxIdx, int check)
2350
{
2351
    word32 idx = *inOutIdx;
2352
    int    length;
2353
2354
    if ((idx + 1) > maxIdx)
2355
        return BUFFER_E;
2356
2357
    *tag = input[idx++];
2358
2359
    if (GetLength_ex(input, &idx, &length, maxIdx, check) < 0)
2360
        return ASN_PARSE_E;
2361
2362
    *len      = length;
2363
    *inOutIdx = idx;
2364
    return length;
2365
}
2366
#endif
2367
2368
/* Decode the header of a BER/DER encoded SEQUENCE.
2369
 *
2370
 * @param [in]      input     Buffer holding DER/BER encoded data.
2371
 * @param [in, out] inOutIdx  On in, starting index of header.
2372
 *                            On out, end of parsed header.
2373
 * @param [out]     len       Number of bytes in the ASN.1 data.
2374
 * @param [in]      maxIdx    Length of data in buffer.
2375
 * @return  Number of bytes in the ASN.1 data on success.
2376
 * @return  BUFFER_E when there is not enough data to parse.
2377
 * @return  ASN_PARSE_E when the tag is not a SEQUENCE or length is invalid.
2378
 */
2379
int GetSequence(const byte* input, word32* inOutIdx, int* len,
2380
                           word32 maxIdx)
2381
0
{
2382
0
    return GetASNHeader(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len,
2383
0
                        maxIdx);
2384
0
}
2385
2386
/* Decode the header of a BER/DER encoded SEQUENCE.
2387
 *
2388
 * @param [in]      input     Buffer holding DER/BER encoded data.
2389
 * @param [in, out] inOutIdx  On in, starting index of header.
2390
 *                            On out, end of parsed header.
2391
 * @param [out]     len       Number of bytes in the ASN.1 data.
2392
 * @param [in]      maxIdx    Length of data in buffer.
2393
 * @param [in]      check     Whether to check the buffer has at least the
2394
 *                            decoded length of bytes remaining.
2395
 * @return  Number of bytes in the ASN.1 data on success.
2396
 * @return  BUFFER_E when there is not enough data to parse.
2397
 * @return  ASN_PARSE_E when the tag is not a SEQUENCE or length is invalid.
2398
 */
2399
int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
2400
                           word32 maxIdx, int check)
2401
0
{
2402
0
    return GetASNHeader_ex(input, ASN_SEQUENCE | ASN_CONSTRUCTED, inOutIdx, len,
2403
0
                        maxIdx, check);
2404
0
}
2405
2406
/* Decode the header of a BER/DER encoded SET.
2407
 *
2408
 * @param [in]      input     Buffer holding DER/BER encoded data.
2409
 * @param [in, out] inOutIdx  On in, starting index of header.
2410
 *                            On out, end of parsed header.
2411
 * @param [out]     len       Number of bytes in the ASN.1 data.
2412
 * @param [in]      maxIdx    Length of data in buffer.
2413
 * @return  Number of bytes in the ASN.1 data on success.
2414
 * @return  BUFFER_E when there is not enough data to parse.
2415
 * @return  ASN_PARSE_E when the tag is not a SET or length is invalid.
2416
 */
2417
int GetSet(const byte* input, word32* inOutIdx, int* len,
2418
                        word32 maxIdx)
2419
0
{
2420
0
    return GetASNHeader(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len,
2421
0
                        maxIdx);
2422
0
}
2423
2424
/* Decode the header of a BER/DER encoded SET.
2425
 *
2426
 * @param [in]      input     Buffer holding DER/BER encoded data.
2427
 * @param [in, out] inOutIdx  On in, starting index of header.
2428
 *                            On out, end of parsed header.
2429
 * @param [out]     len       Number of bytes in the ASN.1 data.
2430
 * @param [in]      maxIdx    Length of data in buffer.
2431
 * @param [in]      check     Whether to check the buffer has at least the
2432
 *                            decoded length of bytes remaining.
2433
 * @return  Number of bytes in the ASN.1 data on success.
2434
 * @return  BUFFER_E when there is not enough data to parse.
2435
 * @return  ASN_PARSE_E when the tag is not a SET or length is invalid.
2436
 */
2437
int GetSet_ex(const byte* input, word32* inOutIdx, int* len,
2438
                        word32 maxIdx, int check)
2439
0
{
2440
0
    return GetASNHeader_ex(input, ASN_SET | ASN_CONSTRUCTED, inOutIdx, len,
2441
0
                        maxIdx, check);
2442
0
}
2443
2444
#if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_OCSP)
2445
/* Decode the BER/DER encoded NULL.
2446
 *
2447
 * No data in a NULL ASN.1 item.
2448
 * Ensure that the all fields are as expected and move index past the element.
2449
 *
2450
 * @param [in]      input     Buffer holding DER/BER encoded data.
2451
 * @param [in, out] inOutIdx  On in, starting index of NULL item.
2452
 *                            On out, end of parsed NULL item.
2453
 * @param [in]      maxIdx    Length of data in buffer.
2454
 * @return  0 on success.
2455
 * @return  BUFFER_E when there is not enough data to parse.
2456
 * @return  ASN_TAG_NULL_E when the NULL tag is not found.
2457
 * @return  ASN_EXPECT_0_E when the length is not zero.
2458
 */
2459
static int GetASNNull(const byte* input, word32* inOutIdx, word32 maxIdx)
2460
{
2461
    int ret = 0;
2462
    word32 idx = *inOutIdx;
2463
2464
    /* Check buffer has enough data for a NULL item. */
2465
    if ((idx + 2) > maxIdx) {
2466
        ret = BUFFER_E;
2467
    }
2468
    /* Check the tag is NULL. */
2469
    if ((ret == 0) && (input[idx++] != ASN_TAG_NULL)) {
2470
        ret = ASN_TAG_NULL_E;
2471
    }
2472
    /* Check the length is zero. */
2473
    if ((ret == 0) && (input[idx++] != 0)) {
2474
        ret = ASN_EXPECT_0_E;
2475
    }
2476
    if (ret == 0) {
2477
        /* Return the index after NULL tag. */
2478
        *inOutIdx = idx;
2479
    }
2480
    /* Return error code. */
2481
    return ret;
2482
}
2483
#endif
2484
2485
#ifndef WOLFSSL_ASN_TEMPLATE
2486
/* Set the DER/BER encoding of the ASN.1 NULL element.
2487
 *
2488
 * output  Buffer to write into.
2489
 * returns the number of bytes added to the buffer.
2490
 */
2491
static int SetASNNull(byte* output)
2492
{
2493
    output[0] = ASN_TAG_NULL;
2494
    output[1] = 0;
2495
2496
    return 2;
2497
}
2498
#endif
2499
2500
#ifndef NO_CERTS
2501
#ifndef WOLFSSL_ASN_TEMPLATE
2502
/* Get the DER/BER encoding of an ASN.1 BOOLEAN.
2503
 *
2504
 * input     Buffer holding DER/BER encoded data.
2505
 * inOutIdx  Current index into buffer to parse.
2506
 * maxIdx    Length of data in buffer.
2507
 * returns BUFFER_E when there is not enough data to parse.
2508
 *         ASN_PARSE_E when the BOOLEAN tag is not found or length is not 1.
2509
 *         Otherwise, 0 to indicate the value was false and 1 to indicate true.
2510
 */
2511
static int GetBoolean(const byte* input, word32* inOutIdx, word32 maxIdx)
2512
{
2513
    word32 idx = *inOutIdx;
2514
    byte   b;
2515
2516
    if ((idx + 3) > maxIdx)
2517
        return BUFFER_E;
2518
2519
    b = input[idx++];
2520
    if (b != ASN_BOOLEAN)
2521
        return ASN_PARSE_E;
2522
2523
    if (input[idx++] != 1)
2524
        return ASN_PARSE_E;
2525
2526
    b = input[idx++] != 0;
2527
2528
    *inOutIdx = idx;
2529
    return b;
2530
}
2531
#endif
2532
#endif /* !NO_CERTS*/
2533
2534
2535
/* Decode the header of a BER/DER encoded OCTET STRING.
2536
 *
2537
 * @param [in]      input     Buffer holding DER/BER encoded data.
2538
 * @param [in, out] inOutIdx  On in, starting index of header.
2539
 *                            On out, end of parsed header.
2540
 * @param [out]     len       Number of bytes in the ASN.1 data.
2541
 * @param [in]      maxIdx    Length of data in buffer.
2542
 * @return  Number of bytes in the ASN.1 data on success.
2543
 * @return  BUFFER_E when there is not enough data to parse.
2544
 * @return  ASN_PARSE_E when the tag is not a OCTET STRING or length is invalid.
2545
 */
2546
int GetOctetString(const byte* input, word32* inOutIdx, int* len, word32 maxIdx)
2547
0
{
2548
0
    return GetASNHeader(input, ASN_OCTET_STRING, inOutIdx, len, maxIdx);
2549
0
}
2550
2551
#ifndef WOLFSSL_ASN_TEMPLATE
2552
/* Get the DER/BER encoding of an ASN.1 INTEGER header.
2553
 *
2554
 * Removes the leading zero byte when found.
2555
 *
2556
 * input     Buffer holding DER/BER encoded data.
2557
 * inOutIdx  Current index into buffer to parse.
2558
 * len       The number of bytes in the ASN.1 data (excluding any leading zero).
2559
 * maxIdx    Length of data in buffer.
2560
 * returns BUFFER_E when there is not enough data to parse.
2561
 *         ASN_PARSE_E when the INTEGER tag is not found, length is invalid,
2562
 *         or invalid use of or missing leading zero.
2563
 *         Otherwise, 0 to indicate success.
2564
 */
2565
static int GetASNInt(const byte* input, word32* inOutIdx, int* len,
2566
                     word32 maxIdx)
2567
{
2568
    int    ret;
2569
2570
    ret = GetASNHeader(input, ASN_INTEGER, inOutIdx, len, maxIdx);
2571
    if (ret < 0)
2572
        return ret;
2573
2574
    if (*len > 0) {
2575
2576
#ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
2577
        /* check for invalid padding on negative integer.
2578
         * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1
2579
         */
2580
        if (*len > 1) {
2581
            if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80))
2582
                return ASN_PARSE_E;
2583
        }
2584
#endif
2585
2586
        /* remove leading zero, unless there is only one 0x00 byte */
2587
        if ((input[*inOutIdx] == 0x00) && (*len > 1)) {
2588
            (*inOutIdx)++;
2589
            (*len)--;
2590
2591
#ifndef WOLFSSL_ASN_INT_LEAD_0_ANY
2592
            if (*len > 0 && (input[*inOutIdx] & 0x80) == 0)
2593
                return ASN_PARSE_E;
2594
#endif
2595
        }
2596
    }
2597
2598
    return 0;
2599
}
2600
2601
#ifndef NO_CERTS
2602
/* Get the DER/BER encoding of an ASN.1 INTEGER that has a value of no more than
2603
 * 7 bits.
2604
 *
2605
 * input     Buffer holding DER/BER encoded data.
2606
 * inOutIdx  Current index into buffer to parse.
2607
 * maxIdx    Length of data in buffer.
2608
 * returns BUFFER_E when there is not enough data to parse.
2609
 *         ASN_PARSE_E when the INTEGER tag is not found or length is invalid.
2610
 *         Otherwise, the 7-bit value.
2611
 */
2612
static int GetInteger7Bit(const byte* input, word32* inOutIdx, word32 maxIdx)
2613
{
2614
    word32 idx = *inOutIdx;
2615
    byte   b;
2616
2617
    if ((idx + 3) > maxIdx)
2618
        return BUFFER_E;
2619
2620
    if (GetASNTag(input, &idx, &b, maxIdx) != 0)
2621
        return ASN_PARSE_E;
2622
    if (b != ASN_INTEGER)
2623
        return ASN_PARSE_E;
2624
    if (input[idx++] != 1)
2625
        return ASN_PARSE_E;
2626
    b = input[idx++];
2627
2628
    *inOutIdx = idx;
2629
    return b;
2630
}
2631
#endif /* !NO_CERTS */
2632
2633
#if defined(WC_RSA_PSS) && !defined(NO_RSA)
2634
/* Get the DER/BER encoding of an ASN.1 INTEGER that has a value of no more than
2635
 * 16 bits.
2636
 *
2637
 * input     Buffer holding DER/BER encoded data.
2638
 * inOutIdx  Current index into buffer to parse.
2639
 * maxIdx    Length of data in buffer.
2640
 * returns BUFFER_E when there is not enough data to parse.
2641
 *         ASN_PARSE_E when the INTEGER tag is not found or length is invalid.
2642
 *         Otherwise, the 16-bit value.
2643
 */
2644
static int GetInteger16Bit(const byte* input, word32* inOutIdx, word32 maxIdx)
2645
{
2646
    word32 idx = *inOutIdx;
2647
    byte tag;
2648
    word16 n;
2649
2650
    if ((idx + 2) > maxIdx)
2651
        return BUFFER_E;
2652
2653
    if (GetASNTag(input, &idx, &tag, maxIdx) != 0)
2654
        return ASN_PARSE_E;
2655
    if (tag != ASN_INTEGER)
2656
        return ASN_PARSE_E;
2657
    if (input[idx] == 1) {
2658
        idx++;
2659
        if ((idx + 1) > maxIdx) {
2660
            return ASN_PARSE_E;
2661
        }
2662
        n = input[idx++];
2663
    }
2664
    else if (input[idx] == 2) {
2665
        idx++;
2666
        if ((idx + 2) > maxIdx) {
2667
            return ASN_PARSE_E;
2668
        }
2669
        n = input[idx++];
2670
        n = (n << 8) | input[idx++];
2671
    }
2672
    else
2673
        return ASN_PARSE_E;
2674
2675
    *inOutIdx = idx;
2676
    return n;
2677
}
2678
#endif /* WC_RSA_PSS && !NO_RSA */
2679
#endif /* !WOLFSSL_ASN_TEMPLATE */
2680
2681
#if !defined(NO_DSA) && !defined(NO_SHA)
2682
static const char sigSha1wDsaName[] = "SHAwDSA";
2683
static const char sigSha256wDsaName[] = "SHA256wDSA";
2684
#endif /* NO_DSA */
2685
#ifndef NO_RSA
2686
#ifdef WOLFSSL_MD2
2687
    static const char  sigMd2wRsaName[] = "md2WithRSAEncryption";
2688
#endif
2689
#ifndef NO_MD5
2690
    static const char  sigMd5wRsaName[] = "md5WithRSAEncryption";
2691
#endif
2692
#ifndef NO_SHA
2693
    static const char  sigSha1wRsaName[] = "sha1WithRSAEncryption";
2694
#endif
2695
#ifdef WOLFSSL_SHA224
2696
    static const char sigSha224wRsaName[] = "sha224WithRSAEncryption";
2697
#endif
2698
#ifndef NO_SHA256
2699
    static const char sigSha256wRsaName[] = "sha256WithRSAEncryption";
2700
#endif
2701
#ifdef WOLFSSL_SHA384
2702
    static const char sigSha384wRsaName[] = "sha384WithRSAEncryption";
2703
#endif
2704
#ifdef WOLFSSL_SHA512
2705
    static const char sigSha512wRsaName[] = "sha512WithRSAEncryption";
2706
#endif
2707
#ifdef WOLFSSL_SHA3
2708
#ifndef WOLFSSL_NOSHA3_224
2709
    static const char sigSha3_224wRsaName[] = "sha3_224WithRSAEncryption";
2710
#endif
2711
#ifndef WOLFSSL_NOSHA3_256
2712
    static const char sigSha3_256wRsaName[] = "sha3_256WithRSAEncryption";
2713
#endif
2714
#ifndef WOLFSSL_NOSHA3_384
2715
    static const char sigSha3_384wRsaName[] = "sha3_384WithRSAEncryption";
2716
#endif
2717
#ifndef WOLFSSL_NOSHA3_512
2718
    static const char sigSha3_512wRsaName[] = "sha3_512WithRSAEncryption";
2719
#endif
2720
#endif
2721
#ifdef WC_RSA_PSS
2722
    static const char sigRsaSsaPssName[] = "rsassaPss";
2723
#endif
2724
#endif /* NO_RSA */
2725
#ifdef HAVE_ECC
2726
#ifndef NO_SHA
2727
    static const char sigSha1wEcdsaName[] = "SHAwECDSA";
2728
#endif
2729
#ifdef WOLFSSL_SHA224
2730
    static const char sigSha224wEcdsaName[] = "SHA224wECDSA";
2731
#endif
2732
#ifndef NO_SHA256
2733
    static const char sigSha256wEcdsaName[] = "SHA256wECDSA";
2734
#endif
2735
#ifdef WOLFSSL_SHA384
2736
    static const char sigSha384wEcdsaName[] = "SHA384wECDSA";
2737
#endif
2738
#ifdef WOLFSSL_SHA512
2739
    static const char sigSha512wEcdsaName[] = "SHA512wECDSA";
2740
#endif
2741
#ifdef WOLFSSL_SHA3
2742
#ifndef WOLFSSL_NOSHA3_224
2743
    static const char sigSha3_224wEcdsaName[] = "SHA3_224wECDSA";
2744
#endif
2745
#ifndef WOLFSSL_NOSHA3_256
2746
    static const char sigSha3_256wEcdsaName[] = "SHA3_256wECDSA";
2747
#endif
2748
#ifndef WOLFSSL_NOSHA3_384
2749
    static const char sigSha3_384wEcdsaName[] = "SHA3_384wECDSA";
2750
#endif
2751
#ifndef WOLFSSL_NOSHA3_512
2752
    static const char sigSha3_512wEcdsaName[] = "SHA3_512wECDSA";
2753
#endif
2754
#endif
2755
#endif /* HAVE_ECC */
2756
static const char sigUnknownName[] = "Unknown";
2757
2758
2759
/* Get the human readable string for a signature type
2760
 *
2761
 * oid  Oid value for signature
2762
 */
2763
0
const char* GetSigName(int oid) {
2764
0
    switch (oid) {
2765
    #if !defined(NO_DSA) && !defined(NO_SHA)
2766
        case CTC_SHAwDSA:
2767
            return sigSha1wDsaName;
2768
        case CTC_SHA256wDSA:
2769
            return sigSha256wDsaName;
2770
    #endif /* NO_DSA && NO_SHA */
2771
0
    #ifndef NO_RSA
2772
0
        #ifdef WOLFSSL_MD2
2773
0
        case CTC_MD2wRSA:
2774
0
            return sigMd2wRsaName;
2775
0
        #endif
2776
0
        #ifndef NO_MD5
2777
0
        case CTC_MD5wRSA:
2778
0
            return sigMd5wRsaName;
2779
0
        #endif
2780
0
        #ifndef NO_SHA
2781
0
        case CTC_SHAwRSA:
2782
0
            return sigSha1wRsaName;
2783
0
        #endif
2784
0
        #ifdef WOLFSSL_SHA224
2785
0
        case CTC_SHA224wRSA:
2786
0
            return sigSha224wRsaName;
2787
0
        #endif
2788
0
        #ifndef NO_SHA256
2789
0
        case CTC_SHA256wRSA:
2790
0
            return sigSha256wRsaName;
2791
0
        #endif
2792
0
        #ifdef WOLFSSL_SHA384
2793
0
        case CTC_SHA384wRSA:
2794
0
            return sigSha384wRsaName;
2795
0
        #endif
2796
0
        #ifdef WOLFSSL_SHA512
2797
0
        case CTC_SHA512wRSA:
2798
0
            return sigSha512wRsaName;
2799
0
        #endif
2800
0
        #ifdef WOLFSSL_SHA3
2801
0
        #ifndef WOLFSSL_NOSHA3_224
2802
0
        case CTC_SHA3_224wRSA:
2803
0
            return sigSha3_224wRsaName;
2804
0
        #endif
2805
0
        #ifndef WOLFSSL_NOSHA3_256
2806
0
        case CTC_SHA3_256wRSA:
2807
0
            return sigSha3_256wRsaName;
2808
0
        #endif
2809
0
        #ifndef WOLFSSL_NOSHA3_384
2810
0
        case CTC_SHA3_384wRSA:
2811
0
            return sigSha3_384wRsaName;
2812
0
        #endif
2813
0
        #ifndef WOLFSSL_NOSHA3_512
2814
0
        case CTC_SHA3_512wRSA:
2815
0
            return sigSha3_512wRsaName;
2816
0
        #endif
2817
0
        #endif
2818
0
        #ifdef WC_RSA_PSS
2819
0
        case CTC_RSASSAPSS:
2820
0
            return sigRsaSsaPssName;
2821
0
        #endif
2822
0
    #endif /* NO_RSA */
2823
0
    #ifdef HAVE_ECC
2824
0
        #ifndef NO_SHA
2825
0
        case CTC_SHAwECDSA:
2826
0
            return sigSha1wEcdsaName;
2827
0
        #endif
2828
0
        #ifdef WOLFSSL_SHA224
2829
0
        case CTC_SHA224wECDSA:
2830
0
            return sigSha224wEcdsaName;
2831
0
        #endif
2832
0
        #ifndef NO_SHA256
2833
0
        case CTC_SHA256wECDSA:
2834
0
            return sigSha256wEcdsaName;
2835
0
        #endif
2836
0
        #ifdef WOLFSSL_SHA384
2837
0
        case CTC_SHA384wECDSA:
2838
0
            return sigSha384wEcdsaName;
2839
0
        #endif
2840
0
        #ifdef WOLFSSL_SHA512
2841
0
        case CTC_SHA512wECDSA:
2842
0
            return sigSha512wEcdsaName;
2843
0
        #endif
2844
0
        #ifdef WOLFSSL_SHA3
2845
0
        #ifndef WOLFSSL_NOSHA3_224
2846
0
        case CTC_SHA3_224wECDSA:
2847
0
            return sigSha3_224wEcdsaName;
2848
0
        #endif
2849
0
        #ifndef WOLFSSL_NOSHA3_256
2850
0
        case CTC_SHA3_256wECDSA:
2851
0
            return sigSha3_256wEcdsaName;
2852
0
        #endif
2853
0
        #ifndef WOLFSSL_NOSHA3_384
2854
0
        case CTC_SHA3_384wECDSA:
2855
0
            return sigSha3_384wEcdsaName;
2856
0
        #endif
2857
0
        #ifndef WOLFSSL_NOSHA3_512
2858
0
        case CTC_SHA3_512wECDSA:
2859
0
            return sigSha3_512wEcdsaName;
2860
0
        #endif
2861
0
        #endif
2862
0
    #endif /* HAVE_ECC */
2863
0
        default:
2864
0
            return sigUnknownName;
2865
0
    }
2866
0
}
2867
2868
2869
#if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS7) || \
2870
    defined(OPENSSL_EXTRA)
2871
#if !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_CERTS) || \
2872
   (!defined(NO_RSA) && \
2873
        (defined(WOLFSSL_CERT_GEN) || \
2874
        ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(HAVE_USER_RSA))))
2875
/* Set the DER/BER encoding of the ASN.1 INTEGER header.
2876
 *
2877
 * When output is NULL, calculate the header length only.
2878
 *
2879
 * @param [in]  len        Length of INTEGER data in bytes.
2880
 * @param [in]  firstByte  First byte of data, most significant byte of integer,
2881
 *                         to encode.
2882
 * @param [out] output     Buffer to write into.
2883
 * @return  Number of bytes added to the buffer.
2884
 */
2885
int SetASNInt(int len, byte firstByte, byte* output)
2886
{
2887
    int idx = 0;
2888
2889
    if (output) {
2890
        /* Write out tag. */
2891
        output[idx] = ASN_INTEGER;
2892
    }
2893
    /* Step over tag. */
2894
    idx += ASN_TAG_SZ;
2895
    /* Check if first byte has top bit set in which case a 0 is needed to
2896
     * maintain positive value. */
2897
    if (firstByte & 0x80) {
2898
        /* Add pre-prepended byte to length of data in INTEGER. */
2899
        len++;
2900
    }
2901
    /* Encode length - passing NULL for output will not encode. */
2902
    idx += (int)SetLength((word32)len, output ? output + idx : NULL);
2903
    /* Put out pre-pended 0 as well. */
2904
    if (firstByte & 0x80) {
2905
        if (output) {
2906
            /* Write out 0 byte. */
2907
            output[idx] = 0x00;
2908
        }
2909
        /* Update index. */
2910
        idx++;
2911
    }
2912
2913
    /* Return index after header. */
2914
    return idx;
2915
}
2916
#endif
2917
#endif
2918
2919
#ifndef WOLFSSL_ASN_TEMPLATE
2920
#if !defined(NO_DSA) || defined(HAVE_ECC) || (defined(WOLFSSL_CERT_GEN) && \
2921
    !defined(NO_RSA)) || ((defined(WOLFSSL_KEY_GEN) || \
2922
    (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
2923
    defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA))
2924
/* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int.
2925
 * The number is assumed to be positive.
2926
 *
2927
 * n       Multi-precision integer to encode.
2928
 * maxSz   Maximum size of the encoded integer.
2929
 *         A negative value indicates no check of length requested.
2930
 * output  Buffer to write into.
2931
 * returns BUFFER_E when the data is too long for the buffer.
2932
 *         MP_TO_E when encoding the integer fails.
2933
 *         Otherwise, the number of bytes added to the buffer.
2934
 */
2935
static int SetASNIntMP(mp_int* n, int maxSz, byte* output)
2936
{
2937
    int idx = 0;
2938
    int leadingBit;
2939
    int length;
2940
2941
    leadingBit = mp_leading_bit(n);
2942
    length = mp_unsigned_bin_size(n);
2943
    if (maxSz >= 0 && (1 + length + (leadingBit ? 1 : 0)) > maxSz)
2944
        return BUFFER_E;
2945
    idx = SetASNInt(length, (byte)(leadingBit ? 0x80U : 0x00U), output);
2946
    if (maxSz >= 0 && (idx + length) > maxSz)
2947
        return BUFFER_E;
2948
2949
    if (output) {
2950
        int err = mp_to_unsigned_bin(n, output + idx);
2951
        if (err != MP_OKAY)
2952
            return MP_TO_E;
2953
    }
2954
    idx += length;
2955
2956
    return idx;
2957
}
2958
#endif
2959
2960
#if !defined(NO_RSA) && defined(HAVE_USER_RSA) && \
2961
    (defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA))
2962
/* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int from
2963
 * an RSA key.
2964
 * The number is assumed to be positive.
2965
 *
2966
 * n       Multi-precision integer to encode.
2967
 * output  Buffer to write into.
2968
 * returns BUFFER_E when the data is too long for the buffer.
2969
 *         MP_TO_E when encoding the integer fails.
2970
 *         Otherwise, the number of bytes added to the buffer.
2971
 */
2972
static int SetASNIntRSA(void* n, byte* output)
2973
{
2974
    int idx = 0;
2975
    int leadingBit;
2976
    int length;
2977
2978
    leadingBit = wc_Rsa_leading_bit(n);
2979
    length = wc_Rsa_unsigned_bin_size(n);
2980
    idx = SetASNInt(length, leadingBit ? 0x80 : 0x00, output);
2981
    if ((idx + length) > MAX_RSA_INT_SZ)
2982
        return BUFFER_E;
2983
2984
    if (output) {
2985
        int err = wc_Rsa_to_unsigned_bin(n, output + idx, length);
2986
        if (err != MP_OKAY)
2987
            return MP_TO_E;
2988
    }
2989
    idx += length;
2990
2991
    return idx;
2992
}
2993
#endif /* !NO_RSA && HAVE_USER_RSA && WOLFSSL_CERT_GEN */
2994
#endif /* !WOLFSSL_ASN_TEMPLATE */
2995
2996
#ifdef WOLFSSL_ASN_TEMPLATE
2997
/* ASN.1 template for an INTEGER. */
2998
static const ASNItem intASN[] = {
2999
/* INT */ { 0, ASN_INTEGER, 0, 0, 0 }
3000
};
3001
enum {
3002
    INTASN_IDX_INT = 0
3003
};
3004
3005
/* Number of items in ASN.1 template for an INTEGER. */
3006
0
#define intASN_Length (sizeof(intASN) / sizeof(ASNItem))
3007
#endif /* WOLFSSL_ASN_TEMPLATE */
3008
3009
/* Windows header clash for WinCE using GetVersion */
3010
/* Decode Version - one byte INTEGER.
3011
 *
3012
 * @param [in]      input     Buffer of BER data.
3013
 * @param [in, out] inOutIdx  On in, start of encoded Version.
3014
 *                            On out, start of next encode ASN.1 item.
3015
 * @param [out]     version   Number encoded in INTEGER.
3016
 * @param [in]      maxIdx    Maximum index of data in buffer.
3017
 * @return  0 on success.
3018
 * @return  ASN_PARSE_E when encoding is invalid.
3019
 * @return  BUFFER_E when data in buffer is too small.
3020
 * @return  ASN_EXPECT_0_E when the most significant bit is set.
3021
 */
3022
int GetMyVersion(const byte* input, word32* inOutIdx,
3023
                               int* version, word32 maxIdx)
3024
0
{
3025
#ifndef WOLFSSL_ASN_TEMPLATE
3026
    word32 idx = *inOutIdx;
3027
    byte   tag;
3028
3029
    if ((idx + MIN_VERSION_SZ) > maxIdx)
3030
        return ASN_PARSE_E;
3031
3032
    if (GetASNTag(input, &idx, &tag, maxIdx) != 0)
3033
        return ASN_PARSE_E;
3034
3035
    if (tag != ASN_INTEGER)
3036
        return ASN_PARSE_E;
3037
3038
    if (input[idx++] != 0x01)
3039
        return ASN_VERSION_E;
3040
3041
    *version  = input[idx++];
3042
    *inOutIdx = idx;
3043
3044
    return *version;
3045
#else
3046
0
    ASNGetData dataASN[intASN_Length];
3047
0
    int ret;
3048
0
    byte num;
3049
3050
    /* Clear dynamic data and set the version number variable. */
3051
0
    XMEMSET(dataASN, 0, sizeof(dataASN));
3052
0
    GetASN_Int8Bit(&dataASN[INTASN_IDX_INT], &num);
3053
    /* Decode the version (INTEGER). */
3054
0
    ret = GetASN_Items(intASN, dataASN, intASN_Length, 0, input, inOutIdx,
3055
0
                       maxIdx);
3056
0
    if (ret == 0) {
3057
        /* Return version through variable and return value. */
3058
0
        *version = num;
3059
0
        ret = num;
3060
0
    }
3061
0
    return ret;
3062
0
#endif /* WOLFSSL_ASN_TEMPLATE */
3063
0
}
3064
3065
3066
#ifndef NO_PWDBASED
3067
/* Decode small integer, 32 bits or less.
3068
 *
3069
 * @param [in]      input     Buffer of BER data.
3070
 * @param [in, out] inOutIdx  On in, start of encoded INTEGER.
3071
 *                            On out, start of next encode ASN.1 item.
3072
 * @param [out]     number    Number encoded in INTEGER.
3073
 * @param [in]      maxIdx    Maximum index of data in buffer.
3074
 * @return  0 on success.
3075
 * @return  ASN_PARSE_E when encoding is invalid.
3076
 * @return  BUFFER_E when data in buffer is too small.
3077
 * @return  ASN_EXPECT_0_E when the most significant bit is set.
3078
 */
3079
int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
3080
0
{
3081
#ifndef WOLFSSL_ASN_TEMPLATE
3082
    word32 idx = *inOutIdx;
3083
    word32 len;
3084
    byte   tag;
3085
3086
    *number = 0;
3087
3088
    /* check for type and length bytes */
3089
    if ((idx + 2) > maxIdx)
3090
        return BUFFER_E;
3091
3092
    if (GetASNTag(input, &idx, &tag, maxIdx) != 0)
3093
        return ASN_PARSE_E;
3094
3095
    if (tag != ASN_INTEGER)
3096
        return ASN_PARSE_E;
3097
3098
    len = input[idx++];
3099
    if (len > 4)
3100
        return ASN_PARSE_E;
3101
3102
    if (len + idx > maxIdx)
3103
        return ASN_PARSE_E;
3104
3105
    while (len--) {
3106
        *number  = *number << 8 | input[idx++];
3107
    }
3108
3109
    *inOutIdx = idx;
3110
3111
    return *number;
3112
#else
3113
0
    ASNGetData dataASN[intASN_Length];
3114
0
    int ret;
3115
0
    word32 num;
3116
3117
    /* Clear dynamic data and set the 32-bit number variable. */
3118
0
    XMEMSET(dataASN, 0, sizeof(dataASN));
3119
0
    GetASN_Int32Bit(&dataASN[INTASN_IDX_INT], &num);
3120
    /* Decode the short int (INTEGER). */
3121
0
    ret = GetASN_Items(intASN, dataASN, intASN_Length, 0, input, inOutIdx,
3122
0
                       maxIdx);
3123
0
    if (ret == 0) {
3124
        /* Return number through variable and return value. */
3125
0
        *number = (int)num;
3126
0
        ret = (int)num;
3127
0
    }
3128
0
    return ret;
3129
0
#endif
3130
0
}
3131
3132
3133
#if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS8) || \
3134
     defined(HAVE_PKCS12)
3135
/* Set small integer, 32 bits or less. DER encoding with no leading 0s
3136
 * returns total amount written including ASN tag and length byte on success */
3137
int SetShortInt(byte* input, word32* inOutIdx, word32 number, word32 maxIdx)
3138
0
{
3139
0
    word32 idx = *inOutIdx;
3140
0
    int    len = 0;
3141
0
    int    i;
3142
0
    byte ar[MAX_LENGTH_SZ];
3143
3144
    /* check for room for type and length bytes */
3145
0
    if ((idx + 2) > maxIdx)
3146
0
        return BUFFER_E;
3147
3148
0
    input[idx++] = ASN_INTEGER;
3149
0
    idx++; /* place holder for length byte */
3150
0
    if (MAX_LENGTH_SZ + idx > maxIdx)
3151
0
        return ASN_PARSE_E;
3152
3153
    /* find first non zero byte */
3154
0
    XMEMSET(ar, 0, MAX_LENGTH_SZ);
3155
0
    c32toa(number, ar);
3156
0
    for (i = 0; i < MAX_LENGTH_SZ; i++) {
3157
0
        if (ar[i] != 0) {
3158
0
            break;
3159
0
        }
3160
0
    }
3161
3162
    /* handle case of 0 */
3163
0
    if (i == MAX_LENGTH_SZ) {
3164
0
        input[idx++] = 0; len++;
3165
0
    }
3166
3167
0
    for (; i < MAX_LENGTH_SZ && idx < maxIdx; i++) {
3168
0
        input[idx++] = ar[i]; len++;
3169
0
    }
3170
3171
    /* jump back to beginning of input buffer using unaltered inOutIdx value
3172
     * and set number of bytes for integer, then update the index value */
3173
0
    input[*inOutIdx + 1] = (byte)len;
3174
0
    *inOutIdx = idx;
3175
3176
0
    return len + 2; /* size of integer bytes plus ASN TAG and length byte */
3177
0
}
3178
#endif /* !WOLFSSL_ASN_TEMPLATE || HAVE_PKCS8 || HAVE_PKCS12 */
3179
#endif /* !NO_PWDBASED */
3180
3181
#if !defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_CERTS)
3182
/* May not have one, not an error */
3183
static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version,
3184
                              word32 maxIdx)
3185
{
3186
    word32 idx = *inOutIdx;
3187
    byte tag;
3188
3189
    WOLFSSL_ENTER("GetExplicitVersion");
3190
3191
    if (GetASNTag(input, &idx, &tag, maxIdx) != 0)
3192
        return ASN_PARSE_E;
3193
3194
    if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) {
3195
        int ret;
3196
3197
        *inOutIdx = ++idx;  /* skip header */
3198
        ret = GetMyVersion(input, inOutIdx, version, maxIdx);
3199
        if (ret >= 0) {
3200
            /* check if version is expected value rfc 5280 4.1 {0, 1, 2} */
3201
            if (*version > MAX_X509_VERSION || *version < MIN_X509_VERSION) {
3202
                WOLFSSL_MSG("Unexpected certificate version");
3203
                WOLFSSL_ERROR_VERBOSE(ASN_VERSION_E);
3204
                ret = ASN_VERSION_E;
3205
            }
3206
        }
3207
        return ret;
3208
    }
3209
3210
    /* go back as is */
3211
    *version = 0;
3212
3213
    return 0;
3214
}
3215
#endif
3216
3217
/* Decode small integer, 32 bits or less.
3218
 *
3219
 * mp_int is initialized.
3220
 *
3221
 * @param [out]     mpi       mp_int to hold number.
3222
 * @param [in]      input     Buffer of BER data.
3223
 * @param [in, out] inOutIdx  On in, start of encoded INTEGER.
3224
 *                            On out, start of next encode ASN.1 item.
3225
 * @param [in]      maxIdx    Maximum index of data in buffer.
3226
 * @return  0 on success.
3227
 * @return  ASN_PARSE_E when encoding is invalid.
3228
 * @return  BUFFER_E when data in buffer is too small.
3229
 * @return  ASN_EXPECT_0_E when the most significant bit is set.
3230
 * @return  MP_INIT_E when the unable to initialize an mp_int.
3231
 * @return  ASN_GETINT_E when the unable to convert data to an mp_int.
3232
 */
3233
int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx)
3234
0
{
3235
#ifndef WOLFSSL_ASN_TEMPLATE
3236
    word32 idx = *inOutIdx;
3237
    int    ret;
3238
    int    length;
3239
3240
    ret = GetASNInt(input, &idx, &length, maxIdx);
3241
    if (ret != 0)
3242
        return ret;
3243
3244
    if (mp_init(mpi) != MP_OKAY)
3245
        return MP_INIT_E;
3246
3247
    if (mp_read_unsigned_bin(mpi, input + idx, (word32)length) != 0) {
3248
        mp_clear(mpi);
3249
        return ASN_GETINT_E;
3250
    }
3251
3252
#ifdef HAVE_WOLF_BIGINT
3253
    if (wc_bigint_from_unsigned_bin(&mpi->raw, input + idx, length) != 0) {
3254
        mp_clear(mpi);
3255
        return ASN_GETINT_E;
3256
    }
3257
#endif /* HAVE_WOLF_BIGINT */
3258
3259
    *inOutIdx = idx + (word32)length;
3260
3261
    return 0;
3262
#else
3263
0
    ASNGetData dataASN[intASN_Length];
3264
3265
    /* Clear dynamic data and set the mp_int to fill with value. */
3266
0
    XMEMSET(dataASN, 0, sizeof(dataASN));
3267
0
    GetASN_MP_PosNeg(&dataASN[INTASN_IDX_INT], mpi);
3268
    /* Decode the big number (INTEGER). */
3269
0
    return GetASN_Items(intASN, dataASN, intASN_Length, 0, input, inOutIdx,
3270
0
                        maxIdx);
3271
0
#endif
3272
0
}
3273
3274
#if (defined(HAVE_ECC) || !defined(NO_DSA)) && !defined(WOLFSSL_ASN_TEMPLATE)
3275
static int GetIntPositive(mp_int* mpi, const byte* input, word32* inOutIdx,
3276
    word32 maxIdx, int initNum)
3277
{
3278
    word32 idx = *inOutIdx;
3279
    int    ret;
3280
    int    length;
3281
3282
    ret = GetASNInt(input, &idx, &length, maxIdx);
3283
    if (ret != 0)
3284
        return ret;
3285
3286
    if (((input[idx] & 0x80) == 0x80) && (input[idx - 1] != 0x00))
3287
        return MP_INIT_E;
3288
3289
    if (initNum) {
3290
        if (mp_init(mpi) != MP_OKAY)
3291
            return MP_INIT_E;
3292
    }
3293
3294
    if (mp_read_unsigned_bin(mpi, input + idx, (word32)length) != 0) {
3295
        mp_clear(mpi);
3296
        return ASN_GETINT_E;
3297
    }
3298
3299
#ifdef HAVE_WOLF_BIGINT
3300
    if (wc_bigint_from_unsigned_bin(&mpi->raw, input + idx, length) != 0) {
3301
        mp_clear(mpi);
3302
        return ASN_GETINT_E;
3303
    }
3304
#endif /* HAVE_WOLF_BIGINT */
3305
3306
    *inOutIdx = idx + (word32)length;
3307
3308
    return 0;
3309
}
3310
#endif /* (ECC || !NO_DSA) && !WOLFSSL_ASN_TEMPLATE */
3311
3312
#ifndef WOLFSSL_ASN_TEMPLATE
3313
#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || !defined(NO_DSA)
3314
static int SkipInt(const byte* input, word32* inOutIdx, word32 maxIdx)
3315
{
3316
    word32 idx = *inOutIdx;
3317
    int    ret;
3318
    int    length;
3319
3320
    ret = GetASNInt(input, &idx, &length, maxIdx);
3321
    if (ret != 0)
3322
        return ret;
3323
3324
    *inOutIdx = idx + (word32)length;
3325
3326
    return 0;
3327
}
3328
#endif
3329
#endif /* !WOLFSSL_ASN_TEMPLATE */
3330
3331
#ifdef WOLFSSL_ASN_TEMPLATE
3332
/* ASN.1 template for a BIT_STRING. */
3333
static const ASNItem bitStringASN[] = {
3334
/* BIT_STR */ { 0, ASN_BIT_STRING, 0, 1, 0 }
3335
};
3336
enum {
3337
    BITSTRINGASN_IDX_BIT_STR = 0
3338
};
3339
3340
/* Number of items in ASN.1 template for a BIT_STRING. */
3341
0
#define bitStringASN_Length (sizeof(bitStringASN) / sizeof(ASNItem))
3342
#endif
3343
3344
/* Decode and check the BIT_STRING is valid. Return length and unused bits.
3345
 *
3346
 * @param [in]      input       Buffer holding BER encoding.
3347
 * @param [in, out] inOutIdx    On in, start of BIT_STRING.
3348
 *                              On out, start of ASN.1 item after BIT_STRING.
3349
 * @param [out]     len         Length of BIT_STRING data.
3350
 * @param [in]      maxIdx      Maximum index of data in buffer.
3351
 * @param [in]      zeroBits    Indicates whether zero unused bits is expected.
3352
 * @param [in]      unusedBits  Number of unused bits in last byte.
3353
 * @return  0 on success.
3354
 * @return  ASN_PARSE_E when encoding is invalid.
3355
 * @return  ASN_BITSTR_E when the expected BIT_STRING tag is not found.
3356
 * @return  BUFFER_E when data in buffer is too small.
3357
 * @return  ASN_EXPECT_0_E when unused bits is not zero when expected.
3358
 */
3359
int CheckBitString(const byte* input, word32* inOutIdx, int* len,
3360
                          word32 maxIdx, int zeroBits, byte* unusedBits)
3361
0
{
3362
#ifndef WOLFSSL_ASN_TEMPLATE
3363
    word32 idx = *inOutIdx;
3364
    int    length;
3365
    byte   b;
3366
3367
    if (GetASNTag(input, &idx, &b, maxIdx) != 0) {
3368
        return ASN_BITSTR_E;
3369
    }
3370
3371
    if (b != ASN_BIT_STRING) {
3372
        return ASN_BITSTR_E;
3373
    }
3374
3375
    if (GetLength(input, &idx, &length, maxIdx) < 0)
3376
        return ASN_PARSE_E;
3377
3378
    /* extra sanity check that length is greater than 0 */
3379
    if (length <= 0) {
3380
        WOLFSSL_MSG("Error length was 0 in CheckBitString");
3381
        return BUFFER_E;
3382
    }
3383
3384
    if (idx + 1 > maxIdx) {
3385
        WOLFSSL_MSG("Attempted buffer read larger than input buffer");
3386
        return BUFFER_E;
3387
    }
3388
3389
    b = input[idx];
3390
    if (zeroBits && b != 0x00)
3391
        return ASN_EXPECT_0_E;
3392
    if (b >= 0x08)
3393
        return ASN_PARSE_E;
3394
    if (b != 0) {
3395
        if ((byte)(input[idx + (word32)length - 1] << (8 - b)) != 0)
3396
            return ASN_PARSE_E;
3397
    }
3398
    idx++;
3399
    length--; /* length has been checked for greater than 0 */
3400
3401
    *inOutIdx = idx;
3402
    if (len != NULL)
3403
        *len = length;
3404
    if (unusedBits != NULL)
3405
        *unusedBits = b;
3406
3407
    return 0;
3408
#else
3409
0
    ASNGetData dataASN[bitStringASN_Length];
3410
0
    int ret;
3411
0
    int bits;
3412
3413
    /* Parse BIT_STRING and check validity of unused bits. */
3414
0
    XMEMSET(dataASN, 0, sizeof(dataASN));
3415
    /* Decode BIT_STRING. */
3416
0
    ret = GetASN_Items(bitStringASN, dataASN, bitStringASN_Length, 0, input,
3417
0
            inOutIdx, maxIdx);
3418
0
    if (ret == 0) {
3419
        /* Get unused bits from dynamic ASN.1 data. */
3420
0
        bits = GetASNItem_UnusedBits(dataASN[BITSTRINGASN_IDX_BIT_STR]);
3421
        /* Check unused bits is 0 when expected. */
3422
0
        if (zeroBits && (bits != 0)) {
3423
0
            ret = ASN_EXPECT_0_E;
3424
0
        }
3425
0
    }
3426
0
    if (ret == 0) {
3427
        /* Return length of data and unused bits if required. */
3428
0
        if (len != NULL) {
3429
0
            *len = (int)dataASN[BITSTRINGASN_IDX_BIT_STR].data.ref.length;
3430
0
        }
3431
0
        if (unusedBits != NULL) {
3432
0
            *unusedBits = (byte)bits;
3433
0
        }
3434
0
    }
3435
3436
0
    return ret;
3437
0
#endif
3438
0
}
3439
3440
/* RSA (with CertGen or KeyGen) OR ECC OR ED25519 OR ED448 (with CertGen or
3441
 * KeyGen) */
3442
#if (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
3443
     (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \
3444
      defined(OPENSSL_EXTRA))) || \
3445
    (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) || \
3446
    ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
3447
     (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \
3448
      defined(OPENSSL_EXTRA))) || \
3449
    (defined(WC_ENABLE_ASYM_KEY_EXPORT) && !defined(NO_CERT)) || \
3450
    (!defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)) || \
3451
    (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA))
3452
3453
/* Set the DER/BER encoding of the ASN.1 BIT STRING header.
3454
 *
3455
 * When output is NULL, calculate the header length only.
3456
 *
3457
 * @param [in]  len         Length of BIT STRING data.
3458
 *                          That is, the number of least significant zero bits
3459
 *                          before a one.
3460
 *                          The last byte is the most-significant non-zero byte
3461
 *                          of a number.
3462
 * @param [out] output      Buffer to write into.
3463
 * @return  Number of bytes added to the buffer.
3464
 */
3465
word32 SetBitString(word32 len, byte unusedBits, byte* output)
3466
0
{
3467
0
    word32 idx = 0;
3468
3469
0
    if (output) {
3470
        /* Write out tag. */
3471
0
        output[idx] = ASN_BIT_STRING;
3472
0
    }
3473
    /* Step over tag. */
3474
0
    idx += ASN_TAG_SZ;
3475
3476
    /* Encode length - passing NULL for output will not encode.
3477
     * Add one to length for unused bits. */
3478
0
    idx += SetLength(len + 1, output ? output + idx : NULL);
3479
0
    if (output) {
3480
        /* Write out unused bits. */
3481
0
        output[idx] = unusedBits;
3482
0
    }
3483
    /* Skip over unused bits. */
3484
0
    idx++;
3485
3486
    /* Return index after header. */
3487
0
    return idx;
3488
0
}
3489
#endif /* !NO_RSA || HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */
3490
3491
#ifdef ASN_BER_TO_DER
3492
/* Convert BER to DER */
3493
3494
/* Pull informtation from the ASN.1 BER encoded item header */
3495
static int GetBerHeader(const byte* data, word32* idx, word32 maxIdx,
3496
                        byte* pTag, word32* pLen, int* indef)
3497
{
3498
    int len = 0;
3499
    byte tag;
3500
    word32 i = *idx;
3501
3502
    *indef = 0;
3503
3504
    /* Check there is enough data for a minimal header */
3505
    if (i + 2 > maxIdx) {
3506
        return ASN_PARSE_E;
3507
    }
3508
3509
    /* Retrieve tag */
3510
    tag = data[i++];
3511
3512
    /* Indefinite length handled specially */
3513
    if (data[i] == ASN_INDEF_LENGTH) {
3514
        /* Check valid tag for indefinite */
3515
        if (((tag & 0xc0) == 0) && ((tag & ASN_CONSTRUCTED) == 0x00)) {
3516
            return ASN_PARSE_E;
3517
        }
3518
        i++;
3519
        *indef = 1;
3520
    }
3521
    else if (GetLength(data, &i, &len, maxIdx) < 0) {
3522
        return ASN_PARSE_E;
3523
    }
3524
3525
    /* Return tag, length and index after BER item header */
3526
    *pTag = tag;
3527
    *pLen = (word32)len;
3528
    *idx = i;
3529
    return 0;
3530
}
3531
3532
#ifndef INDEF_ITEMS_MAX
3533
#define INDEF_ITEMS_MAX       20
3534
#endif
3535
3536
/* Indef length item data */
3537
typedef struct Indef {
3538
    word32 start;
3539
    int depth;
3540
    int headerLen;
3541
    word32 len;
3542
} Indef;
3543
3544
/* Indef length items */
3545
typedef struct IndefItems
3546
{
3547
    Indef len[INDEF_ITEMS_MAX];
3548
    int cnt;
3549
    int idx;
3550
    int depth;
3551
} IndefItems;
3552
3553
3554
/* Get header length of current item */
3555
static int IndefItems_HeaderLen(IndefItems* items)
3556
{
3557
    return items->len[items->idx].headerLen;
3558
}
3559
3560
/* Get data length of current item */
3561
static word32 IndefItems_Len(IndefItems* items)
3562
{
3563
    return items->len[items->idx].len;
3564
}
3565
3566
/* Add a indefinite length item */
3567
static int IndefItems_AddItem(IndefItems* items, word32 start)
3568
{
3569
    int ret = 0;
3570
    int i;
3571
3572
    if (items->cnt == INDEF_ITEMS_MAX) {
3573
        ret = MEMORY_E;
3574
    }
3575
    else {
3576
        i = items->cnt++;
3577
        items->len[i].start = start;
3578
        items->len[i].depth = items->depth++;
3579
        items->len[i].headerLen = 1;
3580
        items->len[i].len = 0;
3581
        items->idx = i;
3582
    }
3583
3584
    return ret;
3585
}
3586
3587
/* Increase data length of current item */
3588
static void IndefItems_AddData(IndefItems* items, word32 length)
3589
{
3590
    items->len[items->idx].len += length;
3591
}
3592
3593
/* Update header length of current item to reflect data length */
3594
static void IndefItems_UpdateHeaderLen(IndefItems* items)
3595
{
3596
    items->len[items->idx].headerLen +=
3597
                               (int)SetLength(items->len[items->idx].len, NULL);
3598
}
3599
3600
/* Go to indefinite parent of current item */
3601
static void IndefItems_Up(IndefItems* items)
3602
{
3603
    int i;
3604
    int depth = items->len[items->idx].depth - 1;
3605
3606
    for (i = items->cnt - 1; i >= 0; i--) {
3607
        if (items->len[i].depth == depth) {
3608
            break;
3609
        }
3610
    }
3611
    items->idx = i;
3612
    items->depth = depth + 1;
3613
}
3614
3615
/* Calculate final length by adding length of indefinite child items */
3616
static void IndefItems_CalcLength(IndefItems* items)
3617
{
3618
    int i;
3619
    int idx = items->idx;
3620
3621
    for (i = idx + 1; i < items->cnt; i++) {
3622
        if (items->len[i].depth == items->depth) {
3623
            items->len[idx].len += (word32)items->len[i].headerLen;
3624
            items->len[idx].len += items->len[i].len;
3625
        }
3626
    }
3627
    items->len[idx].headerLen += (int)SetLength(items->len[idx].len, NULL);
3628
}
3629
3630
/* Add more data to indefinite length item */
3631
static void IndefItems_MoreData(IndefItems* items, word32 length)
3632
{
3633
    if (items->cnt > 0 && items->idx >= 0) {
3634
        items->len[items->idx].len += length;
3635
    }
3636
}
3637
3638
/* Convert a BER encoding with indefinite length items to DER.
3639
 *
3640
 * ber    BER encoded data.
3641
 * berSz  Length of BER encoded data.
3642
 * der    Buffer to hold DER encoded version of data.
3643
 *        NULL indicates only the length is required.
3644
 * derSz  The size of the buffer to hold the DER encoded data.
3645
 *        Will be set if der is NULL, otherwise the value is checked as der is
3646
 *        filled.
3647
 * returns ASN_PARSE_E if the BER data is invalid and BAD_FUNC_ARG if ber or
3648
 * derSz are NULL.
3649
 */
3650
int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz)
3651
{
3652
    int ret = 0;
3653
    word32 i, j;
3654
#ifdef WOLFSSL_SMALL_STACK
3655
    IndefItems* indefItems = NULL;
3656
#else
3657
    IndefItems indefItems[1];
3658
#endif
3659
    byte tag, basic;
3660
    word32 length;
3661
    int indef;
3662
3663
    if (ber == NULL || derSz == NULL)
3664
        return BAD_FUNC_ARG;
3665
3666
#ifdef WOLFSSL_SMALL_STACK
3667
    indefItems = (IndefItems *)XMALLOC(sizeof(IndefItems), NULL,
3668
                                                       DYNAMIC_TYPE_TMP_BUFFER);
3669
    if (indefItems == NULL) {
3670
        ret = MEMORY_E;
3671
        goto end;
3672
    }
3673
#endif
3674
3675
    XMEMSET(indefItems, 0, sizeof(*indefItems));
3676
3677
    /* Calculate indefinite item lengths */
3678
    for (i = 0; i < berSz; ) {
3679
        word32 start = i;
3680
3681
        /* Get next BER item */
3682
        ret = GetBerHeader(ber, &i, berSz, &tag, &length, &indef);
3683
        if (ret != 0) {
3684
            goto end;
3685
        }
3686
3687
        if (indef) {
3688
            /* Indefinite item - add to list */
3689
            ret = IndefItems_AddItem(indefItems, i);
3690
            if (ret != 0) {
3691
                goto end;
3692
            }
3693
3694
            if ((tag & 0xC0) == 0 &&
3695
                tag != (ASN_SEQUENCE | ASN_CONSTRUCTED) &&
3696
                tag != (ASN_SET      | ASN_CONSTRUCTED)) {
3697
                /* Constructed basic type - get repeating tag */
3698
                basic = (byte)(tag & (~ASN_CONSTRUCTED));
3699
3700
                /* Add up lengths of each item below */
3701
                for (; i < berSz; ) {
3702
                    /* Get next BER_item */
3703
                    ret = GetBerHeader(ber, &i, berSz, &tag, &length, &indef);
3704
                    if (ret != 0) {
3705
                        goto end;
3706
                    }
3707
3708
                    /* End of content closes item */
3709
                    if (tag == ASN_EOC) {
3710
                        /* Must be zero length */
3711
                        if (length != 0) {
3712
                            ret = ASN_PARSE_E;
3713
                            goto end;
3714
                        }
3715
                        break;
3716
                    }
3717
3718
                    /* Must not be indefinite and tag must match parent */
3719
                    if (indef || tag != basic) {
3720
                        ret = ASN_PARSE_E;
3721
                        goto end;
3722
                    }
3723
3724
                    /* Add to length */
3725
                    IndefItems_AddData(indefItems, length);
3726
                    /* Skip data */
3727
                    i += length;
3728
                }
3729
3730
                /* Ensure we got an EOC and not end of data */
3731
                if (tag != ASN_EOC) {
3732
                    ret = ASN_PARSE_E;
3733
                    goto end;
3734
                }
3735
3736
                /* Set the header length to include the length field */
3737
                IndefItems_UpdateHeaderLen(indefItems);
3738
                /* Go to indefinite parent item */
3739
                IndefItems_Up(indefItems);
3740
            }
3741
        }
3742
        else if (tag == ASN_EOC) {
3743
            /* End-of-content must be 0 length */
3744
            if (length != 0) {
3745
                ret = ASN_PARSE_E;
3746
                goto end;
3747
            }
3748
            /* Check there is an item to close - missing EOC */
3749
            if (indefItems->depth == 0) {
3750
                ret = ASN_PARSE_E;
3751
                goto end;
3752
            }
3753
3754
            /* Finish calculation of data length for indefinite item */
3755
            IndefItems_CalcLength(indefItems);
3756
            /* Go to indefinite parent item */
3757
            IndefItems_Up(indefItems);
3758
        }
3759
        else {
3760
            /* Known length item to add in - make sure enough data for it */
3761
            if (i + length > berSz) {
3762
                ret = ASN_PARSE_E;
3763
                goto end;
3764
            }
3765
3766
            /* Include all data - can't have indefinite inside definite */
3767
            i += length;
3768
            /* Add entire item to current indefinite item */
3769
            IndefItems_MoreData(indefItems, i - start);
3770
        }
3771
    }
3772
    /* Check we had a EOC for each indefinite item */
3773
    if (indefItems->depth != 0) {
3774
        ret = ASN_PARSE_E;
3775
        goto end;
3776
    }
3777
3778
    /* Write out DER */
3779
3780
    j = 0;
3781
    /* Reset index */
3782
    indefItems->idx = 0;
3783
    for (i = 0; i < berSz; ) {
3784
        word32 start = i;
3785
3786
        /* Get item - checked above */
3787
        (void)GetBerHeader(ber, &i, berSz, &tag, &length, &indef);
3788
        if (indef) {
3789
            if (der != NULL) {
3790
                /* Check enough space for header */
3791
                if (j + (word32)IndefItems_HeaderLen(indefItems) > *derSz) {
3792
                    ret = BUFFER_E;
3793
                    goto end;
3794
                }
3795
3796
                if ((tag & 0xC0) == 0 &&
3797
                    tag != (ASN_SEQUENCE | ASN_CONSTRUCTED) &&
3798
                    tag != (ASN_SET      | ASN_CONSTRUCTED)) {
3799
                    /* Remove constructed tag for basic types */
3800
                    tag &= (byte)~ASN_CONSTRUCTED;
3801
                }
3802
                /* Add tag and length */
3803
                der[j] = tag;
3804
                (void)SetLength(IndefItems_Len(indefItems), der + j + 1);
3805
            }
3806
            /* Add header length of indefinite item */
3807
            j += (word32)IndefItems_HeaderLen(indefItems);
3808
3809
            if ((tag & 0xC0) == 0 &&
3810
                tag != (ASN_SEQUENCE | ASN_CONSTRUCTED) &&
3811
                tag != (ASN_SET      | ASN_CONSTRUCTED)) {
3812
                /* For basic type - get each child item and add data */
3813
                for (; i < berSz; ) {
3814
                    (void)GetBerHeader(ber, &i, berSz, &tag, &length, &indef);
3815
                    if (tag == ASN_EOC) {
3816
                        break;
3817
                    }
3818
                    if (der != NULL) {
3819
                        if (j + length > *derSz) {
3820
                            ret = BUFFER_E;
3821
                            goto end;
3822
                        }
3823
                        XMEMCPY(der + j, ber + i, length);
3824
                    }
3825
                    j += length;
3826
                    i += length;
3827
                }
3828
            }
3829
3830
            /* Move to next indef item in list */
3831
            indefItems->idx++;
3832
        }
3833
        else if (tag == ASN_EOC) {
3834
            /* End-Of-Content is not written out in DER */
3835
        }
3836
        else {
3837
            /* Write out definite length item as is. */
3838
            i += length;
3839
            if (der != NULL) {
3840
                /* Ensure space for item */
3841
                if (j + i - start > *derSz) {
3842
                    ret = BUFFER_E;
3843
                    goto end;
3844
                }
3845
                /* Copy item as is */
3846
                XMEMCPY(der + j, ber + start, i - start);
3847
            }
3848
            j += i - start;
3849
        }
3850
    }
3851
3852
    /* Return the length of the DER encoded ASN.1 */
3853
    *derSz = j;
3854
    if (der == NULL) {
3855
        ret = LENGTH_ONLY_E;
3856
    }
3857
end:
3858
#ifdef WOLFSSL_SMALL_STACK
3859
    if (indefItems != NULL) {
3860
        XFREE(indefItems, NULL, DYNAMIC_TYPE_TMP_BUFFER);
3861
    }
3862
#endif
3863
    return ret;
3864
}
3865
#endif
3866
3867
#ifndef WOLFSSL_ASN_TEMPLATE
3868
#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
3869
/* Set the DER/BER encoding of the ASN.1 BIT_STRING with a 16-bit value.
3870
 *
3871
 * val         16-bit value to encode.
3872
 * output      Buffer to write into.
3873
 * returns the number of bytes added to the buffer.
3874
 */
3875
static word32 SetBitString16Bit(word16 val, byte* output)
3876
{
3877
    word32 idx;
3878
    int    len;
3879
    byte   lastByte;
3880
    byte   unusedBits = 0;
3881
3882
    if ((val >> 8) != 0) {
3883
        len = 2;
3884
        lastByte = (byte)(val >> 8);
3885
    }
3886
    else {
3887
        len = 1;
3888
        lastByte = (byte)val;
3889
    }
3890
3891
    while (((lastByte >> unusedBits) & 0x01) == 0x00)
3892
        unusedBits++;
3893
3894
    idx = SetBitString((word32)len, unusedBits, output);
3895
    output[idx++] = (byte)val;
3896
    if (len > 1)
3897
        output[idx++] = (byte)(val >> 8);
3898
3899
    return idx;
3900
}
3901
#endif /* WOLFSSL_CERT_EXT || WOLFSSL_CERT_GEN */
3902
#endif /* !WOLFSSL_ASN_TEMPLATE */
3903
3904
/* hashType */
3905
#ifdef WOLFSSL_MD2
3906
    static const byte hashMd2hOid[] = {42, 134, 72, 134, 247, 13, 2, 2};
3907
#endif
3908
#ifndef NO_MD5
3909
    static const byte hashMd5hOid[] = {42, 134, 72, 134, 247, 13, 2, 5};
3910
#endif
3911
#ifndef NO_SHA
3912
    static const byte hashSha1hOid[] = {43, 14, 3, 2, 26};
3913
#endif
3914
#ifdef WOLFSSL_SHA224
3915
    static const byte hashSha224hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 4};
3916
#endif
3917
#ifndef NO_SHA256
3918
    static const byte hashSha256hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 1};
3919
#endif
3920
#ifdef WOLFSSL_SHA384
3921
    static const byte hashSha384hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 2};
3922
#endif
3923
#ifdef WOLFSSL_SHA512
3924
    static const byte hashSha512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 3};
3925
    #ifndef WOLFSSL_NOSHA512_224
3926
    static const byte hashSha512_224hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 5};
3927
    #endif
3928
    #ifndef WOLFSSL_NOSHA512_256
3929
    static const byte hashSha512_256hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 6};
3930
    #endif
3931
#endif
3932
#ifdef WOLFSSL_SHA3
3933
#ifndef WOLFSSL_NOSHA3_224
3934
    static const byte hashSha3_224hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 7};
3935
#endif /* WOLFSSL_NOSHA3_224 */
3936
#ifndef WOLFSSL_NOSHA3_256
3937
    static const byte hashSha3_256hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 8};
3938
#endif /* WOLFSSL_NOSHA3_256 */
3939
#ifndef WOLFSSL_NOSHA3_384
3940
    static const byte hashSha3_384hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 9};
3941
#endif /* WOLFSSL_NOSHA3_384 */
3942
#ifndef WOLFSSL_NOSHA3_512
3943
    static const byte hashSha3_512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 10};
3944
#endif /* WOLFSSL_NOSHA3_512 */
3945
#endif /* WOLFSSL_SHA3 */
3946
3947
/* hmacType */
3948
#ifndef NO_HMAC
3949
    #ifdef WOLFSSL_SHA224
3950
    static const byte hmacSha224Oid[] = {42, 134, 72, 134, 247, 13, 2, 8};
3951
    #endif
3952
    #ifndef NO_SHA256
3953
    static const byte hmacSha256Oid[] = {42, 134, 72, 134, 247, 13, 2, 9};
3954
    #endif
3955
    #ifdef WOLFSSL_SHA384
3956
    static const byte hmacSha384Oid[] = {42, 134, 72, 134, 247, 13, 2, 10};
3957
    #endif
3958
    #ifdef WOLFSSL_SHA512
3959
    static const byte hmacSha512Oid[] = {42, 134, 72, 134, 247, 13, 2, 11};
3960
    #endif
3961
#endif
3962
3963
/* sigType */
3964
#if !defined(NO_DSA) && !defined(NO_SHA)
3965
    static const byte sigSha1wDsaOid[] = {42, 134, 72, 206, 56, 4, 3};
3966
    static const byte sigSha256wDsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 2};
3967
#endif /* NO_DSA */
3968
#ifndef NO_RSA
3969
    #ifdef WOLFSSL_MD2
3970
    static const byte sigMd2wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 2};
3971
    #endif
3972
    #ifndef NO_MD5
3973
    static const byte sigMd5wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 4};
3974
    #endif
3975
    #ifndef NO_SHA
3976
    static const byte sigSha1wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 5};
3977
    #endif
3978
    #ifdef WOLFSSL_SHA224
3979
    static const byte sigSha224wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,14};
3980
    #endif
3981
    #ifndef NO_SHA256
3982
    static const byte sigSha256wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,11};
3983
    #endif
3984
    #ifdef WOLFSSL_SHA384
3985
    static const byte sigSha384wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,12};
3986
    #endif
3987
    #ifdef WOLFSSL_SHA512
3988
    static const byte sigSha512wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,13};
3989
    #endif
3990
    #ifdef WOLFSSL_SHA3
3991
    #ifndef WOLFSSL_NOSHA3_224
3992
    static const byte sigSha3_224wRsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 13};
3993
    #endif
3994
    #ifndef WOLFSSL_NOSHA3_256
3995
    static const byte sigSha3_256wRsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 14};
3996
    #endif
3997
    #ifndef WOLFSSL_NOSHA3_384
3998
    static const byte sigSha3_384wRsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 15};
3999
    #endif
4000
    #ifndef WOLFSSL_NOSHA3_512
4001
    static const byte sigSha3_512wRsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 16};
4002
    #endif
4003
    #endif
4004
    #ifdef WC_RSA_PSS
4005
    static const byte sigRsaSsaPssOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 10};
4006
    #endif
4007
#endif /* NO_RSA */
4008
#ifdef HAVE_ECC
4009
    #ifndef NO_SHA
4010
    static const byte sigSha1wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 1};
4011
    #endif
4012
    #ifdef WOLFSSL_SHA224
4013
    static const byte sigSha224wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 1};
4014
    #endif
4015
    #ifndef NO_SHA256
4016
    static const byte sigSha256wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 2};
4017
    #endif
4018
    #ifdef WOLFSSL_SHA384
4019
    static const byte sigSha384wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 3};
4020
    #endif
4021
    #ifdef WOLFSSL_SHA512
4022
    static const byte sigSha512wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 4};
4023
    #endif
4024
    #ifdef WOLFSSL_SHA3
4025
    #ifndef WOLFSSL_NOSHA3_224
4026
    static const byte sigSha3_224wEcdsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 9};
4027
    #endif
4028
    #ifndef WOLFSSL_NOSHA3_256
4029
    static const byte sigSha3_256wEcdsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 10};
4030
    #endif
4031
    #ifndef WOLFSSL_NOSHA3_384
4032
    static const byte sigSha3_384wEcdsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 11};
4033
    #endif
4034
    #ifndef WOLFSSL_NOSHA3_512
4035
    static const byte sigSha3_512wEcdsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 12};
4036
    #endif
4037
    #endif
4038
    #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
4039
    /* 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75 */
4040
    static const byte sigSm3wSm2Oid[] = {42, 129, 28, 207, 85, 1, 131, 117};
4041
    #endif
4042
#endif /* HAVE_ECC */
4043
#ifdef HAVE_ED25519
4044
    static const byte sigEd25519Oid[] = {43, 101, 112};
4045
#endif /* HAVE_ED25519 */
4046
#ifdef HAVE_ED448
4047
    static const byte sigEd448Oid[] = {43, 101, 113};
4048
#endif /* HAVE_ED448 */
4049
#ifdef HAVE_PQC
4050
#ifdef HAVE_FALCON
4051
    /* Falcon Level 1: 1 3 9999 3 1 */
4052
    static const byte sigFalcon_Level1Oid[] = {43, 206, 15, 3, 1};
4053
4054
    /* Falcon Level 5: 1 3 9999 3 4 */
4055
    static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 4};
4056
#endif /* HAVE_FACON */
4057
#ifdef HAVE_DILITHIUM
4058
    /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
4059
    static const byte sigDilithium_Level2Oid[] =
4060
        {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4};
4061
4062
    /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */
4063
    static const byte sigDilithium_Level3Oid[] =
4064
        {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5};
4065
4066
    /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
4067
    static const byte sigDilithium_Level5Oid[] =
4068
        {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
4069
#endif /* HAVE_DILITHIUM */
4070
#ifdef HAVE_SPHINCS
4071
    /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
4072
    static const byte sigSphincsFast_Level1Oid[] =
4073
        {43, 206, 15, 6, 7, 4};
4074
4075
    /* Sphincs Fast Level 3: 1 3 9999 6 8 3 */
4076
    static const byte sigSphincsFast_Level3Oid[] =
4077
        {43, 206, 15, 6, 8, 3};
4078
4079
    /* Sphincs Fast Level 5: 1 3 9999 6 9 3 */
4080
    static const byte sigSphincsFast_Level5Oid[] =
4081
        {43, 206, 15, 6, 9, 3};
4082
4083
    /* Sphincs Small Level 1: 1 3 9999 6 7 10 */
4084
    static const byte sigSphincsSmall_Level1Oid[] =
4085
        {43, 206, 15, 6, 7, 10};
4086
4087
    /* Sphincs Small Level 3: 1 3 9999 6 8 7 */
4088
    static const byte sigSphincsSmall_Level3Oid[] =
4089
        {43, 206, 15, 6, 8, 7};
4090
4091
    /* Sphincs Small Level 5: 1 3 9999 6 9 7 */
4092
    static const byte sigSphincsSmall_Level5Oid[] =
4093
        {43, 206, 15, 6, 9, 7};
4094
#endif /* HAVE_SPHINCS */
4095
#endif /* HAVE_PQC */
4096
4097
/* keyType */
4098
#ifndef NO_DSA
4099
    static const byte keyDsaOid[] = {42, 134, 72, 206, 56, 4, 1};
4100
#endif /* NO_DSA */
4101
#ifndef NO_RSA
4102
    static const byte keyRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 1};
4103
#ifdef WC_RSA_PSS
4104
    static const byte keyRsaPssOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 10};
4105
#endif
4106
#endif /* NO_RSA */
4107
#ifdef HAVE_ECC
4108
    static const byte keyEcdsaOid[] = {42, 134, 72, 206, 61, 2, 1};
4109
#endif /* HAVE_ECC */
4110
#ifdef HAVE_ED25519
4111
    static const byte keyEd25519Oid[] = {43, 101, 112};
4112
#endif /* HAVE_ED25519 */
4113
#ifdef HAVE_CURVE25519
4114
    static const byte keyCurve25519Oid[] = {43, 101, 110};
4115
#endif
4116
#ifdef HAVE_ED448
4117
    static const byte keyEd448Oid[] = {43, 101, 113};
4118
#endif /* HAVE_ED448 */
4119
#ifdef HAVE_CURVE448
4120
    static const byte keyCurve448Oid[] = {43, 101, 111};
4121
#endif /* HAVE_CURVE448 */
4122
#ifndef NO_DH
4123
    static const byte keyDhOid[] = {42, 134, 72, 134, 247, 13, 1, 3, 1};
4124
#endif /* !NO_DH */
4125
#ifdef HAVE_PQC
4126
#ifdef HAVE_FALCON
4127
    /* Falcon Level 1: 1 3 9999 3 1 */
4128
    static const byte keyFalcon_Level1Oid[] = {43, 206, 15, 3, 1};
4129
4130
    /* Falcon Level 5: 1 3 9999 3 4 */
4131
    static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 4};
4132
#endif /* HAVE_FALCON */
4133
#ifdef HAVE_DILITHIUM
4134
    /* Dilithium Level 2: 1.3.6.1.4.1.2.267.7.4.4 */
4135
    static const byte keyDilithium_Level2Oid[] =
4136
        {43, 6, 1, 4, 1, 2, 130, 11, 7, 4, 4};
4137
4138
    /* Dilithium Level 3: 1.3.6.1.4.1.2.267.7.6.5 */
4139
    static const byte keyDilithium_Level3Oid[] =
4140
        {43, 6, 1, 4, 1, 2, 130, 11, 7, 6, 5};
4141
4142
    /* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
4143
    static const byte keyDilithium_Level5Oid[] =
4144
        {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
4145
#endif /* HAVE_DILITHIUM */
4146
#ifdef HAVE_SPHINCS
4147
    /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
4148
    static const byte keySphincsFast_Level1Oid[] =
4149
        {43, 206, 15, 6, 7, 4};
4150
4151
    /* Sphincs Fast Level 3: 1 3 9999 6 8 3 */
4152
    static const byte keySphincsFast_Level3Oid[] =
4153
        {43, 206, 15, 6, 8, 3};
4154
4155
    /* Sphincs Fast Level 5: 1 3 9999 6 9 3 */
4156
    static const byte keySphincsFast_Level5Oid[] =
4157
        {43, 206, 15, 6, 9, 3};
4158
4159
    /* Sphincs Small Level 1: 1 3 9999 6 7 10 */
4160
    static const byte keySphincsSmall_Level1Oid[] =
4161
        {43, 206, 15, 6, 7, 10};
4162
4163
    /* Sphincs Small Level 3: 1 3 9999 6 8 7 */
4164
    static const byte keySphincsSmall_Level3Oid[] =
4165
        {43, 206, 15, 6, 8, 7};
4166
4167
    /* Sphincs Small Level 5: 1 3 9999 6 9 7 */
4168
    static const byte keySphincsSmall_Level5Oid[] =
4169
        {43, 206, 15, 6, 9, 7};
4170
#endif /* HAVE_SPHINCS */
4171
#endif /* HAVE_PQC */
4172
4173
/* curveType */
4174
#ifdef HAVE_ECC
4175
    /* See "ecc_sets" table in ecc.c */
4176
#endif /* HAVE_ECC */
4177
4178
#ifdef HAVE_AES_CBC
4179
/* blkType */
4180
    #ifdef WOLFSSL_AES_128
4181
    static const byte blkAes128CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 2};
4182
    #endif
4183
    #ifdef WOLFSSL_AES_192
4184
    static const byte blkAes192CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 22};
4185
    #endif
4186
    #ifdef WOLFSSL_AES_256
4187
    static const byte blkAes256CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 42};
4188
    #endif
4189
#endif /* HAVE_AES_CBC */
4190
#ifdef HAVE_AESGCM
4191
    #ifdef WOLFSSL_AES_128
4192
    static const byte blkAes128GcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 6};
4193
    #endif
4194
    #ifdef WOLFSSL_AES_192
4195
    static const byte blkAes192GcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 26};
4196
    #endif
4197
    #ifdef WOLFSSL_AES_256
4198
    static const byte blkAes256GcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 46};
4199
    #endif
4200
#endif /* HAVE_AESGCM */
4201
#ifdef HAVE_AESCCM
4202
    #ifdef WOLFSSL_AES_128
4203
    static const byte blkAes128CcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 7};
4204
    #endif
4205
    #ifdef WOLFSSL_AES_192
4206
    static const byte blkAes192CcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 27};
4207
    #endif
4208
    #ifdef WOLFSSL_AES_256
4209
    static const byte blkAes256CcmOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 47};
4210
    #endif
4211
#endif /* HAVE_AESCCM */
4212
4213
#ifndef NO_DES3
4214
    static const byte blkDesCbcOid[]  = {43, 14, 3, 2, 7};
4215
    static const byte blkDes3CbcOid[] = {42, 134, 72, 134, 247, 13, 3, 7};
4216
#endif
4217
4218
/* keyWrapType */
4219
#ifdef WOLFSSL_AES_128
4220
    static const byte wrapAes128Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 5};
4221
#endif
4222
#ifdef WOLFSSL_AES_192
4223
    static const byte wrapAes192Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 25};
4224
#endif
4225
#ifdef WOLFSSL_AES_256
4226
    static const byte wrapAes256Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 45};
4227
#endif
4228
#ifdef HAVE_PKCS7
4229
/* From RFC 3211 */
4230
static const byte wrapPwriKekOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 16, 3,9};
4231
#endif
4232
4233
/* cmsKeyAgreeType */
4234
#ifndef NO_SHA
4235
    static const byte dhSinglePass_stdDH_sha1kdf_Oid[]   =
4236
                                          {43, 129, 5, 16, 134, 72, 63, 0, 2};
4237
#endif
4238
#ifdef WOLFSSL_SHA224
4239
    static const byte dhSinglePass_stdDH_sha224kdf_Oid[] = {43, 129, 4, 1, 11, 0};
4240
#endif
4241
#ifndef NO_SHA256
4242
    static const byte dhSinglePass_stdDH_sha256kdf_Oid[] = {43, 129, 4, 1, 11, 1};
4243
#endif
4244
#ifdef WOLFSSL_SHA384
4245
    static const byte dhSinglePass_stdDH_sha384kdf_Oid[] = {43, 129, 4, 1, 11, 2};
4246
#endif
4247
#ifdef WOLFSSL_SHA512
4248
    static const byte dhSinglePass_stdDH_sha512kdf_Oid[] = {43, 129, 4, 1, 11, 3};
4249
#endif
4250
4251
/* ocspType */
4252
#ifdef HAVE_OCSP
4253
    static const byte ocspBasicOid[]    = {43, 6, 1, 5, 5, 7, 48, 1, 1};
4254
    static const byte ocspNonceOid[]    = {43, 6, 1, 5, 5, 7, 48, 1, 2};
4255
    static const byte ocspNoCheckOid[]  = {43, 6, 1, 5, 5, 7, 48, 1, 5};
4256
#endif /* HAVE_OCSP */
4257
4258
/* certExtType */
4259
static const byte extBasicCaOid[] = {85, 29, 19};
4260
static const byte extAltNamesOid[] = {85, 29, 17};
4261
static const byte extCrlDistOid[] = {85, 29, 31};
4262
static const byte extAuthInfoOid[] = {43, 6, 1, 5, 5, 7, 1, 1};
4263
static const byte extAuthKeyOid[] = {85, 29, 35};
4264
static const byte extSubjKeyOid[] = {85, 29, 14};
4265
static const byte extCertPolicyOid[] = {85, 29, 32};
4266
static const byte extKeyUsageOid[] = {85, 29, 15};
4267
static const byte extInhibitAnyOid[] = {85, 29, 54};
4268
static const byte extExtKeyUsageOid[] = {85, 29, 37};
4269
#ifndef IGNORE_NAME_CONSTRAINTS
4270
    static const byte extNameConsOid[] = {85, 29, 30};
4271
#endif
4272
#ifdef HAVE_CRL
4273
static const byte extCrlNumberOid[] = {85, 29, 20};
4274
#endif
4275
#ifdef WOLFSSL_SUBJ_DIR_ATTR
4276
    static const byte extSubjDirAttrOid[] = {85, 29, 9};
4277
#endif
4278
#ifdef WOLFSSL_SUBJ_INFO_ACC
4279
    static const byte extSubjInfoAccessOid[] = {43, 6, 1, 5, 5, 7, 1, 11};
4280
#endif
4281
4282
/* certAuthInfoType */
4283
static const byte extAuthInfoOcspOid[] = {43, 6, 1, 5, 5, 7, 48, 1};
4284
static const byte extAuthInfoCaIssuerOid[] = {43, 6, 1, 5, 5, 7, 48, 2};
4285
#ifdef WOLFSSL_SUBJ_INFO_ACC
4286
    static const byte extAuthInfoCaRespOid[] = {43, 6, 1, 5, 5, 7, 48, 5};
4287
#endif /* WOLFSSL_SUBJ_INFO_ACC */
4288
4289
/* certPolicyType */
4290
static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0};
4291
#ifdef WOLFSSL_FPKI
4292
#define CERT_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 3, num}
4293
    static const byte extCertPolicyFpkiCommonAuthOid[] =
4294
            CERT_POLICY_TYPE_OID_BASE(13);
4295
    static const byte extCertPolicyFpkiPivAuthOid[] =
4296
            CERT_POLICY_TYPE_OID_BASE(40);
4297
    static const byte extCertPolicyFpkiPivAuthHwOid[] =
4298
            CERT_POLICY_TYPE_OID_BASE(41);
4299
    static const byte extCertPolicyFpkiPiviAuthOid[] =
4300
            CERT_POLICY_TYPE_OID_BASE(45);
4301
#endif /* WOLFSSL_FPKI */
4302
4303
/* certAltNameType */
4304
static const byte extAltNamesHwNameOid[] = {43, 6, 1, 5, 5, 7, 8, 4};
4305
4306
/* certKeyUseType */
4307
static const byte extExtKeyUsageAnyOid[] = {85, 29, 37, 0};
4308
static const byte extExtKeyUsageServerAuthOid[]   = {43, 6, 1, 5, 5, 7, 3, 1};
4309
static const byte extExtKeyUsageClientAuthOid[]   = {43, 6, 1, 5, 5, 7, 3, 2};
4310
static const byte extExtKeyUsageCodeSigningOid[]  = {43, 6, 1, 5, 5, 7, 3, 3};
4311
static const byte extExtKeyUsageEmailProtectOid[] = {43, 6, 1, 5, 5, 7, 3, 4};
4312
static const byte extExtKeyUsageTimestampOid[]    = {43, 6, 1, 5, 5, 7, 3, 8};
4313
static const byte extExtKeyUsageOcspSignOid[]     = {43, 6, 1, 5, 5, 7, 3, 9};
4314
#ifdef WOLFSSL_WOLFSSH
4315
#define EXT_KEY_USAGE_OID_BASE(num) {43, 6, 1, 5, 5, 7, 3, num}
4316
    static const byte extExtKeyUsageSshClientAuthOid[] =
4317
            EXT_KEY_USAGE_OID_BASE(21);
4318
    static const byte extExtKeyUsageSshMSCLOid[] =
4319
            {43, 6, 1, 4, 1, 130, 55, 20, 2, 2};
4320
    static const byte extExtKeyUsageSshKpClientAuthOid[] =
4321
            {43, 6, 1, 5, 2, 3, 4};
4322
#endif /* WOLFSSL_WOLFSSH */
4323
4324
#ifdef WOLFSSL_SUBJ_DIR_ATTR
4325
#define SUBJ_DIR_ATTR_TYPE_OID_BASE(num) {43, 6, 1, 5, 5, 7, 9, num}
4326
    static const byte extSubjDirAttrDobOid[] = SUBJ_DIR_ATTR_TYPE_OID_BASE(1);
4327
    static const byte extSubjDirAttrPobOid[] = SUBJ_DIR_ATTR_TYPE_OID_BASE(2);
4328
    static const byte extSubjDirAttrGenderOid[] =
4329
            SUBJ_DIR_ATTR_TYPE_OID_BASE(3);
4330
    static const byte extSubjDirAttrCocOid[] = SUBJ_DIR_ATTR_TYPE_OID_BASE(4);
4331
    static const byte extSubjDirAttrCorOid[] = SUBJ_DIR_ATTR_TYPE_OID_BASE(5);
4332
#endif
4333
4334
#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN) || \
4335
    defined(WOLFSSL_ASN_TEMPLATE) || defined(OPENSSL_EXTRA) || \
4336
    defined(OPENSSL_EXTRA_X509_SMALL)
4337
/* csrAttrType */
4338
#define CSR_ATTR_TYPE_OID_BASE(num) {42, 134, 72, 134, 247, 13, 1, 9, num}
4339
#if !defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN) || \
4340
    defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
4341
    defined(WOLFSSL_ASN_TEMPLATE)
4342
static const byte attrEmailOid[] =             CSR_ATTR_TYPE_OID_BASE(1);
4343
#endif
4344
#ifdef WOLFSSL_CERT_REQ
4345
static const byte attrUnstructuredNameOid[] =  CSR_ATTR_TYPE_OID_BASE(2);
4346
static const byte attrPkcs9ContentTypeOid[] =  CSR_ATTR_TYPE_OID_BASE(3);
4347
static const byte attrChallengePasswordOid[] = CSR_ATTR_TYPE_OID_BASE(7);
4348
static const byte attrExtensionRequestOid[] =  CSR_ATTR_TYPE_OID_BASE(14);
4349
static const byte attrSerialNumberOid[] = {85, 4, 5};
4350
static const byte attrDnQualifier[] = {85, 4, 46};
4351
static const byte attrInitals[] = {85, 4, 43};
4352
static const byte attrSurname[] = {85, 4, 4};
4353
static const byte attrGivenName[] = {85, 4, 42};
4354
#endif
4355
#endif
4356
4357
/* kdfType */
4358
static const byte pbkdf2Oid[] = {42, 134, 72, 134, 247, 13, 1, 5, 12};
4359
4360
/* PKCS5 */
4361
#if !defined(NO_DES3) && !defined(NO_MD5)
4362
static const byte pbeMd5Des[] = {42, 134, 72, 134, 247, 13, 1, 5, 3};
4363
#endif
4364
#if !defined(NO_DES3) && !defined(NO_SHA)
4365
static const byte pbeSha1Des[] = {42, 134, 72, 134, 247, 13, 1, 5, 10};
4366
#endif
4367
static const byte pbes2[] = {42, 134, 72, 134, 247, 13, 1, 5, 13};
4368
4369
/* PKCS12 */
4370
#if !defined(NO_RC4) && !defined(NO_SHA)
4371
static const byte pbeSha1RC4128[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 1};
4372
#endif
4373
#if !defined(NO_DES3) && !defined(NO_SHA)
4374
static const byte pbeSha1Des3[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 3};
4375
#endif
4376
#if defined(WC_RC2) && !defined(NO_SHA)
4377
static const byte pbe40Rc2Cbc[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 6};
4378
#endif
4379
4380
#ifdef HAVE_LIBZ
4381
/* zlib compression */
4382
static const byte zlibCompress[] = {42, 134, 72, 134, 247, 13, 1, 9, 16, 3, 8};
4383
#endif
4384
#ifdef WOLFSSL_APACHE_HTTPD
4385
/* tlsExtType */
4386
static const byte tlsFeatureOid[] = {43, 6, 1, 5, 5, 7, 1, 24};
4387
/* certNameType */
4388
static const byte dnsSRVOid[] = {43, 6, 1, 5, 5, 7, 8, 7};
4389
#endif
4390
4391
#if defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_GEN) || \
4392
    defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
4393
    defined(WOLFSSL_ASN_TEMPLATE)
4394
/* Pilot attribute types (0.9.2342.19200300.100.1.*) */
4395
#define PLT_ATTR_TYPE_OID_BASE(num) {9, 146, 38, 137, 147, 242, 44, 100, 1, num}
4396
static const byte uidOid[] = PLT_ATTR_TYPE_OID_BASE(1); /* user id */
4397
static const byte fvrtDrk[] = PLT_ATTR_TYPE_OID_BASE(5);/* favourite drink*/
4398
#endif
4399
4400
#if defined(WOLFSSL_CERT_GEN) || \
4401
    defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
4402
    defined(WOLFSSL_ASN_TEMPLATE)
4403
static const byte dcOid[] = {9, 146, 38, 137, 147, 242, 44, 100, 1, 25}; /* domain component */
4404
#endif
4405
4406
4407
/* Looks up the ID/type of an OID.
4408
 *
4409
 * When known returns the OID as a byte array and its length.
4410
 * ID-type are unique.
4411
 *
4412
 * Use oidIgnoreType to autofail.
4413
 *
4414
 * @param [in]  id     OID id.
4415
 * @param [in]  type   Type of OID (enum Oid_Types).
4416
 * @param [out] oidSz  Length of OID byte array returned.
4417
 * @return  Array of bytes for the OID.
4418
 * @return  NULL when ID/type not recognized.
4419
 */
4420
const byte* OidFromId(word32 id, word32 type, word32* oidSz)
4421
0
{
4422
0
    const byte* oid = NULL;
4423
4424
0
    *oidSz = 0;
4425
4426
0
    switch (type) {
4427
4428
0
        case oidHashType:
4429
0
            switch (id) {
4430
0
            #ifdef WOLFSSL_MD2
4431
0
                case MD2h:
4432
0
                    oid = hashMd2hOid;
4433
0
                    *oidSz = sizeof(hashMd2hOid);
4434
0
                    break;
4435
0
            #endif
4436
0
            #ifndef NO_MD5
4437
0
                case MD5h:
4438
0
                    oid = hashMd5hOid;
4439
0
                    *oidSz = sizeof(hashMd5hOid);
4440
0
                    break;
4441
0
            #endif
4442
0
            #ifndef NO_SHA
4443
0
                case SHAh:
4444
0
                    oid = hashSha1hOid;
4445
0
                    *oidSz = sizeof(hashSha1hOid);
4446
0
                    break;
4447
0
            #endif
4448
0
            #ifdef WOLFSSL_SHA224
4449
0
                case SHA224h:
4450
0
                    oid = hashSha224hOid;
4451
0
                    *oidSz = sizeof(hashSha224hOid);
4452
0
                    break;
4453
0
            #endif
4454
0
            #ifndef NO_SHA256
4455
0
                case SHA256h:
4456
0
                    oid = hashSha256hOid;
4457
0
                    *oidSz = sizeof(hashSha256hOid);
4458
0
                    break;
4459
0
            #endif
4460
0
            #ifdef WOLFSSL_SHA384
4461
0
                case SHA384h:
4462
0
                    oid = hashSha384hOid;
4463
0
                    *oidSz = sizeof(hashSha384hOid);
4464
0
                    break;
4465
0
            #endif
4466
0
            #ifdef WOLFSSL_SHA512
4467
0
                #ifndef WOLFSSL_NOSHA512_224
4468
0
                case SHA512_224h:
4469
0
                    oid = hashSha512_224hOid;
4470
0
                    *oidSz = sizeof(hashSha512_224hOid);
4471
0
                    break;
4472
0
                #endif
4473
0
                #ifndef WOLFSSL_NOSHA512_256
4474
0
                case SHA512_256h:
4475
0
                    oid = hashSha512_256hOid;
4476
0
                    *oidSz = sizeof(hashSha512_256hOid);
4477
0
                    break;
4478
0
                #endif
4479
0
                case SHA512h:
4480
0
                    oid = hashSha512hOid;
4481
0
                    *oidSz = sizeof(hashSha512hOid);
4482
0
                    break;
4483
0
            #endif
4484
0
            #ifdef WOLFSSL_SHA3
4485
0
            #ifndef WOLFSSL_NOSHA3_224
4486
0
                case SHA3_224h:
4487
0
                    oid = hashSha3_224hOid;
4488
0
                    *oidSz = sizeof(hashSha3_224hOid);
4489
0
                    break;
4490
0
            #endif /* WOLFSSL_NOSHA3_224 */
4491
0
            #ifndef WOLFSSL_NOSHA3_256
4492
0
                case SHA3_256h:
4493
0
                    oid = hashSha3_256hOid;
4494
0
                    *oidSz = sizeof(hashSha3_256hOid);
4495
0
                    break;
4496
0
            #endif /* WOLFSSL_NOSHA3_256 */
4497
0
            #ifndef WOLFSSL_NOSHA3_384
4498
0
                case SHA3_384h:
4499
0
                    oid = hashSha3_384hOid;
4500
0
                    *oidSz = sizeof(hashSha3_384hOid);
4501
0
                    break;
4502
0
            #endif /* WOLFSSL_NOSHA3_384 */
4503
0
            #ifndef WOLFSSL_NOSHA3_512
4504
0
                case SHA3_512h:
4505
0
                    oid = hashSha3_512hOid;
4506
0
                    *oidSz = sizeof(hashSha3_512hOid);
4507
0
                    break;
4508
0
            #endif /* WOLFSSL_NOSHA3_512 */
4509
0
            #endif /* WOLFSSL_SHA3 */
4510
0
                default:
4511
0
                    break;
4512
0
            }
4513
0
            break;
4514
4515
0
        case oidSigType:
4516
0
            switch (id) {
4517
                #if !defined(NO_DSA) && !defined(NO_SHA)
4518
                case CTC_SHAwDSA:
4519
                    oid = sigSha1wDsaOid;
4520
                    *oidSz = sizeof(sigSha1wDsaOid);
4521
                    break;
4522
                case CTC_SHA256wDSA:
4523
                    oid = sigSha256wDsaOid;
4524
                    *oidSz = sizeof(sigSha256wDsaOid);
4525
                    break;
4526
                #endif /* NO_DSA */
4527
0
                #ifndef NO_RSA
4528
0
                #ifdef WOLFSSL_MD2
4529
0
                case CTC_MD2wRSA:
4530
0
                    oid = sigMd2wRsaOid;
4531
0
                    *oidSz = sizeof(sigMd2wRsaOid);
4532
0
                    break;
4533
0
                #endif
4534
0
                #ifndef NO_MD5
4535
0
                case CTC_MD5wRSA:
4536
0
                    oid = sigMd5wRsaOid;
4537
0
                    *oidSz = sizeof(sigMd5wRsaOid);
4538
0
                    break;
4539
0
                #endif
4540
0
                #ifndef NO_SHA
4541
0
                case CTC_SHAwRSA:
4542
0
                    oid = sigSha1wRsaOid;
4543
0
                    *oidSz = sizeof(sigSha1wRsaOid);
4544
0
                    break;
4545
0
                #endif
4546
0
                #ifdef WOLFSSL_SHA224
4547
0
                case CTC_SHA224wRSA:
4548
0
                    oid = sigSha224wRsaOid;
4549
0
                    *oidSz = sizeof(sigSha224wRsaOid);
4550
0
                    break;
4551
0
                #endif
4552
0
                #ifndef NO_SHA256
4553
0
                case CTC_SHA256wRSA:
4554
0
                    oid = sigSha256wRsaOid;
4555
0
                    *oidSz = sizeof(sigSha256wRsaOid);
4556
0
                    break;
4557
0
                #endif
4558
0
                #ifdef WOLFSSL_SHA384
4559
0
                case CTC_SHA384wRSA:
4560
0
                    oid = sigSha384wRsaOid;
4561
0
                    *oidSz = sizeof(sigSha384wRsaOid);
4562
0
                    break;
4563
0
                #endif
4564
0
                #ifdef WOLFSSL_SHA512
4565
0
                case CTC_SHA512wRSA:
4566
0
                    oid = sigSha512wRsaOid;
4567
0
                    *oidSz = sizeof(sigSha512wRsaOid);
4568
0
                    break;
4569
0
                #endif /* WOLFSSL_SHA512 */
4570
0
                #ifdef WOLFSSL_SHA3
4571
0
                #ifndef WOLFSSL_NOSHA3_224
4572
0
                case CTC_SHA3_224wRSA:
4573
0
                    oid = sigSha3_224wRsaOid;
4574
0
                    *oidSz = sizeof(sigSha3_224wRsaOid);
4575
0
                    break;
4576
0
                #endif
4577
0
                #ifndef WOLFSSL_NOSHA3_256
4578
0
                case CTC_SHA3_256wRSA:
4579
0
                    oid = sigSha3_256wRsaOid;
4580
0
                    *oidSz = sizeof(sigSha3_256wRsaOid);
4581
0
                    break;
4582
0
                #endif
4583
0
                #ifndef WOLFSSL_NOSHA3_384
4584
0
                case CTC_SHA3_384wRSA:
4585
0
                    oid = sigSha3_384wRsaOid;
4586
0
                    *oidSz = sizeof(sigSha3_384wRsaOid);
4587
0
                    break;
4588
0
                #endif
4589
0
                #ifndef WOLFSSL_NOSHA3_512
4590
0
                case CTC_SHA3_512wRSA:
4591
0
                    oid = sigSha3_512wRsaOid;
4592
0
                    *oidSz = sizeof(sigSha3_512wRsaOid);
4593
0
                    break;
4594
0
                #endif
4595
0
                #endif
4596
0
                #ifdef WC_RSA_PSS
4597
0
                case CTC_RSASSAPSS:
4598
0
                    oid = sigRsaSsaPssOid;
4599
0
                    *oidSz = sizeof(sigRsaSsaPssOid);
4600
0
                    break;
4601
0
                #endif
4602
0
                #endif /* NO_RSA */
4603
0
                #ifdef HAVE_ECC
4604
0
                #ifndef NO_SHA
4605
0
                case CTC_SHAwECDSA:
4606
0
                    oid = sigSha1wEcdsaOid;
4607
0
                    *oidSz = sizeof(sigSha1wEcdsaOid);
4608
0
                    break;
4609
0
                #endif
4610
0
                #ifdef WOLFSSL_SHA224
4611
0
                case CTC_SHA224wECDSA:
4612
0
                    oid = sigSha224wEcdsaOid;
4613
0
                    *oidSz = sizeof(sigSha224wEcdsaOid);
4614
0
                    break;
4615
0
                #endif
4616
0
                #ifndef NO_SHA256
4617
0
                case CTC_SHA256wECDSA:
4618
0
                    oid = sigSha256wEcdsaOid;
4619
0
                    *oidSz = sizeof(sigSha256wEcdsaOid);
4620
0
                    break;
4621
0
                #endif
4622
0
                #ifdef WOLFSSL_SHA384
4623
0
                case CTC_SHA384wECDSA:
4624
0
                    oid = sigSha384wEcdsaOid;
4625
0
                    *oidSz = sizeof(sigSha384wEcdsaOid);
4626
0
                    break;
4627
0
                #endif
4628
0
                #ifdef WOLFSSL_SHA512
4629
0
                case CTC_SHA512wECDSA:
4630
0
                    oid = sigSha512wEcdsaOid;
4631
0
                    *oidSz = sizeof(sigSha512wEcdsaOid);
4632
0
                    break;
4633
0
                #endif
4634
0
                #ifdef WOLFSSL_SHA3
4635
0
                #ifndef WOLFSSL_NOSHA3_224
4636
0
                case CTC_SHA3_224wECDSA:
4637
0
                    oid = sigSha3_224wEcdsaOid;
4638
0
                    *oidSz = sizeof(sigSha3_224wEcdsaOid);
4639
0
                    break;
4640
0
                #endif
4641
0
                #ifndef WOLFSSL_NOSHA3_256
4642
0
                case CTC_SHA3_256wECDSA:
4643
0
                    oid = sigSha3_256wEcdsaOid;
4644
0
                    *oidSz = sizeof(sigSha3_256wEcdsaOid);
4645
0
                    break;
4646
0
                #endif
4647
0
                #ifndef WOLFSSL_NOSHA3_384
4648
0
                case CTC_SHA3_384wECDSA:
4649
0
                    oid = sigSha3_384wEcdsaOid;
4650
0
                    *oidSz = sizeof(sigSha3_384wEcdsaOid);
4651
0
                    break;
4652
0
                #endif
4653
0
                #ifndef WOLFSSL_NOSHA3_512
4654
0
                case CTC_SHA3_512wECDSA:
4655
0
                    oid = sigSha3_512wEcdsaOid;
4656
0
                    *oidSz = sizeof(sigSha3_512wEcdsaOid);
4657
0
                    break;
4658
0
                #endif
4659
0
                #endif
4660
0
                #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
4661
0
                case CTC_SM3wSM2:
4662
0
                    oid = sigSm3wSm2Oid;
4663
0
                    *oidSz = sizeof(sigSm3wSm2Oid);
4664
0
                    break;
4665
0
                #endif
4666
0
                #endif /* HAVE_ECC */
4667
0
                #ifdef HAVE_ED25519
4668
0
                case CTC_ED25519:
4669
0
                    oid = sigEd25519Oid;
4670
0
                    *oidSz = sizeof(sigEd25519Oid);
4671
0
                    break;
4672
0
                #endif
4673
0
                #ifdef HAVE_ED448
4674
0
                case CTC_ED448:
4675
0
                    oid = sigEd448Oid;
4676
0
                    *oidSz = sizeof(sigEd448Oid);
4677
0
                    break;
4678
0
                #endif
4679
                #ifdef HAVE_PQC
4680
                #ifdef HAVE_FALCON
4681
                case CTC_FALCON_LEVEL1:
4682
                    oid = sigFalcon_Level1Oid;
4683
                    *oidSz = sizeof(sigFalcon_Level1Oid);
4684
                    break;
4685
                case CTC_FALCON_LEVEL5:
4686
                    oid = sigFalcon_Level5Oid;
4687
                    *oidSz = sizeof(sigFalcon_Level5Oid);
4688
                    break;
4689
                #endif /* HAVE_FALCON */
4690
                #ifdef HAVE_DILITHIUM
4691
                case CTC_DILITHIUM_LEVEL2:
4692
                    oid = sigDilithium_Level2Oid;
4693
                    *oidSz = sizeof(sigDilithium_Level2Oid);
4694
                    break;
4695
                case CTC_DILITHIUM_LEVEL3:
4696
                    oid = sigDilithium_Level3Oid;
4697
                    *oidSz = sizeof(sigDilithium_Level3Oid);
4698
                    break;
4699
                case CTC_DILITHIUM_LEVEL5:
4700
                    oid = sigDilithium_Level5Oid;
4701
                    *oidSz = sizeof(sigDilithium_Level5Oid);
4702
                    break;
4703
                #endif /* HAVE_DILITHIUM */
4704
                #ifdef HAVE_SPHINCS
4705
                case CTC_SPHINCS_FAST_LEVEL1:
4706
                    oid = sigSphincsFast_Level1Oid;
4707
                    *oidSz = sizeof(sigSphincsFast_Level1Oid);
4708
                    break;
4709
                case CTC_SPHINCS_FAST_LEVEL3:
4710
                    oid = sigSphincsFast_Level3Oid;
4711
                    *oidSz = sizeof(sigSphincsFast_Level3Oid);
4712
                    break;
4713
                case CTC_SPHINCS_FAST_LEVEL5:
4714
                    oid = sigSphincsFast_Level5Oid;
4715
                    *oidSz = sizeof(sigSphincsFast_Level5Oid);
4716
                    break;
4717
                case CTC_SPHINCS_SMALL_LEVEL1:
4718
                    oid = sigSphincsSmall_Level1Oid;
4719
                    *oidSz = sizeof(sigSphincsSmall_Level1Oid);
4720
                    break;
4721
                case CTC_SPHINCS_SMALL_LEVEL3:
4722
                    oid = sigSphincsSmall_Level3Oid;
4723
                    *oidSz = sizeof(sigSphincsSmall_Level3Oid);
4724
                    break;
4725
                case CTC_SPHINCS_SMALL_LEVEL5:
4726
                    oid = sigSphincsSmall_Level5Oid;
4727
                    *oidSz = sizeof(sigSphincsSmall_Level5Oid);
4728
                    break;
4729
                #endif /* HAVE_SPHINCS */
4730
                #endif /* HAVE_PQC */
4731
0
                default:
4732
0
                    break;
4733
0
            }
4734
0
            break;
4735
4736
0
        case oidKeyType:
4737
0
            switch (id) {
4738
                #ifndef NO_DSA
4739
                case DSAk:
4740
                    oid = keyDsaOid;
4741
                    *oidSz = sizeof(keyDsaOid);
4742
                    break;
4743
                #endif /* NO_DSA */
4744
0
            #ifndef NO_RSA
4745
0
                case RSAk:
4746
0
                    oid = keyRsaOid;
4747
0
                    *oidSz = sizeof(keyRsaOid);
4748
0
                    break;
4749
0
                #ifdef WC_RSA_PSS
4750
0
                case RSAPSSk:
4751
0
                    oid = keyRsaPssOid;
4752
0
                    *oidSz = sizeof(keyRsaPssOid);
4753
0
                    break;
4754
0
                #endif
4755
0
            #endif /* NO_RSA */
4756
0
                #ifdef HAVE_ECC
4757
0
                case ECDSAk:
4758
0
                    oid = keyEcdsaOid;
4759
0
                    *oidSz = sizeof(keyEcdsaOid);
4760
0
                    break;
4761
0
                #endif /* HAVE_ECC */
4762
0
                #ifdef HAVE_ED25519
4763
0
                case ED25519k:
4764
0
                    oid = keyEd25519Oid;
4765
0
                    *oidSz = sizeof(keyEd25519Oid);
4766
0
                    break;
4767
0
                #endif /* HAVE_ED25519 */
4768
0
                #ifdef HAVE_CURVE25519
4769
0
                case X25519k:
4770
0
                    oid = keyCurve25519Oid;
4771
0
                    *oidSz = sizeof(keyCurve25519Oid);
4772
0
                    break;
4773
0
                #endif /* HAVE_CURVE25519 */
4774
0
                #ifdef HAVE_ED448
4775
0
                case ED448k:
4776
0
                    oid = keyEd448Oid;
4777
0
                    *oidSz = sizeof(keyEd448Oid);
4778
0
                    break;
4779
0
                #endif /* HAVE_ED448 */
4780
0
                #ifdef HAVE_CURVE448
4781
0
                case X448k:
4782
0
                    oid = keyCurve448Oid;
4783
0
                    *oidSz = sizeof(keyCurve448Oid);
4784
0
                    break;
4785
0
                #endif /* HAVE_CURVE448 */
4786
0
                #ifndef NO_DH
4787
0
                case DHk:
4788
0
                    oid = keyDhOid;
4789
0
                    *oidSz = sizeof(keyDhOid);
4790
0
                    break;
4791
0
                #endif /* !NO_DH */
4792
                #ifdef HAVE_PQC
4793
                #ifdef HAVE_FALCON
4794
                case FALCON_LEVEL1k:
4795
                    oid = keyFalcon_Level1Oid;
4796
                    *oidSz = sizeof(keyFalcon_Level1Oid);
4797
                    break;
4798
                case FALCON_LEVEL5k:
4799
                    oid = keyFalcon_Level5Oid;
4800
                    *oidSz = sizeof(keyFalcon_Level5Oid);
4801
                    break;
4802
                #endif /* HAVE_FALCON */
4803
                #ifdef HAVE_DILITHIUM
4804
                case DILITHIUM_LEVEL2k:
4805
                    oid = keyDilithium_Level2Oid;
4806
                    *oidSz = sizeof(keyDilithium_Level2Oid);
4807
                    break;
4808
                case DILITHIUM_LEVEL3k:
4809
                    oid = keyDilithium_Level3Oid;
4810
                    *oidSz = sizeof(keyDilithium_Level3Oid);
4811
                    break;
4812
                case DILITHIUM_LEVEL5k:
4813
                    oid = keyDilithium_Level5Oid;
4814
                    *oidSz = sizeof(keyDilithium_Level5Oid);
4815
                    break;
4816
                #endif /* HAVE_DILITHIUM */
4817
                #ifdef HAVE_SPHINCS
4818
                case SPHINCS_FAST_LEVEL1k:
4819
                    oid = keySphincsFast_Level1Oid;
4820
                    *oidSz = sizeof(keySphincsFast_Level1Oid);
4821
                    break;
4822
                case SPHINCS_FAST_LEVEL3k:
4823
                    oid = keySphincsFast_Level3Oid;
4824
                    *oidSz = sizeof(keySphincsFast_Level3Oid);
4825
                    break;
4826
                case SPHINCS_FAST_LEVEL5k:
4827
                    oid = keySphincsFast_Level5Oid;
4828
                    *oidSz = sizeof(keySphincsFast_Level5Oid);
4829
                    break;
4830
                case SPHINCS_SMALL_LEVEL1k:
4831
                    oid = keySphincsSmall_Level1Oid;
4832
                    *oidSz = sizeof(keySphincsSmall_Level1Oid);
4833
                    break;
4834
                case SPHINCS_SMALL_LEVEL3k:
4835
                    oid = keySphincsSmall_Level3Oid;
4836
                    *oidSz = sizeof(keySphincsSmall_Level3Oid);
4837
                    break;
4838
                case SPHINCS_SMALL_LEVEL5k:
4839
                    oid = keySphincsSmall_Level5Oid;
4840
                    *oidSz = sizeof(keySphincsSmall_Level5Oid);
4841
                    break;
4842
                #endif /* HAVE_SPHINCS */
4843
                #endif /* HAVE_PQC */
4844
0
                default:
4845
0
                    break;
4846
0
            }
4847
0
            break;
4848
4849
0
        #ifdef HAVE_ECC
4850
0
        case oidCurveType:
4851
0
            if (wc_ecc_get_oid(id, &oid, oidSz) < 0) {
4852
0
                WOLFSSL_MSG("ECC OID not found");
4853
0
            }
4854
0
            break;
4855
0
        #endif /* HAVE_ECC */
4856
4857
0
        case oidBlkType:
4858
0
            switch (id) {
4859
0
    #ifdef HAVE_AES_CBC
4860
0
        #ifdef WOLFSSL_AES_128
4861
0
                case AES128CBCb:
4862
0
                    oid = blkAes128CbcOid;
4863
0
                    *oidSz = sizeof(blkAes128CbcOid);
4864
0
                    break;
4865
0
        #endif
4866
0
        #ifdef WOLFSSL_AES_192
4867
0
                case AES192CBCb:
4868
0
                    oid = blkAes192CbcOid;
4869
0
                    *oidSz = sizeof(blkAes192CbcOid);
4870
0
                    break;
4871
0
        #endif
4872
0
        #ifdef WOLFSSL_AES_256
4873
0
                case AES256CBCb:
4874
0
                    oid = blkAes256CbcOid;
4875
0
                    *oidSz = sizeof(blkAes256CbcOid);
4876
0
                    break;
4877
0
        #endif
4878
0
    #endif /* HAVE_AES_CBC */
4879
0
    #ifdef HAVE_AESGCM
4880
0
        #ifdef WOLFSSL_AES_128
4881
0
                case AES128GCMb:
4882
0
                    oid = blkAes128GcmOid;
4883
0
                    *oidSz = sizeof(blkAes128GcmOid);
4884
0
                    break;
4885
0
        #endif
4886
0
        #ifdef WOLFSSL_AES_192
4887
0
                case AES192GCMb:
4888
0
                    oid = blkAes192GcmOid;
4889
0
                    *oidSz = sizeof(blkAes192GcmOid);
4890
0
                    break;
4891
0
        #endif
4892
0
        #ifdef WOLFSSL_AES_256
4893
0
                case AES256GCMb:
4894
0
                    oid = blkAes256GcmOid;
4895
0
                    *oidSz = sizeof(blkAes256GcmOid);
4896
0
                    break;
4897
0
        #endif
4898
0
    #endif /* HAVE_AESGCM */
4899
0
    #ifdef HAVE_AESCCM
4900
0
        #ifdef WOLFSSL_AES_128
4901
0
                case AES128CCMb:
4902
0
                    oid = blkAes128CcmOid;
4903
0
                    *oidSz = sizeof(blkAes128CcmOid);
4904
0
                    break;
4905
0
        #endif
4906
0
        #ifdef WOLFSSL_AES_192
4907
0
                case AES192CCMb:
4908
0
                    oid = blkAes192CcmOid;
4909
0
                    *oidSz = sizeof(blkAes192CcmOid);
4910
0
                    break;
4911
0
        #endif
4912
0
        #ifdef WOLFSSL_AES_256
4913
0
                case AES256CCMb:
4914
0
                    oid = blkAes256CcmOid;
4915
0
                    *oidSz = sizeof(blkAes256CcmOid);
4916
0
                    break;
4917
0
        #endif
4918
0
    #endif /* HAVE_AESCCM */
4919
0
    #ifndef NO_DES3
4920
0
                case DESb:
4921
0
                    oid = blkDesCbcOid;
4922
0
                    *oidSz = sizeof(blkDesCbcOid);
4923
0
                    break;
4924
0
                case DES3b:
4925
0
                    oid = blkDes3CbcOid;
4926
0
                    *oidSz = sizeof(blkDes3CbcOid);
4927
0
                    break;
4928
0
    #endif /* !NO_DES3 */
4929
0
                default:
4930
0
                    break;
4931
0
            }
4932
0
            break;
4933
4934
        #ifdef HAVE_OCSP
4935
        case oidOcspType:
4936
            switch (id) {
4937
                case OCSP_BASIC_OID:
4938
                    oid = ocspBasicOid;
4939
                    *oidSz = sizeof(ocspBasicOid);
4940
                    break;
4941
                case OCSP_NONCE_OID:
4942
                    oid = ocspNonceOid;
4943
                    *oidSz = sizeof(ocspNonceOid);
4944
                    break;
4945
                default:
4946
                    break;
4947
            }
4948
            break;
4949
        #endif /* HAVE_OCSP */
4950
4951
0
        case oidCertExtType:
4952
0
            switch (id) {
4953
0
                case BASIC_CA_OID:
4954
0
                    oid = extBasicCaOid;
4955
0
                    *oidSz = sizeof(extBasicCaOid);
4956
0
                    break;
4957
0
                case ALT_NAMES_OID:
4958
0
                    oid = extAltNamesOid;
4959
0
                    *oidSz = sizeof(extAltNamesOid);
4960
0
                    break;
4961
0
                case CRL_DIST_OID:
4962
0
                    oid = extCrlDistOid;
4963
0
                    *oidSz = sizeof(extCrlDistOid);
4964
0
                    break;
4965
0
                case AUTH_INFO_OID:
4966
0
                    oid = extAuthInfoOid;
4967
0
                    *oidSz = sizeof(extAuthInfoOid);
4968
0
                    break;
4969
0
                case AUTH_KEY_OID:
4970
0
                    oid = extAuthKeyOid;
4971
0
                    *oidSz = sizeof(extAuthKeyOid);
4972
0
                    break;
4973
0
                case SUBJ_KEY_OID:
4974
0
                    oid = extSubjKeyOid;
4975
0
                    *oidSz = sizeof(extSubjKeyOid);
4976
0
                    break;
4977
0
                case CERT_POLICY_OID:
4978
0
                    oid = extCertPolicyOid;
4979
0
                    *oidSz = sizeof(extCertPolicyOid);
4980
0
                    break;
4981
0
                case KEY_USAGE_OID:
4982
0
                    oid = extKeyUsageOid;
4983
0
                    *oidSz = sizeof(extKeyUsageOid);
4984
0
                    break;
4985
0
                case INHIBIT_ANY_OID:
4986
0
                    oid = extInhibitAnyOid;
4987
0
                    *oidSz = sizeof(extInhibitAnyOid);
4988
0
                    break;
4989
0
                case EXT_KEY_USAGE_OID:
4990
0
                    oid = extExtKeyUsageOid;
4991
0
                    *oidSz = sizeof(extExtKeyUsageOid);
4992
0
                    break;
4993
0
            #ifndef IGNORE_NAME_CONSTRAINTS
4994
0
                case NAME_CONS_OID:
4995
0
                    oid = extNameConsOid;
4996
0
                    *oidSz = sizeof(extNameConsOid);
4997
0
                    break;
4998
0
            #endif
4999
            #ifdef HAVE_OCSP
5000
                case OCSP_NOCHECK_OID:
5001
                    oid = ocspNoCheckOid;
5002
                    *oidSz = sizeof(ocspNoCheckOid);
5003
                    break;
5004
            #endif
5005
            #ifdef WOLFSSL_SUBJ_DIR_ATTR
5006
                case SUBJ_DIR_ATTR_OID:
5007
                    oid = extSubjDirAttrOid;
5008
                    *oidSz = sizeof(extSubjDirAttrOid);
5009
                    break;
5010
            #endif
5011
            #ifdef WOLFSSL_SUBJ_INFO_ACC
5012
                case SUBJ_INFO_ACC_OID:
5013
                    oid = extSubjInfoAccessOid;
5014
                    *oidSz = sizeof(extSubjInfoAccessOid);
5015
                    break;
5016
            #endif
5017
0
                default:
5018
0
                    break;
5019
0
            }
5020
0
            break;
5021
5022
0
        case oidCrlExtType:
5023
            #ifdef HAVE_CRL
5024
            switch (id) {
5025
                case AUTH_KEY_OID:
5026
                    oid = extAuthKeyOid;
5027
                    *oidSz = sizeof(extAuthKeyOid);
5028
                    break;
5029
                case CRL_NUMBER_OID:
5030
                    oid = extCrlNumberOid;
5031
                    *oidSz = sizeof(extCrlNumberOid);
5032
                    break;
5033
                default:
5034
                    break;
5035
            }
5036
            #endif
5037
0
            break;
5038
5039
0
        case oidCertAuthInfoType:
5040
0
            switch (id) {
5041
0
                case AIA_OCSP_OID:
5042
0
                    oid = extAuthInfoOcspOid;
5043
0
                    *oidSz = sizeof(extAuthInfoOcspOid);
5044
0
                    break;
5045
0
                case AIA_CA_ISSUER_OID:
5046
0
                    oid = extAuthInfoCaIssuerOid;
5047
0
                    *oidSz = sizeof(extAuthInfoCaIssuerOid);
5048
0
                    break;
5049
                #ifdef WOLFSSL_SUBJ_INFO_ACC
5050
                case AIA_CA_REPO_OID:
5051
                    oid = extAuthInfoCaRespOid;
5052
                    *oidSz = sizeof(extAuthInfoCaRespOid);
5053
                    break;
5054
                #endif /* WOLFSSL_SUBJ_INFO_ACC */
5055
0
                default:
5056
0
                    break;
5057
0
            }
5058
0
            break;
5059
5060
0
        case oidCertPolicyType:
5061
0
            switch (id) {
5062
0
                case CP_ANY_OID:
5063
0
                    oid = extCertPolicyAnyOid;
5064
0
                    *oidSz = sizeof(extCertPolicyAnyOid);
5065
0
                    break;
5066
                #if defined(WOLFSSL_FPKI)
5067
                case CP_FPKI_COMMON_AUTH_OID:
5068
                    oid = extCertPolicyFpkiCommonAuthOid;
5069
                    *oidSz = sizeof(extCertPolicyFpkiCommonAuthOid);
5070
                    break;
5071
                case CP_FPKI_PIV_AUTH_OID:
5072
                    oid = extCertPolicyFpkiPivAuthOid;
5073
                    *oidSz = sizeof(extCertPolicyFpkiPivAuthOid);
5074
                    break;
5075
                case CP_FPKI_PIV_AUTH_HW_OID: /* collision with AES256CBCb */
5076
                    oid = extCertPolicyFpkiPivAuthHwOid;
5077
                    *oidSz = sizeof(extCertPolicyFpkiPivAuthHwOid);
5078
                    break;
5079
                case CP_FPKI_PIVI_AUTH_OID:
5080
                    oid = extCertPolicyFpkiPiviAuthOid;
5081
                    *oidSz = sizeof(extCertPolicyFpkiPiviAuthOid);
5082
                    break;
5083
                #endif /* WOLFSSL_FPKI */
5084
0
                default:
5085
0
                    break;
5086
0
            }
5087
0
            break;
5088
5089
0
        case oidCertAltNameType:
5090
0
            switch (id) {
5091
0
                case HW_NAME_OID:
5092
0
                    oid = extAltNamesHwNameOid;
5093
0
                    *oidSz = sizeof(extAltNamesHwNameOid);
5094
0
                    break;
5095
0
                default:
5096
0
                    break;
5097
0
            }
5098
0
            break;
5099
5100
0
        case oidCertKeyUseType:
5101
0
            switch (id) {
5102
0
                case EKU_ANY_OID:
5103
0
                    oid = extExtKeyUsageAnyOid;
5104
0
                    *oidSz = sizeof(extExtKeyUsageAnyOid);
5105
0
                    break;
5106
0
                case EKU_SERVER_AUTH_OID:
5107
0
                    oid = extExtKeyUsageServerAuthOid;
5108
0
                    *oidSz = sizeof(extExtKeyUsageServerAuthOid);
5109
0
                    break;
5110
0
                case EKU_CLIENT_AUTH_OID:
5111
0
                    oid = extExtKeyUsageClientAuthOid;
5112
0
                    *oidSz = sizeof(extExtKeyUsageClientAuthOid);
5113
0
                    break;
5114
0
                case EKU_CODESIGNING_OID:
5115
0
                    oid = extExtKeyUsageCodeSigningOid;
5116
0
                    *oidSz = sizeof(extExtKeyUsageCodeSigningOid);
5117
0
                    break;
5118
0
                case EKU_EMAILPROTECT_OID:
5119
0
                    oid = extExtKeyUsageEmailProtectOid;
5120
0
                    *oidSz = sizeof(extExtKeyUsageEmailProtectOid);
5121
0
                    break;
5122
0
                case EKU_TIMESTAMP_OID:
5123
0
                    oid = extExtKeyUsageTimestampOid;
5124
0
                    *oidSz = sizeof(extExtKeyUsageTimestampOid);
5125
0
                    break;
5126
0
                case EKU_OCSP_SIGN_OID:
5127
0
                    oid = extExtKeyUsageOcspSignOid;
5128
0
                    *oidSz = sizeof(extExtKeyUsageOcspSignOid);
5129
0
                    break;
5130
                #ifdef WOLFSSL_WOLFSSH
5131
                case EKU_SSH_CLIENT_AUTH_OID:
5132
                    oid = extExtKeyUsageSshClientAuthOid;
5133
                    *oidSz = sizeof(extExtKeyUsageSshClientAuthOid);
5134
                    break;
5135
                case EKU_SSH_MSCL_OID:
5136
                    oid = extExtKeyUsageSshMSCLOid;
5137
                    *oidSz = sizeof(extExtKeyUsageSshMSCLOid);
5138
                    break;
5139
                case EKU_SSH_KP_CLIENT_AUTH_OID:
5140
                    oid = extExtKeyUsageSshKpClientAuthOid;
5141
                    *oidSz = sizeof(extExtKeyUsageSshKpClientAuthOid);
5142
                    break;
5143
                #endif /* WOLFSSL_WOLFSSH */
5144
0
                default:
5145
0
                    break;
5146
0
            }
5147
0
            break;
5148
5149
0
        case oidKdfType:
5150
0
            switch (id) {
5151
0
                case PBKDF2_OID:
5152
0
                    oid = pbkdf2Oid;
5153
0
                    *oidSz = sizeof(pbkdf2Oid);
5154
0
                    break;
5155
0
                default:
5156
0
                    break;
5157
0
            }
5158
0
            break;
5159
5160
0
        case oidPBEType:
5161
0
            switch (id) {
5162
0
        #if !defined(NO_SHA) && !defined(NO_RC4)
5163
0
                case PBE_SHA1_RC4_128_SUM:
5164
0
                case PBE_SHA1_RC4_128:
5165
0
                    oid = pbeSha1RC4128;
5166
0
                    *oidSz = sizeof(pbeSha1RC4128);
5167
0
                    break;
5168
0
        #endif
5169
0
        #if !defined(NO_MD5) && !defined(NO_DES3)
5170
0
                case PBE_MD5_DES_SUM:
5171
0
                case PBE_MD5_DES:
5172
0
                    oid = pbeMd5Des;
5173
0
                    *oidSz = sizeof(pbeMd5Des);
5174
0
                    break;
5175
5176
0
        #endif
5177
0
        #if !defined(NO_SHA) && !defined(NO_DES3)
5178
0
                case PBE_SHA1_DES_SUM:
5179
0
                case PBE_SHA1_DES:
5180
0
                    oid = pbeSha1Des;
5181
0
                    *oidSz = sizeof(pbeSha1Des);
5182
0
                    break;
5183
5184
0
        #endif
5185
0
        #if !defined(NO_SHA) && !defined(NO_DES3)
5186
0
                case PBE_SHA1_DES3_SUM:
5187
0
                case PBE_SHA1_DES3:
5188
0
                    oid = pbeSha1Des3;
5189
0
                    *oidSz = sizeof(pbeSha1Des3);
5190
0
                    break;
5191
0
        #endif
5192
        #if !defined(NO_SHA) && defined(WC_RC2)
5193
                case PBE_SHA1_40RC2_CBC_SUM:
5194
                case PBE_SHA1_40RC2_CBC:
5195
                    oid = pbe40Rc2Cbc;
5196
                    *oidSz = sizeof(pbe40Rc2Cbc);
5197
                    break;
5198
        #endif
5199
0
                case PBES2_SUM:
5200
0
                case PBES2:
5201
0
                    oid = pbes2;
5202
0
                    *oidSz = sizeof(pbes2);
5203
0
                    break;
5204
0
                default:
5205
0
                    break;
5206
0
            }
5207
0
            break;
5208
5209
0
        case oidKeyWrapType:
5210
0
            switch (id) {
5211
0
            #ifdef WOLFSSL_AES_128
5212
0
                case AES128_WRAP:
5213
0
                    oid = wrapAes128Oid;
5214
0
                    *oidSz = sizeof(wrapAes128Oid);
5215
0
                    break;
5216
0
            #endif
5217
0
            #ifdef WOLFSSL_AES_192
5218
0
                case AES192_WRAP:
5219
0
                    oid = wrapAes192Oid;
5220
0
                    *oidSz = sizeof(wrapAes192Oid);
5221
0
                    break;
5222
0
            #endif
5223
0
            #ifdef WOLFSSL_AES_256
5224
0
                case AES256_WRAP:
5225
0
                    oid = wrapAes256Oid;
5226
0
                    *oidSz = sizeof(wrapAes256Oid);
5227
0
                    break;
5228
0
            #endif
5229
            #ifdef HAVE_PKCS7
5230
                case PWRI_KEK_WRAP:
5231
                    oid = wrapPwriKekOid;
5232
                    *oidSz = sizeof(wrapPwriKekOid);
5233
                    break;
5234
            #endif
5235
0
                default:
5236
0
                    break;
5237
0
            }
5238
0
            break;
5239
5240
0
        case oidCmsKeyAgreeType:
5241
0
            switch (id) {
5242
0
            #ifndef NO_SHA
5243
0
                case dhSinglePass_stdDH_sha1kdf_scheme:
5244
0
                    oid = dhSinglePass_stdDH_sha1kdf_Oid;
5245
0
                    *oidSz = sizeof(dhSinglePass_stdDH_sha1kdf_Oid);
5246
0
                    break;
5247
0
            #endif
5248
0
            #ifdef WOLFSSL_SHA224
5249
0
                case dhSinglePass_stdDH_sha224kdf_scheme:
5250
0
                    oid = dhSinglePass_stdDH_sha224kdf_Oid;
5251
0
                    *oidSz = sizeof(dhSinglePass_stdDH_sha224kdf_Oid);
5252
0
                    break;
5253
0
            #endif
5254
0
            #ifndef NO_SHA256
5255
0
                case dhSinglePass_stdDH_sha256kdf_scheme:
5256
0
                    oid = dhSinglePass_stdDH_sha256kdf_Oid;
5257
0
                    *oidSz = sizeof(dhSinglePass_stdDH_sha256kdf_Oid);
5258
0
                    break;
5259
0
            #endif
5260
0
            #ifdef WOLFSSL_SHA384
5261
0
                case dhSinglePass_stdDH_sha384kdf_scheme:
5262
0
                    oid = dhSinglePass_stdDH_sha384kdf_Oid;
5263
0
                    *oidSz = sizeof(dhSinglePass_stdDH_sha384kdf_Oid);
5264
0
                    break;
5265
0
            #endif
5266
0
            #ifdef WOLFSSL_SHA512
5267
0
                case dhSinglePass_stdDH_sha512kdf_scheme:
5268
0
                    oid = dhSinglePass_stdDH_sha512kdf_Oid;
5269
0
                    *oidSz = sizeof(dhSinglePass_stdDH_sha512kdf_Oid);
5270
0
                    break;
5271
0
            #endif
5272
0
                default:
5273
0
                    break;
5274
0
            }
5275
0
            break;
5276
5277
0
#ifndef NO_HMAC
5278
0
        case oidHmacType:
5279
0
            switch (id) {
5280
0
        #ifdef WOLFSSL_SHA224
5281
0
                case HMAC_SHA224_OID:
5282
0
                    oid = hmacSha224Oid;
5283
0
                    *oidSz = sizeof(hmacSha224Oid);
5284
0
                    break;
5285
0
        #endif
5286
0
        #ifndef NO_SHA256
5287
0
                case HMAC_SHA256_OID:
5288
0
                    oid = hmacSha256Oid;
5289
0
                    *oidSz = sizeof(hmacSha256Oid);
5290
0
                    break;
5291
0
        #endif
5292
0
        #ifdef WOLFSSL_SHA384
5293
0
                case HMAC_SHA384_OID:
5294
0
                    oid = hmacSha384Oid;