25#ifndef BR_BEARSSL_X509_H__ 
   26#define BR_BEARSSL_X509_H__ 
  130#define BR_ERR_X509_OK                    32 
  133#define BR_ERR_X509_INVALID_VALUE         33 
  136#define BR_ERR_X509_TRUNCATED             34 
  139#define BR_ERR_X509_EMPTY_CHAIN           35 
  143#define BR_ERR_X509_INNER_TRUNC           36 
  147#define BR_ERR_X509_BAD_TAG_CLASS         37 
  150#define BR_ERR_X509_BAD_TAG_VALUE         38 
  153#define BR_ERR_X509_INDEFINITE_LENGTH     39 
  156#define BR_ERR_X509_EXTRA_ELEMENT         40 
  159#define BR_ERR_X509_UNEXPECTED            41 
  163#define BR_ERR_X509_NOT_CONSTRUCTED       42 
  167#define BR_ERR_X509_NOT_PRIMITIVE         43 
  171#define BR_ERR_X509_PARTIAL_BYTE          44 
  174#define BR_ERR_X509_BAD_BOOLEAN           45 
  177#define BR_ERR_X509_OVERFLOW              46 
  180#define BR_ERR_X509_BAD_DN                47 
  183#define BR_ERR_X509_BAD_TIME              48 
  187#define BR_ERR_X509_UNSUPPORTED           49 
  190#define BR_ERR_X509_LIMIT_EXCEEDED        50 
  193#define BR_ERR_X509_WRONG_KEY_TYPE        51 
  196#define BR_ERR_X509_BAD_SIGNATURE         52 
  199#define BR_ERR_X509_TIME_UNKNOWN          53 
  202#define BR_ERR_X509_EXPIRED               54 
  205#define BR_ERR_X509_DN_MISMATCH           55 
  208#define BR_ERR_X509_BAD_SERVER_NAME       56 
  211#define BR_ERR_X509_CRITICAL_EXTENSION    57 
  214#define BR_ERR_X509_NOT_CA                58 
  217#define BR_ERR_X509_FORBIDDEN_KEY_USAGE   59 
  220#define BR_ERR_X509_WEAK_PUBLIC_KEY       60 
  223#define BR_ERR_X509_NOT_TRUSTED           62 
  271#define BR_X509_TA_CA        0x0001 
  284#define BR_KEYTYPE_RSA    1 
  286#define BR_KEYTYPE_EC     2 
  297#define BR_KEYTYPE_KEYX   0x10 
  307#define BR_KEYTYPE_SIGN   0x20 
  391                const char *server_name);
 
  399        void (*
start_cert)(
const br_x509_class **ctx, uint32_t length);
 
  417        void (*
append)(
const br_x509_class **ctx,
 
  418                const unsigned char *buf, 
size_t len);
 
  467                const br_x509_class *
const *ctx, 
unsigned *usages);
 
 
  482#ifndef BR_DOXYGEN_IGNORE 
 
  525#ifndef BR_DOXYGEN_IGNORE 
  554#define BR_X509_BUFSIZE_KEY   520 
  555#define BR_X509_BUFSIZE_SIG   512 
  640#ifndef BR_DOXYGEN_IGNORE 
  648                const unsigned char *ip;
 
  650        uint32_t dp_stack[32];
 
  651        uint32_t rp_stack[32];
 
  655        const char *server_name;
 
  658        unsigned char key_usages;
 
  661        uint32_t days, seconds;
 
  665        uint32_t cert_length;
 
  673        const unsigned char *hbuf;
 
  677        unsigned char pad[256];
 
  680        unsigned char ee_pkey_data[BR_X509_BUFSIZE_KEY];
 
  683        unsigned char pkey_data[BR_X509_BUFSIZE_KEY];
 
  688        unsigned char cert_signer_key_type;
 
  689        uint16_t cert_sig_hash_oid;
 
  690        unsigned char cert_sig_hash_len;
 
  693        unsigned char cert_sig[BR_X509_BUFSIZE_SIG];
 
  694        uint16_t cert_sig_len;
 
  697        int16_t min_rsa_size;
 
  701        size_t trust_anchors_num;
 
  706        unsigned char do_mhash;
 
  708        unsigned char tbs_hash[64];
 
  713        unsigned char do_dn_hash;
 
  714        const br_hash_class *dn_hash_impl;
 
  716        unsigned char current_dn_hash[64];
 
  717        unsigned char next_dn_hash[64];
 
  718        unsigned char saved_dn_hash[64];
 
  724        size_t num_name_elts;
 
 
  758        const br_hash_class *dn_hash_impl,
 
  780        int id, 
const br_hash_class *impl)
 
 
  825        ctx->iecdsa = iecdsa;
 
 
  870        uint32_t days, uint32_t seconds)
 
  873        ctx->seconds = seconds;
 
 
  892        ctx->min_rsa_size = (int16_t)(byte_length - 128);
 
 
  911        ctx->name_elts = elts;
 
  912        ctx->num_name_elts = num_elts;
 
 
  926#ifndef BR_DOXYGEN_IGNORE 
  934                const unsigned char *ip;
 
  936        uint32_t dp_stack[32];
 
  937        uint32_t rp_stack[32];
 
  941        unsigned char pad[256];
 
  944        unsigned char decoded;
 
  947        uint32_t notbefore_days, notbefore_seconds;
 
  948        uint32_t notafter_days, notafter_seconds;
 
  956        unsigned char copy_dn;
 
  958        void (*append_dn)(
void *ctx, 
const void *buf, 
size_t len);
 
  961        const unsigned char *hbuf;
 
  965        unsigned char pkey_data[BR_X509_BUFSIZE_KEY];
 
  968        unsigned char signer_key_type;
 
  969        unsigned char signer_hash_id;
 
 
  988        void (*append_dn)(
void *ctx, 
const void *buf, 
size_t len),
 
  989        void *append_dn_ctx);
 
 1002        const void *data, 
size_t len);
 
 1019        if (ctx->decoded && ctx->err == 0) {
 
 
 1039        if (ctx->err != 0) {
 
 1042        if (!ctx->decoded) {
 
 
 1077        return ctx->signer_key_type;
 
 
 1092        return ctx->signer_hash_id;
 
 
 1115#ifndef BR_DOXYGEN_IGNORE 
 1126                const unsigned char *ip;
 
 1128        uint32_t dp_stack[32];
 
 1129        uint32_t rp_stack[32];
 
 1133        const unsigned char *hbuf;
 
 1137        unsigned char pad[256];
 
 1140        unsigned char key_type;
 
 1145        unsigned char key_data[3 * BR_X509_BUFSIZE_SIG];
 
 
 1167        const void *data, 
size_t len);
 
 1182        if (ctx->err != 0) {
 
 1185        if (ctx->key_type == 0) {
 
 
 1203        if (ctx->err == 0) {
 
 1204                return ctx->key_type;
 
 
 1225                return &ctx->key.rsa;
 
 
 1246                return &ctx->key.ec;
 
 
 1381#define BR_ENCODE_PEM_RSA_RAW      "RSA PRIVATE KEY" 
 1386#define BR_ENCODE_PEM_EC_RAW       "EC PRIVATE KEY" 
 1391#define BR_ENCODE_PEM_PKCS8        "PRIVATE KEY" 
Type for an EC implementation.
Definition bearssl_ec.h:270
Structure for an EC private key.
Definition bearssl_ec.h:258
Structure for an EC public key.
Definition bearssl_ec.h:241
Multi-hasher context structure.
Definition bearssl_hash.h:1107
Type for receiving a name element.
Definition bearssl_x509.h:571
int status
Decoding status.
Definition bearssl_x509.h:624
size_t len
Length (in bytes) of the destination buffer.
Definition bearssl_x509.h:614
char * buf
Destination buffer.
Definition bearssl_x509.h:607
const unsigned char * oid
Element OID.
Definition bearssl_x509.h:602
RSA private key.
Definition bearssl_rsa.h:181
RSA public key.
Definition bearssl_rsa.h:161
Private key decoder context.
Definition bearssl_x509.h:1114
Distinguished Name (X.500) structure.
Definition bearssl_x509.h:245
unsigned char * data
Encoded DN data.
Definition bearssl_x509.h:247
size_t len
Encoded DN length (in bytes).
Definition bearssl_x509.h:249
Type for an X.509 certificate (DER-encoded).
Definition bearssl_x509.h:1098
unsigned char * data
The DER-encoded certificate data.
Definition bearssl_x509.h:1100
size_t data_len
The DER-encoded certificate length (in bytes).
Definition bearssl_x509.h:1102
Class type for an X.509 engine.
Definition bearssl_x509.h:369
void(* end_cert)(const br_x509_class **ctx)
Finish the current certificate.
Definition bearssl_x509.h:428
void(* append)(const br_x509_class **ctx, const unsigned char *buf, size_t len)
Receive some bytes for the current certificate.
Definition bearssl_x509.h:417
void(* start_cert)(const br_x509_class **ctx, uint32_t length)
Start a new certificate.
Definition bearssl_x509.h:399
unsigned(* end_chain)(const br_x509_class **ctx)
Finish the chain.
Definition bearssl_x509.h:441
size_t context_size
X.509 context size, in bytes.
Definition bearssl_x509.h:373
void(* start_chain)(const br_x509_class **ctx, const char *server_name)
Start a new chain.
Definition bearssl_x509.h:390
X.509 decoder context.
Definition bearssl_x509.h:924
The "known key" X.509 engine structure.
Definition bearssl_x509.h:479
const br_x509_class * vtable
Reference to the context vtable.
Definition bearssl_x509.h:481
The "minimal" X.509 engine structure.
Definition bearssl_x509.h:637
const br_x509_class * vtable
Definition bearssl_x509.h:638
Aggregate structure for public keys.
Definition bearssl_x509.h:228
br_ec_public_key ec
EC public key.
Definition bearssl_x509.h:236
br_rsa_public_key rsa
RSA public key.
Definition bearssl_x509.h:234
unsigned char key_type
Key type: BR_KEYTYPE_RSA or BR_KEYTYPE_EC
Definition bearssl_x509.h:230
Trust anchor structure.
Definition bearssl_x509.h:255
unsigned flags
Anchor flags (e.g. BR_X509_TA_CA).
Definition bearssl_x509.h:259
br_x509_pkey pkey
Anchor public key.
Definition bearssl_x509.h:261
br_x500_name dn
Encoded DN (X.500 name).
Definition bearssl_x509.h:257
Aggregate context for configurable hash function support.
Definition bearssl_hash.h:1077