RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-18 16:55:07 +00:00
Code Issues Activity Actions

LibCrypto+LibTLS: Generalise the use of IV length

Browse source 
This is in preparation for the upcoming Galois/Counter mode, which
conventionally has 12 bytes of IV as opposed to CBC's 16 bytes.

...Also fixes a lot of style issues, since the author finally found the
project's clang config file in the repository root :^)
This commit is contained in:
AnotherTest 2020-04-23 02:53:11 +04:30 committed by Andreas Kling
parent 7384d58a0a
commit a1e1570552
7 changed files with 3110 additions and 3060 deletions
Download patch file Download diff file Expand all files Collapse all files

64
Libraries/LibCrypto/Cipher/AES.cpp
View file

@ -30,37 +30,37 @@
namespace Crypto {
namespace Cipher {
template <typename T>
constexpr u32 get_key(T pt)
{
template<typename T>
constexpr u32 get_key(T pt)
{
return ((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]);
}
}
constexpr void swap_keys(u32* keys, size_t i, size_t j)
{
constexpr void swap_keys(u32* keys, size_t i, size_t j)
{
u32 temp = keys[i];
keys[i] = keys[j];
keys[j] = temp;
}
}
String AESCipherBlock::to_string() const
{
String AESCipherBlock::to_string() const
{
StringBuilder builder;
for (size_t i = 0; i < BLOCK_SIZE / 8; ++i)
for (size_t i = 0; i < BlockSizeInBits / 8; ++i)
builder.appendf("%02x", m_data[i]);
return builder.build();
}
}
String AESCipherKey::to_string() const
{
String AESCipherKey::to_string() const
{
StringBuilder builder;
for (size_t i = 0; i < (rounds() + 1) * 4; ++i)
builder.appendf("%02x", m_rd_keys[i]);
return builder.build();
}
}
void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits)
{
void AESCipherKey::expand_encrypt_key(const ByteBuffer& user_key, size_t bits)
{
u32* round_key;
u32 temp;
size_t i { 0 };
@ -167,10 +167,10 @@ namespace Cipher {
}
return;
}
}
}
void AESCipherKey::expand_decrypt_key(const ByteBuffer& user_key, size_t bits)
{
void AESCipherKey::expand_decrypt_key(const ByteBuffer& user_key, size_t bits)
{
u32* round_key;
expand_encrypt_key(user_key, bits);
@ -211,10 +211,10 @@ namespace Cipher {
AESTables::Decode3[AESTables::Encode1[(round_key[3] ) & 0xff] & 0xff] ;
// clang-format on
}
}
}
void AESCipher::encrypt_block(const AESCipherBlock& in, AESCipherBlock& out)
{
void AESCipher::encrypt_block(const AESCipherBlock& in, AESCipherBlock& out)
{
u32 s0, s1, s2, s3, t0, t1, t2, t3;
size_t r { 0 };
@ -303,10 +303,10 @@ namespace Cipher {
(AESTables::Encode1[(t2 ) & 0xff] & 0x000000ff) ^ round_keys[3];
out.put(12, s3);
// clang-format on
}
}
void AESCipher::decrypt_block(const AESCipherBlock& in, AESCipherBlock& out)
{
void AESCipher::decrypt_block(const AESCipherBlock& in, AESCipherBlock& out)
{
u32 s0, s1, s2, s3, t0, t1, t2, t3;
size_t r { 0 };
@ -393,15 +393,15 @@ namespace Cipher {
((u32)AESTables::Decode4[(t0 ) & 0xff] ) ^ round_keys[3];
out.put(12, s3);
// clang-format on
}
}
void AESCipherBlock::overwrite(const ByteBuffer& buffer)
{
void AESCipherBlock::overwrite(const ByteBuffer& buffer)
{
overwrite(buffer.data(), buffer.size());
}
}
void AESCipherBlock::overwrite(const u8* data, size_t length)
{
void AESCipherBlock::overwrite(const u8* data, size_t length)
{
ASSERT(length <= m_data.size());
m_data.overwrite(0, data, length);
if (length < m_data.size()) {
@ -424,7 +424,7 @@ namespace Cipher {
break;
}
}
}
}
}
}

84
Libraries/LibCrypto/Cipher/AES.h
View file

@ -33,12 +33,14 @@
namespace Crypto {
namespace Cipher {
struct AESCipherBlock : public CipherBlock {
public:
struct AESCipherBlock : public CipherBlock {
public:
static constexpr size_t BlockSizeInBits = 128;
explicit AESCipherBlock(PaddingMode mode = PaddingMode::CMS)
: CipherBlock(mode)
{
m_data = ByteBuffer::create_zeroed(BLOCK_SIZE / 8);
m_data = ByteBuffer::create_zeroed(BlockSizeInBits / 8);
}
AESCipherBlock(const u8* data, size_t length, PaddingMode mode = PaddingMode::CMS)
: AESCipherBlock(mode)
@ -46,7 +48,7 @@ namespace Cipher {
overwrite(data, length);
}
static size_t block_size() { return BLOCK_SIZE / 8; };
static size_t block_size() { return BlockSizeInBits / 8; };
virtual ByteBuffer get() const override { return m_data; };
virtual const ByteBuffer& data() const override { return m_data; };
@ -62,14 +64,12 @@ namespace Cipher {
String to_string() const;
private:
private:
virtual ByteBuffer& data() override { return m_data; };
static constexpr size_t BLOCK_SIZE = 128;
ByteBuffer m_data;
};
};
struct AESCipherKey : public CipherKey {
struct AESCipherKey : public CipherKey {
virtual ByteBuffer data() const override { return ByteBuffer::copy(m_rd_keys, sizeof(m_rd_keys)); };
virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) override;
virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) override;
@ -94,23 +94,25 @@ namespace Cipher {
size_t rounds() const { return m_rounds; }
size_t length() const { return m_bits / 8; }
protected:
protected:
u32* round_keys()
{
return (u32*)m_rd_keys;
}
private:
private:
static constexpr size_t MAX_ROUND_COUNT = 14;
u32 m_rd_keys[(MAX_ROUND_COUNT + 1) * 4] { 0 };
size_t m_rounds;
size_t m_bits;
};
};
class AESCipher final : public Cipher<AESCipherKey, AESCipherBlock> {
public:
class AESCipher final : public Cipher<AESCipherKey, AESCipherBlock> {
public:
using CBCMode = CBC<AESCipher>;
constexpr static size_t BlockSizeInBits = BlockType::BlockSizeInBits;
AESCipher(const ByteBuffer& user_key, size_t key_bits, Intent intent = Intent::Encryption, PaddingMode mode = PaddingMode::CMS)
: Cipher<AESCipherKey, AESCipherBlock>(mode)
, m_key(user_key, key_bits, intent)
@ -125,13 +127,13 @@ namespace Cipher {
virtual String class_name() const override { return "AES"; }
protected:
protected:
AESCipherKey m_key;
};
};
namespace AESTables {
// Encryption constant tables
constexpr u32 Encode0[256] = {
namespace AESTables {
// Encryption constant tables
constexpr u32 Encode0[256] = {
0xc66363a5U,
0xf87c7c84U,
0xee777799U,
@ -388,8 +390,8 @@ namespace Cipher {
0xa85454fcU,
0x6dbbbbd6U,
0x2c16163aU,
};
constexpr u32 Encode1[256] = {
};
constexpr u32 Encode1[256] = {
0xa5c66363U,
0x84f87c7cU,
0x99ee7777U,
@ -646,8 +648,8 @@ namespace Cipher {
0xfca85454U,
0xd66dbbbbU,
0x3a2c1616U,
};
constexpr u32 Encode2[256] = {
};
constexpr u32 Encode2[256] = {
0x63a5c663U,
0x7c84f87cU,
0x7799ee77U,
@ -904,8 +906,8 @@ namespace Cipher {
0x54fca854U,
0xbbd66dbbU,
0x163a2c16U,
};
constexpr u32 Encode3[256] = {
};
constexpr u32 Encode3[256] = {
0x6363a5c6U,
0x7c7c84f8U,
0x777799eeU,
@ -1162,10 +1164,10 @@ namespace Cipher {
0x5454fca8U,
0xbbbbd66dU,
0x16163a2cU,
};
};
// Decryption constant tables
constexpr u32 Decode0[256] = {
// Decryption constant tables
constexpr u32 Decode0[256] = {
0x51f4a750U,
0x7e416553U,
0x1a17a4c3U,
@ -1422,8 +1424,8 @@ namespace Cipher {
0xd532b670U,
0x486c5c74U,
0xd0b85742U,
};
constexpr u32 Decode1[256] = {
};
constexpr u32 Decode1[256] = {
0x5051f4a7U,
0x537e4165U,
0xc31a17a4U,
@ -1680,8 +1682,8 @@ namespace Cipher {
0x70d532b6U,
0x74486c5cU,
0x42d0b857U,
};
constexpr u32 Decode2[256] = {
};
constexpr u32 Decode2[256] = {
0xa75051f4U,
0x65537e41U,
0xa4c31a17U,
@ -1938,8 +1940,8 @@ namespace Cipher {
0xb670d532U,
0x5c74486cU,
0x5742d0b8U,
};
constexpr u32 Decode3[256] = {
};
constexpr u32 Decode3[256] = {
0xf4a75051U,
0x4165537eU,
0x17a4c31aU,
@ -2196,8 +2198,8 @@ namespace Cipher {
0x32b670d5U,
0x6c5c7448U,
0xb85742d0U,
};
constexpr u8 Decode4[256] = {
};
constexpr u8 Decode4[256] = {
0x52U,
0x09U,
0x6aU,
@ -2454,10 +2456,10 @@ namespace Cipher {
0x21U,
0x0cU,
0x7dU,
};
};
// RCON
constexpr u32 RCON[] = {
// RCON
constexpr u32 RCON[] = {
0x01000000,
0x02000000,
0x04000000,
@ -2468,8 +2470,8 @@ namespace Cipher {
0x80000000,
0x1B000000,
0x36000000,
};
}
};
}
}
}

38
Libraries/LibCrypto/Cipher/Cipher.h
View file

@ -33,12 +33,12 @@
namespace Crypto {
namespace Cipher {
enum class Intent {
enum class Intent {
Encryption,
Decryption,
};
};
enum class PaddingMode {
enum class PaddingMode {
CMS, // RFC 1423
RFC5246, // very similar to CMS, but filled with |length - 1|, instead of |length|
Null,
@ -47,13 +47,13 @@ namespace Cipher {
Random,
Space,
ZeroLength,
};
};
template <typename B, typename T>
class Cipher;
template<typename B, typename T>
class Cipher;
struct CipherBlock {
public:
struct CipherBlock {
public:
explicit CipherBlock(PaddingMode mode)
: m_padding_mode(mode)
{
@ -71,7 +71,7 @@ namespace Cipher {
PaddingMode padding_mode() const { return m_padding_mode; }
template <typename T>
template<typename T>
void put(size_t offset, T value)
{
ASSERT(offset + sizeof(T) <= data().size());
@ -92,26 +92,26 @@ namespace Cipher {
ptr[index] = (u8)value;
}
private:
private:
virtual ByteBuffer& data() = 0;
PaddingMode m_padding_mode;
};
};
struct CipherKey {
struct CipherKey {
virtual ByteBuffer data() const = 0;
static bool is_valid_key_size(size_t) { return false; };
virtual ~CipherKey() { }
protected:
protected:
virtual void expand_encrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
virtual void expand_decrypt_key(const ByteBuffer& user_key, size_t bits) = 0;
size_t bits { 0 };
};
};
template <typename KeyT = CipherKey, typename BlockT = CipherBlock>
class Cipher {
public:
template<typename KeyT = CipherKey, typename BlockT = CipherBlock>
class Cipher {
public:
using KeyType = KeyT;
using BlockType = BlockT;
@ -132,9 +132,9 @@ namespace Cipher {
virtual String class_name() const = 0;
private:
private:
PaddingMode m_padding_mode;
};
};
}
}

4
Libraries/LibCrypto/Cipher/Mode/CBC.h
View file

@ -36,6 +36,8 @@ namespace Cipher {
template <typename T>
class CBC : public Mode<T> {
public:
constexpr static size_t IVSizeInBits = 128;
virtual ~CBC() {}
template <typename... Args>
explicit constexpr CBC<T>(Args... args)
@ -51,6 +53,8 @@ namespace Cipher {
return builder.build();
}
virtual size_t IV_length() const { return IVSizeInBits / 8; }
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) override
{
auto length = in.size();

18
Libraries/LibCrypto/Cipher/Mode/Mode.h
View file

@ -32,15 +32,17 @@
namespace Crypto {
namespace Cipher {
template <typename T>
class Mode {
public:
virtual ~Mode() {}
template<typename T>
class Mode {
public:
virtual ~Mode() { }
// FIXME: Somehow communicate that encrypt returns the last initialization vector (if the mode supports it)
virtual Optional<ByteBuffer> encrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
virtual void decrypt(const ByteBuffer& in, ByteBuffer& out, Optional<ByteBuffer> ivec = {}) = 0;
virtual size_t IV_length() const = 0;
const T& cipher() const { return m_cipher; }
ByteBuffer create_aligned_buffer(size_t input_size) const
@ -55,7 +57,7 @@ namespace Cipher {
virtual String class_name() const = 0;
T& cipher() { return m_cipher; }
protected:
protected:
virtual void prune_padding(ByteBuffer& data)
{
auto size = data.size();
@ -105,15 +107,15 @@ namespace Cipher {
}
// FIXME: Somehow add a reference version of this
template <typename... Args>
template<typename... Args>
Mode(Args... args)
: m_cipher(args...)
{
}
private:
private:
T m_cipher;
};
};
}
}

55
Libraries/LibTLS/TLSv12.cpp
View file

@ -60,8 +60,8 @@ namespace TLS {
// "for now" q&d implementation of ASN1
namespace {
static bool _asn1_is_field_present(const u32* fields, const u32* prefix)
{
static bool _asn1_is_field_present(const u32* fields, const u32* prefix)
{
size_t i = 0;
while (prefix[i]) {
if (fields[i] != prefix[i])
@ -69,10 +69,10 @@ namespace {
++i;
}
return true;
}
}
static bool _asn1_is_oid(const u8* oid, const u8* compare, size_t length = 3)
{
static bool _asn1_is_oid(const u8* oid, const u8* compare, size_t length = 3)
{
size_t i = 0;
while (oid[i] && i < length) {
if (oid[i] != compare[i])
@ -80,19 +80,19 @@ namespace {
++i;
}
return true;
}
}
static void _set_algorithm(u32&, const u8* value, size_t length)
{
static void _set_algorithm(u32&, const u8* value, size_t length)
{
if (length != 9) {
dbg() << "unsupported algorithm " << value;
}
dbg() << "FIXME: Set algorithm";
}
}
static size_t _get_asn1_length(const u8* buffer, size_t length, size_t& octets)
{
static size_t _get_asn1_length(const u8* buffer, size_t length, size_t& octets)
{
octets = 0;
if (length < 1)
return 0;
@ -116,10 +116,10 @@ namespace {
}
++octets;
return size;
}
}
static ssize_t _parse_asn1(Context& context, Certificate& cert, const u8* buffer, size_t size, int level, u32* fields, u8* has_key, int client_cert, u8* root_oid, OIDChain* chain)
{
static ssize_t _parse_asn1(Context& context, Certificate& cert, const u8* buffer, size_t size, int level, u32* fields, u8* has_key, int client_cert, u8* root_oid, OIDChain* chain)
{
OIDChain local_chain;
local_chain.root = chain;
size_t position = 0;
@ -326,7 +326,7 @@ namespace {
dbg() << "FIXME: Cert.fingerprint";
}
return position;
}
}
}
Optional<Certificate> TLSv12::parse_asn1(const ByteBuffer& buffer, bool)
@ -520,7 +520,7 @@ bool TLSv12::expand_key()
auto key_size = key_length();
auto mac_size = mac_length();
auto iv_size = 16;
auto iv_size = iv_length();
pseudorandom_function(
key_buffer,
@ -769,9 +769,10 @@ void TLSv12::update_packet(ByteBuffer& packet)
auto buffer = ByteBuffer::create_zeroed(length);
size_t buffer_position = 0;
u16 aligned_length = length + block_size - length % block_size;
auto iv_size = iv_length();
// we need enough space for a header, 16 bytes of IV and whatever the packet contains
auto ct = ByteBuffer::create_zeroed(aligned_length + header_size + 16);
// we need enough space for a header, iv_length bytes of IV and whatever the packet contains
auto ct = ByteBuffer::create_zeroed(aligned_length + header_size + iv_size);
// copy the header over
ct.overwrite(0, packet.data(), header_size - 2);
@ -798,18 +799,15 @@ void TLSv12::update_packet(ByteBuffer& packet)
// throws a wrench into our plans
buffer.trim(buffer_position);
// make a random seed IV for this message
u8 record_iv[16] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
// arc4random_buf(record_iv, 16);
auto iv = ByteBuffer::wrap(record_iv, 16);
// FIXME: REALLY Should be filled with random bytes
auto iv = ByteBuffer::create_zeroed(iv_size);
// write it into the ciphertext portion of the message
ct.overwrite(header_size, record_iv, 16);
ct.overwrite(header_size, iv.data(), iv.size());
ct.trim(length + block_size - length % block_size + header_size + block_size - padding);
// get a block to encrypt into
auto view = ct.slice_view(header_size + 16, length + block_size - length % block_size + block_size - padding - 16);
auto view = ct.slice_view(header_size + iv_size, length + block_size - length % block_size + block_size - padding - iv_size);
// encrypt the message
m_aes_local->encrypt(buffer, view, iv);
@ -1346,11 +1344,12 @@ ssize_t TLSv12::handle_message(const ByteBuffer& buffer)
#endif
ASSERT(m_aes_remote);
auto iv_size = iv_length();
auto decrypted = m_aes_remote->create_aligned_buffer(length - 16);
auto iv = buffer.slice_view(header_size, 16);
auto decrypted = m_aes_remote->create_aligned_buffer(length - iv_size);
auto iv = buffer.slice_view(header_size, iv_size);
m_aes_remote->decrypt(buffer.slice_view(header_size + 16, length - 16), decrypted, iv);
m_aes_remote->decrypt(buffer.slice_view(header_size + iv_size, length - iv_size), decrypted, iv);
length = decrypted.size();

89
Libraries/LibTLS/TLSv12.h
View file

@ -92,8 +92,11 @@ enum class CipherSuite {
RSA_WITH_AES_128_CBC_SHA = 0x002F,
RSA_WITH_AES_256_CBC_SHA = 0x0035,
RSA_WITH_AES_128_CBC_SHA256 = 0x003C, // we support this
RSA_WITH_AES_256_CBC_SHA256 = 0x003D, //<- this is our guy
// We support these
RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
// TODO
RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
};
@ -360,8 +363,48 @@ private:
void pseudorandom_function(ByteBuffer& output, const ByteBuffer& secret, const u8* label, size_t label_length, const ByteBuffer& seed, const ByteBuffer& seed_b);
size_t key_length() const { return m_aes_local ? m_aes_local->cipher().key().length() : 16; } // FIXME: generalize
size_t mac_length() const { return Crypto::Authentication::HMAC<Crypto::Hash::SHA256>::DigestSize; } // FIXME: generalize
size_t key_length() const
{
switch (m_context.cipher) {
case CipherSuite::AES_128_CCM_8_SHA256:
case CipherSuite::AES_128_CCM_SHA256:
case CipherSuite::AES_128_GCM_SHA256:
case CipherSuite::Invalid:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA:
case CipherSuite::RSA_WITH_AES_128_GCM_SHA256:
default:
return 128 / 8;
case CipherSuite::AES_256_GCM_SHA384:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_256_GCM_SHA384:
return 256 / 8;
}
}
size_t mac_length() const
{
return Crypto::Authentication::HMAC<Crypto::Hash::SHA256>::DigestSize;
} // FIXME: generalize
size_t iv_length() const
{
switch (m_context.cipher) {
case CipherSuite::AES_128_CCM_8_SHA256:
case CipherSuite::AES_128_CCM_SHA256:
case CipherSuite::Invalid:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_128_CBC_SHA:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA256:
case CipherSuite::RSA_WITH_AES_256_CBC_SHA:
default:
return 16;
case CipherSuite::AES_128_GCM_SHA256:
case CipherSuite::AES_256_GCM_SHA384:
case CipherSuite::RSA_WITH_AES_128_GCM_SHA256:
case CipherSuite::RSA_WITH_AES_256_GCM_SHA384:
return 12;
}
}
bool expand_key();
@ -375,27 +418,27 @@ private:
};
namespace Constants {
constexpr static const u32 version_id[] { 1, 1, 1, 0 };
constexpr static const u32 pk_id[] { 1, 1, 7, 0 };
constexpr static const u32 serial_id[] { 1, 1, 2, 1, 0 };
constexpr static const u32 issurer_id[] { 1, 1, 4, 0 };
constexpr static const u32 owner_id[] { 1, 1, 6, 0 };
constexpr static const u32 validity_id[] { 1, 1, 5, 0 };
constexpr static const u32 algorithm_id[] { 1, 1, 3, 0 };
constexpr static const u32 sign_id[] { 1, 3, 2, 1, 0 };
constexpr static const u32 priv_id[] { 1, 4, 0 };
constexpr static const u32 priv_der_id[] { 1, 3, 1, 0 };
constexpr static const u32 ecc_priv_id[] { 1, 2, 0 };
constexpr static const u32 version_id[] { 1, 1, 1, 0 };
constexpr static const u32 pk_id[] { 1, 1, 7, 0 };
constexpr static const u32 serial_id[] { 1, 1, 2, 1, 0 };
constexpr static const u32 issurer_id[] { 1, 1, 4, 0 };
constexpr static const u32 owner_id[] { 1, 1, 6, 0 };
constexpr static const u32 validity_id[] { 1, 1, 5, 0 };
constexpr static const u32 algorithm_id[] { 1, 1, 3, 0 };
constexpr static const u32 sign_id[] { 1, 3, 2, 1, 0 };
constexpr static const u32 priv_id[] { 1, 4, 0 };
constexpr static const u32 priv_der_id[] { 1, 3, 1, 0 };
constexpr static const u32 ecc_priv_id[] { 1, 2, 0 };
constexpr static const u8 country_oid[] { 0x55, 0x04, 0x06, 0x00 };
constexpr static const u8 state_oid[] { 0x55, 0x04, 0x08, 0x00 };
constexpr static const u8 location_oid[] { 0x55, 0x04, 0x07, 0x00 };
constexpr static const u8 entity_oid[] { 0x55, 0x04, 0x0A, 0x00 };
constexpr static const u8 subject_oid[] { 0x55, 0x04, 0x03, 0x00 };
constexpr static const u8 san_oid[] { 0x55, 0x1D, 0x11, 0x00 };
constexpr static const u8 ocsp_oid[] { 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x00 };
constexpr static const u8 country_oid[] { 0x55, 0x04, 0x06, 0x00 };
constexpr static const u8 state_oid[] { 0x55, 0x04, 0x08, 0x00 };
constexpr static const u8 location_oid[] { 0x55, 0x04, 0x07, 0x00 };
constexpr static const u8 entity_oid[] { 0x55, 0x04, 0x0A, 0x00 };
constexpr static const u8 subject_oid[] { 0x55, 0x04, 0x03, 0x00 };
constexpr static const u8 san_oid[] { 0x55, 0x1D, 0x11, 0x00 };
constexpr static const u8 ocsp_oid[] { 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x00 };
constexpr static const u8 TLS_RSA_SIGN_SHA256_OID[] { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x00 };
constexpr static const u8 TLS_RSA_SIGN_SHA256_OID[] { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x00 };
}