1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 #ifndef HITLS_PKI_CRL_H 17 #define HITLS_PKI_CRL_H 18 19 #include "hitls_pki_types.h" 20 #include "crypt_eal_pkey.h" 21 22 #ifdef __cplusplus 23 extern "C" { 24 #endif 25 26 typedef struct _HITLS_X509_Crl HITLS_X509_Crl; 27 28 typedef struct _HITLS_X509_CrlEntry HITLS_X509_CrlEntry; 29 30 /** 31 * @ingroup pki 32 * @brief Allocate a crl. 33 * 34 * @retval HITLS_X509_Crl * 35 */ 36 HITLS_X509_Crl *HITLS_X509_CrlNew(void); 37 /** 38 * @ingroup pki 39 * @brief Release the CRL. 40 * @par Description: Release the memory of the CRL. 41 * 42 * @attention None 43 * @param crl [IN] CRL after parse. 44 * @return Error code 45 */ 46 void HITLS_X509_CrlFree(HITLS_X509_Crl *crl); 47 48 /** 49 * @ingroup pki 50 * @brief Crl setting interface. 51 * @par Description: Set CRL information. 52 * parameter data type Length(len):number of data bytes 53 * HITLS_X509_REF_UP int The length is sizeof(int), which is used to increase the 54 * number of CRL references. 55 * @attention None 56 * @param crl [IN] CRL data 57 * @param cmd [IN] Set type. 58 * @param val [OUT] Set data. 59 * @param valLen [IN] The length of val. 60 * @return Error code 61 */ 62 int32_t HITLS_X509_CrlCtrl(HITLS_X509_Crl *crl, int32_t cmd, void *val, uint32_t valLen); 63 64 /** 65 * @ingroup pki 66 * @brief Parse the CRL in the buffer. 67 * @par Description: Parse the CRL in the buffer. 68 * If the encoding is successful, the memory for the crl is requested from within the function, 69 * and the user needs to free it after using it. When the parameter is BSL_FORMAT_PEM and 70 * BSL_FORMAT_UNKNOWN, the buff of encode needs to end with '\0' 71 * @attention None 72 * @param format [IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/ 73 * BSL_FORMAT_UNKNOWN. 74 * @param encode [IN] CRL data. 75 * @param crl [OUT] CRL after parse. 76 * @return Error code 77 */ 78 int32_t HITLS_X509_CrlParseBuff(int32_t format, const BSL_Buffer *encode, HITLS_X509_Crl **crl); 79 80 /** 81 * @ingroup pki 82 * @brief Parse the CRL in the file. 83 * @par Description: Parse the CRL in the file. 84 * If the encoding is successful, the memory for the crl is requested from within the function, 85 * and the user needs to free it after using it. 86 * @attention None 87 * @param format [IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/ 88 * BSL_FORMAT_UNKNOWN. 89 * @param path [IN] CRL file path. 90 * @param crl [OUT] CRL after parse. 91 * @return Error code 92 */ 93 int32_t HITLS_X509_CrlParseFile(int32_t format, const char *path, HITLS_X509_Crl **crl); 94 95 /** 96 * @ingroup pki 97 * @brief Parse the CRLs in the file. 98 * @par Description: Parse multiple CRLs in the file. 99 * If the encoding is successful, the memory for the crllist is requested from within the function, 100 * and the user needs to free it after using it. 101 * @attention None 102 * @param format [IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/ 103 * BSL_FORMAT_UNKNOWN. 104 * @param path [IN] CRL file path. 105 * @param crllist [OUT] CRL list after parse. 106 * @return Error code 107 */ 108 int32_t HITLS_X509_CrlParseBundleFile(int32_t format, const char *path, HITLS_X509_List **crlList); 109 110 /** 111 * @ingroup pki 112 * @brief Generate a CRL and encode it. 113 * @par Description: This function encodes the CRL into the specified format. 114 * If the encoding is successful, the memory for the encode data is requested from within the function, 115 * and the user needs to free it after using it. 116 * 117 * @attention This function is used after parsing the crl or after signing. 118 * 119 * @attention None 120 * @param format [IN] Encoding format: BSL_FORMAT_PEM or BSL_FORMAT_ASN1. 121 * @param crl [IN] CRL raw data. 122 * @param buff [OUT] Encode data. 123 * @return Error code 124 */ 125 int32_t HITLS_X509_CrlGenBuff(int32_t format, HITLS_X509_Crl *crl, BSL_Buffer *buff); 126 127 /** 128 * @ingroup pki 129 * @brief Generate a CRL and encode it to specific file. 130 * @par Description: This function encodes the CRL into the specified format. 131 * If the encoding is successful, the memory for the encode data is requested from within the function, 132 * and the user needs to free it after using it. 133 * 134 * @attention This function is used after parsing the crl or after signing. 135 * 136 * @attention None 137 * @param format [IN] Encoding format: BSL_FORMAT_PEM or BSL_FORMAT_ASN1. 138 * @param crl [IN] CRL raw data. 139 * @param path [OUT] Encoding data file path. 140 * @return Error code 141 */ 142 int32_t HITLS_X509_CrlGenFile(int32_t format, HITLS_X509_Crl *crl, const char *path); 143 144 /** 145 * @ingroup pki 146 * @brief Verify the integrity of the CRL. 147 * @par Description: This function verifies the integrity of the CRL 148 * 149 * @attention For generated CRLs, must be called after signing. 150 * 151 * @attention None 152 * @param pubkey [IN] pubkey. 153 * @param crl [IN] CRL info. 154 * @return Error code 155 */ 156 int32_t HITLS_X509_CrlVerify(void *pubkey, const HITLS_X509_Crl *crl); 157 158 /** 159 * @ingroup pki 160 * @brief Signing a CRL. 161 * @par Description: This function is used to sign the CRL. 162 * 163 * @attention 1. This function can only be used when generating a new crl. 164 * 2. Before signing, you need to call the HITLS_X509_CrlCtrl interface to set the CRL information. 165 * 166 * @attention The interface can be called multiple times, and the signature is regenerated on each call. 167 * @param mdId [IN] hash algorithm. 168 * @param prvKey [IN] private key. 169 * @param algParam [IN] signature parameter, for example, rsa-pss parameter. 170 * @param crl [IN/OUT] CRL info. 171 * @return Error code 172 */ 173 int32_t HITLS_X509_CrlSign(int32_t mdId, const CRYPT_EAL_PkeyCtx *prvKey, const HITLS_X509_SignAlgParam *algParam, 174 HITLS_X509_Crl *crl); 175 176 /** 177 * @ingroup pki crl 178 * @brief Allocate a revoked certificate. 179 * 180 * @attention None 181 * @return HITLS_X509_CrlEntry * 182 */ 183 HITLS_X509_CrlEntry *HITLS_X509_CrlEntryNew(void); 184 185 /** 186 * @ingroup pki 187 * @brief Release the CRL certificateRevoke struct . 188 * @par Description: Release the memory of the CRL certificateRevoke struct. 189 * 190 * @attention None 191 * @param entry [IN] entry info. 192 * @return Error code 193 */ 194 void HITLS_X509_CrlEntryFree(HITLS_X509_CrlEntry *entry); 195 196 /** 197 * @ingroup pki 198 * @brief Generate a CRL and encode it to specific file. 199 * @par Description: This function encodes the CRL into the specified format. 200 * If the encoding is successful, the memory for the encode data is requested from within the function, 201 * and the user needs to free it after using it. 202 * @attention None 203 * @param pubkey [IN] pubkey. 204 * @param crl [IN] CRL info. 205 * @return Error code 206 */ 207 int32_t HITLS_X509_CrlEntryCtrl(HITLS_X509_CrlEntry *revoked, int32_t cmd, void *val, uint32_t valLen); 208 209 #ifdef __cplusplus 210 } 211 #endif 212 213 #endif // HITLS_PKI_CRL_H 214