• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 
16 #ifndef HITLS_PKI_X509_H
17 #define HITLS_PKI_X509_H
18 
19 #include "hitls_pki_cert.h"
20 #include "hitls_pki_crl.h"
21 
22 #ifdef __cplusplus
23 extern "C" {
24 #endif
25 
26 typedef struct _HITLS_X509_StoreCtx HITLS_X509_StoreCtx;
27 
28 /**
29  * @ingroup pki
30  * @brief Allocate a StoreCtx.
31  *
32  * @retval HITLS_X509_StoreCtx *
33  */
34 HITLS_X509_StoreCtx *HITLS_X509_StoreCtxNew(void);
35 
36 /**
37  * @brief Create a new X509 store object using the provider mechanism
38  *
39  * @param libCtx [IN] Library context from CRYPT_EAL
40  * @param attrName [IN] Provider attribute name for capability matching
41  *
42  * @return HITLS_X509_STORE* Store object or NULL on failure
43  */
44 HITLS_X509_StoreCtx *HITLS_X509_ProviderStoreCtxNew(HITLS_PKI_LibCtx *libCtx, const char *attrName);
45 
46 /**
47  * @ingroup pki
48  * @brief Release the StoreCtx.
49  *
50  * @param storeCtx    [IN] StoreCtx.
51  * @retval void
52  */
53 void HITLS_X509_StoreCtxFree(HITLS_X509_StoreCtx *storeCtx);
54 
55 /**
56  * @ingroup pki
57  * @brief Generic function to process StoreCtx.
58  *
59  * @param storeCtx [IN] StoreCtx.
60  * @param cmd [IN] HITLS_X509_Cmd                       data type           data length
61  *        HITLS_X509_STORECTX_SET_PARAM_DEPTH           int32_t             sizeof(int32_t)
62  *        HITLS_X509_STORECTX_SET_PARAM_FLAGS           uint64_t            sizeof(uint64_t)
63  *        HITLS_X509_STORECTX_SET_TIME                  int64_t             sizeof(int64_t)
64  *        HITLS_X509_STORECTX_SET_SECBITS               uint32_t            sizeof(uint32_t)
65  *        HITLS_X509_STORECTX_CLR_PARAM_FLAGS           uint64_t            sizeof(uint64_t)
66  *        HITLS_X509_STORECTX_DEEP_COPY_SET_CA          HITLS_X509_Cert     -
67  *        HITLS_X509_STORECTX_SHALLOW_COPY_SET_CA       HITLS_X509_Cert     -
68  *        HITLS_X509_STORECTX_SET_CRL                   HITLS_X509_Crl      -
69  *        HITLS_X509_STORECTX_REF_UP                    int                 sizeof(int)
70  *        HITLS_X509_STORECTX_SET_VFY_SM2_USERID        buffer              > 0
71  * @param val [IN/OUT] input and output value.
72  * @param valLen [IN] value length.
73  * @retval #HITLS_PKI_SUCCESS, success.
74  *         Error codes can be found in hitls_pki_errno.h
75  */
76 int32_t HITLS_X509_StoreCtxCtrl(HITLS_X509_StoreCtx *storeCtx, int32_t cmd, void *val, uint32_t valLen);
77 
78 /**
79  * @ingroup pki
80  * @brief Certificate chain verify function.
81  *
82  * @param storeCtx [IN] StoreCtx.
83  * @param chain [IN] certificate chain.
84  * @retval #HITLS_PKI_SUCCESS, success.
85  *         Error codes can be found in hitls_pki_errno.h
86  */
87 int32_t HITLS_X509_CertVerify(HITLS_X509_StoreCtx *storeCtx, HITLS_X509_List *chain);
88 
89 /**
90  * @ingroup pki
91  * @brief Certificate chain build function.
92  *
93  * @param storeCtx [IN] StoreCtx.
94  * @param isWithRoot [IN] whether the root cert is included.
95  * @param cert [IN] certificate.
96  * @param chain [OUT] certificate chain.
97  * @retval #HITLS_PKI_SUCCESS, success.
98  *         Error codes can be found in hitls_pki_errno.h
99  */
100 int32_t HITLS_X509_CertChainBuild(HITLS_X509_StoreCtx *storeCtx, bool isWithRoot, HITLS_X509_Cert *cert,
101     HITLS_X509_List **chain);
102 
103 #ifdef __cplusplus
104 }
105 #endif
106 
107 #endif // HITLS_PKI_X509_H
108