1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 #ifndef HITLS_X509_LOCAL_H 17 #define HITLS_X509_LOCAL_H 18 19 #include "hitls_build.h" 20 #ifdef HITLS_PKI_X509 21 #include <stdint.h> 22 #include "bsl_asn1.h" 23 #include "bsl_obj.h" 24 #include "crypt_eal_pkey.h" 25 #include "sal_atomic.h" 26 #include "hitls_pki_types.h" 27 28 #ifdef __cplusplus 29 extern "C" { 30 #endif 31 32 /** 33 * RFC 5280: section 4.1.2.5.1 34 */ 35 #define BSL_TIME_UTC_MAX_YEAR 2049 36 37 #define BSL_TIME_BEFORE_SET 0x01 38 #define BSL_TIME_AFTER_SET 0x02 39 #define BSL_TIME_BEFORE_IS_UTC 0x04 40 #define BSL_TIME_AFTER_IS_UTC 0x08 41 42 /* Identifies the current ext as a parsed state */ 43 #define HITLS_X509_EXT_FLAG_PARSE (1 << 0) 44 /* Identifies the current ext as a generated state */ 45 #define HITLS_X509_EXT_FLAG_GEN (1 << 1) 46 47 /* Identifies the keyusage extension in the current structure */ 48 #define HITLS_X509_EXT_FLAG_KUSAGE (1 << 0) 49 /* Identifies the basic constraints extension in the current structure */ 50 #define HITLS_X509_EXT_FLAG_BCONS (1 << 1) 51 52 #define HITLS_X509_GN_OTHER (HITLS_X509_GN_IP + 1) 53 #define HITLS_X509_GN_X400 (HITLS_X509_GN_OTHER + 1) 54 #define HITLS_X509_GN_EDI (HITLS_X509_GN_X400 + 1) 55 #define HITLS_X509_GN_RID (HITLS_X509_GN_EDI + 1) 56 57 typedef struct _HITLS_X509_NameNode { 58 BSL_ASN1_Buffer nameType; 59 BSL_ASN1_Buffer nameValue; 60 uint8_t layer; 61 } HITLS_X509_NameNode; 62 63 typedef struct _HITLS_X509_ExtEntry { 64 BslCid cid; 65 BSL_ASN1_Buffer extnId; 66 bool critical; 67 BSL_ASN1_Buffer extnValue; 68 } HITLS_X509_ExtEntry; 69 70 typedef struct _HITLS_X509_CertExt { 71 uint32_t extFlags; // Indicates which extensions exist 72 // basic usage ext 73 bool isCa; 74 // -1 no check, 0 no intermediate certificate 75 int32_t maxPathLen; 76 // key usage ext 77 uint32_t keyUsage; 78 } HITLS_X509_CertExt; 79 80 typedef enum { 81 HITLS_X509_EXT_TYPE_CERT = 1, 82 HITLS_X509_EXT_TYPE_CRL, 83 } HITLS_X509_ExtInnerType; 84 85 typedef struct _HITLS_X509_Ext { 86 uint32_t flag; // Identifies the status of the current ext, generate or parse 87 BslList *extList; 88 int32_t type; 89 void *extData; 90 } HITLS_X509_Ext; 91 92 typedef struct _HITLS_X509_AttrEntry { 93 BslCid cid; 94 BSL_ASN1_Buffer attrId; 95 BSL_ASN1_Buffer attrValue; 96 } HITLS_X509_AttrEntry; 97 98 typedef int32_t (*HITLS_X509_ParseAttrItemCb)(BslList *attrList, HITLS_X509_AttrEntry *attrEntry); 99 100 typedef int32_t (*HITLS_X509_EncodeAttrItemCb)(void *attrNode, HITLS_X509_AttrEntry *attrEntry); 101 102 typedef void *(*HITLS_X509_DupAttrItemCb)(const void *item); 103 104 typedef void (*HITLS_X509_FreeAttrItemCb)(void *item); 105 typedef struct _HITLS_X509_Attrs { 106 uint8_t flag; 107 BslList *list; // The list of HITLS_X509_AttrEntry 108 } HITLS_X509_Attrs; 109 110 typedef struct _HITLS_X509_ValidTime { 111 uint8_t flag; 112 BSL_TIME start; 113 BSL_TIME end; 114 } HITLS_X509_ValidTime; 115 116 typedef struct _HITLS_X509_Asn1AlgId { 117 BslCid algId; 118 union { 119 CRYPT_RSA_PssPara rsaPssParam; 120 #ifdef HITLS_CRYPTO_SM2 121 BSL_Buffer sm2UserId; 122 #endif 123 }; 124 } HITLS_X509_Asn1AlgId; 125 126 typedef int32_t (*HITLS_X509_Asn1Parse)(uint8_t *encode, uint32_t encodeLen, void *out); 127 typedef void *(*HITLS_X509_ProviderNew)(CRYPT_EAL_LibCtx *libCtx, const char *attrName); 128 typedef void *(*HITLS_X509_New)(void); 129 typedef void (*HITLS_X509_Free)(void *elem); 130 131 typedef struct { 132 HITLS_X509_Asn1Parse asn1Parse; 133 HITLS_X509_ProviderNew x509ProviderNew; 134 HITLS_X509_New x509New; 135 HITLS_X509_Free x509Free; 136 } X509_ParseFuncCbk; 137 138 int32_t HITLS_X509_ParseTbsRawData(uint8_t *encode, uint32_t encodeLen, uint8_t **tbsRawData, uint32_t *tbsRawDataLen); 139 140 #if defined(HITLS_PKI_X509_CRT_PARSE) || defined(HITLS_PKI_X509_CRL_PARSE) || defined(HITLS_PKI_X509_CSR_PARSE) 141 // The public key parsing is more complex, and the crypto module completes it 142 int32_t HITLS_X509_ParseSignAlgInfo(BSL_ASN1_Buffer *algId, BSL_ASN1_Buffer *param, HITLS_X509_Asn1AlgId *x509Alg); 143 144 int32_t HITLS_X509_ParseExtendedKeyUsage(HITLS_X509_ExtEntry *extEntry, HITLS_X509_ExtExKeyUsage *exku); 145 int32_t HITLS_X509_ParseSubjectAltName(HITLS_X509_ExtEntry *extEntry, HITLS_X509_ExtSan *san); 146 147 void HITLS_X509_ClearSubjectAltName(HITLS_X509_ExtSan *san); 148 149 int32_t HITLS_X509_ParseExtItem(BSL_ASN1_Buffer *extItem, HITLS_X509_ExtEntry *extEntry); 150 151 int32_t HITLS_X509_ParseTime(BSL_ASN1_Buffer *before, BSL_ASN1_Buffer *after, HITLS_X509_ValidTime *time); 152 153 #endif 154 155 #if defined(HITLS_PKI_X509_CSR_GEN) || defined(HITLS_PKI_X509_CRT_GEN) || defined(HITLS_PKI_X509_CRL_GEN) 156 int32_t HITLS_X509_EncodeSignAlgInfo(HITLS_X509_Asn1AlgId *x509Alg, BSL_ASN1_Buffer *asn); 157 158 int32_t HITLS_X509_EncodeNameList(BSL_ASN1_List *list, BSL_ASN1_Buffer *name); 159 160 int32_t HITLS_X509_SetNameList(BslList **dest, void *val, uint32_t valLen); 161 162 int32_t HITLS_X509_EncodeExt(uint8_t tag, BSL_ASN1_List *list, BSL_ASN1_Buffer *ext); 163 164 int32_t HITLS_X509_SignAsn1Data(CRYPT_EAL_PkeyCtx *priv, CRYPT_MD_AlgId mdId, 165 BSL_ASN1_Buffer *asn1Buff, BSL_Buffer *rawSignBuff, BSL_ASN1_BitString *sign); 166 167 typedef int32_t (*EncodeExtCb)(void *, HITLS_X509_ExtEntry *, const void *); 168 169 int32_t HITLS_X509_SetExtList(void *param, BslList *extList, BslCid cid, BSL_Buffer *val, EncodeExtCb encodeExt); 170 171 int32_t HITLS_X509_SetGeneralNames(HITLS_X509_ExtEntry *extEntry, void *val); 172 173 int32_t HITLS_X509_EncodeExtEntry(BSL_ASN1_List *list, BSL_ASN1_Buffer *ext); 174 175 typedef int32_t (*HITLS_X509_SignCb)(int32_t mdId, CRYPT_EAL_PkeyCtx *prvKey, HITLS_X509_Asn1AlgId *signAlgId, 176 void *obj); 177 178 int32_t HITLS_X509_Sign(int32_t mdId, const CRYPT_EAL_PkeyCtx *prvKey, const HITLS_X509_SignAlgParam *algParam, 179 void *obj, HITLS_X509_SignCb signCb); 180 #endif 181 182 void HITLS_X509_FreeNameNode(HITLS_X509_NameNode *node); 183 184 int32_t HITLS_X509_ParseNameList(BSL_ASN1_Buffer *name, BSL_ASN1_List *list); 185 186 int32_t HITLS_X509_ParseGeneralNames(uint8_t *encode, uint32_t encLen, BslList *list); 187 188 void HITLS_X509_ClearGeneralNames(BslList *names); 189 190 int32_t HITLS_X509_ParseAuthorityKeyId(HITLS_X509_ExtEntry *extEntry, HITLS_X509_ExtAki *aki); 191 192 int32_t HITLS_X509_ParseSubjectKeyId(HITLS_X509_ExtEntry *extEntry, HITLS_X509_ExtSki *ski); 193 194 void HITLS_X509_ClearExtendedKeyUsage(HITLS_X509_ExtExKeyUsage *exku); 195 196 HITLS_X509_Ext *X509_ExtNew(HITLS_X509_Ext *ext, int32_t type); 197 198 void X509_ExtFree(HITLS_X509_Ext *ext, bool isFreeOut); 199 200 #if defined(HITLS_PKI_X509_CRT_PARSE) || defined(HITLS_PKI_X509_CRL_PARSE) || defined(HITLS_PKI_X509_CSR) 201 int32_t HITLS_X509_ParseExt(BSL_ASN1_Buffer *ext, HITLS_X509_Ext *certExt); 202 #endif 203 204 void HITLS_X509_ExtEntryFree(HITLS_X509_ExtEntry *entry); 205 206 int32_t HITLS_X509_AddListItemDefault(void *item, uint32_t len, BSL_ASN1_List *list); 207 208 209 int32_t HITLS_X509_ParseX509(CRYPT_EAL_LibCtx *libCtx, const char *attrName, int32_t format, const BSL_Buffer *encode, 210 bool isCert, X509_ParseFuncCbk *parseFun, HITLS_X509_List *list); 211 212 int32_t HITLS_X509_CheckAlg(CRYPT_EAL_PkeyCtx *pubkey, const HITLS_X509_Asn1AlgId *subAlg); 213 214 #if defined(HITLS_PKI_X509_CSR_PARSE) || defined(HITLS_PKI_PKCS12_PARSE) 215 int32_t HITLS_X509_ParseAttrList(BSL_ASN1_Buffer *attrBuff, HITLS_X509_Attrs *attrs, HITLS_X509_ParseAttrItemCb parseCb, 216 HITLS_X509_FreeAttrItemCb freeItem); 217 #endif 218 219 #ifdef HITLS_PKI_PKCS12_GEN 220 HITLS_X509_Attrs *HITLS_X509_AttrsDup(const HITLS_X509_Attrs *src, HITLS_X509_DupAttrItemCb dupCb, 221 HITLS_X509_FreeAttrItemCb freeCb); 222 #endif 223 224 void HITLS_X509_AttrEntryFree(HITLS_X509_AttrEntry *attr); 225 226 HITLS_X509_Attrs *HITLS_X509_AttrsNew(void); 227 228 void HITLS_X509_AttrsFree(HITLS_X509_Attrs *attrs, HITLS_X509_FreeAttrItemCb freeItem); 229 230 #if defined(HITLS_PKI_X509_CSR_GEN) || defined(HITLS_PKI_PKCS12_GEN) 231 int32_t HITLS_X509_EncodeAttrList(uint8_t tag, HITLS_X509_Attrs *attrs, HITLS_X509_EncodeAttrItemCb encodeCb, 232 BSL_ASN1_Buffer *attrAsn1); 233 #endif 234 235 int32_t HITLS_X509_CheckSignature(const CRYPT_EAL_PkeyCtx *pubKey, uint8_t *rawData, uint32_t rawDataLen, 236 const HITLS_X509_Asn1AlgId *alg, const BSL_ASN1_BitString *signature); 237 238 #ifdef HITLS_CRYPTO_SM2 239 int32_t HITLS_X509_SetSm2UserId(BSL_Buffer *sm2UserId, void *val, uint32_t valLen); 240 #endif 241 242 int32_t HITLS_X509_RefUp(BSL_SAL_RefCount *references, int32_t *val, uint32_t valLen); 243 244 int32_t HITLS_X509_GetList(BslList *list, void *val, uint32_t valLen); 245 246 int32_t HITLS_X509_GetPubKey(void *ealPubKey, void **val); 247 248 int32_t HITLS_X509_GetSignAlg(BslCid signAlgId, int32_t *val, uint32_t valLen); 249 250 int32_t HITLS_X509_GetSignMdAlg(const HITLS_X509_Asn1AlgId *signAlgId, int32_t *val, int32_t valLen); 251 252 int32_t HITLS_X509_GetEncodeLen(uint32_t encodeLen, uint32_t *val, uint32_t valLen); 253 254 int32_t HITLS_X509_GetEncodeData(uint8_t *rawData, uint8_t **val); 255 256 int32_t HITLS_X509_SetPkey(void **pkey, void *val); 257 258 #ifdef HITLS_PKI_X509_CRT_GEN 259 int32_t HITLS_X509_ExtReplace(HITLS_X509_Ext *dest, HITLS_X509_Ext *src); 260 #endif 261 262 #if defined(HITLS_PKI_X509_CRT) || defined(HITLS_PKI_X509_CRL) 263 264 #if defined(HITLS_PKI_X509_CRT_GEN) || defined(HITLS_PKI_X509_CRL_GEN) 265 int32_t HITLS_X509_SetSerial(BSL_ASN1_Buffer *serial, const void *val, uint32_t valLen); 266 267 HITLS_X509_ExtEntry *X509_DupExtEntry(const HITLS_X509_ExtEntry *src); 268 #endif 269 270 int32_t HITLS_X509_GetSerial(BSL_ASN1_Buffer *serial, void *val, uint32_t valLen); 271 #endif 272 273 typedef int32_t (*DecodeExtCb)(HITLS_X509_ExtEntry *, void *); 274 275 int32_t HITLS_X509_GetExt(BslList *ext, BslCid cid, BSL_Buffer *val, uint32_t expectLen, DecodeExtCb decodeExt); 276 277 bool X509_IsValidHashAlg(CRYPT_MD_AlgId id); 278 279 #ifdef HITLS_PKI_X509_VFY 280 int32_t HITLS_X509_CheckAki(HITLS_X509_Ext *issueExt, HITLS_X509_Ext *subjectExt, BSL_ASN1_List *issueName, 281 BSL_ASN1_Buffer *serialNum); 282 283 int32_t HITLS_X509_CmpNameNode(BSL_ASN1_List *nameOri, BSL_ASN1_List *name); 284 #endif 285 286 bool X509_CheckCmdValid(int32_t *cmdSet, uint32_t cmdSize, int32_t cmd); 287 288 int32_t X509_ExtCtrl(HITLS_X509_Ext *ext, int32_t cmd, void *val, uint32_t valLen); 289 290 #ifdef __cplusplus 291 } 292 #endif 293 294 #endif // HITLS_PKI_X509 295 296 #endif // HITLS_X509_LOCAL_H