1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 #ifndef HITLS_X509_VERIFY_H 17 #define HITLS_X509_VERIFY_H 18 19 #include "hitls_build.h" 20 #ifdef HITLS_PKI_X509_VFY 21 #include <stdint.h> 22 #include "bsl_asn1.h" 23 #include "hitls_pki_x509.h" 24 #include "sal_atomic.h" 25 26 #ifdef __cplusplus 27 extern "C" { 28 #endif 29 30 typedef enum { 31 HITLS_X509_VFY_FLAG_SECBITS = 0x100000000, 32 HITLS_X509_VFY_FLAG_TIME = 0x200000000, 33 } HITLS_X509_IN_VerifyFlag; 34 35 typedef struct _HITLS_X509_VerifyParam { 36 int32_t maxDepth; 37 int64_t time; 38 uint32_t securityBits; 39 uint64_t flags; 40 #ifdef HITLS_CRYPTO_SM2 41 BSL_Buffer sm2UserId; 42 #endif 43 } HITLS_X509_VerifyParam; 44 45 struct _HITLS_X509_StoreCtx { 46 HITLS_X509_List *store; 47 HITLS_X509_List *crl; 48 BSL_SAL_RefCount references; 49 HITLS_X509_VerifyParam verifyParam; 50 CRYPT_EAL_LibCtx *libCtx; // Provider context 51 const char *attrName; // Provider attribute name 52 }; 53 54 55 int32_t HITLS_X509_VerifyParamAndExt(HITLS_X509_StoreCtx *storeCtx, HITLS_X509_List *chain); 56 57 /* 58 * Verify the CRL, which is the default full certificate chain validation. 59 * You can configure not to verify or only verify the terminal certificate 60 */ 61 int32_t HITLS_X509_VerifyCrl(HITLS_X509_StoreCtx *storeCtx, HITLS_X509_List *chain); 62 63 #ifdef __cplusplus 64 } 65 #endif 66 67 #endif // HITLS_PKI_X509_VFY 68 69 #endif // HITLS_X509_VERIFY_H