1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 #ifndef CERT_MGR_CTX_H 16 #define CERT_MGR_CTX_H 17 18 #include <stdint.h> 19 #include "hitls_crypt_type.h" 20 #include "hitls_cert_reg.h" 21 #include "cert.h" 22 #include "bsl_hash.h" 23 24 #ifdef __cplusplus 25 extern "C" { 26 #endif 27 28 #define TLS_DEFAULT_VERIFY_DEPTH 20u 29 #define CERT_DEFAULT_HASH_BKT_SIZE 64u 30 31 struct CertVerifyParamInner { 32 uint32_t verifyDepth; /* depth of verify */ 33 uint32_t purpose; /* purpose to check untrusted certificates */ 34 uint32_t trust; /* trust setting to check */ 35 }; 36 37 struct CertPairInner { 38 HITLS_CERT_X509 *cert; /* device certificate */ 39 #ifdef HITLS_TLS_PROTO_TLCP11 40 /* encrypted device cert. Currently this field is used only when the peer-end encrypted certificate is stored. */ 41 HITLS_CERT_X509 *encCert; 42 HITLS_CERT_Key *encPrivateKey; 43 #endif 44 HITLS_CERT_Key *privateKey; /* private key corresponding to the certificate */ 45 HITLS_CERT_Chain *chain; /* certificate chain */ 46 }; 47 48 struct CertMgrCtxInner { 49 uint32_t currentCertKeyType; /* keyType to the certificate in use. */ 50 /* Indicates the certificate resources on the link. Only one certificate of a type can be loaded. */ 51 BSL_HASH_Hash *certPairs; /* cert hash table. key keyType, value CERT_Pair */ 52 HITLS_CERT_Chain *extraChain; 53 HITLS_CERT_Store *verifyStore; /* Verifies the store, which is used to verify the certificate chain. */ 54 HITLS_CERT_Store *chainStore; /* Certificate chain store, used to assemble the certificate chain */ 55 HITLS_CERT_Store *certStore; /* Default CA store */ 56 HITLS_CertVerifyParam verifyParam; /* Verification Parameters */ 57 #ifndef HITLS_TLS_FEATURE_PROVIDER 58 HITLS_CERT_MgrMethod method; /* callback function */ 59 #endif 60 HITLS_PasswordCb defaultPasswdCb; /* Default password callback, used in loading certificate. */ 61 void *defaultPasswdCbUserData; /* Set the userData used by the default password callback. */ 62 HITLS_VerifyCb verifyCb; /* Certificate verification callback function */ 63 64 HITLS_Lib_Ctx *libCtx; /* library context */ 65 const char *attrName; /* attrName */ 66 }; 67 68 CERT_Type CertKeyType2CertType(HITLS_CERT_KeyType keyType); 69 70 int32_t CheckCurveName(HITLS_Config *config, const uint16_t *curveList, uint32_t curveNum, HITLS_CERT_Key *pubkey); 71 72 int32_t CheckPointFormat(HITLS_Config *config, const uint8_t *ecPointFormatList, uint32_t listSize, 73 HITLS_CERT_Key *pubkey); 74 75 /* These functions can be stored in a separate header file. */ 76 HITLS_CERT_Chain *SAL_CERT_ChainNew(void); 77 int32_t SAL_CERT_ChainAppend(HITLS_CERT_Chain *chain, HITLS_CERT_X509 *cert); 78 void SAL_CERT_ChainFree(HITLS_CERT_Chain *chain); 79 HITLS_CERT_Chain *SAL_CERT_ChainDup(CERT_MgrCtx *mgrCtx, HITLS_CERT_Chain *chain); 80 81 #define LIBCTX_FROM_CERT_MGR_CTX(mgrCtx) ((mgrCtx == NULL) ? NULL : (mgrCtx)->libCtx) 82 #define ATTRIBUTE_FROM_CERT_MGR_CTX(mgrCtx) ((mgrCtx == NULL) ? NULL : (mgrCtx)->attrName) 83 84 #ifdef __cplusplus 85 } 86 #endif 87 #endif