• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 #include "hitls_build.h"
16 #if defined(HITLS_TLS_CALLBACK_CERT) || defined(HITLS_TLS_FEATURE_PROVIDER)
17 #include <stdint.h>
18 #include <string.h>
19 #include "bsl_sal.h"
20 #include "bsl_err_internal.h"
21 #include "hitls_cert_type.h"
22 #include "hitls_type.h"
23 #include "hitls_pki_x509.h"
24 #include "bsl_list.h"
25 #include "hitls_error.h"
26 
27 
BuildArrayFromList(HITLS_X509_List * list,HITLS_CERT_X509 ** listArray,uint32_t * num)28 static int32_t BuildArrayFromList(HITLS_X509_List *list, HITLS_CERT_X509 **listArray, uint32_t *num)
29 {
30     HITLS_X509_Cert *elemt = NULL;
31     int32_t i = 0;
32     int32_t ret;
33 
34     for (elemt = BSL_LIST_GET_FIRST(list); elemt != NULL; elemt = BSL_LIST_GET_NEXT(list), i++) {
35         int ref = 0;
36         ret = HITLS_X509_CertCtrl(elemt, HITLS_X509_REF_UP, (void *)&ref, (int32_t)sizeof(int));
37         if (ret != HITLS_SUCCESS) {
38             BSL_ERR_PUSH_ERROR(ret);
39             return ret;
40         }
41         listArray[i] = elemt;
42     }
43 
44     *num = i;
45     return HITLS_SUCCESS;
46 }
47 
BuildCertListFromCertArray(HITLS_CERT_X509 ** listCert,uint32_t num,HITLS_X509_List ** list)48 static int32_t BuildCertListFromCertArray(HITLS_CERT_X509 **listCert, uint32_t num, HITLS_X509_List **list)
49 {
50     int32_t ret = HITLS_SUCCESS;
51     HITLS_X509_Cert **listArray = (HITLS_X509_Cert **)listCert;
52     *list = BSL_LIST_New(num);
53     if (*list == NULL) {
54         BSL_ERR_PUSH_ERROR(HITLS_MEMALLOC_FAIL);
55         return HITLS_MEMALLOC_FAIL;
56     }
57     for (uint32_t i = 0; i < num; i++) {
58         int ref = 0;
59         ret = HITLS_X509_CertCtrl(listArray[i], HITLS_X509_REF_UP, (void *)&ref, (int32_t)sizeof(int));
60         if (ret != HITLS_SUCCESS) {
61             BSL_LIST_FREE(*list, (BSL_LIST_PFUNC_FREE)HITLS_X509_CertFree);
62             return ret;
63         }
64         ret = BSL_LIST_AddElement(*list, listArray[i], BSL_LIST_POS_END);
65         if (ret != HITLS_SUCCESS) {
66             BSL_ERR_PUSH_ERROR(ret);
67             BSL_LIST_FREE(*list, (BSL_LIST_PFUNC_FREE)HITLS_X509_CertFree);
68             return ret;
69         }
70     }
71     return HITLS_SUCCESS;
72 }
73 
HITLS_X509_Adapt_BuildCertChain(HITLS_Config * config,HITLS_CERT_Store * store,HITLS_CERT_X509 * cert,HITLS_CERT_X509 ** list,uint32_t * num)74 int32_t HITLS_X509_Adapt_BuildCertChain(HITLS_Config *config, HITLS_CERT_Store *store, HITLS_CERT_X509 *cert,
75     HITLS_CERT_X509 **list, uint32_t *num)
76 {
77     (void)config;
78     *num = 0;
79     HITLS_X509_List *certChain = NULL;
80     int32_t ret = HITLS_X509_CertChainBuild((HITLS_X509_StoreCtx *)store, false, cert, &certChain);
81     if (ret != HITLS_SUCCESS) {
82         return ret;
83     }
84     ret = BuildArrayFromList(certChain, list, num);
85     BSL_LIST_FREE(certChain, (BSL_LIST_PFUNC_FREE)HITLS_X509_CertFree);
86     return ret;
87 }
88 
HITLS_X509_Adapt_VerifyCertChain(HITLS_Ctx * ctx,HITLS_CERT_Store * store,HITLS_CERT_X509 ** list,uint32_t num)89 int32_t HITLS_X509_Adapt_VerifyCertChain(HITLS_Ctx *ctx, HITLS_CERT_Store *store, HITLS_CERT_X509 **list, uint32_t num)
90 {
91     (void)ctx;
92     /* The default user id as specified in GM/T 0009-2012 */
93     char sm2DefaultUserid[] = "1234567812345678";
94     HITLS_X509_List *certList = NULL;
95     int32_t ret = BuildCertListFromCertArray(list, num, &certList);
96     if (ret != HITLS_SUCCESS) {
97         return ret;
98     }
99     int64_t sysTime = BSL_SAL_CurrentSysTimeGet();
100     if (sysTime == 0) {
101         ret = HITLS_CERT_SELF_ADAPT_INVALID_TIME;
102         BSL_ERR_PUSH_ERROR(HITLS_CERT_SELF_ADAPT_INVALID_TIME);
103         goto EXIT;
104     }
105     ret = HITLS_X509_StoreCtxCtrl((HITLS_X509_StoreCtx *)store, HITLS_X509_STORECTX_SET_TIME, &sysTime,
106         sizeof(sysTime));
107     if (ret != HITLS_SUCCESS) {
108         BSL_ERR_PUSH_ERROR(ret);
109         goto EXIT;
110     }
111     ret = HITLS_X509_StoreCtxCtrl((HITLS_X509_StoreCtx *)store, HITLS_X509_STORECTX_SET_VFY_SM2_USERID,
112         sm2DefaultUserid, strlen(sm2DefaultUserid));
113     if (ret != HITLS_SUCCESS) {
114         BSL_ERR_PUSH_ERROR(ret);
115         goto EXIT;
116     }
117     ret = HITLS_X509_CertVerify((HITLS_X509_StoreCtx *)store, certList);
118     if (ret != HITLS_SUCCESS) {
119         BSL_ERR_PUSH_ERROR(ret);
120     }
121 
122 EXIT:
123     BSL_LIST_FREE(certList, (BSL_LIST_PFUNC_FREE)HITLS_X509_CertFree);
124     return ret;
125 }
126 #endif /* defined(HITLS_TLS_CALLBACK_CERT) || defined(HITLS_TLS_FEATURE_PROVIDER) */
127