1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 #ifndef CERT_METHOD_H 17 #define CERT_METHOD_H 18 19 #include <stdint.h> 20 #include "hitls_cert_type.h" 21 #include "tls_config.h" 22 23 #ifdef __cplusplus 24 extern "C" { 25 #endif 26 27 /** 28 * @brief Create a certificate store. 29 * 30 * @param mgrCtx [IN] Certificate management struct 31 * 32 * @return Certificate store 33 */ 34 HITLS_CERT_Store *SAL_CERT_StoreNew(const CERT_MgrCtx *mgrCtx); 35 36 /** 37 * @brief Copy the certificate store. 38 * 39 * @param mgrCtx [IN] Certificate management struct 40 * @param store [IN] Certificate store 41 * 42 * @return Certificate store 43 */ 44 HITLS_CERT_Store *SAL_CERT_StoreDup(const CERT_MgrCtx *mgrCtx, HITLS_CERT_Store *store); 45 46 /** 47 * @brief Release the certificate store. 48 * 49 * @param mgrCtx [IN] Certificate management struct 50 * @param store [IN] Certificate store 51 * 52 * @return void 53 */ 54 void SAL_CERT_StoreFree(const CERT_MgrCtx *mgrCtx, HITLS_CERT_Store *store); 55 56 /** 57 * @brief Construct the certificate chain. 58 * 59 * @param config [IN] TLS link configuration 60 * @param store [IN] Certificate store 61 * @param cert [IN] Device certificate 62 * @param certList [OUT] Certificate chain 63 * @param num [IN/OUT] IN: length of array OUT: length of certificate chain 64 * 65 * @retval HITLS_SUCCESS succeeded. 66 */ 67 int32_t SAL_CERT_BuildChain(HITLS_Config *config, HITLS_CERT_Store *store, HITLS_CERT_X509 *cert, 68 HITLS_CERT_X509 **certList, uint32_t *num); 69 70 /** 71 * @brief Verify the certificate chain. 72 * 73 * @param config [IN] TLS link configuration 74 * @param store [IN] Certificate store 75 * @param certList [IN] Certificate chain 76 * @param num [IN] length of certificate chain 77 * 78 * @retval HITLS_SUCCESS succeeded. 79 */ 80 int32_t SAL_CERT_VerifyChain(HITLS_Ctx *ctx, HITLS_CERT_Store *store, HITLS_CERT_X509 **certList, uint32_t num); 81 82 /** 83 * @brief Encode the certificate in ASN.1 DER format. 84 * 85 * @param ctx [IN] TLS link object 86 * @param cert [IN] Certificate 87 * @param buf [OUT] Certificate encoding data 88 * @param len [IN] buffer length 89 * @param usedLen [OUT] Data length 90 * 91 * @retval HITLS_SUCCESS succeeded. 92 */ 93 int32_t SAL_CERT_X509Encode(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, uint8_t *buf, uint32_t len, uint32_t *usedLen); 94 95 /** 96 * @brief Parse the certificate. 97 * 98 * @param libCtx [IN] library context for provider 99 * @param attrName [IN] attribute name of the provider, maybe NULL 100 * @param config [IN] TLS link configuration 101 * @param buf [IN] Certificate encoding data 102 * @param len [IN] Data length 103 * @param type [IN] Data type 104 * @param format [IN] Data format 105 * 106 * @return Certificate 107 */ 108 HITLS_CERT_X509 *SAL_CERT_X509Parse(HITLS_Lib_Ctx *libCtx, const char *attrName, 109 HITLS_Config *config, const uint8_t *buf, uint32_t len, 110 HITLS_ParseType type, HITLS_ParseFormat format); 111 112 /** 113 * @brief Copy the certificate. 114 * 115 * @param mgrCtx [IN] Certificate management struct 116 * @param cert [IN] Certificate 117 * 118 * @return Certificate 119 */ 120 HITLS_CERT_X509 *SAL_CERT_X509Dup(const CERT_MgrCtx *mgrCtx, HITLS_CERT_X509 *cert); 121 122 /** 123 * @brief Certificate reference increments by one. 124 * 125 * @param mgrCtx [IN] Certificate management struct 126 * @param cert [IN] Certificate 127 * 128 * @return Certificate 129 */ 130 HITLS_CERT_X509 *SAL_CERT_X509Ref(const CERT_MgrCtx *mgrCtx, HITLS_CERT_X509 *cert); 131 132 /** 133 * @brief Release the certificate. 134 * 135 * @param cert [IN] Certificate 136 * 137 * @return void 138 */ 139 void SAL_CERT_X509Free(HITLS_CERT_X509 *cert); 140 141 /** 142 * @brief Parse the key. 143 * 144 * @param config [IN] TLS link configuration 145 * @param buf [IN] Key coded data 146 * @param len [IN] Data length 147 * @param type [IN] Data type 148 * @param format [IN] Data format 149 * @param encodeType [IN] Data encode type 150 * 151 * @return Key 152 */ 153 HITLS_CERT_Key *SAL_CERT_KeyParse(HITLS_Config *config, const uint8_t *buf, uint32_t len, 154 HITLS_ParseType type, const char *format, const char *encodeType); 155 156 /** 157 * @brief Get the parse format string. 158 * 159 * @param format [IN] Data format 160 * 161 * @return Parse format string 162 */ 163 const char *SAL_CERT_GetParseFormatStr(HITLS_ParseFormat format); 164 165 /** 166 * @brief Copy the key. 167 * 168 * @param mgrCtx [IN] Certificate management struct 169 * @param key [IN] Key 170 * 171 * @return Key 172 */ 173 HITLS_CERT_Key *SAL_CERT_KeyDup(const CERT_MgrCtx *mgrCtx, HITLS_CERT_Key *key); 174 175 /** 176 * @brief Release the key. 177 * 178 * @param mgrCtx [IN] Certificate management struct 179 * @param cert [IN] Key 180 * 181 * @return void 182 */ 183 void SAL_CERT_KeyFree(const CERT_MgrCtx *mgrCtx, HITLS_CERT_Key *key); 184 185 /** 186 * @brief Certificate store operation function 187 * 188 * @param config [IN] TLS link configuration 189 * @param store [IN] Certificate store 190 * @param cmd [IN] Operation command 191 * @param in [IN] Input parameter 192 * @param out [OUT] Output parameter 193 * 194 * @retval HITLS_SUCCESS succeeded. 195 */ 196 int32_t SAL_CERT_StoreCtrl(HITLS_Config *config, HITLS_CERT_Store *store, HITLS_CERT_CtrlCmd cmd, void *in, void *out); 197 198 /** 199 * @brief Certificate operation function 200 * 201 * @param config [IN] TLS link configuration 202 * @param cert [IN] Certificate 203 * @param cmd [IN] Operation command 204 * @param in [IN] Input parameter 205 * @param out [OUT] Output parameter 206 * 207 * @retval HITLS_SUCCESS succeeded. 208 */ 209 int32_t SAL_CERT_X509Ctrl(HITLS_Config *config, HITLS_CERT_X509 *cert, HITLS_CERT_CtrlCmd cmd, void *in, void *out); 210 211 /** 212 * @brief Key operation function 213 * 214 * @param config [IN] TLS link configuration 215 * @param key [IN] Key 216 * @param cmd [IN] Operation command 217 * @param in [IN] Input parameter 218 * @param out [OUT] Output parameter 219 * 220 * @retval HITLS_SUCCESS succeeded. 221 */ 222 int32_t SAL_CERT_KeyCtrl(HITLS_Config *config, HITLS_CERT_Key *key, HITLS_CERT_CtrlCmd cmd, void *in, void *out); 223 224 /** 225 * @brief Verify the certificate private key pair. 226 * 227 * @param config [IN] TLS link configuration 228 * @param cert [IN] Certificate 229 * @param key [IN] Key 230 * 231 * @retval HITLS_SUCCESS succeeded. 232 */ 233 int32_t SAL_CERT_CheckPrivateKey(HITLS_Config *config, HITLS_CERT_X509 *cert, HITLS_CERT_Key *key); 234 235 #ifdef __cplusplus 236 } 237 #endif 238 #endif