EST client. More...
#include "est/est_client.h"#include "est/est_client_operations.h"#include "est/est_client_misc.h"#include "pkix/pem_import.h"#include "pkix/pem_key_import.h"#include "pkix/pem_export.h"#include "encoding/asn1.h"#include "debug.h"Go to the source code of this file.
Macros | |
| #define | TRACE_LEVEL EST_TRACE_LEVEL |
Functions | |
| error_t | estClientInit (EstClientContext *context) |
| EST client initialization. More... | |
| error_t | estClientRegisterTlsInitCallback (EstClientContext *context, EstClientTlsInitCallback callback) |
| Register TLS initialization callback function. More... | |
| error_t | estClientRegisterCsrGenCallback (EstClientContext *context, EstClientCsrGenCallback callback) |
| Register CSR generation callback function. More... | |
| error_t | estClientSetPrng (EstClientContext *context, const PrngAlgo *prngAlgo, void *prngContext) |
| Set the pseudo-random number generator to be used. More... | |
| error_t | estClientSetTimeout (EstClientContext *context, systime_t timeout) |
| Set communication timeout. More... | |
| error_t | estClientSetHost (EstClientContext *context, const char_t *host) |
| Set the domain name of the EST server. More... | |
| error_t | estClientSetPathPrefix (EstClientContext *context, const char_t *pathPrefix) |
| Set path prefix. More... | |
| error_t | estClientSetAllowedAuthModes (EstClientContext *context, uint_t allowedAuthModes) |
| Set allowed HTTP authentication modes. More... | |
| error_t | estClientSetAuthInfo (EstClientContext *context, const char_t *username, const char_t *password) |
| Set authentication information. More... | |
| error_t | estClientBindToInterface (EstClientContext *context, NetInterface *interface) |
| Bind the EST client to a particular network interface. More... | |
| error_t | estClientConnect (EstClientContext *context, const IpAddr *serverIpAddr, uint16_t serverPort) |
| Specify the address of the EST server. More... | |
| error_t | estClientLoadKeyPair (EstClientContext *context, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password) |
| Load public/private key pair. More... | |
| void | estClientUnloadKeyPair (EstClientContext *context) |
| Unload public/private key pair. More... | |
| error_t | estClientLoadCert (EstClientContext *context, const char_t *input, size_t length) |
| Load client's certificate. More... | |
| error_t | estClientStoreCert (EstClientContext *context, char_t *output, size_t *written) |
| Store client's certificate. More... | |
| error_t | estClientLoadCaCerts (EstClientContext *context, const char_t *input, size_t length) |
| Load implicit TA database. More... | |
| error_t | estClientStoreCaCerts (EstClientContext *context, char_t *output, size_t *written) |
| Store CA certificates. More... | |
| error_t | estClientGetCaCerts (EstClientContext *context) |
| Get CA certificates. More... | |
| error_t | estClientEnroll (EstClientContext *context) |
| Certificate enrollment. More... | |
| error_t | estClientReEnroll (EstClientContext *context) |
| Certificate re-enrollment. More... | |
| error_t | estClientDisconnect (EstClientContext *context) |
| Gracefully disconnect from the EST server. More... | |
| error_t | estClientClose (EstClientContext *context) |
| Close the connection with the EST server. More... | |
| void | estClientDeinit (EstClientContext *context) |
| Release EST client context. More... | |
Detailed Description
EST client.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2024-2025 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneEST Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
Description
EST is a protocol used to determine the current status of a digital certificate without requiring CRLs. Refer to the following RFCs for complete details:
- RFC 6960: X.509 Internet Public Key Infrastructure EST
- RFC 8954: Online Certificate Status Protocol (EST) Nonce Extension
- Version
- 2.5.4
Definition in file est_client.c.
Macro Definition Documentation
◆ TRACE_LEVEL
| #define TRACE_LEVEL EST_TRACE_LEVEL |
Definition at line 40 of file est_client.c.
Function Documentation
◆ estClientBindToInterface()
| error_t estClientBindToInterface | ( | EstClientContext * | context, |
| NetInterface * | interface | ||
| ) |
Bind the EST client to a particular network interface.
- Parameters
-
[in] context Pointer to the EST client context [in] interface Network interface to be used
- Returns
- Error code
Definition at line 290 of file est_client.c.
◆ estClientClose()
| error_t estClientClose | ( | EstClientContext * | context | ) |
Close the connection with the EST server.
- Parameters
-
[in] context Pointer to the EST client context
- Returns
- Error code
Definition at line 1069 of file est_client.c.
◆ estClientConnect()
| error_t estClientConnect | ( | EstClientContext * | context, |
| const IpAddr * | serverIpAddr, | ||
| uint16_t | serverPort | ||
| ) |
Specify the address of the EST server.
- Parameters
-
[in] context Pointer to the EST client context [in] serverIpAddr IP address of the EST server to connect to [in] serverPort UDP port number
- Returns
- Error code
Definition at line 313 of file est_client.c.
◆ estClientDeinit()
| void estClientDeinit | ( | EstClientContext * | context | ) |
Release EST client context.
- Parameters
-
[in] context Pointer to the EST client context
Definition at line 1090 of file est_client.c.
◆ estClientDisconnect()
| error_t estClientDisconnect | ( | EstClientContext * | context | ) |
Gracefully disconnect from the EST server.
- Parameters
-
[in] context Pointer to the EST client context
- Returns
- Error code
Definition at line 1003 of file est_client.c.
◆ estClientEnroll()
| error_t estClientEnroll | ( | EstClientContext * | context | ) |
Certificate enrollment.
- Parameters
-
[in] context Pointer to the EST client context
- Returns
- Error code
Definition at line 821 of file est_client.c.
◆ estClientGetCaCerts()
| error_t estClientGetCaCerts | ( | EstClientContext * | context | ) |
Get CA certificates.
- Parameters
-
[in] context Pointer to the EST client context
- Returns
- Error code
Definition at line 762 of file est_client.c.
◆ estClientInit()
| error_t estClientInit | ( | EstClientContext * | context | ) |
EST client initialization.
- Parameters
-
[in] context Pointer to the EST client context
- Returns
- Error code
Definition at line 62 of file est_client.c.
◆ estClientLoadCaCerts()
| error_t estClientLoadCaCerts | ( | EstClientContext * | context, |
| const char_t * | input, | ||
| size_t | length | ||
| ) |
Load implicit TA database.
- Parameters
-
[in] context Pointer to the EST client context [out] input Pointer to the PEM-encoded CA certificates [out] length Length of the PEM-encoded CA certificates
- Returns
- Error code
Definition at line 659 of file est_client.c.
◆ estClientLoadCert()
| error_t estClientLoadCert | ( | EstClientContext * | context, |
| const char_t * | input, | ||
| size_t | length | ||
| ) |
Load client's certificate.
- Parameters
-
[in] context Pointer to the EST client context [out] input Pointer to the PEM-encoded certificate [out] length Length of the PEM-encoded certificate
- Returns
- Error code
Definition at line 563 of file est_client.c.
◆ estClientLoadKeyPair()
| error_t estClientLoadKeyPair | ( | EstClientContext * | context, |
| const char_t * | publicKey, | ||
| size_t | publicKeyLen, | ||
| const char_t * | privateKey, | ||
| size_t | privateKeyLen, | ||
| const char_t * | password | ||
| ) |
Load public/private key pair.
- Parameters
-
[in] context Pointer to the EST client context [in] publicKey Public key (PEM format) [in] publicKeyLen Length of the public key [in] privateKey Private key (PEM format) [in] privateKeyLen Length of the private key [in] password NULL-terminated string containing the password. This parameter is required if the private key is encrypted
- Returns
- Error code
Definition at line 429 of file est_client.c.
◆ estClientReEnroll()
| error_t estClientReEnroll | ( | EstClientContext * | context | ) |
Certificate re-enrollment.
- Parameters
-
[in] context Pointer to the EST client context
- Returns
- Error code
Definition at line 910 of file est_client.c.
◆ estClientRegisterCsrGenCallback()
| error_t estClientRegisterCsrGenCallback | ( | EstClientContext * | context, |
| EstClientCsrGenCallback | callback | ||
| ) |
Register CSR generation callback function.
- Parameters
-
[in] context Pointer to the EST client context [in] callback CSR generation callback function
- Returns
- Error code
Definition at line 131 of file est_client.c.
◆ estClientRegisterTlsInitCallback()
| error_t estClientRegisterTlsInitCallback | ( | EstClientContext * | context, |
| EstClientTlsInitCallback | callback | ||
| ) |
Register TLS initialization callback function.
- Parameters
-
[in] context Pointer to the EST client context [in] callback TLS initialization callback function
- Returns
- Error code
Definition at line 109 of file est_client.c.
◆ estClientSetAllowedAuthModes()
| error_t estClientSetAllowedAuthModes | ( | EstClientContext * | context, |
| uint_t | allowedAuthModes | ||
| ) |
Set allowed HTTP authentication modes.
- Parameters
-
[in] context Pointer to the EST client context [in] allowedAuthModes Logic OR of allowed HTTP authentication schemes
- Returns
- Error code
Definition at line 250 of file est_client.c.
◆ estClientSetAuthInfo()
| error_t estClientSetAuthInfo | ( | EstClientContext * | context, |
| const char_t * | username, | ||
| const char_t * | password | ||
| ) |
Set authentication information.
- Parameters
-
[in] context Pointer to the EST client context [in] username NULL-terminated string containing the user name to be used [in] password NULL-terminated string containing the password to be used
- Returns
- Error code
Definition at line 273 of file est_client.c.
◆ estClientSetHost()
| error_t estClientSetHost | ( | EstClientContext * | context, |
| const char_t * | host | ||
| ) |
Set the domain name of the EST server.
- Parameters
-
[in] context Pointer to the EST client context [in] host NULL-terminated string containing the host name
- Returns
- Error code
Definition at line 199 of file est_client.c.
◆ estClientSetPathPrefix()
| error_t estClientSetPathPrefix | ( | EstClientContext * | context, |
| const char_t * | pathPrefix | ||
| ) |
Set path prefix.
- Parameters
-
[in] context Pointer to the EST client context [in] uri NULL-terminated string that contains the path prefix
- Returns
- Error code
Definition at line 224 of file est_client.c.
◆ estClientSetPrng()
| error_t estClientSetPrng | ( | EstClientContext * | context, |
| const PrngAlgo * | prngAlgo, | ||
| void * | prngContext | ||
| ) |
Set the pseudo-random number generator to be used.
- Parameters
-
[in] context Pointer to the EST client context [in] prngAlgo PRNG algorithm [in] prngContext Pointer to the PRNG context
- Returns
- Error code
Definition at line 154 of file est_client.c.
◆ estClientSetTimeout()
| error_t estClientSetTimeout | ( | EstClientContext * | context, |
| systime_t | timeout | ||
| ) |
Set communication timeout.
- Parameters
-
[in] context Pointer to the EST client context [in] timeout Timeout value, in milliseconds
- Returns
- Error code
Definition at line 178 of file est_client.c.
◆ estClientStoreCaCerts()
| error_t estClientStoreCaCerts | ( | EstClientContext * | context, |
| char_t * | output, | ||
| size_t * | written | ||
| ) |
Store CA certificates.
- Parameters
-
[in] context Pointer to the EST client context [out] output Pointer to the buffer where to store the PEM-encoded CA certificates (optional parameter) [out] written Length of the resulting PEM string
- Returns
- Error code
Definition at line 717 of file est_client.c.
◆ estClientStoreCert()
| error_t estClientStoreCert | ( | EstClientContext * | context, |
| char_t * | output, | ||
| size_t * | written | ||
| ) |
Store client's certificate.
- Parameters
-
[in] context Pointer to the EST client context [out] output Pointer to the buffer where to store the PEM-encoded certificate (optional parameter) [out] written Length of the resulting PEM string
- Returns
- Error code
Definition at line 624 of file est_client.c.
◆ estClientUnloadKeyPair()
| void estClientUnloadKeyPair | ( | EstClientContext * | context | ) |
Unload public/private key pair.
- Parameters
-
[in] context Pointer to the EST client context
Definition at line 522 of file est_client.c.