Macros | Functions
scep_client.c File Reference

SCEP client. More...

#include "scep/scep_client.h"
#include "scep/scep_client_operations.h"
#include "scep/scep_client_misc.h"
#include "pkix/pem_import.h"
#include "pkix/pem_key_import.h"
#include "pkix/pem_export.h"
#include "encoding/asn1.h"
#include "debug.h"

Go to the source code of this file.

Macros

#define TRACE_LEVEL   SCEP_TRACE_LEVEL
 

Functions

error_t scepClientInit (ScepClientContext *context)
 SCEP client initialization. More...
 
error_t scepClientRegisterTlsInitCallback (ScepClientContext *context, ScepClientTlsInitCallback callback)
 Register TLS initialization callback function. More...
 
error_t scepClientRegisterCaCertVerifyCallback (ScepClientContext *context, ScepClientCaCertVerifyCallback callback)
 Register CA certificate verification callback function. More...
 
error_t scepClientRegisterCsrGenCallback (ScepClientContext *context, ScepClientCsrGenCallback callback)
 Register CSR generation callback function. More...
 
error_t scepClientRegisterSelfSignedCertGenCallback (ScepClientContext *context, ScepClientSelfSignedCertGenCallback callback)
 Register self-signed certificate generation callback function. More...
 
error_t scepClientSetPrng (ScepClientContext *context, const PrngAlgo *prngAlgo, void *prngContext)
 Set the pseudo-random number generator to be used. More...
 
error_t scepClientSetTimeout (ScepClientContext *context, systime_t timeout)
 Set communication timeout. More...
 
error_t scepClientSetHost (ScepClientContext *context, const char_t *host)
 Set the domain name of the SCEP server. More...
 
error_t scepClientSetUri (ScepClientContext *context, const char_t *uri)
 Set request URI. More...
 
error_t scepClientBindToInterface (ScepClientContext *context, NetInterface *interface)
 Bind the SCEP client to a particular network interface. More...
 
error_t scepClientConnect (ScepClientContext *context, const IpAddr *serverIpAddr, uint16_t serverPort)
 Specify the address of the SCEP server. More...
 
error_t scepClientLoadKeyPair (ScepClientContext *context, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password)
 Load public/private key pair. More...
 
void scepClientUnloadKeyPair (ScepClientContext *context)
 Unload public/private key pair. More...
 
error_t scepClientLoadCert (ScepClientContext *context, const char_t *input, size_t length)
 Load client's certificate. More...
 
error_t scepClientStoreCert (ScepClientContext *context, char_t *output, size_t *written)
 Store client's certificate. More...
 
error_t scepClientLoadCaCert (ScepClientContext *context, const char_t *input, size_t length)
 Load out of band CA certificate. More...
 
error_t scepClientStoreCaCert (ScepClientContext *context, char_t *output, size_t *written)
 Store CA certificate. More...
 
error_t scepClientGetCaCaps (ScepClientContext *context, uint_t *caCaps)
 Request capabilities from a CA. More...
 
error_t scepClientGetCaCert (ScepClientContext *context)
 Get CA certificate. More...
 
error_t scepClientEnroll (ScepClientContext *context)
 Certificate enrollment. More...
 
error_t scepClientRenew (ScepClientContext *context)
 Certificate renewal. More...
 
error_t scepClientPoll (ScepClientContext *context)
 Certificate polling. More...
 
ScepFailInfo scepClientGetFailInfo (ScepClientContext *context)
 Get failure reason. More...
 
error_t scepClientDisconnect (ScepClientContext *context)
 Gracefully disconnect from the SCEP server. More...
 
error_t scepClientClose (ScepClientContext *context)
 Close the connection with the SCEP server. More...
 
void scepClientDeinit (ScepClientContext *context)
 Release SCEP client context. More...
 

Detailed Description

SCEP client.

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2024-2025 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneSCEP Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Description

SCEP is a protocol used to determine the current status of a digital certificate without requiring CRLs. Refer to the following RFCs for complete details:

  • RFC 6960: X.509 Internet Public Key Infrastructure SCEP
  • RFC 8954: Online Certificate Status Protocol (SCEP) Nonce Extension
Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.5.4

Definition in file scep_client.c.

Macro Definition Documentation

◆ TRACE_LEVEL

#define TRACE_LEVEL   SCEP_TRACE_LEVEL

Definition at line 40 of file scep_client.c.

Function Documentation

◆ scepClientBindToInterface()

error_t scepClientBindToInterface ( ScepClientContext context,
NetInterface interface 
)

Bind the SCEP client to a particular network interface.

Parameters
[in]contextPointer to the SCEP client context
[in]interfaceNetwork interface to be used
Returns
Error code

Definition at line 289 of file scep_client.c.

◆ scepClientClose()

error_t scepClientClose ( ScepClientContext context)

Close the connection with the SCEP server.

Parameters
[in]contextPointer to the SCEP client context
Returns
Error code

Definition at line 1315 of file scep_client.c.

◆ scepClientConnect()

error_t scepClientConnect ( ScepClientContext context,
const IpAddr serverIpAddr,
uint16_t  serverPort 
)

Specify the address of the SCEP server.

Parameters
[in]contextPointer to the SCEP client context
[in]serverIpAddrIP address of the SCEP server to connect to
[in]serverPortUDP port number
Returns
Error code

Definition at line 312 of file scep_client.c.

◆ scepClientDeinit()

void scepClientDeinit ( ScepClientContext context)

Release SCEP client context.

Parameters
[in]contextPointer to the SCEP client context

Definition at line 1336 of file scep_client.c.

◆ scepClientDisconnect()

error_t scepClientDisconnect ( ScepClientContext context)

Gracefully disconnect from the SCEP server.

Parameters
[in]contextPointer to the SCEP client context
Returns
Error code

Definition at line 1249 of file scep_client.c.

◆ scepClientEnroll()

error_t scepClientEnroll ( ScepClientContext context)

Certificate enrollment.

Parameters
[in]contextPointer to the SCEP client context
Returns
Error code

Definition at line 874 of file scep_client.c.

◆ scepClientGetCaCaps()

error_t scepClientGetCaCaps ( ScepClientContext context,
uint_t caCaps 
)

Request capabilities from a CA.

Parameters
[in]contextPointer to the SCEP client context
[out]caCapsList of CA capabilities
Returns
Error code

Definition at line 751 of file scep_client.c.

◆ scepClientGetCaCert()

error_t scepClientGetCaCert ( ScepClientContext context)

Get CA certificate.

Parameters
[in]contextPointer to the SCEP client context
Returns
Error code

Definition at line 814 of file scep_client.c.

◆ scepClientGetFailInfo()

ScepFailInfo scepClientGetFailInfo ( ScepClientContext context)

Get failure reason.

Parameters
[in]contextPointer to the SCEP client context
Returns
Failure reason

Definition at line 1224 of file scep_client.c.

◆ scepClientInit()

error_t scepClientInit ( ScepClientContext context)

SCEP client initialization.

Parameters
[in]contextPointer to the SCEP client context
Returns
Error code

Definition at line 62 of file scep_client.c.

◆ scepClientLoadCaCert()

error_t scepClientLoadCaCert ( ScepClientContext context,
const char_t input,
size_t  length 
)

Load out of band CA certificate.

Parameters
[in]contextPointer to the SCEP client context
[out]inputPointer to the PEM-encoded CA certificate
[out]lengthLength of the PEM-encoded CA certificate
Returns
Error code

Definition at line 620 of file scep_client.c.

◆ scepClientLoadCert()

error_t scepClientLoadCert ( ScepClientContext context,
const char_t input,
size_t  length 
)

Load client's certificate.

Parameters
[in]contextPointer to the SCEP client context
[out]inputPointer to the PEM-encoded certificate
[out]lengthLength of the PEM-encoded certificate
Returns
Error code

Definition at line 524 of file scep_client.c.

◆ scepClientLoadKeyPair()

error_t scepClientLoadKeyPair ( ScepClientContext context,
const char_t publicKey,
size_t  publicKeyLen,
const char_t privateKey,
size_t  privateKeyLen,
const char_t password 
)

Load public/private key pair.

Parameters
[in]contextPointer to the SCEP client context
[in]publicKeyPublic key (PEM format)
[in]publicKeyLenLength of the public key
[in]privateKeyPrivate key (PEM format)
[in]privateKeyLenLength of the private key
[in]passwordNULL-terminated string containing the password. This parameter is required if the private key is encrypted
Returns
Error code

Definition at line 425 of file scep_client.c.

◆ scepClientPoll()

error_t scepClientPoll ( ScepClientContext context)

Certificate polling.

Parameters
[in]contextPointer to the SCEP client context
Returns
Error code

Definition at line 1160 of file scep_client.c.

◆ scepClientRegisterCaCertVerifyCallback()

error_t scepClientRegisterCaCertVerifyCallback ( ScepClientContext context,
ScepClientCaCertVerifyCallback  callback 
)

Register CA certificate verification callback function.

Parameters
[in]contextPointer to the SCEP client context
[in]callbackCA certificate verification callback function
Returns
Error code

Definition at line 128 of file scep_client.c.

◆ scepClientRegisterCsrGenCallback()

error_t scepClientRegisterCsrGenCallback ( ScepClientContext context,
ScepClientCsrGenCallback  callback 
)

Register CSR generation callback function.

Parameters
[in]contextPointer to the SCEP client context
[in]callbackCSR generation callback function
Returns
Error code

Definition at line 150 of file scep_client.c.

◆ scepClientRegisterSelfSignedCertGenCallback()

error_t scepClientRegisterSelfSignedCertGenCallback ( ScepClientContext context,
ScepClientSelfSignedCertGenCallback  callback 
)

Register self-signed certificate generation callback function.

Parameters
[in]contextPointer to the SCEP client context
[in]callbackSelf-signed certificate generation callback function
Returns
Error code

Definition at line 172 of file scep_client.c.

◆ scepClientRegisterTlsInitCallback()

error_t scepClientRegisterTlsInitCallback ( ScepClientContext context,
ScepClientTlsInitCallback  callback 
)

Register TLS initialization callback function.

Parameters
[in]contextPointer to the SCEP client context
[in]callbackTLS initialization callback function
Returns
Error code

Definition at line 104 of file scep_client.c.

◆ scepClientRenew()

error_t scepClientRenew ( ScepClientContext context)

Certificate renewal.

Parameters
[in]contextPointer to the SCEP client context
Returns
Error code

Definition at line 1022 of file scep_client.c.

◆ scepClientSetHost()

error_t scepClientSetHost ( ScepClientContext context,
const char_t host 
)

Set the domain name of the SCEP server.

Parameters
[in]contextPointer to the SCEP client context
[in]hostNULL-terminated string containing the host name
Returns
Error code

Definition at line 240 of file scep_client.c.

◆ scepClientSetPrng()

error_t scepClientSetPrng ( ScepClientContext context,
const PrngAlgo prngAlgo,
void *  prngContext 
)

Set the pseudo-random number generator to be used.

Parameters
[in]contextPointer to the SCEP client context
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
Returns
Error code

Definition at line 195 of file scep_client.c.

◆ scepClientSetTimeout()

error_t scepClientSetTimeout ( ScepClientContext context,
systime_t  timeout 
)

Set communication timeout.

Parameters
[in]contextPointer to the SCEP client context
[in]timeoutTimeout value, in milliseconds
Returns
Error code

Definition at line 219 of file scep_client.c.

◆ scepClientSetUri()

error_t scepClientSetUri ( ScepClientContext context,
const char_t uri 
)

Set request URI.

Parameters
[in]contextPointer to the SCEP client context
[in]uriNULL-terminated string that contains the resource name
Returns
Error code

Definition at line 265 of file scep_client.c.

◆ scepClientStoreCaCert()

error_t scepClientStoreCaCert ( ScepClientContext context,
char_t output,
size_t *  written 
)

Store CA certificate.

Parameters
[in]contextPointer to the SCEP client context
[out]outputPointer to the buffer where to store the PEM-encoded CA certificate (optional parameter)
[out]writtenLength of the resulting PEM string
Returns
Error code

Definition at line 681 of file scep_client.c.

◆ scepClientStoreCert()

error_t scepClientStoreCert ( ScepClientContext context,
char_t output,
size_t *  written 
)

Store client's certificate.

Parameters
[in]contextPointer to the SCEP client context
[out]outputPointer to the buffer where to store the PEM-encoded certificate (optional parameter)
[out]writtenLength of the resulting PEM string
Returns
Error code

Definition at line 585 of file scep_client.c.

◆ scepClientUnloadKeyPair()

void scepClientUnloadKeyPair ( ScepClientContext context)

Unload public/private key pair.

Parameters
[in]contextPointer to the SCEP client context

Definition at line 493 of file scep_client.c.