SCEP client. More...
Go to the source code of this file.
Data Structures | |
| struct | _ScepClientContext |
| SCEP client context. More... | |
Macros | |
| #define | SCEP_CLIENT_SUPPORT DISABLED |
| #define | SCEP_CLIENT_TLS_SUPPORT DISABLED |
| #define | SCEP_CLIENT_3DES_SUPPORT DISABLED |
| #define | SCEP_CLIENT_AES_SUPPORT ENABLED |
| #define | SCEP_CLIENT_SHA1_SUPPORT DISABLED |
| #define | SCEP_CLIENT_SHA256_SUPPORT ENABLED |
| #define | SCEP_CLIENT_SHA512_SUPPORT DISABLED |
| #define | SCEP_CLIENT_RSA_SUPPORT ENABLED |
| #define | SCEP_CLIENT_DEFAULT_TIMEOUT 20000 |
| #define | SCEP_CLIENT_BUFFER_SIZE 8192 |
| #define | SCEP_CLIENT_MAX_HOST_LEN 64 |
| #define | SCEP_CLIENT_MAX_URI_LEN 32 |
| #define | SCEP_CLIENT_MAX_CONTENT_TYPE_LEN 40 |
| #define | SCEP_CLIENT_MAX_CSR_LEN 1024 |
| #define | SCEP_CLIENT_MAX_CERT_LEN 2048 |
| #define | SCEP_CLIENT_MAX_CA_CERT_LEN 4096 |
| #define | SCEP_CLIENT_TRANSACTION_ID_SIZE 16 |
| #define | SCEP_CLIENT_PRIVATE_CONTEXT |
| #define | ScepClientContext struct _ScepClientContext |
Typedefs | |
| typedef error_t(* | ScepClientTlsInitCallback) (ScepClientContext *context, TlsContext *tlsContext) |
| TLS initialization callback function. More... | |
| typedef error_t(* | ScepClientCaCertVerifyCallback) (ScepClientContext *context, const X509CertInfo *certInfo) |
| CA certificate verification callback function. More... | |
| typedef error_t(* | ScepClientCsrGenCallback) (ScepClientContext *context, uint8_t *buffer, size_t size, size_t *length) |
| CSR generation callback function. More... | |
| typedef error_t(* | ScepClientSelfSignedCertGenCallback) (ScepClientContext *context, uint8_t *buffer, size_t size, size_t *length) |
| Self-signed certificate generation callback function. More... | |
Enumerations | |
| enum | ScepClientState { SCEP_CLIENT_STATE_DISCONNECTED = 0, SCEP_CLIENT_STATE_CONNECTING = 1, SCEP_CLIENT_STATE_CONNECTED = 2, SCEP_CLIENT_STATE_GET_CA_CAPS = 3, SCEP_CLIENT_STATE_GET_CA = 4, SCEP_CLIENT_STATE_CSR_GEN = 5, SCEP_CLIENT_STATE_SELF_SIGNED_CERT_GEN = 6, SCEP_CLIENT_STATE_TRANSACTION_ID_GEN = 7, SCEP_CLIENT_STATE_PKCS_REQ = 8, SCEP_CLIENT_STATE_RENEWAL_REQ = 9, SCEP_CLIENT_STATE_CERT_POLL = 10, SCEP_CLIENT_STATE_DISCONNECTING = 11 } |
| SCEP client states. More... | |
| enum | ScepRequestState { SCEP_REQ_STATE_INIT = 0, SCEP_REQ_STATE_FORMAT_HEADER = 1, SCEP_REQ_STATE_SEND_HEADER = 2, SCEP_REQ_STATE_FORMAT_BODY = 3, SCEP_REQ_STATE_SEND_BODY = 4, SCEP_REQ_STATE_RECEIVE_HEADER = 5, SCEP_REQ_STATE_PARSE_HEADER = 6, SCEP_REQ_STATE_RECEIVE_BODY = 7, SCEP_REQ_STATE_CLOSE_BODY = 8, SCEP_REQ_STATE_COMPLETE = 9 } |
| HTTP request states. More... | |
Functions | |
| error_t | scepClientInit (ScepClientContext *context) |
| SCEP client initialization. More... | |
| error_t | scepClientRegisterTlsInitCallback (ScepClientContext *context, ScepClientTlsInitCallback callback) |
| Register TLS initialization callback function. More... | |
| error_t | scepClientRegisterCaCertVerifyCallback (ScepClientContext *context, ScepClientCaCertVerifyCallback callback) |
| Register CA certificate verification callback function. More... | |
| error_t | scepClientRegisterCsrGenCallback (ScepClientContext *context, ScepClientCsrGenCallback callback) |
| Register CSR generation callback function. More... | |
| error_t | scepClientRegisterSelfSignedCertGenCallback (ScepClientContext *context, ScepClientSelfSignedCertGenCallback callback) |
| Register self-signed certificate generation callback function. More... | |
| error_t | scepClientSetPrng (ScepClientContext *context, const PrngAlgo *prngAlgo, void *prngContext) |
| Set the pseudo-random number generator to be used. More... | |
| error_t | scepClientSetTimeout (ScepClientContext *context, systime_t timeout) |
| Set communication timeout. More... | |
| error_t | scepClientSetHost (ScepClientContext *context, const char_t *host) |
| Set the domain name of the SCEP server. More... | |
| error_t | scepClientSetUri (ScepClientContext *context, const char_t *uri) |
| Set request URI. More... | |
| error_t | scepClientBindToInterface (ScepClientContext *context, NetInterface *interface) |
| Bind the SCEP client to a particular network interface. More... | |
| error_t | scepClientConnect (ScepClientContext *context, const IpAddr *serverIpAddr, uint16_t serverPort) |
| Specify the address of the SCEP server. More... | |
| error_t | scepClientLoadKeyPair (ScepClientContext *context, const char_t *publicKey, size_t publicKeyLen, const char_t *privateKey, size_t privateKeyLen, const char_t *password) |
| Load public/private key pair. More... | |
| void | scepClientUnloadKeyPair (ScepClientContext *context) |
| Unload public/private key pair. More... | |
| error_t | scepClientLoadCert (ScepClientContext *context, const char_t *input, size_t length) |
| Load client's certificate. More... | |
| error_t | scepClientStoreCert (ScepClientContext *context, char_t *output, size_t *written) |
| Store client's certificate. More... | |
| error_t | scepClientLoadCaCert (ScepClientContext *context, const char_t *input, size_t length) |
| Load out of band CA certificate. More... | |
| error_t | scepClientStoreCaCert (ScepClientContext *context, char_t *output, size_t *written) |
| Store CA certificate. More... | |
| error_t | scepClientGetCaCaps (ScepClientContext *context, uint_t *caCaps) |
| Request capabilities from a CA. More... | |
| error_t | scepClientGetCaCert (ScepClientContext *context) |
| Get CA certificate. More... | |
| error_t | scepClientEnroll (ScepClientContext *context) |
| Certificate enrollment. More... | |
| error_t | scepClientRenew (ScepClientContext *context) |
| Certificate renewal. More... | |
| error_t | scepClientPoll (ScepClientContext *context) |
| Certificate polling. More... | |
| ScepFailInfo | scepClientGetFailInfo (ScepClientContext *context) |
| Get failure reason. More... | |
| error_t | scepClientDisconnect (ScepClientContext *context) |
| Gracefully disconnect from the SCEP server. More... | |
| error_t | scepClientClose (ScepClientContext *context) |
| Close the connection with the SCEP server. More... | |
| void | scepClientDeinit (ScepClientContext *context) |
| Release SCEP client context. More... | |
Detailed Description
SCEP client.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2024-2025 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneSCEP Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.5.4
Definition in file scep_client.h.
Macro Definition Documentation
◆ SCEP_CLIENT_3DES_SUPPORT
| #define SCEP_CLIENT_3DES_SUPPORT DISABLED |
Definition at line 55 of file scep_client.h.
◆ SCEP_CLIENT_AES_SUPPORT
| #define SCEP_CLIENT_AES_SUPPORT ENABLED |
Definition at line 62 of file scep_client.h.
◆ SCEP_CLIENT_BUFFER_SIZE
| #define SCEP_CLIENT_BUFFER_SIZE 8192 |
Definition at line 104 of file scep_client.h.
◆ SCEP_CLIENT_DEFAULT_TIMEOUT
| #define SCEP_CLIENT_DEFAULT_TIMEOUT 20000 |
Definition at line 97 of file scep_client.h.
◆ SCEP_CLIENT_MAX_CA_CERT_LEN
| #define SCEP_CLIENT_MAX_CA_CERT_LEN 4096 |
Definition at line 146 of file scep_client.h.
◆ SCEP_CLIENT_MAX_CERT_LEN
| #define SCEP_CLIENT_MAX_CERT_LEN 2048 |
Definition at line 139 of file scep_client.h.
◆ SCEP_CLIENT_MAX_CONTENT_TYPE_LEN
| #define SCEP_CLIENT_MAX_CONTENT_TYPE_LEN 40 |
Definition at line 125 of file scep_client.h.
◆ SCEP_CLIENT_MAX_CSR_LEN
| #define SCEP_CLIENT_MAX_CSR_LEN 1024 |
Definition at line 132 of file scep_client.h.
◆ SCEP_CLIENT_MAX_HOST_LEN
| #define SCEP_CLIENT_MAX_HOST_LEN 64 |
Definition at line 111 of file scep_client.h.
◆ SCEP_CLIENT_MAX_URI_LEN
| #define SCEP_CLIENT_MAX_URI_LEN 32 |
Definition at line 118 of file scep_client.h.
◆ SCEP_CLIENT_PRIVATE_CONTEXT
| #define SCEP_CLIENT_PRIVATE_CONTEXT |
Definition at line 160 of file scep_client.h.
◆ SCEP_CLIENT_RSA_SUPPORT
| #define SCEP_CLIENT_RSA_SUPPORT ENABLED |
Definition at line 90 of file scep_client.h.
◆ SCEP_CLIENT_SHA1_SUPPORT
| #define SCEP_CLIENT_SHA1_SUPPORT DISABLED |
Definition at line 69 of file scep_client.h.
◆ SCEP_CLIENT_SHA256_SUPPORT
| #define SCEP_CLIENT_SHA256_SUPPORT ENABLED |
Definition at line 76 of file scep_client.h.
◆ SCEP_CLIENT_SHA512_SUPPORT
| #define SCEP_CLIENT_SHA512_SUPPORT DISABLED |
Definition at line 83 of file scep_client.h.
◆ SCEP_CLIENT_SUPPORT
| #define SCEP_CLIENT_SUPPORT DISABLED |
Definition at line 41 of file scep_client.h.
◆ SCEP_CLIENT_TLS_SUPPORT
| #define SCEP_CLIENT_TLS_SUPPORT DISABLED |
Definition at line 48 of file scep_client.h.
◆ SCEP_CLIENT_TRANSACTION_ID_SIZE
| #define SCEP_CLIENT_TRANSACTION_ID_SIZE 16 |
Definition at line 153 of file scep_client.h.
◆ ScepClientContext
| #define ScepClientContext struct _ScepClientContext |
Definition at line 165 of file scep_client.h.
Typedef Documentation
◆ ScepClientCaCertVerifyCallback
| typedef error_t(* ScepClientCaCertVerifyCallback) (ScepClientContext *context, const X509CertInfo *certInfo) |
CA certificate verification callback function.
Definition at line 230 of file scep_client.h.
◆ ScepClientCsrGenCallback
| typedef error_t(* ScepClientCsrGenCallback) (ScepClientContext *context, uint8_t *buffer, size_t size, size_t *length) |
CSR generation callback function.
Definition at line 238 of file scep_client.h.
◆ ScepClientSelfSignedCertGenCallback
| typedef error_t(* ScepClientSelfSignedCertGenCallback) (ScepClientContext *context, uint8_t *buffer, size_t size, size_t *length) |
Self-signed certificate generation callback function.
Definition at line 246 of file scep_client.h.
◆ ScepClientTlsInitCallback
| typedef error_t(* ScepClientTlsInitCallback) (ScepClientContext *context, TlsContext *tlsContext) |
TLS initialization callback function.
Definition at line 220 of file scep_client.h.
Enumeration Type Documentation
◆ ScepClientState
| enum ScepClientState |
SCEP client states.
Definition at line 177 of file scep_client.h.
◆ ScepRequestState
| enum ScepRequestState |
HTTP request states.
Definition at line 198 of file scep_client.h.
Function Documentation
◆ scepClientBindToInterface()
| error_t scepClientBindToInterface | ( | ScepClientContext * | context, |
| NetInterface * | interface | ||
| ) |
Bind the SCEP client to a particular network interface.
- Parameters
-
[in] context Pointer to the SCEP client context [in] interface Network interface to be used
- Returns
- Error code
Definition at line 289 of file scep_client.c.
◆ scepClientClose()
| error_t scepClientClose | ( | ScepClientContext * | context | ) |
Close the connection with the SCEP server.
- Parameters
-
[in] context Pointer to the SCEP client context
- Returns
- Error code
Definition at line 1315 of file scep_client.c.
◆ scepClientConnect()
| error_t scepClientConnect | ( | ScepClientContext * | context, |
| const IpAddr * | serverIpAddr, | ||
| uint16_t | serverPort | ||
| ) |
Specify the address of the SCEP server.
- Parameters
-
[in] context Pointer to the SCEP client context [in] serverIpAddr IP address of the SCEP server to connect to [in] serverPort UDP port number
- Returns
- Error code
Definition at line 312 of file scep_client.c.
◆ scepClientDeinit()
| void scepClientDeinit | ( | ScepClientContext * | context | ) |
Release SCEP client context.
- Parameters
-
[in] context Pointer to the SCEP client context
Definition at line 1336 of file scep_client.c.
◆ scepClientDisconnect()
| error_t scepClientDisconnect | ( | ScepClientContext * | context | ) |
Gracefully disconnect from the SCEP server.
- Parameters
-
[in] context Pointer to the SCEP client context
- Returns
- Error code
Definition at line 1249 of file scep_client.c.
◆ scepClientEnroll()
| error_t scepClientEnroll | ( | ScepClientContext * | context | ) |
Certificate enrollment.
- Parameters
-
[in] context Pointer to the SCEP client context
- Returns
- Error code
Definition at line 874 of file scep_client.c.
◆ scepClientGetCaCaps()
| error_t scepClientGetCaCaps | ( | ScepClientContext * | context, |
| uint_t * | caCaps | ||
| ) |
Request capabilities from a CA.
- Parameters
-
[in] context Pointer to the SCEP client context [out] caCaps List of CA capabilities
- Returns
- Error code
Definition at line 751 of file scep_client.c.
◆ scepClientGetCaCert()
| error_t scepClientGetCaCert | ( | ScepClientContext * | context | ) |
Get CA certificate.
- Parameters
-
[in] context Pointer to the SCEP client context
- Returns
- Error code
Definition at line 814 of file scep_client.c.
◆ scepClientGetFailInfo()
| ScepFailInfo scepClientGetFailInfo | ( | ScepClientContext * | context | ) |
Get failure reason.
- Parameters
-
[in] context Pointer to the SCEP client context
- Returns
- Failure reason
Definition at line 1224 of file scep_client.c.
◆ scepClientInit()
| error_t scepClientInit | ( | ScepClientContext * | context | ) |
SCEP client initialization.
- Parameters
-
[in] context Pointer to the SCEP client context
- Returns
- Error code
Definition at line 62 of file scep_client.c.
◆ scepClientLoadCaCert()
| error_t scepClientLoadCaCert | ( | ScepClientContext * | context, |
| const char_t * | input, | ||
| size_t | length | ||
| ) |
Load out of band CA certificate.
- Parameters
-
[in] context Pointer to the SCEP client context [out] input Pointer to the PEM-encoded CA certificate [out] length Length of the PEM-encoded CA certificate
- Returns
- Error code
Definition at line 620 of file scep_client.c.
◆ scepClientLoadCert()
| error_t scepClientLoadCert | ( | ScepClientContext * | context, |
| const char_t * | input, | ||
| size_t | length | ||
| ) |
Load client's certificate.
- Parameters
-
[in] context Pointer to the SCEP client context [out] input Pointer to the PEM-encoded certificate [out] length Length of the PEM-encoded certificate
- Returns
- Error code
Definition at line 524 of file scep_client.c.
◆ scepClientLoadKeyPair()
| error_t scepClientLoadKeyPair | ( | ScepClientContext * | context, |
| const char_t * | publicKey, | ||
| size_t | publicKeyLen, | ||
| const char_t * | privateKey, | ||
| size_t | privateKeyLen, | ||
| const char_t * | password | ||
| ) |
Load public/private key pair.
- Parameters
-
[in] context Pointer to the SCEP client context [in] publicKey Public key (PEM format) [in] publicKeyLen Length of the public key [in] privateKey Private key (PEM format) [in] privateKeyLen Length of the private key [in] password NULL-terminated string containing the password. This parameter is required if the private key is encrypted
- Returns
- Error code
Definition at line 425 of file scep_client.c.
◆ scepClientPoll()
| error_t scepClientPoll | ( | ScepClientContext * | context | ) |
Certificate polling.
- Parameters
-
[in] context Pointer to the SCEP client context
- Returns
- Error code
Definition at line 1160 of file scep_client.c.
◆ scepClientRegisterCaCertVerifyCallback()
| error_t scepClientRegisterCaCertVerifyCallback | ( | ScepClientContext * | context, |
| ScepClientCaCertVerifyCallback | callback | ||
| ) |
Register CA certificate verification callback function.
- Parameters
-
[in] context Pointer to the SCEP client context [in] callback CA certificate verification callback function
- Returns
- Error code
Definition at line 128 of file scep_client.c.
◆ scepClientRegisterCsrGenCallback()
| error_t scepClientRegisterCsrGenCallback | ( | ScepClientContext * | context, |
| ScepClientCsrGenCallback | callback | ||
| ) |
Register CSR generation callback function.
- Parameters
-
[in] context Pointer to the SCEP client context [in] callback CSR generation callback function
- Returns
- Error code
Definition at line 150 of file scep_client.c.
◆ scepClientRegisterSelfSignedCertGenCallback()
| error_t scepClientRegisterSelfSignedCertGenCallback | ( | ScepClientContext * | context, |
| ScepClientSelfSignedCertGenCallback | callback | ||
| ) |
Register self-signed certificate generation callback function.
- Parameters
-
[in] context Pointer to the SCEP client context [in] callback Self-signed certificate generation callback function
- Returns
- Error code
Definition at line 172 of file scep_client.c.
◆ scepClientRegisterTlsInitCallback()
| error_t scepClientRegisterTlsInitCallback | ( | ScepClientContext * | context, |
| ScepClientTlsInitCallback | callback | ||
| ) |
Register TLS initialization callback function.
- Parameters
-
[in] context Pointer to the SCEP client context [in] callback TLS initialization callback function
- Returns
- Error code
Definition at line 104 of file scep_client.c.
◆ scepClientRenew()
| error_t scepClientRenew | ( | ScepClientContext * | context | ) |
Certificate renewal.
- Parameters
-
[in] context Pointer to the SCEP client context
- Returns
- Error code
Definition at line 1022 of file scep_client.c.
◆ scepClientSetHost()
| error_t scepClientSetHost | ( | ScepClientContext * | context, |
| const char_t * | host | ||
| ) |
Set the domain name of the SCEP server.
- Parameters
-
[in] context Pointer to the SCEP client context [in] host NULL-terminated string containing the host name
- Returns
- Error code
Definition at line 240 of file scep_client.c.
◆ scepClientSetPrng()
| error_t scepClientSetPrng | ( | ScepClientContext * | context, |
| const PrngAlgo * | prngAlgo, | ||
| void * | prngContext | ||
| ) |
Set the pseudo-random number generator to be used.
- Parameters
-
[in] context Pointer to the SCEP client context [in] prngAlgo PRNG algorithm [in] prngContext Pointer to the PRNG context
- Returns
- Error code
Definition at line 195 of file scep_client.c.
◆ scepClientSetTimeout()
| error_t scepClientSetTimeout | ( | ScepClientContext * | context, |
| systime_t | timeout | ||
| ) |
Set communication timeout.
- Parameters
-
[in] context Pointer to the SCEP client context [in] timeout Timeout value, in milliseconds
- Returns
- Error code
Definition at line 219 of file scep_client.c.
◆ scepClientSetUri()
| error_t scepClientSetUri | ( | ScepClientContext * | context, |
| const char_t * | uri | ||
| ) |
Set request URI.
- Parameters
-
[in] context Pointer to the SCEP client context [in] uri NULL-terminated string that contains the resource name
- Returns
- Error code
Definition at line 265 of file scep_client.c.
◆ scepClientStoreCaCert()
| error_t scepClientStoreCaCert | ( | ScepClientContext * | context, |
| char_t * | output, | ||
| size_t * | written | ||
| ) |
Store CA certificate.
- Parameters
-
[in] context Pointer to the SCEP client context [out] output Pointer to the buffer where to store the PEM-encoded CA certificate (optional parameter) [out] written Length of the resulting PEM string
- Returns
- Error code
Definition at line 681 of file scep_client.c.
◆ scepClientStoreCert()
| error_t scepClientStoreCert | ( | ScepClientContext * | context, |
| char_t * | output, | ||
| size_t * | written | ||
| ) |
Store client's certificate.
- Parameters
-
[in] context Pointer to the SCEP client context [out] output Pointer to the buffer where to store the PEM-encoded certificate (optional parameter) [out] written Length of the resulting PEM string
- Returns
- Error code
Definition at line 585 of file scep_client.c.
◆ scepClientUnloadKeyPair()
| void scepClientUnloadKeyPair | ( | ScepClientContext * | context | ) |
Unload public/private key pair.
- Parameters
-
[in] context Pointer to the SCEP client context
Definition at line 493 of file scep_client.c.