X.509 certificate handling. More...
#include "tls.h"#include "tls_cipher_suites.h"#include "tls_certificate.h"#include "tls_sign_misc.h"#include "tls_misc.h"#include "encoding/asn1.h"#include "encoding/oid.h"#include "pkix/pem_import.h"#include "pkix/x509_cert_parse.h"#include "pkix/x509_cert_validate.h"#include "pkix/x509_key_parse.h"#include "debug.h"Go to the source code of this file.
Macros | |
| #define | TRACE_LEVEL TLS_TRACE_LEVEL |
Functions | |
| error_t | tlsFormatCertificateList (TlsContext *context, uint8_t *p, size_t *written) |
| Format certificate chain. More... | |
| error_t | tlsFormatRawPublicKey (TlsContext *context, uint8_t *p, size_t *written) |
| Format raw public key. More... | |
| __weak_func error_t | tlsParseCertificateList (TlsContext *context, const uint8_t *p, size_t length) |
| Parse certificate chain. More... | |
| error_t | tlsParseRawPublicKey (TlsContext *context, const uint8_t *p, size_t length) |
| Parse raw public key. More... | |
| bool_t | tlsIsCertificateAcceptable (TlsContext *context, const TlsCertDesc *cert, const uint8_t *certTypes, size_t numCertTypes, const TlsSupportedGroupList *curveList, const TlsSignSchemeList *certSignAlgoList, const TlsCertAuthorities *certAuthorities) |
| Check whether a certificate is acceptable. More... | |
| error_t | tlsValidateCertificate (TlsContext *context, const X509CertInfo *certInfo, uint_t pathLen, const char_t *subjectName) |
| Verify certificate against root CAs. More... | |
| error_t | tlsGetCertificateType (const X509CertInfo *certInfo, TlsCertificateType *certType, TlsNamedGroup *namedCurve) |
| Retrieve the certificate type. More... | |
| error_t | tlsGetCertificateSignAlgo (const X509CertInfo *certInfo, TlsSignatureScheme *signScheme) |
| Retrieve the signature algorithm used to sign the certificate. More... | |
| error_t | tlsReadSubjectPublicKey (TlsContext *context, const X509SubjectPublicKeyInfo *subjectPublicKeyInfo) |
| Extract the subject public key from the received certificate. More... | |
| error_t | tlsCheckKeyUsage (const X509CertInfo *certInfo, TlsConnectionEnd entity, TlsKeyExchMethod keyExchMethod) |
| Check certificate key usage. More... | |
Detailed Description
X.509 certificate handling.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneSSL Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.5.4
Definition in file tls_certificate.c.
Macro Definition Documentation
◆ TRACE_LEVEL
| #define TRACE_LEVEL TLS_TRACE_LEVEL |
Definition at line 32 of file tls_certificate.c.
Function Documentation
◆ tlsCheckKeyUsage()
| error_t tlsCheckKeyUsage | ( | const X509CertInfo * | certInfo, |
| TlsConnectionEnd | entity, | ||
| TlsKeyExchMethod | keyExchMethod | ||
| ) |
Check certificate key usage.
- Parameters
-
[in] certInfo Pointer to the X.509 certificate [in] entity Specifies whether this entity is considered a client or a server [in] keyExchMethod TLS key exchange method
- Returns
- Error code
Definition at line 1698 of file tls_certificate.c.
◆ tlsFormatCertificateList()
| error_t tlsFormatCertificateList | ( | TlsContext * | context, |
| uint8_t * | p, | ||
| size_t * | written | ||
| ) |
Format certificate chain.
- Parameters
-
[in] context Pointer to the TLS context [in] p Output stream where to write the certificate chain [out] written Total number of bytes that have been written
- Returns
- Error code
Definition at line 60 of file tls_certificate.c.
◆ tlsFormatRawPublicKey()
| error_t tlsFormatRawPublicKey | ( | TlsContext * | context, |
| uint8_t * | p, | ||
| size_t * | written | ||
| ) |
Format raw public key.
- Parameters
-
[in] context Pointer to the TLS context [in] p Output stream where to write the raw public key [out] written Total number of bytes that have been written
- Returns
- Error code
Definition at line 160 of file tls_certificate.c.
◆ tlsGetCertificateSignAlgo()
| error_t tlsGetCertificateSignAlgo | ( | const X509CertInfo * | certInfo, |
| TlsSignatureScheme * | signScheme | ||
| ) |
Retrieve the signature algorithm used to sign the certificate.
- Parameters
-
[in] certInfo X.509 certificate [out] signScheme Signature scheme
- Returns
- Error code
Definition at line 1282 of file tls_certificate.c.
◆ tlsGetCertificateType()
| error_t tlsGetCertificateType | ( | const X509CertInfo * | certInfo, |
| TlsCertificateType * | certType, | ||
| TlsNamedGroup * | namedCurve | ||
| ) |
Retrieve the certificate type.
- Parameters
-
[in] certInfo X.509 certificate [out] certType Certificate type [out] namedCurve Elliptic curve (only for ECDSA certificates)
- Returns
- Error code
Definition at line 1162 of file tls_certificate.c.
◆ tlsIsCertificateAcceptable()
| bool_t tlsIsCertificateAcceptable | ( | TlsContext * | context, |
| const TlsCertDesc * | cert, | ||
| const uint8_t * | certTypes, | ||
| size_t | numCertTypes, | ||
| const TlsSupportedGroupList * | curveList, | ||
| const TlsSignSchemeList * | certSignAlgoList, | ||
| const TlsCertAuthorities * | certAuthorities | ||
| ) |
Check whether a certificate is acceptable.
- Parameters
-
[in] context Pointer to the TLS context [in] cert End entity certificate [in] certTypes List of supported certificate types [in] numCertTypes Size of the list that contains the supported certificate types [in] curveList List of supported elliptic curves [in] certSignAlgoList List of signature algorithms that may be used in X.509 certificates [in] certAuthorities List of trusted CA
- Returns
- TRUE if the specified certificate conforms to the requirements, else FALSE
Definition at line 724 of file tls_certificate.c.
◆ tlsParseCertificateList()
| __weak_func error_t tlsParseCertificateList | ( | TlsContext * | context, |
| const uint8_t * | p, | ||
| size_t | length | ||
| ) |
Parse certificate chain.
- Parameters
-
[in] context Pointer to the TLS context [in] p Input stream where to read the certificate chain [in] length Number of bytes available in the input stream
- Returns
- Error code
Definition at line 287 of file tls_certificate.c.
◆ tlsParseRawPublicKey()
| error_t tlsParseRawPublicKey | ( | TlsContext * | context, |
| const uint8_t * | p, | ||
| size_t | length | ||
| ) |
Parse raw public key.
- Parameters
-
[in] context Pointer to the TLS context [in] p Input stream where to read the raw public key [in] length Number of bytes available in the input stream
- Returns
- Error code
Definition at line 606 of file tls_certificate.c.
◆ tlsReadSubjectPublicKey()
| error_t tlsReadSubjectPublicKey | ( | TlsContext * | context, |
| const X509SubjectPublicKeyInfo * | subjectPublicKeyInfo | ||
| ) |
Extract the subject public key from the received certificate.
- Parameters
-
[in] context Pointer to the TLS context [in] subjectPublicKeyInfo Pointer to the subject's public key
- Returns
- Error code
Definition at line 1461 of file tls_certificate.c.
◆ tlsValidateCertificate()
| error_t tlsValidateCertificate | ( | TlsContext * | context, |
| const X509CertInfo * | certInfo, | ||
| uint_t | pathLen, | ||
| const char_t * | subjectName | ||
| ) |
Verify certificate against root CAs.
- Parameters
-
[in] context Pointer to the TLS context [in] certInfo X.509 certificate to be verified [in] pathLen Certificate path length [in] subjectName Subject name (optional parameter)
- Returns
- Error code
Definition at line 999 of file tls_certificate.c.