tls_certificate.h
Go to the documentation of this file.
1 /**
2  * @file tls_certificate.h
3  * @brief X.509 certificate handling
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2023 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.2.4
29  **/
30 
31 #ifndef _TLS_CERTIFICATE_H
32 #define _TLS_CERTIFICATE_H
33 
34 //Dependencies
35 #include "tls.h"
36 #include "pkix/x509_common.h"
37 
38 //C++ guard
39 #ifdef __cplusplus
40 extern "C" {
41 #endif
42 
43 //TLS related functions
44 error_t tlsFormatCertificateList(TlsContext *context, uint8_t *p,
45  size_t *written);
46 
47 error_t tlsFormatRawPublicKey(TlsContext *context, uint8_t *p,
48  size_t *written);
49 
50 error_t tlsParseCertificateList(TlsContext *context, const uint8_t *p,
51  size_t length);
52 
53 error_t tlsParseRawPublicKey(TlsContext *context, const uint8_t *p,
54  size_t length);
55 
56 bool_t tlsIsCertificateAcceptable(TlsContext *context, const TlsCertDesc *cert,
57  const uint8_t *certTypes, size_t numCertTypes, const TlsSignHashAlgos *signHashAlgos,
58  const TlsSignHashAlgos *certSignHashAlgos, const TlsSupportedGroupList *curveList,
59  const TlsCertAuthorities *certAuthorities);
60 
61 error_t tlsValidateCertificate(TlsContext *context,
62  const X509CertificateInfo *certInfo, uint_t pathLen,
63  const char_t *subjectName);
64 
65 error_t tlsGetCertificateType(const X509CertificateInfo *certInfo,
66  TlsCertificateType *certType, TlsNamedGroup *namedCurve);
67 
68 error_t tlsGetCertificateSignAlgo(const X509CertificateInfo *certInfo,
69  TlsSignatureAlgo *signAlgo, TlsHashAlgo *hashAlgo);
70 
71 error_t tlsReadSubjectPublicKey(TlsContext *context,
72  const X509SubjectPublicKeyInfo *subjectPublicKeyInfo);
73 
74 error_t tlsCheckKeyUsage(const X509CertificateInfo *certInfo,
75  TlsConnectionEnd entity, TlsKeyExchMethod keyExchMethod);
76 
77 //C++ guard
78 #ifdef __cplusplus
79 }
80 #endif
81 
82 #endif
TlsSupportedGroupList
__start_packed struct @14 TlsSupportedGroupList
List of supported groups.
length
uint8_t length
Definition: coap_common.h:193
x509_common.h
X.509 common definitions.
bool_t
int bool_t
Definition: compiler_port.h:53
p
uint8_t p
Definition: ndp.h:298
TlsConnectionEnd
TlsConnectionEnd
TLS connection end.
Definition: tls.h:921
tlsGetCertificateType
error_t tlsGetCertificateType(const X509CertificateInfo *certInfo, TlsCertificateType *certType, TlsNamedGroup *namedCurve)
Retrieve the certificate type.
Definition: tls_certificate.c:1431
tlsValidateCertificate
error_t tlsValidateCertificate(TlsContext *context, const X509CertificateInfo *certInfo, uint_t pathLen, const char_t *subjectName)
Verify certificate against root CAs.
Definition: tls_certificate.c:1267
X509CertificateInfo
X.509 certificate.
Definition: x509_common.h:940
tlsFormatCertificateList
error_t tlsFormatCertificateList(TlsContext *context, uint8_t *p, size_t *written)
Format certificate chain.
Definition: tls_certificate.c:60
TlsHashAlgo
TlsHashAlgo
Hash algorithms.
Definition: tls.h:1163
tlsParseRawPublicKey
error_t tlsParseRawPublicKey(TlsContext *context, const uint8_t *p, size_t length)
Parse raw public key.
Definition: tls_certificate.c:598
TlsContext
#define TlsContext
Definition: tls.h:36
error_t
error_t
Error codes.
Definition: error.h:43
TlsKeyExchMethod
TlsKeyExchMethod
Key exchange methods.
Definition: tls.h:1092
tlsIsCertificateAcceptable
bool_t tlsIsCertificateAcceptable(TlsContext *context, const TlsCertDesc *cert, const uint8_t *certTypes, size_t numCertTypes, const TlsSignHashAlgos *signHashAlgos, const TlsSignHashAlgos *certSignHashAlgos, const TlsSupportedGroupList *curveList, const TlsCertAuthorities *certAuthorities)
Check whether a certificate is acceptable.
Definition: tls_certificate.c:718
TlsSignHashAlgos
__start_packed struct @4 TlsSignHashAlgos
List of signature algorithms.
TlsCertAuthorities
__start_packed struct @6 TlsCertAuthorities
List of certificate authorities.
TlsCertificateType
TlsCertificateType
Certificate types.
Definition: tls.h:1138
TlsCertDesc
Certificate descriptor.
Definition: tls.h:2008
char_t
char char_t
Definition: compiler_port.h:48
X509SubjectPublicKeyInfo
Subject public key information.
Definition: x509_common.h:711
tlsCheckKeyUsage
error_t tlsCheckKeyUsage(const X509CertificateInfo *certInfo, TlsConnectionEnd entity, TlsKeyExchMethod keyExchMethod)
Check certificate key usage.
Definition: tls_certificate.c:2004
tlsGetCertificateSignAlgo
error_t tlsGetCertificateSignAlgo(const X509CertificateInfo *certInfo, TlsSignatureAlgo *signAlgo, TlsHashAlgo *hashAlgo)
Retrieve the signature algorithm used to sign the certificate.
Definition: tls_certificate.c:1533
tlsFormatRawPublicKey
error_t tlsFormatRawPublicKey(TlsContext *context, uint8_t *p, size_t *written)
Format raw public key.
Definition: tls_certificate.c:160
TlsSignatureAlgo
TlsSignatureAlgo
Signature algorithms.
Definition: tls.h:1180
tls.h
TLS (Transport Layer Security)
tlsReadSubjectPublicKey
error_t tlsReadSubjectPublicKey(TlsContext *context, const X509SubjectPublicKeyInfo *subjectPublicKeyInfo)
Extract the subject public key from the received certificate.
Definition: tls_certificate.c:1737
tlsParseCertificateList
error_t tlsParseCertificateList(TlsContext *context, const uint8_t *p, size_t length)
Parse certificate chain.
Definition: tls_certificate.c:287
TlsNamedGroup
TlsNamedGroup
Named groups.
Definition: tls.h:1291
uint_t
unsigned int uint_t
Definition: compiler_port.h:50