zh/cert_8h_source.html

/*

 * This file is part of the openHiTLS project.

 *

 * openHiTLS is licensed under the Mulan PSL v2.

 * You can use this software according to the terms and conditions of the Mulan PSL v2.

 * You may obtain a copy of Mulan PSL v2 at:

 *

 *     http://license.coscl.org.cn/MulanPSL2

 *

 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,

 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,

 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.

 * See the Mulan PSL v2 for more details.

 */


#ifndef CERT_H

#define CERT_H


#include <stdint.h>

#include "hitls_type.h"

#include "hitls_cert_type.h"

#include "cipher_suite.h"

#include "cert_mgr.h"

#include "tls.h"


#ifdef __cplusplus

extern "C" {

#endif


#define TLS_DEFAULT_VERIFY_DEPTH 20u


#define MAX_PASS_LEN 256


/* tls.handshake.certificate_length Length of a label */

#define CERT_LEN_TAG_SIZE 3u


/* Used to transfer certificate data in ASN.1 DER format. */


typedef struct CertItem {

    uint32_t dataSize;      /* Data length */

    uint8_t *data;          /* Data content */

    struct CertItem *next;

} CERT_Item;


typedef struct {

    HITLS_SignAlgo signAlgo;    /* signature algorithm */

    HITLS_HashAlgo hashAlgo;    /* hash algorithm */

    const uint8_t *data;        /* signed data */

    uint32_t dataLen;           /* length of the signed data */

    uint8_t *sign;              /* sign */

    uint32_t signLen;           /* signature length */

} CERT_SignParam;


bool SAL_CERT_IsSignAlgorithmAllowed(const TLS_Ctx *ctx, uint16_t signScheme,

    const uint16_t *allowList, uint32_t allowListSize);


int32_t SAL_CERT_EncodeCertChain(HITLS_Ctx *ctx, PackPacket *pkt);


int32_t SAL_CERT_ParseCertChain(HITLS_Ctx *ctx, CERT_Item *item, CERT_Pair **certPair);


int32_t SAL_CERT_VerifyCertChain(HITLS_Ctx *ctx, CERT_Pair *certPair, bool isTlcpEncCert);


uint32_t SAL_CERT_GetSignMaxLen(HITLS_Config *config, HITLS_CERT_Key *key);


int32_t SAL_CERT_CreateSign(HITLS_Ctx *ctx, HITLS_CERT_Key *key, CERT_SignParam *signParam);


int32_t SAL_CERT_VerifySign(HITLS_Ctx *ctx, HITLS_CERT_Key *key, CERT_SignParam *signParam);


int32_t SAL_CERT_KeyEncrypt(HITLS_Ctx *ctx, HITLS_CERT_Key *key, const uint8_t *in, uint32_t inLen,

    uint8_t *out, uint32_t *outLen);


int32_t SAL_CERT_KeyDecrypt(HITLS_Ctx *ctx, HITLS_CERT_Key *key, const uint8_t *in, uint32_t inLen,

    uint8_t *out, uint32_t *outLen);


HITLS_SignHashAlgo SAL_CERT_GetDefaultSignHashAlgo(HITLS_CERT_KeyType keyType);


uint8_t *SAL_CERT_SrvrGmEncodeEncCert(HITLS_Ctx *ctx, uint32_t *useLen);


uint8_t *SAL_CERT_ClntGmEncodeEncCert(HITLS_Ctx *ctx, CERT_Pair *peerCert, uint32_t *useLen);


bool SAL_CERT_CheckCertKeyUsage(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, HITLS_CERT_CtrlCmd keyusage);


int32_t SAL_CERT_CheckKeySecbits(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, HITLS_CERT_Key *key);


#ifdef __cplusplus

}

#endif

#endif

SAL_CERT_ClntGmEncodeEncCert
uint8_t * SAL_CERT_ClntGmEncodeEncCert(HITLS_Ctx *ctx, CERT_Pair *peerCert, uint32_t *useLen)
The client obtains the encoded content of the TLCP encryption certificate.

SAL_CERT_CheckKeySecbits
int32_t SAL_CERT_CheckKeySecbits(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, HITLS_CERT_Key *key)
Check the secbits of key

SAL_CERT_KeyDecrypt
int32_t SAL_CERT_KeyDecrypt(HITLS_Ctx *ctx, HITLS_CERT_Key *key, const uint8_t *in, uint32_t inLen, uint8_t *out, uint32_t *outLen)
Use the certificate private key to decrypt, which is used for the RSA cipher suite.

SAL_CERT_KeyEncrypt
int32_t SAL_CERT_KeyEncrypt(HITLS_Ctx *ctx, HITLS_CERT_Key *key, const uint8_t *in, uint32_t inLen, uint8_t *out, uint32_t *outLen)
Encrypted by the certificate public key, which is used for the RSA cipher suite.

SAL_CERT_CheckCertKeyUsage
bool SAL_CERT_CheckCertKeyUsage(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, HITLS_CERT_CtrlCmd keyusage)
Check whether the certificate is an encrypted certificate, a digital signature, or a permission to is...

SAL_CERT_SrvrGmEncodeEncCert
uint8_t * SAL_CERT_SrvrGmEncodeEncCert(HITLS_Ctx *ctx, uint32_t *useLen)
Encoded content of the TLCP encryption certificate obtained by the server.

HITLS_CERT_Key
void HITLS_CERT_Key
Describes the certificate key
定义 hitls_cert_type.h:49

HITLS_CERT_CtrlCmd
HITLS_CERT_CtrlCmd
ctrl option
定义 hitls_cert_type.h:85

HITLS_SignHashAlgo
HITLS_SignHashAlgo
Certificate Signature Algorithm Enumeration
定义 hitls_cert_type.h:177

HITLS_CERT_X509
void HITLS_CERT_X509
Describes the x509 certificate
定义 hitls_cert_type.h:37

HITLS_CERT_KeyType
HITLS_CERT_KeyType
Certificate Public Key Type
定义 hitls_cert_type.h:162

HITLS_Ctx
struct TlsCtx HITLS_Ctx
HITLS context
定义 hitls_type.h:35

HITLS_Config
struct TlsConfig HITLS_Config
config context
定义 hitls_type.h:41

CERT_Pair
定义 cert_mgr.h:32

CERT_SignParam
used to transfer the signature parameter
定义 cert.h:48

CertItem
定义 cert.h:38

PackPacket
定义 tls.h:325