API参考
载入中...
搜索中...
未找到
Pki

Public key infrastructure module. 更多...

Pki 的协作图:

专题

 Cms
 CMS processing interfaces.
 Pki_errno
 PKI-related error code definitions.
 Pki_params
 Parameter identifiers for PKI interfaces.
 Pkcs12
 PKCS#12 processing interfaces.

类型定义

typedef int32_t(* X509_STORECTX_VerifyCb) (int32_t, HITLS_X509_StoreCtx *)
 Certificate chain build function.

函数

HITLS_X509_Cert * HITLS_X509_CertNew (void)
 Allocate a certificate.
HITLS_X509_Cert * HITLS_X509_ProviderCertNew (HITLS_PKI_LibCtx *libCtx, const char *attrName)
 Create a new X509 certificate object using the provider mechanism
void HITLS_X509_CertFree (HITLS_X509_Cert *cert)
 Unallocate a certificate.
HITLS_X509_Cert * HITLS_X509_CertDup (HITLS_X509_Cert *src)
 Duplicate a certificate.
int32_t HITLS_X509_CertSign (int32_t mdId, const CRYPT_EAL_PkeyCtx *prvKey, const HITLS_X509_SignAlgParam *algParam, HITLS_X509_Cert *cert)
 Sign a certificate.
int32_t HITLS_X509_CertDigest (HITLS_X509_Cert *cert, CRYPT_MD_AlgId mdId, uint8_t *data, uint32_t *dataLen)
 Compute the digest of the certificate.
int32_t HITLS_X509_CertCtrl (HITLS_X509_Cert *cert, int32_t cmd, void *val, uint32_t valLen)
 Generic function to process certificate.
int32_t HITLS_X509_CertParseBuff (int32_t format, const BSL_Buffer *encode, HITLS_X509_Cert **cert)
 Parse the CERT in the buffer.
int32_t HITLS_X509_ProviderCertParseBuff (HITLS_PKI_LibCtx *libCtx, const char *attrName, const char *format, const BSL_Buffer *encode, HITLS_X509_Cert **cert)
 Parse a certificate buffer using the provider mechanism
int32_t HITLS_X509_CertParseBundleBuff (int32_t format, const BSL_Buffer *encode, HITLS_X509_List **certlist)
 Parse multiple certificates from a buffer.
int32_t HITLS_X509_ProviderCertParseBundleBuff (HITLS_PKI_LibCtx *libCtx, const char *attrName, const char *format, const BSL_Buffer *encode, HITLS_X509_List **certlist)
 Parse multiple certificates from a buffer using the provider mechanism
int32_t HITLS_X509_CertParseFile (int32_t format, const char *path, HITLS_X509_Cert **cert)
 Parse the CERT in the file.
int32_t HITLS_X509_ProviderCertParseFile (HITLS_PKI_LibCtx *libCtx, const char *attrName, const char *format, const char *path, HITLS_X509_Cert **cert)
 Parse a certificate file using the provider mechanism
int32_t HITLS_X509_CertParseBundleFile (int32_t format, const char *path, HITLS_X509_List **certlist)
 Parse the CERTs in the file.
int32_t HITLS_X509_ProviderCertParseBundleFile (HITLS_PKI_LibCtx *libCtx, const char *attrName, const char *format, const char *path, HITLS_X509_List **certlist)
 Parse multiple certificates from a bundle file using the provider mechanism
int32_t HITLS_X509_CertGenBuff (int32_t format, HITLS_X509_Cert *cert, BSL_Buffer *buff)
 Generates an encoded certificate.
int32_t HITLS_X509_CertGenFile (int32_t format, HITLS_X509_Cert *cert, const char *path)
 Generate a certificate file.
HITLS_X509_Crl * HITLS_X509_CrlNew (void)
 Allocate a crl.
void HITLS_X509_CrlFree (HITLS_X509_Crl *crl)
 Release the CRL.
int32_t HITLS_X509_CrlCtrl (HITLS_X509_Crl *crl, int32_t cmd, void *val, uint32_t valLen)
 Crl setting interface.
int32_t HITLS_X509_CrlParseBuff (int32_t format, const BSL_Buffer *encode, HITLS_X509_Crl **crl)
 Parse the CRL in the buffer.
int32_t HITLS_X509_CrlParseBundleBuff (int32_t format, const BSL_Buffer *encode, HITLS_X509_List **crlList)
 Parse multiple CRLs from a buffer.
int32_t HITLS_X509_CrlParseFile (int32_t format, const char *path, HITLS_X509_Crl **crl)
 Parse the CRL in the file.
int32_t HITLS_X509_CrlParseBundleFile (int32_t format, const char *path, HITLS_X509_List **crlList)
 Parse the CRLs in the file.
int32_t HITLS_X509_CrlGenBuff (int32_t format, HITLS_X509_Crl *crl, BSL_Buffer *buff)
 Generate a CRL and encode it.
int32_t HITLS_X509_CrlGenFile (int32_t format, HITLS_X509_Crl *crl, const char *path)
 Generate a CRL and encode it to specific file.
int32_t HITLS_X509_CrlVerify (void *pubkey, const HITLS_X509_Crl *crl)
 Verify the integrity of the CRL.
int32_t HITLS_X509_CrlSign (int32_t mdId, const CRYPT_EAL_PkeyCtx *prvKey, const HITLS_X509_SignAlgParam *algParam, HITLS_X509_Crl *crl)
 Signing a CRL.
HITLS_X509_CrlEntry * HITLS_X509_CrlEntryNew (void)
 Allocate a revoked certificate.
void HITLS_X509_CrlEntryFree (HITLS_X509_CrlEntry *entry)
 Release the CRL certificateRevoke struct .
int32_t HITLS_X509_CrlEntryCtrl (HITLS_X509_CrlEntry *revoked, int32_t cmd, void *val, uint32_t valLen)
 Control interface for CRL entry.
HITLS_X509_Csr * HITLS_X509_CsrNew (void)
 Allocate a pkcs10 csr.
HITLS_X509_Csr * HITLS_X509_ProviderCsrNew (HITLS_PKI_LibCtx *libCtx, const char *attrName)
 Create a new csr object using the provider mechanism
void HITLS_X509_CsrFree (HITLS_X509_Csr *csr)
 Release the pkcs10 csr.
int32_t HITLS_X509_CsrSign (int32_t mdId, const CRYPT_EAL_PkeyCtx *prvKey, const HITLS_X509_SignAlgParam *algParam, HITLS_X509_Csr *csr)
 Sign a CSR (Certificate Signing Request).
int32_t HITLS_X509_CsrGenBuff (int32_t format, HITLS_X509_Csr *csr, BSL_Buffer *buff)
 Generate csr to store in buffer
int32_t HITLS_X509_CsrGenFile (int32_t format, HITLS_X509_Csr *csr, const char *path)
 Generate csr to store in file
int32_t HITLS_X509_CsrCtrl (HITLS_X509_Csr *csr, int32_t cmd, void *val, uint32_t valLen)
 Generic function to process csr function
int32_t HITLS_X509_CsrParseBuff (int32_t format, const BSL_Buffer *encode, HITLS_X509_Csr **csr)
 Parse the csr in the buffer.When the parameter is BSL_FORMAT_PEM and BSL_FORMAT_UNKNOWN, the buff of encode needs to end with '\0'
int32_t HITLS_X509_CsrParseFile (int32_t format, const char *path, HITLS_X509_Csr **csr)
 Parse the csr in the file
int32_t HITLS_X509_CsrVerify (HITLS_X509_Csr *csr)
 Csr verify function
int32_t HITLS_X509_ExtCtrl (HITLS_X509_Ext *ext, int32_t cmd, void *val, uint32_t valLen)
 Generic function to set/get an extension.
HITLS_X509_Ext * HITLS_X509_ExtNew (int32_t type)
 Allocate a extension.
void HITLS_X509_ExtFree (HITLS_X509_Ext *ext)
 Unallocate a extension.
void HITLS_X509_ClearAuthorityKeyId (HITLS_X509_ExtAki *aki)
 clear the HITLS_X509_ExtAki structure.
void HITLS_X509_FreeGeneralName (HITLS_X509_GeneralName *data)
 Free a general name.
BslListHITLS_X509_DnListNew (void)
 New a list of distinguish name, the item is HITLS_X509_NameNode.
void HITLS_X509_DnListFree (BslList *dnList)
 New a list of distinguish name, the list .
int32_t HITLS_X509_AddDnName (BslList *list, HITLS_X509_DN *dnNames, uint32_t size)
 Add a distinguish name array to list.
int32_t HITLS_X509_AttrCtrl (HITLS_X509_Attrs *attributes, HITLS_X509_AttrCmd cmd, void *val, uint32_t valLen)
 Generic function to process attribute function
HITLS_X509_StoreCtx * HITLS_X509_StoreCtxNew (void)
 Allocate a StoreCtx.
HITLS_X509_StoreCtx * HITLS_X509_ProviderStoreCtxNew (HITLS_PKI_LibCtx *libCtx, const char *attrName)
 Create a new X509 store object using the provider mechanism
void HITLS_X509_StoreCtxFree (HITLS_X509_StoreCtx *storeCtx)
 Release the StoreCtx.
int32_t HITLS_X509_StoreCtxCtrl (HITLS_X509_StoreCtx *storeCtx, int32_t cmd, void *val, uint32_t valLen)
 Generic function to process StoreCtx.
int32_t HITLS_X509_CertVerify (HITLS_X509_StoreCtx *storeCtx, HITLS_X509_List *chain)
 Certificate chain verify function.
int32_t HITLS_X509_CertVerifyByPubKey (HITLS_X509_Cert *cert, CRYPT_EAL_PkeyCtx *pubKey)
 Verify a single certificate's signature using an external public key.
int32_t HITLS_X509_CertChainBuild (HITLS_X509_StoreCtx *storeCtx, bool isWithRoot, HITLS_X509_Cert *cert, HITLS_X509_List **chain)
 Certificate chain build function.
int32_t HITLS_X509_VerifyHostname (HITLS_X509_Cert *cert, uint32_t flags, const char *hostname, uint32_t hostnameLen)
 Verifies a certificate's hostname according to RFC6125 and RFC9525. It first checks for a matching dNSName in the Subject Alternative Name (SAN) extension. If, and only if, no dNSName entries are present, it falls back to check the Common Name (CN). flags:
int32_t HITLS_X509_CheckKey (HITLS_X509_Cert *cert, CRYPT_EAL_PkeyCtx *prvKey)
 Verify that a certificate's public key matches a given private key.

详细描述

Public key infrastructure module.

类型定义说明

◆ X509_STORECTX_VerifyCb

typedef int32_t(* X509_STORECTX_VerifyCb) (int32_t, HITLS_X509_StoreCtx *)

Certificate chain build function.

注意
参数
int32_t[IN] Current error code for the current error.
HITLS_X509_StoreCtx[IN] X509store handle.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

函数说明

◆ HITLS_X509_AddDnName()

int32_t HITLS_X509_AddDnName ( BslList * list,
HITLS_X509_DN * dnNames,
uint32_t size )

Add a distinguish name array to list.

参数
list[IN] The name list
dnNames[IN] dnName array
size[IN] The count of dnName array
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_AttrCtrl()

int32_t HITLS_X509_AttrCtrl ( HITLS_X509_Attrs * attributes,
HITLS_X509_AttrCmd cmd,
void * val,
uint32_t valLen )

Generic function to process attribute function

参数
attributes[IN] The attribute list
cmd[IN] HITLS_X509_AttrCmd
valdata type HITLS_X509_ATTR_XX_REQUESTED_EXTENSIONS HITLS_X509_Ext
valLenThe length of value.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertChainBuild()

int32_t HITLS_X509_CertChainBuild ( HITLS_X509_StoreCtx * storeCtx,
bool isWithRoot,
HITLS_X509_Cert * cert,
HITLS_X509_List ** chain )

Certificate chain build function.

参数
storeCtx[IN] StoreCtx.
isWithRoot[IN] whether the root cert is included and from trusted store. It is not affected by the partial certificate chain verification flag.
cert[IN] certificate.
chain[OUT] certificate chain.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertCtrl()

int32_t HITLS_X509_CertCtrl ( HITLS_X509_Cert * cert,
int32_t cmd,
void * val,
uint32_t valLen )

Generic function to process certificate.

参数
cert[IN] The certificate.
cmd[IN] HITLS_X509_Cmd
val[IN/OUT] input and output value
valLen[In] value length
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertDigest()

int32_t HITLS_X509_CertDigest ( HITLS_X509_Cert * cert,
CRYPT_MD_AlgId mdId,
uint8_t * data,
uint32_t * dataLen )

Compute the digest of the certificate.

注意
This function must be called after generating or parsing a certificate.
参数
cert[IN] The certificate.
mdId[IN] Digest algorithm.
data[IN/OUT] The digest result.
dataLen[IN/OUT] The length of the digest.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertDup()

HITLS_X509_Cert * HITLS_X509_CertDup ( HITLS_X509_Cert * src)

Duplicate a certificate.

参数
src[IN] Source certificate.
返回值
HITLS_X509_Cert*, success. NULL, fail.

◆ HITLS_X509_CertFree()

void HITLS_X509_CertFree ( HITLS_X509_Cert * cert)

Unallocate a certificate.

参数
cert[IN] The certificate.

◆ HITLS_X509_CertGenBuff()

int32_t HITLS_X509_CertGenBuff ( int32_t format,
HITLS_X509_Cert * cert,
BSL_Buffer * buff )

Generates an encoded certificate.

注意
This function is used after parsing the certificate or after signing.
参数
format[IN] Encoding format: BSL_FORMAT_ASN1 or BSL_FORMAT_PEM
cert[IN] cert
buff[OUT] encode result
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertGenFile()

int32_t HITLS_X509_CertGenFile ( int32_t format,
HITLS_X509_Cert * cert,
const char * path )

Generate a certificate file.

注意
This function is used after parsing the certificate or after signing.
参数
format[IN] Encoding format: BSL_FORMAT_ASN1 or BSL_FORMAT_PEM
cert[IN] cert
path[IN] file path
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertNew()

HITLS_X509_Cert * HITLS_X509_CertNew ( void )

Allocate a certificate.

返回值
HITLS_X509_Cert*

◆ HITLS_X509_CertParseBuff()

int32_t HITLS_X509_CertParseBuff ( int32_t format,
const BSL_Buffer * encode,
HITLS_X509_Cert ** cert )

Parse the CERT in the buffer.

Description: Parse the CERT in the buffer.
If the parsing is successful, the memory for the cert is requested from within the function, and the user needs to free it after use. When the parameter is BSL_FORMAT_PEM and BSL_FORMAT_UNKNOWN, the buff of encode needs to end with '\0'
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
format[IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/BSL_FORMAT_UNKNOWN.
encode[IN] CERT data. BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM: the buff of encode needs to end with '\0' the dataLen should exclude the end '\0'
cert[OUT] CERT after parse.
返回
#HITLS_PKI_SUCCESS, success. Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertParseBundleBuff()

int32_t HITLS_X509_CertParseBundleBuff ( int32_t format,
const BSL_Buffer * encode,
HITLS_X509_List ** certlist )

Parse multiple certificates from a buffer.

Description: Parse multiple certificates from a buffer.
If parsing is successful, memory for the certificate list is allocated internally, and the user needs to free it after use.
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
format[IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/BSL_FORMAT_UNKNOWN.
encode[IN] Certificate data buffer. BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM: the buff of encode needs to end with '\0' the dataLen should exclude the end '\0'
certlist[OUT] Certificate list after parsing.
返回
#HITLS_PKI_SUCCESS, success. Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertParseBundleFile()

int32_t HITLS_X509_CertParseBundleFile ( int32_t format,
const char * path,
HITLS_X509_List ** certlist )

Parse the CERTs in the file.

Description: Parse multiple CERTs in the file.
If the parsing is successful, the memory for the certlist is requested from within the function, and the user needs to free it after use.
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
format[IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/BSL_FORMAT_UNKNOWN.
path[IN] Certificate file path.
certlist[OUT] Certificate list after parse.
返回
#HITLS_PKI_SUCCESS, success. Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertParseFile()

int32_t HITLS_X509_CertParseFile ( int32_t format,
const char * path,
HITLS_X509_Cert ** cert )

Parse the CERT in the file.

Description: Parse the CERT in the file.
If the parsing is successful, the memory for the cert is requested from within the function, and the user needs to free it after use.
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
format[IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/BSL_FORMAT_UNKNOWN.
path[IN] CERT file path.
cert[OUT] CERT after parse.
返回
#HITLS_PKI_SUCCESS, success. Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertSign()

int32_t HITLS_X509_CertSign ( int32_t mdId,
const CRYPT_EAL_PkeyCtx * prvKey,
const HITLS_X509_SignAlgParam * algParam,
HITLS_X509_Cert * cert )

Sign a certificate.

注意
1. This function can only be used when generating a new certificate.
  1. You need to first call interfaces HITLS_X509_CertCtrl to set cert information.
参数
mdId[IN] The message digest algorithm ID.
prvKey[IN] The private key context used for signing.
algParam[IN] The signature algorithm parameters.
cert[IN] The certificate to be signed.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertVerify()

int32_t HITLS_X509_CertVerify ( HITLS_X509_StoreCtx * storeCtx,
HITLS_X509_List * chain )

Certificate chain verify function.

参数
storeCtx[IN] StoreCtx.
chain[IN] certificate chain.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CertVerifyByPubKey()

int32_t HITLS_X509_CertVerifyByPubKey ( HITLS_X509_Cert * cert,
CRYPT_EAL_PkeyCtx * pubKey )

Verify a single certificate's signature using an external public key.

参数
cert[IN] Certificate to be verified.
pubKey[IN] Public key context used to verify the certificate.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CheckKey()

int32_t HITLS_X509_CheckKey ( HITLS_X509_Cert * cert,
CRYPT_EAL_PkeyCtx * prvKey )

Verify that a certificate's public key matches a given private key.

Description:
This function checks whether the public key in the certificate corresponds to the provided private key by performing a sign-verify operation with test data.
注意
This function performs cryptographic operations (sign and verify) which may be computationally expensive.
参数
cert[IN] Certificate containing the public key to check
prvKey[IN] Private key to verify against the certificate
返回值
#HITLS_PKI_SUCCESSif the private key matches the certificate's public key.
#HITLS_X509_ERR_CERT_INVALID_PUBKEYif the keys do not match or signing/verification fails.
Othererror codes can be found in hitls_pki_errno.h

◆ HITLS_X509_ClearAuthorityKeyId()

void HITLS_X509_ClearAuthorityKeyId ( HITLS_X509_ExtAki * aki)

clear the HITLS_X509_ExtAki structure.

Description: This interface needs to be called to clean up memory when obtaining AKI extensions from
certificates, CRLs, or CSRs using the macro HITLS_X509_EXT_GET_AKI.
参数
aki[IN] The HITLS_X509_ExtAki aki

◆ HITLS_X509_CrlCtrl()

int32_t HITLS_X509_CrlCtrl ( HITLS_X509_Crl * crl,
int32_t cmd,
void * val,
uint32_t valLen )

Crl setting interface.

Description: Set CRL information.
parameter data type Length(len):number of data bytes HITLS_X509_REF_UP int The length is sizeof(int), which is used to increase the number of CRL references.
注意
None
参数
crl[IN] CRL data
cmd[IN] Set type.
val[OUT] Set data.
valLen[IN] The length of val.
返回
Error code

◆ HITLS_X509_CrlEntryCtrl()

int32_t HITLS_X509_CrlEntryCtrl ( HITLS_X509_CrlEntry * revoked,
int32_t cmd,
void * val,
uint32_t valLen )

Control interface for CRL entry.

Description: This function provides control interface for CRL entry operations.
注意
None
参数
revoked[IN] CRL entry to control.
cmd[IN] Control command.
val[IN/OUT] Control value.
valLen[IN] Length of control value.
返回
Error code

◆ HITLS_X509_CrlEntryFree()

void HITLS_X509_CrlEntryFree ( HITLS_X509_CrlEntry * entry)

Release the CRL certificateRevoke struct .

Description: Release the memory of the CRL certificateRevoke struct.
注意
None
参数
entry[IN] entry info.
返回
Error code

◆ HITLS_X509_CrlEntryNew()

HITLS_X509_CrlEntry * HITLS_X509_CrlEntryNew ( void )

Allocate a revoked certificate.

注意
None
返回
HITLS_X509_CrlEntry *

◆ HITLS_X509_CrlFree()

void HITLS_X509_CrlFree ( HITLS_X509_Crl * crl)

Release the CRL.

Description: Release the memory of the CRL.
注意
None
参数
crl[IN] CRL after parse.
返回
Error code

◆ HITLS_X509_CrlGenBuff()

int32_t HITLS_X509_CrlGenBuff ( int32_t format,
HITLS_X509_Crl * crl,
BSL_Buffer * buff )

Generate a CRL and encode it.

Description: This function encodes the CRL into the specified format.
If the encoding is successful, the memory for the encode data is requested from within the function, and the user needs to free it after use.
注意
This function is used after parsing the crl or after signing.
None
参数
format[IN] Encoding format: BSL_FORMAT_PEM or BSL_FORMAT_ASN1.
crl[IN] CRL raw data.
buff[OUT] Encode data.
返回
Error code

◆ HITLS_X509_CrlGenFile()

int32_t HITLS_X509_CrlGenFile ( int32_t format,
HITLS_X509_Crl * crl,
const char * path )

Generate a CRL and encode it to specific file.

Description: This function encodes the CRL into the specified format.
If the encoding is successful, the memory for the encode data is requested from within the function, and the user needs to free it after use.
注意
This function is used after parsing the crl or after signing.
None
参数
format[IN] Encoding format: BSL_FORMAT_PEM or BSL_FORMAT_ASN1.
crl[IN] CRL raw data.
path[OUT] Encoding data file path.
返回
Error code

◆ HITLS_X509_CrlNew()

HITLS_X509_Crl * HITLS_X509_CrlNew ( void )

Allocate a crl.

返回值
HITLS_X509_Crl*

◆ HITLS_X509_CrlParseBuff()

int32_t HITLS_X509_CrlParseBuff ( int32_t format,
const BSL_Buffer * encode,
HITLS_X509_Crl ** crl )

Parse the CRL in the buffer.

Description: Parse the CRL in the buffer.
If the parsing is successful, the memory for the crl is requested from within the function, and the user needs to free it after use. When the parameter is BSL_FORMAT_PEM and BSL_FORMAT_UNKNOWN, the buff of encode needs to end with '\0'
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
format[IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/BSL_FORMAT_UNKNOWN.
encode[IN] CRL data. BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM: the buff of encode needs to end with '\0' the dataLen should exclude the end '\0'
crl[OUT] CRL after parse.
返回
Error code

◆ HITLS_X509_CrlParseBundleBuff()

int32_t HITLS_X509_CrlParseBundleBuff ( int32_t format,
const BSL_Buffer * encode,
HITLS_X509_List ** crlList )

Parse multiple CRLs from a buffer.

Description: Parse multiple CRLs from a buffer.
If parsing is successful, memory for the CRL list is allocated internally, and the user needs to free it after use.
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
format[IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/BSL_FORMAT_UNKNOWN.
encode[IN] CRL data buffer. BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM: the buff of encode needs to end with '\0' the dataLen should exclude the end '\0'
crlList[OUT] List of parsed CRL objects.
返回
#HITLS_PKI_SUCCESS, success. Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CrlParseBundleFile()

int32_t HITLS_X509_CrlParseBundleFile ( int32_t format,
const char * path,
HITLS_X509_List ** crlList )

Parse the CRLs in the file.

Description: Parse multiple CRLs in the file.
If the parsing is successful, the memory for the crllist is requested from within the function, and the user needs to free it after use.
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
format[IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/ BSL_FORMAT_UNKNOWN.
path[IN] CRL file path.
crllist[OUT] CRL list after parse.
返回
Error code

◆ HITLS_X509_CrlParseFile()

int32_t HITLS_X509_CrlParseFile ( int32_t format,
const char * path,
HITLS_X509_Crl ** crl )

Parse the CRL in the file.

Description: Parse the CRL in the file.
If the parsing is successful, the memory for the crl is requested from within the function, and the user needs to free it after use.
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
format[IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/BSL_FORMAT_UNKNOWN.
path[IN] CRL file path.
crl[OUT] CRL after parse.
返回
Error code

◆ HITLS_X509_CrlSign()

int32_t HITLS_X509_CrlSign ( int32_t mdId,
const CRYPT_EAL_PkeyCtx * prvKey,
const HITLS_X509_SignAlgParam * algParam,
HITLS_X509_Crl * crl )

Signing a CRL.

Description: This function is used to sign the CRL.
注意
1. This function can only be used when generating a new crl.
  1. Before signing, you need to call the HITLS_X509_CrlCtrl interface to set the CRL information.
The interface can be called multiple times, and the signature is regenerated on each call.
参数
mdId[IN] hash algorithm.
prvKey[IN] private key.
algParam[IN] signature parameter, for example, rsa-pss parameter.
crl[IN/OUT] CRL info.
返回
Error code

◆ HITLS_X509_CrlVerify()

int32_t HITLS_X509_CrlVerify ( void * pubkey,
const HITLS_X509_Crl * crl )

Verify the integrity of the CRL.

Description: This function verifies the integrity of the CRL
注意
For generated CRLs, must be called after signing.
None
参数
pubkey[IN] pubkey.
crl[IN] CRL info.
返回
Error code

◆ HITLS_X509_CsrCtrl()

int32_t HITLS_X509_CsrCtrl ( HITLS_X509_Csr * csr,
int32_t cmd,
void * val,
uint32_t valLen )

Generic function to process csr function

参数
csr[IN] The csr context
cmd[IN] HITLS_X509_Cmd
val[IN/OUT] input and output value.
valLen[IN] value length.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CsrFree()

void HITLS_X509_CsrFree ( HITLS_X509_Csr * csr)

Release the pkcs10 csr.

参数
csr[IN] CSR context.
返回值
void

◆ HITLS_X509_CsrGenBuff()

int32_t HITLS_X509_CsrGenBuff ( int32_t format,
HITLS_X509_Csr * csr,
BSL_Buffer * buff )

Generate csr to store in buffer

注意
This function is used after parsing the csr or after signing.
参数
format[IN] The format of the generated csr: BSL_FORMAT_ASN1/BSL_FORMAT_PEM
csr[IN] The csr context
buff[OUT] The buffer of the generated csr.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CsrGenFile()

int32_t HITLS_X509_CsrGenFile ( int32_t format,
HITLS_X509_Csr * csr,
const char * path )

Generate csr to store in file

注意
This function is used after parsing the csr or after signing.
参数
format[IN] The format of the generated csr: BSL_FORMAT_ASN1/BSL_FORMAT_PEM
csr[IN] The csr context
path[IN] The path of the generated csr.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CsrNew()

HITLS_X509_Csr * HITLS_X509_CsrNew ( void )

Allocate a pkcs10 csr.

返回值
HITLS_X509_Csr*

◆ HITLS_X509_CsrParseBuff()

int32_t HITLS_X509_CsrParseBuff ( int32_t format,
const BSL_Buffer * encode,
HITLS_X509_Csr ** csr )

Parse the csr in the buffer.When the parameter is BSL_FORMAT_PEM and BSL_FORMAT_UNKNOWN, the buff of encode needs to end with '\0'

注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
format[IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1
encode[IN] The csr data BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM: the buff of encode needs to end with '\0' the dataLen should exclude the end '\0'
csr[OUT] The csr context after parsing
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CsrParseFile()

int32_t HITLS_X509_CsrParseFile ( int32_t format,
const char * path,
HITLS_X509_Csr ** csr )

Parse the csr in the file

注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
format[IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1
path[IN] The csr file path
csr[OUT] The csr context after parsing
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CsrSign()

int32_t HITLS_X509_CsrSign ( int32_t mdId,
const CRYPT_EAL_PkeyCtx * prvKey,
const HITLS_X509_SignAlgParam * algParam,
HITLS_X509_Csr * csr )

Sign a CSR (Certificate Signing Request).

注意
1. This function can only be used when generating a new csr.
  1. You need to first call interfaces HITLS_X509_CsrCtrl and HITLS_X509_AttrCtrl to set csr information.
参数
mdId[IN] The message digest algorithm ID.
prvKey[IN] The private key context used for signing.
algParam[IN] The signature algorithm parameters.
csr[IN] The CSR to be signed.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_CsrVerify()

int32_t HITLS_X509_CsrVerify ( HITLS_X509_Csr * csr)

Csr verify function

参数
csr[IN] The csr context
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_DnListFree()

void HITLS_X509_DnListFree ( BslList * dnList)

New a list of distinguish name, the list .

参数
list[IN] The name list
返回值
void

◆ HITLS_X509_DnListNew()

BslList * HITLS_X509_DnListNew ( void )

New a list of distinguish name, the item is HITLS_X509_NameNode.

注意
You need to HITLS_X509_DnListFree to free list, after the end of use
返回值
BslList*, success. error return NULL.

◆ HITLS_X509_ExtCtrl()

int32_t HITLS_X509_ExtCtrl ( HITLS_X509_Ext * ext,
int32_t cmd,
void * val,
uint32_t valLen )

Generic function to set/get an extension.

参数
ext[IN] extensions
cmd[IN] HITLS_X509_EXT_SET_XXX cmd data type HITLS_X509_EXT_GET|SET_KUSAGE HITLS_X509_ExtKeyUsage HITLS_X509_EXT_GET|SET_BCONS HITLS_X509_ExtBCons HITLS_X509_EXT_GET|SET_AKI HITLS_X509_ExtAki HITLS_X509_EXT_GET|SET_SKI HITLS_X509_ExtSki HITLS_X509_EXT_GET|SET_SAN HITLS_X509_ExtSan HITLS_X509_EXT_GET|SET_EXKUSAGE HITLS_X509_ExtExKeyUsage HITLS_X509_EXT_CHECK_SKI bool
val[IN/OUT] input and output value
valLen[In] value length
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_ExtFree()

void HITLS_X509_ExtFree ( HITLS_X509_Ext * ext)

Unallocate a extension.

参数
ext[IN] The extension.

◆ HITLS_X509_ExtNew()

HITLS_X509_Ext * HITLS_X509_ExtNew ( int32_t type)

Allocate a extension.

返回值
HITLS_X509_Ext*

◆ HITLS_X509_FreeGeneralName()

void HITLS_X509_FreeGeneralName ( HITLS_X509_GeneralName * data)

Free a general name.

参数
data[IN] The general name.

◆ HITLS_X509_ProviderCertNew()

HITLS_X509_Cert * HITLS_X509_ProviderCertNew ( HITLS_PKI_LibCtx * libCtx,
const char * attrName )

Create a new X509 certificate object using the provider mechanism

参数
libCtx[IN] Library context from CRYPT_EAL_LibCtx
attrName[IN] Provider attribute name for capability matching
返回
HITLS_X509_Cert* Certificate object or NULL on failure

◆ HITLS_X509_ProviderCertParseBuff()

int32_t HITLS_X509_ProviderCertParseBuff ( HITLS_PKI_LibCtx * libCtx,
const char * attrName,
const char * format,
const BSL_Buffer * encode,
HITLS_X509_Cert ** cert )

Parse a certificate buffer using the provider mechanism

Description: Parse the certificate data using a specific provider implementation.
If parsing is successful, memory for the certificate is allocated internally, and the user needs to free it after use.
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
libCtx[IN] Library context from CRYPT_EAL_LibCtx
attrName[IN] Provider attribute name for capability matching
format[IN] Encoding format: BSL_FORMAT_PEM/BSL_FORMAT_ASN1/BSL_FORMAT_UNKNOWN
encode[IN] Certificate data buffer BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM: the buff of encode needs to end with '\0' the dataLen should exclude the end '\0'
cert[OUT] Parsed certificate object
返回
#HITLS_PKI_SUCCESS, success. Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_ProviderCertParseBundleBuff()

int32_t HITLS_X509_ProviderCertParseBundleBuff ( HITLS_PKI_LibCtx * libCtx,
const char * attrName,
const char * format,
const BSL_Buffer * encode,
HITLS_X509_List ** certlist )

Parse multiple certificates from a buffer using the provider mechanism

Description: Parse multiple certificates from a buffer using a specific provider implementation.
If parsing is successful, memory for the certificate list is allocated internally, and the user needs to free it after use.
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
libCtx[IN] Library context from CRYPT_EAL_LibCtx
attrName[IN] Provider attribute name for capability matching
format[IN] Encoding format: "PEM"/"ASN1"/NULL
encode[IN] Certificate data buffer BSL_FORMAT_UNKNOWN/BSL_FORMAT_PEM: the buff of encode needs to end with '\0' the dataLen should exclude the end '\0'
certlist[OUT] List of parsed certificate objects
返回
#HITLS_PKI_SUCCESS, success. Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_ProviderCertParseBundleFile()

int32_t HITLS_X509_ProviderCertParseBundleFile ( HITLS_PKI_LibCtx * libCtx,
const char * attrName,
const char * format,
const char * path,
HITLS_X509_List ** certlist )

Parse multiple certificates from a bundle file using the provider mechanism

Description: Parse multiple certificates from a file using a specific provider implementation.
If parsing is successful, memory for the certificate list is allocated internally, and the user needs to free it after use.
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
libCtx[IN] Library context from CRYPT_EAL_LibCtx
attrName[IN] Provider attribute name for capability matching
format[IN] Encoding format: "PEM"/"ASN1"/NULL
path[IN] Certificate bundle file path
certlist[OUT] List of parsed certificate objects
返回
#HITLS_PKI_SUCCESS, success. Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_ProviderCertParseFile()

int32_t HITLS_X509_ProviderCertParseFile ( HITLS_PKI_LibCtx * libCtx,
const char * attrName,
const char * format,
const char * path,
HITLS_X509_Cert ** cert )

Parse a certificate file using the provider mechanism

Description: Parse the certificate from a file using a specific provider implementation.
If parsing is successful, memory for the certificate is allocated internally, and the user needs to free it after use.
注意
Support character : UTF8String(only English), PrintableString, TeletexString, T61String, IA5String.
参数
libCtx[IN] Library context from CRYPT_EAL_LibCtx
attrName[IN] Provider attribute name for capability matching
format[IN] Encoding format: "PEM"/"ASN1"/NULL
path[IN] Certificate file path
cert[OUT] Parsed certificate object
返回
#HITLS_PKI_SUCCESS, success. Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_ProviderCsrNew()

HITLS_X509_Csr * HITLS_X509_ProviderCsrNew ( HITLS_PKI_LibCtx * libCtx,
const char * attrName )

Create a new csr object using the provider mechanism

参数
libCtx[IN] Library context from CRYPT_EAL_LibCtx
attrName[IN] Provider attribute name for capability matching
返回
HITLS_X509_Csr* Csr object or NULL on failure

◆ HITLS_X509_ProviderStoreCtxNew()

HITLS_X509_StoreCtx * HITLS_X509_ProviderStoreCtxNew ( HITLS_PKI_LibCtx * libCtx,
const char * attrName )

Create a new X509 store object using the provider mechanism

参数
libCtx[IN] Library context from CRYPT_EAL
attrName[IN] Provider attribute name for capability matching
返回
HITLS_X509_StoreCtx* Store object or NULL on failure

◆ HITLS_X509_StoreCtxCtrl()

int32_t HITLS_X509_StoreCtxCtrl ( HITLS_X509_StoreCtx * storeCtx,
int32_t cmd,
void * val,
uint32_t valLen )

Generic function to process StoreCtx.

参数
storeCtx[IN] StoreCtx.
cmd[IN] HITLS_X509_StoreCtxCmd data type data length HITLS_X509_STORECTX_SET_PARAM_DEPTH int32_t sizeof(int32_t) HITLS_X509_STORECTX_SET_PARAM_FLAGS uint64_t sizeof(uint64_t) HITLS_X509_STORECTX_SET_PURPOSE uint64_t sizeof(uint64_t) HITLS_X509_STORECTX_SET_TIME int64_t sizeof(int64_t) HITLS_X509_STORECTX_SET_SECBITS uint32_t sizeof(uint32_t) HITLS_X509_STORECTX_CLR_PARAM_FLAGS uint64_t sizeof(uint64_t) HITLS_X509_STORECTX_DEEP_COPY_SET_CA HITLS_X509_Cert - HITLS_X509_STORECTX_SHALLOW_COPY_SET_CA HITLS_X509_Cert - HITLS_X509_STORECTX_SET_CRL HITLS_X509_Crl - HITLS_X509_STORECTX_SET_VFY_SM2_USERID buffer > 0 HITLS_X509_STORECTX_SET_VERIFY_CB callback function sizeof(callback function) HITLS_X509_STORECTX_SET_USR_DATA void * sizeof(void *) HITLS_X509_STORECTX_ADD_CA_PATH char * string length HITLS_X509_STORECTX_CLEAR_CRL NULL 0 HITLS_X509_STORECTX_REF_UP int sizeof(int) HITLS_X509_STORECTX_GET_PARAM_DEPTH int32_t * sizeof(int32_t) HITLS_X509_STORECTX_GET_VERIFY_CB callback function * sizeof(callback function) HITLS_X509_STORECTX_GET_USR_DATA void ** sizeof(void *) HITLS_X509_STORECTX_GET_PARAM_FLAGS uint64_t * sizeof(uint64_t) HITLS_X509_STORECTX_SET_ERROR int32_t sizeof(int32_t) HITLS_X509_STORECTX_GET_ERROR int32_t * sizeof(int32_t) HITLS_X509_STORECTX_GET_CUR_CERT HITLS_X509_Cert ** sizeof(HITLS_X509_Cert *) HITLS_X509_STORECTX_SET_CUR_DEPTH int32_t sizeof(int32_t) HITLS_X509_STORECTX_GET_CUR_DEPTH int32_t * sizeof(int32_t) HITLS_X509_STORECTX_GET_CERT_CHAIN HITLS_X509_List ** sizeof(HITLS_X509_List *)
val[IN/OUT] input and output value.
valLen[IN] value length.
返回值
#HITLS_PKI_SUCCESS,success.Error codes can be found in hitls_pki_errno.h

◆ HITLS_X509_StoreCtxFree()

void HITLS_X509_StoreCtxFree ( HITLS_X509_StoreCtx * storeCtx)

Release the StoreCtx.

参数
storeCtx[IN] StoreCtx.
返回值
void

◆ HITLS_X509_StoreCtxNew()

HITLS_X509_StoreCtx * HITLS_X509_StoreCtxNew ( void )

Allocate a StoreCtx.

返回值
HITLS_X509_StoreCtx*

◆ HITLS_X509_VerifyHostname()

int32_t HITLS_X509_VerifyHostname ( HITLS_X509_Cert * cert,
uint32_t flags,
const char * hostname,
uint32_t hostnameLen )

Verifies a certificate's hostname according to RFC6125 and RFC9525. It first checks for a matching dNSName in the Subject Alternative Name (SAN) extension. If, and only if, no dNSName entries are present, it falls back to check the Common Name (CN). flags:

  • # if no flag, default mode with '.example.com' as RFC9525, we will check CN name if SAN is not present.
  • # if flag contains HITLS_X509_FLAG_VFY_WITH_PARTIAL_WILDCARD: more flexible wildcard matching as RFC6125 like 'fo.example.com' matches 'foo.example.com', we also will check CN name if SAN is not present.
参数
cert[IN] The certificate to verify.
flags[IN] A flag controlling wildcard matching behavior.
hostname[IN] The hostname to match against.
hostnameLen[IN] The length of the hostname.
返回值
#HITLS_PKI_SUCCESSif the hostname is successfully verified.
#HITLS_X509_ERR_VFY_HOSTNAME_FAILif the hostname does not match.
Othererror codes for parsing or parameter errors.