28#include "hitls_type.h"
29#include "hitls_cert_type.h"
30#include "hitls_error.h"
36#define HITLS_CERT_SET_FIRST 1
37#define HITLS_CERT_SET_NEXT 2
177#define HITLS_CFG_SetVerifyDepth(config, depth) \
178 HITLS_CFG_CtrlSetVerifyParams(config, NULL, CERT_STORE_CTRL_SET_VERIFY_DEPTH, depth, NULL)
189#define HITLS_CFG_GetVerifyDepth(config, depth) \
190 HITLS_CFG_CtrlGetVerifyParams((HITLS_Config *)(uintptr_t)(config), NULL, CERT_STORE_CTRL_GET_VERIFY_DEPTH, depth)
201#define HITLS_SetVerifyDepth(ctx, depth) \
202 HITLS_CtrlSetVerifyParams(ctx, NULL, CERT_STORE_CTRL_SET_VERIFY_DEPTH, depth, NULL)
213#define HITLS_GetVerifyDepth(ctx, depth) \
214 HITLS_CtrlGetVerifyParams(ctx, NULL, CERT_STORE_CTRL_GET_VERIFY_DEPTH, depth)
227typedef int32_t (*
HITLS_PasswordCb)(
char *buf, int32_t bufLen, int32_t flag,
void *userdata);
338 bool isClone,
bool isTlcpEncCertPriKey);
914#define HITLS_CERT_CALLBACK_SUCCESS 1
916#define HITLS_CERT_CALLBACK_FAILED 0
918#define HITLS_CERT_CALLBACK_RETRY (-1)
1174#define HITLS_CFG_SetVerifyFlags(config, verifyFlags) HITLS_CFG_CtrlSetVerifyParams(config, \
1175 NULL, CERT_STORE_CTRL_SET_VERIFY_FLAGS, verifyFlags, NULL)
1185#define HITLS_CFG_GetVerifyFlags(config, verifyFlags) HITLS_CFG_CtrlGetVerifyParams(config, \
1186 NULL, CERT_STORE_CTRL_GET_VERIFY_FLAGS, verifyFlags)
1196#define HITLS_SetVerifyFlags(ctx, verifyFlags) HITLS_CtrlSetVerifyParams(ctx, \
1197 NULL, CERT_STORE_CTRL_SET_VERIFY_FLAGS, verifyFlags, NULL)
1207#define HITLS_GetVerifyFlags(ctx, verifyFlags) HITLS_CtrlGetVerifyParams(ctx, \
1208 NULL, CERT_STORE_CTRL_GET_VERIFY_FLAGS, verifyFlags)
1345int32_t HITLS_CFG_LoadDefaultCAPath(
HITLS_Config *config);
HITLS_ParseType
Read data format
定义 hitls_cert_type.h:129
void HITLS_CERT_Key
Describes the certificate key
定义 hitls_cert_type.h:49
HITLS_ParseFormat
Read data format
定义 hitls_cert_type.h:139
void HITLS_CERT_StoreCtx
Describes the certificate
定义 hitls_cert_type.h:61
struct BslList HITLS_CERT_Chain
Describes the certificate chain
定义 hitls_cert_type.h:73
void HITLS_CERT_Store
Describes the certificate
定义 hitls_cert_type.h:55
void HITLS_CERT_X509
Describes the x509 certificate
定义 hitls_cert_type.h:37
struct BslList HITLS_TrustedCAList
Describes the list of trusted CAs
定义 hitls_cert_type.h:67
HITLS_CERT_StoreType
cert store type
定义 hitls_cert_type.h:151
int32_t HITLS_CFG_LoadVerifyBuffer(HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format)
Load the verification certificates from buffer.
int32_t HITLS_CFG_SetDefaultPasswordCb(HITLS_Config *config, HITLS_PasswordCb cb)
Set the default password callback, cb can be NULL.
定义 config_cert.c:193
int32_t HITLS_CtrlSetVerifyParams(HITLS_Ctx *ctx, HITLS_CERT_Store *store, uint32_t cmd, int64_t in, void *inArg)
Set certificate verification parameters.
定义 conn_create.c:918
int32_t HITLS_CFG_SetTlcpCertificate(HITLS_Config *config, HITLS_CERT_X509 *cert, bool isClone, bool isTlcpEncCert)
Add the device certificate by the ShangMi(SM) cipher suites. Only one certificate can be added for ea...
int32_t HITLS_CFG_ClearVerifyCrls(HITLS_Config *config)
Clear all CRLs in the verify store of the configuration.
int32_t HITLS_CFG_FreeKey(HITLS_Config *config, HITLS_CERT_Key *key)
Release the key.
定义 config_cert.c:1089
int32_t HITLS_SetCertStore(HITLS_Ctx *ctx, HITLS_CERT_Store *store, bool isClone)
Set the cert store used by the TLS link.
定义 conn_cert.c:61
HITLS_PasswordCb HITLS_CFG_GetDefaultPasswordCb(HITLS_Config *config)
Callback for obtaining the default password.
定义 config_cert.c:202
HITLS_CERT_Key * HITLS_CFG_GetPrivateKey(HITLS_Config *config)
Obtain the private key of the certificate in use.
定义 config_cert.c:449
int32_t HITLS_CFG_SetCertStore(HITLS_Config *config, HITLS_CERT_Store *store, bool isClone)
Set the cert store used by the TLS configuration.
定义 config_cert.c:159
HITLS_CERT_Store * HITLS_CFG_GetChainStore(const HITLS_Config *config)
Obtain the chain store used by the TLS configuration.
定义 config_cert.c:150
int32_t HITLS_LoadKeyBuffer(HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format)
Read the private key of the device certificate from the buffer.
定义 conn_cert.c:192
HITLS_PasswordCb HITLS_GetDefaultPasswordCb(HITLS_Ctx *ctx)
Callback for obtaining the default password
定义 conn_cert.c:88
int32_t HITLS_LoadCrlFile(HITLS_Ctx *ctx, const char *file, HITLS_ParseFormat format)
Load CRL from file and add it into the verify store of the TLS context.
int32_t HITLS_CFG_AddCertToStore(HITLS_Config *config, HITLS_CERT_X509 *cert, HITLS_CERT_StoreType storeType, bool isClone)
Add the certificate to the certificate store that is being used by the current config.
定义 config_cert.c:514
int32_t HITLS_CFG_LoadCertBuffer(HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format)
Read the device certificate from the buffer.
定义 config_cert.c:293
int32_t HITLS_LoadCrlBuffer(HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format)
Load CRL from buffer and add it into the verify store of the TLS context.
int32_t(* HITLS_CertCb)(HITLS_Ctx *ctx, void *arg)
Process the certificate callback.
定义 hitls_cert.h:931
HITLS_CERT_Store * HITLS_GetVerifyStore(const HITLS_Ctx *ctx)
Obtain the verify store used by the TLS link.
定义 conn_cert.c:34
int32_t HITLS_CFG_SetVerifyStore(HITLS_Config *config, HITLS_CERT_Store *store, bool isClone)
Set the verify store used by the TLS configuration, which is used for certificate verification.
定义 config_cert.c:91
HITLS_CERT_Chain * HITLS_CFG_GetChainCerts(HITLS_Config *config)
Obtain the certificate chain that is being used by the current config.
定义 config_cert.c:626
HITLS_TrustedCAList * HITLS_GetCAList(const HITLS_Ctx *ctx)
Obtain the trusted CA list of the current context.
HITLS_CERT_X509 * HITLS_CFG_ParseCert(HITLS_Config *config, const uint8_t *buf, uint32_t len, HITLS_ParseType type, HITLS_ParseFormat format)
Parse Certificate file or buffer to X509.
定义 config_cert.c:562
HITLS_CERT_X509 * HITLS_GetPeerCertificate(const HITLS_Ctx *ctx)
Obtain the peer certificate.
HITLS_CERT_Store * HITLS_CFG_GetVerifyStore(const HITLS_Config *config)
Obtain the verify store used by the TLS configuration.
定义 config_cert.c:116
int32_t HITLS_SetCertificate(HITLS_Ctx *ctx, HITLS_CERT_X509 *cert, bool isClone)
Add a device certificate. Only one certificate can be added for each type.
定义 conn_cert.c:115
int32_t(* HITLS_PasswordCb)(char *buf, int32_t bufLen, int32_t flag, void *userdata)
Password Callback
定义 hitls_cert.h:227
HITLS_TrustedCAList * HITLS_GetPeerCAList(const HITLS_Ctx *ctx)
Obtain the trusted CA list of the peer end.
int32_t HITLS_LogSecret(HITLS_Ctx *ctx, const char *label, const uint8_t *secret, size_t secretLen)
If logging is enabled, the master key is logged
int32_t HITLS_SetCAList(HITLS_Ctx *ctx, HITLS_TrustedCAList *list)
Set the trusted CA list of the current context.
int32_t HITLS_CheckPrivateKey(HITLS_Ctx *ctx)
Check whether the configured certificate matches the private key.
定义 conn_cert.c:210
int32_t HITLS_CFG_LoadCrlFile(HITLS_Config *config, const char *file, HITLS_ParseFormat format)
Load CRL from file and add it into the verify store of the TLS configuration.
int32_t HITLS_ProviderLoadKeyBuffer(HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, const char *format, const char *type)
Load the private key of the device certificate from the buffer, when the provider is used.
定义 conn_cert.c:182
int32_t HITLS_CFG_RemoveCertAndKey(HITLS_Config *config)
Release all loaded certificates and private keys.
定义 config_cert.c:674
int32_t HITLS_CFG_SetCertificate(HITLS_Config *config, HITLS_CERT_X509 *cert, bool isClone)
Add a device certificate. Only one certificate of each type can be added
定义 config_cert.c:252
int32_t HITLS_SetVerifyCb(HITLS_Ctx *ctx, HITLS_VerifyCb callback)
Set the certificate verification callback function, cb can be NULL.
void(* HITLS_KeyLogCb)(HITLS_Ctx *ctx, const char *line)
Key logging callback
定义 hitls_cert.h:964
int32_t HITLS_CFG_LoadVerifyFile(HITLS_Config *config, const char *file)
Load the verification file from the file.
HITLS_KeyLogCb HITLS_CFG_GetKeyLogCb(HITLS_Config *config)
Callback for obtaining TLS key logs
int32_t HITLS_CFG_LoadCrlBuffer(HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format)
Load CRL from buffer and add it into the verify store of the TLS configuration.
int32_t HITLS_RemoveCertAndKey(HITLS_Ctx *ctx)
Release all loaded certificates and private keys.
定义 conn_cert.c:219
int32_t HITLS_CFG_SetKeyLogCb(HITLS_Config *config, HITLS_KeyLogCb callback)
Sets the callback for recording TLS keys.
int32_t HITLS_CFG_UseCertificateChainFile(HITLS_Config *config, const char *file)
Use the certificate chain file to set the certificate chain.
int32_t HITLS_CFG_ClearExtraChainCerts(HITLS_Config *config)
Release the attached certificate chain.
定义 config_cert.c:664
int32_t HITLS_ClearVerifyCrls(HITLS_Ctx *ctx)
Clear all CRLs in the verify store of the context.
HITLS_VerifyCb HITLS_CFG_GetVerifyCb(HITLS_Config *config)
Obtain the certificate verification callback function.
int32_t HITLS_UseCertificateChainFile(HITLS_Ctx *ctx, const char *file)
Use the certificate chain file to set the certificate chain.
HITLS_CERT_Key * HITLS_CFG_ProviderParseKey(HITLS_Config *config, const uint8_t *buf, uint32_t len, HITLS_ParseType type, const char *format, const char *encodeType)
Parse Certificate file or buffer to X509.
定义 config_cert.c:581
int32_t HITLS_ClearChainCerts(HITLS_Ctx *ctx)
Clear the certificate in the current certificate.
定义 conn_create.c:655
int32_t HITLS_SetVerifyStore(HITLS_Ctx *ctx, HITLS_CERT_Store *store, bool isClone)
Set the verify store used by the TLS link for certificate verification.
定义 conn_cert.c:25
int32_t HITLS_SetVerifyResult(HITLS_Ctx *ctx, HITLS_ERROR verifyResult)
Set the peer certificate verification result of the current context.
定义 conn_ctrl.c:145
int32_t HITLS_BuildCertChain(HITLS_Ctx *ctx, HITLS_BUILD_CHAIN_FLAG flag)
Before establishing a TLS connection, try to form a certificate chain as much as possible according t...
int32_t HITLS_SetPrivateKey(HITLS_Ctx *ctx, HITLS_CERT_Key *key, bool isClone)
Add the private key of the device certificate. Only one private key can be added for each type of cer...
定义 conn_cert.c:153
HITLS_CERT_Key * HITLS_GetPrivateKey(HITLS_Ctx *ctx)
Obtain the private key of the certificate in use.
定义 conn_cert.c:201
int32_t HITLS_CFG_SetPrivateKey(HITLS_Config *config, HITLS_CERT_Key *privateKey, bool isClone)
Add the private key of the device certificate. Only one private key can be added for each type of cer...
定义 config_cert.c:368
int32_t HITLS_LoadCertBuffer(HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format)
Read the device certificate from the buffer.
定义 conn_cert.c:135
int32_t HITLS_CFG_FreeCert(HITLS_Config *config, HITLS_CERT_X509 *cert)
Release the certificate.
定义 config_cert.c:1079
int32_t HITLS_CFG_LoadVerifyDir(HITLS_Config *config, const char *path)
Load the verification file from the directory.
HITLS_CERT_X509 * HITLS_CFG_GetCertificate(const HITLS_Config *config)
Obtain the device certificate in use.
定义 config_cert.c:320
HITLS_CERT_Store * HITLS_CFG_GetCertStore(const HITLS_Config *config)
Obtain the cert store used by the TLS configuration.
定义 config_cert.c:184
HITLS_CERT_Chain * HITLS_GetPeerCertChain(const HITLS_Ctx *ctx)
Obtain the peer certificate chain.
int32_t HITLS_CFG_CheckPrivateKey(HITLS_Config *config)
Check whether the configured certificate matches the private key.
定义 config_cert.c:458
void * HITLS_CFG_GetDefaultPasswordCbUserdata(HITLS_Config *config)
Obtain the user data used by the password callback.
定义 config_cert.c:220
int32_t HITLS_LoadCertFile(HITLS_Ctx *ctx, const char *file, HITLS_ParseFormat format)
Use a file to set the device certificate.
int32_t HITLS_CFG_SetCurrentCert(HITLS_Config *config, long option)
Set the current certificate to the value based on the option parameter.
定义 config_cert.c:617
int32_t HITLS_CFG_LoadKeyBuffer(HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format)
Read the private key of the device certificate from the buffer.
定义 config_cert.c:430
int32_t HITLS_CFG_SetDefaultPasswordCbUserdata(HITLS_Config *config, void *userdata)
Set the user data used by the password callback.
定义 config_cert.c:211
int32_t HITLS_SetDefaultPasswordCb(HITLS_Ctx *ctx, HITLS_PasswordCb cb)
Set the default password callback, cb can be NULL
定义 conn_cert.c:79
int32_t HITLS_LoadVerifyBuffer(HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format)
Load the verification certificates from buffer.
int32_t HITLS_CFG_ParseCAList(HITLS_Config *config, const char *input, uint32_t inputLen, HITLS_ParseType inputType, HITLS_ParseFormat format, HITLS_TrustedCAList **caList)
Load the CA file and parse it into a trusted CA list.
int32_t HITLS_LoadKeyFile(HITLS_Ctx *ctx, const char *file, HITLS_ParseFormat format)
Use the file to set the device private key.
int32_t HITLS_GetVerifyResult(const HITLS_Ctx *ctx, HITLS_ERROR *verifyResult)
Return the peer certificate verification result of the current context.
定义 conn_ctrl.c:155
HITLS_CERT_Store * HITLS_GetChainStore(const HITLS_Ctx *ctx)
Obtain the chain store used by the TLS link.
定义 conn_cert.c:52
int32_t HITLS_ProviderLoadKeyFile(HITLS_Ctx *ctx, const char *file, const char *format, const char *type)
Load the private key of the device certificate from the file, when the provider is used.
int32_t HITLS_CFG_UseCertificateChainBuffer(HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format)
Use the certificate chain buffer to set the certificate chain.
定义 config_cert.c:1261
void * HITLS_GetDefaultPasswordCbUserdata(HITLS_Ctx *ctx)
Obtain the user data used by the default password callback.
定义 conn_cert.c:106
int32_t HITLS_CFG_ProviderLoadKeyBuffer(HITLS_Config *config, const uint8_t *buf, uint32_t bufLen, const char *format, const char *type)
Load the private key of the device certificate from the buffer, when the provider is used.
定义 config_cert.c:412
int32_t HITLS_UseCertificateChainBuffer(HITLS_Ctx *ctx, const uint8_t *buf, uint32_t bufLen, HITLS_ParseFormat format)
Use the certificate chain buffer to set the certificate chain.
定义 conn_cert.c:259
int32_t HITLS_CFG_LoadKeyFile(HITLS_Config *config, const char *file, HITLS_ParseFormat format)
Load the private key of the device certificate from the file.
int32_t HITLS_CFG_BuildCertChain(HITLS_Config *config, HITLS_BUILD_CHAIN_FLAG flag)
Before establishing a TLS connection, try to form a certificate chain as much as possible according t...
int32_t HITLS_SetChainStore(HITLS_Ctx *ctx, HITLS_CERT_Store *store, bool isClone)
Set the chain store used by the TLS link to construct the certificate chain.
定义 conn_cert.c:43
int32_t HITLS_CFG_ClearChainCerts(HITLS_Config *config)
Clear the certificate chain associated with the current certificate.
定义 config_cert.c:636
HITLS_CERT_Store * HITLS_GetCertStore(const HITLS_Ctx *ctx)
Obtain the cert store used by the TLS link.
定义 conn_cert.c:70
int32_t HITLS_CFG_CtrlSetVerifyParams(HITLS_Config *config, HITLS_CERT_Store *store, uint32_t cmd, int64_t in, void *inArg)
Set certificate verification parameters.
定义 config_cert.c:1058
int32_t HITLS_CFG_SetCertCb(HITLS_Config *config, HITLS_CertCb certCb, void *arg)
Sets the processing certificate callback function, which checks the passed ctx structure and sets or ...
int32_t HITLS_CFG_ProviderLoadKeyFile(HITLS_Config *config, const char *file, const char *format, const char *type)
Load the private key of the device certificate from the file, when the provider is used.
int32_t HITLS_CFG_SetChainStore(HITLS_Config *config, HITLS_CERT_Store *store, bool isClone)
Set the chain store used by the TLS configuration, which is used to construct the certificate chain.
定义 config_cert.c:125
int32_t HITLS_CFG_AddExtraChainCert(HITLS_Config *config, HITLS_CERT_X509 *cert)
Add a certificate to the attached certificate chain.
定义 config_cert.c:646
int32_t HITLS_SetDefaultPasswordCbUserdata(HITLS_Ctx *ctx, void *userdata)
Set the user data used by the default password callback.
定义 conn_cert.c:97
HITLS_CERT_Key * HITLS_CFG_ParseKey(HITLS_Config *config, const uint8_t *buf, uint32_t len, HITLS_ParseType type, HITLS_ParseFormat format)
Parse Certificate file or buffer to X509.
定义 config_cert.c:599
HITLS_CERT_X509 * HITLS_GetCertificate(const HITLS_Ctx *ctx)
Obtain the local certificate. Returns the most recently added certificate if it is called before the ...
定义 conn_cert.c:144
int32_t HITLS_CFG_CtrlGetVerifyParams(HITLS_Config *config, HITLS_CERT_Store *store, uint32_t cmd, void *out)
Get certificate verification parameters
定义 config_cert.c:1070
HITLS_CERT_Chain * HITLS_CFG_GetExtraChainCerts(HITLS_Config *config)
Obtain the attached certificate chain.
定义 config_cert.c:655
int32_t HITLS_CFG_SetTlcpPrivateKey(HITLS_Config *config, HITLS_CERT_Key *privateKey, bool isClone, bool isTlcpEncCertPriKey)
Add the private key of the device certificate by the ShangMi(SM) cipher suites. Only one private key ...
int32_t HITLS_SetCertCb(HITLS_Ctx *ctx, HITLS_CertCb certCb, void *arg)
Set the certificate processing callback function. The callback can check the passed ctx structure and...
int32_t HITLS_CFG_SetVerifyCb(HITLS_Config *config, HITLS_VerifyCb callback)
Set the certificate verification callback function, cb can be NULL.
HITLS_VerifyCb HITLS_GetVerifyCb(HITLS_Ctx *ctx)
Obtain the certificate verification callback function.
int32_t HITLS_CtrlGetVerifyParams(HITLS_Ctx *ctx, HITLS_CERT_Store *store, uint32_t cmd, void *out)
Get certificate verification parameters.
定义 conn_create.c:927
int32_t HITLS_CFG_LoadCertFile(HITLS_Config *config, const char *file, HITLS_ParseFormat format)
Load the device certificate from the file.
int32_t HITLS_SetCurrentCert(HITLS_Ctx *ctx, long option)
Set the current certificate to the value based on the option parameter.
定义 conn_create.c:794
int32_t HITLS_CFG_AddChainCert(HITLS_Config *config, HITLS_CERT_X509 *cert, bool isClone)
Add the certificate to the certificate chain that is being used by the current config.
定义 config_cert.c:485
struct TlsCtx HITLS_Ctx
HITLS context
定义 hitls_type.h:35
struct TlsConfig HITLS_Config
config context
定义 hitls_type.h:41
1.15.0