API参考
载入中...
搜索中...
未找到
hitls_pki_types.h
1/*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16#ifndef HITLS_PKI_TYPES_H
17#define HITLS_PKI_TYPES_H
18
19#include <stdint.h>
20#include <stdbool.h>
21#include "bsl_obj.h"
22#include "bsl_types.h"
23#include "bsl_list.h"
24#include "crypt_types.h"
25
26#ifdef __cplusplus
27extern "C" {
28#endif
29
30typedef void HITLS_PKI_LibCtx;
31
32#define HITLS_X509_List BslList
33
34#define HITLS_X509_VERSION_1 0
35#define HITLS_X509_VERSION_2 1
36#define HITLS_X509_VERSION_3 2
37
38/* Key usage */
39#define HITLS_X509_EXT_KU_DIGITAL_SIGN 0x0080
40#define HITLS_X509_EXT_KU_NON_REPUDIATION 0x0040
41#define HITLS_X509_EXT_KU_KEY_ENCIPHERMENT 0x0020
42#define HITLS_X509_EXT_KU_DATA_ENCIPHERMENT 0x0010
43#define HITLS_X509_EXT_KU_KEY_AGREEMENT 0x0008
44#define HITLS_X509_EXT_KU_KEY_CERT_SIGN 0x0004
45#define HITLS_X509_EXT_KU_CRL_SIGN 0x0002
46#define HITLS_X509_EXT_KU_ENCIPHER_ONLY 0x0001
47#define HITLS_X509_EXT_KU_DECIPHER_ONLY 0x8000
48
49typedef enum {
50 HITLS_X509_REF_UP = 0,
51
52 HITLS_X509_GET_ENCODELEN = 0x0100,
53 HITLS_X509_GET_ENCODE,
54 HITLS_X509_GET_PUBKEY,
55 HITLS_X509_GET_SIGNALG,
56 HITLS_X509_GET_SUBJECT_DN_STR,
57 HITLS_X509_GET_ISSUER_DN_STR,
58 HITLS_X509_GET_SERIALNUM_STR,
59 HITLS_X509_GET_BEFORE_TIME_STR,
60 HITLS_X509_GET_AFTER_TIME_STR,
61 HITLS_X509_GET_SUBJECT_DN,
63 HITLS_X509_GET_ISSUER_DN,
65 HITLS_X509_GET_VERSION,
66 HITLS_X509_GET_REVOKELIST,
67 HITLS_X509_GET_SERIALNUM,
68 HITLS_X509_GET_BEFORE_TIME,
69 HITLS_X509_GET_AFTER_TIME,
70 HITLS_X509_GET_SIGN_MDALG,
71 HITLS_X509_GET_ENCODE_SUBJECT_DN,
72 HITLS_X509_IS_SELF_SIGNED,
73 HITLS_X509_GET_SUBJECT_CN_STR,
74
75 HITLS_X509_SET_VERSION = 0x0200,
76 HITLS_X509_SET_SERIALNUM,
77 HITLS_X509_SET_BEFORE_TIME,
78 HITLS_X509_SET_AFTER_TIME,
79 HITLS_X509_SET_PUBKEY,
80 HITLS_X509_SET_SUBJECT_DN,
81 HITLS_X509_SET_ISSUER_DN,
82 HITLS_X509_SET_CSR_EXT,
83 HITLS_X509_ADD_SUBJECT_NAME,
84 HITLS_X509_CRL_ADD_REVOKED_CERT,
85
86 HITLS_X509_EXT_SET_SKI = 0x0400,
87 HITLS_X509_EXT_SET_AKI,
88 HITLS_X509_EXT_SET_KUSAGE,
89 HITLS_X509_EXT_SET_SAN,
90 HITLS_X509_EXT_SET_BCONS,
91 HITLS_X509_EXT_SET_EXKUSAGE,
92 HITLS_X509_EXT_SET_CRLNUMBER,
93 HITLS_X509_EXT_SET_GENERIC,
95
96 HITLS_X509_EXT_GET_SKI = 0x0500,
98 HITLS_X509_EXT_GET_CRLNUMBER,
99 HITLS_X509_EXT_GET_AKI,
100 HITLS_X509_EXT_GET_KUSAGE,
102 HITLS_X509_EXT_GET_BCONS,
103 HITLS_X509_EXT_GET_SAN,
105 HITLS_X509_EXT_GET_GENERIC,
107
108 HITLS_X509_EXT_CHECK_SKI = 0x0600,
109
110 HITLS_X509_CSR_GET_ATTRIBUTES = 0x0700,
111
112 HITLS_X509_SET_VFY_SM2_USER_ID = 0x800,
113} HITLS_X509_Cmd;
114
115typedef enum {
116 HITLS_X509_ATTR_SET_REQUESTED_EXTENSIONS = 0x0100,
117 HITLS_X509_ATTR_GET_REQUESTED_EXTENSIONS = 0x0200,
118} HITLS_X509_AttrCmd;
119
134
135typedef enum {
136 HITLS_X509_GN_EMAIL, // rfc822Name [1] IA5String
137 HITLS_X509_GN_DNS, // dNSName [2] IA5String
138 HITLS_X509_GN_DNNAME, // directoryName [4] Name
139 HITLS_X509_GN_URI, // uniformResourceIdentifier [6] IA5String
140 HITLS_X509_GN_IP, // iPAddress [7] Octet String
141
142 // Other types are not supported yet
143 HITLS_X509_GN_MAX
144} HITLS_X509_GeneralNameType;
145
146/* Distinguish name */
147typedef struct {
148 BslCid cid;
149 uint8_t *data;
150 uint32_t dataLen;
151} HITLS_X509_DN;
152
156typedef struct {
157 HITLS_X509_GeneralNameType type;
158 BSL_Buffer value;
159} HITLS_X509_GeneralName;
160
164typedef struct {
165 bool critical;
166 BSL_Buffer kid; // keyIdentifier: optional
167 BslList *issuerName; // Not supported. authorityCertIssuer: optional, List of HITLS_X509_GeneralName
168 BSL_Buffer serialNum; // Not supported. authorityCertSerialNumber: optional
169} HITLS_X509_ExtAki;
170
174typedef struct {
175 bool critical;
176 BSL_Buffer kid;
177} HITLS_X509_ExtSki;
178
182typedef struct {
183 bool critical;
184 uint32_t keyUsage;
185} HITLS_X509_ExtKeyUsage;
186
190typedef struct {
191 bool critical;
192 BslList *oidList; // Object Identifier: list of BSL_Buffer
193} HITLS_X509_ExtExKeyUsage;
194
198typedef struct {
199 bool critical;
200 BslList *names; // List of HITLS_X509_GeneralName
201} HITLS_X509_ExtSan;
202
206typedef struct {
207 bool critical;
208 bool isCa; // Default to false.
209 int32_t maxPathLen; // Greater than or equal to 0. -1: no check, 0: no intermediate certificate
210} HITLS_X509_ExtBCons;
211
215typedef struct {
216 int32_t algId;
217 union {
218 CRYPT_RSA_PssPara rsaPss;
219 BSL_Buffer sm2UserId;
220 };
221} HITLS_X509_SignAlgParam;
222
226typedef struct {
227 bool critical; // Default to false.
228 BSL_Buffer crlNumber; // crlNumber
229} HITLS_X509_ExtCrlNumber;
230
253
254typedef struct {
255 bool critical;
256 BSL_TIME time;
257} HITLS_X509_RevokeExtTime;
258
259typedef enum {
260 HITLS_X509_CRL_SET_REVOKED_SERIALNUM = 0,
261 HITLS_X509_CRL_SET_REVOKED_REVOKE_TIME,
262 HITLS_X509_CRL_SET_REVOKED_INVALID_TIME,
263 HITLS_X509_CRL_SET_REVOKED_REASON,
264 HITLS_X509_CRL_SET_REVOKED_CERTISSUER,
265
266 HITLS_X509_CRL_GET_REVOKED_SERIALNUM = 0x0100,
267 HITLS_X509_CRL_GET_REVOKED_REVOKE_TIME,
268 HITLS_X509_CRL_GET_REVOKED_INVALID_TIME,
269 HITLS_X509_CRL_GET_REVOKED_REASON,
270 HITLS_X509_CRL_GET_REVOKED_CERTISSUER,
271} HITLS_X509_RevokeCmd;
272
273#define HITLS_X509_REVOKED_REASON_UNSPECIFIED 0
274#define HITLS_X509_REVOKED_REASON_KEY_COMPROMISE 1
275#define HITLS_X509_REVOKED_REASON_CA_COMPROMISE 2
276#define HITLS_X509_REVOKED_REASON_AFFILIATION_CHANGED 3
277#define HITLS_X509_REVOKED_REASON_SUPERSEDED 4
278#define HITLS_X509_REVOKED_REASON_CESSATION_OF_OPERATION 5
279#define HITLS_X509_REVOKED_REASON_CERTIFICATE_HOLD 6
280#define HITLS_X509_REVOKED_REASON_REMOVE_FROM_CRL 8
281#define HITLS_X509_REVOKED_REASON_PRIVILEGE_WITHDRAWN 9
282#define HITLS_X509_REVOKED_REASON_AA_COMPROMISE 10
283
284typedef struct {
285 bool critical;
286 int32_t reason;
287} HITLS_X509_RevokeExtReason;
288
289typedef struct {
290 bool critical;
291 BslList *issuerName; // List of HITLS_X509_GeneralName
292} HITLS_X509_RevokeExtCertIssuer;
293
294typedef enum {
295 HITLS_X509_EXT_TYPE_CSR,
296} HITLS_X509_ExtType;
297
298typedef enum {
299 HITLS_X509_VFY_FLAG_CRL_ALL = 1,
300 HITLS_X509_VFY_FLAG_CRL_DEV = 2,
301 // not support certificate chains with a single trusted and non-self-signed certificate.
302 HITLS_X509_VFY_FLAG_PARTIAL_CHAIN = 4,
303} HITLS_X509_VFY_FLAGS;
304
305typedef enum {
306 HITLS_X509_VFY_PURPOSE_TLS_SERVER = 1,
307 HITLS_X509_VFY_PURPOSE_TLS_CLIENT = 2,
308 HITLS_X509_VFY_PURPOSE_EMAIL_SIGN = 3,
309 HITLS_X509_VFY_PURPOSE_EMAIL_ENCRYPT = 4,
310 HITLS_X509_VFY_PURPOSE_CODE_SIGN = 5,
311 HITLS_X509_VFY_PURPOSE_OCSP_SIGN = 6,
312 HITLS_X509_VFY_PURPOSE_TIMESTAMPING = 7,
313 HITLS_X509_VFY_PURPOSE_ANY = 8
314} HITLS_X509_VFY_PURPOSE;
315
326typedef enum {
327 HITLS_X509_STORECTX_SET_PARAM_DEPTH = 0x0,
328 HITLS_X509_STORECTX_SET_PARAM_FLAGS,
329 HITLS_X509_STORECTX_SET_TIME,
330 HITLS_X509_STORECTX_SET_SECBITS,
331 HITLS_X509_STORECTX_SET_PURPOSE,
332 /* clear flag */
333 HITLS_X509_STORECTX_CLR_PARAM_FLAGS,
334 HITLS_X509_STORECTX_DEEP_COPY_SET_CA,
335 HITLS_X509_STORECTX_SHALLOW_COPY_SET_CA,
336 HITLS_X509_STORECTX_SET_CRL,
337 HITLS_X509_STORECTX_SET_VFY_SM2_USERID,
338 HITLS_X509_STORECTX_SET_VERIFY_CB,
339 HITLS_X509_STORECTX_SET_USR_DATA,
340 HITLS_X509_STORECTX_ADD_CA_PATH,
341 HITLS_X509_STORECTX_CLEAR_CRL,
342 HITLS_X509_STORECTX_SET_DEFAULT_PATH,
343
344 HITLS_X509_STORECTX_REF_UP = 0x0100,
345 HITLS_X509_STORECTX_GET_PARAM_DEPTH,
346 HITLS_X509_STORECTX_GET_VERIFY_CB,
347 HITLS_X509_STORECTX_GET_USR_DATA,
348 HITLS_X509_STORECTX_GET_PARAM_FLAGS,
349
350 /* New commands for the added fields */
351 HITLS_X509_STORECTX_SET_ERROR = 0x0200,
352 HITLS_X509_STORECTX_GET_ERROR,
353 HITLS_X509_STORECTX_GET_CUR_CERT,
354 /*
355 * Indicates the depth of certificate chain verification, starting from 0, representing the entity certificate,
356 * CA certificate,..., root certificate respectively.
357 */
358 HITLS_X509_STORECTX_SET_CUR_DEPTH,
359 HITLS_X509_STORECTX_GET_CUR_DEPTH,
360 HITLS_X509_STORECTX_GET_CERT_CHAIN,
361
362 HITLS_X509_STORECTX_MAX
363} HITLS_X509_StoreCtxCmd;
364
365/* Flags for HITLS_X509_VerifyHostname */
366#define HITLS_X509_FLAG_VFY_WITH_PARTIAL_WILDCARD 0x01
369
374#define HITLS_PKI_PRINT_DN_ONELINE 0
375#define HITLS_PKI_PRINT_DN_MULTILINE 1
376#define HITLS_PKI_PRINT_DN_RFC2253 2 // default flag
377
382typedef enum {
383 HITLS_PKI_SET_PRINT_FLAG, // The default flag is rfc2253. Multi-threading is not supported.
384
385 HITLS_PKI_PRINT_DNNAME,
386 HITLS_PKI_PRINT_DNNAME_HASH,
387
388 HITLS_PKI_PRINT_CERT,
389 HITLS_PKI_PRINT_NEXTUPDATE,
390 HITLS_PKI_PRINT_CSR,
391 HITLS_PKI_PRINT_CRL,
392 HITLS_PKI_PRINT_CERT_BRIEF,
393} HITLS_PKI_PrintCmd;
394
402typedef struct {
403 BSL_Buffer *macPwd;
404 BSL_Buffer *encPwd;
405} HITLS_PKCS12_PwdParam;
406
411typedef struct {
412 uint32_t saltLen;
413 uint32_t itCnt;
414 uint32_t macId;
415 uint8_t *pwd;
416 uint32_t pwdLen;
417} HITLS_PKCS12_KdfParam;
418
419typedef struct {
420 void *para;
421 int32_t algId;
422} HITLS_PKCS12_MacParam;
423
428typedef struct {
429 CRYPT_EncodeParam encParam;
430 HITLS_PKCS12_MacParam macParam;
431} HITLS_PKCS12_EncodeParam;
432
433typedef enum {
434 HITLS_PKCS12_GEN_LOCALKEYID = 0x01,
435 HITLS_PKCS12_SET_ENTITY_KEYBAG,
436 HITLS_PKCS12_SET_ENTITY_CERTBAG,
437 HITLS_PKCS12_ADD_CERTBAG,
438 HITLS_PKCS12_GET_ENTITY_CERT,
439 HITLS_PKCS12_GET_ENTITY_KEY,
440 HITLS_PKCS12_GET_SECRETBAGS,
442 HITLS_PKCS12_ADD_SECRETBAG,
443 HITLS_PKCS12_GET_ENTITY_CERTBAG,
444 HITLS_PKCS12_GET_ENTITY_KEYBAG,
445 HITLS_PKCS12_ADD_KEYBAG,
446 HITLS_PKCS12_GET_KEYBAGS,
448 HITLS_PKCS12_GET_CERTBAGS,
450 HITLS_PKCS12_ADD_CRLBAG,
451 HITLS_PKCS12_GET_CRLBAGS,
453} HITLS_PKCS12_Cmd;
454
455typedef enum {
456 HITLS_PKCS12_BAG_ADD_ATTR,
457 HITLS_PKCS12_BAG_GET_ATTR,
458 HITLS_PKCS12_BAG_GET_VALUE,
459 HITLS_PKCS12_BAG_GET_ID,
460 HITLS_PKCS12_BAG_GET_TYPE,
461} HITLS_PKCS12_BagCmd;
462
463typedef enum {
464 HITLS_CMS_ADD_CERT = 0,
465 HITLS_CMS_ADD_CRL,
466
467 HITLS_CMS_SET_MSG_MD = 0x0101,
468} HITLS_CMS_Cmd;
469
473typedef enum {
474 HITLS_CMS_OPT_SIGN = 0x01,
475 HITLS_CMS_OPT_VERIFY = 0x02,
476} HITLS_CMS_Option;
477
478#ifdef __cplusplus
479}
480#endif
481
482#endif // HITLS_PKI_TYPES_H
BslCid
BslCid
定义 bsl_obj.h:36
BSL_Buffer
定义 bsl_types.h:40
BSL_TIME
Basic time data structure definition.
定义 bsl_sal.h:583
BslList
定义 bsl_list.h:49
CRYPT_EncodeParam
定义 crypt_types.h:931
CRYPT_RSA_PssPara
定义 crypt_types.h:92
HITLS_PKCS12_EncodeParam
定义 hitls_pki_types.h:428
HITLS_PKCS12_KdfParam
定义 hitls_pki_types.h:411
HITLS_PKCS12_MacParam
定义 hitls_pki_types.h:419
HITLS_PKCS12_PwdParam
Structure for PKCS12 password parameters Only characters in the ASCii code table can be used as input...
定义 hitls_pki_types.h:402
HITLS_X509_DN
定义 hitls_pki_types.h:147
HITLS_X509_ExtAki
定义 hitls_pki_types.h:164
HITLS_X509_ExtBCons
定义 hitls_pki_types.h:206
HITLS_X509_ExtCrlNumber
定义 hitls_pki_types.h:226
HITLS_X509_ExtExKeyUsage
定义 hitls_pki_types.h:190
HITLS_X509_ExtGeneric
定义 hitls_pki_types.h:248
HITLS_X509_ExtGeneric::critical
bool critical
定义 hitls_pki_types.h:249
HITLS_X509_ExtGeneric::oid
BSL_Buffer oid
定义 hitls_pki_types.h:250
HITLS_X509_ExtGeneric::value
BSL_Buffer value
定义 hitls_pki_types.h:251
HITLS_X509_ExtKeyUsage
定义 hitls_pki_types.h:182
HITLS_X509_ExtSan
定义 hitls_pki_types.h:198
HITLS_X509_ExtSki
定义 hitls_pki_types.h:174
HITLS_X509_GeneralName
定义 hitls_pki_types.h:156
HITLS_X509_RevokeExtCertIssuer
定义 hitls_pki_types.h:289
HITLS_X509_RevokeExtReason
定义 hitls_pki_types.h:284
HITLS_X509_RevokeExtTime
定义 hitls_pki_types.h:254
HITLS_X509_SignAlgParam
Signature algorithm parameters.
定义 hitls_pki_types.h:215
HITLS_X509_SignAlgParam::algId
int32_t algId
定义 hitls_pki_types.h:216
HITLS_X509_SignAlgParam::rsaPss
CRYPT_RSA_PssPara rsaPss
定义 hitls_pki_types.h:218