hs_cert.h

/*
 * This file is part of the openHiTLS project.
 *
 * openHiTLS is licensed under the Mulan PSL v2.
 * You can use this software according to the terms and conditions of the Mulan PSL v2.
 * You may obtain a copy of Mulan PSL v2 at:
 *
 *     http://license.coscl.org.cn/MulanPSL2
 *
 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
 * See the Mulan PSL v2 for more details.
 */
 
#ifndef RECV_COMMON_H
#define RECV_COMMON_H
 
#include <stdint.h>
#include "tls.h"
#include "cipher_suite.h"
 
#ifdef __cplusplus
extern "C" {
#endif
 
/* Information used to describe the expected certificate */
typedef struct {
    /* The server must select the certificate matching the cipher suite. The client has no such restriction. */
    CERT_Type certType;
    uint16_t *signSchemeList;       /* certificate signature algorithm list */
    uint32_t signSchemeNum;         /* number of certificate signature algorithms */
    uint16_t *ellipticCurveList;    /* EC curve ID list */
    uint32_t ellipticCurveNum;      /* number of EC curve IDs */
    uint8_t *ecPointFormatList;     /* EC point format list */
    uint32_t ecPointFormatNum;      /* number of EC point formats */
    HITLS_TrustedCAList *caList;    /* trusted CA list */
} CERT_ExpectInfo;

int32_t HS_CheckCertInfo(HITLS_Ctx *ctx, const CERT_ExpectInfo *expectCertInfo, HITLS_CERT_X509 *cert,
    bool isNegotiateSignAlgo, bool signCheck);

int32_t HS_SelectCertByInfo(HITLS_Ctx *ctx, CERT_ExpectInfo *info);
 
CERT_Type CertKeyType2CertType(HITLS_CERT_KeyType keyType);
 
#ifdef __cplusplus
}
#endif
 
#endif