tls_certificate.h File Reference

X.509 certificate handling. More...

#include "tls.h"
#include "pkix/x509_common.h"

Go to the source code of this file.

Functions

error_t tlsFormatCertificateList (TlsContext *context, uint8_t *p, size_t *written)
 Format certificate chain. More...
 
error_t tlsFormatRawPublicKey (TlsContext *context, uint8_t *p, size_t *written)
 Format raw public key. More...
 
error_t tlsParseCertificateList (TlsContext *context, const uint8_t *p, size_t length)
 Parse certificate chain. More...
 
error_t tlsParseRawPublicKey (TlsContext *context, const uint8_t *p, size_t length)
 Parse raw public key. More...
 
bool_t tlsIsCertificateAcceptable (TlsContext *context, const TlsCertDesc *cert, const uint8_t *certTypes, size_t numCertTypes, const TlsSupportedGroupList *curveList, const TlsSignSchemeList *certSignAlgoList, const TlsCertAuthorities *certAuthorities)
 Check whether a certificate is acceptable. More...
 
error_t tlsValidateCertificate (TlsContext *context, const X509CertInfo *certInfo, uint_t pathLen, const char_t *subjectName)
 Verify certificate against root CAs. More...
 
error_t tlsGetCertificateType (const X509CertInfo *certInfo, TlsCertificateType *certType, TlsNamedGroup *namedCurve)
 Retrieve the certificate type. More...
 
error_t tlsGetCertificateSignAlgo (const X509CertInfo *certInfo, TlsSignatureScheme *signScheme)
 Retrieve the signature algorithm used to sign the certificate. More...
 
error_t tlsReadSubjectPublicKey (TlsContext *context, const X509SubjectPublicKeyInfo *subjectPublicKeyInfo)
 Extract the subject public key from the received certificate. More...
 
error_t tlsCheckKeyUsage (const X509CertInfo *certInfo, TlsConnectionEnd entity, TlsKeyExchMethod keyExchMethod)
 Check certificate key usage. More...
 

Detailed Description

X.509 certificate handling.

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneSSL Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.4.4

Definition in file tls_certificate.h.

Function Documentation

◆ tlsCheckKeyUsage()

error_t tlsCheckKeyUsage ( const X509CertInfo certInfo,
TlsConnectionEnd  entity,
TlsKeyExchMethod  keyExchMethod 
)

Check certificate key usage.

Parameters
[in]certInfoPointer to the X.509 certificate
[in]entitySpecifies whether this entity is considered a client or a server
[in]keyExchMethodTLS key exchange method
Returns
Error code

Definition at line 1752 of file tls_certificate.c.

◆ tlsFormatCertificateList()

error_t tlsFormatCertificateList ( TlsContext context,
uint8_t *  p,
size_t *  written 
)

Format certificate chain.

Parameters
[in]contextPointer to the TLS context
[in]pOutput stream where to write the certificate chain
[out]writtenTotal number of bytes that have been written
Returns
Error code

Definition at line 60 of file tls_certificate.c.

◆ tlsFormatRawPublicKey()

error_t tlsFormatRawPublicKey ( TlsContext context,
uint8_t *  p,
size_t *  written 
)

Format raw public key.

Parameters
[in]contextPointer to the TLS context
[in]pOutput stream where to write the raw public key
[out]writtenTotal number of bytes that have been written
Returns
Error code

Definition at line 160 of file tls_certificate.c.

◆ tlsGetCertificateSignAlgo()

error_t tlsGetCertificateSignAlgo ( const X509CertInfo certInfo,
TlsSignatureScheme signScheme 
)

Retrieve the signature algorithm used to sign the certificate.

Parameters
[in]certInfoX.509 certificate
[out]signSchemeSignature scheme
Returns
Error code

Definition at line 1278 of file tls_certificate.c.

◆ tlsGetCertificateType()

error_t tlsGetCertificateType ( const X509CertInfo certInfo,
TlsCertificateType certType,
TlsNamedGroup namedCurve 
)

Retrieve the certificate type.

Parameters
[in]certInfoX.509 certificate
[out]certTypeCertificate type
[out]namedCurveElliptic curve (only for ECDSA certificates)
Returns
Error code

Definition at line 1158 of file tls_certificate.c.

◆ tlsIsCertificateAcceptable()

bool_t tlsIsCertificateAcceptable ( TlsContext context,
const TlsCertDesc cert,
const uint8_t *  certTypes,
size_t  numCertTypes,
const TlsSupportedGroupList curveList,
const TlsSignSchemeList certSignAlgoList,
const TlsCertAuthorities certAuthorities 
)

Check whether a certificate is acceptable.

Parameters
[in]contextPointer to the TLS context
[in]certEnd entity certificate
[in]certTypesList of supported certificate types
[in]numCertTypesSize of the list that contains the supported certificate types
[in]curveListList of supported elliptic curves
[in]certSignAlgoListList of signature algorithms that may be used in X.509 certificates
[in]certAuthoritiesList of trusted CA
Returns
TRUE if the specified certificate conforms to the requirements, else FALSE

Definition at line 720 of file tls_certificate.c.

◆ tlsParseCertificateList()

error_t tlsParseCertificateList ( TlsContext context,
const uint8_t *  p,
size_t  length 
)

Parse certificate chain.

Parameters
[in]contextPointer to the TLS context
[in]pInput stream where to read the certificate chain
[in]lengthNumber of bytes available in the input stream
Returns
Error code

Definition at line 287 of file tls_certificate.c.

◆ tlsParseRawPublicKey()

error_t tlsParseRawPublicKey ( TlsContext context,
const uint8_t *  p,
size_t  length 
)

Parse raw public key.

Parameters
[in]contextPointer to the TLS context
[in]pInput stream where to read the raw public key
[in]lengthNumber of bytes available in the input stream
Returns
Error code

Definition at line 602 of file tls_certificate.c.

◆ tlsReadSubjectPublicKey()

error_t tlsReadSubjectPublicKey ( TlsContext context,
const X509SubjectPublicKeyInfo subjectPublicKeyInfo 
)

Extract the subject public key from the received certificate.

Parameters
[in]contextPointer to the TLS context
[in]subjectPublicKeyInfoPointer to the subject's public key
Returns
Error code

Definition at line 1470 of file tls_certificate.c.

◆ tlsValidateCertificate()

error_t tlsValidateCertificate ( TlsContext context,
const X509CertInfo certInfo,
uint_t  pathLen,
const char_t subjectName 
)

Verify certificate against root CAs.

Parameters
[in]contextPointer to the TLS context
[in]certInfoX.509 certificate to be verified
[in]pathLenCertificate path length
[in]subjectNameSubject name (optional parameter)
Returns
Error code

Definition at line 995 of file tls_certificate.c.