X.509 certificate handling. More...
Go to the source code of this file.
Functions | |
error_t | tlsFormatCertificateList (TlsContext *context, uint8_t *p, size_t *written) |
Format certificate chain. More... | |
error_t | tlsFormatRawPublicKey (TlsContext *context, uint8_t *p, size_t *written) |
Format raw public key. More... | |
error_t | tlsParseCertificateList (TlsContext *context, const uint8_t *p, size_t length) |
Parse certificate chain. More... | |
error_t | tlsParseRawPublicKey (TlsContext *context, const uint8_t *p, size_t length) |
Parse raw public key. More... | |
bool_t | tlsIsCertificateAcceptable (TlsContext *context, const TlsCertDesc *cert, const uint8_t *certTypes, size_t numCertTypes, const TlsSupportedGroupList *curveList, const TlsSignSchemeList *certSignAlgoList, const TlsCertAuthorities *certAuthorities) |
Check whether a certificate is acceptable. More... | |
error_t | tlsValidateCertificate (TlsContext *context, const X509CertInfo *certInfo, uint_t pathLen, const char_t *subjectName) |
Verify certificate against root CAs. More... | |
error_t | tlsGetCertificateType (const X509CertInfo *certInfo, TlsCertificateType *certType, TlsNamedGroup *namedCurve) |
Retrieve the certificate type. More... | |
error_t | tlsGetCertificateSignAlgo (const X509CertInfo *certInfo, TlsSignatureScheme *signScheme) |
Retrieve the signature algorithm used to sign the certificate. More... | |
error_t | tlsReadSubjectPublicKey (TlsContext *context, const X509SubjectPublicKeyInfo *subjectPublicKeyInfo) |
Extract the subject public key from the received certificate. More... | |
error_t | tlsCheckKeyUsage (const X509CertInfo *certInfo, TlsConnectionEnd entity, TlsKeyExchMethod keyExchMethod) |
Check certificate key usage. More... | |
Detailed Description
X.509 certificate handling.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneSSL Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.4.4
Definition in file tls_certificate.h.
Function Documentation
◆ tlsCheckKeyUsage()
error_t tlsCheckKeyUsage | ( | const X509CertInfo * | certInfo, |
TlsConnectionEnd | entity, | ||
TlsKeyExchMethod | keyExchMethod | ||
) |
Check certificate key usage.
- Parameters
-
[in] certInfo Pointer to the X.509 certificate [in] entity Specifies whether this entity is considered a client or a server [in] keyExchMethod TLS key exchange method
- Returns
- Error code
Definition at line 1752 of file tls_certificate.c.
◆ tlsFormatCertificateList()
error_t tlsFormatCertificateList | ( | TlsContext * | context, |
uint8_t * | p, | ||
size_t * | written | ||
) |
Format certificate chain.
- Parameters
-
[in] context Pointer to the TLS context [in] p Output stream where to write the certificate chain [out] written Total number of bytes that have been written
- Returns
- Error code
Definition at line 60 of file tls_certificate.c.
◆ tlsFormatRawPublicKey()
error_t tlsFormatRawPublicKey | ( | TlsContext * | context, |
uint8_t * | p, | ||
size_t * | written | ||
) |
Format raw public key.
- Parameters
-
[in] context Pointer to the TLS context [in] p Output stream where to write the raw public key [out] written Total number of bytes that have been written
- Returns
- Error code
Definition at line 160 of file tls_certificate.c.
◆ tlsGetCertificateSignAlgo()
error_t tlsGetCertificateSignAlgo | ( | const X509CertInfo * | certInfo, |
TlsSignatureScheme * | signScheme | ||
) |
Retrieve the signature algorithm used to sign the certificate.
- Parameters
-
[in] certInfo X.509 certificate [out] signScheme Signature scheme
- Returns
- Error code
Definition at line 1278 of file tls_certificate.c.
◆ tlsGetCertificateType()
error_t tlsGetCertificateType | ( | const X509CertInfo * | certInfo, |
TlsCertificateType * | certType, | ||
TlsNamedGroup * | namedCurve | ||
) |
Retrieve the certificate type.
- Parameters
-
[in] certInfo X.509 certificate [out] certType Certificate type [out] namedCurve Elliptic curve (only for ECDSA certificates)
- Returns
- Error code
Definition at line 1158 of file tls_certificate.c.
◆ tlsIsCertificateAcceptable()
bool_t tlsIsCertificateAcceptable | ( | TlsContext * | context, |
const TlsCertDesc * | cert, | ||
const uint8_t * | certTypes, | ||
size_t | numCertTypes, | ||
const TlsSupportedGroupList * | curveList, | ||
const TlsSignSchemeList * | certSignAlgoList, | ||
const TlsCertAuthorities * | certAuthorities | ||
) |
Check whether a certificate is acceptable.
- Parameters
-
[in] context Pointer to the TLS context [in] cert End entity certificate [in] certTypes List of supported certificate types [in] numCertTypes Size of the list that contains the supported certificate types [in] curveList List of supported elliptic curves [in] certSignAlgoList List of signature algorithms that may be used in X.509 certificates [in] certAuthorities List of trusted CA
- Returns
- TRUE if the specified certificate conforms to the requirements, else FALSE
Definition at line 720 of file tls_certificate.c.
◆ tlsParseCertificateList()
error_t tlsParseCertificateList | ( | TlsContext * | context, |
const uint8_t * | p, | ||
size_t | length | ||
) |
Parse certificate chain.
- Parameters
-
[in] context Pointer to the TLS context [in] p Input stream where to read the certificate chain [in] length Number of bytes available in the input stream
- Returns
- Error code
Definition at line 287 of file tls_certificate.c.
◆ tlsParseRawPublicKey()
error_t tlsParseRawPublicKey | ( | TlsContext * | context, |
const uint8_t * | p, | ||
size_t | length | ||
) |
Parse raw public key.
- Parameters
-
[in] context Pointer to the TLS context [in] p Input stream where to read the raw public key [in] length Number of bytes available in the input stream
- Returns
- Error code
Definition at line 602 of file tls_certificate.c.
◆ tlsReadSubjectPublicKey()
error_t tlsReadSubjectPublicKey | ( | TlsContext * | context, |
const X509SubjectPublicKeyInfo * | subjectPublicKeyInfo | ||
) |
Extract the subject public key from the received certificate.
- Parameters
-
[in] context Pointer to the TLS context [in] subjectPublicKeyInfo Pointer to the subject's public key
- Returns
- Error code
Definition at line 1470 of file tls_certificate.c.
◆ tlsValidateCertificate()
error_t tlsValidateCertificate | ( | TlsContext * | context, |
const X509CertInfo * | certInfo, | ||
uint_t | pathLen, | ||
const char_t * | subjectName | ||
) |
Verify certificate against root CAs.
- Parameters
-
[in] context Pointer to the TLS context [in] certInfo X.509 certificate to be verified [in] pathLen Certificate path length [in] subjectName Subject name (optional parameter)
- Returns
- Error code
Definition at line 995 of file tls_certificate.c.