tls_certificate.h File Reference

Certificate handling. More...

#include "tls.h"
#include "certificate/x509_common.h"

Go to the source code of this file.

Functions

error_t tlsFormatCertificateList (TlsContext *context, uint8_t *p, size_t *written)
 Format certificate chain. More...
 
error_t tlsFormatRawPublicKey (TlsContext *context, uint8_t *p, size_t *written)
 Format raw public key. More...
 
error_t tlsParseCertificateList (TlsContext *context, const uint8_t *p, size_t length)
 Parse certificate chain. More...
 
error_t tlsParseRawPublicKey (TlsContext *context, const uint8_t *p, size_t length)
 Parse raw public key. More...
 
bool_t tlsIsCertificateAcceptable (TlsContext *context, const TlsCertDesc *cert, const uint8_t *certTypes, size_t numCertTypes, const TlsSignHashAlgos *signHashAlgos, const TlsSignHashAlgos *certSignHashAlgos, const TlsSupportedGroupList *curveList, const TlsCertAuthorities *certAuthorities)
 Check whether a certificate is acceptable. More...
 
bool_t tlsIsCertificateValid (const X509CertificateInfo *certInfo, const char_t *trustedCaList, size_t trustedCaListLen, uint_t pathLength, const char_t *subjectName)
 Verify certificate against root CAs. More...
 
error_t tlsGetCertificateType (const X509CertificateInfo *certInfo, TlsCertificateType *certType, TlsSignatureAlgo *certSignAlgo, TlsHashAlgo *certHashAlgo, TlsNamedGroup *namedCurve)
 Retrieve the certificate type. More...
 
error_t tlsReadSubjectPublicKey (TlsContext *context, const X509SubjectPublicKeyInfo *subjectPublicKeyInfo)
 Extract the subject public key from the received certificate. More...
 
error_t tlsCheckKeyUsage (const X509CertificateInfo *certInfo, TlsConnectionEnd entity, TlsKeyExchMethod keyExchMethod)
 Check certificate key usage. More...
 

Detailed Description

Certificate handling.

License

Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneSSL Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
1.9.0

Definition in file tls_certificate.h.

Function Documentation

◆ tlsCheckKeyUsage()

error_t tlsCheckKeyUsage ( const X509CertificateInfo certInfo,
TlsConnectionEnd  entity,
TlsKeyExchMethod  keyExchMethod 
)

Check certificate key usage.

Parameters
[in]certInfoPointer to the X.509 certificate
[in]entitySpecifies whether this entity is considered a client or a server
[in]keyExchMethodTLS key exchange method
Returns
Error code

Definition at line 1880 of file tls_certificate.c.

◆ tlsFormatCertificateList()

error_t tlsFormatCertificateList ( TlsContext context,
uint8_t *  p,
size_t *  written 
)

Format certificate chain.

Parameters
[in]contextPointer to the TLS context
[in]pOutput stream where to write the certificate chain
[out]writtenTotal number of bytes that have been written
Returns
Error code

Definition at line 57 of file tls_certificate.c.

◆ tlsFormatRawPublicKey()

error_t tlsFormatRawPublicKey ( TlsContext context,
uint8_t *  p,
size_t *  written 
)

Format raw public key.

Parameters
[in]contextPointer to the TLS context
[in]pOutput stream where to write the raw public key
[out]writtenTotal number of bytes that have been written
Returns
Error code

Definition at line 163 of file tls_certificate.c.

◆ tlsGetCertificateType()

error_t tlsGetCertificateType ( const X509CertificateInfo certInfo,
TlsCertificateType certType,
TlsSignatureAlgo certSignAlgo,
TlsHashAlgo certHashAlgo,
TlsNamedGroup namedCurve 
)

Retrieve the certificate type.

Parameters
[in]certInfoX.509 certificate
[out]certTypeCertificate type
[out]certSignAlgoSignature algorithm that has been used to sign the certificate
[out]certHashAlgoHash algorithm that has been used to sign the certificate
[out]namedCurveElliptic curve (only for ECDSA certificates)
Returns
Error code

Definition at line 1332 of file tls_certificate.c.

◆ tlsIsCertificateAcceptable()

bool_t tlsIsCertificateAcceptable ( TlsContext context,
const TlsCertDesc cert,
const uint8_t *  certTypes,
size_t  numCertTypes,
const TlsSignHashAlgos signHashAlgos,
const TlsSignHashAlgos certSignHashAlgos,
const TlsSupportedGroupList curveList,
const TlsCertAuthorities certAuthorities 
)

Check whether a certificate is acceptable.

Parameters
[in]contextPointer to the TLS context
[in]certEnd entity certificate
[in]certTypesList of supported certificate types
[in]numCertTypesSize of the list that contains the supported certificate types
[in]signHashAlgosList of signature algorithms that may be used in digital signatures
[in]certSignHashAlgosList of signature algorithms that may be used in X.509 certificates
[in]curveListList of supported elliptic curves
[in]certAuthoritiesList of trusted CA
Returns
TRUE if the specified certificate conforms to the requirements, else FALSE

Definition at line 703 of file tls_certificate.c.

◆ tlsIsCertificateValid()

bool_t tlsIsCertificateValid ( const X509CertificateInfo certInfo,
const char_t trustedCaList,
size_t  trustedCaListLen,
uint_t  pathLength,
const char_t subjectName 
)

Verify certificate against root CAs.

Parameters
[in]certInfoX.509 certificate to be verified
[in]trustedCaListList of trusted CA (PEM format)
[in]trustedCaListLenTotal length of the list
[in]pathLengthCertificate path length
[in]subjectNameSubject name (optional parameter)
Returns
TRUE if the certificate is issued by a trusted CA, else FALSE

Definition at line 1241 of file tls_certificate.c.

◆ tlsParseCertificateList()

error_t tlsParseCertificateList ( TlsContext context,
const uint8_t *  p,
size_t  length 
)

Parse certificate chain.

Parameters
[in]contextPointer to the TLS context
[in]pInput stream where to read the certificate chain
[in]lengthNumber of bytes available in the input stream
Returns
Error code

Definition at line 283 of file tls_certificate.c.

◆ tlsParseRawPublicKey()

error_t tlsParseRawPublicKey ( TlsContext context,
const uint8_t *  p,
size_t  length 
)

Parse raw public key.

Parameters
[in]contextPointer to the TLS context
[in]pInput stream where to read the raw public key
[in]lengthNumber of bytes available in the input stream
Returns
Error code

Definition at line 583 of file tls_certificate.c.

◆ tlsReadSubjectPublicKey()

error_t tlsReadSubjectPublicKey ( TlsContext context,
const X509SubjectPublicKeyInfo subjectPublicKeyInfo 
)

Extract the subject public key from the received certificate.

Parameters
[in]contextPointer to the TLS context
[in]subjectPublicKeyInfoPointer to the subject's public key
Returns
Error code

Definition at line 1613 of file tls_certificate.c.