X.509 certificate validation. More...
#include "core/crypto.h"
#include "pkix/x509_cert_parse.h"
#include "pkix/x509_cert_ext_parse.h"
#include "pkix/x509_cert_validate.h"
#include "pkix/x509_sign_verify.h"
#include "debug.h"
Go to the source code of this file.
Macros | |
#define | TRACE_LEVEL CRYPTO_TRACE_LEVEL |
Functions | |
error_t | x509ValidateCertificate (const X509CertInfo *certInfo, const X509CertInfo *issuerCertInfo, uint_t pathLen) |
X.509 certificate validation. More... | |
error_t | x509CheckSubjectName (const X509CertInfo *certInfo, const char_t *fqdn) |
Check whether the certificate matches the specified FQDN. More... | |
error_t | x509CheckNameConstraints (const char_t *subjectName, const X509CertInfo *certInfo) |
Check name constraints. More... | |
bool_t | x509CompareName (const uint8_t *name1, size_t nameLen1, const uint8_t *name2, size_t nameLen2) |
Compare distinguished names. More... | |
bool_t | x509CompareSubjectName (const char_t *subjectName, size_t subjectNameLen, const char_t *fqdn) |
Check whether the subject name matches the specified FQDN. More... | |
bool_t | x509CompareSubtree (const char_t *subjectName, const char_t *subtree, size_t subtreeLen) |
Compare a subject name against the specified subtree. More... | |
bool_t | x509CompareIpAddr (const uint8_t *ipAddr, size_t ipAddrLen, const char_t *str) |
Check whether the IP address matches the specified string. More... | |
error_t | x509ParseIpv4Addr (const char_t *str, uint8_t *ipAddr) |
Convert a dot-decimal string to a binary IPv4 address. More... | |
error_t | x509ParseIpv6Addr (const char_t *str, uint8_t *ipAddr) |
Convert a string representation of an IPv6 address to a binary IPv6 address. More... | |
Detailed Description
X.509 certificate validation.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneCRYPTO Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.4.4
Definition in file x509_cert_validate.c.
Macro Definition Documentation
◆ TRACE_LEVEL
#define TRACE_LEVEL CRYPTO_TRACE_LEVEL |
Definition at line 32 of file x509_cert_validate.c.
Function Documentation
◆ x509CheckNameConstraints()
error_t x509CheckNameConstraints | ( | const char_t * | subjectName, |
const X509CertInfo * | certInfo | ||
) |
Check name constraints.
- Parameters
-
[in] subjectName Subject name to be verified [in] certInfo Pointer to the CA certificate
- Returns
- Error code
Definition at line 258 of file x509_cert_validate.c.
◆ x509CheckSubjectName()
error_t x509CheckSubjectName | ( | const X509CertInfo * | certInfo, |
const char_t * | fqdn | ||
) |
Check whether the certificate matches the specified FQDN.
- Parameters
-
[in] certInfo Pointer to the X.509 certificate [in] fqdn NULL-terminated string that contains the fully-qualified domain name
- Returns
- Error code
Definition at line 149 of file x509_cert_validate.c.
◆ x509CompareIpAddr()
Check whether the IP address matches the specified string.
- Parameters
-
[in] ipAddr Binary representation of the IP address [in] ipAddrLen Length of the IP address, in bytes [in] str NULL-terminated string representing an IP address
- Returns
- TRUE if the IP address matches the specified string, else FALSE
Definition at line 583 of file x509_cert_validate.c.
◆ x509CompareName()
bool_t x509CompareName | ( | const uint8_t * | name1, |
size_t | nameLen1, | ||
const uint8_t * | name2, | ||
size_t | nameLen2 | ||
) |
Compare distinguished names.
- Parameters
-
[in] name1 Pointer to the first distinguished name [in] nameLen1 Length of the first distinguished name [in] name2 Pointer to the second distinguished name [in] nameLen2 Length of the second distinguished name
- Returns
- Comparison result
Definition at line 430 of file x509_cert_validate.c.
◆ x509CompareSubjectName()
bool_t x509CompareSubjectName | ( | const char_t * | subjectName, |
size_t | subjectNameLen, | ||
const char_t * | fqdn | ||
) |
Check whether the subject name matches the specified FQDN.
- Parameters
-
[in] subjectName Subject name [in] subjectNameLen Length of the subject name [in] fqdn NULL-terminated string that contains the fully-qualified domain name
- Returns
- TRUE if the subject name matches the specified FQDN, else FALSE
Definition at line 454 of file x509_cert_validate.c.
◆ x509CompareSubtree()
Compare a subject name against the specified subtree.
- Parameters
-
[in] subjectName NULL-terminated string that contains the subject name [in] subtree Pointer to the subtree [in] subtreeLen Length of the subtree
- Returns
- Comparison result
Definition at line 527 of file x509_cert_validate.c.
◆ x509ParseIpv4Addr()
Convert a dot-decimal string to a binary IPv4 address.
- Parameters
-
[in] str NULL-terminated string representing the IPv4 address [out] ipAddr Binary representation of the IPv4 address
- Returns
- Error code
Definition at line 641 of file x509_cert_validate.c.
◆ x509ParseIpv6Addr()
Convert a string representation of an IPv6 address to a binary IPv6 address.
- Parameters
-
[in] str NULL-terminated string representing the IPv6 address [out] ipAddr Binary representation of the IPv6 address
- Returns
- Error code
Definition at line 728 of file x509_cert_validate.c.
◆ x509ValidateCertificate()
error_t x509ValidateCertificate | ( | const X509CertInfo * | certInfo, |
const X509CertInfo * | issuerCertInfo, | ||
uint_t | pathLen | ||
) |
X.509 certificate validation.
- Parameters
-
[in] certInfo X.509 certificate to be verified [in] issuerCertInfo Issuer's certificate [in] pathLen Certificate path length
- Returns
- Error code
Definition at line 54 of file x509_cert_validate.c.