X.509 certificate validation. More...

#include "core/crypto.h"
#include "pkix/x509_cert_parse.h"
#include "pkix/x509_cert_ext_parse.h"
#include "pkix/x509_cert_validate.h"
#include "pkix/x509_sign_verify.h"
#include "debug.h"

Macros
#define	TRACE_LEVEL CRYPTO_TRACE_LEVEL

Functions
error_t	x509ValidateCertificate (const X509CertInfo certInfo, const X509CertInfo issuerCertInfo, uint_t pathLen)
	X.509 certificate validation. More...

error_t	x509CheckSubjectName (const X509CertInfo certInfo, const char_t fqdn)
	Check whether the certificate matches the specified FQDN. More...

error_t	x509CheckNameConstraints (const char_t subjectName, const X509CertInfo certInfo)
	Check name constraints. More...

bool_t	x509CompareName (const uint8_t name1, size_t nameLen1, const uint8_t name2, size_t nameLen2)
	Compare distinguished names. More...

bool_t	x509CompareSubjectName (const char_t subjectName, size_t subjectNameLen, const char_t fqdn)
	Check whether the subject name matches the specified FQDN. More...

bool_t	x509CompareSubtree (const char_t subjectName, const char_t subtree, size_t subtreeLen)
	Compare a subject name against the specified subtree. More...

bool_t	x509CompareIpAddr (const uint8_t ipAddr, size_t ipAddrLen, const char_t str)
	Check whether the IP address matches the specified string. More...

error_t	x509ParseIpv4Addr (const char_t str, uint8_t ipAddr)
	Convert a dot-decimal string to a binary IPv4 address. More...

error_t	x509ParseIpv6Addr (const char_t str, uint8_t ipAddr)
	Convert a string representation of an IPv6 address to a binary IPv6 address. More...

Detailed Description

X.509 certificate validation.

License

SPDX-License-Identifier: GPL-2.0-or-later

This file is part of CycloneCRYPTO Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author: Oryx Embedded SARL (www.oryx-embedded.com)

Version: 2.4.4

Definition in file x509_cert_validate.c.

Macro Definition Documentation

◆ TRACE_LEVEL

#define TRACE_LEVEL CRYPTO_TRACE_LEVEL

Definition at line 32 of file x509_cert_validate.c.

Function Documentation

◆ x509CheckNameConstraints()

error_t x509CheckNameConstraints	(	const char_t *	subjectName,
		const X509CertInfo *	certInfo
	)

Check name constraints.

Parameters

[in]	subjectName	Subject name to be verified
[in]	certInfo	Pointer to the CA certificate

Returns: Error code

Definition at line 258 of file x509_cert_validate.c.

◆ x509CheckSubjectName()

error_t x509CheckSubjectName	(	const X509CertInfo *	certInfo,
		const char_t *	fqdn
	)

Check whether the certificate matches the specified FQDN.

Parameters

[in]	certInfo	Pointer to the X.509 certificate
[in]	fqdn	NULL-terminated string that contains the fully-qualified domain name

Returns: Error code

Definition at line 149 of file x509_cert_validate.c.

◆ x509CompareIpAddr()

bool_t x509CompareIpAddr	(	const uint8_t *	ipAddr,
		size_t	ipAddrLen,
		const char_t *	str
	)

Check whether the IP address matches the specified string.

Parameters

[in]	ipAddr	Binary representation of the IP address
[in]	ipAddrLen	Length of the IP address, in bytes
[in]	str	NULL-terminated string representing an IP address

Returns: TRUE if the IP address matches the specified string, else FALSE

Definition at line 583 of file x509_cert_validate.c.

◆ x509CompareName()

bool_t x509CompareName	(	const uint8_t *	name1,
		size_t	nameLen1,
		const uint8_t *	name2,
		size_t	nameLen2
	)

Compare distinguished names.

Parameters

[in]	name1	Pointer to the first distinguished name
[in]	nameLen1	Length of the first distinguished name
[in]	name2	Pointer to the second distinguished name
[in]	nameLen2	Length of the second distinguished name

Returns: Comparison result

Definition at line 430 of file x509_cert_validate.c.

◆ x509CompareSubjectName()

bool_t x509CompareSubjectName	(	const char_t *	subjectName,
		size_t	subjectNameLen,
		const char_t *	fqdn
	)

Check whether the subject name matches the specified FQDN.

Parameters

[in]	subjectName	Subject name
[in]	subjectNameLen	Length of the subject name
[in]	fqdn	NULL-terminated string that contains the fully-qualified domain name

Returns: TRUE if the subject name matches the specified FQDN, else FALSE

Definition at line 454 of file x509_cert_validate.c.

◆ x509CompareSubtree()

bool_t x509CompareSubtree	(	const char_t *	subjectName,
		const char_t *	subtree,
		size_t	subtreeLen
	)

Compare a subject name against the specified subtree.

Parameters

[in]	subjectName	NULL-terminated string that contains the subject name
[in]	subtree	Pointer to the subtree
[in]	subtreeLen	Length of the subtree

Returns: Comparison result

Definition at line 527 of file x509_cert_validate.c.

◆ x509ParseIpv4Addr()

error_t x509ParseIpv4Addr	(	const char_t *	str,
		uint8_t *	ipAddr
	)

Convert a dot-decimal string to a binary IPv4 address.

Parameters

[in]	str	NULL-terminated string representing the IPv4 address
[out]	ipAddr	Binary representation of the IPv4 address

Returns: Error code

Definition at line 641 of file x509_cert_validate.c.

◆ x509ParseIpv6Addr()

error_t x509ParseIpv6Addr	(	const char_t *	str,
		uint8_t *	ipAddr
	)

Convert a string representation of an IPv6 address to a binary IPv6 address.

Parameters

[in]	str	NULL-terminated string representing the IPv6 address
[out]	ipAddr	Binary representation of the IPv6 address

Returns: Error code

Definition at line 728 of file x509_cert_validate.c.

◆ x509ValidateCertificate()

error_t x509ValidateCertificate	(	const X509CertInfo *	certInfo,
		const X509CertInfo *	issuerCertInfo,
		uint_t	pathLen
	)

X.509 certificate validation.

Parameters

[in]	certInfo	X.509 certificate to be verified
[in]	issuerCertInfo	Issuer's certificate
[in]	pathLen	Certificate path length

Returns: Error code

Definition at line 54 of file x509_cert_validate.c.

Macros

Functions

Detailed Description

License

Macro Definition Documentation

◆ TRACE_LEVEL

Function Documentation

◆ x509CheckNameConstraints()

◆ x509CheckSubjectName()

◆ x509CompareIpAddr()

◆ x509CompareName()

◆ x509CompareSubjectName()

◆ x509CompareSubtree()

◆ x509ParseIpv4Addr()

◆ x509ParseIpv6Addr()

◆ x509ValidateCertificate()