x509_cert_validate.c File Reference

X.509 certificate validation. More...

Go to the source code of this file.

Macros

#define TRACE_LEVEL   CRYPTO_TRACE_LEVEL
 

Functions

error_t x509ValidateCertificate (const X509CertInfo *certInfo, const X509CertInfo *issuerCertInfo, uint_t pathLen)
 X.509 certificate validation. More...
 
error_t x509CheckSubjectName (const X509CertInfo *certInfo, const char_t *fqdn)
 Check whether the certificate matches the specified FQDN. More...
 
error_t x509CheckNameConstraints (const char_t *subjectName, const X509CertInfo *certInfo)
 Check name constraints. More...
 
bool_t x509CompareName (const uint8_t *name1, size_t nameLen1, const uint8_t *name2, size_t nameLen2)
 Compare distinguished names. More...
 
bool_t x509CompareSubjectName (const char_t *subjectName, size_t subjectNameLen, const char_t *fqdn)
 Check whether the subject name matches the specified FQDN. More...
 
bool_t x509CompareSubtree (const char_t *subjectName, const char_t *subtree, size_t subtreeLen)
 Compare a subject name against the specified subtree. More...
 
bool_t x509CompareIpAddr (const uint8_t *ipAddr, size_t ipAddrLen, const char_t *str)
 Check whether the IP address matches the specified string. More...
 
error_t x509ParseIpv4Addr (const char_t *str, uint8_t *ipAddr)
 Convert a dot-decimal string to a binary IPv4 address. More...
 
error_t x509ParseIpv6Addr (const char_t *str, uint8_t *ipAddr)
 Convert a string representation of an IPv6 address to a binary IPv6 address. More...
 

Detailed Description

X.509 certificate validation.

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneCRYPTO Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.4.4

Definition in file x509_cert_validate.c.

Macro Definition Documentation

◆ TRACE_LEVEL

#define TRACE_LEVEL   CRYPTO_TRACE_LEVEL

Definition at line 32 of file x509_cert_validate.c.

Function Documentation

◆ x509CheckNameConstraints()

error_t x509CheckNameConstraints ( const char_t subjectName,
const X509CertInfo certInfo 
)

Check name constraints.

Parameters
[in]subjectNameSubject name to be verified
[in]certInfoPointer to the CA certificate
Returns
Error code

Definition at line 258 of file x509_cert_validate.c.

◆ x509CheckSubjectName()

error_t x509CheckSubjectName ( const X509CertInfo certInfo,
const char_t fqdn 
)

Check whether the certificate matches the specified FQDN.

Parameters
[in]certInfoPointer to the X.509 certificate
[in]fqdnNULL-terminated string that contains the fully-qualified domain name
Returns
Error code

Definition at line 149 of file x509_cert_validate.c.

◆ x509CompareIpAddr()

bool_t x509CompareIpAddr ( const uint8_t *  ipAddr,
size_t  ipAddrLen,
const char_t str 
)

Check whether the IP address matches the specified string.

Parameters
[in]ipAddrBinary representation of the IP address
[in]ipAddrLenLength of the IP address, in bytes
[in]strNULL-terminated string representing an IP address
Returns
TRUE if the IP address matches the specified string, else FALSE

Definition at line 583 of file x509_cert_validate.c.

◆ x509CompareName()

bool_t x509CompareName ( const uint8_t *  name1,
size_t  nameLen1,
const uint8_t *  name2,
size_t  nameLen2 
)

Compare distinguished names.

Parameters
[in]name1Pointer to the first distinguished name
[in]nameLen1Length of the first distinguished name
[in]name2Pointer to the second distinguished name
[in]nameLen2Length of the second distinguished name
Returns
Comparison result

Definition at line 430 of file x509_cert_validate.c.

◆ x509CompareSubjectName()

bool_t x509CompareSubjectName ( const char_t subjectName,
size_t  subjectNameLen,
const char_t fqdn 
)

Check whether the subject name matches the specified FQDN.

Parameters
[in]subjectNameSubject name
[in]subjectNameLenLength of the subject name
[in]fqdnNULL-terminated string that contains the fully-qualified domain name
Returns
TRUE if the subject name matches the specified FQDN, else FALSE

Definition at line 454 of file x509_cert_validate.c.

◆ x509CompareSubtree()

bool_t x509CompareSubtree ( const char_t subjectName,
const char_t subtree,
size_t  subtreeLen 
)

Compare a subject name against the specified subtree.

Parameters
[in]subjectNameNULL-terminated string that contains the subject name
[in]subtreePointer to the subtree
[in]subtreeLenLength of the subtree
Returns
Comparison result

Definition at line 527 of file x509_cert_validate.c.

◆ x509ParseIpv4Addr()

error_t x509ParseIpv4Addr ( const char_t str,
uint8_t *  ipAddr 
)

Convert a dot-decimal string to a binary IPv4 address.

Parameters
[in]strNULL-terminated string representing the IPv4 address
[out]ipAddrBinary representation of the IPv4 address
Returns
Error code

Definition at line 641 of file x509_cert_validate.c.

◆ x509ParseIpv6Addr()

error_t x509ParseIpv6Addr ( const char_t str,
uint8_t *  ipAddr 
)

Convert a string representation of an IPv6 address to a binary IPv6 address.

Parameters
[in]strNULL-terminated string representing the IPv6 address
[out]ipAddrBinary representation of the IPv6 address
Returns
Error code

Definition at line 728 of file x509_cert_validate.c.

◆ x509ValidateCertificate()

error_t x509ValidateCertificate ( const X509CertInfo certInfo,
const X509CertInfo issuerCertInfo,
uint_t  pathLen 
)

X.509 certificate validation.

Parameters
[in]certInfoX.509 certificate to be verified
[in]issuerCertInfoIssuer's certificate
[in]pathLenCertificate path length
Returns
Error code

Definition at line 54 of file x509_cert_validate.c.