TrustCore SDK NanoCert API reference  version 7.0
parsecert.h
Go to the documentation of this file.
1 /*
2  * parsecert.h
3  *
4  * X.509v3 Certificate Parser
5  *
6  * Copyright 2019-2024 DigiCert, Inc. All Rights Reserved.
7  * Proprietary and Confidential Material.
8  *
9  */
23 #ifndef __PARSECERT_HEADER__
24 #define __PARSECERT_HEADER__
25 
26 #ifdef __ENABLE_MOCANA_CV_CERT__
27 #include "../crypto/cvcert.h"
28 #endif
29 
30 #ifdef __cplusplus
31 extern "C" {
32 #endif
33 
34 /*------------------------------------------------------------------*/
35 
36 /* bits used for Key Usage extensions */
37 enum
38 {
39  digitalSignature = 0,
40  nonRepudiation = 1,
41  keyEncipherment = 2,
42  dataEncipherment = 3,
43  keyAgreement = 4,
44  keyCertSign = 5,
45  cRLSign = 6,
46  encipherOnly = 7,
47  decipherOnly = 8
48 };
49 
50 struct RSAKey;
51 #if (defined(__ENABLE_MOCANA_ECC__))
52 struct ECCKey;
53 #endif
54 #if (defined(__ENABLE_MOCANA_DSA__))
55 struct DSAKey;
56 #endif
57 
58 struct ASN1_ITEM;
59 struct AsymmetricKey;
60 struct CNMatchInfo;
61 struct certDistinguishedName;
62 
63 
64 /* callback function used for enumeration -- should return !=OK to stop
65 the enumeration */
66 typedef MSTATUS (*EnumCallbackFun)( struct ASN1_ITEM* pItem, CStream cs, void* userArg);
67 
68 /* exported routines */
69 MOC_EXTERN MSTATUS
70 X509_decryptRSASignatureBuffer(MOC_RSA(hwAccelDescr hwAccelCtx)
71  struct RSAKey* pRSAKey,
72  const ubyte* pSignature, ubyte4 signatureLen,
73  ubyte hash[/*CERT_MAXDIGESTSIZE*/], sbyte4 *pHashLen,
74  ubyte4* rsaAlgoIdSubType);
75 
76 #if (defined(__ENABLE_MOCANA_CRYPTO_INTERFACE__))
77 MOC_EXTERN MSTATUS
78 X509_decryptRSASignatureBufferEx(MOC_RSA(hwAccelDescr hwAccelCtx)
79  struct RSAKey* pRSAKey,
80  const ubyte* pSignature, ubyte4 signatureLen,
81  ubyte hash[/*CERT_MAXDIGESTSIZE*/], sbyte4 *pHashLen,
82  ubyte4* rsaAlgoIdSubType, ubyte4 keyType);
83 #endif
84 
85 MOC_EXTERN MSTATUS
86 X509_extractRSAKey(MOC_RSA(hwAccelDescr hwAccelCtx)
87  struct ASN1_ITEM* pSubjectKeyInfo, CStream s,
88  struct AsymmetricKey* pKey);
89 
90 #if (defined(__ENABLE_MOCANA_DSA__))
91 MOC_EXTERN MSTATUS
92 X509_verifyDSASignature(MOC_DSA(hwAccelDescr hwAccelCtx)
93  struct ASN1_ITEM* pSequenceSignature, CStream s,
94  struct DSAKey* pECCKey,
95  sbyte4 computedHashLen, const ubyte computedHash[/*computedHashLen*/]);
96 MOC_EXTERN MSTATUS
97 X509_extractDSAKey(MOC_DSA(hwAccelDescr hwAccelCtx)
98  struct ASN1_ITEM* pSubjectKeyInfo, CStream s,
99  struct AsymmetricKey* pKey);
100 #endif
101 
102 #if (defined(__ENABLE_MOCANA_ECC__))
103 #if (defined(__ENABLE_MOCANA_CRYPTO_INTERFACE__))
104 MOC_EXTERN MSTATUS
105 X509_verifyECDSASignatureEx( MOC_ECC(hwAccelDescr hwAccelCtx) struct ASN1_ITEM* pSequenceSignature, CStream s,
106  struct ECCKey* pECCKey,
107  sbyte4 computedHashLen,
108  const ubyte computedHash[/*computedHashLen*/],
109  ubyte4 keyType);
110 #endif /*__ENABLE_MOCANA_CRYPTO_INTERFACE__*/
111 
112 MOC_EXTERN MSTATUS
113 X509_verifyECDSASignature( MOC_ECC(hwAccelDescr hwAccelCtx) struct ASN1_ITEM* pSequenceSignature, CStream s,
114  struct ECCKey* pECCKey,
115  sbyte4 computedHashLen,
116  const ubyte computedHash[/*computedHashLen*/]);
117 MOC_EXTERN MSTATUS
118 X509_extractECCKey( MOC_ECC(hwAccelDescr hwAccelCtx) struct ASN1_ITEM* pSubjectKeyInfo, CStream s,
119  struct AsymmetricKey* pKey);
120 
121 #if defined(__ENABLE_MOCANA_ECC_EDDSA_25519__) || defined(__ENABLE_MOCANA_ECC_EDDSA_448__)
122 MOC_EXTERN MSTATUS
123 X509_extractECCEdKey( MOC_ECC(hwAccelDescr hwAccelCtx) struct ASN1_ITEM* pSubjectKeyInfo, CStream s,
124  struct AsymmetricKey* pKey);
125 #endif
126 
127 #ifdef __ENABLE_MOCANA_QS__
128 MOC_EXTERN MSTATUS
129 X509_extractHybridKey(struct ASN1_ITEM* pSubjectKeyInfo, CStream s, struct AsymmetricKey* pKey);
130 #endif
131 #endif /* __ENABLE_MOCANA_ECC__ */
132 
133 MOC_EXTERN MSTATUS
134 X509_setKeyFromSubjectPublicKeyInfo(MOC_ASYM(hwAccelDescr hwAccelCtx)
135  struct ASN1_ITEM* pCertificate, CStream s,
136  struct AsymmetricKey* pPubKey);
137 
138 
139 MOC_EXTERN MSTATUS
140 X509_compSubjectCommonName(struct ASN1_ITEM* pCertificate, CStream s,
141  const sbyte* nameToMatch);
142 
143 MOC_EXTERN MSTATUS
144 X509_compSubjectAltNames(struct ASN1_ITEM* pCertificate, CStream s,
145  const sbyte* nameToMatch, ubyte4 tagMask);
146 
147 MOC_EXTERN MSTATUS
148 X509_compSubjectAltNamesEx( struct ASN1_ITEM* pCertificate, CStream s,
149  const struct CNMatchInfo* namesToMatch,
150  ubyte4 tagMask);
151 
152 #if (defined(__ENABLE_MOCANA_MULTIPLE_COMMON_NAMES__))
153 MOC_EXTERN MSTATUS
154 X509_compSubjectCommonNameEx(struct ASN1_ITEM* pCertificate, CStream s,
155  const struct CNMatchInfo* namesToMatch);
156 #endif
157 
158 MOC_EXTERN MSTATUS
159 X509_matchName( struct ASN1_ITEM* pCertificate, CStream s,
160  const sbyte* nameToMatch);
161 
162 MOC_EXTERN MSTATUS
163 X509_verifyValidityTime(struct ASN1_ITEM* pCertificate, CStream s, const TimeDate* td);
164 
165 MOC_EXTERN MSTATUS
166 X509_computeBufferHash(MOC_HASH(hwAccelDescr hwAccelCtx) ubyte* buffer,
167  ubyte4 bytesToHash,
168  ubyte hash[/*CERT_MAXDIGESTSIZE*/], sbyte4* hashSize,
169  ubyte4 hashType);
170 
171 MOC_EXTERN MSTATUS
172 X509_getCertificateKeyUsage(struct ASN1_ITEM* pCertificate, CStream s,
173  struct ASN1_ITEM** ppKeyUsage);
174 
243 MOC_EXTERN MSTATUS
244 X509_getCertificateKeyUsageValue(struct ASN1_ITEM* pCertificate, CStream s,
245  ubyte2* pValue);
246 
247 MOC_EXTERN MSTATUS
248 X509_canSignChain(struct ASN1_ITEM* pCertificate, CStream s, sbyte4 chainLength);
249 
250 /* this function will validate the link between the two certificates --
251  no time validation is performed, just the fact that parent is authorized to
252  sign and that the signature is correct */
253 MOC_EXTERN MSTATUS
254 X509_validateLink(MOC_ASYM(hwAccelDescr hwAccelCtx)
255  struct ASN1_ITEM* pCertificate, CStream pCertStream,
256  struct ASN1_ITEM* pParentCertificate, CStream pParentCertStream,
257  sbyte4 chainLength);
258 
259 
260 MOC_EXTERN MSTATUS
261 X509_extractDistinguishedNames(struct ASN1_ITEM* pCertificate, CStream s,
262  intBoolean isSubject,
263  struct certDistinguishedName *pRetDN);
264 
265 MOC_EXTERN MSTATUS
266 X509_extractDistinguishedNamesFromName(struct ASN1_ITEM* pName, CStream s,
267  struct certDistinguishedName *pRetDN);
268 
300 MOC_EXTERN MSTATUS
301 X509_extractDistinguishedNamesBuffer(ASN1_ITEMPTR pNameItem, CStream cs,
302  ubyte **ppBuffer, ubyte4 *pBufferLen);
303 
304 MOC_EXTERN MSTATUS
305 X509_extractVersion(struct ASN1_ITEM* pCertificate, sbyte4 *pRetVersion);
306 
307 MOC_EXTERN MSTATUS
308 X509_getSubjectCommonName( struct ASN1_ITEM* pCertificate, CStream s,
309  struct ASN1_ITEM** ppCommonNameItem);
310 
311 
312 MOC_EXTERN MSTATUS
313 X509_getSubjectEntryByOID( struct ASN1_ITEM* pCertificate, CStream s,
314  const ubyte* oid, struct ASN1_ITEM** ppEntryItem);
315 
316 MOC_EXTERN MSTATUS
317 X509_getEntryByOID( ASN1_ITEMPTR pInputItem, CStream s,
318  const ubyte* oid, ASN1_ITEMPTR *ppEntryItem);
319 
320 MOC_EXTERN MSTATUS
321 X509_checkCertificateIssuer(struct ASN1_ITEM* pParentCertificate,
322  CStream pParentCertStream,
323  struct ASN1_ITEM* pCertificate,
324  CStream pCertStream);
325 
326 MOC_EXTERN MSTATUS
327 X509_getCertTime( struct ASN1_ITEM* pTime, CStream s, TimeDate* pGMTTime);
328 
329 MOC_EXTERN MSTATUS
330 X509_verifySignature( MOC_ASYM(hwAccelDescr hwAccelCtx) struct ASN1_ITEM* pCertOrCRL,
331  CStream cs, struct AsymmetricKey *pIsuerPubKey);
332 
333 MOC_EXTERN MSTATUS
334 X509_extractValidityTime(struct ASN1_ITEM* pCertificate, CStream s,
335  struct certDistinguishedName *pRetDN);
336 MOC_EXTERN MSTATUS
337 X509_getValidityTime(struct ASN1_ITEM* pCertificate,
338  struct ASN1_ITEM** pRetStart, struct ASN1_ITEM** pRetEnd);
339 
340 
341 MOC_EXTERN MSTATUS
342 X509_rawVerifyOID(struct ASN1_ITEM* pCertificate, CStream s,
343  const ubyte *pOidItem, const ubyte *pOidValue,
344  intBoolean *pIsPresent);
345 
346 MOC_EXTERN MSTATUS
347 X509_extractSerialNum(struct ASN1_ITEM* pCertificate, CStream s,
348  ubyte** ppRetSerialNum, ubyte4 *pRetSerialNumLength);
349 
350 /* use this function to go through all the crlDistributionPoints -- pCurrItem is the current item -- it should be NULL
351 in the first call or to reset the enumeration; the function will return ERR_FALSE if there not any more items */
352 MOC_EXTERN MSTATUS
353 X509_enumerateCRL( struct ASN1_ITEM* pCertificate, CStream s,
354  EnumCallbackFun ecf, void* userArg);
355 
356 MOC_EXTERN MSTATUS
357 X509_enumerateAltName( struct ASN1_ITEM* pCertificate, CStream s, sbyte4 isSubject,
358  EnumCallbackFun ecf, void* userArg);
359 
360 MOC_EXTERN MSTATUS
361 X509_checkCertificateIssuerSerialNumber(struct ASN1_ITEM* pIssuer,
362  struct ASN1_ITEM* pSerialNumber,
363  CStream pIssuerStream,
364  struct ASN1_ITEM* pCertificate,
365  CStream pCertStream);
366 
367 MOC_EXTERN MSTATUS
368 X509_getCertificateIssuerSerialNumber( struct ASN1_ITEM* pCertificate,
369  struct ASN1_ITEM** ppIssuer,
370  struct ASN1_ITEM** ppSerialNumber);
371 
372 MOC_EXTERN MSTATUS
373 X509_getCertificateSubject( struct ASN1_ITEM* pCertificate, struct ASN1_ITEM** ppSubject);
374 
375 MOC_EXTERN MSTATUS
376 X509_getRSASignatureAlgo( struct ASN1_ITEM* pCertificate, CStream certStream,
377  ubyte* signAlgo);
378 
379 MOC_EXTERN MSTATUS
380 X509_isRootCertificate(struct ASN1_ITEM* pCertificate, CStream s);
381 
382 #ifdef __ENABLE_MOCANA_EXTRACT_CERT_BLOB__
383 MOC_EXTERN MSTATUS
384 X509_extractDistinguishedNamesBlob(struct ASN1_ITEM* pCertificate,
385  CStream s,
386  intBoolean isSubject,
387  ubyte **ppRetDistinguishedName,
388  ubyte4 *pRetDistinguishedNameLen);
389 #endif
390 
391 MOC_EXTERN MSTATUS
392 X509_getCertExtension( struct ASN1_ITEM* pExtensionsSeq, CStream s,
393  const ubyte* whichOID, intBoolean* critical,
394  struct ASN1_ITEM** ppExtension);
395 
462 MOC_EXTERN MSTATUS
463 X509_getCertificateExtensions(struct ASN1_ITEM* pCertificate,
464  struct ASN1_ITEM** ppExtensions);
465 
466 MOC_EXTERN MSTATUS
467 X509_getCertSignAlgoType(struct ASN1_ITEM* pSignAlgoId, CStream s,
468  ubyte4* hashType, ubyte4* pubKeyType);
469 
470 MOC_EXTERN MSTATUS
471 X509_getCertSignAlgoTypeEx(struct ASN1_ITEM* pSignAlgoId, CStream s,
472  ubyte4* hashType, ubyte4* pubKeyType, ubyte4* curveType, ubyte4 *pQsAlg);
473 
474 MOC_EXTERN MSTATUS
475 X509_getSignatureItem(struct ASN1_ITEM* pCertificate, CStream s,
476  struct ASN1_ITEM** ppSignature);
477 
478 MOC_EXTERN void
479 X509_convertTime(TimeDate *pTime, ubyte *pOutputTime);
480 
481 #ifdef __ENABLE_MOCANA_CV_CERT__
482 MOC_EXTERN MSTATUS
483 PARSE_CV_CERT_checkCertificateIssuer(CV_CERT *pCertificate,
484  CV_CERT *pParentCertificate);
485 
486 MOC_EXTERN MSTATUS
487 PARSE_CV_CERT_validateLink(MOC_ASYM(hwAccelDescr hwAccelCtx)
488  CV_CERT *pCertificate,
489  CV_CERT *pParentCertificate);
490 MOC_EXTERN MSTATUS
491 PARSE_CV_CERT_verifySignature(MOC_ASYM(hwAccelDescr hwAccelCtx)
492  CV_CERT *pCertificate,
493  CV_CERT *pParentCertificate);
494 
495 MOC_EXTERN MSTATUS
496 PARSE_CV_CERT_verifyValidityTime(CV_CERT* pCert, const TimeDate* currTime);
497 #endif
498 
499 #ifdef __cplusplus
500 }
501 #endif
502 
503 #endif /* __PARSECERT_HEADER__ */
CNMatchInfo
Definition: ca_mgmt.h:646
certDistinguishedName
Distinguished name data (names and start/end dates) to support certificate generation.
Definition: ca_mgmt.h:424
X509_getCertificateKeyUsageValue
MOC_EXTERN MSTATUS X509_getCertificateKeyUsageValue(struct ASN1_ITEM *pCertificate, CStream s, ubyte2 *pValue)
Return the value of the Key Usage extension.
X509_getCertificateExtensions
MOC_EXTERN MSTATUS X509_getCertificateExtensions(struct ASN1_ITEM *pCertificate, struct ASN1_ITEM **ppExtensions)
Get the ASN1_ITEMPTR that contains the extensions.
X509_extractDistinguishedNamesBuffer
MOC_EXTERN MSTATUS X509_extractDistinguishedNamesBuffer(ASN1_ITEMPTR pNameItem, CStream cs, ubyte **ppBuffer, ubyte4 *pBufferLen)
Extract the distinguished name components as a comma separated buffer.