TrustCore SDK NanoCrypto API reference  version 7.0
cert_chain.h
Go to the documentation of this file.
1 /*
2  * cert_chain.h
3  *
4  * Copyright 2019-2024 DigiCert, Inc. All Rights Reserved.
5  * Proprietary and Confidential Material.
6  */
7 
17 #ifndef __CERT_CHAIN_HEADER__
18 #define __CERT_CHAIN_HEADER__
19 
20 #ifdef __cplusplus
21 extern "C" {
22 #endif
23 
24 struct certChain;
25 typedef struct certChain* certChainPtr;
26 
27 struct certStore;
28 struct TimeDate;
29 struct AsymmetricKey;
30 
35 typedef struct ValidationConfig
36 {
41  struct certStore* pCertStore;
42 
47  const ubyte* anchorCert;
48 
53  ubyte4 anchorCertLen;
54 
59  const struct TimeDate *td;
60 
65  const sbyte* commonName;
66 
71  ubyte2 keyUsage;
72 
79  const ubyte** extendedKeyUsage;
80 
81 } ValidationConfig;
82 
83 
84 /* Note (1): param can be null */
85 
86 
87 /* build a certificate chain from an SSL Certificate message
88  pSSLCertificateMsg starts at the CertificateChainLength field
89  and the sslCertificateMsgLen is the value of the medium after the
90  message type (11) */
91 
92 MOC_EXTERN MSTATUS
93 CERTCHAIN_getCertificateExtensions(certChainPtr pCertChain,
94  ubyte4 index,
95  ubyte **ppCertExts,
96  ubyte4 *pCertExtLen);
97 
98 MOC_EXTERN MSTATUS
99 CERTCHAIN_getCertificateExtensionsCertStatus(certChainPtr pCertChain,
100  ubyte4 index,
101  ubyte **ppOcspExt,
102  ubyte4 *pOcspExtLen);
103 
121 MOC_EXTERN MSTATUS CERTCHAIN_createFromSSLRecord(MOC_ASYM(hwAccelDescr hwAccelCtx)
122  certChainPtr* ppNewCertChain,
123  const ubyte* pSSLCertificateMsg,
124  ubyte4 sslCertificateMsgLen);
125 
126 MOC_EXTERN MSTATUS CERTCHAIN_createFromSSLRecordEx(MOC_ASYM(hwAccelDescr hwAccelCtx)
127  certChainPtr* ppNewCertChain,
128  const ubyte* pSSLCertificateMsg,
129  ubyte4 sslCertificateMsgLen,
130  ubyte sslMinorVersion);
131 
132 #ifdef __ENABLE_MOCANA_CV_CERT__
133 
151 MOC_EXTERN MSTATUS CERTCHAIN_CVC_createFromSSLRecordEx(MOC_ASYM(hwAccelDescr hwAccelCtx)
152  certChainPtr* ppNewCertChain,
153  const ubyte* pSSLCertificateMsg,
154  ubyte4 sslCertificateMsgLen,
155  ubyte sslMinorVersion,
156  byteBoolean *pIsCvc);
157 #endif
158 
159 #if (defined(__ENABLE_MOCANA_SSH_CLIENT__) || defined(__ENABLE_MOCANA_SSH_SERVER__))
160 
161 typedef MSTATUS (*funcPtrWalkStr)(const ubyte *, ubyte4, ubyte4 *);
162 
182 MOC_EXTERN MSTATUS CERTCHAIN_createFromSSHEx(MOC_ASYM(hwAccelDescr hwAccelCtx)
183  certChainPtr* ppNewCertChain,
184  const ubyte* pSSHCertChainBuf,
185  ubyte4 sshCertChainBufLen,
186  ubyte4 *pBufIndex,
187  funcPtrWalkStr walkStrFunc);
188 
189 
190 #ifndef __DISABLE_MOCANA_CERT_CHAIN_SSH_DEP__
191 
209 MOC_EXTERN MSTATUS CERTCHAIN_createFromSSH(MOC_ASYM(hwAccelDescr hwAccelCtx)
210  certChainPtr* ppNewCertChain,
211  const ubyte* pSSHCertChainBuf,
212  ubyte4 sshCertChainBufLen,
213  ubyte4 *pBufIndex);
214 #endif /* __DISABLE_MOCANA_CERT_CHAIN_SSH_DEP__ */
215 #endif /* (defined(__ENABLE_MOCANA_SSH_CLIENT__) || defined(__ENABLE_MOCANA_SSH_SERVER__)) */
216 
217 struct certDescriptor;
218 
234 MOC_EXTERN MSTATUS CERTCHAIN_createFromIKE(MOC_ASYM(hwAccelDescr hwAccelCtx)
235  certChainPtr* ppNewCertChain,
236  struct certDescriptor certiDesc[],
237  ubyte4 numCertDesc);
238 
239 #ifdef __ENABLE_MOCANA_CV_CERT__
240 
256 MOC_EXTERN MSTATUS CERTCHAIN_createFromCVC(MOC_ASYM(hwAccelDescr hwAccelCtx)
257  certChainPtr* ppNewCertChain,
258  struct certDescriptor certiDesc[],
259  ubyte4 numCertDesc);
260 
261 #endif
262 
274 MOC_EXTERN MSTATUS CERTCHAIN_numberOfCertificates(certChainPtr pCertChain,
275  ubyte4* numCerts);
276 
277 /* get certificate in the chain, 0 == leaf, last = chain root */
278 
294 MOC_EXTERN MSTATUS CERTCHAIN_getCertificate(certChainPtr pCertChain,
295  ubyte4 indexInChain,
296  const ubyte** certDerData,
297  ubyte4* certDerDataLen);
313 MOC_EXTERN MSTATUS CERTCHAIN_getKey(MOC_ASYM(hwAccelDescr hwAccelCtx)
314  certChainPtr pCertChain,
315  ubyte4 indexInChain,
316  struct AsymmetricKey* pubKey);
317 
318 #ifdef __ENABLE_MOCANA_CERTIFICATE_SEARCH_SUPPORT__
319 
335 MOC_EXTERN MSTATUS CERTCHAIN_getRSASigAlgo(certChainPtr pCertChain,
336  ubyte4 indexInChain,
337  ubyte *sigAlgo);
338 #endif
339 
352 MOC_EXTERN MSTATUS CERTCHAIN_isComplete(certChainPtr pCertChain,
353  intBoolean* complete);
354 
355 #if !defined(__DISABLE_MOCANA_CERTIFICATE_PARSING__)
356 
378 MOC_EXTERN MSTATUS CERTCHAIN_validate(MOC_ASYM(hwAccelDescr hwAccelCtx)
379  certChainPtr pCertChain,
380  ValidationConfig* validationConfig);
381 
382 #ifdef __ENABLE_MOCANA_CV_CERT__
383 
405 MOC_EXTERN MSTATUS CERTCHAIN_CVC_validate(MOC_ASYM(hwAccelDescr hwAccelCtx)
406  certChainPtr pCertChain,
407  ValidationConfig* validationConfig);
408 
409 #endif
410 
436 MOC_EXTERN MSTATUS CERTCHAIN_validateAll(MOC_ASYM(hwAccelDescr hwAccelCtx)
437  ubyte *pCertArr, sbyte4 certArrLen, ValidationConfig *pConfig,
438  certChainPtr *ppRetChain);
439 #endif
440 
451 MOC_EXTERN MSTATUS CERTCHAIN_delete( certChainPtr* ppCertChain);
452 
453 #ifdef __cplusplus
454 }
455 #endif
456 
457 #endif /* __CERT_CHAIN_HEADER__ */
ValidationConfig::anchorCertLen
ubyte4 anchorCertLen
Found anchor length in certstore if any.
Definition: cert_chain.h:53
CERTCHAIN_delete
MOC_EXTERN MSTATUS CERTCHAIN_delete(certChainPtr *ppCertChain)
Deletes a certificate chain and alll memory allocated within it.
CERTCHAIN_validateAll
MOC_EXTERN MSTATUS CERTCHAIN_validateAll(MOC_ASYM(hwAccelDescr hwAccelCtx) ubyte *pCertArr, sbyte4 certArrLen, ValidationConfig *pConfig, certChainPtr *ppRetChain)
Validates an array of certificates with respect to a validation configuration.
CERTCHAIN_getCertificate
MOC_EXTERN MSTATUS CERTCHAIN_getCertificate(certChainPtr pCertChain, ubyte4 indexInChain, const ubyte **certDerData, ubyte4 *certDerDataLen)
Gets a certificate from a chain.
ValidationConfig::keyUsage
ubyte2 keyUsage
Bits (0-8) that must be set if KeyUsage is present.
Definition: cert_chain.h:71
CERTCHAIN_createFromSSLRecord
MOC_EXTERN MSTATUS CERTCHAIN_createFromSSLRecord(MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, const ubyte *pSSLCertificateMsg, ubyte4 sslCertificateMsgLen)
Build a certificate chain from an SSL Certificate message.
ValidationConfig::td
const struct TimeDate * td
Time to use for validation.
Definition: cert_chain.h:59
CERTCHAIN_getKey
MOC_EXTERN MSTATUS CERTCHAIN_getKey(MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr pCertChain, ubyte4 indexInChain, struct AsymmetricKey *pubKey)
Gets the public key of a certificate from a chain.
ValidationConfig::anchorCert
const ubyte * anchorCert
Found anchor in cert store if any.
Definition: cert_chain.h:47
ValidationConfig::pCertStore
struct certStore * pCertStore
Cert store to use for trust points.
Definition: cert_chain.h:41
CERTCHAIN_createFromSSH
MOC_EXTERN MSTATUS CERTCHAIN_createFromSSH(MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, const ubyte *pSSHCertChainBuf, ubyte4 sshCertChainBufLen, ubyte4 *pBufIndex)
Build a certificate chain from an SSH Certificate chain buffer.
certDescriptor
Certificate context (information required to manage a DER-encoded X.509 certificate).
Definition: ca_mgmt.h:181
CERTCHAIN_CVC_validate
MOC_EXTERN MSTATUS CERTCHAIN_CVC_validate(MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr pCertChain, ValidationConfig *validationConfig)
Validates a CV certificate chain with respect to a validation configuration.
ValidationConfig::extendedKeyUsage
const ubyte ** extendedKeyUsage
NULL terminated array of OIDs that must be present in the certificate extended key usage if present...
Definition: cert_chain.h:79
CERTCHAIN_getRSASigAlgo
MOC_EXTERN MSTATUS CERTCHAIN_getRSASigAlgo(certChainPtr pCertChain, ubyte4 indexInChain, ubyte *sigAlgo)
Gets the RSA hash algorithm in a certificate from a chain.
CERTCHAIN_createFromSSHEx
MOC_EXTERN MSTATUS CERTCHAIN_createFromSSHEx(MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, const ubyte *pSSHCertChainBuf, ubyte4 sshCertChainBufLen, ubyte4 *pBufIndex, funcPtrWalkStr walkStrFunc)
Build a certificate chain from an SSH Certificate chain buffer.
CERTCHAIN_numberOfCertificates
MOC_EXTERN MSTATUS CERTCHAIN_numberOfCertificates(certChainPtr pCertChain, ubyte4 *numCerts)
Gets the number of certificates in a chain.
CERTCHAIN_isComplete
MOC_EXTERN MSTATUS CERTCHAIN_isComplete(certChainPtr pCertChain, intBoolean *complete)
Checks whether the last certificate in the chain is a self-signed certificate.
ValidationConfig::commonName
const sbyte * commonName
Common name.
Definition: cert_chain.h:65
CERTCHAIN_createFromIKE
MOC_EXTERN MSTATUS CERTCHAIN_createFromIKE(MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, struct certDescriptor certiDesc[], ubyte4 numCertDesc)
Build a certificate chain from a certificate descriptor.
CERTCHAIN_CVC_createFromSSLRecordEx
MOC_EXTERN MSTATUS CERTCHAIN_CVC_createFromSSLRecordEx(MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, const ubyte *pSSLCertificateMsg, ubyte4 sslCertificateMsgLen, ubyte sslMinorVersion, byteBoolean *pIsCvc)
Build a certificate chain from an SSL Certificate message.
CERTCHAIN_createFromCVC
MOC_EXTERN MSTATUS CERTCHAIN_createFromCVC(MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr *ppNewCertChain, struct certDescriptor certiDesc[], ubyte4 numCertDesc)
Build a certificate chain from a certificate descriptor containing CV certs.
CERTCHAIN_validate
MOC_EXTERN MSTATUS CERTCHAIN_validate(MOC_ASYM(hwAccelDescr hwAccelCtx) certChainPtr pCertChain, ValidationConfig *validationConfig)
Validates a certificate chain with respect to a validation configuration.
ValidationConfig
Validation configuration structure.
Definition: cert_chain.h:35