1 /******************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
19 ******************************************************************/
21 #ifndef INCLUDE_MASTER_ISSUER_H_
22 #define INCLUDE_MASTER_ISSUER_H_
24 #include "byte_array.h"
25 #include "cert_generator.h"
27 #include "csr_generator.h"
29 #include "crl_generator.h"
30 #include "pki_errors.h"
37 #define ISSUER_DEFAULT_CA_NAME "CA_name"
38 #define ISSUER_DEFAULT_SUBJECT_NAME "Subj_name"
39 #define ISSUER_DEFAULT_NOT_BEFORE "130101000000Z"
40 #define ISSUER_DEFAULT_NOT_AFTER "490101000000Z"
41 #define ISSUER_DEFAULT_THIS_UPDATE "150601000000Z"
44 * Set serial number for next certificate and save it in the CA storage.
46 * Used by CKMSetCAInfo()
48 * @param[in] serNum certificate serial number to be set
49 * @return PKI_SUCCESS if success, error code otherwise
51 PKIError SetSerialNumber (const long serNum);
54 * Set CA common name and save it in the CA storage.
56 * Used by CKMSetCAInfo()
58 * @param[in] rootName CA common name to be set
59 * @return PKI_SUCCESS if success, error code otherwise
61 PKIError SetRootName (const ByteArray rootName);
64 * Set CA info and save it in the CA storage.
66 * Should be called before certificate generation
68 * @param[in] serNum certificate serial number to be set
69 * @param[in] rootName CA common name to be set
70 * @return PKI_SUCCESS if success, error code otherwise
72 PKIError CKMSetCAInfo (const long serNum, const ByteArray rootName);
75 * Generate key pair for CA.
77 * Should be called before certificate generation
79 * @param[out] caPrivateKey pointer to allocated ByteArray for CA private key
80 * @param[out] caPublicKey pointer to allocated ByteArray for CA public key
81 * @return PKI_SUCCESS if success, error code otherwise
83 PKIError GenerateCAKeyPair (ByteArray *caPrivateKey, ByteArray *caPublicKey);
86 * Issues X.509 certificate with specified parameters.
88 * SetSerialNumber, SetRootName and GenerateCAKeyPair should be called before.
90 * @param[in] uint8NotBefore pointer to string with certificate validity limit
91 * or 0 to use default value
92 * @param[in] uint8NotAfter pointer to string with certificate validity limit
93 * or 0 to use default value
94 * @param[out] issuedCertificate pointer to allocated memory for DER encoded certificate
95 * (ISSUER_MAX_CERT_SIZE bytes should be allocated)
96 * @return PKI_SUCCESS if success, error code otherwise
98 PKIError CKMIssueRootCertificate (const uint8_t *uint8NotBefore, const uint8_t *uint8NotAfter,
99 ByteArray *issuedRootCertificate);
102 * Generate key pair for ordinary device.
104 * @param[out] privateKey pointer to allocated ByteArray for private key
105 * @param[out] publicKey pointer to allocated ByteArray for public key
106 * @return PKI_SUCCESS if success, error code otherwise
108 PKIError GenerateKeyPair (ByteArray *privateKey, ByteArray *publicKey);
111 * Issues X.509 certificate with specified parameters.
113 * SetSerialNumber, SetRootName and GenerateCAKeyPair should be called before.
115 * @param[in] uint8SubjectName pointer to string with serial subject's common name
116 * or 0 to use default value
117 * @param[in] uint8NotBefore pointer to string with certificate validity limit
118 * or 0 to use default value
119 * @param[in] uint8NotAfter pointer to string with certificate validity limit
120 * or 0 to use default value
121 * @param[in] uint8SubjectPublicKey pointer to array with subject's public key to be signed
122 * @param[out] issuedCertificate pointer to allocated memory for DER encoded certificate
123 * (ISSUER_MAX_CERT_SIZE bytes should be allocated)
124 * @return PKI_SUCCESS if success, error code otherwise
126 PKIError CKMIssueDeviceCertificate (const uint8_t *uint8SubjectName,
127 const uint8_t *uint8NotBefore, const uint8_t *uint8NotAfter,
128 const uint8_t *uint8SubjectPublicKey,
129 ByteArray *issuedCertificate);
132 * Write certificate into specified file.
134 * @param[in] certificate pointer to DER-encoded certificate that should be written into the file
135 * @param[in] certFileName pointer to null-terminated string with file name
136 * @return PKI_SUCCESS if success, error code otherwise
138 PKIError GenerateDERCertificateFile (const ByteArray *certificate, const char *certFileName);
141 * Issues certificate signing request with specified parameters.
143 * @param[in] uint8SubjectName pointer to string with serial subject's common name
144 * or 0 to use default value
145 * @param[in] uint8SubjectPublicKey pointer to array with subject's public key to be signed
146 * @param[in] uint8SubjectPrivateKey pointer to array with subject's private key to be signed
147 * @param[out] encodedCSR pointer to allocated memory for DER encoded certificate signing request
148 * (CSR_MAX_SIZE bytes should be allocated)
149 * @return PKI_SUCCESS if success, error code otherwise
151 PKIError GenerateCSR (const uint8_t *uint8SubjectName,
152 const uint8_t *uint8SubjectPublicKey,
153 const uint8_t *uint8SubjectPrivateKey,
154 ByteArray *encodedCSR);
157 * Issues X.509 certificate based on certificate signing request.
159 * @param[in] encodedCSR pointer to array with DER encoded certificate signing request
160 * @param[out] issuedCertificate pointer to allocated memory for DER encoded certificate
161 * (MAX_CERT_SIZE bytes should be allocated)
162 * @return PKI_SUCCESS if success, error code otherwise
164 PKIError GenerateCertificateByCSR (const ByteArray *encodedCSR, ByteArray *issuedCertificate);
167 * Generate certificate revocation list with specified parameters.
169 * @param[in] thisUpdateTime pointer to time of issuing CRL or 0 to use default
170 * @param[in] nuberOfRevoked number of revoked certificates
171 * @param[in] revokedNumbers array with numbers of revoked certificates
172 * @param[in] revocationDates
173 * @param[out] encodedCRL pointer to allocated memory for DER encoded certificate revocation list
174 * ( (CRL_MIN_SIZE + nuberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4)) bytes
175 * should be allocated)
176 * @return PKI_SUCCESS if success, error code otherwise
178 PKIError CKMIssueCRL (const uint8_t *uint8ThisUpdateTime, const uint32_t nuberOfRevoked,
179 const uint32_t *revokedNumbers, const uint8_t **revocationDates,
180 ByteArray *encodedCRL);
183 * Gets current certificate revocation list.
185 * @param[out] certificateRevocationList pointer to the certificate revocation list to get
186 * (Memory should be allocated before call)
187 * @return PKI_SUCCESS if success, error code otherwise
189 PKIError CKMGetCRL (ByteArray *certificateRevocationList);
192 * Add specified certificate into certificate revocation list.
194 * @param[in] thisUpdateTime pointer to time of issuing CRL or 0 to use default
195 * @param[in] revokedNumber number of certificate to revoke
196 * @param[out] encodedCRL pointer to allocated memory for DER encoded certificate revocation list
197 * ( (CRL_MIN_SIZE + number of ALL revoked certificates *
198 * (sizeof(CertificateRevocationInfo_t) + 4)) bytes should be allocated)
199 * @return PKI_SUCCESS if success, error code otherwise
201 PKIError CKMRevocateCertificate (const uint8_t *uint8ThisUpdateTime, const long revokedNumber,
202 ByteArray *encodedCRL);
208 #endif /* INCLUDE_MASTER_ISSUER_H_ */