1 /******************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
20 ******************************************************************/
23 #ifndef INCLUDE_CA_STORAGE_H_
24 #define INCLUDE_CA_STORAGE_H_
26 #include "byte_array.h"
28 #include "pki_errors.h"
34 #define CA_STORAGE_FILE "ckminfo.dat"
35 #define CA_STORAGE_CRT_FILE "crt.der"
36 #define ISSUER_MAX_NAME_SIZE (100)
37 #define PRIVATE_KEY_SIZE (32)
38 #define PUBLIC_KEY_SIZE (64)
39 #define ISSUER_MAX_CERT_SIZE (1000)
41 * Certificate Authority storage
43 typedef struct /*CA private key, CA certificate, other CA-related info*/
45 uint8_t CKMInfoIsLoaded;
47 uint8_t CAPrivateKeyIsSet;
48 uint8_t CAPrivateKey[PRIVATE_KEY_SIZE];
50 uint8_t CAPublicKeyIsSet;
51 uint8_t CAPublicKey[PUBLIC_KEY_SIZE];
53 uint8_t CAChainLength;
55 ByteArray *CACertificateChain;
58 uint8_t CAName[ISSUER_MAX_NAME_SIZE];
60 long nextSerialNumber;
67 typedef struct /*CA private key, CA certificate, certificate revocation/white list*/
70 uint8_t *certificateRevocationList;//should be allocated dynamically
76 * Initializes CA storage from CA_STORAGE_FILE.
78 * @return PKI_SUCCESS if success, error code otherwise
80 PKIError InitCKMInfo(void);
83 * Saves CA storage into CA_STORAGE_FILE.
85 * @return PKI_SUCCESS if success, error code otherwise
87 PKIError SaveCKMInfo(void);
90 * Frees CA storage memory.
92 * @return PKI_SUCCESS if success, error code otherwise
94 PKIError CloseCKMInfo(void);
99 * @param[in] nextSN pointer to the next serial number to set
100 * or 0 to skip this parameter
101 * @param[in] CRLSerialNumber pointer to the next CRL serial number to set
102 * or 0 to skip this parameter
103 * @param[in] CAPrivateKey pointer to the CA's private key to set
104 * or 0 to skip this parameter
105 * @param[in] CAPublicKey pointer to the CA's public key to set
106 * or 0 to skip this parameter
107 * @param[in] CAName pointer to the CA's common name to set
108 * or 0 to skip this parameter
109 * @return PKI_SUCCESS if success, error code otherwise
111 PKIError SetCKMInfo (const long *nextSN, const long *CRLSerialNumber,
112 const ByteArray *CAPrivateKey, const ByteArray *CAPublicKey,
113 const ByteArray *CAName);
118 * @param[out] nextSN pointer to the next serial number to get
119 * (Memory should be allocated before call)
120 * or 0 to skip this parameter
121 * @param[out] CRLSerialNumber pointer to the next CRL serial number to get
122 * (Memory should be allocated before call)
123 * or 0 to skip this parameter
124 * @param[out] CAPrivateKey pointer to the CA's private key to get
125 * (PRIVATE_KEY_SIZE bytes should be allocated before call)
126 * or 0 to skip this parameter
127 * @param[out] CAPublicKey pointer to the CA's public key to get
128 * (PUBLIC_KEY_SIZE bytes should be allocated before call)
129 * or 0 to skip this parameter
130 * @param[out] CAName pointer to the CA's common name to get
131 * (ISSUER_MAX_NAME_SIZE bytes should be allocated before call)
132 * or 0 to skip this parameter
133 * @return PKI_SUCCESS if success, error code otherwise
135 PKIError GetCKMInfo (long *nextSN, long *CRLSerialNumber,
136 ByteArray *CAPrivateKey, ByteArray *CAPublicKey,
140 * Sets CA's private key.
142 * @param[in] CAPrivateKey pointer to the CA's private key to set
143 * @return PKI_SUCCESS if success, error code otherwise
145 PKIError SetCAPrivateKey (const ByteArray *CAPrivateKey);
148 * Gets CA's private key.
150 * @param[out] CAPrivateKey pointer to the CA's private key to get
151 * (PRIVATE_KEY_SIZE bytes should be allocated before call)
152 * @return PKI_SUCCESS if success, error code otherwise
154 PKIError GetCAPrivateKey (ByteArray *CAPrivateKey);
157 * Sets CA's public key.
159 * @param[in] CAPublicKey pointer to the CA's public key to set
160 * @return PKI_SUCCESS if success, error code otherwise
162 PKIError SetCAPublicKey (const ByteArray *CAPublicKey);
165 * Gets CA's public key.
167 * @param[out] CAPublicKey pointer to the CA's public key to get
168 * (PUBLIC_KEY_SIZE bytes should be allocated before call)
169 * @return PKI_SUCCESS if success, error code otherwise
171 PKIError GetCAPublicKey (ByteArray *CAPublicKey);
174 * Sets CA's common name.
176 * @param[in] CAName pointer to the CA's common name to set
177 * @return PKI_SUCCESS if success, error code otherwise
179 PKIError SetCAName (const ByteArray *CAName);
182 * Gets CA's common name.
184 * @param[out] CAName pointer to the CA's common name to get
185 * (ISSUER_MAX_NAME_SIZE bytes should be allocated before call)
186 * @return PKI_SUCCESS if success, error code otherwise
188 PKIError GetCAName (ByteArray *CAName);
190 //Certificate-related functions
193 * Initializes CA Certificate from CA_STORAGE_CRT_FILE.
195 * @return PKI_SUCCESS if success, error code otherwise
197 PKIError InitCRT(void);
200 * Saves CA Certificate into CA_STORAGE_CRT_FILE.
202 * @return PKI_SUCCESS if success, error code otherwise
204 PKIError SaveCRT(void);
207 * Sets next serial number for certificate issuer.
209 * @param[in] nextSN pointer to the next serial number to set
210 * @return PKI_SUCCESS if success, error code otherwise
212 PKIError SetNextSerialNumber (const long *nextSN);
215 * Gets next serial number for certificate issuer.
217 * @param[out] nextSN pointer to the next serial number to get
218 * (Memory should be allocated before call)
219 * @return PKI_SUCCESS if success, error code otherwise
221 PKIError GetNextSerialNumber (long *nextSN);
224 * Sets DER encoded CA's certificate chain.
226 * @param[in] CAChain pointer to the CA's certificate to set
227 * @return PKI_SUCCESS if success, error code otherwise
229 PKIError SetCAChain (const uint8_t CAChainLength, const ByteArray *CAChain);
232 * Gets DER encoded CA's certificate chain.
234 * @param[out] CAChain pointer to allocated memory to get the CA's certificate chain
235 * (ISSUER_MAX_CHAIN_SIZE bytes should be allocated before call)
236 * @return PKI_SUCCESS if success, error code otherwise
238 PKIError GetCAChain (uint8_t* CAChainLength, ByteArray *CAChain);
241 * Sets DER encoded CA's certificate.
243 * @param[in] CACertificate pointer to the CA's certificate to set
244 * @return PKI_SUCCESS if success, error code otherwise
246 PKIError SetCACertificate (const ByteArray *CACertificate);
249 * Gets DER encoded CA's certificate.
251 * @param[out] CACertificate pointer to the CA's certificate to get
252 * (ISSUER_MAX_CERT_SIZE bytes should be allocated before call)
253 * @return PKI_SUCCESS if success, error code otherwise
255 PKIError GetCACertificate (ByteArray *CACertificate);
257 //CRL-related functions
260 * Initializes CRL from CA_STORAGE_CRL_FILE.
262 * @return PKI_SUCCESS if success, error code otherwise
264 PKIError InitCRL(void);
267 * Saves CRL into CA_STORAGE_CRL_FILE.
269 * @return PKI_SUCCESS if success, error code otherwise
271 PKIError SaveCRL(void);
274 * Sets next CRL serial number for certificate issuer.
276 * @param[in] CRLSerialNumber pointer to the next CRL serial number to set
277 * @return PKI_SUCCESS if success, error code otherwise
279 PKIError SetCRLSerialNumber (const long *CRLSerialNumber);
282 * Gets next CRL serial number for certificate issuer.
284 * @param[out] CRLSerialNumber pointer to the next CRL serial number to get
285 * (Memory should be allocated before call)
286 * @return PKI_SUCCESS if success, error code otherwise
288 PKIError GetCRLSerialNumber (long *CRLSerialNumber);
291 * Sets current certificate revocation list.
293 * @param[in] certificateRevocationList pointer to the certificate revocation list to set
294 * @return PKI_SUCCESS if success, error code otherwise
296 PKIError SetCertificateRevocationList (const ByteArray *certificateRevocationList);
299 * Gets current certificate revocation list.
301 * @param[out] certificateRevocationList pointer to the certificate revocation list to get
302 * (Memory should be allocated before call)
303 * @return PKI_SUCCESS if success, error code otherwise
305 PKIError GetCertificateRevocationList (ByteArray *certificateRevocationList);
308 * Sets number of revoked certificates.
310 * @param[in] numberOfRevoked pointer to number of revoked certificates to set
311 * @return PKI_SUCCESS if success, error code otherwise
313 PKIError SetNumberOfRevoked (const long *numberOfRevoked);
316 * Gets number of revoked certificates.
318 * @param[out] numberOfRevoked pointer to number of revoked certificates to get
319 * (Memory should be allocated before call)
320 * @return PKI_SUCCESS if success, error code otherwise
322 PKIError GetNumberOfRevoked (long *numberOfRevoked);
328 #endif /* INCLUDE_CA_STORAGE_H_ */