1 /******************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
20 ******************************************************************/
23 #ifndef INCLUDE_MASTER_CRL_ENCODER_H_
24 #define INCLUDE_MASTER_CRL_ENCODER_H_
30 #include "CertificateRevocationList.h" /* CertificateList ASN.1 type */
32 #include "pki_errors.h"
34 // Minimal memory allocated for DER encoded CRL
35 #define CRL_MIN_SIZE 250 //minimal size of CRL (issuer info + signature)
37 #define CRL_MAX_NAME_SIZE 100 //maximal length of CRL issuer field
40 * Encode certificate revocation list with specified parameters.
42 * @param[in] issuerName pointer to issuer's common name
43 * @param[in] thisUpdateTime pointer to time of issuing CRL
44 * @param[in] nuberOfRevoked number of revoked certificates
45 * @param[in] certificateRevocationInfo array with certificate revocation info
46 * @param[in] issuerPrivateKey pointer to issuer's private key to sign CRL
47 * @param[out] encodedCRL pointer to allocated memory for DER encoded certificate revocation list
48 * ( (CRL_MIN_SIZE + nuberOfRevoked * (sizeof(CertificateRevocationInfo_t) + 4)) bytes
49 * should be allocated)
50 * @return PKI_SUCCESS if success, error code otherwise
52 PKIError GenerateCRL (const UTF8String_t *issuerName,
53 const UTCTime_t *thisUpdateTime, const uint32_t nuberOfRevoked,
54 const CertificateRevocationInfo_t *certificateRevocationInfo,
55 const BIT_STRING_t *issuerPrivateKey, ByteArray *encodedCRL);
58 * Sign certificate revocation list.
60 * @param[in] certificateRevocationList pointer to CRL for signing
61 * @param[in] crlMaxSize max size of DER encoded CRL
62 * @param[in] issuerPrivateKey pointer to issuer private key
63 * @param[out] encodedCRL pointer to allocated memory for DER encoded certificate revocation list
64 * crlMaxSize bytes should be allocated)
65 * @return PKI_SUCCESS if success, error code otherwise
67 PKIError SignCRL(CertificateRevocationList_t *certificateRevocationList,
68 const uint32_t crlMaxSize, const BIT_STRING_t *issuerPrivateKey,
69 ByteArray *encodedCRL);
75 #endif /* INCLUDE_MASTER_CRL_ENCODER_H_ */