2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief This is part of C api for ValidationCore.
22 #ifndef _CERTSVC_CCERT_H_
23 #define _CERTSVC_CCERT_H_
27 #include <cert-svc/cinstance.h>
28 #include <cert-svc/cstring.h>
34 typedef struct CertSvcCertificate_t {
35 size_t privateHandler;
36 CertSvcInstance privateInstance;
39 typedef struct CertSvcCertificateList_t {
40 size_t privateHandler;
41 CertSvcInstance privateInstance;
42 } CertSvcCertificateList;
44 #define MAX_STORE_ENUMS 5
45 typedef enum certImportType_t {
50 SYSTEM_STORE = 1 << 3,
51 ALL_STORE = VPN_STORE | WIFI_STORE | EMAIL_STORE | SYSTEM_STORE
54 typedef enum certStatus_t {
59 typedef struct CertSvcStoreCertList_t{
60 char *gname; // keyfile group name
61 char *title; // common Name / Alias provided by the user
63 CertStoreType storeType;
64 struct CertSvcStoreCertList_t *next;
65 }CertSvcStoreCertList;
67 typedef enum certType_t {
69 P12_END_USER = 1 << 1,
70 P12_INTERMEDIATE = 1 << 2,
73 INVALID_DATA = 1 << 5,
76 typedef enum CertSvcCertificateForm_t {
77 /* CERTSVC_FORM_PEM, */
79 CERTSVC_FORM_DER_BASE64
80 } CertSvcCertificateForm;
82 typedef enum CertSvcCertificateField_t {
84 CERTSVC_SUBJECT_COMMON_NAME,
85 CERTSVC_SUBJECT_COUNTRY_NAME,
86 CERTSVC_SUBJECT_STATE_NAME,
87 CERTSVC_SUBJECT_ORGANIZATION_NAME,
88 CERTSVC_SUBJECT_ORGANIZATION_UNIT_NAME,
89 CERTSVC_SUBJECT_EMAIL_ADDRESS,
91 CERTSVC_ISSUER_COMMON_NAME,
92 CERTSVC_ISSUER_COUNTRY_NAME,
93 CERTSVC_ISSUER_STATE_NAME,
94 CERTSVC_ISSUER_ORGANIZATION_NAME,
95 CERTSVC_ISSUER_ORGANIZATION_UNIT_NAME,
97 CERTSVC_SERIAL_NUMBER,
100 CERTSVC_SIGNATURE_ALGORITHM
101 } CertSvcCertificateField;
103 typedef enum CertSvcVisibility_t {
104 CERTSVC_VISIBILITY_DEVELOPER = 1,
105 CERTSVC_VISIBILITY_TEST = 1 << 1,
106 CERTSVC_VISIBILITY_PUBLIC = 1 << 6,
107 CERTSVC_VISIBILITY_PARTNER = 1 << 7,
108 CERTSVC_VISIBILITY_PARTNER_OPERATOR = 1 << 8,
109 CERTSVC_VISIBILITY_PARTNER_MANUFACTURER = 1 << 9,
110 CERTSVC_VISIBILITY_PLATFORM = 1 << 10
114 * This function will return certificate for the unique name identifier passed (gname).
116 * @param[in] instance CertSvcInstance object.
117 * @param[in] storeType Refers to the store (WIFI_STORE, VPN_STORE, EMAIL_STORE, SSL_STORE).
118 * @oaran[in] gname Refers to the unique name identifier associated for the certificate.
119 * @param[out] certificate Certificate for the gname passed.
120 * @return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
122 int certsvc_get_certificate(CertSvcInstance instance,
123 CertStoreType storeType,
125 CertSvcCertificate *certificate);
128 * Read certificate from file. Certificate must be in PEM/CER/DER format.
130 * @param[in] instance CertSvcInstance object.
131 * @param[in] location Path to file with certificate file.
132 * @param[out] certificate Certificate id assigned to loaded certificate.
133 * @return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
135 int certsvc_certificate_new_from_file(CertSvcInstance instance,
136 const char *location,
137 CertSvcCertificate *certificate);
140 * Read certificate stored in memory.
142 * @param[in] instance CertSvcInstance object.
143 * @param[in] memory Pointer to memory with certificate data.
144 * @param[in] len Size of certificate.
145 * @param[in] form Certificate format.
146 * @param[out] certificate Certificate id assigned to loaded certificate.
147 * @return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL
149 int certsvc_certificate_new_from_memory(CertSvcInstance instance,
150 const unsigned char *memory,
152 CertSvcCertificateForm form,
153 CertSvcCertificate *certificate);
156 * Free structures connected with certificate.
158 * @param[in] certificate Certificate id.
160 void certsvc_certificate_free(CertSvcCertificate certificate);
163 * Save certificate to file. It saves certificate in DER format.
165 * @param[in] certificate Certificate id.
166 * @param[in] location Path to file.
167 * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
169 int certsvc_certificate_save_file(CertSvcCertificate certificate, const char *location);
172 * Search certificate with specific data. Result is stored in CertSvcInstance.
173 * This function will erase all preverious results stored in CertSvcInstance but
174 * it will not erase any CertSvcCertificate.
176 * You can search by fields: CERTSVC_SUBJECT, CERTSVC_ISSUER, CERTSVC_SUBJECT_COMMON_NAME
178 * @param[in] instance CertSvcInstance object.
179 * @param[in] field Certificate filed name.
180 * @param[in] value Value to search for.
181 * @param[out] handler Handler to search result.
182 * @return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
184 int certsvc_certificate_search(CertSvcInstance instance,
185 CertSvcCertificateField field,
187 CertSvcCertificateList *handler);
190 * This function will return certificate id founded by certsvc_certificate_search.
191 * You can call this function multiple times to get all results.
193 * @param[in] hadler Hander to search results.
194 * @param[in] position
195 * @param[out] certificate Certficate id.
196 * @return CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT
198 int certsvc_certificate_list_get_one(CertSvcCertificateList handler,
200 CertSvcCertificate *certificate);
203 * Return number of elements on the list.
205 * @param[in] handler Handler to certifiacte list.
206 * @param[out] length Size of list.
207 * @return CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT
209 int certsvc_certificate_list_get_length(CertSvcCertificateList handler,
213 * This function will free list. It will not free certificates on the list.
214 * You may free each certificate with certsvc_certificate_free.
216 * @param[in] handler Handler to search result.
218 void certsvc_certificate_list_free(CertSvcCertificateList handler);
221 * This function will free list. It will free all certificates on the list.
222 * You should ""NOT"" free each certificate with certsvc_certificate_free.
224 * @param[in] handler Handler to search result.
226 void certsvc_certificate_list_all_free(CertSvcCertificateList handler);
229 * Compare parent certificate subject with child issuer field.
233 * @param[out] status CERTSVC_TRUE if "signer" was used to sign "child" certificate in other cases it will return CERTSVC_FALSE.
234 * @return CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT
236 int certsvc_certificate_is_signed_by(CertSvcCertificate child,
237 CertSvcCertificate parent,
241 * Extract specific data from certificate. Data in buffer could be free
242 * by certsvc_free_string function or by
243 * certsvc_instance_free or vcore_instance_reset.
245 * @param[in] certificate Certificate id.
246 * @param[in] field Type of data to extract.
247 * @param[out] buffer Extracted data.
248 * return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL
250 int certsvc_certificate_get_string_field(CertSvcCertificate certificate,
251 CertSvcCertificateField field,
252 CertSvcString *buffer);
255 * Extract NOT AFTER data from certificate.
257 * @param[in] certificate Certificate id.
258 * @param[out] result date
259 * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
261 int certsvc_certificate_get_not_after(CertSvcCertificate certificate, time_t *result);
264 * Extract NOT AFTER data from certificate.
266 * @param[in] certificate Certificate id.
267 * @param[out] result date
268 * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
270 int certsvc_certificate_get_not_before(CertSvcCertificate certificate, time_t *result);
273 * Check certificate. This fuction compares SUBJECT and ISSUER fields.
274 * TODO: This fuction should also check ROOTCA field in certificate.
276 * @param[in] certificate Certificate id.
277 * @param[out] status CERTSVC_TRUE or CERTSVC_FALSE
278 * @return CERTSVC_SUCCESS, CERTSVC_WRONG_ARGUMENT
280 int certsvc_certificate_is_root_ca(CertSvcCertificate certificate, int *status);
283 * Sort certificates chain. This fuction modifies certificate_array.
285 * If function success:
286 * * certificate array will contain end entity certificate as first element
287 * * last element on the certificate_array will contain Root CA certificate or
288 * CA certificate (if Root CA is not present).
290 * @param[in/out] certificate_array
291 * @param[in] size Size of certificate_array
292 * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT, CERTSVC_BAD_ALLOC
294 int certsvc_certificate_chain_sort(CertSvcCertificate *unsortedChain, size_t size);
297 * Base64 string will be connected with same instance as message.
298 * You can free base64 string with certsvc_string_free (or certsvc_instance_reset).
300 * @param[in] message Buffer with input data.
301 * @param[out] base64 Buffer with output data.
302 * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
304 int certsvc_base64_encode(CertSvcString message, CertSvcString *base64);
307 * Message string will be connected with same certsvc instance as base64.
308 * You can free base64 string with certsvc_string_free (or certsvc_instance_reset).
310 * @param[in] base64 Buffer with input data.
311 * @param[out] message Buffer with output data.
312 * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
314 int certsvc_base64_decode(CertSvcString base64, CertSvcString *message);
317 * Use certificate to verify message.
319 * @param[in] certificate
321 * @param[in] algorithm May be set to NULL.
322 * @param[out] status Will be set only if function return CERTSVC_SUCCESS.
323 * It could be set to: CERTSVC_SUCCESS, CERTSVC_INVALID_SIGNATURE
324 * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_ALGORITHM
326 int certsvc_message_verify(
327 CertSvcCertificate certificate,
328 CertSvcString message,
329 CertSvcString signature,
330 const char *algorithm,
334 * This function will create full chain and verify in.
336 * First argument of function will be treatet as endentity certificate.
338 * This function will success if root CA certificate is stored in
341 * @param[in] certificate Certificate to verify.
342 * @param[in] trusted Array with trusted certificates.
343 * @param[in] trustedSize Number of trusted certificates in array.
344 * @param[in] untrusted Array with untrusted certificates.
345 * @param[in] untrustedSize Number of untrusted certificate in array.
346 * @param[out] status Will be set only if function return CERTSVC_SUCCESS.
347 * It could be set to: CERTSVC_SUCCESS, CERTSVC_FAIL
348 * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
350 int certsvc_certificate_verify(
351 CertSvcCertificate certificate,
352 const CertSvcCertificate *trusted,
354 const CertSvcCertificate *untrusted,
355 size_t untrustedSize,
359 * This function will create full chain and verify in.
360 * And this function checks the CA Flag strictly.
362 * First argument of function will be treatet as endentity certificate.
364 * This function will success if root CA certificate is stored in
367 * @param[in] certificate Certificate to verify.
368 * @param[in] trusted Array with trusted certificates.
369 * @param[in] trustedSize Number of trusted certificates in array.
370 * @param[in] untrusted Array with untrusted certificates.
371 * @param[in] untrustedSize Number of untrusted certificate in array.
372 * @param[out] status Will be set only if function return CERTSVC_SUCCESS.
373 * It could be set to: CERTSVC_SUCCESS, CERTSVC_FAIL
374 * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT
376 int certsvc_certificate_verify_with_caflag(
377 CertSvcCertificate certificate,
378 const CertSvcCertificate *trusted,
380 const CertSvcCertificate *untrusted,
381 size_t untrustedSize,
385 * This function returns visibility of input certificate.
387 * @param[in] The root certificate to check visibility.
388 * @param[out] Visibility level
389 * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR
392 int certsvc_certificate_get_visibility(CertSvcCertificate certificate, CertSvcVisibility *visibility);