1 /******************************************************************
3 * Copyright 2015 Samsung Electronics All Rights Reserved.
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * LICENSE-2.0" target="_blank">http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
20 ******************************************************************/
30 #include "byte_array.h"
31 #include "pki_errors.h"
32 #include "crypto_adapter.h"
36 * Maximal number of certificates in trust chain.
38 #define MAX_CHAIN_LEN (3)
41 * Maximal length of the TLS certificate message.
43 #define MAX_CERT_MESSAGE_LEN (2048)
47 * Prints Certificate to console.
49 * @param crt - pointer to Certificate structure
50 * @return PKI_SUCCESS if success, error code otherwise
52 PKIError PrintCertificate(const CertificateX509 *const crt);
56 * Checks certificate validity period.
58 * @param dateFrom - array with not before field
59 * @param dateTo - array with not after field
60 * @return PKI_SUCCESS if valid, error code otherwise
62 PKIError CheckValidity(ByteArray dateFrom, ByteArray dateTo);
65 * Checks certificate date and sign.
67 * @param[in] certDerCode - Byte array with DER encoded certificate
68 * @param[in] caPublicKey - CA public key
69 * @return 0 if successful
71 PKIError CheckCertificate(ByteArray certDerCode, ByteArray caPublicKey);
74 * Parses each certificates from list.
76 * @param[in] chainDerCode Array of DER encoded certificates
77 * @param[out] chainCrt Array of parsed certificates
78 * @param[in] chainLen Lengths of array
79 * @returns PKI_SUCCESS if no error is occurred
81 PKIError ParseCertificateChain (ByteArray *chainDerCode, CertificateX509 *chainCrt,
85 * Loads certificates in DER format from TLS message to array.
87 * @param[in] msg TLS message with certificate's chain
88 * @param[out] chain Array of DER encoded certificates
89 * @param[out] chainLen Lengths of array
90 * @returns PKI_SUCCESS if no error is occurred
92 PKIError LoadCertificateChain (ByteArray msg, ByteArray *chain, uint8_t *chainLength);
95 * Checks the signature of each certificate in chain.
97 * @param[in] chainCrt Chain of certificates structures
98 * @param[in] chainLen Number of certificates in the chain
99 * @param[in] caPubKey Public key which sign the last certificate from chain
100 * @returns PKI_SUCCESS if no error is occurred
102 PKIError CheckCertificateChain (CertificateX509 *chainCrt, uint8_t chainLen, ByteArray caPubKey);