andy/phs_v1.0.1.0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

提交 #1

Browse Source
This commit is contained in:
andy
2024-09-27 19:16:49 +08:00
commit 49d0cea04d
10000 changed files with 1616312 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
base/security/certificate_framework/interfaces/innerkits/certificate/cert_chain_validator.h Normal file
View File

@@ -0,0 +1,58 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_CERT_CHAIN_VALIDATOR_H
#define CF_CERT_CHAIN_VALIDATOR_H
#include <stddef.h>
#include <stdint.h>
#include "cf_blob.h"
#include "cf_object_base.h"
#include "cf_result.h"
typedef struct HcfCertChainValidator HcfCertChainValidator;
typedef struct {
/* data format: len-value-len-value..., size of len is 2 bytes. */
uint8_t *data;
uint32_t dataLen;
uint8_t count;
enum CfEncodingFormat format;
} HcfCertChainData;
struct HcfCertChainValidator {
struct CfObjectBase base;
/** verify the cert chain. */
CfResult (*validate)(HcfCertChainValidator *self, const HcfCertChainData *certChainData);
/** Get algorithm name. */
const char *(*getAlgorithm)(HcfCertChainValidator *self);
};
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Generate cert chain validator instance.
*/
CfResult HcfCertChainValidatorCreate(const char *algorithm, HcfCertChainValidator **pathValidator);
#ifdef __cplusplus
}
#endif
#endif // CF_CERT_CHAIN_VALIDATOR_H

39
base/security/certificate_framework/interfaces/innerkits/certificate/certificate.h Normal file
View File

@@ -0,0 +1,39 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_CERTIFICATE_H
#define CF_CERTIFICATE_H
#include "cf_blob.h"
#include "cf_object_base.h"
#include "pub_key.h"
#include "cf_result.h"
typedef struct HcfCertificate HcfCertificate;
struct HcfCertificate {
struct CfObjectBase base;
/** Verify that this certificate corresponding to the specified public key. */
CfResult (*verify)(HcfCertificate *self, HcfPubKey *key);
/** Get the serialized cert data.*/
CfResult (*getEncoded)(HcfCertificate *self, CfEncodingBlob *encodedByte);
/** Get the public key from this certificate. */
CfResult (*getPublicKey)(HcfCertificate *self, HcfPubKey **keyOut);
};
#endif // CF_CERTIFICATE_H

36
base/security/certificate_framework/interfaces/innerkits/certificate/crl.h Normal file
View File

@@ -0,0 +1,36 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_CRL_H
#define CF_CRL_H
#include <stdbool.h>
#include "certificate.h"
typedef struct HcfCrl HcfCrl;
struct HcfCrl {
/** HcfCrl inherit CfObjectBase. */
struct CfObjectBase base;
/** Check if the given certificate is on this CRL. */
bool (*isRevoked)(HcfCrl *self, const HcfCertificate *cert);
/** Returns the type of this CRL. */
const char *(*getType)(HcfCrl *self);
};
#endif // CF_CRL_H

99
base/security/certificate_framework/interfaces/innerkits/certificate/x509_certificate.h Normal file
View File

@@ -0,0 +1,99 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_X509_CERTIFICATE_H
#define CF_X509_CERTIFICATE_H
#include "certificate.h"
#include "cf_blob.h"
#include "cf_result.h"
typedef struct HcfX509Certificate HcfX509Certificate;
struct HcfX509Certificate {
/** HcfCX509Certificate inherit HcfCertificate. */
HcfCertificate base;
/** Check whether the certificate is valid at the given time.
* time format YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ
*/
CfResult (*checkValidityWithDate)(HcfX509Certificate *self, const char *date);
/** Get version number from certificate. */
long (*getVersion)(HcfX509Certificate *self);
/** Get serial number from certificate. */
CfResult (*getSerialNumber)(HcfX509Certificate *self, CfBlob *out);
/** Get issuer distinguished name from certificate. */
CfResult (*getIssuerName)(HcfX509Certificate *self, CfBlob *out);
/** Get subject distinguished name from certificate. */
CfResult (*getSubjectName)(HcfX509Certificate *self, CfBlob *out);
/** Get the not before time within the validity period of the certificate.
* time format YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ
*/
CfResult (*getNotBeforeTime)(HcfX509Certificate *self, CfBlob *outDate);
/** Get the not after time within the validity period of the certificate.
* time format YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ
*/
CfResult (*getNotAfterTime)(HcfX509Certificate *self, CfBlob *outDate);
/** Get signature value from certificate. */
CfResult (*getSignature)(HcfX509Certificate *self, CfBlob *sigOut);
/** Get signature algorithm name from certificate. */
CfResult (*getSignatureAlgName)(HcfX509Certificate *self, CfBlob *outName);
/** Get signature algorithm oid from certificate. */
CfResult (*getSignatureAlgOid)(HcfX509Certificate *self, CfBlob *out);
/** Get the DER encoded signature algorithm parameters from the signature algorithm of the certificate. */
CfResult (*getSignatureAlgParams)(HcfX509Certificate *self, CfBlob *sigAlgParamsOut);
/** Get a Boolean array representing the bits of keyuse extension.
* The key usage extension defines the purpose of the key. */
CfResult (*getKeyUsage)(HcfX509Certificate *self, CfBlob *boolArr);
/** Get a const string list that represents the object identifier of the extkeyusage. */
CfResult (*getExtKeyUsage)(HcfX509Certificate *self, CfArray *keyUsageOut);
/** Get the path length of the certificate constraint from the key extensions(BasicConstraints).
* The BasicConstraints identify whether the issuer of the certificate is CA and the depth of the cert chain.
* Only when CA is set to true, pathLenConstraint is meaningful.
*/
int32_t (*getBasicConstraints)(HcfX509Certificate *self);
/** Get subject alternative name from certificate. */
CfResult (*getSubjectAltNames)(HcfX509Certificate *self, CfArray *outName);
/** Get issuer alternative name from certificate. */
CfResult (*getIssuerAltNames)(HcfX509Certificate *self, CfArray *outName);
};
#ifdef __cplusplus
extern "C" {
#endif
CfResult HcfX509CertificateCreate(const CfEncodingBlob *inStream, HcfX509Certificate **returnObj);
#ifdef __cplusplus
}
#endif
#endif // CF_X509_CERTIFICATE_H

85
base/security/certificate_framework/interfaces/innerkits/certificate/x509_crl.h Normal file
View File

@@ -0,0 +1,85 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_X509CRL_H
#define CF_X509CRL_H
#include "cf_blob.h"
#include "crl.h"
#include "pub_key.h"
#include "x509_certificate.h"
#include "x509_crl_entry.h"
typedef struct HcfX509Crl HcfX509Crl;
struct HcfX509Crl {
/** HcfX509Crl inherit HcfCrl. */
HcfCrl base;
/** Get the der coding format. */
CfResult (*getEncoded)(HcfX509Crl *self, CfEncodingBlob *encodedOut);
/** Use the public key to verify the signature of CRL. */
CfResult (*verify)(HcfX509Crl *self, HcfPubKey *key);
/** Get version number from CRL. */
long (*getVersion)(HcfX509Crl *self);
/** Get the issuer name from CRL. Issuer means the entity that signs and publishes the CRL. */
CfResult (*getIssuerName)(HcfX509Crl *self, CfBlob *out);
/** Get lastUpdate value from CRL. */
CfResult (*getLastUpdate)(HcfX509Crl *self, CfBlob *out);
/** Get nextUpdate value from CRL. */
CfResult (*getNextUpdate)(HcfX509Crl *self, CfBlob *out);
/** This method can be used to find CRL entries in indirect CRLs. */
CfResult (*getRevokedCert)(HcfX509Crl *self, long serialNumber, HcfX509CrlEntry **entryOut);
/** This method can be used to find CRL entries in indirect cert. */
CfResult (*getRevokedCertWithCert)(HcfX509Crl *self, HcfX509Certificate *cert,
HcfX509CrlEntry **entryOut);
/** Get all entries in this CRL. */
CfResult (*getRevokedCerts)(HcfX509Crl *self, CfArray *entrysOut);
/** Get the CRL information encoded by Der from this CRL. */
CfResult (*getTbsInfo)(HcfX509Crl *self, CfBlob *tbsCertListOut);
/** Get signature value from CRL. */
CfResult (*getSignature)(HcfX509Crl *self, CfBlob *signature);
/** Get the signature algorithm name of the CRL signature algorithm. */
CfResult (*getSignatureAlgName)(HcfX509Crl *self, CfBlob *out);
/** Get the signature algorithm oid string from CRL. */
CfResult (*getSignatureAlgOid)(HcfX509Crl *self, CfBlob *out);
/** Get the der encoded signature algorithm parameters from the CRL signature algorithm. */
CfResult (*getSignatureAlgParams)(HcfX509Crl *self, CfBlob *sigAlgParamOut);
};
#ifdef __cplusplus
extern "C" {
#endif
CfResult HcfX509CrlCreate(const CfEncodingBlob *inStream, HcfX509Crl **returnObj);
#ifdef __cplusplus
}
#endif
#endif // CF_X509CRL_H

42
base/security/certificate_framework/interfaces/innerkits/certificate/x509_crl_entry.h Normal file
View File

@@ -0,0 +1,42 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_X509_CRL_ENTRY_H
#define CF_X509_CRL_ENTRY_H
#include "cf_blob.h"
#include "cf_object_base.h"
#include "cf_result.h"
typedef struct HcfX509CrlEntry HcfX509CrlEntry;
struct HcfX509CrlEntry {
/** HcfX509CrlEntry inherit CfObjectBase. */
struct CfObjectBase base;
/** Returns the ASN of this CRL entry 1 der coding form, i.e. internal sequence. */
CfResult (*getEncoded)(HcfX509CrlEntry *self, CfEncodingBlob *encodedOut);
/** Get the serial number from this x509crl entry. */
CfResult (*getSerialNumber)(HcfX509CrlEntry *self, CfBlob *out);
/** Gets the issuer of the x509 certificate described by this entry. */
CfResult (*getCertIssuer)(HcfX509CrlEntry *self, CfBlob *encodedOut);
/** Get the revocation date from x509crl entry. */
CfResult (*getRevocationDate)(HcfX509CrlEntry *self, CfBlob *out);
};
#endif // CF_X509_CRL_ENTRY_H

64
base/security/certificate_framework/interfaces/innerkits/common/cf_blob.h Normal file
View File

@@ -0,0 +1,64 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_BLOB_H
#define CF_BLOB_H
#include <stddef.h>
#include <stdint.h>
typedef struct CfBlob CfBlob;
struct CfBlob {
uint32_t size;
uint8_t *data;
};
enum CfEncodingFormat {
CF_FORMAT_DER = 0,
CF_FORMAT_PEM = 1,
};
typedef struct {
uint8_t *data;
size_t len;
enum CfEncodingFormat encodingFormat;
} CfEncodingBlob;
typedef struct {
CfBlob *data;
enum CfEncodingFormat format;
uint32_t count;
} CfArray;
typedef struct {
CfBlob *data;
uint32_t count;
} CfBlobArray;
#ifdef __cplusplus
extern "C" {
#endif
void CfBlobDataFree(CfBlob *blob);
void CfBlobDataClearAndFree(CfBlob *blob);
void CfEncodingBlobDataFree(CfEncodingBlob *encodingBlob);
void CfArrayDataClearAndFree(CfArray *array);
void FreeCfBlobArray(CfBlob *array, uint32_t arrayLen);
#ifdef __cplusplus
}
#endif
#endif

36
base/security/certificate_framework/interfaces/innerkits/common/cf_object_base.h Normal file
View File

@@ -0,0 +1,36 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_OBJECT_BASE_H
#define CF_OBJECT_BASE_H
typedef struct CfObjectBase CfObjectBase;
struct CfObjectBase {
const char *(*getClass)(void);
void (*destroy)(CfObjectBase *self);
};
#ifdef __cplusplus
extern "C" {
#endif
void CfObjDestroy(void *obj);
#ifdef __cplusplus
}
#endif
#endif // CF_OBJECT_BASE_H

54
base/security/certificate_framework/interfaces/innerkits/common/cf_result.h Normal file
View File

@@ -0,0 +1,54 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_RESULT_H
#define CF_RESULT_H
typedef enum CfResult {
/* Indicates success. */
CF_SUCCESS = 0,
/* Indicates that input params is invalid . */
CF_INVALID_PARAMS = -10001,
/* Indicates that function or algorithm is not supported. */
CF_NOT_SUPPORT = -10002,
/* Indicates that input pointer is not null. */
CF_NULL_POINTER = -10003,
/* Indicates that something expected is not exist. */
CF_NOT_EXIST = -10004,
/* Indicates that memory malloc fails. */
CF_ERR_MALLOC = -20001,
/* Indicates that memory copy fails. */
CF_ERR_COPY = -20002,
/* Indicates that third part has something wrong. */
CF_ERR_CRYPTO_OPERATION = -30001,
/* Indicates that cert signature check fails. */
CF_ERR_CERT_SIGNATURE_FAILURE = -30002,
/* Indicates that cert is not yet valid. */
CF_ERR_CERT_NOT_YET_VALID = -30003,
/* Indicates that cert has expired. */
CF_ERR_CERT_HAS_EXPIRED = -30004,
/* Indicates that we can not get the untrusted cert's issuer. */
CF_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = -30005,
/* Indicates that key usage does not include certificate sign. */
CF_ERR_KEYUSAGE_NO_CERTSIGN = -30006,
/* Indicates that key usage does not include digital sign. */
CF_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE = -30007,
/* Indicates that cert data format is invalid. */
CF_ERR_INVALID_CODE_FORMAT = -30008,
} CfResult;
#endif

38
base/security/certificate_framework/interfaces/innerkits/include/cf_api.h Normal file
View File

@@ -0,0 +1,38 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_API_H
#define CF_API_H
#include "cf_type.h"
typedef struct CfObjectInner CfObject;
struct CfObjectInner {
int32_t (*get)(const CfObject *object, const CfParamSet *paramSetIn, CfParamSet **paramSetOut);
int32_t (*check)(const CfObject *object, const CfParamSet *paramSetIn, CfParamSet **paramSetOut);
void (*destroy)(CfObject **object);
};
#ifdef __cplusplus
extern "C" {
#endif
CF_API_EXPORT int32_t CfCreate(CfObjectType objType, const CfEncodingBlob *in, CfObject **object);
#ifdef __cplusplus
}
#endif
#endif /* CF_API_H */

46
base/security/certificate_framework/interfaces/innerkits/include/cf_param.h Normal file
View File

@@ -0,0 +1,46 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_PARAM_H
#define CF_PARAM_H
#include "cf_type.h"
#define CF_PARAM_SET_MAX_SIZE (4 * 1024 * 1024)
#define CF_DEFAULT_PARAM_SET_SIZE 512
#define CF_DEFAULT_PARAM_CNT ((uint32_t)((CF_DEFAULT_PARAM_SET_SIZE - sizeof(CfParamSet)) / sizeof(CfParam)))
#define CF_TAG_TYPE_MASK (0xF << 28)
#ifdef __cplusplus
extern "C" {
#endif
CfTagType CfGetTagType(CfTag tag);
int32_t CfInitParamSet(CfParamSet **paramSet);
int32_t CfAddParams(CfParamSet *paramSet, const CfParam *params, uint32_t paramCnt);
int32_t CfBuildParamSet(CfParamSet **paramSet);
void CfFreeParamSet(CfParamSet **paramSet);
int32_t CfGetParam(const CfParamSet *paramSet, uint32_t tag, CfParam **param);
#ifdef __cplusplus
}
#endif
#endif /* CF_PARAM_H */

146
base/security/certificate_framework/interfaces/innerkits/include/cf_type.h Normal file
View File

@@ -0,0 +1,146 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_TYPE_H
#define CF_TYPE_H
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
#include "cf_blob.h"
#define CF_API_EXPORT __attribute__ ((visibility("default")))
typedef enum {
CF_OBJ_TYPE_CERT,
CF_OBJ_TYPE_EXTENSION,
CF_OBJ_TYPE_CRL,
CF_OBJ_TYPE_LIST,
} CfObjectType;
typedef struct {
unsigned long type;
} CfBase;
typedef enum {
CF_ITEM_TBS = 0, /* TBS Certificate */
CF_ITEM_PUBLIC_KEY, /* Subject Public Key */
CF_ITEM_ISSUER_UNIQUE_ID, /* Issuer Unique Identifier */
CF_ITEM_SUBJECT_UNIQUE_ID, /* Subject Unique Identifier */
CF_ITEM_EXTENSIONS, /* Extensions */
CF_ITEM_ENCODED,
CF_ITEM_VERSION,
CF_ITEM_SERIAL_NUMBER,
CF_ITEM_ISSUE_NAME,
CF_ITEM_SUBJECT_NAME,
CF_ITEM_NOT_BEFORE,
CF_ITEM_NOT_AFTER,
CF_ITEM_SIGNATURE,
CF_ITEM_SIGNATURE_ALG_NAME,
CF_ITEM_INVALID,
} CfItemId;
typedef enum {
CF_EXT_TYPE_ALL_OIDS,
CF_EXT_TYPE_CRITICAL_OIDS,
CF_EXT_TYPE_UNCRITICAL_OIDS,
} CfExtensionOidType;
typedef enum {
CF_EXT_ENTRY_TYPE_ENTRY,
CF_EXT_ENTRY_TYPE_ENTRY_CRITICAL,
CF_EXT_ENTRY_TYPE_ENTRY_VALUE,
} CfExtensionEntryType;
typedef enum {
CF_GET_TYPE_CERT_ITEM,
CF_GET_TYPE_EXT_ITEM,
CF_GET_TYPE_EXT_OIDS,
CF_GET_TYPE_EXT_ENTRY,
} CfGetType;
typedef enum {
CF_CHECK_TYPE_EXT_CA,
} CfCheckType;
typedef enum {
CF_TAG_TYPE_INVALID = 0 << 28,
CF_TAG_TYPE_INT = 1 << 28,
CF_TAG_TYPE_UINT = 2 << 28,
CF_TAG_TYPE_ULONG = 3 << 28,
CF_TAG_TYPE_BOOL = 4 << 28,
CF_TAG_TYPE_BYTES = 5 << 28,
} CfTagType;
typedef enum {
CF_TAG_INVALID = CF_TAG_TYPE_INVALID | 0,
CF_TAG_RESULT_TYPE = CF_TAG_TYPE_INT | 1, /* choose from CfTagType */
CF_TAG_RESULT_INT = CF_TAG_TYPE_INT | 2,
CF_TAG_RESULT_UINT = CF_TAG_TYPE_UINT | 3,
CF_TAG_RESULT_ULONG = CF_TAG_TYPE_ULONG | 4,
CF_TAG_RESULT_BOOL = CF_TAG_TYPE_BOOL | 5,
CF_TAG_RESULT_BYTES = CF_TAG_TYPE_BYTES | 6,
CF_TAG_GET_TYPE = CF_TAG_TYPE_INT | 1001, /* choose from CfGetType */
CF_TAG_CHECK_TYPE = CF_TAG_TYPE_INT | 1002, /* choose from CfCheckType */
CF_TAG_PARAM0_BUFFER = CF_TAG_TYPE_BYTES | 30001,
CF_TAG_PARAM1_BUFFER = CF_TAG_TYPE_BYTES | 30002,
CF_TAG_PARAM2_BUFFER = CF_TAG_TYPE_BYTES | 30003,
CF_TAG_PARAM3_BUFFER = CF_TAG_TYPE_BYTES | 30004,
CF_TAG_PARAM4_BUFFER = CF_TAG_TYPE_BYTES | 30005,
CF_TAG_PARAM0_INT32 = CF_TAG_TYPE_INT | 30006,
CF_TAG_PARAM1_INT32 = CF_TAG_TYPE_INT | 30007,
CF_TAG_PARAM2_INT32 = CF_TAG_TYPE_INT | 30008,
CF_TAG_PARAM3_INT32 = CF_TAG_TYPE_INT | 30009,
CF_TAG_PARAM4_INT32 = CF_TAG_TYPE_INT | 30010,
} CfTag;
typedef struct {
uint32_t tag;
union {
bool boolParam;
int32_t int32Param;
uint32_t uint32Param;
uint64_t uint64Param;
CfBlob blob;
};
} CfParam;
typedef struct {
uint32_t paramSetSize;
uint32_t paramsCnt;
CfParam params[];
} CfParamSet;
static inline bool CfIsAdditionOverflow(uint32_t a, uint32_t b)
{
return (UINT32_MAX - a) < b;
}
#define MAX_COUNT_OID 100
#define MAX_LEN_OID 128
#define MAX_COUNT_NID 1195
#define MAX_LEN_CERTIFICATE 65536
#define MAX_LEN_EXTENSIONS 65536
#define BASIC_CONSTRAINTS_NO_CA (-1)
#define BASIC_CONSTRAINTS_PATHLEN_NO_LIMIT (-2)
#endif /* CF_TYPE_H */