Leancrypto 1.6.0
Post-Quantum Cryptographic Library
Loading...
Searching...
No Matches
lc_x509_parser.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 2024 - 2025, Stephan Mueller <smueller@chronox.de>
3 *
4 * License: see LICENSE file in root directory
5 *
6 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
7 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
8 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
9 * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
10 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
11 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
12 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
13 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
14 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
15 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
16 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
17 * DAMAGE.
18 */
19
20#ifndef LC_X509_PARSER_H
21#define LC_X509_PARSER_H
22
23#include "ext_headers.h"
24#include "lc_x509_common.h"
25
26#ifdef __cplusplus
27extern "C" {
28#endif
29
57
64void lc_x509_cert_clear(struct lc_x509_certificate *cert);
65
94int lc_x509_cert_decode(struct lc_x509_certificate *cert, const uint8_t *data,
95 size_t datalen);
96
98#define LC_X509_KEYS_SPHINCS_SIZE \
99 (sizeof(struct lc_sphincs_pk) + sizeof(struct lc_sphincs_sk) + \
100 sizeof(struct lc_x509_key_data))
101#define LC_X509_KEYS_SPHINCS_SET(name) \
102 _Pragma("GCC diagnostic push") \
103 _Pragma("GCC diagnostic ignored \"-Wcast-align\"")(name) \
104 ->pk.sphincs_pk = \
105 (struct lc_sphincs_pk *)((uint8_t *)(name) + \
106 sizeof(struct lc_x509_key_data)); \
107 (name)->sk.sphincs_sk = \
108 (struct lc_sphincs_sk *)((uint8_t *)(name) + \
109 sizeof(struct lc_x509_key_data) + \
110 sizeof(struct lc_sphincs_pk)); \
111 (name)->data_struct_size = LC_X509_KEYS_SPHINCS_SIZE; \
112 _Pragma("GCC diagnostic pop")
114
122#define LC_X509_KEYS_SPHINCS_ON_STACK(name) \
123 _Pragma("GCC diagnostic push") _Pragma( \
124 "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \
125 LC_ALIGNED_BUFFER(name##_ctx_buf, LC_X509_KEYS_SPHINCS_SIZE, \
126 LC_HASH_COMMON_ALIGNMENT); \
127 struct lc_x509_key_data *name = \
128 (struct lc_x509_key_data *)name##_ctx_buf; \
129 LC_X509_KEYS_SPHINCS_SET(name); \
130 _Pragma("GCC diagnostic pop")
131
133#define LC_X509_KEYS_DILITHIUM_SIZE \
134 (sizeof(struct lc_dilithium_pk) + sizeof(struct lc_dilithium_sk) + \
135 sizeof(struct lc_x509_key_data))
136#define LC_X509_KEYS_DILITHIUM_SET(name) \
137 _Pragma("GCC diagnostic push") \
138 _Pragma("GCC diagnostic ignored \"-Wcast-align\"")(name) \
139 ->pk.dilithium_pk = \
140 (struct lc_dilithium_pk *)((uint8_t *)(name) + \
141 sizeof(struct lc_x509_key_data)); \
142 (name)->sk.dilithium_sk = \
143 (struct lc_dilithium_sk *)((uint8_t *)(name) + \
144 sizeof(struct lc_x509_key_data) + \
145 sizeof(struct lc_dilithium_pk)); \
146 (name)->data_struct_size = LC_X509_KEYS_DILITHIUM_SIZE; \
147 _Pragma("GCC diagnostic pop")
149
157#define LC_X509_KEYS_DILITHIUM_ON_STACK(name) \
158 _Pragma("GCC diagnostic push") _Pragma( \
159 "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \
160 LC_ALIGNED_BUFFER(name##_ctx_buf, LC_X509_KEYS_DILITHIUM_SIZE, \
161 LC_HASH_COMMON_ALIGNMENT); \
162 struct lc_x509_key_data *name = \
163 (struct lc_x509_key_data *)name##_ctx_buf; \
164 LC_X509_KEYS_DILITHIUM_SET(name); \
165 _Pragma("GCC diagnostic pop")
166
168#ifdef LC_DILITHIUM_ED25519_SIG
169#define LC_X509_KEYS_DILITHIUM_ED25519_SIZE \
170 (sizeof(struct lc_dilithium_ed25519_pk) + \
171 sizeof(struct lc_dilithium_ed25519_sk) + \
172 sizeof(struct lc_x509_key_data))
173#define LC_X509_KEYS_DILITHIUM_ED25519_SET(name) \
174 _Pragma("GCC diagnostic push") \
175 _Pragma("GCC diagnostic ignored \"-Wcast-align\"")(name) \
176 ->pk.dilithium_ed25519_pk = \
177 (struct lc_dilithium_ed25519_pk \
178 *)((uint8_t *)(name) + \
179 sizeof(struct lc_x509_key_data)); \
180 (name)->sk.dilithium_ed25519_sk = \
181 (struct lc_dilithium_ed25519_sk \
182 *)((uint8_t *)(name) + \
183 sizeof(struct lc_x509_key_data) + \
184 sizeof(struct lc_dilithium_ed25519_pk)); \
185 (name)->data_struct_size = LC_X509_KEYS_DILITHIUM_ED25519_SIZE; \
186 _Pragma("GCC diagnostic pop")
187#endif
188
189#ifdef LC_DILITHIUM_ED448_SIG
190#define LC_X509_KEYS_DILITHIUM_ED448_SIZE \
191 (sizeof(struct lc_dilithium_ed448_pk) + \
192 sizeof(struct lc_dilithium_ed448_sk) + \
193 sizeof(struct lc_x509_key_data))
194#define LC_X509_KEYS_DILITHIUM_ED448_SET(name) \
195 _Pragma("GCC diagnostic push") \
196 _Pragma("GCC diagnostic ignored \"-Wcast-align\"")(name) \
197 ->pk.dilithium_ed448_pk = \
198 (struct lc_dilithium_ed448_pk \
199 *)((uint8_t *)(name) + \
200 sizeof(struct lc_x509_key_data)); \
201 (name)->sk.dilithium_ed448_sk = \
202 (struct lc_dilithium_ed448_sk \
203 *)((uint8_t *)(name) + \
204 sizeof(struct lc_x509_key_data) + \
205 sizeof(struct lc_dilithium_ed448_pk)); \
206 (name)->data_struct_size = LC_X509_KEYS_DILITHIUM_ED448_SIZE; \
207 _Pragma("GCC diagnostic pop")
208#endif
210
218#define LC_X509_KEYS_DILITHIUM_ED25519_ON_STACK(name) \
219 _Pragma("GCC diagnostic push") _Pragma( \
220 "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \
221 _Pragma("GCC diagnostic ignored \"-Wcast-align\"") \
222 LC_ALIGNED_BUFFER(name##_ctx_buf, \
223 LC_X509_KEYS_DILITHIUM_ED25519_SIZE, \
224 LC_HASH_COMMON_ALIGNMENT); \
225 struct lc_x509_key_data *name = \
226 (struct lc_x509_key_data *)name##_ctx_buf; \
227 LC_X509_KEYS_DILITHIUM_ED25519_SET(name); \
228 _Pragma("GCC diagnostic pop")
229
237#define LC_X509_KEYS_DILITHIUM_ED448_ON_STACK(name) \
238 _Pragma("GCC diagnostic push") _Pragma( \
239 "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \
240 _Pragma("GCC diagnostic ignored \"-Wcast-align\"") \
241 LC_ALIGNED_BUFFER(name##_ctx_buf, \
242 LC_X509_KEYS_DILITHIUM_ED448_SIZE, \
243 LC_HASH_COMMON_ALIGNMENT); \
244 struct lc_x509_key_data *name = \
245 (struct lc_x509_key_data *)name##_ctx_buf; \
246 LC_X509_KEYS_DILITHIUM_ED448_SET(name); \
247 _Pragma("GCC diagnostic pop")
248
256#ifdef LC_DILITHIUM_ED448_SIG
257#define LC_X509_KEYS_ON_STACK(name) LC_X509_KEYS_DILITHIUM_ED448_ON_STACK(name)
258#elif defined LC_DILITHIUM_ED25519_SIG
259#define LC_X509_KEYS_ON_STACK(name) \
260 LC_X509_KEYS_DILITHIUM_ED25519_ON_STACK(name)
261#elif defined(LC_SPHINCS_ENABLED)
262#define LC_X509_KEYS_ON_STACK(name) LC_X509_KEYS_SPHINCS_ON_STACK(name)
263#elif defined(LC_DILITHIUM_ENABLED)
264#define LC_X509_KEYS_ON_STACK(name) LC_X509_KEYS_DILITHIUM_ON_STACK(name)
265#else
266#error "No known signature schemas enabled"
267#endif
268
275static inline void lc_x509_keys_zero(struct lc_x509_key_data *keys)
276{
277 if (!keys)
278 return;
279 lc_memset_secure(keys, 0, keys->data_struct_size);
280}
281
291int lc_x509_keys_dilithium_ed25519_alloc(struct lc_x509_key_data **keys);
292
302int lc_x509_keys_dilithium_ed448_alloc(struct lc_x509_key_data **keys);
303
313int lc_x509_keys_dilithium_alloc(struct lc_x509_key_data **keys);
314
324int lc_x509_keys_sphincs_alloc(struct lc_x509_key_data **keys);
325
335int lc_x509_keys_alloc(struct lc_x509_key_data **keys);
336
343void lc_x509_keys_zero_free(struct lc_x509_key_data *keys);
344
367int lc_x509_sk_decode(struct lc_x509_key_data *key, enum lc_sig_types key_type,
368 const uint8_t *data, size_t datalen);
369
392int lc_x509_pk_decode(struct lc_x509_key_data *key, enum lc_sig_types key_type,
393 const uint8_t *data, size_t datalen);
394
415int lc_x509_signature_verify(const uint8_t *sig_data, size_t siglen,
416 const struct lc_x509_certificate *cert,
417 const uint8_t *m, size_t mlen,
418 const struct lc_hash *prehash_algo);
419
420#ifdef LC_DILITHIUM_ED25519_SIG
431int lc_x509_cert_load_pk_dilithium_ed25519(
432 struct lc_dilithium_ed25519_pk *dilithium_ed25519_pk,
433 const uint8_t *pk_ptr, size_t pk_len);
434#endif
435
436#ifdef LC_DILITHIUM_ED448_SIG
447int lc_x509_cert_load_pk_dilithium_ed448(
448 struct lc_dilithium_ed448_pk *dilithium_ed448_pk, const uint8_t *pk_ptr,
449 size_t pk_len);
450#endif
451
468int lc_x509_cert_get_pubkey(const struct lc_x509_certificate *cert,
469 const uint8_t **pk, size_t *pk_size,
470 enum lc_sig_types *key_type);
471
484int lc_x509_cert_get_eku(const struct lc_x509_certificate *cert,
485 const char ***eku_names, unsigned int *num_eku);
486
496int lc_x509_cert_get_eku_val(const struct lc_x509_certificate *cert,
497 uint16_t *val);
498
512int lc_x509_cert_get_keyusage(const struct lc_x509_certificate *cert,
513 const char ***keyusage_names,
514 unsigned int *num_keyusage);
515
525int lc_x509_cert_get_keyusage_val(const struct lc_x509_certificate *cert,
526 uint16_t *val);
527
544int lc_x509_cert_get_san_dns(const struct lc_x509_certificate *cert,
545 const char **san_dns_name, size_t *san_dns_len);
546
559int lc_x509_cert_get_san_ip(const struct lc_x509_certificate *cert,
560 const uint8_t **san_ip, size_t *san_ip_len);
561
573int lc_x509_dec_san_ip(const uint8_t *ip, size_t ip_len, char *ip_name,
574 size_t ip_name_len);
575
588int lc_x509_cert_get_skid(const struct lc_x509_certificate *cert,
589 const uint8_t **skid, size_t *skidlen);
590
603int lc_x509_cert_get_akid(const struct lc_x509_certificate *cert,
604 const uint8_t **akid, size_t *akidlen);
605
617int lc_x509_cert_get_valid_from(const struct lc_x509_certificate *cert,
618 time64_t *time_since_epoch);
619
631int lc_x509_cert_get_valid_to(const struct lc_x509_certificate *cert,
632 time64_t *time_since_epoch);
633
650int lc_x509_cert_get_subject_cn(const struct lc_x509_certificate *cert,
651 const char **string, size_t *string_len);
652
669int lc_x509_cert_get_subject_email(const struct lc_x509_certificate *cert,
670 const char **string, size_t *string_len);
671
688int lc_x509_cert_get_subject_ou(const struct lc_x509_certificate *cert,
689 const char **string, size_t *string_len);
690
707int lc_x509_cert_get_subject_o(const struct lc_x509_certificate *cert,
708 const char **string, size_t *string_len);
709
726int lc_x509_cert_get_subject_st(const struct lc_x509_certificate *cert,
727 const char **string, size_t *string_len);
728
745int lc_x509_cert_get_subject_c(const struct lc_x509_certificate *cert,
746 const char **string, size_t *string_len);
747
764int lc_x509_cert_get_issuer_cn(const struct lc_x509_certificate *cert,
765 const char **string, size_t *string_len);
766
783int lc_x509_cert_get_issuer_email(const struct lc_x509_certificate *cert,
784 const char **string, size_t *string_len);
785
802int lc_x509_cert_get_issuer_ou(const struct lc_x509_certificate *cert,
803 const char **string, size_t *string_len);
804
821int lc_x509_cert_get_issuer_o(const struct lc_x509_certificate *cert,
822 const char **string, size_t *string_len);
823
840int lc_x509_cert_get_issuer_st(const struct lc_x509_certificate *cert,
841 const char **string, size_t *string_len);
842
859int lc_x509_cert_get_issuer_c(const struct lc_x509_certificate *cert,
860 const char **string, size_t *string_len);
861
874int lc_x509_cert_get_serial(const struct lc_x509_certificate *cert,
875 const uint8_t **serial, size_t *serial_len);
876
877/******************************************************************************
878 * X.509 Certificate policy service functions
879 ******************************************************************************/
880
882typedef int lc_x509_pol_ret_t /* __attribute__((warn_unused_result)) */;
883
885#define LC_X509_POL_TRUE 1
886
888#define LC_X509_POL_FALSE 0
889
898lc_x509_pol_ret_t lc_x509_policy_is_ca(const struct lc_x509_certificate *cert);
899
908lc_x509_pol_ret_t
909lc_x509_policy_can_validate_crls(const struct lc_x509_certificate *cert);
910
919
920lc_x509_pol_ret_t
921lc_x509_policy_is_selfsigned(const struct lc_x509_certificate *cert);
922
931lc_x509_pol_ret_t
932lc_x509_policy_is_root_ca(const struct lc_x509_certificate *cert);
933
944lc_x509_pol_ret_t
945lc_x509_policy_match_akid(const struct lc_x509_certificate *cert,
946 const uint8_t *reference_akid,
947 size_t reference_akid_len);
948
959lc_x509_pol_ret_t
960lc_x509_policy_match_skid(const struct lc_x509_certificate *cert,
961 const uint8_t *reference_skid,
962 size_t reference_skid_len);
963
974lc_x509_pol_ret_t
975lc_x509_policy_match_key_usage(const struct lc_x509_certificate *cert,
976 uint16_t required_key_usage);
977
988lc_x509_pol_ret_t
989lc_x509_policy_match_extended_key_usage(const struct lc_x509_certificate *cert,
990 uint16_t required_eku);
991
1004
1005lc_x509_pol_ret_t
1006lc_x509_policy_time_valid(const struct lc_x509_certificate *cert,
1007 time64_t current_time);
1008
1019lc_x509_pol_ret_t
1020lc_x509_policy_cert_valid(const struct lc_x509_certificate *cert);
1021
1038int lc_x509_policy_verify_cert(const struct lc_public_key *pkey,
1039 const struct lc_x509_certificate *cert,
1040 uint64_t flags);
1041
1042#ifdef __cplusplus
1043}
1044#endif
1045
1046#endif /* LC_X509_PARSER_H */
lc_hash
int lc_hash(const struct lc_hash *hash, const uint8_t *in, size_t inlen, uint8_t *digest)
Calculate message digest - one-shot.
lc_x509_keys_dilithium_ed448_alloc
int lc_x509_keys_dilithium_ed448_alloc(struct lc_x509_key_data **keys)
Allocate memory for struct lc_x509_keys_data holding Dilithium-ED448 keys on heap.
lc_x509_cert_get_issuer_o
int lc_x509_cert_get_issuer_o(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the issuer O field from the certificate.
lc_x509_cert_load_pk_dilithium_ed25519
int lc_x509_cert_load_pk_dilithium_ed25519(struct lc_dilithium_ed25519_pk *dilithium_ed25519_pk, const uint8_t *pk_ptr, size_t pk_len)
Parse a Composite ML-DSA ASN.1 structure into a public key structure.
lc_x509_cert_decode
int lc_x509_cert_decode(struct lc_x509_certificate *cert, const uint8_t *data, size_t datalen)
Decode an X.509 certificate.
lc_x509_cert_get_valid_from
int lc_x509_cert_get_valid_from(const struct lc_x509_certificate *cert, time64_t *time_since_epoch)
Get the valid-from data from the certificate.
lc_x509_cert_get_eku
int lc_x509_cert_get_eku(const struct lc_x509_certificate *cert, const char ***eku_names, unsigned int *num_eku)
Get the extended key usage in human readable form.
lc_x509_keys_sphincs_alloc
int lc_x509_keys_sphincs_alloc(struct lc_x509_key_data **keys)
Allocate memory for struct lc_x509_keys_data holding Sphincs Plus keys on heap.
lc_x509_cert_clear
void lc_x509_cert_clear(struct lc_x509_certificate *cert)
Clear the resources used by the X.509 certificate parsing state.
lc_x509_keys_dilithium_alloc
int lc_x509_keys_dilithium_alloc(struct lc_x509_key_data **keys)
Allocate memory for struct lc_x509_keys_data holding Dilithium keys on heap.
lc_x509_cert_get_issuer_ou
int lc_x509_cert_get_issuer_ou(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the issuer OU field from the certificate.
lc_x509_cert_get_subject_email
int lc_x509_cert_get_subject_email(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the subject email field from the certificate.
lc_x509_cert_get_issuer_email
int lc_x509_cert_get_issuer_email(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the issuer email field from the certificate.
lc_x509_cert_get_keyusage
int lc_x509_cert_get_keyusage(const struct lc_x509_certificate *cert, const char ***keyusage_names, unsigned int *num_keyusage)
Get the key usage in human readable form.
lc_x509_policy_verify_cert
int lc_x509_policy_verify_cert(const struct lc_public_key *pkey, const struct lc_x509_certificate *cert, uint64_t flags)
Verification of an X.509 certificate against a public key.
lc_x509_cert_get_san_ip
int lc_x509_cert_get_san_ip(const struct lc_x509_certificate *cert, const uint8_t **san_ip, size_t *san_ip_len)
Get the SAN IP value.
lc_x509_policy_can_validate_crls
lc_x509_pol_ret_t lc_x509_policy_can_validate_crls(const struct lc_x509_certificate *cert)
Can the given certificate validate CRLs?
lc_x509_cert_get_eku_val
int lc_x509_cert_get_eku_val(const struct lc_x509_certificate *cert, uint16_t *val)
Get the extended key usage in integer form.
lc_x509_dec_san_ip
int lc_x509_dec_san_ip(const uint8_t *ip, size_t ip_len, char *ip_name, size_t ip_name_len)
Helper to convert the binary IP address value into human-readable form.
lc_x509_keys_alloc
int lc_x509_keys_alloc(struct lc_x509_key_data **keys)
Allocate memory for struct lc_x509_keys_data holding holding any kind of key type on heap.
lc_x509_cert_get_serial
int lc_x509_cert_get_serial(const struct lc_x509_certificate *cert, const uint8_t **serial, size_t *serial_len)
Get the serial number of the certificate.
lc_x509_pk_decode
int lc_x509_pk_decode(struct lc_x509_key_data *key, enum lc_sig_types key_type, const uint8_t *data, size_t datalen)
Decode a public key in raw format.
lc_x509_cert_get_skid
int lc_x509_cert_get_skid(const struct lc_x509_certificate *cert, const uint8_t **skid, size_t *skidlen)
Get the SKID value.
lc_x509_cert_get_akid
int lc_x509_cert_get_akid(const struct lc_x509_certificate *cert, const uint8_t **akid, size_t *akidlen)
Get the AKID value.
lc_x509_cert_get_pubkey
int lc_x509_cert_get_pubkey(const struct lc_x509_certificate *cert, const uint8_t **pk, size_t *pk_size, enum lc_sig_types *key_type)
Get a reference of the public key data.
lc_x509_cert_get_subject_st
int lc_x509_cert_get_subject_st(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the subject ST field from the certificate.
lc_x509_policy_is_root_ca
lc_x509_pol_ret_t lc_x509_policy_is_root_ca(const struct lc_x509_certificate *cert)
Is the given certificate a root CA certificate?
lc_x509_cert_load_pk_dilithium_ed448
int lc_x509_cert_load_pk_dilithium_ed448(struct lc_dilithium_ed448_pk *dilithium_ed448_pk, const uint8_t *pk_ptr, size_t pk_len)
Parse a Composite ML-DSA ASN.1 structure into a public key structure.
lc_x509_cert_get_subject_cn
int lc_x509_cert_get_subject_cn(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the subject CN field from the certificate.
lc_x509_cert_get_subject_o
int lc_x509_cert_get_subject_o(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the subject O field from the certificate.
lc_x509_cert_get_issuer_c
int lc_x509_cert_get_issuer_c(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the issuer C field from the certificate.
lc_x509_keys_zero_free
void lc_x509_keys_zero_free(struct lc_x509_key_data *keys)
Zeroize and free keys buffer.
lc_x509_policy_match_skid
lc_x509_pol_ret_t lc_x509_policy_match_skid(const struct lc_x509_certificate *cert, const uint8_t *reference_skid, size_t reference_skid_len)
Does the given SKID match the certificate SKID?
lc_x509_policy_is_selfsigned
lc_x509_pol_ret_t lc_x509_policy_is_selfsigned(const struct lc_x509_certificate *cert)
Is the given certificate a self-signed certificate?
lc_x509_policy_match_akid
lc_x509_pol_ret_t lc_x509_policy_match_akid(const struct lc_x509_certificate *cert, const uint8_t *reference_akid, size_t reference_akid_len)
Does the given AKID match the certificate AKID?
lc_x509_cert_get_issuer_cn
int lc_x509_cert_get_issuer_cn(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the issuer CN field from the certificate.
lc_x509_policy_match_key_usage
lc_x509_pol_ret_t lc_x509_policy_match_key_usage(const struct lc_x509_certificate *cert, uint16_t required_key_usage)
Check if set of required key usage flags are present.
lc_x509_policy_match_extended_key_usage
lc_x509_pol_ret_t lc_x509_policy_match_extended_key_usage(const struct lc_x509_certificate *cert, uint16_t required_eku)
Check if set of required extended key usage flags are present.
lc_x509_cert_get_subject_c
int lc_x509_cert_get_subject_c(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the subject C field from the certificate.
lc_x509_signature_verify
int lc_x509_signature_verify(const uint8_t *sig_data, size_t siglen, const struct lc_x509_certificate *cert, const uint8_t *m, size_t mlen, const struct lc_hash *prehash_algo)
Verify signature over user-supplied data.
lc_x509_cert_get_keyusage_val
int lc_x509_cert_get_keyusage_val(const struct lc_x509_certificate *cert, uint16_t *val)
Get the key usage in integer form.
lc_x509_cert_get_issuer_st
int lc_x509_cert_get_issuer_st(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the issuer ST field from the certificate.
lc_x509_policy_time_valid
lc_x509_pol_ret_t lc_x509_policy_time_valid(const struct lc_x509_certificate *cert, time64_t current_time)
Check if the given time falls within the range of the certificate validity time.
lc_x509_keys_dilithium_ed25519_alloc
int lc_x509_keys_dilithium_ed25519_alloc(struct lc_x509_key_data **keys)
Allocate memory for struct lc_x509_keys_data holding Dilithium-ED25519 keys on heap.
lc_x509_cert_get_san_dns
int lc_x509_cert_get_san_dns(const struct lc_x509_certificate *cert, const char **san_dns_name, size_t *san_dns_len)
Get the SAN DNS name.
lc_x509_policy_cert_valid
lc_x509_pol_ret_t lc_x509_policy_cert_valid(const struct lc_x509_certificate *cert)
Check if certificate is valid.
lc_x509_policy_is_ca
lc_x509_pol_ret_t lc_x509_policy_is_ca(const struct lc_x509_certificate *cert)
Is the given certificate a CA certificate (root or intermediate)?
lc_x509_cert_get_valid_to
int lc_x509_cert_get_valid_to(const struct lc_x509_certificate *cert, time64_t *time_since_epoch)
Get the valid-to data from the certificate.
lc_x509_cert_get_subject_ou
int lc_x509_cert_get_subject_ou(const struct lc_x509_certificate *cert, const char **string, size_t *string_len)
Get the subject OU field from the certificate.
lc_x509_sk_decode
int lc_x509_sk_decode(struct lc_x509_key_data *key, enum lc_sig_types key_type, const uint8_t *data, size_t datalen)
Decode a private key in DER format.
lc_dilithium_ed25519_pk
Dilithium public key.
Definition lc_dilithium.h:764
lc_dilithium_ed448_pk
Dilithium public key.
Definition lc_dilithium.h:1332
lc_memset_secure
static void lc_memset_secure(void *s, int c, size_t n)
Definition lc_memset_secure.h:79
lc_x509_common.h
lc_x509_keys_zero
static void lc_x509_keys_zero(struct lc_x509_key_data *keys)
Zeroize Dilithium context allocated with LC_X509_KEYS*_ON_STACK.
Definition lc_x509_parser.h:275
lc_x509_pol_ret_t
int lc_x509_pol_ret_t
Definition lc_x509_parser.h:882
Generated by doxygen 1.15.0