1337e28efSBernhard Stoeckner /** 2337e28efSBernhard Stoeckner * Copyright Notice: 3337e28efSBernhard Stoeckner * Copyright 2021-2022 DMTF. All rights reserved. 4337e28efSBernhard Stoeckner * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md 5337e28efSBernhard Stoeckner **/ 6337e28efSBernhard Stoeckner 7337e28efSBernhard Stoeckner #ifndef CRYPTLIB_CERT_H 8337e28efSBernhard Stoeckner #define CRYPTLIB_CERT_H 9337e28efSBernhard Stoeckner 10*91676d66SBernhard Stoeckner #if LIBSPDM_CERT_PARSE_SUPPORT 11*91676d66SBernhard Stoeckner 12337e28efSBernhard Stoeckner /** 13337e28efSBernhard Stoeckner * Retrieve the tag and length of the tag. 14337e28efSBernhard Stoeckner * 15337e28efSBernhard Stoeckner * @param ptr The position in the ASN.1 data. 16337e28efSBernhard Stoeckner * @param end End of data. 17337e28efSBernhard Stoeckner * @param length The variable that will receive the length. 18337e28efSBernhard Stoeckner * @param tag The expected tag. 19337e28efSBernhard Stoeckner * 20337e28efSBernhard Stoeckner * @retval true Get tag successful. 21337e28efSBernhard Stoeckner * @retval false Failed to get tag or tag not match. 22337e28efSBernhard Stoeckner **/ 23337e28efSBernhard Stoeckner extern bool libspdm_asn1_get_tag(uint8_t **ptr, const uint8_t *end, size_t *length, uint32_t tag); 24337e28efSBernhard Stoeckner 25337e28efSBernhard Stoeckner /** 26337e28efSBernhard Stoeckner * Retrieve the subject bytes from one X.509 certificate. 27337e28efSBernhard Stoeckner * 28337e28efSBernhard Stoeckner * If cert is NULL, then return false. 29337e28efSBernhard Stoeckner * If subject_size is NULL, then return false. 30337e28efSBernhard Stoeckner * If this interface is not supported, then return false. 31337e28efSBernhard Stoeckner * 32337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 33337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 34337e28efSBernhard Stoeckner * @param[out] cert_subject Pointer to the retrieved certificate subject bytes. 35337e28efSBernhard Stoeckner * @param[in, out] subject_size The size in bytes of the cert_subject buffer on input, 36337e28efSBernhard Stoeckner * and the size of buffer returned cert_subject on output. 37337e28efSBernhard Stoeckner * 38337e28efSBernhard Stoeckner * @retval true The certificate subject retrieved successfully. 39337e28efSBernhard Stoeckner * @retval false Invalid certificate, or the subject_size is too small for the result. 40337e28efSBernhard Stoeckner * The subject_size will be updated with the required size. 41337e28efSBernhard Stoeckner * @retval false This interface is not supported. 42337e28efSBernhard Stoeckner **/ 43337e28efSBernhard Stoeckner extern bool libspdm_x509_get_subject_name(const uint8_t *cert, size_t cert_size, 44337e28efSBernhard Stoeckner uint8_t *cert_subject, 45337e28efSBernhard Stoeckner size_t *subject_size); 46337e28efSBernhard Stoeckner 47337e28efSBernhard Stoeckner /** 48337e28efSBernhard Stoeckner * Retrieve the version from one X.509 certificate. 49337e28efSBernhard Stoeckner * 50337e28efSBernhard Stoeckner * If cert is NULL, then return false. 51337e28efSBernhard Stoeckner * If cert_size is 0, then return false. 52337e28efSBernhard Stoeckner * If this interface is not supported, then return false. 53337e28efSBernhard Stoeckner * 54337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 55337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 56337e28efSBernhard Stoeckner * @param[out] version Pointer to the retrieved version integer. 57337e28efSBernhard Stoeckner * 58337e28efSBernhard Stoeckner * @retval true 59337e28efSBernhard Stoeckner * @retval false 60337e28efSBernhard Stoeckner **/ 61337e28efSBernhard Stoeckner extern bool libspdm_x509_get_version(const uint8_t *cert, size_t cert_size, size_t *version); 62337e28efSBernhard Stoeckner 63337e28efSBernhard Stoeckner /** 64337e28efSBernhard Stoeckner * Retrieve the serialNumber from one X.509 certificate. 65337e28efSBernhard Stoeckner * 66337e28efSBernhard Stoeckner * If cert is NULL, then return false. 67337e28efSBernhard Stoeckner * If cert_size is 0, then return false. 68337e28efSBernhard Stoeckner * If this interface is not supported, then return false. 69337e28efSBernhard Stoeckner * 70337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 71337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 72337e28efSBernhard Stoeckner * @param[out] serial_number Pointer to the retrieved certificate serial_number bytes. 73337e28efSBernhard Stoeckner * @param[in, out] serial_number_size The size in bytes of the serial_number buffer on input, 74337e28efSBernhard Stoeckner * and the size of buffer returned serial_number on output. 75337e28efSBernhard Stoeckner * 76337e28efSBernhard Stoeckner * @retval true 77337e28efSBernhard Stoeckner * @retval false 78337e28efSBernhard Stoeckner **/ 79337e28efSBernhard Stoeckner extern bool libspdm_x509_get_serial_number(const uint8_t *cert, size_t cert_size, 80337e28efSBernhard Stoeckner uint8_t *serial_number, 81337e28efSBernhard Stoeckner size_t *serial_number_size); 82337e28efSBernhard Stoeckner 83337e28efSBernhard Stoeckner /** 84337e28efSBernhard Stoeckner * Retrieve the issuer bytes from one X.509 certificate. 85337e28efSBernhard Stoeckner * 86337e28efSBernhard Stoeckner * If cert is NULL, then return false. 87337e28efSBernhard Stoeckner * If issuer_size is NULL, then return false. 88337e28efSBernhard Stoeckner * If this interface is not supported, then return false. 89337e28efSBernhard Stoeckner * 90337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 91337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 92337e28efSBernhard Stoeckner * @param[out] cert_issuer Pointer to the retrieved certificate subject bytes. 93337e28efSBernhard Stoeckner * @param[in, out] issuer_size The size in bytes of the cert_issuer buffer on input, 94337e28efSBernhard Stoeckner * and the size of buffer returned cert_issuer on output. 95337e28efSBernhard Stoeckner * 96337e28efSBernhard Stoeckner * @retval true The certificate issuer retrieved successfully. 97337e28efSBernhard Stoeckner * @retval false Invalid certificate, or the issuer_size is too small for the result. 98337e28efSBernhard Stoeckner * The issuer_size will be updated with the required size. 99337e28efSBernhard Stoeckner * @retval false This interface is not supported. 100337e28efSBernhard Stoeckner **/ 101337e28efSBernhard Stoeckner extern bool libspdm_x509_get_issuer_name(const uint8_t *cert, size_t cert_size, 102337e28efSBernhard Stoeckner uint8_t *cert_issuer, 103337e28efSBernhard Stoeckner size_t *issuer_size); 104337e28efSBernhard Stoeckner 105337e28efSBernhard Stoeckner /** 106337e28efSBernhard Stoeckner * Retrieve Extension data from one X.509 certificate. 107337e28efSBernhard Stoeckner * 108337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 109337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 110337e28efSBernhard Stoeckner * @param[in] oid Object identifier buffer 111337e28efSBernhard Stoeckner * @param[in] oid_size Object identifier buffer size 112337e28efSBernhard Stoeckner * @param[out] extension_data Extension bytes. 113337e28efSBernhard Stoeckner * @param[in, out] extension_data_size Extension bytes size. 114337e28efSBernhard Stoeckner * 115337e28efSBernhard Stoeckner * @retval true 116337e28efSBernhard Stoeckner * @retval false 117337e28efSBernhard Stoeckner **/ 118337e28efSBernhard Stoeckner extern bool libspdm_x509_get_extension_data(const uint8_t *cert, size_t cert_size, 119337e28efSBernhard Stoeckner const uint8_t *oid, size_t oid_size, 120337e28efSBernhard Stoeckner uint8_t *extension_data, 121337e28efSBernhard Stoeckner size_t *extension_data_size); 122337e28efSBernhard Stoeckner 123337e28efSBernhard Stoeckner /** 124337e28efSBernhard Stoeckner * Retrieve the Validity from one X.509 certificate 125337e28efSBernhard Stoeckner * 126337e28efSBernhard Stoeckner * If cert is NULL, then return false. 127337e28efSBernhard Stoeckner * If CertIssuerSize is NULL, then return false. 128337e28efSBernhard Stoeckner * If this interface is not supported, then return false. 129337e28efSBernhard Stoeckner * 130337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 131337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 132337e28efSBernhard Stoeckner * @param[out] from notBefore Pointer to date_time object. 133337e28efSBernhard Stoeckner * @param[in,out] from_size notBefore date_time object size. 134337e28efSBernhard Stoeckner * @param[out] to notAfter Pointer to date_time object. 135337e28efSBernhard Stoeckner * @param[in,out] to_size notAfter date_time object size. 136337e28efSBernhard Stoeckner * 137337e28efSBernhard Stoeckner * Note: libspdm_x509_compare_date_time to compare date_time oject 138337e28efSBernhard Stoeckner * x509SetDateTime to get a date_time object from a date_time_str 139337e28efSBernhard Stoeckner * 140337e28efSBernhard Stoeckner * @retval true The certificate Validity retrieved successfully. 141337e28efSBernhard Stoeckner * @retval false Invalid certificate, or Validity retrieve failed. 142337e28efSBernhard Stoeckner * @retval false This interface is not supported. 143337e28efSBernhard Stoeckner **/ 144337e28efSBernhard Stoeckner extern bool libspdm_x509_get_validity(const uint8_t *cert, size_t cert_size, 145337e28efSBernhard Stoeckner uint8_t *from, size_t *from_size, uint8_t *to, 146337e28efSBernhard Stoeckner size_t *to_size); 147337e28efSBernhard Stoeckner 148337e28efSBernhard Stoeckner /** 149337e28efSBernhard Stoeckner * Format a date_time object into DataTime buffer 150337e28efSBernhard Stoeckner * 151337e28efSBernhard Stoeckner * If date_time_str is NULL, then return false. 152337e28efSBernhard Stoeckner * If date_time_size is NULL, then return false. 153337e28efSBernhard Stoeckner * If this interface is not supported, then return false. 154337e28efSBernhard Stoeckner * 155337e28efSBernhard Stoeckner * @param[in] date_time_str date_time string like YYYYMMDDhhmmssZ 156337e28efSBernhard Stoeckner * Ref: https://www.w3.org/TR/NOTE-datetime 157337e28efSBernhard Stoeckner * Z stand for UTC time 158337e28efSBernhard Stoeckner * @param[out] date_time Pointer to a date_time object. 159337e28efSBernhard Stoeckner * @param[in,out] date_time_size date_time object buffer size. 160337e28efSBernhard Stoeckner * 161337e28efSBernhard Stoeckner * @retval true 162337e28efSBernhard Stoeckner * @retval false 163337e28efSBernhard Stoeckner **/ 164337e28efSBernhard Stoeckner extern bool libspdm_x509_set_date_time(const char *date_time_str, void *date_time, 165337e28efSBernhard Stoeckner size_t *date_time_size); 166337e28efSBernhard Stoeckner 167337e28efSBernhard Stoeckner /** 168337e28efSBernhard Stoeckner * Compare date_time1 object and date_time2 object. 169337e28efSBernhard Stoeckner * 170337e28efSBernhard Stoeckner * If date_time1 is NULL, then return -2. 171337e28efSBernhard Stoeckner * If date_time2 is NULL, then return -2. 172337e28efSBernhard Stoeckner * If date_time1 == date_time2, then return 0 173337e28efSBernhard Stoeckner * If date_time1 > date_time2, then return 1 174337e28efSBernhard Stoeckner * If date_time1 < date_time2, then return -1 175337e28efSBernhard Stoeckner * 176337e28efSBernhard Stoeckner * @param[in] date_time1 Pointer to a date_time Ojbect 177337e28efSBernhard Stoeckner * @param[in] date_time2 Pointer to a date_time Object 178337e28efSBernhard Stoeckner * 179337e28efSBernhard Stoeckner * @retval 0 If date_time1 == date_time2 180337e28efSBernhard Stoeckner * @retval 1 If date_time1 > date_time2 181337e28efSBernhard Stoeckner * @retval -1 If date_time1 < date_time2 182337e28efSBernhard Stoeckner **/ 183337e28efSBernhard Stoeckner extern int32_t libspdm_x509_compare_date_time(const void *date_time1, const void *date_time2); 184337e28efSBernhard Stoeckner 185337e28efSBernhard Stoeckner /** 186337e28efSBernhard Stoeckner * Retrieve the key usage from one X.509 certificate. 187337e28efSBernhard Stoeckner * 188337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 189337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 190337e28efSBernhard Stoeckner * @param[out] usage Key usage (LIBSPDM_CRYPTO_X509_KU_*) 191337e28efSBernhard Stoeckner * 192337e28efSBernhard Stoeckner * @retval true The certificate key usage retrieved successfully. 193337e28efSBernhard Stoeckner * @retval false Invalid certificate, or usage is NULL 194337e28efSBernhard Stoeckner * @retval false This interface is not supported. 195337e28efSBernhard Stoeckner **/ 196337e28efSBernhard Stoeckner extern bool libspdm_x509_get_key_usage(const uint8_t *cert, size_t cert_size, size_t *usage); 197337e28efSBernhard Stoeckner 198337e28efSBernhard Stoeckner /** 199337e28efSBernhard Stoeckner * Retrieve the Extended key usage from one X.509 certificate. 200337e28efSBernhard Stoeckner * 201337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 202337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 203337e28efSBernhard Stoeckner * @param[out] usage Key usage bytes. 204*91676d66SBernhard Stoeckner * @param[in, out] usage_size Key usage buffer size in bytes. 205337e28efSBernhard Stoeckner * 206337e28efSBernhard Stoeckner * @retval true 207337e28efSBernhard Stoeckner * @retval false 208337e28efSBernhard Stoeckner **/ 209337e28efSBernhard Stoeckner extern bool libspdm_x509_get_extended_key_usage(const uint8_t *cert, 210337e28efSBernhard Stoeckner size_t cert_size, uint8_t *usage, 211337e28efSBernhard Stoeckner size_t *usage_size); 212337e28efSBernhard Stoeckner 213337e28efSBernhard Stoeckner /** 214337e28efSBernhard Stoeckner * Retrieve the basic constraints from one X.509 certificate. 215337e28efSBernhard Stoeckner * 216337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 217337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 218337e28efSBernhard Stoeckner * @param[out] basic_constraints Basic constraints bytes. 219*91676d66SBernhard Stoeckner * @param[in, out] basic_constraints_size Basic constraints buffer size in bytes. 220337e28efSBernhard Stoeckner * 221337e28efSBernhard Stoeckner * @retval true 222337e28efSBernhard Stoeckner * @retval false 223337e28efSBernhard Stoeckner **/ 224337e28efSBernhard Stoeckner extern bool libspdm_x509_get_extended_basic_constraints(const uint8_t *cert, 225337e28efSBernhard Stoeckner size_t cert_size, 226337e28efSBernhard Stoeckner uint8_t *basic_constraints, 227337e28efSBernhard Stoeckner size_t *basic_constraints_size); 228337e28efSBernhard Stoeckner 229337e28efSBernhard Stoeckner /** 230337e28efSBernhard Stoeckner * Verify one X509 certificate was issued by the trusted CA. 231337e28efSBernhard Stoeckner * 232337e28efSBernhard Stoeckner * If cert is NULL, then return false. 233337e28efSBernhard Stoeckner * If ca_cert is NULL, then return false. 234337e28efSBernhard Stoeckner * If this interface is not supported, then return false. 235337e28efSBernhard Stoeckner * 236337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate to be verified. 237337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 238337e28efSBernhard Stoeckner * @param[in] ca_cert Pointer to the DER-encoded trusted CA certificate. 239337e28efSBernhard Stoeckner * @param[in] ca_cert_size Size of the CA Certificate in bytes. 240337e28efSBernhard Stoeckner * 241337e28efSBernhard Stoeckner * @retval true The certificate was issued by the trusted CA. 242337e28efSBernhard Stoeckner * @retval false Invalid certificate or the certificate was not issued by the given 243337e28efSBernhard Stoeckner * trusted CA. 244337e28efSBernhard Stoeckner * @retval false This interface is not supported. 245337e28efSBernhard Stoeckner * 246337e28efSBernhard Stoeckner **/ 247337e28efSBernhard Stoeckner extern bool libspdm_x509_verify_cert(const uint8_t *cert, size_t cert_size, 248337e28efSBernhard Stoeckner const uint8_t *ca_cert, size_t ca_cert_size); 249337e28efSBernhard Stoeckner 250337e28efSBernhard Stoeckner /** 251337e28efSBernhard Stoeckner * Verify one X509 certificate was issued by the trusted CA. 252337e28efSBernhard Stoeckner * 253337e28efSBernhard Stoeckner * @param[in] cert_chain One or more ASN.1 DER-encoded X.509 certificates 254337e28efSBernhard Stoeckner * where the first certificate is signed by the Root 255*91676d66SBernhard Stoeckner * Certificate or is the Root Certificate itself. and 256*91676d66SBernhard Stoeckner * subsequent certificate is signed by the preceding 257*91676d66SBernhard Stoeckner * certificate. 258337e28efSBernhard Stoeckner * @param[in] cert_chain_length Total length of the certificate chain, in bytes. 259337e28efSBernhard Stoeckner * 260337e28efSBernhard Stoeckner * @param[in] root_cert Trusted Root Certificate buffer. 261337e28efSBernhard Stoeckner * 262337e28efSBernhard Stoeckner * @param[in] root_cert_length Trusted Root Certificate buffer length. 263337e28efSBernhard Stoeckner * 264*91676d66SBernhard Stoeckner * @retval true All certificates were issued by the first certificate in X509Certchain. 265337e28efSBernhard Stoeckner * @retval false Invalid certificate or the certificate was not issued by the given 266337e28efSBernhard Stoeckner * trusted CA. 267337e28efSBernhard Stoeckner **/ 268337e28efSBernhard Stoeckner extern bool libspdm_x509_verify_cert_chain(const uint8_t *root_cert, size_t root_cert_length, 269337e28efSBernhard Stoeckner const uint8_t *cert_chain, 270337e28efSBernhard Stoeckner size_t cert_chain_length); 271337e28efSBernhard Stoeckner 272337e28efSBernhard Stoeckner /** 273337e28efSBernhard Stoeckner * Get one X509 certificate from cert_chain. 274337e28efSBernhard Stoeckner * 275337e28efSBernhard Stoeckner * @param[in] cert_chain One or more ASN.1 DER-encoded X.509 certificates 276337e28efSBernhard Stoeckner * where the first certificate is signed by the Root 277*91676d66SBernhard Stoeckner * Certificate or is the Root Certificate itself. and 278*91676d66SBernhard Stoeckner * subsequent certificate is signed by the preceding 279*91676d66SBernhard Stoeckner * certificate. 280337e28efSBernhard Stoeckner * @param[in] cert_chain_length Total length of the certificate chain, in bytes. 281337e28efSBernhard Stoeckner * 282*91676d66SBernhard Stoeckner * @param[in] cert_index Index of certificate. If index is -1 indicates the 283337e28efSBernhard Stoeckner * last certificate in cert_chain. 284337e28efSBernhard Stoeckner * 285337e28efSBernhard Stoeckner * @param[out] cert The certificate at the index of cert_chain. 286337e28efSBernhard Stoeckner * @param[out] cert_length The length certificate at the index of cert_chain. 287337e28efSBernhard Stoeckner * 288337e28efSBernhard Stoeckner * @retval true Success. 289337e28efSBernhard Stoeckner * @retval false Failed to get certificate from certificate chain. 290337e28efSBernhard Stoeckner **/ 291337e28efSBernhard Stoeckner extern bool libspdm_x509_get_cert_from_cert_chain(const uint8_t *cert_chain, 292337e28efSBernhard Stoeckner size_t cert_chain_length, 293337e28efSBernhard Stoeckner const int32_t cert_index, const uint8_t **cert, 294337e28efSBernhard Stoeckner size_t *cert_length); 295337e28efSBernhard Stoeckner 296337e28efSBernhard Stoeckner #if (LIBSPDM_RSA_SSA_SUPPORT) || (LIBSPDM_RSA_PSS_SUPPORT) 297337e28efSBernhard Stoeckner /** 298337e28efSBernhard Stoeckner * Retrieve the RSA public key from one DER-encoded X509 certificate. 299337e28efSBernhard Stoeckner * 300337e28efSBernhard Stoeckner * If cert is NULL, then return false. 301337e28efSBernhard Stoeckner * If rsa_context is NULL, then return false. 302337e28efSBernhard Stoeckner * If this interface is not supported, then return false. 303337e28efSBernhard Stoeckner * 304337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 305337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 306*91676d66SBernhard Stoeckner * @param[out] rsa_context Pointer to newly generated RSA context which contain the retrieved 307337e28efSBernhard Stoeckner * RSA public key component. Use libspdm_rsa_free() function to free the 308337e28efSBernhard Stoeckner * resource. 309337e28efSBernhard Stoeckner * 310337e28efSBernhard Stoeckner * @retval true RSA public key was retrieved successfully. 311337e28efSBernhard Stoeckner * @retval false Fail to retrieve RSA public key from X509 certificate. 312337e28efSBernhard Stoeckner * @retval false This interface is not supported. 313337e28efSBernhard Stoeckner **/ 314337e28efSBernhard Stoeckner extern bool libspdm_rsa_get_public_key_from_x509(const uint8_t *cert, size_t cert_size, 315337e28efSBernhard Stoeckner void **rsa_context); 316337e28efSBernhard Stoeckner #endif /* (LIBSPDM_RSA_SSA_SUPPORT) || (LIBSPDM_RSA_PSS_SUPPORT) */ 317337e28efSBernhard Stoeckner 318337e28efSBernhard Stoeckner #if LIBSPDM_ECDSA_SUPPORT 319337e28efSBernhard Stoeckner /** 320337e28efSBernhard Stoeckner * Retrieve the EC public key from one DER-encoded X509 certificate. 321337e28efSBernhard Stoeckner * 322337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 323337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 324*91676d66SBernhard Stoeckner * @param[out] ec_context Pointer to newly generated EC DSA context which contain the retrieved 325337e28efSBernhard Stoeckner * EC public key component. Use libspdm_ec_free() function to free the 326337e28efSBernhard Stoeckner * resource. 327337e28efSBernhard Stoeckner * 328337e28efSBernhard Stoeckner * If cert is NULL, then return false. 329337e28efSBernhard Stoeckner * If ec_context is NULL, then return false. 330337e28efSBernhard Stoeckner * 331337e28efSBernhard Stoeckner * @retval true EC public key was retrieved successfully. 332337e28efSBernhard Stoeckner * @retval false Fail to retrieve EC public key from X509 certificate. 333337e28efSBernhard Stoeckner * 334337e28efSBernhard Stoeckner **/ 335337e28efSBernhard Stoeckner extern bool libspdm_ec_get_public_key_from_x509(const uint8_t *cert, size_t cert_size, 336337e28efSBernhard Stoeckner void **ec_context); 337337e28efSBernhard Stoeckner #endif /* LIBSPDM_ECDSA_SUPPORT */ 338337e28efSBernhard Stoeckner 339337e28efSBernhard Stoeckner #if (LIBSPDM_EDDSA_ED25519_SUPPORT) || (LIBSPDM_EDDSA_ED448_SUPPORT) 340337e28efSBernhard Stoeckner /** 341337e28efSBernhard Stoeckner * Retrieve the Ed public key from one DER-encoded X509 certificate. 342337e28efSBernhard Stoeckner * 343337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 344337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 345*91676d66SBernhard Stoeckner * @param[out] ecd_context Pointer to newly generated Ed DSA context which contain the retrieved 346337e28efSBernhard Stoeckner * Ed public key component. Use libspdm_ecd_free() function to free the 347337e28efSBernhard Stoeckner * resource. 348337e28efSBernhard Stoeckner * 349337e28efSBernhard Stoeckner * If cert is NULL, then return false. 350337e28efSBernhard Stoeckner * If ecd_context is NULL, then return false. 351337e28efSBernhard Stoeckner * 352337e28efSBernhard Stoeckner * @retval true Ed public key was retrieved successfully. 353337e28efSBernhard Stoeckner * @retval false Fail to retrieve Ed public key from X509 certificate. 354337e28efSBernhard Stoeckner * 355337e28efSBernhard Stoeckner **/ 356337e28efSBernhard Stoeckner extern bool libspdm_ecd_get_public_key_from_x509(const uint8_t *cert, size_t cert_size, 357337e28efSBernhard Stoeckner void **ecd_context); 358337e28efSBernhard Stoeckner #endif /* (LIBSPDM_EDDSA_ED25519_SUPPORT) || (LIBSPDM_EDDSA_ED448_SUPPORT) */ 359337e28efSBernhard Stoeckner 360337e28efSBernhard Stoeckner #if LIBSPDM_SM2_DSA_SUPPORT 361337e28efSBernhard Stoeckner /** 362337e28efSBernhard Stoeckner * Retrieve the sm2 public key from one DER-encoded X509 certificate. 363337e28efSBernhard Stoeckner * 364337e28efSBernhard Stoeckner * @param[in] cert Pointer to the DER-encoded X509 certificate. 365337e28efSBernhard Stoeckner * @param[in] cert_size Size of the X509 certificate in bytes. 366*91676d66SBernhard Stoeckner * @param[out] sm2_context Pointer to newly generated sm2 context which contain the retrieved 367337e28efSBernhard Stoeckner * sm2 public key component. Use sm2_free() function to free the 368337e28efSBernhard Stoeckner * resource. 369337e28efSBernhard Stoeckner * 370337e28efSBernhard Stoeckner * If cert is NULL, then return false. 371337e28efSBernhard Stoeckner * If sm2_context is NULL, then return false. 372337e28efSBernhard Stoeckner * 373337e28efSBernhard Stoeckner * @retval true sm2 public key was retrieved successfully. 374337e28efSBernhard Stoeckner * @retval false Fail to retrieve sm2 public key from X509 certificate. 375337e28efSBernhard Stoeckner * 376337e28efSBernhard Stoeckner **/ 377337e28efSBernhard Stoeckner extern bool libspdm_sm2_get_public_key_from_x509(const uint8_t *cert, size_t cert_size, 378337e28efSBernhard Stoeckner void **sm2_context); 379337e28efSBernhard Stoeckner #endif /* LIBSPDM_SM2_DSA_SUPPORT */ 380337e28efSBernhard Stoeckner 381*91676d66SBernhard Stoeckner #endif /* LIBSPDM_CERT_PARSE_SUPPORT */ 382337e28efSBernhard Stoeckner 383337e28efSBernhard Stoeckner #endif /* CRYPTLIB_CERT_H */ 384