diff --git a/network/netssl/BUILD.gn b/network/netssl/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..a561b30af7b8f4d2829f6dd12b5cdd03f3ef112c --- /dev/null +++ b/network/netssl/BUILD.gn @@ -0,0 +1,36 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("//foundation/communication/netstack/netstack_config.gni") + +ohos_ndk_library("libnet_ssl_ndk") { + output_name = "net_ssl" + output_extension = "so" + ndk_description_file = "./libnet_ssl_c.json" + min_compact_version = "1" + system_capability = "SystemCapability.Communication.Netstack" + + system_capability_headers = [ + "network/netstack/net_ssl/net_ssl_c.h", + "network/netstack/net_ssl/net_ssl_c_type.h", + ] +} + +ohos_ndk_headers("net_ssl_header") { + dest_dir = "$ndk_headers_out_dir/network/netstack/net_ssl" + sources = [ + "include/net_ssl_c.h", + "include/net_ssl_c_type.h", + ] +} diff --git a/network/netssl/include/net_ssl_c.h b/network/netssl/include/net_ssl_c.h new file mode 100644 index 0000000000000000000000000000000000000000..e83abac61634e98ad9eab65876240aa285b09e6a --- /dev/null +++ b/network/netssl/include/net_ssl_c.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NET_SSL_C_H +#define NET_SSL_C_H + +/** + * @addtogroup netstack + * @{ + * + * @brief Provides C APIs for the SSL/TLS certificate chain verification module. + * + * @since 11 + * @version 1.0 + */ + +/** + * @file net_ssl_c.h + * + * @brief Defines C APIs for the SSL/TLS certificate chain verification module. + * + * @library libnet_ssl.so + * @syscap SystemCapability.Communication.NetStack + * @since 11 + * @version 1.0 + */ + +#include "net_ssl_c_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Provides certificate chain verification APIs for external systems. + * + * @param cert Certificate to be verified. + * @param caCert CA certificate specified by the user. If this parameter is left blank, the preset certificate is used. + * @return 0 - success. + * 2305001 - Unspecified error. + * 2305002 - Unable to get issuer certificate. + * 2305003 - Unable to get certificate revocation list (CRL). + * 2305004 - Unable to decrypt certificate signature. + * 2305005 - Unable to decrypt CRL signature. + * 2305006 - Unable to decode issuer public key. + * 2305007 - Certificate signature failure. + * 2305008 - CRL signature failure. + * 2305009 - Certificate is not yet valid. + * 2305010 - Certificate has expired. + * 2305011 - CRL is not yet valid. + * 2305012 - CRL has expired. + * 2305023 - Certificate has been revoked. + * 2305024 - Invalid certificate authority (CA). + * 2305027 - Certificate is untrusted. + * @syscap SystemCapability.Communication.NetStack + * @since 11 + * @version 1.0 + */ +uint32_t OH_NetStack_CertVerification(const struct NetStack_CertBlob *cert, const struct NetStack_CertBlob *caCert); +#ifdef __cplusplus +} +#endif + +#endif // NET_SSL_C_H diff --git a/network/netssl/include/net_ssl_c_type.h b/network/netssl/include/net_ssl_c_type.h new file mode 100644 index 0000000000000000000000000000000000000000..1fe357d0b734a3d6320c58c28e422965f3ba53e0 --- /dev/null +++ b/network/netssl/include/net_ssl_c_type.h @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NET_SSL_C_TYPE_H +#define NET_SSL_C_TYPE_H + +/** + * @addtogroup netstack + * @{ + * + * @brief Provides C APIs for the SSL/TLS certificate chain verification module. + * + * @since 11 + * @version 1.0 + */ + +/** + * @file net_ssl_c_type.h + * @brief Defines the data structures for the C APIs of the SSL/TLS certificate chain verification module. + * + * @library libnet_ssl.so + * @syscap SystemCapability.Communication.NetStack + * @since 11 + * @version 1.0 + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Enumerates certificate types. + * + * @since 11 + * @version 1.0 + */ +enum NetStack_CertType { + /** PEM certificate */ + NETSTACK_CERT_TYPE_PEM = 0, + /** DER certificate */ + NETSTACK_CERT_TYPE_DER = 1, + /** Invalid certificate */ + NETSTACK_CERT_TYPE_INVALID +}; + +/** + * @brief Defines the certificate data structure. + * + * @since 11 + * @version 1.0 + */ +struct NetStack_CertBlob { + /** Certificate type */ + enum NetStack_CertType type; + /** Certificate content length */ + uint32_t size; + /** Certificate content */ + uint8_t *data; +}; + +#ifdef __cplusplus +} +#endif + +#endif // NET_SSL_C_TYPE_H diff --git a/network/netssl/libnet_ssl_c.json b/network/netssl/libnet_ssl_c.json new file mode 100644 index 0000000000000000000000000000000000000000..bd17ed3fb5ac03b7ce75322b8f4aed5f3c1b2118 --- /dev/null +++ b/network/netssl/libnet_ssl_c.json @@ -0,0 +1,6 @@ +[ + { + "first_introduced":"11", + "name": "OH_NetStack_CertVerification" + } +]