3333#include < mbedtls/x509.h>
3434#include < mbedtls/x509_csr.h>
3535
36- #if defined(MBEDTLS_X509_CRT_PARSE_C)
36+ #if CHIP_CRYPTO_USE_X509
3737#include < mbedtls/x509_crt.h>
38- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
38+ #endif // CHIP_CRYPTO_USE_X509
3939
4040namespace chip {
4141namespace Crypto {
4242
4343CHIP_ERROR VerifyCertificateSigningRequest (const uint8_t * csr_buf, size_t csr_length, P256PublicKey & pubkey)
4444{
45- #if defined(MBEDTLS_X509_CSR_PARSE_C)
45+ #if CHIP_CRYPTO_USE_X509
4646 ReturnErrorOnFailure (VerifyCertificateSigningRequestFormat (csr_buf, csr_length));
4747
4848 // TODO: For some embedded targets, mbedTLS library doesn't have mbedtls_x509_csr_parse_der, and mbedtls_x509_csr_parse_free.
@@ -103,7 +103,7 @@ CHIP_ERROR VerifyCertificateSigningRequest(const uint8_t * csr_buf, size_t csr_l
103103
104104namespace {
105105
106- #if defined(MBEDTLS_X509_CRT_PARSE_C)
106+ #if CHIP_CRYPTO_USE_X509
107107bool IsTimeGreaterThanEqual (const mbedtls_x509_time * const timeA, const mbedtls_x509_time * const timeB)
108108{
109109
@@ -181,13 +181,13 @@ constexpr uint8_t sOID_Extension_CRLDistributionPoint[] = { 0x55, 0x1D, 0x1F }
181181 (sizeof (oid) == (oidBuf).CHIP_CRYPTO_PAL_PRIVATE_X509(len)) && \
182182 (memcmp((oid), (oidBuf).CHIP_CRYPTO_PAL_PRIVATE_X509(p), (oidBuf).CHIP_CRYPTO_PAL_PRIVATE_X509(len)) == 0 ))
183183
184- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
184+ #endif // CHIP_CRYPTO_USE_X509
185185
186186} // anonymous namespace
187187
188188CHIP_ERROR VerifyAttestationCertificateFormat (const ByteSpan & cert, AttestationCertType certType)
189189{
190- #if defined(MBEDTLS_X509_CRT_PARSE_C)
190+ #if CHIP_CRYPTO_USE_X509
191191 CHIP_ERROR error = CHIP_NO_ERROR;
192192 int result = 0 ;
193193 mbedtls_x509_crt mbed_cert;
@@ -349,7 +349,7 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation
349349 (void ) cert;
350350 (void ) certType;
351351 CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
352- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
352+ #endif // CHIP_CRYPTO_USE_X509
353353
354354 return error;
355355}
@@ -358,7 +358,7 @@ CHIP_ERROR ValidateCertificateChain(const uint8_t * rootCertificate, size_t root
358358 size_t caCertificateLen, const uint8_t * leafCertificate, size_t leafCertificateLen,
359359 CertificateChainValidationResult & result)
360360{
361- #if defined(MBEDTLS_X509_CRT_PARSE_C)
361+ #if CHIP_CRYPTO_USE_X509
362362 CHIP_ERROR error = CHIP_NO_ERROR;
363363 mbedtls_x509_crt certChain;
364364 mbedtls_x509_crt rootCert;
@@ -425,14 +425,14 @@ CHIP_ERROR ValidateCertificateChain(const uint8_t * rootCertificate, size_t root
425425 (void ) leafCertificateLen;
426426 (void ) result;
427427 CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
428- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
428+ #endif // CHIP_CRYPTO_USE_X509
429429
430430 return error;
431431}
432432
433433CHIP_ERROR IsCertificateValidAtIssuance (const ByteSpan & candidateCertificate, const ByteSpan & issuerCertificate)
434434{
435- #if defined(MBEDTLS_X509_CRT_PARSE_C)
435+ #if CHIP_CRYPTO_USE_X509
436436 CHIP_ERROR error = CHIP_NO_ERROR;
437437 mbedtls_x509_crt mbedCandidateCertificate;
438438 mbedtls_x509_crt mbedIssuerCertificate;
@@ -463,14 +463,14 @@ CHIP_ERROR IsCertificateValidAtIssuance(const ByteSpan & candidateCertificate, c
463463 (void ) candidateCertificate;
464464 (void ) issuerCertificate;
465465 CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
466- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
466+ #endif // CHIP_CRYPTO_USE_X509
467467
468468 return error;
469469}
470470
471471CHIP_ERROR IsCertificateValidAtCurrentTime (const ByteSpan & certificate)
472472{
473- #if defined(MBEDTLS_X509_CRT_PARSE_C)
473+ #if CHIP_CRYPTO_USE_X509
474474 CHIP_ERROR error = CHIP_NO_ERROR;
475475 mbedtls_x509_crt mbedCertificate;
476476 int result;
@@ -497,14 +497,14 @@ CHIP_ERROR IsCertificateValidAtCurrentTime(const ByteSpan & certificate)
497497#else
498498 (void ) certificate;
499499 CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
500- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
500+ #endif // CHIP_CRYPTO_USE_X509
501501
502502 return error;
503503}
504504
505505CHIP_ERROR ExtractPubkeyFromX509Cert (const ByteSpan & certificate, Crypto::P256PublicKey & pubkey)
506506{
507- #if defined(MBEDTLS_X509_CRT_PARSE_C)
507+ #if CHIP_CRYPTO_USE_X509
508508 CHIP_ERROR error = CHIP_NO_ERROR;
509509 mbedtls_x509_crt mbed_cert;
510510 mbedtls_ecp_keypair * keypair = nullptr ;
@@ -536,7 +536,7 @@ CHIP_ERROR ExtractPubkeyFromX509Cert(const ByteSpan & certificate, Crypto::P256P
536536 (void ) certificate;
537537 (void ) pubkey;
538538 CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
539- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
539+ #endif // CHIP_CRYPTO_USE_X509
540540
541541 return error;
542542}
@@ -545,7 +545,7 @@ namespace {
545545
546546CHIP_ERROR ExtractKIDFromX509Cert (bool extractSKID, const ByteSpan & certificate, MutableByteSpan & kid)
547547{
548- #if defined(MBEDTLS_X509_CRT_PARSE_C)
548+ #if CHIP_CRYPTO_USE_X509
549549 CHIP_ERROR error = CHIP_ERROR_NOT_FOUND;
550550 mbedtls_x509_crt mbed_cert;
551551 unsigned char * p = nullptr ;
@@ -622,7 +622,7 @@ CHIP_ERROR ExtractKIDFromX509Cert(bool extractSKID, const ByteSpan & certificate
622622 (void ) certificate;
623623 (void ) kid;
624624 CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
625- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
625+ #endif // CHIP_CRYPTO_USE_X509
626626
627627 return error;
628628}
@@ -641,7 +641,7 @@ CHIP_ERROR ExtractAKIDFromX509Cert(const ByteSpan & certificate, MutableByteSpan
641641
642642CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert (const ByteSpan & certificate, MutableCharSpan & cdpurl)
643643{
644- #if defined(MBEDTLS_X509_CRT_PARSE_C)
644+ #if CHIP_CRYPTO_USE_X509
645645 CHIP_ERROR error = CHIP_ERROR_NOT_FOUND;
646646 mbedtls_x509_crt mbed_cert;
647647 unsigned char * p = nullptr ;
@@ -761,14 +761,14 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
761761 (void ) certificate;
762762 (void ) cdpurl;
763763 CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
764- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
764+ #endif // CHIP_CRYPTO_USE_X509
765765
766766 return error;
767767}
768768
769769CHIP_ERROR ExtractCDPExtensionCRLIssuerFromX509Cert (const ByteSpan & certificate, MutableByteSpan & crlIssuer)
770770{
771- #if defined(MBEDTLS_X509_CRT_PARSE_C)
771+ #if CHIP_CRYPTO_USE_X509
772772 CHIP_ERROR error = CHIP_ERROR_NOT_FOUND;
773773 mbedtls_x509_crt mbed_cert;
774774 unsigned char * p = nullptr ;
@@ -877,14 +877,14 @@ CHIP_ERROR ExtractCDPExtensionCRLIssuerFromX509Cert(const ByteSpan & certificate
877877 (void ) certificate;
878878 (void ) crlIssuer;
879879 CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
880- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
880+ #endif // CHIP_CRYPTO_USE_X509
881881
882882 return error;
883883}
884884
885885CHIP_ERROR ExtractSerialNumberFromX509Cert (const ByteSpan & certificate, MutableByteSpan & serialNumber)
886886{
887- #if defined(MBEDTLS_X509_CRT_PARSE_C)
887+ #if CHIP_CRYPTO_USE_X509
888888 CHIP_ERROR error = CHIP_NO_ERROR;
889889 int result = 0 ;
890890 uint8_t * p = nullptr ;
@@ -911,14 +911,14 @@ CHIP_ERROR ExtractSerialNumberFromX509Cert(const ByteSpan & certificate, Mutable
911911 (void ) certificate;
912912 (void ) serialNumber;
913913 CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
914- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
914+ #endif // CHIP_CRYPTO_USE_X509
915915
916916 return error;
917917}
918918
919919CHIP_ERROR ExtractVIDPIDFromX509Cert (const ByteSpan & certificate, AttestationCertVidPid & vidpid)
920920{
921- #if defined(MBEDTLS_X509_CRT_PARSE_C)
921+ #if CHIP_CRYPTO_USE_X509
922922 CHIP_ERROR error = CHIP_NO_ERROR;
923923 mbedtls_x509_crt mbed_cert;
924924 mbedtls_asn1_named_data * dnIterator = nullptr ;
@@ -967,15 +967,15 @@ CHIP_ERROR ExtractVIDPIDFromX509Cert(const ByteSpan & certificate, AttestationCe
967967 (void ) certificate;
968968 (void ) vidpid;
969969 CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
970- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
970+ #endif // CHIP_CRYPTO_USE_X509
971971
972972 return error;
973973}
974974
975975namespace {
976976CHIP_ERROR ExtractRawDNFromX509Cert (bool extractSubject, const ByteSpan & certificate, MutableByteSpan & dn)
977977{
978- #if defined(MBEDTLS_X509_CRT_PARSE_C)
978+ #if CHIP_CRYPTO_USE_X509
979979 CHIP_ERROR error = CHIP_NO_ERROR;
980980 int result = 0 ;
981981 uint8_t * p = nullptr ;
@@ -1011,7 +1011,7 @@ CHIP_ERROR ExtractRawDNFromX509Cert(bool extractSubject, const ByteSpan & certif
10111011 (void ) certificate;
10121012 (void ) dn;
10131013 CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
1014- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
1014+ #endif // CHIP_CRYPTO_USE_X509
10151015
10161016 return error;
10171017}
@@ -1030,7 +1030,7 @@ CHIP_ERROR ExtractIssuerFromX509Cert(const ByteSpan & certificate, MutableByteSp
10301030CHIP_ERROR ReplaceCertIfResignedCertFound (const ByteSpan & referenceCertificate, const ByteSpan * candidateCertificates,
10311031 size_t candidateCertificatesCount, ByteSpan & outCertificate)
10321032{
1033- #if defined(MBEDTLS_X509_CRT_PARSE_C)
1033+ #if CHIP_CRYPTO_USE_X509
10341034 uint8_t referenceSubjectBuf[kMaxCertificateDistinguishedNameLength ];
10351035 uint8_t referenceSKIDBuf[kSubjectKeyIdentifierLength ];
10361036 MutableByteSpan referenceSubject (referenceSubjectBuf);
@@ -1068,7 +1068,7 @@ CHIP_ERROR ReplaceCertIfResignedCertFound(const ByteSpan & referenceCertificate,
10681068 (void ) candidateCertificatesCount;
10691069 (void ) outCertificate;
10701070 return CHIP_ERROR_NOT_IMPLEMENTED;
1071- #endif // defined(MBEDTLS_X509_CRT_PARSE_C)
1071+ #endif // CHIP_CRYPTO_USE_X509
10721072}
10731073
10741074} // namespace Crypto
0 commit comments