From ff622e0ebb40bb320fa34d703ff05d0aab3cba2d Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Tue, 19 Dec 2023 11:21:02 +0800 Subject: [PATCH 1/4] Add NDK api for netssl Signed-off-by: liuxiyao223 --- network/netssl/BUILD.gn | 36 +++++++++++ network/netssl/include/net_ssl_c.h | 78 ++++++++++++++++++++++++ network/netssl/include/net_ssl_c_type.h | 79 +++++++++++++++++++++++++ network/netssl/libnet_ssl_c.json | 6 ++ 4 files changed, 199 insertions(+) create mode 100644 network/netssl/BUILD.gn create mode 100644 network/netssl/include/net_ssl_c.h create mode 100644 network/netssl/include/net_ssl_c_type.h create mode 100644 network/netssl/libnet_ssl_c.json diff --git a/network/netssl/BUILD.gn b/network/netssl/BUILD.gn new file mode 100644 index 00000000000..feeb784d2de --- /dev/null +++ b/network/netssl/BUILD.gn @@ -0,0 +1,36 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("//foundation/communication/netstack/netstack_config.gni") + +ohos_ndk_library("libnet_ssl_ndk") { + output_name = "net_ssl" + output_extension = "so" + ndk_description_file = "./libnet_ssl_c.json" + min_compact_version = "1" + system_capability = "SystemCapability.Communication.Netstack" + + system_capability_headers = [ + "network/netstack/net_ssl/net_ssl_c.h", + "network/netstack/net_ssl/net_ssl_c_type.h", + ] +} + +ohos_ndk_headers("net_ssl_header") { + dest_dir = "$ndk_headers_out_dir/network/netstack/net_ssl" + sources = [ + "include/net_ssl_c.h", + "include/net_ssl_c_type.h", + ] +} diff --git a/network/netssl/include/net_ssl_c.h b/network/netssl/include/net_ssl_c.h new file mode 100644 index 00000000000..42d9509d4cc --- /dev/null +++ b/network/netssl/include/net_ssl_c.h @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NET_SSL_C_H +#define NET_SSL_C_H + +/** + * @addtogroup netstack + * @{ + * + * @brief Provides C APIs for the SSL/TLS certificate chain verification module. + * + * @since 11 + * @version 1.0 + */ + +/** + * @file net_ssl_c.h + * + * @brief Defines C APIs for the SSL/TLS certificate chain verification module. + * + * @library libnet_ssl.so + * @syscap SystemCapability.Communication.NetStack + * @since 11 + * @version 1.0 + */ + +#include "net_ssl_c_type.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Provides certificate chain verification APIs for external systems. + * + * @param cert Certificate to be verified. + * @param caCert CA certificate specified by the user. If this parameter is left blank, the preset certificate is used. + * @return 0 - success. + * 2305001 - Unspecified error. + + + * 2305002 - Unable to get issuer certificate. + * 2305003 - Unable to get certificate revocation list (CRL). + * 2305004 - Unable to decrypt certificate signature. + * 2305005 - Unable to decrypt CRL signature. + * 2305006 - Unable to decode issuer public key. + * 2305007 - Certificate signature failure. + * 2305008 - CRL signature failure. + * 2305009 - Certificate is not yet valid. + * 2305010 - Certificate has expired. + * 2305011 - CRL is not yet valid. + * 2305012 - CRL has expired. + * 2305023 - Certificate has been revoked. + * 2305024 - Invalid certificate authority (CA). + * 2305027 - Certificate is untrusted. + * @syscap SystemCapability.Communication.NetStack + * @since 11 + * @version 1.0 + */ +uint32_t OH_NetStack_CertVerification(const struct NetStack_CertBlob *cert, const struct NetStack_CertBlob *caCert); +#ifdef __cplusplus +} +#endif + +#endif // NET_SSL_C_H diff --git a/network/netssl/include/net_ssl_c_type.h b/network/netssl/include/net_ssl_c_type.h new file mode 100644 index 00000000000..d464e4e7308 --- /dev/null +++ b/network/netssl/include/net_ssl_c_type.h @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NET_SSL_C_TYPE_H +#define NET_SSL_C_TYPE_H + +/** + * @addtogroup netstack + * @{ + * + * @brief Provides C APIs for the SSL/TLS certificate chain verification module. + * + * @since 11 + * @version 1.0 + */ + +/** + * @file net_ssl_c_type.h + * @brief Defines the data structures for the C APIs of the SSL/TLS certificate chain verification module. + * + * @library libnet_ssl.so + * @syscap SystemCapability.Communication.NetStack + * @since 11 + * @version 1.0 + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Enumerates certificate types. + * + * @since 11 + * @version 1.0 + */ +enum NetStack_CertType { + /** PEM certificate */ + NetStack_CERT_TYPE_PEM = 0, + /** DER certificate */ + NetStack_CERT_TYPE_DER = 1, + /** Invalid certificate */ + NetStack_CERT_TYPE_INVALID +}; + +/** + * @brief Defines the certificate data structure. + * + * @since 11 + * @version 1.0 + */ +struct NetStack_CertBlob { + /** Certificate type */ + enum NetStack_CertType type; + /** Certificate content length */ + uint32_t size; + /** Certificate content */ + uint8_t *data; +}; + +#ifdef __cplusplus +} +#endif + +#endif // NET_SSL_C_TYPE_H diff --git a/network/netssl/libnet_ssl_c.json b/network/netssl/libnet_ssl_c.json new file mode 100644 index 00000000000..bd17ed3fb5a --- /dev/null +++ b/network/netssl/libnet_ssl_c.json @@ -0,0 +1,6 @@ +[ + { + "first_introduced":"11", + "name": "OH_NetStack_CertVerification" + } +] -- Gitee From 6291c9e28408fb0446a0411a3ae9569865e71d50 Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Tue, 19 Dec 2023 14:26:12 +0800 Subject: [PATCH 2/4] modify format Signed-off-by: liuxiyao223 --- network/netssl/BUILD.gn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/netssl/BUILD.gn b/network/netssl/BUILD.gn index feeb784d2de..a561b30af7b 100644 --- a/network/netssl/BUILD.gn +++ b/network/netssl/BUILD.gn @@ -20,7 +20,7 @@ ohos_ndk_library("libnet_ssl_ndk") { ndk_description_file = "./libnet_ssl_c.json" min_compact_version = "1" system_capability = "SystemCapability.Communication.Netstack" - + system_capability_headers = [ "network/netstack/net_ssl/net_ssl_c.h", "network/netstack/net_ssl/net_ssl_c_type.h", -- Gitee From 7b622acda9ad5b84459ffa2db453e19e79e6d36c Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Tue, 19 Dec 2023 17:29:29 +0800 Subject: [PATCH 3/4] modify Signed-off-by: liuxiyao223 --- network/netssl/include/net_ssl_c.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/network/netssl/include/net_ssl_c.h b/network/netssl/include/net_ssl_c.h index 42d9509d4cc..e83abac6163 100644 --- a/network/netssl/include/net_ssl_c.h +++ b/network/netssl/include/net_ssl_c.h @@ -50,8 +50,6 @@ extern "C" { * @param caCert CA certificate specified by the user. If this parameter is left blank, the preset certificate is used. * @return 0 - success. * 2305001 - Unspecified error. - - * 2305002 - Unable to get issuer certificate. * 2305003 - Unable to get certificate revocation list (CRL). * 2305004 - Unable to decrypt certificate signature. -- Gitee From d704351f2bdc9a31f4ca90cf91df9c8982168440 Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Fri, 22 Dec 2023 10:14:00 +0800 Subject: [PATCH 4/4] modify enum value name Signed-off-by: liuxiyao223 --- network/netssl/include/net_ssl_c_type.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/network/netssl/include/net_ssl_c_type.h b/network/netssl/include/net_ssl_c_type.h index d464e4e7308..1fe357d0b73 100644 --- a/network/netssl/include/net_ssl_c_type.h +++ b/network/netssl/include/net_ssl_c_type.h @@ -50,11 +50,11 @@ extern "C" { */ enum NetStack_CertType { /** PEM certificate */ - NetStack_CERT_TYPE_PEM = 0, + NETSTACK_CERT_TYPE_PEM = 0, /** DER certificate */ - NetStack_CERT_TYPE_DER = 1, + NETSTACK_CERT_TYPE_DER = 1, /** Invalid certificate */ - NetStack_CERT_TYPE_INVALID + NETSTACK_CERT_TYPE_INVALID }; /** -- Gitee