1
10
13
14
20
21
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
134
135
136
137
141
142
143
144
145
146
147
151
152
153
154
155
159
160
161
162
163
164
165
166
167
173
174
175
176
177
178
182
188
193
194
198
199
200
201
205
206
207
208
209
210
215
216
217
218
219
220
...
...
...
#define NX_SECURE_SOURCE_CODE
#include "nx_secure_x509.h"
...
...
UINT _nx_secure_x509_certificate_initialize(NX_SECURE_X509_CERT *certificate,
UCHAR *certificate_data, USHORT length,
UCHAR *raw_data_buffer, USHORT buffer_size,
const UCHAR *private_key, USHORT priv_len,
UINT private_key_type)
{
UINT status;
UINT bytes_processed;
#ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE
NX_SECURE_EC_PRIVATE_KEY *ec_key;
#endif
NX_SECURE_MEMSET(certificate, 0, sizeof(NX_SECURE_X509_CERT));
certificate -> nx_secure_x509_certificate_raw_data_length = length;
if (raw_data_buffer == NX_CRYPTO_NULL)
{
certificate -> nx_secure_x509_certificate_raw_buffer_size = length;
certificate -> nx_secure_x509_certificate_raw_data = certificate_data;
}if (raw_data_buffer == NX_CRYPTO_NULL) { ... }
else
{
if (length > buffer_size)
{
return(NX_SECURE_X509_INSUFFICIENT_CERT_SPACE);
}if (length > buffer_size) { ... }
certificate -> nx_secure_x509_certificate_raw_buffer_size = buffer_size;
certificate -> nx_secure_x509_certificate_raw_data = raw_data_buffer;
NX_SECURE_MEMCPY(certificate -> nx_secure_x509_certificate_raw_data, certificate_data, length);
}else { ... }
/* ... */
status = _nx_secure_x509_certificate_parse(certificate -> nx_secure_x509_certificate_raw_data,
length, &bytes_processed, certificate);
if (status != 0)
{
return(NX_SECURE_X509_INVALID_CERTIFICATE);
}if (status != 0) { ... }
if (private_key != NULL && priv_len > 0)
{
certificate -> nx_secure_x509_private_key_type = private_key_type;
if ((private_key_type & NX_SECURE_X509_KEY_TYPE_USER_DEFINED_MASK) != 0x0)
{
certificate -> nx_secure_x509_private_key.user_key.key_data = private_key;
certificate -> nx_secure_x509_private_key.user_key.key_length = priv_len;
}if ((private_key_type & NX_SECURE_X509_KEY_TYPE_USER_DEFINED_MASK) != 0x0) { ... }
else
{
switch (private_key_type)
{
case NX_SECURE_X509_KEY_TYPE_RSA_PKCS1_DER:
status = _nx_secure_x509_pkcs1_rsa_private_key_parse(private_key, priv_len, &bytes_processed, &certificate -> nx_secure_x509_private_key.rsa_private_key);
break;
#ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITEcase NX_SECURE_X509_KEY_TYPE_RSA_PKCS1_DER:
case NX_SECURE_X509_KEY_TYPE_EC_DER:
ec_key = &certificate -> nx_secure_x509_private_key.ec_private_key;
status = _nx_secure_x509_ec_private_key_parse(private_key, priv_len, &bytes_processed, ec_key);
break;/* ... */
#endif
case NX_SECURE_X509_KEY_TYPE_EC_DER:
case NX_SECURE_X509_KEY_TYPE_HARDWARE:
certificate -> nx_secure_x509_private_key.user_key.key_data = private_key;
certificate -> nx_secure_x509_private_key.user_key.key_length = priv_len;
status = NX_SUCCESS;
break;case NX_SECURE_X509_KEY_TYPE_HARDWARE:
case NX_SECURE_X509_KEY_TYPE_NONE:
default:
status = NX_SECURE_X509_INVALID_PRIVATE_KEY_TYPE;
break;default
}switch (private_key_type) { ... }
if (status != 0)
{
return(status);
}if (status != 0) { ... }
}else { ... }
certificate -> nx_secure_x509_certificate_is_identity_cert = NX_CRYPTO_TRUE;
}if (private_key != NULL && priv_len > 0) { ... }
else
{
certificate -> nx_secure_x509_certificate_is_identity_cert = NX_CRYPTO_FALSE;
}else { ... }
certificate -> nx_secure_x509_next_certificate = NULL;
return(NX_SECURE_X509_SUCCESS);
}{ ... }