mbed TLS v2.16.1
Main Page
Related Pages
Modules
Data Structures
Files
File List
Globals
include
mbedtls
x509_crt.h
Go to the documentation of this file.
1
6
/*
7
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8
* SPDX-License-Identifier: GPL-2.0
9
*
10
* This program is free software; you can redistribute it and/or modify
11
* it under the terms of the GNU General Public License as published by
12
* the Free Software Foundation; either version 2 of the License, or
13
* (at your option) any later version.
14
*
15
* This program is distributed in the hope that it will be useful,
16
* but WITHOUT ANY WARRANTY; without even the implied warranty of
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18
* GNU General Public License for more details.
19
*
20
* You should have received a copy of the GNU General Public License along
21
* with this program; if not, write to the Free Software Foundation, Inc.,
22
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23
*
24
* This file is part of mbed TLS (https://tls.mbed.org)
25
*/
26
#ifndef MBEDTLS_X509_CRT_H
27
#define MBEDTLS_X509_CRT_H
28
29
#if !defined(MBEDTLS_CONFIG_FILE)
30
#include "
config.h
"
31
#else
32
#include MBEDTLS_CONFIG_FILE
33
#endif
34
35
#include "
x509.h
"
36
#include "
x509_crl.h
"
37
43
#ifdef __cplusplus
44
extern
"C"
{
45
#endif
46
55
typedef
struct
mbedtls_x509_crt
56
{
57
mbedtls_x509_buf
raw
;
58
mbedtls_x509_buf
tbs
;
60
int
version
;
61
mbedtls_x509_buf
serial
;
62
mbedtls_x509_buf
sig_oid
;
64
mbedtls_x509_buf
issuer_raw
;
65
mbedtls_x509_buf
subject_raw
;
67
mbedtls_x509_name
issuer
;
68
mbedtls_x509_name
subject
;
70
mbedtls_x509_time
valid_from
;
71
mbedtls_x509_time
valid_to
;
73
mbedtls_pk_context
pk
;
75
mbedtls_x509_buf
issuer_id
;
76
mbedtls_x509_buf
subject_id
;
77
mbedtls_x509_buf
v3_ext
;
78
mbedtls_x509_sequence
subject_alt_names
;
80
int
ext_types
;
81
int
ca_istrue
;
82
int
max_pathlen
;
84
unsigned
int
key_usage
;
86
mbedtls_x509_sequence
ext_key_usage
;
88
unsigned
char
ns_cert_type
;
90
mbedtls_x509_buf
sig
;
91
mbedtls_md_type_t
sig_md
;
92
mbedtls_pk_type_t
sig_pk
;
93
void
*
sig_opts
;
95
struct
mbedtls_x509_crt
*
next
;
96
}
97
mbedtls_x509_crt
;
98
103
#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) )
104
110
typedef
struct
mbedtls_x509_crt_profile
111
{
112
uint32_t
allowed_mds
;
113
uint32_t
allowed_pks
;
114
uint32_t
allowed_curves
;
115
uint32_t
rsa_min_bitlen
;
116
}
117
mbedtls_x509_crt_profile
;
118
119
#define MBEDTLS_X509_CRT_VERSION_1 0
120
#define MBEDTLS_X509_CRT_VERSION_2 1
121
#define MBEDTLS_X509_CRT_VERSION_3 2
122
123
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
124
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
125
126
#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
127
#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
128
#endif
129
133
typedef
struct
mbedtls_x509write_cert
134
{
135
int
version
;
136
mbedtls_mpi
serial
;
137
mbedtls_pk_context
*
subject_key
;
138
mbedtls_pk_context
*
issuer_key
;
139
mbedtls_asn1_named_data
*
subject
;
140
mbedtls_asn1_named_data
*
issuer
;
141
mbedtls_md_type_t
md_alg
;
142
char
not_before
[
MBEDTLS_X509_RFC5280_UTC_TIME_LEN
+ 1];
143
char
not_after
[
MBEDTLS_X509_RFC5280_UTC_TIME_LEN
+ 1];
144
mbedtls_asn1_named_data
*
extensions
;
145
}
146
mbedtls_x509write_cert
;
147
151
typedef
struct
{
152
mbedtls_x509_crt
*
crt
;
153
uint32_t
flags
;
154
}
mbedtls_x509_crt_verify_chain_item
;
155
159
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
160
164
typedef
struct
165
{
166
mbedtls_x509_crt_verify_chain_item
items[
MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
];
167
unsigned
len
;
168
}
mbedtls_x509_crt_verify_chain
;
169
170
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
171
175
typedef
struct
176
{
177
/* for check_signature() */
178
mbedtls_pk_restart_ctx
pk;
179
180
/* for find_parent_in() */
181
mbedtls_x509_crt
*parent;
/* non-null iff parent_in in progress */
182
mbedtls_x509_crt
*fallback_parent;
183
int
fallback_signature_is_good;
184
185
/* for find_parent() */
186
int
parent_is_trusted;
/* -1 if find_parent is not in progress */
187
188
/* for verify_chain() */
189
enum
{
190
x509_crt_rs_none,
191
x509_crt_rs_find_parent,
192
} in_progress;
/* none if no operation is in progress */
193
int
self_cnt;
194
mbedtls_x509_crt_verify_chain
ver_chain;
195
196
}
mbedtls_x509_crt_restart_ctx
;
197
198
#else
/* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
199
200
/* Now we can declare functions that take a pointer to that */
201
typedef
void
mbedtls_x509_crt_restart_ctx
;
202
203
#endif
/* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
204
205
#if defined(MBEDTLS_X509_CRT_PARSE_C)
206
210
extern
const
mbedtls_x509_crt_profile
mbedtls_x509_crt_profile_default
;
211
216
extern
const
mbedtls_x509_crt_profile
mbedtls_x509_crt_profile_next
;
217
221
extern
const
mbedtls_x509_crt_profile
mbedtls_x509_crt_profile_suiteb
;
222
233
int
mbedtls_x509_crt_parse_der
(
mbedtls_x509_crt
*chain,
const
unsigned
char
*buf,
234
size_t
buflen );
235
266
int
mbedtls_x509_crt_parse
(
mbedtls_x509_crt
*chain,
const
unsigned
char
*buf,
size_t
buflen );
267
268
#if defined(MBEDTLS_FS_IO)
269
282
int
mbedtls_x509_crt_parse_file
(
mbedtls_x509_crt
*chain,
const
char
*path );
283
297
int
mbedtls_x509_crt_parse_path
(
mbedtls_x509_crt
*chain,
const
char
*path );
298
#endif
/* MBEDTLS_FS_IO */
299
312
int
mbedtls_x509_crt_info
(
char
*buf,
size_t
size,
const
char
*prefix,
313
const
mbedtls_x509_crt
*crt );
314
327
int
mbedtls_x509_crt_verify_info
(
char
*buf,
size_t
size,
const
char
*prefix,
328
uint32_t flags );
329
388
int
mbedtls_x509_crt_verify
(
mbedtls_x509_crt
*crt,
389
mbedtls_x509_crt
*trust_ca,
390
mbedtls_x509_crl
*ca_crl,
391
const
char
*cn, uint32_t *flags,
392
int
(*f_vrfy)(
void
*,
mbedtls_x509_crt
*,
int
, uint32_t *),
393
void
*p_vrfy );
394
422
int
mbedtls_x509_crt_verify_with_profile
(
mbedtls_x509_crt
*crt,
423
mbedtls_x509_crt
*trust_ca,
424
mbedtls_x509_crl
*ca_crl,
425
const
mbedtls_x509_crt_profile
*profile,
426
const
char
*cn, uint32_t *flags,
427
int
(*f_vrfy)(
void
*,
mbedtls_x509_crt
*,
int
, uint32_t *),
428
void
*p_vrfy );
429
452
int
mbedtls_x509_crt_verify_restartable
(
mbedtls_x509_crt
*crt,
453
mbedtls_x509_crt
*trust_ca,
454
mbedtls_x509_crl
*ca_crl,
455
const
mbedtls_x509_crt_profile
*profile,
456
const
char
*cn, uint32_t *flags,
457
int
(*f_vrfy)(
void
*,
mbedtls_x509_crt
*,
int
, uint32_t *),
458
void
*p_vrfy,
459
mbedtls_x509_crt_restart_ctx *rs_ctx );
460
461
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
462
483
int
mbedtls_x509_crt_check_key_usage
(
const
mbedtls_x509_crt
*crt,
484
unsigned
int
usage );
485
#endif
/* MBEDTLS_X509_CHECK_KEY_USAGE) */
486
487
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
488
501
int
mbedtls_x509_crt_check_extended_key_usage
(
const
mbedtls_x509_crt
*crt,
502
const
char
*usage_oid,
503
size_t
usage_len );
504
#endif
/* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
505
506
#if defined(MBEDTLS_X509_CRL_PARSE_C)
507
516
int
mbedtls_x509_crt_is_revoked
(
const
mbedtls_x509_crt
*crt,
const
mbedtls_x509_crl
*crl );
517
#endif
/* MBEDTLS_X509_CRL_PARSE_C */
518
524
void
mbedtls_x509_crt_init
(
mbedtls_x509_crt
*crt );
525
531
void
mbedtls_x509_crt_free
(
mbedtls_x509_crt
*crt );
532
533
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
534
537
void
mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
538
542
void
mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
543
#endif
/* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
544
#endif
/* MBEDTLS_X509_CRT_PARSE_C */
545
546
/* \} name */
547
/* \} addtogroup x509_module */
548
549
#if defined(MBEDTLS_X509_CRT_WRITE_C)
550
555
void
mbedtls_x509write_crt_init
(
mbedtls_x509write_cert
*ctx );
556
565
void
mbedtls_x509write_crt_set_version
(
mbedtls_x509write_cert
*ctx,
int
version );
566
575
int
mbedtls_x509write_crt_set_serial
(
mbedtls_x509write_cert
*ctx,
const
mbedtls_mpi
*serial );
576
591
int
mbedtls_x509write_crt_set_validity
(
mbedtls_x509write_cert
*ctx,
const
char
*not_before,
592
const
char
*not_after );
593
606
int
mbedtls_x509write_crt_set_issuer_name
(
mbedtls_x509write_cert
*ctx,
607
const
char
*issuer_name );
608
621
int
mbedtls_x509write_crt_set_subject_name
(
mbedtls_x509write_cert
*ctx,
622
const
char
*subject_name );
623
630
void
mbedtls_x509write_crt_set_subject_key
(
mbedtls_x509write_cert
*ctx,
mbedtls_pk_context
*key );
631
638
void
mbedtls_x509write_crt_set_issuer_key
(
mbedtls_x509write_cert
*ctx,
mbedtls_pk_context
*key );
639
647
void
mbedtls_x509write_crt_set_md_alg
(
mbedtls_x509write_cert
*ctx,
mbedtls_md_type_t
md_alg );
648
662
int
mbedtls_x509write_crt_set_extension
(
mbedtls_x509write_cert
*ctx,
663
const
char
*oid,
size_t
oid_len,
664
int
critical,
665
const
unsigned
char
*val,
size_t
val_len );
666
678
int
mbedtls_x509write_crt_set_basic_constraints
(
mbedtls_x509write_cert
*ctx,
679
int
is_ca,
int
max_pathlen );
680
681
#if defined(MBEDTLS_SHA1_C)
682
691
int
mbedtls_x509write_crt_set_subject_key_identifier
(
mbedtls_x509write_cert
*ctx );
692
702
int
mbedtls_x509write_crt_set_authority_key_identifier
(
mbedtls_x509write_cert
*ctx );
703
#endif
/* MBEDTLS_SHA1_C */
704
714
int
mbedtls_x509write_crt_set_key_usage
(
mbedtls_x509write_cert
*ctx,
715
unsigned
int
key_usage );
716
726
int
mbedtls_x509write_crt_set_ns_cert_type
(
mbedtls_x509write_cert
*ctx,
727
unsigned
char
ns_cert_type );
728
734
void
mbedtls_x509write_crt_free
(
mbedtls_x509write_cert
*ctx );
735
756
int
mbedtls_x509write_crt_der
(
mbedtls_x509write_cert
*ctx,
unsigned
char
*buf,
size_t
size,
757
int
(*f_rng)(
void
*,
unsigned
char
*,
size_t
),
758
void
*p_rng );
759
760
#if defined(MBEDTLS_PEM_WRITE_C)
761
777
int
mbedtls_x509write_crt_pem
(
mbedtls_x509write_cert
*ctx,
unsigned
char
*buf,
size_t
size,
778
int
(*f_rng)(
void
*,
unsigned
char
*,
size_t
),
779
void
*p_rng );
780
#endif
/* MBEDTLS_PEM_WRITE_C */
781
#endif
/* MBEDTLS_X509_CRT_WRITE_C */
782
783
#ifdef __cplusplus
784
}
785
#endif
786
787
#endif
/* mbedtls_x509_crt.h */
Generated on Tue Aug 13 2019 20:47:14 for mbed TLS v2.16.1 by
1.8.3.1