mbed TLS v2.16.1
x509_crt.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: GPL-2.0
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License along
21  * with this program; if not, write to the Free Software Foundation, Inc.,
22  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  *
24  * This file is part of mbed TLS (https://tls.mbed.org)
25  */
26 #ifndef MBEDTLS_X509_CRT_H
27 #define MBEDTLS_X509_CRT_H
28 
29 #if !defined(MBEDTLS_CONFIG_FILE)
30 #include "config.h"
31 #else
32 #include MBEDTLS_CONFIG_FILE
33 #endif
34 
35 #include "x509.h"
36 #include "x509_crl.h"
37 
43 #ifdef __cplusplus
44 extern "C" {
45 #endif
46 
55 typedef struct mbedtls_x509_crt
56 {
60  int version;
80  int ext_types;
81  int ca_istrue;
84  unsigned int key_usage;
88  unsigned char ns_cert_type;
93  void *sig_opts;
96 }
98 
103 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) )
104 
111 {
112  uint32_t allowed_mds;
113  uint32_t allowed_pks;
114  uint32_t allowed_curves;
115  uint32_t rsa_min_bitlen;
116 }
118 
119 #define MBEDTLS_X509_CRT_VERSION_1 0
120 #define MBEDTLS_X509_CRT_VERSION_2 1
121 #define MBEDTLS_X509_CRT_VERSION_3 2
122 
123 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
124 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
125 
126 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
127 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
128 #endif
129 
134 {
135  int version;
145 }
147 
151 typedef struct {
153  uint32_t flags;
155 
159 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
160 
164 typedef struct
165 {
167  unsigned len;
169 
170 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
171 
175 typedef struct
176 {
177  /* for check_signature() */
179 
180  /* for find_parent_in() */
181  mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
182  mbedtls_x509_crt *fallback_parent;
183  int fallback_signature_is_good;
184 
185  /* for find_parent() */
186  int parent_is_trusted; /* -1 if find_parent is not in progress */
187 
188  /* for verify_chain() */
189  enum {
190  x509_crt_rs_none,
191  x509_crt_rs_find_parent,
192  } in_progress; /* none if no operation is in progress */
193  int self_cnt;
195 
197 
198 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
199 
200 /* Now we can declare functions that take a pointer to that */
202 
203 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
204 
205 #if defined(MBEDTLS_X509_CRT_PARSE_C)
206 
211 
217 
222 
233 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
234  size_t buflen );
235 
266 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
267 
268 #if defined(MBEDTLS_FS_IO)
269 
282 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
283 
297 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
298 #endif /* MBEDTLS_FS_IO */
299 
312 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
313  const mbedtls_x509_crt *crt );
314 
327 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
328  uint32_t flags );
329 
389  mbedtls_x509_crt *trust_ca,
390  mbedtls_x509_crl *ca_crl,
391  const char *cn, uint32_t *flags,
392  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
393  void *p_vrfy );
394 
423  mbedtls_x509_crt *trust_ca,
424  mbedtls_x509_crl *ca_crl,
425  const mbedtls_x509_crt_profile *profile,
426  const char *cn, uint32_t *flags,
427  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
428  void *p_vrfy );
429 
453  mbedtls_x509_crt *trust_ca,
454  mbedtls_x509_crl *ca_crl,
455  const mbedtls_x509_crt_profile *profile,
456  const char *cn, uint32_t *flags,
457  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
458  void *p_vrfy,
459  mbedtls_x509_crt_restart_ctx *rs_ctx );
460 
461 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
462 
484  unsigned int usage );
485 #endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
486 
487 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
488 
502  const char *usage_oid,
503  size_t usage_len );
504 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
505 
506 #if defined(MBEDTLS_X509_CRL_PARSE_C)
507 
517 #endif /* MBEDTLS_X509_CRL_PARSE_C */
518 
525 
532 
533 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
534 
537 void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
538 
542 void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
543 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
544 #endif /* MBEDTLS_X509_CRT_PARSE_C */
545 
546 /* \} name */
547 /* \} addtogroup x509_module */
548 
549 #if defined(MBEDTLS_X509_CRT_WRITE_C)
550 
556 
566 
576 
591 int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
592  const char *not_after );
593 
607  const char *issuer_name );
608 
622  const char *subject_name );
623 
631 
639 
648 
663  const char *oid, size_t oid_len,
664  int critical,
665  const unsigned char *val, size_t val_len );
666 
679  int is_ca, int max_pathlen );
680 
681 #if defined(MBEDTLS_SHA1_C)
682 
692 
703 #endif /* MBEDTLS_SHA1_C */
704 
715  unsigned int key_usage );
716 
727  unsigned char ns_cert_type );
728 
735 
756 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
757  int (*f_rng)(void *, unsigned char *, size_t),
758  void *p_rng );
759 
760 #if defined(MBEDTLS_PEM_WRITE_C)
761 
777 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
778  int (*f_rng)(void *, unsigned char *, size_t),
779  void *p_rng );
780 #endif /* MBEDTLS_PEM_WRITE_C */
781 #endif /* MBEDTLS_X509_CRT_WRITE_C */
782 
783 #ifdef __cplusplus
784 }
785 #endif
786 
787 #endif /* mbedtls_x509_crt.h */