mbed TLS v2.14.1
Main Page
Related Pages
Modules
Data Structures
Files
File List
Globals
include
mbedtls
x509_crt.h
Go to the documentation of this file.
1
6
/*
7
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8
* SPDX-License-Identifier: Apache-2.0
9
*
10
* Licensed under the Apache License, Version 2.0 (the "License"); you may
11
* not use this file except in compliance with the License.
12
* You may obtain a copy of the License at
13
*
14
* http://www.apache.org/licenses/LICENSE-2.0
15
*
16
* Unless required by applicable law or agreed to in writing, software
17
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19
* See the License for the specific language governing permissions and
20
* limitations under the License.
21
*
22
* This file is part of mbed TLS (https://tls.mbed.org)
23
*/
24
#ifndef MBEDTLS_X509_CRT_H
25
#define MBEDTLS_X509_CRT_H
26
27
#if !defined(MBEDTLS_CONFIG_FILE)
28
#include "
config.h
"
29
#else
30
#include MBEDTLS_CONFIG_FILE
31
#endif
32
33
#include "
x509.h
"
34
#include "
x509_crl.h
"
35
41
#ifdef __cplusplus
42
extern
"C"
{
43
#endif
44
53
typedef
struct
mbedtls_x509_crt
54
{
55
mbedtls_x509_buf
raw
;
56
mbedtls_x509_buf
tbs
;
58
int
version
;
59
mbedtls_x509_buf
serial
;
60
mbedtls_x509_buf
sig_oid
;
62
mbedtls_x509_buf
issuer_raw
;
63
mbedtls_x509_buf
subject_raw
;
65
mbedtls_x509_name
issuer
;
66
mbedtls_x509_name
subject
;
68
mbedtls_x509_time
valid_from
;
69
mbedtls_x509_time
valid_to
;
71
mbedtls_pk_context
pk
;
73
mbedtls_x509_buf
issuer_id
;
74
mbedtls_x509_buf
subject_id
;
75
mbedtls_x509_buf
v3_ext
;
76
mbedtls_x509_sequence
subject_alt_names
;
78
int
ext_types
;
79
int
ca_istrue
;
80
int
max_pathlen
;
82
unsigned
int
key_usage
;
84
mbedtls_x509_sequence
ext_key_usage
;
86
unsigned
char
ns_cert_type
;
88
mbedtls_x509_buf
sig
;
89
mbedtls_md_type_t
sig_md
;
90
mbedtls_pk_type_t
sig_pk
;
91
void
*
sig_opts
;
93
struct
mbedtls_x509_crt
*
next
;
94
}
95
mbedtls_x509_crt
;
96
101
#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) )
102
108
typedef
struct
mbedtls_x509_crt_profile
109
{
110
uint32_t
allowed_mds
;
111
uint32_t
allowed_pks
;
112
uint32_t
allowed_curves
;
113
uint32_t
rsa_min_bitlen
;
114
}
115
mbedtls_x509_crt_profile
;
116
117
#define MBEDTLS_X509_CRT_VERSION_1 0
118
#define MBEDTLS_X509_CRT_VERSION_2 1
119
#define MBEDTLS_X509_CRT_VERSION_3 2
120
121
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
122
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
123
124
#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
125
#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
126
#endif
127
131
typedef
struct
mbedtls_x509write_cert
132
{
133
int
version
;
134
mbedtls_mpi
serial
;
135
mbedtls_pk_context
*
subject_key
;
136
mbedtls_pk_context
*
issuer_key
;
137
mbedtls_asn1_named_data
*
subject
;
138
mbedtls_asn1_named_data
*
issuer
;
139
mbedtls_md_type_t
md_alg
;
140
char
not_before
[
MBEDTLS_X509_RFC5280_UTC_TIME_LEN
+ 1];
141
char
not_after
[
MBEDTLS_X509_RFC5280_UTC_TIME_LEN
+ 1];
142
mbedtls_asn1_named_data
*
extensions
;
143
}
144
mbedtls_x509write_cert
;
145
149
typedef
struct
{
150
mbedtls_x509_crt
*
crt
;
151
uint32_t
flags
;
152
}
mbedtls_x509_crt_verify_chain_item
;
153
157
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
158
162
typedef
struct
163
{
164
mbedtls_x509_crt_verify_chain_item
items[
MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
];
165
unsigned
len
;
166
}
mbedtls_x509_crt_verify_chain
;
167
168
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
169
173
typedef
struct
174
{
175
/* for check_signature() */
176
mbedtls_pk_restart_ctx
pk;
177
178
/* for find_parent_in() */
179
mbedtls_x509_crt
*parent;
/* non-null iff parent_in in progress */
180
mbedtls_x509_crt
*fallback_parent;
181
int
fallback_signature_is_good;
182
183
/* for find_parent() */
184
int
parent_is_trusted;
/* -1 if find_parent is not in progress */
185
186
/* for verify_chain() */
187
enum
{
188
x509_crt_rs_none,
189
x509_crt_rs_find_parent,
190
} in_progress;
/* none if no operation is in progress */
191
int
self_cnt;
192
mbedtls_x509_crt_verify_chain
ver_chain;
193
194
}
mbedtls_x509_crt_restart_ctx
;
195
196
#else
/* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
197
198
/* Now we can declare functions that take a pointer to that */
199
typedef
void
mbedtls_x509_crt_restart_ctx
;
200
201
#endif
/* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
202
203
#if defined(MBEDTLS_X509_CRT_PARSE_C)
204
208
extern
const
mbedtls_x509_crt_profile
mbedtls_x509_crt_profile_default
;
209
214
extern
const
mbedtls_x509_crt_profile
mbedtls_x509_crt_profile_next
;
215
219
extern
const
mbedtls_x509_crt_profile
mbedtls_x509_crt_profile_suiteb
;
220
231
int
mbedtls_x509_crt_parse_der
(
mbedtls_x509_crt
*chain,
const
unsigned
char
*buf,
232
size_t
buflen );
233
249
int
mbedtls_x509_crt_parse
(
mbedtls_x509_crt
*chain,
const
unsigned
char
*buf,
size_t
buflen );
250
251
#if defined(MBEDTLS_FS_IO)
252
265
int
mbedtls_x509_crt_parse_file
(
mbedtls_x509_crt
*chain,
const
char
*path );
266
280
int
mbedtls_x509_crt_parse_path
(
mbedtls_x509_crt
*chain,
const
char
*path );
281
#endif
/* MBEDTLS_FS_IO */
282
295
int
mbedtls_x509_crt_info
(
char
*buf,
size_t
size,
const
char
*prefix,
296
const
mbedtls_x509_crt
*crt );
297
310
int
mbedtls_x509_crt_verify_info
(
char
*buf,
size_t
size,
const
char
*prefix,
311
uint32_t flags );
312
371
int
mbedtls_x509_crt_verify
(
mbedtls_x509_crt
*crt,
372
mbedtls_x509_crt
*trust_ca,
373
mbedtls_x509_crl
*ca_crl,
374
const
char
*cn, uint32_t *flags,
375
int
(*f_vrfy)(
void
*,
mbedtls_x509_crt
*,
int
, uint32_t *),
376
void
*p_vrfy );
377
405
int
mbedtls_x509_crt_verify_with_profile
(
mbedtls_x509_crt
*crt,
406
mbedtls_x509_crt
*trust_ca,
407
mbedtls_x509_crl
*ca_crl,
408
const
mbedtls_x509_crt_profile
*profile,
409
const
char
*cn, uint32_t *flags,
410
int
(*f_vrfy)(
void
*,
mbedtls_x509_crt
*,
int
, uint32_t *),
411
void
*p_vrfy );
412
435
int
mbedtls_x509_crt_verify_restartable
(
mbedtls_x509_crt
*crt,
436
mbedtls_x509_crt
*trust_ca,
437
mbedtls_x509_crl
*ca_crl,
438
const
mbedtls_x509_crt_profile
*profile,
439
const
char
*cn, uint32_t *flags,
440
int
(*f_vrfy)(
void
*,
mbedtls_x509_crt
*,
int
, uint32_t *),
441
void
*p_vrfy,
442
mbedtls_x509_crt_restart_ctx *rs_ctx );
443
444
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
445
466
int
mbedtls_x509_crt_check_key_usage
(
const
mbedtls_x509_crt
*crt,
467
unsigned
int
usage );
468
#endif
/* MBEDTLS_X509_CHECK_KEY_USAGE) */
469
470
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
471
484
int
mbedtls_x509_crt_check_extended_key_usage
(
const
mbedtls_x509_crt
*crt,
485
const
char
*usage_oid,
486
size_t
usage_len );
487
#endif
/* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
488
489
#if defined(MBEDTLS_X509_CRL_PARSE_C)
490
499
int
mbedtls_x509_crt_is_revoked
(
const
mbedtls_x509_crt
*crt,
const
mbedtls_x509_crl
*crl );
500
#endif
/* MBEDTLS_X509_CRL_PARSE_C */
501
507
void
mbedtls_x509_crt_init
(
mbedtls_x509_crt
*crt );
508
514
void
mbedtls_x509_crt_free
(
mbedtls_x509_crt
*crt );
515
516
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
517
520
void
mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
521
525
void
mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
526
#endif
/* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
527
#endif
/* MBEDTLS_X509_CRT_PARSE_C */
528
529
/* \} name */
530
/* \} addtogroup x509_module */
531
532
#if defined(MBEDTLS_X509_CRT_WRITE_C)
533
538
void
mbedtls_x509write_crt_init
(
mbedtls_x509write_cert
*ctx );
539
548
void
mbedtls_x509write_crt_set_version
(
mbedtls_x509write_cert
*ctx,
int
version );
549
558
int
mbedtls_x509write_crt_set_serial
(
mbedtls_x509write_cert
*ctx,
const
mbedtls_mpi
*serial );
559
574
int
mbedtls_x509write_crt_set_validity
(
mbedtls_x509write_cert
*ctx,
const
char
*not_before,
575
const
char
*not_after );
576
589
int
mbedtls_x509write_crt_set_issuer_name
(
mbedtls_x509write_cert
*ctx,
590
const
char
*issuer_name );
591
604
int
mbedtls_x509write_crt_set_subject_name
(
mbedtls_x509write_cert
*ctx,
605
const
char
*subject_name );
606
613
void
mbedtls_x509write_crt_set_subject_key
(
mbedtls_x509write_cert
*ctx,
mbedtls_pk_context
*key );
614
621
void
mbedtls_x509write_crt_set_issuer_key
(
mbedtls_x509write_cert
*ctx,
mbedtls_pk_context
*key );
622
630
void
mbedtls_x509write_crt_set_md_alg
(
mbedtls_x509write_cert
*ctx,
mbedtls_md_type_t
md_alg );
631
645
int
mbedtls_x509write_crt_set_extension
(
mbedtls_x509write_cert
*ctx,
646
const
char
*oid,
size_t
oid_len,
647
int
critical,
648
const
unsigned
char
*val,
size_t
val_len );
649
661
int
mbedtls_x509write_crt_set_basic_constraints
(
mbedtls_x509write_cert
*ctx,
662
int
is_ca,
int
max_pathlen );
663
664
#if defined(MBEDTLS_SHA1_C)
665
674
int
mbedtls_x509write_crt_set_subject_key_identifier
(
mbedtls_x509write_cert
*ctx );
675
685
int
mbedtls_x509write_crt_set_authority_key_identifier
(
mbedtls_x509write_cert
*ctx );
686
#endif
/* MBEDTLS_SHA1_C */
687
697
int
mbedtls_x509write_crt_set_key_usage
(
mbedtls_x509write_cert
*ctx,
698
unsigned
int
key_usage );
699
709
int
mbedtls_x509write_crt_set_ns_cert_type
(
mbedtls_x509write_cert
*ctx,
710
unsigned
char
ns_cert_type );
711
717
void
mbedtls_x509write_crt_free
(
mbedtls_x509write_cert
*ctx );
718
739
int
mbedtls_x509write_crt_der
(
mbedtls_x509write_cert
*ctx,
unsigned
char
*buf,
size_t
size,
740
int
(*f_rng)(
void
*,
unsigned
char
*,
size_t
),
741
void
*p_rng );
742
743
#if defined(MBEDTLS_PEM_WRITE_C)
744
760
int
mbedtls_x509write_crt_pem
(
mbedtls_x509write_cert
*ctx,
unsigned
char
*buf,
size_t
size,
761
int
(*f_rng)(
void
*,
unsigned
char
*,
size_t
),
762
void
*p_rng );
763
#endif
/* MBEDTLS_PEM_WRITE_C */
764
#endif
/* MBEDTLS_X509_CRT_WRITE_C */
765
766
#ifdef __cplusplus
767
}
768
#endif
769
770
#endif
/* mbedtls_x509_crt.h */
Generated on Mon Jun 27 2022 04:24:25 for mbed TLS v2.14.1 by
1.8.1.2