mbed TLS v2.14.1
x509_crt.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  *
22  * This file is part of mbed TLS (https://tls.mbed.org)
23  */
24 #ifndef MBEDTLS_X509_CRT_H
25 #define MBEDTLS_X509_CRT_H
26 
27 #if !defined(MBEDTLS_CONFIG_FILE)
28 #include "config.h"
29 #else
30 #include MBEDTLS_CONFIG_FILE
31 #endif
32 
33 #include "x509.h"
34 #include "x509_crl.h"
35 
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44 
53 typedef struct mbedtls_x509_crt
54 {
58  int version;
78  int ext_types;
79  int ca_istrue;
82  unsigned int key_usage;
86  unsigned char ns_cert_type;
91  void *sig_opts;
94 }
96 
101 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) )
102 
109 {
110  uint32_t allowed_mds;
111  uint32_t allowed_pks;
112  uint32_t allowed_curves;
113  uint32_t rsa_min_bitlen;
114 }
116 
117 #define MBEDTLS_X509_CRT_VERSION_1 0
118 #define MBEDTLS_X509_CRT_VERSION_2 1
119 #define MBEDTLS_X509_CRT_VERSION_3 2
120 
121 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
122 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
123 
124 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
125 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
126 #endif
127 
132 {
133  int version;
143 }
145 
149 typedef struct {
151  uint32_t flags;
153 
157 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
158 
162 typedef struct
163 {
165  unsigned len;
167 
168 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
169 
173 typedef struct
174 {
175  /* for check_signature() */
177 
178  /* for find_parent_in() */
179  mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
180  mbedtls_x509_crt *fallback_parent;
181  int fallback_signature_is_good;
182 
183  /* for find_parent() */
184  int parent_is_trusted; /* -1 if find_parent is not in progress */
185 
186  /* for verify_chain() */
187  enum {
188  x509_crt_rs_none,
189  x509_crt_rs_find_parent,
190  } in_progress; /* none if no operation is in progress */
191  int self_cnt;
193 
195 
196 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
197 
198 /* Now we can declare functions that take a pointer to that */
200 
201 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
202 
203 #if defined(MBEDTLS_X509_CRT_PARSE_C)
204 
209 
215 
220 
231 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
232  size_t buflen );
233 
249 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
250 
251 #if defined(MBEDTLS_FS_IO)
252 
265 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
266 
280 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
281 #endif /* MBEDTLS_FS_IO */
282 
295 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
296  const mbedtls_x509_crt *crt );
297 
310 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
311  uint32_t flags );
312 
372  mbedtls_x509_crt *trust_ca,
373  mbedtls_x509_crl *ca_crl,
374  const char *cn, uint32_t *flags,
375  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
376  void *p_vrfy );
377 
406  mbedtls_x509_crt *trust_ca,
407  mbedtls_x509_crl *ca_crl,
408  const mbedtls_x509_crt_profile *profile,
409  const char *cn, uint32_t *flags,
410  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
411  void *p_vrfy );
412 
436  mbedtls_x509_crt *trust_ca,
437  mbedtls_x509_crl *ca_crl,
438  const mbedtls_x509_crt_profile *profile,
439  const char *cn, uint32_t *flags,
440  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
441  void *p_vrfy,
442  mbedtls_x509_crt_restart_ctx *rs_ctx );
443 
444 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
445 
467  unsigned int usage );
468 #endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
469 
470 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
471 
485  const char *usage_oid,
486  size_t usage_len );
487 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
488 
489 #if defined(MBEDTLS_X509_CRL_PARSE_C)
490 
500 #endif /* MBEDTLS_X509_CRL_PARSE_C */
501 
508 
515 
516 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
517 
520 void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
521 
525 void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
526 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
527 #endif /* MBEDTLS_X509_CRT_PARSE_C */
528 
529 /* \} name */
530 /* \} addtogroup x509_module */
531 
532 #if defined(MBEDTLS_X509_CRT_WRITE_C)
533 
539 
549 
559 
574 int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
575  const char *not_after );
576 
590  const char *issuer_name );
591 
605  const char *subject_name );
606 
614 
622 
631 
646  const char *oid, size_t oid_len,
647  int critical,
648  const unsigned char *val, size_t val_len );
649 
662  int is_ca, int max_pathlen );
663 
664 #if defined(MBEDTLS_SHA1_C)
665 
675 
686 #endif /* MBEDTLS_SHA1_C */
687 
698  unsigned int key_usage );
699 
710  unsigned char ns_cert_type );
711 
718 
739 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
740  int (*f_rng)(void *, unsigned char *, size_t),
741  void *p_rng );
742 
743 #if defined(MBEDTLS_PEM_WRITE_C)
744 
760 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
761  int (*f_rng)(void *, unsigned char *, size_t),
762  void *p_rng );
763 #endif /* MBEDTLS_PEM_WRITE_C */
764 #endif /* MBEDTLS_X509_CRT_WRITE_C */
765 
766 #ifdef __cplusplus
767 }
768 #endif
769 
770 #endif /* mbedtls_x509_crt.h */