00001
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049 #ifndef MBEDTLS_X509_H
00050 #define MBEDTLS_X509_H
00051
00052 #if !defined(MBEDTLS_CONFIG_FILE)
00053 #include "config.h"
00054 #else
00055 #include MBEDTLS_CONFIG_FILE
00056 #endif
00057
00058 #include "asn1.h"
00059 #include "pk.h"
00060
00061 #if defined(MBEDTLS_RSA_C)
00062 #include "rsa.h"
00063 #endif
00064
00070 #if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
00071
00079 #define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
00080 #endif
00081
00086 #define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080
00087 #define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100
00088 #define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180
00089 #define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200
00090 #define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280
00091 #define MBEDTLS_ERR_X509_INVALID_ALG -0x2300
00092 #define MBEDTLS_ERR_X509_INVALID_NAME -0x2380
00093 #define MBEDTLS_ERR_X509_INVALID_DATE -0x2400
00094 #define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480
00095 #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500
00096 #define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580
00097 #define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600
00098 #define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680
00099 #define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700
00100 #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780
00101 #define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800
00102 #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880
00103 #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900
00104 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980
00105 #define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000
00106
00107
00112
00113 #define MBEDTLS_X509_BADCERT_EXPIRED 0x01
00114 #define MBEDTLS_X509_BADCERT_REVOKED 0x02
00115 #define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04
00116 #define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08
00117 #define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10
00118 #define MBEDTLS_X509_BADCRL_EXPIRED 0x20
00119 #define MBEDTLS_X509_BADCERT_MISSING 0x40
00120 #define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80
00121 #define MBEDTLS_X509_BADCERT_OTHER 0x0100
00122 #define MBEDTLS_X509_BADCERT_FUTURE 0x0200
00123 #define MBEDTLS_X509_BADCRL_FUTURE 0x0400
00124 #define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800
00125 #define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000
00126 #define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000
00127 #define MBEDTLS_X509_BADCERT_BAD_MD 0x4000
00128 #define MBEDTLS_X509_BADCERT_BAD_PK 0x8000
00129 #define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000
00130 #define MBEDTLS_X509_BADCRL_BAD_MD 0x020000
00131 #define MBEDTLS_X509_BADCRL_BAD_PK 0x040000
00132 #define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000
00134
00135
00136
00137
00138
00139
00140
00141 #define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80)
00142 #define MBEDTLS_X509_KU_NON_REPUDIATION (0x40)
00143 #define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20)
00144 #define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10)
00145 #define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08)
00146 #define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04)
00147 #define MBEDTLS_X509_KU_CRL_SIGN (0x02)
00148 #define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01)
00149 #define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000)
00150
00151
00152
00153
00154
00155
00156 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80)
00157 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40)
00158 #define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20)
00159 #define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10)
00160 #define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08)
00161 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04)
00162 #define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02)
00163 #define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01)
00164
00165
00166
00167
00168
00169
00170
00171 #define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
00172 #define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
00173 #define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2)
00174 #define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
00175 #define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4)
00176 #define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME (1 << 5)
00177 #define MBEDTLS_X509_EXT_ISSUER_ALT_NAME (1 << 6)
00178 #define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
00179 #define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS (1 << 8)
00180 #define MBEDTLS_X509_EXT_NAME_CONSTRAINTS (1 << 9)
00181 #define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
00182 #define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
00183 #define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
00184 #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
00185 #define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14)
00186
00187 #define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16)
00188
00189
00190
00191
00192
00193 #define MBEDTLS_X509_FORMAT_DER 1
00194 #define MBEDTLS_X509_FORMAT_PEM 2
00195
00196 #define MBEDTLS_X509_MAX_DN_NAME_SIZE 256
00198 #ifdef __cplusplus
00199 extern "C" {
00200 #endif
00201
00214 typedef mbedtls_asn1_buf mbedtls_x509_buf;
00215
00219 typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring;
00220
00225 typedef mbedtls_asn1_named_data mbedtls_x509_name;
00226
00230 typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
00231
00233 typedef struct mbedtls_x509_time
00234 {
00235 int year, mon, day;
00236 int hour, min, sec;
00237 }
00238 mbedtls_x509_time;
00239
00254 int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
00255
00267 int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
00268
00281 int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
00282
00295 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
00296
00302 int mbedtls_x509_self_test( int verbose );
00303
00304
00305
00306
00307
00308 int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
00309 mbedtls_x509_name *cur );
00310 int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
00311 mbedtls_x509_buf *alg );
00312 int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
00313 mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
00314 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
00315 int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
00316 mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
00317 int *salt_len );
00318 #endif
00319 int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
00320 int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
00321 mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
00322 void **sig_opts );
00323 int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
00324 mbedtls_x509_time *t );
00325 int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
00326 mbedtls_x509_buf *serial );
00327 int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
00328 mbedtls_x509_buf *ext, int tag );
00329 int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
00330 mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
00331 const void *sig_opts );
00332 int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
00333 int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
00334 int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
00335 int critical, const unsigned char *val,
00336 size_t val_len );
00337 int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
00338 mbedtls_asn1_named_data *first );
00339 int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
00340 mbedtls_asn1_named_data *first );
00341 int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
00342 const char *oid, size_t oid_len,
00343 unsigned char *sig, size_t size );
00344
00345 #define MBEDTLS_X509_SAFE_SNPRINTF \
00346 do { \
00347 if( ret < 0 || (size_t) ret >= n ) \
00348 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \
00349 \
00350 n -= (size_t) ret; \
00351 p += (size_t) ret; \
00352 } while( 0 )
00353
00354 #ifdef __cplusplus
00355 }
00356 #endif
00357
00358 #endif