00001
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049 #ifndef MBEDTLS_X509_CRT_H
00050 #define MBEDTLS_X509_CRT_H
00051
00052 #if !defined(MBEDTLS_CONFIG_FILE)
00053 #include "config.h"
00054 #else
00055 #include MBEDTLS_CONFIG_FILE
00056 #endif
00057
00058 #include "x509.h"
00059 #include "x509_crl.h"
00060
00066 #ifdef __cplusplus
00067 extern "C" {
00068 #endif
00069
00078 typedef struct mbedtls_x509_crt
00079 {
00080 mbedtls_x509_buf raw;
00081 mbedtls_x509_buf tbs;
00083 int version;
00084 mbedtls_x509_buf serial;
00085 mbedtls_x509_buf sig_oid;
00087 mbedtls_x509_buf issuer_raw;
00088 mbedtls_x509_buf subject_raw;
00090 mbedtls_x509_name issuer;
00091 mbedtls_x509_name subject;
00093 mbedtls_x509_time valid_from;
00094 mbedtls_x509_time valid_to;
00096 mbedtls_pk_context pk;
00098 mbedtls_x509_buf issuer_id;
00099 mbedtls_x509_buf subject_id;
00100 mbedtls_x509_buf v3_ext;
00101 mbedtls_x509_sequence subject_alt_names;
00103 int ext_types;
00104 int ca_istrue;
00105 int max_pathlen;
00107 unsigned int key_usage;
00109 mbedtls_x509_sequence ext_key_usage;
00111 unsigned char ns_cert_type;
00113 mbedtls_x509_buf sig;
00114 mbedtls_md_type_t sig_md;
00115 mbedtls_pk_type_t sig_pk;
00116 void *sig_opts;
00118 struct mbedtls_x509_crt *next;
00119 }
00120 mbedtls_x509_crt;
00121
00126 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( ( id ) - 1 ) )
00127
00133 typedef struct
00134 {
00135 uint32_t allowed_mds;
00136 uint32_t allowed_pks;
00137 uint32_t allowed_curves;
00138 uint32_t rsa_min_bitlen;
00139 }
00140 mbedtls_x509_crt_profile;
00141
00142 #define MBEDTLS_X509_CRT_VERSION_1 0
00143 #define MBEDTLS_X509_CRT_VERSION_2 1
00144 #define MBEDTLS_X509_CRT_VERSION_3 2
00145
00146 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
00147 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
00148
00149 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
00150 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
00151 #endif
00152
00156 typedef struct mbedtls_x509write_cert
00157 {
00158 int version;
00159 mbedtls_mpi serial;
00160 mbedtls_pk_context *subject_key;
00161 mbedtls_pk_context *issuer_key;
00162 mbedtls_asn1_named_data *subject;
00163 mbedtls_asn1_named_data *issuer;
00164 mbedtls_md_type_t md_alg;
00165 char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
00166 char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
00167 mbedtls_asn1_named_data *extensions;
00168 }
00169 mbedtls_x509write_cert;
00170
00171 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00172
00176 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
00177
00182 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
00183
00187 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
00188
00199 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
00200 size_t buflen );
00201
00232 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
00233
00234 #if defined(MBEDTLS_FS_IO)
00235
00248 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
00249
00263 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
00264 #endif
00265
00278 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
00279 const mbedtls_x509_crt *crt );
00280
00293 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
00294 uint32_t flags );
00295
00354 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
00355 mbedtls_x509_crt *trust_ca,
00356 mbedtls_x509_crl *ca_crl,
00357 const char *cn, uint32_t *flags,
00358 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
00359 void *p_vrfy );
00360
00388 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
00389 mbedtls_x509_crt *trust_ca,
00390 mbedtls_x509_crl *ca_crl,
00391 const mbedtls_x509_crt_profile *profile,
00392 const char *cn, uint32_t *flags,
00393 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
00394 void *p_vrfy );
00395
00396 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
00397
00418 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
00419 unsigned int usage );
00420 #endif
00421
00422 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
00423
00436 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
00437 const char *usage_oid,
00438 size_t usage_len );
00439 #endif
00440
00441 #if defined(MBEDTLS_X509_CRL_PARSE_C)
00442
00451 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
00452 #endif
00453
00459 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
00460
00466 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
00467 #endif
00468
00469
00470
00471
00472 #if defined(MBEDTLS_X509_CRT_WRITE_C)
00473
00478 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
00479
00488 void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
00489
00498 int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
00499
00514 int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
00515 const char *not_after );
00516
00529 int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
00530 const char *issuer_name );
00531
00544 int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
00545 const char *subject_name );
00546
00553 void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
00554
00561 void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
00562
00570 void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
00571
00585 int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
00586 const char *oid, size_t oid_len,
00587 int critical,
00588 const unsigned char *val, size_t val_len );
00589
00601 int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
00602 int is_ca, int max_pathlen );
00603
00604 #if defined(MBEDTLS_SHA1_C)
00605
00614 int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
00615
00625 int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
00626 #endif
00627
00637 int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
00638 unsigned int key_usage );
00639
00649 int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
00650 unsigned char ns_cert_type );
00651
00657 void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
00658
00679 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
00680 int (*f_rng)(void *, unsigned char *, size_t),
00681 void *p_rng );
00682
00683 #if defined(MBEDTLS_PEM_WRITE_C)
00684
00700 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
00701 int (*f_rng)(void *, unsigned char *, size_t),
00702 void *p_rng );
00703 #endif
00704 #endif
00705
00706 #ifdef __cplusplus
00707 }
00708 #endif
00709
00710 #endif