x509.h File Reference

X.509 generic defines and structures. More...

#include "config.h"
#include "asn1.h"
#include "pk.h"
#include "rsa.h"
Include dependency graph for x509.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  mbedtls_x509_time

Defines

#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE   (0x80)
#define MBEDTLS_X509_KU_NON_REPUDIATION   (0x40)
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT   (0x20)
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT   (0x10)
#define MBEDTLS_X509_KU_KEY_AGREEMENT   (0x08)
#define MBEDTLS_X509_KU_KEY_CERT_SIGN   (0x04)
#define MBEDTLS_X509_KU_CRL_SIGN   (0x02)
#define MBEDTLS_X509_KU_ENCIPHER_ONLY   (0x01)
#define MBEDTLS_X509_KU_DECIPHER_ONLY   (0x8000)
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT   (0x80)
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER   (0x40)
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL   (0x20)
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING   (0x10)
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED   (0x08)
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA   (0x04)
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA   (0x02)
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01)
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)
#define MBEDTLS_X509_EXT_KEY_USAGE   (1 << 2)
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES   (1 << 3)
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS   (1 << 4)
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME   (1 << 5)
#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME   (1 << 6)
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS   (1 << 8)
#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS   (1 << 9)
#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS   (1 << 10)
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE   (1 << 11)
#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY   (1 << 13)
#define MBEDTLS_X509_EXT_FRESHEST_CRL   (1 << 14)
#define MBEDTLS_X509_EXT_NS_CERT_TYPE   (1 << 16)
#define MBEDTLS_X509_FORMAT_DER   1
#define MBEDTLS_X509_FORMAT_PEM   2
#define MBEDTLS_X509_MAX_DN_NAME_SIZE   256
#define MBEDTLS_X509_SAFE_SNPRINTF
X509 Error codes



#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE   -0x2080
#define MBEDTLS_ERR_X509_UNKNOWN_OID   -0x2100
#define MBEDTLS_ERR_X509_INVALID_FORMAT   -0x2180
#define MBEDTLS_ERR_X509_INVALID_VERSION   -0x2200
#define MBEDTLS_ERR_X509_INVALID_SERIAL   -0x2280
#define MBEDTLS_ERR_X509_INVALID_ALG   -0x2300
#define MBEDTLS_ERR_X509_INVALID_NAME   -0x2380
#define MBEDTLS_ERR_X509_INVALID_DATE   -0x2400
#define MBEDTLS_ERR_X509_INVALID_SIGNATURE   -0x2480
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS   -0x2500
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION   -0x2580
#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG   -0x2600
#define MBEDTLS_ERR_X509_SIG_MISMATCH   -0x2680
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED   -0x2700
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA   -0x2800
#define MBEDTLS_ERR_X509_ALLOC_FAILED   -0x2880
#define MBEDTLS_ERR_X509_FILE_IO_ERROR   -0x2900
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL   -0x2980
#define MBEDTLS_ERR_X509_FATAL_ERROR   -0x3000
X509 Verify codes



#define MBEDTLS_X509_BADCERT_EXPIRED   0x01
#define MBEDTLS_X509_BADCERT_REVOKED   0x02
#define MBEDTLS_X509_BADCERT_CN_MISMATCH   0x04
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED   0x08
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED   0x10
#define MBEDTLS_X509_BADCRL_EXPIRED   0x20
#define MBEDTLS_X509_BADCERT_MISSING   0x40
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY   0x80
#define MBEDTLS_X509_BADCERT_OTHER   0x0100
#define MBEDTLS_X509_BADCERT_FUTURE   0x0200
#define MBEDTLS_X509_BADCRL_FUTURE   0x0400
#define MBEDTLS_X509_BADCERT_KEY_USAGE   0x0800
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE   0x1000
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE   0x2000
#define MBEDTLS_X509_BADCERT_BAD_MD   0x4000
#define MBEDTLS_X509_BADCERT_BAD_PK   0x8000
#define MBEDTLS_X509_BADCERT_BAD_KEY   0x010000
#define MBEDTLS_X509_BADCRL_BAD_MD   0x020000
#define MBEDTLS_X509_BADCRL_BAD_PK   0x040000
#define MBEDTLS_X509_BADCRL_BAD_KEY   0x080000

Typedefs

Structures for parsing X.509 certificates, CRLs and CSRs



typedef mbedtls_asn1_buf mbedtls_x509_buf
typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring
typedef mbedtls_asn1_named_data mbedtls_x509_name
typedef mbedtls_asn1_sequence mbedtls_x509_sequence

Functions

int mbedtls_x509_dn_gets (char *buf, size_t size, const mbedtls_x509_name *dn)
 Store the certificate DN in printable form into buf; no more than size characters will be written.
int mbedtls_x509_serial_gets (char *buf, size_t size, const mbedtls_x509_buf *serial)
 Store the certificate serial in printable form into buf; no more than size characters will be written.
int mbedtls_x509_time_is_past (const mbedtls_x509_time *to)
 Check a given mbedtls_x509_time against the system time and tell if it's in the past.
int mbedtls_x509_time_is_future (const mbedtls_x509_time *from)
 Check a given mbedtls_x509_time against the system time and tell if it's in the future.
int mbedtls_x509_self_test (int verbose)
 Checkup routine.
int mbedtls_x509_get_name (unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur)
int mbedtls_x509_get_alg_null (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg)
int mbedtls_x509_get_alg (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params)
int mbedtls_x509_get_rsassa_pss_params (const mbedtls_x509_buf *params, mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, int *salt_len)
int mbedtls_x509_get_sig (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig)
int mbedtls_x509_get_sig_alg (const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts)
int mbedtls_x509_get_time (unsigned char **p, const unsigned char *end, mbedtls_x509_time *t)
int mbedtls_x509_get_serial (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial)
int mbedtls_x509_get_ext (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag)
int mbedtls_x509_sig_alg_gets (char *buf, size_t size, const mbedtls_x509_buf *sig_oid, mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts)
int mbedtls_x509_key_size_helper (char *buf, size_t buf_size, const char *name)
int mbedtls_x509_string_to_names (mbedtls_asn1_named_data **head, const char *name)
int mbedtls_x509_set_extension (mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
int mbedtls_x509_write_extensions (unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
int mbedtls_x509_write_names (unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
int mbedtls_x509_write_sig (unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size)

Detailed Description

X.509 generic defines and structures.

Definition in file x509.h.


Define Documentation

#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)

Definition at line 173 of file x509.h.

#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS   (1 << 8)

Definition at line 181 of file x509.h.

#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES   (1 << 3)

Definition at line 176 of file x509.h.

#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)

Definition at line 185 of file x509.h.

#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE   (1 << 11)

Definition at line 184 of file x509.h.

#define MBEDTLS_X509_EXT_FRESHEST_CRL   (1 << 14)

Definition at line 187 of file x509.h.

#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY   (1 << 13)

Definition at line 186 of file x509.h.

#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME   (1 << 6)

Definition at line 179 of file x509.h.

#define MBEDTLS_X509_EXT_KEY_USAGE   (1 << 2)

Definition at line 175 of file x509.h.

#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS   (1 << 9)

Definition at line 182 of file x509.h.

#define MBEDTLS_X509_EXT_NS_CERT_TYPE   (1 << 16)

Definition at line 189 of file x509.h.

#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS   (1 << 10)

Definition at line 183 of file x509.h.

#define MBEDTLS_X509_EXT_POLICY_MAPPINGS   (1 << 4)

Definition at line 177 of file x509.h.

#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME   (1 << 5)

Definition at line 178 of file x509.h.

#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)

Definition at line 180 of file x509.h.

#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)

Definition at line 174 of file x509.h.

#define MBEDTLS_X509_FORMAT_DER   1

Definition at line 195 of file x509.h.

#define MBEDTLS_X509_FORMAT_PEM   2

Definition at line 196 of file x509.h.

#define MBEDTLS_X509_KU_CRL_SIGN   (0x02)

Definition at line 149 of file x509.h.

#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT   (0x10)

Definition at line 146 of file x509.h.

#define MBEDTLS_X509_KU_DECIPHER_ONLY   (0x8000)

Definition at line 151 of file x509.h.

#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE   (0x80)

Definition at line 143 of file x509.h.

#define MBEDTLS_X509_KU_ENCIPHER_ONLY   (0x01)

Definition at line 150 of file x509.h.

#define MBEDTLS_X509_KU_KEY_AGREEMENT   (0x08)

Definition at line 147 of file x509.h.

#define MBEDTLS_X509_KU_KEY_CERT_SIGN   (0x04)

Definition at line 148 of file x509.h.

#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT   (0x20)

Definition at line 145 of file x509.h.

#define MBEDTLS_X509_KU_NON_REPUDIATION   (0x40)

Definition at line 144 of file x509.h.

#define MBEDTLS_X509_MAX_DN_NAME_SIZE   256

Maximum value size of a DN entry

Definition at line 198 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL   (0x20)

Definition at line 160 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA   (0x02)

Definition at line 164 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING   (0x10)

Definition at line 161 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01)

Definition at line 165 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED   (0x08)

Definition at line 162 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA   (0x04)

Definition at line 163 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT   (0x80)

Definition at line 158 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER   (0x40)

Definition at line 159 of file x509.h.

#define MBEDTLS_X509_SAFE_SNPRINTF
Value:
do {                                                    \
        if( ret < 0 || (size_t) ret >= n )                  \
            return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );    \
                                                            \
        n -= (size_t) ret;                                  \
        p += (size_t) ret;                                  \
    } while( 0 )

Definition at line 347 of file x509.h.


Function Documentation

int mbedtls_x509_dn_gets ( char *  buf,
size_t  size,
const mbedtls_x509_name dn 
)

Store the certificate DN in printable form into buf; no more than size characters will be written.

Parameters:
buf Buffer to write to
size Maximum size of buffer
dn The X509 name to represent
Returns:
The length of the string written (not including the terminated nul byte), or a negative error code.
int mbedtls_x509_get_alg ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_buf alg,
mbedtls_x509_buf params 
)
int mbedtls_x509_get_alg_null ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_buf alg 
)
int mbedtls_x509_get_ext ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_buf ext,
int  tag 
)
int mbedtls_x509_get_name ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_name cur 
)
int mbedtls_x509_get_rsassa_pss_params ( const mbedtls_x509_buf params,
mbedtls_md_type_t md_alg,
mbedtls_md_type_t mgf_md,
int *  salt_len 
)
int mbedtls_x509_get_serial ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_buf serial 
)
int mbedtls_x509_get_sig ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_buf sig 
)
int mbedtls_x509_get_sig_alg ( const mbedtls_x509_buf sig_oid,
const mbedtls_x509_buf sig_params,
mbedtls_md_type_t md_alg,
mbedtls_pk_type_t pk_alg,
void **  sig_opts 
)
int mbedtls_x509_get_time ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_time t 
)
int mbedtls_x509_key_size_helper ( char *  buf,
size_t  buf_size,
const char *  name 
)
int mbedtls_x509_self_test ( int  verbose  ) 

Checkup routine.

Returns:
0 if successful, or 1 if the test failed
int mbedtls_x509_serial_gets ( char *  buf,
size_t  size,
const mbedtls_x509_buf serial 
)

Store the certificate serial in printable form into buf; no more than size characters will be written.

Parameters:
buf Buffer to write to
size Maximum size of buffer
serial The X509 serial to represent
Returns:
The length of the string written (not including the terminated nul byte), or a negative error code.
int mbedtls_x509_set_extension ( mbedtls_asn1_named_data **  head,
const char *  oid,
size_t  oid_len,
int  critical,
const unsigned char *  val,
size_t  val_len 
)
int mbedtls_x509_sig_alg_gets ( char *  buf,
size_t  size,
const mbedtls_x509_buf sig_oid,
mbedtls_pk_type_t  pk_alg,
mbedtls_md_type_t  md_alg,
const void *  sig_opts 
)
int mbedtls_x509_string_to_names ( mbedtls_asn1_named_data **  head,
const char *  name 
)
int mbedtls_x509_time_is_future ( const mbedtls_x509_time from  ) 

Check a given mbedtls_x509_time against the system time and tell if it's in the future.

Note:
Intended usage is "if( is_future( valid_from ) ) ERROR". Hence the return value of 1 if on internal errors.
Parameters:
from mbedtls_x509_time to check
Returns:
1 if the given time is in the future or an error occurred, 0 otherwise.
int mbedtls_x509_time_is_past ( const mbedtls_x509_time to  ) 

Check a given mbedtls_x509_time against the system time and tell if it's in the past.

Note:
Intended usage is "if( is_past( valid_to ) ) ERROR". Hence the return value of 1 if on internal errors.
Parameters:
to mbedtls_x509_time to check
Returns:
1 if the given time is in the past or an error occurred, 0 otherwise.
int mbedtls_x509_write_extensions ( unsigned char **  p,
unsigned char *  start,
mbedtls_asn1_named_data first 
)
int mbedtls_x509_write_names ( unsigned char **  p,
unsigned char *  start,
mbedtls_asn1_named_data first 
)
int mbedtls_x509_write_sig ( unsigned char **  p,
unsigned char *  start,
const char *  oid,
size_t  oid_len,
unsigned char *  sig,
size_t  size 
)

Generated on 10 Aug 2020 for mbed TLS v2.7.16 by  doxygen 1.6.1