00001
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051 #ifndef MBEDTLS_X509_CRT_H
00052 #define MBEDTLS_X509_CRT_H
00053
00054 #if !defined(MBEDTLS_CONFIG_FILE)
00055 #include "config.h"
00056 #else
00057 #include MBEDTLS_CONFIG_FILE
00058 #endif
00059
00060 #include "x509.h"
00061 #include "x509_crl.h"
00062
00068 #ifdef __cplusplus
00069 extern "C" {
00070 #endif
00071
00080 typedef struct mbedtls_x509_crt
00081 {
00082 mbedtls_x509_buf raw;
00083 mbedtls_x509_buf tbs;
00085 int version;
00086 mbedtls_x509_buf serial;
00087 mbedtls_x509_buf sig_oid;
00089 mbedtls_x509_buf issuer_raw;
00090 mbedtls_x509_buf subject_raw;
00092 mbedtls_x509_name issuer;
00093 mbedtls_x509_name subject;
00095 mbedtls_x509_time valid_from;
00096 mbedtls_x509_time valid_to;
00098 mbedtls_pk_context pk;
00100 mbedtls_x509_buf issuer_id;
00101 mbedtls_x509_buf subject_id;
00102 mbedtls_x509_buf v3_ext;
00103 mbedtls_x509_sequence subject_alt_names;
00105 int ext_types;
00106 int ca_istrue;
00107 int max_pathlen;
00109 unsigned int key_usage;
00111 mbedtls_x509_sequence ext_key_usage;
00113 unsigned char ns_cert_type;
00115 mbedtls_x509_buf sig;
00116 mbedtls_md_type_t sig_md;
00117 mbedtls_pk_type_t sig_pk;
00118 void *sig_opts;
00120 struct mbedtls_x509_crt *next;
00121 }
00122 mbedtls_x509_crt;
00123
00128 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( ( id ) - 1 ) )
00129
00135 typedef struct
00136 {
00137 uint32_t allowed_mds;
00138 uint32_t allowed_pks;
00139 uint32_t allowed_curves;
00140 uint32_t rsa_min_bitlen;
00141 }
00142 mbedtls_x509_crt_profile;
00143
00144 #define MBEDTLS_X509_CRT_VERSION_1 0
00145 #define MBEDTLS_X509_CRT_VERSION_2 1
00146 #define MBEDTLS_X509_CRT_VERSION_3 2
00147
00148 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
00149 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
00150
00151 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
00152 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
00153 #endif
00154
00158 typedef struct mbedtls_x509write_cert
00159 {
00160 int version;
00161 mbedtls_mpi serial;
00162 mbedtls_pk_context *subject_key;
00163 mbedtls_pk_context *issuer_key;
00164 mbedtls_asn1_named_data *subject;
00165 mbedtls_asn1_named_data *issuer;
00166 mbedtls_md_type_t md_alg;
00167 char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
00168 char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
00169 mbedtls_asn1_named_data *extensions;
00170 }
00171 mbedtls_x509write_cert;
00172
00173 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00174
00178 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
00179
00184 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
00185
00189 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
00190
00201 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
00202 size_t buflen );
00203
00234 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
00235
00236 #if defined(MBEDTLS_FS_IO)
00237
00250 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
00251
00265 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
00266 #endif
00267
00280 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
00281 const mbedtls_x509_crt *crt );
00282
00295 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
00296 uint32_t flags );
00297
00356 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
00357 mbedtls_x509_crt *trust_ca,
00358 mbedtls_x509_crl *ca_crl,
00359 const char *cn, uint32_t *flags,
00360 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
00361 void *p_vrfy );
00362
00390 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
00391 mbedtls_x509_crt *trust_ca,
00392 mbedtls_x509_crl *ca_crl,
00393 const mbedtls_x509_crt_profile *profile,
00394 const char *cn, uint32_t *flags,
00395 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
00396 void *p_vrfy );
00397
00398 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
00399
00420 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
00421 unsigned int usage );
00422 #endif
00423
00424 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
00425
00438 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
00439 const char *usage_oid,
00440 size_t usage_len );
00441 #endif
00442
00443 #if defined(MBEDTLS_X509_CRL_PARSE_C)
00444
00453 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
00454 #endif
00455
00461 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
00462
00468 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
00469 #endif
00470
00471
00472
00473
00474 #if defined(MBEDTLS_X509_CRT_WRITE_C)
00475
00480 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
00481
00490 void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
00491
00500 int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
00501
00516 int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
00517 const char *not_after );
00518
00531 int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
00532 const char *issuer_name );
00533
00546 int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
00547 const char *subject_name );
00548
00555 void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
00556
00563 void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
00564
00572 void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
00573
00587 int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
00588 const char *oid, size_t oid_len,
00589 int critical,
00590 const unsigned char *val, size_t val_len );
00591
00603 int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
00604 int is_ca, int max_pathlen );
00605
00606 #if defined(MBEDTLS_SHA1_C)
00607
00616 int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
00617
00627 int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
00628 #endif
00629
00639 int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
00640 unsigned int key_usage );
00641
00651 int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
00652 unsigned char ns_cert_type );
00653
00659 void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
00660
00681 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
00682 int (*f_rng)(void *, unsigned char *, size_t),
00683 void *p_rng );
00684
00685 #if defined(MBEDTLS_PEM_WRITE_C)
00686
00702 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
00703 int (*f_rng)(void *, unsigned char *, size_t),
00704 void *p_rng );
00705 #endif
00706 #endif
00707
00708 #ifdef __cplusplus
00709 }
00710 #endif
00711
00712 #endif