00001
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032
00033
00034
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051 #ifndef MBEDTLS_X509_H
00052 #define MBEDTLS_X509_H
00053
00054 #if !defined(MBEDTLS_CONFIG_FILE)
00055 #include "config.h"
00056 #else
00057 #include MBEDTLS_CONFIG_FILE
00058 #endif
00059
00060 #include "asn1.h"
00061 #include "pk.h"
00062
00063 #if defined(MBEDTLS_RSA_C)
00064 #include "rsa.h"
00065 #endif
00066
00072 #if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
00073
00081 #define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
00082 #endif
00083
00088 #define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080
00089 #define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100
00090 #define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180
00091 #define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200
00092 #define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280
00093 #define MBEDTLS_ERR_X509_INVALID_ALG -0x2300
00094 #define MBEDTLS_ERR_X509_INVALID_NAME -0x2380
00095 #define MBEDTLS_ERR_X509_INVALID_DATE -0x2400
00096 #define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480
00097 #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500
00098 #define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580
00099 #define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600
00100 #define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680
00101 #define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700
00102 #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780
00103 #define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800
00104 #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880
00105 #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900
00106 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980
00107 #define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000
00108
00109
00114
00115 #define MBEDTLS_X509_BADCERT_EXPIRED 0x01
00116 #define MBEDTLS_X509_BADCERT_REVOKED 0x02
00117 #define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04
00118 #define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08
00119 #define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10
00120 #define MBEDTLS_X509_BADCRL_EXPIRED 0x20
00121 #define MBEDTLS_X509_BADCERT_MISSING 0x40
00122 #define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80
00123 #define MBEDTLS_X509_BADCERT_OTHER 0x0100
00124 #define MBEDTLS_X509_BADCERT_FUTURE 0x0200
00125 #define MBEDTLS_X509_BADCRL_FUTURE 0x0400
00126 #define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800
00127 #define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000
00128 #define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000
00129 #define MBEDTLS_X509_BADCERT_BAD_MD 0x4000
00130 #define MBEDTLS_X509_BADCERT_BAD_PK 0x8000
00131 #define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000
00132 #define MBEDTLS_X509_BADCRL_BAD_MD 0x020000
00133 #define MBEDTLS_X509_BADCRL_BAD_PK 0x040000
00134 #define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000
00136
00137
00138
00139
00140
00141
00142
00143 #define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80)
00144 #define MBEDTLS_X509_KU_NON_REPUDIATION (0x40)
00145 #define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20)
00146 #define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10)
00147 #define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08)
00148 #define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04)
00149 #define MBEDTLS_X509_KU_CRL_SIGN (0x02)
00150 #define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01)
00151 #define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000)
00152
00153
00154
00155
00156
00157
00158 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80)
00159 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40)
00160 #define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20)
00161 #define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10)
00162 #define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08)
00163 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04)
00164 #define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02)
00165 #define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01)
00166
00167
00168
00169
00170
00171
00172
00173 #define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
00174 #define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
00175 #define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2)
00176 #define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
00177 #define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4)
00178 #define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME (1 << 5)
00179 #define MBEDTLS_X509_EXT_ISSUER_ALT_NAME (1 << 6)
00180 #define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
00181 #define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS (1 << 8)
00182 #define MBEDTLS_X509_EXT_NAME_CONSTRAINTS (1 << 9)
00183 #define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
00184 #define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
00185 #define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
00186 #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
00187 #define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14)
00188
00189 #define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16)
00190
00191
00192
00193
00194
00195 #define MBEDTLS_X509_FORMAT_DER 1
00196 #define MBEDTLS_X509_FORMAT_PEM 2
00197
00198 #define MBEDTLS_X509_MAX_DN_NAME_SIZE 256
00200 #ifdef __cplusplus
00201 extern "C" {
00202 #endif
00203
00216 typedef mbedtls_asn1_buf mbedtls_x509_buf;
00217
00221 typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring;
00222
00227 typedef mbedtls_asn1_named_data mbedtls_x509_name;
00228
00232 typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
00233
00235 typedef struct mbedtls_x509_time
00236 {
00237 int year, mon, day;
00238 int hour, min, sec;
00239 }
00240 mbedtls_x509_time;
00241
00256 int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
00257
00269 int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
00270
00283 int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
00284
00297 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
00298
00304 int mbedtls_x509_self_test( int verbose );
00305
00306
00307
00308
00309
00310 int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
00311 mbedtls_x509_name *cur );
00312 int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
00313 mbedtls_x509_buf *alg );
00314 int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
00315 mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
00316 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
00317 int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
00318 mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
00319 int *salt_len );
00320 #endif
00321 int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
00322 int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
00323 mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
00324 void **sig_opts );
00325 int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
00326 mbedtls_x509_time *t );
00327 int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
00328 mbedtls_x509_buf *serial );
00329 int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
00330 mbedtls_x509_buf *ext, int tag );
00331 int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
00332 mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
00333 const void *sig_opts );
00334 int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
00335 int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
00336 int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
00337 int critical, const unsigned char *val,
00338 size_t val_len );
00339 int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
00340 mbedtls_asn1_named_data *first );
00341 int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
00342 mbedtls_asn1_named_data *first );
00343 int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
00344 const char *oid, size_t oid_len,
00345 unsigned char *sig, size_t size );
00346
00347 #define MBEDTLS_X509_SAFE_SNPRINTF \
00348 do { \
00349 if( ret < 0 || (size_t) ret >= n ) \
00350 return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \
00351 \
00352 n -= (size_t) ret; \
00353 p += (size_t) ret; \
00354 } while( 0 )
00355
00356 #ifdef __cplusplus
00357 }
00358 #endif
00359
00360 #endif