x509_csr.h File Reference

X.509 certificate signing request parsing and writing. More...

#include "config.h"
#include "x509.h"
Include dependency graph for x509_csr.h:

Go to the source code of this file.

Data Structures

struct  mbedtls_x509_csr
struct  mbedtls_x509write_csr

Functions

void mbedtls_x509write_csr_init (mbedtls_x509write_csr *ctx)
 Initialize a CSR context.
int mbedtls_x509write_csr_set_subject_name (mbedtls_x509write_csr *ctx, const char *subject_name)
 Set the subject name for a CSR Subject names should contain a comma-separated list of OID types and values: e.g. "C=UK,O=ARM,CN=mbed TLS Server 1".
void mbedtls_x509write_csr_set_key (mbedtls_x509write_csr *ctx, mbedtls_pk_context *key)
 Set the key for a CSR (public key will be included, private key used to sign the CSR when writing it).
void mbedtls_x509write_csr_set_md_alg (mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg)
 Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1).
int mbedtls_x509write_csr_set_key_usage (mbedtls_x509write_csr *ctx, unsigned char key_usage)
 Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN).
int mbedtls_x509write_csr_set_ns_cert_type (mbedtls_x509write_csr *ctx, unsigned char ns_cert_type)
 Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL).
int mbedtls_x509write_csr_set_extension (mbedtls_x509write_csr *ctx, const char *oid, size_t oid_len, const unsigned char *val, size_t val_len)
 Generic function to add to or replace an extension in the CSR.
void mbedtls_x509write_csr_free (mbedtls_x509write_csr *ctx)
 Free the contents of a CSR context.
int mbedtls_x509write_csr_der (mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a CSR (Certificate Signing Request) to a DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.
int mbedtls_x509write_csr_pem (mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a CSR (Certificate Signing Request) to a PEM string.
Structures and functions for X.509 Certificate Signing Requests (CSR)



int mbedtls_x509_csr_parse_der (mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen)
 Load a Certificate Signing Request (CSR) in DER format.
int mbedtls_x509_csr_parse (mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen)
 Load a Certificate Signing Request (CSR), DER or PEM format.
int mbedtls_x509_csr_parse_file (mbedtls_x509_csr *csr, const char *path)
 Load a Certificate Signing Request (CSR).
int mbedtls_x509_csr_info (char *buf, size_t size, const char *prefix, const mbedtls_x509_csr *csr)
 Returns an informational string about the CSR.
void mbedtls_x509_csr_init (mbedtls_x509_csr *csr)
 Initialize a CSR.
void mbedtls_x509_csr_free (mbedtls_x509_csr *csr)
 Unallocate all CSR data.

Detailed Description

X.509 certificate signing request parsing and writing.

Definition in file x509_csr.h.


Function Documentation

int mbedtls_x509write_csr_der ( mbedtls_x509write_csr ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a CSR (Certificate Signing Request) to a DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.

Parameters:
ctx CSR to write away
buf buffer to write to
size size of the buffer
f_rng RNG function (for signature, see note)
p_rng RNG parameter
Returns:
length of data written if successful, or a specific error code
Note:
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for countermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.
void mbedtls_x509write_csr_free ( mbedtls_x509write_csr ctx  ) 

Free the contents of a CSR context.

Parameters:
ctx CSR context to free
void mbedtls_x509write_csr_init ( mbedtls_x509write_csr ctx  ) 

Initialize a CSR context.

Parameters:
ctx CSR context to initialize
int mbedtls_x509write_csr_pem ( mbedtls_x509write_csr ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a CSR (Certificate Signing Request) to a PEM string.

Parameters:
ctx CSR to write away
buf buffer to write to
size size of the buffer
f_rng RNG function (for signature, see note)
p_rng RNG parameter
Returns:
0 if successful, or a specific error code
Note:
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for countermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.
int mbedtls_x509write_csr_set_extension ( mbedtls_x509write_csr ctx,
const char *  oid,
size_t  oid_len,
const unsigned char *  val,
size_t  val_len 
)

Generic function to add to or replace an extension in the CSR.

Parameters:
ctx CSR context to use
oid OID of the extension
oid_len length of the OID
val value of the extension OCTET STRING
val_len length of the value data
Returns:
0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
void mbedtls_x509write_csr_set_key ( mbedtls_x509write_csr ctx,
mbedtls_pk_context key 
)

Set the key for a CSR (public key will be included, private key used to sign the CSR when writing it).

Parameters:
ctx CSR context to use
key Asymetric key to include
int mbedtls_x509write_csr_set_key_usage ( mbedtls_x509write_csr ctx,
unsigned char  key_usage 
)

Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN).

Parameters:
ctx CSR context to use
key_usage key usage flags to set
Returns:
0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
Note:
The decipherOnly flag from the Key Usage extension is represented by bit 8 (i.e. 0x8000), which cannot typically be represented in an unsigned char. Therefore, the flag decipherOnly (i.e. MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this function.
void mbedtls_x509write_csr_set_md_alg ( mbedtls_x509write_csr ctx,
mbedtls_md_type_t  md_alg 
)

Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1).

Parameters:
ctx CSR context to use
md_alg MD algorithm to use
int mbedtls_x509write_csr_set_ns_cert_type ( mbedtls_x509write_csr ctx,
unsigned char  ns_cert_type 
)

Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL).

Parameters:
ctx CSR context to use
ns_cert_type Netscape Cert Type flags to set
Returns:
0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
int mbedtls_x509write_csr_set_subject_name ( mbedtls_x509write_csr ctx,
const char *  subject_name 
)

Set the subject name for a CSR Subject names should contain a comma-separated list of OID types and values: e.g. "C=UK,O=ARM,CN=mbed TLS Server 1".

Parameters:
ctx CSR context to use
subject_name subject name to set
Returns:
0 if subject name was parsed successfully, or a specific error code

Generated on 10 Aug 2020 for mbed TLS v2.7.16 by  doxygen 1.6.1