00001
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024 #ifndef MBEDTLS_X509_CRT_H
00025 #define MBEDTLS_X509_CRT_H
00026
00027 #if !defined(MBEDTLS_CONFIG_FILE)
00028 #include "config.h"
00029 #else
00030 #include MBEDTLS_CONFIG_FILE
00031 #endif
00032
00033 #include "x509.h"
00034 #include "x509_crl.h"
00035
00041 #ifdef __cplusplus
00042 extern "C" {
00043 #endif
00044
00053 typedef struct mbedtls_x509_crt
00054 {
00055 mbedtls_x509_buf raw;
00056 mbedtls_x509_buf tbs;
00058 int version;
00059 mbedtls_x509_buf serial;
00060 mbedtls_x509_buf sig_oid;
00062 mbedtls_x509_buf issuer_raw;
00063 mbedtls_x509_buf subject_raw;
00065 mbedtls_x509_name issuer;
00066 mbedtls_x509_name subject;
00068 mbedtls_x509_time valid_from;
00069 mbedtls_x509_time valid_to;
00071 mbedtls_pk_context pk;
00073 mbedtls_x509_buf issuer_id;
00074 mbedtls_x509_buf subject_id;
00075 mbedtls_x509_buf v3_ext;
00076 mbedtls_x509_sequence subject_alt_names;
00078 int ext_types;
00079 int ca_istrue;
00080 int max_pathlen;
00082 unsigned int key_usage;
00084 mbedtls_x509_sequence ext_key_usage;
00086 unsigned char ns_cert_type;
00088 mbedtls_x509_buf sig;
00089 mbedtls_md_type_t sig_md;
00090 mbedtls_pk_type_t sig_pk;
00091 void *sig_opts;
00093 struct mbedtls_x509_crt *next;
00094 }
00095 mbedtls_x509_crt;
00096
00101 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) )
00102
00108 typedef struct
00109 {
00110 uint32_t allowed_mds;
00111 uint32_t allowed_pks;
00112 uint32_t allowed_curves;
00113 uint32_t rsa_min_bitlen;
00114 }
00115 mbedtls_x509_crt_profile;
00116
00117 #define MBEDTLS_X509_CRT_VERSION_1 0
00118 #define MBEDTLS_X509_CRT_VERSION_2 1
00119 #define MBEDTLS_X509_CRT_VERSION_3 2
00120
00121 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
00122 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
00123
00124 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
00125 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
00126 #endif
00127
00131 typedef struct mbedtls_x509write_cert
00132 {
00133 int version;
00134 mbedtls_mpi serial;
00135 mbedtls_pk_context *subject_key;
00136 mbedtls_pk_context *issuer_key;
00137 mbedtls_asn1_named_data *subject;
00138 mbedtls_asn1_named_data *issuer;
00139 mbedtls_md_type_t md_alg;
00140 char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
00141 char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
00142 mbedtls_asn1_named_data *extensions;
00143 }
00144 mbedtls_x509write_cert;
00145
00146 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00147
00151 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
00152
00157 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
00158
00162 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
00163
00174 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
00175 size_t buflen );
00176
00207 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
00208
00209 #if defined(MBEDTLS_FS_IO)
00210
00223 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
00224
00238 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
00239 #endif
00240
00253 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
00254 const mbedtls_x509_crt *crt );
00255
00268 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
00269 uint32_t flags );
00270
00329 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
00330 mbedtls_x509_crt *trust_ca,
00331 mbedtls_x509_crl *ca_crl,
00332 const char *cn, uint32_t *flags,
00333 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
00334 void *p_vrfy );
00335
00363 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
00364 mbedtls_x509_crt *trust_ca,
00365 mbedtls_x509_crl *ca_crl,
00366 const mbedtls_x509_crt_profile *profile,
00367 const char *cn, uint32_t *flags,
00368 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
00369 void *p_vrfy );
00370
00371 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
00372
00393 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
00394 unsigned int usage );
00395 #endif
00396
00397 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
00398
00411 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
00412 const char *usage_oid,
00413 size_t usage_len );
00414 #endif
00415
00416 #if defined(MBEDTLS_X509_CRL_PARSE_C)
00417
00426 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
00427 #endif
00428
00434 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
00435
00441 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
00442 #endif
00443
00444
00445
00446
00447 #if defined(MBEDTLS_X509_CRT_WRITE_C)
00448
00453 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
00454
00463 void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
00464
00473 int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
00474
00489 int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
00490 const char *not_after );
00491
00504 int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
00505 const char *issuer_name );
00506
00519 int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
00520 const char *subject_name );
00521
00528 void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
00529
00536 void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
00537
00545 void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
00546
00560 int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
00561 const char *oid, size_t oid_len,
00562 int critical,
00563 const unsigned char *val, size_t val_len );
00564
00576 int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
00577 int is_ca, int max_pathlen );
00578
00579 #if defined(MBEDTLS_SHA1_C)
00580
00589 int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
00590
00600 int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
00601 #endif
00602
00612 int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
00613 unsigned int key_usage );
00614
00624 int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
00625 unsigned char ns_cert_type );
00626
00632 void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
00633
00654 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
00655 int (*f_rng)(void *, unsigned char *, size_t),
00656 void *p_rng );
00657
00658 #if defined(MBEDTLS_PEM_WRITE_C)
00659
00675 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
00676 int (*f_rng)(void *, unsigned char *, size_t),
00677 void *p_rng );
00678 #endif
00679 #endif
00680
00681 #ifdef __cplusplus
00682 }
00683 #endif
00684
00685 #endif