x509_crt.h

Go to the documentation of this file.
00001 
00023 #ifndef MBEDTLS_X509_CRT_H
00024 #define MBEDTLS_X509_CRT_H
00025 
00026 #if !defined(MBEDTLS_CONFIG_FILE)
00027 #include "config.h"
00028 #else
00029 #include MBEDTLS_CONFIG_FILE
00030 #endif
00031 
00032 #include "x509.h"
00033 #include "x509_crl.h"
00034 
00040 #ifdef __cplusplus
00041 extern "C" {
00042 #endif
00043 
00052 typedef struct mbedtls_x509_crt
00053 {
00054     mbedtls_x509_buf raw;               
00055     mbedtls_x509_buf tbs;               
00057     int version;                
00058     mbedtls_x509_buf serial;            
00059     mbedtls_x509_buf sig_oid;           
00061     mbedtls_x509_buf issuer_raw;        
00062     mbedtls_x509_buf subject_raw;       
00064     mbedtls_x509_name issuer;           
00065     mbedtls_x509_name subject;          
00067     mbedtls_x509_time valid_from;       
00068     mbedtls_x509_time valid_to;         
00070     mbedtls_pk_context pk;              
00072     mbedtls_x509_buf issuer_id;         
00073     mbedtls_x509_buf subject_id;        
00074     mbedtls_x509_buf v3_ext;            
00075     mbedtls_x509_sequence subject_alt_names;    
00077     int ext_types;              
00078     int ca_istrue;              
00079     int max_pathlen;            
00081     unsigned int key_usage;     
00083     mbedtls_x509_sequence ext_key_usage; 
00085     unsigned char ns_cert_type; 
00087     mbedtls_x509_buf sig;               
00088     mbedtls_md_type_t sig_md;           
00089     mbedtls_pk_type_t sig_pk;           
00090     void *sig_opts;             
00092     struct mbedtls_x509_crt *next;     
00093 }
00094 mbedtls_x509_crt;
00095 
00100 #define MBEDTLS_X509_ID_FLAG( id )   ( 1 << ( id - 1 ) )
00101 
00107 typedef struct
00108 {
00109     uint32_t allowed_mds;       
00110     uint32_t allowed_pks;       
00111     uint32_t allowed_curves;    
00112     uint32_t rsa_min_bitlen;    
00113 }
00114 mbedtls_x509_crt_profile;
00115 
00116 #define MBEDTLS_X509_CRT_VERSION_1              0
00117 #define MBEDTLS_X509_CRT_VERSION_2              1
00118 #define MBEDTLS_X509_CRT_VERSION_3              2
00119 
00120 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
00121 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15
00122 
00123 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
00124 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
00125 #endif
00126 
00130 typedef struct mbedtls_x509write_cert
00131 {
00132     int version;
00133     mbedtls_mpi serial;
00134     mbedtls_pk_context *subject_key;
00135     mbedtls_pk_context *issuer_key;
00136     mbedtls_asn1_named_data *subject;
00137     mbedtls_asn1_named_data *issuer;
00138     mbedtls_md_type_t md_alg;
00139     char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
00140     char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
00141     mbedtls_asn1_named_data *extensions;
00142 }
00143 mbedtls_x509write_cert;
00144 
00145 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00146 
00150 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
00151 
00156 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
00157 
00161 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
00162 
00173 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
00174                         size_t buflen );
00175 
00191 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
00192 
00193 #if defined(MBEDTLS_FS_IO)
00194 
00207 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
00208 
00222 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
00223 #endif /* MBEDTLS_FS_IO */
00224 
00237 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
00238                    const mbedtls_x509_crt *crt );
00239 
00252 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
00253                           uint32_t flags );
00254 
00299 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
00300                      mbedtls_x509_crt *trust_ca,
00301                      mbedtls_x509_crl *ca_crl,
00302                      const char *cn, uint32_t *flags,
00303                      int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
00304                      void *p_vrfy );
00305 
00333 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
00334                      mbedtls_x509_crt *trust_ca,
00335                      mbedtls_x509_crl *ca_crl,
00336                      const mbedtls_x509_crt_profile *profile,
00337                      const char *cn, uint32_t *flags,
00338                      int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
00339                      void *p_vrfy );
00340 
00341 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
00342 
00363 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
00364                                       unsigned int usage );
00365 #endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
00366 
00367 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
00368 
00380 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
00381                                        const char *usage_oid,
00382                                        size_t usage_len );
00383 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) */
00384 
00385 #if defined(MBEDTLS_X509_CRL_PARSE_C)
00386 
00395 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
00396 #endif /* MBEDTLS_X509_CRL_PARSE_C */
00397 
00403 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
00404 
00410 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
00411 #endif /* MBEDTLS_X509_CRT_PARSE_C */
00412 
00413 /* \} name */
00414 /* \} addtogroup x509_module */
00415 
00416 #if defined(MBEDTLS_X509_CRT_WRITE_C)
00417 
00422 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
00423 
00432 void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
00433 
00442 int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
00443 
00458 int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
00459                                 const char *not_after );
00460 
00473 int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
00474                                    const char *issuer_name );
00475 
00488 int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
00489                                     const char *subject_name );
00490 
00497 void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
00498 
00505 void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
00506 
00514 void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
00515 
00529 int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
00530                                  const char *oid, size_t oid_len,
00531                                  int critical,
00532                                  const unsigned char *val, size_t val_len );
00533 
00545 int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
00546                                          int is_ca, int max_pathlen );
00547 
00548 #if defined(MBEDTLS_SHA1_C)
00549 
00558 int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
00559 
00569 int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
00570 #endif /* MBEDTLS_SHA1_C */
00571 
00581 int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
00582                                          unsigned int key_usage );
00583 
00593 int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
00594                                     unsigned char ns_cert_type );
00595 
00601 void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
00602 
00623 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
00624                        int (*f_rng)(void *, unsigned char *, size_t),
00625                        void *p_rng );
00626 
00627 #if defined(MBEDTLS_PEM_WRITE_C)
00628 
00644 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
00645                        int (*f_rng)(void *, unsigned char *, size_t),
00646                        void *p_rng );
00647 #endif /* MBEDTLS_PEM_WRITE_C */
00648 #endif /* MBEDTLS_X509_CRT_WRITE_C */
00649 
00650 #ifdef __cplusplus
00651 }
00652 #endif
00653 
00654 #endif /* mbedtls_x509_crt.h */

Generated on 11 Mar 2017 for mbed TLS v2.4.2 by  doxygen 1.4.7