x509.h

Go to the documentation of this file.
00001 
00023 #ifndef MBEDTLS_X509_H
00024 #define MBEDTLS_X509_H
00025 
00026 #if !defined(MBEDTLS_CONFIG_FILE)
00027 #include "config.h"
00028 #else
00029 #include MBEDTLS_CONFIG_FILE
00030 #endif
00031 
00032 #include "asn1.h"
00033 #include "pk.h"
00034 
00035 #if defined(MBEDTLS_RSA_C)
00036 #include "rsa.h"
00037 #endif
00038 
00044 #if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
00045 
00053 #define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
00054 #endif
00055 
00060 #define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE              -0x2080  
00061 #define MBEDTLS_ERR_X509_UNKNOWN_OID                      -0x2100  
00062 #define MBEDTLS_ERR_X509_INVALID_FORMAT                   -0x2180  
00063 #define MBEDTLS_ERR_X509_INVALID_VERSION                  -0x2200  
00064 #define MBEDTLS_ERR_X509_INVALID_SERIAL                   -0x2280  
00065 #define MBEDTLS_ERR_X509_INVALID_ALG                      -0x2300  
00066 #define MBEDTLS_ERR_X509_INVALID_NAME                     -0x2380  
00067 #define MBEDTLS_ERR_X509_INVALID_DATE                     -0x2400  
00068 #define MBEDTLS_ERR_X509_INVALID_SIGNATURE                -0x2480  
00069 #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS               -0x2500  
00070 #define MBEDTLS_ERR_X509_UNKNOWN_VERSION                  -0x2580  
00071 #define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG                  -0x2600  
00072 #define MBEDTLS_ERR_X509_SIG_MISMATCH                     -0x2680  
00073 #define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED               -0x2700  
00074 #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT              -0x2780  
00075 #define MBEDTLS_ERR_X509_BAD_INPUT_DATA                   -0x2800  
00076 #define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880  
00077 #define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900  
00078 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980  
00079 /* \} name */
00080 
00085 /* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
00086 #define MBEDTLS_X509_BADCERT_EXPIRED             0x01  
00087 #define MBEDTLS_X509_BADCERT_REVOKED             0x02  
00088 #define MBEDTLS_X509_BADCERT_CN_MISMATCH         0x04  
00089 #define MBEDTLS_X509_BADCERT_NOT_TRUSTED         0x08  
00090 #define MBEDTLS_X509_BADCRL_NOT_TRUSTED          0x10  
00091 #define MBEDTLS_X509_BADCRL_EXPIRED              0x20  
00092 #define MBEDTLS_X509_BADCERT_MISSING             0x40  
00093 #define MBEDTLS_X509_BADCERT_SKIP_VERIFY         0x80  
00094 #define MBEDTLS_X509_BADCERT_OTHER             0x0100  
00095 #define MBEDTLS_X509_BADCERT_FUTURE            0x0200  
00096 #define MBEDTLS_X509_BADCRL_FUTURE             0x0400  
00097 #define MBEDTLS_X509_BADCERT_KEY_USAGE         0x0800  
00098 #define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE     0x1000  
00099 #define MBEDTLS_X509_BADCERT_NS_CERT_TYPE      0x2000  
00100 #define MBEDTLS_X509_BADCERT_BAD_MD            0x4000  
00101 #define MBEDTLS_X509_BADCERT_BAD_PK            0x8000  
00102 #define MBEDTLS_X509_BADCERT_BAD_KEY         0x010000  
00103 #define MBEDTLS_X509_BADCRL_BAD_MD           0x020000  
00104 #define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  
00105 #define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  
00107 /* \} name */
00108 /* \} addtogroup x509_module */
00109 
00110 /*
00111  * X.509 v3 Key Usage Extension flags
00112  * Reminder: update x509_info_key_usage() when adding new flags.
00113  */
00114 #define MBEDTLS_X509_KU_DIGITAL_SIGNATURE            (0x80)  /* bit 0 */
00115 #define MBEDTLS_X509_KU_NON_REPUDIATION              (0x40)  /* bit 1 */
00116 #define MBEDTLS_X509_KU_KEY_ENCIPHERMENT             (0x20)  /* bit 2 */
00117 #define MBEDTLS_X509_KU_DATA_ENCIPHERMENT            (0x10)  /* bit 3 */
00118 #define MBEDTLS_X509_KU_KEY_AGREEMENT                (0x08)  /* bit 4 */
00119 #define MBEDTLS_X509_KU_KEY_CERT_SIGN                (0x04)  /* bit 5 */
00120 #define MBEDTLS_X509_KU_CRL_SIGN                     (0x02)  /* bit 6 */
00121 #define MBEDTLS_X509_KU_ENCIPHER_ONLY                (0x01)  /* bit 7 */
00122 #define MBEDTLS_X509_KU_DECIPHER_ONLY              (0x8000)  /* bit 8 */
00123 
00124 /*
00125  * Netscape certificate types
00126  * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
00127  */
00128 
00129 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT         (0x80)  /* bit 0 */
00130 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER         (0x40)  /* bit 1 */
00131 #define MBEDTLS_X509_NS_CERT_TYPE_EMAIL              (0x20)  /* bit 2 */
00132 #define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING     (0x10)  /* bit 3 */
00133 #define MBEDTLS_X509_NS_CERT_TYPE_RESERVED           (0x08)  /* bit 4 */
00134 #define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA             (0x04)  /* bit 5 */
00135 #define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA           (0x02)  /* bit 6 */
00136 #define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA  (0x01)  /* bit 7 */
00137 
00138 /*
00139  * X.509 extension types
00140  *
00141  * Comments refer to the status for using certificates. Status can be
00142  * different for writing certificates or reading CRLs or CSRs.
00143  */
00144 #define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER    (1 << 0)
00145 #define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER      (1 << 1)
00146 #define MBEDTLS_X509_EXT_KEY_USAGE                   (1 << 2)
00147 #define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES        (1 << 3)
00148 #define MBEDTLS_X509_EXT_POLICY_MAPPINGS             (1 << 4)
00149 #define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME            (1 << 5)    /* Supported (DNS) */
00150 #define MBEDTLS_X509_EXT_ISSUER_ALT_NAME             (1 << 6)
00151 #define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS     (1 << 7)
00152 #define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS           (1 << 8)    /* Supported */
00153 #define MBEDTLS_X509_EXT_NAME_CONSTRAINTS            (1 << 9)
00154 #define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS          (1 << 10)
00155 #define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE          (1 << 11)
00156 #define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS     (1 << 12)
00157 #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY          (1 << 13)
00158 #define MBEDTLS_X509_EXT_FRESHEST_CRL                (1 << 14)
00159 
00160 #define MBEDTLS_X509_EXT_NS_CERT_TYPE                (1 << 16)
00161 
00162 /*
00163  * Storage format identifiers
00164  * Recognized formats: PEM and DER
00165  */
00166 #define MBEDTLS_X509_FORMAT_DER                 1
00167 #define MBEDTLS_X509_FORMAT_PEM                 2
00168 
00169 #define MBEDTLS_X509_MAX_DN_NAME_SIZE         256 
00171 #ifdef __cplusplus
00172 extern "C" {
00173 #endif
00174 
00187 typedef mbedtls_asn1_buf mbedtls_x509_buf;
00188 
00192 typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring;
00193 
00198 typedef mbedtls_asn1_named_data mbedtls_x509_name;
00199 
00203 typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
00204 
00206 typedef struct mbedtls_x509_time
00207 {
00208     int year, mon, day;         
00209     int hour, min, sec;         
00210 }
00211 mbedtls_x509_time;
00212 
00227 int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
00228 
00240 int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
00241 
00254 int mbedtls_x509_time_is_past( const mbedtls_x509_time *time );
00255 
00268 int mbedtls_x509_time_is_future( const mbedtls_x509_time *time );
00269 
00275 int mbedtls_x509_self_test( int verbose );
00276 
00277 /*
00278  * Internal module functions. You probably do not want to use these unless you
00279  * know you do.
00280  */
00281 int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
00282                    mbedtls_x509_name *cur );
00283 int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
00284                        mbedtls_x509_buf *alg );
00285 int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
00286                   mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
00287 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
00288 int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
00289                                 mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
00290                                 int *salt_len );
00291 #endif
00292 int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
00293 int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
00294                       mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
00295                       void **sig_opts );
00296 int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
00297                    mbedtls_x509_time *time );
00298 int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
00299                      mbedtls_x509_buf *serial );
00300 int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
00301                   mbedtls_x509_buf *ext, int tag );
00302 int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
00303                        mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
00304                        const void *sig_opts );
00305 int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
00306 int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
00307 int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
00308                         int critical, const unsigned char *val,
00309                         size_t val_len );
00310 int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
00311                            mbedtls_asn1_named_data *first );
00312 int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
00313                       mbedtls_asn1_named_data *first );
00314 int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
00315                     const char *oid, size_t oid_len,
00316                     unsigned char *sig, size_t size );
00317 
00318 #define MBEDTLS_X509_SAFE_SNPRINTF                          \
00319     do {                                                    \
00320         if( ret < 0 || (size_t) ret >= n )                  \
00321             return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );    \
00322                                                             \
00323         n -= (size_t) ret;                                  \
00324         p += (size_t) ret;                                  \
00325     } while( 0 )
00326 
00327 #ifdef __cplusplus
00328 }
00329 #endif
00330 
00331 #endif /* x509.h */

Generated on 11 Mar 2017 for mbed TLS v2.4.2 by  doxygen 1.4.7