00001
00023 #ifndef MBEDTLS_X509_CRT_H
00024 #define MBEDTLS_X509_CRT_H
00025
00026 #if !defined(MBEDTLS_CONFIG_FILE)
00027 #include "config.h"
00028 #else
00029 #include MBEDTLS_CONFIG_FILE
00030 #endif
00031
00032 #include "x509.h"
00033 #include "x509_crl.h"
00034
00040 #ifdef __cplusplus
00041 extern "C" {
00042 #endif
00043
00052 typedef struct mbedtls_x509_crt
00053 {
00054 mbedtls_x509_buf raw;
00055 mbedtls_x509_buf tbs;
00057 int version;
00058 mbedtls_x509_buf serial;
00059 mbedtls_x509_buf sig_oid;
00061 mbedtls_x509_buf issuer_raw;
00062 mbedtls_x509_buf subject_raw;
00064 mbedtls_x509_name issuer;
00065 mbedtls_x509_name subject;
00067 mbedtls_x509_time valid_from;
00068 mbedtls_x509_time valid_to;
00070 mbedtls_pk_context pk;
00072 mbedtls_x509_buf issuer_id;
00073 mbedtls_x509_buf subject_id;
00074 mbedtls_x509_buf v3_ext;
00075 mbedtls_x509_sequence subject_alt_names;
00077 int ext_types;
00078 int ca_istrue;
00079 int max_pathlen;
00081 unsigned int key_usage;
00083 mbedtls_x509_sequence ext_key_usage;
00085 unsigned char ns_cert_type;
00087 mbedtls_x509_buf sig;
00088 mbedtls_md_type_t sig_md;
00089 mbedtls_pk_type_t sig_pk;
00090 void *sig_opts;
00092 struct mbedtls_x509_crt *next;
00093 }
00094 mbedtls_x509_crt;
00095
00100 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) )
00101
00107 typedef struct
00108 {
00109 uint32_t allowed_mds;
00110 uint32_t allowed_pks;
00111 uint32_t allowed_curves;
00112 uint32_t rsa_min_bitlen;
00113 }
00114 mbedtls_x509_crt_profile;
00115
00116 #define MBEDTLS_X509_CRT_VERSION_1 0
00117 #define MBEDTLS_X509_CRT_VERSION_2 1
00118 #define MBEDTLS_X509_CRT_VERSION_3 2
00119
00120 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
00121 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
00122
00126 typedef struct mbedtls_x509write_cert
00127 {
00128 int version;
00129 mbedtls_mpi serial;
00130 mbedtls_pk_context *subject_key;
00131 mbedtls_pk_context *issuer_key;
00132 mbedtls_asn1_named_data *subject;
00133 mbedtls_asn1_named_data *issuer;
00134 mbedtls_md_type_t md_alg;
00135 char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
00136 char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
00137 mbedtls_asn1_named_data *extensions;
00138 }
00139 mbedtls_x509write_cert;
00140
00141 #if defined(MBEDTLS_X509_CRT_PARSE_C)
00142
00146 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
00147
00152 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
00153
00157 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
00158
00169 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
00170 size_t buflen );
00171
00187 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
00188
00189 #if defined(MBEDTLS_FS_IO)
00190
00203 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
00204
00218 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
00219 #endif
00220
00233 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
00234 const mbedtls_x509_crt *crt );
00235
00248 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
00249 uint32_t flags );
00250
00295 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
00296 mbedtls_x509_crt *trust_ca,
00297 mbedtls_x509_crl *ca_crl,
00298 const char *cn, uint32_t *flags,
00299 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
00300 void *p_vrfy );
00301
00329 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
00330 mbedtls_x509_crt *trust_ca,
00331 mbedtls_x509_crl *ca_crl,
00332 const mbedtls_x509_crt_profile *profile,
00333 const char *cn, uint32_t *flags,
00334 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
00335 void *p_vrfy );
00336
00337 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
00338
00359 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
00360 unsigned int usage );
00361 #endif
00362
00363 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
00364
00376 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
00377 const char *usage_oid,
00378 size_t usage_len );
00379 #endif
00380
00381 #if defined(MBEDTLS_X509_CRL_PARSE_C)
00382
00391 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
00392 #endif
00393
00399 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
00400
00406 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
00407 #endif
00408
00409
00410
00411
00412 #if defined(MBEDTLS_X509_CRT_WRITE_C)
00413
00418 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
00419
00428 void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
00429
00438 int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
00439
00454 int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
00455 const char *not_after );
00456
00469 int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
00470 const char *issuer_name );
00471
00484 int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
00485 const char *subject_name );
00486
00493 void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
00494
00501 void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
00502
00510 void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
00511
00525 int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
00526 const char *oid, size_t oid_len,
00527 int critical,
00528 const unsigned char *val, size_t val_len );
00529
00541 int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
00542 int is_ca, int max_pathlen );
00543
00544 #if defined(MBEDTLS_SHA1_C)
00545
00554 int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
00555
00565 int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
00566 #endif
00567
00577 int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
00578 unsigned int key_usage );
00579
00589 int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
00590 unsigned char ns_cert_type );
00591
00597 void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
00598
00619 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
00620 int (*f_rng)(void *, unsigned char *, size_t),
00621 void *p_rng );
00622
00623 #if defined(MBEDTLS_PEM_WRITE_C)
00624
00640 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
00641 int (*f_rng)(void *, unsigned char *, size_t),
00642 void *p_rng );
00643 #endif
00644 #endif
00645
00646 #ifdef __cplusplus
00647 }
00648 #endif
00649
00650 #endif