ReactOS 0.4.15-dev-7958-gcd0bb1a
x509_crt.h
Go to the documentation of this file.
1
6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 *
10 * This file is provided under the Apache License 2.0, or the
11 * GNU General Public License v2.0 or later.
12 *
13 * **********
14 * Apache License 2.0:
15 *
16 * Licensed under the Apache License, Version 2.0 (the "License"); you may
17 * not use this file except in compliance with the License.
18 * You may obtain a copy of the License at
19 *
20 * http://www.apache.org/licenses/LICENSE-2.0
21 *
22 * Unless required by applicable law or agreed to in writing, software
23 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
24 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
25 * See the License for the specific language governing permissions and
26 * limitations under the License.
27 *
28 * **********
29 *
30 * **********
31 * GNU General Public License v2.0 or later:
32 *
33 * This program is free software; you can redistribute it and/or modify
34 * it under the terms of the GNU General Public License as published by
35 * the Free Software Foundation; either version 2 of the License, or
36 * (at your option) any later version.
37 *
38 * This program is distributed in the hope that it will be useful,
39 * but WITHOUT ANY WARRANTY; without even the implied warranty of
40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
41 * GNU General Public License for more details.
42 *
43 * You should have received a copy of the GNU General Public License along
44 * with this program; if not, write to the Free Software Foundation, Inc.,
45 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
46 *
47 * **********
48 */
49#ifndef MBEDTLS_X509_CRT_H
50#define MBEDTLS_X509_CRT_H
51
52#if !defined(MBEDTLS_CONFIG_FILE)
53#include "config.h"
54#else
55#include MBEDTLS_CONFIG_FILE
56#endif
57
58#include "x509.h"
59#include "x509_crl.h"
60
66#ifdef __cplusplus
67extern "C" {
68#endif
69
78typedef struct mbedtls_x509_crt
79{
80 mbedtls_x509_buf raw;
81 mbedtls_x509_buf tbs;
83 int version;
84 mbedtls_x509_buf serial;
85 mbedtls_x509_buf sig_oid;
87 mbedtls_x509_buf issuer_raw;
88 mbedtls_x509_buf subject_raw;
90 mbedtls_x509_name issuer;
91 mbedtls_x509_name subject;
93 mbedtls_x509_time valid_from;
94 mbedtls_x509_time valid_to;
96 mbedtls_pk_context pk;
98 mbedtls_x509_buf issuer_id;
99 mbedtls_x509_buf subject_id;
100 mbedtls_x509_buf v3_ext;
101 mbedtls_x509_sequence subject_alt_names;
103 int ext_types;
104 int ca_istrue;
105 int max_pathlen;
107 unsigned int key_usage;
109 mbedtls_x509_sequence ext_key_usage;
111 unsigned char ns_cert_type;
113 mbedtls_x509_buf sig;
114 mbedtls_md_type_t sig_md;
115 mbedtls_pk_type_t sig_pk;
116 void *sig_opts;
118 struct mbedtls_x509_crt *next;
119}
120mbedtls_x509_crt;
121
126#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
127
133typedef struct mbedtls_x509_crt_profile
134{
135 uint32_t allowed_mds;
136 uint32_t allowed_pks;
137 uint32_t allowed_curves;
138 uint32_t rsa_min_bitlen;
139}
140mbedtls_x509_crt_profile;
141
142#define MBEDTLS_X509_CRT_VERSION_1 0
143#define MBEDTLS_X509_CRT_VERSION_2 1
144#define MBEDTLS_X509_CRT_VERSION_3 2
145
146#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
147#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
148
149#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
150#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
151#endif
152
156typedef struct mbedtls_x509write_cert
157{
158 int version;
159 mbedtls_mpi serial;
160 mbedtls_pk_context *subject_key;
161 mbedtls_pk_context *issuer_key;
162 mbedtls_asn1_named_data *subject;
163 mbedtls_asn1_named_data *issuer;
164 mbedtls_md_type_t md_alg;
165 char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
166 char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
167 mbedtls_asn1_named_data *extensions;
168}
169mbedtls_x509write_cert;
170
174typedef struct {
175 mbedtls_x509_crt *crt;
176 uint32_t flags;
177} mbedtls_x509_crt_verify_chain_item;
178
182#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
183
187typedef struct
188{
189 mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
190 unsigned len;
191} mbedtls_x509_crt_verify_chain;
192
193#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
194
198typedef struct
199{
200 /* for check_signature() */
201 mbedtls_pk_restart_ctx pk;
202
203 /* for find_parent_in() */
204 mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
205 mbedtls_x509_crt *fallback_parent;
206 int fallback_signature_is_good;
207
208 /* for find_parent() */
209 int parent_is_trusted; /* -1 if find_parent is not in progress */
210
211 /* for verify_chain() */
212 enum {
213 x509_crt_rs_none,
214 x509_crt_rs_find_parent,
215 } in_progress; /* none if no operation is in progress */
216 int self_cnt;
217 mbedtls_x509_crt_verify_chain ver_chain;
218
219} mbedtls_x509_crt_restart_ctx;
220
221#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
222
223/* Now we can declare functions that take a pointer to that */
224typedef void mbedtls_x509_crt_restart_ctx;
225
226#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
227
228#if defined(MBEDTLS_X509_CRT_PARSE_C)
242extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
243
248extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
249
253extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
254
265int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf,
266 size_t buflen );
267
298int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
299
300#if defined(MBEDTLS_FS_IO)
314int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
315
329int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
330#endif /* MBEDTLS_FS_IO */
331
344int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
345 const mbedtls_x509_crt *crt );
346
359int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
360 uint32_t flags );
361
420int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
421 mbedtls_x509_crt *trust_ca,
422 mbedtls_x509_crl *ca_crl,
423 const char *cn, uint32_t *flags,
424 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
425 void *p_vrfy );
426
454int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
455 mbedtls_x509_crt *trust_ca,
456 mbedtls_x509_crl *ca_crl,
457 const mbedtls_x509_crt_profile *profile,
458 const char *cn, uint32_t *flags,
459 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
460 void *p_vrfy );
461
484int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
485 mbedtls_x509_crt *trust_ca,
486 mbedtls_x509_crl *ca_crl,
487 const mbedtls_x509_crt_profile *profile,
488 const char *cn, uint32_t *flags,
489 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
490 void *p_vrfy,
491 mbedtls_x509_crt_restart_ctx *rs_ctx );
492
493#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
515int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
516 unsigned int usage );
517#endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
518
519#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
533int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
534 const char *usage_oid,
535 size_t usage_len );
536#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
537
538#if defined(MBEDTLS_X509_CRL_PARSE_C)
548int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
549#endif /* MBEDTLS_X509_CRL_PARSE_C */
550
556void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
557
563void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
564
565#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
569void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
570
574void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
575#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
576#endif /* MBEDTLS_X509_CRT_PARSE_C */
577
578/* \} name */
579/* \} addtogroup x509_module */
580
581#if defined(MBEDTLS_X509_CRT_WRITE_C)
587void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
588
597void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
598
607int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
608
623int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
624 const char *not_after );
625
638int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
639 const char *issuer_name );
640
653int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
654 const char *subject_name );
655
662void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
663
670void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
671
679void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
680
694int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
695 const char *oid, size_t oid_len,
696 int critical,
697 const unsigned char *val, size_t val_len );
698
710int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
711 int is_ca, int max_pathlen );
712
713#if defined(MBEDTLS_SHA1_C)
723int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
724
734int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
735#endif /* MBEDTLS_SHA1_C */
736
746int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
747 unsigned int key_usage );
748
758int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
759 unsigned char ns_cert_type );
760
766void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
767
788int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
789 int (*f_rng)(void *, unsigned char *, size_t),
790 void *p_rng );
791
792#if defined(MBEDTLS_PEM_WRITE_C)
809int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
810 int (*f_rng)(void *, unsigned char *, size_t),
811 void *p_rng );
812#endif /* MBEDTLS_PEM_WRITE_C */
813#endif /* MBEDTLS_X509_CRT_WRITE_C */
814
815#ifdef __cplusplus
816}
817#endif
818
819#endif /* mbedtls_x509_crt.h */
uint32_t
UINT32 uint32_t
Definition: types.h:75
version
static const WCHAR version[]
Definition: asmname.c:66
parent
r parent
Definition: btrfs.c:3010
serial
uint32_t serial
Definition: fsck.fat.h:29
size
GLsizeiptr size
Definition: glext.h:5919
buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
flags
GLbitfield flags
Definition: glext.h:7161
val
GLuint GLfloat * val
Definition: glext.h:7180
usage
GLsizeiptr const GLvoid GLenum usage
Definition: glext.h:5919
mbedtls_x509_crt_parse_der
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
mbedtls_x509_crt_init
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
mbedtls_x509_crt_parse
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
mbedtls_x509_crt::valid_to
mbedtls_x509_time valid_to
Definition: x509_crt.h:94
mbedtls_x509_crt_profile::rsa_min_bitlen
uint32_t rsa_min_bitlen
Definition: x509_crt.h:138
mbedtls_x509_crt_check_key_usage
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
mbedtls_x509_crt_verify_chain_item::crt
mbedtls_x509_crt * crt
Definition: x509_crt.h:175
mbedtls_x509_crt_profile::allowed_mds
uint32_t allowed_mds
Definition: x509_crt.h:135
mbedtls_x509_crt::sig_oid
mbedtls_x509_buf sig_oid
Definition: x509_crt.h:85
mbedtls_x509_crt_profile::allowed_pks
uint32_t allowed_pks
Definition: x509_crt.h:136
mbedtls_x509_crt::ca_istrue
int ca_istrue
Definition: x509_crt.h:104
mbedtls_x509_crt::subject_alt_names
mbedtls_x509_sequence subject_alt_names
Definition: x509_crt.h:101
mbedtls_x509_crt_restart_ctx
void mbedtls_x509_crt_restart_ctx
Definition: x509_crt.h:224
mbedtls_x509write_cert::md_alg
mbedtls_md_type_t md_alg
Definition: x509_crt.h:164
mbedtls_x509_crt_verify_restartable
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Restartable version of mbedtls_crt_verify_with_profile()
mbedtls_x509_crt::key_usage
unsigned int key_usage
Definition: x509_crt.h:107
mbedtls_x509_crt::tbs
mbedtls_x509_buf tbs
Definition: x509_crt.h:81
mbedtls_x509write_cert::issuer_key
mbedtls_pk_context * issuer_key
Definition: x509_crt.h:161
MBEDTLS_X509_RFC5280_UTC_TIME_LEN
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
Definition: x509_crt.h:147
MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
Definition: x509_crt.h:182
mbedtls_x509_crt::raw
mbedtls_x509_buf raw
Definition: x509_crt.h:80
mbedtls_x509_crt::serial
mbedtls_x509_buf serial
Definition: x509_crt.h:84
mbedtls_x509_crt::sig_md
mbedtls_md_type_t sig_md
Definition: x509_crt.h:114
mbedtls_x509_crt::ext_types
int ext_types
Definition: x509_crt.h:103
mbedtls_x509_crt_verify_chain_item::flags
uint32_t flags
Definition: x509_crt.h:176
mbedtls_x509_crt::pk
mbedtls_pk_context pk
Definition: x509_crt.h:96
mbedtls_x509_crt::sig_pk
mbedtls_pk_type_t sig_pk
Definition: x509_crt.h:115
mbedtls_x509_crt::sig_opts
void * sig_opts
Definition: x509_crt.h:116
mbedtls_x509_crt::v3_ext
mbedtls_x509_buf v3_ext
Definition: x509_crt.h:100
mbedtls_x509_crt::issuer_id
mbedtls_x509_buf issuer_id
Definition: x509_crt.h:98
mbedtls_x509write_cert::issuer
mbedtls_asn1_named_data * issuer
Definition: x509_crt.h:163
mbedtls_x509write_cert::not_after
char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
Definition: x509_crt.h:166
mbedtls_x509_crt_verify_chain::len
unsigned len
Definition: x509_crt.h:190
mbedtls_x509_crt::subject
mbedtls_x509_name subject
Definition: x509_crt.h:91
mbedtls_x509_crt_profile::allowed_curves
uint32_t allowed_curves
Definition: x509_crt.h:137
mbedtls_x509_crt::version
int version
Definition: x509_crt.h:83
mbedtls_x509_crt_profile_next
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
mbedtls_x509write_cert::subject
mbedtls_asn1_named_data * subject
Definition: x509_crt.h:162
mbedtls_x509_crt_verify
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify the certificate signature.
mbedtls_x509_crt_profile_default
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
mbedtls_x509write_cert::version
int version
Definition: x509_crt.h:158
mbedtls_x509_crt::valid_from
mbedtls_x509_time valid_from
Definition: x509_crt.h:93
mbedtls_x509_crt::max_pathlen
int max_pathlen
Definition: x509_crt.h:105
mbedtls_x509_crt_free
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
mbedtls_x509write_cert::serial
mbedtls_mpi serial
Definition: x509_crt.h:159
mbedtls_x509_crt_info
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt)
Returns an informational string about the certificate.
mbedtls_x509_crt::subject_raw
mbedtls_x509_buf subject_raw
Definition: x509_crt.h:88
mbedtls_x509write_cert::subject_key
mbedtls_pk_context * subject_key
Definition: x509_crt.h:160
mbedtls_x509_crt::ext_key_usage
mbedtls_x509_sequence ext_key_usage
Definition: x509_crt.h:109
mbedtls_x509_crt::next
struct mbedtls_x509_crt * next
Definition: x509_crt.h:118
mbedtls_x509write_cert::extensions
mbedtls_asn1_named_data * extensions
Definition: x509_crt.h:167
mbedtls_x509_crt_check_extended_key_usage
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
mbedtls_x509write_cert::not_before
char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
Definition: x509_crt.h:165
mbedtls_x509_crt::subject_id
mbedtls_x509_buf subject_id
Definition: x509_crt.h:99
mbedtls_x509_crt::ns_cert_type
unsigned char ns_cert_type
Definition: x509_crt.h:111
mbedtls_x509_crt::issuer
mbedtls_x509_name issuer
Definition: x509_crt.h:90
mbedtls_x509_crt_verify_info
int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, uint32_t flags)
Returns an informational string about the verification status of a certificate.
mbedtls_x509_crt::sig
mbedtls_x509_buf sig
Definition: x509_crt.h:113
mbedtls_x509_crt_verify_with_profile
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify the certificate signature according to profile.
mbedtls_x509_crt_profile_suiteb
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
mbedtls_x509_crt::issuer_raw
mbedtls_x509_buf issuer_raw
Definition: x509_crt.h:87
profile
#define profile
Definition: kernel32.h:12
mbedtls_md_type_t
mbedtls_md_type_t
Supported message digests.
Definition: md.h:83
cn
static BYTE cn[]
Definition: cert.c:2938
crl
static const BYTE crl[]
Definition: message.c:864
items
static TCHAR * items[]
Definition: page1.c:45
mbedtls_pk_type_t
mbedtls_pk_type_t
Public key types.
Definition: pk.h:103
key
Definition: copy.c:22
mbedtls_asn1_buf
Definition: asn1.h:160
mbedtls_asn1_named_data
Definition: asn1.h:192
mbedtls_asn1_sequence
Definition: asn1.h:182
mbedtls_mpi
MPI structure.
Definition: bignum.h:211
mbedtls_pk_context
Public key container.
Definition: pk.h:156
mbedtls_x509_crl
Definition: x509_crl.h:96
mbedtls_x509_crt_profile
Definition: x509_crt.h:134
mbedtls_x509_crt_verify_chain_item
Definition: x509_crt.h:174
mbedtls_x509_crt_verify_chain
Definition: x509_crt.h:188
mbedtls_x509_crt
Definition: x509_crt.h:79
mbedtls_x509_time
Definition: x509.h:234
mbedtls_x509write_cert
Definition: x509_crt.h:157
chain
struct sock * chain
Definition: tcpcore.h:1
x509.h
X.509 generic defines and structures.
x509_crl.h
X.509 certificate revocation list parsing.