ReactOS 0.4.16-dev-340-g0540c21
|
Classes | |
struct | mbedtls_x509_time |
struct | mbedtls_x509_crl_entry |
struct | mbedtls_x509_crl |
struct | mbedtls_x509_crt |
struct | mbedtls_x509_crt_profile |
struct | mbedtls_x509write_cert |
struct | mbedtls_x509_crt_verify_chain_item |
struct | mbedtls_x509_crt_verify_chain |
struct | mbedtls_x509_csr |
struct | mbedtls_x509write_csr |
Macros | |
#define | MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 |
#define | MBEDTLS_X509_SAFE_SNPRINTF |
Structures for parsing X.509 certificates, CRLs and CSRs | |
typedef mbedtls_asn1_buf | mbedtls_x509_buf |
typedef mbedtls_asn1_bitstring | mbedtls_x509_bitstring |
typedef mbedtls_asn1_named_data | mbedtls_x509_name |
typedef mbedtls_asn1_sequence | mbedtls_x509_sequence |
typedef struct mbedtls_x509_time | mbedtls_x509_time |
Structures and functions for parsing CRLs | |
typedef struct mbedtls_x509_crl_entry | mbedtls_x509_crl_entry |
typedef struct mbedtls_x509_crl | mbedtls_x509_crl |
int | mbedtls_x509_crl_parse_der (mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen) |
Parse a DER-encoded CRL and append it to the chained list. | |
int | mbedtls_x509_crl_parse (mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen) |
Parse one or more CRLs and append them to the chained list. | |
int | mbedtls_x509_crl_info (char *buf, size_t size, const char *prefix, const mbedtls_x509_crl *crl) |
Returns an informational string about the CRL. | |
void | mbedtls_x509_crl_init (mbedtls_x509_crl *crl) |
Initialize a CRL (chain) | |
void | mbedtls_x509_crl_free (mbedtls_x509_crl *crl) |
Unallocate all CRL data. | |
Structures and functions for X.509 Certificate Signing Requests (CSR) | |
typedef struct mbedtls_x509_csr | mbedtls_x509_csr |
typedef struct mbedtls_x509write_csr | mbedtls_x509write_csr |
X509 Error codes | |
#define | MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 |
#define | MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100 |
#define | MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 |
#define | MBEDTLS_ERR_X509_INVALID_VERSION -0x2200 |
#define | MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280 |
#define | MBEDTLS_ERR_X509_INVALID_ALG -0x2300 |
#define | MBEDTLS_ERR_X509_INVALID_NAME -0x2380 |
#define | MBEDTLS_ERR_X509_INVALID_DATE -0x2400 |
#define | MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 |
#define | MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 |
#define | MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580 |
#define | MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600 |
#define | MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 |
#define | MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 |
#define | MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 |
#define | MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 |
#define | MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 |
#define | MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 |
#define | MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 |
#define | MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 |
#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 |
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 |
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 |
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 |
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 |
#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 |
#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 |
#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 |
#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300 |
#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 |
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 |
#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 |
#define MBEDTLS_ERR_X509_INVALID_NAME -0x2380 |
#define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280 |
#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480 |
#define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200 |
#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 |
Signature algorithms do not match. (see mbedtls_x509_crt
sig_oid)
#define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100 |
#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600 |
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580 |
#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 |
#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000 |
#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000 |
#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 |
#define MBEDTLS_X509_BADCERT_EXPIRED 0x01 |
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 |
#define MBEDTLS_X509_BADCERT_FUTURE 0x0200 |
#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 |
#define MBEDTLS_X509_BADCERT_MISSING 0x40 |
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 |
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 |
#define MBEDTLS_X509_BADCERT_OTHER 0x0100 |
#define MBEDTLS_X509_BADCERT_REVOKED 0x02 |
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 |
#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000 |
#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000 |
#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 |
#define MBEDTLS_X509_BADCRL_FUTURE 0x0400 |
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 |
#define MBEDTLS_X509_CRT_VERSION_1 0 |
Definition at line 142 of file x509_crt.h.
#define MBEDTLS_X509_CRT_VERSION_2 1 |
Definition at line 143 of file x509_crt.h.
#define MBEDTLS_X509_CRT_VERSION_3 2 |
Definition at line 144 of file x509_crt.h.
Build flag from an algorithm/curve identifier (pk, md, ecp) Since 0 is always XXX_NONE, ignore it.
Definition at line 126 of file x509_crt.h.
#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256 |
#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 |
Definition at line 150 of file x509_crt.h.
#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 |
Maximum number of intermediate CAs in a verification chain. That is, maximum length of the chain, excluding the end-entity certificate and the trusted root certificate.
Set this to a low value to prevent an adversary from making you waste resources verifying an overlong certificate chain.
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) |
Max size of verification chain: end-entity + intermediates + trusted root
Definition at line 182 of file x509_crt.h.
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ |
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */ |
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ |
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */ |
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */ |
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ |
#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32 |
Definition at line 146 of file x509_crt.h.
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15 |
Definition at line 147 of file x509_crt.h.
#define MBEDTLS_X509_SAFE_SNPRINTF |
typedef mbedtls_asn1_buf mbedtls_x509_buf |
typedef struct mbedtls_x509_crl mbedtls_x509_crl |
Certificate revocation list structure. Every CRL may have multiple entries.
Certificate revocation list entry. Contains the CA-specific serial numbers and revocation dates.
typedef struct mbedtls_x509_crt mbedtls_x509_crt |
Container for an X.509 certificate. The certificate may be chained.
Security profile for certificate verification.
All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
typedef void mbedtls_x509_crt_restart_ctx |
Definition at line 224 of file x509_crt.h.
typedef struct mbedtls_x509_csr mbedtls_x509_csr |
Certificate Signing Request (CSR) structure.
typedef struct mbedtls_x509_time mbedtls_x509_time |
Container for date and time (precision in seconds).
Container for writing a certificate (CRT)
Container for writing a CSR
int mbedtls_dhm_parse_dhm | ( | mbedtls_dhm_context * | dhm, |
const unsigned char * | dhmin, | ||
size_t | dhminlen | ||
) |
This function parses DHM parameters in PEM or DER format.
dhm | The DHM context to import the DHM parameters into. This must be initialized. |
dhmin | The input buffer. This must be a readable buffer of length dhminlen Bytes. |
dhminlen | The size of the input buffer dhmin , including the terminating NULL Byte for PEM data. |
0
on success. MBEDTLS_ERR_DHM_XXX
or MBEDTLS_ERR_PEM_XXX
error code on failure. void mbedtls_x509_crl_free | ( | mbedtls_x509_crl * | crl | ) |
Unallocate all CRL data.
crl | CRL chain to free |
void mbedtls_x509_crl_init | ( | mbedtls_x509_crl * | crl | ) |
Initialize a CRL (chain)
crl | CRL chain to initialize |
Parse one or more CRLs and append them to the chained list.
chain | points to the start of the chain |
buf | buffer holding the CRL data in PEM or DER format |
buflen | size of the buffer (including the terminating null byte for PEM data) |
int mbedtls_x509_crl_parse_der | ( | mbedtls_x509_crl * | chain, |
const unsigned char * | buf, | ||
size_t | buflen | ||
) |
Parse a DER-encoded CRL and append it to the chained list.
chain | points to the start of the chain |
buf | buffer holding the CRL data in DER format |
buflen | size of the buffer (including the terminating null byte for PEM data) |
int mbedtls_x509_crt_check_extended_key_usage | ( | const mbedtls_x509_crt * | crt, |
const char * | usage_oid, | ||
size_t | usage_len | ||
) |
Check usage of certificate against extendedKeyUsage.
crt | Leaf certificate used. |
usage_oid | Intended usage (eg MBEDTLS_OID_SERVER_AUTH or MBEDTLS_OID_CLIENT_AUTH). |
usage_len | Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). |
int mbedtls_x509_crt_check_key_usage | ( | const mbedtls_x509_crt * | crt, |
unsigned int | usage | ||
) |
Check usage of certificate against keyUsage extension.
crt | Leaf certificate used. |
usage | Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT before using the certificate to perform an RSA key exchange). |
mbedtls_x509_crt_verify()
. void mbedtls_x509_crt_free | ( | mbedtls_x509_crt * | crt | ) |
Unallocate all certificate data.
crt | Certificate chain to free |
void mbedtls_x509_crt_init | ( | mbedtls_x509_crt * | crt | ) |
Initialize a certificate (chain)
crt | Certificate chain to initialize |
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chained list.
For CRTs in PEM encoding, the function parses permissively: if at least one certificate can be parsed, the function returns the number of certificates for which parsing failed (hence 0
if all certificates were parsed successfully). If no certificate could be parsed, the function returns the first (negative) error encountered during parsing.
PEM encoded certificates may be interleaved by other data such as human readable descriptions of their content, as long as the certificates are enclosed in the PEM specific '--—{BEGIN/END} CERTIFICATE--—' delimiters.
chain | The chain to which to add the parsed certificates. |
buf | The buffer holding the certificate data in PEM or DER format. For certificates in PEM encoding, this may be a concatenation of multiple certificates; for DER encoding, the buffer must comprise exactly one certificate. |
buflen | The size of buf , including the terminating NULL byte in case of PEM encoded data. |
0
if all certificates were parsed successfully. int mbedtls_x509_crt_parse_der | ( | mbedtls_x509_crt * | chain, |
const unsigned char * | buf, | ||
size_t | buflen | ||
) |
Parse a single DER formatted certificate and add it to the chained list.
chain | points to the start of the chain |
buf | buffer holding the certificate DER data |
buflen | size of the buffer |
int mbedtls_x509_crt_verify | ( | mbedtls_x509_crt * | crt, |
mbedtls_x509_crt * | trust_ca, | ||
mbedtls_x509_crl * | ca_crl, | ||
const char * | cn, | ||
uint32_t * | flags, | ||
int(*)(void *, mbedtls_x509_crt *, int, uint32_t *) | f_vrfy, | ||
void * | p_vrfy | ||
) |
Verify the certificate signature.
The verify callback is a user-supplied callback that can clear / modify / add flags for a certificate. If set, the verification callback is called for each certificate in the chain (from the trust-ca down to the presented crt). The parameters for the callback are: (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, int *flags). With the flags representing current flags for that specific certificate and the certificate depth from the bottom (Peer cert depth = 0). All flags left after returning from the callback are also returned to the application. The function should return 0 for anything (including invalid certificates) other than fatal error, as a non-zero return code immediately aborts the verification process. For fatal errors, a specific error code should be used (different from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR can be used if no better code is available.
mbedtls_x509_crt_verify_info()
mbedtls_x509_crt_verify_with_profile()
with the default security profile.trust_ca
list can contain two types of certificates: (1) those of trusted root CAs, so that certificates chaining up to those CAs will be trusted, and (2) self-signed end-entity certificates to be trusted (for specific peers you know) - in that case, the self-signed certificate doesn't need to have the CA bit set.crt | a certificate (chain) to be verified |
trust_ca | the list of trusted CAs (see note above) |
ca_crl | the list of CRLs for trusted CAs (see note above) |
cn | expected Common Name (can be set to NULL if the CN must not be verified) |
flags | result of the verification |
f_vrfy | verification function |
p_vrfy | verification parameter |
Returns an informational string about the verification status of a certificate.
buf | Buffer to write to |
size | Maximum size of buffer |
prefix | A line prefix |
flags | Verification flags created by mbedtls_x509_crt_verify() |
int mbedtls_x509_crt_verify_restartable | ( | mbedtls_x509_crt * | crt, |
mbedtls_x509_crt * | trust_ca, | ||
mbedtls_x509_crl * | ca_crl, | ||
const mbedtls_x509_crt_profile * | profile, | ||
const char * | cn, | ||
uint32_t * | flags, | ||
int(*)(void *, mbedtls_x509_crt *, int, uint32_t *) | f_vrfy, | ||
void * | p_vrfy, | ||
mbedtls_x509_crt_restart_ctx * | rs_ctx | ||
) |
Restartable version of mbedtls_crt_verify_with_profile()
mbedtls_crt_verify_with_profile()
but can return early and restart according to the limit set with mbedtls_ecp_set_max_ops()
to reduce blocking.crt | a certificate (chain) to be verified |
trust_ca | the list of trusted CAs |
ca_crl | the list of CRLs for trusted CAs |
profile | security profile for verification |
cn | expected Common Name (can be set to NULL if the CN must not be verified) |
flags | result of the verification |
f_vrfy | verification function |
p_vrfy | verification parameter |
rs_ctx | restart context (NULL to disable restart) |
mbedtls_crt_verify_with_profile()
, or mbedtls_ecp_set_max_ops()
. int mbedtls_x509_crt_verify_with_profile | ( | mbedtls_x509_crt * | crt, |
mbedtls_x509_crt * | trust_ca, | ||
mbedtls_x509_crl * | ca_crl, | ||
const mbedtls_x509_crt_profile * | profile, | ||
const char * | cn, | ||
uint32_t * | flags, | ||
int(*)(void *, mbedtls_x509_crt *, int, uint32_t *) | f_vrfy, | ||
void * | p_vrfy | ||
) |
Verify the certificate signature according to profile.
mbedtls_x509_crt_verify()
, but with explicit security profile.crt | a certificate (chain) to be verified |
trust_ca | the list of trusted CAs |
ca_crl | the list of CRLs for trusted CAs |
profile | security profile for verification |
cn | expected Common Name (can be set to NULL if the CN must not be verified) |
flags | result of the verification |
f_vrfy | verification function |
p_vrfy | verification parameter |
int mbedtls_x509_dn_gets | ( | char * | buf, |
size_t | size, | ||
const mbedtls_x509_name * | dn | ||
) |
Store the certificate DN in printable form into buf; no more than size characters will be written.
buf | Buffer to write to |
size | Maximum size of buffer |
dn | The X509 name to represent |
int mbedtls_x509_get_alg | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
mbedtls_x509_buf * | alg, | ||
mbedtls_x509_buf * | params | ||
) |
int mbedtls_x509_get_alg_null | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
mbedtls_x509_buf * | alg | ||
) |
int mbedtls_x509_get_ext | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
mbedtls_x509_buf * | ext, | ||
int | tag | ||
) |
int mbedtls_x509_get_name | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
mbedtls_x509_name * | cur | ||
) |
int mbedtls_x509_get_rsassa_pss_params | ( | const mbedtls_x509_buf * | params, |
mbedtls_md_type_t * | md_alg, | ||
mbedtls_md_type_t * | mgf_md, | ||
int * | salt_len | ||
) |
int mbedtls_x509_get_serial | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
mbedtls_x509_buf * | serial | ||
) |
int mbedtls_x509_get_sig_alg | ( | const mbedtls_x509_buf * | sig_oid, |
const mbedtls_x509_buf * | sig_params, | ||
mbedtls_md_type_t * | md_alg, | ||
mbedtls_pk_type_t * | pk_alg, | ||
void ** | sig_opts | ||
) |
int mbedtls_x509_serial_gets | ( | char * | buf, |
size_t | size, | ||
const mbedtls_x509_buf * | serial | ||
) |
Store the certificate serial in printable form into buf; no more than size characters will be written.
buf | Buffer to write to |
size | Maximum size of buffer |
serial | The X509 serial to represent |
int mbedtls_x509_set_extension | ( | mbedtls_asn1_named_data ** | head, |
const char * | oid, | ||
size_t | oid_len, | ||
int | critical, | ||
const unsigned char * | val, | ||
size_t | val_len | ||
) |
int mbedtls_x509_sig_alg_gets | ( | char * | buf, |
size_t | size, | ||
const mbedtls_x509_buf * | sig_oid, | ||
mbedtls_pk_type_t | pk_alg, | ||
mbedtls_md_type_t | md_alg, | ||
const void * | sig_opts | ||
) |
int mbedtls_x509_string_to_names | ( | mbedtls_asn1_named_data ** | head, |
const char * | name | ||
) |
int mbedtls_x509_time_is_future | ( | const mbedtls_x509_time * | from | ) |
Check a given mbedtls_x509_time against the system time and tell if it's in the future.
from | mbedtls_x509_time to check |
int mbedtls_x509_time_is_past | ( | const mbedtls_x509_time * | to | ) |
Check a given mbedtls_x509_time against the system time and tell if it's in the past.
to | mbedtls_x509_time to check |
int mbedtls_x509_write_extensions | ( | unsigned char ** | p, |
unsigned char * | start, | ||
mbedtls_asn1_named_data * | first | ||
) |
int mbedtls_x509_write_names | ( | unsigned char ** | p, |
unsigned char * | start, | ||
mbedtls_asn1_named_data * | first | ||
) |
int mbedtls_x509_write_sig | ( | unsigned char ** | p, |
unsigned char * | start, | ||
const char * | oid, | ||
size_t | oid_len, | ||
unsigned char * | sig, | ||
size_t | size | ||
) |
uint32_t mbedtls_x509_crt_profile::allowed_curves |
Elliptic curves for ECDSA
Definition at line 137 of file x509_crt.h.
uint32_t mbedtls_x509_crt_profile::allowed_mds |
MDs for signatures
Definition at line 135 of file x509_crt.h.
uint32_t mbedtls_x509_crt_profile::allowed_pks |
PK algs for signatures
Definition at line 136 of file x509_crt.h.
int mbedtls_x509_crt::ca_istrue |
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise.
Definition at line 104 of file x509_crt.h.
mbedtls_x509_buf mbedtls_x509_csr::cri |
The raw CertificateRequestInfo body (DER).
Definition at line 79 of file x509_csr.h.
mbedtls_x509_buf mbedtls_x509_crl::crl_ext |
Definition at line 112 of file x509_crl.h.
mbedtls_x509_crt* mbedtls_x509_crt_verify_chain_item::crt |
Definition at line 175 of file x509_crt.h.
mbedtls_x509_crl_entry mbedtls_x509_crl::entry |
The CRL entries containing the certificate revocation times for this CA.
Definition at line 110 of file x509_crl.h.
mbedtls_x509_buf mbedtls_x509_crl_entry::entry_ext |
Definition at line 85 of file x509_crl.h.
mbedtls_x509_sequence mbedtls_x509_crt::ext_key_usage |
Optional list of extended key usage OIDs.
Definition at line 109 of file x509_crt.h.
int mbedtls_x509_crt::ext_types |
Bit string containing detected and parsed extensions
Definition at line 103 of file x509_crt.h.
mbedtls_asn1_named_data* mbedtls_x509write_cert::extensions |
Definition at line 167 of file x509_crt.h.
mbedtls_asn1_named_data* mbedtls_x509write_csr::extensions |
Definition at line 104 of file x509_csr.h.
uint32_t mbedtls_x509_crt_verify_chain_item::flags |
Definition at line 176 of file x509_crt.h.
mbedtls_x509_name mbedtls_x509_crl::issuer |
The parsed issuer data (named information object).
Definition at line 105 of file x509_crl.h.
mbedtls_x509_name mbedtls_x509_crt::issuer |
The parsed issuer data (named information object).
Definition at line 90 of file x509_crt.h.
mbedtls_asn1_named_data* mbedtls_x509write_cert::issuer |
Definition at line 163 of file x509_crt.h.
mbedtls_x509_buf mbedtls_x509_crt::issuer_id |
Optional X.509 v2/v3 issuer unique identifier.
Definition at line 98 of file x509_crt.h.
mbedtls_pk_context* mbedtls_x509write_cert::issuer_key |
Definition at line 161 of file x509_crt.h.
mbedtls_x509_buf mbedtls_x509_crl::issuer_raw |
The raw issuer data (DER).
Definition at line 103 of file x509_crl.h.
mbedtls_x509_buf mbedtls_x509_crt::issuer_raw |
The raw issuer data (DER). Used for quick comparison.
Definition at line 87 of file x509_crt.h.
mbedtls_x509_crt_verify_chain_item mbedtls_x509_crt_verify_chain::items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE] |
Definition at line 189 of file x509_crt.h.
mbedtls_pk_context* mbedtls_x509write_csr::key |
Definition at line 101 of file x509_csr.h.
Optional key usage extension value: See the values in x509.h
Definition at line 107 of file x509_crt.h.
unsigned mbedtls_x509_crt_verify_chain::len |
Definition at line 190 of file x509_crt.h.
int mbedtls_x509_crt::max_pathlen |
Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+
Definition at line 105 of file x509_crt.h.
|
extern |
Default security profile. Should provide a good balance between security and compatibility with current deployments.
This profile permits:
New minor versions of Mbed TLS may extend this profile, for example if new curves are added to the library. New minor versions of Mbed TLS will not reduce this profile unless serious security concerns require it.
|
extern |
Expected next default profile. Recommended for new deployments. Currently targets a 128-bit security level, except for allowing RSA-2048.
|
extern |
NSA Suite B profile.
mbedtls_md_type_t mbedtls_x509write_cert::md_alg |
Definition at line 164 of file x509_crt.h.
mbedtls_md_type_t mbedtls_x509write_csr::md_alg |
Definition at line 103 of file x509_csr.h.
struct mbedtls_x509_crl_entry* mbedtls_x509_crl_entry::next |
Definition at line 87 of file x509_crl.h.
struct mbedtls_x509_crl* mbedtls_x509_crl::next |
Definition at line 120 of file x509_crl.h.
struct mbedtls_x509_crt* mbedtls_x509_crt::next |
Next certificate in the CA-chain.
Definition at line 118 of file x509_crt.h.
mbedtls_x509_time mbedtls_x509_crl::next_update |
Definition at line 108 of file x509_crl.h.
char mbedtls_x509write_cert::not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1] |
Definition at line 166 of file x509_crt.h.
char mbedtls_x509write_cert::not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1] |
Definition at line 165 of file x509_crt.h.
Optional Netscape certificate type extension value: See the values in x509.h
Definition at line 111 of file x509_crt.h.
mbedtls_pk_context mbedtls_x509_crt::pk |
Container for the public key context.
Definition at line 96 of file x509_crt.h.
mbedtls_pk_context mbedtls_x509_csr::pk |
Container for the public key context.
Definition at line 86 of file x509_csr.h.
mbedtls_x509_buf mbedtls_x509_crl_entry::raw |
Definition at line 79 of file x509_crl.h.
mbedtls_x509_buf mbedtls_x509_crl::raw |
The raw certificate data (DER).
Definition at line 97 of file x509_crl.h.
mbedtls_x509_buf mbedtls_x509_crt::raw |
The raw certificate data (DER).
Definition at line 80 of file x509_crt.h.
mbedtls_x509_buf mbedtls_x509_csr::raw |
The raw CSR data (DER).
Definition at line 78 of file x509_csr.h.
mbedtls_x509_time mbedtls_x509_crl_entry::revocation_date |
Definition at line 83 of file x509_crl.h.
uint32_t mbedtls_x509_crt_profile::rsa_min_bitlen |
Minimum size for RSA keys
Definition at line 138 of file x509_crt.h.
mbedtls_x509_buf mbedtls_x509_crl_entry::serial |
Definition at line 81 of file x509_crl.h.
mbedtls_x509_buf mbedtls_x509_crt::serial |
Unique id for certificate issued by a specific CA.
Definition at line 84 of file x509_crt.h.
mbedtls_mpi mbedtls_x509write_cert::serial |
Definition at line 159 of file x509_crt.h.
mbedtls_x509_buf mbedtls_x509_crl::sig |
Definition at line 115 of file x509_crl.h.
mbedtls_x509_buf mbedtls_x509_crt::sig |
Signature: hash of the tbs part signed with the private key.
Definition at line 113 of file x509_crt.h.
mbedtls_x509_buf mbedtls_x509_csr::sig |
Definition at line 89 of file x509_csr.h.
mbedtls_md_type_t mbedtls_x509_crl::sig_md |
Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256
Definition at line 116 of file x509_crl.h.
mbedtls_md_type_t mbedtls_x509_crt::sig_md |
Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256
Definition at line 114 of file x509_crt.h.
mbedtls_md_type_t mbedtls_x509_csr::sig_md |
Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256
Definition at line 90 of file x509_csr.h.
mbedtls_x509_buf mbedtls_x509_crl::sig_oid |
CRL signature type identifier
Definition at line 101 of file x509_crl.h.
mbedtls_x509_buf mbedtls_x509_crt::sig_oid |
Signature algorithm, e.g. sha1RSA
Definition at line 85 of file x509_crt.h.
mbedtls_x509_buf mbedtls_x509_csr::sig_oid |
Definition at line 88 of file x509_csr.h.
mbedtls_x509_buf mbedtls_x509_crl::sig_oid2 |
Definition at line 114 of file x509_crl.h.
void* mbedtls_x509_crl::sig_opts |
Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS
Definition at line 118 of file x509_crl.h.
void* mbedtls_x509_crt::sig_opts |
Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS
Definition at line 116 of file x509_crt.h.
void* mbedtls_x509_csr::sig_opts |
Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS
Definition at line 92 of file x509_csr.h.
mbedtls_pk_type_t mbedtls_x509_crl::sig_pk |
Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA
Definition at line 117 of file x509_crl.h.
mbedtls_pk_type_t mbedtls_x509_crt::sig_pk |
Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA
Definition at line 115 of file x509_crt.h.
mbedtls_pk_type_t mbedtls_x509_csr::sig_pk |
Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA
Definition at line 91 of file x509_csr.h.
mbedtls_x509_name mbedtls_x509_crt::subject |
The parsed subject data (named information object).
Definition at line 91 of file x509_crt.h.
mbedtls_asn1_named_data* mbedtls_x509write_cert::subject |
Definition at line 162 of file x509_crt.h.
mbedtls_x509_name mbedtls_x509_csr::subject |
The parsed subject data (named information object).
Definition at line 84 of file x509_csr.h.
mbedtls_asn1_named_data* mbedtls_x509write_csr::subject |
Definition at line 102 of file x509_csr.h.
mbedtls_x509_sequence mbedtls_x509_crt::subject_alt_names |
Optional list of Subject Alternative Names (Only dNSName supported).
Definition at line 101 of file x509_crt.h.
mbedtls_x509_buf mbedtls_x509_crt::subject_id |
Optional X.509 v2/v3 subject unique identifier.
Definition at line 99 of file x509_crt.h.
mbedtls_pk_context* mbedtls_x509write_cert::subject_key |
Definition at line 160 of file x509_crt.h.
mbedtls_x509_buf mbedtls_x509_crt::subject_raw |
The raw subject data (DER). Used for quick comparison.
Definition at line 88 of file x509_crt.h.
mbedtls_x509_buf mbedtls_x509_csr::subject_raw |
The raw subject data (DER).
Definition at line 83 of file x509_csr.h.
mbedtls_x509_buf mbedtls_x509_crl::tbs |
The raw certificate body (DER). The part that is To Be Signed.
Definition at line 98 of file x509_crl.h.
mbedtls_x509_buf mbedtls_x509_crt::tbs |
The raw certificate body (DER). The part that is To Be Signed.
Definition at line 81 of file x509_crt.h.
mbedtls_x509_time mbedtls_x509_crl::this_update |
Definition at line 107 of file x509_crl.h.
mbedtls_x509_buf mbedtls_x509_crt::v3_ext |
Optional X.509 v3 extensions.
Definition at line 100 of file x509_crt.h.
mbedtls_x509_time mbedtls_x509_crt::valid_from |
Start time of certificate validity.
Definition at line 93 of file x509_crt.h.
mbedtls_x509_time mbedtls_x509_crt::valid_to |
End time of certificate validity.
Definition at line 94 of file x509_crt.h.
int mbedtls_x509_crl::version |
CRL version (1=v1, 2=v2)
Definition at line 100 of file x509_crl.h.
int mbedtls_x509_crt::version |
The X.509 version. (1=v1, 2=v2, 3=v3)
Definition at line 83 of file x509_crt.h.
int mbedtls_x509write_cert::version |
Definition at line 158 of file x509_crt.h.
int mbedtls_x509_csr::version |
CSR version (1=v1).
Definition at line 81 of file x509_csr.h.