PolarSSL v1.3.3
x509_crt.h
Go to the documentation of this file.
1 
27 #ifndef POLARSSL_X509_CRT_H
28 #define POLARSSL_X509_CRT_H
29 
30 #include "config.h"
31 
32 #include "x509.h"
33 
34 #include "x509_crl.h"
35 
41 #ifdef __cplusplus
42 extern "C" {
43 #endif
44 
53 typedef struct _x509_crt
54 {
58  int version;
78  int ext_types;
79  int ca_istrue;
82  unsigned char key_usage;
86  unsigned char ns_cert_type;
92 
93  struct _x509_crt *next;
94 }
95 x509_crt;
96 
97 #define X509_CRT_VERSION_1 0
98 #define X509_CRT_VERSION_2 1
99 #define X509_CRT_VERSION_3 2
100 
101 #define X509_RFC5280_MAX_SERIAL_LEN 32
102 #define X509_RFC5280_UTC_TIME_LEN 15
103 
107 typedef struct _x509write_cert
108 {
109  int version;
119 }
121 
122 #if defined(POLARSSL_X509_CRT_PARSE_C)
123 
133 int x509_crt_parse_der( x509_crt *chain, const unsigned char *buf,
134  size_t buflen );
135 
150 int x509_crt_parse( x509_crt *chain, const unsigned char *buf, size_t buflen );
151 
152 #if defined(POLARSSL_FS_IO)
153 
166 int x509_crt_parse_file( x509_crt *chain, const char *path );
167 
186 int x509_crt_parse_path( x509_crt *chain, const char *path );
187 #endif /* POLARSSL_FS_IO */
188 
201 int x509_crt_info( char *buf, size_t size, const char *prefix,
202  const x509_crt *crt );
203 
240 int x509_crt_verify( x509_crt *crt,
241  x509_crt *trust_ca,
242  x509_crl *ca_crl,
243  const char *cn, int *flags,
244  int (*f_vrfy)(void *, x509_crt *, int, int *),
245  void *p_vrfy );
246 
247 #if defined(POLARSSL_X509_CRL_PARSE_C)
248 
257 int x509_crt_revoked( const x509_crt *crt, const x509_crl *crl );
258 #endif /* POLARSSL_X509_CRL_PARSE_C */
259 
265 void x509_crt_init( x509_crt *crt );
266 
272 void x509_crt_free( x509_crt *crt );
273 #endif /* POLARSSL_X509_CRT_PARSE_C */
274 
275 /* \} name */
276 /* \} addtogroup x509_module */
277 
278 #if defined(POLARSSL_X509_CRT_WRITE_C)
279 
285 
294 void x509write_crt_set_version( x509write_cert *ctx, int version );
295 
304 int x509write_crt_set_serial( x509write_cert *ctx, const mpi *serial );
305 
320 int x509write_crt_set_validity( x509write_cert *ctx, const char *not_before,
321  const char *not_after );
322 
336  const char *issuer_name );
337 
351  const char *subject_name );
352 
360 
368 
377 
392  const char *oid, size_t oid_len,
393  int critical,
394  const unsigned char *val, size_t val_len );
395 
408  int is_ca, int max_pathlen );
409 
410 #if defined(POLARSSL_SHA1_C)
411 
421 
432 #endif /* POLARSSL_SHA1_C */
433 
443 int x509write_crt_set_key_usage( x509write_cert *ctx, unsigned char key_usage );
444 
455  unsigned char ns_cert_type );
456 
463 
484 int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
485  int (*f_rng)(void *, unsigned char *, size_t),
486  void *p_rng );
487 
488 #if defined(POLARSSL_PEM_WRITE_C)
489 
505 int x509write_crt_pem( x509write_cert *ctx, unsigned char *buf, size_t size,
506  int (*f_rng)(void *, unsigned char *, size_t),
507  void *p_rng );
508 #endif /* POLARSSL_PEM_WRITE_C */
509 #endif /* POLARSSL_X509_CRT_WRITE_C */
510 
511 #ifdef __cplusplus
512 }
513 #endif
514 
515 #endif /* x509_crt.h */
struct _x509_crt x509_crt
Container for an X.509 certificate.
void x509write_crt_set_version(x509write_cert *ctx, int version)
Set the verion for a Certificate Default: X509_CRT_VERSION_3.
int x509write_crt_der(x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! ...
int x509write_crt_set_validity(x509write_cert *ctx, const char *not_before, const char *not_after)
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i...
x509_sequence subject_alt_names
Optional list of Subject Alternative Names (Only dNSName supported).
Definition: x509_crt.h:76
char not_after[X509_RFC5280_UTC_TIME_LEN+1]
Definition: x509_crt.h:117
x509_buf raw
The raw certificate data (DER).
Definition: x509_crt.h:55
asn1_named_data * extensions
Definition: x509_crt.h:118
int ext_types
Bit string containing detected and parsed extensions.
Definition: x509_crt.h:78
unsigned char ns_cert_type
Optional Netscape certificate type extension value: See the values below.
Definition: x509_crt.h:86
x509_buf issuer_raw
The raw issuer data (DER).
Definition: x509_crt.h:62
Container for date and time (precision in seconds).
Definition: x509.h:172
int x509_crt_parse(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list.
x509_buf sig_oid2
Signature algorithm.
Definition: x509_crt.h:88
void x509_crt_free(x509_crt *crt)
Unallocate all certificate data.
Configuration options (set of defines)
x509_buf tbs
The raw certificate body (DER).
Definition: x509_crt.h:56
x509_buf serial
Unique id for certificate issued by a specific CA.
Definition: x509_crt.h:59
md_type_t sig_md
Internal representation of the MD algorithm of the signature algorithm, e.g.
Definition: x509_crt.h:90
int ca_istrue
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise...
Definition: x509_crt.h:79
int x509_crt_parse_der(x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
pk_context * subject_key
Definition: x509_crt.h:111
void x509write_crt_set_md_alg(x509write_cert *ctx, md_type_t md_alg)
Set the MD algorithm to use for the signature (e.g.
MPI structure.
Definition: bignum.h:177
int max_pathlen
Optional Basic Constraint extension value: The maximum path length to the root certificate.
Definition: x509_crt.h:80
struct _x509_crt * next
Next certificate in the CA-chain.
Definition: x509_crt.h:93
md_type_t
Definition: md.h:51
Container for a sequence of ASN.1 items.
Definition: asn1.h:138
int x509write_crt_set_key_usage(x509write_cert *ctx, unsigned char key_usage)
Set the Key Usage Extension flags (e.g.
void x509write_crt_free(x509write_cert *ctx)
Free the contents of a CRT write context.
Container for an X.509 certificate.
Definition: x509_crt.h:53
x509_time valid_from
Start time of certificate validity.
Definition: x509_crt.h:68
int x509write_crt_set_subject_key_identifier(x509write_cert *ctx)
Set the subjectKeyIdentifier extension for a CRT Requires that x509write_crt_set_subject_key() has be...
char not_before[X509_RFC5280_UTC_TIME_LEN+1]
Definition: x509_crt.h:116
x509_sequence ext_key_usage
Optional list of extended key usage OIDs.
Definition: x509_crt.h:84
int x509write_crt_set_extension(x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
Generic function to add to or replace an extension in the CRT.
void x509_crt_init(x509_crt *crt)
Initialize a certificate (chain)
x509_name subject
The parsed subject data (named information object).
Definition: x509_crt.h:66
int x509write_crt_set_issuer_name(x509write_cert *ctx, const char *issuer_name)
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types...
int x509_crt_verify(x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
Verify the certificate signature.
asn1_named_data * issuer
Definition: x509_crt.h:114
x509_time valid_to
End time of certificate validity.
Definition: x509_crt.h:69
void x509write_crt_set_issuer_key(x509write_cert *ctx, pk_context *key)
Set the issuer key used for signing the certificate.
x509_buf sig_oid1
Signature algorithm, e.g.
Definition: x509_crt.h:60
pk_type_t
Public key types.
Definition: pk.h:90
int x509write_crt_set_serial(x509write_cert *ctx, const mpi *serial)
Set the serial number for a Certificate.
X.509 generic defines and structures.
int x509write_crt_set_authority_key_identifier(x509write_cert *ctx)
Set the authorityKeyIdentifier extension for a CRT Requires that x509write_crt_set_issuer_key() has b...
int x509write_crt_set_ns_cert_type(x509write_cert *ctx, unsigned char ns_cert_type)
Set the Netscape Cert Type flags (e.g.
Container for writing a certificate (CRT)
Definition: x509_crt.h:107
int x509_crt_revoked(const x509_crt *crt, const x509_crl *crl)
Verify the certificate revocation status.
Container for a sequence or list of 'named' ASN.1 data items.
Definition: asn1.h:148
Type-length-value structure that allows for ASN1 using DER.
Definition: asn1.h:116
int x509write_crt_set_subject_name(x509write_cert *ctx, const char *subject_name)
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID typ...
x509_name issuer
The parsed issuer data (named information object).
Definition: x509_crt.h:65
int x509write_crt_set_basic_constraints(x509write_cert *ctx, int is_ca, int max_pathlen)
Set the basicConstraints extension for a CRT.
struct _x509write_cert x509write_cert
Container for writing a certificate (CRT)
md_type_t md_alg
Definition: x509_crt.h:115
pk_context * issuer_key
Definition: x509_crt.h:112
X.509 certificate revocation list parsing.
Certificate revocation list structure.
Definition: x509_crl.h:69
pk_context pk
Container for the public key context.
Definition: x509_crt.h:71
x509_buf issuer_id
Optional X.509 v2/v3 issuer unique identifier.
Definition: x509_crt.h:73
int x509_crt_parse_path(x509_crt *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list.
void x509write_crt_init(x509write_cert *ctx)
Initialize a CRT writing context.
x509_buf v3_ext
Optional X.509 v3 extensions.
Definition: x509_crt.h:75
x509_buf subject_id
Optional X.509 v2/v3 subject unique identifier.
Definition: x509_crt.h:74
int version
The X.509 version.
Definition: x509_crt.h:58
pk_type_t sig_pk
< Internal representation of the Public Key algorithm of the signature algorithm, e...
Definition: x509_crt.h:91
void x509write_crt_set_subject_key(x509write_cert *ctx, pk_context *key)
Set the subject public key for the certificate.
int x509_crt_info(char *buf, size_t size, const char *prefix, const x509_crt *crt)
Returns an informational string about the certificate.
unsigned char key_usage
Optional key usage extension value: See the values below.
Definition: x509_crt.h:82
x509_buf subject_raw
The raw subject data (DER).
Definition: x509_crt.h:63
int x509write_crt_pem(x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 PEM string.
#define X509_RFC5280_UTC_TIME_LEN
Definition: x509_crt.h:102
Public key container.
Definition: pk.h:177
int x509_crt_parse_file(x509_crt *chain, const char *path)
Load one or more certificates and add them to the chained list.
asn1_named_data * subject
Definition: x509_crt.h:113
x509_buf sig
Signature: hash of the tbs part signed with the private key.
Definition: x509_crt.h:89