mbed TLS v3.1.0
Data Structures | Macros | Functions
x509.h File Reference

X.509 generic defines and structures. More...

#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#include "mbedtls/asn1.h"
#include "mbedtls/pk.h"
#include "mbedtls/rsa.h"
Include dependency graph for x509.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  mbedtls_x509_time
 

Macros

#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
 
#define MBEDTLS_X509_SAN_OTHER_NAME   0
 
#define MBEDTLS_X509_SAN_RFC822_NAME   1
 
#define MBEDTLS_X509_SAN_DNS_NAME   2
 
#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME   3
 
#define MBEDTLS_X509_SAN_DIRECTORY_NAME   4
 
#define MBEDTLS_X509_SAN_EDI_PARTY_NAME   5
 
#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER   6
 
#define MBEDTLS_X509_SAN_IP_ADDRESS   7
 
#define MBEDTLS_X509_SAN_REGISTERED_ID   8
 
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */
 
#define MBEDTLS_X509_KU_NON_REPUDIATION   (0x40) /* bit 1 */
 
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */
 
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */
 
#define MBEDTLS_X509_KU_KEY_AGREEMENT   (0x08) /* bit 4 */
 
#define MBEDTLS_X509_KU_KEY_CERT_SIGN   (0x04) /* bit 5 */
 
#define MBEDTLS_X509_KU_CRL_SIGN   (0x02) /* bit 6 */
 
#define MBEDTLS_X509_KU_ENCIPHER_ONLY   (0x01) /* bit 7 */
 
#define MBEDTLS_X509_KU_DECIPHER_ONLY   (0x8000) /* bit 8 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */
 
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */
 
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
 
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
 
#define MBEDTLS_X509_EXT_KEY_USAGE   MBEDTLS_OID_X509_EXT_KEY_USAGE
 
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES   MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
 
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS   MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
 
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME   MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */
 
#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME   MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
 
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS   MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
 
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS   MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */
 
#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS   MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
 
#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS   MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
 
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE   MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
 
#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS   MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
 
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY   MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
 
#define MBEDTLS_X509_EXT_FRESHEST_CRL   MBEDTLS_OID_X509_EXT_FRESHEST_CRL
 
#define MBEDTLS_X509_EXT_NS_CERT_TYPE   MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
 
#define MBEDTLS_X509_FORMAT_DER   1
 
#define MBEDTLS_X509_FORMAT_PEM   2
 
#define MBEDTLS_X509_MAX_DN_NAME_SIZE   256
 
#define MBEDTLS_X509_SAFE_SNPRINTF
 
X509 Error codes
#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE   -0x2080
 
#define MBEDTLS_ERR_X509_UNKNOWN_OID   -0x2100
 
#define MBEDTLS_ERR_X509_INVALID_FORMAT   -0x2180
 
#define MBEDTLS_ERR_X509_INVALID_VERSION   -0x2200
 
#define MBEDTLS_ERR_X509_INVALID_SERIAL   -0x2280
 
#define MBEDTLS_ERR_X509_INVALID_ALG   -0x2300
 
#define MBEDTLS_ERR_X509_INVALID_NAME   -0x2380
 
#define MBEDTLS_ERR_X509_INVALID_DATE   -0x2400
 
#define MBEDTLS_ERR_X509_INVALID_SIGNATURE   -0x2480
 
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS   -0x2500
 
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION   -0x2580
 
#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG   -0x2600
 
#define MBEDTLS_ERR_X509_SIG_MISMATCH   -0x2680
 
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED   -0x2700
 
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780
 
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA   -0x2800
 
#define MBEDTLS_ERR_X509_ALLOC_FAILED   -0x2880
 
#define MBEDTLS_ERR_X509_FILE_IO_ERROR   -0x2900
 
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL   -0x2980
 
#define MBEDTLS_ERR_X509_FATAL_ERROR   -0x3000
 
X509 Verify codes
#define MBEDTLS_X509_BADCERT_EXPIRED   0x01
 
#define MBEDTLS_X509_BADCERT_REVOKED   0x02
 
#define MBEDTLS_X509_BADCERT_CN_MISMATCH   0x04
 
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED   0x08
 
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED   0x10
 
#define MBEDTLS_X509_BADCRL_EXPIRED   0x20
 
#define MBEDTLS_X509_BADCERT_MISSING   0x40
 
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY   0x80
 
#define MBEDTLS_X509_BADCERT_OTHER   0x0100
 
#define MBEDTLS_X509_BADCERT_FUTURE   0x0200
 
#define MBEDTLS_X509_BADCRL_FUTURE   0x0400
 
#define MBEDTLS_X509_BADCERT_KEY_USAGE   0x0800
 
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE   0x1000
 
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE   0x2000
 
#define MBEDTLS_X509_BADCERT_BAD_MD   0x4000
 
#define MBEDTLS_X509_BADCERT_BAD_PK   0x8000
 
#define MBEDTLS_X509_BADCERT_BAD_KEY   0x010000
 
#define MBEDTLS_X509_BADCRL_BAD_MD   0x020000
 
#define MBEDTLS_X509_BADCRL_BAD_PK   0x040000
 
#define MBEDTLS_X509_BADCRL_BAD_KEY   0x080000
 

Typedefs

Structures for parsing X.509 certificates, CRLs and CSRs
typedef mbedtls_asn1_buf mbedtls_x509_buf
 
typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring
 
typedef mbedtls_asn1_named_data mbedtls_x509_name
 
typedef mbedtls_asn1_sequence mbedtls_x509_sequence
 
typedef struct mbedtls_x509_time mbedtls_x509_time
 

Functions

int mbedtls_x509_dn_gets (char *buf, size_t size, const mbedtls_x509_name *dn)
 Store the certificate DN in printable form into buf; no more than size characters will be written. More...
 
int mbedtls_x509_serial_gets (char *buf, size_t size, const mbedtls_x509_buf *serial)
 Store the certificate serial in printable form into buf; no more than size characters will be written. More...
 
int mbedtls_x509_time_is_past (const mbedtls_x509_time *to)
 Check a given mbedtls_x509_time against the system time and tell if it's in the past. More...
 
int mbedtls_x509_time_is_future (const mbedtls_x509_time *from)
 Check a given mbedtls_x509_time against the system time and tell if it's in the future. More...
 
int mbedtls_x509_get_name (unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur)
 
int mbedtls_x509_get_alg_null (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg)
 
int mbedtls_x509_get_alg (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params)
 
int mbedtls_x509_get_rsassa_pss_params (const mbedtls_x509_buf *params, mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, int *salt_len)
 
int mbedtls_x509_get_sig (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig)
 
int mbedtls_x509_get_sig_alg (const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts)
 
int mbedtls_x509_get_time (unsigned char **p, const unsigned char *end, mbedtls_x509_time *t)
 
int mbedtls_x509_get_serial (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial)
 
int mbedtls_x509_get_ext (unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag)
 
int mbedtls_x509_key_size_helper (char *buf, size_t buf_size, const char *name)
 
int mbedtls_x509_string_to_names (mbedtls_asn1_named_data **head, const char *name)
 
int mbedtls_x509_set_extension (mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
 
int mbedtls_x509_write_extensions (unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
 
int mbedtls_x509_write_names (unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first)
 
int mbedtls_x509_write_sig (unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size)
 

Detailed Description

X.509 generic defines and structures.

Definition in file x509.h.

Macro Definition Documentation

#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER

Definition at line 186 of file x509.h.

#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS   MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */

Definition at line 194 of file x509.h.

#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES   MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES

Definition at line 189 of file x509.h.

#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS   MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS

Definition at line 198 of file x509.h.

#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE   MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE

Definition at line 197 of file x509.h.

#define MBEDTLS_X509_EXT_FRESHEST_CRL   MBEDTLS_OID_X509_EXT_FRESHEST_CRL

Definition at line 200 of file x509.h.

#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY   MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY

Definition at line 199 of file x509.h.

#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME   MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME

Definition at line 192 of file x509.h.

#define MBEDTLS_X509_EXT_KEY_USAGE   MBEDTLS_OID_X509_EXT_KEY_USAGE

Definition at line 188 of file x509.h.

#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS   MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS

Definition at line 195 of file x509.h.

#define MBEDTLS_X509_EXT_NS_CERT_TYPE   MBEDTLS_OID_X509_EXT_NS_CERT_TYPE

Definition at line 201 of file x509.h.

#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS   MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS

Definition at line 196 of file x509.h.

#define MBEDTLS_X509_EXT_POLICY_MAPPINGS   MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS

Definition at line 190 of file x509.h.

#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME   MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */

Definition at line 191 of file x509.h.

#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS   MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS

Definition at line 193 of file x509.h.

#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER

Definition at line 187 of file x509.h.

#define MBEDTLS_X509_FORMAT_DER   1

Definition at line 207 of file x509.h.

#define MBEDTLS_X509_FORMAT_PEM   2

Definition at line 208 of file x509.h.

#define MBEDTLS_X509_KU_CRL_SIGN   (0x02) /* bit 6 */

Definition at line 159 of file x509.h.

#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */

Definition at line 156 of file x509.h.

#define MBEDTLS_X509_KU_DECIPHER_ONLY   (0x8000) /* bit 8 */

Definition at line 161 of file x509.h.

#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */

Definition at line 153 of file x509.h.

#define MBEDTLS_X509_KU_ENCIPHER_ONLY   (0x01) /* bit 7 */

Definition at line 160 of file x509.h.

#define MBEDTLS_X509_KU_KEY_AGREEMENT   (0x08) /* bit 4 */

Definition at line 157 of file x509.h.

#define MBEDTLS_X509_KU_KEY_CERT_SIGN   (0x04) /* bit 5 */

Definition at line 158 of file x509.h.

#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */

Definition at line 155 of file x509.h.

#define MBEDTLS_X509_KU_NON_REPUDIATION   (0x40) /* bit 1 */

Definition at line 154 of file x509.h.

#define MBEDTLS_X509_MAX_DN_NAME_SIZE   256

Maximum value size of a DN entry

Definition at line 210 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */

Definition at line 170 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */

Definition at line 174 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */

Definition at line 171 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */

Definition at line 175 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */

Definition at line 172 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */

Definition at line 173 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */

Definition at line 168 of file x509.h.

#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */

Definition at line 169 of file x509.h.

#define MBEDTLS_X509_SAFE_SNPRINTF
Value:
do { \
if( ret < 0 || (size_t) ret >= n ) \
\
n -= (size_t) ret; \
p += (size_t) ret; \
} while( 0 )
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL
Definition: x509.h:93

Definition at line 354 of file x509.h.

#define MBEDTLS_X509_SAN_DIRECTORY_NAME   4

Definition at line 143 of file x509.h.

#define MBEDTLS_X509_SAN_DNS_NAME   2

Definition at line 141 of file x509.h.

#define MBEDTLS_X509_SAN_EDI_PARTY_NAME   5

Definition at line 144 of file x509.h.

#define MBEDTLS_X509_SAN_IP_ADDRESS   7

Definition at line 146 of file x509.h.

#define MBEDTLS_X509_SAN_OTHER_NAME   0

Definition at line 139 of file x509.h.

#define MBEDTLS_X509_SAN_REGISTERED_ID   8

Definition at line 147 of file x509.h.

#define MBEDTLS_X509_SAN_RFC822_NAME   1

Definition at line 140 of file x509.h.

#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER   6

Definition at line 145 of file x509.h.

#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME   3

Definition at line 142 of file x509.h.

Function Documentation

int mbedtls_x509_dn_gets ( char *  buf,
size_t  size,
const mbedtls_x509_name dn 
)

Store the certificate DN in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
dnThe X509 name to represent
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.
int mbedtls_x509_get_alg ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_buf alg,
mbedtls_x509_buf params 
)
int mbedtls_x509_get_alg_null ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_buf alg 
)
int mbedtls_x509_get_ext ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_buf ext,
int  tag 
)
int mbedtls_x509_get_name ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_name cur 
)
int mbedtls_x509_get_rsassa_pss_params ( const mbedtls_x509_buf params,
mbedtls_md_type_t md_alg,
mbedtls_md_type_t mgf_md,
int *  salt_len 
)
int mbedtls_x509_get_serial ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_buf serial 
)
int mbedtls_x509_get_sig ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_buf sig 
)
int mbedtls_x509_get_sig_alg ( const mbedtls_x509_buf sig_oid,
const mbedtls_x509_buf sig_params,
mbedtls_md_type_t md_alg,
mbedtls_pk_type_t pk_alg,
void **  sig_opts 
)
int mbedtls_x509_get_time ( unsigned char **  p,
const unsigned char *  end,
mbedtls_x509_time t 
)
int mbedtls_x509_key_size_helper ( char *  buf,
size_t  buf_size,
const char *  name 
)
int mbedtls_x509_serial_gets ( char *  buf,
size_t  size,
const mbedtls_x509_buf serial 
)

Store the certificate serial in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
serialThe X509 serial to represent
Returns
The length of the string written (not including the terminated nul byte), or a negative error code.
int mbedtls_x509_set_extension ( mbedtls_asn1_named_data **  head,
const char *  oid,
size_t  oid_len,
int  critical,
const unsigned char *  val,
size_t  val_len 
)
int mbedtls_x509_string_to_names ( mbedtls_asn1_named_data **  head,
const char *  name 
)
int mbedtls_x509_time_is_future ( const mbedtls_x509_time from)

Check a given mbedtls_x509_time against the system time and tell if it's in the future.

Note
Intended usage is "if( is_future( valid_from ) ) ERROR". Hence the return value of 1 if on internal errors.
Parameters
frommbedtls_x509_time to check
Returns
1 if the given time is in the future or an error occurred, 0 otherwise.
int mbedtls_x509_time_is_past ( const mbedtls_x509_time to)

Check a given mbedtls_x509_time against the system time and tell if it's in the past.

Note
Intended usage is "if( is_past( valid_to ) ) ERROR". Hence the return value of 1 if on internal errors.
Parameters
tombedtls_x509_time to check
Returns
1 if the given time is in the past or an error occurred, 0 otherwise.
int mbedtls_x509_write_extensions ( unsigned char **  p,
unsigned char *  start,
mbedtls_asn1_named_data first 
)
int mbedtls_x509_write_names ( unsigned char **  p,
unsigned char *  start,
mbedtls_asn1_named_data first 
)
int mbedtls_x509_write_sig ( unsigned char **  p,
unsigned char *  start,
const char *  oid,
size_t  oid_len,
unsigned char *  sig,
size_t  size 
)