mbed TLS v3.1.0
x509_crt.h
Go to the documentation of this file.
1 
6 /*
7  * Copyright The Mbed TLS Contributors
8  * SPDX-License-Identifier: Apache-2.0
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License"); you may
11  * not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  */
22 #ifndef MBEDTLS_X509_CRT_H
23 #define MBEDTLS_X509_CRT_H
24 #include "mbedtls/private_access.h"
25 
26 #include "mbedtls/build_info.h"
27 
28 #include "mbedtls/x509.h"
29 #include "mbedtls/x509_crl.h"
30 #include "mbedtls/bignum.h"
31 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
53 typedef struct mbedtls_x509_crt
54 {
55  int MBEDTLS_PRIVATE(own_buffer);
57  mbedtls_x509_buf raw;
58  mbedtls_x509_buf tbs;
60  int version;
61  mbedtls_x509_buf serial;
62  mbedtls_x509_buf sig_oid;
64  mbedtls_x509_buf issuer_raw;
65  mbedtls_x509_buf subject_raw;
67  mbedtls_x509_name issuer;
68  mbedtls_x509_name subject;
70  mbedtls_x509_time valid_from;
71  mbedtls_x509_time valid_to;
73  mbedtls_x509_buf pk_raw;
74  mbedtls_pk_context pk;
76  mbedtls_x509_buf issuer_id;
77  mbedtls_x509_buf subject_id;
78  mbedtls_x509_buf v3_ext;
79  mbedtls_x509_sequence subject_alt_names;
81  mbedtls_x509_sequence certificate_policies;
83  int MBEDTLS_PRIVATE(ext_types);
84  int MBEDTLS_PRIVATE(ca_istrue);
85  int MBEDTLS_PRIVATE(max_pathlen);
87  unsigned int MBEDTLS_PRIVATE(key_usage);
89  mbedtls_x509_sequence ext_key_usage;
91  unsigned char MBEDTLS_PRIVATE(ns_cert_type);
93  mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
94  mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);
95  mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);
96  void *MBEDTLS_PRIVATE(sig_opts);
101  struct mbedtls_x509_crt *next;
102 }
103 mbedtls_x509_crt;
104 
114 typedef struct mbedtls_x509_san_other_name
115 {
121  mbedtls_x509_buf type_id;
122  union
123  {
130  struct
131  {
132  mbedtls_x509_buf oid;
133  mbedtls_x509_buf val;
134  }
135  hardware_module_name;
136  }
137  value;
138 }
139 mbedtls_x509_san_other_name;
140 
148 typedef struct mbedtls_x509_subject_alternative_name
149 {
150  int type;
151  union {
152  mbedtls_x509_san_other_name other_name;
153  mbedtls_x509_buf unstructured_name;
154  }
155  san;
156 }
157 mbedtls_x509_subject_alternative_name;
158 
163 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
164 
190 typedef struct mbedtls_x509_crt_profile
191 {
192  uint32_t allowed_mds;
193  uint32_t allowed_pks;
194  uint32_t allowed_curves;
195  uint32_t rsa_min_bitlen;
196 }
197 mbedtls_x509_crt_profile;
198 
199 #define MBEDTLS_X509_CRT_VERSION_1 0
200 #define MBEDTLS_X509_CRT_VERSION_2 1
201 #define MBEDTLS_X509_CRT_VERSION_3 2
202 
203 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
204 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
205 
206 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
207 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
208 #endif
209 
210 /* This macro unfolds to the concatenation of macro invocations
211  * X509_CRT_ERROR_INFO( error code,
212  * error code as string,
213  * human readable description )
214  * where X509_CRT_ERROR_INFO is defined by the user.
215  * See x509_crt.c for an example of how to use this. */
216 #define MBEDTLS_X509_CRT_ERROR_INFO_LIST \
217  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXPIRED, \
218  "MBEDTLS_X509_BADCERT_EXPIRED", \
219  "The certificate validity has expired" ) \
220  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_REVOKED, \
221  "MBEDTLS_X509_BADCERT_REVOKED", \
222  "The certificate has been revoked (is on a CRL)" ) \
223  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_CN_MISMATCH, \
224  "MBEDTLS_X509_BADCERT_CN_MISMATCH", \
225  "The certificate Common Name (CN) does not match with the expected CN" ) \
226  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NOT_TRUSTED, \
227  "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \
228  "The certificate is not correctly signed by the trusted CA" ) \
229  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_NOT_TRUSTED, \
230  "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \
231  "The CRL is not correctly signed by the trusted CA" ) \
232  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_EXPIRED, \
233  "MBEDTLS_X509_BADCRL_EXPIRED", \
234  "The CRL is expired" ) \
235  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_MISSING, \
236  "MBEDTLS_X509_BADCERT_MISSING", \
237  "Certificate was missing" ) \
238  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_SKIP_VERIFY, \
239  "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \
240  "Certificate verification was skipped" ) \
241  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_OTHER, \
242  "MBEDTLS_X509_BADCERT_OTHER", \
243  "Other reason (can be used by verify callback)" ) \
244  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_FUTURE, \
245  "MBEDTLS_X509_BADCERT_FUTURE", \
246  "The certificate validity starts in the future" ) \
247  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_FUTURE, \
248  "MBEDTLS_X509_BADCRL_FUTURE", \
249  "The CRL is from the future" ) \
250  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_KEY_USAGE, \
251  "MBEDTLS_X509_BADCERT_KEY_USAGE", \
252  "Usage does not match the keyUsage extension" ) \
253  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \
254  "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \
255  "Usage does not match the extendedKeyUsage extension" ) \
256  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \
257  "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \
258  "Usage does not match the nsCertType extension" ) \
259  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_MD, \
260  "MBEDTLS_X509_BADCERT_BAD_MD", \
261  "The certificate is signed with an unacceptable hash." ) \
262  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_PK, \
263  "MBEDTLS_X509_BADCERT_BAD_PK", \
264  "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \
265  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_KEY, \
266  "MBEDTLS_X509_BADCERT_BAD_KEY", \
267  "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." ) \
268  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_MD, \
269  "MBEDTLS_X509_BADCRL_BAD_MD", \
270  "The CRL is signed with an unacceptable hash." ) \
271  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_PK, \
272  "MBEDTLS_X509_BADCRL_BAD_PK", \
273  "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \
274  X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_KEY, \
275  "MBEDTLS_X509_BADCRL_BAD_KEY", \
276  "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." )
277 
281 typedef struct mbedtls_x509write_cert
282 {
283  int MBEDTLS_PRIVATE(version);
284  mbedtls_mpi MBEDTLS_PRIVATE(serial);
285  mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
286  mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key);
287  mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
288  mbedtls_asn1_named_data *MBEDTLS_PRIVATE(issuer);
289  mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
290  char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
291  char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
292  mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
293 }
294 mbedtls_x509write_cert;
295 
299 typedef struct {
300  mbedtls_x509_crt *MBEDTLS_PRIVATE(crt);
301  uint32_t MBEDTLS_PRIVATE(flags);
302 } mbedtls_x509_crt_verify_chain_item;
303 
307 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
308 
312 typedef struct
313 {
314  mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
315  unsigned MBEDTLS_PRIVATE(len);
316 
317 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
318  /* This stores the list of potential trusted signers obtained from
319  * the CA callback used for the CRT verification, if configured.
320  * We must track it somewhere because the callback passes its
321  * ownership to the caller. */
322  mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result);
323 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
324 } mbedtls_x509_crt_verify_chain;
325 
326 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
327 
331 typedef struct
332 {
333  /* for check_signature() */
334  mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk);
335 
336  /* for find_parent_in() */
337  mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
338  mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
339  int MBEDTLS_PRIVATE(fallback_signature_is_good);
340 
341  /* for find_parent() */
342  int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
343 
344  /* for verify_chain() */
345  enum {
346  x509_crt_rs_none,
347  x509_crt_rs_find_parent,
348  } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
349  int MBEDTLS_PRIVATE(self_cnt);
350  mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain);
351 
352 } mbedtls_x509_crt_restart_ctx;
353 
354 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
355 
356 /* Now we can declare functions that take a pointer to that */
357 typedef void mbedtls_x509_crt_restart_ctx;
358 
359 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
360 
361 #if defined(MBEDTLS_X509_CRT_PARSE_C)
362 
375 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
376 
382 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
383 
387 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
388 
393 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none;
394 
415 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
416  const unsigned char *buf,
417  size_t buflen );
418 
449 typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
450  mbedtls_x509_crt const *crt,
451  mbedtls_x509_buf const *oid,
452  int critical,
453  const unsigned char *p,
454  const unsigned char *end );
455 
496 int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
497  const unsigned char *buf,
498  size_t buflen,
499  int make_copy,
500  mbedtls_x509_crt_ext_cb_t cb,
501  void *p_ctx );
502 
530 int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
531  const unsigned char *buf,
532  size_t buflen );
533 
564 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
565 
566 #if defined(MBEDTLS_FS_IO)
567 
580 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
581 
595 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
596 
597 #endif /* MBEDTLS_FS_IO */
598 
625 int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
626  mbedtls_x509_subject_alternative_name *san );
627 
628 #if !defined(MBEDTLS_X509_REMOVE_INFO)
629 
641 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
642  const mbedtls_x509_crt *crt );
643 
656 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
657  uint32_t flags );
658 #endif /* !MBEDTLS_X509_REMOVE_INFO */
659 
726 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
727  mbedtls_x509_crt *trust_ca,
728  mbedtls_x509_crl *ca_crl,
729  const char *cn, uint32_t *flags,
730  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
731  void *p_vrfy );
732 
767 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
768  mbedtls_x509_crt *trust_ca,
769  mbedtls_x509_crl *ca_crl,
770  const mbedtls_x509_crt_profile *profile,
771  const char *cn, uint32_t *flags,
772  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
773  void *p_vrfy );
774 
801 int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
802  mbedtls_x509_crt *trust_ca,
803  mbedtls_x509_crl *ca_crl,
804  const mbedtls_x509_crt_profile *profile,
805  const char *cn, uint32_t *flags,
806  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
807  void *p_vrfy,
808  mbedtls_x509_crt_restart_ctx *rs_ctx );
809 
840 typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
841  mbedtls_x509_crt const *child,
842  mbedtls_x509_crt **candidate_cas );
843 
844 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
845 
867 int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
868  mbedtls_x509_crt_ca_cb_t f_ca_cb,
869  void *p_ca_cb,
870  const mbedtls_x509_crt_profile *profile,
871  const char *cn, uint32_t *flags,
872  int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
873  void *p_vrfy );
874 
875 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
876 
898 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
899  unsigned int usage );
900 
914 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
915  const char *usage_oid,
916  size_t usage_len );
917 
918 #if defined(MBEDTLS_X509_CRL_PARSE_C)
919 
928 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
929 #endif /* MBEDTLS_X509_CRL_PARSE_C */
930 
936 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
937 
943 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
944 
945 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
946 
949 void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
950 
954 void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
955 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
956 #endif /* MBEDTLS_X509_CRT_PARSE_C */
957 
958 /* \} name */
959 /* \} addtogroup x509_module */
960 
961 #if defined(MBEDTLS_X509_CRT_WRITE_C)
962 
967 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
968 
977 void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
978 
987 int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
988 
1003 int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
1004  const char *not_after );
1005 
1018 int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
1019  const char *issuer_name );
1020 
1033 int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
1034  const char *subject_name );
1035 
1042 void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
1043 
1050 void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
1051 
1059 void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
1060 
1074 int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
1075  const char *oid, size_t oid_len,
1076  int critical,
1077  const unsigned char *val, size_t val_len );
1078 
1090 int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
1091  int is_ca, int max_pathlen );
1092 
1093 #if defined(MBEDTLS_SHA1_C)
1094 
1103 int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
1104 
1114 int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
1115 #endif /* MBEDTLS_SHA1_C */
1116 
1126 int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
1127  unsigned int key_usage );
1128 
1138 int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
1139  unsigned char ns_cert_type );
1140 
1146 void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
1147 
1165 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1166  int (*f_rng)(void *, unsigned char *, size_t),
1167  void *p_rng );
1168 
1169 #if defined(MBEDTLS_PEM_WRITE_C)
1170 
1183 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
1184  int (*f_rng)(void *, unsigned char *, size_t),
1185  void *p_rng );
1186 #endif /* MBEDTLS_PEM_WRITE_C */
1187 #endif /* MBEDTLS_X509_CRT_WRITE_C */
1188 
1189 #ifdef __cplusplus
1190 }
1191 #endif
1192 
1193 #endif /* mbedtls_x509_crt.h */
mbedtls_x509_san_other_name
Definition: x509_crt.h:114
mbedtls_x509write_crt_set_authority_key_identifier
int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key...
mbedtls_x509_crt_verify
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates.
mbedtls_pk_context
Public key container.
Definition: pk.h:199
mbedtls_x509write_crt_der
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! ...
mbedtls_x509_crt_verify_with_profile
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify a chain of certificates with respect to a configurable security profile.
mbedtls_x509_crt::subject_alt_names
mbedtls_x509_sequence subject_alt_names
Definition: x509_crt.h:79
mbedtls_x509_san_other_name::oid
mbedtls_x509_buf oid
Definition: x509_crt.h:132
mbedtls_x509_crt_verify_restartable
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Restartable version of mbedtls_crt_verify_with_profile()
mbedtls_x509_crt_profile::allowed_curves
uint32_t allowed_curves
Definition: x509_crt.h:194
mbedtls_x509_crl
Definition: x509_crl.h:77
mbedtls_x509_crt_restart_ctx::x509_crt_rs_find_parent
Definition: x509_crt.h:347
mbedtls_x509_san_other_name
struct mbedtls_x509_san_other_name mbedtls_x509_san_other_name
mbedtls_x509_crt::pk_raw
mbedtls_x509_buf pk_raw
Definition: x509_crt.h:73
mbedtls_x509_crt_parse_der
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
mbedtls_x509write_crt_set_extension
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
Generic function to add to or replace an extension in the CRT.
MBEDTLS_PRIVATE
#define MBEDTLS_PRIVATE(member)
Definition: private_access.h:27
mbedtls_x509write_crt_set_ns_cert_type
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type)
Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TY...
mbedtls_pk_type_t
mbedtls_pk_type_t
Public key types.
Definition: pk.h:90
mbedtls_x509_crt_is_revoked
int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
Verify the certificate revocation status.
mbedtls_x509_crt_restart_free
void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx)
Free the components of a restart context.
mbedtls_x509write_crt_pem
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 PEM string.
mbedtls_x509_crt::certificate_policies
mbedtls_x509_sequence certificate_policies
Definition: x509_crt.h:81
mbedtls_x509_subject_alternative_name::type
int type
Definition: x509_crt.h:150
mbedtls_x509_crt::next
struct mbedtls_x509_crt * next
Definition: x509_crt.h:101
mbedtls_asn1_sequence
Definition: asn1.h:175
mbedtls_x509_crt_profile_default
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
mbedtls_x509_crt_check_key_usage
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
mbedtls_x509_crt::issuer
mbedtls_x509_name issuer
Definition: x509_crt.h:67
mbedtls_x509write_crt_set_subject_key
void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the subject public key for the certificate.
mbedtls_x509_crt_verify_chain
Definition: x509_crt.h:312
mbedtls_x509write_crt_set_key_usage
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage)
Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_...
mbedtls_x509_san_other_name::hardware_module_name
struct mbedtls_x509_san_other_name::@7::@8 hardware_module_name
mbedtls_x509write_crt_init
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
Initialize a CRT writing context.
mbedtls_x509_crt::subject_id
mbedtls_x509_buf subject_id
Definition: x509_crt.h:77
mbedtls_x509write_cert
struct mbedtls_x509write_cert mbedtls_x509write_cert
mbedtls_x509write_crt_set_md_alg
void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg)
Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)
mbedtls_x509_crt::tbs
mbedtls_x509_buf tbs
Definition: x509_crt.h:58
bignum.h
Multi-precision integer library.
mbedtls_asn1_named_data
Definition: asn1.h:193
mbedtls_x509_crt::subject_raw
mbedtls_x509_buf subject_raw
Definition: x509_crt.h:65
mbedtls_x509_crt_free
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
mbedtls_x509_crt::sig_oid
mbedtls_x509_buf sig_oid
Definition: x509_crt.h:62
mbedtls_x509_crt::issuer_raw
mbedtls_x509_buf issuer_raw
Definition: x509_crt.h:64
mbedtls_x509_crt_profile_suiteb
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
mbedtls_x509_subject_alternative_name::other_name
mbedtls_x509_san_other_name other_name
Definition: x509_crt.h:152
mbedtls_x509write_crt_set_basic_constraints
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen)
Set the basicConstraints extension for a CRT.
mbedtls_x509_crt::subject
mbedtls_x509_name subject
Definition: x509_crt.h:68
mbedtls_x509_crt::valid_to
mbedtls_x509_time valid_to
Definition: x509_crt.h:71
mbedtls_x509_crt_parse
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
mbedtls_x509_crt_profile
struct mbedtls_x509_crt_profile mbedtls_x509_crt_profile
mbedtls_asn1_buf
Definition: asn1.h:153
mbedtls_x509_time
Definition: x509.h:247
mbedtls_x509_crt_parse_path
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list. Parses permissively...
mbedtls_x509write_cert
Definition: x509_crt.h:281
mbedtls_x509_subject_alternative_name::unstructured_name
mbedtls_x509_buf unstructured_name
Definition: x509_crt.h:153
mbedtls_x509_crt_profile_none
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none
mbedtls_x509write_crt_set_subject_key_identifier
int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key(...
mbedtls_x509write_crt_set_subject_name
int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, const char *subject_name)
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID typ...
mbedtls_x509_crt::serial
mbedtls_x509_buf serial
Definition: x509_crt.h:61
mbedtls_x509_subject_alternative_name
Definition: x509_crt.h:148
mbedtls_x509write_crt_set_version
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
Set the verion for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3.
mbedtls_x509_crt_profile::rsa_min_bitlen
uint32_t rsa_min_bitlen
Definition: x509_crt.h:195
mbedtls_x509_crt::valid_from
mbedtls_x509_time valid_from
Definition: x509_crt.h:70
mbedtls_x509_crt::raw
mbedtls_x509_buf raw
Definition: x509_crt.h:57
mbedtls_x509_crt_check_extended_key_usage
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
mbedtls_x509write_crt_set_validity
int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, const char *not_after)
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i...
private_access.h
Macro wrapper for struct's memebrs.
MBEDTLS_X509_RFC5280_UTC_TIME_LEN
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
Definition: x509_crt.h:204
MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
Definition: x509_crt.h:307
mbedtls_x509write_crt_set_issuer_key
void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the issuer key used for signing the certificate.
mbedtls_x509_san_other_name::val
mbedtls_x509_buf val
Definition: x509_crt.h:133
mbedtls_x509_crt_profile_next
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
x509.h
X.509 generic defines and structures.
mbedtls_x509_crt_verify_with_ca_cb
int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, mbedtls_x509_crt_ca_cb_t f_ca_cb, void *p_ca_cb, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Version of mbedtls_x509_crt_verify_with_profile() which uses a callback to acquire the list of truste...
build_info.h
Build-time configuration info.
mbedtls_x509_crt_parse_der_with_ext_cb
int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
mbedtls_x509_crt_restart_init
void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx)
Initialize a restart context.
mbedtls_x509write_crt_set_issuer_name
int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, const char *issuer_name)
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types...
mbedtls_x509_subject_alternative_name::san
union mbedtls_x509_subject_alternative_name::@9 san
mbedtls_x509_parse_subject_alt_name
int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, mbedtls_x509_subject_alternative_name *san)
This function parses an item in the SubjectAlternativeNames extension.
mbedtls_x509_crt_parse_file
int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
Load one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.
mbedtls_x509_crt::issuer_id
mbedtls_x509_buf issuer_id
Definition: x509_crt.h:76
mbedtls_x509_san_other_name::value
union mbedtls_x509_san_other_name::@7 value
mbedtls_x509_crt_verify_chain_item
Definition: x509_crt.h:299
mbedtls_x509write_crt_set_serial
int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial)
Set the serial number for a Certificate.
mbedtls_mpi
MPI structure.
Definition: bignum.h:189
x509_crl.h
X.509 certificate revocation list parsing.
mbedtls_x509write_crt_free
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
Free the contents of a CRT write context.
mbedtls_x509_crt
Definition: x509_crt.h:53
mbedtls_x509_crt
struct mbedtls_x509_crt mbedtls_x509_crt
mbedtls_x509_crt::ext_key_usage
mbedtls_x509_sequence ext_key_usage
Definition: x509_crt.h:89
mbedtls_x509_crt_ext_cb_t
int(* mbedtls_x509_crt_ext_cb_t)(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, const unsigned char *end)
The type of certificate extension callbacks.
Definition: x509_crt.h:449
mbedtls_x509_crt_parse_der_nocopy
int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the end of the provided chained list...
mbedtls_x509_crt_profile
Definition: x509_crt.h:190
mbedtls_pk_restart_ctx
Context for resuming operations.
Definition: pk.h:209
mbedtls_x509_crt_init
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
mbedtls_x509_crt_profile::allowed_pks
uint32_t allowed_pks
Definition: x509_crt.h:193
mbedtls_x509_san_other_name::type_id
mbedtls_x509_buf type_id
Definition: x509_crt.h:121
mbedtls_x509_crt_profile::allowed_mds
uint32_t allowed_mds
Definition: x509_crt.h:192
mbedtls_x509_crt::pk
mbedtls_pk_context pk
Definition: x509_crt.h:74
mbedtls_x509_crt_restart_ctx
Context for resuming X.509 verify operations.
Definition: x509_crt.h:331
mbedtls_x509_crt_restart_ctx::x509_crt_rs_none
Definition: x509_crt.h:346
mbedtls_md_type_t
mbedtls_md_type_t
Supported message digests.
Definition: md.h:55
mbedtls_x509_subject_alternative_name
struct mbedtls_x509_subject_alternative_name mbedtls_x509_subject_alternative_name
mbedtls_x509_crt::v3_ext
mbedtls_x509_buf v3_ext
Definition: x509_crt.h:78
mbedtls_x509_crt::version
int version
Definition: x509_crt.h:60
mbedtls_x509_crt_ca_cb_t
int(* mbedtls_x509_crt_ca_cb_t)(void *p_ctx, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidate_cas)
The type of trusted certificate callbacks.
Definition: x509_crt.h:840
Generated on Tue Aug 30 2022 09:50:16 for mbed TLS v3.1.0 by   doxygen 1.8.6