x509_crl.h

00001 /**
00002  * \file x509_crl.h
00003  *
00004  * \brief X.509 certificate revocation list parsing
00005  */
00006 /*
00007  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00008  *  SPDX-License-Identifier: Apache-2.0
00009  *
00010  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00011  *  not use this file except in compliance with the License.
00012  *  You may obtain a copy of the License at
00013  *
00014  *  http://www.apache.org/licenses/LICENSE-2.0
00015  *
00016  *  Unless required by applicable law or agreed to in writing, software
00017  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00018  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00019  *  See the License for the specific language governing permissions and
00020  *  limitations under the License.
00021  *
00022  *  This file is part of mbed TLS (https://tls.mbed.org)
00023  */
00024 #ifndef MBEDTLS_X509_CRL_H
00025 #define MBEDTLS_X509_CRL_H
00026 
00027 #if !defined(MBEDTLS_CONFIG_FILE)
00028 #include "config.h"
00029 #else
00030 #include MBEDTLS_CONFIG_FILE
00031 #endif
00032 
00033 #include "x509.h"
00034 
00035 #ifdef __cplusplus
00036 extern "C" {
00037 #endif
00038 
00039 /**
00040  * \addtogroup x509_module
00041  * \{ */
00042 
00043 /**
00044  * \name Structures and functions for parsing CRLs
00045  * \{
00046  */
00047 
00048 /**
00049  * Certificate revocation list entry.
00050  * Contains the CA-specific serial numbers and revocation dates.
00051  */
00052 typedef struct mbedtls_x509_crl_entry
00053 {
00054     mbedtls_x509_buf raw;
00055 
00056     mbedtls_x509_buf serial;
00057 
00058     mbedtls_x509_time revocation_date;
00059 
00060     mbedtls_x509_buf entry_ext;
00061 
00062     struct mbedtls_x509_crl_entry *next;
00063 }
00064 mbedtls_x509_crl_entry;
00065 
00066 /**
00067  * Certificate revocation list structure.
00068  * Every CRL may have multiple entries.
00069  */
00070 typedef struct mbedtls_x509_crl
00071 {
00072     mbedtls_x509_buf raw;           /**< The raw certificate data (DER). */
00073     mbedtls_x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */
00074 
00075     int version;            /**< CRL version (1=v1, 2=v2) */
00076     mbedtls_x509_buf sig_oid;       /**< CRL signature type identifier */
00077 
00078     mbedtls_x509_buf issuer_raw;    /**< The raw issuer data (DER). */
00079 
00080     mbedtls_x509_name issuer;       /**< The parsed issuer data (named information object). */
00081 
00082     mbedtls_x509_time this_update;
00083     mbedtls_x509_time next_update;
00084 
00085     mbedtls_x509_crl_entry entry;   /**< The CRL entries containing the certificate revocation times for this CA. */
00086 
00087     mbedtls_x509_buf crl_ext;
00088 
00089     mbedtls_x509_buf sig_oid2;
00090     mbedtls_x509_buf sig;
00091     mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
00092     mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
00093     void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
00094 
00095     struct mbedtls_x509_crl *next;
00096 }
00097 mbedtls_x509_crl;
00098 
00099 /**
00100  * \brief          Parse a DER-encoded CRL and append it to the chained list
00101  *
00102  * \param chain    points to the start of the chain
00103  * \param buf      buffer holding the CRL data in DER format
00104  * \param buflen   size of the buffer
00105  *                 (including the terminating null byte for PEM data)
00106  *
00107  * \return         0 if successful, or a specific X509 or PEM error code
00108  */
00109 int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
00110                         const unsigned char *buf, size_t buflen );
00111 /**
00112  * \brief          Parse one or more CRLs and append them to the chained list
00113  *
00114  * \note           Mutliple CRLs are accepted only if using PEM format
00115  *
00116  * \param chain    points to the start of the chain
00117  * \param buf      buffer holding the CRL data in PEM or DER format
00118  * \param buflen   size of the buffer
00119  *                 (including the terminating null byte for PEM data)
00120  *
00121  * \return         0 if successful, or a specific X509 or PEM error code
00122  */
00123 int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
00124 
00125 #if defined(MBEDTLS_FS_IO)
00126 /**
00127  * \brief          Load one or more CRLs and append them to the chained list
00128  *
00129  * \note           Mutliple CRLs are accepted only if using PEM format
00130  *
00131  * \param chain    points to the start of the chain
00132  * \param path     filename to read the CRLs from (in PEM or DER encoding)
00133  *
00134  * \return         0 if successful, or a specific X509 or PEM error code
00135  */
00136 int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
00137 #endif /* MBEDTLS_FS_IO */
00138 
00139 /**
00140  * \brief          Returns an informational string about the CRL.
00141  *
00142  * \param buf      Buffer to write to
00143  * \param size     Maximum size of buffer
00144  * \param prefix   A line prefix
00145  * \param crl      The X509 CRL to represent
00146  *
00147  * \return         The length of the string written (not including the
00148  *                 terminated nul byte), or a negative error code.
00149  */
00150 int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
00151                    const mbedtls_x509_crl *crl );
00152 
00153 /**
00154  * \brief          Initialize a CRL (chain)
00155  *
00156  * \param crl      CRL chain to initialize
00157  */
00158 void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
00159 
00160 /**
00161  * \brief          Unallocate all CRL data
00162  *
00163  * \param crl      CRL chain to free
00164  */
00165 void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
00166 
00167 /* \} name */
00168 /* \} addtogroup x509_module */
00169 
00170 #ifdef __cplusplus
00171 }
00172 #endif
00173 
00174 #endif /* mbedtls_x509_crl.h */