x509_crl.h

00001 /**
00002  * \file mbedtls_x509_crl.h
00003  *
00004  * \brief X.509 certificate revocation list parsing
00005  *
00006  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00007  *  SPDX-License-Identifier: Apache-2.0
00008  *
00009  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00010  *  not use this file except in compliance with the License.
00011  *  You may obtain a copy of the License at
00012  *
00013  *  http://www.apache.org/licenses/LICENSE-2.0
00014  *
00015  *  Unless required by applicable law or agreed to in writing, software
00016  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00017  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00018  *  See the License for the specific language governing permissions and
00019  *  limitations under the License.
00020  *
00021  *  This file is part of mbed TLS (https://tls.mbed.org)
00022  */
00023 #ifndef MBEDTLS_X509_CRL_H
00024 #define MBEDTLS_X509_CRL_H
00025 
00026 #if !defined(MBEDTLS_CONFIG_FILE)
00027 #include "config.h"
00028 #else
00029 #include MBEDTLS_CONFIG_FILE
00030 #endif
00031 
00032 #include "x509.h"
00033 
00034 #ifdef __cplusplus
00035 extern "C" {
00036 #endif
00037 
00038 /**
00039  * \addtogroup x509_module
00040  * \{ */
00041 
00042 /**
00043  * \name Structures and functions for parsing CRLs
00044  * \{
00045  */
00046 
00047 /**
00048  * Certificate revocation list entry.
00049  * Contains the CA-specific serial numbers and revocation dates.
00050  */
00051 typedef struct mbedtls_x509_crl_entry
00052 {
00053     mbedtls_x509_buf raw;
00054 
00055     mbedtls_x509_buf serial;
00056 
00057     mbedtls_x509_time revocation_date;
00058 
00059     mbedtls_x509_buf entry_ext;
00060 
00061     struct mbedtls_x509_crl_entry *next;
00062 }
00063 mbedtls_x509_crl_entry;
00064 
00065 /**
00066  * Certificate revocation list structure.
00067  * Every CRL may have multiple entries.
00068  */
00069 typedef struct mbedtls_x509_crl
00070 {
00071     mbedtls_x509_buf raw;           /**< The raw certificate data (DER). */
00072     mbedtls_x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */
00073 
00074     int version;            /**< CRL version (1=v1, 2=v2) */
00075     mbedtls_x509_buf sig_oid;       /**< CRL signature type identifier */
00076 
00077     mbedtls_x509_buf issuer_raw;    /**< The raw issuer data (DER). */
00078 
00079     mbedtls_x509_name issuer;       /**< The parsed issuer data (named information object). */
00080 
00081     mbedtls_x509_time this_update;
00082     mbedtls_x509_time next_update;
00083 
00084     mbedtls_x509_crl_entry entry;   /**< The CRL entries containing the certificate revocation times for this CA. */
00085 
00086     mbedtls_x509_buf crl_ext;
00087 
00088     mbedtls_x509_buf sig_oid2;
00089     mbedtls_x509_buf sig;
00090     mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
00091     mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
00092     void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
00093 
00094     struct mbedtls_x509_crl *next;
00095 }
00096 mbedtls_x509_crl;
00097 
00098 /**
00099  * \brief          Parse a DER-encoded CRL and append it to the chained list
00100  *
00101  * \param chain    points to the start of the chain
00102  * \param buf      buffer holding the CRL data in DER format
00103  *                 (including the terminating null byte for PEM data)
00104  *
00105  * \return         0 if successful, or a specific X509 or PEM error code
00106  */
00107 int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
00108                         const unsigned char *buf, size_t buflen );
00109 /**
00110  * \brief          Parse one or more CRLs and append them to the chained list
00111  *
00112  * \note           Mutliple CRLs are accepted only if using PEM format
00113  *
00114  * \param chain    points to the start of the chain
00115  * \param buf      buffer holding the CRL data in PEM or DER format
00116  * \param buflen   size of the buffer
00117  *                 (including the terminating null byte for PEM data)
00118  *
00119  * \return         0 if successful, or a specific X509 or PEM error code
00120  */
00121 int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
00122 
00123 #if defined(MBEDTLS_FS_IO)
00124 /**
00125  * \brief          Load one or more CRLs and append them to the chained list
00126  *
00127  * \note           Mutliple CRLs are accepted only if using PEM format
00128  *
00129  * \param chain    points to the start of the chain
00130  * \param path     filename to read the CRLs from (in PEM or DER encoding)
00131  *
00132  * \return         0 if successful, or a specific X509 or PEM error code
00133  */
00134 int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
00135 #endif /* MBEDTLS_FS_IO */
00136 
00137 /**
00138  * \brief          Returns an informational string about the CRL.
00139  *
00140  * \param buf      Buffer to write to
00141  * \param size     Maximum size of buffer
00142  * \param prefix   A line prefix
00143  * \param crl      The X509 CRL to represent
00144  *
00145  * \return         The length of the string written (not including the
00146  *                 terminated nul byte), or a negative error code.
00147  */
00148 int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
00149                    const mbedtls_x509_crl *crl );
00150 
00151 /**
00152  * \brief          Initialize a CRL (chain)
00153  *
00154  * \param crl      CRL chain to initialize
00155  */
00156 void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
00157 
00158 /**
00159  * \brief          Unallocate all CRL data
00160  *
00161  * \param crl      CRL chain to free
00162  */
00163 void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
00164 
00165 /* \} name */
00166 /* \} addtogroup x509_module */
00167 
00168 #ifdef __cplusplus
00169 }
00170 #endif
00171 
00172 #endif /* mbedtls_x509_crl.h */