Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
Embed:
(wiki syntax)
Show/hide line numbers
x509_csr.h
Go to the documentation of this file.
00001 /** 00002 * \file x509_csr.h 00003 * 00004 * \brief X.509 certificate signing request parsing and writing 00005 * 00006 * Copyright (C) 2006-2014, Brainspark B.V. 00007 * 00008 * This file is part of PolarSSL (http://www.polarssl.org) 00009 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> 00010 * 00011 * All rights reserved. 00012 * 00013 * This program is free software; you can redistribute it and/or modify 00014 * it under the terms of the GNU General Public License as published by 00015 * the Free Software Foundation; either version 2 of the License, or 00016 * (at your option) any later version. 00017 * 00018 * This program is distributed in the hope that it will be useful, 00019 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00020 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00021 * GNU General Public License for more details. 00022 * 00023 * You should have received a copy of the GNU General Public License along 00024 * with this program; if not, write to the Free Software Foundation, Inc., 00025 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00026 */ 00027 #ifndef POLARSSL_X509_CSR_H 00028 #define POLARSSL_X509_CSR_H 00029 00030 #if !defined(POLARSSL_CONFIG_FILE) 00031 #include "config.h" 00032 #else 00033 #include POLARSSL_CONFIG_FILE 00034 #endif 00035 00036 #include "x509.h" 00037 00038 #ifdef __cplusplus 00039 extern "C" { 00040 #endif 00041 00042 /** 00043 * \addtogroup x509_module 00044 * \{ */ 00045 00046 /** 00047 * \name Structures and functions for X.509 Certificate Signing Requests (CSR) 00048 * \{ 00049 */ 00050 00051 /** 00052 * Certificate Signing Request (CSR) structure. 00053 */ 00054 typedef struct _x509_csr 00055 { 00056 x509_buf raw; /**< The raw CSR data (DER). */ 00057 x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */ 00058 00059 int version; 00060 00061 x509_buf subject_raw; /**< The raw subject data (DER). */ 00062 x509_name subject; /**< The parsed subject data (named information object). */ 00063 00064 pk_context pk; /**< Container for the public key context. */ 00065 00066 x509_buf sig_oid; 00067 x509_buf sig; 00068 md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */ 00069 pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */; 00070 } 00071 x509_csr; 00072 00073 /** 00074 * Container for writing a CSR 00075 */ 00076 typedef struct _x509write_csr 00077 { 00078 pk_context *key; 00079 asn1_named_data *subject; 00080 md_type_t md_alg; 00081 asn1_named_data *extensions; 00082 } 00083 x509write_csr; 00084 00085 #if defined(POLARSSL_X509_CSR_PARSE_C) 00086 /** 00087 * \brief Load a Certificate Signing Request (CSR) 00088 * 00089 * \param csr CSR context to fill 00090 * \param buf buffer holding the CRL data 00091 * \param buflen size of the buffer 00092 * 00093 * \return 0 if successful, or a specific X509 or PEM error code 00094 */ 00095 int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen ); 00096 00097 #if defined(POLARSSL_FS_IO) 00098 /** 00099 * \brief Load a Certificate Signing Request (CSR) 00100 * 00101 * \param csr CSR context to fill 00102 * \param path filename to read the CSR from 00103 * 00104 * \return 0 if successful, or a specific X509 or PEM error code 00105 */ 00106 int x509_csr_parse_file( x509_csr *csr, const char *path ); 00107 #endif /* POLARSSL_FS_IO */ 00108 00109 /** 00110 * \brief Returns an informational string about the 00111 * CSR. 00112 * 00113 * \param buf Buffer to write to 00114 * \param size Maximum size of buffer 00115 * \param prefix A line prefix 00116 * \param csr The X509 CSR to represent 00117 * 00118 * \return The amount of data written to the buffer, or -1 in 00119 * case of an error. 00120 */ 00121 int x509_csr_info( char *buf, size_t size, const char *prefix, 00122 const x509_csr *csr ); 00123 00124 /** 00125 * \brief Initialize a CSR 00126 * 00127 * \param csr CSR to initialize 00128 */ 00129 void x509_csr_init( x509_csr *csr ); 00130 00131 /** 00132 * \brief Unallocate all CSR data 00133 * 00134 * \param csr CSR to free 00135 */ 00136 void x509_csr_free( x509_csr *csr ); 00137 #endif /* POLARSSL_X509_CSR_PARSE_C */ 00138 00139 /* \} name */ 00140 /* \} addtogroup x509_module */ 00141 00142 #if defined(POLARSSL_X509_CSR_WRITE_C) 00143 /** 00144 * \brief Initialize a CSR context 00145 * 00146 * \param ctx CSR context to initialize 00147 */ 00148 void x509write_csr_init( x509write_csr *ctx ); 00149 00150 /** 00151 * \brief Set the subject name for a CSR 00152 * Subject names should contain a comma-separated list 00153 * of OID types and values: 00154 * e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1" 00155 * 00156 * \param ctx CSR context to use 00157 * \param subject_name subject name to set 00158 * 00159 * \return 0 if subject name was parsed successfully, or 00160 * a specific error code 00161 */ 00162 int x509write_csr_set_subject_name( x509write_csr *ctx, 00163 const char *subject_name ); 00164 00165 /** 00166 * \brief Set the key for a CSR (public key will be included, 00167 * private key used to sign the CSR when writing it) 00168 * 00169 * \param ctx CSR context to use 00170 * \param key Asymetric key to include 00171 */ 00172 void x509write_csr_set_key( x509write_csr *ctx, pk_context *key ); 00173 00174 /** 00175 * \brief Set the MD algorithm to use for the signature 00176 * (e.g. POLARSSL_MD_SHA1) 00177 * 00178 * \param ctx CSR context to use 00179 * \param md_alg MD algorithm to use 00180 */ 00181 void x509write_csr_set_md_alg( x509write_csr *ctx, md_type_t md_alg ); 00182 00183 /** 00184 * \brief Set the Key Usage Extension flags 00185 * (e.g. KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN) 00186 * 00187 * \param ctx CSR context to use 00188 * \param key_usage key usage flags to set 00189 * 00190 * \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED 00191 */ 00192 int x509write_csr_set_key_usage( x509write_csr *ctx, unsigned char key_usage ); 00193 00194 /** 00195 * \brief Set the Netscape Cert Type flags 00196 * (e.g. NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL) 00197 * 00198 * \param ctx CSR context to use 00199 * \param ns_cert_type Netscape Cert Type flags to set 00200 * 00201 * \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED 00202 */ 00203 int x509write_csr_set_ns_cert_type( x509write_csr *ctx, 00204 unsigned char ns_cert_type ); 00205 00206 /** 00207 * \brief Generic function to add to or replace an extension in the 00208 * CSR 00209 * 00210 * \param ctx CSR context to use 00211 * \param oid OID of the extension 00212 * \param oid_len length of the OID 00213 * \param val value of the extension OCTET STRING 00214 * \param val_len length of the value data 00215 * 00216 * \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED 00217 */ 00218 int x509write_csr_set_extension( x509write_csr *ctx, 00219 const char *oid, size_t oid_len, 00220 const unsigned char *val, size_t val_len ); 00221 00222 /** 00223 * \brief Free the contents of a CSR context 00224 * 00225 * \param ctx CSR context to free 00226 */ 00227 void x509write_csr_free( x509write_csr *ctx ); 00228 00229 /** 00230 * \brief Write a CSR (Certificate Signing Request) to a 00231 * DER structure 00232 * Note: data is written at the end of the buffer! Use the 00233 * return value to determine where you should start 00234 * using the buffer 00235 * 00236 * \param ctx CSR to write away 00237 * \param buf buffer to write to 00238 * \param size size of the buffer 00239 * \param f_rng RNG function (for signature, see note) 00240 * \param p_rng RNG parameter 00241 * 00242 * \return length of data written if successful, or a specific 00243 * error code 00244 * 00245 * \note f_rng may be NULL if RSA is used for signature and the 00246 * signature is made offline (otherwise f_rng is desirable 00247 * for countermeasures against timing attacks). 00248 * ECDSA signatures always require a non-NULL f_rng. 00249 */ 00250 int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size, 00251 int (*f_rng)(void *, unsigned char *, size_t), 00252 void *p_rng ); 00253 00254 #if defined(POLARSSL_PEM_WRITE_C) 00255 /** 00256 * \brief Write a CSR (Certificate Signing Request) to a 00257 * PEM string 00258 * 00259 * \param ctx CSR to write away 00260 * \param buf buffer to write to 00261 * \param size size of the buffer 00262 * \param f_rng RNG function (for signature, see note) 00263 * \param p_rng RNG parameter 00264 * 00265 * \return 0 successful, or a specific error code 00266 * 00267 * \note f_rng may be NULL if RSA is used for signature and the 00268 * signature is made offline (otherwise f_rng is desirable 00269 * for couermeasures against timing attacks). 00270 * ECDSA signatures always require a non-NULL f_rng. 00271 */ 00272 int x509write_csr_pem( x509write_csr *ctx, unsigned char *buf, size_t size, 00273 int (*f_rng)(void *, unsigned char *, size_t), 00274 void *p_rng ); 00275 #endif /* POLARSSL_PEM_WRITE_C */ 00276 #endif /* POLARSSL_X509_CSR_WRITE_C */ 00277 00278 #ifdef __cplusplus 00279 } 00280 #endif 00281 00282 #endif /* x509_csr.h */ 00283 00284
Generated on Tue Jul 12 2022 19:40:21 by
1.7.2