Doug Anson
mbed TLS library
Dependents: HTTPClient-SSL WS_SERVER
include/polarssl/x509.h@0:137634ff4186, 2015-06-11 (annotated)
- Committer:
- ansond
- Date:
- Thu Jun 11 03:27:03 2015 +0000
- Revision:
- 0:137634ff4186
initial commit
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| ansond | 0:137634ff4186 | 1 | /** |
| ansond | 0:137634ff4186 | 2 | * \file x509.h |
| ansond | 0:137634ff4186 | 3 | * |
| ansond | 0:137634ff4186 | 4 | * \brief X.509 generic defines and structures |
| ansond | 0:137634ff4186 | 5 | * |
| ansond | 0:137634ff4186 | 6 | * Copyright (C) 2006-2014, ARM Limited, All Rights Reserved |
| ansond | 0:137634ff4186 | 7 | * |
| ansond | 0:137634ff4186 | 8 | * This file is part of mbed TLS (https://tls.mbed.org) |
| ansond | 0:137634ff4186 | 9 | * |
| ansond | 0:137634ff4186 | 10 | * This program is free software; you can redistribute it and/or modify |
| ansond | 0:137634ff4186 | 11 | * it under the terms of the GNU General Public License as published by |
| ansond | 0:137634ff4186 | 12 | * the Free Software Foundation; either version 2 of the License, or |
| ansond | 0:137634ff4186 | 13 | * (at your option) any later version. |
| ansond | 0:137634ff4186 | 14 | * |
| ansond | 0:137634ff4186 | 15 | * This program is distributed in the hope that it will be useful, |
| ansond | 0:137634ff4186 | 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| ansond | 0:137634ff4186 | 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| ansond | 0:137634ff4186 | 18 | * GNU General Public License for more details. |
| ansond | 0:137634ff4186 | 19 | * |
| ansond | 0:137634ff4186 | 20 | * You should have received a copy of the GNU General Public License along |
| ansond | 0:137634ff4186 | 21 | * with this program; if not, write to the Free Software Foundation, Inc., |
| ansond | 0:137634ff4186 | 22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| ansond | 0:137634ff4186 | 23 | */ |
| ansond | 0:137634ff4186 | 24 | #ifndef POLARSSL_X509_H |
| ansond | 0:137634ff4186 | 25 | #define POLARSSL_X509_H |
| ansond | 0:137634ff4186 | 26 | |
| ansond | 0:137634ff4186 | 27 | #if !defined(POLARSSL_CONFIG_FILE) |
| ansond | 0:137634ff4186 | 28 | #include "config.h" |
| ansond | 0:137634ff4186 | 29 | #else |
| ansond | 0:137634ff4186 | 30 | #include POLARSSL_CONFIG_FILE |
| ansond | 0:137634ff4186 | 31 | #endif |
| ansond | 0:137634ff4186 | 32 | |
| ansond | 0:137634ff4186 | 33 | #include "asn1.h" |
| ansond | 0:137634ff4186 | 34 | #include "pk.h" |
| ansond | 0:137634ff4186 | 35 | |
| ansond | 0:137634ff4186 | 36 | #if defined(POLARSSL_RSA_C) |
| ansond | 0:137634ff4186 | 37 | #include "rsa.h" |
| ansond | 0:137634ff4186 | 38 | #endif |
| ansond | 0:137634ff4186 | 39 | |
| ansond | 0:137634ff4186 | 40 | /** |
| ansond | 0:137634ff4186 | 41 | * \addtogroup x509_module |
| ansond | 0:137634ff4186 | 42 | * \{ |
| ansond | 0:137634ff4186 | 43 | */ |
| ansond | 0:137634ff4186 | 44 | |
| ansond | 0:137634ff4186 | 45 | #if !defined(POLARSSL_X509_MAX_INTERMEDIATE_CA) |
| ansond | 0:137634ff4186 | 46 | /** |
| ansond | 0:137634ff4186 | 47 | * Maximum number of intermediate CAs in a verification chain. |
| ansond | 0:137634ff4186 | 48 | * That is, maximum length of the chain, excluding the end-entity certificate |
| ansond | 0:137634ff4186 | 49 | * and the trusted root certificate. |
| ansond | 0:137634ff4186 | 50 | * |
| ansond | 0:137634ff4186 | 51 | * Set this to a low value to prevent an adversary from making you waste |
| ansond | 0:137634ff4186 | 52 | * resources verifying an overlong certificate chain. |
| ansond | 0:137634ff4186 | 53 | */ |
| ansond | 0:137634ff4186 | 54 | #define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 |
| ansond | 0:137634ff4186 | 55 | #endif |
| ansond | 0:137634ff4186 | 56 | |
| ansond | 0:137634ff4186 | 57 | /** |
| ansond | 0:137634ff4186 | 58 | * \name X509 Error codes |
| ansond | 0:137634ff4186 | 59 | * \{ |
| ansond | 0:137634ff4186 | 60 | */ |
| ansond | 0:137634ff4186 | 61 | #define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080 /**< Unavailable feature, e.g. RSA hashing/encryption combination. */ |
| ansond | 0:137634ff4186 | 62 | #define POLARSSL_ERR_X509_UNKNOWN_OID -0x2100 /**< Requested OID is unknown. */ |
| ansond | 0:137634ff4186 | 63 | #define POLARSSL_ERR_X509_INVALID_FORMAT -0x2180 /**< The CRT/CRL/CSR format is invalid, e.g. different type expected. */ |
| ansond | 0:137634ff4186 | 64 | #define POLARSSL_ERR_X509_INVALID_VERSION -0x2200 /**< The CRT/CRL/CSR version element is invalid. */ |
| ansond | 0:137634ff4186 | 65 | #define POLARSSL_ERR_X509_INVALID_SERIAL -0x2280 /**< The serial tag or value is invalid. */ |
| ansond | 0:137634ff4186 | 66 | #define POLARSSL_ERR_X509_INVALID_ALG -0x2300 /**< The algorithm tag or value is invalid. */ |
| ansond | 0:137634ff4186 | 67 | #define POLARSSL_ERR_X509_INVALID_NAME -0x2380 /**< The name tag or value is invalid. */ |
| ansond | 0:137634ff4186 | 68 | #define POLARSSL_ERR_X509_INVALID_DATE -0x2400 /**< The date tag or value is invalid. */ |
| ansond | 0:137634ff4186 | 69 | #define POLARSSL_ERR_X509_INVALID_SIGNATURE -0x2480 /**< The signature tag or value invalid. */ |
| ansond | 0:137634ff4186 | 70 | #define POLARSSL_ERR_X509_INVALID_EXTENSIONS -0x2500 /**< The extension tag or value is invalid. */ |
| ansond | 0:137634ff4186 | 71 | #define POLARSSL_ERR_X509_UNKNOWN_VERSION -0x2580 /**< CRT/CRL/CSR has an unsupported version number. */ |
| ansond | 0:137634ff4186 | 72 | #define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG -0x2600 /**< Signature algorithm (oid) is unsupported. */ |
| ansond | 0:137634ff4186 | 73 | #define POLARSSL_ERR_X509_SIG_MISMATCH -0x2680 /**< Signature algorithms do not match. (see \c ::x509_crt sig_oid) */ |
| ansond | 0:137634ff4186 | 74 | #define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2700 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */ |
| ansond | 0:137634ff4186 | 75 | #define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /**< Format not recognized as DER or PEM. */ |
| ansond | 0:137634ff4186 | 76 | #define POLARSSL_ERR_X509_BAD_INPUT_DATA -0x2800 /**< Input invalid. */ |
| ansond | 0:137634ff4186 | 77 | #define POLARSSL_ERR_X509_MALLOC_FAILED -0x2880 /**< Allocation of memory failed. */ |
| ansond | 0:137634ff4186 | 78 | #define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */ |
| ansond | 0:137634ff4186 | 79 | /* \} name */ |
| ansond | 0:137634ff4186 | 80 | |
| ansond | 0:137634ff4186 | 81 | /** |
| ansond | 0:137634ff4186 | 82 | * \name X509 Verify codes |
| ansond | 0:137634ff4186 | 83 | * \{ |
| ansond | 0:137634ff4186 | 84 | */ |
| ansond | 0:137634ff4186 | 85 | /* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */ |
| ansond | 0:137634ff4186 | 86 | #define BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ |
| ansond | 0:137634ff4186 | 87 | #define BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */ |
| ansond | 0:137634ff4186 | 88 | #define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */ |
| ansond | 0:137634ff4186 | 89 | #define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */ |
| ansond | 0:137634ff4186 | 90 | #define BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */ |
| ansond | 0:137634ff4186 | 91 | #define BADCRL_EXPIRED 0x20 /**< The CRL is expired. */ |
| ansond | 0:137634ff4186 | 92 | #define BADCERT_MISSING 0x40 /**< Certificate was missing. */ |
| ansond | 0:137634ff4186 | 93 | #define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */ |
| ansond | 0:137634ff4186 | 94 | #define BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */ |
| ansond | 0:137634ff4186 | 95 | #define BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */ |
| ansond | 0:137634ff4186 | 96 | #define BADCRL_FUTURE 0x0400 /**< The CRL is from the future */ |
| ansond | 0:137634ff4186 | 97 | #define BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */ |
| ansond | 0:137634ff4186 | 98 | #define BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */ |
| ansond | 0:137634ff4186 | 99 | #define BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */ |
| ansond | 0:137634ff4186 | 100 | /* \} name */ |
| ansond | 0:137634ff4186 | 101 | /* \} addtogroup x509_module */ |
| ansond | 0:137634ff4186 | 102 | |
| ansond | 0:137634ff4186 | 103 | /* |
| ansond | 0:137634ff4186 | 104 | * X.509 v3 Key Usage Extension flags |
| ansond | 0:137634ff4186 | 105 | */ |
| ansond | 0:137634ff4186 | 106 | #define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */ |
| ansond | 0:137634ff4186 | 107 | #define KU_NON_REPUDIATION (0x40) /* bit 1 */ |
| ansond | 0:137634ff4186 | 108 | #define KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */ |
| ansond | 0:137634ff4186 | 109 | #define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */ |
| ansond | 0:137634ff4186 | 110 | #define KU_KEY_AGREEMENT (0x08) /* bit 4 */ |
| ansond | 0:137634ff4186 | 111 | #define KU_KEY_CERT_SIGN (0x04) /* bit 5 */ |
| ansond | 0:137634ff4186 | 112 | #define KU_CRL_SIGN (0x02) /* bit 6 */ |
| ansond | 0:137634ff4186 | 113 | |
| ansond | 0:137634ff4186 | 114 | /* |
| ansond | 0:137634ff4186 | 115 | * Netscape certificate types |
| ansond | 0:137634ff4186 | 116 | * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html) |
| ansond | 0:137634ff4186 | 117 | */ |
| ansond | 0:137634ff4186 | 118 | |
| ansond | 0:137634ff4186 | 119 | #define NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */ |
| ansond | 0:137634ff4186 | 120 | #define NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ |
| ansond | 0:137634ff4186 | 121 | #define NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */ |
| ansond | 0:137634ff4186 | 122 | #define NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */ |
| ansond | 0:137634ff4186 | 123 | #define NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */ |
| ansond | 0:137634ff4186 | 124 | #define NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */ |
| ansond | 0:137634ff4186 | 125 | #define NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ |
| ansond | 0:137634ff4186 | 126 | #define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ |
| ansond | 0:137634ff4186 | 127 | |
| ansond | 0:137634ff4186 | 128 | /* |
| ansond | 0:137634ff4186 | 129 | * X.509 extension types |
| ansond | 0:137634ff4186 | 130 | * |
| ansond | 0:137634ff4186 | 131 | * Comments refer to the status for using certificates. Status can be |
| ansond | 0:137634ff4186 | 132 | * different for writing certificates or reading CRLs or CSRs. |
| ansond | 0:137634ff4186 | 133 | */ |
| ansond | 0:137634ff4186 | 134 | #define EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) |
| ansond | 0:137634ff4186 | 135 | #define EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) |
| ansond | 0:137634ff4186 | 136 | #define EXT_KEY_USAGE (1 << 2) /* Parsed but not used */ |
| ansond | 0:137634ff4186 | 137 | #define EXT_CERTIFICATE_POLICIES (1 << 3) |
| ansond | 0:137634ff4186 | 138 | #define EXT_POLICY_MAPPINGS (1 << 4) |
| ansond | 0:137634ff4186 | 139 | #define EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */ |
| ansond | 0:137634ff4186 | 140 | #define EXT_ISSUER_ALT_NAME (1 << 6) |
| ansond | 0:137634ff4186 | 141 | #define EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) |
| ansond | 0:137634ff4186 | 142 | #define EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */ |
| ansond | 0:137634ff4186 | 143 | #define EXT_NAME_CONSTRAINTS (1 << 9) |
| ansond | 0:137634ff4186 | 144 | #define EXT_POLICY_CONSTRAINTS (1 << 10) |
| ansond | 0:137634ff4186 | 145 | #define EXT_EXTENDED_KEY_USAGE (1 << 11) /* Parsed but not used */ |
| ansond | 0:137634ff4186 | 146 | #define EXT_CRL_DISTRIBUTION_POINTS (1 << 12) |
| ansond | 0:137634ff4186 | 147 | #define EXT_INIHIBIT_ANYPOLICY (1 << 13) |
| ansond | 0:137634ff4186 | 148 | #define EXT_FRESHEST_CRL (1 << 14) |
| ansond | 0:137634ff4186 | 149 | |
| ansond | 0:137634ff4186 | 150 | #define EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */ |
| ansond | 0:137634ff4186 | 151 | |
| ansond | 0:137634ff4186 | 152 | /* |
| ansond | 0:137634ff4186 | 153 | * Storage format identifiers |
| ansond | 0:137634ff4186 | 154 | * Recognized formats: PEM and DER |
| ansond | 0:137634ff4186 | 155 | */ |
| ansond | 0:137634ff4186 | 156 | #define X509_FORMAT_DER 1 |
| ansond | 0:137634ff4186 | 157 | #define X509_FORMAT_PEM 2 |
| ansond | 0:137634ff4186 | 158 | |
| ansond | 0:137634ff4186 | 159 | #define X509_MAX_DN_NAME_SIZE 256 /**< Maximum value size of a DN entry */ |
| ansond | 0:137634ff4186 | 160 | |
| ansond | 0:137634ff4186 | 161 | #ifdef __cplusplus |
| ansond | 0:137634ff4186 | 162 | extern "C" { |
| ansond | 0:137634ff4186 | 163 | #endif |
| ansond | 0:137634ff4186 | 164 | |
| ansond | 0:137634ff4186 | 165 | /** |
| ansond | 0:137634ff4186 | 166 | * \addtogroup x509_module |
| ansond | 0:137634ff4186 | 167 | * \{ */ |
| ansond | 0:137634ff4186 | 168 | |
| ansond | 0:137634ff4186 | 169 | /** |
| ansond | 0:137634ff4186 | 170 | * \name Structures for parsing X.509 certificates, CRLs and CSRs |
| ansond | 0:137634ff4186 | 171 | * \{ |
| ansond | 0:137634ff4186 | 172 | */ |
| ansond | 0:137634ff4186 | 173 | |
| ansond | 0:137634ff4186 | 174 | /** |
| ansond | 0:137634ff4186 | 175 | * Type-length-value structure that allows for ASN1 using DER. |
| ansond | 0:137634ff4186 | 176 | */ |
| ansond | 0:137634ff4186 | 177 | typedef asn1_buf x509_buf; |
| ansond | 0:137634ff4186 | 178 | |
| ansond | 0:137634ff4186 | 179 | /** |
| ansond | 0:137634ff4186 | 180 | * Container for ASN1 bit strings. |
| ansond | 0:137634ff4186 | 181 | */ |
| ansond | 0:137634ff4186 | 182 | typedef asn1_bitstring x509_bitstring; |
| ansond | 0:137634ff4186 | 183 | |
| ansond | 0:137634ff4186 | 184 | /** |
| ansond | 0:137634ff4186 | 185 | * Container for ASN1 named information objects. |
| ansond | 0:137634ff4186 | 186 | * It allows for Relative Distinguished Names (e.g. cn=polarssl,ou=code,etc.). |
| ansond | 0:137634ff4186 | 187 | */ |
| ansond | 0:137634ff4186 | 188 | typedef asn1_named_data x509_name; |
| ansond | 0:137634ff4186 | 189 | |
| ansond | 0:137634ff4186 | 190 | /** |
| ansond | 0:137634ff4186 | 191 | * Container for a sequence of ASN.1 items |
| ansond | 0:137634ff4186 | 192 | */ |
| ansond | 0:137634ff4186 | 193 | typedef asn1_sequence x509_sequence; |
| ansond | 0:137634ff4186 | 194 | |
| ansond | 0:137634ff4186 | 195 | /** Container for date and time (precision in seconds). */ |
| ansond | 0:137634ff4186 | 196 | typedef struct _x509_time |
| ansond | 0:137634ff4186 | 197 | { |
| ansond | 0:137634ff4186 | 198 | int year, mon, day; /**< Date. */ |
| ansond | 0:137634ff4186 | 199 | int hour, min, sec; /**< Time. */ |
| ansond | 0:137634ff4186 | 200 | } |
| ansond | 0:137634ff4186 | 201 | x509_time; |
| ansond | 0:137634ff4186 | 202 | |
| ansond | 0:137634ff4186 | 203 | /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */ |
| ansond | 0:137634ff4186 | 204 | /** \} addtogroup x509_module */ |
| ansond | 0:137634ff4186 | 205 | |
| ansond | 0:137634ff4186 | 206 | /** |
| ansond | 0:137634ff4186 | 207 | * \brief Store the certificate DN in printable form into buf; |
| ansond | 0:137634ff4186 | 208 | * no more than size characters will be written. |
| ansond | 0:137634ff4186 | 209 | * |
| ansond | 0:137634ff4186 | 210 | * \param buf Buffer to write to |
| ansond | 0:137634ff4186 | 211 | * \param size Maximum size of buffer |
| ansond | 0:137634ff4186 | 212 | * \param dn The X509 name to represent |
| ansond | 0:137634ff4186 | 213 | * |
| ansond | 0:137634ff4186 | 214 | * \return The amount of data written to the buffer, or -1 in |
| ansond | 0:137634ff4186 | 215 | * case of an error. |
| ansond | 0:137634ff4186 | 216 | */ |
| ansond | 0:137634ff4186 | 217 | int x509_dn_gets( char *buf, size_t size, const x509_name *dn ); |
| ansond | 0:137634ff4186 | 218 | |
| ansond | 0:137634ff4186 | 219 | /** |
| ansond | 0:137634ff4186 | 220 | * \brief Store the certificate serial in printable form into buf; |
| ansond | 0:137634ff4186 | 221 | * no more than size characters will be written. |
| ansond | 0:137634ff4186 | 222 | * |
| ansond | 0:137634ff4186 | 223 | * \param buf Buffer to write to |
| ansond | 0:137634ff4186 | 224 | * \param size Maximum size of buffer |
| ansond | 0:137634ff4186 | 225 | * \param serial The X509 serial to represent |
| ansond | 0:137634ff4186 | 226 | * |
| ansond | 0:137634ff4186 | 227 | * \return The amount of data written to the buffer, or -1 in |
| ansond | 0:137634ff4186 | 228 | * case of an error. |
| ansond | 0:137634ff4186 | 229 | */ |
| ansond | 0:137634ff4186 | 230 | int x509_serial_gets( char *buf, size_t size, const x509_buf *serial ); |
| ansond | 0:137634ff4186 | 231 | |
| ansond | 0:137634ff4186 | 232 | #if ! defined(POLARSSL_DEPRECATED_REMOVED) |
| ansond | 0:137634ff4186 | 233 | #if defined(POLARSSL_DEPRECATED_WARNING) |
| ansond | 0:137634ff4186 | 234 | #define DEPRECATED __attribute__((deprecated)) |
| ansond | 0:137634ff4186 | 235 | #else |
| ansond | 0:137634ff4186 | 236 | #define DEPRECATED |
| ansond | 0:137634ff4186 | 237 | #endif |
| ansond | 0:137634ff4186 | 238 | /** |
| ansond | 0:137634ff4186 | 239 | * \brief Give an known OID, return its descriptive string. |
| ansond | 0:137634ff4186 | 240 | * |
| ansond | 0:137634ff4186 | 241 | * \deprecated Use oid_get_extended_key_usage() instead. |
| ansond | 0:137634ff4186 | 242 | * |
| ansond | 0:137634ff4186 | 243 | * \warning Only works for extended_key_usage OIDs! |
| ansond | 0:137634ff4186 | 244 | * |
| ansond | 0:137634ff4186 | 245 | * \param oid buffer containing the oid |
| ansond | 0:137634ff4186 | 246 | * |
| ansond | 0:137634ff4186 | 247 | * \return Return a string if the OID is known, |
| ansond | 0:137634ff4186 | 248 | * or NULL otherwise. |
| ansond | 0:137634ff4186 | 249 | */ |
| ansond | 0:137634ff4186 | 250 | const char *x509_oid_get_description( x509_buf *oid ) DEPRECATED; |
| ansond | 0:137634ff4186 | 251 | |
| ansond | 0:137634ff4186 | 252 | /** |
| ansond | 0:137634ff4186 | 253 | * \brief Give an OID, return a string version of its OID number. |
| ansond | 0:137634ff4186 | 254 | * |
| ansond | 0:137634ff4186 | 255 | * \deprecated Use oid_get_numeric_string() instead. |
| ansond | 0:137634ff4186 | 256 | * |
| ansond | 0:137634ff4186 | 257 | * \param buf Buffer to write to |
| ansond | 0:137634ff4186 | 258 | * \param size Maximum size of buffer |
| ansond | 0:137634ff4186 | 259 | * \param oid Buffer containing the OID |
| ansond | 0:137634ff4186 | 260 | * |
| ansond | 0:137634ff4186 | 261 | * \return Length of the string written (excluding final NULL) or |
| ansond | 0:137634ff4186 | 262 | * POLARSSL_ERR_OID_BUF_TO_SMALL in case of error |
| ansond | 0:137634ff4186 | 263 | */ |
| ansond | 0:137634ff4186 | 264 | int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid ) DEPRECATED; |
| ansond | 0:137634ff4186 | 265 | #undef DEPRECATED |
| ansond | 0:137634ff4186 | 266 | #endif /* POLARSSL_DEPRECATED_REMOVED */ |
| ansond | 0:137634ff4186 | 267 | |
| ansond | 0:137634ff4186 | 268 | /** |
| ansond | 0:137634ff4186 | 269 | * \brief Check a given x509_time against the system time and check |
| ansond | 0:137634ff4186 | 270 | * if it is not expired. |
| ansond | 0:137634ff4186 | 271 | * |
| ansond | 0:137634ff4186 | 272 | * \param time x509_time to check |
| ansond | 0:137634ff4186 | 273 | * |
| ansond | 0:137634ff4186 | 274 | * \return 0 if the x509_time is still valid, |
| ansond | 0:137634ff4186 | 275 | * 1 otherwise. |
| ansond | 0:137634ff4186 | 276 | */ |
| ansond | 0:137634ff4186 | 277 | int x509_time_expired( const x509_time *time ); |
| ansond | 0:137634ff4186 | 278 | |
| ansond | 0:137634ff4186 | 279 | /** |
| ansond | 0:137634ff4186 | 280 | * \brief Check a given x509_time against the system time and check |
| ansond | 0:137634ff4186 | 281 | * if it is not from the future. |
| ansond | 0:137634ff4186 | 282 | * |
| ansond | 0:137634ff4186 | 283 | * \param time x509_time to check |
| ansond | 0:137634ff4186 | 284 | * |
| ansond | 0:137634ff4186 | 285 | * \return 0 if the x509_time is already valid, |
| ansond | 0:137634ff4186 | 286 | * 1 otherwise. |
| ansond | 0:137634ff4186 | 287 | */ |
| ansond | 0:137634ff4186 | 288 | int x509_time_future( const x509_time *time ); |
| ansond | 0:137634ff4186 | 289 | |
| ansond | 0:137634ff4186 | 290 | /** |
| ansond | 0:137634ff4186 | 291 | * \brief Checkup routine |
| ansond | 0:137634ff4186 | 292 | * |
| ansond | 0:137634ff4186 | 293 | * \return 0 if successful, or 1 if the test failed |
| ansond | 0:137634ff4186 | 294 | */ |
| ansond | 0:137634ff4186 | 295 | int x509_self_test( int verbose ); |
| ansond | 0:137634ff4186 | 296 | |
| ansond | 0:137634ff4186 | 297 | /* |
| ansond | 0:137634ff4186 | 298 | * Internal module functions. You probably do not want to use these unless you |
| ansond | 0:137634ff4186 | 299 | * know you do. |
| ansond | 0:137634ff4186 | 300 | */ |
| ansond | 0:137634ff4186 | 301 | int x509_get_name( unsigned char **p, const unsigned char *end, |
| ansond | 0:137634ff4186 | 302 | x509_name *cur ); |
| ansond | 0:137634ff4186 | 303 | int x509_get_alg_null( unsigned char **p, const unsigned char *end, |
| ansond | 0:137634ff4186 | 304 | x509_buf *alg ); |
| ansond | 0:137634ff4186 | 305 | int x509_get_alg( unsigned char **p, const unsigned char *end, |
| ansond | 0:137634ff4186 | 306 | x509_buf *alg, x509_buf *params ); |
| ansond | 0:137634ff4186 | 307 | #if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) |
| ansond | 0:137634ff4186 | 308 | int x509_get_rsassa_pss_params( const x509_buf *params, |
| ansond | 0:137634ff4186 | 309 | md_type_t *md_alg, md_type_t *mgf_md, |
| ansond | 0:137634ff4186 | 310 | int *salt_len ); |
| ansond | 0:137634ff4186 | 311 | #endif |
| ansond | 0:137634ff4186 | 312 | int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig ); |
| ansond | 0:137634ff4186 | 313 | int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params, |
| ansond | 0:137634ff4186 | 314 | md_type_t *md_alg, pk_type_t *pk_alg, |
| ansond | 0:137634ff4186 | 315 | void **sig_opts ); |
| ansond | 0:137634ff4186 | 316 | int x509_get_time( unsigned char **p, const unsigned char *end, |
| ansond | 0:137634ff4186 | 317 | x509_time *time ); |
| ansond | 0:137634ff4186 | 318 | int x509_get_serial( unsigned char **p, const unsigned char *end, |
| ansond | 0:137634ff4186 | 319 | x509_buf *serial ); |
| ansond | 0:137634ff4186 | 320 | int x509_get_ext( unsigned char **p, const unsigned char *end, |
| ansond | 0:137634ff4186 | 321 | x509_buf *ext, int tag ); |
| ansond | 0:137634ff4186 | 322 | int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid, |
| ansond | 0:137634ff4186 | 323 | pk_type_t pk_alg, md_type_t md_alg, |
| ansond | 0:137634ff4186 | 324 | const void *sig_opts ); |
| ansond | 0:137634ff4186 | 325 | int x509_key_size_helper( char *buf, size_t size, const char *name ); |
| ansond | 0:137634ff4186 | 326 | int x509_string_to_names( asn1_named_data **head, const char *name ); |
| ansond | 0:137634ff4186 | 327 | int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid_len, |
| ansond | 0:137634ff4186 | 328 | int critical, const unsigned char *val, |
| ansond | 0:137634ff4186 | 329 | size_t val_len ); |
| ansond | 0:137634ff4186 | 330 | int x509_write_extensions( unsigned char **p, unsigned char *start, |
| ansond | 0:137634ff4186 | 331 | asn1_named_data *first ); |
| ansond | 0:137634ff4186 | 332 | int x509_write_names( unsigned char **p, unsigned char *start, |
| ansond | 0:137634ff4186 | 333 | asn1_named_data *first ); |
| ansond | 0:137634ff4186 | 334 | int x509_write_sig( unsigned char **p, unsigned char *start, |
| ansond | 0:137634ff4186 | 335 | const char *oid, size_t oid_len, |
| ansond | 0:137634ff4186 | 336 | unsigned char *sig, size_t size ); |
| ansond | 0:137634ff4186 | 337 | |
| ansond | 0:137634ff4186 | 338 | #ifdef __cplusplus |
| ansond | 0:137634ff4186 | 339 | } |
| ansond | 0:137634ff4186 | 340 | #endif |
| ansond | 0:137634ff4186 | 341 | |
| ansond | 0:137634ff4186 | 342 | #endif /* x509.h */ |
| ansond | 0:137634ff4186 | 343 |