Doug Anson / mbedTLSLibrary

mbed TLS library

Dependents:   HTTPClient-SSL WS_SERVER

include/polarssl/x509_crl.h@0:137634ff4186, 2015-06-11 (annotated)

Committer:
ansond
Date:
Thu Jun 11 03:27:03 2015 +0000
Revision:
0:137634ff4186
initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
ansond 0:137634ff4186 1 /**
ansond 0:137634ff4186 2 * \file x509_crl.h
ansond 0:137634ff4186 3 *
ansond 0:137634ff4186 4 * \brief X.509 certificate revocation list parsing
ansond 0:137634ff4186 5 *
ansond 0:137634ff4186 6 * Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
ansond 0:137634ff4186 7 *
ansond 0:137634ff4186 8 * This file is part of mbed TLS (https://tls.mbed.org)
ansond 0:137634ff4186 9 *
ansond 0:137634ff4186 10 * This program is free software; you can redistribute it and/or modify
ansond 0:137634ff4186 11 * it under the terms of the GNU General Public License as published by
ansond 0:137634ff4186 12 * the Free Software Foundation; either version 2 of the License, or
ansond 0:137634ff4186 13 * (at your option) any later version.
ansond 0:137634ff4186 14 *
ansond 0:137634ff4186 15 * This program is distributed in the hope that it will be useful,
ansond 0:137634ff4186 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
ansond 0:137634ff4186 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
ansond 0:137634ff4186 18 * GNU General Public License for more details.
ansond 0:137634ff4186 19 *
ansond 0:137634ff4186 20 * You should have received a copy of the GNU General Public License along
ansond 0:137634ff4186 21 * with this program; if not, write to the Free Software Foundation, Inc.,
ansond 0:137634ff4186 22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
ansond 0:137634ff4186 23 */
ansond 0:137634ff4186 24 #ifndef POLARSSL_X509_CRL_H
ansond 0:137634ff4186 25 #define POLARSSL_X509_CRL_H
ansond 0:137634ff4186 26
ansond 0:137634ff4186 27 #if !defined(POLARSSL_CONFIG_FILE)
ansond 0:137634ff4186 28 #include "config.h"
ansond 0:137634ff4186 29 #else
ansond 0:137634ff4186 30 #include POLARSSL_CONFIG_FILE
ansond 0:137634ff4186 31 #endif
ansond 0:137634ff4186 32
ansond 0:137634ff4186 33 #include "x509.h"
ansond 0:137634ff4186 34
ansond 0:137634ff4186 35 #ifdef __cplusplus
ansond 0:137634ff4186 36 extern "C" {
ansond 0:137634ff4186 37 #endif
ansond 0:137634ff4186 38
ansond 0:137634ff4186 39 /**
ansond 0:137634ff4186 40 * \addtogroup x509_module
ansond 0:137634ff4186 41 * \{ */
ansond 0:137634ff4186 42
ansond 0:137634ff4186 43 /**
ansond 0:137634ff4186 44 * \name Structures and functions for parsing CRLs
ansond 0:137634ff4186 45 * \{
ansond 0:137634ff4186 46 */
ansond 0:137634ff4186 47
ansond 0:137634ff4186 48 /**
ansond 0:137634ff4186 49 * Certificate revocation list entry.
ansond 0:137634ff4186 50 * Contains the CA-specific serial numbers and revocation dates.
ansond 0:137634ff4186 51 */
ansond 0:137634ff4186 52 typedef struct _x509_crl_entry
ansond 0:137634ff4186 53 {
ansond 0:137634ff4186 54 x509_buf raw;
ansond 0:137634ff4186 55
ansond 0:137634ff4186 56 x509_buf serial;
ansond 0:137634ff4186 57
ansond 0:137634ff4186 58 x509_time revocation_date;
ansond 0:137634ff4186 59
ansond 0:137634ff4186 60 x509_buf entry_ext;
ansond 0:137634ff4186 61
ansond 0:137634ff4186 62 struct _x509_crl_entry *next;
ansond 0:137634ff4186 63 }
ansond 0:137634ff4186 64 x509_crl_entry;
ansond 0:137634ff4186 65
ansond 0:137634ff4186 66 /**
ansond 0:137634ff4186 67 * Certificate revocation list structure.
ansond 0:137634ff4186 68 * Every CRL may have multiple entries.
ansond 0:137634ff4186 69 */
ansond 0:137634ff4186 70 typedef struct _x509_crl
ansond 0:137634ff4186 71 {
ansond 0:137634ff4186 72 x509_buf raw; /**< The raw certificate data (DER). */
ansond 0:137634ff4186 73 x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
ansond 0:137634ff4186 74
ansond 0:137634ff4186 75 int version; /**< CRL version (1=v1, 2=v2) */
ansond 0:137634ff4186 76 x509_buf sig_oid1;
ansond 0:137634ff4186 77
ansond 0:137634ff4186 78 x509_buf issuer_raw; /**< The raw issuer data (DER). */
ansond 0:137634ff4186 79
ansond 0:137634ff4186 80 x509_name issuer; /**< The parsed issuer data (named information object). */
ansond 0:137634ff4186 81
ansond 0:137634ff4186 82 x509_time this_update;
ansond 0:137634ff4186 83 x509_time next_update;
ansond 0:137634ff4186 84
ansond 0:137634ff4186 85 x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
ansond 0:137634ff4186 86
ansond 0:137634ff4186 87 x509_buf crl_ext;
ansond 0:137634ff4186 88
ansond 0:137634ff4186 89 x509_buf sig_oid2;
ansond 0:137634ff4186 90 x509_buf sig;
ansond 0:137634ff4186 91 md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
ansond 0:137634ff4186 92 pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
ansond 0:137634ff4186 93 void *sig_opts; /**< Signature options to be passed to pk_verify_ext(), e.g. for RSASSA-PSS */
ansond 0:137634ff4186 94
ansond 0:137634ff4186 95 struct _x509_crl *next;
ansond 0:137634ff4186 96 }
ansond 0:137634ff4186 97 x509_crl;
ansond 0:137634ff4186 98
ansond 0:137634ff4186 99 /**
ansond 0:137634ff4186 100 * \brief Parse a DER-encoded CRL and append it to the chained list
ansond 0:137634ff4186 101 *
ansond 0:137634ff4186 102 * \param chain points to the start of the chain
ansond 0:137634ff4186 103 * \param buf buffer holding the CRL data in DER format
ansond 0:137634ff4186 104 * \param buflen size of the buffer
ansond 0:137634ff4186 105 *
ansond 0:137634ff4186 106 * \return 0 if successful, or a specific X509 or PEM error code
ansond 0:137634ff4186 107 */
ansond 0:137634ff4186 108 int x509_crl_parse_der( x509_crl *chain,
ansond 0:137634ff4186 109 const unsigned char *buf, size_t buflen );
ansond 0:137634ff4186 110 /**
ansond 0:137634ff4186 111 * \brief Parse one or more CRLs and append them to the chained list
ansond 0:137634ff4186 112 *
ansond 0:137634ff4186 113 * \note Mutliple CRLs are accepted only if using PEM format
ansond 0:137634ff4186 114 *
ansond 0:137634ff4186 115 * \param chain points to the start of the chain
ansond 0:137634ff4186 116 * \param buf buffer holding the CRL data in PEM or DER format
ansond 0:137634ff4186 117 * \param buflen size of the buffer
ansond 0:137634ff4186 118 *
ansond 0:137634ff4186 119 * \return 0 if successful, or a specific X509 or PEM error code
ansond 0:137634ff4186 120 */
ansond 0:137634ff4186 121 int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen );
ansond 0:137634ff4186 122
ansond 0:137634ff4186 123 #if defined(POLARSSL_FS_IO)
ansond 0:137634ff4186 124 /**
ansond 0:137634ff4186 125 * \brief Load one or more CRLs and append them to the chained list
ansond 0:137634ff4186 126 *
ansond 0:137634ff4186 127 * \note Mutliple CRLs are accepted only if using PEM format
ansond 0:137634ff4186 128 *
ansond 0:137634ff4186 129 * \param chain points to the start of the chain
ansond 0:137634ff4186 130 * \param path filename to read the CRLs from (in PEM or DER encoding)
ansond 0:137634ff4186 131 *
ansond 0:137634ff4186 132 * \return 0 if successful, or a specific X509 or PEM error code
ansond 0:137634ff4186 133 */
ansond 0:137634ff4186 134 int x509_crl_parse_file( x509_crl *chain, const char *path );
ansond 0:137634ff4186 135 #endif /* POLARSSL_FS_IO */
ansond 0:137634ff4186 136
ansond 0:137634ff4186 137 /**
ansond 0:137634ff4186 138 * \brief Returns an informational string about the CRL.
ansond 0:137634ff4186 139 *
ansond 0:137634ff4186 140 * \param buf Buffer to write to
ansond 0:137634ff4186 141 * \param size Maximum size of buffer
ansond 0:137634ff4186 142 * \param prefix A line prefix
ansond 0:137634ff4186 143 * \param crl The X509 CRL to represent
ansond 0:137634ff4186 144 *
ansond 0:137634ff4186 145 * \return The amount of data written to the buffer, or -1 in
ansond 0:137634ff4186 146 * case of an error.
ansond 0:137634ff4186 147 */
ansond 0:137634ff4186 148 int x509_crl_info( char *buf, size_t size, const char *prefix,
ansond 0:137634ff4186 149 const x509_crl *crl );
ansond 0:137634ff4186 150
ansond 0:137634ff4186 151 /**
ansond 0:137634ff4186 152 * \brief Initialize a CRL (chain)
ansond 0:137634ff4186 153 *
ansond 0:137634ff4186 154 * \param crl CRL chain to initialize
ansond 0:137634ff4186 155 */
ansond 0:137634ff4186 156 void x509_crl_init( x509_crl *crl );
ansond 0:137634ff4186 157
ansond 0:137634ff4186 158 /**
ansond 0:137634ff4186 159 * \brief Unallocate all CRL data
ansond 0:137634ff4186 160 *
ansond 0:137634ff4186 161 * \param crl CRL chain to free
ansond 0:137634ff4186 162 */
ansond 0:137634ff4186 163 void x509_crl_free( x509_crl *crl );
ansond 0:137634ff4186 164
ansond 0:137634ff4186 165 /* \} name */
ansond 0:137634ff4186 166 /* \} addtogroup x509_module */
ansond 0:137634ff4186 167
ansond 0:137634ff4186 168 #ifdef __cplusplus
ansond 0:137634ff4186 169 }
ansond 0:137634ff4186 170 #endif
ansond 0:137634ff4186 171
ansond 0:137634ff4186 172 #endif /* x509_crl.h */
ansond 0:137634ff4186 173