x509_crl.h

00001 /**
00002  * \file x509_crl.h
00003  *
00004  * \brief X.509 certificate revocation list parsing
00005  *
00006  *  Copyright (C) 2006-2013, ARM Limited, All Rights Reserved
00007  *
00008  *  This file is part of mbed TLS (https://tls.mbed.org)
00009  *
00010  *  This program is free software; you can redistribute it and/or modify
00011  *  it under the terms of the GNU General Public License as published by
00012  *  the Free Software Foundation; either version 2 of the License, or
00013  *  (at your option) any later version.
00014  *
00015  *  This program is distributed in the hope that it will be useful,
00016  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00017  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00018  *  GNU General Public License for more details.
00019  *
00020  *  You should have received a copy of the GNU General Public License along
00021  *  with this program; if not, write to the Free Software Foundation, Inc.,
00022  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
00023  */
00024 #ifndef POLARSSL_X509_CRL_H
00025 #define POLARSSL_X509_CRL_H
00026 
00027 #if !defined(POLARSSL_CONFIG_FILE)
00028 #include "config.h"
00029 #else
00030 #include POLARSSL_CONFIG_FILE
00031 #endif
00032 
00033 #include "x509.h"
00034 
00035 #ifdef __cplusplus
00036 extern "C" {
00037 #endif
00038 
00039 /**
00040  * \addtogroup x509_module
00041  * \{ */
00042 
00043 /**
00044  * \name Structures and functions for parsing CRLs
00045  * \{
00046  */
00047 
00048 /**
00049  * Certificate revocation list entry.
00050  * Contains the CA-specific serial numbers and revocation dates.
00051  */
00052 typedef struct _x509_crl_entry
00053 {
00054     x509_buf raw;
00055 
00056     x509_buf serial;
00057 
00058     x509_time revocation_date;
00059 
00060     x509_buf entry_ext;
00061 
00062     struct _x509_crl_entry *next;
00063 }
00064 x509_crl_entry;
00065 
00066 /**
00067  * Certificate revocation list structure.
00068  * Every CRL may have multiple entries.
00069  */
00070 typedef struct _x509_crl
00071 {
00072     x509_buf raw;           /**< The raw certificate data (DER). */
00073     x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */
00074 
00075     int version;            /**< CRL version (1=v1, 2=v2) */
00076     x509_buf sig_oid1;
00077 
00078     x509_buf issuer_raw;    /**< The raw issuer data (DER). */
00079 
00080     x509_name issuer;       /**< The parsed issuer data (named information object). */
00081 
00082     x509_time this_update;
00083     x509_time next_update;
00084 
00085     x509_crl_entry entry;   /**< The CRL entries containing the certificate revocation times for this CA. */
00086 
00087     x509_buf crl_ext;
00088 
00089     x509_buf sig_oid2;
00090     x509_buf sig;
00091     md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
00092     pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */
00093     void *sig_opts;             /**< Signature options to be passed to pk_verify_ext(), e.g. for RSASSA-PSS */
00094 
00095     struct _x509_crl *next;
00096 }
00097 x509_crl;
00098 
00099 /**
00100  * \brief          Parse a DER-encoded CRL and append it to the chained list
00101  *
00102  * \param chain    points to the start of the chain
00103  * \param buf      buffer holding the CRL data in DER format
00104  * \param buflen   size of the buffer
00105  *
00106  * \return         0 if successful, or a specific X509 or PEM error code
00107  */
00108 int x509_crl_parse_der( x509_crl *chain,
00109                         const unsigned char *buf, size_t buflen );
00110 /**
00111  * \brief          Parse one or more CRLs and append them to the chained list
00112  *
00113  * \note           Mutliple CRLs are accepted only if using PEM format
00114  *
00115  * \param chain    points to the start of the chain
00116  * \param buf      buffer holding the CRL data in PEM or DER format
00117  * \param buflen   size of the buffer
00118  *
00119  * \return         0 if successful, or a specific X509 or PEM error code
00120  */
00121 int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen );
00122 
00123 #if defined(POLARSSL_FS_IO)
00124 /**
00125  * \brief          Load one or more CRLs and append them to the chained list
00126  *
00127  * \note           Mutliple CRLs are accepted only if using PEM format
00128  *
00129  * \param chain    points to the start of the chain
00130  * \param path     filename to read the CRLs from (in PEM or DER encoding)
00131  *
00132  * \return         0 if successful, or a specific X509 or PEM error code
00133  */
00134 int x509_crl_parse_file( x509_crl *chain, const char *path );
00135 #endif /* POLARSSL_FS_IO */
00136 
00137 /**
00138  * \brief          Returns an informational string about the CRL.
00139  *
00140  * \param buf      Buffer to write to
00141  * \param size     Maximum size of buffer
00142  * \param prefix   A line prefix
00143  * \param crl      The X509 CRL to represent
00144  *
00145  * \return         The amount of data written to the buffer, or -1 in
00146  *                 case of an error.
00147  */
00148 int x509_crl_info( char *buf, size_t size, const char *prefix,
00149                    const x509_crl *crl );
00150 
00151 /**
00152  * \brief          Initialize a CRL (chain)
00153  *
00154  * \param crl      CRL chain to initialize
00155  */
00156 void x509_crl_init( x509_crl *crl );
00157 
00158 /**
00159  * \brief          Unallocate all CRL data
00160  *
00161  * \param crl      CRL chain to free
00162  */
00163 void x509_crl_free( x509_crl *crl );
00164 
00165 /* \} name */
00166 /* \} addtogroup x509_module */
00167 
00168 #ifdef __cplusplus
00169 }
00170 #endif
00171 
00172 #endif /* x509_crl.h */
00173