Austin Blackstone / Mbed 2 deprecated client-lwip-lightswitch-demo-expanded

mbed client lightswitch demo

Dependencies:   mbed Socket lwip-eth lwip-sys lwip

Fork of mbed-client-classic-example-lwip by Austin Blackstone

mbedtls/mbedtls/x509_csr.h@11:cada08fc8a70, 2016-06-09 (annotated)

Committer:
mbedAustin
Date:
Thu Jun 09 17:08:36 2016 +0000
Revision:
11:cada08fc8a70
Commit for public Consumption

Who changed what in which revision?

UserRevisionLine numberNew contents of line
mbedAustin 11:cada08fc8a70 1 /**
mbedAustin 11:cada08fc8a70 2 * \file mbedtls_x509_csr.h
mbedAustin 11:cada08fc8a70 3 *
mbedAustin 11:cada08fc8a70 4 * \brief X.509 certificate signing request parsing and writing
mbedAustin 11:cada08fc8a70 5 *
mbedAustin 11:cada08fc8a70 6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
mbedAustin 11:cada08fc8a70 7 * SPDX-License-Identifier: Apache-2.0
mbedAustin 11:cada08fc8a70 8 *
mbedAustin 11:cada08fc8a70 9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
mbedAustin 11:cada08fc8a70 10 * not use this file except in compliance with the License.
mbedAustin 11:cada08fc8a70 11 * You may obtain a copy of the License at
mbedAustin 11:cada08fc8a70 12 *
mbedAustin 11:cada08fc8a70 13 * http://www.apache.org/licenses/LICENSE-2.0
mbedAustin 11:cada08fc8a70 14 *
mbedAustin 11:cada08fc8a70 15 * Unless required by applicable law or agreed to in writing, software
mbedAustin 11:cada08fc8a70 16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
mbedAustin 11:cada08fc8a70 17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
mbedAustin 11:cada08fc8a70 18 * See the License for the specific language governing permissions and
mbedAustin 11:cada08fc8a70 19 * limitations under the License.
mbedAustin 11:cada08fc8a70 20 *
mbedAustin 11:cada08fc8a70 21 * This file is part of mbed TLS (https://tls.mbed.org)
mbedAustin 11:cada08fc8a70 22 */
mbedAustin 11:cada08fc8a70 23 #ifndef MBEDTLS_X509_CSR_H
mbedAustin 11:cada08fc8a70 24 #define MBEDTLS_X509_CSR_H
mbedAustin 11:cada08fc8a70 25
mbedAustin 11:cada08fc8a70 26 #if !defined(MBEDTLS_CONFIG_FILE)
mbedAustin 11:cada08fc8a70 27 #include "config.h"
mbedAustin 11:cada08fc8a70 28 #else
mbedAustin 11:cada08fc8a70 29 #include MBEDTLS_CONFIG_FILE
mbedAustin 11:cada08fc8a70 30 #endif
mbedAustin 11:cada08fc8a70 31
mbedAustin 11:cada08fc8a70 32 #include "x509.h"
mbedAustin 11:cada08fc8a70 33
mbedAustin 11:cada08fc8a70 34 #ifdef __cplusplus
mbedAustin 11:cada08fc8a70 35 extern "C" {
mbedAustin 11:cada08fc8a70 36 #endif
mbedAustin 11:cada08fc8a70 37
mbedAustin 11:cada08fc8a70 38 /**
mbedAustin 11:cada08fc8a70 39 * \addtogroup x509_module
mbedAustin 11:cada08fc8a70 40 * \{ */
mbedAustin 11:cada08fc8a70 41
mbedAustin 11:cada08fc8a70 42 /**
mbedAustin 11:cada08fc8a70 43 * \name Structures and functions for X.509 Certificate Signing Requests (CSR)
mbedAustin 11:cada08fc8a70 44 * \{
mbedAustin 11:cada08fc8a70 45 */
mbedAustin 11:cada08fc8a70 46
mbedAustin 11:cada08fc8a70 47 /**
mbedAustin 11:cada08fc8a70 48 * Certificate Signing Request (CSR) structure.
mbedAustin 11:cada08fc8a70 49 */
mbedAustin 11:cada08fc8a70 50 typedef struct mbedtls_x509_csr
mbedAustin 11:cada08fc8a70 51 {
mbedAustin 11:cada08fc8a70 52 mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
mbedAustin 11:cada08fc8a70 53 mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
mbedAustin 11:cada08fc8a70 54
mbedAustin 11:cada08fc8a70 55 int version; /**< CSR version (1=v1). */
mbedAustin 11:cada08fc8a70 56
mbedAustin 11:cada08fc8a70 57 mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */
mbedAustin 11:cada08fc8a70 58 mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
mbedAustin 11:cada08fc8a70 59
mbedAustin 11:cada08fc8a70 60 mbedtls_pk_context pk; /**< Container for the public key context. */
mbedAustin 11:cada08fc8a70 61
mbedAustin 11:cada08fc8a70 62 mbedtls_x509_buf sig_oid;
mbedAustin 11:cada08fc8a70 63 mbedtls_x509_buf sig;
mbedAustin 11:cada08fc8a70 64 mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedAustin 11:cada08fc8a70 65 mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
mbedAustin 11:cada08fc8a70 66 void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
mbedAustin 11:cada08fc8a70 67 }
mbedAustin 11:cada08fc8a70 68 mbedtls_x509_csr;
mbedAustin 11:cada08fc8a70 69
mbedAustin 11:cada08fc8a70 70 /**
mbedAustin 11:cada08fc8a70 71 * Container for writing a CSR
mbedAustin 11:cada08fc8a70 72 */
mbedAustin 11:cada08fc8a70 73 typedef struct mbedtls_x509write_csr
mbedAustin 11:cada08fc8a70 74 {
mbedAustin 11:cada08fc8a70 75 mbedtls_pk_context *key;
mbedAustin 11:cada08fc8a70 76 mbedtls_asn1_named_data *subject;
mbedAustin 11:cada08fc8a70 77 mbedtls_md_type_t md_alg;
mbedAustin 11:cada08fc8a70 78 mbedtls_asn1_named_data *extensions;
mbedAustin 11:cada08fc8a70 79 }
mbedAustin 11:cada08fc8a70 80 mbedtls_x509write_csr;
mbedAustin 11:cada08fc8a70 81
mbedAustin 11:cada08fc8a70 82 #if defined(MBEDTLS_X509_CSR_PARSE_C)
mbedAustin 11:cada08fc8a70 83 /**
mbedAustin 11:cada08fc8a70 84 * \brief Load a Certificate Signing Request (CSR) in DER format
mbedAustin 11:cada08fc8a70 85 *
mbedAustin 11:cada08fc8a70 86 * \param csr CSR context to fill
mbedAustin 11:cada08fc8a70 87 * \param buf buffer holding the CRL data
mbedAustin 11:cada08fc8a70 88 * \param buflen size of the buffer
mbedAustin 11:cada08fc8a70 89 *
mbedAustin 11:cada08fc8a70 90 * \return 0 if successful, or a specific X509 error code
mbedAustin 11:cada08fc8a70 91 */
mbedAustin 11:cada08fc8a70 92 int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
mbedAustin 11:cada08fc8a70 93 const unsigned char *buf, size_t buflen );
mbedAustin 11:cada08fc8a70 94
mbedAustin 11:cada08fc8a70 95 /**
mbedAustin 11:cada08fc8a70 96 * \brief Load a Certificate Signing Request (CSR), DER or PEM format
mbedAustin 11:cada08fc8a70 97 *
mbedAustin 11:cada08fc8a70 98 * \param csr CSR context to fill
mbedAustin 11:cada08fc8a70 99 * \param buf buffer holding the CRL data
mbedAustin 11:cada08fc8a70 100 * \param buflen size of the buffer
mbedAustin 11:cada08fc8a70 101 * (including the terminating null byte for PEM data)
mbedAustin 11:cada08fc8a70 102 *
mbedAustin 11:cada08fc8a70 103 * \return 0 if successful, or a specific X509 or PEM error code
mbedAustin 11:cada08fc8a70 104 */
mbedAustin 11:cada08fc8a70 105 int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen );
mbedAustin 11:cada08fc8a70 106
mbedAustin 11:cada08fc8a70 107 #if defined(MBEDTLS_FS_IO)
mbedAustin 11:cada08fc8a70 108 /**
mbedAustin 11:cada08fc8a70 109 * \brief Load a Certificate Signing Request (CSR)
mbedAustin 11:cada08fc8a70 110 *
mbedAustin 11:cada08fc8a70 111 * \param csr CSR context to fill
mbedAustin 11:cada08fc8a70 112 * \param path filename to read the CSR from
mbedAustin 11:cada08fc8a70 113 *
mbedAustin 11:cada08fc8a70 114 * \return 0 if successful, or a specific X509 or PEM error code
mbedAustin 11:cada08fc8a70 115 */
mbedAustin 11:cada08fc8a70 116 int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
mbedAustin 11:cada08fc8a70 117 #endif /* MBEDTLS_FS_IO */
mbedAustin 11:cada08fc8a70 118
mbedAustin 11:cada08fc8a70 119 /**
mbedAustin 11:cada08fc8a70 120 * \brief Returns an informational string about the
mbedAustin 11:cada08fc8a70 121 * CSR.
mbedAustin 11:cada08fc8a70 122 *
mbedAustin 11:cada08fc8a70 123 * \param buf Buffer to write to
mbedAustin 11:cada08fc8a70 124 * \param size Maximum size of buffer
mbedAustin 11:cada08fc8a70 125 * \param prefix A line prefix
mbedAustin 11:cada08fc8a70 126 * \param csr The X509 CSR to represent
mbedAustin 11:cada08fc8a70 127 *
mbedAustin 11:cada08fc8a70 128 * \return The length of the string written (not including the
mbedAustin 11:cada08fc8a70 129 * terminated nul byte), or a negative error code.
mbedAustin 11:cada08fc8a70 130 */
mbedAustin 11:cada08fc8a70 131 int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
mbedAustin 11:cada08fc8a70 132 const mbedtls_x509_csr *csr );
mbedAustin 11:cada08fc8a70 133
mbedAustin 11:cada08fc8a70 134 /**
mbedAustin 11:cada08fc8a70 135 * \brief Initialize a CSR
mbedAustin 11:cada08fc8a70 136 *
mbedAustin 11:cada08fc8a70 137 * \param csr CSR to initialize
mbedAustin 11:cada08fc8a70 138 */
mbedAustin 11:cada08fc8a70 139 void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
mbedAustin 11:cada08fc8a70 140
mbedAustin 11:cada08fc8a70 141 /**
mbedAustin 11:cada08fc8a70 142 * \brief Unallocate all CSR data
mbedAustin 11:cada08fc8a70 143 *
mbedAustin 11:cada08fc8a70 144 * \param csr CSR to free
mbedAustin 11:cada08fc8a70 145 */
mbedAustin 11:cada08fc8a70 146 void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
mbedAustin 11:cada08fc8a70 147 #endif /* MBEDTLS_X509_CSR_PARSE_C */
mbedAustin 11:cada08fc8a70 148
mbedAustin 11:cada08fc8a70 149 /* \} name */
mbedAustin 11:cada08fc8a70 150 /* \} addtogroup x509_module */
mbedAustin 11:cada08fc8a70 151
mbedAustin 11:cada08fc8a70 152 #if defined(MBEDTLS_X509_CSR_WRITE_C)
mbedAustin 11:cada08fc8a70 153 /**
mbedAustin 11:cada08fc8a70 154 * \brief Initialize a CSR context
mbedAustin 11:cada08fc8a70 155 *
mbedAustin 11:cada08fc8a70 156 * \param ctx CSR context to initialize
mbedAustin 11:cada08fc8a70 157 */
mbedAustin 11:cada08fc8a70 158 void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
mbedAustin 11:cada08fc8a70 159
mbedAustin 11:cada08fc8a70 160 /**
mbedAustin 11:cada08fc8a70 161 * \brief Set the subject name for a CSR
mbedAustin 11:cada08fc8a70 162 * Subject names should contain a comma-separated list
mbedAustin 11:cada08fc8a70 163 * of OID types and values:
mbedAustin 11:cada08fc8a70 164 * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
mbedAustin 11:cada08fc8a70 165 *
mbedAustin 11:cada08fc8a70 166 * \param ctx CSR context to use
mbedAustin 11:cada08fc8a70 167 * \param subject_name subject name to set
mbedAustin 11:cada08fc8a70 168 *
mbedAustin 11:cada08fc8a70 169 * \return 0 if subject name was parsed successfully, or
mbedAustin 11:cada08fc8a70 170 * a specific error code
mbedAustin 11:cada08fc8a70 171 */
mbedAustin 11:cada08fc8a70 172 int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
mbedAustin 11:cada08fc8a70 173 const char *subject_name );
mbedAustin 11:cada08fc8a70 174
mbedAustin 11:cada08fc8a70 175 /**
mbedAustin 11:cada08fc8a70 176 * \brief Set the key for a CSR (public key will be included,
mbedAustin 11:cada08fc8a70 177 * private key used to sign the CSR when writing it)
mbedAustin 11:cada08fc8a70 178 *
mbedAustin 11:cada08fc8a70 179 * \param ctx CSR context to use
mbedAustin 11:cada08fc8a70 180 * \param key Asymetric key to include
mbedAustin 11:cada08fc8a70 181 */
mbedAustin 11:cada08fc8a70 182 void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
mbedAustin 11:cada08fc8a70 183
mbedAustin 11:cada08fc8a70 184 /**
mbedAustin 11:cada08fc8a70 185 * \brief Set the MD algorithm to use for the signature
mbedAustin 11:cada08fc8a70 186 * (e.g. MBEDTLS_MD_SHA1)
mbedAustin 11:cada08fc8a70 187 *
mbedAustin 11:cada08fc8a70 188 * \param ctx CSR context to use
mbedAustin 11:cada08fc8a70 189 * \param md_alg MD algorithm to use
mbedAustin 11:cada08fc8a70 190 */
mbedAustin 11:cada08fc8a70 191 void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg );
mbedAustin 11:cada08fc8a70 192
mbedAustin 11:cada08fc8a70 193 /**
mbedAustin 11:cada08fc8a70 194 * \brief Set the Key Usage Extension flags
mbedAustin 11:cada08fc8a70 195 * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
mbedAustin 11:cada08fc8a70 196 *
mbedAustin 11:cada08fc8a70 197 * \param ctx CSR context to use
mbedAustin 11:cada08fc8a70 198 * \param key_usage key usage flags to set
mbedAustin 11:cada08fc8a70 199 *
mbedAustin 11:cada08fc8a70 200 * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
mbedAustin 11:cada08fc8a70 201 */
mbedAustin 11:cada08fc8a70 202 int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
mbedAustin 11:cada08fc8a70 203
mbedAustin 11:cada08fc8a70 204 /**
mbedAustin 11:cada08fc8a70 205 * \brief Set the Netscape Cert Type flags
mbedAustin 11:cada08fc8a70 206 * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
mbedAustin 11:cada08fc8a70 207 *
mbedAustin 11:cada08fc8a70 208 * \param ctx CSR context to use
mbedAustin 11:cada08fc8a70 209 * \param ns_cert_type Netscape Cert Type flags to set
mbedAustin 11:cada08fc8a70 210 *
mbedAustin 11:cada08fc8a70 211 * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
mbedAustin 11:cada08fc8a70 212 */
mbedAustin 11:cada08fc8a70 213 int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
mbedAustin 11:cada08fc8a70 214 unsigned char ns_cert_type );
mbedAustin 11:cada08fc8a70 215
mbedAustin 11:cada08fc8a70 216 /**
mbedAustin 11:cada08fc8a70 217 * \brief Generic function to add to or replace an extension in the
mbedAustin 11:cada08fc8a70 218 * CSR
mbedAustin 11:cada08fc8a70 219 *
mbedAustin 11:cada08fc8a70 220 * \param ctx CSR context to use
mbedAustin 11:cada08fc8a70 221 * \param oid OID of the extension
mbedAustin 11:cada08fc8a70 222 * \param oid_len length of the OID
mbedAustin 11:cada08fc8a70 223 * \param val value of the extension OCTET STRING
mbedAustin 11:cada08fc8a70 224 * \param val_len length of the value data
mbedAustin 11:cada08fc8a70 225 *
mbedAustin 11:cada08fc8a70 226 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
mbedAustin 11:cada08fc8a70 227 */
mbedAustin 11:cada08fc8a70 228 int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
mbedAustin 11:cada08fc8a70 229 const char *oid, size_t oid_len,
mbedAustin 11:cada08fc8a70 230 const unsigned char *val, size_t val_len );
mbedAustin 11:cada08fc8a70 231
mbedAustin 11:cada08fc8a70 232 /**
mbedAustin 11:cada08fc8a70 233 * \brief Free the contents of a CSR context
mbedAustin 11:cada08fc8a70 234 *
mbedAustin 11:cada08fc8a70 235 * \param ctx CSR context to free
mbedAustin 11:cada08fc8a70 236 */
mbedAustin 11:cada08fc8a70 237 void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
mbedAustin 11:cada08fc8a70 238
mbedAustin 11:cada08fc8a70 239 /**
mbedAustin 11:cada08fc8a70 240 * \brief Write a CSR (Certificate Signing Request) to a
mbedAustin 11:cada08fc8a70 241 * DER structure
mbedAustin 11:cada08fc8a70 242 * Note: data is written at the end of the buffer! Use the
mbedAustin 11:cada08fc8a70 243 * return value to determine where you should start
mbedAustin 11:cada08fc8a70 244 * using the buffer
mbedAustin 11:cada08fc8a70 245 *
mbedAustin 11:cada08fc8a70 246 * \param ctx CSR to write away
mbedAustin 11:cada08fc8a70 247 * \param buf buffer to write to
mbedAustin 11:cada08fc8a70 248 * \param size size of the buffer
mbedAustin 11:cada08fc8a70 249 * \param f_rng RNG function (for signature, see note)
mbedAustin 11:cada08fc8a70 250 * \param p_rng RNG parameter
mbedAustin 11:cada08fc8a70 251 *
mbedAustin 11:cada08fc8a70 252 * \return length of data written if successful, or a specific
mbedAustin 11:cada08fc8a70 253 * error code
mbedAustin 11:cada08fc8a70 254 *
mbedAustin 11:cada08fc8a70 255 * \note f_rng may be NULL if RSA is used for signature and the
mbedAustin 11:cada08fc8a70 256 * signature is made offline (otherwise f_rng is desirable
mbedAustin 11:cada08fc8a70 257 * for countermeasures against timing attacks).
mbedAustin 11:cada08fc8a70 258 * ECDSA signatures always require a non-NULL f_rng.
mbedAustin 11:cada08fc8a70 259 */
mbedAustin 11:cada08fc8a70 260 int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
mbedAustin 11:cada08fc8a70 261 int (*f_rng)(void *, unsigned char *, size_t),
mbedAustin 11:cada08fc8a70 262 void *p_rng );
mbedAustin 11:cada08fc8a70 263
mbedAustin 11:cada08fc8a70 264 #if defined(MBEDTLS_PEM_WRITE_C)
mbedAustin 11:cada08fc8a70 265 /**
mbedAustin 11:cada08fc8a70 266 * \brief Write a CSR (Certificate Signing Request) to a
mbedAustin 11:cada08fc8a70 267 * PEM string
mbedAustin 11:cada08fc8a70 268 *
mbedAustin 11:cada08fc8a70 269 * \param ctx CSR to write away
mbedAustin 11:cada08fc8a70 270 * \param buf buffer to write to
mbedAustin 11:cada08fc8a70 271 * \param size size of the buffer
mbedAustin 11:cada08fc8a70 272 * \param f_rng RNG function (for signature, see note)
mbedAustin 11:cada08fc8a70 273 * \param p_rng RNG parameter
mbedAustin 11:cada08fc8a70 274 *
mbedAustin 11:cada08fc8a70 275 * \return 0 if successful, or a specific error code
mbedAustin 11:cada08fc8a70 276 *
mbedAustin 11:cada08fc8a70 277 * \note f_rng may be NULL if RSA is used for signature and the
mbedAustin 11:cada08fc8a70 278 * signature is made offline (otherwise f_rng is desirable
mbedAustin 11:cada08fc8a70 279 * for couermeasures against timing attacks).
mbedAustin 11:cada08fc8a70 280 * ECDSA signatures always require a non-NULL f_rng.
mbedAustin 11:cada08fc8a70 281 */
mbedAustin 11:cada08fc8a70 282 int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
mbedAustin 11:cada08fc8a70 283 int (*f_rng)(void *, unsigned char *, size_t),
mbedAustin 11:cada08fc8a70 284 void *p_rng );
mbedAustin 11:cada08fc8a70 285 #endif /* MBEDTLS_PEM_WRITE_C */
mbedAustin 11:cada08fc8a70 286 #endif /* MBEDTLS_X509_CSR_WRITE_C */
mbedAustin 11:cada08fc8a70 287
mbedAustin 11:cada08fc8a70 288 #ifdef __cplusplus
mbedAustin 11:cada08fc8a70 289 }
mbedAustin 11:cada08fc8a70 290 #endif
mbedAustin 11:cada08fc8a70 291
mbedAustin 11:cada08fc8a70 292 #endif /* mbedtls_x509_csr.h */