Go to the documentation of this file.
24 #ifndef MBEDTLS_X509_CRT_H
25 #define MBEDTLS_X509_CRT_H
27 #if !defined(MBEDTLS_CONFIG_FILE)
30 #include MBEDTLS_CONFIG_FILE
101 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) )
117 #define MBEDTLS_X509_CRT_VERSION_1 0
118 #define MBEDTLS_X509_CRT_VERSION_2 1
119 #define MBEDTLS_X509_CRT_VERSION_3 2
121 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
122 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
124 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
125 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
157 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
168 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
181 int fallback_signature_is_good;
184 int parent_is_trusted;
189 x509_crt_rs_find_parent,
203 #if defined(MBEDTLS_X509_CRT_PARSE_C)
266 #if defined(MBEDTLS_FS_IO)
389 const char *cn, uint32_t *flags,
424 const char *cn, uint32_t *flags,
454 const char *cn, uint32_t *flags,
459 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
482 unsigned int usage );
485 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
500 const char *usage_oid,
504 #if defined(MBEDTLS_X509_CRL_PARSE_C)
531 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
547 #if defined(MBEDTLS_X509_CRT_WRITE_C)
590 const char *not_after );
605 const char *issuer_name );
620 const char *subject_name );
661 const char *oid,
size_t oid_len,
663 const unsigned char *val,
size_t val_len );
677 int is_ca,
int max_pathlen );
679 #if defined(MBEDTLS_SHA1_C)
713 unsigned int key_usage );
725 unsigned char ns_cert_type );
755 int (*f_rng)(
void *,
unsigned char *,
size_t),
758 #if defined(MBEDTLS_PEM_WRITE_C)
776 int (*f_rng)(
void *,
unsigned char *,
size_t),
mbedtls_asn1_named_data * extensions
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer!...
int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key(...
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type)
Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TY...
mbedtls_md_type_t
Supported message digests.
mbedtls_pk_context * subject_key
struct mbedtls_x509_crt_profile mbedtls_x509_crt_profile
X.509 certificate revocation list parsing.
mbedtls_x509_sequence subject_alt_names
mbedtls_x509_name subject
struct mbedtls_x509write_cert mbedtls_x509write_cert
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage)
Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_...
int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial)
Set the serial number for a Certificate.
void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg)
Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)
int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
Load one or more certificates and add them to the chained list. Parses permissively....
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
Generic function to add to or replace an extension in the CRT.
mbedtls_pk_context * issuer_key
int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
Verify the certificate revocation status.
void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the subject public key for the certificate.
char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify the certificate signature according to profile.
void mbedtls_pk_restart_ctx
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key...
struct mbedtls_x509_crt mbedtls_x509_crt
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
mbedtls_x509_buf issuer_raw
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one DER-encoded or one or more concatenated PEM-encoded certificates and add them to the chaine...
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 PEM string.
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify the certificate signature.
mbedtls_x509_time valid_to
#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE
mbedtls_x509_time valid_from
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
Set the verion for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3.
mbedtls_pk_type_t
Public key types.
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
mbedtls_x509_buf issuer_id
int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, const char *subject_name)
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID typ...
mbedtls_x509_sequence ext_key_usage
int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx)
Restartable version of mbedtls_crt_verify_with_profile()
void mbedtls_x509_crt_restart_ctx
mbedtls_x509_buf subject_raw
mbedtls_x509_buf subject_id
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen)
Set the basicConstraints extension for a CRT.
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
Initialize a CRT writing context.
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, uint32_t flags)
Returns an informational string about the verification status of a certificate.
Configuration options (set of defines)
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt)
Returns an informational string about the certificate.
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
struct mbedtls_x509_crt * next
int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, const char *not_after)
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i....
unsigned char ns_cert_type
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the issuer key used for signing the certificate.
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
mbedtls_asn1_named_data * subject
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list. Parses permissively....
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
Free the contents of a CRT write context.
int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, const char *issuer_name)
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types...
mbedtls_asn1_named_data * issuer
X.509 generic defines and structures.