PolarSSL v1.3.9
Main Page
Modules
Data Structures
Files
File List
Globals
include
polarssl
x509.h
Go to the documentation of this file.
1
27
#ifndef POLARSSL_X509_H
28
#define POLARSSL_X509_H
29
30
#if !defined(POLARSSL_CONFIG_FILE)
31
#include "
config.h
"
32
#else
33
#include POLARSSL_CONFIG_FILE
34
#endif
35
36
#include "
asn1.h
"
37
#include "
pk.h
"
38
39
#if defined(POLARSSL_RSA_C)
40
#include "
rsa.h
"
41
#endif
42
52
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x2080
53
#define POLARSSL_ERR_X509_UNKNOWN_OID -0x2100
54
#define POLARSSL_ERR_X509_INVALID_FORMAT -0x2180
55
#define POLARSSL_ERR_X509_INVALID_VERSION -0x2200
56
#define POLARSSL_ERR_X509_INVALID_SERIAL -0x2280
57
#define POLARSSL_ERR_X509_INVALID_ALG -0x2300
58
#define POLARSSL_ERR_X509_INVALID_NAME -0x2380
59
#define POLARSSL_ERR_X509_INVALID_DATE -0x2400
60
#define POLARSSL_ERR_X509_INVALID_SIGNATURE -0x2480
61
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS -0x2500
62
#define POLARSSL_ERR_X509_UNKNOWN_VERSION -0x2580
63
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG -0x2600
64
#define POLARSSL_ERR_X509_SIG_MISMATCH -0x2680
65
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2700
66
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780
67
#define POLARSSL_ERR_X509_BAD_INPUT_DATA -0x2800
68
#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2880
69
#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900
70
/* \} name */
71
76
#define BADCERT_EXPIRED 0x01
77
#define BADCERT_REVOKED 0x02
78
#define BADCERT_CN_MISMATCH 0x04
79
#define BADCERT_NOT_TRUSTED 0x08
80
#define BADCRL_NOT_TRUSTED 0x10
81
#define BADCRL_EXPIRED 0x20
82
#define BADCERT_MISSING 0x40
83
#define BADCERT_SKIP_VERIFY 0x80
84
#define BADCERT_OTHER 0x0100
85
#define BADCERT_FUTURE 0x0200
86
#define BADCRL_FUTURE 0x0400
87
/* \} name */
88
/* \} addtogroup x509_module */
89
90
/*
91
* X.509 v3 Key Usage Extension flags
92
*/
93
#define KU_DIGITAL_SIGNATURE (0x80)
/* bit 0 */
94
#define KU_NON_REPUDIATION (0x40)
/* bit 1 */
95
#define KU_KEY_ENCIPHERMENT (0x20)
/* bit 2 */
96
#define KU_DATA_ENCIPHERMENT (0x10)
/* bit 3 */
97
#define KU_KEY_AGREEMENT (0x08)
/* bit 4 */
98
#define KU_KEY_CERT_SIGN (0x04)
/* bit 5 */
99
#define KU_CRL_SIGN (0x02)
/* bit 6 */
100
101
/*
102
* Netscape certificate types
103
* (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
104
*/
105
106
#define NS_CERT_TYPE_SSL_CLIENT (0x80)
/* bit 0 */
107
#define NS_CERT_TYPE_SSL_SERVER (0x40)
/* bit 1 */
108
#define NS_CERT_TYPE_EMAIL (0x20)
/* bit 2 */
109
#define NS_CERT_TYPE_OBJECT_SIGNING (0x10)
/* bit 3 */
110
#define NS_CERT_TYPE_RESERVED (0x08)
/* bit 4 */
111
#define NS_CERT_TYPE_SSL_CA (0x04)
/* bit 5 */
112
#define NS_CERT_TYPE_EMAIL_CA (0x02)
/* bit 6 */
113
#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01)
/* bit 7 */
114
115
/*
116
* X.509 extension types
117
*
118
* Comments refer to the status for using certificates. Status can be
119
* different for writing certificates or reading CRLs or CSRs.
120
*/
121
#define EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
122
#define EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
123
#define EXT_KEY_USAGE (1 << 2)
/* Parsed but not used */
124
#define EXT_CERTIFICATE_POLICIES (1 << 3)
125
#define EXT_POLICY_MAPPINGS (1 << 4)
126
#define EXT_SUBJECT_ALT_NAME (1 << 5)
/* Supported (DNS) */
127
#define EXT_ISSUER_ALT_NAME (1 << 6)
128
#define EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
129
#define EXT_BASIC_CONSTRAINTS (1 << 8)
/* Supported */
130
#define EXT_NAME_CONSTRAINTS (1 << 9)
131
#define EXT_POLICY_CONSTRAINTS (1 << 10)
132
#define EXT_EXTENDED_KEY_USAGE (1 << 11)
/* Parsed but not used */
133
#define EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
134
#define EXT_INIHIBIT_ANYPOLICY (1 << 13)
135
#define EXT_FRESHEST_CRL (1 << 14)
136
137
#define EXT_NS_CERT_TYPE (1 << 16)
/* Parsed (and then ?) */
138
139
/*
140
* Storage format identifiers
141
* Recognized formats: PEM and DER
142
*/
143
#define X509_FORMAT_DER 1
144
#define X509_FORMAT_PEM 2
145
146
#define X509_MAX_DN_NAME_SIZE 256
148
#ifdef __cplusplus
149
extern
"C"
{
150
#endif
151
164
typedef
asn1_buf
x509_buf
;
165
169
typedef
asn1_bitstring
x509_bitstring
;
170
175
typedef
asn1_named_data
x509_name
;
176
180
typedef
asn1_sequence
x509_sequence
;
181
183
typedef
struct
_x509_time
184
{
185
int
year
,
mon
,
day
;
186
int
hour
,
min
,
sec
;
187
}
188
x509_time
;
189
204
int
x509_dn_gets
(
char
*buf,
size_t
size,
const
x509_name *dn );
205
217
int
x509_serial_gets
(
char
*buf,
size_t
size,
const
x509_buf *serial );
218
229
const
char
*
x509_oid_get_description
( x509_buf *oid );
230
242
int
x509_oid_get_numeric_string
(
char
*buf,
size_t
size, x509_buf *oid );
243
253
int
x509_time_expired
(
const
x509_time
*time );
254
264
int
x509_time_future
(
const
x509_time
*time );
265
271
int
x509_self_test
(
int
verbose );
272
273
/*
274
* Internal module functions. You probably do not want to use these unless you
275
* know you do.
276
*/
277
int
x509_get_name
(
unsigned
char
**p,
const
unsigned
char
*end,
278
x509_name *cur );
279
int
x509_get_alg_null
(
unsigned
char
**p,
const
unsigned
char
*end,
280
x509_buf *alg );
281
int
x509_get_alg
(
unsigned
char
**p,
const
unsigned
char
*end,
282
x509_buf *alg, x509_buf *params );
283
#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
284
int
x509_get_rsassa_pss_params
(
const
x509_buf *params,
285
md_type_t
*md_alg,
md_type_t
*mgf_md,
286
int
*salt_len );
287
#endif
288
int
x509_get_sig
(
unsigned
char
**p,
const
unsigned
char
*end, x509_buf *sig );
289
int
x509_get_sig_alg
(
const
x509_buf *sig_oid,
const
x509_buf *sig_params,
290
md_type_t
*md_alg,
pk_type_t
*pk_alg,
291
void
**sig_opts );
292
int
x509_get_time
(
unsigned
char
**p,
const
unsigned
char
*end,
293
x509_time
*time );
294
int
x509_get_serial
(
unsigned
char
**p,
const
unsigned
char
*end,
295
x509_buf *serial );
296
int
x509_get_ext
(
unsigned
char
**p,
const
unsigned
char
*end,
297
x509_buf *ext,
int
tag );
298
int
x509_load_file
(
const
char
*path,
unsigned
char
**buf,
size_t
*n );
299
int
x509_sig_alg_gets
(
char
*buf,
size_t
size,
const
x509_buf *sig_oid,
300
pk_type_t
pk_alg,
md_type_t
md_alg,
301
const
void
*sig_opts );
302
int
x509_key_size_helper
(
char
*buf,
size_t
size,
const
char
*name );
303
int
x509_string_to_names
(
asn1_named_data
**head,
const
char
*name );
304
int
x509_set_extension
(
asn1_named_data
**head,
const
char
*oid,
size_t
oid_len,
305
int
critical,
const
unsigned
char
*val,
306
size_t
val_len );
307
int
x509_write_extensions
(
unsigned
char
**p,
unsigned
char
*start,
308
asn1_named_data
*first );
309
int
x509_write_names
(
unsigned
char
**p,
unsigned
char
*start,
310
asn1_named_data
*first );
311
int
x509_write_sig
(
unsigned
char
**p,
unsigned
char
*start,
312
const
char
*oid,
size_t
oid_len,
313
unsigned
char
*sig,
size_t
size );
314
315
#ifdef __cplusplus
316
}
317
#endif
318
319
#endif
/* x509.h */
Generated on Fri Nov 14 2014 20:22:55 for PolarSSL v1.3.9 by
1.8.3