24 #ifndef MBEDTLS_X509_CRT_H 25 #define MBEDTLS_X509_CRT_H 27 #if !defined(MBEDTLS_CONFIG_FILE) 30 #include MBEDTLS_CONFIG_FILE 101 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) ) 117 #define MBEDTLS_X509_CRT_VERSION_1 0 118 #define MBEDTLS_X509_CRT_VERSION_2 1 119 #define MBEDTLS_X509_CRT_VERSION_3 2 121 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32 122 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15 124 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN ) 125 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 146 #if defined(MBEDTLS_X509_CRT_PARSE_C) 194 #if defined(MBEDTLS_FS_IO) 317 const char *cn, uint32_t *flags,
352 const char *cn, uint32_t *flags,
356 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 379 unsigned int usage );
382 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) 397 const char *usage_oid,
401 #if defined(MBEDTLS_X509_CRL_PARSE_C) 432 #if defined(MBEDTLS_X509_CRT_WRITE_C) 475 const char *not_after );
490 const char *issuer_name );
505 const char *subject_name );
546 const char *oid,
size_t oid_len,
548 const unsigned char *val,
size_t val_len );
564 #if defined(MBEDTLS_SHA1_C) 640 int (*f_rng)(
void *,
unsigned char *,
size_t),
643 #if defined(MBEDTLS_PEM_WRITE_C) 661 int (*f_rng)(
void *,
unsigned char *,
size_t),
int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx)
Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key...
int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify the certificate signature.
int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! ...
int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, mbedtls_x509_crl *ca_crl, const mbedtls_x509_crt_profile *profile, const char *cn, uint32_t *flags, int(*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy)
Verify the certificate signature according to profile.
mbedtls_x509_sequence subject_alt_names
int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse a single DER formatted certificate and add it to the chained list.
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
Generic function to add to or replace an extension in the CRT.
int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, unsigned char ns_cert_type)
Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TY...
mbedtls_pk_type_t
Public key types.
int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl)
Verify the certificate revocation status.
Configuration options (set of defines)
int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
Write a built up certificate to a X509 PEM string.
struct mbedtls_x509_crt * next
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default
int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, unsigned int usage)
Check usage of certificate against keyUsage extension.
void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the subject public key for the certificate.
int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, unsigned int key_usage)
Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_...
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
Initialize a CRT writing context.
mbedtls_x509_buf subject_id
struct mbedtls_x509write_cert mbedtls_x509write_cert
void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg)
Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)
mbedtls_x509_buf subject_raw
void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
Unallocate all certificate data.
mbedtls_x509_buf issuer_raw
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb
int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen)
Set the basicConstraints extension for a CRT.
mbedtls_x509_name subject
mbedtls_x509_time valid_to
int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen)
Parse one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.
unsigned char ns_cert_type
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path)
Load one or more certificate files from a path and add them to the chained list. Parses permissively...
int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx)
Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key(...
int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, const char *subject_name)
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID typ...
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
Set the verion for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3.
mbedtls_x509_time valid_from
int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len)
Check usage of certificate against extendedKeyUsage.
int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, const char *not_after)
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i...
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key)
Set the issuer key used for signing the certificate.
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next
mbedtls_pk_context * subject_key
X.509 generic defines and structures.
int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt)
Returns an informational string about the certificate.
int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, const char *issuer_name)
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types...
mbedtls_asn1_named_data * subject
int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path)
Load one or more certificates and add them to the chained list. Parses permissively. If some certificates can be parsed, the result is the number of failed certificates it encountered. If none complete correctly, the first error is returned.
mbedtls_pk_context * issuer_key
mbedtls_x509_buf issuer_id
int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial)
Set the serial number for a Certificate.
X.509 certificate revocation list parsing.
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
Free the contents of a CRT write context.
struct mbedtls_x509_crt mbedtls_x509_crt
mbedtls_x509_sequence ext_key_usage
void mbedtls_x509_crt_init(mbedtls_x509_crt *crt)
Initialize a certificate (chain)
mbedtls_asn1_named_data * extensions
mbedtls_md_type_t
Enumeration of supported message digests.
int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, uint32_t flags)
Returns an informational string about the verification status of a certificate.
mbedtls_asn1_named_data * issuer