x509.h File Reference

X.509 generic defines and structures. More...

#include "config.h"
#include "asn1.h"
#include "pk.h"
#include "rsa.h"
Include dependency graph for x509.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  _x509_time
 Container for date and time (precision in seconds). More...

Defines

#define KU_DIGITAL_SIGNATURE   (0x80)
#define KU_NON_REPUDIATION   (0x40)
#define KU_KEY_ENCIPHERMENT   (0x20)
#define KU_DATA_ENCIPHERMENT   (0x10)
#define KU_KEY_AGREEMENT   (0x08)
#define KU_KEY_CERT_SIGN   (0x04)
#define KU_CRL_SIGN   (0x02)
#define NS_CERT_TYPE_SSL_CLIENT   (0x80)
#define NS_CERT_TYPE_SSL_SERVER   (0x40)
#define NS_CERT_TYPE_EMAIL   (0x20)
#define NS_CERT_TYPE_OBJECT_SIGNING   (0x10)
#define NS_CERT_TYPE_RESERVED   (0x08)
#define NS_CERT_TYPE_SSL_CA   (0x04)
#define NS_CERT_TYPE_EMAIL_CA   (0x02)
#define NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01)
#define EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)
#define EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)
#define EXT_KEY_USAGE   (1 << 2)
#define EXT_CERTIFICATE_POLICIES   (1 << 3)
#define EXT_POLICY_MAPPINGS   (1 << 4)
#define EXT_SUBJECT_ALT_NAME   (1 << 5)
#define EXT_ISSUER_ALT_NAME   (1 << 6)
#define EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)
#define EXT_BASIC_CONSTRAINTS   (1 << 8)
#define EXT_NAME_CONSTRAINTS   (1 << 9)
#define EXT_POLICY_CONSTRAINTS   (1 << 10)
#define EXT_EXTENDED_KEY_USAGE   (1 << 11)
#define EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)
#define EXT_INIHIBIT_ANYPOLICY   (1 << 13)
#define EXT_FRESHEST_CRL   (1 << 14)
#define EXT_NS_CERT_TYPE   (1 << 16)
#define X509_FORMAT_DER   1
#define X509_FORMAT_PEM   2
X509 Error codes



#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE   -0x2080
 Unavailable feature, e.g.
#define POLARSSL_ERR_X509_UNKNOWN_OID   -0x2100
 Requested OID is unknown.
#define POLARSSL_ERR_X509_INVALID_FORMAT   -0x2180
 The CRT/CRL/CSR format is invalid, e.g.
#define POLARSSL_ERR_X509_INVALID_VERSION   -0x2200
 The CRT/CRL/CSR version element is invalid.
#define POLARSSL_ERR_X509_INVALID_SERIAL   -0x2280
 The serial tag or value is invalid.
#define POLARSSL_ERR_X509_INVALID_ALG   -0x2300
 The algorithm tag or value is invalid.
#define POLARSSL_ERR_X509_INVALID_NAME   -0x2380
 The name tag or value is invalid.
#define POLARSSL_ERR_X509_INVALID_DATE   -0x2400
 The date tag or value is invalid.
#define POLARSSL_ERR_X509_INVALID_SIGNATURE   -0x2480
 The signature tag or value invalid.
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS   -0x2500
 The extension tag or value is invalid.
#define POLARSSL_ERR_X509_UNKNOWN_VERSION   -0x2580
 CRT/CRL/CSR has an unsupported version number.
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG   -0x2600
 Signature algorithm (oid) is unsupported.
#define POLARSSL_ERR_X509_SIG_MISMATCH   -0x2680
 Signature algorithms do not match.
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED   -0x2700
 Certificate verification failed, e.g.
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780
 Format not recognized as DER or PEM.
#define POLARSSL_ERR_X509_BAD_INPUT_DATA   -0x2800
 Input invalid.
#define POLARSSL_ERR_X509_MALLOC_FAILED   -0x2880
 Allocation of memory failed.
#define POLARSSL_ERR_X509_FILE_IO_ERROR   -0x2900
 Read/write of file failed.
X509 Verify codes



#define BADCERT_EXPIRED   0x01
 The certificate validity has expired.
#define BADCERT_REVOKED   0x02
 The certificate has been revoked (is on a CRL).
#define BADCERT_CN_MISMATCH   0x04
 The certificate Common Name (CN) does not match with the expected CN.
#define BADCERT_NOT_TRUSTED   0x08
 The certificate is not correctly signed by the trusted CA.
#define BADCRL_NOT_TRUSTED   0x10
 CRL is not correctly signed by the trusted CA.
#define BADCRL_EXPIRED   0x20
 CRL is expired.
#define BADCERT_MISSING   0x40
 Certificate was missing.
#define BADCERT_SKIP_VERIFY   0x80
 Certificate verification was skipped.
#define BADCERT_OTHER   0x0100
 Other reason (can be used by verify callback).

Typedefs

Structures for parsing X.509 certificates, CRLs and CSRs



typedef asn1_buf x509_buf
 Type-length-value structure that allows for ASN1 using DER.
typedef asn1_bitstring x509_bitstring
 Container for ASN1 bit strings.
typedef asn1_named_data x509_name
 Container for ASN1 named information objects.
typedef asn1_sequence x509_sequence
 Container for a sequence of ASN.1 items.
typedef struct _x509_time x509_time
 Container for date and time (precision in seconds).

Functions

int x509_dn_gets (char *buf, size_t size, const x509_name *dn)
 Store the certificate DN in printable form into buf; no more than size characters will be written.
int x509_serial_gets (char *buf, size_t size, const x509_buf *serial)
 Store the certificate serial in printable form into buf; no more than size characters will be written.
const char * x509_oid_get_description (x509_buf *oid)
 Give an known OID, return its descriptive string.
int x509_oid_get_numeric_string (char *buf, size_t size, x509_buf *oid)
 Give an OID, return a string version of its OID number.
int x509_time_expired (const x509_time *time)
 Check a given x509_time against the system time and check if it is valid.
int x509_self_test (int verbose)
 Checkup routine.
int x509_get_name (unsigned char **p, const unsigned char *end, x509_name *cur)
int x509_get_alg_null (unsigned char **p, const unsigned char *end, x509_buf *alg)
int x509_get_sig (unsigned char **p, const unsigned char *end, x509_buf *sig)
int x509_get_sig_alg (const x509_buf *sig_oid, md_type_t *md_alg, pk_type_t *pk_alg)
int x509_get_time (unsigned char **p, const unsigned char *end, x509_time *time)
int x509_get_serial (unsigned char **p, const unsigned char *end, x509_buf *serial)
int x509_get_ext (unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
int x509_load_file (const char *path, unsigned char **buf, size_t *n)
int x509_key_size_helper (char *buf, size_t size, const char *name)
int x509_string_to_names (asn1_named_data **head, const char *name)
int x509_set_extension (asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
int x509_write_extensions (unsigned char **p, unsigned char *start, asn1_named_data *first)
int x509_write_names (unsigned char **p, unsigned char *start, asn1_named_data *first)
int x509_write_sig (unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size)

Detailed Description

X.509 generic defines and structures.

Copyright (C) 2006-2013, Brainspark B.V.

This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>

All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file x509.h.


Define Documentation

#define EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)

Definition at line 112 of file x509.h.

#define EXT_BASIC_CONSTRAINTS   (1 << 8)

Definition at line 120 of file x509.h.

Referenced by x509_get_crt_ext().

#define EXT_CERTIFICATE_POLICIES   (1 << 3)

Definition at line 115 of file x509.h.

#define EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)

Definition at line 124 of file x509.h.

#define EXT_EXTENDED_KEY_USAGE   (1 << 11)

Definition at line 123 of file x509.h.

Referenced by x509_get_crt_ext().

#define EXT_FRESHEST_CRL   (1 << 14)

Definition at line 126 of file x509.h.

#define EXT_INIHIBIT_ANYPOLICY   (1 << 13)

Definition at line 125 of file x509.h.

#define EXT_ISSUER_ALT_NAME   (1 << 6)

Definition at line 118 of file x509.h.

#define EXT_KEY_USAGE   (1 << 2)

Definition at line 114 of file x509.h.

Referenced by x509_get_crt_ext().

#define EXT_NAME_CONSTRAINTS   (1 << 9)

Definition at line 121 of file x509.h.

#define EXT_NS_CERT_TYPE   (1 << 16)

Definition at line 128 of file x509.h.

Referenced by x509_get_crt_ext().

#define EXT_POLICY_CONSTRAINTS   (1 << 10)

Definition at line 122 of file x509.h.

#define EXT_POLICY_MAPPINGS   (1 << 4)

Definition at line 116 of file x509.h.

#define EXT_SUBJECT_ALT_NAME   (1 << 5)

Definition at line 117 of file x509.h.

Referenced by x509_crt_verify(), and x509_get_crt_ext().

#define EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)

Definition at line 119 of file x509.h.

#define EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)

Definition at line 113 of file x509.h.

#define KU_CRL_SIGN   (0x02)

Definition at line 93 of file x509.h.

#define KU_DATA_ENCIPHERMENT   (0x10)

Definition at line 90 of file x509.h.

#define KU_DIGITAL_SIGNATURE   (0x80)

Definition at line 87 of file x509.h.

#define KU_KEY_AGREEMENT   (0x08)

Definition at line 91 of file x509.h.

#define KU_KEY_CERT_SIGN   (0x04)

Definition at line 92 of file x509.h.

#define KU_KEY_ENCIPHERMENT   (0x20)

Definition at line 89 of file x509.h.

#define KU_NON_REPUDIATION   (0x40)

Definition at line 88 of file x509.h.

#define NS_CERT_TYPE_EMAIL   (0x20)

Definition at line 102 of file x509.h.

#define NS_CERT_TYPE_EMAIL_CA   (0x02)

Definition at line 106 of file x509.h.

#define NS_CERT_TYPE_OBJECT_SIGNING   (0x10)

Definition at line 103 of file x509.h.

#define NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01)

Definition at line 107 of file x509.h.

#define NS_CERT_TYPE_RESERVED   (0x08)

Definition at line 104 of file x509.h.

#define NS_CERT_TYPE_SSL_CA   (0x04)

Definition at line 105 of file x509.h.

#define NS_CERT_TYPE_SSL_CLIENT   (0x80)

Definition at line 100 of file x509.h.

#define NS_CERT_TYPE_SSL_SERVER   (0x40)

Definition at line 101 of file x509.h.

#define X509_FORMAT_DER   1

Definition at line 134 of file x509.h.

Referenced by x509_crt_parse().

#define X509_FORMAT_PEM   2

Definition at line 135 of file x509.h.

Referenced by x509_crt_parse().


Function Documentation

int x509_dn_gets ( char *  buf,
size_t  size,
const x509_name dn 
)

Store the certificate DN in printable form into buf; no more than size characters will be written.

Parameters:
buf Buffer to write to
size Maximum size of buffer
dn The X509 name to represent
Returns:
The amount of data written to the buffer, or -1 in case of an error.

Definition at line 488 of file x509.c.

References _asn1_buf::len, _asn1_named_data::next, _asn1_named_data::oid, oid_get_attr_short_name(), _asn1_buf::p, SAFE_SNPRINTF, and _asn1_named_data::val.

Referenced by test_suite_x509_dn_gets(), x509_crl_info(), x509_crt_info(), and x509_csr_info().

int x509_get_alg_null ( unsigned char **  p,
const unsigned char *  end,
x509_buf alg 
)
int x509_get_ext ( unsigned char **  p,
const unsigned char *  end,
x509_buf ext,
int  tag 
)
int x509_get_name ( unsigned char **  p,
const unsigned char *  end,
x509_name cur 
)
int x509_get_serial ( unsigned char **  p,
const unsigned char *  end,
x509_buf serial 
)
int x509_get_sig ( unsigned char **  p,
const unsigned char *  end,
x509_buf sig 
)
int x509_get_sig_alg ( const x509_buf sig_oid,
md_type_t md_alg,
pk_type_t pk_alg 
)
int x509_get_time ( unsigned char **  p,
const unsigned char *  end,
x509_time time 
)
int x509_key_size_helper ( char *  buf,
size_t  size,
const char *  name 
)

Definition at line 582 of file x509.c.

References POLARSSL_ERR_DEBUG_BUF_TOO_SMALL, and SAFE_SNPRINTF.

Referenced by x509_crt_info(), and x509_csr_info().

int x509_load_file ( const char *  path,
unsigned char **  buf,
size_t *  n 
)
const char* x509_oid_get_description ( x509_buf oid  ) 

Give an known OID, return its descriptive string.

Parameters:
oid buffer containing the oid
Returns:
Return a string if the OID is known, or NULL otherwise.

Definition at line 600 of file x509.c.

References oid_get_extended_key_usage().

int x509_oid_get_numeric_string ( char *  buf,
size_t  size,
x509_buf oid 
)

Give an OID, return a string version of its OID number.

(Deprecated. Use oid_get_numeric_string() instead)

Parameters:
buf Buffer to write to
size Maximum size of buffer
oid Buffer containing the OID
Returns:
The amount of data written to the buffer, or -1 in case of an error.

Definition at line 614 of file x509.c.

References oid_get_numeric_string().

int x509_self_test ( int  verbose  ) 

Checkup routine.

Returns:
0 if successful, or 1 if the test failed

Definition at line 705 of file x509.c.

References POLARSSL_ERR_X509_FEATURE_UNAVAILABLE, test_ca_crt, test_cli_crt, x509_crt_free(), x509_crt_init(), x509_crt_parse(), and x509_crt_verify().

Referenced by test_suite_x509_selftest().

int x509_serial_gets ( char *  buf,
size_t  size,
const x509_buf serial 
)

Store the certificate serial in printable form into buf; no more than size characters will be written.

Parameters:
buf Buffer to write to
size Maximum size of buffer
serial The X509 serial to represent
Returns:
The amount of data written to the buffer, or -1 in case of an error.

Definition at line 548 of file x509.c.

References _asn1_buf::len, _asn1_buf::p, and SAFE_SNPRINTF.

Referenced by x509_crl_info(), and x509_crt_info().

int x509_set_extension ( asn1_named_data **  head,
const char *  oid,
size_t  oid_len,
int  critical,
const unsigned char *  val,
size_t  val_len 
)
int x509_string_to_names ( asn1_named_data **  head,
const char *  name 
)
int x509_time_expired ( const x509_time time  ) 

Check a given x509_time against the system time and check if it is valid.

Parameters:
time x509_time to check
Returns:
Return 0 if the x509_time is still valid, or 1 otherwise.

Definition at line 623 of file x509.c.

References _x509_time::day, _x509_time::hour, _x509_time::min, _x509_time::mon, _x509_time::sec, and _x509_time::year.

Referenced by test_suite_x509_time_expired(), x509_crt_revoked(), x509_crt_verify_child(), x509_crt_verify_top(), and x509_crt_verifycrl().

int x509_write_extensions ( unsigned char **  p,
unsigned char *  start,
asn1_named_data first 
)

Definition at line 262 of file x509_create.c.

References ASN1_CHK_ADD, _asn1_named_data::next, and x509_write_extension().

Referenced by x509write_crt_der(), and x509write_csr_der().

int x509_write_names ( unsigned char **  p,
unsigned char *  start,
asn1_named_data first 
)
int x509_write_sig ( unsigned char **  p,
unsigned char *  start,
const char *  oid,
size_t  oid_len,
unsigned char *  sig,
size_t  size 
)

Generated on 9 Apr 2014 for PolarSSL v1.3.2 by  doxygen 1.6.1