x509_csr.h File Reference

X.509 certificate signing request parsing and writing. More...

#include "config.h"
#include "x509.h"
Include dependency graph for x509_csr.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  _x509_csr
 Certificate Signing Request (CSR) structure. More...
struct  _x509write_csr
 Container for writing a CSR. More...

Functions

void x509write_csr_init (x509write_csr *ctx)
 Initialize a CSR context.
int x509write_csr_set_subject_name (x509write_csr *ctx, const char *subject_name)
 Set the subject name for a CSR Subject names should contain a comma-separated list of OID types and values: e.g.
void x509write_csr_set_key (x509write_csr *ctx, pk_context *key)
 Set the key for a CSR (public key will be included, private key used to sign the CSR when writing it).
void x509write_csr_set_md_alg (x509write_csr *ctx, md_type_t md_alg)
 Set the MD algorithm to use for the signature (e.g.
int x509write_csr_set_key_usage (x509write_csr *ctx, unsigned char key_usage)
 Set the Key Usage Extension flags (e.g.
int x509write_csr_set_ns_cert_type (x509write_csr *ctx, unsigned char ns_cert_type)
 Set the Netscape Cert Type flags (e.g.
int x509write_csr_set_extension (x509write_csr *ctx, const char *oid, size_t oid_len, const unsigned char *val, size_t val_len)
 Generic function to add to or replace an extension in the CSR.
void x509write_csr_free (x509write_csr *ctx)
 Free the contents of a CSR context.
int x509write_csr_der (x509write_csr *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a CSR (Certificate Signing Request) to a DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.
int x509write_csr_pem (x509write_csr *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a CSR (Certificate Signing Request) to a PEM string.

Structures and functions for X.509 Certificate Signing Requests (CSR)



typedef struct _x509_csr x509_csr
 Certificate Signing Request (CSR) structure.
typedef struct _x509write_csr x509write_csr
 Container for writing a CSR.
int x509_csr_parse (x509_csr *csr, const unsigned char *buf, size_t buflen)
 Load a Certificate Signing Request (CSR).
int x509_csr_parse_file (x509_csr *csr, const char *path)
 Load a Certificate Signing Request (CSR).
int x509_csr_info (char *buf, size_t size, const char *prefix, const x509_csr *csr)
 Returns an informational string about the CSR.
void x509_csr_init (x509_csr *csr)
 Initialize a CSR.
void x509_csr_free (x509_csr *csr)
 Unallocate all CSR data.

Detailed Description

X.509 certificate signing request parsing and writing.

Copyright (C) 2006-2013, Brainspark B.V.

This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>

All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file x509_csr.h.


Function Documentation

int x509write_csr_der ( x509write_csr ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a CSR (Certificate Signing Request) to a DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.

Parameters:
ctx CSR to write away
buf buffer to write to
size size of the buffer
f_rng RNG function (for signature, see note)
p_rng RNG parameter
Returns:
length of data written if successful, or a specific error code
Note:
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for countermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.

Definition at line 124 of file x509write_csr.c.

References ASN1_CHK_ADD, ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, ASN1_SEQUENCE, ASN1_SET, asn1_write_int(), asn1_write_len(), asn1_write_oid(), asn1_write_tag(), _x509write_csr::extensions, _x509write_csr::key, md(), _x509write_csr::md_alg, md_info_from_type(), oid_get_oid_by_sig_alg(), OID_PKCS9_CSR_EXT_REQ, OID_SIZE, pk_get_type(), pk_sign(), pk_write_pubkey_der(), POLARSSL_MPI_MAX_SIZE, POLARSSL_PK_ECDSA, POLARSSL_PK_ECKEY, _x509write_csr::subject, x509_write_extensions(), x509_write_names(), and x509_write_sig().

Referenced by x509write_csr_pem().

void x509write_csr_free ( x509write_csr ctx  ) 

Free the contents of a CSR context.

Parameters:
ctx CSR context to free

Definition at line 51 of file x509write_csr.c.

References asn1_free_named_data_list(), _x509write_csr::extensions, and _x509write_csr::subject.

Referenced by test_suite_x509_csr_check().

void x509write_csr_init ( x509write_csr ctx  ) 

Initialize a CSR context.

Parameters:
ctx CSR context to initialize

Definition at line 46 of file x509write_csr.c.

Referenced by test_suite_x509_csr_check().

int x509write_csr_pem ( x509write_csr ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a CSR (Certificate Signing Request) to a PEM string.

Parameters:
ctx CSR to write away
buf buffer to write to
size size of the buffer
f_rng RNG function (for signature, see note)
p_rng RNG parameter
Returns:
0 successful, or a specific error code
Note:
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for couermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.

Definition at line 220 of file x509write_csr.c.

References PEM_BEGIN_CSR, PEM_END_CSR, pem_write_buffer(), and x509write_csr_der().

Referenced by test_suite_x509_csr_check().

int x509write_csr_set_extension ( x509write_csr ctx,
const char *  oid,
size_t  oid_len,
const unsigned char *  val,
size_t  val_len 
)

Generic function to add to or replace an extension in the CSR.

Parameters:
ctx CSR context to use
oid OID of the extension
oid_len length of the OID
val value of the extension OCTET STRING
val_len length of the value data
Returns:
0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED

Definition at line 75 of file x509write_csr.c.

References _x509write_csr::extensions, and x509_set_extension().

Referenced by x509write_csr_set_key_usage(), and x509write_csr_set_ns_cert_type().

void x509write_csr_set_key ( x509write_csr ctx,
pk_context key 
)

Set the key for a CSR (public key will be included, private key used to sign the CSR when writing it).

Parameters:
ctx CSR context to use
key Asymetric key to include

Definition at line 64 of file x509write_csr.c.

References _x509write_csr::key.

Referenced by test_suite_x509_csr_check().

int x509write_csr_set_key_usage ( x509write_csr ctx,
unsigned char  key_usage 
)

Set the Key Usage Extension flags (e.g.

KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)

Parameters:
ctx CSR context to use
key_usage key usage flags to set
Returns:
0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED

Definition at line 83 of file x509write_csr.c.

References asn1_write_bitstring(), OID_KEY_USAGE, OID_SIZE, and x509write_csr_set_extension().

void x509write_csr_set_md_alg ( x509write_csr ctx,
md_type_t  md_alg 
)

Set the MD algorithm to use for the signature (e.g.

POLARSSL_MD_SHA1)

Parameters:
ctx CSR context to use
md_alg MD algorithm to use

Definition at line 59 of file x509write_csr.c.

References _x509write_csr::md_alg.

Referenced by test_suite_x509_csr_check().

int x509write_csr_set_ns_cert_type ( x509write_csr ctx,
unsigned char  ns_cert_type 
)

Set the Netscape Cert Type flags (e.g.

NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)

Parameters:
ctx CSR context to use
ns_cert_type Netscape Cert Type flags to set
Returns:
0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED

Definition at line 103 of file x509write_csr.c.

References asn1_write_bitstring(), OID_NS_CERT_TYPE, OID_SIZE, and x509write_csr_set_extension().

int x509write_csr_set_subject_name ( x509write_csr ctx,
const char *  subject_name 
)

Set the subject name for a CSR Subject names should contain a comma-separated list of OID types and values: e.g.

"C=NL,O=Offspark,CN=PolarSSL Server 1"

Parameters:
ctx CSR context to use
subject_name subject name to set
Returns:
0 if subject name was parsed successfully, or a specific error code

Definition at line 69 of file x509write_csr.c.

References _x509write_csr::subject, and x509_string_to_names().

Referenced by test_suite_x509_csr_check().


Generated on 9 Apr 2014 for PolarSSL v1.3.2 by  doxygen 1.6.1