x509_crt.h File Reference

X.509 certificate parsing and writing. More...

#include "config.h"
#include "x509.h"
#include "x509_crl.h"
Include dependency graph for x509_crt.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  _x509_crt
 Container for an X.509 certificate. More...
struct  _x509write_cert
 Container for writing a certificate (CRT). More...

Functions

void x509write_crt_init (x509write_cert *ctx)
 Initialize a CRT writing context.
void x509write_crt_set_version (x509write_cert *ctx, int version)
 Set the verion for a Certificate Default: X509_CRT_VERSION_3.
int x509write_crt_set_serial (x509write_cert *ctx, const mpi *serial)
 Set the serial number for a Certificate.
int x509write_crt_set_validity (x509write_cert *ctx, const char *not_before, const char *not_after)
 Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i.e.
int x509write_crt_set_issuer_name (x509write_cert *ctx, const char *issuer_name)
 Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types and values: e.g.
int x509write_crt_set_subject_name (x509write_cert *ctx, const char *subject_name)
 Set the subject name for a Certificate Subject names should contain a comma-separated list of OID types and values: e.g.
void x509write_crt_set_subject_key (x509write_cert *ctx, pk_context *key)
 Set the subject public key for the certificate.
void x509write_crt_set_issuer_key (x509write_cert *ctx, pk_context *key)
 Set the issuer key used for signing the certificate.
void x509write_crt_set_md_alg (x509write_cert *ctx, md_type_t md_alg)
 Set the MD algorithm to use for the signature (e.g.
int x509write_crt_set_extension (x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
 Generic function to add to or replace an extension in the CRT.
int x509write_crt_set_basic_constraints (x509write_cert *ctx, int is_ca, int max_pathlen)
 Set the basicConstraints extension for a CRT.
int x509write_crt_set_subject_key_identifier (x509write_cert *ctx)
 Set the subjectKeyIdentifier extension for a CRT Requires that x509write_crt_set_subject_key() has been called before.
int x509write_crt_set_authority_key_identifier (x509write_cert *ctx)
 Set the authorityKeyIdentifier extension for a CRT Requires that x509write_crt_set_issuer_key() has been called before.
int x509write_crt_set_key_usage (x509write_cert *ctx, unsigned char key_usage)
 Set the Key Usage Extension flags (e.g.
int x509write_crt_set_ns_cert_type (x509write_cert *ctx, unsigned char ns_cert_type)
 Set the Netscape Cert Type flags (e.g.
void x509write_crt_free (x509write_cert *ctx)
 Free the contents of a CRT write context.
int x509write_crt_der (x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.
int x509write_crt_pem (x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Write a built up certificate to a X509 PEM string.

Structures and functions for parsing and writing X.509 certificates



#define X509_CRT_VERSION_1   0
#define X509_CRT_VERSION_2   1
#define X509_CRT_VERSION_3   2
#define X509_RFC5280_MAX_SERIAL_LEN   32
#define X509_RFC5280_UTC_TIME_LEN   15
typedef struct _x509_crt x509_crt
 Container for an X.509 certificate.
typedef struct _x509write_cert x509write_cert
 Container for writing a certificate (CRT).
int x509_crt_parse_der (x509_crt *chain, const unsigned char *buf, size_t buflen)
 Parse a single DER formatted certificate and add it to the chained list.
int x509_crt_parse (x509_crt *chain, const unsigned char *buf, size_t buflen)
 Parse one or more certificates and add them to the chained list.
int x509_crt_parse_file (x509_crt *chain, const char *path)
 Load one or more certificates and add them to the chained list.
int x509_crt_parse_path (x509_crt *chain, const char *path)
 Load one or more certificate files from a path and add them to the chained list.
int x509_crt_info (char *buf, size_t size, const char *prefix, const x509_crt *crt)
 Returns an informational string about the certificate.
int x509_crt_verify (x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy)
 Verify the certificate signature.
int x509_crt_revoked (const x509_crt *crt, const x509_crl *crl)
 Verify the certificate revocation status.
void x509_crt_init (x509_crt *crt)
 Initialize a certificate (chain).
void x509_crt_free (x509_crt *crt)
 Unallocate all certificate data.

Detailed Description

X.509 certificate parsing and writing.

Copyright (C) 2006-2013, Brainspark B.V.

This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>

All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file x509_crt.h.


Function Documentation

int x509write_crt_der ( x509write_cert ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.

Parameters:
crt certificate to write away
buf buffer to write to
size size of the buffer
f_rng RNG function (for signature, see note)
p_rng RNG parameter
Returns:
length of data written if successful, or a specific error code
Note:
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for countermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.

Definition at line 280 of file x509write_crt.c.

References ASN1_CHK_ADD, ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, ASN1_SEQUENCE, asn1_write_algorithm_identifier(), asn1_write_int(), asn1_write_len(), asn1_write_mpi(), asn1_write_tag(), _x509write_cert::extensions, _x509write_cert::issuer, _x509write_cert::issuer_key, md(), _x509write_cert::md_alg, md_info_from_type(), _x509write_cert::not_after, _x509write_cert::not_before, oid_get_oid_by_sig_alg(), pk_get_type(), pk_sign(), pk_write_pubkey_der(), POLARSSL_MPI_MAX_SIZE, POLARSSL_PK_ECDSA, POLARSSL_PK_ECKEY, _x509write_cert::serial, _x509write_cert::subject, _x509write_cert::subject_key, _x509write_cert::version, X509_RFC5280_UTC_TIME_LEN, x509_write_extensions(), x509_write_names(), x509_write_sig(), and x509_write_time().

Referenced by x509write_crt_pem().

void x509write_crt_free ( x509write_cert ctx  ) 

Free the contents of a CRT write context.

Parameters:
ctx CRT context to free

Definition at line 53 of file x509write_crt.c.

References asn1_free_named_data_list(), _x509write_cert::extensions, _x509write_cert::issuer, mpi_free(), _x509write_cert::serial, and _x509write_cert::subject.

Referenced by test_suite_x509_crt_check().

void x509write_crt_init ( x509write_cert ctx  ) 

Initialize a CRT writing context.

Parameters:
ctx CRT context to initialize

Definition at line 45 of file x509write_crt.c.

References mpi_init(), _x509write_cert::serial, _x509write_cert::version, and X509_CRT_VERSION_3.

Referenced by test_suite_x509_crt_check().

int x509write_crt_pem ( x509write_cert ctx,
unsigned char *  buf,
size_t  size,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Write a built up certificate to a X509 PEM string.

Parameters:
crt certificate to write away
buf buffer to write to
size size of the buffer
f_rng RNG function (for signature, see note)
p_rng RNG parameter
Returns:
0 successful, or a specific error code
Note:
f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for countermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.

Definition at line 410 of file x509write_crt.c.

References PEM_BEGIN_CRT, PEM_END_CRT, pem_write_buffer(), and x509write_crt_der().

Referenced by test_suite_x509_crt_check().

int x509write_crt_set_authority_key_identifier ( x509write_cert ctx  ) 

Set the authorityKeyIdentifier extension for a CRT Requires that x509write_crt_set_issuer_key() has been called before.

Parameters:
ctx CRT context to use
Returns:
0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED

Definition at line 184 of file x509write_crt.c.

References ASN1_CHK_ADD, ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, ASN1_SEQUENCE, asn1_write_len(), asn1_write_tag(), _x509write_cert::issuer_key, OID_AUTHORITY_KEY_IDENTIFIER, OID_SIZE, pk_write_pubkey(), POLARSSL_MPI_MAX_SIZE, sha1(), and x509write_crt_set_extension().

Referenced by test_suite_x509_crt_check().

int x509write_crt_set_basic_constraints ( x509write_cert ctx,
int  is_ca,
int  max_pathlen 
)

Set the basicConstraints extension for a CRT.

Parameters:
ctx CRT context to use
is_ca is this a CA certificate
max_pathlen maximum length of certificate chains below this certificate (only for CA certificates, -1 is inlimited)
Returns:
0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED

Definition at line 131 of file x509write_crt.c.

References ASN1_CHK_ADD, ASN1_CONSTRUCTED, ASN1_SEQUENCE, asn1_write_bool(), asn1_write_int(), asn1_write_len(), asn1_write_tag(), OID_BASIC_CONSTRAINTS, OID_SIZE, POLARSSL_ERR_X509_BAD_INPUT_DATA, and x509write_crt_set_extension().

Referenced by test_suite_x509_crt_check().

int x509write_crt_set_extension ( x509write_cert ctx,
const char *  oid,
size_t  oid_len,
int  critical,
const unsigned char *  val,
size_t  val_len 
)

Generic function to add to or replace an extension in the CRT.

Parameters:
ctx CRT context to use
oid OID of the extension
oid_len length of the OID
critical if the extension is critical (per the RFC's definition)
val value of the extension OCTET STRING
val_len length of the value data
Returns:
0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED

Definition at line 122 of file x509write_crt.c.

References _x509write_cert::extensions, and x509_set_extension().

Referenced by x509write_crt_set_authority_key_identifier(), x509write_crt_set_basic_constraints(), x509write_crt_set_key_usage(), x509write_crt_set_ns_cert_type(), and x509write_crt_set_subject_key_identifier().

void x509write_crt_set_issuer_key ( x509write_cert ctx,
pk_context key 
)

Set the issuer key used for signing the certificate.

Parameters:
ctx CRT context to use
key private key to sign with

Definition at line 79 of file x509write_crt.c.

References _x509write_cert::issuer_key.

Referenced by test_suite_x509_crt_check().

int x509write_crt_set_issuer_name ( x509write_cert ctx,
const char *  issuer_name 
)

Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types and values: e.g.

"C=NL,O=Offspark,CN=PolarSSL CA"

Parameters:
ctx CRT context to use
issuer_name issuer name to set
Returns:
0 if issuer name was parsed successfully, or a specific error code

Definition at line 90 of file x509write_crt.c.

References _x509write_cert::issuer, and x509_string_to_names().

Referenced by test_suite_x509_crt_check().

int x509write_crt_set_key_usage ( x509write_cert ctx,
unsigned char  key_usage 
)

Set the Key Usage Extension flags (e.g.

KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)

Parameters:
ctx CRT context to use
key_usage key usage flags to set
Returns:
0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED

Definition at line 210 of file x509write_crt.c.

References asn1_write_bitstring(), OID_KEY_USAGE, OID_SIZE, and x509write_crt_set_extension().

void x509write_crt_set_md_alg ( x509write_cert ctx,
md_type_t  md_alg 
)

Set the MD algorithm to use for the signature (e.g.

POLARSSL_MD_SHA1)

Parameters:
ctx CRT context to use
md_ald MD algorithm to use

Definition at line 69 of file x509write_crt.c.

References _x509write_cert::md_alg.

Referenced by test_suite_x509_crt_check().

int x509write_crt_set_ns_cert_type ( x509write_cert ctx,
unsigned char  ns_cert_type 
)

Set the Netscape Cert Type flags (e.g.

NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)

Parameters:
ctx CRT context to use
ns_cert_type Netscape Cert Type flags to set
Returns:
0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED

Definition at line 230 of file x509write_crt.c.

References asn1_write_bitstring(), OID_NS_CERT_TYPE, OID_SIZE, and x509write_crt_set_extension().

int x509write_crt_set_serial ( x509write_cert ctx,
const mpi serial 
)

Set the serial number for a Certificate.

Parameters:
ctx CRT context to use
serial serial number to set
Returns:
0 if successful

Definition at line 96 of file x509write_crt.c.

References mpi_copy(), and _x509write_cert::serial.

Referenced by test_suite_x509_crt_check().

void x509write_crt_set_subject_key ( x509write_cert ctx,
pk_context key 
)

Set the subject public key for the certificate.

Parameters:
ctx CRT context to use
key public key to include

Definition at line 74 of file x509write_crt.c.

References _x509write_cert::subject_key.

Referenced by test_suite_x509_crt_check().

int x509write_crt_set_subject_key_identifier ( x509write_cert ctx  ) 

Set the subjectKeyIdentifier extension for a CRT Requires that x509write_crt_set_subject_key() has been called before.

Parameters:
ctx CRT context to use
Returns:
0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED

Definition at line 162 of file x509write_crt.c.

References ASN1_CHK_ADD, ASN1_OCTET_STRING, asn1_write_len(), asn1_write_tag(), OID_SIZE, OID_SUBJECT_KEY_IDENTIFIER, pk_write_pubkey(), POLARSSL_MPI_MAX_SIZE, sha1(), _x509write_cert::subject_key, and x509write_crt_set_extension().

Referenced by test_suite_x509_crt_check().

int x509write_crt_set_subject_name ( x509write_cert ctx,
const char *  subject_name 
)

Set the subject name for a Certificate Subject names should contain a comma-separated list of OID types and values: e.g.

"C=NL,O=Offspark,CN=PolarSSL Server 1"

Parameters:
ctx CRT context to use
subject_name subject name to set
Returns:
0 if subject name was parsed successfully, or a specific error code

Definition at line 84 of file x509write_crt.c.

References _x509write_cert::subject, and x509_string_to_names().

Referenced by test_suite_x509_crt_check().

int x509write_crt_set_validity ( x509write_cert ctx,
const char *  not_before,
const char *  not_after 
)

Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i.e.

"YYYYMMDDhhmmss" e.g. "20131231235959" for December 31st 2013 at 23:59:59

Parameters:
ctx CRT context to use
not_before not_before timestamp
not_after not_after timestamp
Returns:
0 if timestamp was parsed successfully, or a specific error code

Definition at line 106 of file x509write_crt.c.

References _x509write_cert::not_after, _x509write_cert::not_before, POLARSSL_ERR_X509_BAD_INPUT_DATA, and X509_RFC5280_UTC_TIME_LEN.

Referenced by test_suite_x509_crt_check().

void x509write_crt_set_version ( x509write_cert ctx,
int  version 
)

Set the verion for a Certificate Default: X509_CRT_VERSION_3.

Parameters:
ctx CRT context to use
version version to set (X509_CRT_VERSION_1, X509_CRT_VERSION_2 or X509_CRT_VERSION_3)

Definition at line 64 of file x509write_crt.c.

References _x509write_cert::version.


Generated on 9 Apr 2014 for PolarSSL v1.3.2 by  doxygen 1.6.1