X.509 certificate parsing and writing. More...
#include "config.h"
#include "x509.h"
#include "x509_crl.h"
Go to the source code of this file.
Data Structures | |
struct | _x509_crt |
Container for an X.509 certificate. More... | |
struct | _x509write_cert |
Container for writing a certificate (CRT). More... | |
Functions | |
void | x509write_crt_init (x509write_cert *ctx) |
Initialize a CRT writing context. | |
void | x509write_crt_set_version (x509write_cert *ctx, int version) |
Set the verion for a Certificate Default: X509_CRT_VERSION_3. | |
int | x509write_crt_set_serial (x509write_cert *ctx, const mpi *serial) |
Set the serial number for a Certificate. | |
int | x509write_crt_set_validity (x509write_cert *ctx, const char *not_before, const char *not_after) |
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i.e. | |
int | x509write_crt_set_issuer_name (x509write_cert *ctx, const char *issuer_name) |
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types and values: e.g. | |
int | x509write_crt_set_subject_name (x509write_cert *ctx, const char *subject_name) |
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID types and values: e.g. | |
void | x509write_crt_set_subject_key (x509write_cert *ctx, pk_context *key) |
Set the subject public key for the certificate. | |
void | x509write_crt_set_issuer_key (x509write_cert *ctx, pk_context *key) |
Set the issuer key used for signing the certificate. | |
void | x509write_crt_set_md_alg (x509write_cert *ctx, md_type_t md_alg) |
Set the MD algorithm to use for the signature (e.g. | |
int | x509write_crt_set_extension (x509write_cert *ctx, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len) |
Generic function to add to or replace an extension in the CRT. | |
int | x509write_crt_set_basic_constraints (x509write_cert *ctx, int is_ca, int max_pathlen) |
Set the basicConstraints extension for a CRT. | |
int | x509write_crt_set_subject_key_identifier (x509write_cert *ctx) |
Set the subjectKeyIdentifier extension for a CRT Requires that x509write_crt_set_subject_key() has been called before. | |
int | x509write_crt_set_authority_key_identifier (x509write_cert *ctx) |
Set the authorityKeyIdentifier extension for a CRT Requires that x509write_crt_set_issuer_key() has been called before. | |
int | x509write_crt_set_key_usage (x509write_cert *ctx, unsigned char key_usage) |
Set the Key Usage Extension flags (e.g. | |
int | x509write_crt_set_ns_cert_type (x509write_cert *ctx, unsigned char ns_cert_type) |
Set the Netscape Cert Type flags (e.g. | |
void | x509write_crt_free (x509write_cert *ctx) |
Free the contents of a CRT write context. | |
int | x509write_crt_der (x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer. | |
int | x509write_crt_pem (x509write_cert *ctx, unsigned char *buf, size_t size, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng) |
Write a built up certificate to a X509 PEM string. | |
Structures and functions for parsing and writing X.509 certificates | |
| |
#define | X509_CRT_VERSION_1 0 |
#define | X509_CRT_VERSION_2 1 |
#define | X509_CRT_VERSION_3 2 |
#define | X509_RFC5280_MAX_SERIAL_LEN 32 |
#define | X509_RFC5280_UTC_TIME_LEN 15 |
typedef struct _x509_crt | x509_crt |
Container for an X.509 certificate. | |
typedef struct _x509write_cert | x509write_cert |
Container for writing a certificate (CRT). | |
int | x509_crt_parse_der (x509_crt *chain, const unsigned char *buf, size_t buflen) |
Parse a single DER formatted certificate and add it to the chained list. | |
int | x509_crt_parse (x509_crt *chain, const unsigned char *buf, size_t buflen) |
Parse one or more certificates and add them to the chained list. | |
int | x509_crt_parse_file (x509_crt *chain, const char *path) |
Load one or more certificates and add them to the chained list. | |
int | x509_crt_parse_path (x509_crt *chain, const char *path) |
Load one or more certificate files from a path and add them to the chained list. | |
int | x509_crt_info (char *buf, size_t size, const char *prefix, const x509_crt *crt) |
Returns an informational string about the certificate. | |
int | x509_crt_verify (x509_crt *crt, x509_crt *trust_ca, x509_crl *ca_crl, const char *cn, int *flags, int(*f_vrfy)(void *, x509_crt *, int, int *), void *p_vrfy) |
Verify the certificate signature. | |
int | x509_crt_revoked (const x509_crt *crt, const x509_crl *crl) |
Verify the certificate revocation status. | |
void | x509_crt_init (x509_crt *crt) |
Initialize a certificate (chain). | |
void | x509_crt_free (x509_crt *crt) |
Unallocate all certificate data. |
X.509 certificate parsing and writing.
Copyright (C) 2006-2013, Brainspark B.V.
This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Definition in file x509_crt.h.
int x509write_crt_der | ( | x509write_cert * | ctx, | |
unsigned char * | buf, | |||
size_t | size, | |||
int(*)(void *, unsigned char *, size_t) | f_rng, | |||
void * | p_rng | |||
) |
Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.
crt | certificate to write away | |
buf | buffer to write to | |
size | size of the buffer | |
f_rng | RNG function (for signature, see note) | |
p_rng | RNG parameter |
Definition at line 280 of file x509write_crt.c.
References ASN1_CHK_ADD, ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, ASN1_SEQUENCE, asn1_write_algorithm_identifier(), asn1_write_int(), asn1_write_len(), asn1_write_mpi(), asn1_write_tag(), _x509write_cert::extensions, _x509write_cert::issuer, _x509write_cert::issuer_key, md(), _x509write_cert::md_alg, md_info_from_type(), _x509write_cert::not_after, _x509write_cert::not_before, oid_get_oid_by_sig_alg(), pk_get_type(), pk_sign(), pk_write_pubkey_der(), POLARSSL_MPI_MAX_SIZE, POLARSSL_PK_ECDSA, POLARSSL_PK_ECKEY, _x509write_cert::serial, _x509write_cert::subject, _x509write_cert::subject_key, _x509write_cert::version, X509_RFC5280_UTC_TIME_LEN, x509_write_extensions(), x509_write_names(), x509_write_sig(), and x509_write_time().
Referenced by x509write_crt_pem().
void x509write_crt_free | ( | x509write_cert * | ctx | ) |
Free the contents of a CRT write context.
ctx | CRT context to free |
Definition at line 53 of file x509write_crt.c.
References asn1_free_named_data_list(), _x509write_cert::extensions, _x509write_cert::issuer, mpi_free(), _x509write_cert::serial, and _x509write_cert::subject.
Referenced by test_suite_x509_crt_check().
void x509write_crt_init | ( | x509write_cert * | ctx | ) |
Initialize a CRT writing context.
ctx | CRT context to initialize |
Definition at line 45 of file x509write_crt.c.
References mpi_init(), _x509write_cert::serial, _x509write_cert::version, and X509_CRT_VERSION_3.
Referenced by test_suite_x509_crt_check().
int x509write_crt_pem | ( | x509write_cert * | ctx, | |
unsigned char * | buf, | |||
size_t | size, | |||
int(*)(void *, unsigned char *, size_t) | f_rng, | |||
void * | p_rng | |||
) |
Write a built up certificate to a X509 PEM string.
crt | certificate to write away | |
buf | buffer to write to | |
size | size of the buffer | |
f_rng | RNG function (for signature, see note) | |
p_rng | RNG parameter |
Definition at line 410 of file x509write_crt.c.
References PEM_BEGIN_CRT, PEM_END_CRT, pem_write_buffer(), and x509write_crt_der().
Referenced by test_suite_x509_crt_check().
int x509write_crt_set_authority_key_identifier | ( | x509write_cert * | ctx | ) |
Set the authorityKeyIdentifier extension for a CRT Requires that x509write_crt_set_issuer_key() has been called before.
ctx | CRT context to use |
Definition at line 184 of file x509write_crt.c.
References ASN1_CHK_ADD, ASN1_CONSTRUCTED, ASN1_CONTEXT_SPECIFIC, ASN1_SEQUENCE, asn1_write_len(), asn1_write_tag(), _x509write_cert::issuer_key, OID_AUTHORITY_KEY_IDENTIFIER, OID_SIZE, pk_write_pubkey(), POLARSSL_MPI_MAX_SIZE, sha1(), and x509write_crt_set_extension().
Referenced by test_suite_x509_crt_check().
int x509write_crt_set_basic_constraints | ( | x509write_cert * | ctx, | |
int | is_ca, | |||
int | max_pathlen | |||
) |
Set the basicConstraints extension for a CRT.
ctx | CRT context to use | |
is_ca | is this a CA certificate | |
max_pathlen | maximum length of certificate chains below this certificate (only for CA certificates, -1 is inlimited) |
Definition at line 131 of file x509write_crt.c.
References ASN1_CHK_ADD, ASN1_CONSTRUCTED, ASN1_SEQUENCE, asn1_write_bool(), asn1_write_int(), asn1_write_len(), asn1_write_tag(), OID_BASIC_CONSTRAINTS, OID_SIZE, POLARSSL_ERR_X509_BAD_INPUT_DATA, and x509write_crt_set_extension().
Referenced by test_suite_x509_crt_check().
int x509write_crt_set_extension | ( | x509write_cert * | ctx, | |
const char * | oid, | |||
size_t | oid_len, | |||
int | critical, | |||
const unsigned char * | val, | |||
size_t | val_len | |||
) |
Generic function to add to or replace an extension in the CRT.
ctx | CRT context to use | |
oid | OID of the extension | |
oid_len | length of the OID | |
critical | if the extension is critical (per the RFC's definition) | |
val | value of the extension OCTET STRING | |
val_len | length of the value data |
Definition at line 122 of file x509write_crt.c.
References _x509write_cert::extensions, and x509_set_extension().
Referenced by x509write_crt_set_authority_key_identifier(), x509write_crt_set_basic_constraints(), x509write_crt_set_key_usage(), x509write_crt_set_ns_cert_type(), and x509write_crt_set_subject_key_identifier().
void x509write_crt_set_issuer_key | ( | x509write_cert * | ctx, | |
pk_context * | key | |||
) |
Set the issuer key used for signing the certificate.
ctx | CRT context to use | |
key | private key to sign with |
Definition at line 79 of file x509write_crt.c.
References _x509write_cert::issuer_key.
Referenced by test_suite_x509_crt_check().
int x509write_crt_set_issuer_name | ( | x509write_cert * | ctx, | |
const char * | issuer_name | |||
) |
Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types and values: e.g.
"C=NL,O=Offspark,CN=PolarSSL CA"
ctx | CRT context to use | |
issuer_name | issuer name to set |
Definition at line 90 of file x509write_crt.c.
References _x509write_cert::issuer, and x509_string_to_names().
Referenced by test_suite_x509_crt_check().
int x509write_crt_set_key_usage | ( | x509write_cert * | ctx, | |
unsigned char | key_usage | |||
) |
Set the Key Usage Extension flags (e.g.
KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)
ctx | CRT context to use | |
key_usage | key usage flags to set |
Definition at line 210 of file x509write_crt.c.
References asn1_write_bitstring(), OID_KEY_USAGE, OID_SIZE, and x509write_crt_set_extension().
void x509write_crt_set_md_alg | ( | x509write_cert * | ctx, | |
md_type_t | md_alg | |||
) |
Set the MD algorithm to use for the signature (e.g.
POLARSSL_MD_SHA1)
ctx | CRT context to use | |
md_ald | MD algorithm to use |
Definition at line 69 of file x509write_crt.c.
References _x509write_cert::md_alg.
Referenced by test_suite_x509_crt_check().
int x509write_crt_set_ns_cert_type | ( | x509write_cert * | ctx, | |
unsigned char | ns_cert_type | |||
) |
Set the Netscape Cert Type flags (e.g.
NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)
ctx | CRT context to use | |
ns_cert_type | Netscape Cert Type flags to set |
Definition at line 230 of file x509write_crt.c.
References asn1_write_bitstring(), OID_NS_CERT_TYPE, OID_SIZE, and x509write_crt_set_extension().
int x509write_crt_set_serial | ( | x509write_cert * | ctx, | |
const mpi * | serial | |||
) |
Set the serial number for a Certificate.
ctx | CRT context to use | |
serial | serial number to set |
Definition at line 96 of file x509write_crt.c.
References mpi_copy(), and _x509write_cert::serial.
Referenced by test_suite_x509_crt_check().
void x509write_crt_set_subject_key | ( | x509write_cert * | ctx, | |
pk_context * | key | |||
) |
Set the subject public key for the certificate.
ctx | CRT context to use | |
key | public key to include |
Definition at line 74 of file x509write_crt.c.
References _x509write_cert::subject_key.
Referenced by test_suite_x509_crt_check().
int x509write_crt_set_subject_key_identifier | ( | x509write_cert * | ctx | ) |
Set the subjectKeyIdentifier extension for a CRT Requires that x509write_crt_set_subject_key() has been called before.
ctx | CRT context to use |
Definition at line 162 of file x509write_crt.c.
References ASN1_CHK_ADD, ASN1_OCTET_STRING, asn1_write_len(), asn1_write_tag(), OID_SIZE, OID_SUBJECT_KEY_IDENTIFIER, pk_write_pubkey(), POLARSSL_MPI_MAX_SIZE, sha1(), _x509write_cert::subject_key, and x509write_crt_set_extension().
Referenced by test_suite_x509_crt_check().
int x509write_crt_set_subject_name | ( | x509write_cert * | ctx, | |
const char * | subject_name | |||
) |
Set the subject name for a Certificate Subject names should contain a comma-separated list of OID types and values: e.g.
"C=NL,O=Offspark,CN=PolarSSL Server 1"
ctx | CRT context to use | |
subject_name | subject name to set |
Definition at line 84 of file x509write_crt.c.
References _x509write_cert::subject, and x509_string_to_names().
Referenced by test_suite_x509_crt_check().
int x509write_crt_set_validity | ( | x509write_cert * | ctx, | |
const char * | not_before, | |||
const char * | not_after | |||
) |
Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i.e.
"YYYYMMDDhhmmss" e.g. "20131231235959" for December 31st 2013 at 23:59:59
ctx | CRT context to use | |
not_before | not_before timestamp | |
not_after | not_after timestamp |
Definition at line 106 of file x509write_crt.c.
References _x509write_cert::not_after, _x509write_cert::not_before, POLARSSL_ERR_X509_BAD_INPUT_DATA, and X509_RFC5280_UTC_TIME_LEN.
Referenced by test_suite_x509_crt_check().
void x509write_crt_set_version | ( | x509write_cert * | ctx, | |
int | version | |||
) |
Set the verion for a Certificate Default: X509_CRT_VERSION_3.
ctx | CRT context to use | |
version | version to set (X509_CRT_VERSION_1, X509_CRT_VERSION_2 or X509_CRT_VERSION_3) |
Definition at line 64 of file x509write_crt.c.
References _x509write_cert::version.