PolarSSL v1.3.8
Data Structures | Macros | Functions
x509.h File Reference

X.509 generic defines and structures. More...

#include "config.h"
#include "asn1.h"
#include "pk.h"
#include "rsa.h"
Include dependency graph for x509.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  _x509_time
 Container for date and time (precision in seconds). More...
 

Macros

#define KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */
 
#define KU_NON_REPUDIATION   (0x40) /* bit 1 */
 
#define KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */
 
#define KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */
 
#define KU_KEY_AGREEMENT   (0x08) /* bit 4 */
 
#define KU_KEY_CERT_SIGN   (0x04) /* bit 5 */
 
#define KU_CRL_SIGN   (0x02) /* bit 6 */
 
#define NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */
 
#define NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */
 
#define NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */
 
#define NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */
 
#define NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */
 
#define NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */
 
#define NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */
 
#define NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */
 
#define EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)
 
#define EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)
 
#define EXT_KEY_USAGE   (1 << 2) /* Parsed but not used */
 
#define EXT_CERTIFICATE_POLICIES   (1 << 3)
 
#define EXT_POLICY_MAPPINGS   (1 << 4)
 
#define EXT_SUBJECT_ALT_NAME   (1 << 5) /* Supported (DNS) */
 
#define EXT_ISSUER_ALT_NAME   (1 << 6)
 
#define EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)
 
#define EXT_BASIC_CONSTRAINTS   (1 << 8) /* Supported */
 
#define EXT_NAME_CONSTRAINTS   (1 << 9)
 
#define EXT_POLICY_CONSTRAINTS   (1 << 10)
 
#define EXT_EXTENDED_KEY_USAGE   (1 << 11) /* Parsed but not used */
 
#define EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)
 
#define EXT_INIHIBIT_ANYPOLICY   (1 << 13)
 
#define EXT_FRESHEST_CRL   (1 << 14)
 
#define EXT_NS_CERT_TYPE   (1 << 16) /* Parsed (and then ?) */
 
#define X509_FORMAT_DER   1
 
#define X509_FORMAT_PEM   2
 
X509 Error codes
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE   -0x2080
 Unavailable feature, e.g. More...
 
#define POLARSSL_ERR_X509_UNKNOWN_OID   -0x2100
 Requested OID is unknown. More...
 
#define POLARSSL_ERR_X509_INVALID_FORMAT   -0x2180
 The CRT/CRL/CSR format is invalid, e.g. More...
 
#define POLARSSL_ERR_X509_INVALID_VERSION   -0x2200
 The CRT/CRL/CSR version element is invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_SERIAL   -0x2280
 The serial tag or value is invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_ALG   -0x2300
 The algorithm tag or value is invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_NAME   -0x2380
 The name tag or value is invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_DATE   -0x2400
 The date tag or value is invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_SIGNATURE   -0x2480
 The signature tag or value invalid. More...
 
#define POLARSSL_ERR_X509_INVALID_EXTENSIONS   -0x2500
 The extension tag or value is invalid. More...
 
#define POLARSSL_ERR_X509_UNKNOWN_VERSION   -0x2580
 CRT/CRL/CSR has an unsupported version number. More...
 
#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG   -0x2600
 Signature algorithm (oid) is unsupported. More...
 
#define POLARSSL_ERR_X509_SIG_MISMATCH   -0x2680
 Signature algorithms do not match. More...
 
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED   -0x2700
 Certificate verification failed, e.g. More...
 
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT   -0x2780
 Format not recognized as DER or PEM. More...
 
#define POLARSSL_ERR_X509_BAD_INPUT_DATA   -0x2800
 Input invalid. More...
 
#define POLARSSL_ERR_X509_MALLOC_FAILED   -0x2880
 Allocation of memory failed. More...
 
#define POLARSSL_ERR_X509_FILE_IO_ERROR   -0x2900
 Read/write of file failed. More...
 
X509 Verify codes
#define BADCERT_EXPIRED   0x01
 The certificate validity has expired. More...
 
#define BADCERT_REVOKED   0x02
 The certificate has been revoked (is on a CRL). More...
 
#define BADCERT_CN_MISMATCH   0x04
 The certificate Common Name (CN) does not match with the expected CN. More...
 
#define BADCERT_NOT_TRUSTED   0x08
 The certificate is not correctly signed by the trusted CA. More...
 
#define BADCRL_NOT_TRUSTED   0x10
 CRL is not correctly signed by the trusted CA. More...
 
#define BADCRL_EXPIRED   0x20
 CRL is expired. More...
 
#define BADCERT_MISSING   0x40
 Certificate was missing. More...
 
#define BADCERT_SKIP_VERIFY   0x80
 Certificate verification was skipped. More...
 
#define BADCERT_OTHER   0x0100
 Other reason (can be used by verify callback) More...
 
#define BADCERT_FUTURE   0x0200
 The certificate validity starts in the future. More...
 
#define BADCRL_FUTURE   0x0400
 The CRL is from the future. More...
 

Typedefs

Structures for parsing X.509 certificates, CRLs and CSRs
typedef asn1_buf x509_buf
 Type-length-value structure that allows for ASN1 using DER. More...
 
typedef asn1_bitstring x509_bitstring
 Container for ASN1 bit strings. More...
 
typedef asn1_named_data x509_name
 Container for ASN1 named information objects. More...
 
typedef asn1_sequence x509_sequence
 Container for a sequence of ASN.1 items. More...
 
typedef struct _x509_time x509_time
 Container for date and time (precision in seconds). More...
 

Functions

int x509_dn_gets (char *buf, size_t size, const x509_name *dn)
 Store the certificate DN in printable form into buf; no more than size characters will be written. More...
 
int x509_serial_gets (char *buf, size_t size, const x509_buf *serial)
 Store the certificate serial in printable form into buf; no more than size characters will be written. More...
 
const char * x509_oid_get_description (x509_buf *oid)
 Give an known OID, return its descriptive string. More...
 
int x509_oid_get_numeric_string (char *buf, size_t size, x509_buf *oid)
 Give an OID, return a string version of its OID number. More...
 
int x509_time_expired (const x509_time *time)
 Check a given x509_time against the system time and check if it is not expired. More...
 
int x509_time_future (const x509_time *time)
 Check a given x509_time against the system time and check if it is not from the future. More...
 
int x509_self_test (int verbose)
 Checkup routine. More...
 
int x509_get_name (unsigned char **p, const unsigned char *end, x509_name *cur)
 
int x509_get_alg_null (unsigned char **p, const unsigned char *end, x509_buf *alg)
 
int x509_get_alg (unsigned char **p, const unsigned char *end, x509_buf *alg, x509_buf *params)
 
int x509_get_rsassa_pss_params (const x509_buf *params, md_type_t *md_alg, md_type_t *mgf_md, int *salt_len)
 
int x509_get_sig (unsigned char **p, const unsigned char *end, x509_buf *sig)
 
int x509_get_sig_alg (const x509_buf *sig_oid, const x509_buf *sig_params, md_type_t *md_alg, pk_type_t *pk_alg, void **sig_opts)
 
int x509_get_time (unsigned char **p, const unsigned char *end, x509_time *time)
 
int x509_get_serial (unsigned char **p, const unsigned char *end, x509_buf *serial)
 
int x509_get_ext (unsigned char **p, const unsigned char *end, x509_buf *ext, int tag)
 
int x509_load_file (const char *path, unsigned char **buf, size_t *n)
 
int x509_sig_alg_gets (char *buf, size_t size, const x509_buf *sig_oid, pk_type_t pk_alg, md_type_t md_alg, const void *sig_opts)
 
int x509_key_size_helper (char *buf, size_t size, const char *name)
 
int x509_string_to_names (asn1_named_data **head, const char *name)
 
int x509_set_extension (asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
 
int x509_write_extensions (unsigned char **p, unsigned char *start, asn1_named_data *first)
 
int x509_write_names (unsigned char **p, unsigned char *start, asn1_named_data *first)
 
int x509_write_sig (unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size)
 

Detailed Description

X.509 generic defines and structures.

Copyright (C) 2006-2014, Brainspark B.V.

This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>

All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file x509.h.

Macro Definition Documentation

#define EXT_AUTHORITY_KEY_IDENTIFIER   (1 << 0)

Definition at line 121 of file x509.h.

#define EXT_BASIC_CONSTRAINTS   (1 << 8) /* Supported */

Definition at line 129 of file x509.h.

#define EXT_CERTIFICATE_POLICIES   (1 << 3)

Definition at line 124 of file x509.h.

#define EXT_CRL_DISTRIBUTION_POINTS   (1 << 12)

Definition at line 133 of file x509.h.

#define EXT_EXTENDED_KEY_USAGE   (1 << 11) /* Parsed but not used */

Definition at line 132 of file x509.h.

#define EXT_FRESHEST_CRL   (1 << 14)

Definition at line 135 of file x509.h.

#define EXT_INIHIBIT_ANYPOLICY   (1 << 13)

Definition at line 134 of file x509.h.

#define EXT_ISSUER_ALT_NAME   (1 << 6)

Definition at line 127 of file x509.h.

#define EXT_KEY_USAGE   (1 << 2) /* Parsed but not used */

Definition at line 123 of file x509.h.

#define EXT_NAME_CONSTRAINTS   (1 << 9)

Definition at line 130 of file x509.h.

#define EXT_NS_CERT_TYPE   (1 << 16) /* Parsed (and then ?) */

Definition at line 137 of file x509.h.

#define EXT_POLICY_CONSTRAINTS   (1 << 10)

Definition at line 131 of file x509.h.

#define EXT_POLICY_MAPPINGS   (1 << 4)

Definition at line 125 of file x509.h.

#define EXT_SUBJECT_ALT_NAME   (1 << 5) /* Supported (DNS) */

Definition at line 126 of file x509.h.

#define EXT_SUBJECT_DIRECTORY_ATTRS   (1 << 7)

Definition at line 128 of file x509.h.

#define EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)

Definition at line 122 of file x509.h.

#define KU_CRL_SIGN   (0x02) /* bit 6 */

Definition at line 99 of file x509.h.

#define KU_DATA_ENCIPHERMENT   (0x10) /* bit 3 */

Definition at line 96 of file x509.h.

#define KU_DIGITAL_SIGNATURE   (0x80) /* bit 0 */

Definition at line 93 of file x509.h.

#define KU_KEY_AGREEMENT   (0x08) /* bit 4 */

Definition at line 97 of file x509.h.

#define KU_KEY_CERT_SIGN   (0x04) /* bit 5 */

Definition at line 98 of file x509.h.

#define KU_KEY_ENCIPHERMENT   (0x20) /* bit 2 */

Definition at line 95 of file x509.h.

#define KU_NON_REPUDIATION   (0x40) /* bit 1 */

Definition at line 94 of file x509.h.

#define NS_CERT_TYPE_EMAIL   (0x20) /* bit 2 */

Definition at line 108 of file x509.h.

#define NS_CERT_TYPE_EMAIL_CA   (0x02) /* bit 6 */

Definition at line 112 of file x509.h.

#define NS_CERT_TYPE_OBJECT_SIGNING   (0x10) /* bit 3 */

Definition at line 109 of file x509.h.

#define NS_CERT_TYPE_OBJECT_SIGNING_CA   (0x01) /* bit 7 */

Definition at line 113 of file x509.h.

#define NS_CERT_TYPE_RESERVED   (0x08) /* bit 4 */

Definition at line 110 of file x509.h.

#define NS_CERT_TYPE_SSL_CA   (0x04) /* bit 5 */

Definition at line 111 of file x509.h.

#define NS_CERT_TYPE_SSL_CLIENT   (0x80) /* bit 0 */

Definition at line 106 of file x509.h.

#define NS_CERT_TYPE_SSL_SERVER   (0x40) /* bit 1 */

Definition at line 107 of file x509.h.

#define X509_FORMAT_DER   1

Definition at line 143 of file x509.h.

#define X509_FORMAT_PEM   2

Definition at line 144 of file x509.h.

Function Documentation

int x509_dn_gets ( char *  buf,
size_t  size,
const x509_name dn 
)

Store the certificate DN in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
dnThe X509 name to represent
Returns
The amount of data written to the buffer, or -1 in case of an error.

Referenced by x509parse_dn_gets().

int x509_get_alg ( unsigned char **  p,
const unsigned char *  end,
x509_buf alg,
x509_buf params 
)
int x509_get_alg_null ( unsigned char **  p,
const unsigned char *  end,
x509_buf alg 
)
int x509_get_ext ( unsigned char **  p,
const unsigned char *  end,
x509_buf ext,
int  tag 
)
int x509_get_name ( unsigned char **  p,
const unsigned char *  end,
x509_name cur 
)
int x509_get_rsassa_pss_params ( const x509_buf params,
md_type_t md_alg,
md_type_t mgf_md,
int *  salt_len 
)
int x509_get_serial ( unsigned char **  p,
const unsigned char *  end,
x509_buf serial 
)
int x509_get_sig ( unsigned char **  p,
const unsigned char *  end,
x509_buf sig 
)
int x509_get_sig_alg ( const x509_buf sig_oid,
const x509_buf sig_params,
md_type_t md_alg,
pk_type_t pk_alg,
void **  sig_opts 
)
int x509_get_time ( unsigned char **  p,
const unsigned char *  end,
x509_time time 
)
int x509_key_size_helper ( char *  buf,
size_t  size,
const char *  name 
)
int x509_load_file ( const char *  path,
unsigned char **  buf,
size_t *  n 
)
const char* x509_oid_get_description ( x509_buf oid)

Give an known OID, return its descriptive string.

            (Deprecated. Use oid_get_extended_key_usage() instead.)
            Warning: only works for extended_key_usage OIDs!
Parameters
oidbuffer containing the oid
Returns
Return a string if the OID is known, or NULL otherwise.
int x509_oid_get_numeric_string ( char *  buf,
size_t  size,
x509_buf oid 
)

Give an OID, return a string version of its OID number.

            (Deprecated. Use oid_get_numeric_string() instead)
Parameters
bufBuffer to write to
sizeMaximum size of buffer
oidBuffer containing the OID
Returns
Length of the string written (excluding final NULL) or POLARSSL_ERR_OID_BUF_TO_SMALL in case of error
int x509_self_test ( int  verbose)

Checkup routine.

Returns
0 if successful, or 1 if the test failed
int x509_serial_gets ( char *  buf,
size_t  size,
const x509_buf serial 
)

Store the certificate serial in printable form into buf; no more than size characters will be written.

Parameters
bufBuffer to write to
sizeMaximum size of buffer
serialThe X509 serial to represent
Returns
The amount of data written to the buffer, or -1 in case of an error.

Referenced by x509parse_serial_gets().

int x509_set_extension ( asn1_named_data **  head,
const char *  oid,
size_t  oid_len,
int  critical,
const unsigned char *  val,
size_t  val_len 
)
int x509_sig_alg_gets ( char *  buf,
size_t  size,
const x509_buf sig_oid,
pk_type_t  pk_alg,
md_type_t  md_alg,
const void *  sig_opts 
)
int x509_string_to_names ( asn1_named_data **  head,
const char *  name 
)
int x509_time_expired ( const x509_time time)

Check a given x509_time against the system time and check if it is not expired.

Parameters
timex509_time to check
Returns
0 if the x509_time is still valid, 1 otherwise.

Referenced by x509parse_time_expired().

int x509_time_future ( const x509_time time)

Check a given x509_time against the system time and check if it is not from the future.

Parameters
timex509_time to check
Returns
0 if the x509_time is already valid, 1 otherwise.
int x509_write_extensions ( unsigned char **  p,
unsigned char *  start,
asn1_named_data first 
)
int x509_write_names ( unsigned char **  p,
unsigned char *  start,
asn1_named_data first 
)
int x509_write_sig ( unsigned char **  p,
unsigned char *  start,
const char *  oid,
size_t  oid_len,
unsigned char *  sig,
size_t  size 
)