23 #ifndef MBEDTLS_X509_CRT_H
24 #define MBEDTLS_X509_CRT_H
26 #if !defined(MBEDTLS_CONFIG_FILE)
29 #include MBEDTLS_CONFIG_FILE
100 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) )
116 #define MBEDTLS_X509_CRT_VERSION_1 0
117 #define MBEDTLS_X509_CRT_VERSION_2 1
118 #define MBEDTLS_X509_CRT_VERSION_3 2
120 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
121 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
141 #if defined(MBEDTLS_X509_CRT_PARSE_C)
169 int mbedtls_x509_crt_parse_der(
mbedtls_x509_crt *chain,
const unsigned char *buf,
187 int mbedtls_x509_crt_parse(
mbedtls_x509_crt *chain,
const unsigned char *buf,
size_t buflen );
189 #if defined(MBEDTLS_FS_IO)
203 int mbedtls_x509_crt_parse_file(
mbedtls_x509_crt *chain,
const char *path );
218 int mbedtls_x509_crt_parse_path(
mbedtls_x509_crt *chain,
const char *path );
233 int mbedtls_x509_crt_info(
char *buf,
size_t size,
const char *prefix,
248 int mbedtls_x509_crt_verify_info(
char *buf,
size_t size,
const char *prefix,
293 const char *cn, uint32_t *flags,
328 const char *cn, uint32_t *flags,
332 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
355 unsigned int usage );
358 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
372 const char *usage_oid,
376 #if defined(MBEDTLS_X509_CRL_PARSE_C)
407 #if defined(MBEDTLS_X509_CRT_WRITE_C)
450 const char *not_after );
465 const char *issuer_name );
480 const char *subject_name );
521 const char *oid,
size_t oid_len,
523 const unsigned char *val,
size_t val_len );
537 int is_ca,
int max_pathlen );
539 #if defined(MBEDTLS_SHA1_C)
573 unsigned int key_usage );
585 unsigned char ns_cert_type );
615 int (*f_rng)(
void *,
unsigned char *,
size_t),
618 #if defined(MBEDTLS_PEM_WRITE_C)
636 int (*f_rng)(
void *,
unsigned char *,
size_t),
mbedtls_x509_sequence subject_alt_names
Optional list of Subject Alternative Names (Only dNSName supported).
int ext_types
Bit string containing detected and parsed extensions.
uint32_t allowed_curves
Elliptic curves for ECDSA.
Certificate revocation list structure.
mbedtls_pk_type_t
Public key types.
Compatibility names (set of defines)
char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
struct mbedtls_x509_crt * next
Next certificate in the CA-chain.
Container for a sequence of ASN.1 items.
mbedtls_x509_name issuer
The parsed issuer data (named information object).
mbedtls_x509_buf subject_id
Optional X.509 v2/v3 subject unique identifier.
struct mbedtls_x509write_cert mbedtls_x509write_cert
Container for writing a certificate (CRT)
mbedtls_x509_buf tbs
The raw certificate body (DER).
Container for a sequence or list of 'named' ASN.1 data items.
mbedtls_x509_buf subject_raw
The raw subject data (DER).
mbedtls_x509_buf sig_oid
Signature algorithm, e.g.
mbedtls_x509_buf issuer_raw
The raw issuer data (DER).
mbedtls_x509_name subject
The parsed subject data (named information object).
mbedtls_x509_time valid_to
End time of certificate validity.
unsigned char ns_cert_type
Optional Netscape certificate type extension value: See the values in x509.h.
Type-length-value structure that allows for ASN1 using DER.
Container for date and time (precision in seconds).
Container for writing a certificate (CRT)
mbedtls_x509_buf serial
Unique id for certificate issued by a specific CA.
uint32_t rsa_min_bitlen
Minimum size for RSA keys.
mbedtls_x509_time valid_from
Start time of certificate validity.
mbedtls_x509_buf raw
The raw certificate data (DER).
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN
mbedtls_pk_context * subject_key
mbedtls_pk_type_t sig_pk
Internal representation of the Public Key algorithm of the signature algorithm, e.g.
X.509 generic defines and structures.
mbedtls_asn1_named_data * subject
mbedtls_pk_context * issuer_key
void * sig_opts
Signature options to be passed to mbedtls_pk_verify_ext(), e.g.
char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN+1]
mbedtls_x509_buf issuer_id
Optional X.509 v2/v3 issuer unique identifier.
X.509 certificate revocation list parsing.
Container for an X.509 certificate.
struct mbedtls_x509_crt mbedtls_x509_crt
Container for an X.509 certificate.
mbedtls_x509_sequence ext_key_usage
Optional list of extended key usage OIDs.
int max_pathlen
Optional Basic Constraint extension value: The maximum path length to the root certificate.
Security profile for certificate verification.
mbedtls_asn1_named_data * extensions
unsigned int key_usage
Optional key usage extension value: See the values in x509.h.
uint32_t allowed_pks
PK algs for signatures.
uint32_t allowed_mds
MDs for signatures.
mbedtls_pk_context pk
Container for the public key context.
mbedtls_x509_buf sig
Signature: hash of the tbs part signed with the private key.
mbedtls_asn1_named_data * issuer
mbedtls_x509_buf v3_ext
Optional X.509 v3 extensions.
int ca_istrue
Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise...
int version
The X.509 version.
mbedtls_md_type_t sig_md
Internal representation of the MD algorithm of the signature algorithm, e.g.