Documentation
Includes
config.h
#include "config.h"
MBEDTLS_CONFIG_FILE
#include MBEDTLS_CONFIG_FILE
asn1.h
#include "asn1.h"
pk.h
#include "pk.h"
rsa.h
#include "rsa.h"
Macros
Marco MBEDTLS_X509_H
#define MBEDTLS_X509_H
#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
Marco MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -8320 /**< Unavailable feature, e.g. RSA hashing/encryption combination. */
Marco MBEDTLS_ERR_X509_UNKNOWN_OID
#define MBEDTLS_ERR_X509_UNKNOWN_OID -8448 /**< Requested OID is unknown. */
#define MBEDTLS_ERR_X509_INVALID_FORMAT -8576 /**< The CRT/CRL/CSR format is invalid, e.g. different type expected. */
Marco MBEDTLS_ERR_X509_INVALID_VERSION
#define MBEDTLS_ERR_X509_INVALID_VERSION -8704 /**< The CRT/CRL/CSR version element is invalid. */
Marco MBEDTLS_ERR_X509_INVALID_SERIAL
#define MBEDTLS_ERR_X509_INVALID_SERIAL -8832 /**< The serial tag or value is invalid. */
Marco MBEDTLS_ERR_X509_INVALID_ALG
#define MBEDTLS_ERR_X509_INVALID_ALG -8960 /**< The algorithm tag or value is invalid. */
Marco MBEDTLS_ERR_X509_INVALID_NAME
#define MBEDTLS_ERR_X509_INVALID_NAME -9088 /**< The name tag or value is invalid. */
Marco MBEDTLS_ERR_X509_INVALID_DATE
#define MBEDTLS_ERR_X509_INVALID_DATE -9216 /**< The date tag or value is invalid. */
Marco MBEDTLS_ERR_X509_INVALID_SIGNATURE
#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -9344 /**< The signature tag or value invalid. */
Marco MBEDTLS_ERR_X509_INVALID_EXTENSIONS
#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -9472 /**< The extension tag or value is invalid. */
Marco MBEDTLS_ERR_X509_UNKNOWN_VERSION
#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -9600 /**< CRT/CRL/CSR has an unsupported version number. */
Marco MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -9728 /**< Signature algorithm (oid) is unsupported. */
Marco MBEDTLS_ERR_X509_SIG_MISMATCH
#define MBEDTLS_ERR_X509_SIG_MISMATCH -9856 /**< Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
Marco MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -9984 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -10112 /**< Format not recognized as DER or PEM. */
#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -10240 /**< Input invalid. */
Marco MBEDTLS_ERR_X509_ALLOC_FAILED
#define MBEDTLS_ERR_X509_ALLOC_FAILED -10368 /**< Allocation of memory failed. */
Marco MBEDTLS_ERR_X509_FILE_IO_ERROR
#define MBEDTLS_ERR_X509_FILE_IO_ERROR -10496 /**< Read/write of file failed. */
Marco MBEDTLS_ERR_X509_BUFFER_TOO_SMALL
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -10624 /**< Destination buffer is too small. */
Marco MBEDTLS_ERR_X509_FATAL_ERROR
#define MBEDTLS_ERR_X509_FATAL_ERROR -12288 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */
Marco MBEDTLS_X509_BADCERT_EXPIRED
#define MBEDTLS_X509_BADCERT_EXPIRED 1 /**< The certificate validity has expired. */
Marco MBEDTLS_X509_BADCERT_REVOKED
#define MBEDTLS_X509_BADCERT_REVOKED 2 /**< The certificate has been revoked (is on a CRL). */
Marco MBEDTLS_X509_BADCERT_CN_MISMATCH
#define MBEDTLS_X509_BADCERT_CN_MISMATCH 4 /**< The certificate Common Name (CN) does not match with the expected CN. */
Marco MBEDTLS_X509_BADCERT_NOT_TRUSTED
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 8 /**< The certificate is not correctly signed by the trusted CA. */
Marco MBEDTLS_X509_BADCRL_NOT_TRUSTED
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 16 /**< The CRL is not correctly signed by the trusted CA. */
Marco MBEDTLS_X509_BADCRL_EXPIRED
#define MBEDTLS_X509_BADCRL_EXPIRED 32 /**< The CRL is expired. */
Marco MBEDTLS_X509_BADCERT_MISSING
#define MBEDTLS_X509_BADCERT_MISSING 64 /**< Certificate was missing. */
Marco MBEDTLS_X509_BADCERT_SKIP_VERIFY
#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 128 /**< Certificate verification was skipped. */
Marco MBEDTLS_X509_BADCERT_OTHER
#define MBEDTLS_X509_BADCERT_OTHER 256 /**< Other reason (can be used by verify callback) */
Marco MBEDTLS_X509_BADCERT_FUTURE
#define MBEDTLS_X509_BADCERT_FUTURE 512 /**< The certificate validity starts in the future. */
Marco MBEDTLS_X509_BADCRL_FUTURE
#define MBEDTLS_X509_BADCRL_FUTURE 1024 /**< The CRL is from the future */
Marco MBEDTLS_X509_BADCERT_KEY_USAGE
#define MBEDTLS_X509_BADCERT_KEY_USAGE 2048 /**< Usage does not match the keyUsage extension. */
Marco MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 4096 /**< Usage does not match the extendedKeyUsage extension. */
Marco MBEDTLS_X509_BADCERT_NS_CERT_TYPE
#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 8192 /**< Usage does not match the nsCertType extension. */
Marco MBEDTLS_X509_BADCERT_BAD_MD
#define MBEDTLS_X509_BADCERT_BAD_MD 16384 /**< The certificate is signed with an unacceptable hash. */
Marco MBEDTLS_X509_BADCERT_BAD_PK
#define MBEDTLS_X509_BADCERT_BAD_PK 32768 /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
Marco MBEDTLS_X509_BADCERT_BAD_KEY
#define MBEDTLS_X509_BADCERT_BAD_KEY 65536 /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
Marco MBEDTLS_X509_BADCRL_BAD_MD
#define MBEDTLS_X509_BADCRL_BAD_MD 131072 /**< The CRL is signed with an unacceptable hash. */
Marco MBEDTLS_X509_BADCRL_BAD_PK
#define MBEDTLS_X509_BADCRL_BAD_PK 262144 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
Marco MBEDTLS_X509_BADCRL_BAD_KEY
#define MBEDTLS_X509_BADCRL_BAD_KEY 524288 /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
Marco MBEDTLS_X509_KU_DIGITAL_SIGNATURE
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (128) /* bit 0 */
Marco MBEDTLS_X509_KU_NON_REPUDIATION
#define MBEDTLS_X509_KU_NON_REPUDIATION (64) /* bit 1 */
Marco MBEDTLS_X509_KU_KEY_ENCIPHERMENT
#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (32) /* bit 2 */
Marco MBEDTLS_X509_KU_DATA_ENCIPHERMENT
#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (16) /* bit 3 */
Marco MBEDTLS_X509_KU_KEY_AGREEMENT
#define MBEDTLS_X509_KU_KEY_AGREEMENT (8) /* bit 4 */
Marco MBEDTLS_X509_KU_KEY_CERT_SIGN
#define MBEDTLS_X509_KU_KEY_CERT_SIGN (4) /* bit 5 */
Marco MBEDTLS_X509_KU_CRL_SIGN
#define MBEDTLS_X509_KU_CRL_SIGN (2) /* bit 6 */
Marco MBEDTLS_X509_KU_ENCIPHER_ONLY
#define MBEDTLS_X509_KU_ENCIPHER_ONLY (1) /* bit 7 */
Marco MBEDTLS_X509_KU_DECIPHER_ONLY
#define MBEDTLS_X509_KU_DECIPHER_ONLY (32768) /* bit 8 */
Marco MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (128) /* bit 0 */
Marco MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (64) /* bit 1 */
Marco MBEDTLS_X509_NS_CERT_TYPE_EMAIL
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (32) /* bit 2 */
Marco MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (16) /* bit 3 */
Marco MBEDTLS_X509_NS_CERT_TYPE_RESERVED
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (8) /* bit 4 */
Marco MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (4) /* bit 5 */
Marco MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (2) /* bit 6 */
Marco MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (1) /* bit 7 */
Marco MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
Marco MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
Marco MBEDTLS_X509_EXT_KEY_USAGE
#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2)
Marco MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
Marco MBEDTLS_X509_EXT_POLICY_MAPPINGS
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4)
Marco MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */
Marco MBEDTLS_X509_EXT_ISSUER_ALT_NAME
#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME (1 << 6)
Marco MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
Marco MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */
Marco MBEDTLS_X509_EXT_NAME_CONSTRAINTS
#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS (1 << 9)
Marco MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
Marco MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
Marco MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
Marco MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
Marco MBEDTLS_X509_EXT_FRESHEST_CRL
#define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14)
Marco MBEDTLS_X509_EXT_NS_CERT_TYPE
#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16)
#define MBEDTLS_X509_FORMAT_DER 1
#define MBEDTLS_X509_FORMAT_PEM 2
Marco MBEDTLS_X509_MAX_DN_NAME_SIZE
#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256 /**< Maximum value size of a DN entry */
Marco MBEDTLS_X509_SAFE_SNPRINTF
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
if( ret < 0 || (size_t) ret >= n ) \
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); \
\
n -= (size_t) ret; \
p += (size_t) ret; \
} while( 0 )
Functions
Func mbedtls_x509_dn_gets
int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
Func mbedtls_x509_serial_gets
int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
Func mbedtls_x509_time_is_past
int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
Func mbedtls_x509_time_is_future
int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
Func mbedtls_x509_self_test
int mbedtls_x509_self_test( int verbose );
Func mbedtls_x509_get_name
int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
mbedtls_x509_name *cur );
Func mbedtls_x509_get_alg_null
int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *alg );
Func mbedtls_x509_get_alg
int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
Func mbedtls_x509_get_rsassa_pss_params
int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
int *salt_len );
Func mbedtls_x509_get_sig
int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
Func mbedtls_x509_get_sig_alg
int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
void **sig_opts );
Func mbedtls_x509_get_time
int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
mbedtls_x509_time *t );
Func mbedtls_x509_get_serial
int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *serial );
Func mbedtls_x509_get_ext
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag );
Func mbedtls_x509_sig_alg_gets
int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
const void *sig_opts );
Func mbedtls_x509_key_size_helper
int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
Func mbedtls_x509_string_to_names
int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
Func mbedtls_x509_set_extension
int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
int critical, const unsigned char *val,
size_t val_len );
Func mbedtls_x509_write_extensions
int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
mbedtls_asn1_named_data *first );
Func mbedtls_x509_write_names
int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
mbedtls_asn1_named_data *first );
Func mbedtls_x509_write_sig
int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
unsigned char *sig, size_t size );
Vars
Consts
Types
Typedefs
Typedef mbedtls_x509_buf
typedef mbedtls_asn1_buf mbedtls_x509_buf;
Typedef mbedtls_x509_bitstring
typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring;
Typedef mbedtls_x509_name
typedef mbedtls_asn1_named_data mbedtls_x509_name;
Typedef mbedtls_x509_sequence
typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
Typedef
mbedtls_x509_time;
typedef struct mbedtls_x509_time
{
int year, mon, day; /**< Date. */
int hour, min, sec; /**< Time. */
}
mbedtls_x509_time;