1 /** 2 * \file x509_crt.h 3 * 4 * \brief X.509 certificate parsing and writing 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 9 * 10 * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 * not use this file except in compliance with the License. 12 * You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, software 17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 * See the License for the specific language governing permissions and 20 * limitations under the License. 21 */ 22 #ifndef MBEDTLS_X509_CRT_H 23 #define MBEDTLS_X509_CRT_H 24 25 #if !defined(MBEDTLS_CONFIG_FILE) 26 #include "mbedtls/config.h" 27 #else 28 #include MBEDTLS_CONFIG_FILE 29 #endif 30 31 #include "mbedtls/x509.h" 32 #include "mbedtls/x509_crl.h" 33 #include "mbedtls/bignum.h" 34 35 /** 36 * \addtogroup x509_module 37 * \{ 38 */ 39 40 #ifdef __cplusplus 41 extern "C" { 42 #endif 43 44 /** 45 * \name Structures and functions for parsing and writing X.509 certificates 46 * \{ 47 */ 48 49 /** 50 * Container for an X.509 certificate. The certificate may be chained. 51 */ 52 typedef struct mbedtls_x509_crt 53 { 54 int own_buffer; /**< Indicates if \c raw is owned 55 * by the structure or not. */ 56 mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ 57 mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ 58 59 int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */ 60 mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */ 61 mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */ 62 63 mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */ 64 mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */ 65 66 mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ 67 mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ 68 69 mbedtls_x509_time valid_from; /**< Start time of certificate validity. */ 70 mbedtls_x509_time valid_to; /**< End time of certificate validity. */ 71 72 mbedtls_x509_buf pk_raw; 73 mbedtls_pk_context pk; /**< Container for the public key context. */ 74 75 mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ 76 mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ 77 mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ 78 mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ 79 80 mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ 81 82 int ext_types; /**< Bit string containing detected and parsed extensions */ 83 int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ 84 int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ 85 86 unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ 87 88 mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */ 89 90 unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */ 91 92 mbedtls_x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */ 93 mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ 94 mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ 95 void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ 96 97 struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */ 98 } 99 mbedtls_x509_crt; 100 101 /** 102 * From RFC 5280 section 4.2.1.6: 103 * OtherName ::= SEQUENCE { 104 * type-id OBJECT IDENTIFIER, 105 * value [0] EXPLICIT ANY DEFINED BY type-id } 106 */ 107 typedef struct mbedtls_x509_san_other_name 108 { 109 /** 110 * The type_id is an OID as deifned in RFC 5280. 111 * To check the value of the type id, you should use 112 * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. 113 */ 114 mbedtls_x509_buf type_id; /**< The type id. */ 115 union 116 { 117 /** 118 * From RFC 4108 section 5: 119 * HardwareModuleName ::= SEQUENCE { 120 * hwType OBJECT IDENTIFIER, 121 * hwSerialNum OCTET STRING } 122 */ 123 struct 124 { 125 mbedtls_x509_buf oid; /**< The object identifier. */ 126 mbedtls_x509_buf val; /**< The named value. */ 127 } 128 hardware_module_name; 129 } 130 value; 131 } 132 mbedtls_x509_san_other_name; 133 134 /** 135 * A structure for holding the parsed Subject Alternative Name, according to type 136 */ 137 typedef struct mbedtls_x509_subject_alternative_name 138 { 139 int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ 140 union { 141 mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ 142 mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */ 143 } 144 san; /**< A union of the supported SAN types */ 145 } 146 mbedtls_x509_subject_alternative_name; 147 148 /** 149 * Build flag from an algorithm/curve identifier (pk, md, ecp) 150 * Since 0 is always XXX_NONE, ignore it. 151 */ 152 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) ) 153 154 /** 155 * Security profile for certificate verification. 156 * 157 * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG(). 158 */ 159 typedef struct mbedtls_x509_crt_profile 160 { 161 uint32_t allowed_mds; /**< MDs for signatures */ 162 uint32_t allowed_pks; /**< PK algs for signatures */ 163 uint32_t allowed_curves; /**< Elliptic curves for ECDSA */ 164 uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */ 165 } 166 mbedtls_x509_crt_profile; 167 168 #define MBEDTLS_X509_CRT_VERSION_1 0 169 #define MBEDTLS_X509_CRT_VERSION_2 1 170 #define MBEDTLS_X509_CRT_VERSION_3 2 171 172 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32 173 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15 174 175 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN ) 176 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 177 #endif 178 179 /** 180 * Container for writing a certificate (CRT) 181 */ 182 typedef struct mbedtls_x509write_cert 183 { 184 int version; 185 mbedtls_mpi serial; 186 mbedtls_pk_context *subject_key; 187 mbedtls_pk_context *issuer_key; 188 mbedtls_asn1_named_data *subject; 189 mbedtls_asn1_named_data *issuer; 190 mbedtls_md_type_t md_alg; 191 char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; 192 char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; 193 mbedtls_asn1_named_data *extensions; 194 } 195 mbedtls_x509write_cert; 196 197 /** 198 * Item in a verification chain: cert and flags for it 199 */ 200 typedef struct { 201 mbedtls_x509_crt *crt; 202 uint32_t flags; 203 } mbedtls_x509_crt_verify_chain_item; 204 205 /** 206 * Max size of verification chain: end-entity + intermediates + trusted root 207 */ 208 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) 209 210 /** 211 * Verification chain as built by \c mbedtls_crt_verify_chain() 212 */ 213 typedef struct 214 { 215 mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; 216 unsigned len; 217 218 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 219 /* This stores the list of potential trusted signers obtained from 220 * the CA callback used for the CRT verification, if configured. 221 * We must track it somewhere because the callback passes its 222 * ownership to the caller. */ 223 mbedtls_x509_crt *trust_ca_cb_result; 224 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 225 } mbedtls_x509_crt_verify_chain; 226 227 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 228 229 /** 230 * \brief Context for resuming X.509 verify operations 231 */ 232 typedef struct 233 { 234 /* for check_signature() */ 235 mbedtls_pk_restart_ctx pk; 236 237 /* for find_parent_in() */ 238 mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */ 239 mbedtls_x509_crt *fallback_parent; 240 int fallback_signature_is_good; 241 242 /* for find_parent() */ 243 int parent_is_trusted; /* -1 if find_parent is not in progress */ 244 245 /* for verify_chain() */ 246 enum { 247 x509_crt_rs_none, 248 x509_crt_rs_find_parent, 249 } in_progress; /* none if no operation is in progress */ 250 int self_cnt; 251 mbedtls_x509_crt_verify_chain ver_chain; 252 253 } mbedtls_x509_crt_restart_ctx; 254 255 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 256 257 /* Now we can declare functions that take a pointer to that */ 258 typedef void mbedtls_x509_crt_restart_ctx; 259 260 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 261 262 #if defined(MBEDTLS_X509_CRT_PARSE_C) 263 /** 264 * Default security profile. Should provide a good balance between security 265 * and compatibility with current deployments. 266 */ 267 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default; 268 269 /** 270 * Expected next default profile. Recommended for new deployments. 271 * Currently targets a 128-bit security level, except for RSA-2048. 272 */ 273 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next; 274 275 /** 276 * NSA Suite B profile. 277 */ 278 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb; 279 280 /** 281 * \brief Parse a single DER formatted certificate and add it 282 * to the end of the provided chained list. 283 * 284 * \param chain The pointer to the start of the CRT chain to attach to. 285 * When parsing the first CRT in a chain, this should point 286 * to an instance of ::mbedtls_x509_crt initialized through 287 * mbedtls_x509_crt_init(). 288 * \param buf The buffer holding the DER encoded certificate. 289 * \param buflen The size in Bytes of \p buf. 290 * 291 * \note This function makes an internal copy of the CRT buffer 292 * \p buf. In particular, \p buf may be destroyed or reused 293 * after this call returns. To avoid duplicating the CRT 294 * buffer (at the cost of stricter lifetime constraints), 295 * use mbedtls_x509_crt_parse_der_nocopy() instead. 296 * 297 * \return \c 0 if successful. 298 * \return A negative error code on failure. 299 */ 300 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, 301 const unsigned char *buf, 302 size_t buflen ); 303 304 /** 305 * \brief The type of certificate extension callbacks. 306 * 307 * Callbacks of this type are passed to and used by the 308 * mbedtls_x509_crt_parse_der_with_ext_cb() routine when 309 * it encounters either an unsupported extension or a 310 * "certificate policies" extension containing any 311 * unsupported certificate policies. 312 * Future versions of the library may invoke the callback 313 * in other cases, if and when the need arises. 314 * 315 * \param p_ctx An opaque context passed to the callback. 316 * \param crt The certificate being parsed. 317 * \param oid The OID of the extension. 318 * \param critical Whether the extension is critical. 319 * \param p Pointer to the start of the extension value 320 * (the content of the OCTET STRING). 321 * \param end End of extension value. 322 * 323 * \note The callback must fail and return a negative error code 324 * if it can not parse or does not support the extension. 325 * When the callback fails to parse a critical extension 326 * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. 327 * When the callback fails to parse a non critical extension 328 * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips 329 * the extension and continues parsing. 330 * 331 * \return \c 0 on success. 332 * \return A negative error code on failure. 333 */ 334 typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, 335 mbedtls_x509_crt const *crt, 336 mbedtls_x509_buf const *oid, 337 int critical, 338 const unsigned char *p, 339 const unsigned char *end ); 340 341 /** 342 * \brief Parse a single DER formatted certificate and add it 343 * to the end of the provided chained list. 344 * 345 * \param chain The pointer to the start of the CRT chain to attach to. 346 * When parsing the first CRT in a chain, this should point 347 * to an instance of ::mbedtls_x509_crt initialized through 348 * mbedtls_x509_crt_init(). 349 * \param buf The buffer holding the DER encoded certificate. 350 * \param buflen The size in Bytes of \p buf. 351 * \param make_copy When not zero this function makes an internal copy of the 352 * CRT buffer \p buf. In particular, \p buf may be destroyed 353 * or reused after this call returns. 354 * When zero this function avoids duplicating the CRT buffer 355 * by taking temporary ownership thereof until the CRT 356 * is destroyed (like mbedtls_x509_crt_parse_der_nocopy()) 357 * \param cb A callback invoked for every unsupported certificate 358 * extension. 359 * \param p_ctx An opaque context passed to the callback. 360 * 361 * \note This call is functionally equivalent to 362 * mbedtls_x509_crt_parse_der(), and/or 363 * mbedtls_x509_crt_parse_der_nocopy() 364 * but it calls the callback with every unsupported 365 * certificate extension and additionally the 366 * "certificate policies" extension if it contains any 367 * unsupported certificate policies. 368 * The callback must return a negative error code if it 369 * does not know how to handle such an extension. 370 * When the callback fails to parse a critical extension 371 * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. 372 * When the callback fails to parse a non critical extension 373 * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips 374 * the extension and continues parsing. 375 * Future versions of the library may invoke the callback 376 * in other cases, if and when the need arises. 377 * 378 * \return \c 0 if successful. 379 * \return A negative error code on failure. 380 */ 381 int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, 382 const unsigned char *buf, 383 size_t buflen, 384 int make_copy, 385 mbedtls_x509_crt_ext_cb_t cb, 386 void *p_ctx ); 387 388 /** 389 * \brief Parse a single DER formatted certificate and add it 390 * to the end of the provided chained list. This is a 391 * variant of mbedtls_x509_crt_parse_der() which takes 392 * temporary ownership of the CRT buffer until the CRT 393 * is destroyed. 394 * 395 * \param chain The pointer to the start of the CRT chain to attach to. 396 * When parsing the first CRT in a chain, this should point 397 * to an instance of ::mbedtls_x509_crt initialized through 398 * mbedtls_x509_crt_init(). 399 * \param buf The address of the readable buffer holding the DER encoded 400 * certificate to use. On success, this buffer must be 401 * retained and not be changed for the liftetime of the 402 * CRT chain \p chain, that is, until \p chain is destroyed 403 * through a call to mbedtls_x509_crt_free(). 404 * \param buflen The size in Bytes of \p buf. 405 * 406 * \note This call is functionally equivalent to 407 * mbedtls_x509_crt_parse_der(), but it avoids creating a 408 * copy of the input buffer at the cost of stronger lifetime 409 * constraints. This is useful in constrained environments 410 * where duplication of the CRT cannot be tolerated. 411 * 412 * \return \c 0 if successful. 413 * \return A negative error code on failure. 414 */ 415 int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, 416 const unsigned char *buf, 417 size_t buflen ); 418 419 /** 420 * \brief Parse one DER-encoded or one or more concatenated PEM-encoded 421 * certificates and add them to the chained list. 422 * 423 * For CRTs in PEM encoding, the function parses permissively: 424 * if at least one certificate can be parsed, the function 425 * returns the number of certificates for which parsing failed 426 * (hence \c 0 if all certificates were parsed successfully). 427 * If no certificate could be parsed, the function returns 428 * the first (negative) error encountered during parsing. 429 * 430 * PEM encoded certificates may be interleaved by other data 431 * such as human readable descriptions of their content, as 432 * long as the certificates are enclosed in the PEM specific 433 * '-----{BEGIN/END} CERTIFICATE-----' delimiters. 434 * 435 * \param chain The chain to which to add the parsed certificates. 436 * \param buf The buffer holding the certificate data in PEM or DER format. 437 * For certificates in PEM encoding, this may be a concatenation 438 * of multiple certificates; for DER encoding, the buffer must 439 * comprise exactly one certificate. 440 * \param buflen The size of \p buf, including the terminating \c NULL byte 441 * in case of PEM encoded data. 442 * 443 * \return \c 0 if all certificates were parsed successfully. 444 * \return The (positive) number of certificates that couldn't 445 * be parsed if parsing was partly successful (see above). 446 * \return A negative X509 or PEM error code otherwise. 447 * 448 */ 449 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ); 450 451 #if defined(MBEDTLS_FS_IO) 452 /** 453 * \brief Load one or more certificates and add them 454 * to the chained list. Parses permissively. If some 455 * certificates can be parsed, the result is the number 456 * of failed certificates it encountered. If none complete 457 * correctly, the first error is returned. 458 * 459 * \param chain points to the start of the chain 460 * \param path filename to read the certificates from 461 * 462 * \return 0 if all certificates parsed successfully, a positive number 463 * if partly successful or a specific X509 or PEM error code 464 */ 465 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ); 466 467 /** 468 * \brief Load one or more certificate files from a path and add them 469 * to the chained list. Parses permissively. If some 470 * certificates can be parsed, the result is the number 471 * of failed certificates it encountered. If none complete 472 * correctly, the first error is returned. 473 * 474 * \param chain points to the start of the chain 475 * \param path directory / folder to read the certificate files from 476 * 477 * \return 0 if all certificates parsed successfully, a positive number 478 * if partly successful or a specific X509 or PEM error code 479 */ 480 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); 481 482 #endif /* MBEDTLS_FS_IO */ 483 /** 484 * \brief This function parses an item in the SubjectAlternativeNames 485 * extension. 486 * 487 * \param san_buf The buffer holding the raw data item of the subject 488 * alternative name. 489 * \param san The target structure to populate with the parsed presentation 490 * of the subject alternative name encoded in \p san_raw. 491 * 492 * \note Only "dnsName" and "otherName" of type hardware_module_name 493 * as defined in RFC 4180 is supported. 494 * 495 * \note This function should be called on a single raw data of 496 * subject alternative name. For example, after successful 497 * certificate parsing, one must iterate on every item in the 498 * \p crt->subject_alt_names sequence, and pass it to 499 * this function. 500 * 501 * \warning The target structure contains pointers to the raw data of the 502 * parsed certificate, and its lifetime is restricted by the 503 * lifetime of the certificate. 504 * 505 * \return \c 0 on success 506 * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported 507 * SAN type. 508 * \return Another negative value for any other failure. 509 */ 510 int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, 511 mbedtls_x509_subject_alternative_name *san ); 512 /** 513 * \brief Returns an informational string about the 514 * certificate. 515 * 516 * \param buf Buffer to write to 517 * \param size Maximum size of buffer 518 * \param prefix A line prefix 519 * \param crt The X509 certificate to represent 520 * 521 * \return The length of the string written (not including the 522 * terminated nul byte), or a negative error code. 523 */ 524 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, 525 const mbedtls_x509_crt *crt ); 526 527 /** 528 * \brief Returns an informational string about the 529 * verification status of a certificate. 530 * 531 * \param buf Buffer to write to 532 * \param size Maximum size of buffer 533 * \param prefix A line prefix 534 * \param flags Verification flags created by mbedtls_x509_crt_verify() 535 * 536 * \return The length of the string written (not including the 537 * terminated nul byte), or a negative error code. 538 */ 539 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, 540 uint32_t flags ); 541 542 /** 543 * \brief Verify a chain of certificates. 544 * 545 * The verify callback is a user-supplied callback that 546 * can clear / modify / add flags for a certificate. If set, 547 * the verification callback is called for each 548 * certificate in the chain (from the trust-ca down to the 549 * presented crt). The parameters for the callback are: 550 * (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, 551 * int *flags). With the flags representing current flags for 552 * that specific certificate and the certificate depth from 553 * the bottom (Peer cert depth = 0). 554 * 555 * All flags left after returning from the callback 556 * are also returned to the application. The function should 557 * return 0 for anything (including invalid certificates) 558 * other than fatal error, as a non-zero return code 559 * immediately aborts the verification process. For fatal 560 * errors, a specific error code should be used (different 561 * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not 562 * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR 563 * can be used if no better code is available. 564 * 565 * \note In case verification failed, the results can be displayed 566 * using \c mbedtls_x509_crt_verify_info() 567 * 568 * \note Same as \c mbedtls_x509_crt_verify_with_profile() with the 569 * default security profile. 570 * 571 * \note It is your responsibility to provide up-to-date CRLs for 572 * all trusted CAs. If no CRL is provided for the CA that was 573 * used to sign the certificate, CRL verification is skipped 574 * silently, that is *without* setting any flag. 575 * 576 * \note The \c trust_ca list can contain two types of certificates: 577 * (1) those of trusted root CAs, so that certificates 578 * chaining up to those CAs will be trusted, and (2) 579 * self-signed end-entity certificates to be trusted (for 580 * specific peers you know) - in that case, the self-signed 581 * certificate doesn't need to have the CA bit set. 582 * 583 * \param crt The certificate chain to be verified. 584 * \param trust_ca The list of trusted CAs. 585 * \param ca_crl The list of CRLs for trusted CAs. 586 * \param cn The expected Common Name. This will be checked to be 587 * present in the certificate's subjectAltNames extension or, 588 * if this extension is absent, as a CN component in its 589 * Subject name. Currently only DNS names are supported. This 590 * may be \c NULL if the CN need not be verified. 591 * \param flags The address at which to store the result of the verification. 592 * If the verification couldn't be completed, the flag value is 593 * set to (uint32_t) -1. 594 * \param f_vrfy The verification callback to use. See the documentation 595 * of mbedtls_x509_crt_verify() for more information. 596 * \param p_vrfy The context to be passed to \p f_vrfy. 597 * 598 * \return \c 0 if the chain is valid with respect to the 599 * passed CN, CAs, CRLs and security profile. 600 * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the 601 * certificate chain verification failed. In this case, 602 * \c *flags will have one or more 603 * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX 604 * flags set. 605 * \return Another negative error code in case of a fatal error 606 * encountered during the verification process. 607 */ 608 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, 609 mbedtls_x509_crt *trust_ca, 610 mbedtls_x509_crl *ca_crl, 611 const char *cn, uint32_t *flags, 612 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 613 void *p_vrfy ); 614 615 /** 616 * \brief Verify a chain of certificates with respect to 617 * a configurable security profile. 618 * 619 * \note Same as \c mbedtls_x509_crt_verify(), but with explicit 620 * security profile. 621 * 622 * \note The restrictions on keys (RSA minimum size, allowed curves 623 * for ECDSA) apply to all certificates: trusted root, 624 * intermediate CAs if any, and end entity certificate. 625 * 626 * \param crt The certificate chain to be verified. 627 * \param trust_ca The list of trusted CAs. 628 * \param ca_crl The list of CRLs for trusted CAs. 629 * \param profile The security profile to use for the verification. 630 * \param cn The expected Common Name. This may be \c NULL if the 631 * CN need not be verified. 632 * \param flags The address at which to store the result of the verification. 633 * If the verification couldn't be completed, the flag value is 634 * set to (uint32_t) -1. 635 * \param f_vrfy The verification callback to use. See the documentation 636 * of mbedtls_x509_crt_verify() for more information. 637 * \param p_vrfy The context to be passed to \p f_vrfy. 638 * 639 * \return \c 0 if the chain is valid with respect to the 640 * passed CN, CAs, CRLs and security profile. 641 * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the 642 * certificate chain verification failed. In this case, 643 * \c *flags will have one or more 644 * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX 645 * flags set. 646 * \return Another negative error code in case of a fatal error 647 * encountered during the verification process. 648 */ 649 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, 650 mbedtls_x509_crt *trust_ca, 651 mbedtls_x509_crl *ca_crl, 652 const mbedtls_x509_crt_profile *profile, 653 const char *cn, uint32_t *flags, 654 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 655 void *p_vrfy ); 656 657 /** 658 * \brief Restartable version of \c mbedtls_crt_verify_with_profile() 659 * 660 * \note Performs the same job as \c mbedtls_crt_verify_with_profile() 661 * but can return early and restart according to the limit 662 * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. 663 * 664 * \param crt The certificate chain to be verified. 665 * \param trust_ca The list of trusted CAs. 666 * \param ca_crl The list of CRLs for trusted CAs. 667 * \param profile The security profile to use for the verification. 668 * \param cn The expected Common Name. This may be \c NULL if the 669 * CN need not be verified. 670 * \param flags The address at which to store the result of the verification. 671 * If the verification couldn't be completed, the flag value is 672 * set to (uint32_t) -1. 673 * \param f_vrfy The verification callback to use. See the documentation 674 * of mbedtls_x509_crt_verify() for more information. 675 * \param p_vrfy The context to be passed to \p f_vrfy. 676 * \param rs_ctx The restart context to use. This may be set to \c NULL 677 * to disable restartable ECC. 678 * 679 * \return See \c mbedtls_crt_verify_with_profile(), or 680 * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of 681 * operations was reached: see \c mbedtls_ecp_set_max_ops(). 682 */ 683 int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, 684 mbedtls_x509_crt *trust_ca, 685 mbedtls_x509_crl *ca_crl, 686 const mbedtls_x509_crt_profile *profile, 687 const char *cn, uint32_t *flags, 688 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 689 void *p_vrfy, 690 mbedtls_x509_crt_restart_ctx *rs_ctx ); 691 692 /** 693 * \brief The type of trusted certificate callbacks. 694 * 695 * Callbacks of this type are passed to and used by the CRT 696 * verification routine mbedtls_x509_crt_verify_with_ca_cb() 697 * when looking for trusted signers of a given certificate. 698 * 699 * On success, the callback returns a list of trusted 700 * certificates to be considered as potential signers 701 * for the input certificate. 702 * 703 * \param p_ctx An opaque context passed to the callback. 704 * \param child The certificate for which to search a potential signer. 705 * This will point to a readable certificate. 706 * \param candidate_cas The address at which to store the address of the first 707 * entry in the generated linked list of candidate signers. 708 * This will not be \c NULL. 709 * 710 * \note The callback must only return a non-zero value on a 711 * fatal error. If, in contrast, the search for a potential 712 * signer completes without a single candidate, the 713 * callback must return \c 0 and set \c *candidate_cas 714 * to \c NULL. 715 * 716 * \return \c 0 on success. In this case, \c *candidate_cas points 717 * to a heap-allocated linked list of instances of 718 * ::mbedtls_x509_crt, and ownership of this list is passed 719 * to the caller. 720 * \return A negative error code on failure. 721 */ 722 typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx, 723 mbedtls_x509_crt const *child, 724 mbedtls_x509_crt **candidate_cas ); 725 726 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 727 /** 728 * \brief Version of \c mbedtls_x509_crt_verify_with_profile() which 729 * uses a callback to acquire the list of trusted CA 730 * certificates. 731 * 732 * \param crt The certificate chain to be verified. 733 * \param f_ca_cb The callback to be used to query for potential signers 734 * of a given child certificate. See the documentation of 735 * ::mbedtls_x509_crt_ca_cb_t for more information. 736 * \param p_ca_cb The opaque context to be passed to \p f_ca_cb. 737 * \param profile The security profile for the verification. 738 * \param cn The expected Common Name. This may be \c NULL if the 739 * CN need not be verified. 740 * \param flags The address at which to store the result of the verification. 741 * If the verification couldn't be completed, the flag value is 742 * set to (uint32_t) -1. 743 * \param f_vrfy The verification callback to use. See the documentation 744 * of mbedtls_x509_crt_verify() for more information. 745 * \param p_vrfy The context to be passed to \p f_vrfy. 746 * 747 * \return See \c mbedtls_crt_verify_with_profile(). 748 */ 749 int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, 750 mbedtls_x509_crt_ca_cb_t f_ca_cb, 751 void *p_ca_cb, 752 const mbedtls_x509_crt_profile *profile, 753 const char *cn, uint32_t *flags, 754 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 755 void *p_vrfy ); 756 757 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 758 759 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 760 /** 761 * \brief Check usage of certificate against keyUsage extension. 762 * 763 * \param crt Leaf certificate used. 764 * \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT 765 * before using the certificate to perform an RSA key 766 * exchange). 767 * 768 * \note Except for decipherOnly and encipherOnly, a bit set in the 769 * usage argument means this bit MUST be set in the 770 * certificate. For decipherOnly and encipherOnly, it means 771 * that bit MAY be set. 772 * 773 * \return 0 is these uses of the certificate are allowed, 774 * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension 775 * is present but does not match the usage argument. 776 * 777 * \note You should only call this function on leaf certificates, on 778 * (intermediate) CAs the keyUsage extension is automatically 779 * checked by \c mbedtls_x509_crt_verify(). 780 */ 781 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, 782 unsigned int usage ); 783 #endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */ 784 785 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) 786 /** 787 * \brief Check usage of certificate against extendedKeyUsage. 788 * 789 * \param crt Leaf certificate used. 790 * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or 791 * MBEDTLS_OID_CLIENT_AUTH). 792 * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). 793 * 794 * \return 0 if this use of the certificate is allowed, 795 * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. 796 * 797 * \note Usually only makes sense on leaf certificates. 798 */ 799 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, 800 const char *usage_oid, 801 size_t usage_len ); 802 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ 803 804 #if defined(MBEDTLS_X509_CRL_PARSE_C) 805 /** 806 * \brief Verify the certificate revocation status 807 * 808 * \param crt a certificate to be verified 809 * \param crl the CRL to verify against 810 * 811 * \return 1 if the certificate is revoked, 0 otherwise 812 * 813 */ 814 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ); 815 #endif /* MBEDTLS_X509_CRL_PARSE_C */ 816 817 /** 818 * \brief Initialize a certificate (chain) 819 * 820 * \param crt Certificate chain to initialize 821 */ 822 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ); 823 824 /** 825 * \brief Unallocate all certificate data 826 * 827 * \param crt Certificate chain to free 828 */ 829 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ); 830 831 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 832 /** 833 * \brief Initialize a restart context 834 */ 835 void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ); 836 837 /** 838 * \brief Free the components of a restart context 839 */ 840 void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ); 841 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 842 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 843 844 /* \} name */ 845 /* \} addtogroup x509_module */ 846 847 #if defined(MBEDTLS_X509_CRT_WRITE_C) 848 /** 849 * \brief Initialize a CRT writing context 850 * 851 * \param ctx CRT context to initialize 852 */ 853 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ); 854 855 /** 856 * \brief Set the verion for a Certificate 857 * Default: MBEDTLS_X509_CRT_VERSION_3 858 * 859 * \param ctx CRT context to use 860 * \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or 861 * MBEDTLS_X509_CRT_VERSION_3) 862 */ 863 void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ); 864 865 /** 866 * \brief Set the serial number for a Certificate. 867 * 868 * \param ctx CRT context to use 869 * \param serial serial number to set 870 * 871 * \return 0 if successful 872 */ 873 int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial ); 874 875 /** 876 * \brief Set the validity period for a Certificate 877 * Timestamps should be in string format for UTC timezone 878 * i.e. "YYYYMMDDhhmmss" 879 * e.g. "20131231235959" for December 31st 2013 880 * at 23:59:59 881 * 882 * \param ctx CRT context to use 883 * \param not_before not_before timestamp 884 * \param not_after not_after timestamp 885 * 886 * \return 0 if timestamp was parsed successfully, or 887 * a specific error code 888 */ 889 int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before, 890 const char *not_after ); 891 892 /** 893 * \brief Set the issuer name for a Certificate 894 * Issuer names should contain a comma-separated list 895 * of OID types and values: 896 * e.g. "C=UK,O=ARM,CN=mbed TLS CA" 897 * 898 * \param ctx CRT context to use 899 * \param issuer_name issuer name to set 900 * 901 * \return 0 if issuer name was parsed successfully, or 902 * a specific error code 903 */ 904 int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, 905 const char *issuer_name ); 906 907 /** 908 * \brief Set the subject name for a Certificate 909 * Subject names should contain a comma-separated list 910 * of OID types and values: 911 * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1" 912 * 913 * \param ctx CRT context to use 914 * \param subject_name subject name to set 915 * 916 * \return 0 if subject name was parsed successfully, or 917 * a specific error code 918 */ 919 int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx, 920 const char *subject_name ); 921 922 /** 923 * \brief Set the subject public key for the certificate 924 * 925 * \param ctx CRT context to use 926 * \param key public key to include 927 */ 928 void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ); 929 930 /** 931 * \brief Set the issuer key used for signing the certificate 932 * 933 * \param ctx CRT context to use 934 * \param key private key to sign with 935 */ 936 void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ); 937 938 /** 939 * \brief Set the MD algorithm to use for the signature 940 * (e.g. MBEDTLS_MD_SHA1) 941 * 942 * \param ctx CRT context to use 943 * \param md_alg MD algorithm to use 944 */ 945 void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg ); 946 947 /** 948 * \brief Generic function to add to or replace an extension in the 949 * CRT 950 * 951 * \param ctx CRT context to use 952 * \param oid OID of the extension 953 * \param oid_len length of the OID 954 * \param critical if the extension is critical (per the RFC's definition) 955 * \param val value of the extension OCTET STRING 956 * \param val_len length of the value data 957 * 958 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 959 */ 960 int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, 961 const char *oid, size_t oid_len, 962 int critical, 963 const unsigned char *val, size_t val_len ); 964 965 /** 966 * \brief Set the basicConstraints extension for a CRT 967 * 968 * \param ctx CRT context to use 969 * \param is_ca is this a CA certificate 970 * \param max_pathlen maximum length of certificate chains below this 971 * certificate (only for CA certificates, -1 is 972 * inlimited) 973 * 974 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 975 */ 976 int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, 977 int is_ca, int max_pathlen ); 978 979 #if defined(MBEDTLS_SHA1_C) 980 /** 981 * \brief Set the subjectKeyIdentifier extension for a CRT 982 * Requires that mbedtls_x509write_crt_set_subject_key() has been 983 * called before 984 * 985 * \param ctx CRT context to use 986 * 987 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 988 */ 989 int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx ); 990 991 /** 992 * \brief Set the authorityKeyIdentifier extension for a CRT 993 * Requires that mbedtls_x509write_crt_set_issuer_key() has been 994 * called before 995 * 996 * \param ctx CRT context to use 997 * 998 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 999 */ 1000 int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ); 1001 #endif /* MBEDTLS_SHA1_C */ 1002 1003 /** 1004 * \brief Set the Key Usage Extension flags 1005 * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN) 1006 * 1007 * \param ctx CRT context to use 1008 * \param key_usage key usage flags to set 1009 * 1010 * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED 1011 */ 1012 int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, 1013 unsigned int key_usage ); 1014 1015 /** 1016 * \brief Set the Netscape Cert Type flags 1017 * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL) 1018 * 1019 * \param ctx CRT context to use 1020 * \param ns_cert_type Netscape Cert Type flags to set 1021 * 1022 * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED 1023 */ 1024 int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, 1025 unsigned char ns_cert_type ); 1026 1027 /** 1028 * \brief Free the contents of a CRT write context 1029 * 1030 * \param ctx CRT context to free 1031 */ 1032 void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ); 1033 1034 /** 1035 * \brief Write a built up certificate to a X509 DER structure 1036 * Note: data is written at the end of the buffer! Use the 1037 * return value to determine where you should start 1038 * using the buffer 1039 * 1040 * \param ctx certificate to write away 1041 * \param buf buffer to write to 1042 * \param size size of the buffer 1043 * \param f_rng RNG function (for signature, see note) 1044 * \param p_rng RNG parameter 1045 * 1046 * \return length of data written if successful, or a specific 1047 * error code 1048 * 1049 * \note f_rng may be NULL if RSA is used for signature and the 1050 * signature is made offline (otherwise f_rng is desirable 1051 * for countermeasures against timing attacks). 1052 * ECDSA signatures always require a non-NULL f_rng. 1053 */ 1054 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, 1055 int (*f_rng)(void *, unsigned char *, size_t), 1056 void *p_rng ); 1057 1058 #if defined(MBEDTLS_PEM_WRITE_C) 1059 /** 1060 * \brief Write a built up certificate to a X509 PEM string 1061 * 1062 * \param ctx certificate to write away 1063 * \param buf buffer to write to 1064 * \param size size of the buffer 1065 * \param f_rng RNG function (for signature, see note) 1066 * \param p_rng RNG parameter 1067 * 1068 * \return 0 if successful, or a specific error code 1069 * 1070 * \note f_rng may be NULL if RSA is used for signature and the 1071 * signature is made offline (otherwise f_rng is desirable 1072 * for countermeasures against timing attacks). 1073 * ECDSA signatures always require a non-NULL f_rng. 1074 */ 1075 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, 1076 int (*f_rng)(void *, unsigned char *, size_t), 1077 void *p_rng ); 1078 #endif /* MBEDTLS_PEM_WRITE_C */ 1079 #endif /* MBEDTLS_X509_CRT_WRITE_C */ 1080 1081 #ifdef __cplusplus 1082 } 1083 #endif 1084 1085 #endif /* mbedtls_x509_crt.h */ 1086
