1 /** 2 * \file x509_crt.h 3 * 4 * \brief X.509 certificate parsing and writing 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 9 * 10 * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 * not use this file except in compliance with the License. 12 * You may obtain a copy of the License at 13 * 14 * http://www.apache.org/licenses/LICENSE-2.0 15 * 16 * Unless required by applicable law or agreed to in writing, software 17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 * See the License for the specific language governing permissions and 20 * limitations under the License. 21 */ 22 #ifndef MBEDTLS_X509_CRT_H 23 #define MBEDTLS_X509_CRT_H 24 25 #if !defined(MBEDTLS_CONFIG_FILE) 26 #include "mbedtls/config.h" 27 #else 28 #include MBEDTLS_CONFIG_FILE 29 #endif 30 31 #include "mbedtls/x509.h" 32 #include "mbedtls/x509_crl.h" 33 #include "mbedtls/bignum.h" 34 35 /** 36 * \addtogroup x509_module 37 * \{ 38 */ 39 40 #ifdef __cplusplus 41 extern "C" { 42 #endif 43 44 /** 45 * \name Structures and functions for parsing and writing X.509 certificates 46 * \{ 47 */ 48 49 /** 50 * Container for an X.509 certificate. The certificate may be chained. 51 */ 52 typedef struct mbedtls_x509_crt 53 { 54 int own_buffer; /**< Indicates if \c raw is owned 55 * by the structure or not. */ 56 mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ 57 mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ 58 59 int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */ 60 mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */ 61 mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */ 62 63 mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */ 64 mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */ 65 66 mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ 67 mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ 68 69 mbedtls_x509_time valid_from; /**< Start time of certificate validity. */ 70 mbedtls_x509_time valid_to; /**< End time of certificate validity. */ 71 72 mbedtls_x509_buf pk_raw; 73 mbedtls_pk_context pk; /**< Container for the public key context. */ 74 75 mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ 76 mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ 77 mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ 78 mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ 79 80 mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ 81 82 int ext_types; /**< Bit string containing detected and parsed extensions */ 83 int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ 84 int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ 85 86 unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ 87 88 mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */ 89 90 unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */ 91 92 mbedtls_x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */ 93 mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ 94 mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ 95 void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ 96 97 struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */ 98 } 99 mbedtls_x509_crt; 100 101 /** 102 * From RFC 5280 section 4.2.1.6: 103 * OtherName ::= SEQUENCE { 104 * type-id OBJECT IDENTIFIER, 105 * value [0] EXPLICIT ANY DEFINED BY type-id } 106 */ 107 typedef struct mbedtls_x509_san_other_name 108 { 109 /** 110 * The type_id is an OID as deifned in RFC 5280. 111 * To check the value of the type id, you should use 112 * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. 113 */ 114 mbedtls_x509_buf type_id; /**< The type id. */ 115 union 116 { 117 /** 118 * From RFC 4108 section 5: 119 * HardwareModuleName ::= SEQUENCE { 120 * hwType OBJECT IDENTIFIER, 121 * hwSerialNum OCTET STRING } 122 */ 123 struct 124 { 125 mbedtls_x509_buf oid; /**< The object identifier. */ 126 mbedtls_x509_buf val; /**< The named value. */ 127 } 128 hardware_module_name; 129 } 130 value; 131 } 132 mbedtls_x509_san_other_name; 133 134 /** 135 * A structure for holding the parsed Subject Alternative Name, according to type 136 */ 137 typedef struct mbedtls_x509_subject_alternative_name 138 { 139 int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ 140 union { 141 mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ 142 mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */ 143 } 144 san; /**< A union of the supported SAN types */ 145 } 146 mbedtls_x509_subject_alternative_name; 147 148 /** 149 * Build flag from an algorithm/curve identifier (pk, md, ecp) 150 * Since 0 is always XXX_NONE, ignore it. 151 */ 152 #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( (id) - 1 ) ) 153 154 /** 155 * Security profile for certificate verification. 156 * 157 * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG(). 158 */ 159 typedef struct mbedtls_x509_crt_profile 160 { 161 uint32_t allowed_mds; /**< MDs for signatures */ 162 uint32_t allowed_pks; /**< PK algs for signatures */ 163 uint32_t allowed_curves; /**< Elliptic curves for ECDSA */ 164 uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */ 165 } 166 mbedtls_x509_crt_profile; 167 168 #define MBEDTLS_X509_CRT_VERSION_1 0 169 #define MBEDTLS_X509_CRT_VERSION_2 1 170 #define MBEDTLS_X509_CRT_VERSION_3 2 171 172 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32 173 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15 174 175 #if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN ) 176 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 177 #endif 178 179 /** 180 * Container for writing a certificate (CRT) 181 */ 182 typedef struct mbedtls_x509write_cert 183 { 184 int version; 185 mbedtls_mpi serial; 186 mbedtls_pk_context *subject_key; 187 mbedtls_pk_context *issuer_key; 188 mbedtls_asn1_named_data *subject; 189 mbedtls_asn1_named_data *issuer; 190 mbedtls_md_type_t md_alg; 191 char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; 192 char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; 193 mbedtls_asn1_named_data *extensions; 194 } 195 mbedtls_x509write_cert; 196 197 /** 198 * Item in a verification chain: cert and flags for it 199 */ 200 typedef struct { 201 mbedtls_x509_crt *crt; 202 uint32_t flags; 203 } mbedtls_x509_crt_verify_chain_item; 204 205 /** 206 * Max size of verification chain: end-entity + intermediates + trusted root 207 */ 208 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 ) 209 210 /** 211 * Verification chain as built by \c mbedtls_crt_verify_chain() 212 */ 213 typedef struct 214 { 215 mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; 216 unsigned len; 217 218 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 219 /* This stores the list of potential trusted signers obtained from 220 * the CA callback used for the CRT verification, if configured. 221 * We must track it somewhere because the callback passes its 222 * ownership to the caller. */ 223 mbedtls_x509_crt *trust_ca_cb_result; 224 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 225 } mbedtls_x509_crt_verify_chain; 226 227 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 228 229 /** 230 * \brief Context for resuming X.509 verify operations 231 */ 232 typedef struct 233 { 234 /* for check_signature() */ 235 mbedtls_pk_restart_ctx pk; 236 237 /* for find_parent_in() */ 238 mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */ 239 mbedtls_x509_crt *fallback_parent; 240 int fallback_signature_is_good; 241 242 /* for find_parent() */ 243 int parent_is_trusted; /* -1 if find_parent is not in progress */ 244 245 /* for verify_chain() */ 246 enum { 247 x509_crt_rs_none, 248 x509_crt_rs_find_parent, 249 } in_progress; /* none if no operation is in progress */ 250 int self_cnt; 251 mbedtls_x509_crt_verify_chain ver_chain; 252 253 } mbedtls_x509_crt_restart_ctx; 254 255 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 256 257 /* Now we can declare functions that take a pointer to that */ 258 typedef void mbedtls_x509_crt_restart_ctx; 259 260 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 261 262 #if defined(MBEDTLS_X509_CRT_PARSE_C) 263 /** 264 * Default security profile. Should provide a good balance between security 265 * and compatibility with current deployments. 266 * 267 * This profile permits: 268 * - SHA2 hashes. 269 * - All supported elliptic curves. 270 * - RSA with 2048 bits and above. 271 * 272 * New minor versions of Mbed TLS may extend this profile, for example if 273 * new curves are added to the library. New minor versions of Mbed TLS will 274 * not reduce this profile unless serious security concerns require it. 275 */ 276 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default; 277 278 /** 279 * Expected next default profile. Recommended for new deployments. 280 * Currently targets a 128-bit security level, except for allowing RSA-2048. 281 */ 282 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next; 283 284 /** 285 * NSA Suite B profile. 286 */ 287 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb; 288 289 /** 290 * \brief Parse a single DER formatted certificate and add it 291 * to the end of the provided chained list. 292 * 293 * \param chain The pointer to the start of the CRT chain to attach to. 294 * When parsing the first CRT in a chain, this should point 295 * to an instance of ::mbedtls_x509_crt initialized through 296 * mbedtls_x509_crt_init(). 297 * \param buf The buffer holding the DER encoded certificate. 298 * \param buflen The size in Bytes of \p buf. 299 * 300 * \note This function makes an internal copy of the CRT buffer 301 * \p buf. In particular, \p buf may be destroyed or reused 302 * after this call returns. To avoid duplicating the CRT 303 * buffer (at the cost of stricter lifetime constraints), 304 * use mbedtls_x509_crt_parse_der_nocopy() instead. 305 * 306 * \return \c 0 if successful. 307 * \return A negative error code on failure. 308 */ 309 int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, 310 const unsigned char *buf, 311 size_t buflen ); 312 313 /** 314 * \brief The type of certificate extension callbacks. 315 * 316 * Callbacks of this type are passed to and used by the 317 * mbedtls_x509_crt_parse_der_with_ext_cb() routine when 318 * it encounters either an unsupported extension or a 319 * "certificate policies" extension containing any 320 * unsupported certificate policies. 321 * Future versions of the library may invoke the callback 322 * in other cases, if and when the need arises. 323 * 324 * \param p_ctx An opaque context passed to the callback. 325 * \param crt The certificate being parsed. 326 * \param oid The OID of the extension. 327 * \param critical Whether the extension is critical. 328 * \param p Pointer to the start of the extension value 329 * (the content of the OCTET STRING). 330 * \param end End of extension value. 331 * 332 * \note The callback must fail and return a negative error code 333 * if it can not parse or does not support the extension. 334 * When the callback fails to parse a critical extension 335 * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. 336 * When the callback fails to parse a non critical extension 337 * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips 338 * the extension and continues parsing. 339 * 340 * \return \c 0 on success. 341 * \return A negative error code on failure. 342 */ 343 typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, 344 mbedtls_x509_crt const *crt, 345 mbedtls_x509_buf const *oid, 346 int critical, 347 const unsigned char *p, 348 const unsigned char *end ); 349 350 /** 351 * \brief Parse a single DER formatted certificate and add it 352 * to the end of the provided chained list. 353 * 354 * \param chain The pointer to the start of the CRT chain to attach to. 355 * When parsing the first CRT in a chain, this should point 356 * to an instance of ::mbedtls_x509_crt initialized through 357 * mbedtls_x509_crt_init(). 358 * \param buf The buffer holding the DER encoded certificate. 359 * \param buflen The size in Bytes of \p buf. 360 * \param make_copy When not zero this function makes an internal copy of the 361 * CRT buffer \p buf. In particular, \p buf may be destroyed 362 * or reused after this call returns. 363 * When zero this function avoids duplicating the CRT buffer 364 * by taking temporary ownership thereof until the CRT 365 * is destroyed (like mbedtls_x509_crt_parse_der_nocopy()) 366 * \param cb A callback invoked for every unsupported certificate 367 * extension. 368 * \param p_ctx An opaque context passed to the callback. 369 * 370 * \note This call is functionally equivalent to 371 * mbedtls_x509_crt_parse_der(), and/or 372 * mbedtls_x509_crt_parse_der_nocopy() 373 * but it calls the callback with every unsupported 374 * certificate extension and additionally the 375 * "certificate policies" extension if it contains any 376 * unsupported certificate policies. 377 * The callback must return a negative error code if it 378 * does not know how to handle such an extension. 379 * When the callback fails to parse a critical extension 380 * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. 381 * When the callback fails to parse a non critical extension 382 * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips 383 * the extension and continues parsing. 384 * Future versions of the library may invoke the callback 385 * in other cases, if and when the need arises. 386 * 387 * \return \c 0 if successful. 388 * \return A negative error code on failure. 389 */ 390 int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, 391 const unsigned char *buf, 392 size_t buflen, 393 int make_copy, 394 mbedtls_x509_crt_ext_cb_t cb, 395 void *p_ctx ); 396 397 /** 398 * \brief Parse a single DER formatted certificate and add it 399 * to the end of the provided chained list. This is a 400 * variant of mbedtls_x509_crt_parse_der() which takes 401 * temporary ownership of the CRT buffer until the CRT 402 * is destroyed. 403 * 404 * \param chain The pointer to the start of the CRT chain to attach to. 405 * When parsing the first CRT in a chain, this should point 406 * to an instance of ::mbedtls_x509_crt initialized through 407 * mbedtls_x509_crt_init(). 408 * \param buf The address of the readable buffer holding the DER encoded 409 * certificate to use. On success, this buffer must be 410 * retained and not be changed for the liftetime of the 411 * CRT chain \p chain, that is, until \p chain is destroyed 412 * through a call to mbedtls_x509_crt_free(). 413 * \param buflen The size in Bytes of \p buf. 414 * 415 * \note This call is functionally equivalent to 416 * mbedtls_x509_crt_parse_der(), but it avoids creating a 417 * copy of the input buffer at the cost of stronger lifetime 418 * constraints. This is useful in constrained environments 419 * where duplication of the CRT cannot be tolerated. 420 * 421 * \return \c 0 if successful. 422 * \return A negative error code on failure. 423 */ 424 int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, 425 const unsigned char *buf, 426 size_t buflen ); 427 428 /** 429 * \brief Parse one DER-encoded or one or more concatenated PEM-encoded 430 * certificates and add them to the chained list. 431 * 432 * For CRTs in PEM encoding, the function parses permissively: 433 * if at least one certificate can be parsed, the function 434 * returns the number of certificates for which parsing failed 435 * (hence \c 0 if all certificates were parsed successfully). 436 * If no certificate could be parsed, the function returns 437 * the first (negative) error encountered during parsing. 438 * 439 * PEM encoded certificates may be interleaved by other data 440 * such as human readable descriptions of their content, as 441 * long as the certificates are enclosed in the PEM specific 442 * '-----{BEGIN/END} CERTIFICATE-----' delimiters. 443 * 444 * \param chain The chain to which to add the parsed certificates. 445 * \param buf The buffer holding the certificate data in PEM or DER format. 446 * For certificates in PEM encoding, this may be a concatenation 447 * of multiple certificates; for DER encoding, the buffer must 448 * comprise exactly one certificate. 449 * \param buflen The size of \p buf, including the terminating \c NULL byte 450 * in case of PEM encoded data. 451 * 452 * \return \c 0 if all certificates were parsed successfully. 453 * \return The (positive) number of certificates that couldn't 454 * be parsed if parsing was partly successful (see above). 455 * \return A negative X509 or PEM error code otherwise. 456 * 457 */ 458 int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ); 459 460 #if defined(MBEDTLS_FS_IO) 461 /** 462 * \brief Load one or more certificates and add them 463 * to the chained list. Parses permissively. If some 464 * certificates can be parsed, the result is the number 465 * of failed certificates it encountered. If none complete 466 * correctly, the first error is returned. 467 * 468 * \param chain points to the start of the chain 469 * \param path filename to read the certificates from 470 * 471 * \return 0 if all certificates parsed successfully, a positive number 472 * if partly successful or a specific X509 or PEM error code 473 */ 474 int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ); 475 476 /** 477 * \brief Load one or more certificate files from a path and add them 478 * to the chained list. Parses permissively. If some 479 * certificates can be parsed, the result is the number 480 * of failed certificates it encountered. If none complete 481 * correctly, the first error is returned. 482 * 483 * \param chain points to the start of the chain 484 * \param path directory / folder to read the certificate files from 485 * 486 * \return 0 if all certificates parsed successfully, a positive number 487 * if partly successful or a specific X509 or PEM error code 488 */ 489 int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); 490 491 #endif /* MBEDTLS_FS_IO */ 492 /** 493 * \brief This function parses an item in the SubjectAlternativeNames 494 * extension. 495 * 496 * \param san_buf The buffer holding the raw data item of the subject 497 * alternative name. 498 * \param san The target structure to populate with the parsed presentation 499 * of the subject alternative name encoded in \p san_raw. 500 * 501 * \note Only "dnsName" and "otherName" of type hardware_module_name 502 * as defined in RFC 4180 is supported. 503 * 504 * \note This function should be called on a single raw data of 505 * subject alternative name. For example, after successful 506 * certificate parsing, one must iterate on every item in the 507 * \p crt->subject_alt_names sequence, and pass it to 508 * this function. 509 * 510 * \warning The target structure contains pointers to the raw data of the 511 * parsed certificate, and its lifetime is restricted by the 512 * lifetime of the certificate. 513 * 514 * \return \c 0 on success 515 * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported 516 * SAN type. 517 * \return Another negative value for any other failure. 518 */ 519 int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, 520 mbedtls_x509_subject_alternative_name *san ); 521 /** 522 * \brief Returns an informational string about the 523 * certificate. 524 * 525 * \param buf Buffer to write to 526 * \param size Maximum size of buffer 527 * \param prefix A line prefix 528 * \param crt The X509 certificate to represent 529 * 530 * \return The length of the string written (not including the 531 * terminated nul byte), or a negative error code. 532 */ 533 int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, 534 const mbedtls_x509_crt *crt ); 535 536 /** 537 * \brief Returns an informational string about the 538 * verification status of a certificate. 539 * 540 * \param buf Buffer to write to 541 * \param size Maximum size of buffer 542 * \param prefix A line prefix 543 * \param flags Verification flags created by mbedtls_x509_crt_verify() 544 * 545 * \return The length of the string written (not including the 546 * terminated nul byte), or a negative error code. 547 */ 548 int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, 549 uint32_t flags ); 550 551 /** 552 * \brief Verify a chain of certificates. 553 * 554 * The verify callback is a user-supplied callback that 555 * can clear / modify / add flags for a certificate. If set, 556 * the verification callback is called for each 557 * certificate in the chain (from the trust-ca down to the 558 * presented crt). The parameters for the callback are: 559 * (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, 560 * int *flags). With the flags representing current flags for 561 * that specific certificate and the certificate depth from 562 * the bottom (Peer cert depth = 0). 563 * 564 * All flags left after returning from the callback 565 * are also returned to the application. The function should 566 * return 0 for anything (including invalid certificates) 567 * other than fatal error, as a non-zero return code 568 * immediately aborts the verification process. For fatal 569 * errors, a specific error code should be used (different 570 * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not 571 * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR 572 * can be used if no better code is available. 573 * 574 * \note In case verification failed, the results can be displayed 575 * using \c mbedtls_x509_crt_verify_info() 576 * 577 * \note Same as \c mbedtls_x509_crt_verify_with_profile() with the 578 * default security profile. 579 * 580 * \note It is your responsibility to provide up-to-date CRLs for 581 * all trusted CAs. If no CRL is provided for the CA that was 582 * used to sign the certificate, CRL verification is skipped 583 * silently, that is *without* setting any flag. 584 * 585 * \note The \c trust_ca list can contain two types of certificates: 586 * (1) those of trusted root CAs, so that certificates 587 * chaining up to those CAs will be trusted, and (2) 588 * self-signed end-entity certificates to be trusted (for 589 * specific peers you know) - in that case, the self-signed 590 * certificate doesn't need to have the CA bit set. 591 * 592 * \param crt The certificate chain to be verified. 593 * \param trust_ca The list of trusted CAs. 594 * \param ca_crl The list of CRLs for trusted CAs. 595 * \param cn The expected Common Name. This will be checked to be 596 * present in the certificate's subjectAltNames extension or, 597 * if this extension is absent, as a CN component in its 598 * Subject name. Currently only DNS names are supported. This 599 * may be \c NULL if the CN need not be verified. 600 * \param flags The address at which to store the result of the verification. 601 * If the verification couldn't be completed, the flag value is 602 * set to (uint32_t) -1. 603 * \param f_vrfy The verification callback to use. See the documentation 604 * of mbedtls_x509_crt_verify() for more information. 605 * \param p_vrfy The context to be passed to \p f_vrfy. 606 * 607 * \return \c 0 if the chain is valid with respect to the 608 * passed CN, CAs, CRLs and security profile. 609 * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the 610 * certificate chain verification failed. In this case, 611 * \c *flags will have one or more 612 * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX 613 * flags set. 614 * \return Another negative error code in case of a fatal error 615 * encountered during the verification process. 616 */ 617 int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, 618 mbedtls_x509_crt *trust_ca, 619 mbedtls_x509_crl *ca_crl, 620 const char *cn, uint32_t *flags, 621 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 622 void *p_vrfy ); 623 624 /** 625 * \brief Verify a chain of certificates with respect to 626 * a configurable security profile. 627 * 628 * \note Same as \c mbedtls_x509_crt_verify(), but with explicit 629 * security profile. 630 * 631 * \note The restrictions on keys (RSA minimum size, allowed curves 632 * for ECDSA) apply to all certificates: trusted root, 633 * intermediate CAs if any, and end entity certificate. 634 * 635 * \param crt The certificate chain to be verified. 636 * \param trust_ca The list of trusted CAs. 637 * \param ca_crl The list of CRLs for trusted CAs. 638 * \param profile The security profile to use for the verification. 639 * \param cn The expected Common Name. This may be \c NULL if the 640 * CN need not be verified. 641 * \param flags The address at which to store the result of the verification. 642 * If the verification couldn't be completed, the flag value is 643 * set to (uint32_t) -1. 644 * \param f_vrfy The verification callback to use. See the documentation 645 * of mbedtls_x509_crt_verify() for more information. 646 * \param p_vrfy The context to be passed to \p f_vrfy. 647 * 648 * \return \c 0 if the chain is valid with respect to the 649 * passed CN, CAs, CRLs and security profile. 650 * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the 651 * certificate chain verification failed. In this case, 652 * \c *flags will have one or more 653 * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX 654 * flags set. 655 * \return Another negative error code in case of a fatal error 656 * encountered during the verification process. 657 */ 658 int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, 659 mbedtls_x509_crt *trust_ca, 660 mbedtls_x509_crl *ca_crl, 661 const mbedtls_x509_crt_profile *profile, 662 const char *cn, uint32_t *flags, 663 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 664 void *p_vrfy ); 665 666 /** 667 * \brief Restartable version of \c mbedtls_crt_verify_with_profile() 668 * 669 * \note Performs the same job as \c mbedtls_crt_verify_with_profile() 670 * but can return early and restart according to the limit 671 * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. 672 * 673 * \param crt The certificate chain to be verified. 674 * \param trust_ca The list of trusted CAs. 675 * \param ca_crl The list of CRLs for trusted CAs. 676 * \param profile The security profile to use for the verification. 677 * \param cn The expected Common Name. This may be \c NULL if the 678 * CN need not be verified. 679 * \param flags The address at which to store the result of the verification. 680 * If the verification couldn't be completed, the flag value is 681 * set to (uint32_t) -1. 682 * \param f_vrfy The verification callback to use. See the documentation 683 * of mbedtls_x509_crt_verify() for more information. 684 * \param p_vrfy The context to be passed to \p f_vrfy. 685 * \param rs_ctx The restart context to use. This may be set to \c NULL 686 * to disable restartable ECC. 687 * 688 * \return See \c mbedtls_crt_verify_with_profile(), or 689 * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of 690 * operations was reached: see \c mbedtls_ecp_set_max_ops(). 691 */ 692 int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, 693 mbedtls_x509_crt *trust_ca, 694 mbedtls_x509_crl *ca_crl, 695 const mbedtls_x509_crt_profile *profile, 696 const char *cn, uint32_t *flags, 697 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 698 void *p_vrfy, 699 mbedtls_x509_crt_restart_ctx *rs_ctx ); 700 701 /** 702 * \brief The type of trusted certificate callbacks. 703 * 704 * Callbacks of this type are passed to and used by the CRT 705 * verification routine mbedtls_x509_crt_verify_with_ca_cb() 706 * when looking for trusted signers of a given certificate. 707 * 708 * On success, the callback returns a list of trusted 709 * certificates to be considered as potential signers 710 * for the input certificate. 711 * 712 * \param p_ctx An opaque context passed to the callback. 713 * \param child The certificate for which to search a potential signer. 714 * This will point to a readable certificate. 715 * \param candidate_cas The address at which to store the address of the first 716 * entry in the generated linked list of candidate signers. 717 * This will not be \c NULL. 718 * 719 * \note The callback must only return a non-zero value on a 720 * fatal error. If, in contrast, the search for a potential 721 * signer completes without a single candidate, the 722 * callback must return \c 0 and set \c *candidate_cas 723 * to \c NULL. 724 * 725 * \return \c 0 on success. In this case, \c *candidate_cas points 726 * to a heap-allocated linked list of instances of 727 * ::mbedtls_x509_crt, and ownership of this list is passed 728 * to the caller. 729 * \return A negative error code on failure. 730 */ 731 typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx, 732 mbedtls_x509_crt const *child, 733 mbedtls_x509_crt **candidate_cas ); 734 735 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 736 /** 737 * \brief Version of \c mbedtls_x509_crt_verify_with_profile() which 738 * uses a callback to acquire the list of trusted CA 739 * certificates. 740 * 741 * \param crt The certificate chain to be verified. 742 * \param f_ca_cb The callback to be used to query for potential signers 743 * of a given child certificate. See the documentation of 744 * ::mbedtls_x509_crt_ca_cb_t for more information. 745 * \param p_ca_cb The opaque context to be passed to \p f_ca_cb. 746 * \param profile The security profile for the verification. 747 * \param cn The expected Common Name. This may be \c NULL if the 748 * CN need not be verified. 749 * \param flags The address at which to store the result of the verification. 750 * If the verification couldn't be completed, the flag value is 751 * set to (uint32_t) -1. 752 * \param f_vrfy The verification callback to use. See the documentation 753 * of mbedtls_x509_crt_verify() for more information. 754 * \param p_vrfy The context to be passed to \p f_vrfy. 755 * 756 * \return See \c mbedtls_crt_verify_with_profile(). 757 */ 758 int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, 759 mbedtls_x509_crt_ca_cb_t f_ca_cb, 760 void *p_ca_cb, 761 const mbedtls_x509_crt_profile *profile, 762 const char *cn, uint32_t *flags, 763 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 764 void *p_vrfy ); 765 766 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 767 768 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 769 /** 770 * \brief Check usage of certificate against keyUsage extension. 771 * 772 * \param crt Leaf certificate used. 773 * \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT 774 * before using the certificate to perform an RSA key 775 * exchange). 776 * 777 * \note Except for decipherOnly and encipherOnly, a bit set in the 778 * usage argument means this bit MUST be set in the 779 * certificate. For decipherOnly and encipherOnly, it means 780 * that bit MAY be set. 781 * 782 * \return 0 is these uses of the certificate are allowed, 783 * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension 784 * is present but does not match the usage argument. 785 * 786 * \note You should only call this function on leaf certificates, on 787 * (intermediate) CAs the keyUsage extension is automatically 788 * checked by \c mbedtls_x509_crt_verify(). 789 */ 790 int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, 791 unsigned int usage ); 792 #endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */ 793 794 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) 795 /** 796 * \brief Check usage of certificate against extendedKeyUsage. 797 * 798 * \param crt Leaf certificate used. 799 * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or 800 * MBEDTLS_OID_CLIENT_AUTH). 801 * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). 802 * 803 * \return 0 if this use of the certificate is allowed, 804 * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. 805 * 806 * \note Usually only makes sense on leaf certificates. 807 */ 808 int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, 809 const char *usage_oid, 810 size_t usage_len ); 811 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ 812 813 #if defined(MBEDTLS_X509_CRL_PARSE_C) 814 /** 815 * \brief Verify the certificate revocation status 816 * 817 * \param crt a certificate to be verified 818 * \param crl the CRL to verify against 819 * 820 * \return 1 if the certificate is revoked, 0 otherwise 821 * 822 */ 823 int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl ); 824 #endif /* MBEDTLS_X509_CRL_PARSE_C */ 825 826 /** 827 * \brief Initialize a certificate (chain) 828 * 829 * \param crt Certificate chain to initialize 830 */ 831 void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ); 832 833 /** 834 * \brief Unallocate all certificate data 835 * 836 * \param crt Certificate chain to free 837 */ 838 void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ); 839 840 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 841 /** 842 * \brief Initialize a restart context 843 */ 844 void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ); 845 846 /** 847 * \brief Free the components of a restart context 848 */ 849 void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ); 850 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 851 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 852 853 /* \} name */ 854 /* \} addtogroup x509_module */ 855 856 #if defined(MBEDTLS_X509_CRT_WRITE_C) 857 /** 858 * \brief Initialize a CRT writing context 859 * 860 * \param ctx CRT context to initialize 861 */ 862 void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ); 863 864 /** 865 * \brief Set the verion for a Certificate 866 * Default: MBEDTLS_X509_CRT_VERSION_3 867 * 868 * \param ctx CRT context to use 869 * \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or 870 * MBEDTLS_X509_CRT_VERSION_3) 871 */ 872 void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ); 873 874 /** 875 * \brief Set the serial number for a Certificate. 876 * 877 * \param ctx CRT context to use 878 * \param serial serial number to set 879 * 880 * \return 0 if successful 881 */ 882 int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial ); 883 884 /** 885 * \brief Set the validity period for a Certificate 886 * Timestamps should be in string format for UTC timezone 887 * i.e. "YYYYMMDDhhmmss" 888 * e.g. "20131231235959" for December 31st 2013 889 * at 23:59:59 890 * 891 * \param ctx CRT context to use 892 * \param not_before not_before timestamp 893 * \param not_after not_after timestamp 894 * 895 * \return 0 if timestamp was parsed successfully, or 896 * a specific error code 897 */ 898 int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before, 899 const char *not_after ); 900 901 /** 902 * \brief Set the issuer name for a Certificate 903 * Issuer names should contain a comma-separated list 904 * of OID types and values: 905 * e.g. "C=UK,O=ARM,CN=mbed TLS CA" 906 * 907 * \param ctx CRT context to use 908 * \param issuer_name issuer name to set 909 * 910 * \return 0 if issuer name was parsed successfully, or 911 * a specific error code 912 */ 913 int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, 914 const char *issuer_name ); 915 916 /** 917 * \brief Set the subject name for a Certificate 918 * Subject names should contain a comma-separated list 919 * of OID types and values: 920 * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1" 921 * 922 * \param ctx CRT context to use 923 * \param subject_name subject name to set 924 * 925 * \return 0 if subject name was parsed successfully, or 926 * a specific error code 927 */ 928 int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx, 929 const char *subject_name ); 930 931 /** 932 * \brief Set the subject public key for the certificate 933 * 934 * \param ctx CRT context to use 935 * \param key public key to include 936 */ 937 void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ); 938 939 /** 940 * \brief Set the issuer key used for signing the certificate 941 * 942 * \param ctx CRT context to use 943 * \param key private key to sign with 944 */ 945 void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key ); 946 947 /** 948 * \brief Set the MD algorithm to use for the signature 949 * (e.g. MBEDTLS_MD_SHA1) 950 * 951 * \param ctx CRT context to use 952 * \param md_alg MD algorithm to use 953 */ 954 void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg ); 955 956 /** 957 * \brief Generic function to add to or replace an extension in the 958 * CRT 959 * 960 * \param ctx CRT context to use 961 * \param oid OID of the extension 962 * \param oid_len length of the OID 963 * \param critical if the extension is critical (per the RFC's definition) 964 * \param val value of the extension OCTET STRING 965 * \param val_len length of the value data 966 * 967 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 968 */ 969 int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, 970 const char *oid, size_t oid_len, 971 int critical, 972 const unsigned char *val, size_t val_len ); 973 974 /** 975 * \brief Set the basicConstraints extension for a CRT 976 * 977 * \param ctx CRT context to use 978 * \param is_ca is this a CA certificate 979 * \param max_pathlen maximum length of certificate chains below this 980 * certificate (only for CA certificates, -1 is 981 * inlimited) 982 * 983 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 984 */ 985 int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, 986 int is_ca, int max_pathlen ); 987 988 #if defined(MBEDTLS_SHA1_C) 989 /** 990 * \brief Set the subjectKeyIdentifier extension for a CRT 991 * Requires that mbedtls_x509write_crt_set_subject_key() has been 992 * called before 993 * 994 * \param ctx CRT context to use 995 * 996 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 997 */ 998 int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx ); 999 1000 /** 1001 * \brief Set the authorityKeyIdentifier extension for a CRT 1002 * Requires that mbedtls_x509write_crt_set_issuer_key() has been 1003 * called before 1004 * 1005 * \param ctx CRT context to use 1006 * 1007 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 1008 */ 1009 int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ); 1010 #endif /* MBEDTLS_SHA1_C */ 1011 1012 /** 1013 * \brief Set the Key Usage Extension flags 1014 * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN) 1015 * 1016 * \param ctx CRT context to use 1017 * \param key_usage key usage flags to set 1018 * 1019 * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED 1020 */ 1021 int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, 1022 unsigned int key_usage ); 1023 1024 /** 1025 * \brief Set the Netscape Cert Type flags 1026 * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL) 1027 * 1028 * \param ctx CRT context to use 1029 * \param ns_cert_type Netscape Cert Type flags to set 1030 * 1031 * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED 1032 */ 1033 int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, 1034 unsigned char ns_cert_type ); 1035 1036 /** 1037 * \brief Free the contents of a CRT write context 1038 * 1039 * \param ctx CRT context to free 1040 */ 1041 void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ); 1042 1043 /** 1044 * \brief Write a built up certificate to a X509 DER structure 1045 * Note: data is written at the end of the buffer! Use the 1046 * return value to determine where you should start 1047 * using the buffer 1048 * 1049 * \param ctx certificate to write away 1050 * \param buf buffer to write to 1051 * \param size size of the buffer 1052 * \param f_rng RNG function (for signature, see note) 1053 * \param p_rng RNG parameter 1054 * 1055 * \return length of data written if successful, or a specific 1056 * error code 1057 * 1058 * \note f_rng may be NULL if RSA is used for signature and the 1059 * signature is made offline (otherwise f_rng is desirable 1060 * for countermeasures against timing attacks). 1061 * ECDSA signatures always require a non-NULL f_rng. 1062 */ 1063 int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, 1064 int (*f_rng)(void *, unsigned char *, size_t), 1065 void *p_rng ); 1066 1067 #if defined(MBEDTLS_PEM_WRITE_C) 1068 /** 1069 * \brief Write a built up certificate to a X509 PEM string 1070 * 1071 * \param ctx certificate to write away 1072 * \param buf buffer to write to 1073 * \param size size of the buffer 1074 * \param f_rng RNG function (for signature, see note) 1075 * \param p_rng RNG parameter 1076 * 1077 * \return 0 if successful, or a specific error code 1078 * 1079 * \note f_rng may be NULL if RSA is used for signature and the 1080 * signature is made offline (otherwise f_rng is desirable 1081 * for countermeasures against timing attacks). 1082 * ECDSA signatures always require a non-NULL f_rng. 1083 */ 1084 int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, 1085 int (*f_rng)(void *, unsigned char *, size_t), 1086 void *p_rng ); 1087 #endif /* MBEDTLS_PEM_WRITE_C */ 1088 #endif /* MBEDTLS_X509_CRT_WRITE_C */ 1089 1090 #ifdef __cplusplus 1091 } 1092 #endif 1093 1094 #endif /* mbedtls_x509_crt.h */ 1095
