[proxmark3-svn] / common / mbedtls / x509_crl.h

/**
 * \file x509_crl.h
 *
 * \brief X.509 certificate revocation list parsing
 */
/*
 *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: GPL-2.0
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  This file is part of mbed TLS (https://tls.mbed.org)
 */
#ifndef MBEDTLS_X509_CRL_H
#define MBEDTLS_X509_CRL_H

#if !defined(MBEDTLS_CONFIG_FILE)
#include "config.h"
#else
#include MBEDTLS_CONFIG_FILE
#endif

#include "x509.h"

#ifdef __cplusplus
extern "C" {
#endif

/**
 * \addtogroup x509_module
 * \{ */

/**
 * \name Structures and functions for parsing CRLs
 * \{
 */

/**
 * Certificate revocation list entry.
 * Contains the CA-specific serial numbers and revocation dates.
 */
typedef struct mbedtls_x509_crl_entry
{
    mbedtls_x509_buf raw;

    mbedtls_x509_buf serial;

    mbedtls_x509_time revocation_date;

    mbedtls_x509_buf entry_ext;

    struct mbedtls_x509_crl_entry *next;
}
mbedtls_x509_crl_entry;

/**
 * Certificate revocation list structure.
 * Every CRL may have multiple entries.
 */
typedef struct mbedtls_x509_crl
{
    mbedtls_x509_buf raw;           /**< The raw certificate data (DER). */
    mbedtls_x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */

    int version;            /**< CRL version (1=v1, 2=v2) */
    mbedtls_x509_buf sig_oid;       /**< CRL signature type identifier */

    mbedtls_x509_buf issuer_raw;    /**< The raw issuer data (DER). */

    mbedtls_x509_name issuer;       /**< The parsed issuer data (named information object). */

    mbedtls_x509_time this_update;
    mbedtls_x509_time next_update;

    mbedtls_x509_crl_entry entry;   /**< The CRL entries containing the certificate revocation times for this CA. */

    mbedtls_x509_buf crl_ext;

    mbedtls_x509_buf sig_oid2;
    mbedtls_x509_buf sig;
    mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
    mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
    void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */

    struct mbedtls_x509_crl *next;
}
mbedtls_x509_crl;

/**
 * \brief          Parse a DER-encoded CRL and append it to the chained list
 *
 * \param chain    points to the start of the chain
 * \param buf      buffer holding the CRL data in DER format
 * \param buflen   size of the buffer
 *                 (including the terminating null byte for PEM data)
 *
 * \return         0 if successful, or a specific X509 or PEM error code
 */
int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
                        const unsigned char *buf, size_t buflen );
/**
 * \brief          Parse one or more CRLs and append them to the chained list
 *
 * \note           Mutliple CRLs are accepted only if using PEM format
 *
 * \param chain    points to the start of the chain
 * \param buf      buffer holding the CRL data in PEM or DER format
 * \param buflen   size of the buffer
 *                 (including the terminating null byte for PEM data)
 *
 * \return         0 if successful, or a specific X509 or PEM error code
 */
int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );

#if defined(MBEDTLS_FS_IO)
/**
 * \brief          Load one or more CRLs and append them to the chained list
 *
 * \note           Mutliple CRLs are accepted only if using PEM format
 *
 * \param chain    points to the start of the chain
 * \param path     filename to read the CRLs from (in PEM or DER encoding)
 *
 * \return         0 if successful, or a specific X509 or PEM error code
 */
int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
#endif /* MBEDTLS_FS_IO */

/**
 * \brief          Returns an informational string about the CRL.
 *
 * \param buf      Buffer to write to
 * \param size     Maximum size of buffer
 * \param prefix   A line prefix
 * \param crl      The X509 CRL to represent
 *
 * \return         The length of the string written (not including the
 *                 terminated nul byte), or a negative error code.
 */
int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
                   const mbedtls_x509_crl *crl );

/**
 * \brief          Initialize a CRL (chain)
 *
 * \param crl      CRL chain to initialize
 */
void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );

/**
 * \brief          Unallocate all CRL data
 *
 * \param crl      CRL chain to free
 */
void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );

/* \} name */
/* \} addtogroup x509_module */

#ifdef __cplusplus
}
#endif

#endif /* mbedtls_x509_crl.h */
Commit	Line	Data
700d8687 OM	1	/**
	2	* \file x509_crl.h
	3	*
	4	* \brief X.509 certificate revocation list parsing
	5	*/
	6	/*
	7	* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
	8	* SPDX-License-Identifier: GPL-2.0
	9	*
	10	* This program is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU General Public License as published by
	12	* the Free Software Foundation; either version 2 of the License, or
	13	* (at your option) any later version.
	14	*
	15	* This program is distributed in the hope that it will be useful,
	16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	* GNU General Public License for more details.
	19	*
	20	* You should have received a copy of the GNU General Public License along
	21	* with this program; if not, write to the Free Software Foundation, Inc.,
	22	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	23	*
	24	* This file is part of mbed TLS (https://tls.mbed.org)
	25	*/
	26	#ifndef MBEDTLS_X509_CRL_H
	27	#define MBEDTLS_X509_CRL_H
	28
	29	#if !defined(MBEDTLS_CONFIG_FILE)
	30	#include "config.h"
	31	#else
	32	#include MBEDTLS_CONFIG_FILE
	33	#endif
	34
	35	#include "x509.h"
	36
	37	#ifdef __cplusplus
	38	extern "C" {
	39	#endif
	40
	41	/**
	42	* \addtogroup x509_module
	43	* \{ */
	44
	45	/**
	46	* \name Structures and functions for parsing CRLs
	47	* \{
	48	*/
	49
	50	/**
	51	* Certificate revocation list entry.
	52	* Contains the CA-specific serial numbers and revocation dates.
	53	*/
	54	typedef struct mbedtls_x509_crl_entry
	55	{
	56	mbedtls_x509_buf raw;
	57
	58	mbedtls_x509_buf serial;
	59
	60	mbedtls_x509_time revocation_date;
	61
	62	mbedtls_x509_buf entry_ext;
	63
	64	struct mbedtls_x509_crl_entry *next;
65	}
66	mbedtls_x509_crl_entry;
67
68	/**
69	* Certificate revocation list structure.
70	* Every CRL may have multiple entries.
71	*/
72	typedef struct mbedtls_x509_crl
73	{
74	mbedtls_x509_buf raw; /*< The raw certificate data (DER). /
75	mbedtls_x509_buf tbs; /*< The raw certificate body (DER). The part that is To Be Signed. /
76
77	int version; /*< CRL version (1=v1, 2=v2) /
78	mbedtls_x509_buf sig_oid; /*< CRL signature type identifier /
79
80	mbedtls_x509_buf issuer_raw; /*< The raw issuer data (DER). /
81
82	mbedtls_x509_name issuer; /*< The parsed issuer data (named information object). /
83
84	mbedtls_x509_time this_update;
85	mbedtls_x509_time next_update;
86
87	mbedtls_x509_crl_entry entry; /*< The CRL entries containing the certificate revocation times for this CA. /
88
89	mbedtls_x509_buf crl_ext;
90
91	mbedtls_x509_buf sig_oid2;
92	mbedtls_x509_buf sig;
93	mbedtls_md_type_t sig_md; /*< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 /
94	mbedtls_pk_type_t sig_pk; /*< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA /
95	void sig_opts; /< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS /
96
97	struct mbedtls_x509_crl *next;
98	}
99	mbedtls_x509_crl;
100
101	/**
102	* \brief Parse a DER-encoded CRL and append it to the chained list
103	*
104	* \param chain points to the start of the chain
105	* \param buf buffer holding the CRL data in DER format
106	* \param buflen size of the buffer
107	* (including the terminating null byte for PEM data)
108	*
109	* \return 0 if successful, or a specific X509 or PEM error code
110	*/
111	int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
112	const unsigned char *buf, size_t buflen );
113	/**
114	* \brief Parse one or more CRLs and append them to the chained list
115	*
116	* \note Mutliple CRLs are accepted only if using PEM format
117	*
118	* \param chain points to the start of the chain
119	* \param buf buffer holding the CRL data in PEM or DER format
120	* \param buflen size of the buffer
121	* (including the terminating null byte for PEM data)
122	*
123	* \return 0 if successful, or a specific X509 or PEM error code
124	*/
125	int mbedtls_x509_crl_parse( mbedtls_x509_crl chain, const unsigned char buf, size_t buflen );
126
127	#if defined(MBEDTLS_FS_IO)
128	/**
129	* \brief Load one or more CRLs and append them to the chained list
130	*
131	* \note Mutliple CRLs are accepted only if using PEM format
132	*
133	* \param chain points to the start of the chain
134	* \param path filename to read the CRLs from (in PEM or DER encoding)
135	*
136	* \return 0 if successful, or a specific X509 or PEM error code
137	*/
138	int mbedtls_x509_crl_parse_file( mbedtls_x509_crl chain, const char path );
139	#endif /* MBEDTLS_FS_IO */
140
141	/**
142	* \brief Returns an informational string about the CRL.
143	*
144	* \param buf Buffer to write to
145	* \param size Maximum size of buffer
146	* \param prefix A line prefix
147	* \param crl The X509 CRL to represent
148	*
149	* \return The length of the string written (not including the
150	* terminated nul byte), or a negative error code.
151	*/
152	int mbedtls_x509_crl_info( char buf, size_t size, const char prefix,
153	const mbedtls_x509_crl *crl );
154
155	/**
156	* \brief Initialize a CRL (chain)
157	*
158	* \param crl CRL chain to initialize
159	*/
160	void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
161
162	/**
163	* \brief Unallocate all CRL data
164	*
165	* \param crl CRL chain to free
166	*/
167	void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
168
169	/* \} name */
170	/* \} addtogroup x509_module */
171
172	#ifdef __cplusplus
173	}
174	#endif
175
176	#endif /* mbedtls_x509_crl.h */