]> git.zerfleddert.de Git - proxmark3-svn/blame - common/mbedtls/x509_crl.h
Add ROCA vulnerability test (RRG repository PR 76 by @merlokk) (#762)
[proxmark3-svn] / common / mbedtls / x509_crl.h
CommitLineData
700d8687
OM
1/**
2 * \file x509_crl.h
3 *
4 * \brief X.509 certificate revocation list parsing
5 */
6/*
7 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8 * SPDX-License-Identifier: GPL-2.0
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 *
24 * This file is part of mbed TLS (https://tls.mbed.org)
25 */
26#ifndef MBEDTLS_X509_CRL_H
27#define MBEDTLS_X509_CRL_H
28
29#if !defined(MBEDTLS_CONFIG_FILE)
30#include "config.h"
31#else
32#include MBEDTLS_CONFIG_FILE
33#endif
34
35#include "x509.h"
36
37#ifdef __cplusplus
38extern "C" {
39#endif
40
41/**
42 * \addtogroup x509_module
43 * \{ */
44
45/**
46 * \name Structures and functions for parsing CRLs
47 * \{
48 */
49
50/**
51 * Certificate revocation list entry.
52 * Contains the CA-specific serial numbers and revocation dates.
53 */
54typedef struct mbedtls_x509_crl_entry
55{
56 mbedtls_x509_buf raw;
57
58 mbedtls_x509_buf serial;
59
60 mbedtls_x509_time revocation_date;
61
62 mbedtls_x509_buf entry_ext;
63
64 struct mbedtls_x509_crl_entry *next;
65}
66mbedtls_x509_crl_entry;
67
68/**
69 * Certificate revocation list structure.
70 * Every CRL may have multiple entries.
71 */
72typedef struct mbedtls_x509_crl
73{
74 mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
75 mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
76
77 int version; /**< CRL version (1=v1, 2=v2) */
78 mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
79
80 mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */
81
82 mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
83
84 mbedtls_x509_time this_update;
85 mbedtls_x509_time next_update;
86
87 mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
88
89 mbedtls_x509_buf crl_ext;
90
91 mbedtls_x509_buf sig_oid2;
92 mbedtls_x509_buf sig;
93 mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
94 mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
95 void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
96
97 struct mbedtls_x509_crl *next;
98}
99mbedtls_x509_crl;
100
101/**
102 * \brief Parse a DER-encoded CRL and append it to the chained list
103 *
104 * \param chain points to the start of the chain
105 * \param buf buffer holding the CRL data in DER format
106 * \param buflen size of the buffer
107 * (including the terminating null byte for PEM data)
108 *
109 * \return 0 if successful, or a specific X509 or PEM error code
110 */
111int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
112 const unsigned char *buf, size_t buflen );
113/**
114 * \brief Parse one or more CRLs and append them to the chained list
115 *
116 * \note Mutliple CRLs are accepted only if using PEM format
117 *
118 * \param chain points to the start of the chain
119 * \param buf buffer holding the CRL data in PEM or DER format
120 * \param buflen size of the buffer
121 * (including the terminating null byte for PEM data)
122 *
123 * \return 0 if successful, or a specific X509 or PEM error code
124 */
125int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
126
127#if defined(MBEDTLS_FS_IO)
128/**
129 * \brief Load one or more CRLs and append them to the chained list
130 *
131 * \note Mutliple CRLs are accepted only if using PEM format
132 *
133 * \param chain points to the start of the chain
134 * \param path filename to read the CRLs from (in PEM or DER encoding)
135 *
136 * \return 0 if successful, or a specific X509 or PEM error code
137 */
138int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
139#endif /* MBEDTLS_FS_IO */
140
141/**
142 * \brief Returns an informational string about the CRL.
143 *
144 * \param buf Buffer to write to
145 * \param size Maximum size of buffer
146 * \param prefix A line prefix
147 * \param crl The X509 CRL to represent
148 *
149 * \return The length of the string written (not including the
150 * terminated nul byte), or a negative error code.
151 */
152int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
153 const mbedtls_x509_crl *crl );
154
155/**
156 * \brief Initialize a CRL (chain)
157 *
158 * \param crl CRL chain to initialize
159 */
160void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
161
162/**
163 * \brief Unallocate all CRL data
164 *
165 * \param crl CRL chain to free
166 */
167void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
168
169/* \} name */
170/* \} addtogroup x509_module */
171
172#ifdef __cplusplus
173}
174#endif
175
176#endif /* mbedtls_x509_crl.h */
Impressum, Datenschutz