]> git.zerfleddert.de Git - proxmark3-svn/blob - common/mbedtls/x509_crl.h
emv/sc fixes and modifications: (#780)
[proxmark3-svn] / common / mbedtls / x509_crl.h
1 /**
2 * \file x509_crl.h
3 *
4 * \brief X.509 certificate revocation list parsing
5 */
6 /*
7 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8 * SPDX-License-Identifier: GPL-2.0
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 *
24 * This file is part of mbed TLS (https://tls.mbed.org)
25 */
26 #ifndef MBEDTLS_X509_CRL_H
27 #define MBEDTLS_X509_CRL_H
28
29 #if !defined(MBEDTLS_CONFIG_FILE)
30 #include "config.h"
31 #else
32 #include MBEDTLS_CONFIG_FILE
33 #endif
34
35 #include "x509.h"
36
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40
41 /**
42 * \addtogroup x509_module
43 * \{ */
44
45 /**
46 * \name Structures and functions for parsing CRLs
47 * \{
48 */
49
50 /**
51 * Certificate revocation list entry.
52 * Contains the CA-specific serial numbers and revocation dates.
53 */
54 typedef struct mbedtls_x509_crl_entry
55 {
56 mbedtls_x509_buf raw;
57
58 mbedtls_x509_buf serial;
59
60 mbedtls_x509_time revocation_date;
61
62 mbedtls_x509_buf entry_ext;
63
64 struct mbedtls_x509_crl_entry *next;
65 }
66 mbedtls_x509_crl_entry;
67
68 /**
69 * Certificate revocation list structure.
70 * Every CRL may have multiple entries.
71 */
72 typedef struct mbedtls_x509_crl
73 {
74 mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
75 mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
76
77 int version; /**< CRL version (1=v1, 2=v2) */
78 mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
79
80 mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */
81
82 mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
83
84 mbedtls_x509_time this_update;
85 mbedtls_x509_time next_update;
86
87 mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
88
89 mbedtls_x509_buf crl_ext;
90
91 mbedtls_x509_buf sig_oid2;
92 mbedtls_x509_buf sig;
93 mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
94 mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
95 void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
96
97 struct mbedtls_x509_crl *next;
98 }
99 mbedtls_x509_crl;
100
101 /**
102 * \brief Parse a DER-encoded CRL and append it to the chained list
103 *
104 * \param chain points to the start of the chain
105 * \param buf buffer holding the CRL data in DER format
106 * \param buflen size of the buffer
107 * (including the terminating null byte for PEM data)
108 *
109 * \return 0 if successful, or a specific X509 or PEM error code
110 */
111 int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
112 const unsigned char *buf, size_t buflen );
113 /**
114 * \brief Parse one or more CRLs and append them to the chained list
115 *
116 * \note Mutliple CRLs are accepted only if using PEM format
117 *
118 * \param chain points to the start of the chain
119 * \param buf buffer holding the CRL data in PEM or DER format
120 * \param buflen size of the buffer
121 * (including the terminating null byte for PEM data)
122 *
123 * \return 0 if successful, or a specific X509 or PEM error code
124 */
125 int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
126
127 #if defined(MBEDTLS_FS_IO)
128 /**
129 * \brief Load one or more CRLs and append them to the chained list
130 *
131 * \note Mutliple CRLs are accepted only if using PEM format
132 *
133 * \param chain points to the start of the chain
134 * \param path filename to read the CRLs from (in PEM or DER encoding)
135 *
136 * \return 0 if successful, or a specific X509 or PEM error code
137 */
138 int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
139 #endif /* MBEDTLS_FS_IO */
140
141 /**
142 * \brief Returns an informational string about the CRL.
143 *
144 * \param buf Buffer to write to
145 * \param size Maximum size of buffer
146 * \param prefix A line prefix
147 * \param crl The X509 CRL to represent
148 *
149 * \return The length of the string written (not including the
150 * terminated nul byte), or a negative error code.
151 */
152 int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
153 const mbedtls_x509_crl *crl );
154
155 /**
156 * \brief Initialize a CRL (chain)
157 *
158 * \param crl CRL chain to initialize
159 */
160 void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
161
162 /**
163 * \brief Unallocate all CRL data
164 *
165 * \param crl CRL chain to free
166 */
167 void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
168
169 /* \} name */
170 /* \} addtogroup x509_module */
171
172 #ifdef __cplusplus
173 }
174 #endif
175
176 #endif /* mbedtls_x509_crl.h */
Impressum, Datenschutz