1 /** 2 * \file x509_crt.h 3 * 4 * \brief X.509 certificate parsing and writing 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 */ 10 #ifndef MBEDTLS_X509_CRT_H 11 #define MBEDTLS_X509_CRT_H 12 13 #if !defined(MBEDTLS_CONFIG_FILE) 14 #include "mbedtls/config.h" 15 #else 16 #include MBEDTLS_CONFIG_FILE 17 #endif 18 19 #include "mbedtls/x509.h" 20 #include "mbedtls/x509_crl.h" 21 #include "mbedtls/bignum.h" 22 23 /** 24 * \addtogroup x509_module 25 * \{ 26 */ 27 28 #ifdef __cplusplus 29 extern "C" { 30 #endif 31 32 /** 33 * \name Structures and functions for parsing and writing X.509 certificates 34 * \{ 35 */ 36 37 /** 38 * Container for an X.509 certificate. The certificate may be chained. 39 */ 40 typedef struct mbedtls_x509_crt { 41 int own_buffer; /**< Indicates if \c raw is owned 42 * by the structure or not. */ 43 mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ 44 mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ 45 46 int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */ 47 mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */ 48 mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */ 49 50 mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */ 51 mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */ 52 53 mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ 54 mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ 55 56 mbedtls_x509_time valid_from; /**< Start time of certificate validity. */ 57 mbedtls_x509_time valid_to; /**< End time of certificate validity. */ 58 59 mbedtls_x509_buf pk_raw; 60 mbedtls_pk_context pk; /**< Container for the public key context. */ 61 62 mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ 63 mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ 64 mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ 65 mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ 66 67 mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ 68 69 int ext_types; /**< Bit string containing detected and parsed extensions */ 70 int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ 71 int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ 72 73 unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ 74 75 mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */ 76 77 unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */ 78 79 mbedtls_x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */ 80 mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ 81 mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ 82 void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ 83 84 struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */ 85 } 86 mbedtls_x509_crt; 87 88 /** 89 * From RFC 5280 section 4.2.1.6: 90 * OtherName ::= SEQUENCE { 91 * type-id OBJECT IDENTIFIER, 92 * value [0] EXPLICIT ANY DEFINED BY type-id } 93 */ 94 typedef struct mbedtls_x509_san_other_name { 95 /** 96 * The type_id is an OID as defined in RFC 5280. 97 * To check the value of the type id, you should use 98 * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. 99 */ 100 mbedtls_x509_buf type_id; /**< The type id. */ 101 union { 102 /** 103 * From RFC 4108 section 5: 104 * HardwareModuleName ::= SEQUENCE { 105 * hwType OBJECT IDENTIFIER, 106 * hwSerialNum OCTET STRING } 107 */ 108 struct { 109 mbedtls_x509_buf oid; /**< The object identifier. */ 110 mbedtls_x509_buf val; /**< The named value. */ 111 } 112 hardware_module_name; 113 } 114 value; 115 } 116 mbedtls_x509_san_other_name; 117 118 /** 119 * A structure for holding the parsed Subject Alternative Name, according to type 120 */ 121 typedef struct mbedtls_x509_subject_alternative_name { 122 int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ 123 union { 124 mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ 125 mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */ 126 } 127 san; /**< A union of the supported SAN types */ 128 } 129 mbedtls_x509_subject_alternative_name; 130 131 /** 132 * Build flag from an algorithm/curve identifier (pk, md, ecp) 133 * Since 0 is always XXX_NONE, ignore it. 134 */ 135 #define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1)) 136 137 /** 138 * Security profile for certificate verification. 139 * 140 * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG(). 141 */ 142 typedef struct mbedtls_x509_crt_profile { 143 uint32_t allowed_mds; /**< MDs for signatures */ 144 uint32_t allowed_pks; /**< PK algs for public keys; 145 * this applies to all certificates 146 * in the provided chain. */ 147 uint32_t allowed_curves; /**< Elliptic curves for ECDSA */ 148 uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */ 149 } 150 mbedtls_x509_crt_profile; 151 152 #define MBEDTLS_X509_CRT_VERSION_1 0 153 #define MBEDTLS_X509_CRT_VERSION_2 1 154 #define MBEDTLS_X509_CRT_VERSION_3 2 155 156 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32 157 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15 158 159 #if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN) 160 #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 161 #endif 162 163 /** 164 * Container for writing a certificate (CRT) 165 */ 166 typedef struct mbedtls_x509write_cert { 167 int version; 168 mbedtls_mpi serial; 169 mbedtls_pk_context *subject_key; 170 mbedtls_pk_context *issuer_key; 171 mbedtls_asn1_named_data *subject; 172 mbedtls_asn1_named_data *issuer; 173 mbedtls_md_type_t md_alg; 174 char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; 175 char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; 176 mbedtls_asn1_named_data *extensions; 177 } 178 mbedtls_x509write_cert; 179 180 /** 181 * Item in a verification chain: cert and flags for it 182 */ 183 typedef struct { 184 mbedtls_x509_crt *crt; 185 uint32_t flags; 186 } mbedtls_x509_crt_verify_chain_item; 187 188 /** 189 * Max size of verification chain: end-entity + intermediates + trusted root 190 */ 191 #define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) 192 193 /** 194 * Verification chain as built by \c mbedtls_crt_verify_chain() 195 */ 196 typedef struct { 197 mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; 198 unsigned len; 199 200 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 201 /* This stores the list of potential trusted signers obtained from 202 * the CA callback used for the CRT verification, if configured. 203 * We must track it somewhere because the callback passes its 204 * ownership to the caller. */ 205 mbedtls_x509_crt *trust_ca_cb_result; 206 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 207 } mbedtls_x509_crt_verify_chain; 208 209 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 210 211 /** 212 * \brief Context for resuming X.509 verify operations 213 */ 214 typedef struct { 215 /* for check_signature() */ 216 mbedtls_pk_restart_ctx pk; 217 218 /* for find_parent_in() */ 219 mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */ 220 mbedtls_x509_crt *fallback_parent; 221 int fallback_signature_is_good; 222 223 /* for find_parent() */ 224 int parent_is_trusted; /* -1 if find_parent is not in progress */ 225 226 /* for verify_chain() */ 227 enum { 228 x509_crt_rs_none, 229 x509_crt_rs_find_parent, 230 } in_progress; /* none if no operation is in progress */ 231 int self_cnt; 232 mbedtls_x509_crt_verify_chain ver_chain; 233 234 } mbedtls_x509_crt_restart_ctx; 235 236 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 237 238 /* Now we can declare functions that take a pointer to that */ 239 typedef void mbedtls_x509_crt_restart_ctx; 240 241 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 242 243 #if defined(MBEDTLS_X509_CRT_PARSE_C) 244 /** 245 * Default security profile. Should provide a good balance between security 246 * and compatibility with current deployments. 247 * 248 * This profile permits: 249 * - SHA2 hashes. 250 * - All supported elliptic curves. 251 * - RSA with 2048 bits and above. 252 * 253 * New minor versions of Mbed TLS may extend this profile, for example if 254 * new curves are added to the library. New minor versions of Mbed TLS will 255 * not reduce this profile unless serious security concerns require it. 256 */ 257 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default; 258 259 /** 260 * Expected next default profile. Recommended for new deployments. 261 * Currently targets a 128-bit security level, except for allowing RSA-2048. 262 */ 263 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next; 264 265 /** 266 * NSA Suite B profile. 267 */ 268 extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb; 269 270 /** 271 * \brief Parse a single DER formatted certificate and add it 272 * to the end of the provided chained list. 273 * 274 * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto 275 * subsystem must have been initialized by calling 276 * psa_crypto_init() before calling this function. 277 * 278 * \param chain The pointer to the start of the CRT chain to attach to. 279 * When parsing the first CRT in a chain, this should point 280 * to an instance of ::mbedtls_x509_crt initialized through 281 * mbedtls_x509_crt_init(). 282 * \param buf The buffer holding the DER encoded certificate. 283 * \param buflen The size in Bytes of \p buf. 284 * 285 * \note This function makes an internal copy of the CRT buffer 286 * \p buf. In particular, \p buf may be destroyed or reused 287 * after this call returns. To avoid duplicating the CRT 288 * buffer (at the cost of stricter lifetime constraints), 289 * use mbedtls_x509_crt_parse_der_nocopy() instead. 290 * 291 * \return \c 0 if successful. 292 * \return A negative error code on failure. 293 */ 294 int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain, 295 const unsigned char *buf, 296 size_t buflen); 297 298 /** 299 * \brief The type of certificate extension callbacks. 300 * 301 * Callbacks of this type are passed to and used by the 302 * mbedtls_x509_crt_parse_der_with_ext_cb() routine when 303 * it encounters either an unsupported extension or a 304 * "certificate policies" extension containing any 305 * unsupported certificate policies. 306 * Future versions of the library may invoke the callback 307 * in other cases, if and when the need arises. 308 * 309 * \param p_ctx An opaque context passed to the callback. 310 * \param crt The certificate being parsed. 311 * \param oid The OID of the extension. 312 * \param critical Whether the extension is critical. 313 * \param p Pointer to the start of the extension value 314 * (the content of the OCTET STRING). 315 * \param end End of extension value. 316 * 317 * \note The callback must fail and return a negative error code 318 * if it can not parse or does not support the extension. 319 * When the callback fails to parse a critical extension 320 * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. 321 * When the callback fails to parse a non critical extension 322 * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips 323 * the extension and continues parsing. 324 * 325 * \return \c 0 on success. 326 * \return A negative error code on failure. 327 */ 328 typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx, 329 mbedtls_x509_crt const *crt, 330 mbedtls_x509_buf const *oid, 331 int critical, 332 const unsigned char *p, 333 const unsigned char *end); 334 335 /** 336 * \brief Parse a single DER formatted certificate and add it 337 * to the end of the provided chained list. 338 * 339 * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto 340 * subsystem must have been initialized by calling 341 * psa_crypto_init() before calling this function. 342 * 343 * \param chain The pointer to the start of the CRT chain to attach to. 344 * When parsing the first CRT in a chain, this should point 345 * to an instance of ::mbedtls_x509_crt initialized through 346 * mbedtls_x509_crt_init(). 347 * \param buf The buffer holding the DER encoded certificate. 348 * \param buflen The size in Bytes of \p buf. 349 * \param make_copy When not zero this function makes an internal copy of the 350 * CRT buffer \p buf. In particular, \p buf may be destroyed 351 * or reused after this call returns. 352 * When zero this function avoids duplicating the CRT buffer 353 * by taking temporary ownership thereof until the CRT 354 * is destroyed (like mbedtls_x509_crt_parse_der_nocopy()) 355 * \param cb A callback invoked for every unsupported certificate 356 * extension. 357 * \param p_ctx An opaque context passed to the callback. 358 * 359 * \note This call is functionally equivalent to 360 * mbedtls_x509_crt_parse_der(), and/or 361 * mbedtls_x509_crt_parse_der_nocopy() 362 * but it calls the callback with every unsupported 363 * certificate extension and additionally the 364 * "certificate policies" extension if it contains any 365 * unsupported certificate policies. 366 * The callback must return a negative error code if it 367 * does not know how to handle such an extension. 368 * When the callback fails to parse a critical extension 369 * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. 370 * When the callback fails to parse a non critical extension 371 * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips 372 * the extension and continues parsing. 373 * Future versions of the library may invoke the callback 374 * in other cases, if and when the need arises. 375 * 376 * \return \c 0 if successful. 377 * \return A negative error code on failure. 378 */ 379 int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, 380 const unsigned char *buf, 381 size_t buflen, 382 int make_copy, 383 mbedtls_x509_crt_ext_cb_t cb, 384 void *p_ctx); 385 386 /** 387 * \brief Parse a single DER formatted certificate and add it 388 * to the end of the provided chained list. This is a 389 * variant of mbedtls_x509_crt_parse_der() which takes 390 * temporary ownership of the CRT buffer until the CRT 391 * is destroyed. 392 * 393 * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto 394 * subsystem must have been initialized by calling 395 * psa_crypto_init() before calling this function. 396 * 397 * \param chain The pointer to the start of the CRT chain to attach to. 398 * When parsing the first CRT in a chain, this should point 399 * to an instance of ::mbedtls_x509_crt initialized through 400 * mbedtls_x509_crt_init(). 401 * \param buf The address of the readable buffer holding the DER encoded 402 * certificate to use. On success, this buffer must be 403 * retained and not be changed for the liftetime of the 404 * CRT chain \p chain, that is, until \p chain is destroyed 405 * through a call to mbedtls_x509_crt_free(). 406 * \param buflen The size in Bytes of \p buf. 407 * 408 * \note This call is functionally equivalent to 409 * mbedtls_x509_crt_parse_der(), but it avoids creating a 410 * copy of the input buffer at the cost of stronger lifetime 411 * constraints. This is useful in constrained environments 412 * where duplication of the CRT cannot be tolerated. 413 * 414 * \return \c 0 if successful. 415 * \return A negative error code on failure. 416 */ 417 int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, 418 const unsigned char *buf, 419 size_t buflen); 420 421 /** 422 * \brief Parse one DER-encoded or one or more concatenated PEM-encoded 423 * certificates and add them to the chained list. 424 * 425 * For CRTs in PEM encoding, the function parses permissively: 426 * if at least one certificate can be parsed, the function 427 * returns the number of certificates for which parsing failed 428 * (hence \c 0 if all certificates were parsed successfully). 429 * If no certificate could be parsed, the function returns 430 * the first (negative) error encountered during parsing. 431 * 432 * PEM encoded certificates may be interleaved by other data 433 * such as human readable descriptions of their content, as 434 * long as the certificates are enclosed in the PEM specific 435 * '-----{BEGIN/END} CERTIFICATE-----' delimiters. 436 * 437 * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto 438 * subsystem must have been initialized by calling 439 * psa_crypto_init() before calling this function. 440 * 441 * \param chain The chain to which to add the parsed certificates. 442 * \param buf The buffer holding the certificate data in PEM or DER format. 443 * For certificates in PEM encoding, this may be a concatenation 444 * of multiple certificates; for DER encoding, the buffer must 445 * comprise exactly one certificate. 446 * \param buflen The size of \p buf, including the terminating \c NULL byte 447 * in case of PEM encoded data. 448 * 449 * \return \c 0 if all certificates were parsed successfully. 450 * \return The (positive) number of certificates that couldn't 451 * be parsed if parsing was partly successful (see above). 452 * \return A negative X509 or PEM error code otherwise. 453 * 454 */ 455 int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen); 456 457 #if defined(MBEDTLS_FS_IO) 458 /** 459 * \brief Load one or more certificates and add them 460 * to the chained list. Parses permissively. If some 461 * certificates can be parsed, the result is the number 462 * of failed certificates it encountered. If none complete 463 * correctly, the first error is returned. 464 * 465 * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto 466 * subsystem must have been initialized by calling 467 * psa_crypto_init() before calling this function. 468 * 469 * \param chain points to the start of the chain 470 * \param path filename to read the certificates from 471 * 472 * \return 0 if all certificates parsed successfully, a positive number 473 * if partly successful or a specific X509 or PEM error code 474 */ 475 int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path); 476 477 /** 478 * \brief Load one or more certificate files from a path and add them 479 * to the chained list. Parses permissively. If some 480 * certificates can be parsed, the result is the number 481 * of failed certificates it encountered. If none complete 482 * correctly, the first error is returned. 483 * 484 * \param chain points to the start of the chain 485 * \param path directory / folder to read the certificate files from 486 * 487 * \return 0 if all certificates parsed successfully, a positive number 488 * if partly successful or a specific X509 or PEM error code 489 */ 490 int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path); 491 492 #endif /* MBEDTLS_FS_IO */ 493 /** 494 * \brief This function parses an item in the SubjectAlternativeNames 495 * extension. 496 * 497 * \param san_buf The buffer holding the raw data item of the subject 498 * alternative name. 499 * \param san The target structure to populate with the parsed presentation 500 * of the subject alternative name encoded in \p san_buf. 501 * 502 * \note Only "dnsName" and "otherName" of type hardware_module_name 503 * as defined in RFC 4180 is supported. 504 * 505 * \note This function should be called on a single raw data of 506 * subject alternative name. For example, after successful 507 * certificate parsing, one must iterate on every item in the 508 * \c crt->subject_alt_names sequence, and pass it to 509 * this function. 510 * 511 * \warning The target structure contains pointers to the raw data of the 512 * parsed certificate, and its lifetime is restricted by the 513 * lifetime of the certificate. 514 * 515 * \return \c 0 on success 516 * \return #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported 517 * SAN type. 518 * \return Another negative value for any other failure. 519 */ 520 int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, 521 mbedtls_x509_subject_alternative_name *san); 522 /** 523 * \brief Returns an informational string about the 524 * certificate. 525 * 526 * \param buf Buffer to write to 527 * \param size Maximum size of buffer 528 * \param prefix A line prefix 529 * \param crt The X509 certificate to represent 530 * 531 * \return The length of the string written (not including the 532 * terminated nul byte), or a negative error code. 533 */ 534 int mbedtls_x509_crt_info(char *buf, size_t size, const char *prefix, 535 const mbedtls_x509_crt *crt); 536 537 /** 538 * \brief Returns an informational string about the 539 * verification status of a certificate. 540 * 541 * \param buf Buffer to write to 542 * \param size Maximum size of buffer 543 * \param prefix A line prefix 544 * \param flags Verification flags created by mbedtls_x509_crt_verify() 545 * 546 * \return The length of the string written (not including the 547 * terminated nul byte), or a negative error code. 548 */ 549 int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, 550 uint32_t flags); 551 552 /** 553 * \brief Verify a chain of certificates. 554 * 555 * The verify callback is a user-supplied callback that 556 * can clear / modify / add flags for a certificate. If set, 557 * the verification callback is called for each 558 * certificate in the chain (from the trust-ca down to the 559 * presented crt). The parameters for the callback are: 560 * (void *parameter, mbedtls_x509_crt *crt, int certificate_depth, 561 * int *flags). With the flags representing current flags for 562 * that specific certificate and the certificate depth from 563 * the bottom (Peer cert depth = 0). 564 * 565 * All flags left after returning from the callback 566 * are also returned to the application. The function should 567 * return 0 for anything (including invalid certificates) 568 * other than fatal error, as a non-zero return code 569 * immediately aborts the verification process. For fatal 570 * errors, a specific error code should be used (different 571 * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not 572 * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR 573 * can be used if no better code is available. 574 * 575 * \note In case verification failed, the results can be displayed 576 * using \c mbedtls_x509_crt_verify_info() 577 * 578 * \note Same as \c mbedtls_x509_crt_verify_with_profile() with the 579 * default security profile. 580 * 581 * \note It is your responsibility to provide up-to-date CRLs for 582 * all trusted CAs. If no CRL is provided for the CA that was 583 * used to sign the certificate, CRL verification is skipped 584 * silently, that is *without* setting any flag. 585 * 586 * \note The \c trust_ca list can contain two types of certificates: 587 * (1) those of trusted root CAs, so that certificates 588 * chaining up to those CAs will be trusted, and (2) 589 * self-signed end-entity certificates to be trusted (for 590 * specific peers you know) - in that case, the self-signed 591 * certificate doesn't need to have the CA bit set. 592 * 593 * \param crt The certificate chain to be verified. 594 * \param trust_ca The list of trusted CAs. 595 * \param ca_crl The list of CRLs for trusted CAs. 596 * \param cn The expected Common Name. This will be checked to be 597 * present in the certificate's subjectAltNames extension or, 598 * if this extension is absent, as a CN component in its 599 * Subject name. Currently only DNS names are supported. This 600 * may be \c NULL if the CN need not be verified. 601 * \param flags The address at which to store the result of the verification. 602 * If the verification couldn't be completed, the flag value is 603 * set to (uint32_t) -1. 604 * \param f_vrfy The verification callback to use. See the documentation 605 * of mbedtls_x509_crt_verify() for more information. 606 * \param p_vrfy The context to be passed to \p f_vrfy. 607 * 608 * \return \c 0 if the chain is valid with respect to the 609 * passed CN, CAs, CRLs and security profile. 610 * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the 611 * certificate chain verification failed. In this case, 612 * \c *flags will have one or more 613 * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX 614 * flags set. 615 * \return Another negative error code in case of a fatal error 616 * encountered during the verification process. 617 */ 618 int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt, 619 mbedtls_x509_crt *trust_ca, 620 mbedtls_x509_crl *ca_crl, 621 const char *cn, uint32_t *flags, 622 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 623 void *p_vrfy); 624 625 /** 626 * \brief Verify a chain of certificates with respect to 627 * a configurable security profile. 628 * 629 * \note Same as \c mbedtls_x509_crt_verify(), but with explicit 630 * security profile. 631 * 632 * \note The restrictions on keys (RSA minimum size, allowed curves 633 * for ECDSA) apply to all certificates: trusted root, 634 * intermediate CAs if any, and end entity certificate. 635 * 636 * \param crt The certificate chain to be verified. 637 * \param trust_ca The list of trusted CAs. 638 * \param ca_crl The list of CRLs for trusted CAs. 639 * \param profile The security profile to use for the verification. 640 * \param cn The expected Common Name. This may be \c NULL if the 641 * CN need not be verified. 642 * \param flags The address at which to store the result of the verification. 643 * If the verification couldn't be completed, the flag value is 644 * set to (uint32_t) -1. 645 * \param f_vrfy The verification callback to use. See the documentation 646 * of mbedtls_x509_crt_verify() for more information. 647 * \param p_vrfy The context to be passed to \p f_vrfy. 648 * 649 * \return \c 0 if the chain is valid with respect to the 650 * passed CN, CAs, CRLs and security profile. 651 * \return #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the 652 * certificate chain verification failed. In this case, 653 * \c *flags will have one or more 654 * \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX 655 * flags set. 656 * \return Another negative error code in case of a fatal error 657 * encountered during the verification process. 658 */ 659 int mbedtls_x509_crt_verify_with_profile(mbedtls_x509_crt *crt, 660 mbedtls_x509_crt *trust_ca, 661 mbedtls_x509_crl *ca_crl, 662 const mbedtls_x509_crt_profile *profile, 663 const char *cn, uint32_t *flags, 664 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 665 void *p_vrfy); 666 667 /** 668 * \brief Restartable version of \c mbedtls_crt_verify_with_profile() 669 * 670 * \note Performs the same job as \c mbedtls_crt_verify_with_profile() 671 * but can return early and restart according to the limit 672 * set with \c mbedtls_ecp_set_max_ops() to reduce blocking. 673 * 674 * \param crt The certificate chain to be verified. 675 * \param trust_ca The list of trusted CAs. 676 * \param ca_crl The list of CRLs for trusted CAs. 677 * \param profile The security profile to use for the verification. 678 * \param cn The expected Common Name. This may be \c NULL if the 679 * CN need not be verified. 680 * \param flags The address at which to store the result of the verification. 681 * If the verification couldn't be completed, the flag value is 682 * set to (uint32_t) -1. 683 * \param f_vrfy The verification callback to use. See the documentation 684 * of mbedtls_x509_crt_verify() for more information. 685 * \param p_vrfy The context to be passed to \p f_vrfy. 686 * \param rs_ctx The restart context to use. This may be set to \c NULL 687 * to disable restartable ECC. 688 * 689 * \return See \c mbedtls_crt_verify_with_profile(), or 690 * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of 691 * operations was reached: see \c mbedtls_ecp_set_max_ops(). 692 */ 693 int mbedtls_x509_crt_verify_restartable(mbedtls_x509_crt *crt, 694 mbedtls_x509_crt *trust_ca, 695 mbedtls_x509_crl *ca_crl, 696 const mbedtls_x509_crt_profile *profile, 697 const char *cn, uint32_t *flags, 698 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 699 void *p_vrfy, 700 mbedtls_x509_crt_restart_ctx *rs_ctx); 701 702 /** 703 * \brief The type of trusted certificate callbacks. 704 * 705 * Callbacks of this type are passed to and used by the CRT 706 * verification routine mbedtls_x509_crt_verify_with_ca_cb() 707 * when looking for trusted signers of a given certificate. 708 * 709 * On success, the callback returns a list of trusted 710 * certificates to be considered as potential signers 711 * for the input certificate. 712 * 713 * \param p_ctx An opaque context passed to the callback. 714 * \param child The certificate for which to search a potential signer. 715 * This will point to a readable certificate. 716 * \param candidate_cas The address at which to store the address of the first 717 * entry in the generated linked list of candidate signers. 718 * This will not be \c NULL. 719 * 720 * \note The callback must only return a non-zero value on a 721 * fatal error. If, in contrast, the search for a potential 722 * signer completes without a single candidate, the 723 * callback must return \c 0 and set \c *candidate_cas 724 * to \c NULL. 725 * 726 * \return \c 0 on success. In this case, \c *candidate_cas points 727 * to a heap-allocated linked list of instances of 728 * ::mbedtls_x509_crt, and ownership of this list is passed 729 * to the caller. 730 * \return A negative error code on failure. 731 */ 732 typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx, 733 mbedtls_x509_crt const *child, 734 mbedtls_x509_crt **candidate_cas); 735 736 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 737 /** 738 * \brief Version of \c mbedtls_x509_crt_verify_with_profile() which 739 * uses a callback to acquire the list of trusted CA 740 * certificates. 741 * 742 * \param crt The certificate chain to be verified. 743 * \param f_ca_cb The callback to be used to query for potential signers 744 * of a given child certificate. See the documentation of 745 * ::mbedtls_x509_crt_ca_cb_t for more information. 746 * \param p_ca_cb The opaque context to be passed to \p f_ca_cb. 747 * \param profile The security profile for the verification. 748 * \param cn The expected Common Name. This may be \c NULL if the 749 * CN need not be verified. 750 * \param flags The address at which to store the result of the verification. 751 * If the verification couldn't be completed, the flag value is 752 * set to (uint32_t) -1. 753 * \param f_vrfy The verification callback to use. See the documentation 754 * of mbedtls_x509_crt_verify() for more information. 755 * \param p_vrfy The context to be passed to \p f_vrfy. 756 * 757 * \return See \c mbedtls_crt_verify_with_profile(). 758 */ 759 int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt, 760 mbedtls_x509_crt_ca_cb_t f_ca_cb, 761 void *p_ca_cb, 762 const mbedtls_x509_crt_profile *profile, 763 const char *cn, uint32_t *flags, 764 int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), 765 void *p_vrfy); 766 767 #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 768 769 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) 770 /** 771 * \brief Check usage of certificate against keyUsage extension. 772 * 773 * \param crt Leaf certificate used. 774 * \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT 775 * before using the certificate to perform an RSA key 776 * exchange). 777 * 778 * \note Except for decipherOnly and encipherOnly, a bit set in the 779 * usage argument means this bit MUST be set in the 780 * certificate. For decipherOnly and encipherOnly, it means 781 * that bit MAY be set. 782 * 783 * \return 0 is these uses of the certificate are allowed, 784 * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension 785 * is present but does not match the usage argument. 786 * 787 * \note You should only call this function on leaf certificates, on 788 * (intermediate) CAs the keyUsage extension is automatically 789 * checked by \c mbedtls_x509_crt_verify(). 790 */ 791 int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt, 792 unsigned int usage); 793 #endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */ 794 795 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) 796 /** 797 * \brief Check usage of certificate against extendedKeyUsage. 798 * 799 * \param crt Leaf certificate used. 800 * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or 801 * MBEDTLS_OID_CLIENT_AUTH). 802 * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()). 803 * 804 * \return 0 if this use of the certificate is allowed, 805 * MBEDTLS_ERR_X509_BAD_INPUT_DATA if not. 806 * 807 * \note Usually only makes sense on leaf certificates. 808 */ 809 int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt, 810 const char *usage_oid, 811 size_t usage_len); 812 #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ 813 814 #if defined(MBEDTLS_X509_CRL_PARSE_C) 815 /** 816 * \brief Verify the certificate revocation status 817 * 818 * \param crt a certificate to be verified 819 * \param crl the CRL to verify against 820 * 821 * \return 1 if the certificate is revoked, 0 otherwise 822 * 823 */ 824 int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl); 825 #endif /* MBEDTLS_X509_CRL_PARSE_C */ 826 827 /** 828 * \brief Initialize a certificate (chain) 829 * 830 * \param crt Certificate chain to initialize 831 */ 832 void mbedtls_x509_crt_init(mbedtls_x509_crt *crt); 833 834 /** 835 * \brief Unallocate all certificate data 836 * 837 * \param crt Certificate chain to free 838 */ 839 void mbedtls_x509_crt_free(mbedtls_x509_crt *crt); 840 841 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 842 /** 843 * \brief Initialize a restart context 844 */ 845 void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx); 846 847 /** 848 * \brief Free the components of a restart context 849 */ 850 void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx); 851 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 852 #endif /* MBEDTLS_X509_CRT_PARSE_C */ 853 854 /** \} name Structures and functions for parsing and writing X.509 certificates */ 855 856 #if defined(MBEDTLS_X509_CRT_WRITE_C) 857 /** 858 * \brief Initialize a CRT writing context 859 * 860 * \param ctx CRT context to initialize 861 */ 862 void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx); 863 864 /** 865 * \brief Set the version for a Certificate 866 * Default: MBEDTLS_X509_CRT_VERSION_3 867 * 868 * \param ctx CRT context to use 869 * \param version version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or 870 * MBEDTLS_X509_CRT_VERSION_3) 871 */ 872 void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version); 873 874 /** 875 * \brief Set the serial number for a Certificate. 876 * 877 * \param ctx CRT context to use 878 * \param serial serial number to set 879 * 880 * \return 0 if successful 881 */ 882 int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial); 883 884 /** 885 * \brief Set the validity period for a Certificate 886 * Timestamps should be in string format for UTC timezone 887 * i.e. "YYYYMMDDhhmmss" 888 * e.g. "20131231235959" for December 31st 2013 889 * at 23:59:59 890 * 891 * \param ctx CRT context to use 892 * \param not_before not_before timestamp 893 * \param not_after not_after timestamp 894 * 895 * \return 0 if timestamp was parsed successfully, or 896 * a specific error code 897 */ 898 int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char *not_before, 899 const char *not_after); 900 901 /** 902 * \brief Set the issuer name for a Certificate 903 * Issuer names should contain a comma-separated list 904 * of OID types and values: 905 * e.g. "C=UK,O=ARM,CN=Mbed TLS CA" 906 * 907 * \param ctx CRT context to use 908 * \param issuer_name issuer name to set 909 * 910 * \return 0 if issuer name was parsed successfully, or 911 * a specific error code 912 */ 913 int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, 914 const char *issuer_name); 915 916 /** 917 * \brief Set the subject name for a Certificate 918 * Subject names should contain a comma-separated list 919 * of OID types and values: 920 * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1" 921 * 922 * \param ctx CRT context to use 923 * \param subject_name subject name to set 924 * 925 * \return 0 if subject name was parsed successfully, or 926 * a specific error code 927 */ 928 int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx, 929 const char *subject_name); 930 931 /** 932 * \brief Set the subject public key for the certificate 933 * 934 * \param ctx CRT context to use 935 * \param key public key to include 936 */ 937 void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key); 938 939 /** 940 * \brief Set the issuer key used for signing the certificate 941 * 942 * \param ctx CRT context to use 943 * \param key private key to sign with 944 */ 945 void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx, mbedtls_pk_context *key); 946 947 /** 948 * \brief Set the MD algorithm to use for the signature 949 * (e.g. MBEDTLS_MD_SHA1) 950 * 951 * \param ctx CRT context to use 952 * \param md_alg MD algorithm to use 953 */ 954 void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg); 955 956 /** 957 * \brief Generic function to add to or replace an extension in the 958 * CRT 959 * 960 * \param ctx CRT context to use 961 * \param oid OID of the extension 962 * \param oid_len length of the OID 963 * \param critical if the extension is critical (per the RFC's definition) 964 * \param val value of the extension OCTET STRING 965 * \param val_len length of the value data 966 * 967 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 968 */ 969 int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, 970 const char *oid, size_t oid_len, 971 int critical, 972 const unsigned char *val, size_t val_len); 973 974 /** 975 * \brief Set the basicConstraints extension for a CRT 976 * 977 * \param ctx CRT context to use 978 * \param is_ca is this a CA certificate 979 * \param max_pathlen maximum length of certificate chains below this 980 * certificate (only for CA certificates, -1 is 981 * unlimited) 982 * 983 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 984 */ 985 int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx, 986 int is_ca, int max_pathlen); 987 988 #if defined(MBEDTLS_SHA1_C) 989 /** 990 * \brief Set the subjectKeyIdentifier extension for a CRT 991 * Requires that mbedtls_x509write_crt_set_subject_key() has been 992 * called before 993 * 994 * \param ctx CRT context to use 995 * 996 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 997 */ 998 int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx); 999 1000 /** 1001 * \brief Set the authorityKeyIdentifier extension for a CRT 1002 * Requires that mbedtls_x509write_crt_set_issuer_key() has been 1003 * called before 1004 * 1005 * \param ctx CRT context to use 1006 * 1007 * \return 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED 1008 */ 1009 int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx); 1010 #endif /* MBEDTLS_SHA1_C */ 1011 1012 /** 1013 * \brief Set the Key Usage Extension flags 1014 * (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN) 1015 * 1016 * \param ctx CRT context to use 1017 * \param key_usage key usage flags to set 1018 * 1019 * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED 1020 */ 1021 int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx, 1022 unsigned int key_usage); 1023 1024 /** 1025 * \brief Set the Netscape Cert Type flags 1026 * (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL) 1027 * 1028 * \param ctx CRT context to use 1029 * \param ns_cert_type Netscape Cert Type flags to set 1030 * 1031 * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED 1032 */ 1033 int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx, 1034 unsigned char ns_cert_type); 1035 1036 /** 1037 * \brief Free the contents of a CRT write context 1038 * 1039 * \param ctx CRT context to free 1040 */ 1041 void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx); 1042 1043 /** 1044 * \brief Write a built up certificate to a X509 DER structure 1045 * Note: data is written at the end of the buffer! Use the 1046 * return value to determine where you should start 1047 * using the buffer 1048 * 1049 * \param ctx certificate to write away 1050 * \param buf buffer to write to 1051 * \param size size of the buffer 1052 * \param f_rng RNG function (for signature, see note) 1053 * \param p_rng RNG parameter 1054 * 1055 * \return length of data written if successful, or a specific 1056 * error code 1057 * 1058 * \note f_rng may be NULL if RSA is used for signature and the 1059 * signature is made offline (otherwise f_rng is desirable 1060 * for countermeasures against timing attacks). 1061 * ECDSA signatures always require a non-NULL f_rng. 1062 */ 1063 int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, 1064 int (*f_rng)(void *, unsigned char *, size_t), 1065 void *p_rng); 1066 1067 #if defined(MBEDTLS_PEM_WRITE_C) 1068 /** 1069 * \brief Write a built up certificate to a X509 PEM string 1070 * 1071 * \param ctx certificate to write away 1072 * \param buf buffer to write to 1073 * \param size size of the buffer 1074 * \param f_rng RNG function (for signature, see note) 1075 * \param p_rng RNG parameter 1076 * 1077 * \return 0 if successful, or a specific error code 1078 * 1079 * \note f_rng may be NULL if RSA is used for signature and the 1080 * signature is made offline (otherwise f_rng is desirable 1081 * for countermeasures against timing attacks). 1082 * ECDSA signatures always require a non-NULL f_rng. 1083 */ 1084 int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, 1085 int (*f_rng)(void *, unsigned char *, size_t), 1086 void *p_rng); 1087 #endif /* MBEDTLS_PEM_WRITE_C */ 1088 #endif /* MBEDTLS_X509_CRT_WRITE_C */ 1089 1090 /** \} addtogroup x509_module */ 1091 1092 #ifdef __cplusplus 1093 } 1094 #endif 1095 1096 #endif /* mbedtls_x509_crt.h */ 1097