Blame - include/polarssl/x509_csr.h - mirror/mbed-tls

blob: 5b4b1baa5fcc1d4e767d49c921277fa71040d6f1 [file] [log] [blame]

Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	1	/**
				2	* \file x509_csr.h
				3	*
				4	* \brief X.509 certificate signing request parsing and writing
				5	*
				6	* Copyright (C) 2006-2013, Brainspark B.V.
				7	*
				8	* This file is part of PolarSSL (http://www.polarssl.org)
				9	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
				10	*
				11	* All rights reserved.
				12	*
				13	* This program is free software; you can redistribute it and/or modify
				14	* it under the terms of the GNU General Public License as published by
				15	* the Free Software Foundation; either version 2 of the License, or
				16	* (at your option) any later version.
				17	*
				18	* This program is distributed in the hope that it will be useful,
				19	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				20	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				21	* GNU General Public License for more details.
				22	*
				23	* You should have received a copy of the GNU General Public License along
				24	* with this program; if not, write to the Free Software Foundation, Inc.,
				25	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				26	*/
				27	#ifndef POLARSSL_X509_CSR_H
				28	#define POLARSSL_X509_CSR_H
				29
				30	#include "config.h"
				31
				32	#include "x509.h"
				33
				34	#ifdef __cplusplus
				35	extern "C" {
				36	#endif
				37
				38	/**
				39	* \addtogroup x509_module
				40	* \{ */
				41
				42	/**
				43	* \name Structures and functions for X.509 Certificate Signing Requests (CSR)
				44	* \{
				45	*/
				46
				47	/**
				48	* Certificate Signing Request (CSR) structure.
				49	*/
				50	typedef struct _x509_csr
				51	{
				52	x509_buf raw; /*< The raw CSR data (DER). /
				53	x509_buf cri; /*< The raw CertificateRequestInfo body (DER). /
				54
				55	int version;
				56
				57	x509_buf subject_raw; /*< The raw subject data (DER). /
				58	x509_name subject; /*< The parsed subject data (named information object). /
				59
				60	pk_context pk; /*< Container for the public key context. /
				61
				62	x509_buf sig_oid;
				63	x509_buf sig;
				64	md_type_t sig_md; /*< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 /
				65	pk_type_t sig_pk /*< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA /;
				66	}
				67	x509_csr;
				68
				69	/**
				70	* Container for writing a CSR
				71	*/
				72	typedef struct _x509write_csr
				73	{
				74	pk_context *key;
				75	asn1_named_data *subject;
				76	md_type_t md_alg;
				77	asn1_named_data *extensions;
				78	}
				79	x509write_csr;
				80
				81	#if defined(POLARSSL_X509_CSR_PARSE_C)
				82	/**
				83	* \brief Load a Certificate Signing Request (CSR)
				84	*
				85	* \param csr CSR context to fill
				86	* \param buf buffer holding the CRL data
				87	* \param buflen size of the buffer
				88	*
				89	* \return 0 if successful, or a specific X509 or PEM error code
				90	*/
				91	int x509parse_csr( x509_csr csr, const unsigned char buf, size_t buflen );
				92
				93	#if defined(POLARSSL_FS_IO)
				94	/**
				95	* \brief Load a Certificate Signing Request (CSR)
				96	*
				97	* \param csr CSR context to fill
				98	* \param path filename to read the CSR from
				99	*
				100	* \return 0 if successful, or a specific X509 or PEM error code
				101	*/
				102	int x509parse_csrfile( x509_csr csr, const char path );
				103	#endif /* POLARSSL_FS_IO */
				104
				105	/**
				106	* \brief Returns an informational string about the
				107	* CSR.
				108	*
				109	* \param buf Buffer to write to
				110	* \param size Maximum size of buffer
				111	* \param prefix A line prefix
				112	* \param csr The X509 CSR to represent
				113	*
				114	* \return The amount of data written to the buffer, or -1 in
				115	* case of an error.
				116	*/
				117	int x509parse_csr_info( char buf, size_t size, const char prefix,
				118	const x509_csr *csr );
				119
				120	/**
Paul Bakker	369d2eb	2013-09-18 11:58:25 +0200	[diff] [blame^]	121	* \brief Initialize a CSR
				122	*
				123	* \param csr CSR to initialize
				124	*/
				125	void x509_csr_init( x509_csr *csr );
				126
				127	/**
Paul Bakker	7c6b2c3	2013-09-16 13:49:26 +0200	[diff] [blame]	128	* \brief Unallocate all CSR data
				129	*
				130	* \param csr CSR to free
				131	*/
				132	void x509_csr_free( x509_csr *csr );
				133	#endif /* POLARSSL_X509_CSR_PARSE_C */
				134
				135	/* \} name */
				136	/* \} addtogroup x509_module */
				137
				138	#if defined(POLARSSL_X509_CSR_WRITE_C)
				139	/**
				140	* \brief Initialize a CSR context
				141	*
				142	* \param ctx CSR context to initialize
				143	*/
				144	void x509write_csr_init( x509write_csr *ctx );
				145
				146	/**
				147	* \brief Set the subject name for a CSR
				148	* Subject names should contain a comma-separated list
				149	* of OID types and values:
				150	* e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1"
				151	*
				152	* \param ctx CSR context to use
				153	* \param subject_name subject name to set
				154	*
				155	* \return 0 if subject name was parsed successfully, or
				156	* a specific error code
				157	*/
				158	int x509write_csr_set_subject_name( x509write_csr ctx, char subject_name );
				159
				160	/**
				161	* \brief Set the key for a CSR (public key will be included,
				162	* private key used to sign the CSR when writing it)
				163	*
				164	* \param ctx CSR context to use
				165	* \param key Asymetric key to include
				166	*/
				167	void x509write_csr_set_key( x509write_csr ctx, pk_context key );
				168
				169	/**
				170	* \brief Set the MD algorithm to use for the signature
				171	* (e.g. POLARSSL_MD_SHA1)
				172	*
				173	* \param ctx CSR context to use
				174	* \param md_alg MD algorithm to use
				175	*/
				176	void x509write_csr_set_md_alg( x509write_csr *ctx, md_type_t md_alg );
				177
				178	/**
				179	* \brief Set the Key Usage Extension flags
				180	* (e.g. KU_DIGITAL_SIGNATURE \| KU_KEY_CERT_SIGN)
				181	*
				182	* \param ctx CSR context to use
				183	* \param key_usage key usage flags to set
				184	*
				185	* \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
				186	*/
				187	int x509write_csr_set_key_usage( x509write_csr *ctx, unsigned char key_usage );
				188
				189	/**
				190	* \brief Set the Netscape Cert Type flags
				191	* (e.g. NS_CERT_TYPE_SSL_CLIENT \| NS_CERT_TYPE_EMAIL)
				192	*
				193	* \param ctx CSR context to use
				194	* \param ns_cert_type Netscape Cert Type flags to set
				195	*
				196	* \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
				197	*/
				198	int x509write_csr_set_ns_cert_type( x509write_csr *ctx,
				199	unsigned char ns_cert_type );
				200
				201	/**
				202	* \brief Generic function to add to or replace an extension in the CSR
				203	*
				204	* \param ctx CSR context to use
				205	* \param oid OID of the extension
				206	* \param oid_len length of the OID
				207	* \param val value of the extension OCTET STRING
				208	* \param val_len length of the value data
				209	*
				210	* \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
				211	*/
				212	int x509write_csr_set_extension( x509write_csr *ctx,
				213	const char *oid, size_t oid_len,
				214	const unsigned char *val, size_t val_len );
				215
				216	/**
				217	* \brief Free the contents of a CSR context
				218	*
				219	* \param ctx CSR context to free
				220	*/
				221	void x509write_csr_free( x509write_csr *ctx );
				222
				223	/**
				224	* \brief Write a CSR (Certificate Signing Request) to a
				225	* DER structure
				226	* Note: data is written at the end of the buffer! Use the
				227	* return value to determine where you should start
				228	* using the buffer
				229	*
				230	* \param ctx CSR to write away
				231	* \param buf buffer to write to
				232	* \param size size of the buffer
				233	* \param f_rng RNG function (for signature, see note)
				234	* \param p_rng RNG parameter
				235	*
				236	* \return length of data written if successful, or a specific
				237	* error code
				238	*
				239	* \note f_rng may be NULL if RSA is used for signature and the
				240	* signature is made offline (otherwise f_rng is desirable
				241	* for countermeasures against timing attacks).
				242	* ECDSA signatures always require a non-NULL f_rng.
				243	*/
				244	int x509write_csr_der( x509write_csr ctx, unsigned char buf, size_t size,
				245	int (f_rng)(void , unsigned char *, size_t),
				246	void *p_rng );
				247
				248	#if defined(POLARSSL_PEM_WRITE_C)
				249	/**
				250	* \brief Write a CSR (Certificate Signing Request) to a
				251	* PEM string
				252	*
				253	* \param ctx CSR to write away
				254	* \param buf buffer to write to
				255	* \param size size of the buffer
				256	* \param f_rng RNG function (for signature, see note)
				257	* \param p_rng RNG parameter
				258	*
				259	* \return 0 successful, or a specific error code
				260	*
				261	* \note f_rng may be NULL if RSA is used for signature and the
				262	* signature is made offline (otherwise f_rng is desirable
				263	* for couermeasures against timing attacks).
				264	* ECDSA signatures always require a non-NULL f_rng.
				265	*/
				266	int x509write_csr_pem( x509write_csr ctx, unsigned char buf, size_t size,
				267	int (f_rng)(void , unsigned char *, size_t),
				268	void *p_rng );
				269	#endif /* POLARSSL_PEM_WRITE_C */
				270	#endif /* POLARSSL_X509_CSR_WRITE_C */
				271
				272	#ifdef __cplusplus
				273	}
				274	#endif
				275
				276	#endif /* x509_csr.h */