TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b9e4e2c97a2e448090ff3fcc0f99b8f6dbc08897 / . / include / polarssl / x509_csr.h
blob: 8b4892aeadd10c5fb423a3491d1bc2090b949561 [file] [log] [blame]
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]1/**
2 * \file x509_csr.h
3 *
4 * \brief X.509 certificate signing request parsing and writing
5 *
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]6 * Copyright (C) 2006-2014, Brainspark B.V.
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]7 *
8 * This file is part of PolarSSL (http://www.polarssl.org)
9 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
10 *
11 * All rights reserved.
12 *
13 * This program is free software; you can redistribute it and/or modify
14 * it under the terms of the GNU General Public License as published by
15 * the Free Software Foundation; either version 2 of the License, or
16 * (at your option) any later version.
17 *
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License along
24 * with this program; if not, write to the Free Software Foundation, Inc.,
25 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 */
27#ifndef POLARSSL_X509_CSR_H
28#define POLARSSL_X509_CSR_H
29
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]30#if !defined(POLARSSL_CONFIG_FILE)
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]31#include "config.h"
Manuel Pégourié-Gonnardcef4ad22014-04-29 12:39:06 +0200[diff] [blame]32#else
33#include POLARSSL_CONFIG_FILE
34#endif
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]35
36#include "x509.h"
37
38#ifdef __cplusplus
39extern "C" {
40#endif
41
42/**
43 * \addtogroup x509_module
44 * \{ */
45
46/**
47 * \name Structures and functions for X.509 Certificate Signing Requests (CSR)
48 * \{
49 */
50
51/**
52 * Certificate Signing Request (CSR) structure.
53 */
54typedef struct _x509_csr
55{
56 x509_buf raw; /**< The raw CSR data (DER). */
57 x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
58
59 int version;
60
61 x509_buf subject_raw; /**< The raw subject data (DER). */
62 x509_name subject; /**< The parsed subject data (named information object). */
63
64 pk_context pk; /**< Container for the public key context. */
65
66 x509_buf sig_oid;
67 x509_buf sig;
68 md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
69 pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
70}
71x509_csr;
72
73/**
74 * Container for writing a CSR
75 */
76typedef struct _x509write_csr
77{
78 pk_context *key;
79 asn1_named_data *subject;
80 md_type_t md_alg;
81 asn1_named_data *extensions;
82}
83x509write_csr;
84
85#if defined(POLARSSL_X509_CSR_PARSE_C)
86/**
87 * \brief Load a Certificate Signing Request (CSR)
88 *
89 * \param csr CSR context to fill
90 * \param buf buffer holding the CRL data
91 * \param buflen size of the buffer
92 *
93 * \return 0 if successful, or a specific X509 or PEM error code
94 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]95int x509_csr_parse( x509_csr *csr, const unsigned char *buf, size_t buflen );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]96
97#if defined(POLARSSL_FS_IO)
98/**
99 * \brief Load a Certificate Signing Request (CSR)
100 *
101 * \param csr CSR context to fill
102 * \param path filename to read the CSR from
103 *
104 * \return 0 if successful, or a specific X509 or PEM error code
105 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]106int x509_csr_parse_file( x509_csr *csr, const char *path );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]107#endif /* POLARSSL_FS_IO */
108
109/**
110 * \brief Returns an informational string about the
111 * CSR.
112 *
113 * \param buf Buffer to write to
114 * \param size Maximum size of buffer
115 * \param prefix A line prefix
116 * \param csr The X509 CSR to represent
117 *
118 * \return The amount of data written to the buffer, or -1 in
119 * case of an error.
120 */
Paul Bakkerddf26b42013-09-18 13:46:23 +0200[diff] [blame]121int x509_csr_info( char *buf, size_t size, const char *prefix,
122 const x509_csr *csr );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]123
124/**
Paul Bakker369d2eb2013-09-18 11:58:25 +0200[diff] [blame]125 * \brief Initialize a CSR
126 *
127 * \param csr CSR to initialize
128 */
129void x509_csr_init( x509_csr *csr );
130
131/**
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]132 * \brief Unallocate all CSR data
133 *
134 * \param csr CSR to free
135 */
136void x509_csr_free( x509_csr *csr );
137#endif /* POLARSSL_X509_CSR_PARSE_C */
138
139/* \} name */
140/* \} addtogroup x509_module */
141
142#if defined(POLARSSL_X509_CSR_WRITE_C)
143/**
144 * \brief Initialize a CSR context
145 *
146 * \param ctx CSR context to initialize
147 */
148void x509write_csr_init( x509write_csr *ctx );
149
150/**
151 * \brief Set the subject name for a CSR
152 * Subject names should contain a comma-separated list
153 * of OID types and values:
154 * e.g. "C=NL,O=Offspark,CN=PolarSSL Server 1"
155 *
156 * \param ctx CSR context to use
157 * \param subject_name subject name to set
158 *
159 * \return 0 if subject name was parsed successfully, or
160 * a specific error code
161 */
Paul Bakker50dc8502013-10-28 21:19:10 +0100[diff] [blame]162int x509write_csr_set_subject_name( x509write_csr *ctx,
163 const char *subject_name );
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]164
165/**
166 * \brief Set the key for a CSR (public key will be included,
167 * private key used to sign the CSR when writing it)
168 *
169 * \param ctx CSR context to use
170 * \param key Asymetric key to include
171 */
172void x509write_csr_set_key( x509write_csr *ctx, pk_context *key );
173
174/**
175 * \brief Set the MD algorithm to use for the signature
176 * (e.g. POLARSSL_MD_SHA1)
177 *
178 * \param ctx CSR context to use
179 * \param md_alg MD algorithm to use
180 */
181void x509write_csr_set_md_alg( x509write_csr *ctx, md_type_t md_alg );
182
183/**
184 * \brief Set the Key Usage Extension flags
185 * (e.g. KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN)
186 *
187 * \param ctx CSR context to use
188 * \param key_usage key usage flags to set
189 *
190 * \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
191 */
192int x509write_csr_set_key_usage( x509write_csr *ctx, unsigned char key_usage );
193
194/**
195 * \brief Set the Netscape Cert Type flags
196 * (e.g. NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_EMAIL)
197 *
198 * \param ctx CSR context to use
199 * \param ns_cert_type Netscape Cert Type flags to set
200 *
201 * \return 0 if successful, or POLARSSL_ERR_X509WRITE_MALLOC_FAILED
202 */
203int x509write_csr_set_ns_cert_type( x509write_csr *ctx,
204 unsigned char ns_cert_type );
205
206/**
Paul Bakkerb9e4e2c2014-05-01 14:18:25 +0200[diff] [blame^]207 * \brief Generic function to add to or replace an extension in the
208 * CSR
Paul Bakker7c6b2c32013-09-16 13:49:26 +0200[diff] [blame]209 *
210 * \param ctx CSR context to use
211 * \param oid OID of the extension
212 * \param oid_len length of the OID
213 * \param val value of the extension OCTET STRING
214 * \param val_len length of the value data
215 *
216 * \return 0 if successful, or a POLARSSL_ERR_X509WRITE_MALLOC_FAILED
217 */
218int x509write_csr_set_extension( x509write_csr *ctx,
219 const char *oid, size_t oid_len,
220 const unsigned char *val, size_t val_len );
221
222/**
223 * \brief Free the contents of a CSR context
224 *
225 * \param ctx CSR context to free
226 */
227void x509write_csr_free( x509write_csr *ctx );
228
229/**
230 * \brief Write a CSR (Certificate Signing Request) to a
231 * DER structure
232 * Note: data is written at the end of the buffer! Use the
233 * return value to determine where you should start
234 * using the buffer
235 *
236 * \param ctx CSR to write away
237 * \param buf buffer to write to
238 * \param size size of the buffer
239 * \param f_rng RNG function (for signature, see note)
240 * \param p_rng RNG parameter
241 *
242 * \return length of data written if successful, or a specific
243 * error code
244 *
245 * \note f_rng may be NULL if RSA is used for signature and the
246 * signature is made offline (otherwise f_rng is desirable
247 * for countermeasures against timing attacks).
248 * ECDSA signatures always require a non-NULL f_rng.
249 */
250int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
251 int (*f_rng)(void *, unsigned char *, size_t),
252 void *p_rng );
253
254#if defined(POLARSSL_PEM_WRITE_C)
255/**
256 * \brief Write a CSR (Certificate Signing Request) to a
257 * PEM string
258 *
259 * \param ctx CSR to write away
260 * \param buf buffer to write to
261 * \param size size of the buffer
262 * \param f_rng RNG function (for signature, see note)
263 * \param p_rng RNG parameter
264 *
265 * \return 0 successful, or a specific error code
266 *
267 * \note f_rng may be NULL if RSA is used for signature and the
268 * signature is made offline (otherwise f_rng is desirable
269 * for couermeasures against timing attacks).
270 * ECDSA signatures always require a non-NULL f_rng.
271 */
272int x509write_csr_pem( x509write_csr *ctx, unsigned char *buf, size_t size,
273 int (*f_rng)(void *, unsigned char *, size_t),
274 void *p_rng );
275#endif /* POLARSSL_PEM_WRITE_C */
276#endif /* POLARSSL_X509_CSR_WRITE_C */
277
278#ifdef __cplusplus
279}
280#endif
281
282#endif /* x509_csr.h */