📄 x509.h
字号:
/** * \file x509.h */#ifndef XYSSL_X509_H#define XYSSL_X509_H#include "xyssl/rsa.h"#define XYSSL_ERR_ASN1_OUT_OF_DATA -0x0014#define XYSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016#define XYSSL_ERR_ASN1_INVALID_LENGTH -0x0018#define XYSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A#define XYSSL_ERR_ASN1_INVALID_DATA -0x001C#define XYSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020#define XYSSL_ERR_X509_CERT_INVALID_PEM -0x0040#define XYSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060#define XYSSL_ERR_X509_CERT_INVALID_VERSION -0x0080#define XYSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0#define XYSSL_ERR_X509_CERT_INVALID_ALG -0x00C0#define XYSSL_ERR_X509_CERT_INVALID_NAME -0x00E0#define XYSSL_ERR_X509_CERT_INVALID_DATE -0x0100#define XYSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120#define XYSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140#define XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160#define XYSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180#define XYSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0#define XYSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0#define XYSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0#define XYSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200#define XYSSL_ERR_X509_KEY_INVALID_PEM -0x0220#define XYSSL_ERR_X509_KEY_INVALID_VERSION -0x0240#define XYSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260#define XYSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280#define XYSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0#define XYSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0#define XYSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0#define XYSSL_ERR_X509_POINT_ERROR -0x0300#define XYSSL_ERR_X509_VALUE_TO_LENGTH -0x0320#define BADCERT_EXPIRED 1#define BADCERT_REVOKED 2#define BADCERT_CN_MISMATCH 4#define BADCERT_NOT_TRUSTED 8/* * DER constants */#define ASN1_BOOLEAN 0x01#define ASN1_INTEGER 0x02#define ASN1_BIT_STRING 0x03#define ASN1_OCTET_STRING 0x04#define ASN1_NULL 0x05#define ASN1_OID 0x06#define ASN1_UTF8_STRING 0x0C#define ASN1_SEQUENCE 0x10#define ASN1_SET 0x11#define ASN1_PRINTABLE_STRING 0x13#define ASN1_T61_STRING 0x14#define ASN1_IA5_STRING 0x16#define ASN1_UTC_TIME 0x17#define ASN1_UNIVERSAL_STRING 0x1C#define ASN1_BMP_STRING 0x1E#define ASN1_PRIMITIVE 0x00#define ASN1_CONSTRUCTED 0x20#define ASN1_CONTEXT_SPECIFIC 0x80/* * various object identifiers */#define X520_COMMON_NAME 3#define X520_COUNTRY 6#define X520_LOCALITY 7#define X520_STATE 8#define X520_ORGANIZATION 10#define X520_ORG_UNIT 11#define PKCS9_EMAIL 1#define X509_OUTPUT_DER 0x01#define X509_OUTPUT_PEM 0x02#define PEM_LINE_LENGTH 72#define X509_ISSUER 0x01#define X509_SUBJECT 0x02#define OID_X520 "\x55\x04"#define OID_CN "\x55\x04\x03"#define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01"#define OID_PKCS1_RSA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01"#define OID_PKCS1_RSA_SHA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05"#define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"#define OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"/* * Structures for parsing X.509 certificates */typedef struct _x509_buf{ int tag; int len; unsigned char *p;}x509_buf;typedef struct _x509_name{ x509_buf oid; x509_buf val; struct _x509_name *next;}x509_name;typedef struct _x509_time{ int year, mon, day; int hour, min, sec;}x509_time;typedef struct _x509_cert{ x509_buf raw; x509_buf tbs; int version; x509_buf serial; x509_buf sig_oid1; x509_buf issuer_raw; x509_buf subject_raw; x509_name issuer; x509_name subject; x509_time valid_from; x509_time valid_to; x509_buf pk_oid; rsa_context rsa; x509_buf issuer_id; x509_buf subject_id; x509_buf v3_ext; int ca_istrue; int max_pathlen; x509_buf sig_oid2; x509_buf sig; struct _x509_cert *next; }x509_cert;/* * Structures for writing X.509 certificates */typedef struct _x509_node{ unsigned char *data; unsigned char *p; unsigned char *end; size_t len;}x509_node;typedef struct _x509_raw{ x509_node raw; x509_node tbs; x509_node version; x509_node serial; x509_node tbs_signalg; x509_node issuer; x509_node validity; x509_node subject; x509_node subpubkey; x509_node signalg; x509_node sign;}x509_raw;#ifdef __cplusplusextern "C" {#endif/** * \brief Parse one or more certificates and add them * to the chained list * * \param chain points to the start of the chain * \param buf buffer holding the certificate data * \param buflen size of the buffer * * \return 0 if successful, or a specific X509 error code */int x509parse_crt( x509_cert *crt, unsigned char *buf, int buflen );/** * \brief Load one or more certificates and add them * to the chained list * * \param chain points to the start of the chain * \param path filename to read the certificates from * * \return 0 if successful, or a specific X509 error code */int x509parse_crtfile( x509_cert *crt, char *path );/** * \brief Parse a private RSA key * * \param rsa RSA context to be initialized * \param buf input buffer * \param buflen size of the buffer * \param pwd password for decryption (optional) * \param pwdlen size of the password * * \return 0 if successful, or a specific X509 error code */int x509parse_key( rsa_context *rsa, unsigned char *buf, int buflen, unsigned char *pwd, int pwdlen );/** * \brief Load and parse a private RSA key * * \param rsa RSA context to be initialized * \param path filename to read the private key from * \param pwd password to decrypt the file (can be NULL) * * \return 0 if successful, or a specific X509 error code */int x509parse_keyfile( rsa_context *rsa, char *path, char *password );/** * \brief Store the certificate DN in printable form into buf; * no more than (end - buf) characters will be written. */int x509parse_dn_gets( char *buf, char *end, x509_name *dn );/** * \brief Returns an informational string about the * certificate. */char *x509parse_cert_info( char *prefix, x509_cert *crt );/** * \brief Return 0 if the certificate is still valid, * or BADCERT_EXPIRED */int x509parse_expired( x509_cert *crt );/** * \brief Verify the certificate signature * * \param crt a certificate to be verified * \param trust_ca the trusted CA chain * \param cn expected Common Name (can be set to * NULL if the CN must not be verified) * \param flags result of the verification * * \return 0 if successful or XYSSL_ERR_X509_SIG_VERIFY_FAILED, * in which case *flags will have one or more of * the following values set: * BADCERT_EXPIRED -- * BADCERT_REVOKED -- * BADCERT_CN_MISMATCH -- * BADCERT_NOT_TRUSTED * * \note TODO: add two arguments, depth and crl */int x509parse_verify( x509_cert *crt, x509_cert *trust_ca, char *cn, int *flags );/** * \brief Unallocate all certificate data */void x509_free( x509_cert *crt );/** * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed */int x509_self_test( int verbose );#ifdef __cplusplus}#endif#endif /* x509.h */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -