/** * \file x509_crl.h * * \brief X.509 certificate revocation list parsing */ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * * This file is provided under the Apache License 2.0, or the * GNU General Public License v2.0 or later. * * ********** * Apache License 2.0: * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * ********** * * ********** * GNU General Public License v2.0 or later: * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * ********** */ #ifndef MBEDTLS_X509_CRL_H #define MBEDTLS_X509_CRL_H #if !defined(MBEDTLS_CONFIG_FILE) #include "config.h" #else #include MBEDTLS_CONFIG_FILE #endif #include "x509.h" #ifdef __cplusplus extern "C" { #endif /** * \addtogroup x509_module * \{ */ /** * \name Structures and functions for parsing CRLs * \{ */ /** * Certificate revocation list entry. * Contains the CA-specific serial numbers and revocation dates. */ typedef struct mbedtls_x509_crl_entry { mbedtls_x509_buf raw; mbedtls_x509_buf serial; mbedtls_x509_time revocation_date; mbedtls_x509_buf entry_ext; struct mbedtls_x509_crl_entry *next; } mbedtls_x509_crl_entry; /** * Certificate revocation list structure. * Every CRL may have multiple entries. */ typedef struct mbedtls_x509_crl { mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ int version; /**< CRL version (1=v1, 2=v2) */ mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */ mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ mbedtls_x509_time this_update; mbedtls_x509_time next_update; mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */ mbedtls_x509_buf crl_ext; mbedtls_x509_buf sig_oid2; mbedtls_x509_buf sig; mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ struct mbedtls_x509_crl *next; } mbedtls_x509_crl; /** * \brief Parse a DER-encoded CRL and append it to the chained list * * \param chain points to the start of the chain * \param buf buffer holding the CRL data in DER format * \param buflen size of the buffer * (including the terminating null byte for PEM data) * * \return 0 if successful, or a specific X509 or PEM error code */ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ); /** * \brief Parse one or more CRLs and append them to the chained list * * \note Multiple CRLs are accepted only if using PEM format * * \param chain points to the start of the chain * \param buf buffer holding the CRL data in PEM or DER format * \param buflen size of the buffer * (including the terminating null byte for PEM data) * * \return 0 if successful, or a specific X509 or PEM error code */ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ); #if defined(MBEDTLS_FS_IO) /** * \brief Load one or more CRLs and append them to the chained list * * \note Multiple CRLs are accepted only if using PEM format * * \param chain points to the start of the chain * \param path filename to read the CRLs from (in PEM or DER encoding) * * \return 0 if successful, or a specific X509 or PEM error code */ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); #endif /* MBEDTLS_FS_IO */ /** * \brief Returns an informational string about the CRL. * * \param buf Buffer to write to * \param size Maximum size of buffer * \param prefix A line prefix * \param crl The X509 CRL to represent * * \return The length of the string written (not including the * terminated nul byte), or a negative error code. */ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_crl *crl ); /** * \brief Initialize a CRL (chain) * * \param crl CRL chain to initialize */ void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ); /** * \brief Unallocate all CRL data * * \param crl CRL chain to free */ void mbedtls_x509_crl_free( mbedtls_x509_crl *crl ); /* \} name */ /* \} addtogroup x509_module */ #ifdef __cplusplus } #endif #endif /* mbedtls_x509_crl.h */