1 /**
2  * \file x509_crl.h
3  *
4  * \brief X.509 certificate revocation list parsing
5  */
6 /*
7  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
8  *  SPDX-License-Identifier: GPL-2.0
9  *
10  *  This program is free software; you can redistribute it and/or modify
11  *  it under the terms of the GNU General Public License as published by
12  *  the Free Software Foundation; either version 2 of the License, or
13  *  (at your option) any later version.
14  *
15  *  This program is distributed in the hope that it will be useful,
16  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
17  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  *  GNU General Public License for more details.
19  *
20  *  You should have received a copy of the GNU General Public License along
21  *  with this program; if not, write to the Free Software Foundation, Inc.,
22  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23  *
24  *  This file is part of mbed TLS (https://tls.mbed.org)
25  */
26 #ifndef MBEDTLS_X509_CRL_H
27 #define MBEDTLS_X509_CRL_H
28 
29 #if !defined(MBEDTLS_CONFIG_FILE)
30 #include "config.h"
31 #else
32 #include MBEDTLS_CONFIG_FILE
33 #endif
34 
35 #include "x509.h"
36 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
41 /**
42  * \addtogroup x509_module
43  * \{ */
44 
45 /**
46  * \name Structures and functions for parsing CRLs
47  * \{
48  */
49 
50 /**
51  * Certificate revocation list entry.
52  * Contains the CA-specific serial numbers and revocation dates.
53  */
54 typedef struct mbedtls_x509_crl_entry
55 {
56     mbedtls_x509_buf raw;
57 
58     mbedtls_x509_buf serial;
59 
60     mbedtls_x509_time revocation_date;
61 
62     mbedtls_x509_buf entry_ext;
63 
64     struct mbedtls_x509_crl_entry *next;
65 }
66 mbedtls_x509_crl_entry;
67 
68 /**
69  * Certificate revocation list structure.
70  * Every CRL may have multiple entries.
71  */
72 typedef struct mbedtls_x509_crl
73 {
74     mbedtls_x509_buf raw;           /**< The raw certificate data (DER). */
75     mbedtls_x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */
76 
77     int version;            /**< CRL version (1=v1, 2=v2) */
78     mbedtls_x509_buf sig_oid;       /**< CRL signature type identifier */
79 
80     mbedtls_x509_buf issuer_raw;    /**< The raw issuer data (DER). */
81 
82     mbedtls_x509_name issuer;       /**< The parsed issuer data (named information object). */
83 
84     mbedtls_x509_time this_update;
85     mbedtls_x509_time next_update;
86 
87     mbedtls_x509_crl_entry entry;   /**< The CRL entries containing the certificate revocation times for this CA. */
88 
89     mbedtls_x509_buf crl_ext;
90 
91     mbedtls_x509_buf sig_oid2;
92     mbedtls_x509_buf sig;
93     mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
94     mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
95     void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
96 
97     struct mbedtls_x509_crl *next;
98 }
99 mbedtls_x509_crl;
100 
101 /**
102  * \brief          Parse a DER-encoded CRL and append it to the chained list
103  *
104  * \param chain    points to the start of the chain
105  * \param buf      buffer holding the CRL data in DER format
106  * \param buflen   size of the buffer
107  *                 (including the terminating null byte for PEM data)
108  *
109  * \return         0 if successful, or a specific X509 or PEM error code
110  */
111 int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
112                         const unsigned char *buf, size_t buflen );
113 /**
114  * \brief          Parse one or more CRLs and append them to the chained list
115  *
116  * \note           Mutliple CRLs are accepted only if using PEM format
117  *
118  * \param chain    points to the start of the chain
119  * \param buf      buffer holding the CRL data in PEM or DER format
120  * \param buflen   size of the buffer
121  *                 (including the terminating null byte for PEM data)
122  *
123  * \return         0 if successful, or a specific X509 or PEM error code
124  */
125 int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
126 
127 #if defined(MBEDTLS_FS_IO)
128 /**
129  * \brief          Load one or more CRLs and append them to the chained list
130  *
131  * \note           Mutliple CRLs are accepted only if using PEM format
132  *
133  * \param chain    points to the start of the chain
134  * \param path     filename to read the CRLs from (in PEM or DER encoding)
135  *
136  * \return         0 if successful, or a specific X509 or PEM error code
137  */
138 int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
139 #endif /* MBEDTLS_FS_IO */
140 
141 /**
142  * \brief          Returns an informational string about the CRL.
143  *
144  * \param buf      Buffer to write to
145  * \param size     Maximum size of buffer
146  * \param prefix   A line prefix
147  * \param crl      The X509 CRL to represent
148  *
149  * \return         The length of the string written (not including the
150  *                 terminated nul byte), or a negative error code.
151  */
152 int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
153                    const mbedtls_x509_crl *crl );
154 
155 /**
156  * \brief          Initialize a CRL (chain)
157  *
158  * \param crl      CRL chain to initialize
159  */
160 void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
161 
162 /**
163  * \brief          Unallocate all CRL data
164  *
165  * \param crl      CRL chain to free
166  */
167 void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
168 
169 /* \} name */
170 /* \} addtogroup x509_module */
171 
172 #ifdef __cplusplus
173 }
174 #endif
175 
176 #endif /* mbedtls_x509_crl.h */
177