#include "mbedtls/config.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/oid.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/sha1.h"
#include <string.h>
#include "mbedtls/pem.h"
#include "arc4_alt.h"

Include dependency graph for x509write_crt.c:

Macros
#define	PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n"

#define	PEM_END_CRT "-----END CERTIFICATE-----\n"

Functions
void	mbedtls_x509write_crt_init (mbedtls_x509write_cert *ctx)
	Initialize a CRT writing context. More...

void	mbedtls_x509write_crt_free (mbedtls_x509write_cert *ctx)
	Free the contents of a CRT write context. More...

void	mbedtls_x509write_crt_set_version (mbedtls_x509write_cert *ctx, int version)
	Set the verion for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3. More...

void	mbedtls_x509write_crt_set_md_alg (mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg)
	Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1) More...

void	mbedtls_x509write_crt_set_subject_key (mbedtls_x509write_cert ctx, mbedtls_pk_context key)
	Set the subject public key for the certificate. More...

void	mbedtls_x509write_crt_set_issuer_key (mbedtls_x509write_cert ctx, mbedtls_pk_context key)
	Set the issuer key used for signing the certificate. More...

int	mbedtls_x509write_crt_set_subject_name (mbedtls_x509write_cert ctx, const char subject_name)
	Set the subject name for a Certificate Subject names should contain a comma-separated list of OID types and values: e.g. "C=UK,O=ARM,CN=mbed TLS Server 1". More...

int	mbedtls_x509write_crt_set_issuer_name (mbedtls_x509write_cert ctx, const char issuer_name)
	Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types and values: e.g. "C=UK,O=ARM,CN=mbed TLS CA". More...

int	mbedtls_x509write_crt_set_serial (mbedtls_x509write_cert ctx, const mbedtls_mpi serial)
	Set the serial number for a Certificate. More...

int	mbedtls_x509write_crt_set_validity (mbedtls_x509write_cert ctx, const char not_before, const char *not_after)
	Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i.e. "YYYYMMDDhhmmss" e.g. "20131231235959" for December 31st 2013 at 23:59:59. More...

int	mbedtls_x509write_crt_set_extension (mbedtls_x509write_cert ctx, const char oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len)
	Generic function to add to or replace an extension in the CRT. More...

int	mbedtls_x509write_crt_set_basic_constraints (mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen)
	Set the basicConstraints extension for a CRT. More...

int	mbedtls_x509write_crt_set_subject_key_identifier (mbedtls_x509write_cert *ctx)
	Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key() has been called before. More...

int	mbedtls_x509write_crt_set_authority_key_identifier (mbedtls_x509write_cert *ctx)
	Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key() has been called before. More...

int	mbedtls_x509write_crt_set_key_usage (mbedtls_x509write_cert *ctx, unsigned int key_usage)
	Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE \| MBEDTLS_X509_KU_KEY_CERT_SIGN) More...

int	mbedtls_x509write_crt_set_ns_cert_type (mbedtls_x509write_cert *ctx, unsigned char ns_cert_type)
	Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT \| MBEDTLS_X509_NS_CERT_TYPE_EMAIL) More...

static int	x509_write_time (unsigned char *p, unsigned char start, const char *time, size_t size)

int	mbedtls_x509write_crt_der (mbedtls_x509write_cert ctx, unsigned char buf, size_t size, int(f_rng)(void , unsigned char , size_t), void p_rng)
	Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer. More...

int	mbedtls_x509write_crt_pem (mbedtls_x509write_cert crt, unsigned char buf, size_t size, int(f_rng)(void , unsigned char , size_t), void p_rng)
	Write a built up certificate to a X509 PEM string. More...

Macro Definition Documentation

◆ PEM_BEGIN_CRT

#define PEM_BEGIN_CRT "-----BEGIN CERTIFICATE-----\n"

◆ PEM_END_CRT

#define PEM_END_CRT "-----END CERTIFICATE-----\n"

Function Documentation

◆ mbedtls_x509write_crt_der()

int mbedtls_x509write_crt_der	(	mbedtls_x509write_cert *	ctx,
		unsigned char *	buf,
		size_t	size,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng
	)

Write a built up certificate to a X509 DER structure Note: data is written at the end of the buffer! Use the return value to determine where you should start using the buffer.

Parameters

ctx	certificate to write away
buf	buffer to write to
size	size of the buffer
f_rng	RNG function (for signature, see note)
p_rng	RNG parameter

Returns: length of data written if successful, or a specific error code

Note: f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for countermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_x509write_crt_free()

void mbedtls_x509write_crt_free ( mbedtls_x509write_cert * ctx )

Free the contents of a CRT write context.

Parameters

ctx	CRT context to free

Here is the call graph for this function:

◆ mbedtls_x509write_crt_init()

void mbedtls_x509write_crt_init ( mbedtls_x509write_cert * ctx )

Initialize a CRT writing context.

Parameters

ctx	CRT context to initialize

Here is the call graph for this function:

◆ mbedtls_x509write_crt_pem()

int mbedtls_x509write_crt_pem	(	mbedtls_x509write_cert *	ctx,
		unsigned char *	buf,
		size_t	size,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng
	)

Write a built up certificate to a X509 PEM string.

Parameters

ctx	certificate to write away
buf	buffer to write to
size	size of the buffer
f_rng	RNG function (for signature, see note)
p_rng	RNG parameter

Returns: 0 if successful, or a specific error code

Note: f_rng may be NULL if RSA is used for signature and the signature is made offline (otherwise f_rng is desirable for countermeasures against timing attacks). ECDSA signatures always require a non-NULL f_rng.

Here is the call graph for this function:

◆ mbedtls_x509write_crt_set_authority_key_identifier()

int mbedtls_x509write_crt_set_authority_key_identifier ( mbedtls_x509write_cert * ctx )

Set the authorityKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_issuer_key() has been called before.

Parameters

ctx	CRT context to use

Returns: 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED

Here is the call graph for this function:

◆ mbedtls_x509write_crt_set_basic_constraints()

int mbedtls_x509write_crt_set_basic_constraints	(	mbedtls_x509write_cert *	ctx,
		int	is_ca,
		int	max_pathlen
	)

Set the basicConstraints extension for a CRT.

Parameters

ctx	CRT context to use
is_ca	is this a CA certificate
max_pathlen	maximum length of certificate chains below this certificate (only for CA certificates, -1 is inlimited)

Returns: 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED

Here is the call graph for this function:

◆ mbedtls_x509write_crt_set_extension()

int mbedtls_x509write_crt_set_extension	(	mbedtls_x509write_cert *	ctx,
		const char *	oid,
		size_t	oid_len,
		int	critical,
		const unsigned char *	val,
		size_t	val_len
	)

Generic function to add to or replace an extension in the CRT.

Parameters

ctx	CRT context to use
oid	OID of the extension
oid_len	length of the OID
critical	if the extension is critical (per the RFC's definition)
val	value of the extension OCTET STRING
val_len	length of the value data

Returns: 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_x509write_crt_set_issuer_key()

void mbedtls_x509write_crt_set_issuer_key	(	mbedtls_x509write_cert *	ctx,
		mbedtls_pk_context *	key
	)

Set the issuer key used for signing the certificate.

Parameters

ctx	CRT context to use
key	private key to sign with

◆ mbedtls_x509write_crt_set_issuer_name()

int mbedtls_x509write_crt_set_issuer_name	(	mbedtls_x509write_cert *	ctx,
		const char *	issuer_name
	)

Set the issuer name for a Certificate Issuer names should contain a comma-separated list of OID types and values: e.g. "C=UK,O=ARM,CN=mbed TLS CA".

Parameters

ctx	CRT context to use
issuer_name	issuer name to set

Returns: 0 if issuer name was parsed successfully, or a specific error code

Here is the call graph for this function:

◆ mbedtls_x509write_crt_set_key_usage()

int mbedtls_x509write_crt_set_key_usage	(	mbedtls_x509write_cert *	ctx,
		unsigned int	key_usage
	)

Set the Key Usage Extension flags (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)

Parameters

ctx	CRT context to use
key_usage	key usage flags to set

Returns: 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED

Here is the call graph for this function:

◆ mbedtls_x509write_crt_set_md_alg()

void mbedtls_x509write_crt_set_md_alg	(	mbedtls_x509write_cert *	ctx,
		mbedtls_md_type_t	md_alg
	)

Set the MD algorithm to use for the signature (e.g. MBEDTLS_MD_SHA1)

Parameters

ctx	CRT context to use
md_alg	MD algorithm to use

◆ mbedtls_x509write_crt_set_ns_cert_type()

int mbedtls_x509write_crt_set_ns_cert_type	(	mbedtls_x509write_cert *	ctx,
		unsigned char	ns_cert_type
	)

Set the Netscape Cert Type flags (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)

Parameters

ctx	CRT context to use
ns_cert_type	Netscape Cert Type flags to set

Returns: 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED

Here is the call graph for this function:

◆ mbedtls_x509write_crt_set_serial()

int mbedtls_x509write_crt_set_serial	(	mbedtls_x509write_cert *	ctx,
		const mbedtls_mpi *	serial
	)

Set the serial number for a Certificate.

Parameters

ctx	CRT context to use
serial	serial number to set

Returns: 0 if successful

Here is the call graph for this function:

◆ mbedtls_x509write_crt_set_subject_key()

void mbedtls_x509write_crt_set_subject_key	(	mbedtls_x509write_cert *	ctx,
		mbedtls_pk_context *	key
	)

Set the subject public key for the certificate.

Parameters

ctx	CRT context to use
key	public key to include

◆ mbedtls_x509write_crt_set_subject_key_identifier()

int mbedtls_x509write_crt_set_subject_key_identifier ( mbedtls_x509write_cert * ctx )

Set the subjectKeyIdentifier extension for a CRT Requires that mbedtls_x509write_crt_set_subject_key() has been called before.

Parameters

ctx	CRT context to use

Returns: 0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED

Here is the call graph for this function:

◆ mbedtls_x509write_crt_set_subject_name()

int mbedtls_x509write_crt_set_subject_name	(	mbedtls_x509write_cert *	ctx,
		const char *	subject_name
	)

Set the subject name for a Certificate Subject names should contain a comma-separated list of OID types and values: e.g. "C=UK,O=ARM,CN=mbed TLS Server 1".

Parameters

ctx	CRT context to use
subject_name	subject name to set

Returns: 0 if subject name was parsed successfully, or a specific error code

Here is the call graph for this function:

◆ mbedtls_x509write_crt_set_validity()

int mbedtls_x509write_crt_set_validity	(	mbedtls_x509write_cert *	ctx,
		const char *	not_before,
		const char *	not_after
	)

Set the validity period for a Certificate Timestamps should be in string format for UTC timezone i.e. "YYYYMMDDhhmmss" e.g. "20131231235959" for December 31st 2013 at 23:59:59.

Parameters

ctx	CRT context to use
not_before	not_before timestamp
not_after	not_after timestamp

Returns: 0 if timestamp was parsed successfully, or a specific error code

Here is the call graph for this function:

◆ mbedtls_x509write_crt_set_version()

void mbedtls_x509write_crt_set_version	(	mbedtls_x509write_cert *	ctx,
		int	version
	)

Set the verion for a Certificate Default: MBEDTLS_X509_CRT_VERSION_3.

Parameters

ctx	CRT context to use
version	version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or MBEDTLS_X509_CRT_VERSION_3)

◆ x509_write_time()

static int x509_write_time	(	unsigned char **	p,
		unsigned char *	start,
		const char *	time,
		size_t	size
	)

static

Here is the call graph for this function:

Here is the caller graph for this function:

Macros

Functions

Macro Definition Documentation

◆ PEM_BEGIN_CRT

◆ PEM_END_CRT

Function Documentation

◆ mbedtls_x509write_crt_der()

◆ mbedtls_x509write_crt_free()

◆ mbedtls_x509write_crt_init()

◆ mbedtls_x509write_crt_pem()

◆ mbedtls_x509write_crt_set_authority_key_identifier()

◆ mbedtls_x509write_crt_set_basic_constraints()

◆ mbedtls_x509write_crt_set_extension()

◆ mbedtls_x509write_crt_set_issuer_key()

◆ mbedtls_x509write_crt_set_issuer_name()

◆ mbedtls_x509write_crt_set_key_usage()

◆ mbedtls_x509write_crt_set_md_alg()

◆ mbedtls_x509write_crt_set_ns_cert_type()

◆ mbedtls_x509write_crt_set_serial()

◆ mbedtls_x509write_crt_set_subject_key()

◆ mbedtls_x509write_crt_set_subject_key_identifier()

◆ mbedtls_x509write_crt_set_subject_name()

◆ mbedtls_x509write_crt_set_validity()

◆ mbedtls_x509write_crt_set_version()

◆ x509_write_time()