wpa_supplicant_node: wpa_supplicant_node: x509v3.h Source File

00001 /*
00002  * X.509v3 certificate parsing and processing
00003  * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
00004  *
00005  * This program is free software; you can redistribute it and/or modify
00006  * it under the terms of the GNU General Public License version 2 as
00007  * published by the Free Software Foundation.
00008  *
00009  * Alternatively, this software may be distributed under the terms of BSD
00010  * license.
00011  *
00012  * See README and COPYING for more details.
00013  */
00014 
00015 #ifndef X509V3_H
00016 #define X509V3_H
00017 
00018 #include "asn1.h"
00019 
00020 struct x509_algorithm_identifier {
00021         struct asn1_oid oid;
00022 };
00023 
00024 struct x509_name {
00025         char *cn; /* commonName */
00026         char *c; /* countryName */
00027         char *l; /* localityName */
00028         char *st; /* stateOrProvinceName */
00029         char *o; /* organizationName */
00030         char *ou; /* organizationalUnitName */
00031         char *email; /* emailAddress */
00032 
00033         /* from alternative name extension */
00034         char *alt_email; /* rfc822Name */
00035         char *dns; /* dNSName */
00036         char *uri; /* uniformResourceIdentifier */
00037         u8 *ip; /* iPAddress */
00038         size_t ip_len; /* IPv4: 4, IPv6: 16 */
00039         struct asn1_oid rid; /* registeredID */
00040 };
00041 
00042 struct x509_certificate {
00043         struct x509_certificate *next;
00044         enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
00045         unsigned long serial_number;
00046         struct x509_algorithm_identifier signature;
00047         struct x509_name issuer;
00048         struct x509_name subject;
00049         os_time_t not_before;
00050         os_time_t not_after;
00051         struct x509_algorithm_identifier public_key_alg;
00052         u8 *public_key;
00053         size_t public_key_len;
00054         struct x509_algorithm_identifier signature_alg;
00055         u8 *sign_value;
00056         size_t sign_value_len;
00057 
00058         /* Extensions */
00059         unsigned int extensions_present;
00060 #define X509_EXT_BASIC_CONSTRAINTS              (1 << 0)
00061 #define X509_EXT_PATH_LEN_CONSTRAINT            (1 << 1)
00062 #define X509_EXT_KEY_USAGE                      (1 << 2)
00063 #define X509_EXT_SUBJECT_ALT_NAME               (1 << 3)
00064 #define X509_EXT_ISSUER_ALT_NAME                (1 << 4)
00065 
00066         /* BasicConstraints */
00067         int ca; /* cA */
00068         unsigned long path_len_constraint; /* pathLenConstraint */
00069 
00070         /* KeyUsage */
00071         unsigned long key_usage;
00072 #define X509_KEY_USAGE_DIGITAL_SIGNATURE        (1 << 0)
00073 #define X509_KEY_USAGE_NON_REPUDIATION          (1 << 1)
00074 #define X509_KEY_USAGE_KEY_ENCIPHERMENT         (1 << 2)
00075 #define X509_KEY_USAGE_DATA_ENCIPHERMENT        (1 << 3)
00076 #define X509_KEY_USAGE_KEY_AGREEMENT            (1 << 4)
00077 #define X509_KEY_USAGE_KEY_CERT_SIGN            (1 << 5)
00078 #define X509_KEY_USAGE_CRL_SIGN                 (1 << 6)
00079 #define X509_KEY_USAGE_ENCIPHER_ONLY            (1 << 7)
00080 #define X509_KEY_USAGE_DECIPHER_ONLY            (1 << 8)
00081 
00082         /*
00083          * The DER format certificate follows struct x509_certificate. These
00084          * pointers point to that buffer.
00085          */
00086         const u8 *cert_start;
00087         size_t cert_len;
00088         const u8 *tbs_cert_start;
00089         size_t tbs_cert_len;
00090 };
00091 
00092 enum {
00093         X509_VALIDATE_OK,
00094         X509_VALIDATE_BAD_CERTIFICATE,
00095         X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
00096         X509_VALIDATE_CERTIFICATE_REVOKED,
00097         X509_VALIDATE_CERTIFICATE_EXPIRED,
00098         X509_VALIDATE_CERTIFICATE_UNKNOWN,
00099         X509_VALIDATE_UNKNOWN_CA
00100 };
00101 
00102 void x509_certificate_free(struct x509_certificate *cert);
00103 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
00104 void x509_name_string(struct x509_name *name, char *buf, size_t len);
00105 int x509_name_compare(struct x509_name *a, struct x509_name *b);
00106 void x509_certificate_chain_free(struct x509_certificate *cert);
00107 int x509_certificate_check_signature(struct x509_certificate *issuer,
00108                                      struct x509_certificate *cert);
00109 int x509_certificate_chain_validate(struct x509_certificate *trusted,
00110                                     struct x509_certificate *chain,
00111                                     int *reason);
00112 struct x509_certificate *
00113 x509_certificate_get_subject(struct x509_certificate *chain,
00114                              struct x509_name *name);
00115 int x509_certificate_self_signed(struct x509_certificate *cert);
00116 
00117 #endif /* X509V3_H */