Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015 #ifndef X509V3_H
00016 #define X509V3_H
00017
00018 #include "asn1.h"
00019
00020 struct x509_algorithm_identifier {
00021 struct asn1_oid oid;
00022 };
00023
00024 struct x509_name {
00025 char *cn;
00026 char *c;
00027 char *l;
00028 char *st;
00029 char *o;
00030 char *ou;
00031 char *email;
00032
00033
00034 char *alt_email;
00035 char *dns;
00036 char *uri;
00037 u8 *ip;
00038 size_t ip_len;
00039 struct asn1_oid rid;
00040 };
00041
00042 struct x509_certificate {
00043 struct x509_certificate *next;
00044 enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
00045 unsigned long serial_number;
00046 struct x509_algorithm_identifier signature;
00047 struct x509_name issuer;
00048 struct x509_name subject;
00049 os_time_t not_before;
00050 os_time_t not_after;
00051 struct x509_algorithm_identifier public_key_alg;
00052 u8 *public_key;
00053 size_t public_key_len;
00054 struct x509_algorithm_identifier signature_alg;
00055 u8 *sign_value;
00056 size_t sign_value_len;
00057
00058
00059 unsigned int extensions_present;
00060 #define X509_EXT_BASIC_CONSTRAINTS (1 << 0)
00061 #define X509_EXT_PATH_LEN_CONSTRAINT (1 << 1)
00062 #define X509_EXT_KEY_USAGE (1 << 2)
00063 #define X509_EXT_SUBJECT_ALT_NAME (1 << 3)
00064 #define X509_EXT_ISSUER_ALT_NAME (1 << 4)
00065
00066
00067 int ca;
00068 unsigned long path_len_constraint;
00069
00070
00071 unsigned long key_usage;
00072 #define X509_KEY_USAGE_DIGITAL_SIGNATURE (1 << 0)
00073 #define X509_KEY_USAGE_NON_REPUDIATION (1 << 1)
00074 #define X509_KEY_USAGE_KEY_ENCIPHERMENT (1 << 2)
00075 #define X509_KEY_USAGE_DATA_ENCIPHERMENT (1 << 3)
00076 #define X509_KEY_USAGE_KEY_AGREEMENT (1 << 4)
00077 #define X509_KEY_USAGE_KEY_CERT_SIGN (1 << 5)
00078 #define X509_KEY_USAGE_CRL_SIGN (1 << 6)
00079 #define X509_KEY_USAGE_ENCIPHER_ONLY (1 << 7)
00080 #define X509_KEY_USAGE_DECIPHER_ONLY (1 << 8)
00081
00082
00083
00084
00085
00086 const u8 *cert_start;
00087 size_t cert_len;
00088 const u8 *tbs_cert_start;
00089 size_t tbs_cert_len;
00090 };
00091
00092 enum {
00093 X509_VALIDATE_OK,
00094 X509_VALIDATE_BAD_CERTIFICATE,
00095 X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
00096 X509_VALIDATE_CERTIFICATE_REVOKED,
00097 X509_VALIDATE_CERTIFICATE_EXPIRED,
00098 X509_VALIDATE_CERTIFICATE_UNKNOWN,
00099 X509_VALIDATE_UNKNOWN_CA
00100 };
00101
00102 void x509_certificate_free(struct x509_certificate *cert);
00103 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
00104 void x509_name_string(struct x509_name *name, char *buf, size_t len);
00105 int x509_name_compare(struct x509_name *a, struct x509_name *b);
00106 void x509_certificate_chain_free(struct x509_certificate *cert);
00107 int x509_certificate_check_signature(struct x509_certificate *issuer,
00108 struct x509_certificate *cert);
00109 int x509_certificate_chain_validate(struct x509_certificate *trusted,
00110 struct x509_certificate *chain,
00111 int *reason);
00112 struct x509_certificate *
00113 x509_certificate_get_subject(struct x509_certificate *chain,
00114 struct x509_name *name);
00115 int x509_certificate_self_signed(struct x509_certificate *cert);
00116
00117 #endif