155 lines
4.1 KiB
C
155 lines
4.1 KiB
C
/*
|
|
* X.509v3 certificate parsing and processing
|
|
* Copyright (c) 2006, Jouni Malinen <j@w1.fi>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* Alternatively, this software may be distributed under the terms of BSD
|
|
* license.
|
|
*
|
|
* See README and COPYING for more details.
|
|
*/
|
|
|
|
#ifndef X509V3_H
|
|
#define X509V3_H
|
|
|
|
#include "asn1.h"
|
|
|
|
struct x509_algorithm_identifier {
|
|
struct asn1_oid oid;
|
|
};
|
|
|
|
struct x509_name {
|
|
char *cn; /* commonName */
|
|
char *c; /* countryName */
|
|
char *l; /* localityName */
|
|
char *st; /* stateOrProvinceName */
|
|
char *o; /* organizationName */
|
|
char *ou; /* organizationalUnitName */
|
|
char *email; /* emailAddress */
|
|
};
|
|
|
|
struct x509_certificate {
|
|
struct x509_certificate *next;
|
|
enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
|
|
unsigned long serial_number;
|
|
struct x509_algorithm_identifier signature;
|
|
struct x509_name issuer;
|
|
struct x509_name subject;
|
|
os_time_t not_before;
|
|
os_time_t not_after;
|
|
struct x509_algorithm_identifier public_key_alg;
|
|
u8 *public_key;
|
|
size_t public_key_len;
|
|
struct x509_algorithm_identifier signature_alg;
|
|
u8 *sign_value;
|
|
size_t sign_value_len;
|
|
|
|
/* Extensions */
|
|
unsigned int extensions_present;
|
|
#define X509_EXT_BASIC_CONSTRAINTS (1 << 0)
|
|
#define X509_EXT_PATH_LEN_CONSTRAINT (1 << 1)
|
|
#define X509_EXT_KEY_USAGE (1 << 2)
|
|
|
|
/* BasicConstraints */
|
|
int ca; /* cA */
|
|
unsigned long path_len_constraint; /* pathLenConstraint */
|
|
|
|
/* KeyUsage */
|
|
unsigned long key_usage;
|
|
#define X509_KEY_USAGE_DIGITAL_SIGNATURE (1 << 0)
|
|
#define X509_KEY_USAGE_NON_REPUDIATION (1 << 1)
|
|
#define X509_KEY_USAGE_KEY_ENCIPHERMENT (1 << 2)
|
|
#define X509_KEY_USAGE_DATA_ENCIPHERMENT (1 << 3)
|
|
#define X509_KEY_USAGE_KEY_AGREEMENT (1 << 4)
|
|
#define X509_KEY_USAGE_KEY_CERT_SIGN (1 << 5)
|
|
#define X509_KEY_USAGE_CRL_SIGN (1 << 6)
|
|
#define X509_KEY_USAGE_ENCIPHER_ONLY (1 << 7)
|
|
#define X509_KEY_USAGE_DECIPHER_ONLY (1 << 8)
|
|
|
|
/*
|
|
* The DER format certificate follows struct x509_certificate. These
|
|
* pointers point to that buffer.
|
|
*/
|
|
const u8 *cert_start;
|
|
size_t cert_len;
|
|
const u8 *tbs_cert_start;
|
|
size_t tbs_cert_len;
|
|
};
|
|
|
|
enum {
|
|
X509_VALIDATE_OK,
|
|
X509_VALIDATE_BAD_CERTIFICATE,
|
|
X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
|
|
X509_VALIDATE_CERTIFICATE_REVOKED,
|
|
X509_VALIDATE_CERTIFICATE_EXPIRED,
|
|
X509_VALIDATE_CERTIFICATE_UNKNOWN,
|
|
X509_VALIDATE_UNKNOWN_CA
|
|
};
|
|
|
|
#ifdef CONFIG_INTERNAL_X509
|
|
|
|
void x509_certificate_free(struct x509_certificate *cert);
|
|
struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
|
|
void x509_name_string(struct x509_name *name, char *buf, size_t len);
|
|
int x509_name_compare(struct x509_name *a, struct x509_name *b);
|
|
void x509_certificate_chain_free(struct x509_certificate *cert);
|
|
int x509_certificate_check_signature(struct x509_certificate *issuer,
|
|
struct x509_certificate *cert);
|
|
int x509_certificate_chain_validate(struct x509_certificate *trusted,
|
|
struct x509_certificate *chain,
|
|
int *reason);
|
|
struct x509_certificate *
|
|
x509_certificate_get_subject(struct x509_certificate *chain,
|
|
struct x509_name *name);
|
|
int x509_certificate_self_signed(struct x509_certificate *cert);
|
|
|
|
#else /* CONFIG_INTERNAL_X509 */
|
|
|
|
static inline void x509_certificate_free(struct x509_certificate *cert)
|
|
{
|
|
}
|
|
|
|
static inline struct x509_certificate *
|
|
x509_certificate_parse(const u8 *buf, size_t len)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
static inline void x509_name_string(struct x509_name *name, char *buf,
|
|
size_t len)
|
|
{
|
|
if (len)
|
|
buf[0] = '\0';
|
|
}
|
|
|
|
static inline void x509_certificate_chain_free(struct x509_certificate *cert)
|
|
{
|
|
}
|
|
|
|
static inline int
|
|
x509_certificate_chain_validate(struct x509_certificate *trusted,
|
|
struct x509_certificate *chain,
|
|
int *reason)
|
|
{
|
|
return -1;
|
|
}
|
|
|
|
static inline struct x509_certificate *
|
|
x509_certificate_get_subject(struct x509_certificate *chain,
|
|
struct x509_name *name)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
static inline int x509_certificate_self_signed(struct x509_certificate *cert)
|
|
{
|
|
return -1;
|
|
}
|
|
|
|
#endif /* CONFIG_INTERNAL_X509 */
|
|
|
|
#endif /* X509V3_H */
|