1 /* 2 * X.509v3 certificate parsing and processing 3 * Copyright (c) 2006, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #ifndef X509V3_H 16 #define X509V3_H 17 18 #include "asn1.h" 19 20 struct x509_algorithm_identifier { 21 struct asn1_oid oid; 22 }; 23 24 struct x509_name { 25 char *cn; /* commonName */ 26 char *c; /* countryName */ 27 char *l; /* localityName */ 28 char *st; /* stateOrProvinceName */ 29 char *o; /* organizationName */ 30 char *ou; /* organizationalUnitName */ 31 char *email; /* emailAddress */ 32 33 /* from alternative name extension */ 34 char *alt_email; /* rfc822Name */ 35 char *dns; /* dNSName */ 36 char *uri; /* uniformResourceIdentifier */ 37 u8 *ip; /* iPAddress */ 38 size_t ip_len; /* IPv4: 4, IPv6: 16 */ 39 struct asn1_oid rid; /* registeredID */ 40 }; 41 42 struct x509_certificate { 43 struct x509_certificate *next; 44 enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version; 45 unsigned long serial_number; 46 struct x509_algorithm_identifier signature; 47 struct x509_name issuer; 48 struct x509_name subject; 49 os_time_t not_before; 50 os_time_t not_after; 51 struct x509_algorithm_identifier public_key_alg; 52 u8 *public_key; 53 size_t public_key_len; 54 struct x509_algorithm_identifier signature_alg; 55 u8 *sign_value; 56 size_t sign_value_len; 57 58 /* Extensions */ 59 unsigned int extensions_present; 60 #define X509_EXT_BASIC_CONSTRAINTS (1 << 0) 61 #define X509_EXT_PATH_LEN_CONSTRAINT (1 << 1) 62 #define X509_EXT_KEY_USAGE (1 << 2) 63 #define X509_EXT_SUBJECT_ALT_NAME (1 << 3) 64 #define X509_EXT_ISSUER_ALT_NAME (1 << 4) 65 66 /* BasicConstraints */ 67 int ca; /* cA */ 68 unsigned long path_len_constraint; /* pathLenConstraint */ 69 70 /* KeyUsage */ 71 unsigned long key_usage; 72 #define X509_KEY_USAGE_DIGITAL_SIGNATURE (1 << 0) 73 #define X509_KEY_USAGE_NON_REPUDIATION (1 << 1) 74 #define X509_KEY_USAGE_KEY_ENCIPHERMENT (1 << 2) 75 #define X509_KEY_USAGE_DATA_ENCIPHERMENT (1 << 3) 76 #define X509_KEY_USAGE_KEY_AGREEMENT (1 << 4) 77 #define X509_KEY_USAGE_KEY_CERT_SIGN (1 << 5) 78 #define X509_KEY_USAGE_CRL_SIGN (1 << 6) 79 #define X509_KEY_USAGE_ENCIPHER_ONLY (1 << 7) 80 #define X509_KEY_USAGE_DECIPHER_ONLY (1 << 8) 81 82 /* 83 * The DER format certificate follows struct x509_certificate. These 84 * pointers point to that buffer. 85 */ 86 const u8 *cert_start; 87 size_t cert_len; 88 const u8 *tbs_cert_start; 89 size_t tbs_cert_len; 90 }; 91 92 enum { 93 X509_VALIDATE_OK, 94 X509_VALIDATE_BAD_CERTIFICATE, 95 X509_VALIDATE_UNSUPPORTED_CERTIFICATE, 96 X509_VALIDATE_CERTIFICATE_REVOKED, 97 X509_VALIDATE_CERTIFICATE_EXPIRED, 98 X509_VALIDATE_CERTIFICATE_UNKNOWN, 99 X509_VALIDATE_UNKNOWN_CA 100 }; 101 102 void x509_certificate_free(struct x509_certificate *cert); 103 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len); 104 void x509_name_string(struct x509_name *name, char *buf, size_t len); 105 int x509_name_compare(struct x509_name *a, struct x509_name *b); 106 void x509_certificate_chain_free(struct x509_certificate *cert); 107 int x509_certificate_check_signature(struct x509_certificate *issuer, 108 struct x509_certificate *cert); 109 int x509_certificate_chain_validate(struct x509_certificate *trusted, 110 struct x509_certificate *chain, 111 int *reason); 112 struct x509_certificate * 113 x509_certificate_get_subject(struct x509_certificate *chain, 114 struct x509_name *name); 115 int x509_certificate_self_signed(struct x509_certificate *cert); 116 117 #endif /* X509V3_H */ 118