x509v3.h

Go to the documentation of this file.
00001 
00016 #ifndef X509V3_H
00017 #define X509V3_H
00018 
00019 #include "asn1.h"
00020 
00021 struct x509_algorithm_identifier {
00022         struct asn1_oid oid;
00023 };
00024 
00025 struct x509_name {
00026         char *cn; /* commonName */
00027         char *c; /* countryName */
00028         char *l; /* localityName */
00029         char *st; /* stateOrProvinceName */
00030         char *o; /* organizationName */
00031         char *ou; /* organizationalUnitName */
00032         char *email; /* emailAddress */
00033 
00034         /* from alternative name extension */
00035         char *alt_email; /* rfc822Name */
00036         char *dns; /* dNSName */
00037         char *uri; /* uniformResourceIdentifier */
00038         u8 *ip; /* iPAddress */
00039         size_t ip_len; /* IPv4: 4, IPv6: 16 */
00040         struct asn1_oid rid; /* registeredID */
00041 };
00042 
00043 struct x509_certificate {
00044         struct x509_certificate *next;
00045         enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
00046         unsigned long serial_number;
00047         struct x509_algorithm_identifier signature;
00048         struct x509_name issuer;
00049         struct x509_name subject;
00050         os_time_t not_before;
00051         os_time_t not_after;
00052         struct x509_algorithm_identifier public_key_alg;
00053         u8 *public_key;
00054         size_t public_key_len;
00055         struct x509_algorithm_identifier signature_alg;
00056         u8 *sign_value;
00057         size_t sign_value_len;
00058 
00059         /* Extensions */
00060         unsigned int extensions_present;
00061 #define X509_EXT_BASIC_CONSTRAINTS              (1 << 0)
00062 #define X509_EXT_PATH_LEN_CONSTRAINT            (1 << 1)
00063 #define X509_EXT_KEY_USAGE                      (1 << 2)
00064 #define X509_EXT_SUBJECT_ALT_NAME               (1 << 3)
00065 #define X509_EXT_ISSUER_ALT_NAME                (1 << 4)
00066 
00067         /* BasicConstraints */
00068         int ca; /* cA */
00069         unsigned long path_len_constraint; /* pathLenConstraint */
00070 
00071         /* KeyUsage */
00072         unsigned long key_usage;
00073 #define X509_KEY_USAGE_DIGITAL_SIGNATURE        (1 << 0)
00074 #define X509_KEY_USAGE_NON_REPUDIATION          (1 << 1)
00075 #define X509_KEY_USAGE_KEY_ENCIPHERMENT         (1 << 2)
00076 #define X509_KEY_USAGE_DATA_ENCIPHERMENT        (1 << 3)
00077 #define X509_KEY_USAGE_KEY_AGREEMENT            (1 << 4)
00078 #define X509_KEY_USAGE_KEY_CERT_SIGN            (1 << 5)
00079 #define X509_KEY_USAGE_CRL_SIGN                 (1 << 6)
00080 #define X509_KEY_USAGE_ENCIPHER_ONLY            (1 << 7)
00081 #define X509_KEY_USAGE_DECIPHER_ONLY            (1 << 8)
00082 
00083         /*
00084          * The DER format certificate follows struct x509_certificate. These
00085          * pointers point to that buffer.
00086          */
00087         const u8 *cert_start;
00088         size_t cert_len;
00089         const u8 *tbs_cert_start;
00090         size_t tbs_cert_len;
00091 };
00092 
00093 enum {
00094         X509_VALIDATE_OK,
00095         X509_VALIDATE_BAD_CERTIFICATE,
00096         X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
00097         X509_VALIDATE_CERTIFICATE_REVOKED,
00098         X509_VALIDATE_CERTIFICATE_EXPIRED,
00099         X509_VALIDATE_CERTIFICATE_UNKNOWN,
00100         X509_VALIDATE_UNKNOWN_CA
00101 };
00102 
00103 #ifdef CONFIG_INTERNAL_X509
00104 
00105 void x509_certificate_free(struct x509_certificate *cert);
00106 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
00107 void x509_name_string(struct x509_name *name, char *buf, size_t len);
00108 int x509_name_compare(struct x509_name *a, struct x509_name *b);
00109 void x509_certificate_chain_free(struct x509_certificate *cert);
00110 int x509_certificate_check_signature(struct x509_certificate *issuer,
00111                                      struct x509_certificate *cert);
00112 int x509_certificate_chain_validate(struct x509_certificate *trusted,
00113                                     struct x509_certificate *chain,
00114                                     int *reason);
00115 struct x509_certificate *
00116 x509_certificate_get_subject(struct x509_certificate *chain,
00117                              struct x509_name *name);
00118 int x509_certificate_self_signed(struct x509_certificate *cert);
00119 
00120 #else /* CONFIG_INTERNAL_X509 */
00121 
00122 static inline void x509_certificate_free(struct x509_certificate *cert)
00123 {
00124 }
00125 
00126 static inline struct x509_certificate *
00127 x509_certificate_parse(const u8 *buf, size_t len)
00128 {
00129         return NULL;
00130 }
00131 
00132 static inline void x509_name_string(struct x509_name *name, char *buf,
00133                                     size_t len)
00134 {
00135         if (len)
00136                 buf[0] = '\0';
00137 }
00138 
00139 static inline void x509_certificate_chain_free(struct x509_certificate *cert)
00140 {
00141 }
00142 
00143 static inline int
00144 x509_certificate_chain_validate(struct x509_certificate *trusted,
00145                                 struct x509_certificate *chain,
00146                                 int *reason)
00147 {
00148         return -1;
00149 }
00150 
00151 static inline struct x509_certificate *
00152 x509_certificate_get_subject(struct x509_certificate *chain,
00153                              struct x509_name *name)
00154 {
00155         return NULL;
00156 }
00157 
00158 static inline int x509_certificate_self_signed(struct x509_certificate *cert)
00159 {
00160         return -1;
00161 }
00162 
00163 #endif /* CONFIG_INTERNAL_X509 */
00164 
00165 #endif /* X509V3_H */
00166
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines
Generated on Sat Nov 21 23:16:53 2009 for hostapd by  doxygen 1.6.1