wpa_supplicant / hostapd  2.5
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
Data Structures | Macros | Enumerations | Functions
x509v3.h File Reference

X.509v3 certificate parsing and processing. More...

#include "asn1.h"

Go to the source code of this file.

Data Structures

struct  x509_algorithm_identifier
 
struct  x509_name_attr
 
struct  x509_name
 
struct  x509_certificate
 

Macros

#define X509_MAX_NAME_ATTRIBUTES   20
 
#define X509_EXT_BASIC_CONSTRAINTS   (1 << 0)
 
#define X509_EXT_PATH_LEN_CONSTRAINT   (1 << 1)
 
#define X509_EXT_KEY_USAGE   (1 << 2)
 
#define X509_EXT_SUBJECT_ALT_NAME   (1 << 3)
 
#define X509_EXT_ISSUER_ALT_NAME   (1 << 4)
 
#define X509_KEY_USAGE_DIGITAL_SIGNATURE   (1 << 0)
 
#define X509_KEY_USAGE_NON_REPUDIATION   (1 << 1)
 
#define X509_KEY_USAGE_KEY_ENCIPHERMENT   (1 << 2)
 
#define X509_KEY_USAGE_DATA_ENCIPHERMENT   (1 << 3)
 
#define X509_KEY_USAGE_KEY_AGREEMENT   (1 << 4)
 
#define X509_KEY_USAGE_KEY_CERT_SIGN   (1 << 5)
 
#define X509_KEY_USAGE_CRL_SIGN   (1 << 6)
 
#define X509_KEY_USAGE_ENCIPHER_ONLY   (1 << 7)
 
#define X509_KEY_USAGE_DECIPHER_ONLY   (1 << 8)
 

Enumerations

enum  {
  X509_VALIDATE_OK, X509_VALIDATE_BAD_CERTIFICATE, X509_VALIDATE_UNSUPPORTED_CERTIFICATE, X509_VALIDATE_CERTIFICATE_REVOKED,
  X509_VALIDATE_CERTIFICATE_EXPIRED, X509_VALIDATE_CERTIFICATE_UNKNOWN, X509_VALIDATE_UNKNOWN_CA
}
 

Functions

void x509_certificate_free (struct x509_certificate *cert)
 Free an X.509 certificate. More...
 
struct x509_certificatex509_certificate_parse (const u8 *buf, size_t len)
 Parse a X.509 certificate in DER format. More...
 
void x509_name_string (struct x509_name *name, char *buf, size_t len)
 Convert an X.509 certificate name into a string. More...
 
int x509_name_compare (struct x509_name *a, struct x509_name *b)
 Compare X.509 certificate names. More...
 
void x509_certificate_chain_free (struct x509_certificate *cert)
 Free an X.509 certificate chain. More...
 
int x509_certificate_check_signature (struct x509_certificate *issuer, struct x509_certificate *cert)
 Verify certificate signature. More...
 
int x509_certificate_chain_validate (struct x509_certificate *trusted, struct x509_certificate *chain, int *reason, int disable_time_checks)
 Validate X.509 certificate chain. More...
 
struct x509_certificatex509_certificate_get_subject (struct x509_certificate *chain, struct x509_name *name)
 Get a certificate based on Subject name. More...
 
int x509_certificate_self_signed (struct x509_certificate *cert)
 Is the certificate self-signed? More...
 

Detailed Description

X.509v3 certificate parsing and processing.

Function Documentation

void x509_certificate_chain_free ( struct x509_certificate cert)

Free an X.509 certificate chain.

Parameters
certPointer to the first certificate in the chain
int x509_certificate_chain_validate ( struct x509_certificate trusted,
struct x509_certificate chain,
int *  reason,
int  disable_time_checks 
)

Validate X.509 certificate chain.

Parameters
trustedList of trusted certificates
chainCertificate chain to be validated (first chain must be issued by signed by the second certificate in the chain and so on)
reasonBuffer for returning failure reason (X509_VALIDATE_*)
Returns
0 if chain is valid, -1 if not
int x509_certificate_check_signature ( struct x509_certificate issuer,
struct x509_certificate cert 
)

Verify certificate signature.

Parameters
issuerIssuer certificate
certCertificate to be verified
Returns
0 if cert has a valid signature that was signed by the issuer, -1 if not
void x509_certificate_free ( struct x509_certificate cert)

Free an X.509 certificate.

Parameters
certCertificate to be freed
struct x509_certificate* x509_certificate_get_subject ( struct x509_certificate chain,
struct x509_name name 
)

Get a certificate based on Subject name.

Parameters
chainCertificate chain to search through
nameSubject name to search for
Returns
Pointer to the certificate with the given Subject name or NULL on failure
struct x509_certificate* x509_certificate_parse ( const u8 *  buf,
size_t  len 
)

Parse a X.509 certificate in DER format.

Parameters
bufPointer to the X.509 certificate in DER format
lenBuffer length
Returns
Pointer to the parsed certificate or NULL on failure

Caller is responsible for freeing the returned certificate by calling x509_certificate_free().

int x509_certificate_self_signed ( struct x509_certificate cert)

Is the certificate self-signed?

Parameters
certCertificate
Returns
1 if certificate is self-signed, 0 if not
int x509_name_compare ( struct x509_name a,
struct x509_name b 
)

Compare X.509 certificate names.

Parameters
aCertificate name
bCertificate name
Returns
<0, 0, or >0 based on whether a is less than, equal to, or greater than b
void x509_name_string ( struct x509_name name,
char *  buf,
size_t  len 
)

Convert an X.509 certificate name into a string.

Parameters
nameName to convert
bufBuffer for the string
lenMaximum buffer length
Generated on Sun Sep 27 2015 22:08:09 for wpa_supplicant / hostapd by   doxygen 1.8.6