wpa_supplicant/devel/x509v3_8h_source.html

 #ifndef X509V3_H

 #define X509V3_H


 #include "asn1.h"


 struct x509_algorithm_identifier {

         struct asn1_oid oid;

 };


 struct x509_name_attr {

         enum x509_name_attr_type {

                 X509_NAME_ATTR_NOT_USED,

                 X509_NAME_ATTR_DC,

                 X509_NAME_ATTR_CN,

                 X509_NAME_ATTR_C,

                 X509_NAME_ATTR_L,

                 X509_NAME_ATTR_ST,

                 X509_NAME_ATTR_O,

                 X509_NAME_ATTR_OU

         } type;

         char *value;

 };


 #define X509_MAX_NAME_ATTRIBUTES 20


 struct x509_name {

         struct x509_name_attr attr[X509_MAX_NAME_ATTRIBUTES];

         size_t num_attr;

         char *email; /* emailAddress */


         /* from alternative name extension */

         char *alt_email; /* rfc822Name */

         char *dns; /* dNSName */

         char *uri; /* uniformResourceIdentifier */

         u8 *ip; /* iPAddress */

         size_t ip_len; /* IPv4: 4, IPv6: 16 */

         struct asn1_oid rid; /* registeredID */

 };


 struct x509_certificate {

         struct x509_certificate *next;

         enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;

         unsigned long serial_number;

         struct x509_algorithm_identifier signature;

         struct x509_name issuer;

         struct x509_name subject;

         os_time_t not_before;

         os_time_t not_after;

         struct x509_algorithm_identifier public_key_alg;

         u8 *public_key;

         size_t public_key_len;

         struct x509_algorithm_identifier signature_alg;

         u8 *sign_value;

         size_t sign_value_len;


         /* Extensions */

         unsigned int extensions_present;

 #define X509_EXT_BASIC_CONSTRAINTS              (1 << 0)

 #define X509_EXT_PATH_LEN_CONSTRAINT            (1 << 1)

 #define X509_EXT_KEY_USAGE                      (1 << 2)

 #define X509_EXT_SUBJECT_ALT_NAME               (1 << 3)

 #define X509_EXT_ISSUER_ALT_NAME                (1 << 4)


         /* BasicConstraints */

         int ca; /* cA */

         unsigned long path_len_constraint; /* pathLenConstraint */


         /* KeyUsage */

         unsigned long key_usage;

 #define X509_KEY_USAGE_DIGITAL_SIGNATURE        (1 << 0)

 #define X509_KEY_USAGE_NON_REPUDIATION          (1 << 1)

 #define X509_KEY_USAGE_KEY_ENCIPHERMENT         (1 << 2)

 #define X509_KEY_USAGE_DATA_ENCIPHERMENT        (1 << 3)

 #define X509_KEY_USAGE_KEY_AGREEMENT            (1 << 4)

 #define X509_KEY_USAGE_KEY_CERT_SIGN            (1 << 5)

 #define X509_KEY_USAGE_CRL_SIGN                 (1 << 6)

 #define X509_KEY_USAGE_ENCIPHER_ONLY            (1 << 7)

 #define X509_KEY_USAGE_DECIPHER_ONLY            (1 << 8)


         /*

          * The DER format certificate follows struct x509_certificate. These

          * pointers point to that buffer.

          */

         const u8 *cert_start;

         size_t cert_len;

         const u8 *tbs_cert_start;

         size_t tbs_cert_len;

 };


 enum {

         X509_VALIDATE_OK,

         X509_VALIDATE_BAD_CERTIFICATE,

         X509_VALIDATE_UNSUPPORTED_CERTIFICATE,

         X509_VALIDATE_CERTIFICATE_REVOKED,

         X509_VALIDATE_CERTIFICATE_EXPIRED,

         X509_VALIDATE_CERTIFICATE_UNKNOWN,

         X509_VALIDATE_UNKNOWN_CA

 };


 void x509_certificate_free(struct x509_certificate *cert);

 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);

 void x509_name_string(struct x509_name *name, char *buf, size_t len);

 int x509_name_compare(struct x509_name *a, struct x509_name *b);

 void x509_certificate_chain_free(struct x509_certificate *cert);

 int x509_certificate_check_signature(struct x509_certificate *issuer,

                                      struct x509_certificate *cert);

 int x509_certificate_chain_validate(struct x509_certificate *trusted,

                                     struct x509_certificate *chain,

                                     int *reason, int disable_time_checks);

 struct x509_certificate *

 x509_certificate_get_subject(struct x509_certificate *chain,

                              struct x509_name *name);

 int x509_certificate_self_signed(struct x509_certificate *cert);


 #endif /* X509V3_H */

x509_certificate_parse
struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len)
Parse a X.509 certificate in DER format.
Definition: x509v3.c:1472

x509_name
Definition: x509v3.h:30

x509_name_string
void x509_name_string(struct x509_name *name, char *buf, size_t len)
Convert an X.509 certificate name into a string.
Definition: x509v3.c:495

x509_certificate_check_signature
int x509_certificate_check_signature(struct x509_certificate *issuer, struct x509_certificate *cert)
Verify certificate signature.
Definition: x509v3.c:1578

asn1_oid
Definition: asn1.h:49

asn1.h
ASN.1 DER parsing.

x509_certificate
Definition: x509v3.h:44

x509_algorithm_identifier
Definition: x509v3.h:10

x509_certificate_chain_free
void x509_certificate_chain_free(struct x509_certificate *cert)
Free an X.509 certificate chain.
Definition: x509v3.c:62

x509_certificate_free
void x509_certificate_free(struct x509_certificate *cert)
Free an X.509 certificate.
Definition: x509v3.c:41

x509_name_attr
Definition: x509v3.h:14

x509_certificate_self_signed
int x509_certificate_self_signed(struct x509_certificate *cert)
Is the certificate self-signed?
Definition: x509v3.c:1983

x509_name_compare
int x509_name_compare(struct x509_name *a, struct x509_name *b)
Compare X.509 certificate names.
Definition: x509v3.c:143

x509_certificate_chain_validate
int x509_certificate_chain_validate(struct x509_certificate *trusted, struct x509_certificate *chain, int *reason, int disable_time_checks)
Validate X.509 certificate chain.
Definition: x509v3.c:1835

x509_certificate_get_subject
struct x509_certificate * x509_certificate_get_subject(struct x509_certificate *chain, struct x509_name *name)
Get a certificate based on Subject name.
Definition: x509v3.c:1965