contrib/hostapd/src/tls/x509v3.h

   1 /*
   2  * X.509v3 certificate parsing and processing
   3  * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #ifndef X509V3_H
  10 #define X509V3_H
  11
  12 #include "asn1.h"
  13
  14 struct x509_algorithm_identifier {
  15         struct asn1_oid oid;
  16 };
  17
  18 struct x509_name_attr {
  19         enum x509_name_attr_type {
  20                 X509_NAME_ATTR_NOT_USED,
  21                 X509_NAME_ATTR_DC,
  22                 X509_NAME_ATTR_CN,
  23                 X509_NAME_ATTR_C,
  24                 X509_NAME_ATTR_L,
  25                 X509_NAME_ATTR_ST,
  26                 X509_NAME_ATTR_O,
  27                 X509_NAME_ATTR_OU
  28         } type;
  29         char *value;
  30 };
  31
  32 #define X509_MAX_NAME_ATTRIBUTES 20
  33
  34 struct x509_name {
  35         struct x509_name_attr attr[X509_MAX_NAME_ATTRIBUTES];
  36         size_t num_attr;
  37         char *email; /* emailAddress */
  38
  39         /* from alternative name extension */
  40         char *alt_email; /* rfc822Name */
  41         char *dns; /* dNSName */
  42         char *uri; /* uniformResourceIdentifier */
  43         u8 *ip; /* iPAddress */
  44         size_t ip_len; /* IPv4: 4, IPv6: 16 */
  45         struct asn1_oid rid; /* registeredID */
  46 };
  47
  48 struct x509_certificate {
  49         struct x509_certificate *next;
  50         enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
  51         unsigned long serial_number;
  52         struct x509_algorithm_identifier signature;
  53         struct x509_name issuer;
  54         struct x509_name subject;
  55         os_time_t not_before;
  56         os_time_t not_after;
  57         struct x509_algorithm_identifier public_key_alg;
  58         u8 *public_key;
  59         size_t public_key_len;
  60         struct x509_algorithm_identifier signature_alg;
  61         u8 *sign_value;
  62         size_t sign_value_len;
  63
  64         /* Extensions */
  65         unsigned int extensions_present;
  66 #define X509_EXT_BASIC_CONSTRAINTS              (1 << 0)
  67 #define X509_EXT_PATH_LEN_CONSTRAINT            (1 << 1)
  68 #define X509_EXT_KEY_USAGE                      (1 << 2)
  69 #define X509_EXT_SUBJECT_ALT_NAME               (1 << 3)
  70 #define X509_EXT_ISSUER_ALT_NAME                (1 << 4)
  71
  72         /* BasicConstraints */
  73         int ca; /* cA */
  74         unsigned long path_len_constraint; /* pathLenConstraint */
  75
  76         /* KeyUsage */
  77         unsigned long key_usage;
  78 #define X509_KEY_USAGE_DIGITAL_SIGNATURE        (1 << 0)
  79 #define X509_KEY_USAGE_NON_REPUDIATION          (1 << 1)
  80 #define X509_KEY_USAGE_KEY_ENCIPHERMENT         (1 << 2)
  81 #define X509_KEY_USAGE_DATA_ENCIPHERMENT        (1 << 3)
  82 #define X509_KEY_USAGE_KEY_AGREEMENT            (1 << 4)
  83 #define X509_KEY_USAGE_KEY_CERT_SIGN            (1 << 5)
  84 #define X509_KEY_USAGE_CRL_SIGN                 (1 << 6)
  85 #define X509_KEY_USAGE_ENCIPHER_ONLY            (1 << 7)
  86 #define X509_KEY_USAGE_DECIPHER_ONLY            (1 << 8)
  87
  88         /*
  89          * The DER format certificate follows struct x509_certificate. These
  90          * pointers point to that buffer.
  91          */
  92         const u8 *cert_start;
  93         size_t cert_len;
  94         const u8 *tbs_cert_start;
  95         size_t tbs_cert_len;
  96 };
  97
  98 enum {
  99         X509_VALIDATE_OK,
 100         X509_VALIDATE_BAD_CERTIFICATE,
 101         X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
 102         X509_VALIDATE_CERTIFICATE_REVOKED,
 103         X509_VALIDATE_CERTIFICATE_EXPIRED,
 104         X509_VALIDATE_CERTIFICATE_UNKNOWN,
 105         X509_VALIDATE_UNKNOWN_CA
 106 };
 107
 108 void x509_certificate_free(struct x509_certificate *cert);
 109 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
 110 void x509_name_string(struct x509_name *name, char *buf, size_t len);
 111 int x509_name_compare(struct x509_name *a, struct x509_name *b);
 112 void x509_certificate_chain_free(struct x509_certificate *cert);
 113 int x509_certificate_check_signature(struct x509_certificate *issuer,
 114                                      struct x509_certificate *cert);
 115 int x509_certificate_chain_validate(struct x509_certificate *trusted,
 116                                     struct x509_certificate *chain,
 117                                     int *reason, int disable_time_checks);
 118 struct x509_certificate *
 119 x509_certificate_get_subject(struct x509_certificate *chain,
 120                              struct x509_name *name);
 121 int x509_certificate_self_signed(struct x509_certificate *cert);
 122
 123 #endif /* X509V3_H */