|
wpa_supplicant / hostapd 2.0
|
|
wpa_supplicant / hostapd 2.0
|
00001 00010 #ifndef X509V3_H 00011 #define X509V3_H 00012 00013 #include "asn1.h" 00014 00015 struct x509_algorithm_identifier { 00016 struct asn1_oid oid; 00017 }; 00018 00019 struct x509_name_attr { 00020 enum x509_name_attr_type { 00021 X509_NAME_ATTR_NOT_USED, 00022 X509_NAME_ATTR_DC, 00023 X509_NAME_ATTR_CN, 00024 X509_NAME_ATTR_C, 00025 X509_NAME_ATTR_L, 00026 X509_NAME_ATTR_ST, 00027 X509_NAME_ATTR_O, 00028 X509_NAME_ATTR_OU 00029 } type; 00030 char *value; 00031 }; 00032 00033 #define X509_MAX_NAME_ATTRIBUTES 20 00034 00035 struct x509_name { 00036 struct x509_name_attr attr[X509_MAX_NAME_ATTRIBUTES]; 00037 size_t num_attr; 00038 char *email; /* emailAddress */ 00039 00040 /* from alternative name extension */ 00041 char *alt_email; /* rfc822Name */ 00042 char *dns; /* dNSName */ 00043 char *uri; /* uniformResourceIdentifier */ 00044 u8 *ip; /* iPAddress */ 00045 size_t ip_len; /* IPv4: 4, IPv6: 16 */ 00046 struct asn1_oid rid; /* registeredID */ 00047 }; 00048 00049 struct x509_certificate { 00050 struct x509_certificate *next; 00051 enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version; 00052 unsigned long serial_number; 00053 struct x509_algorithm_identifier signature; 00054 struct x509_name issuer; 00055 struct x509_name subject; 00056 os_time_t not_before; 00057 os_time_t not_after; 00058 struct x509_algorithm_identifier public_key_alg; 00059 u8 *public_key; 00060 size_t public_key_len; 00061 struct x509_algorithm_identifier signature_alg; 00062 u8 *sign_value; 00063 size_t sign_value_len; 00064 00065 /* Extensions */ 00066 unsigned int extensions_present; 00067 #define X509_EXT_BASIC_CONSTRAINTS (1 << 0) 00068 #define X509_EXT_PATH_LEN_CONSTRAINT (1 << 1) 00069 #define X509_EXT_KEY_USAGE (1 << 2) 00070 #define X509_EXT_SUBJECT_ALT_NAME (1 << 3) 00071 #define X509_EXT_ISSUER_ALT_NAME (1 << 4) 00072 00073 /* BasicConstraints */ 00074 int ca; /* cA */ 00075 unsigned long path_len_constraint; /* pathLenConstraint */ 00076 00077 /* KeyUsage */ 00078 unsigned long key_usage; 00079 #define X509_KEY_USAGE_DIGITAL_SIGNATURE (1 << 0) 00080 #define X509_KEY_USAGE_NON_REPUDIATION (1 << 1) 00081 #define X509_KEY_USAGE_KEY_ENCIPHERMENT (1 << 2) 00082 #define X509_KEY_USAGE_DATA_ENCIPHERMENT (1 << 3) 00083 #define X509_KEY_USAGE_KEY_AGREEMENT (1 << 4) 00084 #define X509_KEY_USAGE_KEY_CERT_SIGN (1 << 5) 00085 #define X509_KEY_USAGE_CRL_SIGN (1 << 6) 00086 #define X509_KEY_USAGE_ENCIPHER_ONLY (1 << 7) 00087 #define X509_KEY_USAGE_DECIPHER_ONLY (1 << 8) 00088 00089 /* 00090 * The DER format certificate follows struct x509_certificate. These 00091 * pointers point to that buffer. 00092 */ 00093 const u8 *cert_start; 00094 size_t cert_len; 00095 const u8 *tbs_cert_start; 00096 size_t tbs_cert_len; 00097 }; 00098 00099 enum { 00100 X509_VALIDATE_OK, 00101 X509_VALIDATE_BAD_CERTIFICATE, 00102 X509_VALIDATE_UNSUPPORTED_CERTIFICATE, 00103 X509_VALIDATE_CERTIFICATE_REVOKED, 00104 X509_VALIDATE_CERTIFICATE_EXPIRED, 00105 X509_VALIDATE_CERTIFICATE_UNKNOWN, 00106 X509_VALIDATE_UNKNOWN_CA 00107 }; 00108 00109 void x509_certificate_free(struct x509_certificate *cert); 00110 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len); 00111 void x509_name_string(struct x509_name *name, char *buf, size_t len); 00112 int x509_name_compare(struct x509_name *a, struct x509_name *b); 00113 void x509_certificate_chain_free(struct x509_certificate *cert); 00114 int x509_certificate_check_signature(struct x509_certificate *issuer, 00115 struct x509_certificate *cert); 00116 int x509_certificate_chain_validate(struct x509_certificate *trusted, 00117 struct x509_certificate *chain, 00118 int *reason, int disable_time_checks); 00119 struct x509_certificate * 00120 x509_certificate_get_subject(struct x509_certificate *chain, 00121 struct x509_name *name); 00122 int x509_certificate_self_signed(struct x509_certificate *cert); 00123 00124 #endif /* X509V3_H */ 00125
1.7.3
