1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
/*
* X.509v3 certificate parsing and processing
* Copyright (c) 2006, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#ifndef X509V3_H
#define X509V3_H
#include "asn1.h"
struct x509_algorithm_identifier {
struct asn1_oid oid;
};
struct x509_name {
char *cn; /* commonName */
char *c; /* countryName */
char *l; /* localityName */
char *st; /* stateOrProvinceName */
char *o; /* organizationName */
char *ou; /* organizationalUnitName */
char *email; /* emailAddress */
};
struct x509_certificate {
struct x509_certificate *next;
enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
unsigned long serial_number;
struct x509_algorithm_identifier signature;
struct x509_name issuer;
struct x509_name subject;
os_time_t not_before;
os_time_t not_after;
struct x509_algorithm_identifier public_key_alg;
u8 *public_key;
size_t public_key_len;
struct x509_algorithm_identifier signature_alg;
u8 *sign_value;
size_t sign_value_len;
/* Extensions */
unsigned int extensions_present;
#define X509_EXT_BASIC_CONSTRAINTS (1 << 0)
#define X509_EXT_PATH_LEN_CONSTRAINT (1 << 1)
#define X509_EXT_KEY_USAGE (1 << 2)
/* BasicConstraints */
int ca; /* cA */
unsigned long path_len_constraint; /* pathLenConstraint */
/* KeyUsage */
unsigned long key_usage;
#define X509_KEY_USAGE_DIGITAL_SIGNATURE (1 << 0)
#define X509_KEY_USAGE_NON_REPUDIATION (1 << 1)
#define X509_KEY_USAGE_KEY_ENCIPHERMENT (1 << 2)
#define X509_KEY_USAGE_DATA_ENCIPHERMENT (1 << 3)
#define X509_KEY_USAGE_KEY_AGREEMENT (1 << 4)
#define X509_KEY_USAGE_KEY_CERT_SIGN (1 << 5)
#define X509_KEY_USAGE_CRL_SIGN (1 << 6)
#define X509_KEY_USAGE_ENCIPHER_ONLY (1 << 7)
#define X509_KEY_USAGE_DECIPHER_ONLY (1 << 8)
/*
* The DER format certificate follows struct x509_certificate. These
* pointers point to that buffer.
*/
const u8 *cert_start;
size_t cert_len;
const u8 *tbs_cert_start;
size_t tbs_cert_len;
};
enum {
X509_VALIDATE_OK,
X509_VALIDATE_BAD_CERTIFICATE,
X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
X509_VALIDATE_CERTIFICATE_REVOKED,
X509_VALIDATE_CERTIFICATE_EXPIRED,
X509_VALIDATE_CERTIFICATE_UNKNOWN,
X509_VALIDATE_UNKNOWN_CA
};
#ifdef CONFIG_INTERNAL_X509
void x509_certificate_free(struct x509_certificate *cert);
struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
void x509_name_string(struct x509_name *name, char *buf, size_t len);
int x509_name_compare(struct x509_name *a, struct x509_name *b);
void x509_certificate_chain_free(struct x509_certificate *cert);
int x509_certificate_check_signature(struct x509_certificate *issuer,
struct x509_certificate *cert);
int x509_certificate_chain_validate(struct x509_certificate *trusted,
struct x509_certificate *chain,
int *reason);
struct x509_certificate *
x509_certificate_get_subject(struct x509_certificate *chain,
struct x509_name *name);
int x509_certificate_self_signed(struct x509_certificate *cert);
#else /* CONFIG_INTERNAL_X509 */
static inline void x509_certificate_free(struct x509_certificate *cert)
{
}
static inline struct x509_certificate *
x509_certificate_parse(const u8 *buf, size_t len)
{
return NULL;
}
static inline void x509_name_string(struct x509_name *name, char *buf,
size_t len)
{
if (len)
buf[0] = '\0';
}
static inline void x509_certificate_chain_free(struct x509_certificate *cert)
{
}
static inline int
x509_certificate_chain_validate(struct x509_certificate *trusted,
struct x509_certificate *chain,
int *reason)
{
return -1;
}
static inline struct x509_certificate *
x509_certificate_get_subject(struct x509_certificate *chain,
struct x509_name *name)
{
return NULL;
}
static inline int x509_certificate_self_signed(struct x509_certificate *cert)
{
return -1;
}
#endif /* CONFIG_INTERNAL_X509 */
#endif /* X509V3_H */
|