2
* X.509v3 certificate parsing and processing
3
* Copyright (c) 2006, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
20
struct x509_algorithm_identifier {
25
char *cn; /* commonName */
26
char *c; /* countryName */
27
char *l; /* localityName */
28
char *st; /* stateOrProvinceName */
29
char *o; /* organizationName */
30
char *ou; /* organizationalUnitName */
31
char *email; /* emailAddress */
34
struct x509_certificate {
35
struct x509_certificate *next;
36
enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
37
unsigned long serial_number;
38
struct x509_algorithm_identifier signature;
39
struct x509_name issuer;
40
struct x509_name subject;
43
struct x509_algorithm_identifier public_key_alg;
45
size_t public_key_len;
46
struct x509_algorithm_identifier signature_alg;
48
size_t sign_value_len;
51
unsigned int extensions_present;
52
#define X509_EXT_BASIC_CONSTRAINTS (1 << 0)
53
#define X509_EXT_PATH_LEN_CONSTRAINT (1 << 1)
54
#define X509_EXT_KEY_USAGE (1 << 2)
56
/* BasicConstraints */
58
unsigned long path_len_constraint; /* pathLenConstraint */
61
unsigned long key_usage;
62
#define X509_KEY_USAGE_DIGITAL_SIGNATURE (1 << 0)
63
#define X509_KEY_USAGE_NON_REPUDIATION (1 << 1)
64
#define X509_KEY_USAGE_KEY_ENCIPHERMENT (1 << 2)
65
#define X509_KEY_USAGE_DATA_ENCIPHERMENT (1 << 3)
66
#define X509_KEY_USAGE_KEY_AGREEMENT (1 << 4)
67
#define X509_KEY_USAGE_KEY_CERT_SIGN (1 << 5)
68
#define X509_KEY_USAGE_CRL_SIGN (1 << 6)
69
#define X509_KEY_USAGE_ENCIPHER_ONLY (1 << 7)
70
#define X509_KEY_USAGE_DECIPHER_ONLY (1 << 8)
73
* The DER format certificate follows struct x509_certificate. These
74
* pointers point to that buffer.
78
const u8 *tbs_cert_start;
84
X509_VALIDATE_BAD_CERTIFICATE,
85
X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
86
X509_VALIDATE_CERTIFICATE_REVOKED,
87
X509_VALIDATE_CERTIFICATE_EXPIRED,
88
X509_VALIDATE_CERTIFICATE_UNKNOWN,
89
X509_VALIDATE_UNKNOWN_CA
92
#ifdef CONFIG_INTERNAL_X509
94
void x509_certificate_free(struct x509_certificate *cert);
95
struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
96
void x509_name_string(struct x509_name *name, char *buf, size_t len);
97
int x509_name_compare(struct x509_name *a, struct x509_name *b);
98
void x509_certificate_chain_free(struct x509_certificate *cert);
99
int x509_certificate_check_signature(struct x509_certificate *issuer,
100
struct x509_certificate *cert);
101
int x509_certificate_chain_validate(struct x509_certificate *trusted,
102
struct x509_certificate *chain,
104
struct x509_certificate *
105
x509_certificate_get_subject(struct x509_certificate *chain,
106
struct x509_name *name);
107
int x509_certificate_self_signed(struct x509_certificate *cert);
109
#else /* CONFIG_INTERNAL_X509 */
111
static inline void x509_certificate_free(struct x509_certificate *cert)
115
static inline struct x509_certificate *
116
x509_certificate_parse(const u8 *buf, size_t len)
121
static inline void x509_name_string(struct x509_name *name, char *buf,
128
static inline void x509_certificate_chain_free(struct x509_certificate *cert)
133
x509_certificate_chain_validate(struct x509_certificate *trusted,
134
struct x509_certificate *chain,
140
static inline struct x509_certificate *
141
x509_certificate_get_subject(struct x509_certificate *chain,
142
struct x509_name *name)
147
static inline int x509_certificate_self_signed(struct x509_certificate *cert)
152
#endif /* CONFIG_INTERNAL_X509 */
154
#endif /* X509V3_H */