2 * X.509v3 certificate parsing and processing
3 * Copyright (c) 2006-2011, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
14 struct x509_algorithm_identifier {
18 struct x509_name_attr {
19 enum x509_name_attr_type {
20 X509_NAME_ATTR_NOT_USED,
32 #define X509_MAX_NAME_ATTRIBUTES 20
35 struct x509_name_attr attr[X509_MAX_NAME_ATTRIBUTES];
37 char *email; /* emailAddress */
39 /* from alternative name extension */
40 char *alt_email; /* rfc822Name */
41 char *dns; /* dNSName */
42 char *uri; /* uniformResourceIdentifier */
43 u8 *ip; /* iPAddress */
44 size_t ip_len; /* IPv4: 4, IPv6: 16 */
45 struct asn1_oid rid; /* registeredID */
48 struct x509_certificate {
49 struct x509_certificate *next;
50 enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
51 unsigned long serial_number;
52 struct x509_algorithm_identifier signature;
53 struct x509_name issuer;
54 struct x509_name subject;
57 struct x509_algorithm_identifier public_key_alg;
59 size_t public_key_len;
60 struct x509_algorithm_identifier signature_alg;
62 size_t sign_value_len;
65 unsigned int extensions_present;
66 #define X509_EXT_BASIC_CONSTRAINTS (1 << 0)
67 #define X509_EXT_PATH_LEN_CONSTRAINT (1 << 1)
68 #define X509_EXT_KEY_USAGE (1 << 2)
69 #define X509_EXT_SUBJECT_ALT_NAME (1 << 3)
70 #define X509_EXT_ISSUER_ALT_NAME (1 << 4)
72 /* BasicConstraints */
74 unsigned long path_len_constraint; /* pathLenConstraint */
77 unsigned long key_usage;
78 #define X509_KEY_USAGE_DIGITAL_SIGNATURE (1 << 0)
79 #define X509_KEY_USAGE_NON_REPUDIATION (1 << 1)
80 #define X509_KEY_USAGE_KEY_ENCIPHERMENT (1 << 2)
81 #define X509_KEY_USAGE_DATA_ENCIPHERMENT (1 << 3)
82 #define X509_KEY_USAGE_KEY_AGREEMENT (1 << 4)
83 #define X509_KEY_USAGE_KEY_CERT_SIGN (1 << 5)
84 #define X509_KEY_USAGE_CRL_SIGN (1 << 6)
85 #define X509_KEY_USAGE_ENCIPHER_ONLY (1 << 7)
86 #define X509_KEY_USAGE_DECIPHER_ONLY (1 << 8)
89 * The DER format certificate follows struct x509_certificate. These
90 * pointers point to that buffer.
94 const u8 *tbs_cert_start;
100 X509_VALIDATE_BAD_CERTIFICATE,
101 X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
102 X509_VALIDATE_CERTIFICATE_REVOKED,
103 X509_VALIDATE_CERTIFICATE_EXPIRED,
104 X509_VALIDATE_CERTIFICATE_UNKNOWN,
105 X509_VALIDATE_UNKNOWN_CA
108 void x509_certificate_free(struct x509_certificate *cert);
109 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
110 void x509_name_string(struct x509_name *name, char *buf, size_t len);
111 int x509_name_compare(struct x509_name *a, struct x509_name *b);
112 void x509_certificate_chain_free(struct x509_certificate *cert);
113 int x509_certificate_check_signature(struct x509_certificate *issuer,
114 struct x509_certificate *cert);
115 int x509_certificate_chain_validate(struct x509_certificate *trusted,
116 struct x509_certificate *chain,
117 int *reason, int disable_time_checks);
118 struct x509_certificate *
119 x509_certificate_get_subject(struct x509_certificate *chain,
120 struct x509_name *name);
121 int x509_certificate_self_signed(struct x509_certificate *cert);
123 #endif /* X509V3_H */