xref: /freebsd/contrib/wpa/src/tls/x509v3.h (revision 39beb93c3f8bdbf72a61fda42300b5ebed7390c8)
1 /*
2  * X.509v3 certificate parsing and processing
3  * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  *
9  * Alternatively, this software may be distributed under the terms of BSD
10  * license.
11  *
12  * See README and COPYING for more details.
13  */
14 
15 #ifndef X509V3_H
16 #define X509V3_H
17 
18 #include "asn1.h"
19 
20 struct x509_algorithm_identifier {
21 	struct asn1_oid oid;
22 };
23 
24 struct x509_name {
25 	char *cn; /* commonName */
26 	char *c; /* countryName */
27 	char *l; /* localityName */
28 	char *st; /* stateOrProvinceName */
29 	char *o; /* organizationName */
30 	char *ou; /* organizationalUnitName */
31 	char *email; /* emailAddress */
32 };
33 
34 struct x509_certificate {
35 	struct x509_certificate *next;
36 	enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
37 	unsigned long serial_number;
38 	struct x509_algorithm_identifier signature;
39 	struct x509_name issuer;
40 	struct x509_name subject;
41 	os_time_t not_before;
42 	os_time_t not_after;
43 	struct x509_algorithm_identifier public_key_alg;
44 	u8 *public_key;
45 	size_t public_key_len;
46 	struct x509_algorithm_identifier signature_alg;
47 	u8 *sign_value;
48 	size_t sign_value_len;
49 
50 	/* Extensions */
51 	unsigned int extensions_present;
52 #define X509_EXT_BASIC_CONSTRAINTS		(1 << 0)
53 #define X509_EXT_PATH_LEN_CONSTRAINT		(1 << 1)
54 #define X509_EXT_KEY_USAGE			(1 << 2)
55 
56 	/* BasicConstraints */
57 	int ca; /* cA */
58 	unsigned long path_len_constraint; /* pathLenConstraint */
59 
60 	/* KeyUsage */
61 	unsigned long key_usage;
62 #define X509_KEY_USAGE_DIGITAL_SIGNATURE	(1 << 0)
63 #define X509_KEY_USAGE_NON_REPUDIATION		(1 << 1)
64 #define X509_KEY_USAGE_KEY_ENCIPHERMENT		(1 << 2)
65 #define X509_KEY_USAGE_DATA_ENCIPHERMENT	(1 << 3)
66 #define X509_KEY_USAGE_KEY_AGREEMENT		(1 << 4)
67 #define X509_KEY_USAGE_KEY_CERT_SIGN		(1 << 5)
68 #define X509_KEY_USAGE_CRL_SIGN			(1 << 6)
69 #define X509_KEY_USAGE_ENCIPHER_ONLY		(1 << 7)
70 #define X509_KEY_USAGE_DECIPHER_ONLY		(1 << 8)
71 
72 	/*
73 	 * The DER format certificate follows struct x509_certificate. These
74 	 * pointers point to that buffer.
75 	 */
76 	const u8 *cert_start;
77 	size_t cert_len;
78 	const u8 *tbs_cert_start;
79 	size_t tbs_cert_len;
80 };
81 
82 enum {
83 	X509_VALIDATE_OK,
84 	X509_VALIDATE_BAD_CERTIFICATE,
85 	X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
86 	X509_VALIDATE_CERTIFICATE_REVOKED,
87 	X509_VALIDATE_CERTIFICATE_EXPIRED,
88 	X509_VALIDATE_CERTIFICATE_UNKNOWN,
89 	X509_VALIDATE_UNKNOWN_CA
90 };
91 
92 #ifdef CONFIG_INTERNAL_X509
93 
94 void x509_certificate_free(struct x509_certificate *cert);
95 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
96 void x509_name_string(struct x509_name *name, char *buf, size_t len);
97 int x509_name_compare(struct x509_name *a, struct x509_name *b);
98 void x509_certificate_chain_free(struct x509_certificate *cert);
99 int x509_certificate_check_signature(struct x509_certificate *issuer,
100 				     struct x509_certificate *cert);
101 int x509_certificate_chain_validate(struct x509_certificate *trusted,
102 				    struct x509_certificate *chain,
103 				    int *reason);
104 struct x509_certificate *
105 x509_certificate_get_subject(struct x509_certificate *chain,
106 			     struct x509_name *name);
107 int x509_certificate_self_signed(struct x509_certificate *cert);
108 
109 #else /* CONFIG_INTERNAL_X509 */
110 
111 static inline void x509_certificate_free(struct x509_certificate *cert)
112 {
113 }
114 
115 static inline struct x509_certificate *
116 x509_certificate_parse(const u8 *buf, size_t len)
117 {
118 	return NULL;
119 }
120 
121 static inline void x509_name_string(struct x509_name *name, char *buf,
122 				    size_t len)
123 {
124 	if (len)
125 		buf[0] = '\0';
126 }
127 
128 static inline void x509_certificate_chain_free(struct x509_certificate *cert)
129 {
130 }
131 
132 static inline int
133 x509_certificate_chain_validate(struct x509_certificate *trusted,
134 				struct x509_certificate *chain,
135 				int *reason)
136 {
137 	return -1;
138 }
139 
140 static inline struct x509_certificate *
141 x509_certificate_get_subject(struct x509_certificate *chain,
142 			     struct x509_name *name)
143 {
144 	return NULL;
145 }
146 
147 static inline int x509_certificate_self_signed(struct x509_certificate *cert)
148 {
149 	return -1;
150 }
151 
152 #endif /* CONFIG_INTERNAL_X509 */
153 
154 #endif /* X509V3_H */
155