Home | History | Annotate | Download | only in tls 
      1 /*
      2  * X.509v3 certificate parsing and processing
      3  * Copyright (c) 2006, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This program is free software; you can redistribute it and/or modify
      6  * it under the terms of the GNU General Public License version 2 as
      7  * published by the Free Software Foundation.
      8  *
      9  * Alternatively, this software may be distributed under the terms of BSD
     10  * license.
     11  *
     12  * See README and COPYING for more details.
     13  */
     14 
     15 #ifndef X509V3_H
     16 #define X509V3_H
     17 
     18 #include "asn1.h"
     19 
     20 struct x509_algorithm_identifier {
     21 	struct asn1_oid oid;
     22 };
     23 
     24 struct x509_name {
     25 	char *cn; /* commonName */
     26 	char *c; /* countryName */
     27 	char *l; /* localityName */
     28 	char *st; /* stateOrProvinceName */
     29 	char *o; /* organizationName */
     30 	char *ou; /* organizationalUnitName */
     31 	char *email; /* emailAddress */
     32 };
     33 
     34 struct x509_certificate {
     35 	struct x509_certificate *next;
     36 	enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
     37 	unsigned long serial_number;
     38 	struct x509_algorithm_identifier signature;
     39 	struct x509_name issuer;
     40 	struct x509_name subject;
     41 	os_time_t not_before;
     42 	os_time_t not_after;
     43 	struct x509_algorithm_identifier public_key_alg;
     44 	u8 *public_key;
     45 	size_t public_key_len;
     46 	struct x509_algorithm_identifier signature_alg;
     47 	u8 *sign_value;
     48 	size_t sign_value_len;
     49 
     50 	/* Extensions */
     51 	unsigned int extensions_present;
     52 #define X509_EXT_BASIC_CONSTRAINTS		(1 << 0)
     53 #define X509_EXT_PATH_LEN_CONSTRAINT		(1 << 1)
     54 #define X509_EXT_KEY_USAGE			(1 << 2)
     55 
     56 	/* BasicConstraints */
     57 	int ca; /* cA */
     58 	unsigned long path_len_constraint; /* pathLenConstraint */
     59 
     60 	/* KeyUsage */
     61 	unsigned long key_usage;
     62 #define X509_KEY_USAGE_DIGITAL_SIGNATURE	(1 << 0)
     63 #define X509_KEY_USAGE_NON_REPUDIATION		(1 << 1)
     64 #define X509_KEY_USAGE_KEY_ENCIPHERMENT		(1 << 2)
     65 #define X509_KEY_USAGE_DATA_ENCIPHERMENT	(1 << 3)
     66 #define X509_KEY_USAGE_KEY_AGREEMENT		(1 << 4)
     67 #define X509_KEY_USAGE_KEY_CERT_SIGN		(1 << 5)
     68 #define X509_KEY_USAGE_CRL_SIGN			(1 << 6)
     69 #define X509_KEY_USAGE_ENCIPHER_ONLY		(1 << 7)
     70 #define X509_KEY_USAGE_DECIPHER_ONLY		(1 << 8)
     71 
     72 	/*
     73 	 * The DER format certificate follows struct x509_certificate. These
     74 	 * pointers point to that buffer.
     75 	 */
     76 	const u8 *cert_start;
     77 	size_t cert_len;
     78 	const u8 *tbs_cert_start;
     79 	size_t tbs_cert_len;
     80 };
     81 
     82 enum {
     83 	X509_VALIDATE_OK,
     84 	X509_VALIDATE_BAD_CERTIFICATE,
     85 	X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
     86 	X509_VALIDATE_CERTIFICATE_REVOKED,
     87 	X509_VALIDATE_CERTIFICATE_EXPIRED,
     88 	X509_VALIDATE_CERTIFICATE_UNKNOWN,
     89 	X509_VALIDATE_UNKNOWN_CA
     90 };
     91 
     92 #ifdef CONFIG_INTERNAL_X509
     93 
     94 void x509_certificate_free(struct x509_certificate *cert);
     95 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
     96 void x509_name_string(struct x509_name *name, char *buf, size_t len);
     97 int x509_name_compare(struct x509_name *a, struct x509_name *b);
     98 void x509_certificate_chain_free(struct x509_certificate *cert);
     99 int x509_certificate_check_signature(struct x509_certificate *issuer,
    100 				     struct x509_certificate *cert);
    101 int x509_certificate_chain_validate(struct x509_certificate *trusted,
    102 				    struct x509_certificate *chain,
    103 				    int *reason);
    104 struct x509_certificate *
    105 x509_certificate_get_subject(struct x509_certificate *chain,
    106 			     struct x509_name *name);
    107 int x509_certificate_self_signed(struct x509_certificate *cert);
    108 
    109 #else /* CONFIG_INTERNAL_X509 */
    110 
    111 static inline void x509_certificate_free(struct x509_certificate *cert)
    112 {
    113 }
    114 
    115 static inline struct x509_certificate *
    116 x509_certificate_parse(const u8 *buf, size_t len)
    117 {
    118 	return NULL;
    119 }
    120 
    121 static inline void x509_name_string(struct x509_name *name, char *buf,
    122 				    size_t len)
    123 {
    124 	if (len)
    125 		buf[0] = '\0';
    126 }
    127 
    128 static inline void x509_certificate_chain_free(struct x509_certificate *cert)
    129 {
    130 }
    131 
    132 static inline int
    133 x509_certificate_chain_validate(struct x509_certificate *trusted,
    134 				struct x509_certificate *chain,
    135 				int *reason)
    136 {
    137 	return -1;
    138 }
    139 
    140 static inline struct x509_certificate *
    141 x509_certificate_get_subject(struct x509_certificate *chain,
    142 			     struct x509_name *name)
    143 {
    144 	return NULL;
    145 }
    146 
    147 static inline int x509_certificate_self_signed(struct x509_certificate *cert)
    148 {
    149 	return -1;
    150 }
    151 
    152 #endif /* CONFIG_INTERNAL_X509 */
    153 
    154 #endif /* X509V3_H */
    155