MFC 1.45 for the 2.0 release: Properly set B_INVAL after failed read.
[dragonfly.git] / contrib / wpa_supplicant-0.5.8 / x509v3.h
bloba52bcf88645389cae5056862444e2d0f1c37b942
1 /*
2 * X.509v3 certificate parsing and processing
3 * Copyright (c) 2006, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
10 * license.
12 * See README and COPYING for more details.
15 #ifndef X509V3_H
16 #define X509V3_H
18 #include "asn1.h"
20 struct x509_algorithm_identifier {
21 struct asn1_oid oid;
24 struct x509_name {
25 char *cn; /* commonName */
26 char *c; /* countryName */
27 char *l; /* localityName */
28 char *st; /* stateOrProvinceName */
29 char *o; /* organizationName */
30 char *ou; /* organizationalUnitName */
31 char *email; /* emailAddress */
34 struct x509_certificate {
35 struct x509_certificate *next;
36 enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
37 unsigned long serial_number;
38 struct x509_algorithm_identifier signature;
39 struct x509_name issuer;
40 struct x509_name subject;
41 os_time_t not_before;
42 os_time_t not_after;
43 struct x509_algorithm_identifier public_key_alg;
44 u8 *public_key;
45 size_t public_key_len;
46 struct x509_algorithm_identifier signature_alg;
47 u8 *sign_value;
48 size_t sign_value_len;
50 /* Extensions */
51 unsigned int extensions_present;
52 #define X509_EXT_BASIC_CONSTRAINTS (1 << 0)
53 #define X509_EXT_PATH_LEN_CONSTRAINT (1 << 1)
54 #define X509_EXT_KEY_USAGE (1 << 2)
56 /* BasicConstraints */
57 int ca; /* cA */
58 unsigned long path_len_constraint; /* pathLenConstraint */
60 /* KeyUsage */
61 unsigned long key_usage;
62 #define X509_KEY_USAGE_DIGITAL_SIGNATURE (1 << 0)
63 #define X509_KEY_USAGE_NON_REPUDIATION (1 << 1)
64 #define X509_KEY_USAGE_KEY_ENCIPHERMENT (1 << 2)
65 #define X509_KEY_USAGE_DATA_ENCIPHERMENT (1 << 3)
66 #define X509_KEY_USAGE_KEY_AGREEMENT (1 << 4)
67 #define X509_KEY_USAGE_KEY_CERT_SIGN (1 << 5)
68 #define X509_KEY_USAGE_CRL_SIGN (1 << 6)
69 #define X509_KEY_USAGE_ENCIPHER_ONLY (1 << 7)
70 #define X509_KEY_USAGE_DECIPHER_ONLY (1 << 8)
73 * The DER format certificate follows struct x509_certificate. These
74 * pointers point to that buffer.
76 const u8 *cert_start;
77 size_t cert_len;
78 const u8 *tbs_cert_start;
79 size_t tbs_cert_len;
82 enum {
83 X509_VALIDATE_OK,
84 X509_VALIDATE_BAD_CERTIFICATE,
85 X509_VALIDATE_UNSUPPORTED_CERTIFICATE,
86 X509_VALIDATE_CERTIFICATE_REVOKED,
87 X509_VALIDATE_CERTIFICATE_EXPIRED,
88 X509_VALIDATE_CERTIFICATE_UNKNOWN,
89 X509_VALIDATE_UNKNOWN_CA
92 #ifdef CONFIG_INTERNAL_X509
94 void x509_certificate_free(struct x509_certificate *cert);
95 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
96 void x509_name_string(struct x509_name *name, char *buf, size_t len);
97 int x509_name_compare(struct x509_name *a, struct x509_name *b);
98 void x509_certificate_chain_free(struct x509_certificate *cert);
99 int x509_certificate_check_signature(struct x509_certificate *issuer,
100 struct x509_certificate *cert);
101 int x509_certificate_chain_validate(struct x509_certificate *trusted,
102 struct x509_certificate *chain,
103 int *reason);
104 struct x509_certificate *
105 x509_certificate_get_subject(struct x509_certificate *chain,
106 struct x509_name *name);
107 int x509_certificate_self_signed(struct x509_certificate *cert);
109 #else /* CONFIG_INTERNAL_X509 */
111 static inline void x509_certificate_free(struct x509_certificate *cert)
115 static inline struct x509_certificate *
116 x509_certificate_parse(const u8 *buf, size_t len)
118 return NULL;
121 static inline void x509_name_string(struct x509_name *name, char *buf,
122 size_t len)
124 if (len)
125 buf[0] = '\0';
128 static inline void x509_certificate_chain_free(struct x509_certificate *cert)
132 static inline int
133 x509_certificate_chain_validate(struct x509_certificate *trusted,
134 struct x509_certificate *chain,
135 int *reason)
137 return -1;
140 static inline struct x509_certificate *
141 x509_certificate_get_subject(struct x509_certificate *chain,
142 struct x509_name *name)
144 return NULL;
147 static inline int x509_certificate_self_signed(struct x509_certificate *cert)
149 return -1;
152 #endif /* CONFIG_INTERNAL_X509 */
154 #endif /* X509V3_H */