Updated to hostap_2_6

[mech_eap.git] / libeap / src / tls / x509v3.h

diff --git a/libeap/src/tls/x509v3.h b/libeap/src/tls/x509v3.h
index 91a35ba..7df8e2a 100644 (file)
--- a/libeap/src/tls/x509v3.h
+++ b/libeap/src/tls/x509v3.h
@@ -45,13 +45,18 @@ struct x509_name {
        struct asn1_oid rid; /* registeredID */
 };
 
+#define X509_MAX_SERIAL_NUM_LEN 20
+
 struct x509_certificate {
        struct x509_certificate *next;
        enum { X509_CERT_V1 = 0, X509_CERT_V2 = 1, X509_CERT_V3 = 2 } version;
-       unsigned long serial_number;
+       u8 serial_number[X509_MAX_SERIAL_NUM_LEN];
+       size_t serial_number_len;
        struct x509_algorithm_identifier signature;
        struct x509_name issuer;
        struct x509_name subject;
+       u8 *subject_dn;
+       size_t subject_dn_len;
        os_time_t not_before;
        os_time_t not_after;
        struct x509_algorithm_identifier public_key_alg;
@@ -68,6 +73,7 @@ struct x509_certificate {
 #define X509_EXT_KEY_USAGE                     (1 << 2)
 #define X509_EXT_SUBJECT_ALT_NAME              (1 << 3)
 #define X509_EXT_ISSUER_ALT_NAME               (1 << 4)
+#define X509_EXT_EXT_KEY_USAGE                 (1 << 5)
 
        /* BasicConstraints */
        int ca; /* cA */
@@ -85,6 +91,13 @@ struct x509_certificate {
 #define X509_KEY_USAGE_ENCIPHER_ONLY           (1 << 7)
 #define X509_KEY_USAGE_DECIPHER_ONLY           (1 << 8)
 
+       /* ExtKeyUsage */
+       unsigned long ext_key_usage;
+#define X509_EXT_KEY_USAGE_ANY                 (1 << 0)
+#define X509_EXT_KEY_USAGE_SERVER_AUTH         (1 << 1)
+#define X509_EXT_KEY_USAGE_CLIENT_AUTH         (1 << 2)
+#define X509_EXT_KEY_USAGE_OCSP                        (1 << 3)
+
        /*
         * The DER format certificate follows struct x509_certificate. These
         * pointers point to that buffer.
@@ -93,6 +106,11 @@ struct x509_certificate {
        size_t cert_len;
        const u8 *tbs_cert_start;
        size_t tbs_cert_len;
+
+       /* Meta data used for certificate validation */
+       unsigned int ocsp_good:1;
+       unsigned int ocsp_revoked:1;
+       unsigned int issuer_trusted:1;
 };
 
 enum {
@@ -106,10 +124,21 @@ enum {
 };
 
 void x509_certificate_free(struct x509_certificate *cert);
+int x509_parse_algorithm_identifier(const u8 *buf, size_t len,
+                                   struct x509_algorithm_identifier *id,
+                                   const u8 **next);
+int x509_parse_name(const u8 *buf, size_t len, struct x509_name *name,
+                   const u8 **next);
+int x509_parse_time(const u8 *buf, size_t len, u8 asn1_tag, os_time_t *val);
 struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len);
+void x509_free_name(struct x509_name *name);
 void x509_name_string(struct x509_name *name, char *buf, size_t len);
 int x509_name_compare(struct x509_name *a, struct x509_name *b);
 void x509_certificate_chain_free(struct x509_certificate *cert);
+int x509_check_signature(struct x509_certificate *issuer,
+                        struct x509_algorithm_identifier *signature,
+                        const u8 *sign_value, size_t sign_value_len,
+                        const u8 *signed_data, size_t signed_data_len);
 int x509_certificate_check_signature(struct x509_certificate *issuer,
                                     struct x509_certificate *cert);
 int x509_certificate_chain_validate(struct x509_certificate *trusted,
@@ -120,4 +149,9 @@ x509_certificate_get_subject(struct x509_certificate *chain,
                             struct x509_name *name);
 int x509_certificate_self_signed(struct x509_certificate *cert);
 
+int x509_sha1_oid(struct asn1_oid *oid);
+int x509_sha256_oid(struct asn1_oid *oid);
+int x509_sha384_oid(struct asn1_oid *oid);
+int x509_sha512_oid(struct asn1_oid *oid);
+
 #endif /* X509V3_H */