1 /* Support of X.509 certificates and CRLs
2 * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
3 * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
4 * Copyright (C) 2002 Mario Strasser
5 * Copyright (C) 2000-2002 Andreas Steffen, Zuercher Hochschule Winterthur
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 * RCSID $Id: x509.h,v 1.6 2004-09-30 23:14:52 danield Exp $
23 * path definitions for my X.509 or PGP cert, peer certs, cacerts and crls
25 #include <config/autoconf.h>
27 #ifdef CONFIG_USER_FLATFSD_FLATFSD
28 #define __IPSEC__PREFIX__ "/etc/config"
30 #define __IPSEC__PREFIX__ "/etc"
33 #define X509_CERT_PATH __IPSEC__PREFIX__ "/"
34 #define PGP_CERT_PATH __IPSEC__PREFIX__ "/pgpcert.pgp"
35 #define CA_CERT_PATH __IPSEC__PREFIX__
36 #define CRL_PATH __IPSEC__PREFIX__
37 #define HOST_CERT_PATH __IPSEC__PREFIX__
39 /* advance warning of imminent expiry of
40 * cacerts, public keys, and crls
42 #define CA_CERT_WARNING_INTERVAL 30 /* days */
43 #define PUBKEY_WARNING_INTERVAL 14 /* days */
44 #define CRL_WARNING_INTERVAL 7 /* days */
46 /* Definition of generalNames kinds */
53 GN_DIRECTORY_NAME = 4,
54 GN_EDI_PARTY_NAME = 5,
60 /* access structure for a GeneralName */
62 typedef struct generalName generalName_t;
70 /* access structure for an X.509v3 certificate */
72 typedef struct x509cert x509cert_t;
79 chunk_t tbsCertificate;
89 /* subjectPublicKeyInfo */
90 enum pubkey_alg subjectPublicKeyAlgorithm;
91 /* subjectPublicKey */
93 chunk_t publicExponent;
94 chunk_t issuerUniqueID;
95 chunk_t subjectUniqueID;
103 generalName_t *subjectAltName;
104 generalName_t *crlDistributionPoints;
105 /* signatureAlgorithm */
110 /* access structure for a revoked serial number */
112 typedef struct revokedCert revokedCert_t;
116 chunk_t userCertificate;
117 time_t revocationDate;
120 /* storage structure for an X.509 CRL */
122 typedef struct x509crl x509crl_t;
127 chunk_t certificateList;
135 revokedCert_t *revokedCertificates;
137 /* signatureAlgorithm */
142 /* stores either a X.509 or OpenPGP certificate */
149 /* do not send certificate requests
150 * flag set in main.c and used in ipsec_doi.c
152 extern bool no_cr_send;
154 /* used for initialization */
155 extern const x509crl_t empty_x509crl;
156 extern const x509cert_t empty_x509cert;
158 extern bool same_dn(chunk_t a, chunk_t b);
159 #define MAX_CA_PATH_LEN 7
160 extern void hex_str(chunk_t bin, chunk_t *str);
161 extern int dntoa(char *dst, size_t dstlen, chunk_t dn);
162 extern err_t atodn(char *src, chunk_t *dn);
163 extern void gntoid(struct id *id, const generalName_t *gn);
164 extern bool parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert);
165 extern bool parse_x509crl(chunk_t blob, u_int level0, x509crl_t *crl);
166 extern bool check_validity(const x509cert_t *cert);
167 extern bool verify_x509cert(const x509cert_t *cert);
168 extern bool get_mycert(cert_t *mycert, x509cert_t *cert);
169 extern x509cert_t* load_x509cert(const char* filename, const char* label);
170 extern x509cert_t* load_host_cert(const char* filename);
171 extern x509cert_t* add_x509cert(x509cert_t *cert);
172 extern void share_x509cert(x509cert_t *cert);
173 extern void release_x509cert(x509cert_t *cert);
174 extern void free_x509cert(x509cert_t *cert);
175 extern void store_x509certs(x509cert_t **firstcert);
176 extern void load_cacerts(void);
177 extern void load_crls(void);
178 extern void load_mycert(void);
179 extern void list_certs(bool utc);
180 extern void list_cacerts(bool utc);
181 extern void list_crls(bool utc);
182 extern void free_cacerts(void);
183 extern void free_crls(void);
184 extern void free_mycert(void);
185 extern void free_generalNames(generalName_t* gn);