AKASHI Takahiro | 591535c | 2019-11-13 09:45:00 +0900 | [diff] [blame] | 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
| 2 | /* X.509 certificate parser internal definitions |
| 3 | * |
| 4 | * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. |
| 5 | * Written by David Howells (dhowells@redhat.com) |
| 6 | */ |
| 7 | |
AKASHI Takahiro | 5180e1a | 2020-04-21 09:37:52 +0900 | [diff] [blame] | 8 | #ifndef _X509_PARSER_H |
| 9 | #define _X509_PARSER_H |
| 10 | |
AKASHI Takahiro | 591535c | 2019-11-13 09:45:00 +0900 | [diff] [blame] | 11 | #include <linux/time.h> |
| 12 | #include <crypto/public_key.h> |
| 13 | #include <keys/asymmetric-type.h> |
| 14 | |
| 15 | struct x509_certificate { |
| 16 | struct x509_certificate *next; |
| 17 | struct x509_certificate *signer; /* Certificate that signed this one */ |
| 18 | struct public_key *pub; /* Public key details */ |
| 19 | struct public_key_signature *sig; /* Signature parameters */ |
| 20 | char *issuer; /* Name of certificate issuer */ |
| 21 | char *subject; /* Name of certificate subject */ |
| 22 | struct asymmetric_key_id *id; /* Issuer + Serial number */ |
| 23 | struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */ |
| 24 | time64_t valid_from; |
| 25 | time64_t valid_to; |
| 26 | const void *tbs; /* Signed data */ |
| 27 | unsigned tbs_size; /* Size of signed data */ |
| 28 | unsigned raw_sig_size; /* Size of sigature */ |
| 29 | const void *raw_sig; /* Signature data */ |
| 30 | const void *raw_serial; /* Raw serial number in ASN.1 */ |
| 31 | unsigned raw_serial_size; |
| 32 | unsigned raw_issuer_size; |
| 33 | const void *raw_issuer; /* Raw issuer name in ASN.1 */ |
| 34 | const void *raw_subject; /* Raw subject name in ASN.1 */ |
| 35 | unsigned raw_subject_size; |
| 36 | unsigned raw_skid_size; |
| 37 | const void *raw_skid; /* Raw subjectKeyId in ASN.1 */ |
| 38 | unsigned index; |
| 39 | bool seen; /* Infinite recursion prevention */ |
| 40 | bool verified; |
| 41 | bool self_signed; /* T if self-signed (check unsupported_sig too) */ |
| 42 | bool unsupported_key; /* T if key uses unsupported crypto */ |
| 43 | bool unsupported_sig; /* T if signature uses unsupported crypto */ |
| 44 | bool blacklisted; |
| 45 | }; |
| 46 | |
| 47 | /* |
| 48 | * x509_cert_parser.c |
| 49 | */ |
| 50 | extern void x509_free_certificate(struct x509_certificate *cert); |
| 51 | extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen); |
| 52 | extern int x509_decode_time(time64_t *_t, size_t hdrlen, |
| 53 | unsigned char tag, |
| 54 | const unsigned char *value, size_t vlen); |
| 55 | |
| 56 | /* |
| 57 | * x509_public_key.c |
| 58 | */ |
| 59 | extern int x509_get_sig_params(struct x509_certificate *cert); |
| 60 | extern int x509_check_for_self_signed(struct x509_certificate *cert); |
AKASHI Takahiro | 5180e1a | 2020-04-21 09:37:52 +0900 | [diff] [blame] | 61 | #endif /* _X509_PARSER_H */ |