2012-09-24 20:11:48 +04:00
|
|
|
/* X.509 certificate parser internal definitions
|
|
|
|
*
|
|
|
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public Licence
|
|
|
|
* as published by the Free Software Foundation; either version
|
|
|
|
* 2 of the Licence, or (at your option) any later version.
|
|
|
|
*/
|
|
|
|
|
2013-08-30 19:16:34 +04:00
|
|
|
#include <linux/time.h>
|
2012-09-24 20:11:48 +04:00
|
|
|
#include <crypto/public_key.h>
|
|
|
|
|
|
|
|
struct x509_certificate {
|
|
|
|
struct x509_certificate *next;
|
2014-07-01 19:40:19 +04:00
|
|
|
struct x509_certificate *signer; /* Certificate that signed this one */
|
2012-09-24 20:11:48 +04:00
|
|
|
struct public_key *pub; /* Public key details */
|
2014-07-01 19:40:19 +04:00
|
|
|
struct public_key_signature sig; /* Signature parameters */
|
2012-09-24 20:11:48 +04:00
|
|
|
char *issuer; /* Name of certificate issuer */
|
|
|
|
char *subject; /* Name of certificate subject */
|
2015-07-20 23:16:26 +03:00
|
|
|
struct asymmetric_key_id *id; /* Issuer + Serial number */
|
2014-10-06 19:52:12 +04:00
|
|
|
struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */
|
2015-07-20 23:16:26 +03:00
|
|
|
struct asymmetric_key_id *akid_id; /* CA AuthKeyId matching ->id (optional) */
|
|
|
|
struct asymmetric_key_id *akid_skid; /* CA AuthKeyId matching ->skid (optional) */
|
2015-07-29 18:58:32 +03:00
|
|
|
time64_t valid_from;
|
|
|
|
time64_t valid_to;
|
2012-09-24 20:11:48 +04:00
|
|
|
const void *tbs; /* Signed data */
|
2013-08-30 19:18:02 +04:00
|
|
|
unsigned tbs_size; /* Size of signed data */
|
|
|
|
unsigned raw_sig_size; /* Size of sigature */
|
|
|
|
const void *raw_sig; /* Signature data */
|
2014-07-01 19:40:19 +04:00
|
|
|
const void *raw_serial; /* Raw serial number in ASN.1 */
|
|
|
|
unsigned raw_serial_size;
|
|
|
|
unsigned raw_issuer_size;
|
|
|
|
const void *raw_issuer; /* Raw issuer name in ASN.1 */
|
|
|
|
const void *raw_subject; /* Raw subject name in ASN.1 */
|
|
|
|
unsigned raw_subject_size;
|
2014-10-03 19:17:02 +04:00
|
|
|
unsigned raw_skid_size;
|
|
|
|
const void *raw_skid; /* Raw subjectKeyId in ASN.1 */
|
2014-07-01 19:40:19 +04:00
|
|
|
unsigned index;
|
|
|
|
bool seen; /* Infinite recursion prevention */
|
|
|
|
bool verified;
|
|
|
|
bool trusted;
|
2014-09-16 20:36:15 +04:00
|
|
|
bool unsupported_crypto; /* T if can't be verified due to missing crypto */
|
2012-09-24 20:11:48 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* x509_cert_parser.c
|
|
|
|
*/
|
|
|
|
extern void x509_free_certificate(struct x509_certificate *cert);
|
|
|
|
extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);
|
2015-07-29 18:58:32 +03:00
|
|
|
extern int x509_decode_time(time64_t *_t, size_t hdrlen,
|
|
|
|
unsigned char tag,
|
|
|
|
const unsigned char *value, size_t vlen);
|
2013-08-30 19:18:02 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* x509_public_key.c
|
|
|
|
*/
|
|
|
|
extern int x509_get_sig_params(struct x509_certificate *cert);
|
|
|
|
extern int x509_check_signature(const struct public_key *pub,
|
|
|
|
struct x509_certificate *cert);
|