1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0-or-later */ 2*4882a593Smuzhiyun /* X.509 certificate parser internal definitions 3*4882a593Smuzhiyun * 4*4882a593Smuzhiyun * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 5*4882a593Smuzhiyun * Written by David Howells (dhowells@redhat.com) 6*4882a593Smuzhiyun */ 7*4882a593Smuzhiyun 8*4882a593Smuzhiyun #include <linux/time.h> 9*4882a593Smuzhiyun #include <crypto/public_key.h> 10*4882a593Smuzhiyun #include <keys/asymmetric-type.h> 11*4882a593Smuzhiyun 12*4882a593Smuzhiyun struct x509_certificate { 13*4882a593Smuzhiyun struct x509_certificate *next; 14*4882a593Smuzhiyun struct x509_certificate *signer; /* Certificate that signed this one */ 15*4882a593Smuzhiyun struct public_key *pub; /* Public key details */ 16*4882a593Smuzhiyun struct public_key_signature *sig; /* Signature parameters */ 17*4882a593Smuzhiyun char *issuer; /* Name of certificate issuer */ 18*4882a593Smuzhiyun char *subject; /* Name of certificate subject */ 19*4882a593Smuzhiyun struct asymmetric_key_id *id; /* Issuer + Serial number */ 20*4882a593Smuzhiyun struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */ 21*4882a593Smuzhiyun time64_t valid_from; 22*4882a593Smuzhiyun time64_t valid_to; 23*4882a593Smuzhiyun const void *tbs; /* Signed data */ 24*4882a593Smuzhiyun unsigned tbs_size; /* Size of signed data */ 25*4882a593Smuzhiyun unsigned raw_sig_size; /* Size of sigature */ 26*4882a593Smuzhiyun const void *raw_sig; /* Signature data */ 27*4882a593Smuzhiyun const void *raw_serial; /* Raw serial number in ASN.1 */ 28*4882a593Smuzhiyun unsigned raw_serial_size; 29*4882a593Smuzhiyun unsigned raw_issuer_size; 30*4882a593Smuzhiyun const void *raw_issuer; /* Raw issuer name in ASN.1 */ 31*4882a593Smuzhiyun const void *raw_subject; /* Raw subject name in ASN.1 */ 32*4882a593Smuzhiyun unsigned raw_subject_size; 33*4882a593Smuzhiyun unsigned raw_skid_size; 34*4882a593Smuzhiyun const void *raw_skid; /* Raw subjectKeyId in ASN.1 */ 35*4882a593Smuzhiyun unsigned index; 36*4882a593Smuzhiyun bool seen; /* Infinite recursion prevention */ 37*4882a593Smuzhiyun bool verified; 38*4882a593Smuzhiyun bool self_signed; /* T if self-signed (check unsupported_sig too) */ 39*4882a593Smuzhiyun bool unsupported_key; /* T if key uses unsupported crypto */ 40*4882a593Smuzhiyun bool unsupported_sig; /* T if signature uses unsupported crypto */ 41*4882a593Smuzhiyun bool blacklisted; 42*4882a593Smuzhiyun }; 43*4882a593Smuzhiyun 44*4882a593Smuzhiyun /* 45*4882a593Smuzhiyun * x509_cert_parser.c 46*4882a593Smuzhiyun */ 47*4882a593Smuzhiyun extern void x509_free_certificate(struct x509_certificate *cert); 48*4882a593Smuzhiyun extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen); 49*4882a593Smuzhiyun extern int x509_decode_time(time64_t *_t, size_t hdrlen, 50*4882a593Smuzhiyun unsigned char tag, 51*4882a593Smuzhiyun const unsigned char *value, size_t vlen); 52*4882a593Smuzhiyun 53*4882a593Smuzhiyun /* 54*4882a593Smuzhiyun * x509_public_key.c 55*4882a593Smuzhiyun */ 56*4882a593Smuzhiyun extern int x509_get_sig_params(struct x509_certificate *cert); 57*4882a593Smuzhiyun extern int x509_check_for_self_signed(struct x509_certificate *cert); 58