crypto/asymmetric_keys/x509_parser.h

0001 /* SPDX-License-Identifier: GPL-2.0-or-later */
0002 /* X.509 certificate parser internal definitions
0003  *
0004  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
0005  * Written by David Howells (dhowells@redhat.com)
0006  */
0007
0008 #include <linux/time.h>
0009 #include <crypto/public_key.h>
0010 #include <keys/asymmetric-type.h>
0011
0012 struct x509_certificate {
0013     struct x509_certificate *next;
0014     struct x509_certificate *signer;    /* Certificate that signed this one */
0015     struct public_key *pub;         /* Public key details */
0016     struct public_key_signature *sig;   /* Signature parameters */
0017     char        *issuer;        /* Name of certificate issuer */
0018     char        *subject;       /* Name of certificate subject */
0019     struct asymmetric_key_id *id;       /* Issuer + Serial number */
0020     struct asymmetric_key_id *skid;     /* Subject + subjectKeyId (optional) */
0021     time64_t    valid_from;
0022     time64_t    valid_to;
0023     const void  *tbs;           /* Signed data */
0024     unsigned    tbs_size;       /* Size of signed data */
0025     unsigned    raw_sig_size;       /* Size of signature */
0026     const void  *raw_sig;       /* Signature data */
0027     const void  *raw_serial;        /* Raw serial number in ASN.1 */
0028     unsigned    raw_serial_size;
0029     unsigned    raw_issuer_size;
0030     const void  *raw_issuer;        /* Raw issuer name in ASN.1 */
0031     const void  *raw_subject;       /* Raw subject name in ASN.1 */
0032     unsigned    raw_subject_size;
0033     unsigned    raw_skid_size;
0034     const void  *raw_skid;      /* Raw subjectKeyId in ASN.1 */
0035     unsigned    index;
0036     bool        seen;           /* Infinite recursion prevention */
0037     bool        verified;
0038     bool        self_signed;        /* T if self-signed (check unsupported_sig too) */
0039     bool        unsupported_sig;    /* T if signature uses unsupported crypto */
0040     bool        blacklisted;
0041 };
0042
0043 /*
0044  * selftest.c
0045  */
0046 #ifdef CONFIG_FIPS_SIGNATURE_SELFTEST
0047 extern int __init fips_signature_selftest(void);
0048 #else
0049 static inline int fips_signature_selftest(void) { return 0; }
0050 #endif
0051
0052 /*
0053  * x509_cert_parser.c
0054  */
0055 extern void x509_free_certificate(struct x509_certificate *cert);
0056 extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);
0057 extern int x509_decode_time(time64_t *_t,  size_t hdrlen,
0058                 unsigned char tag,
0059                 const unsigned char *value, size_t vlen);
0060
0061 /*
0062  * x509_public_key.c
0063  */
0064 extern int x509_get_sig_params(struct x509_certificate *cert);
0065 extern int x509_check_for_self_signed(struct x509_certificate *cert);