crypto/asymmetric_keys/x509_parser.h

   1 /* SPDX-License-Identifier: GPL-2.0-or-later */
   2 /* X.509 certificate parser internal definitions
   3  *
   4  * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
   5  * Written by David Howells (dhowells@redhat.com)
   6  */
   7
   8 #include <linux/time.h>
   9 #include <crypto/public_key.h>
  10 #include <keys/asymmetric-type.h>
  11
  12 struct x509_certificate {
  13         struct x509_certificate *next;
  14         struct x509_certificate *signer;        /* Certificate that signed this one */
  15         struct public_key *pub;                 /* Public key details */
  16         struct public_key_signature *sig;       /* Signature parameters */
  17         char            *issuer;                /* Name of certificate issuer */
  18         char            *subject;               /* Name of certificate subject */
  19         struct asymmetric_key_id *id;           /* Issuer + Serial number */
  20         struct asymmetric_key_id *skid;         /* Subject + subjectKeyId (optional) */
  21         time64_t        valid_from;
  22         time64_t        valid_to;
  23         const void      *tbs;                   /* Signed data */
  24         unsigned        tbs_size;               /* Size of signed data */
  25         unsigned        raw_sig_size;           /* Size of signature */
  26         const void      *raw_sig;               /* Signature data */
  27         const void      *raw_serial;            /* Raw serial number in ASN.1 */
  28         unsigned        raw_serial_size;
  29         unsigned        raw_issuer_size;
  30         const void      *raw_issuer;            /* Raw issuer name in ASN.1 */
  31         const void      *raw_subject;           /* Raw subject name in ASN.1 */
  32         unsigned        raw_subject_size;
  33         unsigned        raw_skid_size;
  34         const void      *raw_skid;              /* Raw subjectKeyId in ASN.1 */
  35         unsigned        index;
  36         bool            seen;                   /* Infinite recursion prevention */
  37         bool            verified;
  38         bool            self_signed;            /* T if self-signed (check unsupported_sig too) */
  39         bool            unsupported_sig;        /* T if signature uses unsupported crypto */
  40         bool            blacklisted;
  41 };
  42
  43 /*
  44  * selftest.c
  45  */
  46 #ifdef CONFIG_FIPS_SIGNATURE_SELFTEST
  47 extern int __init fips_signature_selftest(void);
  48 #else
  49 static inline int fips_signature_selftest(void) { return 0; }
  50 #endif
  51
  52 /*
  53  * x509_cert_parser.c
  54  */
  55 extern void x509_free_certificate(struct x509_certificate *cert);
  56 extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);
  57 extern int x509_decode_time(time64_t *_t,  size_t hdrlen,
  58                             unsigned char tag,
  59                             const unsigned char *value, size_t vlen);
  60
  61 /*
  62  * x509_public_key.c
  63  */
  64 extern int x509_get_sig_params(struct x509_certificate *cert);
  65 extern int x509_check_for_self_signed(struct x509_certificate *cert);