1c26fd69fSDavid Howells /* X.509 certificate parser internal definitions 2c26fd69fSDavid Howells * 3c26fd69fSDavid Howells * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 4c26fd69fSDavid Howells * Written by David Howells (dhowells@redhat.com) 5c26fd69fSDavid Howells * 6c26fd69fSDavid Howells * This program is free software; you can redistribute it and/or 7c26fd69fSDavid Howells * modify it under the terms of the GNU General Public Licence 8c26fd69fSDavid Howells * as published by the Free Software Foundation; either version 9c26fd69fSDavid Howells * 2 of the Licence, or (at your option) any later version. 10c26fd69fSDavid Howells */ 11c26fd69fSDavid Howells 1257be4a78SDavid Howells #include <linux/time.h> 13c26fd69fSDavid Howells #include <crypto/public_key.h> 14146aa8b1SDavid Howells #include <keys/asymmetric-type.h> 15c26fd69fSDavid Howells 16c26fd69fSDavid Howells struct x509_certificate { 17c26fd69fSDavid Howells struct x509_certificate *next; 1884aabd46SDavid Howells struct x509_certificate *signer; /* Certificate that signed this one */ 19c26fd69fSDavid Howells struct public_key *pub; /* Public key details */ 2084aabd46SDavid Howells struct public_key_signature sig; /* Signature parameters */ 21c26fd69fSDavid Howells char *issuer; /* Name of certificate issuer */ 22c26fd69fSDavid Howells char *subject; /* Name of certificate subject */ 23b92e6570SDavid Howells struct asymmetric_key_id *id; /* Issuer + Serial number */ 248dd60980SDmitry Kasatkin struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */ 25b92e6570SDavid Howells struct asymmetric_key_id *akid_id; /* CA AuthKeyId matching ->id (optional) */ 26b92e6570SDavid Howells struct asymmetric_key_id *akid_skid; /* CA AuthKeyId matching ->skid (optional) */ 27fd19a3d1SDavid Howells time64_t valid_from; 28fd19a3d1SDavid Howells time64_t valid_to; 29c26fd69fSDavid Howells const void *tbs; /* Signed data */ 30b426beb6SDavid Howells unsigned tbs_size; /* Size of signed data */ 31b426beb6SDavid Howells unsigned raw_sig_size; /* Size of sigature */ 32b426beb6SDavid Howells const void *raw_sig; /* Signature data */ 3384aabd46SDavid Howells const void *raw_serial; /* Raw serial number in ASN.1 */ 3484aabd46SDavid Howells unsigned raw_serial_size; 3584aabd46SDavid Howells unsigned raw_issuer_size; 3684aabd46SDavid Howells const void *raw_issuer; /* Raw issuer name in ASN.1 */ 3784aabd46SDavid Howells const void *raw_subject; /* Raw subject name in ASN.1 */ 3884aabd46SDavid Howells unsigned raw_subject_size; 39dd2f6c44SDavid Howells unsigned raw_skid_size; 40dd2f6c44SDavid Howells const void *raw_skid; /* Raw subjectKeyId in ASN.1 */ 4184aabd46SDavid Howells unsigned index; 4284aabd46SDavid Howells bool seen; /* Infinite recursion prevention */ 4384aabd46SDavid Howells bool verified; 4484aabd46SDavid Howells bool trusted; 4541559420SDavid Howells bool unsupported_crypto; /* T if can't be verified due to missing crypto */ 46c26fd69fSDavid Howells }; 47c26fd69fSDavid Howells 48c26fd69fSDavid Howells /* 49c26fd69fSDavid Howells * x509_cert_parser.c 50c26fd69fSDavid Howells */ 51c26fd69fSDavid Howells extern void x509_free_certificate(struct x509_certificate *cert); 52c26fd69fSDavid Howells extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen); 53fd19a3d1SDavid Howells extern int x509_decode_time(time64_t *_t, size_t hdrlen, 54fd19a3d1SDavid Howells unsigned char tag, 55fd19a3d1SDavid Howells const unsigned char *value, size_t vlen); 56b426beb6SDavid Howells 57b426beb6SDavid Howells /* 58b426beb6SDavid Howells * x509_public_key.c 59b426beb6SDavid Howells */ 60b426beb6SDavid Howells extern int x509_get_sig_params(struct x509_certificate *cert); 61b426beb6SDavid Howells extern int x509_check_signature(const struct public_key *pub, 62b426beb6SDavid Howells struct x509_certificate *cert); 63