2012-09-24 20:11:48 +04:00
/* X.509 certificate parser internal definitions
*
* Copyright ( C ) 2012 Red Hat , Inc . All Rights Reserved .
* Written by David Howells ( dhowells @ redhat . com )
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public Licence
* as published by the Free Software Foundation ; either version
* 2 of the Licence , or ( at your option ) any later version .
*/
2013-08-30 19:16:34 +04:00
# include <linux/time.h>
2012-09-24 20:11:48 +04:00
# include <crypto/public_key.h>
2015-10-21 16:04:48 +03:00
# include <keys/asymmetric-type.h>
2012-09-24 20:11:48 +04:00
struct x509_certificate {
struct x509_certificate * next ;
2014-07-01 19:40:19 +04:00
struct x509_certificate * signer ; /* Certificate that signed this one */
2012-09-24 20:11:48 +04:00
struct public_key * pub ; /* Public key details */
2016-04-06 18:13:33 +03:00
struct public_key_signature * sig ; /* Signature parameters */
2012-09-24 20:11:48 +04:00
char * issuer ; /* Name of certificate issuer */
char * subject ; /* Name of certificate subject */
2015-07-20 23:16:26 +03:00
struct asymmetric_key_id * id ; /* Issuer + Serial number */
2014-10-06 19:52:12 +04:00
struct asymmetric_key_id * skid ; /* Subject + subjectKeyId (optional) */
2015-07-29 18:58:32 +03:00
time64_t valid_from ;
time64_t valid_to ;
2012-09-24 20:11:48 +04:00
const void * tbs ; /* Signed data */
2013-08-30 19:18:02 +04:00
unsigned tbs_size ; /* Size of signed data */
unsigned raw_sig_size ; /* Size of sigature */
const void * raw_sig ; /* Signature data */
2014-07-01 19:40:19 +04:00
const void * raw_serial ; /* Raw serial number in ASN.1 */
unsigned raw_serial_size ;
unsigned raw_issuer_size ;
const void * raw_issuer ; /* Raw issuer name in ASN.1 */
const void * raw_subject ; /* Raw subject name in ASN.1 */
unsigned raw_subject_size ;
2014-10-03 19:17:02 +04:00
unsigned raw_skid_size ;
const void * raw_skid ; /* Raw subjectKeyId in ASN.1 */
2014-07-01 19:40:19 +04:00
unsigned index ;
bool seen ; /* Infinite recursion prevention */
bool verified ;
2016-04-06 18:13:34 +03:00
bool self_signed ; /* T if self-signed (check unsupported_sig too) */
bool unsupported_key ; /* T if key uses unsupported crypto */
bool unsupported_sig ; /* T if signature uses unsupported crypto */
2017-04-03 18:07:25 +03:00
bool blacklisted ;
2012-09-24 20:11:48 +04:00
} ;
/*
* x509_cert_parser . c
*/
extern void x509_free_certificate ( struct x509_certificate * cert ) ;
extern struct x509_certificate * x509_cert_parse ( const void * data , size_t datalen ) ;
2015-07-29 18:58:32 +03:00
extern int x509_decode_time ( time64_t * _t , size_t hdrlen ,
unsigned char tag ,
const unsigned char * value , size_t vlen ) ;
2013-08-30 19:18:02 +04:00
/*
* x509_public_key . c
*/
extern int x509_get_sig_params ( struct x509_certificate * cert ) ;
2016-04-06 18:13:34 +03:00
extern int x509_check_for_self_signed ( struct x509_certificate * cert ) ;