diff options
author | Dominik Sliwa <dominik.sliwa@toradex.com> | 2017-11-21 12:59:41 +0000 |
---|---|---|
committer | Dominik Sliwa <dominik.sliwa@toradex.com> | 2017-12-22 09:40:23 +0000 |
commit | e34cb44ac7c08783b98a16eec70125e205e6eb12 (patch) | |
tree | 1101d23f1a73e5627ae187b07c7a0cf8826e10d1 /compat/verification/x509_parser.h |
initial commit
Generated againts 4.14 kernel source with
git backports 1d8cc151d365582b42be00af776270b834a7a37d
Diffstat (limited to 'compat/verification/x509_parser.h')
-rw-r--r-- | compat/verification/x509_parser.h | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/compat/verification/x509_parser.h b/compat/verification/x509_parser.h new file mode 100644 index 0000000..790631d --- /dev/null +++ b/compat/verification/x509_parser.h @@ -0,0 +1,65 @@ +/* X.509 certificate parser internal definitions + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#include <linux/time.h> +#include <crypto/public_key.h> +#include <keys/asymmetric-type.h> + +#define x509_decode_time LINUX_BACKPORT(x509_decode_time) +#define x509_cert_parse LINUX_BACKPORT(x509_cert_parse) +#define x509_free_certificate LINUX_BACKPORT(x509_free_certificate) + +struct x509_certificate { + struct x509_certificate *next; + struct x509_certificate *signer; /* Certificate that signed this one */ + struct public_key *pub; /* Public key details */ + struct public_key_signature *sig; /* Signature parameters */ + char *issuer; /* Name of certificate issuer */ + char *subject; /* Name of certificate subject */ + struct asymmetric_key_id *id; /* Issuer + Serial number */ + struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */ + time64_t valid_from; + time64_t valid_to; + const void *tbs; /* Signed data */ + unsigned tbs_size; /* Size of signed data */ + unsigned raw_sig_size; /* Size of sigature */ + const void *raw_sig; /* Signature data */ + const void *raw_serial; /* Raw serial number in ASN.1 */ + unsigned raw_serial_size; + unsigned raw_issuer_size; + const void *raw_issuer; /* Raw issuer name in ASN.1 */ + const void *raw_subject; /* Raw subject name in ASN.1 */ + unsigned raw_subject_size; + unsigned raw_skid_size; + const void *raw_skid; /* Raw subjectKeyId in ASN.1 */ + unsigned index; + bool seen; /* Infinite recursion prevention */ + bool verified; + bool self_signed; /* T if self-signed (check unsupported_sig too) */ + bool unsupported_key; /* T if key uses unsupported crypto */ + bool unsupported_sig; /* T if signature uses unsupported crypto */ + bool blacklisted; +}; + +/* + * x509_cert_parser.c + */ +extern void x509_free_certificate(struct x509_certificate *cert); +extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen); +extern int x509_decode_time(time64_t *_t, size_t hdrlen, + unsigned char tag, + const unsigned char *value, size_t vlen); + +/* + * x509_public_key.c + */ +extern int x509_get_sig_params(struct x509_certificate *cert); +extern int x509_check_for_self_signed(struct x509_certificate *cert); |