1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* X.509 certificate parser internal definitions 3 * 4 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. 5 * Written by David Howells (dhowells@redhat.com) 6 */ 7 8 #include <linux/time.h> 9 #include <crypto/public_key.h> 10 #include <keys/asymmetric-type.h> 11 12 struct x509_certificate { 13 struct x509_certificate *next; 14 struct x509_certificate *signer; /* Certificate that signed this one */ 15 struct public_key *pub; /* Public key details */ 16 struct public_key_signature *sig; /* Signature parameters */ 17 char *issuer; /* Name of certificate issuer */ 18 char *subject; /* Name of certificate subject */ 19 struct asymmetric_key_id *id; /* Issuer + Serial number */ 20 struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */ 21 time64_t valid_from; 22 time64_t valid_to; 23 const void *tbs; /* Signed data */ 24 unsigned tbs_size; /* Size of signed data */ 25 unsigned raw_sig_size; /* Size of signature */ 26 const void *raw_sig; /* Signature data */ 27 const void *raw_serial; /* Raw serial number in ASN.1 */ 28 unsigned raw_serial_size; 29 unsigned raw_issuer_size; 30 const void *raw_issuer; /* Raw issuer name in ASN.1 */ 31 const void *raw_subject; /* Raw subject name in ASN.1 */ 32 unsigned raw_subject_size; 33 unsigned raw_skid_size; 34 const void *raw_skid; /* Raw subjectKeyId in ASN.1 */ 35 unsigned index; 36 bool seen; /* Infinite recursion prevention */ 37 bool verified; 38 bool self_signed; /* T if self-signed (check unsupported_sig too) */ 39 bool unsupported_sig; /* T if signature uses unsupported crypto */ 40 bool blacklisted; 41 }; 42 43 /* 44 * selftest.c 45 */ 46 #ifdef CONFIG_FIPS_SIGNATURE_SELFTEST 47 extern int __init fips_signature_selftest(void); 48 #else 49 static inline int fips_signature_selftest(void) { return 0; } 50 #endif 51 52 /* 53 * x509_cert_parser.c 54 */ 55 extern void x509_free_certificate(struct x509_certificate *cert); 56 extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen); 57 extern int x509_decode_time(time64_t *_t, size_t hdrlen, 58 unsigned char tag, 59 const unsigned char *value, size_t vlen); 60 61 /* 62 * x509_public_key.c 63 */ 64 extern int x509_get_sig_params(struct x509_certificate *cert); 65 extern int x509_check_for_self_signed(struct x509_certificate *cert); 66