You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
115 lines
4.5 KiB
115 lines
4.5 KiB
2 years ago
|
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
||
|
/* X.509 certificate parser internal definitions
|
||
|
*
|
||
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
||
|
* Written by David Howells (dhowells@redhat.com)
|
||
|
*/
|
||
|
|
||
|
#pragma once
|
||
|
|
||
|
#include "public_key.h"
|
||
|
|
||
|
struct x509_certificate
|
||
|
{
|
||
|
struct x509_certificate *next;
|
||
|
struct x509_certificate *signer; /* Certificate that signed this one */
|
||
|
struct public_key *pub; /* Public key details */
|
||
|
struct public_key_signature *sig; /* Signature parameters */
|
||
|
char *issuer; /* Name of certificate issuer */
|
||
|
unsigned long issuer_tag; // Fix to 4 bytes by gmh
|
||
|
char *subject; /* Name of certificate subject */
|
||
|
unsigned long subject_tag; // Fix to 4 bytes by gmh
|
||
|
|
||
|
struct asymmetric_key_id *id; /* Issuer + Serial number */
|
||
|
struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */
|
||
|
/*time64_t*/ long long valid_from;
|
||
|
unsigned long valid_from_year;
|
||
|
unsigned long valid_from_mon;
|
||
|
unsigned long valid_from_day;
|
||
|
unsigned long valid_from_hour;
|
||
|
unsigned long valid_from_min;
|
||
|
|
||
|
/*time64_t*/ long long valid_to;
|
||
|
unsigned long valid_to_year;
|
||
|
unsigned long valid_to_mon;
|
||
|
unsigned long valid_to_day;
|
||
|
unsigned long valid_to_hour;
|
||
|
unsigned long valid_to_min;
|
||
|
|
||
|
/*time64_t*/ long long sign_time;
|
||
|
unsigned long sign_time_year;
|
||
|
unsigned long sign_time_mon;
|
||
|
unsigned long sign_time_day;
|
||
|
unsigned long sign_time_hour;
|
||
|
unsigned long sign_time_min;
|
||
|
|
||
|
const void *tbs; /* Signed data */
|
||
|
unsigned tbs_size; /* Size of signed data */
|
||
|
unsigned raw_sig_size; /* Size of sigature */
|
||
|
const void *raw_sig; /* Signature data */
|
||
|
const void *raw_serial; /* Raw serial number in ASN.1 */
|
||
|
unsigned raw_serial_size;
|
||
|
unsigned raw_issuer_size;
|
||
|
const void *raw_issuer; /* Raw issuer name in ASN.1 */
|
||
|
const void *raw_subject; /* Raw subject name in ASN.1 */
|
||
|
unsigned raw_subject_size;
|
||
|
unsigned raw_akid_size; // Fix to 4 bytes by gmh
|
||
|
unsigned raw_skid_size;
|
||
|
const void *raw_skid; /* Raw subjectKeyId in ASN.1 */
|
||
|
unsigned index;
|
||
|
unsigned char /*BOOLEAN*/ seen; /* Infinite recursion prevention */
|
||
|
unsigned char /*BOOLEAN*/ verified;
|
||
|
unsigned char /*BOOLEAN*/ self_signed; /* T if self-signed (check unsupported_sig too) */
|
||
|
unsigned char /*BOOLEAN*/ unsupported_key; /* T if key uses unsupported crypto */
|
||
|
unsigned char /*BOOLEAN*/ unsupported_sig; /* T if signature uses unsupported crypto */
|
||
|
unsigned char /*BOOLEAN*/ blacklisted;
|
||
|
};
|
||
|
|
||
|
struct x509_parse_context
|
||
|
{
|
||
|
struct x509_certificate *cert; /* Certificate being constructed */
|
||
|
/*unsigned long*/ void *data; /* Start of data */ // Fix to void* by gmh
|
||
|
const void *cert_start; /* Start of cert content */
|
||
|
const void *key; /* Key data */
|
||
|
size_t key_size; /* Size of key data */
|
||
|
enum OID last_oid; /* Last OID encountered */
|
||
|
enum OID algo_oid; /* Algorithm OID */
|
||
|
unsigned char nr_mpi; /* Number of MPIs stored */
|
||
|
/*u8*/ unsigned char o_size; /* Size of organizationName (O) */
|
||
|
/*u8*/ unsigned char cn_size; /* Size of commonName (CN) */
|
||
|
/*u8*/ unsigned char email_size; /* Size of emailAddress */
|
||
|
/*u16*/ unsigned short o_offset; /* Offset of organizationName (O) */
|
||
|
/*u16*/ unsigned short cn_offset; /* Offset of commonName (CN) */
|
||
|
/*u16*/ unsigned short email_offset; /* Offset of emailAddress */
|
||
|
unsigned raw_akid_size;
|
||
|
const void *raw_akid; /* Raw authorityKeyId in ASN.1 */
|
||
|
const void *akid_raw_issuer; /* Raw directoryName in authorityKeyId */
|
||
|
unsigned akid_raw_issuer_size;
|
||
|
};
|
||
|
|
||
|
/*
|
||
|
* x509_cert_parser.c
|
||
|
*/
|
||
|
extern void
|
||
|
x509_free_certificate(struct x509_certificate *cert);
|
||
|
extern struct x509_certificate *
|
||
|
x509_cert_parse(const void *data, size_t datalen);
|
||
|
extern int
|
||
|
x509_decode_time(
|
||
|
struct x509_certificate *cert,
|
||
|
unsigned char isfrom,
|
||
|
unsigned char issign,
|
||
|
/*time64_t*/ long long *_t,
|
||
|
size_t hdrlen,
|
||
|
unsigned char tag,
|
||
|
const unsigned char *value,
|
||
|
size_t vlen);
|
||
|
|
||
|
/*
|
||
|
* x509_public_key.c
|
||
|
*/
|
||
|
extern int
|
||
|
x509_get_sig_params(struct x509_certificate *cert);
|
||
|
extern int
|
||
|
x509_check_for_self_signed(struct x509_certificate *cert);
|