You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

115 lines
4.5 KiB

/* SPDX-License-Identifier: GPL-2.0-or-later */
/* X.509 certificate parser internal definitions
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*/
#pragma once
#include "public_key.h"
struct x509_certificate
{
struct x509_certificate *next;
struct x509_certificate *signer; /* Certificate that signed this one */
struct public_key *pub; /* Public key details */
struct public_key_signature *sig; /* Signature parameters */
char *issuer; /* Name of certificate issuer */
unsigned long issuer_tag; // Fix to 4 bytes by gmh
char *subject; /* Name of certificate subject */
unsigned long subject_tag; // Fix to 4 bytes by gmh
struct asymmetric_key_id *id; /* Issuer + Serial number */
struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */
/*time64_t*/ long long valid_from;
unsigned long valid_from_year;
unsigned long valid_from_mon;
unsigned long valid_from_day;
unsigned long valid_from_hour;
unsigned long valid_from_min;
/*time64_t*/ long long valid_to;
unsigned long valid_to_year;
unsigned long valid_to_mon;
unsigned long valid_to_day;
unsigned long valid_to_hour;
unsigned long valid_to_min;
/*time64_t*/ long long sign_time;
unsigned long sign_time_year;
unsigned long sign_time_mon;
unsigned long sign_time_day;
unsigned long sign_time_hour;
unsigned long sign_time_min;
const void *tbs; /* Signed data */
unsigned tbs_size; /* Size of signed data */
unsigned raw_sig_size; /* Size of sigature */
const void *raw_sig; /* Signature data */
const void *raw_serial; /* Raw serial number in ASN.1 */
unsigned raw_serial_size;
unsigned raw_issuer_size;
const void *raw_issuer; /* Raw issuer name in ASN.1 */
const void *raw_subject; /* Raw subject name in ASN.1 */
unsigned raw_subject_size;
unsigned raw_akid_size; // Fix to 4 bytes by gmh
unsigned raw_skid_size;
const void *raw_skid; /* Raw subjectKeyId in ASN.1 */
unsigned index;
unsigned char /*BOOLEAN*/ seen; /* Infinite recursion prevention */
unsigned char /*BOOLEAN*/ verified;
unsigned char /*BOOLEAN*/ self_signed; /* T if self-signed (check unsupported_sig too) */
unsigned char /*BOOLEAN*/ unsupported_key; /* T if key uses unsupported crypto */
unsigned char /*BOOLEAN*/ unsupported_sig; /* T if signature uses unsupported crypto */
unsigned char /*BOOLEAN*/ blacklisted;
};
struct x509_parse_context
{
struct x509_certificate *cert; /* Certificate being constructed */
/*unsigned long*/ void *data; /* Start of data */ // Fix to void* by gmh
const void *cert_start; /* Start of cert content */
const void *key; /* Key data */
size_t key_size; /* Size of key data */
enum OID last_oid; /* Last OID encountered */
enum OID algo_oid; /* Algorithm OID */
unsigned char nr_mpi; /* Number of MPIs stored */
/*u8*/ unsigned char o_size; /* Size of organizationName (O) */
/*u8*/ unsigned char cn_size; /* Size of commonName (CN) */
/*u8*/ unsigned char email_size; /* Size of emailAddress */
/*u16*/ unsigned short o_offset; /* Offset of organizationName (O) */
/*u16*/ unsigned short cn_offset; /* Offset of commonName (CN) */
/*u16*/ unsigned short email_offset; /* Offset of emailAddress */
unsigned raw_akid_size;
const void *raw_akid; /* Raw authorityKeyId in ASN.1 */
const void *akid_raw_issuer; /* Raw directoryName in authorityKeyId */
unsigned akid_raw_issuer_size;
};
/*
* x509_cert_parser.c
*/
extern void
x509_free_certificate(struct x509_certificate *cert);
extern struct x509_certificate *
x509_cert_parse(const void *data, size_t datalen);
extern int
x509_decode_time(
struct x509_certificate *cert,
unsigned char isfrom,
unsigned char issign,
/*time64_t*/ long long *_t,
size_t hdrlen,
unsigned char tag,
const unsigned char *value,
size_t vlen);
/*
* x509_public_key.c
*/
extern int
x509_get_sig_params(struct x509_certificate *cert);
extern int
x509_check_for_self_signed(struct x509_certificate *cert);