1 /* X.509 certificate parser internal definitions
3 * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
12 #include <linux/time.h>
13 #include <crypto/public_key.h>
15 struct x509_certificate
{
16 struct x509_certificate
*next
;
17 struct x509_certificate
*signer
; /* Certificate that signed this one */
18 struct public_key
*pub
; /* Public key details */
19 struct public_key_signature sig
; /* Signature parameters */
20 char *issuer
; /* Name of certificate issuer */
21 char *subject
; /* Name of certificate subject */
22 struct asymmetric_key_id
*id
; /* Serial number + issuer */
23 struct asymmetric_key_id
*skid
; /* Subject + subjectKeyId (optional) */
24 struct asymmetric_key_id
*authority
; /* Authority key identifier (optional) */
27 const void *tbs
; /* Signed data */
28 unsigned tbs_size
; /* Size of signed data */
29 unsigned raw_sig_size
; /* Size of sigature */
30 const void *raw_sig
; /* Signature data */
31 const void *raw_serial
; /* Raw serial number in ASN.1 */
32 unsigned raw_serial_size
;
33 unsigned raw_issuer_size
;
34 const void *raw_issuer
; /* Raw issuer name in ASN.1 */
35 const void *raw_subject
; /* Raw subject name in ASN.1 */
36 unsigned raw_subject_size
;
37 unsigned raw_skid_size
;
38 const void *raw_skid
; /* Raw subjectKeyId in ASN.1 */
40 bool seen
; /* Infinite recursion prevention */
43 bool unsupported_crypto
; /* T if can't be verified due to missing crypto */
49 extern void x509_free_certificate(struct x509_certificate
*cert
);
50 extern struct x509_certificate
*x509_cert_parse(const void *data
, size_t datalen
);
55 extern int x509_get_sig_params(struct x509_certificate
*cert
);
56 extern int x509_check_signature(const struct public_key
*pub
,
57 struct x509_certificate
*cert
);