summaryrefslogtreecommitdiffstats
path: root/include/crypto/x509_parser.h
diff options
context:
space:
mode:
authorAKASHI Takahiro <takahiro.akashi@linaro.org>2020-04-21 09:38:17 +0900
committerHeinrich Schuchardt <xypron.glpk@gmx.de>2020-05-04 12:26:11 +0200
commite3f5c9cb0fcc95aa9287b5f8609294fe1a59b9da (patch)
tree55a3eda717dff309fa9f793f181c07a9827d940c /include/crypto/x509_parser.h
parent7b8b63fb8ead9bd4041ab5424deb465f14ee172a (diff)
downloadu-boot-e3f5c9cb0fcc95aa9287b5f8609294fe1a59b9da.tar.gz
u-boot-e3f5c9cb0fcc95aa9287b5f8609294fe1a59b9da.tar.xz
u-boot-e3f5c9cb0fcc95aa9287b5f8609294fe1a59b9da.zip
lib/crypto, efi_loader: move some headers to include/crypto
Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular, secure boot. So move them to include/crypto to avoid relative paths. Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Don't include include x509_parser.h twice. Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Diffstat (limited to 'include/crypto/x509_parser.h')
-rw-r--r--include/crypto/x509_parser.h61
1 files changed, 61 insertions, 0 deletions
diff --git a/include/crypto/x509_parser.h b/include/crypto/x509_parser.h
new file mode 100644
index 0000000000..4cbdc1d661
--- /dev/null
+++ b/include/crypto/x509_parser.h
@@ -0,0 +1,61 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/* X.509 certificate parser internal definitions
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#ifndef _X509_PARSER_H
+#define _X509_PARSER_H
+
+#include <linux/time.h>
+#include <crypto/public_key.h>
+#include <keys/asymmetric-type.h>
+
+struct x509_certificate {
+ struct x509_certificate *next;
+ struct x509_certificate *signer; /* Certificate that signed this one */
+ struct public_key *pub; /* Public key details */
+ struct public_key_signature *sig; /* Signature parameters */
+ char *issuer; /* Name of certificate issuer */
+ char *subject; /* Name of certificate subject */
+ struct asymmetric_key_id *id; /* Issuer + Serial number */
+ struct asymmetric_key_id *skid; /* Subject + subjectKeyId (optional) */
+ time64_t valid_from;
+ time64_t valid_to;
+ const void *tbs; /* Signed data */
+ unsigned tbs_size; /* Size of signed data */
+ unsigned raw_sig_size; /* Size of sigature */
+ const void *raw_sig; /* Signature data */
+ const void *raw_serial; /* Raw serial number in ASN.1 */
+ unsigned raw_serial_size;
+ unsigned raw_issuer_size;
+ const void *raw_issuer; /* Raw issuer name in ASN.1 */
+ const void *raw_subject; /* Raw subject name in ASN.1 */
+ unsigned raw_subject_size;
+ unsigned raw_skid_size;
+ const void *raw_skid; /* Raw subjectKeyId in ASN.1 */
+ unsigned index;
+ bool seen; /* Infinite recursion prevention */
+ bool verified;
+ bool self_signed; /* T if self-signed (check unsupported_sig too) */
+ bool unsupported_key; /* T if key uses unsupported crypto */
+ bool unsupported_sig; /* T if signature uses unsupported crypto */
+ bool blacklisted;
+};
+
+/*
+ * x509_cert_parser.c
+ */
+extern void x509_free_certificate(struct x509_certificate *cert);
+extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);
+extern int x509_decode_time(time64_t *_t, size_t hdrlen,
+ unsigned char tag,
+ const unsigned char *value, size_t vlen);
+
+/*
+ * x509_public_key.c
+ */
+extern int x509_get_sig_params(struct x509_certificate *cert);
+extern int x509_check_for_self_signed(struct x509_certificate *cert);
+#endif /* _X509_PARSER_H */