Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / c26fd69fa00916a31a47f5f096fd7be924106df8^! / . / crypto / asymmetric_keys / x509_parser.h
commitc26fd69fa00916a31a47f5f096fd7be924106df8[log] [tgz]
authorDavid Howells <dhowells@redhat.com>Mon Sep 24 17:11:48 2012 +0100
committerRusty Russell <rusty@rustcorp.com.au>Mon Oct 08 13:50:22 2012 +1030
tree842075a43c3587ab0a93212b7f96563f616d6c33
parente1045992949160b56309b730b8bdc428f2f8b69e [diff] [blame]
X.509: Add a crypto key parser for binary (DER) X.509 certificates

Add a crypto key parser for binary (DER) encoded X.509 certificates.  The
certificate is parsed and, if possible, the signature is verified.

An X.509 key can be added like this:

	# keyctl padd crypto bar @s </tmp/x509.cert
	15768135

and displayed like this:

	# cat /proc/keys
	00f09a47 I--Q---     1 perm 39390000     0     0 asymmetri bar: X509.RSA e9fd6d08 []

Note that this only works with binary certificates.  PEM encoded certificates
are ignored by the parser.

Note also that the X.509 key ID is not congruent with the PGP key ID, but for
the moment, they will match.

If a NULL or "" name is given to add_key(), then the parser will generate a key
description from the CertificateSerialNumber and Name fields of the
TBSCertificate:

	00aefc4e I--Q---     1 perm 39390000     0     0 asymmetri bfbc0cd76d050ea4:/C=GB/L=Cambridge/O=Red Hat/CN=kernel key: X509.RSA 0c688c7b []

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
new file mode 100644
index 0000000..635053f
--- /dev/null
+++ b/crypto/asymmetric_keys/x509_parser.h

@@ -0,0 +1,36 @@
+/* X.509 certificate parser internal definitions
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#include <crypto/public_key.h>
+
+struct x509_certificate {
+	struct x509_certificate *next;
+	struct public_key *pub;			/* Public key details */
+	char		*issuer;		/* Name of certificate issuer */
+	char		*subject;		/* Name of certificate subject */
+	char		*fingerprint;		/* Key fingerprint as hex */
+	char		*authority;		/* Authority key fingerprint as hex */
+	time_t		valid_from;
+	time_t		valid_to;
+	enum pkey_algo	pkey_algo : 8;		/* Public key algorithm */
+	enum pkey_algo	sig_pkey_algo : 8;	/* Signature public key algorithm */
+	enum pkey_hash_algo sig_hash_algo : 8;	/* Signature hash algorithm */
+	const void	*tbs;			/* Signed data */
+	size_t		tbs_size;		/* Size of signed data */
+	const void	*sig;			/* Signature data */
+	size_t		sig_size;		/* Size of sigature */
+};
+
+/*
+ * x509_cert_parser.c
+ */
+extern void x509_free_certificate(struct x509_certificate *cert);
+extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);