diff options
author | David Howells <dhowells@redhat.com> | 2012-09-24 20:11:48 +0400 |
---|---|---|
committer | Rusty Russell <rusty@rustcorp.com.au> | 2012-10-08 07:20:22 +0400 |
commit | c26fd69fa00916a31a47f5f096fd7be924106df8 (patch) | |
tree | 842075a43c3587ab0a93212b7f96563f616d6c33 /crypto/asymmetric_keys/x509_parser.h | |
parent | e1045992949160b56309b730b8bdc428f2f8b69e (diff) | |
download | linux-c26fd69fa00916a31a47f5f096fd7be924106df8.tar.xz |
X.509: Add a crypto key parser for binary (DER) X.509 certificates
Add a crypto key parser for binary (DER) encoded X.509 certificates. The
certificate is parsed and, if possible, the signature is verified.
An X.509 key can be added like this:
# keyctl padd crypto bar @s </tmp/x509.cert
15768135
and displayed like this:
# cat /proc/keys
00f09a47 I--Q--- 1 perm 39390000 0 0 asymmetri bar: X509.RSA e9fd6d08 []
Note that this only works with binary certificates. PEM encoded certificates
are ignored by the parser.
Note also that the X.509 key ID is not congruent with the PGP key ID, but for
the moment, they will match.
If a NULL or "" name is given to add_key(), then the parser will generate a key
description from the CertificateSerialNumber and Name fields of the
TBSCertificate:
00aefc4e I--Q--- 1 perm 39390000 0 0 asymmetri bfbc0cd76d050ea4:/C=GB/L=Cambridge/O=Red Hat/CN=kernel key: X509.RSA 0c688c7b []
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'crypto/asymmetric_keys/x509_parser.h')
-rw-r--r-- | crypto/asymmetric_keys/x509_parser.h | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h new file mode 100644 index 000000000000..635053f7e962 --- /dev/null +++ b/crypto/asymmetric_keys/x509_parser.h @@ -0,0 +1,36 @@ +/* X.509 certificate parser internal definitions + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#include <crypto/public_key.h> + +struct x509_certificate { + struct x509_certificate *next; + struct public_key *pub; /* Public key details */ + char *issuer; /* Name of certificate issuer */ + char *subject; /* Name of certificate subject */ + char *fingerprint; /* Key fingerprint as hex */ + char *authority; /* Authority key fingerprint as hex */ + time_t valid_from; + time_t valid_to; + enum pkey_algo pkey_algo : 8; /* Public key algorithm */ + enum pkey_algo sig_pkey_algo : 8; /* Signature public key algorithm */ + enum pkey_hash_algo sig_hash_algo : 8; /* Signature hash algorithm */ + const void *tbs; /* Signed data */ + size_t tbs_size; /* Size of signed data */ + const void *sig; /* Signature data */ + size_t sig_size; /* Size of sigature */ +}; + +/* + * x509_cert_parser.c + */ +extern void x509_free_certificate(struct x509_certificate *cert); +extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen); |