Lines Matching refs:cert
20 struct x509_certificate *cert; /* Certificate being constructed */
26 enum OID key_algo; /* Algorithm used by the cert's key */
28 enum OID sig_algo; /* Algorithm used to sign the cert */
44 void x509_free_certificate(struct x509_certificate *cert)
46 if (cert) {
47 public_key_free(cert->pub);
48 public_key_signature_free(cert->sig);
49 kfree(cert->issuer);
50 kfree(cert->subject);
51 kfree(cert->id);
52 kfree(cert->skid);
53 kfree(cert);
63 struct x509_certificate *cert;
69 cert = kzalloc(sizeof(struct x509_certificate), GFP_KERNEL);
70 if (!cert)
72 cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL);
73 if (!cert->pub)
75 cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL);
76 if (!cert->sig)
82 ctx->cert = cert;
103 cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL);
104 if (!cert->pub->key)
107 cert->pub->keylen = ctx->key_size;
109 cert->pub->params = kmemdup(ctx->params, ctx->params_size, GFP_KERNEL);
110 if (!cert->pub->params)
113 cert->pub->paramlen = ctx->params_size;
114 cert->pub->algo = ctx->key_algo;
117 ret = x509_get_sig_params(cert);
121 /* Generate cert issuer + serial number key ID */
122 kid = asymmetric_key_generate_id(cert->raw_serial,
123 cert->raw_serial_size,
124 cert->raw_issuer,
125 cert->raw_issuer_size);
130 cert->id = kid;
133 ret = x509_check_for_self_signed(cert);
138 return cert;
143 x509_free_certificate(cert);
182 ctx->cert->tbs = value - hdrlen;
183 ctx->cert->tbs_size = vlen + hdrlen;
204 ctx->cert->sig->hash_algo = "md4";
208 ctx->cert->sig->hash_algo = "sha1";
212 ctx->cert->sig->hash_algo = "sha256";
216 ctx->cert->sig->hash_algo = "sha384";
220 ctx->cert->sig->hash_algo = "sha512";
224 ctx->cert->sig->hash_algo = "sha224";
228 ctx->cert->sig->hash_algo = "sha1";
232 ctx->cert->sig->hash_algo = "sha224";
236 ctx->cert->sig->hash_algo = "sha256";
240 ctx->cert->sig->hash_algo = "sha384";
244 ctx->cert->sig->hash_algo = "sha512";
248 ctx->cert->sig->hash_algo = "streebog256";
252 ctx->cert->sig->hash_algo = "streebog512";
256 ctx->cert->sig->hash_algo = "sm3";
261 ctx->cert->sig->pkey_algo = "rsa";
262 ctx->cert->sig->encoding = "pkcs1";
266 ctx->cert->sig->pkey_algo = "ecrdsa";
267 ctx->cert->sig->encoding = "raw";
271 ctx->cert->sig->pkey_algo = "sm2";
272 ctx->cert->sig->encoding = "raw";
276 ctx->cert->sig->pkey_algo = "ecdsa";
277 ctx->cert->sig->encoding = "x962";
304 if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 ||
305 strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 ||
306 strcmp(ctx->cert->sig->pkey_algo, "sm2") == 0 ||
307 strcmp(ctx->cert->sig->pkey_algo, "ecdsa") == 0) {
316 ctx->cert->raw_sig = value;
317 ctx->cert->raw_sig_size = vlen;
329 ctx->cert->raw_serial = value;
330 ctx->cert->raw_serial_size = vlen;
448 ctx->cert->raw_issuer = value;
449 ctx->cert->raw_issuer_size = vlen;
451 if (!ctx->cert->sig->auth_ids[2]) {
455 ctx->cert->sig->auth_ids[2] = kid;
458 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);
466 ctx->cert->raw_subject = value;
467 ctx->cert->raw_subject_size = vlen;
468 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);
485 if (!ctx->cert->raw_subject || ctx->key)
505 ctx->cert->pub->pkey_algo = "rsa";
509 ctx->cert->pub->pkey_algo = "ecrdsa";
512 ctx->cert->pub->pkey_algo = "sm2";
520 ctx->cert->pub->pkey_algo = "sm2";
523 ctx->cert->pub->pkey_algo = "ecdsa-nist-p192";
526 ctx->cert->pub->pkey_algo = "ecdsa-nist-p256";
529 ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";
565 if (ctx->cert->skid || vlen < 3)
572 ctx->cert->raw_skid_size = vlen;
573 ctx->cert->raw_skid = v;
577 ctx->cert->skid = kid;
602 ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_DIGITALSIG;
604 ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN;
606 ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_KEYCERTSIGN;
635 ctx->cert->pub->key_eflags |= 1 << KEY_EFLAG_CA;
742 return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen);
750 return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen);
765 if (ctx->cert->sig->auth_ids[1])
772 ctx->cert->sig->auth_ids[1] = kid;
804 if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0])
815 ctx->cert->sig->auth_ids[0] = kid;