Lines Matching refs:cert
128 int x509_get_sig_params(struct x509_certificate *cert) in x509_get_sig_params() argument
138 if (cert->unsupported_crypto) in x509_get_sig_params()
140 if (cert->sig.rsa.s) in x509_get_sig_params()
143 cert->sig.rsa.s = mpi_read_raw_data(cert->raw_sig, cert->raw_sig_size); in x509_get_sig_params()
144 if (!cert->sig.rsa.s) in x509_get_sig_params()
146 cert->sig.nr_mpi = 1; in x509_get_sig_params()
151 tfm = crypto_alloc_shash(hash_algo_name[cert->sig.pkey_hash_algo], 0, 0); in x509_get_sig_params()
154 cert->unsupported_crypto = true; in x509_get_sig_params()
171 cert->sig.digest = digest; in x509_get_sig_params()
172 cert->sig.digest_size = digest_size; in x509_get_sig_params()
182 ret = crypto_shash_finup(desc, cert->tbs, cert->tbs_size, digest); in x509_get_sig_params()
194 struct x509_certificate *cert) in x509_check_signature() argument
200 ret = x509_get_sig_params(cert); in x509_check_signature()
204 ret = public_key_verify_signature(pub, &cert->sig); in x509_check_signature()
206 cert->unsupported_crypto = true; in x509_check_signature()
221 static int x509_validate_trust(struct x509_certificate *cert, in x509_validate_trust() argument
230 if (ca_keyid && !asymmetric_key_id_partial(cert->akid_skid, ca_keyid)) in x509_validate_trust()
233 key = x509_request_asymmetric_key(trust_keyring, cert->akid_skid, in x509_validate_trust()
238 ret = x509_check_signature(key->payload.data, cert); in x509_validate_trust()
250 struct x509_certificate *cert; in x509_key_preparse() local
256 cert = x509_cert_parse(prep->data, prep->datalen); in x509_key_preparse()
257 if (IS_ERR(cert)) in x509_key_preparse()
258 return PTR_ERR(cert); in x509_key_preparse()
260 pr_devel("Cert Issuer: %s\n", cert->issuer); in x509_key_preparse()
261 pr_devel("Cert Subject: %s\n", cert->subject); in x509_key_preparse()
263 if (cert->pub->pkey_algo >= PKEY_ALGO__LAST || in x509_key_preparse()
264 cert->sig.pkey_algo >= PKEY_ALGO__LAST || in x509_key_preparse()
265 cert->sig.pkey_hash_algo >= PKEY_HASH__LAST || in x509_key_preparse()
266 !pkey_algo[cert->pub->pkey_algo] || in x509_key_preparse()
267 !pkey_algo[cert->sig.pkey_algo] || in x509_key_preparse()
268 !hash_algo_name[cert->sig.pkey_hash_algo]) { in x509_key_preparse()
273 pr_devel("Cert Key Algo: %s\n", pkey_algo_name[cert->pub->pkey_algo]); in x509_key_preparse()
274 pr_devel("Cert Valid period: %lld-%lld\n", cert->valid_from, cert->valid_to); in x509_key_preparse()
276 pkey_algo_name[cert->sig.pkey_algo], in x509_key_preparse()
277 hash_algo_name[cert->sig.pkey_hash_algo]); in x509_key_preparse()
279 cert->pub->algo = pkey_algo[cert->pub->pkey_algo]; in x509_key_preparse()
280 cert->pub->id_type = PKEY_ID_X509; in x509_key_preparse()
283 if (!cert->akid_skid || in x509_key_preparse()
284 asymmetric_key_id_same(cert->skid, cert->akid_skid)) { in x509_key_preparse()
285 ret = x509_check_signature(cert->pub, cert); /* self-signed */ in x509_key_preparse()
289 ret = x509_validate_trust(cert, get_system_trusted_keyring()); in x509_key_preparse()
295 sulen = strlen(cert->subject); in x509_key_preparse()
296 if (cert->raw_skid) { in x509_key_preparse()
297 srlen = cert->raw_skid_size; in x509_key_preparse()
298 q = cert->raw_skid; in x509_key_preparse()
300 srlen = cert->raw_serial_size; in x509_key_preparse()
301 q = cert->raw_serial; in x509_key_preparse()
308 p = memcpy(desc, cert->subject, sulen); in x509_key_preparse()
318 kids->id[0] = cert->id; in x509_key_preparse()
319 kids->id[1] = cert->skid; in x509_key_preparse()
325 prep->payload[0] = cert->pub; in x509_key_preparse()
330 cert->pub = NULL; in x509_key_preparse()
331 cert->id = NULL; in x509_key_preparse()
332 cert->skid = NULL; in x509_key_preparse()
339 x509_free_certificate(cert); in x509_key_preparse()