From e3f5c9cb0fcc95aa9287b5f8609294fe1a59b9da Mon Sep 17 00:00:00 2001
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
Date: Tue, 21 Apr 2020 09:38:17 +0900
Subject: lib/crypto, efi_loader: move some headers to include/crypto

Pkcs7_parse.h and x509_parser.h are used in UEFI subsystem, in particular,
secure boot. So move them to include/crypto to avoid relative paths.

Suggested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Don't include include x509_parser.h twice.
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/crypto/pkcs7_parser.c     |  4 +++
 lib/crypto/pkcs7_parser.h     | 69 -------------------------------------------
 lib/crypto/x509_cert_parser.c |  4 +++
 lib/crypto/x509_parser.h      | 61 --------------------------------------
 lib/crypto/x509_public_key.c  |  6 ++--
 5 files changed, 12 insertions(+), 132 deletions(-)
 delete mode 100644 lib/crypto/pkcs7_parser.h
 delete mode 100644 lib/crypto/x509_parser.h

(limited to 'lib/crypto')

diff --git a/lib/crypto/pkcs7_parser.c b/lib/crypto/pkcs7_parser.c
index f5dda1179f..0ee207b6b1 100644
--- a/lib/crypto/pkcs7_parser.c
+++ b/lib/crypto/pkcs7_parser.c
@@ -20,7 +20,11 @@
 #include <linux/err.h>
 #include <linux/oid_registry.h>
 #include <crypto/public_key.h>
+#ifdef __UBOOT__
+#include <crypto/pkcs7_parser.h>
+#else
 #include "pkcs7_parser.h"
+#endif
 #include "pkcs7.asn1.h"
 
 MODULE_DESCRIPTION("PKCS#7 parser");
diff --git a/lib/crypto/pkcs7_parser.h b/lib/crypto/pkcs7_parser.h
deleted file mode 100644
index b8234da45a..0000000000
--- a/lib/crypto/pkcs7_parser.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-or-later */
-/* PKCS#7 crypto data parser internal definitions
- *
- * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
- * Written by David Howells (dhowells@redhat.com)
- */
-
-#ifndef _PKCS7_PARSER_H
-#define _PKCS7_PARSER_H
-
-#include <linux/oid_registry.h>
-#include <crypto/pkcs7.h>
-#include "x509_parser.h"
-
-#define kenter(FMT, ...) \
-	pr_devel("==> %s("FMT")\n", __func__, ##__VA_ARGS__)
-#define kleave(FMT, ...) \
-	pr_devel("<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
-
-struct pkcs7_signed_info {
-	struct pkcs7_signed_info *next;
-	struct x509_certificate *signer; /* Signing certificate (in msg->certs) */
-	unsigned	index;
-	bool		unsupported_crypto;	/* T if not usable due to missing crypto */
-	bool		blacklisted;
-
-	/* Message digest - the digest of the Content Data (or NULL) */
-	const void	*msgdigest;
-	unsigned	msgdigest_len;
-
-	/* Authenticated Attribute data (or NULL) */
-	unsigned	authattrs_len;
-	const void	*authattrs;
-	unsigned long	aa_set;
-#define	sinfo_has_content_type		0
-#define	sinfo_has_signing_time		1
-#define	sinfo_has_message_digest	2
-#define sinfo_has_smime_caps		3
-#define	sinfo_has_ms_opus_info		4
-#define	sinfo_has_ms_statement_type	5
-	time64_t	signing_time;
-
-	/* Message signature.
-	 *
-	 * This contains the generated digest of _either_ the Content Data or
-	 * the Authenticated Attributes [RFC2315 9.3].  If the latter, one of
-	 * the attributes contains the digest of the the Content Data within
-	 * it.
-	 *
-	 * THis also contains the issuing cert serial number and issuer's name
-	 * [PKCS#7 or CMS ver 1] or issuing cert's SKID [CMS ver 3].
-	 */
-	struct public_key_signature *sig;
-};
-
-struct pkcs7_message {
-	struct x509_certificate *certs;	/* Certificate list */
-	struct x509_certificate *crl;	/* Revocation list */
-	struct pkcs7_signed_info *signed_infos;
-	u8		version;	/* Version of cert (1 -> PKCS#7 or CMS; 3 -> CMS) */
-	bool		have_authattrs;	/* T if have authattrs */
-
-	/* Content Data (or NULL) */
-	enum OID	data_type;	/* Type of Data */
-	size_t		data_len;	/* Length of Data */
-	size_t		data_hdrlen;	/* Length of Data ASN.1 header */
-	const void	*data;		/* Content Data (or 0) */
-};
-#endif /* _PKCS7_PARSER_H */
diff --git a/lib/crypto/x509_cert_parser.c b/lib/crypto/x509_cert_parser.c
index 4e41cffd23..18f5407a07 100644
--- a/lib/crypto/x509_cert_parser.c
+++ b/lib/crypto/x509_cert_parser.c
@@ -18,7 +18,11 @@
 #include <linux/string.h>
 #endif
 #include <crypto/public_key.h>
+#ifdef __UBOOT__
+#include <crypto/x509_parser.h>
+#else
 #include "x509_parser.h"
+#endif
 #include "x509.asn1.h"
 #include "x509_akid.asn1.h"
 
diff --git a/lib/crypto/x509_parser.h b/lib/crypto/x509_parser.h
deleted file mode 100644
index 4cbdc1d661..0000000000
--- a/lib/crypto/x509_parser.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-or-later */
-/* X.509 certificate parser internal definitions
- *
- * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
- * Written by David Howells (dhowells@redhat.com)
- */
-
-#ifndef _X509_PARSER_H
-#define _X509_PARSER_H
-
-#include <linux/time.h>
-#include <crypto/public_key.h>
-#include <keys/asymmetric-type.h>
-
-struct x509_certificate {
-	struct x509_certificate *next;
-	struct x509_certificate *signer;	/* Certificate that signed this one */
-	struct public_key *pub;			/* Public key details */
-	struct public_key_signature *sig;	/* Signature parameters */
-	char		*issuer;		/* Name of certificate issuer */
-	char		*subject;		/* Name of certificate subject */
-	struct asymmetric_key_id *id;		/* Issuer + Serial number */
-	struct asymmetric_key_id *skid;		/* Subject + subjectKeyId (optional) */
-	time64_t	valid_from;
-	time64_t	valid_to;
-	const void	*tbs;			/* Signed data */
-	unsigned	tbs_size;		/* Size of signed data */
-	unsigned	raw_sig_size;		/* Size of sigature */
-	const void	*raw_sig;		/* Signature data */
-	const void	*raw_serial;		/* Raw serial number in ASN.1 */
-	unsigned	raw_serial_size;
-	unsigned	raw_issuer_size;
-	const void	*raw_issuer;		/* Raw issuer name in ASN.1 */
-	const void	*raw_subject;		/* Raw subject name in ASN.1 */
-	unsigned	raw_subject_size;
-	unsigned	raw_skid_size;
-	const void	*raw_skid;		/* Raw subjectKeyId in ASN.1 */
-	unsigned	index;
-	bool		seen;			/* Infinite recursion prevention */
-	bool		verified;
-	bool		self_signed;		/* T if self-signed (check unsupported_sig too) */
-	bool		unsupported_key;	/* T if key uses unsupported crypto */
-	bool		unsupported_sig;	/* T if signature uses unsupported crypto */
-	bool		blacklisted;
-};
-
-/*
- * x509_cert_parser.c
- */
-extern void x509_free_certificate(struct x509_certificate *cert);
-extern struct x509_certificate *x509_cert_parse(const void *data, size_t datalen);
-extern int x509_decode_time(time64_t *_t,  size_t hdrlen,
-			    unsigned char tag,
-			    const unsigned char *value, size_t vlen);
-
-/*
- * x509_public_key.c
- */
-extern int x509_get_sig_params(struct x509_certificate *cert);
-extern int x509_check_for_self_signed(struct x509_certificate *cert);
-#endif /* _X509_PARSER_H */
diff --git a/lib/crypto/x509_public_key.c b/lib/crypto/x509_public_key.c
index 676c0df174..571af9a0ad 100644
--- a/lib/crypto/x509_public_key.c
+++ b/lib/crypto/x509_public_key.c
@@ -16,15 +16,17 @@
 #include <linux/module.h>
 #endif
 #include <linux/kernel.h>
-#ifndef __UBOOT__
+#ifdef __UBOOT__
+#include <crypto/x509_parser.h>
+#else
 #include <linux/slab.h>
 #include <keys/asymmetric-subtype.h>
 #include <keys/asymmetric-parser.h>
 #include <keys/system_keyring.h>
 #include <crypto/hash.h>
 #include "asymmetric_keys.h"
-#endif
 #include "x509_parser.h"
+#endif
 
 /*
  * Set up the signature parameters in an X.509 certificate.  This involves
-- 
cgit v1.2.3