iPXE
|
Cryptographic Message Syntax (PKCS #7) More...
#include <stdint.h>
#include <string.h>
#include <time.h>
#include <errno.h>
#include <ipxe/asn1.h>
#include <ipxe/x509.h>
#include <ipxe/image.h>
#include <ipxe/malloc.h>
#include <ipxe/uaccess.h>
#include <ipxe/privkey.h>
#include <ipxe/cms.h>
Go to the source code of this file.
Functions | |
FILE_LICENCE (GPL2_OR_LATER_OR_UBDL) | |
static int | cms_parse_signed (struct cms_message *cms, const struct asn1_cursor *raw) |
Parse CMS signed data. More... | |
static int | cms_parse_enveloped (struct cms_message *cms, const struct asn1_cursor *raw) |
Parse CMS enveloped data. More... | |
static int | cms_parse_content_type (struct cms_message *cms, const struct asn1_cursor *raw) |
Parse CMS message content type. More... | |
static int | cms_parse_certificates (struct cms_message *cms, const struct asn1_cursor *raw) |
Parse CMS message certificate list. More... | |
static int | cms_parse_identifier (struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw) |
Parse CMS message participant identifier. More... | |
static int | cms_parse_digest_algorithm (struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw) |
Parse CMS message digest algorithm. More... | |
static int | cms_parse_pubkey_algorithm (struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw) |
Parse CMS message public-key algorithm. More... | |
static int | cms_parse_cipher_algorithm (struct cms_message *cms, const struct asn1_cursor *raw) |
Parse CMS message cipher algorithm. More... | |
static int | cms_parse_value (struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw) |
Parse CMS message signature or key value. More... | |
static int | cms_parse_participant (struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw) |
Parse CMS message participant information. More... | |
static int | cms_parse_participants (struct cms_message *cms, const struct asn1_cursor *raw) |
Parse CMS message participants information. More... | |
static int | cms_parse_encrypted (struct cms_message *cms, const struct asn1_cursor *raw) |
Parse CMS message encrypted content information. More... | |
static int | cms_parse_mac (struct cms_message *cms, const struct asn1_cursor *raw) |
Parse CMS message MAC. More... | |
static int | cms_parse (struct cms_message *cms) |
Parse CMS message from ASN.1 data. More... | |
static void | cms_free (struct refcnt *refcnt) |
Free CMS message. More... | |
int | cms_message (struct image *image, struct cms_message **cms) |
Create CMS message. More... | |
static void | cms_digest (struct cms_message *cms, struct cms_participant *part, userptr_t data, size_t len, void *out) |
Calculate digest of CMS-signed data. More... | |
static int | cms_verify_digest (struct cms_message *cms, struct cms_participant *part, struct x509_certificate *cert, userptr_t data, size_t len) |
Verify digest of CMS-signed data. More... | |
static int | cms_verify_signer (struct cms_message *cms, struct cms_participant *part, userptr_t data, size_t len, time_t time, struct x509_chain *store, struct x509_root *root) |
Verify CMS message signer. More... | |
int | cms_verify (struct cms_message *cms, struct image *image, const char *name, time_t time, struct x509_chain *store, struct x509_root *root) |
Verify CMS signature. More... | |
static struct cms_participant * | cms_recipient (struct cms_message *cms, struct private_key *private_key) |
Identify CMS recipient corresponding to private key. More... | |
static int | cms_cipher_key (struct cms_message *cms, struct cms_participant *part, struct private_key *private_key, void *ctx) |
Set CMS cipher key. More... | |
static int | cms_cipher (struct cms_message *cms, struct private_key *private_key, void *ctx) |
Initialise cipher for CMS decryption. More... | |
static int | cms_verify_padding (struct cms_message *cms, const void *data, size_t len) |
Check CMS padding. More... | |
int | cms_decrypt (struct cms_message *cms, struct image *image, const char *name, struct private_key *private_key) |
Decrypt CMS message. More... | |
Variables | |
static uint8_t | oid_signeddata [] = { ASN1_OID_SIGNEDDATA } |
"id-signedData" object identifier More... | |
static uint8_t | oid_envelopeddata [] = { ASN1_OID_ENVELOPEDDATA } |
"id-envelopedData" object identifier More... | |
static uint8_t | oid_authenvelopeddata [] = { ASN1_OID_AUTHENVELOPEDDATA } |
"id-authEnvelopedData" object identifier More... | |
static struct cms_type | cms_types [] |
CMS message types. More... | |
Cryptographic Message Syntax (PKCS #7)
The format of CMS messages is defined in RFC 5652.
Definition in file cms.c.
#define EACCES_NON_SIGNING __einfo_error ( EINFO_EACCES_NON_SIGNING ) |
#define EINFO_EACCES_NON_SIGNING __einfo_uniqify ( EINFO_EACCES, 0x01, "Not a signing certificate" ) |
#define EACCES_NON_CODE_SIGNING __einfo_error ( EINFO_EACCES_NON_CODE_SIGNING ) |
#define EINFO_EACCES_NON_CODE_SIGNING __einfo_uniqify ( EINFO_EACCES, 0x02, "Not a code-signing certificate" ) |
#define EACCES_WRONG_NAME __einfo_error ( EINFO_EACCES_WRONG_NAME ) |
#define EINFO_EACCES_WRONG_NAME __einfo_uniqify ( EINFO_EACCES, 0x04, "Incorrect certificate name" ) |
#define EACCES_NO_SIGNATURES __einfo_error ( EINFO_EACCES_NO_SIGNATURES ) |
#define EINFO_EACCES_NO_SIGNATURES __einfo_uniqify ( EINFO_EACCES, 0x05, "No signatures present" ) |
#define EACCES_NO_RECIPIENTS __einfo_error ( EINFO_EACCES_NO_RECIPIENTS ) |
#define EINFO_EACCES_NO_RECIPIENTS __einfo_uniqify ( EINFO_EACCES, 0x06, "No usable recipients" ) |
#define EACCES_LEN __einfo_error ( EINFO_EACCES_LEN ) |
#define EINFO_EACCES_LEN __einfo_uniqify ( EINFO_EACCES, 0x07, "Bad file length" ) |
#define EACCES_PAD __einfo_error ( EINFO_EACCES_PAD ) |
#define EINFO_EACCES_PAD __einfo_uniqify ( EINFO_EACCES, 0x08, "Bad block padding" ) |
#define EACCES_MAC __einfo_error ( EINFO_EACCES_MAC ) |
#define EINFO_EACCES_MAC __einfo_uniqify ( EINFO_EACCES, 0x09, "Invalid MAC" ) |
#define ENOTSUP_TYPE __einfo_error ( EINFO_ENOTSUP_TYPE ) |
#define EINFO_ENOTSUP_TYPE __einfo_uniqify ( EINFO_ENOTSUP, 0x01, "Unrecognised message type" ) |
#define CMS_DECRYPT_BLKSZ 2048 |
FILE_LICENCE | ( | GPL2_OR_LATER_OR_UBDL | ) |
|
static |
Parse CMS signed data.
cms | CMS message |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 535 of file cms.c.
References asn1_enter(), ASN1_EXPLICIT_TAG, ASN1_INTEGER, ASN1_SEQUENCE, ASN1_SET, asn1_skip(), asn1_skip_any(), asn1_skip_if_exists(), cms_message::certificates, cms_parse_certificates(), cms_parse_participants(), ENOMEM, memcpy(), raw, rc, and x509_alloc_chain().
|
static |
Parse CMS enveloped data.
cms | CMS message |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 580 of file cms.c.
References asn1_enter(), ASN1_IMPLICIT_TAG, ASN1_INTEGER, ASN1_SEQUENCE, asn1_skip(), asn1_skip_any(), asn1_skip_if_exists(), assert(), cipher_algorithm::authsize, cms_message::cipher, cms_parse_encrypted(), cms_parse_mac(), cms_parse_participants(), memcpy(), NULL, raw, and rc.
|
static |
Parse CMS message content type.
cms | CMS message |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 131 of file cms.c.
References asn1_compare(), asn1_enter(), ASN1_OID, cms_types, DBGC, DBGC_HDA, ENOTSUP_TYPE, memcpy(), raw, type, and cms_message::type.
Referenced by cms_parse().
|
static |
Parse CMS message certificate list.
cms | CMS message |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 165 of file cms.c.
References asn1_enter(), ASN1_EXPLICIT_TAG, asn1_skip_any(), cms_message::certificates, asn1_cursor::data, DBGC, DBGC_HDA, asn1_cursor::len, memcpy(), raw, rc, strerror(), x509_append_raw(), x509_last(), and x509_name().
Referenced by cms_parse_signed().
|
static |
Parse CMS message participant identifier.
cms | CMS message |
part | Participant information to fill in |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 205 of file cms.c.
References asn1_enter(), ASN1_INTEGER, ASN1_SEQUENCE, asn1_shrink(), asn1_skip_any(), cms_message::certificates, cms_participant::chain, cms_is_signature(), DBGC, DBGC_HDA, ENOENT, x509_certificate::issuer, memcpy(), raw, rc, serial, strerror(), x509_append(), x509_auto_append(), and x509_find_issuer_serial().
Referenced by cms_parse_participant().
|
static |
Parse CMS message digest algorithm.
cms | CMS message |
part | Participant information to fill in |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 275 of file cms.c.
References algorithm, asn1_digest_algorithm(), DBGC, DBGC_HDA, cms_participant::digest, raw, rc, and strerror().
Referenced by cms_parse_participant().
|
static |
Parse CMS message public-key algorithm.
cms | CMS message |
part | Participant information to fill in |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 305 of file cms.c.
References algorithm, asn1_pubkey_algorithm(), DBGC, DBGC_HDA, cms_participant::pubkey, raw, rc, and strerror().
Referenced by cms_parse_participant().
|
static |
Parse CMS message cipher algorithm.
cms | CMS message |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 334 of file cms.c.
References algorithm, asn1_cipher_algorithm(), cms_message::cipher, DBGC, DBGC_HDA, cms_message::iv, raw, rc, and strerror().
Referenced by cms_parse_encrypted().
|
static |
Parse CMS message signature or key value.
cms | CMS message |
part | Participant information to fill in |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 363 of file cms.c.
References asn1_enter(), ASN1_OCTET_STRING, asn1_cursor::data, DBGC, DBGC_HDA, asn1_cursor::len, memcpy(), raw, rc, and cms_participant::value.
Referenced by cms_parse_participant().
|
static |
Parse CMS message participant information.
cms | CMS message |
part | Participant information to fill in |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 390 of file cms.c.
References asn1_enter(), ASN1_EXPLICIT_TAG, ASN1_INTEGER, ASN1_SEQUENCE, asn1_skip(), asn1_skip_any(), asn1_skip_if_exists(), cms_is_signature(), cms_parse_digest_algorithm(), cms_parse_identifier(), cms_parse_pubkey_algorithm(), cms_parse_value(), memcpy(), raw, and rc.
Referenced by cms_parse_participants().
|
static |
Parse CMS message participants information.
cms | CMS message |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 440 of file cms.c.
References asn1_enter(), ASN1_SET, asn1_skip_any(), cms_participant::chain, cms_parse_participant(), ENOMEM, asn1_cursor::len, cms_participant::list, list_add, memcpy(), cms_message::participants, raw, rc, x509_alloc_chain(), and zalloc().
Referenced by cms_parse_enveloped(), and cms_parse_signed().
|
static |
Parse CMS message encrypted content information.
cms | CMS message |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 484 of file cms.c.
References asn1_enter(), ASN1_OID, ASN1_SEQUENCE, asn1_skip(), cms_parse_cipher_algorithm(), memcpy(), raw, and rc.
Referenced by cms_parse_enveloped().
|
static |
Parse CMS message MAC.
cms | CMS message |
raw | ASN.1 cursor |
rc | Return status code |
Definition at line 510 of file cms.c.
References asn1_enter(), ASN1_OCTET_STRING, asn1_cursor::data, DBGC, DBGC_HDA, asn1_cursor::len, cms_message::mac, memcpy(), raw, rc, and strerror().
Referenced by cms_parse_enveloped().
|
static |
Parse CMS message from ASN.1 data.
cms | CMS message |
rc | Return status code |
Definition at line 623 of file cms.c.
References asn1_enter(), ASN1_EXPLICIT_TAG, ASN1_SEQUENCE, asn1_skip_any(), cms_parse_content_type(), memcpy(), cms_type::parse, cms_message::raw, rc, and cms_message::type.
Referenced by cms_message().
|
static |
Free CMS message.
refcnt | Reference count |
Definition at line 651 of file cms.c.
References cms_message::certificates, cms_participant::chain, container_of, free, cms_participant::list, list_del, list_for_each_entry_safe, cms_message::participants, cms_message::raw, tmp, and x509_chain_put().
Referenced by cms_message().
int cms_message | ( | struct image * | image, |
struct cms_message ** | cms | ||
) |
Create CMS message.
image | Image |
sig | CMS message |
rc | Return status code |
On success, the caller holds a reference to the CMS message, and is responsible for ultimately calling cms_put().
Definition at line 677 of file cms.c.
References asn1_shrink_any(), cipher_null, cms_free(), cms_parse(), cms_put(), DBGC, ENOMEM, image_asn1(), INIT_LIST_HEAD, next, rc, ref_init, strerror(), and zalloc().
|
static |
Calculate digest of CMS-signed data.
cms | CMS message |
part | Participant information |
data | Signed data |
len | Length of signed data |
out | Digest output |
Definition at line 725 of file cms.c.
References block, digest_algorithm::blocksize, copy_from_user(), ctx, digest_algorithm::ctxsize, data, DBGC, DBGC_HDA, cms_participant::digest, digest_final(), digest_init(), digest_update(), digest_algorithm::digestsize, len, offset, and out.
Referenced by cms_verify_digest().
|
static |
Verify digest of CMS-signed data.
cms | CMS message |
part | Participant information |
cert | Corresponding certificate |
data | Signed data |
len | Length of signed data |
rc | Return status code |
Definition at line 765 of file cms.c.
References cms_digest(), data, DBGC, cms_participant::digest, digest_algorithm::digestsize, key, len, cms_participant::pubkey, pubkey_verify(), x509_subject::public_key, x509_public_key::raw, rc, strerror(), x509_certificate::subject, value, and cms_participant::value.
Referenced by cms_verify_signer().
|
static |
Verify CMS message signer.
cms | CMS message |
part | Participant information |
data | Signed data |
len | Length of signed data |
time | Time at which to validate certificates |
store | Certificate store, or NULL to use default |
root | Root certificate list, or NULL to use default |
rc | Return status code |
Definition at line 802 of file cms.c.
References assert(), x509_key_usage::bits, x509_extended_key_usage::bits, cms_participant::chain, cms_verify_digest(), data, DBGC, EACCES_NON_CODE_SIGNING, EACCES_NON_SIGNING, x509_extensions::ext_usage, x509_certificate::extensions, len, NULL, rc, root, x509_certificate::store, strerror(), x509_extensions::usage, X509_CODE_SIGNING, X509_DIGITAL_SIGNATURE, x509_first(), and x509_validate_chain().
Referenced by cms_verify().
int cms_verify | ( | struct cms_message * | cms, |
struct image * | image, | ||
const char * | name, | ||
time_t | time, | ||
struct x509_chain * | store, | ||
struct x509_root * | root | ||
) |
Verify CMS signature.
cms | CMS message |
image | Signed image |
name | Required common name, or NULL to check all signatures |
time | Time at which to validate certificates |
store | Certificate store, or NULL to use default |
root | Root certificate list, or NULL to use default |
rc | Return status code |
Definition at line 854 of file cms.c.
References cms_participant::chain, cms_is_signature(), cms_verify_signer(), count, image::data, DBGC, EACCES_NO_SIGNATURES, EACCES_WRONG_NAME, ENOTTY, image_trust(), image_untrust(), image::len, list_for_each_entry, name, cms_message::participants, rc, root, x509_certificate::store, x509_check_name(), and x509_first().
Referenced by cms_verify_fail_okx(), cms_verify_okx(), and imgverify().
|
static |
Identify CMS recipient corresponding to private key.
cms | CMS message |
private_key | Private key |
part | Participant information, or NULL if not found |
Definition at line 907 of file cms.c.
References cms_participant::chain, list_for_each_entry, NULL, cms_message::participants, x509_find_key(), and x509_first().
Referenced by cms_cipher().
|
static |
Set CMS cipher key.
cms | CMS message |
part | Participant information |
private_key | Private key |
ctx | Cipher context |
rc | Return status code |
Definition at line 934 of file cms.c.
References cms_message::cipher, cipher_setiv(), cipher_setkey(), ctx, asn1_cursor::data, DBGC, DBGC_HDA, cms_message::iv, key, len, asn1_cursor::len, privkey_cursor(), cms_participant::pubkey, pubkey_decrypt(), pubkey_max_len(), rc, strerror(), value, and cms_participant::value.
Referenced by cms_cipher().
|
static |
Initialise cipher for CMS decryption.
cms | CMS message |
private_key | Private key |
ctx | Cipher context |
rc | Return status code |
Definition at line 984 of file cms.c.
References cms_cipher_key(), cms_recipient(), ctx, DBGC, EACCES_NO_RECIPIENTS, and rc.
Referenced by cms_decrypt().
|
static |
Check CMS padding.
cms | CMS message |
data | Final block |
len | Final block length |
len | Padding length, or negative error |
Definition at line 1011 of file cms.c.
References assert(), cipher_algorithm::blocksize, cms_message::cipher, data, DBGC, DBGC_HDA, EACCES_PAD, is_block_cipher(), len, pad, and pad_len.
Referenced by cms_decrypt().
int cms_decrypt | ( | struct cms_message * | cms, |
struct image * | image, | ||
const char * | name, | ||
struct private_key * | private_key | ||
) |
Decrypt CMS message.
cms | CMS message |
image | Image to decrypt |
name | Decrypted image name, or NULL to use default |
private_key | Private key |
rc | Return status code |
Definition at line 1059 of file cms.c.
References cipher_algorithm::auth, cipher_algorithm::authsize, cipher_algorithm::blocksize, cms_message::cipher, cipher_auth(), cipher_decrypt, cipher_encrypt, cms_cipher(), CMS_DECRYPT_BLKSZ, cms_verify_padding(), copy_from_user(), copy_to_user(), ctx, cipher_algorithm::ctxsize, asn1_cursor::data, image::data, DBGC, DBGC_HDA, EACCES_LEN, EACCES_MAC, ENOMEM, ENOTTY, image::flags, free, image_get(), image_put(), IMAGE_REGISTERED, image_set_name(), image_strip_suffix(), image_untrust(), asn1_cursor::len, image::len, cms_message::mac, malloc(), memcmp(), memcpy(), name, NULL, offset, pad_len, rc, register_image(), tmp, image::type, and unregister_image().
Referenced by cms_decrypt_okx(), and imgdecrypt().
|
static |
|
static |
|
static |
|
static |
CMS message types.
Definition at line 106 of file cms.c.
Referenced by cms_parse_content_type().