iPXE
Data Structures | Functions
cms.h File Reference

Cryptographic Message Syntax (PKCS #7) More...

#include <time.h>
#include <ipxe/asn1.h>
#include <ipxe/crypto.h>
#include <ipxe/x509.h>
#include <ipxe/refcnt.h>
#include <ipxe/uaccess.h>

Go to the source code of this file.

Data Structures

struct  cms_signer_info
 CMS signer information. More...
 
struct  cms_signature
 A CMS signature. More...
 

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
static struct cms_signaturecms_get (struct cms_signature *sig)
 Get reference to CMS signature. More...
 
static void cms_put (struct cms_signature *sig)
 Drop reference to CMS signature. More...
 
int cms_signature (const void *data, size_t len, struct cms_signature **sig)
 Create CMS signature. More...
 
int cms_verify (struct cms_signature *sig, userptr_t data, size_t len, const char *name, time_t time, struct x509_chain *store, struct x509_root *root)
 Verify CMS signature. More...
 

Detailed Description

Cryptographic Message Syntax (PKCS #7)

Definition in file cms.h.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ cms_get()

static struct cms_signature* cms_get ( struct cms_signature sig)
inlinestatic

Get reference to CMS signature.

Parameters
sigCMS signature
Return values
sigCMS signature

Definition at line 55 of file cms.h.

55  {
56  ref_get ( &sig->refcnt );
57  return sig;
58 }
u8 sig
Definition: CIB_PRM.h:43
#define ref_get(refcnt)
Get additional reference to object.
Definition: refcnt.h:92

References ref_get, and sig.

◆ cms_put()

static void cms_put ( struct cms_signature sig)
inlinestatic

Drop reference to CMS signature.

Parameters
sigCMS signature

Definition at line 66 of file cms.h.

66  {
67  ref_put ( &sig->refcnt );
68 }
u8 sig
Definition: CIB_PRM.h:43
#define ref_put(refcnt)
Drop reference to object.
Definition: refcnt.h:106

References ref_put, and sig.

Referenced by cms_signature(), cms_test_exec(), and imgverify().

◆ cms_signature()

int cms_signature ( const void *  data,
size_t  len,
struct cms_signature **  sig 
)

Create CMS signature.

Parameters
dataRaw signature data
lenLength of raw data
Return values
sigCMS signature
rcReturn status code

On success, the caller holds a reference to the CMS signature, and is responsible for ultimately calling cms_put().

Definition at line 492 of file cms.c.

492  {
493  struct asn1_cursor cursor;
494  int rc;
495 
496  /* Allocate and initialise signature */
497  *sig = zalloc ( sizeof ( **sig ) );
498  if ( ! *sig ) {
499  rc = -ENOMEM;
500  goto err_alloc;
501  }
502  ref_init ( &(*sig)->refcnt, cms_free );
503  INIT_LIST_HEAD ( &(*sig)->info );
504 
505  /* Allocate certificate list */
506  (*sig)->certificates = x509_alloc_chain();
507  if ( ! (*sig)->certificates ) {
508  rc = -ENOMEM;
509  goto err_alloc_chain;
510  }
511 
512  /* Initialise cursor */
513  cursor.data = data;
514  cursor.len = len;
515  asn1_shrink_any ( &cursor );
516 
517  /* Parse signature */
518  if ( ( rc = cms_parse ( *sig, &cursor ) ) != 0 )
519  goto err_parse;
520 
521  return 0;
522 
523  err_parse:
524  err_alloc_chain:
525  cms_put ( *sig );
526  err_alloc:
527  return rc;
528 }
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
u8 sig
Definition: CIB_PRM.h:43
#define ref_init(refcnt, free)
Initialise a reference counter.
Definition: refcnt.h:64
static void cms_put(struct cms_signature *sig)
Drop reference to CMS signature.
Definition: cms.h:66
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
Definition: x509.c:1620
#define ENOMEM
Not enough space.
Definition: errno.h:534
static int cms_parse(struct cms_signature *sig, const struct asn1_cursor *raw)
Parse CMS signature from ASN.1 data.
Definition: cms.c:392
void * zalloc(size_t size)
Allocate cleared memory.
Definition: malloc.c:624
int asn1_shrink_any(struct asn1_cursor *cursor)
Shrink ASN.1 object of any type.
Definition: asn1.c:286
static void cms_free(struct refcnt *refcnt)
Free CMS signature.
Definition: cms.c:465
#define INIT_LIST_HEAD(list)
Initialise a list head.
Definition: list.h:45
uint32_t len
Length.
Definition: ena.h:14
uint8_t data[48]
Additional event data.
Definition: ena.h:22
An ASN.1 object cursor.
Definition: asn1.h:20

References asn1_shrink_any(), cms_free(), cms_parse(), cms_put(), asn1_cursor::data, data, ENOMEM, INIT_LIST_HEAD, len, asn1_cursor::len, rc, ref_init, sig, x509_alloc_chain(), and zalloc().

◆ cms_verify()

int cms_verify ( struct cms_signature sig,
userptr_t  data,
size_t  len,
const char *  name,
time_t  time,
struct x509_chain store,
struct x509_root root 
)

Verify CMS signature.

Parameters
sigCMS signature
dataSigned data
lenLength of signed data
nameRequired common name, or NULL to check all signatures
timeTime at which to validate certificates
storeCertificate store, or NULL to use default
rootRoot certificate list, or NULL to use default
Return values
rcReturn status code

Definition at line 681 of file cms.c.

683  {
684  struct cms_signer_info *info;
685  struct x509_certificate *cert;
686  int count = 0;
687  int rc;
688 
689  /* Verify using all signerInfos */
690  list_for_each_entry ( info, &sig->info, list ) {
691  cert = x509_first ( info->chain );
692  if ( name && ( x509_check_name ( cert, name ) != 0 ) )
693  continue;
694  if ( ( rc = cms_verify_signer_info ( sig, info, data, len, time,
695  store, root ) ) != 0 )
696  return rc;
697  count++;
698  }
699 
700  /* Check that we have verified at least one signature */
701  if ( count == 0 ) {
702  if ( name ) {
703  DBGC ( sig, "CMS %p had no signatures matching name "
704  "%s\n", sig, name );
705  return -EACCES_WRONG_NAME;
706  } else {
707  DBGC ( sig, "CMS %p had no signatures\n", sig );
708  return -EACCES_NO_SIGNATURES;
709  }
710  }
711 
712  return 0;
713 }
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
const char * name
Definition: ath9k_hw.c:1984
#define EACCES_NO_SIGNATURES
Definition: cms.c:57
u32 info
Definition: ar9003_mac.h:67
#define EACCES_WRONG_NAME
Definition: cms.c:53
u8 sig
Definition: CIB_PRM.h:43
struct stp_switch root
Root switch.
Definition: stp.h:26
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
Definition: x509.c:1569
#define DBGC(...)
Definition: compiler.h:505
CMS signer information.
Definition: cms.h:20
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
Definition: list.h:431
An X.509 certificate.
Definition: x509.h:207
uint32_t len
Length.
Definition: ena.h:14
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
Definition: x509.h:302
uint16_t count
Number of entries.
Definition: ena.h:22
struct x509_link store
Link in certificate store.
Definition: x509.h:212
uint8_t data[48]
Additional event data.
Definition: ena.h:22
static int cms_verify_signer_info(struct cms_signature *sig, struct cms_signer_info *info, userptr_t data, size_t len, time_t time, struct x509_chain *store, struct x509_root *root)
Verify CMS signature signer information.
Definition: cms.c:628
uint64_t time
Current time.
Definition: ntlm.h:20

References cms_verify_signer_info(), count, data, DBGC, EACCES_NO_SIGNATURES, EACCES_WRONG_NAME, info, len, list_for_each_entry, name, rc, root, sig, x509_certificate::store, time, x509_check_name(), and x509_first().

Referenced by cms_verify_fail_okx(), cms_verify_okx(), and imgverify().