iPXE
x509.h
Go to the documentation of this file.
1 #ifndef _IPXE_X509_H
2 #define _IPXE_X509_H
3 
4 /** @file
5  *
6  * X.509 certificates
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 #include <stdint.h>
13 #include <stddef.h>
14 #include <time.h>
15 #include <ipxe/asn1.h>
16 #include <ipxe/refcnt.h>
17 #include <ipxe/list.h>
18 
19 struct image;
20 
21 /** An X.509 serial number */
22 struct x509_serial {
23  /** Raw serial number */
24  struct asn1_cursor raw;
25 };
26 
27 /** An X.509 issuer */
28 struct x509_issuer {
29  /** Raw issuer */
30  struct asn1_cursor raw;
31 };
32 
33 /** An X.509 time */
34 struct x509_time {
35  /** Seconds since the Epoch */
36  time_t time;
37 };
38 
39 /** An X.509 certificate validity period */
40 struct x509_validity {
41  /** Not valid before */
42  struct x509_time not_before;
43  /** Not valid after */
44  struct x509_time not_after;
45 };
46 
47 /** An X.509 certificate public key */
48 struct x509_public_key {
49  /** Raw public key information */
50  struct asn1_cursor raw;
51  /** Public key algorithm */
52  struct asn1_algorithm *algorithm;
53  /** Raw public key bit string */
54  struct asn1_bit_string raw_bits;
55 };
56 
57 /** An X.509 certificate subject */
58 struct x509_subject {
59  /** Raw subject */
60  struct asn1_cursor raw;
61  /** Common name */
62  struct asn1_cursor common_name;
63  /** Public key information */
64  struct x509_public_key public_key;
65 };
66 
67 /** An X.509 certificate signature */
68 struct x509_signature {
69  /** Signature algorithm */
70  struct asn1_algorithm *algorithm;
71  /** Signature value */
72  struct asn1_bit_string value;
73 };
74 
75 /** An X.509 certificate basic constraints set */
76 struct x509_basic_constraints {
77  /** Subject is a CA */
78  int ca;
79  /** Path length */
80  unsigned int path_len;
81 };
82 
83 /** Unlimited path length
84  *
85  * We use -2U, since this quantity represents one *fewer* than the
86  * maximum number of remaining certificates in a chain.
87  */
88 #define X509_PATH_LEN_UNLIMITED -2U
89 
90 /** An X.509 certificate key usage */
91 struct x509_key_usage {
92  /** Key usage extension is present */
93  int present;
94  /** Usage bits */
95  unsigned int bits;
96 };
97 
98 /** X.509 certificate key usage bits */
99 enum x509_key_usage_bits {
100  X509_DIGITAL_SIGNATURE = 0x0080,
101  X509_NON_REPUDIATION = 0x0040,
102  X509_KEY_ENCIPHERMENT = 0x0020,
103  X509_DATA_ENCIPHERMENT = 0x0010,
104  X509_KEY_AGREEMENT = 0x0008,
105  X509_KEY_CERT_SIGN = 0x0004,
106  X509_CRL_SIGN = 0x0002,
107  X509_ENCIPHER_ONLY = 0x0001,
108  X509_DECIPHER_ONLY = 0x8000,
109 };
110 
111 /** An X.509 certificate extended key usage */
112 struct x509_extended_key_usage {
113  /** Usage bits */
114  unsigned int bits;
115 };
116 
117 /** X.509 certificate extended key usage bits
118  *
119  * Extended key usages are identified by OID; these bits are purely an
120  * internal definition.
121  */
122 enum x509_extended_key_usage_bits {
123  X509_CODE_SIGNING = 0x0001,
124  X509_OCSP_SIGNING = 0x0002,
125 };
126 
127 /** X.509 certificate OCSP responder */
128 struct x509_ocsp_responder {
129  /** URI */
130  struct asn1_cursor uri;
131  /** OCSP status is good */
132  int good;
133 };
134 
135 /** X.509 certificate authority information access */
136 struct x509_authority_info_access {
137  /** OCSP responder */
138  struct x509_ocsp_responder ocsp;
139 };
140 
141 /** X.509 certificate subject alternative name */
142 struct x509_subject_alt_name {
143  /** Names */
144  struct asn1_cursor names;
145 };
146 
147 /** X.509 certificate general name types */
148 enum x509_general_name_types {
149  X509_GENERAL_NAME_DNS = ASN1_IMPLICIT_TAG ( 2 ),
150  X509_GENERAL_NAME_URI = ASN1_IMPLICIT_TAG ( 6 ),
151  X509_GENERAL_NAME_IP = ASN1_IMPLICIT_TAG ( 7 ),
152 };
153 
154 /** An X.509 certificate extensions set */
155 struct x509_extensions {
156  /** Basic constraints */
157  struct x509_basic_constraints basic;
158  /** Key usage */
159  struct x509_key_usage usage;
160  /** Extended key usage */
161  struct x509_extended_key_usage ext_usage;
162  /** Authority information access */
163  struct x509_authority_info_access auth_info;
164  /** Subject alternative name */
165  struct x509_subject_alt_name alt_name;
166 };
167 
168 /** A link in an X.509 certificate chain */
169 struct x509_link {
170  /** List of links */
171  struct list_head list;
172  /** Certificate */
173  struct x509_certificate *cert;
174  /** Flags */
175  unsigned int flags;
176 };
177 
178 /** X.509 certficate chain link flags */
179 enum x509_link_flags {
180  /** Cross-signed certificate download has been attempted
181  *
182  * This indicates that a cross-signature download attempt has
183  * been made to find a cross-signed issuer for this link's
184  * certificate.
185  */
186  X509_LINK_FL_CROSSED = 0x0001,
187  /** OCSP has been attempted
188  *
189  * This indicates that an OCSP attempt has been made using
190  * this link's certificate as an issuer. (We record the flag
191  * on the issuer rather than on the issued certificate, since
192  * we want to retry OCSP if an issuer is replaced with a
193  * downloaded cross-signed certificate.)
194  */
195  X509_LINK_FL_OCSPED = 0x0002,
196 };
197 
198 /** An X.509 certificate chain */
199 struct x509_chain {
200  /** Reference count */
201  struct refcnt refcnt;
202  /** List of links */
203  struct list_head links;
204 };
205 
206 /** An X.509 certificate */
207 struct x509_certificate {
208  /** Reference count */
209  struct refcnt refcnt;
210 
211  /** Link in certificate store */
212  struct x509_link store;
213 
214  /** Flags */
215  unsigned int flags;
216  /** Root against which certificate has been validated (if any) */
217  struct x509_root *root;
218  /** Maximum number of subsequent certificates in chain */
219  unsigned int path_remaining;
220 
221  /** Raw certificate */
222  struct asn1_cursor raw;
223  /** Version */
224  unsigned int version;
225  /** Serial number */
226  struct x509_serial serial;
227  /** Raw tbsCertificate */
228  struct asn1_cursor tbs;
229  /** Signature algorithm */
230  struct asn1_algorithm *signature_algorithm;
231  /** Issuer */
232  struct x509_issuer issuer;
233  /** Validity */
234  struct x509_validity validity;
235  /** Subject */
236  struct x509_subject subject;
237  /** Signature */
238  struct x509_signature signature;
239  /** Extensions */
240  struct x509_extensions extensions;
241 };
242 
243 /** X.509 certificate flags */
244 enum x509_flags {
245  /** Certificate was added at build time */
246  X509_FL_PERMANENT = 0x0001,
247  /** Certificate was added explicitly at run time */
248  X509_FL_EXPLICIT = 0x0002,
249 };
250 
251 /**
252  * Get reference to X.509 certificate
253  *
254  * @v cert X.509 certificate
255  * @ret cert X.509 certificate
256  */
257 static inline __attribute__ (( always_inline )) struct x509_certificate *
258 x509_get ( struct x509_certificate *cert ) {
259  ref_get ( &cert->refcnt );
260  return cert;
261 }
262 
263 /**
264  * Drop reference to X.509 certificate
265  *
266  * @v cert X.509 certificate
267  */
268 static inline __attribute__ (( always_inline )) void
269 x509_put ( struct x509_certificate *cert ) {
270  ref_put ( &cert->refcnt );
271 }
272 
273 /**
274  * Get reference to X.509 certificate chain
275  *
276  * @v chain X.509 certificate chain
277  * @ret chain X.509 certificate chain
278  */
279 static inline __attribute__ (( always_inline )) struct x509_chain *
280 x509_chain_get ( struct x509_chain *chain ) {
281  ref_get ( &chain->refcnt );
282  return chain;
283 }
284 
285 /**
286  * Drop reference to X.509 certificate chain
287  *
288  * @v chain X.509 certificate chain
289  */
290 static inline __attribute__ (( always_inline )) void
291 x509_chain_put ( struct x509_chain *chain ) {
292  ref_put ( &chain->refcnt );
293 }
294 
295 /**
296  * Get first certificate in X.509 certificate chain
297  *
298  * @v chain X.509 certificate chain
299  * @ret cert X.509 certificate, or NULL
300  */
301 static inline __attribute__ (( always_inline )) struct x509_certificate *
302 x509_first ( struct x509_chain *chain ) {
303  struct x509_link *link;
304 
305  link = list_first_entry ( &chain->links, struct x509_link, list );
306  return ( link ? link->cert : NULL );
307 }
308 
309 /**
310  * Get last certificate in X.509 certificate chain
311  *
312  * @v chain X.509 certificate chain
313  * @ret cert X.509 certificate, or NULL
314  */
315 static inline __attribute__ (( always_inline )) struct x509_certificate *
316 x509_last ( struct x509_chain *chain ) {
317  struct x509_link *link;
318 
319  link = list_last_entry ( &chain->links, struct x509_link, list );
320  return ( link ? link->cert : NULL );
321 }
322 
323 /** An X.509 extension */
324 struct x509_extension {
325  /** Name */
326  const char *name;
327  /** Object identifier */
328  struct asn1_cursor oid;
329  /** Parse extension
330  *
331  * @v cert X.509 certificate
332  * @v raw ASN.1 cursor
333  * @ret rc Return status code
334  */
335  int ( * parse ) ( struct x509_certificate *cert,
336  const struct asn1_cursor *raw );
337 };
338 
339 /** An X.509 key purpose */
340 struct x509_key_purpose {
341  /** Name */
342  const char *name;
343  /** Object identifier */
344  struct asn1_cursor oid;
345  /** Extended key usage bits */
346  unsigned int bits;
347 };
348 
349 /** An X.509 access method */
350 struct x509_access_method {
351  /** Name */
352  const char *name;
353  /** Object identifier */
354  struct asn1_cursor oid;
355  /** Parse access method
356  *
357  * @v cert X.509 certificate
358  * @v raw ASN.1 cursor
359  * @ret rc Return status code
360  */
361  int ( * parse ) ( struct x509_certificate *cert,
362  const struct asn1_cursor *raw );
363 };
364 
365 /** An X.509 root certificate list */
366 struct x509_root {
367  /** Reference count */
368  struct refcnt refcnt;
369  /** Fingerprint digest algorithm */
370  struct digest_algorithm *digest;
371  /** Number of certificates */
372  unsigned int count;
373  /** Certificate fingerprints */
374  const void *fingerprints;
375 };
376 
377 /**
378  * Get reference to X.509 root certificate list
379  *
380  * @v root X.509 root certificate list
381  * @ret root X.509 root certificate list
382  */
383 static inline __attribute__ (( always_inline )) struct x509_root *
384 x509_root_get ( struct x509_root *root ) {
385  ref_get ( &root->refcnt );
386  return root;
387 }
388 
389 /**
390  * Drop reference to X.509 root certificate list
391  *
392  * @v root X.509 root certificate list
393  */
394 static inline __attribute__ (( always_inline )) void
395 x509_root_put ( struct x509_root *root ) {
396  ref_put ( &root->refcnt );
397 }
398 
399 /**
400  * Check if X.509 certificate is self-signed
401  *
402  * @v cert X.509 certificate
403  * @ret is_self_signed X.509 certificate is self-signed
404  */
405 static inline int x509_is_self_signed ( struct x509_certificate *cert ) {
406  return ( asn1_compare ( &cert->issuer.raw, &cert->subject.raw ) == 0 );
407 }
408 
409 extern const char * x509_name ( struct x509_certificate *cert );
410 extern int x509_parse ( struct x509_certificate *cert,
411  const struct asn1_cursor *raw );
412 extern int x509_certificate ( const void *data, size_t len,
413  struct x509_certificate **cert );
414 extern int x509_is_valid ( struct x509_certificate *cert,
415  struct x509_root *root );
416 extern int x509_validate ( struct x509_certificate *cert,
417  struct x509_certificate *issuer,
418  time_t time, struct x509_root *root );
419 extern int x509_check_name ( struct x509_certificate *cert, const char *name );
420 
421 extern struct x509_chain * x509_alloc_chain ( void );
422 extern int x509_append ( struct x509_chain *chain,
423  struct x509_certificate *cert );
424 extern int x509_append_raw ( struct x509_chain *chain, const void *data,
425  size_t len );
426 extern void x509_truncate ( struct x509_chain *chain, struct x509_link *link );
427 extern int x509_auto_append ( struct x509_chain *chain,
428  struct x509_chain *certs );
429 extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
430  struct x509_chain *store,
431  struct x509_root *root );
432 extern int image_x509 ( struct image *image, size_t offset,
433  struct x509_certificate **cert );
434 
435 /* Functions exposed only for unit testing */
436 extern int x509_check_issuer ( struct x509_certificate *cert,
437  struct x509_certificate *issuer );
438 extern void x509_fingerprint ( struct x509_certificate *cert,
439  struct digest_algorithm *digest,
440  void *fingerprint );
441 extern int x509_check_root ( struct x509_certificate *cert,
442  struct x509_root *root );
443 extern int x509_check_time ( struct x509_certificate *cert, time_t time );
444 
445 /**
446  * Invalidate X.509 certificate
447  *
448  * @v cert X.509 certificate
449  */
450 static inline void x509_invalidate ( struct x509_certificate *cert ) {
451  x509_root_put ( cert->root );
452  cert->root = NULL;
453  cert->path_remaining = 0;
454 }
455 
456 /**
457  * Invalidate X.509 certificate chain
458  *
459  * @v chain X.509 certificate chain
460  */
461 static inline void x509_invalidate_chain ( struct x509_chain *chain ) {
462  struct x509_link *link;
463 
464  list_for_each_entry ( link, &chain->links, list )
465  x509_invalidate ( link->cert );
466 }
467 
468 #endif /* _IPXE_X509_H */
x509_key_usage_bits
x509_key_usage_bits
X.509 certificate key usage bits.
Definition: x509.h:99
x509_chain_put
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
Definition: x509.h:291
x509_access_method::name
const char * name
Name.
Definition: x509.h:352
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
x509_public_key::raw_bits
struct asn1_bit_string raw_bits
Raw public key bit string.
Definition: x509.h:54
x509_validate
int x509_validate(struct x509_certificate *cert, struct x509_certificate *issuer, time_t time, struct x509_root *root)
Validate X.509 certificate.
Definition: x509.c:1371
asn1_algorithm
An ASN.1 OID-identified algorithm.
Definition: asn1.h:311
x509_public_key::raw
struct asn1_cursor raw
Raw public key information.
Definition: x509.h:50
name
const char * name
Definition: ath9k_hw.c:1984
x509_extensions::ext_usage
struct x509_extended_key_usage ext_usage
Extended key usage.
Definition: x509.h:161
x509_issuer::raw
struct asn1_cursor raw
Raw issuer.
Definition: x509.h:30
x509_certificate::path_remaining
unsigned int path_remaining
Maximum number of subsequent certificates in chain.
Definition: x509.h:219
x509_chain_get
static struct x509_chain * x509_chain_get(struct x509_chain *chain)
Get reference to X.509 certificate chain.
Definition: x509.h:280
x509_general_name_types
x509_general_name_types
X.509 certificate general name types.
Definition: x509.h:148
asn1_compare
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
Definition: asn1.c:443
x509_subject_alt_name::names
struct asn1_cursor names
Names.
Definition: x509.h:144
ASN1_IMPLICIT_TAG
#define ASN1_IMPLICIT_TAG(number)
ASN.1 implicit tag.
Definition: asn1.h:95
x509_get
static struct x509_certificate * x509_get(struct x509_certificate *cert)
Get reference to X.509 certificate.
Definition: x509.h:258
x509_basic_constraints::path_len
unsigned int path_len
Path length.
Definition: x509.h:80
x509_basic_constraints
An X.509 certificate basic constraints set.
Definition: x509.h:76
x509_certificate::refcnt
struct refcnt refcnt
Reference count.
Definition: x509.h:209
x509_extended_key_usage_bits
x509_extended_key_usage_bits
X.509 certificate extended key usage bits.
Definition: x509.h:122
x509_ocsp_responder::good
int good
OCSP status is good.
Definition: x509.h:132
root
struct stp_switch root
Root switch.
Definition: stp.h:26
x509_extended_key_usage::bits
unsigned int bits
Usage bits.
Definition: x509.h:114
x509_check_root
int x509_check_root(struct x509_certificate *cert, struct x509_root *root)
Check X.509 root certificate.
Definition: x509.c:1260
x509_chain::links
struct list_head links
List of links.
Definition: x509.h:203
x509_name
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
Definition: x509.c:145
x509_link::list
struct list_head list
List of links.
Definition: x509.h:171
x509_certificate::issuer
struct x509_issuer issuer
Issuer.
Definition: x509.h:232
x509_key_purpose::name
const char * name
Name.
Definition: x509.h:342
x509_check_time
int x509_check_time(struct x509_certificate *cert, time_t time)
Check X.509 certificate validity period.
Definition: x509.c:1292
x509_certificate::signature_algorithm
struct asn1_algorithm * signature_algorithm
Signature algorithm.
Definition: x509.h:230
x509_extension::oid
struct asn1_cursor oid
Object identifier.
Definition: x509.h:328
x509_link_flags
x509_link_flags
X.509 certficate chain link flags.
Definition: x509.h:179
x509_root_put
static void x509_root_put(struct x509_root *root)
Drop reference to X.509 root certificate list.
Definition: x509.h:395
x509_link::cert
struct x509_certificate * cert
Certificate.
Definition: x509.h:173
x509_signature::algorithm
struct asn1_algorithm * algorithm
Signature algorithm.
Definition: x509.h:70
x509_serial::raw
struct asn1_cursor raw
Raw serial number.
Definition: x509.h:24
x509_key_purpose::oid
struct asn1_cursor oid
Object identifier.
Definition: x509.h:344
image
An executable image.
Definition: image.h:24
x509_fingerprint
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition: x509.c:1242
x509_time::time
time_t time
Seconds since the Epoch.
Definition: x509.h:36
image_x509
int image_x509(struct image *image, size_t offset, struct x509_certificate **cert)
Extract X.509 certificate object from image.
Definition: x509.c:1845
list_last_entry
#define list_last_entry(list, type, member)
Get the container of the last entry in a list.
Definition: list.h:346
x509_certificate::flags
unsigned int flags
Flags.
Definition: x509.h:215
x509_key_purpose
An X.509 key purpose.
Definition: x509.h:340
list_head
A doubly-linked list entry (or list head)
Definition: list.h:18
x509_key_usage::present
int present
Key usage extension is present.
Definition: x509.h:93
refcnt
A reference counter.
Definition: refcnt.h:26
x509_ocsp_responder
X.509 certificate OCSP responder.
Definition: x509.h:128
list_first_entry
#define list_first_entry(list, type, member)
Get the container of the first entry in a list.
Definition: list.h:333
x509_is_self_signed
static int x509_is_self_signed(struct x509_certificate *cert)
Check if X.509 certificate is self-signed.
Definition: x509.h:405
x509_chain
An X.509 certificate chain.
Definition: x509.h:199
x509_check_name
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
Definition: x509.c:1569
x509_check_issuer
int x509_check_issuer(struct x509_certificate *cert, struct x509_certificate *issuer)
Check X.509 certificate against issuer certificate.
Definition: x509.c:1182
x509_validity::not_before
struct x509_time not_before
Not valid before.
Definition: x509.h:42
x509_certificate::root
struct x509_root * root
Root against which certificate has been validated (if any)
Definition: x509.h:217
asn1.h
ASN.1 encoding.
x509_certificate::signature
struct x509_signature signature
Signature.
Definition: x509.h:238
list_for_each_entry
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
Definition: list.h:431
digest
static void struct digest_algorithm * digest
HMAC-MD5 digest.
Definition: crypto.h:308
x509_alloc_chain
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
Definition: x509.c:1620
x509_root::digest
struct digest_algorithm * digest
Fingerprint digest algorithm.
Definition: x509.h:370
offset
static userptr_t size_t offset
Offset of the first segment within the content.
Definition: deflate.h:259
link
u32 link
Link to next descriptor.
Definition: ar9003_mac.h:68
x509_is_valid
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
Definition: x509.c:1318
x509_root_get
static struct x509_root * x509_root_get(struct x509_root *root)
Get reference to X.509 root certificate list.
Definition: x509.h:384
x509_public_key
An X.509 certificate public key.
Definition: x509.h:48
x509_authority_info_access
X.509 certificate authority information access.
Definition: x509.h:136
x509_extensions::auth_info
struct x509_authority_info_access auth_info
Authority information access.
Definition: x509.h:163
x509_subject::public_key
struct x509_public_key public_key
Public key information.
Definition: x509.h:64
list.h
Linked lists.
x509_link
A link in an X.509 certificate chain.
Definition: x509.h:169
x509_last
static struct x509_certificate * x509_last(struct x509_chain *chain)
Get last certificate in X.509 certificate chain.
Definition: x509.h:316
x509_certificate
An X.509 certificate.
Definition: x509.h:207
x509_certificate::serial
struct x509_serial serial
Serial number.
Definition: x509.h:226
X509_LINK_FL_OCSPED
OCSP has been attempted.
Definition: x509.h:195
x509_certificate::subject
struct x509_subject subject
Subject.
Definition: x509.h:236
x509_basic_constraints::ca
int ca
Subject is a CA.
Definition: x509.h:78
ref_get
#define ref_get(refcnt)
Get additional reference to object.
Definition: refcnt.h:92
x509_public_key::algorithm
struct asn1_algorithm * algorithm
Public key algorithm.
Definition: x509.h:52
x509_issuer
An X.509 issuer.
Definition: x509.h:28
x509_signature::value
struct asn1_bit_string value
Signature value.
Definition: x509.h:72
x509_key_usage
An X.509 certificate key usage.
Definition: x509.h:91
x509_validity
An X.509 certificate validity period.
Definition: x509.h:40
x509_subject::raw
struct asn1_cursor raw
Raw subject.
Definition: x509.h:60
x509_extension::name
const char * name
Name.
Definition: x509.h:326
x509_key_purpose::bits
unsigned int bits
Extended key usage bits.
Definition: x509.h:346
x509_access_method::parse
int(* parse)(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse access method.
Definition: x509.h:361
x509_link::flags
unsigned int flags
Flags.
Definition: x509.h:175
X509_FL_PERMANENT
Certificate was added at build time.
Definition: x509.h:246
x509_root
An X.509 root certificate list.
Definition: x509.h:366
x509_certificate::validity
struct x509_validity validity
Validity.
Definition: x509.h:234
x509_subject::common_name
struct asn1_cursor common_name
Common name.
Definition: x509.h:62
x509_parse
int x509_parse(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse X.509 certificate from ASN.1 data.
Definition: x509.c:1003
x509_extensions::alt_name
struct x509_subject_alt_name alt_name
Subject alternative name.
Definition: x509.h:165
x509_serial
An X.509 serial number.
Definition: x509.h:22
len
uint32_t len
Length.
Definition: ena.h:14
x509_time
An X.509 time.
Definition: x509.h:34
x509_validate_chain
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
Definition: x509.c:1788
x509_extended_key_usage
An X.509 certificate extended key usage.
Definition: x509.h:112
x509_certificate
int x509_certificate(const void *data, size_t len, struct x509_certificate **cert)
Create X.509 certificate.
Definition: x509.c:1069
x509_subject
An X.509 certificate subject.
Definition: x509.h:58
x509_key_usage::bits
unsigned int bits
Usage bits.
Definition: x509.h:95
x509_certificate::version
unsigned int version
Version.
Definition: x509.h:224
x509_put
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
Definition: x509.h:269
x509_first
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
Definition: x509.h:302
x509_root::count
unsigned int count
Number of certificates.
Definition: x509.h:372
x509_certificate::tbs
struct asn1_cursor tbs
Raw tbsCertificate.
Definition: x509.h:228
digest_algorithm
A message digest algorithm.
Definition: crypto.h:17
refcnt.h
Reference counting.
x509_subject_alt_name
X.509 certificate subject alternative name.
Definition: x509.h:142
x509_certificate::store
struct x509_link store
Link in certificate store.
Definition: x509.h:212
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
x509_validity::not_after
struct x509_time not_after
Not valid after.
Definition: x509.h:44
x509_invalidate_chain
static void x509_invalidate_chain(struct x509_chain *chain)
Invalidate X.509 certificate chain.
Definition: x509.h:461
raw
__be32 raw[7]
Definition: CIB_PRM.h:28
x509_truncate
void x509_truncate(struct x509_chain *chain, struct x509_link *link)
Truncate X.509 certificate chain.
Definition: x509.c:1698
uri
A Uniform Resource Identifier.
Definition: uri.h:64
x509_access_method::oid
struct asn1_cursor oid
Object identifier.
Definition: x509.h:354
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
x509_root::fingerprints
const void * fingerprints
Certificate fingerprints.
Definition: x509.h:374
x509_extensions
An X.509 certificate extensions set.
Definition: x509.h:155
x509_certificate::raw
struct asn1_cursor raw
Raw certificate.
Definition: x509.h:222
x509_extensions::usage
struct x509_key_usage usage
Key usage.
Definition: x509.h:159
time_t
int64_t time_t
Seconds since the Epoch.
Definition: time.h:18
time.h
Time source.
x509_extension::parse
int(* parse)(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse extension.
Definition: x509.h:335
time
uint64_t time
Current time.
Definition: ntlm.h:20
x509_append_raw
int x509_append_raw(struct x509_chain *chain, const void *data, size_t len)
Append X.509 certificate to X.509 certificate chain.
Definition: x509.c:1668
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
x509_authority_info_access::ocsp
struct x509_ocsp_responder ocsp
OCSP responder.
Definition: x509.h:138
X509_FL_EXPLICIT
Certificate was added explicitly at run time.
Definition: x509.h:248
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:20
x509_extensions::basic
struct x509_basic_constraints basic
Basic constraints.
Definition: x509.h:157
x509_chain::refcnt
struct refcnt refcnt
Reference count.
Definition: x509.h:201
X509_LINK_FL_CROSSED
Cross-signed certificate download has been attempted.
Definition: x509.h:186
x509_append
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
Definition: x509.c:1643
x509_certificate::extensions
struct x509_extensions extensions
Extensions.
Definition: x509.h:240
x509_auto_append
int x509_auto_append(struct x509_chain *chain, struct x509_chain *certs)
Append X.509 certificates to X.509 certificate chain.
Definition: x509.c:1748
ref_put
#define ref_put(refcnt)
Drop reference to object.
Definition: refcnt.h:106
x509_flags
x509_flags
X.509 certificate flags.
Definition: x509.h:244
x509_invalidate
static void x509_invalidate(struct x509_certificate *cert)
Invalidate X.509 certificate.
Definition: x509.h:450
asn1_bit_string
An ASN.1 bit string.
Definition: asn1.h:354
x509_signature
An X.509 certificate signature.
Definition: x509.h:68
x509_extension
An X.509 extension.
Definition: x509.h:324
x509_access_method
An X.509 access method.
Definition: x509.h:350
Generated by   doxygen 1.8.15