iPXE
Functions | Variables
certstore.h File Reference

Certificate store. More...

#include <ipxe/asn1.h>
#include <ipxe/x509.h>

Go to the source code of this file.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
struct x509_certificatecertstore_find (struct asn1_cursor *raw)
 Find certificate in store. More...
 
struct x509_certificatecertstore_find_key (struct asn1_cursor *key)
 Find certificate in store corresponding to a private key. More...
 
void certstore_add (struct x509_certificate *cert)
 Add certificate to store. More...
 
void certstore_del (struct x509_certificate *cert)
 Remove certificate from store. More...
 

Variables

struct x509_chain certstore
 Certificate store. More...
 

Detailed Description

Certificate store.

Definition in file certstore.h.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ certstore_find()

struct x509_certificate* certstore_find ( struct asn1_cursor raw)

Find certificate in store.

Parameters
rawRaw certificate data
Return values
certX.509 certificate, or NULL if not found

Definition at line 102 of file certstore.c.

102  {
103  struct x509_certificate *cert;
104 
105  /* Search for certificate within store */
107  if ( asn1_compare ( raw, &cert->raw ) == 0 )
108  return certstore_found ( cert );
109  }
110  return NULL;
111 }
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
Definition: asn1.c:443
struct x509_chain certstore
Certificate store.
Definition: certstore.c:73
struct list_head links
List of links.
Definition: x509.h:181
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
Definition: list.h:420
An X.509 certificate.
Definition: x509.h:185
static struct x509_certificate * certstore_found(struct x509_certificate *cert)
Mark stored certificate as most recently used.
Definition: certstore.c:85
struct x509_link store
Link in certificate store.
Definition: x509.h:190
__be32 raw[7]
Definition: CIB_PRM.h:28
struct asn1_cursor raw
Raw certificate.
Definition: x509.h:198
#define NULL
NULL pointer (VOID *)
Definition: Base.h:362

References asn1_compare(), certstore, certstore_found(), x509_chain::links, x509_link::list, list_for_each_entry, NULL, raw, x509_certificate::raw, and x509_certificate::store.

Referenced by certstore_init(), and x509_certificate().

◆ certstore_find_key()

struct x509_certificate* certstore_find_key ( struct asn1_cursor key)

Find certificate in store corresponding to a private key.

Parameters
keyPrivate key
Return values
certX.509 certificate, or NULL if not found

Definition at line 119 of file certstore.c.

119  {
120  struct x509_certificate *cert;
121 
122  /* Search for certificate within store */
125  key->data, key->len,
126  cert->subject.public_key.raw.data,
127  cert->subject.public_key.raw.len ) == 0 )
128  return certstore_found ( cert );
129  }
130  return NULL;
131 }
struct asn1_cursor raw
Raw public key information.
Definition: x509.h:50
struct x509_chain certstore
Certificate store.
Definition: certstore.c:73
struct list_head links
List of links.
Definition: x509.h:181
static int pubkey_match(struct pubkey_algorithm *pubkey, const void *private_key, size_t private_key_len, const void *public_key, size_t public_key_len)
Definition: crypto.h:258
struct asn1_algorithm * signature_algorithm
Signature algorithm.
Definition: x509.h:206
const void * data
Start of data.
Definition: asn1.h:21
size_t len
Length of data.
Definition: asn1.h:23
struct pubkey_algorithm * pubkey
Public-key algorithm (if applicable)
Definition: asn1.h:304
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
Definition: list.h:420
struct x509_public_key public_key
Public key information.
Definition: x509.h:64
An X.509 certificate.
Definition: x509.h:185
struct x509_subject subject
Subject.
Definition: x509.h:212
static struct x509_certificate * certstore_found(struct x509_certificate *cert)
Mark stored certificate as most recently used.
Definition: certstore.c:85
struct x509_link store
Link in certificate store.
Definition: x509.h:190
#define NULL
NULL pointer (VOID *)
Definition: Base.h:362
union @375 key
Sense key.
Definition: scsi.h:18

References certstore, certstore_found(), asn1_cursor::data, key, asn1_cursor::len, x509_chain::links, x509_link::list, list_for_each_entry, NULL, asn1_algorithm::pubkey, pubkey_match(), x509_subject::public_key, x509_public_key::raw, x509_certificate::signature_algorithm, x509_certificate::store, and x509_certificate::subject.

Referenced by tls_new_certificate_request().

◆ certstore_add()

void certstore_add ( struct x509_certificate cert)

Add certificate to store.

Parameters
certX.509 certificate

Definition at line 138 of file certstore.c.

138  {
139 
140  /* Add certificate to store */
141  cert->store.cert = cert;
142  x509_get ( cert );
143  list_add ( &cert->store.list, &certstore.links );
144  DBGC ( &certstore, "CERTSTORE added certificate %s\n",
145  x509_name ( cert ) );
146 }
struct x509_chain certstore
Certificate store.
Definition: certstore.c:73
static struct x509_certificate * x509_get(struct x509_certificate *cert)
Get reference to X.509 certificate.
Definition: x509.h:236
#define list_add(new, head)
Add a new entry to the head of a list.
Definition: list.h:69
struct list_head links
List of links.
Definition: x509.h:181
#define DBGC(...)
Definition: compiler.h:505
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
Definition: x509.c:131
struct x509_link store
Link in certificate store.
Definition: x509.h:190

References x509_link::cert, certstore, DBGC, x509_chain::links, x509_link::list, list_add, x509_certificate::store, x509_get(), and x509_name().

Referenced by certstore_init(), and x509_certificate().

◆ certstore_del()

void certstore_del ( struct x509_certificate cert)

Remove certificate from store.

Parameters
certX.509 certificate

Definition at line 153 of file certstore.c.

153  {
154 
155  /* Ignore attempts to remove permanent certificates */
156  if ( cert->flags & X509_FL_PERMANENT )
157  return;
158 
159  /* Remove certificate from store */
160  DBGC ( &certstore, "CERTSTORE removed certificate %s\n",
161  x509_name ( cert ) );
162  list_del ( &cert->store.list );
163  x509_put ( cert );
164 }
struct x509_chain certstore
Certificate store.
Definition: certstore.c:73
#define DBGC(...)
Definition: compiler.h:505
unsigned int flags
Flags.
Definition: x509.h:193
#define list_del(list)
Delete an entry from a list.
Definition: list.h:119
Certificate was added at build time.
Definition: x509.h:224
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
Definition: x509.c:131
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
Definition: x509.h:247
struct x509_link store
Link in certificate store.
Definition: x509.h:190

References certstore, DBGC, x509_certificate::flags, x509_link::list, list_del, x509_certificate::store, X509_FL_PERMANENT, x509_name(), and x509_put().

Referenced by certfree_payload(), and certstore_discard().

Variable Documentation

◆ certstore

struct x509_chain certstore