|
#define | EACCES_NON_SIGNING __einfo_error ( EINFO_EACCES_NON_SIGNING ) |
|
#define | EINFO_EACCES_NON_SIGNING __einfo_uniqify ( EINFO_EACCES, 0x01, "Not a signing certificate" ) |
|
#define | EACCES_NON_CODE_SIGNING __einfo_error ( EINFO_EACCES_NON_CODE_SIGNING ) |
|
#define | EINFO_EACCES_NON_CODE_SIGNING __einfo_uniqify ( EINFO_EACCES, 0x02, "Not a code-signing certificate" ) |
|
#define | EACCES_WRONG_NAME __einfo_error ( EINFO_EACCES_WRONG_NAME ) |
|
#define | EINFO_EACCES_WRONG_NAME __einfo_uniqify ( EINFO_EACCES, 0x04, "Incorrect certificate name" ) |
|
#define | EACCES_NO_SIGNATURES __einfo_error ( EINFO_EACCES_NO_SIGNATURES ) |
|
#define | EINFO_EACCES_NO_SIGNATURES __einfo_uniqify ( EINFO_EACCES, 0x05, "No signatures present" ) |
|
#define | EACCES_NO_RECIPIENTS __einfo_error ( EINFO_EACCES_NO_RECIPIENTS ) |
|
#define | EINFO_EACCES_NO_RECIPIENTS __einfo_uniqify ( EINFO_EACCES, 0x06, "No usable recipients" ) |
|
#define | EACCES_LEN __einfo_error ( EINFO_EACCES_LEN ) |
|
#define | EINFO_EACCES_LEN __einfo_uniqify ( EINFO_EACCES, 0x07, "Bad file length" ) |
|
#define | EACCES_PAD __einfo_error ( EINFO_EACCES_PAD ) |
|
#define | EINFO_EACCES_PAD __einfo_uniqify ( EINFO_EACCES, 0x08, "Bad block padding" ) |
|
#define | EACCES_MAC __einfo_error ( EINFO_EACCES_MAC ) |
|
#define | EINFO_EACCES_MAC __einfo_uniqify ( EINFO_EACCES, 0x09, "Invalid MAC" ) |
|
#define | ENOTSUP_TYPE __einfo_error ( EINFO_ENOTSUP_TYPE ) |
|
#define | EINFO_ENOTSUP_TYPE __einfo_uniqify ( EINFO_ENOTSUP, 0x01, "Unrecognised message type" ) |
|
#define | CMS_DECRYPT_BLKSZ 2048 |
| Buffer size for decryption. More...
|
|
|
| FILE_LICENCE (GPL2_OR_LATER_OR_UBDL) |
|
static int | cms_parse_signed (struct cms_message *cms, const struct asn1_cursor *raw) |
| Parse CMS signed data. More...
|
|
static int | cms_parse_enveloped (struct cms_message *cms, const struct asn1_cursor *raw) |
| Parse CMS enveloped data. More...
|
|
static int | cms_parse_content_type (struct cms_message *cms, const struct asn1_cursor *raw) |
| Parse CMS message content type. More...
|
|
static int | cms_parse_certificates (struct cms_message *cms, const struct asn1_cursor *raw) |
| Parse CMS message certificate list. More...
|
|
static int | cms_parse_identifier (struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw) |
| Parse CMS message participant identifier. More...
|
|
static int | cms_parse_digest_algorithm (struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw) |
| Parse CMS message digest algorithm. More...
|
|
static int | cms_parse_pubkey_algorithm (struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw) |
| Parse CMS message public-key algorithm. More...
|
|
static int | cms_parse_cipher_algorithm (struct cms_message *cms, const struct asn1_cursor *raw) |
| Parse CMS message cipher algorithm. More...
|
|
static int | cms_parse_value (struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw) |
| Parse CMS message signature or key value. More...
|
|
static int | cms_parse_participant (struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw) |
| Parse CMS message participant information. More...
|
|
static int | cms_parse_participants (struct cms_message *cms, const struct asn1_cursor *raw) |
| Parse CMS message participants information. More...
|
|
static int | cms_parse_encrypted (struct cms_message *cms, const struct asn1_cursor *raw) |
| Parse CMS message encrypted content information. More...
|
|
static int | cms_parse_mac (struct cms_message *cms, const struct asn1_cursor *raw) |
| Parse CMS message MAC. More...
|
|
static int | cms_parse (struct cms_message *cms) |
| Parse CMS message from ASN.1 data. More...
|
|
static void | cms_free (struct refcnt *refcnt) |
| Free CMS message. More...
|
|
int | cms_message (struct image *image, struct cms_message **cms) |
| Create CMS message. More...
|
|
static void | cms_digest (struct cms_message *cms, struct cms_participant *part, userptr_t data, size_t len, void *out) |
| Calculate digest of CMS-signed data. More...
|
|
static int | cms_verify_digest (struct cms_message *cms, struct cms_participant *part, struct x509_certificate *cert, userptr_t data, size_t len) |
| Verify digest of CMS-signed data. More...
|
|
static int | cms_verify_signer (struct cms_message *cms, struct cms_participant *part, userptr_t data, size_t len, time_t time, struct x509_chain *store, struct x509_root *root) |
| Verify CMS message signer. More...
|
|
int | cms_verify (struct cms_message *cms, struct image *image, const char *name, time_t time, struct x509_chain *store, struct x509_root *root) |
| Verify CMS signature. More...
|
|
static struct cms_participant * | cms_recipient (struct cms_message *cms, struct private_key *private_key) |
| Identify CMS recipient corresponding to private key. More...
|
|
static int | cms_cipher_key (struct cms_message *cms, struct cms_participant *part, struct private_key *private_key, void *ctx) |
| Set CMS cipher key. More...
|
|
static int | cms_cipher (struct cms_message *cms, struct private_key *private_key, void *ctx) |
| Initialise cipher for CMS decryption. More...
|
|
static int | cms_verify_padding (struct cms_message *cms, const void *data, size_t len) |
| Check CMS padding. More...
|
|
int | cms_decrypt (struct cms_message *cms, struct image *image, const char *name, struct private_key *private_key) |
| Decrypt CMS message. More...
|
|
Cryptographic Message Syntax (PKCS #7)
The format of CMS messages is defined in RFC 5652.
Definition in file cms.c.
Parse CMS signed data.
- Parameters
-
cms | CMS message |
raw | ASN.1 cursor |
- Return values
-
Definition at line 535 of file cms.c.
546 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
struct x509_chain * certificates
List of all certificates (for signature messages)
struct arbelprm_rc_send_wqe rc
static int cms_parse_participants(struct cms_message *cms, const struct asn1_cursor *raw)
Parse CMS message participants information.
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
#define ASN1_SET
ASN.1 set.
#define ENOMEM
Not enough space.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static int cms_parse_certificates(struct cms_message *cms, const struct asn1_cursor *raw)
Parse CMS message certificate list.
#define ASN1_SEQUENCE
ASN.1 sequence.
#define ASN1_INTEGER
ASN.1 integer.
int asn1_skip_if_exists(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object if present.
int asn1_skip(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object.
#define ASN1_EXPLICIT_TAG(number)
ASN.1 explicit tag.
References asn1_enter(), ASN1_EXPLICIT_TAG, ASN1_INTEGER, ASN1_SEQUENCE, ASN1_SET, asn1_skip(), asn1_skip_any(), asn1_skip_if_exists(), cms_message::certificates, cms_parse_certificates(), cms_parse_participants(), ENOMEM, memcpy(), raw, rc, and x509_alloc_chain().
Parse CMS enveloped data.
- Parameters
-
cms | CMS message |
raw | ASN.1 cursor |
- Return values
-
Definition at line 580 of file cms.c.
586 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
struct arbelprm_rc_send_wqe rc
#define ASN1_IMPLICIT_TAG(number)
ASN.1 implicit tag.
static int cms_parse_participants(struct cms_message *cms, const struct asn1_cursor *raw)
Parse CMS message participants information.
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
size_t authsize
Authentication tag size.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
struct cipher_algorithm * cipher
Cipher algorithm.
#define ASN1_SEQUENCE
ASN.1 sequence.
#define ASN1_INTEGER
ASN.1 integer.
static int cms_parse_encrypted(struct cms_message *cms, const struct asn1_cursor *raw)
Parse CMS message encrypted content information.
int asn1_skip_if_exists(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object if present.
int asn1_skip(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object.
static int cms_parse_mac(struct cms_message *cms, const struct asn1_cursor *raw)
Parse CMS message MAC.
#define NULL
NULL pointer (VOID *)
References asn1_enter(), ASN1_IMPLICIT_TAG, ASN1_INTEGER, ASN1_SEQUENCE, asn1_skip(), asn1_skip_any(), asn1_skip_if_exists(), assert(), cipher_algorithm::authsize, cms_message::cipher, cms_parse_encrypted(), cms_parse_mac(), cms_parse_participants(), memcpy(), NULL, raw, and rc.
Parse CMS message content type.
- Parameters
-
cms | CMS message |
raw | ASN.1 cursor |
- Return values
-
Definition at line 131 of file cms.c.
138 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
142 for ( i = 0 ; i < (
sizeof (
cms_types ) /
147 DBGC ( cms,
"CMS %p contains %sData\n",
153 DBGC ( cms,
"CMS %p is not a recognised message type:\n", cms );
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
uint32_t type
Operating system type.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
struct cms_type * type
Message type.
static struct cms_type cms_types[]
CMS message types.
#define ASN1_OID
ASN.1 object identifier.
References asn1_compare(), asn1_enter(), ASN1_OID, cms_types, DBGC, DBGC_HDA, ENOTSUP_TYPE, memcpy(), raw, type, and cms_message::type.
Referenced by cms_parse().
Parse CMS message certificate list.
- Parameters
-
cms | CMS message |
raw | ASN.1 cursor |
- Return values
-
Definition at line 165 of file cms.c.
172 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
176 while ( cursor.len ) {
180 cursor.len ) ) != 0 ) {
181 DBGC ( cms,
"CMS %p could not append certificate: %s\n",
183 DBGC_HDA ( cms, 0, cursor.data, cursor.len );
187 DBGC ( cms,
"CMS %p found certificate %s\n",
struct x509_chain * certificates
List of all certificates (for signature messages)
struct arbelprm_rc_send_wqe rc
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
int x509_append_raw(struct x509_chain *chain, const void *data, size_t len)
Append X.509 certificate to X.509 certificate chain.
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static struct x509_certificate * x509_last(struct x509_chain *chain)
Get last certificate in X.509 certificate chain.
char * strerror(int errno)
Retrieve string representation of error number.
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
#define ASN1_EXPLICIT_TAG(number)
ASN.1 explicit tag.
References asn1_enter(), ASN1_EXPLICIT_TAG, asn1_skip_any(), cms_message::certificates, asn1_cursor::data, DBGC, DBGC_HDA, asn1_cursor::len, memcpy(), raw, rc, strerror(), x509_append_raw(), x509_last(), and x509_name().
Referenced by cms_parse_signed().
Parse CMS message participant identifier.
- Parameters
-
cms | CMS message |
part | Participant information to fill in |
raw | ASN.1 cursor |
- Return values
-
Definition at line 205 of file cms.c.
215 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
221 DBGC ( cms,
"CMS %p/%p could not locate issuer: %s\n",
226 DBGC ( cms,
"CMS %p/%p issuer is:\n", cms, part );
233 DBGC ( cms,
"CMS %p/%p could not locate serialNumber: %s\n",
238 DBGC ( cms,
"CMS %p/%p serial number is:\n", cms, part );
244 DBGC ( cms,
"CMS %p/%p could not identify certificate\n",
251 DBGC ( cms,
"CMS %p/%p could not append certificate: %s\n",
259 DBGC ( cms,
"CMS %p/%p could not append certificates: %s\n",
struct x509_chain * certificates
List of all certificates (for signature messages)
struct arbelprm_rc_send_wqe rc
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
struct x509_issuer issuer
Issuer.
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
#define ENOENT
No such file or directory.
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
int asn1_shrink(struct asn1_cursor *cursor, unsigned int type)
Shrink ASN.1 cursor to fit object.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
int x509_auto_append(struct x509_chain *chain, struct x509_chain *store)
Append X.509 certificates to X.509 certificate chain.
char * strerror(int errno)
Retrieve string representation of error number.
struct x509_certificate * x509_find_issuer_serial(struct x509_chain *store, const struct asn1_cursor *issuer, const struct asn1_cursor *serial)
Identify X.509 certificate by issuer and serial number.
uint64_t serial
Serial number.
static int cms_is_signature(struct cms_message *cms)
Check if CMS message is a signature message.
#define ASN1_SEQUENCE
ASN.1 sequence.
#define ASN1_INTEGER
ASN.1 integer.
struct x509_chain * chain
Certificate chain.
References asn1_enter(), ASN1_INTEGER, ASN1_SEQUENCE, asn1_shrink(), asn1_skip_any(), cms_message::certificates, cms_participant::chain, cms_is_signature(), DBGC, DBGC_HDA, ENOENT, x509_certificate::issuer, memcpy(), raw, rc, serial, strerror(), x509_append(), x509_auto_append(), and x509_find_issuer_serial().
Referenced by cms_parse_participant().
Parse CMS message participant information.
- Parameters
-
cms | CMS message |
part | Participant information to fill in |
raw | ASN.1 cursor |
- Return values
-
Definition at line 390 of file cms.c.
397 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
struct arbelprm_rc_send_wqe rc
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
static int cms_parse_digest_algorithm(struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw)
Parse CMS message digest algorithm.
static int cms_parse_value(struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw)
Parse CMS message signature or key value.
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static int cms_is_signature(struct cms_message *cms)
Check if CMS message is a signature message.
#define ASN1_SEQUENCE
ASN.1 sequence.
#define ASN1_INTEGER
ASN.1 integer.
static int cms_parse_identifier(struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw)
Parse CMS message participant identifier.
int asn1_skip_if_exists(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object if present.
int asn1_skip(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object.
static int cms_parse_pubkey_algorithm(struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw)
Parse CMS message public-key algorithm.
#define ASN1_EXPLICIT_TAG(number)
ASN.1 explicit tag.
References asn1_enter(), ASN1_EXPLICIT_TAG, ASN1_INTEGER, ASN1_SEQUENCE, asn1_skip(), asn1_skip_any(), asn1_skip_if_exists(), cms_is_signature(), cms_parse_digest_algorithm(), cms_parse_identifier(), cms_parse_pubkey_algorithm(), cms_parse_value(), memcpy(), raw, and rc.
Referenced by cms_parse_participants().
Parse CMS message participants information.
- Parameters
-
cms | CMS message |
raw | ASN.1 cursor |
- Return values
-
Definition at line 440 of file cms.c.
447 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
454 while ( cursor.len ) {
457 part =
zalloc (
sizeof ( *part ) );
struct arbelprm_rc_send_wqe rc
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
#define list_add(new, head)
Add a new entry to the head of a list.
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
#define ASN1_SET
ASN.1 set.
#define ENOMEM
Not enough space.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
CMS participant information.
void * zalloc(size_t size)
Allocate cleared memory.
struct list_head participants
List of participant information blocks.
struct list_head list
List of participant information blocks.
static int cms_parse_participant(struct cms_message *cms, struct cms_participant *part, const struct asn1_cursor *raw)
Parse CMS message participant information.
struct x509_chain * chain
Certificate chain.
References asn1_enter(), ASN1_SET, asn1_skip_any(), cms_participant::chain, cms_parse_participant(), ENOMEM, asn1_cursor::len, cms_participant::list, list_add, memcpy(), cms_message::participants, raw, rc, x509_alloc_chain(), and zalloc().
Referenced by cms_parse_enveloped(), and cms_parse_signed().
Create CMS message.
- Parameters
-
- Return values
-
sig | CMS message |
rc | Return status code |
On success, the caller holds a reference to the CMS message, and is responsible for ultimately calling cms_put().
Definition at line 677 of file cms.c.
682 *cms =
zalloc (
sizeof ( **cms ) );
695 DBGC ( *cms,
"CMS %p could not get raw ASN.1 data: %s\n",
struct arbelprm_rc_send_wqe rc
uint32_t next
Next descriptor address.
#define ref_init(refcnt, free)
Initialise a reference counter.
int image_asn1(struct image *image, size_t offset, struct asn1_cursor **cursor)
Extract ASN.1 object from image.
#define ENOMEM
Not enough space.
char * strerror(int errno)
Retrieve string representation of error number.
static int cms_parse(struct cms_message *cms)
Parse CMS message from ASN.1 data.
void * zalloc(size_t size)
Allocate cleared memory.
int asn1_shrink_any(struct asn1_cursor *cursor)
Shrink ASN.1 object of any type.
struct cipher_algorithm cipher_null
static void cms_free(struct refcnt *refcnt)
Free CMS message.
#define INIT_LIST_HEAD(list)
Initialise a list head.
static void cms_put(struct cms_message *cms)
Drop reference to CMS message.
References asn1_shrink_any(), cipher_null, cms_free(), cms_parse(), cms_put(), DBGC, ENOMEM, image_asn1(), INIT_LIST_HEAD, next, rc, ref_init, strerror(), and zalloc().
Calculate digest of CMS-signed data.
- Parameters
-
cms | CMS message |
part | Participant information |
data | Signed data |
len | Length of signed data |
out | Digest output |
Definition at line 725 of file cms.c.
740 if ( frag_len >
sizeof (
block ) )
741 frag_len =
sizeof (
block );
751 DBGC ( cms,
"CMS %p/%p digest value:\n", cms, part );
static void digest_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
static void digest_final(struct digest_algorithm *digest, void *ctx, void *out)
static __always_inline void copy_from_user(void *dest, userptr_t src, off_t src_off, size_t len)
Copy data from user buffer.
struct digest_algorithm * digest
Digest algorithm (for signature messages)
struct golan_eq_context ctx
size_t blocksize
Block size.
static void digest_init(struct digest_algorithm *digest, void *ctx)
size_t ctxsize
Context size.
uint8_t block[3][8]
DES-encrypted blocks.
size_t digestsize
Digest size.
A message digest algorithm.
uint8_t data[48]
Additional event data.
uint16_t offset
Offset to command line.
References block, digest_algorithm::blocksize, copy_from_user(), ctx, digest_algorithm::ctxsize, data, DBGC, DBGC_HDA, cms_participant::digest, digest_final(), digest_init(), digest_update(), digest_algorithm::digestsize, len, offset, and out.
Referenced by cms_verify_digest().
Verify digest of CMS-signed data.
- Parameters
-
cms | CMS message |
part | Participant information |
cert | Corresponding certificate |
data | Signed data |
len | Length of signed data |
- Return values
-
Definition at line 765 of file cms.c.
782 DBGC ( cms,
"CMS %p/%p signature verification failed: %s\n",
struct asn1_cursor raw
Raw public key information.
struct arbelprm_rc_send_wqe rc
static int pubkey_verify(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
struct asn1_cursor value
Signature or key value.
struct digest_algorithm * digest
Digest algorithm (for signature messages)
struct pubkey_algorithm * pubkey
Public-key algorithm.
pseudo_bit_t value[0x00020]
struct x509_public_key public_key
Public key information.
char * strerror(int errno)
Retrieve string representation of error number.
struct x509_subject subject
Subject.
size_t digestsize
Digest size.
static void cms_digest(struct cms_message *cms, struct cms_participant *part, userptr_t data, size_t len, void *out)
Calculate digest of CMS-signed data.
A message digest algorithm.
uint8_t data[48]
Additional event data.
References cms_digest(), data, DBGC, cms_participant::digest, digest_algorithm::digestsize, key, len, cms_participant::pubkey, pubkey_verify(), x509_subject::public_key, x509_public_key::raw, rc, strerror(), x509_certificate::subject, value, and cms_participant::value.
Referenced by cms_verify_signer().
Verify CMS message signer.
- Parameters
-
cms | CMS message |
part | Participant information |
data | Signed data |
len | Length of signed data |
time | Time at which to validate certificates |
store | Certificate store, or NULL to use default |
root | Root certificate list, or NULL to use default |
- Return values
-
Definition at line 802 of file cms.c.
813 DBGC ( cms,
"CMS %p/%p could not validate chain: %s\n",
824 DBGC ( cms,
"CMS %p/%p certificate cannot create signatures\n",
831 DBGC ( cms,
"CMS %p/%p certificate is not code-signing\n",
struct arbelprm_rc_send_wqe rc
struct x509_extended_key_usage ext_usage
Extended key usage.
struct stp_switch root
Root switch.
unsigned int bits
Usage bits.
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
#define EACCES_NON_SIGNING
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
char * strerror(int errno)
Retrieve string representation of error number.
#define EACCES_NON_CODE_SIGNING
unsigned int bits
Usage bits.
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
struct x509_chain * chain
Certificate chain.
struct x509_link store
Link in certificate store.
uint8_t data[48]
Additional event data.
struct x509_key_usage usage
Key usage.
#define NULL
NULL pointer (VOID *)
static int cms_verify_digest(struct cms_message *cms, struct cms_participant *part, struct x509_certificate *cert, userptr_t data, size_t len)
Verify digest of CMS-signed data.
struct x509_extensions extensions
Extensions.
References assert(), x509_key_usage::bits, x509_extended_key_usage::bits, cms_participant::chain, cms_verify_digest(), data, DBGC, EACCES_NON_CODE_SIGNING, EACCES_NON_SIGNING, x509_extensions::ext_usage, x509_certificate::extensions, len, NULL, rc, root, x509_certificate::store, strerror(), x509_extensions::usage, X509_CODE_SIGNING, X509_DIGITAL_SIGNATURE, x509_first(), and x509_validate_chain().
Referenced by cms_verify().
Verify CMS signature.
- Parameters
-
cms | CMS message |
image | Signed image |
name | Required common name, or NULL to check all signatures |
time | Time at which to validate certificates |
store | Certificate store, or NULL to use default |
root | Root certificate list, or NULL to use default |
- Return values
-
Definition at line 854 of file cms.c.
884 DBGC ( cms,
"CMS %p had no signatures matching name " 888 DBGC ( cms,
"CMS %p had no signatures\n", cms );
struct arbelprm_rc_send_wqe rc
#define EACCES_NO_SIGNATURES
userptr_t data
Raw file image.
#define EACCES_WRONG_NAME
struct stp_switch root
Root switch.
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
CMS participant information.
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
uint16_t count
Number of entries.
static void image_untrust(struct image *image)
Set image as untrusted.
size_t len
Length of raw file image.
static int cms_is_signature(struct cms_message *cms)
Check if CMS message is a signature message.
struct list_head participants
List of participant information blocks.
#define ENOTTY
Inappropriate I/O control operation.
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
struct x509_chain * chain
Certificate chain.
struct x509_link store
Link in certificate store.
static int cms_verify_signer(struct cms_message *cms, struct cms_participant *part, userptr_t data, size_t len, time_t time, struct x509_chain *store, struct x509_root *root)
Verify CMS message signer.
static void image_trust(struct image *image)
Set image as trusted.
References cms_participant::chain, cms_is_signature(), cms_verify_signer(), count, image::data, DBGC, EACCES_NO_SIGNATURES, EACCES_WRONG_NAME, ENOTTY, image_trust(), image_untrust(), image::len, list_for_each_entry, name, cms_message::participants, rc, root, x509_certificate::store, x509_check_name(), and x509_first().
Referenced by cms_verify_fail_okx(), cms_verify_okx(), and imgverify().
Set CMS cipher key.
- Parameters
-
cms | CMS message |
part | Participant information |
private_key | Private key |
ctx | Cipher context |
- Return values
-
Definition at line 934 of file cms.c.
951 DBGC ( cms,
"CMS %p/%p could not decrypt cipher key: %s\n",
956 DBGC ( cms,
"CMS %p/%p cipher key:\n", cms, part );
961 DBGC ( cms,
"CMS %p could not set cipher key: %s\n",
969 DBGC ( cms,
"CMS %p cipher IV:\n", cms );
struct arbelprm_rc_send_wqe rc
struct asn1_cursor value
Signature or key value.
const void * data
Start of data.
static int pubkey_decrypt(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key, const void *data, size_t len, void *out)
struct pubkey_algorithm * pubkey
Public-key algorithm.
struct golan_eq_context ctx
size_t len
Length of data.
static struct asn1_cursor * privkey_cursor(struct private_key *key)
Get private key ASN.1 cursor.
pseudo_bit_t value[0x00020]
char * strerror(int errno)
Retrieve string representation of error number.
struct cipher_algorithm * cipher
Cipher algorithm.
static void cipher_setiv(struct cipher_algorithm *cipher, void *ctx, const void *iv, size_t ivlen)
struct asn1_cursor iv
Cipher initialization vector.
static size_t pubkey_max_len(struct pubkey_algorithm *pubkey, const struct asn1_cursor *key)
static int cipher_setkey(struct cipher_algorithm *cipher, void *ctx, const void *key, size_t keylen)
References cms_message::cipher, cipher_setiv(), cipher_setkey(), ctx, asn1_cursor::data, DBGC, DBGC_HDA, cms_message::iv, key, len, asn1_cursor::len, privkey_cursor(), cms_participant::pubkey, pubkey_decrypt(), pubkey_max_len(), rc, strerror(), value, and cms_participant::value.
Referenced by cms_cipher().
Decrypt CMS message.
- Parameters
-
cms | CMS message |
image | Image to decrypt |
name | Decrypted image name, or NULL to use default |
private_key | Private key |
- Return values
-
Definition at line 1059 of file cms.c.
1062 const unsigned int original_flags =
image->
flags;
1081 DBGC ( cms,
"CMS %p invalid length %zd\n", cms,
image->
len );
1117 while ( remaining ) {
1120 frag_len = remaining;
1129 if ( remaining > frag_len )
1133 remaining -= frag_len;
1141 DBGC ( cms,
"CMS %p invalid authentication tag\n", cms );
1192 remaining = (
offset - frag_len );
size_t blocksize
Block size.
struct arbelprm_rc_send_wqe rc
userptr_t data
Raw file image.
char * image_strip_suffix(struct image *image)
Strip dot suffix from image name, if present.
struct image_type * type
Image type, if known.
static __always_inline void copy_from_user(void *dest, userptr_t src, off_t src_off, size_t len)
Copy data from user buffer.
static struct image * image_get(struct image *image)
Increment reference count on an image.
const void * data
Start of data.
struct golan_eq_context ctx
size_t len
Length of data.
#define cipher_encrypt(cipher, ctx, src, dst, len)
size_t authsize
Authentication tag size.
#define ENOMEM
Not enough space.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
#define CMS_DECRYPT_BLKSZ
Buffer size for decryption.
#define IMAGE_REGISTERED
Image is registered.
static void image_untrust(struct image *image)
Set image as untrusted.
int register_image(struct image *image)
Register executable image.
static void(* free)(struct refcnt *refcnt))
struct cipher_algorithm * cipher
Cipher algorithm.
size_t len
Length of raw file image.
int image_set_name(struct image *image, const char *name)
Set image name.
static __always_inline void copy_to_user(userptr_t dest, off_t dest_off, const void *src, size_t len)
Copy data to user buffer.
void(* auth)(void *ctx, void *auth)
Generate authentication tag.
static void image_put(struct image *image)
Decrement reference count on an image.
size_t ctxsize
Context size.
#define cipher_decrypt(cipher, ctx, src, dst, len)
void * malloc(size_t size)
Allocate memory.
void unregister_image(struct image *image)
Unregister executable image.
static int cms_cipher(struct cms_message *cms, struct private_key *private_key, void *ctx)
Initialise cipher for CMS decryption.
#define ENOTTY
Inappropriate I/O control operation.
static void cipher_auth(struct cipher_algorithm *cipher, void *ctx, void *auth)
uint16_t offset
Offset to command line.
struct asn1_cursor mac
Cipher authentication tag.
static int cms_verify_padding(struct cms_message *cms, const void *data, size_t len)
Check CMS padding.
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
#define NULL
NULL pointer (VOID *)
References cipher_algorithm::auth, cipher_algorithm::authsize, cipher_algorithm::blocksize, cms_message::cipher, cipher_auth(), cipher_decrypt, cipher_encrypt, cms_cipher(), CMS_DECRYPT_BLKSZ, cms_verify_padding(), copy_from_user(), copy_to_user(), ctx, cipher_algorithm::ctxsize, asn1_cursor::data, image::data, DBGC, DBGC_HDA, EACCES_LEN, EACCES_MAC, ENOMEM, ENOTTY, image::flags, free, image_get(), image_put(), IMAGE_REGISTERED, image_set_name(), image_strip_suffix(), image_untrust(), asn1_cursor::len, image::len, cms_message::mac, malloc(), memcmp(), memcpy(), name, NULL, offset, pad_len, rc, register_image(), tmp, image::type, and unregister_image().
Referenced by cms_decrypt_okx(), and imgdecrypt().