45 #define EACCES_NON_SIGNING \ 46 __einfo_error ( EINFO_EACCES_NON_SIGNING ) 47 #define EINFO_EACCES_NON_SIGNING \ 48 __einfo_uniqify ( EINFO_EACCES, 0x01, "Not a signing certificate" ) 49 #define EACCES_NON_CODE_SIGNING \ 50 __einfo_error ( EINFO_EACCES_NON_CODE_SIGNING ) 51 #define EINFO_EACCES_NON_CODE_SIGNING \ 52 __einfo_uniqify ( EINFO_EACCES, 0x02, "Not a code-signing certificate" ) 53 #define EACCES_WRONG_NAME \ 54 __einfo_error ( EINFO_EACCES_WRONG_NAME ) 55 #define EINFO_EACCES_WRONG_NAME \ 56 __einfo_uniqify ( EINFO_EACCES, 0x04, "Incorrect certificate name" ) 57 #define EACCES_NO_SIGNATURES \ 58 __einfo_error ( EINFO_EACCES_NO_SIGNATURES ) 59 #define EINFO_EACCES_NO_SIGNATURES \ 60 __einfo_uniqify ( EINFO_EACCES, 0x05, "No signatures present" ) 61 #define EINVAL_DIGEST \ 62 __einfo_error ( EINFO_EINVAL_DIGEST ) 63 #define EINFO_EINVAL_DIGEST \ 64 __einfo_uniqify ( EINFO_EINVAL, 0x01, "Not a digest algorithm" ) 65 #define EINVAL_PUBKEY \ 66 __einfo_error ( EINFO_EINVAL_PUBKEY ) 67 #define EINFO_EINVAL_PUBKEY \ 68 __einfo_uniqify ( EINFO_EINVAL, 0x02, "Not a public-key algorithm" ) 69 #define ENOTSUP_SIGNEDDATA \ 70 __einfo_error ( EINFO_ENOTSUP_SIGNEDDATA ) 71 #define EINFO_ENOTSUP_SIGNEDDATA \ 72 __einfo_uniqify ( EINFO_ENOTSUP, 0x01, "Not a digital signature" ) 93 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
98 DBGC (
sig,
"CMS %p does not contain signedData:\n",
sig );
103 DBGC (
sig,
"CMS %p contains signedData\n",
sig );
121 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
125 while ( cursor.
len ) {
129 cursor.
len ) ) != 0 ) {
130 DBGC (
sig,
"CMS %p could not append certificate: %s\n",
136 DBGC (
sig,
"CMS %p found certificate %s\n",
192 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
198 DBGC (
sig,
"CMS %p/%p could not locate issuer: %s\n",
210 DBGC (
sig,
"CMS %p/%p could not locate serialNumber: %s\n",
221 DBGC (
sig,
"CMS %p/%p could not identify signer's " 228 DBGC (
sig,
"CMS %p/%p could not append certificate: %s\n",
235 sig->certificates ) ) != 0 ) {
236 DBGC (
sig,
"CMS %p/%p could not append certificates: %s\n",
260 DBGC (
sig,
"CMS %p/%p could not identify digest algorithm: " 268 DBGC (
sig,
"CMS %p/%p digest algorithm is %s\n",
290 DBGC (
sig,
"CMS %p/%p could not identify public-key " 298 DBGC (
sig,
"CMS %p/%p public-key algorithm is %s\n",
319 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
321 DBGC (
sig,
"CMS %p/%p could not locate signature:\n",
328 info->signature_len = cursor.
len;
330 if ( !
info->signature )
354 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
399 memcpy ( &cursor,
raw,
sizeof ( cursor ) );
437 while ( cursor.
len ) {
507 if ( ! (*sig)->certificates ) {
509 goto err_alloc_chain;
554 if ( frag_len >
sizeof (
block ) )
555 frag_len =
sizeof (
block );
595 public_key->
raw.
len ) ) != 0 ) {
596 DBGC (
sig,
"CMS %p/%p could not initialise public key: %s\n",
604 info->signature_len ) ) != 0 ) {
605 DBGC (
sig,
"CMS %p/%p signature verification failed: %s\n",
639 DBGC (
sig,
"CMS %p/%p could not validate chain: %s\n",
650 DBGC (
sig,
"CMS %p/%p certificate cannot create signatures\n",
657 DBGC (
sig,
"CMS %p/%p certificate is not code-signing\n",
703 DBGC (
sig,
"CMS %p had no signatures matching name " 707 DBGC (
sig,
"CMS %p had no signatures\n",
sig );
static struct x509_certificate * cms_find_issuer_serial(struct cms_signature *sig, const struct asn1_cursor *issuer, const struct asn1_cursor *serial)
Identify CMS signature certificate by issuer and serial number.
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
An ASN.1 OID-identified algorithm.
struct asn1_cursor raw
Raw public key information.
struct arbelprm_rc_send_wqe rc
static void digest_update(struct digest_algorithm *digest, void *ctx, const void *data, size_t len)
struct x509_extended_key_usage ext_usage
Extended key usage.
struct asn1_cursor raw
Raw issuer.
#define EACCES_NO_SIGNATURES
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
static int cms_parse_content_type(struct cms_signature *sig, const struct asn1_cursor *raw)
Parse CMS signature content type.
#define EACCES_WRONG_NAME
static void cms_digest(struct cms_signature *sig, struct cms_signer_info *info, userptr_t data, size_t len, void *out)
Calculate digest of CMS-signed data.
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
struct stp_switch root
Root switch.
#define list_add(new, head)
Add a new entry to the head of a list.
unsigned int bits
Usage bits.
#define ref_init(refcnt, free)
Initialise a reference counter.
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
static int cms_verify_digest(struct cms_signature *sig, struct cms_signer_info *info, struct x509_certificate *cert, userptr_t data, size_t len)
Verify digest of CMS-signed data.
static void digest_final(struct digest_algorithm *digest, void *ctx, void *out)
struct x509_issuer issuer
Issuer.
int x509_append_raw(struct x509_chain *chain, const void *data, size_t len)
Append X.509 certificate to X.509 certificate chain.
static __always_inline void copy_from_user(void *dest, userptr_t src, off_t src_off, size_t len)
Copy data from user buffer.
static int cms_parse_certificates(struct cms_signature *sig, const struct asn1_cursor *raw)
Parse CMS signature certificate list.
const void * data
Start of data.
static void cms_put(struct cms_signature *sig)
Drop reference to CMS signature.
int asn1_digest_algorithm(const struct asn1_cursor *cursor, struct asn1_algorithm **algorithm)
Parse ASN.1 OID-identified digest algorithm.
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
#define ENOENT
No such file or directory.
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
static int cms_parse_signer_identifier(struct cms_signature *sig, struct cms_signer_info *info, const struct asn1_cursor *raw)
Parse CMS signature signer identifier.
struct asn1_cursor raw
Raw serial number.
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
struct golan_eq_context ctx
int cms_signature(const void *data, size_t len, struct cms_signature **sig)
Create CMS signature.
struct md4_digest digest
Digest of data already processed.
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
Access to external ("user") memory.
#define ASN1_SET
ASN.1 set.
size_t ctxsize
Context size.
Dynamic memory allocation.
size_t len
Length of data.
#define ENOTSUP_SIGNEDDATA
static int cms_parse_signature_algorithm(struct cms_signature *sig, struct cms_signer_info *info, const struct asn1_cursor *raw)
Parse CMS signature algorithm.
#define list_del(list)
Delete an entry from a list.
An X.509 certificate chain.
#define ENOMEM
Not enough space.
int asn1_shrink(struct asn1_cursor *cursor, unsigned int type)
Shrink ASN.1 cursor to fit object.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static int pubkey_verify(struct pubkey_algorithm *pubkey, void *ctx, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
static int cms_parse(struct cms_signature *sig, const struct asn1_cursor *raw)
Parse CMS signature from ASN.1 data.
#define ASN1_OID_SIGNEDDATA
ASN.1 OID for pkcs-signedData (1.2.840.113549.1.7.2)
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
#define container_of(ptr, type, field)
Get containing structure.
#define ASN1_CURSOR(value)
Define an ASN.1 cursor for a static value.
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
static userptr_t size_t offset
Offset of the first segment within the content.
u32 link
Link to next descriptor.
#define EACCES_NON_SIGNING
An X.509 certificate public key.
static struct asn1_cursor oid_signeddata_cursor
"pkcs7-signedData" object identifier cursor
#define list_for_each_entry_safe(pos, tmp, head, member)
Iterate over entries in a list, safe against deletion of the current entry.
struct x509_public_key public_key
Public key information.
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
static int cms_parse_digest_algorithm(struct cms_signature *sig, struct cms_signer_info *info, const struct asn1_cursor *raw)
Parse CMS signature digest algorithm.
static void digest_init(struct digest_algorithm *digest, void *ctx)
A link in an X.509 certificate chain.
static struct x509_certificate * x509_last(struct x509_chain *chain)
Get last certificate in X.509 certificate chain.
char * strerror(int errno)
Retrieve string representation of error number.
static void(* free)(struct refcnt *refcnt))
struct x509_serial serial
Serial number.
void * zalloc(size_t size)
Allocate cleared memory.
struct x509_subject subject
Subject.
int asn1_pubkey_algorithm(const struct asn1_cursor *cursor, struct asn1_algorithm **algorithm)
Parse ASN.1 OID-identified public-key algorithm.
uint64_t serial
Serial number.
int asn1_shrink_any(struct asn1_cursor *cursor)
Shrink ASN.1 object of any type.
static int cms_parse_signer_info(struct cms_signature *sig, struct cms_signer_info *info, const struct asn1_cursor *raw)
Parse CMS signature signer information.
#define ASN1_SEQUENCE
ASN.1 sequence.
struct list_head list
List of signer information blocks.
void * malloc(size_t size)
Allocate memory.
#define ASN1_INTEGER
ASN.1 integer.
#define EACCES_NON_CODE_SIGNING
An X.509 root certificate list.
u16 algorithm
Authentication algorithm (Open System or Shared Key)
static void cms_free(struct refcnt *refcnt)
Free CMS signature.
#define INIT_LIST_HEAD(list)
Initialise a list head.
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
#define ASN1_OID
ASN.1 object identifier.
static int cms_parse_signature_value(struct cms_signature *sig, struct cms_signer_info *info, const struct asn1_cursor *raw)
Parse CMS signature value.
int asn1_skip_if_exists(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object if present.
int x509_auto_append(struct x509_chain *chain, struct x509_chain *certs)
Append X.509 certificates to X.509 certificate chain.
unsigned int bits
Usage bits.
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
int asn1_skip(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object.
uint16_t count
Number of entries.
A message digest algorithm.
int cms_verify(struct cms_signature *sig, userptr_t data, size_t len, const char *name, time_t time, struct x509_chain *store, struct x509_root *root)
Verify CMS signature.
struct x509_link store
Link in certificate store.
uint8_t data[48]
Additional event data.
static void pubkey_final(struct pubkey_algorithm *pubkey, void *ctx)
static uint8_t oid_signeddata[]
"pkcs7-signedData" object identifier
static int cms_verify_signer_info(struct cms_signature *sig, struct cms_signer_info *info, userptr_t data, size_t len, time_t time, struct x509_chain *store, struct x509_root *root)
Verify CMS signature signer information.
#define ASN1_EXPLICIT_TAG(number)
ASN.1 explicit tag.
struct x509_key_usage usage
Key usage.
int64_t time_t
Seconds since the Epoch.
#define ASN1_OCTET_STRING
ASN.1 octet string.
uint64_t time
Current time.
Cryptographic Message Syntax (PKCS #7)
#define NULL
NULL pointer (VOID *)
struct x509_extensions extensions
Extensions.
unsigned long userptr_t
A pointer to a user buffer.
static int pubkey_init(struct pubkey_algorithm *pubkey, void *ctx, const void *key, size_t key_len)