iPXE
cms.h
Go to the documentation of this file.
1 #ifndef _IPXE_CMS_H
2 #define _IPXE_CMS_H
3 
4 /** @file
5  *
6  * Cryptographic Message Syntax (PKCS #7)
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 #include <time.h>
13 #include <ipxe/asn1.h>
14 #include <ipxe/crypto.h>
15 #include <ipxe/x509.h>
16 #include <ipxe/refcnt.h>
17 #include <ipxe/uaccess.h>
18 
19 struct image;
20 struct cms_message;
21 
22 /** A CMS message type */
23 struct cms_type {
24  /** Name */
25  const char *name;
26  /** Object identifier */
27  struct asn1_cursor oid;
28  /** Parse content
29  *
30  * @v cms CMS message
31  * @v raw ASN.1 cursor
32  * @ret rc Return status code
33  */
34  int ( * parse ) ( struct cms_message *cms,
35  const struct asn1_cursor *raw );
36 };
37 
38 /** CMS participant information */
39 struct cms_participant {
40  /** List of participant information blocks */
41  struct list_head list;
42  /** Certificate chain */
43  struct x509_chain *chain;
44 
45  /** Digest algorithm (for signature messages) */
46  struct digest_algorithm *digest;
47  /** Public-key algorithm */
48  struct pubkey_algorithm *pubkey;
49 
50  /** Signature or key value */
51  struct asn1_cursor value;
52 };
53 
54 /** A CMS message */
55 struct cms_message {
56  /** Reference count */
57  struct refcnt refcnt;
58  /** Raw ASN.1 data */
59  struct asn1_cursor *raw;
60  /** Message type */
61  struct cms_type *type;
62 
63  /** List of all certificates (for signature messages) */
64  struct x509_chain *certificates;
65  /** List of participant information blocks */
66  struct list_head participants;
67 
68  /** Cipher algorithm */
69  struct cipher_algorithm *cipher;
70  /** Cipher initialization vector */
71  struct asn1_cursor iv;
72  /** Cipher authentication tag */
73  struct asn1_cursor mac;
74 };
75 
76 /**
77  * Get reference to CMS message
78  *
79  * @v cms CMS message
80  * @ret cms CMS message
81  */
82 static inline __attribute__ (( always_inline )) struct cms_message *
83 cms_get ( struct cms_message *cms ) {
84  ref_get ( &cms->refcnt );
85  return cms;
86 }
87 
88 /**
89  * Drop reference to CMS message
90  *
91  * @v cms CMS message
92  */
93 static inline __attribute__ (( always_inline )) void
94 cms_put ( struct cms_message *cms ) {
95  ref_put ( &cms->refcnt );
96 }
97 
98 /**
99  * Check if CMS message is a signature message
100  *
101  * @v cms CMS message
102  * @ret is_signature Message is a signature message
103  */
104 static inline __attribute__ (( always_inline )) int
105 cms_is_signature ( struct cms_message *cms ) {
106 
107  /* CMS signatures include an optional CertificateSet */
108  return ( cms->certificates != NULL );
109 }
110 
111 /**
112  * Check if CMS message is an encrypted message
113  *
114  * @v cms CMS message
115  * @ret is_encrypted Message is an encrypted message
116  */
117 static inline __attribute__ (( always_inline )) int
118 cms_is_encrypted ( struct cms_message *cms ) {
119 
120  /* CMS encrypted messages have a cipher algorithm */
121  return ( cms->cipher != NULL );
122 }
123 
124 extern int cms_message ( struct image *image, struct cms_message **cms );
125 extern int cms_verify ( struct cms_message *cms, struct image *image,
126  const char *name, time_t time, struct x509_chain *store,
127  struct x509_root *root );
128 extern int cms_decrypt ( struct cms_message *cms, struct image *image,
129  const char *name, struct private_key *private_key );
130 
131 #endif /* _IPXE_CMS_H */
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
cms_type::name
const char * name
Name.
Definition: cms.h:25
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
cms_message::certificates
struct x509_chain * certificates
List of all certificates (for signature messages)
Definition: cms.h:64
cms_type::oid
struct asn1_cursor oid
Object identifier.
Definition: cms.h:27
name
const char * name
Definition: ath9k_hw.c:1984
cms_participant::value
struct asn1_cursor value
Signature or key value.
Definition: cms.h:51
cms_message
int cms_message(struct image *image, struct cms_message **cms)
Create CMS message.
Definition: cms.c:677
root
struct stp_switch root
Root switch.
Definition: stp.h:26
cms_type
A CMS message type.
Definition: cms.h:23
cms_decrypt
int cms_decrypt(struct cms_message *cms, struct image *image, const char *name, struct private_key *private_key)
Decrypt CMS message.
Definition: cms.c:1059
cms_participant::digest
struct digest_algorithm * digest
Digest algorithm (for signature messages)
Definition: cms.h:46
crypto.h
Cryptographic API.
cms_get
static struct cms_message * cms_get(struct cms_message *cms)
Get reference to CMS message.
Definition: cms.h:83
cms_participant::pubkey
struct pubkey_algorithm * pubkey
Public-key algorithm.
Definition: cms.h:48
image
An executable image.
Definition: image.h:24
cms_is_encrypted
static int cms_is_encrypted(struct cms_message *cms)
Check if CMS message is an encrypted message.
Definition: cms.h:118
uaccess.h
Access to external ("user") memory.
list_head
A doubly-linked list entry (or list head)
Definition: list.h:18
cms_message
A CMS message.
Definition: cms.h:55
refcnt
A reference counter.
Definition: refcnt.h:26
x509_chain
An X.509 certificate chain.
Definition: x509.h:200
cms_participant
CMS participant information.
Definition: cms.h:39
asn1.h
ASN.1 encoding.
cms_message::type
struct cms_type * type
Message type.
Definition: cms.h:61
cms_type::parse
int(* parse)(struct cms_message *cms, const struct asn1_cursor *raw)
Parse content.
Definition: cms.h:34
cms_message::cipher
struct cipher_algorithm * cipher
Cipher algorithm.
Definition: cms.h:69
ref_get
#define ref_get(refcnt)
Get additional reference to object.
Definition: refcnt.h:92
cms_message::raw
struct asn1_cursor * raw
Raw ASN.1 data.
Definition: cms.h:59
cms_is_signature
static int cms_is_signature(struct cms_message *cms)
Check if CMS message is a signature message.
Definition: cms.h:105
x509.h
X.509 certificates.
x509_root
An X.509 root certificate list.
Definition: x509.h:374
cms_put
static void cms_put(struct cms_message *cms)
Drop reference to CMS message.
Definition: cms.h:94
cms_message::participants
struct list_head participants
List of participant information blocks.
Definition: cms.h:66
cms_participant::list
struct list_head list
List of participant information blocks.
Definition: cms.h:41
cms_participant::chain
struct x509_chain * chain
Certificate chain.
Definition: cms.h:43
digest_algorithm
A message digest algorithm.
Definition: crypto.h:18
cms_message::iv
struct asn1_cursor iv
Cipher initialization vector.
Definition: cms.h:71
refcnt.h
Reference counting.
cipher_algorithm
A cipher algorithm.
Definition: crypto.h:50
private_key
A private key.
Definition: privkey.h:16
raw
__be32 raw[7]
Definition: CIB_PRM.h:28
cms_message::mac
struct asn1_cursor mac
Cipher authentication tag.
Definition: cms.h:73
time_t
int64_t time_t
Seconds since the Epoch.
Definition: time.h:18
time.h
Time source.
cms_verify
int cms_verify(struct cms_message *cms, struct image *image, const char *name, time_t time, struct x509_chain *store, struct x509_root *root)
Verify CMS signature.
Definition: cms.c:854
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:20
pubkey_algorithm
A public key algorithm.
Definition: crypto.h:121
cms_message::refcnt
struct refcnt refcnt
Reference count.
Definition: cms.h:57
ref_put
#define ref_put(refcnt)
Drop reference to object.
Definition: refcnt.h:106
Generated by   doxygen 1.8.15