iPXE
cms.h
Go to the documentation of this file.
1#ifndef _IPXE_CMS_H
2#define _IPXE_CMS_H
3
4/** @file
5 *
6 * Cryptographic Message Syntax (PKCS #7)
7 *
8 */
9
10FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11FILE_SECBOOT ( PERMITTED );
12
13#include <time.h>
14#include <ipxe/asn1.h>
15#include <ipxe/crypto.h>
16#include <ipxe/x509.h>
17#include <ipxe/refcnt.h>
18
19struct image;
20struct cms_message;
21
22/** A CMS message type */
23struct cms_type {
24 /** Name */
25 const char *name;
26 /** Object identifier */
27 struct asn1_cursor oid;
28 /** Parse content
29 *
30 * @v cms CMS message
31 * @v raw ASN.1 cursor
32 * @ret rc Return status code
33 */
34 int ( * parse ) ( struct cms_message *cms,
35 const struct asn1_cursor *raw );
36};
37
38/** CMS participant information */
39struct cms_participant {
40 /** List of participant information blocks */
41 struct list_head list;
42 /** Certificate chain */
43 struct x509_chain *chain;
44
45 /** Digest algorithm (for signature messages) */
46 struct digest_algorithm *digest;
47 /** Public-key algorithm */
48 struct pubkey_algorithm *pubkey;
49
50 /** Signature or key value */
51 struct asn1_cursor value;
52};
53
54/** A CMS message */
55struct cms_message {
56 /** Reference count */
57 struct refcnt refcnt;
58 /** Raw ASN.1 data */
59 struct asn1_cursor *raw;
60 /** Message type */
61 struct cms_type *type;
62
63 /** List of all certificates (for signature messages) */
64 struct x509_chain *certificates;
65 /** List of participant information blocks */
66 struct list_head participants;
67
68 /** Cipher algorithm */
69 struct cipher_algorithm *cipher;
70 /** Cipher initialization vector */
71 struct asn1_cursor iv;
72 /** Cipher authentication tag */
73 struct asn1_cursor mac;
74};
75
76/**
77 * Get reference to CMS message
78 *
79 * @v cms CMS message
80 * @ret cms CMS message
81 */
82static inline __attribute__ (( always_inline )) struct cms_message *
83cms_get ( struct cms_message *cms ) {
84 ref_get ( &cms->refcnt );
85 return cms;
86}
87
88/**
89 * Drop reference to CMS message
90 *
91 * @v cms CMS message
92 */
93static inline __attribute__ (( always_inline )) void
94cms_put ( struct cms_message *cms ) {
95 ref_put ( &cms->refcnt );
96}
97
98/**
99 * Check if CMS message is a signature message
100 *
101 * @v cms CMS message
102 * @ret is_signature Message is a signature message
103 */
104static inline __attribute__ (( always_inline )) int
105cms_is_signature ( struct cms_message *cms ) {
106
107 /* CMS signatures include an optional CertificateSet */
108 return ( cms->certificates != NULL );
109}
110
111/**
112 * Check if CMS message is an encrypted message
113 *
114 * @v cms CMS message
115 * @ret is_encrypted Message is an encrypted message
116 */
117static inline __attribute__ (( always_inline )) int
118cms_is_encrypted ( struct cms_message *cms ) {
119
120 /* CMS encrypted messages have a cipher algorithm */
121 return ( cms->cipher != NULL );
122}
123
124extern int cms_message ( struct image *image, struct cms_message **cms );
125extern int cms_verify ( struct cms_message *cms, struct image *image,
126 const char *name, time_t time, struct x509_chain *store,
127 struct x509_root *root );
128extern int cms_decrypt ( struct cms_message *cms, struct image *image,
129 const char *name, struct private_key *private_key );
130
131#endif /* _IPXE_CMS_H */
NULL
#define NULL
NULL pointer (VOID *)
Definition Base.h:322
raw
__be32 raw[7]
Definition CIB_PRM.h:0
asn1.h
ASN.1 encoding.
name
const char * name
Definition ath9k_hw.c:1986
cms_is_signature
static int cms_is_signature(struct cms_message *cms)
Check if CMS message is a signature message.
Definition cms.h:105
cms_decrypt
int cms_decrypt(struct cms_message *cms, struct image *image, const char *name, struct private_key *private_key)
Decrypt CMS message.
Definition cms.c:1039
cms_message
int cms_message(struct image *image, struct cms_message **cms)
Create CMS message.
Definition cms.c:672
cms_is_encrypted
static int cms_is_encrypted(struct cms_message *cms)
Check if CMS message is an encrypted message.
Definition cms.h:118
cms_verify
int cms_verify(struct cms_message *cms, struct image *image, const char *name, time_t time, struct x509_chain *store, struct x509_root *root)
Verify CMS signature.
Definition cms.c:834
cms_get
static struct cms_message * cms_get(struct cms_message *cms)
Get reference to CMS message.
Definition cms.h:83
cms_put
static void cms_put(struct cms_message *cms)
Drop reference to CMS message.
Definition cms.h:94
FILE_LICENCE
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
Definition compiler.h:896
FILE_SECBOOT
#define FILE_SECBOOT(_status)
Declare a file's UEFI Secure Boot permission status.
Definition compiler.h:926
__attribute__
#define __attribute__(x)
Definition compiler.h:10
crypto.h
Cryptographic API.
time.h
Time source.
time_t
int64_t time_t
Seconds since the Epoch.
Definition time.h:19
refcnt.h
Reference counting.
ref_get
#define ref_get(refcnt)
Get additional reference to object.
Definition refcnt.h:93
ref_put
#define ref_put(refcnt)
Drop reference to object.
Definition refcnt.h:107
root
struct stp_switch root
Root switch.
Definition stp.h:15
asn1_cursor
An ASN.1 object cursor.
Definition asn1.h:21
cipher_algorithm
A cipher algorithm.
Definition crypto.h:51
cms_message
A CMS message.
Definition cms.h:55
cms_message::raw
struct asn1_cursor * raw
Raw ASN.1 data.
Definition cms.h:59
cms_message::type
struct cms_type * type
Message type.
Definition cms.h:61
cms_message::mac
struct asn1_cursor mac
Cipher authentication tag.
Definition cms.h:73
cms_message::refcnt
struct refcnt refcnt
Reference count.
Definition cms.h:57
cms_message::certificates
struct x509_chain * certificates
List of all certificates (for signature messages)
Definition cms.h:64
cms_message::cipher
struct cipher_algorithm * cipher
Cipher algorithm.
Definition cms.h:69
cms_message::iv
struct asn1_cursor iv
Cipher initialization vector.
Definition cms.h:71
cms_message::participants
struct list_head participants
List of participant information blocks.
Definition cms.h:66
cms_participant
CMS participant information.
Definition cms.h:39
cms_participant::digest
struct digest_algorithm * digest
Digest algorithm (for signature messages)
Definition cms.h:46
cms_participant::value
struct asn1_cursor value
Signature or key value.
Definition cms.h:51
cms_participant::list
struct list_head list
List of participant information blocks.
Definition cms.h:41
cms_participant::chain
struct x509_chain * chain
Certificate chain.
Definition cms.h:43
cms_participant::pubkey
struct pubkey_algorithm * pubkey
Public-key algorithm.
Definition cms.h:48
cms_type
A CMS message type.
Definition cms.h:23
cms_type::name
const char * name
Name.
Definition cms.h:25
cms_type::oid
struct asn1_cursor oid
Object identifier.
Definition cms.h:27
cms_type::parse
int(* parse)(struct cms_message *cms, const struct asn1_cursor *raw)
Parse content.
Definition cms.h:34
digest_algorithm
A message digest algorithm.
Definition crypto.h:19
image
An executable image.
Definition image.h:24
list_head
A doubly-linked list entry (or list head)
Definition list.h:19
private_key
A private key.
Definition privkey.h:17
pubkey_algorithm
A public key algorithm.
Definition crypto.h:122
x509_chain
An X.509 certificate chain.
Definition x509.h:201
x509_root
An X.509 root certificate list.
Definition x509.h:375
x509.h
X.509 certificates.
Generated by doxygen 1.14.0