iPXE
cms.h
Go to the documentation of this file.
1 #ifndef _IPXE_CMS_H
2 #define _IPXE_CMS_H
3 
4 /** @file
5  *
6  * Cryptographic Message Syntax (PKCS #7)
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 #include <time.h>
13 #include <ipxe/asn1.h>
14 #include <ipxe/crypto.h>
15 #include <ipxe/x509.h>
16 #include <ipxe/refcnt.h>
17 
18 struct image;
19 struct cms_message;
20 
21 /** A CMS message type */
22 struct cms_type {
23  /** Name */
24  const char *name;
25  /** Object identifier */
26  struct asn1_cursor oid;
27  /** Parse content
28  *
29  * @v cms CMS message
30  * @v raw ASN.1 cursor
31  * @ret rc Return status code
32  */
33  int ( * parse ) ( struct cms_message *cms,
34  const struct asn1_cursor *raw );
35 };
36 
37 /** CMS participant information */
38 struct cms_participant {
39  /** List of participant information blocks */
40  struct list_head list;
41  /** Certificate chain */
42  struct x509_chain *chain;
43 
44  /** Digest algorithm (for signature messages) */
45  struct digest_algorithm *digest;
46  /** Public-key algorithm */
47  struct pubkey_algorithm *pubkey;
48 
49  /** Signature or key value */
50  struct asn1_cursor value;
51 };
52 
53 /** A CMS message */
54 struct cms_message {
55  /** Reference count */
56  struct refcnt refcnt;
57  /** Raw ASN.1 data */
58  struct asn1_cursor *raw;
59  /** Message type */
60  struct cms_type *type;
61 
62  /** List of all certificates (for signature messages) */
63  struct x509_chain *certificates;
64  /** List of participant information blocks */
65  struct list_head participants;
66 
67  /** Cipher algorithm */
68  struct cipher_algorithm *cipher;
69  /** Cipher initialization vector */
70  struct asn1_cursor iv;
71  /** Cipher authentication tag */
72  struct asn1_cursor mac;
73 };
74 
75 /**
76  * Get reference to CMS message
77  *
78  * @v cms CMS message
79  * @ret cms CMS message
80  */
81 static inline __attribute__ (( always_inline )) struct cms_message *
82 cms_get ( struct cms_message *cms ) {
83  ref_get ( &cms->refcnt );
84  return cms;
85 }
86 
87 /**
88  * Drop reference to CMS message
89  *
90  * @v cms CMS message
91  */
92 static inline __attribute__ (( always_inline )) void
93 cms_put ( struct cms_message *cms ) {
94  ref_put ( &cms->refcnt );
95 }
96 
97 /**
98  * Check if CMS message is a signature message
99  *
100  * @v cms CMS message
101  * @ret is_signature Message is a signature message
102  */
103 static inline __attribute__ (( always_inline )) int
104 cms_is_signature ( struct cms_message *cms ) {
105 
106  /* CMS signatures include an optional CertificateSet */
107  return ( cms->certificates != NULL );
108 }
109 
110 /**
111  * Check if CMS message is an encrypted message
112  *
113  * @v cms CMS message
114  * @ret is_encrypted Message is an encrypted message
115  */
116 static inline __attribute__ (( always_inline )) int
117 cms_is_encrypted ( struct cms_message *cms ) {
118 
119  /* CMS encrypted messages have a cipher algorithm */
120  return ( cms->cipher != NULL );
121 }
122 
123 extern int cms_message ( struct image *image, struct cms_message **cms );
124 extern int cms_verify ( struct cms_message *cms, struct image *image,
125  const char *name, time_t time, struct x509_chain *store,
126  struct x509_root *root );
127 extern int cms_decrypt ( struct cms_message *cms, struct image *image,
128  const char *name, struct private_key *private_key );
129 
130 #endif /* _IPXE_CMS_H */
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
cms_type::name
const char * name
Name.
Definition: cms.h:24
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
cms_message::certificates
struct x509_chain * certificates
List of all certificates (for signature messages)
Definition: cms.h:63
cms_type::oid
struct asn1_cursor oid
Object identifier.
Definition: cms.h:26
name
const char * name
Definition: ath9k_hw.c:1984
cms_participant::value
struct asn1_cursor value
Signature or key value.
Definition: cms.h:50
cms_message
int cms_message(struct image *image, struct cms_message **cms)
Create CMS message.
Definition: cms.c:671
root
struct stp_switch root
Root switch.
Definition: stp.h:26
cms_type
A CMS message type.
Definition: cms.h:22
cms_decrypt
int cms_decrypt(struct cms_message *cms, struct image *image, const char *name, struct private_key *private_key)
Decrypt CMS message.
Definition: cms.c:1038
cms_participant::digest
struct digest_algorithm * digest
Digest algorithm (for signature messages)
Definition: cms.h:45
crypto.h
Cryptographic API.
cms_get
static struct cms_message * cms_get(struct cms_message *cms)
Get reference to CMS message.
Definition: cms.h:82
cms_participant::pubkey
struct pubkey_algorithm * pubkey
Public-key algorithm.
Definition: cms.h:47
image
An executable image.
Definition: image.h:23
cms_is_encrypted
static int cms_is_encrypted(struct cms_message *cms)
Check if CMS message is an encrypted message.
Definition: cms.h:117
list_head
A doubly-linked list entry (or list head)
Definition: list.h:18
cms_message
A CMS message.
Definition: cms.h:54
refcnt
A reference counter.
Definition: refcnt.h:26
x509_chain
An X.509 certificate chain.
Definition: x509.h:200
cms_participant
CMS participant information.
Definition: cms.h:38
asn1.h
ASN.1 encoding.
cms_message::type
struct cms_type * type
Message type.
Definition: cms.h:60
cms_type::parse
int(* parse)(struct cms_message *cms, const struct asn1_cursor *raw)
Parse content.
Definition: cms.h:33
cms_message::cipher
struct cipher_algorithm * cipher
Cipher algorithm.
Definition: cms.h:68
ref_get
#define ref_get(refcnt)
Get additional reference to object.
Definition: refcnt.h:92
cms_message::raw
struct asn1_cursor * raw
Raw ASN.1 data.
Definition: cms.h:58
cms_is_signature
static int cms_is_signature(struct cms_message *cms)
Check if CMS message is a signature message.
Definition: cms.h:104
x509.h
X.509 certificates.
x509_root
An X.509 root certificate list.
Definition: x509.h:374
cms_put
static void cms_put(struct cms_message *cms)
Drop reference to CMS message.
Definition: cms.h:93
cms_message::participants
struct list_head participants
List of participant information blocks.
Definition: cms.h:65
cms_participant::list
struct list_head list
List of participant information blocks.
Definition: cms.h:40
cms_participant::chain
struct x509_chain * chain
Certificate chain.
Definition: cms.h:42
digest_algorithm
A message digest algorithm.
Definition: crypto.h:18
cms_message::iv
struct asn1_cursor iv
Cipher initialization vector.
Definition: cms.h:70
refcnt.h
Reference counting.
cipher_algorithm
A cipher algorithm.
Definition: crypto.h:50
private_key
A private key.
Definition: privkey.h:16
raw
__be32 raw[7]
Definition: CIB_PRM.h:28
cms_message::mac
struct asn1_cursor mac
Cipher authentication tag.
Definition: cms.h:72
time_t
int64_t time_t
Seconds since the Epoch.
Definition: time.h:18
time.h
Time source.
cms_verify
int cms_verify(struct cms_message *cms, struct image *image, const char *name, time_t time, struct x509_chain *store, struct x509_root *root)
Verify CMS signature.
Definition: cms.c:833
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:20
pubkey_algorithm
A public key algorithm.
Definition: crypto.h:121
cms_message::refcnt
struct refcnt refcnt
Reference count.
Definition: cms.h:56
ref_put
#define ref_put(refcnt)
Drop reference to object.
Definition: refcnt.h:106
Generated by   doxygen 1.8.15