143 return ( cert ?
x509_name ( cert ) :
"<empty>" );
225 .description =
"Cross-signed certificate source",
227 .type = &setting_type_string,
272 goto err_alloc_certs;
284 goto err_certificateset;
288 while ( cursor.
len ) {
292 cursor.
len ) ) != 0 ) {
318 goto err_auto_append;
365 const char *crosscert;
366 char *crosscert_copy;
368 size_t uri_string_len;
376 if ( ! crosscert[0] ) {
378 goto err_check_uri_string;
382 uri_string_len = (
strlen ( crosscert ) + 22
384 uri_string =
zalloc ( uri_string_len );
385 if ( ! uri_string ) {
387 goto err_alloc_uri_string;
394 len =
snprintf ( uri_string, uri_string_len,
"%s/%08x.der?subject=",
397 ( uri_string_len -
len ) );
410 uri_string ) ) != 0 ) {
414 goto err_open_uri_string;
419 free ( crosscert_copy );
427 err_alloc_uri_string:
428 err_check_uri_string:
429 free ( crosscert_copy );
453 DBGC (
validator,
"VALIDATOR %p \"%s\" could not fetch OCSP "
461 DBGC (
validator,
"VALIDATOR %p \"%s\" could not record OCSP "
506 const char *uri_string;
512 DBGC (
validator,
"VALIDATOR %p \"%s\" could not create OCSP "
529 uri_string ) ) != 0 ) {
702 link->cert ) ) == 0 ) {
791 DBGC2 (
validator,
"VALIDATOR %p \"%s\" validating X509 chain %p\n",
#define NULL
NULL pointer (VOID *)
u32 link
Link to next descriptor.
struct arbelprm_rc_send_wqe rc
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
#define ASN1_SET
ASN.1 set.
#define assert(condition)
Assert a condition at run-time.
size_t base64_encode(const void *raw, size_t raw_len, char *data, size_t len)
Base64-encode data.
static size_t base64_encoded_len(size_t raw_len)
Calculate length of base64-encoded data.
Cryptographic configuration.
#define CROSSCERT
Default cross-signed certificate source.
u32 crc32_le(u32 seed, const void *data, size_t len)
Calculate 32-bit little-endian CRC checksum.
uint8_t data[48]
Additional event data.
uint8_t meta
Metadata flags.
#define DHCP_EB_CROSS_CERT
Cross-signed certificate source.
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
#define EINVAL
Invalid argument.
#define ENOMEM
Not enough space.
#define FILE_SECBOOT(_status)
Declare a file's UEFI Secure Boot permission status.
#define SETTING_CRYPTO
Cryptography settings.
Dynamic Host Configuration Protocol.
#define __setting(setting_order, name)
Declare a configuration setting.
int64_t time_t
Seconds since the Epoch.
void intf_close(struct interface *intf, int rc)
Close an object interface.
void intf_plug_plug(struct interface *a, struct interface *b)
Plug two object interfaces together.
void intf_shutdown(struct interface *intf, int rc)
Shut down an object interface.
void intf_restart(struct interface *intf, int rc)
Shut down and restart an object interface.
#define INTF_DESC(object_type, intf, operations)
Define an object interface descriptor.
static void intf_init(struct interface *intf, struct interface_descriptor *desc, struct refcnt *refcnt)
Initialise an object interface.
#define INTF_OP(op_type, object_type, op_func)
Define an object interface operation.
#define iob_disown(iobuf)
Disown an I/O buffer.
#define list_for_each_entry_continue_reverse(pos, head, member)
Iterate over entries in a list in reverse, starting after current position.
#define list_is_head_entry(entry, head, member)
Test if entry is the list head.
#define list_for_each_entry_continue(pos, head, member)
Iterate over entries in a list, starting after current position.
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
void * zalloc(size_t size)
Allocate cleared memory.
Dynamic memory allocation.
int ocsp_validate(struct ocsp_check *ocsp, time_t time)
Validate OCSP response.
Online Certificate Status Protocol.
static int ocsp_required(struct x509_certificate *cert)
Check if X.509 certificate requires an OCSP check.
static void ocsp_put(struct ocsp_check *ocsp)
Drop reference to OCSP check.
int xfer_open_uri_string(struct interface *intf, const char *uri_string)
Open URI string.
Data transfer interface opening.
void process_del(struct process *process)
Remove process from process list.
void process_add(struct process *process)
Add process to process list.
#define PROC_DESC_ONCE(object_type, process, _step)
Define a process descriptor for a process that runs only once.
static void process_init(struct process *process, struct process_descriptor *desc, struct refcnt *refcnt)
Initialise process and add to process list.
static void(* free)(struct refcnt *refcnt))
#define ref_put(refcnt)
Drop reference to object.
#define ref_init(refcnt, free)
Initialise a reference counter.
int fetch_string_setting_copy(struct settings *settings, const struct setting *setting, char **data)
Fetch value of string setting.
#define container_of(ptr, type, field)
Get containing structure.
struct stp_switch root
Root switch.
char * strerror(int errno)
Retrieve string representation of error number.
size_t strlen(const char *src)
Get length of string.
const void * data
Start of data.
size_t len
Length of data.
An object interface descriptor.
An object interface operation.
char message[32]
Message (optional)
char * uri_string
URI string.
A certificate validator action.
void(* done)(struct validator *validator, int rc)
Action to take upon completed transfer.
struct refcnt refcnt
Reference count.
struct interface job
Job control interface.
struct ocsp_check * ocsp
OCSP check.
struct x509_link * link
Current link within certificate chain.
int rc
Most relevant status code.
struct x509_certificate * cert
Current certificate (for progress reporting)
struct process process
Process.
const struct validator_action * action
Current action.
struct interface xfer
Data transfer interface.
struct x509_chain * chain
X.509 certificate chain.
struct xfer_buffer buffer
Data buffer.
struct x509_root * root
Root of trust (or NULL to use default)
struct x509_issuer issuer
Issuer.
An X.509 certificate chain.
struct list_head links
List of links.
struct asn1_cursor raw
Raw issuer.
A link in an X.509 certificate chain.
struct list_head list
List of links.
struct x509_certificate * cert
Certificate.
An X.509 root certificate list.
static struct interface_operation validator_job_operations[]
Certificate validator job control interface operations.
static void validator_free(struct refcnt *refcnt)
Free certificate validator.
static void validator_ocsp_validate(struct validator *validator, int rc)
Validate OCSP response.
static int validator_start_download(struct validator *validator, struct x509_link *link)
Start download of cross-signing certificate.
static void validator_xfer_close(struct validator *validator, int rc)
Close data transfer interface.
static void validator_finished(struct validator *validator, int rc)
Mark certificate validation as finished.
int create_validator(struct interface *job, struct x509_chain *chain, struct x509_root *root)
Instantiate a certificate validator.
static const struct validator_action validator_crosscert
Cross-signing certificate download validator action.
static int validator_progress(struct validator *validator, struct job_progress *progress)
Report job progress.
static int validator_xfer_deliver(struct validator *validator, struct io_buffer *iobuf, struct xfer_metadata *meta)
Receive data.
static struct process_descriptor validator_process_desc
Certificate validator process descriptor.
static const char * validator_name(struct validator *validator)
Get validator name (for debug messages)
static void validator_step(struct validator *validator)
Certificate validation process.
static const struct validator_action validator_ocsp
OCSP validator action.
static struct interface_descriptor validator_xfer_desc
Certificate validator data transfer interface descriptor.
static struct interface_operation validator_xfer_operations[]
Certificate validator data transfer interface operations.
static struct interface_descriptor validator_job_desc
Certificate validator job control interface descriptor.
static const char crosscert_default[]
Default cross-signed certificate source.
static void validator_append(struct validator *validator, int rc)
Append cross-signing certificates to certificate chain.
static int validator_start_ocsp(struct validator *validator, struct x509_certificate *cert, struct x509_certificate *issuer)
Start OCSP check.
int snprintf(char *buf, size_t size, const char *fmt,...)
Write a formatted string to a buffer.
int x509_auto_append(struct x509_chain *chain, struct x509_chain *store)
Append X.509 certificates to X.509 certificate chain.
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
void x509_truncate(struct x509_chain *chain, struct x509_link *link)
Truncate X.509 certificate chain.
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
int x509_append_raw(struct x509_chain *chain, const void *data, size_t len)
Append X.509 certificate to X.509 certificate chain.
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
static struct x509_chain * x509_chain_get(struct x509_chain *chain)
Get reference to X.509 certificate chain.
static struct x509_root * x509_root_get(struct x509_root *root)
Get reference to X.509 root certificate list.
static int x509_is_self_signed(struct x509_certificate *cert)
Check if X.509 certificate is self-signed.
@ X509_LINK_FL_OCSPED
OCSP has been attempted.
@ X509_LINK_FL_CROSSED
Cross-signed certificate download has been attempted.
static struct x509_certificate * x509_last(struct x509_chain *chain)
Get last certificate in X.509 certificate chain.
static void x509_root_put(struct x509_root *root)
Drop reference to X.509 root certificate list.
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
int xfer_deliver(struct interface *intf, struct io_buffer *iobuf, struct xfer_metadata *meta)
Deliver datagram.
Data transfer interfaces.
void xferbuf_free(struct xfer_buffer *xferbuf)
Free data transfer buffer.
int xferbuf_deliver(struct xfer_buffer *xferbuf, struct io_buffer *iobuf, struct xfer_metadata *meta)
Add received data to data transfer buffer.
static void xferbuf_malloc_init(struct xfer_buffer *xferbuf)
Initialise malloc()-based data transfer buffer.