iPXE
x509.h
Go to the documentation of this file.
1 #ifndef _IPXE_X509_H
2 #define _IPXE_X509_H
3 
4 /** @file
5  *
6  * X.509 certificates
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 #include <stdint.h>
13 #include <stddef.h>
14 #include <time.h>
15 #include <ipxe/asn1.h>
16 #include <ipxe/refcnt.h>
17 #include <ipxe/list.h>
18 
19 struct image;
20 struct private_key;
21 
22 /** An X.509 serial number */
23 struct x509_serial {
24  /** Raw serial number */
25  struct asn1_cursor raw;
26 };
27 
28 /** An X.509 issuer */
29 struct x509_issuer {
30  /** Raw issuer */
31  struct asn1_cursor raw;
32 };
33 
34 /** An X.509 time */
35 struct x509_time {
36  /** Seconds since the Epoch */
37  time_t time;
38 };
39 
40 /** An X.509 certificate validity period */
41 struct x509_validity {
42  /** Not valid before */
43  struct x509_time not_before;
44  /** Not valid after */
45  struct x509_time not_after;
46 };
47 
48 /** An X.509 certificate public key */
49 struct x509_public_key {
50  /** Raw public key information */
51  struct asn1_cursor raw;
52  /** Public key algorithm */
53  struct asn1_algorithm *algorithm;
54  /** Raw public key bit string */
55  struct asn1_bit_string raw_bits;
56 };
57 
58 /** An X.509 certificate subject */
59 struct x509_subject {
60  /** Raw subject */
61  struct asn1_cursor raw;
62  /** Common name */
63  struct asn1_cursor common_name;
64  /** Public key information */
65  struct x509_public_key public_key;
66 };
67 
68 /** An X.509 certificate signature */
69 struct x509_signature {
70  /** Signature algorithm */
71  struct asn1_algorithm *algorithm;
72  /** Signature value */
73  struct asn1_bit_string value;
74 };
75 
76 /** An X.509 certificate basic constraints set */
77 struct x509_basic_constraints {
78  /** Subject is a CA */
79  int ca;
80  /** Path length */
81  unsigned int path_len;
82 };
83 
84 /** Unlimited path length
85  *
86  * We use -2U, since this quantity represents one *fewer* than the
87  * maximum number of remaining certificates in a chain.
88  */
89 #define X509_PATH_LEN_UNLIMITED -2U
90 
91 /** An X.509 certificate key usage */
92 struct x509_key_usage {
93  /** Key usage extension is present */
94  int present;
95  /** Usage bits */
96  unsigned int bits;
97 };
98 
99 /** X.509 certificate key usage bits */
100 enum x509_key_usage_bits {
101  X509_DIGITAL_SIGNATURE = 0x0080,
102  X509_NON_REPUDIATION = 0x0040,
103  X509_KEY_ENCIPHERMENT = 0x0020,
104  X509_DATA_ENCIPHERMENT = 0x0010,
105  X509_KEY_AGREEMENT = 0x0008,
106  X509_KEY_CERT_SIGN = 0x0004,
107  X509_CRL_SIGN = 0x0002,
108  X509_ENCIPHER_ONLY = 0x0001,
109  X509_DECIPHER_ONLY = 0x8000,
110 };
111 
112 /** An X.509 certificate extended key usage */
113 struct x509_extended_key_usage {
114  /** Usage bits */
115  unsigned int bits;
116 };
117 
118 /** X.509 certificate extended key usage bits
119  *
120  * Extended key usages are identified by OID; these bits are purely an
121  * internal definition.
122  */
123 enum x509_extended_key_usage_bits {
124  X509_CODE_SIGNING = 0x0001,
125  X509_OCSP_SIGNING = 0x0002,
126 };
127 
128 /** X.509 certificate OCSP responder */
129 struct x509_ocsp_responder {
130  /** URI */
131  struct asn1_cursor uri;
132  /** OCSP status is good */
133  int good;
134 };
135 
136 /** X.509 certificate authority information access */
137 struct x509_authority_info_access {
138  /** OCSP responder */
139  struct x509_ocsp_responder ocsp;
140 };
141 
142 /** X.509 certificate subject alternative name */
143 struct x509_subject_alt_name {
144  /** Names */
145  struct asn1_cursor names;
146 };
147 
148 /** X.509 certificate general name types */
149 enum x509_general_name_types {
150  X509_GENERAL_NAME_DNS = ASN1_IMPLICIT_TAG ( 2 ),
151  X509_GENERAL_NAME_URI = ASN1_IMPLICIT_TAG ( 6 ),
152  X509_GENERAL_NAME_IP = ASN1_IMPLICIT_TAG ( 7 ),
153 };
154 
155 /** An X.509 certificate extensions set */
156 struct x509_extensions {
157  /** Basic constraints */
158  struct x509_basic_constraints basic;
159  /** Key usage */
160  struct x509_key_usage usage;
161  /** Extended key usage */
162  struct x509_extended_key_usage ext_usage;
163  /** Authority information access */
164  struct x509_authority_info_access auth_info;
165  /** Subject alternative name */
166  struct x509_subject_alt_name alt_name;
167 };
168 
169 /** A link in an X.509 certificate chain */
170 struct x509_link {
171  /** List of links */
172  struct list_head list;
173  /** Certificate */
174  struct x509_certificate *cert;
175  /** Flags */
176  unsigned int flags;
177 };
178 
179 /** X.509 certficate chain link flags */
180 enum x509_link_flags {
181  /** Cross-signed certificate download has been attempted
182  *
183  * This indicates that a cross-signature download attempt has
184  * been made to find a cross-signed issuer for this link's
185  * certificate.
186  */
187  X509_LINK_FL_CROSSED = 0x0001,
188  /** OCSP has been attempted
189  *
190  * This indicates that an OCSP attempt has been made using
191  * this link's certificate as an issuer. (We record the flag
192  * on the issuer rather than on the issued certificate, since
193  * we want to retry OCSP if an issuer is replaced with a
194  * downloaded cross-signed certificate.)
195  */
196  X509_LINK_FL_OCSPED = 0x0002,
197 };
198 
199 /** An X.509 certificate chain */
200 struct x509_chain {
201  /** Reference count */
202  struct refcnt refcnt;
203  /** List of links */
204  struct list_head links;
205  /** Mark certificate as found
206  *
207  * @v store Certificate store
208  * @v cert X.509 certificate
209  */
210  void ( * found ) ( struct x509_chain *store,
211  struct x509_certificate *cert );
212 };
213 
214 /** An X.509 certificate */
215 struct x509_certificate {
216  /** Reference count */
217  struct refcnt refcnt;
218 
219  /** Link in certificate store */
220  struct x509_link store;
221 
222  /** Flags */
223  unsigned int flags;
224  /** Root against which certificate has been validated (if any) */
225  struct x509_root *root;
226  /** Maximum number of subsequent certificates in chain */
227  unsigned int path_remaining;
228 
229  /** Raw certificate */
230  struct asn1_cursor raw;
231  /** Version */
232  unsigned int version;
233  /** Serial number */
234  struct x509_serial serial;
235  /** Raw tbsCertificate */
236  struct asn1_cursor tbs;
237  /** Signature algorithm */
238  struct asn1_algorithm *signature_algorithm;
239  /** Issuer */
240  struct x509_issuer issuer;
241  /** Validity */
242  struct x509_validity validity;
243  /** Subject */
244  struct x509_subject subject;
245  /** Signature */
246  struct x509_signature signature;
247  /** Extensions */
248  struct x509_extensions extensions;
249 };
250 
251 /** X.509 certificate flags */
252 enum x509_flags {
253  /** Certificate was added at build time */
254  X509_FL_PERMANENT = 0x0001,
255  /** Certificate was added explicitly at run time */
256  X509_FL_EXPLICIT = 0x0002,
257 };
258 
259 /**
260  * Get reference to X.509 certificate
261  *
262  * @v cert X.509 certificate
263  * @ret cert X.509 certificate
264  */
265 static inline __attribute__ (( always_inline )) struct x509_certificate *
266 x509_get ( struct x509_certificate *cert ) {
267  ref_get ( &cert->refcnt );
268  return cert;
269 }
270 
271 /**
272  * Drop reference to X.509 certificate
273  *
274  * @v cert X.509 certificate
275  */
276 static inline __attribute__ (( always_inline )) void
277 x509_put ( struct x509_certificate *cert ) {
278  ref_put ( &cert->refcnt );
279 }
280 
281 /**
282  * Get reference to X.509 certificate chain
283  *
284  * @v chain X.509 certificate chain
285  * @ret chain X.509 certificate chain
286  */
287 static inline __attribute__ (( always_inline )) struct x509_chain *
288 x509_chain_get ( struct x509_chain *chain ) {
289  ref_get ( &chain->refcnt );
290  return chain;
291 }
292 
293 /**
294  * Drop reference to X.509 certificate chain
295  *
296  * @v chain X.509 certificate chain
297  */
298 static inline __attribute__ (( always_inline )) void
299 x509_chain_put ( struct x509_chain *chain ) {
300  ref_put ( &chain->refcnt );
301 }
302 
303 /**
304  * Get first certificate in X.509 certificate chain
305  *
306  * @v chain X.509 certificate chain
307  * @ret cert X.509 certificate, or NULL
308  */
309 static inline __attribute__ (( always_inline )) struct x509_certificate *
310 x509_first ( struct x509_chain *chain ) {
311  struct x509_link *link;
312 
313  link = list_first_entry ( &chain->links, struct x509_link, list );
314  return ( link ? link->cert : NULL );
315 }
316 
317 /**
318  * Get last certificate in X.509 certificate chain
319  *
320  * @v chain X.509 certificate chain
321  * @ret cert X.509 certificate, or NULL
322  */
323 static inline __attribute__ (( always_inline )) struct x509_certificate *
324 x509_last ( struct x509_chain *chain ) {
325  struct x509_link *link;
326 
327  link = list_last_entry ( &chain->links, struct x509_link, list );
328  return ( link ? link->cert : NULL );
329 }
330 
331 /** An X.509 extension */
332 struct x509_extension {
333  /** Name */
334  const char *name;
335  /** Object identifier */
336  struct asn1_cursor oid;
337  /** Parse extension
338  *
339  * @v cert X.509 certificate
340  * @v raw ASN.1 cursor
341  * @ret rc Return status code
342  */
343  int ( * parse ) ( struct x509_certificate *cert,
344  const struct asn1_cursor *raw );
345 };
346 
347 /** An X.509 key purpose */
348 struct x509_key_purpose {
349  /** Name */
350  const char *name;
351  /** Object identifier */
352  struct asn1_cursor oid;
353  /** Extended key usage bits */
354  unsigned int bits;
355 };
356 
357 /** An X.509 access method */
358 struct x509_access_method {
359  /** Name */
360  const char *name;
361  /** Object identifier */
362  struct asn1_cursor oid;
363  /** Parse access method
364  *
365  * @v cert X.509 certificate
366  * @v raw ASN.1 cursor
367  * @ret rc Return status code
368  */
369  int ( * parse ) ( struct x509_certificate *cert,
370  const struct asn1_cursor *raw );
371 };
372 
373 /** An X.509 root certificate list */
374 struct x509_root {
375  /** Reference count */
376  struct refcnt refcnt;
377  /** Fingerprint digest algorithm */
378  struct digest_algorithm *digest;
379  /** Number of certificates */
380  unsigned int count;
381  /** Certificate fingerprints */
382  const void *fingerprints;
383 };
384 
385 /**
386  * Get reference to X.509 root certificate list
387  *
388  * @v root X.509 root certificate list
389  * @ret root X.509 root certificate list
390  */
391 static inline __attribute__ (( always_inline )) struct x509_root *
392 x509_root_get ( struct x509_root *root ) {
393  ref_get ( &root->refcnt );
394  return root;
395 }
396 
397 /**
398  * Drop reference to X.509 root certificate list
399  *
400  * @v root X.509 root certificate list
401  */
402 static inline __attribute__ (( always_inline )) void
403 x509_root_put ( struct x509_root *root ) {
404  ref_put ( &root->refcnt );
405 }
406 
407 /**
408  * Check if X.509 certificate is self-signed
409  *
410  * @v cert X.509 certificate
411  * @ret is_self_signed X.509 certificate is self-signed
412  */
413 static inline int x509_is_self_signed ( struct x509_certificate *cert ) {
414  return ( asn1_compare ( &cert->issuer.raw, &cert->subject.raw ) == 0 );
415 }
416 
417 extern const char * x509_name ( struct x509_certificate *cert );
418 extern int x509_parse ( struct x509_certificate *cert,
419  const struct asn1_cursor *raw );
420 extern int x509_certificate ( const void *data, size_t len,
421  struct x509_certificate **cert );
422 extern int x509_is_valid ( struct x509_certificate *cert,
423  struct x509_root *root );
424 extern int x509_validate ( struct x509_certificate *cert,
425  struct x509_certificate *issuer,
426  time_t time, struct x509_root *root );
427 extern int x509_check_name ( struct x509_certificate *cert, const char *name );
428 
429 extern struct x509_chain * x509_alloc_chain ( void );
430 extern int x509_append ( struct x509_chain *chain,
431  struct x509_certificate *cert );
432 extern int x509_append_raw ( struct x509_chain *chain, const void *data,
433  size_t len );
434 extern void x509_truncate ( struct x509_chain *chain, struct x509_link *link );
435 extern struct x509_certificate * x509_find ( struct x509_chain *store,
436  const struct asn1_cursor *raw );
437 extern struct x509_certificate *
438 x509_find_subject ( struct x509_chain *store,
439  const struct asn1_cursor *subject );
440 extern struct x509_certificate *
441 x509_find_issuer_serial ( struct x509_chain *store,
442  const struct asn1_cursor *issuer,
443  const struct asn1_cursor *serial );
444 extern struct x509_certificate * x509_find_key ( struct x509_chain *store,
445  struct private_key *key );
446 extern int x509_auto_append ( struct x509_chain *chain,
447  struct x509_chain *store );
448 extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
449  struct x509_chain *store,
450  struct x509_root *root );
451 extern int image_x509 ( struct image *image, size_t offset,
452  struct x509_certificate **cert );
453 
454 /* Functions exposed only for unit testing */
455 extern int x509_check_issuer ( struct x509_certificate *cert,
456  struct x509_certificate *issuer );
457 extern void x509_fingerprint ( struct x509_certificate *cert,
458  struct digest_algorithm *digest,
459  void *fingerprint );
460 extern int x509_check_root ( struct x509_certificate *cert,
461  struct x509_root *root );
462 extern int x509_check_time ( struct x509_certificate *cert, time_t time );
463 
464 /**
465  * Invalidate X.509 certificate
466  *
467  * @v cert X.509 certificate
468  */
469 static inline void x509_invalidate ( struct x509_certificate *cert ) {
470  x509_root_put ( cert->root );
471  cert->root = NULL;
472  cert->path_remaining = 0;
473 }
474 
475 /**
476  * Invalidate X.509 certificate chain
477  *
478  * @v chain X.509 certificate chain
479  */
480 static inline void x509_invalidate_chain ( struct x509_chain *chain ) {
481  struct x509_link *link;
482 
483  list_for_each_entry ( link, &chain->links, list )
484  x509_invalidate ( link->cert );
485 }
486 
487 #endif /* _IPXE_X509_H */
x509_key_usage_bits
x509_key_usage_bits
X.509 certificate key usage bits.
Definition: x509.h:100
x509_chain_put
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
Definition: x509.h:299
x509_access_method::name
const char * name
Name.
Definition: x509.h:360
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
x509_public_key::raw_bits
struct asn1_bit_string raw_bits
Raw public key bit string.
Definition: x509.h:55
x509_validate
int x509_validate(struct x509_certificate *cert, struct x509_certificate *issuer, time_t time, struct x509_root *root)
Validate X.509 certificate.
Definition: x509.c:1363
asn1_algorithm
An ASN.1 OID-identified algorithm.
Definition: asn1.h:366
x509_public_key::raw
struct asn1_cursor raw
Raw public key information.
Definition: x509.h:51
name
const char * name
Definition: ath9k_hw.c:1984
x509_extensions::ext_usage
struct x509_extended_key_usage ext_usage
Extended key usage.
Definition: x509.h:162
x509_issuer::raw
struct asn1_cursor raw
Raw issuer.
Definition: x509.h:31
x509_certificate::path_remaining
unsigned int path_remaining
Maximum number of subsequent certificates in chain.
Definition: x509.h:227
x509_chain_get
static struct x509_chain * x509_chain_get(struct x509_chain *chain)
Get reference to X.509 certificate chain.
Definition: x509.h:288
x509_general_name_types
x509_general_name_types
X.509 certificate general name types.
Definition: x509.h:149
asn1_compare
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
Definition: asn1.c:480
x509_subject_alt_name::names
struct asn1_cursor names
Names.
Definition: x509.h:145
ASN1_IMPLICIT_TAG
#define ASN1_IMPLICIT_TAG(number)
ASN.1 implicit tag.
Definition: asn1.h:95
x509_get
static struct x509_certificate * x509_get(struct x509_certificate *cert)
Get reference to X.509 certificate.
Definition: x509.h:266
x509_basic_constraints::path_len
unsigned int path_len
Path length.
Definition: x509.h:81
x509_basic_constraints
An X.509 certificate basic constraints set.
Definition: x509.h:77
x509_certificate::refcnt
struct refcnt refcnt
Reference count.
Definition: x509.h:217
x509_extended_key_usage_bits
x509_extended_key_usage_bits
X.509 certificate extended key usage bits.
Definition: x509.h:123
x509_ocsp_responder::good
int good
OCSP status is good.
Definition: x509.h:133
root
struct stp_switch root
Root switch.
Definition: stp.h:26
x509_extended_key_usage::bits
unsigned int bits
Usage bits.
Definition: x509.h:115
x509_check_root
int x509_check_root(struct x509_certificate *cert, struct x509_root *root)
Check X.509 root certificate.
Definition: x509.c:1252
x509_chain::links
struct list_head links
List of links.
Definition: x509.h:204
x509_name
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
Definition: x509.c:146
x509_link::list
struct list_head list
List of links.
Definition: x509.h:172
x509_certificate::issuer
struct x509_issuer issuer
Issuer.
Definition: x509.h:240
x509_key_purpose::name
const char * name
Name.
Definition: x509.h:350
x509_check_time
int x509_check_time(struct x509_certificate *cert, time_t time)
Check X.509 certificate validity period.
Definition: x509.c:1284
x509_certificate::signature_algorithm
struct asn1_algorithm * signature_algorithm
Signature algorithm.
Definition: x509.h:238
x509_extension::oid
struct asn1_cursor oid
Object identifier.
Definition: x509.h:336
x509_link_flags
x509_link_flags
X.509 certficate chain link flags.
Definition: x509.h:180
x509_root_put
static void x509_root_put(struct x509_root *root)
Drop reference to X.509 root certificate list.
Definition: x509.h:403
x509_link::cert
struct x509_certificate * cert
Certificate.
Definition: x509.h:174
x509_signature::algorithm
struct asn1_algorithm * algorithm
Signature algorithm.
Definition: x509.h:71
x509_serial::raw
struct asn1_cursor raw
Raw serial number.
Definition: x509.h:25
x509_key_purpose::oid
struct asn1_cursor oid
Object identifier.
Definition: x509.h:352
x509_find_key
struct x509_certificate * x509_find_key(struct x509_chain *store, struct private_key *key)
Identify X.509 certificate by corresponding public key.
Definition: x509.c:1821
image
An executable image.
Definition: image.h:24
x509_fingerprint
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition: x509.c:1234
x509_time::time
time_t time
Seconds since the Epoch.
Definition: x509.h:37
image_x509
int image_x509(struct image *image, size_t offset, struct x509_certificate **cert)
Extract X.509 certificate object from image.
Definition: x509.c:1947
list_last_entry
#define list_last_entry(list, type, member)
Get the container of the last entry in a list.
Definition: list.h:346
x509_certificate::flags
unsigned int flags
Flags.
Definition: x509.h:223
x509_key_purpose
An X.509 key purpose.
Definition: x509.h:348
list_head
A doubly-linked list entry (or list head)
Definition: list.h:18
x509_key_usage::present
int present
Key usage extension is present.
Definition: x509.h:94
refcnt
A reference counter.
Definition: refcnt.h:26
x509_find_issuer_serial
struct x509_certificate * x509_find_issuer_serial(struct x509_chain *store, const struct asn1_cursor *issuer, const struct asn1_cursor *serial)
Identify X.509 certificate by issuer and serial number.
Definition: x509.c:1791
x509_ocsp_responder
X.509 certificate OCSP responder.
Definition: x509.h:129
x509_find_subject
struct x509_certificate * x509_find_subject(struct x509_chain *store, const struct asn1_cursor *subject)
Identify X.509 certificate by subject.
Definition: x509.c:1761
list_first_entry
#define list_first_entry(list, type, member)
Get the container of the first entry in a list.
Definition: list.h:333
x509_is_self_signed
static int x509_is_self_signed(struct x509_certificate *cert)
Check if X.509 certificate is self-signed.
Definition: x509.h:413
x509_chain
An X.509 certificate chain.
Definition: x509.h:200
x509_check_name
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
Definition: x509.c:1561
x509_check_issuer
int x509_check_issuer(struct x509_certificate *cert, struct x509_certificate *issuer)
Check X.509 certificate against issuer certificate.
Definition: x509.c:1174
x509_validity::not_before
struct x509_time not_before
Not valid before.
Definition: x509.h:43
x509_certificate::root
struct x509_root * root
Root against which certificate has been validated (if any)
Definition: x509.h:225
asn1.h
ASN.1 encoding.
x509_certificate::signature
struct x509_signature signature
Signature.
Definition: x509.h:246
list_for_each_entry
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
Definition: list.h:431
x509_alloc_chain
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
Definition: x509.c:1612
x509_root::digest
struct digest_algorithm * digest
Fingerprint digest algorithm.
Definition: x509.h:378
link
u32 link
Link to next descriptor.
Definition: ar9003_mac.h:68
x509_is_valid
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
Definition: x509.c:1310
x509_root_get
static struct x509_root * x509_root_get(struct x509_root *root)
Get reference to X.509 root certificate list.
Definition: x509.h:392
x509_public_key
An X.509 certificate public key.
Definition: x509.h:49
x509_authority_info_access
X.509 certificate authority information access.
Definition: x509.h:137
x509_extensions::auth_info
struct x509_authority_info_access auth_info
Authority information access.
Definition: x509.h:164
x509_subject::public_key
struct x509_public_key public_key
Public key information.
Definition: x509.h:65
list.h
Linked lists.
x509_link
A link in an X.509 certificate chain.
Definition: x509.h:170
x509_last
static struct x509_certificate * x509_last(struct x509_chain *chain)
Get last certificate in X.509 certificate chain.
Definition: x509.h:324
x509_certificate
An X.509 certificate.
Definition: x509.h:215
x509_certificate::serial
struct x509_serial serial
Serial number.
Definition: x509.h:234
X509_LINK_FL_OCSPED
OCSP has been attempted.
Definition: x509.h:196
x509_certificate::subject
struct x509_subject subject
Subject.
Definition: x509.h:244
x509_basic_constraints::ca
int ca
Subject is a CA.
Definition: x509.h:79
ref_get
#define ref_get(refcnt)
Get additional reference to object.
Definition: refcnt.h:92
x509_public_key::algorithm
struct asn1_algorithm * algorithm
Public key algorithm.
Definition: x509.h:53
x509_issuer
An X.509 issuer.
Definition: x509.h:29
serial
uint64_t serial
Serial number.
Definition: edd.h:30
x509_signature::value
struct asn1_bit_string value
Signature value.
Definition: x509.h:73
x509_key_usage
An X.509 certificate key usage.
Definition: x509.h:92
x509_validity
An X.509 certificate validity period.
Definition: x509.h:41
x509_subject::raw
struct asn1_cursor raw
Raw subject.
Definition: x509.h:61
x509_extension::name
const char * name
Name.
Definition: x509.h:334
x509_key_purpose::bits
unsigned int bits
Extended key usage bits.
Definition: x509.h:354
x509_access_method::parse
int(* parse)(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse access method.
Definition: x509.h:369
x509_link::flags
unsigned int flags
Flags.
Definition: x509.h:176
X509_FL_PERMANENT
Certificate was added at build time.
Definition: x509.h:254
x509_root
An X.509 root certificate list.
Definition: x509.h:374
x509_certificate::validity
struct x509_validity validity
Validity.
Definition: x509.h:242
x509_subject::common_name
struct asn1_cursor common_name
Common name.
Definition: x509.h:63
x509_parse
int x509_parse(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse X.509 certificate from ASN.1 data.
Definition: x509.c:1004
x509_extensions::alt_name
struct x509_subject_alt_name alt_name
Subject alternative name.
Definition: x509.h:166
x509_serial
An X.509 serial number.
Definition: x509.h:23
x509_time
An X.509 time.
Definition: x509.h:35
x509_validate_chain
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
Definition: x509.c:1894
x509_extended_key_usage
An X.509 certificate extended key usage.
Definition: x509.h:113
x509_certificate
int x509_certificate(const void *data, size_t len, struct x509_certificate **cert)
Create X.509 certificate.
Definition: x509.c:1070
x509_subject
An X.509 certificate subject.
Definition: x509.h:59
x509_key_usage::bits
unsigned int bits
Usage bits.
Definition: x509.h:96
x509_auto_append
int x509_auto_append(struct x509_chain *chain, struct x509_chain *store)
Append X.509 certificates to X.509 certificate chain.
Definition: x509.c:1854
x509_certificate::version
unsigned int version
Version.
Definition: x509.h:232
x509_put
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
Definition: x509.h:277
x509_first
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
Definition: x509.h:310
x509_root::count
unsigned int count
Number of certificates.
Definition: x509.h:380
x509_certificate::tbs
struct asn1_cursor tbs
Raw tbsCertificate.
Definition: x509.h:236
digest_algorithm
A message digest algorithm.
Definition: crypto.h:18
refcnt.h
Reference counting.
x509_subject_alt_name
X.509 certificate subject alternative name.
Definition: x509.h:143
x509_certificate::store
struct x509_link store
Link in certificate store.
Definition: x509.h:220
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
private_key
A private key.
Definition: privkey.h:16
x509_find
struct x509_certificate * x509_find(struct x509_chain *store, const struct asn1_cursor *raw)
Identify X.509 certificate by raw certificate data.
Definition: x509.c:1732
x509_validity::not_after
struct x509_time not_after
Not valid after.
Definition: x509.h:45
x509_invalidate_chain
static void x509_invalidate_chain(struct x509_chain *chain)
Invalidate X.509 certificate chain.
Definition: x509.h:480
raw
__be32 raw[7]
Definition: CIB_PRM.h:28
x509_truncate
void x509_truncate(struct x509_chain *chain, struct x509_link *link)
Truncate X.509 certificate chain.
Definition: x509.c:1690
uri
A Uniform Resource Identifier.
Definition: uri.h:64
offset
uint16_t offset
Offset to command line.
Definition: bzimage.h:8
x509_access_method::oid
struct asn1_cursor oid
Object identifier.
Definition: x509.h:362
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
x509_root::fingerprints
const void * fingerprints
Certificate fingerprints.
Definition: x509.h:382
x509_extensions
An X.509 certificate extensions set.
Definition: x509.h:156
x509_certificate::raw
struct asn1_cursor raw
Raw certificate.
Definition: x509.h:230
x509_extensions::usage
struct x509_key_usage usage
Key usage.
Definition: x509.h:160
time_t
int64_t time_t
Seconds since the Epoch.
Definition: time.h:18
time.h
Time source.
x509_extension::parse
int(* parse)(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse extension.
Definition: x509.h:343
x509_chain::found
void(* found)(struct x509_chain *store, struct x509_certificate *cert)
Mark certificate as found.
Definition: x509.h:210
len
uint32_t len
Length.
Definition: ena.h:14
x509_append_raw
int x509_append_raw(struct x509_chain *chain, const void *data, size_t len)
Append X.509 certificate to X.509 certificate chain.
Definition: x509.c:1660
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
x509_authority_info_access::ocsp
struct x509_ocsp_responder ocsp
OCSP responder.
Definition: x509.h:139
X509_FL_EXPLICIT
Certificate was added explicitly at run time.
Definition: x509.h:256
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:20
x509_extensions::basic
struct x509_basic_constraints basic
Basic constraints.
Definition: x509.h:158
key
union @383 key
Sense key.
Definition: scsi.h:18
x509_chain::refcnt
struct refcnt refcnt
Reference count.
Definition: x509.h:202
X509_LINK_FL_CROSSED
Cross-signed certificate download has been attempted.
Definition: x509.h:187
x509_append
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
Definition: x509.c:1635
x509_certificate::extensions
struct x509_extensions extensions
Extensions.
Definition: x509.h:248
ref_put
#define ref_put(refcnt)
Drop reference to object.
Definition: refcnt.h:106
x509_flags
x509_flags
X.509 certificate flags.
Definition: x509.h:252
x509_invalidate
static void x509_invalidate(struct x509_certificate *cert)
Invalidate X.509 certificate.
Definition: x509.h:469
asn1_bit_string
An ASN.1 bit string.
Definition: asn1.h:420
x509_signature
An X.509 certificate signature.
Definition: x509.h:69
x509_extension
An X.509 extension.
Definition: x509.h:332
x509_access_method
An X.509 access method.
Definition: x509.h:358
Generated by   doxygen 1.8.15