iPXE
x509.h
Go to the documentation of this file.
1 #ifndef _IPXE_X509_H
2 #define _IPXE_X509_H
3 
4 /** @file
5  *
6  * X.509 certificates
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 FILE_SECBOOT ( PERMITTED );
12 
13 #include <stdint.h>
14 #include <stddef.h>
15 #include <time.h>
16 #include <ipxe/asn1.h>
17 #include <ipxe/refcnt.h>
18 #include <ipxe/list.h>
19 
20 struct image;
21 struct private_key;
22 
23 /** An X.509 serial number */
24 struct x509_serial {
25  /** Raw serial number */
26  struct asn1_cursor raw;
27 };
28 
29 /** An X.509 issuer */
30 struct x509_issuer {
31  /** Raw issuer */
32  struct asn1_cursor raw;
33 };
34 
35 /** An X.509 time */
36 struct x509_time {
37  /** Seconds since the Epoch */
38  time_t time;
39 };
40 
41 /** An X.509 certificate validity period */
42 struct x509_validity {
43  /** Not valid before */
44  struct x509_time not_before;
45  /** Not valid after */
46  struct x509_time not_after;
47 };
48 
49 /** An X.509 certificate public key */
50 struct x509_public_key {
51  /** Raw public key information */
52  struct asn1_cursor raw;
53  /** Public key algorithm */
54  struct asn1_algorithm *algorithm;
55  /** Public key value */
56  struct asn1_cursor value;
57 };
58 
59 /** An X.509 certificate subject */
60 struct x509_subject {
61  /** Raw subject */
62  struct asn1_cursor raw;
63  /** Common name */
64  struct asn1_cursor common_name;
65  /** Public key information */
66  struct x509_public_key public_key;
67 };
68 
69 /** An X.509 certificate signature */
70 struct x509_signature {
71  /** Signature algorithm */
72  struct asn1_algorithm *algorithm;
73  /** Signature value */
74  struct asn1_cursor value;
75 };
76 
77 /** An X.509 certificate basic constraints set */
78 struct x509_basic_constraints {
79  /** Subject is a CA */
80  int ca;
81  /** Path length */
82  unsigned int path_len;
83 };
84 
85 /** Unlimited path length
86  *
87  * We use -2U, since this quantity represents one *fewer* than the
88  * maximum number of remaining certificates in a chain.
89  */
90 #define X509_PATH_LEN_UNLIMITED -2U
91 
92 /** An X.509 certificate key usage */
93 struct x509_key_usage {
94  /** Key usage extension is present */
95  int present;
96  /** Usage bits */
97  unsigned int bits;
98 };
99 
100 /** X.509 certificate key usage bits */
101 enum x509_key_usage_bits {
102  X509_DIGITAL_SIGNATURE = 0x0080,
103  X509_NON_REPUDIATION = 0x0040,
104  X509_KEY_ENCIPHERMENT = 0x0020,
105  X509_DATA_ENCIPHERMENT = 0x0010,
106  X509_KEY_AGREEMENT = 0x0008,
107  X509_KEY_CERT_SIGN = 0x0004,
108  X509_CRL_SIGN = 0x0002,
109  X509_ENCIPHER_ONLY = 0x0001,
110  X509_DECIPHER_ONLY = 0x8000,
111 };
112 
113 /** An X.509 certificate extended key usage */
114 struct x509_extended_key_usage {
115  /** Usage bits */
116  unsigned int bits;
117 };
118 
119 /** X.509 certificate extended key usage bits
120  *
121  * Extended key usages are identified by OID; these bits are purely an
122  * internal definition.
123  */
124 enum x509_extended_key_usage_bits {
125  X509_CODE_SIGNING = 0x0001,
126  X509_OCSP_SIGNING = 0x0002,
127 };
128 
129 /** X.509 certificate OCSP responder */
130 struct x509_ocsp_responder {
131  /** URI */
132  struct asn1_cursor uri;
133  /** OCSP status is good */
134  int good;
135 };
136 
137 /** X.509 certificate authority information access */
138 struct x509_authority_info_access {
139  /** OCSP responder */
140  struct x509_ocsp_responder ocsp;
141 };
142 
143 /** X.509 certificate subject alternative name */
144 struct x509_subject_alt_name {
145  /** Names */
146  struct asn1_cursor names;
147 };
148 
149 /** X.509 certificate general name types */
150 enum x509_general_name_types {
151  X509_GENERAL_NAME_DNS = ASN1_IMPLICIT_TAG ( 2 ),
152  X509_GENERAL_NAME_URI = ASN1_IMPLICIT_TAG ( 6 ),
153  X509_GENERAL_NAME_IP = ASN1_IMPLICIT_TAG ( 7 ),
154 };
155 
156 /** An X.509 certificate extensions set */
157 struct x509_extensions {
158  /** Basic constraints */
159  struct x509_basic_constraints basic;
160  /** Key usage */
161  struct x509_key_usage usage;
162  /** Extended key usage */
163  struct x509_extended_key_usage ext_usage;
164  /** Authority information access */
165  struct x509_authority_info_access auth_info;
166  /** Subject alternative name */
167  struct x509_subject_alt_name alt_name;
168 };
169 
170 /** A link in an X.509 certificate chain */
171 struct x509_link {
172  /** List of links */
173  struct list_head list;
174  /** Certificate */
175  struct x509_certificate *cert;
176  /** Flags */
177  unsigned int flags;
178 };
179 
180 /** X.509 certficate chain link flags */
181 enum x509_link_flags {
182  /** Cross-signed certificate download has been attempted
183  *
184  * This indicates that a cross-signature download attempt has
185  * been made to find a cross-signed issuer for this link's
186  * certificate.
187  */
188  X509_LINK_FL_CROSSED = 0x0001,
189  /** OCSP has been attempted
190  *
191  * This indicates that an OCSP attempt has been made using
192  * this link's certificate as an issuer. (We record the flag
193  * on the issuer rather than on the issued certificate, since
194  * we want to retry OCSP if an issuer is replaced with a
195  * downloaded cross-signed certificate.)
196  */
197  X509_LINK_FL_OCSPED = 0x0002,
198 };
199 
200 /** An X.509 certificate chain */
201 struct x509_chain {
202  /** Reference count */
203  struct refcnt refcnt;
204  /** List of links */
205  struct list_head links;
206  /** Mark certificate as found
207  *
208  * @v store Certificate store
209  * @v cert X.509 certificate
210  */
211  void ( * found ) ( struct x509_chain *store,
212  struct x509_certificate *cert );
213 };
214 
215 /** An X.509 certificate */
216 struct x509_certificate {
217  /** Reference count */
218  struct refcnt refcnt;
219 
220  /** Link in certificate store */
221  struct x509_link store;
222 
223  /** Flags */
224  unsigned int flags;
225  /** Root against which certificate has been validated (if any) */
226  struct x509_root *root;
227  /** Maximum number of subsequent certificates in chain */
228  unsigned int path_remaining;
229 
230  /** Raw certificate */
231  struct asn1_cursor raw;
232  /** Version */
233  unsigned int version;
234  /** Serial number */
235  struct x509_serial serial;
236  /** Raw tbsCertificate */
237  struct asn1_cursor tbs;
238  /** Signature algorithm */
239  struct asn1_algorithm *signature_algorithm;
240  /** Issuer */
241  struct x509_issuer issuer;
242  /** Validity */
243  struct x509_validity validity;
244  /** Subject */
245  struct x509_subject subject;
246  /** Signature */
247  struct x509_signature signature;
248  /** Extensions */
249  struct x509_extensions extensions;
250 };
251 
252 /** X.509 certificate flags */
253 enum x509_flags {
254  /** Certificate was added at build time */
255  X509_FL_PERMANENT = 0x0001,
256  /** Certificate was added explicitly at run time */
257  X509_FL_EXPLICIT = 0x0002,
258 };
259 
260 /**
261  * Get reference to X.509 certificate
262  *
263  * @v cert X.509 certificate
264  * @ret cert X.509 certificate
265  */
266 static inline __attribute__ (( always_inline )) struct x509_certificate *
267 x509_get ( struct x509_certificate *cert ) {
268  ref_get ( &cert->refcnt );
269  return cert;
270 }
271 
272 /**
273  * Drop reference to X.509 certificate
274  *
275  * @v cert X.509 certificate
276  */
277 static inline __attribute__ (( always_inline )) void
278 x509_put ( struct x509_certificate *cert ) {
279  ref_put ( &cert->refcnt );
280 }
281 
282 /**
283  * Get reference to X.509 certificate chain
284  *
285  * @v chain X.509 certificate chain
286  * @ret chain X.509 certificate chain
287  */
288 static inline __attribute__ (( always_inline )) struct x509_chain *
289 x509_chain_get ( struct x509_chain *chain ) {
290  ref_get ( &chain->refcnt );
291  return chain;
292 }
293 
294 /**
295  * Drop reference to X.509 certificate chain
296  *
297  * @v chain X.509 certificate chain
298  */
299 static inline __attribute__ (( always_inline )) void
300 x509_chain_put ( struct x509_chain *chain ) {
301  ref_put ( &chain->refcnt );
302 }
303 
304 /**
305  * Get first certificate in X.509 certificate chain
306  *
307  * @v chain X.509 certificate chain
308  * @ret cert X.509 certificate, or NULL
309  */
310 static inline __attribute__ (( always_inline )) struct x509_certificate *
311 x509_first ( struct x509_chain *chain ) {
312  struct x509_link *link;
313 
314  link = list_first_entry ( &chain->links, struct x509_link, list );
315  return ( link ? link->cert : NULL );
316 }
317 
318 /**
319  * Get last certificate in X.509 certificate chain
320  *
321  * @v chain X.509 certificate chain
322  * @ret cert X.509 certificate, or NULL
323  */
324 static inline __attribute__ (( always_inline )) struct x509_certificate *
325 x509_last ( struct x509_chain *chain ) {
326  struct x509_link *link;
327 
328  link = list_last_entry ( &chain->links, struct x509_link, list );
329  return ( link ? link->cert : NULL );
330 }
331 
332 /** An X.509 extension */
333 struct x509_extension {
334  /** Name */
335  const char *name;
336  /** Object identifier */
337  struct asn1_cursor oid;
338  /** Parse extension
339  *
340  * @v cert X.509 certificate
341  * @v raw ASN.1 cursor
342  * @ret rc Return status code
343  */
344  int ( * parse ) ( struct x509_certificate *cert,
345  const struct asn1_cursor *raw );
346 };
347 
348 /** An X.509 key purpose */
349 struct x509_key_purpose {
350  /** Name */
351  const char *name;
352  /** Object identifier */
353  struct asn1_cursor oid;
354  /** Extended key usage bits */
355  unsigned int bits;
356 };
357 
358 /** An X.509 access method */
359 struct x509_access_method {
360  /** Name */
361  const char *name;
362  /** Object identifier */
363  struct asn1_cursor oid;
364  /** Parse access method
365  *
366  * @v cert X.509 certificate
367  * @v raw ASN.1 cursor
368  * @ret rc Return status code
369  */
370  int ( * parse ) ( struct x509_certificate *cert,
371  const struct asn1_cursor *raw );
372 };
373 
374 /** An X.509 root certificate list */
375 struct x509_root {
376  /** Reference count */
377  struct refcnt refcnt;
378  /** Fingerprint digest algorithm */
379  struct digest_algorithm *digest;
380  /** Number of certificates */
381  unsigned int count;
382  /** Certificate fingerprints */
383  const void *fingerprints;
384 };
385 
386 /**
387  * Get reference to X.509 root certificate list
388  *
389  * @v root X.509 root certificate list
390  * @ret root X.509 root certificate list
391  */
392 static inline __attribute__ (( always_inline )) struct x509_root *
393 x509_root_get ( struct x509_root *root ) {
394  ref_get ( &root->refcnt );
395  return root;
396 }
397 
398 /**
399  * Drop reference to X.509 root certificate list
400  *
401  * @v root X.509 root certificate list
402  */
403 static inline __attribute__ (( always_inline )) void
404 x509_root_put ( struct x509_root *root ) {
405  ref_put ( &root->refcnt );
406 }
407 
408 /**
409  * Check if X.509 certificate is self-signed
410  *
411  * @v cert X.509 certificate
412  * @ret is_self_signed X.509 certificate is self-signed
413  */
414 static inline int x509_is_self_signed ( struct x509_certificate *cert ) {
415  return ( asn1_compare ( &cert->issuer.raw, &cert->subject.raw ) == 0 );
416 }
417 
418 extern const char * x509_name ( struct x509_certificate *cert );
419 extern int x509_parse ( struct x509_certificate *cert,
420  const struct asn1_cursor *raw );
421 extern int x509_certificate ( const void *data, size_t len,
422  struct x509_certificate **cert );
423 extern int x509_is_valid ( struct x509_certificate *cert,
424  struct x509_root *root );
425 extern void x509_set_valid ( struct x509_certificate *cert,
426  struct x509_certificate *issuer,
427  struct x509_root *root );
428 extern int x509_validate ( struct x509_certificate *cert,
429  struct x509_certificate *issuer,
430  time_t time, struct x509_root *root );
431 extern int x509_check_name ( struct x509_certificate *cert, const char *name );
432 
433 extern struct x509_chain * x509_alloc_chain ( void );
434 extern int x509_append ( struct x509_chain *chain,
435  struct x509_certificate *cert );
436 extern int x509_append_raw ( struct x509_chain *chain, const void *data,
437  size_t len );
438 extern void x509_truncate ( struct x509_chain *chain, struct x509_link *link );
439 extern struct x509_certificate * x509_find ( struct x509_chain *store,
440  const struct asn1_cursor *raw );
441 extern struct x509_certificate *
442 x509_find_subject ( struct x509_chain *store,
443  const struct asn1_cursor *subject );
444 extern struct x509_certificate *
445 x509_find_issuer_serial ( struct x509_chain *store,
446  const struct asn1_cursor *issuer,
447  const struct asn1_cursor *serial );
448 extern struct x509_certificate * x509_find_key ( struct x509_chain *store,
449  struct private_key *key );
450 extern int x509_auto_append ( struct x509_chain *chain,
451  struct x509_chain *store );
452 extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
453  struct x509_chain *store,
454  struct x509_root *root );
455 extern int image_x509 ( struct image *image, size_t offset,
456  struct x509_certificate **cert );
457 
458 /* Functions exposed only for unit testing */
459 extern int x509_check_issuer ( struct x509_certificate *cert,
460  struct x509_certificate *issuer );
461 extern void x509_fingerprint ( struct x509_certificate *cert,
462  struct digest_algorithm *digest,
463  void *fingerprint );
464 extern int x509_check_root ( struct x509_certificate *cert,
465  struct x509_root *root );
466 extern int x509_check_time ( struct x509_certificate *cert, time_t time );
467 
468 /**
469  * Invalidate X.509 certificate
470  *
471  * @v cert X.509 certificate
472  */
473 static inline void x509_invalidate ( struct x509_certificate *cert ) {
474  x509_root_put ( cert->root );
475  cert->root = NULL;
476  cert->path_remaining = 0;
477 }
478 
479 /**
480  * Invalidate X.509 certificate chain
481  *
482  * @v chain X.509 certificate chain
483  */
484 static inline void x509_invalidate_chain ( struct x509_chain *chain ) {
485  struct x509_link *link;
486 
487  list_for_each_entry ( link, &chain->links, list )
488  x509_invalidate ( link->cert );
489 }
490 
491 #endif /* _IPXE_X509_H */
x509_key_usage_bits
x509_key_usage_bits
X.509 certificate key usage bits.
Definition: x509.h:101
x509_chain_put
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
Definition: x509.h:300
x509_access_method::name
const char * name
Name.
Definition: x509.h:361
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
x509_validate
int x509_validate(struct x509_certificate *cert, struct x509_certificate *issuer, time_t time, struct x509_root *root)
Validate X.509 certificate.
Definition: x509.c:1366
asn1_algorithm
An ASN.1 OID-identified algorithm.
Definition: asn1.h:408
x509_public_key::raw
struct asn1_cursor raw
Raw public key information.
Definition: x509.h:52
name
const char * name
Definition: ath9k_hw.c:1986
x509_extensions::ext_usage
struct x509_extended_key_usage ext_usage
Extended key usage.
Definition: x509.h:163
x509_issuer::raw
struct asn1_cursor raw
Raw issuer.
Definition: x509.h:32
x509_certificate::path_remaining
unsigned int path_remaining
Maximum number of subsequent certificates in chain.
Definition: x509.h:228
x509_chain_get
static struct x509_chain * x509_chain_get(struct x509_chain *chain)
Get reference to X.509 certificate chain.
Definition: x509.h:289
x509_general_name_types
x509_general_name_types
X.509 certificate general name types.
Definition: x509.h:150
asn1_compare
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
Definition: asn1.c:458
x509_subject_alt_name::names
struct asn1_cursor names
Names.
Definition: x509.h:146
ASN1_IMPLICIT_TAG
#define ASN1_IMPLICIT_TAG(number)
ASN.1 implicit tag.
Definition: asn1.h:96
x509_get
static struct x509_certificate * x509_get(struct x509_certificate *cert)
Get reference to X.509 certificate.
Definition: x509.h:267
x509_basic_constraints::path_len
unsigned int path_len
Path length.
Definition: x509.h:82
x509_signature::value
struct asn1_cursor value
Signature value.
Definition: x509.h:74
x509_basic_constraints
An X.509 certificate basic constraints set.
Definition: x509.h:78
x509_certificate::refcnt
struct refcnt refcnt
Reference count.
Definition: x509.h:218
x509_extended_key_usage_bits
x509_extended_key_usage_bits
X.509 certificate extended key usage bits.
Definition: x509.h:124
x509_ocsp_responder::good
int good
OCSP status is good.
Definition: x509.h:134
root
struct stp_switch root
Root switch.
Definition: stp.h:27
x509_extended_key_usage::bits
unsigned int bits
Usage bits.
Definition: x509.h:116
x509_check_root
int x509_check_root(struct x509_certificate *cert, struct x509_root *root)
Check X.509 root certificate.
Definition: x509.c:1255
x509_chain::links
struct list_head links
List of links.
Definition: x509.h:205
x509_name
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
Definition: x509.c:147
x509_link::list
struct list_head list
List of links.
Definition: x509.h:173
x509_certificate::issuer
struct x509_issuer issuer
Issuer.
Definition: x509.h:241
x509_key_purpose::name
const char * name
Name.
Definition: x509.h:351
x509_check_time
int x509_check_time(struct x509_certificate *cert, time_t time)
Check X.509 certificate validity period.
Definition: x509.c:1287
x509_certificate::signature_algorithm
struct asn1_algorithm * signature_algorithm
Signature algorithm.
Definition: x509.h:239
x509_extension::oid
struct asn1_cursor oid
Object identifier.
Definition: x509.h:337
x509_link_flags
x509_link_flags
X.509 certficate chain link flags.
Definition: x509.h:181
x509_root_put
static void x509_root_put(struct x509_root *root)
Drop reference to X.509 root certificate list.
Definition: x509.h:404
x509_link::cert
struct x509_certificate * cert
Certificate.
Definition: x509.h:175
x509_signature::algorithm
struct asn1_algorithm * algorithm
Signature algorithm.
Definition: x509.h:72
x509_serial::raw
struct asn1_cursor raw
Raw serial number.
Definition: x509.h:26
x509_key_purpose::oid
struct asn1_cursor oid
Object identifier.
Definition: x509.h:353
x509_find_key
struct x509_certificate * x509_find_key(struct x509_chain *store, struct private_key *key)
Identify X.509 certificate by corresponding public key.
Definition: x509.c:1835
image
An executable image.
Definition: image.h:24
x509_fingerprint
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition: x509.c:1237
x509_time::time
time_t time
Seconds since the Epoch.
Definition: x509.h:38
image_x509
int image_x509(struct image *image, size_t offset, struct x509_certificate **cert)
Extract X.509 certificate object from image.
Definition: x509.c:1961
list_last_entry
#define list_last_entry(list, type, member)
Get the container of the last entry in a list.
Definition: list.h:347
x509_certificate::flags
unsigned int flags
Flags.
Definition: x509.h:224
x509_key_purpose
An X.509 key purpose.
Definition: x509.h:349
list_head
A doubly-linked list entry (or list head)
Definition: list.h:19
x509_key_usage::present
int present
Key usage extension is present.
Definition: x509.h:95
refcnt
A reference counter.
Definition: refcnt.h:27
x509_find_issuer_serial
struct x509_certificate * x509_find_issuer_serial(struct x509_chain *store, const struct asn1_cursor *issuer, const struct asn1_cursor *serial)
Identify X.509 certificate by issuer and serial number.
Definition: x509.c:1805
x509_ocsp_responder
X.509 certificate OCSP responder.
Definition: x509.h:130
x509_find_subject
struct x509_certificate * x509_find_subject(struct x509_chain *store, const struct asn1_cursor *subject)
Identify X.509 certificate by subject.
Definition: x509.c:1775
list_first_entry
#define list_first_entry(list, type, member)
Get the container of the first entry in a list.
Definition: list.h:334
x509_is_self_signed
static int x509_is_self_signed(struct x509_certificate *cert)
Check if X.509 certificate is self-signed.
Definition: x509.h:414
x509_chain
An X.509 certificate chain.
Definition: x509.h:201
x509_check_name
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
Definition: x509.c:1564
x509_check_issuer
int x509_check_issuer(struct x509_certificate *cert, struct x509_certificate *issuer)
Check X.509 certificate against issuer certificate.
Definition: x509.c:1177
x509_validity::not_before
struct x509_time not_before
Not valid before.
Definition: x509.h:44
x509_certificate::root
struct x509_root * root
Root against which certificate has been validated (if any)
Definition: x509.h:226
asn1.h
ASN.1 encoding.
x509_certificate::signature
struct x509_signature signature
Signature.
Definition: x509.h:247
list_for_each_entry
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
Definition: list.h:432
x509_alloc_chain
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
Definition: x509.c:1615
x509_set_valid
void x509_set_valid(struct x509_certificate *cert, struct x509_certificate *issuer, struct x509_root *root)
Set X.509 certificate as validated.
Definition: x509.c:1329
len
ring len
Length.
Definition: dwmac.h:231
x509_root::digest
struct digest_algorithm * digest
Fingerprint digest algorithm.
Definition: x509.h:379
link
u32 link
Link to next descriptor.
Definition: ar9003_mac.h:25
x509_is_valid
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
Definition: x509.c:1313
x509_root_get
static struct x509_root * x509_root_get(struct x509_root *root)
Get reference to X.509 root certificate list.
Definition: x509.h:393
x509_public_key
An X.509 certificate public key.
Definition: x509.h:50
x509_authority_info_access
X.509 certificate authority information access.
Definition: x509.h:138
x509_extensions::auth_info
struct x509_authority_info_access auth_info
Authority information access.
Definition: x509.h:165
x509_subject::public_key
struct x509_public_key public_key
Public key information.
Definition: x509.h:66
list.h
Linked lists.
x509_link
A link in an X.509 certificate chain.
Definition: x509.h:171
x509_last
static struct x509_certificate * x509_last(struct x509_chain *chain)
Get last certificate in X.509 certificate chain.
Definition: x509.h:325
x509_certificate
An X.509 certificate.
Definition: x509.h:216
x509_certificate::serial
struct x509_serial serial
Serial number.
Definition: x509.h:235
x509_public_key::value
struct asn1_cursor value
Public key value.
Definition: x509.h:56
X509_LINK_FL_OCSPED
OCSP has been attempted.
Definition: x509.h:197
x509_certificate::subject
struct x509_subject subject
Subject.
Definition: x509.h:245
x509_basic_constraints::ca
int ca
Subject is a CA.
Definition: x509.h:80
ref_get
#define ref_get(refcnt)
Get additional reference to object.
Definition: refcnt.h:93
x509_public_key::algorithm
struct asn1_algorithm * algorithm
Public key algorithm.
Definition: x509.h:54
x509_issuer
An X.509 issuer.
Definition: x509.h:30
serial
uint64_t serial
Serial number.
Definition: edd.h:31
x509_key_usage
An X.509 certificate key usage.
Definition: x509.h:93
x509_validity
An X.509 certificate validity period.
Definition: x509.h:42
x509_subject::raw
struct asn1_cursor raw
Raw subject.
Definition: x509.h:62
x509_extension::name
const char * name
Name.
Definition: x509.h:335
x509_key_purpose::bits
unsigned int bits
Extended key usage bits.
Definition: x509.h:355
x509_access_method::parse
int(* parse)(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse access method.
Definition: x509.h:370
x509_link::flags
unsigned int flags
Flags.
Definition: x509.h:177
X509_FL_PERMANENT
Certificate was added at build time.
Definition: x509.h:255
x509_root
An X.509 root certificate list.
Definition: x509.h:375
x509_certificate::validity
struct x509_validity validity
Validity.
Definition: x509.h:243
x509_subject::common_name
struct asn1_cursor common_name
Common name.
Definition: x509.h:64
x509_parse
int x509_parse(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse X.509 certificate from ASN.1 data.
Definition: x509.c:1008
x509_extensions::alt_name
struct x509_subject_alt_name alt_name
Subject alternative name.
Definition: x509.h:167
x509_serial
An X.509 serial number.
Definition: x509.h:24
x509_time
An X.509 time.
Definition: x509.h:36
x509_validate_chain
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
Definition: x509.c:1908
x509_extended_key_usage
An X.509 certificate extended key usage.
Definition: x509.h:114
x509_certificate
int x509_certificate(const void *data, size_t len, struct x509_certificate **cert)
Create X.509 certificate.
Definition: x509.c:1074
x509_subject
An X.509 certificate subject.
Definition: x509.h:60
x509_key_usage::bits
unsigned int bits
Usage bits.
Definition: x509.h:97
x509_auto_append
int x509_auto_append(struct x509_chain *chain, struct x509_chain *store)
Append X.509 certificates to X.509 certificate chain.
Definition: x509.c:1868
x509_certificate::version
unsigned int version
Version.
Definition: x509.h:233
x509_put
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
Definition: x509.h:278
x509_first
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
Definition: x509.h:311
x509_root::count
unsigned int count
Number of certificates.
Definition: x509.h:381
x509_certificate::tbs
struct asn1_cursor tbs
Raw tbsCertificate.
Definition: x509.h:237
digest_algorithm
A message digest algorithm.
Definition: crypto.h:19
refcnt.h
Reference counting.
x509_subject_alt_name
X.509 certificate subject alternative name.
Definition: x509.h:144
x509_certificate::store
struct x509_link store
Link in certificate store.
Definition: x509.h:221
data
uint8_t data[48]
Additional event data.
Definition: ena.h:22
private_key
A private key.
Definition: privkey.h:17
x509_find
struct x509_certificate * x509_find(struct x509_chain *store, const struct asn1_cursor *raw)
Identify X.509 certificate by raw certificate data.
Definition: x509.c:1746
x509_validity::not_after
struct x509_time not_after
Not valid after.
Definition: x509.h:46
x509_invalidate_chain
static void x509_invalidate_chain(struct x509_chain *chain)
Invalidate X.509 certificate chain.
Definition: x509.h:484
raw
__be32 raw[7]
Definition: CIB_PRM.h:28
x509_truncate
void x509_truncate(struct x509_chain *chain, struct x509_link *link)
Truncate X.509 certificate chain.
Definition: x509.c:1704
uri
A Uniform Resource Identifier.
Definition: uri.h:65
x509_access_method::oid
struct asn1_cursor oid
Object identifier.
Definition: x509.h:363
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
x509_root::fingerprints
const void * fingerprints
Certificate fingerprints.
Definition: x509.h:383
x509_extensions
An X.509 certificate extensions set.
Definition: x509.h:157
offset
uint16_t offset
Offset to command line.
Definition: bzimage.h:8
x509_certificate::raw
struct asn1_cursor raw
Raw certificate.
Definition: x509.h:231
x509_extensions::usage
struct x509_key_usage usage
Key usage.
Definition: x509.h:161
time_t
int64_t time_t
Seconds since the Epoch.
Definition: time.h:19
time.h
Time source.
x509_extension::parse
int(* parse)(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse extension.
Definition: x509.h:344
x509_chain::found
void(* found)(struct x509_chain *store, struct x509_certificate *cert)
Mark certificate as found.
Definition: x509.h:211
x509_append_raw
int x509_append_raw(struct x509_chain *chain, const void *data, size_t len)
Append X.509 certificate to X.509 certificate chain.
Definition: x509.c:1674
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:322
x509_authority_info_access::ocsp
struct x509_ocsp_responder ocsp
OCSP responder.
Definition: x509.h:140
X509_FL_EXPLICIT
Certificate was added explicitly at run time.
Definition: x509.h:257
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:21
x509_extensions::basic
struct x509_basic_constraints basic
Basic constraints.
Definition: x509.h:159
key
union @391 key
Sense key.
Definition: scsi.h:18
x509_chain::refcnt
struct refcnt refcnt
Reference count.
Definition: x509.h:203
X509_LINK_FL_CROSSED
Cross-signed certificate download has been attempted.
Definition: x509.h:188
x509_append
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
Definition: x509.c:1638
x509_certificate::extensions
struct x509_extensions extensions
Extensions.
Definition: x509.h:249
ref_put
#define ref_put(refcnt)
Drop reference to object.
Definition: refcnt.h:107
x509_flags
x509_flags
X.509 certificate flags.
Definition: x509.h:253
x509_invalidate
static void x509_invalidate(struct x509_certificate *cert)
Invalidate X.509 certificate.
Definition: x509.h:473
x509_signature
An X.509 certificate signature.
Definition: x509.h:70
x509_extension
An X.509 extension.
Definition: x509.h:333
FILE_SECBOOT
FILE_SECBOOT(PERMITTED)
x509_access_method
An X.509 access method.
Definition: x509.h:359
Generated by   doxygen 1.8.15