89 #define X509_PATH_LEN_UNLIMITED -2U x509_key_usage_bits
X.509 certificate key usage bits.
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
struct asn1_bit_string raw_bits
Raw public key bit string.
int x509_validate(struct x509_certificate *cert, struct x509_certificate *issuer, time_t time, struct x509_root *root)
Validate X.509 certificate.
An ASN.1 OID-identified algorithm.
struct asn1_cursor raw
Raw public key information.
struct x509_extended_key_usage ext_usage
Extended key usage.
struct asn1_cursor raw
Raw issuer.
unsigned int path_remaining
Maximum number of subsequent certificates in chain.
static struct x509_chain * x509_chain_get(struct x509_chain *chain)
Get reference to X.509 certificate chain.
x509_general_name_types
X.509 certificate general name types.
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
struct asn1_cursor names
Names.
#define ASN1_IMPLICIT_TAG(number)
ASN.1 implicit tag.
static struct x509_certificate * x509_get(struct x509_certificate *cert)
Get reference to X.509 certificate.
unsigned int path_len
Path length.
An X.509 certificate basic constraints set.
struct refcnt refcnt
Reference count.
x509_extended_key_usage_bits
X.509 certificate extended key usage bits.
int good
OCSP status is good.
struct stp_switch root
Root switch.
unsigned int bits
Usage bits.
int x509_check_root(struct x509_certificate *cert, struct x509_root *root)
Check X.509 root certificate.
struct list_head links
List of links.
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
struct list_head list
List of links.
struct x509_issuer issuer
Issuer.
int x509_check_time(struct x509_certificate *cert, time_t time)
Check X.509 certificate validity period.
struct asn1_algorithm * signature_algorithm
Signature algorithm.
struct asn1_cursor oid
Object identifier.
x509_link_flags
X.509 certficate chain link flags.
static void x509_root_put(struct x509_root *root)
Drop reference to X.509 root certificate list.
struct x509_certificate * cert
Certificate.
struct asn1_algorithm * algorithm
Signature algorithm.
struct asn1_cursor raw
Raw serial number.
struct asn1_cursor oid
Object identifier.
struct x509_certificate * x509_find_key(struct x509_chain *store, struct private_key *key)
Identify X.509 certificate by corresponding public key.
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
time_t time
Seconds since the Epoch.
int image_x509(struct image *image, size_t offset, struct x509_certificate **cert)
Extract X.509 certificate object from image.
#define list_last_entry(list, type, member)
Get the container of the last entry in a list.
A doubly-linked list entry (or list head)
int present
Key usage extension is present.
struct x509_certificate * x509_find_issuer_serial(struct x509_chain *store, const struct asn1_cursor *issuer, const struct asn1_cursor *serial)
Identify X.509 certificate by issuer and serial number.
X.509 certificate OCSP responder.
struct x509_certificate * x509_find_subject(struct x509_chain *store, const struct asn1_cursor *subject)
Identify X.509 certificate by subject.
#define list_first_entry(list, type, member)
Get the container of the first entry in a list.
static int x509_is_self_signed(struct x509_certificate *cert)
Check if X.509 certificate is self-signed.
An X.509 certificate chain.
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
int x509_check_issuer(struct x509_certificate *cert, struct x509_certificate *issuer)
Check X.509 certificate against issuer certificate.
struct x509_time not_before
Not valid before.
struct x509_root * root
Root against which certificate has been validated (if any)
struct x509_signature signature
Signature.
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
struct digest_algorithm * digest
Fingerprint digest algorithm.
u32 link
Link to next descriptor.
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
static struct x509_root * x509_root_get(struct x509_root *root)
Get reference to X.509 root certificate list.
An X.509 certificate public key.
X.509 certificate authority information access.
struct x509_authority_info_access auth_info
Authority information access.
struct x509_public_key public_key
Public key information.
A link in an X.509 certificate chain.
static struct x509_certificate * x509_last(struct x509_chain *chain)
Get last certificate in X.509 certificate chain.
struct x509_serial serial
Serial number.
struct x509_subject subject
Subject.
#define ref_get(refcnt)
Get additional reference to object.
struct asn1_algorithm * algorithm
Public key algorithm.
uint64_t serial
Serial number.
struct asn1_bit_string value
Signature value.
An X.509 certificate key usage.
An X.509 certificate validity period.
struct asn1_cursor raw
Raw subject.
unsigned int bits
Extended key usage bits.
int(* parse)(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse access method.
Certificate was added at build time.
An X.509 root certificate list.
struct x509_validity validity
Validity.
struct asn1_cursor common_name
Common name.
int x509_parse(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse X.509 certificate from ASN.1 data.
struct x509_subject_alt_name alt_name
Subject alternative name.
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
An X.509 certificate extended key usage.
int x509_certificate(const void *data, size_t len, struct x509_certificate **cert)
Create X.509 certificate.
An X.509 certificate subject.
unsigned int bits
Usage bits.
int x509_auto_append(struct x509_chain *chain, struct x509_chain *store)
Append X.509 certificates to X.509 certificate chain.
unsigned int version
Version.
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
unsigned int count
Number of certificates.
struct asn1_cursor tbs
Raw tbsCertificate.
A message digest algorithm.
X.509 certificate subject alternative name.
struct x509_link store
Link in certificate store.
uint8_t data[48]
Additional event data.
struct x509_certificate * x509_find(struct x509_chain *store, const struct asn1_cursor *raw)
Identify X.509 certificate by raw certificate data.
struct x509_time not_after
Not valid after.
static void x509_invalidate_chain(struct x509_chain *chain)
Invalidate X.509 certificate chain.
void x509_truncate(struct x509_chain *chain, struct x509_link *link)
Truncate X.509 certificate chain.
A Uniform Resource Identifier.
uint16_t offset
Offset to command line.
struct asn1_cursor oid
Object identifier.
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
const void * fingerprints
Certificate fingerprints.
An X.509 certificate extensions set.
struct asn1_cursor raw
Raw certificate.
struct x509_key_usage usage
Key usage.
int64_t time_t
Seconds since the Epoch.
int(* parse)(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse extension.
void(* found)(struct x509_chain *store, struct x509_certificate *cert)
Mark certificate as found.
int x509_append_raw(struct x509_chain *chain, const void *data, size_t len)
Append X.509 certificate to X.509 certificate chain.
#define NULL
NULL pointer (VOID *)
struct x509_ocsp_responder ocsp
OCSP responder.
Certificate was added explicitly at run time.
struct x509_basic_constraints basic
Basic constraints.
struct refcnt refcnt
Reference count.
Cross-signed certificate download has been attempted.
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
struct x509_extensions extensions
Extensions.
#define ref_put(refcnt)
Drop reference to object.
x509_flags
X.509 certificate flags.
static void x509_invalidate(struct x509_certificate *cert)
Invalidate X.509 certificate.
An X.509 certificate signature.