iPXE
x509.h
Go to the documentation of this file.
1#ifndef _IPXE_X509_H
2#define _IPXE_X509_H
3
4/** @file
5 *
6 * X.509 certificates
7 *
8 */
9
10FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11FILE_SECBOOT ( PERMITTED );
12
13#include <stdint.h>
14#include <stddef.h>
15#include <time.h>
16#include <ipxe/asn1.h>
17#include <ipxe/refcnt.h>
18#include <ipxe/list.h>
19
20struct image;
21struct private_key;
22
23/** An X.509 serial number */
24struct x509_serial {
25 /** Raw serial number */
26 struct asn1_cursor raw;
27};
28
29/** An X.509 issuer */
30struct x509_issuer {
31 /** Raw issuer */
32 struct asn1_cursor raw;
33};
34
35/** An X.509 time */
36struct x509_time {
37 /** Seconds since the Epoch */
38 time_t time;
39};
40
41/** An X.509 certificate validity period */
42struct x509_validity {
43 /** Not valid before */
44 struct x509_time not_before;
45 /** Not valid after */
46 struct x509_time not_after;
47};
48
49/** An X.509 certificate public key */
50struct x509_public_key {
51 /** Raw public key information */
52 struct asn1_cursor raw;
53 /** Public key algorithm */
54 struct asn1_algorithm *algorithm;
55 /** Public key value */
56 struct asn1_cursor value;
57};
58
59/** An X.509 certificate subject */
60struct x509_subject {
61 /** Raw subject */
62 struct asn1_cursor raw;
63 /** Common name */
64 struct asn1_cursor common_name;
65 /** Public key information */
66 struct x509_public_key public_key;
67};
68
69/** An X.509 certificate signature */
70struct x509_signature {
71 /** Signature algorithm */
72 struct asn1_algorithm *algorithm;
73 /** Signature value */
74 struct asn1_cursor value;
75};
76
77/** An X.509 certificate basic constraints set */
78struct x509_basic_constraints {
79 /** Subject is a CA */
80 int ca;
81 /** Path length */
82 unsigned int path_len;
83};
84
85/** Unlimited path length
86 *
87 * We use -2U, since this quantity represents one *fewer* than the
88 * maximum number of remaining certificates in a chain.
89 */
90#define X509_PATH_LEN_UNLIMITED -2U
91
92/** An X.509 certificate key usage */
93struct x509_key_usage {
94 /** Key usage extension is present */
95 int present;
96 /** Usage bits */
97 unsigned int bits;
98};
99
100/** X.509 certificate key usage bits */
112
113/** An X.509 certificate extended key usage */
114struct x509_extended_key_usage {
115 /** Usage bits */
116 unsigned int bits;
117};
118
119/** X.509 certificate extended key usage bits
120 *
121 * Extended key usages are identified by OID; these bits are purely an
122 * internal definition.
123 */
128
129/** X.509 certificate OCSP responder */
130struct x509_ocsp_responder {
131 /** URI */
132 struct asn1_cursor uri;
133 /** OCSP status is good */
134 int good;
135};
136
137/** X.509 certificate authority information access */
138struct x509_authority_info_access {
139 /** OCSP responder */
140 struct x509_ocsp_responder ocsp;
141};
142
143/** X.509 certificate subject alternative name */
144struct x509_subject_alt_name {
145 /** Names */
146 struct asn1_cursor names;
147};
148
149/** X.509 certificate general name types */
155
156/** An X.509 certificate extensions set */
157struct x509_extensions {
158 /** Basic constraints */
159 struct x509_basic_constraints basic;
160 /** Key usage */
161 struct x509_key_usage usage;
162 /** Extended key usage */
163 struct x509_extended_key_usage ext_usage;
164 /** Authority information access */
165 struct x509_authority_info_access auth_info;
166 /** Subject alternative name */
167 struct x509_subject_alt_name alt_name;
168};
169
170/** A link in an X.509 certificate chain */
171struct x509_link {
172 /** List of links */
173 struct list_head list;
174 /** Certificate */
175 struct x509_certificate *cert;
176 /** Flags */
177 unsigned int flags;
178};
179
180/** X.509 certficate chain link flags */
181enum x509_link_flags {
182 /** Cross-signed certificate download has been attempted
183 *
184 * This indicates that a cross-signature download attempt has
185 * been made to find a cross-signed issuer for this link's
186 * certificate.
187 */
188 X509_LINK_FL_CROSSED = 0x0001,
189 /** OCSP has been attempted
190 *
191 * This indicates that an OCSP attempt has been made using
192 * this link's certificate as an issuer. (We record the flag
193 * on the issuer rather than on the issued certificate, since
194 * we want to retry OCSP if an issuer is replaced with a
195 * downloaded cross-signed certificate.)
196 */
197 X509_LINK_FL_OCSPED = 0x0002,
198};
199
200/** An X.509 certificate chain */
201struct x509_chain {
202 /** Reference count */
203 struct refcnt refcnt;
204 /** List of links */
205 struct list_head links;
206 /** Mark certificate as found
207 *
208 * @v store Certificate store
209 * @v cert X.509 certificate
210 */
211 void ( * found ) ( struct x509_chain *store,
212 struct x509_certificate *cert );
213};
214
215/** An X.509 certificate */
216struct x509_certificate {
217 /** Reference count */
218 struct refcnt refcnt;
219
220 /** Link in certificate store */
221 struct x509_link store;
222
223 /** Flags */
224 unsigned int flags;
225 /** Root against which certificate has been validated (if any) */
226 struct x509_root *root;
227 /** Maximum number of subsequent certificates in chain */
228 unsigned int path_remaining;
229
230 /** Raw certificate */
231 struct asn1_cursor raw;
232 /** Version */
233 unsigned int version;
234 /** Serial number */
235 struct x509_serial serial;
236 /** Raw tbsCertificate */
237 struct asn1_cursor tbs;
238 /** Signature algorithm */
239 struct asn1_algorithm *signature_algorithm;
240 /** Issuer */
241 struct x509_issuer issuer;
242 /** Validity */
243 struct x509_validity validity;
244 /** Subject */
245 struct x509_subject subject;
246 /** Signature */
247 struct x509_signature signature;
248 /** Extensions */
249 struct x509_extensions extensions;
250};
251
252/** X.509 certificate flags */
253enum x509_flags {
254 /** Certificate was added at build time */
255 X509_FL_PERMANENT = 0x0001,
256 /** Certificate was added explicitly at run time */
257 X509_FL_EXPLICIT = 0x0002,
258};
259
260/**
261 * Get reference to X.509 certificate
262 *
263 * @v cert X.509 certificate
264 * @ret cert X.509 certificate
265 */
266static inline __attribute__ (( always_inline )) struct x509_certificate *
267x509_get ( struct x509_certificate *cert ) {
268 ref_get ( &cert->refcnt );
269 return cert;
270}
271
272/**
273 * Drop reference to X.509 certificate
274 *
275 * @v cert X.509 certificate
276 */
277static inline __attribute__ (( always_inline )) void
278x509_put ( struct x509_certificate *cert ) {
279 ref_put ( &cert->refcnt );
280}
281
282/**
283 * Get reference to X.509 certificate chain
284 *
285 * @v chain X.509 certificate chain
286 * @ret chain X.509 certificate chain
287 */
288static inline __attribute__ (( always_inline )) struct x509_chain *
289x509_chain_get ( struct x509_chain *chain ) {
290 ref_get ( &chain->refcnt );
291 return chain;
292}
293
294/**
295 * Drop reference to X.509 certificate chain
296 *
297 * @v chain X.509 certificate chain
298 */
299static inline __attribute__ (( always_inline )) void
300x509_chain_put ( struct x509_chain *chain ) {
301 ref_put ( &chain->refcnt );
302}
303
304/**
305 * Get first certificate in X.509 certificate chain
306 *
307 * @v chain X.509 certificate chain
308 * @ret cert X.509 certificate, or NULL
309 */
310static inline __attribute__ (( always_inline )) struct x509_certificate *
311x509_first ( struct x509_chain *chain ) {
312 struct x509_link *link;
313
314 link = list_first_entry ( &chain->links, struct x509_link, list );
315 return ( link ? link->cert : NULL );
316}
317
318/**
319 * Get last certificate in X.509 certificate chain
320 *
321 * @v chain X.509 certificate chain
322 * @ret cert X.509 certificate, or NULL
323 */
324static inline __attribute__ (( always_inline )) struct x509_certificate *
325x509_last ( struct x509_chain *chain ) {
326 struct x509_link *link;
327
328 link = list_last_entry ( &chain->links, struct x509_link, list );
329 return ( link ? link->cert : NULL );
330}
331
332/** An X.509 extension */
333struct x509_extension {
334 /** Name */
335 const char *name;
336 /** Object identifier */
337 struct asn1_cursor oid;
338 /** Parse extension
339 *
340 * @v cert X.509 certificate
341 * @v raw ASN.1 cursor
342 * @ret rc Return status code
343 */
344 int ( * parse ) ( struct x509_certificate *cert,
345 const struct asn1_cursor *raw );
346};
347
348/** An X.509 key purpose */
349struct x509_key_purpose {
350 /** Name */
351 const char *name;
352 /** Object identifier */
353 struct asn1_cursor oid;
354 /** Extended key usage bits */
355 unsigned int bits;
356};
357
358/** An X.509 access method */
359struct x509_access_method {
360 /** Name */
361 const char *name;
362 /** Object identifier */
363 struct asn1_cursor oid;
364 /** Parse access method
365 *
366 * @v cert X.509 certificate
367 * @v raw ASN.1 cursor
368 * @ret rc Return status code
369 */
370 int ( * parse ) ( struct x509_certificate *cert,
371 const struct asn1_cursor *raw );
372};
373
374/** An X.509 root certificate list */
375struct x509_root {
376 /** Reference count */
377 struct refcnt refcnt;
378 /** Fingerprint digest algorithm */
379 struct digest_algorithm *digest;
380 /** Number of certificates */
381 unsigned int count;
382 /** Certificate fingerprints */
383 const void *fingerprints;
384};
385
386/**
387 * Get reference to X.509 root certificate list
388 *
389 * @v root X.509 root certificate list
390 * @ret root X.509 root certificate list
391 */
392static inline __attribute__ (( always_inline )) struct x509_root *
393x509_root_get ( struct x509_root *root ) {
394 ref_get ( &root->refcnt );
395 return root;
396}
397
398/**
399 * Drop reference to X.509 root certificate list
400 *
401 * @v root X.509 root certificate list
402 */
403static inline __attribute__ (( always_inline )) void
404x509_root_put ( struct x509_root *root ) {
405 ref_put ( &root->refcnt );
406}
407
408/**
409 * Check if X.509 certificate is self-signed
410 *
411 * @v cert X.509 certificate
412 * @ret is_self_signed X.509 certificate is self-signed
413 */
414static inline int x509_is_self_signed ( struct x509_certificate *cert ) {
415 return ( asn1_compare ( &cert->issuer.raw, &cert->subject.raw ) == 0 );
416}
417
418extern const char * x509_name ( struct x509_certificate *cert );
419extern int x509_parse ( struct x509_certificate *cert,
420 const struct asn1_cursor *raw );
421extern int x509_certificate ( const void *data, size_t len,
422 struct x509_certificate **cert );
423extern int x509_is_valid ( struct x509_certificate *cert,
424 struct x509_root *root );
425extern void x509_set_valid ( struct x509_certificate *cert,
426 struct x509_certificate *issuer,
427 struct x509_root *root );
428extern int x509_validate ( struct x509_certificate *cert,
429 struct x509_certificate *issuer,
430 time_t time, struct x509_root *root );
431extern int x509_check_name ( struct x509_certificate *cert, const char *name );
432
433extern struct x509_chain * x509_alloc_chain ( void );
434extern int x509_append ( struct x509_chain *chain,
435 struct x509_certificate *cert );
436extern int x509_append_raw ( struct x509_chain *chain, const void *data,
437 size_t len );
438extern void x509_truncate ( struct x509_chain *chain, struct x509_link *link );
439extern struct x509_certificate * x509_find ( struct x509_chain *store,
440 const struct asn1_cursor *raw );
441extern struct x509_certificate *
442x509_find_subject ( struct x509_chain *store,
443 const struct asn1_cursor *subject );
444extern struct x509_certificate *
445x509_find_issuer_serial ( struct x509_chain *store,
446 const struct asn1_cursor *issuer,
447 const struct asn1_cursor *serial );
448extern struct x509_certificate * x509_find_key ( struct x509_chain *store,
449 struct private_key *key );
450extern int x509_auto_append ( struct x509_chain *chain,
451 struct x509_chain *store );
452extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
453 struct x509_chain *store,
454 struct x509_root *root );
455extern int image_x509 ( struct image *image, size_t offset,
456 struct x509_certificate **cert );
457
458/* Functions exposed only for unit testing */
459extern int x509_check_issuer ( struct x509_certificate *cert,
460 struct x509_certificate *issuer );
461extern void x509_fingerprint ( struct x509_certificate *cert,
462 struct digest_algorithm *digest,
463 void *fingerprint );
464extern int x509_check_root ( struct x509_certificate *cert,
465 struct x509_root *root );
466extern int x509_check_time ( struct x509_certificate *cert, time_t time );
467
468/**
469 * Invalidate X.509 certificate
470 *
471 * @v cert X.509 certificate
472 */
473static inline void x509_invalidate ( struct x509_certificate *cert ) {
474 x509_root_put ( cert->root );
475 cert->root = NULL;
476 cert->path_remaining = 0;
477}
478
479/**
480 * Invalidate X.509 certificate chain
481 *
482 * @v chain X.509 certificate chain
483 */
484static inline void x509_invalidate_chain ( struct x509_chain *chain ) {
485 struct x509_link *link;
486
487 list_for_each_entry ( link, &chain->links, list )
488 x509_invalidate ( link->cert );
489}
490
491#endif /* _IPXE_X509_H */
NULL
#define NULL
NULL pointer (VOID *)
Definition Base.h:322
key
union @162305117151260234136356364136041353210355154177 key
Sense key.
Definition scsi.h:3
raw
__be32 raw[7]
Definition CIB_PRM.h:0
link
u32 link
Link to next descriptor.
Definition ar9003_mac.h:1
asn1_compare
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
Definition asn1.c:458
asn1.h
ASN.1 encoding.
ASN1_IMPLICIT_TAG
#define ASN1_IMPLICIT_TAG(number)
ASN.1 implicit tag.
Definition asn1.h:96
name
const char * name
Definition ath9k_hw.c:1986
offset
uint16_t offset
Offset to command line.
Definition bzimage.h:3
len
ring len
Length.
Definition dwmac.h:226
serial
uint64_t serial
Serial number.
Definition edd.h:1
data
uint8_t data[48]
Additional event data.
Definition ena.h:11
FILE_LICENCE
#define FILE_LICENCE(_licence)
Declare a particular licence as applying to a file.
Definition compiler.h:896
FILE_SECBOOT
#define FILE_SECBOOT(_status)
Declare a file's UEFI Secure Boot permission status.
Definition compiler.h:926
__attribute__
#define __attribute__(x)
Definition compiler.h:10
time.h
Time source.
time_t
int64_t time_t
Seconds since the Epoch.
Definition time.h:19
list.h
Linked lists.
list_first_entry
#define list_first_entry(list, type, member)
Get the container of the first entry in a list.
Definition list.h:334
list_last_entry
#define list_last_entry(list, type, member)
Get the container of the last entry in a list.
Definition list.h:347
list_for_each_entry
#define list_for_each_entry(pos, head, member)
Iterate over entries in a list.
Definition list.h:432
refcnt.h
Reference counting.
ref_get
#define ref_get(refcnt)
Get additional reference to object.
Definition refcnt.h:93
ref_put
#define ref_put(refcnt)
Drop reference to object.
Definition refcnt.h:107
root
struct stp_switch root
Root switch.
Definition stp.h:15
asn1_algorithm
An ASN.1 OID-identified algorithm.
Definition asn1.h:408
asn1_cursor
An ASN.1 object cursor.
Definition asn1.h:21
digest_algorithm
A message digest algorithm.
Definition crypto.h:19
image
An executable image.
Definition image.h:24
list_head
A doubly-linked list entry (or list head)
Definition list.h:19
private_key
A private key.
Definition privkey.h:17
x509_access_method
An X.509 access method.
Definition x509.h:359
x509_access_method::parse
int(* parse)(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse access method.
Definition x509.h:370
x509_access_method::name
const char * name
Name.
Definition x509.h:361
x509_access_method::oid
struct asn1_cursor oid
Object identifier.
Definition x509.h:363
x509_authority_info_access
X.509 certificate authority information access.
Definition x509.h:138
x509_authority_info_access::ocsp
struct x509_ocsp_responder ocsp
OCSP responder.
Definition x509.h:140
x509_basic_constraints
An X.509 certificate basic constraints set.
Definition x509.h:78
x509_basic_constraints::ca
int ca
Subject is a CA.
Definition x509.h:80
x509_basic_constraints::path_len
unsigned int path_len
Path length.
Definition x509.h:82
x509_certificate
An X.509 certificate.
Definition x509.h:216
x509_certificate::serial
struct x509_serial serial
Serial number.
Definition x509.h:235
x509_certificate::subject
struct x509_subject subject
Subject.
Definition x509.h:245
x509_certificate::extensions
struct x509_extensions extensions
Extensions.
Definition x509.h:249
x509_certificate::flags
unsigned int flags
Flags.
Definition x509.h:224
x509_certificate::refcnt
struct refcnt refcnt
Reference count.
Definition x509.h:218
x509_certificate::store
struct x509_link store
Link in certificate store.
Definition x509.h:221
x509_certificate::root
struct x509_root * root
Root against which certificate has been validated (if any)
Definition x509.h:226
x509_certificate::signature
struct x509_signature signature
Signature.
Definition x509.h:247
x509_certificate::raw
struct asn1_cursor raw
Raw certificate.
Definition x509.h:231
x509_certificate::tbs
struct asn1_cursor tbs
Raw tbsCertificate.
Definition x509.h:237
x509_certificate::signature_algorithm
struct asn1_algorithm * signature_algorithm
Signature algorithm.
Definition x509.h:239
x509_certificate::path_remaining
unsigned int path_remaining
Maximum number of subsequent certificates in chain.
Definition x509.h:228
x509_certificate::validity
struct x509_validity validity
Validity.
Definition x509.h:243
x509_certificate::issuer
struct x509_issuer issuer
Issuer.
Definition x509.h:241
x509_certificate::version
unsigned int version
Version.
Definition x509.h:233
x509_chain
An X.509 certificate chain.
Definition x509.h:201
x509_chain::found
void(* found)(struct x509_chain *store, struct x509_certificate *cert)
Mark certificate as found.
Definition x509.h:211
x509_chain::refcnt
struct refcnt refcnt
Reference count.
Definition x509.h:203
x509_chain::links
struct list_head links
List of links.
Definition x509.h:205
x509_extended_key_usage
An X.509 certificate extended key usage.
Definition x509.h:114
x509_extended_key_usage::bits
unsigned int bits
Usage bits.
Definition x509.h:116
x509_extension
An X.509 extension.
Definition x509.h:333
x509_extension::oid
struct asn1_cursor oid
Object identifier.
Definition x509.h:337
x509_extension::parse
int(* parse)(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse extension.
Definition x509.h:344
x509_extension::name
const char * name
Name.
Definition x509.h:335
x509_extensions
An X.509 certificate extensions set.
Definition x509.h:157
x509_extensions::alt_name
struct x509_subject_alt_name alt_name
Subject alternative name.
Definition x509.h:167
x509_extensions::basic
struct x509_basic_constraints basic
Basic constraints.
Definition x509.h:159
x509_extensions::auth_info
struct x509_authority_info_access auth_info
Authority information access.
Definition x509.h:165
x509_extensions::usage
struct x509_key_usage usage
Key usage.
Definition x509.h:161
x509_extensions::ext_usage
struct x509_extended_key_usage ext_usage
Extended key usage.
Definition x509.h:163
x509_issuer
An X.509 issuer.
Definition x509.h:30
x509_issuer::raw
struct asn1_cursor raw
Raw issuer.
Definition x509.h:32
x509_key_purpose
An X.509 key purpose.
Definition x509.h:349
x509_key_purpose::oid
struct asn1_cursor oid
Object identifier.
Definition x509.h:353
x509_key_purpose::name
const char * name
Name.
Definition x509.h:351
x509_key_purpose::bits
unsigned int bits
Extended key usage bits.
Definition x509.h:355
x509_key_usage
An X.509 certificate key usage.
Definition x509.h:93
x509_key_usage::present
int present
Key usage extension is present.
Definition x509.h:95
x509_key_usage::bits
unsigned int bits
Usage bits.
Definition x509.h:97
x509_link
A link in an X.509 certificate chain.
Definition x509.h:171
x509_link::list
struct list_head list
List of links.
Definition x509.h:173
x509_link::flags
unsigned int flags
Flags.
Definition x509.h:177
x509_link::cert
struct x509_certificate * cert
Certificate.
Definition x509.h:175
x509_ocsp_responder
X.509 certificate OCSP responder.
Definition x509.h:130
x509_ocsp_responder::good
int good
OCSP status is good.
Definition x509.h:134
x509_ocsp_responder::uri
struct asn1_cursor uri
URI.
Definition x509.h:132
x509_public_key
An X.509 certificate public key.
Definition x509.h:50
x509_public_key::algorithm
struct asn1_algorithm * algorithm
Public key algorithm.
Definition x509.h:54
x509_public_key::value
struct asn1_cursor value
Public key value.
Definition x509.h:56
x509_public_key::raw
struct asn1_cursor raw
Raw public key information.
Definition x509.h:52
x509_root
An X.509 root certificate list.
Definition x509.h:375
x509_root::count
unsigned int count
Number of certificates.
Definition x509.h:381
x509_root::fingerprints
const void * fingerprints
Certificate fingerprints.
Definition x509.h:383
x509_root::digest
struct digest_algorithm * digest
Fingerprint digest algorithm.
Definition x509.h:379
x509_root::refcnt
struct refcnt refcnt
Reference count.
Definition x509.h:377
x509_serial
An X.509 serial number.
Definition x509.h:24
x509_serial::raw
struct asn1_cursor raw
Raw serial number.
Definition x509.h:26
x509_signature
An X.509 certificate signature.
Definition x509.h:70
x509_signature::algorithm
struct asn1_algorithm * algorithm
Signature algorithm.
Definition x509.h:72
x509_signature::value
struct asn1_cursor value
Signature value.
Definition x509.h:74
x509_subject_alt_name
X.509 certificate subject alternative name.
Definition x509.h:144
x509_subject_alt_name::names
struct asn1_cursor names
Names.
Definition x509.h:146
x509_subject
An X.509 certificate subject.
Definition x509.h:60
x509_subject::common_name
struct asn1_cursor common_name
Common name.
Definition x509.h:64
x509_subject::raw
struct asn1_cursor raw
Raw subject.
Definition x509.h:62
x509_subject::public_key
struct x509_public_key public_key
Public key information.
Definition x509.h:66
x509_time
An X.509 time.
Definition x509.h:36
x509_time::time
time_t time
Seconds since the Epoch.
Definition x509.h:38
x509_validity
An X.509 certificate validity period.
Definition x509.h:42
x509_validity::not_before
struct x509_time not_before
Not valid before.
Definition x509.h:44
x509_validity::not_after
struct x509_time not_after
Not valid after.
Definition x509.h:46
image_x509
int image_x509(struct image *image, size_t offset, struct x509_certificate **cert)
Extract X.509 certificate object from image.
Definition x509.c:1961
x509_validate
int x509_validate(struct x509_certificate *cert, struct x509_certificate *issuer, time_t time, struct x509_root *root)
Validate X.509 certificate.
Definition x509.c:1366
x509_first
static struct x509_certificate * x509_first(struct x509_chain *chain)
Get first certificate in X.509 certificate chain.
Definition x509.h:311
x509_find_subject
struct x509_certificate * x509_find_subject(struct x509_chain *store, const struct asn1_cursor *subject)
Identify X.509 certificate by subject.
Definition x509.c:1775
x509_chain_get
static struct x509_chain * x509_chain_get(struct x509_chain *chain)
Get reference to X.509 certificate chain.
Definition x509.h:289
x509_parse
int x509_parse(struct x509_certificate *cert, const struct asn1_cursor *raw)
Parse X.509 certificate from ASN.1 data.
Definition x509.c:1008
x509_check_root
int x509_check_root(struct x509_certificate *cert, struct x509_root *root)
Check X.509 root certificate.
Definition x509.c:1255
x509_root_get
static struct x509_root * x509_root_get(struct x509_root *root)
Get reference to X.509 root certificate list.
Definition x509.h:393
x509_check_issuer
int x509_check_issuer(struct x509_certificate *cert, struct x509_certificate *issuer)
Check X.509 certificate against issuer certificate.
Definition x509.c:1177
x509_get
static struct x509_certificate * x509_get(struct x509_certificate *cert)
Get reference to X.509 certificate.
Definition x509.h:267
x509_auto_append
int x509_auto_append(struct x509_chain *chain, struct x509_chain *store)
Append X.509 certificates to X.509 certificate chain.
Definition x509.c:1868
x509_is_valid
int x509_is_valid(struct x509_certificate *cert, struct x509_root *root)
Check if X.509 certificate is valid.
Definition x509.c:1313
x509_is_self_signed
static int x509_is_self_signed(struct x509_certificate *cert)
Check if X.509 certificate is self-signed.
Definition x509.h:414
x509_extended_key_usage_bits
x509_extended_key_usage_bits
X.509 certificate extended key usage bits.
Definition x509.h:124
X509_CODE_SIGNING
@ X509_CODE_SIGNING
Definition x509.h:125
X509_OCSP_SIGNING
@ X509_OCSP_SIGNING
Definition x509.h:126
x509_check_name
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
Definition x509.c:1564
x509_general_name_types
x509_general_name_types
X.509 certificate general name types.
Definition x509.h:150
X509_GENERAL_NAME_URI
@ X509_GENERAL_NAME_URI
Definition x509.h:152
X509_GENERAL_NAME_DNS
@ X509_GENERAL_NAME_DNS
Definition x509.h:151
X509_GENERAL_NAME_IP
@ X509_GENERAL_NAME_IP
Definition x509.h:153
x509_validate_chain
int x509_validate_chain(struct x509_chain *chain, time_t time, struct x509_chain *store, struct x509_root *root)
Validate X.509 certificate chain.
Definition x509.c:1908
x509_invalidate
static void x509_invalidate(struct x509_certificate *cert)
Invalidate X.509 certificate.
Definition x509.h:473
x509_link_flags
x509_link_flags
X.509 certficate chain link flags.
Definition x509.h:181
X509_LINK_FL_OCSPED
@ X509_LINK_FL_OCSPED
OCSP has been attempted.
Definition x509.h:197
X509_LINK_FL_CROSSED
@ X509_LINK_FL_CROSSED
Cross-signed certificate download has been attempted.
Definition x509.h:188
x509_truncate
void x509_truncate(struct x509_chain *chain, struct x509_link *link)
Truncate X.509 certificate chain.
Definition x509.c:1704
x509_alloc_chain
struct x509_chain * x509_alloc_chain(void)
Allocate X.509 certificate chain.
Definition x509.c:1615
x509_find
struct x509_certificate * x509_find(struct x509_chain *store, const struct asn1_cursor *raw)
Identify X.509 certificate by raw certificate data.
Definition x509.c:1746
x509_put
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
Definition x509.h:278
x509_name
const char * x509_name(struct x509_certificate *cert)
Get X.509 certificate display name.
Definition x509.c:147
x509_flags
x509_flags
X.509 certificate flags.
Definition x509.h:253
X509_FL_EXPLICIT
@ X509_FL_EXPLICIT
Certificate was added explicitly at run time.
Definition x509.h:257
X509_FL_PERMANENT
@ X509_FL_PERMANENT
Certificate was added at build time.
Definition x509.h:255
x509_last
static struct x509_certificate * x509_last(struct x509_chain *chain)
Get last certificate in X.509 certificate chain.
Definition x509.h:325
x509_fingerprint
void x509_fingerprint(struct x509_certificate *cert, struct digest_algorithm *digest, void *fingerprint)
Calculate X.509 certificate fingerprint.
Definition x509.c:1237
x509_find_key
struct x509_certificate * x509_find_key(struct x509_chain *store, struct private_key *key)
Identify X.509 certificate by corresponding public key.
Definition x509.c:1835
x509_certificate
int x509_certificate(const void *data, size_t len, struct x509_certificate **cert)
Create X.509 certificate.
Definition x509.c:1074
x509_invalidate_chain
static void x509_invalidate_chain(struct x509_chain *chain)
Invalidate X.509 certificate chain.
Definition x509.h:484
x509_root_put
static void x509_root_put(struct x509_root *root)
Drop reference to X.509 root certificate list.
Definition x509.h:404
x509_check_time
int x509_check_time(struct x509_certificate *cert, time_t time)
Check X.509 certificate validity period.
Definition x509.c:1287
x509_append_raw
int x509_append_raw(struct x509_chain *chain, const void *data, size_t len)
Append X.509 certificate to X.509 certificate chain.
Definition x509.c:1674
x509_find_issuer_serial
struct x509_certificate * x509_find_issuer_serial(struct x509_chain *store, const struct asn1_cursor *issuer, const struct asn1_cursor *serial)
Identify X.509 certificate by issuer and serial number.
Definition x509.c:1805
x509_chain_put
static void x509_chain_put(struct x509_chain *chain)
Drop reference to X.509 certificate chain.
Definition x509.h:300
x509_append
int x509_append(struct x509_chain *chain, struct x509_certificate *cert)
Append X.509 certificate to X.509 certificate chain.
Definition x509.c:1638
x509_set_valid
void x509_set_valid(struct x509_certificate *cert, struct x509_certificate *issuer, struct x509_root *root)
Set X.509 certificate as validated.
Definition x509.c:1329
x509_key_usage_bits
x509_key_usage_bits
X.509 certificate key usage bits.
Definition x509.h:101
X509_CRL_SIGN
@ X509_CRL_SIGN
Definition x509.h:108
X509_KEY_CERT_SIGN
@ X509_KEY_CERT_SIGN
Definition x509.h:107
X509_DIGITAL_SIGNATURE
@ X509_DIGITAL_SIGNATURE
Definition x509.h:102
X509_KEY_AGREEMENT
@ X509_KEY_AGREEMENT
Definition x509.h:106
X509_ENCIPHER_ONLY
@ X509_ENCIPHER_ONLY
Definition x509.h:109
X509_NON_REPUDIATION
@ X509_NON_REPUDIATION
Definition x509.h:103
X509_DECIPHER_ONLY
@ X509_DECIPHER_ONLY
Definition x509.h:110
X509_DATA_ENCIPHERMENT
@ X509_DATA_ENCIPHERMENT
Definition x509.h:105
X509_KEY_ENCIPHERMENT
@ X509_KEY_ENCIPHERMENT
Definition x509.h:104
Generated by doxygen 1.14.0