Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 84aabd46 authored by David Howells's avatar David Howells
Browse files

X.509: Add bits needed for PKCS#7 



PKCS#7 validation requires access to the serial number and the raw names in an
X.509 certificate.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Reviewed-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarJosh Boyer <jwboyer@redhat.com>
parent 16874b2c

crypto/asymmetric_keys/x509.asn1

+1 −1
Original line number Diff line number Diff line
@@ -6,7 +6,7 @@ Certificate ::= SEQUENCE { 


TBSCertificate ::= SEQUENCE {

	version           [ 0 ]	Version DEFAULT,

	serialNumber		CertificateSerialNumber,

	serialNumber		CertificateSerialNumber ({ x509_note_serial }),

	signature		AlgorithmIdentifier ({ x509_note_pkey_algo }),

	issuer			Name ({ x509_note_issuer }),

	validity		Validity,

crypto/asymmetric_keys/x509_cert_parser.c

+17 −0
Original line number Diff line number Diff line
@@ -210,6 +210,19 @@ int x509_note_signature(void *context, size_t hdrlen, 
	return 0;

}



/*

 * Note the certificate serial number

 */

int x509_note_serial(void *context, size_t hdrlen,

		     unsigned char tag,

		     const void *value, size_t vlen)

{

	struct x509_parse_context *ctx = context;

	ctx->cert->raw_serial = value;

	ctx->cert->raw_serial_size = vlen;

	return 0;

}



/*

 * Note some of the name segments from which we'll fabricate a name.

 */
@@ -322,6 +335,8 @@ int x509_note_issuer(void *context, size_t hdrlen, 
		     const void *value, size_t vlen)

{

	struct x509_parse_context *ctx = context;

	ctx->cert->raw_issuer = value;

	ctx->cert->raw_issuer_size = vlen;

	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);

}
@@ -330,6 +345,8 @@ int x509_note_subject(void *context, size_t hdrlen, 
		      const void *value, size_t vlen)

{

	struct x509_parse_context *ctx = context;

	ctx->cert->raw_subject = value;

	ctx->cert->raw_subject_size = vlen;

	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);

}

crypto/asymmetric_keys/x509_parser.h

+12 −1
Original line number Diff line number Diff line
@@ -14,7 +14,9 @@ 


struct x509_certificate {

	struct x509_certificate *next;

	struct x509_certificate *signer;	/* Certificate that signed this one */

	struct public_key *pub;			/* Public key details */

	struct public_key_signature sig;	/* Signature parameters */

	char		*issuer;		/* Name of certificate issuer */

	char		*subject;		/* Name of certificate subject */

	char		*fingerprint;		/* Key fingerprint as hex */
@@ -25,7 +27,16 @@ struct x509_certificate { 
	unsigned	tbs_size;		/* Size of signed data */

	unsigned	raw_sig_size;		/* Size of sigature */

	const void	*raw_sig;		/* Signature data */

	struct public_key_signature sig;	/* Signature parameters */

	const void	*raw_serial;		/* Raw serial number in ASN.1 */

	unsigned	raw_serial_size;

	unsigned	raw_issuer_size;

	const void	*raw_issuer;		/* Raw issuer name in ASN.1 */

	const void	*raw_subject;		/* Raw subject name in ASN.1 */

	unsigned	raw_subject_size;

	unsigned	index;

	bool		seen;			/* Infinite recursion prevention */

	bool		verified;

	bool		trusted;

};



/*