mirror of
https://github.com/xcat2/xNBA.git
synced 2026-04-01 19:13:29 +00:00
557f467bab
At present, certificate chain validation is treated as an instantaneous process that can be carried out using only data that is already in memory. This model does not allow for validation to include non-instantaneous steps, such as downloading a cross-signing certificate, or determining certificate revocation status via OCSP. Redesign the internal representation of certificate chains to allow chains to outlive the scope of the original source of certificates (such as a TLS Certificate record). Allow for certificates to be cached, so that each certificate needs to be validated only once. Signed-off-by: Michael Brown <mcb30@ipxe.org>
76 lines
1.6 KiB
C
76 lines
1.6 KiB
C
#ifndef _IPXE_CMS_H
|
|
#define _IPXE_CMS_H
|
|
|
|
/** @file
|
|
*
|
|
* Cryptographic Message Syntax (PKCS #7)
|
|
*
|
|
*/
|
|
|
|
FILE_LICENCE ( GPL2_OR_LATER );
|
|
|
|
#include <time.h>
|
|
#include <ipxe/asn1.h>
|
|
#include <ipxe/crypto.h>
|
|
#include <ipxe/x509.h>
|
|
#include <ipxe/refcnt.h>
|
|
#include <ipxe/uaccess.h>
|
|
|
|
/** CMS signer information */
|
|
struct cms_signer_info {
|
|
/** List of signer information blocks */
|
|
struct list_head list;
|
|
|
|
/** Certificate chain */
|
|
struct x509_chain *chain;
|
|
|
|
/** Digest algorithm */
|
|
struct digest_algorithm *digest;
|
|
/** Public-key algorithm */
|
|
struct pubkey_algorithm *pubkey;
|
|
|
|
/** Signature */
|
|
void *signature;
|
|
/** Length of signature */
|
|
size_t signature_len;
|
|
};
|
|
|
|
/** A CMS signature */
|
|
struct cms_signature {
|
|
/** Reference count */
|
|
struct refcnt refcnt;
|
|
/** List of all certificates */
|
|
struct x509_chain *certificates;
|
|
/** List of signer information blocks */
|
|
struct list_head info;
|
|
};
|
|
|
|
/**
|
|
* Get reference to CMS signature
|
|
*
|
|
* @v sig CMS signature
|
|
* @ret sig CMS signature
|
|
*/
|
|
static inline __attribute__ (( always_inline )) struct cms_signature *
|
|
cms_get ( struct cms_signature *sig ) {
|
|
ref_get ( &sig->refcnt );
|
|
return sig;
|
|
}
|
|
|
|
/**
|
|
* Drop reference to CMS signature
|
|
*
|
|
* @v sig CMS signature
|
|
*/
|
|
static inline __attribute__ (( always_inline )) void
|
|
cms_put ( struct cms_signature *sig ) {
|
|
ref_put ( &sig->refcnt );
|
|
}
|
|
|
|
extern int cms_signature ( const void *data, size_t len,
|
|
struct cms_signature **sig );
|
|
extern int cms_verify ( struct cms_signature *sig, userptr_t data, size_t len,
|
|
const char *name, time_t time, struct x509_root *root );
|
|
|
|
#endif /* _IPXE_CMS_H */
|