__einfo_error ( EINFO_EINVAL_ASN1_ALGORITHM )
#define EINFO_EINVAL_ASN1_ALGORITHM \
__einfo_uniqify ( EINFO_EINVAL, 0x06, "Invalid algorithm" )
+#define EINVAL_BIT_STRING \
+ __einfo_error ( EINFO_EINVAL_BIT_STRING )
+#define EINFO_EINVAL_BIT_STRING \
+ __einfo_uniqify ( EINFO_EINVAL, 0x07, "Invalid bit string" )
#define ENOTSUP_ALGORITHM \
__einfo_error ( EINFO_ENOTSUP_ALGORITHM )
#define EINFO_ENOTSUP_ALGORITHM \
*/
int asn1_boolean ( const struct asn1_cursor *cursor ) {
struct asn1_cursor contents;
- const struct asn1_boolean *boolean;
+ const struct {
+ uint8_t value;
+ } __attribute__ (( packed )) *boolean;
/* Enter boolean */
memcpy ( &contents, cursor, sizeof ( contents ) );
return 0;
}
+/**
+ * Parse ASN.1 bit string
+ *
+ * @v cursor ASN.1 cursor
+ * @v bits Bit string to fill in
+ * @ret rc Return status code
+ */
+int asn1_bit_string ( const struct asn1_cursor *cursor,
+ struct asn1_bit_string *bits ) {
+ struct asn1_cursor contents;
+ const struct {
+ uint8_t unused;
+ uint8_t data[0];
+ } __attribute__ (( packed )) *bit_string;
+ size_t len;
+ unsigned int unused;
+ uint8_t unused_mask;
+ const uint8_t *last;
+ int rc;
+
+ /* Enter bit string */
+ memcpy ( &contents, cursor, sizeof ( contents ) );
+ if ( ( rc = asn1_enter ( &contents, ASN1_BIT_STRING ) ) != 0 ) {
+ DBGC ( cursor, "ASN1 %p cannot locate bit string:\n", cursor );
+ DBGC_HDA ( cursor, 0, cursor->data, cursor->len );
+ return rc;
+ }
+
+ /* Validity checks */
+ if ( contents.len < sizeof ( *bit_string ) ) {
+ DBGC ( cursor, "ASN1 %p invalid bit string:\n", cursor );
+ DBGC_HDA ( cursor, 0, cursor->data, cursor->len );
+ return -EINVAL_BIT_STRING;
+ }
+ bit_string = contents.data;
+ len = ( contents.len - offsetof ( typeof ( *bit_string ), data ) );
+ unused = bit_string->unused;
+ unused_mask = ( 0xff >> ( 8 - unused ) );
+ last = ( bit_string->data + len - 1 );
+ if ( ( unused >= 8 ) ||
+ ( ( unused > 0 ) && ( len == 0 ) ) ||
+ ( ( *last & unused_mask ) != 0 ) ) {
+ DBGC ( cursor, "ASN1 %p invalid bit string:\n", cursor );
+ DBGC_HDA ( cursor, 0, cursor->data, cursor->len );
+ return -EINVAL_BIT_STRING;
+ }
+
+ /* Populate bit string */
+ bits->data = &bit_string->data;
+ bits->len = len;
+ bits->unused = unused;
+
+ return 0;
+}
+
+/**
+ * Parse ASN.1 bit string that must be an integral number of bytes
+ *
+ * @v cursor ASN.1 cursor
+ * @v bits Bit string to fill in
+ * @ret rc Return status code
+ */
+int asn1_integral_bit_string ( const struct asn1_cursor *cursor,
+ struct asn1_bit_string *bits ) {
+ int rc;
+
+ /* Parse bit string */
+ if ( ( rc = asn1_bit_string ( cursor, bits ) ) != 0 )
+ return rc;
+
+ /* Check that there are no unused bits at end of string */
+ if ( bits->unused ) {
+ DBGC ( cursor, "ASN1 %p invalid integral bit string:\n",
+ cursor );
+ DBGC_HDA ( cursor, 0, cursor->data, cursor->len );
+ return -EINVAL_BIT_STRING;
+ }
+
+ return 0;
+}
+
/**
* Compare two ASN.1 objects
*
*/
static int rsa_init ( void *ctx, const void *key, size_t key_len ) {
struct rsa_context *context = ctx;
- const struct asn1_bit_string *bit_string;
+ struct asn1_bit_string bits;
struct asn1_cursor modulus;
struct asn1_cursor exponent;
struct asn1_cursor cursor;
asn1_skip ( &cursor, ASN1_SEQUENCE );
/* Enter subjectPublicKey */
- asn1_enter ( &cursor, ASN1_BIT_STRING );
-
- /* Check and skip unused-bits byte of bit string */
- bit_string = cursor.data;
- if ( ( cursor.len < sizeof ( *bit_string ) ) ||
- ( bit_string->unused != 0 ) ) {
- rc = -EINVAL;
+ if ( ( rc = asn1_integral_bit_string ( &cursor, &bits ) ) != 0 )
goto err_parse;
- }
- cursor.data = &bit_string->data;
- cursor.len -= offsetof ( typeof ( *bit_string ), data );
+ cursor.data = bits.data;
+ cursor.len = bits.len;
/* Enter RSAPublicKey */
asn1_enter ( &cursor, ASN1_SEQUENCE );
__einfo_error ( EINFO_EINVAL_ALGORITHM )
#define EINFO_EINVAL_ALGORITHM \
__einfo_uniqify ( EINFO_EINVAL, 0x01, "Invalid algorithm type" )
-#define EINVAL_BIT_STRING \
- __einfo_error ( EINFO_EINVAL_BIT_STRING )
-#define EINFO_EINVAL_BIT_STRING \
- __einfo_uniqify ( EINFO_EINVAL, 0x02, "Invalid bit string" )
#define EINVAL_ALGORITHM_MISMATCH \
__einfo_error ( EINFO_EINVAL_ALGORITHM_MISMATCH )
#define EINFO_EINVAL_ALGORITHM_MISMATCH \
static struct asn1_cursor oid_common_name_cursor =
ASN1_OID_CURSOR ( oid_common_name );
-/**
- * Parse X.509 certificate bit string
- *
- * @v cert X.509 certificate
- * @v bits Bit string to fill in
- * @v raw ASN.1 cursor
- * @ret rc Return status code
- */
-static int x509_parse_bit_string ( struct x509_certificate *cert,
- struct x509_bit_string *bits,
- const struct asn1_cursor *raw ) {
- struct asn1_cursor cursor;
- const struct asn1_bit_string *bit_string;
- size_t len;
- unsigned int unused;
- uint8_t unused_mask;
- const uint8_t *last;
- int rc;
-
- /* Enter bit string */
- memcpy ( &cursor, raw, sizeof ( cursor ) );
- if ( ( rc = asn1_enter ( &cursor, ASN1_BIT_STRING ) ) != 0 ) {
- DBGC ( cert, "X509 %p cannot locate bit string:\n", cert );
- DBGC_HDA ( cert, 0, raw->data, raw->len );
- return rc;
- }
-
- /* Validity checks */
- if ( cursor.len < sizeof ( *bit_string ) ) {
- DBGC ( cert, "X509 %p invalid bit string:\n", cert );
- DBGC_HDA ( cert, 0, raw->data, raw->len );
- return -EINVAL_BIT_STRING;
- }
- bit_string = cursor.data;
- len = ( cursor.len - offsetof ( typeof ( *bit_string ), data ) );
- unused = bit_string->unused;
- unused_mask = ( 0xff >> ( 8 - unused ) );
- last = ( bit_string->data + len - 1 );
- if ( ( unused >= 8 ) ||
- ( ( unused > 0 ) && ( len == 0 ) ) ||
- ( ( *last & unused_mask ) != 0 ) ) {
- DBGC ( cert, "X509 %p invalid bit string:\n", cert );
- DBGC_HDA ( cert, 0, raw->data, raw->len );
- return -EINVAL_BIT_STRING;
- }
-
- /* Populate bit string */
- bits->data = &bit_string->data;
- bits->len = len;
- bits->unused = unused;
-
- return 0;
-}
-
-/**
- * Parse X.509 certificate bit string that must be an integral number of bytes
- *
- * @v cert X.509 certificate
- * @v bits Bit string to fill in
- * @v raw ASN.1 cursor
- * @ret rc Return status code
- */
-static int x509_parse_integral_bit_string ( struct x509_certificate *cert,
- struct x509_bit_string *bits,
- const struct asn1_cursor *raw ) {
- int rc;
-
- /* Parse bit string */
- if ( ( rc = x509_parse_bit_string ( cert, bits, raw ) ) != 0 )
- return rc;
-
- /* Check that there are no unused bits at end of string */
- if ( bits->unused ) {
- DBGC ( cert, "X509 %p invalid integral bit string:\n", cert );
- DBGC_HDA ( cert, 0, raw->data, raw->len );
- return -EINVAL_BIT_STRING;
- }
-
- return 0;
-}
-
-
/**
* Parse X.509 certificate version
*
const struct asn1_cursor *raw ) {
struct x509_public_key *public_key = &cert->subject.public_key;
struct asn1_algorithm **algorithm = &public_key->algorithm;
- struct x509_bit_string *raw_bits = &public_key->raw_bits;
+ struct asn1_bit_string *raw_bits = &public_key->raw_bits;
struct asn1_cursor cursor;
int rc;
asn1_skip_any ( &cursor );
/* Parse bit string */
- if ( ( rc = x509_parse_bit_string ( cert, raw_bits, &cursor ) ) != 0 )
+ if ( ( rc = asn1_bit_string ( &cursor, raw_bits ) ) != 0 ) {
+ DBGC ( cert, "X509 %p could not parse public key bits: %s\n",
+ cert, strerror ( rc ) );
return rc;
+ }
return 0;
}
static int x509_parse_key_usage ( struct x509_certificate *cert,
const struct asn1_cursor *raw ) {
struct x509_key_usage *usage = &cert->extensions.usage;
- struct x509_bit_string bit_string;
+ struct asn1_bit_string bit_string;
const uint8_t *bytes;
size_t len;
unsigned int i;
usage->present = 1;
/* Parse bit string */
- if ( ( rc = x509_parse_bit_string ( cert, &bit_string, raw ) ) != 0 )
+ if ( ( rc = asn1_bit_string ( raw, &bit_string ) ) != 0 ) {
+ DBGC ( cert, "X509 %p could not parse key usage: %s\n",
+ cert, strerror ( rc ) );
return rc;
+ }
/* Parse key usage bits */
bytes = bit_string.data;
const struct asn1_cursor *raw ) {
struct x509_signature *signature = &cert->signature;
struct asn1_algorithm **signature_algorithm = &signature->algorithm;
- struct x509_bit_string *signature_value = &signature->value;
+ struct asn1_bit_string *signature_value = &signature->value;
struct asn1_cursor cursor;
int rc;
asn1_skip_any ( &cursor );
/* Parse signatureValue */
- if ( ( rc = x509_parse_integral_bit_string ( cert, signature_value,
- &cursor ) ) != 0 )
+ if ( ( rc = asn1_integral_bit_string ( &cursor,
+ signature_value ) ) != 0 ) {
+ DBGC ( cert, "X509 %p could not parse signature value: %s\n",
+ cert, strerror ( rc ) );
return rc;
+ }
DBGC2 ( cert, "X509 %p signatureValue is:\n", cert );
DBGC2_HDA ( cert, 0, signature_value->data, signature_value->len );
/** Declare an ASN.1 OID-identified algorithm */
#define __asn1_algorithm __table_entry ( ASN1_ALGORITHMS, 01 )
-/** An ASN.1 boolean */
-struct asn1_boolean {
- /** Value */
- uint8_t value;
-} __attribute__ (( packed ));
-
/** An ASN.1 bit string */
struct asn1_bit_string {
- /** Number of unused bits */
- uint8_t unused;
/** Data */
- uint8_t data[0];
+ const void *data;
+ /** Length */
+ size_t len;
+ /** Unused bits at end of data */
+ unsigned int unused;
} __attribute__ (( packed ));
/**
extern int asn1_shrink_any ( struct asn1_cursor *cursor );
extern int asn1_boolean ( const struct asn1_cursor *cursor );
extern int asn1_integer ( const struct asn1_cursor *cursor, int *value );
+extern int asn1_bit_string ( const struct asn1_cursor *cursor,
+ struct asn1_bit_string *bits );
+extern int asn1_integral_bit_string ( const struct asn1_cursor *cursor,
+ struct asn1_bit_string *bits );
extern int asn1_compare ( const struct asn1_cursor *cursor1,
const struct asn1_cursor *cursor2 );
extern int asn1_algorithm ( const struct asn1_cursor *cursor,
#include <ipxe/refcnt.h>
#include <ipxe/list.h>
-/** An X.509 bit string */
-struct x509_bit_string {
- /** Data */
- const void *data;
- /** Length */
- size_t len;
- /** Unused bits at end of data */
- unsigned int unused;
-};
-
/** An X.509 serial number */
struct x509_serial {
/** Raw serial number */
/** Public key algorithm */
struct asn1_algorithm *algorithm;
/** Raw public key bit string */
- struct x509_bit_string raw_bits;
+ struct asn1_bit_string raw_bits;
};
/** An X.509 certificate subject */
/** Signature algorithm */
struct asn1_algorithm *algorithm;
/** Signature value */
- struct x509_bit_string value;
+ struct asn1_bit_string value;
};
/** An X.509 certificate basic constraints set */
projects / thirdparty / ipxe.git / commitdiff
