Strona główna Odkrywaj Pomoc
Zaloguj się
GfA
/
linux_kernel
5
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

X.509: Add bits needed for PKCS#7

PKCS#7 validation requires access to the serial number and the raw names in an
X.509 certificate.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Josh Boyer <jwboyer@redhat.com>
David Howells 11 lat temu
rodzic
16874b2cb8
commit
84aabd46bf
3 zmienionych plików z 30 dodań i 2 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 1 1
      crypto/asymmetric_keys/x509.asn1
  2. 17 0
      crypto/asymmetric_keys/x509_cert_parser.c
  3. 12 1
      crypto/asymmetric_keys/x509_parser.h

+ 1 - 1
crypto/asymmetric_keys/x509.asn1
Wyświetl plik 

@@ -6,7 +6,7 @@ Certificate ::= SEQUENCE {
 
 
 TBSCertificate ::= SEQUENCE {
 
 	version           [ 0 ]	Version DEFAULT,
 
-	serialNumber		CertificateSerialNumber,
 
+	serialNumber		CertificateSerialNumber ({ x509_note_serial }),
 
 	signature		AlgorithmIdentifier ({ x509_note_pkey_algo }),
 
 	issuer			Name ({ x509_note_issuer }),
 
 	validity		Validity,

+ 17 - 0
crypto/asymmetric_keys/x509_cert_parser.c
Wyświetl plik 

@@ -210,6 +210,19 @@ int x509_note_signature(void *context, size_t hdrlen,
 
 	return 0;
 
 }
 
 
+/*
 
+ * Note the certificate serial number
 
+ */
 
+int x509_note_serial(void *context, size_t hdrlen,
 
+		     unsigned char tag,
 
+		     const void *value, size_t vlen)
 
+{
 
+	struct x509_parse_context *ctx = context;
 
+	ctx->cert->raw_serial = value;
 
+	ctx->cert->raw_serial_size = vlen;
 
+	return 0;
 
+}
 
+
 
 /*
 
  * Note some of the name segments from which we'll fabricate a name.
 
  */
 
@@ -322,6 +335,8 @@ int x509_note_issuer(void *context, size_t hdrlen,
 
 		     const void *value, size_t vlen)
 
 {
 
 	struct x509_parse_context *ctx = context;
 
+	ctx->cert->raw_issuer = value;
 
+	ctx->cert->raw_issuer_size = vlen;
 
 	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);
 
 }
 
 
@@ -330,6 +345,8 @@ int x509_note_subject(void *context, size_t hdrlen,
 
 		      const void *value, size_t vlen)
 
 {
 
 	struct x509_parse_context *ctx = context;
 
+	ctx->cert->raw_subject = value;
 
+	ctx->cert->raw_subject_size = vlen;
 
 	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);
 
 }

+ 12 - 1
crypto/asymmetric_keys/x509_parser.h
Wyświetl plik 

@@ -14,7 +14,9 @@
 
 
 struct x509_certificate {
 
 	struct x509_certificate *next;
 
+	struct x509_certificate *signer;	/* Certificate that signed this one */
 
 	struct public_key *pub;			/* Public key details */
 
+	struct public_key_signature sig;	/* Signature parameters */
 
 	char		*issuer;		/* Name of certificate issuer */
 
 	char		*subject;		/* Name of certificate subject */
 
 	char		*fingerprint;		/* Key fingerprint as hex */
 
@@ -25,7 +27,16 @@ struct x509_certificate {
 
 	unsigned	tbs_size;		/* Size of signed data */
 
 	unsigned	raw_sig_size;		/* Size of sigature */
 
 	const void	*raw_sig;		/* Signature data */
 
-	struct public_key_signature sig;	/* Signature parameters */
 
+	const void	*raw_serial;		/* Raw serial number in ASN.1 */
 
+	unsigned	raw_serial_size;
 
+	unsigned	raw_issuer_size;
 
+	const void	*raw_issuer;		/* Raw issuer name in ASN.1 */
 
+	const void	*raw_subject;		/* Raw subject name in ASN.1 */
 
+	unsigned	raw_subject_size;
 
+	unsigned	index;
 
+	bool		seen;			/* Infinite recursion prevention */
 
+	bool		verified;
 
+	bool		trusted;
 
 };
 
 
 /*