X.509: Add bits needed for PKCS#7

PKCS#7 validation requires access to the serial number and the raw names in an X.509 certificate. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Josh Boyer <jwboyer@redhat.com>
author: David Howells <dhowells@redhat.com> 2014-07-01 11:40:19 -0400
committer: David Howells <dhowells@redhat.com> 2014-07-01 11:40:19 -0400
commit: 84aabd46bf8791d0c6fc8db4dc65d45093f70aab (patch)
tree: 70e6a4b4ba4c6a215d4e86f8f11d3c1301b0727d /crypto
parent: 16874b2cb867d3eb63ed838f2847143e11556708 (diff)
3 files changed, 30 insertions, 2 deletions
diff --git a/crypto/asymmetric_keys/x509.asn1 b/crypto/asymmetric_keys/x509.asn1
index bf32b3dff088..aae0cde414e2 100644
--- a/crypto/asymmetric_keys/x509.asn1
+++ b/crypto/asymmetric_keys/x509.asn1
@@ -6,7 +6,7 @@ Certificate ::= SEQUENCE {
 TBSCertificate ::= SEQUENCE {
        version           [ 0 ] Version DEFAULT,
-        serialNumber            CertificateSerialNumber,
+        serialNumber            CertificateSerialNumber ({ x509_note_serial }),
        signature               AlgorithmIdentifier ({ x509_note_pkey_algo }),
        issuer                  Name ({ x509_note_issuer }),
        validity                Validity,
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 29893162497c..4a8df29ab713 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -211,6 +211,19 @@ int x509_note_signature(void *context, size_t hdrlen,
 }
 /*
+ * Note the certificate serial number
+ */
+int x509_note_serial(void *context, size_t hdrlen,
+                     unsigned char tag,
+                     const void *value, size_t vlen)
+{
+        struct x509_parse_context *ctx = context;
+        ctx->cert->raw_serial = value;
+        ctx->cert->raw_serial_size = vlen;
+        return 0;
+}
+/*
 * Note some of the name segments from which we'll fabricate a name.
 */
 int x509_extract_name_segment(void *context, size_t hdrlen,
@@ -322,6 +335,8 @@ int x509_note_issuer(void *context, size_t hdrlen,
                     const void *value, size_t vlen)
 {
        struct x509_parse_context *ctx = context;
+        ctx->cert->raw_issuer = value;
+        ctx->cert->raw_issuer_size = vlen;
        return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);
 }
@@ -330,6 +345,8 @@ int x509_note_subject(void *context, size_t hdrlen,
                      const void *value, size_t vlen)
 {
        struct x509_parse_context *ctx = context;
+        ctx->cert->raw_subject = value;
+        ctx->cert->raw_subject_size = vlen;
        return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);
 }
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index 87d9cc26f630..1b76f207c1f3 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -14,7 +14,9 @@
 struct x509_certificate {
        struct x509_certificate *next;
+        struct x509_certificate *signer;        /* Certificate that signed this one */
        struct public_key *pub;                 /* Public key details */
+        struct public_key_signature sig;        /* Signature parameters */
        char            *issuer;                /* Name of certificate issuer */
        char            *subject;               /* Name of certificate subject */
        char            *fingerprint;           /* Key fingerprint as hex */
@@ -25,7 +27,16 @@ struct x509_certificate {
        unsigned        tbs_size;               /* Size of signed data */
        unsigned        raw_sig_size;           /* Size of sigature */
        const void      *raw_sig;               /* Signature data */
-        struct public_key_signature sig;        /* Signature parameters */
+        const void      *raw_serial;            /* Raw serial number in ASN.1 */
+        unsigned        raw_serial_size;
+        unsigned        raw_issuer_size;
+        const void      *raw_issuer;            /* Raw issuer name in ASN.1 */
+        const void      *raw_subject;           /* Raw subject name in ASN.1 */
+        unsigned        raw_subject_size;
+        unsigned        index;
+        bool            seen;                   /* Infinite recursion prevention */
+        bool            verified;
+        bool            trusted;
 };
 /*
author	David Howells <dhowells@redhat.com>	2014-07-01 11:40:19 -0400
committer	David Howells <dhowells@redhat.com>	2014-07-01 11:40:19 -0400
commit	84aabd46bf8791d0c6fc8db4dc65d45093f70aab (patch)
tree	70e6a4b4ba4c6a215d4e86f8f11d3c1301b0727d /crypto
parent	16874b2cb867d3eb63ed838f2847143e11556708 (diff)