Merge branch 'master' into openslxopenslx

author: Simon Rettberg 2026-01-28 12:53:53 +0100
committer: Simon Rettberg 2026-01-28 12:53:53 +0100
commit: 8e82785c584dc13e20f9229decb95bd17bbe9cd1 (patch)
tree: a8b359e59196be5b2e3862bed189107f4bc9975f /src/include/ipxe/cms.h
parent: Merge branch 'master' into openslx (diff)
parent: [prefix] Make unlzma.S compatible with 386 class CPUs (diff)
download: ipxe-openslx.tar.gz
ipxe-openslx.tar.xz
ipxe-openslx.zip
1 files changed, 84 insertions, 29 deletions
diff --git a/src/include/ipxe/cms.h b/src/include/ipxe/cms.h
index 7adf724b2..d2e426c5c 100644
--- a/src/include/ipxe/cms.h
+++ b/src/include/ipxe/cms.h
@@ -8,69 +8,124 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <time.h>
 #include <ipxe/asn1.h>
 #include <ipxe/crypto.h>
 #include <ipxe/x509.h>
 #include <ipxe/refcnt.h>
-#include <ipxe/uaccess.h>
 
-/** CMS signer information */
-struct cms_signer_info {
-	/** List of signer information blocks */
-	struct list_head list;
+struct image;
+struct cms_message;
+
+/** A CMS message type */
+struct cms_type {
+	/** Name */
+	const char *name;
+	/** Object identifier */
+	struct asn1_cursor oid;
+	/** Parse content
+	 *
+	 * @v cms		CMS message
+	 * @v raw		ASN.1 cursor
+	 * @ret rc		Return status code
+	 */
+	int ( * parse ) ( struct cms_message *cms,
+			  const struct asn1_cursor *raw );
+};
 
+/** CMS participant information */
+struct cms_participant {
+	/** List of participant information blocks */
+	struct list_head list;
 	/** Certificate chain */
 	struct x509_chain *chain;
 
-	/** Digest algorithm */
+	/** Digest algorithm (for signature messages) */
 	struct digest_algorithm *digest;
 	/** Public-key algorithm */
 	struct pubkey_algorithm *pubkey;
 
-	/** Signature */
-	void *signature;
-	/** Length of signature */
-	size_t signature_len;
+	/** Signature or key value */
+	struct asn1_cursor value;
 };
 
-/** A CMS signature */
-struct cms_signature {
+/** A CMS message */
+struct cms_message {
 	/** Reference count */
 	struct refcnt refcnt;
-	/** List of all certificates */
+	/** Raw ASN.1 data */
+	struct asn1_cursor *raw;
+	/** Message type */
+	struct cms_type *type;
+
+	/** List of all certificates (for signature messages) */
 	struct x509_chain *certificates;
-	/** List of signer information blocks */
-	struct list_head info;
+	/** List of participant information blocks */
+	struct list_head participants;
+
+	/** Cipher algorithm */
+	struct cipher_algorithm *cipher;
+	/** Cipher initialization vector */
+	struct asn1_cursor iv;
+	/** Cipher authentication tag */
+	struct asn1_cursor mac;
 };
 
 /**
- * Get reference to CMS signature
+ * Get reference to CMS message
  *
- * @v sig		CMS signature
- * @ret sig		CMS signature
+ * @v cms		CMS message
+ * @ret cms		CMS message
  */
-static inline __attribute__ (( always_inline )) struct cms_signature *
-cms_get ( struct cms_signature *sig ) {
-	ref_get ( &sig->refcnt );
-	return sig;
+static inline __attribute__ (( always_inline )) struct cms_message *
+cms_get ( struct cms_message *cms ) {
+	ref_get ( &cms->refcnt );
+	return cms;
 }
 
 /**
- * Drop reference to CMS signature
+ * Drop reference to CMS message
  *
- * @v sig		CMS signature
+ * @v cms		CMS message
  */
 static inline __attribute__ (( always_inline )) void
-cms_put ( struct cms_signature *sig ) {
-	ref_put ( &sig->refcnt );
+cms_put ( struct cms_message *cms ) {
+	ref_put ( &cms->refcnt );
+}
+
+/**
+ * Check if CMS message is a signature message
+ *
+ * @v cms		CMS message
+ * @ret is_signature	Message is a signature message
+ */
+static inline __attribute__ (( always_inline )) int
+cms_is_signature ( struct cms_message *cms ) {
+
+	/* CMS signatures include an optional CertificateSet */
+	return ( cms->certificates != NULL );
+}
+
+/**
+ * Check if CMS message is an encrypted message
+ *
+ * @v cms		CMS message
+ * @ret is_encrypted	Message is an encrypted message
+ */
+static inline __attribute__ (( always_inline )) int
+cms_is_encrypted ( struct cms_message *cms ) {
+
+	/* CMS encrypted messages have a cipher algorithm */
+	return ( cms->cipher != NULL );
 }
 
-extern int cms_signature ( const void *data, size_t len,
-			   struct cms_signature **sig );
-extern int cms_verify ( struct cms_signature *sig, userptr_t data, size_t len,
+extern int cms_message ( struct image *image, struct cms_message **cms );
+extern int cms_verify ( struct cms_message *cms, struct image *image,
 			const char *name, time_t time, struct x509_chain *store,
 			struct x509_root *root );
+extern int cms_decrypt ( struct cms_message *cms, struct image *image,
+			 const char *name, struct private_key *private_key );
 
 #endif /* _IPXE_CMS_H */
author	Simon Rettberg	2026-01-28 12:53:53 +0100
committer	Simon Rettberg	2026-01-28 12:53:53 +0100
commit	8e82785c584dc13e20f9229decb95bd17bbe9cd1 (patch)
tree	a8b359e59196be5b2e3862bed189107f4bc9975f /src/include/ipxe/cms.h
parent	Merge branch 'master' into openslx (diff)
parent	[prefix] Make unlzma.S compatible with 386 class CPUs (diff)
download	ipxe-openslx.tar.gz ipxe-openslx.tar.xz ipxe-openslx.zip