diff options
| author | Michael Brown | 2012-04-30 02:49:01 +0200 |
|---|---|---|
| committer | Michael Brown | 2012-05-04 16:15:34 +0200 |
| commit | 601cb3610fff6e295876a3050275ef590da7f7c0 (patch) | |
| tree | 59efa260b8af5d16b1d55fb96b2bd300c4c73d36 /src/include/ipxe | |
| parent | [list] Add list_for_each_entry_continue() and _continue_reverse() (diff) | |
| download | ipxe-601cb3610fff6e295876a3050275ef590da7f7c0.tar.gz ipxe-601cb3610fff6e295876a3050275ef590da7f7c0.tar.xz ipxe-601cb3610fff6e295876a3050275ef590da7f7c0.zip | |
[crypto] Parse OCSP responder URI from X.509 certificate
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe')
| -rw-r--r-- | src/include/ipxe/asn1.h | 17 | ||||
| -rw-r--r-- | src/include/ipxe/x509.h | 38 |
2 files changed, 51 insertions, 4 deletions
diff --git a/src/include/ipxe/asn1.h b/src/include/ipxe/asn1.h index d83308a2e..1c433c5e7 100644 --- a/src/include/ipxe/asn1.h +++ b/src/include/ipxe/asn1.h @@ -53,6 +53,9 @@ struct asn1_cursor { /** ASN.1 set */ #define ASN1_SET 0x31 +/** ASN.1 implicit tag */ +#define ASN1_IMPLICIT_TAG( number) ( 0x80 | (number) ) + /** ASN.1 explicit tag */ #define ASN1_EXPLICIT_TAG( number) ( 0xa0 | (number) ) @@ -158,6 +161,20 @@ struct asn1_cursor { ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \ ASN1_OID_SINGLE ( 7 ), ASN1_OID_SINGLE ( 2 ) +/** ASN.1 OID for id-pe-authorityInfoAccess (1.3.6.1.5.5.7.1.1) */ +#define ASN1_OID_AUTHORITYINFOACCESS \ + ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \ + ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 1 ) + +/** ASN.1 OID for id-ad-ocsp (1.3.6.1.5.5.7.48.1) */ +#define ASN1_OID_OCSP \ + ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \ + ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \ + ASN1_OID_SINGLE ( 48 ), ASN1_OID_SINGLE ( 1 ) + /** Define an ASN.1 cursor containing an OID */ #define ASN1_OID_CURSOR( oid_value ) { \ .data = oid_value, \ diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index 09e180075..271ed2e44 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -50,9 +50,9 @@ struct x509_validity { struct x509_time not_after; }; -/** An X.509 name */ -struct x509_name { - /** Name (not NUL-terminated) */ +/** An X.509 string */ +struct x509_string { + /** String (not NUL-terminated) */ const void *data; /** Length of name */ size_t len; @@ -71,7 +71,7 @@ struct x509_subject { /** Raw subject */ struct asn1_cursor raw; /** Common name */ - struct x509_name name; + struct x509_string name; /** Public key information */ struct x509_public_key public_key; }; @@ -128,6 +128,18 @@ enum x509_extended_key_usage_bits { X509_CODE_SIGNING = 0x0001, }; +/** X.509 certificate OCSP responder */ +struct x509_ocsp_responder { + /** URI */ + struct x509_string uri; +}; + +/** X.509 certificate authority information access */ +struct x509_authority_info_access { + /** OCSP responder */ + struct x509_ocsp_responder ocsp; +}; + /** An X.509 certificate extensions set */ struct x509_extensions { /** Basic constraints */ @@ -136,6 +148,8 @@ struct x509_extensions { struct x509_key_usage usage; /** Extended key usage */ struct x509_extended_key_usage ext_usage; + /** Authority information access */ + struct x509_authority_info_access auth_info; }; /** An X.509 certificate */ @@ -188,6 +202,22 @@ struct x509_key_purpose { unsigned int bits; }; +/** An X.509 access method */ +struct x509_access_method { + /** Name */ + const char *name; + /** Object identifier */ + struct asn1_cursor oid; + /** Parse access method + * + * @v cert X.509 certificate + * @v raw ASN.1 cursor + * @ret rc Return status code + */ + int ( * parse ) ( struct x509_certificate *cert, + const struct asn1_cursor *raw ); +}; + /** An X.509 root certificate store */ struct x509_root { /** Fingerprint digest algorithm */ |