[tls] Use our own ASN.1 routines for certificate parsing

Use our own, more robust, ASN.1 parsing routines to extract the RSA public key from a server certificate. Remove the now-unused AXTLS ASN.1 parser.
author: Michael Brown 2009-02-10 18:37:24 +0100
committer: Michael Brown 2009-02-10 19:30:17 +0100
commit: 8e960eb67c3c3974f4eca34e1fe733791f70ca09 (patch)
tree: f068d9b2dec5d41a6f20942b40fd778e4a1ce952 /src/include
parent: [crypto] Remove unused files (diff)
download: ipxe-8e960eb67c3c3974f4eca34e1fe733791f70ca09.tar.gz
ipxe-8e960eb67c3c3974f4eca34e1fe733791f70ca09.tar.xz
ipxe-8e960eb67c3c3974f4eca34e1fe733791f70ca09.zip
4 files changed, 45 insertions, 7 deletions
diff --git a/src/include/gpxe/asn1.h b/src/include/gpxe/asn1.h
index 1ad90050e..5440c48ca 100644
--- a/src/include/gpxe/asn1.h
+++ b/src/include/gpxe/asn1.h
@@ -21,12 +21,12 @@
  */
 struct asn1_cursor {
 	/** Start of data */
-	uint8_t *data;
+	void *data;
 	/** Length of data */
 	size_t len;
 };
 
-extern int asn1_enter_object ( struct asn1_cursor *cursor, unsigned int type );
-extern int asn1_skip_object ( struct asn1_cursor *cursor, unsigned int type );
+extern int asn1_enter ( struct asn1_cursor *cursor, unsigned int type );
+extern int asn1_skip ( struct asn1_cursor *cursor, unsigned int type );
 
 #endif /* _GPXE_ASN1_H */
diff --git a/src/include/gpxe/errfile.h b/src/include/gpxe/errfile.h
index df3717f19..4809e50c9 100644
--- a/src/include/gpxe/errfile.h
+++ b/src/include/gpxe/errfile.h
@@ -168,6 +168,7 @@
 #define ERRFILE_smbios_settings	      ( ERRFILE_OTHER | 0x00130000 )
 #define ERRFILE_efi_smbios	      ( ERRFILE_OTHER | 0x00140000 )
 #define ERRFILE_pxemenu		      ( ERRFILE_OTHER | 0x00150000 )
+#define ERRFILE_x509		      ( ERRFILE_OTHER | 0x00160000 )
 
 /** @} */
 
diff --git a/src/include/gpxe/tls.h b/src/include/gpxe/tls.h
index 39109452f..182bc49da 100644
--- a/src/include/gpxe/tls.h
+++ b/src/include/gpxe/tls.h
@@ -14,6 +14,7 @@
 #include <gpxe/crypto.h>
 #include <gpxe/md5.h>
 #include <gpxe/sha1.h>
+#include <gpxe/x509.h>
 
 /** A TLS header */
 struct tls_header {
@@ -157,10 +158,7 @@ struct tls_session {
 	uint8_t handshake_sha1_ctx[SHA1_CTX_SIZE];
 
 	/** Hack: server RSA public key */
-	uint8_t *rsa_mod;
-	size_t rsa_mod_len;
-	uint8_t *rsa_pub_exp;
-	size_t rsa_pub_exp_len;
+	struct x509_rsa_public_key rsa;
 
 	/** TX sequence number */
 	uint64_t tx_seq;
diff --git a/src/include/gpxe/x509.h b/src/include/gpxe/x509.h
new file mode 100644
index 000000000..071e1de56
--- /dev/null
+++ b/src/include/gpxe/x509.h
@@ -0,0 +1,39 @@
+#ifndef _GPXE_X509_H
+#define _GPXE_X509_H
+
+/** @file
+ *
+ * X.509 certificates
+ *
+ */
+
+#include <stdint.h>
+
+struct asn1_cursor;
+
+/** An X.509 RSA public key */
+struct x509_rsa_public_key {
+	/** Modulus */
+	uint8_t *modulus;
+	/** Modulus length */
+	size_t modulus_len;
+	/** Exponent */
+	uint8_t *exponent;
+	/** Exponent length */
+	size_t exponent_len;
+};
+
+/**
+ * Free X.509 RSA public key
+ *
+ * @v rsa_pubkey	RSA public key
+ */
+static inline void
+x509_free_rsa_public_key ( struct x509_rsa_public_key *rsa_pubkey ) {
+	free ( rsa_pubkey->modulus );
+}
+
+extern int x509_rsa_public_key ( const struct asn1_cursor *certificate,
+				 struct x509_rsa_public_key *rsa_pubkey );
+
+#endif /* _GPXE_X509_H */
author	Michael Brown	2009-02-10 18:37:24 +0100
committer	Michael Brown	2009-02-10 19:30:17 +0100
commit	8e960eb67c3c3974f4eca34e1fe733791f70ca09 (patch)
tree	f068d9b2dec5d41a6f20942b40fd778e4a1ce952 /src/include
parent	[crypto] Remove unused files (diff)
download	ipxe-8e960eb67c3c3974f4eca34e1fe733791f70ca09.tar.gz ipxe-8e960eb67c3c3974f4eca34e1fe733791f70ca09.tar.xz ipxe-8e960eb67c3c3974f4eca34e1fe733791f70ca09.zip