From c28537838858be19a0d9ee903fc3758ec73d756d Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Wed, 21 Mar 2012 17:14:05 +0000
Subject: [crypto] Parse X.509 certificate serial number

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/crypto/x509.c       | 31 +++++++++++++++++++++++++++++--
 src/include/ipxe/x509.h |  8 ++++++++
 2 files changed, 37 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 5ce42f88..978fbd95 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -391,6 +391,31 @@ static int x509_parse_version ( struct x509_certificate *cert,
 	return 0;
 }
 
+/**
+ * Parse X.509 certificate serial number
+ *
+ * @v cert		X.509 certificate
+ * @v raw		ASN.1 cursor
+ * @ret rc		Return status code
+ */
+static int x509_parse_serial ( struct x509_certificate *cert,
+			       const struct asn1_cursor *raw ) {
+	struct x509_serial *serial = &cert->serial;
+	int rc;
+
+	/* Record raw serial number */
+	memcpy ( &serial->raw, raw, sizeof ( serial->raw ) );
+	if ( ( rc = asn1_shrink ( &serial->raw, ASN1_INTEGER ) ) != 0 ) {
+		DBGC ( cert, "X509 %p cannot shrink serialNumber: %s\n",
+		       cert, strerror ( rc ) );
+		return rc;
+	}
+	DBGC ( cert, "X509 %p issuer is:\n", cert );
+	DBGC_HDA ( cert, 0, serial->raw.data, serial->raw.len );
+
+	return 0;
+}
+
 /**
  * Parse X.509 certificate issuer
  *
@@ -818,8 +843,10 @@ static int x509_parse_tbscertificate ( struct x509_certificate *cert,
 		asn1_skip_any ( &cursor );
 	}
 
-	/* Skip serialNumber */
-	asn1_skip ( &cursor, ASN1_INTEGER );
+	/* Parse serialNumber */
+	if ( ( rc = x509_parse_serial ( cert, &cursor ) ) != 0 )
+		return rc;
+	asn1_skip_any ( &cursor );
 
 	/* Parse signature */
 	if ( ( rc = x509_parse_signature_algorithm ( cert, algorithm,
diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index 45f738cd..ca2912fd 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -24,6 +24,12 @@ struct x509_bit_string {
 	unsigned int unused;
 };
 
+/** An X.509 serial number */
+struct x509_serial {
+	/** Raw serial number */
+	struct asn1_cursor raw;
+};
+
 /** An X.509 issuer */
 struct x509_issuer {
 	/** Raw issuer */
@@ -121,6 +127,8 @@ struct x509_certificate {
 	struct asn1_cursor raw;
 	/** Version */
 	unsigned int version;
+	/** Serial number */
+	struct x509_serial serial;
 	/** Raw tbsCertificate */
 	struct asn1_cursor tbs;
 	/** Signature algorithm */
-- 
cgit v1.2.3-55-g7522