Lines Matching refs:cert
43 * @cert: Certificate to be freed
45 void x509_certificate_free(struct x509_certificate *cert)
47 if (cert == NULL)
49 if (cert->next) {
52 cert, cert->next);
54 x509_free_name(&cert->issuer);
55 x509_free_name(&cert->subject);
56 os_free(cert->public_key);
57 os_free(cert->sign_value);
58 os_free(cert);
64 * @cert: Pointer to the first certificate in the chain
66 void x509_certificate_chain_free(struct x509_certificate *cert)
70 while (cert) {
71 next = cert->next;
72 cert->next = NULL;
73 x509_certificate_free(cert);
74 cert = next;
220 struct x509_certificate *cert,
252 &cert->public_key_alg, &pos))
276 os_free(cert->public_key);
277 cert->public_key = os_malloc(hdr.length - 1);
278 if (cert->public_key == NULL) {
283 os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
284 cert->public_key_len = hdr.length - 1;
286 cert->public_key, cert->public_key_len);
652 struct x509_certificate *cert, const u8 **next)
689 &cert->not_before) < 0) {
701 &cert->not_after) < 0) {
708 (unsigned long) cert->not_before,
709 (unsigned long) cert->not_after);
725 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
753 cert->extensions_present |= X509_EXT_KEY_USAGE;
754 cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
756 wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
762 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
784 cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
803 cert->ca = hdr.payload[0];
807 cert->ca);
836 cert->path_len_constraint = value;
837 cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
841 cert->ca, cert->path_len_constraint);
1024 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
1041 cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
1046 return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
1051 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
1068 cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
1073 return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
1078 static int x509_parse_extension_data(struct x509_certificate *cert,
1094 return x509_parse_ext_key_usage(cert, pos, len);
1096 return x509_parse_ext_subject_alt_name(cert, pos, len);
1098 return x509_parse_ext_issuer_alt_name(cert, pos, len);
1100 return x509_parse_ext_basic_constraints(cert, pos, len);
1107 static int x509_parse_extension(struct x509_certificate *cert,
1176 res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
1189 static int x509_parse_extensions(struct x509_certificate *cert,
1210 if (x509_parse_extension(cert, pos, end - pos, &pos)
1220 struct x509_certificate *cert,
1274 cert->version = value;
1275 if (cert->version != X509_CERT_V1 &&
1276 cert->version != X509_CERT_V2 &&
1277 cert->version != X509_CERT_V3) {
1279 cert->version + 1);
1286 cert->version = X509_CERT_V1;
1287 wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1301 cert->serial_number <<= 8;
1302 cert->serial_number |= *pos++;
1305 wpa_printf(MSG_MSGDUMP, "X509: serialNumber %lu", cert->serial_number);
1308 if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1313 if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1315 x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1319 if (x509_parse_validity(pos, end - pos, cert, &pos))
1323 if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1325 x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1329 if (x509_parse_public_key(pos, end - pos, cert, &pos))
1335 if (cert->version == X509_CERT_V1)
1392 if (cert->version != X509_CERT_V3) {
1395 "version 3", cert->version + 1);
1399 if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1479 struct x509_certificate *cert;
1481 cert = os_zalloc(sizeof(*cert) + len);
1482 if (cert == NULL)
1484 os_memcpy(cert + 1, buf, len);
1485 cert->cert_start = (u8 *) (cert + 1);
1486 cert->cert_len = len;
1500 x509_certificate_free(cert);
1506 x509_certificate_free(cert);
1518 cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1519 if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1520 x509_certificate_free(cert);
1523 cert->tbs_cert_len = pos - hash_start;
1527 &cert->signature_alg, &pos)) {
1528 x509_certificate_free(cert);
1539 x509_certificate_free(cert);
1543 x509_certificate_free(cert);
1554 x509_certificate_free(cert);
1557 os_free(cert->sign_value);
1558 cert->sign_value = os_malloc(hdr.length - 1);
1559 if (cert->sign_value == NULL) {
1562 x509_certificate_free(cert);
1565 os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
1566 cert->sign_value_len = hdr.length - 1;
1568 cert->sign_value, cert->sign_value_len);
1570 return cert;
1577 * @cert: Certificate to be verified
1578 * Returns: 0 if cert has a valid signature that was signed by the issuer,
1582 struct x509_certificate *cert)
1593 if (!x509_pkcs_oid(&cert->signature.oid) ||
1594 cert->signature.oid.len != 7 ||
1595 cert->signature.oid.oid[5] != 1 /* pkcs-1 */) {
1606 data_len = cert->sign_value_len;
1613 if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value,
1614 cert->sign_value_len, data,
1677 if (cert->signature.oid.oid[6] !=
1682 cert->signature.oid.oid[6]);
1690 if (cert->signature.oid.oid[6] !=
1695 cert->signature.oid.oid[6]);
1709 if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */)
1714 cert->signature.oid.oid[6]);
1745 switch (cert->signature.oid.oid[6]) {
1747 md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1754 sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1761 sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1772 "algorithm (%lu)", cert->signature.oid.oid[6]);
1794 static int x509_valid_issuer(const struct x509_certificate *cert)
1796 if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
1797 !cert->ca) {
1803 if (cert->version == X509_CERT_V3 &&
1804 !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
1810 if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
1811 !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
1835 struct x509_certificate *cert, *trust;
1844 for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
1845 x509_name_string(&cert->subject, buf, sizeof(buf));
1853 (unsigned long) cert->not_before ||
1855 (unsigned long) cert->not_after)) {
1858 now.sec, cert->not_before, cert->not_after);
1863 if (cert->next) {
1864 if (x509_name_compare(&cert->issuer,
1865 &cert->next->subject) != 0) {
1868 x509_name_string(&cert->issuer, buf,
1870 wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
1872 x509_name_string(&cert->next->subject, buf,
1874 wpa_printf(MSG_DEBUG, "X509: next cert "
1880 if (x509_valid_issuer(cert->next) < 0) {
1885 if ((cert->next->extensions_present &
1887 idx > cert->next->path_len_constraint) {
1891 cert->next->path_len_constraint);
1896 if (x509_certificate_check_signature(cert->next, cert)
1907 if (x509_name_compare(&cert->issuer, &trust->subject)
1920 if (x509_certificate_check_signature(trust, cert) < 0)
1962 struct x509_certificate *cert;
1964 for (cert = chain; cert; cert = cert->next) {
1965 cert->subject, name) == 0)
1966 return cert;
1974 * @cert: Certificate
1977 int x509_certificate_self_signed(struct x509_certificate *cert)
1979 return x509_name_compare(&cert->issuer, &cert->subject) == 0;
