Lines Matching refs:cert
43 * @cert: Certificate to be freed
45 void x509_certificate_free(struct x509_certificate *cert)
47 if (cert == NULL)
49 if (cert->next) {
52 cert, cert->next);
54 x509_free_name(&cert->issuer);
55 x509_free_name(&cert->subject);
56 os_free(cert->public_key);
57 os_free(cert->sign_value);
58 os_free(cert);
64 * @cert: Pointer to the first certificate in the chain
66 void x509_certificate_chain_free(struct x509_certificate *cert)
70 while (cert) {
71 next = cert->next;
72 cert->next = NULL;
73 x509_certificate_free(cert);
74 cert = next;
220 struct x509_certificate *cert,
252 &cert->public_key_alg, &pos))
276 os_free(cert->public_key);
277 cert->public_key = os_malloc(hdr.length - 1);
278 if (cert->public_key == NULL) {
283 os_memcpy(cert->public_key, pos + 1, hdr.length - 1);
284 cert->public_key_len = hdr.length - 1;
286 cert->public_key, cert->public_key_len);
651 struct x509_certificate *cert, const u8 **next)
688 &cert->not_before) < 0) {
700 &cert->not_after) < 0) {
707 (unsigned long) cert->not_before,
708 (unsigned long) cert->not_after);
724 static int x509_parse_ext_key_usage(struct x509_certificate *cert,
752 cert->extensions_present |= X509_EXT_KEY_USAGE;
753 cert->key_usage = asn1_bit_string_to_long(hdr.payload, hdr.length);
755 wpa_printf(MSG_DEBUG, "X509: KeyUsage 0x%lx", cert->key_usage);
761 static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
783 cert->extensions_present |= X509_EXT_BASIC_CONSTRAINTS;
802 cert->ca = hdr.payload[0];
806 cert->ca);
835 cert->path_len_constraint = value;
836 cert->extensions_present |= X509_EXT_PATH_LEN_CONSTRAINT;
840 cert->ca, cert->path_len_constraint);
1023 static int x509_parse_ext_subject_alt_name(struct x509_certificate *cert,
1040 cert->extensions_present |= X509_EXT_SUBJECT_ALT_NAME;
1045 return x509_parse_ext_alt_name(&cert->subject, hdr.payload,
1050 static int x509_parse_ext_issuer_alt_name(struct x509_certificate *cert,
1067 cert->extensions_present |= X509_EXT_ISSUER_ALT_NAME;
1072 return x509_parse_ext_alt_name(&cert->issuer, hdr.payload,
1077 static int x509_parse_extension_data(struct x509_certificate *cert,
1093 return x509_parse_ext_key_usage(cert, pos, len);
1095 return x509_parse_ext_subject_alt_name(cert, pos, len);
1097 return x509_parse_ext_issuer_alt_name(cert, pos, len);
1099 return x509_parse_ext_basic_constraints(cert, pos, len);
1106 static int x509_parse_extension(struct x509_certificate *cert,
1175 res = x509_parse_extension_data(cert, &oid, hdr.payload, hdr.length);
1188 static int x509_parse_extensions(struct x509_certificate *cert,
1209 if (x509_parse_extension(cert, pos, end - pos, &pos)
1219 struct x509_certificate *cert,
1273 cert->version = value;
1274 if (cert->version != X509_CERT_V1 &&
1275 cert->version != X509_CERT_V2 &&
1276 cert->version != X509_CERT_V3) {
1278 cert->version + 1);
1285 cert->version = X509_CERT_V1;
1286 wpa_printf(MSG_MSGDUMP, "X509: Version X.509v%d", cert->version + 1);
1300 cert->serial_number <<= 8;
1301 cert->serial_number |= *pos++;
1304 wpa_printf(MSG_MSGDUMP, "X509: serialNumber %lu", cert->serial_number);
1307 if (x509_parse_algorithm_identifier(pos, end - pos, &cert->signature,
1312 if (x509_parse_name(pos, end - pos, &cert->issuer, &pos))
1314 x509_name_string(&cert->issuer, sbuf, sizeof(sbuf));
1318 if (x509_parse_validity(pos, end - pos, cert, &pos))
1322 if (x509_parse_name(pos, end - pos, &cert->subject, &pos))
1324 x509_name_string(&cert->subject, sbuf, sizeof(sbuf));
1328 if (x509_parse_public_key(pos, end - pos, cert, &pos))
1334 if (cert->version == X509_CERT_V1)
1393 if (cert->version != X509_CERT_V3) {
1396 "version 3", cert->version + 1);
1400 if (x509_parse_extensions(cert, hdr.payload, hdr.length) < 0)
1480 struct x509_certificate *cert;
1482 cert = os_zalloc(sizeof(*cert) + len);
1483 if (cert == NULL)
1485 os_memcpy(cert + 1, buf, len);
1486 cert->cert_start = (u8 *) (cert + 1);
1487 cert->cert_len = len;
1501 x509_certificate_free(cert);
1507 x509_certificate_free(cert);
1519 cert->tbs_cert_start = cert->cert_start + (hash_start - buf);
1520 if (x509_parse_tbs_certificate(pos, end - pos, cert, &pos)) {
1521 x509_certificate_free(cert);
1524 cert->tbs_cert_len = pos - hash_start;
1528 &cert->signature_alg, &pos)) {
1529 x509_certificate_free(cert);
1540 x509_certificate_free(cert);
1544 x509_certificate_free(cert);
1555 x509_certificate_free(cert);
1558 os_free(cert->sign_value);
1559 cert->sign_value = os_malloc(hdr.length - 1);
1560 if (cert->sign_value == NULL) {
1563 x509_certificate_free(cert);
1566 os_memcpy(cert->sign_value, pos + 1, hdr.length - 1);
1567 cert->sign_value_len = hdr.length - 1;
1569 cert->sign_value, cert->sign_value_len);
1571 return cert;
1578 * @cert: Certificate to be verified
1579 * Returns: 0 if cert has a valid signature that was signed by the issuer,
1583 struct x509_certificate *cert)
1594 if (!x509_pkcs_oid(&cert->signature.oid) ||
1595 cert->signature.oid.len != 7 ||
1596 cert->signature.oid.oid[5] != 1 /* pkcs-1 */) {
1607 data_len = cert->sign_value_len;
1614 if (crypto_public_key_decrypt_pkcs1(pk, cert->sign_value,
1615 cert->sign_value_len, data,
1678 if (cert->signature.oid.oid[6] !=
1683 cert->signature.oid.oid[6]);
1691 if (cert->signature.oid.oid[6] !=
1696 cert->signature.oid.oid[6]);
1710 if (cert->signature.oid.oid[6] != 4 /* md5WithRSAEncryption */)
1715 cert->signature.oid.oid[6]);
1746 switch (cert->signature.oid.oid[6]) {
1748 md5_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1755 sha1_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1762 sha256_vector(1, &cert->tbs_cert_start, &cert->tbs_cert_len,
1773 "algorithm (%lu)", cert->signature.oid.oid[6]);
1804 static int x509_valid_issuer(const struct x509_certificate *cert)
1806 if ((cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS) &&
1807 !cert->ca) {
1813 if (cert->version == X509_CERT_V3 &&
1814 !(cert->extensions_present & X509_EXT_BASIC_CONSTRAINTS)) {
1820 if ((cert->extensions_present & X509_EXT_KEY_USAGE) &&
1821 !(cert->key_usage & X509_KEY_USAGE_KEY_CERT_SIGN)) {
1845 struct x509_certificate *cert, *trust;
1854 for (cert = chain, idx = 0; cert; cert = cert->next, idx++) {
1855 x509_name_string(&cert->subject, buf, sizeof(buf));
1863 (unsigned long) cert->not_before ||
1865 (unsigned long) cert->not_after)) {
1868 now.sec, cert->not_before, cert->not_after);
1873 if (cert->next) {
1874 if (x509_name_compare(&cert->issuer,
1875 &cert->next->subject) != 0) {
1878 x509_name_string(&cert->issuer, buf,
1880 wpa_printf(MSG_DEBUG, "X509: cert issuer: %s",
1882 x509_name_string(&cert->next->subject, buf,
1884 wpa_printf(MSG_DEBUG, "X509: next cert "
1890 if (x509_valid_issuer(cert->next) < 0) {
1895 if ((cert->next->extensions_present &
1897 idx > cert->next->path_len_constraint) {
1901 cert->next->path_len_constraint);
1906 if (x509_certificate_check_signature(cert->next, cert)
1917 if (x509_name_compare(&cert->issuer, &trust->subject)
1930 if (x509_certificate_check_signature(trust, cert) < 0)
1972 struct x509_certificate *cert;
1974 for (cert = chain; cert; cert = cert->next) {
1975 if (x509_name_compare(&cert->subject, name) == 0)
1976 return cert;
1984 * @cert: Certificate
1987 int x509_certificate_self_signed(struct x509_certificate *cert)
1989 return x509_name_compare(&cert->issuer, &cert->subject) == 0;
