Lines Matching +full:start +full:- +full:year
1 // SPDX-License-Identifier: GPL-2.0-or-later
21 unsigned long data; /* Start of data */
22 const void *cert_start; /* Start of cert content */
49 public_key_free(cert->pub); in x509_free_certificate()
50 public_key_signature_free(cert->sig); in x509_free_certificate()
51 kfree(cert->issuer); in x509_free_certificate()
52 kfree(cert->subject); in x509_free_certificate()
53 kfree(cert->id); in x509_free_certificate()
54 kfree(cert->skid); in x509_free_certificate()
70 ret = -ENOMEM; in x509_cert_parse()
74 cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL); in x509_cert_parse()
75 if (!cert->pub) in x509_cert_parse()
77 cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL); in x509_cert_parse()
78 if (!cert->sig) in x509_cert_parse()
84 ctx->cert = cert; in x509_cert_parse()
85 ctx->data = (unsigned long)data; in x509_cert_parse()
93 if (ctx->raw_akid) { in x509_cert_parse()
95 ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid); in x509_cert_parse()
97 ctx->raw_akid, ctx->raw_akid_size); in x509_cert_parse()
104 ret = -ENOMEM; in x509_cert_parse()
105 cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL); in x509_cert_parse()
106 if (!cert->pub->key) in x509_cert_parse()
109 cert->pub->keylen = ctx->key_size; in x509_cert_parse()
111 cert->pub->params = kmemdup(ctx->params, ctx->params_size, GFP_KERNEL); in x509_cert_parse()
112 if (!cert->pub->params) in x509_cert_parse()
115 cert->pub->paramlen = ctx->params_size; in x509_cert_parse()
116 cert->pub->algo = ctx->key_algo; in x509_cert_parse()
124 kid = asymmetric_key_generate_id(cert->raw_serial, in x509_cert_parse()
125 cert->raw_serial_size, in x509_cert_parse()
126 cert->raw_issuer, in x509_cert_parse()
127 cert->raw_issuer_size); in x509_cert_parse()
132 cert->id = kid; in x509_cert_parse()
134 /* Detect self-signed certificates */ in x509_cert_parse()
161 ctx->last_oid = look_up_OID(value, vlen); in x509_note_OID()
162 if (ctx->last_oid == OID__NR) { in x509_note_OID()
166 (unsigned long)value - ctx->data, buffer); in x509_note_OID()
182 hdrlen, tag, (unsigned long)value - ctx->data, vlen); in x509_note_tbs_certificate()
184 ctx->cert->tbs = value - hdrlen; in x509_note_tbs_certificate()
185 ctx->cert->tbs_size = vlen + hdrlen; in x509_note_tbs_certificate()
198 pr_debug("PubKey Algo: %u\n", ctx->last_oid); in x509_note_pkey_algo()
200 switch (ctx->last_oid) { in x509_note_pkey_algo()
204 return -ENOPKG; /* Unsupported combination */ in x509_note_pkey_algo()
207 ctx->cert->sig->hash_algo = "md4"; in x509_note_pkey_algo()
211 ctx->cert->sig->hash_algo = "sha1"; in x509_note_pkey_algo()
215 ctx->cert->sig->hash_algo = "sha256"; in x509_note_pkey_algo()
219 ctx->cert->sig->hash_algo = "sha384"; in x509_note_pkey_algo()
223 ctx->cert->sig->hash_algo = "sha512"; in x509_note_pkey_algo()
227 ctx->cert->sig->hash_algo = "sha224"; in x509_note_pkey_algo()
231 ctx->cert->sig->hash_algo = "sha1"; in x509_note_pkey_algo()
235 ctx->cert->sig->hash_algo = "sha224"; in x509_note_pkey_algo()
239 ctx->cert->sig->hash_algo = "sha256"; in x509_note_pkey_algo()
243 ctx->cert->sig->hash_algo = "sha384"; in x509_note_pkey_algo()
247 ctx->cert->sig->hash_algo = "sha512"; in x509_note_pkey_algo()
251 ctx->cert->sig->hash_algo = "streebog256"; in x509_note_pkey_algo()
255 ctx->cert->sig->hash_algo = "streebog512"; in x509_note_pkey_algo()
259 ctx->cert->sig->hash_algo = "sm3"; in x509_note_pkey_algo()
264 ctx->cert->sig->pkey_algo = "rsa"; in x509_note_pkey_algo()
265 ctx->cert->sig->encoding = "pkcs1"; in x509_note_pkey_algo()
266 ctx->algo_oid = ctx->last_oid; in x509_note_pkey_algo()
269 ctx->cert->sig->pkey_algo = "ecrdsa"; in x509_note_pkey_algo()
270 ctx->cert->sig->encoding = "raw"; in x509_note_pkey_algo()
271 ctx->algo_oid = ctx->last_oid; in x509_note_pkey_algo()
274 ctx->cert->sig->pkey_algo = "sm2"; in x509_note_pkey_algo()
275 ctx->cert->sig->encoding = "raw"; in x509_note_pkey_algo()
276 ctx->algo_oid = ctx->last_oid; in x509_note_pkey_algo()
279 ctx->cert->sig->pkey_algo = "ecdsa"; in x509_note_pkey_algo()
280 ctx->cert->sig->encoding = "x962"; in x509_note_pkey_algo()
281 ctx->algo_oid = ctx->last_oid; in x509_note_pkey_algo()
294 pr_debug("Signature type: %u size %zu\n", ctx->last_oid, vlen); in x509_note_signature()
296 if (ctx->last_oid != ctx->algo_oid) { in x509_note_signature()
298 ctx->algo_oid, ctx->last_oid); in x509_note_signature()
299 return -EINVAL; in x509_note_signature()
302 if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 || in x509_note_signature()
303 strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 || in x509_note_signature()
304 strcmp(ctx->cert->sig->pkey_algo, "sm2") == 0 || in x509_note_signature()
305 strcmp(ctx->cert->sig->pkey_algo, "ecdsa") == 0) { in x509_note_signature()
308 return -EBADMSG; in x509_note_signature()
311 vlen--; in x509_note_signature()
314 ctx->cert->raw_sig = value; in x509_note_signature()
315 ctx->cert->raw_sig_size = vlen; in x509_note_signature()
327 ctx->cert->raw_serial = value; in x509_note_serial()
328 ctx->cert->raw_serial_size = vlen; in x509_note_serial()
341 switch (ctx->last_oid) { in x509_extract_name_segment()
343 ctx->cn_size = vlen; in x509_extract_name_segment()
344 ctx->cn_offset = (unsigned long)value - ctx->data; in x509_extract_name_segment()
347 ctx->o_size = vlen; in x509_extract_name_segment()
348 ctx->o_offset = (unsigned long)value - ctx->data; in x509_extract_name_segment()
351 ctx->email_size = vlen; in x509_extract_name_segment()
352 ctx->email_offset = (unsigned long)value - ctx->data; in x509_extract_name_segment()
368 const void *name, *data = (const void *)ctx->data; in x509_fabricate_name()
373 return -EINVAL; in x509_fabricate_name()
376 if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) { in x509_fabricate_name()
379 return -ENOMEM; in x509_fabricate_name()
384 if (ctx->cn_size && ctx->o_size) { in x509_fabricate_name()
388 namesize = ctx->cn_size; in x509_fabricate_name()
389 name = data + ctx->cn_offset; in x509_fabricate_name()
390 if (ctx->cn_size >= ctx->o_size && in x509_fabricate_name()
391 memcmp(data + ctx->cn_offset, data + ctx->o_offset, in x509_fabricate_name()
392 ctx->o_size) == 0) in x509_fabricate_name()
394 if (ctx->cn_size >= 7 && in x509_fabricate_name()
395 ctx->o_size >= 7 && in x509_fabricate_name()
396 memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0) in x509_fabricate_name()
399 buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1, in x509_fabricate_name()
402 return -ENOMEM; in x509_fabricate_name()
405 data + ctx->o_offset, ctx->o_size); in x509_fabricate_name()
406 buffer[ctx->o_size + 0] = ':'; in x509_fabricate_name()
407 buffer[ctx->o_size + 1] = ' '; in x509_fabricate_name()
408 memcpy(buffer + ctx->o_size + 2, in x509_fabricate_name()
409 data + ctx->cn_offset, ctx->cn_size); in x509_fabricate_name()
410 buffer[ctx->o_size + 2 + ctx->cn_size] = 0; in x509_fabricate_name()
413 } else if (ctx->cn_size) { in x509_fabricate_name()
414 namesize = ctx->cn_size; in x509_fabricate_name()
415 name = data + ctx->cn_offset; in x509_fabricate_name()
416 } else if (ctx->o_size) { in x509_fabricate_name()
417 namesize = ctx->o_size; in x509_fabricate_name()
418 name = data + ctx->o_offset; in x509_fabricate_name()
420 namesize = ctx->email_size; in x509_fabricate_name()
421 name = data + ctx->email_offset; in x509_fabricate_name()
427 return -ENOMEM; in x509_fabricate_name()
433 ctx->cn_size = 0; in x509_fabricate_name()
434 ctx->o_size = 0; in x509_fabricate_name()
435 ctx->email_size = 0; in x509_fabricate_name()
444 ctx->cert->raw_issuer = value; in x509_note_issuer()
445 ctx->cert->raw_issuer_size = vlen; in x509_note_issuer()
446 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen); in x509_note_issuer()
454 ctx->cert->raw_subject = value; in x509_note_subject()
455 ctx->cert->raw_subject_size = vlen; in x509_note_subject()
456 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen); in x509_note_subject()
473 if (!ctx->cert->raw_subject || ctx->key) in x509_note_params()
475 ctx->params = value - hdrlen; in x509_note_params()
476 ctx->params_size = vlen + hdrlen; in x509_note_params()
490 ctx->key_algo = ctx->last_oid; in x509_extract_key_data()
491 switch (ctx->last_oid) { in x509_extract_key_data()
493 ctx->cert->pub->pkey_algo = "rsa"; in x509_extract_key_data()
497 ctx->cert->pub->pkey_algo = "ecrdsa"; in x509_extract_key_data()
500 if (parse_OID(ctx->params, ctx->params_size, &oid) != 0) in x509_extract_key_data()
501 return -EBADMSG; in x509_extract_key_data()
505 ctx->cert->pub->pkey_algo = "sm2"; in x509_extract_key_data()
508 ctx->cert->pub->pkey_algo = "ecdsa-nist-p192"; in x509_extract_key_data()
511 ctx->cert->pub->pkey_algo = "ecdsa-nist-p256"; in x509_extract_key_data()
514 ctx->cert->pub->pkey_algo = "ecdsa-nist-p384"; in x509_extract_key_data()
517 return -ENOPKG; in x509_extract_key_data()
521 return -ENOPKG; in x509_extract_key_data()
526 return -EBADMSG; in x509_extract_key_data()
527 ctx->key = value + 1; in x509_extract_key_data()
528 ctx->key_size = vlen - 1; in x509_extract_key_data()
546 pr_debug("Extension: %u\n", ctx->last_oid); in x509_process_extension()
548 if (ctx->last_oid == OID_subjectKeyIdentifier) { in x509_process_extension()
550 if (ctx->cert->skid || vlen < 3) in x509_process_extension()
551 return -EBADMSG; in x509_process_extension()
552 if (v[0] != ASN1_OTS || v[1] != vlen - 2) in x509_process_extension()
553 return -EBADMSG; in x509_process_extension()
555 vlen -= 2; in x509_process_extension()
557 ctx->cert->raw_skid_size = vlen; in x509_process_extension()
558 ctx->cert->raw_skid = v; in x509_process_extension()
562 ctx->cert->skid = kid; in x509_process_extension()
563 pr_debug("subjkeyid %*phN\n", kid->len, kid->data); in x509_process_extension()
567 if (ctx->last_oid == OID_authorityKeyIdentifier) { in x509_process_extension()
569 ctx->raw_akid = v; in x509_process_extension()
570 ctx->raw_akid_size = vlen; in x509_process_extension()
578 * x509_decode_time - Decode an X.509 time ASN.1 object
590 * dates through the year 2049 as UTCTime; certificate validity dates in
602 unsigned year, mon, day, hour, min, sec, mon_len; in x509_decode_time() local
604 #define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; }) in x509_decode_time()
611 year = DD2bin(p); in x509_decode_time()
612 if (year >= 50) in x509_decode_time()
613 year += 1900; in x509_decode_time()
615 year += 2000; in x509_decode_time()
620 year = DD2bin(p) * 100 + DD2bin(p); in x509_decode_time()
621 if (year >= 1950 && year <= 2049) in x509_decode_time()
636 if (year < 1970 || in x509_decode_time()
640 mon_len = month_lengths[mon - 1]; in x509_decode_time()
642 if (year % 4 == 0) { in x509_decode_time()
644 if (year % 100 == 0) { in x509_decode_time()
646 if (year % 400 == 0) in x509_decode_time()
658 *_t = mktime64(year, mon, day, hour, min, sec); in x509_decode_time()
664 return -EBADMSG; in x509_decode_time()
668 return -EBADMSG; in x509_decode_time()
677 return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen); in x509_note_not_before()
685 return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen); in x509_note_not_after()
689 * Note a key identifier-based AuthorityKeyIdentifier
700 if (ctx->cert->sig->auth_ids[1]) in x509_akid_note_kid()
706 pr_debug("authkeyid %*phN\n", kid->len, kid->data); in x509_akid_note_kid()
707 ctx->cert->sig->auth_ids[1] = kid; in x509_akid_note_kid()
722 ctx->akid_raw_issuer = value; in x509_akid_note_name()
723 ctx->akid_raw_issuer_size = vlen; in x509_akid_note_name()
739 if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0]) in x509_akid_note_serial()
744 ctx->akid_raw_issuer, in x509_akid_note_serial()
745 ctx->akid_raw_issuer_size); in x509_akid_note_serial()
749 pr_debug("authkeyid %*phN\n", kid->len, kid->data); in x509_akid_note_serial()
750 ctx->cert->sig->auth_ids[0] = kid; in x509_akid_note_serial()