Browse Source

[crypto] Parse X.509 certificate serial number

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 12 years ago
parent
commit
c285378388
2 changed files with 37 additions and 2 deletions
  1. 29
    2
      src/crypto/x509.c
  2. 8
    0
      src/include/ipxe/x509.h

+ 29
- 2
src/crypto/x509.c View File

@@ -391,6 +391,31 @@ static int x509_parse_version ( struct x509_certificate *cert,
391 391
 	return 0;
392 392
 }
393 393
 
394
+/**
395
+ * Parse X.509 certificate serial number
396
+ *
397
+ * @v cert		X.509 certificate
398
+ * @v raw		ASN.1 cursor
399
+ * @ret rc		Return status code
400
+ */
401
+static int x509_parse_serial ( struct x509_certificate *cert,
402
+			       const struct asn1_cursor *raw ) {
403
+	struct x509_serial *serial = &cert->serial;
404
+	int rc;
405
+
406
+	/* Record raw serial number */
407
+	memcpy ( &serial->raw, raw, sizeof ( serial->raw ) );
408
+	if ( ( rc = asn1_shrink ( &serial->raw, ASN1_INTEGER ) ) != 0 ) {
409
+		DBGC ( cert, "X509 %p cannot shrink serialNumber: %s\n",
410
+		       cert, strerror ( rc ) );
411
+		return rc;
412
+	}
413
+	DBGC ( cert, "X509 %p issuer is:\n", cert );
414
+	DBGC_HDA ( cert, 0, serial->raw.data, serial->raw.len );
415
+
416
+	return 0;
417
+}
418
+
394 419
 /**
395 420
  * Parse X.509 certificate issuer
396 421
  *
@@ -818,8 +843,10 @@ static int x509_parse_tbscertificate ( struct x509_certificate *cert,
818 843
 		asn1_skip_any ( &cursor );
819 844
 	}
820 845
 
821
-	/* Skip serialNumber */
822
-	asn1_skip ( &cursor, ASN1_INTEGER );
846
+	/* Parse serialNumber */
847
+	if ( ( rc = x509_parse_serial ( cert, &cursor ) ) != 0 )
848
+		return rc;
849
+	asn1_skip_any ( &cursor );
823 850
 
824 851
 	/* Parse signature */
825 852
 	if ( ( rc = x509_parse_signature_algorithm ( cert, algorithm,

+ 8
- 0
src/include/ipxe/x509.h View File

@@ -24,6 +24,12 @@ struct x509_bit_string {
24 24
 	unsigned int unused;
25 25
 };
26 26
 
27
+/** An X.509 serial number */
28
+struct x509_serial {
29
+	/** Raw serial number */
30
+	struct asn1_cursor raw;
31
+};
32
+
27 33
 /** An X.509 issuer */
28 34
 struct x509_issuer {
29 35
 	/** Raw issuer */
@@ -121,6 +127,8 @@ struct x509_certificate {
121 127
 	struct asn1_cursor raw;
122 128
 	/** Version */
123 129
 	unsigned int version;
130
+	/** Serial number */
131
+	struct x509_serial serial;
124 132
 	/** Raw tbsCertificate */
125 133
 	struct asn1_cursor tbs;
126 134
 	/** Signature algorithm */

Loading…
Cancel
Save