Lines Matching +full:start +full:- +full:year
1 // SPDX-License-Identifier: GPL-2.0-or-later
21 unsigned long data; /* Start of data */
22 const void *cert_start; /* Start of cert content */
49 public_key_free(cert->pub); in x509_free_certificate()
50 public_key_signature_free(cert->sig); in x509_free_certificate()
51 kfree(cert->issuer); in x509_free_certificate()
52 kfree(cert->subject); in x509_free_certificate()
53 kfree(cert->id); in x509_free_certificate()
54 kfree(cert->skid); in x509_free_certificate()
70 ret = -ENOMEM; in x509_cert_parse()
74 cert->pub = kzalloc(sizeof(struct public_key), GFP_KERNEL); in x509_cert_parse()
75 if (!cert->pub) in x509_cert_parse()
77 cert->sig = kzalloc(sizeof(struct public_key_signature), GFP_KERNEL); in x509_cert_parse()
78 if (!cert->sig) in x509_cert_parse()
84 ctx->cert = cert; in x509_cert_parse()
85 ctx->data = (unsigned long)data; in x509_cert_parse()
93 if (ctx->raw_akid) { in x509_cert_parse()
95 ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid); in x509_cert_parse()
97 ctx->raw_akid, ctx->raw_akid_size); in x509_cert_parse()
104 ret = -ENOMEM; in x509_cert_parse()
105 cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL); in x509_cert_parse()
106 if (!cert->pub->key) in x509_cert_parse()
109 cert->pub->keylen = ctx->key_size; in x509_cert_parse()
111 cert->pub->params = kmemdup(ctx->params, ctx->params_size, GFP_KERNEL); in x509_cert_parse()
112 if (!cert->pub->params) in x509_cert_parse()
115 cert->pub->paramlen = ctx->params_size; in x509_cert_parse()
116 cert->pub->algo = ctx->key_algo; in x509_cert_parse()
124 kid = asymmetric_key_generate_id(cert->raw_serial, in x509_cert_parse()
125 cert->raw_serial_size, in x509_cert_parse()
126 cert->raw_issuer, in x509_cert_parse()
127 cert->raw_issuer_size); in x509_cert_parse()
132 cert->id = kid; in x509_cert_parse()
134 /* Detect self-signed certificates */ in x509_cert_parse()
161 ctx->last_oid = look_up_OID(value, vlen); in x509_note_OID()
162 if (ctx->last_oid == OID__NR) { in x509_note_OID()
166 (unsigned long)value - ctx->data, buffer); in x509_note_OID()
182 hdrlen, tag, (unsigned long)value - ctx->data, vlen); in x509_note_tbs_certificate()
184 ctx->cert->tbs = value - hdrlen; in x509_note_tbs_certificate()
185 ctx->cert->tbs_size = vlen + hdrlen; in x509_note_tbs_certificate()
198 pr_debug("PubKey Algo: %u\n", ctx->last_oid); in x509_note_pkey_algo()
200 switch (ctx->last_oid) { in x509_note_pkey_algo()
204 return -ENOPKG; /* Unsupported combination */ in x509_note_pkey_algo()
207 ctx->cert->sig->hash_algo = "md4"; in x509_note_pkey_algo()
211 ctx->cert->sig->hash_algo = "sha1"; in x509_note_pkey_algo()
215 ctx->cert->sig->hash_algo = "sha256"; in x509_note_pkey_algo()
219 ctx->cert->sig->hash_algo = "sha384"; in x509_note_pkey_algo()
223 ctx->cert->sig->hash_algo = "sha512"; in x509_note_pkey_algo()
227 ctx->cert->sig->hash_algo = "sha224"; in x509_note_pkey_algo()
231 ctx->cert->sig->hash_algo = "streebog256"; in x509_note_pkey_algo()
235 ctx->cert->sig->hash_algo = "streebog512"; in x509_note_pkey_algo()
239 ctx->cert->sig->hash_algo = "sm3"; in x509_note_pkey_algo()
244 ctx->cert->sig->pkey_algo = "rsa"; in x509_note_pkey_algo()
245 ctx->cert->sig->encoding = "pkcs1"; in x509_note_pkey_algo()
246 ctx->algo_oid = ctx->last_oid; in x509_note_pkey_algo()
249 ctx->cert->sig->pkey_algo = "ecrdsa"; in x509_note_pkey_algo()
250 ctx->cert->sig->encoding = "raw"; in x509_note_pkey_algo()
251 ctx->algo_oid = ctx->last_oid; in x509_note_pkey_algo()
254 ctx->cert->sig->pkey_algo = "sm2"; in x509_note_pkey_algo()
255 ctx->cert->sig->encoding = "raw"; in x509_note_pkey_algo()
256 ctx->algo_oid = ctx->last_oid; in x509_note_pkey_algo()
269 pr_debug("Signature type: %u size %zu\n", ctx->last_oid, vlen); in x509_note_signature()
271 if (ctx->last_oid != ctx->algo_oid) { in x509_note_signature()
273 ctx->algo_oid, ctx->last_oid); in x509_note_signature()
274 return -EINVAL; in x509_note_signature()
277 if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 || in x509_note_signature()
278 strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 || in x509_note_signature()
279 strcmp(ctx->cert->sig->pkey_algo, "sm2") == 0) { in x509_note_signature()
282 return -EBADMSG; in x509_note_signature()
285 vlen--; in x509_note_signature()
288 ctx->cert->raw_sig = value; in x509_note_signature()
289 ctx->cert->raw_sig_size = vlen; in x509_note_signature()
301 ctx->cert->raw_serial = value; in x509_note_serial()
302 ctx->cert->raw_serial_size = vlen; in x509_note_serial()
315 switch (ctx->last_oid) { in x509_extract_name_segment()
317 ctx->cn_size = vlen; in x509_extract_name_segment()
318 ctx->cn_offset = (unsigned long)value - ctx->data; in x509_extract_name_segment()
321 ctx->o_size = vlen; in x509_extract_name_segment()
322 ctx->o_offset = (unsigned long)value - ctx->data; in x509_extract_name_segment()
325 ctx->email_size = vlen; in x509_extract_name_segment()
326 ctx->email_offset = (unsigned long)value - ctx->data; in x509_extract_name_segment()
342 const void *name, *data = (const void *)ctx->data; in x509_fabricate_name()
347 return -EINVAL; in x509_fabricate_name()
350 if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) { in x509_fabricate_name()
353 return -ENOMEM; in x509_fabricate_name()
358 if (ctx->cn_size && ctx->o_size) { in x509_fabricate_name()
362 namesize = ctx->cn_size; in x509_fabricate_name()
363 name = data + ctx->cn_offset; in x509_fabricate_name()
364 if (ctx->cn_size >= ctx->o_size && in x509_fabricate_name()
365 memcmp(data + ctx->cn_offset, data + ctx->o_offset, in x509_fabricate_name()
366 ctx->o_size) == 0) in x509_fabricate_name()
368 if (ctx->cn_size >= 7 && in x509_fabricate_name()
369 ctx->o_size >= 7 && in x509_fabricate_name()
370 memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0) in x509_fabricate_name()
373 buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1, in x509_fabricate_name()
376 return -ENOMEM; in x509_fabricate_name()
379 data + ctx->o_offset, ctx->o_size); in x509_fabricate_name()
380 buffer[ctx->o_size + 0] = ':'; in x509_fabricate_name()
381 buffer[ctx->o_size + 1] = ' '; in x509_fabricate_name()
382 memcpy(buffer + ctx->o_size + 2, in x509_fabricate_name()
383 data + ctx->cn_offset, ctx->cn_size); in x509_fabricate_name()
384 buffer[ctx->o_size + 2 + ctx->cn_size] = 0; in x509_fabricate_name()
387 } else if (ctx->cn_size) { in x509_fabricate_name()
388 namesize = ctx->cn_size; in x509_fabricate_name()
389 name = data + ctx->cn_offset; in x509_fabricate_name()
390 } else if (ctx->o_size) { in x509_fabricate_name()
391 namesize = ctx->o_size; in x509_fabricate_name()
392 name = data + ctx->o_offset; in x509_fabricate_name()
394 namesize = ctx->email_size; in x509_fabricate_name()
395 name = data + ctx->email_offset; in x509_fabricate_name()
401 return -ENOMEM; in x509_fabricate_name()
407 ctx->cn_size = 0; in x509_fabricate_name()
408 ctx->o_size = 0; in x509_fabricate_name()
409 ctx->email_size = 0; in x509_fabricate_name()
418 ctx->cert->raw_issuer = value; in x509_note_issuer()
419 ctx->cert->raw_issuer_size = vlen; in x509_note_issuer()
420 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen); in x509_note_issuer()
428 ctx->cert->raw_subject = value; in x509_note_subject()
429 ctx->cert->raw_subject_size = vlen; in x509_note_subject()
430 return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen); in x509_note_subject()
447 if (!ctx->cert->raw_subject || ctx->key) in x509_note_params()
449 ctx->params = value - hdrlen; in x509_note_params()
450 ctx->params_size = vlen + hdrlen; in x509_note_params()
463 ctx->key_algo = ctx->last_oid; in x509_extract_key_data()
464 switch (ctx->last_oid) { in x509_extract_key_data()
466 ctx->cert->pub->pkey_algo = "rsa"; in x509_extract_key_data()
470 ctx->cert->pub->pkey_algo = "ecrdsa"; in x509_extract_key_data()
473 ctx->cert->pub->pkey_algo = "sm2"; in x509_extract_key_data()
476 return -ENOPKG; in x509_extract_key_data()
481 return -EBADMSG; in x509_extract_key_data()
482 ctx->key = value + 1; in x509_extract_key_data()
483 ctx->key_size = vlen - 1; in x509_extract_key_data()
501 pr_debug("Extension: %u\n", ctx->last_oid); in x509_process_extension()
503 if (ctx->last_oid == OID_subjectKeyIdentifier) { in x509_process_extension()
505 if (ctx->cert->skid || vlen < 3) in x509_process_extension()
506 return -EBADMSG; in x509_process_extension()
507 if (v[0] != ASN1_OTS || v[1] != vlen - 2) in x509_process_extension()
508 return -EBADMSG; in x509_process_extension()
510 vlen -= 2; in x509_process_extension()
512 ctx->cert->raw_skid_size = vlen; in x509_process_extension()
513 ctx->cert->raw_skid = v; in x509_process_extension()
517 ctx->cert->skid = kid; in x509_process_extension()
518 pr_debug("subjkeyid %*phN\n", kid->len, kid->data); in x509_process_extension()
522 if (ctx->last_oid == OID_authorityKeyIdentifier) { in x509_process_extension()
524 ctx->raw_akid = v; in x509_process_extension()
525 ctx->raw_akid_size = vlen; in x509_process_extension()
533 * x509_decode_time - Decode an X.509 time ASN.1 object
545 * dates through the year 2049 as UTCTime; certificate validity dates in
557 unsigned year, mon, day, hour, min, sec, mon_len; in x509_decode_time() local
559 #define dec2bin(X) ({ unsigned char x = (X) - '0'; if (x > 9) goto invalid_time; x; }) in x509_decode_time()
566 year = DD2bin(p); in x509_decode_time()
567 if (year >= 50) in x509_decode_time()
568 year += 1900; in x509_decode_time()
570 year += 2000; in x509_decode_time()
575 year = DD2bin(p) * 100 + DD2bin(p); in x509_decode_time()
576 if (year >= 1950 && year <= 2049) in x509_decode_time()
591 if (year < 1970 || in x509_decode_time()
595 mon_len = month_lengths[mon - 1]; in x509_decode_time()
597 if (year % 4 == 0) { in x509_decode_time()
599 if (year % 100 == 0) { in x509_decode_time()
601 if (year % 400 == 0) in x509_decode_time()
613 *_t = mktime64(year, mon, day, hour, min, sec); in x509_decode_time()
619 return -EBADMSG; in x509_decode_time()
623 return -EBADMSG; in x509_decode_time()
632 return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen); in x509_note_not_before()
640 return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen); in x509_note_not_after()
644 * Note a key identifier-based AuthorityKeyIdentifier
655 if (ctx->cert->sig->auth_ids[1]) in x509_akid_note_kid()
661 pr_debug("authkeyid %*phN\n", kid->len, kid->data); in x509_akid_note_kid()
662 ctx->cert->sig->auth_ids[1] = kid; in x509_akid_note_kid()
677 ctx->akid_raw_issuer = value; in x509_akid_note_name()
678 ctx->akid_raw_issuer_size = vlen; in x509_akid_note_name()
694 if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0]) in x509_akid_note_serial()
699 ctx->akid_raw_issuer, in x509_akid_note_serial()
700 ctx->akid_raw_issuer_size); in x509_akid_note_serial()
704 pr_debug("authkeyid %*phN\n", kid->len, kid->data); in x509_akid_note_serial()
705 ctx->cert->sig->auth_ids[0] = kid; in x509_akid_note_serial()