linux_dsm_epyc7002/crypto/asymmetric_keys
David Howells 4573b64a31 X.509: Support X.509 lookup by Issuer+Serial form AuthorityKeyIdentifier
If an X.509 certificate has an AuthorityKeyIdentifier extension that provides
an issuer and serialNumber, then make it so that these are used in preference
to the keyIdentifier field also held therein for searching for the signing
certificate.

If both the issuer+serialNumber and the keyIdentifier are supplied, then the
certificate is looked up by the former but the latter is checked as well.  If
the latter doesn't match the subjectKeyIdentifier of the parent certificate,
EKEYREJECTED is returned.

This makes it possible to chain X.509 certificates based on the issuer and
serialNumber fields rather than on subjectKeyIdentifier.  This is necessary as
we are having to deal with keys that are represented by X.509 certificates
that lack a subjectKeyIdentifier.

Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Vivek Goyal <vgoyal@redhat.com>
2015-08-07 16:26:13 +01:00
..
.gitignore X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
asymmetric_keys.h KEYS: fix "ca_keys=" partial key matching 2015-05-21 13:58:59 -04:00
asymmetric_type.c KEYS: fix "ca_keys=" partial key matching 2015-05-21 13:58:59 -04:00
Kconfig Merge branch 'keys-fixes' into keys-next 2014-07-22 21:55:45 +01:00
Makefile X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
mscode_parser.c pefile: Handle pesign using the wrong OID 2014-07-09 14:58:37 +01:00
mscode.asn1 pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
pkcs7_key_type.c crypto/asymmetric_keys: pkcs7_key_type needs module.h 2015-06-16 14:12:26 -04:00
pkcs7_parser.c KEYS: Overhaul key identification when searching for asymmetric keys 2014-09-16 17:36:13 +01:00
pkcs7_parser.h PKCS#7: Better handling of unsupported crypto 2014-09-16 17:36:15 +01:00
pkcs7_trust.c X.509: Support X.509 lookup by Issuer+Serial form AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
pkcs7_verify.c X.509: Support X.509 lookup by Issuer+Serial form AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
pkcs7.asn1 PKCS#7: Implement a parser [RFC 2315] 2014-07-08 13:49:56 +01:00
public_key.c KEYS: Fix public_key asymmetric key subtype name 2014-09-03 10:27:28 +10:00
public_key.h KEYS: Split public_key_verify_signature() and make available 2013-09-25 17:17:00 +01:00
rsa.c crypto: asymmetric_keys/rsa - Use non-conflicting variable name 2015-06-25 23:18:33 +08:00
signature.c KEYS: Set pr_fmt() in asymmetric key signature handling 2014-09-03 11:08:45 +10:00
verify_pefile.c PEFILE: Relax the check on the length of the PKCS#7 cert 2014-09-03 10:30:24 +10:00
verify_pefile.h pefile: Parse the "Microsoft individual code signing" data blob 2014-07-09 14:58:37 +01:00
x509_akid.asn1 X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_cert_parser.c X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_parser.h X.509: Extract both parts of the AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_public_key.c X.509: Support X.509 lookup by Issuer+Serial form AuthorityKeyIdentifier 2015-08-07 16:26:13 +01:00
x509_rsakey.asn1 X.509: Add a crypto key parser for binary (DER) X.509 certificates 2012-10-08 13:50:22 +10:30
x509.asn1 X.509: Add bits needed for PKCS#7 2014-07-01 16:40:19 +01:00