[crypto] Generalise X.509 OID-identified algorithm to asn1.c

The concept of an OID-identified algorithm as defined in X.509 is used in some other standards (e.g. PKCS#7). Generalise this functionality and provide it as part of the ASN.1 core. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-23 05:21:49 +03:00 · 2012-03-21 13:57:32 +00:00
parent 9a03a8e3d2
commit 38b7e43f7d
5 changed files with 155 additions and 121 deletions
--- a/src/include/ipxe/asn1.h
+++ b/src/include/ipxe/asn1.h
@@ -9,6 +9,9 @@

 FILE_LICENCE ( GPL2_OR_LATER );

+#include <stdint.h>
+#include <ipxe/tables.h>
+
 /** An ASN.1 object cursor */
 struct asn1_cursor {
 	/** Start of data */
@@ -143,6 +146,24 @@ struct asn1_cursor {
 		.len = sizeof ( oid_value ),			\
 	}

+/** An ASN.1 OID-identified algorithm */
+struct asn1_algorithm {
+	/** Name */
+	const char *name;
+	/** Object identifier */
+	struct asn1_cursor oid;
+	/** Public-key algorithm (if applicable) */
+	struct pubkey_algorithm *pubkey;
+	/** Digest algorithm (if applicable) */
+	struct digest_algorithm *digest;
+};
+
+/** ASN.1 OID-identified algorithms */
+#define ASN1_ALGORITHMS __table ( struct asn1_algorithm, "asn1_algorithms" )
+
+/** Declare an ASN.1 OID-identified algorithm */
+#define __asn1_algorithm __table_entry ( ASN1_ALGORITHMS, 01 )
+
 /** An ASN.1 boolean */
 struct asn1_boolean {
 	/** Value */
@@ -181,5 +202,7 @@ extern int asn1_boolean ( const struct asn1_cursor *cursor );
 extern int asn1_integer ( const struct asn1_cursor *cursor, int *value );
 extern int asn1_compare ( const struct asn1_cursor *cursor1,
 			  const struct asn1_cursor *cursor2 );
+extern struct asn1_algorithm *
+asn1_algorithm ( const struct asn1_cursor *cursor );

 #endif /* _IPXE_ASN1_H */
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -14,29 +14,6 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <time.h>
 #include <ipxe/asn1.h>

-/** An X.509 algorithm */
-struct x509_algorithm {
-	/** Name */
-	const char *name;
-	/** Object identifier */
-	struct asn1_cursor oid;
-	/** Public-key algorithm */
-	struct pubkey_algorithm *pubkey;
-	/** Digest algorithm (if applicable) */
-	struct digest_algorithm *digest;
-};
-
-/**
- * Test if X.509 algorithm is a signature algorithm
- *
- * @v algorithm		Algorithm
- * @ret is_signature	Algorithm is a signature algorithm
- */
-static inline __attribute__ (( always_inline )) int
-x509_is_signature_algorithm ( struct x509_algorithm *algorithm ) {
-	return ( algorithm->digest != NULL );
-}
-
 /** An X.509 bit string */
 struct x509_bit_string {
 	/** Data */
@@ -80,7 +57,7 @@ struct x509_public_key {
 	/** Raw public key */
 	struct asn1_cursor raw;
 	/** Public key algorithm */
-	struct x509_algorithm *algorithm;
+	struct asn1_algorithm *algorithm;
 };

 /** An X.509 certificate subject */
@@ -96,7 +73,7 @@ struct x509_subject {
 /** An X.509 certificate signature */
 struct x509_signature {
 	/** Signature algorithm */
-	struct x509_algorithm *algorithm;
+	struct asn1_algorithm *algorithm;
 	/** Signature value */
 	struct x509_bit_string value;
 };
@@ -147,7 +124,7 @@ struct x509_certificate {
 	/** Raw tbsCertificate */
 	struct asn1_cursor tbs;
 	/** Signature algorithm */
-	struct x509_algorithm *signature_algorithm;
+	struct asn1_algorithm *signature_algorithm;
 	/** Issuer */
 	struct x509_issuer issuer;
 	/** Validity */