[apple/security.git] / OSX / libsecurity_keychain / libDER / libDER / DER_CertCrl.h

/*
 * Copyright (c) 2005-2016 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


/*
 * DER_CertCrl.h - support for decoding X509 certificates and CRLs
 *
 */
 
#ifndef	_DER_CERT_CRL_H_
#define _DER_CERT_CRL_H_

#include <libDER/libDER.h>
#include <libDER/DER_Decode.h>

__BEGIN_DECLS

/* 
 * Top level cert or CRL - the two are identical at this level - three 
 * components. The tbs field is saved in full DER form for sig verify. 
 */
typedef struct {
	DERItem		tbs;			/* sequence, DERTBSCert, DER_DEC_SAVE_DER */
	DERItem		sigAlg;			/* sequence, DERAlgorithmId */
	DERItem		sig;			/* bit string */
} DERSignedCertCrl;

/* DERItemSpecs to decode into a DERSignedCertCrl */
extern const DERItemSpec DERSignedCertCrlItemSpecs[];
extern const DERSize DERNumSignedCertCrlItemSpecs;

/* TBS cert components */
typedef struct {
	DERItem		version;		/* integer, optional, EXPLICIT */
	DERItem		serialNum;		/* integer */
	DERItem		tbsSigAlg;		/* sequence, DERAlgorithmId */
	DERItem		issuer;			/* sequence, TBD */
	DERItem		validity;		/* sequence,  DERValidity */
	DERItem		subject;		/* sequence, TBD */
	DERItem		subjectPubKey;	/* sequence, DERSubjPubKeyInfo */
	DERItem		issuerID;		/* bit string, optional */
	DERItem		subjectID;		/* bit string, optional */
	DERItem		extensions;		/* sequence, optional, EXPLICIT */
} DERTBSCert;

/* DERItemSpecs to decode into a DERTBSCert */
extern const DERItemSpec DERTBSCertItemSpecs[];
extern const DERSize DERNumTBSCertItemSpecs;

/* 
 * validity - components can be either UTC or generalized time.
 * Both are ASN_ANY with DER_DEC_SAVE_DER.
 */
typedef struct {
	DERItem		notBefore;
	DERItem		notAfter;
} DERValidity;

/* DERItemSpecs to decode into a DERValidity */
extern const DERItemSpec DERValidityItemSpecs[];
extern const DERSize DERNumValidityItemSpecs;

/* AttributeTypeAndValue components. */
typedef struct {
	DERItem		type;
	DERItem		value;
} DERAttributeTypeAndValue;

/* DERItemSpecs to decode into DERAttributeTypeAndValue */
extern const DERItemSpec DERAttributeTypeAndValueItemSpecs[];
extern const DERSize DERNumAttributeTypeAndValueItemSpecs;

/* Extension components */
typedef struct {
	DERItem		extnID;
	DERItem		critical;
	DERItem		extnValue;
} DERExtension;

/* DERItemSpecs to decode into DERExtension */
extern const DERItemSpec DERExtensionItemSpecs[];
extern const DERSize DERNumExtensionItemSpecs;

/* BasicConstraints components. */
typedef struct {
	DERItem		cA;
	DERItem		pathLenConstraint;
} DERBasicConstraints;

/* DERItemSpecs to decode into DERBasicConstraints */
extern const DERItemSpec DERBasicConstraintsItemSpecs[];
extern const DERSize DERNumBasicConstraintsItemSpecs;

/* NameConstraints components. */
typedef struct {
    DERItem		permittedSubtrees;
    DERItem		excludedSubtrees;
} DERNameConstraints;

/* DERItemSpecs to decode into a DERNameConstraints */
extern const DERItemSpec DERNameConstraintsItemSpecs[];
extern const DERSize DERNumNameConstraintsItemSpecs;

/* GeneralSubtree components. */
typedef struct {
    DERItem		generalName;
    DERItem		minimum;
    DERItem		maximum;
} DERGeneralSubtree;

/* DERItemSpecs to decode into a DERGeneralSubtree */
extern const DERItemSpec DERGeneralSubtreeItemSpecs[];
extern const DERSize DERNumGeneralSubtreeItemSpecs;

/* PrivateKeyUsagePeriod components. */
typedef struct {
	DERItem		notBefore;
	DERItem		notAfter;
} DERPrivateKeyUsagePeriod;

/* DERItemSpecs to decode into a DERPrivateKeyUsagePeriod */
extern const DERItemSpec DERPrivateKeyUsagePeriodItemSpecs[];
extern const DERSize DERNumPrivateKeyUsagePeriodItemSpecs;

/* DistributionPoint components. */
typedef struct {
	DERItem		distributionPoint;
	DERItem		reasons;
    DERItem     cRLIssuer;
} DERDistributionPoint;

/* DERItemSpecs to decode into a DERDistributionPoint */
extern const DERItemSpec DERDistributionPointItemSpecs[];
extern const DERSize DERNumDistributionPointItemSpecs;

/* PolicyInformation components. */
typedef struct {
    DERItem policyIdentifier;
    DERItem policyQualifiers;
} DERPolicyInformation;

/* DERItemSpecs to decode into a DERPolicyInformation */
extern const DERItemSpec DERPolicyInformationItemSpecs[];
extern const DERSize DERNumPolicyInformationItemSpecs;

/* PolicyQualifierInfo components. */
typedef struct {
    DERItem policyQualifierID;
    DERItem qualifier;
} DERPolicyQualifierInfo;

/* DERItemSpecs to decode into a DERPolicyQualifierInfo */
extern const DERItemSpec DERPolicyQualifierInfoItemSpecs[];
extern const DERSize DERNumPolicyQualifierInfoItemSpecs;

/* UserNotice components. */
typedef struct {
    DERItem noticeRef;
    DERItem explicitText;
} DERUserNotice;

/* DERItemSpecs to decode into a DERUserNotice */
extern const DERItemSpec DERUserNoticeItemSpecs[];
extern const DERSize DERNumUserNoticeItemSpecs;

/* NoticeReference components. */
typedef struct {
    DERItem organization;
    DERItem noticeNumbers;
} DERNoticeReference;

/* DERItemSpecs to decode into a DERNoticeReference */
extern const DERItemSpec DERNoticeReferenceItemSpecs[];
extern const DERSize DERNumNoticeReferenceItemSpecs;

/* PolicyMapping components. */
typedef struct {
    DERItem issuerDomainPolicy;
    DERItem subjectDomainPolicy;
} DERPolicyMapping;

/* DERItemSpecs to decode into a DERPolicyMapping */
extern const DERItemSpec DERPolicyMappingItemSpecs[];
extern const DERSize DERNumPolicyMappingItemSpecs;

/* AccessDescription components. */
typedef struct {
    DERItem accessMethod;
    DERItem accessLocation;
} DERAccessDescription;

/* DERItemSpecs to decode into a DERAccessDescription */
extern const DERItemSpec DERAccessDescriptionItemSpecs[];
extern const DERSize DERNumAccessDescriptionItemSpecs;

/* AuthorityKeyIdentifier components. */
typedef struct {
    DERItem keyIdentifier;
    DERItem authorityCertIssuer;
    DERItem authorityCertSerialNumber;
} DERAuthorityKeyIdentifier;

/* DERItemSpecs to decode into a DERAuthorityKeyIdentifier */
extern const DERItemSpec DERAuthorityKeyIdentifierItemSpecs[];
extern const DERSize DERNumAuthorityKeyIdentifierItemSpecs;

/* OtherName components. */
typedef struct {
    DERItem typeIdentifier;
    DERItem value;
} DEROtherName;

/* DERItemSpecs to decode into a DEROtherName */
extern const DERItemSpec DEROtherNameItemSpecs[];
extern const DERSize DERNumOtherNameItemSpecs;

/* PolicyConstraints components. */
typedef struct {
    DERItem requireExplicitPolicy;
    DERItem inhibitPolicyMapping;
} DERPolicyConstraints;

/* DERItemSpecs to decode into a DERPolicyConstraints */
extern const DERItemSpec DERPolicyConstraintsItemSpecs[];
extern const DERSize DERNumPolicyConstraintsItemSpecs;

/* TBS CRL */
typedef struct {
	DERItem		version;		/* integer, optional */
	DERItem		tbsSigAlg;		/* sequence, DERAlgorithmId */
	DERItem		issuer;			/* sequence, TBD */
	DERItem		thisUpdate;		/* ASN_ANY, SAVE_DER */
	DERItem		nextUpdate;		/* ASN_ANY, SAVE_DER */
	DERItem		revokedCerts;	/* sequence of DERRevokedCert, optional */
	DERItem		extensions;		/* sequence, optional, EXPLICIT */
} DERTBSCrl;

/* DERItemSpecs to decode into a DERTBSCrl */
extern const DERItemSpec DERTBSCrlItemSpecs[];
extern const DERSize DERNumTBSCrlItemSpecs;

typedef struct {
	DERItem		serialNum;		/* integer */
	DERItem		revocationDate;	/* time - ASN_ANY, SAVE_DER */
	DERItem		extensions;		/* sequence, optional, EXPLICIT */
} DERRevokedCert;

/* DERItemSpecs to decode into a DERRevokedCert */
extern const DERItemSpec DERRevokedCertItemSpecs[];
extern const DERSize DERNumRevokedCertItemSpecs;

__END_DECLS

#endif	/* _DER_CERT_CRL_H_ */
Commit	Line	Data
d8f41ccd	1	/*
fa7225c8	2	* Copyright (c) 2005-2016 Apple Inc. All Rights Reserved.
d8f41ccd A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
b1ab9ed8 A	24
	25	/*
	26	* DER_CertCrl.h - support for decoding X509 certificates and CRLs
	27	*
b1ab9ed8 A	28	*/
	29
	30	#ifndef _DER_CERT_CRL_H_
	31	#define _DER_CERT_CRL_H_
	32
b1ab9ed8 A	33	#include <libDER/libDER.h>
	34	#include <libDER/DER_Decode.h>
	35
fa7225c8 A	36	__BEGIN_DECLS
fa7225c8 A	37
b1ab9ed8 A	38	/*
	39	* Top level cert or CRL - the two are identical at this level - three
	40	* components. The tbs field is saved in full DER form for sig verify.
	41	*/
	42	typedef struct {
	43	DERItem tbs; /* sequence, DERTBSCert, DER_DEC_SAVE_DER */
	44	DERItem sigAlg; /* sequence, DERAlgorithmId */
	45	DERItem sig; /* bit string */
	46	} DERSignedCertCrl;
	47
	48	/* DERItemSpecs to decode into a DERSignedCertCrl */
	49	extern const DERItemSpec DERSignedCertCrlItemSpecs[];
	50	extern const DERSize DERNumSignedCertCrlItemSpecs;
	51
	52	/* TBS cert components */
	53	typedef struct {
	54	DERItem version; /* integer, optional, EXPLICIT */
	55	DERItem serialNum; /* integer */
	56	DERItem tbsSigAlg; /* sequence, DERAlgorithmId */
	57	DERItem issuer; /* sequence, TBD */
	58	DERItem validity; /* sequence, DERValidity */
	59	DERItem subject; /* sequence, TBD */
	60	DERItem subjectPubKey; /* sequence, DERSubjPubKeyInfo */
	61	DERItem issuerID; /* bit string, optional */
	62	DERItem subjectID; /* bit string, optional */
	63	DERItem extensions; /* sequence, optional, EXPLICIT */
	64	} DERTBSCert;
	65
	66	/* DERItemSpecs to decode into a DERTBSCert */
	67	extern const DERItemSpec DERTBSCertItemSpecs[];
	68	extern const DERSize DERNumTBSCertItemSpecs;
	69
	70	/*
	71	* validity - components can be either UTC or generalized time.
	72	* Both are ASN_ANY with DER_DEC_SAVE_DER.
	73	*/
	74	typedef struct {
	75	DERItem notBefore;
	76	DERItem notAfter;
	77	} DERValidity;
	78
	79	/* DERItemSpecs to decode into a DERValidity */
	80	extern const DERItemSpec DERValidityItemSpecs[];
	81	extern const DERSize DERNumValidityItemSpecs;
	82
	83	/* AttributeTypeAndValue components. */
	84	typedef struct {
	85	DERItem type;
	86	DERItem value;
	87	} DERAttributeTypeAndValue;
	88
	89	/* DERItemSpecs to decode into DERAttributeTypeAndValue */
	90	extern const DERItemSpec DERAttributeTypeAndValueItemSpecs[];
	91	extern const DERSize DERNumAttributeTypeAndValueItemSpecs;
	92
	93	/* Extension components */
	94	typedef struct {
	95	DERItem extnID;
	96	DERItem critical;
	97	DERItem extnValue;
	98	} DERExtension;
	99
	100	/* DERItemSpecs to decode into DERExtension */
	101	extern const DERItemSpec DERExtensionItemSpecs[];
102	extern const DERSize DERNumExtensionItemSpecs;
103
104	/* BasicConstraints components. */
105	typedef struct {
106	DERItem cA;
107	DERItem pathLenConstraint;
108	} DERBasicConstraints;
109
110	/* DERItemSpecs to decode into DERBasicConstraints */
111	extern const DERItemSpec DERBasicConstraintsItemSpecs[];
112	extern const DERSize DERNumBasicConstraintsItemSpecs;
113
5c19dc3a A	114	/* NameConstraints components. */
	115	typedef struct {
	116	DERItem permittedSubtrees;
	117	DERItem excludedSubtrees;
	118	} DERNameConstraints;
	119
	120	/* DERItemSpecs to decode into a DERNameConstraints */
	121	extern const DERItemSpec DERNameConstraintsItemSpecs[];
	122	extern const DERSize DERNumNameConstraintsItemSpecs;
	123
	124	/* GeneralSubtree components. */
	125	typedef struct {
	126	DERItem generalName;
	127	DERItem minimum;
	128	DERItem maximum;
	129	} DERGeneralSubtree;
	130
	131	/* DERItemSpecs to decode into a DERGeneralSubtree */
	132	extern const DERItemSpec DERGeneralSubtreeItemSpecs[];
	133	extern const DERSize DERNumGeneralSubtreeItemSpecs;
	134
b1ab9ed8 A	135	/* PrivateKeyUsagePeriod components. */
	136	typedef struct {
	137	DERItem notBefore;
	138	DERItem notAfter;
	139	} DERPrivateKeyUsagePeriod;
	140
	141	/* DERItemSpecs to decode into a DERPrivateKeyUsagePeriod */
	142	extern const DERItemSpec DERPrivateKeyUsagePeriodItemSpecs[];
	143	extern const DERSize DERNumPrivateKeyUsagePeriodItemSpecs;
	144
	145	/* DistributionPoint components. */
	146	typedef struct {
	147	DERItem distributionPoint;
	148	DERItem reasons;
	149	DERItem cRLIssuer;
	150	} DERDistributionPoint;
	151
	152	/* DERItemSpecs to decode into a DERDistributionPoint */
	153	extern const DERItemSpec DERDistributionPointItemSpecs[];
	154	extern const DERSize DERNumDistributionPointItemSpecs;
	155
	156	/* PolicyInformation components. */
	157	typedef struct {
	158	DERItem policyIdentifier;
	159	DERItem policyQualifiers;
	160	} DERPolicyInformation;
	161
	162	/* DERItemSpecs to decode into a DERPolicyInformation */
	163	extern const DERItemSpec DERPolicyInformationItemSpecs[];
	164	extern const DERSize DERNumPolicyInformationItemSpecs;
	165
	166	/* PolicyQualifierInfo components. */
	167	typedef struct {
	168	DERItem policyQualifierID;
	169	DERItem qualifier;
	170	} DERPolicyQualifierInfo;
	171
	172	/* DERItemSpecs to decode into a DERPolicyQualifierInfo */
	173	extern const DERItemSpec DERPolicyQualifierInfoItemSpecs[];
	174	extern const DERSize DERNumPolicyQualifierInfoItemSpecs;
	175
	176	/* UserNotice components. */
	177	typedef struct {
	178	DERItem noticeRef;
	179	DERItem explicitText;
	180	} DERUserNotice;
	181
	182	/* DERItemSpecs to decode into a DERUserNotice */
	183	extern const DERItemSpec DERUserNoticeItemSpecs[];
	184	extern const DERSize DERNumUserNoticeItemSpecs;
	185
	186	/* NoticeReference components. */
	187	typedef struct {
	188	DERItem organization;
	189	DERItem noticeNumbers;
	190	} DERNoticeReference;
	191
	192	/* DERItemSpecs to decode into a DERNoticeReference */
	193	extern const DERItemSpec DERNoticeReferenceItemSpecs[];
	194	extern const DERSize DERNumNoticeReferenceItemSpecs;
	195
	196	/* PolicyMapping components. */
	197	typedef struct {
	198	DERItem issuerDomainPolicy;
199	DERItem subjectDomainPolicy;
200	} DERPolicyMapping;
201
202	/* DERItemSpecs to decode into a DERPolicyMapping */
203	extern const DERItemSpec DERPolicyMappingItemSpecs[];
204	extern const DERSize DERNumPolicyMappingItemSpecs;
205
206	/* AccessDescription components. */
207	typedef struct {
208	DERItem accessMethod;
209	DERItem accessLocation;
210	} DERAccessDescription;
211
212	/* DERItemSpecs to decode into a DERAccessDescription */
213	extern const DERItemSpec DERAccessDescriptionItemSpecs[];
214	extern const DERSize DERNumAccessDescriptionItemSpecs;
215
216	/* AuthorityKeyIdentifier components. */
217	typedef struct {
218	DERItem keyIdentifier;
219	DERItem authorityCertIssuer;
220	DERItem authorityCertSerialNumber;
221	} DERAuthorityKeyIdentifier;
222
223	/* DERItemSpecs to decode into a DERAuthorityKeyIdentifier */
224	extern const DERItemSpec DERAuthorityKeyIdentifierItemSpecs[];
225	extern const DERSize DERNumAuthorityKeyIdentifierItemSpecs;
226
227	/* OtherName components. */
228	typedef struct {
229	DERItem typeIdentifier;
230	DERItem value;
231	} DEROtherName;
232
233	/* DERItemSpecs to decode into a DEROtherName */
234	extern const DERItemSpec DEROtherNameItemSpecs[];
235	extern const DERSize DERNumOtherNameItemSpecs;
236
237	/* PolicyConstraints components. */
238	typedef struct {
239	DERItem requireExplicitPolicy;
240	DERItem inhibitPolicyMapping;
241	} DERPolicyConstraints;
242
243	/* DERItemSpecs to decode into a DERPolicyConstraints */
244	extern const DERItemSpec DERPolicyConstraintsItemSpecs[];
245	extern const DERSize DERNumPolicyConstraintsItemSpecs;
246
247	/* TBS CRL */
248	typedef struct {
249	DERItem version; /* integer, optional */
250	DERItem tbsSigAlg; /* sequence, DERAlgorithmId */
251	DERItem issuer; /* sequence, TBD */
252	DERItem thisUpdate; /* ASN_ANY, SAVE_DER */
253	DERItem nextUpdate; /* ASN_ANY, SAVE_DER */
254	DERItem revokedCerts; /* sequence of DERRevokedCert, optional */
255	DERItem extensions; /* sequence, optional, EXPLICIT */
256	} DERTBSCrl;
257
258	/* DERItemSpecs to decode into a DERTBSCrl */
259	extern const DERItemSpec DERTBSCrlItemSpecs[];
260	extern const DERSize DERNumTBSCrlItemSpecs;
261
262	typedef struct {
263	DERItem serialNum; /* integer */
264	DERItem revocationDate; /* time - ASN_ANY, SAVE_DER */
265	DERItem extensions; /* sequence, optional, EXPLICIT */
266	} DERRevokedCert;
267
268	/* DERItemSpecs to decode into a DERRevokedCert */
269	extern const DERItemSpec DERRevokedCertItemSpecs[];
270	extern const DERSize DERNumRevokedCertItemSpecs;
271
fa7225c8	272	__END_DECLS
b1ab9ed8 A	273
	274	#endif /* _DER_CERT_CRL_H_ */
	275