OSX/libsecurity_asn1/lib/X509Templates.h

   1 /*
   2  * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  *
  23  * X509Templates.h - X.509 Certificate and CRL ASN1 templates
  24  */
  25
  26 #ifndef _NSS_X509_TEMPLATES_H_
  27 #define _NSS_X509_TEMPLATES_H_
  28
  29 #include <Security/SecAsn1Types.h>
  30 #include <Security/nameTemplates.h>
  31
  32 /*
  33  * Arrays of SecAsn1Templates are always associated with a specific
  34  * C struct. We attempt to use C structs which are defined in CDSA
  35  * if at all possible; these always start with the CSSM_ prefix.
  36  * Otherwise we define the struct here, with an NSS_ prefix.
  37  * In either case, the name of the C struct is listed in comments
  38  * along with the extern declaration of the SecAsn1Template array.
  39  */
  40
  41 #ifdef  __cplusplus
  42 extern "C" {
  43 #endif
  44
  45 // MARK: --- X509 Validity support ---
  46
  47 /*
  48  * ASN Class : Validity
  49  * C struct  : NSS_Validity
  50  *
  51  * The low-level Time values, which are CHOICE of generalized
  52  * time or UTC time, still DER-encoded upon decoding of this object.
  53  */
  54 /*
  55  * The low-level time values are eitehr Generalized Time
  56  * (SEC_ASN1_GENERALIZED_TIME) or UTC time (SEC_ASN1_UTC_TIME).
  57  */
  58 typedef NSS_TaggedItem  NSS_Time;
  59
  60 typedef struct  {
  61     NSS_Time notBefore;
  62     NSS_Time notAfter;
  63 } NSS_Validity;
  64
  65 extern const SecAsn1Template kSecAsn1ValidityTemplate[];
  66
  67 // MARK: --- Certificate ---
  68
  69 /*
  70  * X509 cert extension
  71  * ASN Class : Extension
  72  * C struct  : NSS_CertExtension
  73  *
  74  * With a nontrivial amount of extension-specific processing,
  75  * this maps to a CSSM_X509_EXTENSION.
  76  */
  77 typedef struct {
  78     SecAsn1Item extnId;
  79     SecAsn1Item critical;               // optional, default = false
  80     SecAsn1Item value;          // OCTET string whose decoded value is
  81                                                         // an id-specific DER-encoded thing
  82 } NSS_CertExtension;
  83
  84 extern const SecAsn1Template kSecAsn1CertExtensionTemplate[];
  85 extern const SecAsn1Template kSecAsn1SequenceOfCertExtensionTemplate[];
  86
  87 #pragma clang diagnostic push
  88 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
  89
  90 /*
  91  * X.509 certificate object (the unsigned form)
  92  *
  93  * ASN class : TBSCertificate
  94  * C struct  : NSS_TBSCertificate
  95  */
  96 typedef struct  {
  97     SecAsn1Item                                                         version;                        // optional
  98     SecAsn1Item                                                         serialNumber;
  99     SecAsn1AlgId                signature;
 100     NSS_Name                                                    issuer;
 101     NSS_Validity                                                validity;
 102     NSS_Name                                                    subject;
 103     SecAsn1PubKeyInfo   subjectPublicKeyInfo;
 104     SecAsn1Item                                                         issuerID;                       // optional, BITS
 105     SecAsn1Item                                                         subjectID;                      // optional, BITS
 106     NSS_CertExtension                                   **extensions;           // optional
 107
 108         /*
 109          * Additional DER-encoded fields copied (via SEC_ASN1_SAVE)
 110          * during decoding.
 111          */
 112         SecAsn1Item                                                     derIssuer;
 113         SecAsn1Item                                                     derSubject;
 114 } NSS_TBSCertificate;
 115
 116 extern const SecAsn1Template kSecAsn1TBSCertificateTemplate[];
 117
 118 /*
 119  * Fully specified signed certificate.
 120  *
 121  * ASN class : Certificate
 122  * C struct  : NSS_Certificate
 123  */
 124 typedef struct {
 125         NSS_TBSCertificate                              tbs;
 126     SecAsn1AlgId        signatureAlgorithm;
 127     SecAsn1Item                                                 signature;// BIT STRING, length in bits
 128 } NSS_Certificate;
 129
 130 extern const SecAsn1Template kSecAsn1SignedCertTemplate[];
 131
 132 // MARK: --- CRL ---
 133
 134 /*
 135  * ASN class : revokedCertificate
 136  * C struct  : NSS_RevokedCert
 137  */
 138 typedef struct {
 139         SecAsn1Item                     userCertificate;        // serial number
 140         NSS_Time                        revocationDate;
 141     NSS_CertExtension   **extensions;           // optional
 142 } NSS_RevokedCert;
 143
 144 extern const SecAsn1Template kSecAsn1RevokedCertTemplate[];
 145 extern const SecAsn1Template kSecAsn1SequenceOfRevokedCertTemplate[];
 146
 147 /*
 148  * X509 Cert Revocation List (the unsigned form)
 149  * ASN class : TBSCertList
 150  * C struct  : NSS_TBSCrl
 151  */
 152 typedef struct {
 153     SecAsn1Item                                                         version;                // optional
 154     SecAsn1AlgId                signature;
 155     NSS_Name                                                    issuer;
 156     NSS_Time                                                    thisUpdate;
 157     NSS_Time                                                    nextUpdate;             // optional
 158         NSS_RevokedCert                                         **revokedCerts; // optional
 159     NSS_CertExtension                                   **extensions;   // optional
 160
 161         /*
 162          * Additional DER-encoded fields copied (via SEC_ASN1_SAVE)
 163          * during decoding.
 164          */
 165         SecAsn1Item                                                     derIssuer;
 166
 167 } NSS_TBSCrl;
 168
 169 extern const SecAsn1Template kSecAsn1TBSCrlTemplate[];
 170
 171 /*
 172  * Fully specified signed CRL.
 173  *
 174  * ASN class : CertificateList
 175  * C struct  : NSS_CRL
 176  */
 177 typedef struct {
 178         NSS_TBSCrl                                              tbs;
 179     SecAsn1AlgId        signatureAlgorithm;
 180     SecAsn1Item                                                 signature;// BIT STRING, length in bits
 181 } NSS_Crl;
 182
 183 extern const SecAsn1Template kSecAsn1SignedCrlTemplate[];
 184
 185 /*
 186  * signed data - top-level view of a signed Cert or CRL, for
 187  * signing and verifying only. Treats the TBS and AlgId portions
 188  * as opaque ASN_ANY blobs.
 189  */
 190 typedef struct {
 191     SecAsn1Item                                                 tbsBlob;  // ANY, DER encoded cert or CRL
 192     SecAsn1Item                                                 signatureAlgorithm;
 193     SecAsn1Item                                                 signature;// BIT STRING, length in bits
 194 } NSS_SignedCertOrCRL;
 195
 196 extern const SecAsn1Template kSecAsn1SignedCertOrCRLTemplate[];
 197
 198 #pragma clang diagnostic pop
 199
 200 #ifdef  __cplusplus
 201 }
 202 #endif
 203
 204 #endif  /* _NSS_X509_TEMPLATES_H_ */