Security/libsecurity_asn1/lib/X509Templates.h

   1 /*
   2  * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  *
  23  * X509Templates.h - X.509 Certificate and CRL ASN1 templates
  24  */
  25
  26 #ifndef _NSS_X509_TEMPLATES_H_
  27 #define _NSS_X509_TEMPLATES_H_
  28
  29 #include <Security/SecAsn1Types.h>
  30 #include <Security/nameTemplates.h>
  31
  32 /*
  33  * Arrays of SecAsn1Templates are always associated with a specific
  34  * C struct. We attempt to use C structs which are defined in CDSA
  35  * if at all possible; these always start with the CSSM_ prefix.
  36  * Otherwise we define the struct here, with an NSS_ prefix.
  37  * In either case, the name of the C struct is listed in comments
  38  * along with the extern declaration of the SecAsn1Template array.
  39  */
  40
  41 #ifdef  __cplusplus
  42 extern "C" {
  43 #endif
  44
  45 // MARK: --- X509 Validity support ---
  46
  47 /*
  48  * ASN Class : Validity
  49  * C struct  : NSS_Validity
  50  *
  51  * The low-level Time values, which are CHOICE of generalized
  52  * time or UTC time, still DER-encoded upon decoding of this object.
  53  */
  54 /*
  55  * The low-level time values are eitehr Generalized Time
  56  * (SEC_ASN1_GENERALIZED_TIME) or UTC time (SEC_ASN1_UTC_TIME).
  57  */
  58 typedef NSS_TaggedItem  NSS_Time;
  59
  60 typedef struct  {
  61     NSS_Time notBefore;
  62     NSS_Time notAfter;
  63 } NSS_Validity;
  64
  65 extern const SecAsn1Template kSecAsn1ValidityTemplate[];
  66
  67 // MARK: --- Certificate ---
  68
  69 /*
  70  * X509 cert extension
  71  * ASN Class : Extension
  72  * C struct  : NSS_CertExtension
  73  *
  74  * With a nontrivial amount of extension-specific processing,
  75  * this maps to a CSSM_X509_EXTENSION.
  76  */
  77 typedef struct {
  78     SecAsn1Item extnId;
  79     SecAsn1Item critical;               // optional, default = false
  80     SecAsn1Item value;          // OCTET string whose decoded value is
  81                                                         // an id-specific DER-encoded thing
  82 } NSS_CertExtension;
  83
  84 extern const SecAsn1Template kSecAsn1CertExtensionTemplate[];
  85 extern const SecAsn1Template kSecAsn1SequenceOfCertExtensionTemplate[];
  86
  87 /*
  88  * X.509 certificate object (the unsigned form)
  89  *
  90  * ASN class : TBSCertificate
  91  * C struct  : NSS_TBSCertificate
  92  */
  93 typedef struct  {
  94     SecAsn1Item                                                         version;                        // optional
  95     SecAsn1Item                                                         serialNumber;
  96     SecAsn1AlgId                signature;
  97     NSS_Name                                                    issuer;
  98     NSS_Validity                                                validity;
  99     NSS_Name                                                    subject;
 100     SecAsn1PubKeyInfo   subjectPublicKeyInfo;
 101     SecAsn1Item                                                         issuerID;                       // optional, BITS
 102     SecAsn1Item                                                         subjectID;                      // optional, BITS
 103     NSS_CertExtension                                   **extensions;           // optional
 104
 105         /*
 106          * Additional DER-encoded fields copied (via SEC_ASN1_SAVE)
 107          * during decoding.
 108          */
 109         SecAsn1Item                                                     derIssuer;
 110         SecAsn1Item                                                     derSubject;
 111 } NSS_TBSCertificate;
 112
 113 extern const SecAsn1Template kSecAsn1TBSCertificateTemplate[];
 114
 115 /*
 116  * Fully specified signed certificate.
 117  *
 118  * ASN class : Certificate
 119  * C struct  : NSS_Certificate
 120  */
 121 typedef struct {
 122         NSS_TBSCertificate                              tbs;
 123     SecAsn1AlgId        signatureAlgorithm;
 124     SecAsn1Item                                                 signature;// BIT STRING, length in bits
 125 } NSS_Certificate;
 126
 127 extern const SecAsn1Template kSecAsn1SignedCertTemplate[];
 128
 129 // MARK: --- CRL ---
 130
 131 /*
 132  * ASN class : revokedCertificate
 133  * C struct  : NSS_RevokedCert
 134  */
 135 typedef struct {
 136         SecAsn1Item                     userCertificate;        // serial number
 137         NSS_Time                        revocationDate;
 138     NSS_CertExtension   **extensions;           // optional
 139 } NSS_RevokedCert;
 140
 141 extern const SecAsn1Template kSecAsn1RevokedCertTemplate[];
 142 extern const SecAsn1Template kSecAsn1SequenceOfRevokedCertTemplate[];
 143
 144 /*
 145  * X509 Cert Revocation List (the unsigned form)
 146  * ASN class : TBSCertList
 147  * C struct  : NSS_TBSCrl
 148  */
 149 typedef struct {
 150     SecAsn1Item                                                         version;                // optional
 151     SecAsn1AlgId                signature;
 152     NSS_Name                                                    issuer;
 153     NSS_Time                                                    thisUpdate;
 154     NSS_Time                                                    nextUpdate;             // optional
 155         NSS_RevokedCert                                         **revokedCerts; // optional
 156     NSS_CertExtension                                   **extensions;   // optional
 157
 158         /*
 159          * Additional DER-encoded fields copied (via SEC_ASN1_SAVE)
 160          * during decoding.
 161          */
 162         SecAsn1Item                                                     derIssuer;
 163
 164 } NSS_TBSCrl;
 165
 166 extern const SecAsn1Template kSecAsn1TBSCrlTemplate[];
 167
 168 /*
 169  * Fully specified signed CRL.
 170  *
 171  * ASN class : CertificateList
 172  * C struct  : NSS_CRL
 173  */
 174 typedef struct {
 175         NSS_TBSCrl                                              tbs;
 176     SecAsn1AlgId        signatureAlgorithm;
 177     SecAsn1Item                                                 signature;// BIT STRING, length in bits
 178 } NSS_Crl;
 179
 180 extern const SecAsn1Template kSecAsn1SignedCrlTemplate[];
 181
 182 /*
 183  * signed data - top-level view of a signed Cert or CRL, for
 184  * signing and verifying only. Treats the TBS and AlgId portions
 185  * as opaque ASN_ANY blobs.
 186  */
 187 typedef struct {
 188     SecAsn1Item                                                 tbsBlob;  // ANY, DER encoded cert or CRL
 189     SecAsn1Item                                                 signatureAlgorithm;
 190     SecAsn1Item                                                 signature;// BIT STRING, length in bits
 191 } NSS_SignedCertOrCRL;
 192
 193 extern const SecAsn1Template kSecAsn1SignedCertOrCRLTemplate[];
 194
 195 #ifdef  __cplusplus
 196 }
 197 #endif
 198
 199 #endif  /* _NSS_X509_TEMPLATES_H_ */