2 * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
23 * X509Templates.c - Common ASN1 templates for use with libNSSDer.
26 #include "SecAsn1Templates.h"
27 #include "X509Templates.h"
28 #include "keyTemplates.h"
36 * NSS_Time Template chooser.
38 static const NSS_TagChoice timeChoices
[] = {
39 { SEC_ASN1_GENERALIZED_TIME
, kSecAsn1GeneralizedTimeTemplate
} ,
40 { SEC_ASN1_UTC_TIME
, kSecAsn1UTCTimeTemplate
},
44 static const SecAsn1Template
* NSS_TimeChooser(
51 return SecAsn1TaggedTemplateChooser(arg
, enc
, buf
, len
, dest
, timeChoices
);
54 static const SecAsn1TemplateChooserPtr NSS_TimeChooserPtr
= NSS_TimeChooser
;
56 const SecAsn1Template kSecAsn1ValidityTemplate
[] = {
58 0, NULL
, sizeof(NSS_Validity
) },
59 { SEC_ASN1_INLINE
| SEC_ASN1_DYNAMIC
,
60 offsetof(NSS_Validity
,notBefore
.item
),
61 &NSS_TimeChooserPtr
},
62 { SEC_ASN1_INLINE
| SEC_ASN1_DYNAMIC
,
63 offsetof(NSS_Validity
,notAfter
.item
),
64 &NSS_TimeChooserPtr
},
68 /* X509 cert extension */
69 const SecAsn1Template kSecAsn1CertExtensionTemplate
[] = {
71 0, NULL
, sizeof(NSS_CertExtension
) },
73 offsetof(NSS_CertExtension
,extnId
) },
74 { SEC_ASN1_OPTIONAL
| SEC_ASN1_BOOLEAN
, /* XXX DER_DEFAULT */
75 offsetof(NSS_CertExtension
,critical
) },
76 { SEC_ASN1_OCTET_STRING
,
77 offsetof(NSS_CertExtension
,value
) },
81 const SecAsn1Template kSecAsn1SequenceOfCertExtensionTemplate
[] = {
82 { SEC_ASN1_SEQUENCE_OF
, 0, kSecAsn1CertExtensionTemplate
}
86 const SecAsn1Template kSecAsn1TBSCertificateTemplate
[] = {
88 0, NULL
, sizeof(NSS_TBSCertificate
) },
89 /* optional version, explicit tag 0, default 0 */
90 { SEC_ASN1_EXPLICIT
| SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
|
91 SEC_ASN1_CONTEXT_SPECIFIC
| 0, /* XXX DER_DEFAULT */
92 offsetof(NSS_TBSCertificate
,version
),
93 kSecAsn1IntegerTemplate
},
94 /* serial number is SIGNED integer */
95 { SEC_ASN1_INTEGER
| SEC_ASN1_SIGNED_INT
,
96 offsetof(NSS_TBSCertificate
,serialNumber
) },
98 offsetof(NSS_TBSCertificate
,signature
),
99 kSecAsn1AlgorithmIDTemplate
},
100 { SEC_ASN1_SAVE
, offsetof(NSS_TBSCertificate
,derIssuer
) },
102 offsetof(NSS_TBSCertificate
,issuer
),
103 kSecAsn1NameTemplate
},
105 offsetof(NSS_TBSCertificate
,validity
),
106 kSecAsn1ValidityTemplate
},
107 { SEC_ASN1_SAVE
, offsetof(NSS_TBSCertificate
,derSubject
) },
109 offsetof(NSS_TBSCertificate
,subject
),
110 kSecAsn1NameTemplate
},
112 offsetof(NSS_TBSCertificate
,subjectPublicKeyInfo
),
113 kSecAsn1SubjectPublicKeyInfoTemplate
},
114 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
| 1,
115 offsetof(NSS_TBSCertificate
,issuerID
),
116 kSecAsn1BitStringTemplate
},
117 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
| 2,
118 offsetof(NSS_TBSCertificate
,subjectID
),
119 kSecAsn1BitStringTemplate
},
120 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
121 SEC_ASN1_EXPLICIT
| 3,
122 offsetof(NSS_TBSCertificate
,extensions
),
123 kSecAsn1SequenceOfCertExtensionTemplate
},
128 * For signing and verifying only, treating the TBS portion as an
129 * opaque ASN_ANY blob.
131 const SecAsn1Template kSecAsn1SignedCertOrCRLTemplate
[] =
134 0, NULL
, sizeof(NSS_SignedCertOrCRL
) },
136 offsetof(NSS_SignedCertOrCRL
,tbsBlob
) },
138 offsetof(NSS_SignedCertOrCRL
,signatureAlgorithm
) },
139 { SEC_ASN1_BIT_STRING
,
140 offsetof(NSS_SignedCertOrCRL
,signature
) },
144 /* Fully specified signed certificate */
145 const SecAsn1Template kSecAsn1SignedCertTemplate
[] =
148 0, NULL
, sizeof(NSS_Certificate
) },
150 offsetof(NSS_Certificate
,tbs
),
151 kSecAsn1TBSCertificateTemplate
},
153 offsetof(NSS_Certificate
,signatureAlgorithm
),
154 kSecAsn1AlgorithmIDTemplate
},
155 { SEC_ASN1_BIT_STRING
,
156 offsetof(NSS_Certificate
,signature
) },
160 /* Entry in CRL.revokedCerts */
161 const SecAsn1Template kSecAsn1RevokedCertTemplate
[] = {
163 0, NULL
, sizeof(NSS_RevokedCert
) },
164 /* serial number - signed itneger, just like in the actual cert */
165 { SEC_ASN1_INTEGER
| SEC_ASN1_SIGNED_INT
,
166 offsetof(NSS_RevokedCert
,userCertificate
) },
167 { SEC_ASN1_INLINE
| SEC_ASN1_DYNAMIC
,
168 offsetof(NSS_RevokedCert
,revocationDate
.item
),
169 &NSS_TimeChooserPtr
},
170 { SEC_ASN1_OPTIONAL
| SEC_ASN1_SEQUENCE_OF
,
171 offsetof(NSS_RevokedCert
,extensions
),
172 kSecAsn1CertExtensionTemplate
},
176 const SecAsn1Template kSecAsn1SequenceOfRevokedCertTemplate
[] = {
177 { SEC_ASN1_SEQUENCE_OF
, 0, kSecAsn1RevokedCertTemplate
}
180 /* NSS_TBSCrl (unsigned CRL) */
181 const SecAsn1Template kSecAsn1TBSCrlTemplate
[] = {
183 0, NULL
, sizeof(NSS_TBSCrl
) },
184 /* optional version, default 0 */
185 { SEC_ASN1_INTEGER
| SEC_ASN1_OPTIONAL
, offsetof (NSS_TBSCrl
, version
) },
187 offsetof(NSS_TBSCrl
,signature
),
188 kSecAsn1AlgorithmIDTemplate
},
189 { SEC_ASN1_SAVE
, offsetof(NSS_TBSCrl
,derIssuer
) },
191 offsetof(NSS_TBSCrl
,issuer
),
192 kSecAsn1NameTemplate
},
193 { SEC_ASN1_INLINE
| SEC_ASN1_DYNAMIC
,
194 offsetof(NSS_TBSCrl
,thisUpdate
.item
),
195 &NSS_TimeChooserPtr
},
196 { SEC_ASN1_INLINE
| SEC_ASN1_DYNAMIC
| SEC_ASN1_OPTIONAL
,
197 offsetof(NSS_TBSCrl
,nextUpdate
),
198 &NSS_TimeChooserPtr
},
199 { SEC_ASN1_OPTIONAL
| SEC_ASN1_SEQUENCE_OF
,
200 offsetof(NSS_TBSCrl
,revokedCerts
),
201 kSecAsn1RevokedCertTemplate
},
202 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
203 SEC_ASN1_EXPLICIT
| 0,
204 offsetof(NSS_TBSCrl
,extensions
),
205 kSecAsn1SequenceOfCertExtensionTemplate
},
209 /* Fully specified signed CRL */
210 const SecAsn1Template kSecAsn1SignedCrlTemplate
[] =
213 0, NULL
, sizeof(NSS_Crl
) },
215 offsetof(NSS_Crl
,tbs
),
216 kSecAsn1TBSCrlTemplate
},
218 offsetof(NSS_Crl
,signatureAlgorithm
),
219 kSecAsn1AlgorithmIDTemplate
},
220 { SEC_ASN1_BIT_STRING
,
221 offsetof(NSS_Crl
,signature
) },