]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_pkcs12/lib/pkcs12Templates.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.51.3.tar.gz
[apple/security.git] / OSX / libsecurity_pkcs12 / lib / pkcs12Templates.cpp
1 /*
2 * Copyright (c) 2003-2004,2011,2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 /*
24 * pkcs12Templates.cpp
25 */
26
27 #include "pkcs12Templates.h"
28 #include "pkcs12Utils.h"
29 #include <security_asn1/nssUtils.h>
30 #include <Security/SecAsn1Templates.h>
31 #include <Security/oidsattr.h>
32
33 #pragma clang diagnostic push
34 #pragma clang diagnostic ignored "-Wunused-const-variable"
35
36
37 const SecAsn1Template NSS_P12_MacDataTemplate[] = {
38 { SEC_ASN1_SEQUENCE,
39 0, NULL, sizeof(NSS_P12_MacData) },
40 { SEC_ASN1_INLINE,
41 offsetof(NSS_P12_MacData,mac),
42 NSS_P7_DigestInfoTemplate },
43 { SEC_ASN1_OCTET_STRING,
44 offsetof(NSS_P12_MacData,macSalt) },
45 /* iterations is unsigned - right? */
46 { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL,
47 offsetof(NSS_P12_MacData,iterations) },
48 { 0, }
49 };
50
51 const SecAsn1Template pointerToMacDataTemplate[] = {
52 { SEC_ASN1_POINTER, 0, NSS_P12_MacDataTemplate }
53 };
54
55 /* raw PFX with unprocessed authSafe */
56 const SecAsn1Template NSS_P12_RawPFXTemplate[] = {
57 { SEC_ASN1_SEQUENCE,
58 0, NULL, sizeof(NSS_P12_RawPFX) },
59 { SEC_ASN1_INTEGER,
60 offsetof(NSS_P12_RawPFX,version) },
61 { SEC_ASN1_INLINE,
62 offsetof(NSS_P12_RawPFX, authSafe),
63 NSS_P7_RawContentInfoTemplate },
64 { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL,
65 offsetof(NSS_P12_RawPFX, macData),
66 NSS_P12_MacDataTemplate },
67 { 0, }
68 };
69
70 /* PFX with decoded authSafe */
71 extern const SecAsn1Template NSS_P12_DecodedPFXTemplate[] = {
72 { SEC_ASN1_SEQUENCE,
73 0, NULL, sizeof(NSS_P12_DecodedPFX) },
74 { SEC_ASN1_INTEGER,
75 offsetof(NSS_P12_DecodedPFX,version) },
76 { SEC_ASN1_INLINE,
77 offsetof(NSS_P12_DecodedPFX, authSafe),
78 NSS_P7_DecodedContentInfoTemplate },
79 { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL,
80 offsetof(NSS_P12_DecodedPFX, macData),
81 NSS_P12_MacDataTemplate },
82 { 0, }
83 };
84
85 /* AuthenticatedSafe */
86 const SecAsn1Template NSS_P12_AuthenticatedSafeTemplate[] = {
87 { SEC_ASN1_SEQUENCE_OF,
88 offsetof(NSS_P12_AuthenticatedSafe, info),
89 NSS_P7_DecodedContentInfoTemplate,
90 sizeof(NSS_P12_AuthenticatedSafe) }
91 };
92
93 /*
94 * Individual SafeBag type-specific templates here when we write 'em
95 */
96 const SecAsn1Template NSS_P12_PtrToShroudedKeyBagTemplate[] = {
97 { SEC_ASN1_POINTER, 0, kSecAsn1EncryptedPrivateKeyInfoTemplate }
98 };
99
100 /*
101 * CertBag via SEC_ASN1_DYNAMIC
102 */
103 static const SecAsn1Template * NSS_P12_CertBagChooser(
104 void *arg, // --> NSS_P12_CertBag
105 Boolean enc,
106 const char *buf,
107 size_t len,
108 void *dest) // --> NSS_P12_CertBag.bagValue
109 {
110 NSS_P12_CertBag *bag = (NSS_P12_CertBag *)arg;
111 const SecAsn1Template *templ = NULL;
112 NSS_P12_CertBagType type = CT_Unknown;
113 CSSM_OID *oid = &bag->bagType;
114
115 if(nssCompareCssmData(oid, &CSSMOID_PKCS9_X509Certificate)) {
116 templ = kSecAsn1OctetStringTemplate;
117 type = CT_X509;
118 }
119 else if(nssCompareCssmData(oid, &CSSMOID_PKCS9_SdsiCertificate)) {
120 templ = kSecAsn1IA5StringTemplate;
121 type = CT_SDSI;
122 }
123 else {
124 /* punt */
125 templ = kSecAsn1AnyTemplate;
126 }
127 if(!enc) {
128 bag->type = type;
129 }
130 return templ;
131 }
132
133 static const SecAsn1TemplateChooserPtr NSS_P12_CertBagChooserPtr =
134 NSS_P12_CertBagChooser;
135
136 const SecAsn1Template NSS_P12_CertBagTemplate[] = {
137 { SEC_ASN1_SEQUENCE,
138 0, NULL, sizeof(NSS_P12_CertBag) },
139 { SEC_ASN1_OBJECT_ID,
140 offsetof(NSS_P12_CertBag,bagType) },
141 /* these come in with a tag of 0xA0, context/constructed,
142 * though I don't know why they are flagged as constructed */
143 { SEC_ASN1_DYNAMIC | SEC_ASN1_CONTEXT_SPECIFIC |
144 SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 0,
145 offsetof(NSS_P12_CertBag, certValue),
146 &NSS_P12_CertBagChooserPtr },
147 { 0, }
148 };
149
150 const SecAsn1Template NSS_P12_PtrToCertBagTemplate[] = {
151 { SEC_ASN1_POINTER, 0, NSS_P12_CertBagTemplate }
152 };
153
154 /*
155 * CrlBag via SEC_ASN1_DYNAMIC
156 */
157 static const SecAsn1Template * NSS_P12_CrlBagChooser(
158 void *arg, // --> NSS_P12_CrlBag
159 Boolean enc,
160 const char *buf, // on decode, tag byte and length
161 size_t len,
162 void *dest) // --> NSS_P12_CertBag.bagValue
163 {
164 NSS_P12_CrlBag *bag = (NSS_P12_CrlBag *)arg;
165 const SecAsn1Template *templ = NULL;
166 NSS_P12_CrlBagType type = CRT_Unknown;
167 CSSM_OID *oid = &bag->bagType;
168
169 if(nssCompareCssmData(oid, &CSSMOID_PKCS9_X509Crl)) {
170 templ = kSecAsn1OctetStringTemplate;
171 type = CRT_X509;
172 }
173 else {
174 /* punt */
175 templ = kSecAsn1AnyTemplate;
176 }
177 if(!enc) {
178 bag->type = type;
179 }
180 return templ;
181 }
182
183 static const SecAsn1TemplateChooserPtr NSS_P12_CrlBagChooserPtr =
184 NSS_P12_CrlBagChooser;
185
186 const SecAsn1Template NSS_P12_CrlBagTemplate[] = {
187 { SEC_ASN1_SEQUENCE,
188 0, NULL, sizeof(NSS_P12_CrlBag) },
189 { SEC_ASN1_OBJECT_ID,
190 offsetof(NSS_P12_CrlBag,bagType) },
191 /* these come in with a tag of 0xA0, context/constructed,
192 * though I don't know why they are flagged as constructed */
193 { SEC_ASN1_DYNAMIC | SEC_ASN1_CONTEXT_SPECIFIC |
194 SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 0,
195 offsetof(NSS_P12_CrlBag, crlValue),
196 &NSS_P12_CrlBagChooserPtr },
197 { 0, }
198 };
199
200 const SecAsn1Template NSS_P12_PtrToCrlBagTemplate[] = {
201 { SEC_ASN1_POINTER, 0, NSS_P12_CrlBagTemplate }
202 };
203
204
205 /* the stub templates for unimplemented BagTypes */
206 #define NSS_P12_PtrToKeyBagTemplate kSecAsn1PointerToAnyTemplate
207 #define NSS_P12_PtrToSecretBagTemplate kSecAsn1PointerToAnyTemplate
208 #define NSS_P12_PtrToSafeContentsBagTemplate kSecAsn1PointerToAnyTemplate
209
210
211 /*
212 * SafeBag via SEC_ASN1_DYNAMIC
213 */
214 static const SecAsn1Template * NSS_P12_SafeBagChooser(
215 void *arg, // --> NSS_P12_SafeBag
216 Boolean enc,
217 const char *buf, // on decode, tag byte and length
218 size_t len,
219 void *dest) // --> NSS_P12_SafeBag.bagValue
220 {
221 NSS_P12_SafeBag *bag = (NSS_P12_SafeBag *)arg;
222 const SecAsn1Template *templ = NULL;
223 NSS_P12_SB_Type type = BT_None;
224 CSSM_OID *oid = &bag->bagId;
225
226 if(nssCompareCssmData(oid, &CSSMOID_PKCS12_keyBag)) {
227 templ = NSS_P12_PtrToKeyBagTemplate;
228 type = BT_KeyBag;
229 }
230 else if(nssCompareCssmData(oid, &CSSMOID_PKCS12_shroudedKeyBag)) {
231 templ = NSS_P12_PtrToShroudedKeyBagTemplate;
232 type = BT_ShroudedKeyBag;
233 }
234 else if(nssCompareCssmData(oid, &CSSMOID_PKCS12_certBag)) {
235 templ = NSS_P12_PtrToCertBagTemplate;
236 type = BT_CertBag;
237 }
238 else if(nssCompareCssmData(oid, &CSSMOID_PKCS12_crlBag)) {
239 templ = NSS_P12_PtrToCrlBagTemplate;
240 type = BT_CrlBag;
241 }
242 else if(nssCompareCssmData(oid, &CSSMOID_PKCS12_secretBag)) {
243 templ = NSS_P12_PtrToSecretBagTemplate;
244 type = BT_SecretBag;
245 }
246 else if(nssCompareCssmData(oid, &CSSMOID_PKCS12_safeContentsBag)) {
247 templ = NSS_P12_PtrToSafeContentsBagTemplate;
248 type = BT_SafeContentsBag;
249 }
250 /* add more here when we implement them */
251 else {
252 templ = kSecAsn1PointerToAnyTemplate;
253 }
254 if(!enc) {
255 bag->type = type;
256 }
257 return templ;
258 }
259
260 static const SecAsn1TemplateChooserPtr NSS_P12_SafeBagChooserPtr =
261 NSS_P12_SafeBagChooser;
262
263 const SecAsn1Template NSS_P12_SafeBagTemplate[] = {
264 { SEC_ASN1_SEQUENCE,
265 0, NULL, sizeof(NSS_P12_SafeBag) },
266 { SEC_ASN1_OBJECT_ID,
267 offsetof(NSS_P12_SafeBag,bagId) },
268 { SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED |
269 SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | 0,
270 offsetof(NSS_P12_SafeBag,bagValue),
271 &NSS_P12_SafeBagChooserPtr },
272 { SEC_ASN1_OPTIONAL | SEC_ASN1_SET_OF,
273 offsetof(NSS_P12_SafeBag,bagAttrs),
274 kSecAsn1AttributeTemplate },
275 { 0 }
276 };
277
278 const SecAsn1Template NSS_P12_SafeContentsTemplate[] = {
279 { SEC_ASN1_SEQUENCE_OF,
280 offsetof(NSS_P12_SafeContents, bags),
281 NSS_P12_SafeBagTemplate,
282 sizeof(NSS_P12_SafeContents) }
283 };
284
285 const SecAsn1Template NSS_P12_PBE_ParamsTemplate[] = {
286 { SEC_ASN1_SEQUENCE,
287 0, NULL, sizeof(NSS_P12_PBE_Params) },
288 { SEC_ASN1_OCTET_STRING,
289 offsetof(NSS_P12_PBE_Params,salt) },
290 /* iterations is unsigned - right? */
291 { SEC_ASN1_INTEGER,
292 offsetof(NSS_P12_PBE_Params,iterations) },
293 { 0 }
294 };
295
296 #pragma clang diagnostic pop
mirror of Security