]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_asn1/lib/X509Templates.c
Security-57337.20.44.tar.gz
[apple/security.git] / OSX / libsecurity_asn1 / lib / X509Templates.c
1 /*
2 * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 * X509Templates.c - Common ASN1 templates for use with libNSSDer.
24 */
25
26 #include "SecAsn1Templates.h"
27 #include "X509Templates.h"
28 #include "keyTemplates.h"
29 #include <assert.h>
30 #include <stddef.h>
31
32 /*
33 * Validity
34 */
35 /*
36 * NSS_Time Template chooser.
37 */
38 static const NSS_TagChoice timeChoices[] = {
39 { SEC_ASN1_GENERALIZED_TIME, kSecAsn1GeneralizedTimeTemplate} ,
40 { SEC_ASN1_UTC_TIME, kSecAsn1UTCTimeTemplate },
41 { 0, NULL}
42 };
43
44 static const SecAsn1Template * NSS_TimeChooser(
45 void *arg,
46 Boolean enc,
47 const char *buf,
48 size_t len,
49 void *dest)
50 {
51 return SecAsn1TaggedTemplateChooser(arg, enc, buf, len, dest, timeChoices);
52 }
53
54 static const SecAsn1TemplateChooserPtr NSS_TimeChooserPtr = NSS_TimeChooser;
55
56 const SecAsn1Template kSecAsn1ValidityTemplate[] = {
57 { SEC_ASN1_SEQUENCE,
58 0, NULL, sizeof(NSS_Validity) },
59 { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
60 offsetof(NSS_Validity,notBefore.item),
61 &NSS_TimeChooserPtr },
62 { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
63 offsetof(NSS_Validity,notAfter.item),
64 &NSS_TimeChooserPtr },
65 { 0 }
66 };
67
68 /* X509 cert extension */
69 const SecAsn1Template kSecAsn1CertExtensionTemplate[] = {
70 { SEC_ASN1_SEQUENCE,
71 0, NULL, sizeof(NSS_CertExtension) },
72 { SEC_ASN1_OBJECT_ID,
73 offsetof(NSS_CertExtension,extnId) },
74 { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
75 offsetof(NSS_CertExtension,critical) },
76 { SEC_ASN1_OCTET_STRING,
77 offsetof(NSS_CertExtension,value) },
78 { 0, }
79 };
80
81 const SecAsn1Template kSecAsn1SequenceOfCertExtensionTemplate[] = {
82 { SEC_ASN1_SEQUENCE_OF, 0, kSecAsn1CertExtensionTemplate }
83 };
84
85 /* TBS Cert */
86 const SecAsn1Template kSecAsn1TBSCertificateTemplate[] = {
87 { SEC_ASN1_SEQUENCE,
88 0, NULL, sizeof(NSS_TBSCertificate) },
89 /* optional version, explicit tag 0, default 0 */
90 { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
91 SEC_ASN1_CONTEXT_SPECIFIC | 0, /* XXX DER_DEFAULT */
92 offsetof(NSS_TBSCertificate,version),
93 kSecAsn1IntegerTemplate },
94 /* serial number is SIGNED integer */
95 { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
96 offsetof(NSS_TBSCertificate,serialNumber) },
97 { SEC_ASN1_INLINE,
98 offsetof(NSS_TBSCertificate,signature),
99 kSecAsn1AlgorithmIDTemplate },
100 { SEC_ASN1_SAVE, offsetof(NSS_TBSCertificate,derIssuer) },
101 { SEC_ASN1_INLINE,
102 offsetof(NSS_TBSCertificate,issuer),
103 kSecAsn1NameTemplate },
104 { SEC_ASN1_INLINE,
105 offsetof(NSS_TBSCertificate,validity),
106 kSecAsn1ValidityTemplate },
107 { SEC_ASN1_SAVE, offsetof(NSS_TBSCertificate,derSubject) },
108 { SEC_ASN1_INLINE,
109 offsetof(NSS_TBSCertificate,subject),
110 kSecAsn1NameTemplate },
111 { SEC_ASN1_INLINE,
112 offsetof(NSS_TBSCertificate,subjectPublicKeyInfo),
113 kSecAsn1SubjectPublicKeyInfoTemplate },
114 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
115 offsetof(NSS_TBSCertificate,issuerID),
116 kSecAsn1BitStringTemplate },
117 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
118 offsetof(NSS_TBSCertificate,subjectID),
119 kSecAsn1BitStringTemplate },
120 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
121 SEC_ASN1_EXPLICIT | 3,
122 offsetof(NSS_TBSCertificate,extensions),
123 kSecAsn1SequenceOfCertExtensionTemplate },
124 { 0 }
125 };
126
127 /*
128 * For signing and verifying only, treating the TBS portion as an
129 * opaque ASN_ANY blob.
130 */
131 const SecAsn1Template kSecAsn1SignedCertOrCRLTemplate[] =
132 {
133 { SEC_ASN1_SEQUENCE,
134 0, NULL, sizeof(NSS_SignedCertOrCRL) },
135 { SEC_ASN1_ANY,
136 offsetof(NSS_SignedCertOrCRL,tbsBlob) },
137 { SEC_ASN1_ANY,
138 offsetof(NSS_SignedCertOrCRL,signatureAlgorithm) },
139 { SEC_ASN1_BIT_STRING,
140 offsetof(NSS_SignedCertOrCRL,signature) },
141 { 0 }
142 };
143
144 /* Fully specified signed certificate */
145 const SecAsn1Template kSecAsn1SignedCertTemplate[] =
146 {
147 { SEC_ASN1_SEQUENCE,
148 0, NULL, sizeof(NSS_Certificate) },
149 { SEC_ASN1_INLINE,
150 offsetof(NSS_Certificate,tbs),
151 kSecAsn1TBSCertificateTemplate },
152 { SEC_ASN1_INLINE,
153 offsetof(NSS_Certificate,signatureAlgorithm),
154 kSecAsn1AlgorithmIDTemplate },
155 { SEC_ASN1_BIT_STRING,
156 offsetof(NSS_Certificate,signature) },
157 { 0 }
158 };
159
160 /* Entry in CRL.revokedCerts */
161 const SecAsn1Template kSecAsn1RevokedCertTemplate[] = {
162 { SEC_ASN1_SEQUENCE,
163 0, NULL, sizeof(NSS_RevokedCert) },
164 /* serial number - signed itneger, just like in the actual cert */
165 { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
166 offsetof(NSS_RevokedCert,userCertificate) },
167 { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
168 offsetof(NSS_RevokedCert,revocationDate.item),
169 &NSS_TimeChooserPtr },
170 { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
171 offsetof(NSS_RevokedCert,extensions),
172 kSecAsn1CertExtensionTemplate },
173 { 0, }
174 };
175
176 const SecAsn1Template kSecAsn1SequenceOfRevokedCertTemplate[] = {
177 { SEC_ASN1_SEQUENCE_OF, 0, kSecAsn1RevokedCertTemplate }
178 };
179
180 /* NSS_TBSCrl (unsigned CRL) */
181 const SecAsn1Template kSecAsn1TBSCrlTemplate[] = {
182 { SEC_ASN1_SEQUENCE,
183 0, NULL, sizeof(NSS_TBSCrl) },
184 /* optional version, default 0 */
185 { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof (NSS_TBSCrl, version) },
186 { SEC_ASN1_INLINE,
187 offsetof(NSS_TBSCrl,signature),
188 kSecAsn1AlgorithmIDTemplate },
189 { SEC_ASN1_SAVE, offsetof(NSS_TBSCrl,derIssuer) },
190 { SEC_ASN1_INLINE,
191 offsetof(NSS_TBSCrl,issuer),
192 kSecAsn1NameTemplate },
193 { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
194 offsetof(NSS_TBSCrl,thisUpdate.item),
195 &NSS_TimeChooserPtr },
196 { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC | SEC_ASN1_OPTIONAL,
197 offsetof(NSS_TBSCrl,nextUpdate),
198 &NSS_TimeChooserPtr },
199 { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
200 offsetof(NSS_TBSCrl,revokedCerts),
201 kSecAsn1RevokedCertTemplate },
202 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
203 SEC_ASN1_EXPLICIT | 0,
204 offsetof(NSS_TBSCrl,extensions),
205 kSecAsn1SequenceOfCertExtensionTemplate },
206 { 0, }
207 };
208
209 /* Fully specified signed CRL */
210 const SecAsn1Template kSecAsn1SignedCrlTemplate[] =
211 {
212 { SEC_ASN1_SEQUENCE,
213 0, NULL, sizeof(NSS_Crl) },
214 { SEC_ASN1_INLINE,
215 offsetof(NSS_Crl,tbs),
216 kSecAsn1TBSCrlTemplate },
217 { SEC_ASN1_INLINE,
218 offsetof(NSS_Crl,signatureAlgorithm),
219 kSecAsn1AlgorithmIDTemplate },
220 { SEC_ASN1_BIT_STRING,
221 offsetof(NSS_Crl,signature) },
222 { 0 }
223 };