]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/lib/tsaTemplates.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.1.32.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / tsaTemplates.c
1 /*
2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 * tsaTemplates.c - ASN1 templates Time Stamping Authority requests and responses
24 */
25
26 #include <security_asn1/keyTemplates.h> /* for kSecAsn1AlgorithmIDTemplate */
27 #include <security_asn1/SecAsn1Templates.h>
28 #include <stddef.h>
29 #include <assert.h>
30
31 #include "tsaTemplates.h"
32 #include "cmslocal.h"
33
34 #pragma clang diagnostic push
35 #pragma clang diagnostic ignored "-Wunused-const-variable"
36
37 // *** from CMSEncoder.cpp
38
39 typedef struct {
40 CSSM_OID contentType;
41 CSSM_DATA content;
42 } SimpleContentInfo;
43
44 // SecCmsContentInfoTemplate
45 static const SecAsn1Template cmsSimpleContentInfoTemplate[] = {
46 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SimpleContentInfo) },
47 { SEC_ASN1_OBJECT_ID, offsetof(SimpleContentInfo, contentType) },
48 { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
49 offsetof(SimpleContentInfo, content),
50 kSecAsn1AnyTemplate },
51 { 0, }
52 };
53
54 #pragma mark ----- tsa -----
55
56 /*
57 Accuracy ::= SEQUENCE {
58 seconds INTEGER OPTIONAL,
59 millis [0] INTEGER (1..999) OPTIONAL,
60 micros [1] INTEGER (1..999) OPTIONAL }
61 */
62
63 const SecAsn1Template kSecAsn1SignedIntegerTemplate[] = {
64 { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT, 0, NULL, sizeof(SecAsn1Item) }
65 };
66
67 const SecAsn1Template kSecAsn1UnsignedIntegerTemplate[] = {
68 { SEC_ASN1_INTEGER, 0, NULL, sizeof(SecAsn1Item) }
69 };
70
71 const SecAsn1Template kSecAsn1TSAAccuracyTemplate[] = {
72 { SEC_ASN1_SEQUENCE,
73 0, NULL, sizeof(SecAsn1TSAAccuracy) },
74 { SEC_ASN1_INTEGER,
75 offsetof(SecAsn1TSAAccuracy, seconds) },
76 { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_OPTIONAL,
77 offsetof(SecAsn1TSAAccuracy, millis), kSecAsn1UnsignedIntegerTemplate },
78 { SEC_ASN1_CONTEXT_SPECIFIC | 1 | SEC_ASN1_OPTIONAL,
79 offsetof(SecAsn1TSAAccuracy, micros), kSecAsn1UnsignedIntegerTemplate },
80 { 0 }
81 };
82
83 /*
84 MessageImprint ::= SEQUENCE {
85 hashAlgorithm AlgorithmIdentifier,
86 hashedMessage OCTET STRING }
87 */
88
89 const SecAsn1Template kSecAsn1TSAMessageImprintTemplate[] = {
90 { SEC_ASN1_SEQUENCE,
91 0, NULL, sizeof(SecAsn1TSAMessageImprint) },
92 { SEC_ASN1_INLINE, offsetof(SecAsn1TSAMessageImprint,hashAlgorithm),
93 kSecAsn1AlgorithmIDTemplate },
94 { SEC_ASN1_OCTET_STRING,
95 offsetof(SecAsn1TSAMessageImprint,hashedMessage) },
96 { 0 }
97 };
98
99 /*
100 TimeStampReq ::= SEQUENCE {
101 version INTEGER { v1(1) },
102 messageImprint MessageImprint,
103 --a hash algorithm OID and the hash value of the data to be
104 --time-stamped
105 reqPolicy TSAPolicyId OPTIONAL,
106 nonce INTEGER OPTIONAL,
107 certReq BOOLEAN DEFAULT FALSE,
108 extensions [0] IMPLICIT Extensions OPTIONAL }
109
110 MessageImprint ::= SEQUENCE {
111 hashAlgorithm AlgorithmIdentifier,
112 hashedMessage OCTET STRING }
113
114 TSAPolicyId ::= OBJECT IDENTIFIER
115 */
116
117 const SecAsn1Template kSecAsn1TSATimeStampReqTemplate[] = {
118 { SEC_ASN1_SEQUENCE,
119 0, NULL, sizeof(SecAsn1TSATimeStampReq) },
120 { SEC_ASN1_INTEGER,
121 offsetof(SecAsn1TSATimeStampReq, version) },
122 { SEC_ASN1_INLINE, offsetof(SecAsn1TSATimeStampReq,messageImprint),
123 kSecAsn1TSAMessageImprintTemplate },
124 { SEC_ASN1_OBJECT_ID | SEC_ASN1_OPTIONAL,
125 offsetof(SecAsn1TSATimeStampReq,reqPolicy) },
126 { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL,
127 offsetof(SecAsn1TSATimeStampReq, nonce) },
128 { SEC_ASN1_BOOLEAN | SEC_ASN1_OPTIONAL,
129 offsetof(SecAsn1TSATimeStampReq, certReq) },
130 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
131 offsetof(SecAsn1TSATimeStampReq, extensions),
132 kSecAsn1SequenceOfCertExtensionTemplate },
133 { 0 }
134 };
135
136 /*
137 PKIFreeText ::= SEQUENCE {
138 SIZE (1..MAX) OF UTF8String
139 -- text encoded as UTF-8 String (note: each UTF8String SHOULD
140 -- include an RFC 1766 language tag to indicate the language -- of the contained text)
141 }
142
143 See e.g. kSecAsn1SequenceOfUTF8StringTemplate
144 */
145
146 const SecAsn1Template kSecAsn1TSAPKIStatusInfoTemplate[] = {
147 { SEC_ASN1_SEQUENCE,
148 0, NULL, sizeof(SecAsn1TSAPKIStatusInfo) },
149 { SEC_ASN1_INTEGER,
150 offsetof(SecAsn1TSAPKIStatusInfo, status) },
151 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_SEQUENCE | SEC_ASN1_OPTIONAL,
152 offsetof(SecAsn1TSAPKIStatusInfo, statusString) },
153 { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL,
154 offsetof(SecAsn1TSAPKIStatusInfo,failInfo) },
155 { 0 }
156 };
157
158 const SecAsn1Template kSecAsn1TSAPKIStatusInfoTemplateRFC3161[] = {
159 { SEC_ASN1_SEQUENCE,
160 0, NULL, sizeof(SecAsn1TSAPKIStatusInfo) },
161 { SEC_ASN1_INTEGER,
162 offsetof(SecAsn1TSAPKIStatusInfo, status) },
163 { SEC_ASN1_UTF8_STRING | SEC_ASN1_OPTIONAL,
164 offsetof(SecAsn1TSAPKIStatusInfo, statusString) },
165 { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL,
166 offsetof(SecAsn1TSAPKIStatusInfo,failInfo) },
167 { 0 }
168 };
169
170 #if 0
171 const SecAsn1Template kSecAsn1TSATimeStampRespTemplate[] = {
172 { SEC_ASN1_SEQUENCE,
173 0, NULL, sizeof(SecAsn1TimeStampResp) },
174 { SEC_ASN1_INLINE, offsetof(SecAsn1TimeStampResp,status),
175 kSecAsn1TSAPKIStatusInfoTemplate },
176 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, offsetof(SecAsn1TimeStampResp,timeStampToken),
177 SecCmsContentInfoTemplate },
178 { 0 }
179 };
180 #endif
181
182 // Decode the status but not the TimeStampToken
183 const SecAsn1Template kSecAsn1TSATimeStampRespTemplateDER[] = {
184 { SEC_ASN1_SEQUENCE,
185 0, NULL, sizeof(SecAsn1TimeStampRespDER) },
186 { SEC_ASN1_INLINE, offsetof(SecAsn1TimeStampRespDER,status),
187 kSecAsn1TSAPKIStatusInfoTemplate },
188 { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL ,//| SEC_ASN1_SAVE,
189 offsetof(SecAsn1TimeStampRespDER, timeStampTokenDER), kSecAsn1AnyTemplate },
190 { 0 }
191 };
192
193 /*
194 RFC 3161 Time-Stamp Protocol (TSP) August 2001
195
196 TimeStampToken ::= ContentInfo
197
198 -- contentType is id-signedData as defined in [CMS]
199 -- content is SignedData as defined in([CMS])
200 -- eContentType within SignedData is id-ct-TSTInfo
201 -- eContent within SignedData is TSTInfo
202
203 TSTInfo ::= SEQUENCE {
204 version INTEGER { v1(1) },
205 policy TSAPolicyId,
206 messageImprint MessageImprint,
207 -- MUST have the same value as the similar field in
208 -- TimeStampReq
209 serialNumber INTEGER,
210 -- Time-Stamping users MUST be ready to accommodate integers
211 -- up to 160 bits.
212 genTime GeneralizedTime,
213 accuracy Accuracy OPTIONAL,
214 ordering BOOLEAN DEFAULT FALSE,
215 nonce INTEGER OPTIONAL,
216 -- MUST be present if the similar field was present
217 -- in TimeStampReq. In that case it MUST have the same value.
218 tsa [0] GeneralName OPTIONAL,
219 extensions [1] IMPLICIT Extensions OPTIONAL }
220
221 Accuracy ::= SEQUENCE {
222 seconds INTEGER OPTIONAL,
223 millis [0] INTEGER (1..999) OPTIONAL,
224 micros [1] INTEGER (1..999) OPTIONAL }
225 */
226
227 const SecAsn1Template kSecAsn1TSATSTInfoTemplate[] = {
228 { SEC_ASN1_SEQUENCE,
229 0, NULL, sizeof(SecAsn1TSATSTInfo) },
230 { SEC_ASN1_INTEGER,
231 offsetof(SecAsn1TSATSTInfo, version) },
232 { SEC_ASN1_OBJECT_ID,
233 offsetof(SecAsn1TSATSTInfo,reqPolicy) },
234 { SEC_ASN1_INLINE, offsetof(SecAsn1TSATSTInfo,messageImprint),
235 kSecAsn1TSAMessageImprintTemplate },
236 { SEC_ASN1_INTEGER,
237 offsetof(SecAsn1TSATSTInfo, serialNumber) },
238 { SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM,
239 offsetof(SecAsn1TSATSTInfo,genTime) },
240 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
241 offsetof(SecAsn1TSATSTInfo,accuracy),
242 kSecAsn1TSAAccuracyTemplate },
243 { SEC_ASN1_BOOLEAN | SEC_ASN1_OPTIONAL,
244 offsetof(SecAsn1TSATSTInfo, ordering) },
245 { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL,
246 offsetof(SecAsn1TSATSTInfo, nonce) },
247 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_OPTIONAL,
248 offsetof(SecAsn1TSATSTInfo, tsa),
249 kSecAsn1GenNameOtherNameTemplate},
250
251 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1 | SEC_ASN1_OPTIONAL,
252 offsetof(SecAsn1TSATSTInfo, extensions),
253 kSecAsn1CertExtensionTemplate },
254 { 0 }
255 };
256
257 #pragma clang diagnostic pop
mirror of Security