]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_asn1/lib/ocspTemplates.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59754.41.1.tar.gz
[apple/security.git] / OSX / libsecurity_asn1 / lib / ocspTemplates.c
1 /*
2 * Copyright (c) 2003-2006,2008-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 * ocspTemplates.cpp - ASN1 templates OCSP requests and responses.
24 */
25
26 #include "ocspTemplates.h"
27 #include "keyTemplates.h" /* for kSecAsn1AlgorithmIDTemplate */
28 #include "SecAsn1Templates.h"
29 #include <stddef.h>
30
31 // MARK: ----- OCSP Request -----
32
33 const SecAsn1Template kSecAsn1OCSPCertIDTemplate[] = {
34 { SEC_ASN1_SEQUENCE,
35 0, NULL, sizeof(SecAsn1OCSPCertID) },
36 { SEC_ASN1_INLINE,
37 offsetof(SecAsn1OCSPCertID, algId),
38 kSecAsn1AlgorithmIDTemplate },
39 { SEC_ASN1_OCTET_STRING, offsetof(SecAsn1OCSPCertID, issuerNameHash) },
40 { SEC_ASN1_OCTET_STRING, offsetof(SecAsn1OCSPCertID, issuerPubKeyHash) },
41 /* serial number is SIGNED integer */
42 { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
43 offsetof(SecAsn1OCSPCertID, serialNumber) },
44 { 0 }
45 };
46
47 const SecAsn1Template kSecAsn1OCSPRequestTemplate[] = {
48 { SEC_ASN1_SEQUENCE,
49 0, NULL, sizeof(SecAsn1OCSPRequest) },
50 { SEC_ASN1_INLINE,
51 offsetof(SecAsn1OCSPRequest, reqCert),
52 kSecAsn1OCSPCertIDTemplate },
53 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
54 SEC_ASN1_EXPLICIT | 0,
55 offsetof(SecAsn1OCSPRequest, extensions),
56 kSecAsn1SequenceOfCertExtensionTemplate },
57 { 0 }
58 };
59
60 const SecAsn1Template kSecAsn1OCSPSignatureTemplate[] = {
61 { SEC_ASN1_SEQUENCE,
62 0, NULL, sizeof(SecAsn1OCSPSignature) },
63 { SEC_ASN1_INLINE,
64 offsetof(SecAsn1OCSPSignature, algId),
65 kSecAsn1AlgorithmIDTemplate },
66 { SEC_ASN1_BIT_STRING, offsetof(SecAsn1OCSPSignature, sig) },
67 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
68 SEC_ASN1_EXPLICIT | 0,
69 offsetof(SecAsn1OCSPSignature, certs),
70 kSecAsn1SequenceOfAnyTemplate },
71 { 0 }
72 };
73
74 const SecAsn1Template kSecAsn1OCSPTbsRequestTemplate[] = {
75 { SEC_ASN1_SEQUENCE,
76 0, NULL, sizeof(SecAsn1OCSPTbsRequest) },
77 /* optional version, explicit tag 0, default 0 */
78 { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
79 SEC_ASN1_CONTEXT_SPECIFIC | 0,
80 offsetof(SecAsn1OCSPTbsRequest, version),
81 kSecAsn1PointerToIntegerTemplate },
82 { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
83 SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 1,
84 offsetof(SecAsn1OCSPTbsRequest, requestorName),
85 kSecAsn1GeneralNameTemplate },
86 { SEC_ASN1_SEQUENCE_OF,
87 offsetof(SecAsn1OCSPTbsRequest, requestList),
88 kSecAsn1OCSPRequestTemplate },
89 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
90 SEC_ASN1_EXPLICIT | 2,
91 offsetof(SecAsn1OCSPTbsRequest, requestExtensions),
92 kSecAsn1SequenceOfCertExtensionTemplate },
93 { 0 }
94 };
95
96 const SecAsn1Template kSecAsn1OCSPSignedRequestTemplate[] = {
97 { SEC_ASN1_SEQUENCE,
98 0, NULL, sizeof(SecAsn1OCSPSignedRequest) },
99 { SEC_ASN1_INLINE,
100 offsetof(SecAsn1OCSPSignedRequest, tbsRequest),
101 kSecAsn1OCSPTbsRequestTemplate },
102 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
103 SEC_ASN1_POINTER | SEC_ASN1_EXPLICIT | 0,
104 offsetof(SecAsn1OCSPSignedRequest, signature),
105 kSecAsn1OCSPSignatureTemplate },
106 { 0 }
107 };
108
109 // MARK: ----- OCSP Response -----
110
111 const SecAsn1Template kSecAsn1OCSPRevokedInfoTemplate[] = {
112 { SEC_ASN1_SEQUENCE,
113 0, NULL, sizeof(SecAsn1OCSPRevokedInfo) },
114 { SEC_ASN1_GENERALIZED_TIME, offsetof(SecAsn1OCSPRevokedInfo, revocationTime) },
115 { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
116 SEC_ASN1_CONTEXT_SPECIFIC | 0,
117 offsetof(SecAsn1OCSPRevokedInfo, revocationReason) ,
118 kSecAsn1PointerToEnumeratedTemplate },
119 { 0 }
120 };
121
122 /* three context-specific templates, app picks one of these */
123
124 /*
125 * Encode/decode CertStatus separately using one of these †hree templates.
126 * The result goes into SecAsn1OCSPSingleResponse.certStatus on encode.
127 */
128 const SecAsn1Template kSecAsn1OCSPCertStatusGoodTemplate[] = {
129 { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 0,
130 offsetof(SecAsn1OCSPCertStatus, nullData),
131 kSecAsn1NullTemplate }
132 };
133
134 const SecAsn1Template kSecAsn1OCSPCertStatusRevokedTemplate[] = {
135 { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,
136 offsetof(SecAsn1OCSPCertStatus, revokedInfo) ,
137 kSecAsn1OCSPRevokedInfoTemplate }
138 };
139
140 const SecAsn1Template kSecAsn1OCSPCertStatusUnknownTemplate[] = {
141 { SEC_ASN1_CONTEXT_SPECIFIC | 2,
142 offsetof(SecAsn1OCSPCertStatus, nullData),
143 kSecAsn1NullTemplate }
144 };
145
146 const SecAsn1Template kSecAsn1OCSPSingleResponseTemplate[] = {
147 { SEC_ASN1_SEQUENCE,
148 0, NULL, sizeof(SecAsn1OCSPSingleResponse) },
149 { SEC_ASN1_INLINE,
150 offsetof(SecAsn1OCSPSingleResponse, certID),
151 kSecAsn1OCSPCertIDTemplate },
152 { SEC_ASN1_ANY,
153 offsetof(SecAsn1OCSPSingleResponse, certStatus),
154 kSecAsn1AnyTemplate },
155 { SEC_ASN1_GENERALIZED_TIME, offsetof(SecAsn1OCSPSingleResponse, thisUpdate) },
156 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
157 SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_EXPLICIT | 0,
158 offsetof(SecAsn1OCSPSingleResponse, nextUpdate),
159 kSecAsn1PointerToGeneralizedTimeTemplate },
160 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
161 SEC_ASN1_EXPLICIT | 1,
162 offsetof(SecAsn1OCSPSingleResponse, singleExtensions),
163 kSecAsn1SequenceOfCertExtensionTemplate },
164 { 0 }
165 };
166
167 /*
168 * support for ResponderID CHOICE
169 */
170 const SecAsn1Template kSecAsn1OCSPResponderIDAsNameTemplate[] = {
171 { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
172 offsetof(SecAsn1OCSPResponderID, byName),
173 kSecAsn1AnyTemplate }
174 };
175
176 const SecAsn1Template kSecAsn1OCSPResponderIDAsKeyTemplate[] = {
177 { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
178 offsetof(SecAsn1OCSPResponderID, byKey),
179 kSecAsn1OctetStringTemplate }
180 };
181
182 const SecAsn1Template kSecAsn1OCSPResponseDataTemplate[] = {
183 { SEC_ASN1_SEQUENCE,
184 0, NULL, sizeof(SecAsn1OCSPResponseData) },
185 /* optional version, explicit tag 0, default 0 */
186 { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
187 SEC_ASN1_CONTEXT_SPECIFIC | 0,
188 offsetof(SecAsn1OCSPResponseData, version),
189 kSecAsn1PointerToIntegerTemplate },
190 { SEC_ASN1_ANY,
191 offsetof(SecAsn1OCSPResponseData, responderID),
192 kSecAsn1AnyTemplate },
193 { SEC_ASN1_GENERALIZED_TIME, offsetof(SecAsn1OCSPResponseData, producedAt) },
194 { SEC_ASN1_SEQUENCE_OF,
195 offsetof(SecAsn1OCSPResponseData, responses),
196 kSecAsn1OCSPSingleResponseTemplate },
197 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
198 SEC_ASN1_EXPLICIT | 1,
199 offsetof(SecAsn1OCSPResponseData, responseExtensions),
200 kSecAsn1SequenceOfCertExtensionTemplate },
201 { 0 }
202 };
203
204 const SecAsn1Template kSecAsn1OCSPBasicResponseTemplate[] = {
205 { SEC_ASN1_SEQUENCE,
206 0, NULL, sizeof(SecAsn1OCSPBasicResponse) },
207 { SEC_ASN1_ANY, offsetof(SecAsn1OCSPBasicResponse, tbsResponseData) },
208 { SEC_ASN1_INLINE,
209 offsetof(SecAsn1OCSPBasicResponse, algId),
210 kSecAsn1AlgorithmIDTemplate },
211 { SEC_ASN1_BIT_STRING, offsetof(SecAsn1OCSPBasicResponse, sig) },
212 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
213 SEC_ASN1_EXPLICIT | 0,
214 offsetof(SecAsn1OCSPBasicResponse, certs),
215 kSecAsn1SequenceOfAnyTemplate },
216 { 0 }
217 };
218
219 const SecAsn1Template kSecAsn1OCSPResponseBytesTemplate[] = {
220 { SEC_ASN1_SEQUENCE,
221 0, NULL, sizeof(SecAsn1OCSPResponseBytes) },
222 { SEC_ASN1_OBJECT_ID, offsetof(SecAsn1OCSPResponseBytes, responseType) },
223 { SEC_ASN1_OCTET_STRING, offsetof(SecAsn1OCSPResponseBytes, response) },
224 { 0 }
225 };
226
227 const SecAsn1Template kSecAsn1OCSPPtrToResponseBytesTemplate[] = {
228 { SEC_ASN1_POINTER, 0, kSecAsn1OCSPResponseBytesTemplate }
229 };
230
231 const SecAsn1Template kSecAsn1OCSPResponseTemplate[] = {
232 { SEC_ASN1_SEQUENCE,
233 0, NULL, sizeof(SecAsn1OCSPResponse) },
234 { SEC_ASN1_ENUMERATED, offsetof(SecAsn1OCSPResponse, responseStatus) },
235 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
236 SEC_ASN1_EXPLICIT | 0,
237 offsetof(SecAsn1OCSPResponse, responseBytes),
238 kSecAsn1OCSPPtrToResponseBytesTemplate },
239 { 0 }
240 };
241
242 // MARK: ---- OCSPD RPC ----
243
244 const SecAsn1Template kSecAsn1OCSPDRequestTemplate[] = {
245 { SEC_ASN1_SEQUENCE,
246 0, NULL, sizeof(SecAsn1OCSPDRequest) },
247 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
248 SEC_ASN1_EXPLICIT | 0,
249 offsetof(SecAsn1OCSPDRequest, cacheWriteDisable),
250 kSecAsn1PointerToBooleanTemplate },
251 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
252 SEC_ASN1_EXPLICIT | 1,
253 offsetof(SecAsn1OCSPDRequest, cacheReadDisable),
254 kSecAsn1PointerToBooleanTemplate },
255 { SEC_ASN1_OCTET_STRING, offsetof(SecAsn1OCSPDRequest, certID) },
256 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
257 SEC_ASN1_EXPLICIT | 2,
258 offsetof(SecAsn1OCSPDRequest, ocspReq),
259 kSecAsn1PointerToOctetStringTemplate },
260 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
261 SEC_ASN1_EXPLICIT | 3,
262 offsetof(SecAsn1OCSPDRequest, localRespURI),
263 kSecAsn1PointerToIA5StringTemplate },
264 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
265 SEC_ASN1_EXPLICIT | 4,
266 offsetof(SecAsn1OCSPDRequest, urls),
267 kSecAsn1SequenceOfIA5StringTemplate },
268 { 0 }
269 };
270
271 const SecAsn1Template kSecAsn1OCSPDRequestsTemplate[] = {
272 { SEC_ASN1_SEQUENCE,
273 0, NULL, sizeof(SecAsn1OCSPDRequests) },
274 { SEC_ASN1_INTEGER, offsetof(SecAsn1OCSPDRequests, version) },
275 { SEC_ASN1_SEQUENCE_OF,
276 offsetof(SecAsn1OCSPDRequests, requests),
277 kSecAsn1OCSPDRequestTemplate },
278 { 0 }
279 };
280
281 const SecAsn1Template kSecAsn1OCSPDReplyTemplate[] = {
282 { SEC_ASN1_SEQUENCE,
283 0, NULL, sizeof(SecAsn1OCSPDReply) },
284 { SEC_ASN1_ANY, offsetof(SecAsn1OCSPDReply, certID) },
285 { SEC_ASN1_ANY, offsetof(SecAsn1OCSPDReply, ocspResp) },
286 { 0 }
287 };
288
289 const SecAsn1Template kSecAsn1OCSPDRepliesTemplate[] = {
290 { SEC_ASN1_SEQUENCE,
291 0, NULL, sizeof(SecAsn1OCSPReplies) },
292 { SEC_ASN1_INTEGER, offsetof(SecAsn1OCSPReplies, version) },
293 { SEC_ASN1_SEQUENCE_OF,
294 offsetof(SecAsn1OCSPReplies, replies),
295 kSecAsn1OCSPDReplyTemplate },
296 { 0 }
297 };
mirror of Security