]> git.saurik.com Git - apple/security.git/blob - libsecurity_keychain/libDER/libDER/DER_CertCrl.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55178.0.1.tar.gz
[apple/security.git] / libsecurity_keychain / libDER / libDER / DER_CertCrl.c
1 /* Copyright (c) 2005-2009 Apple Inc. All Rights Reserved. */
2
3 /*
4 * DER_Cert.c - support for decoding X509 certificates
5 *
6 * Created Nov. 4 2005 by Doug Mitchell.
7 */
8
9 #include <libDER/DER_Decode.h>
10 #include <libDER/DER_CertCrl.h>
11 #include <libDER/asn1Types.h>
12
13 /*
14 * DERItemSpecs for X509 certificates.
15 */
16
17 /* top level cert with three components */
18 const DERItemSpec DERSignedCertCrlItemSpecs[] =
19 {
20 { DER_OFFSET(DERSignedCertCrl, tbs),
21 ASN1_CONSTR_SEQUENCE,
22 DER_DEC_NO_OPTS | DER_DEC_SAVE_DER},
23 { DER_OFFSET(DERSignedCertCrl, sigAlg),
24 ASN1_CONSTR_SEQUENCE,
25 DER_DEC_NO_OPTS },
26 { DER_OFFSET(DERSignedCertCrl, sig),
27 ASN1_BIT_STRING,
28 DER_DEC_NO_OPTS }
29 };
30
31 const DERSize DERNumSignedCertCrlItemSpecs =
32 sizeof(DERSignedCertCrlItemSpecs) / sizeof(DERItemSpec);
33
34 /* TBS cert */
35 const DERItemSpec DERTBSCertItemSpecs[] =
36 {
37 { DER_OFFSET(DERTBSCert, version),
38 ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC | 0,
39 DER_DEC_OPTIONAL }, /* version - EXPLICIT */
40 { DER_OFFSET(DERTBSCert, serialNum),
41 ASN1_INTEGER,
42 DER_DEC_NO_OPTS },
43 { DER_OFFSET(DERTBSCert, tbsSigAlg),
44 ASN1_CONSTR_SEQUENCE,
45 DER_DEC_NO_OPTS },
46 { DER_OFFSET(DERTBSCert, issuer),
47 ASN1_CONSTR_SEQUENCE,
48 DER_DEC_NO_OPTS },
49 { DER_OFFSET(DERTBSCert, validity),
50 ASN1_CONSTR_SEQUENCE,
51 DER_DEC_NO_OPTS },
52 { DER_OFFSET(DERTBSCert, subject),
53 ASN1_CONSTR_SEQUENCE,
54 DER_DEC_NO_OPTS },
55 { DER_OFFSET(DERTBSCert, subjectPubKey),
56 ASN1_CONSTR_SEQUENCE,
57 DER_DEC_NO_OPTS },
58 /* libsecurity_asn1 has these two as CONSTRUCTED, but the ASN.1 spec
59 * doesn't look that way to me. I don't have any certs that have these
60 * fields.... */
61 { DER_OFFSET(DERTBSCert, issuerID),
62 ASN1_CONTEXT_SPECIFIC | 1,
63 DER_DEC_OPTIONAL },
64 { DER_OFFSET(DERTBSCert, subjectID),
65 ASN1_CONTEXT_SPECIFIC | 2,
66 DER_DEC_OPTIONAL },
67 { DER_OFFSET(DERTBSCert, extensions),
68 ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC | 3,
69 DER_DEC_OPTIONAL }
70 };
71 const DERSize DERNumTBSCertItemSpecs = sizeof(DERTBSCertItemSpecs) / sizeof(DERItemSpec);
72
73 /* DERValidity */
74 const DERItemSpec DERValidityItemSpecs[] =
75 {
76 { DER_OFFSET(DERValidity, notBefore),
77 0, /* no tag - ANY */
78 DER_DEC_ASN_ANY | DER_DEC_SAVE_DER },
79 { DER_OFFSET(DERValidity, notAfter),
80 0, /* no tag - ANY */
81 DER_DEC_ASN_ANY | DER_DEC_SAVE_DER }
82 };
83 const DERSize DERNumValidityItemSpecs =
84 sizeof(DERValidityItemSpecs) / sizeof(DERItemSpec);
85
86 /* DERAttributeTypeAndValue */
87 const DERItemSpec DERAttributeTypeAndValueItemSpecs[] = {
88 { DER_OFFSET(DERAttributeTypeAndValue, type),
89 ASN1_OBJECT_ID,
90 DER_DEC_NO_OPTS },
91 { DER_OFFSET(DERAttributeTypeAndValue, value),
92 0, /* no tag - ANY */
93 DER_DEC_ASN_ANY | DER_DEC_SAVE_DER }
94 };
95
96 const DERSize DERNumAttributeTypeAndValueItemSpecs =
97 sizeof(DERAttributeTypeAndValueItemSpecs) / sizeof(DERItemSpec);
98
99 /* DERExtension */
100 const DERItemSpec DERExtensionItemSpecs[] =
101 {
102 { DER_OFFSET(DERExtension, extnID),
103 ASN1_OBJECT_ID,
104 DER_DEC_NO_OPTS },
105 { DER_OFFSET(DERExtension, critical),
106 ASN1_BOOLEAN,
107 DER_DEC_OPTIONAL },
108 { DER_OFFSET(DERExtension, extnValue),
109 ASN1_OCTET_STRING,
110 DER_DEC_NO_OPTS }
111 };
112 const DERSize DERNumExtensionItemSpecs =
113 sizeof(DERExtensionItemSpecs) / sizeof(DERItemSpec);
114
115 /* DERBasicConstraints */
116 const DERItemSpec DERBasicConstraintsItemSpecs[] =
117 {
118 { DER_OFFSET(DERBasicConstraints, cA),
119 ASN1_BOOLEAN,
120 DER_DEC_OPTIONAL },
121 { DER_OFFSET(DERBasicConstraints, pathLenConstraint),
122 ASN1_INTEGER,
123 DER_DEC_OPTIONAL }
124 };
125 const DERSize DERNumBasicConstraintsItemSpecs =
126 sizeof(DERBasicConstraintsItemSpecs) / sizeof(DERItemSpec);
127
128 /* DERPrivateKeyUsagePeriod. */
129 const DERItemSpec DERPrivateKeyUsagePeriodItemSpecs[] =
130 {
131 { DER_OFFSET(DERPrivateKeyUsagePeriod, notBefore),
132 ASN1_CONTEXT_SPECIFIC | 0,
133 DER_DEC_OPTIONAL },
134 { DER_OFFSET(DERPrivateKeyUsagePeriod, notAfter),
135 ASN1_CONTEXT_SPECIFIC | 1,
136 DER_DEC_OPTIONAL }
137 };
138 const DERSize DERNumPrivateKeyUsagePeriodItemSpecs =
139 sizeof(DERPrivateKeyUsagePeriodItemSpecs) / sizeof(DERItemSpec);
140
141 /* DERDistributionPoint. */
142 const DERItemSpec DERDistributionPointItemSpecs[] =
143 {
144 { DER_OFFSET(DERDistributionPoint, distributionPoint),
145 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0,
146 DER_DEC_OPTIONAL },
147 { DER_OFFSET(DERDistributionPoint, reasons),
148 ASN1_CONTEXT_SPECIFIC | 1,
149 DER_DEC_OPTIONAL },
150 { DER_OFFSET(DERDistributionPoint, cRLIssuer),
151 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 2,
152 DER_DEC_OPTIONAL }
153 };
154 const DERSize DERNumDistributionPointItemSpecs =
155 sizeof(DERDistributionPointItemSpecs) / sizeof(DERItemSpec);
156
157 /* DERPolicyInformation. */
158 const DERItemSpec DERPolicyInformationItemSpecs[] =
159 {
160 { DER_OFFSET(DERPolicyInformation, policyIdentifier),
161 ASN1_OBJECT_ID,
162 DER_DEC_NO_OPTS },
163 { DER_OFFSET(DERPolicyInformation, policyQualifiers),
164 ASN1_CONSTR_SEQUENCE,
165 DER_DEC_OPTIONAL }
166 };
167 const DERSize DERNumPolicyInformationItemSpecs =
168 sizeof(DERPolicyInformationItemSpecs) / sizeof(DERItemSpec);
169
170 /* DERPolicyQualifierInfo. */
171 const DERItemSpec DERPolicyQualifierInfoItemSpecs[] =
172 {
173 { DER_OFFSET(DERPolicyQualifierInfo, policyQualifierID),
174 ASN1_OBJECT_ID,
175 DER_DEC_NO_OPTS },
176 { DER_OFFSET(DERPolicyQualifierInfo, qualifier),
177 0, /* no tag - ANY */
178 DER_DEC_ASN_ANY | DER_DEC_SAVE_DER }
179 };
180 const DERSize DERNumPolicyQualifierInfoItemSpecs =
181 sizeof(DERPolicyQualifierInfoItemSpecs) / sizeof(DERItemSpec);
182
183 /* DERUserNotice. */
184 const DERItemSpec DERUserNoticeItemSpecs[] =
185 {
186 { DER_OFFSET(DERUserNotice, noticeRef),
187 ASN1_CONSTR_SEQUENCE,
188 DER_DEC_OPTIONAL },
189 { DER_OFFSET(DERUserNotice, explicitText),
190 0, /* no tag - ANY */
191 DER_DEC_ASN_ANY | DER_DEC_OPTIONAL | DER_DEC_SAVE_DER }
192 };
193 const DERSize DERNumUserNoticeItemSpecs =
194 sizeof(DERUserNoticeItemSpecs) / sizeof(DERItemSpec);
195
196 /* DERNoticeReference. */
197 const DERItemSpec DERNoticeReferenceItemSpecs[] =
198 {
199 { DER_OFFSET(DERNoticeReference, organization),
200 0, /* no tag - ANY */
201 DER_DEC_ASN_ANY | DER_DEC_SAVE_DER },
202 { DER_OFFSET(DERNoticeReference, noticeNumbers),
203 ASN1_CONSTR_SEQUENCE,
204 DER_DEC_NO_OPTS }
205 };
206 const DERSize DERNumNoticeReferenceItemSpecs =
207 sizeof(DERNoticeReferenceItemSpecs) / sizeof(DERItemSpec);
208
209 /* DERPolicyMapping. */
210 const DERItemSpec DERPolicyMappingItemSpecs[] =
211 {
212 { DER_OFFSET(DERPolicyMapping, issuerDomainPolicy),
213 ASN1_OBJECT_ID,
214 DER_DEC_NO_OPTS },
215 { DER_OFFSET(DERPolicyMapping, subjectDomainPolicy),
216 ASN1_OBJECT_ID,
217 DER_DEC_NO_OPTS }
218 };
219 const DERSize DERNumPolicyMappingItemSpecs =
220 sizeof(DERPolicyMappingItemSpecs) / sizeof(DERItemSpec);
221
222 /* DERAccessDescription. */
223 const DERItemSpec DERAccessDescriptionItemSpecs[] =
224 {
225 { DER_OFFSET(DERAccessDescription, accessMethod),
226 ASN1_OBJECT_ID,
227 DER_DEC_NO_OPTS },
228 { DER_OFFSET(DERAccessDescription, accessLocation),
229 0, /* no tag - ANY */
230 DER_DEC_ASN_ANY | DER_DEC_SAVE_DER }
231 };
232 const DERSize DERNumAccessDescriptionItemSpecs =
233 sizeof(DERAccessDescriptionItemSpecs) / sizeof(DERItemSpec);
234
235 /* DERAuthorityKeyIdentifier. */
236 const DERItemSpec DERAuthorityKeyIdentifierItemSpecs[] =
237 {
238 { DER_OFFSET(DERAuthorityKeyIdentifier, keyIdentifier),
239 ASN1_CONTEXT_SPECIFIC | 0,
240 DER_DEC_OPTIONAL },
241 { DER_OFFSET(DERAuthorityKeyIdentifier, authorityCertIssuer),
242 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1,
243 DER_DEC_OPTIONAL },
244 { DER_OFFSET(DERAuthorityKeyIdentifier, authorityCertSerialNumber),
245 ASN1_CONTEXT_SPECIFIC | 2,
246 DER_DEC_OPTIONAL }
247 };
248 const DERSize DERNumAuthorityKeyIdentifierItemSpecs =
249 sizeof(DERAuthorityKeyIdentifierItemSpecs) / sizeof(DERItemSpec);
250
251 /* DEROtherName. */
252 const DERItemSpec DEROtherNameItemSpecs[] =
253 {
254 { DER_OFFSET(DEROtherName, typeIdentifier),
255 ASN1_OBJECT_ID,
256 DER_DEC_NO_OPTS },
257 { DER_OFFSET(DEROtherName, value),
258 ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0,
259 DER_DEC_NO_OPTS },
260 };
261 const DERSize DERNumOtherNameItemSpecs =
262 sizeof(DEROtherNameItemSpecs) / sizeof(DERItemSpec);
263
264 /* DERPolicyConstraints. */
265 const DERItemSpec DERPolicyConstraintsItemSpecs[] =
266 {
267 { DER_OFFSET(DERPolicyConstraints, requireExplicitPolicy),
268 ASN1_CONTEXT_SPECIFIC | 0,
269 DER_DEC_OPTIONAL },
270 { DER_OFFSET(DERPolicyConstraints, inhibitPolicyMapping),
271 ASN1_CONTEXT_SPECIFIC | 1,
272 DER_DEC_OPTIONAL }
273 };
274 const DERSize DERNumPolicyConstraintsItemSpecs =
275 sizeof(DERPolicyConstraintsItemSpecs) / sizeof(DERItemSpec);
276
277 /* DERTBSCrl */
278 const DERItemSpec DERTBSCrlItemSpecs[] =
279 {
280 { DER_OFFSET(DERTBSCrl, version),
281 ASN1_INTEGER,
282 DER_DEC_OPTIONAL },
283 { DER_OFFSET(DERTBSCrl, tbsSigAlg),
284 ASN1_CONSTR_SEQUENCE,
285 DER_DEC_NO_OPTS },
286 { DER_OFFSET(DERTBSCrl, issuer),
287 ASN1_CONSTR_SEQUENCE,
288 DER_DEC_NO_OPTS },
289 { DER_OFFSET(DERTBSCrl, thisUpdate),
290 0, /* no tag - ANY */
291 DER_DEC_ASN_ANY | DER_DEC_SAVE_DER },
292 { DER_OFFSET(DERTBSCrl, nextUpdate),
293 0, /* no tag - ANY */
294 DER_DEC_ASN_ANY | DER_DEC_SAVE_DER },
295 { DER_OFFSET(DERTBSCrl, revokedCerts),
296 ASN1_CONSTR_SEQUENCE,
297 DER_DEC_OPTIONAL },
298 { DER_OFFSET(DERTBSCrl, extensions),
299 ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC | 0,
300 DER_DEC_OPTIONAL }
301 };
302 const DERSize DERNumTBSCrlItemSpecs = sizeof(DERTBSCrlItemSpecs) / sizeof(DERItemSpec);
303
304 /* DERRevokedCert */
305 const DERItemSpec DERRevokedCertItemSpecs[] =
306 {
307 { DER_OFFSET(DERRevokedCert, serialNum),
308 ASN1_INTEGER,
309 DER_DEC_NO_OPTS },
310 { DER_OFFSET(DERRevokedCert, revocationDate),
311 0, /* no tag - ANY */
312 DER_DEC_ASN_ANY | DER_DEC_SAVE_DER },
313 { DER_OFFSET(DERRevokedCert, extensions),
314 ASN1_CONSTR_SEQUENCE,
315 DER_DEC_OPTIONAL }
316 };
317
318 const DERSize DERNumRevokedCertItemSpecs =
319 sizeof(DERRevokedCertItemSpecs) / sizeof(DERItemSpec);
mirror of Security