]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/lib/tsaTemplates.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59754.80.3.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / tsaTemplates.c
1 /*
2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 * tsaTemplates.c - ASN1 templates Time Stamping Authority requests and responses
24 */
25
26 #include <Security/keyTemplates.h> /* for kSecAsn1AlgorithmIDTemplate */
27 #include <Security/SecAsn1Templates.h>
28 #include <stddef.h>
29
30 #include "tsaTemplates.h"
31 #include "cmslocal.h"
32
33 #pragma clang diagnostic push
34 #pragma clang diagnostic ignored "-Wunused-const-variable"
35
36 // *** from CMSEncoder.cpp
37
38 typedef struct {
39 CSSM_OID contentType;
40 CSSM_DATA content;
41 } SimpleContentInfo;
42
43 // SecCmsContentInfoTemplate
44 static const SecAsn1Template cmsSimpleContentInfoTemplate[] = {
45 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SimpleContentInfo) },
46 { SEC_ASN1_OBJECT_ID, offsetof(SimpleContentInfo, contentType) },
47 { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
48 offsetof(SimpleContentInfo, content),
49 kSecAsn1AnyTemplate },
50 { 0, }
51 };
52
53 #pragma mark ----- tsa -----
54
55 /*
56 Accuracy ::= SEQUENCE {
57 seconds INTEGER OPTIONAL,
58 millis [0] INTEGER (1..999) OPTIONAL,
59 micros [1] INTEGER (1..999) OPTIONAL }
60 */
61 const SecAsn1Template kSecAsn1TSAAccuracyTemplate[] = {
62 { SEC_ASN1_SEQUENCE,
63 0, NULL, sizeof(SecAsn1TSAAccuracy) },
64 { SEC_ASN1_INTEGER,
65 offsetof(SecAsn1TSAAccuracy, seconds) },
66 { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_OPTIONAL,
67 offsetof(SecAsn1TSAAccuracy, millis), kSecAsn1UnsignedIntegerTemplate },
68 { SEC_ASN1_CONTEXT_SPECIFIC | 1 | SEC_ASN1_OPTIONAL,
69 offsetof(SecAsn1TSAAccuracy, micros), kSecAsn1UnsignedIntegerTemplate },
70 { 0 }
71 };
72
73 /*
74 MessageImprint ::= SEQUENCE {
75 hashAlgorithm AlgorithmIdentifier,
76 hashedMessage OCTET STRING }
77 */
78
79 const SecAsn1Template kSecAsn1TSAMessageImprintTemplate[] = {
80 { SEC_ASN1_SEQUENCE,
81 0, NULL, sizeof(SecAsn1TSAMessageImprint) },
82 { SEC_ASN1_INLINE, offsetof(SecAsn1TSAMessageImprint,hashAlgorithm),
83 kSecAsn1AlgorithmIDTemplate },
84 { SEC_ASN1_OCTET_STRING,
85 offsetof(SecAsn1TSAMessageImprint,hashedMessage) },
86 { 0 }
87 };
88
89 /*
90 TimeStampReq ::= SEQUENCE {
91 version INTEGER { v1(1) },
92 messageImprint MessageImprint,
93 --a hash algorithm OID and the hash value of the data to be
94 --time-stamped
95 reqPolicy TSAPolicyId OPTIONAL,
96 nonce INTEGER OPTIONAL,
97 certReq BOOLEAN DEFAULT FALSE,
98 extensions [0] IMPLICIT Extensions OPTIONAL }
99
100 MessageImprint ::= SEQUENCE {
101 hashAlgorithm AlgorithmIdentifier,
102 hashedMessage OCTET STRING }
103
104 TSAPolicyId ::= OBJECT IDENTIFIER
105 */
106
107 const SecAsn1Template kSecAsn1TSATimeStampReqTemplate[] = {
108 { SEC_ASN1_SEQUENCE,
109 0, NULL, sizeof(SecAsn1TSATimeStampReq) },
110 { SEC_ASN1_INTEGER,
111 offsetof(SecAsn1TSATimeStampReq, version) },
112 { SEC_ASN1_INLINE, offsetof(SecAsn1TSATimeStampReq,messageImprint),
113 kSecAsn1TSAMessageImprintTemplate },
114 { SEC_ASN1_OBJECT_ID | SEC_ASN1_OPTIONAL,
115 offsetof(SecAsn1TSATimeStampReq,reqPolicy) },
116 { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL,
117 offsetof(SecAsn1TSATimeStampReq, nonce) },
118 { SEC_ASN1_BOOLEAN | SEC_ASN1_OPTIONAL,
119 offsetof(SecAsn1TSATimeStampReq, certReq) },
120 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
121 offsetof(SecAsn1TSATimeStampReq, extensions),
122 kSecAsn1SequenceOfCertExtensionTemplate },
123 { 0 }
124 };
125
126 /*
127 PKIFreeText ::= SEQUENCE {
128 SIZE (1..MAX) OF UTF8String
129 -- text encoded as UTF-8 String (note: each UTF8String SHOULD
130 -- include an RFC 1766 language tag to indicate the language -- of the contained text)
131 }
132
133 See e.g. kSecAsn1SequenceOfUTF8StringTemplate
134 */
135
136 const SecAsn1Template kSecAsn1TSAPKIStatusInfoTemplate[] = {
137 { SEC_ASN1_SEQUENCE,
138 0, NULL, sizeof(SecAsn1TSAPKIStatusInfo) },
139 { SEC_ASN1_INTEGER,
140 offsetof(SecAsn1TSAPKIStatusInfo, status) },
141 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_SEQUENCE | SEC_ASN1_OPTIONAL,
142 offsetof(SecAsn1TSAPKIStatusInfo, statusString) },
143 { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL,
144 offsetof(SecAsn1TSAPKIStatusInfo,failInfo) },
145 { 0 }
146 };
147
148 const SecAsn1Template kSecAsn1TSAPKIStatusInfoTemplateRFC3161[] = {
149 { SEC_ASN1_SEQUENCE,
150 0, NULL, sizeof(SecAsn1TSAPKIStatusInfo) },
151 { SEC_ASN1_INTEGER,
152 offsetof(SecAsn1TSAPKIStatusInfo, status) },
153 { SEC_ASN1_UTF8_STRING | SEC_ASN1_OPTIONAL,
154 offsetof(SecAsn1TSAPKIStatusInfo, statusString) },
155 { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL,
156 offsetof(SecAsn1TSAPKIStatusInfo,failInfo) },
157 { 0 }
158 };
159
160 #if 0
161 const SecAsn1Template kSecAsn1TSATimeStampRespTemplate[] = {
162 { SEC_ASN1_SEQUENCE,
163 0, NULL, sizeof(SecAsn1TimeStampResp) },
164 { SEC_ASN1_INLINE, offsetof(SecAsn1TimeStampResp,status),
165 kSecAsn1TSAPKIStatusInfoTemplate },
166 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, offsetof(SecAsn1TimeStampResp,timeStampToken),
167 SecCmsContentInfoTemplate },
168 { 0 }
169 };
170 #endif
171
172 // Decode the status but not the TimeStampToken
173 const SecAsn1Template kSecAsn1TSATimeStampRespTemplateDER[] = {
174 { SEC_ASN1_SEQUENCE,
175 0, NULL, sizeof(SecAsn1TimeStampRespDER) },
176 { SEC_ASN1_INLINE, offsetof(SecAsn1TimeStampRespDER,status),
177 kSecAsn1TSAPKIStatusInfoTemplate },
178 { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL ,//| SEC_ASN1_SAVE,
179 offsetof(SecAsn1TimeStampRespDER, timeStampTokenDER), kSecAsn1AnyTemplate },
180 { 0 }
181 };
182
183 /*
184 RFC 3161 Time-Stamp Protocol (TSP) August 2001
185
186 TimeStampToken ::= ContentInfo
187
188 -- contentType is id-signedData as defined in [CMS]
189 -- content is SignedData as defined in([CMS])
190 -- eContentType within SignedData is id-ct-TSTInfo
191 -- eContent within SignedData is TSTInfo
192
193 TSTInfo ::= SEQUENCE {
194 version INTEGER { v1(1) },
195 policy TSAPolicyId,
196 messageImprint MessageImprint,
197 -- MUST have the same value as the similar field in
198 -- TimeStampReq
199 serialNumber INTEGER,
200 -- Time-Stamping users MUST be ready to accommodate integers
201 -- up to 160 bits.
202 genTime GeneralizedTime,
203 accuracy Accuracy OPTIONAL,
204 ordering BOOLEAN DEFAULT FALSE,
205 nonce INTEGER OPTIONAL,
206 -- MUST be present if the similar field was present
207 -- in TimeStampReq. In that case it MUST have the same value.
208 tsa [0] GeneralName OPTIONAL,
209 extensions [1] IMPLICIT Extensions OPTIONAL }
210
211 Accuracy ::= SEQUENCE {
212 seconds INTEGER OPTIONAL,
213 millis [0] INTEGER (1..999) OPTIONAL,
214 micros [1] INTEGER (1..999) OPTIONAL }
215 */
216
217 const SecAsn1Template kSecAsn1TSATSTInfoTemplate[] = {
218 { SEC_ASN1_SEQUENCE,
219 0, NULL, sizeof(SecAsn1TSATSTInfo) },
220 { SEC_ASN1_INTEGER,
221 offsetof(SecAsn1TSATSTInfo, version) },
222 { SEC_ASN1_OBJECT_ID,
223 offsetof(SecAsn1TSATSTInfo,reqPolicy) },
224 { SEC_ASN1_INLINE, offsetof(SecAsn1TSATSTInfo,messageImprint),
225 kSecAsn1TSAMessageImprintTemplate },
226 { SEC_ASN1_INTEGER,
227 offsetof(SecAsn1TSATSTInfo, serialNumber) },
228 { SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM,
229 offsetof(SecAsn1TSATSTInfo,genTime) },
230 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
231 offsetof(SecAsn1TSATSTInfo,accuracy),
232 kSecAsn1TSAAccuracyTemplate },
233 { SEC_ASN1_BOOLEAN | SEC_ASN1_OPTIONAL,
234 offsetof(SecAsn1TSATSTInfo, ordering) },
235 { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL,
236 offsetof(SecAsn1TSATSTInfo, nonce) },
237 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_OPTIONAL,
238 offsetof(SecAsn1TSATSTInfo, tsa),
239 kSecAsn1GenNameOtherNameTemplate},
240
241 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1 | SEC_ASN1_OPTIONAL,
242 offsetof(SecAsn1TSATSTInfo, extensions),
243 kSecAsn1CertExtensionTemplate },
244 { 0 }
245 };
246
247 #pragma clang diagnostic pop
mirror of Security