]> git.saurik.com Git - apple/security.git/blob - libsecurity_asn1/lib/nameTemplates.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55163.44.tar.gz
[apple/security.git] / libsecurity_asn1 / lib / nameTemplates.c
1 /*
2 * Copyright (c) 2003-2006,2008,2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 * nameTemplates.c - ASN1 templates for X509 Name, GeneralName, etc.
24 */
25
26 #include "SecAsn1Templates.h"
27 #include "nameTemplates.h"
28 #include "X509Templates.h"
29 #include "keyTemplates.h"
30 #include <stddef.h>
31 #include <assert.h>
32
33 typedef struct {
34 SecAsn1Oid typeId;
35 SecAsn1Item value; // unparsed, BER-encoded
36 } CE_OtherName;
37
38 #pragma mark ----- Generalized NSS_TaggedItem template chooser support -----
39
40 /*
41 * Generalized Template chooser.
42 */
43 const SecAsn1Template * SecAsn1TaggedTemplateChooser(
44 /* Four args passed to specific SecAsn1TemplateChooser */
45 void *arg, // currently not used
46 Boolean enc,
47 const char *buf,
48 void *dest,
49 /* array of tag/template pairs */
50 const NSS_TagChoice *chooser)
51 {
52 unsigned char tag = 0;
53 const SecAsn1Template *templ = NULL;
54 NSS_TaggedItem *item = (NSS_TaggedItem *)dest;
55
56 assert(item != NULL);
57 assert((chooser != NULL) && (chooser->templ != NULL));
58
59 if(enc) {
60 /* encoding: tag from an NSS_TaggedItem at *dest */
61 tag = item->tag;
62 }
63 else {
64 /* decoding: tag from raw bytes being decoded */
65 tag = buf[0] & SEC_ASN1_TAGNUM_MASK;
66 /* and tell caller what's coming */
67 item->tag = tag;
68 }
69
70 /* infer template from tag */
71 const NSS_TagChoice *thisChoice;
72 for(thisChoice=chooser; thisChoice->templ != NULL; thisChoice++) {
73 if(tag == thisChoice->tag) {
74 templ = thisChoice->templ;
75 break;
76 }
77 }
78 if(templ == NULL) {
79 /*
80 * Tag not found. On decoding, this is the caller's fault
81 * and they'll have to deal with it.
82 * On decode, pick a template guaranteed to cause a decoding
83 * failure - the template from the first array of
84 * NSS_TagChoices should do the trick since its tag didn't match.
85 */
86 templ = chooser[0].templ;
87 }
88 return templ;
89 }
90
91 #pragma mark ----- X509 Name, RDN ------
92
93 /* AttributeTypeAndValue */
94
95 /*
96 * NSS_ATV Template chooser.
97 */
98 static const NSS_TagChoice atvChoices[] = {
99 { SEC_ASN1_PRINTABLE_STRING, kSecAsn1PrintableStringTemplate} ,
100 { SEC_ASN1_TELETEX_STRING, kSecAsn1TeletexStringTemplate },
101 { SEC_ASN1_UNIVERSAL_STRING, kSecAsn1UniversalStringTemplate },
102 { SEC_ASN1_UTF8_STRING, kSecAsn1UTF8StringTemplate },
103 { SEC_ASN1_BMP_STRING, kSecAsn1BMPStringTemplate },
104 { SEC_ASN1_IA5_STRING, kSecAsn1IA5StringTemplate },
105 { 0, NULL}
106 };
107
108 static const SecAsn1Template * NSS_ATVChooser(
109 void *arg,
110 Boolean enc,
111 const char *buf,
112 void *dest)
113 {
114 return SecAsn1TaggedTemplateChooser(arg, enc, buf, dest, atvChoices);
115 }
116
117 static const SecAsn1TemplateChooserPtr NSS_ATVChooserPtr = NSS_ATVChooser;
118
119 const SecAsn1Template kSecAsn1ATVTemplate[] = {
120 { SEC_ASN1_SEQUENCE,
121 0, NULL, sizeof(NSS_ATV) },
122 { SEC_ASN1_OBJECT_ID,
123 offsetof(NSS_ATV,type), },
124 { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
125 offsetof(NSS_ATV,value),
126 &NSS_ATVChooserPtr },
127 { 0, }
128 };
129
130 /* RelativeDistinguishedName */
131 const SecAsn1Template kSecAsn1RDNTemplate[] = {
132 { SEC_ASN1_SET_OF,
133 offsetof(NSS_RDN,atvs), kSecAsn1ATVTemplate, sizeof(NSS_RDN) }
134 };
135
136 /* X509 Name */
137 const SecAsn1Template kSecAsn1NameTemplate[] = {
138 { SEC_ASN1_SEQUENCE_OF,
139 offsetof(NSS_Name,rdns), kSecAsn1RDNTemplate, sizeof(NSS_Name) }
140 };
141
142 #pragma mark ----- OtherName, GeneralizedName -----
143
144 /*
145 * CE_OtherName.value expressed as ASN_ANY, not en/decoded.
146 */
147 const SecAsn1Template NSS_OtherNameTemplate[] = {
148 { SEC_ASN1_SEQUENCE,
149 0, NULL, sizeof(CE_OtherName) },
150 { SEC_ASN1_OBJECT_ID,
151 offsetof(CE_OtherName,typeId), },
152 { SEC_ASN1_ANY,
153 offsetof(CE_OtherName,value), },
154 { 0, }
155 };
156
157 /*
158 * For decoding an OtherName when it's a context-specific CHOICE
159 * of a GeneralName.
160 */
161 const SecAsn1Template kSecAsn1GenNameOtherNameTemplate[] = {
162 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | NGT_OtherName,
163 0, NSS_OtherNameTemplate, sizeof(CE_OtherName) }
164 };
165
166 /*
167 * NSS_GeneralName template chooser.
168 * First, a crufty set of templates specific to this context.
169 * All offsets are zero (the fundamental type is a NSS_TaggedItem).
170 *
171 * NOTE WELL: RFC2459 says that all of the choices within a
172 * GeneralName (which these templates implement) have implicit
173 * context-specific tags.
174 * HOWEVER: RFC2538 and the real world indicate that the directoryName
175 * choice is EXPLICITLY tagged. This causes an extra layer of DER -
176 * the "thing" is wrapped in a header consisting of the tag byte
177 * (SEC_ASN1_CONTEXT_SPECIFIC plus context tag plus SEC_ASN1_CONSTRUCTED)
178 * and the length field.
179 *
180 * To actually implement this in the current pile-of-cruft context,
181 * the directoryName and otherName choices are processed here with
182 * NSS_InnerAnyTemplate which strips off the explicit tag layer, leaving
183 * further processing to the app.
184 *
185 * I sure hope we don't find certs that actually conform to RFC2459 on
186 * this. We might have to handle both. Be forewarned.
187 */
188
189 /* inner contents of an ASN_ANY */
190 static const SecAsn1Template kSecAsn1InnerAnyTemplate[] = {
191 { SEC_ASN1_ANY | SEC_ASN1_INNER, 0, NULL, sizeof(SecAsn1Item) }
192 };
193
194 #define NSS_GEN_NAME_OFFSET (offsetof(NSS_GeneralName,item))
195 #define NSS_GEN_NAME_SIZE (sizeof(NSS_GeneralName))
196
197 const SecAsn1Template kSecAsn1OtherNameTemplate[] = {
198 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | NGT_OtherName,
199 NSS_GEN_NAME_OFFSET, kSecAsn1AnyTemplate, NSS_GEN_NAME_SIZE }
200 };
201 const SecAsn1Template kSecAsn1RFC822NameTemplate[] = {
202 { SEC_ASN1_CONTEXT_SPECIFIC | NGT_RFC822Name,
203 NSS_GEN_NAME_OFFSET, kSecAsn1IA5StringTemplate, NSS_GEN_NAME_SIZE }
204 };
205 const SecAsn1Template kSecAsn1DNSNameTemplate[] = {
206 { SEC_ASN1_CONTEXT_SPECIFIC | NGT_DNSName,
207 NSS_GEN_NAME_OFFSET, kSecAsn1IA5StringTemplate, NSS_GEN_NAME_SIZE }
208 };
209 const SecAsn1Template kSecAsn1X400AddressTemplate[] = {
210 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | NGT_X400Address,
211 NSS_GEN_NAME_OFFSET, kSecAsn1AnyTemplate, NSS_GEN_NAME_SIZE }
212 };
213 #if 0
214 const SecAsn1Template kSecAsn1DirectoryNameTemplate[] = {
215 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | NGT_DirectoryName,
216 NSS_GEN_NAME_OFFSET, kSecAsn1InnerAnyTemplate, NSS_GEN_NAME_SIZE }
217 };
218 #else
219 const SecAsn1Template kSecAsn1DirectoryNameTemplate[] = {
220 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED |
221 SEC_ASN1_EXPLICIT | NGT_DirectoryName,
222 NSS_GEN_NAME_OFFSET, kSecAsn1AnyTemplate, NSS_GEN_NAME_SIZE }
223 };
224 #endif
225 const SecAsn1Template kSecAsn1EdiPartyNameTemplate[] = {
226 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | NGT_EdiPartyName,
227 NSS_GEN_NAME_OFFSET, kSecAsn1AnyTemplate, NSS_GEN_NAME_SIZE }
228 };
229 const SecAsn1Template kSecAsn1URITemplate[] = {
230 { SEC_ASN1_CONTEXT_SPECIFIC | NGT_URI,
231 NSS_GEN_NAME_OFFSET, kSecAsn1IA5StringTemplate, NSS_GEN_NAME_SIZE }
232 };
233 const SecAsn1Template kSecAsn1IPAddressTemplate[] = {
234 { SEC_ASN1_CONTEXT_SPECIFIC | NGT_IPAddress,
235 NSS_GEN_NAME_OFFSET, kSecAsn1OctetStringTemplate, NSS_GEN_NAME_SIZE }
236 };
237 const SecAsn1Template kSecAsn1RegisteredIDTemplate[] = {
238 { SEC_ASN1_CONTEXT_SPECIFIC | NGT_RegisteredID,
239 NSS_GEN_NAME_OFFSET, kSecAsn1ObjectIDTemplate, NSS_GEN_NAME_SIZE }
240 };
241
242 static const NSS_TagChoice genNameChoices[] = {
243 { NGT_OtherName, kSecAsn1OtherNameTemplate} ,
244 { NGT_RFC822Name, kSecAsn1RFC822NameTemplate },
245 { NGT_DNSName, kSecAsn1DNSNameTemplate },
246 { NGT_X400Address, kSecAsn1X400AddressTemplate },
247 { NGT_DirectoryName, kSecAsn1DirectoryNameTemplate },
248 { NGT_EdiPartyName, kSecAsn1EdiPartyNameTemplate },
249 { NGT_URI, kSecAsn1URITemplate },
250 { NGT_IPAddress, kSecAsn1IPAddressTemplate },
251 { NGT_RegisteredID, kSecAsn1RegisteredIDTemplate },
252 { 0, NULL}
253 };
254
255 static const SecAsn1Template * NSS_genNameChooser(
256 void *arg,
257 Boolean enc,
258 const char *buf,
259 void *dest)
260 {
261 return SecAsn1TaggedTemplateChooser(arg, enc, buf, dest, genNameChoices);
262 }
263
264 static const SecAsn1TemplateChooserPtr NSS_genNameChooserPtr =
265 NSS_genNameChooser;
266
267 const SecAsn1Template kSecAsn1GeneralNameTemplate[] = {
268 { SEC_ASN1_DYNAMIC | SEC_ASN1_CONTEXT_SPECIFIC,
269 offsetof(NSS_GeneralName,item), // Needed?
270 &NSS_genNameChooserPtr },
271 { 0, } // Needed?
272 };
mirror of Security