]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_smime/lib/tsaTemplates.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / OSX / libsecurity_smime / lib / tsaTemplates.c
1 /*
2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 * tsaTemplates.c - ASN1 templates Time Stamping Authority requests and responses
24 */
25
26 #include <Security/keyTemplates.h> /* for kSecAsn1AlgorithmIDTemplate */
27 #include <Security/SecAsn1Templates.h>
28 #include <stddef.h>
29 #include <assert.h>
30
31 #include "tsaTemplates.h"
32 #include "cmslocal.h"
33
34 #pragma clang diagnostic push
35 #pragma clang diagnostic ignored "-Wunused-const-variable"
36
37 // *** from CMSEncoder.cpp
38
39 typedef struct {
40 CSSM_OID contentType;
41 CSSM_DATA content;
42 } SimpleContentInfo;
43
44 // SecCmsContentInfoTemplate
45 static const SecAsn1Template cmsSimpleContentInfoTemplate[] = {
46 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SimpleContentInfo) },
47 { SEC_ASN1_OBJECT_ID, offsetof(SimpleContentInfo, contentType) },
48 { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
49 offsetof(SimpleContentInfo, content),
50 kSecAsn1AnyTemplate },
51 { 0, }
52 };
53
54 #pragma mark ----- tsa -----
55
56 /*
57 Accuracy ::= SEQUENCE {
58 seconds INTEGER OPTIONAL,
59 millis [0] INTEGER (1..999) OPTIONAL,
60 micros [1] INTEGER (1..999) OPTIONAL }
61 */
62 const SecAsn1Template kSecAsn1TSAAccuracyTemplate[] = {
63 { SEC_ASN1_SEQUENCE,
64 0, NULL, sizeof(SecAsn1TSAAccuracy) },
65 { SEC_ASN1_INTEGER,
66 offsetof(SecAsn1TSAAccuracy, seconds) },
67 { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_OPTIONAL,
68 offsetof(SecAsn1TSAAccuracy, millis), kSecAsn1UnsignedIntegerTemplate },
69 { SEC_ASN1_CONTEXT_SPECIFIC | 1 | SEC_ASN1_OPTIONAL,
70 offsetof(SecAsn1TSAAccuracy, micros), kSecAsn1UnsignedIntegerTemplate },
71 { 0 }
72 };
73
74 /*
75 MessageImprint ::= SEQUENCE {
76 hashAlgorithm AlgorithmIdentifier,
77 hashedMessage OCTET STRING }
78 */
79
80 const SecAsn1Template kSecAsn1TSAMessageImprintTemplate[] = {
81 { SEC_ASN1_SEQUENCE,
82 0, NULL, sizeof(SecAsn1TSAMessageImprint) },
83 { SEC_ASN1_INLINE, offsetof(SecAsn1TSAMessageImprint,hashAlgorithm),
84 kSecAsn1AlgorithmIDTemplate },
85 { SEC_ASN1_OCTET_STRING,
86 offsetof(SecAsn1TSAMessageImprint,hashedMessage) },
87 { 0 }
88 };
89
90 /*
91 TimeStampReq ::= SEQUENCE {
92 version INTEGER { v1(1) },
93 messageImprint MessageImprint,
94 --a hash algorithm OID and the hash value of the data to be
95 --time-stamped
96 reqPolicy TSAPolicyId OPTIONAL,
97 nonce INTEGER OPTIONAL,
98 certReq BOOLEAN DEFAULT FALSE,
99 extensions [0] IMPLICIT Extensions OPTIONAL }
100
101 MessageImprint ::= SEQUENCE {
102 hashAlgorithm AlgorithmIdentifier,
103 hashedMessage OCTET STRING }
104
105 TSAPolicyId ::= OBJECT IDENTIFIER
106 */
107
108 const SecAsn1Template kSecAsn1TSATimeStampReqTemplate[] = {
109 { SEC_ASN1_SEQUENCE,
110 0, NULL, sizeof(SecAsn1TSATimeStampReq) },
111 { SEC_ASN1_INTEGER,
112 offsetof(SecAsn1TSATimeStampReq, version) },
113 { SEC_ASN1_INLINE, offsetof(SecAsn1TSATimeStampReq,messageImprint),
114 kSecAsn1TSAMessageImprintTemplate },
115 { SEC_ASN1_OBJECT_ID | SEC_ASN1_OPTIONAL,
116 offsetof(SecAsn1TSATimeStampReq,reqPolicy) },
117 { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL,
118 offsetof(SecAsn1TSATimeStampReq, nonce) },
119 { SEC_ASN1_BOOLEAN | SEC_ASN1_OPTIONAL,
120 offsetof(SecAsn1TSATimeStampReq, certReq) },
121 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
122 offsetof(SecAsn1TSATimeStampReq, extensions),
123 kSecAsn1SequenceOfCertExtensionTemplate },
124 { 0 }
125 };
126
127 /*
128 PKIFreeText ::= SEQUENCE {
129 SIZE (1..MAX) OF UTF8String
130 -- text encoded as UTF-8 String (note: each UTF8String SHOULD
131 -- include an RFC 1766 language tag to indicate the language -- of the contained text)
132 }
133
134 See e.g. kSecAsn1SequenceOfUTF8StringTemplate
135 */
136
137 const SecAsn1Template kSecAsn1TSAPKIStatusInfoTemplate[] = {
138 { SEC_ASN1_SEQUENCE,
139 0, NULL, sizeof(SecAsn1TSAPKIStatusInfo) },
140 { SEC_ASN1_INTEGER,
141 offsetof(SecAsn1TSAPKIStatusInfo, status) },
142 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_SEQUENCE | SEC_ASN1_OPTIONAL,
143 offsetof(SecAsn1TSAPKIStatusInfo, statusString) },
144 { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL,
145 offsetof(SecAsn1TSAPKIStatusInfo,failInfo) },
146 { 0 }
147 };
148
149 const SecAsn1Template kSecAsn1TSAPKIStatusInfoTemplateRFC3161[] = {
150 { SEC_ASN1_SEQUENCE,
151 0, NULL, sizeof(SecAsn1TSAPKIStatusInfo) },
152 { SEC_ASN1_INTEGER,
153 offsetof(SecAsn1TSAPKIStatusInfo, status) },
154 { SEC_ASN1_UTF8_STRING | SEC_ASN1_OPTIONAL,
155 offsetof(SecAsn1TSAPKIStatusInfo, statusString) },
156 { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL,
157 offsetof(SecAsn1TSAPKIStatusInfo,failInfo) },
158 { 0 }
159 };
160
161 #if 0
162 const SecAsn1Template kSecAsn1TSATimeStampRespTemplate[] = {
163 { SEC_ASN1_SEQUENCE,
164 0, NULL, sizeof(SecAsn1TimeStampResp) },
165 { SEC_ASN1_INLINE, offsetof(SecAsn1TimeStampResp,status),
166 kSecAsn1TSAPKIStatusInfoTemplate },
167 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, offsetof(SecAsn1TimeStampResp,timeStampToken),
168 SecCmsContentInfoTemplate },
169 { 0 }
170 };
171 #endif
172
173 // Decode the status but not the TimeStampToken
174 const SecAsn1Template kSecAsn1TSATimeStampRespTemplateDER[] = {
175 { SEC_ASN1_SEQUENCE,
176 0, NULL, sizeof(SecAsn1TimeStampRespDER) },
177 { SEC_ASN1_INLINE, offsetof(SecAsn1TimeStampRespDER,status),
178 kSecAsn1TSAPKIStatusInfoTemplate },
179 { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL ,//| SEC_ASN1_SAVE,
180 offsetof(SecAsn1TimeStampRespDER, timeStampTokenDER), kSecAsn1AnyTemplate },
181 { 0 }
182 };
183
184 /*
185 RFC 3161 Time-Stamp Protocol (TSP) August 2001
186
187 TimeStampToken ::= ContentInfo
188
189 -- contentType is id-signedData as defined in [CMS]
190 -- content is SignedData as defined in([CMS])
191 -- eContentType within SignedData is id-ct-TSTInfo
192 -- eContent within SignedData is TSTInfo
193
194 TSTInfo ::= SEQUENCE {
195 version INTEGER { v1(1) },
196 policy TSAPolicyId,
197 messageImprint MessageImprint,
198 -- MUST have the same value as the similar field in
199 -- TimeStampReq
200 serialNumber INTEGER,
201 -- Time-Stamping users MUST be ready to accommodate integers
202 -- up to 160 bits.
203 genTime GeneralizedTime,
204 accuracy Accuracy OPTIONAL,
205 ordering BOOLEAN DEFAULT FALSE,
206 nonce INTEGER OPTIONAL,
207 -- MUST be present if the similar field was present
208 -- in TimeStampReq. In that case it MUST have the same value.
209 tsa [0] GeneralName OPTIONAL,
210 extensions [1] IMPLICIT Extensions OPTIONAL }
211
212 Accuracy ::= SEQUENCE {
213 seconds INTEGER OPTIONAL,
214 millis [0] INTEGER (1..999) OPTIONAL,
215 micros [1] INTEGER (1..999) OPTIONAL }
216 */
217
218 const SecAsn1Template kSecAsn1TSATSTInfoTemplate[] = {
219 { SEC_ASN1_SEQUENCE,
220 0, NULL, sizeof(SecAsn1TSATSTInfo) },
221 { SEC_ASN1_INTEGER,
222 offsetof(SecAsn1TSATSTInfo, version) },
223 { SEC_ASN1_OBJECT_ID,
224 offsetof(SecAsn1TSATSTInfo,reqPolicy) },
225 { SEC_ASN1_INLINE, offsetof(SecAsn1TSATSTInfo,messageImprint),
226 kSecAsn1TSAMessageImprintTemplate },
227 { SEC_ASN1_INTEGER,
228 offsetof(SecAsn1TSATSTInfo, serialNumber) },
229 { SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM,
230 offsetof(SecAsn1TSATSTInfo,genTime) },
231 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
232 offsetof(SecAsn1TSATSTInfo,accuracy),
233 kSecAsn1TSAAccuracyTemplate },
234 { SEC_ASN1_BOOLEAN | SEC_ASN1_OPTIONAL,
235 offsetof(SecAsn1TSATSTInfo, ordering) },
236 { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL,
237 offsetof(SecAsn1TSATSTInfo, nonce) },
238 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_OPTIONAL,
239 offsetof(SecAsn1TSATSTInfo, tsa),
240 kSecAsn1GenNameOtherNameTemplate},
241
242 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1 | SEC_ASN1_OPTIONAL,
243 offsetof(SecAsn1TSATSTInfo, extensions),
244 kSecAsn1CertExtensionTemplate },
245 { 0 }
246 };
247
248 #pragma clang diagnostic pop
mirror of Security