]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_asn1/lib/X509Templates.c
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-59754.41.1.tar.gz
[apple/security.git] / OSX / libsecurity_asn1 / lib / X509Templates.c
1 /*
2 * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 * X509Templates.c - Common ASN1 templates for use with libNSSDer.
24 */
25
26 #include "SecAsn1Templates.h"
27 #include "X509Templates.h"
28 #include "keyTemplates.h"
29 #include <stddef.h>
30
31 /*
32 * Validity
33 */
34 /*
35 * NSS_Time Template chooser.
36 */
37 static const NSS_TagChoice timeChoices[] = {
38 { SEC_ASN1_GENERALIZED_TIME, kSecAsn1GeneralizedTimeTemplate} ,
39 { SEC_ASN1_UTC_TIME, kSecAsn1UTCTimeTemplate },
40 { 0, NULL}
41 };
42
43 static const SecAsn1Template * NSS_TimeChooser(
44 void *arg,
45 Boolean enc,
46 const char *buf,
47 size_t len,
48 void *dest)
49 {
50 return SecAsn1TaggedTemplateChooser(arg, enc, buf, len, dest, timeChoices);
51 }
52
53 static const SecAsn1TemplateChooserPtr NSS_TimeChooserPtr = NSS_TimeChooser;
54
55 const SecAsn1Template kSecAsn1ValidityTemplate[] = {
56 { SEC_ASN1_SEQUENCE,
57 0, NULL, sizeof(NSS_Validity) },
58 { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
59 offsetof(NSS_Validity,notBefore.item),
60 &NSS_TimeChooserPtr },
61 { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
62 offsetof(NSS_Validity,notAfter.item),
63 &NSS_TimeChooserPtr },
64 { 0 }
65 };
66
67 /* X509 cert extension */
68 const SecAsn1Template kSecAsn1CertExtensionTemplate[] = {
69 { SEC_ASN1_SEQUENCE,
70 0, NULL, sizeof(NSS_CertExtension) },
71 { SEC_ASN1_OBJECT_ID,
72 offsetof(NSS_CertExtension,extnId) },
73 { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
74 offsetof(NSS_CertExtension,critical) },
75 { SEC_ASN1_OCTET_STRING,
76 offsetof(NSS_CertExtension,value) },
77 { 0, }
78 };
79
80 const SecAsn1Template kSecAsn1SequenceOfCertExtensionTemplate[] = {
81 { SEC_ASN1_SEQUENCE_OF, 0, kSecAsn1CertExtensionTemplate }
82 };
83
84 /* TBS Cert */
85 const SecAsn1Template kSecAsn1TBSCertificateTemplate[] = {
86 { SEC_ASN1_SEQUENCE,
87 0, NULL, sizeof(NSS_TBSCertificate) },
88 /* optional version, explicit tag 0, default 0 */
89 { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
90 SEC_ASN1_CONTEXT_SPECIFIC | 0, /* XXX DER_DEFAULT */
91 offsetof(NSS_TBSCertificate,version),
92 kSecAsn1IntegerTemplate },
93 /* serial number is SIGNED integer */
94 { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
95 offsetof(NSS_TBSCertificate,serialNumber) },
96 { SEC_ASN1_INLINE,
97 offsetof(NSS_TBSCertificate,signature),
98 kSecAsn1AlgorithmIDTemplate },
99 { SEC_ASN1_SAVE, offsetof(NSS_TBSCertificate,derIssuer) },
100 { SEC_ASN1_INLINE,
101 offsetof(NSS_TBSCertificate,issuer),
102 kSecAsn1NameTemplate },
103 { SEC_ASN1_INLINE,
104 offsetof(NSS_TBSCertificate,validity),
105 kSecAsn1ValidityTemplate },
106 { SEC_ASN1_SAVE, offsetof(NSS_TBSCertificate,derSubject) },
107 { SEC_ASN1_INLINE,
108 offsetof(NSS_TBSCertificate,subject),
109 kSecAsn1NameTemplate },
110 { SEC_ASN1_INLINE,
111 offsetof(NSS_TBSCertificate,subjectPublicKeyInfo),
112 kSecAsn1SubjectPublicKeyInfoTemplate },
113 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1,
114 offsetof(NSS_TBSCertificate,issuerID),
115 kSecAsn1BitStringTemplate },
116 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 2,
117 offsetof(NSS_TBSCertificate,subjectID),
118 kSecAsn1BitStringTemplate },
119 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
120 SEC_ASN1_EXPLICIT | 3,
121 offsetof(NSS_TBSCertificate,extensions),
122 kSecAsn1SequenceOfCertExtensionTemplate },
123 { 0 }
124 };
125
126 /*
127 * For signing and verifying only, treating the TBS portion as an
128 * opaque ASN_ANY blob.
129 */
130 const SecAsn1Template kSecAsn1SignedCertOrCRLTemplate[] =
131 {
132 { SEC_ASN1_SEQUENCE,
133 0, NULL, sizeof(NSS_SignedCertOrCRL) },
134 { SEC_ASN1_ANY,
135 offsetof(NSS_SignedCertOrCRL,tbsBlob) },
136 { SEC_ASN1_ANY,
137 offsetof(NSS_SignedCertOrCRL,signatureAlgorithm) },
138 { SEC_ASN1_BIT_STRING,
139 offsetof(NSS_SignedCertOrCRL,signature) },
140 { 0 }
141 };
142
143 /* Fully specified signed certificate */
144 const SecAsn1Template kSecAsn1SignedCertTemplate[] =
145 {
146 { SEC_ASN1_SEQUENCE,
147 0, NULL, sizeof(NSS_Certificate) },
148 { SEC_ASN1_INLINE,
149 offsetof(NSS_Certificate,tbs),
150 kSecAsn1TBSCertificateTemplate },
151 { SEC_ASN1_INLINE,
152 offsetof(NSS_Certificate,signatureAlgorithm),
153 kSecAsn1AlgorithmIDTemplate },
154 { SEC_ASN1_BIT_STRING,
155 offsetof(NSS_Certificate,signature) },
156 { 0 }
157 };
158
159 /* Entry in CRL.revokedCerts */
160 const SecAsn1Template kSecAsn1RevokedCertTemplate[] = {
161 { SEC_ASN1_SEQUENCE,
162 0, NULL, sizeof(NSS_RevokedCert) },
163 /* serial number - signed itneger, just like in the actual cert */
164 { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
165 offsetof(NSS_RevokedCert,userCertificate) },
166 { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
167 offsetof(NSS_RevokedCert,revocationDate.item),
168 &NSS_TimeChooserPtr },
169 { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
170 offsetof(NSS_RevokedCert,extensions),
171 kSecAsn1CertExtensionTemplate },
172 { 0, }
173 };
174
175 const SecAsn1Template kSecAsn1SequenceOfRevokedCertTemplate[] = {
176 { SEC_ASN1_SEQUENCE_OF, 0, kSecAsn1RevokedCertTemplate }
177 };
178
179 /* NSS_TBSCrl (unsigned CRL) */
180 const SecAsn1Template kSecAsn1TBSCrlTemplate[] = {
181 { SEC_ASN1_SEQUENCE,
182 0, NULL, sizeof(NSS_TBSCrl) },
183 /* optional version, default 0 */
184 { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof (NSS_TBSCrl, version) },
185 { SEC_ASN1_INLINE,
186 offsetof(NSS_TBSCrl,signature),
187 kSecAsn1AlgorithmIDTemplate },
188 { SEC_ASN1_SAVE, offsetof(NSS_TBSCrl,derIssuer) },
189 { SEC_ASN1_INLINE,
190 offsetof(NSS_TBSCrl,issuer),
191 kSecAsn1NameTemplate },
192 { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
193 offsetof(NSS_TBSCrl,thisUpdate.item),
194 &NSS_TimeChooserPtr },
195 { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC | SEC_ASN1_OPTIONAL,
196 offsetof(NSS_TBSCrl,nextUpdate),
197 &NSS_TimeChooserPtr },
198 { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
199 offsetof(NSS_TBSCrl,revokedCerts),
200 kSecAsn1RevokedCertTemplate },
201 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
202 SEC_ASN1_EXPLICIT | 0,
203 offsetof(NSS_TBSCrl,extensions),
204 kSecAsn1SequenceOfCertExtensionTemplate },
205 { 0, }
206 };
207
208 /* Fully specified signed CRL */
209 const SecAsn1Template kSecAsn1SignedCrlTemplate[] =
210 {
211 { SEC_ASN1_SEQUENCE,
212 0, NULL, sizeof(NSS_Crl) },
213 { SEC_ASN1_INLINE,
214 offsetof(NSS_Crl,tbs),
215 kSecAsn1TBSCrlTemplate },
216 { SEC_ASN1_INLINE,
217 offsetof(NSS_Crl,signatureAlgorithm),
218 kSecAsn1AlgorithmIDTemplate },
219 { SEC_ASN1_BIT_STRING,
220 offsetof(NSS_Crl,signature) },
221 { 0 }
222 };
mirror of Security