2 * Copyright (c) 2003-2006,2008-2012 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
23 * ocspTemplates.cpp - ASN1 templates OCSP requests and responses.
26 #include "ocspTemplates.h"
27 #include "keyTemplates.h" /* for kSecAsn1AlgorithmIDTemplate */
28 #include "SecAsn1Templates.h"
31 // MARK: ----- OCSP Request -----
33 const SecAsn1Template kSecAsn1OCSPCertIDTemplate
[] = {
35 0, NULL
, sizeof(SecAsn1OCSPCertID
) },
37 offsetof(SecAsn1OCSPCertID
, algId
),
38 kSecAsn1AlgorithmIDTemplate
},
39 { SEC_ASN1_OCTET_STRING
, offsetof(SecAsn1OCSPCertID
, issuerNameHash
) },
40 { SEC_ASN1_OCTET_STRING
, offsetof(SecAsn1OCSPCertID
, issuerPubKeyHash
) },
41 /* serial number is SIGNED integer */
42 { SEC_ASN1_INTEGER
| SEC_ASN1_SIGNED_INT
,
43 offsetof(SecAsn1OCSPCertID
, serialNumber
) },
47 const SecAsn1Template kSecAsn1OCSPRequestTemplate
[] = {
49 0, NULL
, sizeof(SecAsn1OCSPRequest
) },
51 offsetof(SecAsn1OCSPRequest
, reqCert
),
52 kSecAsn1OCSPCertIDTemplate
},
53 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
54 SEC_ASN1_EXPLICIT
| 0,
55 offsetof(SecAsn1OCSPRequest
, extensions
),
56 kSecAsn1SequenceOfCertExtensionTemplate
},
60 const SecAsn1Template kSecAsn1OCSPSignatureTemplate
[] = {
62 0, NULL
, sizeof(SecAsn1OCSPSignature
) },
64 offsetof(SecAsn1OCSPSignature
, algId
),
65 kSecAsn1AlgorithmIDTemplate
},
66 { SEC_ASN1_BIT_STRING
, offsetof(SecAsn1OCSPSignature
, sig
) },
67 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
68 SEC_ASN1_EXPLICIT
| 0,
69 offsetof(SecAsn1OCSPSignature
, certs
),
70 kSecAsn1SequenceOfAnyTemplate
},
74 const SecAsn1Template kSecAsn1OCSPTbsRequestTemplate
[] = {
76 0, NULL
, sizeof(SecAsn1OCSPTbsRequest
) },
77 /* optional version, explicit tag 0, default 0 */
78 { SEC_ASN1_EXPLICIT
| SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
|
79 SEC_ASN1_CONTEXT_SPECIFIC
| 0,
80 offsetof(SecAsn1OCSPTbsRequest
, version
),
81 kSecAsn1PointerToIntegerTemplate
},
82 { SEC_ASN1_EXPLICIT
| SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
|
83 SEC_ASN1_POINTER
| SEC_ASN1_CONTEXT_SPECIFIC
| 1,
84 offsetof(SecAsn1OCSPTbsRequest
, requestorName
),
85 kSecAsn1GeneralNameTemplate
},
86 { SEC_ASN1_SEQUENCE_OF
,
87 offsetof(SecAsn1OCSPTbsRequest
, requestList
),
88 kSecAsn1OCSPRequestTemplate
},
89 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
90 SEC_ASN1_EXPLICIT
| 2,
91 offsetof(SecAsn1OCSPTbsRequest
, requestExtensions
),
92 kSecAsn1SequenceOfCertExtensionTemplate
},
96 const SecAsn1Template kSecAsn1OCSPSignedRequestTemplate
[] = {
98 0, NULL
, sizeof(SecAsn1OCSPSignedRequest
) },
100 offsetof(SecAsn1OCSPSignedRequest
, tbsRequest
),
101 kSecAsn1OCSPTbsRequestTemplate
},
102 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
103 SEC_ASN1_POINTER
| SEC_ASN1_EXPLICIT
| 0,
104 offsetof(SecAsn1OCSPSignedRequest
, signature
),
105 kSecAsn1OCSPSignatureTemplate
},
109 // MARK: ----- OCSP Response -----
111 const SecAsn1Template kSecAsn1OCSPRevokedInfoTemplate
[] = {
113 0, NULL
, sizeof(SecAsn1OCSPRevokedInfo
) },
114 { SEC_ASN1_GENERALIZED_TIME
, offsetof(SecAsn1OCSPRevokedInfo
, revocationTime
) },
115 { SEC_ASN1_EXPLICIT
| SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
|
116 SEC_ASN1_CONTEXT_SPECIFIC
| 0,
117 offsetof(SecAsn1OCSPRevokedInfo
, revocationReason
) ,
118 kSecAsn1PointerToEnumeratedTemplate
},
122 /* three context-specific templates, app picks one of these */
125 * Encode/decode CertStatus separately using one of these †hree templates.
126 * The result goes into SecAsn1OCSPSingleResponse.certStatus on encode.
128 const SecAsn1Template kSecAsn1OCSPCertStatusGoodTemplate
[] = {
129 { SEC_ASN1_POINTER
| SEC_ASN1_CONTEXT_SPECIFIC
| 0,
130 offsetof(SecAsn1OCSPCertStatus
, nullData
),
131 kSecAsn1NullTemplate
}
134 const SecAsn1Template kSecAsn1OCSPCertStatusRevokedTemplate
[] = {
135 { SEC_ASN1_POINTER
| SEC_ASN1_CONTEXT_SPECIFIC
| SEC_ASN1_CONSTRUCTED
| 1,
136 offsetof(SecAsn1OCSPCertStatus
, revokedInfo
) ,
137 kSecAsn1OCSPRevokedInfoTemplate
}
140 const SecAsn1Template kSecAsn1OCSPCertStatusUnknownTemplate
[] = {
141 { SEC_ASN1_CONTEXT_SPECIFIC
| 2,
142 offsetof(SecAsn1OCSPCertStatus
, nullData
),
143 kSecAsn1NullTemplate
}
146 const SecAsn1Template kSecAsn1OCSPSingleResponseTemplate
[] = {
148 0, NULL
, sizeof(SecAsn1OCSPSingleResponse
) },
150 offsetof(SecAsn1OCSPSingleResponse
, certID
),
151 kSecAsn1OCSPCertIDTemplate
},
153 offsetof(SecAsn1OCSPSingleResponse
, certStatus
),
154 kSecAsn1AnyTemplate
},
155 { SEC_ASN1_GENERALIZED_TIME
, offsetof(SecAsn1OCSPSingleResponse
, thisUpdate
) },
156 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
|
157 SEC_ASN1_CONTEXT_SPECIFIC
| SEC_ASN1_EXPLICIT
| 0,
158 offsetof(SecAsn1OCSPSingleResponse
, nextUpdate
),
159 kSecAsn1PointerToGeneralizedTimeTemplate
},
160 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
161 SEC_ASN1_EXPLICIT
| 1,
162 offsetof(SecAsn1OCSPSingleResponse
, singleExtensions
),
163 kSecAsn1SequenceOfCertExtensionTemplate
},
168 * support for ResponderID CHOICE
170 const SecAsn1Template kSecAsn1OCSPResponderIDAsNameTemplate
[] = {
171 { SEC_ASN1_EXPLICIT
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
| 1,
172 offsetof(SecAsn1OCSPResponderID
, byName
),
173 kSecAsn1AnyTemplate
}
176 const SecAsn1Template kSecAsn1OCSPResponderIDAsKeyTemplate
[] = {
177 { SEC_ASN1_EXPLICIT
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
| 2,
178 offsetof(SecAsn1OCSPResponderID
, byKey
),
179 kSecAsn1OctetStringTemplate
}
182 const SecAsn1Template kSecAsn1OCSPResponseDataTemplate
[] = {
184 0, NULL
, sizeof(SecAsn1OCSPResponseData
) },
185 /* optional version, explicit tag 0, default 0 */
186 { SEC_ASN1_EXPLICIT
| SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
|
187 SEC_ASN1_CONTEXT_SPECIFIC
| 0,
188 offsetof(SecAsn1OCSPResponseData
, version
),
189 kSecAsn1PointerToIntegerTemplate
},
191 offsetof(SecAsn1OCSPResponseData
, responderID
),
192 kSecAsn1AnyTemplate
},
193 { SEC_ASN1_GENERALIZED_TIME
, offsetof(SecAsn1OCSPResponseData
, producedAt
) },
194 { SEC_ASN1_SEQUENCE_OF
,
195 offsetof(SecAsn1OCSPResponseData
, responses
),
196 kSecAsn1OCSPSingleResponseTemplate
},
197 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
198 SEC_ASN1_EXPLICIT
| 1,
199 offsetof(SecAsn1OCSPResponseData
, responseExtensions
),
200 kSecAsn1SequenceOfCertExtensionTemplate
},
204 const SecAsn1Template kSecAsn1OCSPBasicResponseTemplate
[] = {
206 0, NULL
, sizeof(SecAsn1OCSPBasicResponse
) },
207 { SEC_ASN1_ANY
, offsetof(SecAsn1OCSPBasicResponse
, tbsResponseData
) },
209 offsetof(SecAsn1OCSPBasicResponse
, algId
),
210 kSecAsn1AlgorithmIDTemplate
},
211 { SEC_ASN1_BIT_STRING
, offsetof(SecAsn1OCSPBasicResponse
, sig
) },
212 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
213 SEC_ASN1_EXPLICIT
| 0,
214 offsetof(SecAsn1OCSPBasicResponse
, certs
),
215 kSecAsn1SequenceOfAnyTemplate
},
219 const SecAsn1Template kSecAsn1OCSPResponseBytesTemplate
[] = {
221 0, NULL
, sizeof(SecAsn1OCSPResponseBytes
) },
222 { SEC_ASN1_OBJECT_ID
, offsetof(SecAsn1OCSPResponseBytes
, responseType
) },
223 { SEC_ASN1_OCTET_STRING
, offsetof(SecAsn1OCSPResponseBytes
, response
) },
227 const SecAsn1Template kSecAsn1OCSPPtrToResponseBytesTemplate
[] = {
228 { SEC_ASN1_POINTER
, 0, kSecAsn1OCSPResponseBytesTemplate
}
231 const SecAsn1Template kSecAsn1OCSPResponseTemplate
[] = {
233 0, NULL
, sizeof(SecAsn1OCSPResponse
) },
234 { SEC_ASN1_ENUMERATED
, offsetof(SecAsn1OCSPResponse
, responseStatus
) },
235 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
236 SEC_ASN1_EXPLICIT
| 0,
237 offsetof(SecAsn1OCSPResponse
, responseBytes
),
238 kSecAsn1OCSPPtrToResponseBytesTemplate
},
242 // MARK: ---- OCSPD RPC ----
244 const SecAsn1Template kSecAsn1OCSPDRequestTemplate
[] = {
246 0, NULL
, sizeof(SecAsn1OCSPDRequest
) },
247 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
248 SEC_ASN1_EXPLICIT
| 0,
249 offsetof(SecAsn1OCSPDRequest
, cacheWriteDisable
),
250 kSecAsn1PointerToBooleanTemplate
},
251 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
252 SEC_ASN1_EXPLICIT
| 1,
253 offsetof(SecAsn1OCSPDRequest
, cacheReadDisable
),
254 kSecAsn1PointerToBooleanTemplate
},
255 { SEC_ASN1_OCTET_STRING
, offsetof(SecAsn1OCSPDRequest
, certID
) },
256 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
257 SEC_ASN1_EXPLICIT
| 2,
258 offsetof(SecAsn1OCSPDRequest
, ocspReq
),
259 kSecAsn1PointerToOctetStringTemplate
},
260 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
261 SEC_ASN1_EXPLICIT
| 3,
262 offsetof(SecAsn1OCSPDRequest
, localRespURI
),
263 kSecAsn1PointerToIA5StringTemplate
},
264 { SEC_ASN1_OPTIONAL
| SEC_ASN1_CONSTRUCTED
| SEC_ASN1_CONTEXT_SPECIFIC
|
265 SEC_ASN1_EXPLICIT
| 4,
266 offsetof(SecAsn1OCSPDRequest
, urls
),
267 kSecAsn1SequenceOfIA5StringTemplate
},
271 const SecAsn1Template kSecAsn1OCSPDRequestsTemplate
[] = {
273 0, NULL
, sizeof(SecAsn1OCSPDRequests
) },
274 { SEC_ASN1_INTEGER
, offsetof(SecAsn1OCSPDRequests
, version
) },
275 { SEC_ASN1_SEQUENCE_OF
,
276 offsetof(SecAsn1OCSPDRequests
, requests
),
277 kSecAsn1OCSPDRequestTemplate
},
281 const SecAsn1Template kSecAsn1OCSPDReplyTemplate
[] = {
283 0, NULL
, sizeof(SecAsn1OCSPDReply
) },
284 { SEC_ASN1_ANY
, offsetof(SecAsn1OCSPDReply
, certID
) },
285 { SEC_ASN1_ANY
, offsetof(SecAsn1OCSPDReply
, ocspResp
) },
289 const SecAsn1Template kSecAsn1OCSPDRepliesTemplate
[] = {
291 0, NULL
, sizeof(SecAsn1OCSPReplies
) },
292 { SEC_ASN1_INTEGER
, offsetof(SecAsn1OCSPReplies
, version
) },
293 { SEC_ASN1_SEQUENCE_OF
,
294 offsetof(SecAsn1OCSPReplies
, replies
),
295 kSecAsn1OCSPDReplyTemplate
},