+++ /dev/null
-/*
- * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- *
- * tsaTemplates.c - ASN1 templates Time Stamping Authority requests and responses
- */
-
-#include <security_asn1/keyTemplates.h> /* for kSecAsn1AlgorithmIDTemplate */
-#include <security_asn1/SecAsn1Templates.h>
-#include <stddef.h>
-#include <assert.h>
-
-#include "tsaTemplates.h"
-#include "cmslocal.h"
-
-#pragma clang diagnostic push
-#pragma clang diagnostic ignored "-Wunused-const-variable"
-
-// *** from CMSEncoder.cpp
-
-typedef struct {
- CSSM_OID contentType;
- CSSM_DATA content;
-} SimpleContentInfo;
-
-// SecCmsContentInfoTemplate
-static const SecAsn1Template cmsSimpleContentInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SimpleContentInfo) },
- { SEC_ASN1_OBJECT_ID, offsetof(SimpleContentInfo, contentType) },
- { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SimpleContentInfo, content),
- kSecAsn1AnyTemplate },
- { 0, }
-};
-
-#pragma mark ----- tsa -----
-
-/*
-Accuracy ::= SEQUENCE {
- seconds INTEGER OPTIONAL,
- millis [0] INTEGER (1..999) OPTIONAL,
- micros [1] INTEGER (1..999) OPTIONAL }
-*/
-
-const SecAsn1Template kSecAsn1SignedIntegerTemplate[] = {
- { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT, 0, NULL, sizeof(SecAsn1Item) }
-};
-
-const SecAsn1Template kSecAsn1UnsignedIntegerTemplate[] = {
- { SEC_ASN1_INTEGER, 0, NULL, sizeof(SecAsn1Item) }
-};
-
-const SecAsn1Template kSecAsn1TSAAccuracyTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SecAsn1TSAAccuracy) },
- { SEC_ASN1_INTEGER,
- offsetof(SecAsn1TSAAccuracy, seconds) },
- { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSAAccuracy, millis), kSecAsn1UnsignedIntegerTemplate },
- { SEC_ASN1_CONTEXT_SPECIFIC | 1 | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSAAccuracy, micros), kSecAsn1UnsignedIntegerTemplate },
- { 0 }
-};
-
-/*
-MessageImprint ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- hashedMessage OCTET STRING }
-*/
-
-const SecAsn1Template kSecAsn1TSAMessageImprintTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SecAsn1TSAMessageImprint) },
- { SEC_ASN1_INLINE, offsetof(SecAsn1TSAMessageImprint,hashAlgorithm),
- kSecAsn1AlgorithmIDTemplate },
- { SEC_ASN1_OCTET_STRING,
- offsetof(SecAsn1TSAMessageImprint,hashedMessage) },
- { 0 }
-};
-
-/*
- TimeStampReq ::= SEQUENCE {
- version INTEGER { v1(1) },
- messageImprint MessageImprint,
- --a hash algorithm OID and the hash value of the data to be
- --time-stamped
- reqPolicy TSAPolicyId OPTIONAL,
- nonce INTEGER OPTIONAL,
- certReq BOOLEAN DEFAULT FALSE,
- extensions [0] IMPLICIT Extensions OPTIONAL }
-
- MessageImprint ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- hashedMessage OCTET STRING }
-
- TSAPolicyId ::= OBJECT IDENTIFIER
-*/
-
-const SecAsn1Template kSecAsn1TSATimeStampReqTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SecAsn1TSATimeStampReq) },
- { SEC_ASN1_INTEGER,
- offsetof(SecAsn1TSATimeStampReq, version) },
- { SEC_ASN1_INLINE, offsetof(SecAsn1TSATimeStampReq,messageImprint),
- kSecAsn1TSAMessageImprintTemplate },
- { SEC_ASN1_OBJECT_ID | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSATimeStampReq,reqPolicy) },
- { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSATimeStampReq, nonce) },
- { SEC_ASN1_BOOLEAN | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSATimeStampReq, certReq) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(SecAsn1TSATimeStampReq, extensions),
- kSecAsn1SequenceOfCertExtensionTemplate },
- { 0 }
-};
-
-/*
- PKIFreeText ::= SEQUENCE {
- SIZE (1..MAX) OF UTF8String
- -- text encoded as UTF-8 String (note: each UTF8String SHOULD
- -- include an RFC 1766 language tag to indicate the language -- of the contained text)
- }
-
- See e.g. kSecAsn1SequenceOfUTF8StringTemplate
-*/
-
-const SecAsn1Template kSecAsn1TSAPKIStatusInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SecAsn1TSAPKIStatusInfo) },
- { SEC_ASN1_INTEGER,
- offsetof(SecAsn1TSAPKIStatusInfo, status) },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_SEQUENCE | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSAPKIStatusInfo, statusString) },
- { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSAPKIStatusInfo,failInfo) },
- { 0 }
-};
-
-const SecAsn1Template kSecAsn1TSAPKIStatusInfoTemplateRFC3161[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SecAsn1TSAPKIStatusInfo) },
- { SEC_ASN1_INTEGER,
- offsetof(SecAsn1TSAPKIStatusInfo, status) },
- { SEC_ASN1_UTF8_STRING | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSAPKIStatusInfo, statusString) },
- { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSAPKIStatusInfo,failInfo) },
- { 0 }
-};
-
-const SecAsn1Template kSecAsn1TSATimeStampRespTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SecAsn1TimeStampResp) },
- { SEC_ASN1_INLINE, offsetof(SecAsn1TimeStampResp,status),
- kSecAsn1TSAPKIStatusInfoTemplate },
- { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL, offsetof(SecAsn1TimeStampResp,timeStampToken),
- SecCmsContentInfoTemplate },
- { 0 }
-};
-
-// Decode the status but not the TimeStampToken
-const SecAsn1Template kSecAsn1TSATimeStampRespTemplateDER[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SecAsn1TimeStampRespDER) },
- { SEC_ASN1_INLINE, offsetof(SecAsn1TimeStampRespDER,status),
- kSecAsn1TSAPKIStatusInfoTemplate },
- { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL ,//| SEC_ASN1_SAVE,
- offsetof(SecAsn1TimeStampRespDER, timeStampTokenDER), kSecAsn1AnyTemplate },
- { 0 }
-};
-
-/*
- RFC 3161 Time-Stamp Protocol (TSP) August 2001
-
- TimeStampToken ::= ContentInfo
-
- -- contentType is id-signedData as defined in [CMS]
- -- content is SignedData as defined in([CMS])
- -- eContentType within SignedData is id-ct-TSTInfo
- -- eContent within SignedData is TSTInfo
-
- TSTInfo ::= SEQUENCE {
- version INTEGER { v1(1) },
- policy TSAPolicyId,
- messageImprint MessageImprint,
- -- MUST have the same value as the similar field in
- -- TimeStampReq
- serialNumber INTEGER,
- -- Time-Stamping users MUST be ready to accommodate integers
- -- up to 160 bits.
- genTime GeneralizedTime,
- accuracy Accuracy OPTIONAL,
- ordering BOOLEAN DEFAULT FALSE,
- nonce INTEGER OPTIONAL,
- -- MUST be present if the similar field was present
- -- in TimeStampReq. In that case it MUST have the same value.
- tsa [0] GeneralName OPTIONAL,
- extensions [1] IMPLICIT Extensions OPTIONAL }
-
- Accuracy ::= SEQUENCE {
- seconds INTEGER OPTIONAL,
- millis [0] INTEGER (1..999) OPTIONAL,
- micros [1] INTEGER (1..999) OPTIONAL }
-*/
-
-const SecAsn1Template kSecAsn1TSATSTInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(SecAsn1TSATSTInfo) },
- { SEC_ASN1_INTEGER,
- offsetof(SecAsn1TSATSTInfo, version) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(SecAsn1TSATSTInfo,reqPolicy) },
- { SEC_ASN1_INLINE, offsetof(SecAsn1TSATSTInfo,messageImprint),
- kSecAsn1TSAMessageImprintTemplate },
- { SEC_ASN1_INTEGER,
- offsetof(SecAsn1TSATSTInfo, serialNumber) },
- { SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM,
- offsetof(SecAsn1TSATSTInfo,genTime) },
- { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSATSTInfo,accuracy),
- kSecAsn1TSAAccuracyTemplate },
- { SEC_ASN1_BOOLEAN | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSATSTInfo, ordering) },
- { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSATSTInfo, nonce) },
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSATSTInfo, tsa),
- kSecAsn1GenNameOtherNameTemplate},
-
- { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1 | SEC_ASN1_OPTIONAL,
- offsetof(SecAsn1TSATSTInfo, extensions),
- kSecAsn1CertExtensionTemplate },
- { 0 }
-};
-
-#pragma clang diagnostic pop
projects / apple / security.git / blobdiff