--- /dev/null
+/*
+ * Copyright (c) 2003-2006,2008,2010-2012 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ *
+ * X509Templates.c - Common ASN1 templates for use with libNSSDer.
+ */
+
+#include "SecAsn1Templates.h"
+#include "X509Templates.h"
+#include "keyTemplates.h"
+#include <assert.h>
+#include <stddef.h>
+
+/*
+ * Validity
+ */
+/*
+ * NSS_Time Template chooser.
+ */
+static const NSS_TagChoice timeChoices[] = {
+ { SEC_ASN1_GENERALIZED_TIME, kSecAsn1GeneralizedTimeTemplate} ,
+ { SEC_ASN1_UTC_TIME, kSecAsn1UTCTimeTemplate },
+ { 0, NULL}
+};
+
+static const SecAsn1Template * NSS_TimeChooser(
+ void *arg,
+ Boolean enc,
+ const char *buf,
+ void *dest)
+{
+ return SecAsn1TaggedTemplateChooser(arg, enc, buf, dest, timeChoices);
+}
+
+static const SecAsn1TemplateChooserPtr NSS_TimeChooserPtr = NSS_TimeChooser;
+
+const SecAsn1Template kSecAsn1ValidityTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(NSS_Validity) },
+ { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
+ offsetof(NSS_Validity,notBefore.item),
+ &NSS_TimeChooserPtr },
+ { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
+ offsetof(NSS_Validity,notAfter.item),
+ &NSS_TimeChooserPtr },
+ { 0 }
+};
+
+/* X509 cert extension */
+const SecAsn1Template kSecAsn1CertExtensionTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(NSS_CertExtension) },
+ { SEC_ASN1_OBJECT_ID,
+ offsetof(NSS_CertExtension,extnId) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
+ offsetof(NSS_CertExtension,critical) },
+ { SEC_ASN1_OCTET_STRING,
+ offsetof(NSS_CertExtension,value) },
+ { 0, }
+};
+
+const SecAsn1Template kSecAsn1SequenceOfCertExtensionTemplate[] = {
+ { SEC_ASN1_SEQUENCE_OF, 0, kSecAsn1CertExtensionTemplate }
+};
+
+/* TBS Cert */
+const SecAsn1Template kSecAsn1TBSCertificateTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(NSS_TBSCertificate) },
+ /* optional version, explicit tag 0, default 0 */
+ { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | 0, /* XXX DER_DEFAULT */
+ offsetof(NSS_TBSCertificate,version),
+ kSecAsn1IntegerTemplate },
+ /* serial number is SIGNED integer */
+ { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
+ offsetof(NSS_TBSCertificate,serialNumber) },
+ { SEC_ASN1_INLINE,
+ offsetof(NSS_TBSCertificate,signature),
+ kSecAsn1AlgorithmIDTemplate },
+ { SEC_ASN1_SAVE, offsetof(NSS_TBSCertificate,derIssuer) },
+ { SEC_ASN1_INLINE,
+ offsetof(NSS_TBSCertificate,issuer),
+ kSecAsn1NameTemplate },
+ { SEC_ASN1_INLINE,
+ offsetof(NSS_TBSCertificate,validity),
+ kSecAsn1ValidityTemplate },
+ { SEC_ASN1_SAVE, offsetof(NSS_TBSCertificate,derSubject) },
+ { SEC_ASN1_INLINE,
+ offsetof(NSS_TBSCertificate,subject),
+ kSecAsn1NameTemplate },
+ { SEC_ASN1_INLINE,
+ offsetof(NSS_TBSCertificate,subjectPublicKeyInfo),
+ kSecAsn1SubjectPublicKeyInfoTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(NSS_TBSCertificate,issuerID),
+ kSecAsn1BitStringTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
+ offsetof(NSS_TBSCertificate,subjectID),
+ kSecAsn1BitStringTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_EXPLICIT | 3,
+ offsetof(NSS_TBSCertificate,extensions),
+ kSecAsn1SequenceOfCertExtensionTemplate },
+ { 0 }
+};
+
+/*
+ * For signing and verifying only, treating the TBS portion as an
+ * opaque ASN_ANY blob.
+ */
+const SecAsn1Template kSecAsn1SignedCertOrCRLTemplate[] =
+{
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(NSS_SignedCertOrCRL) },
+ { SEC_ASN1_ANY,
+ offsetof(NSS_SignedCertOrCRL,tbsBlob) },
+ { SEC_ASN1_ANY,
+ offsetof(NSS_SignedCertOrCRL,signatureAlgorithm) },
+ { SEC_ASN1_BIT_STRING,
+ offsetof(NSS_SignedCertOrCRL,signature) },
+ { 0 }
+};
+
+/* Fully specified signed certificate */
+const SecAsn1Template kSecAsn1SignedCertTemplate[] =
+{
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(NSS_Certificate) },
+ { SEC_ASN1_INLINE,
+ offsetof(NSS_Certificate,tbs),
+ kSecAsn1TBSCertificateTemplate },
+ { SEC_ASN1_INLINE,
+ offsetof(NSS_Certificate,signatureAlgorithm),
+ kSecAsn1AlgorithmIDTemplate },
+ { SEC_ASN1_BIT_STRING,
+ offsetof(NSS_Certificate,signature) },
+ { 0 }
+};
+
+/* Entry in CRL.revokedCerts */
+const SecAsn1Template kSecAsn1RevokedCertTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(NSS_RevokedCert) },
+ /* serial number - signed itneger, just like in the actual cert */
+ { SEC_ASN1_INTEGER | SEC_ASN1_SIGNED_INT,
+ offsetof(NSS_RevokedCert,userCertificate) },
+ { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
+ offsetof(NSS_RevokedCert,revocationDate.item),
+ &NSS_TimeChooserPtr },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
+ offsetof(NSS_RevokedCert,extensions),
+ kSecAsn1CertExtensionTemplate },
+ { 0, }
+};
+
+const SecAsn1Template kSecAsn1SequenceOfRevokedCertTemplate[] = {
+ { SEC_ASN1_SEQUENCE_OF, 0, kSecAsn1RevokedCertTemplate }
+};
+
+/* NSS_TBSCrl (unsigned CRL) */
+const SecAsn1Template kSecAsn1TBSCrlTemplate[] = {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(NSS_TBSCrl) },
+ /* optional version, default 0 */
+ { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof (NSS_TBSCrl, version) },
+ { SEC_ASN1_INLINE,
+ offsetof(NSS_TBSCrl,signature),
+ kSecAsn1AlgorithmIDTemplate },
+ { SEC_ASN1_SAVE, offsetof(NSS_TBSCrl,derIssuer) },
+ { SEC_ASN1_INLINE,
+ offsetof(NSS_TBSCrl,issuer),
+ kSecAsn1NameTemplate },
+ { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC,
+ offsetof(NSS_TBSCrl,thisUpdate.item),
+ &NSS_TimeChooserPtr },
+ { SEC_ASN1_INLINE | SEC_ASN1_DYNAMIC | SEC_ASN1_OPTIONAL,
+ offsetof(NSS_TBSCrl,nextUpdate),
+ &NSS_TimeChooserPtr },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
+ offsetof(NSS_TBSCrl,revokedCerts),
+ kSecAsn1RevokedCertTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_EXPLICIT | 0,
+ offsetof(NSS_TBSCrl,extensions),
+ kSecAsn1SequenceOfCertExtensionTemplate },
+ { 0, }
+};
+
+/* Fully specified signed CRL */
+const SecAsn1Template kSecAsn1SignedCrlTemplate[] =
+{
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(NSS_Crl) },
+ { SEC_ASN1_INLINE,
+ offsetof(NSS_Crl,tbs),
+ kSecAsn1TBSCrlTemplate },
+ { SEC_ASN1_INLINE,
+ offsetof(NSS_Crl,signatureAlgorithm),
+ kSecAsn1AlgorithmIDTemplate },
+ { SEC_ASN1_BIT_STRING,
+ offsetof(NSS_Crl,signature) },
+ { 0 }
+};
projects / apple / security.git / blobdiff