--- /dev/null
+/*
+ * Copyright (c) 2009,2012,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+#include "DER_Ticket.h"
+
+#include <libDER/asn1Types.h>
+#include <libDER/DER_Decode.h>
+#include <libDER/DER_Encode.h>
+#include <libDER/DER_Keys.h>
+
+/* Application Processor Ticket */
+const DERItemSpec DERApTicketItemSpecs[] =
+{
+ { DER_OFFSET(DERApTicket, signatureAlgorithm),
+ ASN1_CONSTR_SEQUENCE,
+ DER_DEC_NO_OPTS | DER_ENC_WRITE_DER },
+ { DER_OFFSET(DERApTicket, body),
+ ASN1_CONSTR_SET,
+ DER_DEC_NO_OPTS | DER_DEC_SAVE_DER | DER_ENC_WRITE_DER },
+ { DER_OFFSET(DERApTicket, signature),
+ ASN1_OCTET_STRING,
+ DER_DEC_NO_OPTS },
+ { DER_OFFSET(DERApTicket, certificates),
+ ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1,
+ DER_DEC_NO_OPTS | DER_ENC_WRITE_DER }
+};
+const DERSize DERNumApTicketItemSpecs =
+ sizeof(DERApTicketItemSpecs) / sizeof(DERItemSpec);
+
+/* Baseband Ticket */
+const DERItemSpec DERBbTicketItemSpecs[] =
+{
+ { DER_OFFSET(DERBbTicket, signatureAlgorithm),
+ ASN1_CONSTR_SEQUENCE,
+ DER_DEC_NO_OPTS | DER_ENC_WRITE_DER },
+ { DER_OFFSET(DERBbTicket, body),
+ ASN1_CONSTR_SET,
+ DER_DEC_NO_OPTS | DER_DEC_SAVE_DER | DER_ENC_WRITE_DER },
+ { DER_OFFSET(DERBbTicket, signature),
+ ASN1_OCTET_STRING,
+ DER_DEC_NO_OPTS },
+ { DER_OFFSET(DERBbTicket, gpuk),
+ ASN1_CONTEXT_SPECIFIC | 2,
+ DER_DEC_NO_OPTS }
+};
+const DERSize DERNumBbTicketItemSpecs =
+ sizeof(DERBbTicketItemSpecs) / sizeof(DERItemSpec);
+
+#if 0
+/* We need to verify this value and use it here. */
+const DERByte rsaWithSha1Algorithm[] = {
+ 0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x05
+};
+#endif
+
+#ifdef FAST_SET_LOOKUP
+/* Iterates over all the tags in the set to build an index returned in
+ derSet. */
+DERReturn DERDecodeSetContentInit(
+ const DERItem *content, /* data to decode */
+ DERSet *derSet) /* IN/OUT, to use in DERDecodeSetTag */
+{
+ DERReturn drtn;
+ DERSequence derSeq;
+ memset(derSet->byTag, 0, derSet->capacity);
+ drtn = DERDecodeSeqContentInit(content, &derSeq);
+ if (drtn == DR_Success) {
+ DERDecodedInfo element;
+ while ((drtn = DERDecodeSeqNext(&derSeq, &element)) == DR_Success) {
+ if (element.tag >= derSet->capacity) return DR_UnexpectedTag;
+ derSet->byTag[element.tag] = element.content.data;
+ }
+ if (drtn == DR_EndOfSequence) drtn = DR_Success;
+ }
+ derSet->end = content->data + content->length;
+
+ return drtn;
+}
+
+DERReturn DERDecodeSetTag(
+ DERSet *derSet, /* data to decode */
+ DERTag tag, /* tag in sequence/set we are looking for. */
+ DERItem *content) /* RETURNED */
+{
+ DERReturn drtn;
+ DERTag tagNumber = tag & ASN1_TAGNUM_MASK;
+ if (tagNumber > derSet->capacity)
+ return DR_UnexpectedTag;
+ DERByte *start = derSet->byTag[tagNumber];
+ if (!start) return DR_UnexpectedTag;
+ DERItem derItem = { .data = start, .length = derSet->end - start };
+ DERDecodedInfo element;
+ drtn = DERDecodeItem(&derItem, &element);
+ if (drtn) return drtn;
+ if (tag != element.tag) return DR_UnexpectedTag;
+ *content = element.content;
+
+ return drtn;
+}
+#endif /* FAST_SET_LOOKUP */
+
+/* Returns the item with tag from the sequence or set pointed to by der.
+ result DR_EndOfSequence if the tag was not found. */
+DERReturn DERSetDecodeItemWithTag(
+ const DERItem *der, /* data to decode */
+ DERTag tag, /* tag in sequence/set we are looking for. */
+ DERItem *content) /* RETURNED */
+{
+ DERReturn drtn;
+ DERSequence derSeq;
+ DERTag topTag;
+ drtn = DERDecodeSeqInit(der, &topTag, &derSeq);
+ if (drtn == DR_Success) {
+ DERDecodedInfo info;
+ while ((drtn = DERDecodeSeqNext(&derSeq, &info)) == DR_Success) {
+ if (info.tag == tag) {
+ *content = info.content;
+ return DR_Success;
+ }
+ }
+ }
+
+ return drtn;
+}
+
+DERReturn DERDecodeApTicket(
+ const DERItem *contents,
+ DERApTicket *ticket, /* RETURNED */
+ DERSize *numUsedBytes) /* RETURNED */
+{
+ DERReturn drtn;
+ DERDecodedInfo decodedTicket;
+ drtn = DERDecodeItem(contents, &decodedTicket);
+ if (drtn != DR_Success) goto badTicket;
+ drtn = DERParseSequenceContent(&decodedTicket.content,
+ DERNumApTicketItemSpecs, DERApTicketItemSpecs, ticket, 0);
+ if (drtn != DR_Success) goto badTicket;
+
+ /* Decode the algorithm sequence. */
+ DERAlgorithmId algorithm = {};
+ drtn = DERParseSequenceContent(&ticket->signatureAlgorithm,
+ DERNumAlgorithmIdItemSpecs, DERAlgorithmIdItemSpecs, &algorithm, 0);
+ if (drtn != DR_Success) goto badTicket;
+ /* TODO Check algorithm oid and ensure there are no params.
+ Alternatively replace the code above with a simple memcmp with
+ an already ASN.1 encoded algorithm parms block. */
+
+badTicket:
+ *numUsedBytes = decodedTicket.content.length +
+ decodedTicket.content.data - contents->data;
+
+ return drtn;
+}
+
+DERReturn DERDecodeBbTicket(
+ const DERItem *contents,
+ DERBbTicket *ticket, /* RETURNED */
+ DERSize *numUsedBytes) /* RETURNED */
+{
+ DERReturn drtn;
+ DERDecodedInfo decodedTicket;
+ drtn = DERDecodeItem(contents, &decodedTicket);
+ if (drtn != DR_Success) goto badTicket;
+ drtn = DERParseSequenceContent(&decodedTicket.content,
+ DERNumBbTicketItemSpecs, DERBbTicketItemSpecs, ticket, 0);
+ if (drtn != DR_Success) goto badTicket;
+
+ /* Decode the algorithm sequence. */
+ DERAlgorithmId algorithm = {};
+ drtn = DERParseSequenceContent(&ticket->signatureAlgorithm,
+ DERNumAlgorithmIdItemSpecs, DERAlgorithmIdItemSpecs, &algorithm, 0);
+ if (drtn != DR_Success) goto badTicket;
+ /* TODO Check algorithm oid and ensure there are no params.
+ Alternatively replace the code above with a simple memcmp with
+ an already ASN.1 encoded algorithm parms block. */
+
+badTicket:
+ *numUsedBytes = decodedTicket.content.length +
+ decodedTicket.content.data - contents->data;
+
+ return drtn;
+}
projects / apple / security.git / blobdiff