320 lines
9.4 KiB
C
320 lines
9.4 KiB
C
/* Copyright (c) 2005-2009 Apple Inc. All Rights Reserved. */
|
|
|
|
/*
|
|
* DER_Cert.c - support for decoding X509 certificates
|
|
*
|
|
* Created Nov. 4 2005 by Doug Mitchell.
|
|
*/
|
|
|
|
#include <libDER/DER_Decode.h>
|
|
#include <libDER/DER_CertCrl.h>
|
|
#include <libDER/asn1Types.h>
|
|
|
|
/*
|
|
* DERItemSpecs for X509 certificates.
|
|
*/
|
|
|
|
/* top level cert with three components */
|
|
const DERItemSpec DERSignedCertCrlItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERSignedCertCrl, tbs),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_NO_OPTS | DER_DEC_SAVE_DER},
|
|
{ DER_OFFSET(DERSignedCertCrl, sigAlg),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERSignedCertCrl, sig),
|
|
ASN1_BIT_STRING,
|
|
DER_DEC_NO_OPTS }
|
|
};
|
|
|
|
const DERSize DERNumSignedCertCrlItemSpecs =
|
|
sizeof(DERSignedCertCrlItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* TBS cert */
|
|
const DERItemSpec DERTBSCertItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERTBSCert, version),
|
|
ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC | 0,
|
|
DER_DEC_OPTIONAL }, /* version - EXPLICIT */
|
|
{ DER_OFFSET(DERTBSCert, serialNum),
|
|
ASN1_INTEGER,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERTBSCert, tbsSigAlg),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERTBSCert, issuer),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERTBSCert, validity),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERTBSCert, subject),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERTBSCert, subjectPubKey),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_NO_OPTS },
|
|
/* libsecurity_asn1 has these two as CONSTRUCTED, but the ASN.1 spec
|
|
* doesn't look that way to me. I don't have any certs that have these
|
|
* fields.... */
|
|
{ DER_OFFSET(DERTBSCert, issuerID),
|
|
ASN1_CONTEXT_SPECIFIC | 1,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERTBSCert, subjectID),
|
|
ASN1_CONTEXT_SPECIFIC | 2,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERTBSCert, extensions),
|
|
ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC | 3,
|
|
DER_DEC_OPTIONAL }
|
|
};
|
|
const DERSize DERNumTBSCertItemSpecs = sizeof(DERTBSCertItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERValidity */
|
|
const DERItemSpec DERValidityItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERValidity, notBefore),
|
|
0, /* no tag - ANY */
|
|
DER_DEC_ASN_ANY | DER_DEC_SAVE_DER },
|
|
{ DER_OFFSET(DERValidity, notAfter),
|
|
0, /* no tag - ANY */
|
|
DER_DEC_ASN_ANY | DER_DEC_SAVE_DER }
|
|
};
|
|
const DERSize DERNumValidityItemSpecs =
|
|
sizeof(DERValidityItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERAttributeTypeAndValue */
|
|
const DERItemSpec DERAttributeTypeAndValueItemSpecs[] = {
|
|
{ DER_OFFSET(DERAttributeTypeAndValue, type),
|
|
ASN1_OBJECT_ID,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERAttributeTypeAndValue, value),
|
|
0, /* no tag - ANY */
|
|
DER_DEC_ASN_ANY | DER_DEC_SAVE_DER }
|
|
};
|
|
|
|
const DERSize DERNumAttributeTypeAndValueItemSpecs =
|
|
sizeof(DERAttributeTypeAndValueItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERExtension */
|
|
const DERItemSpec DERExtensionItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERExtension, extnID),
|
|
ASN1_OBJECT_ID,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERExtension, critical),
|
|
ASN1_BOOLEAN,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERExtension, extnValue),
|
|
ASN1_OCTET_STRING,
|
|
DER_DEC_NO_OPTS }
|
|
};
|
|
const DERSize DERNumExtensionItemSpecs =
|
|
sizeof(DERExtensionItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERBasicConstraints */
|
|
const DERItemSpec DERBasicConstraintsItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERBasicConstraints, cA),
|
|
ASN1_BOOLEAN,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERBasicConstraints, pathLenConstraint),
|
|
ASN1_INTEGER,
|
|
DER_DEC_OPTIONAL }
|
|
};
|
|
const DERSize DERNumBasicConstraintsItemSpecs =
|
|
sizeof(DERBasicConstraintsItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERPrivateKeyUsagePeriod. */
|
|
const DERItemSpec DERPrivateKeyUsagePeriodItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERPrivateKeyUsagePeriod, notBefore),
|
|
ASN1_CONTEXT_SPECIFIC | 0,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERPrivateKeyUsagePeriod, notAfter),
|
|
ASN1_CONTEXT_SPECIFIC | 1,
|
|
DER_DEC_OPTIONAL }
|
|
};
|
|
const DERSize DERNumPrivateKeyUsagePeriodItemSpecs =
|
|
sizeof(DERPrivateKeyUsagePeriodItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERDistributionPoint. */
|
|
const DERItemSpec DERDistributionPointItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERDistributionPoint, distributionPoint),
|
|
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERDistributionPoint, reasons),
|
|
ASN1_CONTEXT_SPECIFIC | 1,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERDistributionPoint, cRLIssuer),
|
|
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 2,
|
|
DER_DEC_OPTIONAL }
|
|
};
|
|
const DERSize DERNumDistributionPointItemSpecs =
|
|
sizeof(DERDistributionPointItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERPolicyInformation. */
|
|
const DERItemSpec DERPolicyInformationItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERPolicyInformation, policyIdentifier),
|
|
ASN1_OBJECT_ID,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERPolicyInformation, policyQualifiers),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_OPTIONAL }
|
|
};
|
|
const DERSize DERNumPolicyInformationItemSpecs =
|
|
sizeof(DERPolicyInformationItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERPolicyQualifierInfo. */
|
|
const DERItemSpec DERPolicyQualifierInfoItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERPolicyQualifierInfo, policyQualifierID),
|
|
ASN1_OBJECT_ID,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERPolicyQualifierInfo, qualifier),
|
|
0, /* no tag - ANY */
|
|
DER_DEC_ASN_ANY | DER_DEC_SAVE_DER }
|
|
};
|
|
const DERSize DERNumPolicyQualifierInfoItemSpecs =
|
|
sizeof(DERPolicyQualifierInfoItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERUserNotice. */
|
|
const DERItemSpec DERUserNoticeItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERUserNotice, noticeRef),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERUserNotice, explicitText),
|
|
0, /* no tag - ANY */
|
|
DER_DEC_ASN_ANY | DER_DEC_OPTIONAL | DER_DEC_SAVE_DER }
|
|
};
|
|
const DERSize DERNumUserNoticeItemSpecs =
|
|
sizeof(DERUserNoticeItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERNoticeReference. */
|
|
const DERItemSpec DERNoticeReferenceItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERNoticeReference, organization),
|
|
0, /* no tag - ANY */
|
|
DER_DEC_ASN_ANY | DER_DEC_SAVE_DER },
|
|
{ DER_OFFSET(DERNoticeReference, noticeNumbers),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_NO_OPTS }
|
|
};
|
|
const DERSize DERNumNoticeReferenceItemSpecs =
|
|
sizeof(DERNoticeReferenceItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERPolicyMapping. */
|
|
const DERItemSpec DERPolicyMappingItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERPolicyMapping, issuerDomainPolicy),
|
|
ASN1_OBJECT_ID,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERPolicyMapping, subjectDomainPolicy),
|
|
ASN1_OBJECT_ID,
|
|
DER_DEC_NO_OPTS }
|
|
};
|
|
const DERSize DERNumPolicyMappingItemSpecs =
|
|
sizeof(DERPolicyMappingItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERAccessDescription. */
|
|
const DERItemSpec DERAccessDescriptionItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERAccessDescription, accessMethod),
|
|
ASN1_OBJECT_ID,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERAccessDescription, accessLocation),
|
|
0, /* no tag - ANY */
|
|
DER_DEC_ASN_ANY | DER_DEC_SAVE_DER }
|
|
};
|
|
const DERSize DERNumAccessDescriptionItemSpecs =
|
|
sizeof(DERAccessDescriptionItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERAuthorityKeyIdentifier. */
|
|
const DERItemSpec DERAuthorityKeyIdentifierItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERAuthorityKeyIdentifier, keyIdentifier),
|
|
ASN1_CONTEXT_SPECIFIC | 0,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERAuthorityKeyIdentifier, authorityCertIssuer),
|
|
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERAuthorityKeyIdentifier, authorityCertSerialNumber),
|
|
ASN1_CONTEXT_SPECIFIC | 2,
|
|
DER_DEC_OPTIONAL }
|
|
};
|
|
const DERSize DERNumAuthorityKeyIdentifierItemSpecs =
|
|
sizeof(DERAuthorityKeyIdentifierItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DEROtherName. */
|
|
const DERItemSpec DEROtherNameItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DEROtherName, typeIdentifier),
|
|
ASN1_OBJECT_ID,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DEROtherName, value),
|
|
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0,
|
|
DER_DEC_NO_OPTS },
|
|
};
|
|
const DERSize DERNumOtherNameItemSpecs =
|
|
sizeof(DEROtherNameItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERPolicyConstraints. */
|
|
const DERItemSpec DERPolicyConstraintsItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERPolicyConstraints, requireExplicitPolicy),
|
|
ASN1_CONTEXT_SPECIFIC | 0,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERPolicyConstraints, inhibitPolicyMapping),
|
|
ASN1_CONTEXT_SPECIFIC | 1,
|
|
DER_DEC_OPTIONAL }
|
|
};
|
|
const DERSize DERNumPolicyConstraintsItemSpecs =
|
|
sizeof(DERPolicyConstraintsItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERTBSCrl */
|
|
const DERItemSpec DERTBSCrlItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERTBSCrl, version),
|
|
ASN1_INTEGER,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERTBSCrl, tbsSigAlg),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERTBSCrl, issuer),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERTBSCrl, thisUpdate),
|
|
0, /* no tag - ANY */
|
|
DER_DEC_ASN_ANY | DER_DEC_SAVE_DER },
|
|
{ DER_OFFSET(DERTBSCrl, nextUpdate),
|
|
0, /* no tag - ANY */
|
|
DER_DEC_ASN_ANY | DER_DEC_SAVE_DER },
|
|
{ DER_OFFSET(DERTBSCrl, revokedCerts),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_OPTIONAL },
|
|
{ DER_OFFSET(DERTBSCrl, extensions),
|
|
ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC | 0,
|
|
DER_DEC_OPTIONAL }
|
|
};
|
|
const DERSize DERNumTBSCrlItemSpecs = sizeof(DERTBSCrlItemSpecs) / sizeof(DERItemSpec);
|
|
|
|
/* DERRevokedCert */
|
|
const DERItemSpec DERRevokedCertItemSpecs[] =
|
|
{
|
|
{ DER_OFFSET(DERRevokedCert, serialNum),
|
|
ASN1_INTEGER,
|
|
DER_DEC_NO_OPTS },
|
|
{ DER_OFFSET(DERRevokedCert, revocationDate),
|
|
0, /* no tag - ANY */
|
|
DER_DEC_ASN_ANY | DER_DEC_SAVE_DER },
|
|
{ DER_OFFSET(DERRevokedCert, extensions),
|
|
ASN1_CONSTR_SEQUENCE,
|
|
DER_DEC_OPTIONAL }
|
|
};
|
|
|
|
const DERSize DERNumRevokedCertItemSpecs =
|
|
sizeof(DERRevokedCertItemSpecs) / sizeof(DERItemSpec);
|