1 /**************************************************************************** 2 * * 3 * ASN.1 Supplementary Constants and Structures * 4 * Copyright Peter Gutmann 1992-2011 * 5 * * 6 ****************************************************************************/ 7 8 #ifndef _ASN1OID_DEFINED 9 10 #define _ASN1OID_DEFINED 11 12 /* Additional information required when reading a CMS header. This is 13 pointed to by the extraInfo member of the ASN.1 OID_INFO structure and 14 contains CMS version number information */ 15 16 typedef struct { 17 const int minVersion; /* Minimum version number for content type */ 18 const int maxVersion; /* Maximum version number for content type */ 19 } CMS_CONTENT_INFO; 20 21 #ifdef USE_INT_ASN1 22 23 /**************************************************************************** 24 * * 25 * ASN.1 OIDs * 26 * * 27 ****************************************************************************/ 28 29 /* The cryptlib (strictly speaking DDS) OID arc is as follows: 30 31 1 3 6 1 4 1 3029 = dds 32 1 = algorithm 33 1 = symmetric encryption 34 1 = blowfishECB 35 2 = blowfishCBC 36 3 = blowfishCFB 37 4 = blowfishOFB 38 2 = public-key encryption 39 1 = elgamal 40 3 = hash 41 4 = MAC 42 5 = ECC 43 1 = curvey25519 44 2 = mechanism 45 3 = attribute 46 1 = PKIX fixes 47 1 = cryptlibPresenceCheck 48 2 = pkiBoot 49 (3 unused) 50 4 = cRLExtReason 51 5 = keyFeatures 52 4 = content-type 53 1 = cryptlib 54 1 = cryptlibConfigData 55 2 = cryptlibUserIndex 56 3 = cryptlibUserInfo 57 4 = cryptlibRtcsRequest 58 5 = cryptlibRtcsResponse 59 6 = cryptlibRtcsResponseExt 60 x36\xDD\x24\x36 = TSA policy ('snooze policy, "Anything 61 that arrives, we sign"). 62 x58 x59 x5A x5A x59 = XYZZY cert policy */ 63 64 /* Attribute OIDs */ 65 66 #define OID_CRYPTLIB_PRESENCECHECK MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x03\x01\x01" ) 67 #define OID_ESS_CERTID MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0C" ) 68 #define OID_TSP_TSTOKEN MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0E" ) 69 #define OID_PKCS9_FRIENDLYNAME MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x14" ) 70 #define OID_PKCS9_LOCALKEYID MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x15" ) 71 #define OID_PKCS9_X509CERTIFICATE MKOID( "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x09\x16\x01" ) 72 73 /* The PKCS #9 OID for cert extensions in a certification request, from the 74 CMMF draft. Naturally MS had to define their own incompatible OID for 75 this, so we check for this as well */ 76 77 #define OID_PKCS9_EXTREQ MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x0E" ) 78 #define OID_MS_EXTREQ MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x0E" ) 79 80 /* Content-type OIDs */ 81 82 #define OID_CMS_DATA MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01" ) 83 #define OID_CMS_SIGNEDDATA MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02" ) 84 #define OID_CMS_ENVELOPEDDATA MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x03" ) 85 #define OID_CMS_DIGESTEDDATA MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x05" ) 86 #define OID_CMS_ENCRYPTEDDATA MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x06" ) 87 #define OID_CMS_AUTHDATA MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x02" ) 88 #define OID_CMS_TSTOKEN MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x04" ) 89 #define OID_CMS_COMPRESSEDDATA MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x09" ) 90 #define OID_CMS_AUTHENVDATA MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x17" ) 91 #define OID_CRYPTLIB_CONTENTTYPE MKOID( "\x06\x09\x2B\x06\x01\x04\x01\x97\x55\x04\x01" ) 92 #define OID_CRYPTLIB_CONFIGDATA MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x01" ) 93 #define OID_CRYPTLIB_USERINDEX MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x02" ) 94 #define OID_CRYPTLIB_USERINFO MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x03" ) 95 #define OID_CRYPTLIB_RTCSREQ MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x04" ) 96 #define OID_CRYPTLIB_RTCSRESP MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x05" ) 97 #define OID_CRYPTLIB_RTCSRESP_EXT MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x06" ) 98 #define OID_MS_SPCINDIRECTDATACONTEXT MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x04" ) 99 #define OID_NS_CERTSEQ MKOID( "\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x02\x05" ) 100 #define OID_OCSP_RESPONSE_OCSP MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01" ) 101 #define OID_PKIBOOT MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x03\x01\x02" ) 102 #define OID_PKCS12_SHROUDEDKEYBAG MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x02" ) 103 #define OID_PKCS12_CERTBAG MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x03" ) 104 #define OID_PKCS15_CONTENTTYPE MKOID( "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0F\x03\x01" ) 105 106 /* Misc OIDs */ 107 108 #define OID_ANYPOLICY MKOID( "\x06\x04\x55\x1D\x20\x00" ) 109 #define OID_TSP_POLICY MKOID( "\x06\x0B\x2B\x06\x01\x04\x01\x97\x55\x36\xDD\x24\x36" ) 110 #define OID_CRYPTLIB_XYZZYCERT MKOID( "\x06\x0C\x2B\x06\x01\x04\x01\x97\x55\x58\x59\x5A\x5A\x59" ) 111 #define OID_PKCS12_PBEWITHSHAAND3KEYTRIPLEDESCBC MKOID( "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x03" ) 112 #define OID_PKCS12_PBEWITHSHAAND2KEYTRIPLEDESCBC MKOID( "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x04" ) 113 #define OID_PKCS12_PBEWITHSHAAND40BITRC2CBC MKOID( "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x06" ) 114 #define OID_RPKI_POLICY MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x0E\x02" ) 115 #define OID_ZLIB MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x08" ) 116 117 /**************************************************************************** 118 * * 119 * ASN.1 Support Functions * 120 * * 121 ****************************************************************************/ 122 123 /* AlgorithmIdentifier routines. The reason for the apparently redundant 124 CHECK_RETVAL specifiers on some of the write functions is because they 125 won't necessarily set the stream error state if they encounter an error 126 obtaining algorithm parameters or during some other non-stream-related 127 operation. 128 129 The difference between read/writeAlgoID() and read/writeAlgoIDparam() is 130 that the latter take an additional length parameter for when the 131 AlgorithmIdentifier contains additional parameters beyond the OID */ 132 133 typedef enum { 134 ALGOID_CLASS_NONE, /* No AlgoID class */ 135 ALGOID_CLASS_CRYPT, /* Encryption algorithms */ 136 ALGOID_CLASS_HASH, /* Hash/MAC algorithm */ 137 ALGOID_CLASS_AUTHENC, /* Authenticated-encryption algorithm */ 138 ALGOID_CLASS_PKC, /* Generic PKC algorithm */ 139 ALGOID_CLASS_PKCSIG, /* PKC signature algorithm (+ hash algorithm) */ 140 ALGOID_CLASS_LAST /* Last possible AlgoID class */ 141 } ALGOID_CLASS_TYPE; 142 143 CHECK_RETVAL_BOOL \ 144 BOOLEAN checkAlgoID( IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo, 145 IN_MODE_OPT const CRYPT_MODE_TYPE cryptMode ); 146 CHECK_RETVAL_LENGTH_SHORT \ 147 int sizeofAlgoID( IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo ); 148 CHECK_RETVAL_LENGTH_SHORT \ 149 int sizeofAlgoIDex( IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo, 150 IN_RANGE( 0, 999 ) const int parameter, 151 IN_LENGTH_SHORT_Z const int extraLength ); 152 RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 153 int writeAlgoID( INOUT STREAM *stream, 154 IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo ); 155 RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 156 int writeAlgoIDex( INOUT STREAM *stream, 157 IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo, 158 IN_RANGE( 0, 999 ) const int parameter, 159 IN_LENGTH_SHORT_Z const int extraLength ); 160 RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 161 int writeAlgoIDparam( INOUT STREAM *stream, 162 IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo, 163 IN_LENGTH_SHORT_Z const int extraLength ); 164 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2) ) \ 165 int readAlgoID( INOUT STREAM *stream, 166 OUT_ALGO_Z CRYPT_ALGO_TYPE *cryptAlgo, 167 IN_ENUM( ALGOID_CLASS ) const ALGOID_CLASS_TYPE type ); 168 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 4 ) ) \ 169 int readAlgoIDex( INOUT STREAM *stream, 170 OUT_ALGO_Z CRYPT_ALGO_TYPE *cryptAlgo, 171 OUT_OPT_ALGO_Z CRYPT_ALGO_TYPE *altCryptAlgo, 172 OUT_INT_Z int *parameter, 173 IN_ENUM( ALGOID_CLASS ) const ALGOID_CLASS_TYPE type ); 174 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \ 175 int readAlgoIDparam( INOUT STREAM *stream, 176 OUT_ALGO_Z CRYPT_ALGO_TYPE *cryptAlgo, 177 OUT_LENGTH_SHORT_Z int *extraLength, 178 IN_ENUM( ALGOID_CLASS ) const ALGOID_CLASS_TYPE type ); 179 180 /* Alternative versions that read/write various algorithm ID types (algo and 181 mode only or full details depending on the option parameter) from contexts */ 182 183 CHECK_RETVAL_LENGTH \ 184 int sizeofContextAlgoID( IN_HANDLE const CRYPT_CONTEXT iCryptContext, 185 IN_RANGE( 0, 999 ) const int parameter ); 186 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 187 int readContextAlgoID( INOUT STREAM *stream, 188 OUT_OPT_HANDLE_OPT CRYPT_CONTEXT *iCryptContext, 189 OUT_OPT QUERY_INFO *queryInfo, 190 IN_TAG const int tag, 191 IN_ENUM( ALGOID_CLASS ) const ALGOID_CLASS_TYPE type ); 192 RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 193 int writeContextAlgoID( INOUT STREAM *stream, 194 IN_HANDLE const CRYPT_CONTEXT iCryptContext, 195 IN_ALGO_OPT const int associatedAlgo ); 196 CHECK_RETVAL_LENGTH \ 197 int sizeofCryptContextAlgoID( IN_HANDLE const CRYPT_CONTEXT iCryptContext ); 198 RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 199 int writeCryptContextAlgoID( INOUT STREAM *stream, 200 IN_HANDLE const CRYPT_CONTEXT iCryptContext ); 201 202 /* Another alternative that reads/writes a non-crypto algorithm identifier, 203 used for things like content types. This just wraps the given OID up 204 in the AlgorithmIdentifier and writes it */ 205 206 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 207 int readGenericAlgoID( INOUT STREAM *stream, 208 IN_BUFFER( oidLength ) \ 209 const BYTE *oid, 210 IN_LENGTH_OID const int oidLength ); 211 RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 212 int writeGenericAlgoID( INOUT STREAM *stream, 213 IN_BUFFER( oidLength ) \ 214 const BYTE *oid, 215 IN_LENGTH_OID const int oidLength ); 216 217 /* ECC OID support routines */ 218 219 #if defined( USE_ECDH ) || defined( USE_ECDSA ) 220 221 CHECK_RETVAL_LENGTH \ 222 int sizeofECCOID( const CRYPT_ECCCURVE_TYPE curveType ); 223 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 224 int readECCOID( INOUT STREAM *stream, 225 OUT_OPT CRYPT_ECCCURVE_TYPE *curveType ); 226 RETVAL STDC_NONNULL_ARG( ( 1 ) ) \ 227 int writeECCOID( INOUT STREAM *stream, 228 const CRYPT_ECCCURVE_TYPE curveType ); 229 230 #endif /* USE_ECDH || USE_ECDSA */ 231 232 /* Read/write a message digest */ 233 234 CHECK_RETVAL_LENGTH \ 235 int sizeofMessageDigest( IN_ALGO const CRYPT_ALGO_TYPE hashAlgo, 236 IN_LENGTH_HASH const int hashSize ); 237 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 5 ) ) \ 238 int readMessageDigest( INOUT STREAM *stream, 239 OUT_ALGO_Z CRYPT_ALGO_TYPE *hashAlgo, 240 OUT_BUFFER( hashMaxLen, *hashSize ) void *hash, 241 IN_LENGTH_HASH const int hashMaxLen, 242 OUT_LENGTH_BOUNDED_Z( hashMaxLen ) int *hashSize ); 243 RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \ 244 int writeMessageDigest( INOUT STREAM *stream, 245 IN_ALGO const CRYPT_ALGO_TYPE hashAlgo, 246 IN_BUFFER( hashSize ) const void *hash, 247 IN_LENGTH_HASH const int hashSize ); 248 249 /* Read/write CMS headers. The readCMSheader() flags are: 250 251 READCMS_FLAG_AUTHENC: The content uses authenticated encryption, which 252 has a different set of permitted content-encryption algorithms 253 than standard encryption. 254 255 READCMS_FLAG_DEFINITELENGTH: Try and obtain a definite length from 256 somewhere in the CMS header rather than returning CRYPT_UNUSED 257 for the length, return an error if there's no definite length 258 available. Note that this changes processing in the calling 259 code because it can no longer use the length to determine 260 whether it should perform EOC checks if there's an indefinite 261 length somwwhere in the header. 262 263 READCMS_FLAG_DEFINITELENGTH_OPT: As READCMS_FLAG_DEFINITELENGTH but 264 return a length of CRYPT_UNUSED if there's no definite length 265 information available. 266 267 READCMS_FLAG_INNERHEADER: This is an inner header, the content wrapper 268 can be an OCTET STRING as well as the more usual SEQUENCE. 269 270 READCMS_FLAG_WRAPPERONLY: Only read the outer SEQUENCE, OID, [0] wrapper 271 without reading the final layer of inner encapsulation, used 272 when one CMS content type is redundantly nested directly inside 273 another (Microsoft did this for PKCS #12) */ 274 275 #define READCMS_FLAG_NONE 0x00 /* No CMS read flag */ 276 #define READCMS_FLAG_INNERHEADER 0x01 /* Inner CMS header */ 277 #define READCMS_FLAG_AUTHENC 0x02 /* Content uses auth.enc */ 278 #define READCMS_FLAG_WRAPPERONLY 0x04 /* Only read wrapper */ 279 #define READCMS_FLAG_DEFINITELENGTH 0x08 /* Try and get definite len */ 280 #define READCMS_FLAG_DEFINITELENGTH_OPT 0x10/* Opt.try and get def.len */ 281 #define READCMS_FLAG_MAX 0x1F /* Maximum possible flag value */ 282 283 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 284 int readCMSheader( INOUT STREAM *stream, 285 IN_ARRAY( noOidInfoEntries ) \ 286 const OID_INFO *oidInfo, 287 IN_RANGE( 1, 50 ) const int noOidInfoEntries, 288 OUT_OPT_LENGTH_INDEF long *dataSize, 289 IN_FLAGS_Z( READCMS ) const int flags ); 290 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 291 int writeCMSheader( INOUT STREAM *stream, 292 IN_BUFFER( contentOIDlength ) \ 293 const BYTE *contentOID, 294 IN_LENGTH_OID const int contentOIDlength, 295 IN_LENGTH_INDEF const long dataSize, 296 const BOOLEAN isInnerHeader ); 297 CHECK_RETVAL_LENGTH STDC_NONNULL_ARG( ( 1 ) ) \ 298 int sizeofCMSencrHeader( IN_BUFFER( contentOIDlength ) \ 299 const BYTE *contentOID, 300 IN_LENGTH_OID const int contentOIDlength, 301 IN_LENGTH_INDEF const long dataSize, 302 IN_HANDLE const CRYPT_CONTEXT iCryptContext ); 303 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 304 int readCMSencrHeader( INOUT STREAM *stream, 305 IN_ARRAY( noOidInfoEntries ) \ 306 const OID_INFO *oidInfo, 307 IN_RANGE( 1, 50 ) const int noOidInfoEntries, 308 OUT_OPT_HANDLE_OPT CRYPT_CONTEXT *iCryptContext, 309 OUT_OPT QUERY_INFO *queryInfo, 310 IN_FLAGS_Z( READCMS ) const int flags ); 311 RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ 312 int writeCMSencrHeader( INOUT STREAM *stream, 313 IN_BUFFER( contentOIDlength ) \ 314 const BYTE *contentOID, 315 IN_LENGTH_OID const int contentOIDlength, 316 IN_LENGTH_INDEF const long dataSize, 317 IN_HANDLE const CRYPT_CONTEXT iCryptContext ); 318 319 #endif /* USE_INT_ASN1 */ 320 #endif /* _ASN1OID_DEFINED */ 321