1 /* -*- Mode: C; tab-width: 8 -*- */
2 /* This Source Code Form is subject to the terms of the Mozilla Public
3  * License, v. 2.0. If a copy of the MPL was not distributed with this
4  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 
6 #include "crmf.h"
7 #include "crmfi.h"
8 #include "secoid.h"
9 #include "secasn1.h"
10 
11 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
12 SEC_ASN1_MKSUB(SEC_AnyTemplate)
13 SEC_ASN1_MKSUB(SEC_NullTemplate)
14 SEC_ASN1_MKSUB(SEC_BitStringTemplate)
15 SEC_ASN1_MKSUB(SEC_IntegerTemplate)
16 SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
17 SEC_ASN1_MKSUB(CERT_TimeChoiceTemplate)
18 SEC_ASN1_MKSUB(CERT_SubjectPublicKeyInfoTemplate)
19 SEC_ASN1_MKSUB(CERT_NameTemplate)
20 
21 /*
22  * It's all implicit tagging.
23  */
24 
25 const SEC_ASN1Template CRMFControlTemplate[] = {
26     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFControl) },
27     { SEC_ASN1_OBJECT_ID, offsetof(CRMFControl, derTag) },
28     { SEC_ASN1_ANY, offsetof(CRMFControl, derValue) },
29     { 0 }
30 };
31 
32 static const SEC_ASN1Template CRMFCertExtensionTemplate[] = {
33     { SEC_ASN1_SEQUENCE,
34       0, NULL, sizeof(CRMFCertExtension) },
35     { SEC_ASN1_OBJECT_ID,
36       offsetof(CRMFCertExtension, id) },
37     { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,
38       offsetof(CRMFCertExtension, critical) },
39     { SEC_ASN1_OCTET_STRING,
40       offsetof(CRMFCertExtension, value) },
41     { 0 }
42 };
43 
44 static const SEC_ASN1Template CRMFSequenceOfCertExtensionTemplate[] = {
45     { SEC_ASN1_SEQUENCE_OF, 0, CRMFCertExtensionTemplate }
46 };
47 
48 static const SEC_ASN1Template CRMFOptionalValidityTemplate[] = {
49     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFOptionalValidity) },
50     { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM |
51           SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 0,
52       offsetof(CRMFOptionalValidity, notBefore),
53       SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
54     { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM |
55           SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1,
56       offsetof(CRMFOptionalValidity, notAfter),
57       SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
58     { 0 }
59 };
60 
61 static const SEC_ASN1Template crmfPointerToNameTemplate[] = {
62     { SEC_ASN1_POINTER | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(CERT_NameTemplate) },
63     { 0 }
64 };
65 
66 static const SEC_ASN1Template CRMFCertTemplateTemplate[] = {
67     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertTemplate) },
68     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
69       offsetof(CRMFCertTemplate, version),
70       SEC_ASN1_SUB(SEC_IntegerTemplate) },
71     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1,
72       offsetof(CRMFCertTemplate, serialNumber),
73       SEC_ASN1_SUB(SEC_IntegerTemplate) },
74     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
75           SEC_ASN1_XTRN | 2,
76       offsetof(CRMFCertTemplate, signingAlg),
77       SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
78     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
79           SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 3,
80       offsetof(CRMFCertTemplate, issuer), crmfPointerToNameTemplate },
81     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 4,
82       offsetof(CRMFCertTemplate, validity),
83       CRMFOptionalValidityTemplate },
84     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
85           SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 5,
86       offsetof(CRMFCertTemplate, subject), crmfPointerToNameTemplate },
87     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
88           SEC_ASN1_XTRN | 6,
89       offsetof(CRMFCertTemplate, publicKey),
90       SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) },
91     { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
92           SEC_ASN1_XTRN | 7,
93       offsetof(CRMFCertTemplate, issuerUID),
94       SEC_ASN1_SUB(SEC_BitStringTemplate) },
95     { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
96           SEC_ASN1_XTRN | 8,
97       offsetof(CRMFCertTemplate, subjectUID),
98       SEC_ASN1_SUB(SEC_BitStringTemplate) },
99     { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
100           SEC_ASN1_CONTEXT_SPECIFIC | 9,
101       offsetof(CRMFCertTemplate, extensions),
102       CRMFSequenceOfCertExtensionTemplate },
103     { 0 }
104 };
105 
106 static const SEC_ASN1Template CRMFAttributeTemplate[] = {
107     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFAttribute) },
108     { SEC_ASN1_OBJECT_ID, offsetof(CRMFAttribute, derTag) },
109     { SEC_ASN1_ANY, offsetof(CRMFAttribute, derValue) },
110     { 0 }
111 };
112 
113 const SEC_ASN1Template CRMFCertRequestTemplate[] = {
114     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertRequest) },
115     { SEC_ASN1_INTEGER, offsetof(CRMFCertRequest, certReqId) },
116     { SEC_ASN1_INLINE, offsetof(CRMFCertRequest, certTemplate),
117       CRMFCertTemplateTemplate },
118     { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
119       offsetof(CRMFCertRequest, controls),
120       CRMFControlTemplate }, /* SEQUENCE SIZE (1...MAX)*/
121     { 0 }
122 };
123 
124 const SEC_ASN1Template CRMFCertReqMsgTemplate[] = {
125     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertReqMsg) },
126     { SEC_ASN1_POINTER, offsetof(CRMFCertReqMsg, certReq),
127       CRMFCertRequestTemplate },
128     { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
129       offsetof(CRMFCertReqMsg, derPOP) },
130     { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
131       offsetof(CRMFCertReqMsg, regInfo),
132       CRMFAttributeTemplate }, /* SEQUENCE SIZE (1...MAX)*/
133     { 0 }
134 };
135 
136 const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = {
137     { SEC_ASN1_SEQUENCE_OF, offsetof(CRMFCertReqMessages, messages),
138       CRMFCertReqMsgTemplate, sizeof(CRMFCertReqMessages) }
139 };
140 
141 const SEC_ASN1Template CRMFRAVerifiedTemplate[] = {
142     { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN,
143       0,
144       SEC_ASN1_SUB(SEC_NullTemplate) },
145     { 0 }
146 };
147 
148 /* This template will need to add POPOSigningKeyInput eventually, maybe*/
149 static const SEC_ASN1Template crmfPOPOSigningKeyTemplate[] = {
150     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPOPOSigningKey) },
151     { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
152           SEC_ASN1_XTRN | 0,
153       offsetof(CRMFPOPOSigningKey, derInput),
154       SEC_ASN1_SUB(SEC_AnyTemplate) },
155     { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
156       offsetof(CRMFPOPOSigningKey, algorithmIdentifier),
157       SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
158     { SEC_ASN1_BIT_STRING | SEC_ASN1_XTRN,
159       offsetof(CRMFPOPOSigningKey, signature),
160       SEC_ASN1_SUB(SEC_BitStringTemplate) },
161     { 0 }
162 };
163 
164 const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[] = {
165     { SEC_ASN1_CONTEXT_SPECIFIC | 1,
166       0,
167       crmfPOPOSigningKeyTemplate },
168     { 0 }
169 };
170 
171 const SEC_ASN1Template CRMFThisMessageTemplate[] = {
172     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
173       0,
174       SEC_ASN1_SUB(SEC_BitStringTemplate) },
175     { 0 }
176 };
177 
178 const SEC_ASN1Template CRMFSubsequentMessageTemplate[] = {
179     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
180       0,
181       SEC_ASN1_SUB(SEC_IntegerTemplate) },
182     { 0 }
183 };
184 
185 const SEC_ASN1Template CRMFDHMACTemplate[] = {
186     { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
187       0,
188       SEC_ASN1_SUB(SEC_BitStringTemplate) },
189     { 0 }
190 };
191 
192 const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[] = {
193     { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
194           SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
195       0,
196       SEC_ASN1_SUB(SEC_AnyTemplate) },
197     { 0 }
198 };
199 
200 const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[] = {
201     { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
202           SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 3,
203       0,
204       SEC_ASN1_SUB(SEC_AnyTemplate) },
205     { 0 }
206 };
207 
208 const SEC_ASN1Template CRMFEncryptedValueTemplate[] = {
209     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFEncryptedValue) },
210     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
211           SEC_ASN1_XTRN | 0,
212       offsetof(CRMFEncryptedValue, intendedAlg),
213       SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
214     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
215           SEC_ASN1_XTRN | 1,
216       offsetof(CRMFEncryptedValue, symmAlg),
217       SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
218     { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
219           SEC_ASN1_XTRN | 2,
220       offsetof(CRMFEncryptedValue, encSymmKey),
221       SEC_ASN1_SUB(SEC_BitStringTemplate) },
222     { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
223           SEC_ASN1_XTRN | 3,
224       offsetof(CRMFEncryptedValue, keyAlg),
225       SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
226     { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
227           SEC_ASN1_XTRN | 4,
228       offsetof(CRMFEncryptedValue, valueHint),
229       SEC_ASN1_SUB(SEC_OctetStringTemplate) },
230     { SEC_ASN1_BIT_STRING, offsetof(CRMFEncryptedValue, encValue) },
231     { 0 }
232 };
233 
234 const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[] = {
235     { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
236           SEC_ASN1_CONTEXT_SPECIFIC | 0,
237       0,
238       CRMFEncryptedValueTemplate },
239     { 0 }
240 };
241