1 /* crypto/ts/ts_asn1.c */ 2 /* 3 * Written by Nils Larsch for the OpenSSL project 2004. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <openssl/ts.h> 60 #include <openssl/err.h> 61 #include <openssl/asn1t.h> 62 63 ASN1_SEQUENCE(TS_MSG_IMPRINT) = { 64 ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), 65 ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING) 66 } ASN1_SEQUENCE_END(TS_MSG_IMPRINT) 67 68 IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT) 69 IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT) 70 #ifndef OPENSSL_NO_BIO 71 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a) 72 { 73 return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, 74 d2i_TS_MSG_IMPRINT, bp, a); 75 } 76 77 int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a) 78 { 79 return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a); 80 } 81 #endif 82 #ifndef OPENSSL_NO_FP_API 83 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a) 84 { 85 return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, 86 d2i_TS_MSG_IMPRINT, fp, a); 87 } 88 89 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a) 90 { 91 return ASN1_i2d_fp_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, fp, a); 92 } 93 #endif 94 95 ASN1_SEQUENCE(TS_REQ) = { 96 ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER), 97 ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT), 98 ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT), 99 ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER), 100 ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN), 101 ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0) 102 } ASN1_SEQUENCE_END(TS_REQ) 103 104 IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ) 105 IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ) 106 #ifndef OPENSSL_NO_BIO 107 TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a) 108 { 109 return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a); 110 } 111 112 int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a) 113 { 114 return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a); 115 } 116 #endif 117 #ifndef OPENSSL_NO_FP_API 118 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a) 119 { 120 return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a); 121 } 122 123 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a) 124 { 125 return ASN1_i2d_fp_of_const(TS_REQ, i2d_TS_REQ, fp, a); 126 } 127 #endif 128 129 ASN1_SEQUENCE(TS_ACCURACY) = { 130 ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER), 131 ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0), 132 ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1) 133 } ASN1_SEQUENCE_END(TS_ACCURACY) 134 135 IMPLEMENT_ASN1_FUNCTIONS_const(TS_ACCURACY) 136 IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY) 137 138 ASN1_SEQUENCE(TS_TST_INFO) = { 139 ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER), 140 ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT), 141 ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT), 142 ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER), 143 ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME), 144 ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY), 145 ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN), 146 ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER), 147 ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0), 148 ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1) 149 } ASN1_SEQUENCE_END(TS_TST_INFO) 150 151 IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO) 152 IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO) 153 #ifndef OPENSSL_NO_BIO 154 TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a) 155 { 156 return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp, 157 a); 158 } 159 160 int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a) 161 { 162 return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a); 163 } 164 #endif 165 #ifndef OPENSSL_NO_FP_API 166 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a) 167 { 168 return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp, 169 a); 170 } 171 172 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a) 173 { 174 return ASN1_i2d_fp_of_const(TS_TST_INFO, i2d_TS_TST_INFO, fp, a); 175 } 176 #endif 177 178 ASN1_SEQUENCE(TS_STATUS_INFO) = { 179 ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER), 180 ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING), 181 ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING) 182 } ASN1_SEQUENCE_END(TS_STATUS_INFO) 183 184 IMPLEMENT_ASN1_FUNCTIONS_const(TS_STATUS_INFO) 185 IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO) 186 187 static int ts_resp_set_tst_info(TS_RESP *a) 188 { 189 long status; 190 191 status = ASN1_INTEGER_get(a->status_info->status); 192 193 if (a->token) { 194 if (status != 0 && status != 1) { 195 TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT); 196 return 0; 197 } 198 if (a->tst_info != NULL) 199 TS_TST_INFO_free(a->tst_info); 200 a->tst_info = PKCS7_to_TS_TST_INFO(a->token); 201 if (!a->tst_info) { 202 TSerr(TS_F_TS_RESP_SET_TST_INFO, 203 TS_R_PKCS7_TO_TS_TST_INFO_FAILED); 204 return 0; 205 } 206 } else if (status == 0 || status == 1) { 207 TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT); 208 return 0; 209 } 210 211 return 1; 212 } 213 214 static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it, 215 void *exarg) 216 { 217 TS_RESP *ts_resp = (TS_RESP *)*pval; 218 if (op == ASN1_OP_NEW_POST) { 219 ts_resp->tst_info = NULL; 220 } else if (op == ASN1_OP_FREE_POST) { 221 if (ts_resp->tst_info != NULL) 222 TS_TST_INFO_free(ts_resp->tst_info); 223 } else if (op == ASN1_OP_D2I_POST) { 224 if (ts_resp_set_tst_info(ts_resp) == 0) 225 return 0; 226 } 227 return 1; 228 } 229 230 ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = { 231 ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO), 232 ASN1_OPT(TS_RESP, token, PKCS7), 233 } ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP) 234 235 IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP) 236 237 IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP) 238 239 #ifndef OPENSSL_NO_BIO 240 TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a) 241 { 242 return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a); 243 } 244 245 int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a) 246 { 247 return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a); 248 } 249 #endif 250 #ifndef OPENSSL_NO_FP_API 251 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a) 252 { 253 return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a); 254 } 255 256 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a) 257 { 258 return ASN1_i2d_fp_of_const(TS_RESP, i2d_TS_RESP, fp, a); 259 } 260 #endif 261 262 ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = { 263 ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME), 264 ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER) 265 } ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL) 266 267 IMPLEMENT_ASN1_FUNCTIONS_const(ESS_ISSUER_SERIAL) 268 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL) 269 270 ASN1_SEQUENCE(ESS_CERT_ID) = { 271 ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING), 272 ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL) 273 } ASN1_SEQUENCE_END(ESS_CERT_ID) 274 275 IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID) 276 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID) 277 278 ASN1_SEQUENCE(ESS_SIGNING_CERT) = { 279 ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID), 280 ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO) 281 } ASN1_SEQUENCE_END(ESS_SIGNING_CERT) 282 283 IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT) 284 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) 285 286 /* Getting encapsulated TS_TST_INFO object from PKCS7. */ 287 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token) 288 { 289 PKCS7_SIGNED *pkcs7_signed; 290 PKCS7 *enveloped; 291 ASN1_TYPE *tst_info_wrapper; 292 ASN1_OCTET_STRING *tst_info_der; 293 const unsigned char *p; 294 295 if (!PKCS7_type_is_signed(token)) { 296 TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); 297 return NULL; 298 } 299 300 /* Content must be present. */ 301 if (PKCS7_get_detached(token)) { 302 TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT); 303 return NULL; 304 } 305 306 /* We have a signed data with content. */ 307 pkcs7_signed = token->d.sign; 308 enveloped = pkcs7_signed->contents; 309 if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) { 310 TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); 311 return NULL; 312 } 313 314 /* We have a DER encoded TST_INFO as the signed data. */ 315 tst_info_wrapper = enveloped->d.other; 316 if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) { 317 TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE); 318 return NULL; 319 } 320 321 /* We have the correct ASN1_OCTET_STRING type. */ 322 tst_info_der = tst_info_wrapper->value.octet_string; 323 /* At last, decode the TST_INFO. */ 324 p = tst_info_der->data; 325 return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length); 326 } 327