diff options
Diffstat (limited to 'security/nss/lib/crmf/asn1cmn.c')
-rw-r--r-- | security/nss/lib/crmf/asn1cmn.c | 247 |
1 files changed, 247 insertions, 0 deletions
diff --git a/security/nss/lib/crmf/asn1cmn.c b/security/nss/lib/crmf/asn1cmn.c new file mode 100644 index 000000000..59ce5b4a8 --- /dev/null +++ b/security/nss/lib/crmf/asn1cmn.c @@ -0,0 +1,247 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#include "nssrenam.h" +#include "cmmf.h" +#include "cmmfi.h" + +SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) +SEC_ASN1_MKSUB(SEC_AnyTemplate) +SEC_ASN1_MKSUB(SEC_IntegerTemplate) +SEC_ASN1_MKSUB(SEC_SignedCertificateTemplate) + +static const SEC_ASN1Template CMMFCertResponseTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse)}, + { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId)}, + { SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status), + CMMFPKIStatusInfoTemplate}, + { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER, + offsetof(CMMFCertResponse, certifiedKeyPair), + CMMFCertifiedKeyPairTemplate}, + { 0 } +}; + +static const SEC_ASN1Template CMMFCertOrEncCertTemplate[] = { + { SEC_ASN1_ANY, offsetof(CMMFCertOrEncCert, derValue), NULL, + sizeof(CMMFCertOrEncCert)}, + { 0 } +}; + +const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair)}, + { SEC_ASN1_INLINE, offsetof(CMMFCertifiedKeyPair, certOrEncCert), + CMMFCertOrEncCertTemplate }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0, + offsetof(CMMFCertifiedKeyPair, privateKey), + CRMFEncryptedValueTemplate}, + { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_XTRN | 1, + offsetof (CMMFCertifiedKeyPair, derPublicationInfo), + SEC_ASN1_SUB(SEC_AnyTemplate) }, + { 0 } +}; + +const SEC_ASN1Template CMMFPKIStatusInfoTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo)}, + { SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status)}, + { SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING, + offsetof(CMMFPKIStatusInfo, statusString)}, + { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING, + offsetof(CMMFPKIStatusInfo, failInfo)}, + { 0 } +}; + +const SEC_ASN1Template CMMFSequenceOfCertsTemplate[] = { + { SEC_ASN1_SEQUENCE_OF| SEC_ASN1_XTRN, 0, + SEC_ASN1_SUB(SEC_SignedCertificateTemplate)} +}; + +const SEC_ASN1Template CMMFRandTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand)}, + { SEC_ASN1_INTEGER, offsetof(CMMFRand, integer)}, + { SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash)}, + { 0 } +}; + +const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[] = { + { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, + offsetof(CMMFPOPODecKeyRespContent, responses), + SEC_ASN1_SUB(SEC_IntegerTemplate), + sizeof(CMMFPOPODecKeyRespContent)}, + { 0 } +}; + +const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[] = { + { SEC_ASN1_CONTEXT_SPECIFIC | 1, + 0, + CRMFEncryptedValueTemplate}, + { 0 } +}; + +const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[] = { + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, + 0, + SEC_ASN1_SUB(SEC_SignedCertificateTemplate)}, + { 0 } +}; + +const SEC_ASN1Template CMMFCertRepContentTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent)}, + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | + SEC_ASN1_CONTEXT_SPECIFIC | 1, + offsetof(CMMFCertRepContent, caPubs), + CMMFSequenceOfCertsTemplate }, + { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFCertRepContent, response), + CMMFCertResponseTemplate}, + { 0 } +}; + +static const SEC_ASN1Template CMMFChallengeTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge)}, + { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN, + offsetof(CMMFChallenge, owf), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, witness) }, + { SEC_ASN1_ANY, offsetof(CMMFChallenge, senderDER) }, + { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, key) }, + { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, challenge) }, + { 0 } +}; + +const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[] = { + { SEC_ASN1_SEQUENCE_OF,offsetof(CMMFPOPODecKeyChallContent, challenges), + CMMFChallengeTemplate, sizeof(CMMFPOPODecKeyChallContent) }, + { 0 } +}; + +SECStatus +cmmf_decode_process_cert_response(PRArenaPool *poolp, + CERTCertDBHandle *db, + CMMFCertResponse *inCertResp) +{ + SECStatus rv = SECSuccess; + + if (inCertResp->certifiedKeyPair != NULL) { + rv = cmmf_decode_process_certified_key_pair(poolp, + db, + inCertResp->certifiedKeyPair); + } + return rv; +} + +static CERTCertificate* +cmmf_DecodeDERCertificate(CERTCertDBHandle *db, SECItem *derCert) +{ + CERTCertificate *newCert; + + newCert = CERT_DecodeDERCertificate(derCert, PR_TRUE, NULL); + if (newCert != NULL && newCert->dbhandle == NULL) { + newCert->dbhandle = db; + } + return newCert; +} + +static CMMFCertOrEncCertChoice +cmmf_get_certorenccertchoice_from_der(SECItem *der) +{ + CMMFCertOrEncCertChoice retChoice; + + switch(der->data[0] & 0x0f) { + case 0: + retChoice = cmmfCertificate; + break; + case 1: + retChoice = cmmfEncryptedCert; + break; + default: + retChoice = cmmfNoCertOrEncCert; + break; + } + return retChoice; +} + +static SECStatus +cmmf_decode_process_certorenccert(PRArenaPool *poolp, + CERTCertDBHandle *db, + CMMFCertOrEncCert *inCertOrEncCert) +{ + SECStatus rv = SECSuccess; + + inCertOrEncCert->choice = + cmmf_get_certorenccertchoice_from_der(&inCertOrEncCert->derValue); + + switch (inCertOrEncCert->choice) { + case cmmfCertificate: + { + /* The DER has implicit tagging, so we gotta switch it to + * un-tagged in order for the ASN1 parser to understand it. + * Saving the bits that were changed. + */ + inCertOrEncCert->derValue.data[0] = 0x30; + inCertOrEncCert->cert.certificate = + cmmf_DecodeDERCertificate(db, &inCertOrEncCert->derValue); + if (inCertOrEncCert->cert.certificate == NULL) { + rv = SECFailure; + } + + } + break; + case cmmfEncryptedCert: + inCertOrEncCert->cert.encryptedCert = + PORT_ArenaZNew(poolp, CRMFEncryptedValue); + if (inCertOrEncCert->cert.encryptedCert == NULL) { + rv = SECFailure; + break; + } + rv = SEC_ASN1Decode(poolp, inCertOrEncCert->cert.encryptedCert, + CMMFCertOrEncCertEncryptedCertTemplate, + (const char*)inCertOrEncCert->derValue.data, + inCertOrEncCert->derValue.len); + break; + default: + rv = SECFailure; + } + return rv; +} + +SECStatus +cmmf_decode_process_certified_key_pair(PRArenaPool *poolp, + CERTCertDBHandle *db, + CMMFCertifiedKeyPair *inCertKeyPair) +{ + return cmmf_decode_process_certorenccert (poolp, + db, + &inCertKeyPair->certOrEncCert); +} + + |