summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/crmf/asn1cmn.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/crmf/asn1cmn.c')
-rw-r--r--security/nss/lib/crmf/asn1cmn.c216
1 files changed, 216 insertions, 0 deletions
diff --git a/security/nss/lib/crmf/asn1cmn.c b/security/nss/lib/crmf/asn1cmn.c
new file mode 100644
index 000000000..6cf469fb4
--- /dev/null
+++ b/security/nss/lib/crmf/asn1cmn.c
@@ -0,0 +1,216 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cmmf.h"
+#include "cmmfi.h"
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SEC_IntegerTemplate)
+SEC_ASN1_MKSUB(SEC_SignedCertificateTemplate)
+
+static const SEC_ASN1Template CMMFCertResponseTemplate[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse) },
+ { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId) },
+ { SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status),
+ CMMFPKIStatusInfoTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER,
+ offsetof(CMMFCertResponse, certifiedKeyPair),
+ CMMFCertifiedKeyPairTemplate },
+ { 0 }
+};
+
+static const SEC_ASN1Template CMMFCertOrEncCertTemplate[] = {
+ { SEC_ASN1_ANY, offsetof(CMMFCertOrEncCert, derValue), NULL,
+ sizeof(CMMFCertOrEncCert) },
+ { 0 }
+};
+
+const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair) },
+ { SEC_ASN1_INLINE, offsetof(CMMFCertifiedKeyPair, certOrEncCert),
+ CMMFCertOrEncCertTemplate },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0,
+ offsetof(CMMFCertifiedKeyPair, privateKey),
+ CRMFEncryptedValueTemplate },
+ { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+ SEC_ASN1_XTRN | 1,
+ offsetof(CMMFCertifiedKeyPair, derPublicationInfo),
+ SEC_ASN1_SUB(SEC_AnyTemplate) },
+ { 0 }
+};
+
+const SEC_ASN1Template CMMFPKIStatusInfoTemplate[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo) },
+ { SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING,
+ offsetof(CMMFPKIStatusInfo, statusString) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING,
+ offsetof(CMMFPKIStatusInfo, failInfo) },
+ { 0 }
+};
+
+const SEC_ASN1Template CMMFSequenceOfCertsTemplate[] = {
+ { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, 0,
+ SEC_ASN1_SUB(SEC_SignedCertificateTemplate) }
+};
+
+const SEC_ASN1Template CMMFRandTemplate[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand) },
+ { SEC_ASN1_INTEGER, offsetof(CMMFRand, integer) },
+ { SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash) },
+ { 0 }
+};
+
+const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[] = {
+ { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
+ offsetof(CMMFPOPODecKeyRespContent, responses),
+ SEC_ASN1_SUB(SEC_IntegerTemplate),
+ sizeof(CMMFPOPODecKeyRespContent) },
+ { 0 }
+};
+
+const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[] = {
+ { SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ 0,
+ CRMFEncryptedValueTemplate },
+ { 0 }
+};
+
+const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[] = {
+ { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+ 0,
+ SEC_ASN1_SUB(SEC_SignedCertificateTemplate) },
+ { 0 }
+};
+
+const SEC_ASN1Template CMMFCertRepContentTemplate[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent) },
+ { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
+ SEC_ASN1_CONTEXT_SPECIFIC | 1,
+ offsetof(CMMFCertRepContent, caPubs),
+ CMMFSequenceOfCertsTemplate },
+ { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFCertRepContent, response),
+ CMMFCertResponseTemplate },
+ { 0 }
+};
+
+static const SEC_ASN1Template CMMFChallengeTemplate[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge) },
+ { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
+ offsetof(CMMFChallenge, owf),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, witness) },
+ { SEC_ASN1_ANY, offsetof(CMMFChallenge, senderDER) },
+ { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, key) },
+ { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, challenge) },
+ { 0 }
+};
+
+const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[] = {
+ { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFPOPODecKeyChallContent, challenges),
+ CMMFChallengeTemplate, sizeof(CMMFPOPODecKeyChallContent) },
+ { 0 }
+};
+
+SECStatus
+cmmf_decode_process_cert_response(PLArenaPool *poolp,
+ CERTCertDBHandle *db,
+ CMMFCertResponse *inCertResp)
+{
+ SECStatus rv = SECSuccess;
+
+ if (inCertResp->certifiedKeyPair != NULL) {
+ rv = cmmf_decode_process_certified_key_pair(poolp,
+ db,
+ inCertResp->certifiedKeyPair);
+ }
+ return rv;
+}
+
+static CERTCertificate *
+cmmf_DecodeDERCertificate(CERTCertDBHandle *db, SECItem *derCert)
+{
+ CERTCertificate *newCert;
+
+ newCert = CERT_NewTempCertificate(db, derCert, NULL, PR_FALSE, PR_TRUE);
+ return newCert;
+}
+
+static CMMFCertOrEncCertChoice
+cmmf_get_certorenccertchoice_from_der(SECItem *der)
+{
+ CMMFCertOrEncCertChoice retChoice;
+
+ switch (der->data[0] & 0x0f) {
+ case 0:
+ retChoice = cmmfCertificate;
+ break;
+ case 1:
+ retChoice = cmmfEncryptedCert;
+ break;
+ default:
+ retChoice = cmmfNoCertOrEncCert;
+ break;
+ }
+ return retChoice;
+}
+
+static SECStatus
+cmmf_decode_process_certorenccert(PLArenaPool *poolp,
+ CERTCertDBHandle *db,
+ CMMFCertOrEncCert *inCertOrEncCert)
+{
+ SECStatus rv = SECSuccess;
+
+ inCertOrEncCert->choice =
+ cmmf_get_certorenccertchoice_from_der(&inCertOrEncCert->derValue);
+
+ switch (inCertOrEncCert->choice) {
+ case cmmfCertificate: {
+ /* The DER has implicit tagging, so we gotta switch it to
+ * un-tagged in order for the ASN1 parser to understand it.
+ * Saving the bits that were changed.
+ */
+ inCertOrEncCert->derValue.data[0] = 0x30;
+ inCertOrEncCert->cert.certificate =
+ cmmf_DecodeDERCertificate(db, &inCertOrEncCert->derValue);
+ if (inCertOrEncCert->cert.certificate == NULL) {
+ rv = SECFailure;
+ }
+
+ } break;
+ case cmmfEncryptedCert:
+ PORT_Assert(poolp);
+ if (!poolp) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ rv = SECFailure;
+ break;
+ }
+ inCertOrEncCert->cert.encryptedCert =
+ PORT_ArenaZNew(poolp, CRMFEncryptedValue);
+ if (inCertOrEncCert->cert.encryptedCert == NULL) {
+ rv = SECFailure;
+ break;
+ }
+ rv = SEC_ASN1Decode(poolp, inCertOrEncCert->cert.encryptedCert,
+ CMMFCertOrEncCertEncryptedCertTemplate,
+ (const char *)inCertOrEncCert->derValue.data,
+ inCertOrEncCert->derValue.len);
+ break;
+ default:
+ rv = SECFailure;
+ }
+ return rv;
+}
+
+SECStatus
+cmmf_decode_process_certified_key_pair(PLArenaPool *poolp,
+ CERTCertDBHandle *db,
+ CMMFCertifiedKeyPair *inCertKeyPair)
+{
+ return cmmf_decode_process_certorenccert(poolp,
+ db,
+ &inCertKeyPair->certOrEncCert);
+}