/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "cmmf.h" #include "cmmfi.h" SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) SEC_ASN1_MKSUB(SEC_AnyTemplate) SEC_ASN1_MKSUB(SEC_IntegerTemplate) SEC_ASN1_MKSUB(SEC_SignedCertificateTemplate) static const SEC_ASN1Template CMMFCertResponseTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse) }, { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId) }, { SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status), CMMFPKIStatusInfoTemplate }, { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER, offsetof(CMMFCertResponse, certifiedKeyPair), CMMFCertifiedKeyPairTemplate }, { 0 } }; static const SEC_ASN1Template CMMFCertOrEncCertTemplate[] = { { SEC_ASN1_ANY, offsetof(CMMFCertOrEncCert, derValue), NULL, sizeof(CMMFCertOrEncCert) }, { 0 } }; const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair) }, { SEC_ASN1_INLINE, offsetof(CMMFCertifiedKeyPair, certOrEncCert), CMMFCertOrEncCertTemplate }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0, offsetof(CMMFCertifiedKeyPair, privateKey), CRMFEncryptedValueTemplate }, { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, offsetof(CMMFCertifiedKeyPair, derPublicationInfo), SEC_ASN1_SUB(SEC_AnyTemplate) }, { 0 } }; const SEC_ASN1Template CMMFPKIStatusInfoTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo) }, { SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING, offsetof(CMMFPKIStatusInfo, statusString) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING, offsetof(CMMFPKIStatusInfo, failInfo) }, { 0 } }; const SEC_ASN1Template CMMFSequenceOfCertsTemplate[] = { { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(SEC_SignedCertificateTemplate) } }; const SEC_ASN1Template CMMFRandTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand) }, { SEC_ASN1_INTEGER, offsetof(CMMFRand, integer) }, { SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash) }, { 0 } }; const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[] = { { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CMMFPOPODecKeyRespContent, responses), SEC_ASN1_SUB(SEC_IntegerTemplate), sizeof(CMMFPOPODecKeyRespContent) }, { 0 } }; const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | 1, 0, CRMFEncryptedValueTemplate }, { 0 } }; const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, 0, SEC_ASN1_SUB(SEC_SignedCertificateTemplate) }, { 0 } }; const SEC_ASN1Template CMMFCertRepContentTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent) }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1, offsetof(CMMFCertRepContent, caPubs), CMMFSequenceOfCertsTemplate }, { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFCertRepContent, response), CMMFCertResponseTemplate }, { 0 } }; static const SEC_ASN1Template CMMFChallengeTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge) }, { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN, offsetof(CMMFChallenge, owf), SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, witness) }, { SEC_ASN1_ANY, offsetof(CMMFChallenge, senderDER) }, { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, key) }, { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, challenge) }, { 0 } }; const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[] = { { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFPOPODecKeyChallContent, challenges), CMMFChallengeTemplate, sizeof(CMMFPOPODecKeyChallContent) }, { 0 } }; SECStatus cmmf_decode_process_cert_response(PLArenaPool *poolp, CERTCertDBHandle *db, CMMFCertResponse *inCertResp) { SECStatus rv = SECSuccess; if (inCertResp->certifiedKeyPair != NULL) { rv = cmmf_decode_process_certified_key_pair(poolp, db, inCertResp->certifiedKeyPair); } return rv; } static CERTCertificate * cmmf_DecodeDERCertificate(CERTCertDBHandle *db, SECItem *derCert) { CERTCertificate *newCert; newCert = CERT_NewTempCertificate(db, derCert, NULL, PR_FALSE, PR_TRUE); return newCert; } static CMMFCertOrEncCertChoice cmmf_get_certorenccertchoice_from_der(SECItem *der) { CMMFCertOrEncCertChoice retChoice; switch (der->data[0] & 0x0f) { case 0: retChoice = cmmfCertificate; break; case 1: retChoice = cmmfEncryptedCert; break; default: retChoice = cmmfNoCertOrEncCert; break; } return retChoice; } static SECStatus cmmf_decode_process_certorenccert(PLArenaPool *poolp, CERTCertDBHandle *db, CMMFCertOrEncCert *inCertOrEncCert) { SECStatus rv = SECSuccess; inCertOrEncCert->choice = cmmf_get_certorenccertchoice_from_der(&inCertOrEncCert->derValue); switch (inCertOrEncCert->choice) { case cmmfCertificate: { /* The DER has implicit tagging, so we gotta switch it to * un-tagged in order for the ASN1 parser to understand it. * Saving the bits that were changed. */ inCertOrEncCert->derValue.data[0] = 0x30; inCertOrEncCert->cert.certificate = cmmf_DecodeDERCertificate(db, &inCertOrEncCert->derValue); if (inCertOrEncCert->cert.certificate == NULL) { rv = SECFailure; } } break; case cmmfEncryptedCert: PORT_Assert(poolp); if (!poolp) { PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; break; } inCertOrEncCert->cert.encryptedCert = PORT_ArenaZNew(poolp, CRMFEncryptedValue); if (inCertOrEncCert->cert.encryptedCert == NULL) { rv = SECFailure; break; } rv = SEC_ASN1Decode(poolp, inCertOrEncCert->cert.encryptedCert, CMMFCertOrEncCertEncryptedCertTemplate, (const char *)inCertOrEncCert->derValue.data, inCertOrEncCert->derValue.len); break; default: rv = SECFailure; } return rv; } SECStatus cmmf_decode_process_certified_key_pair(PLArenaPool *poolp, CERTCertDBHandle *db, CMMFCertifiedKeyPair *inCertKeyPair) { return cmmf_decode_process_certorenccert(poolp, db, &inCertKeyPair->certOrEncCert); }