gecko-dev/security/nss/lib/crmf/asn1cmn.c

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "cmmf.h"
#include "cmmfi.h"

SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
SEC_ASN1_MKSUB(SEC_AnyTemplate)
SEC_ASN1_MKSUB(SEC_IntegerTemplate)
SEC_ASN1_MKSUB(SEC_SignedCertificateTemplate)

static const SEC_ASN1Template CMMFCertResponseTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse) },
    { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId) },
    { SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status),
      CMMFPKIStatusInfoTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER,
      offsetof(CMMFCertResponse, certifiedKeyPair),
      CMMFCertifiedKeyPairTemplate },
    { 0 }
};

static const SEC_ASN1Template CMMFCertOrEncCertTemplate[] = {
    { SEC_ASN1_ANY, offsetof(CMMFCertOrEncCert, derValue), NULL,
      sizeof(CMMFCertOrEncCert) },
    { 0 }
};

const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair) },
    { SEC_ASN1_INLINE, offsetof(CMMFCertifiedKeyPair, certOrEncCert),
      CMMFCertOrEncCertTemplate },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0,
      offsetof(CMMFCertifiedKeyPair, privateKey),
      CRMFEncryptedValueTemplate },
    { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
          SEC_ASN1_XTRN | 1,
      offsetof(CMMFCertifiedKeyPair, derPublicationInfo),
      SEC_ASN1_SUB(SEC_AnyTemplate) },
    { 0 }
};

const SEC_ASN1Template CMMFPKIStatusInfoTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo) },
    { SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING,
      offsetof(CMMFPKIStatusInfo, statusString) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING,
      offsetof(CMMFPKIStatusInfo, failInfo) },
    { 0 }
};

const SEC_ASN1Template CMMFSequenceOfCertsTemplate[] = {
    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, 0,
      SEC_ASN1_SUB(SEC_SignedCertificateTemplate) }
};

const SEC_ASN1Template CMMFRandTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand) },
    { SEC_ASN1_INTEGER, offsetof(CMMFRand, integer) },
    { SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash) },
    { 0 }
};

const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[] = {
    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
      offsetof(CMMFPOPODecKeyRespContent, responses),
      SEC_ASN1_SUB(SEC_IntegerTemplate),
      sizeof(CMMFPOPODecKeyRespContent) },
    { 0 }
};

const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[] = {
    { SEC_ASN1_CONTEXT_SPECIFIC | 1,
      0,
      CRMFEncryptedValueTemplate },
    { 0 }
};

const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[] = {
    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
      0,
      SEC_ASN1_SUB(SEC_SignedCertificateTemplate) },
    { 0 }
};

const SEC_ASN1Template CMMFCertRepContentTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent) },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
          SEC_ASN1_CONTEXT_SPECIFIC | 1,
      offsetof(CMMFCertRepContent, caPubs),
      CMMFSequenceOfCertsTemplate },
    { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFCertRepContent, response),
      CMMFCertResponseTemplate },
    { 0 }
};

static const SEC_ASN1Template CMMFChallengeTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge) },
    { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
      offsetof(CMMFChallenge, owf),
      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
    { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, witness) },
    { SEC_ASN1_ANY, offsetof(CMMFChallenge, senderDER) },
    { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, key) },
    { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, challenge) },
    { 0 }
};

const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[] = {
    { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFPOPODecKeyChallContent, challenges),
      CMMFChallengeTemplate, sizeof(CMMFPOPODecKeyChallContent) },
    { 0 }
};

SECStatus
cmmf_decode_process_cert_response(PLArenaPool *poolp,
                                  CERTCertDBHandle *db,
                                  CMMFCertResponse *inCertResp)
{
    SECStatus rv = SECSuccess;

    if (inCertResp->certifiedKeyPair != NULL) {
        rv = cmmf_decode_process_certified_key_pair(poolp,
                                                    db,
                                                    inCertResp->certifiedKeyPair);
    }
    return rv;
}

static CERTCertificate *
cmmf_DecodeDERCertificate(CERTCertDBHandle *db, SECItem *derCert)
{
    CERTCertificate *newCert;

    newCert = CERT_NewTempCertificate(db, derCert, NULL, PR_FALSE, PR_TRUE);
    return newCert;
}

static CMMFCertOrEncCertChoice
cmmf_get_certorenccertchoice_from_der(SECItem *der)
{
    CMMFCertOrEncCertChoice retChoice;

    switch (der->data[0] & 0x0f) {
        case 0:
            retChoice = cmmfCertificate;
            break;
        case 1:
            retChoice = cmmfEncryptedCert;
            break;
        default:
            retChoice = cmmfNoCertOrEncCert;
            break;
    }
    return retChoice;
}

static SECStatus
cmmf_decode_process_certorenccert(PLArenaPool *poolp,
                                  CERTCertDBHandle *db,
                                  CMMFCertOrEncCert *inCertOrEncCert)
{
    SECStatus rv = SECSuccess;

    inCertOrEncCert->choice =
        cmmf_get_certorenccertchoice_from_der(&inCertOrEncCert->derValue);

    switch (inCertOrEncCert->choice) {
        case cmmfCertificate: {
            /* The DER has implicit tagging, so we gotta switch it to
             * un-tagged in order for the ASN1 parser to understand it.
             * Saving the bits that were changed.
             */
            inCertOrEncCert->derValue.data[0] = 0x30;
            inCertOrEncCert->cert.certificate =
                cmmf_DecodeDERCertificate(db, &inCertOrEncCert->derValue);
            if (inCertOrEncCert->cert.certificate == NULL) {
                rv = SECFailure;
            }

        } break;
        case cmmfEncryptedCert:
            PORT_Assert(poolp);
            if (!poolp) {
                PORT_SetError(SEC_ERROR_INVALID_ARGS);
                rv = SECFailure;
                break;
            }
            inCertOrEncCert->cert.encryptedCert =
                PORT_ArenaZNew(poolp, CRMFEncryptedValue);
            if (inCertOrEncCert->cert.encryptedCert == NULL) {
                rv = SECFailure;
                break;
            }
            rv = SEC_ASN1Decode(poolp, inCertOrEncCert->cert.encryptedCert,
                                CMMFCertOrEncCertEncryptedCertTemplate,
                                (const char *)inCertOrEncCert->derValue.data,
                                inCertOrEncCert->derValue.len);
            break;
        default:
            rv = SECFailure;
    }
    return rv;
}

SECStatus
cmmf_decode_process_certified_key_pair(PLArenaPool *poolp,
                                       CERTCertDBHandle *db,
                                       CMMFCertifiedKeyPair *inCertKeyPair)
{
    return cmmf_decode_process_certorenccert(poolp,
                                             db,
                                             &inCertKeyPair->certOrEncCert);
}