crypto/x509/x509_acert.c

   1 /*
   2  * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <openssl/asn1t.h>
  11 #include <openssl/x509.h>
  12 #include <openssl/x509v3.h>
  13 #include "x509_acert.h"
  14
  15 /*
  16  * OpenSSL ASN.1 template translation of RFC 5755 4.1.
  17  */
  18
  19 ASN1_SEQUENCE(OSSL_OBJECT_DIGEST_INFO) = {
  20     ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, digestedObjectType, ASN1_ENUMERATED),
  21     ASN1_OPT(OSSL_OBJECT_DIGEST_INFO, otherObjectTypeID, ASN1_OBJECT),
  22     ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, digestAlgorithm, X509_ALGOR),
  23     ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, objectDigest, ASN1_BIT_STRING),
  24 } ASN1_SEQUENCE_END(OSSL_OBJECT_DIGEST_INFO)
  25
  26 ASN1_SEQUENCE(OSSL_ISSUER_SERIAL) = {
  27     ASN1_SEQUENCE_OF(OSSL_ISSUER_SERIAL, issuer, GENERAL_NAME),
  28     ASN1_EMBED(OSSL_ISSUER_SERIAL, serial, ASN1_INTEGER),
  29     ASN1_OPT(OSSL_ISSUER_SERIAL, issuerUID, ASN1_BIT_STRING),
  30 } ASN1_SEQUENCE_END(OSSL_ISSUER_SERIAL)
  31
  32 ASN1_SEQUENCE(X509_ACERT_ISSUER_V2FORM) = {
  33     ASN1_SEQUENCE_OF_OPT(X509_ACERT_ISSUER_V2FORM, issuerName, GENERAL_NAME),
  34     ASN1_IMP_OPT(X509_ACERT_ISSUER_V2FORM, baseCertificateId, OSSL_ISSUER_SERIAL, 0),
  35     ASN1_IMP_OPT(X509_ACERT_ISSUER_V2FORM, objectDigestInfo, OSSL_OBJECT_DIGEST_INFO, 1),
  36 } ASN1_SEQUENCE_END(X509_ACERT_ISSUER_V2FORM)
  37
  38 ASN1_CHOICE(X509_ACERT_ISSUER) = {
  39     ASN1_SEQUENCE_OF(X509_ACERT_ISSUER, u.v1Form, GENERAL_NAME),
  40     ASN1_IMP(X509_ACERT_ISSUER, u.v2Form, X509_ACERT_ISSUER_V2FORM, 0),
  41 } ASN1_CHOICE_END(X509_ACERT_ISSUER)
  42
  43 ASN1_SEQUENCE(X509_HOLDER) = {
  44     ASN1_IMP_OPT(X509_HOLDER, baseCertificateID, OSSL_ISSUER_SERIAL, 0),
  45     ASN1_IMP_SEQUENCE_OF_OPT(X509_HOLDER, entityName, GENERAL_NAME, 1),
  46     ASN1_IMP_OPT(X509_HOLDER, objectDigestInfo, OSSL_OBJECT_DIGEST_INFO, 2),
  47 } ASN1_SEQUENCE_END(X509_HOLDER)
  48
  49 ASN1_SEQUENCE(X509_ACERT_INFO) = {
  50     ASN1_EMBED(X509_ACERT_INFO, version, ASN1_INTEGER),
  51     ASN1_EMBED(X509_ACERT_INFO, holder, X509_HOLDER),
  52     ASN1_EMBED(X509_ACERT_INFO, issuer, X509_ACERT_ISSUER),
  53     ASN1_EMBED(X509_ACERT_INFO, signature, X509_ALGOR),
  54     ASN1_EMBED(X509_ACERT_INFO, serialNumber, ASN1_INTEGER),
  55     ASN1_EMBED(X509_ACERT_INFO, validityPeriod, X509_VAL),
  56     ASN1_SEQUENCE_OF(X509_ACERT_INFO, attributes, X509_ATTRIBUTE),
  57     ASN1_OPT(X509_ACERT_INFO, issuerUID, ASN1_BIT_STRING),
  58     ASN1_SEQUENCE_OF_OPT(X509_ACERT_INFO, extensions, X509_EXTENSION),
  59 } ASN1_SEQUENCE_END(X509_ACERT_INFO)
  60
  61 ASN1_SEQUENCE(X509_ACERT) = {
  62     ASN1_SIMPLE(X509_ACERT, acinfo, X509_ACERT_INFO),
  63     ASN1_EMBED(X509_ACERT, sig_alg, X509_ALGOR),
  64     ASN1_EMBED(X509_ACERT, signature, ASN1_BIT_STRING),
  65 } ASN1_SEQUENCE_END(X509_ACERT)
  66
  67 IMPLEMENT_ASN1_FUNCTIONS(X509_ACERT)
  68 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ACERT)
  69 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X509_ACERT_INFO)
  70 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(OSSL_ISSUER_SERIAL)
  71 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(OSSL_OBJECT_DIGEST_INFO)
  72 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X509_ACERT_ISSUER_V2FORM)
  73
  74 IMPLEMENT_PEM_rw(X509_ACERT, X509_ACERT, PEM_STRING_ACERT, X509_ACERT)
  75
  76 static X509_NAME *get_dirName(const GENERAL_NAMES *names)
  77 {
  78     GENERAL_NAME *dirName;
  79
  80     if (sk_GENERAL_NAME_num(names) != 1)
  81         return NULL;
  82
  83     dirName = sk_GENERAL_NAME_value(names, 0);
  84     if (dirName->type != GEN_DIRNAME)
  85         return NULL;
  86
  87     return dirName->d.directoryName;
  88 }
  89
  90 void OSSL_OBJECT_DIGEST_INFO_get0_digest(const OSSL_OBJECT_DIGEST_INFO *o,
  91                                          int *digestedObjectType,
  92                                          const X509_ALGOR **digestAlgorithm,
  93                                          const ASN1_BIT_STRING **digest)
  94 {
  95     if (digestedObjectType != NULL)
  96         *digestedObjectType = ASN1_ENUMERATED_get(&o->digestedObjectType);
  97     if (digestAlgorithm != NULL)
  98         *digestAlgorithm = &o->digestAlgorithm;
  99     if (digest != NULL)
 100         *digest = &o->objectDigest;
 101 }
 102
 103 const X509_NAME *OSSL_ISSUER_SERIAL_get0_issuer(const OSSL_ISSUER_SERIAL *isss)
 104 {
 105     return get_dirName(isss->issuer);
 106 }
 107
 108 const ASN1_INTEGER *OSSL_ISSUER_SERIAL_get0_serial(const OSSL_ISSUER_SERIAL *isss)
 109 {
 110     return &isss->serial;
 111 }
 112
 113 const ASN1_BIT_STRING *OSSL_ISSUER_SERIAL_get0_issuerUID(const OSSL_ISSUER_SERIAL *isss)
 114 {
 115     return isss->issuerUID;
 116 }
 117
 118 long X509_ACERT_get_version(const X509_ACERT *x)
 119 {
 120     return ASN1_INTEGER_get(&x->acinfo->version);
 121 }
 122
 123 void X509_ACERT_get0_signature(const X509_ACERT *x,
 124                                const ASN1_BIT_STRING **psig,
 125                                const X509_ALGOR **palg)
 126 {
 127     if (psig != NULL)
 128         *psig = &x->signature;
 129     if (palg != NULL)
 130         *palg = &x->sig_alg;
 131 }
 132
 133 int X509_ACERT_get_signature_nid(const X509_ACERT *x)
 134 {
 135     return OBJ_obj2nid(x->sig_alg.algorithm);
 136 }
 137
 138 const GENERAL_NAMES *X509_ACERT_get0_holder_entityName(const X509_ACERT *x)
 139 {
 140     return x->acinfo->holder.entityName;
 141 }
 142
 143 const OSSL_ISSUER_SERIAL *X509_ACERT_get0_holder_baseCertId(const X509_ACERT *x)
 144 {
 145     return x->acinfo->holder.baseCertificateID;
 146 }
 147
 148 const OSSL_OBJECT_DIGEST_INFO *X509_ACERT_get0_holder_digest(const X509_ACERT *x)
 149 {
 150     return x->acinfo->holder.objectDigestInfo;
 151 }
 152
 153 const X509_NAME *X509_ACERT_get0_issuerName(const X509_ACERT *x)
 154 {
 155     if (x->acinfo->issuer.type != X509_ACERT_ISSUER_V2
 156         || x->acinfo->issuer.u.v2Form == NULL)
 157         return NULL;
 158
 159     return get_dirName(x->acinfo->issuer.u.v2Form->issuerName);
 160 }
 161
 162 const ASN1_BIT_STRING *X509_ACERT_get0_issuerUID(const X509_ACERT *x)
 163 {
 164     return x->acinfo->issuerUID;
 165 }
 166
 167 const X509_ALGOR *X509_ACERT_get0_info_sigalg(const X509_ACERT *x)
 168 {
 169     return &x->acinfo->signature;
 170 }
 171
 172 const ASN1_INTEGER *X509_ACERT_get0_serialNumber(const X509_ACERT *x)
 173 {
 174     return &x->acinfo->serialNumber;
 175 }
 176
 177 const ASN1_GENERALIZEDTIME *X509_ACERT_get0_notBefore(const X509_ACERT *x)
 178 {
 179     return x->acinfo->validityPeriod.notBefore;
 180 }
 181
 182 const ASN1_GENERALIZEDTIME *X509_ACERT_get0_notAfter(const X509_ACERT *x)
 183 {
 184     return x->acinfo->validityPeriod.notAfter;
 185 }