1/* 2 * Copyright (c) 2003 Apple Computer, Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18/* 19 * clNssUtils.h - support for libnssasn1-based ASN1 encode/decode 20 */ 21 22#ifndef _CL_NSS_UTILS_H_ 23#define _CL_NSS_UTILS_H_ 24 25#include <security_asn1/SecNssCoder.h> 26#include <Security/certExtensionTemplates.h> 27#include <security_utilities/alloc.h> 28#include <Security/cssm.h> 29#include "DecodedCert.h" 30 31/* 32 * A Allocator which is actually based upon a PLArenaPool. This only 33 * mallocs, it doesn't have a free - all memory allocated with this 34 * object is freed when the SecNssCoder associated with this object is 35 * freed. It's used to malloc the fields in DecodedCert.mCert and 36 * DecodedCrl.mCrl. 37 */ 38class ArenaAllocator : public Security::Allocator 39{ 40 NOCOPY(ArenaAllocator) 41public: 42 ArenaAllocator(SecNssCoder &coder) 43 : mCoder(coder) { } 44 ~ArenaAllocator() { } 45 void *malloc(size_t) throw(std::bad_alloc) ; 46 void free(void *) throw() ; 47 void *realloc(void *, size_t) throw(std::bad_alloc); 48private: 49 SecNssCoder &mCoder; 50}; 51 52/* 53 * Misc. alloc/copy with arbitrary Allocator 54 */ 55 56/* malloc d.Data, set d.Length */ 57void clAllocData( 58 Allocator &alloc, 59 CSSM_DATA &dst, 60 size_t len); 61 62/* malloc and copy */ 63void clAllocCopyData( 64 Allocator &alloc, 65 const CSSM_DATA &src, 66 CSSM_DATA &dst); 67 68/* return true if two CSSM_DATAs (or two CSSM_OIDs) compare equal */ 69bool clCompareCssmData( 70 const CSSM_DATA *data1, 71 const CSSM_DATA *data2); 72 73/* 74 * CSSM_DATA --> uint32 75 */ 76uint32 clDataToInt( 77 const CSSM_DATA &cdata, 78 CSSM_RETURN toThrow = CSSMERR_CL_INVALID_CERT_POINTER); 79void clIntToData( 80 uint32 num, 81 CSSM_DATA &cdata, 82 Allocator &alloc); 83 84/* CSSM_BOOL <--> CSSM_DATA */ 85CSSM_BOOL clNssBoolToCssm( 86 const CSSM_DATA &nssBool); 87void clCssmBoolToNss( 88 CSSM_BOOL cBool, 89 CSSM_DATA &nssBool, 90 Allocator &alloc); 91 92/* Bit String */ 93void clCssmBitStringToNss( 94 CSSM_DATA &b); 95void clNssBitStringToCssm( 96 CSSM_DATA &b); 97 98/* How many items in a NULL-terminated array of pointers? */ 99unsigned clNssArraySize( 100 const void **array); 101 102/* malloc a NULL-ed array of pointers of size num+1 */ 103void **clNssNullArray( 104 uint32 num, 105 SecNssCoder &coder); 106 107CE_KeyUsage clBitStringToKeyUsage( 108 const CSSM_DATA &cdata); 109 110CSSM_ALGORITHMS CL_oidToAlg( 111 const CSSM_OID &oid); 112 113void CL_copyAlgId( 114 const CSSM_X509_ALGORITHM_IDENTIFIER &srcAlgId, 115 CSSM_X509_ALGORITHM_IDENTIFIER &destAlgId, 116 Allocator &alloc); 117void CL_freeCssmAlgId( 118 CSSM_X509_ALGORITHM_IDENTIFIER *cdsaObj, // optional 119 Allocator &alloc); 120 121 122bool CL_nssTimeToCssm( 123 const NSS_Time &derTime, 124 CSSM_X509_TIME &cssmObj, 125 Allocator &alloc); 126void CL_cssmTimeToNss( 127 const CSSM_X509_TIME &cssmTime, 128 NSS_Time &nssTime, 129 SecNssCoder &coder); 130void CL_freeCssmTime( 131 CSSM_X509_TIME *cssmTime, 132 Allocator &alloc); 133 134void CL_nullAlgParams( 135 CSSM_X509_ALGORITHM_IDENTIFIER &algId); 136 137void CL_copySubjPubKeyInfo( 138 const CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &srcInfo, 139 bool srcInBits, 140 CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &dstInfo, 141 bool dstInBits, 142 Allocator &alloc); 143CSSM_KEY_PTR CL_extractCSSMKeyNSS( 144 const CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &keyInfo, 145 Allocator &alloc, 146 const DecodedCert *decodedCert); // optional 147void CL_CSSMKeyToSubjPubKeyInfoNSS( 148 const CSSM_KEY &cssmKey, 149 CSSM_X509_SUBJECT_PUBLIC_KEY_INFO &nssKeyInfo, 150 SecNssCoder &coder); 151void CL_freeCSSMKey( 152 CSSM_KEY_PTR cssmKey, 153 Allocator &alloc, 154 bool freeTop = true); // delete the actual key 155 // as well as contents 156 157void CL_cssmAuthorityKeyIdToNss( 158 const CE_AuthorityKeyID &cdsaObj, 159 NSS_AuthorityKeyId &nssObj, 160 SecNssCoder &coder); 161void CL_nssAuthorityKeyIdToCssm( 162 const NSS_AuthorityKeyId &nssObj, 163 CE_AuthorityKeyID &cdsaObj, 164 SecNssCoder &coder, // for temp decoding 165 Allocator &alloc); 166 167void CL_cssmInfoAccessToNss( 168 const CE_AuthorityInfoAccess &cdsaObj, 169 NSS_AuthorityInfoAccess &nssObj, 170 SecNssCoder &coder); 171void CL_infoAccessToCssm( 172 const NSS_AuthorityInfoAccess &nssObj, 173 CE_AuthorityInfoAccess &cdsaObj, 174 SecNssCoder &coder, // for temp decoding 175 Allocator &alloc); 176void CL_freeInfoAccess( 177 CE_AuthorityInfoAccess &cssmInfo, 178 Allocator &alloc); 179 180void CL_cssmQualCertStatementsToNss( 181 const CE_QC_Statements &cdsaObj, 182 NSS_QC_Statements &nssObj, 183 SecNssCoder &coder); 184void CL_qualCertStatementsToCssm( 185 const NSS_QC_Statements &nssObj, 186 CE_QC_Statements &cdsaObj, 187 SecNssCoder &coder, // for temp decoding 188 Allocator &alloc); 189void CL_freeQualCertStatements( 190 CE_QC_Statements &cssmQCs, 191 Allocator &alloc); 192 193void CL_decodeDistributionPointName( 194 const CSSM_DATA &nssBlob, 195 CE_DistributionPointName &cssmDpn, 196 SecNssCoder &coder, 197 Allocator &alloc); 198void CL_encodeDistributionPointName( 199 CE_DistributionPointName &cpoint, 200 CSSM_DATA &npoint, 201 SecNssCoder &coder); 202void CL_cssmDistPointsToNss( 203 const CE_CRLDistPointsSyntax &cdsaObj, 204 NSS_CRLDistributionPoints &nssObj, 205 SecNssCoder &coder); 206void CL_nssDistPointsToCssm( 207 const NSS_CRLDistributionPoints &nssObj, 208 CE_CRLDistPointsSyntax &cdsaObj, 209 SecNssCoder &coder, // for temp decoding 210 Allocator &alloc); 211 212void CL_nssIssuingDistPointToCssm( 213 NSS_IssuingDistributionPoint *nssIdp, 214 CE_IssuingDistributionPoint *cssmIdp, 215 SecNssCoder &coder, 216 Allocator &alloc); 217 218void CL_cssmNameConstraintsToNss( 219 const CE_NameConstraints &cdsaObj, 220 NSS_NameConstraints &nssObj, 221 SecNssCoder &coder); 222void CL_nssNameConstraintsToCssm( 223 const NSS_NameConstraints &nssObj, 224 CE_NameConstraints &cdsaObj, 225 SecNssCoder &coder, // for temp decoding 226 Allocator &alloc); 227void CL_freeCssmNameConstraints( 228 CE_NameConstraints *cssmNcs, 229 Allocator &alloc); 230 231void CL_cssmPolicyMappingsToNss( 232 const CE_PolicyMappings &cdsaObj, 233 NSS_PolicyMappings &nssObj, 234 SecNssCoder &coder); 235void CL_nssPolicyMappingsToCssm( 236 const NSS_PolicyMappings &nssObj, 237 CE_PolicyMappings &cdsaObj, 238 SecNssCoder &coder, // for temp decoding 239 Allocator &alloc); 240void CL_freeCssmPolicyMappings( 241 CE_PolicyMappings *cssmPms, 242 Allocator &alloc); 243 244void CL_cssmPolicyConstraintsToNss( 245 const CE_PolicyConstraints *cdsaObj, 246 NSS_PolicyConstraints *nssObj, 247 SecNssCoder &coder); 248void CL_nssPolicyConstraintsToCssm( 249 const NSS_PolicyConstraints *nssObj, 250 CE_PolicyConstraints *cdsaObj, 251 SecNssCoder &coder, // for temp decoding 252 Allocator &alloc); 253void CL_freeCssmPolicyConstraints( 254 CE_PolicyConstraints *cssmPcs, 255 Allocator &alloc); 256 257CSSM_ALGORITHMS CL_nssDecodeECDSASigAlgParams( 258 const CSSM_DATA &algParams, 259 SecNssCoder &coder); 260 261void CL_certCrlDecodeComponents( 262 const CssmData &signedItem, // DER-encoded cert or CRL 263 CssmOwnedData &tbsBlob, // still DER-encoded 264 CssmOwnedData &algId, // ditto 265 CssmOwnedData &rawSig); // raw bits (not an encoded AsnBits) 266void 267CL_certEncodeComponents( 268 const CssmData &TBSCert, // DER-encoded 269 const CssmData &algId, // ditto 270 const CssmData &rawSig, // raw bits, not encoded 271 CssmOwnedData &signedCert); // DER-encoded 272 273#endif /* _CL_NSS_UTILS_H_ */ 274