verdict_parser/x509/
ext_value.rs

1use super::*;
2use crate::asn1::Boolean;
3use crate::asn1::Integer;
4use vstd::prelude::*;
5
6verus! {
7
8asn1! {
9    // RFC 2459, 4.2.1.1
10    seq AuthorityKeyIdentifier {
11        #[optional] key_id: ASN1<ImplicitTag<OctetString>> = ASN1(ImplicitTag(tag_of!(IMPLICIT 0), OctetString)),
12        // TODO: Parsing of GeneralNames is not implemented yet
13        #[optional] auth_cert_issuer: placeholder_type!() = placeholder!(EXPLICIT 1),
14        #[optional] auth_cert_serial: ASN1<ImplicitTag<BigInt>> = ASN1(ImplicitTag(tag_of!(IMPLICIT 2), BigInt)),
15    }
16
17    // BasicConstraints ::= SEQUENCE {
18    //     cA                      BOOLEAN DEFAULT FALSE,
19    //     pathLenConstraint       INTEGER (0..MAX) OPTIONAL
20    // }
21    seq BasicConstraints {
22        #[default(false)] is_ca: ASN1<Boolean> = ASN1(Boolean),
23        #[optional] path_len: ASN1<Integer> = ASN1(Integer),
24    }
25
26    // PolicyInformation ::= SEQUENCE {
27    //     policyIdentifier   CertPolicyId,
28    //     policyQualifiers   SEQUENCE SIZE (1..MAX) OF
29    //                             PolicyQualifierInfo OPTIONAL }
30    //
31    // CertPolicyId ::= OBJECT IDENTIFIER
32    //
33    // PolicyQualifierInfo ::= SEQUENCE {
34    //     policyQualifierId  PolicyQualifierId,
35    //     qualifier          ANY DEFINED BY policyQualifierId }
36    //
37    // PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
38    seq PolicyInfo {
39        policy_id: ASN1<ObjectIdentifier> = ASN1(ObjectIdentifier),
40        #[optional] qualifiers: placeholder_type!() = placeholder!(SEQUENCE),
41    }
42
43    // certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
44    seq of CertificatePolicies(ASN1(PolicyInfo)): ASN1<PolicyInfo>;
45
46    seq of ExtendedKeyUsage(ASN1(ObjectIdentifier)): ASN1<ObjectIdentifier>;
47
48    // NameConstraints ::= SEQUENCE {
49    //     permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
50    //     excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
51
52    // GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
53
54    // GeneralSubtree ::= SEQUENCE {
55    //     base                    GeneralName,
56    //     minimum         [0]     BaseDistance DEFAULT 0,
57    //     maximum         [1]     BaseDistance OPTIONAL }
58
59    // BaseDistance ::= INTEGER (0..MAX)
60    seq NameConstraints {
61        // NOTE: implicit tag of a SEQ OF still has the constructed bit set?
62        #[optional] permitted: ASN1<ImplicitTag<GeneralSubtrees>> = ASN1(ImplicitTag(tag_of!(EXPLICIT 0), GeneralSubtrees)),
63        #[optional] excluded: ASN1<ImplicitTag<GeneralSubtrees>> = ASN1(ImplicitTag(tag_of!(EXPLICIT 1), GeneralSubtrees)),
64    }
65
66    seq of GeneralSubtrees(ASN1(GeneralSubtree)): ASN1<GeneralSubtree>;
67
68    // AuthorityInfoAccessSyntax  ::=
69    //         SEQUENCE SIZE (1..MAX) OF AccessDescription
70
71    // AccessDescription  ::=  SEQUENCE {
72    //         accessMethod          OBJECT IDENTIFIER,
73    //         accessLocation        GeneralName  }
74    seq GeneralSubtree {
75        base: GeneralName = GeneralName,
76        #[default(0i64)] min: ASN1<ImplicitTag<Integer>> = ASN1(ImplicitTag(tag_of!(IMPLICIT 0), Integer)),
77        #[optional] max: ASN1<ImplicitTag<Integer>> = ASN1(ImplicitTag(tag_of!(IMPLICIT 1), Integer)),
78    }
79
80    seq of AuthorityInfoAccess(ASN1(AccessDescription)): ASN1<AccessDescription>;
81
82    seq AccessDescription {
83        method: ASN1<ObjectIdentifier> = ASN1(ObjectIdentifier),
84        location: GeneralName = GeneralName,
85    }
86}
87
88oid_match_continuation! {
89    continuation ExtensionParam {
90        oid(AUTH_KEY_IDENT) =>
91            AuthorityKeyIdentifier(ASN1(ExplicitTag(tag_of!(OCTET_STRING), ASN1(AuthorityKeyIdentifier)))): ASN1<ExplicitTag<ASN1<AuthorityKeyIdentifier>>>,
92
93        oid(SUBJECT_KEY_IDENT) =>
94            SubjectKeyIdentifier(ASN1(ExplicitTag(tag_of!(OCTET_STRING), ASN1(OctetString)))): ASN1<ExplicitTag<ASN1<OctetString>>>,
95
96        oid(BASIC_CONSTRAINTS) =>
97            BasicConstraints(ASN1(ExplicitTag(tag_of!(OCTET_STRING), ASN1(BasicConstraints)))): ASN1<ExplicitTag<ASN1<BasicConstraints>>>,
98
99        oid(CERT_POLICIES) =>
100            CertificatePolicies(ASN1(ExplicitTag(tag_of!(OCTET_STRING), ASN1(CertificatePolicies)))): ASN1<ExplicitTag<ASN1<CertificatePolicies>>>,
101
102        oid(EXTENDED_KEY_USAGE) =>
103            ExtendedKeyUsage(ASN1(ExplicitTag(tag_of!(OCTET_STRING), ASN1(ExtendedKeyUsage)))): ASN1<ExplicitTag<ASN1<ExtendedKeyUsage>>>,
104
105        oid(KEY_USAGE) =>
106            KeyUsage(ASN1(ExplicitTag(tag_of!(OCTET_STRING), ASN1(BitString)))): ASN1<ExplicitTag<ASN1<BitString>>>,
107
108        oid(SUBJECT_ALT_NAME) =>
109            SubjectAltName(ASN1(ExplicitTag(tag_of!(OCTET_STRING), ASN1(GeneralNames)))): ASN1<ExplicitTag<ASN1<GeneralNames>>>,
110
111        oid(NAME_CONSTRAINTS) =>
112            NameConstraints(ASN1(ExplicitTag(tag_of!(OCTET_STRING), ASN1(NameConstraints)))): ASN1<ExplicitTag<ASN1<NameConstraints>>>,
113
114        oid(AUTH_INFO_ACCESS) =>
115            AuthorityInfoAccess(ASN1(ExplicitTag(tag_of!(OCTET_STRING), ASN1(AuthorityInfoAccess)))): ASN1<ExplicitTag<ASN1<AuthorityInfoAccess>>>,
116
117        _ => Other(ASN1(OctetString)): ASN1<OctetString>,
118    }
119}
120
121}
verdict_parser/x509/ext_value.rs

verdict_parser/x509/
ext_value.rs
