Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
8774 | rgimad | 1 | /** |
2 | * \file asn1.h |
||
3 | * |
||
4 | * \brief Generic ASN.1 parsing |
||
5 | */ |
||
6 | /* |
||
7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
||
8 | * SPDX-License-Identifier: GPL-2.0 |
||
9 | * |
||
10 | * This program is free software; you can redistribute it and/or modify |
||
11 | * it under the terms of the GNU General Public License as published by |
||
12 | * the Free Software Foundation; either version 2 of the License, or |
||
13 | * (at your option) any later version. |
||
14 | * |
||
15 | * This program is distributed in the hope that it will be useful, |
||
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
18 | * GNU General Public License for more details. |
||
19 | * |
||
20 | * You should have received a copy of the GNU General Public License along |
||
21 | * with this program; if not, write to the Free Software Foundation, Inc., |
||
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
||
23 | * |
||
24 | * This file is part of mbed TLS (https://tls.mbed.org) |
||
25 | */ |
||
26 | #ifndef MBEDTLS_ASN1_H |
||
27 | #define MBEDTLS_ASN1_H |
||
28 | |||
29 | #if !defined(MBEDTLS_CONFIG_FILE) |
||
30 | #include "config.h" |
||
31 | #else |
||
32 | #include MBEDTLS_CONFIG_FILE |
||
33 | #endif |
||
34 | |||
35 | #include |
||
36 | |||
37 | #if defined(MBEDTLS_BIGNUM_C) |
||
38 | #include "bignum.h" |
||
39 | #endif |
||
40 | |||
41 | /** |
||
42 | * \addtogroup asn1_module |
||
43 | * \{ |
||
44 | */ |
||
45 | |||
46 | /** |
||
47 | * \name ASN1 Error codes |
||
48 | * These error codes are OR'ed to X509 error codes for |
||
49 | * higher error granularity. |
||
50 | * ASN1 is a standard to specify data structures. |
||
51 | * \{ |
||
52 | */ |
||
53 | #define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 /**< Out of data when parsing an ASN1 data structure. */ |
||
54 | #define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 /**< ASN1 tag was of an unexpected value. */ |
||
55 | #define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 /**< Error when trying to determine the length or invalid length. */ |
||
56 | #define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 /**< Actual length differs from expected length. */ |
||
57 | #define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 /**< Data is invalid. (not used) */ |
||
58 | #define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A /**< Memory allocation failed */ |
||
59 | #define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C /**< Buffer too small when writing ASN.1 data structure. */ |
||
60 | |||
61 | /* \} name */ |
||
62 | |||
63 | /** |
||
64 | * \name DER constants |
||
65 | * These constants comply with the DER encoded ASN.1 type tags. |
||
66 | * DER encoding uses hexadecimal representation. |
||
67 | * An example DER sequence is:\n |
||
68 | * - 0x02 -- tag indicating INTEGER |
||
69 | * - 0x01 -- length in octets |
||
70 | * - 0x05 -- value |
||
71 | * Such sequences are typically read into \c ::mbedtls_x509_buf. |
||
72 | * \{ |
||
73 | */ |
||
74 | #define MBEDTLS_ASN1_BOOLEAN 0x01 |
||
75 | #define MBEDTLS_ASN1_INTEGER 0x02 |
||
76 | #define MBEDTLS_ASN1_BIT_STRING 0x03 |
||
77 | #define MBEDTLS_ASN1_OCTET_STRING 0x04 |
||
78 | #define MBEDTLS_ASN1_NULL 0x05 |
||
79 | #define MBEDTLS_ASN1_OID 0x06 |
||
80 | #define MBEDTLS_ASN1_UTF8_STRING 0x0C |
||
81 | #define MBEDTLS_ASN1_SEQUENCE 0x10 |
||
82 | #define MBEDTLS_ASN1_SET 0x11 |
||
83 | #define MBEDTLS_ASN1_PRINTABLE_STRING 0x13 |
||
84 | #define MBEDTLS_ASN1_T61_STRING 0x14 |
||
85 | #define MBEDTLS_ASN1_IA5_STRING 0x16 |
||
86 | #define MBEDTLS_ASN1_UTC_TIME 0x17 |
||
87 | #define MBEDTLS_ASN1_GENERALIZED_TIME 0x18 |
||
88 | #define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C |
||
89 | #define MBEDTLS_ASN1_BMP_STRING 0x1E |
||
90 | #define MBEDTLS_ASN1_PRIMITIVE 0x00 |
||
91 | #define MBEDTLS_ASN1_CONSTRUCTED 0x20 |
||
92 | #define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 |
||
93 | |||
94 | /* |
||
95 | * Bit masks for each of the components of an ASN.1 tag as specified in |
||
96 | * ITU X.690 (08/2015), section 8.1 "General rules for encoding", |
||
97 | * paragraph 8.1.2.2: |
||
98 | * |
||
99 | * Bit 8 7 6 5 1 |
||
100 | * +-------+-----+------------+ |
||
101 | * | Class | P/C | Tag number | |
||
102 | * +-------+-----+------------+ |
||
103 | */ |
||
104 | #define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0 |
||
105 | #define MBEDTLS_ASN1_TAG_PC_MASK 0x20 |
||
106 | #define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F |
||
107 | |||
108 | /* \} name */ |
||
109 | /* \} addtogroup asn1_module */ |
||
110 | |||
111 | /** Returns the size of the binary string, without the trailing \\0 */ |
||
112 | #define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1) |
||
113 | |||
114 | /** |
||
115 | * Compares an mbedtls_asn1_buf structure to a reference OID. |
||
116 | * |
||
117 | * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a |
||
118 | * 'unsigned char *oid' here! |
||
119 | */ |
||
120 | #define MBEDTLS_OID_CMP(oid_str, oid_buf) \ |
||
121 | ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \ |
||
122 | memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 ) |
||
123 | |||
124 | #ifdef __cplusplus |
||
125 | extern "C" { |
||
126 | #endif |
||
127 | |||
128 | /** |
||
129 | * \name Functions to parse ASN.1 data structures |
||
130 | * \{ |
||
131 | */ |
||
132 | |||
133 | /** |
||
134 | * Type-length-value structure that allows for ASN1 using DER. |
||
135 | */ |
||
136 | typedef struct mbedtls_asn1_buf |
||
137 | { |
||
138 | int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */ |
||
139 | size_t len; /**< ASN1 length, in octets. */ |
||
140 | unsigned char *p; /**< ASN1 data, e.g. in ASCII. */ |
||
141 | } |
||
142 | mbedtls_asn1_buf; |
||
143 | |||
144 | /** |
||
145 | * Container for ASN1 bit strings. |
||
146 | */ |
||
147 | typedef struct mbedtls_asn1_bitstring |
||
148 | { |
||
149 | size_t len; /**< ASN1 length, in octets. */ |
||
150 | unsigned char unused_bits; /**< Number of unused bits at the end of the string */ |
||
151 | unsigned char *p; /**< Raw ASN1 data for the bit string */ |
||
152 | } |
||
153 | mbedtls_asn1_bitstring; |
||
154 | |||
155 | /** |
||
156 | * Container for a sequence of ASN.1 items |
||
157 | */ |
||
158 | typedef struct mbedtls_asn1_sequence |
||
159 | { |
||
160 | mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */ |
||
161 | struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */ |
||
162 | } |
||
163 | mbedtls_asn1_sequence; |
||
164 | |||
165 | /** |
||
166 | * Container for a sequence or list of 'named' ASN.1 data items |
||
167 | */ |
||
168 | typedef struct mbedtls_asn1_named_data |
||
169 | { |
||
170 | mbedtls_asn1_buf oid; /**< The object identifier. */ |
||
171 | mbedtls_asn1_buf val; /**< The named value. */ |
||
172 | struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */ |
||
173 | unsigned char next_merged; /**< Merge next item into the current one? */ |
||
174 | } |
||
175 | mbedtls_asn1_named_data; |
||
176 | |||
177 | /** |
||
178 | * \brief Get the length of an ASN.1 element. |
||
179 | * Updates the pointer to immediately behind the length. |
||
180 | * |
||
181 | * \param p The position in the ASN.1 data |
||
182 | * \param end End of data |
||
183 | * \param len The variable that will receive the value |
||
184 | * |
||
185 | * \return 0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching |
||
186 | * end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is |
||
187 | * unparseable. |
||
188 | */ |
||
189 | int mbedtls_asn1_get_len( unsigned char **p, |
||
190 | const unsigned char *end, |
||
191 | size_t *len ); |
||
192 | |||
193 | /** |
||
194 | * \brief Get the tag and length of the tag. Check for the requested tag. |
||
195 | * Updates the pointer to immediately behind the tag and length. |
||
196 | * |
||
197 | * \param p The position in the ASN.1 data |
||
198 | * \param end End of data |
||
199 | * \param len The variable that will receive the length |
||
200 | * \param tag The expected tag |
||
201 | * |
||
202 | * \return 0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did |
||
203 | * not match requested tag, or another specific ASN.1 error code. |
||
204 | */ |
||
205 | int mbedtls_asn1_get_tag( unsigned char **p, |
||
206 | const unsigned char *end, |
||
207 | size_t *len, int tag ); |
||
208 | |||
209 | /** |
||
210 | * \brief Retrieve a boolean ASN.1 tag and its value. |
||
211 | * Updates the pointer to immediately behind the full tag. |
||
212 | * |
||
213 | * \param p The position in the ASN.1 data |
||
214 | * \param end End of data |
||
215 | * \param val The variable that will receive the value |
||
216 | * |
||
217 | * \return 0 if successful or a specific ASN.1 error code. |
||
218 | */ |
||
219 | int mbedtls_asn1_get_bool( unsigned char **p, |
||
220 | const unsigned char *end, |
||
221 | int *val ); |
||
222 | |||
223 | /** |
||
224 | * \brief Retrieve an integer ASN.1 tag and its value. |
||
225 | * Updates the pointer to immediately behind the full tag. |
||
226 | * |
||
227 | * \param p The position in the ASN.1 data |
||
228 | * \param end End of data |
||
229 | * \param val The variable that will receive the value |
||
230 | * |
||
231 | * \return 0 if successful or a specific ASN.1 error code. |
||
232 | */ |
||
233 | int mbedtls_asn1_get_int( unsigned char **p, |
||
234 | const unsigned char *end, |
||
235 | int *val ); |
||
236 | |||
237 | /** |
||
238 | * \brief Retrieve a bitstring ASN.1 tag and its value. |
||
239 | * Updates the pointer to immediately behind the full tag. |
||
240 | * |
||
241 | * \param p The position in the ASN.1 data |
||
242 | * \param end End of data |
||
243 | * \param bs The variable that will receive the value |
||
244 | * |
||
245 | * \return 0 if successful or a specific ASN.1 error code. |
||
246 | */ |
||
247 | int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, |
||
248 | mbedtls_asn1_bitstring *bs); |
||
249 | |||
250 | /** |
||
251 | * \brief Retrieve a bitstring ASN.1 tag without unused bits and its |
||
252 | * value. |
||
253 | * Updates the pointer to the beginning of the bit/octet string. |
||
254 | * |
||
255 | * \param p The position in the ASN.1 data |
||
256 | * \param end End of data |
||
257 | * \param len Length of the actual bit/octect string in bytes |
||
258 | * |
||
259 | * \return 0 if successful or a specific ASN.1 error code. |
||
260 | */ |
||
261 | int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end, |
||
262 | size_t *len ); |
||
263 | |||
264 | /** |
||
265 | * \brief Parses and splits an ASN.1 "SEQUENCE OF |
||
266 | * Updated the pointer to immediately behind the full sequence tag. |
||
267 | * |
||
268 | * \param p The position in the ASN.1 data |
||
269 | * \param end End of data |
||
270 | * \param cur First variable in the chain to fill |
||
271 | * \param tag Type of sequence |
||
272 | * |
||
273 | * \return 0 if successful or a specific ASN.1 error code. |
||
274 | */ |
||
275 | int mbedtls_asn1_get_sequence_of( unsigned char **p, |
||
276 | const unsigned char *end, |
||
277 | mbedtls_asn1_sequence *cur, |
||
278 | int tag); |
||
279 | |||
280 | #if defined(MBEDTLS_BIGNUM_C) |
||
281 | /** |
||
282 | * \brief Retrieve a MPI value from an integer ASN.1 tag. |
||
283 | * Updates the pointer to immediately behind the full tag. |
||
284 | * |
||
285 | * \param p The position in the ASN.1 data |
||
286 | * \param end End of data |
||
287 | * \param X The MPI that will receive the value |
||
288 | * |
||
289 | * \return 0 if successful or a specific ASN.1 or MPI error code. |
||
290 | */ |
||
291 | int mbedtls_asn1_get_mpi( unsigned char **p, |
||
292 | const unsigned char *end, |
||
293 | mbedtls_mpi *X ); |
||
294 | #endif /* MBEDTLS_BIGNUM_C */ |
||
295 | |||
296 | /** |
||
297 | * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence. |
||
298 | * Updates the pointer to immediately behind the full |
||
299 | * AlgorithmIdentifier. |
||
300 | * |
||
301 | * \param p The position in the ASN.1 data |
||
302 | * \param end End of data |
||
303 | * \param alg The buffer to receive the OID |
||
304 | * \param params The buffer to receive the params (if any) |
||
305 | * |
||
306 | * \return 0 if successful or a specific ASN.1 or MPI error code. |
||
307 | */ |
||
308 | int mbedtls_asn1_get_alg( unsigned char **p, |
||
309 | const unsigned char *end, |
||
310 | mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params ); |
||
311 | |||
312 | /** |
||
313 | * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no |
||
314 | * params. |
||
315 | * Updates the pointer to immediately behind the full |
||
316 | * AlgorithmIdentifier. |
||
317 | * |
||
318 | * \param p The position in the ASN.1 data |
||
319 | * \param end End of data |
||
320 | * \param alg The buffer to receive the OID |
||
321 | * |
||
322 | * \return 0 if successful or a specific ASN.1 or MPI error code. |
||
323 | */ |
||
324 | int mbedtls_asn1_get_alg_null( unsigned char **p, |
||
325 | const unsigned char *end, |
||
326 | mbedtls_asn1_buf *alg ); |
||
327 | |||
328 | /** |
||
329 | * \brief Find a specific named_data entry in a sequence or list based on |
||
330 | * the OID. |
||
331 | * |
||
332 | * \param list The list to seek through |
||
333 | * \param oid The OID to look for |
||
334 | * \param len Size of the OID |
||
335 | * |
||
336 | * \return NULL if not found, or a pointer to the existing entry. |
||
337 | */ |
||
338 | mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list, |
||
339 | const char *oid, size_t len ); |
||
340 | |||
341 | /** |
||
342 | * \brief Free a mbedtls_asn1_named_data entry |
||
343 | * |
||
344 | * \param entry The named data entry to free |
||
345 | */ |
||
346 | void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry ); |
||
347 | |||
348 | /** |
||
349 | * \brief Free all entries in a mbedtls_asn1_named_data list |
||
350 | * Head will be set to NULL |
||
351 | * |
||
352 | * \param head Pointer to the head of the list of named data entries to free |
||
353 | */ |
||
354 | void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ); |
||
355 | |||
356 | #ifdef __cplusplus |
||
357 | } |
||
358 | #endif |
||
359 | |||
360 | #endif /* asn1.h */>>>>>>>>>>>>>>>>>>> |