718 lines
16 KiB
C
718 lines
16 KiB
C
/*
|
|
* Copyright (c) 1997-2005 Kungliga Tekniska Högskolan
|
|
* (Royal Institute of Technology, Stockholm, Sweden).
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* 3. Neither the name of the Institute nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "der_locl.h"
|
|
|
|
RCSID("$Id$");
|
|
|
|
/*
|
|
* All encoding functions take a pointer `p' to first position in
|
|
* which to write, from the right, `len' which means the maximum
|
|
* number of characters we are able to write. The function returns
|
|
* the number of characters written in `size' (if non-NULL).
|
|
* The return value is 0 or an error.
|
|
*/
|
|
|
|
int ASN1CALL
|
|
der_put_unsigned (unsigned char *p, size_t len, const unsigned *v, size_t *size)
|
|
{
|
|
unsigned char *base = p;
|
|
unsigned val = *v;
|
|
|
|
*size = 0;
|
|
|
|
if (val) {
|
|
while (len > 0 && val) {
|
|
*p-- = val % 256;
|
|
val /= 256;
|
|
--len;
|
|
}
|
|
if (val != 0)
|
|
return ASN1_OVERFLOW;
|
|
else {
|
|
if(p[1] >= 128) {
|
|
if(len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = 0;
|
|
}
|
|
*size = base - p;
|
|
return 0;
|
|
}
|
|
} else if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
else {
|
|
*p = 0;
|
|
*size = 1;
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_unsigned64 (unsigned char *p, size_t len, const uint64_t *v, size_t *size)
|
|
{
|
|
unsigned char *base = p;
|
|
uint64_t val = *v;
|
|
|
|
*size = 0;
|
|
|
|
if (val) {
|
|
while (len > 0 && val) {
|
|
*p-- = val % 256;
|
|
val /= 256;
|
|
--len;
|
|
}
|
|
if (val != 0)
|
|
return ASN1_OVERFLOW;
|
|
else {
|
|
if(p[1] >= 128) {
|
|
if(len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = 0;
|
|
}
|
|
*size = base - p;
|
|
return 0;
|
|
}
|
|
} else if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
else {
|
|
*p = 0;
|
|
*size = 1;
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_integer (unsigned char *p, size_t len, const int *v, size_t *size)
|
|
{
|
|
unsigned char *base = p;
|
|
int val = *v;
|
|
|
|
*size = 0;
|
|
|
|
if(val >= 0) {
|
|
do {
|
|
if(len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = val % 256;
|
|
len--;
|
|
val /= 256;
|
|
} while(val);
|
|
if(p[1] >= 128) {
|
|
if(len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = 0;
|
|
len--;
|
|
}
|
|
} else {
|
|
val = ~val;
|
|
do {
|
|
if(len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = ~(val % 256);
|
|
len--;
|
|
val /= 256;
|
|
} while(val);
|
|
if(p[1] < 128) {
|
|
if(len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = 0xff;
|
|
len--;
|
|
}
|
|
}
|
|
*size = base - p;
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_integer64 (unsigned char *p, size_t len, const int64_t *v, size_t *size)
|
|
{
|
|
unsigned char *base = p;
|
|
int64_t val = *v;
|
|
|
|
*size = 0;
|
|
|
|
if(val >= 0) {
|
|
do {
|
|
if(len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = val % 256;
|
|
len--;
|
|
val /= 256;
|
|
} while(val);
|
|
if(p[1] >= 128) {
|
|
if(len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = 0;
|
|
len--;
|
|
}
|
|
} else {
|
|
val = ~val;
|
|
do {
|
|
if(len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = ~(val % 256);
|
|
len--;
|
|
val /= 256;
|
|
} while(val);
|
|
if(p[1] < 128) {
|
|
if(len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = 0xff;
|
|
len--;
|
|
}
|
|
}
|
|
*size = base - p;
|
|
return 0;
|
|
}
|
|
|
|
|
|
int ASN1CALL
|
|
der_put_length (unsigned char *p, size_t len, size_t val, size_t *size)
|
|
{
|
|
if (size)
|
|
*size = 0;
|
|
|
|
if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
|
|
if (val < 128) {
|
|
*p = val;
|
|
if (size)
|
|
*size = 1;
|
|
} else {
|
|
size_t l = 0;
|
|
|
|
while(val > 0) {
|
|
if(len < 2)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = val % 256;
|
|
val /= 256;
|
|
len--;
|
|
l++;
|
|
}
|
|
*p = 0x80 | l;
|
|
if(size)
|
|
*size = l + 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_boolean(unsigned char *p, size_t len, const int *data, size_t *size)
|
|
{
|
|
*size = 0;
|
|
|
|
if(len < 1)
|
|
return ASN1_OVERFLOW;
|
|
if(*data != 0)
|
|
*p = 0xff;
|
|
else
|
|
*p = 0;
|
|
*size = 1;
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_general_string (unsigned char *p, size_t len,
|
|
const heim_general_string *str, size_t *size)
|
|
{
|
|
size_t slen;
|
|
|
|
assert(p != NULL && str != NULL && *str != NULL && size != NULL);
|
|
*size = 0;
|
|
slen = strlen(*str);
|
|
if (len < slen)
|
|
return ASN1_OVERFLOW;
|
|
p -= slen;
|
|
memcpy (p+1, *str, slen);
|
|
*size = slen;
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_utf8string (unsigned char *p, size_t len,
|
|
const heim_utf8_string *str, size_t *size)
|
|
{
|
|
return der_put_general_string(p, len, str, size);
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_printable_string (unsigned char *p, size_t len,
|
|
const heim_printable_string *str, size_t *size)
|
|
{
|
|
return der_put_octet_string(p, len, str, size);
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_ia5_string (unsigned char *p, size_t len,
|
|
const heim_ia5_string *str, size_t *size)
|
|
{
|
|
return der_put_octet_string(p, len, str, size);
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_bmp_string (unsigned char *p, size_t len,
|
|
const heim_bmp_string *data, size_t *size)
|
|
{
|
|
size_t i;
|
|
|
|
assert(p != NULL && data != NULL);
|
|
|
|
if (size)
|
|
*size = 0;
|
|
|
|
if (len / 2 < data->length)
|
|
return ASN1_OVERFLOW;
|
|
p -= data->length * 2;
|
|
for (i = 0; i < data->length; i++) {
|
|
p[1] = (data->data[i] >> 8) & 0xff;
|
|
p[2] = data->data[i] & 0xff;
|
|
p += 2;
|
|
}
|
|
if (size) *size = data->length * 2;
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_universal_string (unsigned char *p, size_t len,
|
|
const heim_universal_string *data, size_t *size)
|
|
{
|
|
size_t i;
|
|
|
|
if (size)
|
|
*size = 0;
|
|
|
|
if (len / 4 < data->length)
|
|
return ASN1_OVERFLOW;
|
|
p -= data->length * 4;
|
|
for (i = 0; i < data->length; i++) {
|
|
p[1] = (data->data[i] >> 24) & 0xff;
|
|
p[2] = (data->data[i] >> 16) & 0xff;
|
|
p[3] = (data->data[i] >> 8) & 0xff;
|
|
p[4] = data->data[i] & 0xff;
|
|
p += 4;
|
|
}
|
|
if (size) *size = data->length * 4;
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_visible_string (unsigned char *p, size_t len,
|
|
const heim_visible_string *str, size_t *size)
|
|
{
|
|
return der_put_general_string(p, len, str, size);
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_octet_string (unsigned char *p, size_t len,
|
|
const heim_octet_string *data, size_t *size)
|
|
{
|
|
assert(p != NULL && data != NULL && size != NULL);
|
|
|
|
*size = 0;
|
|
if (len < data->length)
|
|
return ASN1_OVERFLOW;
|
|
p -= data->length;
|
|
if (data->length)
|
|
memcpy(p+1, data->data, data->length);
|
|
*size = data->length;
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_heim_integer (unsigned char *p, size_t len,
|
|
const heim_integer *data, size_t *size)
|
|
{
|
|
unsigned char *buf;
|
|
int hibitset = 0;
|
|
|
|
assert(p != NULL);
|
|
|
|
if (size)
|
|
*size = 0;
|
|
|
|
if (data->length == 0) {
|
|
if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = 0;
|
|
if (size)
|
|
*size = 1;
|
|
return 0;
|
|
}
|
|
if (len < data->length)
|
|
return ASN1_OVERFLOW;
|
|
|
|
assert(data->data != NULL);
|
|
buf = data->data;
|
|
len -= data->length;
|
|
|
|
if (data->negative) {
|
|
ssize_t i;
|
|
int carry;
|
|
|
|
/*
|
|
* We represent the parsed integer as a positive value with a
|
|
* negativity flag. But we need to put it on the wire as the shortest
|
|
* twos-complement byte sequence possible. So we're going to negate
|
|
* the number as go.
|
|
*/
|
|
if (data->length == 1 && *(unsigned char *)data->data == 1) {
|
|
*(p--) = 0xff;
|
|
} else {
|
|
for (i = data->length - 1, carry = 1; i >= 0; i--) {
|
|
*p = buf[i] ^ 0xff;
|
|
if (carry)
|
|
carry = !++*p;
|
|
p--;
|
|
}
|
|
if (p[1] < 128) {
|
|
if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = 0xff;
|
|
len--;
|
|
hibitset = 1;
|
|
}
|
|
}
|
|
} else {
|
|
p -= data->length;
|
|
memcpy(p + 1, buf, data->length);
|
|
|
|
if (p[1] >= 128) {
|
|
if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
p[0] = 0;
|
|
len--;
|
|
hibitset = 1;
|
|
}
|
|
}
|
|
if (size)
|
|
*size = data->length + hibitset;
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_generalized_time (unsigned char *p, size_t len,
|
|
const time_t *data, size_t *size)
|
|
{
|
|
heim_octet_string k;
|
|
size_t l;
|
|
int e;
|
|
|
|
e = _heim_time2generalizedtime (*data, &k, 1);
|
|
if (e)
|
|
return e;
|
|
e = der_put_octet_string(p, len, &k, &l);
|
|
free(k.data);
|
|
if(e)
|
|
return e;
|
|
if(size)
|
|
*size = l;
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_utctime (unsigned char *p, size_t len,
|
|
const time_t *data, size_t *size)
|
|
{
|
|
heim_octet_string k;
|
|
size_t l;
|
|
int e;
|
|
|
|
e = _heim_time2generalizedtime (*data, &k, 0);
|
|
if (e)
|
|
return e;
|
|
e = der_put_octet_string(p, len, &k, &l);
|
|
free(k.data);
|
|
if(e)
|
|
return e;
|
|
if(size)
|
|
*size = l;
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_oid (unsigned char *p, size_t len,
|
|
const heim_oid *data, size_t *size)
|
|
{
|
|
unsigned char *base = p;
|
|
size_t n;
|
|
|
|
for (n = data->length - 1; n >= 2; --n) {
|
|
unsigned u = data->components[n];
|
|
|
|
if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = u % 128;
|
|
u /= 128;
|
|
--len;
|
|
while (u > 0) {
|
|
if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = 128 + u % 128;
|
|
u /= 128;
|
|
--len;
|
|
}
|
|
}
|
|
if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = 40 * data->components[0] + data->components[1];
|
|
*size = base - p;
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Output a copy of the DER TLV at `p' with a different outermost tag.
|
|
*
|
|
* This is used in the implementation of IMPLICIT tags in generated decoder
|
|
* functions.
|
|
*/
|
|
int ASN1CALL
|
|
der_replace_tag(const unsigned char *p, size_t len,
|
|
unsigned char **out, size_t *outlen,
|
|
Der_class class, Der_type type,
|
|
unsigned int tag)
|
|
{
|
|
Der_class found_class;
|
|
Der_type found_type;
|
|
unsigned int found_tag;
|
|
size_t payload_len, l, tag_len, len_len;
|
|
int e;
|
|
|
|
assert(p != NULL && out != NULL && outlen != NULL);
|
|
|
|
e = der_get_tag(p, len, &found_class, &found_type, &found_tag, &l);
|
|
if (e)
|
|
return e;
|
|
if (found_type != type)
|
|
return ASN1_TYPE_MISMATCH;
|
|
/* We don't care what found_class and found_tag are though */
|
|
tag_len = der_length_tag(tag);
|
|
p += l;
|
|
len -= l;
|
|
e = der_get_length(p, len, &payload_len, &len_len);
|
|
if (e)
|
|
return e;
|
|
if (payload_len > len)
|
|
return ASN1_OVERFLOW;
|
|
/*
|
|
* `p' now points at the payload; `*out' + the length of the tag points at
|
|
* where we should copy the DER length and the payload.
|
|
*/
|
|
if ((*out = malloc(*outlen = tag_len + len_len + payload_len)) == NULL)
|
|
return ENOMEM;
|
|
memcpy(*out + tag_len, p, len_len + payload_len);
|
|
|
|
/* Put the new tag */
|
|
e = der_put_tag(*out + tag_len - 1, tag_len, class, type, tag, &l);
|
|
if (e)
|
|
return e;
|
|
if (l != tag_len)
|
|
return ASN1_OVERFLOW;
|
|
return 0;
|
|
}
|
|
|
|
#if 0
|
|
int ASN1CALL
|
|
der_encode_implicit(unsigned char *p, size_t len,
|
|
asn1_generic_encoder_f encoder,
|
|
void *obj, size_t *size,
|
|
Der_type type,
|
|
unsigned int ttag, Der_class iclass, unsigned int itag)
|
|
{
|
|
size_t ttaglen = der_length_tag(ttag);
|
|
size_t itaglen = der_length_tag(itag);
|
|
size_t l;
|
|
unsigned char *p2;
|
|
int e;
|
|
|
|
assert(p != NULL && size != NULL);
|
|
|
|
/* Attempt to encode in place */
|
|
e = encoder(p, len, obj, size);
|
|
if (e == 0) {
|
|
/* Fits! Rewrite tag, adjust reported size. */
|
|
e = der_put_tag(p + ttaglen - 1, itaglen, iclass, type, itag, &l);
|
|
if (e == 0) {
|
|
(*size) -= ttaglen;
|
|
(*size) += itaglen;
|
|
}
|
|
return e;
|
|
}
|
|
if (e != ASN1_OVERFLOW || itaglen <= ttaglen)
|
|
return e;
|
|
|
|
/*
|
|
* Did not fit because ttaglen > itaglen and this was the last / only thing
|
|
* being encoded in a buffer of just the right size.
|
|
*/
|
|
if ((p2 = malloc(len + ttaglen - itaglen)) == NULL)
|
|
e = ENOMEM;
|
|
if (e == 0)
|
|
e = encoder(p2 + len + ttaglen - itaglen - 1, len + ttaglen - itaglen,
|
|
obj, size);
|
|
if (e == 0)
|
|
e = der_put_tag(p2 + ttaglen - 1, itaglen, iclass, type, itag, &l);
|
|
if (e == 0) {
|
|
(*size) -= ttaglen;
|
|
(*size) += itaglen;
|
|
memcpy(p - *size, p2 + ttaglen - itaglen, *size);
|
|
}
|
|
free(p2);
|
|
return e;
|
|
}
|
|
#endif
|
|
|
|
int ASN1CALL
|
|
der_put_tag (unsigned char *p, size_t len, Der_class class, Der_type type,
|
|
unsigned int tag, size_t *size)
|
|
{
|
|
if (tag <= 30) {
|
|
if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p = MAKE_TAG(class, type, tag);
|
|
*size = 1;
|
|
} else {
|
|
size_t ret = 0;
|
|
unsigned int continuation = 0;
|
|
|
|
do {
|
|
if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = tag % 128 | continuation;
|
|
len--;
|
|
ret++;
|
|
tag /= 128;
|
|
continuation = 0x80;
|
|
} while(tag > 0);
|
|
if (len < 1)
|
|
return ASN1_OVERFLOW;
|
|
*p-- = MAKE_TAG(class, type, 0x1f);
|
|
ret++;
|
|
*size = ret;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_length_and_tag (unsigned char *p, size_t len, size_t len_val,
|
|
Der_class class, Der_type type,
|
|
unsigned int tag, size_t *size)
|
|
{
|
|
size_t ret = 0;
|
|
size_t l;
|
|
int e;
|
|
|
|
e = der_put_length (p, len, len_val, &l);
|
|
if(e)
|
|
return e;
|
|
p -= l;
|
|
len -= l;
|
|
ret += l;
|
|
e = der_put_tag (p, len, class, type, tag, &l);
|
|
if(e)
|
|
return e;
|
|
|
|
ret += l;
|
|
*size = ret;
|
|
return 0;
|
|
}
|
|
|
|
int
|
|
_heim_time2generalizedtime (time_t t, heim_octet_string *s, int gtimep)
|
|
{
|
|
struct tm tm;
|
|
const size_t len = gtimep ? 15 : 13;
|
|
int bytes;
|
|
|
|
s->data = NULL;
|
|
s->length = 0;
|
|
if (_der_gmtime(t, &tm) == NULL)
|
|
return ASN1_BAD_TIMEFORMAT;
|
|
s->data = malloc(len + 1);
|
|
if (s->data == NULL)
|
|
return ENOMEM;
|
|
s->length = len;
|
|
if (gtimep)
|
|
bytes = snprintf(s->data, len + 1, "%04d%02d%02d%02d%02d%02dZ",
|
|
tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday,
|
|
tm.tm_hour, tm.tm_min, tm.tm_sec);
|
|
else
|
|
bytes = snprintf(s->data, len + 1, "%02d%02d%02d%02d%02d%02dZ",
|
|
tm.tm_year % 100, tm.tm_mon + 1, tm.tm_mday,
|
|
tm.tm_hour, tm.tm_min, tm.tm_sec);
|
|
|
|
if (bytes > len)
|
|
abort();
|
|
|
|
return 0;
|
|
}
|
|
|
|
int ASN1CALL
|
|
der_put_bit_string (unsigned char *p, size_t len,
|
|
const heim_bit_string *data, size_t *size)
|
|
{
|
|
size_t data_size;
|
|
|
|
assert(p != NULL && data != NULL && size != NULL);
|
|
|
|
*size = 0;
|
|
data_size = (data->length + 7) / 8;
|
|
if (len < data_size + 1)
|
|
return ASN1_OVERFLOW;
|
|
p -= data_size + 1;
|
|
|
|
memcpy (p+2, data->data, data_size);
|
|
if (data->length && (data->length % 8) != 0)
|
|
p[1] = 8 - (data->length % 8);
|
|
else
|
|
p[1] = 0;
|
|
*size = data_size + 1;
|
|
return 0;
|
|
}
|
|
|
|
int
|
|
_heim_der_set_sort(const void *a1, const void *a2)
|
|
{
|
|
const heim_octet_string *s1, *s2;
|
|
int ret;
|
|
|
|
assert(a1 != NULL && a2 != NULL);
|
|
s1 = a1;
|
|
s2 = a2;
|
|
ret = memcmp(s1->data, s2->data,
|
|
s1->length < s2->length ? s1->length : s2->length);
|
|
if (ret != 0)
|
|
return ret;
|
|
return (int)(s1->length - s2->length);
|
|
}
|