1 /** 2 * \file asn1.h 3 * 4 * \brief Generic ASN.1 parsing 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 * 10 * This file is provided under the Apache License 2.0, or the 11 * GNU General Public License v2.0 or later. 12 * 13 * ********** 14 * Apache License 2.0: 15 * 16 * Licensed under the Apache License, Version 2.0 (the "License"); you may 17 * not use this file except in compliance with the License. 18 * You may obtain a copy of the License at 19 * 20 * http://www.apache.org/licenses/LICENSE-2.0 21 * 22 * Unless required by applicable law or agreed to in writing, software 23 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 24 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 25 * See the License for the specific language governing permissions and 26 * limitations under the License. 27 * 28 * ********** 29 * 30 * ********** 31 * GNU General Public License v2.0 or later: 32 * 33 * This program is free software; you can redistribute it and/or modify 34 * it under the terms of the GNU General Public License as published by 35 * the Free Software Foundation; either version 2 of the License, or 36 * (at your option) any later version. 37 * 38 * This program is distributed in the hope that it will be useful, 39 * but WITHOUT ANY WARRANTY; without even the implied warranty of 40 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 41 * GNU General Public License for more details. 42 * 43 * You should have received a copy of the GNU General Public License along 44 * with this program; if not, write to the Free Software Foundation, Inc., 45 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 46 * 47 * ********** 48 */ 49 #ifndef MBEDTLS_ASN1_H 50 #define MBEDTLS_ASN1_H 51 52 #if !defined(MBEDTLS_CONFIG_FILE) 53 #include "config.h" 54 #else 55 #include MBEDTLS_CONFIG_FILE 56 #endif 57 58 #include <stddef.h> 59 60 #if defined(MBEDTLS_BIGNUM_C) 61 #include "bignum.h" 62 #endif 63 64 /** 65 * \addtogroup asn1_module 66 * \{ 67 */ 68 69 /** 70 * \name ASN1 Error codes 71 * These error codes are OR'ed to X509 error codes for 72 * higher error granularity. 73 * ASN1 is a standard to specify data structures. 74 * \{ 75 */ 76 #define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 /**< Out of data when parsing an ASN1 data structure. */ 77 #define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 /**< ASN1 tag was of an unexpected value. */ 78 #define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 /**< Error when trying to determine the length or invalid length. */ 79 #define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 /**< Actual length differs from expected length. */ 80 #define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 /**< Data is invalid. (not used) */ 81 #define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A /**< Memory allocation failed */ 82 #define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C /**< Buffer too small when writing ASN.1 data structure. */ 83 84 /* \} name */ 85 86 /** 87 * \name DER constants 88 * These constants comply with the DER encoded ASN.1 type tags. 89 * DER encoding uses hexadecimal representation. 90 * An example DER sequence is:\n 91 * - 0x02 -- tag indicating INTEGER 92 * - 0x01 -- length in octets 93 * - 0x05 -- value 94 * Such sequences are typically read into \c ::mbedtls_x509_buf. 95 * \{ 96 */ 97 #define MBEDTLS_ASN1_BOOLEAN 0x01 98 #define MBEDTLS_ASN1_INTEGER 0x02 99 #define MBEDTLS_ASN1_BIT_STRING 0x03 100 #define MBEDTLS_ASN1_OCTET_STRING 0x04 101 #define MBEDTLS_ASN1_NULL 0x05 102 #define MBEDTLS_ASN1_OID 0x06 103 #define MBEDTLS_ASN1_UTF8_STRING 0x0C 104 #define MBEDTLS_ASN1_SEQUENCE 0x10 105 #define MBEDTLS_ASN1_SET 0x11 106 #define MBEDTLS_ASN1_PRINTABLE_STRING 0x13 107 #define MBEDTLS_ASN1_T61_STRING 0x14 108 #define MBEDTLS_ASN1_IA5_STRING 0x16 109 #define MBEDTLS_ASN1_UTC_TIME 0x17 110 #define MBEDTLS_ASN1_GENERALIZED_TIME 0x18 111 #define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C 112 #define MBEDTLS_ASN1_BMP_STRING 0x1E 113 #define MBEDTLS_ASN1_PRIMITIVE 0x00 114 #define MBEDTLS_ASN1_CONSTRUCTED 0x20 115 #define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 116 117 /* 118 * Bit masks for each of the components of an ASN.1 tag as specified in 119 * ITU X.690 (08/2015), section 8.1 "General rules for encoding", 120 * paragraph 8.1.2.2: 121 * 122 * Bit 8 7 6 5 1 123 * +-------+-----+------------+ 124 * | Class | P/C | Tag number | 125 * +-------+-----+------------+ 126 */ 127 #define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0 128 #define MBEDTLS_ASN1_TAG_PC_MASK 0x20 129 #define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F 130 131 /* \} name */ 132 /* \} addtogroup asn1_module */ 133 134 /** Returns the size of the binary string, without the trailing \\0 */ 135 #define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1) 136 137 /** 138 * Compares an mbedtls_asn1_buf structure to a reference OID. 139 * 140 * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a 141 * 'unsigned char *oid' here! 142 */ 143 #define MBEDTLS_OID_CMP(oid_str, oid_buf) \ 144 ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) || \ 145 memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 ) 146 147 #ifdef __cplusplus 148 extern "C" { 149 #endif 150 151 /** 152 * \name Functions to parse ASN.1 data structures 153 * \{ 154 */ 155 156 /** 157 * Type-length-value structure that allows for ASN1 using DER. 158 */ 159 typedef struct mbedtls_asn1_buf 160 { 161 int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */ 162 size_t len; /**< ASN1 length, in octets. */ 163 unsigned char *p; /**< ASN1 data, e.g. in ASCII. */ 164 } 165 mbedtls_asn1_buf; 166 167 /** 168 * Container for ASN1 bit strings. 169 */ 170 typedef struct mbedtls_asn1_bitstring 171 { 172 size_t len; /**< ASN1 length, in octets. */ 173 unsigned char unused_bits; /**< Number of unused bits at the end of the string */ 174 unsigned char *p; /**< Raw ASN1 data for the bit string */ 175 } 176 mbedtls_asn1_bitstring; 177 178 /** 179 * Container for a sequence of ASN.1 items 180 */ 181 typedef struct mbedtls_asn1_sequence 182 { 183 mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */ 184 struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */ 185 } 186 mbedtls_asn1_sequence; 187 188 /** 189 * Container for a sequence or list of 'named' ASN.1 data items 190 */ 191 typedef struct mbedtls_asn1_named_data 192 { 193 mbedtls_asn1_buf oid; /**< The object identifier. */ 194 mbedtls_asn1_buf val; /**< The named value. */ 195 struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */ 196 unsigned char next_merged; /**< Merge next item into the current one? */ 197 } 198 mbedtls_asn1_named_data; 199 200 /** 201 * \brief Get the length of an ASN.1 element. 202 * Updates the pointer to immediately behind the length. 203 * 204 * \param p The position in the ASN.1 data 205 * \param end End of data 206 * \param len The variable that will receive the value 207 * 208 * \return 0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching 209 * end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is 210 * unparseable. 211 */ 212 int mbedtls_asn1_get_len( unsigned char **p, 213 const unsigned char *end, 214 size_t *len ); 215 216 /** 217 * \brief Get the tag and length of the tag. Check for the requested tag. 218 * Updates the pointer to immediately behind the tag and length. 219 * 220 * \param p The position in the ASN.1 data 221 * \param end End of data 222 * \param len The variable that will receive the length 223 * \param tag The expected tag 224 * 225 * \return 0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did 226 * not match requested tag, or another specific ASN.1 error code. 227 */ 228 int mbedtls_asn1_get_tag( unsigned char **p, 229 const unsigned char *end, 230 size_t *len, int tag ); 231 232 /** 233 * \brief Retrieve a boolean ASN.1 tag and its value. 234 * Updates the pointer to immediately behind the full tag. 235 * 236 * \param p The position in the ASN.1 data 237 * \param end End of data 238 * \param val The variable that will receive the value 239 * 240 * \return 0 if successful or a specific ASN.1 error code. 241 */ 242 int mbedtls_asn1_get_bool( unsigned char **p, 243 const unsigned char *end, 244 int *val ); 245 246 /** 247 * \brief Retrieve an integer ASN.1 tag and its value. 248 * Updates the pointer to immediately behind the full tag. 249 * 250 * \param p The position in the ASN.1 data 251 * \param end End of data 252 * \param val The variable that will receive the value 253 * 254 * \return 0 if successful or a specific ASN.1 error code. 255 */ 256 int mbedtls_asn1_get_int( unsigned char **p, 257 const unsigned char *end, 258 int *val ); 259 260 /** 261 * \brief Retrieve a bitstring ASN.1 tag and its value. 262 * Updates the pointer to immediately behind the full tag. 263 * 264 * \param p The position in the ASN.1 data 265 * \param end End of data 266 * \param bs The variable that will receive the value 267 * 268 * \return 0 if successful or a specific ASN.1 error code. 269 */ 270 int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, 271 mbedtls_asn1_bitstring *bs); 272 273 /** 274 * \brief Retrieve a bitstring ASN.1 tag without unused bits and its 275 * value. 276 * Updates the pointer to the beginning of the bit/octet string. 277 * 278 * \param p The position in the ASN.1 data 279 * \param end End of data 280 * \param len Length of the actual bit/octect string in bytes 281 * 282 * \return 0 if successful or a specific ASN.1 error code. 283 */ 284 int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end, 285 size_t *len ); 286 287 /** 288 * \brief Parses and splits an ASN.1 "SEQUENCE OF <tag>" 289 * Updated the pointer to immediately behind the full sequence tag. 290 * 291 * \param p The position in the ASN.1 data 292 * \param end End of data 293 * \param cur First variable in the chain to fill 294 * \param tag Type of sequence 295 * 296 * \return 0 if successful or a specific ASN.1 error code. 297 */ 298 int mbedtls_asn1_get_sequence_of( unsigned char **p, 299 const unsigned char *end, 300 mbedtls_asn1_sequence *cur, 301 int tag); 302 303 #if defined(MBEDTLS_BIGNUM_C) 304 /** 305 * \brief Retrieve a MPI value from an integer ASN.1 tag. 306 * Updates the pointer to immediately behind the full tag. 307 * 308 * \param p The position in the ASN.1 data 309 * \param end End of data 310 * \param X The MPI that will receive the value 311 * 312 * \return 0 if successful or a specific ASN.1 or MPI error code. 313 */ 314 int mbedtls_asn1_get_mpi( unsigned char **p, 315 const unsigned char *end, 316 mbedtls_mpi *X ); 317 #endif /* MBEDTLS_BIGNUM_C */ 318 319 /** 320 * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence. 321 * Updates the pointer to immediately behind the full 322 * AlgorithmIdentifier. 323 * 324 * \param p The position in the ASN.1 data 325 * \param end End of data 326 * \param alg The buffer to receive the OID 327 * \param params The buffer to receive the params (if any) 328 * 329 * \return 0 if successful or a specific ASN.1 or MPI error code. 330 */ 331 int mbedtls_asn1_get_alg( unsigned char **p, 332 const unsigned char *end, 333 mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params ); 334 335 /** 336 * \brief Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no 337 * params. 338 * Updates the pointer to immediately behind the full 339 * AlgorithmIdentifier. 340 * 341 * \param p The position in the ASN.1 data 342 * \param end End of data 343 * \param alg The buffer to receive the OID 344 * 345 * \return 0 if successful or a specific ASN.1 or MPI error code. 346 */ 347 int mbedtls_asn1_get_alg_null( unsigned char **p, 348 const unsigned char *end, 349 mbedtls_asn1_buf *alg ); 350 351 /** 352 * \brief Find a specific named_data entry in a sequence or list based on 353 * the OID. 354 * 355 * \param list The list to seek through 356 * \param oid The OID to look for 357 * \param len Size of the OID 358 * 359 * \return NULL if not found, or a pointer to the existing entry. 360 */ 361 mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list, 362 const char *oid, size_t len ); 363 364 /** 365 * \brief Free a mbedtls_asn1_named_data entry 366 * 367 * \param entry The named data entry to free 368 */ 369 void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry ); 370 371 /** 372 * \brief Free all entries in a mbedtls_asn1_named_data list 373 * Head will be set to NULL 374 * 375 * \param head Pointer to the head of the list of named data entries to free 376 */ 377 void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ); 378 379 #ifdef __cplusplus 380 } 381 #endif 382 383 #endif /* asn1.h */ 384