1 #ifndef _IPXE_ASN1_H
2 #define _IPXE_ASN1_H
3
4 /** @file
5 *
6 * ASN.1 encoding
7 *
8 */
9
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11
12 #include <stddef.h>
13 #include <stdint.h>
14 #include <assert.h>
15 #include <time.h>
16 #include <ipxe/tables.h>
17
18 /** An ASN.1 object cursor */
19 struct asn1_cursor {
20 /** Start of data */
21 const void *data;
22 /** Length of data */
23 size_t len;
24 };
25
26 /** An ASN.1 object builder */
27 struct asn1_builder {
28 /** Data
29 *
30 * This is always dynamically allocated. If @c data is NULL
31 * while @len is non-zero, this indicates that a memory
32 * allocation error has occurred during the building process.
33 */
34 void *data;
35 /** Length of data */
36 size_t len;
37 };
38
39 /** Maximum (viable) length of ASN.1 length
40 *
41 * While in theory unlimited, this length is sufficient to contain a
42 * size_t.
43 */
44 #define ASN1_MAX_LEN_LEN ( 1 + sizeof ( size_t ) )
45
46 /** An ASN.1 header */
47 struct asn1_builder_header {
48 /** Type */
49 uint8_t type;
50 /** Length (encoded) */
51 uint8_t length[ASN1_MAX_LEN_LEN];
52 } __attribute__ (( packed ));
53
54 /** ASN.1 end */
55 #define ASN1_END 0x00
56
57 /** ASN.1 boolean */
58 #define ASN1_BOOLEAN 0x01
59
60 /** ASN.1 integer */
61 #define ASN1_INTEGER 0x02
62
63 /** ASN.1 bit string */
64 #define ASN1_BIT_STRING 0x03
65
66 /** ASN.1 octet string */
67 #define ASN1_OCTET_STRING 0x04
68
69 /** ASN.1 null */
70 #define ASN1_NULL 0x05
71
72 /** ASN.1 object identifier */
73 #define ASN1_OID 0x06
74
75 /** ASN.1 enumeration */
76 #define ASN1_ENUMERATED 0x0a
77
78 /** ASN.1 UTC time */
79 #define ASN1_UTC_TIME 0x17
80
81 /** ASN.1 generalized time */
82 #define ASN1_GENERALIZED_TIME 0x18
83
84 /** ASN.1 sequence */
85 #define ASN1_SEQUENCE 0x30
86
87 /** ASN.1 set */
88 #define ASN1_SET 0x31
89
90 /** ASN.1 implicit tag */
91 #define ASN1_IMPLICIT_TAG( number) ( 0x80 | (number) )
92
93 /** ASN.1 explicit tag */
94 #define ASN1_EXPLICIT_TAG( number) ( 0xa0 | (number) )
95
96 /** ASN.1 "any tag" magic value */
97 #define ASN1_ANY -1U
98
99 /** Initial OID byte */
100 #define ASN1_OID_INITIAL( first, second ) ( ( (first) * 40 ) + (second) )
101
102 /** Single-byte OID value
103 *
104 * Valid for values up to 127
105 */
106 #define ASN1_OID_SINGLE( value ) ( (value) & 0x7f )
107
108 /** Double-byte OID value
109 *
110 * Valid for values up to 16383
111 */
112 #define ASN1_OID_DOUBLE( value ) \
113 ( 0x80 | ( ( (value) >> 7 ) & 0x7f ) ), ASN1_OID_SINGLE ( (value) )
114
115 /** Double-byte OID value
116 *
117 * Valid for values up to 2097151
118 */
119 #define ASN1_OID_TRIPLE( value ) \
120 ( 0x80 | ( ( (value) >> 14 ) & 0x7f ) ), ASN1_OID_DOUBLE ( (value) )
121
122 /** ASN.1 OID for rsaEncryption (1.2.840.113549.1.1.1) */
123 #define ASN1_OID_RSAENCRYPTION \
124 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
125 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
126 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 1 )
127
128 /** ASN.1 OID for md5WithRSAEncryption (1.2.840.113549.1.1.4) */
129 #define ASN1_OID_MD5WITHRSAENCRYPTION \
130 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
131 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
132 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 4 )
133
134 /** ASN.1 OID for sha1WithRSAEncryption (1.2.840.113549.1.1.5) */
135 #define ASN1_OID_SHA1WITHRSAENCRYPTION \
136 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
137 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
138 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 )
139
140 /** ASN.1 OID for sha256WithRSAEncryption (1.2.840.113549.1.1.11) */
141 #define ASN1_OID_SHA256WITHRSAENCRYPTION \
142 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
143 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
144 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 11 )
145
146 /** ASN.1 OID for sha384WithRSAEncryption (1.2.840.113549.1.1.12) */
147 #define ASN1_OID_SHA384WITHRSAENCRYPTION \
148 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
149 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
150 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 12 )
151
152 /** ASN.1 OID for sha512WithRSAEncryption (1.2.840.113549.1.1.13) */
153 #define ASN1_OID_SHA512WITHRSAENCRYPTION \
154 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
155 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
156 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 13 )
157
158 /** ASN.1 OID for sha224WithRSAEncryption (1.2.840.113549.1.1.14) */
159 #define ASN1_OID_SHA224WITHRSAENCRYPTION \
160 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
161 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
162 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 14 )
163
164 /** ASN.1 OID for id-md4 (1.2.840.113549.2.4) */
165 #define ASN1_OID_MD4 \
166 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
167 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 2 ), \
168 ASN1_OID_SINGLE ( 4 )
169
170 /** ASN.1 OID for id-md5 (1.2.840.113549.2.5) */
171 #define ASN1_OID_MD5 \
172 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
173 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 2 ), \
174 ASN1_OID_SINGLE ( 5 )
175
176 /** ASN.1 OID for id-sha1 (1.3.14.3.2.26) */
177 #define ASN1_OID_SHA1 \
178 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 14 ), \
179 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 2 ), \
180 ASN1_OID_SINGLE ( 26 )
181
182 /** ASN.1 OID for id-sha256 (2.16.840.1.101.3.4.2.1) */
183 #define ASN1_OID_SHA256 \
184 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
185 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
186 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
187 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 1 )
188
189 /** ASN.1 OID for id-sha384 (2.16.840.1.101.3.4.2.2) */
190 #define ASN1_OID_SHA384 \
191 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
192 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
193 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
194 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 2 )
195
196 /** ASN.1 OID for id-sha512 (2.16.840.1.101.3.4.2.3) */
197 #define ASN1_OID_SHA512 \
198 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
199 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
200 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
201 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 3 )
202
203 /** ASN.1 OID for id-sha224 (2.16.840.1.101.3.4.2.4) */
204 #define ASN1_OID_SHA224 \
205 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
206 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
207 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
208 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 4 )
209
210 /** ASN.1 OID for id-sha512-224 (2.16.840.1.101.3.4.2.5) */
211 #define ASN1_OID_SHA512_224 \
212 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
213 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
214 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
215 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 5 )
216
217 /** ASN.1 OID for id-sha512-256 (2.16.840.1.101.3.4.2.6) */
218 #define ASN1_OID_SHA512_256 \
219 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
220 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
221 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
222 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 6 )
223
224 /** ASN.1 OID for commonName (2.5.4.3) */
225 #define ASN1_OID_COMMON_NAME \
226 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 4 ), \
227 ASN1_OID_SINGLE ( 3 )
228
229 /** ASN.1 OID for id-ce-keyUsage (2.5.29.15) */
230 #define ASN1_OID_KEYUSAGE \
231 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
232 ASN1_OID_SINGLE ( 15 )
233
234 /** ASN.1 OID for id-ce-basicConstraints (2.5.29.19) */
235 #define ASN1_OID_BASICCONSTRAINTS \
236 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
237 ASN1_OID_SINGLE ( 19 )
238
239 /** ASN.1 OID for id-ce-extKeyUsage (2.5.29.37) */
240 #define ASN1_OID_EXTKEYUSAGE \
241 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
242 ASN1_OID_SINGLE ( 37 )
243
244 /** ASN.1 OID for id-kp-codeSigning (1.3.6.1.5.5.7.3.3) */
245 #define ASN1_OID_CODESIGNING \
246 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
247 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
248 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
249 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 3 )
250
251 /** ASN.1 OID for pkcs-signedData (1.2.840.113549.1.7.2) */
252 #define ASN1_OID_SIGNEDDATA \
253 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
254 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
255 ASN1_OID_SINGLE ( 7 ), ASN1_OID_SINGLE ( 2 )
256
257 /** ASN.1 OID for id-pe-authorityInfoAccess (1.3.6.1.5.5.7.1.1) */
258 #define ASN1_OID_AUTHORITYINFOACCESS \
259 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
260 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
261 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
262 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 1 )
263
264 /** ASN.1 OID for id-ad-ocsp (1.3.6.1.5.5.7.48.1) */
265 #define ASN1_OID_OCSP \
266 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
267 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
268 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
269 ASN1_OID_SINGLE ( 48 ), ASN1_OID_SINGLE ( 1 )
270
271 /** ASN.1 OID for id-pkix-ocsp-basic ( 1.3.6.1.5.5.7.48.1.1) */
272 #define ASN1_OID_OCSP_BASIC \
273 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
274 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
275 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
276 ASN1_OID_SINGLE ( 48 ), ASN1_OID_SINGLE ( 1 ), \
277 ASN1_OID_SINGLE ( 1 )
278
279 /** ASN.1 OID for id-kp-OCSPSigning (1.3.6.1.5.5.7.3.9) */
280 #define ASN1_OID_OCSPSIGNING \
281 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
282 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
283 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
284 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 9 )
285
286 /** ASN.1 OID for id-ce-subjectAltName (2.5.29.17) */
287 #define ASN1_OID_SUBJECTALTNAME \
288 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
289 ASN1_OID_SINGLE ( 17 )
290
291 /** Define an ASN.1 cursor containing an OID */
292 #define ASN1_OID_CURSOR( oid_value ) { \
293 .data = oid_value, \
294 .len = sizeof ( oid_value ), \
295 }
296
297 /** An ASN.1 OID-identified algorithm */
298 struct asn1_algorithm {
299 /** Name */
300 const char *name;
301 /** Object identifier */
302 struct asn1_cursor oid;
303 /** Public-key algorithm (if applicable) */
304 struct pubkey_algorithm *pubkey;
305 /** Digest algorithm (if applicable) */
306 struct digest_algorithm *digest;
307 };
308
309 /** ASN.1 OID-identified algorithms */
310 #define ASN1_ALGORITHMS __table ( struct asn1_algorithm, "asn1_algorithms" )
311
312 /** Declare an ASN.1 OID-identified algorithm */
313 #define __asn1_algorithm __table_entry ( ASN1_ALGORITHMS, 01 )
314
315 /* ASN.1 OID-identified algorithms */
316 extern struct asn1_algorithm rsa_encryption_algorithm __asn1_algorithm;
317 extern struct asn1_algorithm md5_with_rsa_encryption_algorithm __asn1_algorithm;
318 extern struct asn1_algorithm
319 sha1_with_rsa_encryption_algorithm __asn1_algorithm;
320 extern struct asn1_algorithm
321 sha256_with_rsa_encryption_algorithm __asn1_algorithm;
322 extern struct asn1_algorithm
323 sha384_with_rsa_encryption_algorithm __asn1_algorithm;
324 extern struct asn1_algorithm
325 sha512_with_rsa_encryption_algorithm __asn1_algorithm;
326 extern struct asn1_algorithm
327 sha224_with_rsa_encryption_algorithm __asn1_algorithm;
328 extern struct asn1_algorithm oid_md4_algorithm __asn1_algorithm;
329 extern struct asn1_algorithm oid_md5_algorithm __asn1_algorithm;
330 extern struct asn1_algorithm oid_sha1_algorithm __asn1_algorithm;
331 extern struct asn1_algorithm oid_sha256_algorithm __asn1_algorithm;
332 extern struct asn1_algorithm oid_sha384_algorithm __asn1_algorithm;
333 extern struct asn1_algorithm oid_sha512_algorithm __asn1_algorithm;
334 extern struct asn1_algorithm oid_sha224_algorithm __asn1_algorithm;
335 extern struct asn1_algorithm oid_sha512_224_algorithm __asn1_algorithm;
336 extern struct asn1_algorithm oid_sha512_256_algorithm __asn1_algorithm;
337
338 /** An ASN.1 bit string */
339 struct asn1_bit_string {
340 /** Data */
341 const void *data;
342 /** Length */
343 size_t len;
344 /** Unused bits at end of data */
345 unsigned int unused;
346 } __attribute__ (( packed ));
347
348 /**
349 * Invalidate ASN.1 object cursor
350 *
351 * @v cursor ASN.1 object cursor
352 */
353 static inline __attribute__ (( always_inline )) void
asn1_invalidate_cursor(struct asn1_cursor * cursor)354 asn1_invalidate_cursor ( struct asn1_cursor *cursor ) {
355 cursor->len = 0;
356 }
357
358 /**
359 * Extract ASN.1 type
360 *
361 * @v cursor ASN.1 object cursor
362 * @ret type Type, or ASN1_END if cursor is invalid
363 */
364 static inline __attribute__ (( always_inline )) unsigned int
asn1_type(const struct asn1_cursor * cursor)365 asn1_type ( const struct asn1_cursor *cursor ) {
366 const uint8_t *type = cursor->data;
367
368 return ( ( cursor->len >= sizeof ( *type ) ) ? *type : ASN1_END );
369 }
370
371 /**
372 * Get cursor for built object
373 *
374 * @v builder ASN.1 object builder
375 * @ret cursor ASN.1 object cursor
376 */
377 static inline __attribute__ (( always_inline )) struct asn1_cursor *
asn1_built(struct asn1_builder * builder)378 asn1_built ( struct asn1_builder *builder ) {
379 union {
380 struct asn1_builder builder;
381 struct asn1_cursor cursor;
382 } *u = container_of ( builder, typeof ( *u ), builder );
383
384 /* Sanity check */
385 linker_assert ( ( ( const void * ) &u->builder.data ) ==
386 &u->cursor.data, asn1_builder_cursor_data_mismatch );
387 linker_assert ( &u->builder.len == &u->cursor.len,
388 asn1_builder_cursor_len_mismatch );
389
390 return &u->cursor;
391 }
392
393 extern int asn1_start ( struct asn1_cursor *cursor, unsigned int type,
394 size_t extra );
395 extern int asn1_enter ( struct asn1_cursor *cursor, unsigned int type );
396 extern int asn1_skip_if_exists ( struct asn1_cursor *cursor,
397 unsigned int type );
398 extern int asn1_skip ( struct asn1_cursor *cursor, unsigned int type );
399 extern int asn1_shrink ( struct asn1_cursor *cursor, unsigned int type );
400 extern int asn1_enter_any ( struct asn1_cursor *cursor );
401 extern int asn1_skip_any ( struct asn1_cursor *cursor );
402 extern int asn1_shrink_any ( struct asn1_cursor *cursor );
403 extern int asn1_boolean ( const struct asn1_cursor *cursor );
404 extern int asn1_integer ( const struct asn1_cursor *cursor, int *value );
405 extern int asn1_bit_string ( const struct asn1_cursor *cursor,
406 struct asn1_bit_string *bits );
407 extern int asn1_integral_bit_string ( const struct asn1_cursor *cursor,
408 struct asn1_bit_string *bits );
409 extern int asn1_compare ( const struct asn1_cursor *cursor1,
410 const struct asn1_cursor *cursor2 );
411 extern int asn1_algorithm ( const struct asn1_cursor *cursor,
412 struct asn1_algorithm **algorithm );
413 extern int asn1_pubkey_algorithm ( const struct asn1_cursor *cursor,
414 struct asn1_algorithm **algorithm );
415 extern int asn1_digest_algorithm ( const struct asn1_cursor *cursor,
416 struct asn1_algorithm **algorithm );
417 extern int asn1_signature_algorithm ( const struct asn1_cursor *cursor,
418 struct asn1_algorithm **algorithm );
419 extern int asn1_generalized_time ( const struct asn1_cursor *cursor,
420 time_t *time );
421 extern int asn1_grow ( struct asn1_builder *builder, size_t extra );
422 extern int asn1_prepend_raw ( struct asn1_builder *builder, const void *data,
423 size_t len );
424 extern int asn1_prepend ( struct asn1_builder *builder, unsigned int type,
425 const void *data, size_t len );
426 extern int asn1_wrap ( struct asn1_builder *builder, unsigned int type );
427
428 #endif /* _IPXE_ASN1_H */
429