1 #ifndef _IPXE_ASN1_H
2 #define _IPXE_ASN1_H
3
4 /** @file
5 *
6 * ASN.1 encoding
7 *
8 */
9
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11
12 #include <stddef.h>
13 #include <stdint.h>
14 #include <stdarg.h>
15 #include <assert.h>
16 #include <time.h>
17 #include <ipxe/tables.h>
18
19 /** An ASN.1 object cursor */
20 struct asn1_cursor {
21 /** Start of data */
22 const void *data;
23 /** Length of data */
24 size_t len;
25 };
26
27 /** An ASN.1 object builder */
28 struct asn1_builder {
29 /** Data
30 *
31 * This is always dynamically allocated. If @c data is NULL
32 * while @len is non-zero, this indicates that a memory
33 * allocation error has occurred during the building process.
34 */
35 void *data;
36 /** Length of data */
37 size_t len;
38 };
39
40 /** Maximum (viable) length of ASN.1 length
41 *
42 * While in theory unlimited, this length is sufficient to contain a
43 * size_t.
44 */
45 #define ASN1_MAX_LEN_LEN ( 1 + sizeof ( size_t ) )
46
47 /** An ASN.1 header */
48 struct asn1_builder_header {
49 /** Type */
50 uint8_t type;
51 /** Length (encoded) */
52 uint8_t length[ASN1_MAX_LEN_LEN];
53 } __attribute__ (( packed ));
54
55 /** ASN.1 end */
56 #define ASN1_END 0x00
57
58 /** ASN.1 boolean */
59 #define ASN1_BOOLEAN 0x01
60
61 /** ASN.1 integer */
62 #define ASN1_INTEGER 0x02
63
64 /** ASN.1 bit string */
65 #define ASN1_BIT_STRING 0x03
66
67 /** ASN.1 octet string */
68 #define ASN1_OCTET_STRING 0x04
69
70 /** ASN.1 null */
71 #define ASN1_NULL 0x05
72
73 /** ASN.1 object identifier */
74 #define ASN1_OID 0x06
75
76 /** ASN.1 enumeration */
77 #define ASN1_ENUMERATED 0x0a
78
79 /** ASN.1 UTF-8 string */
80 #define ASN1_UTF8_STRING 0x0c
81
82 /** ASN.1 UTC time */
83 #define ASN1_UTC_TIME 0x17
84
85 /** ASN.1 generalized time */
86 #define ASN1_GENERALIZED_TIME 0x18
87
88 /** ASN.1 sequence */
89 #define ASN1_SEQUENCE 0x30
90
91 /** ASN.1 set */
92 #define ASN1_SET 0x31
93
94 /** ASN.1 implicit tag */
95 #define ASN1_IMPLICIT_TAG( number) ( 0x80 | (number) )
96
97 /** ASN.1 explicit tag */
98 #define ASN1_EXPLICIT_TAG( number) ( 0xa0 | (number) )
99
100 /** ASN.1 "any tag" magic value */
101 #define ASN1_ANY -1U
102
103 /** Construct a short ASN.1 value */
104 #define ASN1_SHORT( tag, ... ) \
105 (tag), VA_ARG_COUNT ( __VA_ARGS__ ), __VA_ARGS__
106
107 /** Initial OID byte */
108 #define ASN1_OID_INITIAL( first, second ) ( ( (first) * 40 ) + (second) )
109
110 /** Single-byte OID value
111 *
112 * Valid for values up to 127
113 */
114 #define ASN1_OID_SINGLE( value ) ( (value) & 0x7f )
115
116 /** Double-byte OID value
117 *
118 * Valid for values up to 16383
119 */
120 #define ASN1_OID_DOUBLE( value ) \
121 ( 0x80 | ( ( (value) >> 7 ) & 0x7f ) ), ASN1_OID_SINGLE ( (value) )
122
123 /** Double-byte OID value
124 *
125 * Valid for values up to 2097151
126 */
127 #define ASN1_OID_TRIPLE( value ) \
128 ( 0x80 | ( ( (value) >> 14 ) & 0x7f ) ), ASN1_OID_DOUBLE ( (value) )
129
130 /** ASN.1 OID for rsaEncryption (1.2.840.113549.1.1.1) */
131 #define ASN1_OID_RSAENCRYPTION \
132 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
133 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
134 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 1 )
135
136 /** ASN.1 OID for md5WithRSAEncryption (1.2.840.113549.1.1.4) */
137 #define ASN1_OID_MD5WITHRSAENCRYPTION \
138 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
139 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
140 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 4 )
141
142 /** ASN.1 OID for sha1WithRSAEncryption (1.2.840.113549.1.1.5) */
143 #define ASN1_OID_SHA1WITHRSAENCRYPTION \
144 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
145 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
146 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 )
147
148 /** ASN.1 OID for sha256WithRSAEncryption (1.2.840.113549.1.1.11) */
149 #define ASN1_OID_SHA256WITHRSAENCRYPTION \
150 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
151 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
152 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 11 )
153
154 /** ASN.1 OID for sha384WithRSAEncryption (1.2.840.113549.1.1.12) */
155 #define ASN1_OID_SHA384WITHRSAENCRYPTION \
156 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
157 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
158 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 12 )
159
160 /** ASN.1 OID for sha512WithRSAEncryption (1.2.840.113549.1.1.13) */
161 #define ASN1_OID_SHA512WITHRSAENCRYPTION \
162 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
163 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
164 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 13 )
165
166 /** ASN.1 OID for sha224WithRSAEncryption (1.2.840.113549.1.1.14) */
167 #define ASN1_OID_SHA224WITHRSAENCRYPTION \
168 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
169 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
170 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 14 )
171
172 /** ASN.1 OID for id-md4 (1.2.840.113549.2.4) */
173 #define ASN1_OID_MD4 \
174 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
175 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 2 ), \
176 ASN1_OID_SINGLE ( 4 )
177
178 /** ASN.1 OID for id-md5 (1.2.840.113549.2.5) */
179 #define ASN1_OID_MD5 \
180 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
181 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 2 ), \
182 ASN1_OID_SINGLE ( 5 )
183
184 /** ASN.1 OID for id-sha1 (1.3.14.3.2.26) */
185 #define ASN1_OID_SHA1 \
186 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 14 ), \
187 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 2 ), \
188 ASN1_OID_SINGLE ( 26 )
189
190 /** ASN.1 OID for id-sha256 (2.16.840.1.101.3.4.2.1) */
191 #define ASN1_OID_SHA256 \
192 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
193 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
194 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
195 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 1 )
196
197 /** ASN.1 OID for id-sha384 (2.16.840.1.101.3.4.2.2) */
198 #define ASN1_OID_SHA384 \
199 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
200 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
201 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
202 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 2 )
203
204 /** ASN.1 OID for id-sha512 (2.16.840.1.101.3.4.2.3) */
205 #define ASN1_OID_SHA512 \
206 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
207 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
208 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
209 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 3 )
210
211 /** ASN.1 OID for id-sha224 (2.16.840.1.101.3.4.2.4) */
212 #define ASN1_OID_SHA224 \
213 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
214 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
215 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
216 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 4 )
217
218 /** ASN.1 OID for id-sha512-224 (2.16.840.1.101.3.4.2.5) */
219 #define ASN1_OID_SHA512_224 \
220 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
221 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
222 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
223 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 5 )
224
225 /** ASN.1 OID for id-sha512-256 (2.16.840.1.101.3.4.2.6) */
226 #define ASN1_OID_SHA512_256 \
227 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
228 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
229 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
230 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 6 )
231
232 /** ASN.1 OID for commonName (2.5.4.3) */
233 #define ASN1_OID_COMMON_NAME \
234 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 4 ), \
235 ASN1_OID_SINGLE ( 3 )
236
237 /** ASN.1 OID for id-ce-keyUsage (2.5.29.15) */
238 #define ASN1_OID_KEYUSAGE \
239 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
240 ASN1_OID_SINGLE ( 15 )
241
242 /** ASN.1 OID for id-ce-basicConstraints (2.5.29.19) */
243 #define ASN1_OID_BASICCONSTRAINTS \
244 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
245 ASN1_OID_SINGLE ( 19 )
246
247 /** ASN.1 OID for id-ce-extKeyUsage (2.5.29.37) */
248 #define ASN1_OID_EXTKEYUSAGE \
249 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
250 ASN1_OID_SINGLE ( 37 )
251
252 /** ASN.1 OID for id-kp-codeSigning (1.3.6.1.5.5.7.3.3) */
253 #define ASN1_OID_CODESIGNING \
254 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
255 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
256 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
257 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 3 )
258
259 /** ASN.1 OID for pkcs-signedData (1.2.840.113549.1.7.2) */
260 #define ASN1_OID_SIGNEDDATA \
261 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
262 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
263 ASN1_OID_SINGLE ( 7 ), ASN1_OID_SINGLE ( 2 )
264
265 /** ASN.1 OID for id-pe-authorityInfoAccess (1.3.6.1.5.5.7.1.1) */
266 #define ASN1_OID_AUTHORITYINFOACCESS \
267 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
268 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
269 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
270 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 1 )
271
272 /** ASN.1 OID for id-ad-ocsp (1.3.6.1.5.5.7.48.1) */
273 #define ASN1_OID_OCSP \
274 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
275 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
276 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
277 ASN1_OID_SINGLE ( 48 ), ASN1_OID_SINGLE ( 1 )
278
279 /** ASN.1 OID for id-pkix-ocsp-basic ( 1.3.6.1.5.5.7.48.1.1) */
280 #define ASN1_OID_OCSP_BASIC \
281 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
282 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
283 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
284 ASN1_OID_SINGLE ( 48 ), ASN1_OID_SINGLE ( 1 ), \
285 ASN1_OID_SINGLE ( 1 )
286
287 /** ASN.1 OID for id-kp-OCSPSigning (1.3.6.1.5.5.7.3.9) */
288 #define ASN1_OID_OCSPSIGNING \
289 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
290 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
291 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
292 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 9 )
293
294 /** ASN.1 OID for id-ce-subjectAltName (2.5.29.17) */
295 #define ASN1_OID_SUBJECTALTNAME \
296 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
297 ASN1_OID_SINGLE ( 17 )
298
299 /** Define an ASN.1 cursor for a static value */
300 #define ASN1_CURSOR( value ) { \
301 .data = value, \
302 .len = sizeof ( value ), \
303 }
304
305 /** An ASN.1 OID-identified algorithm */
306 struct asn1_algorithm {
307 /** Name */
308 const char *name;
309 /** Object identifier */
310 struct asn1_cursor oid;
311 /** Public-key algorithm (if applicable) */
312 struct pubkey_algorithm *pubkey;
313 /** Digest algorithm (if applicable) */
314 struct digest_algorithm *digest;
315 };
316
317 /** ASN.1 OID-identified algorithms */
318 #define ASN1_ALGORITHMS __table ( struct asn1_algorithm, "asn1_algorithms" )
319
320 /** Declare an ASN.1 OID-identified algorithm */
321 #define __asn1_algorithm __table_entry ( ASN1_ALGORITHMS, 01 )
322
323 /* ASN.1 OID-identified algorithms */
324 extern struct asn1_algorithm rsa_encryption_algorithm __asn1_algorithm;
325 extern struct asn1_algorithm md5_with_rsa_encryption_algorithm __asn1_algorithm;
326 extern struct asn1_algorithm
327 sha1_with_rsa_encryption_algorithm __asn1_algorithm;
328 extern struct asn1_algorithm
329 sha256_with_rsa_encryption_algorithm __asn1_algorithm;
330 extern struct asn1_algorithm
331 sha384_with_rsa_encryption_algorithm __asn1_algorithm;
332 extern struct asn1_algorithm
333 sha512_with_rsa_encryption_algorithm __asn1_algorithm;
334 extern struct asn1_algorithm
335 sha224_with_rsa_encryption_algorithm __asn1_algorithm;
336 extern struct asn1_algorithm oid_md4_algorithm __asn1_algorithm;
337 extern struct asn1_algorithm oid_md5_algorithm __asn1_algorithm;
338 extern struct asn1_algorithm oid_sha1_algorithm __asn1_algorithm;
339 extern struct asn1_algorithm oid_sha256_algorithm __asn1_algorithm;
340 extern struct asn1_algorithm oid_sha384_algorithm __asn1_algorithm;
341 extern struct asn1_algorithm oid_sha512_algorithm __asn1_algorithm;
342 extern struct asn1_algorithm oid_sha224_algorithm __asn1_algorithm;
343 extern struct asn1_algorithm oid_sha512_224_algorithm __asn1_algorithm;
344 extern struct asn1_algorithm oid_sha512_256_algorithm __asn1_algorithm;
345
346 /** An ASN.1 bit string */
347 struct asn1_bit_string {
348 /** Data */
349 const void *data;
350 /** Length */
351 size_t len;
352 /** Unused bits at end of data */
353 unsigned int unused;
354 } __attribute__ (( packed ));
355
356 /**
357 * Invalidate ASN.1 object cursor
358 *
359 * @v cursor ASN.1 object cursor
360 */
361 static inline __attribute__ (( always_inline )) void
asn1_invalidate_cursor(struct asn1_cursor * cursor)362 asn1_invalidate_cursor ( struct asn1_cursor *cursor ) {
363 cursor->len = 0;
364 }
365
366 /**
367 * Extract ASN.1 type
368 *
369 * @v cursor ASN.1 object cursor
370 * @ret type Type, or ASN1_END if cursor is invalid
371 */
372 static inline __attribute__ (( always_inline )) unsigned int
asn1_type(const struct asn1_cursor * cursor)373 asn1_type ( const struct asn1_cursor *cursor ) {
374 const uint8_t *type = cursor->data;
375
376 return ( ( cursor->len >= sizeof ( *type ) ) ? *type : ASN1_END );
377 }
378
379 /**
380 * Get cursor for built object
381 *
382 * @v builder ASN.1 object builder
383 * @ret cursor ASN.1 object cursor
384 */
385 static inline __attribute__ (( always_inline )) struct asn1_cursor *
asn1_built(struct asn1_builder * builder)386 asn1_built ( struct asn1_builder *builder ) {
387 union {
388 struct asn1_builder builder;
389 struct asn1_cursor cursor;
390 } *u = container_of ( builder, typeof ( *u ), builder );
391
392 /* Sanity check */
393 linker_assert ( ( ( const void * ) &u->builder.data ) ==
394 &u->cursor.data, asn1_builder_cursor_data_mismatch );
395 linker_assert ( &u->builder.len == &u->cursor.len,
396 asn1_builder_cursor_len_mismatch );
397
398 return &u->cursor;
399 }
400
401 extern int asn1_start ( struct asn1_cursor *cursor, unsigned int type,
402 size_t extra );
403 extern int asn1_enter ( struct asn1_cursor *cursor, unsigned int type );
404 extern int asn1_skip_if_exists ( struct asn1_cursor *cursor,
405 unsigned int type );
406 extern int asn1_skip ( struct asn1_cursor *cursor, unsigned int type );
407 extern int asn1_shrink ( struct asn1_cursor *cursor, unsigned int type );
408 extern int asn1_enter_any ( struct asn1_cursor *cursor );
409 extern int asn1_skip_any ( struct asn1_cursor *cursor );
410 extern int asn1_shrink_any ( struct asn1_cursor *cursor );
411 extern int asn1_boolean ( const struct asn1_cursor *cursor );
412 extern int asn1_integer ( const struct asn1_cursor *cursor, int *value );
413 extern int asn1_bit_string ( const struct asn1_cursor *cursor,
414 struct asn1_bit_string *bits );
415 extern int asn1_integral_bit_string ( const struct asn1_cursor *cursor,
416 struct asn1_bit_string *bits );
417 extern int asn1_compare ( const struct asn1_cursor *cursor1,
418 const struct asn1_cursor *cursor2 );
419 extern int asn1_algorithm ( const struct asn1_cursor *cursor,
420 struct asn1_algorithm **algorithm );
421 extern int asn1_pubkey_algorithm ( const struct asn1_cursor *cursor,
422 struct asn1_algorithm **algorithm );
423 extern int asn1_digest_algorithm ( const struct asn1_cursor *cursor,
424 struct asn1_algorithm **algorithm );
425 extern int asn1_signature_algorithm ( const struct asn1_cursor *cursor,
426 struct asn1_algorithm **algorithm );
427 extern int asn1_generalized_time ( const struct asn1_cursor *cursor,
428 time_t *time );
429 extern int asn1_grow ( struct asn1_builder *builder, size_t extra );
430 extern int asn1_prepend_raw ( struct asn1_builder *builder, const void *data,
431 size_t len );
432 extern int asn1_prepend ( struct asn1_builder *builder, unsigned int type,
433 const void *data, size_t len );
434 extern int asn1_wrap ( struct asn1_builder *builder, unsigned int type );
435
436 #endif /* _IPXE_ASN1_H */
437