asn1.h

00001 /**
00002  * \file asn1.h
00003  *
00004  * \brief Generic ASN.1 parsing
00005  */
00006 /*
00007  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00008  *  SPDX-License-Identifier: Apache-2.0
00009  *
00010  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00011  *  not use this file except in compliance with the License.
00012  *  You may obtain a copy of the License at
00013  *
00014  *  http://www.apache.org/licenses/LICENSE-2.0
00015  *
00016  *  Unless required by applicable law or agreed to in writing, software
00017  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00018  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00019  *  See the License for the specific language governing permissions and
00020  *  limitations under the License.
00021  *
00022  *  This file is part of mbed TLS (https://tls.mbed.org)
00023  */
00024 #ifndef MBEDTLS_ASN1_H
00025 #define MBEDTLS_ASN1_H
00026 
00027 #if !defined(MBEDTLS_CONFIG_FILE)
00028 #include "config.h"
00029 #else
00030 #include MBEDTLS_CONFIG_FILE
00031 #endif
00032 
00033 #include <stddef.h>
00034 
00035 #if defined(MBEDTLS_BIGNUM_C)
00036 #include "bignum.h"
00037 #endif
00038 
00039 /**
00040  * \addtogroup asn1_module
00041  * \{
00042  */
00043 
00044 /**
00045  * \name ASN1 Error codes
00046  * These error codes are OR'ed to X509 error codes for
00047  * higher error granularity.
00048  * ASN1 is a standard to specify data structures.
00049  * \{
00050  */
00051 #define MBEDTLS_ERR_ASN1_OUT_OF_DATA                      -0x0060  /**< Out of data when parsing an ASN1 data structure. */
00052 #define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG                   -0x0062  /**< ASN1 tag was of an unexpected value. */
00053 #define MBEDTLS_ERR_ASN1_INVALID_LENGTH                   -0x0064  /**< Error when trying to determine the length or invalid length. */
00054 #define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH                  -0x0066  /**< Actual length differs from expected length. */
00055 #define MBEDTLS_ERR_ASN1_INVALID_DATA                     -0x0068  /**< Data is invalid. (not used) */
00056 #define MBEDTLS_ERR_ASN1_ALLOC_FAILED                     -0x006A  /**< Memory allocation failed */
00057 #define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C  /**< Buffer too small when writing ASN.1 data structure. */
00058 
00059 /* \} name */
00060 
00061 /**
00062  * \name DER constants
00063  * These constants comply with the DER encoded ASN.1 type tags.
00064  * DER encoding uses hexadecimal representation.
00065  * An example DER sequence is:\n
00066  * - 0x02 -- tag indicating INTEGER
00067  * - 0x01 -- length in octets
00068  * - 0x05 -- value
00069  * Such sequences are typically read into \c ::mbedtls_x509_buf.
00070  * \{
00071  */
00072 #define MBEDTLS_ASN1_BOOLEAN                 0x01
00073 #define MBEDTLS_ASN1_INTEGER                 0x02
00074 #define MBEDTLS_ASN1_BIT_STRING              0x03
00075 #define MBEDTLS_ASN1_OCTET_STRING            0x04
00076 #define MBEDTLS_ASN1_NULL                    0x05
00077 #define MBEDTLS_ASN1_OID                     0x06
00078 #define MBEDTLS_ASN1_UTF8_STRING             0x0C
00079 #define MBEDTLS_ASN1_SEQUENCE                0x10
00080 #define MBEDTLS_ASN1_SET                     0x11
00081 #define MBEDTLS_ASN1_PRINTABLE_STRING        0x13
00082 #define MBEDTLS_ASN1_T61_STRING              0x14
00083 #define MBEDTLS_ASN1_IA5_STRING              0x16
00084 #define MBEDTLS_ASN1_UTC_TIME                0x17
00085 #define MBEDTLS_ASN1_GENERALIZED_TIME        0x18
00086 #define MBEDTLS_ASN1_UNIVERSAL_STRING        0x1C
00087 #define MBEDTLS_ASN1_BMP_STRING              0x1E
00088 #define MBEDTLS_ASN1_PRIMITIVE               0x00
00089 #define MBEDTLS_ASN1_CONSTRUCTED             0x20
00090 #define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
00091 /* \} name */
00092 /* \} addtogroup asn1_module */
00093 
00094 /** Returns the size of the binary string, without the trailing \\0 */
00095 #define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
00096 
00097 /**
00098  * Compares an mbedtls_asn1_buf structure to a reference OID.
00099  *
00100  * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
00101  * 'unsigned char *oid' here!
00102  */
00103 #define MBEDTLS_OID_CMP(oid_str, oid_buf)                                   \
00104         ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
00105           memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
00106 
00107 #ifdef __cplusplus
00108 extern "C" {
00109 #endif
00110 
00111 /**
00112  * \name Functions to parse ASN.1 data structures
00113  * \{
00114  */
00115 
00116 /**
00117  * Type-length-value structure that allows for ASN1 using DER.
00118  */
00119 typedef struct mbedtls_asn1_buf
00120 {
00121     int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
00122     size_t len;             /**< ASN1 length, in octets. */
00123     unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
00124 }
00125 mbedtls_asn1_buf;
00126 
00127 /**
00128  * Container for ASN1 bit strings.
00129  */
00130 typedef struct mbedtls_asn1_bitstring
00131 {
00132     size_t len;                 /**< ASN1 length, in octets. */
00133     unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
00134     unsigned char *p;           /**< Raw ASN1 data for the bit string */
00135 }
00136 mbedtls_asn1_bitstring;
00137 
00138 /**
00139  * Container for a sequence of ASN.1 items
00140  */
00141 typedef struct mbedtls_asn1_sequence
00142 {
00143     mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
00144     struct mbedtls_asn1_sequence *next;    /**< The next entry in the sequence. */
00145 }
00146 mbedtls_asn1_sequence;
00147 
00148 /**
00149  * Container for a sequence or list of 'named' ASN.1 data items
00150  */
00151 typedef struct mbedtls_asn1_named_data
00152 {
00153     mbedtls_asn1_buf oid;                   /**< The object identifier. */
00154     mbedtls_asn1_buf val;                   /**< The named value. */
00155     struct mbedtls_asn1_named_data *next;  /**< The next entry in the sequence. */
00156     unsigned char next_merged;      /**< Merge next item into the current one? */
00157 }
00158 mbedtls_asn1_named_data;
00159 
00160 /**
00161  * \brief       Get the length of an ASN.1 element.
00162  *              Updates the pointer to immediately behind the length.
00163  *
00164  * \param p     The position in the ASN.1 data
00165  * \param end   End of data
00166  * \param len   The variable that will receive the value
00167  *
00168  * \return      0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching
00169  *              end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is
00170  *              unparseable.
00171  */
00172 int mbedtls_asn1_get_len( unsigned char **p,
00173                   const unsigned char *end,
00174                   size_t *len );
00175 
00176 /**
00177  * \brief       Get the tag and length of the tag. Check for the requested tag.
00178  *              Updates the pointer to immediately behind the tag and length.
00179  *
00180  * \param p     The position in the ASN.1 data
00181  * \param end   End of data
00182  * \param len   The variable that will receive the length
00183  * \param tag   The expected tag
00184  *
00185  * \return      0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did
00186  *              not match requested tag, or another specific ASN.1 error code.
00187  */
00188 int mbedtls_asn1_get_tag( unsigned char **p,
00189                   const unsigned char *end,
00190                   size_t *len, int tag );
00191 
00192 /**
00193  * \brief       Retrieve a boolean ASN.1 tag and its value.
00194  *              Updates the pointer to immediately behind the full tag.
00195  *
00196  * \param p     The position in the ASN.1 data
00197  * \param end   End of data
00198  * \param val   The variable that will receive the value
00199  *
00200  * \return      0 if successful or a specific ASN.1 error code.
00201  */
00202 int mbedtls_asn1_get_bool( unsigned char **p,
00203                    const unsigned char *end,
00204                    int *val );
00205 
00206 /**
00207  * \brief       Retrieve an integer ASN.1 tag and its value.
00208  *              Updates the pointer to immediately behind the full tag.
00209  *
00210  * \param p     The position in the ASN.1 data
00211  * \param end   End of data
00212  * \param val   The variable that will receive the value
00213  *
00214  * \return      0 if successful or a specific ASN.1 error code.
00215  */
00216 int mbedtls_asn1_get_int( unsigned char **p,
00217                   const unsigned char *end,
00218                   int *val );
00219 
00220 /**
00221  * \brief       Retrieve a bitstring ASN.1 tag and its value.
00222  *              Updates the pointer to immediately behind the full tag.
00223  *
00224  * \param p     The position in the ASN.1 data
00225  * \param end   End of data
00226  * \param bs    The variable that will receive the value
00227  *
00228  * \return      0 if successful or a specific ASN.1 error code.
00229  */
00230 int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
00231                         mbedtls_asn1_bitstring *bs);
00232 
00233 /**
00234  * \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
00235  *              value.
00236  *              Updates the pointer to the beginning of the bit/octet string.
00237  *
00238  * \param p     The position in the ASN.1 data
00239  * \param end   End of data
00240  * \param len   Length of the actual bit/octect string in bytes
00241  *
00242  * \return      0 if successful or a specific ASN.1 error code.
00243  */
00244 int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
00245                              size_t *len );
00246 
00247 /**
00248  * \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>"
00249  *              Updated the pointer to immediately behind the full sequence tag.
00250  *
00251  * \param p     The position in the ASN.1 data
00252  * \param end   End of data
00253  * \param cur   First variable in the chain to fill
00254  * \param tag   Type of sequence
00255  *
00256  * \return      0 if successful or a specific ASN.1 error code.
00257  */
00258 int mbedtls_asn1_get_sequence_of( unsigned char **p,
00259                           const unsigned char *end,
00260                           mbedtls_asn1_sequence *cur,
00261                           int tag);
00262 
00263 #if defined(MBEDTLS_BIGNUM_C)
00264 /**
00265  * \brief       Retrieve a MPI value from an integer ASN.1 tag.
00266  *              Updates the pointer to immediately behind the full tag.
00267  *
00268  * \param p     The position in the ASN.1 data
00269  * \param end   End of data
00270  * \param X     The MPI that will receive the value
00271  *
00272  * \return      0 if successful or a specific ASN.1 or MPI error code.
00273  */
00274 int mbedtls_asn1_get_mpi( unsigned char **p,
00275                   const unsigned char *end,
00276                   mbedtls_mpi *X );
00277 #endif /* MBEDTLS_BIGNUM_C */
00278 
00279 /**
00280  * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
00281  *              Updates the pointer to immediately behind the full
00282  *              AlgorithmIdentifier.
00283  *
00284  * \param p     The position in the ASN.1 data
00285  * \param end   End of data
00286  * \param alg   The buffer to receive the OID
00287  * \param params The buffer to receive the params (if any)
00288  *
00289  * \return      0 if successful or a specific ASN.1 or MPI error code.
00290  */
00291 int mbedtls_asn1_get_alg( unsigned char **p,
00292                   const unsigned char *end,
00293                   mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
00294 
00295 /**
00296  * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
00297  *              params.
00298  *              Updates the pointer to immediately behind the full
00299  *              AlgorithmIdentifier.
00300  *
00301  * \param p     The position in the ASN.1 data
00302  * \param end   End of data
00303  * \param alg   The buffer to receive the OID
00304  *
00305  * \return      0 if successful or a specific ASN.1 or MPI error code.
00306  */
00307 int mbedtls_asn1_get_alg_null( unsigned char **p,
00308                        const unsigned char *end,
00309                        mbedtls_asn1_buf *alg );
00310 
00311 /**
00312  * \brief       Find a specific named_data entry in a sequence or list based on
00313  *              the OID.
00314  *
00315  * \param list  The list to seek through
00316  * \param oid   The OID to look for
00317  * \param len   Size of the OID
00318  *
00319  * \return      NULL if not found, or a pointer to the existing entry.
00320  */
00321 mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
00322                                        const char *oid, size_t len );
00323 
00324 /**
00325  * \brief       Free a mbedtls_asn1_named_data entry
00326  *
00327  * \param entry The named data entry to free
00328  */
00329 void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
00330 
00331 /**
00332  * \brief       Free all entries in a mbedtls_asn1_named_data list
00333  *              Head will be set to NULL
00334  *
00335  * \param head  Pointer to the head of the list of named data entries to free
00336  */
00337 void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
00338 
00339 #ifdef __cplusplus
00340 }
00341 #endif
00342 
00343 #endif /* asn1.h */