asn1.h

00001 /**
00002  * \file asn1.h
00003  *
00004  * \brief Generic ASN.1 parsing
00005  */
00006 /*
00007  *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
00008  *  SPDX-License-Identifier: Apache-2.0
00009  *
00010  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00011  *  not use this file except in compliance with the License.
00012  *  You may obtain a copy of the License at
00013  *
00014  *  http://www.apache.org/licenses/LICENSE-2.0
00015  *
00016  *  Unless required by applicable law or agreed to in writing, software
00017  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00018  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00019  *  See the License for the specific language governing permissions and
00020  *  limitations under the License.
00021  *
00022  *  This file is part of mbed TLS (https://tls.mbed.org)
00023  */
00024 #ifndef MBEDTLS_ASN1_H
00025 #define MBEDTLS_ASN1_H
00026 
00027 #if !defined(MBEDTLS_CONFIG_FILE)
00028 #include "config.h"
00029 #else
00030 #include MBEDTLS_CONFIG_FILE
00031 #endif
00032 
00033 #include <stddef.h>
00034 
00035 #if defined(MBEDTLS_BIGNUM_C)
00036 #include "bignum.h"
00037 #endif
00038 
00039 /**
00040  * \addtogroup asn1_module
00041  * \{
00042  */
00043 
00044 /**
00045  * \name ASN1 Error codes
00046  * These error codes are OR'ed to X509 error codes for
00047  * higher error granularity.
00048  * ASN1 is a standard to specify data structures.
00049  * \{
00050  */
00051 #define MBEDTLS_ERR_ASN1_OUT_OF_DATA                      -0x0060  /**< Out of data when parsing an ASN1 data structure. */
00052 #define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG                   -0x0062  /**< ASN1 tag was of an unexpected value. */
00053 #define MBEDTLS_ERR_ASN1_INVALID_LENGTH                   -0x0064  /**< Error when trying to determine the length or invalid length. */
00054 #define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH                  -0x0066  /**< Actual length differs from expected length. */
00055 #define MBEDTLS_ERR_ASN1_INVALID_DATA                     -0x0068  /**< Data is invalid. (not used) */
00056 #define MBEDTLS_ERR_ASN1_ALLOC_FAILED                     -0x006A  /**< Memory allocation failed */
00057 #define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C  /**< Buffer too small when writing ASN.1 data structure. */
00058 
00059 /* \} name */
00060 
00061 /**
00062  * \name DER constants
00063  * These constants comply with the DER encoded ASN.1 type tags.
00064  * DER encoding uses hexadecimal representation.
00065  * An example DER sequence is:\n
00066  * - 0x02 -- tag indicating INTEGER
00067  * - 0x01 -- length in octets
00068  * - 0x05 -- value
00069  * Such sequences are typically read into \c ::mbedtls_x509_buf.
00070  * \{
00071  */
00072 #define MBEDTLS_ASN1_BOOLEAN                 0x01
00073 #define MBEDTLS_ASN1_INTEGER                 0x02
00074 #define MBEDTLS_ASN1_BIT_STRING              0x03
00075 #define MBEDTLS_ASN1_OCTET_STRING            0x04
00076 #define MBEDTLS_ASN1_NULL                    0x05
00077 #define MBEDTLS_ASN1_OID                     0x06
00078 #define MBEDTLS_ASN1_UTF8_STRING             0x0C
00079 #define MBEDTLS_ASN1_SEQUENCE                0x10
00080 #define MBEDTLS_ASN1_SET                     0x11
00081 #define MBEDTLS_ASN1_PRINTABLE_STRING        0x13
00082 #define MBEDTLS_ASN1_T61_STRING              0x14
00083 #define MBEDTLS_ASN1_IA5_STRING              0x16
00084 #define MBEDTLS_ASN1_UTC_TIME                0x17
00085 #define MBEDTLS_ASN1_GENERALIZED_TIME        0x18
00086 #define MBEDTLS_ASN1_UNIVERSAL_STRING        0x1C
00087 #define MBEDTLS_ASN1_BMP_STRING              0x1E
00088 #define MBEDTLS_ASN1_PRIMITIVE               0x00
00089 #define MBEDTLS_ASN1_CONSTRUCTED             0x20
00090 #define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
00091 
00092 /*
00093  * Bit masks for each of the components of an ASN.1 tag as specified in
00094  * ITU X.690 (08/2015), section 8.1 "General rules for encoding",
00095  * paragraph 8.1.2.2:
00096  *
00097  * Bit  8     7   6   5          1
00098  *     +-------+-----+------------+
00099  *     | Class | P/C | Tag number |
00100  *     +-------+-----+------------+
00101  */
00102 #define MBEDTLS_ASN1_TAG_CLASS_MASK          0xC0
00103 #define MBEDTLS_ASN1_TAG_PC_MASK             0x20
00104 #define MBEDTLS_ASN1_TAG_VALUE_MASK          0x1F
00105 
00106 /* \} name */
00107 /* \} addtogroup asn1_module */
00108 
00109 /** Returns the size of the binary string, without the trailing \\0 */
00110 #define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
00111 
00112 /**
00113  * Compares an mbedtls_asn1_buf structure to a reference OID.
00114  *
00115  * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
00116  * 'unsigned char *oid' here!
00117  */
00118 #define MBEDTLS_OID_CMP(oid_str, oid_buf)                                   \
00119         ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
00120           memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
00121 
00122 #ifdef __cplusplus
00123 extern "C" {
00124 #endif
00125 
00126 /**
00127  * \name Functions to parse ASN.1 data structures
00128  * \{
00129  */
00130 
00131 /**
00132  * Type-length-value structure that allows for ASN1 using DER.
00133  */
00134 typedef struct mbedtls_asn1_buf
00135 {
00136     int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
00137     size_t len;             /**< ASN1 length, in octets. */
00138     unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
00139 }
00140 mbedtls_asn1_buf;
00141 
00142 /**
00143  * Container for ASN1 bit strings.
00144  */
00145 typedef struct mbedtls_asn1_bitstring
00146 {
00147     size_t len;                 /**< ASN1 length, in octets. */
00148     unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
00149     unsigned char *p;           /**< Raw ASN1 data for the bit string */
00150 }
00151 mbedtls_asn1_bitstring;
00152 
00153 /**
00154  * Container for a sequence of ASN.1 items
00155  */
00156 typedef struct mbedtls_asn1_sequence
00157 {
00158     mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
00159     struct mbedtls_asn1_sequence *next;    /**< The next entry in the sequence. */
00160 }
00161 mbedtls_asn1_sequence;
00162 
00163 /**
00164  * Container for a sequence or list of 'named' ASN.1 data items
00165  */
00166 typedef struct mbedtls_asn1_named_data
00167 {
00168     mbedtls_asn1_buf oid;                   /**< The object identifier. */
00169     mbedtls_asn1_buf val;                   /**< The named value. */
00170     struct mbedtls_asn1_named_data *next;  /**< The next entry in the sequence. */
00171     unsigned char next_merged;      /**< Merge next item into the current one? */
00172 }
00173 mbedtls_asn1_named_data;
00174 
00175 /**
00176  * \brief       Get the length of an ASN.1 element.
00177  *              Updates the pointer to immediately behind the length.
00178  *
00179  * \param p     The position in the ASN.1 data
00180  * \param end   End of data
00181  * \param len   The variable that will receive the value
00182  *
00183  * \return      0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching
00184  *              end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is
00185  *              unparseable.
00186  */
00187 int mbedtls_asn1_get_len( unsigned char **p,
00188                   const unsigned char *end,
00189                   size_t *len );
00190 
00191 /**
00192  * \brief       Get the tag and length of the tag. Check for the requested tag.
00193  *              Updates the pointer to immediately behind the tag and length.
00194  *
00195  * \param p     The position in the ASN.1 data
00196  * \param end   End of data
00197  * \param len   The variable that will receive the length
00198  * \param tag   The expected tag
00199  *
00200  * \return      0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did
00201  *              not match requested tag, or another specific ASN.1 error code.
00202  */
00203 int mbedtls_asn1_get_tag( unsigned char **p,
00204                   const unsigned char *end,
00205                   size_t *len, int tag );
00206 
00207 /**
00208  * \brief       Retrieve a boolean ASN.1 tag and its value.
00209  *              Updates the pointer to immediately behind the full tag.
00210  *
00211  * \param p     The position in the ASN.1 data
00212  * \param end   End of data
00213  * \param val   The variable that will receive the value
00214  *
00215  * \return      0 if successful or a specific ASN.1 error code.
00216  */
00217 int mbedtls_asn1_get_bool( unsigned char **p,
00218                    const unsigned char *end,
00219                    int *val );
00220 
00221 /**
00222  * \brief       Retrieve an integer ASN.1 tag and its value.
00223  *              Updates the pointer to immediately behind the full tag.
00224  *
00225  * \param p     The position in the ASN.1 data
00226  * \param end   End of data
00227  * \param val   The variable that will receive the value
00228  *
00229  * \return      0 if successful or a specific ASN.1 error code.
00230  */
00231 int mbedtls_asn1_get_int( unsigned char **p,
00232                   const unsigned char *end,
00233                   int *val );
00234 
00235 /**
00236  * \brief       Retrieve a bitstring ASN.1 tag and its value.
00237  *              Updates the pointer to immediately behind the full tag.
00238  *
00239  * \param p     The position in the ASN.1 data
00240  * \param end   End of data
00241  * \param bs    The variable that will receive the value
00242  *
00243  * \return      0 if successful or a specific ASN.1 error code.
00244  */
00245 int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
00246                         mbedtls_asn1_bitstring *bs);
00247 
00248 /**
00249  * \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
00250  *              value.
00251  *              Updates the pointer to the beginning of the bit/octet string.
00252  *
00253  * \param p     The position in the ASN.1 data
00254  * \param end   End of data
00255  * \param len   Length of the actual bit/octect string in bytes
00256  *
00257  * \return      0 if successful or a specific ASN.1 error code.
00258  */
00259 int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
00260                              size_t *len );
00261 
00262 /**
00263  * \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>"
00264  *              Updated the pointer to immediately behind the full sequence tag.
00265  *
00266  * \param p     The position in the ASN.1 data
00267  * \param end   End of data
00268  * \param cur   First variable in the chain to fill
00269  * \param tag   Type of sequence
00270  *
00271  * \return      0 if successful or a specific ASN.1 error code.
00272  */
00273 int mbedtls_asn1_get_sequence_of( unsigned char **p,
00274                           const unsigned char *end,
00275                           mbedtls_asn1_sequence *cur,
00276                           int tag);
00277 
00278 #if defined(MBEDTLS_BIGNUM_C)
00279 /**
00280  * \brief       Retrieve a MPI value from an integer ASN.1 tag.
00281  *              Updates the pointer to immediately behind the full tag.
00282  *
00283  * \param p     The position in the ASN.1 data
00284  * \param end   End of data
00285  * \param X     The MPI that will receive the value
00286  *
00287  * \return      0 if successful or a specific ASN.1 or MPI error code.
00288  */
00289 int mbedtls_asn1_get_mpi( unsigned char **p,
00290                   const unsigned char *end,
00291                   mbedtls_mpi *X );
00292 #endif /* MBEDTLS_BIGNUM_C */
00293 
00294 /**
00295  * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
00296  *              Updates the pointer to immediately behind the full
00297  *              AlgorithmIdentifier.
00298  *
00299  * \param p     The position in the ASN.1 data
00300  * \param end   End of data
00301  * \param alg   The buffer to receive the OID
00302  * \param params The buffer to receive the params (if any)
00303  *
00304  * \return      0 if successful or a specific ASN.1 or MPI error code.
00305  */
00306 int mbedtls_asn1_get_alg( unsigned char **p,
00307                   const unsigned char *end,
00308                   mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
00309 
00310 /**
00311  * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
00312  *              params.
00313  *              Updates the pointer to immediately behind the full
00314  *              AlgorithmIdentifier.
00315  *
00316  * \param p     The position in the ASN.1 data
00317  * \param end   End of data
00318  * \param alg   The buffer to receive the OID
00319  *
00320  * \return      0 if successful or a specific ASN.1 or MPI error code.
00321  */
00322 int mbedtls_asn1_get_alg_null( unsigned char **p,
00323                        const unsigned char *end,
00324                        mbedtls_asn1_buf *alg );
00325 
00326 /**
00327  * \brief       Find a specific named_data entry in a sequence or list based on
00328  *              the OID.
00329  *
00330  * \param list  The list to seek through
00331  * \param oid   The OID to look for
00332  * \param len   Size of the OID
00333  *
00334  * \return      NULL if not found, or a pointer to the existing entry.
00335  */
00336 mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
00337                                        const char *oid, size_t len );
00338 
00339 /**
00340  * \brief       Free a mbedtls_asn1_named_data entry
00341  *
00342  * \param entry The named data entry to free
00343  */
00344 void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
00345 
00346 /**
00347  * \brief       Free all entries in a mbedtls_asn1_named_data list
00348  *              Head will be set to NULL
00349  *
00350  * \param head  Pointer to the head of the list of named data entries to free
00351  */
00352 void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
00353 
00354 #ifdef __cplusplus
00355 }
00356 #endif
00357 
00358 #endif /* asn1.h */