Rewrite ASN.1 identifier/length parsing in CBS.

Provide internal asn1_get_identifier_cbs() and asn1_get_length_cbs() functions that are called from asn1_get_object_cbs(). Convert the existing ASN1_get_object() function so that it calls asn1_get_object_cbs(), before mapping the result into the API that it implements. ok tb@
author: jsing <> 2021-12-25 07:04:03 +0000
committer: jsing <> 2021-12-25 07:04:03 +0000
commit: 45bffde06d55be8341ae2ab97fd9f6d173eea785 (patch)
tree: dfd17445518096186f837cbf0acabb25662aebab /src/lib/libcrypto/asn1/asn1_lib.c
parent: 6142c0431dc485679ae167b6cb887a9afafb3427 (diff)
download: openbsd-45bffde06d55be8341ae2ab97fd9f6d173eea785.tar.gz
openbsd-45bffde06d55be8341ae2ab97fd9f6d173eea785.tar.bz2
openbsd-45bffde06d55be8341ae2ab97fd9f6d173eea785.zip
1 files changed, 171 insertions, 0 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
new file mode 100644
index 0000000000..542a72f6f1
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -0,0 +1,171 @@
+/* $OpenBSD: asn1_lib.c,v 1.51 2021/12/25 07:04:03 jsing Exp $ */
+/*
+ * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <limits.h>
+#include "bytestring.h"
+static int
+asn1_get_identifier_cbs(CBS *cbs, int der_mode, uint8_t *out_class,
+    int *out_constructed, uint32_t *out_tag_number)
+{
+        uint8_t tag_class, tag_val;
+        int tag_constructed;
+        uint32_t tag_number;
+        /*
+         * Decode ASN.1 identifier octets - see ITU-T X.690 section 8.1.2.
+         */
+        *out_class = 0;
+        *out_constructed = 0;
+        *out_tag_number = 0;
+        if (!CBS_get_u8(cbs, &tag_val))
+                return 0;
+        /*
+         * ASN.1 tag class, encoding (primitive or constructed) and tag number
+         * are encoded in one or more identifier octets - the first octet
+         * contains the 2 bit tag class, the 1 bit encoding type and 5 bits
+         * of tag number.
+         *
+         * For tag numbers larger than 30 (0x1e) the 5 bit tag number in the
+         * first octet is set to all ones (0x1f) - the tag number is then
+         * encoded in subsequent octets - each of which have a one bit
+         * continuation flag and 7 bits of tag number in big-endian form.
+         * The encoding should not contain leading zeros but can for BER.
+         */
+        tag_class = (tag_val >> 6) & 0x3;
+        tag_constructed = (tag_val >> 5) & 0x1;
+        tag_number = tag_val & 0x1f;
+        /* Long form. */
+        if (tag_number == 0x1f) {
+                tag_number = 0;
+                do {
+                        if (!CBS_get_u8(cbs, &tag_val))
+                                return 0;
+                        if (der_mode && tag_number == 0 && tag_val == 0x80)
+                                return 0;
+                        if (tag_number > (UINT32_MAX >> 7))
+                                return 0;
+                        tag_number = tag_number << 7 | (tag_val & 0x7f);
+                } while ((tag_val & 0x80) != 0);
+        }
+        *out_class = tag_class;
+        *out_constructed = tag_constructed;
+        *out_tag_number = tag_number;
+        return 1;
+}
+static int
+asn1_get_length_cbs(CBS *cbs, int der_mode, int *out_indefinite,
+    uint32_t *out_length)
+{
+        uint8_t len_bytes;
+        uint32_t length;
+        uint8_t val;
+        /*
+         * Decode ASN.1 length octets - see ITU-T X.690 section 8.1.3.
+         */
+        *out_length = 0;
+        *out_indefinite = 0;
+        if (!CBS_get_u8(cbs, &val))
+                return 0;
+        /*
+         * Short form - length is encoded in the lower 7 bits of a single byte.
+         */
+        if (val < 0x80) {
+                *out_length = val;
+                return 1;
+        }
+        /*
+         * Indefinite length - content continues until an End of Content (EOC)
+         * marker is reached. Must be used with constructed encoding.
+         */
+        if (val == 0x80) {
+                *out_indefinite = 1;
+                return 1;
+        }
+        /*
+         * Long form - the lower 7 bits of the first byte specifies the number
+         * of bytes used to encode the length, the following bytes specify the
+         * length in big-endian form. The encoding should not contain leading
+         * zeros but can for BER. A length value of 0x7f is invalid.
+         */
+        if ((len_bytes = val & 0x7f) == 0x7f)
+                return 0;
+        length = 0;
+        while (len_bytes-- > 0) {
+                if (!CBS_get_u8(cbs, &val))
+                        return 0;
+                if (der_mode && length == 0 && val == 0)
+                        return 0;
+                if (length > (UINT32_MAX >> 8))
+                        return 0;
+                length = (length << 8) | val;
+        }
+        *out_length = length;
+        return 1;
+}
+int
+asn1_get_object_cbs(CBS *cbs, int der_mode, uint8_t *out_tag_class,
+    int *out_constructed, uint32_t *out_tag_number, int *out_indefinite,
+    uint32_t *out_length)
+{
+        int constructed, indefinite;
+        uint32_t tag_number, length;
+        uint8_t tag_class;
+        *out_tag_class = 0;
+        *out_constructed = 0;
+        *out_tag_number = 0;
+        *out_indefinite = 0;
+        *out_length = 0;
+        if (!asn1_get_identifier_cbs(cbs, der_mode, &tag_class, &constructed,
+            &tag_number))
+                return 0;
+        if (!asn1_get_length_cbs(cbs, der_mode, &indefinite, &length))
+                return 0;
+        /* Indefinite length can only be used with constructed encoding. */
+        if (indefinite && !constructed)
+                return 0;
+        *out_tag_class = tag_class;
+        *out_constructed = constructed;
+        *out_tag_number = tag_number;
+        *out_indefinite = indefinite;
+        *out_length = length;
+        return 1;
+}
author	jsing <>	2021-12-25 07:04:03 +0000
committer	jsing <>	2021-12-25 07:04:03 +0000
commit	45bffde06d55be8341ae2ab97fd9f6d173eea785 (patch)
tree	dfd17445518096186f837cbf0acabb25662aebab /src/lib/libcrypto/asn1/asn1_lib.c
parent	6142c0431dc485679ae167b6cb887a9afafb3427 (diff)
download	openbsd-45bffde06d55be8341ae2ab97fd9f6d173eea785.tar.gz openbsd-45bffde06d55be8341ae2ab97fd9f6d173eea785.tar.bz2 openbsd-45bffde06d55be8341ae2ab97fd9f6d173eea785.zip

diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c new file mode 100644 index 0000000000..542a72f6f1 --- /dev/null +++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -0,0 +1,171 @@
	1	/* $OpenBSD: asn1_lib.c,v 1.51 2021/12/25 07:04:03 jsing Exp $ */
	2	/*
	3	* Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include <limits.h>
	19
	20	#include "bytestring.h"
	21
	22	static int
	23	asn1_get_identifier_cbs(CBS cbs, int der_mode, uint8_t out_class,
	24	int out_constructed, uint32_t out_tag_number)
	25	{
	26	uint8_t tag_class, tag_val;
	27	int tag_constructed;
	28	uint32_t tag_number;
	29
	30	/*
	31	* Decode ASN.1 identifier octets - see ITU-T X.690 section 8.1.2.
	32	*/
	33
	34	*out_class = 0;
	35	*out_constructed = 0;
	36	*out_tag_number = 0;
	37
	38	if (!CBS_get_u8(cbs, &tag_val))
	39	return 0;
	40
	41	/*
	42	* ASN.1 tag class, encoding (primitive or constructed) and tag number
	43	* are encoded in one or more identifier octets - the first octet
	44	* contains the 2 bit tag class, the 1 bit encoding type and 5 bits
	45	* of tag number.
	46	*
	47	* For tag numbers larger than 30 (0x1e) the 5 bit tag number in the
	48	* first octet is set to all ones (0x1f) - the tag number is then
	49	* encoded in subsequent octets - each of which have a one bit
	50	* continuation flag and 7 bits of tag number in big-endian form.
	51	* The encoding should not contain leading zeros but can for BER.
	52	*/
	53	tag_class = (tag_val >> 6) & 0x3;
	54	tag_constructed = (tag_val >> 5) & 0x1;
	55	tag_number = tag_val & 0x1f;
	56
	57	/* Long form. */
	58	if (tag_number == 0x1f) {
	59	tag_number = 0;
	60	do {
	61	if (!CBS_get_u8(cbs, &tag_val))
	62	return 0;
	63	if (der_mode && tag_number == 0 && tag_val == 0x80)
	64	return 0;
	65	if (tag_number > (UINT32_MAX >> 7))
	66	return 0;
	67	tag_number = tag_number << 7 \| (tag_val & 0x7f);
	68	} while ((tag_val & 0x80) != 0);
	69	}
	70
	71	*out_class = tag_class;
	72	*out_constructed = tag_constructed;
	73	*out_tag_number = tag_number;
	74
	75	return 1;
	76	}
	77
	78	static int
	79	asn1_get_length_cbs(CBS cbs, int der_mode, int out_indefinite,
	80	uint32_t *out_length)
	81	{
	82	uint8_t len_bytes;
	83	uint32_t length;
	84	uint8_t val;
	85
	86	/*
	87	* Decode ASN.1 length octets - see ITU-T X.690 section 8.1.3.
	88	*/
	89
	90	*out_length = 0;
	91	*out_indefinite = 0;
	92
	93	if (!CBS_get_u8(cbs, &val))
	94	return 0;
	95
	96	/*
	97	* Short form - length is encoded in the lower 7 bits of a single byte.
	98	*/
	99	if (val < 0x80) {
	100	*out_length = val;
	101	return 1;
	102	}
	103
	104	/*
	105	* Indefinite length - content continues until an End of Content (EOC)
	106	* marker is reached. Must be used with constructed encoding.
	107	*/
	108	if (val == 0x80) {
	109	*out_indefinite = 1;
	110	return 1;
	111	}
	112
	113	/*
	114	* Long form - the lower 7 bits of the first byte specifies the number
	115	* of bytes used to encode the length, the following bytes specify the
	116	* length in big-endian form. The encoding should not contain leading
	117	* zeros but can for BER. A length value of 0x7f is invalid.
	118	*/
	119	if ((len_bytes = val & 0x7f) == 0x7f)
	120	return 0;
	121
	122	length = 0;
	123
	124	while (len_bytes-- > 0) {
	125	if (!CBS_get_u8(cbs, &val))
	126	return 0;
	127	if (der_mode && length == 0 && val == 0)
	128	return 0;
	129	if (length > (UINT32_MAX >> 8))
	130	return 0;
	131	length = (length << 8) \| val;
	132	}
	133
	134	*out_length = length;
	135
	136	return 1;
	137	}
	138
	139	int
	140	asn1_get_object_cbs(CBS cbs, int der_mode, uint8_t out_tag_class,
	141	int out_constructed, uint32_t out_tag_number, int *out_indefinite,
	142	uint32_t *out_length)
	143	{
	144	int constructed, indefinite;
	145	uint32_t tag_number, length;
	146	uint8_t tag_class;
	147
	148	*out_tag_class = 0;
	149	*out_constructed = 0;
	150	*out_tag_number = 0;
	151	*out_indefinite = 0;
	152	*out_length = 0;
	153
	154	if (!asn1_get_identifier_cbs(cbs, der_mode, &tag_class, &constructed,
	155	&tag_number))
	156	return 0;
	157	if (!asn1_get_length_cbs(cbs, der_mode, &indefinite, &length))
	158	return 0;
	159
	160	/* Indefinite length can only be used with constructed encoding. */
	161	if (indefinite && !constructed)
	162	return 0;
	163
	164	*out_tag_class = tag_class;
	165	*out_constructed = constructed;
	166	*out_tag_number = tag_number;
	167	*out_indefinite = indefinite;
	168	*out_length = length;
	169
	170	return 1;
	171	}