summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/Makefile10
-rw-r--r--src/lib/libcrypto/bytestring/bs_ber.c269
-rw-r--r--src/lib/libcrypto/bytestring/bs_cbb.c467
-rw-r--r--src/lib/libcrypto/bytestring/bs_cbs.c510
-rw-r--r--src/lib/libcrypto/bytestring/bytestring.h518
5 files changed, 1771 insertions, 3 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 3f4014409d..fba3871e73 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.49 2021/11/01 20:53:08 tb Exp $ 1# $OpenBSD: Makefile,v 1.50 2021/11/20 18:10:52 jsing Exp $
2 2
3LIB= crypto 3LIB= crypto
4LIBREBUILD=y 4LIBREBUILD=y
@@ -28,8 +28,8 @@ CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN
28CFLAGS+= -DOPENSSL_NO_HW_PADLOCK # XXX enable this? 28CFLAGS+= -DOPENSSL_NO_HW_PADLOCK # XXX enable this?
29 29
30CFLAGS+= -I${LCRYPTO_SRC} 30CFLAGS+= -I${LCRYPTO_SRC}
31CFLAGS+= -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/bn -I${LCRYPTO_SRC}/evp 31CFLAGS+= -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/bn -I${LCRYPTO_SRC}/bytestring
32CFLAGS+= -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/x509 32CFLAGS+= -I${LCRYPTO_SRC}/evp -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/x509
33 33
34# XXX FIXME ecdsa and ec should be merged 34# XXX FIXME ecdsa and ec should be merged
35CFLAGS+= -I${LCRYPTO_SRC}/ecdsa 35CFLAGS+= -I${LCRYPTO_SRC}/ecdsa
@@ -85,6 +85,9 @@ SRCS+= bn_depr.c bn_const.c bn_x931p.c
85# buffer/ 85# buffer/
86SRCS+= buffer.c buf_err.c buf_str.c 86SRCS+= buffer.c buf_err.c buf_str.c
87 87
88# bytestring/
89SRCS+= bs_ber.c bs_cbb.c bs_cbs.c
90
88# camellia/ 91# camellia/
89SRCS+= cmll_cfb.c cmll_ctr.c cmll_ecb.c cmll_ofb.c 92SRCS+= cmll_cfb.c cmll_ctr.c cmll_ecb.c cmll_ofb.c
90 93
@@ -290,6 +293,7 @@ SRCS+= pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c
290 ${LCRYPTO_SRC}/bn \ 293 ${LCRYPTO_SRC}/bn \
291 ${LCRYPTO_SRC}/bn/asm \ 294 ${LCRYPTO_SRC}/bn/asm \
292 ${LCRYPTO_SRC}/buffer \ 295 ${LCRYPTO_SRC}/buffer \
296 ${LCRYPTO_SRC}/bytestring \
293 ${LCRYPTO_SRC}/camellia \ 297 ${LCRYPTO_SRC}/camellia \
294 ${LCRYPTO_SRC}/cast \ 298 ${LCRYPTO_SRC}/cast \
295 ${LCRYPTO_SRC}/chacha \ 299 ${LCRYPTO_SRC}/chacha \
diff --git a/src/lib/libcrypto/bytestring/bs_ber.c b/src/lib/libcrypto/bytestring/bs_ber.c
new file mode 100644
index 0000000000..e77c98b223
--- /dev/null
+++ b/src/lib/libcrypto/bytestring/bs_ber.c
@@ -0,0 +1,269 @@
1/* $OpenBSD: bs_ber.c,v 1.1 2021/11/20 18:10:52 jsing Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <string.h>
19
20#include "bytestring.h"
21
22/*
23 * kMaxDepth is a just a sanity limit. The code should be such that the length
24 * of the input being processes always decreases. None the less, a very large
25 * input could otherwise cause the stack to overflow.
26 */
27static const unsigned int kMaxDepth = 2048;
28
29/* Non-strict version that allows a relaxed DER with indefinite form. */
30static int
31cbs_nonstrict_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
32 size_t *out_header_len)
33{
34 return cbs_get_any_asn1_element_internal(cbs, out,
35 out_tag, out_header_len, 0);
36}
37
38/*
39 * cbs_find_indefinite walks an ASN.1 structure in |orig_in| and sets
40 * |*indefinite_found| depending on whether an indefinite length element was
41 * found. The value of |orig_in| is not modified.
42 *
43 * Returns one on success (i.e. |*indefinite_found| was set) and zero on error.
44 */
45static int
46cbs_find_indefinite(const CBS *orig_in, char *indefinite_found,
47 unsigned int depth)
48{
49 CBS in;
50
51 if (depth > kMaxDepth)
52 return 0;
53
54 CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in));
55
56 while (CBS_len(&in) > 0) {
57 CBS contents;
58 unsigned int tag;
59 size_t header_len;
60
61 if (!cbs_nonstrict_get_any_asn1_element(&in, &contents, &tag,
62 &header_len))
63 return 0;
64
65 /* Indefinite form not allowed by DER. */
66 if (CBS_len(&contents) == header_len && header_len > 0 &&
67 CBS_data(&contents)[header_len - 1] == 0x80) {
68 *indefinite_found = 1;
69 return 1;
70 }
71 if (tag & CBS_ASN1_CONSTRUCTED) {
72 if (!CBS_skip(&contents, header_len) ||
73 !cbs_find_indefinite(&contents, indefinite_found,
74 depth + 1))
75 return 0;
76 }
77 }
78
79 *indefinite_found = 0;
80 return 1;
81}
82
83/*
84 * is_primitive_type returns true if |tag| likely a primitive type. Normally
85 * one can just test the "constructed" bit in the tag but, in BER, even
86 * primitive tags can have the constructed bit if they have indefinite
87 * length.
88 */
89static char
90is_primitive_type(unsigned int tag)
91{
92 return (tag & 0xc0) == 0 &&
93 (tag & 0x1f) != (CBS_ASN1_SEQUENCE & 0x1f) &&
94 (tag & 0x1f) != (CBS_ASN1_SET & 0x1f);
95}
96
97/*
98 * is_eoc returns true if |header_len| and |contents|, as returned by
99 * |cbs_nonstrict_get_any_asn1_element|, indicate an "end of contents" (EOC)
100 * value.
101 */
102static char
103is_eoc(size_t header_len, CBS *contents)
104{
105 const unsigned char eoc[] = {0x0, 0x0};
106
107 return header_len == 2 && CBS_mem_equal(contents, eoc, 2);
108}
109
110/*
111 * cbs_convert_indefinite reads data with DER encoding (but relaxed to allow
112 * indefinite form) from |in| and writes definite form DER data to |out|. If
113 * |squash_header| is set then the top-level of elements from |in| will not
114 * have their headers written. This is used when concatenating the fragments of
115 * an indefinite length, primitive value. If |looking_for_eoc| is set then any
116 * EOC elements found will cause the function to return after consuming it.
117 * It returns one on success and zero on error.
118 */
119static int
120cbs_convert_indefinite(CBS *in, CBB *out, char squash_header,
121 char looking_for_eoc, unsigned int depth)
122{
123 if (depth > kMaxDepth)
124 return 0;
125
126 while (CBS_len(in) > 0) {
127 CBS contents;
128 unsigned int tag;
129 size_t header_len;
130 CBB *out_contents, out_contents_storage;
131
132 if (!cbs_nonstrict_get_any_asn1_element(in, &contents, &tag,
133 &header_len))
134 return 0;
135
136 out_contents = out;
137
138 if (CBS_len(&contents) == header_len) {
139 if (is_eoc(header_len, &contents))
140 return looking_for_eoc;
141
142 if (header_len > 0 &&
143 CBS_data(&contents)[header_len - 1] == 0x80) {
144 /*
145 * This is an indefinite length element. If
146 * it's a SEQUENCE or SET then we just need to
147 * write the out the contents as normal, but
148 * with a concrete length prefix.
149 *
150 * If it's a something else then the contents
151 * will be a series of DER elements of the same
152 * type which need to be concatenated.
153 */
154 const char context_specific = (tag & 0xc0)
155 == 0x80;
156 char squash_child_headers =
157 is_primitive_type(tag);
158
159 /*
160 * This is a hack, but it sufficies to handle
161 * NSS's output. If we find an indefinite
162 * length, context-specific tag with a definite,
163 * primtive tag inside it, then we assume that
164 * the context-specific tag is implicit and the
165 * tags within are fragments of a primitive type
166 * that need to be concatenated.
167 */
168 if (context_specific &&
169 (tag & CBS_ASN1_CONSTRUCTED)) {
170 CBS in_copy, inner_contents;
171 unsigned int inner_tag;
172 size_t inner_header_len;
173
174 CBS_init(&in_copy, CBS_data(in),
175 CBS_len(in));
176 if (!cbs_nonstrict_get_any_asn1_element(
177 &in_copy, &inner_contents,
178 &inner_tag, &inner_header_len))
179 return 0;
180
181 if (CBS_len(&inner_contents) >
182 inner_header_len &&
183 is_primitive_type(inner_tag))
184 squash_child_headers = 1;
185 }
186
187 if (!squash_header) {
188 unsigned int out_tag = tag;
189
190 if (squash_child_headers)
191 out_tag &=
192 ~CBS_ASN1_CONSTRUCTED;
193
194 if (!CBB_add_asn1(out,
195 &out_contents_storage, out_tag))
196 return 0;
197
198 out_contents = &out_contents_storage;
199 }
200
201 if (!cbs_convert_indefinite(in, out_contents,
202 squash_child_headers,
203 1 /* looking for eoc */, depth + 1))
204 return 0;
205
206 if (out_contents != out && !CBB_flush(out))
207 return 0;
208
209 continue;
210 }
211 }
212
213 if (!squash_header) {
214 if (!CBB_add_asn1(out, &out_contents_storage, tag))
215 return 0;
216
217 out_contents = &out_contents_storage;
218 }
219
220 if (!CBS_skip(&contents, header_len))
221 return 0;
222
223 if (tag & CBS_ASN1_CONSTRUCTED) {
224 if (!cbs_convert_indefinite(&contents, out_contents,
225 0 /* don't squash header */,
226 0 /* not looking for eoc */, depth + 1))
227 return 0;
228 } else {
229 if (!CBB_add_bytes(out_contents, CBS_data(&contents),
230 CBS_len(&contents)))
231 return 0;
232 }
233
234 if (out_contents != out && !CBB_flush(out))
235 return 0;
236 }
237
238 return looking_for_eoc == 0;
239}
240
241int
242CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len)
243{
244 CBB cbb;
245
246 /*
247 * First, do a quick walk to find any indefinite-length elements. Most
248 * of the time we hope that there aren't any and thus we can quickly
249 * return.
250 */
251 char conversion_needed;
252 if (!cbs_find_indefinite(in, &conversion_needed, 0))
253 return 0;
254
255 if (!conversion_needed) {
256 *out = NULL;
257 *out_len = 0;
258 return 1;
259 }
260
261 if (!CBB_init(&cbb, CBS_len(in)))
262 return 0;
263 if (!cbs_convert_indefinite(in, &cbb, 0, 0, 0)) {
264 CBB_cleanup(&cbb);
265 return 0;
266 }
267
268 return CBB_finish(&cbb, out, out_len);
269}
diff --git a/src/lib/libcrypto/bytestring/bs_cbb.c b/src/lib/libcrypto/bytestring/bs_cbb.c
new file mode 100644
index 0000000000..2aaee30a06
--- /dev/null
+++ b/src/lib/libcrypto/bytestring/bs_cbb.c
@@ -0,0 +1,467 @@
1/* $OpenBSD: bs_cbb.c,v 1.1 2021/11/20 18:10:52 jsing Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdlib.h>
19#include <string.h>
20
21#include "bytestring.h"
22
23#define CBB_INITIAL_SIZE 64
24
25static int
26cbb_init(CBB *cbb, uint8_t *buf, size_t cap)
27{
28 struct cbb_buffer_st *base;
29
30 if ((base = calloc(1, sizeof(struct cbb_buffer_st))) == NULL)
31 return 0;
32
33 base->buf = buf;
34 base->len = 0;
35 base->cap = cap;
36 base->can_resize = 1;
37
38 cbb->base = base;
39 cbb->is_top_level = 1;
40
41 return 1;
42}
43
44int
45CBB_init(CBB *cbb, size_t initial_capacity)
46{
47 uint8_t *buf = NULL;
48
49 memset(cbb, 0, sizeof(*cbb));
50
51 if (initial_capacity == 0)
52 initial_capacity = CBB_INITIAL_SIZE;
53
54 if ((buf = calloc(1, initial_capacity)) == NULL)
55 return 0;
56
57 if (!cbb_init(cbb, buf, initial_capacity)) {
58 free(buf);
59 return 0;
60 }
61
62 return 1;
63}
64
65int
66CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len)
67{
68 memset(cbb, 0, sizeof(*cbb));
69
70 if (!cbb_init(cbb, buf, len))
71 return 0;
72
73 cbb->base->can_resize = 0;
74
75 return 1;
76}
77
78void
79CBB_cleanup(CBB *cbb)
80{
81 if (cbb->base) {
82 if (cbb->base->can_resize)
83 freezero(cbb->base->buf, cbb->base->cap);
84 free(cbb->base);
85 }
86 cbb->base = NULL;
87 cbb->child = NULL;
88}
89
90static int
91cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len)
92{
93 size_t newlen;
94
95 if (base == NULL)
96 return 0;
97
98 newlen = base->len + len;
99 if (newlen < base->len)
100 /* Overflow */
101 return 0;
102
103 if (newlen > base->cap) {
104 size_t newcap = base->cap * 2;
105 uint8_t *newbuf;
106
107 if (!base->can_resize)
108 return 0;
109
110 if (newcap < base->cap || newcap < newlen)
111 newcap = newlen;
112
113 newbuf = recallocarray(base->buf, base->cap, newcap, 1);
114 if (newbuf == NULL)
115 return 0;
116
117 base->buf = newbuf;
118 base->cap = newcap;
119 }
120
121 if (out)
122 *out = base->buf + base->len;
123
124 base->len = newlen;
125 return 1;
126}
127
128static int
129cbb_add_u(CBB *cbb, uint32_t v, size_t len_len)
130{
131 uint8_t *buf;
132 size_t i;
133
134 if (len_len == 0)
135 return 1;
136
137 if (len_len > 4)
138 return 0;
139
140 if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &buf, len_len))
141 return 0;
142
143 for (i = len_len - 1; i < len_len; i--) {
144 buf[i] = v;
145 v >>= 8;
146 }
147 return 1;
148}
149
150int
151CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len)
152{
153 if (!cbb->is_top_level)
154 return 0;
155
156 if (!CBB_flush(cbb))
157 return 0;
158
159 if (cbb->base->can_resize && (out_data == NULL || out_len == NULL))
160 /*
161 * |out_data| and |out_len| can only be NULL if the CBB is
162 * fixed.
163 */
164 return 0;
165
166 if (out_data != NULL)
167 *out_data = cbb->base->buf;
168
169 if (out_len != NULL)
170 *out_len = cbb->base->len;
171
172 cbb->base->buf = NULL;
173 CBB_cleanup(cbb);
174 return 1;
175}
176
177/*
178 * CBB_flush recurses and then writes out any pending length prefix. The current
179 * length of the underlying base is taken to be the length of the
180 * length-prefixed data.
181 */
182int
183CBB_flush(CBB *cbb)
184{
185 size_t child_start, i, len;
186
187 if (cbb->base == NULL)
188 return 0;
189
190 if (cbb->child == NULL || cbb->pending_len_len == 0)
191 return 1;
192
193 child_start = cbb->offset + cbb->pending_len_len;
194
195 if (!CBB_flush(cbb->child) || child_start < cbb->offset ||
196 cbb->base->len < child_start)
197 return 0;
198
199 len = cbb->base->len - child_start;
200
201 if (cbb->pending_is_asn1) {
202 /*
203 * For ASN.1, we assumed that we were using short form which
204 * only requires a single byte for the length octet.
205 *
206 * If it turns out that we need long form, we have to move
207 * the contents along in order to make space for more length
208 * octets.
209 */
210 size_t len_len = 1; /* total number of length octets */
211 uint8_t initial_length_byte;
212
213 /* We already wrote 1 byte for the length. */
214 if (cbb->pending_len_len != 1)
215 return 0;
216
217 /* Check for long form */
218 if (len > 0xfffffffe)
219 return 0; /* 0xffffffff is reserved */
220 else if (len > 0xffffff)
221 len_len = 5;
222 else if (len > 0xffff)
223 len_len = 4;
224 else if (len > 0xff)
225 len_len = 3;
226 else if (len > 0x7f)
227 len_len = 2;
228
229 if (len_len == 1) {
230 /* For short form, the initial byte is the length. */
231 initial_length_byte = len;
232 len = 0;
233
234 } else {
235 /*
236 * For long form, the initial byte is the number of
237 * subsequent length octets (plus bit 8 set).
238 */
239 initial_length_byte = 0x80 | (len_len - 1);
240
241 /*
242 * We need to move the contents along in order to make
243 * space for the long form length octets.
244 */
245 size_t extra_bytes = len_len - 1;
246 if (!cbb_buffer_add(cbb->base, NULL, extra_bytes))
247 return 0;
248
249 memmove(cbb->base->buf + child_start + extra_bytes,
250 cbb->base->buf + child_start, len);
251 }
252 cbb->base->buf[cbb->offset++] = initial_length_byte;
253 cbb->pending_len_len = len_len - 1;
254 }
255
256 for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) {
257 cbb->base->buf[cbb->offset + i] = len;
258 len >>= 8;
259 }
260 if (len != 0)
261 return 0;
262
263 cbb->child->base = NULL;
264 cbb->child = NULL;
265 cbb->pending_len_len = 0;
266 cbb->pending_is_asn1 = 0;
267 cbb->offset = 0;
268
269 return 1;
270}
271
272void
273CBB_discard_child(CBB *cbb)
274{
275 if (cbb->child == NULL)
276 return;
277
278 cbb->base->len = cbb->offset;
279
280 cbb->child->base = NULL;
281 cbb->child = NULL;
282 cbb->pending_len_len = 0;
283 cbb->pending_is_asn1 = 0;
284 cbb->offset = 0;
285}
286
287static int
288cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len)
289{
290 uint8_t *prefix_bytes;
291
292 if (!CBB_flush(cbb))
293 return 0;
294
295 cbb->offset = cbb->base->len;
296 if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len))
297 return 0;
298
299 memset(prefix_bytes, 0, len_len);
300 memset(out_contents, 0, sizeof(CBB));
301 out_contents->base = cbb->base;
302 cbb->child = out_contents;
303 cbb->pending_len_len = len_len;
304 cbb->pending_is_asn1 = 0;
305
306 return 1;
307}
308
309int
310CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents)
311{
312 return cbb_add_length_prefixed(cbb, out_contents, 1);
313}
314
315int
316CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents)
317{
318 return cbb_add_length_prefixed(cbb, out_contents, 2);
319}
320
321int
322CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents)
323{
324 return cbb_add_length_prefixed(cbb, out_contents, 3);
325}
326
327int
328CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag)
329{
330 if (tag > UINT8_MAX)
331 return 0;
332
333 /* Long form identifier octets are not supported. */
334 if ((tag & 0x1f) == 0x1f)
335 return 0;
336
337 /* Short-form identifier octet only needs a single byte */
338 if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag))
339 return 0;
340
341 /*
342 * Add 1 byte to cover the short-form length octet case. If it turns
343 * out we need long-form, it will be extended later.
344 */
345 cbb->offset = cbb->base->len;
346 if (!CBB_add_u8(cbb, 0))
347 return 0;
348
349 memset(out_contents, 0, sizeof(CBB));
350 out_contents->base = cbb->base;
351 cbb->child = out_contents;
352 cbb->pending_len_len = 1;
353 cbb->pending_is_asn1 = 1;
354
355 return 1;
356}
357
358int
359CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len)
360{
361 uint8_t *dest;
362
363 if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &dest, len))
364 return 0;
365
366 memcpy(dest, data, len);
367 return 1;
368}
369
370int
371CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len)
372{
373 if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len))
374 return 0;
375
376 memset(*out_data, 0, len);
377 return 1;
378}
379
380int
381CBB_add_u8(CBB *cbb, size_t value)
382{
383 if (value > UINT8_MAX)
384 return 0;
385
386 return cbb_add_u(cbb, (uint32_t)value, 1);
387}
388
389int
390CBB_add_u16(CBB *cbb, size_t value)
391{
392 if (value > UINT16_MAX)
393 return 0;
394
395 return cbb_add_u(cbb, (uint32_t)value, 2);
396}
397
398int
399CBB_add_u24(CBB *cbb, size_t value)
400{
401 if (value > 0xffffffUL)
402 return 0;
403
404 return cbb_add_u(cbb, (uint32_t)value, 3);
405}
406
407int
408CBB_add_u32(CBB *cbb, size_t value)
409{
410 if (value > 0xffffffffUL)
411 return 0;
412
413 return cbb_add_u(cbb, (uint32_t)value, 4);
414}
415
416int
417CBB_add_asn1_uint64(CBB *cbb, uint64_t value)
418{
419 CBB child;
420 size_t i;
421 int started = 0;
422
423 if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER))
424 return 0;
425
426 for (i = 0; i < 8; i++) {
427 uint8_t byte = (value >> 8 * (7 - i)) & 0xff;
428
429 /*
430 * ASN.1 restriction: first 9 bits cannot be all zeroes or
431 * all ones. Since this function only encodes unsigned
432 * integers, the only concerns are not encoding leading
433 * zeros and adding a padding byte if necessary.
434 *
435 * In practice, this means:
436 * 1) Skip leading octets of all zero bits in the value
437 * 2) After skipping the leading zero octets, if the next 9
438 * bits are all ones, add an all zero prefix octet (and
439 * set the high bit of the prefix octet if negative).
440 *
441 * Additionally, for an unsigned value, add an all zero
442 * prefix if the high bit of the first octet would be one.
443 */
444 if (!started) {
445 if (byte == 0)
446 /* Don't encode leading zeros. */
447 continue;
448
449 /*
450 * If the high bit is set, add a padding byte to make it
451 * unsigned.
452 */
453 if ((byte & 0x80) && !CBB_add_u8(&child, 0))
454 return 0;
455
456 started = 1;
457 }
458 if (!CBB_add_u8(&child, byte))
459 return 0;
460 }
461
462 /* 0 is encoded as a single 0, not the empty string. */
463 if (!started && !CBB_add_u8(&child, 0))
464 return 0;
465
466 return CBB_flush(cbb);
467}
diff --git a/src/lib/libcrypto/bytestring/bs_cbs.c b/src/lib/libcrypto/bytestring/bs_cbs.c
new file mode 100644
index 0000000000..06283abd94
--- /dev/null
+++ b/src/lib/libcrypto/bytestring/bs_cbs.c
@@ -0,0 +1,510 @@
1/* $OpenBSD: bs_cbs.c,v 1.1 2021/11/20 18:10:52 jsing Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdlib.h>
19#include <string.h>
20
21#include "bytestring.h"
22
23void
24CBS_init(CBS *cbs, const uint8_t *data, size_t len)
25{
26 cbs->data = data;
27 cbs->initial_len = len;
28 cbs->len = len;
29}
30
31void
32CBS_dup(const CBS *cbs, CBS *out)
33{
34 CBS_init(out, CBS_data(cbs), CBS_len(cbs));
35 out->initial_len = cbs->initial_len;
36}
37
38static int
39cbs_get(CBS *cbs, const uint8_t **p, size_t n)
40{
41 if (cbs->len < n)
42 return 0;
43
44 *p = cbs->data;
45 cbs->data += n;
46 cbs->len -= n;
47 return 1;
48}
49
50size_t
51CBS_offset(const CBS *cbs)
52{
53 return cbs->initial_len - cbs->len;
54}
55
56int
57CBS_skip(CBS *cbs, size_t len)
58{
59 const uint8_t *dummy;
60 return cbs_get(cbs, &dummy, len);
61}
62
63const uint8_t *
64CBS_data(const CBS *cbs)
65{
66 return cbs->data;
67}
68
69size_t
70CBS_len(const CBS *cbs)
71{
72 return cbs->len;
73}
74
75int
76CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len)
77{
78 free(*out_ptr);
79 *out_ptr = NULL;
80 *out_len = 0;
81
82 if (cbs->len == 0)
83 return 1;
84
85 if ((*out_ptr = malloc(cbs->len)) == NULL)
86 return 0;
87
88 memcpy(*out_ptr, cbs->data, cbs->len);
89
90 *out_len = cbs->len;
91 return 1;
92}
93
94int
95CBS_strdup(const CBS *cbs, char **out_ptr)
96{
97 free(*out_ptr);
98 *out_ptr = NULL;
99
100 if (CBS_contains_zero_byte(cbs))
101 return 0;
102
103 *out_ptr = strndup((const char *)cbs->data, cbs->len);
104 return (*out_ptr != NULL);
105}
106
107int
108CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, size_t *copied)
109{
110 if (dst_len < cbs->len)
111 return 0;
112
113 memmove(dst, cbs->data, cbs->len);
114
115 if (copied != NULL)
116 *copied = cbs->len;
117
118 return 1;
119}
120
121int
122CBS_contains_zero_byte(const CBS *cbs)
123{
124 return memchr(cbs->data, 0, cbs->len) != NULL;
125}
126
127int
128CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len)
129{
130 if (len != cbs->len)
131 return 0;
132
133 return timingsafe_memcmp(cbs->data, data, len) == 0;
134}
135
136static int
137cbs_get_u(CBS *cbs, uint32_t *out, size_t len)
138{
139 uint32_t result = 0;
140 size_t i;
141 const uint8_t *data;
142
143 if (len < 1 || len > 4)
144 return 0;
145
146 if (!cbs_get(cbs, &data, len))
147 return 0;
148
149 for (i = 0; i < len; i++) {
150 result <<= 8;
151 result |= data[i];
152 }
153 *out = result;
154 return 1;
155}
156
157int
158CBS_get_u8(CBS *cbs, uint8_t *out)
159{
160 const uint8_t *v;
161
162 if (!cbs_get(cbs, &v, 1))
163 return 0;
164
165 *out = *v;
166 return 1;
167}
168
169int
170CBS_get_u16(CBS *cbs, uint16_t *out)
171{
172 uint32_t v;
173
174 if (!cbs_get_u(cbs, &v, 2))
175 return 0;
176
177 *out = v;
178 return 1;
179}
180
181int
182CBS_get_u24(CBS *cbs, uint32_t *out)
183{
184 return cbs_get_u(cbs, out, 3);
185}
186
187int
188CBS_get_u32(CBS *cbs, uint32_t *out)
189{
190 return cbs_get_u(cbs, out, 4);
191}
192
193int
194CBS_get_bytes(CBS *cbs, CBS *out, size_t len)
195{
196 const uint8_t *v;
197
198 if (!cbs_get(cbs, &v, len))
199 return 0;
200
201 CBS_init(out, v, len);
202 return 1;
203}
204
205static int
206cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len)
207{
208 uint32_t len;
209
210 if (!cbs_get_u(cbs, &len, len_len))
211 return 0;
212
213 return CBS_get_bytes(cbs, out, len);
214}
215
216int
217CBS_get_u8_length_prefixed(CBS *cbs, CBS *out)
218{
219 return cbs_get_length_prefixed(cbs, out, 1);
220}
221
222int
223CBS_get_u16_length_prefixed(CBS *cbs, CBS *out)
224{
225 return cbs_get_length_prefixed(cbs, out, 2);
226}
227
228int
229CBS_get_u24_length_prefixed(CBS *cbs, CBS *out)
230{
231 return cbs_get_length_prefixed(cbs, out, 3);
232}
233
234int
235CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
236 size_t *out_header_len)
237{
238 return cbs_get_any_asn1_element_internal(cbs, out, out_tag,
239 out_header_len, 1);
240}
241
242/*
243 * Review X.690 for details on ASN.1 DER encoding.
244 *
245 * If non-strict mode is enabled, then DER rules are relaxed
246 * for indefinite constructs (violates DER but a little closer to BER).
247 * Non-strict mode should only be used by bs_ber.c
248 *
249 * Sections 8, 10 and 11 for DER encoding
250 */
251int
252cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag,
253 size_t *out_header_len, int strict)
254{
255 uint8_t tag, length_byte;
256 CBS header = *cbs;
257 CBS throwaway;
258 size_t len;
259
260 if (out == NULL)
261 out = &throwaway;
262
263 /*
264 * Get identifier octet and length octet. Only 1 octet for each
265 * is a CBS limitation.
266 */
267 if (!CBS_get_u8(&header, &tag) || !CBS_get_u8(&header, &length_byte))
268 return 0;
269
270 /* CBS limitation: long form tags are not supported. */
271 if ((tag & 0x1f) == 0x1f)
272 return 0;
273
274 if (out_tag != NULL)
275 *out_tag = tag;
276
277 if ((length_byte & 0x80) == 0) {
278 /* Short form length. */
279 len = ((size_t) length_byte) + 2;
280 if (out_header_len != NULL)
281 *out_header_len = 2;
282
283 } else {
284 /* Long form length. */
285 const size_t num_bytes = length_byte & 0x7f;
286 uint32_t len32;
287
288 /* ASN.1 reserved value for future extensions */
289 if (num_bytes == 0x7f)
290 return 0;
291
292 /* Handle indefinite form length */
293 if (num_bytes == 0) {
294 /* DER encoding doesn't allow for indefinite form. */
295 if (strict)
296 return 0;
297
298 /* Primitive cannot use indefinite in BER or DER. */
299 if ((tag & CBS_ASN1_CONSTRUCTED) == 0)
300 return 0;
301
302 /* Constructed, indefinite length allowed in BER. */
303 if (out_header_len != NULL)
304 *out_header_len = 2;
305 return CBS_get_bytes(cbs, out, 2);
306 }
307
308 /* CBS limitation. */
309 if (num_bytes > 4)
310 return 0;
311
312 if (!cbs_get_u(&header, &len32, num_bytes))
313 return 0;
314
315 /* DER has a minimum length octet requirement. */
316 if (len32 < 128)
317 /* Should have used short form instead */
318 return 0;
319
320 if ((len32 >> ((num_bytes - 1) * 8)) == 0)
321 /* Length should have been at least one byte shorter. */
322 return 0;
323
324 len = len32;
325 if (len + 2 + num_bytes < len)
326 /* Overflow. */
327 return 0;
328
329 len += 2 + num_bytes;
330 if (out_header_len != NULL)
331 *out_header_len = 2 + num_bytes;
332 }
333
334 return CBS_get_bytes(cbs, out, len);
335}
336
337static int
338cbs_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value, int skip_header)
339{
340 size_t header_len;
341 unsigned int tag;
342 CBS throwaway;
343
344 if (out == NULL)
345 out = &throwaway;
346
347 if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) ||
348 tag != tag_value)
349 return 0;
350
351 if (skip_header && !CBS_skip(out, header_len))
352 return 0;
353
354 return 1;
355}
356
357int
358CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value)
359{
360 return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */);
361}
362
363int
364CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value)
365{
366 return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */);
367}
368
369int
370CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value)
371{
372 if (CBS_len(cbs) < 1)
373 return 0;
374
375 /*
376 * Tag number 31 indicates the start of a long form number.
377 * This is valid in ASN.1, but CBS only supports short form.
378 */
379 if ((tag_value & 0x1f) == 0x1f)
380 return 0;
381
382 return CBS_data(cbs)[0] == tag_value;
383}
384
385/* Encoding details are in ASN.1: X.690 section 8.3 */
386int
387CBS_get_asn1_uint64(CBS *cbs, uint64_t *out)
388{
389 CBS bytes;
390 const uint8_t *data;
391 size_t i, len;
392
393 if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER))
394 return 0;
395
396 *out = 0;
397 data = CBS_data(&bytes);
398 len = CBS_len(&bytes);
399
400 if (len == 0)
401 /* An INTEGER is encoded with at least one content octet. */
402 return 0;
403
404 if ((data[0] & 0x80) != 0)
405 /* Negative number. */
406 return 0;
407
408 if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0)
409 /* Violates smallest encoding rule: excessive leading zeros. */
410 return 0;
411
412 for (i = 0; i < len; i++) {
413 if ((*out >> 56) != 0)
414 /* Too large to represent as a uint64_t. */
415 return 0;
416
417 *out <<= 8;
418 *out |= data[i];
419 }
420
421 return 1;
422}
423
424int
425CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned int tag)
426{
427 if (CBS_peek_asn1_tag(cbs, tag)) {
428 if (!CBS_get_asn1(cbs, out, tag))
429 return 0;
430
431 *out_present = 1;
432 } else {
433 *out_present = 0;
434 }
435 return 1;
436}
437
438int
439CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
440 unsigned int tag)
441{
442 CBS child;
443 int present;
444
445 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
446 return 0;
447
448 if (present) {
449 if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) ||
450 CBS_len(&child) != 0)
451 return 0;
452 } else {
453 CBS_init(out, NULL, 0);
454 }
455 if (out_present)
456 *out_present = present;
457
458 return 1;
459}
460
461int
462CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag,
463 uint64_t default_value)
464{
465 CBS child;
466 int present;
467
468 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
469 return 0;
470
471 if (present) {
472 if (!CBS_get_asn1_uint64(&child, out) ||
473 CBS_len(&child) != 0)
474 return 0;
475 } else {
476 *out = default_value;
477 }
478 return 1;
479}
480
481int
482CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag,
483 int default_value)
484{
485 CBS child, child2;
486 int present;
487
488 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
489 return 0;
490
491 if (present) {
492 uint8_t boolean;
493
494 if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
495 CBS_len(&child2) != 1 || CBS_len(&child) != 0)
496 return 0;
497
498 boolean = CBS_data(&child2)[0];
499 if (boolean == 0)
500 *out = 0;
501 else if (boolean == 0xff)
502 *out = 1;
503 else
504 return 0;
505
506 } else {
507 *out = default_value;
508 }
509 return 1;
510}
diff --git a/src/lib/libcrypto/bytestring/bytestring.h b/src/lib/libcrypto/bytestring/bytestring.h
new file mode 100644
index 0000000000..7728ef8de2
--- /dev/null
+++ b/src/lib/libcrypto/bytestring/bytestring.h
@@ -0,0 +1,518 @@
1/* $OpenBSD: bytestring.h,v 1.1 2021/11/20 18:10:52 jsing Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef OPENSSL_HEADER_BYTESTRING_H
19#define OPENSSL_HEADER_BYTESTRING_H
20
21#include <sys/types.h>
22#include <stdint.h>
23
24__BEGIN_HIDDEN_DECLS
25
26/*
27 * Bytestrings are used for parsing and building TLS and ASN.1 messages.
28 *
29 * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and
30 * provides utility functions for safely parsing length-prefixed structures
31 * like TLS and ASN.1 from it.
32 *
33 * A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and
34 * provides utility functions for building length-prefixed messages.
35 */
36
37/* CRYPTO ByteString */
38typedef struct cbs_st {
39 const uint8_t *data;
40 size_t initial_len;
41 size_t len;
42} CBS;
43
44/*
45 * CBS_init sets |cbs| to point to |data|. It does not take ownership of
46 * |data|.
47 */
48void CBS_init(CBS *cbs, const uint8_t *data, size_t len);
49
50/*
51 * CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero
52 * otherwise.
53 */
54int CBS_skip(CBS *cbs, size_t len);
55
56/*
57 * CBS_data returns a pointer to the contents of |cbs|.
58 */
59const uint8_t *CBS_data(const CBS *cbs);
60
61/*
62 * CBS_len returns the number of bytes remaining in |cbs|.
63 */
64size_t CBS_len(const CBS *cbs);
65
66/*
67 * CBS_offset returns the current offset into the original data of |cbs|.
68 */
69size_t CBS_offset(const CBS *cbs);
70
71/*
72 * CBS_stow copies the current contents of |cbs| into |*out_ptr| and
73 * |*out_len|. If |*out_ptr| is not NULL, the contents are freed with
74 * free. It returns one on success and zero on allocation failure. On
75 * success, |*out_ptr| should be freed with free. If |cbs| is empty,
76 * |*out_ptr| will be NULL.
77 */
78int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len);
79
80/*
81 * CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a
82 * NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed
83 * with free. It returns one on success and zero on allocation
84 * failure. On success, |*out_ptr| should be freed with free.
85 *
86 * NOTE: If |cbs| contains NUL bytes, the string will be truncated. Call
87 * |CBS_contains_zero_byte(cbs)| to check for NUL bytes.
88 */
89int CBS_strdup(const CBS *cbs, char **out_ptr);
90
91/*
92 * CBS_write_bytes writes all of the remaining data from |cbs| into |dst|
93 * if it is at most |dst_len| bytes. If |copied| is not NULL, it will be set
94 * to the amount copied. It returns one on success and zero otherwise.
95 */
96int CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len,
97 size_t *copied);
98
99/*
100 * CBS_contains_zero_byte returns one if the current contents of |cbs| contains
101 * a NUL byte and zero otherwise.
102 */
103int CBS_contains_zero_byte(const CBS *cbs);
104
105/*
106 * CBS_mem_equal compares the current contents of |cbs| with the |len| bytes
107 * starting at |data|. If they're equal, it returns one, otherwise zero. If the
108 * lengths match, it uses a constant-time comparison.
109 */
110int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len);
111
112/*
113 * CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It
114 * returns one on success and zero on error.
115 */
116int CBS_get_u8(CBS *cbs, uint8_t *out);
117
118/*
119 * CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and
120 * advances |cbs|. It returns one on success and zero on error.
121 */
122int CBS_get_u16(CBS *cbs, uint16_t *out);
123
124/*
125 * CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and
126 * advances |cbs|. It returns one on success and zero on error.
127 */
128int CBS_get_u24(CBS *cbs, uint32_t *out);
129
130/*
131 * CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|
132 * and advances |cbs|. It returns one on success and zero on error.
133 */
134int CBS_get_u32(CBS *cbs, uint32_t *out);
135
136/*
137 * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances
138 * |cbs|. It returns one on success and zero on error.
139 */
140int CBS_get_bytes(CBS *cbs, CBS *out, size_t len);
141
142/*
143 * CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit,
144 * length-prefixed value from |cbs| and advances |cbs| over it. It returns one
145 * on success and zero on error.
146 */
147int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out);
148
149/*
150 * CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit,
151 * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
152 * returns one on success and zero on error.
153 */
154int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out);
155
156/*
157 * CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit,
158 * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
159 * returns one on success and zero on error.
160 */
161int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out);
162
163
164/* Parsing ASN.1 */
165
166/*
167 * While an identifier can be multiple octets, this library only handles the
168 * single octet variety currently. This limits support up to tag number 30
169 * since tag number 31 is a reserved value to indicate multiple octets.
170 */
171
172/* Bits 8 and 7: class tag type: See X.690 section 8.1.2.2. */
173#define CBS_ASN1_UNIVERSAL 0x00
174#define CBS_ASN1_APPLICATION 0x40
175#define CBS_ASN1_CONTEXT_SPECIFIC 0x80
176#define CBS_ASN1_PRIVATE 0xc0
177
178/* Bit 6: Primitive or constructed: See X.690 section 8.1.2.3. */
179#define CBS_ASN1_PRIMITIVE 0x00
180#define CBS_ASN1_CONSTRUCTED 0x20
181
182/*
183 * Bits 5 to 1 are the tag number. See X.680 section 8.6 for tag numbers of
184 * the universal class.
185 */
186
187/*
188 * Common universal identifier octets.
189 * See X.690 section 8.1 and X.680 section 8.6 for universal tag numbers.
190 *
191 * Note: These definitions are the cause of some of the strange behavior in
192 * CBS's bs_ber.c.
193 *
194 * In BER, it is the sender's option to use primitive or constructed for
195 * bitstring (X.690 section 8.6.1) and octetstring (X.690 section 8.7.1).
196 *
197 * In DER, bitstring and octetstring are required to be primitive
198 * (X.690 section 10.2).
199 */
200#define CBS_ASN1_BOOLEAN (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x1)
201#define CBS_ASN1_INTEGER (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x2)
202#define CBS_ASN1_BITSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x3)
203#define CBS_ASN1_OCTETSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x4)
204#define CBS_ASN1_OBJECT (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x6)
205#define CBS_ASN1_ENUMERATED (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0xa)
206#define CBS_ASN1_SEQUENCE (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x10)
207#define CBS_ASN1_SET (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x11)
208
209/*
210 * CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not
211 * including tag and length bytes) and advances |cbs| over it. The ASN.1
212 * element must match |tag_value|. It returns one on success and zero
213 * on error.
214 *
215 * Tag numbers greater than 30 are not supported (i.e. short form only).
216 */
217int CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value);
218
219/*
220 * CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the
221 * ASN.1 header bytes too.
222 */
223int CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value);
224
225/*
226 * CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one
227 * if the next ASN.1 element on |cbs| would have tag |tag_value|. If
228 * |cbs| is empty or the tag does not match, it returns zero. Note: if
229 * it returns one, CBS_get_asn1 may still fail if the rest of the
230 * element is malformed.
231 */
232int CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value);
233
234/*
235 * CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
236 * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
237 * the tag number and |*out_header_len| to the length of the ASN.1 header.
238 * Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore
239 * the value.
240 *
241 * Tag numbers greater than 30 are not supported (i.e. short form only).
242 */
243int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
244 size_t *out_header_len);
245
246/*
247 * CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1|
248 * and sets |*out| to its value. It returns one on success and zero on error,
249 * where error includes the integer being negative, or too large to represent
250 * in 64 bits.
251 */
252int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out);
253
254/*
255 * CBS_get_optional_asn1 gets an optional explicitly-tagged element
256 * from |cbs| tagged with |tag| and sets |*out| to its contents. If
257 * present, it sets |*out_present| to one, otherwise zero. It returns
258 * one on success, whether or not the element was present, and zero on
259 * decode failure.
260 */
261int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
262 unsigned int tag);
263
264/*
265 * CBS_get_optional_asn1_octet_string gets an optional
266 * explicitly-tagged OCTET STRING from |cbs|. If present, it sets
267 * |*out| to the string and |*out_present| to one. Otherwise, it sets
268 * |*out| to empty and |*out_present| to zero. |out_present| may be
269 * NULL. It returns one on success, whether or not the element was
270 * present, and zero on decode failure.
271 */
272int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
273 unsigned int tag);
274
275/*
276 * CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged
277 * INTEGER from |cbs|. If present, it sets |*out| to the
278 * value. Otherwise, it sets |*out| to |default_value|. It returns one
279 * on success, whether or not the element was present, and zero on
280 * decode failure.
281 */
282int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag,
283 uint64_t default_value);
284
285/*
286 * CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from
287 * |cbs|. If present, it sets |*out| to either zero or one, based on the
288 * boolean. Otherwise, it sets |*out| to |default_value|. It returns one on
289 * success, whether or not the element was present, and zero on decode
290 * failure.
291 */
292int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag,
293 int default_value);
294
295
296/*
297 * CRYPTO ByteBuilder.
298 *
299 * |CBB| objects allow one to build length-prefixed serialisations. A |CBB|
300 * object is associated with a buffer and new buffers are created with
301 * |CBB_init|. Several |CBB| objects can point at the same buffer when a
302 * length-prefix is pending, however only a single |CBB| can be 'current' at
303 * any one time. For example, if one calls |CBB_add_u8_length_prefixed| then
304 * the new |CBB| points at the same buffer as the original. But if the original
305 * |CBB| is used then the length prefix is written out and the new |CBB| must
306 * not be used again.
307 *
308 * If one needs to force a length prefix to be written out because a |CBB| is
309 * going out of scope, use |CBB_flush|.
310 */
311
312struct cbb_buffer_st {
313 uint8_t *buf;
314
315 /* The number of valid bytes. */
316 size_t len;
317
318 /* The size of buf. */
319 size_t cap;
320
321 /*
322 * One iff |buf| is owned by this object. If not then |buf| cannot be
323 * resized.
324 */
325 char can_resize;
326};
327
328typedef struct cbb_st {
329 struct cbb_buffer_st *base;
330
331 /*
332 * offset is the offset from the start of |base->buf| to the position of any
333 * pending length-prefix.
334 */
335 size_t offset;
336
337 /* child points to a child CBB if a length-prefix is pending. */
338 struct cbb_st *child;
339
340 /*
341 * pending_len_len contains the number of bytes in a pending length-prefix,
342 * or zero if no length-prefix is pending.
343 */
344 uint8_t pending_len_len;
345
346 char pending_is_asn1;
347
348 /*
349 * is_top_level is true iff this is a top-level |CBB| (as opposed to a child
350 * |CBB|). Top-level objects are valid arguments for |CBB_finish|.
351 */
352 char is_top_level;
353} CBB;
354
355/*
356 * CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as
357 * needed, the |initial_capacity| is just a hint. It returns one on success or
358 * zero on error.
359 */
360int CBB_init(CBB *cbb, size_t initial_capacity);
361
362/*
363 * CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since
364 * |buf| cannot grow, trying to write more than |len| bytes will cause CBB
365 * functions to fail. It returns one on success or zero on error.
366 */
367int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len);
368
369/*
370 * CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects
371 * writing to the same buffer. This should be used in an error case where a
372 * serialisation is abandoned.
373 */
374void CBB_cleanup(CBB *cbb);
375
376/*
377 * CBB_finish completes any pending length prefix and sets |*out_data| to a
378 * malloced buffer and |*out_len| to the length of that buffer. The caller
379 * takes ownership of the buffer and, unless the buffer was fixed with
380 * |CBB_init_fixed|, must call |free| when done.
381 *
382 * It can only be called on a "top level" |CBB|, i.e. one initialised with
383 * |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on
384 * error.
385 */
386int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len);
387
388/*
389 * CBB_flush causes any pending length prefixes to be written out and any child
390 * |CBB| objects of |cbb| to be invalidated. It returns one on success or zero
391 * on error.
392 */
393int CBB_flush(CBB *cbb);
394
395/*
396 * CBB_discard_child discards the current unflushed child of |cbb|. Neither the
397 * child's contents nor the length prefix will be included in the output.
398 */
399void CBB_discard_child(CBB *cbb);
400
401/*
402 * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
403 * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit
404 * length. It returns one on success or zero on error.
405 */
406int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents);
407
408/*
409 * CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|.
410 * The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit,
411 * big-endian length. It returns one on success or zero on error.
412 */
413int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents);
414
415/*
416 * CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|.
417 * The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit,
418 * big-endian length. It returns one on success or zero on error.
419 */
420int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents);
421
422/*
423 * CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an
424 * ASN.1 object can be written. The |tag| argument will be used as the tag for
425 * the object. Passing in |tag| number 31 will return in an error since only
426 * single octet identifiers are supported. It returns one on success or zero
427 * on error.
428 */
429int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag);
430
431/*
432 * CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on
433 * success and zero otherwise.
434 */
435int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len);
436
437/*
438 * CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to
439 * the beginning of that space. The caller must then write |len| bytes of
440 * actual contents to |*out_data|. It returns one on success and zero
441 * otherwise.
442 */
443int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len);
444
445/*
446 * CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on
447 * success and zero otherwise.
448 */
449int CBB_add_u8(CBB *cbb, size_t value);
450
451/*
452 * CBB_add_u8 appends a 16-bit, big-endian number from |value| to |cbb|. It
453 * returns one on success and zero otherwise.
454 */
455int CBB_add_u16(CBB *cbb, size_t value);
456
457/*
458 * CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It
459 * returns one on success and zero otherwise.
460 */
461int CBB_add_u24(CBB *cbb, size_t value);
462
463/*
464 * CBB_add_u32 appends a 32-bit, big-endian number from |value| to |cbb|. It
465 * returns one on success and zero otherwise.
466 */
467int CBB_add_u32(CBB *cbb, size_t value);
468
469/*
470 * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1|
471 * and writes |value| in its contents. It returns one on success and zero on
472 * error.
473 */
474int CBB_add_asn1_uint64(CBB *cbb, uint64_t value);
475
476#ifdef LIBRESSL_INTERNAL
477/*
478 * CBS_dup sets |out| to point to cbs's |data| and |len|. It results in two
479 * CBS that point to the same buffer.
480 */
481void CBS_dup(const CBS *cbs, CBS *out);
482
483/*
484 * cbs_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
485 * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
486 * the tag number and |*out_header_len| to the length of the ASN.1 header. If
487 * strict mode is disabled and the element has indefinite length then |*out|
488 * will only contain the header. Each of |out|, |out_tag|, and
489 * |out_header_len| may be NULL to ignore the value.
490 *
491 * Tag numbers greater than 30 are not supported (i.e. short form only).
492 */
493int cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag,
494 size_t *out_header_len, int strict);
495
496/*
497 * CBS_asn1_indefinite_to_definite reads an ASN.1 structure from |in|. If it
498 * finds indefinite-length elements that otherwise appear to be valid DER, it
499 * attempts to convert the DER-like data to DER and sets |*out| and
500 * |*out_length| to describe a malloced buffer containing the DER data.
501 * Additionally, |*in| will be advanced over the ASN.1 data.
502 *
503 * If it doesn't find any indefinite-length elements then it sets |*out| to
504 * NULL and |*in| is unmodified.
505 *
506 * This is NOT a conversion from BER to DER. There are many restrictions when
507 * dealing with DER data. This is only concerned with one: indefinite vs.
508 * definite form. However, this suffices to handle the PKCS#7 and PKCS#12 output
509 * from NSS.
510 *
511 * It returns one on success and zero otherwise.
512 */
513int CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len);
514#endif /* LIBRESSL_INTERNAL */
515
516__END_HIDDEN_DECLS
517
518#endif /* OPENSSL_HEADER_BYTESTRING_H */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 00:38:19 +0000