robin.thoni
/
ipxe
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 11 Wiki Aktywność
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4076 Commity
2 Gałęzie
Drzewo: 196751ce95
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z '196751ce95'
${ noResults }
ipxe/src/crypto/asn1.c

asn1.c 10KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402 
  1. /*

  2.  * Copyright (C) 2007 Michael Brown <mbrown@fensystems.co.uk>.

  3.  *

  4.  * This program is free software; you can redistribute it and/or

  5.  * modify it under the terms of the GNU General Public License as

  6.  * published by the Free Software Foundation; either version 2 of the

  7.  * License, or any later version.

  8.  *

  9.  * This program is distributed in the hope that it will be useful, but

  10.  * WITHOUT ANY WARRANTY; without even the implied warranty of

  11.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  12.  * General Public License for more details.

  13.  *

  14.  * You should have received a copy of the GNU General Public License

  15.  * along with this program; if not, write to the Free Software

  16.  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

  17.  */

  18. 

  19. FILE_LICENCE ( GPL2_OR_LATER );

  20. 

  21. #include <stdint.h>

  22. #include <stddef.h>

  23. #include <string.h>

  24. #include <errno.h>

  25. #include <ipxe/tables.h>

  26. #include <ipxe/asn1.h>

  27. 

  28. /** @file

  29.  *

  30.  * ASN.1 encoding

  31.  *

  32.  */

  33. 

  34. /* Disambiguate the various error causes */

  35. #define EINVAL_ASN1_EMPTY \

  36. 	__einfo_error ( EINFO_EINVAL_ASN1_EMPTY )

  37. #define EINFO_EINVAL_ASN1_EMPTY \

  38. 	__einfo_uniqify ( EINFO_EINVAL, 0x01, "Empty or underlength cursor" )

  39. #define EINVAL_ASN1_LEN_LEN \

  40. 	__einfo_error ( EINFO_EINVAL_ASN1_LEN_LEN )

  41. #define EINFO_EINVAL_ASN1_LEN_LEN \

  42. 	__einfo_uniqify ( EINFO_EINVAL, 0x02, "Length field overruns cursor" )

  43. #define EINVAL_ASN1_LEN \

  44. 	__einfo_error ( EINFO_EINVAL_ASN1_LEN )

  45. #define EINFO_EINVAL_ASN1_LEN \

  46. 	__einfo_uniqify ( EINFO_EINVAL, 0x03, "Field overruns cursor" )

  47. #define EINVAL_ASN1_BOOLEAN \

  48. 	__einfo_error ( EINFO_EINVAL_ASN1_BOOLEAN )

  49. #define EINFO_EINVAL_ASN1_BOOLEAN \

  50. 	__einfo_uniqify ( EINFO_EINVAL, 0x04, "Invalid boolean" )

  51. #define EINVAL_ASN1_INTEGER \

  52. 	__einfo_error ( EINFO_EINVAL_ASN1_INTEGER )

  53. #define EINFO_EINVAL_ASN1_INTEGER \

  54. 	__einfo_uniqify ( EINFO_EINVAL, 0x04, "Invalid integer" )

  55. 

  56. /**

  57.  * Invalidate ASN.1 object cursor

  58.  *

  59.  * @v cursor		ASN.1 object cursor

  60.  */

  61. void asn1_invalidate_cursor ( struct asn1_cursor *cursor ) {

  62. 	static uint8_t asn1_invalid_object[] = { ASN1_END, 0 };

  63. 

  64. 	cursor->data = asn1_invalid_object;

  65. 	cursor->len = 0;

  66. }

  67. 

  68. /**

  69.  * Start parsing ASN.1 object

  70.  *

  71.  * @v cursor		ASN.1 object cursor

  72.  * @v type		Expected type, or ASN1_ANY

  73.  * @ret len		Length of object body, or negative error

  74.  *

  75.  * The object cursor will be updated to point to the start of the

  76.  * object body (i.e. the first byte following the length byte(s)), and

  77.  * the length of the object body (i.e. the number of bytes until the

  78.  * following object tag, if any) is returned.

  79.  */

  80. static int asn1_start ( struct asn1_cursor *cursor, unsigned int type ) {

  81. 	unsigned int len_len;

  82. 	unsigned int len;

  83. 

  84. 	/* Sanity check */

  85. 	if ( cursor->len < 2 /* Tag byte and first length byte */ ) {

  86. 		if ( cursor->len )

  87. 			DBGC ( cursor, "ASN1 %p too short\n", cursor );

  88. 		return -EINVAL_ASN1_EMPTY;

  89. 	}

  90. 

  91. 	/* Check the tag byte */

  92. 	if ( ( type != ASN1_ANY ) && ( type != asn1_type ( cursor ) ) ) {

  93. 		DBGC ( cursor, "ASN1 %p type mismatch (expected %d, got %d)\n",

  94. 		       cursor, type, *( ( uint8_t * ) cursor->data ) );

  95. 		return -ENXIO;

  96. 	}

  97. 	cursor->data++;

  98. 	cursor->len--;

  99. 

  100. 	/* Extract length of the length field and sanity check */

  101. 	len_len = *( ( uint8_t * ) cursor->data );

  102. 	if ( len_len & 0x80 ) {

  103. 		len_len = ( len_len & 0x7f );

  104. 		cursor->data++;

  105. 		cursor->len--;

  106. 	} else {

  107. 		len_len = 1;

  108. 	}

  109. 	if ( cursor->len < len_len ) {

  110. 		DBGC ( cursor, "ASN1 %p bad length field length %d (max "

  111. 		       "%zd)\n", cursor, len_len, cursor->len );

  112. 		return -EINVAL_ASN1_LEN_LEN;

  113. 	}

  114. 

  115. 	/* Extract the length and sanity check */

  116. 	for ( len = 0 ; len_len ; len_len-- ) {

  117. 		len <<= 8;

  118. 		len |= *( ( uint8_t * ) cursor->data );

  119. 		cursor->data++;

  120. 		cursor->len--;

  121. 	}

  122. 	if ( cursor->len < len ) {

  123. 		DBGC ( cursor, "ASN1 %p bad length %d (max %zd)\n",

  124. 		       cursor, len, cursor->len );

  125. 		return -EINVAL_ASN1_LEN;

  126. 	}

  127. 

  128. 	return len;

  129. }

  130. 

  131. /**

  132.  * Enter ASN.1 object

  133.  *

  134.  * @v cursor		ASN.1 object cursor

  135.  * @v type		Expected type, or ASN1_ANY

  136.  * @ret rc		Return status code

  137.  *

  138.  * The object cursor will be updated to point to the body of the

  139.  * current ASN.1 object.  If any error occurs, the object cursor will

  140.  * be invalidated.

  141.  */

  142. int asn1_enter ( struct asn1_cursor *cursor, unsigned int type ) {

  143. 	int len;

  144. 

  145. 	len = asn1_start ( cursor, type );

  146. 	if ( len < 0 ) {

  147. 		asn1_invalidate_cursor ( cursor );

  148. 		return len;

  149. 	}

  150. 

  151. 	cursor->len = len;

  152. 	DBGC ( cursor, "ASN1 %p entered object type %02x (len %x)\n",

  153. 	       cursor, type, len );

  154. 

  155. 	return 0;

  156. }

  157. 

  158. /**

  159.  * Skip ASN.1 object if present

  160.  *

  161.  * @v cursor		ASN.1 object cursor

  162.  * @v type		Expected type, or ASN1_ANY

  163.  * @ret rc		Return status code

  164.  *

  165.  * The object cursor will be updated to point to the next ASN.1

  166.  * object.  If any error occurs, the object cursor will not be

  167.  * modified.

  168.  */

  169. int asn1_skip_if_exists ( struct asn1_cursor *cursor, unsigned int type ) {

  170. 	int len;

  171. 

  172. 	len = asn1_start ( cursor, type );

  173. 	if ( len < 0 )

  174. 		return len;

  175. 

  176. 	cursor->data += len;

  177. 	cursor->len -= len;

  178. 	DBGC ( cursor, "ASN1 %p skipped object type %02x (len %x)\n",

  179. 	       cursor, type, len );

  180. 

  181. 	if ( ! cursor->len ) {

  182. 		DBGC ( cursor, "ASN1 %p reached end of object\n", cursor );

  183. 		return -ENOENT;

  184. 	}

  185. 

  186. 	return 0;

  187. }

  188. 

  189. /**

  190.  * Skip ASN.1 object

  191.  *

  192.  * @v cursor		ASN.1 object cursor

  193.  * @v type		Expected type, or ASN1_ANY

  194.  * @ret rc		Return status code

  195.  *

  196.  * The object cursor will be updated to point to the next ASN.1

  197.  * object.  If any error occurs, the object cursor will be

  198.  * invalidated.

  199.  */

  200. int asn1_skip ( struct asn1_cursor *cursor, unsigned int type ) {

  201. 	int rc;

  202. 

  203. 	if ( ( rc = asn1_skip_if_exists ( cursor, type ) ) != 0 ) {

  204. 		asn1_invalidate_cursor ( cursor );

  205. 		return rc;

  206. 	}

  207. 

  208. 	return 0;

  209. }

  210. 

  211. /**

  212.  * Shrink ASN.1 cursor to fit object

  213.  *

  214.  * @v cursor		ASN.1 object cursor

  215.  * @v type		Expected type, or ASN1_ANY

  216.  * @ret rc		Return status code

  217.  *

  218.  * The object cursor will be shrunk to contain only the current ASN.1

  219.  * object.  If any error occurs, the object cursor will be

  220.  * invalidated.

  221.  */

  222. int asn1_shrink ( struct asn1_cursor *cursor, unsigned int type ) {

  223. 	struct asn1_cursor temp;

  224. 	const void *end;

  225. 	int len;

  226. 

  227. 	/* Find end of object */

  228. 	memcpy ( &temp, cursor, sizeof ( temp ) );

  229. 	len = asn1_start ( &temp, type );

  230. 	if ( len < 0 ) {

  231. 		asn1_invalidate_cursor ( cursor );

  232. 		return len;

  233. 	}

  234. 	end = ( temp.data + len );

  235. 

  236. 	/* Shrink original cursor to contain only its first object */

  237. 	cursor->len = ( end - cursor->data );

  238. 

  239. 	return 0;

  240. }

  241. 

  242. /**

  243.  * Enter ASN.1 object of any type

  244.  *

  245.  * @v cursor		ASN.1 object cursor

  246.  * @ret rc		Return status code

  247.  */

  248. int asn1_enter_any ( struct asn1_cursor *cursor ) {

  249. 	return asn1_enter ( cursor, ASN1_ANY );

  250. }

  251. 

  252. /**

  253.  * Skip ASN.1 object of any type

  254.  *

  255.  * @v cursor		ASN.1 object cursor

  256.  * @ret rc		Return status code

  257.  */

  258. int asn1_skip_any ( struct asn1_cursor *cursor ) {

  259. 	return asn1_skip ( cursor, ASN1_ANY );

  260. }

  261. 

  262. /**

  263.  * Shrink ASN.1 object of any type

  264.  *

  265.  * @v cursor		ASN.1 object cursor

  266.  * @ret rc		Return status code

  267.  */

  268. int asn1_shrink_any ( struct asn1_cursor *cursor ) {

  269. 	return asn1_shrink ( cursor, ASN1_ANY );

  270. }

  271. 

  272. /**

  273.  * Parse value of ASN.1 boolean

  274.  *

  275.  * @v cursor		ASN.1 object cursor

  276.  * @ret value		Value, or negative error

  277.  */

  278. int asn1_boolean ( const struct asn1_cursor *cursor ) {

  279. 	struct asn1_cursor contents;

  280. 	const struct asn1_boolean *boolean;

  281. 

  282. 	/* Enter boolean */

  283. 	memcpy ( &contents, cursor, sizeof ( contents ) );

  284. 	asn1_enter ( &contents, ASN1_BOOLEAN );

  285. 	if ( contents.len != sizeof ( *boolean ) )

  286. 		return -EINVAL_ASN1_BOOLEAN;

  287. 

  288. 	/* Extract value */

  289. 	boolean = contents.data;

  290. 	return boolean->value;

  291. }

  292. 

  293. /**

  294.  * Parse value of ASN.1 integer

  295.  *

  296.  * @v cursor		ASN.1 object cursor

  297.  * @v value		Value to fill in

  298.  * @ret rc		Return status code

  299.  */

  300. int asn1_integer ( const struct asn1_cursor *cursor, int *value ) {

  301. 	struct asn1_cursor contents;

  302. 	uint8_t high_byte;

  303. 	int rc;

  304. 

  305. 	/* Enter integer */

  306. 	memcpy ( &contents, cursor, sizeof ( contents ) );

  307. 	if ( ( rc = asn1_enter ( &contents, ASN1_INTEGER ) ) != 0 )

  308. 		return rc;

  309. 	if ( contents.len < 1 )

  310. 		return -EINVAL_ASN1_INTEGER;

  311. 

  312. 	/* Initialise value according to sign byte */

  313. 	*value = *( ( int8_t * ) contents.data );

  314. 	contents.data++;

  315. 	contents.len--;

  316. 

  317. 	/* Process value */

  318. 	while ( contents.len ) {

  319. 		high_byte = ( (*value) >> ( 8 * ( sizeof ( *value ) - 1 ) ) );

  320. 		if ( ( high_byte != 0x00 ) && ( high_byte != 0xff ) ) {

  321. 			DBGC ( cursor, "ASN1 %p integer overflow\n", cursor );

  322. 			return -EINVAL_ASN1_INTEGER;

  323. 		}

  324. 		*value = ( ( *value << 8 ) | *( ( uint8_t * ) contents.data ) );

  325. 		contents.data++;

  326. 		contents.len--;

  327. 	}

  328. 

  329. 	return 0;

  330. }

  331. 

  332. /**

  333.  * Compare two ASN.1 objects

  334.  *

  335.  * @v cursor1		ASN.1 object cursor

  336.  * @v cursor2		ASN.1 object cursor

  337.  * @ret difference	Difference as returned by memcmp()

  338.  *

  339.  * Note that invalid and empty cursors will compare as equal with each

  340.  * other.

  341.  */

  342. int asn1_compare ( const struct asn1_cursor *cursor1,

  343. 		   const struct asn1_cursor *cursor2 ) {

  344. 	int difference;

  345. 

  346. 	difference = ( cursor2->len - cursor1->len );

  347. 	return ( difference ? difference :

  348. 		 memcmp ( cursor1->data, cursor2->data, cursor1->len ) );

  349. }

  350. 

  351. /**

  352.  * Identify ASN.1 algorithm by OID

  353.  *

  354.  * @v cursor		ASN.1 object cursor

  355. 

  356.  * @ret algorithm	Algorithm, or NULL

  357.  */

  358. static struct asn1_algorithm *

  359. asn1_find_algorithm ( const struct asn1_cursor *cursor ) {

  360. 	struct asn1_algorithm *algorithm;

  361. 

  362. 	for_each_table_entry ( algorithm, ASN1_ALGORITHMS ) {

  363. 		if ( asn1_compare ( &algorithm->oid, cursor ) == 0 )

  364. 			return algorithm;

  365. 	}

  366. 

  367. 	return NULL;

  368. }

  369. 

  370. /**

  371.  * Parse ASN.1 OID-identified algorithm

  372.  *

  373.  * @v cursor		ASN.1 object cursor

  374.  * @ret algorithm	Algorithm, or NULL

  375.  */

  376. struct asn1_algorithm * asn1_algorithm ( const struct asn1_cursor *cursor ) {

  377. 	struct asn1_cursor contents;

  378. 	struct asn1_algorithm *algorithm;

  379. 	int rc;

  380. 

  381. 	/* Enter signatureAlgorithm */

  382. 	memcpy ( &contents, cursor, sizeof ( contents ) );

  383. 	asn1_enter ( &contents, ASN1_SEQUENCE );

  384. 

  385. 	/* Enter algorithm */

  386. 	if ( ( rc = asn1_enter ( &contents, ASN1_OID ) ) != 0 ) {

  387. 		DBGC ( cursor, "ASN1 %p cannot locate algorithm OID:\n",

  388. 		       cursor );

  389. 		DBGC_HDA ( cursor, 0, cursor->data, cursor->len );

  390. 		return NULL;

  391. 	}

  392. 

  393. 	/* Identify algorithm */

  394. 	algorithm = asn1_find_algorithm ( &contents );

  395. 	if ( ! algorithm ) {

  396. 		DBGC ( cursor, "ASN1 %p unrecognised algorithm:\n", cursor );

  397. 		DBGC_HDA ( cursor, 0, cursor->data, cursor->len );

  398. 		return NULL;

  399. 	}

  400. 

  401. 	return algorithm;

  402. }