forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
452 lines
10 KiB
452 lines
10 KiB
// SPDX-License-Identifier: GPL-2.0-only |
|
/* |
|
* Simple encoder primitives for ASN.1 BER/DER/CER |
|
* |
|
* Copyright (C) 2019 [email protected] |
|
*/ |
|
|
|
#include <linux/asn1_encoder.h> |
|
#include <linux/bug.h> |
|
#include <linux/string.h> |
|
#include <linux/module.h> |
|
|
|
/** |
|
* asn1_encode_integer() - encode positive integer to ASN.1 |
|
* @data: pointer to the pointer to the data |
|
* @end_data: end of data pointer, points one beyond last usable byte in @data |
|
* @integer: integer to be encoded |
|
* |
|
* This is a simplified encoder: it only currently does |
|
* positive integers, but it should be simple enough to add the |
|
* negative case if a use comes along. |
|
*/ |
|
unsigned char * |
|
asn1_encode_integer(unsigned char *data, const unsigned char *end_data, |
|
s64 integer) |
|
{ |
|
int data_len = end_data - data; |
|
unsigned char *d = &data[2]; |
|
bool found = false; |
|
int i; |
|
|
|
if (WARN(integer < 0, |
|
"BUG: integer encode only supports positive integers")) |
|
return ERR_PTR(-EINVAL); |
|
|
|
if (IS_ERR(data)) |
|
return data; |
|
|
|
/* need at least 3 bytes for tag, length and integer encoding */ |
|
if (data_len < 3) |
|
return ERR_PTR(-EINVAL); |
|
|
|
/* remaining length where at d (the start of the integer encoding) */ |
|
data_len -= 2; |
|
|
|
data[0] = _tag(UNIV, PRIM, INT); |
|
if (integer == 0) { |
|
*d++ = 0; |
|
goto out; |
|
} |
|
|
|
for (i = sizeof(integer); i > 0 ; i--) { |
|
int byte = integer >> (8 * (i - 1)); |
|
|
|
if (!found && byte == 0) |
|
continue; |
|
|
|
/* |
|
* for a positive number the first byte must have bit |
|
* 7 clear in two's complement (otherwise it's a |
|
* negative number) so prepend a leading zero if |
|
* that's not the case |
|
*/ |
|
if (!found && (byte & 0x80)) { |
|
/* |
|
* no check needed here, we already know we |
|
* have len >= 1 |
|
*/ |
|
*d++ = 0; |
|
data_len--; |
|
} |
|
|
|
found = true; |
|
if (data_len == 0) |
|
return ERR_PTR(-EINVAL); |
|
|
|
*d++ = byte; |
|
data_len--; |
|
} |
|
|
|
out: |
|
data[1] = d - data - 2; |
|
|
|
return d; |
|
} |
|
EXPORT_SYMBOL_GPL(asn1_encode_integer); |
|
|
|
/* calculate the base 128 digit values setting the top bit of the first octet */ |
|
static int asn1_encode_oid_digit(unsigned char **_data, int *data_len, u32 oid) |
|
{ |
|
unsigned char *data = *_data; |
|
int start = 7 + 7 + 7 + 7; |
|
int ret = 0; |
|
|
|
if (*data_len < 1) |
|
return -EINVAL; |
|
|
|
/* quick case */ |
|
if (oid == 0) { |
|
*data++ = 0x80; |
|
(*data_len)--; |
|
goto out; |
|
} |
|
|
|
while (oid >> start == 0) |
|
start -= 7; |
|
|
|
while (start > 0 && *data_len > 0) { |
|
u8 byte; |
|
|
|
byte = oid >> start; |
|
oid = oid - (byte << start); |
|
start -= 7; |
|
byte |= 0x80; |
|
*data++ = byte; |
|
(*data_len)--; |
|
} |
|
|
|
if (*data_len > 0) { |
|
*data++ = oid; |
|
(*data_len)--; |
|
} else { |
|
ret = -EINVAL; |
|
} |
|
|
|
out: |
|
*_data = data; |
|
return ret; |
|
} |
|
|
|
/** |
|
* asn1_encode_oid() - encode an oid to ASN.1 |
|
* @data: position to begin encoding at |
|
* @end_data: end of data pointer, points one beyond last usable byte in @data |
|
* @oid: array of oids |
|
* @oid_len: length of oid array |
|
* |
|
* this encodes an OID up to ASN.1 when presented as an array of OID values |
|
*/ |
|
unsigned char * |
|
asn1_encode_oid(unsigned char *data, const unsigned char *end_data, |
|
u32 oid[], int oid_len) |
|
{ |
|
int data_len = end_data - data; |
|
unsigned char *d = data + 2; |
|
int i, ret; |
|
|
|
if (WARN(oid_len < 2, "OID must have at least two elements")) |
|
return ERR_PTR(-EINVAL); |
|
|
|
if (WARN(oid_len > 32, "OID is too large")) |
|
return ERR_PTR(-EINVAL); |
|
|
|
if (IS_ERR(data)) |
|
return data; |
|
|
|
|
|
/* need at least 3 bytes for tag, length and OID encoding */ |
|
if (data_len < 3) |
|
return ERR_PTR(-EINVAL); |
|
|
|
data[0] = _tag(UNIV, PRIM, OID); |
|
*d++ = oid[0] * 40 + oid[1]; |
|
|
|
data_len -= 3; |
|
|
|
for (i = 2; i < oid_len; i++) { |
|
ret = asn1_encode_oid_digit(&d, &data_len, oid[i]); |
|
if (ret < 0) |
|
return ERR_PTR(ret); |
|
} |
|
|
|
data[1] = d - data - 2; |
|
|
|
return d; |
|
} |
|
EXPORT_SYMBOL_GPL(asn1_encode_oid); |
|
|
|
/** |
|
* asn1_encode_length() - encode a length to follow an ASN.1 tag |
|
* @data: pointer to encode at |
|
* @data_len: pointer to remaining length (adjusted by routine) |
|
* @len: length to encode |
|
* |
|
* This routine can encode lengths up to 65535 using the ASN.1 rules. |
|
* It will accept a negative length and place a zero length tag |
|
* instead (to keep the ASN.1 valid). This convention allows other |
|
* encoder primitives to accept negative lengths as singalling the |
|
* sequence will be re-encoded when the length is known. |
|
*/ |
|
static int asn1_encode_length(unsigned char **data, int *data_len, int len) |
|
{ |
|
if (*data_len < 1) |
|
return -EINVAL; |
|
|
|
if (len < 0) { |
|
*((*data)++) = 0; |
|
(*data_len)--; |
|
return 0; |
|
} |
|
|
|
if (len <= 0x7f) { |
|
*((*data)++) = len; |
|
(*data_len)--; |
|
return 0; |
|
} |
|
|
|
if (*data_len < 2) |
|
return -EINVAL; |
|
|
|
if (len <= 0xff) { |
|
*((*data)++) = 0x81; |
|
*((*data)++) = len & 0xff; |
|
*data_len -= 2; |
|
return 0; |
|
} |
|
|
|
if (*data_len < 3) |
|
return -EINVAL; |
|
|
|
if (len <= 0xffff) { |
|
*((*data)++) = 0x82; |
|
*((*data)++) = (len >> 8) & 0xff; |
|
*((*data)++) = len & 0xff; |
|
*data_len -= 3; |
|
return 0; |
|
} |
|
|
|
if (WARN(len > 0xffffff, "ASN.1 length can't be > 0xffffff")) |
|
return -EINVAL; |
|
|
|
if (*data_len < 4) |
|
return -EINVAL; |
|
*((*data)++) = 0x83; |
|
*((*data)++) = (len >> 16) & 0xff; |
|
*((*data)++) = (len >> 8) & 0xff; |
|
*((*data)++) = len & 0xff; |
|
*data_len -= 4; |
|
|
|
return 0; |
|
} |
|
|
|
/** |
|
* asn1_encode_tag() - add a tag for optional or explicit value |
|
* @data: pointer to place tag at |
|
* @end_data: end of data pointer, points one beyond last usable byte in @data |
|
* @tag: tag to be placed |
|
* @string: the data to be tagged |
|
* @len: the length of the data to be tagged |
|
* |
|
* Note this currently only handles short form tags < 31. |
|
* |
|
* Standard usage is to pass in a @tag, @string and @length and the |
|
* @string will be ASN.1 encoded with @tag and placed into @data. If |
|
* the encoding would put data past @end_data then an error is |
|
* returned, otherwise a pointer to a position one beyond the encoding |
|
* is returned. |
|
* |
|
* To encode in place pass a NULL @string and -1 for @len and the |
|
* maximum allowable beginning and end of the data; all this will do |
|
* is add the current maximum length and update the data pointer to |
|
* the place where the tag contents should be placed is returned. The |
|
* data should be copied in by the calling routine which should then |
|
* repeat the prior statement but now with the known length. In order |
|
* to avoid having to keep both before and after pointers, the repeat |
|
* expects to be called with @data pointing to where the first encode |
|
* returned it and still NULL for @string but the real length in @len. |
|
*/ |
|
unsigned char * |
|
asn1_encode_tag(unsigned char *data, const unsigned char *end_data, |
|
u32 tag, const unsigned char *string, int len) |
|
{ |
|
int data_len = end_data - data; |
|
int ret; |
|
|
|
if (WARN(tag > 30, "ASN.1 tag can't be > 30")) |
|
return ERR_PTR(-EINVAL); |
|
|
|
if (!string && WARN(len > 127, |
|
"BUG: recode tag is too big (>127)")) |
|
return ERR_PTR(-EINVAL); |
|
|
|
if (IS_ERR(data)) |
|
return data; |
|
|
|
if (!string && len > 0) { |
|
/* |
|
* we're recoding, so move back to the start of the |
|
* tag and install a dummy length because the real |
|
* data_len should be NULL |
|
*/ |
|
data -= 2; |
|
data_len = 2; |
|
} |
|
|
|
if (data_len < 2) |
|
return ERR_PTR(-EINVAL); |
|
|
|
*(data++) = _tagn(CONT, CONS, tag); |
|
data_len--; |
|
ret = asn1_encode_length(&data, &data_len, len); |
|
if (ret < 0) |
|
return ERR_PTR(ret); |
|
|
|
if (!string) |
|
return data; |
|
|
|
if (data_len < len) |
|
return ERR_PTR(-EINVAL); |
|
|
|
memcpy(data, string, len); |
|
data += len; |
|
|
|
return data; |
|
} |
|
EXPORT_SYMBOL_GPL(asn1_encode_tag); |
|
|
|
/** |
|
* asn1_encode_octet_string() - encode an ASN.1 OCTET STRING |
|
* @data: pointer to encode at |
|
* @end_data: end of data pointer, points one beyond last usable byte in @data |
|
* @string: string to be encoded |
|
* @len: length of string |
|
* |
|
* Note ASN.1 octet strings may contain zeros, so the length is obligatory. |
|
*/ |
|
unsigned char * |
|
asn1_encode_octet_string(unsigned char *data, |
|
const unsigned char *end_data, |
|
const unsigned char *string, u32 len) |
|
{ |
|
int data_len = end_data - data; |
|
int ret; |
|
|
|
if (IS_ERR(data)) |
|
return data; |
|
|
|
/* need minimum of 2 bytes for tag and length of zero length string */ |
|
if (data_len < 2) |
|
return ERR_PTR(-EINVAL); |
|
|
|
*(data++) = _tag(UNIV, PRIM, OTS); |
|
data_len--; |
|
|
|
ret = asn1_encode_length(&data, &data_len, len); |
|
if (ret) |
|
return ERR_PTR(ret); |
|
|
|
if (data_len < len) |
|
return ERR_PTR(-EINVAL); |
|
|
|
memcpy(data, string, len); |
|
data += len; |
|
|
|
return data; |
|
} |
|
EXPORT_SYMBOL_GPL(asn1_encode_octet_string); |
|
|
|
/** |
|
* asn1_encode_sequence() - wrap a byte stream in an ASN.1 SEQUENCE |
|
* @data: pointer to encode at |
|
* @end_data: end of data pointer, points one beyond last usable byte in @data |
|
* @seq: data to be encoded as a sequence |
|
* @len: length of the data to be encoded as a sequence |
|
* |
|
* Fill in a sequence. To encode in place, pass NULL for @seq and -1 |
|
* for @len; then call again once the length is known (still with NULL |
|
* for @seq). In order to avoid having to keep both before and after |
|
* pointers, the repeat expects to be called with @data pointing to |
|
* where the first encode placed it. |
|
*/ |
|
unsigned char * |
|
asn1_encode_sequence(unsigned char *data, const unsigned char *end_data, |
|
const unsigned char *seq, int len) |
|
{ |
|
int data_len = end_data - data; |
|
int ret; |
|
|
|
if (!seq && WARN(len > 127, |
|
"BUG: recode sequence is too big (>127)")) |
|
return ERR_PTR(-EINVAL); |
|
|
|
if (IS_ERR(data)) |
|
return data; |
|
|
|
if (!seq && len >= 0) { |
|
/* |
|
* we're recoding, so move back to the start of the |
|
* sequence and install a dummy length because the |
|
* real length should be NULL |
|
*/ |
|
data -= 2; |
|
data_len = 2; |
|
} |
|
|
|
if (data_len < 2) |
|
return ERR_PTR(-EINVAL); |
|
|
|
*(data++) = _tag(UNIV, CONS, SEQ); |
|
data_len--; |
|
|
|
ret = asn1_encode_length(&data, &data_len, len); |
|
if (ret) |
|
return ERR_PTR(ret); |
|
|
|
if (!seq) |
|
return data; |
|
|
|
if (data_len < len) |
|
return ERR_PTR(-EINVAL); |
|
|
|
memcpy(data, seq, len); |
|
data += len; |
|
|
|
return data; |
|
} |
|
EXPORT_SYMBOL_GPL(asn1_encode_sequence); |
|
|
|
/** |
|
* asn1_encode_boolean() - encode a boolean value to ASN.1 |
|
* @data: pointer to encode at |
|
* @end_data: end of data pointer, points one beyond last usable byte in @data |
|
* @val: the boolean true/false value |
|
*/ |
|
unsigned char * |
|
asn1_encode_boolean(unsigned char *data, const unsigned char *end_data, |
|
bool val) |
|
{ |
|
int data_len = end_data - data; |
|
|
|
if (IS_ERR(data)) |
|
return data; |
|
|
|
/* booleans are 3 bytes: tag, length == 1 and value == 0 or 1 */ |
|
if (data_len < 3) |
|
return ERR_PTR(-EINVAL); |
|
|
|
*(data++) = _tag(UNIV, PRIM, BOOL); |
|
data_len--; |
|
|
|
asn1_encode_length(&data, &data_len, 1); |
|
|
|
if (val) |
|
*(data++) = 1; |
|
else |
|
*(data++) = 0; |
|
|
|
return data; |
|
} |
|
EXPORT_SYMBOL_GPL(asn1_encode_boolean); |
|
|
|
MODULE_LICENSE("GPL");
|
|
|