]>
Commit | Line | Data |
---|---|---|
1d39620b RL |
1 | /* |
2 | * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <stdlib.h> | |
11 | #include <string.h> | |
12 | #include "internal/cryptlib.h" | |
13 | #include "internal/der.h" | |
14 | #include "crypto/bn.h" | |
15 | ||
16 | static int int_start_context(WPACKET *pkt, int tag) | |
17 | { | |
18 | if (tag < 0) | |
19 | return 1; | |
20 | if (!ossl_assert(tag <= 30)) | |
21 | return 0; | |
22 | return WPACKET_start_sub_packet(pkt); | |
23 | } | |
24 | ||
25 | static int int_end_context(WPACKET *pkt, int tag) | |
26 | { | |
2275ff65 RL |
27 | /* |
28 | * If someone set the flag WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH on this | |
29 | * sub-packet and this sub-packet has nothing written to it, the DER length | |
30 | * will not be written, and the total written size will be unchanged before | |
31 | * and after WPACKET_close(). We use size1 and size2 to determine if | |
32 | * anything was written, and only write our tag if it has. | |
33 | * | |
34 | */ | |
35 | size_t size1, size2; | |
36 | ||
1d39620b RL |
37 | if (tag < 0) |
38 | return 1; | |
39 | if (!ossl_assert(tag <= 30)) | |
40 | return 0; | |
2275ff65 RL |
41 | return WPACKET_get_total_written(pkt, &size1) |
42 | && WPACKET_close(pkt) | |
43 | && WPACKET_get_total_written(pkt, &size2) | |
44 | && (size1 == size2 || WPACKET_put_bytes_u8(pkt, DER_C_CONTEXT | tag)); | |
1d39620b RL |
45 | } |
46 | ||
47 | int DER_w_precompiled(WPACKET *pkt, int tag, | |
48 | const unsigned char *precompiled, size_t precompiled_n) | |
49 | { | |
50 | return int_start_context(pkt, tag) | |
51 | && WPACKET_memcpy(pkt, precompiled, precompiled_n) | |
52 | && int_end_context(pkt, tag); | |
53 | } | |
54 | ||
55 | int DER_w_boolean(WPACKET *pkt, int tag, int b) | |
56 | { | |
57 | return int_start_context(pkt, tag) | |
58 | && WPACKET_start_sub_packet(pkt) | |
59 | && (!b || WPACKET_put_bytes_u8(pkt, 0xFF)) | |
60 | && !WPACKET_close(pkt) | |
61 | && !WPACKET_put_bytes_u8(pkt, DER_P_BOOLEAN) | |
62 | && int_end_context(pkt, tag); | |
63 | } | |
64 | ||
65 | static int int_der_w_integer(WPACKET *pkt, int tag, | |
66 | int (*put_bytes)(WPACKET *pkt, const void *v, | |
67 | unsigned int *top_byte), | |
68 | const void *v) | |
69 | { | |
70 | unsigned int top_byte = 0; | |
71 | ||
72 | return int_start_context(pkt, tag) | |
73 | && WPACKET_start_sub_packet(pkt) | |
74 | && put_bytes(pkt, v, &top_byte) | |
75 | && ((top_byte & 0x80) == 0 || WPACKET_put_bytes_u8(pkt, 0)) | |
76 | && WPACKET_close(pkt) | |
77 | && WPACKET_put_bytes_u8(pkt, DER_P_INTEGER) | |
78 | && int_end_context(pkt, tag); | |
79 | } | |
80 | ||
81 | static int int_put_bytes_ulong(WPACKET *pkt, const void *v, | |
82 | unsigned int *top_byte) | |
83 | { | |
84 | const unsigned long *value = v; | |
85 | unsigned long tmp = *value; | |
86 | size_t n = 0; | |
87 | ||
88 | while (tmp != 0) { | |
89 | n++; | |
90 | *top_byte = (tmp & 0xFF); | |
91 | tmp >>= 8; | |
92 | } | |
93 | if (n == 0) | |
94 | n = 1; | |
95 | ||
96 | return WPACKET_put_bytes__(pkt, *value, n); | |
97 | } | |
98 | ||
99 | /* For integers, we only support unsigned values for now */ | |
100 | int DER_w_ulong(WPACKET *pkt, int tag, unsigned long v) | |
101 | { | |
102 | return int_der_w_integer(pkt, tag, int_put_bytes_ulong, &v); | |
103 | } | |
104 | ||
105 | static int int_put_bytes_bn(WPACKET *pkt, const void *v, | |
106 | unsigned int *top_byte) | |
107 | { | |
108 | unsigned char *p = NULL; | |
109 | size_t n = BN_num_bytes(v); | |
110 | ||
111 | /* The BIGNUM limbs are in LE order */ | |
112 | *top_byte = | |
113 | ((bn_get_words(v) [(n - 1) / BN_BYTES]) >> (8 * ((n - 1) % BN_BYTES))) | |
114 | & 0xFF; | |
115 | ||
116 | if (!WPACKET_allocate_bytes(pkt, n, &p)) | |
117 | return 0; | |
118 | if (p != NULL) | |
119 | BN_bn2bin(v, p); | |
120 | return 1; | |
121 | } | |
122 | ||
123 | int DER_w_bn(WPACKET *pkt, int tag, const BIGNUM *v) | |
124 | { | |
125 | if (v == NULL || BN_is_negative(v)) | |
126 | return 0; | |
127 | if (BN_is_zero(v)) | |
128 | return DER_w_ulong(pkt, tag, 0); | |
129 | ||
130 | return int_der_w_integer(pkt, tag, int_put_bytes_bn, v); | |
131 | } | |
132 | ||
133 | int DER_w_null(WPACKET *pkt, int tag) | |
134 | { | |
135 | return int_start_context(pkt, tag) | |
136 | && WPACKET_start_sub_packet(pkt) | |
137 | && WPACKET_close(pkt) | |
138 | && WPACKET_put_bytes_u8(pkt, DER_P_NULL) | |
139 | && int_end_context(pkt, tag); | |
140 | } | |
141 | ||
142 | /* Constructed things need a start and an end */ | |
143 | int DER_w_begin_sequence(WPACKET *pkt, int tag) | |
144 | { | |
145 | return int_start_context(pkt, tag) | |
146 | && WPACKET_start_sub_packet(pkt); | |
147 | } | |
148 | ||
149 | int DER_w_end_sequence(WPACKET *pkt, int tag) | |
150 | { | |
2275ff65 RL |
151 | /* |
152 | * If someone set the flag WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH on this | |
153 | * sub-packet and this sub-packet has nothing written to it, the DER length | |
154 | * will not be written, and the total written size will be unchanged before | |
155 | * and after WPACKET_close(). We use size1 and size2 to determine if | |
156 | * anything was written, and only write our tag if it has. | |
157 | * | |
158 | * Because we know that int_end_context() needs to do the same check, | |
159 | * we reproduce this flag if the written length was unchanged, or we will | |
160 | * have an erroneous context tag. | |
161 | */ | |
162 | size_t size1, size2; | |
163 | ||
164 | return WPACKET_get_total_written(pkt, &size1) | |
165 | && WPACKET_close(pkt) | |
166 | && WPACKET_get_total_written(pkt, &size2) | |
167 | && (size1 == size2 | |
168 | ? WPACKET_set_flags(pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) | |
169 | : WPACKET_put_bytes_u8(pkt, DER_F_CONSTRUCTED | DER_P_SEQUENCE)) | |
1d39620b RL |
170 | && int_end_context(pkt, tag); |
171 | } |