]>
Commit | Line | Data |
---|---|---|
1d39620b RL |
1 | /* |
2 | * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <stdlib.h> | |
11 | #include <string.h> | |
12 | #include "internal/cryptlib.h" | |
13 | #include "internal/der.h" | |
14 | #include "crypto/bn.h" | |
15 | ||
16 | static int int_start_context(WPACKET *pkt, int tag) | |
17 | { | |
18 | if (tag < 0) | |
19 | return 1; | |
20 | if (!ossl_assert(tag <= 30)) | |
21 | return 0; | |
22 | return WPACKET_start_sub_packet(pkt); | |
23 | } | |
24 | ||
25 | static int int_end_context(WPACKET *pkt, int tag) | |
26 | { | |
2275ff65 RL |
27 | /* |
28 | * If someone set the flag WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH on this | |
29 | * sub-packet and this sub-packet has nothing written to it, the DER length | |
30 | * will not be written, and the total written size will be unchanged before | |
31 | * and after WPACKET_close(). We use size1 and size2 to determine if | |
32 | * anything was written, and only write our tag if it has. | |
33 | * | |
34 | */ | |
35 | size_t size1, size2; | |
36 | ||
1d39620b RL |
37 | if (tag < 0) |
38 | return 1; | |
39 | if (!ossl_assert(tag <= 30)) | |
40 | return 0; | |
6c6b20d5 RL |
41 | |
42 | /* Context specific are normally (?) constructed */ | |
43 | tag |= DER_F_CONSTRUCTED | DER_C_CONTEXT; | |
44 | ||
2275ff65 RL |
45 | return WPACKET_get_total_written(pkt, &size1) |
46 | && WPACKET_close(pkt) | |
47 | && WPACKET_get_total_written(pkt, &size2) | |
6c6b20d5 | 48 | && (size1 == size2 || WPACKET_put_bytes_u8(pkt, tag)); |
1d39620b RL |
49 | } |
50 | ||
51 | int DER_w_precompiled(WPACKET *pkt, int tag, | |
52 | const unsigned char *precompiled, size_t precompiled_n) | |
53 | { | |
54 | return int_start_context(pkt, tag) | |
55 | && WPACKET_memcpy(pkt, precompiled, precompiled_n) | |
56 | && int_end_context(pkt, tag); | |
57 | } | |
58 | ||
59 | int DER_w_boolean(WPACKET *pkt, int tag, int b) | |
60 | { | |
61 | return int_start_context(pkt, tag) | |
62 | && WPACKET_start_sub_packet(pkt) | |
63 | && (!b || WPACKET_put_bytes_u8(pkt, 0xFF)) | |
64 | && !WPACKET_close(pkt) | |
65 | && !WPACKET_put_bytes_u8(pkt, DER_P_BOOLEAN) | |
66 | && int_end_context(pkt, tag); | |
67 | } | |
68 | ||
e5b2cd58 SL |
69 | int DER_w_octet_string(WPACKET *pkt, int tag, |
70 | const unsigned char *data, size_t data_n) | |
71 | { | |
72 | return int_start_context(pkt, tag) | |
73 | && WPACKET_start_sub_packet(pkt) | |
74 | && WPACKET_memcpy(pkt, data, data_n) | |
75 | && WPACKET_close(pkt) | |
76 | && WPACKET_put_bytes_u8(pkt, DER_P_OCTET_STRING) | |
77 | && int_end_context(pkt, tag); | |
78 | } | |
79 | ||
80 | int DER_w_octet_string_uint32(WPACKET *pkt, int tag, uint32_t value) | |
81 | { | |
82 | unsigned char tmp[4] = { 0, 0, 0, 0 }; | |
83 | unsigned char *pbuf = tmp + (sizeof(tmp) - 1); | |
84 | ||
85 | while (value > 0) { | |
86 | *pbuf-- = (value & 0xFF); | |
87 | value >>= 8; | |
88 | } | |
89 | return DER_w_octet_string(pkt, tag, tmp, sizeof(tmp)); | |
90 | } | |
91 | ||
1d39620b RL |
92 | static int int_der_w_integer(WPACKET *pkt, int tag, |
93 | int (*put_bytes)(WPACKET *pkt, const void *v, | |
94 | unsigned int *top_byte), | |
95 | const void *v) | |
96 | { | |
97 | unsigned int top_byte = 0; | |
98 | ||
99 | return int_start_context(pkt, tag) | |
100 | && WPACKET_start_sub_packet(pkt) | |
101 | && put_bytes(pkt, v, &top_byte) | |
102 | && ((top_byte & 0x80) == 0 || WPACKET_put_bytes_u8(pkt, 0)) | |
103 | && WPACKET_close(pkt) | |
104 | && WPACKET_put_bytes_u8(pkt, DER_P_INTEGER) | |
105 | && int_end_context(pkt, tag); | |
106 | } | |
107 | ||
108 | static int int_put_bytes_ulong(WPACKET *pkt, const void *v, | |
109 | unsigned int *top_byte) | |
110 | { | |
111 | const unsigned long *value = v; | |
112 | unsigned long tmp = *value; | |
113 | size_t n = 0; | |
114 | ||
115 | while (tmp != 0) { | |
116 | n++; | |
117 | *top_byte = (tmp & 0xFF); | |
118 | tmp >>= 8; | |
119 | } | |
120 | if (n == 0) | |
121 | n = 1; | |
122 | ||
123 | return WPACKET_put_bytes__(pkt, *value, n); | |
124 | } | |
125 | ||
126 | /* For integers, we only support unsigned values for now */ | |
127 | int DER_w_ulong(WPACKET *pkt, int tag, unsigned long v) | |
128 | { | |
129 | return int_der_w_integer(pkt, tag, int_put_bytes_ulong, &v); | |
130 | } | |
131 | ||
132 | static int int_put_bytes_bn(WPACKET *pkt, const void *v, | |
133 | unsigned int *top_byte) | |
134 | { | |
135 | unsigned char *p = NULL; | |
136 | size_t n = BN_num_bytes(v); | |
137 | ||
138 | /* The BIGNUM limbs are in LE order */ | |
139 | *top_byte = | |
140 | ((bn_get_words(v) [(n - 1) / BN_BYTES]) >> (8 * ((n - 1) % BN_BYTES))) | |
141 | & 0xFF; | |
142 | ||
143 | if (!WPACKET_allocate_bytes(pkt, n, &p)) | |
144 | return 0; | |
145 | if (p != NULL) | |
146 | BN_bn2bin(v, p); | |
147 | return 1; | |
148 | } | |
149 | ||
150 | int DER_w_bn(WPACKET *pkt, int tag, const BIGNUM *v) | |
151 | { | |
152 | if (v == NULL || BN_is_negative(v)) | |
153 | return 0; | |
154 | if (BN_is_zero(v)) | |
155 | return DER_w_ulong(pkt, tag, 0); | |
156 | ||
157 | return int_der_w_integer(pkt, tag, int_put_bytes_bn, v); | |
158 | } | |
159 | ||
160 | int DER_w_null(WPACKET *pkt, int tag) | |
161 | { | |
162 | return int_start_context(pkt, tag) | |
163 | && WPACKET_start_sub_packet(pkt) | |
164 | && WPACKET_close(pkt) | |
165 | && WPACKET_put_bytes_u8(pkt, DER_P_NULL) | |
166 | && int_end_context(pkt, tag); | |
167 | } | |
168 | ||
169 | /* Constructed things need a start and an end */ | |
170 | int DER_w_begin_sequence(WPACKET *pkt, int tag) | |
171 | { | |
172 | return int_start_context(pkt, tag) | |
173 | && WPACKET_start_sub_packet(pkt); | |
174 | } | |
175 | ||
176 | int DER_w_end_sequence(WPACKET *pkt, int tag) | |
177 | { | |
2275ff65 RL |
178 | /* |
179 | * If someone set the flag WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH on this | |
180 | * sub-packet and this sub-packet has nothing written to it, the DER length | |
181 | * will not be written, and the total written size will be unchanged before | |
182 | * and after WPACKET_close(). We use size1 and size2 to determine if | |
183 | * anything was written, and only write our tag if it has. | |
184 | * | |
185 | * Because we know that int_end_context() needs to do the same check, | |
186 | * we reproduce this flag if the written length was unchanged, or we will | |
187 | * have an erroneous context tag. | |
188 | */ | |
189 | size_t size1, size2; | |
190 | ||
191 | return WPACKET_get_total_written(pkt, &size1) | |
192 | && WPACKET_close(pkt) | |
193 | && WPACKET_get_total_written(pkt, &size2) | |
194 | && (size1 == size2 | |
195 | ? WPACKET_set_flags(pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) | |
196 | : WPACKET_put_bytes_u8(pkt, DER_F_CONSTRUCTED | DER_P_SEQUENCE)) | |
1d39620b RL |
197 | && int_end_context(pkt, tag); |
198 | } |