2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 2001
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "../lib/util/asn1.h"
23 /* allocate an asn1 structure */
24 struct asn1_data *asn1_init(TALLOC_CTX *mem_ctx)
26 struct asn1_data *ret = talloc_zero(mem_ctx, struct asn1_data);
28 DEBUG(0,("asn1_init failed! out of memory\n"));
33 /* free an asn1 structure */
34 void asn1_free(struct asn1_data *data)
39 /* write to the ASN1 buffer, advancing the buffer pointer */
40 bool asn1_write(struct asn1_data *data, const void *p, int len)
42 if (data->has_error) return false;
43 if (data->length < data->ofs+len) {
45 newp = talloc_realloc(data, data->data, uint8_t, data->ofs+len);
47 data->has_error = true;
51 data->length = data->ofs+len;
53 memcpy(data->data + data->ofs, p, len);
58 /* useful fn for writing a uint8_t */
59 bool asn1_write_uint8(struct asn1_data *data, uint8_t v)
61 return asn1_write(data, &v, 1);
64 /* push a tag onto the asn1 data buffer. Used for nested structures */
65 bool asn1_push_tag(struct asn1_data *data, uint8_t tag)
67 struct nesting *nesting;
69 asn1_write_uint8(data, tag);
70 nesting = talloc(data, struct nesting);
72 data->has_error = true;
76 nesting->start = data->ofs;
77 nesting->next = data->nesting;
78 data->nesting = nesting;
79 return asn1_write_uint8(data, 0xff);
83 bool asn1_pop_tag(struct asn1_data *data)
85 struct nesting *nesting;
88 nesting = data->nesting;
91 data->has_error = true;
94 len = data->ofs - (nesting->start+1);
95 /* yes, this is ugly. We don't know in advance how many bytes the length
96 of a tag will take, so we assumed 1 byte. If we were wrong then we
97 need to correct our mistake */
99 data->data[nesting->start] = 0x84;
100 if (!asn1_write_uint8(data, 0)) return false;
101 if (!asn1_write_uint8(data, 0)) return false;
102 if (!asn1_write_uint8(data, 0)) return false;
103 if (!asn1_write_uint8(data, 0)) return false;
104 memmove(data->data+nesting->start+5, data->data+nesting->start+1, len);
105 data->data[nesting->start+1] = (len>>24) & 0xFF;
106 data->data[nesting->start+2] = (len>>16) & 0xFF;
107 data->data[nesting->start+3] = (len>>8) & 0xFF;
108 data->data[nesting->start+4] = len&0xff;
109 } else if (len > 0xFFFF) {
110 data->data[nesting->start] = 0x83;
111 if (!asn1_write_uint8(data, 0)) return false;
112 if (!asn1_write_uint8(data, 0)) return false;
113 if (!asn1_write_uint8(data, 0)) return false;
114 memmove(data->data+nesting->start+4, data->data+nesting->start+1, len);
115 data->data[nesting->start+1] = (len>>16) & 0xFF;
116 data->data[nesting->start+2] = (len>>8) & 0xFF;
117 data->data[nesting->start+3] = len&0xff;
118 } else if (len > 255) {
119 data->data[nesting->start] = 0x82;
120 if (!asn1_write_uint8(data, 0)) return false;
121 if (!asn1_write_uint8(data, 0)) return false;
122 memmove(data->data+nesting->start+3, data->data+nesting->start+1, len);
123 data->data[nesting->start+1] = len>>8;
124 data->data[nesting->start+2] = len&0xff;
125 } else if (len > 127) {
126 data->data[nesting->start] = 0x81;
127 if (!asn1_write_uint8(data, 0)) return false;
128 memmove(data->data+nesting->start+2, data->data+nesting->start+1, len);
129 data->data[nesting->start+1] = len;
131 data->data[nesting->start] = len;
134 data->nesting = nesting->next;
135 talloc_free(nesting);
139 /* "i" is the one's complement representation, as is the normal result of an
140 * implicit signed->unsigned conversion */
142 static bool push_int_bigendian(struct asn1_data *data, unsigned int i, bool negative)
144 uint8_t lowest = i & 0xFF;
148 if (!push_int_bigendian(data, i, negative))
151 if (data->nesting->start+1 == data->ofs) {
153 /* We did not write anything yet, looking at the highest
157 /* Don't write leading 0xff's */
161 if ((lowest & 0x80) == 0) {
162 /* The only exception for a leading 0xff is if
163 * the highest bit is 0, which would indicate
164 * a positive value */
165 if (!asn1_write_uint8(data, 0xff))
170 /* The highest bit of a positive integer is 1,
171 * this would indicate a negative number. Push
172 * a 0 to indicate a positive one */
173 if (!asn1_write_uint8(data, 0))
179 return asn1_write_uint8(data, lowest);
182 /* write an Integer without the tag framing. Needed for example for the LDAP
183 * Abandon Operation */
185 bool asn1_write_implicit_Integer(struct asn1_data *data, int i)
188 /* -1 is special as it consists of all-0xff bytes. In
189 push_int_bigendian this is the only case that is not
190 properly handled, as all 0xff bytes would be handled as
191 leading ones to be ignored. */
192 return asn1_write_uint8(data, 0xff);
194 return push_int_bigendian(data, i, i<0);
199 /* write an integer */
200 bool asn1_write_Integer(struct asn1_data *data, int i)
202 if (!asn1_push_tag(data, ASN1_INTEGER)) return false;
203 if (!asn1_write_implicit_Integer(data, i)) return false;
204 return asn1_pop_tag(data);
207 /* write a BIT STRING */
208 bool asn1_write_BitString(struct asn1_data *data, const void *p, size_t length, uint8_t padding)
210 if (!asn1_push_tag(data, ASN1_BIT_STRING)) return false;
211 if (!asn1_write_uint8(data, padding)) return false;
212 if (!asn1_write(data, p, length)) return false;
213 return asn1_pop_tag(data);
216 bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID)
219 const char *p = (const char *)OID;
223 if (!isdigit(*p)) return false;
224 v = strtoul(p, &newp, 10);
225 if (newp[0] != '.') return false;
228 if (!isdigit(*p)) return false;
229 v2 = strtoul(p, &newp, 10);
230 if (newp[0] != '.') return false;
233 /*the ber representation can't use more space then the string one */
234 *blob = data_blob_talloc(mem_ctx, NULL, strlen(OID));
235 if (!blob->data) return false;
237 blob->data[0] = 40*v + v2;
241 if (!isdigit(*p)) return false;
242 v = strtoul(p, &newp, 10);
243 if (newp[0] == '.') {
245 /* check for empty last component */
246 if (!*p) return false;
247 } else if (newp[0] == '\0') {
250 data_blob_free(blob);
253 if (v >= (1<<28)) blob->data[i++] = (0x80 | ((v>>28)&0x7f));
254 if (v >= (1<<21)) blob->data[i++] = (0x80 | ((v>>21)&0x7f));
255 if (v >= (1<<14)) blob->data[i++] = (0x80 | ((v>>14)&0x7f));
256 if (v >= (1<<7)) blob->data[i++] = (0x80 | ((v>>7)&0x7f));
257 blob->data[i++] = (v&0x7f);
266 * Serialize partial OID string.
267 * Partial OIDs are in the form:
271 bool ber_write_partial_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *partial_oid)
273 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
274 char *oid = talloc_strdup(tmp_ctx, partial_oid);
277 /* truncate partial part so ber_write_OID_String() works */
278 p = strchr(oid, ':');
284 if (!ber_write_OID_String(mem_ctx, blob, oid)) {
285 talloc_free(tmp_ctx);
289 /* Add partially encoded sub-identifier */
291 DATA_BLOB tmp_blob = strhex_to_data_blob(tmp_ctx, p);
292 if (!data_blob_append(mem_ctx, blob, tmp_blob.data,
294 talloc_free(tmp_ctx);
299 talloc_free(tmp_ctx);
304 /* write an object ID to a ASN1 buffer */
305 bool asn1_write_OID(struct asn1_data *data, const char *OID)
309 if (!asn1_push_tag(data, ASN1_OID)) return false;
311 if (!ber_write_OID_String(NULL, &blob, OID)) {
312 data->has_error = true;
316 if (!asn1_write(data, blob.data, blob.length)) {
317 data_blob_free(&blob);
318 data->has_error = true;
321 data_blob_free(&blob);
322 return asn1_pop_tag(data);
325 /* write an octet string */
326 bool asn1_write_OctetString(struct asn1_data *data, const void *p, size_t length)
328 asn1_push_tag(data, ASN1_OCTET_STRING);
329 asn1_write(data, p, length);
331 return !data->has_error;
334 /* write a LDAP string */
335 bool asn1_write_LDAPString(struct asn1_data *data, const char *s)
337 asn1_write(data, s, strlen(s));
338 return !data->has_error;
341 /* write a LDAP string from a DATA_BLOB */
342 bool asn1_write_DATA_BLOB_LDAPString(struct asn1_data *data, const DATA_BLOB *s)
344 asn1_write(data, s->data, s->length);
345 return !data->has_error;
348 /* write a general string */
349 bool asn1_write_GeneralString(struct asn1_data *data, const char *s)
351 asn1_push_tag(data, ASN1_GENERAL_STRING);
352 asn1_write_LDAPString(data, s);
354 return !data->has_error;
357 bool asn1_write_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob)
359 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(num));
360 asn1_write(data, blob->data, blob->length);
362 return !data->has_error;
365 /* write a BOOLEAN */
366 bool asn1_write_BOOLEAN(struct asn1_data *data, bool v)
368 asn1_push_tag(data, ASN1_BOOLEAN);
369 asn1_write_uint8(data, v ? 0xFF : 0);
371 return !data->has_error;
374 bool asn1_read_BOOLEAN(struct asn1_data *data, bool *v)
377 asn1_start_tag(data, ASN1_BOOLEAN);
378 asn1_read_uint8(data, &tmp);
385 return !data->has_error;
388 /* write a BOOLEAN in a simple context */
389 bool asn1_write_BOOLEAN_context(struct asn1_data *data, bool v, int context)
391 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(context));
392 asn1_write_uint8(data, v ? 0xFF : 0);
394 return !data->has_error;
397 bool asn1_read_BOOLEAN_context(struct asn1_data *data, bool *v, int context)
400 asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(context));
401 asn1_read_uint8(data, &tmp);
408 return !data->has_error;
411 /* check a BOOLEAN */
412 bool asn1_check_BOOLEAN(struct asn1_data *data, bool v)
416 asn1_read_uint8(data, &b);
417 if (b != ASN1_BOOLEAN) {
418 data->has_error = true;
421 asn1_read_uint8(data, &b);
423 data->has_error = true;
426 return !data->has_error;
430 /* load a struct asn1_data structure with a lump of data, ready to be parsed */
431 bool asn1_load(struct asn1_data *data, DATA_BLOB blob)
434 data->data = (uint8_t *)talloc_memdup(data, blob.data, blob.length);
436 data->has_error = true;
439 data->length = blob.length;
443 /* Peek into an ASN1 buffer, not advancing the pointer */
444 bool asn1_peek(struct asn1_data *data, void *p, int len)
449 if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len)
452 if (data->ofs + len > data->length) {
453 /* we need to mark the buffer as consumed, so the caller knows
454 this was an out of data error, and not a decode error */
455 data->ofs = data->length;
459 memcpy(p, data->data + data->ofs, len);
463 /* read from a ASN1 buffer, advancing the buffer pointer */
464 bool asn1_read(struct asn1_data *data, void *p, int len)
466 if (!asn1_peek(data, p, len)) {
467 data->has_error = true;
475 /* read a uint8_t from a ASN1 buffer */
476 bool asn1_read_uint8(struct asn1_data *data, uint8_t *v)
478 return asn1_read(data, v, 1);
481 bool asn1_peek_uint8(struct asn1_data *data, uint8_t *v)
483 return asn1_peek(data, v, 1);
486 bool asn1_peek_tag(struct asn1_data *data, uint8_t tag)
490 if (asn1_tag_remaining(data) <= 0) {
494 if (!asn1_peek_uint8(data, &b))
501 * just get the needed size the tag would consume
503 bool asn1_peek_tag_needed_size(struct asn1_data *data, uint8_t tag, size_t *size)
505 off_t start_ofs = data->ofs;
509 if (data->has_error) {
513 if (!asn1_read_uint8(data, &b)) {
514 data->ofs = start_ofs;
515 data->has_error = false;
520 data->ofs = start_ofs;
521 data->has_error = false;
525 if (!asn1_read_uint8(data, &b)) {
526 data->ofs = start_ofs;
527 data->has_error = false;
533 if (!asn1_read_uint8(data, &b)) {
534 data->ofs = start_ofs;
535 data->has_error = false;
540 * We should not allow more than 4 bytes
541 * for the encoding of the tag length.
543 * Otherwise we'd overflow the taglen
544 * variable on 32 bit systems.
546 data->ofs = start_ofs;
547 data->has_error = false;
552 if (!asn1_read_uint8(data, &b)) {
553 data->ofs = start_ofs;
554 data->has_error = false;
557 taglen = (taglen << 8) | b;
564 *size = (data->ofs - start_ofs) + taglen;
566 data->ofs = start_ofs;
567 data->has_error = false;
571 /* start reading a nested asn1 structure */
572 bool asn1_start_tag(struct asn1_data *data, uint8_t tag)
575 struct nesting *nesting;
577 if (!asn1_read_uint8(data, &b))
581 data->has_error = true;
584 nesting = talloc(data, struct nesting);
586 data->has_error = true;
590 if (!asn1_read_uint8(data, &b)) {
596 if (!asn1_read_uint8(data, &b))
600 if (!asn1_read_uint8(data, &b))
602 nesting->taglen = (nesting->taglen << 8) | b;
608 nesting->start = data->ofs;
609 nesting->next = data->nesting;
610 data->nesting = nesting;
611 if (asn1_tag_remaining(data) == -1) {
614 return !data->has_error;
617 /* stop reading a tag */
618 bool asn1_end_tag(struct asn1_data *data)
620 struct nesting *nesting;
622 /* make sure we read it all */
623 if (asn1_tag_remaining(data) != 0) {
624 data->has_error = true;
628 nesting = data->nesting;
631 data->has_error = true;
635 data->nesting = nesting->next;
636 talloc_free(nesting);
640 /* work out how many bytes are left in this nested tag */
641 int asn1_tag_remaining(struct asn1_data *data)
644 if (data->has_error) {
648 if (!data->nesting) {
649 data->has_error = true;
652 remaining = data->nesting->taglen - (data->ofs - data->nesting->start);
653 if (remaining > (data->length - data->ofs)) {
654 data->has_error = true;
661 * Internal implementation for reading binary OIDs
662 * Reading is done as far in the buffer as valid OID
663 * till buffer ends or not valid sub-identifier is found.
665 static bool _ber_read_OID_String_impl(TALLOC_CTX *mem_ctx, DATA_BLOB blob,
666 char **OID, size_t *bytes_eaten)
671 char *tmp_oid = NULL;
673 if (blob.length < 2) return false;
677 tmp_oid = talloc_asprintf(mem_ctx, "%u", b[0]/40);
678 if (!tmp_oid) goto nomem;
679 tmp_oid = talloc_asprintf_append_buffer(tmp_oid, ".%u", b[0]%40);
680 if (!tmp_oid) goto nomem;
682 if (bytes_eaten != NULL) {
686 for(i = 1, v = 0; i < blob.length; i++) {
687 v = (v<<7) | (b[i]&0x7f);
688 if ( ! (b[i] & 0x80)) {
689 tmp_oid = talloc_asprintf_append_buffer(tmp_oid, ".%u", v);
694 if (!tmp_oid) goto nomem;
704 /* read an object ID from a data blob */
705 bool ber_read_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB blob, char **OID)
709 if (!_ber_read_OID_String_impl(mem_ctx, blob, OID, &bytes_eaten))
712 return (bytes_eaten == blob.length);
716 * Deserialize partial OID string.
717 * Partial OIDs are in the form:
721 bool ber_read_partial_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB blob,
726 char *identifier = NULL;
727 char *tmp_oid = NULL;
729 if (!_ber_read_OID_String_impl(mem_ctx, blob, &tmp_oid, &bytes_eaten))
732 if (bytes_eaten < blob.length) {
733 bytes_left = blob.length - bytes_eaten;
734 identifier = hex_encode_talloc(mem_ctx, &blob.data[bytes_eaten], bytes_left);
735 if (!identifier) goto nomem;
737 *partial_oid = talloc_asprintf_append_buffer(tmp_oid, ":0x%s", identifier);
738 if (!*partial_oid) goto nomem;
739 TALLOC_FREE(identifier);
741 *partial_oid = tmp_oid;
747 TALLOC_FREE(identifier);
748 TALLOC_FREE(tmp_oid);
752 /* read an object ID from a ASN1 buffer */
753 bool asn1_read_OID(struct asn1_data *data, TALLOC_CTX *mem_ctx, char **OID)
758 if (!asn1_start_tag(data, ASN1_OID)) return false;
760 len = asn1_tag_remaining(data);
762 data->has_error = true;
766 blob = data_blob(NULL, len);
768 data->has_error = true;
772 asn1_read(data, blob.data, len);
774 if (data->has_error) {
775 data_blob_free(&blob);
779 if (!ber_read_OID_String(mem_ctx, blob, OID)) {
780 data->has_error = true;
781 data_blob_free(&blob);
785 data_blob_free(&blob);
789 /* check that the next object ID is correct */
790 bool asn1_check_OID(struct asn1_data *data, const char *OID)
794 if (!asn1_read_OID(data, data, &id)) return false;
796 if (strcmp(id, OID) != 0) {
798 data->has_error = true;
805 /* read a LDAPString from a ASN1 buffer */
806 bool asn1_read_LDAPString(struct asn1_data *data, TALLOC_CTX *mem_ctx, char **s)
809 len = asn1_tag_remaining(data);
811 data->has_error = true;
814 *s = talloc_array(mem_ctx, char, len+1);
816 data->has_error = true;
819 asn1_read(data, *s, len);
821 return !data->has_error;
825 /* read a GeneralString from a ASN1 buffer */
826 bool asn1_read_GeneralString(struct asn1_data *data, TALLOC_CTX *mem_ctx, char **s)
828 if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) return false;
829 if (!asn1_read_LDAPString(data, mem_ctx, s)) return false;
830 return asn1_end_tag(data);
834 /* read a octet string blob */
835 bool asn1_read_OctetString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB *blob)
839 if (!asn1_start_tag(data, ASN1_OCTET_STRING)) return false;
840 len = asn1_tag_remaining(data);
842 data->has_error = true;
845 *blob = data_blob_talloc(mem_ctx, NULL, len+1);
846 if (!blob->data || blob->length < len) {
847 data->has_error = true;
850 asn1_read(data, blob->data, len);
855 if (data->has_error) {
856 data_blob_free(blob);
857 *blob = data_blob_null;
863 bool asn1_read_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob)
867 if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(num))) return false;
868 len = asn1_tag_remaining(data);
870 data->has_error = true;
873 *blob = data_blob(NULL, len);
874 if ((len != 0) && (!blob->data)) {
875 data->has_error = true;
878 asn1_read(data, blob->data, len);
880 return !data->has_error;
883 /* read an integer without tag*/
884 bool asn1_read_implicit_Integer(struct asn1_data *data, int *i)
887 bool first_byte = true;
890 while (!data->has_error && asn1_tag_remaining(data)>0) {
891 if (!asn1_read_uint8(data, &b)) return false;
894 /* Number is negative.
895 Set i to -1 for sign extend. */
902 return !data->has_error;
906 /* read an integer */
907 bool asn1_read_Integer(struct asn1_data *data, int *i)
911 if (!asn1_start_tag(data, ASN1_INTEGER)) return false;
912 if (!asn1_read_implicit_Integer(data, i)) return false;
913 return asn1_end_tag(data);
916 /* read a BIT STRING */
917 bool asn1_read_BitString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB *blob, uint8_t *padding)
921 if (!asn1_start_tag(data, ASN1_BIT_STRING)) return false;
922 len = asn1_tag_remaining(data);
924 data->has_error = true;
927 if (!asn1_read_uint8(data, padding)) return false;
929 *blob = data_blob_talloc(mem_ctx, NULL, len+1);
930 if (!blob->data || blob->length < len) {
931 data->has_error = true;
934 if (asn1_read(data, blob->data, len - 1)) {
940 if (data->has_error) {
941 data_blob_free(blob);
942 *blob = data_blob_null;
949 /* read an integer */
950 bool asn1_read_enumerated(struct asn1_data *data, int *v)
954 if (!asn1_start_tag(data, ASN1_ENUMERATED)) return false;
955 while (!data->has_error && asn1_tag_remaining(data)>0) {
957 asn1_read_uint8(data, &b);
960 return asn1_end_tag(data);
963 /* check a enumerated value is correct */
964 bool asn1_check_enumerated(struct asn1_data *data, int v)
967 if (!asn1_start_tag(data, ASN1_ENUMERATED)) return false;
968 asn1_read_uint8(data, &b);
972 data->has_error = false;
974 return !data->has_error;
977 /* write an enumerated value to the stream */
978 bool asn1_write_enumerated(struct asn1_data *data, uint8_t v)
980 if (!asn1_push_tag(data, ASN1_ENUMERATED)) return false;
981 asn1_write_uint8(data, v);
983 return !data->has_error;
987 Get us the data just written without copying
989 bool asn1_blob(const struct asn1_data *asn1, DATA_BLOB *blob)
991 if (asn1->has_error) {
994 if (asn1->nesting != NULL) {
997 blob->data = asn1->data;
998 blob->length = asn1->length;
1003 Fill in an asn1 struct without making a copy
1005 void asn1_load_nocopy(struct asn1_data *data, uint8_t *buf, size_t len)
1013 check if a ASN.1 blob is a full tag
1015 NTSTATUS asn1_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size)
1017 struct asn1_data *asn1 = asn1_init(NULL);
1020 NT_STATUS_HAVE_NO_MEMORY(asn1);
1022 asn1->data = blob.data;
1023 asn1->length = blob.length;
1024 asn1_start_tag(asn1, tag);
1025 if (asn1->has_error) {
1027 return STATUS_MORE_ENTRIES;
1029 size = asn1_tag_remaining(asn1) + asn1->ofs;
1033 if (size > blob.length) {
1034 return STATUS_MORE_ENTRIES;
1037 *packet_size = size;
1038 return NT_STATUS_OK;
1041 NTSTATUS asn1_peek_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size)
1043 struct asn1_data asn1;
1048 asn1.data = blob.data;
1049 asn1.length = blob.length;
1051 ok = asn1_peek_tag_needed_size(&asn1, tag, &size);
1053 return NT_STATUS_INVALID_BUFFER_SIZE;
1056 if (size > blob.length) {
1057 *packet_size = size;
1058 return STATUS_MORE_ENTRIES;
1061 *packet_size = size;
1062 return NT_STATUS_OK;
git.samba.org / mat / samba.git / blob