2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 2001
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
25 #include "data_blob.h"
28 /* allocate an asn1 structure */
29 struct asn1_data *asn1_init(TALLOC_CTX *mem_ctx)
31 struct asn1_data *ret = talloc_zero(mem_ctx, struct asn1_data);
35 /* free an asn1 structure */
36 void asn1_free(struct asn1_data *data)
41 /* write to the ASN1 buffer, advancing the buffer pointer */
42 bool asn1_write(struct asn1_data *data, const void *p, int len)
44 if (data->has_error) return false;
45 if (data->length < data->ofs+len) {
47 newp = talloc_realloc(data, data->data, uint8_t, data->ofs+len);
50 data->has_error = true;
54 data->length = data->ofs+len;
56 memcpy(data->data + data->ofs, p, len);
61 /* useful fn for writing a uint8_t */
62 bool asn1_write_uint8(struct asn1_data *data, uint8_t v)
64 return asn1_write(data, &v, 1);
67 /* push a tag onto the asn1 data buffer. Used for nested structures */
68 bool asn1_push_tag(struct asn1_data *data, uint8_t tag)
70 struct nesting *nesting;
72 asn1_write_uint8(data, tag);
73 nesting = talloc(data, struct nesting);
75 data->has_error = true;
79 nesting->start = data->ofs;
80 nesting->next = data->nesting;
81 data->nesting = nesting;
82 return asn1_write_uint8(data, 0xff);
86 bool asn1_pop_tag(struct asn1_data *data)
88 struct nesting *nesting;
91 nesting = data->nesting;
94 data->has_error = true;
97 len = data->ofs - (nesting->start+1);
98 /* yes, this is ugly. We don't know in advance how many bytes the length
99 of a tag will take, so we assumed 1 byte. If we were wrong then we
100 need to correct our mistake */
101 if (len > 0xFFFFFF) {
102 data->data[nesting->start] = 0x84;
103 if (!asn1_write_uint8(data, 0)) return false;
104 if (!asn1_write_uint8(data, 0)) return false;
105 if (!asn1_write_uint8(data, 0)) return false;
106 if (!asn1_write_uint8(data, 0)) return false;
107 memmove(data->data+nesting->start+5, data->data+nesting->start+1, len);
108 data->data[nesting->start+1] = (len>>24) & 0xFF;
109 data->data[nesting->start+2] = (len>>16) & 0xFF;
110 data->data[nesting->start+3] = (len>>8) & 0xFF;
111 data->data[nesting->start+4] = len&0xff;
112 } else if (len > 0xFFFF) {
113 data->data[nesting->start] = 0x83;
114 if (!asn1_write_uint8(data, 0)) return false;
115 if (!asn1_write_uint8(data, 0)) return false;
116 if (!asn1_write_uint8(data, 0)) return false;
117 memmove(data->data+nesting->start+4, data->data+nesting->start+1, len);
118 data->data[nesting->start+1] = (len>>16) & 0xFF;
119 data->data[nesting->start+2] = (len>>8) & 0xFF;
120 data->data[nesting->start+3] = len&0xff;
121 } else if (len > 255) {
122 data->data[nesting->start] = 0x82;
123 if (!asn1_write_uint8(data, 0)) return false;
124 if (!asn1_write_uint8(data, 0)) return false;
125 memmove(data->data+nesting->start+3, data->data+nesting->start+1, len);
126 data->data[nesting->start+1] = len>>8;
127 data->data[nesting->start+2] = len&0xff;
128 } else if (len > 127) {
129 data->data[nesting->start] = 0x81;
130 if (!asn1_write_uint8(data, 0)) return false;
131 memmove(data->data+nesting->start+2, data->data+nesting->start+1, len);
132 data->data[nesting->start+1] = len;
134 data->data[nesting->start] = len;
137 data->nesting = nesting->next;
138 talloc_free(nesting);
142 /* "i" is the one's complement representation, as is the normal result of an
143 * implicit signed->unsigned conversion */
145 static bool push_int_bigendian(struct asn1_data *data, unsigned int i, bool negative)
147 uint8_t lowest = i & 0xFF;
151 if (!push_int_bigendian(data, i, negative))
154 if (data->nesting->start+1 == data->ofs) {
156 /* We did not write anything yet, looking at the highest
160 /* Don't write leading 0xff's */
164 if ((lowest & 0x80) == 0) {
165 /* The only exception for a leading 0xff is if
166 * the highest bit is 0, which would indicate
167 * a positive value */
168 if (!asn1_write_uint8(data, 0xff))
173 /* The highest bit of a positive integer is 1,
174 * this would indicate a negative number. Push
175 * a 0 to indicate a positive one */
176 if (!asn1_write_uint8(data, 0))
182 return asn1_write_uint8(data, lowest);
185 /* write an Integer without the tag framing. Needed for example for the LDAP
186 * Abandon Operation */
188 bool asn1_write_implicit_Integer(struct asn1_data *data, int i)
191 /* -1 is special as it consists of all-0xff bytes. In
192 push_int_bigendian this is the only case that is not
193 properly handled, as all 0xff bytes would be handled as
194 leading ones to be ignored. */
195 return asn1_write_uint8(data, 0xff);
197 return push_int_bigendian(data, i, i<0);
202 /* write an integer */
203 bool asn1_write_Integer(struct asn1_data *data, int i)
205 if (!asn1_push_tag(data, ASN1_INTEGER)) return false;
206 if (!asn1_write_implicit_Integer(data, i)) return false;
207 return asn1_pop_tag(data);
210 /* write a BIT STRING */
211 bool asn1_write_BitString(struct asn1_data *data, const void *p, size_t length, uint8_t padding)
213 if (!asn1_push_tag(data, ASN1_BIT_STRING)) return false;
214 if (!asn1_write_uint8(data, padding)) return false;
215 if (!asn1_write(data, p, length)) return false;
216 return asn1_pop_tag(data);
219 bool ber_write_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const char *OID)
222 const char *p = (const char *)OID;
226 v = strtoul(p, &newp, 10);
227 if (newp[0] != '.') return false;
230 v2 = strtoul(p, &newp, 10);
231 if (newp[0] != '.') return false;
234 /*the ber representation can't use more space then the string one */
235 *blob = data_blob_talloc(mem_ctx, NULL, strlen(OID));
236 if (!blob->data) return false;
238 blob->data[0] = 40*v + v2;
242 v = strtoul(p, &newp, 10);
243 if (newp[0] == '.') {
245 } else if (newp[0] == '\0') {
248 data_blob_free(blob);
251 if (v >= (1<<28)) blob->data[i++] = (0x80 | ((v>>28)&0x7f));
252 if (v >= (1<<21)) blob->data[i++] = (0x80 | ((v>>21)&0x7f));
253 if (v >= (1<<14)) blob->data[i++] = (0x80 | ((v>>14)&0x7f));
254 if (v >= (1<<7)) blob->data[i++] = (0x80 | ((v>>7)&0x7f));
255 blob->data[i++] = (v&0x7f);
263 /* write an object ID to a ASN1 buffer */
264 bool asn1_write_OID(struct asn1_data *data, const char *OID)
268 if (!asn1_push_tag(data, ASN1_OID)) return false;
270 if (!ber_write_OID_String(NULL, &blob, OID)) {
271 data->has_error = true;
275 if (!asn1_write(data, blob.data, blob.length)) {
276 data_blob_free(&blob);
277 data->has_error = true;
280 data_blob_free(&blob);
281 return asn1_pop_tag(data);
284 /* write an octet string */
285 bool asn1_write_OctetString(struct asn1_data *data, const void *p, size_t length)
287 asn1_push_tag(data, ASN1_OCTET_STRING);
288 asn1_write(data, p, length);
290 return !data->has_error;
293 /* write a LDAP string */
294 bool asn1_write_LDAPString(struct asn1_data *data, const char *s)
296 asn1_write(data, s, strlen(s));
297 return !data->has_error;
300 /* write a LDAP string from a DATA_BLOB */
301 bool asn1_write_DATA_BLOB_LDAPString(struct asn1_data *data, const DATA_BLOB *s)
303 asn1_write(data, s->data, s->length);
304 return !data->has_error;
307 /* write a general string */
308 bool asn1_write_GeneralString(struct asn1_data *data, const char *s)
310 asn1_push_tag(data, ASN1_GENERAL_STRING);
311 asn1_write_LDAPString(data, s);
313 return !data->has_error;
316 bool asn1_write_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob)
318 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(num));
319 asn1_write(data, blob->data, blob->length);
321 return !data->has_error;
324 /* write a BOOLEAN */
325 bool asn1_write_BOOLEAN(struct asn1_data *data, bool v)
327 asn1_push_tag(data, ASN1_BOOLEAN);
328 asn1_write_uint8(data, v ? 0xFF : 0);
330 return !data->has_error;
333 bool asn1_read_BOOLEAN(struct asn1_data *data, bool *v)
336 asn1_start_tag(data, ASN1_BOOLEAN);
337 asn1_read_uint8(data, &tmp);
344 return !data->has_error;
347 /* write a BOOLEAN in a simple context */
348 bool asn1_write_BOOLEAN_context(struct asn1_data *data, bool v, int context)
350 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(context));
351 asn1_write_uint8(data, v ? 0xFF : 0);
353 return !data->has_error;
356 bool asn1_read_BOOLEAN_context(struct asn1_data *data, bool *v, int context)
359 asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(context));
360 asn1_read_uint8(data, &tmp);
367 return !data->has_error;
370 /* check a BOOLEAN */
371 bool asn1_check_BOOLEAN(struct asn1_data *data, bool v)
375 asn1_read_uint8(data, &b);
376 if (b != ASN1_BOOLEAN) {
377 data->has_error = true;
380 asn1_read_uint8(data, &b);
382 data->has_error = true;
385 return !data->has_error;
389 /* load a struct asn1_data structure with a lump of data, ready to be parsed */
390 bool asn1_load(struct asn1_data *data, DATA_BLOB blob)
393 data->data = (uint8_t *)talloc_memdup(data, blob.data, blob.length);
395 data->has_error = true;
398 data->length = blob.length;
402 /* Peek into an ASN1 buffer, not advancing the pointer */
403 bool asn1_peek(struct asn1_data *data, void *p, int len)
408 if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len)
411 if (data->ofs + len > data->length) {
412 /* we need to mark the buffer as consumed, so the caller knows
413 this was an out of data error, and not a decode error */
414 data->ofs = data->length;
418 memcpy(p, data->data + data->ofs, len);
422 /* read from a ASN1 buffer, advancing the buffer pointer */
423 bool asn1_read(struct asn1_data *data, void *p, int len)
425 if (!asn1_peek(data, p, len)) {
426 data->has_error = true;
434 /* read a uint8_t from a ASN1 buffer */
435 bool asn1_read_uint8(struct asn1_data *data, uint8_t *v)
437 return asn1_read(data, v, 1);
440 bool asn1_peek_uint8(struct asn1_data *data, uint8_t *v)
442 return asn1_peek(data, v, 1);
445 bool asn1_peek_tag(struct asn1_data *data, uint8_t tag)
449 if (asn1_tag_remaining(data) <= 0) {
453 if (!asn1_peek_uint8(data, &b))
459 /* start reading a nested asn1 structure */
460 bool asn1_start_tag(struct asn1_data *data, uint8_t tag)
463 struct nesting *nesting;
465 if (!asn1_read_uint8(data, &b))
469 data->has_error = true;
472 nesting = talloc(data, struct nesting);
474 data->has_error = true;
478 if (!asn1_read_uint8(data, &b)) {
484 if (!asn1_read_uint8(data, &b))
488 if (!asn1_read_uint8(data, &b))
490 nesting->taglen = (nesting->taglen << 8) | b;
496 nesting->start = data->ofs;
497 nesting->next = data->nesting;
498 data->nesting = nesting;
499 if (asn1_tag_remaining(data) == -1) {
502 return !data->has_error;
505 /* stop reading a tag */
506 bool asn1_end_tag(struct asn1_data *data)
508 struct nesting *nesting;
510 /* make sure we read it all */
511 if (asn1_tag_remaining(data) != 0) {
512 data->has_error = true;
516 nesting = data->nesting;
519 data->has_error = true;
523 data->nesting = nesting->next;
524 talloc_free(nesting);
528 /* work out how many bytes are left in this nested tag */
529 int asn1_tag_remaining(struct asn1_data *data)
532 if (data->has_error) {
536 if (!data->nesting) {
537 data->has_error = true;
540 remaining = data->nesting->taglen - (data->ofs - data->nesting->start);
541 if (remaining > (data->length - data->ofs)) {
542 data->has_error = true;
549 * Internal implementation for reading binary OIDs
550 * Reading is done as far in the buffer as valid OID
551 * till buffer ends or not valid sub-identifier is found.
553 static bool _ber_read_OID_String_impl(TALLOC_CTX *mem_ctx, DATA_BLOB blob,
554 const char **OID, size_t *bytes_eaten)
559 char *tmp_oid = NULL;
561 if (blob.length < 2) return false;
565 tmp_oid = talloc_asprintf(mem_ctx, "%u", b[0]/40);
566 if (!tmp_oid) goto nomem;
567 tmp_oid = talloc_asprintf_append_buffer(tmp_oid, ".%u", b[0]%40);
568 if (!tmp_oid) goto nomem;
570 for(i = 1, v = 0; i < blob.length; i++) {
571 v = (v<<7) | (b[i]&0x7f);
572 if ( ! (b[i] & 0x80)) {
573 tmp_oid = talloc_asprintf_append_buffer(tmp_oid, ".%u", v);
578 if (!tmp_oid) goto nomem;
588 /* read an object ID from a data blob */
589 bool ber_read_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB blob, const char **OID)
591 size_t bytes_eaten = 0;
593 if (!_ber_read_OID_String_impl(mem_ctx, blob, OID, &bytes_eaten))
596 return (bytes_eaten == blob.length);
599 /* read an object ID from a ASN1 buffer */
600 bool asn1_read_OID(struct asn1_data *data, TALLOC_CTX *mem_ctx, const char **OID)
605 if (!asn1_start_tag(data, ASN1_OID)) return false;
607 len = asn1_tag_remaining(data);
609 data->has_error = true;
613 blob = data_blob(NULL, len);
615 data->has_error = true;
619 asn1_read(data, blob.data, len);
621 if (data->has_error) {
622 data_blob_free(&blob);
626 if (!ber_read_OID_String(mem_ctx, blob, OID)) {
627 data->has_error = true;
628 data_blob_free(&blob);
632 data_blob_free(&blob);
636 /* check that the next object ID is correct */
637 bool asn1_check_OID(struct asn1_data *data, const char *OID)
641 if (!asn1_read_OID(data, data, &id)) return false;
643 if (strcmp(id, OID) != 0) {
644 talloc_free(discard_const(id));
645 data->has_error = true;
648 talloc_free(discard_const(id));
652 /* read a LDAPString from a ASN1 buffer */
653 bool asn1_read_LDAPString(struct asn1_data *data, TALLOC_CTX *mem_ctx, char **s)
656 len = asn1_tag_remaining(data);
658 data->has_error = true;
661 *s = talloc_array(mem_ctx, char, len+1);
663 data->has_error = true;
666 asn1_read(data, *s, len);
668 return !data->has_error;
672 /* read a GeneralString from a ASN1 buffer */
673 bool asn1_read_GeneralString(struct asn1_data *data, TALLOC_CTX *mem_ctx, char **s)
675 if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) return false;
676 if (!asn1_read_LDAPString(data, mem_ctx, s)) return false;
677 return asn1_end_tag(data);
681 /* read a octet string blob */
682 bool asn1_read_OctetString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB *blob)
686 if (!asn1_start_tag(data, ASN1_OCTET_STRING)) return false;
687 len = asn1_tag_remaining(data);
689 data->has_error = true;
692 *blob = data_blob_talloc(mem_ctx, NULL, len+1);
694 data->has_error = true;
697 asn1_read(data, blob->data, len);
702 if (data->has_error) {
703 data_blob_free(blob);
704 *blob = data_blob_null;
710 bool asn1_read_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob)
714 if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(num))) return false;
715 len = asn1_tag_remaining(data);
717 data->has_error = true;
720 *blob = data_blob(NULL, len);
721 if ((len != 0) && (!blob->data)) {
722 data->has_error = true;
725 asn1_read(data, blob->data, len);
727 return !data->has_error;
730 /* read an integer without tag*/
731 bool asn1_read_implicit_Integer(struct asn1_data *data, int *i)
736 while (!data->has_error && asn1_tag_remaining(data)>0) {
737 if (!asn1_read_uint8(data, &b)) return false;
740 return !data->has_error;
744 /* read an integer */
745 bool asn1_read_Integer(struct asn1_data *data, int *i)
749 if (!asn1_start_tag(data, ASN1_INTEGER)) return false;
750 if (!asn1_read_implicit_Integer(data, i)) return false;
751 return asn1_end_tag(data);
754 /* read a BIT STRING */
755 bool asn1_read_BitString(struct asn1_data *data, TALLOC_CTX *mem_ctx, DATA_BLOB *blob, uint8_t *padding)
759 if (!asn1_start_tag(data, ASN1_BIT_STRING)) return false;
760 len = asn1_tag_remaining(data);
762 data->has_error = true;
765 if (!asn1_read_uint8(data, padding)) return false;
767 *blob = data_blob_talloc(mem_ctx, NULL, len);
769 data->has_error = true;
772 if (asn1_read(data, blob->data, len - 1)) {
778 if (data->has_error) {
779 data_blob_free(blob);
780 *blob = data_blob_null;
787 /* read an integer */
788 bool asn1_read_enumerated(struct asn1_data *data, int *v)
792 if (!asn1_start_tag(data, ASN1_ENUMERATED)) return false;
793 while (!data->has_error && asn1_tag_remaining(data)>0) {
795 asn1_read_uint8(data, &b);
798 return asn1_end_tag(data);
801 /* check a enumerated value is correct */
802 bool asn1_check_enumerated(struct asn1_data *data, int v)
805 if (!asn1_start_tag(data, ASN1_ENUMERATED)) return false;
806 asn1_read_uint8(data, &b);
810 data->has_error = false;
812 return !data->has_error;
815 /* write an enumerated value to the stream */
816 bool asn1_write_enumerated(struct asn1_data *data, uint8_t v)
818 if (!asn1_push_tag(data, ASN1_ENUMERATED)) return false;
819 asn1_write_uint8(data, v);
821 return !data->has_error;
825 Get us the data just written without copying
827 bool asn1_blob(const struct asn1_data *asn1, DATA_BLOB *blob)
829 if (asn1->has_error) {
832 if (asn1->nesting != NULL) {
835 blob->data = asn1->data;
836 blob->length = asn1->length;
841 Fill in an asn1 struct without making a copy
843 void asn1_load_nocopy(struct asn1_data *data, uint8_t *buf, size_t len)