2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 2001
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 #include "libcli/util/asn_1.h"
24 /* free an asn1 structure */
25 void asn1_free(struct asn1_data *data)
27 talloc_free(data->data);
29 data->has_error = True;
32 /* write to the ASN1 buffer, advancing the buffer pointer */
33 BOOL asn1_write(struct asn1_data *data, const void *p, int len)
35 if (data->has_error) return False;
36 if (data->length < data->ofs+len) {
38 newp = talloc_realloc(NULL, data->data, uint8_t, data->ofs+len);
41 data->has_error = True;
45 data->length = data->ofs+len;
47 memcpy(data->data + data->ofs, p, len);
52 /* useful fn for writing a uint8_t */
53 BOOL asn1_write_uint8(struct asn1_data *data, uint8_t v)
55 return asn1_write(data, &v, 1);
58 /* push a tag onto the asn1 data buffer. Used for nested structures */
59 BOOL asn1_push_tag(struct asn1_data *data, uint8_t tag)
61 struct nesting *nesting;
63 asn1_write_uint8(data, tag);
64 nesting = talloc(NULL, struct nesting);
66 data->has_error = True;
70 nesting->start = data->ofs;
71 nesting->next = data->nesting;
72 data->nesting = nesting;
73 return asn1_write_uint8(data, 0xff);
77 BOOL asn1_pop_tag(struct asn1_data *data)
79 struct nesting *nesting;
82 nesting = data->nesting;
85 data->has_error = True;
88 len = data->ofs - (nesting->start+1);
89 /* yes, this is ugly. We don't know in advance how many bytes the length
90 of a tag will take, so we assumed 1 byte. If we were wrong then we
91 need to correct our mistake */
93 data->data[nesting->start] = 0x83;
94 if (!asn1_write_uint8(data, 0)) return False;
95 if (!asn1_write_uint8(data, 0)) return False;
96 if (!asn1_write_uint8(data, 0)) return False;
97 memmove(data->data+nesting->start+4, data->data+nesting->start+1, len);
98 data->data[nesting->start+1] = (len>>16) & 0xFF;
99 data->data[nesting->start+2] = (len>>8) & 0xFF;
100 data->data[nesting->start+3] = len&0xff;
101 } else if (len > 255) {
102 data->data[nesting->start] = 0x82;
103 if (!asn1_write_uint8(data, 0)) return False;
104 if (!asn1_write_uint8(data, 0)) return False;
105 memmove(data->data+nesting->start+3, data->data+nesting->start+1, len);
106 data->data[nesting->start+1] = len>>8;
107 data->data[nesting->start+2] = len&0xff;
108 } else if (len > 127) {
109 data->data[nesting->start] = 0x81;
110 if (!asn1_write_uint8(data, 0)) return False;
111 memmove(data->data+nesting->start+2, data->data+nesting->start+1, len);
112 data->data[nesting->start+1] = len;
114 data->data[nesting->start] = len;
117 data->nesting = nesting->next;
118 talloc_free(nesting);
122 /* "i" is the one's complement representation, as is the normal result of an
123 * implicit signed->unsigned conversion */
125 static BOOL push_int_bigendian(struct asn1_data *data, unsigned int i, BOOL negative)
127 uint8_t lowest = i & 0xFF;
131 if (!push_int_bigendian(data, i, negative))
134 if (data->nesting->start+1 == data->ofs) {
136 /* We did not write anything yet, looking at the highest
140 /* Don't write leading 0xff's */
144 if ((lowest & 0x80) == 0) {
145 /* The only exception for a leading 0xff is if
146 * the highest bit is 0, which would indicate
147 * a positive value */
148 if (!asn1_write_uint8(data, 0xff))
153 /* The highest bit of a positive integer is 1,
154 * this would indicate a negative number. Push
155 * a 0 to indicate a positive one */
156 if (!asn1_write_uint8(data, 0))
162 return asn1_write_uint8(data, lowest);
165 /* write an Integer without the tag framing. Needed for example for the LDAP
166 * Abandon Operation */
168 BOOL asn1_write_implicit_Integer(struct asn1_data *data, int i)
171 /* -1 is special as it consists of all-0xff bytes. In
172 push_int_bigendian this is the only case that is not
173 properly handled, as all 0xff bytes would be handled as
174 leading ones to be ignored. */
175 return asn1_write_uint8(data, 0xff);
177 return push_int_bigendian(data, i, i<0);
182 /* write an integer */
183 BOOL asn1_write_Integer(struct asn1_data *data, int i)
185 if (!asn1_push_tag(data, ASN1_INTEGER)) return False;
186 if (!asn1_write_implicit_Integer(data, i)) return False;
187 return asn1_pop_tag(data);
190 BOOL ber_write_OID_String(DATA_BLOB *blob, const char *OID)
193 const char *p = (const char *)OID;
197 v = strtoul(p, &newp, 10);
198 if (newp[0] != '.') return False;
201 v2 = strtoul(p, &newp, 10);
202 if (newp[0] != '.') return False;
205 /*the ber representation can't use more space then the string one */
206 *blob = data_blob(NULL, strlen(OID));
207 if (!blob->data) return False;
209 blob->data[0] = 40*v + v2;
213 v = strtoul(p, &newp, 10);
214 if (newp[0] == '.') {
216 } else if (newp[0] == '\0') {
219 data_blob_free(blob);
222 if (v >= (1<<28)) blob->data[i++] = (0x80 | ((v>>28)&0x7f));
223 if (v >= (1<<21)) blob->data[i++] = (0x80 | ((v>>21)&0x7f));
224 if (v >= (1<<14)) blob->data[i++] = (0x80 | ((v>>14)&0x7f));
225 if (v >= (1<<7)) blob->data[i++] = (0x80 | ((v>>7)&0x7f));
226 blob->data[i++] = (v&0x7f);
234 /* write an object ID to a ASN1 buffer */
235 BOOL asn1_write_OID(struct asn1_data *data, const char *OID)
239 if (!asn1_push_tag(data, ASN1_OID)) return False;
241 if (!ber_write_OID_String(&blob, OID)) {
242 data->has_error = True;
246 if (!asn1_write(data, blob.data, blob.length)) {
247 data->has_error = True;
250 data_blob_free(&blob);
251 return asn1_pop_tag(data);
254 /* write an octet string */
255 BOOL asn1_write_OctetString(struct asn1_data *data, const void *p, size_t length)
257 asn1_push_tag(data, ASN1_OCTET_STRING);
258 asn1_write(data, p, length);
260 return !data->has_error;
263 /* write a LDAP string */
264 BOOL asn1_write_LDAPString(struct asn1_data *data, const char *s)
266 asn1_write(data, s, strlen(s));
267 return !data->has_error;
270 /* write a general string */
271 BOOL asn1_write_GeneralString(struct asn1_data *data, const char *s)
273 asn1_push_tag(data, ASN1_GENERAL_STRING);
274 asn1_write_LDAPString(data, s);
276 return !data->has_error;
279 BOOL asn1_write_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob)
281 asn1_push_tag(data, ASN1_CONTEXT_SIMPLE(num));
282 asn1_write(data, blob->data, blob->length);
284 return !data->has_error;
287 /* write a BOOLEAN */
288 BOOL asn1_write_BOOLEAN(struct asn1_data *data, BOOL v)
290 asn1_push_tag(data, ASN1_BOOLEAN);
291 asn1_write_uint8(data, v ? 0xFF : 0);
293 return !data->has_error;
296 BOOL asn1_read_BOOLEAN(struct asn1_data *data, BOOL *v)
299 asn1_start_tag(data, ASN1_BOOLEAN);
300 asn1_read_uint8(data, &tmp);
307 return !data->has_error;
310 /* check a BOOLEAN */
311 BOOL asn1_check_BOOLEAN(struct asn1_data *data, BOOL v)
315 asn1_read_uint8(data, &b);
316 if (b != ASN1_BOOLEAN) {
317 data->has_error = True;
320 asn1_read_uint8(data, &b);
322 data->has_error = True;
325 return !data->has_error;
329 /* load a struct asn1_data structure with a lump of data, ready to be parsed */
330 BOOL asn1_load(struct asn1_data *data, DATA_BLOB blob)
333 data->data = talloc_memdup(NULL, blob.data, blob.length);
335 data->has_error = True;
338 data->length = blob.length;
342 /* Peek into an ASN1 buffer, not advancing the pointer */
343 BOOL asn1_peek(struct asn1_data *data, void *p, int len)
345 if (len < 0 || data->ofs + len < data->ofs || data->ofs + len < len)
348 if (data->ofs + len > data->length) {
349 /* we need to mark the buffer as consumed, so the caller knows
350 this was an out of data error, and not a decode error */
351 data->ofs = data->length;
355 memcpy(p, data->data + data->ofs, len);
359 /* read from a ASN1 buffer, advancing the buffer pointer */
360 BOOL asn1_read(struct asn1_data *data, void *p, int len)
362 if (!asn1_peek(data, p, len)) {
363 data->has_error = True;
371 /* read a uint8_t from a ASN1 buffer */
372 BOOL asn1_read_uint8(struct asn1_data *data, uint8_t *v)
374 return asn1_read(data, v, 1);
377 BOOL asn1_peek_uint8(struct asn1_data *data, uint8_t *v)
379 return asn1_peek(data, v, 1);
382 BOOL asn1_peek_tag(struct asn1_data *data, uint8_t tag)
386 if (asn1_tag_remaining(data) <= 0) {
390 if (!asn1_peek(data, &b, sizeof(b)))
396 /* start reading a nested asn1 structure */
397 BOOL asn1_start_tag(struct asn1_data *data, uint8_t tag)
400 struct nesting *nesting;
402 if (!asn1_read_uint8(data, &b))
406 data->has_error = True;
409 nesting = talloc(NULL, struct nesting);
411 data->has_error = True;
415 if (!asn1_read_uint8(data, &b)) {
421 if (!asn1_read_uint8(data, &b))
425 if (!asn1_read_uint8(data, &b))
427 nesting->taglen = (nesting->taglen << 8) | b;
433 nesting->start = data->ofs;
434 nesting->next = data->nesting;
435 data->nesting = nesting;
436 if (asn1_tag_remaining(data) == -1) {
439 return !data->has_error;
442 /* stop reading a tag */
443 BOOL asn1_end_tag(struct asn1_data *data)
445 struct nesting *nesting;
447 /* make sure we read it all */
448 if (asn1_tag_remaining(data) != 0) {
449 data->has_error = True;
453 nesting = data->nesting;
456 data->has_error = True;
460 data->nesting = nesting->next;
461 talloc_free(nesting);
465 /* work out how many bytes are left in this nested tag */
466 int asn1_tag_remaining(struct asn1_data *data)
469 if (data->has_error) {
473 if (!data->nesting) {
474 data->has_error = True;
477 remaining = data->nesting->taglen - (data->ofs - data->nesting->start);
478 if (remaining > (data->length - data->ofs)) {
479 data->has_error = True;
485 /* read an object ID from a data blob */
486 BOOL ber_read_OID_String(DATA_BLOB blob, const char **OID)
491 char *tmp_oid = NULL;
493 if (blob.length < 2) return False;
497 tmp_oid = talloc_asprintf(NULL, "%u", b[0]/40);
498 if (!tmp_oid) goto nomem;
499 tmp_oid = talloc_asprintf_append(tmp_oid, ".%u", b[0]%40);
500 if (!tmp_oid) goto nomem;
502 for(i = 1, v = 0; i < blob.length; i++) {
503 v = (v<<7) | (b[i]&0x7f);
504 if ( ! (b[i] & 0x80)) {
505 tmp_oid = talloc_asprintf_append(tmp_oid, ".%u", v);
508 if (!tmp_oid) goto nomem;
512 talloc_free(tmp_oid);
523 /* read an object ID from a ASN1 buffer */
524 BOOL asn1_read_OID(struct asn1_data *data, const char **OID)
529 if (!asn1_start_tag(data, ASN1_OID)) return False;
531 len = asn1_tag_remaining(data);
533 data->has_error = True;
537 blob = data_blob(NULL, len);
539 data->has_error = True;
543 asn1_read(data, blob.data, len);
545 if (data->has_error) {
546 data_blob_free(&blob);
550 if (!ber_read_OID_String(blob, OID)) {
551 data->has_error = True;
552 data_blob_free(&blob);
556 data_blob_free(&blob);
560 /* check that the next object ID is correct */
561 BOOL asn1_check_OID(struct asn1_data *data, const char *OID)
565 if (!asn1_read_OID(data, &id)) return False;
567 if (strcmp(id, OID) != 0) {
568 data->has_error = True;
571 talloc_free(discard_const(id));
575 /* read a LDAPString from a ASN1 buffer */
576 BOOL asn1_read_LDAPString(struct asn1_data *data, char **s)
579 len = asn1_tag_remaining(data);
581 data->has_error = True;
584 *s = talloc_size(NULL, len+1);
586 data->has_error = True;
589 asn1_read(data, *s, len);
591 return !data->has_error;
595 /* read a GeneralString from a ASN1 buffer */
596 BOOL asn1_read_GeneralString(struct asn1_data *data, char **s)
598 if (!asn1_start_tag(data, ASN1_GENERAL_STRING)) return False;
599 if (!asn1_read_LDAPString(data, s)) return False;
600 return asn1_end_tag(data);
604 /* read a octet string blob */
605 BOOL asn1_read_OctetString(struct asn1_data *data, DATA_BLOB *blob)
609 if (!asn1_start_tag(data, ASN1_OCTET_STRING)) return False;
610 len = asn1_tag_remaining(data);
612 data->has_error = True;
615 *blob = data_blob(NULL, len+1);
617 data->has_error = True;
620 asn1_read(data, blob->data, len);
625 if (data->has_error) {
626 data_blob_free(blob);
627 *blob = data_blob(NULL, 0);
633 BOOL asn1_read_ContextSimple(struct asn1_data *data, uint8_t num, DATA_BLOB *blob)
637 if (!asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(num))) return False;
638 len = asn1_tag_remaining(data);
640 data->has_error = True;
643 *blob = data_blob(NULL, len);
645 data->has_error = True;
648 asn1_read(data, blob->data, len);
650 return !data->has_error;
653 /* read an interger without tag*/
654 BOOL asn1_read_implicit_Integer(struct asn1_data *data, int *i)
659 while (!data->has_error && asn1_tag_remaining(data)>0) {
660 if (!asn1_read_uint8(data, &b)) return False;
663 return !data->has_error;
667 /* read an interger */
668 BOOL asn1_read_Integer(struct asn1_data *data, int *i)
672 if (!asn1_start_tag(data, ASN1_INTEGER)) return False;
673 if (!asn1_read_implicit_Integer(data, i)) return False;
674 return asn1_end_tag(data);
677 /* read an interger */
678 BOOL asn1_read_enumerated(struct asn1_data *data, int *v)
682 if (!asn1_start_tag(data, ASN1_ENUMERATED)) return False;
683 while (!data->has_error && asn1_tag_remaining(data)>0) {
685 asn1_read_uint8(data, &b);
688 return asn1_end_tag(data);
691 /* check a enumarted value is correct */
692 BOOL asn1_check_enumerated(struct asn1_data *data, int v)
695 if (!asn1_start_tag(data, ASN1_ENUMERATED)) return False;
696 asn1_read_uint8(data, &b);
700 data->has_error = False;
702 return !data->has_error;
705 /* write an enumarted value to the stream */
706 BOOL asn1_write_enumerated(struct asn1_data *data, uint8_t v)
708 if (!asn1_push_tag(data, ASN1_ENUMERATED)) return False;
709 asn1_write_uint8(data, v);
711 return !data->has_error;
715 check if a ASN.1 blob is a full tag
717 NTSTATUS asn1_full_tag(DATA_BLOB blob, uint8_t tag, size_t *packet_size)
719 struct asn1_data asn1;
723 asn1.data = blob.data;
724 asn1.length = blob.length;
725 asn1_start_tag(&asn1, tag);
726 if (asn1.has_error) {
727 talloc_free(asn1.nesting);
728 return STATUS_MORE_ENTRIES;
730 size = asn1_tag_remaining(&asn1) + asn1.ofs;
731 talloc_free(asn1.nesting);
733 if (size > blob.length) {
734 return STATUS_MORE_ENTRIES;