1 /* 2 * ASN.1 DER parsing 3 * Copyright (c) 2006, Jouni Malinen <j (at) w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 17 #include "common.h" 18 19 #ifdef CONFIG_INTERNAL_X509 20 21 #include "asn1.h" 22 23 int asn1_get_next(const u8 *buf, size_t len, struct asn1_hdr *hdr) 24 { 25 const u8 *pos, *end; 26 u8 tmp; 27 28 os_memset(hdr, 0, sizeof(*hdr)); 29 pos = buf; 30 end = buf + len; 31 32 hdr->identifier = *pos++; 33 hdr->class = hdr->identifier >> 6; 34 hdr->constructed = !!(hdr->identifier & (1 << 5)); 35 36 if ((hdr->identifier & 0x1f) == 0x1f) { 37 hdr->tag = 0; 38 do { 39 if (pos >= end) { 40 wpa_printf(MSG_DEBUG, "ASN.1: Identifier " 41 "underflow"); 42 return -1; 43 } 44 tmp = *pos++; 45 wpa_printf(MSG_MSGDUMP, "ASN.1: Extended tag data: " 46 "0x%02x", tmp); 47 hdr->tag = (hdr->tag << 7) | (tmp & 0x7f); 48 } while (tmp & 0x80); 49 } else 50 hdr->tag = hdr->identifier & 0x1f; 51 52 tmp = *pos++; 53 if (tmp & 0x80) { 54 if (tmp == 0xff) { 55 wpa_printf(MSG_DEBUG, "ASN.1: Reserved length " 56 "value 0xff used"); 57 return -1; 58 } 59 tmp &= 0x7f; /* number of subsequent octets */ 60 hdr->length = 0; 61 if (tmp > 4) { 62 wpa_printf(MSG_DEBUG, "ASN.1: Too long length field"); 63 return -1; 64 } 65 while (tmp--) { 66 if (pos >= end) { 67 wpa_printf(MSG_DEBUG, "ASN.1: Length " 68 "underflow"); 69 return -1; 70 } 71 hdr->length = (hdr->length << 8) | *pos++; 72 } 73 } else { 74 /* Short form - length 0..127 in one octet */ 75 hdr->length = tmp; 76 } 77 78 if (end < pos || hdr->length > (unsigned int) (end - pos)) { 79 wpa_printf(MSG_DEBUG, "ASN.1: Contents underflow"); 80 return -1; 81 } 82 83 hdr->payload = pos; 84 return 0; 85 } 86 87 88 int asn1_get_oid(const u8 *buf, size_t len, struct asn1_oid *oid, 89 const u8 **next) 90 { 91 struct asn1_hdr hdr; 92 const u8 *pos, *end; 93 unsigned long val; 94 u8 tmp; 95 96 os_memset(oid, 0, sizeof(*oid)); 97 98 if (asn1_get_next(buf, len, &hdr) < 0 || hdr.length == 0) 99 return -1; 100 101 if (hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_OID) { 102 wpa_printf(MSG_DEBUG, "ASN.1: Expected OID - found class %d " 103 "tag 0x%x", hdr.class, hdr.tag); 104 return -1; 105 } 106 107 pos = hdr.payload; 108 end = hdr.payload + hdr.length; 109 *next = end; 110 111 while (pos < end) { 112 val = 0; 113 114 do { 115 if (pos >= end) 116 return -1; 117 tmp = *pos++; 118 val = (val << 7) | (tmp & 0x7f); 119 } while (tmp & 0x80); 120 121 if (oid->len >= ASN1_MAX_OID_LEN) { 122 wpa_printf(MSG_DEBUG, "ASN.1: Too long OID value"); 123 return -1; 124 } 125 if (oid->len == 0) { 126 /* 127 * The first octet encodes the first two object 128 * identifier components in (X*40) + Y formula. 129 * X = 0..2. 130 */ 131 oid->oid[0] = val / 40; 132 if (oid->oid[0] > 2) 133 oid->oid[0] = 2; 134 oid->oid[1] = val - oid->oid[0] * 40; 135 oid->len = 2; 136 } else 137 oid->oid[oid->len++] = val; 138 } 139 140 return 0; 141 } 142 143 144 void asn1_oid_to_str(struct asn1_oid *oid, char *buf, size_t len) 145 { 146 char *pos = buf; 147 size_t i; 148 int ret; 149 150 if (len == 0) 151 return; 152 153 buf[0] = '\0'; 154 155 for (i = 0; i < oid->len; i++) { 156 ret = os_snprintf(pos, buf + len - pos, 157 "%s%lu", 158 i == 0 ? "" : ".", oid->oid[i]); 159 if (ret < 0 || ret >= buf + len - pos) 160 break; 161 pos += ret; 162 } 163 buf[len - 1] = '\0'; 164 } 165 166 167 static u8 rotate_bits(u8 octet) 168 { 169 int i; 170 u8 res; 171 172 res = 0; 173 for (i = 0; i < 8; i++) { 174 res <<= 1; 175 if (octet & 1) 176 res |= 1; 177 octet >>= 1; 178 } 179 180 return res; 181 } 182 183 184 unsigned long asn1_bit_string_to_long(const u8 *buf, size_t len) 185 { 186 unsigned long val = 0; 187 const u8 *pos = buf; 188 189 /* BER requires that unused bits are zero, so we can ignore the number 190 * of unused bits */ 191 pos++; 192 193 if (len >= 2) 194 val |= rotate_bits(*pos++); 195 if (len >= 3) 196 val |= ((unsigned long) rotate_bits(*pos++)) << 8; 197 if (len >= 4) 198 val |= ((unsigned long) rotate_bits(*pos++)) << 16; 199 if (len >= 5) 200 val |= ((unsigned long) rotate_bits(*pos++)) << 24; 201 if (len >= 6) 202 wpa_printf(MSG_DEBUG, "X509: %s - some bits ignored " 203 "(BIT STRING length %lu)", 204 __func__, (unsigned long) len); 205 206 return val; 207 } 208 209 #endif /* CONFIG_INTERNAL_X509 */ 210