mbed TLS v3.1.0
|
Generic ASN.1 parsing. More...
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#include <stddef.h>
#include "mbedtls/bignum.h"
Go to the source code of this file.
Data Structures | |
struct | mbedtls_asn1_buf |
struct | mbedtls_asn1_bitstring |
struct | mbedtls_asn1_sequence |
struct | mbedtls_asn1_named_data |
Macros | |
#define | MBEDTLS_OID_SIZE(x) (sizeof(x) - 1) |
#define | MBEDTLS_OID_CMP(oid_str, oid_buf) |
#define | MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) |
ASN1 Error codes | |
These error codes are OR'ed to X509 error codes for higher error granularity. ASN1 is a standard to specify data structures. | |
#define | MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 |
#define | MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 |
#define | MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 |
#define | MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 |
#define | MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 |
#define | MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A |
#define | MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C |
DER constants | |
These constants comply with the DER encoded ASN.1 type tags. DER encoding uses hexadecimal representation. An example DER sequence is:
| |
#define | MBEDTLS_ASN1_BOOLEAN 0x01 |
#define | MBEDTLS_ASN1_INTEGER 0x02 |
#define | MBEDTLS_ASN1_BIT_STRING 0x03 |
#define | MBEDTLS_ASN1_OCTET_STRING 0x04 |
#define | MBEDTLS_ASN1_NULL 0x05 |
#define | MBEDTLS_ASN1_OID 0x06 |
#define | MBEDTLS_ASN1_ENUMERATED 0x0A |
#define | MBEDTLS_ASN1_UTF8_STRING 0x0C |
#define | MBEDTLS_ASN1_SEQUENCE 0x10 |
#define | MBEDTLS_ASN1_SET 0x11 |
#define | MBEDTLS_ASN1_PRINTABLE_STRING 0x13 |
#define | MBEDTLS_ASN1_T61_STRING 0x14 |
#define | MBEDTLS_ASN1_IA5_STRING 0x16 |
#define | MBEDTLS_ASN1_UTC_TIME 0x17 |
#define | MBEDTLS_ASN1_GENERALIZED_TIME 0x18 |
#define | MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C |
#define | MBEDTLS_ASN1_BMP_STRING 0x1E |
#define | MBEDTLS_ASN1_PRIMITIVE 0x00 |
#define | MBEDTLS_ASN1_CONSTRUCTED 0x20 |
#define | MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 |
#define | MBEDTLS_ASN1_IS_STRING_TAG(tag) |
#define | MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0 |
#define | MBEDTLS_ASN1_TAG_PC_MASK 0x20 |
#define | MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F |
Functions to parse ASN.1 data structures | |
typedef struct mbedtls_asn1_buf | mbedtls_asn1_buf |
typedef struct mbedtls_asn1_bitstring | mbedtls_asn1_bitstring |
typedef struct mbedtls_asn1_sequence | mbedtls_asn1_sequence |
typedef struct mbedtls_asn1_named_data | mbedtls_asn1_named_data |
int | mbedtls_asn1_get_len (unsigned char **p, const unsigned char *end, size_t *len) |
Get the length of an ASN.1 element. Updates the pointer to immediately behind the length. More... | |
int | mbedtls_asn1_get_tag (unsigned char **p, const unsigned char *end, size_t *len, int tag) |
Get the tag and length of the element. Check for the requested tag. Updates the pointer to immediately behind the tag and length. More... | |
int | mbedtls_asn1_get_bool (unsigned char **p, const unsigned char *end, int *val) |
Retrieve a boolean ASN.1 tag and its value. Updates the pointer to immediately behind the full tag. More... | |
int | mbedtls_asn1_get_int (unsigned char **p, const unsigned char *end, int *val) |
Retrieve an integer ASN.1 tag and its value. Updates the pointer to immediately behind the full tag. More... | |
int | mbedtls_asn1_get_enum (unsigned char **p, const unsigned char *end, int *val) |
Retrieve an enumerated ASN.1 tag and its value. Updates the pointer to immediately behind the full tag. More... | |
int | mbedtls_asn1_get_bitstring (unsigned char **p, const unsigned char *end, mbedtls_asn1_bitstring *bs) |
Retrieve a bitstring ASN.1 tag and its value. Updates the pointer to immediately behind the full tag. More... | |
int | mbedtls_asn1_get_bitstring_null (unsigned char **p, const unsigned char *end, size_t *len) |
Retrieve a bitstring ASN.1 tag without unused bits and its value. Updates the pointer to the beginning of the bit/octet string. More... | |
int | mbedtls_asn1_get_sequence_of (unsigned char **p, const unsigned char *end, mbedtls_asn1_sequence *cur, int tag) |
Parses and splits an ASN.1 "SEQUENCE OF <tag>". Updates the pointer to immediately behind the full sequence tag. More... | |
void | mbedtls_asn1_sequence_free (mbedtls_asn1_sequence *seq) |
Free a heap-allocated linked list presentation of an ASN.1 sequence, including the first element. More... | |
int | mbedtls_asn1_traverse_sequence_of (unsigned char **p, const unsigned char *end, unsigned char tag_must_mask, unsigned char tag_must_val, unsigned char tag_may_mask, unsigned char tag_may_val, int(*cb)(void *ctx, int tag, unsigned char *start, size_t len), void *ctx) |
Traverse an ASN.1 SEQUENCE container and call a callback for each entry. More... | |
int | mbedtls_asn1_get_mpi (unsigned char **p, const unsigned char *end, mbedtls_mpi *X) |
Retrieve an integer ASN.1 tag and its value. Updates the pointer to immediately behind the full tag. More... | |
int | mbedtls_asn1_get_alg (unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params) |
Retrieve an AlgorithmIdentifier ASN.1 sequence. Updates the pointer to immediately behind the full AlgorithmIdentifier. More... | |
int | mbedtls_asn1_get_alg_null (unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *alg) |
Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params. Updates the pointer to immediately behind the full AlgorithmIdentifier. More... | |
const mbedtls_asn1_named_data * | mbedtls_asn1_find_named_data (const mbedtls_asn1_named_data *list, const char *oid, size_t len) |
Find a specific named_data entry in a sequence or list based on the OID. More... | |
void | mbedtls_asn1_free_named_data (mbedtls_asn1_named_data *entry) |
Free a mbedtls_asn1_named_data entry. More... | |
void | mbedtls_asn1_free_named_data_list (mbedtls_asn1_named_data **head) |
Free all entries in a mbedtls_asn1_named_data list. More... | |
Generic ASN.1 parsing.
Definition in file asn1.h.
#define MBEDTLS_OID_CMP | ( | oid_str, | |
oid_buf | |||
) |
Compares an mbedtls_asn1_buf structure to a reference OID.
Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a 'unsigned char *oid' here!
#define MBEDTLS_OID_CMP_RAW | ( | oid_str, | |
oid_buf, | |||
oid_buf_len | |||
) |
#define MBEDTLS_OID_SIZE | ( | x | ) | (sizeof(x) - 1) |
Returns the size of the binary string, without the trailing \0
Definition at line 125 of file asn1.h.
Referenced by mbedtls_psa_get_ecc_oid_from_id().
typedef struct mbedtls_asn1_bitstring mbedtls_asn1_bitstring |
Container for ASN1 bit strings.
typedef struct mbedtls_asn1_buf mbedtls_asn1_buf |
Type-length-value structure that allows for ASN1 using DER.
typedef struct mbedtls_asn1_named_data mbedtls_asn1_named_data |
Container for a sequence or list of 'named' ASN.1 data items
typedef struct mbedtls_asn1_sequence mbedtls_asn1_sequence |
Container for a sequence of ASN.1 items
const mbedtls_asn1_named_data* mbedtls_asn1_find_named_data | ( | const mbedtls_asn1_named_data * | list, |
const char * | oid, | ||
size_t | len | ||
) |
Find a specific named_data entry in a sequence or list based on the OID.
list | The list to seek through |
oid | The OID to look for |
len | Size of the OID |
void mbedtls_asn1_free_named_data | ( | mbedtls_asn1_named_data * | entry | ) |
Free a mbedtls_asn1_named_data entry.
entry | The named data entry to free. This function calls mbedtls_free() on entry->oid.p and entry->val.p . |
void mbedtls_asn1_free_named_data_list | ( | mbedtls_asn1_named_data ** | head | ) |
Free all entries in a mbedtls_asn1_named_data list.
head | Pointer to the head of the list of named data entries to free. This function calls mbedtls_asn1_free_named_data() and mbedtls_free() on each list element and sets *head to NULL . |
int mbedtls_asn1_get_alg | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
mbedtls_asn1_buf * | alg, | ||
mbedtls_asn1_buf * | params | ||
) |
Retrieve an AlgorithmIdentifier ASN.1 sequence. Updates the pointer to immediately behind the full AlgorithmIdentifier.
p | On entry, *p points to the start of the ASN.1 element. On successful completion, *p points to the first byte beyond the AlgorithmIdentifier element. On error, the value of *p is undefined. |
end | End of data. |
alg | The buffer to receive the OID. |
params | The buffer to receive the parameters. This is zeroized if there are no parameters. |
int mbedtls_asn1_get_alg_null | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
mbedtls_asn1_buf * | alg | ||
) |
Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params. Updates the pointer to immediately behind the full AlgorithmIdentifier.
p | On entry, *p points to the start of the ASN.1 element. On successful completion, *p points to the first byte beyond the AlgorithmIdentifier element. On error, the value of *p is undefined. |
end | End of data. |
alg | The buffer to receive the OID. |
int mbedtls_asn1_get_bitstring | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
mbedtls_asn1_bitstring * | bs | ||
) |
Retrieve a bitstring ASN.1 tag and its value. Updates the pointer to immediately behind the full tag.
p | On entry, *p points to the start of the ASN.1 element. On successful completion, *p is equal to end . On error, the value of *p is undefined. |
end | End of data. |
bs | On success, mbedtls_asn1_bitstring information about the parsed value. |
int mbedtls_asn1_get_bitstring_null | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
size_t * | len | ||
) |
Retrieve a bitstring ASN.1 tag without unused bits and its value. Updates the pointer to the beginning of the bit/octet string.
p | On entry, *p points to the start of the ASN.1 element. On successful completion, *p points to the first byte of the content of the BIT STRING. On error, the value of *p is undefined. |
end | End of data. |
len | On success, *len is the length of the content in bytes. |
int mbedtls_asn1_get_bool | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
int * | val | ||
) |
Retrieve a boolean ASN.1 tag and its value. Updates the pointer to immediately behind the full tag.
p | On entry, *p points to the start of the ASN.1 element. On successful completion, *p points to the first byte beyond the ASN.1 element. On error, the value of *p is undefined. |
end | End of data. |
val | On success, the parsed value (0 or 1 ). |
int mbedtls_asn1_get_enum | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
int * | val | ||
) |
Retrieve an enumerated ASN.1 tag and its value. Updates the pointer to immediately behind the full tag.
p | On entry, *p points to the start of the ASN.1 element. On successful completion, *p points to the first byte beyond the ASN.1 element. On error, the value of *p is undefined. |
end | End of data. |
val | On success, the parsed value. |
int
. int mbedtls_asn1_get_int | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
int * | val | ||
) |
Retrieve an integer ASN.1 tag and its value. Updates the pointer to immediately behind the full tag.
p | On entry, *p points to the start of the ASN.1 element. On successful completion, *p points to the first byte beyond the ASN.1 element. On error, the value of *p is undefined. |
end | End of data. |
val | On success, the parsed value. |
int
. int mbedtls_asn1_get_len | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
size_t * | len | ||
) |
Get the length of an ASN.1 element. Updates the pointer to immediately behind the length.
p | On entry, *p points to the first byte of the length, i.e. immediately after the tag. On successful completion, *p points to the first byte after the length, i.e. the first byte of the content. On error, the value of *p is undefined. |
end | End of data. |
len | On successful completion, *len contains the length read from the ASN.1 input. |
end
. int mbedtls_asn1_get_mpi | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
mbedtls_mpi * | X | ||
) |
Retrieve an integer ASN.1 tag and its value. Updates the pointer to immediately behind the full tag.
p | On entry, *p points to the start of the ASN.1 element. On successful completion, *p points to the first byte beyond the ASN.1 element. On error, the value of *p is undefined. |
end | End of data. |
X | On success, the parsed value. |
int
. int mbedtls_asn1_get_sequence_of | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
mbedtls_asn1_sequence * | cur, | ||
int | tag | ||
) |
Parses and splits an ASN.1 "SEQUENCE OF <tag>". Updates the pointer to immediately behind the full sequence tag.
This function allocates memory for the sequence elements. You can free the allocated memory with mbedtls_asn1_sequence_free().
cur
. You must set cur->next = NULL
before calling this function! Otherwise it is impossible to distinguish a previously non-null pointer from a pointer to an object allocated by this function.*cur
. If the sequence is valid and non-empty, this function sets cur->buf.tag
to tag
. This allows callers to distinguish between an empty sequence and a one-element sequence.p | On entry, *p points to the start of the ASN.1 element. On successful completion, *p is equal to end . On error, the value of *p is undefined. |
end | End of data. |
cur | A mbedtls_asn1_sequence which this function fills. When this function returns, *cur is the head of a linked list. Each node in this list is allocated with mbedtls_calloc() apart from cur itself, and should therefore be freed with mbedtls_free(). The list describes the content of the sequence. The head of the list (i.e. *cur itself) describes the first element, *cur->next describes the second element, etc. For each element, buf.tag == tag , buf.len is the length of the content of the content of the element, and buf.p points to the first byte of the content (i.e. immediately past the length of the element). Note that list elements may be allocated even on error. |
tag | Each element of the sequence must have this tag. |
tag
. tag
. int mbedtls_asn1_get_tag | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
size_t * | len, | ||
int | tag | ||
) |
Get the tag and length of the element. Check for the requested tag. Updates the pointer to immediately behind the tag and length.
p | On entry, *p points to the start of the ASN.1 element. On successful completion, *p points to the first byte after the length, i.e. the first byte of the content. On error, the value of *p is undefined. |
end | End of data. |
len | On successful completion, *len contains the length read from the ASN.1 input. |
tag | The expected tag. |
end
. void mbedtls_asn1_sequence_free | ( | mbedtls_asn1_sequence * | seq | ) |
Free a heap-allocated linked list presentation of an ASN.1 sequence, including the first element.
There are two common ways to manage the memory used for the representation of a parsed ASN.1 sequence:
mbedtls_asn1_sequence *head
with mbedtls_calloc(). Pass this node as the cur
argument to mbedtls_asn1_get_sequence_of(). When you have finished processing the sequence, call mbedtls_asn1_sequence_free() on head
.mbedtls_asn1_sequence *head
in any manner, for example on the stack. Make sure that head->next == NULL
. Pass head
as the cur
argument to mbedtls_asn1_get_sequence_of(). When you have finished processing the sequence, call mbedtls_asn1_sequence_free() on head->cur
, then free head
itself in the appropriate manner.seq | The address of the first sequence component. This may be NULL , in which case this functions returns immediately. |
int mbedtls_asn1_traverse_sequence_of | ( | unsigned char ** | p, |
const unsigned char * | end, | ||
unsigned char | tag_must_mask, | ||
unsigned char | tag_must_val, | ||
unsigned char | tag_may_mask, | ||
unsigned char | tag_may_val, | ||
int(*)(void *ctx, int tag, unsigned char *start, size_t len) | cb, | ||
void * | ctx | ||
) |
Traverse an ASN.1 SEQUENCE container and call a callback for each entry.
This function checks that the input is a SEQUENCE of elements that each have a "must" tag, and calls a callback function on the elements that have a "may" tag.
For example, to validate that the input is a SEQUENCE of tag1
and call cb
on each element, use ``` mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx); ```
To validate that the input is a SEQUENCE of ANY and call cb
on each element, use ``` mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx); ```
To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING} and call cb
on each element that is an OCTET STRING, use ``` mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx); ```
The callback is called on the elements with a "may" tag from left to right. If the input is not a valid SEQUENCE of elements with a "must" tag, the callback is called on the elements up to the leftmost point where the input is invalid.
p | The address of the pointer to the beginning of the ASN.1 SEQUENCE header. This is updated to point to the end of the ASN.1 SEQUENCE container on a successful invocation. |
end | The end of the ASN.1 SEQUENCE container. |
tag_must_mask | A mask to be applied to the ASN.1 tags found within the SEQUENCE before comparing to tag_must_value . |
tag_must_val | The required value of each ASN.1 tag found in the SEQUENCE, after masking with tag_must_mask . Mismatching tags lead to an error. For example, a value of 0 for both tag_must_mask and tag_must_val means that every tag is allowed, while a value of 0xFF for tag_must_mask means that tag_must_val is the only allowed tag. |
tag_may_mask | A mask to be applied to the ASN.1 tags found within the SEQUENCE before comparing to tag_may_value . |
tag_may_val | The desired value of each ASN.1 tag found in the SEQUENCE, after masking with tag_may_mask . Mismatching tags will be silently ignored. For example, a value of 0 for tag_may_mask and tag_may_val means that any tag will be considered, while a value of 0xFF for tag_may_mask means that all tags with value different from tag_may_val will be ignored. |
cb | The callback to trigger for each component in the ASN.1 SEQUENCE that matches tag_may_val . The callback function is called with the following parameters:
|
ctx | The context to be passed to the callback cb . |
0
if successful the entire ASN.1 SEQUENCE was traversed without parsing or callback errors. cb
in case the latter returns a non-zero value.