1 |
|
|
/* $OpenBSD: bs_cbb.c,v 1.17 2017/08/12 02:50:05 jsing Exp $ */ |
2 |
|
|
/* |
3 |
|
|
* Copyright (c) 2014, Google Inc. |
4 |
|
|
* |
5 |
|
|
* Permission to use, copy, modify, and/or distribute this software for any |
6 |
|
|
* purpose with or without fee is hereby granted, provided that the above |
7 |
|
|
* copyright notice and this permission notice appear in all copies. |
8 |
|
|
* |
9 |
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
10 |
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
11 |
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
12 |
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
13 |
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
14 |
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
15 |
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ |
16 |
|
|
|
17 |
|
|
#include <assert.h> |
18 |
|
|
#include <stdlib.h> |
19 |
|
|
#include <string.h> |
20 |
|
|
|
21 |
|
|
#include <openssl/opensslconf.h> |
22 |
|
|
|
23 |
|
|
#include "bytestring.h" |
24 |
|
|
|
25 |
|
|
#define CBB_INITIAL_SIZE 64 |
26 |
|
|
|
27 |
|
|
static int |
28 |
|
|
cbb_init(CBB *cbb, uint8_t *buf, size_t cap) |
29 |
|
|
{ |
30 |
|
|
struct cbb_buffer_st *base; |
31 |
|
|
|
32 |
|
102048 |
base = malloc(sizeof(struct cbb_buffer_st)); |
33 |
✗✓ |
51024 |
if (base == NULL) |
34 |
|
|
return 0; |
35 |
|
|
|
36 |
|
51024 |
base->buf = buf; |
37 |
|
51024 |
base->len = 0; |
38 |
|
51024 |
base->cap = cap; |
39 |
|
51024 |
base->can_resize = 1; |
40 |
|
|
|
41 |
|
51024 |
cbb->base = base; |
42 |
|
51024 |
cbb->is_top_level = 1; |
43 |
|
|
|
44 |
|
51024 |
return 1; |
45 |
|
51024 |
} |
46 |
|
|
|
47 |
|
|
int |
48 |
|
|
CBB_init(CBB *cbb, size_t initial_capacity) |
49 |
|
|
{ |
50 |
|
|
uint8_t *buf = NULL; |
51 |
|
|
|
52 |
|
69886 |
memset(cbb, 0, sizeof(*cbb)); |
53 |
|
|
|
54 |
✓✓ |
34943 |
if (initial_capacity == 0) |
55 |
|
1049 |
initial_capacity = CBB_INITIAL_SIZE; |
56 |
|
|
|
57 |
✗✓ |
34943 |
if ((buf = malloc(initial_capacity)) == NULL) |
58 |
|
|
return 0; |
59 |
|
|
|
60 |
✗✓ |
34943 |
if (!cbb_init(cbb, buf, initial_capacity)) { |
61 |
|
|
free(buf); |
62 |
|
|
return 0; |
63 |
|
|
} |
64 |
|
|
|
65 |
|
34943 |
return 1; |
66 |
|
34943 |
} |
67 |
|
|
|
68 |
|
|
int |
69 |
|
|
CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) |
70 |
|
|
{ |
71 |
|
32162 |
memset(cbb, 0, sizeof(*cbb)); |
72 |
|
|
|
73 |
✗✓ |
16081 |
if (!cbb_init(cbb, buf, len)) |
74 |
|
|
return 0; |
75 |
|
|
|
76 |
|
16081 |
cbb->base->can_resize = 0; |
77 |
|
|
|
78 |
|
16081 |
return 1; |
79 |
|
16081 |
} |
80 |
|
|
|
81 |
|
|
void |
82 |
|
|
CBB_cleanup(CBB *cbb) |
83 |
|
|
{ |
84 |
✓✓ |
103696 |
if (cbb->base) { |
85 |
✓✓ |
51024 |
if (cbb->base->can_resize) |
86 |
|
34943 |
freezero(cbb->base->buf, cbb->base->cap); |
87 |
|
51024 |
free(cbb->base); |
88 |
|
51024 |
} |
89 |
|
51848 |
cbb->base = NULL; |
90 |
|
51848 |
cbb->child = NULL; |
91 |
|
51848 |
} |
92 |
|
|
|
93 |
|
|
static int |
94 |
|
|
cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len) |
95 |
|
|
{ |
96 |
|
|
size_t newlen; |
97 |
|
|
|
98 |
✗✓ |
2574568 |
if (base == NULL) |
99 |
|
|
return 0; |
100 |
|
|
|
101 |
|
1287284 |
newlen = base->len + len; |
102 |
✗✓ |
1287284 |
if (newlen < base->len) |
103 |
|
|
/* Overflow */ |
104 |
|
|
return 0; |
105 |
|
|
|
106 |
✓✓ |
1287284 |
if (newlen > base->cap) { |
107 |
|
1242 |
size_t newcap = base->cap * 2; |
108 |
|
|
uint8_t *newbuf; |
109 |
|
|
|
110 |
✓✓ |
1242 |
if (!base->can_resize) |
111 |
|
6 |
return 0; |
112 |
|
|
|
113 |
✓✗✓✓
|
2472 |
if (newcap < base->cap || newcap < newlen) |
114 |
|
182 |
newcap = newlen; |
115 |
|
|
|
116 |
|
1236 |
newbuf = recallocarray(base->buf, base->cap, newcap, 1); |
117 |
✗✓ |
1236 |
if (newbuf == NULL) |
118 |
|
|
return 0; |
119 |
|
|
|
120 |
|
1236 |
base->buf = newbuf; |
121 |
|
1236 |
base->cap = newcap; |
122 |
✓✓ |
1236 |
} |
123 |
|
|
|
124 |
✓✓ |
1287278 |
if (out) |
125 |
|
1287042 |
*out = base->buf + base->len; |
126 |
|
|
|
127 |
|
1287278 |
base->len = newlen; |
128 |
|
1287278 |
return 1; |
129 |
|
1287284 |
} |
130 |
|
|
|
131 |
|
|
static int |
132 |
|
|
cbb_add_u(CBB *cbb, uint32_t v, size_t len_len) |
133 |
|
|
{ |
134 |
|
1953972 |
uint8_t *buf; |
135 |
|
|
size_t i; |
136 |
|
|
|
137 |
✗✓ |
976986 |
if (len_len == 0) |
138 |
|
|
return 1; |
139 |
|
|
|
140 |
✗✓ |
976986 |
if (len_len > 4) |
141 |
|
|
return 0; |
142 |
|
|
|
143 |
✓✓✓✓
|
1953963 |
if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &buf, len_len)) |
144 |
|
15 |
return 0; |
145 |
|
|
|
146 |
✓✓ |
5678490 |
for (i = len_len - 1; i < len_len; i--) { |
147 |
|
1862274 |
buf[i] = v; |
148 |
|
1862274 |
v >>= 8; |
149 |
|
|
} |
150 |
|
976971 |
return 1; |
151 |
|
976986 |
} |
152 |
|
|
|
153 |
|
|
int |
154 |
|
|
CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) |
155 |
|
|
{ |
156 |
✓✓ |
101982 |
if (!cbb->is_top_level) |
157 |
|
3 |
return 0; |
158 |
|
|
|
159 |
✗✓ |
50988 |
if (!CBB_flush(cbb)) |
160 |
|
|
return 0; |
161 |
|
|
|
162 |
✓✓✗✓
|
85895 |
if (cbb->base->can_resize && (out_data == NULL || out_len == NULL)) |
163 |
|
|
/* |
164 |
|
|
* |out_data| and |out_len| can only be NULL if the CBB is |
165 |
|
|
* fixed. |
166 |
|
|
*/ |
167 |
|
|
return 0; |
168 |
|
|
|
169 |
✓✓ |
50988 |
if (out_data != NULL) |
170 |
|
34913 |
*out_data = cbb->base->buf; |
171 |
|
|
|
172 |
✓✓ |
50988 |
if (out_len != NULL) |
173 |
|
50982 |
*out_len = cbb->base->len; |
174 |
|
|
|
175 |
|
50988 |
cbb->base->buf = NULL; |
176 |
|
50988 |
CBB_cleanup(cbb); |
177 |
|
50988 |
return 1; |
178 |
|
50991 |
} |
179 |
|
|
|
180 |
|
|
/* |
181 |
|
|
* CBB_flush recurses and then writes out any pending length prefix. The current |
182 |
|
|
* length of the underlying base is taken to be the length of the |
183 |
|
|
* length-prefixed data. |
184 |
|
|
*/ |
185 |
|
|
int |
186 |
|
|
CBB_flush(CBB *cbb) |
187 |
|
|
{ |
188 |
|
|
size_t child_start, i, len; |
189 |
|
|
|
190 |
✓✓ |
3337996 |
if (cbb->base == NULL) |
191 |
|
21 |
return 0; |
192 |
|
|
|
193 |
✓✓✗✓
|
1889966 |
if (cbb->child == NULL || cbb->pending_len_len == 0) |
194 |
|
1447988 |
return 1; |
195 |
|
|
|
196 |
|
220989 |
child_start = cbb->offset + cbb->pending_len_len; |
197 |
|
|
|
198 |
✓✗✓✗ ✗✓ |
662967 |
if (!CBB_flush(cbb->child) || child_start < cbb->offset || |
199 |
|
220989 |
cbb->base->len < child_start) |
200 |
|
|
return 0; |
201 |
|
|
|
202 |
|
220989 |
len = cbb->base->len - child_start; |
203 |
|
|
|
204 |
✓✓ |
220989 |
if (cbb->pending_is_asn1) { |
205 |
|
|
/* |
206 |
|
|
* For ASN.1, we assumed that we were using short form which |
207 |
|
|
* only requires a single byte for the length octet. |
208 |
|
|
* |
209 |
|
|
* If it turns out that we need long form, we have to move |
210 |
|
|
* the contents along in order to make space for more length |
211 |
|
|
* octets. |
212 |
|
|
*/ |
213 |
|
|
size_t len_len = 1; /* total number of length octets */ |
214 |
|
|
uint8_t initial_length_byte; |
215 |
|
|
|
216 |
|
|
/* We already wrote 1 byte for the length. */ |
217 |
✗✓ |
9233 |
assert (cbb->pending_len_len == 1); |
218 |
|
|
|
219 |
|
|
/* Check for long form */ |
220 |
✗✓ |
9233 |
if (len > 0xfffffffe) |
221 |
|
|
return 0; /* 0xffffffff is reserved */ |
222 |
✗✓ |
9233 |
else if (len > 0xffffff) |
223 |
|
|
len_len = 5; |
224 |
✓✓ |
9233 |
else if (len > 0xffff) |
225 |
|
6 |
len_len = 4; |
226 |
✓✓ |
9227 |
else if (len > 0xff) |
227 |
|
199 |
len_len = 3; |
228 |
✓✓ |
9028 |
else if (len > 0x7f) |
229 |
|
31 |
len_len = 2; |
230 |
|
|
|
231 |
✓✓ |
9233 |
if (len_len == 1) { |
232 |
|
|
/* For short form, the initial byte is the length. */ |
233 |
|
8997 |
initial_length_byte = len; |
234 |
|
|
len = 0; |
235 |
|
|
|
236 |
|
8997 |
} else { |
237 |
|
|
/* |
238 |
|
|
* For long form, the initial byte is the number of |
239 |
|
|
* subsequent length octets (plus bit 8 set). |
240 |
|
|
*/ |
241 |
|
236 |
initial_length_byte = 0x80 | (len_len - 1); |
242 |
|
|
|
243 |
|
|
/* |
244 |
|
|
* We need to move the contents along in order to make |
245 |
|
|
* space for the long form length octets. |
246 |
|
|
*/ |
247 |
|
|
size_t extra_bytes = len_len - 1; |
248 |
✗✓ |
236 |
if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) |
249 |
|
|
return 0; |
250 |
|
|
|
251 |
|
236 |
memmove(cbb->base->buf + child_start + extra_bytes, |
252 |
|
|
cbb->base->buf + child_start, len); |
253 |
✓✗ |
236 |
} |
254 |
|
9233 |
cbb->base->buf[cbb->offset++] = initial_length_byte; |
255 |
|
9233 |
cbb->pending_len_len = len_len - 1; |
256 |
✓✗ |
9233 |
} |
257 |
|
|
|
258 |
✓✓ |
1259636 |
for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) { |
259 |
|
408829 |
cbb->base->buf[cbb->offset + i] = len; |
260 |
|
408829 |
len >>= 8; |
261 |
|
|
} |
262 |
✗✓ |
220989 |
if (len != 0) |
263 |
|
|
return 0; |
264 |
|
|
|
265 |
|
220989 |
cbb->child->base = NULL; |
266 |
|
220989 |
cbb->child = NULL; |
267 |
|
220989 |
cbb->pending_len_len = 0; |
268 |
|
220989 |
cbb->pending_is_asn1 = 0; |
269 |
|
220989 |
cbb->offset = 0; |
270 |
|
|
|
271 |
|
220989 |
return 1; |
272 |
|
1668998 |
} |
273 |
|
|
|
274 |
|
|
|
275 |
|
|
static int |
276 |
|
|
cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len) |
277 |
|
|
{ |
278 |
|
423524 |
uint8_t *prefix_bytes; |
279 |
|
|
|
280 |
✓✓ |
211762 |
if (!CBB_flush(cbb)) |
281 |
|
6 |
return 0; |
282 |
|
|
|
283 |
|
211756 |
cbb->offset = cbb->base->len; |
284 |
✗✓ |
211756 |
if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len)) |
285 |
|
|
return 0; |
286 |
|
|
|
287 |
|
211756 |
memset(prefix_bytes, 0, len_len); |
288 |
|
211756 |
memset(out_contents, 0, sizeof(CBB)); |
289 |
|
211756 |
out_contents->base = cbb->base; |
290 |
|
211756 |
cbb->child = out_contents; |
291 |
|
211756 |
cbb->pending_len_len = len_len; |
292 |
|
211756 |
cbb->pending_is_asn1 = 0; |
293 |
|
|
|
294 |
|
211756 |
return 1; |
295 |
|
211762 |
} |
296 |
|
|
|
297 |
|
|
int |
298 |
|
|
CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents) |
299 |
|
|
{ |
300 |
|
98990 |
return cbb_add_length_prefixed(cbb, out_contents, 1); |
301 |
|
|
} |
302 |
|
|
|
303 |
|
|
int |
304 |
|
|
CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents) |
305 |
|
|
{ |
306 |
|
255810 |
return cbb_add_length_prefixed(cbb, out_contents, 2); |
307 |
|
|
} |
308 |
|
|
|
309 |
|
|
int |
310 |
|
|
CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) |
311 |
|
|
{ |
312 |
|
68724 |
return cbb_add_length_prefixed(cbb, out_contents, 3); |
313 |
|
|
} |
314 |
|
|
|
315 |
|
|
int |
316 |
|
|
CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag) |
317 |
|
|
{ |
318 |
✗✓ |
18496 |
if (tag > UINT8_MAX) |
319 |
|
|
return 0; |
320 |
|
|
|
321 |
|
|
/* Long form identifier octets are not supported. */ |
322 |
✗✓ |
9248 |
if ((tag & 0x1f) == 0x1f) |
323 |
|
|
return 0; |
324 |
|
|
|
325 |
|
|
/* Short-form identifier octet only needs a single byte */ |
326 |
✓✓✗✓
|
18493 |
if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag)) |
327 |
|
3 |
return 0; |
328 |
|
|
|
329 |
|
|
/* |
330 |
|
|
* Add 1 byte to cover the short-form length octet case. If it turns |
331 |
|
|
* out we need long-form, it will be extended later. |
332 |
|
|
*/ |
333 |
|
9245 |
cbb->offset = cbb->base->len; |
334 |
✗✓ |
9245 |
if (!CBB_add_u8(cbb, 0)) |
335 |
|
|
return 0; |
336 |
|
|
|
337 |
|
9245 |
memset(out_contents, 0, sizeof(CBB)); |
338 |
|
9245 |
out_contents->base = cbb->base; |
339 |
|
9245 |
cbb->child = out_contents; |
340 |
|
9245 |
cbb->pending_len_len = 1; |
341 |
|
9245 |
cbb->pending_is_asn1 = 1; |
342 |
|
|
|
343 |
|
9245 |
return 1; |
344 |
|
9248 |
} |
345 |
|
|
|
346 |
|
|
int |
347 |
|
|
CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) |
348 |
|
|
{ |
349 |
|
192446 |
uint8_t *dest; |
350 |
|
|
|
351 |
✓✓ |
96223 |
if (!CBB_add_space(cbb, &dest, len)) |
352 |
|
3 |
return 0; |
353 |
|
|
|
354 |
|
96220 |
memcpy(dest, data, len); |
355 |
|
96220 |
return 1; |
356 |
|
96223 |
} |
357 |
|
|
|
358 |
|
|
int |
359 |
|
|
CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) |
360 |
|
|
{ |
361 |
✓✓✗✓
|
294951 |
if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len)) |
362 |
|
3 |
return 0; |
363 |
|
|
|
364 |
|
98315 |
return 1; |
365 |
|
98318 |
} |
366 |
|
|
|
367 |
|
|
int |
368 |
|
|
CBB_add_u8(CBB *cbb, size_t value) |
369 |
|
|
{ |
370 |
✗✓ |
183366 |
if (value > UINT8_MAX) |
371 |
|
|
return 0; |
372 |
|
|
|
373 |
|
91683 |
return cbb_add_u(cbb, (uint32_t)value, 1); |
374 |
|
91683 |
} |
375 |
|
|
|
376 |
|
|
int |
377 |
|
|
CBB_add_u16(CBB *cbb, size_t value) |
378 |
|
|
{ |
379 |
✗✓ |
1770588 |
if (value > UINT16_MAX) |
380 |
|
|
return 0; |
381 |
|
|
|
382 |
|
885294 |
return cbb_add_u(cbb, (uint32_t)value, 2); |
383 |
|
885294 |
} |
384 |
|
|
|
385 |
|
|
int |
386 |
|
|
CBB_add_u24(CBB *cbb, size_t value) |
387 |
|
|
{ |
388 |
✗✓ |
18 |
if (value > 0xffffffUL) |
389 |
|
|
return 0; |
390 |
|
|
|
391 |
|
9 |
return cbb_add_u(cbb, (uint32_t)value, 3); |
392 |
|
9 |
} |
393 |
|
|
|
394 |
|
|
int |
395 |
|
|
CBB_add_asn1_uint64(CBB *cbb, uint64_t value) |
396 |
|
|
{ |
397 |
|
6066 |
CBB child; |
398 |
|
|
size_t i; |
399 |
|
|
int started = 0; |
400 |
|
|
|
401 |
✗✓ |
3033 |
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER)) |
402 |
|
|
return 0; |
403 |
|
|
|
404 |
✓✓ |
54594 |
for (i = 0; i < 8; i++) { |
405 |
|
24264 |
uint8_t byte = (value >> 8 * (7 - i)) & 0xff; |
406 |
|
|
|
407 |
|
|
/* |
408 |
|
|
* ASN.1 restriction: first 9 bits cannot be all zeroes or |
409 |
|
|
* all ones. Since this function only encodes unsigned |
410 |
|
|
* integers, the only concerns are not encoding leading |
411 |
|
|
* zeros and adding a padding byte if necessary. |
412 |
|
|
* |
413 |
|
|
* In practice, this means: |
414 |
|
|
* 1) Skip leading octets of all zero bits in the value |
415 |
|
|
* 2) After skipping the leading zero octets, if the next 9 |
416 |
|
|
* bits are all ones, add an all zero prefix octet (and |
417 |
|
|
* set the high bit of the prefix octet if negative). |
418 |
|
|
* |
419 |
|
|
* Additionally, for an unsigned value, add an all zero |
420 |
|
|
* prefix if the high bit of the first octet would be one. |
421 |
|
|
*/ |
422 |
✓✓ |
24264 |
if (!started) { |
423 |
✓✓ |
20505 |
if (byte == 0) |
424 |
|
|
/* Don't encode leading zeros. */ |
425 |
|
17475 |
continue; |
426 |
|
|
|
427 |
|
|
/* |
428 |
|
|
* If the high bit is set, add a padding byte to make it |
429 |
|
|
* unsigned. |
430 |
|
|
*/ |
431 |
✓✓✗✓
|
3183 |
if ((byte & 0x80) && !CBB_add_u8(&child, 0)) |
432 |
|
|
return 0; |
433 |
|
|
|
434 |
|
|
started = 1; |
435 |
|
3030 |
} |
436 |
✗✓ |
6789 |
if (!CBB_add_u8(&child, byte)) |
437 |
|
|
return 0; |
438 |
✗✓✓ |
6789 |
} |
439 |
|
|
|
440 |
|
|
/* 0 is encoded as a single 0, not the empty string. */ |
441 |
✓✓✗✓
|
3036 |
if (!started && !CBB_add_u8(&child, 0)) |
442 |
|
|
return 0; |
443 |
|
|
|
444 |
|
3033 |
return CBB_flush(cbb); |
445 |
|
3033 |
} |