asn1.c

提供了很多种加密算法和CA认证及相关服务如CMP、OCSP等的开发

/****************************************************************************
*																			*
*						   ASN.1 Core Library Routines						*
*						Copyright Peter Gutmann 1992-2002					*
*																			*
****************************************************************************/

#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#if defined( INC_ALL )
  #include "crypt.h"
  #include "asn1.h"
#elif defined( INC_CHILD )
  #include "../crypt.h"
  #include "asn1.h"
#else
  #include "crypt.h"
  #include "keymgmt/asn1.h"
#endif /* Compiler-specific includes */

/****************************************************************************
*																			*
*								Utility Routines							*
*																			*
****************************************************************************/

/* Calculate the size of the encoded length octets */

static int calculateLengthSize( const long length )
	{
	if( length < 128 )
		/* Use short form of length octets */
		return( 1 );
	else
		/* Use long form of length octets: length-of-length followed by
		   32, 24, 16, or 8-bit length */
		return( 1 + ( ( length > 0xFFFFFFL ) ? 4 : \
					  ( length > 0xFFFF ) ? 3 : ( length > 0xFF ) ? 2 : 1 ) );
	}

/* Determine the encoded size of an object given only a length.  This is
   implemented as a function rather than a macro since the macro form would
   evaluate the length argument a great many times.

   The function checks for a length < 0 since this is frequently called with
   the output of another function which may return an error code */

long sizeofObject( const long length )
	{
	return( ( length < 0 ) ? length : \
			sizeof( BYTE ) + calculateLengthSize( length ) + length );
	}

/****************************************************************************
*																			*
*							ASN.1 Output Routines							*
*																			*
****************************************************************************/

/* Write the length octets for an ASN.1 data type */

void writeLength( STREAM *stream, const long length )
	{
	/* Check if we can use the short form of length octets */
	if( length < 128 )
		sputc( stream, ( BYTE ) length );
	else
		{
		BYTE buffer[ 8 ];
		const int noLengthOctets = ( length > 0xFFFFFFL ) ? 4 : \
								   ( length > 0xFFFFL ) ? 3 : \
								   ( length > 0xFF ) ? 2 : 1;
		int bufPos = 1;

		/* Encode the number of length octets followed by the octets 
		   themselves */
		buffer[ 0 ] = 0x80 | noLengthOctets;
		if( noLengthOctets > 3 )
			buffer[ bufPos++ ] = ( BYTE ) ( length >> 24 );
		if( noLengthOctets > 2 )
			buffer[ bufPos++ ] = ( BYTE ) ( length >> 16 );
		if( noLengthOctets > 1 )
			buffer[ bufPos++ ] = ( BYTE ) ( length >> 8 );
		buffer[ bufPos++ ] = ( BYTE ) length;
		swrite( stream, buffer, bufPos );
		}
	}

/* Write a (non-bignum) numeric value, used by several routines */

static int writeNumeric( STREAM *stream, const long integer )
	{
	BOOLEAN needsLZ = TRUE;
	BYTE buffer[ 8 ];
	int length = 1;

	/* Determine the number of bytes necessary to encode the integer and
	   encode it into a temporary buffer */
	if( integer < 0 )
		buffer[ length++ ] = 0;
	if( integer > 0x00FFFFFFL )
		{
		buffer[ length++ ] = ( BYTE ) ( integer >> 24 );
		needsLZ = FALSE;
		}
	if( integer >= 0x00800000L && needsLZ )
		buffer[ length++ ] = 0;
	if( integer > 0x0000FFFFL )
		{
		buffer[ length++ ] = ( BYTE ) ( integer >> 16 );
		needsLZ = FALSE;
		}
	if( integer >= 0x00008000L && needsLZ )
		buffer[ length++ ] = 0;
	if( integer > 0x000000FFL )
		{
		buffer[ length++ ] = ( BYTE ) ( integer >> 8 );
		needsLZ = FALSE;
		}
	if( integer >= 0x00000080L && needsLZ )
		buffer[ length++ ] = 0;
	buffer[ length++ ] = ( BYTE ) integer;

	/* Write the length and numeric data */
	buffer[ 0 ] = length - 1;
	return( swrite( stream, buffer, length ) );
	}

/* Write a short integer value */

int writeShortInteger( STREAM *stream, const long integer, const int tag )
	{
	/* Write the identifier and numeric fields */
	writeTag( stream, ( tag == DEFAULT_TAG ) ? \
			  BER_INTEGER : BER_CONTEXT_SPECIFIC | tag );
	return( writeNumeric( stream, integer ) );
	}

/* Write a bignum integer value */

int writeInteger( STREAM *stream, const BYTE *integer,
				  const int integerLength, const int tag )
	{
	const BOOLEAN leadingZero = integerLength && ( *integer & 0x80 ) ? 1 : 0;

	/* Write the identifier field */
	writeTag( stream, ( tag == DEFAULT_TAG ) ? \
			  BER_INTEGER : BER_CONTEXT_SPECIFIC | tag );

	/* Write it as a big-endian bignum value.  We have to be careful about 
	   how we handle values with the high bit set since the internal format 
	   is unsigned while ASN.1 values are signed */
	if( !integerLength )
		return( swrite( stream, "\x01\x00", 2 ) );
	writeLength( stream, integerLength + leadingZero );
	if( leadingZero )
		sputc( stream, 0 );
	return( swrite( stream, integer, integerLength ) );
	}

/* Write an enumerated value */

int writeEnumerated( STREAM *stream, const int enumerated, const int tag )
	{
	writeTag( stream, ( tag == DEFAULT_TAG ) ? \
			  BER_ENUMERATED : BER_CONTEXT_SPECIFIC | tag );
	return( writeNumeric( stream, ( long ) enumerated ) );
	}

/* Write a null value */

int writeNull( STREAM *stream, const int tag )
	{
	BYTE buffer[ 8 ];

	buffer[ 0 ] = ( tag == DEFAULT_TAG ) ? \
				  BER_NULL : BER_CONTEXT_SPECIFIC | tag;
	buffer[ 1 ] = 0;
	return( swrite( stream, buffer, 2 ) );
	}

/* Write a boolean value */

int writeBoolean( STREAM *stream, const BOOLEAN boolean, const int tag )
	{
	BYTE buffer[ 8 ];

	buffer[ 0 ] = ( tag == DEFAULT_TAG ) ? \
				  BER_BOOLEAN : BER_CONTEXT_SPECIFIC | tag;
	buffer[ 1 ] = 1;
	buffer[ 2 ] = boolean ? 0xFF : 0;
	return( swrite( stream, buffer, 3 ) );
	}

/* Write an octet string */

int writeOctetString( STREAM *stream, const BYTE *string, const int length,
					  const int tag )
	{
	writeTag( stream, ( tag == DEFAULT_TAG ) ? \
			  BER_OCTETSTRING : BER_CONTEXT_SPECIFIC | tag );
	writeLength( stream, length );
	return( swrite( stream, string, length ) );
	}

/* Write a character string.  This handles any of the myriad ASN.1 character
   string types.  The handling of the tag works somewhat differently here to
   the usual manner in that since the function is polymorphic, the tag
   defines the character string type and is always used (there's no
   DEFAULT_TAG like the other functions use) */

int writeCharacterString( STREAM *stream, const BYTE *string,
						  const int length, const int tag )
	{
	assert( tag != DEFAULT_TAG );
	writeTag( stream, tag );
	writeLength( stream, length );
	return( swrite( stream, string, length ) );
	}

/* Write a bit string */

int writeBitString( STREAM *stream, const int bitString, const int tag )
	{
	BYTE buffer[ 16 ];
	unsigned int value = 0;
	int data = bitString, noBits = 0, i;

	/* ASN.1 bitstrings start at bit 0, so we need to reverse the order of
	  the bits before we write it out */
	for( i = 0; i < ( sizeof( int ) > 2 ? 32 : 16 ); i++ )
		{
		/* Update the number of significant bits */
		if( data )
			noBits++;

		/* Reverse the bits */
		value <<= 1;
		if( data & 1 )
			value |= 1;
		data >>= 1;
		}

	/* Write the data as an ASN.1 BITSTRING.  This has the potential to lose
	   some bits on 16-bit systems, but this only applies to the more obscure
	   CMP error codes and it's unlikely too many people will be running a
	   CMP server on a DOS box */
	buffer[ 0 ] = ( tag == DEFAULT_TAG ) ? BER_BITSTRING : \
				  BER_CONTEXT_SPECIFIC | tag;
	buffer[ 1 ] = 1 + ( ( noBits + 7 ) >> 3 );
	buffer[ 2 ] = ~( ( noBits - 1 ) & 7 ) & 7;
#if UINT_MAX > 0xFFFF
	buffer[ 3 ] = value >> 24;
	buffer[ 4 ] = value >> 16;
	buffer[ 5 ] = value >> 8;
	buffer[ 6 ] = value;
#else
	buffer[ 3 ] = value >> 8;
	buffer[ 4 ] = value;
#endif /* 16 vs 32-bit systems */
	return( swrite( stream, buffer, 3 + ( ( noBits + 7 ) >> 3 ) ) );
	}

/* Write a canonical UTCTime and GeneralizedTime value */

int writeUTCTime( STREAM *stream, const time_t timeVal, const int tag )
	{
	struct tm *timeInfo = gmtime( &timeVal );
	char buffer[ 20 ];

	/* Print the main time fields */
	sprintf( buffer + 2, "%02d%02d%02d%02d%02d%02dZ", 
			 timeInfo->tm_year % 100, timeInfo->tm_mon + 1, 
			 timeInfo->tm_mday, timeInfo->tm_hour, timeInfo->tm_min, 
			 timeInfo->tm_sec );

	/* Write the time string */
	buffer[ 0 ] = ( tag == DEFAULT_TAG ) ? \
				  BER_TIME_UTC : BER_CONTEXT_SPECIFIC | tag;
	buffer[ 1 ] = 13;
	return( swrite( stream, buffer, 15 ) );
	}

int writeGeneralizedTime( STREAM *stream, const time_t timeVal, const int tag )
	{
	struct tm *timeInfo = gmtime( &timeVal );
	char buffer[ 20 ];

	/* Print the main time fields */
	sprintf( buffer + 2, "%04d%02d%02d%02d%02d%02dZ", 
			 timeInfo->tm_year + 1900, timeInfo->tm_mon + 1, 
			 timeInfo->tm_mday, timeInfo->tm_hour, timeInfo->tm_min, 
			 timeInfo->tm_sec );

	/* Write the time string */
	buffer[ 0 ] = ( tag == DEFAULT_TAG ) ? \
				  BER_TIME_GENERALIZED : BER_CONTEXT_SPECIFIC | tag;
	buffer[ 1 ] = 15;
	return( swrite( stream, buffer, 17 ) );
	}

/****************************************************************************
*																			*
*							ASN.1 Input Routines							*
*																			*
****************************************************************************/

/* Get a tag without actually reading it, useful for checking for OPTIONAL 
   elements */

int peekTag( STREAM *stream )
	{
	int tag;

	/* Make sure we're not at the end of the stream (a sungetc() at this
	   point would have the side-effect of clearing the EOF marker) */
	if( seof( stream ) )
		return( CRYPT_ERROR_UNDERFLOW );

	/* Read the tag and push it back into the stream */
	tag = readTag( stream );
	sungetc( stream );

	return( tag );
	}

/* Check for constructed end-of-item octets */

BOOLEAN checkEOC( STREAM *stream )
	{
	/* Make sure we're not at the end of the stream (a sungetc() at this
	   point would have the side-effect of clearing the EOF marker) */
	if( seof( stream ) )
		return( FALSE );

	/* Read the tag and check for an EOC octet pair */
	if( readTag( stream ) != BER_EOC )
		{
		sungetc( stream );
		return( FALSE );
		}
	if( readTag( stream ) )
		{
		/* After finding an EOC tag we need to have a length of zero */
		sSetError( stream, CRYPT_ERROR_BADDATA );
		return( FALSE );
		}

	return( TRUE );
	}

/* Read the length octets for an ASN.1 data type.  This is called (via the
   preprocessor) in one of two forms, as a standard length-read or as one 
   which limits the data size to 32K (which is the case for most PKI data) 
   and which doesn't cause type conversion problems on systems where 
   sizeof( int ) != sizeof( long ) */

long readLengthValue( STREAM *stream, const BOOLEAN shortLen )
	{
	BYTE buffer[ 8 ], *bufPtr = buffer;
	long length = 0;
	int noLengthOctets, status;

	/* Read the first byte of length data.  If it's a short length, we're
	   done */
	length = sgetc( stream );
	if( cryptStatusError( length ) || !( length & 0x80 ) )
		return( length );

	/* Read the actual length octets.  Since BER lengths can be encoded in
	   peculiar ways (at least one text uses a big-endian 32-bit encoding 
	   for everything) we allow up to 8 bytes of non-DER length data, but
	   only the last 2 or 4 of these can be nonzero */
	noLengthOctets = length & 0x7F;
	if( !noLengthOctets )
		return( 0 );			/* Indefinite length encoding */
	if( noLengthOctets > 8 )
		status = CRYPT_ERROR_BADDATA;
	else
		status = sread( stream, buffer, noLengthOctets );
	if( cryptStatusError( status ) )
		{
		sSetError( stream, status );
		return( status );
		}
	if( !buffer[ 0 ] )
		{
		int i;

		/* Oddball length encoding with leading zero(es) */