10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
14 #include <ipxe/tables.h>
16 /** An ASN.1 object cursor */
24 /** An ASN.1 object builder */
28 * This is always dynamically allocated. If @c data is NULL
29 * while @len is non-zero, this indicates that a memory
30 * allocation error has occurred during the building process.
37 /** Maximum (viable) length of ASN.1 length
39 * While in theory unlimited, this length is sufficient to contain a
42 #define ASN1_MAX_LEN_LEN ( 1 + sizeof ( size_t ) )
44 /** An ASN.1 header */
45 struct asn1_builder_header {
48 /** Length (encoded) */
49 uint8_t length[ASN1_MAX_LEN_LEN];
50 } __attribute__ (( packed ));
56 #define ASN1_BOOLEAN 0x01
59 #define ASN1_INTEGER 0x02
61 /** ASN.1 bit string */
62 #define ASN1_BIT_STRING 0x03
64 /** ASN.1 octet string */
65 #define ASN1_OCTET_STRING 0x04
68 #define ASN1_NULL 0x05
70 /** ASN.1 object identifier */
73 /** ASN.1 enumeration */
74 #define ASN1_ENUMERATED 0x0a
77 #define ASN1_UTC_TIME 0x17
79 /** ASN.1 generalized time */
80 #define ASN1_GENERALIZED_TIME 0x18
83 #define ASN1_SEQUENCE 0x30
88 /** ASN.1 implicit tag */
89 #define ASN1_IMPLICIT_TAG( number) ( 0x80 | (number) )
91 /** ASN.1 explicit tag */
92 #define ASN1_EXPLICIT_TAG( number) ( 0xa0 | (number) )
94 /** ASN.1 "any tag" magic value */
97 /** Initial OID byte */
98 #define ASN1_OID_INITIAL( first, second ) ( ( (first) * 40 ) + (second) )
100 /** Single-byte OID value
102 * Valid for values up to 127
104 #define ASN1_OID_SINGLE( value ) ( (value) & 0x7f )
106 /** Double-byte OID value
108 * Valid for values up to 16383
110 #define ASN1_OID_DOUBLE( value ) \
111 ( 0x80 | ( ( (value) >> 7 ) & 0x7f ) ), ASN1_OID_SINGLE ( (value) )
113 /** Double-byte OID value
115 * Valid for values up to 2097151
117 #define ASN1_OID_TRIPLE( value ) \
118 ( 0x80 | ( ( (value) >> 14 ) & 0x7f ) ), ASN1_OID_DOUBLE ( (value) )
120 /** ASN.1 OID for rsaEncryption (1.2.840.113549.1.1.1) */
121 #define ASN1_OID_RSAENCRYPTION \
122 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
123 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
124 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 1 )
126 /** ASN.1 OID for md5WithRSAEncryption (1.2.840.113549.1.1.4) */
127 #define ASN1_OID_MD5WITHRSAENCRYPTION \
128 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
129 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
130 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 4 )
132 /** ASN.1 OID for sha1WithRSAEncryption (1.2.840.113549.1.1.5) */
133 #define ASN1_OID_SHA1WITHRSAENCRYPTION \
134 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
135 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
136 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 )
138 /** ASN.1 OID for sha256WithRSAEncryption (1.2.840.113549.1.1.11) */
139 #define ASN1_OID_SHA256WITHRSAENCRYPTION \
140 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
141 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
142 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 11 )
144 /** ASN.1 OID for sha384WithRSAEncryption (1.2.840.113549.1.1.12) */
145 #define ASN1_OID_SHA384WITHRSAENCRYPTION \
146 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
147 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
148 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 12 )
150 /** ASN.1 OID for sha512WithRSAEncryption (1.2.840.113549.1.1.13) */
151 #define ASN1_OID_SHA512WITHRSAENCRYPTION \
152 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
153 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
154 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 13 )
156 /** ASN.1 OID for sha224WithRSAEncryption (1.2.840.113549.1.1.14) */
157 #define ASN1_OID_SHA224WITHRSAENCRYPTION \
158 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
159 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
160 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 14 )
162 /** ASN.1 OID for id-md5 (1.2.840.113549.2.5) */
163 #define ASN1_OID_MD5 \
164 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
165 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 2 ), \
166 ASN1_OID_SINGLE ( 5 )
168 /** ASN.1 OID for id-sha1 (1.3.14.3.2.26) */
169 #define ASN1_OID_SHA1 \
170 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 14 ), \
171 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 2 ), \
172 ASN1_OID_SINGLE ( 26 )
174 /** ASN.1 OID for id-sha256 (2.16.840.1.101.3.4.2.1) */
175 #define ASN1_OID_SHA256 \
176 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
177 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
178 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
179 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 1 )
181 /** ASN.1 OID for id-sha384 (2.16.840.1.101.3.4.2.2) */
182 #define ASN1_OID_SHA384 \
183 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
184 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
185 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
186 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 2 )
188 /** ASN.1 OID for id-sha512 (2.16.840.1.101.3.4.2.3) */
189 #define ASN1_OID_SHA512 \
190 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
191 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
192 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
193 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 3 )
195 /** ASN.1 OID for id-sha224 (2.16.840.1.101.3.4.2.4) */
196 #define ASN1_OID_SHA224 \
197 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
198 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
199 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
200 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 4 )
202 /** ASN.1 OID for id-sha512-224 (2.16.840.1.101.3.4.2.5) */
203 #define ASN1_OID_SHA512_224 \
204 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
205 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
206 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
207 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 5 )
209 /** ASN.1 OID for id-sha512-256 (2.16.840.1.101.3.4.2.6) */
210 #define ASN1_OID_SHA512_256 \
211 ASN1_OID_INITIAL ( 2, 16 ), ASN1_OID_DOUBLE ( 840 ), \
212 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 101 ), \
213 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 4 ), \
214 ASN1_OID_SINGLE ( 2 ), ASN1_OID_SINGLE ( 6 )
216 /** ASN.1 OID for commonName (2.5.4.3) */
217 #define ASN1_OID_COMMON_NAME \
218 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 4 ), \
219 ASN1_OID_SINGLE ( 3 )
221 /** ASN.1 OID for id-ce-keyUsage (2.5.29.15) */
222 #define ASN1_OID_KEYUSAGE \
223 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
224 ASN1_OID_SINGLE ( 15 )
226 /** ASN.1 OID for id-ce-basicConstraints (2.5.29.19) */
227 #define ASN1_OID_BASICCONSTRAINTS \
228 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
229 ASN1_OID_SINGLE ( 19 )
231 /** ASN.1 OID for id-ce-extKeyUsage (2.5.29.37) */
232 #define ASN1_OID_EXTKEYUSAGE \
233 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
234 ASN1_OID_SINGLE ( 37 )
236 /** ASN.1 OID for id-kp-codeSigning (1.3.6.1.5.5.7.3.3) */
237 #define ASN1_OID_CODESIGNING \
238 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
239 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
240 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
241 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 3 )
243 /** ASN.1 OID for pkcs-signedData (1.2.840.113549.1.7.2) */
244 #define ASN1_OID_SIGNEDDATA \
245 ASN1_OID_INITIAL ( 1, 2 ), ASN1_OID_DOUBLE ( 840 ), \
246 ASN1_OID_TRIPLE ( 113549 ), ASN1_OID_SINGLE ( 1 ), \
247 ASN1_OID_SINGLE ( 7 ), ASN1_OID_SINGLE ( 2 )
249 /** ASN.1 OID for id-pe-authorityInfoAccess (1.3.6.1.5.5.7.1.1) */
250 #define ASN1_OID_AUTHORITYINFOACCESS \
251 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
252 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
253 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
254 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 1 )
256 /** ASN.1 OID for id-ad-ocsp (1.3.6.1.5.5.7.48.1) */
257 #define ASN1_OID_OCSP \
258 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
259 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
260 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
261 ASN1_OID_SINGLE ( 48 ), ASN1_OID_SINGLE ( 1 )
263 /** ASN.1 OID for id-pkix-ocsp-basic ( 1.3.6.1.5.5.7.48.1.1) */
264 #define ASN1_OID_OCSP_BASIC \
265 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
266 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
267 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
268 ASN1_OID_SINGLE ( 48 ), ASN1_OID_SINGLE ( 1 ), \
269 ASN1_OID_SINGLE ( 1 )
271 /** ASN.1 OID for id-kp-OCSPSigning (1.3.6.1.5.5.7.3.9) */
272 #define ASN1_OID_OCSPSIGNING \
273 ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \
274 ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \
275 ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \
276 ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 9 )
278 /** ASN.1 OID for id-ce-subjectAltName (2.5.29.17) */
279 #define ASN1_OID_SUBJECTALTNAME \
280 ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \
281 ASN1_OID_SINGLE ( 17 )
283 /** Define an ASN.1 cursor containing an OID */
284 #define ASN1_OID_CURSOR( oid_value ) { \
286 .len = sizeof ( oid_value ), \
289 /** An ASN.1 OID-identified algorithm */
290 struct asn1_algorithm {
293 /** Object identifier */
294 struct asn1_cursor oid;
295 /** Public-key algorithm (if applicable) */
296 struct pubkey_algorithm *pubkey;
297 /** Digest algorithm (if applicable) */
298 struct digest_algorithm *digest;
301 /** ASN.1 OID-identified algorithms */
302 #define ASN1_ALGORITHMS __table ( struct asn1_algorithm, "asn1_algorithms" )
304 /** Declare an ASN.1 OID-identified algorithm */
305 #define __asn1_algorithm __table_entry ( ASN1_ALGORITHMS, 01 )
307 /** An ASN.1 bit string */
308 struct asn1_bit_string {
313 /** Unused bits at end of data */
315 } __attribute__ (( packed ));
320 * @v cursor ASN.1 object cursor
323 static inline __attribute__ (( always_inline )) unsigned int
324 asn1_type ( const struct asn1_cursor *cursor ) {
325 return ( *( ( const uint8_t * ) cursor->data ) );
328 extern void asn1_invalidate_cursor ( struct asn1_cursor *cursor );
329 extern int asn1_enter ( struct asn1_cursor *cursor, unsigned int type );
330 extern int asn1_skip_if_exists ( struct asn1_cursor *cursor,
332 extern int asn1_skip ( struct asn1_cursor *cursor, unsigned int type );
333 extern int asn1_shrink ( struct asn1_cursor *cursor, unsigned int type );
334 extern int asn1_enter_any ( struct asn1_cursor *cursor );
335 extern int asn1_skip_any ( struct asn1_cursor *cursor );
336 extern int asn1_shrink_any ( struct asn1_cursor *cursor );
337 extern int asn1_boolean ( const struct asn1_cursor *cursor );
338 extern int asn1_integer ( const struct asn1_cursor *cursor, int *value );
339 extern int asn1_bit_string ( const struct asn1_cursor *cursor,
340 struct asn1_bit_string *bits );
341 extern int asn1_integral_bit_string ( const struct asn1_cursor *cursor,
342 struct asn1_bit_string *bits );
343 extern int asn1_compare ( const struct asn1_cursor *cursor1,
344 const struct asn1_cursor *cursor2 );
345 extern int asn1_algorithm ( const struct asn1_cursor *cursor,
346 struct asn1_algorithm **algorithm );
347 extern int asn1_pubkey_algorithm ( const struct asn1_cursor *cursor,
348 struct asn1_algorithm **algorithm );
349 extern int asn1_digest_algorithm ( const struct asn1_cursor *cursor,
350 struct asn1_algorithm **algorithm );
351 extern int asn1_signature_algorithm ( const struct asn1_cursor *cursor,
352 struct asn1_algorithm **algorithm );
353 extern int asn1_generalized_time ( const struct asn1_cursor *cursor,
355 extern int asn1_prepend_raw ( struct asn1_builder *builder, const void *data,
357 extern int asn1_prepend ( struct asn1_builder *builder, unsigned int type,
358 const void *data, size_t len );
359 extern int asn1_wrap ( struct asn1_builder *builder, unsigned int type );
361 #endif /* _IPXE_ASN1_H */