1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * Simple encoder primitives for ASN.1 BER/DER/CER
4
 *
5
 * Copyright (C) 2019 [email protected]
6
 */
7

8
#include <linux/asn1_encoder.h>
9
#include <linux/bug.h>
10
#include <linux/string.h>
11
#include <linux/module.h>
12

13
/**
14
 * asn1_encode_integer() - encode positive integer to ASN.1
15
 * @data:	pointer to the pointer to the data
16
 * @end_data:	end of data pointer, points one beyond last usable byte in @data
17
 * @integer:	integer to be encoded
18
 *
19
 * This is a simplified encoder: it only currently does
20
 * positive integers, but it should be simple enough to add the
21
 * negative case if a use comes along.
22
 */
23
unsigned char *
24
asn1_encode_integer(unsigned char *data, const unsigned char *end_data,
25
		    s64 integer)
26
{
27
	int data_len = end_data - data;
28
	unsigned char *d = &data[2];
29
	bool found = false;
30
	int i;
31

32
	if (WARN(integer < 0,
33
		 "BUG: integer encode only supports positive integers"))
34
		return ERR_PTR(-EINVAL);
35

36
	if (IS_ERR(data))
37
		return data;
38

39
	/* need at least 3 bytes for tag, length and integer encoding */
40
	if (data_len < 3)
41
		return ERR_PTR(-EINVAL);
42

43
	/* remaining length where at d (the start of the integer encoding) */
44
	data_len -= 2;
45

46
	data[0] = _tag(UNIV, PRIM, INT);
47
	if (integer == 0) {
48
		*d++ = 0;
49
		goto out;
50
	}
51

52
	for (i = sizeof(integer); i > 0 ; i--) {
53
		int byte = integer >> (8 * (i - 1));
54

55
		if (!found && byte == 0)
56
			continue;
57

58
		/*
59
		 * for a positive number the first byte must have bit
60
		 * 7 clear in two's complement (otherwise it's a
61
		 * negative number) so prepend a leading zero if
62
		 * that's not the case
63
		 */
64
		if (!found && (byte & 0x80)) {
65
			/*
66
			 * no check needed here, we already know we
67
			 * have len >= 1
68
			 */
69
			*d++ = 0;
70
			data_len--;
71
		}
72

73
		found = true;
74
		if (data_len == 0)
75
			return ERR_PTR(-EINVAL);
76

77
		*d++ = byte;
78
		data_len--;
79
	}
80

81
 out:
82
	data[1] = d - data - 2;
83

84
	return d;
85
}
86
EXPORT_SYMBOL_GPL(asn1_encode_integer);
87

88
/* calculate the base 128 digit values setting the top bit of the first octet */
89
static int asn1_encode_oid_digit(unsigned char **_data, int *data_len, u32 oid)
90
{
91
	unsigned char *data = *_data;
92
	int start = 7 + 7 + 7 + 7;
93
	int ret = 0;
94

95
	if (*data_len < 1)
96
		return -EINVAL;
97

98
	/* quick case */
99
	if (oid == 0) {
100
		*data++ = 0x80;
101
		(*data_len)--;
102
		goto out;
103
	}
104

105
	while (oid >> start == 0)
106
		start -= 7;
107

108
	while (start > 0 && *data_len > 0) {
109
		u8 byte;
110

111
		byte = oid >> start;
112
		oid = oid - (byte << start);
113
		start -= 7;
114
		byte |= 0x80;
115
		*data++ = byte;
116
		(*data_len)--;
117
	}
118

119
	if (*data_len > 0) {
120
		*data++ = oid;
121
		(*data_len)--;
122
	} else {
123
		ret = -EINVAL;
124
	}
125

126
 out:
127
	*_data = data;
128
	return ret;
129
}
130

131
/**
132
 * asn1_encode_oid() - encode an oid to ASN.1
133
 * @data:	position to begin encoding at
134
 * @end_data:	end of data pointer, points one beyond last usable byte in @data
135
 * @oid:	array of oids
136
 * @oid_len:	length of oid array
137
 *
138
 * this encodes an OID up to ASN.1 when presented as an array of OID values
139
 */
140
unsigned char *
141
asn1_encode_oid(unsigned char *data, const unsigned char *end_data,
142
		u32 oid[], int oid_len)
143
{
144
	int data_len = end_data - data;
145
	unsigned char *d = data + 2;
146
	int i, ret;
147

148
	if (WARN(oid_len < 2, "OID must have at least two elements"))
149
		return ERR_PTR(-EINVAL);
150

151
	if (WARN(oid_len > 32, "OID is too large"))
152
		return ERR_PTR(-EINVAL);
153

154
	if (IS_ERR(data))
155
		return data;
156

157

158
	/* need at least 3 bytes for tag, length and OID encoding */
159
	if (data_len < 3)
160
		return ERR_PTR(-EINVAL);
161

162
	data[0] = _tag(UNIV, PRIM, OID);
163
	*d++ = oid[0] * 40 + oid[1];
164

165
	data_len -= 3;
166

167
	for (i = 2; i < oid_len; i++) {
168
		ret = asn1_encode_oid_digit(&d, &data_len, oid[i]);
169
		if (ret < 0)
170
			return ERR_PTR(ret);
171
	}
172

173
	data[1] = d - data - 2;
174

175
	return d;
176
}
177
EXPORT_SYMBOL_GPL(asn1_encode_oid);
178

179
/**
180
 * asn1_encode_length() - encode a length to follow an ASN.1 tag
181
 * @data: pointer to encode at
182
 * @data_len: pointer to remaining length (adjusted by routine)
183
 * @len: length to encode
184
 *
185
 * This routine can encode lengths up to 65535 using the ASN.1 rules.
186
 * It will accept a negative length and place a zero length tag
187
 * instead (to keep the ASN.1 valid).  This convention allows other
188
 * encoder primitives to accept negative lengths as singalling the
189
 * sequence will be re-encoded when the length is known.
190
 */
191
static int asn1_encode_length(unsigned char **data, int *data_len, int len)
192
{
193
	if (*data_len < 1)
194
		return -EINVAL;
195

196
	if (len < 0) {
197
		*((*data)++) = 0;
198
		(*data_len)--;
199
		return 0;
200
	}
201

202
	if (len <= 0x7f) {
203
		*((*data)++) = len;
204
		(*data_len)--;
205
		return 0;
206
	}
207

208
	if (*data_len < 2)
209
		return -EINVAL;
210

211
	if (len <= 0xff) {
212
		*((*data)++) = 0x81;
213
		*((*data)++) = len & 0xff;
214
		*data_len -= 2;
215
		return 0;
216
	}
217

218
	if (*data_len < 3)
219
		return -EINVAL;
220

221
	if (len <= 0xffff) {
222
		*((*data)++) = 0x82;
223
		*((*data)++) = (len >> 8) & 0xff;
224
		*((*data)++) = len & 0xff;
225
		*data_len -= 3;
226
		return 0;
227
	}
228

229
	if (WARN(len > 0xffffff, "ASN.1 length can't be > 0xffffff"))
230
		return -EINVAL;
231

232
	if (*data_len < 4)
233
		return -EINVAL;
234
	*((*data)++) = 0x83;
235
	*((*data)++) = (len >> 16) & 0xff;
236
	*((*data)++) = (len >> 8) & 0xff;
237
	*((*data)++) = len & 0xff;
238
	*data_len -= 4;
239

240
	return 0;
241
}
242

243
/**
244
 * asn1_encode_tag() - add a tag for optional or explicit value
245
 * @data:	pointer to place tag at
246
 * @end_data:	end of data pointer, points one beyond last usable byte in @data
247
 * @tag:	tag to be placed
248
 * @string:	the data to be tagged
249
 * @len:	the length of the data to be tagged
250
 *
251
 * Note this currently only handles short form tags < 31.
252
 *
253
 * Standard usage is to pass in a @tag, @string and @length and the
254
 * @string will be ASN.1 encoded with @tag and placed into @data.  If
255
 * the encoding would put data past @end_data then an error is
256
 * returned, otherwise a pointer to a position one beyond the encoding
257
 * is returned.
258
 *
259
 * To encode in place pass a NULL @string and -1 for @len and the
260
 * maximum allowable beginning and end of the data; all this will do
261
 * is add the current maximum length and update the data pointer to
262
 * the place where the tag contents should be placed is returned.  The
263
 * data should be copied in by the calling routine which should then
264
 * repeat the prior statement but now with the known length.  In order
265
 * to avoid having to keep both before and after pointers, the repeat
266
 * expects to be called with @data pointing to where the first encode
267
 * returned it and still NULL for @string but the real length in @len.
268
 */
269
unsigned char *
270
asn1_encode_tag(unsigned char *data, const unsigned char *end_data,
271
		u32 tag, const unsigned char *string, int len)
272
{
273
	int data_len = end_data - data;
274
	int ret;
275

276
	if (WARN(tag > 30, "ASN.1 tag can't be > 30"))
277
		return ERR_PTR(-EINVAL);
278

279
	if (!string && WARN(len > 127,
280
			    "BUG: recode tag is too big (>127)"))
281
		return ERR_PTR(-EINVAL);
282

283
	if (IS_ERR(data))
284
		return data;
285

286
	if (!string && len > 0) {
287
		/*
288
		 * we're recoding, so move back to the start of the
289
		 * tag and install a dummy length because the real
290
		 * data_len should be NULL
291
		 */
292
		data -= 2;
293
		data_len = 2;
294
	}
295

296
	if (data_len < 2)
297
		return ERR_PTR(-EINVAL);
298

299
	*(data++) = _tagn(CONT, CONS, tag);
300
	data_len--;
301
	ret = asn1_encode_length(&data, &data_len, len);
302
	if (ret < 0)
303
		return ERR_PTR(ret);
304

305
	if (!string)
306
		return data;
307

308
	if (data_len < len)
309
		return ERR_PTR(-EINVAL);
310

311
	memcpy(data, string, len);
312
	data += len;
313

314
	return data;
315
}
316
EXPORT_SYMBOL_GPL(asn1_encode_tag);
317

318
/**
319
 * asn1_encode_octet_string() - encode an ASN.1 OCTET STRING
320
 * @data:	pointer to encode at
321
 * @end_data:	end of data pointer, points one beyond last usable byte in @data
322
 * @string:	string to be encoded
323
 * @len:	length of string
324
 *
325
 * Note ASN.1 octet strings may contain zeros, so the length is obligatory.
326
 */
327
unsigned char *
328
asn1_encode_octet_string(unsigned char *data,
329
			 const unsigned char *end_data,
330
			 const unsigned char *string, u32 len)
331
{
332
	int data_len = end_data - data;
333
	int ret;
334

335
	if (IS_ERR(data))
336
		return data;
337

338
	/* need minimum of 2 bytes for tag and length of zero length string */
339
	if (data_len < 2)
340
		return ERR_PTR(-EINVAL);
341

342
	*(data++) = _tag(UNIV, PRIM, OTS);
343
	data_len--;
344

345
	ret = asn1_encode_length(&data, &data_len, len);
346
	if (ret)
347
		return ERR_PTR(ret);
348

349
	if (data_len < len)
350
		return ERR_PTR(-EINVAL);
351

352
	memcpy(data, string, len);
353
	data += len;
354

355
	return data;
356
}
357
EXPORT_SYMBOL_GPL(asn1_encode_octet_string);
358

359
/**
360
 * asn1_encode_sequence() - wrap a byte stream in an ASN.1 SEQUENCE
361
 * @data:	pointer to encode at
362
 * @end_data:	end of data pointer, points one beyond last usable byte in @data
363
 * @seq:	data to be encoded as a sequence
364
 * @len:	length of the data to be encoded as a sequence
365
 *
366
 * Fill in a sequence.  To encode in place, pass NULL for @seq and -1
367
 * for @len; then call again once the length is known (still with NULL
368
 * for @seq). In order to avoid having to keep both before and after
369
 * pointers, the repeat expects to be called with @data pointing to
370
 * where the first encode placed it.
371
 */
372
unsigned char *
373
asn1_encode_sequence(unsigned char *data, const unsigned char *end_data,
374
		     const unsigned char *seq, int len)
375
{
376
	int data_len = end_data - data;
377
	int ret;
378

379
	if (!seq && WARN(len > 127,
380
			 "BUG: recode sequence is too big (>127)"))
381
		return ERR_PTR(-EINVAL);
382

383
	if (IS_ERR(data))
384
		return data;
385

386
	if (!seq && len >= 0) {
387
		/*
388
		 * we're recoding, so move back to the start of the
389
		 * sequence and install a dummy length because the
390
		 * real length should be NULL
391
		 */
392
		data -= 2;
393
		data_len = 2;
394
	}
395

396
	if (data_len < 2)
397
		return ERR_PTR(-EINVAL);
398

399
	*(data++) = _tag(UNIV, CONS, SEQ);
400
	data_len--;
401

402
	ret = asn1_encode_length(&data, &data_len, len);
403
	if (ret)
404
		return ERR_PTR(ret);
405

406
	if (!seq)
407
		return data;
408

409
	if (data_len < len)
410
		return ERR_PTR(-EINVAL);
411

412
	memcpy(data, seq, len);
413
	data += len;
414

415
	return data;
416
}
417
EXPORT_SYMBOL_GPL(asn1_encode_sequence);
418

419
/**
420
 * asn1_encode_boolean() - encode a boolean value to ASN.1
421
 * @data:	pointer to encode at
422
 * @end_data:	end of data pointer, points one beyond last usable byte in @data
423
 * @val:	the boolean true/false value
424
 */
425
unsigned char *
426
asn1_encode_boolean(unsigned char *data, const unsigned char *end_data,
427
		    bool val)
428
{
429
	int data_len = end_data - data;
430

431
	if (IS_ERR(data))
432
		return data;
433

434
	/* booleans are 3 bytes: tag, length == 1 and value == 0 or 1 */
435
	if (data_len < 3)
436
		return ERR_PTR(-EINVAL);
437

438
	*(data++) = _tag(UNIV, PRIM, BOOL);
439
	data_len--;
440

441
	asn1_encode_length(&data, &data_len, 1);
442

443
	if (val)
444
		*(data++) = 1;
445
	else
446
		*(data++) = 0;
447

448
	return data;
449
}
450
EXPORT_SYMBOL_GPL(asn1_encode_boolean);
451

452
MODULE_DESCRIPTION("Simple encoder primitives for ASN.1 BER/DER/CER");
453
MODULE_LICENSE("GPL");
454

455