Refine ASN.1 functions

2026-05-06 16:36:16 +08:00 · 2023-01-14 19:07:03 +08:00
parent e54b4ae182
commit b858b01d39
7 changed files with 1173 additions and 847 deletions
--- a/include/gmssl/asn1.h
+++ b/include/gmssl/asn1.h
@@ -21,6 +21,7 @@ extern "C" {
 #endif


+
 #define ASN1_TAG_UNIVERSAL		0x00
 #define ASN1_TAG_APPLICATION		0x40
 #define ASN1_TAG_CONTENT_SPECIFIC	0x80
@@ -67,11 +68,46 @@ enum ASN1_TAG {
 	ASN1_TAG_EXPLICIT		= 0xa0,
 };

+
+/*
+DER encoding (d, dlen) to_der
+
+	d != NULL && dlen != 0: return 1 on success or -1 on failure
+	d == NULL && dlen != 0: invalid input, return -1
+	d == NULL && dlen == 0: do nothing, return 0 to info OPTIONAL types
+	d != NULL && dlen == 0: encode an empty type, output tag and length = 0 without value
+
+解码函数的返回值：
+
+	ret == 0
+		当前剩余的数据数据长度为0
+		或者下一个对象与期待不符，即输入对象的标签不等于输入的tag
+		当对象为OPTIONAL时，调用方可以通过判断返回值是否为0进行处理
+	ret < 0
+		标签正确但是长度或数据解析出错
+	ret == 1
+		解析正确
+
+
+解码函数的输入：
+
+	*in != NULL
+		例如一个SEQUENCE中的属性均为OPTIONAL，解析后指针仍不为空
+		因此不允许输入空的输入数据指针
+
+
+处理规则
+
+	当返回值 ret <= 0 时，*tag, *in, *inlen 的值保持不变
+
+	如果一个类型有 DEFAULT 属性，调用方可以将返回数据预先设置为默认值，
+	如果该对象未被编码，即返回值为0，那么解码函数不会修改已经设置的默认值
+
+*/
+
 const char *asn1_tag_name(int tag);
-int asn1_tag_to_der(int tag, uint8_t **out, size_t *outlen);
-int asn1_tag_from_der(int tag, const uint8_t **in, size_t *inlen);
-int asn1_any_tag_from_der(int *tag, const uint8_t **in, size_t *inlen);
-int asn1_tag_get(int *tag, const uint8_t **in, size_t *inlen); // 尝试读取下一个tag，但是并不修改in,inlen
+int asn1_tag_from_der(int *tag, const uint8_t **in, size_t *inlen);
+int asn1_tag_from_der_readonly(int *tag, const uint8_t **in, size_t *inlen); // read the next tag without changing *in,*inlen
 int asn1_tag_is_cstring(int tag);
 int asn1_length_to_der(size_t dlen, uint8_t **out, size_t *outlen);
 int asn1_length_from_der(size_t *dlen, const uint8_t **in, size_t *inlen);
@@ -86,6 +122,9 @@ int asn1_any_type_from_der(int *tag, const uint8_t **d, size_t *dlen, const uint
 int asn1_any_to_der(const uint8_t *a, size_t alen, uint8_t **out, size_t *outlen); // 调用方应保证a,alen为TLV
 int asn1_any_from_der(const uint8_t **a, size_t *alen, const uint8_t **in, size_t *inlen); // 该函数会检查输入是否为TLV

+#define ASN1_TRUE 0xff
+#define ASN1_FALSE 0x00
+
 const char *asn1_boolean_name(int val);
 int asn1_boolean_from_name(int *val, const char *name);
 int asn1_boolean_to_der_ex(int tag, int val, uint8_t **out, size_t *outlen);
@@ -217,15 +256,27 @@ int asn1_generalized_time_from_der_ex(int tag, time_t *tv, const uint8_t **in, s
 #define asn1_implicit_generalized_time_to_der(i,tv,out,outlen) asn1_generalized_time_to_der_ex(ASN1_TAG_IMPLICIT(i),tv,out,outlen)
 #define asn1_implicit_generalized_time_from_der(i,tv,in,inlen) asn1_generalized_time_from_der_ex(ASN1_TAG_IMPLICIT(i),tv,in,inlen)

-#define asn1_sequence_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen)
-#define asn1_sequence_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen)
-#define asn1_implicit_sequence_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_sequence_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+int asn1_nonempty_type_to_der(int tag, const uint8_t *d, size_t dlen, uint8_t **out, size_t *outlen);
+int asn1_nonempty_type_from_der(int tag, const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);

-#define asn1_set_to_der(d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen)
-#define asn1_set_from_der(d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen)
-#define asn1_implicit_set_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
-#define asn1_implicit_set_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+#define asn1_sequence_to_der(d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen)
+#define asn1_sequence_from_der(d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen)
+#define asn1_implicit_sequence_to_der(i,d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_sequence_from_der(i,d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+
+#define asn1_sequence_of_to_der(d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_SEQUENCE,d,dlen,out,outlen)
+#define asn1_sequence_of_from_der(d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_SEQUENCE,d,dlen,in,inlen)
+int asn1_sequence_of_int_to_der(const int *nums, size_t nums_cnt, uint8_t **out, size_t *outlen);
+int asn1_sequence_of_int_from_der(int *nums, size_t *nums_cnt, const uint8_t **in, size_t *inlen);
+int asn1_sequence_of_int_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);
+
+#define asn1_set_to_der(d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen)
+#define asn1_set_from_der(d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen)
+#define asn1_implicit_set_to_der(i,d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_implicit_set_from_der(i,d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+
+#define asn1_set_of_to_der(d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_SET,d,dlen,out,outlen)
+#define asn1_set_of_from_der(d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_SET,d,dlen,in,inlen)

 #define asn1_implicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_IMPLICIT(i),d,dlen,out,outlen)
 #define asn1_implicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_IMPLICIT(i),d,dlen,in,inlen)
@@ -243,19 +294,14 @@ int asn1_header_to_der(int tag, size_t dlen, uint8_t **out, size_t *outlen);

 #define asn1_explicit_header_to_der(i,dlen,out,outlen) asn1_header_to_der(ASN1_TAG_EXPLICIT(i),dlen,out,outlen)

-#define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
-#define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)
+#define asn1_explicit_to_der(i,d,dlen,out,outlen) asn1_nonempty_type_to_der(ASN1_TAG_EXPLICIT(i),d,dlen,out,outlen)
+#define asn1_explicit_from_der(i,d,dlen,in,inlen) asn1_nonempty_type_from_der(ASN1_TAG_EXPLICIT(i),d,dlen,in,inlen)

 // d,dlen 是 SEQUENCE OF, SET OF 中的值
 int asn1_types_get_count(const uint8_t *d, size_t dlen, int tag, size_t *cnt);
 int asn1_types_get_item_by_index(const uint8_t *d, size_t *dlen, int tag,
 	int index, const uint8_t **item_d, size_t *item_dlen);

-int asn1_sequence_of_from_der(const uint8_t **d, size_t *dlen, const uint8_t **in, size_t *inlen);
-
-int asn1_sequence_of_int_to_der(const int *nums, size_t nums_cnt, uint8_t **out, size_t *outlen);
-int asn1_sequence_of_int_from_der(int *nums, size_t *nums_cnt, const uint8_t **in, size_t *inlen);
-int asn1_sequence_of_int_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen);


 typedef struct {
--- a/src/asn1.c
+++ b/src/asn1.c
--- a/src/x509_cer.c
+++ b/src/x509_cer.c
@@ -345,10 +345,10 @@ int x509_rdn_to_der(int oid, int tag, const uint8_t *val, size_t vlen,
 {
 	size_t len = 0;
 	if (x509_attr_type_and_value_to_der(oid, tag, val, vlen, NULL, &len) != 1
-		|| asn1_data_to_der(more, morelen, NULL, &len) < 0
+		|| asn1_any_to_der(more, morelen, NULL, &len) < 0
 		|| asn1_set_header_to_der(len, out, outlen) != 1
 		|| x509_attr_type_and_value_to_der(oid, tag, val, vlen, out, outlen) != 1
-		|| asn1_data_to_der(more, morelen, out, outlen) < 0) {
+		|| asn1_any_to_der(more, morelen, out, outlen) < 0) {
 		error_print();
 		return -1;
 	}
--- a/src/x509_crl.c
+++ b/src/x509_crl.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
 *
 *  Licensed under the Apache License, Version 2.0 (the License); you may
 *  not use this file except in compliance with the License.
@@ -992,11 +992,11 @@ int x509_tbs_crl_sign(
 		error_print();
 		return -1;
 	}
-	if (asn1_data_to_der(tbs, tbslen, NULL, &len) != 1
+	if (asn1_any_to_der(tbs, tbslen, NULL, &len) != 1
 		|| x509_signature_algor_to_der(signature_algor, NULL, &len) != 1
 		|| asn1_bit_octets_to_der(sig, siglen, NULL, &len) != 1
 		|| asn1_sequence_header_to_der(len, &out, &outlen) != 1
-		|| asn1_data_to_der(tbs, tbslen, &out, &outlen) != 1
+		|| asn1_any_to_der(tbs, tbslen, &out, &outlen) != 1
 		|| x509_signature_algor_to_der(signature_algor, &out, &outlen) != 1
 		|| asn1_bit_octets_to_der(sig, siglen, &out, &outlen) != 1) {
 		error_print();
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
 *
 *  Licensed under the Apache License, Version 2.0 (the License); you may
 *  not use this file except in compliance with the License.
@@ -92,7 +92,7 @@ int x509_directory_name_from_der(int *tag, const uint8_t **d, size_t *dlen, cons
 {
 	int ret;

-	if ((ret = asn1_tag_get(tag, in, inlen)) != 1) {
+	if ((ret = asn1_tag_from_der_readonly(tag, in, inlen)) != 1) {
 		if (ret < 0) error_print();
 		return ret;
 	}
@@ -204,7 +204,7 @@ int x509_display_text_from_der(int *tag, const uint8_t **d, size_t *dlen, const
 {
 	int ret;

-	if ((ret = asn1_tag_get(tag, in, inlen)) != 1) {
+	if ((ret = asn1_tag_from_der_readonly(tag, in, inlen)) != 1) {
 		if (ret < 0) error_print();
 		return ret;
 	}
--- a/tests/asn1test.c
+++ b/tests/asn1test.c
@@ -11,6 +11,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 #include <assert.h>
 #include <gmssl/asn1.h>
 #include <gmssl/error.h>
@@ -80,7 +81,8 @@ static int test_asn1_length(void)
 		344,
 		65537,
 		1<<23,
-		(size_t)1<<31,
+		INT_MAX, // INT_MAX = 2^31 - 1
+		//(size_t)1<<31, // default int value of (1<<31) is -2^31, 2^31 is larger than the INT_MAX limit
 	};
 	size_t length;
 	uint8_t buf[256];
@@ -684,6 +686,96 @@ static int test_asn1_generalized_time(void)
 	return 1;
 }

+static int test_asn1_from_der_null_args(void)
+{
+	uint8_t buf[100];
+	const uint8_t *cp = NULL;
+	size_t len = 100;
+
+	int val;
+	const char *str;
+	const uint8_t *d;
+	size_t dlen;
+	time_t t;
+	uint32_t nodes[32];
+	size_t nodes_cnt;
+
+	fprintf(stderr, "%s: *inlen = 0\n", __FUNCTION__);
+	cp = buf;
+	len = 0;
+	if (asn1_boolean_from_der(&val, &cp, &len) != 0) { error_print(); return -1; }
+	if (asn1_int_from_der(&val, &cp, &len)  != 0) { error_print(); return -1; }
+	if (asn1_bits_from_der(&val, &cp, &len) != 0) { error_print(); return -1; }
+	if (asn1_null_from_der(&cp, &len) != 0) { error_print(); return -1; }
+	if (asn1_object_identifier_from_der(nodes, &nodes_cnt, &cp, &len) != 0) { error_print(); return -1; }
+	if (asn1_utf8_string_from_der(&str, &dlen, &cp, &len) != 0) { error_print(); return -1; }
+	if (asn1_printable_string_from_der(&str, &dlen, &cp, &len) != 0) { error_print(); return -1; }
+	if (asn1_ia5_string_from_der(&str, &dlen, &cp, &len) != 0) { error_print(); return -1; }
+	if (asn1_utc_time_from_der(&t, &cp, &len) != 0) { error_print(); return -1; }
+	if (asn1_generalized_time_from_der(&t, &cp, &len) != 0) { error_print(); return -1; }
+	fprintf(stderr, "%s: result = NULL\n", __FUNCTION__);
+
+	cp = NULL;
+	len = 100;
+	if (asn1_boolean_from_der(NULL, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_int_from_der(NULL, &cp, &len)  != -1) { error_print(); return -1; }
+	if (asn1_bits_from_der(NULL, &cp, &len) != -1) { error_print(); return -1; }
+	//if (asn1_null_from_der(&cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_object_identifier_from_der(NULL, &nodes_cnt, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_utf8_string_from_der(NULL, &dlen, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_printable_string_from_der(NULL, &dlen, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_ia5_string_from_der(NULL, &dlen, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_utc_time_from_der(NULL, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_generalized_time_from_der(NULL, &cp, &len) != -1) { error_print(); return -1; }
+
+	fprintf(stderr, "%s: *inlen = 0\n", __FUNCTION__);
+	cp = buf;
+	len = 0;
+	if (asn1_boolean_from_der(&val, &cp, &len) != 0) { error_print(); return -1; }
+	fprintf(stderr, "%s: in = NULL\n", __FUNCTION__);
+	len = 100;
+	if (asn1_boolean_from_der(&val, NULL, &len) != -1) { error_print(); return -1; }
+	if (asn1_int_from_der(&val, NULL, &len)  != -1) { error_print(); return -1; }
+	if (asn1_bits_from_der(&val, NULL, &len) != -1) { error_print(); return -1; }
+	if (asn1_null_from_der(NULL, &len) != -1) { error_print(); return -1; }
+	if (asn1_object_identifier_from_der(nodes, &nodes_cnt, NULL, &len) != -1) { error_print(); return -1; }
+	if (asn1_utf8_string_from_der(&str, &dlen, NULL, &len) != -1) { error_print(); return -1; }
+	if (asn1_printable_string_from_der(&str, &dlen, NULL, &len) != -1) { error_print(); return -1; }
+	if (asn1_ia5_string_from_der(&str, &dlen, NULL, &len) != -1) { error_print(); return -1; }
+	if (asn1_utc_time_from_der(&t, NULL, &len) != -1) { error_print(); return -1; }
+	if (asn1_generalized_time_from_der(&t, NULL, &len) != -1) { error_print(); return -1; }
+
+	fprintf(stderr, "%s: inlen = NULL\n", __FUNCTION__);
+	cp = buf;
+	if (asn1_boolean_from_der(&val, &cp, NULL) != -1) { error_print(); return -1; }
+	if (asn1_int_from_der(&val, &cp, NULL)  != -1) { error_print(); return -1; }
+	if (asn1_bits_from_der(&val, &cp, NULL) != -1) { error_print(); return -1; }
+	if (asn1_null_from_der(&cp, NULL) != -1) { error_print(); return -1; }
+	if (asn1_object_identifier_from_der(nodes, &nodes_cnt, &cp, NULL) != -1) { error_print(); return -1; }
+	if (asn1_utf8_string_from_der(&str, &dlen, &cp, NULL) != -1) { error_print(); return -1; }
+	if (asn1_printable_string_from_der(&str, &dlen, &cp, NULL) != -1) { error_print(); return -1; }
+	if (asn1_ia5_string_from_der(&str, &dlen, &cp, NULL) != -1) { error_print(); return -1; }
+	if (asn1_utc_time_from_der(&t, &cp, NULL) != -1) { error_print(); return -1; }
+	if (asn1_generalized_time_from_der(&t, &cp, NULL) != -1) { error_print(); return -1; }
+
+	fprintf(stderr, "%s: *in = NULL\n", __FUNCTION__);
+	cp = NULL;
+	len = 100;
+	if (asn1_boolean_from_der(&val, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_int_from_der(&val, &cp, &len)  != -1) { error_print(); return -1; }
+	if (asn1_bits_from_der(&val, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_null_from_der(&cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_object_identifier_from_der(nodes, &nodes_cnt, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_utf8_string_from_der(&str, &dlen, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_printable_string_from_der(&str, &dlen, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_ia5_string_from_der(&str, &dlen, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_utc_time_from_der(&t, &cp, &len) != -1) { error_print(); return -1; }
+	if (asn1_generalized_time_from_der(&t, &cp, &len) != -1) { error_print(); return -1; }
+
+	printf("%s() ok\n", __FUNCTION__);
+	return 1;
+}
+
 int main(void)
 {
 	if (test_asn1_tag() != 1) goto err;
@@ -700,6 +792,7 @@ int main(void)
 	if (test_asn1_time() != 1) goto err;
 	if (test_asn1_utc_time() != 1) goto err;
 	if (test_asn1_generalized_time() != 1) goto err;
+	if (test_asn1_from_der_null_args() != 1) goto err;
 	printf("%s all tests passed\n", __FILE__);
 	return 0;
 err:
--- a/tests/x509_exttest.c
+++ b/tests/x509_exttest.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
 *
 *  Licensed under the Apache License, Version 2.0 (the License); you may
 *  not use this file except in compliance with the License.
@@ -504,7 +504,7 @@ static int test_x509_basic_constraints(void)

 	cp = p = buf; len = 0;
 	if (x509_basic_constraints_to_der(-1, -1, &p, &len) != 1
-		|| asn1_sequence_from_der(&d, &dlen, &cp, &len) != 1
+		|| asn1_sequence_from_der(&d, &dlen, &cp, &len) != -1 // empty sequence is not allowed
 		|| asn1_length_is_zero(len) != 1) {
 		error_print();
 		return -1;
@@ -650,7 +650,7 @@ static int test_x509_policy_constraints(void)
 	cp = p = buf; len = 0;
 	val1 = val2 = 99;
 	if (x509_policy_constraints_to_der(-1, -1, &p, &len) != 1
-		|| x509_policy_constraints_from_der(&val1, &val2, &cp, &len) != 1
+		|| x509_policy_constraints_from_der(&val1, &val2, &cp, &len) != -1 // empty sequence is not allowed
 		|| asn1_check(val1 == -1) != 1
 		|| asn1_check(val2 == -1) != 1
 		|| asn1_length_is_zero(len) != 1) {