2012-09-21 23:31:13 +01:00
|
|
|
/* ASN.1 BER/DER/CER parsing state machine internal definitions
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
|
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public Licence
|
|
|
|
|
* as published by the Free Software Foundation; either version
|
|
|
|
|
* 2 of the Licence, or (at your option) any later version.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef _LINUX_ASN1_BER_BYTECODE_H
|
|
|
|
|
#define _LINUX_ASN1_BER_BYTECODE_H
|
|
|
|
|
|
|
|
|
|
#ifdef __KERNEL__
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
|
#endif
|
|
|
|
|
#include <linux/asn1.h>
|
|
|
|
|
|
|
|
|
|
typedef int (*asn1_action_t)(void *context,
|
|
|
|
|
size_t hdrlen, /* In case of ANY type */
|
|
|
|
|
unsigned char tag, /* In case of ANY type */
|
|
|
|
|
const void *value, size_t vlen);
|
|
|
|
|
|
|
|
|
|
struct asn1_decoder {
|
|
|
|
|
const unsigned char *machine;
|
|
|
|
|
size_t machlen;
|
|
|
|
|
const asn1_action_t *actions;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum asn1_opcode {
|
|
|
|
|
/* The tag-matching ops come first and the odd-numbered slots
|
|
|
|
|
* are for OR_SKIP ops.
|
|
|
|
|
*/
|
|
|
|
|
#define ASN1_OP_MATCH__SKIP 0x01
|
|
|
|
|
#define ASN1_OP_MATCH__ACT 0x02
|
|
|
|
|
#define ASN1_OP_MATCH__JUMP 0x04
|
|
|
|
|
#define ASN1_OP_MATCH__ANY 0x08
|
|
|
|
|
#define ASN1_OP_MATCH__COND 0x10
|
|
|
|
|
|
|
|
|
|
ASN1_OP_MATCH = 0x00,
|
|
|
|
|
ASN1_OP_MATCH_OR_SKIP = 0x01,
|
|
|
|
|
ASN1_OP_MATCH_ACT = 0x02,
|
|
|
|
|
ASN1_OP_MATCH_ACT_OR_SKIP = 0x03,
|
|
|
|
|
ASN1_OP_MATCH_JUMP = 0x04,
|
|
|
|
|
ASN1_OP_MATCH_JUMP_OR_SKIP = 0x05,
|
|
|
|
|
ASN1_OP_MATCH_ANY = 0x08,
|
|
|
|
|
ASN1_OP_MATCH_ANY_ACT = 0x0a,
|
|
|
|
|
/* Everything before here matches unconditionally */
|
|
|
|
|
|
|
|
|
|
ASN1_OP_COND_MATCH_OR_SKIP = 0x11,
|
|
|
|
|
ASN1_OP_COND_MATCH_ACT_OR_SKIP = 0x13,
|
|
|
|
|
ASN1_OP_COND_MATCH_JUMP_OR_SKIP = 0x15,
|
|
|
|
|
ASN1_OP_COND_MATCH_ANY = 0x18,
|
|
|
|
|
ASN1_OP_COND_MATCH_ANY_ACT = 0x1a,
|
|
|
|
|
|
|
|
|
|
/* Everything before here will want a tag from the data */
|
|
|
|
|
#define ASN1_OP__MATCHES_TAG ASN1_OP_COND_MATCH_ANY_ACT
|
|
|
|
|
|
|
|
|
|
/* These are here to help fill up space */
|
|
|
|
|
ASN1_OP_COND_FAIL = 0x1b,
|
|
|
|
|
ASN1_OP_COMPLETE = 0x1c,
|
|
|
|
|
ASN1_OP_ACT = 0x1d,
|
ASN.1: Fix actions on CHOICE elements with IMPLICIT tags
In an ASN.1 description where there is a CHOICE construct that contains
elements with IMPLICIT tags that refer to constructed types, actions to be
taken on those elements should be conditional on the corresponding element
actually being matched. Currently, however, such actions are performed
unconditionally in the middle of processing the CHOICE.
For example, look at elements 'b' and 'e' here:
A ::= SEQUENCE {
CHOICE {
b [0] IMPLICIT B ({ do_XXXXXXXXXXXX_b }),
c [1] EXPLICIT C ({ do_XXXXXXXXXXXX_c }),
d [2] EXPLICIT B ({ do_XXXXXXXXXXXX_d }),
e [3] IMPLICIT C ({ do_XXXXXXXXXXXX_e }),
f [4] IMPLICIT INTEGER ({ do_XXXXXXXXXXXX_f })
}
} ({ do_XXXXXXXXXXXX_A })
B ::= SET OF OBJECT IDENTIFIER ({ do_XXXXXXXXXXXX_oid })
C ::= SET OF INTEGER ({ do_XXXXXXXXXXXX_int })
They each have an action (do_XXXXXXXXXXXX_b and do_XXXXXXXXXXXX_e) that
should only be processed if that element is matched.
The problem is that there's no easy place to hang the action off in the
subclause (type B for element 'b' and type C for element 'e') because
subclause opcode sequences can be shared.
To fix this, introduce a conditional action opcode(ASN1_OP_MAYBE_ACT) that
the decoder only processes if the preceding match was successful. This can
be seen in an excerpt from the output of the fixed ASN.1 compiler for the
above ASN.1 description:
[ 13] = ASN1_OP_COND_MATCH_JUMP_OR_SKIP, // e
[ 14] = _tagn(CONT, CONS, 3),
[ 15] = _jump_target(45), // --> C
[ 16] = ASN1_OP_MAYBE_ACT,
[ 17] = _action(ACT_do_XXXXXXXXXXXX_e),
In this, if the op at [13] is matched (ie. element 'e' above) then the
action at [16] will be performed. However, if the op at [13] doesn't match
or is skipped because it is conditional and some previous op matched, then
the action at [16] will be ignored.
Note that to make this work in the decoder, the ASN1_OP_RETURN op must set
the flag to indicate that a match happened. This is necessary because the
_jump_target() seen above introduces a subclause (in this case an object of
type 'C') which is likely to alter the flag. Setting the flag here is okay
because to process a subclause, a match must have happened and caused a
jump.
This cannot be tested with the code as it stands, but rather affects future
code.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
2015-08-05 12:54:46 +01:00
|
|
|
ASN1_OP_MAYBE_ACT = 0x1e,
|
|
|
|
|
ASN1_OP_RETURN = 0x1f,
|
2012-09-21 23:31:13 +01:00
|
|
|
|
|
|
|
|
/* The following eight have bit 0 -> SET, 1 -> OF, 2 -> ACT */
|
|
|
|
|
ASN1_OP_END_SEQ = 0x20,
|
|
|
|
|
ASN1_OP_END_SET = 0x21,
|
|
|
|
|
ASN1_OP_END_SEQ_OF = 0x22,
|
|
|
|
|
ASN1_OP_END_SET_OF = 0x23,
|
|
|
|
|
ASN1_OP_END_SEQ_ACT = 0x24,
|
|
|
|
|
ASN1_OP_END_SET_ACT = 0x25,
|
|
|
|
|
ASN1_OP_END_SEQ_OF_ACT = 0x26,
|
|
|
|
|
ASN1_OP_END_SET_OF_ACT = 0x27,
|
|
|
|
|
#define ASN1_OP_END__SET 0x01
|
|
|
|
|
#define ASN1_OP_END__OF 0x02
|
|
|
|
|
#define ASN1_OP_END__ACT 0x04
|
|
|
|
|
|
|
|
|
|
ASN1_OP__NR
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define _tag(CLASS, CP, TAG) ((ASN1_##CLASS << 6) | (ASN1_##CP << 5) | ASN1_##TAG)
|
|
|
|
|
#define _tagn(CLASS, CP, TAG) ((ASN1_##CLASS << 6) | (ASN1_##CP << 5) | TAG)
|
|
|
|
|
#define _jump_target(N) (N)
|
|
|
|
|
#define _action(N) (N)
|
|
|
|
|
|
|
|
|
|
#endif /* _LINUX_ASN1_BER_BYTECODE_H */
|