diff --git a/contrib/libder/.cirrus.yml b/contrib/libder/.cirrus.yml new file mode 100644 --- /dev/null +++ b/contrib/libder/.cirrus.yml @@ -0,0 +1,16 @@ +build_task: + matrix: + - name: FreeBSD 13 + freebsd_instance: + image: freebsd-13-2-release-amd64 + - name: FreeBSD 14 + freebsd_instance: + image: freebsd-14-0-release-amd64-ufs + setup_script: + sudo pkg install -y cmake + configure_script: + - cmake -B build -DCMAKE_BUILD_TYPE=Debug + build_script: + make -C build + test_script: + make -C build check diff --git a/contrib/libder/.github/workflows/build.yml b/contrib/libder/.github/workflows/build.yml new file mode 100644 --- /dev/null +++ b/contrib/libder/.github/workflows/build.yml @@ -0,0 +1,41 @@ +name: Build libder +on: + push: + branches: ['**'] + pull_request: + types: [opened, reopened, edited, synchronize] + +permissions: + contents: read + +jobs: + build: + name: Build ${{ matrix.os }} + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-20.04, ubuntu-22.04, macos-latest] + include: + - os: ubuntu-20.04 + - os: ubuntu-22.04 + - os: macos-latest + steps: + - name: checkout + uses: actions/checkout@v4 + - name: install system packages (Ubuntu) + if: runner.os == 'Linux' + run: | + sudo apt-get update --quiet || true + sudo apt-get -yq --no-install-suggests --no-install-recommends install cmake + - name: install system packages (macOS) + if: runner.os == 'macOS' + run: | + brew update --quiet || true + brew install cmake coreutils + - name: configure + run: | + cmake -B build -DCMAKE_BUILD_TYPE=Debug + - name: build libder + run: make -C build + - name: Run self-tests + run: make -C build check diff --git a/contrib/libder/.gitignore b/contrib/libder/.gitignore new file mode 100644 --- /dev/null +++ b/contrib/libder/.gitignore @@ -0,0 +1,11 @@ +.*.swp +.depend* +*.a +*.so +*.so.* +*.o +*.pico +*.debug +*.full + +build/ diff --git a/contrib/libder/CMakeLists.txt b/contrib/libder/CMakeLists.txt new file mode 100644 --- /dev/null +++ b/contrib/libder/CMakeLists.txt @@ -0,0 +1,28 @@ +cmake_minimum_required(VERSION 3.18) + +project(libder) + +if(CMAKE_BUILD_TYPE STREQUAL "Debug") + if(NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + add_compile_options(-fsanitize=address,undefined -fstrict-aliasing) + add_link_options(-fsanitize=address,undefined -fstrict-aliasing) + endif() + + add_compile_options(-Werror) +endif() + +# AppleClang is excluded for the time being; the version used in GitHub Action +# runners doesn't seem to have that part of libclang_rt installed, though the +# -fsanitize=fuzzer-no-link instrumentation seems to be fine. Maybe re-evaluate +# this for MATCHES as a possibility later. +if(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + set(BUILD_FUZZERS TRUE + CACHE BOOL "Build the libFuzzer fuzzers (needs llvm)") +else() + set(BUILD_FUZZERS FALSE + CACHE BOOL "Build the libFuzzer fuzzers (needs llvm)") +endif() + +add_subdirectory(libder) +add_subdirectory(derdump) +add_subdirectory(tests) diff --git a/contrib/libder/LICENSE b/contrib/libder/LICENSE new file mode 100644 --- /dev/null +++ b/contrib/libder/LICENSE @@ -0,0 +1,22 @@ +Copyright (c) 2024 Kyle Evans + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. diff --git a/contrib/libder/README.md b/contrib/libder/README.md new file mode 100644 --- /dev/null +++ b/contrib/libder/README.md @@ -0,0 +1,28 @@ +# libder + +## What is libder? + +libder is a small library for encoding/decoding DER-encoded objects. It is +expected to be able to decode any BER-encoded buffer, and an attempt to +re-encode the resulting tree would apply any normalization expected by a DER +decoder. The author's use is primarily to decode/encode ECC keys for +interoperability with OpenSSL. + +The authoritative source for this software is located at +https://git.kevans.dev/kevans/libder, but it's additionally mirrored to +[GitHub](https://github.com/kevans91/libder) for user-facing interactions. +Pull requests and issues are open on GitHub. + +## What is libder not? + +libder is not intended to be a general-purpose library for working with DER/BER +specified objects. It may provide some helpers for building more primitive +data types, but libder will quickly punt on anything even remotely complex and +require the library consumer to supply it as a type/payload/size triple that it +will treat as relatively opaque (modulo some encoding normalization rules that +can be applied without deeply understanding the data contained within). + +libder also doesn't do strict validation of what it reads in today, for better +or worse. e.g., a boolean may occupy more than one byte and libder will happily +present it to the application in that way. It would be normalized on +re-encoding to 0xff or 0x00 depending on whether any bits are set or not. diff --git a/contrib/libder/derdump/.gitignore b/contrib/libder/derdump/.gitignore new file mode 100644 --- /dev/null +++ b/contrib/libder/derdump/.gitignore @@ -0,0 +1 @@ +derdump diff --git a/contrib/libder/derdump/CMakeLists.txt b/contrib/libder/derdump/CMakeLists.txt new file mode 100644 --- /dev/null +++ b/contrib/libder/derdump/CMakeLists.txt @@ -0,0 +1,6 @@ +file(GLOB derdump_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/*.c) + +add_executable(derdump ${derdump_SOURCES}) + +target_include_directories(derdump PRIVATE "${CMAKE_SOURCE_DIR}/libder") +target_link_libraries(derdump der_static) diff --git a/contrib/libder/derdump/derdump.1 b/contrib/libder/derdump/derdump.1 new file mode 100644 --- /dev/null +++ b/contrib/libder/derdump/derdump.1 @@ -0,0 +1,51 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 4, 2024 +.Dt DERDUMP 1 +.Os +.Sh NAME +.Nm derdump +.Nd dumping contents of DER encoded files +.Sh SYNOPSIS +.Nm +.Ar file1 +.Oo Ar fileN ... Oc +.Sh DESCRIPTION +The +.Nm +utility dumps the contents of one or more DER encoded +Ar file +in a more human readable format. +This is similar to the +.Xr asn1parse 1 +utility distributed with OpenSSL when used with the +.Fl inform +.Ar DER +option. +.Pp +A representation of the object will be output to +.Em stdout , +with indentation to denote objects that are encoded within other constructed +objects. +Note that +.Nm +does not make much attempt to interpret the contents of any particular object. +If an object uses one of the universal types, then a friendly name will be +displayed for that object. +If an object uses any other type, then +.Nm +will display the raw hex value of the type used. +Values of primitive objects are output as raw hex, and no effort is made to +try and print a friendly representation. +.Sh SEE ALSO +.Xr asn1parse 1 , +.Xr libder 3 +.Sh BUGS +.Nm +does not currently make any attempt to render a type that uses the long encoded +format. +Instead, it will render as +.Dq { ... } . diff --git a/contrib/libder/derdump/derdump.c b/contrib/libder/derdump/derdump.c new file mode 100644 --- /dev/null +++ b/contrib/libder/derdump/derdump.c @@ -0,0 +1,52 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include + +#include + +int +main(int argc, char *argv[]) +{ + FILE *fp; + struct libder_ctx *ctx; + struct libder_object *root; + size_t rootsz; + bool first = true; + + if (argc < 2) { + fprintf(stderr, "usage: %s file [file...]\n", argv[0]); + return (1); + } + + ctx = libder_open(); + libder_set_verbose(ctx, 2); + for (int i = 1; i < argc; i++) { + fp = fopen(argv[i], "rb"); + if (fp == NULL) { + warn("%s", argv[i]); + continue; + } + + if (!first) + fprintf(stderr, "\n"); + fprintf(stdout, "[%s]\n", argv[i]); + root = libder_read_file(ctx, fp, &rootsz); + if (root != NULL) { + libder_obj_dump(root, stdout); + libder_obj_free(root); + root = NULL; + } + + first = false; + fclose(fp); + } + + libder_close(ctx); + + return (0); +} diff --git a/contrib/libder/libder/CMakeLists.txt b/contrib/libder/libder/CMakeLists.txt new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/CMakeLists.txt @@ -0,0 +1,12 @@ +file(GLOB libder_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/*.c) + +add_library(der SHARED ${libder_SOURCES}) +add_library(der_static STATIC ${libder_SOURCES}) + +if(BUILD_FUZZERS AND CMAKE_BUILD_TYPE STREQUAL "Debug") + target_compile_options(der PUBLIC -fsanitize=fuzzer-no-link) + target_link_options(der PUBLIC -fsanitize=fuzzer-no-link) + + target_compile_options(der_static PUBLIC -fsanitize=fuzzer-no-link) + target_link_options(der_static PUBLIC -fsanitize=fuzzer-no-link) +endif() diff --git a/contrib/libder/libder/libder.h b/contrib/libder/libder/libder.h new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder.h @@ -0,0 +1,181 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include +#include +#include +#include + +enum libder_ber_class { + BC_UNIVERSAL = 0, + BC_APPLICATION = 1, + BC_CONTEXT = 2, + BC_PRIVATE = 3, +}; + +enum libder_ber_type { + BT_RESERVED = 0x00, + BT_BOOLEAN = 0x01, + BT_INTEGER = 0x02, + BT_BITSTRING = 0x03, + BT_OCTETSTRING = 0x04, + BT_NULL = 0x05, + BT_OID = 0x06, + BT_OBJDESC = 0x07, + BT_EXTERNAL = 0x08, + BT_REAL = 0x09, + BT_ENUMERATED = 0x0a, + BT_PDV = 0x0b, + BT_UTF8STRING = 0x0c, + BT_RELOID = 0x0d, + + /* 0x10, 011 not usable */ + + BT_NUMERICSTRING = 0x012, + BT_STRING = 0x13, + BT_TELEXSTRING = 0x14, + BT_VIDEOTEXSTRING = 0x15, + BT_IA5STRING = 0x16, + BT_UTCTIME = 0x17, + BT_GENTIME = 0x18, + BT_GFXSTRING = 0x19, + BT_VISSTRING = 0x1a, + BT_GENSTRING = 0x1b, + BT_UNIVSTRING = 0x1c, + BT_CHARSTRING = 0x1d, + BT_BMPSTRING = 0x1e, + + BT_SEQUENCE = 0x30, + BT_SET = 0x31, +}; + +#define BER_TYPE_CONSTRUCTED_MASK 0x20 /* Bit 6 */ +#define BER_TYPE_CLASS_MASK 0xc0 /* Bits 7 and 8 */ + +/* + * The difference between the type and the full type is just that the full type + * will indicate the class of type, so it may be more useful for some operations. + */ +#define BER_FULL_TYPE(tval) \ + ((tval) & ~(BER_TYPE_CONSTRUCTED_MASK)) +#define BER_TYPE(tval) \ + ((tval) & ~(BER_TYPE_CLASS_MASK | BER_TYPE_CONSTRUCTED_MASK)) +#define BER_TYPE_CLASS(tval) \ + (((tval) & BER_TYPE_CLASS_MASK) >> 6) +#define BER_TYPE_CONSTRUCTED(tval) \ + (((tval) & BER_TYPE_CONSTRUCTED_MASK) != 0) + +enum libder_error { + LDE_NONE = 0x00, + LDE_NOMEM, /* Out of memory */ + LDE_INVAL, /* Invalid parameter */ + LDE_SHORTHDR, /* Header too short */ + LDE_BADVARLEN, /* Bad variable length encoding */ + LDE_LONGLEN, /* Encoded length too large (8 byte max) */ + LDE_SHORTDATA, /* Payload not available */ + LDE_GARBAGE, /* Garbage after encoded data */ + LDE_STREAMERR, /* Stream error */ + LDE_TRUNCVARLEN, /* Variable length object truncated */ + LDE_COALESCE_BADCHILD, /* Bad child encountered when coalescing */ + LDE_BADOBJECT, /* Payload not valid for object type */ + + /* Strict violations */ + LDE_STRICT_EOC, /* Strict: end-of-content violation */ + LDE_STRICT_TAG, /* Strict: tag violation */ + LDE_STRICT_PVARLEN, /* Strict: primitive using indefinite length */ + LDE_STRICT_BOOLEAN, /* Strict: boolean encoded incorrectly */ + LDE_STRICT_NULL, /* Strict: null encoded incorrectly */ + LDE_STRICT_PRIMITIVE, /* Strict: type must be primitive */ + LDE_STRICT_CONSTRUCTED, /* Strict: type must be constructed */ + LDE_STRICT_BITSTRING, /* Strict: malformed constructed bitstring */ +}; + +struct libder_ctx; +struct libder_tag; +struct libder_object; + +/* + * By default we normalize everything, but we allow some subset of the + * functionality to be disabled. Lengths are non-optional and will always be + * normalized to a fixed short or long length. The upper 32-bits of + * ctx->normalize are reserved for universal types so that we can quickly map + * those without assigning them names. + */ + +/* Normalize constructed types that should be coalesced (e.g., strings, time). */ +#define LIBDER_NORMALIZE_CONSTRUCTED 0x0000000000000001ULL + +/* + * Normalize tags on read. This is mostly a measure to ensure that + * normalization on write doesn't get thwarted; there's no reason anybody should + * be encoding low tags with the long form, but the spec doesn't appear to + * forbid it. + */ +#define LIBDER_NORMALIZE_TAGS 0x0000000000000002ULL + +/* Universal types (reserved) */ +#define LIBDER_NORMALIZE_TYPE_MASK 0xffffffff00000000ULL +#define LIBDER_NORMALIZE_TYPE_FLAG(val) ((1ULL << val) << 32ULL) + +/* All valid bits. */ +#define LIBDER_NORMALIZE_ALL \ + (LIBDER_NORMALIZE_TYPE_MASK | LIBDER_NORMALIZE_CONSTRUCTED | \ + LIBDER_NORMALIZE_TAGS) + +struct libder_ctx * libder_open(void); +void libder_close(struct libder_ctx *); +void libder_abort(struct libder_ctx *); +const char *libder_get_error(struct libder_ctx *); +bool libder_has_error(struct libder_ctx *); +uint64_t libder_get_normalize(struct libder_ctx *); +uint64_t libder_set_normalize(struct libder_ctx *, uint64_t); +bool libder_get_strict(struct libder_ctx *); +bool libder_set_strict(struct libder_ctx *, bool); +int libder_get_verbose(struct libder_ctx *); +int libder_set_verbose(struct libder_ctx *, int); + +struct libder_object *libder_read(struct libder_ctx *, const uint8_t *, size_t *); +struct libder_object *libder_read_fd(struct libder_ctx *, int, size_t *); +struct libder_object *libder_read_file(struct libder_ctx *, FILE *, size_t *); + +uint8_t *libder_write(struct libder_ctx *, struct libder_object *, uint8_t *, + size_t *); + +#define DER_CHILDREN(obj) libder_obj_children(obj) +#define DER_NEXT(obj) libder_obj_next(obj) + +#define DER_FOREACH_CHILD(var, obj) \ + for ((var) = DER_CHILDREN((obj)); \ + (var); \ + (var) = DER_NEXT((var))) +#define DER_FOREACH_CHILD_SAFE(var, obj, tvar) \ + for ((var) = DER_CHILDREN((obj)); \ + (var) && ((tvar) = DER_NEXT((var)), 1); \ + (var) = (tvar)) + +struct libder_object *libder_obj_alloc(struct libder_ctx *, struct libder_tag *, const uint8_t *, size_t); +struct libder_object *libder_obj_alloc_simple(struct libder_ctx *, uint8_t, const uint8_t *, + size_t); +void libder_obj_free(struct libder_object *); + +bool libder_obj_append(struct libder_object *, struct libder_object *); +struct libder_object *libder_obj_child(const struct libder_object *, size_t); +struct libder_object *libder_obj_children(const struct libder_object *); +struct libder_object *libder_obj_next(const struct libder_object *); +struct libder_tag *libder_obj_type(const struct libder_object *); +uint8_t libder_obj_type_simple(const struct libder_object *); +const uint8_t *libder_obj_data(const struct libder_object *, size_t *); + +/* Debugging aide -- probably shouldn't use. */ +void libder_obj_dump(const struct libder_object *, FILE *); + +struct libder_tag *libder_type_alloc_simple(struct libder_ctx *, uint8_t); +struct libder_tag *libder_type_dup(struct libder_ctx *, const struct libder_tag *); +void libder_type_free(struct libder_tag *); +#define libder_type_simple libder_type_simple_abi +uint8_t libder_type_simple(const struct libder_tag *); diff --git a/contrib/libder/libder/libder.3 b/contrib/libder/libder/libder.3 new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder.3 @@ -0,0 +1,179 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 2, 2024 +.Dt LIBDER 3 +.Os +.Sh NAME +.Nm libder , +.Nm libder_open , +.Nm libder_close , +.Nm libder_abort , +.Nm libder_get_error , +.Nm libder_has_error , +.Nm libder_get_normalize , +.Nm libder_set_normalize , +.Nm libder_get_strict , +.Nm libder_set_strict , +.Nm libder_get_verbose , +.Nm libder_set_verbose +.Nd DER encoding and decoding library +.Sh LIBRARY +.Lb libder +.Sh SYNOPSIS +.In libder.h +.Ft struct libder_ctx * +.Fn libder_open "void" +.Ft void +.Fn libder_close "struct libder_ctx *ctx" +.Ft void +.Fn libder_abort "struct libder_ctx *ctx" +.Ft const char * +.Fn libder_get_error "struct libder_ctx *ctx" +.Ft bool +.Fn libder_has_error "struct libder_ctx *ctx" +.Ft uint64_t +.Fn libder_get_normalize "struct libder_ctx *ctx" +.Ft uint64_t +.Fn libder_set_normalize "struct libder_ctx *ctx" "uint64_t normalize" +.Ft bool +.Fn libder_get_strict "struct libder_ctx *ctx" +.Ft bool +.Fn libder_set_strict "struct libder_ctx *ctx" "bool strict" +.Ft int +.Fn libder_get_verbose "struct libder_ctx *ctx" +.Ft int +.Fn libder_set_verbose "struct libder_ctx *ctx" "int verbose" +.Sh DESCRIPTION +The +.Nm +library provides functionality for decoding BER and DER encoded data, and +DER encoding data subjected to constraints outline in ITU-T +Recommendation X.690. +.Nm +will apply relevant normalization rules on write, unless they've been disabled +with +.Ft libder_set_normalize , +under the assumption that it may not be reading strictly DER encoded data. +.Pp +Note that not all of the DER rules are currently implemented. +.Nm +will coalesce constructed types that DER specifies should be primitive. +.Nm +will primarily normalize bitstrings, booleans, and integers. +This library was primarily written to be able to provide interoperability with +OpenSSL keys and signatures, so the library was written with that in mind. +Eventually it is intended that +.Nm +will support the full set of rules, but currently some responsibility is left +to the library user. +.Pp +Also note that +.Nm +does not necessarily provide +.Dq neat +ways to construct primitives. +For example, even booleans and integers currently work just by providing a +buffer that is expected to be formatted in a sane fashion. +The library user is expected to build the object tree and generally provide the +object data in a format reasonably encoded as the data for that type should be, +then +.Nm +will provide the proper framing on write and do any transformations that may +need to be done for strict conformance. +.Pp +The +.Fn libder_open +function allocates a new +.Nm +context. +The context does not hold any state about any particular structure. +All of the state held in the context is generally described in this manpage. +The +.Fn libder_close +function will free the context. +.Pp +The +.Fn libder_abort +function will abort an in-progress +.Xr libder_read_fd 3 +operation on the existing +.Fa ctx +if it is interrupted by a signal in the middle of a +.Xr read 2 +syscall. +See +.Xr libder_read_fd 3 +for further discussion. +.Pp +The +.Fn libder_get_error +function will return an error string appropriate for the current error, if any. +The +.Fn libder_has_error +function can be used to check if an error was raised in a previous operation. +.Pp +The +.Fn libder_get_normalize +and +.Fn libder_set_normalize +functions retrieve and manipulate any number of flags that detail how +functions may be used to check or set the normalization flags given +.Nm context , +which dictates how +.Nm +will normalize data on write. +The following normalization flags may be specified: +.Bl -column "LIBDER_NORMALIZE_CONSTRUCTED" +.It LIBDER_NORMALIZE_CONSTRUCTED Ta Coalesce types that may be primitive or constructed +.It LIBDER_NORMALIZE_TAGS Ta Pack tags into the lowest possible encoded value +.El +.Pp +The +.Fn LIBDER_NORMALIZE_TYPE_FLAG "enum libder_ber_type" +macaro may also be used to specify normalization of the given universal type. +By default, every valid normalization flag is enabled. +.Pp +The +.Fn libder_get_strict +and +.Fn libder_set_strict +functions may used to check or set the strict read state of the given +.Nm +context. +By default, +.Nm +operates in strict mode and rejects various methods of expressing data that are +valid looking but not strictly conformant. +The +.Va LDE_STRICT_* +constants in +.In libder.h +describe the various scenarios that strict mode may reject. +.Pp +The +.Fn libder_get_verbose +and +.Fn libder_set_verbose +functions may be used to check or set the verbosity of the given +.Nm +context. +This primarily controls how +.Nm +behaves when an error is encountered. +By default, the library will silently set the error state and return. +With a verbosity level of 1, an error will be printed when the error state is +set that contains the string that would be returned by +.Fn libder_get_error . +With a verbosity level of 2, the filename and line within +.Nm +that the error occurred in will be printed, which is primarily intended for +debugging +.Nm . +.Sh SEE ALSO +.Xr libder_obj 3 , +.Xr libder_read 3 , +.Xr libder_type 3 , +.Xr libder_write 3 diff --git a/contrib/libder/libder/libder.c b/contrib/libder/libder/libder.c new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder.c @@ -0,0 +1,119 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include "libder_private.h" + +#include +#include + +/* + * Sets up the context, returns NULL on error. + */ +struct libder_ctx * +libder_open(void) +{ + struct libder_ctx *ctx; + + ctx = malloc(sizeof(*ctx)); + if (ctx == NULL) + return (NULL); + + /* Initialize */ + ctx->error = LDE_NONE; + ctx->buffer_size = 0; + ctx->verbose = 0; + ctx->normalize = LIBDER_NORMALIZE_ALL; + ctx->strict = true; + ctx->abort = 0; + + return (ctx); +} + +void +libder_abort(struct libder_ctx *ctx) +{ + + ctx->abort = 1; +} + +LIBDER_PRIVATE size_t +libder_get_buffer_size(struct libder_ctx *ctx) +{ + + if (ctx->buffer_size == 0) { + long psize; + + psize = sysconf(_SC_PAGESIZE); + if (psize <= 0) + psize = 4096; + + ctx->buffer_size = psize; + } + + return (ctx->buffer_size); +} + +uint64_t +libder_get_normalize(struct libder_ctx *ctx) +{ + + return (ctx->normalize); +} + +/* + * Set the normalization flags; returns the previous value. + */ +uint64_t +libder_set_normalize(struct libder_ctx *ctx, uint64_t nmask) +{ + uint64_t old = ctx->normalize; + + ctx->normalize = (nmask & LIBDER_NORMALIZE_ALL); + return (old); +} + +bool +libder_get_strict(struct libder_ctx *ctx) +{ + + return (ctx->strict); +} + +bool +libder_set_strict(struct libder_ctx *ctx, bool strict) +{ + bool oval = ctx->strict; + + ctx->strict = strict; + return (oval); +} + +int +libder_get_verbose(struct libder_ctx *ctx) +{ + + return (ctx->verbose); +} + +int +libder_set_verbose(struct libder_ctx *ctx, int verbose) +{ + int oval = ctx->verbose; + + ctx->verbose = verbose; + return (oval); +} + +void +libder_close(struct libder_ctx *ctx) +{ + + if (ctx == NULL) + return; + + free(ctx); +} + diff --git a/contrib/libder/libder/libder_error.c b/contrib/libder/libder/libder_error.c new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder_error.c @@ -0,0 +1,76 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include + +#include "libder_private.h" + +#undef libder_set_error + +static const char libder_error_nodesc[] = "[Description not available]"; + +#define DESCRIBE(err, msg) { LDE_ ## err, msg } +static const struct libder_error_desc { + enum libder_error desc_error; + const char *desc_str; +} libder_error_descr[] = { + DESCRIBE(NONE, "No error"), + DESCRIBE(NOMEM, "Out of memory"), + DESCRIBE(INVAL, "Invalid parameter"), + DESCRIBE(SHORTHDR, "Header too short"), + DESCRIBE(BADVARLEN, "Bad variable length encoding"), + DESCRIBE(LONGLEN, "Encoded length too large (8 byte max)"), + DESCRIBE(SHORTDATA, "Payload not available (too short)"), + DESCRIBE(GARBAGE, "Garbage after encoded data"), + DESCRIBE(STREAMERR, "Stream error"), + DESCRIBE(TRUNCVARLEN, "Variable length object truncated"), + DESCRIBE(COALESCE_BADCHILD, "Bad child encountered when coalescing"), + DESCRIBE(BADOBJECT, "Payload not valid for object type"), + DESCRIBE(STRICT_EOC, "Strict: end-of-content violation"), + DESCRIBE(STRICT_TAG, "Strict: tag violation"), + DESCRIBE(STRICT_PVARLEN, "Strict: primitive using indefinite length"), + DESCRIBE(STRICT_BOOLEAN, "Strict: boolean encoded incorrectly"), + DESCRIBE(STRICT_NULL, "Strict: null encoded incorrectly"), + DESCRIBE(STRICT_PRIMITIVE, "Strict: type must be primitive"), + DESCRIBE(STRICT_CONSTRUCTED, "Strict: type must be constructed"), + DESCRIBE(STRICT_BITSTRING, "Strict: malformed constructed bitstring"), +}; + +const char * +libder_get_error(struct libder_ctx *ctx) +{ + const struct libder_error_desc *desc; + + for (size_t i = 0; i < nitems(libder_error_descr); i++) { + desc = &libder_error_descr[i]; + + if (desc->desc_error == ctx->error) + return (desc->desc_str); + } + + return (libder_error_nodesc); +} + +bool +libder_has_error(struct libder_ctx *ctx) +{ + + return (ctx->error != 0); +} + +LIBDER_PRIVATE void +libder_set_error(struct libder_ctx *ctx, int error, const char *file, int line) +{ + ctx->error = error; + + if (ctx->verbose >= 2) { + fprintf(stderr, "%s: [%s:%d]: %s (error %d)\n", + __func__, file, line, libder_get_error(ctx), error); + } else if (ctx->verbose >= 1) { + fprintf(stderr, "%s: %s (error %d)\n", __func__, + libder_get_error(ctx), error); + } +} diff --git a/contrib/libder/libder/libder_obj.3 b/contrib/libder/libder/libder_obj.3 new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder_obj.3 @@ -0,0 +1,138 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 2, 2024 +.Dt LIBDER_OBJ 3 +.Os +.Sh NAME +.Nm libder_obj , +.Nm libder_obj_alloc , +.Nm libder_obj_alloc_simple , +.Nm libder_obj_free , +.Nm libder_obj_append , +.Nm libder_obj_child , +.Nm libder_obj_next , +.Nm libder_obj_type , +.Nm libder_obj_type_simple , +.Nm libder_obj_data , +.Nm libder_obj_dump +.Nd inspecting and creating libder objects +.Sh LIBRARY +.Lb libder +.Sh SYNOPSIS +.In libder.h +.Ft struct libder_object * +.Fn libder_obj_alloc "struct libder_ctx *ctx" "struct libder_tag *type" "const uint8_t *data" "size_t datasz" +.Ft struct libder_object * +.Fn libder_obj_alloc_simple "struct libder_ctx *ctx" "uint8_t type" "const uint8_t *data" "size_t datasz" +.Ft void +.Fn libder_obj_free "struct libder_object *ctx" +.Ft bool +.Fn libder_obj_append "struct libder_object *parent" "struct libder_object *child" +.Ft struct libder_object * +.Fn libder_obj_child "const struct libder_object *obj" "size_t which" +.Ft struct libder_object * +.Fn libder_obj_next "const struct libder_object *obj" +.Fn "DER_FOREACH_CHILD" "struct libder_obj *iter" "struct libder_obj *obj" +.Fn "DER_FOREACH_CHILD_SAFE" "struct libder_obj *iter" "struct libder_obj *obj" "struct libder_obj *tmp" +.Ft struct libder_tag * +.Fn libder_obj_type "const struct libder_object *obj" +.Ft uint8_t +.Fn libder_obj_type_simple "const struct libder_object *obj" +.Ft const uint8_t * +.Fn libder_obj_data "const struct libder_object *obj" "size_t *sz" +.Ft void +.Fn libder_obj_dump "const struct libder_object *obj" "FILE *fp" +.Sh DESCRIPTION +The +.Nm +family of functions may be used by the application to create its own objects and +object hierarchy, rather than reading them from an existing stream. +.Pp +The +.Fn libder_obj_alloc +and +.Fn libder_obj_alloc_simple +functions allocate a new object with the specified +.Fa type +and +.Fa data . +Most applications will likely prefer to use the +.Dq simple +variant to avoid having to manage a +.Xr libder_type 3 +lifecycle and associated boilerplate. +The base variant remains around for when +.Xr libder_type 3 +grows the necessary API to create arbitrarily large tags. +.Pp +The +.Fn libder_obj_append +function is used to append +.Fa obj +to the +.Fa parent +object's children. +For example, to add an object to a sequence. +.Pp +The +.Fn libder_obj_child +and +.Fn libder_obj_next +functions are used to iterate through the children of +.Fa obj . +The +.Fa which +argument to +.Fn libder_obj_child +specifies the index of the child requested, starting at +.Dv 0 . +The +.Fn DER_FOREACH_CHILD +and +.Fn DER_FOREACH_CHILD_SAFE +macros are provided for convenience. +The difference between these two is that it is safe to free the iterator in the +.Fn DER_FOREACH_CHILD_SAFE +loop body. +.Pp +The +.Fn libder_obj_type +and +.Fn libder_obj_type_simple +functions are used to get the type information about an +.Fa obj . +As usual, the +.Dq simple +variant will return the one-byte encoding of a tag between 0 and 30. +If the tag is actually larger than 30, then all of the lower 5 bits will be set +to indicate that it's a long tag, and that the application should have used +.Fn libder_obj_type +instead. +.Pp +The +.Fn libder_obj_data +function returns a pointer to the +.Fa data +from +.Fa obj , +and updates +.Fa *sz +with the data's size. +Note that the data is not copied out here, the application is responsible for +making its own copy of the returned buffer. +.Pp +The +.Fn libder_obj_dump +function is a debugging function that likely shouldn't be used. +A human readable representation of the provided +.Fa obj +will be written to the stream +.Fa fp . +.Sh SEE ALSO +.Xr libder 3 , +.Xr libder_read 3 , +.Xr libder_type 3 , +.Xr libder_write 3 diff --git a/contrib/libder/libder/libder_obj.c b/contrib/libder/libder/libder_obj.c new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder_obj.c @@ -0,0 +1,1192 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include +#include + +#include "libder_private.h" + +#undef DER_CHILDREN +#undef DER_NEXT + +#define DER_CHILDREN(obj) ((obj)->children) +#define DER_NEXT(obj) ((obj)->next) + +static uint8_t * +libder_obj_alloc_copy_payload(struct libder_ctx *ctx, const uint8_t *payload_in, + size_t length) +{ + uint8_t *payload; + + if ((length == 0 && payload_in != NULL) || + (length != 0 && payload_in == NULL)) { + libder_set_error(ctx, LDE_INVAL); + return (NULL); + } + + if (length > 0) { + payload = malloc(length); + if (payload == NULL) { + libder_set_error(ctx, LDE_NOMEM); + return (NULL); + } + + memcpy(payload, payload_in, length); + } else { + payload = NULL; + } + + return (payload); +} + +static bool +libder_obj_alloc_check(struct libder_ctx *ctx, struct libder_tag *type, + const uint8_t *payload_in, size_t length) +{ + /* + * In addition to our normal constraints, constructed objects coming in + * from lib users should not have payloads. + */ + if (!libder_is_valid_obj(ctx, type, payload_in, length, false) || + (type->tag_constructed && length != 0)) { + libder_set_error(ctx, LDE_BADOBJECT); + return (false); + } + + return (true); +} + +struct libder_object * +libder_obj_alloc(struct libder_ctx *ctx, struct libder_tag *type, + const uint8_t *payload_in, size_t length) +{ + struct libder_object *obj; + uint8_t *payload; + + if (!libder_obj_alloc_check(ctx, type, payload_in, length)) + return (NULL); + + payload = libder_obj_alloc_copy_payload(ctx, payload_in, length); + + obj = libder_obj_alloc_internal(ctx, type, payload, length, 0); + if (obj == NULL) { + if (length != 0) { + libder_bzero(payload, length); + free(payload); + } + + libder_set_error(ctx, LDE_NOMEM); + } + + return (obj); +} + +struct libder_object * +libder_obj_alloc_simple(struct libder_ctx *ctx, uint8_t stype, + const uint8_t *payload_in, size_t length) +{ + struct libder_object *obj; + struct libder_tag *type; + uint8_t *payload; + + type = libder_type_alloc_simple(ctx, stype); + if (type == NULL) + return (NULL); + + if (!libder_obj_alloc_check(ctx, type, payload_in, length)) { + libder_type_free(type); + return (NULL); + } + + payload = libder_obj_alloc_copy_payload(ctx, payload_in, length); + + obj = libder_obj_alloc_internal(ctx, type, payload, length, LDO_OWNTAG); + if (obj == NULL) { + if (length != 0) { + libder_bzero(payload, length); + free(payload); + } + + libder_type_free(type); + libder_set_error(ctx, LDE_NOMEM); + } + + return (obj); +} + +/* + * Returns an obj on success, NULL if out of memory. `obj` takes ownership of + * the payload on success. + */ +LIBDER_PRIVATE struct libder_object * +libder_obj_alloc_internal(struct libder_ctx *ctx, struct libder_tag *type, + uint8_t *payload, size_t length, uint32_t flags) +{ + struct libder_object *obj; + + assert((flags & ~(LDO_OWNTAG)) == 0); + + if (length != 0) + assert(payload != NULL); + else + assert(payload == NULL); + + obj = malloc(sizeof(*obj)); + if (obj == NULL) + return (NULL); + + if ((flags & LDO_OWNTAG) != 0) { + obj->type = type; + } else { + /* + * Deep copies the tag data, so that the caller can predict what + * it can do with the buffer. + */ + obj->type = libder_type_dup(ctx, type); + if (obj->type == NULL) { + free(obj); + return (NULL); + } + } + + obj->length = length; + obj->payload = payload; + obj->children = obj->next = obj->parent = NULL; + obj->nchildren = 0; + + return (obj); +} + +LIBDER_PRIVATE size_t +libder_size_length(size_t sz) +{ + size_t nbytes; + + /* + * With DER, we use the smallest encoding necessary: less than 0x80 + * can be encoded in one byte. + */ + if (sz < 0x80) + return (1); + + /* + * We can support up to 0x7f size bytes, but we don't really have a way + * to represent that right now. It's a good thing this function only + * takes a size_t, otherwise this would be a bit wrong. + */ + for (nbytes = 1; nbytes < sizeof(size_t); nbytes++) { + if ((sz & ~((1ULL << 8 * nbytes) - 1)) == 0) + break; + } + + /* Add one for the lead byte describing the length of the length. */ + return (nbytes + 1); +} + +/* + * Returns the size on-disk. If an object has children, we encode the size as + * the sum of their lengths recursively. Otherwise, we use the object's size. + * + * Returns 0 if the object size would overflow a size_t... perhaps we could + * lift this restriction later. + * + * Note that the size of the object will be set/updated to simplify later write + * calculations. + */ +LIBDER_PRIVATE size_t +libder_obj_disk_size(struct libder_object *obj, bool include_header) +{ + struct libder_object *walker; + size_t disk_size, header_size; + + disk_size = obj->length; + if (obj->children != NULL) { + /* We should have rejected these. */ + assert(obj->length == 0); + + DER_FOREACH_CHILD(walker, obj) { + size_t child_size; + + child_size = libder_obj_disk_size(walker, true); + if (SIZE_MAX - child_size < disk_size) + return (0); /* Overflow */ + disk_size += child_size; + } + } + + obj->disk_size = disk_size; + + /* + * Children always include the header above, we only include the header + * at the root if we're calculating how much space we need in total. + */ + if (include_header) { + /* Size of the length + the tag (arbitrary length) */ + header_size = libder_size_length(disk_size) + obj->type->tag_size; + if (obj->type->tag_encoded) + header_size++; /* Lead byte */ + if (SIZE_MAX - header_size < disk_size) + return (0); + + disk_size += header_size; + } + + return (disk_size); +} + +void +libder_obj_free(struct libder_object *obj) +{ + struct libder_object *child, *tmp; + + if (obj == NULL) + return; + + DER_FOREACH_CHILD_SAFE(child, obj, tmp) + libder_obj_free(child); + + if (obj->payload != NULL) { + libder_bzero(obj->payload, obj->length); + free(obj->payload); + } + + libder_type_free(obj->type); + free(obj); +} + +static void +libder_obj_unlink(struct libder_object *obj) +{ + struct libder_object *child, *parent, *prev; + + parent = obj->parent; + if (parent == NULL) + return; + + prev = NULL; + assert(parent->nchildren > 0); + DER_FOREACH_CHILD(child, parent) { + if (child == obj) { + if (prev == NULL) + parent->children = child->next; + else + prev->next = child->next; + parent->nchildren--; + child->parent = NULL; + return; + } + + prev = child; + } + + assert(0 && "Internal inconsistency: parent set, but child not found"); +} + +bool +libder_obj_append(struct libder_object *parent, struct libder_object *child) +{ + struct libder_object *end, *walker; + + if (!parent->type->tag_constructed) + return (false); + + /* XXX Type check */ + + if (child->parent != NULL) + libder_obj_unlink(child); + + if (parent->nchildren == 0) { + parent->children = child; + parent->nchildren++; + return (true); + } + + /* Walk the chain */ + DER_FOREACH_CHILD(walker, parent) { + end = walker; + } + + assert(end != NULL); + end->next = child; + parent->nchildren++; + child->parent = parent; + return (true); +} + +struct libder_object * +libder_obj_child(const struct libder_object *obj, size_t idx) +{ + struct libder_object *cur; + + DER_FOREACH_CHILD(cur, obj) { + if (idx-- == 0) + return (cur); + } + + return (NULL); +} + +struct libder_object * +libder_obj_children(const struct libder_object *obj) +{ + + return (obj->children); +} + +struct libder_object * +libder_obj_next(const struct libder_object *obj) +{ + + return (obj->next); +} + +struct libder_tag * +libder_obj_type(const struct libder_object *obj) +{ + + return (obj->type); +} + +uint8_t +libder_obj_type_simple(const struct libder_object *obj) +{ + struct libder_tag *type = obj->type; + uint8_t simple = type->tag_class << 6; + + if (type->tag_constructed) + simple |= BER_TYPE_CONSTRUCTED_MASK; + + if (type->tag_encoded) + simple |= 0x1f; /* Encode the "long tag" tag. */ + else + simple |= type->tag_short; + return (simple); +} + +const uint8_t * +libder_obj_data(const struct libder_object *obj, size_t *osz) +{ + + if (obj->type->tag_constructed) + return (NULL); + + *osz = obj->length; + return (obj->payload); +} + +static const char * +libder_type_name(const struct libder_tag *type) +{ + static char namebuf[128]; + + if (type->tag_encoded) { + return ("{ ... }"); + } + + if (type->tag_class != BC_UNIVERSAL) + goto fallback; + +#define UTYPE(val) case val: return (&(#val)[3]) + switch (type->tag_short) { + UTYPE(BT_RESERVED); + UTYPE(BT_BOOLEAN); + UTYPE(BT_INTEGER); + UTYPE(BT_BITSTRING); + UTYPE(BT_OCTETSTRING); + UTYPE(BT_NULL); + UTYPE(BT_OID); + UTYPE(BT_OBJDESC); + UTYPE(BT_EXTERNAL); + UTYPE(BT_REAL); + UTYPE(BT_ENUMERATED); + UTYPE(BT_PDV); + UTYPE(BT_UTF8STRING); + UTYPE(BT_RELOID); + UTYPE(BT_NUMERICSTRING); + UTYPE(BT_STRING); + UTYPE(BT_TELEXSTRING); + UTYPE(BT_VIDEOTEXSTRING); + UTYPE(BT_IA5STRING); + UTYPE(BT_UTCTIME); + UTYPE(BT_GENTIME); + UTYPE(BT_GFXSTRING); + UTYPE(BT_VISSTRING); + UTYPE(BT_GENSTRING); + UTYPE(BT_UNIVSTRING); + UTYPE(BT_CHARSTRING); + UTYPE(BT_BMPSTRING); + case BT_SEQUENCE & ~BER_TYPE_CONSTRUCTED_MASK: + case BT_SEQUENCE: return "SEQUENCE"; + case BT_SET & ~BER_TYPE_CONSTRUCTED_MASK: + case BT_SET: return "SET"; + } + +fallback: + snprintf(namebuf, sizeof(namebuf), "%.02x", libder_type_simple(type)); + return (&namebuf[0]); +} + +static void +libder_obj_dump_internal(const struct libder_object *obj, FILE *fp, int lvl) +{ + static char spacer[4096]; + const struct libder_object *child; + + /* Primitive, goofy, but functional. */ + if (spacer[0] == '\0') + memset(spacer, '\t', sizeof(spacer)); + + if (lvl >= (int)sizeof(spacer)) { + /* Too large, truncate the display. */ + fprintf(fp, "%.*s...\n", (int)sizeof(spacer), spacer); + return; + } + + if (obj->children == NULL) { + size_t col = lvl * 8; + + col += fprintf(fp, "%.*sOBJECT[type=%s, size=%zx]%s", + lvl, spacer, libder_type_name(obj->type), + obj->length, obj->length != 0 ? ": " : ""); + + if (obj->length != 0) { + uint8_t printb; + +#define LIBDER_CONTENTS_WRAP 80 + for (size_t i = 0; i < obj->length; i++) { + if (col + 3 >= LIBDER_CONTENTS_WRAP) { + fprintf(fp, "\n%.*s ", lvl, spacer); + col = (lvl * 8) + 4; + } + + if (obj->payload == NULL) + printb = 0; + else + printb = obj->payload[i]; + + col += fprintf(fp, "%.02x ", printb); + } + } + + fprintf(fp, "\n"); + + return; + } + + fprintf(fp, "%.*sOBJECT[type=%s]\n", lvl, spacer, + libder_type_name(obj->type)); + DER_FOREACH_CHILD(child, obj) + libder_obj_dump_internal(child, fp, lvl + 1); +} + +void +libder_obj_dump(const struct libder_object *root, FILE *fp) +{ + + libder_obj_dump_internal(root, fp, 0); +} + +LIBDER_PRIVATE bool +libder_is_valid_obj(struct libder_ctx *ctx, const struct libder_tag *type, + const uint8_t *payload, size_t payloadsz, bool varlen) +{ + + if (payload != NULL) { + assert(payloadsz > 0); + assert(!varlen); + } else { + assert(payloadsz == 0); + } + + /* No rules for non-universal types. */ + if (type->tag_class != BC_UNIVERSAL || type->tag_encoded) + return (true); + + if (ctx->strict && type->tag_constructed) { + /* Types that don't allow constructed */ + switch (libder_type_simple(type) & ~BER_TYPE_CONSTRUCTED_MASK) { + case BT_BOOLEAN: + case BT_INTEGER: + case BT_REAL: + case BT_NULL: + libder_set_error(ctx, LDE_STRICT_PRIMITIVE); + return (false); + default: + break; + } + } else if (ctx->strict) { + /* Types that cannot be primitive */ + switch (libder_type_simple(type) | BER_TYPE_CONSTRUCTED_MASK) { + case BT_SEQUENCE: + case BT_SET: + libder_set_error(ctx, LDE_STRICT_CONSTRUCTED); + return (false); + default: + break; + } + } + + /* Further validation */ + switch (libder_type_simple(type)) { + case BT_BOOLEAN: + if (ctx->strict && payloadsz != 1) { + libder_set_error(ctx, LDE_STRICT_BOOLEAN); + return (false); + } + break; + case BT_NULL: + if (ctx->strict && (payloadsz != 0 || varlen)) { + libder_set_error(ctx, LDE_STRICT_NULL); + return (false); + } + break; + case BT_BITSTRING: /* Primitive */ + /* + * Bit strings require more invasive parsing later during child + * coalescing or normalization, so we alway strictly enforce + * their form. + */ + if (payloadsz == 1 && payload[0] != 0) + return (false); + + /* We can't have more than seven unused bits. */ + return (payloadsz < 2 || payload[0] < 8); + case BT_RESERVED: + if (payloadsz != 0) { + libder_set_error(ctx, LDE_STRICT_EOC); + return (false); + } + break; + default: + break; + } + + return (true); +} + +LIBDER_PRIVATE bool +libder_obj_may_coalesce_children(const struct libder_object *obj) +{ + + /* No clue about non-universal types. */ + if (obj->type->tag_class != BC_UNIVERSAL || obj->type->tag_encoded) + return (false); + + /* Constructed types don't have children. */ + if (!obj->type->tag_constructed) + return (false); + + /* Strip the constructed bit off. */ + switch (libder_type_simple(obj->type)) { + case BT_OCTETSTRING: /* Raw data types */ + case BT_BITSTRING: + return (true); + case BT_UTF8STRING: /* String types */ + case BT_NUMERICSTRING: + case BT_STRING: + case BT_TELEXSTRING: + case BT_VIDEOTEXSTRING: + case BT_IA5STRING: + case BT_GFXSTRING: + case BT_VISSTRING: + case BT_GENSTRING: + case BT_UNIVSTRING: + case BT_CHARSTRING: + case BT_BMPSTRING: + return (true); + case BT_UTCTIME: /* Time types */ + case BT_GENTIME: + return (true); + default: + return (false); + } +} + +static size_t +libder_merge_bitstrings(uint8_t *buf, size_t offset, size_t bufsz, + const struct libder_object *child) +{ + const uint8_t *rhs = child->payload; + size_t rsz = child->disk_size, startoff = offset; + uint8_t rhsunused, unused; + + rhsunused = (rhs != NULL ? rhs[0] : 0); + + /* We have no unused bits if the buffer's empty as of yet. */ + if (offset == 0) + unused = 0; + else + unused = buf[0]; + + /* Shave the lead byte off if we have one. */ + if (rsz > 1) { + if (rhs != NULL) + rhs++; + rsz--; + } + + if (unused == 0) { + size_t extra = 0; + + /* + * In all cases we'll just write the unused byte separately, + * since we're copying way past it in the common case and can't + * just overwrite it as part of the memcpy(). + */ + if (offset == 0) { + offset = 1; + extra++; + } + + assert(rhsunused < 8); + assert(offset + rsz <= bufsz); + + buf[0] = rhsunused; + if (rhs == NULL) + memset(&buf[offset], 0, rsz); + else + memcpy(&buf[offset], rhs, rsz); + + return (rsz + extra); + } + + for (size_t i = 0; i < rsz; i++) { + uint8_t bits, next; + + if (rhs == NULL) + next = 0; + else + next = rhs[i]; + + /* Rotate the leading bits into the byte before it. */ + assert(unused < 8); + bits = next >> (8 - unused); + buf[offset - 1] |= bits; + + next <<= unused; + + /* + * Copy the new valid bits in; we shift over the old unused + * amount up until the very last bit, then we have to recalculate + * because we may be dropping it entirely. + */ + if (i == rsz - 1) { + assert(rhsunused < 8); + + /* + * Figure out how many unused bits we have between the two + * buffers, sum % 8 is the new # unused bits. It will be + * somewhere in the range of [0, 14], and if it's at or + * higher than a single byte then that's a clear indicator + * that we shifted some unused bits into the previous byte and + * can just halt here. + */ + unused += rhsunused; + buf[0] = unused % 8; + if (unused >= 8) + break; + } + + assert(offset < bufsz); + buf[offset++] = next; + } + + return (offset - startoff); +} + +LIBDER_PRIVATE bool +libder_obj_coalesce_children(struct libder_object *obj, struct libder_ctx *ctx) +{ + struct libder_object *child, *last_child, *tmp; + size_t new_size = 0, offset = 0; + uint8_t *coalesced_data; + uint8_t type; + bool need_payload = false, strict_violation = false; + + if (obj->nchildren == 0 || !libder_obj_may_coalesce_children(obj)) + return (true); + + assert(obj->type->tag_class == BC_UNIVERSAL); + assert(obj->type->tag_constructed); + assert(!obj->type->tag_encoded); + type = obj->type->tag_short; + + last_child = NULL; + DER_FOREACH_CHILD(child, obj) { + /* Sanity check and coalesce our children. */ + if (child->type->tag_class != BC_UNIVERSAL || + child->type->tag_short != obj->type->tag_short) { + libder_set_error(ctx, LDE_COALESCE_BADCHILD); + return (false); + } + + /* Recursively coalesce everything. */ + if (!libder_obj_coalesce_children(child, ctx)) + return (false); + + /* + * The child node will be disappearing anyways, so we stash the + * disk size sans header in its disk_size to reuse in the later + * loop. + */ + child->disk_size = libder_obj_disk_size(child, false); + + /* + * We strip the lead byte off of every element, and add it back + * in pre-allocation. + */ + if (type == BT_BITSTRING && child->disk_size > 1) + child->disk_size--; + if (child->disk_size > 0) + last_child = child; + + new_size += child->disk_size; + + if (child->payload != NULL) + need_payload = true; + } + + if (new_size != 0 && need_payload) { + if (type == BT_BITSTRING) + new_size++; + coalesced_data = malloc(new_size); + if (coalesced_data == NULL) { + libder_set_error(ctx, LDE_NOMEM); + return (false); + } + } else { + /* + * This would perhaps be a bit weird, but that's normalization + * for you. We shouldn't really have a UTF-8 string that's + * composed of a series of zero-length UTF-8 strings, but + * weirder things have happened. + */ + coalesced_data = NULL; + } + + /* Avoid leaking any children as we coalesce. */ + DER_FOREACH_CHILD_SAFE(child, obj, tmp) { + if (child->disk_size != 0) + assert(coalesced_data != NULL || !need_payload); + + /* + * Just free everything when we violate strict rules. + */ + if (strict_violation) + goto violated; + + if (child->disk_size != 0 && need_payload) { + assert(coalesced_data != NULL); + assert(offset + child->disk_size <= new_size); + + /* + * Bit strings are special, in that the first byte + * contains the number of unused bits at the end. We + * need to trim that off when concatenating bit strings + */ + if (type == BT_BITSTRING) { + if (ctx->strict && child != last_child && + child->disk_size > 1 && child->payload != NULL) { + /* + * Each child must have a multiple of 8, + * up until the final one. + */ + if (child->payload[0] != 0) { + libder_set_error(ctx, LDE_STRICT_BITSTRING); + strict_violation = true; + goto violated; + } + } + + offset += libder_merge_bitstrings(coalesced_data, + offset, new_size, child); + } else { + /* + * Write zeroes out if we don't have a payload. + */ + if (child->payload == NULL) { + memset(&coalesced_data[offset], 0, child->disk_size); + offset += child->disk_size; + } else { + memcpy(&coalesced_data[offset], child->payload, + child->disk_size); + offset += child->disk_size; + } + } + } + +violated: + libder_obj_free(child); + } + + assert(offset <= new_size); + + /* Zap the children, we've absorbed their bodies. */ + obj->children = NULL; + + if (strict_violation) { + if (coalesced_data != NULL) { + libder_bzero(coalesced_data, offset); + free(coalesced_data); + } + + return (false); + } + + /* Finally, swap out the payload. */ + if (obj->payload != NULL) { + libder_bzero(obj->payload, obj->length); + free(obj->payload); + } + + obj->length = offset; + obj->payload = coalesced_data; + obj->type->tag_constructed = false; + + return (true); +} + +static bool +libder_obj_normalize_bitstring(struct libder_object *obj) +{ + uint8_t *payload = obj->payload; + size_t length = obj->length; + uint8_t unused; + + if (payload == NULL || length < 2) + return (true); + + unused = payload[0]; + if (unused == 0) + return (true); + + /* Clear the unused bits completely. */ + payload[length - 1] &= ~((1 << unused) - 1); + return (true); +} + +static bool +libder_obj_normalize_boolean(struct libder_object *obj) +{ + uint8_t *payload = obj->payload; + size_t length = obj->length; + int sense = 0; + + assert(length > 0); + + /* + * Booleans must be collapsed down to a single byte, 0x00 or 0xff, + * indicating false or true respectively. + */ + if (length == 1 && (payload[0] == 0x00 || payload[0] == 0xff)) + return (true); + + for (size_t bpos = 0; bpos < length; bpos++) { + sense |= payload[bpos]; + if (sense != 0) + break; + } + + payload[0] = sense != 0 ? 0xff : 0x00; + obj->length = 1; + return (true); +} + +static bool +libder_obj_normalize_integer(struct libder_object *obj) +{ + uint8_t *payload = obj->payload; + size_t length = obj->length; + size_t strip = 0; + + /* + * Strip any leading sign-extended looking bytes, but note that + * we can't strip a leading byte unless it matches the sign bit + * on the next byte. + */ + for (size_t bpos = 0; bpos < length - 1; bpos++) { + if (payload[bpos] != 0 && payload[bpos] != 0xff) + break; + + if (payload[bpos] == 0xff) { + /* Only if next byte indicates signed. */ + if ((payload[bpos + 1] & 0x80) == 0) + break; + } else { + /* Only if next byte indicates unsigned. */ + if ((payload[bpos + 1] & 0x80) != 0) + break; + } + + strip++; + } + + if (strip != 0) { + payload += strip; + length -= strip; + + memmove(&obj->payload[0], payload, length); + obj->length = length; + } + + return (true); +} + +static int +libder_obj_tag_compare(const struct libder_tag *lhs, const struct libder_tag *rhs) +{ + const uint8_t *lbits, *rbits; + size_t delta, end, lsz, rsz; + uint8_t lbyte, rbyte; + + /* Highest bits: tag class, libder_ber_class has the same bit ordering. */ + if (lhs->tag_class < rhs->tag_class) + return (-1); + if (lhs->tag_class > rhs->tag_class) + return (1); + + /* Next bit: constructed vs. primitive */ + if (!lhs->tag_constructed && rhs->tag_constructed) + return (-1); + if (lhs->tag_constructed && rhs->tag_constructed) + return (1); + + /* + * Finally: tag data; we can use the size as a first-order heuristic + * because we store tags in the shortest possible representation. + */ + if (lhs->tag_size < rhs->tag_size) + return (-1); + else if (lhs->tag_size > rhs->tag_size) + return (1); + + if (!lhs->tag_encoded) { + lbits = (const void *)&lhs->tag_short; + lsz = sizeof(uint64_t); + } else { + lbits = lhs->tag_long; + lsz = lhs->tag_size; + } + + if (!rhs->tag_encoded) { + rbits = (const void *)&rhs->tag_short; + rsz = sizeof(uint64_t); + } else { + rbits = rhs->tag_long; + rsz = rhs->tag_size; + } + + delta = 0; + end = MAX(lsz, rsz); + if (lsz > rsz) + delta = lsz - rsz; + else if (lsz < rsz) + delta = rsz - lsz; + for (size_t i = 0; i < end; i++) { + /* Zero-extend the short one the difference. */ + if (lsz < rsz && i < delta) + lbyte = 0; + else + lbyte = lbits[i - delta]; + + if (lsz > rsz && i < delta) + rbyte = 0; + else + rbyte = rbits[i - delta]; + + if (lbyte < rbyte) + return (-1); + else if (lbyte > rbyte) + return (-1); + } + + return (0); +} + +/* + * Similar to strcmp(), returns -1, 0, or 1. + */ +static int +libder_obj_compare(const struct libder_object *lhs, const struct libder_object *rhs) +{ + size_t end; + int cmp; + uint8_t lbyte, rbyte; + + cmp = libder_obj_tag_compare(lhs->type, rhs->type); + if (cmp != 0) + return (cmp); + + /* + * We'll compare up to the longer of the two; the shorter payload is + * zero-extended at the end for comparison purposes. + */ + end = MAX(lhs->length, rhs->length); + for (size_t pos = 0; pos < end; pos++) { + if (lhs->payload != NULL && pos < lhs->length) + lbyte = lhs->payload[pos]; + else + lbyte = 0; + if (rhs->payload != NULL && pos < rhs->length) + rbyte = rhs->payload[pos]; + else + rbyte = 0; + + if (lbyte < rbyte) + return (-1); + else if (lbyte > rbyte) + return (1); + } + + return (0); +} + +static int +libder_obj_normalize_set_cmp(const void *lhs_entry, const void *rhs_entry) +{ + const struct libder_object *lhs = + *__DECONST(const struct libder_object **, lhs_entry); + const struct libder_object *rhs = + *__DECONST(const struct libder_object **, rhs_entry); + + return (libder_obj_compare(lhs, rhs)); +} + +static bool +libder_obj_normalize_set(struct libder_object *obj, struct libder_ctx *ctx) +{ + struct libder_object **sorting; + struct libder_object *child; + size_t offset = 0; + + if (obj->nchildren < 2) + return (true); + + /* + * Kind of goofy, but we'll just take advantage of a standardized + * qsort() rather than rolling our own sort -- we have no idea how large + * of a dataset we're working with. + */ + sorting = calloc(obj->nchildren, sizeof(*sorting)); + if (sorting == NULL) { + libder_set_error(ctx, LDE_NOMEM); + return (false); + } + + DER_FOREACH_CHILD(child, obj) { + sorting[offset++] = child; + } + + assert(offset == obj->nchildren); + qsort(sorting, offset, sizeof(*sorting), libder_obj_normalize_set_cmp); + + obj->children = sorting[0]; + sorting[offset - 1]->next = NULL; + for (size_t i = 0; i < offset - 1; i++) { + sorting[i]->next = sorting[i + 1]; + } + + free(sorting); + + return (true); +} + +LIBDER_PRIVATE bool +libder_obj_normalize(struct libder_object *obj, struct libder_ctx *ctx) +{ + uint8_t *payload = obj->payload; + size_t length = obj->length; + + if (obj->type->tag_constructed) { + /* + * For constructed types, we'll see if we can coalesce their + * children into them, then we'll proceed with whatever normalization + * rules we can apply to the children. + */ + if (DER_NORMALIZING(ctx, CONSTRUCTED) && !libder_obj_coalesce_children(obj, ctx)) + return (false); + + /* + * We may not be a constructed object anymore after the above coalescing + * happened, so we check it again here. Constructed objects need not go + * any further, but the now-primitive coalesced types still need to be + * normalized. + */ + if (obj->type->tag_constructed) { + struct libder_object *child; + + DER_FOREACH_CHILD(child, obj) { + if (!libder_obj_normalize(child, ctx)) + return (false); + } + + /* Sets must be sorted. */ + if (obj->type->tag_short != BT_SET) + return (true); + + return (libder_obj_normalize_set(obj, ctx)); + } + } + + /* We only have normalization rules for universal types. */ + if (obj->type->tag_class != BC_UNIVERSAL || obj->type->tag_encoded) + return (true); + + if (!libder_normalizing_type(ctx, obj->type)) + return (true); + + /* + * We are clear to normalize this object, check for some easy cases that + * don't need normalization. + */ + switch (libder_type_simple(obj->type)) { + case BT_BITSTRING: + case BT_BOOLEAN: + case BT_INTEGER: + /* + * If we have a zero payload, then we need to encode them as a + * single zero byte. + */ + if (payload == NULL) { + if (length != 1) + obj->length = 1; + + return (true); + } + + break; + case BT_NULL: + if (payload != NULL) { + free(payload); + + obj->payload = NULL; + obj->length = 0; + } + + return (true); + default: + /* + * If we don't have a payload, we'll just leave it alone. + */ + if (payload == NULL) + return (true); + break; + } + + switch (libder_type_simple(obj->type)) { + case BT_BITSTRING: + return (libder_obj_normalize_bitstring(obj)); + case BT_BOOLEAN: + return (libder_obj_normalize_boolean(obj)); + case BT_INTEGER: + return (libder_obj_normalize_integer(obj)); + default: + break; + } + + return (true); +} diff --git a/contrib/libder/libder/libder_private.h b/contrib/libder/libder/libder_private.h new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder_private.h @@ -0,0 +1,178 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include + +#include +#include +#include +#ifdef __APPLE__ +#define __STDC_WANT_LIB_EXT1__ 1 /* memset_s */ +#endif +/* explicit_bzero is in one of these... */ +#include +#include +#include "libder.h" + +/* FreeBSD's sys/cdefs.h */ +#ifndef __DECONST +#define __DECONST(type, var) ((type)(uintptr_t)(const void *)(var)) +#endif +#ifndef __unused +#define __unused __attribute__((__unused__)) +#endif + +/* FreeBSD's sys/params.h */ +#ifndef nitems +#define nitems(x) (sizeof((x)) / sizeof((x)[0])) +#endif +#ifndef MIN +#define MIN(a,b) (((a)<(b))?(a):(b)) +#endif +#ifndef MAX +#define MAX(a,b) (((a)>(b))?(a):(b)) +#endif + +struct libder_ctx; +struct libder_object; + +struct libder_ctx { + uint64_t normalize; + size_t buffer_size; + enum libder_error error; + int verbose; + bool strict; + volatile sig_atomic_t abort; +}; + +struct libder_tag { + union { + uint8_t tag_short; + uint8_t *tag_long; + }; + size_t tag_size; + enum libder_ber_class tag_class; + bool tag_constructed; + bool tag_encoded; +}; + +struct libder_object { + struct libder_tag *type; + size_t length; + size_t nchildren; + size_t disk_size; + uint8_t *payload; /* NULL for sequences */ + struct libder_object *children; + struct libder_object *parent; + struct libder_object *next; +}; + +static inline sig_atomic_t +libder_check_abort(struct libder_ctx *ctx) +{ + + return (ctx->abort); +} + +static inline void +libder_clear_abort(struct libder_ctx *ctx) +{ + + ctx->abort = 1; +} + +#define LIBDER_PRIVATE __attribute__((__visibility__("hidden"))) + +#define DER_NORMALIZING(ctx, bit) \ + (((ctx)->normalize & (LIBDER_NORMALIZE_ ## bit)) != 0) + +static inline bool +libder_normalizing_type(const struct libder_ctx *ctx, const struct libder_tag *type) +{ + uint8_t tagval; + + assert(!type->tag_constructed); + assert(!type->tag_encoded); + assert(type->tag_class == BC_UNIVERSAL); + assert(type->tag_short < 0x1f); + + tagval = type->tag_short; + return ((ctx->normalize & LIBDER_NORMALIZE_TYPE_FLAG(tagval)) != 0); +} + +/* All of the lower bits set. */ +#define BER_TYPE_LONG_MASK 0x1f + +/* + * Check if the type matches one of our universal types. + */ +static inline bool +libder_type_is(const struct libder_tag *type, uint8_t utype) +{ + + if (type->tag_class != BC_UNIVERSAL || type->tag_encoded) + return (false); + if ((utype & BER_TYPE_CONSTRUCTED_MASK) != type->tag_constructed) + return (false); + + utype &= ~BER_TYPE_CONSTRUCTED_MASK; + return (utype == type->tag_short); +} + +/* + * We'll use this one a decent amount, so we'll keep it inline. There's also + * an _abi version that we expose as public interface via a 'libder_type_simple' + * macro. + */ +#undef libder_type_simple + +static inline uint8_t +libder_type_simple(const struct libder_tag *type) +{ + uint8_t encoded = type->tag_class << 6; + + assert(!type->tag_encoded); + if (type->tag_constructed) + encoded |= BER_TYPE_CONSTRUCTED_MASK; + + encoded |= type->tag_short; + return (encoded); +} + +static inline void +libder_bzero(uint8_t *buf, size_t bufsz) +{ + +#ifdef __APPLE__ + memset_s(buf, bufsz, 0, bufsz); +#else + explicit_bzero(buf, bufsz); +#endif +} + +size_t libder_get_buffer_size(struct libder_ctx *); +void libder_set_error(struct libder_ctx *, int, const char *, int); + +#define libder_set_error(ctx, error) \ + libder_set_error((ctx), (error), __FILE__, __LINE__) + +struct libder_object *libder_obj_alloc_internal(struct libder_ctx *, + struct libder_tag *, uint8_t *, size_t, uint32_t); +#define LDO_OWNTAG 0x0001 /* Object owns passed in tag */ + +size_t libder_size_length(size_t); +bool libder_is_valid_obj(struct libder_ctx *, + const struct libder_tag *, const uint8_t *, size_t, bool); +size_t libder_obj_disk_size(struct libder_object *, bool); +bool libder_obj_may_coalesce_children(const struct libder_object *); +bool libder_obj_coalesce_children(struct libder_object *, struct libder_ctx *); +bool libder_obj_normalize(struct libder_object *, struct libder_ctx *); + +struct libder_tag *libder_type_alloc(void); +void libder_type_release(struct libder_tag *); +void libder_normalize_type(struct libder_ctx *, struct libder_tag *); diff --git a/contrib/libder/libder/libder_read.3 b/contrib/libder/libder/libder_read.3 new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder_read.3 @@ -0,0 +1,101 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 2, 2024 +.Dt LIBDER_READ 3 +.Os +.Sh NAME +.Nm libder_read , +.Nm libder_read_fd , +.Nm libder_read_file +.Nd reading DER encoded streams +.Sh LIBRARY +.Lb libder +.Sh SYNOPSIS +.In libder.h +.Ft struct libder_object * +.Fn libder_read "struct libder_ctx *ctx" "const uint8_t *buf" "size_t *bufsz" +.Ft struct libder_object * +.Fn libder_read_fd "struct libder_ctx *ctx" "int fd" "size_t *readsz" +.Ft struct libder_object * +.Fn libder_read_file "struct libder_ctx *ctx" "FILE *fp" "size_t *readsz" +.Sh DESCRIPTION +The +.Nm +family of functions are used to parse BER/DER encoded data into an object tree +that +.Xr libder 3 +can work with. +All of these functions will return an object on success and update +.Fa *readsz +with the number of bytes consumed, or +.Dv NULL +on failure. +.Pp +The +.Fn libder_read +function will read from a buffer +.Fa buf +of known size +.Fa bufsz . +It is not considered an error for +.Fa buf +to have contents past the first valid object encountered. +The application is +expected to check +.Fa *bufsz +upon success and determine if any residual buffer exists, and if that residual +is OK. +.Pp +.Xr libder 3 +can also stream a BER encoded object with either of the +.Fn libder_read_fd +or +.Fn libder_read_file +functions from a file descriptor or +.Xr stdio 3 +stream respectively. +Both functions will try very hard not to over-read from the stream to avoid +putting it in a precarious state, but bogus looking data may still cause them +to consume more of the stream than intended. +.Pp +Note that +.Fn libder_read_fd +will ignore an +.Ev EINTR +return value from +.Xr read 2 +by default and continue reading from the +.Fa fd . +If the application is signalled, it can abort the +.Xr read 2 +operation instead with +.Xr libder_abort 3 . +Note that +.Nm libder +does not currently have other points that an abort can be signalled from, so if +.Fn libder_read_fd +is not specifically waiting for data from the +.Va fd +when a signal hits, then the operation will continue until successful with +one exception. +If +.Xr libder_abort 3 +is called at any other point in the middle of +.Fn libder_read_fd , +then the abort flag will not be cleared until it does receive an interrupted +.Xr read 2 +call, or until the next call to one of the +.Nm +family of functions. +In the future, +.Nm +may support resuming an aborted operation and allow cancellation at other +specific points within the operation. +.Sh SEE ALSO +.Xr libder 3 , +.Xr libder_obj 3 , +.Xr libder_type 3 , +.Xr libder_write 3 diff --git a/contrib/libder/libder/libder_read.c b/contrib/libder/libder/libder_read.c new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder_read.c @@ -0,0 +1,864 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "libder_private.h" + +enum libder_stream_type { + LDST_NONE, + LDST_FD, + LDST_FILE, +}; + +struct libder_payload { + bool payload_heap; + uint8_t *payload_data; + size_t payload_size; +}; + +struct libder_stream { + enum libder_stream_type stream_type; + struct libder_ctx *stream_ctx; + uint8_t *stream_buf; + size_t stream_bufsz; + + size_t stream_offset; + size_t stream_resid; + size_t stream_consumed; + size_t stream_last_commit; + + union { + const uint8_t *stream_src_buf; + FILE *stream_src_file; + int stream_src_fd; + }; + + int stream_error; + bool stream_eof; +}; + +static uint8_t * +payload_move(struct libder_payload *payload, size_t *sz) +{ + uint8_t *data; + size_t datasz; + + data = NULL; + datasz = payload->payload_size; + if (payload->payload_heap) { + data = payload->payload_data; + } else if (datasz > 0) { + data = malloc(datasz); + if (data == NULL) + return (NULL); + + memcpy(data, payload->payload_data, datasz); + } + + payload->payload_heap = false; + payload->payload_data = NULL; + payload->payload_size = 0; + + *sz = datasz; + return (data); +} + +static void +payload_free(struct libder_payload *payload) +{ + + if (!payload->payload_heap) + return; + + if (payload->payload_data != NULL) { + libder_bzero(payload->payload_data, payload->payload_size); + free(payload->payload_data); + } + + payload->payload_heap = false; + payload->payload_data = NULL; + payload->payload_size = 0; +} + +static bool +libder_stream_init(struct libder_ctx *ctx, struct libder_stream *stream) +{ + size_t buffer_size; + + stream->stream_ctx = ctx; + stream->stream_error = 0; + stream->stream_eof = false; + stream->stream_offset = 0; + stream->stream_consumed = 0; + stream->stream_last_commit = 0; + if (stream->stream_type == LDST_NONE) { + assert(stream->stream_src_buf != NULL); + assert(stream->stream_bufsz != 0); + assert(stream->stream_resid != 0); + + return (true); + } + + buffer_size = libder_get_buffer_size(ctx); + assert(buffer_size != 0); + + stream->stream_buf = malloc(buffer_size); + if (stream->stream_buf == NULL) { + libder_set_error(ctx, LDE_NOMEM); + } else { + stream->stream_bufsz = buffer_size; + stream->stream_resid = 0; /* Nothing read yet */ + } + + return (stream->stream_buf != NULL); +} + +static void +libder_stream_free(struct libder_stream *stream) +{ + if (stream->stream_buf != NULL) { + libder_bzero(stream->stream_buf, stream->stream_bufsz); + free(stream->stream_buf); + } +} + +static void +libder_stream_commit(struct libder_stream *stream) +{ + + if (stream->stream_offset <= stream->stream_last_commit) + return; + + stream->stream_consumed += stream->stream_offset - stream->stream_last_commit; + stream->stream_last_commit = stream->stream_offset; +} + +static bool +libder_stream_dynamic(const struct libder_stream *stream) +{ + + return (stream->stream_type != LDST_NONE); +} + +static bool +libder_stream_eof(const struct libder_stream *stream) +{ + + /* + * We're not EOF until we're both EOF and have processed all of the data + * remaining in the buffer. + */ + return (stream->stream_eof && stream->stream_resid == 0); +} + +static void +libder_stream_repack(struct libder_stream *stream) +{ + + /* + * Nothing to do, data's already at the beginning. + */ + if (stream->stream_offset == 0) + return; + + /* + * If there's data in-flight, we'll repack it back to the beginning so + * that we can store more with fewer calls to refill. If there's no + * data in-flight, we naturally just reset the offset. + */ + if (stream->stream_resid != 0) { + uint8_t *dst = &stream->stream_buf[0]; + uint8_t *src = &stream->stream_buf[stream->stream_offset]; + + memmove(dst, src, stream->stream_resid); + } + + stream->stream_last_commit -= stream->stream_offset; + stream->stream_offset = 0; +} + +static const uint8_t * +libder_stream_refill(struct libder_stream *stream, size_t req) +{ + size_t offset = stream->stream_offset; + const uint8_t *src; +#ifndef NDEBUG + const uint8_t *bufend; +#endif + uint8_t *refill_buf; + size_t bufleft, freadsz, needed, totalsz; + ssize_t readsz; + + /* + * For non-streaming, we just fulfill requests straight out of + * the source buffer. + */ + if (stream->stream_type == LDST_NONE) + src = stream->stream_src_buf; + else + src = stream->stream_buf; + + if (stream->stream_resid >= req) { + stream->stream_offset += req; + stream->stream_resid -= req; + return (&src[offset]); + } + + /* Cannot refill the non-streaming type. */ + if (stream->stream_type == LDST_NONE) { + stream->stream_eof = true; + return (NULL); + } + + bufleft = stream->stream_bufsz - (stream->stream_offset + stream->stream_resid); + + /* + * If we can't fit all of our data in the remainder of the buffer, we'll + * try to repack it to just fit as much as we can in. + */ + if (req > bufleft && stream->stream_offset != 0) { + libder_stream_repack(stream); + + bufleft = stream->stream_bufsz - stream->stream_resid; + offset = stream->stream_offset; + } + + refill_buf = &stream->stream_buf[offset + stream->stream_resid]; + needed = req - stream->stream_resid; + + assert(needed <= bufleft); + +#ifndef NDEBUG + bufend = &stream->stream_buf[stream->stream_bufsz]; +#endif + totalsz = 0; + + switch (stream->stream_type) { + case LDST_FILE: + assert(stream->stream_src_file != NULL); + + while (needed != 0) { + assert(refill_buf + needed <= bufend); + + freadsz = fread(refill_buf, 1, needed, stream->stream_src_file); + if (freadsz == 0) { + /* + * Error always put us into EOF state. + */ + stream->stream_eof = true; + if (ferror(stream->stream_src_file)) + stream->stream_error = 1; + break; + } + + stream->stream_resid += freadsz; + refill_buf += freadsz; + needed -= freadsz; + totalsz += freadsz; + } + break; + case LDST_FD: + assert(stream->stream_src_fd >= 0); + + while (needed != 0) { + assert(refill_buf + needed <= bufend); + + readsz = read(stream->stream_src_fd, refill_buf, needed); + if (readsz <= 0) { + /* + * In the future, we should likely make this + * configurable in some sense, but for now this + * seems fine. If, e.g., we caught a SIGINT, + * the application could always just close the + * fd on us if we should bail out. The problem + * right now is that we have no way to resume a + * partial transfer. + */ + if (readsz < 0 && errno == EINTR && + !libder_check_abort(stream->stream_ctx)) + continue; + stream->stream_eof = true; + if (readsz < 0) { + stream->stream_ctx->abort = false; + stream->stream_error = errno; + if (stream->stream_ctx->verbose > 0) + warn("libder_read"); + } + break; + } + + stream->stream_resid += readsz; + refill_buf += readsz; + needed -= readsz; + totalsz += readsz; + } + + break; + case LDST_NONE: + assert(0 && "Unrecognized stream type"); + break; + } + + /* + * For streaming types, we commit as soon as we refill the buffer because + * we can't just rewind. + */ + stream->stream_consumed += totalsz; + stream->stream_last_commit += totalsz; + + if (needed != 0) { + if (stream->stream_error != 0) + libder_set_error(stream->stream_ctx, LDE_STREAMERR); + return (NULL); + } else { + stream->stream_offset += req; + stream->stream_resid -= req; + } + + return (&stream->stream_buf[offset]); +} + +/* + * We can't just use realloc() because it won't provide any guarantees about + * the previous region if it can't just resize in-place, so we'll always just + * allocate a new one and copy ourselves. + */ +static uint8_t * +libder_read_realloc(uint8_t *ptr, size_t oldsz, size_t newsz) +{ + uint8_t *newbuf; + + if (oldsz == 0) + assert(ptr == NULL); + else + assert(ptr != NULL); + assert(newsz > oldsz); + + newbuf = malloc(newsz); + if (newbuf == NULL) + return (NULL); + + if (oldsz != 0) { + memcpy(newbuf, ptr, oldsz); + + libder_bzero(ptr, oldsz); + free(ptr); + } + + return (newbuf); +} + +#define BER_TYPE_LONG_BATCH 0x04 + +static bool +der_read_structure_tag(struct libder_ctx *ctx, struct libder_stream *stream, + struct libder_tag *type) +{ + const uint8_t *buf; + uint8_t *longbuf = NULL, val; + size_t longbufsz = 0, offset = 0, received = 0; + + for (;;) { + /* + * We have to refill one byte at a time to avoid overreading + * into the structure size. + */ + if ((buf = libder_stream_refill(stream, 1)) == NULL) { + free(longbuf); + if (!libder_stream_eof(stream)) + libder_set_error(ctx, LDE_SHORTHDR); + return (false); + } + + received++; + val = buf[0]; + if (received == 1) { + /* Deconstruct the class and p/c */ + type->tag_class = BER_TYPE_CLASS(val); + type->tag_constructed = BER_TYPE_CONSTRUCTED(val); + + /* Long form, or short form? */ + if (BER_TYPE(val) != BER_TYPE_LONG_MASK) { + type->tag_short = BER_TYPE(val); + type->tag_size = sizeof(uint8_t); + type->tag_encoded = false; + + return (true); + } + + /* + * No content from this one, grab another byte. + */ + type->tag_encoded = true; + continue; + } + + /* We might normalize it later, depending on flags. */ + if (offset == 0 && (val & 0x7f) == 0 && ctx->strict) { + libder_set_error(ctx, LDE_STRICT_TAG); + return (false); + } + + /* XXX Impose a max size? Perhaps configurable. */ + if (offset == longbufsz) { + uint8_t *next; + size_t nextsz; + + nextsz = longbufsz + BER_TYPE_LONG_BATCH; + next = realloc(longbuf, nextsz * sizeof(*longbuf)); + if (next == NULL) { + free(longbuf); + libder_set_error(ctx, LDE_NOMEM); + return (false); + } + + longbuf = next; + longbufsz = nextsz; + } + + longbuf[offset++] = val; + + if ((val & 0x80) == 0) + break; + } + + type->tag_long = longbuf; + type->tag_size = offset; + + libder_normalize_type(ctx, type); + + return (true); +} + +static int +der_read_structure(struct libder_ctx *ctx, struct libder_stream *stream, + struct libder_tag *type, struct libder_payload *payload, bool *varlen) +{ + const uint8_t *buf; + size_t rsz, offset, resid; + uint8_t bsz; + + rsz = 0; + if (!der_read_structure_tag(ctx, stream, type)) { + return (-1); + } + + if ((buf = libder_stream_refill(stream, 1)) == NULL) { + if (!libder_stream_eof(stream)) + libder_set_error(ctx, LDE_SHORTHDR); + goto failed; + } + + bsz = *buf++; + +#define LENBIT_LONG 0x80 + *varlen = false; + if ((bsz & LENBIT_LONG) != 0) { + /* Long or long form, bsz describes how many bytes we have. */ + bsz &= ~LENBIT_LONG; + if (bsz != 0) { + /* Long */ + if (bsz > sizeof(rsz)) { + libder_set_error(ctx, LDE_LONGLEN); + goto failed; /* Only support up to long bytes. */ + } else if ((buf = libder_stream_refill(stream, bsz)) == NULL) { + libder_set_error(ctx, LDE_SHORTHDR); + goto failed; + } + + rsz = 0; + for (int i = 0; i < bsz; i++) { + if (i != 0) + rsz <<= 8; + rsz |= *buf++; + } + } else { + if (ctx->strict && !type->tag_constructed) { + libder_set_error(ctx, LDE_STRICT_PVARLEN); + goto failed; + } + + *varlen = true; + } + } else { + /* Short form */ + rsz = bsz; + } + + if (rsz != 0) { + assert(!*varlen); + + /* + * If we're not running a dynamic stream, we can just use a + * pointer into the buffer. The caller may copy the payload out + * anyways, but there's no sense in doing it up-front in case we + * hit an error in between then and now. + */ + if (!libder_stream_dynamic(stream)) { + /* + * This is a little dirty, but the caller won't mutate + * the data -- it'll either strictly read it, or it will + * copy it out to a known-mutable region. + */ + payload->payload_data = + __DECONST(void *, libder_stream_refill(stream, rsz)); + payload->payload_heap = false; + if (payload->payload_data == NULL) { + libder_set_error(ctx, LDE_SHORTDATA); + goto failed; + } + } else { + uint8_t *payload_data; + + /* + * We play it conservative here: we could allocate the + * buffer up-front, but we have no idea how much data we + * actually have to receive! The length is a potentially + * attacker-controlled aspect, so we're cautiously optimistic + * that it's accurate. + */ + payload_data = NULL; + + offset = 0; + resid = rsz; + while (resid != 0) { + uint8_t *next_data; + size_t req; + + req = MIN(stream->stream_bufsz, resid); + if ((buf = libder_stream_refill(stream, req)) == NULL) { + libder_bzero(payload_data, offset); + free(payload_data); + + libder_set_error(ctx, LDE_SHORTDATA); + goto failed; + } + + next_data = libder_read_realloc(payload_data, + offset, offset + req); + if (next_data == NULL) { + libder_bzero(payload_data, offset); + free(payload_data); + + libder_set_error(ctx, LDE_NOMEM); + goto failed; + } + + payload_data = next_data; + next_data = NULL; + + memcpy(&payload_data[offset], buf, req); + offset += req; + resid -= req; + } + + payload->payload_heap = true; + payload->payload_data = payload_data; + } + + payload->payload_size = rsz; + } + + libder_stream_commit(stream); + return (0); + +failed: + libder_type_release(type); + return (-1); +} + +static struct libder_object * +libder_read_object(struct libder_ctx *ctx, struct libder_stream *stream) +{ + struct libder_payload payload = { 0 }; + struct libder_object *child, **next, *obj; + struct libder_stream memstream, *childstream; + struct libder_tag type; + int error; + bool varlen; + + /* Peel off one structure. */ + obj = NULL; + error = der_read_structure(ctx, stream, &type, &payload, &varlen); + if (error != 0) { + assert(payload.payload_data == NULL); + return (NULL); /* Error already set, if needed. */ + } + + if (!libder_is_valid_obj(ctx, &type, payload.payload_data, + payload.payload_size, varlen)) { + /* + * libder_is_valid_obj may set a more specific error, e.g., a + * strict mode violation. + */ + if (ctx->error == LDE_NONE) + libder_set_error(ctx, LDE_BADOBJECT); + goto out; + } + + if (!type.tag_constructed) { + uint8_t *payload_data; + size_t payloadsz; + + /* + * Primitive types cannot use the indefinite form, they must + * have an encoded size. + */ + if (varlen) { + libder_set_error(ctx, LDE_BADVARLEN); + goto out; + } + + /* + * Copy the payload out now if it's not heap-allocated. + */ + payload_data = payload_move(&payload, &payloadsz); + if (payload_data == NULL) { + libder_set_error(ctx, LDE_NOMEM); + goto out; + } + + obj = libder_obj_alloc_internal(ctx, &type, payload_data, + payloadsz, 0); + if (obj == NULL) { + free(payload_data); + libder_set_error(ctx, LDE_NOMEM); + goto out; + } + + libder_type_release(&type); + return (obj); + } + + obj = libder_obj_alloc_internal(ctx, &type, NULL, 0, 0); + if (obj == NULL) { + libder_set_error(ctx, LDE_NOMEM); + goto out; + } + + if (varlen) { + childstream = stream; + } else { + memstream = (struct libder_stream){ + .stream_type = LDST_NONE, + .stream_bufsz = payload.payload_size, + .stream_resid = payload.payload_size, + .stream_src_buf = payload.payload_data, + }; + + childstream = &memstream; + } + + /* Enumerate children */ + next = &obj->children; + for (;;) { + child = libder_read_object(ctx, childstream); + if (child == NULL) { + /* + * We may not know how much data we have, so this is our + * normal terminal condition. + */ + if (ctx->error != LDE_NONE) { + /* Free everything and bubble the error up. */ + libder_obj_free(obj); + obj = NULL; + } + break; + } + + if (libder_type_is(child->type, BT_RESERVED) && + child->length == 0) { + /* + * This child is just a marker; free it, don't leak it, + * and stop here. + */ + libder_obj_free(child); + + /* Malformed: shall not be present */ + if (!varlen) { + if (ctx->strict) { + libder_set_error(ctx, LDE_STRICT_EOC); + libder_obj_free(obj); + obj = NULL; + break; + } + + continue; + } + + /* Error detection */ + varlen = false; + break; + } + + obj->nchildren++; + child->parent = obj; + *next = child; + next = &child->next; + } + + if (varlen) { + libder_set_error(ctx, LDE_TRUNCVARLEN); + libder_obj_free(obj); + obj = NULL; + } + +out: + libder_type_release(&type); + payload_free(&payload); + return (obj); +} + +static struct libder_object * +libder_read_stream(struct libder_ctx *ctx, struct libder_stream *stream) +{ + struct libder_object *root; + + ctx->error = LDE_NONE; + root = libder_read_object(ctx, stream); + + if (root != NULL && libder_type_is(root->type, BT_RESERVED) && + root->length == 0) { + /* Strict violation: must not appear. */ + if (ctx->strict) + libder_set_error(ctx, LDE_STRICT_EOC); + libder_obj_free(root); + root = NULL; + } + if (root != NULL) + assert(stream->stream_consumed != 0); + return (root); +} + +/* + * Read the DER-encoded `data` into `ctx`. + * + * Returns an object on success, or NULL on failure. *datasz is updated to + * indicate the number of bytes consumed either way -- it will only be updated + * in the failure case if at least one object was valid. + */ +struct libder_object * +libder_read(struct libder_ctx *ctx, const uint8_t *data, size_t *datasz) +{ + struct libder_stream *stream; + struct libder_object *root; + + stream = malloc(sizeof(*stream)); + if (stream == NULL) { + libder_set_error(ctx, LDE_NOMEM); + return (NULL); + } + + *stream = (struct libder_stream){ + .stream_type = LDST_NONE, + .stream_bufsz = *datasz, + .stream_resid = *datasz, + .stream_src_buf = data, + }; + + libder_clear_abort(ctx); + ctx->error = LDE_NONE; + if (!libder_stream_init(ctx, stream)) { + free(stream); + return (NULL); + } + + root = libder_read_stream(ctx, stream); + if (stream->stream_consumed != 0) + *datasz = stream->stream_consumed; + + libder_stream_free(stream); + free(stream); + + return (root); +} + +/* + * Ditto above, but with an fd. *consumed is not ignored on entry, and returned + * with the number of bytes read from fd if consumed is not NULL. libder(3) + * tries to not over-read if an invalid structure is detected. + */ +struct libder_object * +libder_read_fd(struct libder_ctx *ctx, int fd, size_t *consumed) +{ + struct libder_stream *stream; + struct libder_object *root; + + stream = malloc(sizeof(*stream)); + if (stream == NULL) { + libder_set_error(ctx, LDE_NOMEM); + return (NULL); + } + + *stream = (struct libder_stream){ + .stream_type = LDST_FD, + .stream_src_fd = fd, + }; + + root = NULL; + libder_clear_abort(ctx); + ctx->error = LDE_NONE; + if (!libder_stream_init(ctx, stream)) { + free(stream); + return (NULL); + } + + root = libder_read_stream(ctx, stream); + if (consumed != NULL && stream->stream_consumed != 0) + *consumed = stream->stream_consumed; + + libder_stream_free(stream); + free(stream); + return (root); +} + +/* + * Ditto above, but with a FILE instead of an fd. + */ +struct libder_object * +libder_read_file(struct libder_ctx *ctx, FILE *fp, size_t *consumed) +{ + struct libder_stream *stream; + struct libder_object *root; + + stream = malloc(sizeof(*stream)); + if (stream == NULL) { + libder_set_error(ctx, LDE_NOMEM); + return (NULL); + } + + *stream = (struct libder_stream){ + .stream_type = LDST_FILE, + .stream_src_file = fp, + }; + + root = NULL; + libder_clear_abort(ctx); + ctx->error = LDE_NONE; + if (!libder_stream_init(ctx, stream)) { + free(stream); + return (NULL); + } + + root = libder_read_stream(ctx, stream); + if (consumed != NULL && stream->stream_consumed != 0) + *consumed = stream->stream_consumed; + + libder_stream_free(stream); + free(stream); + + return (root); +} diff --git a/contrib/libder/libder/libder_type.3 b/contrib/libder/libder/libder_type.3 new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder_type.3 @@ -0,0 +1,71 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 2, 2024 +.Dt LIBDER_TYPE 3 +.Os +.Sh NAME +.Nm libder_type , +.Nm libder_type_alloc_simple , +.Nm libder_type_dup , +.Nm libder_type_free , +.Nm libder_type_simple +.Nd creating DER types +.Sh LIBRARY +.Lb libder +.Sh SYNOPSIS +.In libder.h +.Ft struct libder_tag * +.Fn libder_type_alloc_simple "struct libder_ctx *ctx" "uint8_t type" +.Ft struct libder_tag * +.Fn libder_type_dup "struct libder_ctx *ctx" "const struct libder_tag *type" +.Ft void +.Fn libder_type_free "struct libder_tag *type" +.Ft uint8_t +.Fn libder_type_simple "const struct libder_tag *type" +.Sh DESCRIPTION +The +.Nm +family of functions operate on the +.Xr libder 3 +type primitive. +These functions are largely useless as currently implemented, as +.Xr libder_obj 3 +has a method for allocating an object using a simple tag directly. +In the future, +.Nm +will have an API for importing encoded tags that need more than the +.Dq simple +one byte form (tags 0-30). +.Pp +The +.Fn libder_type_alloc_simple +function allocates a new type from the +.Dq simple +one byte form. +This type may be subsequently passed to +.Xr libder_obj_alloc 3 . +.Pp +The +.Fn libder_type_dup +function duplicates an existing type, and the +.Fn libder_type_free +function frees the type. +.Pp +The +.Ft libder_type_simple +function encodes the given +.Fa type +in the +.Dq simple +one byte buffer form. +In this form, the class bits and the primitive and constructed bits are encoded +in the three most significant bits, and the lower five bits are used to encode +a tag number between 0 and 30. +.Sh SEE ALSO +.Xr libder 3 , +.Xr libder_obj 3 , +.Xr libder_read 3 , +.Xr libder_write 3 diff --git a/contrib/libder/libder/libder_type.c b/contrib/libder/libder/libder_type.c new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder_type.c @@ -0,0 +1,150 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include +#include + +#include "libder_private.h" + +uint8_t +libder_type_simple_abi(const struct libder_tag *type) +{ + + return (libder_type_simple(type)); +} + +/* + * We'll likely expose this in the form of libder_type_import(), which validates + * and allocates a tag. + */ +LIBDER_PRIVATE struct libder_tag * +libder_type_alloc(void) +{ + + return (calloc(1, sizeof(struct libder_tag))); +} + +struct libder_tag * +libder_type_dup(struct libder_ctx *ctx, const struct libder_tag *dtype) +{ + struct libder_tag *type; + + type = libder_type_alloc(); + if (type == NULL) { + libder_set_error(ctx, LDE_NOMEM); + return (NULL); + } + + memcpy(type, dtype, sizeof(*dtype)); + + if (type->tag_encoded) { + uint8_t *tdata; + + /* Deep copy the tag data. */ + tdata = malloc(type->tag_size); + if (tdata == NULL) { + libder_set_error(ctx, LDE_NOMEM); + + /* + * Don't accidentally free the caller's buffer; it may + * be an external user of the API. + */ + type->tag_long = NULL; + type->tag_size = 0; + libder_type_free(type); + return (NULL); + } + + memcpy(tdata, dtype->tag_long, dtype->tag_size); + type->tag_long = tdata; + } + + return (type); +} + +struct libder_tag * +libder_type_alloc_simple(struct libder_ctx *ctx, uint8_t typeval) +{ + struct libder_tag *type; + + type = libder_type_alloc(); + if (type == NULL) { + libder_set_error(ctx, LDE_NOMEM); + return (NULL); + } + + type->tag_size = sizeof(typeval); + type->tag_class = BER_TYPE_CLASS(typeval); + type->tag_constructed = BER_TYPE_CONSTRUCTED(typeval); + type->tag_short = BER_TYPE(typeval); + return (type); +} + +LIBDER_PRIVATE void +libder_type_release(struct libder_tag *type) +{ + + if (type->tag_encoded) { + free(type->tag_long); + type->tag_long = NULL; + + /* + * Leaving type->tag_encoded set in case it helps us catch some + * bogus re-use of the type; we'd surface that as a null ptr + * deref as they think they should be using tag_long. + */ + } +} + +void +libder_type_free(struct libder_tag *type) +{ + + if (type == NULL) + return; + + libder_type_release(type); + free(type); +} + +LIBDER_PRIVATE void +libder_normalize_type(struct libder_ctx *ctx, struct libder_tag *type) +{ + uint8_t tagval; + size_t offset; + + if (!type->tag_encoded || !DER_NORMALIZING(ctx, TAGS)) + return; + + /* + * Strip any leading 0's off -- not possible in strict mode. + */ + for (offset = 0; offset < type->tag_size - 1; offset++) { + if ((type->tag_long[offset] & 0x7f) != 0) + break; + } + + assert(offset == 0 || !ctx->strict); + if (offset != 0) { + type->tag_size -= offset; + memmove(&type->tag_long[0], &type->tag_long[offset], + type->tag_size); + } + + /* + * We might be able to strip it down to a unencoded tag_short, if only + * the lower 5 bits are in use. + */ + if (type->tag_size != 1 || (type->tag_long[0] & ~0x1e) != 0) + return; + + tagval = type->tag_long[0]; + + free(type->tag_long); + type->tag_short = tagval; + type->tag_encoded = false; +} diff --git a/contrib/libder/libder/libder_write.3 b/contrib/libder/libder/libder_write.3 new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder_write.3 @@ -0,0 +1,54 @@ +.\" +.\" SPDX-Copyright-Identifier: BSD-2-Clause +.\" +.\" Copyright (C) 2024 Kyle Evans +.\" +.Dd March 2, 2024 +.Dt LIBDER_WRITE 3 +.Os +.Sh NAME +.Nm libder_write +.Nd writing DER encoded buffers +.Sh LIBRARY +.Lb libder +.Sh SYNOPSIS +.In libder.h +.Ft uint8_t * +.Fn libder_write "struct libder_ctx *ctx" "struct libder_object *root" "uint8_t *buf" "size_t *bufsize" +.Sh DESCRIPTION +The +.Fn libder_write +writes the specified +.Fa root +into the given +.Fa buf +of size +.Fa bufsize . +If a +.Dv NULL +and +.Dv 0 +are passed in, then +.Fn libder_write +will alllocate a buffer just large enough to fit the encoded +.Fa root . +Upon successful write, +.Fn libder_write +will return a pointer to the buffer used, and +.Fa *bufsize +is updated to indicate how many bytes were written. +On failure, +.Dv NULL +is returned and +.Fa *bufsize +will remain unmodified. +.Pp +Normalization rules are applied at write time, if specified via +.Xr libder_set_normalize 3 . +Note that applications do not typically need to enable normalization, as they +are all enabled by default. +.Sh SEE ALSO +.Xr libder 3 , +.Xr libder_obj 3 , +.Xr libder_read 3 , +.Xr libder_type 3 diff --git a/contrib/libder/libder/libder_write.c b/contrib/libder/libder/libder_write.c new file mode 100644 --- /dev/null +++ b/contrib/libder/libder/libder_write.c @@ -0,0 +1,229 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include +#include + +#include "libder.h" +#include "libder_private.h" + +struct memory_write_data { + uint8_t *buf; + size_t bufsz; + size_t offset; +}; + +typedef bool (write_buffer_t)(void *, const uint8_t *, size_t); + +static bool +libder_write_object_tag(struct libder_ctx *ctx __unused, + const struct libder_object *obj, write_buffer_t *write_buffer, void *cookie) +{ + const struct libder_tag *type = obj->type; + uint8_t value; + + if (!type->tag_encoded) { + value = libder_type_simple(type); + return (write_buffer(cookie, &value, sizeof(value))); + } + + /* Write out the tag info first. */ + value = BER_TYPE_LONG_MASK; + value |= type->tag_class << 6; + if (type->tag_constructed) + value |= BER_TYPE_CONSTRUCTED_MASK; + + if (!write_buffer(cookie, &value, sizeof(value))) + return (false); + + /* Write out the encoded tag next. */ + return (write_buffer(cookie, type->tag_long, type->tag_size)); +} + +static bool +libder_write_object_header(struct libder_ctx *ctx, struct libder_object *obj, + write_buffer_t *write_buffer, void *cookie) +{ + size_t size; + uint8_t sizelen, value; + + if (!libder_write_object_tag(ctx, obj, write_buffer, cookie)) + return (false); + + size = obj->disk_size; + sizelen = libder_size_length(size); + + if (sizelen == 1) { + assert((size & ~0x7f) == 0); + + value = size; + if (!write_buffer(cookie, &value, sizeof(value))) + return (false); + } else { + /* + * Protocol supports at most 0x7f size bytes, but we can only + * do up to a size_t. + */ + uint8_t sizebuf[sizeof(size_t)], *sizep; + + sizelen--; /* Remove the lead byte. */ + + value = 0x80 | sizelen; + if (!write_buffer(cookie, &value, sizeof(value))) + return (false); + + sizep = &sizebuf[0]; + for (uint8_t i = 0; i < sizelen; i++) + *sizep++ = (size >> ((sizelen - i - 1) * 8)) & 0xff; + + if (!write_buffer(cookie, &sizebuf[0], sizelen)) + return (false); + } + + return (true); +} + +static bool +libder_write_object_payload(struct libder_ctx *ctx __unused, + struct libder_object *obj, write_buffer_t *write_buffer, void *cookie) +{ + uint8_t *payload = obj->payload; + size_t length = obj->length; + + /* We don't expect `obj->payload` to be valid for a zero-size value. */ + if (length == 0) + return (true); + + /* + * We allow a NULL payload with a non-zero length to indicate that an + * object should write zeroes out, we just didn't waste the memory on + * these small allocations. Ideally if it's more than just one or two + * zeroes we're instead allocating a buffer for it and doing some more + * efficient copying from there. + */ + if (payload == NULL) { + uint8_t zero = 0; + + for (size_t i = 0; i < length; i++) { + if (!write_buffer(cookie, &zero, 1)) + return (false); + } + + return (true); + } + + return (write_buffer(cookie, payload, length)); +} + +static bool +libder_write_object(struct libder_ctx *ctx, struct libder_object *obj, + write_buffer_t *write_buffer, void *cookie) +{ + struct libder_object *child; + + if (DER_NORMALIZING(ctx, CONSTRUCTED) && !libder_obj_coalesce_children(obj, ctx)) + return (false); + + /* Write out this object's header first */ + if (!libder_write_object_header(ctx, obj, write_buffer, cookie)) + return (false); + + /* Write out the payload. */ + if (obj->children == NULL) + return (libder_write_object_payload(ctx, obj, write_buffer, cookie)); + + assert(obj->type->tag_constructed); + + /* Recurse on each child. */ + DER_FOREACH_CHILD(child, obj) { + if (!libder_write_object(ctx, child, write_buffer, cookie)) + return (false); + } + + return (true); +} + +static bool +memory_write(void *cookie, const uint8_t *data, size_t datasz) +{ + struct memory_write_data *mwrite = cookie; + uint8_t *dst = &mwrite->buf[mwrite->offset]; + size_t left; + + /* Small buffers should have been rejected long before now. */ + left = mwrite->bufsz - mwrite->offset; + assert(datasz <= left); + + memcpy(dst, data, datasz); + mwrite->offset += datasz; + return (true); +} + +/* + * Writes the object rooted at `root` to the buffer. If `buf` == NULL and + * `*bufsz` == 0, we'll allocate a buffer just large enough to hold the result + * and pass the size back via `*bufsz`. If a pre-allocated buffer is passed, + * we may still update `*bufsz` if normalization made the buffer smaller. + * + * If the buffer is too small, *bufsz will be set to the size of buffer needed. + */ +uint8_t * +libder_write(struct libder_ctx *ctx, struct libder_object *root, uint8_t *buf, + size_t *bufsz) +{ + struct memory_write_data mwrite = { 0 }; + size_t needed; + + /* + * We shouldn't really see buf == NULL with *bufsz != 0 or vice-versa. + * Combined, they mean that we should allocate whatever buffer size we + * need. + */ + if ((buf == NULL && *bufsz != 0) || (buf != NULL && *bufsz == 0)) + return (NULL); /* XXX Surface error? */ + + /* + * If we're doing any normalization beyond our standard size + * normalization, we apply those rules up front since they may alter our + * disk size every so slightly. + */ + if (ctx->normalize != 0 && !libder_obj_normalize(root, ctx)) + return (NULL); + + needed = libder_obj_disk_size(root, true); + if (needed == 0) + return (NULL); /* Overflow */ + + /* Allocate if we weren't passed a buffer. */ + if (*bufsz == 0) { + *bufsz = needed; + buf = malloc(needed); + if (buf == NULL) + return (NULL); + } else if (needed > *bufsz) { + *bufsz = needed; + return (NULL); /* Insufficient space */ + } + + /* Buffer large enough, write into it. */ + mwrite.buf = buf; + mwrite.bufsz = *bufsz; + if (!libder_write_object(ctx, root, &memory_write, &mwrite)) { + libder_bzero(mwrite.buf, mwrite.offset); + free(buf); + return (NULL); /* XXX Error */ + } + + /* + * We don't normalize the in-memory representation of the tree, we do + * that as we're writing into the buffer. It could be the case that we + * didn't need the full buffer as a result of normalization. + */ + *bufsz = mwrite.offset; + + return (buf); +} diff --git a/contrib/libder/tests/.gitignore b/contrib/libder/tests/.gitignore new file mode 100644 --- /dev/null +++ b/contrib/libder/tests/.gitignore @@ -0,0 +1,12 @@ +CORPUS* +crash-* +leak-* +oom-* +*.log + +fuzz_* +test_* +!*.c +!*.h + +make_corpus diff --git a/contrib/libder/tests/CMakeLists.txt b/contrib/libder/tests/CMakeLists.txt new file mode 100644 --- /dev/null +++ b/contrib/libder/tests/CMakeLists.txt @@ -0,0 +1,41 @@ +set(FUZZERS fuzz_parallel fuzz_stream fuzz_write) +set(UTILS ) +set(TESTS test_privkey test_pubkey) + +set(ALL_TESTS ${UTILS} ${TESTS}) + +if(BUILD_FUZZERS) + set(UTILS ${UTILS} make_corpus) + set(ALL_TESTS ${ALL_TESTS} ${FUZZERS} make_corpus) + + foreach(fuzzer IN LISTS FUZZERS) + add_executable(${fuzzer} ${fuzzer}.c) + + target_compile_options(${fuzzer} PUBLIC -fsanitize=fuzzer) + target_link_options(${fuzzer} PUBLIC -fsanitize=fuzzer) + endforeach() + + target_link_options(fuzz_parallel PUBLIC -pthread) +endif() + +foreach(prog IN LISTS UTILS TESTS) + add_executable(${prog} ${prog}.c) +endforeach() + +foreach(prog IN LISTS ALL_TESTS) + target_include_directories(${prog} PRIVATE ${CMAKE_SOURCE_DIR}/libder) + target_link_libraries(${prog} der_static) +endforeach() + +add_custom_command(TARGET test_privkey POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy + ${CMAKE_CURRENT_SOURCE_DIR}/repo.priv ${CMAKE_CURRENT_BINARY_DIR}/repo.priv) +add_custom_command(TARGET test_pubkey POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy + ${CMAKE_CURRENT_SOURCE_DIR}/repo.pub ${CMAKE_CURRENT_BINARY_DIR}/repo.pub) + +add_custom_target(check + DEPENDS test_pubkey test_privkey + COMMAND "${CMAKE_CURRENT_BINARY_DIR}/test_pubkey" + COMMAND "${CMAKE_CURRENT_BINARY_DIR}/test_privkey" +) diff --git a/contrib/libder/tests/fuzz_parallel.c b/contrib/libder/tests/fuzz_parallel.c new file mode 100644 --- /dev/null +++ b/contrib/libder/tests/fuzz_parallel.c @@ -0,0 +1,111 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "fuzzers.h" + +struct fuzz_frame { + uint8_t frame_threads; +}; + +struct thread_input { + const uint8_t *data; + size_t datasz; +}; + +static void * +thread_main(void *cookie) +{ + const struct thread_input *input = cookie; + struct libder_ctx *ctx; + struct libder_object *obj; + const uint8_t *data = input->data; + size_t readsz, sz = input->datasz; + + ctx = libder_open(); + readsz = sz; + obj = libder_read(ctx, data, &readsz); + if (obj == NULL || readsz != sz) + goto out; + + if (obj != NULL) { + uint8_t *buf = NULL; + size_t bufsz = 0; + + /* + * If we successfully read it, then it shouldn't + * overflow. We're letting libder allocate the buffer, + * so we shouldn't be able to hit the 'too small' bit. + * + * I can't imagine what other errors might happen, so + * we'll just assert on it. + */ + buf = libder_write(ctx, obj, buf, &bufsz); + if (buf == NULL) + goto out; + + assert(bufsz != 0); + + free(buf); + } + +out: + libder_obj_free(obj); + libder_close(ctx); + return (NULL); +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t sz) +{ + const struct fuzz_frame *frame; + pthread_t *threads; + struct thread_input inp; + size_t nthreads; + + if (sz <= sizeof(*frame)) + return (-1); + + frame = (const void *)data; + data += sizeof(*frame); + sz -= sizeof(*frame); + + if (frame->frame_threads < 2) + return (-1); + + threads = malloc(sizeof(*threads) * frame->frame_threads); + if (threads == NULL) + return (-1); + + inp.data = data; + inp.datasz = sz; + + for (nthreads = 0; nthreads < frame->frame_threads; nthreads++) { + if (pthread_create(&threads[nthreads], NULL, thread_main, + &inp) != 0) + break; + } + + for (uint8_t i = 0; i < nthreads; i++) + pthread_join(threads[i], NULL); + + free(threads); + + return (0); +} diff --git a/contrib/libder/tests/fuzz_stream.c b/contrib/libder/tests/fuzz_stream.c new file mode 100644 --- /dev/null +++ b/contrib/libder/tests/fuzz_stream.c @@ -0,0 +1,246 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include + +#include +#include +#include +#include +#include +#include + +#include + +#include "fuzzers.h" + +struct supply_data { + const uint8_t *data; + volatile size_t datasz; + int socket; +}; + +static void * +supply_thread(void *data) +{ + struct supply_data *sdata = data; + size_t sz = sdata->datasz; + ssize_t writesz; + + do { + writesz = write(sdata->socket, sdata->data, sz); + + data += writesz; + sz -= writesz; + } while (sz != 0 && writesz > 0); + + sdata->datasz = sz; + shutdown(sdata->socket, SHUT_RDWR); + close(sdata->socket); + + return (NULL); +} + +static int +fuzz_fd(const struct fuzz_params *fparams, const uint8_t *data, size_t sz) +{ + struct supply_data sdata; + struct libder_ctx *ctx; + struct libder_object *obj; + size_t totalsz; + int sockets[2]; + pid_t pid; + int ret; + + ret = socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, + &sockets[0]); + if (ret == -1) + return (-1); + + sdata.data = data; + sdata.datasz = sz; + sdata.socket = sockets[1]; + signal(SIGCHLD, SIG_IGN); + pid = fork(); + if (pid == -1) { + close(sockets[0]); + close(sockets[1]); + return (-1); + } + + if (pid == 0) { + close(sockets[0]); + supply_thread(&sdata); + _exit(0); + } else { + close(sockets[1]); + } + + totalsz = 0; + ret = 0; + ctx = libder_open(); + libder_set_strict(ctx, !!fparams->strict); + while (totalsz < sz) { + size_t readsz = 0; + + obj = libder_read_fd(ctx, sockets[0], &readsz); + libder_obj_free(obj); + + /* + * Even invalid reads should consume at least one byte. + */ + assert(readsz != 0); + + totalsz += readsz; + if (readsz == 0) + break; + } + + assert(totalsz == sz); + libder_close(ctx); + close(sockets[0]); + + return (ret); +} + +static int +fuzz_file(const struct fuzz_params *fparams, const uint8_t *data, size_t sz) +{ + FILE *fp; + struct libder_ctx *ctx; + struct libder_object *obj; + size_t totalsz; + int ret; + + if (fparams->buftype >= BUFFER_END) + return (-1); + + fp = fmemopen(__DECONST(void *, data), sz, "rb"); + assert(fp != NULL); + + switch (fparams->buftype) { + case BUFFER_NONE: + setvbuf(fp, NULL, 0, _IONBF); + break; + case BUFFER_FULL: + setvbuf(fp, NULL, 0, _IOFBF); + break; + case BUFFER_END: + assert(0); + } + + totalsz = 0; + ret = 0; + ctx = libder_open(); + libder_set_strict(ctx, !!fparams->strict); + while (!feof(fp)) { + size_t readsz = 0; + + obj = libder_read_file(ctx, fp, &readsz); + libder_obj_free(obj); + + if (obj == NULL) + assert(readsz != 0 || feof(fp)); + else + assert(readsz != 0); + + totalsz += readsz; + } + + assert(totalsz == sz); + libder_close(ctx); + fclose(fp); + + return (ret); +} + +static int +fuzz_plain(const struct fuzz_params *fparams, const uint8_t *data, size_t sz) +{ + struct libder_ctx *ctx; + struct libder_object *obj; + int ret; + + if (sz == 0) + return (-1); + + ret = 0; + ctx = libder_open(); + libder_set_strict(ctx, !!fparams->strict); + do { + size_t readsz; + + readsz = sz; + obj = libder_read(ctx, data, &readsz); + libder_obj_free(obj); + + if (obj == NULL) + assert(readsz != 0 || readsz == sz); + else + assert(readsz != 0); + + /* + * If we hit an entirely invalid segment of the buffer, we'll + * just skip a byte and try again. + */ + data += MAX(1, readsz); + sz -= MAX(1, readsz); + } while (sz != 0); + + libder_close(ctx); + + return (ret); +}; + +static bool +validate_padding(const struct fuzz_params *fparams) +{ + const uint8_t *end = (const void *)(fparams + 1); + const uint8_t *pad = (const uint8_t *)&fparams->PARAM_PAD_START; + + while (pad < end) { + if (*pad++ != 0) + return (false); + } + + return (true); +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t sz) +{ + const struct fuzz_params *fparams; + + if (sz <= sizeof(*fparams)) + return (-1); + + fparams = (const void *)data; + if (fparams->type >= STREAM_END) + return (-1); + + if (!validate_padding(fparams)) + return (-1); + + data += sizeof(*fparams); + sz -= sizeof(*fparams); + + if (fparams->type != STREAM_FILE && fparams->buftype != BUFFER_NONE) + return (-1); + + switch (fparams->type) { + case STREAM_FD: + return (fuzz_fd(fparams, data, sz)); + case STREAM_FILE: + return (fuzz_file(fparams, data, sz)); + case STREAM_PLAIN: + return (fuzz_plain(fparams, data, sz)); + case STREAM_END: + assert(0); + } + + __builtin_trap(); +} diff --git a/contrib/libder/tests/fuzz_write.c b/contrib/libder/tests/fuzz_write.c new file mode 100644 --- /dev/null +++ b/contrib/libder/tests/fuzz_write.c @@ -0,0 +1,79 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include + +#include +#include +#include +#include +#include +#include + +#include + +#include "fuzzers.h" + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t sz) +{ + struct libder_ctx *ctx; + struct libder_object *obj; + size_t readsz; + int ret; + bool strict; + + if (sz < 2) + return (-1); + + /* + * I worked this in originally by just using the high bit of the first + * byte, but then I realized that encoding it that way would make it + * impossible to get strict validation of universal and application + * tags. The former is a bit more important than the latter. + */ + strict = !!data[0]; + data++; + sz--; + + ctx = libder_open(); + libder_set_strict(ctx, strict); + ret = -1; + readsz = sz; + obj = libder_read(ctx, data, &readsz); + if (obj == NULL || readsz != sz) + goto out; + + if (obj != NULL) { + uint8_t *buf = NULL; + size_t bufsz = 0; + + /* + * If we successfully read it, then it shouldn't + * overflow. We're letting libder allocate the buffer, + * so we shouldn't be able to hit the 'too small' bit. + * + * I can't imagine what other errors might happen, so + * we'll just assert on it. + */ + buf = libder_write(ctx, obj, buf, &bufsz); + if (buf == NULL) + goto out; + + assert(bufsz != 0); + + free(buf); + } + + ret = 0; + +out: + libder_obj_free(obj); + libder_close(ctx); + + return (ret); +} diff --git a/contrib/libder/tests/fuzzers.h b/contrib/libder/tests/fuzzers.h new file mode 100644 --- /dev/null +++ b/contrib/libder/tests/fuzzers.h @@ -0,0 +1,40 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#pragma once + +#include + +enum stream_type { + STREAM_FD = 0, /* read_fd() type */ + STREAM_FILE = 1, /* read_file() type */ + STREAM_PLAIN = 2, + + STREAM_END +} __attribute__((packed)); + +enum stream_buffer { + BUFFER_NONE = 0, + BUFFER_FULL = 1, + + BUFFER_END, +} __attribute__((packed)); + +struct fuzz_params { + enum stream_type type; + enum stream_buffer buftype; + +#define PARAM_PAD_START _pad0 + uint8_t strict; + uint8_t _pad0[5]; + + /* Give me plenty of padding. */ + uint64_t padding[3]; +}; + +_Static_assert(sizeof(struct fuzz_params) == 32, + "fuzz_params ABI broken, will invalidate CORPUS"); + diff --git a/contrib/libder/tests/make_corpus.c b/contrib/libder/tests/make_corpus.c new file mode 100644 --- /dev/null +++ b/contrib/libder/tests/make_corpus.c @@ -0,0 +1,137 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include + +#undef NDEBUG +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "fuzzers.h" + +#define LARGE_SIZE (1024 * 64) + +static const uint8_t empty_seq[] = { BT_SEQUENCE, 0x00 }; +static const uint8_t long_size[21] = { BT_OCTETSTRING, 0x83, 0x00, 0x00, 0x10 }; + +/* 64k */ +#define LARGE_SIZE_ENCODING 0x83, 0x01, 0x00, 0x00 +static const uint8_t large_octet[LARGE_SIZE + 5] = { BT_OCTETSTRING, LARGE_SIZE_ENCODING }; + +#define VARLEN_SEQ BT_OCTETSTRING, 0x04, 0x01, 0x02, 0x03, 0x04 +#define VARLEN_CHILDREN VARLEN_SEQ, VARLEN_SEQ, VARLEN_SEQ +static const uint8_t varlen[] = { BT_SEQUENCE, 0x80, + VARLEN_CHILDREN, 0x00, 0x00 }; + +#define BITSTRING1 BT_BITSTRING, 0x04, 0x03, 0xc0, 0xc0, 0xcc +#define BITSTRING2 BT_BITSTRING, 0x04, 0x05, 0xdd, 0xdd, 0xff +static const uint8_t constructed_bitstring[] = { 0x20 | BT_BITSTRING, + 2 * 6, BITSTRING1, BITSTRING2 }; + +#define FUZZER_SEED(seq) { #seq, sizeof(seq), seq } +static const struct seed { + const char *seed_name; + size_t seed_seqsz; + const uint8_t *seed_seq; +} seeds[] = { + FUZZER_SEED(empty_seq), + FUZZER_SEED(long_size), + FUZZER_SEED(large_octet), + FUZZER_SEED(varlen), + FUZZER_SEED(constructed_bitstring), +}; + +static void +usage(void) +{ + fprintf(stderr, "usage: %s [-H] \n", getprogname()); + exit(1); +} + +static void +write_one(const struct fuzz_params *params, const struct seed *seed, int dirfd, + bool striphdr) +{ + char *name; + int fd = -1; + + assert(asprintf(&name, "base_%d_%d_%d_%s", params->type, + params->buftype, params->strict, seed->seed_name) != -1); + + fd = openat(dirfd, name, O_RDWR | O_TRUNC | O_CREAT, 0644); + assert(fd != -1); + + /* + * Write our params + seed; if we're stripping the header we won't have + * the full params, but we'll still have our signal byte for strict + * mode. + */ + if (!striphdr) + assert(write(fd, ¶ms, sizeof(params)) == sizeof(params)); + else + assert(write(fd, ¶ms->strict, sizeof(params->strict)) == sizeof(params->strict)); + + assert(write(fd, seed->seed_seq, seed->seed_seqsz) == seed->seed_seqsz); + + free(name); + close(fd); +} + +int +main(int argc, char *argv[]) +{ + struct fuzz_params params; + const struct seed *seed; + const char *seed_dir; + int dirfd = -1; + bool striphdr = false; + + if (argc < 2 || argc > 3) + usage(); + + if (argc == 3 && strcmp(argv[1], "-H") != 0) + usage(); + + striphdr = argc == 3; + seed_dir = argv[argc - 1]; + + dirfd = open(seed_dir, O_SEARCH); + if (dirfd == -1) + err(1, "%s: open", seed_dir); + + memset(¶ms, 0, sizeof(params)); + + for (int type = 0; type < STREAM_END; type++) { + params.type = type; + + for (int buffered = 0; buffered < BUFFER_END; buffered++) { + params.buftype = buffered; + + for (uint8_t strict = 0; strict < 2; strict++) { + params.strict = strict; + + for (size_t i = 0; i < nitems(seeds); i++) { + seed = &seeds[i]; + + write_one(¶ms, seed, dirfd, striphdr); + } + } + + if (type != STREAM_FILE) + break; + } + } + + close(dirfd); +} diff --git a/contrib/libder/tests/repo.priv b/contrib/libder/tests/repo.priv new file mode 100644 index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 GIT binary patch literal 0 Hc$@ + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include +#include +#include +#include +#include + +static inline int +open_progdir(const char *prog) +{ + char pdir[PATH_MAX], *resolved; + int dfd; + + resolved = realpath(prog, &pdir[0]); + assert(resolved != NULL); + + resolved = dirname(&pdir[0]); + assert(resolved != NULL); + + dfd = open(resolved, O_DIRECTORY); + assert(dfd != -1); + + return (dfd); +} diff --git a/contrib/libder/tests/test_privkey.c b/contrib/libder/tests/test_privkey.c new file mode 100644 --- /dev/null +++ b/contrib/libder/tests/test_privkey.c @@ -0,0 +1,175 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "test_common.h" + +/* + * Note that the choice of secp112r1 is completely arbitrary. I was mainly + * shooting for something pretty weak to avoid people trying to "catch me" + * checking in private key material, even though it's very incredibly clearly + * just for a test case. + */ +static const uint8_t oid_secp112r1[] = + { 0x2b, 0x81, 0x04, 0x00, 0x06 }; + +static const uint8_t privdata[] = { 0xa5, 0xf5, 0x2a, 0x56, 0x61, 0xe3, 0x58, + 0x76, 0x5c, 0x4f, 0xd6, 0x8d, 0x60, 0x54 }; + +static const uint8_t pubdata[] = { 0x00, 0x04, 0xae, 0x69, 0x41, 0x0d, 0x9c, + 0x9b, 0xf2, 0x34, 0xf6, 0x2d, 0x7c, 0x91, 0xe1, 0xc7, 0x7f, 0x23, 0xa0, + 0x84, 0x34, 0x5c, 0x38, 0x26, 0xd8, 0xcf, 0xbe, 0xf7, 0xdc, 0x8a }; + +static void +test_interface(struct libder_object *root) +{ + const uint8_t *data; + size_t datasz; + struct libder_object *keystring, *oid; + + /* Grab the oid first. */ + oid = libder_obj_child(root, 2); + assert(oid != NULL); /* Actually just the container... */ + assert(libder_obj_type_simple(oid) == 0xa0); + + oid = libder_obj_child(oid, 0); + assert(oid != NULL); /* Now *that*'s an OID. */ + assert(libder_obj_type_simple(oid) == BT_OID); + data = libder_obj_data(oid, &datasz); + assert(datasz == sizeof(oid_secp112r1)); + assert(memcmp(oid_secp112r1, data, datasz) == 0); + + keystring = libder_obj_child(root, 1); + assert(keystring != NULL); + assert(libder_obj_type_simple(keystring) == BT_OCTETSTRING); + + data = libder_obj_data(keystring, &datasz); + assert(datasz == sizeof(privdata)); + assert(memcmp(privdata, data, datasz) == 0); +} + +/* buf and bufszs are just our reference */ +static void +test_construction(struct libder_ctx *ctx, const uint8_t *buf, size_t bufsz) +{ + uint8_t *out; + struct libder_object *obj, *oidp, *pubp, *root; + struct libder_object *keystring; + size_t outsz; + uint8_t data; + + root = libder_obj_alloc_simple(ctx, BT_SEQUENCE, NULL, 0); + assert(root != NULL); + + data = 1; + obj = libder_obj_alloc_simple(ctx, BT_INTEGER, &data, 1); + assert(obj != NULL); + assert(libder_obj_append(root, obj)); + + /* Private key material */ + obj = libder_obj_alloc_simple(ctx, BT_OCTETSTRING, privdata, sizeof(privdata)); + assert(obj != NULL); + assert(libder_obj_append(root, obj)); + + /* Now throw in the OID and pubkey containers */ + oidp = libder_obj_alloc_simple(ctx, + (BC_CONTEXT << 6) | BER_TYPE_CONSTRUCTED_MASK | 0, NULL, 0); + assert(oidp != NULL); + assert(libder_obj_append(root, oidp)); + + pubp = libder_obj_alloc_simple(ctx, + (BC_CONTEXT << 6) | BER_TYPE_CONSTRUCTED_MASK | 1, NULL, 0); + assert(pubp != NULL); + assert(libder_obj_append(root, pubp)); + + /* Actually add the OID */ + obj = libder_obj_alloc_simple(ctx, BT_OID, oid_secp112r1, sizeof(oid_secp112r1)); + assert(obj != NULL); + assert(libder_obj_append(oidp, obj)); + + /* Finally, add the pubkey */ + obj = libder_obj_alloc_simple(ctx, BT_BITSTRING, pubdata, sizeof(pubdata)); + assert(obj != NULL); + assert(libder_obj_append(pubp, obj)); + + out = NULL; + outsz = 0; + out = libder_write(ctx, root, out, &outsz); + assert(out != NULL); + assert(outsz == bufsz); + + assert(memcmp(out, buf, bufsz) == 0); + + libder_obj_free(root); + free(out); +} + +int +main(int argc, char *argv[]) +{ + struct stat sb; + struct libder_ctx *ctx; + struct libder_object *root; + uint8_t *buf, *out; + size_t bufsz, outsz, rootsz; + ssize_t readsz; + int dfd, error, fd; + + dfd = open_progdir(argv[0]); + + fd = openat(dfd, "repo.priv", O_RDONLY); + assert(fd >= 0); + + close(dfd); + dfd = -1; + + error = fstat(fd, &sb); + assert(error == 0); + + bufsz = sb.st_size; + buf = malloc(bufsz); + assert(buf != NULL); + + readsz = read(fd, buf, bufsz); + close(fd); + + assert(readsz == bufsz); + + ctx = libder_open(); + rootsz = bufsz; + libder_set_verbose(ctx, 2); + root = libder_read(ctx, buf, &rootsz); + + assert(root != NULL); + assert(rootsz == bufsz); + + test_interface(root); + test_construction(ctx, buf, bufsz); + + outsz = 0; + out = NULL; + out = libder_write(ctx, root, out, &outsz); + assert(out != NULL); + assert(outsz == bufsz); + + assert(memcmp(buf, out, outsz) == 0); + + free(out); + free(buf); + libder_obj_free(root); + libder_close(ctx); +} diff --git a/contrib/libder/tests/test_pubkey.c b/contrib/libder/tests/test_pubkey.c new file mode 100644 --- /dev/null +++ b/contrib/libder/tests/test_pubkey.c @@ -0,0 +1,143 @@ +/*- + * Copyright (c) 2024 Kyle Evans + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include "test_common.h" + +static const uint8_t oid_ecpubkey[] = + { 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 }; +static const uint8_t oid_secp256k1[] = + { 0x2b, 0x81, 0x04, 0x00, 0x0a }; + +static const uint8_t pubdata[] = { 0x00, 0x04, 0xd1, 0x76, 0x20, 0x39, 0xe5, 0x3e, + 0x67, 0x7d, 0x8d, 0xfd, 0xc4, 0x21, 0x20, 0xcd, 0xb0, 0xbf, 0x47, 0x87, 0x6a, + 0xf8, 0x07, 0x73, 0xbe, 0xbe, 0xd5, 0xbb, 0x3c, 0xbc, 0x32, 0x93, 0xd9, 0xdf, + 0x96, 0x25, 0xb7, 0x0e, 0x3c, 0x55, 0x12, 0xee, 0x7a, 0x02, 0x39, 0x0f, 0xee, + 0x7b, 0xfe, 0x1a, 0x93, 0x76, 0xf7, 0xc2, 0xac, 0x05, 0xba, 0x9a, 0x83, 0x37, + 0xf5, 0xcd, 0x55, 0x57, 0x39, 0x6f }; + +static void +test_interface(struct libder_object *root) +{ + const uint8_t *data; + size_t datasz; + struct libder_object *keystring; + + keystring = libder_obj_child(root, 1); + assert(keystring != NULL); + assert(libder_obj_type_simple(keystring) == BT_BITSTRING); + + data = libder_obj_data(keystring, &datasz); + assert(datasz == sizeof(pubdata)); + assert(memcmp(pubdata, data, datasz) == 0); +} + +/* buf and bufszs are just our reference */ +static void +test_construction(struct libder_ctx*ctx, const uint8_t *buf, size_t bufsz) +{ + uint8_t *out; + struct libder_object *obj, *params, *root; + struct libder_object *keystring; + size_t outsz; + + root = libder_obj_alloc_simple(ctx, BT_SEQUENCE, NULL, 0); + assert(root != NULL); + + params = libder_obj_alloc_simple(ctx, BT_SEQUENCE, NULL, 0); + assert(params != NULL); + assert(libder_obj_append(root, params)); + + keystring = libder_obj_alloc_simple(ctx, BT_BITSTRING, pubdata, sizeof(pubdata)); + assert(keystring != NULL); + assert(libder_obj_append(root, keystring)); + + /* Now go back and build the two params, id and curve */ + obj = libder_obj_alloc_simple(ctx, BT_OID, oid_ecpubkey, sizeof(oid_ecpubkey)); + assert(obj != NULL); + assert(libder_obj_append(params, obj)); + + obj = libder_obj_alloc_simple(ctx, BT_OID, oid_secp256k1, sizeof(oid_secp256k1)); + assert(obj != NULL); + assert(libder_obj_append(params, obj)); + + out = NULL; + outsz = 0; + out = libder_write(ctx, root, out, &outsz); + assert(out != NULL); + assert(outsz == bufsz); + assert(memcmp(out, buf, bufsz) == 0); + + libder_obj_free(root); + free(out); +} + +int +main(int argc, char *argv[]) +{ + struct stat sb; + struct libder_ctx *ctx; + struct libder_object *root; + uint8_t *buf, *out; + size_t bufsz, outsz, rootsz; + ssize_t readsz; + int dfd, error, fd; + + dfd = open_progdir(argv[0]); + + fd = openat(dfd, "repo.pub", O_RDONLY); + assert(fd >= 0); + + close(dfd); + dfd = -1; + + error = fstat(fd, &sb); + assert(error == 0); + + bufsz = sb.st_size; + buf = malloc(bufsz); + assert(buf != NULL); + + readsz = read(fd, buf, bufsz); + close(fd); + + assert(readsz == bufsz); + + ctx = libder_open(); + rootsz = bufsz; + libder_set_verbose(ctx, 2); + root = libder_read(ctx, buf, &rootsz); + + assert(root != NULL); + assert(rootsz == bufsz); + + test_interface(root); + test_construction(ctx, buf, bufsz); + + outsz = 0; + out = NULL; + out = libder_write(ctx, root, out, &outsz); + assert(out != NULL); + assert(outsz == bufsz); + + assert(memcmp(buf, out, outsz) == 0); + + free(out); + free(buf); + libder_obj_free(root); + libder_close(ctx); +} diff --git a/lib/Makefile b/lib/Makefile --- a/lib/Makefile +++ b/lib/Makefile @@ -15,6 +15,7 @@ libc++ \ libc++experimental \ libcxxrt \ + libder \ libdiff \ libelf \ libssp \ diff --git a/lib/libder/Makefile b/lib/libder/Makefile new file mode 100644 --- /dev/null +++ b/lib/libder/Makefile @@ -0,0 +1,13 @@ + +LIB= der +INTERNALLIB= + +.PATH: ${SRCTOP}/contrib/libder/libder +SRCS+= libder.c \ + libder_error.c \ + libder_obj.c \ + libder_read.c \ + libder_type.c \ + libder_write.c + +.include diff --git a/share/mk/src.libnames.mk b/share/mk/src.libnames.mk --- a/share/mk/src.libnames.mk +++ b/share/mk/src.libnames.mk @@ -44,6 +44,7 @@ bsnmptools \ c_nossp_pic \ cron \ + der \ diff \ elftc \ fdt \ @@ -613,6 +614,9 @@ LIBCRONDIR= ${_LIB_OBJTOP}/usr.sbin/cron/lib LIBCRON?= ${LIBCRONDIR}/libcron${PIE_SUFFIX}.a +LIBDERDIR= ${_LIB_OBJTOP}/lib/libder +LIBDER?= ${LIBDERDIR}/libder${PIE_SUFFIX}.a + LIBNTPDIR= ${_LIB_OBJTOP}/usr.sbin/ntp/libntp LIBNTP?= ${LIBNTPDIR}/libntp${PIE_SUFFIX}.a