Asn1_module#
Modules#
Functions to parse ASN.1 data structures#
Get the length of an ASN.1 element.
Get the tag and length of the element.
Retrieve a boolean ASN.1 tag and its value.
Retrieve an integer ASN.1 tag and its value.
Retrieve an enumerated ASN.1 tag and its value.
Retrieve a bitstring ASN.1 tag and its value.
Retrieve a bitstring ASN.1 tag without unused bits and its value.
Parses and splits an ASN.1 "SEQUENCE OF <tag>".
Free a heap-allocated linked list presentation of an ASN.1 sequence, including the first element.
Traverse an ASN.1 SEQUENCE container and call a callback for each entry.
Retrieve an AlgorithmIdentifier ASN.1 sequence.
Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params.
Find a specific named_data entry in a sequence or list based on the OID.
Free a mbedtls_asn1_named_data entry.
Free all entries in a mbedtls_asn1_named_data list.
ASN1 Error codes#
These error codes are OR'ed to X509 error codes for higher error granularity.ASN1 is a standard to specify data structures.
Out of data when parsing an ASN1 data structure.
ASN1 tag was of an unexpected value.
Error when trying to determine the length or invalid length.
Actual length differs from expected length.
Data is invalid.
Memory allocation failed.
Buffer too small when writing ASN.1 data structure.
DER constants#
These constants comply with the DER encoded ASN.1 type tags.DER encoding uses hexadecimal representation. An example DER sequence is:0x02 tag indicating INTEGER0x01 length in octets0x05 value Such sequences are typically read into mbedtls_x509_buf.
Macros#
Returns the size of the binary string, without the trailing \0.
Compares an mbedtls_asn1_buf structure to a reference OID.
Functions to parse ASN.1 data structures Documentation#
mbedtls_asn1_get_len#
int mbedtls_asn1_get_len (unsigned char ** p, const unsigned char * end, size_t * len)
Get the length of an ASN.1 element.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| unsigned char ** | N/A | p | On entry, |
| const unsigned char * | N/A | end | End of data. |
| size_t * | N/A | len | On successful completion, |
Updates the pointer to immediately behind the length.
Returns
0 if successful.
MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element would end beyond
end.MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
mbedtls_asn1_get_tag#
int mbedtls_asn1_get_tag (unsigned char ** p, const unsigned char * end, size_t * len, int tag)
Get the tag and length of the element.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| unsigned char ** | N/A | p | On entry, |
| const unsigned char * | N/A | end | End of data. |
| size_t * | N/A | len | On successful completion, |
| int | N/A | tag | The expected tag. |
Check for the requested tag. Updates the pointer to immediately behind the tag and length.
Returns
0 if successful.
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start with the requested tag.
MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element would end beyond
end.MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
mbedtls_asn1_get_bool#
int mbedtls_asn1_get_bool (unsigned char ** p, const unsigned char * end, int * val)
Retrieve a boolean ASN.1 tag and its value.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| unsigned char ** | N/A | p | On entry, |
| const unsigned char * | N/A | end | End of data. |
| int * | N/A | val | On success, the parsed value ( |
Updates the pointer to immediately behind the full tag.
Returns
0 if successful.
An ASN.1 error code if the input does not start with a valid ASN.1 BOOLEAN.
mbedtls_asn1_get_int#
int mbedtls_asn1_get_int (unsigned char ** p, const unsigned char * end, int * val)
Retrieve an integer ASN.1 tag and its value.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| unsigned char ** | N/A | p | On entry, |
| const unsigned char * | N/A | end | End of data. |
| int * | N/A | val | On success, the parsed value. |
Updates the pointer to immediately behind the full tag.
Returns
0 if successful.
An ASN.1 error code if the input does not start with a valid ASN.1 INTEGER.
MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does not fit in an
int.
mbedtls_asn1_get_enum#
int mbedtls_asn1_get_enum (unsigned char ** p, const unsigned char * end, int * val)
Retrieve an enumerated ASN.1 tag and its value.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| unsigned char ** | N/A | p | On entry, |
| const unsigned char * | N/A | end | End of data. |
| int * | N/A | val | On success, the parsed value. |
Updates the pointer to immediately behind the full tag.
Returns
0 if successful.
An ASN.1 error code if the input does not start with a valid ASN.1 ENUMERATED.
MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does not fit in an
int.
mbedtls_asn1_get_bitstring#
int mbedtls_asn1_get_bitstring (unsigned char ** p, const unsigned char * end, mbedtls_asn1_bitstring * bs)
Retrieve a bitstring ASN.1 tag and its value.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| unsigned char ** | N/A | p | On entry, |
| const unsigned char * | N/A | end | End of data. |
| mbedtls_asn1_bitstring * | N/A | bs | On success, mbedtls_asn1_bitstring information about the parsed value. |
Updates the pointer to immediately behind the full tag.
Returns
0 if successful.
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains extra data after a valid BIT STRING.
An ASN.1 error code if the input does not start with a valid ASN.1 BIT STRING.
mbedtls_asn1_get_bitstring_null#
int mbedtls_asn1_get_bitstring_null (unsigned char ** p, const unsigned char * end, size_t * len)
Retrieve a bitstring ASN.1 tag without unused bits and its value.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| unsigned char ** | N/A | p | On entry, |
| const unsigned char * | N/A | end | End of data. |
| size_t * | N/A | len | On success, |
Updates the pointer to the beginning of the bit/octet string.
Returns
0 if successful.
MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with a valid BIT STRING with a nonzero number of unused bits.
An ASN.1 error code if the input does not start with a valid ASN.1 BIT STRING.
mbedtls_asn1_get_sequence_of#
int mbedtls_asn1_get_sequence_of (unsigned char ** p, const unsigned char * end, mbedtls_asn1_sequence * cur, int tag)
Parses and splits an ASN.1 "SEQUENCE OF <tag>".
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| unsigned char ** | N/A | p | On entry, |
| const unsigned char * | N/A | end | End of data. |
| mbedtls_asn1_sequence * | N/A | cur | A mbedtls_asn1_sequence which this function fills. When this function returns, |
| int | N/A | tag | Each element of the sequence must have this tag. |
Updates the pointer to immediately behind the full sequence tag.
This function allocates memory for the sequence elements. You can free the allocated memory with mbedtls_asn1_sequence_free().
Note
On error, this function may return a partial list in
cur. You must setcur->next = NULLbefore calling this function! Otherwise it is impossible to distinguish a previously non-null pointer from a pointer to an object allocated by this function.If the sequence is empty, this function does not modify
*cur. If the sequence is valid and non-empty, this function setscur->buf.tagtotag. This allows callers to distinguish between an empty sequence and a one-element sequence.
Returns
0 if successful.
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains extra data after a valid SEQUENCE OF
tag.MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with an ASN.1 SEQUENCE in which an element has a tag that is different from
tag.MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed.
An ASN.1 error code if the input does not start with a valid ASN.1 SEQUENCE.
mbedtls_asn1_sequence_free#
void mbedtls_asn1_sequence_free (mbedtls_asn1_sequence * seq)
Free a heap-allocated linked list presentation of an ASN.1 sequence, including the first element.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| mbedtls_asn1_sequence * | N/A | seq | The address of the first sequence component. This may be |
There are two common ways to manage the memory used for the representation of a parsed ASN.1 sequence:
Allocate a head node
mbedtls_asn1_sequence *headwith mbedtls_calloc(). Pass this node as thecurargument to mbedtls_asn1_get_sequence_of(). When you have finished processing the sequence, call mbedtls_asn1_sequence_free() onhead.Allocate a head node
mbedtls_asn1_sequence *headin any manner, for example on the stack. Make sure thathead->next == NULL. Passheadas thecurargument to mbedtls_asn1_get_sequence_of(). When you have finished processing the sequence, call mbedtls_asn1_sequence_free() onhead->cur, then freeheaditself in the appropriate manner.
mbedtls_asn1_traverse_sequence_of#
int mbedtls_asn1_traverse_sequence_of (unsigned char ** p, const unsigned char * end, unsigned char tag_must_mask, unsigned char tag_must_val, unsigned char tag_may_mask, unsigned char tag_may_val, int(*)(void *ctx, int tag, unsigned char *start, size_t len) cb, void * ctx)
Traverse an ASN.1 SEQUENCE container and call a callback for each entry.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| unsigned char ** | N/A | p | The address of the pointer to the beginning of the ASN.1 SEQUENCE header. This is updated to point to the end of the ASN.1 SEQUENCE container on a successful invocation. |
| const unsigned char * | N/A | end | The end of the ASN.1 SEQUENCE container. |
| unsigned char | N/A | tag_must_mask | A mask to be applied to the ASN.1 tags found within the SEQUENCE before comparing to |
| unsigned char | N/A | tag_must_val | The required value of each ASN.1 tag found in the SEQUENCE, after masking with |
| unsigned char | N/A | tag_may_mask | A mask to be applied to the ASN.1 tags found within the SEQUENCE before comparing to |
| unsigned char | N/A | tag_may_val | The desired value of each ASN.1 tag found in the SEQUENCE, after masking with |
| int(*)(void *ctx, int tag, unsigned char *start, size_t len) | N/A | cb | The callback to trigger for each component in the ASN.1 SEQUENCE that matches
|
| void * | N/A | ctx | The context to be passed to the callback |
This function checks that the input is a SEQUENCE of elements that each have a "must" tag, and calls a callback function on the elements that have a "may" tag.
For example, to validate that the input is a SEQUENCE of tag1 and call cb on each element, use
mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);
To validate that the input is a SEQUENCE of ANY and call cb on each element, use
mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);
To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING} and call cb on each element that is an OCTET STRING, use
mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);
The callback is called on the elements with a "may" tag from left to right. If the input is not a valid SEQUENCE of elements with a "must" tag, the callback is called on the elements up to the leftmost point where the input is invalid.
Warnings
This function is still experimental and may change at any time.
Returns
0if successful the entire ASN.1 SEQUENCE was traversed without parsing or callback errors.MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains extra data after a valid SEQUENCE of elements with an accepted tag.
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with an ASN.1 SEQUENCE in which an element has a tag that is not accepted.
An ASN.1 error code if the input does not start with a valid ASN.1 SEQUENCE.
A non-zero error code forwarded from the callback
cbin case the latter returns a non-zero value.
mbedtls_asn1_get_alg#
int mbedtls_asn1_get_alg (unsigned char ** p, const unsigned char * end, mbedtls_asn1_buf * alg, mbedtls_asn1_buf * params)
Retrieve an AlgorithmIdentifier ASN.1 sequence.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| unsigned char ** | N/A | p | On entry, |
| const unsigned char * | N/A | end | End of data. |
| mbedtls_asn1_buf * | N/A | alg | The buffer to receive the OID. |
| mbedtls_asn1_buf * | N/A | params | The buffer to receive the parameters. This is zeroized if there are no parameters. |
Updates the pointer to immediately behind the full AlgorithmIdentifier.
Returns
0 if successful or a specific ASN.1 or MPI error code.
mbedtls_asn1_get_alg_null#
int mbedtls_asn1_get_alg_null (unsigned char ** p, const unsigned char * end, mbedtls_asn1_buf * alg)
Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no params.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| unsigned char ** | N/A | p | On entry, |
| const unsigned char * | N/A | end | End of data. |
| mbedtls_asn1_buf * | N/A | alg | The buffer to receive the OID. |
Updates the pointer to immediately behind the full AlgorithmIdentifier.
Returns
0 if successful or a specific ASN.1 or MPI error code.
mbedtls_asn1_find_named_data#
const mbedtls_asn1_named_data * mbedtls_asn1_find_named_data (const mbedtls_asn1_named_data * list, const char * oid, size_t len)
Find a specific named_data entry in a sequence or list based on the OID.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| const mbedtls_asn1_named_data * | N/A | list | The list to seek through |
| const char * | N/A | oid | The OID to look for |
| size_t | N/A | len | Size of the OID |
Returns
NULL if not found, or a pointer to the existing entry.
mbedtls_asn1_free_named_data#
void mbedtls_asn1_free_named_data (mbedtls_asn1_named_data * entry)
Free a mbedtls_asn1_named_data entry.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| mbedtls_asn1_named_data * | N/A | entry | The named data entry to free. This function calls mbedtls_free() on |
mbedtls_asn1_free_named_data_list#
void mbedtls_asn1_free_named_data_list (mbedtls_asn1_named_data ** head)
Free all entries in a mbedtls_asn1_named_data list.
| Type | Direction | Argument Name | Description |
|---|---|---|---|
| mbedtls_asn1_named_data ** | N/A | head | Pointer to the head of the list of named data entries to free. This function calls mbedtls_asn1_free_named_data() and mbedtls_free() on each list element and sets |