The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
encode.c
Go to the documentation of this file.
1/*
2 * This library is free software; you can redistribute it and/or
3 * modify it under the terms of the GNU Lesser General Public
4 * License as published by the Free Software Foundation; either
5 * version 2.1 of the License, or (at your option) any later version.
6 *
7 * This library is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
10 * Lesser General Public License for more details.
11 *
12 * You should have received a copy of the GNU Lesser General Public
13 * License along with this library; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: f7db2e46f103d252039f4409d9b0e9b4679d0ca2 $
19 *
20 * @file protocols/der/encode.c
21 * @brief Functions to encode DER
22 *
23 * @copyright 2025 Network RADIUS SAS (legal@networkradius.com)
24 */
25RCSID("$Id: f7db2e46f103d252039f4409d9b0e9b4679d0ca2 $")
26
27#include <freeradius-devel/util/dbuff.h>
28#include <freeradius-devel/util/encode.h>
29#include <freeradius-devel/util/proto.h>
30#include <freeradius-devel/util/sbuff.h>
31#include <freeradius-devel/util/struct.h>
32#include <freeradius-devel/util/time.h>
33#include <freeradius-devel/util/dict_ext.h>
34
35#include <freeradius-devel/io/test_point.h>
36
37#include "der.h"
38
39typedef struct {
40 uint8_t *tmp_ctx; //!< Temporary context for encoding.
41} fr_der_encode_ctx_t;
42
43/** Function signature for DER encode functions
44 *
45 * @param[in] dbuff Where to encode the data.
46 * @param[in] cursor Where to encode the data from.
47 * @param[in] encode_ctx Any encode specific data.
48 * @return
49 * - > 0 on success. How many bytes were encoded.
50 * - 0 no bytes encoded.
51 * - < 0 on error. May be the offset (as a negative value) where the error occurred.
52 */
53typedef ssize_t (*fr_der_encode_t)(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx);
54
59
60
61static ssize_t fr_der_encode_oid_and_value(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx) CC_HINT(nonnull);
62static ssize_t fr_der_encode_choice(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx) CC_HINT(nonnull);
63
64/*
65 * We have per-type function names to make it clear that different types have different encoders.
66 * However, the methods to encode them are the same. So rather than having trampoline functions, we just
67 * use defines.
68 */
69#define fr_der_encode_enumerated fr_der_encode_integer
70
71
72static ssize_t fr_der_encode_len(fr_dbuff_t *dbuff, fr_dbuff_marker_t *length_start) CC_HINT(nonnull);
73static inline CC_HINT(always_inline) ssize_t
74 fr_der_encode_tag(fr_dbuff_t *dbuff, fr_der_tag_t tag_num, fr_der_tag_class_t tag_class,
75 fr_der_tag_constructed_t constructed) CC_HINT(nonnull);
76static ssize_t encode_value(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, void *encode_ctx);
77
78/** Compare two pairs by their tag number.
79 *
80 * @param[in] a First pair.
81 * @param[in] b Second pair.
82 * @return -1 if a < b, 0 if a == b, 1 if a > b.
83 */
84static inline CC_HINT(always_inline) int8_t fr_der_pair_cmp_by_da_tag(void const *a, void const *b)
85{
86 fr_pair_t const *my_a = a;
87 fr_pair_t const *my_b = b;
88
89 return CMP_PREFER_SMALLER(fr_der_flag_der_type(my_a->da), fr_der_flag_der_type(my_b->da));
90}
91
92static ssize_t encode_pair(fr_dbuff_t *dbuff, UNUSED fr_da_stack_t *da_stack, UNUSED unsigned int depth, fr_dcursor_t *cursor,
93 void *encode_ctx)
94{
95 return encode_value(dbuff, cursor, encode_ctx);
96}
97
98static ssize_t fr_der_encode_boolean(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
99{
100 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
101 fr_pair_t const *vp;
102 uint8_t value;
103
104 vp = fr_dcursor_current(cursor);
105 PAIR_VERIFY(vp);
106 fr_assert(!vp->da->flags.is_raw);
107
108 /*
109 * ISO/IEC 8825-1:2021
110 * 8.2 Encoding of a boolean value
111 * 8.2.1 The encoding of a boolean value shall be primitive.
112 * The contents octets shall consist of a single octet.
113 * 8.2.2 If the boolean value is:
114 * FALSE the octet shall be zero [0x00].
115 * If the boolean value is TRUE the octet shall have any non-zero value, as a sender's option.
116 *
117 * 11.1 Boolean values
118 * If the encoding represents the boolean value TRUE, its single contents octet shall have all
119 * eight bits set to one [0xFF]. (Contrast with 8.2.2.)
120 */
121 value = vp->vp_bool;
122
123 FR_DBUFF_IN_RETURN(&our_dbuff, (uint8_t)(value ? DER_BOOLEAN_TRUE : DER_BOOLEAN_FALSE));
124
125 return fr_dbuff_set(dbuff, &our_dbuff);
126}
127
128static ssize_t fr_der_encode_integer(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
129{
130 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
131 fr_pair_t const *vp;
132 uint64_t value;
133 uint8_t first_octet = 0;
134 size_t i, len;
135
136 vp = fr_dcursor_current(cursor);
137 PAIR_VERIFY(vp);
138 fr_assert(!vp->da->flags.is_raw);
139
140 /*
141 * ISO/IEC 8825-1:2021
142 * 8.3 Encoding of an integer value
143 * 8.3.1 The encoding of an integer value shall be primitive.
144 * The contents octets shall consist of one or more octets.
145 * 8.3.2 If the contents octets of an integer value encoding consist of more than one octet,
146 * then the bits of the first octet and bit 8 of the second octet:
147 * a) shall not all be ones; and
148 * b) shall not all be zero.
149 * NOTE - These rules ensure that an integer value is always encoded in the smallest possible number
150 * of octets. 8.3.3 The contents octets shall be a two's complement binary number equal to the
151 * integer value, and consisting of bits 8 to 1 of the first octet, followed by bits 8 to 1 of the
152 * second octet, followed by bits 8 to 1 of each octet in turn up to and including the last octet of
153 * the contents octets.
154 */
155
156 /*
157 * Some 'integer' types such as serialNumber are too
158 * large for 64-bits. So we just treat them as octet
159 * strings.
160 */
161 if (vp->da->type != FR_TYPE_INT64) {
162 fr_assert(vp->da->type == FR_TYPE_OCTETS);
163 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, vp->vp_octets, vp->vp_length);
164 return fr_dbuff_set(dbuff, &our_dbuff);
165 }
166
167 /*
168 * Yes, the type is FR_TYPE_INT64. But we encode the
169 * data as-is, without caring about things like signed
170 * math.
171 */
172 value = vp->vp_uint64;
173
174 for (i = 0, len = 0; i < sizeof(value); i++) {
175 uint8_t byte = (value >> 56) & 0xff;
176
177 value <<= 8;
178
179 if (len == 0) {
180 first_octet = byte;
181 len++;
182 continue;
183
184 } else if (len == 1) {
185 /*
186 * 8.3.2 If the contents octets of an integer value encoding consist of more than one
187 * octet, then the bits of the first octet and bit 8 of the second octet: a) shall not all
188 * be ones; and b) shall not all be zero.
189 */
190 if ((first_octet == 0xff && (byte & 0x80)) || ((first_octet == 0x00) && (byte >> 7 == 0))) {
191 if (i == sizeof(value) - 1) {
192 /*
193 * If this is the only byte, then we can encode it as a single byte.
194 */
195 FR_DBUFF_IN_RETURN(&our_dbuff, byte);
196 continue;
197 }
198
199 first_octet = byte;
200 continue;
201
202 } else {
203 FR_DBUFF_IN_RETURN(&our_dbuff, first_octet);
204 FR_DBUFF_IN_RETURN(&our_dbuff, byte);
205 len++;
206 continue;
207 }
208 }
209
210 FR_DBUFF_IN_RETURN(&our_dbuff, byte);
211 len++;
212 }
213
214 return fr_dbuff_set(dbuff, &our_dbuff);
215}
216
217static ssize_t fr_der_encode_bitstring(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
218{
219 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
220 fr_pair_t const *vp;
221 ssize_t slen;
222 uint8_t unused_bits = 0;
223
224 vp = fr_dcursor_current(cursor);
225 PAIR_VERIFY(vp);
226 fr_assert(!vp->da->flags.is_raw);
227
228 /*
229 * ISO/IEC 8825-1:2021
230 * 8.6 Encoding of a bitstring value
231 * 8.6.1 The encoding of a bitstring value shall be either primitive or constructed at the option
232 * of the sender.
233 * NOTE - Where it is necessary to transfer part of a bit string before the entire
234 * bitstring is available, the constructed encoding is used.
235 * 8.6.2 The contents octets for the primitive encoding shall contain an initial octet followed
236 * by zero, one or more subsequent octets.
237 * 8.6.2.1 The bits in the bitstring value, commencing with the leading bit and proceeding
238 * to the trailing bit, shall be placed in bits 8 to 1 of the first subsequent
239 * octet, followed by bits 8 to 1 of the second subsequent octet, followed by bits
240 * 8 to 1 of each octet in turn, followed by as many bits as are needed of the
241 * final subsequent octet, commencing with bit 8.
242 * NOTE - The terms "leading bit" and "trailing bit" are defined in
243 * Rec. ITU-T X.680 | ISO/IEC 8824-1, 22.2.
244 * 8.6.2.2 The initial octet shall encode, as an unsigned binary integer with bit 1 as the
245 * least significant bit, the number of unused bits in the final subsequent octet.
246 * The number shall be in the range zero to seven.
247 * 8.6.2.3 If the bitstring is empty, there shall be no subsequent octets, and the initial
248 * octet shall be zero.
249 *
250 * 10.2 String encoding forms
251 * For bitstring, octetstring and restricted character string types, the constructed form of
252 * encoding shall not be used. (Contrast with 8.23.6.)
253 *
254 * 11.2 Unused bits 11.2.1 Each unused bit in the final octet of the encoding of a bit string value shall
255 * be set to zero.
256 */
257
258 if (fr_type_is_struct(vp->vp_type)) {
259 /*
260 * For struct type, we need to encode the struct as a bitstring using the
261 * fr_struct_to_network function.
262 */
263 unsigned int depth = vp->da->depth - 1;
264 fr_da_stack_t da_stack;
265 fr_dbuff_t work_dbuff = FR_DBUFF(&our_dbuff);
266 fr_dbuff_marker_t unused_bits_marker;
267 uint8_t last_byte = 0;
268
269 fr_dbuff_marker(&unused_bits_marker, &work_dbuff);
270 FR_DBUFF_ADVANCE_RETURN(&work_dbuff, 1);
271
272 fr_proto_da_stack_build(&da_stack, vp->da);
273
274 FR_PROTO_STACK_PRINT(&da_stack, depth);
275
276 slen = fr_struct_to_network(&work_dbuff, &da_stack, depth, cursor, encode_ctx, NULL, NULL);
277 if (slen < 0) {
278 fr_strerror_printf("Failed to encode struct: %s", fr_strerror());
279 return slen;
280 }
281
282 /*
283 * We need to trim any empty trailing octets
284 */
285 while ((slen > 1) && (fr_dbuff_current(&work_dbuff) != fr_dbuff_start(&work_dbuff))) {
286 uint8_t byte;
287
288 /*
289 * Move the dbuff cursor back by one byte
290 */
291 fr_dbuff_set(&work_dbuff, fr_dbuff_current(&work_dbuff) - sizeof(byte));
292
293 if (fr_dbuff_out(&byte, &work_dbuff) < 0) {
294 fr_strerror_const("Failed to read byte");
295 return -1;
296 }
297
298 if (byte != 0) break;
299
300 /*
301 * Trim this byte from the buff
302 */
303 fr_dbuff_set_end(&work_dbuff, fr_dbuff_current(&work_dbuff) - sizeof(byte));
304 fr_dbuff_set(&work_dbuff, fr_dbuff_current(&work_dbuff) - (sizeof(byte) * 2));
305 slen--;
306 }
307
308 /*
309 * Grab the last octet written to the dbuff and count the number of trailing 0 bits
310 */
311 if (fr_dbuff_out(&last_byte, &work_dbuff) < 0) {
312 fr_strerror_const("Failed to read last byte");
313 return -1;
314 }
315
316 while ((last_byte != 0) && ((last_byte & 0x01) == 0)) {
317 unused_bits++;
318 last_byte >>= 1;
319 }
320
321 /*
322 * Write the unused bits
323 */
324 fr_dbuff_set(&our_dbuff, fr_dbuff_current(&unused_bits_marker));
325 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, &unused_bits, 1);
326
327 /*
328 * Copy the work dbuff to the output dbuff
329 */
330 fr_dbuff_set(&work_dbuff, &our_dbuff);
331 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, &work_dbuff, (size_t)slen);
332
333 return fr_dbuff_set(dbuff, &our_dbuff);
334 }
335
336 /*
337 * For octets type, we do not need to write the unused bits portion
338 * because this information should be retained when encoding/decoding.
339 */
340 if (vp->vp_length == 0) {
341 FR_DBUFF_IN_RETURN(&our_dbuff, (uint8_t) 0x00);
342
343 } else {
344 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, vp->vp_octets, vp->vp_length);
345 }
346
347 return fr_dbuff_set(dbuff, &our_dbuff);
348}
349
350static ssize_t fr_der_encode_ipv4_addr(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
351{
352 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
353 fr_pair_t const *vp;
354
355 vp = fr_dcursor_current(cursor);
356 PAIR_VERIFY(vp);
357 fr_assert(!vp->da->flags.is_raw);
358
359 /*
360 * RFC3779 Section 2.1.1.
361 *
362 * An IP address or prefix is encoded in the IP address delegation
363 * extension as a DER-encoded ASN.1 BIT STRING containing the constant
364 * most-significant bits. Recall [X.690] that the DER encoding of a BIT
365 * STRING consists of the BIT STRING type (0x03), followed by (an
366 * encoding of) the number of value octets, followed by the value. The
367 * value consists of an "initial octet" that specifies the number of
368 * unused bits in the last value octet, followed by the "subsequent
369 * octets" that contain the octets of the bit string. (For IP
370 * addresses, the encoding of the length will be just the length.)
371 */
372
373 /*
374 * The number of unused bits in the last byte is always zero.
375 */
376 FR_DBUFF_IN_RETURN(&our_dbuff, (uint8_t) 0x00);
377 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, (uint8_t const *) &vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr));
378
379 return fr_dbuff_set(dbuff, &our_dbuff);
380}
381
382static ssize_t fr_der_encode_ipv4_prefix(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
383{
384 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
385 fr_pair_t const *vp;
386 size_t len;
387
388 vp = fr_dcursor_current(cursor);
389 PAIR_VERIFY(vp);
390 fr_assert(!vp->da->flags.is_raw);
391
392 if (vp->vp_ip.prefix == 0) {
393 FR_DBUFF_IN_RETURN(&our_dbuff, (uint8_t) 0x00);
394 return fr_dbuff_set(dbuff, &our_dbuff);
395 }
396
397 /*
398 * RFC3779 Section 2.1.1.
399 *
400 * An IP address or prefix is encoded in the IP address delegation
401 * extension as a DER-encoded ASN.1 BIT STRING containing the constant
402 * most-significant bits. Recall [X.690] that the DER encoding of a BIT
403 * STRING consists of the BIT STRING type (0x03), followed by (an
404 * encoding of) the number of value octets, followed by the value. The
405 * value consists of an "initial octet" that specifies the number of
406 * unused bits in the last value octet, followed by the "subsequent
407 * octets" that contain the octets of the bit string. (For IP
408 * addresses, the encoding of the length will be just the length.)
409 */
410 if (vp->vp_ip.prefix == 32) {
411 FR_DBUFF_IN_RETURN(&our_dbuff, (uint8_t) 0x00);
412 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, (uint8_t const *) &vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr));
413 return fr_dbuff_set(dbuff, &our_dbuff);
414 }
415
416 FR_DBUFF_IN_RETURN(&our_dbuff, (uint8_t) (8 - (vp->vp_ip.prefix & 0x07)));
417
418 len = (vp->vp_ip.prefix + 0x07) >> 3;
419
420 if (len) FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, (uint8_t const *) &vp->vp_ipv4addr, len);
421
422 return fr_dbuff_set(dbuff, &our_dbuff);
423}
424
425static ssize_t fr_der_encode_ipv6_addr(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
426{
427 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
428 fr_pair_t const *vp;
429
430 vp = fr_dcursor_current(cursor);
431 PAIR_VERIFY(vp);
432 fr_assert(!vp->da->flags.is_raw);
433
434 /*
435 * RFC3779 Section 2.1.1.
436 *
437 * An IP address or prefix is encoded in the IP address delegation
438 * extension as a DER-encoded ASN.1 BIT STRING containing the constant
439 * most-significant bits. Recall [X.690] that the DER encoding of a BIT
440 * STRING consists of the BIT STRING type (0x03), followed by (an
441 * encoding of) the number of value octets, followed by the value. The
442 * value consists of an "initial octet" that specifies the number of
443 * unused bits in the last value octet, followed by the "subsequent
444 * octets" that contain the octets of the bit string. (For IP
445 * addresses, the encoding of the length will be just the length.)
446 */
447
448 /*
449 * The number of unused bits in the last byte is always zero.
450 */
451 FR_DBUFF_IN_RETURN(&our_dbuff, (uint8_t) 0x00);
452 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, (uint8_t const *) &vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
453
454 return fr_dbuff_set(dbuff, &our_dbuff);
455}
456
457static ssize_t fr_der_encode_ipv6_prefix(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
458{
459 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
460 fr_pair_t const *vp;
461 size_t len;
462
463 vp = fr_dcursor_current(cursor);
464 PAIR_VERIFY(vp);
465 fr_assert(!vp->da->flags.is_raw);
466
467 /*
468 * RFC3779 Section 2.1.1.
469 *
470 * An IP address or prefix is encoded in the IP address delegation
471 * extension as a DER-encoded ASN.1 BIT STRING containing the constant
472 * most-significant bits. Recall [X.690] that the DER encoding of a BIT
473 * STRING consists of the BIT STRING type (0x03), followed by (an
474 * encoding of) the number of value octets, followed by the value. The
475 * value consists of an "initial octet" that specifies the number of
476 * unused bits in the last value octet, followed by the "subsequent
477 * octets" that contain the octets of the bit string. (For IP
478 * addresses, the encoding of the length will be just the length.)
479 */
480
481 if (vp->vp_ip.prefix == 128) {
482 FR_DBUFF_IN_RETURN(&our_dbuff, (uint8_t) 0x00);
483 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, (uint8_t const *) &vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
484 return fr_dbuff_set(dbuff, &our_dbuff);
485 }
486
487 FR_DBUFF_IN_RETURN(&our_dbuff, (uint8_t) (8 - (vp->vp_ip.prefix & 0x07)));
488
489 len = (vp->vp_ip.prefix + 0x07) >> 3;
490
491 if (len) FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, (uint8_t const *) &vp->vp_ipv6addr, len);
492
493 return fr_dbuff_set(dbuff, &our_dbuff);
494}
495
496
497static ssize_t fr_der_encode_combo_ip(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
498{
499 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
500 fr_pair_t const *vp;
501
502 vp = fr_dcursor_current(cursor);
503 PAIR_VERIFY(vp);
504 fr_assert(!vp->da->flags.is_raw);
505
506 /*
507 * RFC5280 Section 4.2.1.6
508 *
509 * When the subjectAltName extension contains an iPAddress, the address
510 * MUST be stored in the octet string in "network byte order", as
511 * specified in [RFC791]. The least significant bit (LSB) of each octet
512 * is the LSB of the corresponding byte in the network address. For IP
513 * version 4, as specified in [RFC791], the octet string MUST contain
514 * exactly four octets. For IP version 6, as specified in
515 * [RFC2460], the octet string MUST contain exactly sixteen octets.
516 */
517 if (vp->vp_ip.af == AF_INET) {
518 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, (uint8_t const *) &vp->vp_ipv4addr, sizeof(vp->vp_ipv4addr));
519 } else {
520 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, (uint8_t const *) &vp->vp_ipv6addr, sizeof(vp->vp_ipv6addr));
521 }
522
523 return fr_dbuff_set(dbuff, &our_dbuff);
524}
525
526
527static ssize_t fr_der_encode_octetstring(fr_dbuff_t *dbuff, fr_dcursor_t *cursor,
528 UNUSED fr_der_encode_ctx_t *encode_ctx)
529{
530 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
531 fr_pair_t const *vp;
532
533 vp = fr_dcursor_current(cursor);
534 PAIR_VERIFY(vp);
535 /* can be raw! */
536
537 /*
538 * ISO/IEC 8825-1:2021
539 * 8.7 Encoding of an octetstring value
540 * 8.7.1 The encoding of an octetstring value shall be either primitive or constructed at the
541 * option of the sender.
542 * NOTE - Where it is necessary to transfer part of an octet string before the entire
543 * octetstring is available, the constructed encoding is used.
544 * 8.7.2 The primitive encoding contains zero, one or more contents octets equal in value to the
545 * octets in the data value, in the order they appear in the data value, and with the most
546 * significant bit of an octet of the data value aligned with the most significant bit of an
547 * octet of the contents octets.
548 * 8.7.3 The contents octets for the constructed encoding shall consist of zero, one, or more
549 * encodings.
550 * NOTE - Each such encoding includes identifier, length, and contents octets, and may
551 * include end-of-contents octets if it is constructed.
552 * 8.7.3.1 To encode an octetstring value in this way, it is segmented. Each segment shall
553 * consist of a series of consecutive octets of the value. There shall be no
554 * significance placed on the segment boundaries.
555 * NOTE - A segment may be of size zero, i.e. contain no octets.
556 *
557 * 10.2 String encoding forms
558 * For bitstring, octetstring and restricted character string types, the constructed form of
559 * encoding shall not be used. (Contrast with 8.23.6.)
560 */
561 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, vp->vp_octets, vp->vp_length);
562
563 return fr_dbuff_set(dbuff, &our_dbuff);
564}
565
566
567static ssize_t fr_der_encode_null(UNUSED fr_dbuff_t *dbuff, fr_dcursor_t *cursor,
568 UNUSED fr_der_encode_ctx_t *encode_ctx)
569{
570 fr_pair_t const *vp;
571
572 vp = fr_dcursor_current(cursor);
573 PAIR_VERIFY(vp);
574 fr_assert(!vp->da->flags.is_raw);
575
576 /*
577 * ISO/IEC 8825-1:2021
578 * 8.8 Encoding of a null value
579 * 8.8.1 The encoding of a null value shall be primitive.
580 * 8.8.2 The contents octets shall not contain any octets.
581 * NOTE - The length must be zero.
582 */
583 if (vp->vp_length != 0) {
584 fr_strerror_printf("Null has non-zero length %zu", vp->vp_length);
585 return -1;
586 }
587
588 return 0;
589}
590
591static ssize_t fr_der_encode_oid_from_value(fr_dbuff_t *dbuff, uint64_t value, uint64_t *component, int *count)
592{
593 fr_dbuff_t our_dbuff;
594 int i;
595 uint64_t oid;
596
597 /*
598 * The first subidentifier is the encoding of the first two object identifier components, encoded as:
599 * (X * 40) + Y
600 * where X is the first number and Y is the second number.
601 * The first number is 0, 1, or 2.
602 */
603 if (*count == 0) {
604 if (!((value == 0) || (value == 1) || (value == 2))) {
605 fr_strerror_printf("Invalid value %" PRIu64 " for initial component", value);
606 return -1;
607 }
608
609 *component = value;
610 (*count)++;
611 return 0;
612 }
613
614 if (*count == 1) {
615 if ((*component < 2) && (value > 40)) {
616 fr_strerror_printf("Invalid value %" PRIu64 " for second component", value);
617 return -1;
618 }
619
620 oid = *component * 40 + value;
621 } else {
622 oid = value;
623 }
624
625 our_dbuff = FR_DBUFF(dbuff);
626
627 /*
628 * Encode the number as 7-bit chunks. Just brute-force over all bits, as doing that ends
629 * up being fast enough.
630 *
631 * i.e. if we did anything else to count bits, it would end up with pretty much the same
632 * code.
633 */
634 for (i = 63; i >= 0; i -= 7) {
635 uint8_t more, part;
636
637 part = (oid >> i) & 0x7f;
638 if (!part) continue;
639
640 more = ((uint8_t) (i > 0)) << 7;
641
642 FR_DBUFF_IN_RETURN(&our_dbuff, (uint8_t) (more | part));
643 }
644
645 (*count)++;
646
647 return fr_dbuff_set(dbuff, &our_dbuff);
648}
649
650static ssize_t fr_der_encode_oid(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
651{
652 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
653 fr_pair_t const *vp;
654 uint64_t component;
655 int count = 0;
656 unsigned long long oid;
657 char const *start;
658 char *end = NULL;
659
660 vp = fr_dcursor_current(cursor);
661 PAIR_VERIFY(vp);
662 fr_assert(!vp->da->flags.is_raw);
663
664 /*
665 * ISO/IEC 8825-1:2021
666 * 8.19 Encoding of an object identifier value
667 * 8.19.1 The encoding of an object identifier value shall be primitive.
668 * 8.19.2 The contents octets shall be an (ordered) list of encodings of subidentifiers (see 8.19.3
669 * and 8.19.4) concatenated together. Each subidentifier is represented as a series of
670 * (one or more) octets. Bit 8 of each octet indicates whether it is the last in the series: bit 8
671 * of the last octet is zero; bit 8 of each preceding octet is one. Bits 7 to 1 of the octets in
672 * the series collectively encode the subidentifier. Conceptually, these groups of bits are
673 * concatenated to form an unsigned binary number whose most significant bit is bit 7 of the first
674 * octet and whose least significant bit is bit 1 of the last octet. The subidentifier shall be
675 * encoded in the fewest possible octets, that is, the leading octet of the subidentifier shall not
676 * have the value 8016.
677 * 8.19.3 The number of subidentifiers (N) shall be one less than the number of object identifier
678 * components in the object identifier value being encoded. 8.19.4 The numerical value of the
679 * first subidentifier is derived from the values of the first two object identifier components in
680 * the object identifier value being encoded, using the formula: (X*40) + Y where X is the value
681 * of the first object identifier component and Y is the value of the second object identifier
682 * component. NOTE - This packing of the first two object identifier components recognizes that
683 * only three values are allocated from the root node, and at most 39 subsequent values from nodes
684 * reached by X = 0 and X = 1. 8.19.5 The numerical value of the ith subidentifier, (2 <= i <= N) is
685 * that of the (i + 1)th object identifier component.
686 */
687
688
689 /*
690 * Parse each OID component.
691 */
692 for (start = vp->vp_strvalue; *start != '\0'; start = end + 1) {
693 ssize_t slen;
694
695 /*
696 * Parse the component.
697 */
698 oid = strtoull(start, &end, 10);
699 if ((oid == ULLONG_MAX) || (*end && (*end != '.'))) {
700 fr_strerror_const("Invalid OID");
701 return -1;
702 }
703
704 slen = fr_der_encode_oid_from_value(&our_dbuff, oid, &component, &count);
705 if (slen < 0) return -1;
706 }
707
708 if (count <= 2) {
709 fr_strerror_printf("Invalid OID '%s' - too short", vp->vp_strvalue);
710 return -1;
711 }
712
713 return fr_dbuff_set(dbuff, &our_dbuff);
714}
715
716static ssize_t fr_der_encode_sequence(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
717{
718 fr_pair_t *vp;
719
720 vp = fr_dcursor_current(cursor);
721 PAIR_VERIFY(vp);
722 fr_assert(!vp->da->flags.is_raw);
723
724 fr_assert(fr_type_is_group(vp->vp_type) || fr_type_is_tlv(vp->vp_type));
725
726 /*
727 * ISO/IEC 8825-1:2021
728 * 8.9 Encoding of a sequence value
729 * 8.9.1 The encoding of a sequence value shall be constructed.
730 * 8.9.2 The contents octets shall consist of the complete encoding of one data value from each of
731 * the types listed in the ASN.1 definition of the sequence type, in the order of their
732 * appearance in the definition, unless the type was referenced with the keyword OPTIONAL
733 * or the keyword DEFAULT.
734 * 8.9.3 The encoding of a data value may, but need not, be present for a type referenced with the
735 * keyword OPTIONAL or the keyword DEFAULT. If present, it shall appear in the order of
736 * appearance of the corresponding type in the ASN.1 definition.
737 *
738 * 11.5 Set and sequence components with default value
739 * The encoding of a set value or sequence value shall not include an encoding for any component
740 * value which is equal to its default value.
741 */
742 if (fr_type_is_group(vp->vp_type) && fr_der_flag_is_oid_and_value(vp->da)) {
743 return fr_der_encode_oid_and_value(dbuff, cursor, encode_ctx);
744 }
745
746 return fr_der_encode_choice(dbuff, cursor, encode_ctx);
747}
748
749typedef struct {
750 uint8_t *data; //!< Pointer to the start of the encoded item (beginning of the tag)
751 size_t len; //!< Length of the encoded item (tag + length + value)
752} fr_der_encode_set_of_ptr_pairs_t;
753
754/*
755 * Lexicographically sort the set of pairs
756 */
757static int CC_HINT(nonnull) fr_der_encode_set_of_cmp(void const *one, void const *two)
758{
759 fr_der_encode_set_of_ptr_pairs_t const *a = one;
760 fr_der_encode_set_of_ptr_pairs_t const *b = two;
761
762 if (a->len >= b->len) {
763 return memcmp(a->data, b->data, a->len);
764 }
765
766 return memcmp(a->data, b->data, b->len);
767}
768
769static ssize_t fr_der_encode_set(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
770{
771 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
772 fr_pair_t *vp;
773 ssize_t slen;
774
775 vp = fr_dcursor_current(cursor);
776 PAIR_VERIFY(vp);
777 fr_assert(!vp->da->flags.is_raw);
778
779 fr_assert(fr_type_is_tlv(vp->vp_type));
780
781 /*
782 * ISO/IEC 8825-1:2021
783 * 8.11 Encoding of a set value
784 * 8.11.1 The encoding of a set value shall be constructed.
785 * 8.11.2 The contents octets shall consist of the complete encoding of one data value from each
786 * of the types listed in the ASN.1 definition of the set type, in an order chosen by the
787 * sender, unless the type was referenced with the keyword OPTIONAL or the keyword DEFAULT.
788 * 8.11.3 The encoding of a data value may, but need not, be present for a type referenced with the
789 * keyword OPTIONAL or the keyword DEFAULT.
790 *
791 * 11.5 Set and sequence components with default value
792 * The encoding of a set value or sequence value shall not include an encoding for any component
793 * value which is equal to its default value.
794 *
795 * ISO/IEC 8825-1:2021
796 * 8.12 Encoding of a set-of value
797 * 8.12.1 The encoding of a set-of value shall be constructed.
798 * 8.12.2 The text of 8.10.2 applies.
799 * 8.12.3 The order of data values need not be preserved by the encoding and subsequent decoding.
800 *
801 * 11.6 Set-of components
802 * The encodings of the component values of a set-of value shall appear in ascending order, the
803 * encodings being compared as octet strings with the shorter components being padded at their
804 * trailing end with 0-octets.
805 * NOTE - The padding octets are for comparison purposes only and do not appear in the
806 * encodings.
807 */
808
809 if (fr_der_flag_is_set_of(vp->da)) {
810 /*
811 * Set-of items will all have the same tag, so we need to sort them lexicographically
812 */
813 size_t i, count;
814 fr_dbuff_t work_dbuff;
815 fr_der_encode_set_of_ptr_pairs_t *ptr_pairs;
816 uint8_t *buff;
817 fr_da_stack_t da_stack;
818 fr_dcursor_t child_cursor;
819
820 /*
821 * This can happen, but is possible.
822 */
823 count = fr_pair_list_num_elements(&vp->children);
824 if (unlikely(!count)) return 0;
825
826 /*
827 * Sets can be nested, so we have to use local buffers when sorting.
828 */
829 buff = talloc_array(encode_ctx->tmp_ctx, uint8_t, fr_dbuff_remaining(&our_dbuff));
830 fr_assert(buff != NULL);
831
832 ptr_pairs = talloc_array(buff, fr_der_encode_set_of_ptr_pairs_t, count);
833 if (unlikely(ptr_pairs == NULL)) {
834 fr_strerror_const("Failed to allocate memory for set of pointers");
835 talloc_free(buff);
836 return -1;
837 }
838
839 /*
840 * Now that we have our intermediate buffers, initialize the buffers and start encoding.
841 */
842 fr_dbuff_init(&work_dbuff, buff, fr_dbuff_remaining(&our_dbuff));
843
844 fr_proto_da_stack_build(&da_stack, vp->da);
845
846 FR_PROTO_STACK_PRINT(&da_stack, vp->da->depth - 1);
847
848 fr_pair_dcursor_child_iter_init(&child_cursor, &vp->children, cursor);
849
850 for (i = 0; fr_dcursor_current(&child_cursor) != NULL; i++) {
851 ptr_pairs[i].data = fr_dbuff_current(&work_dbuff);
852
853 slen = encode_value(&work_dbuff, &child_cursor, encode_ctx);
854 if (unlikely(slen < 0)) {
855 fr_strerror_printf("Failed to encode pair: %s", fr_strerror());
856 talloc_free(buff);
857 return slen;
858 }
859
860 ptr_pairs[i].len = slen;
861 }
862
863 fr_assert(i <= count);
864 count = i;
865
866 /*
867 * If there's a "min" for this set, then we can't do anything about it.
868 */
869 if (unlikely(!count)) goto done;
870
871 /*
872 * If there's only one child, we don't need to sort it.
873 */
874 if (count > 1) qsort(ptr_pairs, count, sizeof(fr_der_encode_set_of_ptr_pairs_t), fr_der_encode_set_of_cmp);
875
876 /*
877 * The data in work_dbuff is always less than the data in the our_dbuff, so we don't need
878 * to check the return value here.
879 */
880 for (i = 0; i < count; i++) {
881 (void) fr_dbuff_in_memcpy(&our_dbuff, ptr_pairs[i].data, ptr_pairs[i].len);
882 }
883
884 done:
885 talloc_free(buff);
886
887 return fr_dbuff_set(dbuff, &our_dbuff);
888 }
889
890 /*
891 * Children of a set are ordered by tag. However, as each tag can only be used once, this is a
892 * unique order.
893 */
894 fr_pair_list_sort(&vp->children, fr_der_pair_cmp_by_da_tag);
895
896 return fr_der_encode_choice(dbuff, cursor, encode_ctx);
897}
898
899static ssize_t fr_der_encode_utc_time(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
900{
901 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
902 fr_pair_t const *vp;
903 fr_sbuff_t time_sbuff;
904 char fmt_time[50] = { 0 };
905 size_t i;
906
907 fmt_time[0] = '\0';
908 time_sbuff = FR_SBUFF_OUT(fmt_time, sizeof(fmt_time));
909
910 vp = fr_dcursor_current(cursor);
911 PAIR_VERIFY(vp);
912 fr_assert(!vp->da->flags.is_raw);
913
914 /*
915 * ISO/IEC 8825-1:2021
916 * 8.25 Encoding for values of the useful types
917 * The following "useful types" shall be encoded as if they had been replaced by their definitions
918 * given in clauses 46-48 of Rec. ITU-T X.680 | ISO/IEC 8824-1:
919 * - generalized time;
920 * - universal time;
921 * - object descriptor.
922 *
923 * 8.26 Encoding for values of the TIME type and the useful time types
924 * 8.26 Encoding for values of the TIME type and the useful time types 8.26.1 Encoding for values
925 * of the TIME type NOTE - The defined time types are subtypes of the TIME type, with the same
926 * tag, and have the same encoding as the TIME type. 8.26.1.1 The encoding of the TIME type shall
927 * be primitive. 8.26.1.2 The contents octets shall be the UTF-8 encoding of the value notation,
928 * after the removal of initial and final QUOTATION MARK (34) characters.
929 *
930 * 11.8 UTCTime
931 * 11.8.1 The encoding shall terminate with "Z", as described in the ITU-T X.680 | ISO/IEC 8824-1
932 * clause on UTCTime.
933 * 11.8.2 The seconds element shall always be present.
934 * 11.8.3 Midnight (GMT) shall be represented as "YYMMDD000000Z", where "YYMMDD" represents the
935 * day following the midnight in question.
936 */
937
938 /*
939 * The format of a UTC time is "YYMMDDhhmmssZ"
940 * Where:
941 * 1. YY is the year
942 * 2. MM is the month
943 * 3. DD is the day
944 * 4. hh is the hour
945 * 5. mm is the minute
946 * 6. ss is the second (not optional in DER)
947 * 7. Z is the timezone (UTC)
948 */
949 fr_unix_time_to_str(&time_sbuff, vp->vp_date, FR_TIME_RES_SEC, true);
950
951 /*
952 * Remove the century from the year
953 */
954 fr_sbuff_shift(&time_sbuff, 2, false);
955
956 /*
957 * Trim the time string of any unwanted characters
958 */
959 for (i = 0; i < sizeof(fmt_time); i++) {
960 if (fmt_time[i] == '\0') {
961 break;
962 }
963
964 if ((fmt_time[i] == '-') || (fmt_time[i] == 'T') || (fmt_time[i] == ':')) {
965 size_t j = i;
966
967 while (fmt_time[j] != '\0') {
968 fmt_time[j] = fmt_time[j + 1];
969 j++;
970 }
971
972 fmt_time[j] = '\0';
973
974 continue;
975 }
976 }
977
978 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, fmt_time, DER_UTC_TIME_LEN);
979
980 return fr_dbuff_set(dbuff, &our_dbuff);
981}
982
983static ssize_t fr_der_encode_generalized_time(fr_dbuff_t *dbuff, fr_dcursor_t *cursor,
984 UNUSED fr_der_encode_ctx_t *encode_ctx)
985{
986 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
987 fr_pair_t const *vp;
988 fr_sbuff_t time_sbuff;
989 char fmt_time[50] = { 0 };
990 size_t i;
991
992 fmt_time[0] = '\0';
993 time_sbuff = FR_SBUFF_OUT(fmt_time, sizeof(fmt_time));
994
995 vp = fr_dcursor_current(cursor);
996 PAIR_VERIFY(vp);
997 fr_assert(!vp->da->flags.is_raw);
998
999 /*
1000 * ISO/IEC 8825-1:2021
1001 * 8.25 Encoding for values of the useful types
1002 * The following "useful types" shall be encoded as if they had been replaced by their definitions
1003 * given in clauses 46-48 of Rec. ITU-T X.680 | ISO/IEC 8824-1:
1004 * - generalized time;
1005 * - universal time;
1006 * - object descriptor.
1007 *
1008 * 8.26 Encoding for values of the TIME type and the useful time types
1009 * 8.26 Encoding for values of the TIME type and the useful time types 8.26.1 Encoding for values
1010 * of the TIME type NOTE - The defined time types are subtypes of the TIME type, with the same
1011 * tag, and have the same encoding as the TIME type. 8.26.1.1 The encoding of the TIME type shall
1012 * be primitive. 8.26.1.2 The contents octets shall be the UTF-8 encoding of the value notation,
1013 * after the removal of initial and final QUOTATION MARK (34) characters.
1014 *
1015 * 11.7 GeneralizedTime
1016 * 11.7.1 The encoding shall terminate with a "Z", as described in the Rec. ITU-T X.680 | ISO/IEC
1017 * 8824-1 clause on GeneralizedTime.
1018 * 11.7.2 The seconds element shall always be present.
1019 * 11.7.3 The fractional-seconds elements, if present, shall omit all trailing zeros; if the
1020 * elements correspond to 0, they shall be wholly omitted, and the decimal point element
1021 * also shall be omitted.
1022 */
1023
1024 /*
1025 * The format of a generalized time is "YYYYMMDDHHMMSS[.fff]Z"
1026 * Where:
1027 * 1. YYYY is the year
1028 * 2. MM is the month
1029 * 3. DD is the day
1030 * 4. HH is the hour
1031 * 5. MM is the minute
1032 * 6. SS is the second
1033 * 7. fff is the fraction of a second (optional)
1034 * 8. Z is the timezone (UTC)
1035 */
1036
1037 fr_unix_time_to_str(&time_sbuff, vp->vp_date, FR_TIME_RES_USEC, true);
1038
1039 /*
1040 * Trim the time string of any unwanted characters
1041 */
1042 for (i = 0; i < sizeof(fmt_time); i++) {
1043 if (fmt_time[i] == '\0') {
1044 break;
1045 }
1046
1047 if ((fmt_time[i] == '-') || (fmt_time[i] == 'T') || (fmt_time[i] == ':')) {
1048 size_t j = i;
1049
1050 while (fmt_time[j] != '\0') {
1051 fmt_time[j] = fmt_time[j + 1];
1052 j++;
1053 }
1054
1055 fmt_time[j] = '\0';
1056
1057 continue;
1058 }
1059
1060 if (fmt_time[i] == '.') {
1061 /*
1062 * Remove any trailing zeros
1063 */
1064 size_t j = strlen(fmt_time) - 2;
1065
1066 while (fmt_time[j] == '0') {
1067 fmt_time[j] = fmt_time[j + 1];
1068 fmt_time[j + 1] = '\0';
1069 j--;
1070 }
1071
1072 /*
1073 * Remove the decimal point if there are no fractional seconds
1074 */
1075 if (j == i) {
1076 fmt_time[i] = fmt_time[i + 1];
1077 fmt_time[i + 1] = '\0';
1078 }
1079 }
1080 }
1081
1082 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, fmt_time, i);
1083
1084 return fr_dbuff_set(dbuff, &our_dbuff);
1085}
1086
1087/** Encode a CHOICE type
1088 *
1089 * @param[in] dbuff Buffer to write the encoded data to
1090 * @param[in] cursor Cursor to the pair to encode
1091 * @param[in] encode_ctx Encoding context
1092 *
1093 * @return Number of bytes written to the buffer, or -1 on error
1094 */
1095static ssize_t fr_der_encode_choice(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
1096{
1097 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
1098 fr_pair_t const *vp;
1099 fr_da_stack_t da_stack;
1100 fr_dcursor_t child_cursor;
1101 ssize_t slen = 0;
1102
1103 vp = fr_dcursor_current(cursor);
1104 PAIR_VERIFY(vp);
1105 fr_assert(!vp->da->flags.is_raw);
1106
1107 fr_proto_da_stack_build(&da_stack, vp->da);
1108
1109 FR_PROTO_STACK_PRINT(&da_stack, vp->da->depth - 1);
1110
1111 fr_pair_dcursor_child_iter_init(&child_cursor, &vp->children, cursor);
1112
1113 slen = fr_pair_cursor_to_network(&our_dbuff, &da_stack, vp->da->depth - 1, &child_cursor, encode_ctx, encode_pair);
1114 if (slen < 0) return -1;
1115
1116 return fr_dbuff_set(dbuff, &our_dbuff);
1117}
1118
1119static ssize_t fr_der_encode_X509_extensions(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
1120{
1121 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
1122 fr_dbuff_marker_t outer_seq_len_start;
1123 fr_dcursor_t child_cursor, root_cursor, parent_cursor;
1124 fr_pair_t const *vp;
1125 ssize_t slen = 0;
1126 size_t is_critical = 0;
1127 uint64_t max, num;
1128
1129 vp = fr_dcursor_current(cursor);
1130 PAIR_VERIFY(vp);
1131 fr_assert(!vp->da->flags.is_raw);
1132
1133 fr_assert(fr_type_is_group(vp->vp_type));
1134
1135 /*
1136 * RFC 5280 Section 4.2
1137 * The extensions defined for X.509 v3 certificates provide methods for
1138 * associating additional attributes with users or public keys and for
1139 * managing relationships between CAs. The X.509 v3 certificate format
1140 * also allows communities to define private extensions to carry
1141 * information unique to those communities. Each extension in a
1142 * certificate is designated as either critical or non-critical.
1143 *
1144 * Each extension includes an OID and an ASN.1 structure. When an
1145 * extension appears in a certificate, the OID appears as the field
1146 * extnID and the corresponding ASN.1 DER encoded structure is the value
1147 * of the octet string extnValue.
1148 *
1149 * RFC 5280 Section A.1 Explicitly Tagged Module, 1988 Syntax
1150 * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
1151 *
1152 * Extension ::= SEQUENCE {
1153 * extnID OBJECT IDENTIFIER,
1154 * critical BOOLEAN DEFAULT FALSE,
1155 * extnValue OCTET STRING
1156 * -- contains the DER encoding of an ASN.1 value
1157 * -- corresponding to the extension type identified
1158 * -- by extnID
1159 * }
1160 *
1161 * So the extensions are a SEQUENCE of SEQUENCEs containing an OID, a boolean and an OCTET STRING.
1162 * Note: If the boolean value is false, it is not included in the encoding.
1163 */
1164
1165 max = fr_der_flag_max(vp->da); /* Maximum number of extensions specified in the dictionary */
1166 num = 0;
1167
1168 slen = fr_der_encode_tag(&our_dbuff, FR_DER_TAG_SEQUENCE, FR_DER_CLASS_UNIVERSAL, FR_DER_TAG_CONSTRUCTED);
1169 if (slen < 0) return slen;
1170
1171 fr_dbuff_marker(&outer_seq_len_start, &our_dbuff);
1172 FR_DBUFF_ADVANCE_RETURN(&our_dbuff, 1);
1173
1174 FR_PROTO_HEX_DUMP(fr_dbuff_start(&our_dbuff), fr_dbuff_used(&our_dbuff),"BEFORE encoded X509 extension");
1175
1176 fr_pair_dcursor_child_iter_init(&root_cursor, &vp->children, cursor);
1177 fr_dcursor_copy(&parent_cursor, &root_cursor);
1178
1179 while (fr_dcursor_current(&parent_cursor)) {
1180 uint64_t component;
1181 int count;
1182 fr_dbuff_marker_t length_start, inner_seq_len_start;
1183 fr_pair_t *child;
1184
1185 /*
1186 * Extensions are sequences or sets containing 2 items:
1187 * 1. The first item is the OID
1188 * 2. The second item is the value
1189 *
1190 * Note: The value may be a constructed or primitive type
1191 */
1192
1193 if (num >= max) {
1194 fr_strerror_printf("Too many X509 extensions (%" PRIu64 ")", max);
1195 break;
1196 }
1197
1198 slen = fr_der_encode_tag(&our_dbuff, FR_DER_TAG_SEQUENCE, FR_DER_CLASS_UNIVERSAL, FR_DER_TAG_CONSTRUCTED);
1199 if (slen < 0) return slen;
1200
1201 fr_dbuff_marker(&inner_seq_len_start, &our_dbuff);
1202 FR_DBUFF_ADVANCE_RETURN(&our_dbuff, 1);
1203
1204 /*
1205 * Encode the OID portion of the extension
1206 */
1207 slen = fr_der_encode_tag(&our_dbuff, FR_DER_TAG_OID, FR_DER_CLASS_UNIVERSAL, FR_DER_TAG_PRIMITIVE);
1208 if (slen < 0) return slen;
1209
1210 fr_dbuff_marker(&length_start, &our_dbuff);
1211 FR_DBUFF_ADVANCE_RETURN(&our_dbuff, 1);
1212
1213 /*
1214 * Walk through the children until we find either an attribute marked as an extension, or one with
1215 * no children (which is an unknown OID).
1216 *
1217 * We will use this to construct the OID to encode, as well as to get the actual value of the
1218 * extension.
1219 */
1220 fr_dcursor_copy(&child_cursor, &parent_cursor);
1221 count = 0;
1222
1223 while ((child = fr_dcursor_current(&child_cursor)) != NULL) {
1224 PAIR_VERIFY(child);
1225
1226 FR_PROTO_TRACE("Child: %s", child->da->name);
1227
1228 if (!is_critical && (strcmp(child->da->name, "Critical") == 0)) {
1229 /*
1230 * We don't encode the critical flag
1231 */
1232 is_critical = fr_pair_list_num_elements(&child->children);
1233 FR_PROTO_TRACE("Critical flag: %zu", is_critical);
1234
1235 fr_pair_dcursor_child_iter_init(&parent_cursor, &child->children, &child_cursor);
1236 goto next;
1237 }
1238
1239 /*
1240 * If we find a normal leaf data type, we don't encode it. But we do encode leaf data
1241 * types which are marked up as needing OID leaf encoding.
1242 */
1243 if (!fr_type_is_structural(child->vp_type) && !fr_der_flag_is_oid_leaf(child->da) && !child->da->flags.is_raw) {
1244 FR_PROTO_TRACE("Found non-structural child %s", child->da->name);
1245
1246 fr_dcursor_copy(&child_cursor, &parent_cursor);
1247 break;
1248 }
1249
1250 slen = fr_der_encode_oid_from_value(&our_dbuff, child->da->attr, &component, &count);
1251 if (unlikely(slen < 0)) return -1;
1252
1253 /*
1254 * We've encoded a leaf data type, or a raw one. Stop encoding it.
1255 */
1256 if (!fr_type_is_structural(child->vp_type)) break;
1257
1258 /*
1259 * Unless this was the last child (marked as an extension), there should only be one child
1260 * - representing the next OID in the extension
1261 */
1262 if (fr_pair_list_num_elements(&child->children) > 1) break;
1263
1264 next:
1265 if (fr_der_flag_is_oid_leaf(child->da)) break;
1266
1267 fr_pair_dcursor_child_iter_init(&child_cursor, &child->children, &child_cursor);
1268 }
1269
1270 /*
1271 * Encode the length of the OID
1272 */
1273 slen = fr_der_encode_len(&our_dbuff, &length_start);
1274 if (slen < 0) return slen;
1275
1276 /*
1277 * Encode the critical flag
1278 */
1279 if (is_critical) {
1280 /*
1281 * Universal+Boolean flag is always 0x01. Length of a boolean is always 0x01.
1282 * True is always 0xff.
1283 */
1284 FR_DBUFF_IN_BYTES_RETURN(&our_dbuff, (uint8_t) 0x01, (uint8_t) 0x01, (uint8_t)(0xff));
1285 is_critical--;
1286 }
1287
1288 /*
1289 * Encode the value portion of the extension
1290 */
1291 slen = fr_der_encode_tag(&our_dbuff, FR_DER_TAG_OCTETSTRING, FR_DER_CLASS_UNIVERSAL, FR_DER_TAG_PRIMITIVE);
1292 if (slen < 0) return slen;
1293
1294 fr_dbuff_marker(&length_start, &our_dbuff);
1295 FR_DBUFF_ADVANCE_RETURN(&our_dbuff, 1);
1296
1297 /*
1298 * Encode the data
1299 */
1300 slen = encode_value(&our_dbuff, &child_cursor, encode_ctx);
1301 if (slen < 0) return slen;
1302
1303 /*
1304 * Encode the length of the value
1305 */
1306 slen = fr_der_encode_len(&our_dbuff, &length_start);
1307 if (slen < 0) return slen;
1308
1309 /*
1310 * Encode the length of the extension (OID + Value portions)
1311 */
1312 slen = fr_der_encode_len(&our_dbuff, &inner_seq_len_start);
1313 if (slen < 0) return -1;
1314
1315 if (is_critical) {
1316 fr_dcursor_next(&parent_cursor);
1317 num++;
1318 continue;
1319 }
1320
1321 FR_PROTO_HEX_DUMP(fr_dbuff_start(&our_dbuff), fr_dbuff_behind(&outer_seq_len_start) + 2,
1322 "Encoded X509 extension");
1323
1324 fr_dcursor_next(&root_cursor);
1325 fr_dcursor_copy(&parent_cursor, &root_cursor);
1326 num++;
1327 }
1328
1329 /*
1330 * Encode the length of the extensions
1331 */
1332 slen = fr_der_encode_len(&our_dbuff, &outer_seq_len_start);
1333 if (slen < 0) return slen;
1334
1335 FR_PROTO_HEX_DUMP(fr_dbuff_start(&our_dbuff), slen, "Encoded X509 extensions");
1336
1337 return fr_dbuff_set(dbuff, &our_dbuff);
1338}
1339
1340static ssize_t fr_der_encode_oid_and_value(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
1341{
1342 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
1343 fr_dbuff_marker_t length_start;
1344 fr_dcursor_t child_cursor, parent_cursor = *cursor;
1345 fr_pair_t const *vp, *child;
1346 ssize_t slen = 0;
1347 uint64_t component;
1348 int count;
1349
1350 vp = fr_dcursor_current(&parent_cursor);
1351 PAIR_VERIFY(vp);
1352 fr_assert(!vp->da->flags.is_raw);
1353
1354 fr_assert(fr_type_is_group(vp->vp_type));
1355
1356 /*
1357 * A very common pattern in DER encoding is ro have a sequence of set containing two things: an OID and a
1358 * value, where the OID is used to determine how to decode the value.
1359 * We will be decoding the OID first and then try to find the attribute associated with that OID to then
1360 * decode the value. If no attribute is found, one will be created and the value will be stored as raw
1361 * octets in the attribute.
1362 *
1363 * Note: The value may be a constructed or primitive type
1364 */
1365
1366 slen = fr_der_encode_tag(&our_dbuff, FR_DER_TAG_OID, FR_DER_CLASS_UNIVERSAL, FR_DER_TAG_PRIMITIVE);
1367 if (slen < 0) return slen;
1368
1369 fr_dbuff_marker(&length_start, &our_dbuff);
1370 FR_DBUFF_ADVANCE_RETURN(&our_dbuff, 1);
1371
1372 /*
1373 * Walk through the children until we find either an attribute marked as an oid leaf, or one with
1374 * no children (which is an unknown OID).
1375 *
1376 * We will use this to construct the OID to encode, as well as to get the actual value of the
1377 * pair.
1378 */
1379 fr_pair_dcursor_child_iter_init(&child_cursor, &vp->children, &parent_cursor);
1380 count = 0;
1381
1382 while ((child = fr_dcursor_current(&child_cursor)) != NULL) {
1383 PAIR_VERIFY(child);
1384
1385 /*
1386 * If we find a normal leaf data type, we don't encode it. But we do encode leaf data
1387 * types which are marked up as needing OID leaf encoding.
1388 */
1389 if (!fr_type_is_structural(child->vp_type) && !fr_der_flag_is_oid_leaf(child->da) && !child->da->flags.is_raw) {
1390 FR_PROTO_TRACE("Found non-structural child %s", child->da->name);
1391
1392 fr_dcursor_copy(&child_cursor, &parent_cursor);
1393 break;
1394 }
1395
1396 slen = fr_der_encode_oid_from_value(&our_dbuff, child->da->attr, &component, &count);
1397 if (unlikely(slen < 0)) return -1;
1398
1399 /*
1400 * We've encoded a leaf data type, or a raw one. Stop encoding it.
1401 */
1402 if (!fr_type_is_structural(child->vp_type)) break;
1403
1404 /*
1405 * Some structural types can be marked as a leaf for the purposes of OID encoding.
1406 */
1407 if (fr_der_flag_is_oid_leaf(child->da)) break;
1408
1409 /*
1410 * Unless this was the last child (marked as an oid leaf), there should only be one child
1411 * - representing the next OID in the pair
1412 */
1413 if (fr_pair_list_num_elements(&child->children) > 1) break;
1414
1415 fr_pair_dcursor_child_iter_init(&child_cursor, &child->children, &child_cursor);
1416 }
1417
1418 /*
1419 * Encode the length of the OID
1420 */
1421 slen = fr_der_encode_len(&our_dbuff, &length_start);
1422 if (slen < 0) return slen;
1423
1424 /*
1425 * And then encode the actual data.
1426 */
1427 slen = encode_value(&our_dbuff, &child_cursor, encode_ctx);
1428 if (slen < 0) return slen;
1429
1430 return fr_dbuff_set(dbuff, &our_dbuff);
1431}
1432
1433static ssize_t fr_der_encode_string(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
1434{
1435 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
1436 fr_pair_t const *vp;
1437
1438 vp = fr_dcursor_current(cursor);
1439 PAIR_VERIFY(vp);
1440 fr_assert(!vp->da->flags.is_raw);
1441
1442 /*
1443 * ISO/IEC 8825-1:2021
1444 * 8.23 Encoding for values of the restricted character string types
1445 * 8.23.1 The data value consists of a string of characters from the character set specified in
1446 * the ASN.1 type definition.
1447 * 8.23.2 Each data value shall be encoded independently of other data values of the same type.
1448 *
1449 * 10.2 String encoding forms
1450 * For bitstring, octetstring and restricted character string types, the constructed form of
1451 * encoding shall not be used. (Contrast with 8.23.6.)
1452 *
1453 * NOTE:
1454 * We DO NOT check for restricted character sets here. This should be done as a separate validation
1455 * step. Here we simply trust that administrators have done their job and are providing us with
1456 * valid data.
1457 */
1458
1459 FR_DBUFF_IN_MEMCPY_RETURN(&our_dbuff, vp->vp_strvalue, vp->vp_length);
1460
1461 return fr_dbuff_set(dbuff, &our_dbuff);
1462}
1463
1464static const fr_der_tag_encode_t tag_funcs[FR_DER_TAG_MAX] = {
1465 [FR_DER_TAG_BOOLEAN] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_boolean },
1466 [FR_DER_TAG_INTEGER] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_integer },
1467 [FR_DER_TAG_BITSTRING] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_bitstring },
1468 [FR_DER_TAG_OCTETSTRING] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_octetstring },
1469 [FR_DER_TAG_NULL] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_null },
1470 [FR_DER_TAG_OID] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_oid },
1471 [FR_DER_TAG_ENUMERATED] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_enumerated },
1472 [FR_DER_TAG_UTF8_STRING] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_string },
1473 [FR_DER_TAG_SEQUENCE] = { .constructed = FR_DER_TAG_CONSTRUCTED, .encode = fr_der_encode_sequence },
1474 [FR_DER_TAG_SET] = { .constructed = FR_DER_TAG_CONSTRUCTED, .encode = fr_der_encode_set },
1475 [FR_DER_TAG_PRINTABLE_STRING] = { .constructed = FR_DER_TAG_PRIMITIVE,
1476 .encode = fr_der_encode_string },
1477 [FR_DER_TAG_T61_STRING] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_string },
1478 [FR_DER_TAG_IA5_STRING] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_string },
1479 [FR_DER_TAG_UTC_TIME] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_utc_time },
1480 [FR_DER_TAG_GENERALIZED_TIME] = { .constructed = FR_DER_TAG_PRIMITIVE,
1481 .encode = fr_der_encode_generalized_time },
1482 [FR_DER_TAG_VISIBLE_STRING] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_string },
1483 [FR_DER_TAG_GENERAL_STRING] = { .constructed = FR_DER_TAG_PRIMITIVE, .encode = fr_der_encode_string },
1484 [FR_DER_TAG_UNIVERSAL_STRING] = { .constructed = FR_DER_TAG_PRIMITIVE,
1485 .encode = fr_der_encode_string },
1486};
1487
1496
1497
1498/** Encode the length field of a DER structure
1499 *
1500 * The input dbuff is composed of the following data:
1501 *
1502 * 1 byte of nothing (length_start). Where the "length length" will be written to.
1503 * N bytes of data. dbuff is pointing to the end of the encoded data.
1504 *
1505 * We have to either write a length to length_start (if it's < 0x7f),
1506 *
1507 * OR we figure out how many bytes we need to encode the length,
1508 * shift the data to the right to make room, and then encode the
1509 * length.
1510 *
1511 * @param dbuff The buffer to update with the length field
1512 * @param length_start The start of the length field
1513 * @return
1514 * - <0 for "cannot extend the input buffer by the needed "length length".
1515 * - 1 for "success". Note that 'length_start' WILL be updated after this call,
1516 * and the caller should just release it immediately.
1517 */
1518static ssize_t fr_der_encode_len(fr_dbuff_t *dbuff, fr_dbuff_marker_t *length_start)
1519{
1520 size_t i, len_len;
1521 size_t tmp, datalen;
1522
1523 datalen = fr_dbuff_current(dbuff) - fr_dbuff_current(length_start) - 1;
1524
1525 /*
1526 * If the length can fit in a single byte, we don't need to extend the size of the length field
1527 */
1528 if (datalen <= 0x7f) {
1529 (void) fr_dbuff_in(length_start, (uint8_t) datalen);
1530 return 1;
1531 }
1532
1533 /*
1534 * Calculate the number of bytes needed to encode the length.
1535 */
1536 for (tmp = datalen, len_len = 0; tmp != 0; tmp >>= 8) {
1537 len_len++;
1538 }
1539
1540 /*
1541 * DER says that the length field cannot be more than
1542 * 0x7f. Since sizeof(datalen) == 8, we can always
1543 * encode the length field.
1544 */
1545 fr_assert(len_len > 0);
1546 fr_assert(len_len < 0x7f);
1547
1548 (void) fr_dbuff_in(length_start, (uint8_t) (0x80 | len_len));
1549
1550 /*
1551 * This is the only operation which can fail. The dbuff
1552 * is currently set to the end of the encoded data. We
1553 * need to ensure that there is sufficient room in the
1554 * dbuff to encode the additional bytes.
1555 *
1556 * fr_dbuff_set() checks if the length exceeds the input
1557 * buffer. But it does NOT extend the buffer by reading
1558 * more data, if more data is needed. So we need to
1559 * manually extend the dbuff here.
1560 */
1561 FR_DBUFF_EXTEND_LOWAT_OR_RETURN(dbuff, len_len);
1562
1563 /*
1564 * Reset the dbuff to the new start, where the data
1565 * should be.
1566 */
1567 fr_dbuff_set(dbuff, fr_dbuff_current(length_start) + len_len);
1568
1569 /*
1570 * Move the data over. Note that the move updates BOTH
1571 * input and output dbuffs. As a result, we have to wrap
1572 * 'length_start' in a temporary dbuff, so that it
1573 * doesn't get updated by the move.
1574 */
1575 fr_dbuff_move(dbuff, &FR_DBUFF(length_start), datalen);
1576
1577 /*
1578 * Encode high bits first, but only the non-zero ones.
1579 */
1580 for (i = len_len; i > 0; i--) {
1581 (void) fr_dbuff_in(length_start, (uint8_t)((datalen) >> ((i - 1) * 8)));
1582 }
1583
1584 return 1;
1585}
1586
1587/** Encode a DER tag
1588 *
1589 * @param dbuff The buffer to write the tag to
1590 * @param tag_num The tag number
1591 * @param tag_class The tag class
1592 * @param constructed Whether the tag is constructed
1593 *
1594 * @return The number of bytes written to the buffer
1595 */
1596static inline CC_HINT(always_inline) ssize_t
1597 fr_der_encode_tag(fr_dbuff_t *dbuff, fr_der_tag_t tag_num, fr_der_tag_class_t tag_class,
1598 fr_der_tag_constructed_t constructed)
1599{
1600 fr_dbuff_t our_dbuff = FR_DBUFF(dbuff);
1601 uint8_t tag_byte;
1602
1603 tag_byte = (tag_class & DER_TAG_CLASS_MASK) | (constructed & DER_TAG_CONSTRUCTED_MASK) |
1604 (tag_num & DER_TAG_NUM_MASK);
1605
1606 FR_DBUFF_IN_RETURN(&our_dbuff, tag_byte);
1607
1608 return fr_dbuff_set(dbuff, &our_dbuff);
1609}
1610
1611/** Encode a DER structure
1612 *
1613 * @param[out] dbuff The buffer to write the structure to
1614 * @param[in] cursor The cursor to the structure to encode
1615 * @param[in] encode_ctx The encoding context
1616 *
1617 * @return The number of bytes written to the buffer
1618 */
1619static ssize_t encode_value(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, void *encode_ctx)
1620{
1621 fr_pair_t const *vp;
1622 fr_dbuff_t our_dbuff;
1623 fr_dbuff_marker_t marker;
1624 fr_der_tag_encode_t const *func;
1625 fr_der_tag_t tag;
1626 fr_der_tag_class_t tag_class;
1627 fr_der_encode_ctx_t *uctx = encode_ctx;
1628 ssize_t slen = 0;
1629 fr_der_attr_flags_t const *flags;
1630
1631 if (unlikely(cursor == NULL)) {
1632 fr_strerror_const("No cursor to encode");
1633 return -1;
1634 }
1635
1636 vp = fr_dcursor_current(cursor);
1637 if (unlikely(!vp)) {
1638 fr_strerror_const("No pair to encode");
1639 return -1;
1640 }
1641
1642 PAIR_VERIFY(vp);
1643
1644 FR_PROTO_TRACE("Encoding %s", vp->da->name);
1645
1646 flags = fr_der_attr_flags(vp->da);
1647 fr_assert(flags != NULL);
1648
1649 /*
1650 * Raw things get encoded as-is, so that we can encode the correct tag and class.
1651 */
1652 if (unlikely(vp->da->flags.is_raw)) {
1653 fr_assert(vp->vp_type == FR_TYPE_OCTETS);
1654
1655 slen = fr_der_encode_octetstring(dbuff, cursor, encode_ctx);
1656 if (slen < 0) return 0;
1657
1658 fr_dcursor_next(cursor);
1659 return slen;
1660 }
1661
1662 our_dbuff = FR_DBUFF(dbuff);
1663
1664 /*
1665 * ISO/IEC 8825-1:2021
1666 * The structure of a DER encoding is as follows:
1667 *
1668 * +------------+--------+-------+
1669 * | IDENTIFIER | LENGTH | VALUE |
1670 * +------------+--------+-------+
1671 *
1672 * The IDENTIFIER is a tag that specifies the type of the value field and is encoded as follows:
1673 *
1674 * 8 7 6 5 4 3 2 1
1675 * +---+---+-----+---+---+---+---+---+
1676 * | Class | P/C | Tag Number |
1677 * +---+---+-----+---+---+---+---+---+
1678 * |
1679 * |- 0 = Primitive
1680 * |- 1 = Constructed
1681 *
1682 * The CLASS field specifies the encoding class of the tag and may be one of the following values:
1683 *
1684 * +------------------+-------+-------+
1685 * | Class | Bit 8 | Bit 7 |
1686 * +------------------+-------+-------+
1687 * | UNIVERSAL | 0 | 0 |
1688 * | APPLICATION | 0 | 1 |
1689 * | CONTEXT-SPECIFIC | 1 | 0 |
1690 * | PRIVATE | 1 | 1 |
1691 * +------------------+-------+-------+
1692 *
1693 * The P/C field specifies whether the value field is primitive or constructed.
1694 * The TAG NUMBER field specifies the tag number of the value field and is encoded as an unsigned binary
1695 * integer.
1696 *
1697 * The LENGTH field specifies the length of the VALUE field and is encoded as an unsigned binary integer
1698 * and may be encoded as a single byte or multiple bytes.
1699 *
1700 * The VALUE field contains LENGTH number of bytes and is encoded according to the tag.
1701 *
1702 */
1703
1704 if (flags->has_default_value) {
1705 /*
1706 * Skip encoding the default value, as per ISO/IEC 8825-1:2021 11.5
1707 */
1708 if (fr_value_box_cmp(&vp->data, flags->default_value) == 0) {
1709 FR_PROTO_TRACE("Skipping default value");
1710 fr_dcursor_next(cursor);
1711 return 0;
1712 }
1713 }
1714
1715 if (unlikely(flags->is_choice)) {
1716 slen = fr_der_encode_choice(&our_dbuff, cursor, uctx);
1717 if (slen < 0) return slen;
1718
1719 fr_dcursor_next(cursor);
1720 return fr_dbuff_set(dbuff, &our_dbuff);
1721 }
1722
1723 tag = flags->der_type;
1724 if (!tag) tag = fr_type_to_der_tag_default(vp->vp_type);
1725
1726 if (unlikely(tag == FR_DER_TAG_INVALID)) {
1727 fr_strerror_printf("No tag defined for type %s", fr_type_to_str(vp->vp_type));
1728 return -1;
1729 }
1730
1731 fr_assert(tag < FR_DER_TAG_MAX);
1732
1733 func = &type_funcs[vp->vp_type];
1734 if (!func->encode) func = &tag_funcs[tag];
1735
1736 fr_assert(func != NULL);
1737 fr_assert(func->encode != NULL);
1738
1739 /*
1740 * Default flag class is 0, which is FR_DER_CLASS_UNIVERSAL.
1741 */
1742 tag_class = flags->class;
1743
1744 /*
1745 * We call the DER type encoding function based on its
1746 * tag, but we might need to encode an option value
1747 * instead of a tag.
1748 */
1749 if (flags->is_option) tag = flags->option;
1750
1751 slen = fr_der_encode_tag(&our_dbuff, tag, tag_class, func->constructed);
1752 if (slen < 0) return slen;
1753
1754 /*
1755 * Mark and reserve space in the buffer for the length field
1756 */
1757 fr_dbuff_marker(&marker, &our_dbuff);
1758 FR_DBUFF_ADVANCE_RETURN(&our_dbuff, 1);
1759
1760 if (flags->is_extensions) {
1761 slen = fr_der_encode_X509_extensions(&our_dbuff, cursor, uctx);
1762 } else {
1763
1764 slen = func->encode(&our_dbuff, cursor, uctx);
1765 }
1766 if (slen < 0) return slen;
1767
1768 /*
1769 * Encode the length of the value
1770 */
1771 slen = fr_der_encode_len(&our_dbuff, &marker);
1772 if (slen < 0) return slen;
1773
1774 fr_dcursor_next(cursor);
1775 return fr_dbuff_set(dbuff, &our_dbuff);
1776}
1777
1778static ssize_t fr_der_encode_proto(UNUSED TALLOC_CTX *ctx, fr_pair_list_t *vps, uint8_t *data, size_t data_len,
1779 void *encode_ctx)
1780{
1781 fr_dbuff_t dbuff;
1782 fr_dcursor_t cursor;
1783 ssize_t slen;
1784
1785 fr_dbuff_init(&dbuff, data, data_len);
1786
1787 fr_pair_dcursor_init(&cursor, vps);
1788
1789 slen = encode_value(&dbuff, &cursor, encode_ctx);
1790
1791 if (slen < 0) {
1792 fr_strerror_printf("Failed to encode data: %s", fr_strerror());
1793 return -1;
1794 }
1795
1796 return slen;
1797}
1798
1799/*
1800 * Test points
1801 */
1802static int encode_test_ctx(void **out, TALLOC_CTX *ctx, UNUSED fr_dict_t const *dict)
1803{
1804 fr_der_encode_ctx_t *test_ctx;
1805
1806 test_ctx = talloc_zero(ctx, fr_der_encode_ctx_t);
1807 if (!test_ctx) return -1;
1808
1809 test_ctx->tmp_ctx = talloc(test_ctx, uint8_t);
1810
1811 *out = test_ctx;
1812
1813 return 0;
1814}
1815
1816extern fr_test_point_pair_encode_t der_tp_encode_pair;
1821
1822extern fr_test_point_proto_encode_t der_tp_encode_proto;
RCSID
#define RCSID(id)
Definition build.h:485
CMP_PREFER_SMALLER
#define CMP_PREFER_SMALLER(_a, _b)
Evaluates to +1 for a > b, and -1 for a < b.
Definition build.h:104
unlikely
#define unlikely(_x)
Definition build.h:383
UNUSED
#define UNUSED
Definition build.h:317
fr_dbuff_behind
#define fr_dbuff_behind(_dbuff_or_marker)
How many bytes the dbuff or marker is behind its parent.
Definition dbuff.h:786
fr_dbuff_used
#define fr_dbuff_used(_dbuff_or_marker)
Return the number of bytes remaining between the start of the dbuff or marker and the current positio...
Definition dbuff.h:767
FR_DBUFF_ADVANCE_RETURN
#define FR_DBUFF_ADVANCE_RETURN(_dbuff_or_marker, _len)
Advance the 'current' position in dbuff or marker by _len bytes returning if _len is out of range.
Definition dbuff.h:1088
FR_DBUFF_EXTEND_LOWAT_OR_RETURN
#define FR_DBUFF_EXTEND_LOWAT_OR_RETURN(_dbuff_or_marker, _lowat)
Extend if we're below _lowat and return if we can't extend above _lowat.
Definition dbuff.h:673
fr_dbuff_marker_t
struct fr_dbuff_marker_s fr_dbuff_marker_t
A position marker associated with a dbuff.
Definition dbuff.h:81
fr_dbuff_current
#define fr_dbuff_current(_dbuff_or_marker)
Return the 'current' position of a dbuff or marker.
Definition dbuff.h:911
fr_dbuff_set
#define fr_dbuff_set(_dst, _src)
Set the 'current' position in a dbuff or marker using another dbuff or marker, a char pointer,...
Definition dbuff.h:1004
fr_dbuff_init
#define fr_dbuff_init(_out, _start, _len_or_end)
Initialise an dbuff for encoding or decoding.
Definition dbuff.h:354
fr_dbuff_start
#define fr_dbuff_start(_dbuff_or_marker)
Return the 'start' position of a dbuff or marker.
Definition dbuff.h:898
fr_dbuff_remaining
#define fr_dbuff_remaining(_dbuff_or_marker)
Return the number of bytes remaining between the dbuff or marker and the end of the buffer.
Definition dbuff.h:743
fr_dbuff_marker
static uint8_t * fr_dbuff_marker(fr_dbuff_marker_t *m, fr_dbuff_t *dbuff)
Initialises a new marker pointing to the 'current' position of the dbuff.
Definition dbuff.h:1192
FR_DBUFF_IN_MEMCPY_RETURN
#define FR_DBUFF_IN_MEMCPY_RETURN(_dbuff_or_marker, _in, _inlen)
Copy exactly _inlen bytes into dbuff or marker returning if there's insufficient space.
Definition dbuff.h:1382
fr_dbuff_in_memcpy
#define fr_dbuff_in_memcpy(_dbuff_or_marker, _in, _inlen)
Copy exactly _inlen bytes into a dbuff or marker.
Definition dbuff.h:1350
fr_dbuff_in
#define fr_dbuff_in(_dbuff_or_marker, _in)
Copy data from a fixed sized C type into a dbuff or marker.
Definition dbuff.h:1567
FR_DBUFF_IN_RETURN
#define FR_DBUFF_IN_RETURN(_dbuff_or_marker, _in)
Copy data from a fixed sized C type into a dbuff returning if there is insufficient space.
Definition dbuff.h:1585
FR_DBUFF
#define FR_DBUFF(_dbuff_or_marker)
Create a new dbuff pointing to the same underlying buffer.
Definition dbuff.h:222
fr_dbuff_move
#define fr_dbuff_move(_out, _in, _len)
Copy in as many bytes as possible from one dbuff or marker to another.
Definition dbuff.h:1656
fr_dbuff_out
#define fr_dbuff_out(_out, _dbuff_or_marker)
Copy data from a dbuff or marker to a fixed sized C type.
Definition dbuff.h:1799
fr_dbuff_set_end
#define fr_dbuff_set_end(_dst, _end)
Set a new 'end' position in a dbuff or marker.
Definition dbuff.h:1051
FR_DBUFF_IN_BYTES_RETURN
#define FR_DBUFF_IN_BYTES_RETURN(_dbuff_or_marker,...)
Copy a byte sequence into a dbuff or marker returning if there's insufficient space.
Definition dbuff.h:1472
fr_dcursor_next
static void * fr_dcursor_next(fr_dcursor_t *cursor)
Advanced the cursor to the next item.
Definition dcursor.h:288
fr_dcursor_copy
static void fr_dcursor_copy(fr_dcursor_t *out, fr_dcursor_t const *in)
Copy cursor parameters and state.
Definition dcursor.h:192
fr_dcursor_current
static void * fr_dcursor_current(fr_dcursor_t *cursor)
Return the item the cursor current points to.
Definition dcursor.h:337
fr_dcursor_s
Definition dcursor.h:93
fr_der_tag_t
fr_der_tag_t
Enumeration describing the data types in a DER encoded structure.
Definition der.h:36
FR_DER_TAG_IA5_STRING
@ FR_DER_TAG_IA5_STRING
String of IA5 (7bit) chars.
Definition der.h:50
FR_DER_TAG_SEQUENCE
@ FR_DER_TAG_SEQUENCE
A sequence of DER encoded data (a structure).
Definition der.h:46
FR_DER_TAG_SET
@ FR_DER_TAG_SET
A set of DER encoded data (a structure).
Definition der.h:47
FR_DER_TAG_INTEGER
@ FR_DER_TAG_INTEGER
Arbitrary width signed integer.
Definition der.h:39
FR_DER_TAG_BOOLEAN
@ FR_DER_TAG_BOOLEAN
Boolean true/false.
Definition der.h:38
FR_DER_TAG_UTF8_STRING
@ FR_DER_TAG_UTF8_STRING
String of UTF8 chars.
Definition der.h:45
FR_DER_TAG_UTC_TIME
@ FR_DER_TAG_UTC_TIME
A time in UTC "YYMMDDhhmmssZ" format.
Definition der.h:51
FR_DER_TAG_GENERALIZED_TIME
@ FR_DER_TAG_GENERALIZED_TIME
A time in "YYYYMMDDHHMMSS[.fff]Z" format.
Definition der.h:52
FR_DER_TAG_INVALID
@ FR_DER_TAG_INVALID
Invalid tag.
Definition der.h:37
FR_DER_TAG_NULL
@ FR_DER_TAG_NULL
An empty value.
Definition der.h:42
FR_DER_TAG_OCTETSTRING
@ FR_DER_TAG_OCTETSTRING
String of octets (length field specifies bytes).
Definition der.h:41
FR_DER_TAG_VISIBLE_STRING
@ FR_DER_TAG_VISIBLE_STRING
String of visible chars.
Definition der.h:53
FR_DER_TAG_BITSTRING
@ FR_DER_TAG_BITSTRING
String of bits (length field specifies bits).
Definition der.h:40
FR_DER_TAG_T61_STRING
@ FR_DER_TAG_T61_STRING
String of T61 (8bit) chars.
Definition der.h:49
FR_DER_TAG_ENUMERATED
@ FR_DER_TAG_ENUMERATED
An enumerated value.
Definition der.h:44
FR_DER_TAG_UNIVERSAL_STRING
@ FR_DER_TAG_UNIVERSAL_STRING
String of universal chars.
Definition der.h:55
FR_DER_TAG_PRINTABLE_STRING
@ FR_DER_TAG_PRINTABLE_STRING
String of printable chars.
Definition der.h:48
FR_DER_TAG_GENERAL_STRING
@ FR_DER_TAG_GENERAL_STRING
String of general chars.
Definition der.h:54
FR_DER_TAG_OID
@ FR_DER_TAG_OID
Reference to an OID based attribute.
Definition der.h:43
FR_DER_TAG_MAX
@ FR_DER_TAG_MAX
Definition der.h:60
fr_der_attr_flags_t::is_extensions
bool is_extensions
a list of X.509 extensions
Definition der.h:112
fr_der_flag_der_type
#define fr_der_flag_der_type(_da)
Definition der.h:127
fr_der_attr_flags_t::der_type
fr_der_tag_t der_type
the DER type, which is different from the FreeRADIUS type
Definition der.h:97
fr_der_attr_flags_t::is_option
bool is_option
has an option defined
Definition der.h:107
DER_BOOLEAN_TRUE
#define DER_BOOLEAN_TRUE
DER encoded boolean true value.
Definition der.h:93
fr_der_flag_is_oid_and_value
#define fr_der_flag_is_oid_and_value(_da)
Definition der.h:133
DER_BOOLEAN_FALSE
#define DER_BOOLEAN_FALSE
DER encoded boolean false value.
Definition der.h:92
fr_der_flag_is_set_of
#define fr_der_flag_is_set_of(_da)
Definition der.h:131
DER_TAG_CLASS_MASK
#define DER_TAG_CLASS_MASK
Mask to extract the class from the tag.
Definition der.h:84
fr_der_flag_max
#define fr_der_flag_max(_da)
Definition der.h:132
DER_UTC_TIME_LEN
#define DER_UTC_TIME_LEN
Length of the UTC time string.
Definition der.h:80
fr_der_tag_constructed_t
fr_der_tag_constructed_t
Definition der.h:65
FR_DER_TAG_CONSTRUCTED
@ FR_DER_TAG_CONSTRUCTED
This is a sequence or set, it contains children.
Definition der.h:67
FR_DER_TAG_PRIMITIVE
@ FR_DER_TAG_PRIMITIVE
This is a leaf value, it contains no children.
Definition der.h:66
DER_TAG_NUM_MASK
#define DER_TAG_NUM_MASK
Mask to extract the tag number from the tag.
Definition der.h:86
fr_der_flag_is_oid_leaf
#define fr_der_flag_is_oid_leaf(_da)
Definition der.h:136
fr_der_attr_flags
static fr_der_attr_flags_t const * fr_der_attr_flags(fr_dict_attr_t const *da)
Definition der.h:119
fr_der_attr_flags_t::is_choice
bool is_choice
DER name "choice".
Definition der.h:115
fr_der_attr_flags_t::option
uint8_t option
an "attribute number" encoded in the tag field.
Definition der.h:106
DER_TAG_CONSTRUCTED_MASK
#define DER_TAG_CONSTRUCTED_MASK
Mask to check if the tag is constructed.
Definition der.h:85
fr_der_attr_flags_t::has_default_value
bool has_default_value
a default value exists
Definition der.h:113
fr_der_attr_flags_t::class
fr_der_tag_class_t class
tag Class
Definition der.h:96
fr_der_tag_class_t
fr_der_tag_class_t
Definition der.h:70
FR_DER_CLASS_UNIVERSAL
@ FR_DER_CLASS_UNIVERSAL
Definition der.h:71
fr_der_attr_flags_t
Definition der.h:95
value
Test enumeration values.
Definition dict_test.h:92
encode_value
static ssize_t encode_value(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, int depth, fr_dcursor_t *cursor, void *encode_ctx)
Encodes the data portion of an attribute.
Definition encode.c:272
fr_pair_cursor_to_network
ssize_t fr_pair_cursor_to_network(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *cursor, void *encode_ctx, fr_encode_dbuff_t encode_pair)
Definition encode.c:71
talloc_free
talloc_free(reap)
FR_TYPE_IPV4_ADDR
@ FR_TYPE_IPV4_ADDR
32 Bit IPv4 Address.
Definition merged_model.c:86
FR_TYPE_IPV6_PREFIX
@ FR_TYPE_IPV6_PREFIX
IPv6 Prefix.
Definition merged_model.c:89
FR_TYPE_MAX
@ FR_TYPE_MAX
Number of defined data types.
Definition merged_model.c:130
FR_TYPE_INT64
@ FR_TYPE_INT64
64 Bit signed integer.
Definition merged_model.c:106
FR_TYPE_IPV6_ADDR
@ FR_TYPE_IPV6_ADDR
128 Bit IPv6 Address.
Definition merged_model.c:88
FR_TYPE_IPV4_PREFIX
@ FR_TYPE_IPV4_PREFIX
IPv4 Prefix.
Definition merged_model.c:87
FR_TYPE_COMBO_IP_ADDR
@ FR_TYPE_COMBO_IP_ADDR
IPv4 or IPv6 address depending on length.
Definition merged_model.c:91
FR_TYPE_OCTETS
@ FR_TYPE_OCTETS
Raw octets.
Definition merged_model.c:84
ssize_t
long int ssize_t
Definition merged_model.c:24
uint8_t
unsigned char uint8_t
Definition merged_model.c:30
fr_dbuff_t
Definition merged_model.c:41
fr_dict_t
Definition merged_model.c:198
fr_sbuff_t
Definition merged_model.c:37
depth
static uint8_t depth(fr_minmax_heap_index_t i)
Definition minmax_heap.c:83
fr_proto_da_stack_build
void fr_proto_da_stack_build(fr_da_stack_t *stack, fr_dict_attr_t const *da)
Build a complete DA stack from the da back to the root.
Definition proto.c:118
encode_ctx
static fr_internal_encode_ctx_t encode_ctx
Definition proto_ldap_sync.c:34
encode_test_ctx
static int encode_test_ctx(void **out, TALLOC_CTX *ctx, UNUSED fr_dict_t const *dict)
Definition encode.c:165
encode_pair
static ssize_t encode_pair(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED void *encode_ctx)
Definition base.c:39
fr_type_to_der_tag_default
fr_der_tag_t fr_type_to_der_tag_default(fr_type_t type)
Definition base.c:804
fr_der_encode_ipv4_addr
static ssize_t fr_der_encode_ipv4_addr(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:350
fr_der_encode_sequence
static ssize_t fr_der_encode_sequence(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:716
fr_der_encode_ctx_t::tmp_ctx
uint8_t * tmp_ctx
Temporary context for encoding.
Definition encode.c:40
fr_der_encode_octetstring
static ssize_t fr_der_encode_octetstring(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:527
tag_funcs
static const fr_der_tag_encode_t tag_funcs[FR_DER_TAG_MAX]
Definition encode.c:1464
fr_der_encode_set_of_cmp
static int fr_der_encode_set_of_cmp(void const *one, void const *two)
Definition encode.c:757
fr_der_encode_choice
static ssize_t fr_der_encode_choice(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
Encode a CHOICE type.
Definition encode.c:1095
fr_der_encode_t
ssize_t(* fr_der_encode_t)(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
Function signature for DER encode functions.
Definition encode.c:53
fr_der_encode_ipv6_addr
static ssize_t fr_der_encode_ipv6_addr(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:425
fr_der_encode_oid
static ssize_t fr_der_encode_oid(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:650
fr_der_encode_null
static ssize_t fr_der_encode_null(UNUSED fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:567
fr_der_encode_boolean
static ssize_t fr_der_encode_boolean(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:98
fr_der_encode_oid_and_value
static ssize_t fr_der_encode_oid_and_value(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:1340
fr_der_encode_oid_from_value
static ssize_t fr_der_encode_oid_from_value(fr_dbuff_t *dbuff, uint64_t value, uint64_t *component, int *count)
Definition encode.c:591
fr_der_encode_proto
static ssize_t fr_der_encode_proto(UNUSED TALLOC_CTX *ctx, fr_pair_list_t *vps, uint8_t *data, size_t data_len, void *encode_ctx)
Definition encode.c:1778
fr_der_encode_generalized_time
static ssize_t fr_der_encode_generalized_time(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:983
fr_der_encode_set_of_ptr_pairs_t::len
size_t len
Length of the encoded item (tag + length + value)
Definition encode.c:751
fr_der_encode_len
static ssize_t fr_der_encode_len(fr_dbuff_t *dbuff, fr_dbuff_marker_t *length_start)
Encode the length field of a DER structure.
Definition encode.c:1518
fr_der_encode_enumerated
#define fr_der_encode_enumerated
Definition encode.c:69
fr_der_encode_string
static ssize_t fr_der_encode_string(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:1433
fr_der_tag_encode_t::constructed
fr_der_tag_constructed_t constructed
Definition encode.c:56
fr_der_encode_X509_extensions
static ssize_t fr_der_encode_X509_extensions(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:1119
fr_der_pair_cmp_by_da_tag
static int8_t fr_der_pair_cmp_by_da_tag(void const *a, void const *b)
Compare two pairs by their tag number.
Definition encode.c:84
type_funcs
static const fr_der_tag_encode_t type_funcs[FR_TYPE_MAX]
Definition encode.c:1488
fr_der_encode_combo_ip
static ssize_t fr_der_encode_combo_ip(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:497
fr_der_encode_set
static ssize_t fr_der_encode_set(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:769
der_tp_encode_pair
fr_test_point_pair_encode_t der_tp_encode_pair
Definition encode.c:1817
fr_der_encode_bitstring
static ssize_t fr_der_encode_bitstring(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:217
der_tp_encode_proto
fr_test_point_proto_encode_t der_tp_encode_proto
Definition encode.c:1823
fr_der_encode_tag
static ssize_t fr_der_encode_tag(fr_dbuff_t *dbuff, fr_der_tag_t tag_num, fr_der_tag_class_t tag_class, fr_der_tag_constructed_t constructed)
Encode a DER tag.
Definition encode.c:1597
fr_der_encode_ipv6_prefix
static ssize_t fr_der_encode_ipv6_prefix(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:457
fr_der_encode_integer
static ssize_t fr_der_encode_integer(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:128
fr_der_tag_encode_t::encode
fr_der_encode_t encode
Definition encode.c:57
fr_der_encode_utc_time
static ssize_t fr_der_encode_utc_time(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:899
fr_der_encode_ipv4_prefix
static ssize_t fr_der_encode_ipv4_prefix(fr_dbuff_t *dbuff, fr_dcursor_t *cursor, UNUSED fr_der_encode_ctx_t *encode_ctx)
Definition encode.c:382
fr_der_encode_set_of_ptr_pairs_t::data
uint8_t * data
Pointer to the start of the encoded item (beginning of the tag)
Definition encode.c:750
fr_der_encode_ctx_t
Definition encode.c:39
fr_der_encode_set_of_ptr_pairs_t
Definition encode.c:749
fr_der_tag_encode_t
Definition encode.c:55
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
done
static bool done
Definition radclient.c:81
fr_sbuff_shift
size_t fr_sbuff_shift(fr_sbuff_t *sbuff, size_t shift, bool move_end)
Shift the contents of the sbuff, returning the number of bytes we managed to shift.
Definition sbuff.c:197
FR_SBUFF_OUT
#define FR_SBUFF_OUT(_start, _len_or_end)
buff
static char buff[sizeof("18446744073709551615")+3]
Definition size_tests.c:41
count
return count
Definition module.c:155
vp
fr_pair_t * vp
Definition state_machine.c:2262
fr_struct_to_network
ssize_t fr_struct_to_network(fr_dbuff_t *dbuff, fr_da_stack_t *da_stack, unsigned int depth, fr_dcursor_t *parent_cursor, void *encode_ctx, fr_encode_dbuff_t encode_value, fr_encode_dbuff_t encode_pair)
Definition struct.c:469
pair_list_s
Definition pair.h:52
value_pair_s
Stores an attribute, a value and various bits of other data.
Definition pair.h:68
value_pair_s::da
fr_dict_attr_t const *_CONST da
Dictionary attribute defines the attribute number, vendor and type of the pair.
Definition pair.h:69
fr_test_point_pair_encode_t::test_ctx
fr_test_point_ctx_alloc_t test_ctx
Allocate a test ctx for the encoder.
Definition test_point.h:93
fr_test_point_proto_encode_t::test_ctx
fr_test_point_ctx_alloc_t test_ctx
Allocate a test ctx for the encoder.
Definition test_point.h:75
fr_test_point_pair_encode_t
Entry point for pair encoders.
Definition test_point.h:92
fr_test_point_proto_encode_t
Entry point for protocol encoders.
Definition test_point.h:74
fr_unix_time_to_str
fr_slen_t fr_unix_time_to_str(fr_sbuff_t *out, fr_unix_time_t time, fr_time_res_t res, bool utc)
Convert unix time to string.
Definition time.c:1122
FR_TIME_RES_USEC
@ FR_TIME_RES_USEC
Definition time.h:59
FR_TIME_RES_SEC
@ FR_TIME_RES_SEC
Definition time.h:50
fr_pair_dcursor_child_iter_init
static fr_pair_t * fr_pair_dcursor_child_iter_init(fr_dcursor_t *cursor, fr_pair_list_t const *list, fr_dcursor_t const *parent)
Initializes a child dcursor from a parent cursor, with an iteration function.
Definition pair.h:611
PAIR_VERIFY
#define PAIR_VERIFY(_x)
Definition pair.h:191
fr_pair_list_sort
void fr_pair_list_sort(fr_pair_list_t *list, fr_cmp_t cmp)
Sort a doubly linked list of fr_pair_ts using merge sort.
Definition pair_inline.c:139
fr_pair_dcursor_init
#define fr_pair_dcursor_init(_cursor, _list)
Initialises a special dcursor with callbacks that will maintain the attr sublists correctly.
Definition pair.h:591
fr_pair_list_num_elements
size_t fr_pair_list_num_elements(fr_pair_list_t const *list)
Get the length of a list of fr_pair_t.
Definition pair_inline.c:150
FR_PROTO_HEX_DUMP
#define FR_PROTO_HEX_DUMP(_data, _data_len, _fmt,...)
Definition proto.h:41
FR_PROTO_TRACE
#define FR_PROTO_TRACE(_fmt,...)
Definition proto.h:40
FR_PROTO_STACK_PRINT
#define FR_PROTO_STACK_PRINT(_stack, _depth)
Definition proto.h:43
fr_da_stack_t
Structure for holding the stack of dictionary attributes being encoded.
Definition proto.h:54
fr_strerror
char const * fr_strerror(void)
Get the last library error.
Definition strerror.c:553
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_type_is_group
#define fr_type_is_group(_x)
Definition types.h:355
fr_type_is_structural
#define fr_type_is_structural(_x)
Definition types.h:371
fr_type_is_tlv
#define fr_type_is_tlv(_x)
Definition types.h:351
fr_type_to_str
static char const * fr_type_to_str(fr_type_t type)
Return a static string containing the type name.
Definition types.h:433
fr_type_is_struct
#define fr_type_is_struct(_x)
Definition types.h:352
fr_value_box_cmp
int8_t fr_value_box_cmp(fr_value_box_t const *a, fr_value_box_t const *b)
Compare two values.
Definition value.c:722
data
static fr_slen_t data
Definition value.h:1274
nonnull
int nonnull(2, 5))
out
static size_t char ** out
Definition value.h:1012
Generated by   doxygen 1.9.8