Botan
1.11.15
|
00001 /* 00002 * BER Decoder 00003 * (C) 1999-2008 Jack Lloyd 00004 * 00005 * Botan is released under the Simplified BSD License (see license.txt) 00006 */ 00007 00008 #include <botan/ber_dec.h> 00009 #include <botan/bigint.h> 00010 #include <botan/get_byte.h> 00011 00012 namespace Botan { 00013 00014 namespace { 00015 00016 /* 00017 * BER decode an ASN.1 type tag 00018 */ 00019 size_t decode_tag(DataSource* ber, ASN1_Tag& type_tag, ASN1_Tag& class_tag) 00020 { 00021 byte b; 00022 if(!ber->read_byte(b)) 00023 { 00024 class_tag = type_tag = NO_OBJECT; 00025 return 0; 00026 } 00027 00028 if((b & 0x1F) != 0x1F) 00029 { 00030 type_tag = ASN1_Tag(b & 0x1F); 00031 class_tag = ASN1_Tag(b & 0xE0); 00032 return 1; 00033 } 00034 00035 size_t tag_bytes = 1; 00036 class_tag = ASN1_Tag(b & 0xE0); 00037 00038 size_t tag_buf = 0; 00039 while(true) 00040 { 00041 if(!ber->read_byte(b)) 00042 throw BER_Decoding_Error("Long-form tag truncated"); 00043 if(tag_buf & 0xFF000000) 00044 throw BER_Decoding_Error("Long-form tag overflowed 32 bits"); 00045 ++tag_bytes; 00046 tag_buf = (tag_buf << 7) | (b & 0x7F); 00047 if((b & 0x80) == 0) break; 00048 } 00049 type_tag = ASN1_Tag(tag_buf); 00050 return tag_bytes; 00051 } 00052 00053 /* 00054 * Find the EOC marker 00055 */ 00056 size_t find_eoc(DataSource*); 00057 00058 /* 00059 * BER decode an ASN.1 length field 00060 */ 00061 size_t decode_length(DataSource* ber, size_t& field_size) 00062 { 00063 byte b; 00064 if(!ber->read_byte(b)) 00065 throw BER_Decoding_Error("Length field not found"); 00066 field_size = 1; 00067 if((b & 0x80) == 0) 00068 return b; 00069 00070 field_size += (b & 0x7F); 00071 if(field_size == 1) return find_eoc(ber); 00072 if(field_size > 5) 00073 throw BER_Decoding_Error("Length field is too large"); 00074 00075 size_t length = 0; 00076 00077 for(size_t i = 0; i != field_size - 1; ++i) 00078 { 00079 if(get_byte(0, length) != 0) 00080 throw BER_Decoding_Error("Field length overflow"); 00081 if(!ber->read_byte(b)) 00082 throw BER_Decoding_Error("Corrupted length field"); 00083 length = (length << 8) | b; 00084 } 00085 return length; 00086 } 00087 00088 /* 00089 * BER decode an ASN.1 length field 00090 */ 00091 size_t decode_length(DataSource* ber) 00092 { 00093 size_t dummy; 00094 return decode_length(ber, dummy); 00095 } 00096 00097 /* 00098 * Find the EOC marker 00099 */ 00100 size_t find_eoc(DataSource* ber) 00101 { 00102 secure_vector<byte> buffer(DEFAULT_BUFFERSIZE), data; 00103 00104 while(true) 00105 { 00106 const size_t got = ber->peek(&buffer[0], buffer.size(), data.size()); 00107 if(got == 0) 00108 break; 00109 00110 data += std::make_pair(&buffer[0], got); 00111 } 00112 00113 DataSource_Memory source(data); 00114 data.clear(); 00115 00116 size_t length = 0; 00117 while(true) 00118 { 00119 ASN1_Tag type_tag, class_tag; 00120 size_t tag_size = decode_tag(&source, type_tag, class_tag); 00121 if(type_tag == NO_OBJECT) 00122 break; 00123 00124 size_t length_size = 0; 00125 size_t item_size = decode_length(&source, length_size); 00126 source.discard_next(item_size); 00127 00128 length += item_size + length_size + tag_size; 00129 00130 if(type_tag == EOC && class_tag == UNIVERSAL) 00131 break; 00132 } 00133 return length; 00134 } 00135 00136 } 00137 00138 /* 00139 * Check a type invariant on BER data 00140 */ 00141 void BER_Object::assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag) 00142 { 00143 if(this->type_tag != type_tag || this->class_tag != class_tag) 00144 throw BER_Decoding_Error("Tag mismatch when decoding got " + 00145 std::to_string(this->type_tag) + "/" + 00146 std::to_string(this->class_tag) + " expected " + 00147 std::to_string(type_tag) + "/" + 00148 std::to_string(class_tag)); 00149 } 00150 00151 /* 00152 * Check if more objects are there 00153 */ 00154 bool BER_Decoder::more_items() const 00155 { 00156 if(source->end_of_data() && (pushed.type_tag == NO_OBJECT)) 00157 return false; 00158 return true; 00159 } 00160 00161 /* 00162 * Verify that no bytes remain in the source 00163 */ 00164 BER_Decoder& BER_Decoder::verify_end() 00165 { 00166 if(!source->end_of_data() || (pushed.type_tag != NO_OBJECT)) 00167 throw Invalid_State("BER_Decoder::verify_end called, but data remains"); 00168 return (*this); 00169 } 00170 00171 /* 00172 * Save all the bytes remaining in the source 00173 */ 00174 BER_Decoder& BER_Decoder::raw_bytes(secure_vector<byte>& out) 00175 { 00176 out.clear(); 00177 byte buf; 00178 while(source->read_byte(buf)) 00179 out.push_back(buf); 00180 return (*this); 00181 } 00182 00183 BER_Decoder& BER_Decoder::raw_bytes(std::vector<byte>& out) 00184 { 00185 out.clear(); 00186 byte buf; 00187 while(source->read_byte(buf)) 00188 out.push_back(buf); 00189 return (*this); 00190 } 00191 00192 /* 00193 * Discard all the bytes remaining in the source 00194 */ 00195 BER_Decoder& BER_Decoder::discard_remaining() 00196 { 00197 byte buf; 00198 while(source->read_byte(buf)) 00199 ; 00200 return (*this); 00201 } 00202 00203 /* 00204 * Return the BER encoding of the next object 00205 */ 00206 BER_Object BER_Decoder::get_next_object() 00207 { 00208 BER_Object next; 00209 00210 if(pushed.type_tag != NO_OBJECT) 00211 { 00212 next = pushed; 00213 pushed.class_tag = pushed.type_tag = NO_OBJECT; 00214 return next; 00215 } 00216 00217 decode_tag(source, next.type_tag, next.class_tag); 00218 if(next.type_tag == NO_OBJECT) 00219 return next; 00220 00221 size_t length = decode_length(source); 00222 next.value.resize(length); 00223 if(source->read(&next.value[0], length) != length) 00224 throw BER_Decoding_Error("Value truncated"); 00225 00226 if(next.type_tag == EOC && next.class_tag == UNIVERSAL) 00227 return get_next_object(); 00228 00229 return next; 00230 } 00231 00232 BER_Decoder& BER_Decoder::get_next(BER_Object& ber) 00233 { 00234 ber = get_next_object(); 00235 return (*this); 00236 } 00237 00238 /* 00239 * Push a object back into the stream 00240 */ 00241 void BER_Decoder::push_back(const BER_Object& obj) 00242 { 00243 if(pushed.type_tag != NO_OBJECT) 00244 throw Invalid_State("BER_Decoder: Only one push back is allowed"); 00245 pushed = obj; 00246 } 00247 00248 /* 00249 * Begin decoding a CONSTRUCTED type 00250 */ 00251 BER_Decoder BER_Decoder::start_cons(ASN1_Tag type_tag, 00252 ASN1_Tag class_tag) 00253 { 00254 BER_Object obj = get_next_object(); 00255 obj.assert_is_a(type_tag, ASN1_Tag(class_tag | CONSTRUCTED)); 00256 00257 BER_Decoder result(&obj.value[0], obj.value.size()); 00258 result.parent = this; 00259 return result; 00260 } 00261 00262 /* 00263 * Finish decoding a CONSTRUCTED type 00264 */ 00265 BER_Decoder& BER_Decoder::end_cons() 00266 { 00267 if(!parent) 00268 throw Invalid_State("BER_Decoder::end_cons called with NULL parent"); 00269 if(!source->end_of_data()) 00270 throw Decoding_Error("BER_Decoder::end_cons called with data left"); 00271 return (*parent); 00272 } 00273 00274 /* 00275 * BER_Decoder Constructor 00276 */ 00277 BER_Decoder::BER_Decoder(DataSource& src) 00278 { 00279 source = &src; 00280 owns = false; 00281 pushed.type_tag = pushed.class_tag = NO_OBJECT; 00282 parent = nullptr; 00283 } 00284 00285 /* 00286 * BER_Decoder Constructor 00287 */ 00288 BER_Decoder::BER_Decoder(const byte data[], size_t length) 00289 { 00290 source = new DataSource_Memory(data, length); 00291 owns = true; 00292 pushed.type_tag = pushed.class_tag = NO_OBJECT; 00293 parent = nullptr; 00294 } 00295 00296 /* 00297 * BER_Decoder Constructor 00298 */ 00299 BER_Decoder::BER_Decoder(const secure_vector<byte>& data) 00300 { 00301 source = new DataSource_Memory(data); 00302 owns = true; 00303 pushed.type_tag = pushed.class_tag = NO_OBJECT; 00304 parent = nullptr; 00305 } 00306 00307 /* 00308 * BER_Decoder Constructor 00309 */ 00310 BER_Decoder::BER_Decoder(const std::vector<byte>& data) 00311 { 00312 source = new DataSource_Memory(&data[0], data.size()); 00313 owns = true; 00314 pushed.type_tag = pushed.class_tag = NO_OBJECT; 00315 parent = nullptr; 00316 } 00317 00318 /* 00319 * BER_Decoder Copy Constructor 00320 */ 00321 BER_Decoder::BER_Decoder(const BER_Decoder& other) 00322 { 00323 source = other.source; 00324 owns = false; 00325 if(other.owns) 00326 { 00327 other.owns = false; 00328 owns = true; 00329 } 00330 pushed.type_tag = pushed.class_tag = NO_OBJECT; 00331 parent = other.parent; 00332 } 00333 00334 /* 00335 * BER_Decoder Destructor 00336 */ 00337 BER_Decoder::~BER_Decoder() 00338 { 00339 if(owns) 00340 delete source; 00341 source = nullptr; 00342 } 00343 00344 /* 00345 * Request for an object to decode itself 00346 */ 00347 BER_Decoder& BER_Decoder::decode(ASN1_Object& obj, 00348 ASN1_Tag, ASN1_Tag) 00349 { 00350 obj.decode_from(*this); 00351 return (*this); 00352 } 00353 00354 /* 00355 * Decode a BER encoded NULL 00356 */ 00357 BER_Decoder& BER_Decoder::decode_null() 00358 { 00359 BER_Object obj = get_next_object(); 00360 obj.assert_is_a(NULL_TAG, UNIVERSAL); 00361 if(obj.value.size()) 00362 throw BER_Decoding_Error("NULL object had nonzero size"); 00363 return (*this); 00364 } 00365 00366 /* 00367 * Decode a BER encoded BOOLEAN 00368 */ 00369 BER_Decoder& BER_Decoder::decode(bool& out) 00370 { 00371 return decode(out, BOOLEAN, UNIVERSAL); 00372 } 00373 00374 /* 00375 * Decode a small BER encoded INTEGER 00376 */ 00377 BER_Decoder& BER_Decoder::decode(size_t& out) 00378 { 00379 return decode(out, INTEGER, UNIVERSAL); 00380 } 00381 00382 /* 00383 * Decode a BER encoded INTEGER 00384 */ 00385 BER_Decoder& BER_Decoder::decode(BigInt& out) 00386 { 00387 return decode(out, INTEGER, UNIVERSAL); 00388 } 00389 00390 BER_Decoder& BER_Decoder::decode_octet_string_bigint(BigInt& out) 00391 { 00392 secure_vector<byte> out_vec; 00393 decode(out_vec, OCTET_STRING); 00394 out = BigInt::decode(&out_vec[0], out_vec.size()); 00395 return (*this); 00396 } 00397 00398 std::vector<byte> BER_Decoder::get_next_octet_string() 00399 { 00400 std::vector<byte> out_vec; 00401 decode(out_vec, OCTET_STRING); 00402 return out_vec; 00403 } 00404 00405 /* 00406 * Decode a BER encoded BOOLEAN 00407 */ 00408 BER_Decoder& BER_Decoder::decode(bool& out, 00409 ASN1_Tag type_tag, ASN1_Tag class_tag) 00410 { 00411 BER_Object obj = get_next_object(); 00412 obj.assert_is_a(type_tag, class_tag); 00413 00414 if(obj.value.size() != 1) 00415 throw BER_Decoding_Error("BER boolean value had invalid size"); 00416 00417 out = (obj.value[0]) ? true : false; 00418 return (*this); 00419 } 00420 00421 /* 00422 * Decode a small BER encoded INTEGER 00423 */ 00424 BER_Decoder& BER_Decoder::decode(size_t& out, 00425 ASN1_Tag type_tag, ASN1_Tag class_tag) 00426 { 00427 BigInt integer; 00428 decode(integer, type_tag, class_tag); 00429 00430 if(integer.bits() > 32) 00431 throw BER_Decoding_Error("Decoded integer value larger than expected"); 00432 00433 out = 0; 00434 for(size_t i = 0; i != 4; ++i) 00435 out = (out << 8) | integer.byte_at(3-i); 00436 00437 return (*this); 00438 } 00439 00440 /* 00441 * Decode a small BER encoded INTEGER 00442 */ 00443 u64bit BER_Decoder::decode_constrained_integer(ASN1_Tag type_tag, 00444 ASN1_Tag class_tag, 00445 size_t T_bytes) 00446 { 00447 if(T_bytes > 8) 00448 throw BER_Decoding_Error("Can't decode small integer over 8 bytes"); 00449 00450 BigInt integer; 00451 decode(integer, type_tag, class_tag); 00452 00453 if(integer.bits() > 8*T_bytes) 00454 throw BER_Decoding_Error("Decoded integer value larger than expected"); 00455 00456 u64bit out = 0; 00457 for(size_t i = 0; i != 8; ++i) 00458 out = (out << 8) | integer.byte_at(7-i); 00459 00460 return out; 00461 } 00462 00463 /* 00464 * Decode a BER encoded INTEGER 00465 */ 00466 BER_Decoder& BER_Decoder::decode(BigInt& out, 00467 ASN1_Tag type_tag, ASN1_Tag class_tag) 00468 { 00469 BER_Object obj = get_next_object(); 00470 obj.assert_is_a(type_tag, class_tag); 00471 00472 if(obj.value.empty()) 00473 out = 0; 00474 else 00475 { 00476 const bool negative = (obj.value[0] & 0x80) ? true : false; 00477 00478 if(negative) 00479 { 00480 for(size_t i = obj.value.size(); i > 0; --i) 00481 if(obj.value[i-1]--) 00482 break; 00483 for(size_t i = 0; i != obj.value.size(); ++i) 00484 obj.value[i] = ~obj.value[i]; 00485 } 00486 00487 out = BigInt(&obj.value[0], obj.value.size()); 00488 00489 if(negative) 00490 out.flip_sign(); 00491 } 00492 00493 return (*this); 00494 } 00495 00496 /* 00497 * BER decode a BIT STRING or OCTET STRING 00498 */ 00499 BER_Decoder& BER_Decoder::decode(secure_vector<byte>& out, ASN1_Tag real_type) 00500 { 00501 return decode(out, real_type, real_type, UNIVERSAL); 00502 } 00503 00504 /* 00505 * BER decode a BIT STRING or OCTET STRING 00506 */ 00507 BER_Decoder& BER_Decoder::decode(std::vector<byte>& out, ASN1_Tag real_type) 00508 { 00509 return decode(out, real_type, real_type, UNIVERSAL); 00510 } 00511 00512 /* 00513 * BER decode a BIT STRING or OCTET STRING 00514 */ 00515 BER_Decoder& BER_Decoder::decode(secure_vector<byte>& buffer, 00516 ASN1_Tag real_type, 00517 ASN1_Tag type_tag, ASN1_Tag class_tag) 00518 { 00519 if(real_type != OCTET_STRING && real_type != BIT_STRING) 00520 throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type); 00521 00522 BER_Object obj = get_next_object(); 00523 obj.assert_is_a(type_tag, class_tag); 00524 00525 if(real_type == OCTET_STRING) 00526 buffer = obj.value; 00527 else 00528 { 00529 if(obj.value[0] >= 8) 00530 throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); 00531 00532 buffer.resize(obj.value.size() - 1); 00533 copy_mem(&buffer[0], &obj.value[1], obj.value.size() - 1); 00534 } 00535 return (*this); 00536 } 00537 00538 BER_Decoder& BER_Decoder::decode(std::vector<byte>& buffer, 00539 ASN1_Tag real_type, 00540 ASN1_Tag type_tag, ASN1_Tag class_tag) 00541 { 00542 if(real_type != OCTET_STRING && real_type != BIT_STRING) 00543 throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type); 00544 00545 BER_Object obj = get_next_object(); 00546 obj.assert_is_a(type_tag, class_tag); 00547 00548 if(real_type == OCTET_STRING) 00549 buffer = unlock(obj.value); 00550 else 00551 { 00552 if(obj.value[0] >= 8) 00553 throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); 00554 00555 buffer.resize(obj.value.size() - 1); 00556 copy_mem(&buffer[0], &obj.value[1], obj.value.size() - 1); 00557 } 00558 return (*this); 00559 } 00560 00561 }