Botan  1.11.15
src/lib/asn1/ber_dec.cpp
Go to the documentation of this file.
00001 /*
00002 * BER Decoder
00003 * (C) 1999-2008 Jack Lloyd
00004 *
00005 * Botan is released under the Simplified BSD License (see license.txt)
00006 */
00007 
00008 #include <botan/ber_dec.h>
00009 #include <botan/bigint.h>
00010 #include <botan/get_byte.h>
00011 
00012 namespace Botan {
00013 
00014 namespace {
00015 
00016 /*
00017 * BER decode an ASN.1 type tag
00018 */
00019 size_t decode_tag(DataSource* ber, ASN1_Tag& type_tag, ASN1_Tag& class_tag)
00020    {
00021    byte b;
00022    if(!ber->read_byte(b))
00023       {
00024       class_tag = type_tag = NO_OBJECT;
00025       return 0;
00026       }
00027 
00028    if((b & 0x1F) != 0x1F)
00029       {
00030       type_tag = ASN1_Tag(b & 0x1F);
00031       class_tag = ASN1_Tag(b & 0xE0);
00032       return 1;
00033       }
00034 
00035    size_t tag_bytes = 1;
00036    class_tag = ASN1_Tag(b & 0xE0);
00037 
00038    size_t tag_buf = 0;
00039    while(true)
00040       {
00041       if(!ber->read_byte(b))
00042          throw BER_Decoding_Error("Long-form tag truncated");
00043       if(tag_buf & 0xFF000000)
00044          throw BER_Decoding_Error("Long-form tag overflowed 32 bits");
00045       ++tag_bytes;
00046       tag_buf = (tag_buf << 7) | (b & 0x7F);
00047       if((b & 0x80) == 0) break;
00048       }
00049    type_tag = ASN1_Tag(tag_buf);
00050    return tag_bytes;
00051    }
00052 
00053 /*
00054 * Find the EOC marker
00055 */
00056 size_t find_eoc(DataSource*);
00057 
00058 /*
00059 * BER decode an ASN.1 length field
00060 */
00061 size_t decode_length(DataSource* ber, size_t& field_size)
00062    {
00063    byte b;
00064    if(!ber->read_byte(b))
00065       throw BER_Decoding_Error("Length field not found");
00066    field_size = 1;
00067    if((b & 0x80) == 0)
00068       return b;
00069 
00070    field_size += (b & 0x7F);
00071    if(field_size == 1) return find_eoc(ber);
00072    if(field_size > 5)
00073       throw BER_Decoding_Error("Length field is too large");
00074 
00075    size_t length = 0;
00076 
00077    for(size_t i = 0; i != field_size - 1; ++i)
00078       {
00079       if(get_byte(0, length) != 0)
00080          throw BER_Decoding_Error("Field length overflow");
00081       if(!ber->read_byte(b))
00082          throw BER_Decoding_Error("Corrupted length field");
00083       length = (length << 8) | b;
00084       }
00085    return length;
00086    }
00087 
00088 /*
00089 * BER decode an ASN.1 length field
00090 */
00091 size_t decode_length(DataSource* ber)
00092    {
00093    size_t dummy;
00094    return decode_length(ber, dummy);
00095    }
00096 
00097 /*
00098 * Find the EOC marker
00099 */
00100 size_t find_eoc(DataSource* ber)
00101    {
00102    secure_vector<byte> buffer(DEFAULT_BUFFERSIZE), data;
00103 
00104    while(true)
00105       {
00106       const size_t got = ber->peek(&buffer[0], buffer.size(), data.size());
00107       if(got == 0)
00108          break;
00109 
00110       data += std::make_pair(&buffer[0], got);
00111       }
00112 
00113    DataSource_Memory source(data);
00114    data.clear();
00115 
00116    size_t length = 0;
00117    while(true)
00118       {
00119       ASN1_Tag type_tag, class_tag;
00120       size_t tag_size = decode_tag(&source, type_tag, class_tag);
00121       if(type_tag == NO_OBJECT)
00122          break;
00123 
00124       size_t length_size = 0;
00125       size_t item_size = decode_length(&source, length_size);
00126       source.discard_next(item_size);
00127 
00128       length += item_size + length_size + tag_size;
00129 
00130       if(type_tag == EOC && class_tag == UNIVERSAL)
00131          break;
00132       }
00133    return length;
00134    }
00135 
00136 }
00137 
00138 /*
00139 * Check a type invariant on BER data
00140 */
00141 void BER_Object::assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag)
00142    {
00143    if(this->type_tag != type_tag || this->class_tag != class_tag)
00144       throw BER_Decoding_Error("Tag mismatch when decoding got " +
00145                                std::to_string(this->type_tag) + "/" +
00146                                std::to_string(this->class_tag) + " expected " +
00147                                std::to_string(type_tag) + "/" +
00148                                std::to_string(class_tag));
00149    }
00150 
00151 /*
00152 * Check if more objects are there
00153 */
00154 bool BER_Decoder::more_items() const
00155    {
00156    if(source->end_of_data() && (pushed.type_tag == NO_OBJECT))
00157       return false;
00158    return true;
00159    }
00160 
00161 /*
00162 * Verify that no bytes remain in the source
00163 */
00164 BER_Decoder& BER_Decoder::verify_end()
00165    {
00166    if(!source->end_of_data() || (pushed.type_tag != NO_OBJECT))
00167       throw Invalid_State("BER_Decoder::verify_end called, but data remains");
00168    return (*this);
00169    }
00170 
00171 /*
00172 * Save all the bytes remaining in the source
00173 */
00174 BER_Decoder& BER_Decoder::raw_bytes(secure_vector<byte>& out)
00175    {
00176    out.clear();
00177    byte buf;
00178    while(source->read_byte(buf))
00179       out.push_back(buf);
00180    return (*this);
00181    }
00182 
00183 BER_Decoder& BER_Decoder::raw_bytes(std::vector<byte>& out)
00184    {
00185    out.clear();
00186    byte buf;
00187    while(source->read_byte(buf))
00188       out.push_back(buf);
00189    return (*this);
00190    }
00191 
00192 /*
00193 * Discard all the bytes remaining in the source
00194 */
00195 BER_Decoder& BER_Decoder::discard_remaining()
00196    {
00197    byte buf;
00198    while(source->read_byte(buf))
00199       ;
00200    return (*this);
00201    }
00202 
00203 /*
00204 * Return the BER encoding of the next object
00205 */
00206 BER_Object BER_Decoder::get_next_object()
00207    {
00208    BER_Object next;
00209 
00210    if(pushed.type_tag != NO_OBJECT)
00211       {
00212       next = pushed;
00213       pushed.class_tag = pushed.type_tag = NO_OBJECT;
00214       return next;
00215       }
00216 
00217    decode_tag(source, next.type_tag, next.class_tag);
00218    if(next.type_tag == NO_OBJECT)
00219       return next;
00220 
00221    size_t length = decode_length(source);
00222    next.value.resize(length);
00223    if(source->read(&next.value[0], length) != length)
00224       throw BER_Decoding_Error("Value truncated");
00225 
00226    if(next.type_tag == EOC && next.class_tag == UNIVERSAL)
00227       return get_next_object();
00228 
00229    return next;
00230    }
00231 
00232 BER_Decoder& BER_Decoder::get_next(BER_Object& ber)
00233    {
00234    ber = get_next_object();
00235    return (*this);
00236    }
00237 
00238 /*
00239 * Push a object back into the stream
00240 */
00241 void BER_Decoder::push_back(const BER_Object& obj)
00242    {
00243    if(pushed.type_tag != NO_OBJECT)
00244       throw Invalid_State("BER_Decoder: Only one push back is allowed");
00245    pushed = obj;
00246    }
00247 
00248 /*
00249 * Begin decoding a CONSTRUCTED type
00250 */
00251 BER_Decoder BER_Decoder::start_cons(ASN1_Tag type_tag,
00252                                     ASN1_Tag class_tag)
00253    {
00254    BER_Object obj = get_next_object();
00255    obj.assert_is_a(type_tag, ASN1_Tag(class_tag | CONSTRUCTED));
00256 
00257    BER_Decoder result(&obj.value[0], obj.value.size());
00258    result.parent = this;
00259    return result;
00260    }
00261 
00262 /*
00263 * Finish decoding a CONSTRUCTED type
00264 */
00265 BER_Decoder& BER_Decoder::end_cons()
00266    {
00267    if(!parent)
00268       throw Invalid_State("BER_Decoder::end_cons called with NULL parent");
00269    if(!source->end_of_data())
00270       throw Decoding_Error("BER_Decoder::end_cons called with data left");
00271    return (*parent);
00272    }
00273 
00274 /*
00275 * BER_Decoder Constructor
00276 */
00277 BER_Decoder::BER_Decoder(DataSource& src)
00278    {
00279    source = &src;
00280    owns = false;
00281    pushed.type_tag = pushed.class_tag = NO_OBJECT;
00282    parent = nullptr;
00283    }
00284 
00285 /*
00286 * BER_Decoder Constructor
00287  */
00288 BER_Decoder::BER_Decoder(const byte data[], size_t length)
00289    {
00290    source = new DataSource_Memory(data, length);
00291    owns = true;
00292    pushed.type_tag = pushed.class_tag = NO_OBJECT;
00293    parent = nullptr;
00294    }
00295 
00296 /*
00297 * BER_Decoder Constructor
00298 */
00299 BER_Decoder::BER_Decoder(const secure_vector<byte>& data)
00300    {
00301    source = new DataSource_Memory(data);
00302    owns = true;
00303    pushed.type_tag = pushed.class_tag = NO_OBJECT;
00304    parent = nullptr;
00305    }
00306 
00307 /*
00308 * BER_Decoder Constructor
00309 */
00310 BER_Decoder::BER_Decoder(const std::vector<byte>& data)
00311    {
00312    source = new DataSource_Memory(&data[0], data.size());
00313    owns = true;
00314    pushed.type_tag = pushed.class_tag = NO_OBJECT;
00315    parent = nullptr;
00316    }
00317 
00318 /*
00319 * BER_Decoder Copy Constructor
00320 */
00321 BER_Decoder::BER_Decoder(const BER_Decoder& other)
00322    {
00323    source = other.source;
00324    owns = false;
00325    if(other.owns)
00326       {
00327       other.owns = false;
00328       owns = true;
00329       }
00330    pushed.type_tag = pushed.class_tag = NO_OBJECT;
00331    parent = other.parent;
00332    }
00333 
00334 /*
00335 * BER_Decoder Destructor
00336 */
00337 BER_Decoder::~BER_Decoder()
00338    {
00339    if(owns)
00340       delete source;
00341    source = nullptr;
00342    }
00343 
00344 /*
00345 * Request for an object to decode itself
00346 */
00347 BER_Decoder& BER_Decoder::decode(ASN1_Object& obj,
00348                                  ASN1_Tag, ASN1_Tag)
00349    {
00350    obj.decode_from(*this);
00351    return (*this);
00352    }
00353 
00354 /*
00355 * Decode a BER encoded NULL
00356 */
00357 BER_Decoder& BER_Decoder::decode_null()
00358    {
00359    BER_Object obj = get_next_object();
00360    obj.assert_is_a(NULL_TAG, UNIVERSAL);
00361    if(obj.value.size())
00362       throw BER_Decoding_Error("NULL object had nonzero size");
00363    return (*this);
00364    }
00365 
00366 /*
00367 * Decode a BER encoded BOOLEAN
00368 */
00369 BER_Decoder& BER_Decoder::decode(bool& out)
00370    {
00371    return decode(out, BOOLEAN, UNIVERSAL);
00372    }
00373 
00374 /*
00375 * Decode a small BER encoded INTEGER
00376 */
00377 BER_Decoder& BER_Decoder::decode(size_t& out)
00378    {
00379    return decode(out, INTEGER, UNIVERSAL);
00380    }
00381 
00382 /*
00383 * Decode a BER encoded INTEGER
00384 */
00385 BER_Decoder& BER_Decoder::decode(BigInt& out)
00386    {
00387    return decode(out, INTEGER, UNIVERSAL);
00388    }
00389 
00390 BER_Decoder& BER_Decoder::decode_octet_string_bigint(BigInt& out)
00391    {
00392    secure_vector<byte> out_vec;
00393    decode(out_vec, OCTET_STRING);
00394    out = BigInt::decode(&out_vec[0], out_vec.size());
00395    return (*this);
00396    }
00397 
00398 std::vector<byte> BER_Decoder::get_next_octet_string()
00399    {
00400    std::vector<byte> out_vec;
00401    decode(out_vec, OCTET_STRING);
00402    return out_vec;
00403    }
00404 
00405 /*
00406 * Decode a BER encoded BOOLEAN
00407 */
00408 BER_Decoder& BER_Decoder::decode(bool& out,
00409                                  ASN1_Tag type_tag, ASN1_Tag class_tag)
00410    {
00411    BER_Object obj = get_next_object();
00412    obj.assert_is_a(type_tag, class_tag);
00413 
00414    if(obj.value.size() != 1)
00415       throw BER_Decoding_Error("BER boolean value had invalid size");
00416 
00417    out = (obj.value[0]) ? true : false;
00418    return (*this);
00419    }
00420 
00421 /*
00422 * Decode a small BER encoded INTEGER
00423 */
00424 BER_Decoder& BER_Decoder::decode(size_t& out,
00425                                  ASN1_Tag type_tag, ASN1_Tag class_tag)
00426    {
00427    BigInt integer;
00428    decode(integer, type_tag, class_tag);
00429 
00430    if(integer.bits() > 32)
00431       throw BER_Decoding_Error("Decoded integer value larger than expected");
00432 
00433    out = 0;
00434    for(size_t i = 0; i != 4; ++i)
00435       out = (out << 8) | integer.byte_at(3-i);
00436 
00437    return (*this);
00438    }
00439 
00440 /*
00441 * Decode a small BER encoded INTEGER
00442 */
00443 u64bit BER_Decoder::decode_constrained_integer(ASN1_Tag type_tag,
00444                                                ASN1_Tag class_tag,
00445                                                size_t T_bytes)
00446    {
00447    if(T_bytes > 8)
00448       throw BER_Decoding_Error("Can't decode small integer over 8 bytes");
00449 
00450    BigInt integer;
00451    decode(integer, type_tag, class_tag);
00452 
00453    if(integer.bits() > 8*T_bytes)
00454       throw BER_Decoding_Error("Decoded integer value larger than expected");
00455 
00456    u64bit out = 0;
00457    for(size_t i = 0; i != 8; ++i)
00458       out = (out << 8) | integer.byte_at(7-i);
00459 
00460    return out;
00461    }
00462 
00463 /*
00464 * Decode a BER encoded INTEGER
00465 */
00466 BER_Decoder& BER_Decoder::decode(BigInt& out,
00467                                  ASN1_Tag type_tag, ASN1_Tag class_tag)
00468    {
00469    BER_Object obj = get_next_object();
00470    obj.assert_is_a(type_tag, class_tag);
00471 
00472    if(obj.value.empty())
00473       out = 0;
00474    else
00475       {
00476       const bool negative = (obj.value[0] & 0x80) ? true : false;
00477 
00478       if(negative)
00479          {
00480          for(size_t i = obj.value.size(); i > 0; --i)
00481             if(obj.value[i-1]--)
00482                break;
00483          for(size_t i = 0; i != obj.value.size(); ++i)
00484             obj.value[i] = ~obj.value[i];
00485          }
00486 
00487       out = BigInt(&obj.value[0], obj.value.size());
00488 
00489       if(negative)
00490          out.flip_sign();
00491       }
00492 
00493    return (*this);
00494    }
00495 
00496 /*
00497 * BER decode a BIT STRING or OCTET STRING
00498 */
00499 BER_Decoder& BER_Decoder::decode(secure_vector<byte>& out, ASN1_Tag real_type)
00500    {
00501    return decode(out, real_type, real_type, UNIVERSAL);
00502    }
00503 
00504 /*
00505 * BER decode a BIT STRING or OCTET STRING
00506 */
00507 BER_Decoder& BER_Decoder::decode(std::vector<byte>& out, ASN1_Tag real_type)
00508    {
00509    return decode(out, real_type, real_type, UNIVERSAL);
00510    }
00511 
00512 /*
00513 * BER decode a BIT STRING or OCTET STRING
00514 */
00515 BER_Decoder& BER_Decoder::decode(secure_vector<byte>& buffer,
00516                                  ASN1_Tag real_type,
00517                                  ASN1_Tag type_tag, ASN1_Tag class_tag)
00518    {
00519    if(real_type != OCTET_STRING && real_type != BIT_STRING)
00520       throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type);
00521 
00522    BER_Object obj = get_next_object();
00523    obj.assert_is_a(type_tag, class_tag);
00524 
00525    if(real_type == OCTET_STRING)
00526       buffer = obj.value;
00527    else
00528       {
00529       if(obj.value[0] >= 8)
00530          throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
00531 
00532       buffer.resize(obj.value.size() - 1);
00533       copy_mem(&buffer[0], &obj.value[1], obj.value.size() - 1);
00534       }
00535    return (*this);
00536    }
00537 
00538 BER_Decoder& BER_Decoder::decode(std::vector<byte>& buffer,
00539                                  ASN1_Tag real_type,
00540                                  ASN1_Tag type_tag, ASN1_Tag class_tag)
00541    {
00542    if(real_type != OCTET_STRING && real_type != BIT_STRING)
00543       throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type);
00544 
00545    BER_Object obj = get_next_object();
00546    obj.assert_is_a(type_tag, class_tag);
00547 
00548    if(real_type == OCTET_STRING)
00549       buffer = unlock(obj.value);
00550    else
00551       {
00552       if(obj.value[0] >= 8)
00553          throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
00554 
00555       buffer.resize(obj.value.size() - 1);
00556       copy_mem(&buffer[0], &obj.value[1], obj.value.size() - 1);
00557       }
00558    return (*this);
00559    }
00560 
00561 }