/src/botan/src/lib/asn1/ber_dec.cpp
Line | Count | Source |
1 | | /* |
2 | | * BER Decoder |
3 | | * (C) 1999-2008,2015,2017,2018,2026 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #include <botan/ber_dec.h> |
9 | | |
10 | | #include <botan/bigint.h> |
11 | | #include <botan/data_src.h> |
12 | | #include <botan/internal/int_utils.h> |
13 | | #include <botan/internal/loadstor.h> |
14 | | #include <memory> |
15 | | |
16 | | namespace Botan { |
17 | | |
18 | | namespace { |
19 | | |
20 | 2.96M | bool is_constructed(ASN1_Class class_tag) { |
21 | 2.96M | return (static_cast<uint32_t>(class_tag) & static_cast<uint32_t>(ASN1_Class::Constructed)) != 0; |
22 | 2.96M | } |
23 | | |
24 | | /* |
25 | | * BER decode an ASN.1 type tag |
26 | | */ |
27 | 2.26M | size_t decode_tag(DataSource* ber, ASN1_Type& type_tag, ASN1_Class& class_tag) { |
28 | 2.26M | auto b = ber->read_byte(); |
29 | | |
30 | 2.26M | if(!b) { |
31 | 54.4k | type_tag = ASN1_Type::NoObject; |
32 | 54.4k | class_tag = ASN1_Class::NoObject; |
33 | 54.4k | return 0; |
34 | 54.4k | } |
35 | | |
36 | 2.21M | if((*b & 0x1F) != 0x1F) { |
37 | 2.20M | type_tag = ASN1_Type(*b & 0x1F); |
38 | 2.20M | class_tag = ASN1_Class(*b & 0xE0); |
39 | 2.20M | return 1; |
40 | 2.20M | } |
41 | | |
42 | 8.34k | size_t tag_bytes = 1; |
43 | 8.34k | class_tag = ASN1_Class(*b & 0xE0); |
44 | | |
45 | 8.34k | uint32_t tag_buf = 0; |
46 | 23.0k | while(true) { |
47 | 23.0k | b = ber->read_byte(); |
48 | 23.0k | if(!b) { |
49 | 568 | throw BER_Decoding_Error("Long-form tag truncated"); |
50 | 568 | } |
51 | 22.4k | if((tag_buf >> 24) != 0) { |
52 | 447 | throw BER_Decoding_Error("Long-form tag overflowed 32 bits"); |
53 | 447 | } |
54 | | // This is required even by BER (see X.690 section 8.1.2.4.2 sentence c). |
55 | | // Bits 7-1 of the first subsequent octet must not be all zero; this rules |
56 | | // out both 0x80 (continuation with no data) and 0x00 (a long-form encoding |
57 | | // of tag value 0, which collides with the EOC marker). |
58 | 22.0k | if(tag_bytes == 1 && (*b & 0x7F) == 0) { |
59 | 320 | throw BER_Decoding_Error("Long form tag with leading zero"); |
60 | 320 | } |
61 | 21.6k | ++tag_bytes; |
62 | 21.6k | tag_buf = (tag_buf << 7) | (*b & 0x7F); |
63 | 21.6k | if((*b & 0x80) == 0) { |
64 | 7.01k | break; |
65 | 7.01k | } |
66 | 21.6k | } |
67 | | // Per X.690 8.1.2.2, tag values 0-30 shall be encoded in the short form. |
68 | | // Long-form encoding is reserved for tag values >= 31 (X.690 8.1.2.3). |
69 | | // This is unconditional and applies to BER as well as DER. |
70 | 7.01k | if(tag_buf <= 30) { |
71 | 502 | throw BER_Decoding_Error("Long-form tag encoding used for small tag value"); |
72 | 502 | } |
73 | | |
74 | 6.51k | if(tag_buf == static_cast<uint32_t>(ASN1_Type::NoObject)) { |
75 | 75 | throw BER_Decoding_Error("Tag value collides with internal sentinel"); |
76 | 75 | } |
77 | | |
78 | | // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) |
79 | 6.43k | type_tag = ASN1_Type(tag_buf); |
80 | 6.43k | return tag_bytes; |
81 | 6.51k | } |
82 | | |
83 | | /* |
84 | | * Find the EOC marker by scanning TLVs via peek, without buffering. |
85 | | * Returns the number of bytes before and including the EOC marker. |
86 | | */ |
87 | | size_t find_eoc(DataSource* src, size_t base_offset, size_t allow_indef); |
88 | | |
89 | | /* |
90 | | * Result of decoding a BER length field. |
91 | | * |
92 | | * If indefinite is true, indefinite-length encoding was used: content_length |
93 | | * is the number of content bytes (excluding the 2-byte EOC marker) and the |
94 | | * caller must consume the EOC bytes after reading the content. |
95 | | */ |
96 | | class BerDecodedLength final { |
97 | | public: |
98 | | BerDecodedLength(size_t content_length, size_t field_length) : |
99 | 2.14M | BerDecodedLength(content_length, field_length, false) {} |
100 | | |
101 | 55.7k | static BerDecodedLength indefinite(size_t content_length, size_t field_length) { |
102 | 55.7k | return BerDecodedLength(content_length, field_length, true); |
103 | 55.7k | } |
104 | | |
105 | 6.59M | size_t content_length() const { return m_content_length; } |
106 | | |
107 | | // Length plus the EOC bytes if an indefinite length field |
108 | 2.19M | size_t total_length() const { return m_indefinite ? m_content_length + 2 : m_content_length; } |
109 | | |
110 | 0 | size_t field_length() const { return m_field_length; } |
111 | | |
112 | 2.20M | bool indefinite_length() const { return m_indefinite; } |
113 | | |
114 | | private: |
115 | | BerDecodedLength(size_t content_length, size_t field_length, bool indefinite) : |
116 | 2.20M | m_content_length(content_length), m_field_length(field_length), m_indefinite(indefinite) {} |
117 | | |
118 | | size_t m_content_length; |
119 | | size_t m_field_length; |
120 | | bool m_indefinite; |
121 | | }; |
122 | | |
123 | | /* |
124 | | * BER decode an ASN.1 length field |
125 | | */ |
126 | 2.20M | BerDecodedLength decode_length(DataSource* ber, size_t allow_indef, bool der_mode, bool constructed) { |
127 | 2.20M | uint8_t b = 0; |
128 | 2.20M | if(ber->read_byte(b) == 0) { |
129 | 2.82k | throw BER_Decoding_Error("Length field not found"); |
130 | 2.82k | } |
131 | 2.20M | if((b & 0x80) == 0) { |
132 | 2.01M | return BerDecodedLength(b, 1); |
133 | 2.01M | } |
134 | | |
135 | 194k | const size_t num_length_bytes = (b & 0x7F); |
136 | 194k | if(num_length_bytes > 4) { |
137 | 1.81k | throw BER_Decoding_Error("Length field is too large"); |
138 | 1.81k | } |
139 | | |
140 | 192k | const size_t field_size = 1 + num_length_bytes; |
141 | | |
142 | 192k | if(num_length_bytes == 0) { |
143 | 59.3k | if(der_mode) { |
144 | 122 | throw BER_Decoding_Error("Detected indefinite-length encoding in DER structure"); |
145 | 59.2k | } else if(!constructed) { |
146 | | // Indefinite length is only valid for constructed types (X.690 8.1.3.2) |
147 | 264 | throw BER_Decoding_Error("Indefinite-length encoding used with non-constructed type"); |
148 | 58.9k | } else if(allow_indef == 0) { |
149 | 0 | throw BER_Decoding_Error("Nested EOC markers too deep, rejecting to avoid stack exhaustion"); |
150 | 58.9k | } else { |
151 | | // find_eoc returns bytes up to and including the EOC marker. |
152 | | // Return the content length; the caller consumes the EOC separately. |
153 | 58.9k | const size_t eoc_len = find_eoc(ber, /*base_offset=*/0, allow_indef - 1); |
154 | 58.9k | if(eoc_len < 2) { |
155 | 0 | throw BER_Decoding_Error("Invalid EOC encoding"); |
156 | 0 | } |
157 | 58.9k | return BerDecodedLength::indefinite(eoc_len - 2, field_size); |
158 | 58.9k | } |
159 | 59.3k | } |
160 | | |
161 | 132k | size_t length = 0; |
162 | | |
163 | 358k | for(size_t i = 0; i != num_length_bytes; ++i) { |
164 | 225k | if(ber->read_byte(b) == 0) { |
165 | 307 | throw BER_Decoding_Error("Corrupted length field"); |
166 | 307 | } |
167 | | // Can't overflow since we already checked that num_length_bytes <= 4 |
168 | 225k | length = (length << 8) | b; |
169 | 225k | } |
170 | | |
171 | | // DER requires shortest possible length encoding |
172 | 132k | if(der_mode) { |
173 | 129k | if(length < 128) { |
174 | 98 | throw BER_Decoding_Error("Detected non-canonical length encoding in DER structure"); |
175 | 98 | } |
176 | 128k | if(num_length_bytes > 1 && length < (size_t(1) << ((num_length_bytes - 1) * 8))) { |
177 | 13 | throw BER_Decoding_Error("Detected non-canonical length encoding in DER structure"); |
178 | 13 | } |
179 | 128k | } |
180 | | |
181 | 132k | return BerDecodedLength(length, field_size); |
182 | 132k | } |
183 | | |
184 | | /* |
185 | | * Peek a tag from the source at the given offset without consuming any data. |
186 | | * Returns the number of bytes consumed by the tag, or 0 on EOF. |
187 | | */ |
188 | 545k | size_t peek_tag(DataSource* src, size_t offset, ASN1_Type& type_tag, ASN1_Class& class_tag) { |
189 | 545k | uint8_t b = 0; |
190 | 545k | if(src->peek(&b, 1, offset) == 0) { |
191 | 579 | type_tag = ASN1_Type::NoObject; |
192 | 579 | class_tag = ASN1_Class::NoObject; |
193 | 579 | return 0; |
194 | 579 | } |
195 | | |
196 | 544k | if((b & 0x1F) != 0x1F) { |
197 | 538k | type_tag = ASN1_Type(b & 0x1F); |
198 | 538k | class_tag = ASN1_Class(b & 0xE0); |
199 | 538k | return 1; |
200 | 538k | } |
201 | | |
202 | 6.74k | class_tag = ASN1_Class(b & 0xE0); |
203 | 6.74k | size_t tag_bytes = 1; |
204 | 6.74k | uint32_t tag_buf = 0; |
205 | | |
206 | 14.1k | while(true) { |
207 | 14.1k | if(src->peek(&b, 1, offset + tag_bytes) == 0) { |
208 | 360 | throw BER_Decoding_Error("Long-form tag truncated"); |
209 | 360 | } |
210 | 13.8k | if((tag_buf >> 24) != 0) { |
211 | 224 | throw BER_Decoding_Error("Long-form tag overflowed 32 bits"); |
212 | 224 | } |
213 | | // Required even by BER (X.690 section 8.1.2.4.2 sentence c). |
214 | | // Bits 7-1 of the first subsequent octet must not be all zero; this rules |
215 | | // out both 0x80 (continuation with no data) and 0x00 (a long-form encoding |
216 | | // of tag value 0, which collides with the EOC marker). |
217 | 13.6k | if(tag_bytes == 1 && (b & 0x7F) == 0) { |
218 | 205 | throw BER_Decoding_Error("Long form tag with leading zero"); |
219 | 205 | } |
220 | 13.4k | ++tag_bytes; |
221 | 13.4k | tag_buf = (tag_buf << 7) | (b & 0x7F); |
222 | 13.4k | if((b & 0x80) == 0) { |
223 | 5.95k | break; |
224 | 5.95k | } |
225 | 13.4k | } |
226 | | |
227 | | // Per X.690 8.1.2.2, tag values 0-30 shall be encoded in the short form. |
228 | | // Long-form encoding is reserved for tag values >= 31 (X.690 8.1.2.3). |
229 | | // This is unconditional and applies to BER as well as DER. |
230 | 5.95k | if(tag_buf <= 30) { |
231 | 206 | throw BER_Decoding_Error("Long-form tag encoding used for small tag value"); |
232 | 206 | } |
233 | | |
234 | 5.74k | if(tag_buf == static_cast<uint32_t>(ASN1_Type::NoObject)) { |
235 | 248 | throw BER_Decoding_Error("Tag value collides with internal sentinel"); |
236 | 248 | } |
237 | | |
238 | | // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) |
239 | 5.49k | type_tag = ASN1_Type(tag_buf); |
240 | 5.49k | return tag_bytes; |
241 | 5.74k | } |
242 | | |
243 | | /* |
244 | | * Peek a length from the source at the given offset without consuming any data. |
245 | | * Returns the decoded length and sets field_size to the number of bytes consumed. |
246 | | * For indefinite-length encoding, recursively scans ahead to find the EOC marker. |
247 | | */ |
248 | 543k | size_t peek_length(DataSource* src, size_t offset, size_t& field_size, size_t allow_indef, bool constructed) { |
249 | 543k | uint8_t b = 0; |
250 | 543k | if(src->peek(&b, 1, offset) == 0) { |
251 | 418 | throw BER_Decoding_Error("Length field not found"); |
252 | 418 | } |
253 | | |
254 | 543k | field_size = 1; |
255 | 543k | if((b & 0x80) == 0) { |
256 | 429k | return b; |
257 | 429k | } |
258 | | |
259 | 114k | const size_t num_length_bytes = (b & 0x7F); |
260 | 114k | field_size += num_length_bytes; |
261 | 114k | if(field_size > 5) { |
262 | 328 | throw BER_Decoding_Error("Length field is too large"); |
263 | 328 | } |
264 | | |
265 | 113k | if(num_length_bytes == 0) { |
266 | | // Indefinite length is only valid for constructed types (X.690 8.1.3.2) |
267 | 104k | if(!constructed) { |
268 | 72 | throw BER_Decoding_Error("Indefinite-length encoding used with non-constructed type"); |
269 | 72 | } |
270 | 104k | if(allow_indef == 0) { |
271 | 67 | throw BER_Decoding_Error("Nested EOC markers too deep, rejecting to avoid stack exhaustion"); |
272 | 67 | } |
273 | 104k | return find_eoc(src, offset + 1, allow_indef - 1); |
274 | 104k | } |
275 | | |
276 | 9.05k | size_t length = 0; |
277 | 38.6k | for(size_t i = 0; i < num_length_bytes; ++i) { |
278 | 29.8k | if(src->peek(&b, 1, offset + 1 + i) == 0) { |
279 | 217 | throw BER_Decoding_Error("Corrupted length field"); |
280 | 217 | } |
281 | 29.6k | if(get_byte<0>(length) != 0) { |
282 | 0 | throw BER_Decoding_Error("Field length overflow"); |
283 | 0 | } |
284 | 29.6k | length = (length << 8) | b; |
285 | 29.6k | } |
286 | 8.83k | return length; |
287 | 9.05k | } |
288 | | |
289 | | /* |
290 | | * Find the EOC marker by scanning TLVs via peek, without buffering. |
291 | | * Returns the number of bytes before and including the EOC marker. |
292 | | */ |
293 | 163k | size_t find_eoc(DataSource* src, size_t base_offset, size_t allow_indef) { |
294 | 163k | size_t offset = base_offset; |
295 | | |
296 | 545k | while(true) { |
297 | 545k | ASN1_Type type_tag = ASN1_Type::NoObject; |
298 | 545k | ASN1_Class class_tag = ASN1_Class::NoObject; |
299 | 545k | const size_t tag_size = peek_tag(src, offset, type_tag, class_tag); |
300 | 545k | if(type_tag == ASN1_Type::NoObject) { |
301 | 579 | throw BER_Decoding_Error("Missing EOC marker in indefinite-length encoding"); |
302 | 579 | } |
303 | | |
304 | 544k | size_t length_size = 0; |
305 | 544k | const size_t item_size = peek_length(src, offset + tag_size, length_size, allow_indef, is_constructed(class_tag)); |
306 | | |
307 | 544k | if(auto new_offset = checked_add(offset, tag_size, length_size, item_size)) { |
308 | 541k | offset = new_offset.value(); |
309 | 541k | } else { |
310 | 3.63k | throw Decoding_Error("Integer overflow while scanning for EOC"); |
311 | 3.63k | } |
312 | | |
313 | 541k | if(type_tag == ASN1_Type::Eoc && class_tag == ASN1_Class::Universal) { |
314 | | // Per X.690 8.1.5 the EOC marker is exactly two zero octets |
315 | 159k | if(length_size != 1 || item_size != 0) { |
316 | 341 | throw BER_Decoding_Error("EOC marker with non-zero length"); |
317 | 341 | } |
318 | 159k | break; |
319 | 159k | } |
320 | 541k | } |
321 | | |
322 | 159k | return offset - base_offset; |
323 | 163k | } |
324 | | |
325 | | class DataSource_BERObject final : public DataSource { |
326 | | public: |
327 | 26.4M | size_t read(uint8_t out[], size_t length) override { |
328 | 26.4M | BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length()); |
329 | 26.4M | const size_t got = std::min<size_t>(m_obj.length() - m_offset, length); |
330 | 26.4M | copy_mem(out, m_obj.bits() + m_offset, got); |
331 | 26.4M | m_offset += got; |
332 | 26.4M | return got; |
333 | 26.4M | } |
334 | | |
335 | 255k | size_t peek(uint8_t out[], size_t length, size_t peek_offset) const override { |
336 | 255k | BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length()); |
337 | 255k | const size_t bytes_left = m_obj.length() - m_offset; |
338 | | |
339 | 255k | if(peek_offset >= bytes_left) { |
340 | 62 | return 0; |
341 | 62 | } |
342 | | |
343 | 255k | const size_t got = std::min(bytes_left - peek_offset, length); |
344 | 255k | copy_mem(out, m_obj.bits() + m_offset + peek_offset, got); |
345 | 255k | return got; |
346 | 255k | } |
347 | | |
348 | 1.24M | bool check_available(size_t n) override { |
349 | 1.24M | BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length()); |
350 | 1.24M | return (n <= (m_obj.length() - m_offset)); |
351 | 1.24M | } |
352 | | |
353 | 1.08M | bool end_of_data() const override { return get_bytes_read() == m_obj.length(); } |
354 | | |
355 | 1.08M | size_t get_bytes_read() const override { return m_offset; } |
356 | | |
357 | 764k | explicit DataSource_BERObject(BER_Object&& obj) : m_obj(std::move(obj)) {} |
358 | | |
359 | | private: |
360 | | BER_Object m_obj; |
361 | | size_t m_offset = 0; |
362 | | }; |
363 | | |
364 | | } // namespace |
365 | | |
366 | 1.29M | BER_Decoder::~BER_Decoder() = default; |
367 | | |
368 | | /* |
369 | | * Check if more objects are there |
370 | | */ |
371 | 671k | bool BER_Decoder::more_items() const { |
372 | 671k | if(m_source->end_of_data() && !m_pushed.is_set()) { |
373 | 212k | return false; |
374 | 212k | } |
375 | 459k | return true; |
376 | 671k | } |
377 | | |
378 | | /* |
379 | | * Verify that no bytes remain in the source |
380 | | */ |
381 | 208k | BER_Decoder& BER_Decoder::verify_end() { |
382 | 208k | return verify_end("BER_Decoder::verify_end called, but data remains"); |
383 | 208k | } |
384 | | |
385 | | /* |
386 | | * Verify that no bytes remain in the source |
387 | | */ |
388 | 233k | BER_Decoder& BER_Decoder::verify_end(std::string_view err) { |
389 | 233k | if(!m_source->end_of_data() || m_pushed.is_set()) { |
390 | 2.24k | throw Decoding_Error(err); |
391 | 2.24k | } |
392 | 231k | return (*this); |
393 | 233k | } |
394 | | |
395 | | /* |
396 | | * Discard all the bytes remaining in the source |
397 | | */ |
398 | 24.2k | BER_Decoder& BER_Decoder::discard_remaining() { |
399 | 24.2k | m_pushed = BER_Object(); |
400 | 24.2k | uint8_t buf = 0; |
401 | 339k | while(m_source->read_byte(buf) != 0) {} |
402 | 24.2k | return (*this); |
403 | 24.2k | } |
404 | | |
405 | 22.2M | std::optional<uint8_t> BER_Decoder::read_next_byte() { |
406 | 22.2M | BOTAN_ASSERT_NOMSG(m_source != nullptr); |
407 | 22.2M | uint8_t b = 0; |
408 | 22.2M | if(m_source->read_byte(b) != 0) { |
409 | 22.0M | return b; |
410 | 22.0M | } else { |
411 | 193k | return {}; |
412 | 193k | } |
413 | 22.2M | } |
414 | | |
415 | 40.9k | const BER_Object& BER_Decoder::peek_next_object() { |
416 | 40.9k | if(!m_pushed.is_set()) { |
417 | 40.8k | m_pushed = get_next_object(); |
418 | 40.8k | } |
419 | | |
420 | 40.9k | return m_pushed; |
421 | 40.9k | } |
422 | | |
423 | | /* |
424 | | * Return the BER encoding of the next object |
425 | | */ |
426 | 2.45M | BER_Object BER_Decoder::get_next_object() { |
427 | 2.45M | BER_Object next; |
428 | | |
429 | 2.45M | if(m_pushed.is_set()) { |
430 | 197k | std::swap(next, m_pushed); |
431 | 197k | return next; |
432 | 197k | } |
433 | | |
434 | 2.26M | for(;;) { |
435 | 2.26M | ASN1_Type type_tag = ASN1_Type::NoObject; |
436 | 2.26M | ASN1_Class class_tag = ASN1_Class::NoObject; |
437 | 2.26M | decode_tag(m_source, type_tag, class_tag); |
438 | 2.26M | next.set_tagging(type_tag, class_tag); |
439 | 2.26M | if(next.is_set() == false) { // no more objects |
440 | 54.4k | return next; |
441 | 54.4k | } |
442 | | |
443 | 2.21M | const size_t allow_indef = m_limits.allow_ber_encoding() ? m_limits.max_nested_indefinite_length() : 0; |
444 | 2.21M | const bool der_mode = m_limits.require_der_encoding(); |
445 | 2.21M | const auto dl = decode_length(m_source, allow_indef, der_mode, is_constructed(class_tag)); |
446 | | |
447 | | // Per X.690 8.1.5 the only valid EOC encoding is the two-octet |
448 | | // sequence 0x00 0x00. Reject any other length encoding on a tag of |
449 | | // (Eoc, Universal) before we consume the "content" bytes. |
450 | 2.21M | if(type_tag == ASN1_Type::Eoc && class_tag == ASN1_Class::Universal && |
451 | 11.1k | (dl.content_length() != 0 || dl.indefinite_length())) { |
452 | 1.00k | throw BER_Decoding_Error("EOC marker with non-zero length"); |
453 | 1.00k | } |
454 | | |
455 | 2.20M | if(!m_source->check_available(dl.total_length())) { |
456 | 5.76k | throw BER_Decoding_Error("Value truncated"); |
457 | 5.76k | } |
458 | | |
459 | 2.20M | uint8_t* out = next.mutable_bits(dl.content_length()); |
460 | 2.20M | if(m_source->read(out, dl.content_length()) != dl.content_length()) { |
461 | 0 | throw BER_Decoding_Error("Value truncated"); |
462 | 0 | } |
463 | | |
464 | 2.20M | if(dl.indefinite_length()) { |
465 | | // After reading the data consume the 2-byte EOC |
466 | 55.7k | uint8_t eoc[2] = {0xFF, 0xFF}; |
467 | 55.7k | if(m_source->read(eoc, 2) != 2 || eoc[0] != 0x00 || eoc[1] != 0x00) { |
468 | 0 | throw BER_Decoding_Error("Missing or malformed EOC marker"); |
469 | 0 | } |
470 | 55.7k | } |
471 | | |
472 | 2.20M | if(next.tagging() == static_cast<uint32_t>(ASN1_Type::Eoc)) { |
473 | 10.1k | if(m_limits.require_der_encoding()) { |
474 | 377 | throw BER_Decoding_Error("Detected EOC marker in DER structure"); |
475 | 377 | } |
476 | 9.75k | continue; |
477 | 2.19M | } else { |
478 | 2.19M | break; |
479 | 2.19M | } |
480 | 2.20M | } |
481 | | |
482 | 2.19M | return next; |
483 | 2.25M | } |
484 | | |
485 | 0 | BER_Object BER_Decoder::get_next_value(size_t sizeofT, ASN1_Type type_tag, ASN1_Class class_tag) { |
486 | 0 | const BER_Object obj = get_next_object(); |
487 | 0 | obj.assert_is_a(type_tag, class_tag); |
488 | |
|
489 | 0 | if(obj.length() != sizeofT) { |
490 | 0 | throw BER_Decoding_Error("Size mismatch. Object value size is " + std::to_string(obj.length()) + |
491 | 0 | "; Output type size is " + std::to_string(sizeofT)); |
492 | 0 | } |
493 | | |
494 | 0 | return obj; |
495 | 0 | } |
496 | | |
497 | | /* |
498 | | * Push a object back into the stream |
499 | | */ |
500 | 580 | void BER_Decoder::push_back(const BER_Object& obj) { |
501 | 580 | if(m_pushed.is_set()) { |
502 | 0 | throw Invalid_State("BER_Decoder: Only one push back is allowed"); |
503 | 0 | } |
504 | 580 | m_pushed = obj; |
505 | 580 | } |
506 | | |
507 | 190k | void BER_Decoder::push_back(BER_Object&& obj) { |
508 | 190k | if(m_pushed.is_set()) { |
509 | 0 | throw Invalid_State("BER_Decoder: Only one push back is allowed"); |
510 | 0 | } |
511 | 190k | m_pushed = std::move(obj); |
512 | 190k | } |
513 | | |
514 | 774k | BER_Decoder BER_Decoder::start_cons(ASN1_Type type_tag, ASN1_Class class_tag) { |
515 | 774k | BER_Object obj = get_next_object(); |
516 | 774k | obj.assert_is_a(type_tag, class_tag | ASN1_Class::Constructed); |
517 | 774k | BER_Decoder child(std::move(obj), this); |
518 | 774k | return child; |
519 | 774k | } |
520 | | |
521 | | /* |
522 | | * Finish decoding a CONSTRUCTED type |
523 | | */ |
524 | 574k | BER_Decoder& BER_Decoder::end_cons() { |
525 | 574k | if(m_parent == nullptr) { |
526 | 0 | throw Invalid_State("BER_Decoder::end_cons called with null parent"); |
527 | 0 | } |
528 | 574k | if(!m_source->end_of_data() || m_pushed.is_set()) { |
529 | 1.24k | throw Decoding_Error("BER_Decoder::end_cons called with data left"); |
530 | 1.24k | } |
531 | 572k | return (*m_parent); |
532 | 574k | } |
533 | | |
534 | | BER_Decoder::BER_Decoder(BER_Object&& obj, BER_Decoder* parent) : |
535 | 764k | m_limits(parent != nullptr ? parent->limits() : BER_Decoder::Limits::BER()), m_parent(parent) { |
536 | 764k | m_data_src = std::make_unique<DataSource_BERObject>(std::move(obj)); |
537 | 764k | m_source = m_data_src.get(); |
538 | 764k | } |
539 | | |
540 | | /* |
541 | | * BER_Decoder Constructor |
542 | | */ |
543 | 40.6k | BER_Decoder::BER_Decoder(DataSource& src, Limits limits) : m_limits(limits), m_source(&src) {} |
544 | | |
545 | | /* |
546 | | * BER_Decoder Constructor |
547 | | */ |
548 | 493k | BER_Decoder::BER_Decoder(std::span<const uint8_t> buf, Limits limits) : m_limits(limits) { |
549 | 493k | m_data_src = std::make_unique<DataSource_Memory>(buf); |
550 | 493k | m_source = m_data_src.get(); |
551 | 493k | } |
552 | | |
553 | 0 | BER_Decoder::BER_Decoder(BER_Decoder&& other) noexcept = default; |
554 | | |
555 | 0 | BER_Decoder& BER_Decoder::operator=(BER_Decoder&&) noexcept = default; |
556 | | |
557 | | /* |
558 | | * Request for an object to decode itself |
559 | | */ |
560 | 952k | BER_Decoder& BER_Decoder::decode(ASN1_Object& obj, ASN1_Type /*unused*/, ASN1_Class /*unused*/) { |
561 | 952k | obj.decode_from(*this); |
562 | 952k | return (*this); |
563 | 952k | } |
564 | | |
565 | | /* |
566 | | * Decode a BER encoded NULL |
567 | | */ |
568 | 91 | BER_Decoder& BER_Decoder::decode_null() { |
569 | 91 | const BER_Object obj = get_next_object(); |
570 | 91 | obj.assert_is_a(ASN1_Type::Null, ASN1_Class::Universal); |
571 | 91 | if(obj.length() > 0) { |
572 | 8 | throw BER_Decoding_Error("NULL object had nonzero size"); |
573 | 8 | } |
574 | 83 | return (*this); |
575 | 91 | } |
576 | | |
577 | 2.49k | BER_Decoder& BER_Decoder::decode_octet_string_bigint(BigInt& out) { |
578 | 2.49k | secure_vector<uint8_t> out_vec; |
579 | 2.49k | decode(out_vec, ASN1_Type::OctetString); |
580 | 2.49k | out = BigInt::from_bytes(out_vec); |
581 | 2.49k | return (*this); |
582 | 2.49k | } |
583 | | |
584 | | /* |
585 | | * Decode a BER encoded BOOLEAN |
586 | | */ |
587 | 18.0k | BER_Decoder& BER_Decoder::decode(bool& out, ASN1_Type type_tag, ASN1_Class class_tag) { |
588 | 18.0k | const BER_Object obj = get_next_object(); |
589 | 18.0k | obj.assert_is_a(type_tag, class_tag); |
590 | | |
591 | 18.0k | if(obj.length() != 1) { |
592 | 288 | throw BER_Decoding_Error("BER boolean value had invalid size"); |
593 | 288 | } |
594 | | |
595 | 17.7k | const uint8_t val = obj.bits()[0]; |
596 | | |
597 | | // DER requires boolean values to be exactly 0x00 or 0xFF |
598 | 17.7k | if(m_limits.require_der_encoding() && val != 0x00 && val != 0xFF) { |
599 | 97 | throw BER_Decoding_Error("Detected non-canonical boolean encoding in DER structure"); |
600 | 97 | } |
601 | | |
602 | 17.6k | out = (val != 0) ? true : false; |
603 | | |
604 | 17.6k | return (*this); |
605 | 17.7k | } |
606 | | |
607 | | /* |
608 | | * Decode a small BER encoded INTEGER |
609 | | */ |
610 | 64.2k | BER_Decoder& BER_Decoder::decode(size_t& out, ASN1_Type type_tag, ASN1_Class class_tag) { |
611 | 64.2k | BigInt integer; |
612 | 64.2k | decode(integer, type_tag, class_tag); |
613 | | |
614 | 64.2k | if(integer.signum() < 0) { |
615 | 297 | throw BER_Decoding_Error("Decoded small integer value was negative"); |
616 | 297 | } |
617 | | |
618 | 63.9k | if(integer.bits() > 32) { |
619 | 269 | throw BER_Decoding_Error("Decoded integer value larger than expected"); |
620 | 269 | } |
621 | | |
622 | 63.6k | out = 0; |
623 | 315k | for(size_t i = 0; i != 4; ++i) { |
624 | 251k | out = (out << 8) | integer.byte_at(3 - i); |
625 | 251k | } |
626 | | |
627 | 63.6k | return (*this); |
628 | 63.9k | } |
629 | | |
630 | | /* |
631 | | * Decode a small BER encoded INTEGER |
632 | | */ |
633 | 0 | uint64_t BER_Decoder::decode_constrained_integer(ASN1_Type type_tag, ASN1_Class class_tag, size_t T_bytes) { |
634 | 0 | if(T_bytes > 8) { |
635 | 0 | throw BER_Decoding_Error("Can't decode small integer over 8 bytes"); |
636 | 0 | } |
637 | | |
638 | 0 | BigInt integer; |
639 | 0 | decode(integer, type_tag, class_tag); |
640 | |
|
641 | 0 | if(integer.is_negative()) { |
642 | 0 | throw BER_Decoding_Error("Decoded small integer value was negative"); |
643 | 0 | } |
644 | | |
645 | 0 | if(integer.bits() > 8 * T_bytes) { |
646 | 0 | throw BER_Decoding_Error("Decoded integer value larger than expected"); |
647 | 0 | } |
648 | | |
649 | 0 | uint64_t out = 0; |
650 | 0 | for(size_t i = 0; i != 8; ++i) { |
651 | 0 | out = (out << 8) | integer.byte_at(7 - i); |
652 | 0 | } |
653 | |
|
654 | 0 | return out; |
655 | 0 | } |
656 | | |
657 | | /* |
658 | | * Decode a BER encoded INTEGER |
659 | | */ |
660 | 111k | BER_Decoder& BER_Decoder::decode(BigInt& out, ASN1_Type type_tag, ASN1_Class class_tag) { |
661 | 111k | const BER_Object obj = get_next_object(); |
662 | 111k | obj.assert_is_a(type_tag, class_tag); |
663 | | |
664 | | // DER requires minimal INTEGER encoding (X.690 section 8.3.2) |
665 | 111k | if(m_limits.require_der_encoding()) { |
666 | 108k | if(obj.length() == 0) { |
667 | 38 | throw BER_Decoding_Error("Detected empty INTEGER encoding in DER structure"); |
668 | 38 | } |
669 | 108k | if(obj.length() > 1) { |
670 | 44.8k | if(obj.bits()[0] == 0x00 && (obj.bits()[1] & 0x80) == 0) { |
671 | 62 | throw BER_Decoding_Error("Detected non-minimal INTEGER encoding in DER structure"); |
672 | 62 | } |
673 | 44.8k | if(obj.bits()[0] == 0xFF && (obj.bits()[1] & 0x80) != 0) { |
674 | 56 | throw BER_Decoding_Error("Detected non-minimal INTEGER encoding in DER structure"); |
675 | 56 | } |
676 | 44.8k | } |
677 | 108k | } |
678 | | |
679 | 111k | if(obj.length() == 0) { |
680 | 693 | out.clear(); |
681 | 111k | } else { |
682 | 111k | const uint8_t first = obj.bits()[0]; |
683 | 111k | const bool negative = (first & 0x80) == 0x80; |
684 | | |
685 | 111k | if(negative) { |
686 | 6.14k | secure_vector<uint8_t> vec(obj.bits(), obj.bits() + obj.length()); |
687 | 12.6k | for(size_t i = obj.length(); i > 0; --i) { |
688 | 12.6k | const bool gt0 = (vec[i - 1] > 0); |
689 | 12.6k | vec[i - 1] -= 1; |
690 | 12.6k | if(gt0) { |
691 | 6.14k | break; |
692 | 6.14k | } |
693 | 12.6k | } |
694 | 159k | for(size_t i = 0; i != obj.length(); ++i) { |
695 | 153k | vec[i] = ~vec[i]; |
696 | 153k | } |
697 | 6.14k | out._assign_from_bytes(vec); |
698 | 6.14k | out.flip_sign(); |
699 | 104k | } else { |
700 | 104k | out._assign_from_bytes(obj.data()); |
701 | 104k | } |
702 | 111k | } |
703 | | |
704 | 111k | return (*this); |
705 | 111k | } |
706 | | |
707 | | namespace { |
708 | | |
709 | 215k | bool is_constructed(const BER_Object& obj) { |
710 | 215k | return is_constructed(obj.class_tag()); |
711 | 215k | } |
712 | | |
713 | | template <typename Alloc> |
714 | | void asn1_decode_binary_string(std::vector<uint8_t, Alloc>& buffer, |
715 | | const BER_Object& obj, |
716 | | ASN1_Type real_type, |
717 | | ASN1_Type type_tag, |
718 | | ASN1_Class class_tag, |
719 | 236k | bool require_der) { |
720 | 236k | obj.assert_is_a(type_tag, class_tag); |
721 | | |
722 | | // DER requires BIT STRING and OCTET STRING to use primitive encoding |
723 | 236k | if(require_der && is_constructed(obj)) { |
724 | 0 | throw BER_Decoding_Error("Detected constructed string encoding in DER structure"); |
725 | 0 | } |
726 | | |
727 | 236k | if(real_type == ASN1_Type::OctetString) { |
728 | 155k | buffer.assign(obj.bits(), obj.bits() + obj.length()); |
729 | 155k | } else { |
730 | 81.5k | if(obj.length() == 0) { |
731 | 275 | throw BER_Decoding_Error("Invalid BIT STRING"); |
732 | 275 | } |
733 | | |
734 | 81.3k | const uint8_t unused_bits = obj.bits()[0]; |
735 | | |
736 | 81.3k | if(unused_bits >= 8) { |
737 | 288 | throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); |
738 | 288 | } |
739 | | |
740 | | // Empty BIT STRING with unused bits > 0 ... |
741 | 81.0k | if(unused_bits > 0 && obj.length() < 2) { |
742 | 286 | throw BER_Decoding_Error("Invalid BIT STRING"); |
743 | 286 | } |
744 | | |
745 | | // DER requires unused bits in BIT STRING to be zero (X.690 section 11.2.2) |
746 | 80.7k | if(require_der && unused_bits > 0) { |
747 | 6.57k | const uint8_t last_byte = obj.bits()[obj.length() - 1]; |
748 | 6.57k | if((last_byte & ((1 << unused_bits) - 1)) != 0) { |
749 | 1.35k | throw BER_Decoding_Error("Detected non-zero padding bits in BIT STRING in DER structure"); |
750 | 1.35k | } |
751 | 6.57k | } |
752 | | |
753 | 79.3k | buffer.resize(obj.length() - 1); |
754 | | |
755 | 79.3k | if(obj.length() > 1) { |
756 | 73.5k | copy_mem(buffer.data(), obj.bits() + 1, obj.length() - 1); |
757 | 73.5k | } |
758 | 79.3k | } |
759 | 236k | } ber_dec.cpp:void Botan::(anonymous namespace)::asn1_decode_binary_string<Botan::secure_allocator<unsigned char> >(std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> >&, Botan::BER_Object const&, Botan::ASN1_Type, Botan::ASN1_Type, Botan::ASN1_Class, bool) Line | Count | Source | 719 | 34.3k | bool require_der) { | 720 | 34.3k | obj.assert_is_a(type_tag, class_tag); | 721 | | | 722 | | // DER requires BIT STRING and OCTET STRING to use primitive encoding | 723 | 34.3k | if(require_der && is_constructed(obj)) { | 724 | 0 | throw BER_Decoding_Error("Detected constructed string encoding in DER structure"); | 725 | 0 | } | 726 | | | 727 | 34.3k | if(real_type == ASN1_Type::OctetString) { | 728 | 25.9k | buffer.assign(obj.bits(), obj.bits() + obj.length()); | 729 | 25.9k | } else { | 730 | 8.35k | if(obj.length() == 0) { | 731 | 1 | throw BER_Decoding_Error("Invalid BIT STRING"); | 732 | 1 | } | 733 | | | 734 | 8.35k | const uint8_t unused_bits = obj.bits()[0]; | 735 | | | 736 | 8.35k | if(unused_bits >= 8) { | 737 | 5 | throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); | 738 | 5 | } | 739 | | | 740 | | // Empty BIT STRING with unused bits > 0 ... | 741 | 8.34k | if(unused_bits > 0 && obj.length() < 2) { | 742 | 1 | throw BER_Decoding_Error("Invalid BIT STRING"); | 743 | 1 | } | 744 | | | 745 | | // DER requires unused bits in BIT STRING to be zero (X.690 section 11.2.2) | 746 | 8.34k | if(require_der && unused_bits > 0) { | 747 | 80 | const uint8_t last_byte = obj.bits()[obj.length() - 1]; | 748 | 80 | if((last_byte & ((1 << unused_bits) - 1)) != 0) { | 749 | 3 | throw BER_Decoding_Error("Detected non-zero padding bits in BIT STRING in DER structure"); | 750 | 3 | } | 751 | 80 | } | 752 | | | 753 | 8.34k | buffer.resize(obj.length() - 1); | 754 | | | 755 | 8.34k | if(obj.length() > 1) { | 756 | 8.31k | copy_mem(buffer.data(), obj.bits() + 1, obj.length() - 1); | 757 | 8.31k | } | 758 | 8.34k | } | 759 | 34.3k | } |
ber_dec.cpp:void Botan::(anonymous namespace)::asn1_decode_binary_string<std::__1::allocator<unsigned char> >(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >&, Botan::BER_Object const&, Botan::ASN1_Type, Botan::ASN1_Type, Botan::ASN1_Class, bool) Line | Count | Source | 719 | 202k | bool require_der) { | 720 | 202k | obj.assert_is_a(type_tag, class_tag); | 721 | | | 722 | | // DER requires BIT STRING and OCTET STRING to use primitive encoding | 723 | 202k | if(require_der && is_constructed(obj)) { | 724 | 0 | throw BER_Decoding_Error("Detected constructed string encoding in DER structure"); | 725 | 0 | } | 726 | | | 727 | 202k | if(real_type == ASN1_Type::OctetString) { | 728 | 129k | buffer.assign(obj.bits(), obj.bits() + obj.length()); | 729 | 129k | } else { | 730 | 73.2k | if(obj.length() == 0) { | 731 | 274 | throw BER_Decoding_Error("Invalid BIT STRING"); | 732 | 274 | } | 733 | | | 734 | 72.9k | const uint8_t unused_bits = obj.bits()[0]; | 735 | | | 736 | 72.9k | if(unused_bits >= 8) { | 737 | 283 | throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); | 738 | 283 | } | 739 | | | 740 | | // Empty BIT STRING with unused bits > 0 ... | 741 | 72.6k | if(unused_bits > 0 && obj.length() < 2) { | 742 | 285 | throw BER_Decoding_Error("Invalid BIT STRING"); | 743 | 285 | } | 744 | | | 745 | | // DER requires unused bits in BIT STRING to be zero (X.690 section 11.2.2) | 746 | 72.3k | if(require_der && unused_bits > 0) { | 747 | 6.49k | const uint8_t last_byte = obj.bits()[obj.length() - 1]; | 748 | 6.49k | if((last_byte & ((1 << unused_bits) - 1)) != 0) { | 749 | 1.34k | throw BER_Decoding_Error("Detected non-zero padding bits in BIT STRING in DER structure"); | 750 | 1.34k | } | 751 | 6.49k | } | 752 | | | 753 | 71.0k | buffer.resize(obj.length() - 1); | 754 | | | 755 | 71.0k | if(obj.length() > 1) { | 756 | 65.2k | copy_mem(buffer.data(), obj.bits() + 1, obj.length() - 1); | 757 | 65.2k | } | 758 | 71.0k | } | 759 | 202k | } |
|
760 | | |
761 | | } // namespace |
762 | | |
763 | | /* |
764 | | * BER decode a BIT STRING or OCTET STRING |
765 | | */ |
766 | | BER_Decoder& BER_Decoder::decode(secure_vector<uint8_t>& buffer, |
767 | | ASN1_Type real_type, |
768 | | ASN1_Type type_tag, |
769 | 34.4k | ASN1_Class class_tag) { |
770 | 34.4k | if(real_type != ASN1_Type::OctetString && real_type != ASN1_Type::BitString) { |
771 | 0 | throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", static_cast<uint32_t>(real_type)); |
772 | 0 | } |
773 | | |
774 | 34.4k | asn1_decode_binary_string( |
775 | 34.4k | buffer, get_next_object(), real_type, type_tag, class_tag, m_limits.require_der_encoding()); |
776 | 34.4k | return (*this); |
777 | 34.4k | } |
778 | | |
779 | | BER_Decoder& BER_Decoder::decode(std::vector<uint8_t>& buffer, |
780 | | ASN1_Type real_type, |
781 | | ASN1_Type type_tag, |
782 | 206k | ASN1_Class class_tag) { |
783 | 206k | if(real_type != ASN1_Type::OctetString && real_type != ASN1_Type::BitString) { |
784 | 3.27k | throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", static_cast<uint32_t>(real_type)); |
785 | 3.27k | } |
786 | | |
787 | 203k | asn1_decode_binary_string( |
788 | 203k | buffer, get_next_object(), real_type, type_tag, class_tag, m_limits.require_der_encoding()); |
789 | 203k | return (*this); |
790 | 206k | } |
791 | | |
792 | | } // namespace Botan |