Botan  2.4.0
Crypto and TLS for C++11
ber_dec.cpp
Go to the documentation of this file.
1 /*
2 * BER Decoder
3 * (C) 1999-2008,2015,2017 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/ber_dec.h>
9 #include <botan/bigint.h>
10 #include <botan/loadstor.h>
11 #include <botan/internal/safeint.h>
12 
13 namespace Botan {
14 
15 namespace {
16 
17 /*
18 * This value is somewhat arbitrary. OpenSSL allows up to 128 nested
19 * indefinite length sequences. If you increase this, also increase the
20 * limit in the test in test_asn1.cpp
21 */
22 const size_t ALLOWED_EOC_NESTINGS = 16;
23 
24 /*
25 * BER decode an ASN.1 type tag
26 */
27 size_t decode_tag(DataSource* ber, ASN1_Tag& type_tag, ASN1_Tag& class_tag)
28  {
29  uint8_t b;
30  if(!ber->read_byte(b))
31  {
32  class_tag = type_tag = NO_OBJECT;
33  return 0;
34  }
35 
36  if((b & 0x1F) != 0x1F)
37  {
38  type_tag = ASN1_Tag(b & 0x1F);
39  class_tag = ASN1_Tag(b & 0xE0);
40  return 1;
41  }
42 
43  size_t tag_bytes = 1;
44  class_tag = ASN1_Tag(b & 0xE0);
45 
46  size_t tag_buf = 0;
47  while(true)
48  {
49  if(!ber->read_byte(b))
50  throw BER_Decoding_Error("Long-form tag truncated");
51  if(tag_buf & 0xFF000000)
52  throw BER_Decoding_Error("Long-form tag overflowed 32 bits");
53  ++tag_bytes;
54  tag_buf = (tag_buf << 7) | (b & 0x7F);
55  if((b & 0x80) == 0) break;
56  }
57  type_tag = ASN1_Tag(tag_buf);
58  return tag_bytes;
59  }
60 
61 /*
62 * Find the EOC marker
63 */
64 size_t find_eoc(DataSource* src, size_t allow_indef);
65 
66 /*
67 * BER decode an ASN.1 length field
68 */
69 size_t decode_length(DataSource* ber, size_t& field_size, size_t allow_indef)
70  {
71  uint8_t b;
72  if(!ber->read_byte(b))
73  throw BER_Decoding_Error("Length field not found");
74  field_size = 1;
75  if((b & 0x80) == 0)
76  return b;
77 
78  field_size += (b & 0x7F);
79  if(field_size > 5)
80  throw BER_Decoding_Error("Length field is too large");
81 
82  if(field_size == 1)
83  {
84  if(allow_indef == 0)
85  {
86  throw BER_Decoding_Error("Nested EOC markers too deep, rejecting to avoid stack exhaustion");
87  }
88  else
89  {
90  return find_eoc(ber, allow_indef - 1);
91  }
92  }
93 
94  size_t length = 0;
95 
96  for(size_t i = 0; i != field_size - 1; ++i)
97  {
98  if(get_byte(0, length) != 0)
99  throw BER_Decoding_Error("Field length overflow");
100  if(!ber->read_byte(b))
101  throw BER_Decoding_Error("Corrupted length field");
102  length = (length << 8) | b;
103  }
104  return length;
105  }
106 
107 /*
108 * Find the EOC marker
109 */
110 size_t find_eoc(DataSource* ber, size_t allow_indef)
111  {
112  secure_vector<uint8_t> buffer(DEFAULT_BUFFERSIZE), data;
113 
114  while(true)
115  {
116  const size_t got = ber->peek(buffer.data(), buffer.size(), data.size());
117  if(got == 0)
118  break;
119 
120  data += std::make_pair(buffer.data(), got);
121  }
122 
123  DataSource_Memory source(data);
124  data.clear();
125 
126  size_t length = 0;
127  while(true)
128  {
129  ASN1_Tag type_tag, class_tag;
130  size_t tag_size = decode_tag(&source, type_tag, class_tag);
131  if(type_tag == NO_OBJECT)
132  break;
133 
134  size_t length_size = 0;
135  size_t item_size = decode_length(&source, length_size, allow_indef);
136  source.discard_next(item_size);
137 
138  length = BOTAN_CHECKED_ADD(length, item_size);
139  length = BOTAN_CHECKED_ADD(length, tag_size);
140  length = BOTAN_CHECKED_ADD(length, length_size);
141 
142  if(type_tag == EOC && class_tag == UNIVERSAL)
143  break;
144  }
145  return length;
146  }
147 
148 }
149 
150 /*
151 * Check a type invariant on BER data
152 */
153 void BER_Object::assert_is_a(ASN1_Tag type_tag_, ASN1_Tag class_tag_) const
154  {
155  if(type_tag != type_tag_ || class_tag != class_tag_)
156  throw BER_Decoding_Error("Tag mismatch when decoding got " +
157  std::to_string(type_tag) + "/" +
158  std::to_string(class_tag) + " expected " +
159  std::to_string(type_tag_) + "/" +
160  std::to_string(class_tag_));
161  }
162 
163 /*
164 * Check if more objects are there
165 */
167  {
168  if(m_source->end_of_data() && (m_pushed.type_tag == NO_OBJECT))
169  return false;
170  return true;
171  }
172 
173 /*
174 * Verify that no bytes remain in the source
175 */
177  {
178  if(!m_source->end_of_data() || (m_pushed.type_tag != NO_OBJECT))
179  throw Invalid_State("BER_Decoder::verify_end called, but data remains");
180  return (*this);
181  }
182 
183 /*
184 * Discard all the bytes remaining in the source
185 */
187  {
188  uint8_t buf;
189  while(m_source->read_byte(buf))
190  {}
191  return (*this);
192  }
193 
194 /*
195 * Return the BER encoding of the next object
196 */
198  {
199  BER_Object next;
200 
201  if(m_pushed.type_tag != NO_OBJECT)
202  {
203  next = m_pushed;
204  m_pushed.class_tag = m_pushed.type_tag = NO_OBJECT;
205  return next;
206  }
207 
208  for(;;)
209  {
210  decode_tag(m_source, next.type_tag, next.class_tag);
211  if(next.type_tag == NO_OBJECT)
212  return next;
213 
214  size_t field_size;
215  const size_t length = decode_length(m_source, field_size, ALLOWED_EOC_NESTINGS);
216  if(!m_source->check_available(length))
217  throw BER_Decoding_Error("Value truncated");
218 
219  next.value.resize(length);
220  if(m_source->read(next.value.data(), length) != length)
221  throw BER_Decoding_Error("Value truncated");
222 
223  if(next.type_tag == EOC && next.class_tag == UNIVERSAL)
224  continue;
225  else
226  break;
227  }
228 
229  return next;
230  }
231 
233  {
234  ber = get_next_object();
235  return (*this);
236  }
237 
238 /*
239 * Push a object back into the stream
240 */
242  {
243  if(m_pushed.type_tag != NO_OBJECT)
244  throw Invalid_State("BER_Decoder: Only one push back is allowed");
245  m_pushed = obj;
246  }
247 
248 /*
249 * Begin decoding a CONSTRUCTED type
250 */
252  ASN1_Tag class_tag)
253  {
254  BER_Object obj = get_next_object();
255  obj.assert_is_a(type_tag, ASN1_Tag(class_tag | CONSTRUCTED));
256 
257  BER_Decoder result(obj.value.data(), obj.value.size());
258  result.m_parent = this;
259  return result;
260  }
261 
262 /*
263 * Finish decoding a CONSTRUCTED type
264 */
266  {
267  if(!m_parent)
268  throw Invalid_State("BER_Decoder::end_cons called with NULL parent");
269  if(!m_source->end_of_data())
270  throw Decoding_Error("BER_Decoder::end_cons called with data left");
271  return (*m_parent);
272  }
273 
274 /*
275 * BER_Decoder Constructor
276 */
278  {
279  m_source = &src;
280  m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT;
281  m_parent = nullptr;
282  }
283 
284 /*
285 * BER_Decoder Constructor
286  */
287 BER_Decoder::BER_Decoder(const uint8_t data[], size_t length)
288  {
289  m_data_src.reset(new DataSource_Memory(data, length));
290  m_source = m_data_src.get();
291  m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT;
292  m_parent = nullptr;
293  }
294 
295 /*
296 * BER_Decoder Constructor
297 */
299  {
300  m_data_src.reset(new DataSource_Memory(data));
301  m_source = m_data_src.get();
302  m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT;
303  m_parent = nullptr;
304  }
305 
306 /*
307 * BER_Decoder Constructor
308 */
309 BER_Decoder::BER_Decoder(const std::vector<uint8_t>& data)
310  {
311  m_data_src.reset(new DataSource_Memory(data.data(), data.size()));
312  m_source = m_data_src.get();
313  m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT;
314  m_parent = nullptr;
315  }
316 
317 /*
318 * BER_Decoder Copy Constructor
319 */
321  {
322  m_source = other.m_source;
323 
324  // take ownership
325  std::swap(m_data_src, other.m_data_src);
326  m_pushed.type_tag = m_pushed.class_tag = NO_OBJECT;
327  m_parent = other.m_parent;
328  }
329 
330 /*
331 * Request for an object to decode itself
332 */
335  {
336  obj.decode_from(*this);
337  return (*this);
338  }
339 
340 /*
341 * Decode a BER encoded NULL
342 */
344  {
345  BER_Object obj = get_next_object();
347  if(obj.value.size())
348  throw BER_Decoding_Error("NULL object had nonzero size");
349  return (*this);
350  }
351 
352 /*
353 * Decode a BER encoded BOOLEAN
354 */
356  {
357  return decode(out, BOOLEAN, UNIVERSAL);
358  }
359 
360 /*
361 * Decode a small BER encoded INTEGER
362 */
364  {
365  return decode(out, INTEGER, UNIVERSAL);
366  }
367 
368 /*
369 * Decode a BER encoded INTEGER
370 */
372  {
373  return decode(out, INTEGER, UNIVERSAL);
374  }
375 
377  {
378  secure_vector<uint8_t> out_vec;
379  decode(out_vec, OCTET_STRING);
380  out = BigInt::decode(out_vec.data(), out_vec.size());
381  return (*this);
382  }
383 
385  {
386  std::vector<uint8_t> out_vec;
387  decode(out_vec, OCTET_STRING);
388  return out_vec;
389  }
390 
391 /*
392 * Decode a BER encoded BOOLEAN
393 */
395  ASN1_Tag type_tag, ASN1_Tag class_tag)
396  {
397  BER_Object obj = get_next_object();
398  obj.assert_is_a(type_tag, class_tag);
399 
400  if(obj.value.size() != 1)
401  throw BER_Decoding_Error("BER boolean value had invalid size");
402 
403  out = (obj.value[0]) ? true : false;
404  return (*this);
405  }
406 
407 /*
408 * Decode a small BER encoded INTEGER
409 */
411  ASN1_Tag type_tag,
412  ASN1_Tag class_tag)
413  {
414  BigInt integer;
415  decode(integer, type_tag, class_tag);
416 
417  if(integer.bits() > 32)
418  throw BER_Decoding_Error("Decoded integer value larger than expected");
419 
420  out = 0;
421  for(size_t i = 0; i != 4; ++i)
422  out = (out << 8) | integer.byte_at(3-i);
423 
424  return (*this);
425  }
426 
427 /*
428 * Decode a small BER encoded INTEGER
429 */
431  ASN1_Tag class_tag,
432  size_t T_bytes)
433  {
434  if(T_bytes > 8)
435  throw BER_Decoding_Error("Can't decode small integer over 8 bytes");
436 
437  BigInt integer;
438  decode(integer, type_tag, class_tag);
439 
440  if(integer.bits() > 8*T_bytes)
441  throw BER_Decoding_Error("Decoded integer value larger than expected");
442 
443  uint64_t out = 0;
444  for(size_t i = 0; i != 8; ++i)
445  out = (out << 8) | integer.byte_at(7-i);
446 
447  return out;
448  }
449 
450 /*
451 * Decode a BER encoded INTEGER
452 */
454  ASN1_Tag type_tag,
455  ASN1_Tag class_tag)
456  {
457  BER_Object obj = get_next_object();
458  obj.assert_is_a(type_tag, class_tag);
459 
460  if(obj.value.empty())
461  out = 0;
462  else
463  {
464  const bool negative = (obj.value[0] & 0x80) ? true : false;
465 
466  if(negative)
467  {
468  for(size_t i = obj.value.size(); i > 0; --i)
469  if(obj.value[i-1]--)
470  break;
471  for(size_t i = 0; i != obj.value.size(); ++i)
472  obj.value[i] = ~obj.value[i];
473  }
474 
475  out = BigInt(&obj.value[0], obj.value.size());
476 
477  if(negative)
478  out.flip_sign();
479  }
480 
481  return (*this);
482  }
483 
484 namespace {
485 
486 template<typename Alloc>
487 void asn1_decode_binary_string(std::vector<uint8_t, Alloc>& buffer,
488  const BER_Object& obj,
489  ASN1_Tag real_type,
490  ASN1_Tag type_tag,
491  ASN1_Tag class_tag)
492  {
493  obj.assert_is_a(type_tag, class_tag);
494 
495  if(real_type == OCTET_STRING)
496  {
497  buffer.assign(obj.value.begin(), obj.value.end());
498  }
499  else
500  {
501  if(obj.value.empty())
502  throw BER_Decoding_Error("Invalid BIT STRING");
503  if(obj.value[0] >= 8)
504  throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
505 
506  buffer.resize(obj.value.size() - 1);
507 
508  if(obj.value.size() > 1)
509  copy_mem(buffer.data(), &obj.value[1], obj.value.size() - 1);
510  }
511  }
512 
513 }
514 
515 /*
516 * BER decode a BIT STRING or OCTET STRING
517 */
519  ASN1_Tag real_type,
520  ASN1_Tag type_tag, ASN1_Tag class_tag)
521  {
522  if(real_type != OCTET_STRING && real_type != BIT_STRING)
523  throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type);
524 
525  asn1_decode_binary_string(buffer, get_next_object(), real_type, type_tag, class_tag);
526  return (*this);
527  }
528 
529 BER_Decoder& BER_Decoder::decode(std::vector<uint8_t>& buffer,
530  ASN1_Tag real_type,
531  ASN1_Tag type_tag, ASN1_Tag class_tag)
532  {
533  if(real_type != OCTET_STRING && real_type != BIT_STRING)
534  throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type);
535 
536  asn1_decode_binary_string(buffer, get_next_object(), real_type, type_tag, class_tag);
537  return (*this);
538  }
539 
540 }
virtual void decode_from(BER_Decoder &from)=0
void assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag) const
Definition: ber_dec.cpp:153
BER_Decoder(DataSource &)
Definition: ber_dec.cpp:277
size_t bits() const
Definition: bigint.cpp:183
void push_back(const BER_Object &obj)
Definition: ber_dec.cpp:241
BER_Decoder & decode(bool &v)
Definition: ber_dec.cpp:355
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:108
BER_Decoder & decode_octet_string_bigint(class BigInt &b)
Definition: ber_dec.cpp:376
ASN1_Tag
Definition: asn1_obj.h:22
#define BOTAN_CHECKED_ADD(x, y)
Definition: safeint.h:35
uint8_t byte_at(size_t n) const
Definition: bigint.h:329
BER_Decoder & get_next(BER_Object &ber)
Definition: ber_dec.cpp:232
uint64_t decode_constrained_integer(ASN1_Tag type_tag, ASN1_Tag class_tag, size_t T_bytes)
Definition: ber_dec.cpp:430
BER_Decoder & decode_null()
Definition: ber_dec.cpp:343
secure_vector< uint8_t > value
Definition: asn1_obj.h:97
BER_Decoder & end_cons()
Definition: ber_dec.cpp:265
secure_vector< uint8_t > decode(DataSource &source, std::string &label)
Definition: pem.cpp:68
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: ber_dec.cpp:251
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:97
BER_Decoder & discard_remaining()
Definition: ber_dec.cpp:186
Definition: alg_id.cpp:13
BER_Object get_next_object()
Definition: ber_dec.cpp:197
ASN1_Tag class_tag
Definition: asn1_obj.h:94
ASN1_Tag type_tag
Definition: asn1_obj.h:94
BER_Decoder & verify_end()
Definition: ber_dec.cpp:176
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
std::vector< uint8_t > get_next_octet_string()
Definition: ber_dec.cpp:384
void flip_sign()
Definition: bigint.cpp:225
bool more_items() const
Definition: ber_dec.cpp:166
static BigInt decode(const uint8_t buf[], size_t length, Base base=Binary)
Definition: big_code.cpp:114