Botan 3.12.0
Crypto and TLS for C&
ber_dec.cpp
Go to the documentation of this file.
1/*
2* BER Decoder
3* (C) 1999-2008,2015,2017,2018,2026 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/ber_dec.h>
9
10#include <botan/bigint.h>
11#include <botan/data_src.h>
12#include <botan/internal/int_utils.h>
13#include <botan/internal/loadstor.h>
14#include <memory>
15
16namespace Botan {
17
18namespace {
19
20bool is_constructed(ASN1_Class class_tag) {
21 return (static_cast<uint32_t>(class_tag) & static_cast<uint32_t>(ASN1_Class::Constructed)) != 0;
22}
23
24/*
25* BER decode an ASN.1 type tag
26*/
27size_t decode_tag(DataSource* ber, ASN1_Type& type_tag, ASN1_Class& class_tag) {
28 auto b = ber->read_byte();
29
30 if(!b) {
31 type_tag = ASN1_Type::NoObject;
32 class_tag = ASN1_Class::NoObject;
33 return 0;
34 }
35
36 if((*b & 0x1F) != 0x1F) {
37 type_tag = ASN1_Type(*b & 0x1F);
38 class_tag = ASN1_Class(*b & 0xE0);
39 return 1;
40 }
41
42 size_t tag_bytes = 1;
43 class_tag = ASN1_Class(*b & 0xE0);
44
45 uint32_t tag_buf = 0;
46 while(true) {
47 b = ber->read_byte();
48 if(!b) {
49 throw BER_Decoding_Error("Long-form tag truncated");
50 }
51 if((tag_buf >> 24) != 0) {
52 throw BER_Decoding_Error("Long-form tag overflowed 32 bits");
53 }
54 // This is required even by BER (see X.690 section 8.1.2.4.2 sentence c).
55 // Bits 7-1 of the first subsequent octet must not be all zero; this rules
56 // out both 0x80 (continuation with no data) and 0x00 (a long-form encoding
57 // of tag value 0, which collides with the EOC marker).
58 if(tag_bytes == 1 && (*b & 0x7F) == 0) {
59 throw BER_Decoding_Error("Long form tag with leading zero");
60 }
61 ++tag_bytes;
62 tag_buf = (tag_buf << 7) | (*b & 0x7F);
63 if((*b & 0x80) == 0) {
64 break;
65 }
66 }
67 // Per X.690 8.1.2.2, tag values 0-30 shall be encoded in the short form.
68 // Long-form encoding is reserved for tag values >= 31 (X.690 8.1.2.3).
69 // This is unconditional and applies to BER as well as DER.
70 if(tag_buf <= 30) {
71 throw BER_Decoding_Error("Long-form tag encoding used for small tag value");
72 }
73
74 if(tag_buf == static_cast<uint32_t>(ASN1_Type::NoObject)) {
75 throw BER_Decoding_Error("Tag value collides with internal sentinel");
76 }
77
78 // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange)
79 type_tag = ASN1_Type(tag_buf);
80 return tag_bytes;
81}
82
83/*
84* Find the EOC marker by scanning TLVs via peek, without buffering.
85* Returns the number of bytes before and including the EOC marker.
86*/
87size_t find_eoc(DataSource* src, size_t base_offset, size_t allow_indef);
88
89/*
90* Result of decoding a BER length field.
91*
92* If indefinite is true, indefinite-length encoding was used: content_length
93* is the number of content bytes (excluding the 2-byte EOC marker) and the
94* caller must consume the EOC bytes after reading the content.
95*/
96class BerDecodedLength final {
97 public:
98 BerDecodedLength(size_t content_length, size_t field_length) :
99 BerDecodedLength(content_length, field_length, false) {}
100
101 static BerDecodedLength indefinite(size_t content_length, size_t field_length) {
102 return BerDecodedLength(content_length, field_length, true);
103 }
104
105 size_t content_length() const { return m_content_length; }
106
107 // Length plus the EOC bytes if an indefinite length field
108 size_t total_length() const { return m_indefinite ? m_content_length + 2 : m_content_length; }
109
110 size_t field_length() const { return m_field_length; }
111
112 bool indefinite_length() const { return m_indefinite; }
113
114 private:
115 BerDecodedLength(size_t content_length, size_t field_length, bool indefinite) :
116 m_content_length(content_length), m_field_length(field_length), m_indefinite(indefinite) {}
117
118 size_t m_content_length;
119 size_t m_field_length;
120 bool m_indefinite;
121};
122
123/*
124* BER decode an ASN.1 length field
125*/
126BerDecodedLength decode_length(DataSource* ber, size_t allow_indef, bool der_mode, bool constructed) {
127 uint8_t b = 0;
128 if(ber->read_byte(b) == 0) {
129 throw BER_Decoding_Error("Length field not found");
130 }
131 if((b & 0x80) == 0) {
132 return BerDecodedLength(b, 1);
133 }
134
135 const size_t num_length_bytes = (b & 0x7F);
136 if(num_length_bytes > 4) {
137 throw BER_Decoding_Error("Length field is too large");
138 }
139
140 const size_t field_size = 1 + num_length_bytes;
141
142 if(num_length_bytes == 0) {
143 if(der_mode) {
144 throw BER_Decoding_Error("Detected indefinite-length encoding in DER structure");
145 } else if(!constructed) {
146 // Indefinite length is only valid for constructed types (X.690 8.1.3.2)
147 throw BER_Decoding_Error("Indefinite-length encoding used with non-constructed type");
148 } else if(allow_indef == 0) {
149 throw BER_Decoding_Error("Nested EOC markers too deep, rejecting to avoid stack exhaustion");
150 } else {
151 // find_eoc returns bytes up to and including the EOC marker.
152 // Return the content length; the caller consumes the EOC separately.
153 const size_t eoc_len = find_eoc(ber, /*base_offset=*/0, allow_indef - 1);
154 if(eoc_len < 2) {
155 throw BER_Decoding_Error("Invalid EOC encoding");
156 }
157 return BerDecodedLength::indefinite(eoc_len - 2, field_size);
158 }
159 }
160
161 size_t length = 0;
162
163 for(size_t i = 0; i != num_length_bytes; ++i) {
164 if(ber->read_byte(b) == 0) {
165 throw BER_Decoding_Error("Corrupted length field");
166 }
167 // Can't overflow since we already checked that num_length_bytes <= 4
168 length = (length << 8) | b;
169 }
170
171 // DER requires shortest possible length encoding
172 if(der_mode) {
173 if(length < 128) {
174 throw BER_Decoding_Error("Detected non-canonical length encoding in DER structure");
175 }
176 if(num_length_bytes > 1 && length < (size_t(1) << ((num_length_bytes - 1) * 8))) {
177 throw BER_Decoding_Error("Detected non-canonical length encoding in DER structure");
178 }
179 }
180
181 return BerDecodedLength(length, field_size);
182}
183
184/*
185* Peek a tag from the source at the given offset without consuming any data.
186* Returns the number of bytes consumed by the tag, or 0 on EOF.
187*/
188size_t peek_tag(DataSource* src, size_t offset, ASN1_Type& type_tag, ASN1_Class& class_tag) {
189 uint8_t b = 0;
190 if(src->peek(&b, 1, offset) == 0) {
191 type_tag = ASN1_Type::NoObject;
192 class_tag = ASN1_Class::NoObject;
193 return 0;
194 }
195
196 if((b & 0x1F) != 0x1F) {
197 type_tag = ASN1_Type(b & 0x1F);
198 class_tag = ASN1_Class(b & 0xE0);
199 return 1;
200 }
201
202 class_tag = ASN1_Class(b & 0xE0);
203 size_t tag_bytes = 1;
204 uint32_t tag_buf = 0;
205
206 while(true) {
207 if(src->peek(&b, 1, offset + tag_bytes) == 0) {
208 throw BER_Decoding_Error("Long-form tag truncated");
209 }
210 if((tag_buf >> 24) != 0) {
211 throw BER_Decoding_Error("Long-form tag overflowed 32 bits");
212 }
213 // Required even by BER (X.690 section 8.1.2.4.2 sentence c).
214 // Bits 7-1 of the first subsequent octet must not be all zero; this rules
215 // out both 0x80 (continuation with no data) and 0x00 (a long-form encoding
216 // of tag value 0, which collides with the EOC marker).
217 if(tag_bytes == 1 && (b & 0x7F) == 0) {
218 throw BER_Decoding_Error("Long form tag with leading zero");
219 }
220 ++tag_bytes;
221 tag_buf = (tag_buf << 7) | (b & 0x7F);
222 if((b & 0x80) == 0) {
223 break;
224 }
225 }
226
227 // Per X.690 8.1.2.2, tag values 0-30 shall be encoded in the short form.
228 // Long-form encoding is reserved for tag values >= 31 (X.690 8.1.2.3).
229 // This is unconditional and applies to BER as well as DER.
230 if(tag_buf <= 30) {
231 throw BER_Decoding_Error("Long-form tag encoding used for small tag value");
232 }
233
234 if(tag_buf == static_cast<uint32_t>(ASN1_Type::NoObject)) {
235 throw BER_Decoding_Error("Tag value collides with internal sentinel");
236 }
237
238 // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange)
239 type_tag = ASN1_Type(tag_buf);
240 return tag_bytes;
241}
242
243/*
244* Peek a length from the source at the given offset without consuming any data.
245* Returns the decoded length and sets field_size to the number of bytes consumed.
246* For indefinite-length encoding, recursively scans ahead to find the EOC marker.
247*/
248size_t peek_length(DataSource* src, size_t offset, size_t& field_size, size_t allow_indef, bool constructed) {
249 uint8_t b = 0;
250 if(src->peek(&b, 1, offset) == 0) {
251 throw BER_Decoding_Error("Length field not found");
252 }
253
254 field_size = 1;
255 if((b & 0x80) == 0) {
256 return b;
257 }
258
259 const size_t num_length_bytes = (b & 0x7F);
260 field_size += num_length_bytes;
261 if(field_size > 5) {
262 throw BER_Decoding_Error("Length field is too large");
263 }
264
265 if(num_length_bytes == 0) {
266 // Indefinite length is only valid for constructed types (X.690 8.1.3.2)
267 if(!constructed) {
268 throw BER_Decoding_Error("Indefinite-length encoding used with non-constructed type");
269 }
270 if(allow_indef == 0) {
271 throw BER_Decoding_Error("Nested EOC markers too deep, rejecting to avoid stack exhaustion");
272 }
273 return find_eoc(src, offset + 1, allow_indef - 1);
274 }
275
276 size_t length = 0;
277 for(size_t i = 0; i < num_length_bytes; ++i) {
278 if(src->peek(&b, 1, offset + 1 + i) == 0) {
279 throw BER_Decoding_Error("Corrupted length field");
280 }
281 if(get_byte<0>(length) != 0) {
282 throw BER_Decoding_Error("Field length overflow");
283 }
284 length = (length << 8) | b;
285 }
286 return length;
287}
288
289/*
290* Find the EOC marker by scanning TLVs via peek, without buffering.
291* Returns the number of bytes before and including the EOC marker.
292*/
293size_t find_eoc(DataSource* src, size_t base_offset, size_t allow_indef) {
294 size_t offset = base_offset;
295
296 while(true) {
297 ASN1_Type type_tag = ASN1_Type::NoObject;
298 ASN1_Class class_tag = ASN1_Class::NoObject;
299 const size_t tag_size = peek_tag(src, offset, type_tag, class_tag);
300 if(type_tag == ASN1_Type::NoObject) {
301 throw BER_Decoding_Error("Missing EOC marker in indefinite-length encoding");
302 }
303
304 size_t length_size = 0;
305 const size_t item_size = peek_length(src, offset + tag_size, length_size, allow_indef, is_constructed(class_tag));
306
307 if(auto new_offset = checked_add(offset, tag_size, length_size, item_size)) {
308 offset = new_offset.value();
309 } else {
310 throw Decoding_Error("Integer overflow while scanning for EOC");
311 }
312
313 if(type_tag == ASN1_Type::Eoc && class_tag == ASN1_Class::Universal) {
314 // Per X.690 8.1.5 the EOC marker is exactly two zero octets
315 if(length_size != 1 || item_size != 0) {
316 throw BER_Decoding_Error("EOC marker with non-zero length");
317 }
318 break;
319 }
320 }
321
322 return offset - base_offset;
323}
324
325class DataSource_BERObject final : public DataSource {
326 public:
327 size_t read(uint8_t out[], size_t length) override {
328 BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length());
329 const size_t got = std::min<size_t>(m_obj.length() - m_offset, length);
330 copy_mem(out, m_obj.bits() + m_offset, got);
331 m_offset += got;
332 return got;
333 }
334
335 size_t peek(uint8_t out[], size_t length, size_t peek_offset) const override {
336 BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length());
337 const size_t bytes_left = m_obj.length() - m_offset;
338
339 if(peek_offset >= bytes_left) {
340 return 0;
341 }
342
343 const size_t got = std::min(bytes_left - peek_offset, length);
344 copy_mem(out, m_obj.bits() + m_offset + peek_offset, got);
345 return got;
346 }
347
348 bool check_available(size_t n) override {
349 BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length());
350 return (n <= (m_obj.length() - m_offset));
351 }
352
353 bool end_of_data() const override { return get_bytes_read() == m_obj.length(); }
354
355 size_t get_bytes_read() const override { return m_offset; }
356
357 explicit DataSource_BERObject(BER_Object&& obj) : m_obj(std::move(obj)) {}
358
359 private:
360 BER_Object m_obj;
361 size_t m_offset = 0;
362};
363
364} // namespace
365
366BER_Decoder::~BER_Decoder() = default;
367
368/*
369* Check if more objects are there
370*/
371bool BER_Decoder::more_items() const {
372 if(m_source->end_of_data() && !m_pushed.is_set()) {
373 return false;
374 }
375 return true;
376}
377
378/*
379* Verify that no bytes remain in the source
380*/
381BER_Decoder& BER_Decoder::verify_end() {
382 return verify_end("BER_Decoder::verify_end called, but data remains");
383}
384
385/*
386* Verify that no bytes remain in the source
387*/
388BER_Decoder& BER_Decoder::verify_end(std::string_view err) {
389 if(!m_source->end_of_data() || m_pushed.is_set()) {
390 throw Decoding_Error(err);
391 }
392 return (*this);
393}
394
395/*
396* Discard all the bytes remaining in the source
397*/
398BER_Decoder& BER_Decoder::discard_remaining() {
399 m_pushed = BER_Object();
400 uint8_t buf = 0;
401 while(m_source->read_byte(buf) != 0) {}
402 return (*this);
403}
404
405std::optional<uint8_t> BER_Decoder::read_next_byte() {
406 BOTAN_ASSERT_NOMSG(m_source != nullptr);
407 uint8_t b = 0;
408 if(m_source->read_byte(b) != 0) {
409 return b;
410 } else {
411 return {};
412 }
413}
414
415const BER_Object& BER_Decoder::peek_next_object() {
416 if(!m_pushed.is_set()) {
417 m_pushed = get_next_object();
418 }
419
420 return m_pushed;
421}
422
423/*
424* Return the BER encoding of the next object
425*/
426BER_Object BER_Decoder::get_next_object() {
427 BER_Object next;
428
429 if(m_pushed.is_set()) {
430 std::swap(next, m_pushed);
431 return next;
432 }
433
434 for(;;) {
435 ASN1_Type type_tag = ASN1_Type::NoObject;
436 ASN1_Class class_tag = ASN1_Class::NoObject;
437 decode_tag(m_source, type_tag, class_tag);
438 next.set_tagging(type_tag, class_tag);
439 if(next.is_set() == false) { // no more objects
440 return next;
441 }
442
443 const size_t allow_indef = m_limits.allow_ber_encoding() ? m_limits.max_nested_indefinite_length() : 0;
444 const bool der_mode = m_limits.require_der_encoding();
445 const auto dl = decode_length(m_source, allow_indef, der_mode, is_constructed(class_tag));
446
447 // Per X.690 8.1.5 the only valid EOC encoding is the two-octet
448 // sequence 0x00 0x00. Reject any other length encoding on a tag of
449 // (Eoc, Universal) before we consume the "content" bytes.
450 if(type_tag == ASN1_Type::Eoc && class_tag == ASN1_Class::Universal &&
451 (dl.content_length() != 0 || dl.indefinite_length())) {
452 throw BER_Decoding_Error("EOC marker with non-zero length");
453 }
454
455 if(!m_source->check_available(dl.total_length())) {
456 throw BER_Decoding_Error("Value truncated");
457 }
458
459 uint8_t* out = next.mutable_bits(dl.content_length());
460 if(m_source->read(out, dl.content_length()) != dl.content_length()) {
461 throw BER_Decoding_Error("Value truncated");
462 }
463
464 if(dl.indefinite_length()) {
465 // After reading the data consume the 2-byte EOC
466 uint8_t eoc[2] = {0xFF, 0xFF};
467 if(m_source->read(eoc, 2) != 2 || eoc[0] != 0x00 || eoc[1] != 0x00) {
468 throw BER_Decoding_Error("Missing or malformed EOC marker");
469 }
470 }
471
472 if(next.tagging() == static_cast<uint32_t>(ASN1_Type::Eoc)) {
473 if(m_limits.require_der_encoding()) {
474 throw BER_Decoding_Error("Detected EOC marker in DER structure");
475 }
476 continue;
477 } else {
478 break;
479 }
480 }
481
482 return next;
483}
484
485BER_Object BER_Decoder::get_next_value(size_t sizeofT, ASN1_Type type_tag, ASN1_Class class_tag) {
486 const BER_Object obj = get_next_object();
487 obj.assert_is_a(type_tag, class_tag);
488
489 if(obj.length() != sizeofT) {
490 throw BER_Decoding_Error("Size mismatch. Object value size is " + std::to_string(obj.length()) +
491 "; Output type size is " + std::to_string(sizeofT));
492 }
493
494 return obj;
495}
496
497/*
498* Push a object back into the stream
499*/
500void BER_Decoder::push_back(const BER_Object& obj) {
501 if(m_pushed.is_set()) {
502 throw Invalid_State("BER_Decoder: Only one push back is allowed");
503 }
504 m_pushed = obj;
505}
506
507void BER_Decoder::push_back(BER_Object&& obj) {
508 if(m_pushed.is_set()) {
509 throw Invalid_State("BER_Decoder: Only one push back is allowed");
510 }
511 m_pushed = std::move(obj);
512}
513
514BER_Decoder BER_Decoder::start_cons(ASN1_Type type_tag, ASN1_Class class_tag) {
515 BER_Object obj = get_next_object();
516 obj.assert_is_a(type_tag, class_tag | ASN1_Class::Constructed);
517 BER_Decoder child(std::move(obj), this);
518 return child;
519}
520
521/*
522* Finish decoding a CONSTRUCTED type
523*/
524BER_Decoder& BER_Decoder::end_cons() {
525 if(m_parent == nullptr) {
526 throw Invalid_State("BER_Decoder::end_cons called with null parent");
527 }
528 if(!m_source->end_of_data() || m_pushed.is_set()) {
529 throw Decoding_Error("BER_Decoder::end_cons called with data left");
530 }
531 return (*m_parent);
532}
533
534BER_Decoder::BER_Decoder(BER_Object&& obj, BER_Decoder* parent) :
535 m_limits(parent != nullptr ? parent->limits() : BER_Decoder::Limits::BER()), m_parent(parent) {
536 m_data_src = std::make_unique<DataSource_BERObject>(std::move(obj));
537 m_source = m_data_src.get();
538}
539
540/*
541* BER_Decoder Constructor
542*/
543BER_Decoder::BER_Decoder(DataSource& src, Limits limits) : m_limits(limits), m_source(&src) {}
544
545/*
546* BER_Decoder Constructor
547 */
548BER_Decoder::BER_Decoder(std::span<const uint8_t> buf, Limits limits) : m_limits(limits) {
549 m_data_src = std::make_unique<DataSource_Memory>(buf);
550 m_source = m_data_src.get();
551}
552
553BER_Decoder::BER_Decoder(BER_Decoder&& other) noexcept = default;
554
555BER_Decoder& BER_Decoder::operator=(BER_Decoder&&) noexcept = default;
556
557/*
558* Request for an object to decode itself
559*/
560BER_Decoder& BER_Decoder::decode(ASN1_Object& obj, ASN1_Type /*unused*/, ASN1_Class /*unused*/) {
561 obj.decode_from(*this);
562 return (*this);
563}
564
565/*
566* Decode a BER encoded NULL
567*/
568BER_Decoder& BER_Decoder::decode_null() {
569 const BER_Object obj = get_next_object();
570 obj.assert_is_a(ASN1_Type::Null, ASN1_Class::Universal);
571 if(obj.length() > 0) {
572 throw BER_Decoding_Error("NULL object had nonzero size");
573 }
574 return (*this);
575}
576
577BER_Decoder& BER_Decoder::decode_octet_string_bigint(BigInt& out) {
578 secure_vector<uint8_t> out_vec;
579 decode(out_vec, ASN1_Type::OctetString);
580 out = BigInt::from_bytes(out_vec);
581 return (*this);
582}
583
584/*
585* Decode a BER encoded BOOLEAN
586*/
587BER_Decoder& BER_Decoder::decode(bool& out, ASN1_Type type_tag, ASN1_Class class_tag) {
588 const BER_Object obj = get_next_object();
589 obj.assert_is_a(type_tag, class_tag);
590
591 if(obj.length() != 1) {
592 throw BER_Decoding_Error("BER boolean value had invalid size");
593 }
594
595 const uint8_t val = obj.bits()[0];
596
597 // DER requires boolean values to be exactly 0x00 or 0xFF
598 if(m_limits.require_der_encoding() && val != 0x00 && val != 0xFF) {
599 throw BER_Decoding_Error("Detected non-canonical boolean encoding in DER structure");
600 }
601
602 out = (val != 0) ? true : false;
603
604 return (*this);
605}
606
607/*
608* Decode a small BER encoded INTEGER
609*/
610BER_Decoder& BER_Decoder::decode(size_t& out, ASN1_Type type_tag, ASN1_Class class_tag) {
611 BigInt integer;
612 decode(integer, type_tag, class_tag);
613
614 if(integer.signum() < 0) {
615 throw BER_Decoding_Error("Decoded small integer value was negative");
616 }
617
618 if(integer.bits() > 32) {
619 throw BER_Decoding_Error("Decoded integer value larger than expected");
620 }
621
622 out = 0;
623 for(size_t i = 0; i != 4; ++i) {
624 out = (out << 8) | integer.byte_at(3 - i);
625 }
626
627 return (*this);
628}
629
630/*
631* Decode a small BER encoded INTEGER
632*/
633uint64_t BER_Decoder::decode_constrained_integer(ASN1_Type type_tag, ASN1_Class class_tag, size_t T_bytes) {
634 if(T_bytes > 8) {
635 throw BER_Decoding_Error("Can't decode small integer over 8 bytes");
636 }
637
638 BigInt integer;
639 decode(integer, type_tag, class_tag);
640
641 if(integer.is_negative()) {
642 throw BER_Decoding_Error("Decoded small integer value was negative");
643 }
644
645 if(integer.bits() > 8 * T_bytes) {
646 throw BER_Decoding_Error("Decoded integer value larger than expected");
647 }
648
649 uint64_t out = 0;
650 for(size_t i = 0; i != 8; ++i) {
651 out = (out << 8) | integer.byte_at(7 - i);
652 }
653
654 return out;
655}
656
657/*
658* Decode a BER encoded INTEGER
659*/
660BER_Decoder& BER_Decoder::decode(BigInt& out, ASN1_Type type_tag, ASN1_Class class_tag) {
661 const BER_Object obj = get_next_object();
662 obj.assert_is_a(type_tag, class_tag);
663
664 // DER requires minimal INTEGER encoding (X.690 section 8.3.2)
665 if(m_limits.require_der_encoding()) {
666 if(obj.length() == 0) {
667 throw BER_Decoding_Error("Detected empty INTEGER encoding in DER structure");
668 }
669 if(obj.length() > 1) {
670 if(obj.bits()[0] == 0x00 && (obj.bits()[1] & 0x80) == 0) {
671 throw BER_Decoding_Error("Detected non-minimal INTEGER encoding in DER structure");
672 }
673 if(obj.bits()[0] == 0xFF && (obj.bits()[1] & 0x80) != 0) {
674 throw BER_Decoding_Error("Detected non-minimal INTEGER encoding in DER structure");
675 }
676 }
677 }
678
679 if(obj.length() == 0) {
680 out.clear();
681 } else {
682 const uint8_t first = obj.bits()[0];
683 const bool negative = (first & 0x80) == 0x80;
684
685 if(negative) {
686 secure_vector<uint8_t> vec(obj.bits(), obj.bits() + obj.length());
687 for(size_t i = obj.length(); i > 0; --i) {
688 const bool gt0 = (vec[i - 1] > 0);
689 vec[i - 1] -= 1;
690 if(gt0) {
691 break;
692 }
693 }
694 for(size_t i = 0; i != obj.length(); ++i) {
695 vec[i] = ~vec[i];
696 }
697 out._assign_from_bytes(vec);
698 out.flip_sign();
699 } else {
700 out._assign_from_bytes(obj.data());
701 }
702 }
703
704 return (*this);
705}
706
707namespace {
708
709bool is_constructed(const BER_Object& obj) {
710 return is_constructed(obj.class_tag());
711}
712
713template <typename Alloc>
714void asn1_decode_binary_string(std::vector<uint8_t, Alloc>& buffer,
715 const BER_Object& obj,
716 ASN1_Type real_type,
717 ASN1_Type type_tag,
718 ASN1_Class class_tag,
719 bool require_der) {
720 obj.assert_is_a(type_tag, class_tag);
721
722 // DER requires BIT STRING and OCTET STRING to use primitive encoding
723 if(require_der && is_constructed(obj)) {
724 throw BER_Decoding_Error("Detected constructed string encoding in DER structure");
725 }
726
727 if(real_type == ASN1_Type::OctetString) {
728 buffer.assign(obj.bits(), obj.bits() + obj.length());
729 } else {
730 if(obj.length() == 0) {
731 throw BER_Decoding_Error("Invalid BIT STRING");
732 }
733
734 const uint8_t unused_bits = obj.bits()[0];
735
736 if(unused_bits >= 8) {
737 throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
738 }
739
740 // Empty BIT STRING with unused bits > 0 ...
741 if(unused_bits > 0 && obj.length() < 2) {
742 throw BER_Decoding_Error("Invalid BIT STRING");
743 }
744
745 // DER requires unused bits in BIT STRING to be zero (X.690 section 11.2.2)
746 if(require_der && unused_bits > 0) {
747 const uint8_t last_byte = obj.bits()[obj.length() - 1];
748 if((last_byte & ((1 << unused_bits) - 1)) != 0) {
749 throw BER_Decoding_Error("Detected non-zero padding bits in BIT STRING in DER structure");
750 }
751 }
752
753 buffer.resize(obj.length() - 1);
754
755 if(obj.length() > 1) {
756 copy_mem(buffer.data(), obj.bits() + 1, obj.length() - 1);
757 }
758 }
759}
760
761} // namespace
762
763/*
764* BER decode a BIT STRING or OCTET STRING
765*/
766BER_Decoder& BER_Decoder::decode(secure_vector<uint8_t>& buffer,
767 ASN1_Type real_type,
768 ASN1_Type type_tag,
769 ASN1_Class class_tag) {
770 if(real_type != ASN1_Type::OctetString && real_type != ASN1_Type::BitString) {
771 throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", static_cast<uint32_t>(real_type));
772 }
773
774 asn1_decode_binary_string(
775 buffer, get_next_object(), real_type, type_tag, class_tag, m_limits.require_der_encoding());
776 return (*this);
777}
778
779BER_Decoder& BER_Decoder::decode(std::vector<uint8_t>& buffer,
780 ASN1_Type real_type,
781 ASN1_Type type_tag,
782 ASN1_Class class_tag) {
783 if(real_type != ASN1_Type::OctetString && real_type != ASN1_Type::BitString) {
784 throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", static_cast<uint32_t>(real_type));
785 }
786
787 asn1_decode_binary_string(
788 buffer, get_next_object(), real_type, type_tag, class_tag, m_limits.require_der_encoding());
789 return (*this);
790}
791
792} // namespace Botan
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:75
Botan::ASN1_Object
Definition asn1_obj.h:96
Botan::BER_Bad_Tag
Definition asn1_obj.h:207
Botan::BER_Decoder::Limits
Definition ber_dec.h:30
Botan::BER_Decoder
Definition ber_dec.h:25
Botan::BER_Decoder::peek_next_object
const BER_Object & peek_next_object()
Definition ber_dec.cpp:415
Botan::BER_Decoder::push_back
void push_back(const BER_Object &obj)
Definition ber_dec.cpp:500
Botan::BER_Decoder::get_next_object
BER_Object get_next_object()
Definition ber_dec.cpp:426
Botan::BER_Decoder::get_next_value
BER_Decoder & get_next_value(T &out, ASN1_Type type_tag, ASN1_Class class_tag=ASN1_Class::ContextSpecific)
Definition ber_dec.h:189
Botan::BER_Decoder::decode
BER_Decoder & decode(bool &out)
Definition ber_dec.h:220
Botan::BER_Decoder::decode_constrained_integer
uint64_t decode_constrained_integer(ASN1_Type type_tag, ASN1_Class class_tag, size_t T_bytes)
Definition ber_dec.cpp:633
Botan::BER_Decoder::more_items
bool more_items() const
Definition ber_dec.cpp:371
Botan::BER_Decoder::limits
Limits limits() const
Definition ber_dec.h:98
Botan::BER_Decoder::verify_end
BER_Decoder & verify_end()
Definition ber_dec.cpp:381
Botan::BER_Decoder::BER_Decoder
BER_Decoder(const uint8_t buf[], size_t len, Limits limits=Limits::BER())
Definition ber_dec.h:64
Botan::BER_Decoder::end_cons
BER_Decoder & end_cons()
Definition ber_dec.cpp:524
Botan::BER_Decoder::start_cons
BER_Decoder start_cons(ASN1_Type type_tag, ASN1_Class class_tag)
Definition ber_dec.cpp:514
Botan::BER_Decoder::discard_remaining
BER_Decoder & discard_remaining()
Definition ber_dec.cpp:398
Botan::BER_Decoder::decode_octet_string_bigint
BER_Decoder & decode_octet_string_bigint(BigInt &b)
Definition ber_dec.cpp:577
Botan::BER_Decoder::decode_null
BER_Decoder & decode_null()
Definition ber_dec.cpp:568
Botan::BER_Decoder::~BER_Decoder
~BER_Decoder()
Botan::BER_Decoder::operator=
BER_Decoder & operator=(const BER_Decoder &)=delete
Botan::BER_Decoding_Error
Definition asn1_obj.h:199
Botan::BER_Object
Definition asn1_obj.h:128
Botan::BER_Object::length
size_t length() const
Definition asn1_obj.h:152
Botan::BER_Object::bits
const uint8_t * bits() const
Definition asn1_obj.h:150
Botan::BER_Object::assert_is_a
void assert_is_a(ASN1_Type type_tag, ASN1_Class class_tag, std::string_view descr="object") const
Definition asn1_obj.cpp:34
Botan::BER_Object::tagging
uint32_t tagging() const
Definition asn1_obj.h:140
Botan::BER_Object::is_set
bool is_set() const
Definition asn1_obj.h:138
Botan::BER_Object::data
std::span< const uint8_t > data() const
Definition asn1_obj.h:154
Botan::BER_Object::class_tag
ASN1_Class class_tag() const
Definition asn1_obj.h:144
Botan::BigInt::flip_sign
void flip_sign()
Definition bigint.h:619
Botan::BigInt::signum
int signum() const
Definition bigint.h:467
Botan::BigInt::from_bytes
static BigInt from_bytes(std::span< const uint8_t > bytes)
Definition bigint.cpp:83
Botan::BigInt::bits
size_t bits() const
Definition bigint.cpp:307
Botan::BigInt::byte_at
uint8_t byte_at(size_t n) const
Definition bigint.cpp:118
Botan::BigInt::clear
void clear()
Definition bigint.h:415
Botan::BigInt::_assign_from_bytes
void _assign_from_bytes(std::span< const uint8_t > bytes)
Definition bigint.h:980
Botan::BigInt::is_negative
bool is_negative() const
Definition bigint.h:586
Botan::DataSource::read_byte
size_t read_byte(uint8_t &out)
Definition data_src.cpp:27
Botan::Decoding_Error
Definition exceptn.h:192
Botan::Invalid_State
Definition exceptn.h:207
Botan::get_byte
constexpr uint8_t get_byte(T input)
Definition loadstor.h:79
Botan::checked_add
constexpr std::optional< T > checked_add(T a, T b)
Definition int_utils.h:19
Botan::ASN1_Class
ASN1_Class
Definition asn1_obj.h:28
Botan::ASN1_Type
ASN1_Type
Definition asn1_obj.h:43
Botan::copy_mem
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:144
Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68
Generated by doxygen 1.16.1