Botan  2.6.0
Crypto and TLS for C++11
ber_dec.cpp
Go to the documentation of this file.
1 /*
2 * BER Decoder
3 * (C) 1999-2008,2015,2017 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/ber_dec.h>
9 #include <botan/bigint.h>
10 #include <botan/loadstor.h>
11 #include <botan/internal/safeint.h>
12 
13 namespace Botan {
14 
15 namespace {
16 
17 /*
18 * This value is somewhat arbitrary. OpenSSL allows up to 128 nested
19 * indefinite length sequences. If you increase this, also increase the
20 * limit in the test in test_asn1.cpp
21 */
22 const size_t ALLOWED_EOC_NESTINGS = 16;
23 
24 /*
25 * BER decode an ASN.1 type tag
26 */
27 size_t decode_tag(DataSource* ber, ASN1_Tag& type_tag, ASN1_Tag& class_tag)
28  {
29  uint8_t b;
30  if(!ber->read_byte(b))
31  {
32  class_tag = type_tag = NO_OBJECT;
33  return 0;
34  }
35 
36  if((b & 0x1F) != 0x1F)
37  {
38  type_tag = ASN1_Tag(b & 0x1F);
39  class_tag = ASN1_Tag(b & 0xE0);
40  return 1;
41  }
42 
43  size_t tag_bytes = 1;
44  class_tag = ASN1_Tag(b & 0xE0);
45 
46  size_t tag_buf = 0;
47  while(true)
48  {
49  if(!ber->read_byte(b))
50  throw BER_Decoding_Error("Long-form tag truncated");
51  if(tag_buf & 0xFF000000)
52  throw BER_Decoding_Error("Long-form tag overflowed 32 bits");
53  ++tag_bytes;
54  tag_buf = (tag_buf << 7) | (b & 0x7F);
55  if((b & 0x80) == 0) break;
56  }
57  type_tag = ASN1_Tag(tag_buf);
58  return tag_bytes;
59  }
60 
61 /*
62 * Find the EOC marker
63 */
64 size_t find_eoc(DataSource* src, size_t allow_indef);
65 
66 /*
67 * BER decode an ASN.1 length field
68 */
69 size_t decode_length(DataSource* ber, size_t& field_size, size_t allow_indef)
70  {
71  uint8_t b;
72  if(!ber->read_byte(b))
73  throw BER_Decoding_Error("Length field not found");
74  field_size = 1;
75  if((b & 0x80) == 0)
76  return b;
77 
78  field_size += (b & 0x7F);
79  if(field_size > 5)
80  throw BER_Decoding_Error("Length field is too large");
81 
82  if(field_size == 1)
83  {
84  if(allow_indef == 0)
85  {
86  throw BER_Decoding_Error("Nested EOC markers too deep, rejecting to avoid stack exhaustion");
87  }
88  else
89  {
90  return find_eoc(ber, allow_indef - 1);
91  }
92  }
93 
94  size_t length = 0;
95 
96  for(size_t i = 0; i != field_size - 1; ++i)
97  {
98  if(get_byte(0, length) != 0)
99  throw BER_Decoding_Error("Field length overflow");
100  if(!ber->read_byte(b))
101  throw BER_Decoding_Error("Corrupted length field");
102  length = (length << 8) | b;
103  }
104  return length;
105  }
106 
107 /*
108 * Find the EOC marker
109 */
110 size_t find_eoc(DataSource* ber, size_t allow_indef)
111  {
112  secure_vector<uint8_t> buffer(BOTAN_DEFAULT_BUFFER_SIZE), data;
113 
114  while(true)
115  {
116  const size_t got = ber->peek(buffer.data(), buffer.size(), data.size());
117  if(got == 0)
118  break;
119 
120  data += std::make_pair(buffer.data(), got);
121  }
122 
123  DataSource_Memory source(data);
124  data.clear();
125 
126  size_t length = 0;
127  while(true)
128  {
129  ASN1_Tag type_tag, class_tag;
130  size_t tag_size = decode_tag(&source, type_tag, class_tag);
131  if(type_tag == NO_OBJECT)
132  break;
133 
134  size_t length_size = 0;
135  size_t item_size = decode_length(&source, length_size, allow_indef);
136  source.discard_next(item_size);
137 
138  length = BOTAN_CHECKED_ADD(length, item_size);
139  length = BOTAN_CHECKED_ADD(length, tag_size);
140  length = BOTAN_CHECKED_ADD(length, length_size);
141 
142  if(type_tag == EOC && class_tag == UNIVERSAL)
143  break;
144  }
145  return length;
146  }
147 
148 }
149 
150 /*
151 * Check if more objects are there
152 */
154  {
155  if(m_source->end_of_data() && !m_pushed.is_set())
156  return false;
157  return true;
158  }
159 
160 /*
161 * Verify that no bytes remain in the source
162 */
164  {
165  if(!m_source->end_of_data() || m_pushed.is_set())
166  throw Invalid_State("BER_Decoder::verify_end called, but data remains");
167  return (*this);
168  }
169 
170 /*
171 * Discard all the bytes remaining in the source
172 */
174  {
175  uint8_t buf;
176  while(m_source->read_byte(buf))
177  {}
178  return (*this);
179  }
180 
181 /*
182 * Return the BER encoding of the next object
183 */
185  {
186  BER_Object next;
187 
188  if(m_pushed.is_set())
189  {
190  std::swap(next, m_pushed);
191  return next;
192  }
193 
194  for(;;)
195  {
196  ASN1_Tag type_tag, class_tag;
197  decode_tag(m_source, type_tag, class_tag);
198  next.set_tagging(type_tag, class_tag);
199  if(next.is_set() == false) // no more objects
200  return next;
201 
202  size_t field_size;
203  const size_t length = decode_length(m_source, field_size, ALLOWED_EOC_NESTINGS);
204  if(!m_source->check_available(length))
205  throw BER_Decoding_Error("Value truncated");
206 
207  uint8_t* out = next.mutable_bits(length);
208  if(m_source->read(out, length) != length)
209  throw BER_Decoding_Error("Value truncated");
210 
211  if(next.tagging() == EOC)
212  continue;
213  else
214  break;
215  }
216 
217  return next;
218  }
219 
221  {
222  ber = get_next_object();
223  return (*this);
224  }
225 
226 /*
227 * Push a object back into the stream
228 */
230  {
231  if(m_pushed.is_set())
232  throw Invalid_State("BER_Decoder: Only one push back is allowed");
233  m_pushed = obj;
234  }
235 
236 /*
237 * Begin decoding a CONSTRUCTED type
238 */
240  ASN1_Tag class_tag)
241  {
242  BER_Object obj = get_next_object();
243  obj.assert_is_a(type_tag, ASN1_Tag(class_tag | CONSTRUCTED));
244 
245  BER_Decoder result(obj.bits(), obj.length());
246  result.m_parent = this;
247  return result;
248  }
249 
250 /*
251 * Finish decoding a CONSTRUCTED type
252 */
254  {
255  if(!m_parent)
256  throw Invalid_State("BER_Decoder::end_cons called with NULL parent");
257  if(!m_source->end_of_data())
258  throw Decoding_Error("BER_Decoder::end_cons called with data left");
259  return (*m_parent);
260  }
261 
262 BER_Decoder::BER_Decoder(const BER_Object& obj) : BER_Decoder(obj.bits(), obj.length())
263  {
264  }
265 
266 /*
267 * BER_Decoder Constructor
268 */
270  {
271  m_source = &src;
272  }
273 
274 /*
275 * BER_Decoder Constructor
276  */
277 BER_Decoder::BER_Decoder(const uint8_t data[], size_t length)
278  {
279  m_data_src.reset(new DataSource_Memory(data, length));
280  m_source = m_data_src.get();
281  }
282 
283 /*
284 * BER_Decoder Constructor
285 */
287  {
288  m_data_src.reset(new DataSource_Memory(data));
289  m_source = m_data_src.get();
290  }
291 
292 /*
293 * BER_Decoder Constructor
294 */
295 BER_Decoder::BER_Decoder(const std::vector<uint8_t>& data)
296  {
297  m_data_src.reset(new DataSource_Memory(data.data(), data.size()));
298  m_source = m_data_src.get();
299  }
300 
301 /*
302 * BER_Decoder Copy Constructor
303 */
305  {
306  m_source = other.m_source;
307 
308  // take ownership
309  std::swap(m_data_src, other.m_data_src);
310  m_parent = other.m_parent;
311  }
312 
313 /*
314 * Request for an object to decode itself
315 */
318  {
319  obj.decode_from(*this);
320  return (*this);
321  }
322 
323 /*
324 * Decode a BER encoded NULL
325 */
327  {
328  BER_Object obj = get_next_object();
330  if(obj.length() > 0)
331  throw BER_Decoding_Error("NULL object had nonzero size");
332  return (*this);
333  }
334 
335 /*
336 * Decode a BER encoded BOOLEAN
337 */
339  {
340  return decode(out, BOOLEAN, UNIVERSAL);
341  }
342 
343 /*
344 * Decode a small BER encoded INTEGER
345 */
347  {
348  return decode(out, INTEGER, UNIVERSAL);
349  }
350 
351 /*
352 * Decode a BER encoded INTEGER
353 */
355  {
356  return decode(out, INTEGER, UNIVERSAL);
357  }
358 
360  {
361  secure_vector<uint8_t> out_vec;
362  decode(out_vec, OCTET_STRING);
363  out = BigInt::decode(out_vec.data(), out_vec.size());
364  return (*this);
365  }
366 
368  {
369  std::vector<uint8_t> out_vec;
370  decode(out_vec, OCTET_STRING);
371  return out_vec;
372  }
373 
374 /*
375 * Decode a BER encoded BOOLEAN
376 */
378  ASN1_Tag type_tag, ASN1_Tag class_tag)
379  {
380  BER_Object obj = get_next_object();
381  obj.assert_is_a(type_tag, class_tag);
382 
383  if(obj.length() != 1)
384  throw BER_Decoding_Error("BER boolean value had invalid size");
385 
386  out = (obj.bits()[0]) ? true : false;
387  return (*this);
388  }
389 
390 /*
391 * Decode a small BER encoded INTEGER
392 */
394  ASN1_Tag type_tag,
395  ASN1_Tag class_tag)
396  {
397  BigInt integer;
398  decode(integer, type_tag, class_tag);
399 
400  if(integer.bits() > 32)
401  throw BER_Decoding_Error("Decoded integer value larger than expected");
402 
403  out = 0;
404  for(size_t i = 0; i != 4; ++i)
405  out = (out << 8) | integer.byte_at(3-i);
406 
407  return (*this);
408  }
409 
410 /*
411 * Decode a small BER encoded INTEGER
412 */
414  ASN1_Tag class_tag,
415  size_t T_bytes)
416  {
417  if(T_bytes > 8)
418  throw BER_Decoding_Error("Can't decode small integer over 8 bytes");
419 
420  BigInt integer;
421  decode(integer, type_tag, class_tag);
422 
423  if(integer.bits() > 8*T_bytes)
424  throw BER_Decoding_Error("Decoded integer value larger than expected");
425 
426  uint64_t out = 0;
427  for(size_t i = 0; i != 8; ++i)
428  out = (out << 8) | integer.byte_at(7-i);
429 
430  return out;
431  }
432 
433 /*
434 * Decode a BER encoded INTEGER
435 */
437  ASN1_Tag type_tag,
438  ASN1_Tag class_tag)
439  {
440  BER_Object obj = get_next_object();
441  obj.assert_is_a(type_tag, class_tag);
442 
443  if(obj.length() == 0)
444  {
445  out = 0;
446  }
447  else
448  {
449  const bool negative = (obj.bits()[0] & 0x80) ? true : false;
450 
451  if(negative)
452  {
453  secure_vector<uint8_t> vec(obj.bits(), obj.bits() + obj.length());
454  for(size_t i = obj.length(); i > 0; --i)
455  if(vec[i-1]--)
456  break;
457  for(size_t i = 0; i != obj.length(); ++i)
458  vec[i] = ~vec[i];
459  out = BigInt(vec.data(), vec.size());
460  out.flip_sign();
461  }
462  else
463  {
464  out = BigInt(obj.bits(), obj.length());
465  }
466  }
467 
468  return (*this);
469  }
470 
471 namespace {
472 
473 template<typename Alloc>
474 void asn1_decode_binary_string(std::vector<uint8_t, Alloc>& buffer,
475  const BER_Object& obj,
476  ASN1_Tag real_type,
477  ASN1_Tag type_tag,
478  ASN1_Tag class_tag)
479  {
480  obj.assert_is_a(type_tag, class_tag);
481 
482  if(real_type == OCTET_STRING)
483  {
484  buffer.assign(obj.bits(), obj.bits() + obj.length());
485  }
486  else
487  {
488  if(obj.length() == 0)
489  throw BER_Decoding_Error("Invalid BIT STRING");
490  if(obj.bits()[0] >= 8)
491  throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
492 
493  buffer.resize(obj.length() - 1);
494 
495  if(obj.length() > 1)
496  copy_mem(buffer.data(), obj.bits() + 1, obj.length() - 1);
497  }
498  }
499 
500 }
501 
502 /*
503 * BER decode a BIT STRING or OCTET STRING
504 */
506  ASN1_Tag real_type,
507  ASN1_Tag type_tag, ASN1_Tag class_tag)
508  {
509  if(real_type != OCTET_STRING && real_type != BIT_STRING)
510  throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type);
511 
512  asn1_decode_binary_string(buffer, get_next_object(), real_type, type_tag, class_tag);
513  return (*this);
514  }
515 
516 BER_Decoder& BER_Decoder::decode(std::vector<uint8_t>& buffer,
517  ASN1_Tag real_type,
518  ASN1_Tag type_tag, ASN1_Tag class_tag)
519  {
520  if(real_type != OCTET_STRING && real_type != BIT_STRING)
521  throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type);
522 
523  asn1_decode_binary_string(buffer, get_next_object(), real_type, type_tag, class_tag);
524  return (*this);
525  }
526 
527 }
ASN1_Tag tagging() const
Definition: asn1_obj.h:95
virtual bool check_available(size_t n)=0
virtual void decode_from(BER_Decoder &from)=0
BER_Decoder(DataSource &)
Definition: ber_dec.cpp:269
size_t bits() const
Definition: bigint.cpp:216
void assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag, const std::string &descr="object") const
Definition: asn1_obj.cpp:18
void push_back(const BER_Object &obj)
Definition: ber_dec.cpp:229
BER_Decoder & decode(bool &v)
Definition: ber_dec.cpp:338
BER_Decoder & decode_octet_string_bigint(class BigInt &b)
Definition: ber_dec.cpp:359
ASN1_Tag
Definition: asn1_obj.h:22
#define BOTAN_CHECKED_ADD(x, y)
Definition: safeint.h:35
uint8_t byte_at(size_t n) const
Definition: bigint.h:388
BER_Decoder & get_next(BER_Object &ber)
Definition: ber_dec.cpp:220
uint64_t decode_constrained_integer(ASN1_Tag type_tag, ASN1_Tag class_tag, size_t T_bytes)
Definition: ber_dec.cpp:413
BER_Decoder & decode_null()
Definition: ber_dec.cpp:326
BER_Decoder & end_cons()
Definition: ber_dec.cpp:253
virtual bool end_of_data() const =0
virtual size_t read(uint8_t out[], size_t length) BOTAN_WARN_UNUSED_RESULT=0
BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag=UNIVERSAL)
Definition: ber_dec.cpp:239
size_t length() const
Definition: asn1_obj.h:102
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:108
BER_Decoder & discard_remaining()
Definition: ber_dec.cpp:173
Definition: alg_id.cpp:13
size_t read_byte(uint8_t &out)
Definition: data_src.cpp:23
BER_Object get_next_object()
Definition: ber_dec.cpp:184
const uint8_t * bits() const
Definition: asn1_obj.h:100
BER_Decoder & verify_end()
Definition: ber_dec.cpp:163
uint8_t get_byte(size_t byte_num, T input)
Definition: loadstor.h:39
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
std::vector< uint8_t > get_next_octet_string()
Definition: ber_dec.cpp:367
void flip_sign()
Definition: bigint.h:440
bool more_items() const
Definition: ber_dec.cpp:153
bool is_set() const
Definition: asn1_obj.h:93
static BigInt decode(const uint8_t buf[], size_t length, Base base=Binary)
Definition: big_code.cpp:114