RTDECL(int) RTAsn1OctetString_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1OCTETSTRING pThis,
const char *pszErrorTag)
{
pThis->pEncapsulated = NULL;
RTAsn1CursorInitAllocation(pCursor, &pThis->EncapsulatedAllocation);
int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag);
if (RT_SUCCESS(rc))
{
rc = RTAsn1CursorMatchTagClassFlagsString(pCursor, &pThis->Asn1Core, ASN1_TAG_OCTET_STRING,
ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE,
fFlags, pszErrorTag, "OCTET STRING");
if (RT_SUCCESS(rc))
{
if ( !(pThis->Asn1Core.fClass & ASN1_TAGFLAG_CONSTRUCTED)
|| (fFlags & RTASN1CURSOR_GET_F_IMPLICIT) ) /* PKCS #7 ContentInfo tweak. */
{
RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb);
pThis->Asn1Core.pOps = &g_RTAsn1OctetString_Vtable;
pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT;
return VINF_SUCCESS;
}
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CONSTRUCTED_STRING_NOT_IMPL,
"%s: Constructed OCTET STRING not implemented.", pszErrorTag);
}
else
rc = RTAsn1CursorSetInfo(pCursor, rc, "%s: Not OCTET STRING: fClass=%#x / uTag=%#x",
pszErrorTag, pThis->Asn1Core.fClass, pThis->Asn1Core.uTag);
}
RT_ZERO(*pThis);
return rc;
}
RTDECL(int) RTAsn1Time_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1TIME pThis, const char *pszErrorTag)
{
Assert(!(fFlags & RTASN1CURSOR_GET_F_IMPLICIT));
int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag);
if (RT_SUCCESS(rc))
{
if (pThis->Asn1Core.fClass == (ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE) )
{
if (pThis->Asn1Core.uTag == ASN1_TAG_UTC_TIME)
{
RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb);
pThis->Asn1Core.pOps = &g_RTAsn1Time_Vtable;
pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT;
return rtAsn1Time_ConvertUTCTime(pCursor, pThis, pszErrorTag);
}
if (pThis->Asn1Core.uTag == ASN1_TAG_GENERALIZED_TIME)
{
RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb);
pThis->Asn1Core.pOps = &g_RTAsn1Time_Vtable;
pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT;
return rtAsn1Time_ConvertGeneralizedTime(pCursor, pThis, pszErrorTag);
}
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_TAG_MISMATCH, "%s: Not UTCTime nor GeneralizedTime: uTag=%#x",
pszErrorTag, pThis->Asn1Core.uTag);
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_TAG_FLAG_CLASS_MISMATCH,
"%s: Not UTCTime nor GeneralizedTime: fClass=%#x / uTag=%#x",
pszErrorTag, pThis->Asn1Core.fClass, pThis->Asn1Core.uTag);
}
RT_ZERO(*pThis);
return rc;
}
RTDECL(int) RTAsn1Boolean_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1BOOLEAN pThis, const char *pszErrorTag)
{
pThis->fValue = 0;
int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag);
if (RT_SUCCESS(rc))
{
rc = RTAsn1CursorMatchTagClassFlags(pCursor, &pThis->Asn1Core, ASN1_TAG_BOOLEAN,
ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE, fFlags, pszErrorTag, "BOOLEAN");
if (RT_SUCCESS(rc))
{
if (pThis->Asn1Core.cb == 1)
{
RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb);
pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT;
pThis->Asn1Core.pOps = &g_RTAsn1Boolean_Vtable;
pThis->fValue = *pThis->Asn1Core.uData.pu8 != 0;
if ( *pThis->Asn1Core.uData.pu8 == 0
|| *pThis->Asn1Core.uData.pu8 == 0xff
|| !(pCursor->fFlags & (RTASN1CURSOR_FLAGS_DER | RTASN1CURSOR_FLAGS_CER)) )
return VINF_SUCCESS;
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BOOLEAN_ENCODING,
"%s: Invalid CER/DER boolean value: %#x, valid: 0, 0xff",
pszErrorTag, *pThis->Asn1Core.uData.pu8);
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BOOLEAN_ENCODING, "%s: Invalid boolean length, exepcted 1: %#x",
pszErrorTag, pThis->Asn1Core.cb);
}
}
RT_ZERO(*pThis);
return rc;
}
/**
* Converts the fraction part of a generalized time into nanoseconds.
*
* @returns IPRT status code.
* @param pCursor The cursor to use when reporting an error.
* @param pchFraction Pointer to the start of the fraction (dot).
* @param cchFraction The length of the fraction.
* @param pThis The time object we're working on,
* Time.u32Nanoseconds will be update.
* @param pszErrorTag The error tag.
*/
static int rtAsn1Time_ConvertGeneralizedTimeFraction(PRTASN1CURSOR pCursor, const char *pchFraction, uint32_t cchFraction,
PRTASN1TIME pThis, const char *pszErrorTag)
{
pThis->Time.u32Nanosecond = 0;
/*
* Check the dot.
*/
if (*pchFraction != '.')
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING,
"%s: Expected GeneralizedTime fraction dot, found: '%c' ('%.*s')",
pszErrorTag, *pchFraction, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch);
pchFraction++;
cchFraction--;
if (!cchFraction)
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING,
"%s: No digit following GeneralizedTime fraction dot: '%.*s'",
pszErrorTag, pThis->Asn1Core.cb, pThis->Asn1Core);
/*
* Do the conversion.
*/
char chLastDigit;
uint32_t uMult = 100000000;
do
{
char chDigit = chLastDigit = *pchFraction;
if (!RT_C_IS_DIGIT(chDigit))
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING,
"%s: Bad GeneralizedTime fraction digit: '%.*s'",
pszErrorTag, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch);
pThis->Time.u32Nanosecond += uMult * (uint32_t)(chDigit - '0');
/* Advance */
cchFraction--;
pchFraction++;
uMult /= 10;
} while (cchFraction > 0 && uMult > 0);
/*
* Lazy bird: For now, we don't permit higher resolution than we can
* internally represent. Deal with this if it ever becomes an issue.
*/
if (cchFraction > 0)
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING,
"%s: Bad GeneralizedTime fraction too long: '%.*s'",
pszErrorTag, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch);
if (chLastDigit == '0')
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING,
"%s: Trailing zeros not allowed for GeneralizedTime: '%.*s'",
pszErrorTag, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch);
return VINF_SUCCESS;
}
/**
* Common worker for the specific string type getters.
*
* @returns IPRT status code
* @param pCursor The cursor.
* @param fFlags The RTASN1CURSOR_GET_F_XXX flags.
* @param uTag The string tag.
* @param pThis The output object.
* @param pszErrorTag The error tag.
* @param pszWhat The string type name.
*/
static int rtAsn1XxxString_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, uint8_t uTag, PRTASN1STRING pThis,
const char *pszErrorTag, const char *pszWhat)
{
pThis->cchUtf8 = 0;
pThis->pszUtf8 = NULL;
int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag);
if (RT_SUCCESS(rc))
{
rc = RTAsn1CursorMatchTagClassFlagsString(pCursor, &pThis->Asn1Core, uTag,
ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE,
fFlags, pszErrorTag, pszWhat);
if (RT_SUCCESS(rc))
{
if (!(pThis->Asn1Core.fClass & ASN1_TAGFLAG_CONSTRUCTED))
{
RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb);
pThis->Asn1Core.pOps = &g_RTAsn1String_Vtable;
pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT;
RTAsn1CursorInitAllocation(pCursor, &pThis->Allocation);
/* UTF-8 conversion is done lazily, upon request. */
return VINF_SUCCESS;
}
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CONSTRUCTED_STRING_NOT_IMPL,
"%s: Constructed %s not implemented.", pszErrorTag, pszWhat);
}
}
RT_ZERO(*pThis);
return rc;
}
/**
* Common code for UTCTime and GeneralizedTime converters that normalizes the
* converted time and checks that the input values doesn't change.
*
* @returns IPRT status code.
* @param pCursor The cursor to use when reporting an error.
* @param pThis The time to normalize and check.
* @param pszType The type name.
* @param pszErrorTag The error tag.
*/
static int rtAsn1Time_NormalizeTime(PRTASN1CURSOR pCursor, PRTASN1TIME pThis, const char *pszType, const char *pszErrorTag)
{
int rc;
if ( pThis->Time.u8Month > 0
&& pThis->Time.u8Month <= 12
&& pThis->Time.u8Hour < 24
&& pThis->Time.u8Minute < 60
&& pThis->Time.u8Second < 60) /** @todo what about leap seconds? */
{
RTTIME const TimeCopy = pThis->Time;
if (RTTimeNormalize(&pThis->Time))
{
if ( TimeCopy.u8MonthDay == pThis->Time.u8MonthDay
&& TimeCopy.u8Month == pThis->Time.u8Month
&& TimeCopy.i32Year == pThis->Time.i32Year
&& TimeCopy.u8Hour == pThis->Time.u8Hour
&& TimeCopy.u8Minute == pThis->Time.u8Minute
&& TimeCopy.u8Second == pThis->Time.u8Second)
return VINF_SUCCESS;
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_TIME_NORMALIZE_MISMATCH,
"%s: Normalized result not the same as %s: '%.*s'",
pszErrorTag, pszType, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch);
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_TIME_NORMALIZE_ERROR,
"%s: RTTimeNormalize failed on %s: '%.*s'",
pszErrorTag, pszType, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch);
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_TIME_BAD_NORMALIZE_INPUT,
"%s: Bad %s values: '%.*s'; mth=%u h=%u min=%u sec=%u",
pszErrorTag, pszType, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch,
pThis->Time.u8Month, pThis->Time.u8Hour, pThis->Time.u8Minute, pThis->Time.u8Second);
return rc;
}
/**
* This function parses the binary content of an OBJECT IDENTIFIER, check the
* encoding as well as calculating the storage requirements.
*
* @returns IPRT status code
* @param pbContent Pointer to the content.
* @param cbContent The length of the content.
* @param pCursor The cursor (for error reporting).
* @param pszErrorTag The error tag.
* @param pcComponents Where to return the component count.
* @param pcchObjId Where to return the length of the dotted string
* representation.
*/
static int rtAsn1ObjId_PreParse(uint8_t const *pbContent, uint32_t cbContent, PRTASN1CURSOR pCursor, const char *pszErrorTag,
uint8_t *pcComponents, uint8_t *pcchObjId)
{
int rc;
if (cbContent >= 1 && cbContent < _1K)
{
/*
* Decode the first two numbers. Monkey business: X*40 + Y
* Where X is the first number, X in {0,1,2}, and Y is the second
* one. The range of Y is {0,...,39} for X in {0,1}, but has a
* free range for X = 2.
*/
uint32_t cComponents = 1;
uint32_t uValue;
rc = rtAsn1ObjId_ReadComponent(pbContent, cbContent, &uValue);
if (rc > 0)
{
uint32_t cchObjId = 1;
uValue = uValue < 2*40 ? uValue % 40 : uValue - 2*40; /* Y */
do
{
cComponents++;
/* Figure the encoded string length, binary search fashion. */
if (uValue < 10000)
{
if (uValue < 100)
{
if (uValue < 10)
cchObjId += 1 + 1;
else
cchObjId += 1 + 2;
}
else
{
if (uValue < 1000)
cchObjId += 1 + 3;
else
cchObjId += 1 + 4;
}
}
else
{
if (uValue < 1000000)
{
if (uValue < 100000)
cchObjId += 1 + 5;
else
cchObjId += 1 + 6;
}
else
{
if (uValue < 10000000)
cchObjId += 1 + 7;
else if (uValue < 100000000)
cchObjId += 1 + 8;
else
cchObjId += 1 + 9;
}
}
/* advance. */
pbContent += rc;
cbContent -= rc;
if (!cbContent)
{
if (cComponents < 128)
{
if (cchObjId < RT_SIZEOFMEMB(RTASN1OBJID, szObjId))
{
*pcComponents = cComponents;
*pcchObjId = cchObjId;
return VINF_SUCCESS;
}
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_OBJID_TOO_LONG_STRING_FORM,
"Object ID has a too long string form: %#x (max %#x)",
cchObjId, RT_SIZEOFMEMB(RTASN1OBJID, szObjId));
}
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_OBJID_TOO_MANY_COMPONENTS,
"Object ID has too many components: %#x (max 127)", cComponents);
}
/* next */
rc = rtAsn1ObjId_ReadComponent(pbContent, cbContent, &uValue);
} while (rc > 0);
}
rc = RTAsn1CursorSetInfo(pCursor, rc, "Bad object ID component #%u encoding: %.*Rhxs",
cComponents, cbContent, pbContent);
}
else if (cbContent)
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_OBJID_ENCODING, "Object ID content is loo long: %#x", cbContent);
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_OBJID_ENCODING, "Zero length object ID content");
return rc;
}
/**
* Converts the UTCTime string into an the RTTIME member of RTASN1TIME.
*
* @returns IPRT status code.
* @param pCursor The cursor to use when reporting an error.
* @param pThis The time to parse.
* @param pszErrorTag The error tag.
*/
static int rtAsn1Time_ConvertUTCTime(PRTASN1CURSOR pCursor, PRTASN1TIME pThis, const char *pszErrorTag)
{
/*
* While the current spec says the seconds field is not optional, this
* restriction was added later on. So, when parsing UTCTime we must deal
* with it being absent.
*/
int rc;
bool fHaveSeconds = pThis->Asn1Core.cb == sizeof("YYMMDDHHMMSSZ") - 1;
if (fHaveSeconds || pThis->Asn1Core.cb == sizeof("YYMMDDHHMMZ") - 1)
{
const char *pachTime = pThis->Asn1Core.uData.pch;
/* Basic encoding validation. */
if ( RT_C_IS_DIGIT(pachTime[0]) /* Y */
&& RT_C_IS_DIGIT(pachTime[1]) /* Y */
&& RT_C_IS_DIGIT(pachTime[2]) /* M */
&& RT_C_IS_DIGIT(pachTime[3]) /* M */
&& RT_C_IS_DIGIT(pachTime[4]) /* D */
&& RT_C_IS_DIGIT(pachTime[5]) /* D */
&& RT_C_IS_DIGIT(pachTime[6]) /* H */
&& RT_C_IS_DIGIT(pachTime[7]) /* H */
&& RT_C_IS_DIGIT(pachTime[8]) /* M */
&& RT_C_IS_DIGIT(pachTime[9]) /* M */
&& ( !fHaveSeconds
|| ( RT_C_IS_DIGIT(pachTime[10]) /* S */
&& RT_C_IS_DIGIT(pachTime[11]) /* S */ ) )
&& pachTime[fHaveSeconds ? 12 : 10] == 'Z'
)
{
/* Basic conversion. */
pThis->Time.i32Year = (pachTime[0] - '0') * 10 + (pachTime[1] - '0');
pThis->Time.i32Year += pThis->Time.i32Year < 50 ? 2000 : 1900;
pThis->Time.u8Month = (pachTime[2] - '0') * 10 + (pachTime[3] - '0');
pThis->Time.u8WeekDay = 0;
pThis->Time.u16YearDay = 0;
pThis->Time.u8MonthDay = (pachTime[4] - '0') * 10 + (pachTime[5] - '0');
pThis->Time.u8Hour = (pachTime[6] - '0') * 10 + (pachTime[7] - '0');
pThis->Time.u8Minute = (pachTime[8] - '0') * 10 + (pachTime[9] - '0');
if (fHaveSeconds)
pThis->Time.u8Second = (pachTime[10] - '0') * 10 + (pachTime[11] - '0');
else
pThis->Time.u8Second = 0;
pThis->Time.u32Nanosecond = 0;
pThis->Time.fFlags = RTTIME_FLAGS_TYPE_UTC;
pThis->Time.offUTC = 0;
/* Check the convered data and normalize the time structure. */
rc = rtAsn1Time_NormalizeTime(pCursor, pThis, "UTCTime", pszErrorTag);
if (RT_SUCCESS(rc))
return rc;
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_UTC_TIME_ENCODING, "%s: Bad UTCTime encoding: '%.*s'",
pszErrorTag, pThis->Asn1Core.cb, pachTime);
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_UTC_TIME_ENCODING, "%s: Bad UTCTime length: %#x",
pszErrorTag, pThis->Asn1Core.cb);
RT_ZERO(*pThis);
return rc;
}
/**
* Converts the GeneralizedTime string into an the RTTIME member of RTASN1TIME.
*
* @returns IPRT status code.
* @param pCursor The cursor to use when reporting an error.
* @param pThis The time to parse.
* @param pszErrorTag The error tag.
*/
static int rtAsn1Time_ConvertGeneralizedTime(PRTASN1CURSOR pCursor, PRTASN1TIME pThis, const char *pszErrorTag)
{
int rc;
if (pThis->Asn1Core.cb >= sizeof("YYYYMMDDHHMMSSZ") - 1)
{
const char *pachTime = pThis->Asn1Core.uData.pch;
/* Basic encoding validation. */
if ( RT_C_IS_DIGIT(pachTime[0]) /* Y */
&& RT_C_IS_DIGIT(pachTime[1]) /* Y */
&& RT_C_IS_DIGIT(pachTime[2]) /* Y */
&& RT_C_IS_DIGIT(pachTime[3]) /* Y */
&& RT_C_IS_DIGIT(pachTime[4]) /* M */
&& RT_C_IS_DIGIT(pachTime[5]) /* M */
&& RT_C_IS_DIGIT(pachTime[6]) /* D */
&& RT_C_IS_DIGIT(pachTime[7]) /* D */
&& RT_C_IS_DIGIT(pachTime[8]) /* H */
&& RT_C_IS_DIGIT(pachTime[9]) /* H */
&& RT_C_IS_DIGIT(pachTime[10]) /* M */
&& RT_C_IS_DIGIT(pachTime[11]) /* M */
&& RT_C_IS_DIGIT(pachTime[12]) /* S */ /** @todo was this once optional? */
&& RT_C_IS_DIGIT(pachTime[13]) /* S */
&& pachTime[pThis->Asn1Core.cb - 1] == 'Z'
)
{
/* Basic conversion. */
pThis->Time.i32Year = 1000 * (pachTime[0] - '0')
+ 100 * (pachTime[1] - '0')
+ 10 * (pachTime[2] - '0')
+ (pachTime[3] - '0');
pThis->Time.u8Month = (pachTime[4] - '0') * 10 + (pachTime[5] - '0');
pThis->Time.u8WeekDay = 0;
pThis->Time.u16YearDay = 0;
pThis->Time.u8MonthDay = (pachTime[6] - '0') * 10 + (pachTime[7] - '0');
pThis->Time.u8Hour = (pachTime[8] - '0') * 10 + (pachTime[9] - '0');
pThis->Time.u8Minute = (pachTime[10] - '0') * 10 + (pachTime[11] - '0');
pThis->Time.u8Second = (pachTime[12] - '0') * 10 + (pachTime[13] - '0');
pThis->Time.u32Nanosecond = 0;
pThis->Time.fFlags = RTTIME_FLAGS_TYPE_UTC;
pThis->Time.offUTC = 0;
/* Optional fraction part. */
rc = VINF_SUCCESS;
uint32_t cchLeft = pThis->Asn1Core.cb - 14 - 1;
if (cchLeft > 0)
rc = rtAsn1Time_ConvertGeneralizedTimeFraction(pCursor, pachTime + 14, cchLeft, pThis, pszErrorTag);
/* Check the convered data and normalize the time structure. */
if (RT_SUCCESS(rc))
{
rc = rtAsn1Time_NormalizeTime(pCursor, pThis, "GeneralizedTime", pszErrorTag);
if (RT_SUCCESS(rc))
return VINF_SUCCESS;
}
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING,
"%s: Bad GeneralizedTime encoding: '%.*s'",
pszErrorTag, pThis->Asn1Core.cb, pachTime);
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING,
"%s: Bad GeneralizedTime length: %#x",
pszErrorTag, pThis->Asn1Core.cb);
RT_ZERO(*pThis);
return rc;
}
RTDECL(int) RTAsn1BitString_DecodeAsn1Ex(PRTASN1CURSOR pCursor, uint32_t fFlags, uint32_t cMaxBits, PRTASN1BITSTRING pThis,
const char *pszErrorTag)
{
pThis->cBits = 0;
pThis->cMaxBits = cMaxBits;
pThis->uBits.pv = NULL;
pThis->pEncapsulated = NULL;
RTAsn1CursorInitAllocation(pCursor, &pThis->EncapsulatedAllocation);
int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag);
if (RT_SUCCESS(rc))
{
rc = RTAsn1CursorMatchTagClassFlagsString(pCursor, &pThis->Asn1Core, ASN1_TAG_BIT_STRING,
ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE,
fFlags, pszErrorTag, "BIT STRING");
if (RT_SUCCESS(rc))
{
if (!(pThis->Asn1Core.fClass & ASN1_TAGFLAG_CONSTRUCTED))
{
if ( ( cMaxBits == UINT32_MAX
|| RT_ALIGN(cMaxBits, 8) / 8 + 1 >= pThis->Asn1Core.cb)
&& pThis->Asn1Core.cb > 0)
{
uint8_t cUnusedBits = pThis->Asn1Core.cb > 0 ? *pThis->Asn1Core.uData.pu8 : 0;
if (pThis->Asn1Core.cb < 2)
{
/* Not bits present. */
if (cUnusedBits == 0)
{
pThis->cBits = 0;
pThis->uBits.pv = NULL;
RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb);
pThis->Asn1Core.pOps = &g_RTAsn1BitString_Vtable;
pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT;
return VINF_SUCCESS;
}
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BITSTRING_ENCODING,
"%s: Bad unused bit count: %#x (cb=%#x)",
pszErrorTag, cUnusedBits, pThis->Asn1Core.cb);
}
else if (cUnusedBits < 8)
{
pThis->cBits = (pThis->Asn1Core.cb - 1) * 8;
pThis->cBits -= cUnusedBits;
pThis->uBits.pu8 = pThis->Asn1Core.uData.pu8 + 1;
if ( !(pCursor->fFlags & (RTASN1CURSOR_FLAGS_DER | RTASN1CURSOR_FLAGS_CER))
|| cUnusedBits == 0
|| !( pThis->uBits.pu8[pThis->Asn1Core.cb - 2] & (((uint8_t)1 << cUnusedBits) - (uint8_t)1) ) )
{
RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb);
pThis->Asn1Core.pOps = &g_RTAsn1BitString_Vtable;
pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT;
return VINF_SUCCESS;
}
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BITSTRING_ENCODING,
"%s: Unused bits shall be zero in DER/CER mode: last byte=%#x cUnused=%#x",
pszErrorTag, pThis->uBits.pu8[pThis->cBits / 8], cUnusedBits);
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BITSTRING_ENCODING,
"%s: Bad unused bit count: %#x (cb=%#x)",
pszErrorTag, cUnusedBits, pThis->Asn1Core.cb);
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BITSTRING_ENCODING,
"%s: Size mismatch: cb=%#x, expected %#x (cMaxBits=%#x)",
pszErrorTag, pThis->Asn1Core.cb, RT_ALIGN(cMaxBits, 8) / 8 + 1, cMaxBits);
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CONSTRUCTED_STRING_NOT_IMPL,
"%s: Constructed BIT STRING not implemented.", pszErrorTag);
}
}
RT_ZERO(*pThis);
return rc;
}
RTDECL(int) RTAsn1DynType_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1DYNTYPE pDynType, const char *pszErrorTag)
{
RT_ZERO(*pDynType);
Assert(!(fFlags & RTASN1CURSOR_GET_F_IMPLICIT)); RT_NOREF_PV(fFlags);
uint32_t cbSavedLeft = pCursor->cbLeft;
uint8_t const *pbSavedCur = pCursor->pbCur;
int rc = RTAsn1CursorReadHdr(pCursor, &pDynType->u.Core, pszErrorTag);
if (RT_SUCCESS(rc))
{
pDynType->enmType = RTASN1TYPE_CORE;
if (pDynType->u.Core.fClass == (ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE))
{
switch (pDynType->u.Core.uTag)
{
case ASN1_TAG_BOOLEAN:
pDynType->enmType = RTASN1TYPE_BOOLEAN;
break;
case ASN1_TAG_INTEGER:
pDynType->enmType = RTASN1TYPE_INTEGER;
break;
//case ASN1_TAG_ENUMERATED:
// pDynType->enmType = RTASN1TYPE_ENUMERATED;
// break;
//case ASN1_TAG_REAL:
// pDynType->enmType = RTASN1TYPE_REAL;
// break;
case ASN1_TAG_BIT_STRING:
pDynType->enmType = RTASN1TYPE_BIT_STRING;
break;
case ASN1_TAG_OCTET_STRING:
pDynType->enmType = RTASN1TYPE_OCTET_STRING;
break;
case ASN1_TAG_NULL:
pDynType->enmType = RTASN1TYPE_NULL;
break;
case ASN1_TAG_SEQUENCE:
RT_ZERO(*pDynType);
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 SEQUENCE shall be constructed.");
case ASN1_TAG_SET:
RT_ZERO(*pDynType);
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 SET shall be constructed.");
case ASN1_TAG_OID:
pDynType->enmType = RTASN1TYPE_OBJID;
break;
//case ASN1_TAG_RELATIVE_OID:
// pDynType->enmType = RTASN1TYPE_RELATIVE_OBJID;
// break;
case ASN1_TAG_UTC_TIME:
case ASN1_TAG_GENERALIZED_TIME:
pDynType->enmType = RTASN1TYPE_TIME;
break;
case ASN1_TAG_UTF8_STRING:
case ASN1_TAG_NUMERIC_STRING:
case ASN1_TAG_PRINTABLE_STRING:
case ASN1_TAG_T61_STRING:
case ASN1_TAG_VIDEOTEX_STRING:
case ASN1_TAG_IA5_STRING:
case ASN1_TAG_GRAPHIC_STRING:
case ASN1_TAG_VISIBLE_STRING:
case ASN1_TAG_UNIVERSAL_STRING:
case ASN1_TAG_GENERAL_STRING:
case ASN1_TAG_BMP_STRING:
pDynType->enmType = RTASN1TYPE_STRING;
break;
//case ASN1_TAG_CHARACTER_STRING:
// pDynType->enmType = RTASN1TYPE_CHARACTER_STRING;
// break;
default:
RT_ZERO(*pDynType);
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_TAG_NOT_IMPL,
"Primitive tag %u (%#x) not implemented.",
pDynType->u.Core.uTag, pDynType->u.Core.uTag);
}
}
else if (pDynType->u.Core.fClass == (ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_CONSTRUCTED))
switch (pDynType->u.Core.uTag)
{
case ASN1_TAG_BOOLEAN:
RT_ZERO(*pDynType);
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 BOOLEAN shall be primitive.");
case ASN1_TAG_INTEGER:
RT_ZERO(*pDynType);
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 BOOLEAN shall be primitive.");
case ASN1_TAG_ENUMERATED:
RT_ZERO(*pDynType);
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 ENUMERATED shall be primitive.");
case ASN1_TAG_REAL:
RT_ZERO(*pDynType);
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 REAL shall be primitive.");
case ASN1_TAG_BIT_STRING:
pDynType->enmType = RTASN1TYPE_BIT_STRING;
break;
case ASN1_TAG_OCTET_STRING:
pDynType->enmType = RTASN1TYPE_OCTET_STRING;
break;
case ASN1_TAG_NULL:
RT_ZERO(*pDynType);
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 NULL shall be primitive.");
case ASN1_TAG_SEQUENCE:
#if 0
pDynType->enmType = RTASN1TYPE_SEQUENCE_CORE;
pDynType->u.SeqCore.Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT;
RTAsn1CursorSkip(pCursor, pDynType->u.Core.cb);
return VINF_SUCCESS;
#else
pDynType->enmType = RTASN1TYPE_CORE;
#endif
break;
case ASN1_TAG_SET:
#if 0
pDynType->enmType = RTASN1TYPE_SET_CORE;
pDynType->u.SeqCore.Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT;
RTAsn1CursorSkip(pCursor, pDynType->u.Core.cb);
return VINF_SUCCESS;
#else
pDynType->enmType = RTASN1TYPE_CORE;
#endif
break;
case ASN1_TAG_OID:
RT_ZERO(*pDynType);
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 OBJECT ID shall be primitive.");
case ASN1_TAG_RELATIVE_OID:
RT_ZERO(*pDynType);
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 RELATIVE OID shall be primitive.");
case ASN1_TAG_UTF8_STRING:
case ASN1_TAG_NUMERIC_STRING:
case ASN1_TAG_PRINTABLE_STRING:
case ASN1_TAG_T61_STRING:
case ASN1_TAG_VIDEOTEX_STRING:
case ASN1_TAG_IA5_STRING:
case ASN1_TAG_GRAPHIC_STRING:
case ASN1_TAG_VISIBLE_STRING:
case ASN1_TAG_UNIVERSAL_STRING:
case ASN1_TAG_GENERAL_STRING:
case ASN1_TAG_BMP_STRING:
pDynType->enmType = RTASN1TYPE_STRING;
break;
//case ASN1_TAG_CHARACTER_STRING:
// pDynType->enmType = RTASN1TYPE_CHARACTER_STRING;
// break;
default:
RT_ZERO(*pDynType);
return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_TAG_NOT_IMPL,
"Constructed tag %u (%#x) not implemented.",
pDynType->u.Core.uTag, pDynType->u.Core.uTag);
}
else
{
RTAsn1CursorSkip(pCursor, pDynType->u.Core.cb);
return VINF_SUCCESS;
}
/*
* Restore the cursor and redo with specific type.
*/
pCursor->pbCur = pbSavedCur;
pCursor->cbLeft = cbSavedLeft;
switch (pDynType->enmType)
{
case RTASN1TYPE_INTEGER:
rc = RTAsn1Integer_DecodeAsn1(pCursor, 0, &pDynType->u.Integer, pszErrorTag);
break;
case RTASN1TYPE_BOOLEAN:
rc = RTAsn1Boolean_DecodeAsn1(pCursor, 0, &pDynType->u.Boolean, pszErrorTag);
break;
case RTASN1TYPE_OBJID:
rc = RTAsn1ObjId_DecodeAsn1(pCursor, 0, &pDynType->u.ObjId, pszErrorTag);
break;
case RTASN1TYPE_BIT_STRING:
rc = RTAsn1BitString_DecodeAsn1(pCursor, 0, &pDynType->u.BitString, pszErrorTag);
break;
case RTASN1TYPE_OCTET_STRING:
rc = RTAsn1OctetString_DecodeAsn1(pCursor, 0, &pDynType->u.OctetString, pszErrorTag);
break;
case RTASN1TYPE_NULL:
rc = RTAsn1Null_DecodeAsn1(pCursor, 0, &pDynType->u.Asn1Null, pszErrorTag);
break;
case RTASN1TYPE_TIME:
rc = RTAsn1Time_DecodeAsn1(pCursor, 0, &pDynType->u.Time, pszErrorTag);
break;
case RTASN1TYPE_STRING:
rc = RTAsn1String_DecodeAsn1(pCursor, 0, &pDynType->u.String, pszErrorTag);
break;
case RTASN1TYPE_CORE:
rc = RTAsn1Core_DecodeAsn1(pCursor, 0, &pDynType->u.Core, pszErrorTag);
break;
default:
AssertFailedReturn(VERR_INTERNAL_ERROR_4);
}
if (RT_SUCCESS(rc))
return rc;
}
RT_ZERO(*pDynType);
return rc;
}
RTDECL(int) RTAsn1String_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1STRING pThis, const char *pszErrorTag)
{
RT_ZERO(*pThis);
AssertReturn(!(fFlags & RTASN1CURSOR_GET_F_IMPLICIT), VERR_INVALID_PARAMETER);
int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag);
if (RT_SUCCESS(rc))
{
/*
* Do tag matching.
*/
switch (pThis->Asn1Core.uTag)
{
case ASN1_TAG_UTF8_STRING:
case ASN1_TAG_NUMERIC_STRING:
case ASN1_TAG_PRINTABLE_STRING:
case ASN1_TAG_T61_STRING:
case ASN1_TAG_VIDEOTEX_STRING:
case ASN1_TAG_IA5_STRING:
case ASN1_TAG_GENERALIZED_TIME:
case ASN1_TAG_GRAPHIC_STRING:
case ASN1_TAG_VISIBLE_STRING:
case ASN1_TAG_GENERAL_STRING:
case ASN1_TAG_UNIVERSAL_STRING:
case ASN1_TAG_BMP_STRING:
rc = VINF_SUCCESS;
break;
default:
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_TAG_MISMATCH,
"%s: Not a string object: fClass=%#x / uTag=%#x",
pszErrorTag, pThis->Asn1Core.fClass, pThis->Asn1Core.uTag);
}
if (RT_SUCCESS(rc))
{
/*
* Match flags. CER/DER makes it complicated.
*/
if (pThis->Asn1Core.fClass == (ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE))
{
/*
* Primitive strings are simple.
*/
RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb);
pThis->Asn1Core.pOps = &g_RTAsn1String_Vtable;
pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT;
RTAsn1CursorInitAllocation(pCursor, &pThis->Allocation);
/* UTF-8 conversion is done lazily, upon request. */
return VINF_SUCCESS;
}
if (pThis->Asn1Core.fClass == (ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_CONSTRUCTED))
{
/*
* Constructed strings are not yet fully implemented.
*/
if (pCursor->fFlags & RTASN1CURSOR_FLAGS_DER)
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_ILLEGAL_CONSTRUCTED_STRING,
"%s: DER encoding does not allow constructed strings (cb=%#x uTag=%#x fClass=%#x)",
pszErrorTag, pThis->Asn1Core.cb, pThis->Asn1Core.uTag, pThis->Asn1Core.fClass);
else if (pCursor->fFlags & RTASN1CURSOR_FLAGS_CER)
{
if (pThis->Asn1Core.cb > 1000)
rc = VINF_SUCCESS;
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_ILLEGAL_CONSTRUCTED_STRING,
"%s: Constructed strings only allowed for >1000 byte in CER encoding: cb=%#x uTag=%#x fClass=%#x",
pszErrorTag, pThis->Asn1Core.cb,
pThis->Asn1Core.uTag, pThis->Asn1Core.fClass);
}
/** @todo implement constructed strings. */
if (RT_SUCCESS(rc))
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CONSTRUCTED_STRING_NOT_IMPL,
"%s: Support for constructed strings is not implemented", pszErrorTag);
}
else
rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_TAG_FLAG_CLASS_MISMATCH,
"%s: Not a valid string object: fClass=%#x / uTag=%#x",
pszErrorTag, pThis->Asn1Core.fClass, pThis->Asn1Core.uTag);
}
}
RT_ZERO(*pThis);
return rc;
}
