RTDECL(int) RTAsn1OctetString_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1OCTETSTRING pThis, const char *pszErrorTag) { pThis->pEncapsulated = NULL; RTAsn1CursorInitAllocation(pCursor, &pThis->EncapsulatedAllocation); int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag); if (RT_SUCCESS(rc)) { rc = RTAsn1CursorMatchTagClassFlagsString(pCursor, &pThis->Asn1Core, ASN1_TAG_OCTET_STRING, ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE, fFlags, pszErrorTag, "OCTET STRING"); if (RT_SUCCESS(rc)) { if ( !(pThis->Asn1Core.fClass & ASN1_TAGFLAG_CONSTRUCTED) || (fFlags & RTASN1CURSOR_GET_F_IMPLICIT) ) /* PKCS #7 ContentInfo tweak. */ { RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb); pThis->Asn1Core.pOps = &g_RTAsn1OctetString_Vtable; pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT; return VINF_SUCCESS; } rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CONSTRUCTED_STRING_NOT_IMPL, "%s: Constructed OCTET STRING not implemented.", pszErrorTag); } else rc = RTAsn1CursorSetInfo(pCursor, rc, "%s: Not OCTET STRING: fClass=%#x / uTag=%#x", pszErrorTag, pThis->Asn1Core.fClass, pThis->Asn1Core.uTag); } RT_ZERO(*pThis); return rc; }
RTDECL(int) RTAsn1Time_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1TIME pThis, const char *pszErrorTag) { Assert(!(fFlags & RTASN1CURSOR_GET_F_IMPLICIT)); int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag); if (RT_SUCCESS(rc)) { if (pThis->Asn1Core.fClass == (ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE) ) { if (pThis->Asn1Core.uTag == ASN1_TAG_UTC_TIME) { RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb); pThis->Asn1Core.pOps = &g_RTAsn1Time_Vtable; pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT; return rtAsn1Time_ConvertUTCTime(pCursor, pThis, pszErrorTag); } if (pThis->Asn1Core.uTag == ASN1_TAG_GENERALIZED_TIME) { RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb); pThis->Asn1Core.pOps = &g_RTAsn1Time_Vtable; pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT; return rtAsn1Time_ConvertGeneralizedTime(pCursor, pThis, pszErrorTag); } rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_TAG_MISMATCH, "%s: Not UTCTime nor GeneralizedTime: uTag=%#x", pszErrorTag, pThis->Asn1Core.uTag); } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_TAG_FLAG_CLASS_MISMATCH, "%s: Not UTCTime nor GeneralizedTime: fClass=%#x / uTag=%#x", pszErrorTag, pThis->Asn1Core.fClass, pThis->Asn1Core.uTag); } RT_ZERO(*pThis); return rc; }
RTDECL(int) RTAsn1Boolean_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1BOOLEAN pThis, const char *pszErrorTag) { pThis->fValue = 0; int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag); if (RT_SUCCESS(rc)) { rc = RTAsn1CursorMatchTagClassFlags(pCursor, &pThis->Asn1Core, ASN1_TAG_BOOLEAN, ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE, fFlags, pszErrorTag, "BOOLEAN"); if (RT_SUCCESS(rc)) { if (pThis->Asn1Core.cb == 1) { RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb); pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT; pThis->Asn1Core.pOps = &g_RTAsn1Boolean_Vtable; pThis->fValue = *pThis->Asn1Core.uData.pu8 != 0; if ( *pThis->Asn1Core.uData.pu8 == 0 || *pThis->Asn1Core.uData.pu8 == 0xff || !(pCursor->fFlags & (RTASN1CURSOR_FLAGS_DER | RTASN1CURSOR_FLAGS_CER)) ) return VINF_SUCCESS; rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BOOLEAN_ENCODING, "%s: Invalid CER/DER boolean value: %#x, valid: 0, 0xff", pszErrorTag, *pThis->Asn1Core.uData.pu8); } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BOOLEAN_ENCODING, "%s: Invalid boolean length, exepcted 1: %#x", pszErrorTag, pThis->Asn1Core.cb); } } RT_ZERO(*pThis); return rc; }
/** * Converts the fraction part of a generalized time into nanoseconds. * * @returns IPRT status code. * @param pCursor The cursor to use when reporting an error. * @param pchFraction Pointer to the start of the fraction (dot). * @param cchFraction The length of the fraction. * @param pThis The time object we're working on, * Time.u32Nanoseconds will be update. * @param pszErrorTag The error tag. */ static int rtAsn1Time_ConvertGeneralizedTimeFraction(PRTASN1CURSOR pCursor, const char *pchFraction, uint32_t cchFraction, PRTASN1TIME pThis, const char *pszErrorTag) { pThis->Time.u32Nanosecond = 0; /* * Check the dot. */ if (*pchFraction != '.') return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING, "%s: Expected GeneralizedTime fraction dot, found: '%c' ('%.*s')", pszErrorTag, *pchFraction, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch); pchFraction++; cchFraction--; if (!cchFraction) return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING, "%s: No digit following GeneralizedTime fraction dot: '%.*s'", pszErrorTag, pThis->Asn1Core.cb, pThis->Asn1Core); /* * Do the conversion. */ char chLastDigit; uint32_t uMult = 100000000; do { char chDigit = chLastDigit = *pchFraction; if (!RT_C_IS_DIGIT(chDigit)) return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING, "%s: Bad GeneralizedTime fraction digit: '%.*s'", pszErrorTag, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch); pThis->Time.u32Nanosecond += uMult * (uint32_t)(chDigit - '0'); /* Advance */ cchFraction--; pchFraction++; uMult /= 10; } while (cchFraction > 0 && uMult > 0); /* * Lazy bird: For now, we don't permit higher resolution than we can * internally represent. Deal with this if it ever becomes an issue. */ if (cchFraction > 0) return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING, "%s: Bad GeneralizedTime fraction too long: '%.*s'", pszErrorTag, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch); if (chLastDigit == '0') return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING, "%s: Trailing zeros not allowed for GeneralizedTime: '%.*s'", pszErrorTag, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch); return VINF_SUCCESS; }
/** * Common worker for the specific string type getters. * * @returns IPRT status code * @param pCursor The cursor. * @param fFlags The RTASN1CURSOR_GET_F_XXX flags. * @param uTag The string tag. * @param pThis The output object. * @param pszErrorTag The error tag. * @param pszWhat The string type name. */ static int rtAsn1XxxString_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, uint8_t uTag, PRTASN1STRING pThis, const char *pszErrorTag, const char *pszWhat) { pThis->cchUtf8 = 0; pThis->pszUtf8 = NULL; int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag); if (RT_SUCCESS(rc)) { rc = RTAsn1CursorMatchTagClassFlagsString(pCursor, &pThis->Asn1Core, uTag, ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE, fFlags, pszErrorTag, pszWhat); if (RT_SUCCESS(rc)) { if (!(pThis->Asn1Core.fClass & ASN1_TAGFLAG_CONSTRUCTED)) { RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb); pThis->Asn1Core.pOps = &g_RTAsn1String_Vtable; pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT; RTAsn1CursorInitAllocation(pCursor, &pThis->Allocation); /* UTF-8 conversion is done lazily, upon request. */ return VINF_SUCCESS; } rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CONSTRUCTED_STRING_NOT_IMPL, "%s: Constructed %s not implemented.", pszErrorTag, pszWhat); } } RT_ZERO(*pThis); return rc; }
/** * Common code for UTCTime and GeneralizedTime converters that normalizes the * converted time and checks that the input values doesn't change. * * @returns IPRT status code. * @param pCursor The cursor to use when reporting an error. * @param pThis The time to normalize and check. * @param pszType The type name. * @param pszErrorTag The error tag. */ static int rtAsn1Time_NormalizeTime(PRTASN1CURSOR pCursor, PRTASN1TIME pThis, const char *pszType, const char *pszErrorTag) { int rc; if ( pThis->Time.u8Month > 0 && pThis->Time.u8Month <= 12 && pThis->Time.u8Hour < 24 && pThis->Time.u8Minute < 60 && pThis->Time.u8Second < 60) /** @todo what about leap seconds? */ { RTTIME const TimeCopy = pThis->Time; if (RTTimeNormalize(&pThis->Time)) { if ( TimeCopy.u8MonthDay == pThis->Time.u8MonthDay && TimeCopy.u8Month == pThis->Time.u8Month && TimeCopy.i32Year == pThis->Time.i32Year && TimeCopy.u8Hour == pThis->Time.u8Hour && TimeCopy.u8Minute == pThis->Time.u8Minute && TimeCopy.u8Second == pThis->Time.u8Second) return VINF_SUCCESS; rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_TIME_NORMALIZE_MISMATCH, "%s: Normalized result not the same as %s: '%.*s'", pszErrorTag, pszType, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch); } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_TIME_NORMALIZE_ERROR, "%s: RTTimeNormalize failed on %s: '%.*s'", pszErrorTag, pszType, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch); } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_TIME_BAD_NORMALIZE_INPUT, "%s: Bad %s values: '%.*s'; mth=%u h=%u min=%u sec=%u", pszErrorTag, pszType, pThis->Asn1Core.cb, pThis->Asn1Core.uData.pch, pThis->Time.u8Month, pThis->Time.u8Hour, pThis->Time.u8Minute, pThis->Time.u8Second); return rc; }
/** * This function parses the binary content of an OBJECT IDENTIFIER, check the * encoding as well as calculating the storage requirements. * * @returns IPRT status code * @param pbContent Pointer to the content. * @param cbContent The length of the content. * @param pCursor The cursor (for error reporting). * @param pszErrorTag The error tag. * @param pcComponents Where to return the component count. * @param pcchObjId Where to return the length of the dotted string * representation. */ static int rtAsn1ObjId_PreParse(uint8_t const *pbContent, uint32_t cbContent, PRTASN1CURSOR pCursor, const char *pszErrorTag, uint8_t *pcComponents, uint8_t *pcchObjId) { int rc; if (cbContent >= 1 && cbContent < _1K) { /* * Decode the first two numbers. Monkey business: X*40 + Y * Where X is the first number, X in {0,1,2}, and Y is the second * one. The range of Y is {0,...,39} for X in {0,1}, but has a * free range for X = 2. */ uint32_t cComponents = 1; uint32_t uValue; rc = rtAsn1ObjId_ReadComponent(pbContent, cbContent, &uValue); if (rc > 0) { uint32_t cchObjId = 1; uValue = uValue < 2*40 ? uValue % 40 : uValue - 2*40; /* Y */ do { cComponents++; /* Figure the encoded string length, binary search fashion. */ if (uValue < 10000) { if (uValue < 100) { if (uValue < 10) cchObjId += 1 + 1; else cchObjId += 1 + 2; } else { if (uValue < 1000) cchObjId += 1 + 3; else cchObjId += 1 + 4; } } else { if (uValue < 1000000) { if (uValue < 100000) cchObjId += 1 + 5; else cchObjId += 1 + 6; } else { if (uValue < 10000000) cchObjId += 1 + 7; else if (uValue < 100000000) cchObjId += 1 + 8; else cchObjId += 1 + 9; } } /* advance. */ pbContent += rc; cbContent -= rc; if (!cbContent) { if (cComponents < 128) { if (cchObjId < RT_SIZEOFMEMB(RTASN1OBJID, szObjId)) { *pcComponents = cComponents; *pcchObjId = cchObjId; return VINF_SUCCESS; } return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_OBJID_TOO_LONG_STRING_FORM, "Object ID has a too long string form: %#x (max %#x)", cchObjId, RT_SIZEOFMEMB(RTASN1OBJID, szObjId)); } return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_OBJID_TOO_MANY_COMPONENTS, "Object ID has too many components: %#x (max 127)", cComponents); } /* next */ rc = rtAsn1ObjId_ReadComponent(pbContent, cbContent, &uValue); } while (rc > 0); } rc = RTAsn1CursorSetInfo(pCursor, rc, "Bad object ID component #%u encoding: %.*Rhxs", cComponents, cbContent, pbContent); } else if (cbContent) rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_OBJID_ENCODING, "Object ID content is loo long: %#x", cbContent); else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_OBJID_ENCODING, "Zero length object ID content"); return rc; }
/** * Converts the UTCTime string into an the RTTIME member of RTASN1TIME. * * @returns IPRT status code. * @param pCursor The cursor to use when reporting an error. * @param pThis The time to parse. * @param pszErrorTag The error tag. */ static int rtAsn1Time_ConvertUTCTime(PRTASN1CURSOR pCursor, PRTASN1TIME pThis, const char *pszErrorTag) { /* * While the current spec says the seconds field is not optional, this * restriction was added later on. So, when parsing UTCTime we must deal * with it being absent. */ int rc; bool fHaveSeconds = pThis->Asn1Core.cb == sizeof("YYMMDDHHMMSSZ") - 1; if (fHaveSeconds || pThis->Asn1Core.cb == sizeof("YYMMDDHHMMZ") - 1) { const char *pachTime = pThis->Asn1Core.uData.pch; /* Basic encoding validation. */ if ( RT_C_IS_DIGIT(pachTime[0]) /* Y */ && RT_C_IS_DIGIT(pachTime[1]) /* Y */ && RT_C_IS_DIGIT(pachTime[2]) /* M */ && RT_C_IS_DIGIT(pachTime[3]) /* M */ && RT_C_IS_DIGIT(pachTime[4]) /* D */ && RT_C_IS_DIGIT(pachTime[5]) /* D */ && RT_C_IS_DIGIT(pachTime[6]) /* H */ && RT_C_IS_DIGIT(pachTime[7]) /* H */ && RT_C_IS_DIGIT(pachTime[8]) /* M */ && RT_C_IS_DIGIT(pachTime[9]) /* M */ && ( !fHaveSeconds || ( RT_C_IS_DIGIT(pachTime[10]) /* S */ && RT_C_IS_DIGIT(pachTime[11]) /* S */ ) ) && pachTime[fHaveSeconds ? 12 : 10] == 'Z' ) { /* Basic conversion. */ pThis->Time.i32Year = (pachTime[0] - '0') * 10 + (pachTime[1] - '0'); pThis->Time.i32Year += pThis->Time.i32Year < 50 ? 2000 : 1900; pThis->Time.u8Month = (pachTime[2] - '0') * 10 + (pachTime[3] - '0'); pThis->Time.u8WeekDay = 0; pThis->Time.u16YearDay = 0; pThis->Time.u8MonthDay = (pachTime[4] - '0') * 10 + (pachTime[5] - '0'); pThis->Time.u8Hour = (pachTime[6] - '0') * 10 + (pachTime[7] - '0'); pThis->Time.u8Minute = (pachTime[8] - '0') * 10 + (pachTime[9] - '0'); if (fHaveSeconds) pThis->Time.u8Second = (pachTime[10] - '0') * 10 + (pachTime[11] - '0'); else pThis->Time.u8Second = 0; pThis->Time.u32Nanosecond = 0; pThis->Time.fFlags = RTTIME_FLAGS_TYPE_UTC; pThis->Time.offUTC = 0; /* Check the convered data and normalize the time structure. */ rc = rtAsn1Time_NormalizeTime(pCursor, pThis, "UTCTime", pszErrorTag); if (RT_SUCCESS(rc)) return rc; } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_UTC_TIME_ENCODING, "%s: Bad UTCTime encoding: '%.*s'", pszErrorTag, pThis->Asn1Core.cb, pachTime); } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_UTC_TIME_ENCODING, "%s: Bad UTCTime length: %#x", pszErrorTag, pThis->Asn1Core.cb); RT_ZERO(*pThis); return rc; }
/** * Converts the GeneralizedTime string into an the RTTIME member of RTASN1TIME. * * @returns IPRT status code. * @param pCursor The cursor to use when reporting an error. * @param pThis The time to parse. * @param pszErrorTag The error tag. */ static int rtAsn1Time_ConvertGeneralizedTime(PRTASN1CURSOR pCursor, PRTASN1TIME pThis, const char *pszErrorTag) { int rc; if (pThis->Asn1Core.cb >= sizeof("YYYYMMDDHHMMSSZ") - 1) { const char *pachTime = pThis->Asn1Core.uData.pch; /* Basic encoding validation. */ if ( RT_C_IS_DIGIT(pachTime[0]) /* Y */ && RT_C_IS_DIGIT(pachTime[1]) /* Y */ && RT_C_IS_DIGIT(pachTime[2]) /* Y */ && RT_C_IS_DIGIT(pachTime[3]) /* Y */ && RT_C_IS_DIGIT(pachTime[4]) /* M */ && RT_C_IS_DIGIT(pachTime[5]) /* M */ && RT_C_IS_DIGIT(pachTime[6]) /* D */ && RT_C_IS_DIGIT(pachTime[7]) /* D */ && RT_C_IS_DIGIT(pachTime[8]) /* H */ && RT_C_IS_DIGIT(pachTime[9]) /* H */ && RT_C_IS_DIGIT(pachTime[10]) /* M */ && RT_C_IS_DIGIT(pachTime[11]) /* M */ && RT_C_IS_DIGIT(pachTime[12]) /* S */ /** @todo was this once optional? */ && RT_C_IS_DIGIT(pachTime[13]) /* S */ && pachTime[pThis->Asn1Core.cb - 1] == 'Z' ) { /* Basic conversion. */ pThis->Time.i32Year = 1000 * (pachTime[0] - '0') + 100 * (pachTime[1] - '0') + 10 * (pachTime[2] - '0') + (pachTime[3] - '0'); pThis->Time.u8Month = (pachTime[4] - '0') * 10 + (pachTime[5] - '0'); pThis->Time.u8WeekDay = 0; pThis->Time.u16YearDay = 0; pThis->Time.u8MonthDay = (pachTime[6] - '0') * 10 + (pachTime[7] - '0'); pThis->Time.u8Hour = (pachTime[8] - '0') * 10 + (pachTime[9] - '0'); pThis->Time.u8Minute = (pachTime[10] - '0') * 10 + (pachTime[11] - '0'); pThis->Time.u8Second = (pachTime[12] - '0') * 10 + (pachTime[13] - '0'); pThis->Time.u32Nanosecond = 0; pThis->Time.fFlags = RTTIME_FLAGS_TYPE_UTC; pThis->Time.offUTC = 0; /* Optional fraction part. */ rc = VINF_SUCCESS; uint32_t cchLeft = pThis->Asn1Core.cb - 14 - 1; if (cchLeft > 0) rc = rtAsn1Time_ConvertGeneralizedTimeFraction(pCursor, pachTime + 14, cchLeft, pThis, pszErrorTag); /* Check the convered data and normalize the time structure. */ if (RT_SUCCESS(rc)) { rc = rtAsn1Time_NormalizeTime(pCursor, pThis, "GeneralizedTime", pszErrorTag); if (RT_SUCCESS(rc)) return VINF_SUCCESS; } } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING, "%s: Bad GeneralizedTime encoding: '%.*s'", pszErrorTag, pThis->Asn1Core.cb, pachTime); } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_GENERALIZED_TIME_ENCODING, "%s: Bad GeneralizedTime length: %#x", pszErrorTag, pThis->Asn1Core.cb); RT_ZERO(*pThis); return rc; }
RTDECL(int) RTAsn1BitString_DecodeAsn1Ex(PRTASN1CURSOR pCursor, uint32_t fFlags, uint32_t cMaxBits, PRTASN1BITSTRING pThis, const char *pszErrorTag) { pThis->cBits = 0; pThis->cMaxBits = cMaxBits; pThis->uBits.pv = NULL; pThis->pEncapsulated = NULL; RTAsn1CursorInitAllocation(pCursor, &pThis->EncapsulatedAllocation); int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag); if (RT_SUCCESS(rc)) { rc = RTAsn1CursorMatchTagClassFlagsString(pCursor, &pThis->Asn1Core, ASN1_TAG_BIT_STRING, ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE, fFlags, pszErrorTag, "BIT STRING"); if (RT_SUCCESS(rc)) { if (!(pThis->Asn1Core.fClass & ASN1_TAGFLAG_CONSTRUCTED)) { if ( ( cMaxBits == UINT32_MAX || RT_ALIGN(cMaxBits, 8) / 8 + 1 >= pThis->Asn1Core.cb) && pThis->Asn1Core.cb > 0) { uint8_t cUnusedBits = pThis->Asn1Core.cb > 0 ? *pThis->Asn1Core.uData.pu8 : 0; if (pThis->Asn1Core.cb < 2) { /* Not bits present. */ if (cUnusedBits == 0) { pThis->cBits = 0; pThis->uBits.pv = NULL; RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb); pThis->Asn1Core.pOps = &g_RTAsn1BitString_Vtable; pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT; return VINF_SUCCESS; } rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BITSTRING_ENCODING, "%s: Bad unused bit count: %#x (cb=%#x)", pszErrorTag, cUnusedBits, pThis->Asn1Core.cb); } else if (cUnusedBits < 8) { pThis->cBits = (pThis->Asn1Core.cb - 1) * 8; pThis->cBits -= cUnusedBits; pThis->uBits.pu8 = pThis->Asn1Core.uData.pu8 + 1; if ( !(pCursor->fFlags & (RTASN1CURSOR_FLAGS_DER | RTASN1CURSOR_FLAGS_CER)) || cUnusedBits == 0 || !( pThis->uBits.pu8[pThis->Asn1Core.cb - 2] & (((uint8_t)1 << cUnusedBits) - (uint8_t)1) ) ) { RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb); pThis->Asn1Core.pOps = &g_RTAsn1BitString_Vtable; pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT; return VINF_SUCCESS; } rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BITSTRING_ENCODING, "%s: Unused bits shall be zero in DER/CER mode: last byte=%#x cUnused=%#x", pszErrorTag, pThis->uBits.pu8[pThis->cBits / 8], cUnusedBits); } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BITSTRING_ENCODING, "%s: Bad unused bit count: %#x (cb=%#x)", pszErrorTag, cUnusedBits, pThis->Asn1Core.cb); } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_INVALID_BITSTRING_ENCODING, "%s: Size mismatch: cb=%#x, expected %#x (cMaxBits=%#x)", pszErrorTag, pThis->Asn1Core.cb, RT_ALIGN(cMaxBits, 8) / 8 + 1, cMaxBits); } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CONSTRUCTED_STRING_NOT_IMPL, "%s: Constructed BIT STRING not implemented.", pszErrorTag); } } RT_ZERO(*pThis); return rc; }
RTDECL(int) RTAsn1DynType_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1DYNTYPE pDynType, const char *pszErrorTag) { RT_ZERO(*pDynType); Assert(!(fFlags & RTASN1CURSOR_GET_F_IMPLICIT)); RT_NOREF_PV(fFlags); uint32_t cbSavedLeft = pCursor->cbLeft; uint8_t const *pbSavedCur = pCursor->pbCur; int rc = RTAsn1CursorReadHdr(pCursor, &pDynType->u.Core, pszErrorTag); if (RT_SUCCESS(rc)) { pDynType->enmType = RTASN1TYPE_CORE; if (pDynType->u.Core.fClass == (ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE)) { switch (pDynType->u.Core.uTag) { case ASN1_TAG_BOOLEAN: pDynType->enmType = RTASN1TYPE_BOOLEAN; break; case ASN1_TAG_INTEGER: pDynType->enmType = RTASN1TYPE_INTEGER; break; //case ASN1_TAG_ENUMERATED: // pDynType->enmType = RTASN1TYPE_ENUMERATED; // break; //case ASN1_TAG_REAL: // pDynType->enmType = RTASN1TYPE_REAL; // break; case ASN1_TAG_BIT_STRING: pDynType->enmType = RTASN1TYPE_BIT_STRING; break; case ASN1_TAG_OCTET_STRING: pDynType->enmType = RTASN1TYPE_OCTET_STRING; break; case ASN1_TAG_NULL: pDynType->enmType = RTASN1TYPE_NULL; break; case ASN1_TAG_SEQUENCE: RT_ZERO(*pDynType); return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 SEQUENCE shall be constructed."); case ASN1_TAG_SET: RT_ZERO(*pDynType); return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 SET shall be constructed."); case ASN1_TAG_OID: pDynType->enmType = RTASN1TYPE_OBJID; break; //case ASN1_TAG_RELATIVE_OID: // pDynType->enmType = RTASN1TYPE_RELATIVE_OBJID; // break; case ASN1_TAG_UTC_TIME: case ASN1_TAG_GENERALIZED_TIME: pDynType->enmType = RTASN1TYPE_TIME; break; case ASN1_TAG_UTF8_STRING: case ASN1_TAG_NUMERIC_STRING: case ASN1_TAG_PRINTABLE_STRING: case ASN1_TAG_T61_STRING: case ASN1_TAG_VIDEOTEX_STRING: case ASN1_TAG_IA5_STRING: case ASN1_TAG_GRAPHIC_STRING: case ASN1_TAG_VISIBLE_STRING: case ASN1_TAG_UNIVERSAL_STRING: case ASN1_TAG_GENERAL_STRING: case ASN1_TAG_BMP_STRING: pDynType->enmType = RTASN1TYPE_STRING; break; //case ASN1_TAG_CHARACTER_STRING: // pDynType->enmType = RTASN1TYPE_CHARACTER_STRING; // break; default: RT_ZERO(*pDynType); return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_TAG_NOT_IMPL, "Primitive tag %u (%#x) not implemented.", pDynType->u.Core.uTag, pDynType->u.Core.uTag); } } else if (pDynType->u.Core.fClass == (ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_CONSTRUCTED)) switch (pDynType->u.Core.uTag) { case ASN1_TAG_BOOLEAN: RT_ZERO(*pDynType); return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 BOOLEAN shall be primitive."); case ASN1_TAG_INTEGER: RT_ZERO(*pDynType); return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 BOOLEAN shall be primitive."); case ASN1_TAG_ENUMERATED: RT_ZERO(*pDynType); return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 ENUMERATED shall be primitive."); case ASN1_TAG_REAL: RT_ZERO(*pDynType); return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 REAL shall be primitive."); case ASN1_TAG_BIT_STRING: pDynType->enmType = RTASN1TYPE_BIT_STRING; break; case ASN1_TAG_OCTET_STRING: pDynType->enmType = RTASN1TYPE_OCTET_STRING; break; case ASN1_TAG_NULL: RT_ZERO(*pDynType); return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 NULL shall be primitive."); case ASN1_TAG_SEQUENCE: #if 0 pDynType->enmType = RTASN1TYPE_SEQUENCE_CORE; pDynType->u.SeqCore.Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT; RTAsn1CursorSkip(pCursor, pDynType->u.Core.cb); return VINF_SUCCESS; #else pDynType->enmType = RTASN1TYPE_CORE; #endif break; case ASN1_TAG_SET: #if 0 pDynType->enmType = RTASN1TYPE_SET_CORE; pDynType->u.SeqCore.Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT; RTAsn1CursorSkip(pCursor, pDynType->u.Core.cb); return VINF_SUCCESS; #else pDynType->enmType = RTASN1TYPE_CORE; #endif break; case ASN1_TAG_OID: RT_ZERO(*pDynType); return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 OBJECT ID shall be primitive."); case ASN1_TAG_RELATIVE_OID: RT_ZERO(*pDynType); return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_BAD_TAG, "ASN.1 RELATIVE OID shall be primitive."); case ASN1_TAG_UTF8_STRING: case ASN1_TAG_NUMERIC_STRING: case ASN1_TAG_PRINTABLE_STRING: case ASN1_TAG_T61_STRING: case ASN1_TAG_VIDEOTEX_STRING: case ASN1_TAG_IA5_STRING: case ASN1_TAG_GRAPHIC_STRING: case ASN1_TAG_VISIBLE_STRING: case ASN1_TAG_UNIVERSAL_STRING: case ASN1_TAG_GENERAL_STRING: case ASN1_TAG_BMP_STRING: pDynType->enmType = RTASN1TYPE_STRING; break; //case ASN1_TAG_CHARACTER_STRING: // pDynType->enmType = RTASN1TYPE_CHARACTER_STRING; // break; default: RT_ZERO(*pDynType); return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_DYNTYPE_TAG_NOT_IMPL, "Constructed tag %u (%#x) not implemented.", pDynType->u.Core.uTag, pDynType->u.Core.uTag); } else { RTAsn1CursorSkip(pCursor, pDynType->u.Core.cb); return VINF_SUCCESS; } /* * Restore the cursor and redo with specific type. */ pCursor->pbCur = pbSavedCur; pCursor->cbLeft = cbSavedLeft; switch (pDynType->enmType) { case RTASN1TYPE_INTEGER: rc = RTAsn1Integer_DecodeAsn1(pCursor, 0, &pDynType->u.Integer, pszErrorTag); break; case RTASN1TYPE_BOOLEAN: rc = RTAsn1Boolean_DecodeAsn1(pCursor, 0, &pDynType->u.Boolean, pszErrorTag); break; case RTASN1TYPE_OBJID: rc = RTAsn1ObjId_DecodeAsn1(pCursor, 0, &pDynType->u.ObjId, pszErrorTag); break; case RTASN1TYPE_BIT_STRING: rc = RTAsn1BitString_DecodeAsn1(pCursor, 0, &pDynType->u.BitString, pszErrorTag); break; case RTASN1TYPE_OCTET_STRING: rc = RTAsn1OctetString_DecodeAsn1(pCursor, 0, &pDynType->u.OctetString, pszErrorTag); break; case RTASN1TYPE_NULL: rc = RTAsn1Null_DecodeAsn1(pCursor, 0, &pDynType->u.Asn1Null, pszErrorTag); break; case RTASN1TYPE_TIME: rc = RTAsn1Time_DecodeAsn1(pCursor, 0, &pDynType->u.Time, pszErrorTag); break; case RTASN1TYPE_STRING: rc = RTAsn1String_DecodeAsn1(pCursor, 0, &pDynType->u.String, pszErrorTag); break; case RTASN1TYPE_CORE: rc = RTAsn1Core_DecodeAsn1(pCursor, 0, &pDynType->u.Core, pszErrorTag); break; default: AssertFailedReturn(VERR_INTERNAL_ERROR_4); } if (RT_SUCCESS(rc)) return rc; } RT_ZERO(*pDynType); return rc; }
RTDECL(int) RTAsn1String_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1STRING pThis, const char *pszErrorTag) { RT_ZERO(*pThis); AssertReturn(!(fFlags & RTASN1CURSOR_GET_F_IMPLICIT), VERR_INVALID_PARAMETER); int rc = RTAsn1CursorReadHdr(pCursor, &pThis->Asn1Core, pszErrorTag); if (RT_SUCCESS(rc)) { /* * Do tag matching. */ switch (pThis->Asn1Core.uTag) { case ASN1_TAG_UTF8_STRING: case ASN1_TAG_NUMERIC_STRING: case ASN1_TAG_PRINTABLE_STRING: case ASN1_TAG_T61_STRING: case ASN1_TAG_VIDEOTEX_STRING: case ASN1_TAG_IA5_STRING: case ASN1_TAG_GENERALIZED_TIME: case ASN1_TAG_GRAPHIC_STRING: case ASN1_TAG_VISIBLE_STRING: case ASN1_TAG_GENERAL_STRING: case ASN1_TAG_UNIVERSAL_STRING: case ASN1_TAG_BMP_STRING: rc = VINF_SUCCESS; break; default: rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_TAG_MISMATCH, "%s: Not a string object: fClass=%#x / uTag=%#x", pszErrorTag, pThis->Asn1Core.fClass, pThis->Asn1Core.uTag); } if (RT_SUCCESS(rc)) { /* * Match flags. CER/DER makes it complicated. */ if (pThis->Asn1Core.fClass == (ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_PRIMITIVE)) { /* * Primitive strings are simple. */ RTAsn1CursorSkip(pCursor, pThis->Asn1Core.cb); pThis->Asn1Core.pOps = &g_RTAsn1String_Vtable; pThis->Asn1Core.fFlags |= RTASN1CORE_F_PRIMITE_TAG_STRUCT; RTAsn1CursorInitAllocation(pCursor, &pThis->Allocation); /* UTF-8 conversion is done lazily, upon request. */ return VINF_SUCCESS; } if (pThis->Asn1Core.fClass == (ASN1_TAGCLASS_UNIVERSAL | ASN1_TAGFLAG_CONSTRUCTED)) { /* * Constructed strings are not yet fully implemented. */ if (pCursor->fFlags & RTASN1CURSOR_FLAGS_DER) rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_ILLEGAL_CONSTRUCTED_STRING, "%s: DER encoding does not allow constructed strings (cb=%#x uTag=%#x fClass=%#x)", pszErrorTag, pThis->Asn1Core.cb, pThis->Asn1Core.uTag, pThis->Asn1Core.fClass); else if (pCursor->fFlags & RTASN1CURSOR_FLAGS_CER) { if (pThis->Asn1Core.cb > 1000) rc = VINF_SUCCESS; else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_ILLEGAL_CONSTRUCTED_STRING, "%s: Constructed strings only allowed for >1000 byte in CER encoding: cb=%#x uTag=%#x fClass=%#x", pszErrorTag, pThis->Asn1Core.cb, pThis->Asn1Core.uTag, pThis->Asn1Core.fClass); } /** @todo implement constructed strings. */ if (RT_SUCCESS(rc)) rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CONSTRUCTED_STRING_NOT_IMPL, "%s: Support for constructed strings is not implemented", pszErrorTag); } else rc = RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_TAG_FLAG_CLASS_MISMATCH, "%s: Not a valid string object: fClass=%#x / uTag=%#x", pszErrorTag, pThis->Asn1Core.fClass, pThis->Asn1Core.uTag); } } RT_ZERO(*pThis); return rc; }