1// Copyright 2017 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5package cryptobyte 6 7import ( 8 encoding_asn1 "encoding/asn1" 9 "fmt" 10 "math/big" 11 "reflect" 12 "time" 13 14 "golang.org/x/crypto/cryptobyte/asn1" 15) 16 17// This file contains ASN.1-related methods for String and Builder. 18 19// Builder 20 21// AddASN1Int64 appends a DER-encoded ASN.1 INTEGER. 22func (b *Builder) AddASN1Int64(v int64) { 23 b.addASN1Signed(asn1.INTEGER, v) 24} 25 26// AddASN1Int64WithTag appends a DER-encoded ASN.1 INTEGER with the 27// given tag. 28func (b *Builder) AddASN1Int64WithTag(v int64, tag asn1.Tag) { 29 b.addASN1Signed(tag, v) 30} 31 32// AddASN1Enum appends a DER-encoded ASN.1 ENUMERATION. 33func (b *Builder) AddASN1Enum(v int64) { 34 b.addASN1Signed(asn1.ENUM, v) 35} 36 37func (b *Builder) addASN1Signed(tag asn1.Tag, v int64) { 38 b.AddASN1(tag, func(c *Builder) { 39 length := 1 40 for i := v; i >= 0x80 || i < -0x80; i >>= 8 { 41 length++ 42 } 43 44 for ; length > 0; length-- { 45 i := v >> uint((length-1)*8) & 0xff 46 c.AddUint8(uint8(i)) 47 } 48 }) 49} 50 51// AddASN1Uint64 appends a DER-encoded ASN.1 INTEGER. 52func (b *Builder) AddASN1Uint64(v uint64) { 53 b.AddASN1(asn1.INTEGER, func(c *Builder) { 54 length := 1 55 for i := v; i >= 0x80; i >>= 8 { 56 length++ 57 } 58 59 for ; length > 0; length-- { 60 i := v >> uint((length-1)*8) & 0xff 61 c.AddUint8(uint8(i)) 62 } 63 }) 64} 65 66// AddASN1BigInt appends a DER-encoded ASN.1 INTEGER. 67func (b *Builder) AddASN1BigInt(n *big.Int) { 68 if b.err != nil { 69 return 70 } 71 72 b.AddASN1(asn1.INTEGER, func(c *Builder) { 73 if n.Sign() < 0 { 74 // A negative number has to be converted to two's-complement form. So we 75 // invert and subtract 1. If the most-significant-bit isn't set then 76 // we'll need to pad the beginning with 0xff in order to keep the number 77 // negative. 78 nMinus1 := new(big.Int).Neg(n) 79 nMinus1.Sub(nMinus1, bigOne) 80 bytes := nMinus1.Bytes() 81 for i := range bytes { 82 bytes[i] ^= 0xff 83 } 84 if len(bytes) == 0 || bytes[0]&0x80 == 0 { 85 c.add(0xff) 86 } 87 c.add(bytes...) 88 } else if n.Sign() == 0 { 89 c.add(0) 90 } else { 91 bytes := n.Bytes() 92 if bytes[0]&0x80 != 0 { 93 c.add(0) 94 } 95 c.add(bytes...) 96 } 97 }) 98} 99 100// AddASN1OctetString appends a DER-encoded ASN.1 OCTET STRING. 101func (b *Builder) AddASN1OctetString(bytes []byte) { 102 b.AddASN1(asn1.OCTET_STRING, func(c *Builder) { 103 c.AddBytes(bytes) 104 }) 105} 106 107const generalizedTimeFormatStr = "20060102150405Z0700" 108 109// AddASN1GeneralizedTime appends a DER-encoded ASN.1 GENERALIZEDTIME. 110func (b *Builder) AddASN1GeneralizedTime(t time.Time) { 111 if t.Year() < 0 || t.Year() > 9999 { 112 b.err = fmt.Errorf("cryptobyte: cannot represent %v as a GeneralizedTime", t) 113 return 114 } 115 b.AddASN1(asn1.GeneralizedTime, func(c *Builder) { 116 c.AddBytes([]byte(t.Format(generalizedTimeFormatStr))) 117 }) 118} 119 120// AddASN1UTCTime appends a DER-encoded ASN.1 UTCTime. 121func (b *Builder) AddASN1UTCTime(t time.Time) { 122 b.AddASN1(asn1.UTCTime, func(c *Builder) { 123 // As utilized by the X.509 profile, UTCTime can only 124 // represent the years 1950 through 2049. 125 if t.Year() < 1950 || t.Year() >= 2050 { 126 b.err = fmt.Errorf("cryptobyte: cannot represent %v as a UTCTime", t) 127 return 128 } 129 c.AddBytes([]byte(t.Format(defaultUTCTimeFormatStr))) 130 }) 131} 132 133// AddASN1BitString appends a DER-encoded ASN.1 BIT STRING. This does not 134// support BIT STRINGs that are not a whole number of bytes. 135func (b *Builder) AddASN1BitString(data []byte) { 136 b.AddASN1(asn1.BIT_STRING, func(b *Builder) { 137 b.AddUint8(0) 138 b.AddBytes(data) 139 }) 140} 141 142func (b *Builder) addBase128Int(n int64) { 143 var length int 144 if n == 0 { 145 length = 1 146 } else { 147 for i := n; i > 0; i >>= 7 { 148 length++ 149 } 150 } 151 152 for i := length - 1; i >= 0; i-- { 153 o := byte(n >> uint(i*7)) 154 o &= 0x7f 155 if i != 0 { 156 o |= 0x80 157 } 158 159 b.add(o) 160 } 161} 162 163func isValidOID(oid encoding_asn1.ObjectIdentifier) bool { 164 if len(oid) < 2 { 165 return false 166 } 167 168 if oid[0] > 2 || (oid[0] <= 1 && oid[1] >= 40) { 169 return false 170 } 171 172 for _, v := range oid { 173 if v < 0 { 174 return false 175 } 176 } 177 178 return true 179} 180 181func (b *Builder) AddASN1ObjectIdentifier(oid encoding_asn1.ObjectIdentifier) { 182 b.AddASN1(asn1.OBJECT_IDENTIFIER, func(b *Builder) { 183 if !isValidOID(oid) { 184 b.err = fmt.Errorf("cryptobyte: invalid OID: %v", oid) 185 return 186 } 187 188 b.addBase128Int(int64(oid[0])*40 + int64(oid[1])) 189 for _, v := range oid[2:] { 190 b.addBase128Int(int64(v)) 191 } 192 }) 193} 194 195func (b *Builder) AddASN1Boolean(v bool) { 196 b.AddASN1(asn1.BOOLEAN, func(b *Builder) { 197 if v { 198 b.AddUint8(0xff) 199 } else { 200 b.AddUint8(0) 201 } 202 }) 203} 204 205func (b *Builder) AddASN1NULL() { 206 b.add(uint8(asn1.NULL), 0) 207} 208 209// MarshalASN1 calls encoding_asn1.Marshal on its input and appends the result if 210// successful or records an error if one occurred. 211func (b *Builder) MarshalASN1(v interface{}) { 212 // NOTE(martinkr): This is somewhat of a hack to allow propagation of 213 // encoding_asn1.Marshal errors into Builder.err. N.B. if you call MarshalASN1 with a 214 // value embedded into a struct, its tag information is lost. 215 if b.err != nil { 216 return 217 } 218 bytes, err := encoding_asn1.Marshal(v) 219 if err != nil { 220 b.err = err 221 return 222 } 223 b.AddBytes(bytes) 224} 225 226// AddASN1 appends an ASN.1 object. The object is prefixed with the given tag. 227// Tags greater than 30 are not supported and result in an error (i.e. 228// low-tag-number form only). The child builder passed to the 229// BuilderContinuation can be used to build the content of the ASN.1 object. 230func (b *Builder) AddASN1(tag asn1.Tag, f BuilderContinuation) { 231 if b.err != nil { 232 return 233 } 234 // Identifiers with the low five bits set indicate high-tag-number format 235 // (two or more octets), which we don't support. 236 if tag&0x1f == 0x1f { 237 b.err = fmt.Errorf("cryptobyte: high-tag number identifier octects not supported: 0x%x", tag) 238 return 239 } 240 b.AddUint8(uint8(tag)) 241 b.addLengthPrefixed(1, true, f) 242} 243 244// String 245 246// ReadASN1Boolean decodes an ASN.1 BOOLEAN and converts it to a boolean 247// representation into out and advances. It reports whether the read 248// was successful. 249func (s *String) ReadASN1Boolean(out *bool) bool { 250 var bytes String 251 if !s.ReadASN1(&bytes, asn1.BOOLEAN) || len(bytes) != 1 { 252 return false 253 } 254 255 switch bytes[0] { 256 case 0: 257 *out = false 258 case 0xff: 259 *out = true 260 default: 261 return false 262 } 263 264 return true 265} 266 267// ReadASN1Integer decodes an ASN.1 INTEGER into out and advances. If out does 268// not point to an integer, to a big.Int, or to a []byte it panics. Only 269// positive and zero values can be decoded into []byte, and they are returned as 270// big-endian binary values that share memory with s. Positive values will have 271// no leading zeroes, and zero will be returned as a single zero byte. 272// ReadASN1Integer reports whether the read was successful. 273func (s *String) ReadASN1Integer(out interface{}) bool { 274 switch out := out.(type) { 275 case *int, *int8, *int16, *int32, *int64: 276 var i int64 277 if !s.readASN1Int64(&i) || reflect.ValueOf(out).Elem().OverflowInt(i) { 278 return false 279 } 280 reflect.ValueOf(out).Elem().SetInt(i) 281 return true 282 case *uint, *uint8, *uint16, *uint32, *uint64: 283 var u uint64 284 if !s.readASN1Uint64(&u) || reflect.ValueOf(out).Elem().OverflowUint(u) { 285 return false 286 } 287 reflect.ValueOf(out).Elem().SetUint(u) 288 return true 289 case *big.Int: 290 return s.readASN1BigInt(out) 291 case *[]byte: 292 return s.readASN1Bytes(out) 293 default: 294 panic("out does not point to an integer type") 295 } 296} 297 298func checkASN1Integer(bytes []byte) bool { 299 if len(bytes) == 0 { 300 // An INTEGER is encoded with at least one octet. 301 return false 302 } 303 if len(bytes) == 1 { 304 return true 305 } 306 if bytes[0] == 0 && bytes[1]&0x80 == 0 || bytes[0] == 0xff && bytes[1]&0x80 == 0x80 { 307 // Value is not minimally encoded. 308 return false 309 } 310 return true 311} 312 313var bigOne = big.NewInt(1) 314 315func (s *String) readASN1BigInt(out *big.Int) bool { 316 var bytes String 317 if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) { 318 return false 319 } 320 if bytes[0]&0x80 == 0x80 { 321 // Negative number. 322 neg := make([]byte, len(bytes)) 323 for i, b := range bytes { 324 neg[i] = ^b 325 } 326 out.SetBytes(neg) 327 out.Add(out, bigOne) 328 out.Neg(out) 329 } else { 330 out.SetBytes(bytes) 331 } 332 return true 333} 334 335func (s *String) readASN1Bytes(out *[]byte) bool { 336 var bytes String 337 if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) { 338 return false 339 } 340 if bytes[0]&0x80 == 0x80 { 341 return false 342 } 343 for len(bytes) > 1 && bytes[0] == 0 { 344 bytes = bytes[1:] 345 } 346 *out = bytes 347 return true 348} 349 350func (s *String) readASN1Int64(out *int64) bool { 351 var bytes String 352 if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Signed(out, bytes) { 353 return false 354 } 355 return true 356} 357 358func asn1Signed(out *int64, n []byte) bool { 359 length := len(n) 360 if length > 8 { 361 return false 362 } 363 for i := 0; i < length; i++ { 364 *out <<= 8 365 *out |= int64(n[i]) 366 } 367 // Shift up and down in order to sign extend the result. 368 *out <<= 64 - uint8(length)*8 369 *out >>= 64 - uint8(length)*8 370 return true 371} 372 373func (s *String) readASN1Uint64(out *uint64) bool { 374 var bytes String 375 if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Unsigned(out, bytes) { 376 return false 377 } 378 return true 379} 380 381func asn1Unsigned(out *uint64, n []byte) bool { 382 length := len(n) 383 if length > 9 || length == 9 && n[0] != 0 { 384 // Too large for uint64. 385 return false 386 } 387 if n[0]&0x80 != 0 { 388 // Negative number. 389 return false 390 } 391 for i := 0; i < length; i++ { 392 *out <<= 8 393 *out |= uint64(n[i]) 394 } 395 return true 396} 397 398// ReadASN1Int64WithTag decodes an ASN.1 INTEGER with the given tag into out 399// and advances. It reports whether the read was successful and resulted in a 400// value that can be represented in an int64. 401func (s *String) ReadASN1Int64WithTag(out *int64, tag asn1.Tag) bool { 402 var bytes String 403 return s.ReadASN1(&bytes, tag) && checkASN1Integer(bytes) && asn1Signed(out, bytes) 404} 405 406// ReadASN1Enum decodes an ASN.1 ENUMERATION into out and advances. It reports 407// whether the read was successful. 408func (s *String) ReadASN1Enum(out *int) bool { 409 var bytes String 410 var i int64 411 if !s.ReadASN1(&bytes, asn1.ENUM) || !checkASN1Integer(bytes) || !asn1Signed(&i, bytes) { 412 return false 413 } 414 if int64(int(i)) != i { 415 return false 416 } 417 *out = int(i) 418 return true 419} 420 421func (s *String) readBase128Int(out *int) bool { 422 ret := 0 423 for i := 0; len(*s) > 0; i++ { 424 if i == 5 { 425 return false 426 } 427 // Avoid overflowing int on a 32-bit platform. 428 // We don't want different behavior based on the architecture. 429 if ret >= 1<<(31-7) { 430 return false 431 } 432 ret <<= 7 433 b := s.read(1)[0] 434 435 // ITU-T X.690, section 8.19.2: 436 // The subidentifier shall be encoded in the fewest possible octets, 437 // that is, the leading octet of the subidentifier shall not have the value 0x80. 438 if i == 0 && b == 0x80 { 439 return false 440 } 441 442 ret |= int(b & 0x7f) 443 if b&0x80 == 0 { 444 *out = ret 445 return true 446 } 447 } 448 return false // truncated 449} 450 451// ReadASN1ObjectIdentifier decodes an ASN.1 OBJECT IDENTIFIER into out and 452// advances. It reports whether the read was successful. 453func (s *String) ReadASN1ObjectIdentifier(out *encoding_asn1.ObjectIdentifier) bool { 454 var bytes String 455 if !s.ReadASN1(&bytes, asn1.OBJECT_IDENTIFIER) || len(bytes) == 0 { 456 return false 457 } 458 459 // In the worst case, we get two elements from the first byte (which is 460 // encoded differently) and then every varint is a single byte long. 461 components := make([]int, len(bytes)+1) 462 463 // The first varint is 40*value1 + value2: 464 // According to this packing, value1 can take the values 0, 1 and 2 only. 465 // When value1 = 0 or value1 = 1, then value2 is <= 39. When value1 = 2, 466 // then there are no restrictions on value2. 467 var v int 468 if !bytes.readBase128Int(&v) { 469 return false 470 } 471 if v < 80 { 472 components[0] = v / 40 473 components[1] = v % 40 474 } else { 475 components[0] = 2 476 components[1] = v - 80 477 } 478 479 i := 2 480 for ; len(bytes) > 0; i++ { 481 if !bytes.readBase128Int(&v) { 482 return false 483 } 484 components[i] = v 485 } 486 *out = components[:i] 487 return true 488} 489 490// ReadASN1GeneralizedTime decodes an ASN.1 GENERALIZEDTIME into out and 491// advances. It reports whether the read was successful. 492func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool { 493 var bytes String 494 if !s.ReadASN1(&bytes, asn1.GeneralizedTime) { 495 return false 496 } 497 t := string(bytes) 498 res, err := time.Parse(generalizedTimeFormatStr, t) 499 if err != nil { 500 return false 501 } 502 if serialized := res.Format(generalizedTimeFormatStr); serialized != t { 503 return false 504 } 505 *out = res 506 return true 507} 508 509const defaultUTCTimeFormatStr = "060102150405Z0700" 510 511// ReadASN1UTCTime decodes an ASN.1 UTCTime into out and advances. 512// It reports whether the read was successful. 513func (s *String) ReadASN1UTCTime(out *time.Time) bool { 514 var bytes String 515 if !s.ReadASN1(&bytes, asn1.UTCTime) { 516 return false 517 } 518 t := string(bytes) 519 520 formatStr := defaultUTCTimeFormatStr 521 var err error 522 res, err := time.Parse(formatStr, t) 523 if err != nil { 524 // Fallback to minute precision if we can't parse second 525 // precision. If we are following X.509 or X.690 we shouldn't 526 // support this, but we do. 527 formatStr = "0601021504Z0700" 528 res, err = time.Parse(formatStr, t) 529 } 530 if err != nil { 531 return false 532 } 533 534 if serialized := res.Format(formatStr); serialized != t { 535 return false 536 } 537 538 if res.Year() >= 2050 { 539 // UTCTime interprets the low order digits 50-99 as 1950-99. 540 // This only applies to its use in the X.509 profile. 541 // See https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1 542 res = res.AddDate(-100, 0, 0) 543 } 544 *out = res 545 return true 546} 547 548// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances. 549// It reports whether the read was successful. 550func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool { 551 var bytes String 552 if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 || 553 len(bytes)*8/8 != len(bytes) { 554 return false 555 } 556 557 paddingBits := bytes[0] 558 bytes = bytes[1:] 559 if paddingBits > 7 || 560 len(bytes) == 0 && paddingBits != 0 || 561 len(bytes) > 0 && bytes[len(bytes)-1]&(1<<paddingBits-1) != 0 { 562 return false 563 } 564 565 out.BitLength = len(bytes)*8 - int(paddingBits) 566 out.Bytes = bytes 567 return true 568} 569 570// ReadASN1BitStringAsBytes decodes an ASN.1 BIT STRING into out and advances. It is 571// an error if the BIT STRING is not a whole number of bytes. It reports 572// whether the read was successful. 573func (s *String) ReadASN1BitStringAsBytes(out *[]byte) bool { 574 var bytes String 575 if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 { 576 return false 577 } 578 579 paddingBits := bytes[0] 580 if paddingBits != 0 { 581 return false 582 } 583 *out = bytes[1:] 584 return true 585} 586 587// ReadASN1Bytes reads the contents of a DER-encoded ASN.1 element (not including 588// tag and length bytes) into out, and advances. The element must match the 589// given tag. It reports whether the read was successful. 590func (s *String) ReadASN1Bytes(out *[]byte, tag asn1.Tag) bool { 591 return s.ReadASN1((*String)(out), tag) 592} 593 594// ReadASN1 reads the contents of a DER-encoded ASN.1 element (not including 595// tag and length bytes) into out, and advances. The element must match the 596// given tag. It reports whether the read was successful. 597// 598// Tags greater than 30 are not supported (i.e. low-tag-number format only). 599func (s *String) ReadASN1(out *String, tag asn1.Tag) bool { 600 var t asn1.Tag 601 if !s.ReadAnyASN1(out, &t) || t != tag { 602 return false 603 } 604 return true 605} 606 607// ReadASN1Element reads the contents of a DER-encoded ASN.1 element (including 608// tag and length bytes) into out, and advances. The element must match the 609// given tag. It reports whether the read was successful. 610// 611// Tags greater than 30 are not supported (i.e. low-tag-number format only). 612func (s *String) ReadASN1Element(out *String, tag asn1.Tag) bool { 613 var t asn1.Tag 614 if !s.ReadAnyASN1Element(out, &t) || t != tag { 615 return false 616 } 617 return true 618} 619 620// ReadAnyASN1 reads the contents of a DER-encoded ASN.1 element (not including 621// tag and length bytes) into out, sets outTag to its tag, and advances. 622// It reports whether the read was successful. 623// 624// Tags greater than 30 are not supported (i.e. low-tag-number format only). 625func (s *String) ReadAnyASN1(out *String, outTag *asn1.Tag) bool { 626 return s.readASN1(out, outTag, true /* skip header */) 627} 628 629// ReadAnyASN1Element reads the contents of a DER-encoded ASN.1 element 630// (including tag and length bytes) into out, sets outTag to is tag, and 631// advances. It reports whether the read was successful. 632// 633// Tags greater than 30 are not supported (i.e. low-tag-number format only). 634func (s *String) ReadAnyASN1Element(out *String, outTag *asn1.Tag) bool { 635 return s.readASN1(out, outTag, false /* include header */) 636} 637 638// PeekASN1Tag reports whether the next ASN.1 value on the string starts with 639// the given tag. 640func (s String) PeekASN1Tag(tag asn1.Tag) bool { 641 if len(s) == 0 { 642 return false 643 } 644 return asn1.Tag(s[0]) == tag 645} 646 647// SkipASN1 reads and discards an ASN.1 element with the given tag. It 648// reports whether the operation was successful. 649func (s *String) SkipASN1(tag asn1.Tag) bool { 650 var unused String 651 return s.ReadASN1(&unused, tag) 652} 653 654// ReadOptionalASN1 attempts to read the contents of a DER-encoded ASN.1 655// element (not including tag and length bytes) tagged with the given tag into 656// out. It stores whether an element with the tag was found in outPresent, 657// unless outPresent is nil. It reports whether the read was successful. 658func (s *String) ReadOptionalASN1(out *String, outPresent *bool, tag asn1.Tag) bool { 659 present := s.PeekASN1Tag(tag) 660 if outPresent != nil { 661 *outPresent = present 662 } 663 if present && !s.ReadASN1(out, tag) { 664 return false 665 } 666 return true 667} 668 669// SkipOptionalASN1 advances s over an ASN.1 element with the given tag, or 670// else leaves s unchanged. It reports whether the operation was successful. 671func (s *String) SkipOptionalASN1(tag asn1.Tag) bool { 672 if !s.PeekASN1Tag(tag) { 673 return true 674 } 675 var unused String 676 return s.ReadASN1(&unused, tag) 677} 678 679// ReadOptionalASN1Integer attempts to read an optional ASN.1 INTEGER explicitly 680// tagged with tag into out and advances. If no element with a matching tag is 681// present, it writes defaultValue into out instead. Otherwise, it behaves like 682// ReadASN1Integer. 683func (s *String) ReadOptionalASN1Integer(out interface{}, tag asn1.Tag, defaultValue interface{}) bool { 684 var present bool 685 var i String 686 if !s.ReadOptionalASN1(&i, &present, tag) { 687 return false 688 } 689 if !present { 690 switch out.(type) { 691 case *int, *int8, *int16, *int32, *int64, 692 *uint, *uint8, *uint16, *uint32, *uint64, *[]byte: 693 reflect.ValueOf(out).Elem().Set(reflect.ValueOf(defaultValue)) 694 case *big.Int: 695 if defaultValue, ok := defaultValue.(*big.Int); ok { 696 out.(*big.Int).Set(defaultValue) 697 } else { 698 panic("out points to big.Int, but defaultValue does not") 699 } 700 default: 701 panic("invalid integer type") 702 } 703 return true 704 } 705 if !i.ReadASN1Integer(out) || !i.Empty() { 706 return false 707 } 708 return true 709} 710 711// ReadOptionalASN1OctetString attempts to read an optional ASN.1 OCTET STRING 712// explicitly tagged with tag into out and advances. If no element with a 713// matching tag is present, it sets "out" to nil instead. It reports 714// whether the read was successful. 715func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag asn1.Tag) bool { 716 var present bool 717 var child String 718 if !s.ReadOptionalASN1(&child, &present, tag) { 719 return false 720 } 721 if outPresent != nil { 722 *outPresent = present 723 } 724 if present { 725 var oct String 726 if !child.ReadASN1(&oct, asn1.OCTET_STRING) || !child.Empty() { 727 return false 728 } 729 *out = oct 730 } else { 731 *out = nil 732 } 733 return true 734} 735 736// ReadOptionalASN1Boolean attempts to read an optional ASN.1 BOOLEAN 737// explicitly tagged with tag into out and advances. If no element with a 738// matching tag is present, it sets "out" to defaultValue instead. It reports 739// whether the read was successful. 740func (s *String) ReadOptionalASN1Boolean(out *bool, tag asn1.Tag, defaultValue bool) bool { 741 var present bool 742 var child String 743 if !s.ReadOptionalASN1(&child, &present, tag) { 744 return false 745 } 746 747 if !present { 748 *out = defaultValue 749 return true 750 } 751 752 return child.ReadASN1Boolean(out) 753} 754 755func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool { 756 if len(*s) < 2 { 757 return false 758 } 759 tag, lenByte := (*s)[0], (*s)[1] 760 761 if tag&0x1f == 0x1f { 762 // ITU-T X.690 section 8.1.2 763 // 764 // An identifier octet with a tag part of 0x1f indicates a high-tag-number 765 // form identifier with two or more octets. We only support tags less than 766 // 31 (i.e. low-tag-number form, single octet identifier). 767 return false 768 } 769 770 if outTag != nil { 771 *outTag = asn1.Tag(tag) 772 } 773 774 // ITU-T X.690 section 8.1.3 775 // 776 // Bit 8 of the first length byte indicates whether the length is short- or 777 // long-form. 778 var length, headerLen uint32 // length includes headerLen 779 if lenByte&0x80 == 0 { 780 // Short-form length (section 8.1.3.4), encoded in bits 1-7. 781 length = uint32(lenByte) + 2 782 headerLen = 2 783 } else { 784 // Long-form length (section 8.1.3.5). Bits 1-7 encode the number of octets 785 // used to encode the length. 786 lenLen := lenByte & 0x7f 787 var len32 uint32 788 789 if lenLen == 0 || lenLen > 4 || len(*s) < int(2+lenLen) { 790 return false 791 } 792 793 lenBytes := String((*s)[2 : 2+lenLen]) 794 if !lenBytes.readUnsigned(&len32, int(lenLen)) { 795 return false 796 } 797 798 // ITU-T X.690 section 10.1 (DER length forms) requires encoding the length 799 // with the minimum number of octets. 800 if len32 < 128 { 801 // Length should have used short-form encoding. 802 return false 803 } 804 if len32>>((lenLen-1)*8) == 0 { 805 // Leading octet is 0. Length should have been at least one byte shorter. 806 return false 807 } 808 809 headerLen = 2 + uint32(lenLen) 810 if headerLen+len32 < len32 { 811 // Overflow. 812 return false 813 } 814 length = headerLen + len32 815 } 816 817 if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) { 818 return false 819 } 820 if skipHeader && !out.Skip(int(headerLen)) { 821 panic("cryptobyte: internal error") 822 } 823 824 return true 825} 826