asn1-cursor.cpp@ 74760

Last change on this file since 74760 was 74760, checked in by vboxsync, 7 years ago

IPRT/ldr/asn1/pkcs7: Ironed out issues in decoding indefinite ASN.1 length records and successfully verified the first Mach-O signature. bugref:9232

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

Property svn:mergeinfo set to (toggle deleted branches)

/branches/VBox-3.0/src/VBox/Runtime/common/asn1/asn1-basics.cpp	58652,70973
/branches/VBox-3.2/src/VBox/Runtime/common/asn1/asn1-basics.cpp	66309,66318
/branches/VBox-4.0/src/VBox/Runtime/common/asn1/asn1-basics.cpp	70873
/branches/VBox-4.1/src/VBox/Runtime/common/asn1/asn1-basics.cpp	74233,78414,78691,81841,82127,85941,85944-85947,85949-85950,85953,86701,86728,87009
/branches/VBox-4.2/src/VBox/Runtime/common/asn1/asn1-basics.cpp	86229-86230,86234,86529,91503-91504,91506-91508,91510,91514-91515,91521
/branches/VBox-4.3/src/VBox/Runtime/common/asn1/asn1-basics.cpp	91223
/branches/VBox-4.3/trunk/src/VBox/Runtime/common/asn1/asn1-basics.cpp	91223
/branches/andy/draganddrop/src/VBox/Runtime/common/asn1/asn1-basics.cpp	90781-91268
/branches/andy/guestctrl20/src/VBox/Runtime/common/asn1/asn1-basics.cpp	78916,78930
/branches/dsen/gui/src/VBox/Runtime/common/asn1/asn1-basics.cpp	79076-79078,79089,79109-79110,79112-79113,79127-79130,79134,79141,79151,79155,79157-79159,79193,79197
/branches/dsen/gui2/src/VBox/Runtime/common/asn1/asn1-basics.cpp	79224,79228,79233,79235,79258,79262-79263,79273,79341,79345,79354,79357,79387-79388,79559-79569,79572-79573,79578,79581-79582,79590-79591,79598-79599,79602-79603,79605-79606,79632,79635,79637,79644
/branches/dsen/gui3/src/VBox/Runtime/common/asn1/asn1-basics.cpp	79645-79692

File size: 27.7 KB

Line
1	/* $Id: asn1-cursor.cpp 74760 2018-10-11 11:25:24Z vboxsync $ */
2	/** @file
3	* IPRT - ASN.1, Basic Operations.
4	*/
5
6	/*
7	* Copyright (C) 2006-2017 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.215389.xyz. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27
28	/*********************************************************************************************************************************
29	* Header Files *
30	*********************************************************************************************************************************/
31	#include "internal/iprt.h"
32	#include <iprt/asn1.h>
33
34	#include <iprt/asm.h>
35	#include <iprt/alloca.h>
36	#include <iprt/err.h>
37	#include <iprt/string.h>
38	#include <iprt/ctype.h>
39
40	#include <iprt/formats/asn1.h>
41
42
43	/*********************************************************************************************************************************
44	* Defined Constants And Macros *
45	*********************************************************************************************************************************/
46	/** @def RTASN1_MAX_NESTING
47	* The maximum nesting depth we allow. This limit is enforced to avoid running
48	* out of stack due to malformed ASN.1 input.
49	*
50	* For reference, 'RTSignTool verify-exe RTSignTool.exe', requires a value of 15
51	* to work without hitting the limit for signatures with simple timestamps, and
52	* 23 (amd64/rel = ~3KB) for the new microsoft timestamp counter signatures.
53	*/
54	#ifdef IN_RING3
55	# define RTASN1_MAX_NESTING 64
56	#else
57	# define RTASN1_MAX_NESTING 32
58	#endif
59
60
61
62	RTDECL(PRTASN1CURSOR) RTAsn1CursorInitPrimary(PRTASN1CURSORPRIMARY pPrimaryCursor, void const *pvFirst, uint32_t cb,
63	PRTERRINFO pErrInfo, PCRTASN1ALLOCATORVTABLE pAllocator, uint32_t fFlags,
64	const char *pszErrorTag)
65	{
66	pPrimaryCursor->Cursor.pbCur = (uint8_t const *)pvFirst;
67	pPrimaryCursor->Cursor.cbLeft = cb;
68	pPrimaryCursor->Cursor.fFlags = (uint8_t)fFlags; Assert(fFlags <= UINT8_MAX);
69	pPrimaryCursor->Cursor.cDepth = 0;
70	pPrimaryCursor->Cursor.abReserved[0] = 0;
71	pPrimaryCursor->Cursor.abReserved[1] = 0;
72	pPrimaryCursor->Cursor.pPrimary = pPrimaryCursor;
73	pPrimaryCursor->Cursor.pUp = NULL;
74	pPrimaryCursor->Cursor.pszErrorTag = pszErrorTag;
75	pPrimaryCursor->pErrInfo = pErrInfo;
76	pPrimaryCursor->pAllocator = pAllocator;
77	pPrimaryCursor->pbFirst = (uint8_t const *)pvFirst;
78	return &pPrimaryCursor->Cursor;
79	}
80
81
82	RTDECL(int) RTAsn1CursorInitSub(PRTASN1CURSOR pParent, uint32_t cb, PRTASN1CURSOR pChild, const char *pszErrorTag)
83	{
84	AssertReturn(pParent->pPrimary, VERR_ASN1_INTERNAL_ERROR_1);
85	AssertReturn(pParent->pbCur, VERR_ASN1_INTERNAL_ERROR_2);
86
87	pChild->pbCur = pParent->pbCur;
88	pChild->cbLeft = cb;
89	pChild->fFlags = pParent->fFlags & ~RTASN1CURSOR_FLAGS_INDEFINITE_LENGTH;
90	pChild->cDepth = pParent->cDepth + 1;
91	AssertReturn(pChild->cDepth < RTASN1_MAX_NESTING, VERR_ASN1_TOO_DEEPLY_NESTED);
92	pChild->abReserved[0] = 0;
93	pChild->abReserved[1] = 0;
94	pChild->pPrimary = pParent->pPrimary;
95	pChild->pUp = pParent;
96	pChild->pszErrorTag = pszErrorTag;
97
98	AssertReturn(pParent->cbLeft >= cb, VERR_ASN1_INTERNAL_ERROR_3);
99	pParent->pbCur += cb;
100	pParent->cbLeft -= cb;
101
102	return VINF_SUCCESS;
103	}
104
105
106	RTDECL(int) RTAsn1CursorInitSubFromCore(PRTASN1CURSOR pParent, PRTASN1CORE pAsn1Core,
107	PRTASN1CURSOR pChild, const char *pszErrorTag)
108	{
109	AssertReturn(pParent->pPrimary, VERR_ASN1_INTERNAL_ERROR_1);
110	AssertReturn(pParent->pbCur, VERR_ASN1_INTERNAL_ERROR_2);
111
112	pChild->pbCur = pAsn1Core->uData.pu8;
113	pChild->cbLeft = pAsn1Core->cb;
114	pChild->fFlags = pParent->fFlags & ~RTASN1CURSOR_FLAGS_INDEFINITE_LENGTH;
115	pChild->cDepth = pParent->cDepth + 1;
116	AssertReturn(pChild->cDepth < RTASN1_MAX_NESTING, VERR_ASN1_TOO_DEEPLY_NESTED);
117	pChild->abReserved[0] = 0;
118	pChild->abReserved[1] = 0;
119	pChild->pPrimary = pParent->pPrimary;
120	pChild->pUp = pParent;
121	pChild->pszErrorTag = pszErrorTag;
122
123	return VINF_SUCCESS;
124	}
125
126
127	RTDECL(int) RTAsn1CursorSetInfoV(PRTASN1CURSOR pCursor, int rc, const char *pszMsg, va_list va)
128	{
129	PRTERRINFO pErrInfo = pCursor->pPrimary->pErrInfo;
130	if (pErrInfo)
131	{
132	/* Format the message. */
133	RTErrInfoSetV(pErrInfo, rc, pszMsg, va);
134
135	/* Add the prefixes. This isn't the fastest way, but it's the one
136	which eats the least stack. */
137	char *pszBuf = pErrInfo->pszMsg;
138	size_t cbBuf = pErrInfo->cbMsg;
139	if (pszBuf && cbBuf > 32)
140	{
141	size_t cbMove = strlen(pszBuf) + 1;
142
143	/* Make sure there is a ': '. */
144	bool fFirst = false;
145	if (pszMsg[0] != '%' \|\| pszMsg[1] != 's' \|\| pszMsg[2] != ':')
146	{
147	if (cbMove + 2 < cbBuf)
148	{
149	memmove(pszBuf + 2, pszBuf, cbMove);
150	pszBuf[0] = ':';
151	pszBuf[1] = ' ';
152	cbMove += 2;
153	fFirst = true;
154	}
155	}
156
157	/* Add the prefixes from the cursor chain. */
158	while (pCursor)
159	{
160	if (pCursor->pszErrorTag)
161	{
162	size_t cchErrorTag = strlen(pCursor->pszErrorTag);
163	if (cchErrorTag + !fFirst + cbMove > cbBuf)
164	break;
165	memmove(pszBuf + cchErrorTag + !fFirst, pszBuf, cbMove);
166	memcpy(pszBuf, pCursor->pszErrorTag, cchErrorTag);
167	if (!fFirst)
168	pszBuf[cchErrorTag] = '.';
169	cbMove += cchErrorTag + !fFirst;
170	fFirst = false;
171	}
172	pCursor = pCursor->pUp;
173	}
174	}
175	}
176
177	return rc;
178	}
179
180
181	RTDECL(int) RTAsn1CursorSetInfo(PRTASN1CURSOR pCursor, int rc, const char *pszMsg, ...)
182	{
183	va_list va;
184	va_start(va, pszMsg);
185	rc = RTAsn1CursorSetInfoV(pCursor, rc, pszMsg, va);
186	va_end(va);
187	return rc;
188	}
189
190
191	RTDECL(bool) RTAsn1CursorIsEnd(PRTASN1CURSOR pCursor)
192	{
193	if (pCursor->cbLeft == 0)
194	return true;
195	if (!(pCursor->fFlags & RTASN1CURSOR_FLAGS_INDEFINITE_LENGTH))
196	return false;
197	return pCursor->cbLeft >= 2
198	&& pCursor->pbCur[0] == 0
199	&& pCursor->pbCur[1] == 0;
200	}
201
202
203	RTDECL(int) RTAsn1CursorCheckEnd(PRTASN1CURSOR pCursor)
204	{
205	if (pCursor->cbLeft == 0)
206	return VINF_SUCCESS;
207
208	if (pCursor->fFlags & RTASN1CURSOR_FLAGS_INDEFINITE_LENGTH)
209	{
210	/*
211	* If we've got two zeros here we're good. This helps us handle apple code
212	* signatures, where most of the big structures are of indefinite length.
213	* The problem here is when rtCrPkcs7ContentInfo_DecodeExtra works the
214	* octet string, it appears as if there extra padding at the end.
215	*
216	* It is of course possible that ASN.1 assumes we will parse the content of
217	* that octet string as if it were an ASN.1 substructure, looking for the
218	* end-of-content sequence and propage that up. However, this works for now.
219	*/
220	if (pCursor->cbLeft >= 2)
221	{
222	if ( pCursor->pbCur[0] == 0
223	&& pCursor->pbCur[1] == 0)
224	return VINF_SUCCESS;
225	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_NOT_AT_END,
226	"%u (%#x) bytes left over [indef: %.*Rhxs]",
227	pCursor->cbLeft, pCursor->cbLeft, RT_MIN(pCursor->cbLeft, 16), pCursor->pbCur);
228	}
229	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_NOT_AT_END,
230	"%u (%#x) bytes left over [indef len]", pCursor->cbLeft, pCursor->cbLeft);
231	}
232	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_NOT_AT_END,
233	"%u (%#x) bytes left over", pCursor->cbLeft, pCursor->cbLeft);
234	}
235
236
237	/**
238	* Worker for RTAsn1CursorCheckSeqEnd and RTAsn1CursorCheckSetEnd.
239	*/
240	static int rtAsn1CursorCheckSeqOrSetEnd(PRTASN1CURSOR pCursor, PRTASN1CORE pAsn1Core)
241	{
242	if (!(pAsn1Core->fFlags & RTASN1CORE_F_INDEFINITE_LENGTH))
243	{
244	if (pCursor->cbLeft == 0)
245	return VINF_SUCCESS;
246	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_NOT_AT_END,
247	"%u (%#x) bytes left over", pCursor->cbLeft, pCursor->cbLeft);
248	}
249
250	if (pCursor->cbLeft >= 2)
251	{
252	if ( pCursor->pbCur[0] == 0
253	&& pCursor->pbCur[1] == 0)
254	{
255	pAsn1Core->cb = (uint32_t)(pCursor->pbCur - pAsn1Core->uData.pu8);
256	pCursor->cbLeft -= 2;
257	pCursor->pbCur += 2;
258
259	PRTASN1CURSOR pParentCursor = pCursor->pUp;
260	if ( pParentCursor
261	&& (pParentCursor->fFlags & RTASN1CURSOR_FLAGS_INDEFINITE_LENGTH))
262	{
263	pParentCursor->pbCur -= pCursor->cbLeft;
264	pParentCursor->cbLeft += pCursor->cbLeft;
265	return VINF_SUCCESS;
266	}
267
268	if (pCursor->cbLeft == 0)
269	return VINF_SUCCESS;
270
271	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_NOT_AT_END,
272	"%u (%#x) bytes left over (parent not indefinite length)", pCursor->cbLeft, pCursor->cbLeft);
273	}
274	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_NOT_AT_END, "%u (%#x) bytes left over [indef: %.*Rhxs]",
275	pCursor->cbLeft, pCursor->cbLeft, RT_MIN(pCursor->cbLeft, 16), pCursor->pbCur);
276	}
277	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_NOT_AT_END,
278	"1 byte left over, expected two for indefinite length end-of-content sequence");
279	}
280
281
282	RTDECL(int) RTAsn1CursorCheckSeqEnd(PRTASN1CURSOR pCursor, PRTASN1SEQUENCECORE pSeqCore)
283	{
284	return rtAsn1CursorCheckSeqOrSetEnd(pCursor, &pSeqCore->Asn1Core);
285	}
286
287
288	RTDECL(int) RTAsn1CursorCheckSetEnd(PRTASN1CURSOR pCursor, PRTASN1SETCORE pSetCore)
289	{
290	return rtAsn1CursorCheckSeqOrSetEnd(pCursor, &pSetCore->Asn1Core);
291	}
292
293
294	RTDECL(int) RTAsn1CursorCheckOctStrEnd(PRTASN1CURSOR pCursor, PRTASN1OCTETSTRING pOctetString)
295	{
296	return rtAsn1CursorCheckSeqOrSetEnd(pCursor, &pOctetString->Asn1Core);
297	}
298
299
300	RTDECL(PRTASN1ALLOCATION) RTAsn1CursorInitAllocation(PRTASN1CURSOR pCursor, PRTASN1ALLOCATION pAllocation)
301	{
302	pAllocation->cbAllocated = 0;
303	pAllocation->cReallocs = 0;
304	pAllocation->uReserved0 = 0;
305	pAllocation->pAllocator = pCursor->pPrimary->pAllocator;
306	return pAllocation;
307	}
308
309
310	RTDECL(PRTASN1ARRAYALLOCATION) RTAsn1CursorInitArrayAllocation(PRTASN1CURSOR pCursor, PRTASN1ARRAYALLOCATION pAllocation,
311	size_t cbEntry)
312	{
313	Assert(cbEntry >= sizeof(RTASN1CORE));
314	Assert(cbEntry < _1M);
315	Assert(RT_ALIGN_Z(cbEntry, sizeof(void *)) == cbEntry);
316	pAllocation->cbEntry = (uint32_t)cbEntry;
317	pAllocation->cPointersAllocated = 0;
318	pAllocation->cEntriesAllocated = 0;
319	pAllocation->cResizeCalls = 0;
320	pAllocation->uReserved0 = 0;
321	pAllocation->pAllocator = pCursor->pPrimary->pAllocator;
322	return pAllocation;
323	}
324
325
326	RTDECL(int) RTAsn1CursorReadHdr(PRTASN1CURSOR pCursor, PRTASN1CORE pAsn1Core, const char *pszErrorTag)
327	{
328	/*
329	* Initialize the return structure in case of failure.
330	*/
331	pAsn1Core->uTag = 0;
332	pAsn1Core->fClass = 0;
333	pAsn1Core->uRealTag = 0;
334	pAsn1Core->fRealClass = 0;
335	pAsn1Core->cbHdr = 0;
336	pAsn1Core->cb = 0;
337	pAsn1Core->fFlags = 0;
338	pAsn1Core->uData.pv = NULL;
339	pAsn1Core->pOps = NULL;
340
341	/*
342	* The header has at least two bytes: Type & length.
343	*/
344	if (pCursor->cbLeft >= 2)
345	{
346	uint32_t uTag = pCursor->pbCur[0];
347	uint32_t cb = pCursor->pbCur[1];
348	pCursor->cbLeft -= 2;
349	pCursor->pbCur += 2;
350
351	pAsn1Core->uRealTag = pAsn1Core->uTag = uTag & ASN1_TAG_MASK;
352	pAsn1Core->fRealClass = pAsn1Core->fClass = uTag & ~ASN1_TAG_MASK;
353	pAsn1Core->cbHdr = 2;
354	if ((uTag & ASN1_TAG_MASK) == ASN1_TAG_USE_LONG_FORM)
355	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_LONG_TAG,
356	"%s: Implement parsing of tags > 30: %#x (length=%#x)", pszErrorTag, uTag, cb);
357
358	/* Extended length field? */
359	if (cb & RT_BIT(7))
360	{
361	if (cb != RT_BIT(7))
362	{
363	/* Definite form. */
364	uint8_t cbEnc = cb & 0x7f;
365	if (cbEnc > pCursor->cbLeft)
366	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_BAD_LENGTH_ENCODING,
367	"%s: Extended BER length field longer than available data: %#x vs %#x (uTag=%#x)",
368	pszErrorTag, cbEnc, pCursor->cbLeft, uTag);
369	switch (cbEnc)
370	{
371	case 1:
372	cb = pCursor->pbCur[0];
373	break;
374	case 2:
375	cb = RT_MAKE_U16(pCursor->pbCur[1], pCursor->pbCur[0]);
376	break;
377	case 3:
378	cb = RT_MAKE_U32_FROM_U8(pCursor->pbCur[2], pCursor->pbCur[1], pCursor->pbCur[0], 0);
379	break;
380	case 4:
381	cb = RT_MAKE_U32_FROM_U8(pCursor->pbCur[3], pCursor->pbCur[2], pCursor->pbCur[1], pCursor->pbCur[0]);
382	break;
383	default:
384	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_BAD_LENGTH_ENCODING,
385	"%s: Too long/short extended BER length field: %#x (uTag=%#x)",
386	pszErrorTag, cbEnc, uTag);
387	}
388	pCursor->cbLeft -= cbEnc;
389	pCursor->pbCur += cbEnc;
390	pAsn1Core->cbHdr += cbEnc;
391
392	/* Check the length encoding efficiency (T-REC-X.690-200811 10.1, 9.1). */
393	if (pCursor->fFlags & (RTASN1CURSOR_FLAGS_DER \| RTASN1CURSOR_FLAGS_CER))
394	{
395	if (cb <= 0x7f)
396	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_BAD_LENGTH_ENCODING,
397	"%s: Invalid DER/CER length encoding: cbEnc=%u cb=%#x uTag=%#x",
398	pszErrorTag, cbEnc, cb, uTag);
399	uint8_t cbNeeded;
400	if (cb <= 0x000000ff) cbNeeded = 1;
401	else if (cb <= 0x0000ffff) cbNeeded = 2;
402	else if (cb <= 0x00ffffff) cbNeeded = 3;
403	else cbNeeded = 4;
404	if (cbNeeded != cbEnc)
405	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_BAD_LENGTH_ENCODING,
406	"%s: Invalid DER/CER length encoding: cb=%#x uTag=%#x cbEnc=%u cbNeeded=%u",
407	pszErrorTag, cb, uTag, cbEnc, cbNeeded);
408	}
409	}
410	/* Indefinite form. */
411	else if (pCursor->fFlags & RTASN1CURSOR_FLAGS_DER)
412	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_ILLEGAL_INDEFINITE_LENGTH,
413	"%s: Indefinite length form not allowed in DER mode (uTag=%#x).", pszErrorTag, uTag);
414	else if (!(uTag & ASN1_TAGFLAG_CONSTRUCTED))
415	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_BAD_INDEFINITE_LENGTH,
416	"%s: Indefinite BER/CER encoding is for non-constructed tag (uTag=%#x)", pszErrorTag, uTag);
417	else if ( uTag != (ASN1_TAG_SEQUENCE \| ASN1_TAGFLAG_CONSTRUCTED)
418	&& uTag != (ASN1_TAG_SET \| ASN1_TAGFLAG_CONSTRUCTED)
419	&& (uTag & (ASN1_TAGFLAG_CONSTRUCTED \| ASN1_TAGCLASS_CONTEXT))
420	!= (ASN1_TAGFLAG_CONSTRUCTED \| ASN1_TAGCLASS_CONTEXT) )
421	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_BAD_INDEFINITE_LENGTH,
422	"%s: Indefinite BER/CER encoding not supported for this tag (uTag=%#x)", pszErrorTag, uTag);
423	else if (pCursor->fFlags & RTASN1CURSOR_FLAGS_INDEFINITE_LENGTH)
424	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_BAD_INDEFINITE_LENGTH,
425	"%s: Nested indefinite BER/CER encoding. (uTag=%#x)", pszErrorTag, uTag);
426	else if (pCursor->cbLeft < 2)
427	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_BAD_INDEFINITE_LENGTH,
428	"%s: Too little data left for indefinite BER/CER encoding (uTag=%#x)", pszErrorTag, uTag);
429	else
430	{
431	pCursor->fFlags \|= RTASN1CURSOR_FLAGS_INDEFINITE_LENGTH;
432	pAsn1Core->fFlags \|= RTASN1CORE_F_INDEFINITE_LENGTH;
433	cb = pCursor->cbLeft; /* Start out with the whole sequence, adjusted later upon reach the end. */
434	}
435	}
436	/* else if (cb == 0 && uTag == 0) { end of content } - callers handle this */
437
438	/* Check if the length makes sense. */
439	if (cb > pCursor->cbLeft)
440	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_BAD_LENGTH,
441	"%s: BER value length out of bounds: %#x (max=%#x uTag=%#x)",
442	pszErrorTag, cb, pCursor->cbLeft, uTag);
443
444	pAsn1Core->fFlags \|= RTASN1CORE_F_PRESENT \| RTASN1CORE_F_DECODED_CONTENT;
445	pAsn1Core->cb = cb;
446	pAsn1Core->uData.pv = (void *)pCursor->pbCur;
447	return VINF_SUCCESS;
448	}
449
450	if (pCursor->cbLeft)
451	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_TOO_LITTLE_DATA_LEFT,
452	"%s: Too little data left to form a valid BER header", pszErrorTag);
453	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_NO_MORE_DATA,
454	"%s: No more data reading BER header", pszErrorTag);
455	}
456
457
458	RTDECL(int) RTAsn1CursorMatchTagClassFlagsEx(PRTASN1CURSOR pCursor, PRTASN1CORE pAsn1Core, uint32_t uTag, uint32_t fClass,
459	bool fString, uint32_t fFlags, const char pszErrorTag, const char pszWhat)
460	{
461	if (pAsn1Core->uTag == uTag)
462	{
463	if (pAsn1Core->fClass == fClass)
464	return VINF_SUCCESS;
465	if ( fString
466	&& pAsn1Core->fClass == (fClass \| ASN1_TAGFLAG_CONSTRUCTED))
467	{
468	if (!(pCursor->fFlags & (RTASN1CURSOR_FLAGS_DER \| RTASN1CURSOR_FLAGS_CER)))
469	return VINF_SUCCESS;
470	if (pCursor->fFlags & RTASN1CURSOR_FLAGS_CER)
471	{
472	if (pAsn1Core->cb > 1000)
473	return VINF_SUCCESS;
474	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_ILLEGAL_CONSTRUCTED_STRING,
475	"%s: Constructed %s only allowed for >1000 byte in CER encoding: cb=%#x uTag=%#x fClass=%#x",
476	pszErrorTag, pszWhat, pAsn1Core->cb, pAsn1Core->uTag, pAsn1Core->fClass);
477	}
478	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_ILLEGAL_CONSTRUCTED_STRING,
479	"%s: DER encoding does not allow constructed %s (cb=%#x uTag=%#x fClass=%#x)",
480	pszErrorTag, pszWhat, pAsn1Core->cb, pAsn1Core->uTag, pAsn1Core->fClass);
481	}
482	}
483
484	if (fFlags & RTASN1CURSOR_GET_F_IMPLICIT)
485	{
486	pAsn1Core->fFlags \|= RTASN1CORE_F_TAG_IMPLICIT;
487	pAsn1Core->uRealTag = uTag;
488	pAsn1Core->fRealClass = fClass;
489	return VINF_SUCCESS;
490	}
491
492	return RTAsn1CursorSetInfo(pCursor, pAsn1Core->uTag != uTag ? VERR_ASN1_CURSOR_TAG_MISMATCH : VERR_ASN1_CURSOR_TAG_FLAG_CLASS_MISMATCH,
493	"%s: Unexpected %s type/flags: %#x/%#x (expected %#x/%#x)",
494	pszErrorTag, pszWhat, pAsn1Core->uTag, pAsn1Core->fClass, uTag, fClass);
495	}
496
497
498
499	static int rtAsn1CursorGetXxxxCursor(PRTASN1CURSOR pCursor, uint32_t fFlags, uint32_t uTag, uint8_t fClass,
500	PRTASN1CORE pAsn1Core, PRTASN1CURSOR pRetCursor,
501	const char pszErrorTag, const char pszWhat)
502	{
503	int rc = RTAsn1CursorReadHdr(pCursor, pAsn1Core, pszErrorTag);
504	if (RT_SUCCESS(rc))
505	{
506	if ( pAsn1Core->uTag == uTag
507	&& pAsn1Core->fClass == fClass)
508	rc = VINF_SUCCESS;
509	else if (fFlags & RTASN1CURSOR_GET_F_IMPLICIT)
510	{
511	pAsn1Core->fFlags \|= RTASN1CORE_F_TAG_IMPLICIT;
512	pAsn1Core->uRealTag = uTag;
513	pAsn1Core->fRealClass = fClass;
514	rc = VINF_SUCCESS;
515	}
516	else
517	return RTAsn1CursorSetInfo(pCursor, VERR_ASN1_CURSOR_ILLEGAL_CONSTRUCTED_STRING,
518	"%s: Unexpected %s type/flags: %#x/%#x (expected %#x/%#x)",
519	pszErrorTag, pszWhat, pAsn1Core->uTag, pAsn1Core->fClass, uTag, fClass);
520	rc = RTAsn1CursorInitSub(pCursor, pAsn1Core->cb, pRetCursor, pszErrorTag);
521	if (RT_SUCCESS(rc))
522	{
523	pAsn1Core->fFlags \|= RTASN1CORE_F_PRIMITE_TAG_STRUCT;
524	return VINF_SUCCESS;
525	}
526	}
527	return rc;
528	}
529
530
531	RTDECL(int) RTAsn1CursorGetSequenceCursor(PRTASN1CURSOR pCursor, uint32_t fFlags,
532	PRTASN1SEQUENCECORE pSeqCore, PRTASN1CURSOR pSeqCursor, const char *pszErrorTag)
533	{
534	return rtAsn1CursorGetXxxxCursor(pCursor, fFlags, ASN1_TAG_SEQUENCE, ASN1_TAGCLASS_UNIVERSAL \| ASN1_TAGFLAG_CONSTRUCTED,
535	&pSeqCore->Asn1Core, pSeqCursor, pszErrorTag, "sequence");
536	}
537
538
539	RTDECL(int) RTAsn1CursorGetSetCursor(PRTASN1CURSOR pCursor, uint32_t fFlags,
540	PRTASN1SETCORE pSetCore, PRTASN1CURSOR pSetCursor, const char *pszErrorTag)
541	{
542	return rtAsn1CursorGetXxxxCursor(pCursor, fFlags, ASN1_TAG_SET, ASN1_TAGCLASS_UNIVERSAL \| ASN1_TAGFLAG_CONSTRUCTED,
543	&pSetCore->Asn1Core, pSetCursor, pszErrorTag, "set");
544	}
545
546
547	RTDECL(int) RTAsn1CursorGetContextTagNCursor(PRTASN1CURSOR pCursor, uint32_t fFlags, uint32_t uExpectedTag,
548	PCRTASN1COREVTABLE pVtable, PRTASN1CONTEXTTAG pCtxTag, PRTASN1CURSOR pCtxTagCursor,
549	const char *pszErrorTag)
550	{
551	int rc = rtAsn1CursorGetXxxxCursor(pCursor, fFlags, uExpectedTag, ASN1_TAGCLASS_CONTEXT \| ASN1_TAGFLAG_CONSTRUCTED,
552	&pCtxTag->Asn1Core, pCtxTagCursor, pszErrorTag, "ctx tag");
553	pCtxTag->Asn1Core.pOps = pVtable;
554	return rc;
555	}
556
557
558	RTDECL(int) RTAsn1CursorPeek(PRTASN1CURSOR pCursor, PRTASN1CORE pAsn1Core)
559	{
560	uint32_t cbSavedLeft = pCursor->cbLeft;
561	uint8_t const *pbSavedCur = pCursor->pbCur;
562	uint8_t const fSavedFlags = pCursor->fFlags;
563	PRTERRINFO const pErrInfo = pCursor->pPrimary->pErrInfo;
564	pCursor->pPrimary->pErrInfo = NULL;
565
566	int rc = RTAsn1CursorReadHdr(pCursor, pAsn1Core, "peek");
567
568	pCursor->pPrimary->pErrInfo = pErrInfo;
569	pCursor->pbCur = pbSavedCur;
570	pCursor->cbLeft = cbSavedLeft;
571	pCursor->fFlags = fSavedFlags;
572	return rc;
573	}
574
575
576	RTDECL(bool) RTAsn1CursorIsNextEx(PRTASN1CURSOR pCursor, uint32_t uTag, uint8_t fClass)
577	{
578	RTASN1CORE Asn1Core;
579	int rc = RTAsn1CursorPeek(pCursor, &Asn1Core);
580	if (RT_SUCCESS(rc))
581	return uTag == Asn1Core.uTag
582	&& fClass == Asn1Core.fClass;
583	return false;
584	}
585
586
587	/** @name Legacy Interfaces.
588	* @{ */
589	RTDECL(int) RTAsn1CursorGetCore(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1CORE pAsn1Core, const char *pszErrorTag)
590	{
591	return RTAsn1Core_DecodeAsn1(pCursor, fFlags, pAsn1Core, pszErrorTag);
592	}
593
594
595	RTDECL(int) RTAsn1CursorGetNull(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1NULL pNull, const char *pszErrorTag)
596	{
597	return RTAsn1Null_DecodeAsn1(pCursor, fFlags, pNull, pszErrorTag);
598	}
599
600
601	RTDECL(int) RTAsn1CursorGetInteger(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1INTEGER pInteger, const char *pszErrorTag)
602	{
603	return RTAsn1Integer_DecodeAsn1(pCursor, fFlags, pInteger, pszErrorTag);
604	}
605
606
607	RTDECL(int) RTAsn1CursorGetBoolean(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1BOOLEAN pBoolean, const char *pszErrorTag)
608	{
609	return RTAsn1Boolean_DecodeAsn1(pCursor, fFlags, pBoolean, pszErrorTag);
610	}
611
612
613	RTDECL(int) RTAsn1CursorGetObjId(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1OBJID pObjId, const char *pszErrorTag)
614	{
615	return RTAsn1ObjId_DecodeAsn1(pCursor, fFlags, pObjId, pszErrorTag);
616	}
617
618
619	RTDECL(int) RTAsn1CursorGetTime(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1TIME pTime, const char *pszErrorTag)
620	{
621	return RTAsn1Time_DecodeAsn1(pCursor, fFlags, pTime, pszErrorTag);
622	}
623
624
625	RTDECL(int) RTAsn1CursorGetBitStringEx(PRTASN1CURSOR pCursor, uint32_t fFlags, uint32_t cMaxBits, PRTASN1BITSTRING pBitString,
626	const char *pszErrorTag)
627	{
628	return RTAsn1BitString_DecodeAsn1Ex(pCursor, fFlags, cMaxBits, pBitString, pszErrorTag);
629	}
630
631
632	RTDECL(int) RTAsn1CursorGetBitString(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1BITSTRING pBitString, const char *pszErrorTag)
633	{
634	return RTAsn1BitString_DecodeAsn1(pCursor, fFlags, pBitString, pszErrorTag);
635	}
636
637
638	RTDECL(int) RTAsn1CursorGetOctetString(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1OCTETSTRING pOctetString,
639	const char *pszErrorTag)
640	{
641	return RTAsn1OctetString_DecodeAsn1(pCursor, fFlags, pOctetString, pszErrorTag);
642	}
643
644
645	RTDECL(int) RTAsn1CursorGetString(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1STRING pString, const char *pszErrorTag)
646	{
647	return RTAsn1String_DecodeAsn1(pCursor, fFlags, pString, pszErrorTag);
648	}
649
650
651	RTDECL(int) RTAsn1CursorGetIa5String(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1STRING pString, const char *pszErrorTag)
652	{
653	return RTAsn1Ia5String_DecodeAsn1(pCursor, fFlags, pString, pszErrorTag);
654	}
655
656
657	RTDECL(int) RTAsn1CursorGetUtf8String(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1STRING pString, const char *pszErrorTag)
658	{
659	return RTAsn1Utf8String_DecodeAsn1(pCursor, fFlags, pString, pszErrorTag);
660	}
661
662
663	RTDECL(int) RTAsn1CursorGetBmpString(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1STRING pString, const char *pszErrorTag)
664	{
665	return RTAsn1BmpString_DecodeAsn1(pCursor, fFlags, pString, pszErrorTag);
666	}
667
668
669	RTDECL(int) RTAsn1CursorGetDynType(PRTASN1CURSOR pCursor, uint32_t fFlags, PRTASN1DYNTYPE pDynType, const char *pszErrorTag)
670	{
671	return RTAsn1DynType_DecodeAsn1(pCursor, fFlags, pDynType, pszErrorTag);
672	}
673	/** @} */
674

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/Runtime/common/asn1/asn1-cursor.cpp@ 74760

Download in other formats: