source: git/src-cryptopp/asn.h

Last change on this file was e230cb0, checked in by David Stainton <dstainton415@…>, at 2016-10-12T13:27:29Z

Add cryptopp from tag CRYPTOPP_5_6_5

  • Property mode set to 100644
File size: 19.6 KB
Line 
1// asn.h - written and placed in the public domain by Wei Dai
2
3//! \file asn.h
4//! \brief Classes and functions for working with ANS.1 objects
5
6#ifndef CRYPTOPP_ASN_H
7#define CRYPTOPP_ASN_H
8
9#include "cryptlib.h"
10#include "filters.h"
11#include "smartptr.h"
12#include "stdcpp.h"
13#include "queue.h"
14#include "misc.h"
15
16NAMESPACE_BEGIN(CryptoPP)
17
18//! \brief ASN.1 types
19//! \note These tags and flags are not complete
20enum ASNTag
21{
22        BOOLEAN                         = 0x01,
23        INTEGER                         = 0x02,
24        BIT_STRING                      = 0x03,
25        OCTET_STRING            = 0x04,
26        TAG_NULL                        = 0x05,
27        OBJECT_IDENTIFIER       = 0x06,
28        OBJECT_DESCRIPTOR       = 0x07,
29        EXTERNAL                        = 0x08,
30        REAL                            = 0x09,
31        ENUMERATED                      = 0x0a,
32        UTF8_STRING                     = 0x0c,
33        SEQUENCE                        = 0x10,
34        SET                             = 0x11,
35        NUMERIC_STRING          = 0x12,
36        PRINTABLE_STRING        = 0x13,
37        T61_STRING                      = 0x14,
38        VIDEOTEXT_STRING        = 0x15,
39        IA5_STRING                      = 0x16,
40        UTC_TIME                        = 0x17,
41        GENERALIZED_TIME        = 0x18,
42        GRAPHIC_STRING          = 0x19,
43        VISIBLE_STRING          = 0x1a,
44        GENERAL_STRING          = 0x1b
45};
46
47//! \brief ASN.1 flags
48//! \note These tags and flags are not complete
49enum ASNIdFlag
50{
51        UNIVERSAL                       = 0x00,
52//      DATA                            = 0x01,
53//      HEADER                          = 0x02,
54        CONSTRUCTED             = 0x20,
55        APPLICATION             = 0x40,
56        CONTEXT_SPECIFIC        = 0x80,
57        PRIVATE                         = 0xc0
58};
59
60//! \brief Raises a BERDecodeErr
61inline void BERDecodeError() {throw BERDecodeErr();}
62
63//! \brief Exception thrown when an unknown object identifier is encountered
64class CRYPTOPP_DLL UnknownOID : public BERDecodeErr
65{
66public:
67        //! \brief Construct an UnknownOID
68        UnknownOID() : BERDecodeErr("BER decode error: unknown object identifier") {}
69        //! \brief Construct an UnknownOID
70        //! \param err error message to use for the execption
71        UnknownOID(const char *err) : BERDecodeErr(err) {}
72};
73
74// unsigned int DERLengthEncode(unsigned int length, byte *output=0);
75
76//! \brief DER encode a length
77//! \param bt BufferedTransformation object for writing
78//! \param length the size to encode
79//! \returns the number of octets used for the encoding
80CRYPTOPP_DLL size_t CRYPTOPP_API DERLengthEncode(BufferedTransformation &bt, lword length);
81
82//! \brief BER decode a length
83//! \param bt BufferedTransformation object for reading
84//! \param length the decoded size
85//! \returns true if the value was decoded
86//! \throws BERDecodeError if the value fails to decode or is too large for size_t
87//! \details BERLengthDecode() returns false if the encoding is indefinite length.
88CRYPTOPP_DLL bool CRYPTOPP_API BERLengthDecode(BufferedTransformation &bt, size_t &length);
89
90//! \brief DER encode NULL
91//! \param bt BufferedTransformation object for writing
92CRYPTOPP_DLL void CRYPTOPP_API DEREncodeNull(BufferedTransformation &bt);
93
94//! \brief BER decode NULL
95//! \param bt BufferedTransformation object for reading
96CRYPTOPP_DLL void CRYPTOPP_API BERDecodeNull(BufferedTransformation &bt);
97
98//! \brief DER encode octet string
99//! \param bt BufferedTransformation object for writing
100//! \param str the string to encode
101//! \param strLen the length of the string
102//! \returns the number of octets used for the encoding
103CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &bt, const byte *str, size_t strLen);
104
105//! \brief DER encode octet string
106//! \param bt BufferedTransformation object for reading
107//! \param str the string to encode
108//! \returns the number of octets used for the encoding
109CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &bt, const SecByteBlock &str);
110
111//! \brief BER decode octet string
112//! \param bt BufferedTransformation object for reading
113//! \param str the decoded string
114//! \returns the number of octets used for the encoding
115CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str);
116
117//! \brief BER decode octet string
118//! \param bt BufferedTransformation object for reading
119//! \param str the decoded string
120//! \returns the number of octets used for the encoding
121CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation &str);
122
123//! \brief DER encode text string
124//! \param bt BufferedTransformation object for writing
125//! \param str the string to encode
126//! \param asnTag the ASN.1 type
127//! \returns the number of octets used for the encoding
128//! \details DEREncodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING
129CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &bt, const std::string &str, byte asnTag);
130
131//! \brief BER decode text string
132//! \param bt BufferedTransformation object for reading
133//! \param str the string to encode
134//! \param asnTag the ASN.1 type
135//! \details DEREncodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING
136CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte asnTag);
137
138//! \brief DER encode bit string
139//! \param bt BufferedTransformation object for writing
140//! \param str the string to encode
141//! \param strLen the length of the string
142//! \param unusedBits the number of unused bits
143//! \returns the number of octets used for the encoding
144CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeBitString(BufferedTransformation &bt, const byte *str, size_t strLen, unsigned int unusedBits=0);
145
146//! \brief DER decode bit string
147//! \param bt BufferedTransformation object for reading
148//! \param str the decoded string
149//! \param unusedBits the number of unused bits
150CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigned int &unusedBits);
151
152//! \brief BER decode and DER re-encode
153//! \param bt BufferedTransformation object for writing
154//! \param dest BufferedTransformation object
155CRYPTOPP_DLL void CRYPTOPP_API DERReencode(BufferedTransformation &bt, BufferedTransformation &dest);
156
157//! \brief Object Identifier
158class CRYPTOPP_DLL OID
159{
160public:
161        //! \brief Construct an OID
162        OID() {}
163        //! \brief Construct an OID
164        //! \param v value to initialize the OID
165        OID(word32 v) : m_values(1, v) {}
166        //! \brief Construct an OID
167        //! \param bt BufferedTransformation object
168        OID(BufferedTransformation &bt) {BERDecode(bt);}
169
170        //! \brief Append a value to an OID
171        //! \param rhs the value to append
172        inline OID & operator+=(word32 rhs) {m_values.push_back(rhs); return *this;}
173
174        //! \brief DER encode this OID
175        //! \param bt BufferedTransformation object
176        void DEREncode(BufferedTransformation &bt) const;
177
178        //! \brief BER decode an OID
179        //! \param bt BufferedTransformation object
180        void BERDecode(BufferedTransformation &bt);
181
182        //! \brief BER decode an OID
183        //! \param bt BufferedTransformation object
184        //! \throws BERDecodeErr() if decoded value doesn't match an expected OID
185        //! \details BERDecodeAndCheck() can be used to parse an OID and verify it matches an expected.
186        //! <pre>
187        //!   BERSequenceDecoder key(bt);
188        //!   ...
189        //!   BERSequenceDecoder algorithm(key);
190        //!   GetAlgorithmID().BERDecodeAndCheck(algorithm);
191        //! </pre>
192        void BERDecodeAndCheck(BufferedTransformation &bt) const;
193
194        std::vector<word32> m_values;
195
196private:
197        static void EncodeValue(BufferedTransformation &bt, word32 v);
198        static size_t DecodeValue(BufferedTransformation &bt, word32 &v);
199};
200
201//! \brief ASN.1 encoded object filter
202class EncodedObjectFilter : public Filter
203{
204public:
205        enum Flag {PUT_OBJECTS=1, PUT_MESSANGE_END_AFTER_EACH_OBJECT=2, PUT_MESSANGE_END_AFTER_ALL_OBJECTS=4, PUT_MESSANGE_SERIES_END_AFTER_ALL_OBJECTS=8};
206
207        //! \brief Construct an EncodedObjectFilter
208        //! \param attachment a BufferedTrasformation to attach to this object
209        //! \param nObjects
210        //! \param flags bitwise OR of EncodedObjectFilter::Flag
211        EncodedObjectFilter(BufferedTransformation *attachment = NULL, unsigned int nObjects = 1, word32 flags = 0);
212
213        //! \brief Input a byte buffer for processing
214        //! \param inString the byte buffer to process
215        //! \param length the size of the string, in bytes
216        void Put(const byte *inString, size_t length);
217
218        unsigned int GetNumberOfCompletedObjects() const {return m_nCurrentObject;}
219        unsigned long GetPositionOfObject(unsigned int i) const {return m_positions[i];}
220
221private:
222        BufferedTransformation & CurrentTarget();
223
224        word32 m_flags;
225        unsigned int m_nObjects, m_nCurrentObject, m_level;
226        std::vector<unsigned int> m_positions;
227        ByteQueue m_queue;
228        enum State {IDENTIFIER, LENGTH, BODY, TAIL, ALL_DONE} m_state;
229        byte m_id;
230        lword m_lengthRemaining;
231};
232
233//! \brief BER General Decoder
234class CRYPTOPP_DLL BERGeneralDecoder : public Store
235{
236public:
237        explicit BERGeneralDecoder(BufferedTransformation &inQueue, byte asnTag);
238        explicit BERGeneralDecoder(BERGeneralDecoder &inQueue, byte asnTag);
239        ~BERGeneralDecoder();
240
241        bool IsDefiniteLength() const {return m_definiteLength;}
242        lword RemainingLength() const {CRYPTOPP_ASSERT(m_definiteLength); return m_length;}
243        bool EndReached() const;
244        byte PeekByte() const;
245        void CheckByte(byte b);
246
247        size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true);
248        size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const;
249
250        // call this to denote end of sequence
251        void MessageEnd();
252
253protected:
254        BufferedTransformation &m_inQueue;
255        bool m_finished, m_definiteLength;
256        lword m_length;
257
258private:
259        void Init(byte asnTag);
260        void StoreInitialize(const NameValuePairs &parameters)
261                {CRYPTOPP_UNUSED(parameters); CRYPTOPP_ASSERT(false);}
262        lword ReduceLength(lword delta);
263};
264
265// GCC (and likely other compilers) identify the explicit DERGeneralEncoder as a copy constructor;
266// and not a constructor. We had to remove the default asnTag value to point the compiler in the
267// proper direction. We did not break the library or versioning based on the output of
268// `nm --demangle libcryptopp.a | grep DERGeneralEncoder::DERGeneralEncoder | grep -v " U "`.
269
270//! \brief DER General Encoder
271class CRYPTOPP_DLL DERGeneralEncoder : public ByteQueue
272{
273public:
274#if defined(CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562)
275        explicit DERGeneralEncoder(BufferedTransformation &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED);
276        explicit DERGeneralEncoder(DERGeneralEncoder &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED);
277#else
278        explicit DERGeneralEncoder(BufferedTransformation &outQueue, byte asnTag /*= SEQUENCE | CONSTRUCTED*/);
279        explicit DERGeneralEncoder(DERGeneralEncoder &outQueue, byte asnTag /*= SEQUENCE | CONSTRUCTED*/);
280#endif
281        ~DERGeneralEncoder();
282
283        // call this to denote end of sequence
284        void MessageEnd();
285
286private:
287        BufferedTransformation &m_outQueue;
288        bool m_finished;
289
290        byte m_asnTag;
291};
292
293//! \brief BER Sequence Decoder
294class CRYPTOPP_DLL BERSequenceDecoder : public BERGeneralDecoder
295{
296public:
297        explicit BERSequenceDecoder(BufferedTransformation &inQueue, byte asnTag = SEQUENCE | CONSTRUCTED)
298                : BERGeneralDecoder(inQueue, asnTag) {}
299        explicit BERSequenceDecoder(BERSequenceDecoder &inQueue, byte asnTag = SEQUENCE | CONSTRUCTED)
300                : BERGeneralDecoder(inQueue, asnTag) {}
301};
302
303//! \brief DER Sequence Encoder
304class CRYPTOPP_DLL DERSequenceEncoder : public DERGeneralEncoder
305{
306public:
307        explicit DERSequenceEncoder(BufferedTransformation &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED)
308                : DERGeneralEncoder(outQueue, asnTag) {}
309        explicit DERSequenceEncoder(DERSequenceEncoder &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED)
310                : DERGeneralEncoder(outQueue, asnTag) {}
311};
312
313//! \brief BER Set Decoder
314class CRYPTOPP_DLL BERSetDecoder : public BERGeneralDecoder
315{
316public:
317        explicit BERSetDecoder(BufferedTransformation &inQueue, byte asnTag = SET | CONSTRUCTED)
318                : BERGeneralDecoder(inQueue, asnTag) {}
319        explicit BERSetDecoder(BERSetDecoder &inQueue, byte asnTag = SET | CONSTRUCTED)
320                : BERGeneralDecoder(inQueue, asnTag) {}
321};
322
323//! \brief DER Set Encoder
324class CRYPTOPP_DLL DERSetEncoder : public DERGeneralEncoder
325{
326public:
327        explicit DERSetEncoder(BufferedTransformation &outQueue, byte asnTag = SET | CONSTRUCTED)
328                : DERGeneralEncoder(outQueue, asnTag) {}
329        explicit DERSetEncoder(DERSetEncoder &outQueue, byte asnTag = SET | CONSTRUCTED)
330                : DERGeneralEncoder(outQueue, asnTag) {}
331};
332
333//! \brief Optional data encoder and decoder
334//! \tparam T class or type
335template <class T>
336class ASNOptional : public member_ptr<T>
337{
338public:
339        //! \brief BER decode optional data
340        //! \param seqDecoder sequence with the optional ASN.1 data
341        //! \param tag ASN.1 tag to match as optional data
342        //! \param mask the mask to apply when matching the tag
343        //! \sa ASNTag and ASNIdFlag
344        void BERDecode(BERSequenceDecoder &seqDecoder, byte tag, byte mask = ~CONSTRUCTED)
345        {
346                byte b;
347                if (seqDecoder.Peek(b) && (b & mask) == tag)
348                        reset(new T(seqDecoder));
349        }
350
351        //! \brief DER encode optional data
352        //! \param out BufferedTransformation object
353        void DEREncode(BufferedTransformation &out)
354        {
355                if (this->get() != NULL)
356                        this->get()->DEREncode(out);
357        }
358};
359
360//! \brief Encode and decode ASN.1 objects with additional information
361//! \tparam BASE base class or type
362//! \details Encodes and decodes public keys, private keys and group
363//!   parameters with OID identifying the algorithm or scheme.
364template <class BASE>
365class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ASN1CryptoMaterial : public ASN1Object, public BASE
366{
367public:
368        //! \brief DER encode ASN.1 object
369        //! \param bt BufferedTransformation object
370        //! \details Save() will write the OID associated with algorithm or scheme.
371        //!   In the case of public and private keys, this function writes the
372        //!   subjectPubicKeyInfo and privateKeyInfo parts.
373        void Save(BufferedTransformation &bt) const
374                {BEREncode(bt);}
375
376        //! \brief BER decode ASN.1 object
377        //! \param bt BufferedTransformation object
378        void Load(BufferedTransformation &bt)
379                {BERDecode(bt);}
380};
381
382//! \brief Encodes and decodes subjectPublicKeyInfo
383class CRYPTOPP_DLL X509PublicKey : public ASN1CryptoMaterial<PublicKey>
384{
385public:
386        void BERDecode(BufferedTransformation &bt);
387        void DEREncode(BufferedTransformation &bt) const;
388
389        //! \brief Retrieves the OID of the algorithm
390        //! \returns OID of the algorithm
391        virtual OID GetAlgorithmID() const =0;
392        virtual bool BERDecodeAlgorithmParameters(BufferedTransformation &bt)
393                {BERDecodeNull(bt); return false;}
394        virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const
395                {DEREncodeNull(bt); return false;}      // see RFC 2459, section 7.3.1
396
397        //! decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header
398        virtual void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size) =0;
399        //! encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header
400        virtual void DEREncodePublicKey(BufferedTransformation &bt) const =0;
401};
402
403//! \brief Encodes and decodesprivateKeyInfo
404class CRYPTOPP_DLL PKCS8PrivateKey : public ASN1CryptoMaterial<PrivateKey>
405{
406public:
407        void BERDecode(BufferedTransformation &bt);
408        void DEREncode(BufferedTransformation &bt) const;
409
410        //! \brief Retrieves the OID of the algorithm
411        //! \returns OID of the algorithm
412        virtual OID GetAlgorithmID() const =0;
413        virtual bool BERDecodeAlgorithmParameters(BufferedTransformation &bt)
414                {BERDecodeNull(bt); return false;}
415        virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const
416                {DEREncodeNull(bt); return false;}      // see RFC 2459, section 7.3.1
417
418        //! decode privateKey part of privateKeyInfo, without the OCTET STRING header
419        virtual void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size) =0;
420        //! encode privateKey part of privateKeyInfo, without the OCTET STRING header
421        virtual void DEREncodePrivateKey(BufferedTransformation &bt) const =0;
422
423        //! decode optional attributes including context-specific tag
424        /*! /note default implementation stores attributes to be output in DEREncodeOptionalAttributes */
425        virtual void BERDecodeOptionalAttributes(BufferedTransformation &bt);
426        //! encode optional attributes including context-specific tag
427        virtual void DEREncodeOptionalAttributes(BufferedTransformation &bt) const;
428
429protected:
430        ByteQueue m_optionalAttributes;
431};
432
433// ********************************************************
434
435//! \brief DER Encode unsigned value
436//! \tparam T class or type
437//! \param out BufferedTransformation object
438//! \param w unsigned value to encode
439//! \param asnTag the ASN.1 type
440//! \details DEREncodeUnsigned() can be used with INTEGER, BOOLEAN, and ENUM
441template <class T>
442size_t DEREncodeUnsigned(BufferedTransformation &out, T w, byte asnTag = INTEGER)
443{
444        byte buf[sizeof(w)+1];
445        unsigned int bc;
446        if (asnTag == BOOLEAN)
447        {
448                buf[sizeof(w)] = w ? 0xff : 0;
449                bc = 1;
450        }
451        else
452        {
453                buf[0] = 0;
454                for (unsigned int i=0; i<sizeof(w); i++)
455                        buf[i+1] = byte(w >> (sizeof(w)-1-i)*8);
456                bc = sizeof(w);
457                while (bc > 1 && buf[sizeof(w)+1-bc] == 0)
458                        --bc;
459                if (buf[sizeof(w)+1-bc] & 0x80)
460                        ++bc;
461        }
462        out.Put(asnTag);
463        size_t lengthBytes = DERLengthEncode(out, bc);
464        out.Put(buf+sizeof(w)+1-bc, bc);
465        return 1+lengthBytes+bc;
466}
467
468//! \brief BER Decode unsigned value
469//! \tparam T class or type
470//! \param in BufferedTransformation object
471//! \param w unsigned value to encode
472//! \param asnTag the ASN.1 type
473//! \param minValue the minimum expected value
474//! \param maxValue the maximum expected value
475//! \throws BERDecodeErr() if the value cannot be parsed or the decoded value is not within range.
476//! \details DEREncodeUnsigned() can be used with INTEGER, BOOLEAN, and ENUM
477template <class T>
478void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER,
479                                           T minValue = 0, T maxValue = ((std::numeric_limits<T>::max)()))
480{
481        byte b;
482        if (!in.Get(b) || b != asnTag)
483                BERDecodeError();
484
485        size_t bc;
486        bool definite = BERLengthDecode(in, bc);
487        if (!definite)
488                BERDecodeError();
489
490        SecByteBlock buf(bc);
491
492        if (bc != in.Get(buf, bc))
493                BERDecodeError();
494
495        const byte *ptr = buf;
496        while (bc > sizeof(w) && *ptr == 0)
497        {
498                bc--;
499                ptr++;
500        }
501        if (bc > sizeof(w))
502                BERDecodeError();
503
504        w = 0;
505        for (unsigned int i=0; i<bc; i++)
506                w = (w << 8) | ptr[i];
507
508        if (w < minValue || w > maxValue)
509                BERDecodeError();
510}
511
512#ifdef CRYPTOPP_DOXYGEN_PROCESSING
513//! \brief Compare two OIDs for equality
514//! \param lhs the first OID
515//! \param rhs the second OID
516//! \returns true if the OIDs are equal, false otherwise
517inline bool operator==(const OID &lhs, const OID &rhs);
518//! \brief Compare two OIDs for inequality
519//! \param lhs the first OID
520//! \param rhs the second OID
521//! \returns true if the OIDs are not equal, false otherwise
522inline bool operator!=(const OID &lhs, const OID &rhs);
523//! \brief Compare two OIDs for ordering
524//! \param lhs the first OID
525//! \param rhs the second OID
526//! \returns true if the first OID is less than the second OID, false otherwise
527//! \details operator<() calls std::lexicographical_compare() on each element in the array of values.
528inline bool operator<(const OID &lhs, const OID &rhs);
529//! \brief Append a value to an OID
530//! \param lhs the OID
531//! \param rhs the value to append
532inline OID operator+(const OID &lhs, unsigned long rhs);
533#else
534inline bool operator==(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs)
535        {return lhs.m_values == rhs.m_values;}
536inline bool operator!=(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs)
537        {return lhs.m_values != rhs.m_values;}
538inline bool operator<(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs)
539        {return std::lexicographical_compare(lhs.m_values.begin(), lhs.m_values.end(), rhs.m_values.begin(), rhs.m_values.end());}
540inline ::CryptoPP::OID operator+(const ::CryptoPP::OID &lhs, unsigned long rhs)
541        {return ::CryptoPP::OID(lhs)+=rhs;}
542#endif
543
544NAMESPACE_END
545
546#endif
Note: See TracBrowser for help on using the repository browser.