1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4 5 // Package asn1 implements parsing of DER-encoded ASN.1 data structures,
6 // as defined in ITU-T Rec X.690.
7 //
8 // See also “A Layman's Guide to a Subset of ASN.1, BER, and DER,”
9 // http://luca.ntop.org/Teaching/Appunti/asn1.html.
10 package asn1
11 12 // ASN.1 is a syntax for specifying abstract objects and BER, DER, PER, XER etc
13 // are different encoding formats for those objects. Here, we'll be dealing
14 // with DER, the Distinguished Encoding Rules. DER is used in X.509 because
15 // it's fast to parse and, unlike BER, has a unique encoding for every object.
16 // When calculating hashes over objects, it's important that the resulting
17 // bytes be the same at both ends and DER removes this margin of error.
18 //
19 // ASN.1 is very complex and this package doesn't attempt to implement
20 // everything by any means.
21 22 import (
23 "errors"
24 "fmt"
25 "internal/saferio"
26 "math"
27 "math/big"
28 "slices"
29 "strconv"
30 "bytes"
31 "time"
32 "unicode/utf16"
33 "unicode/utf8"
34 "unsafe"
35 )
36 37 // A StructuralError suggests that the ASN.1 data is valid, but the Go type
38 // which is receiving it doesn't match.
39 type StructuralError struct {
40 Msg []byte
41 }
42 43 func (e StructuralError) Error() string { return "asn1: structure error: " + e.Msg }
44 45 // A SyntaxError suggests that the ASN.1 data is invalid.
46 type SyntaxError struct {
47 Msg []byte
48 }
49 50 func (e SyntaxError) Error() string { return "asn1: syntax error: " + e.Msg }
51 52 // We start by dealing with each of the primitive types in turn.
53 54 // BOOLEAN
55 56 func parseBool(bytes []byte) (ret bool, err error) {
57 if len(bytes) != 1 {
58 err = SyntaxError{"invalid boolean"}
59 return
60 }
61 62 // DER demands that "If the encoding represents the boolean value TRUE,
63 // its single contents octet shall have all eight bits set to one."
64 // Thus only 0 and 255 are valid encoded values.
65 switch bytes[0] {
66 case 0:
67 ret = false
68 case 0xff:
69 ret = true
70 default:
71 err = SyntaxError{"invalid boolean"}
72 }
73 74 return
75 }
76 77 // INTEGER
78 79 // checkInteger returns nil if the given bytes are a valid DER-encoded
80 // INTEGER and an error otherwise.
81 func checkInteger(bytes []byte) error {
82 if len(bytes) == 0 {
83 return StructuralError{"empty integer"}
84 }
85 if len(bytes) == 1 {
86 return nil
87 }
88 if (bytes[0] == 0 && bytes[1]&0x80 == 0) || (bytes[0] == 0xff && bytes[1]&0x80 == 0x80) {
89 return StructuralError{"integer not minimally-encoded"}
90 }
91 return nil
92 }
93 94 // parseInt64 treats the given bytes as a big-endian, signed integer and
95 // returns the result.
96 func parseInt64(bytes []byte) (ret int64, err error) {
97 err = checkInteger(bytes)
98 if err != nil {
99 return
100 }
101 if len(bytes) > 8 {
102 // We'll overflow an int64 in this case.
103 err = StructuralError{"integer too large"}
104 return
105 }
106 for bytesRead := 0; bytesRead < len(bytes); bytesRead++ {
107 ret <<= 8
108 ret |= int64(bytes[bytesRead])
109 }
110 111 // Shift up and down in order to sign extend the result.
112 ret <<= 64 - uint8(len(bytes))*8
113 ret >>= 64 - uint8(len(bytes))*8
114 return
115 }
116 117 // parseInt32 treats the given bytes as a big-endian, signed integer and returns
118 // the result.
119 func parseInt32(bytes []byte) (int32, error) {
120 if err := checkInteger(bytes); err != nil {
121 return 0, err
122 }
123 ret64, err := parseInt64(bytes)
124 if err != nil {
125 return 0, err
126 }
127 if ret64 != int64(int32(ret64)) {
128 return 0, StructuralError{"integer too large"}
129 }
130 return int32(ret64), nil
131 }
132 133 var bigOne = big.NewInt(1)
134 135 // parseBigInt treats the given bytes as a big-endian, signed integer and returns
136 // the result.
137 func parseBigInt(bytes []byte) (*big.Int, error) {
138 if err := checkInteger(bytes); err != nil {
139 return nil, err
140 }
141 ret := &big.Int{}
142 if len(bytes) > 0 && bytes[0]&0x80 == 0x80 {
143 // This is a negative number.
144 notBytes := []byte{:len(bytes)}
145 for i := range notBytes {
146 notBytes[i] = ^bytes[i]
147 }
148 ret.SetBytes(notBytes)
149 ret.Add(ret, bigOne)
150 ret.Neg(ret)
151 return ret, nil
152 }
153 ret.SetBytes(bytes)
154 return ret, nil
155 }
156 157 // BIT STRING
158 159 // BitString is the structure to use when you want an ASN.1 BIT STRING type. A
160 // bit string is padded up to the nearest byte in memory and the number of
161 // valid bits is recorded. Padding bits will be zero.
162 type BitString struct {
163 Bytes []byte // bits packed into bytes.
164 BitLength int // length in bits.
165 }
166 167 // At returns the bit at the given index. If the index is out of range it
168 // returns 0.
169 func (b BitString) At(i int) int {
170 if i < 0 || i >= b.BitLength {
171 return 0
172 }
173 x := i / 8
174 y := 7 - uint(i%8)
175 return int(b.Bytes[x]>>y) & 1
176 }
177 178 // RightAlign returns a slice where the padding bits are at the beginning. The
179 // slice may share memory with the BitString.
180 func (b BitString) RightAlign() []byte {
181 shift := uint(8 - (b.BitLength % 8))
182 if shift == 8 || len(b.Bytes) == 0 {
183 return b.Bytes
184 }
185 186 a := []byte{:len(b.Bytes)}
187 a[0] = b.Bytes[0] >> shift
188 for i := 1; i < len(b.Bytes); i++ {
189 a[i] = b.Bytes[i-1] << (8 - shift)
190 a[i] |= b.Bytes[i] >> shift
191 }
192 193 return a
194 }
195 196 // parseBitString parses an ASN.1 bit string from the given byte slice and returns it.
197 func parseBitString(bytes []byte) (ret BitString, err error) {
198 if len(bytes) == 0 {
199 err = SyntaxError{"zero length BIT STRING"}
200 return
201 }
202 paddingBits := int(bytes[0])
203 if paddingBits > 7 ||
204 len(bytes) == 1 && paddingBits > 0 ||
205 bytes[len(bytes)-1]&((1<<bytes[0])-1) != 0 {
206 err = SyntaxError{"invalid padding bits in BIT STRING"}
207 return
208 }
209 ret.BitLength = (len(bytes)-1)*8 - paddingBits
210 ret.Bytes = bytes[1:]
211 return
212 }
213 214 // NULL
215 216 // NullRawValue is a [RawValue] with its Tag set to the ASN.1 NULL type tag (5).
217 var NullRawValue = RawValue{Tag: TagNull}
218 219 // NullBytes contains bytes representing the DER-encoded ASN.1 NULL type.
220 var NullBytes = []byte{TagNull, 0}
221 222 // OBJECT IDENTIFIER
223 224 // An ObjectIdentifier represents an ASN.1 OBJECT IDENTIFIER.
225 type ObjectIdentifier []int
226 227 // Equal reports whether oi and other represent the same identifier.
228 func (oi ObjectIdentifier) Equal(other ObjectIdentifier) bool {
229 return slices.Equal(oi, other)
230 }
231 232 func (oi ObjectIdentifier) String() string {
233 var s bytes.Buffer
234 s.Grow(32)
235 236 buf := []byte{:0:19}
237 for i, v := range oi {
238 if i > 0 {
239 s.WriteByte('.')
240 }
241 s.Write(strconv.AppendInt(buf, int64(v), 10))
242 }
243 244 return s.String()
245 }
246 247 // parseObjectIdentifier parses an OBJECT IDENTIFIER from the given bytes and
248 // returns it. An object identifier is a sequence of variable length integers
249 // that are assigned in a hierarchy.
250 func parseObjectIdentifier(bytes []byte) (s ObjectIdentifier, err error) {
251 if len(bytes) == 0 {
252 err = SyntaxError{"zero length OBJECT IDENTIFIER"}
253 return
254 }
255 256 // In the worst case, we get two elements from the first byte (which is
257 // encoded differently) and then every varint is a single byte long.
258 s = []int{:len(bytes)+1}
259 260 // The first varint is 40*value1 + value2:
261 // According to this packing, value1 can take the values 0, 1 and 2 only.
262 // When value1 = 0 or value1 = 1, then value2 is <= 39. When value1 = 2,
263 // then there are no restrictions on value2.
264 v, offset, err := parseBase128Int(bytes, 0)
265 if err != nil {
266 return
267 }
268 if v < 80 {
269 s[0] = v / 40
270 s[1] = v % 40
271 } else {
272 s[0] = 2
273 s[1] = v - 80
274 }
275 276 i := 2
277 for ; offset < len(bytes); i++ {
278 v, offset, err = parseBase128Int(bytes, offset)
279 if err != nil {
280 return
281 }
282 s[i] = v
283 }
284 s = s[0:i]
285 return
286 }
287 288 // ENUMERATED
289 290 // An Enumerated is represented as a plain int.
291 type Enumerated int
292 293 // FLAG
294 295 // A Flag accepts any data and is set to true if present.
296 type Flag bool
297 298 // parseBase128Int parses a base-128 encoded int from the given offset in the
299 // given byte slice. It returns the value and the new offset.
300 func parseBase128Int(bytes []byte, initOffset int) (ret, offset int, err error) {
301 offset = initOffset
302 var ret64 int64
303 for shifted := 0; offset < len(bytes); shifted++ {
304 // 5 * 7 bits per byte == 35 bits of data
305 // Thus the representation is either non-minimal or too large for an int32
306 if shifted == 5 {
307 err = StructuralError{"base 128 integer too large"}
308 return
309 }
310 ret64 <<= 7
311 b := bytes[offset]
312 // integers should be minimally encoded, so the leading octet should
313 // never be 0x80
314 if shifted == 0 && b == 0x80 {
315 err = SyntaxError{"integer is not minimally encoded"}
316 return
317 }
318 ret64 |= int64(b & 0x7f)
319 offset++
320 if b&0x80 == 0 {
321 ret = int(ret64)
322 // Ensure that the returned value fits in an int on all platforms
323 if ret64 > math.MaxInt32 {
324 err = StructuralError{"base 128 integer too large"}
325 }
326 return
327 }
328 }
329 err = SyntaxError{"truncated base 128 integer"}
330 return
331 }
332 333 // UTCTime
334 335 func parseUTCTime(bytes []byte) (ret time.Time, err error) {
336 s := []byte(bytes)
337 338 formatStr := "0601021504Z0700"
339 ret, err = time.Parse(formatStr, s)
340 if err != nil {
341 formatStr = "060102150405Z0700"
342 ret, err = time.Parse(formatStr, s)
343 }
344 if err != nil {
345 return
346 }
347 348 if serialized := ret.Format(formatStr); serialized != s {
349 err = fmt.Errorf("asn1: time did not serialize back to the original value and may be invalid: given %q, but serialized as %q", s, serialized)
350 return
351 }
352 353 if ret.Year() >= 2050 {
354 // UTCTime only encodes times prior to 2050. See https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1
355 ret = ret.AddDate(-100, 0, 0)
356 }
357 358 return
359 }
360 361 // parseGeneralizedTime parses the GeneralizedTime from the given byte slice
362 // and returns the resulting time.
363 func parseGeneralizedTime(bytes []byte) (ret time.Time, err error) {
364 const formatStr = "20060102150405.999999999Z0700"
365 s := []byte(bytes)
366 367 if ret, err = time.Parse(formatStr, s); err != nil {
368 return
369 }
370 371 if serialized := ret.Format(formatStr); serialized != s {
372 err = fmt.Errorf("asn1: time did not serialize back to the original value and may be invalid: given %q, but serialized as %q", s, serialized)
373 }
374 375 return
376 }
377 378 // NumericString
379 380 // parseNumericString parses an ASN.1 NumericString from the given byte array
381 // and returns it.
382 func parseNumericString(bytes []byte) (ret []byte, err error) {
383 for _, b := range bytes {
384 if !isNumeric(b) {
385 return "", SyntaxError{"NumericString contains invalid character"}
386 }
387 }
388 return []byte(bytes), nil
389 }
390 391 // isNumeric reports whether the given b is in the ASN.1 NumericString set.
392 func isNumeric(b byte) bool {
393 return '0' <= b && b <= '9' ||
394 b == ' '
395 }
396 397 // PrintableString
398 399 // parsePrintableString parses an ASN.1 PrintableString from the given byte
400 // array and returns it.
401 func parsePrintableString(bytes []byte) (ret []byte, err error) {
402 for _, b := range bytes {
403 if !isPrintable(b, allowAsterisk, allowAmpersand) {
404 err = SyntaxError{"PrintableString contains invalid character"}
405 return
406 }
407 }
408 ret = []byte(bytes)
409 return
410 }
411 412 type asteriskFlag bool
413 type ampersandFlag bool
414 415 const (
416 allowAsterisk asteriskFlag = true
417 rejectAsterisk asteriskFlag = false
418 419 allowAmpersand ampersandFlag = true
420 rejectAmpersand ampersandFlag = false
421 )
422 423 // isPrintable reports whether the given b is in the ASN.1 PrintableString set.
424 // If asterisk is allowAsterisk then '*' is also allowed, reflecting existing
425 // practice. If ampersand is allowAmpersand then '&' is allowed as well.
426 func isPrintable(b byte, asterisk asteriskFlag, ampersand ampersandFlag) bool {
427 return 'a' <= b && b <= 'z' ||
428 'A' <= b && b <= 'Z' ||
429 '0' <= b && b <= '9' ||
430 '\'' <= b && b <= ')' ||
431 '+' <= b && b <= '/' ||
432 b == ' ' ||
433 b == ':' ||
434 b == '=' ||
435 b == '?' ||
436 // This is technically not allowed in a PrintableString.
437 // However, x509 certificates with wildcard strings don't
438 // always use the correct string type so we permit it.
439 (bool(asterisk) && b == '*') ||
440 // This is not technically allowed either. However, not
441 // only is it relatively common, but there are also a
442 // handful of CA certificates that contain it. At least
443 // one of which will not expire until 2027.
444 (bool(ampersand) && b == '&')
445 }
446 447 // IA5String
448 449 // parseIA5String parses an ASN.1 IA5String (ASCII string) from the given
450 // byte slice and returns it.
451 func parseIA5String(bytes []byte) (ret []byte, err error) {
452 for _, b := range bytes {
453 if b >= utf8.RuneSelf {
454 err = SyntaxError{"IA5String contains invalid character"}
455 return
456 }
457 }
458 ret = []byte(bytes)
459 return
460 }
461 462 // T61String
463 464 // parseT61String parses an ASN.1 T61String (8-bit clean string) from the given
465 // byte slice and returns it.
466 func parseT61String(bytes []byte) (ret []byte, err error) {
467 // T.61 is a defunct ITU 8-bit character encoding which preceded Unicode.
468 // T.61 uses a code page layout that _almost_ exactly maps to the code
469 // page layout of the ISO 8859-1 (Latin-1) character encoding, with the
470 // exception that a number of characters in Latin-1 are not present
471 // in T.61.
472 //
473 // Instead of mapping which characters are present in Latin-1 but not T.61,
474 // we just treat these strings as being encoded using Latin-1. This matches
475 // what most of the world does, including BoringSSL.
476 buf := []byte{:0:len(bytes)}
477 for _, v := range bytes {
478 // All the 1-byte UTF-8 runes map 1-1 with Latin-1.
479 buf = utf8.AppendRune(buf, rune(v))
480 }
481 return []byte(buf), nil
482 }
483 484 // UTF8String
485 486 // parseUTF8String parses an ASN.1 UTF8String (raw UTF-8) from the given byte
487 // array and returns it.
488 func parseUTF8String(bytes []byte) (ret []byte, err error) {
489 if !utf8.Valid(bytes) {
490 return "", errors.New("asn1: invalid UTF-8 string")
491 }
492 return []byte(bytes), nil
493 }
494 495 // BMPString
496 497 // parseBMPString parses an ASN.1 BMPString (Basic Multilingual Plane of
498 // ISO/IEC/ITU 10646-1) from the given byte slice and returns it.
499 func parseBMPString(bmpString []byte) ([]byte, error) {
500 // BMPString uses the defunct UCS-2 16-bit character encoding, which
501 // covers the Basic Multilingual Plane (BMP). UTF-16 was an extension of
502 // UCS-2, containing all of the same code points, but also including
503 // multi-code point characters (by using surrogate code points). We can
504 // treat a UCS-2 encoded string as a UTF-16 encoded string, as long as
505 // we reject out the UTF-16 specific code points. This matches the
506 // BoringSSL behavior.
507 508 if len(bmpString)%2 != 0 {
509 return "", errors.New("invalid BMPString")
510 }
511 512 // Strip terminator if present.
513 if l := len(bmpString); l >= 2 && bmpString[l-1] == 0 && bmpString[l-2] == 0 {
514 bmpString = bmpString[:l-2]
515 }
516 517 s := []uint16{:0:len(bmpString)/2}
518 for len(bmpString) > 0 {
519 point := uint16(bmpString[0])<<8 + uint16(bmpString[1])
520 // Reject UTF-16 code points that are permanently reserved
521 // noncharacters (0xfffe, 0xffff, and 0xfdd0-0xfdef) and surrogates
522 // (0xd800-0xdfff).
523 if point == 0xfffe || point == 0xffff ||
524 (point >= 0xfdd0 && point <= 0xfdef) ||
525 (point >= 0xd800 && point <= 0xdfff) {
526 return "", errors.New("invalid BMPString")
527 }
528 s = append(s, point)
529 bmpString = bmpString[2:]
530 }
531 532 runes := utf16.Decode(s)
533 buf := []byte{:0:len(runes)*3}
534 var tmp [utf8.UTFMax]byte
535 for _, r := range runes {
536 n := utf8.EncodeRune(tmp[:], r)
537 buf = append(buf, tmp[:n]...)
538 }
539 return buf, nil
540 }
541 542 // A RawValue represents an undecoded ASN.1 object.
543 type RawValue struct {
544 Class, Tag int
545 IsCompound bool
546 Bytes []byte
547 FullBytes []byte // includes the tag and length
548 }
549 550 // RawContent is used to signal that the undecoded, DER data needs to be
551 // preserved for a struct. To use it, the first field of the struct must have
552 // this type. It's an error for any of the other fields to have this type.
553 type RawContent []byte
554 555 // Tagging
556 557 // parseTagAndLength parses an ASN.1 tag and length pair from the given offset
558 // into a byte slice. It returns the parsed data and the new offset. SET and
559 // SET OF (tag 17) are mapped to SEQUENCE and SEQUENCE OF (tag 16) since we
560 // don't distinguish between ordered and unordered objects in this code.
561 func parseTagAndLength(bytes []byte, initOffset int) (ret tagAndLength, offset int, err error) {
562 offset = initOffset
563 // parseTagAndLength should not be called without at least a single
564 // byte to read. Thus this check is for robustness:
565 if offset >= len(bytes) {
566 err = errors.New("asn1: internal error in parseTagAndLength")
567 return
568 }
569 b := bytes[offset]
570 offset++
571 ret.class = int(b >> 6)
572 ret.isCompound = b&0x20 == 0x20
573 ret.tag = int(b & 0x1f)
574 575 // If the bottom five bits are set, then the tag number is actually base 128
576 // encoded afterwards
577 if ret.tag == 0x1f {
578 ret.tag, offset, err = parseBase128Int(bytes, offset)
579 if err != nil {
580 return
581 }
582 // Tags should be encoded in minimal form.
583 if ret.tag < 0x1f {
584 err = SyntaxError{"non-minimal tag"}
585 return
586 }
587 }
588 if offset >= len(bytes) {
589 err = SyntaxError{"truncated tag or length"}
590 return
591 }
592 b = bytes[offset]
593 offset++
594 if b&0x80 == 0 {
595 // The length is encoded in the bottom 7 bits.
596 ret.length = int(b & 0x7f)
597 } else {
598 // Bottom 7 bits give the number of length bytes to follow.
599 numBytes := int(b & 0x7f)
600 if numBytes == 0 {
601 err = SyntaxError{"indefinite length found (not DER)"}
602 return
603 }
604 ret.length = 0
605 for i := 0; i < numBytes; i++ {
606 if offset >= len(bytes) {
607 err = SyntaxError{"truncated tag or length"}
608 return
609 }
610 b = bytes[offset]
611 offset++
612 if ret.length >= 1<<23 {
613 // We can't shift ret.length up without
614 // overflowing.
615 err = StructuralError{"length too large"}
616 return
617 }
618 ret.length <<= 8
619 ret.length |= int(b)
620 if ret.length == 0 {
621 // DER requires that lengths be minimal.
622 err = StructuralError{"superfluous leading zeros in length"}
623 return
624 }
625 }
626 // Short lengths must be encoded in short form.
627 if ret.length < 0x80 {
628 err = StructuralError{"non-minimal length"}
629 return
630 }
631 }
632 633 return
634 }
635 636 // parseSequenceOf is used for SEQUENCE OF and SET OF values. It tries to parse
637 // a number of ASN.1 values from the given byte slice and returns them as a
638 // slice of Go values of the given type.
639 // parseSequenceOfUnsafe parses a SEQUENCE OF / SET OF into a raw slice buffer.
640 // elemType is the element type code. Returns a pointer to a _sliceHeader.
641 func parseSequenceOfUnsafe(data []byte, elemType *_rawType) (slicePtr unsafe.Pointer, err error) {
642 matchAny, expectedTag, compoundType, ok := getUniversalType(elemType)
643 if !ok {
644 err = StructuralError{"unknown Go type for slice"}
645 return
646 }
647 648 numElements := 0
649 for offset := 0; offset < len(data); {
650 var t tagAndLength
651 t, offset, err = parseTagAndLength(data, offset)
652 if err != nil {
653 return
654 }
655 switch t.tag {
656 case TagIA5String, TagGeneralString, TagT61String, TagUTF8String, TagNumericString, TagBMPString:
657 t.tag = TagPrintableString
658 case TagGeneralizedTime, TagUTCTime:
659 t.tag = TagUTCTime
660 }
661 if !matchAny && (t.class != ClassUniversal || t.isCompound != compoundType || t.tag != expectedTag) {
662 err = StructuralError{"sequence tag mismatch"}
663 return
664 }
665 if invalidLength(offset, t.length, len(data)) {
666 err = SyntaxError{"truncated sequence"}
667 return
668 }
669 offset += t.length
670 numElements++
671 }
672 673 elemSize := uint64(elemType.size())
674 safeCap := saferio.SliceCapWithSize(elemSize, uint64(numElements))
675 if safeCap < 0 {
676 err = SyntaxError{fmt.Sprintf("slice too big: %d elements of %d bytes", numElements, elemSize)}
677 return
678 }
679 680 slicePtr = makeSliceOf(elemType, numElements, safeCap)
681 params := fieldParameters{}
682 offset := 0
683 for i := 0; i < numElements; i++ {
684 elemPtr := sliceIndex(slicePtr, elemType, i)
685 offset, err = parseFieldUnsafe(elemType, elemPtr, data, offset, params)
686 if err != nil {
687 return
688 }
689 }
690 return
691 }
692 693 // Type code pointers for known ASN.1 types. Obtained by decomposing
694 // a nil pointer interface to extract the compiler's type descriptor.
695 var (
696 _bitStringTC = typeCodeOf((*BitString)(nil)).elem()
697 _objectIdentifierTC = typeCodeOf((*ObjectIdentifier)(nil)).elem()
698 _enumeratedTC = typeCodeOf((*Enumerated)(nil)).elem()
699 _flagTC = typeCodeOf((*Flag)(nil)).elem()
700 _timeTC = typeCodeOf((*time.Time)(nil)).elem()
701 _rawValueTC = typeCodeOf((*RawValue)(nil)).elem()
702 _rawContentsTC = typeCodeOf((*RawContent)(nil)).elem()
703 _bigIntPtrTC = typeCodeOf((**big.Int)(nil)).elem() // *big.Int, not big.Int
704 )
705 706 // invalidLength reports whether offset + length > sliceLength, or if the
707 // addition would overflow.
708 func invalidLength(offset, length, sliceLength int) bool {
709 return offset+length < offset || offset+length > sliceLength
710 }
711 712 // getASN1Tag extracts the "asn1" value from a raw struct tag string.
713 func getASN1Tag(tag []byte) []byte {
714 key := []byte(`asn1:"`)
715 i := bytes.Index(tag, key)
716 if i < 0 {
717 return nil
718 }
719 tag = tag[i+len(key):]
720 j := bytes.IndexByte(tag, '"')
721 if j < 0 {
722 return tag
723 }
724 return tag[:j]
725 }
726 727 // parseFieldUnsafe is the main parsing function. Given a type code, a pointer
728 // to the destination, and a byte slice with offset, it parses an ASN.1 value
729 // and writes it directly through the unsafe pointer.
730 func parseFieldUnsafe(typ *_rawType, ptr unsafe.Pointer, data []byte, initOffset int, params fieldParameters) (offset int, err error) {
731 offset = initOffset
732 733 if offset == len(data) {
734 if !setDefaultValueUnsafe(typ, ptr, params) {
735 err = SyntaxError{"sequence truncated"}
736 }
737 return
738 }
739 740 // Deal with the ANY type (interface{}).
741 if typ.kind() == akInterface {
742 var t tagAndLength
743 t, offset, err = parseTagAndLength(data, offset)
744 if err != nil {
745 return
746 }
747 if invalidLength(offset, t.length, len(data)) {
748 err = SyntaxError{"data truncated"}
749 return
750 }
751 var result any
752 if !t.isCompound && t.class == ClassUniversal {
753 innerBytes := data[offset : offset+t.length]
754 switch t.tag {
755 case TagBoolean:
756 result, err = parseBool(innerBytes)
757 case TagPrintableString:
758 result, err = parsePrintableString(innerBytes)
759 case TagNumericString:
760 result, err = parseNumericString(innerBytes)
761 case TagIA5String:
762 result, err = parseIA5String(innerBytes)
763 case TagT61String:
764 result, err = parseT61String(innerBytes)
765 case TagUTF8String:
766 result, err = parseUTF8String(innerBytes)
767 case TagInteger:
768 result, err = parseInt64(innerBytes)
769 case TagBitString:
770 result, err = parseBitString(innerBytes)
771 case TagOID:
772 result, err = parseObjectIdentifier(innerBytes)
773 case TagUTCTime:
774 result, err = parseUTCTime(innerBytes)
775 case TagGeneralizedTime:
776 result, err = parseGeneralizedTime(innerBytes)
777 case TagOctetString:
778 result = innerBytes
779 case TagBMPString:
780 result, err = parseBMPString(innerBytes)
781 }
782 }
783 offset += t.length
784 if err != nil {
785 return
786 }
787 if result != nil {
788 *(*any)(ptr) = result
789 }
790 return
791 }
792 793 t, offset, err := parseTagAndLength(data, offset)
794 if err != nil {
795 return
796 }
797 if params.explicit {
798 expectedClass := ClassContextSpecific
799 if params.application {
800 expectedClass = ClassApplication
801 }
802 if offset == len(data) {
803 err = StructuralError{"explicit tag has no child"}
804 return
805 }
806 if t.class == expectedClass && t.tag == *params.tag && (t.length == 0 || t.isCompound) {
807 if typ == _rawValueTC {
808 // The inner element should not be parsed for RawValues.
809 } else if t.length > 0 {
810 t, offset, err = parseTagAndLength(data, offset)
811 if err != nil {
812 return
813 }
814 } else {
815 if typ != _flagTC {
816 err = StructuralError{"zero length explicit tag was not an asn1.Flag"}
817 return
818 }
819 *(*Flag)(ptr) = true
820 return
821 }
822 } else {
823 ok := setDefaultValueUnsafe(typ, ptr, params)
824 if ok {
825 offset = initOffset
826 } else {
827 err = StructuralError{"explicitly tagged member didn't match"}
828 }
829 return
830 }
831 }
832 833 matchAny, universalTag, compoundType, ok1 := getUniversalType(typ)
834 if !ok1 {
835 err = StructuralError{fmt.Sprintf("unknown Go type (kind %d)", typ.kind())}
836 return
837 }
838 839 // Special case for strings: all the ASN.1 string types map to the Go
840 // type string. getUniversalType returns the tag for PrintableString
841 // when it sees a string, so if we see a different string type on the
842 // wire, we change the universal type to match.
843 if universalTag == TagPrintableString {
844 if t.class == ClassUniversal {
845 switch t.tag {
846 case TagIA5String, TagGeneralString, TagT61String, TagUTF8String, TagNumericString, TagBMPString:
847 universalTag = t.tag
848 }
849 } else if params.stringType != 0 {
850 universalTag = params.stringType
851 }
852 }
853 854 // Special case for time: UTCTime and GeneralizedTime both map to the
855 // Go type time.Time.
856 if universalTag == TagUTCTime {
857 if t.class == ClassUniversal {
858 if t.tag == TagGeneralizedTime {
859 universalTag = t.tag
860 }
861 } else if params.timeType != 0 {
862 universalTag = params.timeType
863 }
864 }
865 866 if params.set {
867 universalTag = TagSet
868 }
869 870 matchAnyClassAndTag := matchAny
871 expectedClass := ClassUniversal
872 expectedTag := universalTag
873 874 if !params.explicit && params.tag != nil {
875 expectedClass = ClassContextSpecific
876 expectedTag = *params.tag
877 matchAnyClassAndTag = false
878 }
879 880 if !params.explicit && params.application && params.tag != nil {
881 expectedClass = ClassApplication
882 expectedTag = *params.tag
883 matchAnyClassAndTag = false
884 }
885 886 if !params.explicit && params.private && params.tag != nil {
887 expectedClass = ClassPrivate
888 expectedTag = *params.tag
889 matchAnyClassAndTag = false
890 }
891 892 // We have unwrapped any explicit tagging at this point.
893 if !matchAnyClassAndTag && (t.class != expectedClass || t.tag != expectedTag) ||
894 (!matchAny && t.isCompound != compoundType) {
895 ok := setDefaultValueUnsafe(typ, ptr, params)
896 if ok {
897 offset = initOffset
898 } else {
899 err = StructuralError{fmt.Sprintf("tags don't match (%d vs %+v) %+v %s @%d", expectedTag, t, params, typ.typeName(), offset)}
900 }
901 return
902 }
903 if invalidLength(offset, t.length, len(data)) {
904 err = SyntaxError{"data truncated"}
905 return
906 }
907 innerBytes := data[offset : offset+t.length]
908 offset += t.length
909 910 // Known concrete types by type code pointer comparison.
911 if typ == _rawValueTC {
912 *(*RawValue)(ptr) = RawValue{t.class, t.tag, t.isCompound, innerBytes, data[initOffset:offset]}
913 return
914 }
915 if typ == _objectIdentifierTC {
916 oid, e := parseObjectIdentifier(innerBytes)
917 if e != nil {
918 err = e
919 return
920 }
921 *(*ObjectIdentifier)(ptr) = oid
922 return
923 }
924 if typ == _bitStringTC {
925 bs, e := parseBitString(innerBytes)
926 if e != nil {
927 err = e
928 return
929 }
930 *(*BitString)(ptr) = bs
931 return
932 }
933 if typ == _timeTC {
934 var tv time.Time
935 var e error
936 if universalTag == TagUTCTime {
937 tv, e = parseUTCTime(innerBytes)
938 } else {
939 tv, e = parseGeneralizedTime(innerBytes)
940 }
941 if e != nil {
942 err = e
943 return
944 }
945 *(*time.Time)(ptr) = tv
946 return
947 }
948 if typ == _enumeratedTC {
949 iv, e := parseInt32(innerBytes)
950 if e != nil {
951 err = e
952 return
953 }
954 *(*Enumerated)(ptr) = Enumerated(iv)
955 return
956 }
957 if typ == _flagTC {
958 *(*Flag)(ptr) = true
959 return
960 }
961 if typ == _bigIntPtrTC {
962 bi, e := parseBigInt(innerBytes)
963 if e != nil {
964 err = e
965 return
966 }
967 *(**big.Int)(ptr) = bi
968 return
969 }
970 971 // Kind-based dispatch for primitive types.
972 switch typ.kind() {
973 case akBool:
974 bv, e := parseBool(innerBytes)
975 if e == nil {
976 *(*bool)(ptr) = bv
977 }
978 err = e
979 return
980 case akInt, akInt32, akInt64:
981 if typ.size() == 4 {
982 iv, e := parseInt32(innerBytes)
983 if e == nil {
984 *(*int32)(ptr) = iv
985 }
986 err = e
987 } else {
988 iv, e := parseInt64(innerBytes)
989 if e == nil {
990 *(*int64)(ptr) = iv
991 }
992 err = e
993 }
994 return
995 case akStruct:
996 for i := 0; i < typ.numField(); i++ {
997 if !typ.fieldExported(i) {
998 err = StructuralError{"struct contains unexported fields"}
999 return
1000 }
1001 }
1002 1003 if typ.numField() > 0 && typ.fieldType(0) == _rawContentsTC {
1004 rc := RawContent(data[initOffset:offset])
1005 *(*RawContent)(unsafe.Add(ptr, typ.fieldOffset(0))) = rc
1006 }
1007 1008 innerOffset := 0
1009 for i := 0; i < typ.numField(); i++ {
1010 if i == 0 && typ.fieldType(0) == _rawContentsTC {
1011 continue
1012 }
1013 ft := typ.fieldType(i)
1014 fp := unsafe.Add(ptr, typ.fieldOffset(i))
1015 tag := getASN1Tag(typ.fieldTag(i))
1016 innerOffset, err = parseFieldUnsafe(ft, fp, innerBytes, innerOffset, parseFieldParameters(tag))
1017 if err != nil {
1018 return
1019 }
1020 }
1021 return
1022 case akSlice:
1023 if typ.elem().kind() == akUint8 {
1024 dst := make([]byte, len(innerBytes))
1025 copy(dst, innerBytes)
1026 *(*[]byte)(ptr) = dst
1027 return
1028 }
1029 slicePtr, e := parseSequenceOfUnsafe(innerBytes, typ.elem())
1030 if e == nil {
1031 *(*_sliceHeader)(ptr) = *(*_sliceHeader)(slicePtr)
1032 }
1033 err = e
1034 return
1035 case akBytes:
1036 var sv []byte
1037 switch universalTag {
1038 case TagPrintableString:
1039 sv, err = parsePrintableString(innerBytes)
1040 case TagNumericString:
1041 sv, err = parseNumericString(innerBytes)
1042 case TagIA5String:
1043 sv, err = parseIA5String(innerBytes)
1044 case TagT61String:
1045 sv, err = parseT61String(innerBytes)
1046 case TagUTF8String:
1047 sv, err = parseUTF8String(innerBytes)
1048 case TagGeneralString:
1049 sv, err = parseT61String(innerBytes)
1050 case TagBMPString:
1051 sv, err = parseBMPString(innerBytes)
1052 default:
1053 err = SyntaxError{fmt.Sprintf("internal error: unknown string type %d", universalTag)}
1054 }
1055 if err == nil {
1056 *(*[]byte)(ptr) = sv
1057 }
1058 return
1059 }
1060 err = StructuralError{"unsupported: " + typ.typeName()}
1061 return
1062 }
1063 1064 // setDefaultValueUnsafe installs a default value from tag parameters.
1065 // Returns true if the field was optional (even if no default was set).
1066 func setDefaultValueUnsafe(typ *_rawType, ptr unsafe.Pointer, params fieldParameters) bool {
1067 if !params.optional {
1068 return false
1069 }
1070 if params.defaultValue == nil {
1071 return true
1072 }
1073 switch typ.kind() {
1074 case akInt, akInt8, akInt16, akInt32, akInt64:
1075 switch typ.size() {
1076 case 1:
1077 *(*int8)(ptr) = int8(*params.defaultValue)
1078 case 2:
1079 *(*int16)(ptr) = int16(*params.defaultValue)
1080 case 4:
1081 *(*int32)(ptr) = int32(*params.defaultValue)
1082 default:
1083 *(*int64)(ptr) = *params.defaultValue
1084 }
1085 }
1086 return true
1087 }
1088 1089 // Unmarshal parses the DER-encoded ASN.1 data structure b
1090 // and fills in an arbitrary value pointed at by val.
1091 // val must be a non-nil pointer.
1092 func Unmarshal(b []byte, val any) (rest []byte, err error) {
1093 return UnmarshalWithParams(b, val, "")
1094 }
1095 1096 // invalidUnmarshalError describes an invalid argument passed to Unmarshal.
1097 type invalidUnmarshalError struct {
1098 typeName []byte
1099 isNil bool
1100 isNonPtr bool
1101 }
1102 1103 func (e *invalidUnmarshalError) Error() string {
1104 if e.isNil && len(e.typeName) == 0 {
1105 return "asn1: Unmarshal recipient value is nil"
1106 }
1107 if e.isNonPtr {
1108 return "asn1: Unmarshal recipient value is non-pointer " + e.typeName
1109 }
1110 return "asn1: Unmarshal recipient value is nil " + e.typeName
1111 }
1112 1113 // UnmarshalWithParams allows field parameters to be specified for the
1114 // top-level element. The form of the params is the same as the field tags.
1115 func UnmarshalWithParams(b []byte, val any, params []byte) (rest []byte, err error) {
1116 elemType, dataPtr := derefPtr(val)
1117 if elemType == nil {
1118 tc := typeCodeOf(val)
1119 name := []byte("unknown")
1120 if tc != nil {
1121 if n := tc.typeName(); len(n) > 0 {
1122 name = n
1123 }
1124 }
1125 return nil, &invalidUnmarshalError{typeName: name, isNonPtr: true}
1126 }
1127 if dataPtr == nil {
1128 name := elemType.typeName()
1129 if len(name) == 0 {
1130 name = []byte("unknown")
1131 }
1132 return nil, &invalidUnmarshalError{typeName: name, isNil: true}
1133 }
1134 offset, err := parseFieldUnsafe(elemType, dataPtr, b, 0, parseFieldParameters(params))
1135 if err != nil {
1136 return nil, err
1137 }
1138 return b[offset:], nil
1139 }
1140