1 // Copyright 2017 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4 5 package cryptobyte
6 7 import (
8 encoding_asn1 "encoding/asn1"
9 "fmt"
10 "math/big"
11 "reflect"
12 "time"
13 14 "golang.org/x/crypto/cryptobyte/asn1"
15 )
16 17 // This file contains ASN.1-related methods for String and Builder.
18 19 // Builder
20 21 // AddASN1Int64 appends a DER-encoded ASN.1 INTEGER.
22 func (b *Builder) AddASN1Int64(v int64) {
23 b.addASN1Signed(asn1.INTEGER, v)
24 }
25 26 // AddASN1Int64WithTag appends a DER-encoded ASN.1 INTEGER with the
27 // given tag.
28 func (b *Builder) AddASN1Int64WithTag(v int64, tag asn1.Tag) {
29 b.addASN1Signed(tag, v)
30 }
31 32 // AddASN1Enum appends a DER-encoded ASN.1 ENUMERATION.
33 func (b *Builder) AddASN1Enum(v int64) {
34 b.addASN1Signed(asn1.ENUM, v)
35 }
36 37 func (b *Builder) addASN1Signed(tag asn1.Tag, v int64) {
38 b.AddASN1(tag, func(c *Builder) {
39 length := 1
40 for i := v; i >= 0x80 || i < -0x80; i >>= 8 {
41 length++
42 }
43 44 for ; length > 0; length-- {
45 i := v >> uint((length-1)*8) & 0xff
46 c.AddUint8(uint8(i))
47 }
48 })
49 }
50 51 // AddASN1Uint64 appends a DER-encoded ASN.1 INTEGER.
52 func (b *Builder) AddASN1Uint64(v uint64) {
53 b.AddASN1(asn1.INTEGER, func(c *Builder) {
54 length := 1
55 for i := v; i >= 0x80; i >>= 8 {
56 length++
57 }
58 59 for ; length > 0; length-- {
60 i := v >> uint((length-1)*8) & 0xff
61 c.AddUint8(uint8(i))
62 }
63 })
64 }
65 66 // AddASN1BigInt appends a DER-encoded ASN.1 INTEGER.
67 func (b *Builder) AddASN1BigInt(n *big.Int) {
68 if b.err != nil {
69 return
70 }
71 72 b.AddASN1(asn1.INTEGER, func(c *Builder) {
73 if n.Sign() < 0 {
74 // A negative number has to be converted to two's-complement form. So we
75 // invert and subtract 1. If the most-significant-bit isn't set then
76 // we'll need to pad the beginning with 0xff in order to keep the number
77 // negative.
78 nMinus1 := new(big.Int).Neg(n)
79 nMinus1.Sub(nMinus1, bigOne)
80 bytes := nMinus1.Bytes()
81 for i := range bytes {
82 bytes[i] ^= 0xff
83 }
84 if len(bytes) == 0 || bytes[0]&0x80 == 0 {
85 c.add(0xff)
86 }
87 c.add(bytes...)
88 } else if n.Sign() == 0 {
89 c.add(0)
90 } else {
91 bytes := n.Bytes()
92 if bytes[0]&0x80 != 0 {
93 c.add(0)
94 }
95 c.add(bytes...)
96 }
97 })
98 }
99 100 // AddASN1OctetString appends a DER-encoded ASN.1 OCTET STRING.
101 func (b *Builder) AddASN1OctetString(bytes []byte) {
102 b.AddASN1(asn1.OCTET_STRING, func(c *Builder) {
103 c.AddBytes(bytes)
104 })
105 }
106 107 const generalizedTimeFormatStr = "20060102150405Z0700"
108 109 // AddASN1GeneralizedTime appends a DER-encoded ASN.1 GENERALIZEDTIME.
110 func (b *Builder) AddASN1GeneralizedTime(t time.Time) {
111 if t.Year() < 0 || t.Year() > 9999 {
112 b.err = fmt.Errorf("cryptobyte: cannot represent %v as a GeneralizedTime", t)
113 return
114 }
115 b.AddASN1(asn1.GeneralizedTime, func(c *Builder) {
116 c.AddBytes([]byte(t.Format(generalizedTimeFormatStr)))
117 })
118 }
119 120 // AddASN1UTCTime appends a DER-encoded ASN.1 UTCTime.
121 func (b *Builder) AddASN1UTCTime(t time.Time) {
122 b.AddASN1(asn1.UTCTime, func(c *Builder) {
123 // As utilized by the X.509 profile, UTCTime can only
124 // represent the years 1950 through 2049.
125 if t.Year() < 1950 || t.Year() >= 2050 {
126 b.err = fmt.Errorf("cryptobyte: cannot represent %v as a UTCTime", t)
127 return
128 }
129 c.AddBytes([]byte(t.Format(defaultUTCTimeFormatStr)))
130 })
131 }
132 133 // AddASN1BitString appends a DER-encoded ASN.1 BIT STRING. This does not
134 // support BIT STRINGs that are not a whole number of bytes.
135 func (b *Builder) AddASN1BitString(data []byte) {
136 b.AddASN1(asn1.BIT_STRING, func(b *Builder) {
137 b.AddUint8(0)
138 b.AddBytes(data)
139 })
140 }
141 142 func (b *Builder) addBase128Int(n int64) {
143 var length int
144 if n == 0 {
145 length = 1
146 } else {
147 for i := n; i > 0; i >>= 7 {
148 length++
149 }
150 }
151 152 for i := length - 1; i >= 0; i-- {
153 o := byte(n >> uint(i*7))
154 o &= 0x7f
155 if i != 0 {
156 o |= 0x80
157 }
158 159 b.add(o)
160 }
161 }
162 163 func isValidOID(oid encoding_asn1.ObjectIdentifier) bool {
164 if len(oid) < 2 {
165 return false
166 }
167 168 if oid[0] > 2 || (oid[0] <= 1 && oid[1] >= 40) {
169 return false
170 }
171 172 for _, v := range oid {
173 if v < 0 {
174 return false
175 }
176 }
177 178 return true
179 }
180 181 func (b *Builder) AddASN1ObjectIdentifier(oid encoding_asn1.ObjectIdentifier) {
182 b.AddASN1(asn1.OBJECT_IDENTIFIER, func(b *Builder) {
183 if !isValidOID(oid) {
184 b.err = fmt.Errorf("cryptobyte: invalid OID: %v", oid)
185 return
186 }
187 188 b.addBase128Int(int64(oid[0])*40 + int64(oid[1]))
189 for _, v := range oid[2:] {
190 b.addBase128Int(int64(v))
191 }
192 })
193 }
194 195 func (b *Builder) AddASN1Boolean(v bool) {
196 b.AddASN1(asn1.BOOLEAN, func(b *Builder) {
197 if v {
198 b.AddUint8(0xff)
199 } else {
200 b.AddUint8(0)
201 }
202 })
203 }
204 205 func (b *Builder) AddASN1NULL() {
206 b.add(uint8(asn1.NULL), 0)
207 }
208 209 // MarshalASN1 calls encoding_asn1.Marshal on its input and appends the result if
210 // successful or records an error if one occurred.
211 func (b *Builder) MarshalASN1(v interface{}) {
212 // NOTE(martinkr): This is somewhat of a hack to allow propagation of
213 // encoding_asn1.Marshal errors into Builder.err. N.B. if you call MarshalASN1 with a
214 // value embedded into a struct, its tag information is lost.
215 if b.err != nil {
216 return
217 }
218 bytes, err := encoding_asn1.Marshal(v)
219 if err != nil {
220 b.err = err
221 return
222 }
223 b.AddBytes(bytes)
224 }
225 226 // AddASN1 appends an ASN.1 object. The object is prefixed with the given tag.
227 // Tags greater than 30 are not supported and result in an error (i.e.
228 // low-tag-number form only). The child builder passed to the
229 // BuilderContinuation can be used to build the content of the ASN.1 object.
230 func (b *Builder) AddASN1(tag asn1.Tag, f BuilderContinuation) {
231 if b.err != nil {
232 return
233 }
234 // Identifiers with the low five bits set indicate high-tag-number format
235 // (two or more octets), which we don't support.
236 if tag&0x1f == 0x1f {
237 b.err = fmt.Errorf("cryptobyte: high-tag number identifier octets not supported: 0x%x", tag)
238 return
239 }
240 b.AddUint8(uint8(tag))
241 b.addLengthPrefixed(1, true, f)
242 }
243 244 // String
245 246 // ReadASN1Boolean decodes an ASN.1 BOOLEAN and converts it to a boolean
247 // representation into out and advances. It reports whether the read
248 // was successful.
249 func (s *String) ReadASN1Boolean(out *bool) bool {
250 var bytes String
251 if !s.ReadASN1(&bytes, asn1.BOOLEAN) || len(bytes) != 1 {
252 return false
253 }
254 255 switch bytes[0] {
256 case 0:
257 *out = false
258 case 0xff:
259 *out = true
260 default:
261 return false
262 }
263 264 return true
265 }
266 267 // ReadASN1Integer decodes an ASN.1 INTEGER into out and advances. If out does
268 // not point to an integer, to a big.Int, or to a []byte it panics. Only
269 // positive and zero values can be decoded into []byte, and they are returned as
270 // big-endian binary values that share memory with s. Positive values will have
271 // no leading zeroes, and zero will be returned as a single zero byte.
272 // ReadASN1Integer reports whether the read was successful.
273 func (s *String) ReadASN1Integer(out interface{}) bool {
274 switch out := out.(type) {
275 case *int, *int8, *int16, *int32, *int64:
276 var i int64
277 if !s.readASN1Int64(&i) || reflect.ValueOf(out).Elem().OverflowInt(i) {
278 return false
279 }
280 reflect.ValueOf(out).Elem().SetInt(i)
281 return true
282 case *uint, *uint8, *uint16, *uint32, *uint64:
283 var u uint64
284 if !s.readASN1Uint64(&u) || reflect.ValueOf(out).Elem().OverflowUint(u) {
285 return false
286 }
287 reflect.ValueOf(out).Elem().SetUint(u)
288 return true
289 case *big.Int:
290 return s.readASN1BigInt(out)
291 case *[]byte:
292 return s.readASN1Bytes(out)
293 default:
294 panic("out does not point to an integer type")
295 }
296 }
297 298 func checkASN1Integer(bytes []byte) bool {
299 if len(bytes) == 0 {
300 // An INTEGER is encoded with at least one octet.
301 return false
302 }
303 if len(bytes) == 1 {
304 return true
305 }
306 if bytes[0] == 0 && bytes[1]&0x80 == 0 || bytes[0] == 0xff && bytes[1]&0x80 == 0x80 {
307 // Value is not minimally encoded.
308 return false
309 }
310 return true
311 }
312 313 var bigOne = big.NewInt(1)
314 315 func (s *String) readASN1BigInt(out *big.Int) bool {
316 var bytes String
317 if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
318 return false
319 }
320 if bytes[0]&0x80 == 0x80 {
321 // Negative number.
322 neg := make([]byte, len(bytes))
323 for i, b := range bytes {
324 neg[i] = ^b
325 }
326 out.SetBytes(neg)
327 out.Add(out, bigOne)
328 out.Neg(out)
329 } else {
330 out.SetBytes(bytes)
331 }
332 return true
333 }
334 335 func (s *String) readASN1Bytes(out *[]byte) bool {
336 var bytes String
337 if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
338 return false
339 }
340 if bytes[0]&0x80 == 0x80 {
341 return false
342 }
343 for len(bytes) > 1 && bytes[0] == 0 {
344 bytes = bytes[1:]
345 }
346 *out = bytes
347 return true
348 }
349 350 func (s *String) readASN1Int64(out *int64) bool {
351 var bytes String
352 if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Signed(out, bytes) {
353 return false
354 }
355 return true
356 }
357 358 func asn1Signed(out *int64, n []byte) bool {
359 length := len(n)
360 if length > 8 {
361 return false
362 }
363 for i := 0; i < length; i++ {
364 *out <<= 8
365 *out |= int64(n[i])
366 }
367 // Shift up and down in order to sign extend the result.
368 *out <<= 64 - uint8(length)*8
369 *out >>= 64 - uint8(length)*8
370 return true
371 }
372 373 func (s *String) readASN1Uint64(out *uint64) bool {
374 var bytes String
375 if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Unsigned(out, bytes) {
376 return false
377 }
378 return true
379 }
380 381 func asn1Unsigned(out *uint64, n []byte) bool {
382 length := len(n)
383 if length > 9 || length == 9 && n[0] != 0 {
384 // Too large for uint64.
385 return false
386 }
387 if n[0]&0x80 != 0 {
388 // Negative number.
389 return false
390 }
391 for i := 0; i < length; i++ {
392 *out <<= 8
393 *out |= uint64(n[i])
394 }
395 return true
396 }
397 398 // ReadASN1Int64WithTag decodes an ASN.1 INTEGER with the given tag into out
399 // and advances. It reports whether the read was successful and resulted in a
400 // value that can be represented in an int64.
401 func (s *String) ReadASN1Int64WithTag(out *int64, tag asn1.Tag) bool {
402 var bytes String
403 return s.ReadASN1(&bytes, tag) && checkASN1Integer(bytes) && asn1Signed(out, bytes)
404 }
405 406 // ReadASN1Enum decodes an ASN.1 ENUMERATION into out and advances. It reports
407 // whether the read was successful.
408 func (s *String) ReadASN1Enum(out *int) bool {
409 var bytes String
410 var i int64
411 if !s.ReadASN1(&bytes, asn1.ENUM) || !checkASN1Integer(bytes) || !asn1Signed(&i, bytes) {
412 return false
413 }
414 if int64(int(i)) != i {
415 return false
416 }
417 *out = int(i)
418 return true
419 }
420 421 func (s *String) readBase128Int(out *int) bool {
422 ret := 0
423 for i := 0; len(*s) > 0; i++ {
424 if i == 5 {
425 return false
426 }
427 // Avoid overflowing int on a 32-bit platform.
428 // We don't want different behavior based on the architecture.
429 if ret >= 1<<(31-7) {
430 return false
431 }
432 ret <<= 7
433 b := s.read(1)[0]
434 435 // ITU-T X.690, section 8.19.2:
436 // The subidentifier shall be encoded in the fewest possible octets,
437 // that is, the leading octet of the subidentifier shall not have the value 0x80.
438 if i == 0 && b == 0x80 {
439 return false
440 }
441 442 ret |= int(b & 0x7f)
443 if b&0x80 == 0 {
444 *out = ret
445 return true
446 }
447 }
448 return false // truncated
449 }
450 451 // ReadASN1ObjectIdentifier decodes an ASN.1 OBJECT IDENTIFIER into out and
452 // advances. It reports whether the read was successful.
453 func (s *String) ReadASN1ObjectIdentifier(out *encoding_asn1.ObjectIdentifier) bool {
454 var bytes String
455 if !s.ReadASN1(&bytes, asn1.OBJECT_IDENTIFIER) || len(bytes) == 0 {
456 return false
457 }
458 459 // In the worst case, we get two elements from the first byte (which is
460 // encoded differently) and then every varint is a single byte long.
461 components := make([]int, len(bytes)+1)
462 463 // The first varint is 40*value1 + value2:
464 // According to this packing, value1 can take the values 0, 1 and 2 only.
465 // When value1 = 0 or value1 = 1, then value2 is <= 39. When value1 = 2,
466 // then there are no restrictions on value2.
467 var v int
468 if !bytes.readBase128Int(&v) {
469 return false
470 }
471 if v < 80 {
472 components[0] = v / 40
473 components[1] = v % 40
474 } else {
475 components[0] = 2
476 components[1] = v - 80
477 }
478 479 i := 2
480 for ; len(bytes) > 0; i++ {
481 if !bytes.readBase128Int(&v) {
482 return false
483 }
484 components[i] = v
485 }
486 *out = components[:i]
487 return true
488 }
489 490 // ReadASN1GeneralizedTime decodes an ASN.1 GENERALIZEDTIME into out and
491 // advances. It reports whether the read was successful.
492 func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
493 var bytes String
494 if !s.ReadASN1(&bytes, asn1.GeneralizedTime) {
495 return false
496 }
497 t := string(bytes)
498 res, err := time.Parse(generalizedTimeFormatStr, t)
499 if err != nil {
500 return false
501 }
502 if serialized := res.Format(generalizedTimeFormatStr); serialized != t {
503 return false
504 }
505 *out = res
506 return true
507 }
508 509 const defaultUTCTimeFormatStr = "060102150405Z0700"
510 511 // ReadASN1UTCTime decodes an ASN.1 UTCTime into out and advances.
512 // It reports whether the read was successful.
513 func (s *String) ReadASN1UTCTime(out *time.Time) bool {
514 var bytes String
515 if !s.ReadASN1(&bytes, asn1.UTCTime) {
516 return false
517 }
518 t := string(bytes)
519 520 formatStr := defaultUTCTimeFormatStr
521 var err error
522 res, err := time.Parse(formatStr, t)
523 if err != nil {
524 // Fallback to minute precision if we can't parse second
525 // precision. If we are following X.509 or X.690 we shouldn't
526 // support this, but we do.
527 formatStr = "0601021504Z0700"
528 res, err = time.Parse(formatStr, t)
529 }
530 if err != nil {
531 return false
532 }
533 534 if serialized := res.Format(formatStr); serialized != t {
535 return false
536 }
537 538 if res.Year() >= 2050 {
539 // UTCTime interprets the low order digits 50-99 as 1950-99.
540 // This only applies to its use in the X.509 profile.
541 // See https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1
542 res = res.AddDate(-100, 0, 0)
543 }
544 *out = res
545 return true
546 }
547 548 // ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances.
549 // It reports whether the read was successful.
550 func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
551 var bytes String
552 if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
553 len(bytes)*8/8 != len(bytes) {
554 return false
555 }
556 557 paddingBits := bytes[0]
558 bytes = bytes[1:]
559 if paddingBits > 7 ||
560 len(bytes) == 0 && paddingBits != 0 ||
561 len(bytes) > 0 && bytes[len(bytes)-1]&(1<<paddingBits-1) != 0 {
562 return false
563 }
564 565 out.BitLength = len(bytes)*8 - int(paddingBits)
566 out.Bytes = bytes
567 return true
568 }
569 570 // ReadASN1BitStringAsBytes decodes an ASN.1 BIT STRING into out and advances. It is
571 // an error if the BIT STRING is not a whole number of bytes. It reports
572 // whether the read was successful.
573 func (s *String) ReadASN1BitStringAsBytes(out *[]byte) bool {
574 var bytes String
575 if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
576 return false
577 }
578 579 paddingBits := bytes[0]
580 if paddingBits != 0 {
581 return false
582 }
583 *out = bytes[1:]
584 return true
585 }
586 587 // ReadASN1Bytes reads the contents of a DER-encoded ASN.1 element (not including
588 // tag and length bytes) into out, and advances. The element must match the
589 // given tag. It reports whether the read was successful.
590 func (s *String) ReadASN1Bytes(out *[]byte, tag asn1.Tag) bool {
591 return s.ReadASN1((*String)(out), tag)
592 }
593 594 // ReadASN1 reads the contents of a DER-encoded ASN.1 element (not including
595 // tag and length bytes) into out, and advances. The element must match the
596 // given tag. It reports whether the read was successful.
597 //
598 // Tags greater than 30 are not supported (i.e. low-tag-number format only).
599 func (s *String) ReadASN1(out *String, tag asn1.Tag) bool {
600 var t asn1.Tag
601 if !s.ReadAnyASN1(out, &t) || t != tag {
602 return false
603 }
604 return true
605 }
606 607 // ReadASN1Element reads the contents of a DER-encoded ASN.1 element (including
608 // tag and length bytes) into out, and advances. The element must match the
609 // given tag. It reports whether the read was successful.
610 //
611 // Tags greater than 30 are not supported (i.e. low-tag-number format only).
612 func (s *String) ReadASN1Element(out *String, tag asn1.Tag) bool {
613 var t asn1.Tag
614 if !s.ReadAnyASN1Element(out, &t) || t != tag {
615 return false
616 }
617 return true
618 }
619 620 // ReadAnyASN1 reads the contents of a DER-encoded ASN.1 element (not including
621 // tag and length bytes) into out, sets outTag to its tag, and advances.
622 // It reports whether the read was successful.
623 //
624 // Tags greater than 30 are not supported (i.e. low-tag-number format only).
625 func (s *String) ReadAnyASN1(out *String, outTag *asn1.Tag) bool {
626 return s.readASN1(out, outTag, true /* skip header */)
627 }
628 629 // ReadAnyASN1Element reads the contents of a DER-encoded ASN.1 element
630 // (including tag and length bytes) into out, sets outTag to is tag, and
631 // advances. It reports whether the read was successful.
632 //
633 // Tags greater than 30 are not supported (i.e. low-tag-number format only).
634 func (s *String) ReadAnyASN1Element(out *String, outTag *asn1.Tag) bool {
635 return s.readASN1(out, outTag, false /* include header */)
636 }
637 638 // PeekASN1Tag reports whether the next ASN.1 value on the string starts with
639 // the given tag.
640 func (s String) PeekASN1Tag(tag asn1.Tag) bool {
641 if len(s) == 0 {
642 return false
643 }
644 return asn1.Tag(s[0]) == tag
645 }
646 647 // SkipASN1 reads and discards an ASN.1 element with the given tag. It
648 // reports whether the operation was successful.
649 func (s *String) SkipASN1(tag asn1.Tag) bool {
650 var unused String
651 return s.ReadASN1(&unused, tag)
652 }
653 654 // ReadOptionalASN1 attempts to read the contents of a DER-encoded ASN.1
655 // element (not including tag and length bytes) tagged with the given tag into
656 // out. It stores whether an element with the tag was found in outPresent,
657 // unless outPresent is nil. It reports whether the read was successful.
658 func (s *String) ReadOptionalASN1(out *String, outPresent *bool, tag asn1.Tag) bool {
659 present := s.PeekASN1Tag(tag)
660 if outPresent != nil {
661 *outPresent = present
662 }
663 if present && !s.ReadASN1(out, tag) {
664 return false
665 }
666 return true
667 }
668 669 // SkipOptionalASN1 advances s over an ASN.1 element with the given tag, or
670 // else leaves s unchanged. It reports whether the operation was successful.
671 func (s *String) SkipOptionalASN1(tag asn1.Tag) bool {
672 if !s.PeekASN1Tag(tag) {
673 return true
674 }
675 var unused String
676 return s.ReadASN1(&unused, tag)
677 }
678 679 // ReadOptionalASN1Integer attempts to read an optional ASN.1 INTEGER explicitly
680 // tagged with tag into out and advances. If no element with a matching tag is
681 // present, it writes defaultValue into out instead. Otherwise, it behaves like
682 // ReadASN1Integer.
683 func (s *String) ReadOptionalASN1Integer(out interface{}, tag asn1.Tag, defaultValue interface{}) bool {
684 var present bool
685 var i String
686 if !s.ReadOptionalASN1(&i, &present, tag) {
687 return false
688 }
689 if !present {
690 switch out.(type) {
691 case *int, *int8, *int16, *int32, *int64,
692 *uint, *uint8, *uint16, *uint32, *uint64, *[]byte:
693 reflect.ValueOf(out).Elem().Set(reflect.ValueOf(defaultValue))
694 case *big.Int:
695 if defaultValue, ok := defaultValue.(*big.Int); ok {
696 out.(*big.Int).Set(defaultValue)
697 } else {
698 panic("out points to big.Int, but defaultValue does not")
699 }
700 default:
701 panic("invalid integer type")
702 }
703 return true
704 }
705 if !i.ReadASN1Integer(out) || !i.Empty() {
706 return false
707 }
708 return true
709 }
710 711 // ReadOptionalASN1OctetString attempts to read an optional ASN.1 OCTET STRING
712 // explicitly tagged with tag into out and advances. If no element with a
713 // matching tag is present, it sets "out" to nil instead. It reports
714 // whether the read was successful.
715 func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag asn1.Tag) bool {
716 var present bool
717 var child String
718 if !s.ReadOptionalASN1(&child, &present, tag) {
719 return false
720 }
721 if outPresent != nil {
722 *outPresent = present
723 }
724 if present {
725 var oct String
726 if !child.ReadASN1(&oct, asn1.OCTET_STRING) || !child.Empty() {
727 return false
728 }
729 *out = oct
730 } else {
731 *out = nil
732 }
733 return true
734 }
735 736 // ReadOptionalASN1Boolean attempts to read an optional ASN.1 BOOLEAN
737 // explicitly tagged with tag into out and advances. If no element with a
738 // matching tag is present, it sets "out" to defaultValue instead. It reports
739 // whether the read was successful.
740 func (s *String) ReadOptionalASN1Boolean(out *bool, tag asn1.Tag, defaultValue bool) bool {
741 var present bool
742 var child String
743 if !s.ReadOptionalASN1(&child, &present, tag) {
744 return false
745 }
746 747 if !present {
748 *out = defaultValue
749 return true
750 }
751 752 return child.ReadASN1Boolean(out)
753 }
754 755 func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
756 if len(*s) < 2 {
757 return false
758 }
759 tag, lenByte := (*s)[0], (*s)[1]
760 761 if tag&0x1f == 0x1f {
762 // ITU-T X.690 section 8.1.2
763 //
764 // An identifier octet with a tag part of 0x1f indicates a high-tag-number
765 // form identifier with two or more octets. We only support tags less than
766 // 31 (i.e. low-tag-number form, single octet identifier).
767 return false
768 }
769 770 if outTag != nil {
771 *outTag = asn1.Tag(tag)
772 }
773 774 // ITU-T X.690 section 8.1.3
775 //
776 // Bit 8 of the first length byte indicates whether the length is short- or
777 // long-form.
778 var length, headerLen uint32 // length includes headerLen
779 if lenByte&0x80 == 0 {
780 // Short-form length (section 8.1.3.4), encoded in bits 1-7.
781 length = uint32(lenByte) + 2
782 headerLen = 2
783 } else {
784 // Long-form length (section 8.1.3.5). Bits 1-7 encode the number of octets
785 // used to encode the length.
786 lenLen := lenByte & 0x7f
787 var len32 uint32
788 789 if lenLen == 0 || lenLen > 4 || len(*s) < int(2+lenLen) {
790 return false
791 }
792 793 lenBytes := String((*s)[2 : 2+lenLen])
794 if !lenBytes.readUnsigned(&len32, int(lenLen)) {
795 return false
796 }
797 798 // ITU-T X.690 section 10.1 (DER length forms) requires encoding the length
799 // with the minimum number of octets.
800 if len32 < 128 {
801 // Length should have used short-form encoding.
802 return false
803 }
804 if len32>>((lenLen-1)*8) == 0 {
805 // Leading octet is 0. Length should have been at least one byte shorter.
806 return false
807 }
808 809 headerLen = 2 + uint32(lenLen)
810 if headerLen+len32 < len32 {
811 // Overflow.
812 return false
813 }
814 length = headerLen + len32
815 }
816 817 if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
818 return false
819 }
820 if skipHeader && !out.Skip(int(headerLen)) {
821 panic("cryptobyte: internal error")
822 }
823 824 return true
825 }
826