chromium/net/der/parse_values.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_DER_PARSE_VALUES_H_
#define NET_DER_PARSE_VALUES_H_

#include <stdint.h>

#include "base/compiler_specific.h"
#include "net/base/net_export.h"
#include "net/der/input.h"

namespace net {

namespace der {

// Reads a DER-encoded ASN.1 BOOLEAN value from |in| and puts the resulting
// value in |out|. Returns whether the encoded value could successfully be
// read.
NET_EXPORT bool ParseBool(const Input& in, bool* out) WARN_UNUSED_RESULT;

// Like ParseBool, except it is more relaxed in what inputs it accepts: Any
// value that is a valid BER encoding will be parsed successfully.
NET_EXPORT bool ParseBoolRelaxed(const Input& in, bool* out) WARN_UNUSED_RESULT;

// Checks the validity of a DER-encoded ASN.1 INTEGER value from |in|, and
// determines the sign of the number. Returns true on success and
// fills |negative|. Otherwise returns false and does not modify the out
// parameter.
//
//    in: The value portion of an INTEGER.
//    negative: Out parameter that is set to true if the number is negative
//        and false otherwise (zero is non-negative).
NET_EXPORT bool IsValidInteger(const Input& in,
                               bool* negative) WARN_UNUSED_RESULT;

// Reads a DER-encoded ASN.1 INTEGER value from |in| and puts the resulting
// value in |out|. ASN.1 INTEGERs are arbitrary precision; this function is
// provided as a convenience when the caller knows that the value is unsigned
// and is between 0 and 2^64-1. This function returns false if the value is too
// big to fit in a uint64_t, is negative, or if there is an error reading the
// integer.
NET_EXPORT bool ParseUint64(const Input& in, uint64_t* out) WARN_UNUSED_RESULT;

// Same as ParseUint64() but for a uint8_t.
NET_EXPORT bool ParseUint8(const Input& in, uint8_t* out) WARN_UNUSED_RESULT;

// The BitString class is a helper for representing a valid parsed BIT STRING.
//
// * The bits are ordered within each octet of bytes() from most to least
//   significant, as in the DER encoding.
//
// * There may be at most 7 unused bits.
class NET_EXPORT BitString {
 public:
  BitString() : unused_bits_(0) {}

  // |unused_bits| represents the number of bits in the last octet of |bytes|,
  // starting from the least significant bit, that are unused. It MUST be < 8.
  // And if bytes is empty, then it MUST be 0.
  BitString(const Input& bytes, uint8_t unused_bits);

  const Input& bytes() const { return bytes_; }
  uint8_t unused_bits() const { return unused_bits_; }

  // Returns true if the bit string contains 1 at the specified position.
  // Otherwise returns false.
  //
  // A return value of false can mean either:
  //  * The bit value at |bit_index| is 0.
  //  * There is no bit at |bit_index| (index is beyond the end).
  bool AssertsBit(size_t bit_index) const WARN_UNUSED_RESULT;

 private:
  Input bytes_;
  uint8_t unused_bits_;

  // Default assignment and copy constructor are OK.
};

// Reads a DER-encoded ASN.1 BIT STRING value from |in| and puts the resulting
// octet string and number of unused bits into |bit_string|
//
// Returns true on success, otherwise returns false and does not modify the
// out-parameters.
NET_EXPORT bool ParseBitString(const Input& in,
                               BitString* bit_string) WARN_UNUSED_RESULT;

struct GeneralizedTime {
  uint16_t year;
  uint8_t month;
  uint8_t day;
  uint8_t hours;
  uint8_t minutes;
  uint8_t seconds;
};

NET_EXPORT_PRIVATE bool operator<(const GeneralizedTime& lhs,
                                  const GeneralizedTime& rhs);
NET_EXPORT_PRIVATE bool operator<=(const GeneralizedTime& lhs,
                                   const GeneralizedTime& rhs);
NET_EXPORT_PRIVATE bool operator>(const GeneralizedTime& lhs,
                                  const GeneralizedTime& rhs);
NET_EXPORT_PRIVATE bool operator>=(const GeneralizedTime& lhs,
                                   const GeneralizedTime& rhs);

// Reads a DER-encoded ASN.1 UTCTime value from |in| and puts the resulting
// value in |out|, returning true if the UTCTime could be parsed successfully.
NET_EXPORT bool ParseUTCTime(const Input& in,
                             GeneralizedTime* out) WARN_UNUSED_RESULT;

// Like ParseUTCTime, but it is more lenient in what is accepted. DER requires
// a UTCTime to be in the format YYMMDDhhmmssZ; this function will accept both
// that and YYMMDDhhmmZ, which is a valid BER encoding of a UTCTime which
// sometimes incorrectly appears in X.509 certificates.
NET_EXPORT bool ParseUTCTimeRelaxed(const Input& in,
                                    GeneralizedTime* out) WARN_UNUSED_RESULT;

// Reads a DER-encoded ASN.1 GeneralizedTime value from |in| and puts the
// resulting value in |out|, returning true if the GeneralizedTime could
// be parsed successfully. This function is even more restrictive than the
// DER rules - it follows the rules from RFC5280, which does not allow for
// fractional seconds.
NET_EXPORT bool ParseGeneralizedTime(const Input& in,
                                     GeneralizedTime* out) WARN_UNUSED_RESULT;

}  // namespace der

}  // namespace net

#endif  // NET_DER_PARSE_VALUES_H_