yggdrasil/ring
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
197b57154f
ring/pki/parse_values.h
Bob Beck bc97b7a8e1 Bring in the core of chromium certificate verifier as libpki 
Initially this leaves the canonical source in chrome, Additions
and fillins are committed directly, the chrome files are coverted
using the IMPORT script run from the pki directory for the moment.

The intention here is to continue frequent automatic conversion
(and avoid wholesale cosmetic changes in here for now) until
chrome converts to use these files in place of it's versions.
At that point these will become the definiative files, and the
IMPORT script can be tossed out.

A middle step along the way will be to change google3's verify.cc
in third_party/chromium_certificate_verifier to use this instead
of it's own extracted copy.

Status (and what is not done yet) being roughly tracked in README.md

Bug: chromium:1322914

Change-Id: Ibdb5479bc68985fa61ce6b10f98f31f6b3a7cbdf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60285
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>
2023-06-22 19:34:39 +00:00

153 lines
6.1 KiB
C++
Raw Blame History

// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef BSSL_DER_PARSE_VALUES_H_
#define BSSL_DER_PARSE_VALUES_H_
#include "fillins/openssl_util.h"
#include <stdint.h>
#include "input.h"
#include <optional>
namespace bssl::der {
// Reads a DER-encoded ASN.1 BOOLEAN value from |in| and puts the resulting
// value in |out|. Returns whether the encoded value could successfully be
// read.
[[nodiscard]] OPENSSL_EXPORT bool ParseBool(const Input& in, bool* out);
// Like ParseBool, except it is more relaxed in what inputs it accepts: Any
// value that is a valid BER encoding will be parsed successfully.
[[nodiscard]] OPENSSL_EXPORT bool ParseBoolRelaxed(const Input& in, bool* out);
// Checks the validity of a DER-encoded ASN.1 INTEGER value from |in|, and
// determines the sign of the number. Returns true on success and
// fills |negative|. Otherwise returns false and does not modify the out
// parameter.
//
// in: The value portion of an INTEGER.
// negative: Out parameter that is set to true if the number is negative
// and false otherwise (zero is non-negative).
[[nodiscard]] OPENSSL_EXPORT bool IsValidInteger(const Input& in, bool* negative);
// Reads a DER-encoded ASN.1 INTEGER value from |in| and puts the resulting
// value in |out|. ASN.1 INTEGERs are arbitrary precision; this function is
// provided as a convenience when the caller knows that the value is unsigned
// and is between 0 and 2^64-1. This function returns false if the value is too
// big to fit in a uint64_t, is negative, or if there is an error reading the
// integer.
[[nodiscard]] OPENSSL_EXPORT bool ParseUint64(const Input& in, uint64_t* out);
// Same as ParseUint64() but for a uint8_t.
[[nodiscard]] OPENSSL_EXPORT bool ParseUint8(const Input& in, uint8_t* out);
// The BitString class is a helper for representing a valid parsed BIT STRING.
//
// * The bits are ordered within each octet of bytes() from most to least
// significant, as in the DER encoding.
//
// * There may be at most 7 unused bits.
class OPENSSL_EXPORT BitString {
public:
BitString() = default;
// |unused_bits| represents the number of bits in the last octet of |bytes|,
// starting from the least significant bit, that are unused. It MUST be < 8.
// And if bytes is empty, then it MUST be 0.
BitString(const Input& bytes, uint8_t unused_bits);
const Input& bytes() const { return bytes_; }
uint8_t unused_bits() const { return unused_bits_; }
// Returns true if the bit string contains 1 at the specified position.
// Otherwise returns false.
//
// A return value of false can mean either:
// * The bit value at |bit_index| is 0.
// * There is no bit at |bit_index| (index is beyond the end).
[[nodiscard]] bool AssertsBit(size_t bit_index) const;
private:
Input bytes_;
uint8_t unused_bits_ = 0;
// Default assignment and copy constructor are OK.
};
// Reads a DER-encoded ASN.1 BIT STRING value from |in| and returns the
// resulting octet string and number of unused bits.
//
// On failure, returns std::nullopt.
[[nodiscard]] OPENSSL_EXPORT std::optional<BitString> ParseBitString(
const Input& in);
struct OPENSSL_EXPORT GeneralizedTime {
uint16_t year;
uint8_t month;
uint8_t day;
uint8_t hours;
uint8_t minutes;
uint8_t seconds;
// Returns true if the value is in UTCTime's range.
bool InUTCTimeRange() const;
};
OPENSSL_EXPORT bool operator<(const GeneralizedTime& lhs,
const GeneralizedTime& rhs);
OPENSSL_EXPORT bool operator<=(const GeneralizedTime& lhs,
const GeneralizedTime& rhs);
OPENSSL_EXPORT bool operator>(const GeneralizedTime& lhs,
const GeneralizedTime& rhs);
OPENSSL_EXPORT bool operator>=(const GeneralizedTime& lhs,
const GeneralizedTime& rhs);
// Reads a DER-encoded ASN.1 UTCTime value from |in| and puts the resulting
// value in |out|, returning true if the UTCTime could be parsed successfully.
[[nodiscard]] OPENSSL_EXPORT bool ParseUTCTime(const Input& in,
GeneralizedTime* out);
// Reads a DER-encoded ASN.1 GeneralizedTime value from |in| and puts the
// resulting value in |out|, returning true if the GeneralizedTime could
// be parsed successfully. This function is even more restrictive than the
// DER rules - it follows the rules from RFC5280, which does not allow for
// fractional seconds.
[[nodiscard]] OPENSSL_EXPORT bool ParseGeneralizedTime(const Input& in,
GeneralizedTime* out);
// Reads a DER-encoded ASN.1 IA5String value from |in| and stores the result in
// |out| as ASCII, returning true if successful.
[[nodiscard]] OPENSSL_EXPORT bool ParseIA5String(Input in, std::string* out);
// Reads a DER-encoded ASN.1 VisibleString value from |in| and stores the result
// in |out| as ASCII, returning true if successful.
[[nodiscard]] OPENSSL_EXPORT bool ParseVisibleString(Input in, std::string* out);
// Reads a DER-encoded ASN.1 PrintableString value from |in| and stores the
// result in |out| as ASCII, returning true if successful.
[[nodiscard]] OPENSSL_EXPORT bool ParsePrintableString(Input in, std::string* out);
// Reads a DER-encoded ASN.1 TeletexString value from |in|, treating it as
// Latin-1, and stores the result in |out| as UTF-8, returning true if
// successful.
//
// This is for compatibility with legacy implementations that would use Latin-1
// encoding but tag it as TeletexString.
[[nodiscard]] OPENSSL_EXPORT bool ParseTeletexStringAsLatin1(Input in,
std::string* out);
// Reads a DER-encoded ASN.1 UniversalString value from |in| and stores the
// result in |out| as UTF-8, returning true if successful.
[[nodiscard]] OPENSSL_EXPORT bool ParseUniversalString(Input in, std::string* out);
// Reads a DER-encoded ASN.1 BMPString value from |in| and stores the
// result in |out| as UTF-8, returning true if successful.
[[nodiscard]] OPENSSL_EXPORT bool ParseBmpString(Input in, std::string* out);
} // namespace bssl::der
#endif // BSSL_DER_PARSE_VALUES_H_
Reference in New Issue View Git Blame Copy Permalink