src/cryptography/hazmat/_der.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.

from __future__ import absolute_import, division, print_function

import six

from cryptography.utils import int_from_bytes, int_to_bytes


# This module contains a lightweight DER encoder and decoder. See X.690 for the
# specification. This module intentionally does not implement the more complex
# BER encoding, only DER.
#
# Note this implementation treats an element's constructed bit as part of the
# tag. This is fine for DER, where the bit is always computable from the type.


CONSTRUCTED = 0x20
CONTEXT_SPECIFIC = 0x80

INTEGER = 0x02
BIT_STRING = 0x03
OCTET_STRING = 0x04
NULL = 0x05
OBJECT_IDENTIFIER = 0x06
SEQUENCE = 0x10 | CONSTRUCTED
SET = 0x11 | CONSTRUCTED
PRINTABLE_STRING = 0x13
UTC_TIME = 0x17
GENERALIZED_TIME = 0x18


class DERReader(object):
    def __init__(self, data):
        self.data = memoryview(data)

    def is_empty(self):
        return len(self.data) == 0

    def check_empty(self):
        if not self.is_empty():
            raise ValueError("Invalid DER input: trailing data")

    def read_byte(self):
        if len(self.data) < 1:
            raise ValueError("Invalid DER input: insufficient data")
        ret = six.indexbytes(self.data, 0)
        self.data = self.data[1:]
        return ret

    def read_bytes(self, n):
        if len(self.data) < n:
            raise ValueError("Invalid DER input: insufficient data")
        ret = self.data[:n]
        self.data = self.data[n:]
        return ret

    def read_any_element(self):
        tag = self.read_byte()
        # Tag numbers 31 or higher are stored in multiple bytes. No supported
        # ASN.1 types use such tags, so reject these.
        if tag & 0x1f == 0x1f:
            raise ValueError("Invalid DER input: unexpected high tag number")
        length_byte = self.read_byte()
        if length_byte & 0x80 == 0:
            # If the high bit is clear, the first length byte is the length.
            length = length_byte
        else:
            # If the high bit is set, the first length byte encodes the length
            # of the length.
            length_byte &= 0x7f
            if length_byte == 0:
                raise ValueError(
                    "Invalid DER input: indefinite length form is not allowed "
                    "in DER"
                )
            length = 0
            for i in range(length_byte):
                length <<= 8
                length |= self.read_byte()
                if length == 0:
                    raise ValueError(
                        "Invalid DER input: length was not minimally-encoded"
                    )
            if length < 0x80:
                # If the length could have been encoded in short form, it must
                # not use long form.
                raise ValueError(
                    "Invalid DER input: length was not minimally-encoded"
                )
        body = self.read_bytes(length)
        return tag, DERReader(body)

    def read_element(self, expected_tag):
        tag, body = self.read_any_element()
        if tag != expected_tag:
            raise ValueError("Invalid DER input: unexpected tag")
        return body

    def read_single_element(self, expected_tag):
        ret = self.read_element(expected_tag)
        self.check_empty()
        return ret

    def read_optional_element(self, expected_tag):
        if len(self.data) > 0 and six.indexbytes(self.data, 0) == expected_tag:
            return self.read_element(expected_tag)
        return None

    def as_integer(self):
        if len(self.data) == 0:
            raise ValueError("Invalid DER input: empty integer contents")
        first = six.indexbytes(self.data, 0)
        if first & 0x80 == 0x80:
            raise ValueError("Negative DER integers are not supported")
        # The first 9 bits must not all be zero or all be ones. Otherwise, the
        # encoding should have been one byte shorter.
        if len(self.data) > 1:
            second = six.indexbytes(self.data, 1)
            if first == 0 and second & 0x80 == 0:
                raise ValueError(
                    "Invalid DER input: integer not minimally-encoded"
                )
        return int_from_bytes(self.data, "big")


def encode_der_integer(x):
    if not isinstance(x, six.integer_types):
        raise ValueError("Value must be an integer")
    if x < 0:
        raise ValueError("Negative integers are not supported")
    n = x.bit_length() // 8 + 1
    return int_to_bytes(x, n)


def encode_der(tag, *children):
    length = 0
    for child in children:
        length += len(child)
    chunks = [six.int2byte(tag)]
    if length < 0x80:
        chunks.append(six.int2byte(length))
    else:
        length_bytes = int_to_bytes(length)
        chunks.append(six.int2byte(0x80 | len(length_bytes)))
        chunks.append(length_bytes)
    chunks.extend(children)
    return b"".join(chunks)