|
|
- # coding: utf-8
-
- """
- Functions for parsing and dumping using the ASN.1 DER encoding. Exports the
- following items:
-
- - emit()
- - parse()
- - peek()
-
- Other type classes are defined that help compose the types listed above.
- """
-
- from __future__ import unicode_literals, division, absolute_import, print_function
-
- import sys
-
- from ._types import byte_cls, chr_cls, type_name
- from .util import int_from_bytes, int_to_bytes
-
- _PY2 = sys.version_info <= (3,)
- _INSUFFICIENT_DATA_MESSAGE = 'Insufficient data - %s bytes requested but only %s available'
-
-
- def emit(class_, method, tag, contents):
- """
- Constructs a byte string of an ASN.1 DER-encoded value
-
- This is typically not useful. Instead, use one of the standard classes from
- asn1crypto.core, or construct a new class with specific fields, and call the
- .dump() method.
-
- :param class_:
- An integer ASN.1 class value: 0 (universal), 1 (application),
- 2 (context), 3 (private)
-
- :param method:
- An integer ASN.1 method value: 0 (primitive), 1 (constructed)
-
- :param tag:
- An integer ASN.1 tag value
-
- :param contents:
- A byte string of the encoded byte contents
-
- :return:
- A byte string of the ASN.1 DER value (header and contents)
- """
-
- if not isinstance(class_, int):
- raise TypeError('class_ must be an integer, not %s' % type_name(class_))
-
- if class_ < 0 or class_ > 3:
- raise ValueError('class_ must be one of 0, 1, 2 or 3, not %s' % class_)
-
- if not isinstance(method, int):
- raise TypeError('method must be an integer, not %s' % type_name(method))
-
- if method < 0 or method > 1:
- raise ValueError('method must be 0 or 1, not %s' % method)
-
- if not isinstance(tag, int):
- raise TypeError('tag must be an integer, not %s' % type_name(tag))
-
- if tag < 0:
- raise ValueError('tag must be greater than zero, not %s' % tag)
-
- if not isinstance(contents, byte_cls):
- raise TypeError('contents must be a byte string, not %s' % type_name(contents))
-
- return _dump_header(class_, method, tag, contents) + contents
-
-
- def parse(contents, strict=False):
- """
- Parses a byte string of ASN.1 BER/DER-encoded data.
-
- This is typically not useful. Instead, use one of the standard classes from
- asn1crypto.core, or construct a new class with specific fields, and call the
- .load() class method.
-
- :param contents:
- A byte string of BER/DER-encoded data
-
- :param strict:
- A boolean indicating if trailing data should be forbidden - if so, a
- ValueError will be raised when trailing data exists
-
- :raises:
- ValueError - when the contents do not contain an ASN.1 header or are truncated in some way
- TypeError - when contents is not a byte string
-
- :return:
- A 6-element tuple:
- - 0: integer class (0 to 3)
- - 1: integer method
- - 2: integer tag
- - 3: byte string header
- - 4: byte string content
- - 5: byte string trailer
- """
-
- if not isinstance(contents, byte_cls):
- raise TypeError('contents must be a byte string, not %s' % type_name(contents))
-
- contents_len = len(contents)
- info, consumed = _parse(contents, contents_len)
- if strict and consumed != contents_len:
- raise ValueError('Extra data - %d bytes of trailing data were provided' % (contents_len - consumed))
- return info
-
-
- def peek(contents):
- """
- Parses a byte string of ASN.1 BER/DER-encoded data to find the length
-
- This is typically used to look into an encoded value to see how long the
- next chunk of ASN.1-encoded data is. Primarily it is useful when a
- value is a concatenation of multiple values.
-
- :param contents:
- A byte string of BER/DER-encoded data
-
- :raises:
- ValueError - when the contents do not contain an ASN.1 header or are truncated in some way
- TypeError - when contents is not a byte string
-
- :return:
- An integer with the number of bytes occupied by the ASN.1 value
- """
-
- if not isinstance(contents, byte_cls):
- raise TypeError('contents must be a byte string, not %s' % type_name(contents))
-
- info, consumed = _parse(contents, len(contents))
- return consumed
-
-
- def _parse(encoded_data, data_len, pointer=0, lengths_only=False):
- """
- Parses a byte string into component parts
-
- :param encoded_data:
- A byte string that contains BER-encoded data
-
- :param data_len:
- The integer length of the encoded data
-
- :param pointer:
- The index in the byte string to parse from
-
- :param lengths_only:
- A boolean to cause the call to return a 2-element tuple of the integer
- number of bytes in the header and the integer number of bytes in the
- contents. Internal use only.
-
- :return:
- A 2-element tuple:
- - 0: A tuple of (class_, method, tag, header, content, trailer)
- - 1: An integer indicating how many bytes were consumed
- """
-
- if data_len < pointer + 2:
- raise ValueError(_INSUFFICIENT_DATA_MESSAGE % (2, data_len - pointer))
-
- start = pointer
- first_octet = ord(encoded_data[pointer]) if _PY2 else encoded_data[pointer]
- pointer += 1
-
- tag = first_octet & 31
- # Base 128 length using 8th bit as continuation indicator
- if tag == 31:
- tag = 0
- while True:
- num = ord(encoded_data[pointer]) if _PY2 else encoded_data[pointer]
- pointer += 1
- tag *= 128
- tag += num & 127
- if num >> 7 == 0:
- break
-
- length_octet = ord(encoded_data[pointer]) if _PY2 else encoded_data[pointer]
- pointer += 1
-
- if length_octet >> 7 == 0:
- if lengths_only:
- return (pointer, pointer + (length_octet & 127))
- contents_end = pointer + (length_octet & 127)
-
- else:
- length_octets = length_octet & 127
- if length_octets:
- pointer += length_octets
- contents_end = pointer + int_from_bytes(encoded_data[pointer - length_octets:pointer], signed=False)
- if lengths_only:
- return (pointer, contents_end)
-
- else:
- # To properly parse indefinite length values, we need to scan forward
- # parsing headers until we find a value with a length of zero. If we
- # just scanned looking for \x00\x00, nested indefinite length values
- # would not work.
- contents_end = pointer
- # Unfortunately we need to understand the contents of the data to
- # properly scan forward, which bleeds some representation info into
- # the parser. This condition handles the unused bits byte in
- # constructed bit strings.
- if tag == 3:
- contents_end += 1
- while contents_end < data_len:
- sub_header_end, contents_end = _parse(encoded_data, data_len, contents_end, lengths_only=True)
- if contents_end == sub_header_end and encoded_data[contents_end - 2:contents_end] == b'\x00\x00':
- break
- if lengths_only:
- return (pointer, contents_end)
- if contents_end > data_len:
- raise ValueError(_INSUFFICIENT_DATA_MESSAGE % (contents_end, data_len))
- return (
- (
- first_octet >> 6,
- (first_octet >> 5) & 1,
- tag,
- encoded_data[start:pointer],
- encoded_data[pointer:contents_end - 2],
- b'\x00\x00'
- ),
- contents_end
- )
-
- if contents_end > data_len:
- raise ValueError(_INSUFFICIENT_DATA_MESSAGE % (contents_end, data_len))
- return (
- (
- first_octet >> 6,
- (first_octet >> 5) & 1,
- tag,
- encoded_data[start:pointer],
- encoded_data[pointer:contents_end],
- b''
- ),
- contents_end
- )
-
-
- def _dump_header(class_, method, tag, contents):
- """
- Constructs the header bytes for an ASN.1 object
-
- :param class_:
- An integer ASN.1 class value: 0 (universal), 1 (application),
- 2 (context), 3 (private)
-
- :param method:
- An integer ASN.1 method value: 0 (primitive), 1 (constructed)
-
- :param tag:
- An integer ASN.1 tag value
-
- :param contents:
- A byte string of the encoded byte contents
-
- :return:
- A byte string of the ASN.1 DER header
- """
-
- header = b''
-
- id_num = 0
- id_num |= class_ << 6
- id_num |= method << 5
-
- if tag >= 31:
- header += chr_cls(id_num | 31)
- while tag > 0:
- continuation_bit = 0x80 if tag > 0x7F else 0
- header += chr_cls(continuation_bit | (tag & 0x7F))
- tag = tag >> 7
- else:
- header += chr_cls(id_num | tag)
-
- length = len(contents)
- if length <= 127:
- header += chr_cls(length)
- else:
- length_bytes = int_to_bytes(length)
- header += chr_cls(0x80 | len(length_bytes))
- header += length_bytes
-
- return header
|
