1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package asn1 implements parsing of DER-encoded ASN.1 data structures,
6 // as defined in ITU-T Rec X.690.
8 // See also ``A Layman's Guide to a Subset of ASN.1, BER, and DER,''
9 // http://luca.ntop.org/Teaching/Appunti/asn1.html.
12 // ASN.1 is a syntax for specifying abstract objects and BER, DER, PER, XER etc
13 // are different encoding formats for those objects. Here, we'll be dealing
14 // with DER, the Distinguished Encoding Rules. DER is used in X.509 because
15 // it's fast to parse and, unlike BER, has a unique encoding for every object.
16 // When calculating hashes over objects, it's important that the resulting
17 // bytes be the same at both ends and DER removes this margin of error.
19 // ASN.1 is very complex and this package doesn't attempt to implement
20 // everything by any means.
29 // A StructuralError suggests that the ASN.1 data is valid, but the Go type
30 // which is receiving it doesn't match.
31 type StructuralError
struct {
35 func (e StructuralError
) Error() string { return "asn1: structure error: " + e
.Msg
}
37 // A SyntaxError suggests that the ASN.1 data is invalid.
38 type SyntaxError
struct {
42 func (e SyntaxError
) Error() string { return "asn1: syntax error: " + e
.Msg
}
44 // We start by dealing with each of the primitive types in turn.
48 func parseBool(bytes
[]byte) (ret
bool, err error
) {
50 err
= SyntaxError
{"invalid boolean"}
54 // DER demands that "If the encoding represents the boolean value TRUE,
55 // its single contents octet shall have all eight bits set to one."
56 // Thus only 0 and 255 are valid encoded values.
63 err
= SyntaxError
{"invalid boolean"}
71 // parseInt64 treats the given bytes as a big-endian, signed integer and
72 // returns the result.
73 func parseInt64(bytes
[]byte) (ret
int64, err error
) {
75 // We'll overflow an int64 in this case.
76 err
= StructuralError
{"integer too large"}
79 for bytesRead
:= 0; bytesRead
< len(bytes
); bytesRead
++ {
81 ret |
= int64(bytes
[bytesRead
])
84 // Shift up and down in order to sign extend the result.
85 ret
<<= 64 - uint8(len(bytes
))*8
86 ret
>>= 64 - uint8(len(bytes
))*8
90 // parseInt treats the given bytes as a big-endian, signed integer and returns
92 func parseInt32(bytes
[]byte) (int32, error
) {
93 ret64
, err
:= parseInt64(bytes
)
97 if ret64
!= int64(int32(ret64
)) {
98 return 0, StructuralError
{"integer too large"}
100 return int32(ret64
), nil
103 var bigOne
= big
.NewInt(1)
105 // parseBigInt treats the given bytes as a big-endian, signed integer and returns
107 func parseBigInt(bytes
[]byte) *big
.Int
{
109 if len(bytes
) > 0 && bytes
[0]&0x80 == 0x80 {
110 // This is a negative number.
111 notBytes
:= make([]byte, len(bytes
))
112 for i
:= range notBytes
{
113 notBytes
[i
] = ^bytes
[i
]
115 ret
.SetBytes(notBytes
)
126 // BitString is the structure to use when you want an ASN.1 BIT STRING type. A
127 // bit string is padded up to the nearest byte in memory and the number of
128 // valid bits is recorded. Padding bits will be zero.
129 type BitString
struct {
130 Bytes
[]byte // bits packed into bytes.
131 BitLength
int // length in bits.
134 // At returns the bit at the given index. If the index is out of range it
136 func (b BitString
) At(i
int) int {
137 if i
< 0 || i
>= b
.BitLength
{
142 return int(b
.Bytes
[x
]>>y
) & 1
145 // RightAlign returns a slice where the padding bits are at the beginning. The
146 // slice may share memory with the BitString.
147 func (b BitString
) RightAlign() []byte {
148 shift
:= uint(8 - (b
.BitLength
% 8))
149 if shift
== 8 ||
len(b
.Bytes
) == 0 {
153 a
:= make([]byte, len(b
.Bytes
))
154 a
[0] = b
.Bytes
[0] >> shift
155 for i
:= 1; i
< len(b
.Bytes
); i
++ {
156 a
[i
] = b
.Bytes
[i
-1] << (8 - shift
)
157 a
[i
] |
= b
.Bytes
[i
] >> shift
163 // parseBitString parses an ASN.1 bit string from the given byte slice and returns it.
164 func parseBitString(bytes
[]byte) (ret BitString
, err error
) {
166 err
= SyntaxError
{"zero length BIT STRING"}
169 paddingBits
:= int(bytes
[0])
170 if paddingBits
> 7 ||
171 len(bytes
) == 1 && paddingBits
> 0 ||
172 bytes
[len(bytes
)-1]&((1<<bytes
[0])-1) != 0 {
173 err
= SyntaxError
{"invalid padding bits in BIT STRING"}
176 ret
.BitLength
= (len(bytes
)-1)*8 - paddingBits
177 ret
.Bytes
= bytes
[1:]
183 // An ObjectIdentifier represents an ASN.1 OBJECT IDENTIFIER.
184 type ObjectIdentifier
[]int
186 // Equal reports whether oi and other represent the same identifier.
187 func (oi ObjectIdentifier
) Equal(other ObjectIdentifier
) bool {
188 if len(oi
) != len(other
) {
191 for i
:= 0; i
< len(oi
); i
++ {
192 if oi
[i
] != other
[i
] {
200 // parseObjectIdentifier parses an OBJECT IDENTIFIER from the given bytes and
201 // returns it. An object identifier is a sequence of variable length integers
202 // that are assigned in a hierarchy.
203 func parseObjectIdentifier(bytes
[]byte) (s
[]int, err error
) {
205 err
= SyntaxError
{"zero length OBJECT IDENTIFIER"}
209 // In the worst case, we get two elements from the first byte (which is
210 // encoded differently) and then every varint is a single byte long.
211 s
= make([]int, len(bytes
)+1)
213 // The first varint is 40*value1 + value2:
214 // According to this packing, value1 can take the values 0, 1 and 2 only.
215 // When value1 = 0 or value1 = 1, then value2 is <= 39. When value1 = 2,
216 // then there are no restrictions on value2.
217 v
, offset
, err
:= parseBase128Int(bytes
, 0)
230 for ; offset
< len(bytes
); i
++ {
231 v
, offset
, err
= parseBase128Int(bytes
, offset
)
243 // An Enumerated is represented as a plain int.
248 // A Flag accepts any data and is set to true if present.
251 // parseBase128Int parses a base-128 encoded int from the given offset in the
252 // given byte slice. It returns the value and the new offset.
253 func parseBase128Int(bytes
[]byte, initOffset
int) (ret
, offset
int, err error
) {
255 for shifted
:= 0; offset
< len(bytes
); shifted
++ {
257 err
= StructuralError
{"base 128 integer too large"}
268 err
= SyntaxError
{"truncated base 128 integer"}
274 func parseUTCTime(bytes
[]byte) (ret time
.Time
, err error
) {
276 ret
, err
= time
.Parse("0601021504Z0700", s
)
278 ret
, err
= time
.Parse("060102150405Z0700", s
)
280 if err
== nil && ret
.Year() >= 2050 {
281 // UTCTime only encodes times prior to 2050. See https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1
282 ret
= ret
.AddDate(-100, 0, 0)
288 // parseGeneralizedTime parses the GeneralizedTime from the given byte slice
289 // and returns the resulting time.
290 func parseGeneralizedTime(bytes
[]byte) (ret time
.Time
, err error
) {
291 return time
.Parse("20060102150405Z0700", string(bytes
))
296 // parsePrintableString parses a ASN.1 PrintableString from the given byte
297 // array and returns it.
298 func parsePrintableString(bytes
[]byte) (ret
string, err error
) {
299 for _
, b
:= range bytes
{
301 err
= SyntaxError
{"PrintableString contains invalid character"}
309 // isPrintable returns true iff the given b is in the ASN.1 PrintableString set.
310 func isPrintable(b
byte) bool {
311 return 'a' <= b
&& b
<= 'z' ||
312 'A' <= b
&& b
<= 'Z' ||
313 '0' <= b
&& b
<= '9' ||
314 '\'' <= b
&& b
<= ')' ||
315 '+' <= b
&& b
<= '/' ||
320 // This is technically not allowed in a PrintableString.
321 // However, x509 certificates with wildcard strings don't
322 // always use the correct string type so we permit it.
328 // parseIA5String parses a ASN.1 IA5String (ASCII string) from the given
329 // byte slice and returns it.
330 func parseIA5String(bytes
[]byte) (ret
string, err error
) {
331 for _
, b
:= range bytes
{
333 err
= SyntaxError
{"IA5String contains invalid character"}
343 // parseT61String parses a ASN.1 T61String (8-bit clean string) from the given
344 // byte slice and returns it.
345 func parseT61String(bytes
[]byte) (ret
string, err error
) {
346 return string(bytes
), nil
351 // parseUTF8String parses a ASN.1 UTF8String (raw UTF-8) from the given byte
352 // array and returns it.
353 func parseUTF8String(bytes
[]byte) (ret
string, err error
) {
354 return string(bytes
), nil
357 // A RawValue represents an undecoded ASN.1 object.
358 type RawValue
struct {
362 FullBytes
[]byte // includes the tag and length
365 // RawContent is used to signal that the undecoded, DER data needs to be
366 // preserved for a struct. To use it, the first field of the struct must have
367 // this type. It's an error for any of the other fields to have this type.
368 type RawContent
[]byte
372 // parseTagAndLength parses an ASN.1 tag and length pair from the given offset
373 // into a byte slice. It returns the parsed data and the new offset. SET and
374 // SET OF (tag 17) are mapped to SEQUENCE and SEQUENCE OF (tag 16) since we
375 // don't distinguish between ordered and unordered objects in this code.
376 func parseTagAndLength(bytes
[]byte, initOffset
int) (ret tagAndLength
, offset
int, err error
) {
380 ret
.class
= int(b
>> 6)
381 ret
.isCompound
= b
&0x20 == 0x20
382 ret
.tag
= int(b
& 0x1f)
384 // If the bottom five bits are set, then the tag number is actually base 128
385 // encoded afterwards
387 ret
.tag
, offset
, err
= parseBase128Int(bytes
, offset
)
392 if offset
>= len(bytes
) {
393 err
= SyntaxError
{"truncated tag or length"}
399 // The length is encoded in the bottom 7 bits.
400 ret
.length
= int(b
& 0x7f)
402 // Bottom 7 bits give the number of length bytes to follow.
403 numBytes
:= int(b
& 0x7f)
405 err
= SyntaxError
{"indefinite length found (not DER)"}
409 for i
:= 0; i
< numBytes
; i
++ {
410 if offset
>= len(bytes
) {
411 err
= SyntaxError
{"truncated tag or length"}
416 if ret
.length
>= 1<<23 {
417 // We can't shift ret.length up without
419 err
= StructuralError
{"length too large"}
425 // DER requires that lengths be minimal.
426 err
= StructuralError
{"superfluous leading zeros in length"}
435 // parseSequenceOf is used for SEQUENCE OF and SET OF values. It tries to parse
436 // a number of ASN.1 values from the given byte slice and returns them as a
437 // slice of Go values of the given type.
438 func parseSequenceOf(bytes
[]byte, sliceType reflect
.Type
, elemType reflect
.Type
) (ret reflect
.Value
, err error
) {
439 expectedTag
, compoundType
, ok
:= getUniversalType(elemType
)
441 err
= StructuralError
{"unknown Go type for slice"}
445 // First we iterate over the input and count the number of elements,
446 // checking that the types are correct in each case.
448 for offset
:= 0; offset
< len(bytes
); {
450 t
, offset
, err
= parseTagAndLength(bytes
, offset
)
454 // We pretend that various other string types are PRINTABLE STRINGs
455 // so that a sequence of them can be parsed into a []string.
457 case tagIA5String
, tagGeneralString
, tagT61String
, tagUTF8String
:
458 t
.tag
= tagPrintableString
461 if t
.class
!= classUniversal || t
.isCompound
!= compoundType || t
.tag
!= expectedTag
{
462 err
= StructuralError
{"sequence tag mismatch"}
465 if invalidLength(offset
, t
.length
, len(bytes
)) {
466 err
= SyntaxError
{"truncated sequence"}
472 ret
= reflect
.MakeSlice(sliceType
, numElements
, numElements
)
473 params
:= fieldParameters
{}
475 for i
:= 0; i
< numElements
; i
++ {
476 offset
, err
= parseField(ret
.Index(i
), bytes
, offset
, params
)
485 bitStringType
= reflect
.TypeOf(BitString
{})
486 objectIdentifierType
= reflect
.TypeOf(ObjectIdentifier
{})
487 enumeratedType
= reflect
.TypeOf(Enumerated(0))
488 flagType
= reflect
.TypeOf(Flag(false))
489 timeType
= reflect
.TypeOf(time
.Time
{})
490 rawValueType
= reflect
.TypeOf(RawValue
{})
491 rawContentsType
= reflect
.TypeOf(RawContent(nil))
492 bigIntType
= reflect
.TypeOf(new(big
.Int
))
495 // invalidLength returns true iff offset + length > sliceLength, or if the
496 // addition would overflow.
497 func invalidLength(offset
, length
, sliceLength
int) bool {
498 return offset
+length
< offset || offset
+length
> sliceLength
501 // parseField is the main parsing function. Given a byte slice and an offset
502 // into the array, it will try to parse a suitable ASN.1 value out and store it
503 // in the given Value.
504 func parseField(v reflect
.Value
, bytes
[]byte, initOffset
int, params fieldParameters
) (offset
int, err error
) {
506 fieldType
:= v
.Type()
508 // If we have run out of data, it may be that there are optional elements at the end.
509 if offset
== len(bytes
) {
510 if !setDefaultValue(v
, params
) {
511 err
= SyntaxError
{"sequence truncated"}
516 // Deal with raw values.
517 if fieldType
== rawValueType
{
519 t
, offset
, err
= parseTagAndLength(bytes
, offset
)
523 if invalidLength(offset
, t
.length
, len(bytes
)) {
524 err
= SyntaxError
{"data truncated"}
527 result
:= RawValue
{t
.class
, t
.tag
, t
.isCompound
, bytes
[offset
: offset
+t
.length
], bytes
[initOffset
: offset
+t
.length
]}
529 v
.Set(reflect
.ValueOf(result
))
533 // Deal with the ANY type.
534 if ifaceType
:= fieldType
; ifaceType
.Kind() == reflect
.Interface
&& ifaceType
.NumMethod() == 0 {
536 t
, offset
, err
= parseTagAndLength(bytes
, offset
)
540 if invalidLength(offset
, t
.length
, len(bytes
)) {
541 err
= SyntaxError
{"data truncated"}
544 var result
interface{}
545 if !t
.isCompound
&& t
.class
== classUniversal
{
546 innerBytes
:= bytes
[offset
: offset
+t
.length
]
548 case tagPrintableString
:
549 result
, err
= parsePrintableString(innerBytes
)
551 result
, err
= parseIA5String(innerBytes
)
553 result
, err
= parseT61String(innerBytes
)
555 result
, err
= parseUTF8String(innerBytes
)
557 result
, err
= parseInt64(innerBytes
)
559 result
, err
= parseBitString(innerBytes
)
561 result
, err
= parseObjectIdentifier(innerBytes
)
563 result
, err
= parseUTCTime(innerBytes
)
567 // If we don't know how to handle the type, we just leave Value as nil.
575 v
.Set(reflect
.ValueOf(result
))
579 universalTag
, compoundType
, ok1
:= getUniversalType(fieldType
)
581 err
= StructuralError
{fmt
.Sprintf("unknown Go type: %v", fieldType
)}
585 t
, offset
, err
:= parseTagAndLength(bytes
, offset
)
590 expectedClass
:= classContextSpecific
591 if params
.application
{
592 expectedClass
= classApplication
594 if t
.class
== expectedClass
&& t
.tag
== *params
.tag
&& (t
.length
== 0 || t
.isCompound
) {
596 t
, offset
, err
= parseTagAndLength(bytes
, offset
)
601 if fieldType
!= flagType
{
602 err
= StructuralError
{"zero length explicit tag was not an asn1.Flag"}
609 // The tags didn't match, it might be an optional element.
610 ok
:= setDefaultValue(v
, params
)
614 err
= StructuralError
{"explicitly tagged member didn't match"}
620 // Special case for strings: all the ASN.1 string types map to the Go
621 // type string. getUniversalType returns the tag for PrintableString
622 // when it sees a string, so if we see a different string type on the
623 // wire, we change the universal type to match.
624 if universalTag
== tagPrintableString
{
626 case tagIA5String
, tagGeneralString
, tagT61String
, tagUTF8String
:
631 // Special case for time: UTCTime and GeneralizedTime both map to the
632 // Go type time.Time.
633 if universalTag
== tagUTCTime
&& t
.tag
== tagGeneralizedTime
{
634 universalTag
= tagGeneralizedTime
637 expectedClass
:= classUniversal
638 expectedTag
:= universalTag
640 if !params
.explicit
&& params
.tag
!= nil {
641 expectedClass
= classContextSpecific
642 expectedTag
= *params
.tag
645 if !params
.explicit
&& params
.application
&& params
.tag
!= nil {
646 expectedClass
= classApplication
647 expectedTag
= *params
.tag
650 // We have unwrapped any explicit tagging at this point.
651 if t
.class
!= expectedClass || t
.tag
!= expectedTag || t
.isCompound
!= compoundType
{
652 // Tags don't match. Again, it could be an optional element.
653 ok
:= setDefaultValue(v
, params
)
657 err
= StructuralError
{fmt
.Sprintf("tags don't match (%d vs %+v) %+v %s @%d", expectedTag
, t
, params
, fieldType
.Name(), offset
)}
661 if invalidLength(offset
, t
.length
, len(bytes
)) {
662 err
= SyntaxError
{"data truncated"}
665 innerBytes
:= bytes
[offset
: offset
+t
.length
]
668 // We deal with the structures defined in this package first.
670 case objectIdentifierType
:
671 newSlice
, err1
:= parseObjectIdentifier(innerBytes
)
672 v
.Set(reflect
.MakeSlice(v
.Type(), len(newSlice
), len(newSlice
)))
674 reflect
.Copy(v
, reflect
.ValueOf(newSlice
))
679 bs
, err1
:= parseBitString(innerBytes
)
681 v
.Set(reflect
.ValueOf(bs
))
688 if universalTag
== tagUTCTime
{
689 time
, err1
= parseUTCTime(innerBytes
)
691 time
, err1
= parseGeneralizedTime(innerBytes
)
694 v
.Set(reflect
.ValueOf(time
))
699 parsedInt
, err1
:= parseInt32(innerBytes
)
701 v
.SetInt(int64(parsedInt
))
709 parsedInt
:= parseBigInt(innerBytes
)
710 v
.Set(reflect
.ValueOf(parsedInt
))
713 switch val
:= v
; val
.Kind() {
715 parsedBool
, err1
:= parseBool(innerBytes
)
717 val
.SetBool(parsedBool
)
721 case reflect
.Int
, reflect
.Int32
, reflect
.Int64
:
722 if val
.Type().Size() == 4 {
723 parsedInt
, err1
:= parseInt32(innerBytes
)
725 val
.SetInt(int64(parsedInt
))
729 parsedInt
, err1
:= parseInt64(innerBytes
)
731 val
.SetInt(parsedInt
)
736 // TODO(dfc) Add support for the remaining integer types
738 structType
:= fieldType
740 if structType
.NumField() > 0 &&
741 structType
.Field(0).Type
== rawContentsType
{
742 bytes
:= bytes
[initOffset
:offset
]
743 val
.Field(0).Set(reflect
.ValueOf(RawContent(bytes
)))
747 for i
:= 0; i
< structType
.NumField(); i
++ {
748 field
:= structType
.Field(i
)
749 if i
== 0 && field
.Type
== rawContentsType
{
752 innerOffset
, err
= parseField(val
.Field(i
), innerBytes
, innerOffset
, parseFieldParameters(field
.Tag
.Get("asn1")))
757 // We allow extra bytes at the end of the SEQUENCE because
758 // adding elements to the end has been used in X.509 as the
759 // version numbers have increased.
762 sliceType
:= fieldType
763 if sliceType
.Elem().Kind() == reflect
.Uint8
{
764 val
.Set(reflect
.MakeSlice(sliceType
, len(innerBytes
), len(innerBytes
)))
765 reflect
.Copy(val
, reflect
.ValueOf(innerBytes
))
768 newSlice
, err1
:= parseSequenceOf(innerBytes
, sliceType
, sliceType
.Elem())
776 switch universalTag
{
777 case tagPrintableString
:
778 v
, err
= parsePrintableString(innerBytes
)
780 v
, err
= parseIA5String(innerBytes
)
782 v
, err
= parseT61String(innerBytes
)
784 v
, err
= parseUTF8String(innerBytes
)
785 case tagGeneralString
:
786 // GeneralString is specified in ISO-2022/ECMA-35,
787 // A brief review suggests that it includes structures
788 // that allow the encoding to change midstring and
789 // such. We give up and pass it as an 8-bit string.
790 v
, err
= parseT61String(innerBytes
)
792 err
= SyntaxError
{fmt
.Sprintf("internal error: unknown string type %d", universalTag
)}
799 err
= StructuralError
{"unsupported: " + v
.Type().String()}
803 // setDefaultValue is used to install a default value, from a tag string, into
804 // a Value. It is successful is the field was optional, even if a default value
805 // wasn't provided or it failed to install it into the Value.
806 func setDefaultValue(v reflect
.Value
, params fieldParameters
) (ok
bool) {
807 if !params
.optional
{
811 if params
.defaultValue
== nil {
814 switch val
:= v
; val
.Kind() {
815 case reflect
.Int
, reflect
.Int8
, reflect
.Int16
, reflect
.Int32
, reflect
.Int64
:
816 val
.SetInt(*params
.defaultValue
)
821 // Unmarshal parses the DER-encoded ASN.1 data structure b
822 // and uses the reflect package to fill in an arbitrary value pointed at by val.
823 // Because Unmarshal uses the reflect package, the structs
824 // being written to must use upper case field names.
826 // An ASN.1 INTEGER can be written to an int, int32, int64,
827 // or *big.Int (from the math/big package).
828 // If the encoded value does not fit in the Go type,
829 // Unmarshal returns a parse error.
831 // An ASN.1 BIT STRING can be written to a BitString.
833 // An ASN.1 OCTET STRING can be written to a []byte.
835 // An ASN.1 OBJECT IDENTIFIER can be written to an
838 // An ASN.1 ENUMERATED can be written to an Enumerated.
840 // An ASN.1 UTCTIME or GENERALIZEDTIME can be written to a time.Time.
842 // An ASN.1 PrintableString or IA5String can be written to a string.
844 // Any of the above ASN.1 values can be written to an interface{}.
845 // The value stored in the interface has the corresponding Go type.
846 // For integers, that type is int64.
848 // An ASN.1 SEQUENCE OF x or SET OF x can be written
849 // to a slice if an x can be written to the slice's element type.
851 // An ASN.1 SEQUENCE or SET can be written to a struct
852 // if each of the elements in the sequence can be
853 // written to the corresponding element in the struct.
855 // The following tags on struct fields have special meaning to Unmarshal:
857 // optional marks the field as ASN.1 OPTIONAL
858 // [explicit] tag:x specifies the ASN.1 tag number; implies ASN.1 CONTEXT SPECIFIC
859 // default:x sets the default value for optional integer fields
861 // If the type of the first field of a structure is RawContent then the raw
862 // ASN1 contents of the struct will be stored in it.
864 // Other ASN.1 types are not supported; if it encounters them,
865 // Unmarshal returns a parse error.
866 func Unmarshal(b
[]byte, val
interface{}) (rest
[]byte, err error
) {
867 return UnmarshalWithParams(b
, val
, "")
870 // UnmarshalWithParams allows field parameters to be specified for the
871 // top-level element. The form of the params is the same as the field tags.
872 func UnmarshalWithParams(b
[]byte, val
interface{}, params
string) (rest
[]byte, err error
) {
873 v
:= reflect
.ValueOf(val
).Elem()
874 offset
, err
:= parseField(v
, b
, 0, parseFieldParameters(params
))
878 return b
[offset
:], nil