| blob | 7920d9fc89d88e24f266a8bf022995ebeb41af10 |
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
16 // According to ITU-T X.690 section 8.2, a bool is encoded as a single octet
17 // where the octet of all zeroes is FALSE and a non-zero value for the octet
18 // is TRUE.
28 }
29 // ITU-T X.690 section 11.1 specifies that for DER, the TRUE value must be
30 // encoded as an octet of all ones.
34 }
36 }
38 // Reads a positive decimal number with |digits| digits and stores it in
39 // |*out|. This function does not check that the type of |*out| is large
40 // enough to hold 10^digits - 1; the caller must choose an appropriate type
41 // based on the number of digits they wish to parse.
49 }
52 }
54 }
57 }
59 // Checks that the values in a GeneralizedTime struct are valid. This involves
60 // checking that the year is 4 digits, the month is between 1 and 12, the day
61 // is a day that exists in that month (following current leap year rules),
62 // hours are between 0 and 23, minutes between 0 and 59, and seconds between
63 // 0 and 60 (to allow for leap seconds; no validation is done that a leap
64 // second is on a day that could be a leap second).
74 // Leap seconds are allowed.
78 // validate upper bound for day of month
105 }
110 }
112 }
114 // Returns the number of bytes of numeric precision in a DER encoded INTEGER
115 // value. |in| must be a valid DER encoding of an INTEGER for this to work.
116 //
117 // Normally the precision of the number is exactly in.Length(). However when
118 // encoding positive numbers using DER it is possible to have a leading zero
119 // (to prevent number from being interpreted as negative).
120 //
121 // For instance a 160-bit positive number might take 21 bytes to encode. This
122 // function will return 20 in such a case.
132 }
138 }
140 // BER interprets any non-zero value as true, while DER requires a bool to
141 // have either all bits zero (false) or all bits one (true). To support
142 // malformed certs, we recognized the BER encoding instead of failing to
143 // parse.
146 }
148 // ITU-T X.690 section 8.3.2 specifies that an integer value must be encoded
149 // in the smallest number of octets. If the encoding consists of more than
150 // one octet, then the bits of the first octet and the most significant bit
151 // of the second octet must not be all zeroes or all ones.
163 // Not a minimal encoding.
165 }
166 }
170 }
173 // Reject non-minimally encoded numbers and negative numbers.
178 // Reject (non-negative) integers whose value would overflow the output type.
189 }
192 }
198 }
203 // From ITU-T X.690, section 8.6.2.2 (applies to BER, CER, DER):
204 //
205 // The initial octet shall encode, as an unsigned binary integer with
206 // bit 1 as the least significant bit, the number of unused bits in the final
207 // subsequent octet. The number shall be in the range zero to seven.
214 Input bytes;
218 // Ensure that unused bits in the last byte are set to 0.
220 // From ITU-T X.690, section 8.6.2.3 (applies to BER, CER, DER):
221 //
222 // If the bitstring is empty, there shall be no subsequent octets,
223 // and the initial octet shall be zero.
228 // From ITU-T X.690, section 11.2.1 (applies to CER and DER, but not BER):
229 //
230 // Each unused bit in the final octet of the encoding of a bit string value
231 // shall be set to zero.
235 }
239 }
253 }
255 // A UTC Time in DER encoding should be YYMMDDHHMMSSZ, but some CAs encode
256 // the time following BER rules, which allows for YYMMDDHHMMZ. If the length
257 // is 11, assume it's YYMMDDHHMMZ, and in converting it to a GeneralizedTime,
258 // add in the seconds (set to 0).
261 GeneralizedTime time;
268 }
270 // Try to read the 'Z' at the end. If we read something else, then for it to
271 // be valid the next bytes should be seconds (and then followed by 'Z').
284 }
290 }
295 }
299 GeneralizedTime time;
307 }
315 }
320 }
324 GeneralizedTime time;
332 }
340 }