1// Copyright 2009 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5// Package asn1 implements parsing of DER-encoded ASN.1 data structures, 6// as defined in ITU-T Rec X.690. 7// 8// See also ``A Layman's Guide to a Subset of ASN.1, BER, and DER,'' 9// http://luca.ntop.org/Teaching/Appunti/asn1.html. 10package asn1 11 12// ASN.1 is a syntax for specifying abstract objects and BER, DER, PER, XER etc 13// are different encoding formats for those objects. Here, we'll be dealing 14// with DER, the Distinguished Encoding Rules. DER is used in X.509 because 15// it's fast to parse and, unlike BER, has a unique encoding for every object. 16// When calculating hashes over objects, it's important that the resulting 17// bytes be the same at both ends and DER removes this margin of error. 18// 19// ASN.1 is very complex and this package doesn't attempt to implement 20// everything by any means. 21 22import ( 23 "fmt" 24 "math/big" 25 "reflect" 26 "time" 27) 28 29// A StructuralError suggests that the ASN.1 data is valid, but the Go type 30// which is receiving it doesn't match. 31type StructuralError struct { 32 Msg string 33} 34 35func (e StructuralError) Error() string { return "ASN.1 structure error: " + e.Msg } 36 37// A SyntaxError suggests that the ASN.1 data is invalid. 38type SyntaxError struct { 39 Msg string 40} 41 42func (e SyntaxError) Error() string { return "ASN.1 syntax error: " + e.Msg } 43 44// We start by dealing with each of the primitive types in turn. 45 46// BOOLEAN 47 48func parseBool(bytes []byte) (ret bool, err error) { 49 if len(bytes) != 1 { 50 err = SyntaxError{"invalid boolean"} 51 return 52 } 53 54 return bytes[0] != 0, nil 55} 56 57// INTEGER 58 59// parseInt64 treats the given bytes as a big-endian, signed integer and 60// returns the result. 61func parseInt64(bytes []byte) (ret int64, err error) { 62 if len(bytes) > 8 { 63 // We'll overflow an int64 in this case. 64 err = StructuralError{"integer too large"} 65 return 66 } 67 for bytesRead := 0; bytesRead < len(bytes); bytesRead++ { 68 ret <<= 8 69 ret |= int64(bytes[bytesRead]) 70 } 71 72 // Shift up and down in order to sign extend the result. 73 ret <<= 64 - uint8(len(bytes))*8 74 ret >>= 64 - uint8(len(bytes))*8 75 return 76} 77 78// parseInt treats the given bytes as a big-endian, signed integer and returns 79// the result. 80func parseInt32(bytes []byte) (int32, error) { 81 ret64, err := parseInt64(bytes) 82 if err != nil { 83 return 0, err 84 } 85 if ret64 != int64(int32(ret64)) { 86 return 0, StructuralError{"integer too large"} 87 } 88 return int32(ret64), nil 89} 90 91var bigOne = big.NewInt(1) 92 93// parseBigInt treats the given bytes as a big-endian, signed integer and returns 94// the result. 95func parseBigInt(bytes []byte) *big.Int { 96 ret := new(big.Int) 97 if len(bytes) > 0 && bytes[0]&0x80 == 0x80 { 98 // This is a negative number. 99 notBytes := make([]byte, len(bytes)) 100 for i := range notBytes { 101 notBytes[i] = ^bytes[i] 102 } 103 ret.SetBytes(notBytes) 104 ret.Add(ret, bigOne) 105 ret.Neg(ret) 106 return ret 107 } 108 ret.SetBytes(bytes) 109 return ret 110} 111 112// BIT STRING 113 114// BitString is the structure to use when you want an ASN.1 BIT STRING type. A 115// bit string is padded up to the nearest byte in memory and the number of 116// valid bits is recorded. Padding bits will be zero. 117type BitString struct { 118 Bytes []byte // bits packed into bytes. 119 BitLength int // length in bits. 120} 121 122// At returns the bit at the given index. If the index is out of range it 123// returns false. 124func (b BitString) At(i int) int { 125 if i < 0 || i >= b.BitLength { 126 return 0 127 } 128 x := i / 8 129 y := 7 - uint(i%8) 130 return int(b.Bytes[x]>>y) & 1 131} 132 133// RightAlign returns a slice where the padding bits are at the beginning. The 134// slice may share memory with the BitString. 135func (b BitString) RightAlign() []byte { 136 shift := uint(8 - (b.BitLength % 8)) 137 if shift == 8 || len(b.Bytes) == 0 { 138 return b.Bytes 139 } 140 141 a := make([]byte, len(b.Bytes)) 142 a[0] = b.Bytes[0] >> shift 143 for i := 1; i < len(b.Bytes); i++ { 144 a[i] = b.Bytes[i-1] << (8 - shift) 145 a[i] |= b.Bytes[i] >> shift 146 } 147 148 return a 149} 150 151// parseBitString parses an ASN.1 bit string from the given byte slice and returns it. 152func parseBitString(bytes []byte) (ret BitString, err error) { 153 if len(bytes) == 0 { 154 err = SyntaxError{"zero length BIT STRING"} 155 return 156 } 157 paddingBits := int(bytes[0]) 158 if paddingBits > 7 || 159 len(bytes) == 1 && paddingBits > 0 || 160 bytes[len(bytes)-1]&((1<<bytes[0])-1) != 0 { 161 err = SyntaxError{"invalid padding bits in BIT STRING"} 162 return 163 } 164 ret.BitLength = (len(bytes)-1)*8 - paddingBits 165 ret.Bytes = bytes[1:] 166 return 167} 168 169// OBJECT IDENTIFIER 170 171// An ObjectIdentifier represents an ASN.1 OBJECT IDENTIFIER. 172type ObjectIdentifier []int 173 174// Equal returns true iff oi and other represent the same identifier. 175func (oi ObjectIdentifier) Equal(other ObjectIdentifier) bool { 176 if len(oi) != len(other) { 177 return false 178 } 179 for i := 0; i < len(oi); i++ { 180 if oi[i] != other[i] { 181 return false 182 } 183 } 184 185 return true 186} 187 188// parseObjectIdentifier parses an OBJECT IDENTIFIER from the given bytes and 189// returns it. An object identifier is a sequence of variable length integers 190// that are assigned in a hierarchy. 191func parseObjectIdentifier(bytes []byte) (s []int, err error) { 192 if len(bytes) == 0 { 193 err = SyntaxError{"zero length OBJECT IDENTIFIER"} 194 return 195 } 196 197 // In the worst case, we get two elements from the first byte (which is 198 // encoded differently) and then every varint is a single byte long. 199 s = make([]int, len(bytes)+1) 200 201 // The first byte is 40*value1 + value2: 202 s[0] = int(bytes[0]) / 40 203 s[1] = int(bytes[0]) % 40 204 i := 2 205 for offset := 1; offset < len(bytes); i++ { 206 var v int 207 v, offset, err = parseBase128Int(bytes, offset) 208 if err != nil { 209 return 210 } 211 s[i] = v 212 } 213 s = s[0:i] 214 return 215} 216 217// ENUMERATED 218 219// An Enumerated is represented as a plain int. 220type Enumerated int 221 222// FLAG 223 224// A Flag accepts any data and is set to true if present. 225type Flag bool 226 227// parseBase128Int parses a base-128 encoded int from the given offset in the 228// given byte slice. It returns the value and the new offset. 229func parseBase128Int(bytes []byte, initOffset int) (ret, offset int, err error) { 230 offset = initOffset 231 for shifted := 0; offset < len(bytes); shifted++ { 232 if shifted > 4 { 233 err = StructuralError{"base 128 integer too large"} 234 return 235 } 236 ret <<= 7 237 b := bytes[offset] 238 ret |= int(b & 0x7f) 239 offset++ 240 if b&0x80 == 0 { 241 return 242 } 243 } 244 err = SyntaxError{"truncated base 128 integer"} 245 return 246} 247 248// UTCTime 249 250func parseUTCTime(bytes []byte) (ret time.Time, err error) { 251 s := string(bytes) 252 ret, err = time.Parse("0601021504Z0700", s) 253 if err != nil { 254 ret, err = time.Parse("060102150405Z0700", s) 255 } 256 if err == nil && ret.Year() >= 2050 { 257 // UTCTime only encodes times prior to 2050. See https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1 258 ret = ret.AddDate(-100, 0, 0) 259 } 260 261 return 262} 263 264// parseGeneralizedTime parses the GeneralizedTime from the given byte slice 265// and returns the resulting time. 266func parseGeneralizedTime(bytes []byte) (ret time.Time, err error) { 267 return time.Parse("20060102150405Z0700", string(bytes)) 268} 269 270// PrintableString 271 272// parsePrintableString parses a ASN.1 PrintableString from the given byte 273// array and returns it. 274func parsePrintableString(bytes []byte) (ret string, err error) { 275 for _, b := range bytes { 276 if !isPrintable(b) { 277 err = SyntaxError{"PrintableString contains invalid character"} 278 return 279 } 280 } 281 ret = string(bytes) 282 return 283} 284 285// isPrintable returns true iff the given b is in the ASN.1 PrintableString set. 286func isPrintable(b byte) bool { 287 return 'a' <= b && b <= 'z' || 288 'A' <= b && b <= 'Z' || 289 '0' <= b && b <= '9' || 290 '\'' <= b && b <= ')' || 291 '+' <= b && b <= '/' || 292 b == ' ' || 293 b == ':' || 294 b == '=' || 295 b == '?' || 296 // This is technically not allowed in a PrintableString. 297 // However, x509 certificates with wildcard strings don't 298 // always use the correct string type so we permit it. 299 b == '*' 300} 301 302// IA5String 303 304// parseIA5String parses a ASN.1 IA5String (ASCII string) from the given 305// byte slice and returns it. 306func parseIA5String(bytes []byte) (ret string, err error) { 307 for _, b := range bytes { 308 if b >= 0x80 { 309 err = SyntaxError{"IA5String contains invalid character"} 310 return 311 } 312 } 313 ret = string(bytes) 314 return 315} 316 317// T61String 318 319// parseT61String parses a ASN.1 T61String (8-bit clean string) from the given 320// byte slice and returns it. 321func parseT61String(bytes []byte) (ret string, err error) { 322 return string(bytes), nil 323} 324 325// UTF8String 326 327// parseUTF8String parses a ASN.1 UTF8String (raw UTF-8) from the given byte 328// array and returns it. 329func parseUTF8String(bytes []byte) (ret string, err error) { 330 return string(bytes), nil 331} 332 333// A RawValue represents an undecoded ASN.1 object. 334type RawValue struct { 335 Class, Tag int 336 IsCompound bool 337 Bytes []byte 338 FullBytes []byte // includes the tag and length 339} 340 341// RawContent is used to signal that the undecoded, DER data needs to be 342// preserved for a struct. To use it, the first field of the struct must have 343// this type. It's an error for any of the other fields to have this type. 344type RawContent []byte 345 346// Tagging 347 348// parseTagAndLength parses an ASN.1 tag and length pair from the given offset 349// into a byte slice. It returns the parsed data and the new offset. SET and 350// SET OF (tag 17) are mapped to SEQUENCE and SEQUENCE OF (tag 16) since we 351// don't distinguish between ordered and unordered objects in this code. 352func parseTagAndLength(bytes []byte, initOffset int) (ret tagAndLength, offset int, err error) { 353 offset = initOffset 354 b := bytes[offset] 355 offset++ 356 ret.class = int(b >> 6) 357 ret.isCompound = b&0x20 == 0x20 358 ret.tag = int(b & 0x1f) 359 360 // If the bottom five bits are set, then the tag number is actually base 128 361 // encoded afterwards 362 if ret.tag == 0x1f { 363 ret.tag, offset, err = parseBase128Int(bytes, offset) 364 if err != nil { 365 return 366 } 367 } 368 if offset >= len(bytes) { 369 err = SyntaxError{"truncated tag or length"} 370 return 371 } 372 b = bytes[offset] 373 offset++ 374 if b&0x80 == 0 { 375 // The length is encoded in the bottom 7 bits. 376 ret.length = int(b & 0x7f) 377 } else { 378 // Bottom 7 bits give the number of length bytes to follow. 379 numBytes := int(b & 0x7f) 380 if numBytes == 0 { 381 err = SyntaxError{"indefinite length found (not DER)"} 382 return 383 } 384 ret.length = 0 385 for i := 0; i < numBytes; i++ { 386 if offset >= len(bytes) { 387 err = SyntaxError{"truncated tag or length"} 388 return 389 } 390 b = bytes[offset] 391 offset++ 392 if ret.length >= 1<<23 { 393 // We can't shift ret.length up without 394 // overflowing. 395 err = StructuralError{"length too large"} 396 return 397 } 398 ret.length <<= 8 399 ret.length |= int(b) 400 if ret.length == 0 { 401 // DER requires that lengths be minimal. 402 err = StructuralError{"superfluous leading zeros in length"} 403 return 404 } 405 } 406 } 407 408 return 409} 410 411// parseSequenceOf is used for SEQUENCE OF and SET OF values. It tries to parse 412// a number of ASN.1 values from the given byte slice and returns them as a 413// slice of Go values of the given type. 414func parseSequenceOf(bytes []byte, sliceType reflect.Type, elemType reflect.Type) (ret reflect.Value, err error) { 415 expectedTag, compoundType, ok := getUniversalType(elemType) 416 if !ok { 417 err = StructuralError{"unknown Go type for slice"} 418 return 419 } 420 421 // First we iterate over the input and count the number of elements, 422 // checking that the types are correct in each case. 423 numElements := 0 424 for offset := 0; offset < len(bytes); { 425 var t tagAndLength 426 t, offset, err = parseTagAndLength(bytes, offset) 427 if err != nil { 428 return 429 } 430 // We pretend that GENERAL STRINGs are PRINTABLE STRINGs so 431 // that a sequence of them can be parsed into a []string. 432 if t.tag == tagGeneralString { 433 t.tag = tagPrintableString 434 } 435 if t.class != classUniversal || t.isCompound != compoundType || t.tag != expectedTag { 436 err = StructuralError{"sequence tag mismatch"} 437 return 438 } 439 if invalidLength(offset, t.length, len(bytes)) { 440 err = SyntaxError{"truncated sequence"} 441 return 442 } 443 offset += t.length 444 numElements++ 445 } 446 ret = reflect.MakeSlice(sliceType, numElements, numElements) 447 params := fieldParameters{} 448 offset := 0 449 for i := 0; i < numElements; i++ { 450 offset, err = parseField(ret.Index(i), bytes, offset, params) 451 if err != nil { 452 return 453 } 454 } 455 return 456} 457 458var ( 459 bitStringType = reflect.TypeOf(BitString{}) 460 objectIdentifierType = reflect.TypeOf(ObjectIdentifier{}) 461 enumeratedType = reflect.TypeOf(Enumerated(0)) 462 flagType = reflect.TypeOf(Flag(false)) 463 timeType = reflect.TypeOf(time.Time{}) 464 rawValueType = reflect.TypeOf(RawValue{}) 465 rawContentsType = reflect.TypeOf(RawContent(nil)) 466 bigIntType = reflect.TypeOf(new(big.Int)) 467) 468 469// invalidLength returns true iff offset + length > sliceLength, or if the 470// addition would overflow. 471func invalidLength(offset, length, sliceLength int) bool { 472 return offset+length < offset || offset+length > sliceLength 473} 474 475// parseField is the main parsing function. Given a byte slice and an offset 476// into the array, it will try to parse a suitable ASN.1 value out and store it 477// in the given Value. 478func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParameters) (offset int, err error) { 479 offset = initOffset 480 fieldType := v.Type() 481 482 // If we have run out of data, it may be that there are optional elements at the end. 483 if offset == len(bytes) { 484 if !setDefaultValue(v, params) { 485 err = SyntaxError{"sequence truncated"} 486 } 487 return 488 } 489 490 // Deal with raw values. 491 if fieldType == rawValueType { 492 var t tagAndLength 493 t, offset, err = parseTagAndLength(bytes, offset) 494 if err != nil { 495 return 496 } 497 if invalidLength(offset, t.length, len(bytes)) { 498 err = SyntaxError{"data truncated"} 499 return 500 } 501 result := RawValue{t.class, t.tag, t.isCompound, bytes[offset : offset+t.length], bytes[initOffset : offset+t.length]} 502 offset += t.length 503 v.Set(reflect.ValueOf(result)) 504 return 505 } 506 507 // Deal with the ANY type. 508 if ifaceType := fieldType; ifaceType.Kind() == reflect.Interface && ifaceType.NumMethod() == 0 { 509 var t tagAndLength 510 t, offset, err = parseTagAndLength(bytes, offset) 511 if err != nil { 512 return 513 } 514 if invalidLength(offset, t.length, len(bytes)) { 515 err = SyntaxError{"data truncated"} 516 return 517 } 518 var result interface{} 519 if !t.isCompound && t.class == classUniversal { 520 innerBytes := bytes[offset : offset+t.length] 521 switch t.tag { 522 case tagPrintableString: 523 result, err = parsePrintableString(innerBytes) 524 case tagIA5String: 525 result, err = parseIA5String(innerBytes) 526 case tagT61String: 527 result, err = parseT61String(innerBytes) 528 case tagUTF8String: 529 result, err = parseUTF8String(innerBytes) 530 case tagInteger: 531 result, err = parseInt64(innerBytes) 532 case tagBitString: 533 result, err = parseBitString(innerBytes) 534 case tagOID: 535 result, err = parseObjectIdentifier(innerBytes) 536 case tagUTCTime: 537 result, err = parseUTCTime(innerBytes) 538 case tagOctetString: 539 result = innerBytes 540 default: 541 // If we don't know how to handle the type, we just leave Value as nil. 542 } 543 } 544 offset += t.length 545 if err != nil { 546 return 547 } 548 if result != nil { 549 v.Set(reflect.ValueOf(result)) 550 } 551 return 552 } 553 universalTag, compoundType, ok1 := getUniversalType(fieldType) 554 if !ok1 { 555 err = StructuralError{fmt.Sprintf("unknown Go type: %v", fieldType)} 556 return 557 } 558 559 t, offset, err := parseTagAndLength(bytes, offset) 560 if err != nil { 561 return 562 } 563 if params.explicit { 564 expectedClass := classContextSpecific 565 if params.application { 566 expectedClass = classApplication 567 } 568 if t.class == expectedClass && t.tag == *params.tag && (t.length == 0 || t.isCompound) { 569 if t.length > 0 { 570 t, offset, err = parseTagAndLength(bytes, offset) 571 if err != nil { 572 return 573 } 574 } else { 575 if fieldType != flagType { 576 err = StructuralError{"Zero length explicit tag was not an asn1.Flag"} 577 return 578 } 579 v.SetBool(true) 580 return 581 } 582 } else { 583 // The tags didn't match, it might be an optional element. 584 ok := setDefaultValue(v, params) 585 if ok { 586 offset = initOffset 587 } else { 588 err = StructuralError{"explicitly tagged member didn't match"} 589 } 590 return 591 } 592 } 593 594 // Special case for strings: all the ASN.1 string types map to the Go 595 // type string. getUniversalType returns the tag for PrintableString 596 // when it sees a string, so if we see a different string type on the 597 // wire, we change the universal type to match. 598 if universalTag == tagPrintableString { 599 switch t.tag { 600 case tagIA5String, tagGeneralString, tagT61String, tagUTF8String: 601 universalTag = t.tag 602 } 603 } 604 605 // Special case for time: UTCTime and GeneralizedTime both map to the 606 // Go type time.Time. 607 if universalTag == tagUTCTime && t.tag == tagGeneralizedTime { 608 universalTag = tagGeneralizedTime 609 } 610 611 expectedClass := classUniversal 612 expectedTag := universalTag 613 614 if !params.explicit && params.tag != nil { 615 expectedClass = classContextSpecific 616 expectedTag = *params.tag 617 } 618 619 if !params.explicit && params.application && params.tag != nil { 620 expectedClass = classApplication 621 expectedTag = *params.tag 622 } 623 624 // We have unwrapped any explicit tagging at this point. 625 if t.class != expectedClass || t.tag != expectedTag || t.isCompound != compoundType { 626 // Tags don't match. Again, it could be an optional element. 627 ok := setDefaultValue(v, params) 628 if ok { 629 offset = initOffset 630 } else { 631 err = StructuralError{fmt.Sprintf("tags don't match (%d vs %+v) %+v %s @%d", expectedTag, t, params, fieldType.Name(), offset)} 632 } 633 return 634 } 635 if invalidLength(offset, t.length, len(bytes)) { 636 err = SyntaxError{"data truncated"} 637 return 638 } 639 innerBytes := bytes[offset : offset+t.length] 640 offset += t.length 641 642 // We deal with the structures defined in this package first. 643 switch fieldType { 644 case objectIdentifierType: 645 newSlice, err1 := parseObjectIdentifier(innerBytes) 646 v.Set(reflect.MakeSlice(v.Type(), len(newSlice), len(newSlice))) 647 if err1 == nil { 648 reflect.Copy(v, reflect.ValueOf(newSlice)) 649 } 650 err = err1 651 return 652 case bitStringType: 653 bs, err1 := parseBitString(innerBytes) 654 if err1 == nil { 655 v.Set(reflect.ValueOf(bs)) 656 } 657 err = err1 658 return 659 case timeType: 660 var time time.Time 661 var err1 error 662 if universalTag == tagUTCTime { 663 time, err1 = parseUTCTime(innerBytes) 664 } else { 665 time, err1 = parseGeneralizedTime(innerBytes) 666 } 667 if err1 == nil { 668 v.Set(reflect.ValueOf(time)) 669 } 670 err = err1 671 return 672 case enumeratedType: 673 parsedInt, err1 := parseInt32(innerBytes) 674 if err1 == nil { 675 v.SetInt(int64(parsedInt)) 676 } 677 err = err1 678 return 679 case flagType: 680 v.SetBool(true) 681 return 682 case bigIntType: 683 parsedInt := parseBigInt(innerBytes) 684 v.Set(reflect.ValueOf(parsedInt)) 685 return 686 } 687 switch val := v; val.Kind() { 688 case reflect.Bool: 689 parsedBool, err1 := parseBool(innerBytes) 690 if err1 == nil { 691 val.SetBool(parsedBool) 692 } 693 err = err1 694 return 695 case reflect.Int, reflect.Int32, reflect.Int64: 696 if val.Type().Size() == 4 { 697 parsedInt, err1 := parseInt32(innerBytes) 698 if err1 == nil { 699 val.SetInt(int64(parsedInt)) 700 } 701 err = err1 702 } else { 703 parsedInt, err1 := parseInt64(innerBytes) 704 if err1 == nil { 705 val.SetInt(parsedInt) 706 } 707 err = err1 708 } 709 return 710 // TODO(dfc) Add support for the remaining integer types 711 case reflect.Struct: 712 structType := fieldType 713 714 if structType.NumField() > 0 && 715 structType.Field(0).Type == rawContentsType { 716 bytes := bytes[initOffset:offset] 717 val.Field(0).Set(reflect.ValueOf(RawContent(bytes))) 718 } 719 720 innerOffset := 0 721 for i := 0; i < structType.NumField(); i++ { 722 field := structType.Field(i) 723 if i == 0 && field.Type == rawContentsType { 724 continue 725 } 726 innerOffset, err = parseField(val.Field(i), innerBytes, innerOffset, parseFieldParameters(field.Tag.Get("asn1"))) 727 if err != nil { 728 return 729 } 730 } 731 // We allow extra bytes at the end of the SEQUENCE because 732 // adding elements to the end has been used in X.509 as the 733 // version numbers have increased. 734 return 735 case reflect.Slice: 736 sliceType := fieldType 737 if sliceType.Elem().Kind() == reflect.Uint8 { 738 val.Set(reflect.MakeSlice(sliceType, len(innerBytes), len(innerBytes))) 739 reflect.Copy(val, reflect.ValueOf(innerBytes)) 740 return 741 } 742 newSlice, err1 := parseSequenceOf(innerBytes, sliceType, sliceType.Elem()) 743 if err1 == nil { 744 val.Set(newSlice) 745 } 746 err = err1 747 return 748 case reflect.String: 749 var v string 750 switch universalTag { 751 case tagPrintableString: 752 v, err = parsePrintableString(innerBytes) 753 case tagIA5String: 754 v, err = parseIA5String(innerBytes) 755 case tagT61String: 756 v, err = parseT61String(innerBytes) 757 case tagUTF8String: 758 v, err = parseUTF8String(innerBytes) 759 case tagGeneralString: 760 // GeneralString is specified in ISO-2022/ECMA-35, 761 // A brief review suggests that it includes structures 762 // that allow the encoding to change midstring and 763 // such. We give up and pass it as an 8-bit string. 764 v, err = parseT61String(innerBytes) 765 default: 766 err = SyntaxError{fmt.Sprintf("internal error: unknown string type %d", universalTag)} 767 } 768 if err == nil { 769 val.SetString(v) 770 } 771 return 772 } 773 err = StructuralError{"unsupported: " + v.Type().String()} 774 return 775} 776 777// setDefaultValue is used to install a default value, from a tag string, into 778// a Value. It is successful is the field was optional, even if a default value 779// wasn't provided or it failed to install it into the Value. 780func setDefaultValue(v reflect.Value, params fieldParameters) (ok bool) { 781 if !params.optional { 782 return 783 } 784 ok = true 785 if params.defaultValue == nil { 786 return 787 } 788 switch val := v; val.Kind() { 789 case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: 790 val.SetInt(*params.defaultValue) 791 } 792 return 793} 794 795// Unmarshal parses the DER-encoded ASN.1 data structure b 796// and uses the reflect package to fill in an arbitrary value pointed at by val. 797// Because Unmarshal uses the reflect package, the structs 798// being written to must use upper case field names. 799// 800// An ASN.1 INTEGER can be written to an int, int32, int64, 801// or *big.Int (from the math/big package). 802// If the encoded value does not fit in the Go type, 803// Unmarshal returns a parse error. 804// 805// An ASN.1 BIT STRING can be written to a BitString. 806// 807// An ASN.1 OCTET STRING can be written to a []byte. 808// 809// An ASN.1 OBJECT IDENTIFIER can be written to an 810// ObjectIdentifier. 811// 812// An ASN.1 ENUMERATED can be written to an Enumerated. 813// 814// An ASN.1 UTCTIME or GENERALIZEDTIME can be written to a time.Time. 815// 816// An ASN.1 PrintableString or IA5String can be written to a string. 817// 818// Any of the above ASN.1 values can be written to an interface{}. 819// The value stored in the interface has the corresponding Go type. 820// For integers, that type is int64. 821// 822// An ASN.1 SEQUENCE OF x or SET OF x can be written 823// to a slice if an x can be written to the slice's element type. 824// 825// An ASN.1 SEQUENCE or SET can be written to a struct 826// if each of the elements in the sequence can be 827// written to the corresponding element in the struct. 828// 829// The following tags on struct fields have special meaning to Unmarshal: 830// 831// optional marks the field as ASN.1 OPTIONAL 832// [explicit] tag:x specifies the ASN.1 tag number; implies ASN.1 CONTEXT SPECIFIC 833// default:x sets the default value for optional integer fields 834// 835// If the type of the first field of a structure is RawContent then the raw 836// ASN1 contents of the struct will be stored in it. 837// 838// Other ASN.1 types are not supported; if it encounters them, 839// Unmarshal returns a parse error. 840func Unmarshal(b []byte, val interface{}) (rest []byte, err error) { 841 return UnmarshalWithParams(b, val, "") 842} 843 844// UnmarshalWithParams allows field parameters to be specified for the 845// top-level element. The form of the params is the same as the field tags. 846func UnmarshalWithParams(b []byte, val interface{}, params string) (rest []byte, err error) { 847 v := reflect.ValueOf(val).Elem() 848 offset, err := parseField(v, b, 0, parseFieldParameters(params)) 849 if err != nil { 850 return nil, err 851 } 852 return b[offset:], nil 853} 854