1 /****************************************************************************
2 **
3 ** Copyright (C) 2018 Intel Corporation
4 **
5 ** Permission is hereby granted, free of charge, to any person obtaining a copy
6 ** of this software and associated documentation files (the "Software"), to deal
7 ** in the Software without restriction, including without limitation the rights
8 ** to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 ** copies of the Software, and to permit persons to whom the Software is
10 ** furnished to do so, subject to the following conditions:
11 **
12 ** The above copyright notice and this permission notice shall be included in
13 ** all copies or substantial portions of the Software.
14 **
15 ** THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 ** IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 ** FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 ** AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 ** LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 ** OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 ** THE SOFTWARE.
22 **
23 ****************************************************************************/
24
25 #ifndef _BSD_SOURCE
26 #define _BSD_SOURCE 1
27 #endif
28 #ifndef _DEFAULT_SOURCE
29 #define _DEFAULT_SOURCE 1
30 #endif
31 #ifndef __STDC_LIMIT_MACROS
32 # define __STDC_LIMIT_MACROS 1
33 #endif
34
35 #include "cbor.h"
36 #include "cborinternal_p.h"
37 #include "compilersupport_p.h"
38
39 #include <string.h>
40
41 /**
42 * \defgroup CborParsing Parsing CBOR streams
43 * \brief Group of functions used to parse CBOR streams.
44 *
45 * TinyCBOR provides functions for pull-based stream parsing of a CBOR-encoded
46 * payload. The main data type for the parsing is a CborValue, which behaves
47 * like an iterator and can be used to extract the encoded data. It is first
48 * initialized with a call to cbor_parser_init() and is usually used to extract
49 * exactly one item, most often an array or map.
50 *
51 * Nested CborValue objects can be parsed using cbor_value_enter_container().
52 * Each call to cbor_value_enter_container() must be matched by a call to
53 * cbor_value_leave_container(), with the exact same parameters.
54 *
55 * The example below initializes a CborParser object, begins the parsing with a
56 * CborValue and decodes a single integer:
57 *
58 * \code
59 * int extract_int(const uint8_t *buffer, size_t len)
60 * {
61 * CborParser parser;
62 * CborValue value;
63 * int result;
64 * cbor_parser_init(buffer, len, 0, &parser, &value);
65 * cbor_value_get_int(&value, &result);
66 * return result;
67 * }
68 * \endcode
69 *
70 * The code above does no error checking, which means it assumes the data comes
71 * from a source trusted to send one properly-encoded integer. The following
72 * example does the exact same operation, but includes error checking and
73 * returns 0 on parsing failure:
74 *
75 * \code
76 * int extract_int(const uint8_t *buffer, size_t len)
77 * {
78 * CborParser parser;
79 * CborValue value;
80 * int result;
81 * if (cbor_parser_init(buffer, len, 0, &parser, &value) != CborNoError)
82 * return 0;
83 * if (!cbor_value_is_integer(&value) ||
84 * cbor_value_get_int(&value, &result) != CborNoError)
85 * return 0;
86 * return result;
87 * }
88 * \endcode
89 *
90 * Note, in the example above, that one can't distinguish a parsing failure
91 * from an encoded value of zero. Reporting a parsing error is left as an
92 * exercise to the reader.
93 *
94 * The code above does not execute a range-check either: it is possible that
95 * the value decoded from the CBOR stream encodes a number larger than what can
96 * be represented in a variable of type \c{int}. If detecting that case is
97 * important, the code should call cbor_value_get_int_checked() instead.
98 *
99 * <h3 class="groupheader">Memory and parsing constraints</h3>
100 *
101 * TinyCBOR is designed to run with little memory and with minimal overhead.
102 * Except where otherwise noted, the parser functions always run on constant
103 * time (O(1)), do not recurse and never allocate memory (thus, stack usage is
104 * bounded and is O(1)).
105 *
106 * <h3 class="groupheader">Error handling and preconditions</h3>
107 *
108 * All functions operating on a CborValue return a CborError condition, with
109 * CborNoError standing for the normal situation in which no parsing error
110 * occurred. All functions may return parsing errors in case the stream cannot
111 * be decoded properly, be it due to corrupted data or due to reaching the end
112 * of the input buffer.
113 *
114 * Error conditions must not be ignored. All decoder functions have undefined
115 * behavior if called after an error has been reported, and may crash.
116 *
117 * Some functions are also documented to have preconditions, like
118 * cbor_value_get_int() requiring that the input be an integral value.
119 * Violation of preconditions also results in undefined behavior and the
120 * program may crash.
121 */
122
123 /**
124 * \addtogroup CborParsing
125 * @{
126 */
127
128 /**
129 * \struct CborValue
130 *
131 * This type contains one value parsed from the CBOR stream. Each CborValue
132 * behaves as an iterator in a StAX-style parser.
133 *
134 * \if privatedocs
135 * Implementation details: the CborValue contains these fields:
136 * \list
137 * \li ptr: pointer to the actual data
138 * \li flags: flags from the decoder
139 * \li extra: partially decoded integer value (0, 1 or 2 bytes)
140 * \li remaining: remaining items in this collection after this item or UINT32_MAX if length is unknown
141 * \endlist
142 * \endif
143 */
144
extract_number_and_advance(CborValue * it)145 static uint64_t extract_number_and_advance(CborValue *it)
146 {
147 /* This function is only called after we've verified that the number
148 * here is valid, so we can just use _cbor_value_extract_int64_helper. */
149 uint8_t descriptor;
150 uint64_t v = _cbor_value_extract_int64_helper(it);
151
152 read_bytes_unchecked(it, &descriptor, 0, 1);
153 descriptor &= SmallValueMask;
154
155 size_t bytesNeeded = descriptor < Value8Bit ? 0 : (1 << (descriptor - Value8Bit));
156 advance_bytes(it, bytesNeeded + 1);
157
158 return v;
159 }
160
is_fixed_type(uint8_t type)161 static bool is_fixed_type(uint8_t type)
162 {
163 return type != CborTextStringType && type != CborByteStringType && type != CborArrayType &&
164 type != CborMapType;
165 }
166
preparse_value(CborValue * it)167 static CborError preparse_value(CborValue *it)
168 {
169 enum {
170 /* flags to keep */
171 FlagsToKeep = CborIteratorFlag_ContainerIsMap | CborIteratorFlag_NextIsMapKey
172 };
173 uint8_t descriptor;
174
175 /* are we at the end? */
176 it->type = CborInvalidType;
177 it->flags &= FlagsToKeep;
178 if (!read_bytes(it, &descriptor, 0, 1))
179 return CborErrorUnexpectedEOF;
180
181 uint8_t type = descriptor & MajorTypeMask;
182 it->type = type;
183 it->extra = (descriptor &= SmallValueMask);
184
185 if (descriptor > Value64Bit) {
186 if (unlikely(descriptor != IndefiniteLength))
187 return type == CborSimpleType ? CborErrorUnknownType : CborErrorIllegalNumber;
188 if (likely(!is_fixed_type(type))) {
189 /* special case */
190 it->flags |= CborIteratorFlag_UnknownLength;
191 it->type = type;
192 return CborNoError;
193 }
194 return type == CborSimpleType ? CborErrorUnexpectedBreak : CborErrorIllegalNumber;
195 }
196
197 size_t bytesNeeded = descriptor < Value8Bit ? 0 : (1 << (descriptor - Value8Bit));
198
199 if (bytesNeeded) {
200 if (!can_read_bytes(it, bytesNeeded + 1))
201 return CborErrorUnexpectedEOF;
202
203 it->extra = 0;
204
205 /* read up to 16 bits into it->extra */
206 if (bytesNeeded == 1) {
207 uint8_t extra;
208 read_bytes_unchecked(it, &extra, 1, bytesNeeded);
209 it->extra = extra;
210 } else if (bytesNeeded == 2) {
211 read_bytes_unchecked(it, &it->extra, 1, bytesNeeded);
212 it->extra = cbor_ntohs(it->extra);
213 } else {
214 cbor_static_assert(CborIteratorFlag_IntegerValueTooLarge == (Value32Bit & 3));
215 cbor_static_assert((CborIteratorFlag_IntegerValueIs64Bit |
216 CborIteratorFlag_IntegerValueTooLarge) == (Value64Bit & 3));
217 it->flags |= (descriptor & 3);
218 }
219 }
220
221 uint8_t majortype = type >> MajorTypeShift;
222 if (majortype == NegativeIntegerType) {
223 it->flags |= CborIteratorFlag_NegativeInteger;
224 it->type = CborIntegerType;
225 } else if (majortype == SimpleTypesType) {
226 switch (descriptor) {
227 case FalseValue:
228 it->extra = false;
229 it->type = CborBooleanType;
230 break;
231
232 case SinglePrecisionFloat:
233 case DoublePrecisionFloat:
234 it->flags |= CborIteratorFlag_IntegerValueTooLarge;
235 /* fall through */
236 case TrueValue:
237 case NullValue:
238 case UndefinedValue:
239 case HalfPrecisionFloat:
240 read_bytes_unchecked(it, &it->type, 0, 1);
241 break;
242
243 case SimpleTypeInNextByte:
244 #ifndef CBOR_PARSER_NO_STRICT_CHECKS
245 if (unlikely(it->extra < 32)) {
246 it->type = CborInvalidType;
247 return CborErrorIllegalSimpleType;
248 }
249 #endif
250 break;
251
252 case 28:
253 case 29:
254 case 30:
255 case Break:
256 cbor_assert(false); /* these conditions can't be reached */
257 return CborErrorUnexpectedBreak;
258 }
259 }
260
261 return CborNoError;
262 }
263
preparse_next_value_nodecrement(CborValue * it)264 static CborError preparse_next_value_nodecrement(CborValue *it)
265 {
266 uint8_t byte;
267 if (it->remaining == UINT32_MAX && read_bytes(it, &byte, 0, 1) && byte == (uint8_t)BreakByte) {
268 /* end of map or array */
269 if ((it->flags & CborIteratorFlag_ContainerIsMap && it->flags & CborIteratorFlag_NextIsMapKey)
270 || it->type == CborTagType) {
271 /* but we weren't expecting it! */
272 return CborErrorUnexpectedBreak;
273 }
274 it->type = CborInvalidType;
275 it->remaining = 0;
276 it->flags |= CborIteratorFlag_UnknownLength; /* leave_container must consume the Break */
277 return CborNoError;
278 }
279
280 return preparse_value(it);
281 }
282
preparse_next_value(CborValue * it)283 static CborError preparse_next_value(CborValue *it)
284 {
285 /* tags don't count towards item totals or whether we've successfully
286 * read a map's key or value */
287 bool itemCounts = it->type != CborTagType;
288
289 if (it->remaining != UINT32_MAX) {
290 if (itemCounts && --it->remaining == 0) {
291 it->type = CborInvalidType;
292 it->flags &= ~CborIteratorFlag_UnknownLength; /* no Break to consume */
293 return CborNoError;
294 }
295 }
296 if (itemCounts) {
297 /* toggle the flag indicating whether this was a map key */
298 it->flags ^= CborIteratorFlag_NextIsMapKey;
299 }
300 return preparse_next_value_nodecrement(it);
301 }
302
advance_internal(CborValue * it)303 static CborError advance_internal(CborValue *it)
304 {
305 uint64_t length = extract_number_and_advance(it);
306
307 if (it->type == CborByteStringType || it->type == CborTextStringType) {
308 cbor_assert(length == (size_t)length);
309 cbor_assert((it->flags & CborIteratorFlag_UnknownLength) == 0);
310 advance_bytes(it, length);
311 }
312
313 return preparse_next_value(it);
314 }
315
316 /** \internal
317 *
318 * Decodes the CBOR integer value when it is larger than the 16 bits available
319 * in value->extra. This function requires that value->flags have the
320 * CborIteratorFlag_IntegerValueTooLarge flag set.
321 *
322 * This function is also used to extract single- and double-precision floating
323 * point values (SinglePrecisionFloat == Value32Bit and DoublePrecisionFloat ==
324 * Value64Bit).
325 */
_cbor_value_decode_int64_internal(const CborValue * value)326 uint64_t _cbor_value_decode_int64_internal(const CborValue *value)
327 {
328 cbor_assert(value->flags & CborIteratorFlag_IntegerValueTooLarge ||
329 value->type == CborFloatType || value->type == CborDoubleType);
330 if (value->flags & CborIteratorFlag_IntegerValueIs64Bit)
331 return read_uint64(value, 1);
332
333 return read_uint32(value, 1);
334 }
335
336 /**
337 * Initializes the CBOR parser for parsing \a size bytes beginning at \a
338 * buffer. Parsing will use flags set in \a flags. The iterator to the first
339 * element is returned in \a it.
340 *
341 * The \a parser structure needs to remain valid throughout the decoding
342 * process. It is not thread-safe to share one CborParser among multiple
343 * threads iterating at the same time, but the object can be copied so multiple
344 * threads can iterate.
345 */
cbor_parser_init(const uint8_t * buffer,size_t size,uint32_t flags,CborParser * parser,CborValue * it)346 CborError cbor_parser_init(const uint8_t *buffer, size_t size, uint32_t flags, CborParser *parser, CborValue *it)
347 {
348 memset(parser, 0, sizeof(*parser));
349 parser->source.end = buffer + size;
350 parser->flags = (enum CborParserGlobalFlags)flags;
351 it->parser = parser;
352 it->source.ptr = buffer;
353 it->remaining = 1; /* there's one type altogether, usually an array or map */
354 it->flags = 0;
355 return preparse_value(it);
356 }
357
cbor_parser_init_reader(const struct CborParserOperations * ops,CborParser * parser,CborValue * it,void * token)358 CborError cbor_parser_init_reader(const struct CborParserOperations *ops, CborParser *parser, CborValue *it, void *token)
359 {
360 memset(parser, 0, sizeof(*parser));
361 parser->source.ops = ops;
362 parser->flags = CborParserFlag_ExternalSource;
363 it->parser = parser;
364 it->source.token = token;
365 it->remaining = 1;
366 return preparse_value(it);
367 }
368
369 /**
370 * \fn bool cbor_value_at_end(const CborValue *it)
371 *
372 * Returns true if \a it has reached the end of the iteration, usually when
373 * advancing after the last item in an array or map.
374 *
375 * In the case of the outermost CborValue object, this function returns true
376 * after decoding a single element. A pointer to the first byte of the
377 * remaining data (if any) can be obtained with cbor_value_get_next_byte().
378 *
379 * \sa cbor_value_advance(), cbor_value_is_valid(), cbor_value_get_next_byte()
380 */
381
382 /**
383 * \fn const uint8_t *cbor_value_get_next_byte(const CborValue *it)
384 *
385 * Returns a pointer to the next byte that would be decoded if this CborValue
386 * object were advanced.
387 *
388 * This function is useful if cbor_value_at_end() returns true for the
389 * outermost CborValue: the pointer returned is the first byte of the data
390 * remaining in the buffer, if any. Code can decide whether to begin decoding a
391 * new CBOR data stream from this point, or parse some other data appended to
392 * the same buffer.
393 *
394 * This function may be used even after a parsing error. If that occurred,
395 * then this function returns a pointer to where the parsing error occurred.
396 * Note that the error recovery is not precise and the pointer may not indicate
397 * the exact byte containing bad data.
398 *
399 * This function makes sense only when using a linear buffer (that is, when the
400 * parser is initialize by cbor_parser_init()). If using an external source,
401 * this function may return garbage; instead, consult the external source itself
402 * to find out more details about the presence of more data.
403 *
404 * \sa cbor_value_at_end()
405 */
406
cbor_value_reparse(CborValue * it)407 CborError cbor_value_reparse(CborValue *it)
408 {
409 if (it->flags & CborIteratorFlag_IteratingStringChunks)
410 return CborNoError;
411 return preparse_next_value_nodecrement(it);
412 }
413
414 /**
415 * \fn bool cbor_value_is_valid(const CborValue *it)
416 *
417 * Returns true if the iterator \a it contains a valid value. Invalid iterators
418 * happen when iteration reaches the end of a container (see \ref
419 * cbor_value_at_end()) or when a search function resulted in no matches.
420 *
421 * \sa cbor_value_advance(), cbor_value_at_end(), cbor_value_get_type()
422 */
423
424 /**
425 * Performs a basic validation of the CBOR stream pointed by \a it and returns
426 * the error it found. If no error was found, it returns CborNoError and the
427 * application can iterate over the items with certainty that no other errors
428 * will appear during parsing.
429 *
430 * A basic validation checks for:
431 * \list
432 * \li absence of undefined additional information bytes;
433 * \li well-formedness of all numbers, lengths, and simple values;
434 * \li string contents match reported sizes;
435 * \li arrays and maps contain the number of elements they are reported to have;
436 * \endlist
437 *
438 * For further checks, see cbor_value_validate().
439 *
440 * This function has the same timing and memory requirements as
441 * cbor_value_advance().
442 *
443 * \sa cbor_value_validate(), cbor_value_advance()
444 */
cbor_value_validate_basic(const CborValue * it)445 CborError cbor_value_validate_basic(const CborValue *it)
446 {
447 CborValue value = *it;
448 return cbor_value_advance(&value);
449 }
450
451 /**
452 * Advances the CBOR value \a it by one fixed-size position. Fixed-size types
453 * are: integers, tags, simple types (including boolean, null and undefined
454 * values) and floating point types.
455 *
456 * If the type is not of fixed size, this function has undefined behavior. Code
457 * must be sure that the current type is one of the fixed-size types before
458 * calling this function. This function is provided because it can guarantee
459 * that it runs in constant time (O(1)).
460 *
461 * If the caller is not able to determine whether the type is fixed or not, code
462 * can use the cbor_value_advance() function instead.
463 *
464 * \sa cbor_value_at_end(), cbor_value_advance(), cbor_value_enter_container(), cbor_value_leave_container()
465 */
cbor_value_advance_fixed(CborValue * it)466 CborError cbor_value_advance_fixed(CborValue *it)
467 {
468 cbor_assert(it->type != CborInvalidType);
469 cbor_assert(is_fixed_type(it->type));
470 if (!it->remaining)
471 return CborErrorAdvancePastEOF;
472 return advance_internal(it);
473 }
474
advance_recursive(CborValue * it,int nestingLevel)475 static CborError advance_recursive(CborValue *it, int nestingLevel)
476 {
477 CborError err;
478 CborValue recursed;
479
480 if (is_fixed_type(it->type))
481 return advance_internal(it);
482
483 if (!cbor_value_is_container(it)) {
484 size_t len = SIZE_MAX;
485 return _cbor_value_copy_string(it, NULL, &len, it);
486 }
487
488 /* map or array */
489 if (nestingLevel == 0)
490 return CborErrorNestingTooDeep;
491
492 err = cbor_value_enter_container(it, &recursed);
493 if (err)
494 return err;
495 while (!cbor_value_at_end(&recursed)) {
496 err = advance_recursive(&recursed, nestingLevel - 1);
497 if (err)
498 return err;
499 }
500 return cbor_value_leave_container(it, &recursed);
501 }
502
503
504 /**
505 * Advances the CBOR value \a it by one element, skipping over containers.
506 * Unlike cbor_value_advance_fixed(), this function can be called on a CBOR
507 * value of any type. However, if the type is a container (map or array) or a
508 * string with a chunked payload, this function will not run in constant time
509 * and will recurse into itself (it will run on O(n) time for the number of
510 * elements or chunks and will use O(n) memory for the number of nested
511 * containers).
512 *
513 * The number of recursions can be limited at compile time to avoid stack
514 * exhaustion in constrained systems.
515 *
516 * \sa cbor_value_at_end(), cbor_value_advance_fixed(), cbor_value_enter_container(), cbor_value_leave_container()
517 */
cbor_value_advance(CborValue * it)518 CborError cbor_value_advance(CborValue *it)
519 {
520 cbor_assert(it->type != CborInvalidType);
521 if (!it->remaining)
522 return CborErrorAdvancePastEOF;
523 return advance_recursive(it, CBOR_PARSER_MAX_RECURSIONS);
524 }
525
526 /**
527 * \fn bool cbor_value_is_tag(const CborValue *value)
528 *
529 * Returns true if the iterator \a value is valid and points to a CBOR tag.
530 *
531 * \sa cbor_value_get_tag(), cbor_value_skip_tag()
532 */
533
534 /**
535 * \fn CborError cbor_value_get_tag(const CborValue *value, CborTag *result)
536 *
537 * Retrieves the CBOR tag value that \a value points to and stores it in \a
538 * result. If the iterator \a value does not point to a CBOR tag value, the
539 * behavior is undefined, so checking with \ref cbor_value_get_type or with
540 * \ref cbor_value_is_tag is recommended.
541 *
542 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_tag()
543 */
544
545 /**
546 * Advances the CBOR value \a it until it no longer points to a tag. If \a it is
547 * already not pointing to a tag, then this function returns it unchanged.
548 *
549 * This function does not run in constant time: it will run on O(n) for n being
550 * the number of tags. It does use constant memory (O(1) memory requirements).
551 *
552 * \sa cbor_value_advance_fixed(), cbor_value_advance()
553 */
cbor_value_skip_tag(CborValue * it)554 CborError cbor_value_skip_tag(CborValue *it)
555 {
556 while (cbor_value_is_tag(it)) {
557 CborError err = cbor_value_advance_fixed(it);
558 if (err)
559 return err;
560 }
561 return CborNoError;
562 }
563
564 /**
565 * \fn bool cbor_value_is_container(const CborValue *it)
566 *
567 * Returns true if the \a it value is a container and requires recursion in
568 * order to decode (maps and arrays), false otherwise.
569 */
570
571 /**
572 * Creates a CborValue iterator pointing to the first element of the container
573 * represented by \a it and saves it in \a recursed. The \a it container object
574 * needs to be kept and passed again to cbor_value_leave_container() in order
575 * to continue iterating past this container.
576 *
577 * The \a it CborValue iterator must point to a container.
578 *
579 * \sa cbor_value_is_container(), cbor_value_leave_container(), cbor_value_advance()
580 */
cbor_value_enter_container(const CborValue * it,CborValue * recursed)581 CborError cbor_value_enter_container(const CborValue *it, CborValue *recursed)
582 {
583 cbor_static_assert(CborIteratorFlag_ContainerIsMap == (CborMapType & ~CborArrayType));
584 cbor_assert(cbor_value_is_container(it));
585 *recursed = *it;
586
587 if (it->flags & CborIteratorFlag_UnknownLength) {
588 recursed->remaining = UINT32_MAX;
589 advance_bytes(recursed, 1);
590 } else {
591 uint64_t len = extract_number_and_advance(recursed);
592
593 recursed->remaining = (uint32_t)len;
594 if (recursed->remaining != len || len == UINT32_MAX) {
595 /* back track the pointer to indicate where the error occurred */
596 copy_current_position(recursed, it);
597 return CborErrorDataTooLarge;
598 }
599 if (recursed->type == CborMapType) {
600 /* maps have keys and values, so we need to multiply by 2 */
601 if (recursed->remaining > UINT32_MAX / 2) {
602 /* back track the pointer to indicate where the error occurred */
603 copy_current_position(recursed, it);
604 return CborErrorDataTooLarge;
605 }
606 recursed->remaining *= 2;
607 }
608 if (len == 0) {
609 /* the case of the empty container */
610 recursed->type = CborInvalidType;
611 return CborNoError;
612 }
613 }
614 recursed->flags = (recursed->type & CborIteratorFlag_ContainerIsMap);
615 return preparse_next_value_nodecrement(recursed);
616 }
617
618 /**
619 * Updates \a it to point to the next element after the container. The \a
620 * recursed object needs to point to the element obtained either by advancing
621 * the last element of the container (via cbor_value_advance(),
622 * cbor_value_advance_fixed(), a nested cbor_value_leave_container(), or the \c
623 * next pointer from cbor_value_copy_string() or cbor_value_dup_string()).
624 *
625 * The \a it and \a recursed parameters must be the exact same as passed to
626 * cbor_value_enter_container().
627 *
628 * \sa cbor_value_enter_container(), cbor_value_at_end()
629 */
cbor_value_leave_container(CborValue * it,const CborValue * recursed)630 CborError cbor_value_leave_container(CborValue *it, const CborValue *recursed)
631 {
632 cbor_assert(cbor_value_is_container(it));
633 cbor_assert(recursed->type == CborInvalidType);
634
635 copy_current_position(it, recursed);
636 if (recursed->flags & CborIteratorFlag_UnknownLength)
637 advance_bytes(it, 1);
638 return preparse_next_value(it);
639 }
640
641
642 /**
643 * \fn CborType cbor_value_get_type(const CborValue *value)
644 *
645 * Returns the type of the CBOR value that the iterator \a value points to. If
646 * \a value does not point to a valid value, this function returns \ref
647 * CborInvalidType.
648 *
649 * TinyCBOR also provides functions to test directly if a given CborValue object
650 * is of a given type, like cbor_value_is_text_string() and cbor_value_is_null().
651 *
652 * \sa cbor_value_is_valid()
653 */
654
655 /**
656 * \fn bool cbor_value_is_null(const CborValue *value)
657 *
658 * Returns true if the iterator \a value is valid and points to a CBOR null type.
659 *
660 * \sa cbor_value_is_valid(), cbor_value_is_undefined()
661 */
662
663 /**
664 * \fn bool cbor_value_is_undefined(const CborValue *value)
665 *
666 * Returns true if the iterator \a value is valid and points to a CBOR undefined type.
667 *
668 * \sa cbor_value_is_valid(), cbor_value_is_null()
669 */
670
671 /**
672 * \fn bool cbor_value_is_boolean(const CborValue *value)
673 *
674 * Returns true if the iterator \a value is valid and points to a CBOR boolean
675 * type (true or false).
676 *
677 * \sa cbor_value_is_valid(), cbor_value_get_boolean()
678 */
679
680 /**
681 * \fn CborError cbor_value_get_boolean(const CborValue *value, bool *result)
682 *
683 * Retrieves the boolean value that \a value points to and stores it in \a
684 * result. If the iterator \a value does not point to a boolean value, the
685 * behavior is undefined, so checking with \ref cbor_value_get_type or with
686 * \ref cbor_value_is_boolean is recommended.
687 *
688 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_boolean()
689 */
690
691 /**
692 * \fn bool cbor_value_is_simple_type(const CborValue *value)
693 *
694 * Returns true if the iterator \a value is valid and points to a CBOR Simple Type
695 * type (other than true, false, null and undefined).
696 *
697 * \sa cbor_value_is_valid(), cbor_value_get_simple_type()
698 */
699
700 /**
701 * \fn CborError cbor_value_get_simple_type(const CborValue *value, uint8_t *result)
702 *
703 * Retrieves the CBOR Simple Type value that \a value points to and stores it
704 * in \a result. If the iterator \a value does not point to a simple_type
705 * value, the behavior is undefined, so checking with \ref cbor_value_get_type
706 * or with \ref cbor_value_is_simple_type is recommended.
707 *
708 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_simple_type()
709 */
710
711 /**
712 * \fn bool cbor_value_is_integer(const CborValue *value)
713 *
714 * Returns true if the iterator \a value is valid and points to a CBOR integer
715 * type.
716 *
717 * \sa cbor_value_is_valid(), cbor_value_get_int, cbor_value_get_int64, cbor_value_get_uint64, cbor_value_get_raw_integer
718 */
719
720 /**
721 * \fn bool cbor_value_is_unsigned_integer(const CborValue *value)
722 *
723 * Returns true if the iterator \a value is valid and points to a CBOR unsigned
724 * integer type (positive values or zero).
725 *
726 * \sa cbor_value_is_valid(), cbor_value_get_uint64()
727 */
728
729 /**
730 * \fn bool cbor_value_is_negative_integer(const CborValue *value)
731 *
732 * Returns true if the iterator \a value is valid and points to a CBOR negative
733 * integer type.
734 *
735 * \sa cbor_value_is_valid(), cbor_value_get_int, cbor_value_get_int64, cbor_value_get_raw_integer
736 */
737
738 /**
739 * \fn CborError cbor_value_get_int(const CborValue *value, int *result)
740 *
741 * Retrieves the CBOR integer value that \a value points to and stores it in \a
742 * result. If the iterator \a value does not point to an integer value, the
743 * behavior is undefined, so checking with \ref cbor_value_get_type or with
744 * \ref cbor_value_is_integer is recommended.
745 *
746 * Note that this function does not do range-checking: integral values that do
747 * not fit in a variable of type \c{int} are silently truncated to fit. Use
748 * cbor_value_get_int_checked() if that is not acceptable.
749 *
750 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_integer()
751 */
752
753 /**
754 * \fn CborError cbor_value_get_int64(const CborValue *value, int64_t *result)
755 *
756 * Retrieves the CBOR integer value that \a value points to and stores it in \a
757 * result. If the iterator \a value does not point to an integer value, the
758 * behavior is undefined, so checking with \ref cbor_value_get_type or with
759 * \ref cbor_value_is_integer is recommended.
760 *
761 * Note that this function does not do range-checking: integral values that do
762 * not fit in a variable of type \c{int64_t} are silently truncated to fit. Use
763 * cbor_value_get_int64_checked() that is not acceptable.
764 *
765 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_integer()
766 */
767
768 /**
769 * \fn CborError cbor_value_get_uint64(const CborValue *value, uint64_t *result)
770 *
771 * Retrieves the CBOR integer value that \a value points to and stores it in \a
772 * result. If the iterator \a value does not point to an unsigned integer
773 * value, the behavior is undefined, so checking with \ref cbor_value_get_type
774 * or with \ref cbor_value_is_unsigned_integer is recommended.
775 *
776 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_unsigned_integer()
777 */
778
779 /**
780 * \fn CborError cbor_value_get_raw_integer(const CborValue *value, uint64_t *result)
781 *
782 * Retrieves the CBOR integer value that \a value points to and stores it in \a
783 * result. If the iterator \a value does not point to an integer value, the
784 * behavior is undefined, so checking with \ref cbor_value_get_type or with
785 * \ref cbor_value_is_integer is recommended.
786 *
787 * This function is provided because CBOR negative integers can assume values
788 * that cannot be represented with normal 64-bit integer variables.
789 *
790 * If the integer is unsigned (that is, if cbor_value_is_unsigned_integer()
791 * returns true), then \a result will contain the actual value. If the integer
792 * is negative, then \a result will contain the absolute value of that integer,
793 * minus one. That is, \c {actual = -result - 1}. On architectures using two's
794 * complement for representation of negative integers, it is equivalent to say
795 * that \a result will contain the bitwise negation of the actual value.
796 *
797 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_integer()
798 */
799
800 /**
801 * Retrieves the CBOR integer value that \a value points to and stores it in \a
802 * result. If the iterator \a value does not point to an integer value, the
803 * behavior is undefined, so checking with \ref cbor_value_get_type or with
804 * \ref cbor_value_is_integer is recommended.
805 *
806 * Unlike \ref cbor_value_get_int64(), this function performs a check to see if the
807 * stored integer fits in \a result without data loss. If the number is outside
808 * the valid range for the data type, this function returns the recoverable
809 * error CborErrorDataTooLarge. In that case, use either
810 * cbor_value_get_uint64() (if the number is positive) or
811 * cbor_value_get_raw_integer().
812 *
813 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_integer(), cbor_value_get_int64()
814 */
cbor_value_get_int64_checked(const CborValue * value,int64_t * result)815 CborError cbor_value_get_int64_checked(const CborValue *value, int64_t *result)
816 {
817 uint64_t v;
818 cbor_assert(cbor_value_is_integer(value));
819 v = _cbor_value_extract_int64_helper(value);
820
821 /* Check before converting, as the standard says (C11 6.3.1.3 paragraph 3):
822 * "[if] the new type is signed and the value cannot be represented in it; either the
823 * result is implementation-defined or an implementation-defined signal is raised."
824 *
825 * The range for int64_t is -2^63 to 2^63-1 (int64_t is required to be
826 * two's complement, C11 7.20.1.1 paragraph 3), which in CBOR is
827 * represented the same way, differing only on the "sign bit" (the major
828 * type).
829 */
830
831 if (unlikely(v > (uint64_t)INT64_MAX))
832 return CborErrorDataTooLarge;
833
834 *result = v;
835 if (value->flags & CborIteratorFlag_NegativeInteger)
836 *result = -*result - 1;
837 return CborNoError;
838 }
839
840 /**
841 * Retrieves the CBOR integer value that \a value points to and stores it in \a
842 * result. If the iterator \a value does not point to an integer value, the
843 * behavior is undefined, so checking with \ref cbor_value_get_type or with
844 * \ref cbor_value_is_integer is recommended.
845 *
846 * Unlike \ref cbor_value_get_int(), this function performs a check to see if the
847 * stored integer fits in \a result without data loss. If the number is outside
848 * the valid range for the data type, this function returns the recoverable
849 * error CborErrorDataTooLarge. In that case, use one of the other integer
850 * functions to obtain the value.
851 *
852 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_integer(), cbor_value_get_int64(),
853 * cbor_value_get_uint64(), cbor_value_get_int64_checked(), cbor_value_get_raw_integer()
854 */
cbor_value_get_int_checked(const CborValue * value,int * result)855 CborError cbor_value_get_int_checked(const CborValue *value, int *result)
856 {
857 uint64_t v;
858 cbor_assert(cbor_value_is_integer(value));
859 v = _cbor_value_extract_int64_helper(value);
860
861 /* Check before converting, as the standard says (C11 6.3.1.3 paragraph 3):
862 * "[if] the new type is signed and the value cannot be represented in it; either the
863 * result is implementation-defined or an implementation-defined signal is raised."
864 *
865 * But we can convert from signed to unsigned without fault (paragraph 2).
866 *
867 * The range for int is implementation-defined and int is not guaranteed to use
868 * two's complement representation (although int32_t is).
869 */
870
871 if (value->flags & CborIteratorFlag_NegativeInteger) {
872 if (unlikely(v > (unsigned) -(INT_MIN + 1)))
873 return CborErrorDataTooLarge;
874
875 *result = (int)v;
876 *result = -*result - 1;
877 } else {
878 if (unlikely(v > (uint64_t)INT_MAX))
879 return CborErrorDataTooLarge;
880
881 *result = (int)v;
882 }
883 return CborNoError;
884
885 }
886
887 /**
888 * \fn bool cbor_value_is_length_known(const CborValue *value)
889 *
890 * Returns true if the length of this type is known without calculation. That
891 * is, if the length of this CBOR string, map or array is encoded in the data
892 * stream, this function returns true. If the length is not encoded, it returns
893 * false.
894 *
895 * If the length is known, code can call cbor_value_get_string_length(),
896 * cbor_value_get_array_length() or cbor_value_get_map_length() to obtain the
897 * length. If the length is not known but is necessary, code can use the
898 * cbor_value_calculate_string_length() function (no equivalent function is
899 * provided for maps and arrays).
900 */
901
902 /**
903 * \fn bool cbor_value_is_text_string(const CborValue *value)
904 *
905 * Returns true if the iterator \a value is valid and points to a CBOR text
906 * string. CBOR text strings are UTF-8 encoded and usually contain
907 * human-readable text.
908 *
909 * \sa cbor_value_is_valid(), cbor_value_get_string_length(), cbor_value_calculate_string_length(),
910 * cbor_value_copy_text_string(), cbor_value_dup_text_string()
911 */
912
913 /**
914 * \fn bool cbor_value_is_byte_string(const CborValue *value)
915 *
916 * Returns true if the iterator \a value is valid and points to a CBOR text
917 * string. CBOR byte strings are binary data with no specified encoding or
918 * format.
919 *
920 * \sa cbor_value_is_valid(), cbor_value_get_string_length(), cbor_value_calculate_string_length(),
921 * cbor_value_copy_byte_string(), cbor_value_dup_byte_string()
922 */
923
924 /**
925 * \fn CborError cbor_value_get_string_length(const CborValue *value, size_t *length)
926 *
927 * Extracts the length of the byte or text string that \a value points to and
928 * stores it in \a result. If the iterator \a value does not point to a text
929 * string or a byte string, the behaviour is undefined, so checking with \ref
930 * cbor_value_get_type, with \ref cbor_value_is_text_string or \ref
931 * cbor_value_is_byte_string is recommended.
932 *
933 * If the length of this string is not encoded in the CBOR data stream, this
934 * function will return the recoverable error CborErrorUnknownLength. You may
935 * also check whether that is the case by using cbor_value_is_length_known().
936 *
937 * If the length of the string is required but the length was not encoded, use
938 * cbor_value_calculate_string_length(), but note that that function does not
939 * run in constant time.
940 *
941 * \note On 32-bit platforms, this function will return error condition of \ref
942 * CborErrorDataTooLarge if the stream indicates a length that is too big to
943 * fit in 32-bit.
944 *
945 * \sa cbor_value_is_valid(), cbor_value_is_length_known(), cbor_value_calculate_string_length()
946 */
947
948 /**
949 * Calculates the length of the byte or text string that \a value points to and
950 * stores it in \a len. If the iterator \a value does not point to a text
951 * string or a byte string, the behaviour is undefined, so checking with \ref
952 * cbor_value_get_type, with \ref cbor_value_is_text_string or \ref
953 * cbor_value_is_byte_string is recommended.
954 *
955 * This function is different from cbor_value_get_string_length() in that it
956 * calculates the length even for strings sent in chunks. For that reason, this
957 * function may not run in constant time (it will run in O(n) time on the
958 * number of chunks). It does use constant memory (O(1)).
959 *
960 * \note On 32-bit platforms, this function will return error condition of \ref
961 * CborErrorDataTooLarge if the stream indicates a length that is too big to
962 * fit in 32-bit.
963 *
964 * \sa cbor_value_get_string_length(), cbor_value_copy_text_string(), cbor_value_copy_byte_string(), cbor_value_is_length_known()
965 */
cbor_value_calculate_string_length(const CborValue * value,size_t * len)966 CborError cbor_value_calculate_string_length(const CborValue *value, size_t *len)
967 {
968 *len = SIZE_MAX;
969 return _cbor_value_copy_string(value, NULL, len, NULL);
970 }
971
_cbor_value_begin_string_iteration(CborValue * it)972 CborError _cbor_value_begin_string_iteration(CborValue *it)
973 {
974 it->flags |= CborIteratorFlag_IteratingStringChunks |
975 CborIteratorFlag_BeforeFirstStringChunk;
976 if (!cbor_value_is_length_known(it)) {
977 /* chunked string: we're before the first chunk;
978 * advance to the first chunk */
979 advance_bytes(it, 1);
980 }
981
982 return CborNoError;
983 }
984
_cbor_value_finish_string_iteration(CborValue * it)985 CborError _cbor_value_finish_string_iteration(CborValue *it)
986 {
987 if (!cbor_value_is_length_known(it))
988 advance_bytes(it, 1); /* skip the Break */
989
990 return preparse_next_value(it);
991 }
992
get_string_chunk_size(const CborValue * it,size_t * offset,size_t * len)993 static CborError get_string_chunk_size(const CborValue *it, size_t *offset, size_t *len)
994 {
995 uint8_t descriptor;
996 size_t bytesNeeded = 1;
997
998 if (cbor_value_is_length_known(it) && (it->flags & CborIteratorFlag_BeforeFirstStringChunk) == 0)
999 return CborErrorNoMoreStringChunks;
1000
1001 /* are we at the end? */
1002 if (!read_bytes(it, &descriptor, 0, 1))
1003 return CborErrorUnexpectedEOF;
1004
1005 if (descriptor == BreakByte)
1006 return CborErrorNoMoreStringChunks;
1007 if ((descriptor & MajorTypeMask) != it->type)
1008 return CborErrorIllegalType;
1009
1010 /* find the string length */
1011 descriptor &= SmallValueMask;
1012 if (descriptor < Value8Bit) {
1013 *len = descriptor;
1014 } else if (unlikely(descriptor > Value64Bit)) {
1015 return CborErrorIllegalNumber;
1016 } else {
1017 uint64_t val;
1018 bytesNeeded = (size_t)(1 << (descriptor - Value8Bit));
1019 if (!can_read_bytes(it, 1 + bytesNeeded))
1020 return CborErrorUnexpectedEOF;
1021
1022 if (descriptor <= Value16Bit) {
1023 if (descriptor == Value16Bit)
1024 val = read_uint16(it, 1);
1025 else
1026 val = read_uint8(it, 1);
1027 } else {
1028 if (descriptor == Value32Bit)
1029 val = read_uint32(it, 1);
1030 else
1031 val = read_uint64(it, 1);
1032 }
1033
1034 *len = val;
1035 if (*len != val)
1036 return CborErrorDataTooLarge;
1037
1038 ++bytesNeeded;
1039 }
1040
1041 *offset = bytesNeeded;
1042 return CborNoError;
1043 }
1044
_cbor_value_get_string_chunk_size(const CborValue * value,size_t * len)1045 CborError _cbor_value_get_string_chunk_size(const CborValue *value, size_t *len)
1046 {
1047 size_t offset;
1048 return get_string_chunk_size(value, &offset, len);
1049 }
1050
get_string_chunk(CborValue * it,const void ** bufferptr,size_t * len)1051 static CborError get_string_chunk(CborValue *it, const void **bufferptr, size_t *len)
1052 {
1053 size_t offset;
1054 CborError err = get_string_chunk_size(it, &offset, len);
1055 if (err)
1056 return err;
1057
1058 /* we're good, transfer the string now */
1059 err = transfer_string(it, bufferptr, offset, *len);
1060 if (err)
1061 return err;
1062
1063 /* we've iterated at least once */
1064 it->flags &= ~CborIteratorFlag_BeforeFirstStringChunk;
1065 return CborNoError;
1066 }
1067
1068 /**
1069 * \fn CborError cbor_value_get_text_string_chunk(const CborValue *value, const char **bufferptr, size_t *len, CborValue *next)
1070 *
1071 * Extracts one text string chunk pointed to by \a value and stores a pointer
1072 * to the data in \a buffer and the size in \a len, which must not be null. If
1073 * no more chunks are available, then \a bufferptr will be set to null. This
1074 * function may be used to iterate over any string without causing its contents
1075 * to be copied to a separate buffer, like the convenience function
1076 * cbor_value_copy_text_string() does.
1077 *
1078 * It is designed to be used in code like:
1079 *
1080 * \code
1081 * if (cbor_value_is_text_string(value)) {
1082 * char *ptr;
1083 * size_t len;
1084 * while (1) {
1085 * err = cbor_value_get_text_string_chunk(value, &ptr, &len, &value));
1086 * if (err) return err;
1087 * if (ptr == NULL) return CborNoError;
1088 * consume(ptr, len);
1089 * }
1090 * }
1091 * \endcode
1092 *
1093 * If the iterator \a value does not point to a text string, the behaviour is
1094 * undefined, so checking with \ref cbor_value_get_type or \ref
1095 * cbor_value_is_text_string is recommended.
1096 *
1097 * The \a next pointer, if not null, will be updated to point to the next item
1098 * after this string. During iteration, the pointer must only be passed back
1099 * again to this function; passing it to any other function in this library
1100 * results in undefined behavior. If there are no more chunks to be read from
1101 * \a value, then \a next will be set to the next item after this string; if \a
1102 * value points to the last item, then \a next will be invalid.
1103 *
1104 * \note This function does not perform UTF-8 validation on the incoming text
1105 * string.
1106 *
1107 * \sa cbor_value_dup_text_string(), cbor_value_copy_text_string(), cbor_value_caculate_string_length(), cbor_value_get_byte_string_chunk()
1108 */
1109
1110 /**
1111 * \fn CborError cbor_value_get_byte_string_chunk(const CborValue *value, const char **bufferptr, size_t *len, CborValue *next)
1112 *
1113 * Extracts one byte string chunk pointed to by \a value and stores a pointer
1114 * to the data in \a buffer and the size in \a len, which must not be null. If
1115 * no more chunks are available, then \a bufferptr will be set to null. This
1116 * function may be used to iterate over any string without causing its contents
1117 * to be copied to a separate buffer, like the convenience function
1118 * cbor_value_copy_byte_string() does.
1119 *
1120 * It is designed to be used in code like:
1121 *
1122 * \code
1123 * if (cbor_value_is_byte_string(value)) {
1124 * char *ptr;
1125 * size_t len;
1126 * while (1) {
1127 * err = cbor_value_get_byte_string_chunk(value, &ptr, &len, &value));
1128 * if (err) return err;
1129 * if (ptr == NULL) return CborNoError;
1130 * consume(ptr, len);
1131 * }
1132 * }
1133 * \endcode
1134 *
1135 * If the iterator \a value does not point to a byte string, the behaviour is
1136 * undefined, so checking with \ref cbor_value_get_type or \ref
1137 * cbor_value_is_byte_string is recommended.
1138 *
1139 * The \a next pointer, if not null, will be updated to point to the next item
1140 * after this string. During iteration, the pointer must only be passed back
1141 * again to this function; passing it to any other function in this library
1142 * results in undefined behavior. If there are no more chunks to be read from
1143 * \a value, then \a next will be set to the next item after this string; if \a
1144 * value points to the last item, then \a next will be invalid.
1145 *
1146 * \sa cbor_value_dup_byte_string(), cbor_value_copy_byte_string(), cbor_value_caculate_string_length(), cbor_value_get_text_string_chunk()
1147 */
1148
_cbor_value_get_string_chunk(const CborValue * value,const void ** bufferptr,size_t * len,CborValue * next)1149 CborError _cbor_value_get_string_chunk(const CborValue *value, const void **bufferptr,
1150 size_t *len, CborValue *next)
1151 {
1152 CborValue tmp;
1153 if (!next)
1154 next = &tmp;
1155 *next = *value;
1156 return get_string_chunk(next, bufferptr, len);
1157 }
1158
1159 /* We return uintptr_t so that we can pass memcpy directly as the iteration
1160 * function. The choice is to optimize for memcpy, which is used in the base
1161 * parser API (cbor_value_copy_string), while memcmp is used in convenience API
1162 * only. */
1163 typedef uintptr_t (*IterateFunction)(char *, const uint8_t *, size_t);
1164
iterate_noop(char * dest,const uint8_t * src,size_t len)1165 static uintptr_t iterate_noop(char *dest, const uint8_t *src, size_t len)
1166 {
1167 (void)dest;
1168 (void)src;
1169 (void)len;
1170 return true;
1171 }
1172
iterate_memcmp(char * s1,const uint8_t * s2,size_t len)1173 static uintptr_t iterate_memcmp(char *s1, const uint8_t *s2, size_t len)
1174 {
1175 return memcmp(s1, (const char *)s2, len) == 0;
1176 }
1177
iterate_memcpy(char * dest,const uint8_t * src,size_t len)1178 static uintptr_t iterate_memcpy(char *dest, const uint8_t *src, size_t len)
1179 {
1180 return (uintptr_t)memcpy(dest, src, len);
1181 }
1182
iterate_string_chunks(const CborValue * value,char * buffer,size_t * buflen,bool * result,CborValue * next,IterateFunction func)1183 static CborError iterate_string_chunks(const CborValue *value, char *buffer, size_t *buflen,
1184 bool *result, CborValue *next, IterateFunction func)
1185 {
1186 CborError err;
1187 CborValue tmp;
1188 size_t total = 0;
1189 const void *ptr;
1190
1191 cbor_assert(cbor_value_is_byte_string(value) || cbor_value_is_text_string(value));
1192 if (!next)
1193 next = &tmp;
1194 *next = *value;
1195 *result = true;
1196
1197 err = _cbor_value_begin_string_iteration(next);
1198 if (err)
1199 return err;
1200
1201 while (1) {
1202 size_t newTotal;
1203 size_t chunkLen;
1204 err = get_string_chunk(next, &ptr, &chunkLen);
1205 if (err == CborErrorNoMoreStringChunks)
1206 break;
1207 if (err)
1208 return err;
1209
1210 if (unlikely(add_check_overflow(total, chunkLen, &newTotal)))
1211 return CborErrorDataTooLarge;
1212
1213 if (*result && *buflen >= newTotal)
1214 *result = !!func(buffer + total, (const uint8_t *)ptr, chunkLen);
1215 else
1216 *result = false;
1217
1218 total = newTotal;
1219 }
1220
1221 /* is there enough room for the ending NUL byte? */
1222 if (*result && *buflen > total) {
1223 uint8_t nul[] = { 0 };
1224 *result = !!func(buffer + total, nul, 1);
1225 }
1226 *buflen = total;
1227 return _cbor_value_finish_string_iteration(next);
1228 }
1229
1230 /**
1231 * \fn CborError cbor_value_copy_text_string(const CborValue *value, char *buffer, size_t *buflen, CborValue *next)
1232 *
1233 * Copies the string pointed to by \a value into the buffer provided at \a buffer
1234 * of \a buflen bytes. If \a buffer is a NULL pointer, this function will not
1235 * copy anything and will only update the \a next value.
1236 *
1237 * If the iterator \a value does not point to a text string, the behaviour is
1238 * undefined, so checking with \ref cbor_value_get_type or \ref
1239 * cbor_value_is_text_string is recommended.
1240 *
1241 * If the provided buffer length was too small, this function returns an error
1242 * condition of \ref CborErrorOutOfMemory. If you need to calculate the length
1243 * of the string in order to preallocate a buffer, use
1244 * cbor_value_calculate_string_length().
1245 *
1246 * On success, this function sets the number of bytes copied to \c{*buflen}. If
1247 * the buffer is large enough, this function will insert a null byte after the
1248 * last copied byte, to facilitate manipulation of text strings. That byte is
1249 * not included in the returned value of \c{*buflen}. If there was no space for
1250 * the terminating null, no error is returned, so callers must check the value
1251 * of *buflen after the call, before relying on the '\0'; if it has not been
1252 * changed by the call, there is no '\0'-termination on the buffer's contents.
1253 *
1254 * The \a next pointer, if not null, will be updated to point to the next item
1255 * after this string. If \a value points to the last item, then \a next will be
1256 * invalid.
1257 *
1258 * This function may not run in constant time (it will run in O(n) time on the
1259 * number of chunks). It requires constant memory (O(1)).
1260 *
1261 * \note This function does not perform UTF-8 validation on the incoming text
1262 * string.
1263 *
1264 * \sa cbor_value_get_text_string_chunk() cbor_value_dup_text_string(), cbor_value_copy_byte_string(), cbor_value_get_string_length(), cbor_value_calculate_string_length()
1265 */
1266
1267 /**
1268 * \fn CborError cbor_value_copy_byte_string(const CborValue *value, uint8_t *buffer, size_t *buflen, CborValue *next)
1269 *
1270 * Copies the string pointed by \a value into the buffer provided at \a buffer
1271 * of \a buflen bytes. If \a buffer is a NULL pointer, this function will not
1272 * copy anything and will only update the \a next value.
1273 *
1274 * If the iterator \a value does not point to a byte string, the behaviour is
1275 * undefined, so checking with \ref cbor_value_get_type or \ref
1276 * cbor_value_is_byte_string is recommended.
1277 *
1278 * If the provided buffer length was too small, this function returns an error
1279 * condition of \ref CborErrorOutOfMemory. If you need to calculate the length
1280 * of the string in order to preallocate a buffer, use
1281 * cbor_value_calculate_string_length().
1282 *
1283 * On success, this function sets the number of bytes copied to \c{*buflen}. If
1284 * the buffer is large enough, this function will insert a null byte after the
1285 * last copied byte, to facilitate manipulation of null-terminated strings.
1286 * That byte is not included in the returned value of \c{*buflen}.
1287 *
1288 * The \a next pointer, if not null, will be updated to point to the next item
1289 * after this string. If \a value points to the last item, then \a next will be
1290 * invalid.
1291 *
1292 * This function may not run in constant time (it will run in O(n) time on the
1293 * number of chunks). It requires constant memory (O(1)).
1294 *
1295 * \sa cbor_value_get_byte_string_chunk(), cbor_value_dup_text_string(), cbor_value_copy_text_string(), cbor_value_get_string_length(), cbor_value_calculate_string_length()
1296 */
1297
_cbor_value_copy_string(const CborValue * value,void * buffer,size_t * buflen,CborValue * next)1298 CborError _cbor_value_copy_string(const CborValue *value, void *buffer,
1299 size_t *buflen, CborValue *next)
1300 {
1301 bool copied_all;
1302 CborError err = iterate_string_chunks(value, (char*)buffer, buflen, &copied_all, next,
1303 buffer ? iterate_memcpy : iterate_noop);
1304 return err ? err :
1305 copied_all ? CborNoError : CborErrorOutOfMemory;
1306 }
1307
1308 /**
1309 * Compares the entry \a value with the string \a string and stores the result
1310 * in \a result. If the value is different from \a string \a result will
1311 * contain \c false.
1312 *
1313 * The entry at \a value may be a tagged string. If \a value is not a string or
1314 * a tagged string, the comparison result will be false.
1315 *
1316 * CBOR requires text strings to be encoded in UTF-8, but this function does
1317 * not validate either the strings in the stream or the string \a string to be
1318 * matched. Moreover, comparison is done on strict codepoint comparison,
1319 * without any Unicode normalization.
1320 *
1321 * This function may not run in constant time (it will run in O(n) time on the
1322 * number of chunks). It requires constant memory (O(1)).
1323 *
1324 * \sa cbor_value_skip_tag(), cbor_value_copy_text_string()
1325 */
cbor_value_text_string_equals(const CborValue * value,const char * string,bool * result)1326 CborError cbor_value_text_string_equals(const CborValue *value, const char *string, bool *result)
1327 {
1328 size_t len;
1329 CborValue copy = *value;
1330 CborError err = cbor_value_skip_tag(©);
1331 if (err)
1332 return err;
1333 if (!cbor_value_is_text_string(©)) {
1334 *result = false;
1335 return CborNoError;
1336 }
1337
1338 len = strlen(string);
1339 return iterate_string_chunks(©, CONST_CAST(char *, string), &len, result, NULL, iterate_memcmp);
1340 }
1341
1342 /**
1343 * \fn bool cbor_value_is_array(const CborValue *value)
1344 *
1345 * Returns true if the iterator \a value is valid and points to a CBOR array.
1346 *
1347 * \sa cbor_value_is_valid(), cbor_value_is_map()
1348 */
1349
1350 /**
1351 * \fn CborError cbor_value_get_array_length(const CborValue *value, size_t *length)
1352 *
1353 * Extracts the length of the CBOR array that \a value points to and stores it
1354 * in \a result. If the iterator \a value does not point to a CBOR array, the
1355 * behaviour is undefined, so checking with \ref cbor_value_get_type or \ref
1356 * cbor_value_is_array is recommended.
1357 *
1358 * If the length of this array is not encoded in the CBOR data stream, this
1359 * function will return the recoverable error CborErrorUnknownLength. You may
1360 * also check whether that is the case by using cbor_value_is_length_known().
1361 *
1362 * \note On 32-bit platforms, this function will return error condition of \ref
1363 * CborErrorDataTooLarge if the stream indicates a length that is too big to
1364 * fit in 32-bit.
1365 *
1366 * \sa cbor_value_is_valid(), cbor_value_is_length_known()
1367 */
1368
1369 /**
1370 * \fn bool cbor_value_is_map(const CborValue *value)
1371 *
1372 * Returns true if the iterator \a value is valid and points to a CBOR map.
1373 *
1374 * \sa cbor_value_is_valid(), cbor_value_is_array()
1375 */
1376
1377 /**
1378 * \fn CborError cbor_value_get_map_length(const CborValue *value, size_t *length)
1379 *
1380 * Extracts the length of the CBOR map that \a value points to and stores it in
1381 * \a result. If the iterator \a value does not point to a CBOR map, the
1382 * behaviour is undefined, so checking with \ref cbor_value_get_type or \ref
1383 * cbor_value_is_map is recommended.
1384 *
1385 * If the length of this map is not encoded in the CBOR data stream, this
1386 * function will return the recoverable error CborErrorUnknownLength. You may
1387 * also check whether that is the case by using cbor_value_is_length_known().
1388 *
1389 * \note On 32-bit platforms, this function will return error condition of \ref
1390 * CborErrorDataTooLarge if the stream indicates a length that is too big to
1391 * fit in 32-bit.
1392 *
1393 * \sa cbor_value_is_valid(), cbor_value_is_length_known()
1394 */
1395
1396 /**
1397 * Attempts to find the value in map \a map that corresponds to the text string
1398 * entry \a string. If the iterator \a value does not point to a CBOR map, the
1399 * behaviour is undefined, so checking with \ref cbor_value_get_type or \ref
1400 * cbor_value_is_map is recommended.
1401 *
1402 * If the item is found, it is stored in \a result. If no item is found
1403 * matching the key, then \a result will contain an element of type \ref
1404 * CborInvalidType. Matching is performed using
1405 * cbor_value_text_string_equals(), so tagged strings will also match.
1406 *
1407 * This function has a time complexity of O(n) where n is the number of
1408 * elements in the map to be searched. In addition, this function is has O(n)
1409 * memory requirement based on the number of nested containers (maps or arrays)
1410 * found as elements of this map.
1411 *
1412 * \sa cbor_value_is_valid(), cbor_value_text_string_equals(), cbor_value_advance()
1413 */
cbor_value_map_find_value(const CborValue * map,const char * string,CborValue * element)1414 CborError cbor_value_map_find_value(const CborValue *map, const char *string, CborValue *element)
1415 {
1416 CborError err;
1417 size_t len = strlen(string);
1418 cbor_assert(cbor_value_is_map(map));
1419 err = cbor_value_enter_container(map, element);
1420 if (err)
1421 goto error;
1422
1423 while (!cbor_value_at_end(element)) {
1424 /* find the non-tag so we can compare */
1425 err = cbor_value_skip_tag(element);
1426 if (err)
1427 goto error;
1428 if (cbor_value_is_text_string(element)) {
1429 bool equals;
1430 size_t dummyLen = len;
1431 err = iterate_string_chunks(element, CONST_CAST(char *, string), &dummyLen,
1432 &equals, element, iterate_memcmp);
1433 if (err)
1434 goto error;
1435 if (equals)
1436 return preparse_value(element);
1437 } else {
1438 /* skip this key */
1439 err = cbor_value_advance(element);
1440 if (err)
1441 goto error;
1442 }
1443
1444 /* skip this value */
1445 err = cbor_value_skip_tag(element);
1446 if (err)
1447 goto error;
1448 err = cbor_value_advance(element);
1449 if (err)
1450 goto error;
1451 }
1452
1453 /* not found */
1454 element->type = CborInvalidType;
1455 return CborNoError;
1456
1457 error:
1458 element->type = CborInvalidType;
1459 return err;
1460 }
1461
1462 /**
1463 * \fn bool cbor_value_is_float(const CborValue *value)
1464 *
1465 * Returns true if the iterator \a value is valid and points to a CBOR
1466 * single-precision floating point (32-bit).
1467 *
1468 * \sa cbor_value_is_valid(), cbor_value_is_double(), cbor_value_is_half_float()
1469 */
1470
1471 /**
1472 * \fn CborError cbor_value_get_float(const CborValue *value, float *result)
1473 *
1474 * Retrieves the CBOR single-precision floating point (32-bit) value that \a
1475 * value points to and stores it in \a result. If the iterator \a value does
1476 * not point to a single-precision floating point value, the behavior is
1477 * undefined, so checking with \ref cbor_value_get_type or with \ref
1478 * cbor_value_is_float is recommended.
1479 *
1480 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_float(), cbor_value_get_double()
1481 */
1482
1483 /**
1484 * \fn bool cbor_value_is_double(const CborValue *value)
1485 *
1486 * Returns true if the iterator \a value is valid and points to a CBOR
1487 * double-precision floating point (64-bit).
1488 *
1489 * \sa cbor_value_is_valid(), cbor_value_is_float(), cbor_value_is_half_float()
1490 */
1491
1492 /**
1493 * \fn CborError cbor_value_get_double(const CborValue *value, float *result)
1494 *
1495 * Retrieves the CBOR double-precision floating point (64-bit) value that \a
1496 * value points to and stores it in \a result. If the iterator \a value does
1497 * not point to a double-precision floating point value, the behavior is
1498 * undefined, so checking with \ref cbor_value_get_type or with \ref
1499 * cbor_value_is_double is recommended.
1500 *
1501 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_double(), cbor_value_get_float()
1502 */
1503
1504 /**
1505 * \fn bool cbor_value_is_half_float(const CborValue *value)
1506 *
1507 * Returns true if the iterator \a value is valid and points to a CBOR
1508 * single-precision floating point (16-bit).
1509 *
1510 * \sa cbor_value_is_valid(), cbor_value_is_double(), cbor_value_is_float()
1511 */
1512
1513 /**
1514 * \fn CborError cbor_value_get_half_float(const CborValue *value, void *result)
1515 *
1516 * Retrieves the CBOR half-precision floating point (16-bit) value that \a
1517 * value points to and stores it in \a result. If the iterator \a value does
1518 * not point to a half-precision floating point value, the behavior is
1519 * undefined, so checking with \ref cbor_value_get_type or with \ref
1520 * cbor_value_is_half_float is recommended.
1521 *
1522 * Note: since the C language does not have a standard type for half-precision
1523 * floating point, this function takes a \c{void *} as a parameter for the
1524 * storage area, which must be at least 16 bits wide.
1525 *
1526 * \sa cbor_value_get_type(), cbor_value_is_valid(), cbor_value_is_half_float(), cbor_value_get_half_float_as_float(), cbor_value_get_float()
1527 */
1528
1529 /** @} */
1530