PNG  IHDR* pHYs+ IDATx]n#; cdLb Ǚ[at¤_:uP}>!Usă cag޿ ֵNu`ݼTâabO7uL&y^wFٝA"l[|ŲHLN밪4*sG3|Dv}?+y߉{OuOAt4Jj.u]Gz*҉sP'VQKbA1u\`& Af;HWj hsO;ogTu uj7S3/QzUr&wS`M$X_L7r2;aE+ώ%vikDA:dR+%KzƉo>eOth$z%: :{WwaQ:wz%4foɹE[9<]#ERINƻv溂E%P1i01 |Jvҗ&{b?9g=^wζXn/lK::90KwrюO\!ջ3uzuGv^;騢wq<Iatv09:tt~hEG`v;3@MNZD.1]L:{ծI3`L(÷ba")Y.iljCɄae#I"1 `3*Bdz>j<fU40⨬%O$3cGt]j%Fߠ_twJ;ABU8vP3uEԑwQ V:h%))LfraqX-ۿX]v-\9I gl8tzX ]ecm)-cgʒ#Uw=Wlێn(0hPP/ӨtQ“&J35 $=]r1{tLuǮ*i0_;NƝ8;-vݏr8+U-kruȕYr0RnC]*ެ(M:]gE;{]tg(#ZJ9y>utRDRMdr9㪩̞zֹb<ģ&wzJM"iI( .ꮅX)Qw:9,i좜\Ԛi7&N0:asϓc];=ΗOӣ APqz93 y $)A*kVHZwBƺnWNaby>XMN*45~ղM6Nvm;A=jֲ.~1}(9`KJ/V F9[=`~[;sRuk]rєT!)iQO)Y$V ی ۤmzWz5IM Zb )ˆC`6 rRa}qNmUfDsWuˤV{ Pݝ'=Kֳbg,UҘVz2ﴻnjNgBb{? ߮tcsͻQuxVCIY۠:(V뺕 ٥2;t`@Fo{Z9`;]wMzU~%UA蛚dI vGq\r82iu +St`cR.6U/M9IENDB`# This file is dual licensed under the terms of the Apache License, Version # 2.0, and the BSD License. See the LICENSE file in the root of this repository # for complete details. from __future__ import absolute_import, division, print_function import six from cryptography.utils import int_from_bytes, int_to_bytes # This module contains a lightweight DER encoder and decoder. See X.690 for the # specification. This module intentionally does not implement the more complex # BER encoding, only DER. # # Note this implementation treats an element's constructed bit as part of the # tag. This is fine for DER, where the bit is always computable from the type. CONSTRUCTED = 0x20 CONTEXT_SPECIFIC = 0x80 INTEGER = 0x02 BIT_STRING = 0x03 OCTET_STRING = 0x04 NULL = 0x05 OBJECT_IDENTIFIER = 0x06 SEQUENCE = 0x10 | CONSTRUCTED SET = 0x11 | CONSTRUCTED PRINTABLE_STRING = 0x13 UTC_TIME = 0x17 GENERALIZED_TIME = 0x18 class DERReader(object): def __init__(self, data): self.data = memoryview(data) def __enter__(self): return self def __exit__(self, exc_type, exc_value, tb): if exc_value is None: self.check_empty() def is_empty(self): return len(self.data) == 0 def check_empty(self): if not self.is_empty(): raise ValueError("Invalid DER input: trailing data") def read_byte(self): if len(self.data) < 1: raise ValueError("Invalid DER input: insufficient data") ret = six.indexbytes(self.data, 0) self.data = self.data[1:] return ret def read_bytes(self, n): if len(self.data) < n: raise ValueError("Invalid DER input: insufficient data") ret = self.data[:n] self.data = self.data[n:] return ret def read_any_element(self): tag = self.read_byte() # Tag numbers 31 or higher are stored in multiple bytes. No supported # ASN.1 types use such tags, so reject these. if tag & 0x1F == 0x1F: raise ValueError("Invalid DER input: unexpected high tag number") length_byte = self.read_byte() if length_byte & 0x80 == 0: # If the high bit is clear, the first length byte is the length. length = length_byte else: # If the high bit is set, the first length byte encodes the length # of the length. length_byte &= 0x7F if length_byte == 0: raise ValueError( "Invalid DER input: indefinite length form is not allowed " "in DER" ) length = 0 for i in range(length_byte): length <<= 8 length |= self.read_byte() if length == 0: raise ValueError( "Invalid DER input: length was not minimally-encoded" ) if length < 0x80: # If the length could have been encoded in short form, it must # not use long form. raise ValueError( "Invalid DER input: length was not minimally-encoded" ) body = self.read_bytes(length) return tag, DERReader(body) def read_element(self, expected_tag): tag, body = self.read_any_element() if tag != expected_tag: raise ValueError("Invalid DER input: unexpected tag") return body def read_single_element(self, expected_tag): with self: return self.read_element(expected_tag) def read_optional_element(self, expected_tag): if len(self.data) > 0 and six.indexbytes(self.data, 0) == expected_tag: return self.read_element(expected_tag) return None def as_integer(self): if len(self.data) == 0: raise ValueError("Invalid DER input: empty integer contents") first = six.indexbytes(self.data, 0) if first & 0x80 == 0x80: raise ValueError("Negative DER integers are not supported") # The first 9 bits must not all be zero or all be ones. Otherwise, the # encoding should have been one byte shorter. if len(self.data) > 1: second = six.indexbytes(self.data, 1) if first == 0 and second & 0x80 == 0: raise ValueError( "Invalid DER input: integer not minimally-encoded" ) return int_from_bytes(self.data, "big") def encode_der_integer(x): if not isinstance(x, six.integer_types): raise ValueError("Value must be an integer") if x < 0: raise ValueError("Negative integers are not supported") n = x.bit_length() // 8 + 1 return int_to_bytes(x, n) def encode_der(tag, *children): length = 0 for child in children: length += len(child) chunks = [six.int2byte(tag)] if length < 0x80: chunks.append(six.int2byte(length)) else: length_bytes = int_to_bytes(length) chunks.append(six.int2byte(0x80 | len(length_bytes))) chunks.append(length_bytes) chunks.extend(children) return b"".join(chunks)