add support for parsing implicit DER tags

tomato42 · tomato42 · commit 8e3f653e6615 · 2025-03-06T18:28:30.000+01:00
diff --git a/src/ecdsa/der.py b/src/ecdsa/der.py
@@ -142,6 +142,49 @@ def remove_constructed(string):
     return tag, body, rest
 
 
+def remove_implicit(string, exp_class="context-specific"):
+    """
+    Removes an IMPLICIT tagged value from ``string`` following :term:`DER`.
+
+    :param bytes string: a byte string that can have one or more
+      DER elements.
+    :param str exp_class: the expected tag class of the implicitly
+      encoded value. Possible values are: "context-specific", "application",
+      and "private".
+    :return: a tuple with first value being the tag without indicator bits,
+      second being the raw bytes of the value and the third one being
+      remaining bytes (or an empty string if there are none)
+    :rtype: tuple(int,bytes,bytes)
+    """
+    if exp_class not in ("context-specific", "application", "private"):
+        raise ValueError("invalid `exp_class` value")
+    if exp_class == "application":
+        tag_class = 0b01000000
+    elif exp_class == "context-specific":
+        tag_class = 0b10000000
+    else:
+        assert exp_class == "private"
+        tag_class = 0b11000000
+    tag_mask = 0b11000000
+
+    s0 = str_idx_as_int(string, 0)
+
+    if (s0 & tag_mask) != tag_class:
+        raise UnexpectedDER(
+            "wanted class {0}, got 0x{1:02x} tag".format(exp_class, s0)
+        )
+    if s0 & 0b00100000 != 0:
+        raise UnexpectedDER(
+            "wanted type primitive, got 0x{0:02x} tag".format(s0)
+        )
+
+    tag = s0 & 0x1F
+    length, llen = read_length(string[1:])
+    body = string[1 + llen : 1 + llen + length]
+    rest = string[1 + llen + length :]
+    return tag, body, rest
+
+
 def remove_sequence(string):
     if not string:
         raise UnexpectedDER("Empty string does not encode a sequence")
diff --git a/src/ecdsa/test_der.py b/src/ecdsa/test_der.py
@@ -22,6 +22,7 @@
     remove_object,
     encode_oid,
     remove_constructed,
+    remove_implicit,
     remove_octet_string,
     remove_sequence,
 )
@@ -396,6 +397,73 @@ def test_with_malformed_tag(self):
         self.assertIn("constructed tag", str(e.exception))
 
 
+class TestRemoveImplicit(unittest.TestCase):
+    @classmethod
+    def setUpClass(cls):
+        cls.exp_tag = 6
+        cls.exp_data = b"\x0a\x0b"
+        # data with application tag class
+        cls.data_application = b"\x46\x02\x0a\x0b"
+        # data with context-specific tag class
+        cls.data_context_specific = b"\x86\x02\x0a\x0b"
+        # data with private tag class
+        cls.data_private = b"\xc6\x02\x0a\x0b"
+
+    def test_simple(self):
+        tag, body, rest = remove_implicit(self.data_context_specific)
+
+        self.assertEqual(tag, self.exp_tag)
+        self.assertEqual(body, self.exp_data)
+        self.assertEqual(rest, b"")
+
+    def test_wrong_expected_class(self):
+        with self.assertRaises(ValueError) as e:
+            remove_implicit(self.data_context_specific, "foobar")
+
+        self.assertIn("invalid `exp_class` value", str(e.exception))
+
+    def test_with_wrong_class(self):
+        with self.assertRaises(UnexpectedDER) as e:
+            remove_implicit(self.data_application)
+
+        self.assertIn(
+            "wanted class context-specific, got 0x46 tag", str(e.exception)
+        )
+
+    def test_with_application_class(self):
+        tag, body, rest = remove_implicit(self.data_application, "application")
+
+        self.assertEqual(tag, self.exp_tag)
+        self.assertEqual(body, self.exp_data)
+        self.assertEqual(rest, b"")
+
+    def test_with_private_class(self):
+        tag, body, rest = remove_implicit(self.data_private, "private")
+
+        self.assertEqual(tag, self.exp_tag)
+        self.assertEqual(body, self.exp_data)
+        self.assertEqual(rest, b"")
+
+    def test_with_data_following(self):
+        extra_data = b"\x00\x01"
+
+        tag, body, rest = remove_implicit(
+            self.data_context_specific + extra_data
+        )
+
+        self.assertEqual(tag, self.exp_tag)
+        self.assertEqual(body, self.exp_data)
+        self.assertEqual(rest, extra_data)
+
+    def test_with_constructed(self):
+        data = b"\xa6\x02\x0a\x0b"
+
+        with self.assertRaises(UnexpectedDER) as e:
+            remove_implicit(data)
+
+        self.assertIn("wanted type primitive, got 0xa6 tag", str(e.exception))
+
+
 class TestRemoveOctetString(unittest.TestCase):
     def test_simple(self):
         data = b"\x04\x03\xaa\xbb\xcc"
