1 // SPDX-License-Identifier: BSD-3-Clause
2 /* ===========================================================================
3 * Copyright (c) 2016-2018, The Linux Foundation.
4 * Copyright (c) 2018-2024, Laurence Lundblade.
5 * Copyright (c) 2021, Arm Limited.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are
10 * met:
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above
14 * copyright notice, this list of conditions and the following
15 * disclaimer in the documentation and/or other materials provided
16 * with the distribution.
17 * * Neither the name of The Linux Foundation nor the names of its
18 * contributors, nor the name "Laurence Lundblade" may be used to
19 * endorse or promote products derived from this software without
20 * specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
23 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
24 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
26 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
29 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
30 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
31 * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
32 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 * ========================================================================= */
34
35
36 #ifndef qcbor_decode_h
37 #define qcbor_decode_h
38
39
40 #include "qcbor/qcbor_common.h"
41 #include "qcbor/qcbor_private.h"
42 #include <stdbool.h>
43
44
45 #ifdef __cplusplus
46 extern "C" {
47 #if 0
48 } /* Keep editor indention formatting happy */
49 #endif
50 #endif
51
52
53 /**
54 * @file qcbor_decode.h
55 *
56 * @anchor BasicDecode
57 * # QCBOR Basic Decode
58 *
59 * This section discusses decoding assuming familiarity with the
60 * general description of this encoder-decoder in section @ref
61 * Overview.
62 *
63 * Encoded CBOR has a tree structure where the leaf nodes are
64 * non-aggregate types like integers and strings and the intermediate
65 * nodes are either arrays or maps. Fundamentally, CBOR decoding is a
66 * pre-order traversal of this tree with CBOR sequences a minor
67 * exception. Calling QCBORDecode_GetNext() repeatedly will perform
68 * this. QCBOR maintains an internal traversal cursor. It is possible
69 * to decode any CBOR by only calling QCBORDecode_GetNext(), though
70 * this doesn't take advantage of many QCBOR features.
71 *
72 * QCBORDecode_GetNext() returns a 56 byte structure called
73 * @ref QCBORItem that describes the decoded item including:
74 * - The data itself, integer, string, floating-point number...
75 * - The label if present
76 * - Unprocessed tags
77 * - Nesting level
78 * - Allocation type (primarily of interest for indefinite length strings)
79 *
80 * For strings, this structure contains a pointer and length back into
81 * the original data.
82 *
83 * Most of the tags that QCBOR supports directly are decoded into a
84 * representation in @ref QCBORItem.
85 *
86 * A string allocator must be used when decoding indefinite length
87 * strings. See QCBORDecode_SetMemPool() or
88 * QCBORDecode_SetUpAllocator(). @ref QCBORItem indicates if a string
89 * was allocated with the string allocator.
90 *
91 * This pre-order traversal gives natural decoding of arrays where the
92 * array members are taken in order. Maps can be decoded this way too,
93 * but the @ref SpiffyDecode APIs that allow searching maps by label
94 * are often more convenient.
95 *
96 * @anchor Decode-Errors-Overview
97 * # Decode Errors Overview
98 *
99 * The simplest way to handle decoding errors is to make use of the
100 * internal error tracking. The only error code check necessary is
101 * at the end when QCBORDecode_Finish() is called. To do this:
102 *
103 * - Use QCBORDecode_VGetNext(), QCBORDecode_VPeekNext()
104 * and any or all of the functions in qcbor_spiffy_decode.h. Don't use
105 * QCBORDecode_GetNext() or QCBORDecode_PeekNext().
106 * - Call QCBORDecode_Finish() and check its return code.
107 * - Do not reference any decoded data until after
108 * QCBORDecode_Finish() returns success.
109 *
110 * Once an encoding error has been encountered, the error state is
111 * entered and further decoding function calls will do nothing. It is
112 * safe to continue calling decoding functions after an error. No
113 * error checking is necessary making the code to decode a protocol
114 * simpler. The two exceptions are QCBORDecode_GetNext() and
115 * QCBORDecode_PeekNext() which will try to decode even if the decoder
116 * is in the error state. Use QCBORDecode_VGetNext() and
117 * QCBORDecode_VPeekNext() instead.
118 *
119 * While some protocols are simple enough to be decoded this way, many
120 * aren’t because the data items earlier in the protocol determine how
121 * later data items are to be decoded. In that case it is necessary to
122 * call QCBORDecode_GetError() to know the earlier items were
123 * successfully decoded before examining their value or type.
124 *
125 * The internal decode error state can be reset by reinitializing the
126 * decoder or calling QCBORDecode_GetErrorAndReset(). Code calling
127 * QCBOR may take advantage of the internal error state to halt
128 * futher decoding and propagate errors it detects using
129 * QCBORDecode_SetError().
130 *
131 * It is only useful to reset the error state by calling
132 * QCBORDecode_GetErrorAndReset() on recoverable errors. Examples of
133 * recoverable errors are a map entry not being found or integer
134 * overflow or underflow during conversion. Examples of unrecoverable
135 * errors are hitting the end of the input and array or map nesting
136 * beyond the limits of the implementation. See
137 * QCBORDecode_IsUnrecoverableError().Trying to reset and decode after
138 * an unrecoverable error will usually just lead to another error.
139 *
140 * It is possible to use QCBORDecode_GetNext() and
141 * QCBORDecode_PeekNext() to decode an entire protocol. However, that is
142 * usually more work, more code and less convenient than using spiffy
143 * decode functions.
144 *
145 * It is also possible to mix the use of QCBORDecode_GetNext() with
146 * QCBORDecode_VGetNext() and the spiffy decode functions, but
147 * QCBORDecode_GetError() must be called and return QCBOR_SUCCESS before
148 * QCBORDecode_GetNext() is called.
149 *
150 * The effect of a decoding error on the traversal cursor position
151 * varies by the decoding method called. It is unaffected by spiffy
152 * decode methods that get items by map label.
153 * QCBORDecode_GetInt64InMapN() is an example of this. The traversal
154 * cursor will be advanced by most other decode methods even when
155 * there is a decode error, often leaving it in an indeterminate
156 * position. If it is necessary to continue to decoding after an
157 * error, QCBORDecode_Rewind() can be used to reset it to a known-good
158 * position.
159 *
160 * When using spiffy decode methods to get an item by label from a map
161 * the whole map is internally traversed including nested arrays and
162 * maps. If there is any unrecoverable error during that traversal,
163 * the retrieval by label will fail. The unrecoverable error will be
164 * returned even if it is not because the item being sought is in
165 * error. Recoverable errors will be ignored unless they are on the
166 * item being sought, in which case the unrecoverable error will be
167 * returned. Unrecoverable errors are those indicated by
168 * QCBORDecode_IsUnrecoverableError().
169 *
170 * @anchor Disabilng-Tag-Decoding
171 * # Disabilng Tag Decoding
172 *
173 * If QCBOR_DISABLE_TAGS is defined, all code for decoding tags will
174 * be omitted reducing the core decoder, QCBORDecode_VGetNext(), by
175 * about 400 bytes. If a tag number is encountered in the decoder
176 * input the unrecoverable error @ref QCBOR_ERR_TAGS_DISABLED will be
177 * returned. No input with tags can be decoded.
178 *
179 * Decode functions like QCBORDecode_GetEpochDate() and
180 * QCBORDecode_GetDecimalFraction() that can decode the tag content
181 * even if the tag number is absent are still available. Typically
182 * they won't be linked in because of dead stripping. The
183 * @c uTagRequirement parameter has no effect, but if it is
184 * @ref QCBOR_TAG_REQUIREMENT_TAG, @ref QCBOR_ERR_TAGS_DISABLED
185 * will be set.
186 */
187
188 /**
189 * The decode mode options.
190 */
191 typedef enum {
192 /** See QCBORDecode_Init() */
193 QCBOR_DECODE_MODE_NORMAL = 0,
194 /** See QCBORDecode_Init() */
195 QCBOR_DECODE_MODE_MAP_STRINGS_ONLY = 1,
196 /** See QCBORDecode_Init() */
197 QCBOR_DECODE_MODE_MAP_AS_ARRAY = 2
198 /* This is stored in uint8_t in places; never add values > 255 */
199 } QCBORDecodeMode;
200
201 /**
202 * The maximum size of input to the decoder. Slightly less than
203 * @c UINT32_MAX to make room for some special indicator values.
204 */
205 #define QCBOR_MAX_DECODE_INPUT_SIZE (UINT32_MAX - 2)
206
207 /**
208 * The maximum number of tags that may occur on an individual nested
209 * item. Typically 4.
210 */
211 #define QCBOR_MAX_TAGS_PER_ITEM QCBOR_MAX_TAGS_PER_ITEM1
212
213
214
215 /* Do not renumber these. Code depends on some of these values. */
216 /** The data type is unknown, unset or invalid. */
217 #define QCBOR_TYPE_NONE 0
218
219 /** Never used in QCBORItem. Used by functions that match QCBOR types. */
220 #define QCBOR_TYPE_ANY 1
221
222 /** Type for an integer that decoded either between @c INT64_MIN and
223 * @c INT32_MIN or @c INT32_MAX and @c INT64_MAX. Data is in member
224 * @c val.int64. */
225 #define QCBOR_TYPE_INT64 2
226
227 /** Type for an integer that decoded to a more than @c INT64_MAX and
228 * @c UINT64_MAX. Data is in member @c val.uint64. */
229 #define QCBOR_TYPE_UINT64 3
230
231 /** Type for an array. See comments on @c val.uCount. */
232 #define QCBOR_TYPE_ARRAY 4
233
234 /** Type for a map. See comments on @c val.uCount. */
235 #define QCBOR_TYPE_MAP 5
236
237 /** Type for a buffer full of bytes. Data is in @c val.string. */
238 #define QCBOR_TYPE_BYTE_STRING 6
239
240 /** Type for a UTF-8 string. It is not NULL-terminated. See
241 * QCBOREncode_AddText() for a discussion of line endings in CBOR. Data
242 * is in @c val.string. */
243 #define QCBOR_TYPE_TEXT_STRING 7
244
245 /** Type for a positive big number. Data is in @c val.bignum, a
246 * pointer and a length. */
247 #define QCBOR_TYPE_POSBIGNUM 9
248
249 /** Type for a negative big number. Data is in @c val.bignum, a
250 * pointer and a length. */
251 #define QCBOR_TYPE_NEGBIGNUM 10
252
253 /** Type for [RFC 3339] (https://tools.ietf.org/html/rfc3339) date
254 * string, possibly with time zone. Data is in @c val.string . Note this
255 * was previously in @c val.dateString, however this is the same as
256 * val.string being the same type in same union. val.dateString will
257 * be deprecated.. */
258 #define QCBOR_TYPE_DATE_STRING 11
259
260 /** Type for integer seconds since Jan 1970 + floating-point
261 * fraction. Data is in @c val.epochDate */
262 #define QCBOR_TYPE_DATE_EPOCH 12
263
264 /** The CBOR major type "simple" has a small integer value indicating
265 * what it is. The standard CBOR simples are true, false, null, undef
266 * (values 20-23) and float-point numbers (values 25-27). The values
267 * 0-19 and 32-255 are unassigned and may be used if registered with
268 * in the IANA Simple Values Registry. If these unassigned simple
269 * values occur in the input they will be decoded as this. The value
270 * is in @c val.uSimple. */
271 #define QCBOR_TYPE_UKNOWN_SIMPLE 13
272
273 /** A decimal fraction made of decimal exponent and integer mantissa.
274 * See @ref expAndMantissa and QCBOREncode_AddDecimalFraction(). */
275 #define QCBOR_TYPE_DECIMAL_FRACTION 14
276
277 /** A decimal fraction made of decimal exponent and positive big
278 * number mantissa. See @ref expAndMantissa and
279 * QCBOREncode_AddDecimalFractionBigNum(). */
280 #define QCBOR_TYPE_DECIMAL_FRACTION_POS_BIGNUM 15
281
282 /** A decimal fraction made of decimal exponent and negative big
283 * number mantissa. See @ref expAndMantissa and
284 * QCBOREncode_AddDecimalFractionBigNum(). */
285 #define QCBOR_TYPE_DECIMAL_FRACTION_NEG_BIGNUM 16
286
287 /** A floating-point number made of base-2 exponent and integer
288 * mantissa. See @ref expAndMantissa and
289 * QCBOREncode_AddBigFloat(). */
290 #define QCBOR_TYPE_BIGFLOAT 17
291
292 /** A floating-point number made of base-2 exponent and positive big
293 * number mantissa. See @ref expAndMantissa and
294 * QCBOREncode_AddBigFloatBigNum(). */
295 #define QCBOR_TYPE_BIGFLOAT_POS_BIGNUM 18
296
297 /** A floating-point number made of base-2 exponent and negative big
298 * number mantissa. See @ref expAndMantissa and
299 * QCBOREncode_AddBigFloatBigNum(). */
300 #define QCBOR_TYPE_BIGFLOAT_NEG_BIGNUM 19
301
302 /** Type for the simple value false. */
303 #define QCBOR_TYPE_FALSE 20
304
305 /** Type for the simple value true. */
306 #define QCBOR_TYPE_TRUE 21
307
308 /** Type for the simple value null. */
309 #define QCBOR_TYPE_NULL 22
310
311 /** Type for the simple value undef. */
312 #define QCBOR_TYPE_UNDEF 23
313
314 /** Type for a floating-point number. Data is in @c val.fnum. */
315 #define QCBOR_TYPE_FLOAT 26
316
317 /** Type for a double floating-point number. Data is in @c val.dfnum. */
318 #define QCBOR_TYPE_DOUBLE 27
319
320 #define QCBOR_TYPE_BREAK 31 /* Used internally; never returned */
321
322 /** For @ref QCBOR_DECODE_MODE_MAP_AS_ARRAY decode mode, a map that is
323 * being traversed as an array. See QCBORDecode_Init() */
324 #define QCBOR_TYPE_MAP_AS_ARRAY 32
325
326 /** Encoded CBOR that is wrapped in a byte string. Often used when the
327 * CBOR is to be hashed for signing or HMAC. See also @ref
328 * QBCOR_TYPE_WRAPPED_CBOR_SEQUENCE. Data is in @c val.string. */
329 #define QBCOR_TYPE_WRAPPED_CBOR 36
330
331 /** A URI as defined in RFC 3986. Data is in @c val.string. */
332 #define QCBOR_TYPE_URI 44
333
334 /** Text is base64 URL encoded in RFC 4648. The base64 encoding is
335 * NOT removed. Data is in @c val.string. */
336 #define QCBOR_TYPE_BASE64URL 45
337
338 /** Text is base64 encoded in RFC 4648. The base64 encoding is NOT
339 * removed. Data is in @c val.string. */
340 #define QCBOR_TYPE_BASE64 46
341
342 /** PERL-compatible regular expression. Data is in @c val.string. */
343 #define QCBOR_TYPE_REGEX 47
344
345 /** Non-binary MIME per RFC 2045. See also @ref
346 * QCBOR_TYPE_BINARY_MIME. Data is in @c val.string. */
347 #define QCBOR_TYPE_MIME 48
348
349 /** Binary UUID per RFC 4122. Data is in @c val.string. */
350 #define QCBOR_TYPE_UUID 49
351
352 /** A CBOR sequence per RFC 8742. See also @ ref
353 * QBCOR_TYPE_WRAPPED_CBOR. Data is in @c val.string. */
354 #define QBCOR_TYPE_WRAPPED_CBOR_SEQUENCE 75
355
356 /** Binary MIME per RFC 2045. See also @ref QCBOR_TYPE_MIME. Data is
357 * in @c val.string. */
358 #define QCBOR_TYPE_BINARY_MIME 76
359
360 /** Type for [RFC 8943](https://tools.ietf.org/html/rfc8943) date
361 * string, a date with no time or time zone info. Data is in
362 * @c val.string */
363 #define QCBOR_TYPE_DAYS_STRING 77
364
365 /** Type for integer days since Jan 1 1970 described in
366 * [RFC 8943](https://tools.ietf.org/html/rfc8943). Data is in
367 * @c val.epochDays */
368 #define QCBOR_TYPE_DAYS_EPOCH 78
369
370 #define QCBOR_TYPE_TAG 254 /* Used internally; never returned */
371
372 #define QCBOR_TYPE_OPTTAG QCBOR_TYPE_TAG /* Depricated. See QCBOR_TYPE_TAG */
373
374
375
376 /**
377 * The largest value in @c utags that is unmapped and can be used without
378 * mapping it through QCBORDecode_GetNthTag().
379 */
380 #define QCBOR_LAST_UNMAPPED_TAG (CBOR_TAG_INVALID16 - QCBOR_NUM_MAPPED_TAGS - 1)
381
382
383 /**
384 * This holds a decoded data item. It is returned by the
385 * QCBORDecode_GetNext(), the principle decoding function.
386 * It holds the type, value, label, tags and other details
387 * of the decoded data item.
388 *
389 * This is typically 56 bytes on 64-bit CPUs and 52 bytes on 32-bit
390 * CPUs (the CPU and the system's ABI determine this size).
391 */
392 typedef struct _QCBORItem {
393 /** Tells what element of the @c val union to use. One of @ref
394 * QCBOR_TYPE_INT64, @ref QCBOR_TYPE_ARRAY, ...*/
395 uint8_t uDataType;
396
397 /** Tells what element of the @c label union to use. One of
398 * @ref QCBOR_TYPE_INT64, @ref QCBOR_TYPE_BYTE_STRING, ...*/
399 uint8_t uLabelType;
400
401 /** Holds the nesting depth for arrays and map. 0 is the top level
402 * with no arrays or maps entered. */
403 uint8_t uNestingLevel;
404
405 /** Holds the nesting level of the next item after this one. If
406 * less than @c uNestingLevel, this item was the last one in an
407 * arry or map and it closed out at least one nesting level. */
408 uint8_t uNextNestLevel;
409
410 /** 1 if a @c val that is a string is allocated with string
411 * allocator, 0 if not. Always 0 unless an allocator has been set
412 * up by calling QCBORDecode_SetMemPool() or
413 * QCBORDecode_SetUpAllocator(). */
414 uint8_t uDataAlloc;
415
416 /** 1 if a @c label that is a string is allocated with string
417 * allocator, 0 if not. Always 0 unless an allocator has been set
418 * up by calling QCBORDecode_SetMemPool() or
419 * QCBORDecode_SetUpAllocator(). */
420 uint8_t uLabelAlloc;
421
422 /** The union holding the item's value. Select union member based
423 * on @c uDataType. */
424 union {
425 /** The value for @c uDataType @ref QCBOR_TYPE_INT64. */
426 int64_t int64;
427 /** The value for @c uDataType @ref QCBOR_TYPE_UINT64. */
428 uint64_t uint64;
429 /** The value for @c uDataType @ref QCBOR_TYPE_BYTE_STRING and
430 * @ref QCBOR_TYPE_TEXT_STRING. Also
431 * for many tags whose content is a string such @ref QCBOR_TYPE_DAYS_STRING
432 * and @ref QCBOR_TYPE_URI. */
433 UsefulBufC string;
434 /** The "value" for @c uDataType @ref QCBOR_TYPE_ARRAY or @ref
435 * QCBOR_TYPE_MAP, the number of items in the array or map. It
436 * is @c UINT16_MAX when decoding indefinite-lengths maps and
437 * arrays. Detection of the end of a map or array is best done
438 * with @c uNestLevel and @c uNextNestLevel so as to work for
439 * both definite and indefinite length maps and arrays. */
440 uint16_t uCount;
441 #ifndef USEFULBUF_DISABLE_ALL_FLOAT
442 /** The value for @c uDataType @ref QCBOR_TYPE_DOUBLE. */
443 double dfnum;
444 /** The value for @c uDataType @ref QCBOR_TYPE_FLOAT. */
445 float fnum;
446 #endif /* USEFULBUF_DISABLE_ALL_FLOAT */
447 /** The value for @c uDataType @ref QCBOR_TYPE_DATE_EPOCH, the
448 * number of seconds after or before Jan 1, 1970. This has a
449 * range of 500 billion years. Floating-point dates are
450 * converted to this integer + fractional value. If the input
451 * value is beyond the 500 billion-year range (e.g., +/i
452 * infinity, large floating point values, NaN)
453 * @ref QCBOR_ERR_DATE_OVERFLOW will be returned. If the input
454 * is floating-point and QCBOR has been compiled with
455 * floating-point disabled, one of the various floating-point
456 * disabled errors will be returned. */
457 struct {
458 int64_t nSeconds;
459 #ifndef USEFULBUF_DISABLE_ALL_FLOAT
460 double fSecondsFraction;
461 #endif /* USEFULBUF_DISABLE_ALL_FLOAT */
462 } epochDate;
463
464 /** The value for @c uDataType @ref QCBOR_TYPE_DAYS_EPOCH -- the
465 * number of days before or after Jan 1, 1970. */
466 int64_t epochDays;
467 /** No longer used. Was the value for @ref QCBOR_TYPE_DATE_STRING,
468 * but now that value is in @c string. This will be removed in QCBOR 2.0. */
469 UsefulBufC dateString;
470 /** The value for @c uDataType @ref QCBOR_TYPE_POSBIGNUM and
471 * @ref QCBOR_TYPE_NEGBIGNUM. */
472 UsefulBufC bigNum;
473 /** See @ref QCBOR_TYPE_UKNOWN_SIMPLE */
474 uint8_t uSimple;
475 #ifndef QCBOR_DISABLE_EXP_AND_MANTISSA
476 /**
477 * @anchor expAndMantissa
478 *
479 * This holds the value for big floats and decimal fractions.
480 * The use of the fields in this structure depends on @c
481 * uDataType.
482 *
483 * When @c uDataType indicates a decimal fraction, the
484 * @c nExponent is base 10. When it indicates a big float, it
485 * is base 2.
486 *
487 * When @c uDataType indicates a big number, then the @c bigNum
488 * member of @c Mantissa is valid. Otherwise the @c nInt member
489 * of @c Mantissa is valid.
490 *
491 * See @ref QCBOR_TYPE_DECIMAL_FRACTION,
492 * @ref QCBOR_TYPE_DECIMAL_FRACTION_POS_BIGNUM,
493 * @ref QCBOR_TYPE_DECIMAL_FRACTION_NEG_BIGNUM,
494 * @ref QCBOR_TYPE_BIGFLOAT, @ref QCBOR_TYPE_BIGFLOAT_POS_BIGNUM,
495 * and @ref QCBOR_TYPE_BIGFLOAT_NEG_BIGNUM.
496 *
497 * Also see QCBOREncode_AddTDecimalFraction(),
498 * QCBOREncode_AddTBigFloat(),
499 * QCBOREncode_AddTDecimalFractionBigNum() and
500 * QCBOREncode_AddTBigFloatBigNum().
501 */
502 struct {
503 int64_t nExponent;
504 union {
505 int64_t nInt;
506 UsefulBufC bigNum;
507 } Mantissa;
508 } expAndMantissa;
509 #endif /* QCBOR_DISABLE_EXP_AND_MANTISSA */
510 uint64_t uTagV; /* Used internally during decoding */
511
512 } val;
513
514 /** Union holding the different label types selected based on @c uLabelType */
515 union {
516 /** The label for @c uLabelType for @ref QCBOR_TYPE_INT64 */
517 int64_t int64;
518 #ifndef QCBOR_DISABLE_NON_INTEGER_LABELS
519 /** The label for @c uLabelType for @ref QCBOR_TYPE_UINT64 */
520 uint64_t uint64;
521 /** The label for @c uLabelType @ref QCBOR_TYPE_BYTE_STRING and
522 * @ref QCBOR_TYPE_TEXT_STRING */
523 UsefulBufC string;
524 #endif /* ! QCBOR_DISABLE_NON_INTEGER_LABELS */
525 } label;
526
527 #ifndef QCBOR_DISABLE_TAGS
528 /**
529 * The tags numbers for which the item is the tag content. Tags
530 * nest, so index 0 in the array is the tag on the data item
531 * itself, index 1 is the tag that applies to the tag in index
532 * 0. The end of the list is indicated by @ref CBOR_TAG_INVALID16
533 *
534 * Tag nesting is uncommon and rarely deep. This implementation
535 * only allows nesting to a depth of @ref QCBOR_MAX_TAGS_PER_ITEM,
536 * usually 4.
537 *
538 * Tag numbers in the array below and equal to @ref
539 * QCBOR_LAST_UNMAPPED_TAG are unmapped and can be used
540 * directly. Tag numbers above this must be translated through
541 * QCBORDecode_GetNthTag().
542 *
543 * See also the large number of functions like
544 * QCBORDecode_GetEpochDate() and QCBORDecode_GetBignum() in
545 * qcbor_spiffy_decode.h for a way to decode tagged types without
546 * having to reference this array. Also see @ref Tags-Overview.
547 */
548 uint16_t uTags[QCBOR_MAX_TAGS_PER_ITEM];
549 #endif
550
551 } QCBORItem;
552
553 /**
554 * An array or map's length is indefinite when it has this value.
555 */
556 #define QCBOR_COUNT_INDICATES_INDEFINITE_LENGTH UINT16_MAX
557
558
559
560
561 /**
562 * @brief Prototype for the implementation of a string allocator.
563 *
564 * @param[in] pAllocateCxt Pointer to context for the particular
565 * allocator implementation. Its contents
566 * depend on how a particular string allocator
567 * works. Typically, it will contain a pointer
568 * to the memory pool and some booking keeping
569 * data.
570 *
571 * @param[in] pOldMem Points to some memory previously allocated
572 * that is either to be freed or to be
573 * reallocated to be larger. It is @c NULL for
574 * new allocations and when called as the
575 * destructor.
576 *
577 * @param[in] uNewSize Size of memory to be allocated or new size
578 * for a chunk being reallocated. Zero when
579 * called to free memory or when called as the
580 * destructor.
581 *
582 * @return Either the allocated buffer is returned, or
583 * @ref NULLUsefulBufC. @ref NULLUsefulBufC is returned on a
584 * failed allocation and in the two cases where there is
585 * nothing to return.
586 *
587 * This function must be implemented for a custom string
588 * allocator. See QCBORDecode_SetUpAllocator().
589 *
590 * This is not needed if the built-in string allocator available
591 * through QCBORDecode_SetMemPool() is used.
592 *
593 * After being set up by a call to QCBORDecode_SetUpAllocator(),
594 * this is called back in four modes:
595 *
596 * - allocate: @c uNewSize is the amount to allocate. @c pOldMem is
597 * @c NULL.
598 *
599 * - free: @c uNewSize is 0. @c pOldMem points to the memory to be
600 * freed. When the decoder calls this, it will always be for the most
601 * recent block that was either allocated or reallocated.
602 *
603 * - reallocate: @c pOldMem is the block to reallocate. @c uNewSize is
604 * its new size. When the decoder calls this, it will always be for the
605 * most recent block that was either allocated or reallocated.
606 *
607 * - destruct: @c pOldMem is @c NULL and @c uNewSize is 0. This is
608 * called when the decoding is complete by
609 * QCBORDecode_Finish(). Usually, the strings allocated by a string
610 * allocator are in use after the decoding is completed so this
611 * usually will not free those strings. Many string allocators will
612 * not need to do anything in this mode.
613 *
614 * The strings allocated by this will have @c uDataAlloc set to true
615 * in the @ref QCBORItem when they are returned. The user of the
616 * strings will have to free them. How they free them, depends on the
617 * design of the string allocator.
618 */
619 typedef UsefulBuf (* QCBORStringAllocate)(void *pAllocateCxt,
620 void *pOldMem,
621 size_t uNewSize);
622
623
624 /**
625 * For the built-in string allocator available via
626 * QCBORDecode_SetMemPool(), this is the size overhead needed
627 * internally. The amount of memory available for decoded strings is
628 * the size of the buffer given to QCBORDecode_SetMemPool() less this
629 * amount.
630 *
631 * This doesn't apply to custom string allocators, only to the one
632 * available via QCBORDecode_SetMemPool().
633 */
634 #define QCBOR_DECODE_MIN_MEM_POOL_SIZE 8
635
636
637
638
639 /**
640 * QCBORDecodeContext holds the context for decoding CBOR. It is
641 * about 300 bytes, so it can go on the stack. The contents are
642 * opaque, and the caller should not access any internal items. A
643 * context may be re-used serially as long as it is re initialized.
644 */
645 typedef struct _QCBORDecodeContext QCBORDecodeContext;
646
647
648 /**
649 * Initialize the CBOR decoder context.
650 *
651 * @param[in] pCtx The context to initialize.
652 * @param[in] EncodedCBOR The buffer with CBOR encoded bytes to be decoded.
653 * @param[in] nMode See below and @ref QCBORDecodeMode.
654 *
655 * Initialize context for a pre-order traversal of the encoded CBOR
656 * tree.
657 *
658 * Most CBOR decoding can be completed by calling this function to
659 * start and QCBORDecode_GetNext() in a loop.
660 *
661 * If indefinite-length strings are to be decoded, then
662 * QCBORDecode_SetMemPool() or QCBORDecode_SetUpAllocator() must be
663 * called to set up a string allocator.
664 *
665 * Three decoding modes are supported. In normal mode, @ref
666 * QCBOR_DECODE_MODE_NORMAL, maps are decoded and strings and integers
667 * are accepted as map labels. If a label is other than these, the
668 * error @ref QCBOR_ERR_MAP_LABEL_TYPE is returned by
669 * QCBORDecode_GetNext().
670 *
671 * In strings-only mode, @ref QCBOR_DECODE_MODE_MAP_STRINGS_ONLY, only
672 * text strings are accepted for map labels. This lines up with CBOR
673 * that converts to JSON. The error @ref QCBOR_ERR_MAP_LABEL_TYPE is
674 * returned by QCBORDecode_GetNext() if anything but a text string
675 * label is encountered.
676 *
677 * In @ref QCBOR_DECODE_MODE_MAP_AS_ARRAY maps are treated as special
678 * arrays. They will be returned with special @c uDataType @ref
679 * QCBOR_TYPE_MAP_AS_ARRAY and @c uCount, the number of items, will be
680 * double what it would be for a normal map because the labels are
681 * also counted. This mode is useful for decoding CBOR that has labels
682 * that are not integers or text strings, but the caller must manage
683 * much of the map decoding.
684 */
685 void
686 QCBORDecode_Init(QCBORDecodeContext *pCtx, UsefulBufC EncodedCBOR, QCBORDecodeMode nMode);
687
688
689 /**
690 * @brief Set up the MemPool string allocator for indefinite-length strings.
691 *
692 * @param[in] pCtx The decode context.
693 * @param[in] MemPool The pointer and length of the memory pool.
694 * @param[in] bAllStrings If true, all strings, even of definite
695 * length, will be allocated with the string
696 * allocator.
697 *
698 * @return Error if the MemPool was greater than @c UINT32_MAX
699 * or less than @ref QCBOR_DECODE_MIN_MEM_POOL_SIZE.
700 *
701 * Indefinite-length strings (text and byte) cannot be decoded unless
702 * there is a string allocator configured. MemPool is a simple
703 * built-in string allocator that allocates bytes from a memory pool
704 * handed to it by calling this function. The memory pool is just a
705 * pointer and length for some block of memory that is to be used for
706 * string allocation. It can come from the stack, heap or other.
707 *
708 * The memory pool must be @ref QCBOR_DECODE_MIN_MEM_POOL_SIZE plus
709 * space for all the strings allocated. There is no overhead per
710 * string allocated. A conservative way to size this buffer is to make
711 * it the same size as the CBOR being decoded plus @ref
712 * QCBOR_DECODE_MIN_MEM_POOL_SIZE.
713 *
714 * This memory pool is used for all indefinite-length strings that are
715 * text strings or byte strings, including strings used as labels.
716 *
717 * The pointers to strings in @ref QCBORItem will point into the
718 * memory pool set here. They do not need to be individually
719 * freed. Just discard the buffer when they are no longer needed.
720 *
721 * If @c bAllStrings is set, then the size will be the overhead plus
722 * the space to hold **all** strings, definite and indefinite-length,
723 * value or label. The advantage of this is that after the decode is
724 * complete, the original memory holding the encoded CBOR does not
725 * need to remain valid.
726 *
727 * This simple allocator is not hard linked to the QCBOR decoder.
728 * Assuming dead-stripping of unused symbols is being performed, this
729 * simple allocator will not be linked in unless
730 * QCBORDecode_SetMemPool() is called.
731 *
732 * See also QCBORDecode_SetUpAllocator() to set up a custom allocator
733 * if this one isn't sufficient.
734 */
735 QCBORError
736 QCBORDecode_SetMemPool(QCBORDecodeContext *pCtx,
737 UsefulBuf MemPool,
738 bool bAllStrings);
739
740
741 /**
742 * @brief Sets up a custom string allocator for indefinite-length strings
743 *
744 * @param[in] pCtx The decoder context to set up an
745 * allocator for.
746 * @param[in] pfAllocateFunction Pointer to function that will be
747 * called by QCBOR for allocations and
748 * frees.
749 * @param[in] pAllocateContext Context passed to @c
750 * pfAllocateFunction.
751 * @param[in] bAllStrings If true, all strings, even of definite
752 * length, will be allocated with the
753 * string allocator.
754 *
755 * Indefinite-length strings (text and byte) cannot be decoded unless
756 * a string allocator is configured. QCBORDecode_SetUpAllocator()
757 * allows the caller to configure an external string allocator
758 * implementation if the internal string allocator is
759 * unsuitable. See QCBORDecode_SetMemPool() to configure the internal
760 * allocator.
761 *
762 * The string allocator configured here is a custom one designed
763 * and implemented by the caller. See @ref QCBORStringAllocate for
764 * the requirements for a string allocator implementation.
765 *
766 * A malloc-based string external allocator can be obtained by calling
767 * @c QCBORDecode_MakeMallocStringAllocator(). It will return a
768 * function and pointer that can be given here as @c pAllocatorFunction
769 * and @c pAllocatorContext. It uses standard @c malloc() so @c free()
770 * must be called on all strings marked by @c uDataAlloc @c == @c 1 or
771 * @c uLabelAlloc @c == @c 1 in @ref QCBORItem. Note this is in a
772 * separate GitHub repository.
773 */
774 void
775 QCBORDecode_SetUpAllocator(QCBORDecodeContext *pCtx,
776 QCBORStringAllocate pfAllocateFunction,
777 void *pAllocateContext,
778 bool bAllStrings);
779
780
781 /**
782 * @brief Get the next item (integer, byte string, array...) in the
783 * preorder traversal of the CBOR tree.
784 *
785 * @param[in] pCtx The decoder context.
786 * @param[out] pDecodedItem The decoded CBOR item.
787 *
788 * @c pDecodedItem is filled from the decoded item. Generally, the
789 * following data is returned in the structure:
790 *
791 * - @c uDataType which indicates which member of the @c val union the
792 * data is in. This decoder figures out the type based on the CBOR
793 * major type, the CBOR "additionalInfo", the CBOR optional tags and
794 * the value of the integer.
795 *
796 * - The value of the item, which might be an integer, a pointer and a
797 * length, the count of items in an array, a floating-point number or
798 * other.
799 *
800 * - The nesting level for maps and arrays.
801 *
802 * - The label for an item in a map, which may be a text or byte string
803 * or an integer.
804 *
805 * - The unprocessed tag numbers for which the item is the tag content.
806 *
807 * See @ref QCBORItem for all the details about what is returned.
808 *
809 * This function handles arrays and maps. When an array or map is
810 * first encountered a @ref QCBORItem will be returned with major type
811 * @ref QCBOR_TYPE_ARRAY or @ref QCBOR_TYPE_MAP. @c
812 * QCBORItem.val.uNestLevel gives the nesting level of the opening of
813 * the array or map. When the next item is fetched, it will be the
814 * first one in the array or map and its @c QCBORItem.val.uNestLevel
815 * will be one more than that of the opening of the array or map.
816 *
817 * Nesting level 0 is the top-most nesting level. The first item
818 * decoded always has nesting level 0. A map or array at the top level
819 * has nesting level 0 and the members of the array or map have
820 * nesting level 1.
821 *
822 * Here is an example of how the nesting level is reported for a CBOR
823 * sequence with no arrays or maps at all.
824 *
825 * @code
826 * Data Item Nesting Level
827 * integer 0
828 * byte string 0
829 * @endcode
830 *
831 * Here is an example of how the nesting level is reported for a CBOR
832 * sequence with a simple array and some top-level items.
833 *
834 * @code
835 * Data Item Nesting Level
836 * integer 0
837 * array with 2 items 0
838 * byte string 1
839 * byte string 1
840 * integer 0
841 * @endcode
842 *
843 * Here's a more complex example that is not a CBOR sequence
844 *
845 * @code
846 * Data Item Nesting Level
847 * map with 4 items 0
848 * text string 1
849 * array with 3 integers 1
850 * integer 2
851 * integer 2
852 * integer 2
853 * text string 1
854 * byte string 1
855 * @endcode
856 *
857 * In @ref QCBORItem, @c uNextNestLevel is the nesting level for the
858 * next call to QCBORDecode_VGetNext(). It indicates if any maps or
859 * arrays were closed out during the processing of the just-fetched
860 * @ref QCBORItem. This processing includes a look-ahead for any
861 * breaks that close out indefinite-length arrays or maps. This value
862 * is needed to be able to understand the hierarchical structure. If
863 * @c uNextNestLevel is not equal to @c uNestLevel the end of the
864 * current map or array has been encountered. This works for both
865 * definite and indefinite-length arrays so it is the best way to find the
866 * end of a map or array. Alternatively, for definite-length arrays,
867 * @c QCBORItem.val.uCount contains the number of items in the
868 * array. For indefinite-length arrays, @c QCBORItem.val.uCount
869 * is @c UINT16_MAX.
870 *
871 * All tags defined in RFC 8949 are automatically fully decoded. There
872 * are QCBOR_TYPES and members in @ref QCBORItem for them. For
873 * example, the tag 9 will show up in the @ref QCBORItem as type
874 * @ref QCBOR_TYPE_POSBIGNUM with the value in
875 * @c QCBORItem.val.bignum. There is also support for
876 * some of the tags in the IANA tag registry.
877 *
878 * Most tags with a CBOR_TAG_XXX define in qcbor_common.h like @ref
879 * CBOR_TAG_DATE_STRING are automaticlly decoded by QCBOR. Those that
880 * are defined but not decoded are so noted.
881 *
882 * Tags that are not decoded by QCBOR will be identified and recorded
883 * in @ref QCBORItem. Use QCBORDecode_GetNthTag() to get them. Only
884 * @ref QCBOR_MAX_TAGS_PER_ITEM tags are recorded per item and an
885 * error is returned if there are more than that.
886 *
887 * Previous versions of QCBOR handled tags in a more complex way using
888 * QCBORDecode_SetCallerConfiguredTagList() and
889 * QCBORDecode_GetNextWithTags(). This version is largely compatible, but
890 * imposes the limit of @ref QCBOR_MAX_TAGS_PER_ITEM tags per item.
891 *
892 * See @ref Tags-Overview for a description of how to go about
893 * creating custom tags.
894 *
895 * This tag decoding design is to be open-ended and flexible to be
896 * able to handle newly defined tags, while using very little memory,
897 * in particular keeping @ref QCBORItem as small as possible.
898 *
899 * See [Decode Error Overview](#Decode-Errors-Overview).
900 *
901 * If a decoding error occurs or previously occured, \c uDataType and
902 * \c uLabelType will be set to @ref QCBOR_TYPE_NONE. If there is no
903 * need to know the specific error, it is sufficient to check for @ref
904 * QCBOR_TYPE_NONE.
905 *
906 * Errors fall in several categories:
907 *
908 * - Not well-formed errors are those where there is something
909 * syntactically and fundamentally wrong with the CBOR being
910 * decoded. Decoding should stop completely.
911 *
912 * - Invalid CBOR is well-formed, but still not correct. It is
913 * probably best to stop decoding, but not necessary.
914 *
915 * - This implementation has some size limits. They should rarely be
916 * encountered. If they are it may because something is wrong with
917 * the CBOR, for example an array size is incorrect.
918 *
919 * - There are a few CBOR constructs that are not handled without some
920 * extra configuration. These are indefinite length strings and maps
921 * with labels that are not strings or integers. See
922 * QCBORDecode_Init(). Also, the QCBOR library may have been
923 * compiled with some features disabled to reduce code size and this
924 * can result in some errors.
925 *
926 * - Resource exhaustion. This only occurs when a string allocator is
927 * configured to handle indefinite-length strings as other than
928 * that, this implementation does no dynamic memory allocation.
929 *
930 * | Error | Description |
931 * | ---- | ---- |
932 * | __Not well-formed errors__ ||
933 * | @ref QCBOR_ERR_HIT_END | Partial data item; need more input bytes to complete decoding |
934 * | @ref QCBOR_ERR_UNSUPPORTED | Input contains CBOR with reserved additional info values |
935 * | @ref QCBOR_ERR_BAD_TYPE_7 | Simple value encoded as two-byte integer rather than one |
936 * | @ref QCBOR_ERR_BAD_BREAK | Break occured outside an indefinite-length map or such |
937 * | @ref QCBOR_ERR_BAD_INT | Length of integer is bad |
938 * | @ref QCBOR_ERR_INDEFINITE_STRING_CHUNK | One of the chunks in indefinite-length string is the wrong type |
939 * | __Invalid CBOR__ ||
940 * | @ref QCBOR_ERR_NO_MORE_ITEMS | Need more input data items to decode |
941 * | @ref QCBOR_ERR_BAD_EXP_AND_MANTISSA | The structure of a big float or big number is invalid |
942 * | @ref QCBOR_ERR_UNRECOVERABLE_TAG_CONTENT | The content of a tag is of the wrong type |
943 * | __Implementation Limits__ ||
944 * | @ref QCBOR_ERR_INT_OVERFLOW | Input integer smaller than INT64_MIN |
945 * | @ref QCBOR_ERR_ARRAY_DECODE_TOO_LONG | Array or map has more elements than can be handled |
946 * | @ref QCBOR_ERR_DATE_OVERFLOW | Date larger than can be handled |
947 * | @ref QCBOR_ERR_ARRAY_DECODE_NESTING_TOO_DEEP | Nesting deeper than can be handled |
948 * | @ref QCBOR_ERR_STRING_TOO_LONG | Encountered a string longer than size_t can hold less 4 bytes |
949 * | @ref QCBOR_ERR_TOO_MANY_TAGS | Tag nesting deeper than limit, typically 4 |
950 * | __Configuration errors__ ||
951 * | @ref QCBOR_ERR_NO_STRING_ALLOCATOR | Encountered indefinite-length string with no allocator configured |
952 * | @ref QCBOR_ERR_MAP_LABEL_TYPE | A map label that is not a string on an integer |
953 * | @ref QCBOR_ERR_HALF_PRECISION_DISABLED | Half-precision input, but disabled in QCBOR library |
954 * | @ref QCBOR_ERR_INDEF_LEN_ARRAYS_DISABLED | Indefinite-length input, but disabled in QCBOR library |
955 * | @ref QCBOR_ERR_INDEF_LEN_STRINGS_DISABLED | Indefinite-length input, but disabled in QCBOR library |
956 * | @ref QCBOR_ERR_ALL_FLOAT_DISABLED | Library compiled with floating-point support turned off. |
957 * | __Resource exhaustion errors__ ||
958 * | @ref QCBOR_ERR_STRING_ALLOCATE | The string allocator is unable to allocate more memory |
959 */
960 void
961 QCBORDecode_VGetNext(QCBORDecodeContext *pCtx, QCBORItem *pDecodedItem);
962
963
964 /**
965 * @brief Preorder traversal like QCBORDecode_VGetNext() without use
966 * of internal error state.
967 *
968 * @param[in] pCtx The decoder context.
969 * @param[out] pDecodedItem The decoded CBOR item.
970 *
971 * @return See error table of decoding errors set by QCBORDecode_VGetNext().
972 *
973 * This is the same as QCBORDecode_VGetNext() except it
974 * doesn't set the internal decoding error and will attempt to decode
975 * even if the decoder is in the error state.
976 */
977 QCBORError
978 QCBORDecode_GetNext(QCBORDecodeContext *pCtx, QCBORItem *pDecodedItem);
979
980
981 /**
982 * @brief Get the next item, fully consuming it if it is a map or array.
983 *
984 * @param[in] pCtx The decoder context.
985 * @param[out] pDecodedItem The decoded CBOR item.
986 *
987 * @c pItem returned is the same as QCBORDecode_VGetNext(). If the
988 * item is an array or map, the entire contents of the array or map
989 * will be consumed leaving the cursor after the array or map.
990 *
991 * If an array or map is being consumed by this, an error will occur
992 * if any of the items in the array or map are in error.
993 *
994 * If the item is a tag the contents of which is an array or map, like
995 * a big float, @c pItem will identify it as such and the contents
996 * will be consumed, but the validity of the tag won't be checked
997 * other than for being well-formed.
998 *
999 * In order to go back to decode the contents of an array or map
1000 * consumed by this, the decoder must be rewound using
1001 * QCBORDecode_Rewind().
1002 */
1003 void
1004 QCBORDecode_VGetNextConsume(QCBORDecodeContext *pCtx, QCBORItem *pDecodedItem);
1005
1006
1007 /**
1008 * @brief Get the next data item without consuming it.
1009 *
1010 * @param[in] pCtx The decoder context.
1011 * @param[out] pDecodedItem The decoded CBOR item.
1012 *
1013 * This is the same as QCBORDecode_VGetNext() but does not consume the
1014 * data item. This only looks ahead one item. Calling it repeatedly
1015 * will just return the same item over and over.
1016 *
1017 * This uses about 200 bytes of stack, far more than anything else
1018 * here in qcbor_decode.h because it saves a copy of most of the
1019 * decode context temporarily.
1020 *
1021 * This is useful for looking ahead to determine the type of a data
1022 * item to know which type-specific spiffy decode function to call or
1023 * decoding protocols where the types of later data items
1024 * depending on type of earlier ones.
1025 *
1026 * The error must be retrieved with QCBORDecode_GetError() and checked
1027 * to know the peek was successful before referencing the contents of
1028 * @c pDecodedItem.
1029 */
1030 void
1031 QCBORDecode_VPeekNext(QCBORDecodeContext *pCtx, QCBORItem *pDecodedItem);
1032
1033
1034 /**
1035 * @brief Get the next data item without consuming it without use
1036 * of internal error state.
1037 *
1038 * @param[in] pCtx The decoder context.
1039 * @param[out] pDecodedItem The decoded CBOR item.
1040 *
1041 * This is the same as QCBORDecode_VPeekNext() except it doesn't set
1042 * the internal decoding error and will attempt to decode even if the
1043 * decoder is in the error state.
1044 */
1045 QCBORError
1046 QCBORDecode_PeekNext(QCBORDecodeContext *pCtx, QCBORItem *pDecodedItem);
1047
1048
1049 /**
1050 * @brief Get the current traversal cursort offset in the input CBOR.
1051 *
1052 * @param[in] pCtx The decoder context.
1053 *
1054 * @returns The traversal cursor offset or @c UINT32_MAX.
1055
1056 * The position returned is always the start of the next item that
1057 * would be next decoded with QCBORDecode_VGetNext(). The cursor
1058 * returned may be at the end of the input in which case the next call
1059 * to QCBORDecode_VGetNext() will result in the @ref
1060 * QCBOR_ERR_NO_MORE_ITEMS. See also QCBORDecode_AtEnd().
1061 *
1062 * If the decoder is in error state from previous decoding,
1063 * @c UINT32_MAX is returned.
1064 *
1065 * When decoding map items, the position returned is always of the
1066 * label, never the value.
1067 *
1068 * For indefinite-length arrays and maps, the break byte is consumed
1069 * when the last item in the array or map is consumed so the cursor is
1070 * at the next item to be decoded as expected.
1071 *
1072 * There are some special rules for the traversal cursor when fetching
1073 * map items by label. See the description of @SpiffyDecode.
1074 *
1075 * When traversal is bounded because an array or map has been entered
1076 * (e.g., QCBORDecode_EnterMap()) and all items in the array or map
1077 * have been consumed, the position returned will be of the item
1078 * outside of the array or map. The array or map must be exited before
1079 * QCBORDecode_VGetNext() will decode it.
1080 *
1081 * In many cases the position returned will be in the middle of
1082 * an array or map. It will not be possible to start decoding at
1083 * that location with another instance of the decoder and go to
1084 * the end. It is not valid CBOR. If the input is a CBOR sequence
1085 * and the position is not in the moddle of an array or map
1086 * then it is possible to decode to the end.
1087 *
1088 * There is no corresponding seek method because it is too complicated
1089 * to restore the internal decoder state that tracks nesting.
1090 */
1091 static uint32_t
1092 QCBORDecode_Tell(QCBORDecodeContext *pCtx);
1093
1094
1095 /**
1096 * @brief Tell whether cursor is at end of the input.
1097 *
1098 * @param[in] pCtx The decoder context.
1099 *
1100 * @returns Error code possibly indicating end of input.
1101 *
1102 * This returns the same as QCBORDecode_GetError() except that @ref
1103 * QCBOR_ERR_NO_MORE_ITEMS is returned if the travseral cursor is at
1104 * the end of the CBOR input bytes (not the end of an entered array or
1105 * map).
1106 */
1107 QCBORError
1108 QCBORDecode_EndCheck(QCBORDecodeContext *pCtx);
1109
1110
1111 /**
1112 * @brief Returns the tag numbers for an item.
1113 *
1114 * @param[in] pCtx The decoder context.
1115 * @param[in] pItem The CBOR item to get the tag for.
1116 * @param[in] uIndex The index of the tag to get.
1117 *
1118 * @returns The nth tag number or CBOR_TAG_INVALID64.
1119 *
1120 * When QCBOR decodes an item that is a tag, it will fully decode tags
1121 * it is able to. Tags that it is unable to process are put in a list
1122 * in the QCBORItem.
1123 *
1124 * Tags nest. Here the tag with index 0 has the data item as its content. The
1125 * tag with index 1 has the tag at index 0 has its content and so forth.
1126 *
1127 * Deep tag nesting is rare so this implementation imposes a limit of
1128 * @ref QCBOR_MAX_TAGS_PER_ITEM on nesting and returns @ref
1129 * QCBOR_ERR_TOO_MANY_TAGS if there are more. This is a limit of this
1130 * implementation, not of CBOR. (To be able to handle deeper
1131 * nesting, the constant can be increased and the library
1132 * recompiled. It will use more memory).
1133 *
1134 * See also @ref CBORTags, @ref Tag-Usage and @ref Tags-Overview.
1135 *
1136 * To reduce memory used by a QCBORItem, tag numbers larger than
1137 * @c UINT16_MAX are mapped so the tag numbers in @c uTags should be
1138 * accessed with this function rather than directly.
1139 *
1140 * This returns @ref CBOR_TAG_INVALID64 if any error occurred when
1141 * getting the item. This is also returned if there are no tags on the
1142 * item or no tag at @c uIndex.
1143 */
1144 uint64_t
1145 QCBORDecode_GetNthTag(QCBORDecodeContext *pCtx, const QCBORItem *pItem, uint32_t uIndex);
1146
1147
1148 /**
1149 * @brief Returns the tag numbers for last-decoded item.
1150 *
1151 * @param[in] pCtx The decoder context.
1152 * @param[in] uIndex The index of the tag to get.
1153 *
1154 * @returns The nth tag number or CBOR_TAG_INVALID64.
1155 *
1156 * This returns tags of the most recently decoded item. See
1157 * QCBORDecode_GetNthTag(). This is particularly of use for spiffy
1158 * decode functions that don't return a @ref QCBORItem.
1159 *
1160 * This does not work for QCBORDecode_GetNext(),
1161 * QCBORDecode_PeekNext(), QCBORDecode_VPeekNext() or
1162 * QCBORDecode_VGetNextConsume() but these all return a
1163 * @ref QCBORItem, so it is not necessary.
1164 *
1165 * If a decoding error is set, then this returns CBOR_TAG_INVALID64.
1166 */
1167 uint64_t
1168 QCBORDecode_GetNthTagOfLast(const QCBORDecodeContext *pCtx, uint32_t uIndex);
1169
1170
1171 /**
1172 * @brief Check that a decode completed successfully.
1173 *
1174 * @param[in] pCtx The context to check.
1175 *
1176 * @returns The internal tracked decode error or @ref QCBOR_SUCCESS.
1177 *
1178 * Please see @ref Decode-Errors-Overview "Decode Errors Overview".
1179 *
1180 * This should always be called at the end of a decode to determine if
1181 * it completed successfully. For some protocols, checking the return
1182 * value here may be the only error check necessary.
1183 *
1184 * This returns the internal tracked error if the decoder is in the
1185 * error state, the same one returned by QCBORDecode_GetError(). This
1186 * performs final checks at the end of the decode, and may also return
1187 * @ref QCBOR_ERR_ARRAY_OR_MAP_STILL_OPEN
1188 * or @ref QCBOR_ERR_EXTRA_BYTES.
1189 *
1190 * This calls the destructor for the string allocator, if one is in
1191 * use. Because of this, It can't be called multiple times like
1192 * QCBORDecode_PartialFinish().
1193 *
1194 * Some CBOR protocols use a CBOR sequence defined in [RFC 8742]
1195 * (https://tools.ietf.org/html/rfc8742). A CBOR sequence typically
1196 * doesn't start out with a map or an array. The end of the CBOR is
1197 * determined in some other way, perhaps by external framing, or by
1198 * the occurrence of some particular CBOR data item or such. The
1199 * buffer given to decode must start out with valid CBOR, but it can
1200 * have extra bytes at the end that are not CBOR or CBOR that is to be
1201 * ignored.
1202 *
1203 * QCBORDecode_Finish() should still be called when decoding CBOR
1204 * sequences to check that the input decoded was well-formed. If the
1205 * input was well-formed and there are extra bytes at the end @ref
1206 * QCBOR_ERR_EXTRA_BYTES will be returned. This can be considered a
1207 * successful decode. See also QCBORDecode_PartialFinish().
1208 */
1209 QCBORError
1210 QCBORDecode_Finish(QCBORDecodeContext *pCtx);
1211
1212
1213 /**
1214 * @brief Return number of bytes consumed so far.
1215 *
1216 * @param[in] pCtx The context to check.
1217 * @param[out] puConsumed The number of bytes consumed so far.
1218 * May be @c NULL.
1219 *
1220 * @returns The same as QCBORDecode_Finish();
1221 *
1222 * This is primarily for partially decoding CBOR sequences. It is the
1223 * same as QCBORDecode_Finish() except it returns the number of bytes
1224 * consumed and doesn't call the destructor for the string allocator
1225 * (See @ref QCBORDecode_SetMemPool()).
1226 *
1227 * When this is called before all input bytes are consumed, @ref
1228 * QCBOR_ERR_EXTRA_BYTES will be returned as QCBORDecode_Finish()
1229 * does. For typical use of this, that particular error is disregarded.
1230 *
1231 * Decoding with the same @ref QCBORDecodeContext can continue after
1232 * calling this and this may be called many times.
1233 *
1234 * Another way to resume decoding is to call QCBORDecode_Init() with the
1235 * bytes not decoded, but this only works on CBOR sequences when the
1236 * decoding stopped with no open arrays, maps or byte strings.
1237 */
1238 QCBORError
1239 QCBORDecode_PartialFinish(QCBORDecodeContext *pCtx, size_t *puConsumed);
1240
1241
1242 /**
1243 * @brief Get the decoding error.
1244 *
1245 * @param[in] pCtx The decoder context.
1246 * @return The decoding error.
1247 *
1248 * Please see @ref Decode-Errors-Overview "Decode Errors Overview".
1249 *
1250 * The returns the tracked internal error code. All decoding functions
1251 * set the internal error except QCBORDecode_GetNext() and
1252 * QCBORDecode_PeekNext().
1253 *
1254 * For many protocols it is only necessary to check the return code
1255 * from QCBORDecode_Finish() at the end of all the decoding. It is
1256 * unnecessary to call this.
1257 *
1258 * For some protocols, the decoding sequence depends on the types,
1259 * values or labels of data items. If so, this must be called before
1260 * using decoded values to know the decode was a success and the
1261 * type, value and label is valid.
1262 *
1263 * Some errors, like integer conversion overflow, date string format
1264 * may not affect the flow of a protocol. The protocol decoder may
1265 * wish to proceed even if they occur. In that case
1266 * QCBORDecode_GetAndResetError() may be called after these data items
1267 * are fetched.
1268 */
1269 static QCBORError
1270 QCBORDecode_GetError(QCBORDecodeContext *pCtx);
1271
1272
1273 /**
1274 * @brief Get and reset the decoding error.
1275 *
1276 * @param[in] pCtx The decoder context.
1277 * @returns The decoding error.
1278 *
1279 * This returns the same as QCBORDecode_GetError() and also resets the
1280 * error state to @ref QCBOR_SUCCESS.
1281 */
1282 static QCBORError
1283 QCBORDecode_GetAndResetError(QCBORDecodeContext *pCtx);
1284
1285
1286 /**
1287 * @brief Whether an error indicates non-well-formed CBOR.
1288 *
1289 * @param[in] uErr The QCBOR error code.
1290 * @return @c true if the error code indicates non-well-formed CBOR.
1291 */
1292 static bool
1293 QCBORDecode_IsNotWellFormedError(QCBORError uErr);
1294
1295
1296 /**
1297 * @brief Whether a decoding error is recoverable.
1298 *
1299 * @param[in] uErr The QCBOR error code.
1300 * @return @c true if the error code indicates and uncrecoverable error.
1301 *
1302 * When an error is unrecoverable, no further decoding of the input is
1303 * possible. CBOR is a compact format with almost no redundancy so
1304 * errors like incorrect lengths or array counts are
1305 * unrecoverable. Unrecoverable errors also occur when implementation
1306 * limits such as the limit on array and map nesting are encountered.
1307 * When the built-in decoding of a tag like an epoch date encounters
1308 * an error such as a data item of an unexpected type, this is also an
1309 * unrecoverable error because the internal decoding doesn't try to
1310 * decode everything in the tag.
1311 *
1312 * The unrecoverable errors are a range of the errors in
1313 * @ref QCBORError.
1314 */
1315 static bool
1316 QCBORDecode_IsUnrecoverableError(QCBORError uErr);
1317
1318
1319 /**
1320 * @brief Manually set error condition, or set user-defined error.
1321 *
1322 * @param[in] pCtx The decoder context.
1323 * @param[in] uError The error code to set.
1324 *
1325 * Once set, none of the QCBORDecode methods will do anything and the
1326 * error code set will stay until cleared with
1327 * QCBORDecode_GetAndResetError(). A user-defined error can be set
1328 * deep in some decoding layers to short-circuit further decoding
1329 * and propagate up.
1330 *
1331 * When the error condition is set, QCBORDecode_VGetNext() will always
1332 * return an item with data and label type as \ref QCBOR_TYPE_NONE.
1333 *
1334 * The main intent of this is to set a user-defined error code in the
1335 * range of \ref QCBOR_ERR_FIRST_USER_DEFINED to
1336 * \ref QCBOR_ERR_LAST_USER_DEFINED, but it is OK to set QCBOR-defined
1337 * error codes too.
1338 */
1339 static void
1340 QCBORDecode_SetError(QCBORDecodeContext *pCtx, QCBORError uError);
1341
1342
1343
1344
1345 /**
1346 * @brief Convert int64_t to smaller integers safely.
1347 *
1348 * @param [in] src An @c int64_t.
1349 * @param [out] dest A smaller sized integer to convert to.
1350 *
1351 * @return 0 on success -1 if not
1352 *
1353 * When decoding an integer, the CBOR decoder will return the value as
1354 * an int64_t unless the integer is in the range of @c INT64_MAX and
1355 * @c UINT64_MAX. That is, unless the value is so large that it can only be
1356 * represented as a @c uint64_t, it will be an @c int64_t.
1357 *
1358 * CBOR itself doesn't size the individual integers it carries at
1359 * all. The only limits it puts on the major integer types is that they
1360 * are 8 bytes or less in length. Then encoders like this one use the
1361 * smallest number of 1, 2, 4 or 8 bytes to represent the integer based
1362 * on its value. There is thus no notion that one data item in CBOR is
1363 * a 1-byte integer and another is a 4-byte integer.
1364 *
1365 * The interface to this CBOR encoder only uses 64-bit integers. Some
1366 * CBOR protocols or implementations of CBOR protocols may not want to
1367 * work with something smaller than a 64-bit integer. Perhaps an array
1368 * of 1,000 integers needs to be sent and none has a value larger than
1369 * 50,000 and are represented as @c uint16_t.
1370 *
1371 * The sending / encoding side is easy. Integers are temporarily widened
1372 * to 64-bits as a parameter passing through QCBOREncode_AddInt64() and
1373 * encoded in the smallest way possible for their value, possibly in
1374 * less than an @c uint16_t.
1375 *
1376 * On the decoding side the integers will be returned at @c int64_t even if
1377 * they are small and were represented by only 1 or 2 bytes in the
1378 * encoded CBOR. The functions here will convert integers to a small
1379 * representation with an overflow check.
1380 *
1381 * (The decoder could have support 8 different integer types and
1382 * represented the integer with the smallest type automatically, but
1383 * this would have made the decoder more complex and code calling the
1384 * decoder more complex in most use cases. In most use cases on 64-bit
1385 * machines it is no burden to carry around even small integers as
1386 * 64-bit values).
1387 */
1388 static inline int
QCBOR_Int64ToInt32(int64_t src,int32_t * dest)1389 QCBOR_Int64ToInt32(int64_t src, int32_t *dest)
1390 {
1391 if(src > INT32_MAX || src < INT32_MIN) {
1392 return -1;
1393 } else {
1394 *dest = (int32_t) src;
1395 }
1396 return 0;
1397 }
1398
1399 static inline int
QCBOR_Int64ToInt16(int64_t src,int16_t * dest)1400 QCBOR_Int64ToInt16(int64_t src, int16_t *dest)
1401 {
1402 if(src > INT16_MAX || src < INT16_MIN) {
1403 return -1;
1404 } else {
1405 *dest = (int16_t) src;
1406 }
1407 return 0;
1408 }
1409
1410 static inline int
QCBOR_Int64ToInt8(int64_t src,int8_t * dest)1411 QCBOR_Int64ToInt8(int64_t src, int8_t *dest)
1412 {
1413 if(src > INT8_MAX || src < INT8_MIN) {
1414 return -1;
1415 } else {
1416 *dest = (int8_t) src;
1417 }
1418 return 0;
1419 }
1420
1421 static inline int
QCBOR_Int64ToUInt32(int64_t src,uint32_t * dest)1422 QCBOR_Int64ToUInt32(int64_t src, uint32_t *dest)
1423 {
1424 if(src > UINT32_MAX || src < 0) {
1425 return -1;
1426 } else {
1427 *dest = (uint32_t) src;
1428 }
1429 return 0;
1430 }
1431
1432 /**
1433 * https://github.com/laurencelundblade/QCBOR/pull/243
1434 * For backwards compatibility
1435 */
1436 #define QCBOR_Int64UToInt16 QCBOR_Int64ToUInt16
1437
1438 static inline int
QCBOR_Int64ToUInt16(int64_t src,uint16_t * dest)1439 QCBOR_Int64ToUInt16(int64_t src, uint16_t *dest)
1440 {
1441 if(src > UINT16_MAX || src < 0) {
1442 return -1;
1443 } else {
1444 *dest = (uint16_t) src;
1445 }
1446 return 0;
1447 }
1448
1449 static inline int
QCBOR_Int64ToUInt8(int64_t src,uint8_t * dest)1450 QCBOR_Int64ToUInt8(int64_t src, uint8_t *dest)
1451 {
1452 if(src > UINT8_MAX || src < 0) {
1453 return -1;
1454 } else {
1455 *dest = (uint8_t) src;
1456 }
1457 return 0;
1458 }
1459
1460 static inline int
QCBOR_Int64ToUInt64(int64_t src,uint64_t * dest)1461 QCBOR_Int64ToUInt64(int64_t src, uint64_t *dest)
1462 {
1463 if(src < 0) {
1464 return -1;
1465 } else {
1466 *dest = (uint64_t) src;
1467 }
1468 return 0;
1469 }
1470
1471
1472
1473
1474 /* ------------------------------------------------------------------------
1475 * Deprecated functions retained for backwards compatibility. Their use is
1476 * not recommended.
1477 * ---- */
1478
1479
1480 /**
1481 * Deprecated -- Tag handling has been revised and this is no longer
1482 * used. See QCBORDecode_GetNthTag() for new tag handling.
1483 */
1484 typedef struct {
1485 uint8_t uNumTags;
1486 const uint64_t *puTags;
1487 } QCBORTagListIn;
1488
1489
1490 /**
1491 * Deprecated -- this is retained only for backwards compatibility.
1492 * Use QCBORDecode_GetNthTag() instead.
1493 *
1494 * This is for QCBORDecode_GetNextWithTags() to be able to return the
1495 * full list of tags on an item.
1496 *
1497 * On input, @c puTags points to a buffer to be filled in and
1498 * uNumAllocated is the number of @c uint64_t values in the buffer.
1499 *
1500 * On output the buffer contains the tags for the item. @c uNumUsed
1501 * tells how many there are.
1502 */
1503 typedef struct {
1504 uint8_t uNumUsed;
1505 uint8_t uNumAllocated;
1506 uint64_t *puTags;
1507 } QCBORTagListOut;
1508
1509
1510 /**
1511 * @brief Deprecated -- Configure list of caller-selected tags to be recognized.
1512 *
1513 * @param[in] pCtx The decode context.
1514 * @param[out] pTagList Structure holding the list of tags to configure.
1515 *
1516 * Tag handling has been revised and it is no longer ncessary to use
1517 * this. See QCBORDecode_GetNthTag().
1518 */
1519 void
1520 QCBORDecode_SetCallerConfiguredTagList(QCBORDecodeContext *pCtx,
1521 const QCBORTagListIn *pTagList);
1522
1523
1524 /**
1525 * @brief Deprecated -- Determine if a CBOR item is a particular tag.
1526 *
1527 * @param[in] pCtx The decoder context.
1528 * @param[in] pItem The CBOR item to check.
1529 * @param[in] uTag The tag to check, one of @c CBOR_TAG_XXX,
1530 * for example, @ref CBOR_TAG_DATE_STRING.
1531 *
1532 * @return true if it was tagged, false if not.
1533 *
1534 * See QCBORDecode_GetNext() for the main description of tag
1535 * handling. For tags that are not fully decoded a bit corresponding
1536 * to the tag is set in in @c uTagBits in the @ref QCBORItem. The
1537 * particular bit depends on an internal mapping table. This function
1538 * checks for set bits against the mapping table.
1539 *
1540 * Typically, a protocol implementation just wants to know if a
1541 * particular tag is present. That is what this provides. To get the
1542 * full list of tags on a data item, see
1543 * QCBORDecode_GetNextWithTags().
1544 *
1545 * Also see QCBORDecode_SetCallerConfiguredTagList() for the means to
1546 * add new tags to the internal list so they can be checked for with
1547 * this function.
1548 */
1549 bool
1550 QCBORDecode_IsTagged(QCBORDecodeContext *pCtx,
1551 const QCBORItem *pItem,
1552 uint64_t uTag);
1553
1554
1555 /**
1556 * @brief Deprecated -- Gets the next item including full list of tags for item.
1557 *
1558 * @param[in] pCtx The decoder context.
1559 * @param[out] pDecodedItem Holds the CBOR item just decoded.
1560 * @param[in,out] pTagList On input array to put tags in; on output
1561 * the tags on this item. See
1562 * @ref QCBORTagListOut.
1563 *
1564 * @return See return values for QCBORDecode_GetNext().
1565 *
1566 * @retval QCBOR_ERR_TOO_MANY_TAGS The size of @c pTagList is too small.
1567 *
1568 * This is retained for backwards compatibility. It is replaced by
1569 * QCBORDecode_GetNthTag() which also returns all the tags that have
1570 * been decoded.
1571 *
1572 * This is not backwards compatibile in two ways. First, it is limited
1573 * to @ref QCBOR_MAX_TAGS_PER_ITEM items whereas previously it was
1574 * unlimited. Second, it will not inlucde the tags that QCBOR decodes
1575 * internally.
1576 *
1577 * This works the same as QCBORDecode_GetNext() except that it also
1578 * returns the list of tags for the data item in \c pTagList.
1579 *
1580 * The 0th tag returned here is the one furthest from the data
1581 * item. This is opposite the order for QCBORDecode_GetNthTag().
1582 *
1583 * CBOR has no upper bound or limit on the number of tags that can be
1584 * associated with a data item but in practice the number of tags on
1585 * an item will usually be small. This will return @ref
1586 * QCBOR_ERR_TOO_MANY_TAGS if the array in @c pTagList is too small to
1587 * hold all the tags for the item.
1588 */
1589 QCBORError
1590 QCBORDecode_GetNextWithTags(QCBORDecodeContext *pCtx,
1591 QCBORItem *pDecodedItem,
1592 QCBORTagListOut *pTagList);
1593
1594
1595
1596
1597 /* ------------------------------------------------------------------------
1598 * Inline implementations of public functions defined above.
1599 * ---- */
1600
1601 static inline uint32_t
QCBORDecode_Tell(QCBORDecodeContext * pMe)1602 QCBORDecode_Tell(QCBORDecodeContext *pMe)
1603 {
1604 if(pMe->uLastError) {
1605 return UINT32_MAX;
1606 }
1607
1608 /* Cast is safe because decoder input size is restricted. */
1609 return (uint32_t)UsefulInputBuf_Tell(&(pMe->InBuf));
1610 }
1611
1612 static inline QCBORError
QCBORDecode_GetError(QCBORDecodeContext * pMe)1613 QCBORDecode_GetError(QCBORDecodeContext *pMe)
1614 {
1615 return (QCBORError)pMe->uLastError;
1616 }
1617
1618 static inline QCBORError
QCBORDecode_GetAndResetError(QCBORDecodeContext * pMe)1619 QCBORDecode_GetAndResetError(QCBORDecodeContext *pMe)
1620 {
1621 const QCBORError uReturn = (QCBORError)pMe->uLastError;
1622 pMe->uLastError = QCBOR_SUCCESS;
1623 return uReturn;
1624 }
1625
1626 static inline bool
QCBORDecode_IsNotWellFormedError(const QCBORError uErr)1627 QCBORDecode_IsNotWellFormedError(const QCBORError uErr)
1628 {
1629 if(uErr >= QCBOR_START_OF_NOT_WELL_FORMED_ERRORS &&
1630 uErr <= QCBOR_END_OF_NOT_WELL_FORMED_ERRORS) {
1631 return true;
1632 } else {
1633 return false;
1634 }
1635 }
1636
1637 static inline bool
QCBORDecode_IsUnrecoverableError(const QCBORError uErr)1638 QCBORDecode_IsUnrecoverableError(const QCBORError uErr)
1639 {
1640 if(uErr >= QCBOR_START_OF_UNRECOVERABLE_DECODE_ERRORS &&
1641 uErr <= QCBOR_END_OF_UNRECOVERABLE_DECODE_ERRORS) {
1642 return true;
1643 } else {
1644 return false;
1645 }
1646 }
1647
1648
1649 static inline void
QCBORDecode_SetError(QCBORDecodeContext * pMe,QCBORError uError)1650 QCBORDecode_SetError(QCBORDecodeContext *pMe, QCBORError uError)
1651 {
1652 pMe->uLastError = (uint8_t)uError;
1653 }
1654
1655
1656 /* A few cross checks on size constants and special value lengths */
1657 #if QCBOR_MAP_OFFSET_CACHE_INVALID < QCBOR_MAX_DECODE_INPUT_SIZE
1658 #error QCBOR_MAP_OFFSET_CACHE_INVALID is too large
1659 #endif
1660
1661 #if QCBOR_NON_BOUNDED_OFFSET < QCBOR_MAX_DECODE_INPUT_SIZE
1662 #error QCBOR_NON_BOUNDED_OFFSET is too large
1663 #endif
1664
1665 #ifdef __cplusplus
1666 }
1667 #endif
1668
1669 #endif /* qcbor_decode_h */
1670