• file
• revisions
• annotate
• diff
• comparison
• raw

security/nss/lib/util/derenc.c@6474c204b198 (annotated)

security/nss/lib/util/derenc.c

Wed, 31 Dec 2014 06:09:35 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Wed, 31 Dec 2014 06:09:35 +0100

changeset 0

6474c204b198

permissions

-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0	1	/* This Source Code Form is subject to the terms of the Mozilla Public
michael@0	2	* License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0	3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0	4
michael@0	5	#include "secder.h"
michael@0	6	#include "secerr.h"
michael@0	7
michael@0	8	#if 0
michael@0	9	/*
michael@0	10	* Generic templates for individual/simple items.
michael@0	11	*/
michael@0	12
michael@0	13	DERTemplate SECAnyTemplate[] = {
michael@0	14	{ DER_ANY,
michael@0	15	0, NULL, sizeof(SECItem) }
michael@0	16	};
michael@0	17
michael@0	18	DERTemplate SECBitStringTemplate[] = {
michael@0	19	{ DER_BIT_STRING,
michael@0	20	0, NULL, sizeof(SECItem) }
michael@0	21	};
michael@0	22
michael@0	23	DERTemplate SECBooleanTemplate[] = {
michael@0	24	{ DER_BOOLEAN,
michael@0	25	0, NULL, sizeof(SECItem) }
michael@0	26	};
michael@0	27
michael@0	28	DERTemplate SECIA5StringTemplate[] = {
michael@0	29	{ DER_IA5_STRING,
michael@0	30	0, NULL, sizeof(SECItem) }
michael@0	31	};
michael@0	32
michael@0	33	DERTemplate SECIntegerTemplate[] = {
michael@0	34	{ DER_INTEGER,
michael@0	35	0, NULL, sizeof(SECItem) }
michael@0	36	};
michael@0	37
michael@0	38	DERTemplate SECNullTemplate[] = {
michael@0	39	{ DER_NULL,
michael@0	40	0, NULL, sizeof(SECItem) }
michael@0	41	};
michael@0	42
michael@0	43	DERTemplate SECObjectIDTemplate[] = {
michael@0	44	{ DER_OBJECT_ID,
michael@0	45	0, NULL, sizeof(SECItem) }
michael@0	46	};
michael@0	47
michael@0	48	DERTemplate SECOctetStringTemplate[] = {
michael@0	49	{ DER_OCTET_STRING,
michael@0	50	0, NULL, sizeof(SECItem) }
michael@0	51	};
michael@0	52
michael@0	53	DERTemplate SECPrintableStringTemplate[] = {
michael@0	54	{ DER_PRINTABLE_STRING,
michael@0	55	0, NULL, sizeof(SECItem) }
michael@0	56	};
michael@0	57
michael@0	58	DERTemplate SECT61StringTemplate[] = {
michael@0	59	{ DER_T61_STRING,
michael@0	60	0, NULL, sizeof(SECItem) }
michael@0	61	};
michael@0	62
michael@0	63	DERTemplate SECUTCTimeTemplate[] = {
michael@0	64	{ DER_UTC_TIME,
michael@0	65	0, NULL, sizeof(SECItem) }
michael@0	66	};
michael@0	67
michael@0	68	#endif
michael@0	69
michael@0	70	static int
michael@0	71	header_length(DERTemplate *dtemplate, PRUint32 contents_len)
michael@0	72	{
michael@0	73	PRUint32 len;
michael@0	74	unsigned long encode_kind, under_kind;
michael@0	75	PRBool explicit, optional, universal;
michael@0	76
michael@0	77	encode_kind = dtemplate->kind;
michael@0	78
michael@0	79	explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE;
michael@0	80	optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE;
michael@0	81	universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL)
michael@0	82	? PR_TRUE : PR_FALSE;
michael@0	83
michael@0	84	PORT_Assert (!(explicit && universal)); /* bad templates */
michael@0	85
michael@0	86	if (encode_kind & DER_POINTER) {
michael@0	87	if (dtemplate->sub != NULL) {
michael@0	88	under_kind = dtemplate->sub->kind;
michael@0	89	if (universal) {
michael@0	90	encode_kind = under_kind;
michael@0	91	}
michael@0	92	} else if (universal) {
michael@0	93	under_kind = encode_kind & ~DER_POINTER;
michael@0	94	} else {
michael@0	95	under_kind = dtemplate->arg;
michael@0	96	}
michael@0	97	} else if (encode_kind & DER_INLINE) {
michael@0	98	PORT_Assert (dtemplate->sub != NULL);
michael@0	99	under_kind = dtemplate->sub->kind;
michael@0	100	if (universal) {
michael@0	101	encode_kind = under_kind;
michael@0	102	}
michael@0	103	} else if (universal) {
michael@0	104	under_kind = encode_kind;
michael@0	105	} else {
michael@0	106	under_kind = dtemplate->arg;
michael@0	107	}
michael@0	108
michael@0	109	/* This is only used in decoding; it plays no part in encoding. */
michael@0	110	if (under_kind & DER_DERPTR)
michael@0	111	return 0;
michael@0	112
michael@0	113	/* No header at all for an "empty" optional. */
michael@0	114	if ((contents_len == 0) && optional)
michael@0	115	return 0;
michael@0	116
michael@0	117	/* And no header for a full DER_ANY. */
michael@0	118	if (encode_kind & DER_ANY)
michael@0	119	return 0;
michael@0	120
michael@0	121	/*
michael@0	122	* The common case: one octet for identifier and as many octets
michael@0	123	* as necessary to hold the content length.
michael@0	124	*/
michael@0	125	len = 1 + DER_LengthLength(contents_len);
michael@0	126
michael@0	127	/* Account for the explicit wrapper, if necessary. */
michael@0	128	if (explicit) {
michael@0	129	#if 0 /*
michael@0	130	* Well, I was trying to do something useful, but these
michael@0	131	* assertions are too restrictive on valid templates.
michael@0	132	* I wanted to make sure that the top-level "kind" of
michael@0	133	* a template does not also specify DER_EXPLICIT, which
michael@0	134	* should only modify a component field. Maybe later
michael@0	135	* I can figure out a better way to detect such a problem,
michael@0	136	* but for now I must remove these checks altogether.
michael@0	137	*/
michael@0	138	/*
michael@0	139	* This modifier applies only to components of a set or sequence;
michael@0	140	* it should never be used on a set/sequence itself -- confirm.
michael@0	141	*/
michael@0	142	PORT_Assert (under_kind != DER_SEQUENCE);
michael@0	143	PORT_Assert (under_kind != DER_SET);
michael@0	144	#endif
michael@0	145
michael@0	146	len += 1 + DER_LengthLength(len + contents_len);
michael@0	147	}
michael@0	148
michael@0	149	return len;
michael@0	150	}
michael@0	151
michael@0	152
michael@0	153	static PRUint32
michael@0	154	contents_length(DERTemplate *dtemplate, void *src)
michael@0	155	{
michael@0	156	PRUint32 len;
michael@0	157	unsigned long encode_kind, under_kind;
michael@0	158	PRBool universal;
michael@0	159
michael@0	160
michael@0	161	PORT_Assert (src != NULL);
michael@0	162
michael@0	163	encode_kind = dtemplate->kind;
michael@0	164
michael@0	165	universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL)
michael@0	166	? PR_TRUE : PR_FALSE;
michael@0	167	encode_kind &= ~DER_OPTIONAL;
michael@0	168
michael@0	169	if (encode_kind & DER_POINTER) {
michael@0	170	src = *(void **)src;
michael@0	171	if (src == NULL) {
michael@0	172	return 0;
michael@0	173	}
michael@0	174	if (dtemplate->sub != NULL) {
michael@0	175	dtemplate = dtemplate->sub;
michael@0	176	under_kind = dtemplate->kind;
michael@0	177	src = (void *)((char *)src + dtemplate->offset);
michael@0	178	} else if (universal) {
michael@0	179	under_kind = encode_kind & ~DER_POINTER;
michael@0	180	} else {
michael@0	181	under_kind = dtemplate->arg;
michael@0	182	}
michael@0	183	} else if (encode_kind & DER_INLINE) {
michael@0	184	PORT_Assert (dtemplate->sub != NULL);
michael@0	185	dtemplate = dtemplate->sub;
michael@0	186	under_kind = dtemplate->kind;
michael@0	187	src = (void *)((char *)src + dtemplate->offset);
michael@0	188	} else if (universal) {
michael@0	189	under_kind = encode_kind;
michael@0	190	} else {
michael@0	191	under_kind = dtemplate->arg;
michael@0	192	}
michael@0	193
michael@0	194	/* Having any of these bits is not expected here... */
michael@0	195	PORT_Assert ((under_kind & (DER_EXPLICIT | DER_INLINE | DER_OPTIONAL
michael@0	196	| DER_POINTER | DER_SKIP)) == 0);
michael@0	197
michael@0	198	/* This is only used in decoding; it plays no part in encoding. */
michael@0	199	if (under_kind & DER_DERPTR)
michael@0	200	return 0;
michael@0	201
michael@0	202	if (under_kind & DER_INDEFINITE) {
michael@0	203	PRUint32 sub_len;
michael@0	204	void **indp = *(void ***)src;
michael@0	205
michael@0	206	if (indp == NULL)
michael@0	207	return 0;
michael@0	208
michael@0	209	len = 0;
michael@0	210	under_kind &= ~DER_INDEFINITE;
michael@0	211
michael@0	212	if (under_kind == DER_SET || under_kind == DER_SEQUENCE) {
michael@0	213	DERTemplate *tmpt = dtemplate->sub;
michael@0	214	PORT_Assert (tmpt != NULL);
michael@0	215
michael@0	216	for (; *indp != NULL; indp++) {
michael@0	217	void *sub_src = (void *)((char *)(*indp) + tmpt->offset);
michael@0	218	sub_len = contents_length (tmpt, sub_src);
michael@0	219	len += sub_len + header_length (tmpt, sub_len);
michael@0	220	}
michael@0	221	} else {
michael@0	222	/*
michael@0	223	* XXX Lisa is not sure this code (for handling, for example,
michael@0	224	* DER_INDEFINITE | DER_OCTET_STRING) is right.
michael@0	225	*/
michael@0	226	for (; *indp != NULL; indp++) {
michael@0	227	SECItem *item = (SECItem *)(*indp);
michael@0	228	sub_len = item->len;
michael@0	229	if (under_kind == DER_BIT_STRING) {
michael@0	230	sub_len = (sub_len + 7) >> 3;
michael@0	231	/* bit string contents involve an extra octet */
michael@0	232	if (sub_len)
michael@0	233	sub_len++;
michael@0	234	}
michael@0	235	if (under_kind != DER_ANY)
michael@0	236	len += 1 + DER_LengthLength (sub_len);
michael@0	237	}
michael@0	238	}
michael@0	239
michael@0	240	return len;
michael@0	241	}
michael@0	242
michael@0	243	switch (under_kind) {
michael@0	244	case DER_SEQUENCE:
michael@0	245	case DER_SET:
michael@0	246	{
michael@0	247	DERTemplate *tmpt;
michael@0	248	void *sub_src;
michael@0	249	PRUint32 sub_len;
michael@0	250
michael@0	251	len = 0;
michael@0	252	for (tmpt = dtemplate + 1; tmpt->kind; tmpt++) {
michael@0	253	sub_src = (void *)((char *)src + tmpt->offset);
michael@0	254	sub_len = contents_length (tmpt, sub_src);
michael@0	255	len += sub_len + header_length (tmpt, sub_len);
michael@0	256	}
michael@0	257	}
michael@0	258	break;
michael@0	259
michael@0	260	case DER_BIT_STRING:
michael@0	261	len = (((SECItem *)src)->len + 7) >> 3;
michael@0	262	/* bit string contents involve an extra octet */
michael@0	263	if (len)
michael@0	264	len++;
michael@0	265	break;
michael@0	266
michael@0	267	default:
michael@0	268	len = ((SECItem *)src)->len;
michael@0	269	break;
michael@0	270	}
michael@0	271
michael@0	272	return len;
michael@0	273	}
michael@0	274
michael@0	275
michael@0	276	static unsigned char *
michael@0	277	der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src)
michael@0	278	{
michael@0	279	int header_len;
michael@0	280	PRUint32 contents_len;
michael@0	281	unsigned long encode_kind, under_kind;
michael@0	282	PRBool explicit, optional, universal;
michael@0	283
michael@0	284
michael@0	285	/*
michael@0	286	* First figure out how long the encoding will be. Do this by
michael@0	287	* traversing the template from top to bottom and accumulating
michael@0	288	* the length of each leaf item.
michael@0	289	*/
michael@0	290	contents_len = contents_length (dtemplate, src);
michael@0	291	header_len = header_length (dtemplate, contents_len);
michael@0	292
michael@0	293	/*
michael@0	294	* Enough smarts was involved already, so that if both the
michael@0	295	* header and the contents have a length of zero, then we
michael@0	296	* are not doing any encoding for this element.
michael@0	297	*/
michael@0	298	if (header_len == 0 && contents_len == 0)
michael@0	299	return buf;
michael@0	300
michael@0	301	encode_kind = dtemplate->kind;
michael@0	302
michael@0	303	explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE;
michael@0	304	optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE;
michael@0	305	encode_kind &= ~DER_OPTIONAL;
michael@0	306	universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL)
michael@0	307	? PR_TRUE : PR_FALSE;
michael@0	308
michael@0	309	if (encode_kind & DER_POINTER) {
michael@0	310	if (contents_len) {
michael@0	311	src = *(void **)src;
michael@0	312	PORT_Assert (src != NULL);
michael@0	313	}
michael@0	314	if (dtemplate->sub != NULL) {
michael@0	315	dtemplate = dtemplate->sub;
michael@0	316	under_kind = dtemplate->kind;
michael@0	317	if (universal) {
michael@0	318	encode_kind = under_kind;
michael@0	319	}
michael@0	320	src = (void *)((char *)src + dtemplate->offset);
michael@0	321	} else if (universal) {
michael@0	322	under_kind = encode_kind & ~DER_POINTER;
michael@0	323	} else {
michael@0	324	under_kind = dtemplate->arg;
michael@0	325	}
michael@0	326	} else if (encode_kind & DER_INLINE) {
michael@0	327	dtemplate = dtemplate->sub;
michael@0	328	under_kind = dtemplate->kind;
michael@0	329	if (universal) {
michael@0	330	encode_kind = under_kind;
michael@0	331	}
michael@0	332	src = (void *)((char *)src + dtemplate->offset);
michael@0	333	} else if (universal) {
michael@0	334	under_kind = encode_kind;
michael@0	335	} else {
michael@0	336	under_kind = dtemplate->arg;
michael@0	337	}
michael@0	338
michael@0	339	if (explicit) {
michael@0	340	buf = DER_StoreHeader (buf, encode_kind,
michael@0	341	(1 + DER_LengthLength(contents_len)
michael@0	342	+ contents_len));
michael@0	343	encode_kind = under_kind;
michael@0	344	}
michael@0	345
michael@0	346	if ((encode_kind & DER_ANY) == 0) { /* DER_ANY already contains header */
michael@0	347	buf = DER_StoreHeader (buf, encode_kind, contents_len);
michael@0	348	}
michael@0	349
michael@0	350	/* If no real contents to encode, then we are done. */
michael@0	351	if (contents_len == 0)
michael@0	352	return buf;
michael@0	353
michael@0	354	if (under_kind & DER_INDEFINITE) {
michael@0	355	void **indp;
michael@0	356
michael@0	357	indp = *(void ***)src;
michael@0	358	PORT_Assert (indp != NULL);
michael@0	359
michael@0	360	under_kind &= ~DER_INDEFINITE;
michael@0	361	if (under_kind == DER_SET || under_kind == DER_SEQUENCE) {
michael@0	362	DERTemplate *tmpt = dtemplate->sub;
michael@0	363	PORT_Assert (tmpt != NULL);
michael@0	364	for (; *indp != NULL; indp++) {
michael@0	365	void *sub_src = (void *)((char *)(*indp) + tmpt->offset);
michael@0	366	buf = der_encode (buf, tmpt, sub_src);
michael@0	367	}
michael@0	368	} else {
michael@0	369	for (; *indp != NULL; indp++) {
michael@0	370	SECItem *item;
michael@0	371	int sub_len;
michael@0	372
michael@0	373	item = (SECItem *)(*indp);
michael@0	374	sub_len = item->len;
michael@0	375	if (under_kind == DER_BIT_STRING) {
michael@0	376	if (sub_len) {
michael@0	377	int rem;
michael@0	378
michael@0	379	sub_len = (sub_len + 7) >> 3;
michael@0	380	buf = DER_StoreHeader (buf, under_kind, sub_len + 1);
michael@0	381	rem = (sub_len << 3) - item->len;
michael@0	382	*buf++ = rem; /* remaining bits */
michael@0	383	} else {
michael@0	384	buf = DER_StoreHeader (buf, under_kind, 0);
michael@0	385	}
michael@0	386	} else if (under_kind != DER_ANY) {
michael@0	387	buf = DER_StoreHeader (buf, under_kind, sub_len);
michael@0	388	}
michael@0	389	PORT_Memcpy (buf, item->data, sub_len);
michael@0	390	buf += sub_len;
michael@0	391	}
michael@0	392	}
michael@0	393	return buf;
michael@0	394	}
michael@0	395
michael@0	396	switch (under_kind) {
michael@0	397	case DER_SEQUENCE:
michael@0	398	case DER_SET:
michael@0	399	{
michael@0	400	DERTemplate *tmpt;
michael@0	401	void *sub_src;
michael@0	402
michael@0	403	for (tmpt = dtemplate + 1; tmpt->kind; tmpt++) {
michael@0	404	sub_src = (void *)((char *)src + tmpt->offset);
michael@0	405	buf = der_encode (buf, tmpt, sub_src);
michael@0	406	}
michael@0	407	}
michael@0	408	break;
michael@0	409
michael@0	410	case DER_BIT_STRING:
michael@0	411	{
michael@0	412	SECItem *item;
michael@0	413	int rem;
michael@0	414
michael@0	415	/*
michael@0	416	* The contents length includes our extra octet; subtract
michael@0	417	* it off so we just have the real string length there.
michael@0	418	*/
michael@0	419	contents_len--;
michael@0	420	item = (SECItem *)src;
michael@0	421	PORT_Assert (contents_len == ((item->len + 7) >> 3));
michael@0	422	rem = (contents_len << 3) - item->len;
michael@0	423	*buf++ = rem; /* remaining bits */
michael@0	424	PORT_Memcpy (buf, item->data, contents_len);
michael@0	425	buf += contents_len;
michael@0	426	}
michael@0	427	break;
michael@0	428
michael@0	429	default:
michael@0	430	{
michael@0	431	SECItem *item;
michael@0	432
michael@0	433	item = (SECItem *)src;
michael@0	434	PORT_Assert (contents_len == item->len);
michael@0	435	PORT_Memcpy (buf, item->data, contents_len);
michael@0	436	buf += contents_len;
michael@0	437	}
michael@0	438	break;
michael@0	439	}
michael@0	440
michael@0	441	return buf;
michael@0	442	}
michael@0	443
michael@0	444
michael@0	445	SECStatus
michael@0	446	DER_Encode(PLArenaPool *arena, SECItem *dest, DERTemplate *dtemplate, void *src)
michael@0	447	{
michael@0	448	unsigned int contents_len, header_len;
michael@0	449
michael@0	450	src = (void **)((char *)src + dtemplate->offset);
michael@0	451
michael@0	452	/*
michael@0	453	* First figure out how long the encoding will be. Do this by
michael@0	454	* traversing the template from top to bottom and accumulating
michael@0	455	* the length of each leaf item.
michael@0	456	*/
michael@0	457	contents_len = contents_length (dtemplate, src);
michael@0	458	header_len = header_length (dtemplate, contents_len);
michael@0	459
michael@0	460	dest->len = contents_len + header_len;
michael@0	461
michael@0	462	/* Allocate storage to hold the encoding */
michael@0	463	dest->data = (unsigned char*) PORT_ArenaAlloc(arena, dest->len);
michael@0	464	if (dest->data == NULL) {
michael@0	465	PORT_SetError(SEC_ERROR_NO_MEMORY);
michael@0	466	return SECFailure;
michael@0	467	}
michael@0	468
michael@0	469	/* Now encode into the buffer */
michael@0	470	(void) der_encode (dest->data, dtemplate, src);
michael@0	471
michael@0	472	return SECSuccess;
michael@0	473	}