Mercurial > trustbridge > nss-cmake-static
diff nss/lib/util/secasn1e.c @ 0:1e5118fa0cb1
This is NSS with a Cmake Buildsyste
To compile a static NSS library for Windows we've used the
Chromium-NSS fork and added a Cmake buildsystem to compile
it statically for Windows. See README.chromium for chromium
changes and README.trustbridge for our modifications.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Mon, 28 Jul 2014 10:47:06 +0200 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/nss/lib/util/secasn1e.c Mon Jul 28 10:47:06 2014 +0200 @@ -0,0 +1,1613 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Support for ENcoding ASN.1 data based on BER/DER (Basic/Distinguished + * Encoding Rules). + */ + +#include "secasn1.h" + +typedef enum { + beforeHeader, + duringContents, + duringGroup, + duringSequence, + afterContents, + afterImplicit, + afterInline, + afterPointer, + afterChoice, + notInUse +} sec_asn1e_parse_place; + +typedef enum { + allDone, + encodeError, + keepGoing, + needBytes +} sec_asn1e_parse_status; + +typedef enum { + hdr_normal = 0, /* encode header normally */ + hdr_any = 1, /* header already encoded in content */ + hdr_decoder = 2, /* template only used by decoder. skip it. */ + hdr_optional = 3, /* optional component, to be omitted */ + hdr_placeholder = 4 /* place holder for from_buf content */ +} sec_asn1e_hdr_encoding; + +typedef struct sec_asn1e_state_struct { + SEC_ASN1EncoderContext *top; + const SEC_ASN1Template *theTemplate; + void *src; + + struct sec_asn1e_state_struct *parent; /* aka prev */ + struct sec_asn1e_state_struct *child; /* aka next */ + + sec_asn1e_parse_place place; /* where we are in encoding process */ + + /* + * XXX explain the next fields as clearly as possible... + */ + unsigned char tag_modifiers; + unsigned char tag_number; + unsigned long underlying_kind; + + int depth; + + PRBool isExplicit, /* we are handling an isExplicit header */ + indefinite, /* need end-of-contents */ + is_string, /* encoding a simple string or an ANY */ + may_stream, /* when streaming, do indefinite encoding */ + optional, /* omit field if it has no contents */ + disallowStreaming; /* disallow streaming in all sub-templates */ +} sec_asn1e_state; + +/* + * An "outsider" will have an opaque pointer to this, created by calling + * SEC_ASN1EncoderStart(). It will be passed back in to all subsequent + * calls to SEC_ASN1EncoderUpdate() and related routines, and when done + * it is passed to SEC_ASN1EncoderFinish(). + */ +struct sec_EncoderContext_struct { + PLArenaPool *our_pool; /* for our internal allocs */ + + sec_asn1e_state *current; + sec_asn1e_parse_status status; + + PRBool streaming; + PRBool from_buf; + + SEC_ASN1NotifyProc notify_proc; /* call before/after handling field */ + void *notify_arg; /* argument to notify_proc */ + PRBool during_notify; /* true during call to notify_proc */ + + SEC_ASN1WriteProc output_proc; /* pass encoded bytes to this */ + void *output_arg; /* argument to that function */ +}; + + +static sec_asn1e_state * +sec_asn1e_push_state (SEC_ASN1EncoderContext *cx, + const SEC_ASN1Template *theTemplate, + const void *src, PRBool new_depth) +{ + sec_asn1e_state *state, *new_state; + + state = cx->current; + + new_state = (sec_asn1e_state*)PORT_ArenaZAlloc (cx->our_pool, + sizeof(*new_state)); + if (new_state == NULL) { + cx->status = encodeError; + return NULL; + } + + new_state->top = cx; + new_state->parent = state; + new_state->theTemplate = theTemplate; + new_state->place = notInUse; + if (src != NULL) + new_state->src = (char *)src + theTemplate->offset; + + if (state != NULL) { + new_state->depth = state->depth; + if (new_depth) + new_state->depth++; + state->child = new_state; + } + + cx->current = new_state; + return new_state; +} + + +static void +sec_asn1e_scrub_state (sec_asn1e_state *state) +{ + /* + * Some default "scrubbing". + * XXX right set of initializations? + */ + state->place = beforeHeader; + state->indefinite = PR_FALSE; +} + + +static void +sec_asn1e_notify_before (SEC_ASN1EncoderContext *cx, void *src, int depth) +{ + if (cx->notify_proc == NULL) + return; + + cx->during_notify = PR_TRUE; + (* cx->notify_proc) (cx->notify_arg, PR_TRUE, src, depth); + cx->during_notify = PR_FALSE; +} + + +static void +sec_asn1e_notify_after (SEC_ASN1EncoderContext *cx, void *src, int depth) +{ + if (cx->notify_proc == NULL) + return; + + cx->during_notify = PR_TRUE; + (* cx->notify_proc) (cx->notify_arg, PR_FALSE, src, depth); + cx->during_notify = PR_FALSE; +} + + +static sec_asn1e_state * +sec_asn1e_init_state_based_on_template (sec_asn1e_state *state) +{ + PRBool isExplicit, is_string, may_stream, optional, universal; + PRBool disallowStreaming; + unsigned char tag_modifiers; + unsigned long encode_kind, under_kind; + unsigned long tag_number; + PRBool isInline = PR_FALSE; + + + encode_kind = state->theTemplate->kind; + + universal = ((encode_kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL) + ? PR_TRUE : PR_FALSE; + + isExplicit = (encode_kind & SEC_ASN1_EXPLICIT) ? PR_TRUE : PR_FALSE; + encode_kind &= ~SEC_ASN1_EXPLICIT; + + optional = (encode_kind & SEC_ASN1_OPTIONAL) ? PR_TRUE : PR_FALSE; + encode_kind &= ~SEC_ASN1_OPTIONAL; + + PORT_Assert (!(isExplicit && universal)); /* bad templates */ + + may_stream = (encode_kind & SEC_ASN1_MAY_STREAM) ? PR_TRUE : PR_FALSE; + encode_kind &= ~SEC_ASN1_MAY_STREAM; + + disallowStreaming = (encode_kind & SEC_ASN1_NO_STREAM) ? PR_TRUE : PR_FALSE; + encode_kind &= ~SEC_ASN1_NO_STREAM; + + /* Just clear this to get it out of the way; we do not need it here */ + encode_kind &= ~SEC_ASN1_DYNAMIC; + + if( encode_kind & SEC_ASN1_CHOICE ) { + under_kind = SEC_ASN1_CHOICE; + } else if ((encode_kind & (SEC_ASN1_POINTER | SEC_ASN1_INLINE)) || + (!universal && !isExplicit)) { + const SEC_ASN1Template *subt; + void *src = NULL; + + PORT_Assert ((encode_kind & (SEC_ASN1_ANY | SEC_ASN1_SKIP)) == 0); + + sec_asn1e_scrub_state (state); + + if (encode_kind & SEC_ASN1_POINTER) { + src = *(void **)state->src; + state->place = afterPointer; + + if (src == NULL) { + /* + * If this is optional, but NULL, then the field does + * not need to be encoded. In this case we are done; + * we do not want to push a subtemplate. + */ + if (optional) + return state; + + /* + * XXX this is an error; need to figure out + * how to handle this + */ + } + } else { + src = state->src; + if (encode_kind & SEC_ASN1_INLINE) { + /* check that there are no extraneous bits */ + /* PORT_Assert (encode_kind == SEC_ASN1_INLINE && !optional); */ + state->place = afterInline; + isInline = PR_TRUE; + } else { + /* + * Save the tag modifiers and tag number here before moving + * on to the next state in case this is a member of a + * SEQUENCE OF + */ + state->tag_modifiers = (unsigned char) + (encode_kind & (SEC_ASN1_TAG_MASK & ~SEC_ASN1_TAGNUM_MASK)); + state->tag_number = (unsigned char) + (encode_kind & SEC_ASN1_TAGNUM_MASK); + + state->place = afterImplicit; + state->optional = optional; + } + } + + subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->src, PR_TRUE); + if (isInline && optional) { + /* we only handle a very limited set of optional inline cases at + this time */ + if (PR_FALSE != SEC_ASN1IsTemplateSimple(subt)) { + /* we now know that the target is a SECItem*, so we can check + if the source contains one */ + SECItem* target = (SECItem*)state->src; + if (!target || !target->data || !target->len) { + /* no valid data to encode subtemplate */ + return state; + } + } else { + PORT_Assert(0); /* complex templates are not handled as + inline optional */ + } + } + state = sec_asn1e_push_state (state->top, subt, src, PR_FALSE); + if (state == NULL) + return state; + + if (universal) { + /* + * This is a POINTER or INLINE; just init based on that + * and we are done. + */ + return sec_asn1e_init_state_based_on_template (state); + } + + /* + * This is an implicit, non-universal (meaning, application-private + * or context-specific) field. This results in a "magic" tag but + * encoding based on the underlying type. We pushed a new state + * that is based on the subtemplate (the underlying type), but + * now we will sort of alias it to give it some of our properties + * (tag, optional status, etc.). + * + * NB: ALL the following flags in the subtemplate are disallowed + * and/or ignored: EXPLICIT, OPTIONAL, INNER, INLINE, POINTER. + */ + + under_kind = state->theTemplate->kind; + if ((under_kind & SEC_ASN1_MAY_STREAM) && !disallowStreaming) { + may_stream = PR_TRUE; + } + under_kind &= ~(SEC_ASN1_MAY_STREAM | SEC_ASN1_DYNAMIC); + } else { + under_kind = encode_kind; + } + + /* + * Sanity check that there are no unwanted bits marked in under_kind. + * These bits were either removed above (after we recorded them) or + * they simply should not be found (signalling a bad/broken template). + * XXX is this the right set of bits to test here? (i.e. need to add + * or remove any?) + */ +#define UNEXPECTED_FLAGS \ + (SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_SKIP | SEC_ASN1_INNER | \ + SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM | SEC_ASN1_INLINE | SEC_ASN1_POINTER) + + PORT_Assert ((under_kind & UNEXPECTED_FLAGS) == 0); + under_kind &= ~UNEXPECTED_FLAGS; +#undef UNEXPECTED_FLAGS + + if (encode_kind & SEC_ASN1_ANY) { + PORT_Assert (encode_kind == under_kind); + tag_modifiers = 0; + tag_number = 0; + is_string = PR_TRUE; + } else { + tag_modifiers = (unsigned char) + (encode_kind & (SEC_ASN1_TAG_MASK & ~SEC_ASN1_TAGNUM_MASK)); + /* + * XXX This assumes only single-octet identifiers. To handle + * the HIGH TAG form we would need to do some more work, especially + * in how to specify them in the template, because right now we + * do not provide a way to specify more *tag* bits in encode_kind. + */ + tag_number = encode_kind & SEC_ASN1_TAGNUM_MASK; + + is_string = PR_FALSE; + switch (under_kind & SEC_ASN1_TAGNUM_MASK) { + case SEC_ASN1_SET: + /* + * XXX A plain old SET (as opposed to a SET OF) is not implemented. + * If it ever is, remove this assert... + */ + PORT_Assert ((under_kind & SEC_ASN1_GROUP) != 0); + /* fallthru */ + case SEC_ASN1_SEQUENCE: + tag_modifiers |= SEC_ASN1_CONSTRUCTED; + break; + case SEC_ASN1_BIT_STRING: + case SEC_ASN1_BMP_STRING: + case SEC_ASN1_GENERALIZED_TIME: + case SEC_ASN1_IA5_STRING: + case SEC_ASN1_OCTET_STRING: + case SEC_ASN1_PRINTABLE_STRING: + case SEC_ASN1_T61_STRING: + case SEC_ASN1_UNIVERSAL_STRING: + case SEC_ASN1_UTC_TIME: + case SEC_ASN1_UTF8_STRING: + case SEC_ASN1_VISIBLE_STRING: + /* + * We do not yet know if we will be constructing the string, + * so we have to wait to do this final tag modification. + */ + is_string = PR_TRUE; + break; + } + } + + state->tag_modifiers = tag_modifiers; + state->tag_number = (unsigned char)tag_number; + state->underlying_kind = under_kind; + state->isExplicit = isExplicit; + state->may_stream = may_stream; + state->is_string = is_string; + state->optional = optional; + state->disallowStreaming = disallowStreaming; + + sec_asn1e_scrub_state (state); + + return state; +} + + +static void +sec_asn1e_write_part (sec_asn1e_state *state, + const char *buf, unsigned long len, + SEC_ASN1EncodingPart part) +{ + SEC_ASN1EncoderContext *cx; + + cx = state->top; + (* cx->output_proc) (cx->output_arg, buf, len, state->depth, part); +} + + +/* + * XXX This assumes only single-octet identifiers. To handle + * the HIGH TAG form we would need to modify this interface and + * teach it to properly encode the special form. + */ +static void +sec_asn1e_write_identifier_bytes (sec_asn1e_state *state, unsigned char value) +{ + char byte; + + byte = (char) value; + sec_asn1e_write_part (state, &byte, 1, SEC_ASN1_Identifier); +} + +int +SEC_ASN1EncodeLength(unsigned char *buf,int value) { + int lenlen; + + lenlen = SEC_ASN1LengthLength (value); + if (lenlen == 1) { + buf[0] = value; + } else { + int i; + + i = lenlen - 1; + buf[0] = 0x80 | i; + while (i) { + buf[i--] = value; + value >>= 8; + } + PORT_Assert (value == 0); + } + return lenlen; +} + +static void +sec_asn1e_write_length_bytes (sec_asn1e_state *state, unsigned long value, + PRBool indefinite) +{ + int lenlen; + unsigned char buf[sizeof(unsigned long) + 1]; + + if (indefinite) { + PORT_Assert (value == 0); + buf[0] = 0x80; + lenlen = 1; + } else { + lenlen = SEC_ASN1EncodeLength(buf,value); + } + + sec_asn1e_write_part (state, (char *) buf, lenlen, SEC_ASN1_Length); +} + + +static void +sec_asn1e_write_contents_bytes (sec_asn1e_state *state, + const char *buf, unsigned long len) +{ + sec_asn1e_write_part (state, buf, len, SEC_ASN1_Contents); +} + + +static void +sec_asn1e_write_end_of_contents_bytes (sec_asn1e_state *state) +{ + const char eoc[2] = {0, 0}; + + sec_asn1e_write_part (state, eoc, 2, SEC_ASN1_EndOfContents); +} + +static int +sec_asn1e_which_choice +( + void *src, + const SEC_ASN1Template *theTemplate +) +{ + int rv; + unsigned int which = *(unsigned int *)src; + + for( rv = 1, theTemplate++; theTemplate->kind != 0; rv++, theTemplate++ ) { + if( which == theTemplate->size ) { + return rv; + } + } + + return 0; +} + +static unsigned long +sec_asn1e_contents_length (const SEC_ASN1Template *theTemplate, void *src, + PRBool disallowStreaming, PRBool insideIndefinite, + sec_asn1e_hdr_encoding *pHdrException) +{ + unsigned long encode_kind, underlying_kind; + PRBool isExplicit, optional, universal, may_stream; + unsigned long len; + + /* + * This function currently calculates the length in all cases + * except the following: when writing out the contents of a + * template that belongs to a state where it was a sub-template + * with the SEC_ASN1_MAY_STREAM bit set and it's parent had the + * optional bit set. The information that the parent is optional + * and that we should return the length of 0 when that length is + * present since that means the optional field is no longer present. + * So we add the disallowStreaming flag which is passed in when + * writing the contents, but for all recursive calls to + * sec_asn1e_contents_length, we pass PR_FALSE, because this + * function correctly calculates the length for children templates + * from that point on. Confused yet? At least you didn't have + * to figure it out. ;) -javi + */ + encode_kind = theTemplate->kind; + + universal = ((encode_kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL) + ? PR_TRUE : PR_FALSE; + + isExplicit = (encode_kind & SEC_ASN1_EXPLICIT) ? PR_TRUE : PR_FALSE; + encode_kind &= ~SEC_ASN1_EXPLICIT; + + optional = (encode_kind & SEC_ASN1_OPTIONAL) ? PR_TRUE : PR_FALSE; + encode_kind &= ~SEC_ASN1_OPTIONAL; + + PORT_Assert (!(isExplicit && universal)); /* bad templates */ + + may_stream = (encode_kind & SEC_ASN1_MAY_STREAM) ? PR_TRUE : PR_FALSE; + encode_kind &= ~SEC_ASN1_MAY_STREAM; + + /* Just clear this to get it out of the way; we do not need it here */ + encode_kind &= ~SEC_ASN1_DYNAMIC; + + if (encode_kind & SEC_ASN1_NO_STREAM) { + disallowStreaming = PR_TRUE; + } + encode_kind &= ~SEC_ASN1_NO_STREAM; + + if (encode_kind & SEC_ASN1_CHOICE) { + void *src2; + int indx = sec_asn1e_which_choice(src, theTemplate); + if (0 == indx) { + /* XXX set an error? "choice not found" */ + /* state->top->status = encodeError; */ + return 0; + } + + src2 = (void *) + ((char *)src - theTemplate->offset + theTemplate[indx].offset); + + return sec_asn1e_contents_length(&theTemplate[indx], src2, + disallowStreaming, insideIndefinite, + pHdrException); + } + + if ((encode_kind & (SEC_ASN1_POINTER | SEC_ASN1_INLINE)) || !universal) { + /* XXX any bits we want to disallow (PORT_Assert against) here? */ + theTemplate = SEC_ASN1GetSubtemplate (theTemplate, src, PR_TRUE); + if (encode_kind & SEC_ASN1_POINTER) { + src = *(void **)src; + if (src == NULL) { + *pHdrException = optional ? hdr_optional : hdr_normal; + return 0; + } + } else if (encode_kind & SEC_ASN1_INLINE) { + /* check that there are no extraneous bits */ + if (optional) { + if (PR_FALSE != SEC_ASN1IsTemplateSimple(theTemplate)) { + /* we now know that the target is a SECItem*, so we can check + if the source contains one */ + SECItem* target = (SECItem*)src; + if (!target || !target->data || !target->len) { + /* no valid data to encode subtemplate */ + *pHdrException = hdr_optional; + return 0; + } + } else { + PORT_Assert(0); /* complex templates not handled as inline + optional */ + } + } + } + + src = (char *)src + theTemplate->offset; + + /* recurse to find the length of the subtemplate */ + len = sec_asn1e_contents_length (theTemplate, src, disallowStreaming, + insideIndefinite, pHdrException); + if (len == 0 && optional) { + *pHdrException = hdr_optional; + } else if (isExplicit) { + if (*pHdrException == hdr_any) { + /* *we* do not want to add in a header, + ** but our caller still does. + */ + *pHdrException = hdr_normal; + } else if (*pHdrException == hdr_normal) { + /* if the inner content exists, our length is + * len(identifier) + len(length) + len(innercontent) + * XXX we currently assume len(identifier) == 1; + * to support a high-tag-number this would need to be smarter. + */ + len += 1 + SEC_ASN1LengthLength (len); + } + } + return len; + } + underlying_kind = encode_kind; + + /* This is only used in decoding; it plays no part in encoding. */ + if (underlying_kind & SEC_ASN1_SAVE) { + /* check that there are no extraneous bits */ + PORT_Assert (underlying_kind == SEC_ASN1_SAVE); + *pHdrException = hdr_decoder; + return 0; + } + +#define UNEXPECTED_FLAGS \ + (SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_INLINE | SEC_ASN1_POINTER |\ + SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM | SEC_ASN1_SAVE | SEC_ASN1_SKIP) + + /* Having any of these bits is not expected here... */ + PORT_Assert ((underlying_kind & UNEXPECTED_FLAGS) == 0); + underlying_kind &= ~UNEXPECTED_FLAGS; +#undef UNEXPECTED_FLAGS + + if (underlying_kind & SEC_ASN1_CHOICE) { + void *src2; + int indx = sec_asn1e_which_choice(src, theTemplate); + if (0 == indx) { + /* XXX set an error? "choice not found" */ + /* state->top->status = encodeError; */ + return 0; + } + + src2 = (void *) + ((char *)src - theTemplate->offset + theTemplate[indx].offset); + len = sec_asn1e_contents_length(&theTemplate[indx], src2, + disallowStreaming, insideIndefinite, + pHdrException); + } else { + switch (underlying_kind) { + case SEC_ASN1_SEQUENCE_OF: + case SEC_ASN1_SET_OF: + { + const SEC_ASN1Template *tmpt; + void *sub_src; + unsigned long sub_len; + void **group; + + len = 0; + + group = *(void ***)src; + if (group == NULL) + break; + + tmpt = SEC_ASN1GetSubtemplate (theTemplate, src, PR_TRUE); + + for (; *group != NULL; group++) { + sub_src = (char *)(*group) + tmpt->offset; + sub_len = sec_asn1e_contents_length (tmpt, sub_src, + disallowStreaming, + insideIndefinite, + pHdrException); + len += sub_len; + /* + * XXX The 1 below is the presumed length of the identifier; + * to support a high-tag-number this would need to be smarter. + */ + if (*pHdrException == hdr_normal) + len += 1 + SEC_ASN1LengthLength (sub_len); + } + } + break; + + case SEC_ASN1_SEQUENCE: + case SEC_ASN1_SET: + { + const SEC_ASN1Template *tmpt; + void *sub_src; + unsigned long sub_len; + + len = 0; + for (tmpt = theTemplate + 1; tmpt->kind; tmpt++) { + sub_src = (char *)src + tmpt->offset; + sub_len = sec_asn1e_contents_length (tmpt, sub_src, + disallowStreaming, + insideIndefinite, + pHdrException); + len += sub_len; + /* + * XXX The 1 below is the presumed length of the identifier; + * to support a high-tag-number this would need to be smarter. + */ + if (*pHdrException == hdr_normal) + len += 1 + SEC_ASN1LengthLength (sub_len); + } + } + break; + + case SEC_ASN1_BIT_STRING: + /* convert bit length to byte */ + len = (((SECItem *)src)->len + 7) >> 3; + /* bit string contents involve an extra octet */ + if (len) + len++; + break; + + case SEC_ASN1_INTEGER: + /* ASN.1 INTEGERs are signed. + * If the source is an unsigned integer, the encoder will need + * to handle the conversion here. + */ + { + unsigned char *buf = ((SECItem *)src)->data; + SECItemType integerType = ((SECItem *)src)->type; + len = ((SECItem *)src)->len; + while (len > 0) { + if (*buf != 0) { + if (*buf & 0x80 && integerType == siUnsignedInteger) { + len++; /* leading zero needed to make number signed */ + } + break; /* reached beginning of number */ + } + if (len == 1) { + break; /* the number 0 */ + } + if (buf[1] & 0x80) { + break; /* leading zero already present */ + } + /* extraneous leading zero, keep going */ + buf++; + len--; + } + } + break; + + default: + len = ((SECItem *)src)->len; + break; + } /* end switch */ + +#ifndef WHAT_PROBLEM_DOES_THIS_SOLVE + /* if we're streaming, we may have a secitem w/len 0 as placeholder */ + if (!len && insideIndefinite && may_stream && !disallowStreaming) { + len = 1; + } +#endif + } /* end else */ + + if (len == 0 && optional) + *pHdrException = hdr_optional; + else if (underlying_kind == SEC_ASN1_ANY) + *pHdrException = hdr_any; + else + *pHdrException = hdr_normal; + + return len; +} + + +static void +sec_asn1e_write_header (sec_asn1e_state *state) +{ + unsigned long contents_length; + unsigned char tag_number, tag_modifiers; + sec_asn1e_hdr_encoding hdrException = hdr_normal; + PRBool indefinite = PR_FALSE; + + PORT_Assert (state->place == beforeHeader); + + tag_number = state->tag_number; + tag_modifiers = state->tag_modifiers; + + if (state->underlying_kind == SEC_ASN1_ANY) { + state->place = duringContents; + return; + } + + if (state->underlying_kind & SEC_ASN1_CHOICE) { + int indx = sec_asn1e_which_choice(state->src, state->theTemplate); + if( 0 == indx ) { + /* XXX set an error? "choice not found" */ + state->top->status = encodeError; + return; + } + state->place = afterChoice; + state = sec_asn1e_push_state(state->top, &state->theTemplate[indx], + (char *)state->src - state->theTemplate->offset, + PR_TRUE); + if (state) { + /* + * Do the "before" field notification. + */ + sec_asn1e_notify_before (state->top, state->src, state->depth); + state = sec_asn1e_init_state_based_on_template (state); + } + return; + } + + /* The !isString test below is apparently intended to ensure that all + ** constructed types receive indefinite length encoding. + */ + indefinite = (PRBool) + (state->top->streaming && state->may_stream && + (state->top->from_buf || !state->is_string)); + + /* + * If we are doing a definite-length encoding, first we have to + * walk the data structure to calculate the entire contents length. + * If we are doing an indefinite-length encoding, we still need to + * know if the contents is: + * optional and to be omitted, or + * an ANY (header is pre-encoded), or + * a SAVE or some other kind of template used only by the decoder. + * So, we call this function either way. + */ + contents_length = sec_asn1e_contents_length (state->theTemplate, + state->src, + state->disallowStreaming, + indefinite, + &hdrException); + /* + * We might be told explicitly not to put out a header. + * But it can also be the case, via a pushed subtemplate, that + * sec_asn1e_contents_length could not know that this field is + * really optional. So check for that explicitly, too. + */ + if (hdrException != hdr_normal || + (contents_length == 0 && state->optional)) { + state->place = afterContents; + if (state->top->streaming && + state->may_stream && + state->top->from_buf) { + /* we did not find an optional indefinite string, so we + * don't encode it. However, if TakeFromBuf is on, we stop + * here anyway to give our caller a chance to intercept at the + * same point where we would stop if the field were present. + */ + state->top->status = needBytes; + } + return; + } + + if (indefinite) { + /* + * We need to put out an indefinite-length encoding. + * The only universal types that can be constructed are SETs, + * SEQUENCEs, and strings; so check that it is one of those, + * or that it is not universal (e.g. context-specific). + */ + state->indefinite = PR_TRUE; + PORT_Assert ((tag_number == SEC_ASN1_SET) + || (tag_number == SEC_ASN1_SEQUENCE) + || ((tag_modifiers & SEC_ASN1_CLASS_MASK) != 0) + || state->is_string); + tag_modifiers |= SEC_ASN1_CONSTRUCTED; + contents_length = 0; + } + + sec_asn1e_write_identifier_bytes (state, + (unsigned char)(tag_number | tag_modifiers)); + sec_asn1e_write_length_bytes (state, contents_length, state->indefinite); + + if (contents_length == 0 && !state->indefinite) { + /* + * If no real contents to encode, then we are done with this field. + */ + state->place = afterContents; + return; + } + + /* + * An EXPLICIT is nothing but an outer header, which we have already + * written. Now we need to do the inner header and contents. + */ + if (state->isExplicit) { + const SEC_ASN1Template *subt = + SEC_ASN1GetSubtemplate(state->theTemplate, state->src, PR_TRUE); + state->place = afterContents; + state = sec_asn1e_push_state (state->top, subt, state->src, PR_TRUE); + if (state != NULL) + state = sec_asn1e_init_state_based_on_template (state); + return; + } + + switch (state->underlying_kind) { + case SEC_ASN1_SET_OF: + case SEC_ASN1_SEQUENCE_OF: + /* + * We need to push a child to handle each member. + */ + { + void **group; + const SEC_ASN1Template *subt; + + group = *(void ***)state->src; + if (group == NULL || *group == NULL) { + /* + * Group is empty; we are done. + */ + state->place = afterContents; + return; + } + state->place = duringGroup; + subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->src, + PR_TRUE); + state = sec_asn1e_push_state (state->top, subt, *group, PR_TRUE); + if (state != NULL) + state = sec_asn1e_init_state_based_on_template (state); + } + break; + + case SEC_ASN1_SEQUENCE: + case SEC_ASN1_SET: + /* + * We need to push a child to handle the individual fields. + */ + state->place = duringSequence; + state = sec_asn1e_push_state (state->top, state->theTemplate + 1, + state->src, PR_TRUE); + if (state != NULL) { + /* + * Do the "before" field notification. + */ + sec_asn1e_notify_before (state->top, state->src, state->depth); + state = sec_asn1e_init_state_based_on_template (state); + } + break; + + default: + /* + * I think we do not need to do anything else. + * XXX Correct? + */ + state->place = duringContents; + break; + } +} + + +static void +sec_asn1e_write_contents_from_buf (sec_asn1e_state *state, + const char *buf, unsigned long len) +{ + PORT_Assert (state->place == duringContents); + PORT_Assert (state->top->from_buf); + PORT_Assert (state->may_stream && !state->disallowStreaming); + + /* + * Probably they just turned on "take from buf", but have not + * yet given us any bytes. If there is nothing in the buffer + * then we have nothing to do but return and wait. + */ + if (buf == NULL || len == 0) { + state->top->status = needBytes; + return; + } + /* + * We are streaming, reading from a passed-in buffer. + * This means we are encoding a simple string or an ANY. + * For the former, we need to put out a substring, with its + * own identifier and length. For an ANY, we just write it + * out as is (our caller is required to ensure that it + * is a properly encoded entity). + */ + PORT_Assert (state->is_string); /* includes ANY */ + if (state->underlying_kind != SEC_ASN1_ANY) { + unsigned char identifier; + + /* + * Create the identifier based on underlying_kind. We cannot + * use tag_number and tag_modifiers because this can be an + * implicitly encoded field. In that case, the underlying + * substrings *are* encoded with their real tag. + */ + identifier = (unsigned char) + (state->underlying_kind & SEC_ASN1_TAG_MASK); + /* + * The underlying kind should just be a simple string; there + * should be no bits like CONTEXT_SPECIFIC or CONSTRUCTED set. + */ + PORT_Assert ((identifier & SEC_ASN1_TAGNUM_MASK) == identifier); + /* + * Write out the tag and length for the substring. + */ + sec_asn1e_write_identifier_bytes (state, identifier); + if (state->underlying_kind == SEC_ASN1_BIT_STRING) { + char byte; + /* + * Assume we have a length in bytes but we need to output + * a proper bit string. This interface only works for bit + * strings that are full multiples of 8. If support for + * real, variable length bit strings is needed then the + * caller will have to know to pass in a bit length instead + * of a byte length and then this code will have to + * perform the encoding necessary (length written is length + * in bytes plus 1, and the first octet of string is the + * number of bits remaining between the end of the bit + * string and the next byte boundary). + */ + sec_asn1e_write_length_bytes (state, len + 1, PR_FALSE); + byte = 0; + sec_asn1e_write_contents_bytes (state, &byte, 1); + } else { + sec_asn1e_write_length_bytes (state, len, PR_FALSE); + } + } + sec_asn1e_write_contents_bytes (state, buf, len); + state->top->status = needBytes; +} + +static void +sec_asn1e_write_contents (sec_asn1e_state *state) +{ + unsigned long len = 0; + + PORT_Assert (state->place == duringContents); + + switch (state->underlying_kind) { + case SEC_ASN1_SET: + case SEC_ASN1_SEQUENCE: + PORT_Assert (0); + break; + + case SEC_ASN1_BIT_STRING: + { + SECItem *item; + char rem; + + item = (SECItem *)state->src; + len = (item->len + 7) >> 3; + rem = (unsigned char)((len << 3) - item->len); /* remaining bits */ + sec_asn1e_write_contents_bytes (state, &rem, 1); + sec_asn1e_write_contents_bytes (state, (char *) item->data, len); + } + break; + + case SEC_ASN1_BMP_STRING: + /* The number of bytes must be divisable by 2 */ + if ((((SECItem *)state->src)->len) % 2) { + SEC_ASN1EncoderContext *cx; + + cx = state->top; + cx->status = encodeError; + break; + } + /* otherwise, fall through to write the content */ + goto process_string; + + case SEC_ASN1_UNIVERSAL_STRING: + /* The number of bytes must be divisable by 4 */ + if ((((SECItem *)state->src)->len) % 4) { + SEC_ASN1EncoderContext *cx; + + cx = state->top; + cx->status = encodeError; + break; + } + /* otherwise, fall through to write the content */ + goto process_string; + + case SEC_ASN1_INTEGER: + /* ASN.1 INTEGERs are signed. If the source is an unsigned + * integer, the encoder will need to handle the conversion here. + */ + { + unsigned int blen; + unsigned char *buf; + SECItemType integerType; + blen = ((SECItem *)state->src)->len; + buf = ((SECItem *)state->src)->data; + integerType = ((SECItem *)state->src)->type; + while (blen > 0) { + if (*buf & 0x80 && integerType == siUnsignedInteger) { + char zero = 0; /* write a leading 0 */ + sec_asn1e_write_contents_bytes(state, &zero, 1); + /* and then the remaining buffer */ + sec_asn1e_write_contents_bytes(state, + (char *)buf, blen); + break; + } + /* Check three possibilities: + * 1. No leading zeros, msb of MSB is not 1; + * 2. The number is zero itself; + * 3. Encoding a signed integer with a leading zero, + * keep the zero so that the number is positive. + */ + if (*buf != 0 || + blen == 1 || + (buf[1] & 0x80 && integerType != siUnsignedInteger) ) + { + sec_asn1e_write_contents_bytes(state, + (char *)buf, blen); + break; + } + /* byte is 0, continue */ + buf++; + blen--; + } + } + /* done with this content */ + break; + +process_string: + default: + { + SECItem *item; + + item = (SECItem *)state->src; + sec_asn1e_write_contents_bytes (state, (char *) item->data, + item->len); + } + break; + } + state->place = afterContents; +} + +/* + * We are doing a SET OF or SEQUENCE OF, and have just finished an item. + */ +static void +sec_asn1e_next_in_group (sec_asn1e_state *state) +{ + sec_asn1e_state *child; + void **group; + void *member; + + PORT_Assert (state->place == duringGroup); + PORT_Assert (state->child != NULL); + + child = state->child; + + group = *(void ***)state->src; + + /* + * Find placement of current item. + */ + member = (char *)(state->child->src) - child->theTemplate->offset; + while (*group != member) + group++; + + /* + * Move forward to next item. + */ + group++; + if (*group == NULL) { + /* + * That was our last one; we are done now. + */ + child->place = notInUse; + state->place = afterContents; + return; + } + child->src = (char *)(*group) + child->theTemplate->offset; + + /* + * Re-"push" child. + */ + sec_asn1e_scrub_state (child); + state->top->current = child; +} + + +/* + * We are moving along through a sequence; move forward by one, + * (detecting end-of-sequence when it happens). + */ +static void +sec_asn1e_next_in_sequence (sec_asn1e_state *state) +{ + sec_asn1e_state *child; + + PORT_Assert (state->place == duringSequence); + PORT_Assert (state->child != NULL); + + child = state->child; + + /* + * Do the "after" field notification. + */ + sec_asn1e_notify_after (state->top, child->src, child->depth); + + /* + * Move forward. + */ + child->theTemplate++; + if (child->theTemplate->kind == 0) { + /* + * We are done with this sequence. + */ + child->place = notInUse; + state->place = afterContents; + return; + } + + /* + * Reset state and push. + */ + + child->src = (char *)state->src + child->theTemplate->offset; + + /* + * Do the "before" field notification. + */ + sec_asn1e_notify_before (state->top, child->src, child->depth); + + state->top->current = child; + (void) sec_asn1e_init_state_based_on_template (child); +} + + +static void +sec_asn1e_after_contents (sec_asn1e_state *state) +{ + PORT_Assert (state->place == afterContents); + + if (state->indefinite) + sec_asn1e_write_end_of_contents_bytes (state); + + /* + * Just make my parent be the current state. It will then clean + * up after me and free me (or reuse me). + */ + state->top->current = state->parent; +} + + +/* + * This function is called whether or not we are streaming; if we + * *are* streaming, our caller can also instruct us to take bytes + * from the passed-in buffer (at buf, for length len, which is likely + * bytes but could even mean bits if the current field is a bit string). + * If we have been so instructed, we will gobble up bytes from there + * (rather than from our src structure) and output them, and then + * we will just return, expecting to be called again -- either with + * more bytes or after our caller has instructed us that we are done + * (for now) with the buffer. + */ +SECStatus +SEC_ASN1EncoderUpdate (SEC_ASN1EncoderContext *cx, + const char *buf, unsigned long len) +{ + sec_asn1e_state *state; + + if (cx->status == needBytes) { + cx->status = keepGoing; + } + + while (cx->status == keepGoing) { + state = cx->current; + switch (state->place) { + case beforeHeader: + sec_asn1e_write_header (state); + break; + case duringContents: + if (cx->from_buf) + sec_asn1e_write_contents_from_buf (state, buf, len); + else + sec_asn1e_write_contents (state); + break; + case duringGroup: + sec_asn1e_next_in_group (state); + break; + case duringSequence: + sec_asn1e_next_in_sequence (state); + break; + case afterContents: + sec_asn1e_after_contents (state); + break; + case afterImplicit: + case afterInline: + case afterPointer: + case afterChoice: + /* + * These states are more documentation than anything. + * They just need to force a pop. + */ + PORT_Assert (!state->indefinite); + state->place = afterContents; + break; + case notInUse: + default: + /* This is not an error, but rather a plain old BUG! */ + PORT_Assert (0); + cx->status = encodeError; + break; + } + + if (cx->status == encodeError) + break; + + /* It might have changed, so we have to update our local copy. */ + state = cx->current; + + /* If it is NULL, we have popped all the way to the top. */ + if (state == NULL) { + cx->status = allDone; + break; + } + } + + if (cx->status == encodeError) { + return SECFailure; + } + + return SECSuccess; +} + + +void +SEC_ASN1EncoderFinish (SEC_ASN1EncoderContext *cx) +{ + /* + * XXX anything else that needs to be finished? + */ + + PORT_FreeArena (cx->our_pool, PR_FALSE); +} + + +SEC_ASN1EncoderContext * +SEC_ASN1EncoderStart (const void *src, const SEC_ASN1Template *theTemplate, + SEC_ASN1WriteProc output_proc, void *output_arg) +{ + PLArenaPool *our_pool; + SEC_ASN1EncoderContext *cx; + + our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE); + if (our_pool == NULL) + return NULL; + + cx = (SEC_ASN1EncoderContext*)PORT_ArenaZAlloc (our_pool, sizeof(*cx)); + if (cx == NULL) { + PORT_FreeArena (our_pool, PR_FALSE); + return NULL; + } + + cx->our_pool = our_pool; + cx->output_proc = output_proc; + cx->output_arg = output_arg; + + cx->status = keepGoing; + + if (sec_asn1e_push_state(cx, theTemplate, src, PR_FALSE) == NULL + || sec_asn1e_init_state_based_on_template (cx->current) == NULL) { + /* + * Trouble initializing (probably due to failed allocations) + * requires that we just give up. + */ + PORT_FreeArena (our_pool, PR_FALSE); + return NULL; + } + + return cx; +} + + +/* + * XXX Do we need a FilterProc, too? + */ + + +void +SEC_ASN1EncoderSetNotifyProc (SEC_ASN1EncoderContext *cx, + SEC_ASN1NotifyProc fn, void *arg) +{ + cx->notify_proc = fn; + cx->notify_arg = arg; +} + + +void +SEC_ASN1EncoderClearNotifyProc (SEC_ASN1EncoderContext *cx) +{ + cx->notify_proc = NULL; + cx->notify_arg = NULL; /* not necessary; just being clean */ +} + +void +SEC_ASN1EncoderAbort(SEC_ASN1EncoderContext *cx, int error) +{ + PORT_Assert(cx); + PORT_SetError(error); + cx->status = encodeError; +} + +void +SEC_ASN1EncoderSetStreaming (SEC_ASN1EncoderContext *cx) +{ + /* XXX is there a way to check that we are "between" fields here? */ + + cx->streaming = PR_TRUE; +} + + +void +SEC_ASN1EncoderClearStreaming (SEC_ASN1EncoderContext *cx) +{ + /* XXX is there a way to check that we are "between" fields here? */ + + cx->streaming = PR_FALSE; +} + + +void +SEC_ASN1EncoderSetTakeFromBuf (SEC_ASN1EncoderContext *cx) +{ + /* + * XXX is there a way to check that we are "between" fields here? this + * needs to include a check for being in between groups of items in + * a SET_OF or SEQUENCE_OF. + */ + PORT_Assert (cx->streaming); + + cx->from_buf = PR_TRUE; +} + + +void +SEC_ASN1EncoderClearTakeFromBuf (SEC_ASN1EncoderContext *cx) +{ + /* we should actually be taking from buf *now* */ + PORT_Assert (cx->from_buf); + if (! cx->from_buf) /* if not, just do nothing */ + return; + + cx->from_buf = PR_FALSE; + + if (cx->status == needBytes) { + cx->status = keepGoing; + cx->current->place = afterContents; + } +} + + +SECStatus +SEC_ASN1Encode (const void *src, const SEC_ASN1Template *theTemplate, + SEC_ASN1WriteProc output_proc, void *output_arg) +{ + SEC_ASN1EncoderContext *ecx; + SECStatus rv; + + ecx = SEC_ASN1EncoderStart (src, theTemplate, output_proc, output_arg); + if (ecx == NULL) + return SECFailure; + + rv = SEC_ASN1EncoderUpdate (ecx, NULL, 0); + + SEC_ASN1EncoderFinish (ecx); + return rv; +} + + +/* + * XXX depth and data_kind are unused; is there a PC way to silence warnings? + * (I mean "politically correct", not anything to do with intel/win platform) + */ +static void +sec_asn1e_encode_item_count (void *arg, const char *buf, unsigned long len, + int depth, SEC_ASN1EncodingPart data_kind) +{ + unsigned long *count; + + count = (unsigned long*)arg; + PORT_Assert (count != NULL); + + *count += len; +} + + +/* XXX depth and data_kind are unused; is there a PC way to silence warnings? */ +static void +sec_asn1e_encode_item_store (void *arg, const char *buf, unsigned long len, + int depth, SEC_ASN1EncodingPart data_kind) +{ + SECItem *dest; + + dest = (SECItem*)arg; + PORT_Assert (dest != NULL); + + PORT_Memcpy (dest->data + dest->len, buf, len); + dest->len += len; +} + + +/* + * Allocate an entire SECItem, or just the data part of it, to hold + * "len" bytes of stuff. Allocate from the given pool, if specified, + * otherwise just do a vanilla PORT_Alloc. + * + * XXX This seems like a reasonable general-purpose function (for SECITEM_)? + */ +static SECItem * +sec_asn1e_allocate_item (PLArenaPool *poolp, SECItem *dest, unsigned long len) +{ + if (poolp != NULL) { + void *release; + + release = PORT_ArenaMark (poolp); + if (dest == NULL) + dest = (SECItem*)PORT_ArenaAlloc (poolp, sizeof(SECItem)); + if (dest != NULL) { + dest->data = (unsigned char*)PORT_ArenaAlloc (poolp, len); + if (dest->data == NULL) { + dest = NULL; + } + } + if (dest == NULL) { + /* one or both allocations failed; release everything */ + PORT_ArenaRelease (poolp, release); + } else { + /* everything okay; unmark the arena */ + PORT_ArenaUnmark (poolp, release); + } + } else { + SECItem *indest; + + indest = dest; + if (dest == NULL) + dest = (SECItem*)PORT_Alloc (sizeof(SECItem)); + if (dest != NULL) { + dest->type = siBuffer; + dest->data = (unsigned char*)PORT_Alloc (len); + if (dest->data == NULL) { + if (indest == NULL) + PORT_Free (dest); + dest = NULL; + } + } + } + + return dest; +} + + +SECItem * +SEC_ASN1EncodeItem (PLArenaPool *poolp, SECItem *dest, const void *src, + const SEC_ASN1Template *theTemplate) +{ + unsigned long encoding_length; + SECStatus rv; + + PORT_Assert (dest == NULL || dest->data == NULL); + + encoding_length = 0; + rv = SEC_ASN1Encode (src, theTemplate, + sec_asn1e_encode_item_count, &encoding_length); + if (rv != SECSuccess) + return NULL; + + dest = sec_asn1e_allocate_item (poolp, dest, encoding_length); + if (dest == NULL) + return NULL; + + /* XXX necessary? This really just checks for a bug in the allocate fn */ + PORT_Assert (dest->data != NULL); + if (dest->data == NULL) + return NULL; + + dest->len = 0; + (void) SEC_ASN1Encode (src, theTemplate, sec_asn1e_encode_item_store, dest); + + PORT_Assert (encoding_length == dest->len); + return dest; +} + + +static SECItem * +sec_asn1e_integer(PLArenaPool *poolp, SECItem *dest, unsigned long value, + PRBool is_unsigned) +{ + unsigned long copy; + unsigned char sign; + int len = 0; + + /* + * Determine the length of the encoded value (minimum of 1). + */ + copy = value; + do { + len++; + sign = (unsigned char)(copy & 0x80); + copy >>= 8; + } while (copy); + + /* + * If 'value' is non-negative, and the high bit of the last + * byte we counted was set, we need to add one to the length so + * we put a high-order zero byte in the encoding. + */ + if (sign && (is_unsigned || (long)value >= 0)) + len++; + + /* + * Allocate the item (if necessary) and the data pointer within. + */ + dest = sec_asn1e_allocate_item (poolp, dest, len); + if (dest == NULL) + return NULL; + + /* + * Store the value, byte by byte, in the item. + */ + dest->len = len; + while (len) { + dest->data[--len] = (unsigned char)value; + value >>= 8; + } + PORT_Assert (value == 0); + + return dest; +} + + +SECItem * +SEC_ASN1EncodeInteger(PLArenaPool *poolp, SECItem *dest, long value) +{ + return sec_asn1e_integer (poolp, dest, (unsigned long) value, PR_FALSE); +} + + +SECItem * +SEC_ASN1EncodeUnsignedInteger(PLArenaPool *poolp, + SECItem *dest, unsigned long value) +{ + return sec_asn1e_integer (poolp, dest, value, PR_TRUE); +}