| blob | c266035370cf5e52addc2961a06021633d1f4927 |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
37 #ifdef DEBUG
38 static const char CVS_ID[] = "@(#) $RCSfile: oid.c,v $ $Revision: 1.6 $ $Date: 2005/01/20 02:25:49 $";
41 /*
42 * oid.c
43 *
44 * This file contains the implementation of the basic OID routines.
45 */
47 #ifndef BASE_H
51 #ifndef PKI1_H
58 /*
59 * NSSOID
60 *
61 * The public "methods" regarding this "object" are:
62 *
63 * NSSOID_CreateFromBER -- constructor
64 * NSSOID_CreateFromUTF8 -- constructor
65 * (there is no explicit destructor)
66 *
67 * NSSOID_GetDEREncoding
68 * NSSOID_GetUTF8Encoding
70 * The non-public "methods" regarding this "object" are:
71 *
72 * nssOID_CreateFromBER -- constructor
73 * nssOID_CreateFromUTF8 -- constructor
74 * (there is no explicit destructor)
75 *
76 * nssOID_GetDEREncoding
77 * nssOID_GetUTF8Encoding
78 *
79 * In debug builds, the following non-public calls are also available:
80 *
81 * nssOID_verifyPointer
82 * nssOID_getExplanation
83 * nssOID_getTaggedUTF8
84 */
88 /*
89 * First, the public "wrappers"
90 */
92 /*
93 * NSSOID_CreateFromBER
94 *
95 * This routine creates an NSSOID by decoding a BER- or DER-encoded
96 * OID. It may return NULL upon error, in which case it
97 * will have created an error stack.
98 *
99 * The error may be one of the following values:
100 * NSS_ERROR_INVALID_BER
101 * NSS_ERROR_NO_MEMORY
102 *
103 * Return value:
104 * NULL upon error
105 * An NSSOID upon success
106 */
108 NSS_EXTERN NSSOID *
109 NSSOID_CreateFromBER
110 (
111 NSSBER *berOid
112 )
113 {
116 #ifdef DEBUG
117 /*
118 * NSSBERs can be created by the user,
119 * so no pointer-tracking can be checked.
120 */
125 }
130 }
134 }
136 /*
137 * NSSOID_CreateFromUTF8
138 *
139 * This routine creates an NSSOID by decoding a UTF8 string
140 * representation of an OID in dotted-number format. The string may
141 * optionally begin with an octothorpe. It may return NULL
142 * upon error, in which case it will have created an error stack.
143 *
144 * The error may be one of the following values:
145 * NSS_ERROR_INVALID_UTF8
146 * NSS_ERROR_NO_MEMORY
147 *
148 * Return value:
149 * NULL upon error
150 * An NSSOID upon success
151 */
153 NSS_EXTERN NSSOID *
154 NSSOID_CreateFromUTF8
155 (
156 NSSUTF8 *stringOid
157 )
158 {
161 #ifdef DEBUG
162 /*
163 * NSSUTF8s can be created by the user,
164 * so no pointer-tracking can be checked.
165 */
170 }
174 }
176 /*
177 * NSSOID_GetDEREncoding
178 *
179 * This routine returns the DER encoding of the specified NSSOID.
180 * If the optional arena argument is non-null, the memory used will
181 * be obtained from that arena; otherwise, the memory will be obtained
182 * from the heap. This routine may return return null upon error, in
183 * which case it will have created an error stack.
184 *
185 * The error may be one of the following values:
186 * NSS_ERROR_INVALID_NSSOID
187 * NSS_ERROR_NO_MEMORY
188 *
189 * Return value:
190 * NULL upon error
191 * The DER encoding of this NSSOID
192 */
194 NSS_EXTERN NSSDER *
195 NSSOID_GetDEREncoding
196 (
199 NSSArena *arenaOpt
200 )
201 {
204 #ifdef DEBUG
207 }
212 }
213 }
217 }
219 /*
220 * NSSOID_GetUTF8Encoding
221 *
222 * This routine returns a UTF8 string containing the dotted-number
223 * encoding of the specified NSSOID. If the optional arena argument
224 * is non-null, the memory used will be obtained from that arena;
225 * otherwise, the memory will be obtained from the heap. This routine
226 * may return null upon error, in which case it will have created an
227 * error stack.
228 *
229 * The error may be one of the following values:
230 * NSS_ERROR_INVALID_NSSOID
231 * NSS_ERROR_NO_MEMORY
232 *
233 * Return value:
234 * NULL upon error
235 * A pointer to a UTF8 string containing the dotted-digit encoding of
236 * this NSSOID
237 */
239 NSS_EXTERN NSSUTF8 *
240 NSSOID_GetUTF8Encoding
241 (
243 NSSArena *arenaOpt
244 )
245 {
248 #ifdef DEBUG
251 }
256 }
257 }
261 }
263 /*
264 * Next, some internal bookkeeping; including the OID "tag" table
265 * and the debug-version pointer tracker.
266 */
268 /*
269 * For implementation reasons (so NSSOIDs can be compared with ==),
270 * we hash all NSSOIDs. This is the hash table.
271 */
275 /*
276 * And this is its lock.
277 */
281 /*
282 * This is the hash function. We simply XOR the encoded form with
283 * itself in sizeof(PLHashNumber)-byte chunks. Improving this
284 * routine is left as an excercise for the more mathematically
285 * inclined student.
286 */
288 static PLHashNumber PR_CALLBACK
289 oid_hash
290 (
292 )
293 {
298 PRUint32 i;
303 data++;
304 }
307 }
309 /*
310 * This is the key-compare function. It simply does a lexical
311 * comparison on the encoded OID form. This does not result in
312 * quite the same ordering as the "sequence of numbers" order,
313 * but heck it's only used internally by the hash table anyway.
314 */
316 static PRIntn PR_CALLBACK
317 oid_hash_compare
318 (
321 )
322 {
323 PRIntn rv;
333 }
336 }
338 /*
339 * The pointer-tracking code
340 */
342 #ifdef DEBUG
347 static PRStatus
348 oid_add_pointer
349 (
351 )
352 {
353 PRStatus rv;
358 }
365 }
368 }
371 }
373 #if defined(CAN_DELETE_OIDS)
374 /*
375 * We actually don't define NSSOID deletion, since we keep OIDs
376 * in a hash table for easy comparison. Were we to, this is
377 * what the pointer-removal function would look like.
378 */
380 static PRStatus
381 oid_remove_pointer
382 (
384 )
385 {
386 PRStatus rv;
391 }
394 }
399 /*
400 * All dynamically-added OIDs get their memory from one statically-
401 * declared arena here, merely so that any cleanup code will have
402 * an easier time of it.
403 */
407 /*
408 * This is the call-once function which initializes the hashtable.
409 * It creates it, then prepopulates it with all of the builtin OIDs.
410 * It also creates the aforementioned NSSArena.
411 */
413 static PRStatus PR_CALLBACK
414 oid_once_func
415 (
416 void
417 )
418 {
419 PRUint32 i;
421 /* Initialize the arena */
425 }
427 /* Create the hash table lock */
432 }
434 /* Create the hash table */
436 PL_CompareValues,
442 }
444 /* And populate it with all the builtins */
451 }
453 #ifdef DEBUG
456 }
458 }
462 loser:
466 }
471 }
476 }
479 }
481 /*
482 * This is NSPR's once-block.
483 */
487 /*
488 * And this is our multiply-callable internal init routine, which
489 * will call-once our call-once function.
490 */
492 static PRStatus
493 oid_init
494 (
495 void
496 )
497 {
499 }
501 #ifdef DEBUG
503 /*
504 * nssOID_verifyPointer
505 *
506 * This method is only present in debug builds.
507 *
508 * If the specified pointer is a valid pointer to an NSSOID object,
509 * this routine will return PR_SUCCESS. Otherwise, it will put an
510 * error on the error stack and return PR_FAILURE.
511 *
512 * The error may be one of the following values:
513 * NSS_ERROR_INVALID_NSSOID
514 * NSS_ERROR_NO_MEMORY
515 *
516 * Return value:
517 * PR_SUCCESS if the pointer is valid
518 * PR_FAILURE if it isn't
519 */
521 NSS_EXTERN PRStatus
522 nssOID_verifyPointer
523 (
525 )
526 {
527 PRStatus rv;
532 }
537 }
543 }
546 }
549 /*
550 * oid_sanity_check_ber
551 *
552 * This routine merely applies some sanity-checking to the BER-encoded
553 * OID.
554 */
556 static PRStatus
557 oid_sanity_check_ber
558 (
559 NSSBER *berOid
560 )
561 {
562 PRUint32 i;
565 /*
566 * The size must be longer than zero bytes.
567 */
571 }
573 /*
574 * In general, we can't preclude any number from showing up
575 * someday. We could probably guess that top-level numbers
576 * won't get very big (beyond the current ccitt(0), iso(1),
577 * or joint-ccitt-iso(2)). However, keep in mind that the
578 * encoding rules wrap the first two numbers together, as
579 *
580 * (first * 40) + second
581 *
582 * Also, it is noted in the specs that this implies that the
583 * second number won't go above forty.
584 *
585 * 128 encodes 3.8, which seems pretty safe for now. Let's
586 * check that the first byte is less than that.
587 *
588 * XXX This is a "soft check" -- we may want to exclude it.
589 */
593 }
595 /*
596 * In a normalised format, leading 0x80s will never show up.
597 * This means that no 0x80 will be preceeded by the final
598 * byte of a sequence, which would naturaly be less than 0x80.
599 * Our internal encoding for the single-digit OIDs uses 0x80,
600 * but the only places we use them (loading the builtin table,
601 * and adding a UTF8-encoded OID) bypass this check.
602 */
607 }
608 }
610 /*
611 * The high bit of each octet indicates that following octets
612 * are included in the current number. Thus the last byte can't
613 * have the high bit set.
614 */
618 }
620 /*
621 * Other than that, any byte sequence is legit.
622 */
624 }
626 /*
627 * nssOID_CreateFromBER
628 *
629 * This routine creates an NSSOID by decoding a BER- or DER-encoded
630 * OID. It may return NULL upon error, in which case it
631 * will have set an error on the error stack.
632 *
633 * The error may be one of the following values:
634 * NSS_ERROR_INVALID_BER
635 * NSS_ERROR_NO_MEMORY
636 *
637 * Return value:
638 * NULL upon error
639 * An NSSOID upon success
640 */
642 NSS_EXTERN NSSOID *
643 nssOID_CreateFromBER
644 (
645 NSSBER *berOid
646 )
647 {
653 }
658 }
660 /*
661 * Does it exist?
662 */
667 /* Found it! */
669 }
671 /*
672 * Doesn't exist-- create it.
673 */
677 }
682 }
687 #ifdef DEBUG
700 }
702 #ifdef DEBUG
703 {
704 PRStatus st;
713 }
714 }
718 }
720 /*
721 * oid_sanity_check_utf8
722 *
723 * This routine merely applies some sanity-checking to the
724 * UTF8-encoded OID.
725 */
727 static PRStatus
728 oid_sanity_check_utf8
729 (
730 NSSUTF8 *s
731 )
732 {
733 /*
734 * It may begin with an octothorpe, which we skip.
735 */
738 s++;
739 }
741 /*
742 * It begins with a number
743 */
747 }
749 /*
750 * First number is only one digit long
751 *
752 * XXX This is a "soft check" -- we may want to exclude it
753 */
757 }
759 /*
760 * Every character is either a digit or a period
761 */
766 }
768 /* No two consecutive periods */
771 }
772 }
774 /*
775 * The last character isn't a period
776 */
780 }
783 }
785 static PRUint32
786 oid_encode_number
787 (
788 PRUint32 n,
790 PRUint32 nb
791 )
792 {
794 PRUint32 i;
795 PRUint32 rv;
806 }
807 }
810 i--;
811 }
816 }
820 dp++;
821 }
826 }
828 /*
829 * oid_encode_huge
830 *
831 * This routine will convert a huge decimal number into the DER
832 * encoding for oid numbers. It is not limited to numbers that will
833 * fit into some wordsize, like oid_encode_number. But it's not
834 * necessarily very fast, either. This is here in case some joker
835 * throws us an ASCII oid like 1.2.3.99999999999999999999999999.
836 */
838 static PRUint32
839 oid_encode_huge
840 (
844 PRUint32 nb
845 )
846 {
851 PRUint32 i;
852 PRUint32 bitno;
855 PRUint32 byteno;
856 PRUint8 mask;
858 /* We'll be munging the data, so duplicate it */
862 }
864 /* Don't know ahead of time exactly how long we'll need */
869 }
871 /* Copy the original, and convert ASCII to numbers */
874 }
879 /*
880 * The way we create the binary version is by looking at it
881 * bit by bit. Start with the least significant bit. If the
882 * number is odd, set that bit. Halve the number (with integer
883 * division), and go to the next least significant bit. Keep
884 * going until the number goes to zero.
885 */
892 /* Skip leading zeroes */
896 }
897 }
899 /* Down to one number and it's a zero? Done. */
902 }
904 /* Last digit is odd? Set the bit */
907 }
910 /*
911 * Divide the number in half. This is just a matter
912 * of going from the least significant digit upwards,
913 * halving each one. If any digit is odd (other than
914 * the last, which has already been handled), add five
915 * to the digit to its right.
916 */
922 }
925 }
926 }
928 /* Is there room to write the encoded data? */
931 }
933 /* Trim any leading zero that crept in there */
937 }
938 }
940 /* Copy all but the last, marking the "continue" bit */
943 }
944 /* And the last with the "continue" bit clear */
950 }
952 /*
953 * oid_encode_string
954 *
955 * This routine converts a dotted-number OID into a DER-encoded
956 * one. It assumes we've already sanity-checked the string.
957 */
962 oid_encode_string
963 (
964 NSSUTF8 *s
965 )
966 {
974 PRUint32 inc;
976 /* Dump any octothorpe */
978 s++;
979 }
981 /* Count up the bytes needed */
986 nn++;
988 nd++;
989 }
990 }
992 nn++;
995 /*
996 * We have our own "denormalised" encoding for these,
997 * which is only used internally.
998 */
999 nb++;
1000 }
1002 /*
1003 * Allocate. Note that we don't use the oid_arena here.. this is
1004 * because there really isn't a "free()" for stuff allocated out of
1005 * arenas (at least with the current implementation), so this would
1006 * keep using up memory each time a UTF8-encoded OID were added.
1007 * If need be (if this is the first time this oid has been seen),
1008 * we'll copy it.
1009 */
1013 }
1019 }
1030 }
1033 ;
1034 }
1036 t++;
1041 }
1050 ;
1051 }
1053 t++;
1056 ;
1057 }
1060 /* In the billions. Rats. */
1065 }
1069 }
1072 }
1073 }
1077 loser:
1080 }
1082 /*
1083 * nssOID_CreateFromUTF8
1084 *
1085 * This routine creates an NSSOID by decoding a UTF8 string
1086 * representation of an OID in dotted-number format. The string may
1087 * optionally begin with an octothorpe. It may return NULL
1088 * upon error, in which case it will have set an error on the error
1089 * stack.
1090 *
1091 * The error may be one of the following values:
1092 * NSS_ERROR_INVALID_STRING
1093 * NSS_ERROR_NO_MEMORY
1094 *
1095 * Return value:
1096 * NULL upon error
1097 * An NSSOID upon success
1098 */
1100 NSS_EXTERN NSSOID *
1101 nssOID_CreateFromUTF8
1102 (
1103 NSSUTF8 *stringOid
1104 )
1105 {
1112 }
1117 }
1121 /* Internal error only */
1123 }
1125 /*
1126 * Does it exist?
1127 */
1132 /* Already exists. Delete my copy and return the original. */
1136 }
1138 /*
1139 * Nope. Add it. Remember to allocate it out of the oid arena.
1140 */
1145 }
1150 }
1158 #ifdef DEBUG
1169 }
1171 #ifdef DEBUG
1172 {
1173 PRStatus st;
1180 }
1181 }
1186 loser:
1189 }
1194 }
1198 }
1200 /*
1201 * nssOID_GetDEREncoding
1202 *
1203 * This routine returns the DER encoding of the specified NSSOID.
1204 * If the optional arena argument is non-null, the memory used will
1205 * be obtained from that arena; otherwise, the memory will be obtained
1206 * from the heap. This routine may return return null upon error, in
1207 * which case it will have set an error on the error stack.
1208 *
1209 * The error may be one of the following values:
1210 * NSS_ERROR_INVALID_OID
1211 * NSS_ERROR_NO_MEMORY
1212 *
1213 * Return value:
1214 * NULL upon error
1215 * The DER encoding of this NSSOID
1216 */
1218 NSS_EXTERN NSSDER *
1219 nssOID_GetDEREncoding
1220 (
1223 NSSArena *arenaOpt
1224 )
1225 {
1231 }
1233 #ifdef NSSDEBUG
1236 }
1241 }
1242 }
1251 }
1254 }
1260 }
1262 }
1268 }
1270 /*
1271 * nssOID_GetUTF8Encoding
1272 *
1273 * This routine returns a UTF8 string containing the dotted-number
1274 * encoding of the specified NSSOID. If the optional arena argument
1275 * is non-null, the memory used will be obtained from that arena;
1276 * otherwise, the memory will be obtained from the heap. This routine
1277 * may return null upon error, in which case it will have set an error
1278 * on the error stack.
1279 *
1280 * The error may be one of the following values:
1281 * NSS_ERROR_INVALID_OID
1282 * NSS_ERROR_NO_MEMORY
1283 *
1284 * Return value:
1285 * NULL upon error
1286 * A pointer to a UTF8 string containing the dotted-digit encoding of
1287 * this NSSOID
1288 */
1290 NSS_EXTERN NSSUTF8 *
1291 nssOID_GetUTF8Encoding
1292 (
1294 NSSArena *arenaOpt
1295 )
1296 {
1303 PRUint32 len;
1307 }
1309 #ifdef NSSDEBUG
1312 }
1317 }
1318 }
1323 /* d will point to the next sequence of bytes to decode */
1325 /* end points to one past the legitimate data */
1328 #ifdef NSSDEBUG
1329 /*
1330 * Guarantee that the for(e=d;e<end;e++) loop below will
1331 * terminate. Our BER sanity-checking code above will prevent
1332 * such a BER from being registered, so the only other way one
1333 * might show up is if our dotted-decimal encoder above screws
1334 * up or our generated list is wrong. So I'll wrap it with
1335 * #ifdef NSSDEBUG and #endif.
1336 */
1340 }
1343 /*
1344 * Check for our pseudo-encoded single-digit OIDs
1345 */
1347 /* Funky encoding. The second byte is the number */
1352 }
1354 }
1361 }
1362 }
1365 /* More than a 32-bit number */
1380 }
1383 /* This is the first number.. decompose it */
1390 }
1397 }
1401 }
1402 }
1403 }
1405 done:
1406 /*
1407 * Even if arenaOpt is NULL, we have to copy the data so that
1408 * it'll be freed with the right version of free: ours, not
1409 * PR_smprintf_free's.
1410 */
1416 }
1422 }
1424 /*
1425 * nssOID_getExplanation
1426 *
1427 * This method is only present in debug builds.
1428 *
1429 * This routine will return a static pointer to a UTF8-encoded string
1430 * describing (in English) the specified OID. The memory pointed to
1431 * by the return value is not owned by the caller, and should not be
1432 * freed or modified. Note that explanations are only provided for
1433 * the OIDs built into the NSS library; there is no way to specify an
1434 * explanation for dynamically created OIDs. This routine is intended
1435 * only for use in debugging tools such as "derdump." This routine
1436 * may return null upon error, in which case it will have placed an
1437 * error on the error stack.
1438 *
1439 * The error may be one of the following values:
1440 * NSS_ERROR_INVALID_NSSOID
1441 *
1442 * Return value:
1443 * NULL upon error
1444 * A static pointer to a readonly, non-caller-owned UTF8-encoded
1445 * string explaining the specified OID.
1446 */
1448 #ifdef DEBUG
1450 nssOID_getExplanation
1451 (
1452 NSSOID *oid
1453 )
1454 {
1457 }
1459 #ifdef NSSDEBUG
1462 }
1466 }
1471 /*
1472 * nssOID_getTaggedUTF8
1473 *
1474 * This method is only present in debug builds.
1475 *
1476 * This routine will return a pointer to a caller-owned UTF8-encoded
1477 * string containing a tagged encoding of the specified OID. Note
1478 * that OID (component) tags are only provided for the OIDs built
1479 * into the NSS library; there is no way to specify tags for
1480 * dynamically created OIDs. This routine is intended for use in
1481 * debugging tools such as "derdump." If the optional arena argument
1482 * is non-null, the memory used will be obtained from that arena;
1483 * otherwise, the memory will be obtained from the heap. This routine
1484 * may return return null upon error, in which case it will have set
1485 * an error on the error stack.
1486 *
1487 * The error may be one of the following values
1488 * NSS_ERROR_INVALID_NSSOID
1489 * NSS_ERROR_NO_MEMORY
1490 *
1491 * Return value:
1492 * NULL upon error
1493 * A pointer to a UTF8 string containing the tagged encoding of
1494 * this NSSOID
1495 */
1497 #ifdef DEBUG
1498 NSS_EXTERN NSSUTF8 *
1499 nssOID_getTaggedUTF8
1500 (
1502 NSSArena *arenaOpt
1503 )
1504 {
1511 PRUint32 len;
1515 }
1517 #ifdef NSSDEBUG
1520 }
1525 }
1526 }
1533 }
1535 /*
1536 * What I'm doing here is getting the text version of the OID,
1537 * e.g. 1.2.12.92, then looking up each set of leading numbers
1538 * as oids.. e.g. "1," then "1.2," then "1.2.12," etc. Each of
1539 * those will have the leaf tag, and I just build up the string.
1540 * I never said this was the most efficient way of doing it,
1541 * but hey it's a debug-build thing, and I'm getting really tired
1542 * of writing this stupid low-level PKI code.
1543 */
1545 /* I know it's all ASCII, so I can use char */
1549 }
1559 }
1560 }
1569 }
1574 }
1580 /* drop the OID reference on the floor */
1583 }
1590 }
1591 }
1600 }
1608 }
1614 }