gecko-dev/security/nss/lib/util/pkcs11uri.c

834 строки
23 KiB
C

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "pkcs11.h"
#include "pkcs11uri.h"
#include "plarena.h"
#include "prprf.h"
#include "secport.h"
/* Character sets used in the ABNF rules in RFC7512. */
#define PK11URI_DIGIT "0123456789"
#define PK11URI_ALPHA "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
#define PK11URI_HEXDIG PK11URI_DIGIT "abcdefABCDEF"
#define PK11URI_UNRESERVED PK11URI_ALPHA PK11URI_DIGIT "-._~"
#define PK11URI_RES_AVAIL ":[]@!$'()*+,="
#define PK11URI_PATH_RES_AVAIL PK11URI_RES_AVAIL "&"
#define PK11URI_QUERY_RES_AVAIL PK11URI_RES_AVAIL "/?|"
#define PK11URI_ATTR_NM_CHAR PK11URI_ALPHA PK11URI_DIGIT "-_"
#define PK11URI_PCHAR PK11URI_UNRESERVED PK11URI_PATH_RES_AVAIL
#define PK11URI_QCHAR PK11URI_UNRESERVED PK11URI_QUERY_RES_AVAIL
/* Path attributes defined in RFC7512. */
static const char *pattr_names[] = {
PK11URI_PATTR_TOKEN,
PK11URI_PATTR_MANUFACTURER,
PK11URI_PATTR_SERIAL,
PK11URI_PATTR_MODEL,
PK11URI_PATTR_LIBRARY_MANUFACTURER,
PK11URI_PATTR_LIBRARY_DESCRIPTION,
PK11URI_PATTR_LIBRARY_VERSION,
PK11URI_PATTR_OBJECT,
PK11URI_PATTR_TYPE,
PK11URI_PATTR_ID,
PK11URI_PATTR_SLOT_MANUFACTURER,
PK11URI_PATTR_SLOT_DESCRIPTION,
PK11URI_PATTR_SLOT_ID
};
/* Query attributes defined in RFC7512. */
static const char *qattr_names[] = {
PK11URI_QATTR_PIN_SOURCE,
PK11URI_QATTR_PIN_VALUE,
PK11URI_QATTR_MODULE_NAME,
PK11URI_QATTR_MODULE_PATH
};
struct PK11URIBufferStr {
PLArenaPool *arena;
char *data;
size_t size;
size_t allocated;
};
typedef struct PK11URIBufferStr PK11URIBuffer;
struct PK11URIAttributeListEntryStr {
char *name;
char *value;
};
typedef struct PK11URIAttributeListEntryStr PK11URIAttributeListEntry;
struct PK11URIAttributeListStr {
PLArenaPool *arena;
PK11URIAttributeListEntry *attrs;
size_t num_attrs;
};
typedef struct PK11URIAttributeListStr PK11URIAttributeList;
struct PK11URIStr {
PLArenaPool *arena;
PK11URIAttributeList pattrs;
PK11URIAttributeList vpattrs;
PK11URIAttributeList qattrs;
PK11URIAttributeList vqattrs;
};
#define PK11URI_ARENA_SIZE 1024
typedef int (*PK11URIAttributeCompareNameFunc)(const char *a, const char *b);
/* This belongs in secport.h */
#define PORT_ArenaGrowArray(poolp, oldptr, type, oldnum, newnum) \
(type *)PORT_ArenaGrow((poolp), (oldptr), \
(oldnum) * sizeof(type), (newnum) * sizeof(type))
#define PORT_ReallocArray(oldptr, type, newnum) \
(type *)PORT_Realloc((oldptr), (newnum) * sizeof(type))
/* Functions for resizable buffer. */
static SECStatus
pk11uri_AppendBuffer(PK11URIBuffer *buffer, const unsigned char *data,
size_t size)
{
/* Check overflow. */
if (buffer->size + size < buffer->size)
return SECFailure;
if (buffer->size + size > buffer->allocated) {
size_t allocated = buffer->allocated * 2 + size;
if (allocated < buffer->allocated)
return SECFailure;
if (buffer->arena)
buffer->data = PORT_ArenaGrow(buffer->arena, buffer->data,
buffer->allocated, allocated);
else
buffer->data = PORT_Realloc(buffer->data, allocated);
if (buffer->data == NULL)
return SECFailure;
buffer->allocated = allocated;
}
memcpy(&buffer->data[buffer->size], data, size);
buffer->size += size;
return SECSuccess;
}
static void
pk11uri_InitBuffer(PK11URIBuffer *buffer, PLArenaPool *arena)
{
memset(buffer, 0, sizeof(PK11URIBuffer));
buffer->arena = arena;
}
static void
pk11uri_DestroyBuffer(PK11URIBuffer *buffer)
{
if (buffer->arena == NULL) {
PORT_Free(buffer->data);
}
}
/* URI encoding functions. */
static char *
pk11uri_Escape(PLArenaPool *arena, const char *value, size_t length,
const char *available)
{
PK11URIBuffer buffer;
const char *p;
unsigned char buf[4];
char *result = NULL;
SECStatus ret;
pk11uri_InitBuffer(&buffer, arena);
for (p = value; p < value + length; p++) {
if (strchr(available, *p) == NULL) {
if (PR_snprintf((char *)buf, sizeof(buf), "%%%02X", *p) == (PRUint32)-1) {
goto fail;
}
ret = pk11uri_AppendBuffer(&buffer, buf, 3);
if (ret != SECSuccess) {
goto fail;
}
} else {
ret = pk11uri_AppendBuffer(&buffer, (const unsigned char *)p, 1);
if (ret != SECSuccess) {
goto fail;
}
}
}
buf[0] = '\0';
ret = pk11uri_AppendBuffer(&buffer, buf, 1);
if (ret != SECSuccess) {
goto fail;
}
/* Steal the memory allocated in buffer. */
result = buffer.data;
buffer.data = NULL;
fail:
pk11uri_DestroyBuffer(&buffer);
return result;
}
static char *
pk11uri_Unescape(PLArenaPool *arena, const char *value, size_t length)
{
PK11URIBuffer buffer;
const char *p;
unsigned char buf[1];
char *result = NULL;
SECStatus ret;
pk11uri_InitBuffer(&buffer, arena);
for (p = value; p < value + length; p++) {
if (*p == '%') {
int c;
size_t i;
p++;
for (c = 0, i = 0; i < 2; i++) {
int h = *(p + i);
if ('0' <= h && h <= '9') {
c = (c << 4) | (h - '0');
} else if ('a' <= h && h <= 'f') {
c = (c << 4) | (h - 'a' + 10);
} else if ('A' <= h && h <= 'F') {
c = (c << 4) | (h - 'A' + 10);
} else {
break;
}
}
if (i != 2) {
goto fail;
}
p++;
buf[0] = c;
} else {
buf[0] = *p;
}
ret = pk11uri_AppendBuffer(&buffer, buf, 1);
if (ret != SECSuccess) {
goto fail;
}
}
buf[0] = '\0';
ret = pk11uri_AppendBuffer(&buffer, buf, 1);
if (ret != SECSuccess) {
goto fail;
}
result = buffer.data;
buffer.data = NULL;
fail:
pk11uri_DestroyBuffer(&buffer);
return result;
}
/* Functions for manipulating attributes array. */
/* Compare two attribute names by the array index in attr_names. Both
* attribute names must be present in attr_names, otherwise it is a
* programming error. */
static int
pk11uri_CompareByPosition(const char *a, const char *b,
const char **attr_names, size_t num_attr_names)
{
size_t i, j;
for (i = 0; i < num_attr_names; i++) {
if (strcmp(a, attr_names[i]) == 0) {
break;
}
}
PR_ASSERT(i < num_attr_names);
for (j = 0; j < num_attr_names; j++) {
if (strcmp(b, attr_names[j]) == 0) {
break;
}
}
PR_ASSERT(j < num_attr_names);
return i - j;
}
/* Those pk11uri_Compare{Path,Query}AttributeName functions are used
* to reorder attributes when inserting. */
static int
pk11uri_ComparePathAttributeName(const char *a, const char *b)
{
return pk11uri_CompareByPosition(a, b, pattr_names, PR_ARRAY_SIZE(pattr_names));
}
static int
pk11uri_CompareQueryAttributeName(const char *a, const char *b)
{
return pk11uri_CompareByPosition(a, b, qattr_names, PR_ARRAY_SIZE(qattr_names));
}
static SECStatus
pk11uri_InsertToAttributeList(PK11URIAttributeList *attrs,
char *name, char *value,
PK11URIAttributeCompareNameFunc compare_name,
PRBool allow_duplicate)
{
size_t i;
if (attrs->arena) {
attrs->attrs = PORT_ArenaGrowArray(attrs->arena, attrs->attrs,
PK11URIAttributeListEntry,
attrs->num_attrs,
attrs->num_attrs + 1);
} else {
attrs->attrs = PORT_ReallocArray(attrs->attrs,
PK11URIAttributeListEntry,
attrs->num_attrs + 1);
}
if (attrs->attrs == NULL) {
return SECFailure;
}
for (i = 0; i < attrs->num_attrs; i++) {
if (!allow_duplicate && strcmp(name, attrs->attrs[i].name) == 0) {
return SECFailure;
}
if (compare_name(name, attrs->attrs[i].name) < 0) {
memmove(&attrs->attrs[i + 1], &attrs->attrs[i],
sizeof(PK11URIAttributeListEntry) * (attrs->num_attrs - i));
break;
}
}
attrs->attrs[i].name = name;
attrs->attrs[i].value = value;
attrs->num_attrs++;
return SECSuccess;
}
static SECStatus
pk11uri_InsertToAttributeListEscaped(PK11URIAttributeList *attrs,
const char *name, size_t name_size,
const char *value, size_t value_size,
PK11URIAttributeCompareNameFunc compare_name,
PRBool allow_duplicate)
{
char *name_copy = NULL, *value_copy = NULL;
SECStatus ret;
if (attrs->arena) {
name_copy = PORT_ArenaNewArray(attrs->arena, char, name_size + 1);
} else {
name_copy = PORT_Alloc(name_size + 1);
}
if (name_copy == NULL) {
goto fail;
}
memcpy(name_copy, name, name_size);
name_copy[name_size] = '\0';
value_copy = pk11uri_Unescape(attrs->arena, value, value_size);
if (value_copy == NULL) {
goto fail;
}
ret = pk11uri_InsertToAttributeList(attrs, name_copy, value_copy, compare_name,
allow_duplicate);
if (ret != SECSuccess) {
goto fail;
}
return ret;
fail:
if (attrs->arena == NULL) {
PORT_Free(name_copy);
PORT_Free(value_copy);
}
return SECFailure;
}
static void
pk11uri_InitAttributeList(PK11URIAttributeList *attrs, PLArenaPool *arena)
{
memset(attrs, 0, sizeof(PK11URIAttributeList));
attrs->arena = arena;
}
static void
pk11uri_DestroyAttributeList(PK11URIAttributeList *attrs)
{
if (attrs->arena == NULL) {
size_t i;
for (i = 0; i < attrs->num_attrs; i++) {
PORT_Free(attrs->attrs[i].name);
PORT_Free(attrs->attrs[i].value);
}
PORT_Free(attrs->attrs);
}
}
static SECStatus
pk11uri_AppendAttributeListToBuffer(PK11URIBuffer *buffer,
PK11URIAttributeList *attrs,
int separator,
const char *unescaped)
{
size_t i;
SECStatus ret;
for (i = 0; i < attrs->num_attrs; i++) {
unsigned char sep[1];
char *escaped;
PK11URIAttributeListEntry *attr = &attrs->attrs[i];
if (i > 0) {
sep[0] = separator;
ret = pk11uri_AppendBuffer(buffer, sep, 1);
if (ret != SECSuccess) {
return ret;
}
}
ret = pk11uri_AppendBuffer(buffer, (unsigned char *)attr->name,
strlen(attr->name));
if (ret != SECSuccess) {
return ret;
}
sep[0] = '=';
ret = pk11uri_AppendBuffer(buffer, sep, 1);
if (ret != SECSuccess) {
return ret;
}
escaped = pk11uri_Escape(buffer->arena, attr->value, strlen(attr->value),
unescaped);
if (escaped == NULL) {
return ret;
}
ret = pk11uri_AppendBuffer(buffer, (unsigned char *)escaped,
strlen(escaped));
if (buffer->arena == NULL) {
PORT_Free(escaped);
}
if (ret != SECSuccess) {
return ret;
}
}
return SECSuccess;
}
/* Creation of PK11URI object. */
static PK11URI *
pk11uri_AllocURI(void)
{
PLArenaPool *arena;
PK11URI *result;
arena = PORT_NewArena(PK11URI_ARENA_SIZE);
if (arena == NULL) {
return NULL;
}
result = PORT_ArenaZAlloc(arena, sizeof(PK11URI));
if (result == NULL) {
PORT_FreeArena(arena, PR_FALSE);
return NULL;
}
result->arena = arena;
pk11uri_InitAttributeList(&result->pattrs, arena);
pk11uri_InitAttributeList(&result->vpattrs, arena);
pk11uri_InitAttributeList(&result->qattrs, arena);
pk11uri_InitAttributeList(&result->vqattrs, arena);
return result;
}
static SECStatus
pk11uri_InsertAttributes(PK11URIAttributeList *dest_attrs,
PK11URIAttributeList *dest_vattrs,
const PK11URIAttribute *attrs,
size_t num_attrs,
const char **attr_names,
size_t num_attr_names,
PK11URIAttributeCompareNameFunc compare_name,
PRBool allow_duplicate,
PRBool vendor_allow_duplicate)
{
SECStatus ret;
size_t i;
for (i = 0; i < num_attrs; i++) {
char *name, *value;
const char *p;
size_t j;
p = attrs[i].name;
/* The attribute must not be empty. */
if (*p == '\0') {
return SECFailure;
}
/* Check that the name doesn't contain invalid character. */
for (; *p != '\0'; p++) {
if (strchr(PK11URI_ATTR_NM_CHAR, *p) == NULL) {
return SECFailure;
}
}
name = PORT_ArenaStrdup(dest_attrs->arena, attrs[i].name);
if (name == NULL) {
return SECFailure;
}
value = PORT_ArenaStrdup(dest_attrs->arena, attrs[i].value);
if (value == NULL) {
return SECFailure;
}
for (j = 0; j < num_attr_names; j++) {
if (strcmp(name, attr_names[j]) == 0) {
break;
}
}
if (j < num_attr_names) {
/* Named attribute. */
ret = pk11uri_InsertToAttributeList(dest_attrs,
name, value,
compare_name,
allow_duplicate);
if (ret != SECSuccess) {
return ret;
}
} else {
/* Vendor attribute. */
ret = pk11uri_InsertToAttributeList(dest_vattrs,
name, value,
strcmp,
vendor_allow_duplicate);
if (ret != SECSuccess) {
return ret;
}
}
}
return SECSuccess;
}
PK11URI *
PK11URI_CreateURI(const PK11URIAttribute *pattrs,
size_t num_pattrs,
const PK11URIAttribute *qattrs,
size_t num_qattrs)
{
PK11URI *result;
SECStatus ret;
result = pk11uri_AllocURI();
ret = pk11uri_InsertAttributes(&result->pattrs, &result->vpattrs,
pattrs, num_pattrs,
pattr_names, PR_ARRAY_SIZE(pattr_names),
pk11uri_ComparePathAttributeName,
PR_FALSE, PR_FALSE);
if (ret != SECSuccess) {
goto fail;
}
ret = pk11uri_InsertAttributes(&result->qattrs, &result->vqattrs,
qattrs, num_qattrs,
qattr_names, PR_ARRAY_SIZE(qattr_names),
pk11uri_CompareQueryAttributeName,
PR_FALSE, PR_TRUE);
if (ret != SECSuccess) {
goto fail;
}
return result;
fail:
PK11URI_DestroyURI(result);
return NULL;
}
/* Parsing. */
static SECStatus
pk11uri_ParseAttributes(const char **string,
const char *stop_chars,
int separator,
const char *accept_chars,
const char **attr_names, size_t num_attr_names,
PK11URIAttributeList *attrs,
PK11URIAttributeList *vattrs,
PK11URIAttributeCompareNameFunc compare_name,
PRBool allow_duplicate,
PRBool vendor_allow_duplicate)
{
const char *p = *string;
for (; *p != '\0'; p++) {
const char *name_start, *name_end, *value_start, *value_end;
size_t name_length, value_length, i;
SECStatus ret;
if (strchr(stop_chars, *p) != NULL) {
break;
}
for (name_start = p; *p != '=' && *p != '\0'; p++) {
if (strchr(PK11URI_ATTR_NM_CHAR, *p) != NULL)
continue;
return SECFailure;
}
if (*p == '\0') {
return SECFailure;
}
name_end = p++;
/* The attribute name must not be empty. */
if (name_end == name_start) {
return SECFailure;
}
for (value_start = p; *p != separator && *p != '\0'; p++) {
if (strchr(stop_chars, *p) != NULL) {
break;
}
if (strchr(accept_chars, *p) != NULL) {
continue;
}
if (*p == '%') {
const char ch2 = *++p;
if (strchr(PK11URI_HEXDIG, ch2) != NULL) {
const char ch3 = *++p;
if (strchr(PK11URI_HEXDIG, ch3) != NULL)
continue;
}
}
return SECFailure;
}
value_end = p;
name_length = name_end - name_start;
value_length = value_end - value_start;
for (i = 0; i < num_attr_names; i++) {
if (name_length == strlen(attr_names[i]) &&
memcmp(name_start, attr_names[i], name_length) == 0) {
break;
}
}
if (i < num_attr_names) {
/* Named attribute. */
ret = pk11uri_InsertToAttributeListEscaped(attrs,
name_start, name_length,
value_start, value_length,
compare_name,
allow_duplicate);
if (ret != SECSuccess) {
return ret;
}
} else {
/* Vendor attribute. */
ret = pk11uri_InsertToAttributeListEscaped(vattrs,
name_start, name_length,
value_start, value_length,
strcmp,
vendor_allow_duplicate);
if (ret != SECSuccess) {
return ret;
}
}
if (*p == '?' || *p == '\0') {
break;
}
}
*string = p;
return SECSuccess;
}
PK11URI *
PK11URI_ParseURI(const char *string)
{
PK11URI *result;
const char *p = string;
SECStatus ret;
if (PORT_Strncasecmp("pkcs11:", p, 7) != 0) {
return NULL;
}
p += 7;
result = pk11uri_AllocURI();
if (result == NULL) {
return NULL;
}
/* Parse the path component and its attributes. */
ret = pk11uri_ParseAttributes(&p, "?", ';', PK11URI_PCHAR,
pattr_names, PR_ARRAY_SIZE(pattr_names),
&result->pattrs, &result->vpattrs,
pk11uri_ComparePathAttributeName,
PR_FALSE, PR_FALSE);
if (ret != SECSuccess) {
goto fail;
}
/* Parse the query component and its attributes. */
if (*p == '?') {
p++;
ret = pk11uri_ParseAttributes(&p, "", '&', PK11URI_QCHAR,
qattr_names, PR_ARRAY_SIZE(qattr_names),
&result->qattrs, &result->vqattrs,
pk11uri_CompareQueryAttributeName,
PR_FALSE, PR_TRUE);
if (ret != SECSuccess) {
goto fail;
}
}
return result;
fail:
PK11URI_DestroyURI(result);
return NULL;
}
/* Formatting. */
char *
PK11URI_FormatURI(PLArenaPool *arena, PK11URI *uri)
{
PK11URIBuffer buffer;
SECStatus ret;
char *result = NULL;
pk11uri_InitBuffer(&buffer, arena);
ret = pk11uri_AppendBuffer(&buffer, (unsigned char *)"pkcs11:", 7);
if (ret != SECSuccess)
goto fail;
ret = pk11uri_AppendAttributeListToBuffer(&buffer, &uri->pattrs, ';', PK11URI_PCHAR);
if (ret != SECSuccess) {
goto fail;
}
if (uri->pattrs.num_attrs > 0 && uri->vpattrs.num_attrs > 0) {
ret = pk11uri_AppendBuffer(&buffer, (unsigned char *)";", 1);
if (ret != SECSuccess) {
goto fail;
}
}
ret = pk11uri_AppendAttributeListToBuffer(&buffer, &uri->vpattrs, ';',
PK11URI_PCHAR);
if (ret != SECSuccess) {
goto fail;
}
if (uri->qattrs.num_attrs > 0 || uri->vqattrs.num_attrs > 0) {
ret = pk11uri_AppendBuffer(&buffer, (unsigned char *)"?", 1);
if (ret != SECSuccess) {
goto fail;
}
}
ret = pk11uri_AppendAttributeListToBuffer(&buffer, &uri->qattrs, '&', PK11URI_QCHAR);
if (ret != SECSuccess) {
goto fail;
}
if (uri->qattrs.num_attrs > 0 && uri->vqattrs.num_attrs > 0) {
ret = pk11uri_AppendBuffer(&buffer, (unsigned char *)"&", 1);
if (ret != SECSuccess) {
goto fail;
}
}
ret = pk11uri_AppendAttributeListToBuffer(&buffer, &uri->vqattrs, '&',
PK11URI_QCHAR);
if (ret != SECSuccess) {
goto fail;
}
ret = pk11uri_AppendBuffer(&buffer, (unsigned char *)"\0", 1);
if (ret != SECSuccess) {
goto fail;
}
result = buffer.data;
buffer.data = NULL;
fail:
pk11uri_DestroyBuffer(&buffer);
return result;
}
/* Deallocating. */
void
PK11URI_DestroyURI(PK11URI *uri)
{
pk11uri_DestroyAttributeList(&uri->pattrs);
pk11uri_DestroyAttributeList(&uri->vpattrs);
pk11uri_DestroyAttributeList(&uri->qattrs);
pk11uri_DestroyAttributeList(&uri->vqattrs);
PORT_FreeArena(uri->arena, PR_FALSE);
}
/* Accessors. */
static const char *
pk11uri_GetAttribute(PK11URIAttributeList *attrs,
PK11URIAttributeList *vattrs,
const char *name)
{
size_t i;
for (i = 0; i < attrs->num_attrs; i++) {
if (strcmp(name, attrs->attrs[i].name) == 0) {
return attrs->attrs[i].value;
}
}
for (i = 0; i < vattrs->num_attrs; i++) {
if (strcmp(name, vattrs->attrs[i].name) == 0) {
return vattrs->attrs[i].value;
}
}
return NULL;
}
const char *
PK11URI_GetPathAttribute(PK11URI *uri, const char *name)
{
return pk11uri_GetAttribute(&uri->pattrs, &uri->vpattrs, name);
}
const char *
PK11URI_GetQueryAttribute(PK11URI *uri, const char *name)
{
return pk11uri_GetAttribute(&uri->qattrs, &uri->vqattrs, name);
}