1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef CTUtils_h
#define CTUtils_h
#include <memory>
#include "cryptohi.h"
#include "keyhi.h"
#include "keythi.h"
#include "pk11pub.h"
#include "mozpkix/Input.h"
#include "mozpkix/Result.h"
#define MOZILLA_CT_ARRAY_LENGTH(x) (sizeof(x) / sizeof((x)[0]))
struct DeleteHelper {
void operator()(CERTSubjectPublicKeyInfo* value) {
SECKEY_DestroySubjectPublicKeyInfo(value);
}
void operator()(PK11Context* value) { PK11_DestroyContext(value, true); }
void operator()(PK11SlotInfo* value) { PK11_FreeSlot(value); }
void operator()(SECKEYPublicKey* value) { SECKEY_DestroyPublicKey(value); }
void operator()(SECItem* value) { SECITEM_FreeItem(value, true); }
};
template <class T>
struct MaybeDeleteHelper {
void operator()(T* ptr) {
if (ptr) {
DeleteHelper del;
del(ptr);
}
}
};
typedef std::unique_ptr<CERTSubjectPublicKeyInfo,
MaybeDeleteHelper<CERTSubjectPublicKeyInfo>>
UniqueCERTSubjectPublicKeyInfo;
typedef std::unique_ptr<PK11Context, MaybeDeleteHelper<PK11Context>>
UniquePK11Context;
typedef std::unique_ptr<PK11SlotInfo, MaybeDeleteHelper<PK11SlotInfo>>
UniquePK11SlotInfo;
typedef std::unique_ptr<SECKEYPublicKey, MaybeDeleteHelper<SECKEYPublicKey>>
UniqueSECKEYPublicKey;
typedef std::unique_ptr<SECItem, MaybeDeleteHelper<SECItem>> UniqueSECItem;
namespace mozilla {
namespace ct {
// Reads a TLS-encoded variable length unsigned integer from |in|.
// The integer is expected to be in big-endian order, which is used by TLS.
// Note: does not check if the output parameter overflows while reading.
// |length| indicates the size (in bytes) of the serialized integer.
inline static pkix::Result UncheckedReadUint(size_t length, pkix::Reader& in,
uint64_t& out) {
uint64_t result = 0;
for (size_t i = 0; i < length; ++i) {
uint8_t value;
pkix::Result rv = in.Read(value);
if (rv != pkix::Success) {
return rv;
}
result = (result << 8) | value;
}
out = result;
return pkix::Success;
}
// Performs overflow sanity checks and calls UncheckedReadUint.
template <size_t length, typename T>
pkix::Result ReadUint(pkix::Reader& in, T& out) {
uint64_t value;
static_assert(std::is_unsigned<T>::value, "T must be unsigned");
static_assert(length <= 8, "At most 8 byte integers can be read");
static_assert(sizeof(T) >= length, "T must be able to hold <length> bytes");
pkix::Result rv = UncheckedReadUint(length, in, value);
if (rv != pkix::Success) {
return rv;
}
out = static_cast<T>(value);
return pkix::Success;
}
// Reads |length| bytes from |in|.
static inline pkix::Result ReadFixedBytes(size_t length, pkix::Reader& in,
pkix::Input& out) {
return in.Skip(length, out);
}
// Reads a length-prefixed variable amount of bytes from |in|, updating |out|
// on success. |prefixLength| indicates the number of bytes needed to represent
// the length.
template <size_t prefixLength>
pkix::Result ReadVariableBytes(pkix::Reader& in, pkix::Input& out) {
size_t length;
pkix::Result rv = ReadUint<prefixLength>(in, length);
if (rv != pkix::Success) {
return rv;
}
return ReadFixedBytes(length, in, out);
}
} // namespace ct
} // namespace mozilla
#endif // CTUtils_h
|
