Bring in the core of chromium certificate verifier as libpki
Initially this leaves the canonical source in chrome, Additions
and fillins are committed directly, the chrome files are coverted
using the IMPORT script run from the pki directory for the moment.
The intention here is to continue frequent automatic conversion
(and avoid wholesale cosmetic changes in here for now) until
chrome converts to use these files in place of it's versions.
At that point these will become the definiative files, and the
IMPORT script can be tossed out.
A middle step along the way will be to change google3's verify.cc
in third_party/chromium_certificate_verifier to use this instead
of it's own extracted copy.
Status (and what is not done yet) being roughly tracked in README.md
Bug: chromium:1322914
Change-Id: Ibdb5479bc68985fa61ce6b10f98f31f6b3a7cbdf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60285
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/pki/input.h b/pki/input.h
new file mode 100644
index 0000000..14a1fef
--- /dev/null
+++ b/pki/input.h
@@ -0,0 +1,156 @@
+// Copyright 2015 The Chromium Authors
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BSSL_DER_INPUT_H_
+#define BSSL_DER_INPUT_H_
+
+#include "fillins/openssl_util.h"
+#include <stddef.h>
+#include <stdint.h>
+
+#include <string>
+
+#include <openssl/span.h>
+
+
+namespace bssl::der {
+
+// An opaque class that represents a fixed buffer of data of a fixed length,
+// to be used as an input to other operations. An Input object does not own
+// the data it references, so callers are responsible for making sure that
+// the data outlives the Input object and any other associated objects.
+//
+// All data access for an Input should be done through the ByteReader class.
+// This class and associated classes are designed with safety in mind to make it
+// difficult to read memory outside of an Input. ByteReader provides a simple
+// API for reading through the Input sequentially. For more complicated uses,
+// multiple instances of a ByteReader for a particular Input can be created.
+class OPENSSL_EXPORT Input {
+ public:
+ // Creates an empty Input, one from which no data can be read.
+ constexpr Input() = default;
+
+ // Creates an Input from a constant array |data|.
+ template <size_t N>
+ constexpr explicit Input(const uint8_t (&data)[N]) : data_(data), len_(N) {}
+
+ // Creates an Input from the given |data| and |len|.
+ constexpr explicit Input(const uint8_t* data, size_t len)
+ : data_(data), len_(len) {}
+
+ // Creates an Input from a std::string_view
+ explicit Input(std::string_view sp);
+
+ // Creates an Input from a std::string. The lifetimes are a bit subtle when
+ // using this function: The constructed Input is only valid so long as |s| is
+ // still alive and not mutated.
+ explicit Input(const std::string* s);
+
+ // Returns the length in bytes of an Input's data.
+ constexpr size_t Length() const { return len_; }
+
+ // Returns a pointer to the Input's data. This method is marked as "unsafe"
+ // because access to the Input's data should be done through ByteReader
+ // instead. This method should only be used where using a ByteReader truly
+ // is not an option.
+ constexpr const uint8_t* UnsafeData() const { return data_; }
+
+ // Returns a copy of the data represented by this object as a std::string.
+ std::string AsString() const;
+
+ // Returns a std::string_view pointing to the same data as the Input. The
+ // resulting string_view must not outlive the data that was used to construct
+ // this Input.
+ std::string_view AsStringView() const;
+
+ // Returns a bssl::Span pointing to the same data as the Input. The resulting
+ // bssl::Span must not outlive the data that was used to construct this
+ // Input.
+ bssl::Span<const uint8_t> AsSpan() const;
+
+ private:
+ // This constructor is deleted to prevent constructing an Input from a
+ // std::string r-value. Since the Input points to memory owned by another
+ // object, such an Input would point to invalid memory. Without this deleted
+ // constructor, a std::string could be passed in to the std::string_view
+ // constructor because of std::string_view's implicit constructor.
+ Input(std::string) = delete;
+
+ const uint8_t* data_ = nullptr;
+ size_t len_ = 0;
+};
+
+// Return true if |lhs|'s data and |rhs|'s data are byte-wise equal.
+OPENSSL_EXPORT bool operator==(const Input& lhs, const Input& rhs);
+
+// Return true if |lhs|'s data and |rhs|'s data are not byte-wise equal.
+OPENSSL_EXPORT bool operator!=(const Input& lhs, const Input& rhs);
+
+// Returns true if |lhs|'s data is lexicographically less than |rhs|'s data.
+OPENSSL_EXPORT constexpr bool operator<(const Input& lhs,
+ const Input& rhs) {
+ // This is `std::lexicographical_compare`, but that's not `constexpr` until
+ // C++-20.
+ auto* it1 = lhs.UnsafeData();
+ auto* it2 = rhs.UnsafeData();
+ const auto* end1 = lhs.UnsafeData() + lhs.Length();
+ const auto* end2 = rhs.UnsafeData() + rhs.Length();
+ for (; it1 != end1 && it2 != end2; ++it1, ++it2) {
+ if (*it1 < *it2) {
+ return true;
+ } else if (*it2 < *it1) {
+ return false;
+ }
+ }
+
+ return it2 != end2;
+}
+
+// This class provides ways to read data from an Input in a bounds-checked way.
+// The ByteReader is designed to read through the input sequentially. Once a
+// byte has been read with a ByteReader, the caller can't go back and re-read
+// that byte with the same reader. Of course, the caller can create multiple
+// ByteReaders for the same input (or copy an existing ByteReader).
+//
+// For something simple like a single byte lookahead, the easiest way to do
+// that is to copy the ByteReader and call ReadByte() on the copy - the original
+// ByteReader will be unaffected and the peeked byte will be read through
+// ReadByte(). For other read patterns, it can be useful to mark where one is
+// in a ByteReader to be able to return to that spot.
+//
+// Some operations using Mark can also be done by creating a copy of the
+// ByteReader. By using a Mark instead, you use less memory, but more
+// importantly, you end up with an immutable object that matches the semantics
+// of what is intended.
+class OPENSSL_EXPORT ByteReader {
+ public:
+ // Creates a ByteReader to read the data represented by an Input.
+ explicit ByteReader(const Input& in);
+
+ // Reads a single byte from the input source, putting the byte read in
+ // |*byte_p|. If a byte cannot be read from the input (because there is
+ // no input left), then this method returns false.
+ [[nodiscard]] bool ReadByte(uint8_t* out);
+
+ // Reads |len| bytes from the input source, and initializes an Input to
+ // point to that data. If there aren't enough bytes left in the input source,
+ // then this method returns false.
+ [[nodiscard]] bool ReadBytes(size_t len, Input* out);
+
+ // Returns how many bytes are left to read.
+ size_t BytesLeft() const { return len_; }
+
+ // Returns whether there is any more data to be read.
+ bool HasMore();
+
+ private:
+ void Advance(size_t len);
+
+ const uint8_t* data_;
+ size_t len_;
+};
+
+} // namespace bssl::der
+
+#endif // BSSL_DER_INPUT_H_
