[Cryptech-Commits] [sw/libhal] 03/05: Encode/decode uint32_t and octet strings
git at cryptech.is
git at cryptech.is
Tue Feb 27 17:06:41 UTC 2018
This is an automated email from the git hooks/post-receive script.
paul at psgd.org pushed a commit to branch hashsig
in repository sw/libhal.
commit b87e7392cdc71b3a69728d7fb40a6697eeeed09e
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Tue Feb 27 17:59:02 2018 +0100
Encode/decode uint32_t and octet strings
---
asn1.c | 144 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
asn1_internal.h | 12 +++++
2 files changed, 156 insertions(+)
diff --git a/asn1.c b/asn1.c
index a653b45..1f4a14a 100644
--- a/asn1.c
+++ b/asn1.c
@@ -174,6 +174,88 @@ hal_error_t hal_asn1_encode_integer(const fp_int * const bn,
return HAL_OK;
}
+/*
+ * Encode an unsigned ASN.1 INTEGER from a uint32_t. If der is
+ * NULL, just return the length of what we would have encoded.
+ */
+
+hal_error_t hal_asn1_encode_uint32(const uint32_t n,
+ uint8_t *der, size_t *der_len, const size_t der_max)
+{
+ /*
+ * We only handle unsigned INTEGERs, so we need to pad data with a
+ * leading zero if the most significant bit is set, to avoid
+ * flipping the ASN.1 sign bit.
+ */
+
+ size_t vlen;
+ hal_error_t err;
+ size_t hlen;
+
+ /* DER says to use the minimum number of octets */
+ if (n < 0x80) vlen = 1;
+ else if (n < 0x8000) vlen = 2;
+ else if (n < 0x800000) vlen = 3;
+ else if (n < 0x80000000) vlen = 4;
+ else vlen = 5;
+
+ err = hal_asn1_encode_header(ASN1_INTEGER, vlen, der, &hlen, der_max);
+
+ if (der_len != NULL)
+ *der_len = hlen + vlen;
+
+ if (der == NULL || err != HAL_OK)
+ return err;
+
+ assert(hlen + vlen <= der_max);
+
+ der += hlen;
+
+ uint32_t m = n;
+ for (size_t i = vlen; i > 0; --i) {
+ der[i - 1] = m & 0xff;
+ m >>= 8;
+ }
+
+ return HAL_OK;
+}
+
+/*
+ * Encode an ASN.1 OCTET STRING. If der is NULL, just return the length
+ * of what we would have encoded.
+ */
+
+hal_error_t hal_asn1_encode_octet_string(const uint8_t * const data, const size_t data_len,
+ uint8_t *der, size_t *der_len, const size_t der_max)
+{
+ if (data_len == 0 || (der != NULL && data == NULL))
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ size_t hlen;
+ hal_error_t err;
+
+ if ((err = hal_asn1_encode_header(ASN1_OCTET_STRING, data_len, NULL, &hlen, 0)) != HAL_OK)
+ return err;
+
+ if (der_len != NULL)
+ *der_len = hlen + data_len;
+
+ if (der == NULL)
+ return HAL_OK;
+
+ assert(hlen + data_len <= der_max);
+
+ /*
+ * Handle data early, in case it was staged into our output buffer.
+ */
+ memmove(der + hlen, data, data_len);
+
+ if ((err = hal_asn1_encode_header(ASN1_OCTET_STRING, data_len, der, &hlen, der_max)) != HAL_OK)
+ return err;
+
+ return HAL_OK;
+}
+
/*
* Encode a public key into a X.509 SubjectPublicKeyInfo (RFC 5280).
*/
@@ -483,6 +565,68 @@ hal_error_t hal_asn1_decode_integer(fp_int *bn,
return HAL_OK;
}
+/*
+ * Decode an ASN.1 INTEGER into a uint32_t. Since we only
+ * support (or need to support, or expect to see) unsigned integers,
+ * we return failure if the sign bit is set in the ASN.1 INTEGER.
+ */
+
+hal_error_t hal_asn1_decode_uint32(uint32_t *np,
+ const uint8_t * const der, size_t *der_len, const size_t der_max)
+{
+ if (np == NULL || der == NULL)
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ hal_error_t err;
+ size_t hlen, vlen;
+
+ if ((err = hal_asn1_decode_header(ASN1_INTEGER, der, der_max, &hlen, &vlen)) != HAL_OK)
+ return err;
+
+ if (der_len != NULL)
+ *der_len = hlen + vlen;
+
+ if (vlen < 1 || vlen > 5 || (der[hlen] & 0x80) != 0x00 || (vlen == 5 && der[hlen] != 0))
+ return HAL_ERROR_ASN1_PARSE_FAILED;
+
+ uint32_t n = 0;
+ for (size_t i = 0; i < vlen; ++i) {
+ n <<= 8; // slightly inefficient for the first octet
+ n += der[hlen + i];
+ }
+ *np = n;
+
+ return HAL_OK;
+}
+
+/*
+ * Decode an ASN.1 OCTET STRING.
+ */
+
+hal_error_t hal_asn1_decode_octet_string(uint8_t *data, const size_t data_len,
+ const uint8_t * const der, size_t *der_len, const size_t der_max)
+{
+ if (der == NULL)
+ return HAL_ERROR_BAD_ARGUMENTS;
+
+ size_t hlen, vlen;
+ hal_error_t err;
+
+ if ((err = hal_asn1_decode_header(ASN1_OCTET_STRING, der, der_max, &hlen, &vlen)) != HAL_OK)
+ return err;
+
+ if (der_len != NULL)
+ *der_len = hlen + vlen;
+
+ if (data != NULL) {
+ if (data_len != vlen)
+ return HAL_ERROR_ASN1_PARSE_FAILED;
+ memmove(data, der + hlen, vlen);
+ }
+
+ return HAL_OK;
+}
+
/*
* Decode a public key from a X.509 SubjectPublicKeyInfo (RFC 5280).
*/
diff --git a/asn1_internal.h b/asn1_internal.h
index 3de8bd6..bba4503 100644
--- a/asn1_internal.h
+++ b/asn1_internal.h
@@ -117,9 +117,21 @@ extern hal_error_t hal_asn1_decode_header(const uint8_t tag,
extern hal_error_t hal_asn1_encode_integer(const fp_int * const bn,
uint8_t *der, size_t *der_len, const size_t der_max);
+extern hal_error_t hal_asn1_encode_uint32(const uint32_t n,
+ uint8_t *der, size_t *der_len, const size_t der_max);
+
+extern hal_error_t hal_asn1_encode_octet_string(const uint8_t * const data, const size_t data_len,
+ uint8_t *der, size_t *der_len, const size_t der_max);
+
extern hal_error_t hal_asn1_decode_integer(fp_int *bn,
const uint8_t * const der, size_t *der_len, const size_t der_max);
+extern hal_error_t hal_asn1_decode_uint32(uint32_t *np,
+ const uint8_t * const der, size_t *der_len, const size_t der_max);
+
+extern hal_error_t hal_asn1_decode_octet_string(uint8_t *data, const size_t data_len,
+ const uint8_t * const der, size_t *der_len, const size_t der_max);
+
extern hal_error_t hal_asn1_encode_spki(const uint8_t * const alg_oid, const size_t alg_oid_len,
const uint8_t * const curve_oid, const size_t curve_oid_len,
const uint8_t * const pubkey, const size_t pubkey_len,
More information about the Commits
mailing list