ASN1 integer encoding

ChangeLog.d/asn1-write-integer.txt

@@ -0,0 +1,8 @@
+Features
+   * Add a new function mbedtls_asn1_write_integer() that encodes an arbitrary
+     precision integer into ASN.1 DER format. This function replaces
+     mbedtls_asn1_write_mpi(), which has been made internal-only.
+Removals
+   * Remove mbedtls_asn1_write_mpi() from the public API. This has been replaced
+     by mbedtls_asn1_write_integer(), which does not use the legacy mbedtls_mpi
+     type.

drivers/builtin/include/mbedtls/bignum.h

@@ -1107,6 +1107,22 @@ int mbedtls_mpi_self_test(int verbose);
 #endif /* MBEDTLS_SELF_TEST */
 
 #endif /* MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS */
+/**
+ * \brief           Write an arbitrary-precision number (#MBEDTLS_ASN1_INTEGER)
+ *                  in ASN.1 format.
+ *
+ * \note            This function works backwards in data buffer.
+ *
+ * \param p         The reference to the current position pointer.
+ * \param start     The start of the buffer, for bounds-checking.
+ * \param X         The MPI to write.
+ *                  It must be non-negative.
+ *
+ * \return          The number of bytes written to \p p on success.
+ * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+ */
+int mbedtls_asn1_write_mpi(unsigned char **p, const unsigned char *start,
+                           const mbedtls_mpi *X);
 
 #ifdef __cplusplus
 }

drivers/builtin/src/asn1write.c

@@ -12,6 +12,7 @@
 
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error_common.h"
+#include "bignum_core.h"
 
 #include <string.h>
 
@@ -434,4 +435,68 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
 
     return cur;
 }
+
+int mbedtls_asn1_write_integer(unsigned char **p,
+                               unsigned char *start,
+                               const unsigned char *integer,
+                               size_t integer_length)
+{
+
+    int asn1_frame_size = 0;
+    unsigned int number_of_leading_zeros = 0;
+    size_t output_buffer_size = (*p-start);
+    const unsigned char *integer_start = NULL;
+
+    // asn1 specifies that the bignum must be encoded in the minimum allowable space, so leading zeros must be removed.
+    while ((number_of_leading_zeros < integer_length)
+           && (integer[number_of_leading_zeros] == 0x0)) {
+        number_of_leading_zeros++;
+    }
+
+    integer_start = integer + number_of_leading_zeros;
+
+    integer_length -= number_of_leading_zeros;
+
+    if (output_buffer_size < integer_length) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;//TC3 buffer less than integer size.
+    }
+
+    memset(start, 0, output_buffer_size);
+
+    /* Special case - if integer_length is zero, the value is zero and it
+     * should be encoded as one byte. */
+    if (integer_length == 0) {
+        if (output_buffer_size < 1) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
+
+        *p -= 1;
+        integer_length = 1;
+
+    } else {
+
+        *p -= integer_length;
+
+        memcpy(*p, integer_start, integer_length);
+
+        // DER format assumes 2s complement for numbers, so the leftmost bit
+        // should be 0.
+        if (**p & 0x80) {
+            if (*p - start < 1) {
+                return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+            }
+
+            *--(*p) = 0x00;
+            integer_length += 1;
+        }
+    }
+
+    asn1_frame_size =
+        mbedtls_asn1_write_len_and_tag(p, start, integer_length, MBEDTLS_ASN1_INTEGER);
+    if (asn1_frame_size < 0) {
+        return asn1_frame_size;//TC4 mbedtls_asn1_write_len_and_tag failed.
+    }
+
+    return asn1_frame_size;
+}
 #endif /* MBEDTLS_ASN1_WRITE_C */

include/mbedtls/asn1write.h

@@ -41,7 +41,7 @@ extern "C" {
 /**
  * \brief           Write a length field in ASN.1 format.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -55,7 +55,7 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start,
 /**
  * \brief           Write an ASN.1 tag in ASN.1 format.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -72,7 +72,7 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start,
 /**
  * \brief           Write raw buffer data.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -85,30 +85,11 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start,
 int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start,
                                   const unsigned char *buf, size_t size);
 
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief           Write an arbitrary-precision number (#MBEDTLS_ASN1_INTEGER)
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param X         The MPI to write.
- *                  It must be non-negative.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_mpi(unsigned char **p, const unsigned char *start,
-                           const mbedtls_mpi *X);
-#endif /* MBEDTLS_BIGNUM_C */
-
 /**
  * \brief           Write a NULL tag (#MBEDTLS_ASN1_NULL) with zero data
  *                  in ASN.1 format.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -122,7 +103,7 @@ int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start);
  * \brief           Write an OID tag (#MBEDTLS_ASN1_OID) and data
  *                  in ASN.1 format.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -138,7 +119,7 @@ int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start,
 /**
  * \brief           Write an AlgorithmIdentifier sequence in ASN.1 format.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -158,7 +139,7 @@ int mbedtls_asn1_write_algorithm_identifier(unsigned char **p,
 /**
  * \brief           Write an AlgorithmIdentifier sequence in ASN.1 format.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -180,7 +161,7 @@ int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p,
  * \brief           Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
  *                  in ASN.1 format.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -196,7 +177,7 @@ int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start,
  * \brief           Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
  *                  in ASN.1 format.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -212,7 +193,7 @@ int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int va
  * \brief           Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
  *                  in ASN.1 format.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -227,7 +208,7 @@ int mbedtls_asn1_write_enum(unsigned char **p, const unsigned char *start, int v
  * \brief           Write a string in ASN.1 format using a specific
  *                  string encoding tag.
 
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -248,7 +229,7 @@ int mbedtls_asn1_write_tagged_string(unsigned char **p, const unsigned char *sta
  * \brief           Write a string in ASN.1 format using the PrintableString
  *                  string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING).
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -267,7 +248,7 @@ int mbedtls_asn1_write_printable_string(unsigned char **p,
  * \brief           Write a UTF8 string in ASN.1 format using the UTF8String
  *                  string encoding tag (#MBEDTLS_ASN1_UTF8_STRING).
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -285,7 +266,7 @@ int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start
  * \brief           Write a string in ASN.1 format using the IA5String
  *                  string encoding tag (#MBEDTLS_ASN1_IA5_STRING).
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -303,7 +284,7 @@ int mbedtls_asn1_write_ia5_string(unsigned char **p, const unsigned char *start,
  * \brief           Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
  *                  value in ASN.1 format.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -342,7 +323,7 @@ int mbedtls_asn1_write_named_bitstring(unsigned char **p,
  * \brief           Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
  *                  and value in ASN.1 format.
  *
- * \note            This function works backwards in data buffer.
+ * \note            This function works backwards within the data buffer.
  *
  * \param p         The reference to the current position pointer.
  * \param start     The start of the buffer, for bounds-checking.
@@ -381,6 +362,32 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(mbedtls_asn1_named_data *
                                                        const unsigned char *val,
                                                        size_t val_len);
 
+/**
+ * \brief                  Encode an integer into ASN.1 and write it to a buffer.
+ *                         Write the integer given in \p integer into the buffer
+ *                         given by \p *p and \p start in DER-encoded ASN.1
+ *                         representation.
+ *
+ * \note                   This function works backwards within the data buffer.
+ *
+ * \note                   This function is not guaranteed to work when the
+ *                         input and output buffers overlap.
+ *
+ * \param p                The reference to the current position pointer.
+ * \param start            The start of the buffer, for bounds-checking.
+ * \param integer          Pointer to a big-endian representation of an integer.
+ * \param integer_length   The number of bytes in the integer buffer.
+ *
+ * \return                 An integer number of bytes written on success.
+ * \return                 An appropriate error code on failure.
+ * \return                 On success p will be set to point to the start of
+ *                         the encoded integer.
+ */
+int mbedtls_asn1_write_integer(unsigned char **p,
+                               unsigned char *start,
+                               const unsigned char *integer,
+                               size_t integer_length);
+
 #ifdef __cplusplus
 }
 #endif

tests/suites/test_suite_asn1write.data

@@ -393,3 +393,30 @@ store_named_data_val_new:4:1
 
 Store named data: new, val_len=4, val=NULL
 store_named_data_val_new:4:0
+
+ASN.1 write integer: Basic encode
+mbedtls_asn1_write_integer_positive:"0123":"02020123"
+
+ASN.1 write integer: Leading zeroes
+mbedtls_asn1_write_integer_positive:"000123":"02020123"
+
+ASN.1 write integer: Many leading zeroes (input longer than output)
+mbedtls_asn1_write_integer_positive:"000000000123":"02020123"
+
+ASN.1 write integer: Most significant bit is 1
+mbedtls_asn1_write_integer_positive:"800123":"020400800123"
+
+ASN.1 write integer: Leading zeroes and MSb of first byte is 1
+mbedtls_asn1_write_integer_positive:"000000800123":"020400800123"
+
+ASN.1 write integer: Multibyte length (> 255)
+mbedtls_asn1_write_integer_positive:"0123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF0000000000000000":"028201000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF00000000000000000123456789ABCDEF0000000000000000"
+
+ASN.1 write integer: Zero (single-byte)
+mbedtls_asn1_write_integer_positive:"00":"020100"
+
+ASN.1 write integer: Zero (multi-byte)
+mbedtls_asn1_write_integer_positive:"000000":"020100"
+
+ASN.1 write integer: Zero (empty)
+mbedtls_asn1_write_integer_positive:"":"020100"