Add crypto/bytestring-based BIGNUM DER functions.

RSA and ECDSA will both require being able to convert ASN.1 INTEGERs to and from DER. Don't bother handling negative BIGNUMs for now. It doesn't seem necessary and saves bothering with two's-complement vs sign-and-magnitude. BUG=499653 Change-Id: I1e80052067ed528809493af73b04f82539d564ff Reviewed-on: https://boringssl-review.googlesource.com/5268 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2015-06-12 05:52:07 +0300
committer: Adam Langley <agl@google.com> 2015-07-07 03:47:39 +0300
commit: b9c579db6ddfd1b5e41d0e1c9d8c9a4a12f67431 (patch)
tree: 93dcdde15c11762930f58e74a99b83a36770a698 /crypto/bn
parent: 241364c6f4d44165ce2dc707b9ad141dcc880d1b (diff)
3 files changed, 198 insertions, 35 deletions
diff --git a/crypto/bn/CMakeLists.txt b/crypto/bn/CMakeLists.txt
index 2e0cb450..fa6d2074 100644
--- a/crypto/bn/CMakeLists.txt
+++ b/crypto/bn/CMakeLists.txt
@@ -38,6 +38,7 @@ add_library(
 
   add.c
   asm/x86_64-gcc.c
+  asn1.c
   bn.c
   cmp.c
   convert.c
diff --git a/crypto/bn/asn1.c b/crypto/bn/asn1.c
new file mode 100644
index 00000000..81e7b897
--- /dev/null
+++ b/crypto/bn/asn1.c
@@ -0,0 +1,74 @@
+/* Copyright (c) 2015, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <openssl/bn.h>
+
+#include <openssl/bytestring.h>
+#include <openssl/err.h>
+
+
+int BN_cbs2unsigned(CBS *cbs, BIGNUM *ret) {
+  CBS child;
+  if (!CBS_get_asn1(cbs, &child, CBS_ASN1_INTEGER) ||
+      CBS_len(&child) == 0) {
+    OPENSSL_PUT_ERROR(BN, BN_cbs2unsigned, BN_R_BAD_ENCODING);
+    return 0;
+  }
+  if (CBS_data(&child)[0] & 0x80) {
+    OPENSSL_PUT_ERROR(BN, BN_cbs2unsigned, BN_R_NEGATIVE_NUMBER);
+    return 0;
+  }
+  /* INTEGERs must be minimal. */
+  if (CBS_data(&child)[0] == 0x00 &&
+      CBS_len(&child) > 1 &&
+      !(CBS_data(&child)[1] & 0x80)) {
+    OPENSSL_PUT_ERROR(BN, BN_cbs2unsigned, BN_R_BAD_ENCODING);
+    return 0;
+  }
+  return BN_bin2bn(CBS_data(&child), CBS_len(&child), ret) != NULL;
+}
+
+int BN_bn2cbb(CBB *cbb, const BIGNUM *bn) {
+  /* Negative numbers are unsupported. */
+  if (BN_is_negative(bn)) {
+    OPENSSL_PUT_ERROR(BN, BN_bn2cbb, BN_R_NEGATIVE_NUMBER);
+    return 0;
+  }
+
+  CBB child;
+  if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER)) {
+    OPENSSL_PUT_ERROR(BN, BN_bn2cbb, BN_R_ENCODE_ERROR);
+    return 0;
+  }
+
+  /* The number must be padded with a leading zero if the high bit would
+   * otherwise be set (or |bn| is zero). */
+  if (BN_num_bits(bn) % 8 == 0 &&
+      !CBB_add_u8(&child, 0x00)) {
+    OPENSSL_PUT_ERROR(BN, BN_bn2cbb, BN_R_ENCODE_ERROR);
+    return 0;
+  }
+
+  uint8_t *out;
+  if (!CBB_add_space(&child, &out, BN_num_bytes(bn))) {
+    OPENSSL_PUT_ERROR(BN, BN_bn2cbb, BN_R_ENCODE_ERROR);
+    return 0;
+  }
+  BN_bn2bin(bn, out);
+  if (!CBB_flush(cbb)) {
+    OPENSSL_PUT_ERROR(BN, BN_bn2cbb, BN_R_ENCODE_ERROR);
+    return 0;
+  }
+  return 1;
+}
diff --git a/crypto/bn/bn_test.cc b/crypto/bn/bn_test.cc
index 6a7d48c4..eaceb270 100644
--- a/crypto/bn/bn_test.cc
+++ b/crypto/bn/bn_test.cc
@@ -117,11 +117,12 @@ static bool test_exp_mod_zero(void);
 static bool test_small_prime(FILE *fp, BN_CTX *ctx);
 static bool test_mod_exp_mont5(FILE *fp, BN_CTX *ctx);
 static bool test_sqrt(FILE *fp, BN_CTX *ctx);
-static bool test_bn2bin_padded(FILE *fp, BN_CTX *ctx);
-static bool test_dec2bn(FILE *fp, BN_CTX *ctx);
-static bool test_hex2bn(FILE *fp, BN_CTX *ctx);
-static bool test_asc2bn(FILE *fp, BN_CTX *ctx);
+static bool test_bn2bin_padded(BN_CTX *ctx);
+static bool test_dec2bn(BN_CTX *ctx);
+static bool test_hex2bn(BN_CTX *ctx);
+static bool test_asc2bn(BN_CTX *ctx);
 static bool test_rand();
+static bool test_asn1();
 
 static const uint8_t kSample[] =
     "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
@@ -311,35 +312,14 @@ int main(int argc, char *argv[]) {
   }
   flush_fp(bc_file.get());
 
-  message(bc_file.get(), "BN_bn2bin_padded");
-  if (!test_bn2bin_padded(bc_file.get(), ctx.get())) {
+  if (!test_bn2bin_padded(ctx.get()) ||
+      !test_dec2bn(ctx.get()) ||
+      !test_hex2bn(ctx.get()) ||
+      !test_asc2bn(ctx.get()) ||
+      !test_rand() ||
+      !test_asn1()) {
     return 1;
   }
-  flush_fp(bc_file.get());
-
-  message(bc_file.get(), "BN_dec2bn");
-  if (!test_dec2bn(bc_file.get(), ctx.get())) {
-    return 1;
-  }
-  flush_fp(bc_file.get());
-
-  message(bc_file.get(), "BN_hex2bn");
-  if (!test_hex2bn(bc_file.get(), ctx.get())) {
-    return 1;
-  }
-  flush_fp(bc_file.get());
-
-  message(bc_file.get(), "BN_asc2bn");
-  if (!test_asc2bn(bc_file.get(), ctx.get())) {
-    return 1;
-  }
-  flush_fp(bc_file.get());
-
-  message(bc_file.get(), "BN_rand");
-  if (!test_rand()) {
-    return 1;
-  }
-  flush_fp(bc_file.get());
 
   printf("PASS\n");
   return 0;
@@ -1371,7 +1351,7 @@ static bool test_sqrt(FILE *fp, BN_CTX *ctx) {
   return true;
 }
 
-static bool test_bn2bin_padded(FILE *fp, BN_CTX *ctx) {
+static bool test_bn2bin_padded(BN_CTX *ctx) {
   uint8_t zeros[256], out[256], reference[128];
 
   memset(zeros, 0, sizeof(zeros));
@@ -1448,7 +1428,7 @@ static int DecimalToBIGNUM(ScopedBIGNUM *out, const char *in) {
   return ret;
 }
 
-static bool test_dec2bn(FILE *fp, BN_CTX *ctx) {
+static bool test_dec2bn(BN_CTX *ctx) {
   ScopedBIGNUM bn;
   int ret = DecimalToBIGNUM(&bn, "0");
   if (ret != 1 || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) {
@@ -1490,7 +1470,7 @@ static int HexToBIGNUM(ScopedBIGNUM *out, const char *in) {
   return ret;
 }
 
-static bool test_hex2bn(FILE *fp, BN_CTX *ctx) {
+static bool test_hex2bn(BN_CTX *ctx) {
   ScopedBIGNUM bn;
   int ret = HexToBIGNUM(&bn, "0");
   if (ret != 1 || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) {
@@ -1533,7 +1513,7 @@ static ScopedBIGNUM ASCIIToBIGNUM(const char *in) {
   return ScopedBIGNUM(raw);
 }
 
-static bool test_asc2bn(FILE *fp, BN_CTX *ctx) {
+static bool test_asc2bn(BN_CTX *ctx) {
   ScopedBIGNUM bn = ASCIIToBIGNUM("0");
   if (!bn || !BN_is_zero(bn.get()) || BN_is_negative(bn.get())) {
     fprintf(stderr, "BN_asc2bn gave a bad result.\n");
@@ -1628,3 +1608,111 @@ static bool test_rand() {
 
   return true;
 }
+
+struct ASN1Test {
+  const char *value_ascii;
+  const char *der;
+  size_t der_len;
+};
+
+static const ASN1Test kASN1Tests[] = {
+    {"0", "\x02\x01\x00", 3},
+    {"1", "\x02\x01\x01", 3},
+    {"127", "\x02\x01\x7f", 3},
+    {"128", "\x02\x02\x00\x80", 4},
+    {"0xdeadbeef", "\x02\x05\x00\xde\xad\xbe\xef", 7},
+    {"0x0102030405060708",
+     "\x02\x08\x01\x02\x03\x04\x05\x06\x07\x08", 10},
+    {"0xffffffffffffffff",
+      "\x02\x09\x00\xff\xff\xff\xff\xff\xff\xff\xff", 11},
+};
+
+struct ASN1InvalidTest {
+  const char *der;
+  size_t der_len;
+};
+
+static const ASN1InvalidTest kASN1InvalidTests[] = {
+    // Bad tag.
+    {"\x03\x01\x00", 3},
+    // Empty contents.
+    {"\x02\x00", 2},
+    // Negative number.
+    {"\x02\x01\x80", 3},
+    // Leading zeros.
+    {"\x02\x02\x00\x01", 4},
+};
+
+static bool test_asn1() {
+  for (const ASN1Test &test : kASN1Tests) {
+    ScopedBIGNUM bn = ASCIIToBIGNUM(test.value_ascii);
+    if (!bn) {
+      return false;
+    }
+
+    // Test that the input is correctly parsed.
+    ScopedBIGNUM bn2(BN_new());
+    if (!bn2) {
+      return false;
+    }
+    CBS cbs;
+    CBS_init(&cbs, reinterpret_cast<const uint8_t*>(test.der), test.der_len);
+    if (!BN_cbs2unsigned(&cbs, bn2.get()) || CBS_len(&cbs) != 0) {
+      fprintf(stderr, "Parsing ASN.1 INTEGER failed.\n");
+      return false;
+    }
+    if (BN_cmp(bn.get(), bn2.get()) != 0) {
+      fprintf(stderr, "Bad parse.\n");
+      return false;
+    }
+
+    // Test the value serializes correctly.
+    CBB cbb;
+    uint8_t *der;
+    size_t der_len;
+    CBB_zero(&cbb);
+    if (!CBB_init(&cbb, 0) ||
+        !BN_bn2cbb(&cbb, bn.get()) ||
+        !CBB_finish(&cbb, &der, &der_len)) {
+      CBB_cleanup(&cbb);
+      return false;
+    }
+    ScopedOpenSSLBytes delete_der(der);
+    if (der_len != test.der_len ||
+        memcmp(der, reinterpret_cast<const uint8_t*>(test.der), der_len) != 0) {
+      fprintf(stderr, "Bad serialization.\n");
+      return false;
+    }
+  }
+
+  for (const ASN1InvalidTest &test : kASN1InvalidTests) {
+    ScopedBIGNUM bn(BN_new());
+    if (!bn) {
+      return false;
+    }
+    CBS cbs;
+    CBS_init(&cbs, reinterpret_cast<const uint8_t*>(test.der), test.der_len);
+    if (BN_cbs2unsigned(&cbs, bn.get())) {
+      fprintf(stderr, "Parsed invalid input.\n");
+      return false;
+    }
+    ERR_clear_error();
+  }
+
+  // Serializing negative numbers is not supported.
+  ScopedBIGNUM bn = ASCIIToBIGNUM("-1");
+  if (!bn) {
+    return false;
+  }
+  CBB cbb;
+  CBB_zero(&cbb);
+  if (!CBB_init(&cbb, 0) ||
+      BN_bn2cbb(&cbb, bn.get())) {
+    fprintf(stderr, "Serialized negative number.\n");
+    CBB_cleanup(&cbb);
+    return false;
+  }
+  CBB_cleanup(&cbb);
+
+  return true;
+}
author	David Benjamin <davidben@chromium.org>	2015-06-12 05:52:07 +0300
committer	Adam Langley <agl@google.com>	2015-07-07 03:47:39 +0300
commit	b9c579db6ddfd1b5e41d0e1c9d8c9a4a12f67431 (patch)
tree	93dcdde15c11762930f58e74a99b83a36770a698 /crypto/bn
parent	241364c6f4d44165ce2dc707b9ad141dcc880d1b (diff)