]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/asn1_dsa.c
34835a521438a2423f46b558f18c137f94a6ddc2
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * A simple ASN.1 DER encoder/decoder for DSA-Sig-Value and ECDSA-Sig-Value.
13 * DSA-Sig-Value ::= SEQUENCE {
18 * ECDSA-Sig-Value ::= SEQUENCE {
24 #include <openssl/crypto.h>
25 #include <openssl/bn.h>
26 #include "crypto/asn1_dsa.h"
27 #include "internal/packet.h"
29 #define ID_SEQUENCE 0x30
30 #define ID_INTEGER 0x02
33 * Outputs the encoding of the length octets for a DER value with a content
34 * length of cont_len bytes to pkt. The maximum supported content length is
35 * 65535 (0xffff) bytes.
37 * Returns 1 on success or 0 on error.
39 int encode_der_length(WPACKET
*pkt
, size_t cont_len
)
41 if (cont_len
> 0xffff)
42 return 0; /* Too large for supported length encodings */
44 if (cont_len
> 0xff) {
45 if (!WPACKET_put_bytes_u8(pkt
, 0x82)
46 || !WPACKET_put_bytes_u16(pkt
, cont_len
))
50 && !WPACKET_put_bytes_u8(pkt
, 0x81))
52 if (!WPACKET_put_bytes_u8(pkt
, cont_len
))
60 * Outputs the DER encoding of a positive ASN.1 INTEGER to pkt.
62 * Results in an error if n is negative or too large.
64 * Returns 1 on success or 0 on error.
66 int encode_der_integer(WPACKET
*pkt
, const BIGNUM
*n
)
68 unsigned char *bnbytes
;
71 if (BN_is_negative(n
))
75 * Calculate the ASN.1 INTEGER DER content length for n.
76 * This is the number of whole bytes required to represent n (i.e. rounded
78 * If n is zero then the content is a single zero byte (length = 1).
79 * If the number of bits of n is a multiple of 8 then an extra zero padding
80 * byte is included to ensure that the value is still treated as positive
81 * in the INTEGER two's complement representation.
83 cont_len
= BN_num_bits(n
) / 8 + 1;
85 if (!WPACKET_start_sub_packet(pkt
)
86 || !WPACKET_put_bytes_u8(pkt
, ID_INTEGER
)
87 || !encode_der_length(pkt
, cont_len
)
88 || !WPACKET_allocate_bytes(pkt
, cont_len
, &bnbytes
)
89 || !WPACKET_close(pkt
))
93 && BN_bn2binpad(n
, bnbytes
, (int)cont_len
) != (int)cont_len
)
100 * Outputs the DER encoding of a DSA-Sig-Value or ECDSA-Sig-Value to pkt. pkt
101 * may be initialised with a NULL buffer which enables pkt to be used to
102 * calculate how many bytes would be needed.
104 * Returns 1 on success or 0 on error.
106 int encode_der_dsa_sig(WPACKET
*pkt
, const BIGNUM
*r
, const BIGNUM
*s
)
108 WPACKET tmppkt
, *dummypkt
;
110 int isnull
= WPACKET_is_null_buf(pkt
);
112 if (!WPACKET_start_sub_packet(pkt
))
116 if (!WPACKET_init_null(&tmppkt
, 0))
120 /* If the input packet has a NULL buffer, we don't need a dummy packet */
124 /* Calculate the content length */
125 if (!encode_der_integer(dummypkt
, r
)
126 || !encode_der_integer(dummypkt
, s
)
127 || !WPACKET_get_length(dummypkt
, &cont_len
)
128 || (!isnull
&& !WPACKET_finish(dummypkt
))) {
130 WPACKET_cleanup(dummypkt
);
134 /* Add the tag and length bytes */
135 if (!WPACKET_put_bytes_u8(pkt
, ID_SEQUENCE
)
136 || !encode_der_length(pkt
, cont_len
)
138 * Really encode the integers. We already wrote to the main pkt
139 * if it had a NULL buffer, so don't do it again
141 || (!isnull
&& !encode_der_integer(pkt
, r
))
142 || (!isnull
&& !encode_der_integer(pkt
, s
))
143 || !WPACKET_close(pkt
))
150 * Decodes the DER length octets in pkt and initialises subpkt with the
151 * following bytes of that length.
153 * Returns 1 on success or 0 on failure.
155 int decode_der_length(PACKET
*pkt
, PACKET
*subpkt
)
159 if (!PACKET_get_1(pkt
, &byte
))
163 return PACKET_get_sub_packet(pkt
, subpkt
, (size_t)byte
);
165 return PACKET_get_length_prefixed_1(pkt
, subpkt
);
167 return PACKET_get_length_prefixed_2(pkt
, subpkt
);
169 /* Too large, invalid, or not DER. */
174 * Decodes a single ASN.1 INTEGER value from pkt, which must be DER encoded,
175 * and updates n with the decoded value.
177 * The BIGNUM, n, must have already been allocated by calling BN_new().
178 * pkt must not be NULL.
180 * An attempt to consume more than len bytes results in an error.
181 * Returns 1 on success or 0 on error.
183 * If the PACKET is supposed to only contain a single INTEGER value with no
184 * trailing garbage then it is up to the caller to verify that all bytes
187 int decode_der_integer(PACKET
*pkt
, BIGNUM
*n
)
189 PACKET contpkt
, tmppkt
;
190 unsigned int tag
, tmp
;
192 /* Check we have an integer and get the content bytes */
193 if (!PACKET_get_1(pkt
, &tag
)
195 || !decode_der_length(pkt
, &contpkt
))
198 /* Peek ahead at the first bytes to check for proper encoding */
200 /* The INTEGER must be positive */
201 if (!PACKET_get_1(&tmppkt
, &tmp
)
202 || (tmp
& 0x80) != 0)
204 /* If there a zero padding byte the next byte must have the msb set */
205 if (PACKET_remaining(&tmppkt
) > 0 && tmp
== 0) {
206 if (!PACKET_get_1(&tmppkt
, &tmp
)
207 || (tmp
& 0x80) == 0)
211 if (BN_bin2bn(PACKET_data(&contpkt
),
212 (int)PACKET_remaining(&contpkt
), n
) == NULL
)
219 * Decodes a single DSA-Sig-Value or ECDSA-Sig-Value from *ppin, which must be
220 * DER encoded, updates r and s with the decoded values, and increments *ppin
221 * past the data that was consumed.
223 * The BIGNUMs, r and s, must have already been allocated by calls to BN_new().
224 * ppin and *ppin must not be NULL.
226 * An attempt to consume more than len bytes results in an error.
227 * Returns the number of bytes of input consumed or 0 if an error occurs.
229 * If the buffer is supposed to only contain a single [EC]DSA-Sig-Value with no
230 * trailing garbage then it is up to the caller to verify that all bytes
233 size_t decode_der_dsa_sig(BIGNUM
*r
, BIGNUM
*s
, const unsigned char **ppin
,
240 if (!PACKET_buf_init(&pkt
, *ppin
, len
)
241 || !PACKET_get_1(&pkt
, &tag
)
242 || tag
!= ID_SEQUENCE
243 || !decode_der_length(&pkt
, &contpkt
)
244 || !decode_der_integer(&contpkt
, r
)
245 || !decode_der_integer(&contpkt
, s
)
246 || PACKET_remaining(&contpkt
) != 0)
249 consumed
= PACKET_data(&pkt
) - *ppin
;