support ASN.1 encoding of negative integers and integers larger than 255

sg2342 · Aug 15, 2016 · b684c0e · b684c0e
1 parent e49404a
commit b684c0e
Show file tree

Hide file tree

Showing 3 changed files with 130 additions and 9 deletions.
diff --git a/library/asn1write.c b/library/asn1write.c
@@ -205,23 +205,83 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
     int ret;
     size_t len = 0;
 
-    // TODO negative values and values larger than 128
-    // DER format assumes 2s complement for numbers, so the leftmost bit
-    // should be 0 for positive numbers and 1 for negative numbers.
     //
-    if( *p - start < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    // a better world:
+    //
+    // the loop below terminates after at most sizeof(int)+1 iterations:
+    // because of
+    //
+    //    P >> (8 * sizeof(int)) == 0 for all P >= 0
+    // and
+    //    N >> (8 * sizeof(int)) == -1 for all N < 0
+    //
+    // it is valid to encode and then right shift 8 bits until the result
+    // of the shift operation is either 0 or -1.
+    //
+    // since ASN.1 BER/DER Integer encoding is specified as
+    // two's complement, MSB of leading payload octet must be
+    // 1 for negative and 0 for non-negative integers.
+    //
+    // 7 bit right shift of val and check for 0 or -1 as termination
+    // condition ensures that a padding octet is written if the
+    // MSB of the encoded octet does not match the sign of
+    // the input.
+    //
+    //  for ( ;; )
+    //  {
+    //      if( *p - start < 1 )
+    //          return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+    //      *--(*p) = (unsigned char)(val & 0xFF);
+    //      len += 1;
+    //
+    //      if( val >> 7 == 0 || val >> 7 == -1 )
+    //          break;
+    //
+    //      val >>= 8;
+    //  }
+    //
+    // reality:
+    //
+    // 1) Arithmethic right shift on signed integers is
+    //    implementation-defined behaviour for negative integers.
+    //
+    // one can emulate arithmetic right shift with sign extension for
+    // negative input by using a logical right shift and then set the
+    // shifted-in bits to one.
+    //
+    // but since
+    // 2) The ISO C standard allows three encoding methods for signed
+    //    integers: two's complement, one's complement and sign/magnitude.
+    //
+    // the two's complement encoding has to be ensured.
+    //
 
-    len += 1;
-    *--(*p) = val;
+    unsigned int v, fix7, fix8, cmp;
+
+    if( val < 0 ) {
+        v = ~((unsigned int) -val) + 1;
+        fix7 = 0xFE << (sizeof(int) -1) * 8;
+        fix8 = 0xFF << (sizeof(int) -1) * 8;
+        cmp = -1;
+    } else {
+        v = (unsigned int)val;
+        fix7 = 0;
+        fix8 = 0;
+        cmp = 0;
+    }
 
-    if( val > 0 && **p & 0x80 )
+    for( ;; )
     {
         if( *p - start < 1 )
             return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
-        *--(*p) = 0x00;
+        *--(*p) = (unsigned char) (v & 0xFF);
         len += 1;
+
+        if( (v >> 7 | fix7) == cmp )
+                break;
+
+        v = v >> 8 | fix8;
     }
 
     MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );

diff --git a/tests/suites/test_suite_asn1write.data b/tests/suites/test_suite_asn1write.data
@@ -48,3 +48,30 @@ mbedtls_asn1_write_ia5_string:"ABC":"":3:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
 
 ASN.1 Write IA5 String #5 (Buffer too small for string)
 mbedtls_asn1_write_ia5_string:"ABC":"":2:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
+ASN.1 Write Integer #0 (Zero)
+mbedtls_asn1_write_int:0:"020100":3:3
+
+ASN.1 Write Integer #1 (Small positive)
+mbedtls_asn1_write_int:23:"020117":3:3
+
+ASN.1 Write Integer #2 (Small negative)
+mbedtls_asn1_write_int:-42:"0201D6":3:3
+
+ASN.1 Write Integer #3 (small MSB adjusted positive)
+mbedtls_asn1_write_int:128:"02020080":4:4
+
+ASN.1 Write Integer #3 (Small negative)
+mbedtls_asn1_write_int:-16:"0201F0":3:3
+
+ASN.1 Write Integer #4 (Big negative)
+mbedtls_asn1_write_int:-231451016:"0204F2345678":6:6
+
+ASN.1 Write Integer #5 (Buffer too small for tag)
+mbedtls_asn1_write_int:-231451016:"0204F2345678":5:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
+ASN.1 Write Integer #6 (Buffer too small for len)
+mbedtls_asn1_write_int:-231451016:"0204F2345678":4:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
+ASN.1 Write Integer #7 (Buffer too small for integer)
+mbedtls_asn1_write_int:-231451016:"0204F2345678":3:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
@@ -82,3 +82,37 @@ void mbedtls_asn1_write_ia5_string( char *str, char *hex_asn1,
     }
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_asn1_write_int( int val, char *hex_asn1, int buf_len, int result )
+{
+    int ret;
+    unsigned char buf[150];
+    unsigned char asn1[150] = { 0 };
+    size_t asn1_len, i;
+    unsigned char *p;
+
+    memset( buf, GUARD_VAL, sizeof( buf ) );
+
+    asn1_len = unhexify( asn1, hex_asn1 );
+
+    p = buf + GUARD_LEN + buf_len;
+
+    ret = mbedtls_asn1_write_int( &p, buf + GUARD_LEN, val );
+
+    /* Check for buffer overwrite on both sides */
+    for ( i = 0; i < GUARD_LEN; i++ )
+    {
+        TEST_ASSERT( buf[i] == GUARD_VAL );
+	TEST_ASSERT( buf[GUARD_LEN + buf_len + i] == GUARD_VAL);
+    }
+
+    if( result >= 0 )
+    {
+        TEST_ASSERT( (size_t) ret == asn1_len );
+        TEST_ASSERT( p + asn1_len == buf + GUARD_LEN + buf_len );
+
+        TEST_ASSERT( memcmp( p, asn1, asn1_len ) == 0 );
+    }
+}
+/* END_CASE */