mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-17 19:00:58 +00:00
feat(crypto): Use entire DER encoding in DER_ITEM.
This commit is contained in:
parent
8e8f1afa85
commit
41c305f6cd
@ -64,6 +64,16 @@ bool buffer_get(BUFFER_READER *buf, uint8_t *byte) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool buffer_seek(BUFFER_READER *buf, size_t pos) {
|
||||||
|
if ((buf->data == NULL) || (pos > buf->size)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
buf->pos = pos;
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
bool buffer_read_buffer(BUFFER_READER *src, BUFFER_READER *dest, size_t size) {
|
bool buffer_read_buffer(BUFFER_READER *src, BUFFER_READER *dest, size_t size) {
|
||||||
if ((src->data == NULL) || (src->pos + size > src->size)) {
|
if ((src->data == NULL) || (src->pos + size > src->size)) {
|
||||||
return false;
|
return false;
|
||||||
|
@ -48,6 +48,7 @@ void buffer_writer_init(BUFFER_WRITER *buf, uint8_t *data, size_t size);
|
|||||||
size_t __wur buffer_remaining(BUFFER_READER *buf);
|
size_t __wur buffer_remaining(BUFFER_READER *buf);
|
||||||
bool __wur buffer_peek(const BUFFER_READER *buf, uint8_t *byte);
|
bool __wur buffer_peek(const BUFFER_READER *buf, uint8_t *byte);
|
||||||
bool __wur buffer_get(BUFFER_READER *buf, uint8_t *byte);
|
bool __wur buffer_get(BUFFER_READER *buf, uint8_t *byte);
|
||||||
|
bool __wur buffer_seek(BUFFER_READER *buf, size_t pos);
|
||||||
bool __wur buffer_read_buffer(BUFFER_READER *src, BUFFER_READER *dest,
|
bool __wur buffer_read_buffer(BUFFER_READER *src, BUFFER_READER *dest,
|
||||||
size_t size);
|
size_t size);
|
||||||
void buffer_lstrip(BUFFER_READER *buf, uint8_t byte);
|
void buffer_lstrip(BUFFER_READER *buf, uint8_t byte);
|
||||||
|
17
crypto/der.c
17
crypto/der.c
@ -87,6 +87,7 @@ bool der_write_length(BUFFER_WRITER *buf, size_t len) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
bool der_read_item(BUFFER_READER *buf, DER_ITEM *item) {
|
bool der_read_item(BUFFER_READER *buf, DER_ITEM *item) {
|
||||||
|
size_t begin_pos = buf->pos;
|
||||||
if (!buffer_get(buf, &item->id) || ((item->id & 0x1f) == 0x1f)) {
|
if (!buffer_get(buf, &item->id) || ((item->id & 0x1f) == 0x1f)) {
|
||||||
// Multi-byte identifiers not supported.
|
// Multi-byte identifiers not supported.
|
||||||
return false;
|
return false;
|
||||||
@ -97,7 +98,13 @@ bool der_read_item(BUFFER_READER *buf, DER_ITEM *item) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return buffer_read_buffer(buf, &item->cont, len);
|
size_t header_size = buf->pos - begin_pos;
|
||||||
|
if (!buffer_seek(buf, begin_pos) ||
|
||||||
|
!buffer_read_buffer(buf, &item->buf, header_size + len)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return buffer_seek(&item->buf, header_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Reencode a positive integer which violates the encoding rules in Rec. ITU-T
|
// Reencode a positive integer which violates the encoding rules in Rec. ITU-T
|
||||||
@ -111,13 +118,13 @@ bool der_reencode_int(BUFFER_READER *reader, BUFFER_WRITER *writer) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Strip any leading 0x00 bytes.
|
// Strip any leading 0x00 bytes.
|
||||||
buffer_lstrip(&item.cont, 0x00);
|
buffer_lstrip(&item.buf, 0x00);
|
||||||
size_t len = buffer_remaining(&item.cont);
|
size_t len = buffer_remaining(&item.buf);
|
||||||
|
|
||||||
// Positive integers should start with one 0x00 byte if and only if the most
|
// Positive integers should start with one 0x00 byte if and only if the most
|
||||||
// significant byte is >= 0x80.
|
// significant byte is >= 0x80.
|
||||||
uint8_t msb = 0;
|
uint8_t msb = 0;
|
||||||
bool prepend_null = (!buffer_peek(&item.cont, &msb) || msb >= 0x80);
|
bool prepend_null = (!buffer_peek(&item.buf, &msb) || msb >= 0x80);
|
||||||
if (prepend_null) {
|
if (prepend_null) {
|
||||||
len += 1;
|
len += 1;
|
||||||
}
|
}
|
||||||
@ -132,5 +139,5 @@ bool der_reencode_int(BUFFER_READER *reader, BUFFER_WRITER *writer) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return buffer_write_buffer(writer, &item.cont);
|
return buffer_write_buffer(writer, &item.buf);
|
||||||
}
|
}
|
||||||
|
@ -33,9 +33,14 @@
|
|||||||
#define DER_SEQUENCE 0x30
|
#define DER_SEQUENCE 0x30
|
||||||
#define DER_INTEGER 0x02
|
#define DER_INTEGER 0x02
|
||||||
|
|
||||||
|
// Struct representing a DER-encoded ASN.1 data value.
|
||||||
typedef struct {
|
typedef struct {
|
||||||
|
// Single-octet identifier encoding the ASN.1 class, type and tag number.
|
||||||
uint8_t id;
|
uint8_t id;
|
||||||
BUFFER_READER cont;
|
// A buffer containing the entire DER encoding of the data value including the
|
||||||
|
// tag and length, but with the position indicator initialized to the offset
|
||||||
|
// of the contents octets.
|
||||||
|
BUFFER_READER buf;
|
||||||
} DER_ITEM;
|
} DER_ITEM;
|
||||||
|
|
||||||
bool __wur der_read_length(BUFFER_READER *buf, size_t *len);
|
bool __wur der_read_length(BUFFER_READER *buf, size_t *len);
|
||||||
|
Loading…
Reference in New Issue
Block a user