Add helpers for encoding/decoding der ecdsa signatures to raw (#230)

Author: DmitriyMusatkin

include/aws/cal/ecc.h

@@ -179,6 +179,25 @@ AWS_CAL_API void aws_ecc_key_pair_get_private_key(
 
 AWS_CAL_API size_t aws_ecc_key_coordinate_byte_size_from_curve_name(enum aws_ecc_curve_name curve_name);
 
+/*
+ * Helper to decode ECDSA signature from DER format to base components R and S.
+ */
+AWS_CAL_API int aws_ecc_decode_signature_der_to_raw(
+    struct aws_allocator *allocator,
+    struct aws_byte_cursor signature,
+    struct aws_byte_cursor *out_r,
+    struct aws_byte_cursor *out_s);
+
+/*
+ * Helper to encode ECDSA signature from raw format (R and S) to DER.
+ * out_signature must be initialized and must be able to fit signature
+ */
+AWS_CAL_API int aws_ecc_encode_signature_raw_to_der(
+    struct aws_allocator *allocator,
+    struct aws_byte_cursor r,
+    struct aws_byte_cursor s,
+    struct aws_byte_buf *out_signature);
+
 AWS_EXTERN_C_END
 AWS_POP_SANE_WARNING_LEVEL
 

source/ecc.c

@@ -336,3 +336,102 @@ struct aws_ecc_key_pair *aws_ecc_key_new_from_hex_coordinates(
 
     return key;
 }
+
+int aws_ecc_decode_signature_der_to_raw(
+    struct aws_allocator *allocator,
+    struct aws_byte_cursor signature,
+    struct aws_byte_cursor *out_r,
+    struct aws_byte_cursor *out_s) {
+
+    AWS_ERROR_PRECONDITION(allocator);
+    AWS_ERROR_PRECONDITION(out_r);
+    AWS_ERROR_PRECONDITION(out_s);
+
+    struct aws_der_decoder *decoder = aws_der_decoder_new(allocator, signature);
+
+    if (!decoder) {
+        return AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED;
+    }
+
+    if (!aws_der_decoder_next(decoder) || aws_der_decoder_tlv_type(decoder) != AWS_DER_SEQUENCE) {
+        aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
+        goto on_error;
+    }
+
+    struct aws_byte_cursor r;
+    AWS_ZERO_STRUCT(r);
+    struct aws_byte_cursor s;
+    AWS_ZERO_STRUCT(s);
+
+    if (!aws_der_decoder_next(decoder) || aws_der_decoder_tlv_unsigned_integer(decoder, &r)) {
+        aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
+        goto on_error;
+    }
+    if (!aws_der_decoder_next(decoder) || aws_der_decoder_tlv_unsigned_integer(decoder, &s)) {
+        aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED);
+        goto on_error;
+    }
+
+    aws_der_decoder_destroy(decoder);
+    *out_r = r;
+    *out_s = s;
+    return AWS_OP_SUCCESS;
+
+on_error:
+    aws_der_decoder_destroy(decoder);
+    return AWS_OP_ERR;
+}
+
+static bool s_trim_zeros_predicate(uint8_t value) {
+    return value == 0;
+}
+
+int aws_ecc_encode_signature_raw_to_der(
+    struct aws_allocator *allocator,
+    struct aws_byte_cursor r,
+    struct aws_byte_cursor s,
+    struct aws_byte_buf *out_signature) {
+
+    AWS_ERROR_PRECONDITION(allocator);
+    AWS_ERROR_PRECONDITION(out_signature);
+
+    struct aws_der_encoder *encoder = aws_der_encoder_new(allocator, out_signature->capacity - out_signature->len);
+
+    if (aws_der_encoder_begin_sequence(encoder)) {
+        aws_raise_error(AWS_ERROR_UNKNOWN);
+        goto on_error;
+    }
+
+    r = aws_byte_cursor_left_trim_pred(&r, s_trim_zeros_predicate);
+    if (aws_der_encoder_write_unsigned_integer(encoder, r)) {
+        aws_raise_error(AWS_ERROR_UNKNOWN);
+        goto on_error;
+    }
+
+    s = aws_byte_cursor_left_trim_pred(&s, s_trim_zeros_predicate);
+    if (aws_der_encoder_write_unsigned_integer(encoder, s)) {
+        aws_raise_error(AWS_ERROR_UNKNOWN);
+        goto on_error;
+    }
+
+    if (aws_der_encoder_end_sequence(encoder)) {
+        aws_raise_error(AWS_ERROR_UNKNOWN);
+        goto on_error;
+    }
+
+    struct aws_byte_cursor contents;
+    AWS_ZERO_STRUCT(contents);
+    if (aws_der_encoder_get_contents(encoder, &contents)) {
+        aws_raise_error(AWS_ERROR_UNKNOWN);
+        goto on_error;
+    }
+
+    aws_byte_buf_append(out_signature, &contents);
+
+    aws_der_encoder_destroy(encoder);
+    return AWS_OP_SUCCESS;
+
+on_error:
+    aws_der_encoder_destroy(encoder);
+    return AWS_OP_ERR;
+}

source/windows/bcrypt_ecc.c

@@ -82,10 +82,6 @@ static size_t s_signature_length(const struct aws_ecc_key_pair *key_pair) {
     return s_der_overhead + aws_ecc_key_coordinate_byte_size_from_curve_name(key_pair->curve_name) * 2;
 }
 
-static bool s_trim_zeros_predicate(uint8_t value) {
-    return value == 0;
-}
-
 static int s_sign_message(
     const struct aws_ecc_key_pair *key_pair,
     const struct aws_byte_cursor *message,
@@ -120,29 +116,12 @@ static int s_sign_message(
     size_t coordinate_len = temp_signature_buf.len / 2;
 
     /* okay. Windows doesn't DER encode this to ASN.1, so we need to do it manually. */
-    struct aws_der_encoder *encoder =
-        aws_der_encoder_new(key_pair->allocator, signature_output->capacity - signature_output->len);
-    if (!encoder) {
-        return AWS_OP_ERR;
+    struct aws_byte_cursor s = aws_byte_cursor_from_buf(&temp_signature_buf);
+    struct aws_byte_cursor r = aws_byte_cursor_advance(&s, coordinate_len);
+    if (aws_ecc_encode_signature_raw_to_der(key_pair->allocator, r, s, signature_output)) {
+        return aws_raise_error(AWS_ERROR_CAL_CRYPTO_OPERATION_FAILED);
     }
 
-    aws_der_encoder_begin_sequence(encoder);
-    struct aws_byte_cursor integer_cur = aws_byte_cursor_from_array(temp_signature_buf.buffer, coordinate_len);
-    /* trim off the leading zero padding for DER encoding */
-    integer_cur = aws_byte_cursor_left_trim_pred(&integer_cur, s_trim_zeros_predicate);
-    aws_der_encoder_write_unsigned_integer(encoder, integer_cur);
-    integer_cur = aws_byte_cursor_from_array(temp_signature_buf.buffer + coordinate_len, coordinate_len);
-    /* trim off the leading zero padding for DER encoding */
-    integer_cur = aws_byte_cursor_left_trim_pred(&integer_cur, s_trim_zeros_predicate);
-    aws_der_encoder_write_unsigned_integer(encoder, integer_cur);
-    aws_der_encoder_end_sequence(encoder);
-
-    struct aws_byte_cursor signature_out_cur;
-    AWS_ZERO_STRUCT(signature_out_cur);
-    aws_der_encoder_get_contents(encoder, &signature_out_cur);
-    aws_byte_buf_append(signature_output, &signature_out_cur);
-    aws_der_encoder_destroy(encoder);
-
     return AWS_OP_SUCCESS;
 }
 

tests/CMakeLists.txt

@@ -83,6 +83,7 @@ add_test_case(ecdsa_test_import_asn1_key_pair_public_only)
 add_test_case(ecdsa_test_import_asn1_key_pair_invalid_fails)
 add_test_case(ecdsa_test_signature_format)
 add_test_case(ecdsa_p256_test_small_coordinate_verification)
+add_test_case(ecdsa_signature_encode_helper_roundtrip)
 
 add_test_case(rsa_encryption_roundtrip_pkcs1_from_user)
 add_test_case(rsa_encryption_roundtrip_oaep_sha256_from_user)

tests/ecc_test.c

@@ -950,6 +950,55 @@ static int s_ecdsa_p256_test_small_coordinate_verification(struct aws_allocator
 }
 AWS_TEST_CASE(ecdsa_p256_test_small_coordinate_verification, s_ecdsa_p256_test_small_coordinate_verification);
 
+static int s_ecdsa_signature_encode_helper_roundtrip(struct aws_allocator *allocator, void *ctx) {
+    (void)ctx;
+    aws_cal_library_test_init(allocator);
+
+    struct aws_byte_cursor signature_value_cursor = aws_byte_cursor_from_string(s_signature_value);
+    size_t binary_length = 0;
+    if (aws_hex_compute_decoded_len(signature_value_cursor.len, &binary_length)) {
+        return AWS_OP_ERR;
+    }
+    struct aws_byte_buf binary_signature;
+    AWS_ZERO_STRUCT(binary_signature);
+
+    aws_byte_buf_init(&binary_signature, allocator, binary_length);
+
+    ASSERT_SUCCESS(aws_hex_decode(&signature_value_cursor, &binary_signature));
+
+    struct aws_byte_cursor r;
+    AWS_ZERO_STRUCT(r);
+    struct aws_byte_cursor s;
+    AWS_ZERO_STRUCT(s);
+    struct aws_byte_cursor bin_cursor = aws_byte_cursor_from_buf(&binary_signature);
+    ASSERT_SUCCESS(aws_ecc_decode_signature_der_to_raw(allocator, bin_cursor, &r, &s));
+
+    uint8_t expected_r[] = {0x7c, 0xfd, 0x51, 0xaf, 0x2b, 0x72, 0x2f, 0x8d, 0x1f, 0xa1, 0xaf,
+                            0xb6, 0x5b, 0x4d, 0x54, 0x86, 0xed, 0x59, 0xa6, 0x7b, 0xcf, 0x9f,
+                            0x3a, 0xcc, 0x62, 0xaa, 0xd6, 0xdd, 0xd3, 0x7d, 0xb1};
+    struct aws_byte_cursor expected_r_cur = aws_byte_cursor_from_array(expected_r, sizeof(expected_r));
+    uint8_t expected_s[] = {0x9d, 0x4c, 0x9f, 0x9a, 0x37, 0x10, 0x4f, 0xc0, 0x1a, 0x8d, 0xaf,
+                            0xfc, 0x9a, 0x6b, 0xd1, 0x05, 0x6b, 0x7b, 0x43, 0xc1, 0x19, 0x6e,
+                            0xdd, 0xe0, 0xb5, 0x28, 0x78, 0xb7, 0x59, 0x62, 0x8f, 0x8c};
+    struct aws_byte_cursor expected_s_cur = aws_byte_cursor_from_array(expected_s, sizeof(expected_s));
+
+    ASSERT_BIN_ARRAYS_EQUALS(expected_r_cur.ptr, expected_r_cur.len, r.ptr, r.len);
+    ASSERT_BIN_ARRAYS_EQUALS(expected_s_cur.ptr, expected_s_cur.len, s.ptr, s.len);
+
+    struct aws_byte_buf encoded_sig;
+    aws_byte_buf_init(&encoded_sig, allocator, 128);
+    ASSERT_SUCCESS(aws_ecc_encode_signature_raw_to_der(allocator, r, s, &encoded_sig));
+
+    ASSERT_BIN_ARRAYS_EQUALS(binary_signature.buffer, binary_signature.len, encoded_sig.buffer, encoded_sig.len);
+
+    aws_byte_buf_clean_up(&binary_signature);
+    aws_byte_buf_clean_up(&encoded_sig);
+
+    aws_cal_library_clean_up();
+    return AWS_OP_SUCCESS;
+}
+AWS_TEST_CASE(ecdsa_signature_encode_helper_roundtrip, s_ecdsa_signature_encode_helper_roundtrip);
+
 #ifdef AWS_OS_APPLE
 
 static int s_test_key_gen_from_private_fuzz(