Add IA5String support to Asn1Value class

PiperOrigin-RevId: 341948242
Change-Id: I9650d014f36e21d573f2f97c2e25ebd5faf48b32

Author: jessieqliu

asylo/crypto/BUILD

@@ -187,6 +187,7 @@ cc_library(
         ":bignum_util",
         "//asylo/crypto/util:bssl_util",
         "//asylo/crypto/util:byte_container_view",
+        "//asylo/util:error_codes",
         "//asylo/util:logging",
         "//asylo/util:status",
         "@boringssl//:crypto",

asylo/crypto/asn1.cc

@@ -33,11 +33,13 @@
 #include "absl/base/macros.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/str_format.h"
+#include "absl/strings/string_view.h"
 #include "absl/types/optional.h"
 #include "absl/types/span.h"
 #include "asylo/crypto/util/bssl_util.h"
 #include "asylo/crypto/util/byte_container_view.h"
 #include "asylo/util/logging.h"
+#include "asylo/util/error_codes.h"
 #include "asylo/util/status.h"
 #include "asylo/util/status_macros.h"
 #include "asylo/util/statusor.h"
@@ -63,6 +65,8 @@ absl::optional<Asn1Type> FromOpensslType(int openssl_type) {
       return Asn1Type::kObjectId;
     case V_ASN1_SEQUENCE:
       return Asn1Type::kSequence;
+    case V_ASN1_IA5STRING:
+      return Asn1Type::kIA5String;
     default:
       return absl::nullopt;
   }
@@ -85,6 +89,8 @@ int ToOpensslType(Asn1Type type) {
       return V_ASN1_OBJECT;
     case Asn1Type::kSequence:
       return V_ASN1_SEQUENCE;
+    case Asn1Type::kIA5String:
+      return V_ASN1_IA5STRING;
   }
 
   return V_ASN1_UNDEF;
@@ -397,6 +403,12 @@ StatusOr<Asn1Value> Asn1Value::CreateSequence(
   return result;
 }
 
+StatusOr<Asn1Value> Asn1Value::CreateIA5String(absl::string_view value) {
+  Asn1Value result;
+  ASYLO_RETURN_IF_ERROR(result.SetIA5String(value));
+  return result;
+}
+
 StatusOr<Asn1Value> Asn1Value::CreateSequenceFromStatusOrs(
     absl::Span<const StatusOr<Asn1Value>> results) {
   Asn1Value result;
@@ -495,6 +507,14 @@ StatusOr<std::vector<Asn1Value>> Asn1Value::GetSequence() const {
   return result;
 }
 
+StatusOr<std::string> Asn1Value::GetIA5String() const {
+  ASYLO_RETURN_IF_ERROR(CheckIsType(Asn1Type::kIA5String));
+  const ASN1_IA5STRING *str = value_->value.ia5string;
+
+  return std::string(reinterpret_cast<const char *>(ASN1_STRING_get0_data(str)),
+                     ASN1_STRING_length(str));
+}
+
 Status Asn1Value::SetBoolean(bool value) { return SetBsslBoolean(value); }
 
 Status Asn1Value::SetInteger(const BIGNUM &value) {
@@ -564,6 +584,21 @@ Status Asn1Value::SetSequence(absl::Span<const Asn1Value> elements) {
   return SetBsslSequence(*sequence);
 }
 
+Status Asn1Value::SetIA5String(absl::string_view value) {
+  bssl::UniquePtr<ASN1_IA5STRING> ia5_string(ASN1_IA5STRING_new());
+  if (ia5_string == nullptr) {
+    return Status(error::GoogleError::INTERNAL, BsslLastErrorString());
+  }
+
+  if (ASN1_STRING_set(ia5_string.get(), value.data(), value.length()) != 1) {
+    return Status(error::GoogleError::INTERNAL, BsslLastErrorString());
+  }
+
+  ASN1_TYPE_set(value_.get(), V_ASN1_IA5STRING, ia5_string.release());
+
+  return Status::OkStatus();
+}
+
 Status Asn1Value::SetSequenceFromStatusOrs(
     absl::Span<const StatusOr<Asn1Value>> results) {
   std::vector<Asn1Value> elements(results.size());
@@ -636,6 +671,13 @@ StatusOr<Asn1Value> Asn1Value::CreateSequenceFromBssl(
   return asn1;
 }
 
+StatusOr<Asn1Value> Asn1Value::CreateIA5StringFromBssl(
+    const ASN1_IA5STRING &bssl_value) {
+  Asn1Value asn1;
+  ASYLO_RETURN_IF_ERROR(asn1.SetBsslIA5String(bssl_value));
+  return asn1;
+}
+
 StatusOr<ASN1_BOOLEAN> Asn1Value::GetBsslBoolean() const {
   ASYLO_RETURN_IF_ERROR(CheckIsType(Asn1Type::kBoolean));
   return value_->value.boolean;
@@ -687,6 +729,12 @@ StatusOr<bssl::UniquePtr<ASN1_SEQUENCE_ANY>> Asn1Value::GetBsslSequence()
   return std::move(sequence);
 }
 
+StatusOr<bssl::UniquePtr<ASN1_IA5STRING>> Asn1Value::GetBsslIA5String() const {
+  ASYLO_RETURN_IF_ERROR(CheckIsType(Asn1Type::kIA5String));
+  return bssl::UniquePtr<ASN1_IA5STRING>(
+      CHECK_NOTNULL(ASN1_STRING_dup(value_->value.ia5string)));
+}
+
 Status Asn1Value::SetBsslBoolean(ASN1_BOOLEAN bssl_value) {
   // A non-null pointer. Used when calling ASN1_TYPE_set() with V_ASN1_BOOLEAN.
   void *const kNonNullPointer = reinterpret_cast<void *>(true);
@@ -749,6 +797,13 @@ Status Asn1Value::SetBsslSequence(const ASN1_SEQUENCE_ANY &bssl_value) {
   return Status::OkStatus();
 }
 
+Status Asn1Value::SetBsslIA5String(const ASN1_IA5STRING &bssl_value) {
+  if (ASN1_TYPE_set1(value_.get(), V_ASN1_IA5STRING, &bssl_value) != 1) {
+    return Status(error::GoogleError::INTERNAL, BsslLastErrorString());
+  }
+  return Status::OkStatus();
+}
+
 Asn1Value::Asn1Value(bssl::UniquePtr<ASN1_TYPE> value)
     : value_(std::move(value)) {}
 
@@ -794,6 +849,7 @@ bool operator==(const Asn1Value &lhs, const Asn1Value &rhs) {
     case Asn1Type::kBitString:
     case Asn1Type::kObjectId:
     case Asn1Type::kOctetString:
+    case Asn1Type::kIA5String:
       return ASN1_TYPE_cmp(lhs.value_.get(), rhs.value_.get()) == 0;
   }
 

asylo/crypto/asn1.h

@@ -63,6 +63,9 @@ enum class Asn1Type {
 
   // SEQUENCE values are represented by arrays of Asn1Values.
   kSequence,
+
+  // IA5String values are represented by an ASCII string.
+  kIA5String,
 };
 
 // Represents an ASN.1 OBJECT IDENTIFIER. Each object identifier can be
@@ -153,6 +156,7 @@ class Asn1Value {
   static StatusOr<Asn1Value> CreateObjectId(const ObjectId &value);
   static StatusOr<Asn1Value> CreateSequence(
       absl::Span<const Asn1Value> elements);
+  static StatusOr<Asn1Value> CreateIA5String(absl::string_view value);
 
   // Factory methods for creating INTEGER and ENUMERATED values directly from
   // integral types.
@@ -199,6 +203,7 @@ class Asn1Value {
   StatusOr<std::vector<uint8_t>> GetOctetString() const;
   StatusOr<ObjectId> GetObjectId() const;
   StatusOr<std::vector<Asn1Value>> GetSequence() const;
+  StatusOr<std::string> GetIA5String() const;
 
   // Getters that get an INTEGER or ENUMERATED value directly as an integral
   // type.
@@ -224,6 +229,7 @@ class Asn1Value {
   Status SetOctetString(ByteContainerView value);
   Status SetObjectId(const ObjectId &value);
   Status SetSequence(absl::Span<const Asn1Value> elements);
+  Status SetIA5String(absl::string_view value);
 
   // Setters for setting an Asn1Value to be an INTEGER or ENUMERATED value from
   // an integral type.
@@ -264,6 +270,8 @@ class Asn1Value {
       const ASN1_OBJECT &bssl_value);
   static StatusOr<Asn1Value> CreateSequenceFromBssl(
       const ASN1_SEQUENCE_ANY &bssl_value);
+  static StatusOr<Asn1Value> CreateIA5StringFromBssl(
+      const ASN1_IA5STRING &bssl_value);
 
   // Each "Bssl" getter returns the contained value in the appropriate BoringSSL
   // type. Fails if the Asn1Value does not have the appropriate type.
@@ -276,6 +284,7 @@ class Asn1Value {
   StatusOr<bssl::UniquePtr<ASN1_OCTET_STRING>> GetBsslOctetString() const;
   StatusOr<bssl::UniquePtr<ASN1_OBJECT>> GetBsslObjectId() const;
   StatusOr<bssl::UniquePtr<ASN1_SEQUENCE_ANY>> GetBsslSequence() const;
+  StatusOr<bssl::UniquePtr<ASN1_IA5STRING>> GetBsslIA5String() const;
 
   // Each "Bssl" setter sets the Asn1Value to have the appropriate type and the
   // given value. If a setter fails, then the value of the Asn1Value is
@@ -287,6 +296,7 @@ class Asn1Value {
   Status SetBsslOctetString(const ASN1_OCTET_STRING &bssl_value);
   Status SetBsslObjectId(const ASN1_OBJECT &bssl_value);
   Status SetBsslSequence(const ASN1_SEQUENCE_ANY &bssl_value);
+  Status SetBsslIA5String(const ASN1_IA5STRING &bssl_value);
 
  private:
   friend bool operator==(const Asn1Value &lhs, const Asn1Value &rhs);

asylo/crypto/asn1_test.cc

@@ -934,6 +934,53 @@ class Asn1Test<Asn1TypeTag<Asn1Type::kSequence>> : public Test {
   }
 };
 
+// Specialization of Asn1Test for Asn1Type::kIA5String.
+template <>
+class Asn1Test<Asn1TypeTag<Asn1Type::kIA5String>> : public Test {
+ public:
+  using ValueType = std::string;
+  using BsslValueType = bssl::UniquePtr<ASN1_IA5STRING>;
+
+  static constexpr Asn1Type Type() { return Asn1Type::kIA5String; }
+
+  static std::vector<ValueType> TestData() {
+    return {"", "t", "Test string.", "This is a test string.",
+            "This has \0 null \0\0 characters"};
+  }
+
+  static std::vector<std::vector<ValueType>> EqualTestData() { return {}; }
+
+  static std::vector<ValueType> BadTestData() { return {}; }
+
+  static void ExpectEqual(const ValueType &lhs, const ValueType &rhs) {
+    EXPECT_THAT(lhs, Eq(rhs));
+  }
+
+  static StatusOr<Asn1Value> Create(const ValueType &value) {
+    return Asn1Value::CreateIA5String(value);
+  }
+
+  static StatusOr<ValueType> Get(const Asn1Value &asn1) {
+    return asn1.GetIA5String();
+  }
+
+  static Status Set(Asn1Value *asn1, const ValueType &value) {
+    return asn1->SetIA5String(value);
+  }
+
+  static StatusOr<Asn1Value> CreateFromBssl(const BsslValueType &bssl_value) {
+    return Asn1Value::CreateIA5StringFromBssl(*bssl_value);
+  }
+
+  static StatusOr<BsslValueType> GetBssl(const Asn1Value &asn1) {
+    return asn1.GetBsslIA5String();
+  }
+
+  static Status SetBssl(Asn1Value *asn1, const BsslValueType &bssl_value) {
+    return asn1->SetBsslIA5String(*bssl_value);
+  }
+};
+
 using Asn1TestingTypes = Types<
     Asn1TypeTag<Asn1Type::kBoolean>, Asn1TypeTag<Asn1Type::kInteger>,
     Asn1IntegerConversionTag<int8_t>, Asn1IntegerConversionTag<uint8_t>,
@@ -946,7 +993,7 @@ using Asn1TestingTypes = Types<
     Asn1EnumeratedConversionTag<uint32_t>, Asn1EnumeratedConversionTag<int64_t>,
     Asn1EnumeratedConversionTag<uint16_t>, Asn1TypeTag<Asn1Type::kBitString>,
     Asn1TypeTag<Asn1Type::kOctetString>, Asn1TypeTag<Asn1Type::kObjectId>,
-    Asn1TypeTag<Asn1Type::kSequence>>;
+    Asn1TypeTag<Asn1Type::kSequence>, Asn1TypeTag<Asn1Type::kIA5String>>;
 TYPED_TEST_SUITE(Asn1Test, Asn1TestingTypes);
 
 // std::vector<Asn1ValueType<TestParam::value>>::const_reference is used for