From 8c427a7b537a35d6685fb8a95e9b64732d6b4c49 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Wed, 23 Dec 2015 01:59:40 -0500
Subject: First round of fixes for new ASN.1 and test code.

---
 asn1.c             | 24 +++++++++++++-----------
 tests/GNUmakefile  |  2 +-
 tests/test-ecdsa.c |  3 +++
 tests/test-rsa.c   | 17 +++++++++++++----
 4 files changed, 30 insertions(+), 16 deletions(-)

diff --git a/asn1.c b/asn1.c
index 3786cbd..c50a7b4 100644
--- a/asn1.c
+++ b/asn1.c
@@ -170,9 +170,9 @@ hal_error_t hal_asn1_encode_spki(const uint8_t * const alg_oid,   const size_t a
 
   size_t hlen, hlen_spki, hlen_algid, hlen_alg, hlen_curve, hlen_bit;
 
-  if ((err = hal_asn1_encode_header(ASN1_OBJECT_IDENTIFIER, alg_oid_len,   NULL, &hlen_alg,   0)) != HAL_OK ||
-      (err = hal_asn1_encode_header(curve_oid_tag,          curve_oid_len, NULL, &hlen_curve, 0)) != HAL_OK ||
-      (err = hal_asn1_encode_header(ASN1_BIT_STRING,        pubkey_len,    NULL, &hlen_bit,   0)) != HAL_OK)
+  if ((err = hal_asn1_encode_header(ASN1_OBJECT_IDENTIFIER, alg_oid_len,    NULL, &hlen_alg,   0)) != HAL_OK ||
+      (err = hal_asn1_encode_header(curve_oid_tag,          curve_oid_len,  NULL, &hlen_curve, 0)) != HAL_OK ||
+      (err = hal_asn1_encode_header(ASN1_BIT_STRING,        1 + pubkey_len, NULL, &hlen_bit,   0)) != HAL_OK)
     return err;
 
   const size_t algid_len = hlen_alg + alg_oid_len + hlen_curve + curve_oid_len;
@@ -180,7 +180,7 @@ hal_error_t hal_asn1_encode_spki(const uint8_t * const alg_oid,   const size_t a
   if ((err = hal_asn1_encode_header(ASN1_SEQUENCE,          algid_len,     NULL, &hlen_algid, 0)) != HAL_OK)
     return err;
 
-  const size_t vlen = hlen_algid + hlen_alg + alg_oid_len + hlen_curve + curve_oid_len + hlen_bit + pubkey_len;
+  const size_t vlen = hlen_algid + hlen_alg + alg_oid_len + hlen_curve + curve_oid_len + hlen_bit + 1 + pubkey_len;
 
   if ((err = hal_asn1_encode_header(ASN1_SEQUENCE,          vlen,          NULL, &hlen_spki,  0)) != HAL_OK)
     return err;
@@ -200,7 +200,7 @@ hal_error_t hal_asn1_encode_spki(const uint8_t * const alg_oid,   const size_t a
     return err;
 
   uint8_t *d = der + hlen;
-  memset(d, 0, vlen);
+  memset(d, 0, vlen - pubkey_len);
 
   if ((err = hal_asn1_encode_header(ASN1_SEQUENCE, algid_len, d, &hlen, der + der_max - d)) != HAL_OK)
     return err;
@@ -219,9 +219,10 @@ hal_error_t hal_asn1_encode_spki(const uint8_t * const alg_oid,   const size_t a
     memcpy(d, curve_oid, curve_oid_len);
   d += curve_oid_len;
 
-  if ((err = hal_asn1_encode_header(ASN1_BIT_STRING, pubkey_len, d, &hlen, der + der_max - d)) != HAL_OK)
+  if ((err = hal_asn1_encode_header(ASN1_BIT_STRING, 1 + pubkey_len, d, &hlen, der + der_max - d)) != HAL_OK)
     return err;
   d += hlen;
+  *d++ = 0x00;
 
   d += pubkey_len;              /* pubkey handled early, above. */
 
@@ -310,16 +311,17 @@ hal_error_t hal_asn1_decode_spki(const uint8_t **alg_oid,   size_t *alg_oid_len,
       pubkey == NULL || pubkey_len == NULL || der == NULL)
     return HAL_ERROR_BAD_ARGUMENTS;
 
+  const uint8_t * const der_end = der + der_len;
+  const uint8_t *d = der;
+
   size_t hlen, vlen;
   hal_error_t err;
 
-  if ((err = hal_asn1_decode_header(ASN1_SEQUENCE, der, der_len, &hlen, &vlen)) != HAL_OK)
+  if ((err = hal_asn1_decode_header(ASN1_SEQUENCE, d, der_end - d, &hlen, &vlen)) != HAL_OK)
     return err;
+  d += hlen;
 
-  const uint8_t * const der_end = der + hlen + vlen;
-  const uint8_t *d = der + hlen;
-
-  if ((err = hal_asn1_decode_header(ASN1_SEQUENCE, der, der_end - d, &hlen, &vlen)) != HAL_OK)
+  if ((err = hal_asn1_decode_header(ASN1_SEQUENCE, d, der_end - d, &hlen, &vlen)) != HAL_OK)
     return err;
   d += hlen;
 
diff --git a/tests/GNUmakefile b/tests/GNUmakefile
index 50b33a1..ba515f7 100644
--- a/tests/GNUmakefile
+++ b/tests/GNUmakefile
@@ -36,7 +36,7 @@ CFLAGS	= -g3 -Wall -fPIC -std=c99 -I..
 all: ${BIN}
 
 test: all
-	for i in ${BIN}; do ./$$i; done
+	for i in ${BIN}; do (set -x; ./$$i); done
 
 clean:
 	rm -f *.o ${BIN}
diff --git a/tests/test-ecdsa.c b/tests/test-ecdsa.c
index bdcfca6..da2b367 100644
--- a/tests/test-ecdsa.c
+++ b/tests/test-ecdsa.c
@@ -231,6 +231,9 @@ static int test_against_static_vectors(const ecdsa_tc_t * const tc)
   if (err != HAL_OK)
     return printf("hal_ecdsa_public_key_to_der() failed: %s\n", hal_error_string(err)), 0;
 
+  if ((err = hal_ecdsa_public_key_from_der(&key2, keybuf2, sizeof(keybuf2), der, der_len)) != HAL_OK)
+    return printf("hal_ecdsa_public_key_from_der() failed: %s\n", hal_error_string(err)), 0;
+
   if (memcmp(key1, key2, hal_ecdsa_key_t_size) != 0)
     return printf("Public key mismatch after second read/write cycle\n"), 0;
 
diff --git a/tests/test-rsa.c b/tests/test-rsa.c
index 737387c..1fc516b 100644
--- a/tests/test-rsa.c
+++ b/tests/test-rsa.c
@@ -161,7 +161,7 @@ static int test_gen(const hal_core_t *core,
     return printf("Converting RSA key back from DER failed: %s\n", hal_error_string(err)), 0;
 
   if (memcmp(keybuf1, keybuf2, hal_rsa_key_t_size) != 0)
-    return printf("RSA key mismatch after conversion to and back from DER\n"), 0;
+    return printf("RSA private key mismatch after conversion to and back from DER\n"), 0;
 
   uint8_t result[tc->n.len];
 
@@ -175,7 +175,7 @@ static int test_gen(const hal_core_t *core,
     return printf("Couldn't open %s: %s\n", fn, strerror(errno)), 0;
 
   if (fwrite(result, sizeof(result), 1, f) != 1)
-    return printf("Length mismatch writing %s key\n", fn), 0;
+    return printf("Length mismatch writing %s\n", fn), 0;
 
   if (fclose(f) == EOF)
     return printf("Couldn't close %s: %s\n", fn, strerror(errno)), 0;
@@ -194,6 +194,15 @@ static int test_gen(const hal_core_t *core,
   hal_rsa_key_clear(key2);
   key2 = NULL;
 
+  if ((f = fopen(fn, "rb")) == NULL)
+    return printf("Couldn't open %s: %s\n", fn, strerror(errno)), 0;
+
+  if (fread(result, sizeof(result), 1, f) != 1)
+    return printf("Length mismatch reading %s\n", fn), 0;
+
+  if (fclose(f) == EOF)
+    return printf("Couldn't close %s: %s\n", fn, strerror(errno)), 0;
+
   err = hal_rsa_public_key_to_der(key1, der, &der_len, sizeof(der));
 
   snprintf(fn, sizeof(fn), "test-rsa-public-key-%04lu.der", (unsigned long) tc->size);
@@ -212,8 +221,8 @@ static int test_gen(const hal_core_t *core,
   if (err != HAL_OK)
     return printf("Converting RSA public key to DER failed: %s\n", hal_error_string(err)), 0;
 
-  if ((err = hal_rsa_private_key_from_der(&key2, keybuf2, sizeof(keybuf2), der, sizeof(der))) != HAL_OK)
-    return printf("Converting RSA key back from DER failed: %s\n", hal_error_string(err)), 0;
+  if ((err = hal_rsa_public_key_from_der(&key2, keybuf2, sizeof(keybuf2), der, der_len)) != HAL_OK)
+    return printf("Converting RSA public key back from DER failed: %s\n", hal_error_string(err)), 0;
 
   /*
    * Can't directly compare private key with public key.  We could
-- 
cgit v1.2.3