Home | History | Annotate | Download | only in cryptobyte 
      1 // Copyright 2017 The Go Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style
      3 // license that can be found in the LICENSE file.
      4 
      5 package cryptobyte
      6 
      7 import (
      8 	"bytes"
      9 	encoding_asn1 "encoding/asn1"
     10 	"math/big"
     11 	"reflect"
     12 	"testing"
     13 	"time"
     14 
     15 	"golang_org/x/crypto/cryptobyte/asn1"
     16 )
     17 
     18 type readASN1Test struct {
     19 	name string
     20 	in   []byte
     21 	tag  asn1.Tag
     22 	ok   bool
     23 	out  interface{}
     24 }
     25 
     26 var readASN1TestData = []readASN1Test{
     27 	{"valid", []byte{0x30, 2, 1, 2}, 0x30, true, []byte{1, 2}},
     28 	{"truncated", []byte{0x30, 3, 1, 2}, 0x30, false, nil},
     29 	{"zero length of length", []byte{0x30, 0x80}, 0x30, false, nil},
     30 	{"invalid long form length", []byte{0x30, 0x81, 1, 1}, 0x30, false, nil},
     31 	{"non-minimal length", append([]byte{0x30, 0x82, 0, 0x80}, make([]byte, 0x80)...), 0x30, false, nil},
     32 	{"invalid tag", []byte{0xa1, 3, 0x4, 1, 1}, 31, false, nil},
     33 	{"high tag", []byte{0x1f, 0x81, 0x80, 0x01, 2, 1, 2}, 0xff /* actually 0x4001, but tag is uint8 */, false, nil},
     34 }
     35 
     36 func TestReadASN1(t *testing.T) {
     37 	for _, test := range readASN1TestData {
     38 		t.Run(test.name, func(t *testing.T) {
     39 			var in, out String = test.in, nil
     40 			ok := in.ReadASN1(&out, test.tag)
     41 			if ok != test.ok || ok && !bytes.Equal(out, test.out.([]byte)) {
     42 				t.Errorf("in.ReadASN1() = %v, want %v; out = %v, want %v", ok, test.ok, out, test.out)
     43 			}
     44 		})
     45 	}
     46 }
     47 
     48 func TestReadASN1Optional(t *testing.T) {
     49 	var empty String
     50 	var present bool
     51 	ok := empty.ReadOptionalASN1(nil, &present, 0xa0)
     52 	if !ok || present {
     53 		t.Errorf("empty.ReadOptionalASN1() = %v, want true; present = %v want false", ok, present)
     54 	}
     55 
     56 	var in, out String = []byte{0xa1, 3, 0x4, 1, 1}, nil
     57 	ok = in.ReadOptionalASN1(&out, &present, 0xa0)
     58 	if !ok || present {
     59 		t.Errorf("in.ReadOptionalASN1() = %v, want true, present = %v, want false", ok, present)
     60 	}
     61 	ok = in.ReadOptionalASN1(&out, &present, 0xa1)
     62 	wantBytes := []byte{4, 1, 1}
     63 	if !ok || !present || !bytes.Equal(out, wantBytes) {
     64 		t.Errorf("in.ReadOptionalASN1() = %v, want true; present = %v, want true; out = %v, want = %v", ok, present, out, wantBytes)
     65 	}
     66 }
     67 
     68 var optionalOctetStringTestData = []struct {
     69 	readASN1Test
     70 	present bool
     71 }{
     72 	{readASN1Test{"empty", []byte{}, 0xa0, true, []byte{}}, false},
     73 	{readASN1Test{"invalid", []byte{0xa1, 3, 0x4, 2, 1}, 0xa1, false, []byte{}}, true},
     74 	{readASN1Test{"missing", []byte{0xa1, 3, 0x4, 1, 1}, 0xa0, true, []byte{}}, false},
     75 	{readASN1Test{"present", []byte{0xa1, 3, 0x4, 1, 1}, 0xa1, true, []byte{1}}, true},
     76 }
     77 
     78 func TestReadASN1OptionalOctetString(t *testing.T) {
     79 	for _, test := range optionalOctetStringTestData {
     80 		t.Run(test.name, func(t *testing.T) {
     81 			in := String(test.in)
     82 			var out []byte
     83 			var present bool
     84 			ok := in.ReadOptionalASN1OctetString(&out, &present, test.tag)
     85 			if ok != test.ok || present != test.present || !bytes.Equal(out, test.out.([]byte)) {
     86 				t.Errorf("in.ReadOptionalASN1OctetString() = %v, want %v; present = %v want %v; out = %v, want %v", ok, test.ok, present, test.present, out, test.out)
     87 			}
     88 		})
     89 	}
     90 }
     91 
     92 const defaultInt = -1
     93 
     94 var optionalIntTestData = []readASN1Test{
     95 	{"empty", []byte{}, 0xa0, true, defaultInt},
     96 	{"invalid", []byte{0xa1, 3, 0x2, 2, 127}, 0xa1, false, 0},
     97 	{"missing", []byte{0xa1, 3, 0x2, 1, 127}, 0xa0, true, defaultInt},
     98 	{"present", []byte{0xa1, 3, 0x2, 1, 42}, 0xa1, true, 42},
     99 }
    100 
    101 func TestReadASN1OptionalInteger(t *testing.T) {
    102 	for _, test := range optionalIntTestData {
    103 		t.Run(test.name, func(t *testing.T) {
    104 			in := String(test.in)
    105 			var out int
    106 			ok := in.ReadOptionalASN1Integer(&out, test.tag, defaultInt)
    107 			if ok != test.ok || ok && out != test.out.(int) {
    108 				t.Errorf("in.ReadOptionalASN1Integer() = %v, want %v; out = %v, want %v", ok, test.ok, out, test.out)
    109 			}
    110 		})
    111 	}
    112 }
    113 
    114 func TestReadASN1IntegerSigned(t *testing.T) {
    115 	testData64 := []struct {
    116 		in  []byte
    117 		out int64
    118 	}{
    119 		{[]byte{2, 3, 128, 0, 0}, -0x800000},
    120 		{[]byte{2, 2, 255, 0}, -256},
    121 		{[]byte{2, 2, 255, 127}, -129},
    122 		{[]byte{2, 1, 128}, -128},
    123 		{[]byte{2, 1, 255}, -1},
    124 		{[]byte{2, 1, 0}, 0},
    125 		{[]byte{2, 1, 1}, 1},
    126 		{[]byte{2, 1, 2}, 2},
    127 		{[]byte{2, 1, 127}, 127},
    128 		{[]byte{2, 2, 0, 128}, 128},
    129 		{[]byte{2, 2, 1, 0}, 256},
    130 		{[]byte{2, 4, 0, 128, 0, 0}, 0x800000},
    131 	}
    132 	for i, test := range testData64 {
    133 		in := String(test.in)
    134 		var out int64
    135 		ok := in.ReadASN1Integer(&out)
    136 		if !ok || out != test.out {
    137 			t.Errorf("#%d: in.ReadASN1Integer() = %v, want true; out = %d, want %d", i, ok, out, test.out)
    138 		}
    139 	}
    140 
    141 	// Repeat the same cases, reading into a big.Int.
    142 	t.Run("big.Int", func(t *testing.T) {
    143 		for i, test := range testData64 {
    144 			in := String(test.in)
    145 			var out big.Int
    146 			ok := in.ReadASN1Integer(&out)
    147 			if !ok || out.Int64() != test.out {
    148 				t.Errorf("#%d: in.ReadASN1Integer() = %v, want true; out = %d, want %d", i, ok, out.Int64(), test.out)
    149 			}
    150 		}
    151 	})
    152 }
    153 
    154 func TestReadASN1IntegerUnsigned(t *testing.T) {
    155 	testData := []struct {
    156 		in  []byte
    157 		out uint64
    158 	}{
    159 		{[]byte{2, 1, 0}, 0},
    160 		{[]byte{2, 1, 1}, 1},
    161 		{[]byte{2, 1, 2}, 2},
    162 		{[]byte{2, 1, 127}, 127},
    163 		{[]byte{2, 2, 0, 128}, 128},
    164 		{[]byte{2, 2, 1, 0}, 256},
    165 		{[]byte{2, 4, 0, 128, 0, 0}, 0x800000},
    166 		{[]byte{2, 8, 127, 255, 255, 255, 255, 255, 255, 255}, 0x7fffffffffffffff},
    167 		{[]byte{2, 9, 0, 128, 0, 0, 0, 0, 0, 0, 0}, 0x8000000000000000},
    168 		{[]byte{2, 9, 0, 255, 255, 255, 255, 255, 255, 255, 255}, 0xffffffffffffffff},
    169 	}
    170 	for i, test := range testData {
    171 		in := String(test.in)
    172 		var out uint64
    173 		ok := in.ReadASN1Integer(&out)
    174 		if !ok || out != test.out {
    175 			t.Errorf("#%d: in.ReadASN1Integer() = %v, want true; out = %d, want %d", i, ok, out, test.out)
    176 		}
    177 	}
    178 }
    179 
    180 func TestReadASN1IntegerInvalid(t *testing.T) {
    181 	testData := []String{
    182 		[]byte{3, 1, 0}, // invalid tag
    183 		// truncated
    184 		[]byte{2, 1},
    185 		[]byte{2, 2, 0},
    186 		// not minimally encoded
    187 		[]byte{2, 2, 0, 1},
    188 		[]byte{2, 2, 0xff, 0xff},
    189 	}
    190 
    191 	for i, test := range testData {
    192 		var out int64
    193 		if test.ReadASN1Integer(&out) {
    194 			t.Errorf("#%d: in.ReadASN1Integer() = true, want false (out = %d)", i, out)
    195 		}
    196 	}
    197 }
    198 
    199 func TestASN1ObjectIdentifier(t *testing.T) {
    200 	testData := []struct {
    201 		in  []byte
    202 		ok  bool
    203 		out []int
    204 	}{
    205 		{[]byte{}, false, []int{}},
    206 		{[]byte{6, 0}, false, []int{}},
    207 		{[]byte{5, 1, 85}, false, []int{2, 5}},
    208 		{[]byte{6, 1, 85}, true, []int{2, 5}},
    209 		{[]byte{6, 2, 85, 0x02}, true, []int{2, 5, 2}},
    210 		{[]byte{6, 4, 85, 0x02, 0xc0, 0x00}, true, []int{2, 5, 2, 0x2000}},
    211 		{[]byte{6, 3, 0x81, 0x34, 0x03}, true, []int{2, 100, 3}},
    212 		{[]byte{6, 7, 85, 0x02, 0xc0, 0x80, 0x80, 0x80, 0x80}, false, []int{}},
    213 	}
    214 
    215 	for i, test := range testData {
    216 		in := String(test.in)
    217 		var out encoding_asn1.ObjectIdentifier
    218 		ok := in.ReadASN1ObjectIdentifier(&out)
    219 		if ok != test.ok || ok && !out.Equal(test.out) {
    220 			t.Errorf("#%d: in.ReadASN1ObjectIdentifier() = %v, want %v; out = %v, want %v", i, ok, test.ok, out, test.out)
    221 			continue
    222 		}
    223 
    224 		var b Builder
    225 		b.AddASN1ObjectIdentifier(out)
    226 		result, err := b.Bytes()
    227 		if builderOk := err == nil; test.ok != builderOk {
    228 			t.Errorf("#%d: error from Builder.Bytes: %s", i, err)
    229 			continue
    230 		}
    231 		if test.ok && !bytes.Equal(result, test.in) {
    232 			t.Errorf("#%d: reserialisation didn't match, got %x, want %x", i, result, test.in)
    233 			continue
    234 		}
    235 	}
    236 }
    237 
    238 func TestReadASN1GeneralizedTime(t *testing.T) {
    239 	testData := []struct {
    240 		in  string
    241 		ok  bool
    242 		out time.Time
    243 	}{
    244 		{"20100102030405Z", true, time.Date(2010, 01, 02, 03, 04, 05, 0, time.UTC)},
    245 		{"20100102030405", false, time.Time{}},
    246 		{"20100102030405+0607", true, time.Date(2010, 01, 02, 03, 04, 05, 0, time.FixedZone("", 6*60*60+7*60))},
    247 		{"20100102030405-0607", true, time.Date(2010, 01, 02, 03, 04, 05, 0, time.FixedZone("", -6*60*60-7*60))},
    248 		/* These are invalid times. However, the time package normalises times
    249 		 * and they were accepted in some versions. See #11134. */
    250 		{"00000100000000Z", false, time.Time{}},
    251 		{"20101302030405Z", false, time.Time{}},
    252 		{"20100002030405Z", false, time.Time{}},
    253 		{"20100100030405Z", false, time.Time{}},
    254 		{"20100132030405Z", false, time.Time{}},
    255 		{"20100231030405Z", false, time.Time{}},
    256 		{"20100102240405Z", false, time.Time{}},
    257 		{"20100102036005Z", false, time.Time{}},
    258 		{"20100102030460Z", false, time.Time{}},
    259 		{"-20100102030410Z", false, time.Time{}},
    260 		{"2010-0102030410Z", false, time.Time{}},
    261 		{"2010-0002030410Z", false, time.Time{}},
    262 		{"201001-02030410Z", false, time.Time{}},
    263 		{"20100102-030410Z", false, time.Time{}},
    264 		{"2010010203-0410Z", false, time.Time{}},
    265 		{"201001020304-10Z", false, time.Time{}},
    266 	}
    267 	for i, test := range testData {
    268 		in := String(append([]byte{byte(asn1.GeneralizedTime), byte(len(test.in))}, test.in...))
    269 		var out time.Time
    270 		ok := in.ReadASN1GeneralizedTime(&out)
    271 		if ok != test.ok || ok && !reflect.DeepEqual(out, test.out) {
    272 			t.Errorf("#%d: in.ReadASN1GeneralizedTime() = %v, want %v; out = %q, want %q", i, ok, test.ok, out, test.out)
    273 		}
    274 	}
    275 }
    276 
    277 func TestReadASN1BitString(t *testing.T) {
    278 	testData := []struct {
    279 		in  []byte
    280 		ok  bool
    281 		out encoding_asn1.BitString
    282 	}{
    283 		{[]byte{}, false, encoding_asn1.BitString{}},
    284 		{[]byte{0x00}, true, encoding_asn1.BitString{}},
    285 		{[]byte{0x07, 0x00}, true, encoding_asn1.BitString{Bytes: []byte{0}, BitLength: 1}},
    286 		{[]byte{0x07, 0x01}, false, encoding_asn1.BitString{}},
    287 		{[]byte{0x07, 0x40}, false, encoding_asn1.BitString{}},
    288 		{[]byte{0x08, 0x00}, false, encoding_asn1.BitString{}},
    289 		{[]byte{0xff}, false, encoding_asn1.BitString{}},
    290 		{[]byte{0xfe, 0x00}, false, encoding_asn1.BitString{}},
    291 	}
    292 	for i, test := range testData {
    293 		in := String(append([]byte{3, byte(len(test.in))}, test.in...))
    294 		var out encoding_asn1.BitString
    295 		ok := in.ReadASN1BitString(&out)
    296 		if ok != test.ok || ok && (!bytes.Equal(out.Bytes, test.out.Bytes) || out.BitLength != test.out.BitLength) {
    297 			t.Errorf("#%d: in.ReadASN1BitString() = %v, want %v; out = %v, want %v", i, ok, test.ok, out, test.out)
    298 		}
    299 	}
    300 }
    301