1// Copyright 2017 The Go Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5package cryptobyte 6 7import ( 8 "bytes" 9 encoding_asn1 "encoding/asn1" 10 "math/big" 11 "reflect" 12 "testing" 13 "time" 14 15 "golang.org/x/crypto/cryptobyte/asn1" 16) 17 18type readASN1Test struct { 19 name string 20 in []byte 21 tag asn1.Tag 22 ok bool 23 out interface{} 24} 25 26var readASN1TestData = []readASN1Test{ 27 {"valid", []byte{0x30, 2, 1, 2}, 0x30, true, []byte{1, 2}}, 28 {"truncated", []byte{0x30, 3, 1, 2}, 0x30, false, nil}, 29 {"zero length of length", []byte{0x30, 0x80}, 0x30, false, nil}, 30 {"invalid long form length", []byte{0x30, 0x81, 1, 1}, 0x30, false, nil}, 31 {"non-minimal length", append([]byte{0x30, 0x82, 0, 0x80}, make([]byte, 0x80)...), 0x30, false, nil}, 32 {"invalid tag", []byte{0xa1, 3, 0x4, 1, 1}, 31, false, nil}, 33 {"high tag", []byte{0x1f, 0x81, 0x80, 0x01, 2, 1, 2}, 0xff /* actually 0x4001, but tag is uint8 */, false, nil}, 34 {"2**31 - 1 length", []byte{0x30, 0x84, 0x7f, 0xff, 0xff, 0xff}, 0x30, false, nil}, 35 {"2**32 - 1 length", []byte{0x30, 0x84, 0xff, 0xff, 0xff, 0xff}, 0x30, false, nil}, 36 {"2**63 - 1 length", []byte{0x30, 0x88, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 0x30, false, nil}, 37 {"2**64 - 1 length", []byte{0x30, 0x88, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 0x30, false, nil}, 38} 39 40func TestReadASN1(t *testing.T) { 41 for _, test := range readASN1TestData { 42 t.Run(test.name, func(t *testing.T) { 43 var in, out String = test.in, nil 44 ok := in.ReadASN1(&out, test.tag) 45 if ok != test.ok || ok && !bytes.Equal(out, test.out.([]byte)) { 46 t.Errorf("in.ReadASN1() = %v, want %v; out = %v, want %v", ok, test.ok, out, test.out) 47 } 48 }) 49 } 50} 51 52func TestReadASN1Optional(t *testing.T) { 53 var empty String 54 var present bool 55 ok := empty.ReadOptionalASN1(nil, &present, 0xa0) 56 if !ok || present { 57 t.Errorf("empty.ReadOptionalASN1() = %v, want true; present = %v want false", ok, present) 58 } 59 60 var in, out String = []byte{0xa1, 3, 0x4, 1, 1}, nil 61 ok = in.ReadOptionalASN1(&out, &present, 0xa0) 62 if !ok || present { 63 t.Errorf("in.ReadOptionalASN1() = %v, want true, present = %v, want false", ok, present) 64 } 65 ok = in.ReadOptionalASN1(&out, &present, 0xa1) 66 wantBytes := []byte{4, 1, 1} 67 if !ok || !present || !bytes.Equal(out, wantBytes) { 68 t.Errorf("in.ReadOptionalASN1() = %v, want true; present = %v, want true; out = %v, want = %v", ok, present, out, wantBytes) 69 } 70} 71 72var optionalOctetStringTestData = []struct { 73 readASN1Test 74 present bool 75}{ 76 {readASN1Test{"empty", []byte{}, 0xa0, true, []byte{}}, false}, 77 {readASN1Test{"invalid", []byte{0xa1, 3, 0x4, 2, 1}, 0xa1, false, []byte{}}, true}, 78 {readASN1Test{"missing", []byte{0xa1, 3, 0x4, 1, 1}, 0xa0, true, []byte{}}, false}, 79 {readASN1Test{"present", []byte{0xa1, 3, 0x4, 1, 1}, 0xa1, true, []byte{1}}, true}, 80} 81 82func TestReadASN1OptionalOctetString(t *testing.T) { 83 for _, test := range optionalOctetStringTestData { 84 t.Run(test.name, func(t *testing.T) { 85 in := String(test.in) 86 var out []byte 87 var present bool 88 ok := in.ReadOptionalASN1OctetString(&out, &present, test.tag) 89 if ok != test.ok || present != test.present || !bytes.Equal(out, test.out.([]byte)) { 90 t.Errorf("in.ReadOptionalASN1OctetString() = %v, want %v; present = %v want %v; out = %v, want %v", ok, test.ok, present, test.present, out, test.out) 91 } 92 }) 93 } 94} 95 96const defaultInt = -1 97 98var optionalIntTestData = []readASN1Test{ 99 {"empty", []byte{}, 0xa0, true, defaultInt}, 100 {"invalid", []byte{0xa1, 3, 0x2, 2, 127}, 0xa1, false, 0}, 101 {"missing", []byte{0xa1, 3, 0x2, 1, 127}, 0xa0, true, defaultInt}, 102 {"present", []byte{0xa1, 3, 0x2, 1, 42}, 0xa1, true, 42}, 103} 104 105func TestReadASN1OptionalInteger(t *testing.T) { 106 for _, test := range optionalIntTestData { 107 t.Run(test.name, func(t *testing.T) { 108 in := String(test.in) 109 var out int 110 ok := in.ReadOptionalASN1Integer(&out, test.tag, defaultInt) 111 if ok != test.ok || ok && out != test.out.(int) { 112 t.Errorf("in.ReadOptionalASN1Integer() = %v, want %v; out = %v, want %v", ok, test.ok, out, test.out) 113 } 114 }) 115 } 116} 117 118func TestReadASN1IntegerSigned(t *testing.T) { 119 testData64 := []struct { 120 in []byte 121 out int64 122 }{ 123 {[]byte{2, 3, 128, 0, 0}, -0x800000}, 124 {[]byte{2, 2, 255, 0}, -256}, 125 {[]byte{2, 2, 255, 127}, -129}, 126 {[]byte{2, 1, 128}, -128}, 127 {[]byte{2, 1, 255}, -1}, 128 {[]byte{2, 1, 0}, 0}, 129 {[]byte{2, 1, 1}, 1}, 130 {[]byte{2, 1, 2}, 2}, 131 {[]byte{2, 1, 127}, 127}, 132 {[]byte{2, 2, 0, 128}, 128}, 133 {[]byte{2, 2, 1, 0}, 256}, 134 {[]byte{2, 4, 0, 128, 0, 0}, 0x800000}, 135 } 136 for i, test := range testData64 { 137 in := String(test.in) 138 var out int64 139 ok := in.ReadASN1Integer(&out) 140 if !ok || out != test.out { 141 t.Errorf("#%d: in.ReadASN1Integer() = %v, want true; out = %d, want %d", i, ok, out, test.out) 142 } 143 } 144 145 // Repeat the same cases, reading into a big.Int. 146 t.Run("big.Int", func(t *testing.T) { 147 for i, test := range testData64 { 148 in := String(test.in) 149 var out big.Int 150 ok := in.ReadASN1Integer(&out) 151 if !ok || out.Int64() != test.out { 152 t.Errorf("#%d: in.ReadASN1Integer() = %v, want true; out = %d, want %d", i, ok, out.Int64(), test.out) 153 } 154 } 155 }) 156 157 // Repeat with the implicit-tagging functions 158 t.Run("WithTag", func(t *testing.T) { 159 for i, test := range testData64 { 160 tag := asn1.Tag((i * 3) % 32).ContextSpecific() 161 162 testData := make([]byte, len(test.in)) 163 copy(testData, test.in) 164 165 // Alter the tag of the test case. 166 testData[0] = uint8(tag) 167 168 in := String(testData) 169 var out int64 170 ok := in.ReadASN1Int64WithTag(&out, tag) 171 if !ok || out != test.out { 172 t.Errorf("#%d: in.ReadASN1Int64WithTag() = %v, want true; out = %d, want %d", i, ok, out, test.out) 173 } 174 175 var b Builder 176 b.AddASN1Int64WithTag(test.out, tag) 177 result, err := b.Bytes() 178 179 if err != nil { 180 t.Errorf("#%d: AddASN1Int64WithTag failed: %s", i, err) 181 continue 182 } 183 184 if !bytes.Equal(result, testData) { 185 t.Errorf("#%d: AddASN1Int64WithTag: got %x, want %x", i, result, testData) 186 } 187 } 188 }) 189} 190 191func TestReadASN1IntegerUnsigned(t *testing.T) { 192 testData := []struct { 193 in []byte 194 out uint64 195 }{ 196 {[]byte{2, 1, 0}, 0}, 197 {[]byte{2, 1, 1}, 1}, 198 {[]byte{2, 1, 2}, 2}, 199 {[]byte{2, 1, 127}, 127}, 200 {[]byte{2, 2, 0, 128}, 128}, 201 {[]byte{2, 2, 1, 0}, 256}, 202 {[]byte{2, 4, 0, 128, 0, 0}, 0x800000}, 203 {[]byte{2, 8, 127, 255, 255, 255, 255, 255, 255, 255}, 0x7fffffffffffffff}, 204 {[]byte{2, 9, 0, 128, 0, 0, 0, 0, 0, 0, 0}, 0x8000000000000000}, 205 {[]byte{2, 9, 0, 255, 255, 255, 255, 255, 255, 255, 255}, 0xffffffffffffffff}, 206 } 207 for i, test := range testData { 208 in := String(test.in) 209 var out uint64 210 ok := in.ReadASN1Integer(&out) 211 if !ok || out != test.out { 212 t.Errorf("#%d: in.ReadASN1Integer() = %v, want true; out = %d, want %d", i, ok, out, test.out) 213 } 214 } 215} 216 217func TestReadASN1IntegerInvalid(t *testing.T) { 218 testData := []String{ 219 []byte{3, 1, 0}, // invalid tag 220 // truncated 221 []byte{2, 1}, 222 []byte{2, 2, 0}, 223 // not minimally encoded 224 []byte{2, 2, 0, 1}, 225 []byte{2, 2, 0xff, 0xff}, 226 } 227 228 for i, test := range testData { 229 var out int64 230 if test.ReadASN1Integer(&out) { 231 t.Errorf("#%d: in.ReadASN1Integer() = true, want false (out = %d)", i, out) 232 } 233 } 234} 235 236func TestASN1ObjectIdentifier(t *testing.T) { 237 testData := []struct { 238 in []byte 239 ok bool 240 out []int 241 }{ 242 {[]byte{}, false, []int{}}, 243 {[]byte{6, 0}, false, []int{}}, 244 {[]byte{5, 1, 85}, false, []int{2, 5}}, 245 {[]byte{6, 1, 85}, true, []int{2, 5}}, 246 {[]byte{6, 2, 85, 0x02}, true, []int{2, 5, 2}}, 247 {[]byte{6, 4, 85, 0x02, 0xc0, 0x00}, true, []int{2, 5, 2, 0x2000}}, 248 {[]byte{6, 3, 0x81, 0x34, 0x03}, true, []int{2, 100, 3}}, 249 {[]byte{6, 7, 85, 0x02, 0xc0, 0x80, 0x80, 0x80, 0x80}, false, []int{}}, 250 } 251 252 for i, test := range testData { 253 in := String(test.in) 254 var out encoding_asn1.ObjectIdentifier 255 ok := in.ReadASN1ObjectIdentifier(&out) 256 if ok != test.ok || ok && !out.Equal(test.out) { 257 t.Errorf("#%d: in.ReadASN1ObjectIdentifier() = %v, want %v; out = %v, want %v", i, ok, test.ok, out, test.out) 258 continue 259 } 260 261 var b Builder 262 b.AddASN1ObjectIdentifier(out) 263 result, err := b.Bytes() 264 if builderOk := err == nil; test.ok != builderOk { 265 t.Errorf("#%d: error from Builder.Bytes: %s", i, err) 266 continue 267 } 268 if test.ok && !bytes.Equal(result, test.in) { 269 t.Errorf("#%d: reserialisation didn't match, got %x, want %x", i, result, test.in) 270 continue 271 } 272 } 273} 274 275func TestReadASN1GeneralizedTime(t *testing.T) { 276 testData := []struct { 277 in string 278 ok bool 279 out time.Time 280 }{ 281 {"20100102030405Z", true, time.Date(2010, 01, 02, 03, 04, 05, 0, time.UTC)}, 282 {"20100102030405", false, time.Time{}}, 283 {"20100102030405+0607", true, time.Date(2010, 01, 02, 03, 04, 05, 0, time.FixedZone("", 6*60*60+7*60))}, 284 {"20100102030405-0607", true, time.Date(2010, 01, 02, 03, 04, 05, 0, time.FixedZone("", -6*60*60-7*60))}, 285 /* These are invalid times. However, the time package normalises times 286 * and they were accepted in some versions. See #11134. */ 287 {"00000100000000Z", false, time.Time{}}, 288 {"20101302030405Z", false, time.Time{}}, 289 {"20100002030405Z", false, time.Time{}}, 290 {"20100100030405Z", false, time.Time{}}, 291 {"20100132030405Z", false, time.Time{}}, 292 {"20100231030405Z", false, time.Time{}}, 293 {"20100102240405Z", false, time.Time{}}, 294 {"20100102036005Z", false, time.Time{}}, 295 {"20100102030460Z", false, time.Time{}}, 296 {"-20100102030410Z", false, time.Time{}}, 297 {"2010-0102030410Z", false, time.Time{}}, 298 {"2010-0002030410Z", false, time.Time{}}, 299 {"201001-02030410Z", false, time.Time{}}, 300 {"20100102-030410Z", false, time.Time{}}, 301 {"2010010203-0410Z", false, time.Time{}}, 302 {"201001020304-10Z", false, time.Time{}}, 303 } 304 for i, test := range testData { 305 in := String(append([]byte{byte(asn1.GeneralizedTime), byte(len(test.in))}, test.in...)) 306 var out time.Time 307 ok := in.ReadASN1GeneralizedTime(&out) 308 if ok != test.ok || ok && !reflect.DeepEqual(out, test.out) { 309 t.Errorf("#%d: in.ReadASN1GeneralizedTime() = %v, want %v; out = %q, want %q", i, ok, test.ok, out, test.out) 310 } 311 } 312} 313 314func TestReadASN1UTCTime(t *testing.T) { 315 testData := []struct { 316 in string 317 ok bool 318 out time.Time 319 }{ 320 {"000102030405Z", true, time.Date(2000, 01, 02, 03, 04, 05, 0, time.UTC)}, 321 {"500102030405Z", true, time.Date(1950, 01, 02, 03, 04, 05, 0, time.UTC)}, 322 {"490102030405Z", true, time.Date(2049, 01, 02, 03, 04, 05, 0, time.UTC)}, 323 {"990102030405Z", true, time.Date(1999, 01, 02, 03, 04, 05, 0, time.UTC)}, 324 {"250102030405Z", true, time.Date(2025, 01, 02, 03, 04, 05, 0, time.UTC)}, 325 {"750102030405Z", true, time.Date(1975, 01, 02, 03, 04, 05, 0, time.UTC)}, 326 {"000102030405+0905", true, time.Date(2000, 01, 02, 03, 04, 05, 0, time.FixedZone("", 9*60*60+5*60))}, 327 {"000102030405-0905", true, time.Date(2000, 01, 02, 03, 04, 05, 0, time.FixedZone("", -9*60*60-5*60))}, 328 {"0001020304Z", true, time.Date(2000, 01, 02, 03, 04, 0, 0, time.UTC)}, 329 {"5001020304Z", true, time.Date(1950, 01, 02, 03, 04, 00, 0, time.UTC)}, 330 {"0001020304+0905", true, time.Date(2000, 01, 02, 03, 04, 0, 0, time.FixedZone("", 9*60*60+5*60))}, 331 {"0001020304-0905", true, time.Date(2000, 01, 02, 03, 04, 0, 0, time.FixedZone("", -9*60*60-5*60))}, 332 {"000102030405Z0700", false, time.Time{}}, 333 {"000102030405", false, time.Time{}}, 334 } 335 for i, test := range testData { 336 in := String(append([]byte{byte(asn1.UTCTime), byte(len(test.in))}, test.in...)) 337 var out time.Time 338 ok := in.ReadASN1UTCTime(&out) 339 if ok != test.ok || ok && !reflect.DeepEqual(out, test.out) { 340 t.Errorf("#%d: in.ReadASN1UTCTime() = %v, want %v; out = %q, want %q", i, ok, test.ok, out, test.out) 341 } 342 } 343} 344 345func TestReadASN1BitString(t *testing.T) { 346 testData := []struct { 347 in []byte 348 ok bool 349 out encoding_asn1.BitString 350 }{ 351 {[]byte{}, false, encoding_asn1.BitString{}}, 352 {[]byte{0x00}, true, encoding_asn1.BitString{}}, 353 {[]byte{0x07, 0x00}, true, encoding_asn1.BitString{Bytes: []byte{0}, BitLength: 1}}, 354 {[]byte{0x07, 0x01}, false, encoding_asn1.BitString{}}, 355 {[]byte{0x07, 0x40}, false, encoding_asn1.BitString{}}, 356 {[]byte{0x08, 0x00}, false, encoding_asn1.BitString{}}, 357 {[]byte{0xff}, false, encoding_asn1.BitString{}}, 358 {[]byte{0xfe, 0x00}, false, encoding_asn1.BitString{}}, 359 } 360 for i, test := range testData { 361 in := String(append([]byte{3, byte(len(test.in))}, test.in...)) 362 var out encoding_asn1.BitString 363 ok := in.ReadASN1BitString(&out) 364 if ok != test.ok || ok && (!bytes.Equal(out.Bytes, test.out.Bytes) || out.BitLength != test.out.BitLength) { 365 t.Errorf("#%d: in.ReadASN1BitString() = %v, want %v; out = %v, want %v", i, ok, test.ok, out, test.out) 366 } 367 } 368} 369 370func TestAddASN1BigInt(t *testing.T) { 371 x := big.NewInt(-1) 372 var b Builder 373 b.AddASN1BigInt(x) 374 got, err := b.Bytes() 375 if err != nil { 376 t.Fatalf("unexpected error adding -1: %v", err) 377 } 378 s := String(got) 379 var y big.Int 380 ok := s.ReadASN1Integer(&y) 381 if !ok || x.Cmp(&y) != 0 { 382 t.Errorf("unexpected bytes %v, want %v", &y, x) 383 } 384} 385 386func TestReadASN1Boolean(t *testing.T) { 387 testData := []struct { 388 in []byte 389 ok bool 390 out bool 391 }{ 392 {[]byte{}, false, false}, 393 {[]byte{0x01, 0x01, 0x00}, true, false}, 394 {[]byte{0x01, 0x01, 0xff}, true, true}, 395 {[]byte{0x01, 0x01, 0x01}, false, false}, 396 } 397 for i, test := range testData { 398 in := String(test.in) 399 var out bool 400 ok := in.ReadASN1Boolean(&out) 401 if ok != test.ok || ok && (out != test.out) { 402 t.Errorf("#%d: in.ReadASN1Boolean() = %v, want %v; out = %v, want %v", i, ok, test.ok, out, test.out) 403 } 404 } 405} 406