1// Copyright 2017 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5package cryptobyte
6
7import (
8	"bytes"
9	encoding_asn1 "encoding/asn1"
10	"math/big"
11	"reflect"
12	"testing"
13	"time"
14
15	"golang.org/x/crypto/cryptobyte/asn1"
16)
17
18type readASN1Test struct {
19	name string
20	in   []byte
21	tag  asn1.Tag
22	ok   bool
23	out  interface{}
24}
25
26var readASN1TestData = []readASN1Test{
27	{"valid", []byte{0x30, 2, 1, 2}, 0x30, true, []byte{1, 2}},
28	{"truncated", []byte{0x30, 3, 1, 2}, 0x30, false, nil},
29	{"zero length of length", []byte{0x30, 0x80}, 0x30, false, nil},
30	{"invalid long form length", []byte{0x30, 0x81, 1, 1}, 0x30, false, nil},
31	{"non-minimal length", append([]byte{0x30, 0x82, 0, 0x80}, make([]byte, 0x80)...), 0x30, false, nil},
32	{"invalid tag", []byte{0xa1, 3, 0x4, 1, 1}, 31, false, nil},
33	{"high tag", []byte{0x1f, 0x81, 0x80, 0x01, 2, 1, 2}, 0xff /* actually 0x4001, but tag is uint8 */, false, nil},
34}
35
36func TestReadASN1(t *testing.T) {
37	for _, test := range readASN1TestData {
38		t.Run(test.name, func(t *testing.T) {
39			var in, out String = test.in, nil
40			ok := in.ReadASN1(&out, test.tag)
41			if ok != test.ok || ok && !bytes.Equal(out, test.out.([]byte)) {
42				t.Errorf("in.ReadASN1() = %v, want %v; out = %v, want %v", ok, test.ok, out, test.out)
43			}
44		})
45	}
46}
47
48func TestReadASN1Optional(t *testing.T) {
49	var empty String
50	var present bool
51	ok := empty.ReadOptionalASN1(nil, &present, 0xa0)
52	if !ok || present {
53		t.Errorf("empty.ReadOptionalASN1() = %v, want true; present = %v want false", ok, present)
54	}
55
56	var in, out String = []byte{0xa1, 3, 0x4, 1, 1}, nil
57	ok = in.ReadOptionalASN1(&out, &present, 0xa0)
58	if !ok || present {
59		t.Errorf("in.ReadOptionalASN1() = %v, want true, present = %v, want false", ok, present)
60	}
61	ok = in.ReadOptionalASN1(&out, &present, 0xa1)
62	wantBytes := []byte{4, 1, 1}
63	if !ok || !present || !bytes.Equal(out, wantBytes) {
64		t.Errorf("in.ReadOptionalASN1() = %v, want true; present = %v, want true; out = %v, want = %v", ok, present, out, wantBytes)
65	}
66}
67
68var optionalOctetStringTestData = []struct {
69	readASN1Test
70	present bool
71}{
72	{readASN1Test{"empty", []byte{}, 0xa0, true, []byte{}}, false},
73	{readASN1Test{"invalid", []byte{0xa1, 3, 0x4, 2, 1}, 0xa1, false, []byte{}}, true},
74	{readASN1Test{"missing", []byte{0xa1, 3, 0x4, 1, 1}, 0xa0, true, []byte{}}, false},
75	{readASN1Test{"present", []byte{0xa1, 3, 0x4, 1, 1}, 0xa1, true, []byte{1}}, true},
76}
77
78func TestReadASN1OptionalOctetString(t *testing.T) {
79	for _, test := range optionalOctetStringTestData {
80		t.Run(test.name, func(t *testing.T) {
81			in := String(test.in)
82			var out []byte
83			var present bool
84			ok := in.ReadOptionalASN1OctetString(&out, &present, test.tag)
85			if ok != test.ok || present != test.present || !bytes.Equal(out, test.out.([]byte)) {
86				t.Errorf("in.ReadOptionalASN1OctetString() = %v, want %v; present = %v want %v; out = %v, want %v", ok, test.ok, present, test.present, out, test.out)
87			}
88		})
89	}
90}
91
92const defaultInt = -1
93
94var optionalIntTestData = []readASN1Test{
95	{"empty", []byte{}, 0xa0, true, defaultInt},
96	{"invalid", []byte{0xa1, 3, 0x2, 2, 127}, 0xa1, false, 0},
97	{"missing", []byte{0xa1, 3, 0x2, 1, 127}, 0xa0, true, defaultInt},
98	{"present", []byte{0xa1, 3, 0x2, 1, 42}, 0xa1, true, 42},
99}
100
101func TestReadASN1OptionalInteger(t *testing.T) {
102	for _, test := range optionalIntTestData {
103		t.Run(test.name, func(t *testing.T) {
104			in := String(test.in)
105			var out int
106			ok := in.ReadOptionalASN1Integer(&out, test.tag, defaultInt)
107			if ok != test.ok || ok && out != test.out.(int) {
108				t.Errorf("in.ReadOptionalASN1Integer() = %v, want %v; out = %v, want %v", ok, test.ok, out, test.out)
109			}
110		})
111	}
112}
113
114func TestReadASN1IntegerSigned(t *testing.T) {
115	testData64 := []struct {
116		in  []byte
117		out int64
118	}{
119		{[]byte{2, 3, 128, 0, 0}, -0x800000},
120		{[]byte{2, 2, 255, 0}, -256},
121		{[]byte{2, 2, 255, 127}, -129},
122		{[]byte{2, 1, 128}, -128},
123		{[]byte{2, 1, 255}, -1},
124		{[]byte{2, 1, 0}, 0},
125		{[]byte{2, 1, 1}, 1},
126		{[]byte{2, 1, 2}, 2},
127		{[]byte{2, 1, 127}, 127},
128		{[]byte{2, 2, 0, 128}, 128},
129		{[]byte{2, 2, 1, 0}, 256},
130		{[]byte{2, 4, 0, 128, 0, 0}, 0x800000},
131	}
132	for i, test := range testData64 {
133		in := String(test.in)
134		var out int64
135		ok := in.ReadASN1Integer(&out)
136		if !ok || out != test.out {
137			t.Errorf("#%d: in.ReadASN1Integer() = %v, want true; out = %d, want %d", i, ok, out, test.out)
138		}
139	}
140
141	// Repeat the same cases, reading into a big.Int.
142	t.Run("big.Int", func(t *testing.T) {
143		for i, test := range testData64 {
144			in := String(test.in)
145			var out big.Int
146			ok := in.ReadASN1Integer(&out)
147			if !ok || out.Int64() != test.out {
148				t.Errorf("#%d: in.ReadASN1Integer() = %v, want true; out = %d, want %d", i, ok, out.Int64(), test.out)
149			}
150		}
151	})
152
153	// Repeat with the implicit-tagging functions
154	t.Run("WithTag", func(t *testing.T) {
155		for i, test := range testData64 {
156			tag := asn1.Tag((i * 3) % 32).ContextSpecific()
157
158			testData := make([]byte, len(test.in))
159			copy(testData, test.in)
160
161			// Alter the tag of the test case.
162			testData[0] = uint8(tag)
163
164			in := String(testData)
165			var out int64
166			ok := in.ReadASN1Int64WithTag(&out, tag)
167			if !ok || out != test.out {
168				t.Errorf("#%d: in.ReadASN1Int64WithTag() = %v, want true; out = %d, want %d", i, ok, out, test.out)
169			}
170
171			var b Builder
172			b.AddASN1Int64WithTag(test.out, tag)
173			result, err := b.Bytes()
174
175			if err != nil {
176				t.Errorf("#%d: AddASN1Int64WithTag failed: %s", i, err)
177				continue
178			}
179
180			if !bytes.Equal(result, testData) {
181				t.Errorf("#%d: AddASN1Int64WithTag: got %x, want %x", i, result, testData)
182			}
183		}
184	})
185}
186
187func TestReadASN1IntegerUnsigned(t *testing.T) {
188	testData := []struct {
189		in  []byte
190		out uint64
191	}{
192		{[]byte{2, 1, 0}, 0},
193		{[]byte{2, 1, 1}, 1},
194		{[]byte{2, 1, 2}, 2},
195		{[]byte{2, 1, 127}, 127},
196		{[]byte{2, 2, 0, 128}, 128},
197		{[]byte{2, 2, 1, 0}, 256},
198		{[]byte{2, 4, 0, 128, 0, 0}, 0x800000},
199		{[]byte{2, 8, 127, 255, 255, 255, 255, 255, 255, 255}, 0x7fffffffffffffff},
200		{[]byte{2, 9, 0, 128, 0, 0, 0, 0, 0, 0, 0}, 0x8000000000000000},
201		{[]byte{2, 9, 0, 255, 255, 255, 255, 255, 255, 255, 255}, 0xffffffffffffffff},
202	}
203	for i, test := range testData {
204		in := String(test.in)
205		var out uint64
206		ok := in.ReadASN1Integer(&out)
207		if !ok || out != test.out {
208			t.Errorf("#%d: in.ReadASN1Integer() = %v, want true; out = %d, want %d", i, ok, out, test.out)
209		}
210	}
211}
212
213func TestReadASN1IntegerInvalid(t *testing.T) {
214	testData := []String{
215		[]byte{3, 1, 0}, // invalid tag
216		// truncated
217		[]byte{2, 1},
218		[]byte{2, 2, 0},
219		// not minimally encoded
220		[]byte{2, 2, 0, 1},
221		[]byte{2, 2, 0xff, 0xff},
222	}
223
224	for i, test := range testData {
225		var out int64
226		if test.ReadASN1Integer(&out) {
227			t.Errorf("#%d: in.ReadASN1Integer() = true, want false (out = %d)", i, out)
228		}
229	}
230}
231
232func TestASN1ObjectIdentifier(t *testing.T) {
233	testData := []struct {
234		in  []byte
235		ok  bool
236		out []int
237	}{
238		{[]byte{}, false, []int{}},
239		{[]byte{6, 0}, false, []int{}},
240		{[]byte{5, 1, 85}, false, []int{2, 5}},
241		{[]byte{6, 1, 85}, true, []int{2, 5}},
242		{[]byte{6, 2, 85, 0x02}, true, []int{2, 5, 2}},
243		{[]byte{6, 4, 85, 0x02, 0xc0, 0x00}, true, []int{2, 5, 2, 0x2000}},
244		{[]byte{6, 3, 0x81, 0x34, 0x03}, true, []int{2, 100, 3}},
245		{[]byte{6, 7, 85, 0x02, 0xc0, 0x80, 0x80, 0x80, 0x80}, false, []int{}},
246	}
247
248	for i, test := range testData {
249		in := String(test.in)
250		var out encoding_asn1.ObjectIdentifier
251		ok := in.ReadASN1ObjectIdentifier(&out)
252		if ok != test.ok || ok && !out.Equal(test.out) {
253			t.Errorf("#%d: in.ReadASN1ObjectIdentifier() = %v, want %v; out = %v, want %v", i, ok, test.ok, out, test.out)
254			continue
255		}
256
257		var b Builder
258		b.AddASN1ObjectIdentifier(out)
259		result, err := b.Bytes()
260		if builderOk := err == nil; test.ok != builderOk {
261			t.Errorf("#%d: error from Builder.Bytes: %s", i, err)
262			continue
263		}
264		if test.ok && !bytes.Equal(result, test.in) {
265			t.Errorf("#%d: reserialisation didn't match, got %x, want %x", i, result, test.in)
266			continue
267		}
268	}
269}
270
271func TestReadASN1GeneralizedTime(t *testing.T) {
272	testData := []struct {
273		in  string
274		ok  bool
275		out time.Time
276	}{
277		{"20100102030405Z", true, time.Date(2010, 01, 02, 03, 04, 05, 0, time.UTC)},
278		{"20100102030405", false, time.Time{}},
279		{"20100102030405+0607", true, time.Date(2010, 01, 02, 03, 04, 05, 0, time.FixedZone("", 6*60*60+7*60))},
280		{"20100102030405-0607", true, time.Date(2010, 01, 02, 03, 04, 05, 0, time.FixedZone("", -6*60*60-7*60))},
281		/* These are invalid times. However, the time package normalises times
282		 * and they were accepted in some versions. See #11134. */
283		{"00000100000000Z", false, time.Time{}},
284		{"20101302030405Z", false, time.Time{}},
285		{"20100002030405Z", false, time.Time{}},
286		{"20100100030405Z", false, time.Time{}},
287		{"20100132030405Z", false, time.Time{}},
288		{"20100231030405Z", false, time.Time{}},
289		{"20100102240405Z", false, time.Time{}},
290		{"20100102036005Z", false, time.Time{}},
291		{"20100102030460Z", false, time.Time{}},
292		{"-20100102030410Z", false, time.Time{}},
293		{"2010-0102030410Z", false, time.Time{}},
294		{"2010-0002030410Z", false, time.Time{}},
295		{"201001-02030410Z", false, time.Time{}},
296		{"20100102-030410Z", false, time.Time{}},
297		{"2010010203-0410Z", false, time.Time{}},
298		{"201001020304-10Z", false, time.Time{}},
299	}
300	for i, test := range testData {
301		in := String(append([]byte{byte(asn1.GeneralizedTime), byte(len(test.in))}, test.in...))
302		var out time.Time
303		ok := in.ReadASN1GeneralizedTime(&out)
304		if ok != test.ok || ok && !reflect.DeepEqual(out, test.out) {
305			t.Errorf("#%d: in.ReadASN1GeneralizedTime() = %v, want %v; out = %q, want %q", i, ok, test.ok, out, test.out)
306		}
307	}
308}
309
310func TestReadASN1BitString(t *testing.T) {
311	testData := []struct {
312		in  []byte
313		ok  bool
314		out encoding_asn1.BitString
315	}{
316		{[]byte{}, false, encoding_asn1.BitString{}},
317		{[]byte{0x00}, true, encoding_asn1.BitString{}},
318		{[]byte{0x07, 0x00}, true, encoding_asn1.BitString{Bytes: []byte{0}, BitLength: 1}},
319		{[]byte{0x07, 0x01}, false, encoding_asn1.BitString{}},
320		{[]byte{0x07, 0x40}, false, encoding_asn1.BitString{}},
321		{[]byte{0x08, 0x00}, false, encoding_asn1.BitString{}},
322		{[]byte{0xff}, false, encoding_asn1.BitString{}},
323		{[]byte{0xfe, 0x00}, false, encoding_asn1.BitString{}},
324	}
325	for i, test := range testData {
326		in := String(append([]byte{3, byte(len(test.in))}, test.in...))
327		var out encoding_asn1.BitString
328		ok := in.ReadASN1BitString(&out)
329		if ok != test.ok || ok && (!bytes.Equal(out.Bytes, test.out.Bytes) || out.BitLength != test.out.BitLength) {
330			t.Errorf("#%d: in.ReadASN1BitString() = %v, want %v; out = %v, want %v", i, ok, test.ok, out, test.out)
331		}
332	}
333}
334