| /* Copyright (c) 2016, Google Inc. |
| * |
| * Permission to use, copy, modify, and/or distribute this software for any |
| * purpose with or without fee is hereby granted, provided that the above |
| * copyright notice and this permission notice appear in all copies. |
| * |
| * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
| * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
| * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
| * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ |
| |
| #include <limits.h> |
| #include <stdio.h> |
| |
| #include <string> |
| #include <vector> |
| |
| #include <gtest/gtest.h> |
| |
| #include <openssl/asn1.h> |
| #include <openssl/asn1t.h> |
| #include <openssl/bytestring.h> |
| #include <openssl/err.h> |
| #include <openssl/mem.h> |
| #include <openssl/obj.h> |
| #include <openssl/span.h> |
| #include <openssl/x509v3.h> |
| |
| #include "../test/test_util.h" |
| #include "internal.h" |
| |
| #if defined(OPENSSL_THREADS) |
| #include <thread> |
| #endif |
| |
| |
| // kTag128 is an ASN.1 structure with a universal tag with number 128. |
| static const uint8_t kTag128[] = { |
| 0x1f, 0x81, 0x00, 0x01, 0x00, |
| }; |
| |
| // kTag258 is an ASN.1 structure with a universal tag with number 258. |
| static const uint8_t kTag258[] = { |
| 0x1f, 0x82, 0x02, 0x01, 0x00, |
| }; |
| |
| static_assert(V_ASN1_NEG_INTEGER == 258, |
| "V_ASN1_NEG_INTEGER changed. Update kTag258 to collide with it."); |
| |
| // kTagOverflow is an ASN.1 structure with a universal tag with number 2^35-1, |
| // which will not fit in an int. |
| static const uint8_t kTagOverflow[] = { |
| 0x1f, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x01, 0x00, |
| }; |
| |
| TEST(ASN1Test, LargeTags) { |
| const uint8_t *p = kTag258; |
| bssl::UniquePtr<ASN1_TYPE> obj(d2i_ASN1_TYPE(NULL, &p, sizeof(kTag258))); |
| EXPECT_FALSE(obj) << "Parsed value with illegal tag" << obj->type; |
| ERR_clear_error(); |
| |
| p = kTagOverflow; |
| obj.reset(d2i_ASN1_TYPE(NULL, &p, sizeof(kTagOverflow))); |
| EXPECT_FALSE(obj) << "Parsed value with tag overflow" << obj->type; |
| ERR_clear_error(); |
| |
| p = kTag128; |
| obj.reset(d2i_ASN1_TYPE(NULL, &p, sizeof(kTag128))); |
| ASSERT_TRUE(obj); |
| EXPECT_EQ(128, obj->type); |
| const uint8_t kZero = 0; |
| EXPECT_EQ(Bytes(&kZero, 1), Bytes(obj->value.asn1_string->data, |
| obj->value.asn1_string->length)); |
| } |
| |
| TEST(ASN1Test, IntegerSetting) { |
| bssl::UniquePtr<ASN1_INTEGER> by_bn(ASN1_INTEGER_new()); |
| bssl::UniquePtr<ASN1_INTEGER> by_long(ASN1_INTEGER_new()); |
| bssl::UniquePtr<ASN1_INTEGER> by_uint64(ASN1_INTEGER_new()); |
| bssl::UniquePtr<BIGNUM> bn(BN_new()); |
| |
| const std::vector<int64_t> kValues = { |
| LONG_MIN, -2, -1, 0, 1, 2, 0xff, 0x100, 0xffff, 0x10000, LONG_MAX, |
| }; |
| for (const auto &i : kValues) { |
| SCOPED_TRACE(i); |
| |
| ASSERT_EQ(1, ASN1_INTEGER_set(by_long.get(), i)); |
| const uint64_t abs = i < 0 ? (0 - (uint64_t) i) : i; |
| ASSERT_TRUE(BN_set_u64(bn.get(), abs)); |
| BN_set_negative(bn.get(), i < 0); |
| ASSERT_TRUE(BN_to_ASN1_INTEGER(bn.get(), by_bn.get())); |
| |
| EXPECT_EQ(0, ASN1_INTEGER_cmp(by_bn.get(), by_long.get())); |
| |
| if (i >= 0) { |
| ASSERT_EQ(1, ASN1_INTEGER_set_uint64(by_uint64.get(), i)); |
| EXPECT_EQ(0, ASN1_INTEGER_cmp(by_bn.get(), by_uint64.get())); |
| } |
| } |
| } |
| |
| // |obj| and |i2d_func| require different template parameters because C++ may |
| // deduce, say, |ASN1_STRING*| via |obj| and |const ASN1_STRING*| via |
| // |i2d_func|. Template argument deduction then fails. The language is not able |
| // to resolve this by observing that |const ASN1_STRING*| works for both. |
| template <typename T, typename U> |
| void TestSerialize(T obj, int (*i2d_func)(U a, uint8_t **pp), |
| bssl::Span<const uint8_t> expected) { |
| static_assert(std::is_convertible<T, U>::value, |
| "incompatible parameter to i2d_func"); |
| // Test the allocating version first. It is easiest to debug. |
| uint8_t *ptr = nullptr; |
| int len = i2d_func(obj, &ptr); |
| ASSERT_GT(len, 0); |
| EXPECT_EQ(Bytes(expected), Bytes(ptr, len)); |
| OPENSSL_free(ptr); |
| |
| len = i2d_func(obj, nullptr); |
| ASSERT_GT(len, 0); |
| EXPECT_EQ(len, static_cast<int>(expected.size())); |
| |
| std::vector<uint8_t> buf(len); |
| ptr = buf.data(); |
| len = i2d_func(obj, &ptr); |
| ASSERT_EQ(len, static_cast<int>(expected.size())); |
| EXPECT_EQ(ptr, buf.data() + buf.size()); |
| EXPECT_EQ(Bytes(expected), Bytes(buf)); |
| } |
| |
| TEST(ASN1Test, SerializeObject) { |
| static const uint8_t kDER[] = {0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, |
| 0xf7, 0x0d, 0x01, 0x01, 0x01}; |
| const ASN1_OBJECT *obj = OBJ_nid2obj(NID_rsaEncryption); |
| TestSerialize(obj, i2d_ASN1_OBJECT, kDER); |
| } |
| |
| TEST(ASN1Test, Boolean) { |
| static const uint8_t kTrue[] = {0x01, 0x01, 0xff}; |
| TestSerialize(0xff, i2d_ASN1_BOOLEAN, kTrue); |
| // Other constants are also correctly encoded as TRUE. |
| TestSerialize(1, i2d_ASN1_BOOLEAN, kTrue); |
| TestSerialize(0x100, i2d_ASN1_BOOLEAN, kTrue); |
| |
| const uint8_t *ptr = kTrue; |
| EXPECT_EQ(0xff, d2i_ASN1_BOOLEAN(nullptr, &ptr, sizeof(kTrue))); |
| EXPECT_EQ(ptr, kTrue + sizeof(kTrue)); |
| |
| static const uint8_t kFalse[] = {0x01, 0x01, 0x00}; |
| TestSerialize(0x00, i2d_ASN1_BOOLEAN, kFalse); |
| |
| ptr = kFalse; |
| EXPECT_EQ(0, d2i_ASN1_BOOLEAN(nullptr, &ptr, sizeof(kFalse))); |
| EXPECT_EQ(ptr, kFalse + sizeof(kFalse)); |
| |
| const std::vector<uint8_t> kInvalidBooleans[] = { |
| // No tag header. |
| {}, |
| // No length. |
| {0x01}, |
| // Truncated contents. |
| {0x01, 0x01}, |
| // Contents too short or too long. |
| {0x01, 0x00}, |
| {0x01, 0x02, 0x00, 0x00}, |
| // Wrong tag number. |
| {0x02, 0x01, 0x00}, |
| // Wrong tag class. |
| {0x81, 0x01, 0x00}, |
| // Element is constructed. |
| {0x21, 0x01, 0x00}, |
| // TODO(https://crbug.com/boringssl/354): Reject non-DER encodings of TRUE |
| // and test this. |
| }; |
| for (const auto &invalid : kInvalidBooleans) { |
| SCOPED_TRACE(Bytes(invalid)); |
| ptr = invalid.data(); |
| EXPECT_EQ(-1, d2i_ASN1_BOOLEAN(nullptr, &ptr, invalid.size())); |
| ERR_clear_error(); |
| } |
| } |
| |
| // The templates go through a different codepath, so test them separately. |
| TEST(ASN1Test, SerializeEmbeddedBoolean) { |
| bssl::UniquePtr<BASIC_CONSTRAINTS> val(BASIC_CONSTRAINTS_new()); |
| ASSERT_TRUE(val); |
| |
| // BasicConstraints defaults to FALSE, so the encoding should be empty. |
| static const uint8_t kLeaf[] = {0x30, 0x00}; |
| val->ca = 0; |
| TestSerialize(val.get(), i2d_BASIC_CONSTRAINTS, kLeaf); |
| |
| // TRUE should always be encoded as 0xff, independent of what value the caller |
| // placed in the |ASN1_BOOLEAN|. |
| static const uint8_t kCA[] = {0x30, 0x03, 0x01, 0x01, 0xff}; |
| val->ca = 0xff; |
| TestSerialize(val.get(), i2d_BASIC_CONSTRAINTS, kCA); |
| val->ca = 1; |
| TestSerialize(val.get(), i2d_BASIC_CONSTRAINTS, kCA); |
| val->ca = 0x100; |
| TestSerialize(val.get(), i2d_BASIC_CONSTRAINTS, kCA); |
| } |
| |
| TEST(ASN1Test, ASN1Type) { |
| const struct { |
| int type; |
| std::vector<uint8_t> der; |
| } kTests[] = { |
| // BOOLEAN { TRUE } |
| {V_ASN1_BOOLEAN, {0x01, 0x01, 0xff}}, |
| // BOOLEAN { FALSE } |
| {V_ASN1_BOOLEAN, {0x01, 0x01, 0x00}}, |
| // OCTET_STRING { "a" } |
| {V_ASN1_OCTET_STRING, {0x04, 0x01, 0x61}}, |
| // OCTET_STRING { } |
| {V_ASN1_OCTET_STRING, {0x04, 0x00}}, |
| // BIT_STRING { `01` `00` } |
| {V_ASN1_BIT_STRING, {0x03, 0x02, 0x01, 0x00}}, |
| // INTEGER { -1 } |
| {V_ASN1_INTEGER, {0x02, 0x01, 0xff}}, |
| // OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2 } |
| {V_ASN1_OBJECT, |
| {0x06, 0x0c, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, |
| 0x09, 0x02}}, |
| // NULL {} |
| {V_ASN1_NULL, {0x05, 0x00}}, |
| // SEQUENCE {} |
| {V_ASN1_SEQUENCE, {0x30, 0x00}}, |
| // SET {} |
| {V_ASN1_SET, {0x31, 0x00}}, |
| // [0] { UTF8String { "a" } } |
| {V_ASN1_OTHER, {0xa0, 0x03, 0x0c, 0x01, 0x61}}, |
| }; |
| for (const auto &t : kTests) { |
| SCOPED_TRACE(Bytes(t.der)); |
| |
| // The input should successfully parse. |
| const uint8_t *ptr = t.der.data(); |
| bssl::UniquePtr<ASN1_TYPE> val(d2i_ASN1_TYPE(nullptr, &ptr, t.der.size())); |
| ASSERT_TRUE(val); |
| |
| EXPECT_EQ(ASN1_TYPE_get(val.get()), t.type); |
| EXPECT_EQ(val->type, t.type); |
| TestSerialize(val.get(), i2d_ASN1_TYPE, t.der); |
| } |
| } |
| |
| // Test that reading |value.ptr| from a FALSE |ASN1_TYPE| behaves correctly. The |
| // type historically supported this, so maintain the invariant in case external |
| // code relies on it. |
| TEST(ASN1Test, UnusedBooleanBits) { |
| // OCTET_STRING { "a" } |
| static const uint8_t kDER[] = {0x04, 0x01, 0x61}; |
| const uint8_t *ptr = kDER; |
| bssl::UniquePtr<ASN1_TYPE> val(d2i_ASN1_TYPE(nullptr, &ptr, sizeof(kDER))); |
| ASSERT_TRUE(val); |
| EXPECT_EQ(V_ASN1_OCTET_STRING, val->type); |
| EXPECT_TRUE(val->value.ptr); |
| |
| // Set |val| to a BOOLEAN containing FALSE. |
| ASN1_TYPE_set(val.get(), V_ASN1_BOOLEAN, NULL); |
| EXPECT_EQ(V_ASN1_BOOLEAN, val->type); |
| EXPECT_FALSE(val->value.ptr); |
| } |
| |
| TEST(ASN1Test, ParseASN1Object) { |
| // 1.2.840.113554.4.1.72585.2, an arbitrary unknown OID. |
| static const uint8_t kOID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, |
| 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02}; |
| ASN1_OBJECT *obj = ASN1_OBJECT_create(NID_undef, kOID, sizeof(kOID), |
| "short name", "long name"); |
| ASSERT_TRUE(obj); |
| |
| // OBJECT_IDENTIFIER { 1.3.101.112 } |
| static const uint8_t kDER[] = {0x06, 0x03, 0x2b, 0x65, 0x70}; |
| const uint8_t *ptr = kDER; |
| // Parse an |ASN1_OBJECT| with object reuse. |
| EXPECT_TRUE(d2i_ASN1_OBJECT(&obj, &ptr, sizeof(kDER))); |
| EXPECT_EQ(NID_ED25519, OBJ_obj2nid(obj)); |
| ASN1_OBJECT_free(obj); |
| |
| // Repeat the test, this time overriding a static |ASN1_OBJECT|. It should |
| // detect this and construct a new one. |
| obj = OBJ_nid2obj(NID_rsaEncryption); |
| ptr = kDER; |
| EXPECT_TRUE(d2i_ASN1_OBJECT(&obj, &ptr, sizeof(kDER))); |
| EXPECT_EQ(NID_ED25519, OBJ_obj2nid(obj)); |
| ASN1_OBJECT_free(obj); |
| |
| const std::vector<uint8_t> kInvalidObjects[] = { |
| // No tag header. |
| {}, |
| // No length. |
| {0x06}, |
| // Truncated contents. |
| {0x06, 0x01}, |
| // An OID may not be empty. |
| {0x06, 0x00}, |
| // The last byte may not be a continuation byte (high bit set). |
| {0x06, 0x03, 0x2b, 0x65, 0xf0}, |
| // Each component must be minimally-encoded. |
| {0x06, 0x03, 0x2b, 0x65, 0x80, 0x70}, |
| {0x06, 0x03, 0x80, 0x2b, 0x65, 0x70}, |
| // Wrong tag number. |
| {0x01, 0x03, 0x2b, 0x65, 0x70}, |
| // Wrong tag class. |
| {0x86, 0x03, 0x2b, 0x65, 0x70}, |
| // Element is constructed. |
| {0x26, 0x03, 0x2b, 0x65, 0x70}, |
| }; |
| for (const auto &invalid : kInvalidObjects) { |
| SCOPED_TRACE(Bytes(invalid)); |
| ptr = invalid.data(); |
| obj = d2i_ASN1_OBJECT(nullptr, &ptr, invalid.size()); |
| EXPECT_FALSE(obj); |
| ASN1_OBJECT_free(obj); |
| ERR_clear_error(); |
| } |
| } |
| |
| TEST(ASN1Test, BitString) { |
| const size_t kNotWholeBytes = static_cast<size_t>(-1); |
| const struct { |
| std::vector<uint8_t> in; |
| size_t num_bytes; |
| } kValidInputs[] = { |
| // Empty bit string |
| {{0x03, 0x01, 0x00}, 0}, |
| // 0b1 |
| {{0x03, 0x02, 0x07, 0x80}, kNotWholeBytes}, |
| // 0b1010 |
| {{0x03, 0x02, 0x04, 0xa0}, kNotWholeBytes}, |
| // 0b1010101 |
| {{0x03, 0x02, 0x01, 0xaa}, kNotWholeBytes}, |
| // 0b10101010 |
| {{0x03, 0x02, 0x00, 0xaa}, 1}, |
| // Bits 0 and 63 are set |
| {{0x03, 0x09, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, 8}, |
| // 64 zero bits |
| {{0x03, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 8}, |
| }; |
| for (const auto &test : kValidInputs) { |
| SCOPED_TRACE(Bytes(test.in)); |
| // The input should parse and round-trip correctly. |
| const uint8_t *ptr = test.in.data(); |
| bssl::UniquePtr<ASN1_BIT_STRING> val( |
| d2i_ASN1_BIT_STRING(nullptr, &ptr, test.in.size())); |
| ASSERT_TRUE(val); |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, test.in); |
| |
| // Check the byte count. |
| size_t num_bytes; |
| if (test.num_bytes == kNotWholeBytes) { |
| EXPECT_FALSE(ASN1_BIT_STRING_num_bytes(val.get(), &num_bytes)); |
| } else { |
| ASSERT_TRUE(ASN1_BIT_STRING_num_bytes(val.get(), &num_bytes)); |
| EXPECT_EQ(num_bytes, test.num_bytes); |
| } |
| } |
| |
| const std::vector<uint8_t> kInvalidInputs[] = { |
| // Wrong tag |
| {0x04, 0x01, 0x00}, |
| // Missing leading byte |
| {0x03, 0x00}, |
| // Leading byte too high |
| {0x03, 0x02, 0x08, 0x00}, |
| {0x03, 0x02, 0xff, 0x00}, |
| // Empty bit strings must have a zero leading byte. |
| {0x03, 0x01, 0x01}, |
| // Unused bits must all be zero. |
| {0x03, 0x02, 0x06, 0xc1 /* 0b11000001 */}, |
| }; |
| for (const auto &test : kInvalidInputs) { |
| SCOPED_TRACE(Bytes(test)); |
| const uint8_t *ptr = test.data(); |
| bssl::UniquePtr<ASN1_BIT_STRING> val( |
| d2i_ASN1_BIT_STRING(nullptr, &ptr, test.size())); |
| EXPECT_FALSE(val); |
| } |
| } |
| |
| TEST(ASN1Test, SetBit) { |
| bssl::UniquePtr<ASN1_BIT_STRING> val(ASN1_BIT_STRING_new()); |
| ASSERT_TRUE(val); |
| static const uint8_t kBitStringEmpty[] = {0x03, 0x01, 0x00}; |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitStringEmpty); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 0)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 100)); |
| |
| // Set a few bits via |ASN1_BIT_STRING_set_bit|. |
| ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 0, 1)); |
| ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 1, 1)); |
| ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 2, 0)); |
| ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 3, 1)); |
| static const uint8_t kBitString1101[] = {0x03, 0x02, 0x04, 0xd0}; |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1101); |
| EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0)); |
| EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 1)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 2)); |
| EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 3)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 4)); |
| |
| // Bits that were set may be cleared. |
| ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 1, 0)); |
| static const uint8_t kBitString1001[] = {0x03, 0x02, 0x04, 0x90}; |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1001); |
| EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 1)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 2)); |
| EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 3)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 4)); |
| |
| // Clearing trailing bits truncates the string. |
| ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 3, 0)); |
| static const uint8_t kBitString1[] = {0x03, 0x02, 0x07, 0x80}; |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1); |
| EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 1)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 2)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 3)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 4)); |
| |
| // Bits may be set beyond the end of the string. |
| ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 63, 1)); |
| static const uint8_t kBitStringLong[] = {0x03, 0x09, 0x00, 0x80, 0x00, 0x00, |
| 0x00, 0x00, 0x00, 0x00, 0x01}; |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitStringLong); |
| EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 62)); |
| EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 63)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 64)); |
| |
| // The string can be truncated back down again. |
| ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 63, 0)); |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1); |
| EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 62)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 63)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 64)); |
| |
| // |ASN1_BIT_STRING_set_bit| also truncates when starting from a parsed |
| // string. |
| const uint8_t *ptr = kBitStringLong; |
| val.reset(d2i_ASN1_BIT_STRING(nullptr, &ptr, sizeof(kBitStringLong))); |
| ASSERT_TRUE(val); |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitStringLong); |
| ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 63, 0)); |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1); |
| EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 62)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 63)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 64)); |
| |
| // A parsed bit string preserves trailing zero bits. |
| static const uint8_t kBitString10010[] = {0x03, 0x02, 0x03, 0x90}; |
| ptr = kBitString10010; |
| val.reset(d2i_ASN1_BIT_STRING(nullptr, &ptr, sizeof(kBitString10010))); |
| ASSERT_TRUE(val); |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString10010); |
| // But |ASN1_BIT_STRING_set_bit| will truncate it even if otherwise a no-op. |
| ASSERT_TRUE(ASN1_BIT_STRING_set_bit(val.get(), 0, 1)); |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitString1001); |
| EXPECT_EQ(1, ASN1_BIT_STRING_get_bit(val.get(), 0)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 62)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 63)); |
| EXPECT_EQ(0, ASN1_BIT_STRING_get_bit(val.get(), 64)); |
| |
| // By default, a BIT STRING implicitly truncates trailing zeros. |
| val.reset(ASN1_BIT_STRING_new()); |
| ASSERT_TRUE(val); |
| static const uint8_t kZeros[64] = {0}; |
| ASSERT_TRUE(ASN1_STRING_set(val.get(), kZeros, sizeof(kZeros))); |
| TestSerialize(val.get(), i2d_ASN1_BIT_STRING, kBitStringEmpty); |
| } |
| |
| TEST(ASN1Test, StringToUTF8) { |
| static const struct { |
| std::vector<uint8_t> in; |
| int type; |
| const char *expected; |
| } kTests[] = { |
| // Non-minimal, two-byte UTF-8. |
| {{0xc0, 0x81}, V_ASN1_UTF8STRING, nullptr}, |
| // Non-minimal, three-byte UTF-8. |
| {{0xe0, 0x80, 0x81}, V_ASN1_UTF8STRING, nullptr}, |
| // Non-minimal, four-byte UTF-8. |
| {{0xf0, 0x80, 0x80, 0x81}, V_ASN1_UTF8STRING, nullptr}, |
| // Truncated, four-byte UTF-8. |
| {{0xf0, 0x80, 0x80}, V_ASN1_UTF8STRING, nullptr}, |
| // Low-surrogate value. |
| {{0xed, 0xa0, 0x80}, V_ASN1_UTF8STRING, nullptr}, |
| // High-surrogate value. |
| {{0xed, 0xb0, 0x81}, V_ASN1_UTF8STRING, nullptr}, |
| // Initial BOMs should be rejected from UCS-2 and UCS-4. |
| {{0xfe, 0xff, 0, 88}, V_ASN1_BMPSTRING, nullptr}, |
| {{0, 0, 0xfe, 0xff, 0, 0, 0, 88}, V_ASN1_UNIVERSALSTRING, nullptr}, |
| // Otherwise, BOMs should pass through. |
| {{0, 88, 0xfe, 0xff}, V_ASN1_BMPSTRING, "X\xef\xbb\xbf"}, |
| {{0, 0, 0, 88, 0, 0, 0xfe, 0xff}, V_ASN1_UNIVERSALSTRING, |
| "X\xef\xbb\xbf"}, |
| // The maximum code-point should pass though. |
| {{0, 16, 0xff, 0xfd}, V_ASN1_UNIVERSALSTRING, "\xf4\x8f\xbf\xbd"}, |
| // Values outside the Unicode space should not. |
| {{0, 17, 0, 0}, V_ASN1_UNIVERSALSTRING, nullptr}, |
| // Non-characters should be rejected. |
| {{0, 1, 0xff, 0xff}, V_ASN1_UNIVERSALSTRING, nullptr}, |
| {{0, 1, 0xff, 0xfe}, V_ASN1_UNIVERSALSTRING, nullptr}, |
| {{0, 0, 0xfd, 0xd5}, V_ASN1_UNIVERSALSTRING, nullptr}, |
| // BMPString is UCS-2, not UTF-16, so surrogate pairs are invalid. |
| {{0xd8, 0, 0xdc, 1}, V_ASN1_BMPSTRING, nullptr}, |
| }; |
| |
| for (const auto &test : kTests) { |
| SCOPED_TRACE(Bytes(test.in)); |
| SCOPED_TRACE(test.type); |
| bssl::UniquePtr<ASN1_STRING> s(ASN1_STRING_type_new(test.type)); |
| ASSERT_TRUE(s); |
| ASSERT_TRUE(ASN1_STRING_set(s.get(), test.in.data(), test.in.size())); |
| |
| uint8_t *utf8; |
| const int utf8_len = ASN1_STRING_to_UTF8(&utf8, s.get()); |
| EXPECT_EQ(utf8_len < 0, test.expected == nullptr); |
| if (utf8_len >= 0) { |
| if (test.expected != nullptr) { |
| EXPECT_EQ(Bytes(test.expected), Bytes(utf8, utf8_len)); |
| } |
| OPENSSL_free(utf8); |
| } else { |
| ERR_clear_error(); |
| } |
| } |
| } |
| |
| static std::string ASN1StringToStdString(const ASN1_STRING *str) { |
| return std::string(ASN1_STRING_get0_data(str), |
| ASN1_STRING_get0_data(str) + ASN1_STRING_length(str)); |
| } |
| |
| TEST(ASN1Test, SetTime) { |
| static const struct { |
| time_t time; |
| const char *generalized; |
| const char *utc; |
| } kTests[] = { |
| {-631152001, "19491231235959Z", nullptr}, |
| {-631152000, "19500101000000Z", "500101000000Z"}, |
| {0, "19700101000000Z", "700101000000Z"}, |
| {981173106, "20010203040506Z", "010203040506Z"}, |
| #if defined(OPENSSL_64_BIT) |
| // TODO(https://crbug.com/boringssl/416): These cases overflow 32-bit |
| // |time_t| and do not consistently work on 32-bit platforms. For now, |
| // disable the tests on 32-bit. Re-enable them once the bug is fixed. |
| {2524607999, "20491231235959Z", "491231235959Z"}, |
| {2524608000, "20500101000000Z", nullptr}, |
| // Test boundary conditions. |
| {-62167219200, "00000101000000Z", nullptr}, |
| {-62167219201, nullptr, nullptr}, |
| {253402300799, "99991231235959Z", nullptr}, |
| {253402300800, nullptr, nullptr}, |
| #endif |
| }; |
| for (const auto &t : kTests) { |
| SCOPED_TRACE(t.time); |
| #if defined(OPENSSL_WINDOWS) |
| // Windows |time_t| functions can only handle 1970 through 3000. See |
| // https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/gmtime-s-gmtime32-s-gmtime64-s?view=msvc-160 |
| if (t.time < 0 || int64_t{t.time} > 32535215999) { |
| continue; |
| } |
| #endif |
| |
| bssl::UniquePtr<ASN1_UTCTIME> utc(ASN1_UTCTIME_set(nullptr, t.time)); |
| if (t.utc) { |
| ASSERT_TRUE(utc); |
| EXPECT_EQ(V_ASN1_UTCTIME, ASN1_STRING_type(utc.get())); |
| EXPECT_EQ(t.utc, ASN1StringToStdString(utc.get())); |
| } else { |
| EXPECT_FALSE(utc); |
| } |
| |
| bssl::UniquePtr<ASN1_GENERALIZEDTIME> generalized( |
| ASN1_GENERALIZEDTIME_set(nullptr, t.time)); |
| if (t.generalized) { |
| ASSERT_TRUE(generalized); |
| EXPECT_EQ(V_ASN1_GENERALIZEDTIME, ASN1_STRING_type(generalized.get())); |
| EXPECT_EQ(t.generalized, ASN1StringToStdString(generalized.get())); |
| } else { |
| EXPECT_FALSE(generalized); |
| } |
| |
| bssl::UniquePtr<ASN1_TIME> choice(ASN1_TIME_set(nullptr, t.time)); |
| if (t.generalized) { |
| ASSERT_TRUE(choice); |
| if (t.utc) { |
| EXPECT_EQ(V_ASN1_UTCTIME, ASN1_STRING_type(choice.get())); |
| EXPECT_EQ(t.utc, ASN1StringToStdString(choice.get())); |
| } else { |
| EXPECT_EQ(V_ASN1_GENERALIZEDTIME, ASN1_STRING_type(choice.get())); |
| EXPECT_EQ(t.generalized, ASN1StringToStdString(choice.get())); |
| } |
| } else { |
| EXPECT_FALSE(choice); |
| } |
| } |
| } |
| |
| static std::vector<uint8_t> StringToVector(const std::string &str) { |
| return std::vector<uint8_t>(str.begin(), str.end()); |
| } |
| |
| TEST(ASN1Test, StringPrintEx) { |
| const struct { |
| int type; |
| std::vector<uint8_t> data; |
| int str_flags; |
| unsigned long flags; |
| std::string expected; |
| } kTests[] = { |
| // A string like "hello" is never escaped or quoted. |
| // |ASN1_STRFLGS_ESC_QUOTE| only introduces quotes when needed. Note |
| // OpenSSL interprets T61String as Latin-1. |
| {V_ASN1_T61STRING, StringToVector("hello"), 0, 0, "hello"}, |
| {V_ASN1_T61STRING, StringToVector("hello"), 0, |
| ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB, |
| "hello"}, |
| {V_ASN1_T61STRING, StringToVector("hello"), 0, |
| ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | |
| ASN1_STRFLGS_ESC_QUOTE, |
| "hello"}, |
| |
| // By default, 8-bit characters are printed without escaping. |
| {V_ASN1_T61STRING, |
| {0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'}, |
| 0, |
| 0, |
| std::string(1, '\0') + "\n\x80\xff,+\"\\<>;"}, |
| |
| // Flags control different escapes. Note that any escape flag will cause |
| // blackslashes to be escaped. |
| {V_ASN1_T61STRING, |
| {0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'}, |
| 0, |
| ASN1_STRFLGS_ESC_2253, |
| std::string(1, '\0') + "\n\x80\xff\\,\\+\\\"\\\\\\<\\>\\;"}, |
| {V_ASN1_T61STRING, |
| {0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'}, |
| 0, |
| ASN1_STRFLGS_ESC_CTRL, |
| "\\00\\0A\x80\xff,+\"\\\\<>;"}, |
| {V_ASN1_T61STRING, |
| {0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'}, |
| 0, |
| ASN1_STRFLGS_ESC_MSB, |
| std::string(1, '\0') + "\n\\80\\FF,+\"\\\\<>;"}, |
| {V_ASN1_T61STRING, |
| {0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'}, |
| 0, |
| ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB, |
| "\\00\\0A\\80\\FF\\,\\+\\\"\\\\\\<\\>\\;"}, |
| |
| // When quoted, fewer characters need to be escaped in RFC 2253. |
| {V_ASN1_T61STRING, |
| {0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'}, |
| 0, |
| ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | |
| ASN1_STRFLGS_ESC_QUOTE, |
| "\"\\00\\0A\\80\\FF,+\\\"\\\\<>;\""}, |
| |
| // If no characters benefit from quotes, no quotes are added. |
| {V_ASN1_T61STRING, |
| {0, '\n', 0x80, 0xff, '"', '\\'}, |
| 0, |
| ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | |
| ASN1_STRFLGS_ESC_QUOTE, |
| "\\00\\0A\\80\\FF\\\"\\\\"}, |
| |
| // RFC 2253 only escapes spaces at the start and end of a string. |
| {V_ASN1_T61STRING, StringToVector(" "), 0, ASN1_STRFLGS_ESC_2253, |
| "\\ \\ "}, |
| {V_ASN1_T61STRING, StringToVector(" "), 0, |
| ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_QUOTE, "\" \""}, |
| |
| // RFC 2253 only escapes # at the start of a string. |
| {V_ASN1_T61STRING, StringToVector("###"), 0, ASN1_STRFLGS_ESC_2253, |
| "\\###"}, |
| {V_ASN1_T61STRING, StringToVector("###"), 0, |
| ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_QUOTE, "\"###\""}, |
| |
| // By default, strings are decoded and Unicode code points are |
| // individually escaped. |
| {V_ASN1_UTF8STRING, StringToVector("a\xc2\x80\xc4\x80\xf0\x90\x80\x80"), |
| 0, ASN1_STRFLGS_ESC_MSB, "a\\80\\U0100\\W00010000"}, |
| {V_ASN1_BMPSTRING, |
| {0x00, 'a', 0x00, 0x80, 0x01, 0x00}, |
| 0, |
| ASN1_STRFLGS_ESC_MSB, |
| "a\\80\\U0100"}, |
| {V_ASN1_UNIVERSALSTRING, |
| {0x00, 0x00, 0x00, 'a', // |
| 0x00, 0x00, 0x00, 0x80, // |
| 0x00, 0x00, 0x01, 0x00, // |
| 0x00, 0x01, 0x00, 0x00}, |
| 0, |
| ASN1_STRFLGS_ESC_MSB, |
| "a\\80\\U0100\\W00010000"}, |
| |
| // |ASN1_STRFLGS_UTF8_CONVERT| normalizes everything to UTF-8 and then |
| // escapes individual bytes. |
| {V_ASN1_IA5STRING, StringToVector("a\x80"), 0, |
| ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT, "a\\C2\\80"}, |
| {V_ASN1_T61STRING, StringToVector("a\x80"), 0, |
| ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT, "a\\C2\\80"}, |
| {V_ASN1_UTF8STRING, StringToVector("a\xc2\x80\xc4\x80\xf0\x90\x80\x80"), |
| 0, ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT, |
| "a\\C2\\80\\C4\\80\\F0\\90\\80\\80"}, |
| {V_ASN1_BMPSTRING, |
| {0x00, 'a', 0x00, 0x80, 0x01, 0x00}, |
| 0, |
| ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT, |
| "a\\C2\\80\\C4\\80"}, |
| {V_ASN1_UNIVERSALSTRING, |
| {0x00, 0x00, 0x00, 'a', // |
| 0x00, 0x00, 0x00, 0x80, // |
| 0x00, 0x00, 0x01, 0x00, // |
| 0x00, 0x01, 0x00, 0x00}, |
| 0, |
| ASN1_STRFLGS_ESC_MSB | ASN1_STRFLGS_UTF8_CONVERT, |
| "a\\C2\\80\\C4\\80\\F0\\90\\80\\80"}, |
| |
| // The same as above, but without escaping the UTF-8 encoding. |
| {V_ASN1_IA5STRING, StringToVector("a\x80"), 0, ASN1_STRFLGS_UTF8_CONVERT, |
| "a\xc2\x80"}, |
| {V_ASN1_T61STRING, StringToVector("a\x80"), 0, ASN1_STRFLGS_UTF8_CONVERT, |
| "a\xc2\x80"}, |
| {V_ASN1_UTF8STRING, StringToVector("a\xc2\x80\xc4\x80\xf0\x90\x80\x80"), |
| 0, ASN1_STRFLGS_UTF8_CONVERT, "a\xc2\x80\xc4\x80\xf0\x90\x80\x80"}, |
| {V_ASN1_BMPSTRING, |
| {0x00, 'a', 0x00, 0x80, 0x01, 0x00}, |
| 0, |
| ASN1_STRFLGS_UTF8_CONVERT, |
| "a\xc2\x80\xc4\x80"}, |
| {V_ASN1_UNIVERSALSTRING, |
| {0x00, 0x00, 0x00, 'a', // |
| 0x00, 0x00, 0x00, 0x80, // |
| 0x00, 0x00, 0x01, 0x00, // |
| 0x00, 0x01, 0x00, 0x00}, |
| 0, |
| ASN1_STRFLGS_UTF8_CONVERT, |
| "a\xc2\x80\xc4\x80\xf0\x90\x80\x80"}, |
| |
| // Types that cannot be decoded are, by default, treated as a byte string. |
| {V_ASN1_OCTET_STRING, {0xff}, 0, 0, "\xff"}, |
| {-1, {0xff}, 0, 0, "\xff"}, |
| {100, {0xff}, 0, 0, "\xff"}, |
| |
| // |ASN1_STRFLGS_UTF8_CONVERT| still converts these bytes to UTF-8. |
| // |
| // TODO(davidben): This seems like a bug. Although it's unclear because |
| // the non-RFC-2253 options aren't especially sound. Can we just remove |
| // them? |
| {V_ASN1_OCTET_STRING, {0xff}, 0, ASN1_STRFLGS_UTF8_CONVERT, "\xc3\xbf"}, |
| {-1, {0xff}, 0, ASN1_STRFLGS_UTF8_CONVERT, "\xc3\xbf"}, |
| {100, {0xff}, 0, ASN1_STRFLGS_UTF8_CONVERT, "\xc3\xbf"}, |
| |
| // |ASN1_STRFLGS_IGNORE_TYPE| causes the string type to be ignored, so it |
| // is always treated as a byte string, even if it is not a valid encoding. |
| {V_ASN1_UTF8STRING, {0xff}, 0, ASN1_STRFLGS_IGNORE_TYPE, "\xff"}, |
| {V_ASN1_BMPSTRING, {0xff}, 0, ASN1_STRFLGS_IGNORE_TYPE, "\xff"}, |
| {V_ASN1_UNIVERSALSTRING, {0xff}, 0, ASN1_STRFLGS_IGNORE_TYPE, "\xff"}, |
| |
| // |ASN1_STRFLGS_SHOW_TYPE| prepends the type name. |
| {V_ASN1_UTF8STRING, {'a'}, 0, ASN1_STRFLGS_SHOW_TYPE, "UTF8STRING:a"}, |
| {-1, {'a'}, 0, ASN1_STRFLGS_SHOW_TYPE, "(unknown):a"}, |
| {100, {'a'}, 0, ASN1_STRFLGS_SHOW_TYPE, "(unknown):a"}, |
| |
| // |ASN1_STRFLGS_DUMP_ALL| and |ASN1_STRFLGS_DUMP_UNKNOWN| cause |
| // non-string types to be printed in hex, though without the DER wrapper |
| // by default. |
| {V_ASN1_UTF8STRING, StringToVector("\xe2\x98\x83"), 0, |
| ASN1_STRFLGS_DUMP_UNKNOWN, "\\U2603"}, |
| {V_ASN1_UTF8STRING, StringToVector("\xe2\x98\x83"), 0, |
| ASN1_STRFLGS_DUMP_ALL, "#E29883"}, |
| {V_ASN1_OCTET_STRING, StringToVector("\xe2\x98\x83"), 0, |
| ASN1_STRFLGS_DUMP_UNKNOWN, "#E29883"}, |
| {V_ASN1_OCTET_STRING, StringToVector("\xe2\x98\x83"), 0, |
| ASN1_STRFLGS_DUMP_ALL, "#E29883"}, |
| |
| // |ASN1_STRFLGS_DUMP_DER| includes the entire element. |
| {V_ASN1_UTF8STRING, StringToVector("\xe2\x98\x83"), 0, |
| ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER, "#0C03E29883"}, |
| {V_ASN1_OCTET_STRING, StringToVector("\xe2\x98\x83"), 0, |
| ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER, "#0403E29883"}, |
| {V_ASN1_BIT_STRING, |
| {0x80}, |
| ASN1_STRING_FLAG_BITS_LEFT | 4, |
| ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER, |
| "#03020480"}, |
| // INTEGER { 1 } |
| {V_ASN1_INTEGER, |
| {0x01}, |
| 0, |
| ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER, |
| "#020101"}, |
| // INTEGER { -1 } |
| {V_ASN1_NEG_INTEGER, |
| {0x01}, |
| 0, |
| ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER, |
| "#0201FF"}, |
| // ENUMERATED { 1 } |
| {V_ASN1_ENUMERATED, |
| {0x01}, |
| 0, |
| ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER, |
| "#0A0101"}, |
| // ENUMERATED { -1 } |
| {V_ASN1_NEG_ENUMERATED, |
| {0x01}, |
| 0, |
| ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER, |
| "#0A01FF"}, |
| }; |
| for (const auto &t : kTests) { |
| SCOPED_TRACE(t.type); |
| SCOPED_TRACE(Bytes(t.data)); |
| SCOPED_TRACE(t.str_flags); |
| SCOPED_TRACE(t.flags); |
| |
| bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_type_new(t.type)); |
| ASSERT_TRUE(ASN1_STRING_set(str.get(), t.data.data(), t.data.size())); |
| str->flags = t.str_flags; |
| |
| // If the |BIO| is null, it should measure the size. |
| int len = ASN1_STRING_print_ex(nullptr, str.get(), t.flags); |
| EXPECT_EQ(len, static_cast<int>(t.expected.size())); |
| |
| // Measuring the size should also work for the |FILE| version |
| len = ASN1_STRING_print_ex_fp(nullptr, str.get(), t.flags); |
| EXPECT_EQ(len, static_cast<int>(t.expected.size())); |
| |
| // Actually print the string. |
| bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem())); |
| ASSERT_TRUE(bio); |
| len = ASN1_STRING_print_ex(bio.get(), str.get(), t.flags); |
| EXPECT_EQ(len, static_cast<int>(t.expected.size())); |
| |
| const uint8_t *bio_contents; |
| size_t bio_len; |
| ASSERT_TRUE(BIO_mem_contents(bio.get(), &bio_contents, &bio_len)); |
| EXPECT_EQ(t.expected, std::string(bio_contents, bio_contents + bio_len)); |
| } |
| |
| const struct { |
| int type; |
| std::vector<uint8_t> data; |
| int str_flags; |
| unsigned long flags; |
| } kUnprintableTests[] = { |
| // When decoding strings, invalid codepoints are errors. |
| {V_ASN1_UTF8STRING, {0xff}, 0, ASN1_STRFLGS_ESC_MSB}, |
| {V_ASN1_BMPSTRING, {0xff}, 0, ASN1_STRFLGS_ESC_MSB}, |
| {V_ASN1_BMPSTRING, {0xff}, 0, ASN1_STRFLGS_ESC_MSB}, |
| {V_ASN1_UNIVERSALSTRING, {0xff}, 0, ASN1_STRFLGS_ESC_MSB}, |
| }; |
| for (const auto &t : kUnprintableTests) { |
| SCOPED_TRACE(t.type); |
| SCOPED_TRACE(Bytes(t.data)); |
| SCOPED_TRACE(t.str_flags); |
| SCOPED_TRACE(t.flags); |
| |
| bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_type_new(t.type)); |
| ASSERT_TRUE(ASN1_STRING_set(str.get(), t.data.data(), t.data.size())); |
| str->flags = t.str_flags; |
| |
| // If the |BIO| is null, it should measure the size. |
| int len = ASN1_STRING_print_ex(nullptr, str.get(), t.flags); |
| EXPECT_EQ(len, -1); |
| ERR_clear_error(); |
| |
| // Measuring the size should also work for the |FILE| version |
| len = ASN1_STRING_print_ex_fp(nullptr, str.get(), t.flags); |
| EXPECT_EQ(len, -1); |
| ERR_clear_error(); |
| |
| // Actually print the string. |
| bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem())); |
| ASSERT_TRUE(bio); |
| len = ASN1_STRING_print_ex(bio.get(), str.get(), t.flags); |
| EXPECT_EQ(len, -1); |
| ERR_clear_error(); |
| } |
| } |
| |
| TEST(ASN1Test, MBString) { |
| const unsigned long kAll = B_ASN1_PRINTABLESTRING | B_ASN1_IA5STRING | |
| B_ASN1_T61STRING | B_ASN1_BMPSTRING | |
| B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING; |
| |
| const struct { |
| int format; |
| std::vector<uint8_t> in; |
| unsigned long mask; |
| int expected_type; |
| std::vector<uint8_t> expected_data; |
| int num_codepoints; |
| } kTests[] = { |
| // Given a choice of formats, we pick the smallest that fits. |
| {MBSTRING_UTF8, {}, kAll, V_ASN1_PRINTABLESTRING, {}, 0}, |
| {MBSTRING_UTF8, {'a'}, kAll, V_ASN1_PRINTABLESTRING, {'a'}, 1}, |
| {MBSTRING_UTF8, |
| {'a', 'A', '0', '\'', '(', ')', '+', ',', '-', '.', '/', ':', '=', '?'}, |
| kAll, |
| V_ASN1_PRINTABLESTRING, |
| {'a', 'A', '0', '\'', '(', ')', '+', ',', '-', '.', '/', ':', '=', '?'}, |
| 14}, |
| {MBSTRING_UTF8, {'*'}, kAll, V_ASN1_IA5STRING, {'*'}, 1}, |
| {MBSTRING_UTF8, {'\n'}, kAll, V_ASN1_IA5STRING, {'\n'}, 1}, |
| {MBSTRING_UTF8, |
| {0xc2, 0x80 /* U+0080 */}, |
| kAll, |
| V_ASN1_T61STRING, |
| {0x80}, |
| 1}, |
| {MBSTRING_UTF8, |
| {0xc4, 0x80 /* U+0100 */}, |
| kAll, |
| V_ASN1_BMPSTRING, |
| {0x01, 0x00}, |
| 1}, |
| {MBSTRING_UTF8, |
| {0xf0, 0x90, 0x80, 0x80 /* U+10000 */}, |
| kAll, |
| V_ASN1_UNIVERSALSTRING, |
| {0x00, 0x01, 0x00, 0x00}, |
| 1}, |
| {MBSTRING_UTF8, |
| {0xf0, 0x90, 0x80, 0x80 /* U+10000 */}, |
| kAll & ~B_ASN1_UNIVERSALSTRING, |
| V_ASN1_UTF8STRING, |
| {0xf0, 0x90, 0x80, 0x80}, |
| 1}, |
| |
| // NUL is not printable. It should also not terminate iteration. |
| {MBSTRING_UTF8, {0}, kAll, V_ASN1_IA5STRING, {0}, 1}, |
| {MBSTRING_UTF8, {0, 'a'}, kAll, V_ASN1_IA5STRING, {0, 'a'}, 2}, |
| |
| // When a particular format is specified, we use it. |
| {MBSTRING_UTF8, |
| {'a'}, |
| B_ASN1_PRINTABLESTRING, |
| V_ASN1_PRINTABLESTRING, |
| {'a'}, |
| 1}, |
| {MBSTRING_UTF8, {'a'}, B_ASN1_IA5STRING, V_ASN1_IA5STRING, {'a'}, 1}, |
| {MBSTRING_UTF8, {'a'}, B_ASN1_T61STRING, V_ASN1_T61STRING, {'a'}, 1}, |
| {MBSTRING_UTF8, {'a'}, B_ASN1_UTF8STRING, V_ASN1_UTF8STRING, {'a'}, 1}, |
| {MBSTRING_UTF8, |
| {'a'}, |
| B_ASN1_BMPSTRING, |
| V_ASN1_BMPSTRING, |
| {0x00, 'a'}, |
| 1}, |
| {MBSTRING_UTF8, |
| {'a'}, |
| B_ASN1_UNIVERSALSTRING, |
| V_ASN1_UNIVERSALSTRING, |
| {0x00, 0x00, 0x00, 'a'}, |
| 1}, |
| |
| // A long string with characters of many widths, to test sizes are |
| // measured in code points. |
| {MBSTRING_UTF8, |
| { |
| 'a', // |
| 0xc2, 0x80, // U+0080 |
| 0xc4, 0x80, // U+0100 |
| 0xf0, 0x90, 0x80, 0x80, // U+10000 |
| }, |
| B_ASN1_UNIVERSALSTRING, |
| V_ASN1_UNIVERSALSTRING, |
| { |
| 0x00, 0x00, 0x00, 'a', // |
| 0x00, 0x00, 0x00, 0x80, // |
| 0x00, 0x00, 0x01, 0x00, // |
| 0x00, 0x01, 0x00, 0x00, // |
| }, |
| 4}, |
| }; |
| for (const auto &t : kTests) { |
| SCOPED_TRACE(t.format); |
| SCOPED_TRACE(Bytes(t.in)); |
| SCOPED_TRACE(t.mask); |
| |
| // Passing in nullptr should do a dry run. |
| EXPECT_EQ(t.expected_type, |
| ASN1_mbstring_copy(nullptr, t.in.data(), t.in.size(), t.format, |
| t.mask)); |
| |
| // Test allocating a new object. |
| ASN1_STRING *str = nullptr; |
| EXPECT_EQ( |
| t.expected_type, |
| ASN1_mbstring_copy(&str, t.in.data(), t.in.size(), t.format, t.mask)); |
| ASSERT_TRUE(str); |
| EXPECT_EQ(t.expected_type, ASN1_STRING_type(str)); |
| EXPECT_EQ(Bytes(t.expected_data), |
| Bytes(ASN1_STRING_get0_data(str), ASN1_STRING_length(str))); |
| |
| // Test writing into an existing object. |
| ASN1_STRING_free(str); |
| str = ASN1_STRING_new(); |
| ASSERT_TRUE(str); |
| ASN1_STRING *old_str = str; |
| EXPECT_EQ( |
| t.expected_type, |
| ASN1_mbstring_copy(&str, t.in.data(), t.in.size(), t.format, t.mask)); |
| ASSERT_EQ(old_str, str); |
| EXPECT_EQ(t.expected_type, ASN1_STRING_type(str)); |
| EXPECT_EQ(Bytes(t.expected_data), |
| Bytes(ASN1_STRING_get0_data(str), ASN1_STRING_length(str))); |
| ASN1_STRING_free(str); |
| str = nullptr; |
| |
| // minsize and maxsize should be enforced, even in a dry run. |
| EXPECT_EQ(t.expected_type, |
| ASN1_mbstring_ncopy(nullptr, t.in.data(), t.in.size(), t.format, |
| t.mask, /*minsize=*/t.num_codepoints, |
| /*maxsize=*/t.num_codepoints)); |
| |
| EXPECT_EQ(t.expected_type, |
| ASN1_mbstring_ncopy(&str, t.in.data(), t.in.size(), t.format, |
| t.mask, /*minsize=*/t.num_codepoints, |
| /*maxsize=*/t.num_codepoints)); |
| ASSERT_TRUE(str); |
| EXPECT_EQ(t.expected_type, ASN1_STRING_type(str)); |
| EXPECT_EQ(Bytes(t.expected_data), |
| Bytes(ASN1_STRING_get0_data(str), ASN1_STRING_length(str))); |
| ASN1_STRING_free(str); |
| str = nullptr; |
| |
| EXPECT_EQ(-1, ASN1_mbstring_ncopy( |
| nullptr, t.in.data(), t.in.size(), t.format, t.mask, |
| /*minsize=*/t.num_codepoints + 1, /*maxsize=*/0)); |
| ERR_clear_error(); |
| EXPECT_EQ(-1, ASN1_mbstring_ncopy( |
| &str, t.in.data(), t.in.size(), t.format, t.mask, |
| /*minsize=*/t.num_codepoints + 1, /*maxsize=*/0)); |
| EXPECT_FALSE(str); |
| ERR_clear_error(); |
| if (t.num_codepoints > 1) { |
| EXPECT_EQ(-1, ASN1_mbstring_ncopy( |
| nullptr, t.in.data(), t.in.size(), t.format, t.mask, |
| /*minsize=*/0, /*maxsize=*/t.num_codepoints - 1)); |
| ERR_clear_error(); |
| EXPECT_EQ(-1, ASN1_mbstring_ncopy( |
| &str, t.in.data(), t.in.size(), t.format, t.mask, |
| /*minsize=*/0, /*maxsize=*/t.num_codepoints - 1)); |
| EXPECT_FALSE(str); |
| ERR_clear_error(); |
| } |
| } |
| |
| const struct { |
| int format; |
| std::vector<uint8_t> in; |
| unsigned long mask; |
| } kInvalidTests[] = { |
| // Invalid encodings are rejected. |
| {MBSTRING_UTF8, {0xff}, B_ASN1_UTF8STRING}, |
| {MBSTRING_BMP, {0xff}, B_ASN1_UTF8STRING}, |
| {MBSTRING_UNIV, {0xff}, B_ASN1_UTF8STRING}, |
| |
| // Lone surrogates are not code points. |
| {MBSTRING_UTF8, {0xed, 0xa0, 0x80}, B_ASN1_UTF8STRING}, |
| {MBSTRING_BMP, {0xd8, 0x00}, B_ASN1_UTF8STRING}, |
| {MBSTRING_UNIV, {0x00, 0x00, 0xd8, 0x00}, B_ASN1_UTF8STRING}, |
| |
| // The input does not fit in the allowed output types. |
| {MBSTRING_UTF8, {'\n'}, B_ASN1_PRINTABLESTRING}, |
| {MBSTRING_UTF8, |
| {0xc2, 0x80 /* U+0080 */}, |
| B_ASN1_PRINTABLESTRING | B_ASN1_IA5STRING}, |
| {MBSTRING_UTF8, |
| {0xc4, 0x80 /* U+0100 */}, |
| B_ASN1_PRINTABLESTRING | B_ASN1_IA5STRING | B_ASN1_T61STRING}, |
| {MBSTRING_UTF8, |
| {0xf0, 0x90, 0x80, 0x80 /* U+10000 */}, |
| B_ASN1_PRINTABLESTRING | B_ASN1_IA5STRING | B_ASN1_T61STRING | |
| B_ASN1_BMPSTRING}, |
| |
| // Unrecognized bits are ignored. |
| {MBSTRING_UTF8, {'\n'}, B_ASN1_PRINTABLESTRING | B_ASN1_SEQUENCE}, |
| }; |
| for (const auto &t : kInvalidTests) { |
| SCOPED_TRACE(t.format); |
| SCOPED_TRACE(Bytes(t.in)); |
| SCOPED_TRACE(t.mask); |
| |
| EXPECT_EQ(-1, ASN1_mbstring_copy(nullptr, t.in.data(), t.in.size(), |
| t.format, t.mask)); |
| ERR_clear_error(); |
| |
| ASN1_STRING *str = nullptr; |
| EXPECT_EQ(-1, ASN1_mbstring_copy(&str, t.in.data(), t.in.size(), |
| t.format, t.mask)); |
| ERR_clear_error(); |
| EXPECT_EQ(nullptr, str); |
| } |
| } |
| |
| TEST(ASN1Test, StringByNID) { |
| // |ASN1_mbstring_*| tests above test most of the interactions with |inform|, |
| // so all tests below use UTF-8. |
| const struct { |
| int nid; |
| std::string in; |
| int expected_type; |
| std::string expected; |
| } kTests[] = { |
| // Although DirectoryString and PKCS9String allow many types of strings, |
| // we prefer UTF8String. |
| {NID_commonName, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_commonName, "\xe2\x98\x83", V_ASN1_UTF8STRING, "\xe2\x98\x83"}, |
| {NID_localityName, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_stateOrProvinceName, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_organizationName, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_organizationalUnitName, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_pkcs9_unstructuredName, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_pkcs9_challengePassword, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_pkcs9_unstructuredAddress, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_givenName, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_givenName, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_givenName, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_surname, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_initials, "abc", V_ASN1_UTF8STRING, "abc"}, |
| {NID_name, "abc", V_ASN1_UTF8STRING, "abc"}, |
| |
| // Some attribute types use a particular string type. |
| {NID_countryName, "US", V_ASN1_PRINTABLESTRING, "US"}, |
| {NID_pkcs9_emailAddress, "example@example.com", V_ASN1_IA5STRING, |
| "example@example.com"}, |
| {NID_serialNumber, "1234", V_ASN1_PRINTABLESTRING, "1234"}, |
| {NID_friendlyName, "abc", V_ASN1_BMPSTRING, |
| std::string({'\0', 'a', '\0', 'b', '\0', 'c'})}, |
| {NID_dnQualifier, "US", V_ASN1_PRINTABLESTRING, "US"}, |
| {NID_domainComponent, "com", V_ASN1_IA5STRING, "com"}, |
| {NID_ms_csp_name, "abc", V_ASN1_BMPSTRING, |
| std::string({'\0', 'a', '\0', 'b', '\0', 'c'})}, |
| |
| // Unknown NIDs default to UTF8String. |
| {NID_rsaEncryption, "abc", V_ASN1_UTF8STRING, "abc"}, |
| }; |
| for (const auto &t : kTests) { |
| SCOPED_TRACE(t.nid); |
| SCOPED_TRACE(t.in); |
| |
| // Test allocating a new object. |
| bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_set_by_NID( |
| nullptr, reinterpret_cast<const uint8_t *>(t.in.data()), t.in.size(), |
| MBSTRING_UTF8, t.nid)); |
| ASSERT_TRUE(str); |
| EXPECT_EQ(t.expected_type, ASN1_STRING_type(str.get())); |
| EXPECT_EQ(Bytes(t.expected), Bytes(ASN1_STRING_get0_data(str.get()), |
| ASN1_STRING_length(str.get()))); |
| |
| // Test writing into an existing object. |
| str.reset(ASN1_STRING_new()); |
| ASSERT_TRUE(str); |
| ASN1_STRING *old_str = str.get(); |
| ASSERT_TRUE(ASN1_STRING_set_by_NID( |
| &old_str, reinterpret_cast<const uint8_t *>(t.in.data()), t.in.size(), |
| MBSTRING_UTF8, t.nid)); |
| ASSERT_EQ(old_str, str.get()); |
| EXPECT_EQ(t.expected_type, ASN1_STRING_type(str.get())); |
| EXPECT_EQ(Bytes(t.expected), Bytes(ASN1_STRING_get0_data(str.get()), |
| ASN1_STRING_length(str.get()))); |
| } |
| |
| const struct { |
| int nid; |
| std::string in; |
| } kInvalidTests[] = { |
| // DirectoryString forbids empty inputs. |
| {NID_commonName, ""}, |
| {NID_localityName, ""}, |
| {NID_stateOrProvinceName, ""}, |
| {NID_organizationName, ""}, |
| {NID_organizationalUnitName, ""}, |
| {NID_pkcs9_unstructuredName, ""}, |
| {NID_pkcs9_challengePassword, ""}, |
| {NID_pkcs9_unstructuredAddress, ""}, |
| {NID_givenName, ""}, |
| {NID_givenName, ""}, |
| {NID_givenName, ""}, |
| {NID_surname, ""}, |
| {NID_initials, ""}, |
| {NID_name, ""}, |
| |
| // Test upper bounds from RFC 5280. |
| {NID_name, std::string(32769, 'a')}, |
| {NID_commonName, std::string(65, 'a')}, |
| {NID_localityName, std::string(129, 'a')}, |
| {NID_stateOrProvinceName, std::string(129, 'a')}, |
| {NID_organizationName, std::string(65, 'a')}, |
| {NID_organizationalUnitName, std::string(65, 'a')}, |
| {NID_pkcs9_emailAddress, std::string(256, 'a')}, |
| {NID_serialNumber, std::string(65, 'a')}, |
| |
| // X520countryName must be exactly two characters. |
| {NID_countryName, "A"}, |
| {NID_countryName, "AAA"}, |
| |
| // Some string types cannot represent all codepoints. |
| {NID_countryName, "\xe2\x98\x83"}, |
| {NID_pkcs9_emailAddress, "\xe2\x98\x83"}, |
| {NID_serialNumber, "\xe2\x98\x83"}, |
| {NID_dnQualifier, "\xe2\x98\x83"}, |
| {NID_domainComponent, "\xe2\x98\x83"}, |
| }; |
| for (const auto &t : kInvalidTests) { |
| SCOPED_TRACE(t.nid); |
| SCOPED_TRACE(t.in); |
| bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_set_by_NID( |
| nullptr, reinterpret_cast<const uint8_t *>(t.in.data()), t.in.size(), |
| MBSTRING_UTF8, t.nid)); |
| EXPECT_FALSE(str); |
| ERR_clear_error(); |
| } |
| } |
| |
| TEST(ASN1Test, StringByCustomNID) { |
| // This test affects library-global state. We rely on nothing else in the test |
| // suite using these OIDs. |
| int nid1 = OBJ_create("1.2.840.113554.4.1.72585.1000", "custom OID 1000", |
| "custom OID 1000"); |
| ASSERT_NE(NID_undef, nid1); |
| int nid2 = OBJ_create("1.2.840.113554.4.1.72585.1001", "custom OID 1001", |
| "custom OID 1001"); |
| ASSERT_NE(NID_undef, nid2); |
| |
| // Values registered in the string table should be picked up. |
| ASSERT_TRUE(ASN1_STRING_TABLE_add(nid1, 5, 10, V_ASN1_PRINTABLESTRING, |
| STABLE_NO_MASK)); |
| bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_set_by_NID( |
| nullptr, reinterpret_cast<const uint8_t *>("12345"), 5, MBSTRING_UTF8, |
| nid1)); |
| ASSERT_TRUE(str); |
| EXPECT_EQ(V_ASN1_PRINTABLESTRING, ASN1_STRING_type(str.get())); |
| EXPECT_EQ(Bytes("12345"), Bytes(ASN1_STRING_get0_data(str.get()), |
| ASN1_STRING_length(str.get()))); |
| |
| // Minimum and maximum lengths are enforced. |
| str.reset(ASN1_STRING_set_by_NID( |
| nullptr, reinterpret_cast<const uint8_t *>("1234"), 4, MBSTRING_UTF8, |
| nid1)); |
| EXPECT_FALSE(str); |
| ERR_clear_error(); |
| str.reset(ASN1_STRING_set_by_NID( |
| nullptr, reinterpret_cast<const uint8_t *>("12345678901"), 11, |
| MBSTRING_UTF8, nid1)); |
| EXPECT_FALSE(str); |
| ERR_clear_error(); |
| |
| // Without |STABLE_NO_MASK|, we always pick UTF8String. -1 means there is no |
| // length limit. |
| ASSERT_TRUE(ASN1_STRING_TABLE_add(nid2, -1, -1, DIRSTRING_TYPE, 0)); |
| str.reset(ASN1_STRING_set_by_NID(nullptr, |
| reinterpret_cast<const uint8_t *>("12345"), |
| 5, MBSTRING_UTF8, nid2)); |
| ASSERT_TRUE(str); |
| EXPECT_EQ(V_ASN1_UTF8STRING, ASN1_STRING_type(str.get())); |
| EXPECT_EQ(Bytes("12345"), Bytes(ASN1_STRING_get0_data(str.get()), |
| ASN1_STRING_length(str.get()))); |
| |
| // Overriding existing entries, built-in or custom, is an error. |
| EXPECT_FALSE( |
| ASN1_STRING_TABLE_add(NID_countryName, -1, -1, DIRSTRING_TYPE, 0)); |
| EXPECT_FALSE(ASN1_STRING_TABLE_add(nid1, -1, -1, DIRSTRING_TYPE, 0)); |
| } |
| |
| #if defined(OPENSSL_THREADS) |
| TEST(ASN1Test, StringByCustomNIDThreads) { |
| // This test affects library-global state. We rely on nothing else in the test |
| // suite using these OIDs. |
| int nid1 = OBJ_create("1.2.840.113554.4.1.72585.1002", "custom OID 1002", |
| "custom OID 1002"); |
| ASSERT_NE(NID_undef, nid1); |
| int nid2 = OBJ_create("1.2.840.113554.4.1.72585.1003", "custom OID 1003", |
| "custom OID 1003"); |
| ASSERT_NE(NID_undef, nid2); |
| |
| std::vector<std::thread> threads; |
| threads.emplace_back([&] { |
| ASSERT_TRUE(ASN1_STRING_TABLE_add(nid1, 5, 10, V_ASN1_PRINTABLESTRING, |
| STABLE_NO_MASK)); |
| bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_set_by_NID( |
| nullptr, reinterpret_cast<const uint8_t *>("12345"), 5, MBSTRING_UTF8, |
| nid1)); |
| ASSERT_TRUE(str); |
| EXPECT_EQ(V_ASN1_PRINTABLESTRING, ASN1_STRING_type(str.get())); |
| EXPECT_EQ(Bytes("12345"), Bytes(ASN1_STRING_get0_data(str.get()), |
| ASN1_STRING_length(str.get()))); |
| }); |
| threads.emplace_back([&] { |
| ASSERT_TRUE(ASN1_STRING_TABLE_add(nid2, 5, 10, V_ASN1_PRINTABLESTRING, |
| STABLE_NO_MASK)); |
| bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_set_by_NID( |
| nullptr, reinterpret_cast<const uint8_t *>("12345"), 5, MBSTRING_UTF8, |
| nid2)); |
| ASSERT_TRUE(str); |
| EXPECT_EQ(V_ASN1_PRINTABLESTRING, ASN1_STRING_type(str.get())); |
| EXPECT_EQ(Bytes("12345"), Bytes(ASN1_STRING_get0_data(str.get()), |
| ASN1_STRING_length(str.get()))); |
| }); |
| for (auto &thread : threads) { |
| thread.join(); |
| } |
| } |
| #endif // OPENSSL_THREADS |
| |
| // Test that multi-string types correctly encode negative ENUMERATED. |
| // Multi-string types cannot contain INTEGER, so we only test ENUMERATED. |
| TEST(ASN1Test, NegativeEnumeratedMultistring) { |
| static const uint8_t kMinusOne[] = {0x0a, 0x01, 0xff}; // ENUMERATED { -1 } |
| // |ASN1_PRINTABLE| is a multi-string type that allows ENUMERATED. |
| const uint8_t *p = kMinusOne; |
| bssl::UniquePtr<ASN1_STRING> str( |
| d2i_ASN1_PRINTABLE(nullptr, &p, sizeof(kMinusOne))); |
| ASSERT_TRUE(str); |
| TestSerialize(str.get(), i2d_ASN1_PRINTABLE, kMinusOne); |
| } |
| |
| TEST(ASN1Test, PrintableType) { |
| const struct { |
| std::vector<uint8_t> in; |
| int result; |
| } kTests[] = { |
| {{}, V_ASN1_PRINTABLESTRING}, |
| {{'a', 'A', '0', '\'', '(', ')', '+', ',', '-', '.', '/', ':', '=', '?'}, |
| V_ASN1_PRINTABLESTRING}, |
| {{'*'}, V_ASN1_IA5STRING}, |
| {{'\0'}, V_ASN1_IA5STRING}, |
| {{'\0', 'a'}, V_ASN1_IA5STRING}, |
| {{0, 1, 2, 3, 125, 126, 127}, V_ASN1_IA5STRING}, |
| {{0, 1, 2, 3, 125, 126, 127, 128}, V_ASN1_T61STRING}, |
| {{128, 0, 1, 2, 3, 125, 126, 127}, V_ASN1_T61STRING}, |
| }; |
| for (const auto &t : kTests) { |
| SCOPED_TRACE(Bytes(t.in)); |
| EXPECT_EQ(t.result, ASN1_PRINTABLE_type(t.in.data(), t.in.size())); |
| } |
| } |
| |
| // Encoding a CHOICE type with an invalid selector should fail. |
| TEST(ASN1Test, InvalidChoice) { |
| bssl::UniquePtr<GENERAL_NAME> name(GENERAL_NAME_new()); |
| ASSERT_TRUE(name); |
| // CHOICE types are initialized with an invalid selector. |
| EXPECT_EQ(-1, name->type); |
| // |name| should fail to encode. |
| EXPECT_EQ(-1, i2d_GENERAL_NAME(name.get(), nullptr)); |
| |
| // The error should be propagated through types containing |name|. |
| bssl::UniquePtr<GENERAL_NAMES> names(GENERAL_NAMES_new()); |
| ASSERT_TRUE(names); |
| EXPECT_TRUE(bssl::PushToStack(names.get(), std::move(name))); |
| EXPECT_EQ(-1, i2d_GENERAL_NAMES(names.get(), nullptr)); |
| } |
| |
| // Encoding NID-only |ASN1_OBJECT|s should fail. |
| TEST(ASN1Test, InvalidObject) { |
| EXPECT_EQ(-1, i2d_ASN1_OBJECT(OBJ_nid2obj(NID_kx_ecdhe), nullptr)); |
| |
| bssl::UniquePtr<X509_ALGOR> alg(X509_ALGOR_new()); |
| ASSERT_TRUE(alg); |
| ASSERT_TRUE(X509_ALGOR_set0(alg.get(), OBJ_nid2obj(NID_kx_ecdhe), |
| V_ASN1_UNDEF, nullptr)); |
| EXPECT_EQ(-1, i2d_X509_ALGOR(alg.get(), nullptr)); |
| } |
| |
| // Encoding invalid |ASN1_TYPE|s should fail. |ASN1_TYPE|s are |
| // default-initialized to an invalid type. |
| TEST(ASN1Test, InvalidASN1Type) { |
| bssl::UniquePtr<ASN1_TYPE> obj(ASN1_TYPE_new()); |
| ASSERT_TRUE(obj); |
| EXPECT_EQ(-1, obj->type); |
| EXPECT_EQ(-1, i2d_ASN1_TYPE(obj.get(), nullptr)); |
| } |
| |
| // Encoding invalid MSTRING types should fail. An MSTRING is a CHOICE of |
| // string-like types. They are initialized to an invalid type. |
| TEST(ASN1Test, InvalidMSTRING) { |
| bssl::UniquePtr<ASN1_STRING> obj(ASN1_TIME_new()); |
| ASSERT_TRUE(obj); |
| EXPECT_EQ(-1, obj->type); |
| EXPECT_EQ(-1, i2d_ASN1_TIME(obj.get(), nullptr)); |
| |
| obj.reset(DIRECTORYSTRING_new()); |
| ASSERT_TRUE(obj); |
| EXPECT_EQ(-1, obj->type); |
| EXPECT_EQ(-1, i2d_DIRECTORYSTRING(obj.get(), nullptr)); |
| } |
| |
| TEST(ASN1Test, StringTableSorted) { |
| const ASN1_STRING_TABLE *table; |
| size_t table_len; |
| asn1_get_string_table_for_testing(&table, &table_len); |
| for (size_t i = 1; i < table_len; i++) { |
| EXPECT_LT(table[i-1].nid, table[i].nid); |
| } |
| } |
| |
| TEST(ASN1Test, Null) { |
| // An |ASN1_NULL| is an opaque, non-null pointer. It is an arbitrary signaling |
| // value and does not need to be freed. (If the pointer is null, this is an |
| // omitted OPTIONAL NULL.) |
| EXPECT_NE(nullptr, ASN1_NULL_new()); |
| |
| // It is safe to free either the non-null pointer or the null one. |
| ASN1_NULL_free(ASN1_NULL_new()); |
| ASN1_NULL_free(nullptr); |
| |
| // A NULL may be decoded. |
| static const uint8_t kNull[] = {0x05, 0x00}; |
| const uint8_t *ptr = kNull; |
| EXPECT_NE(nullptr, d2i_ASN1_NULL(nullptr, &ptr, sizeof(kNull))); |
| EXPECT_EQ(ptr, kNull + sizeof(kNull)); |
| |
| // It may also be re-encoded. |
| uint8_t *enc = nullptr; |
| int enc_len = i2d_ASN1_NULL(ASN1_NULL_new(), &enc); |
| ASSERT_GE(enc_len, 0); |
| EXPECT_EQ(Bytes(kNull), Bytes(enc, enc_len)); |
| OPENSSL_free(enc); |
| enc = nullptr; |
| |
| // Although the standalone representation of NULL is a non-null pointer, the |
| // |ASN1_TYPE| representation is a null pointer. |
| ptr = kNull; |
| bssl::UniquePtr<ASN1_TYPE> null_type( |
| d2i_ASN1_TYPE(nullptr, &ptr, sizeof(kNull))); |
| ASSERT_TRUE(null_type); |
| EXPECT_EQ(ptr, kNull + sizeof(kNull)); |
| EXPECT_EQ(V_ASN1_NULL, ASN1_TYPE_get(null_type.get())); |
| EXPECT_EQ(nullptr, null_type->value.ptr); |
| } |
| |
| TEST(ASN1Test, Pack) { |
| bssl::UniquePtr<BASIC_CONSTRAINTS> val(BASIC_CONSTRAINTS_new()); |
| ASSERT_TRUE(val); |
| val->ca = 0; |
| |
| // Test all three calling conventions. |
| static const uint8_t kExpected[] = {0x30, 0x00}; |
| bssl::UniquePtr<ASN1_STRING> str( |
| ASN1_item_pack(val.get(), ASN1_ITEM_rptr(BASIC_CONSTRAINTS), nullptr)); |
| ASSERT_TRUE(str); |
| EXPECT_EQ( |
| Bytes(ASN1_STRING_get0_data(str.get()), ASN1_STRING_length(str.get())), |
| Bytes(kExpected)); |
| |
| ASN1_STRING *raw = nullptr; |
| str.reset(ASN1_item_pack(val.get(), ASN1_ITEM_rptr(BASIC_CONSTRAINTS), &raw)); |
| ASSERT_TRUE(str); |
| EXPECT_EQ(raw, str.get()); |
| EXPECT_EQ( |
| Bytes(ASN1_STRING_get0_data(str.get()), ASN1_STRING_length(str.get())), |
| Bytes(kExpected)); |
| |
| str.reset(ASN1_STRING_new()); |
| ASSERT_TRUE(str); |
| raw = str.get(); |
| EXPECT_TRUE( |
| ASN1_item_pack(val.get(), ASN1_ITEM_rptr(BASIC_CONSTRAINTS), &raw)); |
| EXPECT_EQ(raw, str.get()); |
| EXPECT_EQ( |
| Bytes(ASN1_STRING_get0_data(str.get()), ASN1_STRING_length(str.get())), |
| Bytes(kExpected)); |
| } |
| |
| TEST(ASN1Test, Unpack) { |
| bssl::UniquePtr<ASN1_STRING> str(ASN1_STRING_new()); |
| ASSERT_TRUE(str); |
| |
| static const uint8_t kValid[] = {0x30, 0x00}; |
| ASSERT_TRUE( |
| ASN1_STRING_set(str.get(), kValid, sizeof(kValid))); |
| bssl::UniquePtr<BASIC_CONSTRAINTS> val(static_cast<BASIC_CONSTRAINTS *>( |
| ASN1_item_unpack(str.get(), ASN1_ITEM_rptr(BASIC_CONSTRAINTS)))); |
| ASSERT_TRUE(val); |
| EXPECT_EQ(val->ca, 0); |
| EXPECT_EQ(val->pathlen, nullptr); |
| |
| static const uint8_t kInvalid[] = {0x31, 0x00}; |
| ASSERT_TRUE(ASN1_STRING_set(str.get(), kInvalid, sizeof(kInvalid))); |
| val.reset(static_cast<BASIC_CONSTRAINTS *>( |
| ASN1_item_unpack(str.get(), ASN1_ITEM_rptr(BASIC_CONSTRAINTS)))); |
| EXPECT_FALSE(val); |
| |
| static const uint8_t kTraiilingData[] = {0x30, 0x00, 0x00}; |
| ASSERT_TRUE( |
| ASN1_STRING_set(str.get(), kTraiilingData, sizeof(kTraiilingData))); |
| val.reset(static_cast<BASIC_CONSTRAINTS *>( |
| ASN1_item_unpack(str.get(), ASN1_ITEM_rptr(BASIC_CONSTRAINTS)))); |
| EXPECT_FALSE(val); |
| } |
| |
| TEST(ASN1Test, StringCmp) { |
| struct Input { |
| int type; |
| std::vector<uint8_t> data; |
| int flags; |
| bool equals_previous; |
| }; |
| // kInputs is a list of |ASN1_STRING| parameters, in sorted order. The input |
| // should be sorted by bit length, then data, then type. |
| const Input kInputs[] = { |
| {V_ASN1_BIT_STRING, {}, ASN1_STRING_FLAG_BITS_LEFT | 0, false}, |
| {V_ASN1_BIT_STRING, {}, 0, true}, |
| // When |ASN1_STRING_FLAG_BITS_LEFT| is unset, BIT STRINGs implicitly |
| // drop trailing zeros. |
| {V_ASN1_BIT_STRING, {0x00, 0x00, 0x00, 0x00}, 0, true}, |
| |
| {V_ASN1_OCTET_STRING, {}, 0, false}, |
| {V_ASN1_UTF8STRING, {}, 0, false}, |
| |
| // BIT STRINGs with padding bits (i.e. not part of the actual value) are |
| // shorter and thus sort earlier: |
| // 1-bit inputs. |
| {V_ASN1_BIT_STRING, {0x00}, ASN1_STRING_FLAG_BITS_LEFT | 7, false}, |
| {V_ASN1_BIT_STRING, {0x80}, ASN1_STRING_FLAG_BITS_LEFT | 7, false}, |
| // 2-bit inputs. |
| {V_ASN1_BIT_STRING, {0x00}, ASN1_STRING_FLAG_BITS_LEFT | 6, false}, |
| {V_ASN1_BIT_STRING, {0xc0}, ASN1_STRING_FLAG_BITS_LEFT | 6, false}, |
| // 3-bit inputs. |
| {V_ASN1_BIT_STRING, {0x00}, ASN1_STRING_FLAG_BITS_LEFT | 5, false}, |
| {V_ASN1_BIT_STRING, {0xe0}, ASN1_STRING_FLAG_BITS_LEFT | 5, false}, |
| // 4-bit inputs. |
| {V_ASN1_BIT_STRING, {0xf0}, ASN1_STRING_FLAG_BITS_LEFT | 4, false}, |
| {V_ASN1_BIT_STRING, {0xf0}, 0, true}, // 4 trailing zeros dropped. |
| {V_ASN1_BIT_STRING, {0xf0, 0x00}, 0, true}, // 12 trailing zeros dropped. |
| // 5-bit inputs. |
| {V_ASN1_BIT_STRING, {0x00}, ASN1_STRING_FLAG_BITS_LEFT | 3, false}, |
| {V_ASN1_BIT_STRING, {0xf0}, ASN1_STRING_FLAG_BITS_LEFT | 3, false}, |
| {V_ASN1_BIT_STRING, {0xf8}, ASN1_STRING_FLAG_BITS_LEFT | 3, false}, |
| // 6-bit inputs. |
| {V_ASN1_BIT_STRING, {0x00}, ASN1_STRING_FLAG_BITS_LEFT | 2, false}, |
| {V_ASN1_BIT_STRING, {0xf0}, ASN1_STRING_FLAG_BITS_LEFT | 2, false}, |
| {V_ASN1_BIT_STRING, {0xfc}, ASN1_STRING_FLAG_BITS_LEFT | 2, false}, |
| // 7-bit inputs. |
| {V_ASN1_BIT_STRING, {0x00}, ASN1_STRING_FLAG_BITS_LEFT | 1, false}, |
| {V_ASN1_BIT_STRING, {0xf0}, ASN1_STRING_FLAG_BITS_LEFT | 1, false}, |
| {V_ASN1_BIT_STRING, {0xfe}, ASN1_STRING_FLAG_BITS_LEFT | 1, false}, |
| |
| // 8-bit inputs. |
| {V_ASN1_BIT_STRING, {0x00}, ASN1_STRING_FLAG_BITS_LEFT | 0, false}, |
| {V_ASN1_OCTET_STRING, {0x00}, 0, false}, |
| {V_ASN1_UTF8STRING, {0x00}, 0, false}, |
| |
| {V_ASN1_BIT_STRING, {0x80}, ASN1_STRING_FLAG_BITS_LEFT | 0, false}, |
| {V_ASN1_OCTET_STRING, {0x80}, 0, false}, |
| {V_ASN1_UTF8STRING, {0x80}, 0, false}, |
| |
| {V_ASN1_BIT_STRING, {0xff}, ASN1_STRING_FLAG_BITS_LEFT | 0, false}, |
| {V_ASN1_BIT_STRING, {0xff}, 0, true}, // No trailing zeros to drop. |
| {V_ASN1_OCTET_STRING, {0xff}, 0, false}, |
| {V_ASN1_UTF8STRING, {0xff}, 0, false}, |
| |
| // Bytes are compared lexicographically. |
| {V_ASN1_BIT_STRING, {0x00, 0x00}, ASN1_STRING_FLAG_BITS_LEFT | 0, false}, |
| {V_ASN1_OCTET_STRING, {0x00, 0x00}, 0, false}, |
| {V_ASN1_UTF8STRING, {0x00, 0x00}, 0, false}, |
| |
| {V_ASN1_BIT_STRING, {0x00, 0xff}, ASN1_STRING_FLAG_BITS_LEFT | 0, false}, |
| {V_ASN1_OCTET_STRING, {0x00, 0xff}, 0, false}, |
| {V_ASN1_UTF8STRING, {0x00, 0xff}, 0, false}, |
| |
| {V_ASN1_BIT_STRING, {0xff, 0x00}, ASN1_STRING_FLAG_BITS_LEFT | 0, false}, |
| {V_ASN1_OCTET_STRING, {0xff, 0x00}, 0, false}, |
| {V_ASN1_UTF8STRING, {0xff, 0x00}, 0, false}, |
| }; |
| std::vector<bssl::UniquePtr<ASN1_STRING>> strs; |
| strs.reserve(OPENSSL_ARRAY_SIZE(kInputs)); |
| for (const auto &input : kInputs) { |
| strs.emplace_back(ASN1_STRING_type_new(input.type)); |
| ASSERT_TRUE(strs.back()); |
| ASSERT_TRUE(ASN1_STRING_set(strs.back().get(), input.data.data(), |
| input.data.size())); |
| strs.back()->flags = input.flags; |
| } |
| |
| for (size_t i = 0; i < strs.size(); i++) { |
| SCOPED_TRACE(i); |
| bool expect_equal = true; |
| for (size_t j = i; j < strs.size(); j++) { |
| SCOPED_TRACE(j); |
| if (j > i && !kInputs[j].equals_previous) { |
| expect_equal = false; |
| } |
| |
| const int cmp_i_j = ASN1_STRING_cmp(strs[i].get(), strs[j].get()); |
| const int cmp_j_i = ASN1_STRING_cmp(strs[j].get(), strs[i].get()); |
| if (expect_equal) { |
| EXPECT_EQ(cmp_i_j, 0); |
| EXPECT_EQ(cmp_j_i, 0); |
| } else if (i < j) { |
| EXPECT_LT(cmp_i_j, 0); |
| EXPECT_GT(cmp_j_i, 0); |
| } else { |
| EXPECT_GT(cmp_i_j, 0); |
| EXPECT_LT(cmp_j_i, 0); |
| } |
| } |
| } |
| } |
| |
| TEST(ASN1Test, PrintASN1Object) { |
| const struct { |
| std::vector<uint8_t> in; |
| const char *expected; |
| } kDataTests[] = { |
| // Known OIDs print as the name. |
| {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01}, "rsaEncryption"}, |
| |
| // Unknown OIDs print in decimal. |
| {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x00}, |
| "1.2.840.113554.4.1.72585.0"}, |
| |
| // Inputs which cannot be parsed as OIDs print as "<INVALID>". |
| {{0xff}, "<INVALID>"}, |
| |
| // The function has an internal 80-byte buffer. Test inputs at that |
| // boundary. First, 78 characters. |
| {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, |
| 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, |
| "1.2.840.113554.4.1.72585.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0." |
| "0.0.0.1"}, |
| // 79 characters. |
| {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, |
| 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a}, |
| "1.2.840.113554.4.1.72585.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0." |
| "0.0.0.10"}, |
| // 80 characters. |
| {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, |
| 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x64}, |
| "1.2.840.113554.4.1.72585.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0." |
| "0.0.0.100"}, |
| // 81 characters. |
| {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, |
| 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87, 0x68}, |
| "1.2.840.113554.4.1.72585.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0." |
| "0.0.0.1000"}, |
| // 82 characters. |
| {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, |
| 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xce, 0x10}, |
| "1.2.840.113554.4.1.72585.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0." |
| "0.0.0.10000"}, |
| }; |
| for (const auto &t : kDataTests) { |
| SCOPED_TRACE(Bytes(t.in)); |
| bssl::UniquePtr<ASN1_OBJECT> obj(ASN1_OBJECT_create( |
| NID_undef, t.in.data(), t.in.size(), /*sn=*/nullptr, /*ln=*/nullptr)); |
| ASSERT_TRUE(obj); |
| bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem())); |
| ASSERT_TRUE(bio); |
| |
| int len = i2a_ASN1_OBJECT(bio.get(), obj.get()); |
| EXPECT_EQ(len, static_cast<int>(strlen(t.expected))); |
| |
| const uint8_t *bio_data; |
| size_t bio_len; |
| BIO_mem_contents(bio.get(), &bio_data, &bio_len); |
| EXPECT_EQ(t.expected, |
| std::string(reinterpret_cast<const char *>(bio_data), bio_len)); |
| } |
| |
| // Test writing NULL. |
| bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem())); |
| ASSERT_TRUE(bio); |
| int len = i2a_ASN1_OBJECT(bio.get(), nullptr); |
| EXPECT_EQ(len, 4); |
| const uint8_t *bio_data; |
| size_t bio_len; |
| BIO_mem_contents(bio.get(), &bio_data, &bio_len); |
| EXPECT_EQ("NULL", |
| std::string(reinterpret_cast<const char *>(bio_data), bio_len)); |
| } |
| |
| TEST(ASN1, GetObject) { |
| // The header is valid, but there are not enough bytes for the length. |
| static const uint8_t kTruncated[] = {0x30, 0x01}; |
| const uint8_t *ptr = kTruncated; |
| long length; |
| int tag; |
| int tag_class; |
| EXPECT_EQ(0x80, ASN1_get_object(&ptr, &length, &tag, &tag_class, |
| sizeof(kTruncated))); |
| |
| static const uint8_t kIndefinite[] = {0x30, 0x80, 0x00, 0x00}; |
| ptr = kIndefinite; |
| EXPECT_EQ(0x80, ASN1_get_object(&ptr, &length, &tag, &tag_class, |
| sizeof(kIndefinite))); |
| } |
| |
| // The ASN.1 macros do not work on Windows shared library builds, where usage of |
| // |OPENSSL_EXPORT| is a bit stricter. |
| #if !defined(OPENSSL_WINDOWS) || !defined(BORINGSSL_SHARED_LIBRARY) |
| |
| typedef struct asn1_linked_list_st { |
| struct asn1_linked_list_st *next; |
| } ASN1_LINKED_LIST; |
| |
| DECLARE_ASN1_ITEM(ASN1_LINKED_LIST) |
| DECLARE_ASN1_FUNCTIONS(ASN1_LINKED_LIST) |
| |
| ASN1_SEQUENCE(ASN1_LINKED_LIST) = { |
| ASN1_OPT(ASN1_LINKED_LIST, next, ASN1_LINKED_LIST), |
| } ASN1_SEQUENCE_END(ASN1_LINKED_LIST) |
| |
| IMPLEMENT_ASN1_FUNCTIONS(ASN1_LINKED_LIST) |
| |
| static bool MakeLinkedList(bssl::UniquePtr<uint8_t> *out, size_t *out_len, |
| size_t count) { |
| bssl::ScopedCBB cbb; |
| std::vector<CBB> cbbs(count); |
| if (!CBB_init(cbb.get(), 2 * count) || |
| !CBB_add_asn1(cbb.get(), &cbbs[0], CBS_ASN1_SEQUENCE)) { |
| return false; |
| } |
| for (size_t i = 1; i < count; i++) { |
| if (!CBB_add_asn1(&cbbs[i - 1], &cbbs[i], CBS_ASN1_SEQUENCE)) { |
| return false; |
| } |
| } |
| uint8_t *ptr; |
| if (!CBB_finish(cbb.get(), &ptr, out_len)) { |
| return false; |
| } |
| out->reset(ptr); |
| return true; |
| } |
| |
| TEST(ASN1Test, Recursive) { |
| bssl::UniquePtr<uint8_t> data; |
| size_t len; |
| |
| // Sanity-check that MakeLinkedList can be parsed. |
| ASSERT_TRUE(MakeLinkedList(&data, &len, 5)); |
| const uint8_t *ptr = data.get(); |
| ASN1_LINKED_LIST *list = d2i_ASN1_LINKED_LIST(nullptr, &ptr, len); |
| EXPECT_TRUE(list); |
| ASN1_LINKED_LIST_free(list); |
| |
| // Excessively deep structures are rejected. |
| ASSERT_TRUE(MakeLinkedList(&data, &len, 100)); |
| ptr = data.get(); |
| list = d2i_ASN1_LINKED_LIST(nullptr, &ptr, len); |
| EXPECT_FALSE(list); |
| // Note checking the error queue here does not work. The error "stack trace" |
| // is too deep, so the |ASN1_R_NESTED_TOO_DEEP| entry drops off the queue. |
| ASN1_LINKED_LIST_free(list); |
| } |
| |
| struct IMPLICIT_CHOICE { |
| ASN1_STRING *string; |
| }; |
| |
| DECLARE_ASN1_FUNCTIONS(IMPLICIT_CHOICE) |
| |
| ASN1_SEQUENCE(IMPLICIT_CHOICE) = { |
| ASN1_IMP(IMPLICIT_CHOICE, string, DIRECTORYSTRING, 0), |
| } ASN1_SEQUENCE_END(IMPLICIT_CHOICE) |
| |
| IMPLEMENT_ASN1_FUNCTIONS(IMPLICIT_CHOICE) |
| |
| // Test that the ASN.1 templates reject types with implicitly-tagged CHOICE |
| // types. |
| TEST(ASN1Test, ImplicitChoice) { |
| // Serializing a type with an implicitly tagged CHOICE should fail. |
| std::unique_ptr<IMPLICIT_CHOICE, decltype(&IMPLICIT_CHOICE_free)> obj( |
| IMPLICIT_CHOICE_new(), IMPLICIT_CHOICE_free); |
| EXPECT_EQ(-1, i2d_IMPLICIT_CHOICE(obj.get(), nullptr)); |
| |
| // An implicitly-tagged CHOICE is an error. Depending on the implementation, |
| // it may be misinterpreted as without the tag, or as clobbering the CHOICE |
| // tag. Test both inputs and ensure they fail. |
| |
| // SEQUENCE { UTF8String {} } |
| static const uint8_t kInput1[] = {0x30, 0x02, 0x0c, 0x00}; |
| const uint8_t *ptr = kInput1; |
| EXPECT_EQ(nullptr, d2i_IMPLICIT_CHOICE(nullptr, &ptr, sizeof(kInput1))); |
| |
| // SEQUENCE { [0 PRIMITIVE] {} } |
| static const uint8_t kInput2[] = {0x30, 0x02, 0x80, 0x00}; |
| ptr = kInput2; |
| EXPECT_EQ(nullptr, d2i_IMPLICIT_CHOICE(nullptr, &ptr, sizeof(kInput2))); |
| } |
| |
| struct REQUIRED_FIELD { |
| ASN1_INTEGER *value; |
| ASN1_INTEGER *value_imp; |
| ASN1_INTEGER *value_exp; |
| STACK_OF(ASN1_INTEGER) *seq; |
| STACK_OF(ASN1_INTEGER) *seq_imp; |
| STACK_OF(ASN1_INTEGER) *seq_exp; |
| ASN1_NULL *null; |
| ASN1_NULL *null_imp; |
| ASN1_NULL *null_exp; |
| }; |
| |
| DECLARE_ASN1_FUNCTIONS(REQUIRED_FIELD) |
| ASN1_SEQUENCE(REQUIRED_FIELD) = { |
| ASN1_SIMPLE(REQUIRED_FIELD, value, ASN1_INTEGER), |
| ASN1_IMP(REQUIRED_FIELD, value_imp, ASN1_INTEGER, 0), |
| ASN1_EXP(REQUIRED_FIELD, value_exp, ASN1_INTEGER, 1), |
| ASN1_SEQUENCE_OF(REQUIRED_FIELD, seq, ASN1_INTEGER), |
| ASN1_IMP_SEQUENCE_OF(REQUIRED_FIELD, seq_imp, ASN1_INTEGER, 2), |
| ASN1_EXP_SEQUENCE_OF(REQUIRED_FIELD, seq_exp, ASN1_INTEGER, 3), |
| ASN1_SIMPLE(REQUIRED_FIELD, null, ASN1_NULL), |
| ASN1_IMP(REQUIRED_FIELD, null_imp, ASN1_NULL, 4), |
| ASN1_EXP(REQUIRED_FIELD, null_exp, ASN1_NULL, 5), |
| } ASN1_SEQUENCE_END(REQUIRED_FIELD) |
| IMPLEMENT_ASN1_FUNCTIONS(REQUIRED_FIELD) |
| |
| // Test that structures with missing required fields cannot be serialized. Test |
| // the full combination of tagging and SEQUENCE OF. |
| TEST(ASN1Test, MissingRequiredField) { |
| EXPECT_EQ(-1, i2d_REQUIRED_FIELD(nullptr, nullptr)); |
| |
| std::unique_ptr<REQUIRED_FIELD, decltype(&REQUIRED_FIELD_free)> obj( |
| nullptr, REQUIRED_FIELD_free); |
| for (auto field : {&REQUIRED_FIELD::value, &REQUIRED_FIELD::value_imp, |
| &REQUIRED_FIELD::value_exp}) { |
| obj.reset(REQUIRED_FIELD_new()); |
| ASSERT_TRUE(obj); |
| ASN1_INTEGER_free((*obj).*field); |
| (*obj).*field = nullptr; |
| EXPECT_EQ(-1, i2d_REQUIRED_FIELD(obj.get(), nullptr)); |
| } |
| |
| for (auto field : {&REQUIRED_FIELD::seq, &REQUIRED_FIELD::seq_imp, |
| &REQUIRED_FIELD::seq_exp}) { |
| obj.reset(REQUIRED_FIELD_new()); |
| ASSERT_TRUE(obj); |
| sk_ASN1_INTEGER_pop_free((*obj).*field, ASN1_INTEGER_free); |
| (*obj).*field = nullptr; |
| EXPECT_EQ(-1, i2d_REQUIRED_FIELD(obj.get(), nullptr)); |
| } |
| |
| for (auto field : {&REQUIRED_FIELD::null, &REQUIRED_FIELD::null_imp, |
| &REQUIRED_FIELD::null_exp}) { |
| obj.reset(REQUIRED_FIELD_new()); |
| ASSERT_TRUE(obj); |
| (*obj).*field = nullptr; |
| EXPECT_EQ(-1, i2d_REQUIRED_FIELD(obj.get(), nullptr)); |
| } |
| } |
| |
| #endif // !WINDOWS || !SHARED_LIBRARY |