Refactor minasn1 and fix security issues. (#323)

* Refactor minasn1 and fix security issues.

* Fix for RSA test vectors.
This commit is contained in:
Eugene Kabanov 2020-08-12 01:58:51 +03:00 committed by GitHub
parent d47b2d805f
commit 59b290fcc7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 545 additions and 198 deletions

View File

@ -11,7 +11,7 @@
{.push raises: [Defect].}
import stew/[endians2, results]
import stew/[endians2, results, ctops]
export results
# We use `ncrutils` for constant-time hexadecimal encoding/decoding procedures.
import nimcrypto/utils as ncrutils
@ -123,7 +123,7 @@ proc len*[T: Asn1Buffer|Asn1Composite](abc: T): int {.inline.} =
len(abc.buffer) - abc.offset
proc len*(field: Asn1Field): int {.inline.} =
result = field.length
field.length
template getPtr*(field: untyped): pointer =
cast[pointer](unsafeAddr field.buffer[field.offset])
@ -154,30 +154,32 @@ proc code*(tag: Asn1Tag): byte {.inline.} =
of Asn1Tag.Context:
0xA0'u8
proc asn1EncodeLength*(dest: var openarray[byte], length: int64): int =
proc asn1EncodeLength*(dest: var openarray[byte], length: uint64): int =
## Encode ASN.1 DER length part of TLV triple and return number of bytes
## (octets) used.
##
## If length of ``dest`` is less then number of required bytes to encode
## ``length`` value, then result of encoding will not be stored in ``dest``
## ``length`` value, then result of encoding WILL NOT BE stored in ``dest``
## but number of bytes (octets) required will be returned.
if length < 0x80:
if length < 0x80'u64:
if len(dest) >= 1:
dest[0] = cast[byte](length)
result = 1
dest[0] = byte(length and 0x7F'u64)
1
else:
result = 0
var res = 1'u64
var z = length
while z != 0:
inc(result)
inc(res)
z = z shr 8
if len(dest) >= result + 1:
dest[0] = cast[byte](0x80 + result)
if uint64(len(dest)) >= res:
dest[0] = byte((0x80'u64 + (res - 1'u64)) and 0xFF)
var o = 1
for j in countdown(result - 1, 0):
dest[o] = cast[byte](length shr (j shl 3))
for j in countdown(res - 2, 0):
dest[o] = byte((length shr (j shl 3)) and 0xFF'u64)
inc(o)
inc(result)
# Because our `length` argument is `uint64`, `res` could not be bigger
# then 9, so it is safe to convert it to `int`.
int(res)
proc asn1EncodeInteger*(dest: var openarray[byte],
value: openarray[byte]): int =
@ -185,35 +187,46 @@ proc asn1EncodeInteger*(dest: var openarray[byte],
## and return number of bytes (octets) used.
##
## If length of ``dest`` is less then number of required bytes to encode
## ``value``, then result of encoding will not be stored in ``dest``
## ``value``, then result of encoding WILL NOT BE stored in ``dest``
## but number of bytes (octets) required will be returned.
var buffer: array[16, byte]
var o = 0
var lenlen = 0
for i in 0..<len(value):
if value[o] != 0x00:
break
inc(o)
if len(value) > 0:
if o == len(value):
dec(o)
if value[o] >= 0x80'u8:
lenlen = asn1EncodeLength(buffer, len(value) - o + 1)
result = 1 + lenlen + 1 + (len(value) - o)
let offset =
block:
var o = 0
for i in 0 ..< len(value):
if value[o] != 0x00:
break
inc(o)
if o < len(value):
o
else:
o - 1
let destlen =
if len(value) > 0:
if value[offset] >= 0x80'u8:
lenlen = asn1EncodeLength(buffer, uint64(len(value) - offset + 1))
1 + lenlen + 1 + (len(value) - offset)
else:
lenlen = asn1EncodeLength(buffer, uint64(len(value) - offset))
1 + lenlen + (len(value) - offset)
else:
lenlen = asn1EncodeLength(buffer, len(value) - o)
result = 1 + lenlen + (len(value) - o)
else:
result = 2
if len(dest) >= result:
var s = 1
2
if len(dest) >= destlen:
var shift = 1
dest[0] = Asn1Tag.Integer.code()
copyMem(addr dest[1], addr buffer[0], lenlen)
if value[o] >= 0x80'u8:
dest[1 + lenlen] = 0x00'u8
s = 2
if len(value) > 0:
copyMem(addr dest[s + lenlen], unsafeAddr value[o], len(value) - o)
# If ``destlen > 2`` it means that ``len(value) > 0`` too.
if destlen > 2:
if value[offset] >= 0x80'u8:
dest[1 + lenlen] = 0x00'u8
shift = 2
copyMem(addr dest[shift + lenlen], unsafeAddr value[offset],
len(value) - offset)
destlen
proc asn1EncodeInteger*[T: SomeUnsignedInt](dest: var openarray[byte],
value: T): int =
@ -232,11 +245,12 @@ proc asn1EncodeBoolean*(dest: var openarray[byte], value: bool): int =
## If length of ``dest`` is less then number of required bytes to encode
## ``value``, then result of encoding will not be stored in ``dest``
## but number of bytes (octets) required will be returned.
result = 3
if len(dest) >= result:
let res = 3
if len(dest) >= res:
dest[0] = Asn1Tag.Boolean.code()
dest[1] = 0x01'u8
dest[2] = if value: 0xFF'u8 else: 0x00'u8
res
proc asn1EncodeNull*(dest: var openarray[byte]): int =
## Encode ASN.1 DER `NULL` and return number of bytes (octets) used.
@ -244,13 +258,14 @@ proc asn1EncodeNull*(dest: var openarray[byte]): int =
## If length of ``dest`` is less then number of required bytes to encode
## ``value``, then result of encoding will not be stored in ``dest``
## but number of bytes (octets) required will be returned.
result = 2
if len(dest) >= result:
let res = 2
if len(dest) >= res:
dest[0] = Asn1Tag.Null.code()
dest[1] = 0x00'u8
res
proc asn1EncodeOctetString*(dest: var openarray[byte],
value: openarray[byte]): int =
value: openarray[byte]): int =
## Encode array of bytes as ASN.1 DER `OCTET STRING` and return number of
## bytes (octets) used.
##
@ -258,38 +273,50 @@ proc asn1EncodeOctetString*(dest: var openarray[byte],
## ``value``, then result of encoding will not be stored in ``dest``
## but number of bytes (octets) required will be returned.
var buffer: array[16, byte]
var lenlen = asn1EncodeLength(buffer, len(value))
result = 1 + lenlen + len(value)
if len(dest) >= result:
let lenlen = asn1EncodeLength(buffer, uint64(len(value)))
let res = 1 + lenlen + len(value)
if len(dest) >= res:
dest[0] = Asn1Tag.OctetString.code()
copyMem(addr dest[1], addr buffer[0], lenlen)
if len(value) > 0:
copyMem(addr dest[1 + lenlen], unsafeAddr value[0], len(value))
res
proc asn1EncodeBitString*(dest: var openarray[byte],
value: openarray[byte], bits = 0): int =
## Encode array of bytes as ASN.1 DER `BIT STRING` and return number of bytes
## (octets) used.
##
## ``bits`` number of used bits in ``value``. If ``bits == 0``, all the bits
## from ``value`` are used, if ``bits != 0`` only number of ``bits`` will be
## used.
## ``bits`` number of unused bits in ``value``. If ``bits == 0``, all the bits
## from ``value`` will be used.
##
## If length of ``dest`` is less then number of required bytes to encode
## ``value``, then result of encoding will not be stored in ``dest``
## but number of bytes (octets) required will be returned.
var buffer: array[16, byte]
var lenlen = asn1EncodeLength(buffer, len(value) + 1)
var lbits = 0
if bits != 0:
lbits = len(value) shl 3 - bits
result = 1 + lenlen + 1 + len(value)
if len(dest) >= result:
let bitlen =
if bits != 0:
(len(value) shl 3) - bits
else:
(len(value) shl 3)
# Number of bytes used
let bytelen = (bitlen + 7) shr 3
# Number of unused bits
let unused = (8 - (bitlen and 7)) and 7
let mask = not((1'u8 shl unused) - 1'u8)
var lenlen = asn1EncodeLength(buffer, uint64(bytelen + 1))
let res = 1 + lenlen + 1 + len(value)
if len(dest) >= res:
dest[0] = Asn1Tag.BitString.code()
copyMem(addr dest[1], addr buffer[0], lenlen)
dest[1 + lenlen] = cast[byte](lbits)
if len(value) > 0:
copyMem(addr dest[2 + lenlen], unsafeAddr value[0], len(value))
dest[1 + lenlen] = byte(unused)
if bytelen > 0:
let lastbyte = value[bytelen - 1]
copyMem(addr dest[2 + lenlen], unsafeAddr value[0], bytelen)
# Set unused bits to zero
dest[2 + lenlen + bytelen - 1] = lastbyte and mask
res
proc asn1EncodeTag[T: SomeUnsignedInt](dest: var openarray[byte],
value: T): int =
@ -297,53 +324,48 @@ proc asn1EncodeTag[T: SomeUnsignedInt](dest: var openarray[byte],
if value <= cast[T](0x7F):
if len(dest) >= 1:
dest[0] = cast[byte](value)
result = 1
1
else:
var s = 0
var res = 0
while v != 0:
v = v shr 7
s += 7
inc(result)
if len(dest) >= result:
inc(res)
if len(dest) >= res:
var k = 0
while s != 0:
s -= 7
dest[k] = cast[byte](((value shr s) and cast[T](0x7F)) or cast[T](0x80))
inc(k)
dest[k - 1] = dest[k - 1] and 0x7F'u8
res
proc asn1EncodeOid*(dest: var openarray[byte], value: openarray[int]): int =
## Encode array of integers ``value`` as ASN.1 DER `OBJECT IDENTIFIER` and
## return number of bytes (octets) used.
##
## OBJECT IDENTIFIER requirements for ``value`` elements:
## * len(value) >= 2
## * value[0] >= 1 and value[0] < 2
## * value[1] >= 1 and value[1] < 39
##
## If length of ``dest`` is less then number of required bytes to encode
## ``value``, then result of encoding will not be stored in ``dest``
## but number of bytes (octets) required will be returned.
var buffer: array[16, byte]
result = 1
doAssert(len(value) >= 2)
doAssert(value[0] >= 1 and value[0] < 2)
doAssert(value[1] >= 1 and value[1] <= 39)
var res = 1
var oidlen = 1
for i in 2..<len(value):
oidlen += asn1EncodeTag(buffer, cast[uint64](value[i]))
result += asn1EncodeLength(buffer, oidlen)
result += oidlen
if len(dest) >= result:
res += asn1EncodeLength(buffer, uint64(oidlen))
res += oidlen
if len(dest) >= res:
let last = dest.high
var offset = 1
dest[0] = Asn1Tag.Oid.code()
offset += asn1EncodeLength(dest.toOpenArray(offset, last), oidlen)
offset += asn1EncodeLength(dest.toOpenArray(offset, last), uint64(oidlen))
dest[offset] = cast[byte](value[0] * 40 + value[1])
offset += 1
for i in 2..<len(value):
offset += asn1EncodeTag(dest.toOpenArray(offset, last),
cast[uint64](value[i]))
res
proc asn1EncodeOid*(dest: var openarray[byte], value: openarray[byte]): int =
## Encode array of bytes ``value`` as ASN.1 DER `OBJECT IDENTIFIER` and return
@ -356,12 +378,13 @@ proc asn1EncodeOid*(dest: var openarray[byte], value: openarray[byte]): int =
## ``value``, then result of encoding will not be stored in ``dest``
## but number of bytes (octets) required will be returned.
var buffer: array[16, byte]
var lenlen = asn1EncodeLength(buffer, len(value))
result = 1 + lenlen + len(value)
if len(dest) >= result:
let lenlen = asn1EncodeLength(buffer, uint64(len(value)))
let res = 1 + lenlen + len(value)
if len(dest) >= res:
dest[0] = Asn1Tag.Oid.code()
copyMem(addr dest[1], addr buffer[0], lenlen)
copyMem(addr dest[1 + lenlen], unsafeAddr value[0], len(value))
res
proc asn1EncodeSequence*(dest: var openarray[byte],
value: openarray[byte]): int =
@ -372,12 +395,13 @@ proc asn1EncodeSequence*(dest: var openarray[byte],
## ``value``, then result of encoding will not be stored in ``dest``
## but number of bytes (octets) required will be returned.
var buffer: array[16, byte]
var lenlen = asn1EncodeLength(buffer, len(value))
result = 1 + lenlen + len(value)
if len(dest) >= result:
let lenlen = asn1EncodeLength(buffer, uint64(len(value)))
let res = 1 + lenlen + len(value)
if len(dest) >= res:
dest[0] = Asn1Tag.Sequence.code()
copyMem(addr dest[1], addr buffer[0], lenlen)
copyMem(addr dest[1 + lenlen], unsafeAddr value[0], len(value))
res
proc asn1EncodeComposite*(dest: var openarray[byte],
value: Asn1Composite): int =
@ -387,29 +411,34 @@ proc asn1EncodeComposite*(dest: var openarray[byte],
## ``value``, then result of encoding will not be stored in ``dest``
## but number of bytes (octets) required will be returned.
var buffer: array[16, byte]
var lenlen = asn1EncodeLength(buffer, len(value.buffer))
result = 1 + lenlen + len(value.buffer)
if len(dest) >= result:
let lenlen = asn1EncodeLength(buffer, uint64(len(value.buffer)))
let res = 1 + lenlen + len(value.buffer)
if len(dest) >= res:
dest[0] = value.tag.code()
copyMem(addr dest[1], addr buffer[0], lenlen)
copyMem(addr dest[1 + lenlen], unsafeAddr value.buffer[0],
len(value.buffer))
res
proc asn1EncodeContextTag*(dest: var openarray[byte], value: openarray[byte],
tag: int): int =
## Encode ASN.1 DER `CONTEXT SPECIFIC TAG` ``tag`` for value ``value`` and
## return number of bytes (octets) used.
##
## Note: Only values in [0, 15] range can be used as context tag ``tag``
## values.
##
## If length of ``dest`` is less then number of required bytes to encode
## ``value``, then result of encoding will not be stored in ``dest``
## but number of bytes (octets) required will be returned.
var buffer: array[16, byte]
var lenlen = asn1EncodeLength(buffer, len(value))
result = 1 + lenlen + len(value)
if len(dest) >= result:
dest[0] = 0xA0'u8 or (cast[byte](tag) and 0x0F)
let lenlen = asn1EncodeLength(buffer, uint64(len(value)))
let res = 1 + lenlen + len(value)
if len(dest) >= res:
dest[0] = 0xA0'u8 or (byte(tag and 0xFF) and 0x0F'u8)
copyMem(addr dest[1], addr buffer[0], lenlen)
copyMem(addr dest[1 + lenlen], unsafeAddr value[0], len(value))
res
proc getLength(ab: var Asn1Buffer): Asn1Result[uint64] =
## Decode length part of ASN.1 TLV triplet.
@ -458,197 +487,300 @@ proc read*(ab: var Asn1Buffer): Asn1Result[Asn1Field] =
field: Asn1Field
tag, ttag, offset: int
length, tlength: uint64
klass: Asn1Class
aclass: Asn1Class
inclass: bool
inclass = false
while true:
offset = ab.offset
klass = ? ab.getTag(tag)
aclass = ? ab.getTag(tag)
if klass == Asn1Class.ContextSpecific:
case aclass
of Asn1Class.ContextSpecific:
if inclass:
return err(Asn1Error.Incorrect)
inclass = true
ttag = tag
tlength = ? ab.getLength()
elif klass == Asn1Class.Universal:
else:
inclass = true
ttag = tag
tlength = ? ab.getLength()
of Asn1Class.Universal:
length = ? ab.getLength()
if inclass:
if length >= tlength:
return err(Asn1Error.Incorrect)
if cast[byte](tag) == Asn1Tag.Boolean.code():
case byte(tag)
of Asn1Tag.Boolean.code():
# BOOLEAN
if length != 1:
return err(Asn1Error.Incorrect)
if not ab.isEnough(cast[int](length)):
if not ab.isEnough(int(length)):
return err(Asn1Error.Incomplete)
let b = ab.buffer[ab.offset]
if b != 0xFF'u8 and b != 0x00'u8:
return err(Asn1Error.Incorrect)
field = Asn1Field(kind: Asn1Tag.Boolean, klass: klass,
index: ttag, offset: cast[int](ab.offset),
field = Asn1Field(kind: Asn1Tag.Boolean, klass: aclass,
index: ttag, offset: int(ab.offset),
length: 1)
shallowCopy(field.buffer, ab.buffer)
field.vbool = (b == 0xFF'u8)
ab.offset += 1
return ok(field)
elif cast[byte](tag) == Asn1Tag.Integer.code():
of Asn1Tag.Integer.code():
# INTEGER
if not ab.isEnough(cast[int](length)):
return err(Asn1Error.Incomplete)
if ab.buffer[ab.offset] == 0x00'u8:
length -= 1
ab.offset += 1
field = Asn1Field(kind: Asn1Tag.Integer, klass: klass,
index: ttag, offset: cast[int](ab.offset),
length: cast[int](length))
shallowCopy(field.buffer, ab.buffer)
if length <= 8:
for i in 0..<int(length):
field.vint = (field.vint shl 8) or
cast[uint64](ab.buffer[ab.offset + i])
ab.offset += cast[int](length)
return ok(field)
elif cast[byte](tag) == Asn1Tag.BitString.code():
if length == 0:
return err(Asn1Error.Incorrect)
if not ab.isEnough(int(length)):
return err(Asn1Error.Incomplete)
# Count number of leading zeroes
var zc = 0
while (zc < int(length)) and (ab.buffer[ab.offset + zc] == 0x00'u8):
inc(zc)
if zc > 1:
return err(Asn1Error.Incorrect)
if zc == 0:
# Negative or Positive integer
field = Asn1Field(kind: Asn1Tag.Integer, klass: aclass,
index: ttag, offset: int(ab.offset),
length: int(length))
shallowCopy(field.buffer, ab.buffer)
if (ab.buffer[ab.offset] and 0x80'u8) == 0x80'u8:
# Negative integer
if length <= 8:
# We need this transformation because our field.vint is uint64.
for i in 0 ..< 8:
if i < 8 - int(length):
field.vint = (field.vint shl 8) or 0xFF'u64
else:
let offset = ab.offset + i - (8 - int(length))
field.vint = (field.vint shl 8) or uint64(ab.buffer[offset])
else:
# Positive integer
if length <= 8:
for i in 0 ..< int(length):
field.vint = (field.vint shl 8) or
uint64(ab.buffer[ab.offset + i])
ab.offset += int(length)
return ok(field)
else:
if length == 1:
# Zero value integer
field = Asn1Field(kind: Asn1Tag.Integer, klass: aclass,
index: ttag, offset: int(ab.offset),
length: int(length), vint: 0'u64)
shallowCopy(field.buffer, ab.buffer)
ab.offset += int(length)
return ok(field)
else:
# Positive integer with leading zero
field = Asn1Field(kind: Asn1Tag.Integer, klass: aclass,
index: ttag, offset: int(ab.offset) + 1,
length: int(length) - 1)
shallowCopy(field.buffer, ab.buffer)
if length <= 9:
for i in 1 ..< int(length):
field.vint = (field.vint shl 8) or
uint64(ab.buffer[ab.offset + i])
ab.offset += int(length)
return ok(field)
of Asn1Tag.BitString.code():
# BIT STRING
if not ab.isEnough(cast[int](length)):
if length == 0:
# BIT STRING should include `unused` bits field, so length should be
# bigger then 1.
return err(Asn1Error.Incorrect)
elif length == 1:
if ab.buffer[ab.offset] != 0x00'u8:
return err(Asn1Error.Incorrect)
else:
# Zero-length BIT STRING.
field = Asn1Field(kind: Asn1Tag.BitString, klass: aclass,
index: ttag, offset: int(ab.offset + 1),
length: 0, ubits: 0)
shallowCopy(field.buffer, ab.buffer)
ab.offset += int(length)
return ok(field)
else:
if not ab.isEnough(int(length)):
return err(Asn1Error.Incomplete)
let unused = ab.buffer[ab.offset]
if unused > 0x07'u8:
# Number of unused bits should not be bigger then `7`.
return err(Asn1Error.Incorrect)
let mask = (1'u8 shl int(unused)) - 1'u8
if (ab.buffer[ab.offset + int(length) - 1] and mask) != 0x00'u8:
## All unused bits should be set to `0`.
return err(Asn1Error.Incorrect)
field = Asn1Field(kind: Asn1Tag.BitString, klass: aclass,
index: ttag, offset: int(ab.offset + 1),
length: int(length - 1), ubits: int(unused))
shallowCopy(field.buffer, ab.buffer)
ab.offset += int(length)
return ok(field)
of Asn1Tag.OctetString.code():
# OCTET STRING
if not ab.isEnough(int(length)):
return err(Asn1Error.Incomplete)
field = Asn1Field(kind: Asn1Tag.BitString, klass: klass,
index: ttag, offset: cast[int](ab.offset + 1),
length: cast[int](length - 1))
field = Asn1Field(kind: Asn1Tag.OctetString, klass: aclass,
index: ttag, offset: int(ab.offset),
length: int(length))
shallowCopy(field.buffer, ab.buffer)
field.ubits = cast[int](((length - 1) shl 3) - ab.buffer[ab.offset])
ab.offset += cast[int](length)
ab.offset += int(length)
return ok(field)
elif cast[byte](tag) == Asn1Tag.OctetString.code():
# OCT STRING
if not ab.isEnough(cast[int](length)):
return err(Asn1Error.Incomplete)
field = Asn1Field(kind: Asn1Tag.OctetString, klass: klass,
index: ttag, offset: cast[int](ab.offset),
length: cast[int](length))
shallowCopy(field.buffer, ab.buffer)
ab.offset += cast[int](length)
return ok(field)
elif cast[byte](tag) == Asn1Tag.Null.code():
of Asn1Tag.Null.code():
# NULL
if length != 0:
return err(Asn1Error.Incorrect)
field = Asn1Field(kind: Asn1Tag.Null, klass: klass,
index: ttag, offset: cast[int](ab.offset),
length: 0)
field = Asn1Field(kind: Asn1Tag.Null, klass: aclass, index: ttag,
offset: int(ab.offset), length: 0)
shallowCopy(field.buffer, ab.buffer)
ab.offset += cast[int](length)
ab.offset += int(length)
return ok(field)
elif cast[byte](tag) == Asn1Tag.Oid.code():
of Asn1Tag.Oid.code():
# OID
if not ab.isEnough(cast[int](length)):
if not ab.isEnough(int(length)):
return err(Asn1Error.Incomplete)
field = Asn1Field(kind: Asn1Tag.Oid, klass: klass,
index: ttag, offset: cast[int](ab.offset),
length: cast[int](length))
field = Asn1Field(kind: Asn1Tag.Oid, klass: aclass,
index: ttag, offset: int(ab.offset),
length: int(length))
shallowCopy(field.buffer, ab.buffer)
ab.offset += cast[int](length)
ab.offset += int(length)
return ok(field)
elif cast[byte](tag) == Asn1Tag.Sequence.code():
of Asn1Tag.Sequence.code():
# SEQUENCE
if not ab.isEnough(cast[int](length)):
if not ab.isEnough(int(length)):
return err(Asn1Error.Incomplete)
field = Asn1Field(kind: Asn1Tag.Sequence, klass: klass,
index: ttag, offset: cast[int](ab.offset),
length: cast[int](length))
field = Asn1Field(kind: Asn1Tag.Sequence, klass: aclass,
index: ttag, offset: int(ab.offset),
length: int(length))
shallowCopy(field.buffer, ab.buffer)
ab.offset += cast[int](length)
ab.offset += int(length)
return ok(field)
else:
return err(Asn1Error.NoSupport)
inclass = false
ttag = 0
else:
return err(Asn1Error.NoSupport)
proc getBuffer*(field: Asn1Field): Asn1Buffer =
proc getBuffer*(field: Asn1Field): Asn1Buffer {.inline.} =
## Return ``field`` as Asn1Buffer to enter composite types.
shallowCopy(result.buffer, field.buffer)
result.offset = field.offset
result.length = field.length
Asn1Buffer(buffer: field.buffer, offset: field.offset, length: field.length)
proc `==`*(field: Asn1Field, data: openarray[byte]): bool =
## Compares field ``field`` data with ``data`` and returns ``true`` if both
## buffers are equal.
let length = len(field.buffer)
if length > 0:
if field.length == len(data):
result = equalMem(unsafeAddr field.buffer[field.offset],
unsafeAddr data[0], field.length)
if length == 0 and len(data) == 0:
true
else:
if length > 0:
if field.length == len(data):
CT.isEqual(
field.buffer.toOpenArray(field.offset,
field.offset + field.length - 1),
data.toOpenArray(0, field.length - 1))
else:
false
else:
false
proc init*(t: typedesc[Asn1Buffer], data: openarray[byte]): Asn1Buffer =
## Initialize ``Asn1Buffer`` from array of bytes ``data``.
result.buffer = @data
Asn1Buffer(buffer: @data)
proc init*(t: typedesc[Asn1Buffer], data: string): Asn1Buffer =
## Initialize ``Asn1Buffer`` from hexadecimal string ``data``.
result.buffer = ncrutils.fromHex(data)
Asn1Buffer(buffer: ncrutils.fromHex(data))
proc init*(t: typedesc[Asn1Buffer]): Asn1Buffer =
## Initialize empty ``Asn1Buffer``.
result.buffer = newSeq[byte]()
Asn1Buffer(buffer: newSeq[byte]())
proc init*(t: typedesc[Asn1Composite], tag: Asn1Tag): Asn1Composite =
## Initialize ``Asn1Composite`` with tag ``tag``.
result.tag = tag
result.buffer = newSeq[byte]()
Asn1Composite(tag: tag, buffer: newSeq[byte]())
proc init*(t: typedesc[Asn1Composite], idx: int): Asn1Composite =
## Initialize ``Asn1Composite`` with tag context-specific id ``id``.
result.tag = Asn1Tag.Context
result.idx = idx
result.buffer = newSeq[byte]()
Asn1Composite(tag: Asn1Tag.Context, idx: idx, buffer: newSeq[byte]())
proc `$`*(buffer: Asn1Buffer): string =
## Return string representation of ``buffer``.
result = ncrutils.toHex(buffer.toOpenArray())
ncrutils.toHex(buffer.toOpenArray())
proc `$`*(field: Asn1Field): string =
## Return string representation of ``field``.
result = "["
result.add($field.kind)
result.add("]")
if field.kind == Asn1Tag.NoSupport:
result.add(" ")
result.add(ncrutils.toHex(field.toOpenArray()))
elif field.kind == Asn1Tag.Boolean:
result.add(" ")
result.add($field.vbool)
elif field.kind == Asn1Tag.Integer:
result.add(" ")
var res = "["
res.add($field.kind)
res.add("]")
case field.kind
of Asn1Tag.Boolean:
res.add(" ")
res.add($field.vbool)
res
of Asn1Tag.Integer:
res.add(" ")
if field.length <= 8:
result.add($field.vint)
res.add($field.vint)
else:
result.add(ncrutils.toHex(field.toOpenArray()))
elif field.kind == Asn1Tag.BitString:
result.add(" ")
result.add("(")
result.add($field.ubits)
result.add(" bits) ")
result.add(ncrutils.toHex(field.toOpenArray()))
elif field.kind == Asn1Tag.OctetString:
result.add(" ")
result.add(ncrutils.toHex(field.toOpenArray()))
elif field.kind == Asn1Tag.Null:
result.add(" NULL")
elif field.kind == Asn1Tag.Oid:
result.add(" ")
result.add(ncrutils.toHex(field.toOpenArray()))
elif field.kind == Asn1Tag.Sequence:
result.add(" ")
result.add(ncrutils.toHex(field.toOpenArray()))
res.add(ncrutils.toHex(field.toOpenArray()))
res
of Asn1Tag.BitString:
res.add(" ")
res.add("(")
res.add($field.ubits)
res.add(" bits) ")
res.add(ncrutils.toHex(field.toOpenArray()))
res
of Asn1Tag.OctetString:
res.add(" ")
res.add(ncrutils.toHex(field.toOpenArray()))
res
of Asn1Tag.Null:
res.add(" NULL")
res
of Asn1Tag.Oid:
res.add(" ")
res.add(ncrutils.toHex(field.toOpenArray()))
res
of Asn1Tag.Sequence:
res.add(" ")
res.add(ncrutils.toHex(field.toOpenArray()))
res
of Asn1Tag.Context:
res.add(" ")
res.add(ncrutils.toHex(field.toOpenArray()))
res
else:
res.add(" ")
res.add(ncrutils.toHex(field.toOpenArray()))
res
proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, tag: Asn1Tag) =
## Write empty value to buffer or composite with ``tag``.
@ -656,7 +788,7 @@ proc write*[T: Asn1Buffer|Asn1Composite](abc: var T, tag: Asn1Tag) =
## This procedure must be used to write `NULL`, `0` or empty `BIT STRING`,
## `OCTET STRING` types.
doAssert(tag in {Asn1Tag.Null, Asn1Tag.Integer, Asn1Tag.BitString,
Asn1Tag.OctetString})
Asn1Tag.OctetString})
var length: int
if tag == Asn1Tag.Null:
length = asn1EncodeNull(abc.toOpenArray())

214
tests/testminasn1.nim Normal file
View File

@ -0,0 +1,214 @@
## Nim-Libp2p
## Copyright (c) 2018 Status Research & Development GmbH
## Licensed under either of
## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
## * MIT license ([LICENSE-MIT](LICENSE-MIT))
## at your option.
## This file may not be copied, modified, or distributed except according to
## those terms.
import unittest
import ../libp2p/crypto/minasn1
import nimcrypto/utils as ncrutils
when defined(nimHasUsed): {.used.}
const Asn1EdgeValues = [
0'u64, (1'u64 shl 7) - 1'u64,
(1'u64 shl 7), (1'u64 shl 8) - 1'u64,
(1'u64 shl 8), (1'u64 shl 16) - 1'u64,
(1'u64 shl 16), (1'u64 shl 24) - 1'u64,
(1'u64 shl 24), (1'u64 shl 32) - 1'u64,
(1'u64 shl 32), (1'u64 shl 40) - 1'u64,
(1'u64 shl 40), (1'u64 shl 48) - 1'u64,
(1'u64 shl 48), (1'u64 shl 56) - 1'u64,
(1'u64 shl 56), 0xFFFF_FFFF_FFFF_FFFF'u64
]
const Asn1EdgeExpects = [
"00", "7F",
"8180", "81FF",
"820100", "82FFFF",
"83010000", "83FFFFFF",
"8401000000", "84FFFFFFFF",
"850100000000", "85FFFFFFFFFF",
"86010000000000", "86FFFFFFFFFFFF",
"8701000000000000", "87FFFFFFFFFFFFFF",
"880100000000000000", "88FFFFFFFFFFFFFFFF",
]
const Asn1UIntegerValues8 = [
0x00'u8, 0x7F'u8, 0x80'u8, 0xFF'u8,
]
const Asn1UIntegerExpects8 = [
"020100", "02017F", "02020080", "020200FF"
]
const Asn1UIntegerValues16 = [
0x00'u16, 0x7F'u16, 0x80'u16, 0xFF'u16,
0x7FFF'u16, 0x8000'u16, 0xFFFF'u16
]
const Asn1UIntegerExpects16 = [
"020100", "02017F", "02020080", "020200FF", "02027FFF",
"0203008000", "020300FFFF"
]
const Asn1UIntegerValues32 = [
0x00'u32, 0x7F'u32, 0x80'u32, 0xFF'u32,
0x7FFF'u32, 0x8000'u32, 0xFFFF'u32,
0x7FFF_FFFF'u32, 0x8000_0000'u32, 0xFFFF_FFFF'u32
]
const Asn1UIntegerExpects32 = [
"020100", "02017F", "02020080", "020200FF", "02027FFF",
"0203008000", "020300FFFF", "02047FFFFFFF", "02050080000000",
"020500FFFFFFFF"
]
const Asn1UIntegerValues64 = [
0x00'u64, 0x7F'u64, 0x80'u64, 0xFF'u64,
0x7FFF'u64, 0x8000'u64, 0xFFFF'u64,
0x7FFF_FFFF'u64, 0x8000_0000'u64, 0xFFFF_FFFF'u64,
0x7FFF_FFFF_FFFF_FFFF'u64, 0x8000_0000_0000_0000'u64,
0xFFFF_FFFF_FFFF_FFFF'u64
]
const Asn1UIntegerExpects64 = [
"020100", "02017F", "02020080", "020200FF", "02027FFF",
"0203008000", "020300FFFF", "02047FFFFFFF", "02050080000000",
"020500FFFFFFFF", "02087FFFFFFFFFFFFFFF", "0209008000000000000000",
"020900FFFFFFFFFFFFFFFF"
]
suite "Minimal ASN.1 encode/decode suite":
test "Length encoding edge values":
var empty = newSeq[byte](0)
for i in 0 ..< len(Asn1EdgeValues):
var value = newSeq[byte](9)
let r1 = asn1EncodeLength(empty, Asn1EdgeValues[i])
let r2 = asn1EncodeLength(value, Asn1EdgeValues[i])
value.setLen(r2)
check:
r1 == (len(Asn1EdgeExpects[i]) shr 1)
r2 == (len(Asn1EdgeExpects[i]) shr 1)
check:
ncrutils.fromHex(Asn1EdgeExpects[i]) == value
test "ASN.1 DER INTEGER encoding/decoding of native unsigned values test":
proc decodeBuffer(data: openarray[byte]): uint64 =
var ab = Asn1Buffer.init(data)
let fres = ab.read()
doAssert(fres.isOk() and fres.get().kind == Asn1Tag.Integer)
fres.get().vint
proc encodeInteger[T](value: T): seq[byte] =
var buffer = newSeq[byte](16)
let res = asn1EncodeInteger(buffer, value)
buffer.setLen(res)
buffer
for i in 0 ..< len(Asn1UIntegerValues8):
let buffer = encodeInteger(Asn1UIntegerValues8[i])
check:
toHex(buffer) == Asn1UIntegerExpects8[i]
decodeBuffer(buffer) == uint64(Asn1UIntegerValues8[i])
for i in 0 ..< len(Asn1UIntegerValues16):
let buffer = encodeInteger(Asn1UIntegerValues16[i])
check:
toHex(buffer) == Asn1UIntegerExpects16[i]
decodeBuffer(buffer) == uint64(Asn1UIntegerValues16[i])
for i in 0 ..< len(Asn1UIntegerValues32):
let buffer = encodeInteger(Asn1UIntegerValues32[i])
check:
toHex(buffer) == Asn1UIntegerExpects32[i]
decodeBuffer(buffer) == uint64(Asn1UIntegerValues32[i])
for i in 0 ..< len(Asn1UIntegerValues64):
let buffer = encodeInteger(Asn1UIntegerValues64[i])
check:
toHex(buffer) == Asn1UIntegerExpects64[i]
decodeBuffer(buffer) == uint64(Asn1UIntegerValues64[i])
test "ASN.1 DER INTEGER incorrect values decoding test":
proc decodeBuffer(data: string): Asn1Result[Asn1Field] =
var ab = Asn1Buffer.init(fromHex(data))
ab.read()
check:
decodeBuffer("0200").error == Asn1Error.Incorrect
decodeBuffer("0201").error == Asn1Error.Incomplete
decodeBuffer("02020000").error == Asn1Error.Incorrect
decodeBuffer("0203000001").error == Asn1Error.Incorrect
test "ASN.1 DER BITSTRING encoding/decoding with unused bits test":
proc encodeBits(value: string, bitsUsed: int): seq[byte] =
var buffer = newSeq[byte](16)
let res = asn1EncodeBitString(buffer, fromHex(value), bitsUsed)
buffer.setLen(res)
buffer
proc decodeBuffer(data: string): Asn1Field =
var ab = Asn1Buffer.init(fromHex(data))
let fres = ab.read()
doAssert(fres.isOk() and fres.get().kind == Asn1Tag.BitString)
fres.get()
check:
toHex(encodeBits("FF", 7)) == "03020780"
toHex(encodeBits("FF", 6)) == "030206C0"
toHex(encodeBits("FF", 5)) == "030205E0"
toHex(encodeBits("FF", 4)) == "030204F0"
toHex(encodeBits("FF", 3)) == "030203F8"
toHex(encodeBits("FF", 2)) == "030202FC"
toHex(encodeBits("FF", 1)) == "030201FE"
toHex(encodeBits("FF", 0)) == "030200FF"
let f0 = decodeBuffer("030200FF")
let f0b = @(f0.buffer.toOpenArray(f0.offset, f0.offset + f0.length - 1))
let f1 = decodeBuffer("030201FE")
let f1b = @(f1.buffer.toOpenArray(f1.offset, f1.offset + f1.length - 1))
let f2 = decodeBuffer("030202FC")
let f2b = @(f2.buffer.toOpenArray(f2.offset, f2.offset + f2.length - 1))
let f3 = decodeBuffer("030203F8")
let f3b = @(f3.buffer.toOpenArray(f3.offset, f3.offset + f3.length - 1))
let f4 = decodeBuffer("030204F0")
let f4b = @(f4.buffer.toOpenArray(f4.offset, f4.offset + f4.length - 1))
let f5 = decodeBuffer("030205E0")
let f5b = @(f5.buffer.toOpenArray(f5.offset, f5.offset + f5.length - 1))
let f6 = decodeBuffer("030206C0")
let f6b = @(f6.buffer.toOpenArray(f6.offset, f6.offset + f6.length - 1))
let f7 = decodeBuffer("03020780")
let f7b = @(f7.buffer.toOpenArray(f7.offset, f7.offset + f7.length - 1))
check:
f0.ubits == 0
toHex(f0b) == "FF"
f1.ubits == 1
toHex(f1b) == "FE"
f2.ubits == 2
toHex(f2b) == "FC"
f3.ubits == 3
toHex(f3b) == "F8"
f4.ubits == 4
toHex(f4b) == "F0"
f5.ubits == 5
toHex(f5b) == "E0"
f6.ubits == 6
toHex(f6b) == "C0"
f7.ubits == 7
toHex(f7b) == "80"
test "ASN.1 DER BITSTRING incorrect values decoding test":
proc decodeBuffer(data: string): Asn1Result[Asn1Field] =
var ab = Asn1Buffer.init(fromHex(data))
ab.read()
check:
decodeBuffer("0300").error == Asn1Error.Incorrect
decodeBuffer("030180").error == Asn1Error.Incorrect
decodeBuffer("030107").error == Asn1Error.Incorrect
decodeBuffer("030200").error == Asn1Error.Incomplete
decodeBuffer("030208FF").error == Asn1Error.Incorrect

View File

@ -2,7 +2,8 @@ import testvarint,
testminprotobuf,
teststreamseq
import testrsa,
import testminasn1,
testrsa,
testecnist,
tested25519,
testsecp256k1,