acw/simple_asn1
1
0
Fork 0
Code Issues 5 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Merge pull request #12 from drahnr/master

Browse Source 
OID as_raw
This commit was merged in pull request #12.
This commit is contained in:
Adam Wick
2019-12-14 09:59:47 -08:00
committed by GitHub
parent 113c6ad16a 47a5140bf2
commit f17f1eb246
1 changed files with 300 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

259
src/lib.rs
View File

@@ -49,7 +49,12 @@ use std::str::Utf8Error;
/// I'm not sure if/when these are used, but here they are in case you want /// I'm not sure if/when these are used, but here they are in case you want
/// to do something with them. /// to do something with them.
#[derive(Clone, Copy, Debug, PartialEq)] #[derive(Clone, Copy, Debug, PartialEq)]
pub enum ASN1Class { Universal, Application, ContextSpecific, Private } pub enum ASN1Class {
Universal,
Application,
ContextSpecific,
Private,
}
/// A primitive block from ASN.1. /// A primitive block from ASN.1.
/// ///
@@ -97,7 +102,7 @@ pub enum ASN1Block {
/// ///
/// The parameters are `class`, `constructed`, `offset`, `tag` and /// The parameters are `class`, `constructed`, `offset`, `tag` and
/// `content`. /// `content`.
Unknown(ASN1Class, bool, usize, BigUint, Vec<u8>) Unknown(ASN1Class, bool, usize, BigUint, Vec<u8>),
} }
impl ASN1Block { impl ASN1Block {
@@ -225,6 +230,44 @@ impl OID {
pub fn new(x: Vec<BigUint>) -> OID { pub fn new(x: Vec<BigUint>) -> OID {
OID(x) OID(x)
} }
/// converts the
pub fn as_raw(&self) -> Result<Vec<u8>, ASN1EncodeErr> {
match (self.0.get(0), self.0.get(1)) {
(Some(v1), Some(v2)) => {
let two = BigUint::from_u8(2).unwrap();
// first, validate that the first two items meet spec
if v1 > &two {
return Err(ASN1EncodeErr::ObjectIdentVal1TooLarge);
}
let u175 = BigUint::from_u8(175).unwrap();
let u39 = BigUint::from_u8(39).unwrap();
let bound = if v1 == &two { u175 } else { u39 };
if v2 > &bound {
return Err(ASN1EncodeErr::ObjectIdentVal2TooLarge);
}
// the following unwraps must be safe, based on the
// validation above.
let value1 = v1.to_u8().unwrap();
let value2 = v2.to_u8().unwrap();
let byte1 = (value1 * 40) + value2;
// now we can build all the rest of the body
let mut body = vec![byte1];
for num in self.0.iter().skip(2) {
let mut local = encode_base127(&num);
body.append(&mut local);
}
Ok(body)
}
_ => Err(ASN1EncodeErr::ObjectIdentHasTooFewFields),
}
}
} }
impl<'a> PartialEq<OID> for &'a OID { impl<'a> PartialEq<OID> for &'a OID {
@@ -233,7 +276,7 @@ impl<'a> PartialEq<OID> for &'a OID {
let &OID(ref vec2) = v2; let &OID(ref vec2) = v2;
if vec1.len() != vec2.len() { if vec1.len() != vec2.len() {
return false return false;
} }
for i in 0..vec1.len() { for i in 0..vec1.len() {
@@ -339,11 +382,11 @@ impl Error for ASN1DecodeErr {
} }
} }
fn cause(&self) -> Option<&Error> { fn cause(&self) -> Option<&dyn Error> {
None None
} }
fn source(&self) -> Option<&(Error + 'static)> { fn source(&self) -> Option<&(dyn Error + 'static)> {
None None
} }
} }
@@ -353,7 +396,7 @@ impl Error for ASN1DecodeErr {
pub enum ASN1EncodeErr { pub enum ASN1EncodeErr {
ObjectIdentHasTooFewFields, ObjectIdentHasTooFewFields,
ObjectIdentVal1TooLarge, ObjectIdentVal1TooLarge,
ObjectIdentVal2TooLarge ObjectIdentVal2TooLarge,
} }
impl fmt::Display for ASN1EncodeErr { impl fmt::Display for ASN1EncodeErr {
@@ -374,11 +417,11 @@ impl Error for ASN1EncodeErr {
} }
} }
fn cause(&self) -> Option<&Error> { fn cause(&self) -> Option<&dyn Error> {
None None
} }
fn source(&self) -> Option<&(Error + 'static)> { fn source(&self) -> Option<&(dyn Error + 'static)> {
None None
} }
} }
@@ -389,9 +432,7 @@ pub fn from_der(i: &[u8]) -> Result<Vec<ASN1Block>,ASN1DecodeErr> {
from_der_(i, 0) from_der_(i, 0)
} }
fn from_der_(i: &[u8], start_offset: usize) fn from_der_(i: &[u8], start_offset: usize) -> Result<Vec<ASN1Block>, ASN1DecodeErr> {
-> Result<Vec<ASN1Block>,ASN1DecodeErr>
{
let mut result: Vec<ASN1Block> = Vec::new(); let mut result: Vec<ASN1Block> = Vec::new();
let mut index: usize = 0; let mut index: usize = 0;
let len = i.len(); let len = i.len();
@@ -400,7 +441,9 @@ fn from_der_(i: &[u8], start_offset: usize)
let soff = start_offset + index; let soff = start_offset + index;
let (tag, constructed, class) = decode_tag(i, &mut index)?; let (tag, constructed, class) = decode_tag(i, &mut index)?;
let len = decode_length(i, &mut index)?; let len = decode_length(i, &mut index)?;
let checklen = index.checked_add(len).ok_or(ASN1DecodeErr::LengthTooLarge(len))?; let checklen = index
.checked_add(len)
.ok_or(ASN1DecodeErr::LengthTooLarge(len))?;
if checklen > i.len() { if checklen > i.len() {
return Err(ASN1DecodeErr::Incomplete); return Err(ASN1DecodeErr::Incomplete);
} }
@@ -412,8 +455,12 @@ fn from_der_(i: &[u8], start_offset: usize)
match from_der_(body, start_offset + index) { match from_der_(body, start_offset + index) {
Ok(mut items) => { Ok(mut items) => {
if items.len() == 1 { if items.len() == 1 {
result.push(ASN1Block::Explicit(class, soff, tag, result.push(ASN1Block::Explicit(
Box::new(items.remove(0)))); class,
soff,
tag,
Box::new(items.remove(0)),
));
index += len; index += len;
continue; continue;
} }
@@ -421,7 +468,13 @@ fn from_der_(i: &[u8], start_offset: usize)
Err(_) => {} Err(_) => {}
} }
} }
result.push(ASN1Block::Unknown(class, constructed, soff, tag, body.to_vec())); result.push(ASN1Block::Unknown(
class,
constructed,
soff,
tag,
body.to_vec(),
));
index += len; index += len;
continue; continue;
} }
@@ -450,7 +503,8 @@ fn from_der_(i: &[u8], start_offset: usize)
let rest = body[0] as usize; let rest = body[0] as usize;
if bitcount < rest { if bitcount < rest {
return Err(ASN1DecodeErr::InvalidBitStringLength( return Err(ASN1DecodeErr::InvalidBitStringLength(
bitcount as isize - rest as isize)); bitcount as isize - rest as isize,
));
} }
let nbits = bitcount - (body[0] as usize); let nbits = bitcount - (body[0] as usize);
@@ -523,7 +577,7 @@ fn from_der_(i: &[u8], start_offset: usize)
// PRINTABLE STRING // PRINTABLE STRING
Some(0x13) => { Some(0x13) => {
let mut res = String::new(); let mut res = String::new();
let mut val = body.iter().map(|x| *x as char); let val = body.iter().map(|x| *x as char);
for c in val { for c in val {
if PRINTABLE_CHARS.contains(c) { if PRINTABLE_CHARS.contains(c) {
@@ -931,10 +985,14 @@ pub fn to_der(i: &ASN1Block) -> Result<Vec<u8>,ASN1EncodeErr> {
} }
} }
fn encode_asn1_string(tag: u8, force_chars: bool, c: ASN1Class, s: &String) fn encode_asn1_string(
-> Result<Vec<u8>,ASN1EncodeErr> tag: u8,
{ force_chars: bool,
let mut body = { if force_chars { c: ASN1Class,
s: &String,
) -> Result<Vec<u8>, ASN1EncodeErr> {
let mut body = {
if force_chars {
let mut out = Vec::new(); let mut out = Vec::new();
for c in s.chars() { for c in s.chars() {
@@ -943,7 +1001,8 @@ fn encode_asn1_string(tag: u8, force_chars: bool, c: ASN1Class, s: &String)
out out
} else { } else {
s.clone().into_bytes() s.clone().into_bytes()
} }; }
};
let inttag = BigUint::from_u8(tag).unwrap(); let inttag = BigUint::from_u8(tag).unwrap();
let mut lenbytes = encode_len(body.len()); let mut lenbytes = encode_len(body.len());
let mut tagbytes = encode_tag(c, false, &inttag); let mut tagbytes = encode_tag(c, false, &inttag);
@@ -1048,8 +1107,10 @@ fn encode_len(x: usize) -> Vec<u8> {
pub trait FromASN1WithBody: Sized { pub trait FromASN1WithBody: Sized {
type Error: From<ASN1DecodeErr>; type Error: From<ASN1DecodeErr>;
fn from_asn1_with_body<'a>(v: &'a[ASN1Block], _b: &[u8]) fn from_asn1_with_body<'a>(
-> Result<(Self,&'a[ASN1Block]),Self::Error>; v: &'a [ASN1Block],
_b: &[u8],
) -> Result<(Self, &'a [ASN1Block]), Self::Error>;
} }
/// A trait defining types that can be decoded from an `ASN1Block` stream. /// A trait defining types that can be decoded from an `ASN1Block` stream.
@@ -1058,24 +1119,23 @@ pub trait FromASN1WithBody : Sized {
pub trait FromASN1: Sized { pub trait FromASN1: Sized {
type Error: From<ASN1DecodeErr>; type Error: From<ASN1DecodeErr>;
fn from_asn1(v: &[ASN1Block]) fn from_asn1(v: &[ASN1Block]) -> Result<(Self, &[ASN1Block]), Self::Error>;
-> Result<(Self,&[ASN1Block]),Self::Error>;
} }
impl<T: FromASN1> FromASN1WithBody for T { impl<T: FromASN1> FromASN1WithBody for T {
type Error = T::Error; type Error = T::Error;
fn from_asn1_with_body<'a>(v: &'a[ASN1Block], _b: &[u8]) fn from_asn1_with_body<'a>(
-> Result<(T,&'a[ASN1Block]),T::Error> v: &'a [ASN1Block],
{ _b: &[u8],
) -> Result<(T, &'a [ASN1Block]), T::Error> {
T::from_asn1(v) T::from_asn1(v)
} }
} }
/// Automatically decode a type via DER encoding, assuming that the type /// Automatically decode a type via DER encoding, assuming that the type
/// is a member of `FromASN1` or `FromASN1WithBody`. /// is a member of `FromASN1` or `FromASN1WithBody`.
pub fn der_decode<T: FromASN1WithBody>(v: &[u8]) -> Result<T,T::Error> pub fn der_decode<T: FromASN1WithBody>(v: &[u8]) -> Result<T, T::Error> {
{
let vs = from_der(v)?; let vs = from_der(v)?;
T::from_asn1_with_body(&vs, v).and_then(|(a, _)| Ok(a)) T::from_asn1_with_body(&vs, v).and_then(|(a, _)| Ok(a))
} }
@@ -1091,14 +1151,12 @@ pub trait ToASN1 {
fn to_asn1(&self) -> Result<Vec<ASN1Block>, Self::Error> { fn to_asn1(&self) -> Result<Vec<ASN1Block>, Self::Error> {
self.to_asn1_class(ASN1Class::Universal) self.to_asn1_class(ASN1Class::Universal)
} }
fn to_asn1_class(&self, c: ASN1Class) fn to_asn1_class(&self, c: ASN1Class) -> Result<Vec<ASN1Block>, Self::Error>;
-> Result<Vec<ASN1Block>,Self::Error>;
} }
/// Automatically encode a type into binary via DER encoding, assuming /// Automatically encode a type into binary via DER encoding, assuming
/// that the type is a member of `ToASN1`. /// that the type is a member of `ToASN1`.
pub fn der_encode<T: ToASN1>(v: &T) -> Result<Vec<u8>,T::Error> pub fn der_encode<T: ToASN1>(v: &T) -> Result<Vec<u8>, T::Error> {
{
let blocks = T::to_asn1(&v)?; let blocks = T::to_asn1(&v)?;
let mut res = Vec::new(); let mut res = Vec::new();
@@ -1114,12 +1172,12 @@ pub fn der_encode<T: ToASN1>(v: &T) -> Result<Vec<u8>,T::Error>
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::*;
use chrono::offset::LocalResult; use chrono::offset::LocalResult;
use quickcheck::{Arbitrary, Gen}; use quickcheck::{Arbitrary, Gen};
use rand::{distributions::Standard, Rng};
use std::fs::File; use std::fs::File;
use std::io::Read; use std::io::Read;
use rand::{Rng, distributions::Standard};
use super::*;
impl Arbitrary for ASN1Class { impl Arbitrary for ASN1Class {
fn arbitrary<G: Gen>(g: &mut G) -> ASN1Class { fn arbitrary<G: Gen>(g: &mut G) -> ASN1Class {
@@ -1128,7 +1186,7 @@ mod tests {
1 => ASN1Class::ContextSpecific, 1 => ASN1Class::ContextSpecific,
2 => ASN1Class::Universal, 2 => ASN1Class::Universal,
3 => ASN1Class::Application, 3 => ASN1Class::Application,
_ => panic!("I weep for a broken life.") _ => panic!("I weep for a broken life."),
} }
} }
} }
@@ -1145,7 +1203,7 @@ mod tests {
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
struct RandomUint { struct RandomUint {
x: BigUint x: BigUint,
} }
impl Arbitrary for RandomUint { impl Arbitrary for RandomUint {
@@ -1175,7 +1233,7 @@ mod tests {
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
struct RandomInt { struct RandomInt {
x: BigInt x: BigInt,
} }
impl Arbitrary for RandomInt { impl Arbitrary for RandomInt {
@@ -1202,9 +1260,11 @@ mod tests {
let size = g.gen::<u16>() as usize % 16; let size = g.gen::<u16>() as usize % 16;
let maxbits = (size as usize) * 8; let maxbits = (size as usize) * 8;
let modbits = g.gen::<u8>() as usize % 8; let modbits = g.gen::<u8>() as usize % 8;
let nbits = if modbits > maxbits let nbits = if modbits > maxbits {
{ maxbits } maxbits
else { maxbits - modbits }; } else {
maxbits - modbits
};
let bytes = g.sample_iter::<u8, _>(&Standard).take(size).collect(); let bytes = g.sample_iter::<u8, _>(&Standard).take(size).collect();
ASN1Block::BitString(0, nbits, bytes) ASN1Block::BitString(0, nbits, bytes)
} }
@@ -1369,8 +1429,8 @@ mod tests {
} }
fn limited_arbitrary<G: Gen>(g: &mut G, d: usize) -> ASN1Block { fn limited_arbitrary<G: Gen>(g: &mut G, d: usize) -> ASN1Block {
let mut possibles: Vec<ASN1BlockGen<G>> = let mut possibles: Vec<ASN1BlockGen<G>> = vec![
vec![arb_boolean, arb_boolean,
arb_integer, arb_integer,
arb_bitstr, arb_bitstr,
arb_octstr, arb_octstr,
@@ -1384,7 +1444,8 @@ mod tests {
arb_utc, arb_utc,
arb_time, arb_time,
arb_bmp, arb_bmp,
arb_unknown]; arb_unknown,
];
if d > 0 { if d > 0 {
possibles.push(arb_seq); possibles.push(arb_seq);
@@ -1394,7 +1455,7 @@ mod tests {
match g.choose(&possibles[..]) { match g.choose(&possibles[..]) {
Some(f) => f(g, d), Some(f) => f(g, d),
None => panic!("Couldn't generate arbitrary value.") None => panic!("Couldn't generate arbitrary value."),
} }
} }
@@ -1441,12 +1502,18 @@ mod tests {
#[test] #[test]
fn generalized_time_tests() { fn generalized_time_tests() {
check_spec(&Utc.ymd(1992, 5, 21).and_hms(0,0,0), check_spec(
"19920521000000Z".to_string()); &Utc.ymd(1992, 5, 21).and_hms(0, 0, 0),
check_spec(&Utc.ymd(1992, 6, 22).and_hms(12,34,21), "19920521000000Z".to_string(),
"19920622123421Z".to_string()); );
check_spec(&Utc.ymd(1992, 7, 22).and_hms_milli(13,21,00,300), check_spec(
"19920722132100.3Z".to_string()); &Utc.ymd(1992, 6, 22).and_hms(12, 34, 21),
"19920622123421Z".to_string(),
);
check_spec(
&Utc.ymd(1992, 7, 22).and_hms_milli(13, 21, 00, 300),
"19920722132100.3Z".to_string(),
);
} }
fn check_spec(d: &DateTime<Utc>, s: String) { fn check_spec(d: &DateTime<Utc>, s: String) {
@@ -1459,17 +1526,13 @@ mod tests {
resvec.remove(0); resvec.remove(0);
assert_eq!(String::from_utf8(resvec).unwrap(), s); assert_eq!(String::from_utf8(resvec).unwrap(), s);
match from_der_(vec, 0) { match from_der_(vec, 0) {
Err(_) => Err(_) => assert_eq!(format!("Broken [reparse]: {}", d), s),
assert_eq!(format!("Broken [reparse]: {}", d), s),
Ok(mut vec) => { Ok(mut vec) => {
assert_eq!(vec.len(), 1); assert_eq!(vec.len(), 1);
match vec.pop() { match vec.pop() {
None => None => assert!(false, "The world's gone mad again."),
assert!(false, "The world's gone mad again."), Some(ASN1Block::GeneralizedTime(_, d2)) => assert_eq!(&d2, d),
Some(ASN1Block::GeneralizedTime(_, d2)) => Some(_) => assert!(false, "Bad reparse of GeneralizedTime."),
assert_eq!(&d2, d),
Some(_) =>
assert!(false, "Bad reparse of GeneralizedTime.")
} }
} }
} }
@@ -1504,7 +1567,79 @@ mod tests {
fn encode_base127_zero() { fn encode_base127_zero() {
let zero = BigUint::from(0 as u64); let zero = BigUint::from(0 as u64);
let encoded = encode_base127(&zero); let encoded = encode_base127(&zero);
let expected: Vec::<u8> = vec![0x0]; let expected: Vec<u8> = vec![0x0];
assert_eq!(expected, encoded); assert_eq!(expected, encoded);
} }
#[test]
fn raw_oid_eq() {
// data taken from https://tools.ietf.org/html/rfc4880
// ( OID as vector of unsigned integers , asn1 encoded block)
// comparision is not done against the full length, but only for
// the actually encoded OID part (see the expect statement further down)
let md5 = (
oid!(1, 2, 840, 113549, 2, 5),
vec![
0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
0x05, 0x00, 0x04, 0x10,
],
);
let ripmed160 = (
oid!(1, 3, 36, 3, 2, 1),
vec![
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04,
0x14,
],
);
let sha1 = (
oid!(1, 3, 14, 3, 2, 26),
vec![
0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04,
0x14,
],
);
let sha224 = (
oid!(2, 16, 840, 1, 101, 3, 4, 2, 4),
vec![
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x04, 0x05, 0x00, 0x04, 0x1C,
],
);
let sha256 = (
oid!(2, 16, 840, 1, 101, 3, 4, 2, 1),
vec![
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x01, 0x05, 0x00, 0x04, 0x20,
],
);
let sha384 = (
oid!(2, 16, 840, 1, 101, 3, 4, 2, 2),
vec![
0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x02, 0x05, 0x00, 0x04, 0x30,
],
);
let sha512 = (
oid!(2, 16, 840, 1, 101, 3, 4, 2, 3),
vec![
0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
0x03, 0x05, 0x00, 0x04, 0x40,
],
);
let tests: Vec<(OID, Vec<u8>)> = vec![md5, ripmed160, sha1, sha224, sha256, sha384, sha512];
for test in tests {
let expected = test.1;
let raw_oid = test.0.as_raw().expect("Failed to convert OID to raw");
assert_eq!(raw_oid, &expected[6..(expected.len() - 4)]);
}
}
} }