1 /* Copyright (c) 2016, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <gtest/gtest.h>
16
17 #include <openssl/asn1.h>
18 #include <openssl/bytestring.h>
19 #include <openssl/crypto.h>
20 #include <openssl/obj.h>
21
22 #include "../internal.h"
23
24
TEST(ObjTest,TestBasic)25 TEST(ObjTest, TestBasic) {
26 static const int kNID = NID_sha256WithRSAEncryption;
27 static const char kShortName[] = "RSA-SHA256";
28 static const char kLongName[] = "sha256WithRSAEncryption";
29 static const char kText[] = "1.2.840.113549.1.1.11";
30 static const uint8_t kDER[] = {
31 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
32 };
33
34 CBS cbs;
35 CBS_init(&cbs, kDER, sizeof(kDER));
36 ASSERT_EQ(kNID, OBJ_cbs2nid(&cbs));
37 ASSERT_EQ(kNID, OBJ_sn2nid(kShortName));
38 ASSERT_EQ(kNID, OBJ_ln2nid(kLongName));
39 ASSERT_EQ(kNID, OBJ_txt2nid(kShortName));
40 ASSERT_EQ(kNID, OBJ_txt2nid(kLongName));
41 ASSERT_EQ(kNID, OBJ_txt2nid(kText));
42
43 ASSERT_STREQ(kShortName, OBJ_nid2sn(kNID));
44 ASSERT_STREQ(kLongName, OBJ_nid2ln(kNID));
45
46 ASSERT_EQ(NID_undef, OBJ_sn2nid("this is not an OID"));
47 ASSERT_EQ(NID_undef, OBJ_ln2nid("this is not an OID"));
48 ASSERT_EQ(NID_undef, OBJ_txt2nid("this is not an OID"));
49
50 CBS_init(&cbs, NULL, 0);
51 ASSERT_EQ(NID_undef, OBJ_cbs2nid(&cbs));
52
53 // 1.2.840.113554.4.1.72585.2 (https://davidben.net/oid).
54 static const uint8_t kUnknownDER[] = {
55 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x02,
56 };
57 CBS_init(&cbs, kUnknownDER, sizeof(kUnknownDER));
58 ASSERT_EQ(NID_undef, OBJ_cbs2nid(&cbs));
59
60 EXPECT_EQ(NID_undef, OBJ_sn2nid("UNDEF"));
61 EXPECT_EQ(NID_undef, OBJ_ln2nid("undefined"));
62 EXPECT_EQ(OBJ_get_undef(), OBJ_nid2obj(NID_undef));
63 }
64
TEST(ObjTest,TestSignatureAlgorithms)65 TEST(ObjTest, TestSignatureAlgorithms) {
66 int digest_nid, pkey_nid;
67 ASSERT_TRUE(OBJ_find_sigid_algs(NID_sha256WithRSAEncryption, &digest_nid,
68 &pkey_nid));
69 ASSERT_EQ(digest_nid, NID_sha256);
70 ASSERT_EQ(pkey_nid, NID_rsaEncryption);
71
72 ASSERT_FALSE(OBJ_find_sigid_algs(NID_sha256, &digest_nid, &pkey_nid));
73
74 int sign_nid;
75 ASSERT_TRUE(OBJ_find_sigid_by_algs(&sign_nid, NID_sha256, NID_rsaEncryption));
76 ASSERT_EQ(sign_nid, NID_sha256WithRSAEncryption);
77 ASSERT_FALSE(OBJ_find_sigid_by_algs(&sign_nid, NID_dsa, NID_rsaEncryption));
78 }
79
ExpectObj2Txt(const uint8_t * der,size_t der_len,bool always_return_oid,const char * expected)80 static bool ExpectObj2Txt(const uint8_t *der, size_t der_len,
81 bool always_return_oid, const char *expected) {
82 bssl::UniquePtr<ASN1_OBJECT> obj(
83 ASN1_OBJECT_create(NID_undef, der, static_cast<int>(der_len),
84 /*sn=*/nullptr, /*ln=*/nullptr));
85 if (!obj) {
86 return false;
87 }
88
89 int expected_len = static_cast<int>(strlen(expected));
90
91 int len = OBJ_obj2txt(nullptr, 0, obj.get(), always_return_oid);
92 if (len != expected_len) {
93 fprintf(stderr,
94 "OBJ_obj2txt of %s with out_len = 0 returned %d, wanted %d.\n",
95 expected, len, expected_len);
96 return false;
97 }
98
99 char short_buf[1];
100 OPENSSL_memset(short_buf, 0xff, sizeof(short_buf));
101 len = OBJ_obj2txt(short_buf, sizeof(short_buf), obj.get(), always_return_oid);
102 if (len != expected_len) {
103 fprintf(stderr,
104 "OBJ_obj2txt of %s with out_len = 1 returned %d, wanted %d.\n",
105 expected, len, expected_len);
106 return false;
107 }
108
109 if (OPENSSL_memchr(short_buf, '\0', sizeof(short_buf)) == nullptr) {
110 fprintf(stderr,
111 "OBJ_obj2txt of %s with out_len = 1 did not NUL-terminate the "
112 "output.\n",
113 expected);
114 return false;
115 }
116
117 char buf[256];
118 len = OBJ_obj2txt(buf, sizeof(buf), obj.get(), always_return_oid);
119 if (len != expected_len) {
120 fprintf(stderr,
121 "OBJ_obj2txt of %s with out_len = 256 returned %d, wanted %d.\n",
122 expected, len, expected_len);
123 return false;
124 }
125
126 if (strcmp(buf, expected) != 0) {
127 fprintf(stderr, "OBJ_obj2txt returned \"%s\"; wanted \"%s\".\n", buf,
128 expected);
129 return false;
130 }
131
132 return true;
133 }
134
TEST(ObjTest,TestObj2Txt)135 TEST(ObjTest, TestObj2Txt) {
136 // kSHA256WithRSAEncryption is the DER representation of
137 // 1.2.840.113549.1.1.11, id-sha256WithRSAEncryption.
138 static const uint8_t kSHA256WithRSAEncryption[] = {
139 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
140 };
141
142 // kBasicConstraints is the DER representation of 2.5.29.19,
143 // id-basicConstraints.
144 static const uint8_t kBasicConstraints[] = {
145 0x55, 0x1d, 0x13,
146 };
147
148 // kTestOID is the DER representation of 1.2.840.113554.4.1.72585.0,
149 // from https://davidben.net/oid.
150 static const uint8_t kTestOID[] = {
151 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x00,
152 };
153
154 ASSERT_TRUE(
155 ExpectObj2Txt(kSHA256WithRSAEncryption, sizeof(kSHA256WithRSAEncryption),
156 true /* don't return name */, "1.2.840.113549.1.1.11"));
157 ASSERT_TRUE(
158 ExpectObj2Txt(kSHA256WithRSAEncryption, sizeof(kSHA256WithRSAEncryption),
159 false /* return name */, "sha256WithRSAEncryption"));
160 ASSERT_TRUE(ExpectObj2Txt(kBasicConstraints, sizeof(kBasicConstraints),
161 true /* don't return name */, "2.5.29.19"));
162 ASSERT_TRUE(ExpectObj2Txt(kBasicConstraints, sizeof(kBasicConstraints),
163 false /* return name */,
164 "X509v3 Basic Constraints"));
165 ASSERT_TRUE(ExpectObj2Txt(kTestOID, sizeof(kTestOID),
166 true /* don't return name */,
167 "1.2.840.113554.4.1.72585.0"));
168 ASSERT_TRUE(ExpectObj2Txt(kTestOID, sizeof(kTestOID), false /* return name */,
169 "1.2.840.113554.4.1.72585.0"));
170 // Python depends on the empty OID successfully encoding as the empty
171 // string.
172 ASSERT_TRUE(ExpectObj2Txt(nullptr, 0, false /* return name */, ""));
173 ASSERT_TRUE(ExpectObj2Txt(nullptr, 0, true /* don't return name */, ""));
174
175 // kNonMinimalOID is kBasicConstraints with the final component non-minimally
176 // encoded.
177 static const uint8_t kNonMinimalOID[] = {0x55, 0x1d, 0x80, 0x13};
178 bssl::UniquePtr<ASN1_OBJECT> obj(
179 ASN1_OBJECT_create(NID_undef, kNonMinimalOID, sizeof(kNonMinimalOID),
180 /*sn=*/nullptr, /*ln=*/nullptr));
181 ASSERT_TRUE(obj);
182 ASSERT_EQ(-1, OBJ_obj2txt(NULL, 0, obj.get(), 0));
183
184 // kOverflowOID is the DER representation of
185 // 1.2.840.113554.4.1.72585.18446744073709551616. (The final value is 2^64.)
186 static const uint8_t kOverflowOID[] = {
187 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09,
188 0x82, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x00,
189 };
190 obj.reset(ASN1_OBJECT_create(NID_undef, kOverflowOID, sizeof(kOverflowOID),
191 /*sn=*/nullptr, /*ln=*/nullptr));
192 ASSERT_TRUE(obj);
193 ASSERT_EQ(-1, OBJ_obj2txt(NULL, 0, obj.get(), 0));
194
195 // kInvalidOID is a mis-encoded version of kBasicConstraints with the final
196 // octet having the high bit set.
197 static const uint8_t kInvalidOID[] = {0x55, 0x1d, 0x93};
198 obj.reset(ASN1_OBJECT_create(NID_undef, kInvalidOID, sizeof(kInvalidOID),
199 /*sn=*/nullptr, /*ln=*/nullptr));
200 ASSERT_TRUE(obj);
201 ASSERT_EQ(-1, OBJ_obj2txt(NULL, 0, obj.get(), 0));
202 }
203