From: Adam Langley Date: Mon, 19 Jul 2010 15:11:40 +0000 (-0400) Subject: asn1: Enumerated, Flag and GeneralizedTime support. X-Git-Tag: weekly.2010-07-29~74 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=9929ee92e736a5a0b22e8cb9a0987bd309255bd2;p=gostls13.git asn1: Enumerated, Flag and GeneralizedTime support. Add support for ASN.1 ENUMERATED types. Add a magic type, asn1.Flag, for the cases where the presence of an empty explicit tag is semantically meaningful. Add support for GeneralizedTime. R=rsc CC=golang-dev https://golang.org/cl/1684055 --- diff --git a/src/pkg/asn1/asn1.go b/src/pkg/asn1/asn1.go index bba8a0fe27..3e3bb105b6 100644 --- a/src/pkg/asn1/asn1.go +++ b/src/pkg/asn1/asn1.go @@ -150,6 +150,20 @@ func parseBitString(bytes []byte) (ret BitString, err os.Error) { // An ObjectIdentifier represents an ASN.1 OBJECT IDENTIFIER. type ObjectIdentifier []int +// Equal returns true iff oi and other represent the same identifier. +func (oi ObjectIdentifier) Equal(other ObjectIdentifier) bool { + if len(oi) != len(other) { + return false + } + for i := 0; i < len(oi); i++ { + if oi[i] != other[i] { + return false + } + } + + return true +} + // parseObjectIdentifier parses an OBJECT IDENTIFER from the given bytes and // returns it. An object identifer is a sequence of variable length integers // that are assigned in a hierarachy. @@ -179,6 +193,17 @@ func parseObjectIdentifier(bytes []byte) (s []int, err os.Error) { return } +// ENUMERATED + +// An Enumerated is represented as a plain int. +type Enumerated int + + +// FLAG + +// A Flag accepts any data and is set to true if present. +type Flag bool + // parseBase128Int parses a base-128 encoded int from the given offset in the // given byte array. It returns the value and the new offset. func parseBase128Int(bytes []byte, initOffset int) (ret, offset int, err os.Error) { @@ -202,101 +227,20 @@ func parseBase128Int(bytes []byte, initOffset int) (ret, offset int, err os.Erro // UTCTime -func isDigit(b byte) bool { return '0' <= b && b <= '9' } - -// twoDigits returns the value of two, base 10 digits. -func twoDigits(bytes []byte, max int) (int, bool) { - for i := 0; i < 2; i++ { - if !isDigit(bytes[i]) { - return 0, false - } - } - value := (int(bytes[0])-'0')*10 + int(bytes[1]-'0') - if value > max { - return 0, false - } - return value, true -} - -// parseUTCTime parses the UTCTime from the given byte array and returns the -// resulting time. func parseUTCTime(bytes []byte) (ret *time.Time, err os.Error) { - // A UTCTime can take the following formats: - // - // 1111111 - // 01234567890123456 - // - // YYMMDDhhmmZ - // YYMMDDhhmm+hhmm - // YYMMDDhhmm-hhmm - // YYMMDDhhmmssZ - // YYMMDDhhmmss+hhmm - // YYMMDDhhmmss-hhmm - if len(bytes) < 11 { - err = SyntaxError{"UTCTime too short"} - return - } - ret = new(time.Time) - - var ok1, ok2, ok3, ok4, ok5 bool - year, ok1 := twoDigits(bytes[0:2], 99) - // RFC 5280, section 5.1.2.4 says that years 2050 or later use another date - // scheme. - if year >= 50 { - ret.Year = 1900 + int64(year) - } else { - ret.Year = 2000 + int64(year) - } - ret.Month, ok2 = twoDigits(bytes[2:4], 12) - ret.Day, ok3 = twoDigits(bytes[4:6], 31) - ret.Hour, ok4 = twoDigits(bytes[6:8], 23) - ret.Minute, ok5 = twoDigits(bytes[8:10], 59) - if !ok1 || !ok2 || !ok3 || !ok4 || !ok5 { - goto Error - } - bytes = bytes[10:] - switch bytes[0] { - case '0', '1', '2', '3', '4', '5', '6': - if len(bytes) < 3 { - goto Error - } - ret.Second, ok1 = twoDigits(bytes[0:2], 60) // 60, not 59, because of leap seconds. - if !ok1 { - goto Error - } - bytes = bytes[2:] - } - if len(bytes) == 0 { - goto Error - } - switch bytes[0] { - case 'Z': - if len(bytes) != 1 { - goto Error - } + s := string(bytes) + ret, err = time.Parse("0601021504Z0700", s) + if err == nil { return - case '-', '+': - if len(bytes) != 5 { - goto Error - } - hours, ok1 := twoDigits(bytes[1:3], 12) - minutes, ok2 := twoDigits(bytes[3:5], 59) - if !ok1 || !ok2 { - goto Error - } - sign := 1 - if bytes[0] == '-' { - sign = -1 - } - ret.ZoneOffset = sign * (60 * (hours*60 + minutes)) - default: - goto Error } + ret, err = time.Parse("060102150405Z0700", s) return +} -Error: - err = SyntaxError{"invalid UTCTime"} - return +// parseGeneralizedTime parses the GeneralizedTime from the given byte array +// and returns the resulting time. +func parseGeneralizedTime(bytes []byte) (ret *time.Time, err os.Error) { + return time.Parse("20060102150405Z0700", string(bytes)) } // PrintableString @@ -351,6 +295,7 @@ type RawValue struct { Class, Tag int IsCompound bool Bytes []byte + FullBytes []byte // includes the tag and length } // RawContent is used to signal that the undecoded, DER data needs to be @@ -462,6 +407,8 @@ func parseSequenceOf(bytes []byte, sliceType *reflect.SliceType, elemType reflec var ( bitStringType = reflect.Typeof(BitString{}) objectIdentifierType = reflect.Typeof(ObjectIdentifier{}) + enumeratedType = reflect.Typeof(Enumerated(0)) + flagType = reflect.Typeof(Flag(false)) timeType = reflect.Typeof(&time.Time{}) rawValueType = reflect.Typeof(RawValue{}) rawContentsType = reflect.Typeof(RawContent(nil)) @@ -499,7 +446,7 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam err = SyntaxError{"data truncated"} return } - result := RawValue{t.class, t.tag, t.isCompound, bytes[offset : offset+t.length]} + result := RawValue{t.class, t.tag, t.isCompound, bytes[offset : offset+t.length], bytes[initOffset : offset+t.length]} offset += t.length v.(*reflect.StructValue).Set(reflect.NewValue(result).(*reflect.StructValue)) return @@ -559,9 +506,20 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam return } if params.explicit { - if t.class == classContextSpecific && t.tag == *params.tag && t.isCompound { - t, offset, err = parseTagAndLength(bytes, offset) - if err != nil { + if t.class == classContextSpecific && t.tag == *params.tag && (t.length == 0 || t.isCompound) { + if t.length > 0 { + t, offset, err = parseTagAndLength(bytes, offset) + if err != nil { + return + } + } else { + if fieldType != flagType { + err = StructuralError{"Zero length explicit tag was not an asn1.Flag"} + return + } + + flagValue := v.(*reflect.BoolValue) + flagValue.Set(true) return } } else { @@ -584,6 +542,12 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam universalTag = tagIA5String } + // Special case for time: UTCTime and GeneralizedTime both map to the + // Go type time.Time. + if universalTag == tagUTCTime && t.tag == tagGeneralizedTime { + universalTag = tagGeneralizedTime + } + expectedClass := classUniversal expectedTag := universalTag @@ -631,12 +595,30 @@ func parseField(v reflect.Value, bytes []byte, initOffset int, params fieldParam return case timeType: ptrValue := v.(*reflect.PtrValue) - time, err1 := parseUTCTime(innerBytes) + var time *time.Time + var err1 os.Error + if universalTag == tagUTCTime { + time, err1 = parseUTCTime(innerBytes) + } else { + time, err1 = parseGeneralizedTime(innerBytes) + } if err1 == nil { ptrValue.Set(reflect.NewValue(time).(*reflect.PtrValue)) } err = err1 return + case enumeratedType: + parsedInt, err1 := parseInt(innerBytes) + enumValue := v.(*reflect.IntValue) + if err1 == nil { + enumValue.Set(int64(parsedInt)) + } + err = err1 + return + case flagType: + flagValue := v.(*reflect.BoolValue) + flagValue.Set(true) + return } switch val := v.(type) { case *reflect.BoolValue: @@ -753,6 +735,10 @@ func setDefaultValue(v reflect.Value, params fieldParameters) (ok bool) { // An ASN.1 OBJECT IDENTIFIER can be written to an // ObjectIdentifier. // +// An ASN.1 ENUMERATED can be written to an Enumerated. +// +// An ASN.1 UTCTIME or GENERALIZEDTIME can be written to a *time.Time. +// // An ASN.1 PrintableString or IA5String can be written to a string. // // Any of the above ASN.1 values can be written to an interface{}. diff --git a/src/pkg/asn1/asn1_test.go b/src/pkg/asn1/asn1_test.go index b5bce93b70..ee90048c77 100644 --- a/src/pkg/asn1/asn1_test.go +++ b/src/pkg/asn1/asn1_test.go @@ -147,11 +147,11 @@ type timeTest struct { out *time.Time } -var timeTestData = []timeTest{ +var utcTestData = []timeTest{ timeTest{"910506164540-0700", true, &time.Time{1991, 05, 06, 16, 45, 40, 0, -7 * 60 * 60, ""}}, timeTest{"910506164540+0730", true, &time.Time{1991, 05, 06, 16, 45, 40, 0, 7*60*60 + 30*60, ""}}, - timeTest{"910506234540Z", true, &time.Time{1991, 05, 06, 23, 45, 40, 0, 0, ""}}, - timeTest{"9105062345Z", true, &time.Time{1991, 05, 06, 23, 45, 0, 0, 0, ""}}, + timeTest{"910506234540Z", true, &time.Time{1991, 05, 06, 23, 45, 40, 0, 0, "UTC"}}, + timeTest{"9105062345Z", true, &time.Time{1991, 05, 06, 23, 45, 0, 0, 0, "UTC"}}, timeTest{"a10506234540Z", false, nil}, timeTest{"91a506234540Z", false, nil}, timeTest{"9105a6234540Z", false, nil}, @@ -162,8 +162,8 @@ var timeTestData = []timeTest{ timeTest{"910506334400Za", false, nil}, } -func TestTime(t *testing.T) { - for i, test := range timeTestData { +func TestUTCTime(t *testing.T) { + for i, test := range utcTestData { ret, err := parseUTCTime([]byte(test.in)) if (err == nil) != test.ok { t.Errorf("#%d: Incorrect error result (did fail? %v, expected: %v)", i, err == nil, test.ok) @@ -176,6 +176,27 @@ func TestTime(t *testing.T) { } } +var generalizedTimeTestData = []timeTest{ + timeTest{"20100102030405Z", true, &time.Time{2010, 01, 02, 03, 04, 05, 0, 0, "UTC"}}, + timeTest{"20100102030405", false, nil}, + timeTest{"20100102030405+0607", true, &time.Time{2010, 01, 02, 03, 04, 05, 0, 6*60*60 + 7*60, ""}}, + timeTest{"20100102030405-0607", true, &time.Time{2010, 01, 02, 03, 04, 05, 0, -6*60*60 - 7*60, ""}}, +} + +func TestGeneralizedTime(t *testing.T) { + for i, test := range generalizedTimeTestData { + ret, err := parseGeneralizedTime([]byte(test.in)) + if (err == nil) != test.ok { + t.Errorf("#%d: Incorrect error result (did fail? %v, expected: %v)", i, err == nil, test.ok) + } + if err == nil { + if !reflect.DeepEqual(test.out, ret) { + t.Errorf("#%d: Bad result: %v (expected %v)", i, ret, test.out) + } + } + } +} + type tagAndLengthTest struct { in []byte ok bool @@ -276,8 +297,8 @@ var unmarshalTestData []unmarshalTest = []unmarshalTest{ unmarshalTest{[]byte{0x02, 0x01, 0x10}, newInt(16)}, unmarshalTest{[]byte{0x13, 0x04, 't', 'e', 's', 't'}, newString("test")}, unmarshalTest{[]byte{0x16, 0x04, 't', 'e', 's', 't'}, newString("test")}, - unmarshalTest{[]byte{0x16, 0x04, 't', 'e', 's', 't'}, &RawValue{0, 22, false, []byte("test")}}, - unmarshalTest{[]byte{0x04, 0x04, 1, 2, 3, 4}, &RawValue{0, 4, false, []byte{1, 2, 3, 4}}}, + unmarshalTest{[]byte{0x16, 0x04, 't', 'e', 's', 't'}, &RawValue{0, 22, false, []byte("test"), []byte("\x16\x04test")}}, + unmarshalTest{[]byte{0x04, 0x04, 1, 2, 3, 4}, &RawValue{0, 4, false, []byte{1, 2, 3, 4}, []byte{4, 4, 1, 2, 3, 4}}}, unmarshalTest{[]byte{0x30, 0x03, 0x81, 0x01, 0x01}, &TestContextSpecificTags{1}}, unmarshalTest{[]byte{0x30, 0x08, 0xa1, 0x03, 0x02, 0x01, 0x01, 0x02, 0x01, 0x02}, &TestContextSpecificTags2{1, 2}}, unmarshalTest{[]byte{0x01, 0x01, 0x00}, newBool(false)}, @@ -389,7 +410,7 @@ func TestRawStructs(t *testing.T) { var derEncodedSelfSignedCert = Certificate{ TBSCertificate: TBSCertificate{ Version: 0, - SerialNumber: RawValue{Class: 0, Tag: 2, IsCompound: false, Bytes: []uint8{0x0, 0x8c, 0xc3, 0x37, 0x92, 0x10, 0xec, 0x2c, 0x98}}, + SerialNumber: RawValue{Class: 0, Tag: 2, IsCompound: false, Bytes: []uint8{0x0, 0x8c, 0xc3, 0x37, 0x92, 0x10, 0xec, 0x2c, 0x98}, FullBytes: []byte{2, 9, 0x0, 0x8c, 0xc3, 0x37, 0x92, 0x10, 0xec, 0x2c, 0x98}}, SignatureAlgorithm: AlgorithmIdentifier{Algorithm: ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5}}, Issuer: RDNSequence{ RelativeDistinguishedNameSET{AttributeTypeAndValue{Type: ObjectIdentifier{2, 5, 4, 6}, Value: "XX"}}, @@ -399,7 +420,7 @@ var derEncodedSelfSignedCert = Certificate{ RelativeDistinguishedNameSET{AttributeTypeAndValue{Type: ObjectIdentifier{2, 5, 4, 3}, Value: "false.example.com"}}, RelativeDistinguishedNameSET{AttributeTypeAndValue{Type: ObjectIdentifier{1, 2, 840, 113549, 1, 9, 1}, Value: "false@example.com"}}, }, - Validity: Validity{NotBefore: &time.Time{Year: 2009, Month: 10, Day: 8, Hour: 0, Minute: 25, Second: 53, Weekday: 0, ZoneOffset: 0, Zone: ""}, NotAfter: &time.Time{Year: 2010, Month: 10, Day: 8, Hour: 0, Minute: 25, Second: 53, Weekday: 0, ZoneOffset: 0, Zone: ""}}, + Validity: Validity{NotBefore: &time.Time{Year: 2009, Month: 10, Day: 8, Hour: 0, Minute: 25, Second: 53, Weekday: 0, ZoneOffset: 0, Zone: "UTC"}, NotAfter: &time.Time{Year: 2010, Month: 10, Day: 8, Hour: 0, Minute: 25, Second: 53, Weekday: 0, ZoneOffset: 0, Zone: "UTC"}}, Subject: RDNSequence{ RelativeDistinguishedNameSET{AttributeTypeAndValue{Type: ObjectIdentifier{2, 5, 4, 6}, Value: "XX"}}, RelativeDistinguishedNameSET{AttributeTypeAndValue{Type: ObjectIdentifier{2, 5, 4, 8}, Value: "Some-State"}}, diff --git a/src/pkg/asn1/common.go b/src/pkg/asn1/common.go index 14fa304269..3ea0f09b12 100644 --- a/src/pkg/asn1/common.go +++ b/src/pkg/asn1/common.go @@ -24,11 +24,13 @@ const ( tagBitString = 3 tagOctetString = 4 tagOID = 6 + tagEnum = 10 tagSequence = 16 tagSet = 17 tagPrintableString = 19 tagIA5String = 22 tagUTCTime = 23 + tagGeneralizedTime = 24 ) const ( @@ -121,6 +123,8 @@ func getUniversalType(t reflect.Type) (tagNumber int, isCompound, ok bool) { return tagBitString, false, true case timeType: return tagUTCTime, false, true + case enumeratedType: + return tagEnum, false, true } switch t := t.(type) { case *reflect.BoolType: