1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
package util
import (
"encoding/base64"
"testing"
"github.com/zmap/zcrypto/encoding/asn1"
)
func TestCheckAlgorithmIDParamNotNULL(t *testing.T) {
testCases := []struct {
name string
checkOID asn1.ObjectIdentifier
algorithm string
errStr string
}{
{
name: "valid rsaEncryption",
checkOID: OidRSAEncryption,
algorithm: "MA0GCSqGSIb3DQEBAQUA",
errStr: "",
},
{
name: "valid md2WithRSAEncryption",
checkOID: OidMD2WithRSAEncryption,
algorithm: "MA0GCSqGSIb3DQEBAgUA",
errStr: "",
},
{
name: "valid md5WithRSAEncryption",
checkOID: OidMD5WithRSAEncryption,
algorithm: "MA0GCSqGSIb3DQEBBAUA",
errStr: "",
},
{
name: "valid sha-1WithRSAEncryption",
checkOID: OidSHA1WithRSAEncryption,
algorithm: "MA0GCSqGSIb3DQEBBQUA",
errStr: "",
},
{
name: "valid sha224WithRSAEncryption",
checkOID: OidSHA224WithRSAEncryption,
algorithm: "MA0GCSqGSIb3DQEBDgUA",
errStr: "",
},
{
name: "valid sha256WithRSAEncryption",
checkOID: OidSHA256WithRSAEncryption,
algorithm: "MA0GCSqGSIb3DQEBCwUA",
errStr: "",
},
{
name: "valid sha384WithRSAEncryption",
checkOID: OidSHA384WithRSAEncryption,
algorithm: "MA0GCSqGSIb3DQEBDAUA",
errStr: "",
},
{
name: "valid sha512WithRSAEncryption",
checkOID: OidSHA512WithRSAEncryption,
algorithm: "MA0GCSqGSIb3DQEBDQUA",
errStr: "",
},
{
name: "extra field in algorithm sequence",
checkOID: OidRSAEncryption,
algorithm: "MA8GCSqGSIb3DQEBAQUAAgA=",
errStr: "RSA algorithm identifier with trailing data",
},
{
name: "missing NULL param",
checkOID: OidRSAEncryption,
algorithm: "MAsGCSqGSIb3DQEBAQ==",
errStr: "RSA algorithm identifier missing required NULL parameter",
},
{
name: "NULL param containing data",
checkOID: OidRSAEncryption,
algorithm: "MBQGCSqGSIb3DQEBAQUHTk9UTlVMTA==",
errStr: "RSA algorithm identifier with NULL parameter containing data",
},
{
name: "trailing data after NULL param",
checkOID: OidRSAEncryption,
algorithm: "MBQGCSqGSIb3DQEBAQUATk9UTlVMTA==",
errStr: "RSA algorithm identifier with trailing data",
},
{
name: "context-specific 0 tag in param",
checkOID: OidRSAEncryption,
algorithm: "MA0GCSqGSIb3DQEBAaAA",
errStr: "RSA algorithm identifier with non-NULL parameter",
},
{
name: "wrong algorithm oid",
algorithm: "MBQGCSqGSIb3DQEBAgUATk9UTlVMTA==",
errStr: "error algorithmID to check is not RSA",
},
{
name: "malformed algorithm sequence",
checkOID: OidRSAEncryption,
algorithm: "MQ0GCSqGSIb3DQEBAQU",
errStr: "error reading algorithm",
},
{
name: "malformed OID",
checkOID: OidRSAEncryption,
algorithm: "MBgTFDEuMi44NDAuMTEzNTQ5LjEuMS4xBQA=",
errStr: "error reading algorithm OID",
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
algoBytes, _ := base64.StdEncoding.DecodeString(tc.algorithm)
err := CheckAlgorithmIDParamNotNULL(algoBytes, tc.checkOID)
if err == nil {
if tc.errStr != "" {
t.Errorf("expected error %v was no error", tc.errStr)
}
return
}
if err.Error() != tc.errStr {
t.Errorf("expected error %q was %q", tc.errStr, err.Error())
}
})
}
}
|
