feat: Wrote unit tests/fuzzer tests for DER

Signed-off-by: ethan-thompson <[email protected]>

Author: ethan-thompson

src/bin/all.mk

@@ -22,7 +22,7 @@ SUBMAKEFILES := \
 #  The fuzzer binary needs special magic to run, as it doesn't parse
 #  command-line options.  See fuzzer.mk for details.
 #
-FUZZER_PROTOCOLS = radius dhcpv4 dhcpv6 dns tacacs vmps tftp util bfd cbor
+FUZZER_PROTOCOLS = radius dhcpv4 dhcpv6 dns tacacs vmps tftp util bfd cbor der
 
 #
 #  Add the fuzzer only if everything was built with the fuzzing flags.

src/tests/fuzzer-corpus/der.tar

@@ -0,0 +1,16 @@
+# -*- text -*-
+# Copyright (C) 2025 The FreeRADIUS Server project and contributors
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+proto der
+proto-dictionary der
+fuzzer-out der
+max-buffer-size 2048
+
+encode-pair CertificateRequest = { certificationRequestInfo = { version = 0, subject = { RelativeDistinguishedName = { AttributeTypeandValue = { OID = "2.5.4.3", Value-Thing = "test" } } }, subjectPublicKeyInfo = { algorithm = { OID = "1.3.101.112" }, subjectPublicKey = 0x00fb16e6bd645fb03d755d0c207042bf80aa7cba385becdb9c19fcfe0bc95b1898 }, Attributes = { Attribute-thing = { OID = "1.2.840.113549.1.9.14", Extensions = { joint-iso-itu-t = { ds = { certificateExtension = { subjectAltName = { otherName = { type-id = "1.3.6.1.4.1.311.20.2.3", Value-thing = { userPrincipalName = "[email protected]" } } } } } } } } } }, signatureAlgorithm = { OID = "1.3.101.112" }, signature = 0x00529e457a71c5d6b67344653eef0885fbf0f56dfc83445d1dcd6cf6b25e389e5b6ef222e31cedda21f393616a6a66568383506adcbec571bec87f8c9902c1390b }
+match 30 81 d0 30 81 83 02 01 00 30 0f 31 0d 30 0b 06 03 55 04 03 0c 04 74 65 73 74 30 2a 30 05 06 03 2b 65 70 03 21 00 fb 16 e6 bd 64 5f b0 3d 75 5d 0c 20 70 42 bf 80 aa 7c ba 38 5b ec db 9c 19 fc fe 0b c9 5b 18 98 a0 41 30 3f 06 09 2a 86 48 86 f7 0d 01 09 0e 31 32 30 30 30 2e 06 03 55 1d 11 04 27 30 25 a0 23 06 0a 2b 06 01 04 01 82 37 14 02 03 a0 15 0c 13 61 64 64 72 65 73 73 40 64 6f 6d 61 69 6e 2e 74 65 73 74 30 05 06 03 2b 65 70 03 41 00 52 9e 45 7a 71 c5 d6 b6 73 44 65 3e ef 08 85 fb f0 f5 6d fc 83 44 5d 1d cd 6c f6 b2 5e 38 9e 5b 6e f2 22 e3 1c ed da 21 f3 93 61 6a 6a 66 56 83 83 50 6a dc be c5 71 be c8 7f 8c 99 02 c1 39 0b
+
+proto-dictionary-root CertificateRequest
+
+decode-pair 30 81 D0 30 81 83 02 01 00 30 0F 31 0D 30 0B 06 03 55 04 03 0C 04 74 65 73 74 30 2A 30 05 06 03 2B 65 70 03 21 00 FB 16 E6 BD 64 5F B0 3D 75 5D 0C 20 70 42 BF 80 AA 7C BA 38 5B EC DB 9C 19 FC FE 0B C9 5B 18 98 A0 41 30 3F 06 09 2A 86 48 86 F7 0D 01 09 0E 31 32 30 30 30 2E 06 03 55 1D 11 04 27 30 25 A0 23 06 0A 2B 06 01 04 01 82 37 14 02 03 A0 15 0C 13 61 64 64 72 65 73 73 40 64 6F 6D 61 69 6E 2E 74 65 73 74 30 05 06 03 2B 65 70 03 41 00 52 9E 45 7A 71 C5 D6 B6 73 44 65 3E EF 08 85 FB F0 F5 6D FC 83 44 5D 1D CD 6C F6 B2 5E 38 9E 5B 6E F2 22 E3 1C ED DA 21 F3 93 61 6A 6A 66 56 83 83 50 6A DC BE C5 71 BE C8 7F 8C 99 02 C1 39 0B
+match CertificateRequest = { certificationRequestInfo = { version = 0, subject = { RelativeDistinguishedName = { AttributeTypeandValue = { OID = "2.5.4.3", Value-Thing = "test" } } }, subjectPublicKeyInfo = { algorithm = { OID = "1.3.101.112" }, subjectPublicKey = 0x00fb16e6bd645fb03d755d0c207042bf80aa7cba385becdb9c19fcfe0bc95b1898 }, Attributes = { Attribute-thing = { OID = "1.2.840.113549.1.9.14", Extensions = { joint-iso-itu-t = { ds = { certificateExtension = { subjectAltName = { otherName = { type-id = "1.3.6.1.4.1.311.20.2.3", Value-thing = { userPrincipalName = "[email protected]" } } } } } } } } } }, signatureAlgorithm = { OID = "1.3.101.112" }, signature = 0x00529e457a71c5d6b67344653eef0885fbf0f56dfc83445d1dcd6cf6b25e389e5b6ef222e31cedda21f393616a6a66568383506adcbec571bec87f8c9902c1390b }

src/tests/unit/protocols/der/csrs.txt

@@ -0,0 +1,183 @@
+# -*- text -*-
+# Copyright (C) 2025 The FreeRADIUS Server project and contributors
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+DEFINE	Certificate-Extensions				x509_extensions ref=OID-Tree
+
+DEFINE	Issuer						tlv is_pairs
+BEGIN Issuer
+DEFINE	RelativeDistinguishedName			tlv subtype=set
+BEGIN RelativeDistinguishedName
+DEFINE	AttributeTypeAndValue				group ref=OID-Tree,sequence_of=set,is_pair
+END RelativeDistinguishedName
+END Issuer
+
+DEFINE	Issuer-Set					tlv is_pairs
+BEGIN Issuer-Set
+DEFINE	RelativeDistinguishedName			tlv
+BEGIN RelativeDistinguishedName
+DEFINE	AttributeTypeAndValue				group ref=OID-Tree,sequence_of=set,is_pair
+END RelativeDistinguishedName
+END Issuer-Set
+
+DEFINE	Test-Seq-Of					sequence sequence_of=integer
+BEGIN Test-Seq-Of
+DEFINE	Test-First-Integer				integer
+END Test-Seq-Of
+
+DEFINE	Test-Set-Of					tlv subtype=set,set_of=integer
+BEGIN Test-Set-Of
+DEFINE	Test-First-Integer				int64
+END Test-Set-Of
+
+DEFINE	Test-Set-Of-Group				group ref=Test-Set-Of,subtype=set,set_of=integer
+
+DEFINE	Test-Boolean					bool
+
+DEFINE	Test-Integer					int64
+
+DEFINE	Foo						struct subtype=sequence
+BEGIN Foo
+MEMBER		Test-Integer				int64
+END Foo
+
+DEFINE	Bar						struct
+BEGIN Bar
+MEMBER		Test-Boolean				bool
+END Bar
+
+DEFINE	Foo-Bar						struct subtype=sequence
+BEGIN Foo-Bar
+MEMBER		Test-Integer				int64 has_default
+VALUE	Test-Integer			DEFAULT			1
+MEMBER		Test-Boolean				bool
+END Foo-Bar
+
+DEFINE	Test-Bitstring					octets subtype=bitstring
+
+DEFINE	Seq-Bitstring-Octets				struct
+BEGIN Seq-Bitstring-Octets
+MEMBER		Test-Bitstring				octets
+END Seq-Bitstring-Octets
+
+DEFINE	Bitstring-Struct				struct subtype=bitstring
+BEGIN Bitstring-Struct
+MEMBER		foo					bit[8]
+MEMBER		bar					bit[4]
+MEMBER		foo-bar					bit[4]
+END Bitstring-Struct
+
+DEFINE	Bitstring-Struct-7				struct subtype=bitstring
+BEGIN Bitstring-Struct-7
+MEMBER		foo					bit[2]
+MEMBER		bar					bit[1]
+MEMBER		foo-bar					bit[4]
+END Bitstring-Struct-7
+
+DEFINE	Octetstring					octets
+
+DEFINE	Seq-Octetstring					struct
+BEGIN Seq-Octetstring
+MEMBER		Octetstring				octets
+END Seq-Octetstring
+
+DEFINE	Test-NULL					bool subtype=null
+
+DEFINE	Seq-Null					struct
+BEGIN Seq-Null
+MEMBER		Test-Null				bool subtype=null
+END Seq-Null
+
+DEFINE	Seq-Integer-Null				struct
+BEGIN Seq-Integer-Null
+MEMBER		Test-Integer				int64
+MEMBER		Test-Null				bool subtype=null
+END Seq-Integer-Null
+
+DEFINE	Test-Oid					string subtype=oid
+
+DEFINE	Seq-Oid						struct subtype=sequence
+BEGIN Seq-Oid
+MEMBER		Test-Oid				string subtype=oid
+END Seq-Oid
+
+DEFINE	Test-Enumerated					int64 subtype=enumerated
+
+DEFINE	Test-String					string
+
+DEFINE	Test-String-Max					string max=5
+
+#DEFINE Test-String-UTF8         string subtype=utf8string
+DEFINE	Test-String-UTF8				utf8string
+
+DEFINE	Test-String-Custom				utf8string
+
+DEFINE	Test-String-Printable				printablestring
+
+DEFINE	Test-String-T61					t61string
+
+DEFINE	Test-String-IA5					ia5string
+
+DEFINE	Test-String-Visible				visiblestring
+
+DEFINE	Test-String-General				generalstring
+
+DEFINE	Test-String-Universal				universalstring
+
+DEFINE	Seq-String					struct
+BEGIN Seq-String
+MEMBER		Test-String				string
+END Seq-String
+
+DEFINE	Test-Date					date
+
+DEFINE	Test-UTC					utctime
+
+DEFINE	Test-Generalized-Time				generalizedtime
+
+DEFINE	Seq-Date					struct
+BEGIN Seq-Date
+MEMBER		Test-Date				date
+END Seq-Date
+
+DEFINE	Set-Bool-Integer				struct
+BEGIN Set-Bool-Integer
+MEMBER		Test-Bool				bool
+MEMBER		Test-Integer				int64
+END Set-Bool-Integer
+
+DEFINE	Test-Context-Specific				bool class=context-specific,tagnum=0,subtype=boolean
+
+DEFINE	Test-Sequence-TLV				tlv subtype=sequence
+BEGIN Test-Sequence-TLV
+DEFINE	Test-Integer					int64
+DEFINE	Test-Boolean					bool
+END Test-Sequence-TLV
+
+DEFINE	Test-TLV					tlv
+BEGIN Test-TLV
+DEFINE	Test-Integer					int64 subtype=integer
+DEFINE	Test-Boolean					bool subtype=boolean
+END Test-TLV
+
+DEFINE	Test-Sequence-GROUP				group subtype=sequence,ref=Test-TLV
+
+DEFINE	Test-Set-Struct					struct subtype=set
+BEGIN Test-Set-Struct
+MEMBER		Test-Boolean				bool subtype=boolean
+MEMBER		Test-Integer				int64 subtype=integer
+END Test-Set-Struct
+
+DEFINE	Test-Set-Bad-Struct				struct subtype=set
+BEGIN Test-Set-Bad-Struct
+MEMBER		Test-Integer				int64 subtype=integer
+MEMBER		Test-Boolean				bool subtype=boolean
+END Test-Set-Bad-Struct
+
+DEFINE	Test-Set-TLV					tlv subtype=set
+BEGIN Test-Set-TLV
+DEFINE	Test-Integer					int64 subtype=integer
+DEFINE	Test-Boolean					bool subtype=boolean
+END Test-Set-TLV
+
+DEFINE	Test-Set-GROUP					group subtype=set,ref=Test-TLV