Skip to content

Commit 54e2981

Browse files
rtpt-erikgeiserrtpt-erikgeiser
committed
pkinit: Fix asn1 structures and add tests that ensures that they can be serialized
1 parent 3d18e8a commit 54e2981

3 files changed

Lines changed: 113 additions & 6 deletions

File tree

pkinit/asn1.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ var (
2323
)
2424

2525
type SignerInfo struct {
26-
Version uint64 `asn1:"default:1"`
26+
Version int `asn1:"default:1"`
2727
IssuerAndSerialNumber IssuerAndSerial
2828
DigestAlgorithm pkix.AlgorithmIdentifier
2929
AuthenticatedAttributes []Attribute `asn1:"optional,omitempty,tag:0"`
@@ -48,7 +48,7 @@ type ContentInfo struct {
4848
}
4949

5050
type SignedData struct {
51-
Version uint64 `asn1:"default:1"`
51+
Version int `asn1:"default:1"`
5252
DigestAlgorithmIdentifiers []pkix.AlgorithmIdentifier `asn1:"set"`
5353
ContentInfo ContentInfo
5454
Certificates RawCertificates `asn1:"optional,tag:0"`
@@ -95,9 +95,9 @@ type PKAuthenticator struct {
9595
// paChecksum [3] OCTET STRING OPTIONAL,
9696
// ...
9797
// asn1
98-
CUSec uint32 `asn1:"tag:0,explicit"`
98+
CUSec int `asn1:"tag:0,explicit"`
9999
CTime time.Time `asn1:"tag:1,explicit,generalized"`
100-
Nonce uint32 `asn1:"tag:2,explicit"`
100+
Nonce int `asn1:"tag:2,explicit"`
101101
Checksum []byte `asn1:"tag:3,explicit,optional"`
102102
}
103103

pkinit/asn1_test.go

Lines changed: 107 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
package pkinit
2+
3+
import (
4+
"crypto/x509/pkix"
5+
"encoding/asn1"
6+
"fmt"
7+
"math/big"
8+
"testing"
9+
"time"
10+
)
11+
12+
func TestASN1Marshal(t *testing.T) {
13+
// just a simple asn1.Marshal test that ensures that the asn1 structs do not
14+
// contain unexpected types (like uint32 instead of int) that only cause
15+
// errors at runtime.
16+
tests := []any{
17+
SignerInfo{
18+
Version: 1,
19+
IssuerAndSerialNumber: IssuerAndSerial{
20+
IssuerName: asn1.RawValue{},
21+
SerialNumber: big.NewInt(12345),
22+
},
23+
DigestAlgorithm: pkix.AlgorithmIdentifier{
24+
Algorithm: asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 5},
25+
Parameters: asn1.RawValue{Tag: 5},
26+
},
27+
DigestEncryptionAlgorithm: pkix.AlgorithmIdentifier{
28+
Algorithm: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1},
29+
Parameters: asn1.RawValue{Tag: 5},
30+
},
31+
EncryptedDigest: []byte("signature"),
32+
},
33+
Attribute{
34+
Type: asn1.ObjectIdentifier{1, 2, 3},
35+
Value: asn1.RawValue{},
36+
},
37+
IssuerAndSerial{
38+
IssuerName: asn1.RawValue{Tag: 16 /* SEQUENCE */},
39+
SerialNumber: big.NewInt(67890),
40+
},
41+
ContentInfo{
42+
ContentType: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 2},
43+
},
44+
SignedData{
45+
Version: 1,
46+
ContentInfo: ContentInfo{
47+
ContentType: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 2},
48+
},
49+
SignerInfos: []SignerInfo{},
50+
},
51+
RawCertificates{
52+
Raw: []byte{0x30, 0x03, 0x01, 0x00, 0x00},
53+
},
54+
AuthPack{
55+
PKAuthenticator: PKAuthenticator{
56+
CUSec: 123,
57+
CTime: time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
58+
Nonce: 42,
59+
Checksum: []byte("checksum"),
60+
},
61+
},
62+
PKAuthenticator{
63+
CUSec: 123,
64+
CTime: time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
65+
Nonce: 42,
66+
Checksum: []byte("checksum"),
67+
},
68+
SubjectPublicKeyInfo{
69+
Algorithm: AlgorithmIdentifier{
70+
Algorithm: asn1.ObjectIdentifier{1, 2, 840, 10046, 2, 1},
71+
},
72+
PublicKey: asn1.BitString{Bytes: []byte{0x04}, BitLength: 8},
73+
},
74+
AlgorithmIdentifier{
75+
Algorithm: asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1},
76+
},
77+
DomainParameters{
78+
P: big.NewInt(23),
79+
G: 5,
80+
Q: 11,
81+
},
82+
PAPKASRep{
83+
DHInfo: asn1.RawValue{},
84+
},
85+
PAPACRequest{
86+
IncludePAC: true,
87+
},
88+
DHRepInfo{
89+
DHSignedData: []byte("data"),
90+
ServerDHNonce: []byte("nonce"),
91+
},
92+
KDCDHKeyInfo{
93+
SubjectPublicKey: asn1.BitString{Bytes: []byte{0x04}, BitLength: 8},
94+
Nonce: big.NewInt(999),
95+
DHKeyExpication: time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
96+
},
97+
}
98+
99+
for _, val := range tests {
100+
t.Run(fmt.Sprintf("%T", val), func(t *testing.T) {
101+
_, err := asn1.MarshalWithParams(val, "")
102+
if err != nil {
103+
t.Errorf("asn1.Marshal() failed for %T: %v", val, err)
104+
}
105+
})
106+
}
107+
}

pkinit/asreq.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -51,9 +51,9 @@ func ConfigureASReq(
5151

5252
authPack := AuthPack{
5353
PKAuthenticator: PKAuthenticator{
54-
CUSec: uint32(now.UnixMicro() - now.Truncate(time.Millisecond).UnixMicro()),
54+
CUSec: int(now.UnixMicro() - now.Truncate(time.Millisecond).UnixMicro()),
5555
CTime: now,
56-
Nonce: mathRand.Uint32(), //nolint:gosec
56+
Nonce: int(mathRand.Uint32()), //nolint:gosec
5757
Checksum: pkAuthenticatorChecksum,
5858
},
5959
ClientPublicValue: SubjectPublicKeyInfo{

0 commit comments

Comments
 (0)