asn1: Add support for NULL (pyca#14311)

Signed-off-by: Facundo Tuesca <facundo.tuesca@trailofbits.com>

Author: facutuesca

src/cryptography/hazmat/asn1/__init__.py

@@ -9,6 +9,7 @@
     GeneralizedTime,
     IA5String,
     Implicit,
+    Null,
     PrintableString,
     Size,
     UtcTime,
@@ -25,6 +26,7 @@
     "GeneralizedTime",
     "IA5String",
     "Implicit",
+    "Null",
     "PrintableString",
     "Size",
     "UtcTime",

src/cryptography/hazmat/asn1/asn1.py

@@ -365,3 +365,4 @@ class Default(typing.Generic[U]):
 UtcTime = declarative_asn1.UtcTime
 GeneralizedTime = declarative_asn1.GeneralizedTime
 BitString = declarative_asn1.BitString
+Null = declarative_asn1.Null

src/cryptography/hazmat/bindings/_rust/declarative_asn1.pyi

@@ -103,3 +103,8 @@ class BitString:
     def __eq__(self, other: object) -> bool: ...
     def as_bytes(self) -> bytes: ...
     def padding_bits(self) -> int: ...
+
+class Null:
+    def __new__(cls) -> Null: ...
+    def __repr__(self) -> str: ...
+    def __eq__(self, other: object) -> bool: ...

src/rust/src/declarative_asn1/decode.rs

@@ -8,8 +8,8 @@ use pyo3::types::{PyAnyMethods, PyListMethods};
 use crate::asn1::big_byte_slice_to_py_int;
 use crate::declarative_asn1::types::{
     check_size_constraint, is_tag_valid_for_type, is_tag_valid_for_variant, AnnotatedType,
-    Annotation, BitString, Encoding, GeneralizedTime, IA5String, PrintableString, Type, UtcTime,
-    Variant,
+    Annotation, BitString, Encoding, GeneralizedTime, IA5String, Null, PrintableString, Type,
+    UtcTime, Variant,
 };
 use crate::error::CryptographyError;
 
@@ -161,6 +161,15 @@ fn decode_bitstring<'a>(
     )?)
 }
 
+fn decode_null<'a>(
+    py: pyo3::Python<'a>,
+    parser: &mut Parser<'a>,
+    encoding: &Option<pyo3::Py<Encoding>>,
+) -> ParseResult<pyo3::Bound<'a, Null>> {
+    read_value::<asn1::Null>(parser, encoding)?;
+    Ok(pyo3::Bound::new(py, Null {})?)
+}
+
 // Utility function to handle explicit encoding when parsing
 // CHOICE fields.
 fn decode_choice_with_encoding<'a>(
@@ -302,6 +311,7 @@ pub(crate) fn decode_annotated_type<'a>(
         Type::UtcTime() => decode_utc_time(py, parser, encoding)?.into_any(),
         Type::GeneralizedTime() => decode_generalized_time(py, parser, encoding)?.into_any(),
         Type::BitString() => decode_bitstring(py, parser, annotation)?.into_any(),
+        Type::Null() => decode_null(py, parser, encoding)?.into_any(),
     };
 
     match &ann_type.annotation.get().default {

src/rust/src/declarative_asn1/encode.rs

@@ -262,6 +262,7 @@ impl asn1::Asn1Writable for AnnotatedTypeObject<'_> {
                     .map_err(|_| asn1::WriteError::AllocationError)?;
                 write_value(writer, &bitstring, encoding)
             }
+            Type::Null() => write_value(writer, &(), encoding),
         }
     }
 }

src/rust/src/declarative_asn1/types.rs

@@ -51,6 +51,8 @@ pub enum Type {
     GeneralizedTime(),
     /// BIT STRING (`bytes`)
     BitString(),
+    /// NULL
+    Null(),
 }
 
 /// A type that we know how to encode/decode, along with any
@@ -378,6 +380,21 @@ impl BitString {
     }
 }
 
+#[pyo3::pyclass(frozen, eq, module = "cryptography.hazmat.bindings._rust.asn1")]
+#[derive(PartialEq)]
+pub struct Null;
+
+#[pyo3::pymethods]
+impl Null {
+    #[new]
+    fn new() -> Self {
+        Null
+    }
+    pub fn __repr__(&self) -> String {
+        "Null()".to_string()
+    }
+}
+
 /// Utility function for converting builtin Python types
 /// to their Rust `Type` equivalent.
 #[pyo3::pyfunction]
@@ -405,6 +422,8 @@ pub fn non_root_python_to_rust<'p>(
         Type::GeneralizedTime().into_pyobject(py)
     } else if class.is(BitString::type_object(py)) {
         Type::BitString().into_pyobject(py)
+    } else if class.is(Null::type_object(py)) {
+        Type::Null().into_pyobject(py)
     } else {
         Err(pyo3::exceptions::PyTypeError::new_err(format!(
             "cannot handle type: {class:?}"
@@ -523,6 +542,7 @@ pub(crate) fn is_tag_valid_for_type(
             check_tag_with_encoding(asn1::GeneralizedTime::TAG, encoding, tag)
         }
         Type::BitString() => check_tag_with_encoding(asn1::BitString::TAG, encoding, tag),
+        Type::Null() => check_tag_with_encoding(asn1::Null::TAG, encoding, tag),
     }
 }
 

src/rust/src/lib.rs

@@ -153,7 +153,7 @@ mod _rust {
         #[pymodule_export]
         use crate::declarative_asn1::types::{
             non_root_python_to_rust, AnnotatedType, Annotation, BitString, Encoding,
-            GeneralizedTime, IA5String, PrintableString, Size, Type, UtcTime, Variant,
+            GeneralizedTime, IA5String, Null, PrintableString, Size, Type, UtcTime, Variant,
         };
     }
 

tests/hazmat/asn1/test_api.py

@@ -148,6 +148,9 @@ def test_invalid_bitstring(self) -> None:
             # Padding bits have to be zero
             asn1.BitString(data=b"\x01\x02\x03", padding_bits=2)
 
+    def test_repr_null(self) -> None:
+        assert repr(asn1.Null()) == "Null()"
+
 
 class TestSequenceAPI:
     def test_fail_unsupported_field(self) -> None:

tests/hazmat/asn1/test_serialization.py

@@ -301,6 +301,11 @@ def test_fail_bitstring(self) -> None:
             asn1.decode_der(asn1.BitString, b"\x03\x02\x08\x00")
 
 
+class TestNull:
+    def test_ok_null(self) -> None:
+        assert_roundtrips([(asn1.Null(), b"\x05\x00")])
+
+
 class TestSequence:
     def test_ok_sequence_single_field(self) -> None:
         @asn1.sequence
@@ -467,7 +472,8 @@ class Example:
             h: typing.Union[asn1.BitString, None]
             i: typing.Union[asn1.IA5String, None]
             j: typing.Union[x509.ObjectIdentifier, None]
-            k: Annotated[typing.Union[str, None], asn1.Implicit(0)]
+            k: typing.Union[asn1.Null, None]
+            z: Annotated[typing.Union[str, None], asn1.Implicit(0)]
             only_field_present: Annotated[
                 typing.Union[str, None], asn1.Implicit(1)
             ]
@@ -487,6 +493,7 @@ class Example:
                         i=None,
                         j=None,
                         k=None,
+                        z=None,
                         only_field_present="a",
                     ),
                     b"\x30\x03\x81\x01a",
@@ -537,7 +544,11 @@ class Example:
             j: Annotated[
                 typing.Union[int, bool], asn1.Default(3), asn1.Explicit(0)
             ]
-            k: Annotated[str, asn1.Default("a"), asn1.Implicit(0)]
+            k: Annotated[
+                asn1.Null,
+                asn1.Default(asn1.Null()),
+            ]
+            z: Annotated[str, asn1.Default("a"), asn1.Implicit(0)]
             only_field_present: Annotated[
                 str, asn1.Default("a"), asn1.Implicit(1)
             ]
@@ -556,7 +567,8 @@ class Example:
                         h=asn1.IA5String("a"),
                         i=default_oid,
                         j=3,
-                        k="a",
+                        k=asn1.Null(),
+                        z="a",
                         only_field_present="b",
                     ),
                     b"\x30\x03\x81\x01b",