summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/der_gtest/der_quickder_unittest.cc
blob: 944117909d178237b0616ff4db60b8f296d33d65 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

#include <stdint.h>

#include "gtest/gtest.h"
#include "scoped_ptrs_util.h"

#include "nss.h"
#include "prerror.h"
#include "secasn1.h"
#include "secder.h"
#include "secerr.h"
#include "secitem.h"

const SEC_ASN1Template mySEC_NullTemplate[] = {
    {SEC_ASN1_NULL, 0, NULL, sizeof(SECItem)}};

namespace nss_test {

class QuickDERTest : public ::testing::Test,
                     public ::testing::WithParamInterface<SECItem> {};

static const uint8_t kNullTag = 0x05;
static const uint8_t kLongLength = 0x80;

// Length of zero wrongly encoded as 0x80 instead of 0x00.
static uint8_t kOverlongLength_0_0[] = {kNullTag, kLongLength | 0};

// Length of zero wrongly encoded as { 0x81, 0x00 } instead of 0x00.
static uint8_t kOverlongLength_1_0[] = {kNullTag, kLongLength | 1, 0x00};

// Length of zero wrongly encoded as:
//
//     { 0x90, <arbitrary junk of 12 bytes>,
//       0x00, 0x00, 0x00, 0x00 }
//
// instead of 0x00. Note in particular that if there is an integer overflow
// then the arbitrary junk is likely get left-shifted away, as long as there
// are at least sizeof(length) bytes following it. This would be a good way to
// smuggle arbitrary input into DER-encoded data in a way that an non-careful
// parser would ignore.
static uint8_t kOverlongLength_16_0[] = {kNullTag, kLongLength | 0x10,
                                         0x11,     0x22,
                                         0x33,     0x44,
                                         0x55,     0x66,
                                         0x77,     0x88,
                                         0x99,     0xAA,
                                         0xBB,     0xCC,
                                         0x00,     0x00,
                                         0x00,     0x00};

static const SECItem kInvalidDER[] = {
    {siBuffer, kOverlongLength_0_0, sizeof(kOverlongLength_0_0)},
    {siBuffer, kOverlongLength_1_0, sizeof(kOverlongLength_1_0)},
    {siBuffer, kOverlongLength_16_0, sizeof(kOverlongLength_16_0)},
};

TEST_P(QuickDERTest, InvalidLengths) {
  const SECItem& original_input(GetParam());

  ScopedSECItem copy_of_input(SECITEM_AllocItem(nullptr, nullptr, 0U));
  ASSERT_TRUE(copy_of_input);
  ASSERT_EQ(SECSuccess,
            SECITEM_CopyItem(nullptr, copy_of_input.get(), &original_input));

  PORTCheapArenaPool pool;
  PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);
  ScopedSECItem parsed_value(SECITEM_AllocItem(nullptr, nullptr, 0U));
  ASSERT_TRUE(parsed_value);
  ASSERT_EQ(SECFailure,
            SEC_QuickDERDecodeItem(&pool.arena, parsed_value.get(),
                                   mySEC_NullTemplate, copy_of_input.get()));
  ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
  PORT_DestroyCheapArena(&pool);
}

INSTANTIATE_TEST_CASE_P(QuickderTestsInvalidLengths, QuickDERTest,
                        testing::ValuesIn(kInvalidDER));

}  // namespace nss_test