krypt 0.0.1

data/spec/krypt-core/hex/hex_spec.rb

@@ -0,0 +1,102 @@
+require 'rspec'
+require 'krypt'
+
+describe Krypt::Hex do 
+
+  let(:mod) { Krypt::Hex }
+
+  describe "encode" do
+    context "single parameter data" do
+      context "RFC 4648 test vectors" do
+        specify "empty string" do
+          mod.encode("").should == ""
+        end
+
+        specify "f" do
+          mod.encode("f").should == "66"
+        end
+
+        specify "fo" do
+          mod.encode("fo").should == "666f"
+        end
+
+        specify "foo" do
+          mod.encode("foo").should == "666f6f"
+        end
+
+        specify "foob" do
+          mod.encode("foob").should == "666f6f62"
+        end
+
+        specify "fooba" do
+          mod.encode("fooba").should == "666f6f6261"
+        end
+
+        specify "foobar" do
+          mod.encode("foobar").should == "666f6f626172"
+        end
+      end
+    end
+
+    it "should return a string with US-ASCII encoding" do
+      mod.encode("test").encoding.should == Encoding::US_ASCII
+    end
+
+    it "should return a string with US-ASCII encoding even if
+        the underlying encoding is not" do
+      auml = [%w{ C3 A4 }.join('')].pack('H*')
+      auml.force_encoding(Encoding::UTF_8)
+      mod.encode(auml).encoding.should == Encoding::US_ASCII
+    end
+  end
+
+  describe "decode" do
+    context "RFC 4648 test vectors" do
+      specify "empty string" do
+        mod.decode("").should == ""
+      end
+
+      specify "f" do
+        mod.decode("66").should == "f"
+      end
+
+      specify "fo" do
+        mod.decode("666f").should == "fo"
+      end
+
+      specify "foo" do
+        mod.decode("666f6f").should == "foo"
+      end
+
+      specify "foob" do
+        mod.decode("666f6f62").should == "foob"
+      end
+
+      specify "fooba" do
+        mod.decode("666f6f6261").should == "fooba"
+      end
+
+      specify "foobar" do
+        mod.decode("666f6f626172").should == "foobar"
+      end
+    end
+
+    it "should return a string with binary encoding" do
+      mod.decode("666f6f626172").encoding.should == Encoding::BINARY
+    end
+
+    it "should return a string with US-ASCII encoding even if
+        the underlying encoding is not" do
+      data = "666f"
+      data.force_encoding(Encoding::UTF_8)
+      mod.decode(data).encoding.should == Encoding::BINARY
+    end
+
+    it "ignores case for a-f" do
+      str = "666f6f626172"
+      dec = "foobar"
+      mod.decode(str).should == dec
+      mod.decode(str.upcase).should == dec 
+    end
+  end
+end

data/spec/krypt-core/pem/pem_decode_spec.rb

@@ -0,0 +1,235 @@
+# encoding: US-ASCII
+
+require 'rspec'
+require 'krypt'
+require 'stringio'
+require 'base64'
+require_relative '../resources'
+
+describe Krypt::PEM do
+  let(:mod) { Krypt::PEM }
+  let(:pemerror) { Krypt::PEM::PEMError }
+  let(:intb64) { ::Base64.encode64("\x02\x01\x01") }
+
+  def create_pem_b64(b64, name)
+    "-----BEGIN #{name}-----\n#{b64}-----END #{name}-----\n"
+  end
+
+  describe "PEM.decode" do
+    subject { mod.decode(value) }
+
+    context "returns an Array" do
+      let(:value) { Resources.certificate_pem }
+      it { should be_an_instance_of(Array) }
+    end
+
+    context"decodes Strings" do
+      context "decodes a single PEM value" do
+        let(:value) { Resources.certificate_pem }
+        its(:size) { should == 1 }
+        it { subject[0].should == Resources.certificate }
+      end
+
+      context "decodes multiple PEM values" do
+        let(:value) { Resources.certificate_pem * 3 }
+        its(:size) { should == 3 }
+        it { subject.all? { |der| der == Resources.certificate }.should be_true }
+      end
+
+      context "decodes multiple mixed PEM values" do
+        let(:value) { Resources.certificate_pem + create_pem_b64(intb64, "INTEGER") }
+        its(:size) { should == 2 }
+        it do
+          subject[0].should == Resources.certificate
+          subject[1].should == "\x02\x01\x01"
+        end
+      end
+
+      context "decodes long PEM values" do
+        let(:der) { "\x04\x82\x4E\x20" + "\x01" * 20_000 }
+        let(:value) { create_pem_b64("#{::Base64.encode64(der)}", "OCTET STRING") }
+        its(:size) { should == 1 }
+        it { subject[0].should == der }
+      end
+    end
+
+    context "decodes StringIO" do
+      context "decodes a single PEM value" do
+        let(:value) { StringIO.new(Resources.certificate_pem) }
+        its(:size) { should == 1 }
+        it { subject[0].should == Resources.certificate }
+      end
+
+      context "decodes multiple PEM values" do
+        let(:value) { StringIO.new(Resources.certificate_pem * 3) }
+        its(:size) { should == 3 }
+        it { subject.all? { |der| der == Resources.certificate }.should be_true }
+      end
+    end
+
+    context "decodes Files" do
+      subject do
+        begin
+          mod.decode(io)
+        ensure
+          io.close
+        end
+      end
+
+      context "decodes a File containing a single PEM value" do
+        let(:io) { Resources.certificate_pem_io }
+        its(:size) { should == 1 }
+        it { subject[0].should == Resources.certificate }
+      end
+
+      context "decodes a File containing multiple PEM values" do
+        let(:io) { Resources.multi_certificate_pem_io }
+        its(:size) { should == 3 }
+        it { subject.all? { |der| der == Resources.certificate }.should be_true }
+      end
+    end
+    
+    context "decodes arbitrary objects that respond to to_pem" do
+      let(:value) do
+        o = Object.new
+        def o.to_pem
+          Resources.certificate_pem
+        end
+        o
+      end
+      its(:size) { should == 1 }
+      it { subject[0].should == Resources.certificate }
+    end
+
+    context "does not require terminating line break" do
+      let(:value) { "-----BEGIN ABC-----\n#{intb64}-----END ABC-----" }
+      its(:size) { should == 1 }
+      it { subject[0].should == "\x02\x01\x01" }
+    end
+
+    context "ignores empty lines" do
+      context "LF" do
+        let(:value) { "\n" + create_pem_b64("\n#{intb64}\n", "INTEGER") + "\n" }
+        its(:size) { should == 1 }
+        it { subject[0].should == "\x02\x01\x01" }
+      end
+
+      context "CRLF" do
+        let(:value) { "\r\n" + create_pem_b64("\r\n#{intb64}\r\n", "INTEGER") + "\r\n" }
+        its(:size) { should == 1 }
+        it { subject[0].should == "\x02\x01\x01" }
+      end
+    end
+
+    context "normalizes CRLF and LF" do
+      context "LF only" do
+        let(:value) { "-----BEGIN A-----\n#{intb64}-----END A-----\n" }
+        it { subject[0].should == "\x02\x01\x01" }
+      end
+
+      context "CRLF only" do
+        let(:value) { "-----BEGIN A-----\r\n#{::Base64.encode64("\x02\x01\x01")}\r\n-----END A-----\r\n" }
+        it { subject[0].should == "\x02\x01\x01" }
+      end
+
+      context "mixed: CRLF header, LF footer" do
+        let(:value) { "-----BEGIN A-----\r\n#{intb64}-----END A-----\n" }
+        it { subject[0].should == "\x02\x01\x01" }
+      end
+
+      context "mixed: LF header, CRLF footer" do
+        let(:value) { "-----BEGIN A-----\n#{intb64}-----END A-----\r\n" }
+        it { subject[0].should == "\x02\x01\x01" }
+      end
+    end
+
+    context "allows arbitrary content between PEM blocks" do
+      context "String with LF as last character" do
+        let(:value) { "Next up a certificate.\n#{Resources.certificate_pem}After the certificate\n" }
+        its(:size) { should == 1 }
+        it { subject[0].should == Resources.certificate }
+      end
+
+      context "String not ending in LF as last character" do
+        let(:value) { "Next up a certificate.\n#{Resources.certificate_pem}After the certificate" }
+        its(:size) { should == 1 }
+        it { subject[0].should == Resources.certificate }
+      end
+
+      context "File containing a 'CA certificate bundle'" do
+        let(:value) { Resources.ca_certificate_pem_io }
+        its(:size) { should == 136 }
+      end
+    end
+
+    context "rejects values with non-matching names" do
+      let(:value) { "-----BEGIN A-----\n#{intb64}-----END B-----" }
+      it { -> { subject }.should raise_error pemerror }
+    end
+
+    context "allows no redundant whitespace" do
+      context"leading in header" do
+        let(:value) { " -----BEGIN A-----\n#{intb64}-----END A-----" }
+        it { subject.should be_empty }
+      end
+
+      context"leading in footer" do
+        let(:value) { "-----BEGIN A-----\n#{intb64} -----END A-----" }
+        it { -> { subject }.should raise_error pemerror }
+      end
+ 
+      context"trailing in header" do
+        let(:value) { "-----BEGIN A----- \n#{intb64}-----END A-----" }
+        it { subject.should be_empty }
+      end
+
+      context"trailing in footer" do
+        let(:value) { "-----BEGIN A-----\n#{intb64}-----END A----- " }
+        it { -> { subject }.should raise_error pemerror }
+      end
+    end
+
+    context "does not expect line breaks for Base64 content" do
+      context "in small data" do
+        let(:der) { "\x04\x82\x03\xE8" + "\x01" * 80 }
+        let(:value) { "-----BEGIN ABC-----\n#{::Base64.strict_encode64(der)}\n-----END ABC-----" }
+        it { subject[0].should == der }
+      end
+
+      context "in large data" do
+        let(:der) { "\x04\x82\x4E\x20" + "\x01" * 20_000 }
+        let(:value) { "-----BEGIN ABC-----\n#{::Base64.strict_encode64(der)}\n-----END ABC-----" }
+        it { subject[0].should == der }
+      end
+    end
+
+    context "takes a block" do
+      context "whose first argument is the current value" do
+        let(:value) { Resources.certificate_pem * 3 }
+        it do
+          ary = []
+          cmp = mod.decode(value) { |asn1| ary << asn1 }
+          ary.should == cmp
+        end
+      end
+
+      context "whose second argument is the name of the current value" do
+        let(:value) { Resources.certificate_pem * 3 }
+        it do
+          ary = []
+          mod.decode(value) { |asn1, name| ary << name }
+          ary.should == ["CERTIFICATE", "CERTIFICATE", "CERTIFICATE"]
+        end
+      end
+
+      context "whose third argument is the current index, starting at 0" do
+        let(:value) { Resources.certificate_pem * 3 }
+        it do
+          ary = []
+          mod.decode(value) { |asn1, name, i| ary << i }
+          ary.should == [0,1,2]
+        end
+      end
+    end
+  end
+end

data/spec/krypt-core/resources.rb

@@ -0,0 +1 @@
+require_relative '../resources'

data/spec/krypt-core/template/template_choice_parse_spec.rb

@@ -0,0 +1,289 @@
+# encoding: US-ASCII
+
+require 'rspec'
+require 'krypt'
+require_relative '../resources'
+
+describe "Krypt::ASN1::Template::Choice" do
+  CHOICE = Krypt::ASN1::Template::Choice
+  let(:asn1error) { Krypt::ASN1::ASN1Error }
+  
+  context "extracted from parse_der" do
+    subject { template.parse_der(der) }
+
+    context "single field" do
+      let(:template) do
+        Class.new do
+          include CHOICE
+          asn1_integer
+        end
+      end
+
+      context "accepts correct encoding" do
+        let(:der) { "\x02\x01\x01" }
+        its(:value) { should == 1 }
+        it { subject.type.should == Krypt::ASN1::INTEGER }
+        it { subject.tag.should == Krypt::ASN1::INTEGER }
+        it { subject.should be_an_instance_of template }
+        its(:to_der) { should == der }
+      end
+
+      context "rejects wrong encoding" do
+        let(:der) { "\x04\x01\x01" }
+        it { -> { subject.value }.should raise_error asn1error }
+      end
+
+      context "rejects encoding that is not complete" do
+        let(:der) { "\x02\x01" }
+        it { -> { subject.value }.should raise_error asn1error }
+      end
+    end
+
+    context "two fields" do
+      let(:template) do
+        Class.new do
+          include CHOICE
+          asn1_integer
+          asn1_boolean
+        end
+      end
+
+      context "accepts correct encoding integer" do
+        let(:der) { "\x02\x01\x01" }
+        its(:value) { should == 1 }
+        its(:type) { should == Krypt::ASN1::INTEGER }
+        its(:tag) { should == Krypt::ASN1::INTEGER }
+        it { subject.should be_an_instance_of template }
+        its(:to_der) { should == der }
+      end
+
+      context "accepts correct encoding boolean" do
+        let(:der) { "\x01\x01\xFF" }
+        its(:value) { should == true }
+        its(:type) { should == Krypt::ASN1::BOOLEAN }
+        its(:tag) { should == Krypt::ASN1::BOOLEAN }
+        it { subject.should be_an_instance_of template }
+        its(:to_der) { should == der }
+      end
+
+      context "rejects wrong encoding" do
+        let(:der) { "\x04\x01\xFF" }
+        it { -> { subject.value }.should raise_error asn1error }
+      end
+    end
+
+    context "preserves non-DER encodings" do
+      let(:template) do
+        Class.new do
+          include CHOICE
+          asn1_boolean 
+        end
+      end
+      let(:der) { "\x01\x83\x00\x00\x01\x22" }
+      its(:to_der) { should == der }
+    end
+
+    context "does not choke on invalid encodings" do
+      let(:template) do
+        Class.new do
+          include CHOICE
+          asn1_integer
+          asn1_octet_string
+        end
+      end
+
+      context "when parsing them" do
+        let(:der) { "\x02\x00" }
+        it { -> { subject }.should_not raise_error }
+      end
+
+      context "and encodes them again exactly as received" do
+        let(:der) { "\x02\x00" }
+        its(:to_der) { should == der }
+      end
+
+      context "but raises an error when accessing the fields" do
+        let(:der) { "\x02\x00" }
+        it { -> { subject.value }.should raise_error asn1error }
+      end
+
+      context "but raises an error if the tag does not match" do
+        let(:der) { "\x01\x01\xFF" }
+        it { -> { subject.value }.should raise_error asn1error }
+      end
+    end
+
+    context "with inner templates" do
+      let(:template2) do
+        Class.new do
+          include Krypt::ASN1::Template::Sequence
+          asn1_integer :a
+        end
+      end
+
+      context "no further options" do
+        let(:template) do
+          t = template2
+          Class.new do
+            include CHOICE
+            asn1_template t
+          end
+        end
+        let(:der) { "\x30\x03\x02\x01\x01" }
+        its(:value) { should be_an_instance_of template2 }
+        its(:tag) { should == Krypt::ASN1::SEQUENCE }
+        its(:type) { should == template2 }
+        it { subject.value.a.should == 1 }
+      end
+
+      context "with implicit tags" do
+        let(:template3) do
+          Class.new do
+            include Krypt::ASN1::Template::Sequence
+            asn1_boolean :a
+          end
+        end
+        let(:template) do
+          t2 = template2
+          t3 = template3
+          Class.new do
+            include CHOICE
+            asn1_template t2, tag: 0, tagging: :IMPLICIT
+            asn1_template t3, tag: 1, tagging: :IMPLICIT
+          end
+        end
+
+        context "matches first" do
+          let(:der) { "\xA0\x03\x02\x01\x01" }
+          its(:value) { should be_an_instance_of template2 }
+          its(:tag) { should == 0 }
+          its(:type) { should == template2 }
+          it { subject.value.a.should == 1 }
+        end
+
+        context "matches second" do
+          let(:der) { "\xA1\x03\x01\x01\xFF" }
+          its(:value) { should be_an_instance_of template3 }
+          its(:tag) { should == 1 }
+          its(:type) { should == template3 }
+          it { subject.value.a.should == true }
+        end
+      end
+
+      context "with explicit tags" do
+        let(:template3) do
+          Class.new do
+            include Krypt::ASN1::Template::Sequence
+            asn1_boolean :a
+          end
+        end
+        let(:template) do
+          t2 = template2
+          t3 = template3
+          Class.new do
+            include CHOICE
+            asn1_template t2, tag: 0, tagging: :EXPLICIT
+            asn1_template t3, tag: 1, tagging: :EXPLICIT
+          end
+        end
+
+        context "matches first" do
+          let(:der) { "\xA0\x05\x30\x03\x02\x01\x01" }
+          its(:value) { should be_an_instance_of template2 }
+          its(:tag) { should == 0 }
+          its(:type) { should == template2 }
+          it { subject.value.a.should == 1 }
+        end
+
+        context "matches second" do
+          let(:der) { "\xA1\x05\x30\x03\x01\x01\xFF" }
+          its(:value) { should be_an_instance_of template3 }
+          its(:tag) { should == 1 }
+          its(:type) { should == template3 }
+          it { subject.value.a.should == true }
+        end
+      end
+
+      context "with SEQUENCE OF" do
+        let(:template) do
+          t2 = template2
+          Class.new do
+            include CHOICE
+            asn1_sequence_of t2
+          end
+        end
+        let(:der) { "\x30\x0A\x30\x03\x02\x01\x01\x30\x03\x02\x01\x01" }
+        its(:value) { should be_an_instance_of Array }
+        its(:type) { should == template2 }
+        its(:tag) { should == Krypt::ASN1::SEQUENCE }
+        it { subject.value.size.should == 2 }
+        it { subject.value.all? { |v| v.instance_of?(template2) && v.a == 1 }.should == true }
+        its(:to_der) { should == der }
+      end
+
+      context "with SET OF" do
+        let(:template) do
+          t2 = template2
+          Class.new do
+            include CHOICE
+            asn1_set_of t2
+          end
+        end
+        let(:der) { "\x31\x0A\x30\x03\x02\x01\x01\x30\x03\x02\x01\x01" }
+        its(:value) { should be_an_instance_of Array }
+        its(:type) { should == template2 }
+        its(:tag) { should == Krypt::ASN1::SET }
+        it { subject.value.size.should == 2 }
+        it { subject.value.all? { |v| v.instance_of?(template2) && v.a == 1 }.should == true }
+        its(:to_der) { should == der }
+      end
+
+      context "with ANY" do
+        context "alone" do
+          let(:template) do
+            t2 = template2
+            Class.new do
+              include CHOICE
+              asn1_any
+            end
+          end
+          let(:der) { "\x02\x01\x01" }
+          its(:value) { should be_an_instance_of Krypt::ASN1::Integer }
+          its(:type) { should == Krypt::ASN1::ASN1Data }
+          its(:tag) { should == Krypt::ASN1::INTEGER }
+          it { subject.value.value.should == 1 }
+          its(:to_der) { should == der }
+        end
+
+        context "the first ANY field matches if no other will" do
+          let(:template) do
+            t2 = template2
+            Class.new do
+              include CHOICE
+              asn1_integer
+              asn1_any
+            end
+          end
+
+          context "other matches" do
+            let(:der) { "\x02\x01\x01" }
+            its(:value) { should == 1 }
+            its(:type) { should == Krypt::ASN1::INTEGER }
+            its(:tag) { should == Krypt::ASN1::INTEGER }
+            its(:to_der) { should == der }
+          end
+
+          context "ANY matches" do
+            let(:der) { "\x01\x01\xFF" }
+            its(:value) { should be_an_instance_of Krypt::ASN1::Boolean }
+            its(:type) { should == Krypt::ASN1::ASN1Data }
+            its(:tag) { should == Krypt::ASN1::BOOLEAN }
+            it { subject.value.value.should == true }
+            its(:to_der) { should == der }
+          end
+        end
+      end
+    end
+  end
+end
+