yubikey_test.go

  1package pgp
  2
  3import (
  4	"errors"
  5	"strconv"
  6	"strings"
  7	"testing"
  8)
  9
 10// TestParseASN1Signature_TruncatedDoesNotPanic covers the bounds-check path
 11// added for #613. Each input would have panicked in the original parser
 12// with "index out of range"; here we expect a typed error instead.
 13func TestParseASN1Signature_TruncatedDoesNotPanic(t *testing.T) {
 14	cases := []struct {
 15		name    string
 16		der     []byte
 17		wantErr string
 18	}{
 19		{
 20			// Length byte declares 0x10 bytes of R but only 1 byte follows.
 21			name:    "R length overruns buffer",
 22			der:     []byte{0x30, 0x06, 0x02, 0x10, 0xAA, 0x00},
 23			wantErr: "R length overflow",
 24		},
 25		{
 26			// Length byte declares 0x10 bytes of S but only 1 byte follows.
 27			name:    "S length overruns buffer",
 28			der:     []byte{0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x10, 0xAA},
 29			wantErr: "S length overflow",
 30		},
 31		{
 32			// Valid R, then no S block at all.
 33			name:    "missing S after R",
 34			der:     []byte{0x30, 0x06, 0x02, 0x01, 0x01, 0x00},
 35			wantErr: "expected INTEGER tag for S",
 36		},
 37	}
 38
 39	for _, tc := range cases {
 40		t.Run(tc.name, func(t *testing.T) {
 41			// The test must not panic: the fix replaces panics with errors.
 42			defer func() {
 43				if r := recover(); r != nil {
 44					t.Fatalf("parseASN1Signature panicked: %v", r)
 45				}
 46			}()
 47			_, _, err := parseASN1Signature(tc.der)
 48			if err == nil {
 49				t.Fatalf("want error, got nil")
 50			}
 51			if !strings.Contains(err.Error(), tc.wantErr) {
 52				t.Fatalf("error = %q, want it to mention %q", err.Error(), tc.wantErr)
 53			}
 54		})
 55	}
 56}
 57
 58// TestParseASN1Signature_WellFormed guards against regressions in the
 59// happy path: a minimal SEQUENCE { INTEGER, INTEGER } must still decode
 60// to the original r and s bytes.
 61func TestParseASN1Signature_WellFormed(t *testing.T) {
 62	// SEQUENCE (6 bytes) { INTEGER 0x01, INTEGER 0x02 }
 63	der := []byte{0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x02}
 64
 65	r, s, err := parseASN1Signature(der)
 66	if err != nil {
 67		t.Fatalf("unexpected error: %v", err)
 68	}
 69	if len(r) != 1 || r[0] != 0x01 {
 70		t.Errorf("r = %x, want 01", r)
 71	}
 72	if len(s) != 1 || s[0] != 0x02 {
 73		t.Errorf("s = %x, want 02", s)
 74	}
 75}
 76
 77func TestGenerateMIMEBoundaryUsesCryptoRandomBytes(t *testing.T) {
 78	oldRandRead := randRead
 79	defer func() { randRead = oldRandRead }()
 80
 81	randRead = func(p []byte) (int, error) {
 82		for i := range p {
 83			p[i] = byte(i)
 84		}
 85		return len(p), nil
 86	}
 87
 88	got := generateMIMEBoundary()
 89	want := "----=_Part_000102030405060708090a0b0c0d0e0f"
 90	if got != want {
 91		t.Fatalf("boundary = %q, want %q", got, want)
 92	}
 93}
 94
 95func TestGenerateMIMEBoundaryFallsBackToUnixNano(t *testing.T) {
 96	oldRandRead := randRead
 97	defer func() { randRead = oldRandRead }()
 98
 99	randRead = func(_ []byte) (int, error) {
100		return 0, errors.New("random source unavailable")
101	}
102
103	const prefix = "----=_Part_"
104	got := generateMIMEBoundary()
105	if !strings.HasPrefix(got, prefix) {
106		t.Fatalf("boundary = %q, want prefix %q", got, prefix)
107	}
108	if _, err := strconv.ParseInt(strings.TrimPrefix(got, prefix), 10, 64); err != nil {
109		t.Fatalf("fallback boundary suffix is not a UnixNano timestamp: %v", err)
110	}
111}