fix: fix MessageImprint.HashAlgorithm.Parameters (#24)

Signed-off-by: Patrick Zheng <[email protected]>
notaryproject · Jul 2, 2024 · d918484 · d918484
1 parent 0bcf659
commit d918484
Show file tree

Hide file tree

Showing 5 changed files with 103 additions and 4 deletions.
diff --git a/conformance_test.go b/conformance_test.go
@@ -557,12 +557,12 @@ func (tsa *testTSA) generateSignedData(infoBytes []byte, requestCert bool) (cms.
 func convertToRawASN1(val interface{}, params string) (asn1.RawValue, error) {
 	b, err := asn1.MarshalWithParams(val, params)
 	if err != nil {
-		return asn1.NullRawValue, err
+		return asn1NullRawValue, err
 	}
 	var raw asn1.RawValue
 	_, err = asn1.UnmarshalWithParams(b, &raw, params)
 	if err != nil {
-		return asn1.NullRawValue, err
+		return asn1NullRawValue, err
 	}
 	return raw, nil
 }
diff --git a/internal/encoding/asn1/asn1.go b/internal/encoding/asn1/asn1.go
@@ -0,0 +1,28 @@
+// Copyright The Notary Project Authors.
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package asn1
+
+import (
+	"bytes"
+	"encoding/asn1"
+)
+
+// EqualRawValue returns true if two asn1.RawValue are equal
+func EqualRawValue(m asn1.RawValue, n asn1.RawValue) bool {
+	return m.Class == n.Class &&
+		m.Tag == n.Tag &&
+		m.IsCompound == n.IsCompound &&
+		bytes.Equal(m.Bytes, n.Bytes) &&
+		bytes.Equal(m.FullBytes, n.FullBytes)
+}
diff --git a/internal/encoding/asn1/asn1_test.go b/internal/encoding/asn1/asn1_test.go
@@ -0,0 +1,37 @@
+// Copyright The Notary Project Authors.
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package asn1
+
+import (
+	"encoding/asn1"
+	"testing"
+)
+
+func TestEqual(t *testing.T) {
+	m := asn1.RawValue{
+		Tag:       asn1.TagNull,
+		FullBytes: []byte{asn1.TagNull, 0},
+	}
+	n := asn1.NullRawValue
+	n.FullBytes = []byte{asn1.TagNull, 0}
+
+	if !EqualRawValue(m, n) {
+		t.Fatal("expected to be equal")
+	}
+
+	n = asn1.NullRawValue
+	if EqualRawValue(m, n) {
+		t.Fatal("expected to be unequal")
+	}
+}
diff --git a/request.go b/request.go
@@ -23,6 +23,7 @@ import (
 	"fmt"
 	"math/big"
 
+	tspclientasn1 "github.com/notaryproject/tspclient-go/internal/encoding/asn1"
 	"github.com/notaryproject/tspclient-go/internal/hashutil"
 	"github.com/notaryproject/tspclient-go/internal/oid"
 )
@@ -38,11 +39,23 @@ type MessageImprint struct {
 }
 
 // Equal compares if m and n are the same MessageImprint
+//
+// Reference: RFC 3161 2.4.2
 func (m MessageImprint) Equal(n MessageImprint) bool {
 	return m.HashAlgorithm.Algorithm.Equal(n.HashAlgorithm.Algorithm) &&
+		tspclientasn1.EqualRawValue(m.HashAlgorithm.Parameters, n.HashAlgorithm.Parameters) &&
 		bytes.Equal(m.HashedMessage, n.HashedMessage)
 }
 
+// asn1NullRawValue is the full form of asn1.NullRawValue with its encoded self
+// in the `FullBytes` field.
+//
+// https://pkg.go.dev/encoding/asn1#NullRawValue
+var asn1NullRawValue = asn1.RawValue{
+	Tag:       asn1.TagNull,
+	FullBytes: []byte{asn1.TagNull, 0},
+}
+
 // Request is a time-stamping request.
 //
 //	TimeStampReq ::= SEQUENCE {
@@ -116,6 +129,10 @@ func NewRequest(opts RequestOptions) (*Request, error) {
 	if err != nil {
 		return nil, &MalformedRequestError{Msg: err.Error()}
 	}
+	hashAlgParameter := opts.HashAlgorithmParameters
+	if tspclientasn1.EqualRawValue(hashAlgParameter, asn1.RawValue{}) || tspclientasn1.EqualRawValue(hashAlgParameter, asn1.NullRawValue) {
+		hashAlgParameter = asn1NullRawValue
+	}
 	var nonce *big.Int
 	if !opts.NoNonce {
 		if opts.Nonce != nil { // user provided Nonce, use it
@@ -133,7 +150,7 @@ func NewRequest(opts RequestOptions) (*Request, error) {
 		MessageImprint: MessageImprint{
 			HashAlgorithm: pkix.AlgorithmIdentifier{
 				Algorithm:  hashAlg,
-				Parameters: opts.HashAlgorithmParameters,
+				Parameters: hashAlgParameter,
 			},
 			HashedMessage: digest,
 		},

diff --git a/request_test.go b/request_test.go
@@ -19,6 +19,7 @@ import (
 	"encoding/asn1"
 	"errors"
 	"fmt"
+	"reflect"
 	"testing"
 
 	"github.com/notaryproject/tspclient-go/internal/hashutil"
@@ -50,10 +51,26 @@ func TestNewRequest(t *testing.T) {
 		Content:       message,
 		HashAlgorithm: crypto.SHA256,
 	}
-	_, err = NewRequest(opts)
+	req, err := NewRequest(opts)
+	if err != nil {
+		t.Fatalf("expected nil error, but got %v", err)
+	}
+	if !reflect.DeepEqual(req.MessageImprint.HashAlgorithm.Parameters, asn1NullRawValue) {
+		t.Fatalf("expected %v, but got %v", asn1NullRawValue, req.MessageImprint.HashAlgorithm.Parameters)
+	}
+
+	opts = RequestOptions{
+		Content:                 message,
+		HashAlgorithm:           crypto.SHA256,
+		HashAlgorithmParameters: asn1.NullRawValue,
+	}
+	req, err = NewRequest(opts)
 	if err != nil {
 		t.Fatalf("expected nil error, but got %v", err)
 	}
+	if !reflect.DeepEqual(req.MessageImprint.HashAlgorithm.Parameters, asn1NullRawValue) {
+		t.Fatalf("expected %v, but got %v", asn1NullRawValue, req.MessageImprint.HashAlgorithm.Parameters)
+	}
 }
 
 func TestRequestMarshalBinary(t *testing.T) {