indutny / asn1.js Goto Github PK

result is never defined: https://github.com/indutny/asn1.js/blob/v4.2.1/lib/asn1/decoders/der.js#L185-L193

In the browser (asn1.js is used [eventually through dependencies] by crypto-browserify) this is causing issues.

Not sure if it was intentionally not defined or not. It was in the initial commit and I find it difficult to believe it has not come up before.

The deficiency of ping-pong testing approach is that it only tests encode-decode path.
The decode-encode path is not tested, unfortunately.

Either option is trivial to implement but this would save a lot of time when an encoding is not explicitly specified. Since BER is not implemented and PEM is not as popular then DER would be a good default. But it is probably better to just throw an error. ATM it just complains about something else being 'undefined', not particularly helpful.

Give a preference and I will make a PR.

There's this base file which contains a hidden cyclical dependency.
The problem is buffer depends on base
while base depends on buffer.

https://github.com/indutny/asn1.js/blob/master/lib/asn1/base/buffer.js#L4
It works in node (and probably in webpack), but it causes problems when deployed using https://unpkg.com

Module test is named rfc3280, but in fact contains only OCSP stuff.

Decoding a cert with asn1.js-rfc3280 to extract subjectPublicKeyInfo field shows that AlgorithmIdentifier.parameters was missed, where 0x05,0x00(NULL) was set in the case of RSA. The field was parsed in the next subjectPublicKey field in the unused property.

{ algorithm: { algorithm: [ 1, 2, 840, 113549, 1, 1, 1 ] },
  subjectPublicKey:
   { unused: 0,
     data: <Buffer 30 82 01 0a 02 82 01 01 00 b7 89 4e 02 f9 ba 01 e0 78 89 d6 70 fd 36 18 d6 02 2e fc 96 c9 d9 de ae 2e 80 0a a1 9f 4b 17 20 c3 71 b9 99 6b 2e fc 12 fa ... > } }

It seems that the decoder cannot parse and obtain the field with defined with optional().any().

This causes the problem when we want to extract the der data of subjectPublicKey from tbsCertificate by simply decoding and encoiding of cert.tbsCertificate.subjectPublicKeyInfo with

var spki_der = SubjectPublicKeyInfo.encode(cert.tbsCertificate.subjectPublicKeyInfo, 'der');

so that NULL(0x05,0x00) was missed.
But we have a workaround to set the value of parameters explicitly.

var spki = cert.tbsCertificate.subjectPublicKeyInfo;
var new_spki = {algorithm : {algorithm: spki.algorithm.algorithm, parameters: new Buffer('0500', 'hex')},
                           subjectPublicKey: {data: spki.subjectPublicKey.data}};
var spki_der = SubjectPublicKeyInfo.encode(new_spki, 'der');

If there is a more simple way to extract the der data, please let me know it.

There is a typo in the RFC 5280 API.

CerficateList should be CertificateList instead.

Hi!

Version 4.10 broke our build because it's being used in a browserify/webpack shim for node's crypto library. Uglify caught this for us as it started choking on const.

cc: @ljharb @goatslacker

Here is the dep tree:

~/airlab/repos/thinger master*
 └─┬ [email protected]
   └─┬ [email protected]
     └─┬ [email protected]
       └─┬ [email protected]
         └─┬ [email protected]
           └── [email protected]

If you install asn1.js without the optional dependencies (--no-optional), the bn.js dependency isn't installed but then asn1.js fails to work because it expects it to exist in https://github.com/indutny/asn1.js/blob/master/lib/asn1.js#L3. Either treat is optional or mark it as required.

Hi
version 4.10.0 of the package is missing in yarn yarnpkg/yarn#4821

The choice tag is decoded just fine: Vanuan@8deaa9c#diff-93bb5384f2f7698560a5cd4fe592b374R55

But when I try to encode it: Vanuan@8deaa9c#diff-f622ac5d468e8670f218b180970d8552R32

It fails with:

Error: Child should have a key at: (shallow)
 at Reporter.error (asn1.js/lib/asn1/base/reporter.js:53:11)
  at DERNode.<anonymous> (asn1.js/lib/asn1/base/node.js:463:25)
  at Array.map (native)
  at DERNode.encode [as _encode] (asn1.js/lib/asn1/base/node.js:461:30)
  at DERNode.encode [as _encode] (asn1.js/lib/asn1/base/node.js:435:30)
  at Model.encode (asn1.js/lib/asn1/encoders/der.js:23:20)

BER decoder and encoder needs to be implemented.

/cc @mcavage

Hey man, seen you work in https://github.com/mcavage/node-asn1. Please let me know if it may sound as an interesting idea for you, there're currently no npm module that does both BER and DER.

NPM registry is apparently missing the tarball for this version:

https://registry.npmjs.org/asn1.js/-/asn1.js-4.10.0.tgz replies:

{
  error: "package could not be found."
}

var data = new Buffer(der, 'hex');
var c = Certificate.decode(data, 'der');
var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der');

Will throw:

Error: Child should have a key at: ["issuer"]

Am I doing something wrong here? Is there any easier way to just get the raw buffer for the TBS Cert?

Hello,
Have you had any reports of issues when using asn1.js library in conjunction with Microsoft Edge browser? (and yes, I realize you do not have access to any Windows machines!)

regards,
Greg

When using implicit seqof(Type), where Type is seq(), the sequence is encoded as a0, while it seems it should be encoded as 30
Here's a test: Vanuan/asn1.js@055b737

The following code returns undefined:

rfc3280.AttributeType.decode(new Buffer('06092A864886F70D010903','hex'), 'der');

As a result, while decoding an object that uses unknown objid, we see a corresponding key missing.

I think, an error should be thrown or objid should be written as a numeric string.

'use strict';

const rfc5280 = require('./rfc/5280');

const tbs =

I guess this file doesn't need to be included in distributed npm package or should be valid JS file

It'd be nice to be able to use the PEM format in addition to DER.

Conversion from PEM to DER should be quite simple, I even wrote a quick DER-to-PEM function:

var base64 = require('base64-js'),
    convertHex = require('convert-hex');

var derToPem = function(derPrivateKey) {
    var byteArrayPrivateKey = convertHex.hexToBytes(derPrivateKey);
    var base64PrivateKey = base64.fromByteArray(byteArrayPrivateKey);

    var pemBeginning = '-----BEGIN PRIVATE KEY-----';
    var pemEnding = '-----END PRIVATE KEY-----';
    var pemMiddle = base64PrivateKey.match(/.{1,64}/g).join('\n');
    var pemPrivateKey = [pemBeginning, pemMiddle, pemEnding].join('\n');

    return pemPrivateKey;
};

Let me know what you think, thanks!

I am using Create React App and on 'npm run build' getting the following error -

Failed to minify the code from this file:

./node_modules/parse-asn1/node_modules/asn1.js/lib/asn1/decoders/der.js:58 

Read more here: http://bit.ly/2tRViJ9

Explicit fields should be prefixed with 0xA0 | TAG byte, but instead are coded as 0x20 | TAG.

Following test-case shows invalid encoding:

var asn1 = require('asn1.js');

var Bug = asn1.define('Bug', function() {
    this.explicit(2).octstr()
});

var encoded = Bug.encode("X", 'der');
console.log(encoded);

// output: <Buffer 22 03 04 01 58>

Correct output for this particular scheme should be A2 03 04 01 58

Hello,
I do not know your codebase enough to know what would be the correct returned value.
https://github.com/indutny/asn1.js/blob/master/lib/asn1/base/node.js#L367

Thanks.

Following syntax does not work when translated to asn1.js DSL:

B :: = SEQUENCE {
    x OCTET STRING }
A ::= SEQUENCE {
     b [0] IMPLICIT B }

When child model is defined via this.use(Child), it ignores implicit tag from parent model.

Test case: https://gist.github.com/muromec/fa3d896be964bb1a9f4c

Character string types support would be great
http://www.obj-sys.com/asn1tutorial/node128.html

When installing asn1.js with npm install asn1.js I noticed that unless I set the version to 4.8.0 the rfc directory is not included under node_modules/asn1.js and I can't parse X.509 certificates. Is this a packaging bug or is it intentional and if so, what is the recommended way to decode a certificate with the latest version?

This line:

Is affecting other projects when using browserify, see:
https://github.com/bitpay/copay/issues/7001

any plans for bmpstr support?

X.690 (08/2015), section 11 (Restrictions on BER employed by both CER and DER), subsection 11.6 (Set-of components) reads:

The encodings of the component values of a set-of value shall appear in ascending order, the encodings being compared
as octet strings with the shorter components being padded at their trailing end with 0-octets.

NOTE – The padding octets are for comparison purposes only and do not appear in the encodings.

This library does not currently sort set-of components in canonical order when encoding DER.

Since I got the latest version, my webpack build now fails.

Unexpected token: name (len) [./~/asn1.js/lib/asn1/decoders/der.js:58,0][vendor.js:93723,6]
  in undefined

My dependency tree is

`-- [email protected]
  `-- [email protected]
    `-- [email protected]
      `-- [email protected]
        `-- [email protected]
          `-- [email protected]

There is a bug in optional handling. See test case:

Vanuan@4c58d4c

Result:

1. asn1.js ping/pong composite should support optionals:
   AssertionError: {"key":true,"opt_key":null} deepEqual {"key":true}

Details about revoked certificates are not being properly decoded using the RFC 5280 API. No matter the contents of a CRL, the result always contains revokedCertificates: {}.

There are parts of ASN.1 definition which content depends on the object identifier.

For example, to encode/decode PKCS7 ContentInfo we need 2 steps:

1. decode generic ContentInfo
2. decode specific part based on content type using specific model.

http://tools.ietf.org/html/rfc2315#section-7

ContentInfo ::= SEQUENCE {
   contentType ContentType,
   content
     [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL }

Is there a way to define ASN.1 js model to do that in one step? I.e. some kind of conditional typing/objid mapping, maybe...

The same problem goes with AlgorithmIdentifier.

Installing this specific version from npm return an error that it does not exist.

Add support for real numbers.

EncodeBuffer constructor relies on constructor function name which can be mangled when source code is minified.

here it is: https://github.com/indutny/asn1.js/blob/master/lib/asn1/base/buffer.js#L69

can be fixed by using instance of instead.

When trying to install bower (which uses parse-asn1, and transitively, asn1.js), the install tries to pull in asn1.js 4.10.0, which doesn't exist. There's a GitHub release, but no yarn version, apparently. Forcing 4.9.2 does work.

The error I'm getting is:

yarn install v1.2.1
[1/4] Resolving packages...
[2/4] Fetching packages...
error An unexpected error occurred: "https://registry.yarnpkg.com/asn1.js/-/asn1.js-4.10.0.tgz: Request failed \"404 Not Found\"".
info If you think this is a bug, please open a bug report with the information provided in "/jenkins/workspace/rs_aa-web-tng_jenkins_build-PDLIB2YYFPZ3HKD27EE26S7JKYWCT2YIOP46OX7JC4W7ITGSUOKA/yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
script returned exit code 1

This fails

it ('BigNum bug in ASN.1 implementation', () => {
        var ASNInteger = asn1.define('Integer', function () {
            this.seq().obj(
                this.key('aNumber').int());
        });
        var serialized = ASNInteger.encode({aNumber: 2}, 'der');
        var two = ASNInteger.decode(serialized, 'der');
        assert.equal(two.aNumber, 2);
        assert.equal(two+1, 3); // Fail
    });

With

AssertionError: expected '[object Object]1' to equal 3
Expected :3
Actual   :"[object Object]1"

It turns out that the example in the readme isn't quite correct:

  it ('example from github', () => {
        var Human = asn1.define('Human', function() {
            this.seq().obj(
                this.key('firstName').octstr(),
                this.key('lastName').octstr(),
                this.key('age').int(),
                this.key('gender').enum({ 0: 'male', 1: 'female' }),
                this.key('bio').seqof(Bio)
            );
        });

        var Bio = asn1.define('Bio', function() {
            this.seq().obj(
                this.key('time').gentime(),
                this.key('description').octstr()
            );
        });

        var output = Human.encode({
            firstName: 'Thomas',
            lastName: 'Anderson',
            age: 28,
            gender: 'male',
            bio: [
                {
                    time: +new Date('31 March 1999'),
                    description: 'freedom of mind'
                }
            ]
        }, 'der');

        var human = Human.decode(output, 'der');
        console.log(human);

    });

Prints

{ firstName: <Buffer 54 68 6f 6d 61 73>,
  lastName: <Buffer 41 6e 64 65 72 73 6f 6e>,
  age: <BN: 1c>,
  gender: 'male',
  bio: 
   [ { time: 922831200000,
       description: <Buffer 66 72 65 65 64 6f 6d 20 6f 66 20 6d 69 6e 64> } ] }

I expect age to be 28 but it's <BN: 1c>, which seems to be a BigNum. How is it supposed to work? According to the readme or according to this test case?

Thanks

PR #59 adds support for encapsulated models in bit strings or octet strings.

Examples can be found in RFC 5280:

Extension  ::=  SEQUENCE  {
        -- ...
        extnValue   OCTET STRING
                    -- contains the DER encoding of an ASN.1 value
                    -- corresponding to the extension type identified
                    -- by extnID
        }

or in RFC 5912 where it is explicitly used:

Extension{EXTENSION:ExtensionSet} ::= SEQUENCE {
     -- ...
      extnValue   OCTET STRING (CONTAINING
                  EXTENSION.&ExtnType({ExtensionSet}{@extnID}))
                  --  contains the DER encoding of the ASN.1 value
                  --  corresponding to the extension type identified
                  --  by extnID
  }

I have a browserify project which depends on Mathjs(which depends on decimal.js). My app works correctly on every browser, but not on safari. It turned out that the cause is an error with the strict mode:

SyntaxError: Cannot declare a parameter named 'k' in strict mode

After looking inside the minification process, and inside the browserify generated code, I found that the code which generate the error is this one

https://github.com/indutny/asn1.js/blob/master/lib/asn1/base/node.js#L225

It is a known bug of safari implementation of strict mode. A function cannot have a parameter with the same name, the key() function in asn1/base/node module.

see the discussion here mishoo/UglifyJS#179

Hi, I have a problem when decoding a TimeStampResp… when using normal decode only status is printed, while the answer is complete and certainly contains more, when using partial: true it enters a loop and never stops.
I wasn't able to detect the loop using the inspector so far (nor find any problem in my ASN.1 definition).
I saved my self-contained test case in this gist.

{ status: { status: 'granted' } }
[ 'tagged', '', 0, 1700 ]
[ 'content', '', 4, 1700 ]
[ 'tagged', 'status', 4, 9 ]
[ 'content', 'status', 6, 9 ]
[ 'tagged', 'status/status', 6, 9 ]
[ 'content', 'status/status', 8, 9 ]
[ 'tagged', 'timeStampToken', 9, 1700 ]
[ 'content', 'timeStampToken', 13, 1700 ]
[ 'tagged', 'timeStampToken/contentType', 13, 24 ]
[ 'content', 'timeStampToken/contentType', 15, 24 ]
[ 'tagged', 'timeStampToken/content', 28, 183 ]
[ 'content', 'timeStampToken/content', 30, 183 ]
[ 'tagged', 'timeStampToken/content/version', 30, 33 ]
[ 'content', 'timeStampToken/content/version', 32, 33 ]
[ 'tagged', 'timeStampToken/content/digestAlgorithms', 33, 50 ]
[ 'content', 'timeStampToken/content/digestAlgorithms', 35, 50 ]
^C

When seqof() is used with optional() the decoded results are not parsed or included in the resulting object. PR #61 updates _peekTag() to check for seqof/setof when optional. The added tests highlight the issue.

Hi,
I'm running into an issue with a package that uses your module. I'm able to install v4.0.0 fine, but when I try to install the recently released 4.0.1, I receive

npm ERR! node v4.2.2
npm ERR! npm v2.15.1
npm ERR! code ETARGET

npm ERR! notarget No compatible version found: asn1.js-rfc5280@'>=4.4.0 <5.0.0'
npm ERR! notarget Valid install targets:
npm ERR! notarget ["1.0.0","1.0.1","1.0.2","1.0.3","1.2.1"]
npm ERR! notarget
npm ERR! notarget This is most likely not a problem with npm itself.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
npm ERR! notarget
npm ERR! notarget It was specified as a dependency of 'asn1.js-rfc2560'

Looks like the new package.json has an invalid dependency

"asn1.js-rfc5280": "^4.4.0"

I'm looking at implementing RFC 3161 (Time-Stamp Protocol) but need some guidance on defining this type:

PKIStatus ::= INTEGER {
   granted                (0),
   grantedWithMods        (1),
   rejection              (2),
   waiting                (3),
   revocationWarning      (4),
   revocationNotification (5) }

Is there a mechanism in asn1.js for defining an INTEGER type with identifiers as specified for this PKIStatus type?

Encoding seems to work, decoding does not work. A test case is here felix@ea45c61

Should support unbound integers somehow.

Getting this error when npm installing browserify 8.0.3:

npm ERR! peerinvalid The package asn1.js does not satisfy its siblings' peerDependencies requirements!

I have found that too:

npm ERR! peerinvalid Peer [email protected] wants asn1.js@^0.6.0

The problem comes from browserify-sign that references asn1.js-rfc3280 I guess.
Updating the package.json peerDependencies object in the rfc 3280 from "asn1.js": "^0.6.0"too 0.6.6 or 0.6.xcould resolve that ?

If it is the solution, it probably has to be done in the rfc 2560 too.

vm-browserify uses eval which is disabled in Chrome Apps (completely) and Extensions (by default CSP), therefore browserified asn1.js doesn't work.
https://developer.chrome.com/extensions/sandboxingEval
https://developer.chrome.com/apps/contentSecurityPolicy

The following snippet yields 63744:

var asn = require('asn1.js');
 
var Human = asn.define('Human', function() {
  this.seq().obj(
    this.key('firstName').int(),
  );
});

var output = Human.encode({
  firstName: 2500000000,
}, 'der');

var human = Human.decode(output, 'der');
console.log(human.firstName.toNumber());

It seems like an integer overflow. Shouldn't it allow more than 32 bits?

  370:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points
  375:d=5  hl=2 l=  48 prim: OCTET STRING      [HEX DUMP]:302E302CA02AA028862668747470733A2F2F6C6F63616C686F73743A383838382F726F6F742D63612F63726C2E70656D

Pulled off a cert.

I can't find a good way to parse the octet string above, it should look like :

CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint

DistributionPoint ::= SEQUENCE {
     distributionPoint       [0]     DistributionPointName OPTIONAL,
     reasons                 [1]     ReasonFlags OPTIONAL,
     cRLIssuer               [2]     GeneralNames OPTIONAL }

DistributionPointName ::= CHOICE {
     fullName                [0]     GeneralNames,
     nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }

ReasonFlags ::= BIT STRING {
     unused                  (0),
     keyCompromise           (1),
     cACompromise            (2),
     affiliationChanged      (3),
     superseded              (4),
     cessationOfOperation    (5),
     certificateHold         (6),
     privilegeWithdrawn      (7),
     aACompromise            (8) }

But notice that in the hex dump there is no explicit tag for CHOICE. Been fiddling but unable to find a workaround easily.

ASN.1 states:

if the value of a component with the OPTIONAL or DEFAULT qualifier is absent from the sequence, then the encoding of that component is not included in the contents octets