Implemented SET lexicographical sorting for DER and updated unit tests

Crypt32 · Crypt32 · commit 08bd9d8763b1 · 2026-04-01T18:15:04.000+03:00
diff --git a/Asn1Parser/Asn1Builder.cs b/Asn1Parser/Asn1Builder.cs
@@ -1,6 +1,7 @@
 ﻿using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Linq;
 using System.Numerics;
 using System.Security.Cryptography;
 using System.Text;
@@ -176,20 +177,23 @@ public Asn1Builder AddSequence(ReadOnlySpan<Byte> value) {
         return this;
     }
     /// <summary>
-    ///     Adds ASN.1 SET value.
+    ///     Adds ASN.1 SET value with proper DER canonical sorting.
     /// </summary>
     /// <param name="value">
-    ///     Value to encode.
+    ///     Value to encode. This should be the concatenated raw content (without SET tag/length wrapper).
     /// </param>
     /// <exception cref="ArgumentNullException">
     ///     <strong>value</strong> parameter is null.
     /// </exception>
     /// <returns>Current instance with added value.</returns>
     /// <remarks>
     ///     In the current implementation, SET is encoded using constructed form only.
+    ///     According to DER (X.690), SET and SET OF elements are sorted in ascending order
+    ///     by their complete encoded representation (lexicographic ordering of DER encodings).
     /// </remarks>
     public Asn1Builder AddSet(ReadOnlySpan<Byte> value) {
-        _rawData.Add(Asn1Utils.Encode(value, 0x31));
+        ReadOnlyMemory<Byte> sortedElements = sortSetElements(new ReadOnlyMemory<Byte>(value.ToArray()));
+        _rawData.Add(Asn1Utils.Encode(sortedElements.Span, 0x31));
 
         return this;
     }
@@ -533,19 +537,24 @@ public Asn1Builder AddSequence(Func<Asn1Builder, Asn1Builder> selector) {
         return this;
     }
     /// <summary>
-    /// Adds constructed SET.
+    /// Adds constructed SET with proper DER canonical sorting.
     /// </summary>
     /// <param name="selector">Lambda expression to fill nested content.</param>
     /// <exception cref="ArgumentNullException">
     ///     <strong>selector</strong> parameter is null.
     /// </exception>
     /// <returns>Current instance with added value.</returns>
+    /// <remarks>
+    ///     According to DER (X.690), SET and SET OF elements are sorted in ascending order
+    ///     by their complete encoded representation (lexicographic ordering of DER encodings).
+    /// </remarks>
     public Asn1Builder AddSet(Func<Asn1Builder, Asn1Builder> selector) {
         if (selector is null) {
             throw new ArgumentNullException(nameof(selector));
         }
         Asn1Builder b = selector(new Asn1Builder());
-        _rawData.Add(Asn1Utils.Encode(b.GetRawDataAsMemory().Span, 0x31));
+        ReadOnlyMemory<Byte> sortedElements = sortSetElements(b.GetRawDataAsMemory());
+        _rawData.Add(Asn1Utils.Encode(sortedElements.Span, 0x31));
         return this;
     }
     /// <summary>
@@ -663,6 +672,64 @@ public ReadOnlyMemory<Byte> GetRawDataAsMemory() {
         return getEncoded(0, false);
     }
 
+    // Helper method to sort SET elements according to DER canonical ordering
+    static ReadOnlyMemory<Byte> sortSetElements(ReadOnlyMemory<Byte> rawElements) {
+        if (rawElements.Length == 0) {
+            return rawElements;
+        }
+
+        // rawElements is unencoded content (concatenated children without TL wrapper)
+        // Temporarily wrap in SEQUENCE to parse individual elements
+        ReadOnlyMemory<Byte> tempSequence = Asn1Utils.Encode(rawElements.Span, 0x30);
+
+        var elements = new List<ReadOnlyMemory<Byte>>();
+        var reader = new Asn1Reader(tempSequence);
+
+        if (!reader.IsConstructed || reader.GetNestedNodeCount() == 0) {
+            // No children to sort
+            return rawElements;
+        }
+
+        // Move into the SEQUENCE to access its children
+        if (!reader.MoveNext()) {
+            return rawElements;
+        }
+
+        // Collect all immediate child elements using MoveNextSibling
+        elements.Add(reader.GetTagRawDataAsMemory());
+        while (reader.MoveNextSibling()) {
+            elements.Add(reader.GetTagRawDataAsMemory());
+        }
+
+        // Sort elements lexicographically by their DER encoding
+        elements.Sort((a, b) => {
+            Int32 minLength = Math.Min(a.Length, b.Length);
+            ReadOnlySpan<Byte> spanA = a.Span;
+            ReadOnlySpan<Byte> spanB = b.Span;
+
+            for (Int32 i = 0; i < minLength; i++) {
+                Int32 cmp = spanA[i].CompareTo(spanB[i]);
+                if (cmp != 0) {
+                    return cmp;
+                }
+            }
+            // If all bytes are equal up to minLength, shorter comes first
+            return a.Length.CompareTo(b.Length);
+        });
+
+        // Concatenate sorted elements
+        Int32 totalLength = elements.Sum(element => element.Length);
+
+        Byte[] result = new Byte[totalLength];
+        Int32 offset = 0;
+        foreach (ReadOnlyMemory<Byte> element in elements) {
+            element.Span.CopyTo(result.AsSpan(offset));
+            offset += element.Length;
+        }
+
+        return result;
+    }
+
     /// <summary>
     /// Creates a default instance of <strong>Asn1Builder</strong> class.
     /// </summary>
diff --git a/tests/Asn1Parser.Tests/Builder/Asn1BuilderTests.cs b/tests/Asn1Parser.Tests/Builder/Asn1BuilderTests.cs
@@ -32,7 +32,9 @@ static Asn1Builder BuildTestSimple() {
             .AddRelativeOid(".5")
             .AddSequence(builder => builder.AddInteger(1).AddInteger(2))
             .AddSequence(new Asn1Integer(5).GetRawDataAsMemory().Span)
-            .AddSet(builder => builder.AddInteger(1).AddInteger(2))
+            // in KAT data, SET is sorted, i.e. 1 is after 2. But we will add them in the order of 1, 2,
+            // and expect that builder will sort them correctly.
+            .AddSet(builder => builder.AddInteger(2).AddInteger(1))
             .AddSet(new Asn1Integer(5).GetRawDataAsMemory().Span)
             .AddNumericString("555 555")
             .AddPrintableString("PrintableString")
@@ -72,7 +74,7 @@ public void TestBuilderSimple() {
         Asn1BuilderTestBase.AssertNull(reader, useSibling: true);
         Asn1BuilderTestBase.AssertObjectIdentifier(reader, "1.3.6.1.5.5.7.3.1");
         Asn1BuilderTestBase.AssertEnumerated(reader, 3);
-        Asn1BuilderTestBase.AssertString(reader, Asn1Type.UTF8String, Asn1Type.UTF8String.ToString());
+        Asn1BuilderTestBase.AssertString(reader, Asn1Type.UTF8String, nameof(Asn1Type.UTF8String));
         Asn1BuilderTestBase.AssertRelativeOid(reader, ".5");
         Asn1BuilderTestBase.AssertSequence(reader);
         nestedReader = reader.GetReader();
@@ -89,14 +91,14 @@ public void TestBuilderSimple() {
         nestedReader = reader.GetReader();
         Asn1BuilderTestBase.AssertInteger(nestedReader, 5);
         Asn1BuilderTestBase.AssertString(reader, Asn1Type.NumericString, "555 555", useSibling: true);
-        Asn1BuilderTestBase.AssertString(reader, Asn1Type.PrintableString, Asn1Type.PrintableString.ToString());
-        Asn1BuilderTestBase.AssertString(reader, Asn1Type.TeletexString, Asn1Type.TeletexString.ToString());
-        Asn1BuilderTestBase.AssertString(reader, Asn1Type.VideotexString, Asn1Type.VideotexString.ToString());
-        Asn1BuilderTestBase.AssertString(reader, Asn1Type.IA5String, Asn1Type.IA5String.ToString());
+        Asn1BuilderTestBase.AssertString(reader, Asn1Type.PrintableString, nameof(Asn1Type.PrintableString));
+        Asn1BuilderTestBase.AssertString(reader, Asn1Type.TeletexString, nameof(Asn1Type.TeletexString));
+        Asn1BuilderTestBase.AssertString(reader, Asn1Type.VideotexString, nameof(Asn1Type.VideotexString));
+        Asn1BuilderTestBase.AssertString(reader, Asn1Type.IA5String, nameof(Asn1Type.IA5String));
         Asn1BuilderTestBase.AssertDateTime(reader, DateTime.Parse("2025-01-01 20:00:00"), true);
         Asn1BuilderTestBase.AssertDateTime(reader, DateTime.Parse("2025-01-01 20:00:00"), false);
-        Asn1BuilderTestBase.AssertString(reader, Asn1Type.VisibleString, Asn1Type.VisibleString.ToString());
-        Asn1BuilderTestBase.AssertString(reader, Asn1Type.UniversalString, Asn1Type.UniversalString.ToString());
-        Asn1BuilderTestBase.AssertString(reader, Asn1Type.BMPString, Asn1Type.BMPString.ToString());
+        Asn1BuilderTestBase.AssertString(reader, Asn1Type.VisibleString, nameof(Asn1Type.VisibleString));
+        Asn1BuilderTestBase.AssertString(reader, Asn1Type.UniversalString, nameof(Asn1Type.UniversalString));
+        Asn1BuilderTestBase.AssertString(reader, Asn1Type.BMPString, nameof(Asn1Type.BMPString));
     }
 }
