Add tool to validate all payloads with pyasn1

Author: ralienpp

cmp/validator/readme.md

@@ -0,0 +1,20 @@
+# Overview
+
+Use the RFC9480 parser from pyasn1-alt-modules to parse all the payloads collected in this repository and see if they're valid `PKIMessage` structures.
+
+# Usage
+`python validate.py work/pqc-certificates/cmp/oqs-openssl/artifacts`.
+
+
+## How it works
+- Go through all the directories and look for files that match the `*.pkimessage` name.
+- Attempt to parse them as `RFC9480.PKIMessage`.
+- If it fails, show the path to the problematic payload and the error message.
+
+# Installation
+Create a Python virtualenv and run:
+
+- `pip install pyasn1`
+- `pip install -e git+https://github.com/russhousley/pyasn1-alt-modules.git@master#egg=pyasn1-alt-modules`
+
+Note that it uses the newest definition of PKIMessage from RFC9480, currently available only in the Github repository. Eventually it will become part of a `pyasn1-alt-modules` release, so you'd be able to install that right away.

cmp/validator/validate.py

@@ -0,0 +1,44 @@
+import os
+import argparse
+from pyasn1.codec.der import decoder
+from pyasn1_alt_modules import rfc9480
+
+
+def parse_payload(raw):
+    """Attempt to parse the raw buffer as a PKIMessage"""
+    parsed_data, _ = decoder.decode(raw, asn1Spec=rfc9480.PKIMessage())
+    return parsed_data
+    
+    
+    
+def process_pki_messages(directory):
+    files_parsed = 0
+    errors = 0
+    for root, _, files in os.walk(directory):
+        for file in files:
+            if file.endswith('.pkimessage'):
+                file_path = os.path.join(root, file)
+                try:
+                    with open(file_path, 'rb') as f:
+                        raw_data = f.read()
+                        parsed_data = parse_payload(raw_data)
+                        print(f"OK  '{file}'")
+                except Exception as e:
+                    errors += 1
+                    print(f"ERR '{file_path}': {str(e)[:60]}...")
+                else:
+                    files_parsed += 1
+                    
+    print(f'OK: {files_parsed}\tERR: {errors}')
+
+
+    
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Parse PKIMessage files in directories')
+    parser.add_argument('directory', help='Path to the directory to start from')
+    args = parser.parse_args()
+
+    if os.path.isdir(args.directory):
+        process_pki_messages(args.directory)
+    else:
+        print(f"Error: The provided path '{args.directory}' is not a directory.")