summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDmitry Eremin-Solenikov <dbaryshkov@gmail.com>2018-11-14 01:43:05 +0300
committerDmitry Eremin-Solenikov <dbaryshkov@gmail.com>2018-11-14 14:54:25 +0300
commitda8fc8fd87e00697545ebe0bf67ad1aa1a544673 (patch)
treedac9b8b03a627d1c07b655a0478f273d8d40684a
parent69c45d7f5f47eaae4b3abdbf0a4a37c9ece6d9fd (diff)
downloadgnutls-da8fc8fd87e00697545ebe0bf67ad1aa1a544673.tar.gz
tests: add testfile from RFC4134 Section 4.5
Add test example demonstrating indefinite-length BER encoding of PKCS#7 data. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-rw-r--r--tests/cert-tests/Makefile.am3
-rw-r--r--tests/cert-tests/data/rfc4134-4.5.p7bbin0 -> 1359 bytes
-rw-r--r--tests/cert-tests/data/rfc4134-ca-rsa.pem74
-rwxr-xr-xtests/cert-tests/pkcs711
4 files changed, 87 insertions, 1 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 9e29079fc4..0d800c24fe 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -93,7 +93,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
data data/pkcs8-invalid9.der data/key-invalid2.der data/pkcs8-invalid10.der \
data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt \
data/rfc4490.p7b data/rfc4490.p7b.out data/gost01.p12 data/gost12.p12 data/gost12-2.p12 \
- data/ca-crl-invalid.crl data/ca-crl-invalid.pem data/ca-crl-valid.pem data/ca-crl-valid.crl
+ data/ca-crl-invalid.crl data/ca-crl-invalid.pem data/ca-crl-valid.pem data/ca-crl-valid.crl \
+ data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b
dist_check_SCRIPTS = pathlen aki invalid-sig email \
pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
diff --git a/tests/cert-tests/data/rfc4134-4.5.p7b b/tests/cert-tests/data/rfc4134-4.5.p7b
new file mode 100644
index 0000000000..6608d9b13b
--- /dev/null
+++ b/tests/cert-tests/data/rfc4134-4.5.p7b
Binary files differ
diff --git a/tests/cert-tests/data/rfc4134-ca-rsa.pem b/tests/cert-tests/data/rfc4134-ca-rsa.pem
new file mode 100644
index 0000000000..20580fa080
--- /dev/null
+++ b/tests/cert-tests/data/rfc4134-ca-rsa.pem
@@ -0,0 +1,74 @@
+X.509 Certificate Information:
+ Version: 3
+ Serial Number (hex): 46346bc7800056bc11d36e2e9ff25020
+ Issuer: CN=CarlRSA
+ Validity:
+ Not Before: Wed Aug 18 07:00:00 UTC 1999
+ Not After: Sat Dec 31 23:59:59 UTC 2039
+ Subject: CN=CarlRSA
+ Subject Public Key Algorithm: RSA
+ Algorithm Security Level: Low (1024 bits)
+ Modulus (bits 1024):
+ 00:e4:4b:ff:18:b8:24:57:f4:77:ff:6e:73:7b:93:71
+ 5c:bc:33:1a:92:92:72:23:d8:41:46:d0:cd:11:3a:04
+ b3:8e:af:82:9d:bd:51:1e:17:7a:f2:76:2c:2b:86:39
+ a7:bd:d7:8d:1a:53:ec:e4:00:d5:e8:ec:a2:36:b1:ed
+ e2:50:e2:32:09:8a:3f:9f:99:25:8f:b8:4e:ab:b9:7d
+ d5:96:65:da:16:a0:c5:be:0e:ae:44:5b:ef:5e:f4:a7
+ 29:cb:82:dd:ac:44:e9:aa:93:94:29:0e:f8:18:d6:c8
+ 57:5e:f2:76:c4:f2:11:60:38:b9:1b:3c:1d:97:c9:6a
+ f1
+ Exponent (bits 24):
+ 01:00:01
+ Extensions:
+ Basic Constraints (critical):
+ Certificate Authority (CA): TRUE
+ Key Usage (critical):
+ Digital signature.
+ Certificate signing.
+ CRL signing.
+ Subject Key Identifier (not critical):
+ e9e09027ac78207a9ad34cf242374e22ae9e38bb
+ Signature Algorithm: RSA-SHA1
+ Signature:
+ b7:9e:d4:04:d3:ed:29:e4:ff:89:89:15:2e:4c:db:0c
+ f0:48:0f:32:61:ee:c4:04:ec:12:5d:2d:ff:0f:64:59
+ 7e:0a:c3:ed:18:fd:e3:56:40:37:a7:07:b5:f0:38:12
+ 61:50:ed:ef:dd:3f:e3:0b:b8:61:a5:a4:9b:3c:e6:9e
+ 9c:54:9a:b6:95:d6:da:6c:3b:b5:2d:45:35:9d:49:01
+ 76:fa:b9:b9:31:f9:f9:6b:12:53:a0:f5:14:60:9b:7d
+ ca:3e:f2:53:6b:b0:37:6f:ad:e6:74:d7:db:fa:5a:ea
+ 14:41:63:5d:cd:be:c8:0e:c1:da:6a:8d:53:34:18:02
+Other Information:
+ SHA1 fingerprint:
+ 4110908f77c64c0edfc2de6273bfa9a98a9c5ce5
+ SHA256 fingerprint:
+ 734c2253ad2d6bfaec981099a152b1ab42216b44cf48dadd306e6221ad824205
+ Public Key ID:
+ e9e09027ac78207a9ad34cf242374e22ae9e38bb
+ Public key's random art:
+ +--[ RSA 1024]----+
+ | |
+ | |
+ | |
+ | . . . |
+ |o = o S |
+ |==.= = o |
+ |**O . . . |
+ |=*=. |
+ |EO |
+ +-----------------+
+
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAVSgAwIBAgIQRjRrx4AAVrwR024un/JQIDANBgkqhkiG9w0BAQUFADAS
+MRAwDgYDVQQDEwdDYXJsUlNBMB4XDTk5MDgxODA3MDAwMFoXDTM5MTIzMTIzNTk1
+OVowEjEQMA4GA1UEAxMHQ2FybFJTQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
+gYEA5Ev/GLgkV/R3/25ze5NxXLwzGpKSciPYQUbQzRE6BLOOr4KdvVEeF3rydiwr
+hjmnvdeNGlPs5ADV6OyiNrHt4lDiMgmKP5+ZJY+4Tqu5fdWWZdoWoMW+Dq5EW+9e
+9Kcpy4LdrETpqpOUKQ74GNbIV17ydsTyEWA4uRs8HZfJavECAwEAAaNCMEAwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFOngkCeseCB6
+mtNM8kI3TiKunji7MA0GCSqGSIb3DQEBBQUAA4GBALee1ATT7Snk/4mJFS5M2wzw
+SA8yYe7EBOwSXS3/D2RZfgrD7Rj941ZAN6cHtfA4EmFQ7e/dP+MLuGGlpJs85p6c
+VJq2ldbabDu1LUU1nUkBdvq5uTH5+WsSU6D1FGCbfco+8lNrsDdvreZ019v6WuoU
+QWNdzb7IDsHaao1TNBgC
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7
index c9ce1e4d27..48192985ec 100755
--- a/tests/cert-tests/pkcs7
+++ b/tests/cert-tests/pkcs7
@@ -290,6 +290,17 @@ if test "${rc}" != "0"; then
exit ${rc}
fi
+# Test BER encoding, see RFC 4134 Section 4.5
+# SHA1 signature, so --verify-allow-broken
+FILE="rfc4134-4.5"
+${VALGRIND} "${CERTTOOL}" --p7-verify --verify-allow-broken --load-ca-certificate "${srcdir}/data/rfc4134-ca-rsa.pem" --infile "${srcdir}/data/rfc4134-4.5.p7b" --inder
+rc=$?
+
+if test "${rc}" != "0"; then
+ echo "${FILE}: PKCS7 BER parsing/decoding failed"
+ exit ${rc}
+fi
+
if test "x$ENABLE_GOST" = "x1" && test "x${GNUTLS_FORCE_FIPS_MODE}" != "x1"
then
FILE="gost01-signing"