diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-07-26 14:57:44 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-07-26 15:01:33 +0200 |
commit | fc0c62e6d3e0b233fd4b6c80a19129e0b9b77c2a (patch) | |
tree | 02999a8995e48240ff33eb7c48a5bfbf0895d7a2 /tests/cert-tests | |
parent | 035513f43ca6f9c9ac7c8852b78e2c4a65cdec4f (diff) | |
download | gnutls-fc0c62e6d3e0b233fd4b6c80a19129e0b9b77c2a.tar.gz |
tests: pkcs1-pad: moved to cert-tests
Diffstat (limited to 'tests/cert-tests')
-rw-r--r-- | tests/cert-tests/Makefile.am | 5 | ||||
-rw-r--r-- | tests/cert-tests/data/pkcs1-pad-broken.pem | 118 | ||||
-rw-r--r-- | tests/cert-tests/data/pkcs1-pad-broken2.pem | 39 | ||||
-rw-r--r-- | tests/cert-tests/data/pkcs1-pad-broken3.pem | 126 | ||||
-rw-r--r-- | tests/cert-tests/data/pkcs1-pad-ok.pem | 118 | ||||
-rw-r--r-- | tests/cert-tests/data/pkcs1-pad-ok2.pem | 39 | ||||
-rwxr-xr-x | tests/cert-tests/pkcs1-pad | 110 |
7 files changed, 553 insertions, 2 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 664ee347cc..5b520eb89c 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -48,7 +48,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem templates/template-tlsfeature.tmpl data/userid.pem \ data/template-tlsfeature.pem data/template-tlsfeature.csr \ templates/template-tlsfeature-crq.tmpl templates/arb-extensions.tmpl data/arb-extensions.pem \ - data/arb-extensions.csr + data/arb-extensions.csr data/pkcs1-pad-ok.pem data/pkcs1-pad-broken.pem \ + data/pkcs1-pad-ok2.pem data/pkcs1-pad-broken2.pem data/pkcs1-pad-broken3.pem dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ @@ -64,7 +65,7 @@ endif if !WINDOWS dist_check_SCRIPTS += template-test pem-decoding othername-test krb5-test sha3-test md5-test \ - tlsfeature-test template-exts-test + tlsfeature-test template-exts-test pkcs1-pad endif if ENABLE_DANE diff --git a/tests/cert-tests/data/pkcs1-pad-broken.pem b/tests/cert-tests/data/pkcs1-pad-broken.pem new file mode 100644 index 0000000000..62cb076757 --- /dev/null +++ b/tests/cert-tests/data/pkcs1-pad-broken.pem @@ -0,0 +1,118 @@ +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FF +Subject: C=JP,ST=Tokyo,O=TEST 2 CLIENT,CN=www2.example.jp +Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Signature Algorithm: RSA-SHA +Validity: + Not Before: Thu Sep 7 18:40:37 2006 + Not After: Fri Sep 7 18:40:37 2007 +Subject Public Key Info: + Public Key Algorithm: RSA (1024 bits) +modulus: + bd:2a:59:ea:28:3d:0e:97:8a:07:ad:21:ee:28:b5: + 46:2b:4d:ba:f9:27:e0:83:4e:7c:45:e3:0a:33:d2: + 17:09:88:6c:62:6a:9f:25:af:29:38:8c:2b:38:2e: + 11:89:06:e8:26:40:6e:cc:78:e2:dd:e4:be:c5:43: + 79:47:79:59:90:51:80:ca:1e:41:dd:6d:34:90:54: + e0:15:f1:38:0f:1b:57:37:70:b2:dc:da:3d:e7:ae: + 7d:0b:59:0e:f2:9f:33:87:a3:f9:fa:3f:8f:d9:58: + 1f:db:9d:0a:e8:35:86:e6:8d:c9:b7:02:b6:28:f3: + 1a:89:e4:75:d5:f8:24:45: +public exponent: + 01:00:01: + +X.509 Extensions: + Basic Constraints: + CA:FALSE + Subject Key ID: + 2B:40:D9:B5:DF:0A:D4:FD:A2:8F:D8:15:29:43:5C:1E:5C:7B:B8:22 + Authority Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + 2.16.840.1.113730.1.13: + DER Data: 161d4f70656e53534c2047656e657261746564204365727469666963617465 + ASCII: ..OpenSSL Generated Certificate + +Other information: + MD5 Fingerprint: D6:44:CE:F7:04:D3:24:3D:D5:14:54:AE:5D:88:C3:FA + SHA1 Fingerprint: FB:86:09:B7:E3:5C:D5:EF:D3:75:8B:84:82:A4:22:28:B5:16:72:2A + Public Key ID: 05:95:E0:8F:69:A2:59:92:3D:6B:2B:32:0C:88:C7:12:A1:09:16:8F + + +-----BEGIN CERTIFICATE----- +MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK +UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV +BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG +6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf +M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU +340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK +EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN +BgkqhkiG9w0BAQUFAAOBgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAUKJ+eFJYSvXwGF2wxzDXj+x5YCItrHFmrEy4AXXAW+H0NgJVNvqRY/O +Kw== +-----END CERTIFICATE----- + + + +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FE +Subject: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Signature Algorithm: RSA-SHA +Validity: + Not Before: Thu Sep 7 18:33:18 2006 + Not After: Sat Oct 7 18:33:18 2006 +Subject Public Key Info: + Public Key Algorithm: RSA (1024 bits) +modulus: + d9:7c:58:e4:3c:36:5e:a2:bc:56:aa:4e:ff:0c:a3: + 36:77:ff:4d:6a:8d:bc:74:ce:93:e6:c6:f9:2f:8d: + 61:0f:90:b5:91:75:7a:30:97:af:e4:02:c0:49:2c: + 6d:23:a3:95:3a:66:4e:e2:07:ee:6e:7b:2f:72:3d: + 0d:4d:93:b8:49:e1:75:c8:bd:6b:54:33:dd:c7:b8: + ee:40:8d:5c:6c:38:86:fc:4c:08:31:6d:bd:50:87: + 63:f6:1d:39:d8:94:e6:11:ba:53:d1:1b:8f:ff:82: + 56:98:05:ab:74:ee:54:13:8d:31:b9:ae:d2:cf:6f: + fa:f8:30:76:66:49:45:a1: +public exponent: + 03: + +X.509 Extensions: + Basic Constraints: + CA:TRUE + Subject Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + Authority Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + +Other information: + MD5 Fingerprint: CA:33:DC:62:CB:54:8E:59:DD:D2:E8:9D:F6:BA:90:5B + SHA1 Fingerprint: A4:E8:7D:0A:7D:D2:15:10:B0:AE:F7:24:58:F4:BE:AF:80:48:FE:AD + Public Key ID: E5:D1:FC:26:A8:4C:FC:15:59:AD:06:F1:46:D8:40:31:C0:49:4D:1F + + +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK +UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd +MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28 +dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r +VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S +z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh +tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH +aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK +y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8 +uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs1-pad-broken2.pem b/tests/cert-tests/data/pkcs1-pad-broken2.pem new file mode 100644 index 0000000000..b13cdf508c --- /dev/null +++ b/tests/cert-tests/data/pkcs1-pad-broken2.pem @@ -0,0 +1,39 @@ +X.509 certificate info: + +Version: 1 +Serial Number (hex): 06 +Subject: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit) +Issuer: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit) +Signature Algorithm: RSA-SHA +Validity: + Not Before: Tue Sep 12 01:58:55 2006 + Not After: Thu Oct 12 01:58:55 2006 +Subject Public Key Info: + Public Key Algorithm: RSA (512 bits) +modulus: + 9f:b3:c3:84:27:95:ff:12:31:52:0f:15:ef:46:11: + c4:ad:80:e6:36:5b:0f:dd:80:d7:61:8d:e0:fc:72: + 45:09:34:fe:55:66:45:43:4c:68:97:6a:fe:a8:a0: + a5:df:5f:78:ff:ee:d7:64:b8:3f:04:cb:6f:ff:2a: + fe:fe:b9:ed: +public exponent: + 01:00:01: + +Other information: + MD5 Fingerprint: B1:E2:B9:E7:00:7A:3D:29:B9:86:F8:EB:93:2D:B6:EF + SHA1 Fingerprint: 91:8F:41:F0:D0:E9:55:3B:AA:97:4B:93:BA:0D:B6:60:86:B9:5A:84 + Public Key ID: 77:47:AD:43:02:5B:06:6E:B4:EF:29:DB:B2:AA:36:5D:01:7C:68:A1 + + +-----BEGIN CERTIFICATE----- +MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD +VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa +Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs +YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy +IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD +hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u +12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU +DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ +e20sRA== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs1-pad-broken3.pem b/tests/cert-tests/data/pkcs1-pad-broken3.pem new file mode 100644 index 0000000000..9c1d39d329 --- /dev/null +++ b/tests/cert-tests/data/pkcs1-pad-broken3.pem @@ -0,0 +1,126 @@ +X.509 certificate info: + +Version: 3 +Serial Number (hex): 17 +Subject: CN=Hacker +Issuer: C=US,O=Starfield Technologies\, Inc.,OU=Starfield Class 2 Certification Authority +Signature Algorithm: RSA-SHA +Validity: + Not Before: Sat Aug 19 18:51:30 2006 + Not After: Wed Oct 18 18:51:30 2006 +Subject Public Key Info: + Public Key Algorithm: RSA (1024 bits) +modulus: + a4:ae:e8:28:56:b6:d0:6c:3a:96:81:ad:87:f8:3f: + 3c:82:18:d7:ba:0e:e1:3b:ae:6a:b8:08:cb:24:77: + 3f:2e:88:02:77:c1:57:7c:8c:6b:23:75:e6:38:63: + 3a:17:49:5a:7e:f6:61:05:e9:7a:8d:83:20:df:f1: + 46:f7:90:d8:0f:63:1b:c9:db:c9:60:41:5a:5d:e5: + 17:46:59:71:e8:d7:82:d6:05:30:f5:9a:d1:64:0a: + 20:21:56:50:13:b1:53:48:fe:d8:ef:da:db:fb:26: + 9f:04:b3:29:5b:0c:77:bb:86:c9:40:d2:b9:ec:46: + bd:9c:4b:d6:ef:a4:cd:37: +public exponent: + 01:00:01: + +X.509 Extensions: + Basic Constraints: (critical) + CA:TRUE + +Other information: + MD5 Fingerprint: 46:54:EC:0F:EF:70:BE:BE:22:57:90:BC:A1:FD:B8:AA + SHA1 Fingerprint: 73:FA:53:71:4A:F1:AB:C6:31:82:B5:4D:59:3C:BC:B6:36:87:0D:55 + Public Key ID: 9E:A1:D8:56:93:79:0C:B3:E3:0B:D3:F4:A5:40:C8:7C:78:A8:49:82 + + +-----BEGIN CERTIFICATE----- +MIICgzCCAWugAwIBAgIBFzANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYw +ODE5MTY1MTMwWhcNMDYxMDE4MTY1MTMwWjARMQ8wDQYDVQQDEwZIYWNrZXIwgZ8w +DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKSu6ChWttBsOpaBrYf4PzyCGNe6DuE7 +rmq4CMskdz8uiAJ3wVd8jGsjdeY4YzoXSVp+9mEF6XqNgyDf8Ub3kNgPYxvJ28lg +QVpd5RdGWXHo14LWBTD1mtFkCiAhVlATsVNI/tjv2tv7Jp8EsylbDHe7hslA0rns +Rr2cS9bvpM03AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEF +BQADggEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLL/Up63HkFWD15INcW +Xd1nZGI+gO/whm58ICyJ1Js7ON6N4NyBTwe8513CvdOlOdG/Ctmy2gxEE47HhEed +ST8AUooI0ey599t84P20gGRuOYIjr7c= +-----END CERTIFICATE----- + + + +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00 +Subject: C=US,O=Starfield Technologies\, Inc.,OU=Starfield Class 2 Certification Authority +Issuer: C=US,O=Starfield Technologies\, Inc.,OU=Starfield Class 2 Certification Authority +Signature Algorithm: RSA-SHA +Validity: + Not Before: Tue Jun 29 19:39:16 2004 + Not After: Thu Jun 29 19:39:16 2034 +Subject Public Key Info: + Public Key Algorithm: RSA (2048 bits) +modulus: + b7:32:c8:fe:e9:71:a6:04:85:ad:0c:11:64:df:ce: + 4d:ef:c8:03:18:87:3f:a1:ab:fb:3c:a6:9f:f0:c3: + a1:da:d4:d8:6e:2b:53:90:fb:24:a4:3e:84:f0:9e: + e8:5f:ec:e5:27:44:f5:28:a6:3f:7b:de:e0:2a:f0: + c8:af:53:2f:9e:ca:05:01:93:1e:8f:66:1c:39:a7: + 4d:fa:5a:b6:73:04:25:66:eb:77:7f:e7:59:c6:4a: + 99:25:14:54:eb:26:c7:f3:7f:19:d5:30:70:8f:af: + b0:46:2a:ff:ad:eb:29:ed:d7:9f:aa:04:87:a3:d4: + f9:89:a5:34:5f:db:43:91:82:36:d9:66:3c:b1:b8: + b9:82:fd:9c:3a:3e:10:c8:3b:ef:06:65:66:7a:9b: + 19:18:3d:ff:71:51:3c:30:2e:5f:be:3d:77:73:b2: + 5d:06:6c:c3:23:56:9a:2b:85:26:92:1c:a7:02:b3: + e4:3f:0d:af:08:79:82:b8:36:3d:ea:9c:d3:35:b3: + bc:69:ca:f5:cc:9d:e8:fd:64:8d:17:80:33:6e:5e: + 4a:5d:99:c9:1e:87:b4:9d:1a:c0:d5:6e:13:35:23: + 5e:df:9b:5f:3d:ef:d6:f7:76:c2:ea:3e:bb:78:0d: + 1c:42:67:6b:04:d8:f8:d6:da:6f:8b:f2:44:a0:01: + ab: +public exponent: + 03: + +X.509 Extensions: + Basic Constraints: + CA:TRUE + Subject Key ID: + BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 + Authority Key ID: + BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 + +Other information: + MD5 Fingerprint: 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24 + SHA1 Fingerprint: AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A + Public Key ID: 8D:C9:49:57:76:CC:19:71:BC:E5:EA:17:70:0A:83:61:9D:C9:27:A7 + + +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs1-pad-ok.pem b/tests/cert-tests/data/pkcs1-pad-ok.pem new file mode 100644 index 0000000000..ff19cb456e --- /dev/null +++ b/tests/cert-tests/data/pkcs1-pad-ok.pem @@ -0,0 +1,118 @@ +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FF +Subject: C=JP,ST=Tokyo,O=TEST 2 CLIENT,CN=www2.example.jp +Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Signature Algorithm: RSA-SHA +Validity: + Not Before: Thu Sep 7 18:40:37 2006 + Not After: Fri Sep 7 18:40:37 2007 +Subject Public Key Info: + Public Key Algorithm: RSA (1024 bits) +modulus: + bd:2a:59:ea:28:3d:0e:97:8a:07:ad:21:ee:28:b5: + 46:2b:4d:ba:f9:27:e0:83:4e:7c:45:e3:0a:33:d2: + 17:09:88:6c:62:6a:9f:25:af:29:38:8c:2b:38:2e: + 11:89:06:e8:26:40:6e:cc:78:e2:dd:e4:be:c5:43: + 79:47:79:59:90:51:80:ca:1e:41:dd:6d:34:90:54: + e0:15:f1:38:0f:1b:57:37:70:b2:dc:da:3d:e7:ae: + 7d:0b:59:0e:f2:9f:33:87:a3:f9:fa:3f:8f:d9:58: + 1f:db:9d:0a:e8:35:86:e6:8d:c9:b7:02:b6:28:f3: + 1a:89:e4:75:d5:f8:24:45: +public exponent: + 01:00:01: + +X.509 Extensions: + Basic Constraints: + CA:FALSE + Subject Key ID: + 2B:40:D9:B5:DF:0A:D4:FD:A2:8F:D8:15:29:43:5C:1E:5C:7B:B8:22 + Authority Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + 2.16.840.1.113730.1.13: + DER Data: 161d4f70656e53534c2047656e657261746564204365727469666963617465 + ASCII: ..OpenSSL Generated Certificate + +Other information: + MD5 Fingerprint: 8C:D7:69:6A:E6:75:BD:E9:77:A7:86:43:F5:D1:89:C1 + SHA1 Fingerprint: F5:EC:64:57:BD:BB:00:A1:45:26:ED:3B:FD:4D:8B:CA:FD:F1:1D:41 + Public Key ID: 05:95:E0:8F:69:A2:59:92:3D:6B:2B:32:0C:88:C7:12:A1:09:16:8F + + +-----BEGIN CERTIFICATE----- +MIICzTCCAjagAwIBAgIJAOSnzE4Qx2H/MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTQwHhcNMDYwOTA3MTY0MDM3WhcNMDcwOTA3MTY0MDM3WjBPMQswCQYDVQQGEwJK +UDEOMAwGA1UECBMFVG9reW8xFjAUBgNVBAoTDVRFU1QgMiBDTElFTlQxGDAWBgNV +BAMTD3d3dzIuZXhhbXBsZS5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vSpZ6ig9DpeKB60h7ii1RitNuvkn4INOfEXjCjPSFwmIbGJqnyWvKTiMKzguEYkG +6CZAbsx44t3kvsVDeUd5WZBRgMoeQd1tNJBU4BXxOA8bVzdwstzaPeeufQtZDvKf +M4ej+fo/j9lYH9udCug1huaNybcCtijzGonkddX4JEUCAwEAAaOBxjCBwzAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUK0DZtd8K1P2ij9gVKUNcHlx7uCIwaQYDVR0jBGIwYIAU +340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNVBAYTAkpQMRQwEgYDVQQK +EwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAxLTSCCQDkp8xOEMdh/jAN +BgkqhkiG9w0BAQUFAAOBgQCkGhwCDLRwWbDnDFReXkIZ1/9OhfiR8yL1idP9iYVU +cSoWxSHPBWkv6LORFS03APcXCSzDPJ9pxTjFjGGFSI91fNrzkKdHU/+0WCF2uTh7 +Dz2blqtcmnJqMSn1xHxxfM/9e6M3XwFUMf7SGiKRAbDfsauPafEPTn83vSeKj1lg +Dw== +-----END CERTIFICATE----- + + + +X.509 certificate info: + +Version: 3 +Serial Number (hex): 00:E4:A7:CC:4E:10:C7:61:FE +Subject: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Issuer: C=JP,O=CA TEST 1-4,CN=CA TEST 1-4 +Signature Algorithm: RSA-SHA +Validity: + Not Before: Thu Sep 7 18:33:18 2006 + Not After: Sat Oct 7 18:33:18 2006 +Subject Public Key Info: + Public Key Algorithm: RSA (1024 bits) +modulus: + d9:7c:58:e4:3c:36:5e:a2:bc:56:aa:4e:ff:0c:a3: + 36:77:ff:4d:6a:8d:bc:74:ce:93:e6:c6:f9:2f:8d: + 61:0f:90:b5:91:75:7a:30:97:af:e4:02:c0:49:2c: + 6d:23:a3:95:3a:66:4e:e2:07:ee:6e:7b:2f:72:3d: + 0d:4d:93:b8:49:e1:75:c8:bd:6b:54:33:dd:c7:b8: + ee:40:8d:5c:6c:38:86:fc:4c:08:31:6d:bd:50:87: + 63:f6:1d:39:d8:94:e6:11:ba:53:d1:1b:8f:ff:82: + 56:98:05:ab:74:ee:54:13:8d:31:b9:ae:d2:cf:6f: + fa:f8:30:76:66:49:45:a1: +public exponent: + 03: + +X.509 Extensions: + Basic Constraints: + CA:TRUE + Subject Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + Authority Key ID: + DF:8D:09:6D:E6:1C:83:A5:7D:CE:2F:1A:A3:3C:B8:F1:A2:21:B5:F8 + +Other information: + MD5 Fingerprint: CA:33:DC:62:CB:54:8E:59:DD:D2:E8:9D:F6:BA:90:5B + SHA1 Fingerprint: A4:E8:7D:0A:7D:D2:15:10:B0:AE:F7:24:58:F4:BE:AF:80:48:FE:AD + Public Key ID: E5:D1:FC:26:A8:4C:FC:15:59:AD:06:F1:46:D8:40:31:C0:49:4D:1F + + +-----BEGIN CERTIFICATE----- +MIICijCCAfOgAwIBAgIJAOSnzE4Qx2H+MA0GCSqGSIb3DQEBBQUAMDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTQwHhcNMDYwOTA3MTYzMzE4WhcNMDYxMDA3MTYzMzE4WjA5MQswCQYDVQQGEwJK +UDEUMBIGA1UEChMLQ0EgVEVTVCAxLTQxFDASBgNVBAMTC0NBIFRFU1QgMS00MIGd +MA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDZfFjkPDZeorxWqk7/DKM2d/9Nao28 +dM6T5sb5L41hD5C1kXV6MJev5ALASSxtI6OVOmZO4gfubnsvcj0NTZO4SeF1yL1r +VDPdx7juQI1cbDiG/EwIMW29UIdj9h052JTmEbpT0RuP/4JWmAWrdO5UE40xua7S +z2/6+DB2ZklFoQIBA6OBmzCBmDAdBgNVHQ4EFgQU340JbeYcg6V9zi8aozy48aIh +tfgwaQYDVR0jBGIwYIAU340JbeYcg6V9zi8aozy48aIhtfihPaQ7MDkxCzAJBgNV +BAYTAkpQMRQwEgYDVQQKEwtDQSBURVNUIDEtNDEUMBIGA1UEAxMLQ0EgVEVTVCAx +LTSCCQDkp8xOEMdh/jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABsH +aJ/c/3cGHssi8IvVRci/aavqj607y7l22nKDtG1p4KAjnfNhBMOhRhFv00nJnokK +y0uc4DIegAW1bxQjqcMNNEmGbzAeixH/cRCot8C1LobEQmxNWCY2DJLWoI3wwqr8 +uUSnI1CDZ5402etkCiNXsDy/eYDrF+2KonkIWRrr +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/pkcs1-pad-ok2.pem b/tests/cert-tests/data/pkcs1-pad-ok2.pem new file mode 100644 index 0000000000..36548fa48f --- /dev/null +++ b/tests/cert-tests/data/pkcs1-pad-ok2.pem @@ -0,0 +1,39 @@ +X.509 certificate info: + +Version: 1 +Serial Number (hex): 06 +Subject: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit) +Issuer: C=AU,ST=Queensland,O=CryptSoft Pty Ltd,CN=Server test cert (512 bit) +Signature Algorithm: RSA-SHA +Validity: + Not Before: Tue Sep 12 01:59:02 2006 + Not After: Thu Oct 12 01:59:02 2006 +Subject Public Key Info: + Public Key Algorithm: RSA (512 bits) +modulus: + 9f:b3:c3:84:27:95:ff:12:31:52:0f:15:ef:46:11: + c4:ad:80:e6:36:5b:0f:dd:80:d7:61:8d:e0:fc:72: + 45:09:34:fe:55:66:45:43:4c:68:97:6a:fe:a8:a0: + a5:df:5f:78:ff:ee:d7:64:b8:3f:04:cb:6f:ff:2a: + fe:fe:b9:ed: +public exponent: + 01:00:01: + +Other information: + MD5 Fingerprint: A3:EB:02:BD:45:54:AD:A3:74:FC:CA:BE:31:A3:41:0A + SHA1 Fingerprint: FA:E0:71:22:53:6D:9E:F5:01:EF:89:93:1D:3B:A9:17:29:75:2C:F8 + Public Key ID: 77:47:AD:43:02:5B:06:6E:B4:EF:29:DB:B2:AA:36:5D:01:7C:68:A1 + + +-----BEGIN CERTIFICATE----- +MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD +VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU5MDJa +Fw0wNjEwMTEyMzU5MDJaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs +YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy +IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD +hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u +12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAc+fnj0rB2CYautG2 +4itiMOU4SN6JFTFDCTU/Gb5aR/Fiu7HJkuE5yGEnTdnwcId/T9sTW251yzCc1e2z +rHX/kw== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/pkcs1-pad b/tests/cert-tests/pkcs1-pad new file mode 100755 index 0000000000..fe10cf22d8 --- /dev/null +++ b/tests/cert-tests/pkcs1-pad @@ -0,0 +1,110 @@ +#!/bin/sh + +# Copyright (C) 2004-2006, 2008-2010, 2012 Free Software Foundation, +# Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -e + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" + +export TZ="UTC" + +# Check for datefudge +TSTAMP=`datefudge "2006-09-23" date -u +%s || true` +if test "${TSTAMP}" != "1158969600"; then + echo "You need datefudge to run this test" + exit 77 +fi + +TMPFILE1=pkcs1-pad.$$.tmp +TMPFILE2=pkcs1-pad-2.$$.tmp + +# Test 1, PKCS#1 pad digestAlgorithm.parameters + +EXPECT1=2002 + +datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok.pem" | tee $TMPFILE1 >/dev/null 2>&1 +datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken.pem" | tee $TMPFILE2 >/dev/null 2>&1 + +out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` +out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "` +out2fails=`grep 'Not verified.' $TMPFILE2 | wc -l | tr -d " "` + +if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT1}"; then + echo "$TMPFILE1 oks ${out1oks} fails ${out1fails} $TMPFILE2 oks ${out2oks} fails ${out2fails}" + echo "expected ${EXPECT1}" + echo "PKCS1-PAD1 FAIL" + exit 1 +fi + +rm -f $TMPFILE1 $TMPFILE2 + +echo "PKCS1-PAD1 OK" + +# Test 2, Bleichenbacher's Crypto 06 rump session + +EXPECT2=2002 + +datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok2.pem" | tee $TMPFILE1 >/dev/null 2>&1 +datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken2.pem" | tee $TMPFILE2 >/dev/null 2>&1 + +out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` +out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "` +out2fails=`grep 'Not verified.' $TMPFILE2 | wc -l | tr -d " "` + +if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT2}"; then + echo "$TMPFILE1 oks ${out1oks} fails ${out1fails} $TMPFILE2 oks ${out2oks} fails ${out2fails}" + echo "expected ${EXPECT2}" + echo "PKCS1-PAD2 FAIL" + exit 1 +fi + +rm -f $TMPFILE1 $TMPFILE2 + +echo "PKCS1-PAD2 OK" + +# Test 3, forged Starfield certificate, +# by Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann. + + +EXPECT3=02 + +datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken3.pem" | tee $TMPFILE1 >/dev/null 2>&1 + +out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "` + +if test "${out1oks}${out1fails}" != "${EXPECT3}"; then + echo "$TMPFILE1 oks ${out1oks} fails ${out1fails}" + echo "expected ${EXPECT3}" + echo "PKCS1-PAD3 FAIL" + exit 1 +fi + +rm -f $TMPFILE1 + +echo "PKCS1-PAD3 OK" + +# We're done. +exit 0 |