Commit b2c38f54 authored by Paul Bakker's avatar Paul Bakker
Browse files

- Added a lot of ASN1 Certificate parsing tests

parent 94101362
......@@ -105,3 +105,151 @@ x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/cr
X509 Parse Selftest
x509_selftest:
X509 Certificate ASN1 (Incorrect first tag)
x509parse_crt:"":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT
X509 Certificate ASN1 (Correct first tag, data length does not match)
x509parse_crt:"300000":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
X509 Certificate ASN1 (Correct first tag, no more data)
x509parse_crt:"3000":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (Correct first tag, second tag no TBSCertificate)
x509parse_crt:"300100":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 Certificate ASN1 (TBSCertificate, no version tag, serial missing)
x509parse_crt:"3003300100":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 Certificate ASN1 (TBSCertificate, invalid version tag)
x509parse_crt:"30053003a00101":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 Certificate ASN1 (TBSCertificate, valid version tag, no length)
x509parse_crt:"30053003a00102":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, valid version tag, invalid length)
x509parse_crt:"30163014a012021000000000000000000000000000000000":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_INVALID_LENGTH
X509 Certificate ASN1 (TBSCertificate, valid version tag, no serial)
x509parse_crt:"30073005a003020104":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, invalid length version tag)
x509parse_crt:"30083006a00402010400":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
X509 Certificate ASN1 (TBSCertificate, incorrect serial tag)
x509parse_crt:"30083006a00302010400":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 Certificate ASN1 (TBSCertificate, incorrect serial length)
x509parse_crt:"30083006a00302010482":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, correct serial, no alg)
x509parse_crt:"300d300ba0030201048204deadbeef":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, correct serial, no alg oid)
x509parse_crt:"300e300ca0030201048204deadbeef00":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 Certificate ASN1 (TBSCertificate, correct serial, alg with params)
x509parse_crt:"30163014a0030201048204deadbeef30070604cafed00d01":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 Certificate ASN1 (TBSCertificate, correct alg data, unknown version)
x509parse_crt:"30173015a0030201048204deadbeef30080604cafed00d0500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION
X509 Certificate ASN1 (TBSCertificate, correct alg, unknown alg_id)
x509parse_crt:"30173015a0030201028204deadbeef30080604cafed00d0500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
X509 Certificate ASN1 (TBSCertificate, correct alg, specific alg_id)
x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, correct alg, unknown specific alg_id)
x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101010500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
X509 Certificate ASN1 (TBSCertificate, issuer no set data)
x509parse_crt:"301e301ca0030201028204deadbeef300d06092a864886f70d01010205003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, issuer no inner seq data)
x509parse_crt:"3020301ea0030201028204deadbeef300d06092a864886f70d010102050030023100":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, issuer no inner set data)
x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas)
x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
X509 Certificate ASN1 (TBSCertificate, issuer no oid data)
x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, issuer invalid tag)
x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600060454657374":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity)
x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_DATE | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, too much date data)
x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900":"":POLARSSL_ERR_X509_CERT_INVALID_DATE | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
X509 Certificate ASN1 (TBSCertificate, valid validity, no subject)
x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG
X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring)
x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data)
x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start)
x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length)
x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid mpi)
x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
X509 Certificate ASN1 (TBSCertificate, pubkey, check failed)
x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff":"":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
X509 Certificate ASN1 (TBSCertificate, pubkey, check failed, expanded length notation)
x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff":"":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present)
x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag)
x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext)
x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate v3, ext empty)
x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch)
x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
X509 Certificate ASN1 (TBSCertificate v3, first ext invalid)
x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (correct pubkey, no sig_alg)
x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (sig_alg mismatch)
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":POLARSSL_ERR_X509_CERT_SIG_MISMATCH
X509 Certificate ASN1 (sig_alg, no sig)
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE | POLARSSL_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (signature, invalid sig data)
x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE
X509 Certificate ASN1 (signature, data left)
x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
X509 Certificate ASN1 (correct)
x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA+MD2\nRSA key size \: 128 bits\n":0
......@@ -123,6 +123,35 @@ x509parse_key:key_file:password:result
}
END_CASE
BEGIN_CASE
x509parse_crt:crt_data:result_str:result
{
x509_cert crt;
unsigned char buf[2000];
unsigned char output[2000];
int data_len, res;
memset( &crt, 0, sizeof( x509_cert ) );
memset( buf, 0, 2000 );
memset( output, 0, 2000 );
data_len = unhexify( buf, {crt_data} );
res = x509parse_crt( &crt, buf, data_len );
printf(" %04x ", res);
TEST_ASSERT( x509parse_crt( &crt, buf, data_len ) == ( {result} ) );
if( ( {result} ) == 0 )
{
res = x509parse_cert_info( (char *) output, 2000, "", &crt );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, {result_str} ) == 0 );
}
}
END_CASE
BEGIN_CASE
x509_selftest:
{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment