mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-18 19:27:41 +00:00
- Added a lot of ASN1 Certificate parsing tests
This commit is contained in:
parent
94101362e8
commit
b2c38f54b4
@ -105,3 +105,151 @@ x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/cr
|
||||
|
||||
X509 Parse Selftest
|
||||
x509_selftest:
|
||||
|
||||
X509 Certificate ASN1 (Incorrect first tag)
|
||||
x509parse_crt:"":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT
|
||||
|
||||
X509 Certificate ASN1 (Correct first tag, data length does not match)
|
||||
x509parse_crt:"300000":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (Correct first tag, no more data)
|
||||
x509parse_crt:"3000":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (Correct first tag, second tag no TBSCertificate)
|
||||
x509parse_crt:"300100":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, no version tag, serial missing)
|
||||
x509parse_crt:"3003300100":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, invalid version tag)
|
||||
x509parse_crt:"30053003a00101":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, valid version tag, no length)
|
||||
x509parse_crt:"30053003a00102":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, valid version tag, invalid length)
|
||||
x509parse_crt:"30163014a012021000000000000000000000000000000000":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_INVALID_LENGTH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, valid version tag, no serial)
|
||||
x509parse_crt:"30073005a003020104":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, invalid length version tag)
|
||||
x509parse_crt:"30083006a00402010400":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, incorrect serial tag)
|
||||
x509parse_crt:"30083006a00302010400":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, incorrect serial length)
|
||||
x509parse_crt:"30083006a00302010482":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, correct serial, no alg)
|
||||
x509parse_crt:"300d300ba0030201048204deadbeef":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, correct serial, no alg oid)
|
||||
x509parse_crt:"300e300ca0030201048204deadbeef00":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, correct serial, alg with params)
|
||||
x509parse_crt:"30163014a0030201048204deadbeef30070604cafed00d01":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, correct alg data, unknown version)
|
||||
x509parse_crt:"30173015a0030201048204deadbeef30080604cafed00d0500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, correct alg, unknown alg_id)
|
||||
x509parse_crt:"30173015a0030201028204deadbeef30080604cafed00d0500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, correct alg, specific alg_id)
|
||||
x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, correct alg, unknown specific alg_id)
|
||||
x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101010500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, issuer no set data)
|
||||
x509parse_crt:"301e301ca0030201028204deadbeef300d06092a864886f70d01010205003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, issuer no inner seq data)
|
||||
x509parse_crt:"3020301ea0030201028204deadbeef300d06092a864886f70d010102050030023100":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, issuer no inner set data)
|
||||
x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas)
|
||||
x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, issuer no oid data)
|
||||
x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, issuer invalid tag)
|
||||
x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600060454657374":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity)
|
||||
x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_DATE | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, too much date data)
|
||||
x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900":"":POLARSSL_ERR_X509_CERT_INVALID_DATE | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, valid validity, no subject)
|
||||
x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
|
||||
x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
|
||||
x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring)
|
||||
x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data)
|
||||
x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start)
|
||||
x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length)
|
||||
x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, invalid mpi)
|
||||
x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, check failed)
|
||||
x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff":"":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate, pubkey, check failed, expanded length notation)
|
||||
x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff":"":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present)
|
||||
x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag)
|
||||
x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext)
|
||||
x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, ext empty)
|
||||
x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch)
|
||||
x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (TBSCertificate v3, first ext invalid)
|
||||
x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (correct pubkey, no sig_alg)
|
||||
x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (sig_alg mismatch)
|
||||
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":POLARSSL_ERR_X509_CERT_SIG_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (sig_alg, no sig)
|
||||
x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE | POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 Certificate ASN1 (signature, invalid sig data)
|
||||
x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE
|
||||
|
||||
X509 Certificate ASN1 (signature, data left)
|
||||
x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (correct)
|
||||
x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA+MD2\nRSA key size \: 128 bits\n":0
|
||||
|
||||
|
@ -123,6 +123,35 @@ x509parse_key:key_file:password:result
|
||||
}
|
||||
END_CASE
|
||||
|
||||
BEGIN_CASE
|
||||
x509parse_crt:crt_data:result_str:result
|
||||
{
|
||||
x509_cert crt;
|
||||
unsigned char buf[2000];
|
||||
unsigned char output[2000];
|
||||
int data_len, res;
|
||||
|
||||
memset( &crt, 0, sizeof( x509_cert ) );
|
||||
memset( buf, 0, 2000 );
|
||||
memset( output, 0, 2000 );
|
||||
|
||||
data_len = unhexify( buf, {crt_data} );
|
||||
|
||||
res = x509parse_crt( &crt, buf, data_len );
|
||||
printf(" %04x ", res);
|
||||
TEST_ASSERT( x509parse_crt( &crt, buf, data_len ) == ( {result} ) );
|
||||
if( ( {result} ) == 0 )
|
||||
{
|
||||
res = x509parse_cert_info( (char *) output, 2000, "", &crt );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
TEST_ASSERT( res != -2 );
|
||||
|
||||
TEST_ASSERT( strcmp( (char *) output, {result_str} ) == 0 );
|
||||
}
|
||||
}
|
||||
END_CASE
|
||||
|
||||
BEGIN_CASE
|
||||
x509_selftest:
|
||||
{
|
||||
|
Loading…
x
Reference in New Issue
Block a user