mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-22 10:50:59 +00:00
Change X.509 test cases to not rely on asn1parse limitations
Tweak test data for one test case to not rely on mbedtls_asn1_get_int lacking support for leading zeros. Instead, use a number that is actually out of range for int. Tweak test data for one test case to not rely on mbedtls_asn1_get_bitstring_null rejecting bitstrings shorter than two octets. Instead, try bit strings that are genuinely invalid, or have a nonzero number of unused bits. Add a test case with a correct empty signature. This is commented out because asn1parse currently does not support this. Uncomment it when asn1parse is updated to support this.
This commit is contained in:
parent
37600837d3
commit
2dedcc5989
|
@ -1058,7 +1058,8 @@ x509parse_crt:"30193004a0020285300d06092a864886f70d01010b0500030200ff":"":MBEDTL
|
|||
|
||||
X509 CRT ASN1 (TBS, valid inner version tag, inner length too large for int)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
||||
x509parse_crt:"30293014a012021000000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_INVALID_LENGTH
|
||||
# tbsCertificate.version = 0x01000000000000000000000000000000 rejected by mbedtls_asn1_get_int
|
||||
x509parse_crt:"30293014a012021001000000000000000000000000000000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_VERSION + MBEDTLS_ERR_ASN1_INVALID_LENGTH
|
||||
|
||||
X509 CRT ASN1 (TBS, valid inner version tag, inner vs. outer length mismatch)
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
|
||||
|
@ -1825,13 +1826,36 @@ X509 CRT ASN1 (inv Signature, length out of bounds)
|
|||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRT ASN1 (inv Signature, empty)
|
||||
X509 CRT ASN1 (inv Signature, inv data #1)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
# signature = bit string with invalid encoding (missing number of unused bits)
|
||||
x509parse_crt:"3081bb3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b05000300":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
|
||||
|
||||
X509 CRT ASN1 (inv Signature, inv data)
|
||||
X509 CRT ASN1 (inv Signature, inv data #2)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
|
||||
# signature = bit string with invalid encoding (number of unused bits too large)
|
||||
x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030108":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
|
||||
|
||||
## This edge case currently fails to parse due to an ASN.1 bug.
|
||||
## It doesn't matter as far as X.509 is concerned since the signature would
|
||||
## not be valid anyway.
|
||||
## https://github.com/ARMmbed/mbed-crypto/pull/75 will fix this bug and make
|
||||
## this test case pass.
|
||||
# X509 CRT ASN1 (empty Signature)
|
||||
# depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
# # signature = empty bit string in DER encoding
|
||||
# x509parse_crt:"3081bc3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030100":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0
|
||||
|
||||
X509 CRT ASN1 (dummy 24-bit Signature)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
# signature = bit string "011001100110111101101111"
|
||||
x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030400666f6f":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0
|
||||
|
||||
# The ASN.1 module rejects non-octet-aligned bit strings.
|
||||
X509 CRT ASN1 (inv Signature: not octet-aligned)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
# signature = bit string "01100110011011110110111"
|
||||
x509parse_crt:"3081bf3081a7a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030401666f6e":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA
|
||||
|
||||
X509 CRT ASN1 (inv Signature, length mismatch)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
|
|
Loading…
Reference in a new issue