From b2c38f54b4a0cbf5a4de7a884eff908fe1f20c30 Mon Sep 17 00:00:00 2001
From: Paul Bakker
Date: Sun, 19 Jul 2009 19:36:15 +0000
Subject: [PATCH] - Added a lot of ASN1 Certificate parsing tests
---
tests/suites/test_suite_x509parse.data | 148 +++++++++++++++++++++
tests/suites/test_suite_x509parse.function | 29 ++++
2 files changed, 177 insertions(+)
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 4f33c8840..8ab7ccc2a 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -105,3 +105,151 @@ x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/cr
X509 Parse Selftest
x509_selftest:
+
+X509 Certificate ASN1 (Incorrect first tag)
+x509parse_crt:"":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT
+
+X509 Certificate ASN1 (Correct first tag, data length does not match)
+x509parse_crt:"300000":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
+
+X509 Certificate ASN1 (Correct first tag, no more data)
+x509parse_crt:"3000":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (Correct first tag, second tag no TBSCertificate)
+x509parse_crt:"300100":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
+
+X509 Certificate ASN1 (TBSCertificate, no version tag, serial missing)
+x509parse_crt:"3003300100":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
+
+X509 Certificate ASN1 (TBSCertificate, invalid version tag)
+x509parse_crt:"30053003a00101":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
+
+X509 Certificate ASN1 (TBSCertificate, valid version tag, no length)
+x509parse_crt:"30053003a00102":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, valid version tag, invalid length)
+x509parse_crt:"30163014a012021000000000000000000000000000000000":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_INVALID_LENGTH
+
+X509 Certificate ASN1 (TBSCertificate, valid version tag, no serial)
+x509parse_crt:"30073005a003020104":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, invalid length version tag)
+x509parse_crt:"30083006a00402010400":"":POLARSSL_ERR_X509_CERT_INVALID_VERSION | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
+
+X509 Certificate ASN1 (TBSCertificate, incorrect serial tag)
+x509parse_crt:"30083006a00302010400":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
+
+X509 Certificate ASN1 (TBSCertificate, incorrect serial length)
+x509parse_crt:"30083006a00302010482":"":POLARSSL_ERR_X509_CERT_INVALID_SERIAL | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, correct serial, no alg)
+x509parse_crt:"300d300ba0030201048204deadbeef":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, correct serial, no alg oid)
+x509parse_crt:"300e300ca0030201048204deadbeef00":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
+
+X509 Certificate ASN1 (TBSCertificate, correct serial, alg with params)
+x509parse_crt:"30163014a0030201048204deadbeef30070604cafed00d01":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
+
+X509 Certificate ASN1 (TBSCertificate, correct alg data, unknown version)
+x509parse_crt:"30173015a0030201048204deadbeef30080604cafed00d0500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION
+
+X509 Certificate ASN1 (TBSCertificate, correct alg, unknown alg_id)
+x509parse_crt:"30173015a0030201028204deadbeef30080604cafed00d0500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
+
+X509 Certificate ASN1 (TBSCertificate, correct alg, specific alg_id)
+x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, correct alg, unknown specific alg_id)
+x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101010500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG
+
+X509 Certificate ASN1 (TBSCertificate, issuer no set data)
+x509parse_crt:"301e301ca0030201028204deadbeef300d06092a864886f70d01010205003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, issuer no inner seq data)
+x509parse_crt:"3020301ea0030201028204deadbeef300d06092a864886f70d010102050030023100":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, issuer no inner set data)
+x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas)
+x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
+
+X509 Certificate ASN1 (TBSCertificate, issuer no oid data)
+x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, issuer invalid tag)
+x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600060454657374":"":POLARSSL_ERR_X509_CERT_INVALID_NAME | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
+
+X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity)
+x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_DATE | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, too much date data)
+x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900":"":POLARSSL_ERR_X509_CERT_INVALID_DATE | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
+
+X509 Certificate ASN1 (TBSCertificate, valid validity, no subject)
+x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo)
+x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg)
+x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG
+
+X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring)
+x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data)
+x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start)
+x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY
+
+X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length)
+x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
+
+X509 Certificate ASN1 (TBSCertificate, pubkey, invalid mpi)
+x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY | POLARSSL_ERR_ASN1_UNEXPECTED_TAG
+
+X509 Certificate ASN1 (TBSCertificate, pubkey, check failed)
+x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff":"":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
+
+X509 Certificate ASN1 (TBSCertificate, pubkey, check failed, expanded length notation)
+x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff":"":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
+
+X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present)
+x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag)
+x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
+
+X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext)
+x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate v3, ext empty)
+x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch)
+x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
+
+X509 Certificate ASN1 (TBSCertificate v3, first ext invalid)
+x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (correct pubkey, no sig_alg)
+x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_CERT_INVALID_ALG | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (sig_alg mismatch)
+x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":POLARSSL_ERR_X509_CERT_SIG_MISMATCH
+
+X509 Certificate ASN1 (sig_alg, no sig)
+x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE | POLARSSL_ERR_ASN1_OUT_OF_DATA
+
+X509 Certificate ASN1 (signature, invalid sig data)
+x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE
+
+X509 Certificate ASN1 (signature, data left)
+x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH
+
+X509 Certificate ASN1 (correct)
+x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA+MD2\nRSA key size \: 128 bits\n":0
+
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index c526cb720..d87f4f999 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -123,6 +123,35 @@ x509parse_key:key_file:password:result
}
END_CASE
+BEGIN_CASE
+x509parse_crt:crt_data:result_str:result
+{
+ x509_cert crt;
+ unsigned char buf[2000];
+ unsigned char output[2000];
+ int data_len, res;
+
+ memset( &crt, 0, sizeof( x509_cert ) );
+ memset( buf, 0, 2000 );
+ memset( output, 0, 2000 );
+
+ data_len = unhexify( buf, {crt_data} );
+
+ res = x509parse_crt( &crt, buf, data_len );
+ printf(" %04x ", res);
+ TEST_ASSERT( x509parse_crt( &crt, buf, data_len ) == ( {result} ) );
+ if( ( {result} ) == 0 )
+ {
+ res = x509parse_cert_info( (char *) output, 2000, "", &crt );
+
+ TEST_ASSERT( res != -1 );
+ TEST_ASSERT( res != -2 );
+
+ TEST_ASSERT( strcmp( (char *) output, {result_str} ) == 0 );
+ }
+}
+END_CASE
+
BEGIN_CASE
x509_selftest:
{