Commit Graph

192 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
aa86a61181 Add test for callback and bad signatures
Our current behaviour is a bit inconsistent here:
- when the bad signature is made by a trusted CA, we stop here and don't
  include the trusted CA in the chain (don't call vrfy on it)
- otherwise, we just add NOT_TRUSTED to the flags but keep building the chain
  and call vrfy on the upper certs
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
7e00e1c26b Add test for bad name and callback
This ensures that the callback can actually clear that flag, and that it is
seen by the callback at the right level. This flag is not set at the same
place than others, and this difference will get bigger in the upcoming
refactor, so let's ensure we don't break anything here.
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
93d828cc83 Add test for same CA with different keys
When a trusted CA is rolling its root keys, it could happen that for some
users the list of trusted roots contains two versions of the same CA with the
same name but different keys. Currently this is supported but wasn't tested.

Note: the intermediate file test-ca-alt.csr is commited on purpose, as not
commiting intermediate files causes make to regenerate files that we don't
want it to touch.
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
ecff9e9891 Add test for CA forgery attempt
As we accept EE certs that are explicitly trusted (in the list of trusted
roots) and usually look for parent by subject, and in the future we might want
to avoid checking the self-signature on trusted certs, there could a risk that we
incorrectly accept a cert that looks like a trusted root except it doesn't
have the same key. This test ensures this will never happen.
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
9c9a2286a3 Add test for profile on trusted EE cert 2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
94ff1c62dc Add tests for flags passed to f_vrfy
The tests cover chains of length 0, 1 and 2, with one error, located at any of
the available levels in the chain. This exercises all three call sites of
f_vrfy (two in verify_top, one in verify_child). Chains of greater length
would not cover any new code path or behaviour that I can see.
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
24310613e0 Add ability to test flags value in vrfy callback
So far there was no test ensuring that the flags passed to the vrfy callback
are correct (ie the flags for the current certificate, not including those of
the parent).

Actual tests case making use of that test function will be added in the next
commit.
2018-03-05 13:44:21 +01:00
Manuel Pégourié-Gonnard
f2fd546168 Fix depends_on:pk_alg in test suites 2018-03-05 13:41:18 +01:00
Manuel Pégourié-Gonnard
293b8848d3 Fix depends_on:curve in x509 tests 2018-03-05 13:36:22 +01:00
Manuel Pégourié-Gonnard
57176e5cd5 Fix missing depends_on:SHA/MD in x509 tests 2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
6a42083f87 Add tests for spurious certs in the chain
We have code to skip them but didn't have explicit tests ensuring they are
(the corresponding branch was never taken).

While at it, remove extra copy of the chain in server10*.crt, which was
duplicated for no reason.
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
92cd3fe7b5 Add test for bad signature with longer chain
This is one line that wasn't covered in verify_child()
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
3c873462a5 Add test for expired cert in longer chain
That's two lines that were not covered in verify_child()
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
a8ed751200 Add tests for fatal error in vrfy callback
This shows inconsistencies in how flags are handled when callback fails:
- sometimes the flags set by the callback are transmitted, sometimes not
- when the cert if not trusted, sometimes BADCERT_NOT_TRUSTED is set,
  sometimes not

This adds coverage for 9 lines and 9 branches. Now all lines related to
callback failure are covered.
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
3d12638824 Add ability to test failing vrfy callback 2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
9c1282c138 Add tests for profile enforcement
Now all checks related to profile are covered in:
- verify_with_profile()
- verify_child()
- verify_top()
(that's 10 lines that were previously not covered)

Leaving aside profile enforcement in CRLs for now, as the focus is on
preparing to refactor cert verification.
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
90eb5d97fb Set deterministic flags for NULL profile
Previously flags was left to whatever value it had before. It's cleaner to
make sure it has a definite value, and all bits set looks like the safest way
for when it went very wrong.
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
c53082cdf5 Add "profile" arg to X.509 test function
Unused yet, tests using it will be added in the next commit
2018-03-05 13:34:20 +01:00
Ron Eldor
607033e3df Add some tests for different available profiles
Add tests for suite b profile and for the next profile
2018-02-07 12:10:07 +02:00
Andres Amaya Garcia
b1d78fcf70 Improve leap year test names in x509parse.data 2017-10-12 21:03:15 +01:00
Andres Amaya Garcia
bc041130b0 Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 21:03:01 +01:00
Manuel Pégourié-Gonnard
c386317298 Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
489939f829 Improve behaviour on fatal errors
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-28 12:20:47 +01:00
Manuel Pégourié-Gonnard
4770dbc913 Add test for limit on intermediate certificates
Inspired by test code provided by Nicholas Wilson in PR #351.

The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than
18 (default is 8), which is hopefully unlikely and can easily be fixed by
running long.sh again with a larger value if it ever happens.

Current behaviour is suboptimal as flags are not set, but currently the goal
is only to document/test existing behaviour.
2017-07-28 12:19:49 +01:00
Andres AG
ad6cf99d6d Add CRT DER tests with incorrect version 2017-07-26 18:01:54 +01:00
Andres AG
9674a628e5 Add CRL DER tests with incorrect version 2017-07-26 18:01:43 +01:00
Andres AG
7ebf632b3e Add CSR DER tests with incorrect version 2017-07-26 18:01:32 +01:00
Gilles Peskine
c4cb493174 Cleaned up negative test predicate for test case
The test infrastructure does support negative predicates for test
cases, thanks to Andreas for letting me know.
2017-06-06 19:09:04 +02:00
Gilles Peskine
7344e1bd05 SHA-1 deprecation: allow it in key exchange
By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.

SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.
2017-06-06 19:09:02 +02:00
Gilles Peskine
e7375ef314 X.509 tests: obey compile-time SHA-1 support option
There is now one test case to validate that SHA-1 is rejected in
certificates by default, and one test case to validate that SHA-1 is
supported if MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 is #defined.
2017-06-06 19:08:23 +02:00
Gilles Peskine
559674ce48 Test that X.509 verification rejects SHA-256 by default 2017-06-06 19:08:23 +02:00
Gilles Peskine
dd57d75dfa Allow SHA-1 in X.509 and TLS tests
SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.
2017-06-06 19:08:23 +02:00
Janos Follath
a841d75aad Add unit tests for X509 certificate date parsing 2017-02-28 14:17:32 +00:00
Simon Butcher
d352e6dfcc Merge branch 'mbedtls-2.1-iotssl-1071-ca-flags'
Fixes a regression introduced by an earlier commit that modified
x509_crt_verify_top() to ensure that valid certificates that are after past or
future valid in the chain are processed. However the change introduced a change
in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and
MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the
verification regardless of the cause.

The fix maintains both behaviours:

 * Ensure that valid certificates after future and past are verified
 * Ensure that the correct verification flags are set.
2017-02-27 20:24:55 +00:00
Andres AG
3da3b6eccb Add tests for out flags from x509_crt_verify_top()
The tests load certificate chains from files. The CA chains contain a
past or future certificate and an invalid certificate. The test then
checks that the flags set are MBEDTLS_X509_BADCERT_EXPIRED or
MBEDTLS_X509_BADCERT_FUTURE.
2017-01-20 16:38:25 +00:00
Andres AG
978bdf9575 Add test for infinite loop in CRL parse 2017-01-19 17:13:36 +00:00
Andres AG
53d77130fc Add check for validity of date in x509_get_time() 2016-10-13 16:24:12 +01:00
Simon Butcher
8b459923ac Add missing dependencies to X509 Parse test suite for P-384 curve
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0 and 884b4fc.
2016-07-15 12:53:25 +01:00
Janos Follath
e223527da0 X509: Future CA among trusted: add more tests 2016-07-14 12:02:56 +01:00
Janos Follath
38921c8837 X509: Future CA among trusted: add unit tests 2016-07-14 12:02:50 +01:00
Janos Follath
f6f5441fd1 x509: trailing bytes in DER: correct a unit test
One of the unit test was failing, because it was testing behavior
that was part of the bug. Updated the return value to the correct one
2016-03-15 23:48:25 +00:00
Manuel Pégourié-Gonnard
3cb2074a82 Add test case for root with max_pathlen=0
This was already working but not tested so far

(Test case from previous commit still failing.)

Test certificates generated with:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key

programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"

mv cert9?.crt tests/data_files/dir4
rm cert9?.key
2015-11-19 11:25:30 +01:00
Manuel Pégourié-Gonnard
922cd9ba36 Add test case for first intermediate max_pathlen=0
!!! This test case is currently failing !!!
(See fix in next-next commit.)

Test certificates generated with the following script:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key

programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
    max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
    issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
    subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"

mv cert8?.crt tests/data_files/dir4
rm cert8?.key
2015-11-19 11:25:27 +01:00
Manuel Pégourié-Gonnard
fd1f9e735e Fix whitespace at EOL issues 2015-11-02 05:55:58 +09:00
Manuel Pégourié-Gonnard
841caf1b74 Use symbolic constants in test data 2015-11-02 05:55:39 +09:00
Janos Follath
36f1234d96 Additional corner cases for testing pathlen constrains. Just in case. 2015-11-02 05:55:15 +09:00
Janos Follath
c7bea3158a Added test case for pathlen constrains in intermediate certificates 2015-11-02 05:55:02 +09:00
Manuel Pégourié-Gonnard
93080dfacf Fix missing check for RSA key length on EE certs
- also adapt tests to use lesser requirement for compatibility with old
  testing material
2015-10-28 13:22:32 +01:00
Manuel Pégourié-Gonnard
fdbdd72b8b Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

closes #220
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
560fea3767 Add tests for verify callback
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
2015-09-01 17:24:42 +02:00