Commit Graph

23 Commits

Author SHA1 Message Date
Jaeden Amero
82e288adb6 Merge remote-tracking branch 'upstream-public/pr/1494' into mbedtls-2.1-proposed 2018-03-29 10:59:43 +01:00
Gilles Peskine
2a74061198 Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:28:33 +01:00
Jethro Beekman
1a886ff45f Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:03:30 -07:00
Manuel Pégourié-Gonnard
74b8ae89c6 x509: CRL: add tests for non-critical extension
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:48:04 +01:00
Manuel Pégourié-Gonnard
b0661769ab x509: CRL: reject unsupported critical extensions 2018-03-14 09:28:24 +01:00
Manuel Pégourié-Gonnard
8f29107430 Add missing dependency in test-certs Makefile 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard
93d828cc83 Add test for same CA with different keys
When a trusted CA is rolling its root keys, it could happen that for some
users the list of trusted roots contains two versions of the same CA with the
same name but different keys. Currently this is supported but wasn't tested.

Note: the intermediate file test-ca-alt.csr is commited on purpose, as not
commiting intermediate files causes make to regenerate files that we don't
want it to touch.
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
ecff9e9891 Add test for CA forgery attempt
As we accept EE certs that are explicitly trusted (in the list of trusted
roots) and usually look for parent by subject, and in the future we might want
to avoid checking the self-signature on trusted certs, there could a risk that we
incorrectly accept a cert that looks like a trusted root except it doesn't
have the same key. This test ensures this will never happen.
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
94ff1c62dc Add tests for flags passed to f_vrfy
The tests cover chains of length 0, 1 and 2, with one error, located at any of
the available levels in the chain. This exercises all three call sites of
f_vrfy (two in verify_top, one in verify_child). Chains of greater length
would not cover any new code path or behaviour that I can see.
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
92cd3fe7b5 Add test for bad signature with longer chain
This is one line that wasn't covered in verify_child()
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
3c873462a5 Add test for expired cert in longer chain
That's two lines that were not covered in verify_child()
2018-03-05 13:34:20 +01:00
Antonio Quartulli
ac857f3744 data_files/pkcs8-v2: add keys generated with PRF != SHA1
We now have support for the entire SHA family to be used as
PRF in PKCS#5 v2.0, therefore we need to add new keys to test
these new functionalities.

This patch adds the new keys in `tests/data_files` and
commands to generate them in `tests/data_files/Makefile`.

Note that the pkcs8 command in OpenSSL 1.0 called with
the -v2 argument generates keys using PKCS#5 v2.0 with SHA1
as PRF by default.

(This behaviour has changed in OpenSSL 1.1, where the exact same
command instead uses PKCS#5 v2.0 with SHA256)

The new keys are generated by specifying different PRFs with
-v2prf.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
Gilles Peskine
283a80d51f Merge remote-tracking branch 'upstream-public/pr/1108' into mbedtls-2.1 2017-11-28 18:31:28 +01:00
Hanno Becker
0d0422cbd0 Unify naming schemes for RSA keys 2017-10-06 14:09:58 +01:00
Hanno Becker
82027c1cd9 Don't use all_final as a target in tests/data_files/Makefile
The `neat` target in that Makefile assumes all_final to be a concatenation of
file names.
2017-10-06 14:05:13 +01:00
Hanno Becker
734b6d4527 Add suffix for 1024-bit RSA key files
Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original
1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename.
2017-10-06 14:05:04 +01:00
Hanno Becker
f5b1ea3707 Correct Makefile in tests/data_files
The documentation of the target `all_final` was no longer accurate, and numerous non-file targets were missing in the
.PHONY section.
2017-10-06 14:04:54 +01:00
Hanno Becker
9c22f5904a Add RSA key generation commands to test Makefile
This commit adds the commands used to generate the various RSA keys to tests/Makefile so that they can be easily
regenerated or modified, e.g. if larger key sizes or other encryption algorithms need to be tested in the future.
2017-10-06 14:03:53 +01:00
Hanno Becker
7de3ff36df Minor style and typo corrections 2017-10-04 14:51:32 +01:00
Hanno Becker
2b6c3f655a Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-10-04 14:36:38 +01:00
Gilles Peskine
9bb4f2835c Document test data makefile 2017-06-06 19:08:23 +02:00
Gilles Peskine
ae76599686 Test that SHA-1 defaults off
Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.
2017-06-06 19:08:23 +02:00
Gilles Peskine
83ed596d62 Added SHA256 test certificates
With SHA-1 deprecation, we need a few certificates using algorithms in
the default support list. Most tests still use SHA-1 though.

The generation process for the new certificates is recorded in the makefile.
2017-06-06 19:08:23 +02:00