diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
| commit | 36082a2fe36ecd800d784ae44c14f1f18c66a7e9 (patch) | |
| tree | 6c68e0c0097987aff85a01dabddd34b862309a7c /tests/cert-tests/illegal-rsa.sh | |
| parent | Initial commit. (diff) | |
| download | gnutls28-36082a2fe36ecd800d784ae44c14f1f18c66a7e9.tar.xz gnutls28-36082a2fe36ecd800d784ae44c14f1f18c66a7e9.zip | |
Adding upstream version 3.7.9.upstream/3.7.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/cert-tests/illegal-rsa.sh')
| -rwxr-xr-x | tests/cert-tests/illegal-rsa.sh | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/tests/cert-tests/illegal-rsa.sh b/tests/cert-tests/illegal-rsa.sh new file mode 100755 index 0000000..d0cb611 --- /dev/null +++ b/tests/cert-tests/illegal-rsa.sh @@ -0,0 +1,81 @@ +#!/bin/sh + +# Copyright (C) 2016 Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} +: ${GREP=grep} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +TMPFILE=tmp-key.$$.p8 + +${VALGRIND} "${CERTTOOL}" -k --password 1234 --infile "${srcdir}/data/p8key-illegal.pem" +rc=$? +# We're done. +if test "${rc}" != "1"; then + echo "Error in importing illegal PKCS#8 key" + exit ${rc} +fi + +#check invalid RSA pem key. The key has even prime factor. +${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/key-illegal.pem" +rc=$? +# We're done. +if test "${rc}" != "1"; then + echo "Error in importing illegal RSA key" + exit ${rc} +fi + +#check invalid RSA pem key. The key has too large salt. +${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/key-illegal-rsa-pss.pem" +rc=$? +# We're done. +if test "${rc}" != "1"; then + echo "Error in importing illegal RSA-PSS key" + exit ${rc} +fi + +#sanity generation +${VALGRIND} "${CERTTOOL}" --generate-privkey --key-type rsa-pss --hash sha256 --salt-size 64 --bits 2048 >/dev/null +rc=$? +# We're done. +if test "${rc}" != "0"; then + echo "Error in generating an RSA-PSS key" + exit ${rc} +fi + +# generate illegal value +${VALGRIND} "${CERTTOOL}" --generate-privkey --key-type rsa-pss --hash sha256 --salt-size 1024 --bits 2048 >/dev/null +rc=$? +# We're done. +if test "${rc}" != "1"; then + echo "Error: allowed generation of an illegal key" + exit ${rc} +fi + +rm -f $TMPFILE + +exit 0 |