diff options
Diffstat (limited to '')
| -rwxr-xr-x | tests/cert-tests/pkcs1-pad.sh | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/tests/cert-tests/pkcs1-pad.sh b/tests/cert-tests/pkcs1-pad.sh new file mode 100755 index 0000000..c8f34e4 --- /dev/null +++ b/tests/cert-tests/pkcs1-pad.sh @@ -0,0 +1,109 @@ +#!/bin/sh + +# Copyright (C) 2004-2006, 2008-2010, 2012 Free Software Foundation, +# Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -e + +: ${srcdir=.} +: ${CERTTOOL=../../src/certtool${EXEEXT}} + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +export TZ="UTC" + +. ${srcdir}/../scripts/common.sh + +skip_if_no_datefudge + +TMPFILE1=pkcs1-pad.$$.tmp +TMPFILE2=pkcs1-pad-2.$$.tmp + +# Test 1, PKCS#1 pad digestAlgorithm.parameters + +EXPECT1=2002 + +datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok.pem" | tee $TMPFILE1 >/dev/null 2>&1 +datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken.pem" | tee $TMPFILE2 >/dev/null 2>&1 + +out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` +out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "` +out2fails=`grep 'Not verified.' $TMPFILE2 | wc -l | tr -d " "` + +if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT1}"; then + echo "$TMPFILE1 oks ${out1oks} fails ${out1fails} $TMPFILE2 oks ${out2oks} fails ${out2fails}" + echo "expected ${EXPECT1}" + echo "PKCS1-PAD1 FAIL" + exit 1 +fi + +rm -f $TMPFILE1 $TMPFILE2 + +echo "PKCS1-PAD1 OK" + +# Test 2, Bleichenbacher's Crypto 06 rump session + +EXPECT2=2002 + +datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok2.pem" | tee $TMPFILE1 >/dev/null 2>&1 +datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken2.pem" | tee $TMPFILE2 >/dev/null 2>&1 + +out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` +out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "` +out2fails=`grep 'Not verified.' $TMPFILE2 | wc -l | tr -d " "` + +if test "${out1oks}${out2oks}${out1fails}${out2fails}" != "${EXPECT2}"; then + echo "$TMPFILE1 oks ${out1oks} fails ${out1fails} $TMPFILE2 oks ${out2oks} fails ${out2fails}" + echo "expected ${EXPECT2}" + echo "PKCS1-PAD2 FAIL" + exit 1 +fi + +rm -f $TMPFILE1 $TMPFILE2 + +echo "PKCS1-PAD2 OK" + +# Test 3, forged Starfield certificate, +# by Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann. + + +datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken3.pem" | tee $TMPFILE1 >/dev/null 2>&1 + +out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` +out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "` + +if test ${out1fails} -lt 2 || test ${out1oks} != 0;then + echo "$TMPFILE1 oks ${out1oks} fails ${out1fails}" + echo "expected ${EXPECT3}" + echo "PKCS1-PAD3 FAIL" + exit 1 +fi + +rm -f $TMPFILE1 + +echo "PKCS1-PAD3 OK" + +# We're done. +exit 0 |