diff options
Diffstat (limited to 'nss/gtests')
10 files changed, 610 insertions, 132 deletions
diff --git a/nss/gtests/mozpkix_gtest/pkixcheck_CheckIssuer_tests.cpp b/nss/gtests/mozpkix_gtest/pkixcheck_CheckIssuer_tests.cpp index bcc2c11..0513440 100644 --- a/nss/gtests/mozpkix_gtest/pkixcheck_CheckIssuer_tests.cpp +++ b/nss/gtests/mozpkix_gtest/pkixcheck_CheckIssuer_tests.cpp @@ -61,3 +61,31 @@ TEST_F(pkixcheck_CheckIssuer, EmptyIssuer) { ASSERT_EQ(Result::ERROR_EMPTY_ISSUER_NAME, CheckIssuer(EMPTY_NAME)); } + +TEST_F(pkixcheck_CheckIssuer, TrailingData) +{ + static const uint8_t validNameData[] = { + 0x30/*SEQUENCE*/, 0x02/*LENGTH=2*/, + 0x31, 0x00 // the contents of the sequence aren't validated + }; + static const Input validName(validNameData); + ASSERT_EQ(Success, CheckIssuer(validName)); + + static const uint8_t trailingDataData[] = { + 0x30/*SEQUENCE*/, 0x02/*LENGTH=2*/, + 0x31, 0x00, // the contents of the sequence aren't validated + 0x77 // trailing data is invalid + }; + static const Input trailingData(trailingDataData); + ASSERT_EQ(Result::ERROR_BAD_DER, CheckIssuer(trailingData)); +} + +TEST_F(pkixcheck_CheckIssuer, InvalidContents) +{ + static const uint8_t invalidContentsData[] = { + 0x31/*SET (should be SEQUENCE)*/, 0x02/*LENGTH=2*/, + 0x31, 0x00 + }; + static const Input invalidContents(invalidContentsData); + ASSERT_EQ(Result::ERROR_BAD_DER, CheckIssuer(invalidContents)); +} diff --git a/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp b/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp index b87f0a7..44e2810 100644 --- a/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp +++ b/nss/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp @@ -282,3 +282,19 @@ TEST_F(pkixcheck_CheckKeyUsage, unusedBitNotZero) ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeCA, &twoValueBytes, KeyUsage::digitalSignature)); } + +TEST_F(pkixcheck_CheckKeyUsage, trailingData) +{ + static uint8_t keyUsageWithTrailingDataData[] = { + 0x03/*BIT STRING*/, 0x02/*LENGTH=2*/, 7/*unused bits*/, 0x80, + // The BIT STRING has already ended, but there's trailing data + 0xab, 0xba + }; + static const Input keyUsageWithTrailingDataBytes(keyUsageWithTrailingDataData); + ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeEndEntity, + &keyUsageWithTrailingDataBytes, + KeyUsage::digitalSignature)); + ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeCA, + &keyUsageWithTrailingDataBytes, + KeyUsage::digitalSignature)); +} diff --git a/nss/gtests/mozpkix_gtest/pkixcheck_TLSFeaturesSatisfiedInternal_tests.cpp b/nss/gtests/mozpkix_gtest/pkixcheck_TLSFeaturesSatisfiedInternal_tests.cpp index 155a753..fb957f7 100644 --- a/nss/gtests/mozpkix_gtest/pkixcheck_TLSFeaturesSatisfiedInternal_tests.cpp +++ b/nss/gtests/mozpkix_gtest/pkixcheck_TLSFeaturesSatisfiedInternal_tests.cpp @@ -71,6 +71,11 @@ static const uint8_t zeroByteInteger[] = { 0x30, 0x02, 0x02, 0x00 }; +static const uint8_t trailingData[] = { + 0x30, 0x03, 0x02, 0x01, 0x05, // statusRequest + 0xe5, 0xe5, 0xe5 // trailing data +}; + static const TLSFeaturesTestParams TLSFEATURESSATISFIED_TEST_PARAMS[] = { @@ -87,6 +92,8 @@ static const TLSFeaturesTestParams Result::ERROR_REQUIRED_TLS_FEATURE_MISSING }, { BS(zeroByteInteger), Result::ERROR_REQUIRED_TLS_FEATURE_MISSING, Result::ERROR_REQUIRED_TLS_FEATURE_MISSING }, + { BS(trailingData), Result::ERROR_BAD_DER, + Result::ERROR_REQUIRED_TLS_FEATURE_MISSING }, }; class pkixcheck_TLSFeaturesSatisfiedInternal diff --git a/nss/gtests/mozpkix_gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp b/nss/gtests/mozpkix_gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp index c7e8236..8292510 100644 --- a/nss/gtests/mozpkix_gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp +++ b/nss/gtests/mozpkix_gtest/pkixocsp_VerifyEncodedOCSPResponse.cpp @@ -218,6 +218,7 @@ public: /*optional*/ const ByteString* certs = nullptr, /*optional*/ OCSPResponseExtension* singleExtensions = nullptr, /*optional*/ OCSPResponseExtension* responseExtensions = nullptr, + /*optional*/ const ByteString* trailingResponseData = nullptr, /*optional*/ DigestAlgorithm certIDHashAlgorithm = DigestAlgorithm::sha1, /*optional*/ ByteString certIDHashAlgorithmEncoded = ByteString()) { @@ -236,6 +237,7 @@ public: context.certs = certs; context.singleExtensions = singleExtensions; context.responseExtensions = responseExtensions; + context.trailingResponseData = trailingResponseData; context.certStatus = static_cast<uint8_t>(certStatus); context.thisUpdate = thisUpdate; @@ -430,17 +432,17 @@ TEST_F(pkixocsp_VerifyEncodedResponse_successful, check_validThrough) } } +// python DottedOIDToCode.py --tlv +// id_ocsp_singleExtensionSctList 1.3.6.1.4.1.11129.2.4.5 +static const uint8_t tlv_id_ocsp_singleExtensionSctList[] = { + 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x04, 0x05 +}; +static const uint8_t dummySctList[] = { + 0x01, 0x02, 0x03, 0x04, 0x05 +}; + TEST_F(pkixocsp_VerifyEncodedResponse_successful, ct_extension) { - // python DottedOIDToCode.py --tlv - // id_ocsp_singleExtensionSctList 1.3.6.1.4.1.11129.2.4.5 - static const uint8_t tlv_id_ocsp_singleExtensionSctList[] = { - 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x04, 0x05 - }; - static const uint8_t dummySctList[] = { - 0x01, 0x02, 0x03, 0x04, 0x05 - }; - OCSPResponseExtension ctExtension; ctExtension.id = BytesToByteString(tlv_id_ocsp_singleExtensionSctList); // SignedCertificateTimestampList structure is encoded as an OCTET STRING @@ -470,6 +472,35 @@ TEST_F(pkixocsp_VerifyEncodedResponse_successful, ct_extension) trustDomain.signedCertificateTimestamps); } +TEST_F(pkixocsp_VerifyEncodedResponse_successful, trailingResponseData) +{ + OCSPResponseExtension ctExtension; + ctExtension.id = BytesToByteString(tlv_id_ocsp_singleExtensionSctList); + // SignedCertificateTimestampList structure is encoded as an OCTET STRING + // within the extension value (see RFC 6962 section 3.3). + // pkix decodes it internally and returns the actual structure. + ctExtension.value = TLV(der::OCTET_STRING, BytesToByteString(dummySctList)); + ByteString trailingResponseData(3, 0x20); + ByteString responseString( + CreateEncodedOCSPSuccessfulResponse( + OCSPResponseContext::good, *endEntityCertID, byKey, + *rootKeyPair, oneDayBeforeNow, + oneDayBeforeNow, &oneDayAfterNow, + sha256WithRSAEncryption(), + /*certs*/ nullptr, + &ctExtension, + /*responseExtensions*/ nullptr, + &trailingResponseData)); + Input response; + ASSERT_EQ(Success, + response.Init(responseString.data(), responseString.length())); + bool expired; + ASSERT_EQ(Result::ERROR_OCSP_MALFORMED_RESPONSE, + VerifyEncodedOCSPResponse(trustDomain, *endEntityCertID, + Now(), END_ENTITY_MAX_LIFETIME_IN_DAYS, + response, expired)); +} + struct CertIDHashAlgorithm { DigestAlgorithm hashAlgorithm; @@ -519,6 +550,7 @@ TEST_P(pkixocsp_VerifyEncodedResponse_CertIDHashAlgorithm, CertIDHashAlgorithm) nullptr, nullptr, nullptr, + nullptr, GetParam().hashAlgorithm, GetParam().encodedHashAlgorithm)); Input response; diff --git a/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc b/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc index 12adcc5..6ed8894 100644 --- a/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc +++ b/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc @@ -649,30 +649,26 @@ class TestAgent { return SECSuccess; } - static SECStatus certCompressionShrinkDecode( - const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { + static SECStatus certCompressionShrinkDecode(const SECItem* input, + unsigned char* output, + size_t outputLen, + size_t* usedLen) { if (input == NULL || input->data == NULL) { PR_SetError(SEC_ERROR_INVALID_ARGS, 0); return SECFailure; } - SECITEM_AllocItem(NULL, output, input->len + 2); - if (output == NULL || output->data == NULL) { - return SECFailure; - } - - if (expectedLenDecodedCertificate != output->len) { - std::cerr << "Cannot decompress certificate message." << std::endl; + if (output == NULL || outputLen != input->len + 2) { return SECFailure; } - output->data[0] = 0; - output->data[1] = 0; + output[0] = 0; + output[1] = 0; for (size_t i = 0; i < input->len; i++) { - output->data[i + 2] = input->data[i]; + output[i + 2] = input->data[i]; } + *usedLen = outputLen; return SECSuccess; } @@ -704,9 +700,10 @@ class TestAgent { return SECSuccess; } - static SECStatus certCompressionExpandDecode( - const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { + static SECStatus certCompressionExpandDecode(const SECItem* input, + unsigned char* output, + size_t outputLen, + size_t* usedLen) { if (input == NULL || input->data == NULL) { PR_SetError(SEC_ERROR_INVALID_ARGS, 0); return SECFailure; @@ -718,9 +715,7 @@ class TestAgent { return SECFailure; } - SECITEM_AllocItem(NULL, output, input->len - 4); - - if (output == NULL || output->data == NULL) { + if (output == NULL || outputLen != input->len - 4) { return SECFailure; } @@ -731,14 +726,11 @@ class TestAgent { return SECFailure; } - if (expectedLenDecodedCertificate != output->len) { - std::cerr << "Cannot decompress certificate message." << std::endl; - return SECFailure; + for (size_t i = 0; i < outputLen; i++) { + output[i] = input->data[i + 4]; } - for (size_t i = 0; i < output->len; i++) { - output->data[i] = input->data[i + 4]; - } + *usedLen = outputLen; return SECSuccess; } @@ -772,9 +764,10 @@ class TestAgent { return SECSuccess; } - static SECStatus certCompressionRandomDecode( - const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { + static SECStatus certCompressionRandomDecode(const SECItem* input, + unsigned char* output, + size_t outputLen, + size_t* usedLen) { if (input == NULL || input->data == NULL) { PR_SetError(SEC_ERROR_INVALID_ARGS, 0); return SECFailure; @@ -785,20 +778,16 @@ class TestAgent { std::cerr << "Certificate is too short. " << std::endl; return SECFailure; } - SECITEM_AllocItem(NULL, output, input->len - 1); - if (output == NULL || output->data == NULL) { + if (output == NULL || outputLen != input->len - 1) { return SECFailure; } - if (expectedLenDecodedCertificate != output->len) { - std::cerr << "Cannot decompress certificate message." << std::endl; - return SECFailure; + for (size_t i = 0; i < outputLen; i++) { + output[i] = input->data[i + 1]; } - for (size_t i = 0; i < output->len; i++) { - output->data[i] = input->data[i + 1]; - } + *usedLen = outputLen; return SECSuccess; } diff --git a/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc b/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc index cf35958..22d2dc6 100644 --- a/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc +++ b/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc @@ -74,20 +74,45 @@ static const Pkcs11EcdsaTestParams kEcdsaVectors[] = { DataBuffer(kP256Data, sizeof(kP256Data)), DataBuffer(kP256Signature, sizeof(kP256Signature))}}, {SEC_OID_SHA256, - {DataBuffer(kP256Pkcs8ZeroPad, sizeof(kP256Pkcs8ZeroPad)), - DataBuffer(kP256SpkiZeroPad, sizeof(kP256SpkiZeroPad)), - DataBuffer(kP256DataZeroPad, sizeof(kP256DataZeroPad)), - DataBuffer(kP256SignatureZeroPad, sizeof(kP256SignatureZeroPad))}}, + {DataBuffer(kP256Pkcs8KeyLen30, sizeof(kP256Pkcs8KeyLen30)), + DataBuffer(kP256SpkiKeyLen, sizeof(kP256SpkiKeyLen)), + DataBuffer(kP256DataKeyLen, sizeof(kP256DataKeyLen)), + DataBuffer(kP256SignatureKeyLen, sizeof(kP256SignatureKeyLen))}}, + {SEC_OID_SHA256, + {DataBuffer(kP256Pkcs8KeyLen33, sizeof(kP256Pkcs8KeyLen33)), + DataBuffer(kP256SpkiKeyLen, sizeof(kP256SpkiKeyLen)), + DataBuffer(kP256DataKeyLen, sizeof(kP256DataKeyLen)), + DataBuffer(kP256SignatureKeyLen, sizeof(kP256SignatureKeyLen))}}, {SEC_OID_SHA384, {DataBuffer(kP384Pkcs8, sizeof(kP384Pkcs8)), DataBuffer(kP384Spki, sizeof(kP384Spki)), DataBuffer(kP384Data, sizeof(kP384Data)), DataBuffer(kP384Signature, sizeof(kP384Signature))}}, + {SEC_OID_SHA256, + {DataBuffer(kP384Pkcs8KeyLen46, sizeof(kP384Pkcs8KeyLen46)), + DataBuffer(kP384SpkiKeyLen, sizeof(kP384SpkiKeyLen)), + DataBuffer(kP384DataKeyLen, sizeof(kP384DataKeyLen)), + DataBuffer(kP384SignatureKeyLen, sizeof(kP384SignatureKeyLen))}}, + {SEC_OID_SHA256, + {DataBuffer(kP384Pkcs8KeyLen49, sizeof(kP384Pkcs8KeyLen49)), + DataBuffer(kP384SpkiKeyLen, sizeof(kP384SpkiKeyLen)), + DataBuffer(kP384DataKeyLen, sizeof(kP384DataKeyLen)), + DataBuffer(kP384SignatureKeyLen, sizeof(kP384SignatureKeyLen))}}, {SEC_OID_SHA512, {DataBuffer(kP521Pkcs8, sizeof(kP521Pkcs8)), DataBuffer(kP521Spki, sizeof(kP521Spki)), DataBuffer(kP521Data, sizeof(kP521Data)), - DataBuffer(kP521Signature, sizeof(kP521Signature))}}}; + DataBuffer(kP521Signature, sizeof(kP521Signature))}}, + {SEC_OID_SHA256, + {DataBuffer(kP521Pkcs8KeyLen64, sizeof(kP521Pkcs8KeyLen64)), + DataBuffer(kP521SpkiKeyLen, sizeof(kP521SpkiKeyLen)), + DataBuffer(kP521DataKeyLen, sizeof(kP521DataKeyLen)), + DataBuffer(kP521SignatureKeyLen, sizeof(kP521SignatureKeyLen))}}, + {SEC_OID_SHA256, + {DataBuffer(kP521Pkcs8KeyLen67, sizeof(kP521Pkcs8KeyLen67)), + DataBuffer(kP521SpkiKeyLen, sizeof(kP521SpkiKeyLen)), + DataBuffer(kP521DataKeyLen, sizeof(kP521DataKeyLen)), + DataBuffer(kP521SignatureKeyLen, sizeof(kP521SignatureKeyLen))}}}; INSTANTIATE_TEST_SUITE_P(EcdsaSignVerify, Pkcs11EcdsaTest, ::testing::ValuesIn(kEcdsaVectors)); @@ -326,4 +351,56 @@ INSTANTIATE_TEST_SUITE_P(Pkcs11EcdsaRoundtripTest, Pkcs11EcdsaRoundtripTest, SEC_OID_SECG_EC_SECP521R1, SEC_OID_CURVE25519)); +class Pkcs11EcdsaUnpaddedSignatureTest + : public Pkcs11EcdsaTestBase, + public ::testing::WithParamInterface<Pkcs11EcdsaTestParams> { + public: + Pkcs11EcdsaUnpaddedSignatureTest() + : Pkcs11EcdsaTestBase(GetParam().hash_oid_) {} +}; + +static const Pkcs11EcdsaTestParams kEcdsaUnpaddedSignaturesVectors[] = { + {SEC_OID_SHA512, + {DataBuffer(NULL, 0), + DataBuffer(kP256SpkiUnpaddedSig, sizeof(kP256SpkiUnpaddedSig)), + DataBuffer(kP256DataUnpaddedSigLong, sizeof(kP256DataUnpaddedSigLong)), + DataBuffer(kP256SignatureUnpaddedSigLong, + sizeof(kP256SignatureUnpaddedSigLong))}}, + {SEC_OID_SHA512, + {DataBuffer(NULL, 0), + DataBuffer(kP256SpkiUnpaddedSig, sizeof(kP256SpkiUnpaddedSig)), + DataBuffer(kP256DataUnpaddedSigShort, sizeof(kP256DataUnpaddedSigShort)), + DataBuffer(kP256SignatureUnpaddedSigShort, + sizeof(kP256SignatureUnpaddedSigShort))}}, + {SEC_OID_SHA512, + {DataBuffer(NULL, 0), + DataBuffer(kP384SpkiUnpaddedSig, sizeof(kP384SpkiUnpaddedSig)), + DataBuffer(kP384DataUnpaddedSigLong, sizeof(kP384DataUnpaddedSigLong)), + DataBuffer(kP384SignatureUnpaddedSigLong, + sizeof(kP384SignatureUnpaddedSigLong))}}, + {SEC_OID_SHA512, + {DataBuffer(NULL, 0), + DataBuffer(kP384SpkiUnpaddedSig, sizeof(kP384SpkiUnpaddedSig)), + DataBuffer(kP384DataUnpaddedSigShort, sizeof(kP384DataUnpaddedSigShort)), + DataBuffer(kP384SignatureUnpaddedSigShort, + sizeof(kP384SignatureUnpaddedSigShort))}}, + {SEC_OID_SHA512, + {DataBuffer(NULL, 0), + DataBuffer(kP521SpkiUnpaddedSig, sizeof(kP521SpkiUnpaddedSig)), + DataBuffer(kP521DataUnpaddedSigLong, sizeof(kP521DataUnpaddedSigLong)), + DataBuffer(kP521SignatureUnpaddedSigLong, + sizeof(kP521SignatureUnpaddedSigLong))}}, + {SEC_OID_SHA512, + {DataBuffer(NULL, 0), + DataBuffer(kP521SpkiUnpaddedSig, sizeof(kP521SpkiUnpaddedSig)), + DataBuffer(kP521DataUnpaddedSigShort, sizeof(kP521DataUnpaddedSigShort)), + DataBuffer(kP521SignatureUnpaddedSigShort, + sizeof(kP521SignatureUnpaddedSigShort))}}}; + +TEST_P(Pkcs11EcdsaUnpaddedSignatureTest, Verify) { + Verify(GetParam().sig_params_); +} +INSTANTIATE_TEST_SUITE_P(EcdsaVerifyUnpaddedSignatures, + Pkcs11EcdsaUnpaddedSignatureTest, + ::testing::ValuesIn(kEcdsaUnpaddedSignaturesVectors)); } // namespace nss_test diff --git a/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h b/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h index 9f625dd..6075c62 100644 --- a/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h +++ b/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h @@ -130,37 +130,197 @@ const uint8_t kP521Signature[] = { 0xd8, 0xb8, 0xc3, 0x7f, 0xf0, 0x77, 0x7b, 0x1a, 0x20, 0xf8, 0xcc, 0xb1, 0xdc, 0xcc, 0x43, 0x99, 0x7f, 0x1e, 0xe0, 0xe4, 0x4d, 0xa4, 0xa6, 0x7a}; -// ECDSA P256 test case with a leading zero in the private key -const uint8_t kP256Pkcs8ZeroPad[] = { - 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, +// ECDSA P256 key of length 30 with leading zeros stripped. +const uint8_t kP256Pkcs8KeyLen30[] = { + 0x30, 0x81, 0x85, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, - 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, - 0x00, 0x16, 0x40, 0x71, 0x99, 0xe3, 0x07, 0xaa, 0xdc, 0x98, 0x0b, 0x21, - 0x62, 0xce, 0x66, 0x1f, 0xe4, 0x1a, 0x86, 0x9a, 0x23, 0x33, 0xf6, 0x72, - 0xb4, 0xa3, 0xdc, 0x3b, 0x50, 0xba, 0x20, 0xce, 0xa1, 0x44, 0x03, 0x42, - 0x00, 0x04, 0x53, 0x11, 0x9a, 0x86, 0xa0, 0xc2, 0x99, 0x4f, 0xa6, 0xf8, - 0x08, 0xf8, 0x61, 0x01, 0x0e, 0x6b, 0x04, 0x9c, 0xd8, 0x15, 0x63, 0x2e, - 0xd1, 0x38, 0x00, 0x10, 0xee, 0xe4, 0xc9, 0x11, 0xff, 0x05, 0xba, 0xd6, - 0xcd, 0x94, 0xea, 0x00, 0xec, 0x85, 0x26, 0x2c, 0xbd, 0x4d, 0x85, 0xbd, - 0x20, 0xce, 0xa5, 0xb1, 0x3f, 0x4d, 0x82, 0x9b, 0x9f, 0x28, 0x2e, 0xd3, - 0x8a, 0x87, 0x1f, 0x89, 0xf8, 0x02}; -const uint8_t kP256SpkiZeroPad[] = { + 0x03, 0x01, 0x07, 0x04, 0x6b, 0x30, 0x69, 0x02, 0x01, 0x01, 0x04, 0x1e, + 0x7d, 0x75, 0x44, 0xaa, 0x3b, 0x34, 0x5e, 0x0e, 0x70, 0x99, 0x02, 0xd0, + 0x2e, 0xed, 0x45, 0x98, 0x9f, 0x03, 0x37, 0x64, 0x03, 0xe4, 0x3a, 0x11, + 0x73, 0xe5, 0x52, 0x0f, 0x5b, 0xf4, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, + 0x44, 0x4c, 0x75, 0xd3, 0xc9, 0x55, 0xdd, 0x5a, 0x3b, 0xa1, 0xfb, 0x91, + 0xff, 0x74, 0x5f, 0x10, 0x8b, 0xe9, 0xd0, 0xad, 0x92, 0xf7, 0xd7, 0x66, + 0x78, 0x63, 0xba, 0x9f, 0xca, 0x58, 0xcf, 0xd3, 0x94, 0x24, 0xb8, 0xf0, + 0x86, 0x52, 0x45, 0xcb, 0xbb, 0x9e, 0x83, 0x28, 0x83, 0x1f, 0x1d, 0x29, + 0x4b, 0xca, 0xe0, 0x8b, 0x8c, 0x61, 0x1c, 0x43, 0x61, 0xce, 0x93, 0xba, + 0x1c, 0x44, 0xf1, 0xb0}; + +// ECDSA P256 key of length 33 with an extra leading zero. +// Arithmetically equivalent to kP256Pkcs8KeyLen30. +const uint8_t kP256Pkcs8KeyLen33[] = { + 0x30, 0x81, 0x88, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x04, 0x6e, 0x30, 0x6c, 0x02, 0x01, 0x01, 0x04, 0x21, + 0x00, 0x00, 0x00, 0x7d, 0x75, 0x44, 0xaa, 0x3b, 0x34, 0x5e, 0x0e, 0x70, + 0x99, 0x02, 0xd0, 0x2e, 0xed, 0x45, 0x98, 0x9f, 0x03, 0x37, 0x64, 0x03, + 0xe4, 0x3a, 0x11, 0x73, 0xe5, 0x52, 0x0f, 0x5b, 0xf4, 0xa1, 0x44, 0x03, + 0x42, 0x00, 0x04, 0x44, 0x4c, 0x75, 0xd3, 0xc9, 0x55, 0xdd, 0x5a, 0x3b, + 0xa1, 0xfb, 0x91, 0xff, 0x74, 0x5f, 0x10, 0x8b, 0xe9, 0xd0, 0xad, 0x92, + 0xf7, 0xd7, 0x66, 0x78, 0x63, 0xba, 0x9f, 0xca, 0x58, 0xcf, 0xd3, 0x94, + 0x24, 0xb8, 0xf0, 0x86, 0x52, 0x45, 0xcb, 0xbb, 0x9e, 0x83, 0x28, 0x83, + 0x1f, 0x1d, 0x29, 0x4b, 0xca, 0xe0, 0x8b, 0x8c, 0x61, 0x1c, 0x43, 0x61, + 0xce, 0x93, 0xba, 0x1c, 0x44, 0xf1, 0xb0}; + +// SPKI for kP256Pkcs8KeyLen30 / kP256Pkcs8KeyLen33 +const uint8_t kP256SpkiKeyLen[] = { 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, - 0x42, 0x00, 0x04, 0x53, 0x11, 0x9a, 0x86, 0xa0, 0xc2, 0x99, 0x4f, 0xa6, - 0xf8, 0x08, 0xf8, 0x61, 0x01, 0x0e, 0x6b, 0x04, 0x9c, 0xd8, 0x15, 0x63, - 0x2e, 0xd1, 0x38, 0x00, 0x10, 0xee, 0xe4, 0xc9, 0x11, 0xff, 0x05, 0xba, - 0xd6, 0xcd, 0x94, 0xea, 0x00, 0xec, 0x85, 0x26, 0x2c, 0xbd, 0x4d, 0x85, - 0xbd, 0x20, 0xce, 0xa5, 0xb1, 0x3f, 0x4d, 0x82, 0x9b, 0x9f, 0x28, 0x2e, - 0xd3, 0x8a, 0x87, 0x1f, 0x89, 0xf8, 0x02}; -const uint8_t kP256DataZeroPad[] = {'s', 'a', 'm', 'p', 'l', 'e'}; -const uint8_t kP256SignatureZeroPad[] = { - 0xa6, 0xf4, 0xe4, 0xa8, 0x3f, 0x03, 0x59, 0x89, 0x60, 0x53, 0xe7, - 0xdc, 0xb5, 0xbe, 0x78, 0xaf, 0xc1, 0xca, 0xc0, 0x65, 0xba, 0xa4, - 0x3c, 0xf1, 0xe4, 0xae, 0xe3, 0xba, 0x22, 0x3d, 0xac, 0x9d, 0x6d, - 0x1b, 0x26, 0x00, 0xcf, 0x47, 0xa1, 0xe1, 0x04, 0x21, 0x8d, 0x0b, - 0xbb, 0x16, 0xfa, 0x3e, 0x59, 0x32, 0x01, 0xb0, 0x45, 0x3e, 0x27, - 0xa4, 0xc4, 0xfd, 0x31, 0xc9, 0x1a, 0x8e, 0x74, 0xd8}; + 0x42, 0x00, 0x04, 0x44, 0x4c, 0x75, 0xd3, 0xc9, 0x55, 0xdd, 0x5a, 0x3b, + 0xa1, 0xfb, 0x91, 0xff, 0x74, 0x5f, 0x10, 0x8b, 0xe9, 0xd0, 0xad, 0x92, + 0xf7, 0xd7, 0x66, 0x78, 0x63, 0xba, 0x9f, 0xca, 0x58, 0xcf, 0xd3, 0x94, + 0x24, 0xb8, 0xf0, 0x86, 0x52, 0x45, 0xcb, 0xbb, 0x9e, 0x83, 0x28, 0x83, + 0x1f, 0x1d, 0x29, 0x4b, 0xca, 0xe0, 0x8b, 0x8c, 0x61, 0x1c, 0x43, 0x61, + 0xce, 0x93, 0xba, 0x1c, 0x44, 0xf1, 0xb0}; + +// Signature from kP256Pkcs8KeyLen30 / kP256Pkcs8KeyLen33 +const uint8_t kP256DataKeyLen[] = {'s', 'a', 'm', 'p', 'l', 'e'}; +const uint8_t kP256SignatureKeyLen[] = { + 0x40, 0x5f, 0x6f, 0x44, 0xc0, 0x94, 0xf8, 0xfd, 0xa0, 0xac, 0xb7, + 0x25, 0x7b, 0x0e, 0x99, 0x33, 0x80, 0xfc, 0x5b, 0x37, 0xd6, 0xfa, + 0x42, 0xb9, 0xfb, 0xd1, 0xdd, 0x0c, 0xfa, 0x3d, 0x01, 0x88, 0x42, + 0x46, 0x28, 0x0c, 0xc9, 0x4f, 0xe7, 0x95, 0xd4, 0x88, 0x3b, 0x2f, + 0x58, 0x23, 0x15, 0x1e, 0x44, 0xca, 0xab, 0x0b, 0x61, 0x32, 0x76, + 0xe6, 0xab, 0x3e, 0xfd, 0x23, 0x86, 0xfd, 0xb6, 0x12, +}; + +// ECDSA P384 key of length 46 with leading zeros stripped. +const uint8_t kP384Pkcs8KeyLen46[] = { + 0x30, 0x81, 0xb4, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, + 0x04, 0x81, 0x9c, 0x30, 0x81, 0x99, 0x02, 0x01, 0x01, 0x04, 0x2e, 0x92, + 0x62, 0x5a, 0x47, 0x27, 0x34, 0xe3, 0x95, 0x93, 0x02, 0x44, 0xc0, 0x56, + 0x8a, 0x5c, 0xaa, 0x0f, 0x51, 0xd0, 0xf2, 0xc1, 0xb5, 0x4f, 0xfd, 0x59, + 0xbb, 0x6d, 0x7a, 0x81, 0x55, 0x55, 0xa0, 0xbb, 0x00, 0xcf, 0x4a, 0x3a, + 0xca, 0xa0, 0xb6, 0xb3, 0xe6, 0x95, 0xa5, 0x73, 0xdc, 0xa1, 0x64, 0x03, + 0x62, 0x00, 0x04, 0xb8, 0xcf, 0x04, 0xee, 0x4b, 0x18, 0xdf, 0xde, 0x02, + 0x23, 0xd4, 0x82, 0x1b, 0x18, 0x92, 0xf7, 0x4e, 0x60, 0x72, 0xb4, 0x75, + 0x47, 0x5c, 0xd2, 0x00, 0x87, 0x03, 0xfd, 0x6f, 0x89, 0x6f, 0x70, 0xea, + 0x2e, 0xd3, 0xfb, 0x91, 0x90, 0xcf, 0x23, 0x55, 0x7d, 0xf5, 0x2b, 0xfa, + 0x99, 0xd3, 0xb2, 0xbe, 0xb6, 0x48, 0x56, 0xe9, 0x7a, 0x59, 0xeb, 0x88, + 0x2f, 0x4c, 0x1b, 0x65, 0xdd, 0x2e, 0xeb, 0x67, 0xfe, 0xf7, 0x96, 0x95, + 0xa7, 0x19, 0xb4, 0x23, 0x12, 0xa0, 0xd6, 0xac, 0x2c, 0x0d, 0x66, 0x81, + 0x2c, 0xf4, 0x95, 0x99, 0x7c, 0x27, 0x4b, 0xbb, 0xfb, 0xd1, 0x4c, 0x26, + 0x57, 0xa7, 0xd4}; + +// ECDSA P384 key of length 49 with an extra leading zero. +// Arithmetically equivalent to kP384Pkcs8KeyLen46. +const uint8_t kP384Pkcs8KeyLen49[] = { + 0x30, 0x81, 0xb7, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, + 0x04, 0x81, 0x9f, 0x30, 0x81, 0x9c, 0x02, 0x01, 0x01, 0x04, 0x31, 0x00, + 0x00, 0x00, 0x92, 0x62, 0x5a, 0x47, 0x27, 0x34, 0xe3, 0x95, 0x93, 0x02, + 0x44, 0xc0, 0x56, 0x8a, 0x5c, 0xaa, 0x0f, 0x51, 0xd0, 0xf2, 0xc1, 0xb5, + 0x4f, 0xfd, 0x59, 0xbb, 0x6d, 0x7a, 0x81, 0x55, 0x55, 0xa0, 0xbb, 0x00, + 0xcf, 0x4a, 0x3a, 0xca, 0xa0, 0xb6, 0xb3, 0xe6, 0x95, 0xa5, 0x73, 0xdc, + 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xb8, 0xcf, 0x04, 0xee, 0x4b, 0x18, + 0xdf, 0xde, 0x02, 0x23, 0xd4, 0x82, 0x1b, 0x18, 0x92, 0xf7, 0x4e, 0x60, + 0x72, 0xb4, 0x75, 0x47, 0x5c, 0xd2, 0x00, 0x87, 0x03, 0xfd, 0x6f, 0x89, + 0x6f, 0x70, 0xea, 0x2e, 0xd3, 0xfb, 0x91, 0x90, 0xcf, 0x23, 0x55, 0x7d, + 0xf5, 0x2b, 0xfa, 0x99, 0xd3, 0xb2, 0xbe, 0xb6, 0x48, 0x56, 0xe9, 0x7a, + 0x59, 0xeb, 0x88, 0x2f, 0x4c, 0x1b, 0x65, 0xdd, 0x2e, 0xeb, 0x67, 0xfe, + 0xf7, 0x96, 0x95, 0xa7, 0x19, 0xb4, 0x23, 0x12, 0xa0, 0xd6, 0xac, 0x2c, + 0x0d, 0x66, 0x81, 0x2c, 0xf4, 0x95, 0x99, 0x7c, 0x27, 0x4b, 0xbb, 0xfb, + 0xd1, 0x4c, 0x26, 0x57, 0xa7, 0xd4}; +const uint8_t kP384SpkiKeyLen[] = { + 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, + 0xb8, 0xcf, 0x04, 0xee, 0x4b, 0x18, 0xdf, 0xde, 0x02, 0x23, 0xd4, 0x82, + 0x1b, 0x18, 0x92, 0xf7, 0x4e, 0x60, 0x72, 0xb4, 0x75, 0x47, 0x5c, 0xd2, + 0x00, 0x87, 0x03, 0xfd, 0x6f, 0x89, 0x6f, 0x70, 0xea, 0x2e, 0xd3, 0xfb, + 0x91, 0x90, 0xcf, 0x23, 0x55, 0x7d, 0xf5, 0x2b, 0xfa, 0x99, 0xd3, 0xb2, + 0xbe, 0xb6, 0x48, 0x56, 0xe9, 0x7a, 0x59, 0xeb, 0x88, 0x2f, 0x4c, 0x1b, + 0x65, 0xdd, 0x2e, 0xeb, 0x67, 0xfe, 0xf7, 0x96, 0x95, 0xa7, 0x19, 0xb4, + 0x23, 0x12, 0xa0, 0xd6, 0xac, 0x2c, 0x0d, 0x66, 0x81, 0x2c, 0xf4, 0x95, + 0x99, 0x7c, 0x27, 0x4b, 0xbb, 0xfb, 0xd1, 0x4c, 0x26, 0x57, 0xa7, 0xd4, +}; +const uint8_t kP384DataKeyLen[] = {'s', 'a', 'm', 'p', 'l', 'e'}; +const uint8_t kP384SignatureKeyLen[] = { + 0xd7, 0xb7, 0x2a, 0x78, 0x49, 0x7f, 0xe9, 0x27, 0x28, 0x2e, 0x4b, 0x84, + 0x38, 0x6c, 0xfa, 0x50, 0xcf, 0x81, 0x9b, 0x18, 0x10, 0xf6, 0x72, 0xb6, + 0xce, 0xe1, 0xf3, 0xab, 0xb0, 0x33, 0x93, 0xd8, 0x77, 0x51, 0xc7, 0x6c, + 0x31, 0xf4, 0x09, 0x5b, 0xeb, 0xe0, 0x05, 0xac, 0x9f, 0x8e, 0xc9, 0xb0, + 0xa5, 0xea, 0x0c, 0x85, 0xf3, 0x29, 0xb1, 0x0f, 0x08, 0xb1, 0x33, 0x06, + 0xf0, 0x89, 0xe4, 0x51, 0x54, 0xed, 0x98, 0xf3, 0x83, 0x05, 0xa6, 0xa5, + 0xd3, 0x1d, 0xef, 0xde, 0xab, 0x01, 0xea, 0x6e, 0x83, 0x31, 0xf1, 0x89, + 0xb1, 0x13, 0x55, 0x7d, 0x18, 0xbd, 0xf0, 0xee, 0x91, 0x01, 0x11, 0x21, +}; + +// ECDSA P521 key of length 64 with leading zeros stripped. +const uint8_t kP521Pkcs8KeyLen64[] = { + 0x30, 0x81, 0xec, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, + 0x04, 0x81, 0xd4, 0x30, 0x81, 0xd1, 0x02, 0x01, 0x01, 0x04, 0x40, 0xcf, + 0x70, 0xc4, 0x84, 0x8c, 0x95, 0x94, 0x71, 0x19, 0x51, 0xf0, 0x1d, 0x72, + 0xae, 0xd4, 0xc8, 0x25, 0xb1, 0x63, 0x96, 0x93, 0xab, 0x9f, 0x5e, 0x1c, + 0xee, 0x2e, 0xd5, 0x98, 0x9d, 0x18, 0xe1, 0x1d, 0x10, 0x77, 0xbc, 0xfe, + 0x82, 0xcb, 0x8a, 0x47, 0x6c, 0x8d, 0x87, 0x9e, 0x42, 0x9a, 0x3e, 0x4a, + 0x95, 0x3b, 0x8c, 0x66, 0x7a, 0x17, 0x82, 0x17, 0x4f, 0x29, 0x56, 0x7b, + 0xa2, 0xba, 0x84, 0xa1, 0x81, 0x89, 0x03, 0x81, 0x86, 0x00, 0x04, 0x00, + 0x65, 0x92, 0x0a, 0xd7, 0xa2, 0x34, 0xad, 0xf7, 0x13, 0x8b, 0xee, 0x05, + 0x61, 0xb9, 0xb4, 0x8f, 0xd4, 0x45, 0x69, 0xd9, 0x32, 0x94, 0x2f, 0xec, + 0xff, 0xa6, 0x7a, 0xa9, 0x41, 0xa1, 0x82, 0x56, 0xd6, 0xe7, 0x3d, 0x65, + 0xb9, 0x5a, 0x8c, 0xaf, 0x10, 0x93, 0x69, 0xe8, 0xdf, 0xc3, 0xb6, 0x99, + 0x0d, 0xca, 0x75, 0xc8, 0x94, 0x68, 0x97, 0xed, 0x3e, 0xd1, 0x00, 0x24, + 0x36, 0x71, 0xee, 0x39, 0xa4, 0x00, 0xb1, 0x8b, 0x5d, 0xf4, 0xe5, 0x71, + 0x70, 0xec, 0x4f, 0x5d, 0x59, 0x03, 0x17, 0xbd, 0xa6, 0x23, 0x56, 0xcf, + 0xb1, 0x82, 0x65, 0x04, 0xd7, 0x1a, 0x5c, 0x9e, 0x03, 0x73, 0xc6, 0x04, + 0x2f, 0x68, 0xc8, 0xab, 0x61, 0x5a, 0x45, 0x93, 0x1c, 0xfe, 0x65, 0x75, + 0x0e, 0x38, 0x23, 0x74, 0xbe, 0xa9, 0x80, 0xfe, 0x1b, 0x95, 0x14, 0xdc, + 0x5e, 0xa0, 0xd8, 0x6e, 0x0c, 0x81, 0xc9, 0x6c, 0x20, 0x20, 0xc1}; +// ECDSA P521 key of length 67 with an extra leading zero. +// Arithmetically equivalent to kP521Pkcs8KeyLen64. +const uint8_t kP521Pkcs8KeyLen67[] = { + 0x30, 0x81, 0xef, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, + 0x04, 0x81, 0xd7, 0x30, 0x81, 0xd4, 0x02, 0x01, 0x01, 0x04, 0x43, 0x00, + 0x00, 0x00, 0xcf, 0x70, 0xc4, 0x84, 0x8c, 0x95, 0x94, 0x71, 0x19, 0x51, + 0xf0, 0x1d, 0x72, 0xae, 0xd4, 0xc8, 0x25, 0xb1, 0x63, 0x96, 0x93, 0xab, + 0x9f, 0x5e, 0x1c, 0xee, 0x2e, 0xd5, 0x98, 0x9d, 0x18, 0xe1, 0x1d, 0x10, + 0x77, 0xbc, 0xfe, 0x82, 0xcb, 0x8a, 0x47, 0x6c, 0x8d, 0x87, 0x9e, 0x42, + 0x9a, 0x3e, 0x4a, 0x95, 0x3b, 0x8c, 0x66, 0x7a, 0x17, 0x82, 0x17, 0x4f, + 0x29, 0x56, 0x7b, 0xa2, 0xba, 0x84, 0xa1, 0x81, 0x89, 0x03, 0x81, 0x86, + 0x00, 0x04, 0x00, 0x65, 0x92, 0x0a, 0xd7, 0xa2, 0x34, 0xad, 0xf7, 0x13, + 0x8b, 0xee, 0x05, 0x61, 0xb9, 0xb4, 0x8f, 0xd4, 0x45, 0x69, 0xd9, 0x32, + 0x94, 0x2f, 0xec, 0xff, 0xa6, 0x7a, 0xa9, 0x41, 0xa1, 0x82, 0x56, 0xd6, + 0xe7, 0x3d, 0x65, 0xb9, 0x5a, 0x8c, 0xaf, 0x10, 0x93, 0x69, 0xe8, 0xdf, + 0xc3, 0xb6, 0x99, 0x0d, 0xca, 0x75, 0xc8, 0x94, 0x68, 0x97, 0xed, 0x3e, + 0xd1, 0x00, 0x24, 0x36, 0x71, 0xee, 0x39, 0xa4, 0x00, 0xb1, 0x8b, 0x5d, + 0xf4, 0xe5, 0x71, 0x70, 0xec, 0x4f, 0x5d, 0x59, 0x03, 0x17, 0xbd, 0xa6, + 0x23, 0x56, 0xcf, 0xb1, 0x82, 0x65, 0x04, 0xd7, 0x1a, 0x5c, 0x9e, 0x03, + 0x73, 0xc6, 0x04, 0x2f, 0x68, 0xc8, 0xab, 0x61, 0x5a, 0x45, 0x93, 0x1c, + 0xfe, 0x65, 0x75, 0x0e, 0x38, 0x23, 0x74, 0xbe, 0xa9, 0x80, 0xfe, 0x1b, + 0x95, 0x14, 0xdc, 0x5e, 0xa0, 0xd8, 0x6e, 0x0c, 0x81, 0xc9, 0x6c, 0x20, + 0x20, 0xc1}; +const uint8_t kP521SpkiKeyLen[] = { + 0x30, 0x81, 0x9b, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, 0x03, 0x81, 0x86, + 0x00, 0x04, 0x00, 0x65, 0x92, 0x0a, 0xd7, 0xa2, 0x34, 0xad, 0xf7, 0x13, + 0x8b, 0xee, 0x05, 0x61, 0xb9, 0xb4, 0x8f, 0xd4, 0x45, 0x69, 0xd9, 0x32, + 0x94, 0x2f, 0xec, 0xff, 0xa6, 0x7a, 0xa9, 0x41, 0xa1, 0x82, 0x56, 0xd6, + 0xe7, 0x3d, 0x65, 0xb9, 0x5a, 0x8c, 0xaf, 0x10, 0x93, 0x69, 0xe8, 0xdf, + 0xc3, 0xb6, 0x99, 0x0d, 0xca, 0x75, 0xc8, 0x94, 0x68, 0x97, 0xed, 0x3e, + 0xd1, 0x00, 0x24, 0x36, 0x71, 0xee, 0x39, 0xa4, 0x00, 0xb1, 0x8b, 0x5d, + 0xf4, 0xe5, 0x71, 0x70, 0xec, 0x4f, 0x5d, 0x59, 0x03, 0x17, 0xbd, 0xa6, + 0x23, 0x56, 0xcf, 0xb1, 0x82, 0x65, 0x04, 0xd7, 0x1a, 0x5c, 0x9e, 0x03, + 0x73, 0xc6, 0x04, 0x2f, 0x68, 0xc8, 0xab, 0x61, 0x5a, 0x45, 0x93, 0x1c, + 0xfe, 0x65, 0x75, 0x0e, 0x38, 0x23, 0x74, 0xbe, 0xa9, 0x80, 0xfe, 0x1b, + 0x95, 0x14, 0xdc, 0x5e, 0xa0, 0xd8, 0x6e, 0x0c, 0x81, 0xc9, 0x6c, 0x20, + 0x20, 0xc1, +}; +const uint8_t kP521DataKeyLen[] = {'s', 'a', 'm', 'p', 'l', 'e'}; +const uint8_t kP521SignatureKeyLen[] = { + 0x00, 0x9e, 0x46, 0x74, 0xb3, 0xba, 0x40, 0x54, 0x96, 0xf7, 0xbe, 0xe6, + 0x16, 0x1f, 0xb4, 0xd5, 0x35, 0x9b, 0xa7, 0xd3, 0x38, 0x80, 0x35, 0x81, + 0x7e, 0x9e, 0xcd, 0xf5, 0x2a, 0xa5, 0xe5, 0x4c, 0x6d, 0xde, 0x80, 0x39, + 0x28, 0x06, 0x07, 0x27, 0x91, 0x90, 0xb9, 0xd4, 0x7c, 0x18, 0x1e, 0x9a, + 0x8f, 0x9e, 0xe4, 0xc8, 0xcb, 0x54, 0x36, 0x68, 0xee, 0x81, 0xa4, 0xef, + 0x0b, 0x15, 0x7e, 0xc8, 0xc9, 0xbe, 0x01, 0x1a, 0x87, 0xaa, 0x50, 0xd0, + 0x08, 0xd9, 0xb8, 0x3a, 0xec, 0xa5, 0xd8, 0x7c, 0x69, 0x90, 0xc1, 0x03, + 0xeb, 0xe3, 0x1d, 0x3a, 0x76, 0x14, 0x82, 0xda, 0xd1, 0x1d, 0x36, 0x9d, + 0x3a, 0x46, 0x34, 0xe7, 0x64, 0x78, 0x53, 0xa3, 0x71, 0x2b, 0xa1, 0x99, + 0xe8, 0x9e, 0xe5, 0x45, 0x64, 0x1b, 0xc1, 0x04, 0x46, 0xe2, 0xd6, 0xf1, + 0xfc, 0x11, 0x85, 0xe2, 0x38, 0x6d, 0x36, 0x26, 0x31, 0x58, 0x9a, 0x9d, +}; // ECDSA test vectors, SPKI and PKCS#8 edge cases. const uint8_t kP256Pkcs8NoCurveOIDOrAlgorithmParams[] = { @@ -280,4 +440,110 @@ const uint8_t kP256SpkiPointNotOnCurve[] = { 0x28, 0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77, 0xa3, 0xc2, 0x94, 0x00, 0x33, 0x11, 0x77}; +const uint8_t kP521DataUnpaddedSigLong[] = {'W', 'T', 'F', '6', '0', + 'M', 'W', 'M', 'N', '3'}; +const uint8_t kP521DataUnpaddedSigShort[] = { + 'M', 'I', '6', '3', 'V', 'N', 'G', 'L', 'F', 'R', +}; +const uint8_t kP521SpkiUnpaddedSig[] = { + 0x30, 0x81, 0x9b, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, 0x03, 0x81, 0x86, + 0x00, 0x04, 0x01, 0xd2, 0x37, 0xeb, 0x78, 0xc7, 0x9b, 0x86, 0xff, 0x29, + 0x7b, 0x55, 0x4d, 0x11, 0xc7, 0x9c, 0x2d, 0xc1, 0x67, 0x9f, 0xad, 0x2a, + 0xa9, 0xb9, 0x51, 0x30, 0x6d, 0xde, 0x14, 0x16, 0xea, 0xb3, 0x9d, 0x18, + 0xfc, 0xf0, 0x38, 0x6e, 0x7f, 0xa6, 0x82, 0xb9, 0x19, 0x01, 0xaf, 0xe7, + 0xc3, 0xd8, 0xec, 0x9a, 0x62, 0x7b, 0xbf, 0x41, 0xc7, 0x86, 0x89, 0x52, + 0x76, 0x8e, 0x01, 0x97, 0x1b, 0x16, 0x97, 0x69, 0x01, 0x2d, 0x07, 0x88, + 0x6f, 0xe0, 0x17, 0xbe, 0x82, 0xc4, 0x12, 0xd6, 0x16, 0x72, 0xf8, 0x57, + 0x75, 0x5c, 0x69, 0x79, 0xd0, 0x11, 0x05, 0x96, 0x2f, 0xa4, 0x61, 0xcd, + 0x8f, 0x54, 0x95, 0x58, 0xbd, 0x7d, 0x71, 0x84, 0x63, 0x18, 0xb8, 0x5b, + 0xaa, 0x1b, 0xd2, 0xe9, 0x65, 0x63, 0x15, 0x34, 0x25, 0x35, 0x2f, 0x35, + 0x27, 0x3a, 0x84, 0x42, 0x7a, 0x42, 0x8e, 0xfd, 0x15, 0xbe, 0x0c, 0x0c, + 0xe2, 0x9f}; +const uint8_t kP521SignatureUnpaddedSigLong[] = { + 0x01, 0xa7, 0x3a, 0x14, 0x79, 0x77, 0x9e, 0x48, 0xb0, 0xff, 0xb5, 0xbe, + 0xfb, 0xfa, 0x7a, 0x84, 0x24, 0xb3, 0x5c, 0xf0, 0xfd, 0x77, 0x9d, 0xd4, + 0x66, 0x49, 0xfd, 0xbf, 0x04, 0xbf, 0xbb, 0x75, 0x22, 0xbb, 0x35, 0x42, + 0xdb, 0xe7, 0xed, 0x5a, 0x8f, 0x15, 0xf3, 0xa9, 0x0e, 0xb6, 0x5b, 0xde, + 0x23, 0x79, 0x47, 0xa7, 0x1d, 0x25, 0x24, 0x68, 0x63, 0xf6, 0x9c, 0x2e, + 0x21, 0xe0, 0x30, 0xfc, 0xd3, 0x65, 0x01, 0x12, 0x4e, 0xf0, 0xbb, 0x89, + 0xec, 0xec, 0x4f, 0xef, 0xbe, 0xdc, 0xd6, 0xac, 0xa4, 0x16, 0x68, 0x2b, + 0x78, 0xdf, 0x6c, 0x6e, 0xb8, 0xf4, 0x5b, 0x45, 0x1b, 0xdd, 0x84, 0x40, + 0x94, 0x07, 0xc7, 0xbc, 0xb6, 0x57, 0x92, 0xf1, 0x64, 0xb9, 0x2c, 0xcb, + 0x1d, 0xbe, 0x1c, 0x93, 0x78, 0x97, 0x8b, 0x84, 0x4e, 0x69, 0x6d, 0x0b, + 0xb0, 0x5f, 0xf1, 0x84, 0x18, 0x82, 0x8d, 0x55, 0xdf, 0x36, 0x43, 0x8a}; +const uint8_t kP521SignatureUnpaddedSigShort[] = { + 0x40, 0x12, 0xa7, 0x96, 0x5d, 0x77, 0xba, 0x8a, 0x90, 0x57, 0x52, 0x11, + 0xad, 0x72, 0x21, 0xd6, 0x6c, 0x73, 0x81, 0x43, 0x5d, 0x09, 0xe4, 0xde, + 0xee, 0xc2, 0xb5, 0x03, 0x1f, 0x0f, 0xd1, 0x6a, 0xfc, 0x26, 0x6d, 0x99, + 0x6d, 0x84, 0x32, 0x05, 0x56, 0x66, 0xe3, 0x6b, 0xf7, 0xf2, 0x04, 0xc9, + 0x44, 0x17, 0xaa, 0xbd, 0x24, 0xd8, 0x87, 0x4e, 0x53, 0x9d, 0x08, 0x65, + 0x91, 0x95, 0xeb, 0xeb, 0x92, 0x0b, 0xdb, 0x34, 0x80, 0xe8, 0x9f, 0x38, + 0x73, 0x00, 0x7c, 0xfc, 0x2b, 0xfa, 0xcf, 0xa6, 0x6c, 0x1c, 0xb0, 0x75, + 0x76, 0x01, 0x22, 0xe7, 0x3c, 0xd8, 0xc4, 0x1f, 0x5e, 0xde, 0x0b, 0x95, + 0x7a, 0x50, 0x2b, 0x8c, 0x87, 0xc4, 0x12, 0x8e, 0x00, 0x09, 0x29, 0x2c, + 0x21, 0xd1, 0x96, 0xa0, 0xf3, 0x0f, 0x54, 0xdb, 0x6a, 0xbb, 0x90, 0xf5, + 0x5c, 0x7a, 0x8d, 0x83, 0x9c, 0x39, 0x38, 0x58, 0x5a, 0x0e}; +const uint8_t kP384DataUnpaddedSigLong[] = {'L', 'T', 'N', '4', 'B', + 'P', 'X', 'Y', '5', 'N'}; +const uint8_t kP384DataUnpaddedSigShort[] = {'3', 'U', 'S', 'N', 'N', + 'U', '6', 'E', 'E', '0'}; +const uint8_t kP384SpkiUnpaddedSig[] = { + 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, + 0x1e, 0x98, 0x4c, 0xcf, 0x05, 0xd4, 0x9b, 0x98, 0x11, 0xae, 0xa1, 0xaa, + 0x72, 0x27, 0xac, 0xde, 0x7f, 0xe8, 0x4d, 0xda, 0xaa, 0x67, 0x51, 0x2e, + 0x0b, 0x30, 0x31, 0xab, 0x05, 0xac, 0x95, 0xdf, 0x09, 0x96, 0xcf, 0xe3, + 0xf5, 0xfa, 0x30, 0xad, 0x43, 0x0b, 0xa5, 0x7e, 0xd7, 0xd1, 0xee, 0x4e, + 0x83, 0x53, 0xe3, 0x26, 0xeb, 0xc1, 0xc9, 0xe5, 0x35, 0x36, 0x1a, 0xbf, + 0xbf, 0x99, 0xd6, 0xe2, 0x14, 0x43, 0xcb, 0x54, 0xde, 0x06, 0xb5, 0x7d, + 0x27, 0xb7, 0xc2, 0x27, 0xaf, 0xb6, 0x12, 0x4f, 0x47, 0xa0, 0xdb, 0xb5, + 0x6e, 0x7b, 0x44, 0x0d, 0xc8, 0xbd, 0x13, 0x3c, 0x27, 0x7c, 0xf2, 0x3a}; +const uint8_t kP384SignatureUnpaddedSigLong[] = { + 0x19, 0x22, 0x21, 0x72, 0x8a, 0xa4, 0x22, 0x26, 0x75, 0x16, 0x9c, 0x58, + 0x93, 0xd8, 0x43, 0xac, 0x28, 0x78, 0xe7, 0xe2, 0xf2, 0x5d, 0xa6, 0x59, + 0x74, 0x6d, 0x55, 0x95, 0xe1, 0xa8, 0xc9, 0x18, 0x54, 0x5d, 0x03, 0xa0, + 0xb0, 0x90, 0xe9, 0xf1, 0xc5, 0xf6, 0x29, 0x1a, 0x50, 0x9d, 0xe3, 0xde, + 0x4a, 0x69, 0xdf, 0x1b, 0xe5, 0x53, 0xd7, 0xe8, 0xd4, 0xbf, 0x8c, 0xfc, + 0x07, 0x66, 0xbc, 0xa7, 0xb5, 0x47, 0x29, 0xbd, 0x15, 0x8c, 0x57, 0x6c, + 0xde, 0x37, 0x57, 0xa4, 0xd4, 0x61, 0x79, 0x92, 0x67, 0x25, 0x2e, 0xbc, + 0x8b, 0x88, 0x6a, 0xfa, 0xa5, 0x00, 0x19, 0x11, 0x64, 0x69, 0x7b, 0xf6}; +const uint8_t kP384SignatureUnpaddedSigShort[] = { + 0x69, 0xe6, 0xc2, 0xd0, 0xb0, 0x59, 0xca, 0x1f, 0x07, 0x4c, 0x90, 0x13, + 0x75, 0xe0, 0xc5, 0xb9, 0x38, 0xf2, 0xd8, 0x55, 0xf7, 0x08, 0xbd, 0x8e, + 0x61, 0xbd, 0x50, 0x7e, 0xb6, 0xb5, 0xea, 0xbc, 0xa4, 0xa0, 0x18, 0x9b, + 0x63, 0x6b, 0x8a, 0x91, 0x88, 0x39, 0x0a, 0xbe, 0x6a, 0xb6, 0x4b, 0xaf, + 0xcb, 0x31, 0x89, 0xcf, 0x43, 0x28, 0x4b, 0x04, 0x6a, 0xe0, 0x8d, 0xbc, + 0xbf, 0xa2, 0x45, 0xdf, 0x1c, 0x83, 0x82, 0x3e, 0x2b, 0xa3, 0xea, 0x50, + 0x80, 0xec, 0x31, 0x48, 0x20, 0x30, 0x75, 0x94, 0xd9, 0x08, 0x9f, 0x6f, + 0x53, 0x21, 0x6f, 0x72, 0x74, 0x0c, 0xc4, 0x21, 0x28, 0xc9}; + +const uint8_t kP256DataUnpaddedSigLong[] = {'J', '5', 'C', 'N', 'Q', + 'T', 'F', 'A', 'J', 'T'}; +const uint8_t kP256DataUnpaddedSigShort[] = {'K', 'O', 'S', '9', '4', + 'F', 'V', 'C', 'Y', 'C'}; +const uint8_t kP256SpkiUnpaddedSig[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0x30, 0x40, 0x9d, 0x57, 0xdd, 0xd0, 0x70, 0x1d, 0x4b, + 0x40, 0x84, 0xd4, 0x7a, 0xc0, 0x30, 0x68, 0x33, 0xf1, 0x1d, 0x47, 0xaa, + 0x37, 0x4d, 0xe2, 0xc8, 0xce, 0xdc, 0x82, 0x1d, 0xf7, 0xcf, 0xdd, 0x9e, + 0xb6, 0x6c, 0x85, 0x87, 0x9d, 0x31, 0x79, 0x7e, 0xe4, 0xe9, 0xc7, 0x4f, + 0xd6, 0x07, 0x1d, 0x2f, 0x54, 0x82, 0x5d, 0x22, 0xbf, 0xbc, 0xf0, 0x75, + 0x01, 0x09, 0x43, 0xc6, 0x52, 0xcb, 0x45}; +const uint8_t kP256SignatureUnpaddedSigLong[] = { + 0xad, 0x6f, 0xcf, 0x41, 0xc1, 0x83, 0xe3, 0x6f, 0xe0, 0x2c, 0x9f, + 0x56, 0xa5, 0x17, 0x60, 0xbf, 0x80, 0x71, 0x18, 0x54, 0x1d, 0x82, + 0xdb, 0xe6, 0xc2, 0x4e, 0x60, 0x4a, 0xa6, 0x0c, 0xed, 0xcf, 0xe9, + 0xbf, 0xda, 0x11, 0xc2, 0x0a, 0x9c, 0x02, 0x5f, 0xb6, 0xa0, 0xb8, + 0xbc, 0xda, 0xbf, 0x80, 0xb4, 0xfb, 0x68, 0xab, 0xc8, 0xa8, 0x07, + 0xeb, 0x50, 0x5c, 0x8a, 0x47, 0xcf, 0x61, 0x91, 0x5f}; +const uint8_t kP256SignatureUnpaddedSigShort[] = { + 0x3d, 0x99, 0x94, 0xa9, 0x80, 0x12, 0x43, 0x27, 0xde, 0x78, 0x9e, + 0x61, 0xaf, 0x10, 0xee, 0xd2, 0x22, 0xc6, 0x6e, 0x1c, 0xdf, 0xe7, + 0x75, 0x28, 0x84, 0xae, 0xb8, 0xdb, 0x7b, 0xf1, 0x91, 0x86, 0x5b, + 0x5a, 0x28, 0x16, 0x15, 0xfe, 0xd9, 0x48, 0x33, 0x95, 0xa8, 0x8f, + 0x92, 0xbb, 0xe3, 0x9c, 0xca, 0x04, 0xef, 0x56, 0x48, 0x16, 0x73, + 0xa6, 0xb6, 0x6a, 0x38, 0xc9, 0x78, 0xc4}; + } // namespace nss_test diff --git a/nss/gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc b/nss/gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc index f05d763..eb620b0 100644 --- a/nss/gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc +++ b/nss/gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc @@ -239,6 +239,9 @@ TEST(RsaPkcs1Test, Pkcs1MinimumPadding) { SECItem hash_item = {siBuffer, toUcharPtr(hash.data()), static_cast<unsigned int>(hash.len())}; SECItem sig_item = {siBuffer, toUcharPtr(sig.data()), sig_len}; + /* don't let policy foil us */ + NSS_OptionSet(NSS_KEY_SIZE_POLICY_CLEAR_FLAGS, + NSS_KEY_SIZE_POLICY_VERIFY_FLAG); rv = VFY_VerifyDigestDirect(&hash_item, short_pub.get(), &sig_item, SEC_OID_PKCS1_RSA_ENCRYPTION, SEC_OID_SHA512, nullptr); diff --git a/nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc b/nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc index e7d6bc2..8c1c19d 100644 --- a/nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc +++ b/nss/gtests/softoken_gtest/softoken_nssckbi_testlib_gtest.cc @@ -64,6 +64,22 @@ TEST_F(SoftokenBuiltinsTest, CheckNoDistrustFields) { EXPECT_EQ(PR_FALSE, PK11_HasAttributeSet(cert->slot, cert->pkcs11ID, CKA_NSS_EMAIL_DISTRUST_AFTER, PR_FALSE)); + + SECStatus rv; + PRBool isDistrusted; + PRTime distrustAfter; + rv = PK11_ReadDistrustAfterAttribute(cert->slot, cert->pkcs11ID, + CKA_NSS_SERVER_DISTRUST_AFTER, + &isDistrusted, &distrustAfter); + EXPECT_EQ(SECSuccess, rv); + EXPECT_EQ(PR_FALSE, isDistrusted); + + rv = PK11_ReadDistrustAfterAttribute(cert->slot, cert->pkcs11ID, + CKA_NSS_EMAIL_DISTRUST_AFTER, + &isDistrusted, &distrustAfter); + EXPECT_EQ(SECSuccess, rv); + EXPECT_EQ(PR_FALSE, isDistrusted); + ASSERT_FALSE(cert->distrust); } @@ -95,6 +111,23 @@ TEST_F(SoftokenBuiltinsTest, CheckOkDistrustFields) { EXPECT_TRUE(!memcmp(kExpectedDERValueEmail, cert->distrust->emailDistrustAfter.data, kDistrustFieldSize)); + + SECStatus rv; + PRBool isDistrusted; + PRTime distrustAfter; + rv = PK11_ReadDistrustAfterAttribute(cert->slot, cert->pkcs11ID, + CKA_NSS_SERVER_DISTRUST_AFTER, + &isDistrusted, &distrustAfter); + EXPECT_EQ(SECSuccess, rv); + EXPECT_EQ(PR_TRUE, isDistrusted); + EXPECT_EQ(1592352000000000, distrustAfter); + + rv = PK11_ReadDistrustAfterAttribute(cert->slot, cert->pkcs11ID, + CKA_NSS_EMAIL_DISTRUST_AFTER, + &isDistrusted, &distrustAfter); + EXPECT_EQ(SECSuccess, rv); + EXPECT_EQ(PR_TRUE, isDistrusted); + EXPECT_EQ(1192352000000000, distrustAfter); } TEST_F(SoftokenBuiltinsTest, CheckInvalidDistrustFields) { @@ -119,6 +152,19 @@ TEST_F(SoftokenBuiltinsTest, CheckInvalidDistrustFields) { PK11_HasAttributeSet(cert->slot, cert->pkcs11ID, CKA_NSS_EMAIL_DISTRUST_AFTER, PR_FALSE)); ASSERT_FALSE(cert->distrust); + + SECStatus rv; + PRBool isDistrusted; + PRTime distrustAfter; + rv = PK11_ReadDistrustAfterAttribute(cert->slot, cert->pkcs11ID, + CKA_NSS_SERVER_DISTRUST_AFTER, + &isDistrusted, &distrustAfter); + EXPECT_EQ(SECFailure, rv); + + rv = PK11_ReadDistrustAfterAttribute(cert->slot, cert->pkcs11ID, + CKA_NSS_EMAIL_DISTRUST_AFTER, + &isDistrusted, &distrustAfter); + EXPECT_EQ(SECFailure, rv); } } // namespace nss_test diff --git a/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc b/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc index 01a0250..5a03733 100644 --- a/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc +++ b/nss/gtests/ssl_gtest/ssl_certificate_compression_unittest.cc @@ -221,6 +221,7 @@ class TLSCertificateToEncodedCertificateChanger : public TlsRecordFilter { static SECStatus SimpleXorCertCompEncode(const SECItem* input, SECItem* output) { SECITEM_CopyItem(NULL, output, input); + PORT_Memcpy(output->data, input->data, output->len); for (size_t i = 0; i < output->len; i++) { output->data[i] ^= 0x55; } @@ -228,12 +229,18 @@ static SECStatus SimpleXorCertCompEncode(const SECItem* input, } /* Test decoding function. */ -static SECStatus SimpleXorCertCompDecode(const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { - SECITEM_CopyItem(NULL, output, input); - for (size_t i = 0; i < output->len; i++) { - output->data[i] ^= 0x55; +static SECStatus SimpleXorCertCompDecode(const SECItem* input, uint8_t* output, + size_t outputLen, + size_t* receivedOutputLen) { + if (input->len != outputLen) { + return SECFailure; + } + + PORT_Memcpy(output, input->data, input->len); + for (size_t i = 0; i < outputLen; i++) { + output[i] ^= 0x55; } + *receivedOutputLen = outputLen; return SECSuccess; } @@ -248,13 +255,19 @@ static SECStatus SimpleXorWithDifferentValueEncode(const SECItem* input, } /* Test decoding function. */ -static SECStatus SimpleXorWithDifferentValueDecode( - const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { - SECITEM_CopyItem(NULL, output, input); - for (size_t i = 0; i < output->len; i++) { - output->data[i] ^= 0x77; +static SECStatus SimpleXorWithDifferentValueDecode(const SECItem* input, + uint8_t* output, + size_t outputLen, + size_t* receivedOutputLen) { + if (input->len != outputLen) { + return SECFailure; + } + + PORT_Memcpy(output, input->data, input->len); + for (size_t i = 0; i < outputLen; i++) { + output[i] ^= 0x77; } + *receivedOutputLen = outputLen; return SECSuccess; } @@ -1128,47 +1141,6 @@ TEST_F(TlsConnectStreamTls13, CertificateCompression_ReceivedWrongAlgorithm) { SEC_ERROR_CERTIFICATE_COMPRESSION_ALGORITHM_NOT_SUPPORTED); } -static SECStatus SimpleXorCertCompDecode_length_smaller_than_given( - const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { - SECITEM_MakeItem(NULL, output, input->data, input->len - 1); - return SECSuccess; -} - -/* - * The next test modifies the length of the received certificate - * (uncompressed_length field of CompressedCertificate). - */ -TEST_F(TlsConnectStreamTls13, CertificateCompression_ReceivedWrongLength) { - EnsureTlsSetup(); - auto filterExtension = - MakeTlsFilter<TLSCertificateCompressionCertificateModifier>(server_, 0x6, - 0xff); - SSLCertificateCompressionAlgorithm t = { - 0xff01, "test function", SimpleXorCertCompEncode, - SimpleXorCertCompDecode_length_smaller_than_given}; - - EXPECT_EQ(SECSuccess, - SSLExp_SetCertificateCompressionAlgorithm(server_->ssl_fd(), t)); - EXPECT_EQ(SECSuccess, - SSLExp_SetCertificateCompressionAlgorithm(client_->ssl_fd(), t)); - - ExpectAlert(client_, kTlsAlertBadCertificate); - StartConnect(); - - client_->SetServerKeyBits(server_->server_key_bits()); - client_->Handshake(); - server_->Handshake(); - - ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING), 5000); - ASSERT_EQ(TlsAgent::STATE_ERROR, client_->state()); - - client_->ExpectSendAlert(kTlsAlertCloseNotify); - server_->ExpectReceiveAlert(kTlsAlertCloseNotify); - - client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CERTIFICATE); -} - /* The next test modifies the length of the encoded certificate * (compressed_certificate_message len); * the new length is compressed_certificate_message is equal to 0. @@ -1275,8 +1247,8 @@ static SECStatus SimpleXorCertCompEncode_always_error(const SECItem* input, /* Test decoding function. Returns error unconditionally. */ static SECStatus SimpleXorCertCompDecode_always_error( - const SECItem* input, SECItem* output, - size_t expectedLenDecodedCertificate) { + const SECItem* input, uint8_t* output, size_t outputLen, + size_t* receivedOutputLen) { return SECFailure; } @@ -1333,6 +1305,48 @@ TEST_F(TlsConnectStreamTls13, CertificateCompression_CertificateCannotDecode) { client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CERTIFICATE); } +/* Decoding function returning unexpected decoded certificate length. */ +static SECStatus WrongUsedLenCertCompDecode(const SECItem* input, + uint8_t* output, size_t outputLen, + size_t* receivedOutputLen) { + if (input->len != outputLen) { + return SECFailure; + } + + PORT_Memcpy(output, input->data, input->len); + *receivedOutputLen = outputLen - 1; + + return SECSuccess; +} + +TEST_F(TlsConnectStreamTls13, + CertificateCompression_WrongDecodedCertificateLength) { + EnsureTlsSetup(); + + SSLCertificateCompressionAlgorithm t = {0xff01, "test function", + SimpleXorCertCompEncode, + WrongUsedLenCertCompDecode}; + + EXPECT_EQ(SECSuccess, + SSLExp_SetCertificateCompressionAlgorithm(server_->ssl_fd(), t)); + EXPECT_EQ(SECSuccess, + SSLExp_SetCertificateCompressionAlgorithm(client_->ssl_fd(), t)); + + ExpectAlert(client_, kTlsAlertBadCertificate); + StartConnect(); + + client_->SetServerKeyBits(server_->server_key_bits()); + client_->Handshake(); + server_->Handshake(); + + ASSERT_TRUE_WAIT(client_->state() != TlsAgent::STATE_CONNECTING, 5000); + + server_->ExpectReceiveAlert(kTlsAlertCloseNotify); + client_->ExpectSendAlert(kTlsAlertCloseNotify); + + client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CERTIFICATE); +} + /* The test checking the client authentification is successful using certificate * compression. */ TEST_F(TlsConnectStreamTls13, CertificateCompression_PostAuth) { |