Mercurial > trustbridge > trustbridge
annotate ui/tests/data/NOTES @ 359:f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
This currently fails because polarssl rejects keys with
a public exponent larger then 64 bit.
With the following patch all tests pass. But this
currently awaits upstream comment.
https://polarssl.org/discussions/bug-report-issues/rsa-keys-with-large-public-exponents-are-rejected
--- rsa.c.orig 2014-04-10 17:22:32.727290031 +0200
+++ rsa.c 2014-04-10 17:22:38.847410225 +0200
@@ -154,7 +154,7 @@
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
if( mpi_msb( &ctx->E ) < 2 ||
- mpi_msb( &ctx->E ) > 64 )
+ mpi_msb( &ctx->E ) > POLARSSL_MPI_MAX_BITS )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
return( 0 );
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Thu, 10 Apr 2014 17:50:44 +0200 |
| parents | 534df06d5c67 |
| children | d0192a7e63df |
| rev | line source |
|---|---|
|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
1 Testkeys were created with: |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
2 openssl genrsa -out testkey-priv.pem 3072 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
3 openssl rsa -in testkey-priv.pem -out testkey-pub.pem -outform PEM -pubout |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
4 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
5 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
6 Certificate List was created manually and contains: |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
7 PCA-1-Verwaltung-08 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 Intevation-Email-CA-2013 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
9 Intevation-Server-CA-2010 |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
10 |
|
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
11 Test files created with: |
|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
12 |
|
30
381558ff6f26
Also break the signature with carriage return
Andre Heinecke <aheinecke@intevation.de>
parents:
26
diff
changeset
|
13 echo -e S:$(openssl dgst -sha256 -sign testkey-priv.pem < list-valid.txt | base64 -w0)\\r > list-valid-signed.txt |
|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
14 cat list-valid.txt >> list-valid-signed.txt |
|
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
15 echo -e S:$(openssl dgst -sha256 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-other-signature.txt |
|
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
16 cat list-valid.txt >> list-valid-other-signature.txt |
|
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
17 echo -e S:$(openssl dgst -sha1 -sign testkey-other.pem < list-valid.txt | base64 -w0)\\r > list-valid-sha1-signature.txt |
|
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
18 cat list-valid.txt >> list-valid-sha1-signature.txt |
|
8
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
19 cp list-valid-signed.txt list-invalid-signed.txt |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
20 tail -1 list-valid.txt >> list-invalid-signed.txt |
|
c7da699f0310
Add some notes about testfile creation
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
21 |
|
359
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
22 # To create test data for something you might want to release |
|
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
23 |
|
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
24 PRIVKEY=... |
|
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
25 echo -e S:$(openssl dgst -sha256 -sign $PRIVKEY < list-valid.txt | base64 -w0)\\r > list-valid-signed-release.txt |
|
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
26 cat list-valid.txt >> list-valid-signed-release.txt |
|
f6ce186cebc2
If DO_RELEASE_BUILD is set use pubkey-release and test with it
Andre Heinecke <andre.heinecke@intevation.de>
parents:
300
diff
changeset
|
27 |
|
42
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
28 # List with 0 created manually by placing a \0 in the signature |
|
6e7ef7e95031
Some more tests and some more test data
Andre Heinecke <aheinecke@intevation.de>
parents:
30
diff
changeset
|
29 |
| 43 | 30 # Test server certificate: |
| 31 | |
| 32 gen_key type=ec ec_curve=brainpoolP256r1 filename=valid_ssl_bp.key | |
| 33 cert_write issuer_name=CN=127.0.0.1,O=Intevation\\ Test,C=DE \ | |
| 34 selfsign=1 issuer_key=valid_ssl_bp.key \ | |
| 35 not_before=20130101000000 not_after=20301231235959 \ | |
| 36 is_ca=1 max_pathlen=0 output_file=valid_ssl_bp.pem | |
| 37 cat valid_ssl_bp.key >> valid_ssl_bp.pem | |
| 38 | |
| 39 gen_key filename=valid_ssl_rsa.key | |
| 40 cert_write issuer_name=CN=127.0.0.1,O=Do_Not_Trust_Test,C=DE \ | |
| 41 selfsign=1 issuer_key=valid_ssl_rsa.key \ | |
| 42 not_before=20130101000000 not_after=20151231235959 \ | |
| 43 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem | |
|
49
c389915fd55e
Add an RSA key for testing
Andre Heinecke <aheinecke@intevation.de>
parents:
43
diff
changeset
|
44 cat valid_ssl_rsa.key >> valid_ssl_rsa.pem |
| 43 | 45 |
|
234
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
46 # Test list certificates (using the rsa key) |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
47 |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
48 for i in {1..30} |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
49 do |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
50 gen_key filename=valid_ssl_rsa.key |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
51 cert_write issuer_name=CN=TestRootCA$i,O=Do_Not_Trust_Test,C=DE \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
52 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
53 not_before=20130101000000 not_after=20151231235959 \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
54 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
55 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
56 echo -e I:${CERT}\\r >> list-valid.txt |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
57 done |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
58 |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
59 for i in {1..15} |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
60 do |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
61 gen_key filename=valid_ssl_rsa.key |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
62 cert_write issuer_name=CN=TestRootCADelete$i,O=Do_Not_Trust_Test,C=DE \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
63 selfsign=1 issuer_key=valid_ssl_rsa.key \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
64 not_before=20130101000000 not_after=20151231235959 \ |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
65 is_ca=1 max_pathlen=0 output_file=valid_ssl_rsa.pem |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
66 CERT=$(cat valid_ssl_rsa.pem | grep -v "\-\-\-\-" | tr -d "\\n") |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
67 echo -e R:${CERT}\\r >> list-valid.txt |
|
a7317252a27c
Add more realistic test data
Andre Heinecke <aheinecke@intevation.de>
parents:
50
diff
changeset
|
68 done |
|
300
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
69 |
|
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
70 # NSS |
|
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
71 mkdir nss |
|
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
72 certutil -d nss -A -i valid_ssl_rsa.pem -n "test" -t c,C |
|
534df06d5c67
Add empty nss testdb
Andre Heinecke <andre.heinecke@intevation.de>
parents:
234
diff
changeset
|
73 certutil -d nss -D -n "test" |