gnupg/tests/cms/samplekeys/Description-p12

# Description-p12  - Machine readable description of our P12 test vectors
# The Cert line gives the SHA1 fingerprint of the certificate
# The Key line gives a hash of the key parameters as returned by minip12.c

Name: ov-user.p12
Desc: Private test key from www.openvalidation.org
Pass: start
Cert: 4753a910e0c8b4caa8663ca0e4273a884eb5397d
Key:  93be89edd11214ab74280d988a665b6beef876c5

Name: ov-server.p12
Desc: Private test key from www.openvalidation.org
Pass: start
Cert: 1997fadf6cc1af03e4845c4cba38fb2397315143
Key:  63b1d7233e75c3a462cb4b8ea3ad285e8ecba91c

Name: opensc-test.p12
Desc: PKCS#12 key and certificates taken from OpenSC (RC2+3DES,PKCS#8)
Pass: password
Cert: 115abfc3ae554092a57ade74177fedf9459af5d2
Cert: a0d6d318952c313ff8c33cd3f629647ff1de76b3
Key:  5a36c61706367ecdb52e8779e3a32bbac1069fa1

Name: t5793-openssl.pfx
Desc: self-signed key issued keys
Pass: test
Cert: 80348a438e4b803b99e708da0b7fdd0659dedd15
Key:  c271e44ab4fb19ca1aae71102ea4d7292ccc981d

Name: t5793-test.pfx
Desc: QuaVadis format of t5793-openssl
Pass: test
Cert: 80348a438e4b803b99e708da0b7fdd0659dedd15
Key:  c271e44ab4fb19ca1aae71102ea4d7292ccc981d

Name: edward.tester@demo.gnupg.com.p12
Desc: GnuPG exported Brainpool certificate
Pass: abc,123456
Cert: ff810b9281a43c394aa138e9c7fd4c0193216fa6
Key:  94c6d0b067370a8f2a09ae43cfe8d700bbd61e75

Name: nistp256-openssl-self-signed.p12
Desc: OpenSSL generated self-signed nistp256 key+cert
Pass: abc
Cert: 5cea0c5bf09ccd92535267c662fc098f6c81c27e
Key:  3cb2fba95d1976df69eb7aa8c65ac5354e15af32

Name: t6752-ov-user-ff.p12
Desc: Mozilla generated with a surplus octet string container
Pass: start
Cert: 4753a910e0c8b4caa8663ca0e4273a884eb5397d
Key:  93be89edd11214ab74280d988a665b6beef876c5

# eof #
sm: Major rewrite of the PKCS#12 parser * sm/minip12.c: Reworked most of the parser. (p12_set_verbosity): Add arg debug and change all callers. * sm/t-minip12.c: Major rewrite to run regression tests unattended. * sm/Makefile.am (module_maint_tests): Move t-Minit to ... (module_tests): here. * tests/cms/samplekeys/Description-p12: New. -- Note that cram_octet_string stuff has not yet been reworked. I need to locate the sample files first. GnuPG-bug-id: 6536 2023-06-28 17:33:24 +02:00			`# Description-p12 - Machine readable description of our P12 test vectors`
sm: Improve the octet string cramming for pkcs#12 * sm/minip12.c (need_octet_string_cramming): New. (tlv_expect_object, tlv_expect_octet_string): Run the test before cramming. * sm/minip12.c (ENABLE_DER_STRUCT_DUMPING): New but undefined macro for debug purposes. (bag_decrypted_data_p, bag_data_p): Use macro to allow dumping. -- This bug was exhibited by importing a gpgsm exported EC certificate. We use an extra test instead of retrying to allow retruning an error from malloc failure. And well, for easier reading of the code. GnuPG-bug-id: 6536 2023-10-05 10:02:59 +02:00			`# The Cert line gives the SHA1 fingerprint of the certificate`
			`# The Key line gives a hash of the key parameters as returned by minip12.c`
sm: Major rewrite of the PKCS#12 parser * sm/minip12.c: Reworked most of the parser. (p12_set_verbosity): Add arg debug and change all callers. * sm/t-minip12.c: Major rewrite to run regression tests unattended. * sm/Makefile.am (module_maint_tests): Move t-Minit to ... (module_tests): here. * tests/cms/samplekeys/Description-p12: New. -- Note that cram_octet_string stuff has not yet been reworked. I need to locate the sample files first. GnuPG-bug-id: 6536 2023-06-28 17:33:24 +02:00
			`Name: ov-user.p12`
			`Desc: Private test key from www.openvalidation.org`
			`Pass: start`
			`Cert: 4753a910e0c8b4caa8663ca0e4273a884eb5397d`
			`Key: 93be89edd11214ab74280d988a665b6beef876c5`

			`Name: ov-server.p12`
			`Desc: Private test key from www.openvalidation.org`
			`Pass: start`
			`Cert: 1997fadf6cc1af03e4845c4cba38fb2397315143`
			`Key: 63b1d7233e75c3a462cb4b8ea3ad285e8ecba91c`

			`Name: opensc-test.p12`
			`Desc: PKCS#12 key and certificates taken from OpenSC (RC2+3DES,PKCS#8)`
			`Pass: password`
			`Cert: 115abfc3ae554092a57ade74177fedf9459af5d2`
			`Cert: a0d6d318952c313ff8c33cd3f629647ff1de76b3`
			`Key: 5a36c61706367ecdb52e8779e3a32bbac1069fa1`
sm: Adding missing stuff to the PKCS#12 parser rewrite. * sm/minip12.c (struct bufferlist_s): New. (struct tlv_ctx_s): Add bufferlist. (tlv_register_buffer): New. (tlv_release): Release bufferlist. (tlv_expect_object): Handle octet string cramming. (tlv_expect_octet_string): Ditto. (cram_octet_string): Changed interface. We don't need the input_consumed value anymore. * sm/minip12.c (parse_shrouded_key_bag): Also parse the attribute set. * sm/t-minip12.c (main): Add option --no-extra. (cert_collect_cb, run_tests_from_file): Fix memory leak * tests/cms/samplekeys/t5793-openssl.pfx: New from T5793. * tests/cms/samplekeys/t5793-test.pfx: Ditto. * tests/cms/samplekeys/Description-p12: Add them. * tests/cms/Makefile.am (EXTRA_DIST): Add samplekeys. -- This should finish the rewrite of the pkcsc#12 parser for now. More fun is likely to come. GnuPG-bug-id: 6536, 5793 2023-06-29 16:33:03 +02:00
			`Name: t5793-openssl.pfx`
			`Desc: self-signed key issued keys`
			`Pass: test`
			`Cert: 80348a438e4b803b99e708da0b7fdd0659dedd15`
			`Key: c271e44ab4fb19ca1aae71102ea4d7292ccc981d`

			`Name: t5793-test.pfx`
			`Desc: QuaVadis format of t5793-openssl`
			`Pass: test`
			`Cert: 80348a438e4b803b99e708da0b7fdd0659dedd15`
			`Key: c271e44ab4fb19ca1aae71102ea4d7292ccc981d`
sm: Improve the octet string cramming for pkcs#12 * sm/minip12.c (need_octet_string_cramming): New. (tlv_expect_object, tlv_expect_octet_string): Run the test before cramming. * sm/minip12.c (ENABLE_DER_STRUCT_DUMPING): New but undefined macro for debug purposes. (bag_decrypted_data_p, bag_data_p): Use macro to allow dumping. -- This bug was exhibited by importing a gpgsm exported EC certificate. We use an extra test instead of retrying to allow retruning an error from malloc failure. And well, for easier reading of the code. GnuPG-bug-id: 6536 2023-10-05 10:02:59 +02:00
			`Name: edward.tester@demo.gnupg.com.p12`
			`Desc: GnuPG exported Brainpool certificate`
			`Pass: abc,123456`
			`Cert: ff810b9281a43c394aa138e9c7fd4c0193216fa6`
			`Key: 94c6d0b067370a8f2a09ae43cfe8d700bbd61e75`

sm: Support more HMAC algos in the pkcs#12 parser. * sm/minip12.c (oid_hmacWithSHA1): New. Also for the SHA-2 algos. (digest_algo_from_oid): New. (set_key_iv_pbes2): Add arg digest_algo. (crypt_block): Ditto. (decrypt_block): Ditto. (parse_bag_encrypted_data): Parse the optional prf part and get the hmac algorithm. (parse_shrouded_key_bag): Ditto. (p12_build): Pass SHA1 for digest_algo. * sm/t-minip12.c (run_one_test): Print failed values in verbose mode. * tests/cms/samplekeys/nistp256-openssl-self-signed.p12: New. * tests/cms/samplekeys/Description-p12: Add this one. * tests/cms/Makefile.am (EXTRA_DIST): Ditto. -- This supports the modern algorithms, i.e. using SHA256 for the KDF which is the default in openssl unless the -legacy option is used. GnuPG-bug-id: 6536 2023-10-06 10:57:12 +02:00			`Name: nistp256-openssl-self-signed.p12`
			`Desc: OpenSSL generated self-signed nistp256 key+cert`
			`Pass: abc`
			`Cert: 5cea0c5bf09ccd92535267c662fc098f6c81c27e`
			`Key: 3cb2fba95d1976df69eb7aa8c65ac5354e15af32`

sm: Another partly rewrite of minip12.c * sm/minip12.c (struct tlv_ctx_s): Add origbuffer and origbufsize. Remove pop_count. Rename offset to length. (dump_tag_info, _dump_tag_info): Rewrite. (dump_tlv_ctx, _dump_tlv_ctx): Rewrite. (tlv_new): Init origbuffer. (_tlv_peek): Add arg ti. (tlv_peek): New. (tlv_peek_null): New. (_tlv_push): Rewrite. (_tlv_pop): Rewrite. (tlv_next): New macro. Move old code to ... (_tlv_next): this. Add arg lno. Pop remaining end tags. (tlv_popped): Remove. (tlv_expect_object): Handle ndef. (tlv_expect_octet_string): Ditto. (parse_bag_encrypted_data): Use nesting level to control the inner loop. (parse_shrouded_key_bag): Likewise. (parse_bag_data): Handle surplus octet strings. (p12_parse): Ditto. * sm/minip12.c (decrypt_block): Strip the padding. (tlv_expect_top_sequence): Remove. Replace callers by tlv_expect_sequence. * tests/cms/samplekeys/t6752-ov-user-ff.p12: New sample key. * tests/cms/samplekeys/Description-p12: Add its description -- This patch improves the BER parser by simplifying it. Now tlv_next pops off and thus closes all containers regardless on whether they are length bounded or ndef. tlv_set_pending is now always used to undo the effect of a tlv_next in a loop condition which was terminated by a nesting level change. Instead of using the length as seen in the decrypted container we now remove the padding and let the BER parser do its work. This might have a negative effect on pkcs#12 objects which are not correctly padded but we don't have any example of such broken objects. GnuPG-bug-id: 6752 2023-10-24 09:22:13 +02:00			`Name: t6752-ov-user-ff.p12`
			`Desc: Mozilla generated with a surplus octet string container`
			`Pass: start`
			`Cert: 4753a910e0c8b4caa8663ca0e4273a884eb5397d`
			`Key: 93be89edd11214ab74280d988a665b6beef876c5`

sm: Improve the octet string cramming for pkcs#12 * sm/minip12.c (need_octet_string_cramming): New. (tlv_expect_object, tlv_expect_octet_string): Run the test before cramming. * sm/minip12.c (ENABLE_DER_STRUCT_DUMPING): New but undefined macro for debug purposes. (bag_decrypted_data_p, bag_data_p): Use macro to allow dumping. -- This bug was exhibited by importing a gpgsm exported EC certificate. We use an extra test instead of retrying to allow retruning an error from malloc failure. And well, for easier reading of the code. GnuPG-bug-id: 6536 2023-10-05 10:02:59 +02:00			`# eof #`