From 244579388e935b92c005f4d577def6e6bca9080c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 15 Feb 2018 21:50:09 +0000 Subject: [PATCH] Add OCSP response verify test for failed status --- tests/data_files/Makefile | 24 +++++++++++++++++++ .../ocsp-resp-status-internal-error.der | 2 ++ .../data_files/ocsp-resp-status-malformed.der | 2 ++ .../ocsp-resp-status-sig-required.der | 2 ++ .../data_files/ocsp-resp-status-try-later.der | 2 ++ .../ocsp-resp-status-unauthorized.der | 2 ++ tests/suites/test_suite_x509parse_ocsp.data | 15 ++++++++++++ 7 files changed, 49 insertions(+) create mode 100644 tests/data_files/ocsp-resp-status-internal-error.der create mode 100644 tests/data_files/ocsp-resp-status-malformed.der create mode 100644 tests/data_files/ocsp-resp-status-sig-required.der create mode 100644 tests/data_files/ocsp-resp-status-try-later.der create mode 100644 tests/data_files/ocsp-resp-status-unauthorized.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index ff2c9e051c..a0060fad08 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -79,6 +79,30 @@ server2-ocsp-nocheck.crt: server2-ocsp-nocheck.csr $(cli_crt_extensions_file) all_final += server2-ocsp-nocheck.crt +################################################################ +#### Generate OCSP responses using existing certificates +################################################################ + +ocsp-resp-status-malformed.der: + @printf "\x30\x03\x0A\x01\x01" > $@ +all_final += ocsp-resp-status-malformed.der + +ocsp-resp-status-internalerror.der: + @printf "\x30\x03\x0A\x01\x02" > $@ +all_final += ocsp-resp-status-internal-error.der + +ocsp-resp-status-try-later.der: + @printf "\x30\x03\x0A\x01\x03" > $@ +all_final += ocsp-resp-status-try-later.der + +ocsp-resp-status-sig-required.der: + @printf "\x30\x03\x0A\x01\x05" > $@ +all_final += ocsp-resp-status-sig-required.der + +ocsp-resp-status-unauthorized.der: + @printf "\x30\x03\x0A\x01\x06" > $@ +all_final += ocsp-resp-status-unauthorized.der + ################################################################ #### Meta targets ################################################################ diff --git a/tests/data_files/ocsp-resp-status-internal-error.der b/tests/data_files/ocsp-resp-status-internal-error.der new file mode 100644 index 0000000000..357edab13b --- /dev/null +++ b/tests/data_files/ocsp-resp-status-internal-error.der @@ -0,0 +1,2 @@ +0 + \ No newline at end of file diff --git a/tests/data_files/ocsp-resp-status-malformed.der b/tests/data_files/ocsp-resp-status-malformed.der new file mode 100644 index 0000000000..e40ff61f3d --- /dev/null +++ b/tests/data_files/ocsp-resp-status-malformed.der @@ -0,0 +1,2 @@ +0 + \ No newline at end of file diff --git a/tests/data_files/ocsp-resp-status-sig-required.der b/tests/data_files/ocsp-resp-status-sig-required.der new file mode 100644 index 0000000000..d43f0794cf --- /dev/null +++ b/tests/data_files/ocsp-resp-status-sig-required.der @@ -0,0 +1,2 @@ +0 + \ No newline at end of file diff --git a/tests/data_files/ocsp-resp-status-try-later.der b/tests/data_files/ocsp-resp-status-try-later.der new file mode 100644 index 0000000000..39e09cffaa --- /dev/null +++ b/tests/data_files/ocsp-resp-status-try-later.der @@ -0,0 +1,2 @@ +0 + \ No newline at end of file diff --git a/tests/data_files/ocsp-resp-status-unauthorized.der b/tests/data_files/ocsp-resp-status-unauthorized.der new file mode 100644 index 0000000000..d6ea065987 --- /dev/null +++ b/tests/data_files/ocsp-resp-status-unauthorized.der @@ -0,0 +1,2 @@ +0 + \ No newline at end of file diff --git a/tests/suites/test_suite_x509parse_ocsp.data b/tests/suites/test_suite_x509parse_ocsp.data index 7cf3c0dd44..e588fd9d01 100644 --- a/tests/suites/test_suite_x509parse_ocsp.data +++ b/tests/suites/test_suite_x509parse_ocsp.data @@ -228,3 +228,18 @@ x509parse_ocsp_response:"308201320A0100A082012B3082012706092B0601050507300101048 X509 OCSP Response ASN1 (signature tag correct, length shorter than data) x509parse_ocsp_response:"308201320A0100A082012B3082012706092B060105050730010104820118308201143081FBA16F306D310B300906035504061302554B3110300E06035504080C07456E676C616E643112301006035504070C0943616D6272696467653111300F060355040A0C086D62656420544C53310C300A060355040B0C034953473117301506035504030C0E6C6F63616C686F73743A34343535180F32303137313130373231323734385A30523050303B300906052B0E03021A050004148ECC98CE8B65772CFD7A5DEB5F16D6D233399265041433A4DCFA2567B1E45BBF6100B78BF74AF4639FDE020210018000180F32303137313130373231323734385AA1233021301F06092B060105050730010204120410CCDA35D522E02E86EE7FEE580A9B1EDF300D06092A864886F70D010105050003040000000000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 OCSP Response verification (malformedRequest response status) +x509_ocsp_response_verify:"data_files/ocsp-resp-status-malformed.der":"data_files/server2.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_BAD_RESPONSE_STATUS + +X509 OCSP Response verification (internalError response status) +x509_ocsp_response_verify:"data_files/ocsp-resp-status-internal-error.der":"data_files/server2.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_BAD_RESPONSE_STATUS + +X509 OCSP Response verification (tryLater response status) +x509_ocsp_response_verify:"data_files/ocsp-resp-status-try-later.der":"data_files/server2.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_BAD_RESPONSE_STATUS + +X509 OCSP Response verification (sigRequired response status) +x509_ocsp_response_verify:"data_files/ocsp-resp-status-sig-required.der":"data_files/server2.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_BAD_RESPONSE_STATUS + +X509 OCSP Response verification (unauthorized response status) +x509_ocsp_response_verify:"data_files/ocsp-resp-status-unauthorized.der":"data_files/server2.crt":"data_files/test-ca-sha256.crt":"data_files/test-ca-sha256.crt":MBEDTLS_ERR_X509_OCSP_RESPONSE_VERIFY_FAILED:MBEDTLS_X509_BADOCSP_RESPONSE_BAD_RESPONSE_STATUS