diff options
| author | Jack Lloyd <[email protected]> | 2019-08-01 09:20:26 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2019-08-01 09:26:00 -0400 |
| commit | cb90f825466b08cf8a64c042e72b40d9191f2033 (patch) | |
| tree | 14d677e41a51891eafd750c04162a2fdd40a88ac /src/tests | |
| parent | fdf9970f921bf6b3e99c2a99ebc251b6e5dd760e (diff) | |
Updates for GOST 2012 support
GOST uses IEEE style formatting for signatures rather than DER struct.
Confirmed using 2012 test certs from CryptoPro
GH #1860 #1897
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/data/x509/gost/gost_int.pem | 46 | ||||
| -rw-r--r-- | src/tests/data/x509/gost/gost_root.pem | 33 | ||||
| -rw-r--r-- | src/tests/unit_x509.cpp | 26 |
3 files changed, 105 insertions, 0 deletions
diff --git a/src/tests/data/x509/gost/gost_int.pem b/src/tests/data/x509/gost/gost_int.pem new file mode 100644 index 000000000..16e823470 --- /dev/null +++ b/src/tests/data/x509/gost/gost_int.pem @@ -0,0 +1,46 @@ +-----BEGIN CERTIFICATE----- +MIIIJzCCB9SgAwIBAgIRAdE5xgDlqVW1So99yFUKb2YwCgYIKoUDBwEBAwIwggFV +MSAwHgYJKoZIhvcNAQkBFhFpbmZvQGNyeXB0b3Byby5ydTEYMBYGBSqFA2QBEg0x +MDM3NzAwMDg1NDQ0MRowGAYIKoUDA4EDAQESDDAwNzcxNzEwNzk5MTELMAkGA1UE +BhMCUlUxGDAWBgNVBAgMDzc3INCc0L7RgdC60LLQsDEVMBMGA1UEBwwM0JzQvtGB +0LrQstCwMS8wLQYDVQQJDCbRg9C7LiDQodGD0YnRkdCy0YHQutC40Lkg0LLQsNC7 +INC0LiAxODElMCMGA1UECgwc0J7QntCeICLQmtCg0JjQn9Ci0J4t0J/QoNCeIjFl +MGMGA1UEAwxc0KLQtdGB0YLQvtCy0YvQuSDQs9C+0LvQvtCy0L3QvtC5INCj0KYg +0J7QntCeICLQmtCg0JjQn9Ci0J4t0J/QoNCeIiDQk9Ce0KHQoiAyMDEyICjQo9Cm +IDIuMCkwHhcNMTkwMTMwMTE1MTQ0WhcNMjkwMTMwMTIwMTQ0WjCCAVsxIDAeBgkq +hkiG9w0BCQEWEWluZm9AY3J5cHRvcHJvLnJ1MRgwFgYFKoUDZAESDTEwMzc3MDAw +ODU0NDQxGjAYBggqhQMDgQMBARIMMDA3NzE3MTA3OTkxMQswCQYDVQQGEwJSVTEY +MBYGA1UECAwPNzcg0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAx +LzAtBgNVBAkMJtGD0LsuINCh0YPRidGR0LLRgdC60LjQuSDQstCw0Lsg0LQuIDE4 +MSUwIwYDVQQKDBzQntCe0J4gItCa0KDQmNCf0KLQni3Qn9Cg0J4iMWswaQYDVQQD +DGLQotC10YHRgtC+0LLRi9C5INC/0L7QtNGH0LjQvdC10L3QvdGL0Lkg0KPQpiDQ +ntCe0J4gItCa0KDQmNCf0KLQni3Qn9Cg0J4iINCT0J7QodCiIDIwMTIgKNCj0KYg +Mi4wKTBmMB8GCCqFAwcBAQEBMBMGByqFAwICIwEGCCqFAwcBAQICA0MABEACB5tW +0cRZuiQIXwccPDntbVUxlWm9sFPnZiH8T2ZUGtQA5uqSDZAd8sk2Zv0OpBdFEMty +g98vg/M36Vw24G0io4IEbDCCBGgwPwYFKoUDZG8ENgw00KHQmtCX0JggItCa0YDQ +uNC/0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gNC4wKTASBgkrBgEEAYI3 +FQEEBQIDAQABMB0GA1UdDgQWBBT/5GhgksjsgRMZu5Y141hB8YEtmzAOBgNVHQ8B +Af8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAlBgNVHSAEHjAcMAYGBFUdIAAw +CAYGKoUDZHEBMAgGBiqFA2RxAjBrBggrBgEFBQcBAQRfMF0wWwYIKwYBBQUHMAKG +T2h0dHA6Ly90ZXN0Y2EyMDEyLmNyeXB0b3Byby5ydS9haWEvY2IxZGJiODQzNmEx +ODI4YTU5NDkxOTViY2I0OWMxOTkyZTMxYmE4NC5jcnQwHwYJKwYBBAGCNxUHBBIw +EAYIKoUDAgIuAAECAQECAQAwggEaBgUqhQNkcASCAQ8wggELDDTQodCa0JfQmCAi +0JrRgNC40L/RgtC+0J/RgNC+IENTUCIgKNCy0LXRgNGB0LjRjyA0LjApDDHQn9CQ +0JogItCa0YDQuNC/0YLQvtCf0YDQviDQo9CmIiDQstC10YDRgdC40LggMi4wDE/Q +odC10YDRgtC40YTQuNC60LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSW +INCh0KQvMTI0LTMzODAg0L7RgiAxMS4wNS4yMDE4DE/QodC10YDRgtC40YTQuNC6 +0LDRgiDRgdC+0L7RgtCy0LXRgtGB0YLQstC40Y8g4oSWINCh0KQvMTI4LTM1OTIg +0L7RgiAxNy4xMC4yMDE4MGAGA1UdHwRZMFcwVaBToFGGT2h0dHA6Ly90ZXN0Y2Ey +MDEyLmNyeXB0b3Byby5ydS9jZHAvY2IxZGJiODQzNmExODI4YTU5NDkxOTViY2I0 +OWMxOTkyZTMxYmE4NC5jcmwwggGXBgNVHSMEggGOMIIBioAUyx27hDahgopZSRlb +y0nBmS4xuoShggFdpIIBWTCCAVUxIDAeBgkqhkiG9w0BCQEWEWluZm9AY3J5cHRv +cHJvLnJ1MRgwFgYFKoUDZAESDTEwMzc3MDAwODU0NDQxGjAYBggqhQMDgQMBARIM +MDA3NzE3MTA3OTkxMQswCQYDVQQGEwJSVTEYMBYGA1UECAwPNzcg0JzQvtGB0LrQ +stCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAxLzAtBgNVBAkMJtGD0LsuINCh0YPR +idGR0LLRgdC60LjQuSDQstCw0Lsg0LQuIDE4MSUwIwYDVQQKDBzQntCe0J4gItCa +0KDQmNCf0KLQni3Qn9Cg0J4iMWUwYwYDVQQDDFzQotC10YHRgtC+0LLRi9C5INCz +0L7Qu9C+0LLQvdC+0Lkg0KPQpiDQntCe0J4gItCa0KDQmNCf0KLQni3Qn9Cg0J4i +INCT0J7QodCiIDIwMTIgKNCj0KYgMi4wKYIRAdSExQDlqfiOTLgOyPFzGK8wCgYI +KoUDBwEBAwIDQQBSins81hN4Uja8J+Wfx2p+9A8I+DmsgbL594z6+m7Fv7jwlJjH +khx+dTtOs+9dzw0pbq5QmmsL2RdzR19VfGGh +-----END CERTIFICATE----- diff --git a/src/tests/data/x509/gost/gost_root.pem b/src/tests/data/x509/gost/gost_root.pem new file mode 100644 index 000000000..e45fff2ab --- /dev/null +++ b/src/tests/data/x509/gost/gost_root.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFxzCCBXSgAwIBAgIRAdSExQDlqfiOTLgOyPFzGK8wCgYIKoUDBwEBAwIwggFV +MSAwHgYJKoZIhvcNAQkBFhFpbmZvQGNyeXB0b3Byby5ydTEYMBYGBSqFA2QBEg0x +MDM3NzAwMDg1NDQ0MRowGAYIKoUDA4EDAQESDDAwNzcxNzEwNzk5MTELMAkGA1UE +BhMCUlUxGDAWBgNVBAgMDzc3INCc0L7RgdC60LLQsDEVMBMGA1UEBwwM0JzQvtGB +0LrQstCwMS8wLQYDVQQJDCbRg9C7LiDQodGD0YnRkdCy0YHQutC40Lkg0LLQsNC7 +INC0LiAxODElMCMGA1UECgwc0J7QntCeICLQmtCg0JjQn9Ci0J4t0J/QoNCeIjFl +MGMGA1UEAwxc0KLQtdGB0YLQvtCy0YvQuSDQs9C+0LvQvtCy0L3QvtC5INCj0KYg +0J7QntCeICLQmtCg0JjQn9Ci0J4t0J/QoNCeIiDQk9Ce0KHQoiAyMDEyICjQo9Cm +IDIuMCkwHhcNMTkwMTMwMTE0OTA5WhcNMzQwMTMwMTE0OTA5WjCCAVUxIDAeBgkq +hkiG9w0BCQEWEWluZm9AY3J5cHRvcHJvLnJ1MRgwFgYFKoUDZAESDTEwMzc3MDAw +ODU0NDQxGjAYBggqhQMDgQMBARIMMDA3NzE3MTA3OTkxMQswCQYDVQQGEwJSVTEY +MBYGA1UECAwPNzcg0JzQvtGB0LrQstCwMRUwEwYDVQQHDAzQnNC+0YHQutCy0LAx +LzAtBgNVBAkMJtGD0LsuINCh0YPRidGR0LLRgdC60LjQuSDQstCw0Lsg0LQuIDE4 +MSUwIwYDVQQKDBzQntCe0J4gItCa0KDQmNCf0KLQni3Qn9Cg0J4iMWUwYwYDVQQD +DFzQotC10YHRgtC+0LLRi9C5INCz0L7Qu9C+0LLQvdC+0Lkg0KPQpiDQntCe0J4g +ItCa0KDQmNCf0KLQni3Qn9Cg0J4iINCT0J7QodCiIDIwMTIgKNCj0KYgMi4wKTBm +MB8GCCqFAwcBAQEBMBMGByqFAwICIwEGCCqFAwcBAQICA0MABEAAltiwjies7KjL +BzOmQzGhJ8gGcwrceeVaj5RM/dwEoHLY4/xVoQAZzA6MsWW3hOfcEwVNw+y7FqNi +S40X7/x9o4ICEjCCAg4wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTLHbuENqGC +illJGVvLScGZLjG6hDAPBgNVHRMBAf8EBTADAQH/MCUGA1UdIAQeMBwwBgYEVR0g +ADAIBgYqhQNkcQEwCAYGKoUDZHECMIIBGgYFKoUDZHAEggEPMIIBCww00KHQmtCX +0JggItCa0YDQuNC/0YLQvtCf0YDQviBDU1AiICjQstC10YDRgdC40Y8gNC4wKQwx +0J/QkNCaICLQmtGA0LjQv9GC0L7Qn9GA0L4g0KPQpiIg0LLQtdGA0YHQuNC4IDIu +MAxP0KHQtdGA0YLQuNGE0LjQutCw0YIg0YHQvtC+0YLQstC10YLRgdGC0LLQuNGP +IOKEliDQodCkLzEyNC0zMzgwINC+0YIgMTEuMDUuMjAxOAxP0KHQtdGA0YLQuNGE +0LjQutCw0YIg0YHQvtC+0YLQstC10YLRgdGC0LLQuNGPIOKEliDQodCkLzEyOC0z +NTkyINC+0YIgMTcuMTAuMjAxODA/BgUqhQNkbwQ2DDTQodCa0JfQmCAi0JrRgNC4 +0L/RgtC+0J/RgNC+IENTUCIgKNCy0LXRgNGB0LjRjyA0LjApMBEGCSsGAQQBgjcU +AgQEDAJDQTASBgkrBgEEAYI3FQEEBQIDAQABMB8GCSsGAQQBgjcVBwQSMBAGCCqF +AwICLgAAAgEBAgEAMAoGCCqFAwcBAQMCA0EA5HjDmdzd2XU9A5SUbH1JRWr7OnUW +Q/3Pde0fc9C2UUnBDvtJPmDgPqvv3ho3trV015ktc8p00v+A9Erolsd5Ig== +-----END CERTIFICATE----- diff --git a/src/tests/unit_x509.cpp b/src/tests/unit_x509.cpp index 29739eb85..2a5d18dc7 100644 --- a/src/tests/unit_x509.cpp +++ b/src/tests/unit_x509.cpp @@ -558,6 +558,31 @@ Test::Result test_x509_authority_info_access_extension() return result; } +Test::Result test_verify_gost2012_cert() + { + Test::Result result("X509 GOST-2012 certificates"); + + try + { + Botan::X509_Certificate root_cert(Test::data_file("x509/gost/gost_root.pem")); + Botan::X509_Certificate root_int(Test::data_file("x509/gost/gost_int.pem")); + + Botan::Certificate_Store_In_Memory trusted; + trusted.add_certificate(root_cert); + + const Botan::Path_Validation_Restrictions restrictions(false, 128, false, {"Streebog-256"}); + const Botan::Path_Validation_Result validation_result = Botan::x509_path_validate(root_int, restrictions, trusted); + + result.confirm("GOST certificate validates", validation_result.successful_validation()); + } + catch(const Botan::Decoding_Error& e) + { + result.test_failure(e.what()); + } + + return result; + } + /* * @brief checks the configurability of the EMSA4(RSA-PSS) signature scheme * @@ -1617,6 +1642,7 @@ class X509_Cert_Unit_Tests final : public Test results.push_back(test_x509_decode_list()); results.push_back(test_rsa_oaep()); results.push_back(test_x509_authority_info_access_extension()); + results.push_back(test_verify_gost2012_cert()); #endif results.push_back(test_x509_dates()); |