SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasiteEnableLargeKeys.scr

   1 #
   2 # Test for NISCC Parasitic key bearing certs, with the RSAMaxKeySize set to > 16k.
   3 # The easy way to set this is via the cspxutils/keySizePref program; compile it and
   4 # run it like this as root:
   5 #
   6 # keySizePref set keysize 20000
   7 #
   8 globals
   9 allowUnverified = true
  10 crlNetFetchEnable = false
  11 certNetFetchEnable = false
  12 useSystemAnchors = false
  13 end
  14
  15 test = "locally generated 6K keys"
  16 cert = ssSubjCert.der
  17 root = ssRootCert.der
  18 verifyTime = 20060726000000
  19 end
  20
  21 test = "test1, uee8k"
  22 cert = uee8k.pem
  23 cert = shintca.pem
  24 root = shroot.pem
  25 verifyTime = 20060726000000
  26 # bad public exponent
  27 error = CSSMERR_TP_INVALID_CERTIFICATE
  28 end
  29
  30 test = "test1, uee16k.pem"
  31 cert = uee16k.pem
  32 cert = shintca.pem
  33 root = shroot.pem
  34 verifyTime = 20060726000000
  35 # bad public exponent
  36 error = CSSMERR_TP_INVALID_CERTIFICATE
  37 end
  38
  39 test = "test2a, huge pkint8k.pem CA"
  40 cert = eepkint1.pem
  41 cert = pkint8k.pem
  42 root = shroot.pem
  43 verifyTime = 20060726000000
  44 # leaf is OK, other certs have pub exponent too large
  45 error = CSSMERR_TP_NOT_TRUSTED
  46 end
  47
  48 test = "test2a, bad pkint8k.pem CA, wrong root"
  49 cert = eepkint1.pem
  50 cert = pkint8k.pem
  51 root = root.pem
  52 verifyTime = 20060726000000
  53 error = CSSMERR_TP_NOT_TRUSTED
  54 end
  55
  56 test = "test2b, huge pkint16k.pem CA"
  57 cert = eepkint2.pem
  58 cert = pkint16k.pem
  59 root = shroot.pem
  60 verifyTime = 20060726000000
  61 # leaf is OK, other certs have pub exponent too large
  62 error = CSSMERR_TP_NOT_TRUSTED
  63 end
  64
  65 test = "test2b, bad pkint16k.pem CA, wrong root"
  66 cert = eepkint2.pem
  67 cert = pkint16k.pem
  68 root = root.pem
  69 verifyTime = 20060726000000
  70 error = CSSMERR_TP_NOT_TRUSTED
  71 end