SecurityTests/clxutils/certcrl/testSubjects/parasiticKeys/parasite.scr

   1 #
   2 # Test for NISCC Parasitic key bearing certs.
   3 # This version should only succeed if both system-wide key size prefs are
   4 # set to > 16K (RSAMaxKeySize, RSAMaxPublicExponent in com.apple.crypto).
   5 #
   6 # The easy way to set these is via the cspxutils/keySizePref program; compile it and
   7 # run it like this as root:
   8 #
   9 #
  10 # keySizePref set keysize 20000
  11 # keySizePref set pubexpsize 20000
  12 #
  13 globals
  14 allowUnverified = true
  15 crlNetFetchEnable = false
  16 certNetFetchEnable = false
  17 useSystemAnchors = false
  18 end
  19
  20 test = "locally generated 6K keys"
  21 cert = ssSubjCert.der
  22 root = ssRootCert.der
  23 verifyTime = 20060726000000
  24 end
  25
  26 test = "test1, uee8k"
  27 cert = uee8k.pem
  28 cert = shintca.pem
  29 root = shroot.pem
  30 verifyTime = 20060726000000
  31 end
  32
  33 test = "test1, uee16k.pem"
  34 cert = uee16k.pem
  35 cert = shintca.pem
  36 root = shroot.pem
  37 verifyTime = 20060726000000
  38 end
  39
  40 test = "test2a, huge pkint8k.pem CA"
  41 cert = eepkint1.pem
  42 cert = pkint8k.pem
  43 root = shroot.pem
  44 verifyTime = 20060726000000
  45 end
  46
  47 test = "test2a, bad pkint8k.pem CA, wrong root"
  48 cert = eepkint1.pem
  49 cert = pkint8k.pem
  50 root = root.pem
  51 error = CSSMERR_TP_NOT_TRUSTED
  52 verifyTime = 20060726000000
  53 end
  54
  55 test = "test2b, huge pkint16k.pem CA"
  56 cert = eepkint2.pem
  57 cert = pkint16k.pem
  58 root = shroot.pem
  59 verifyTime = 20060726000000
  60 end
  61
  62 test = "test2b, bad pkint16k.pem CA, wrong root"
  63 cert = eepkint2.pem
  64 cert = pkint16k.pem
  65 root = root.pem
  66 error = CSSMERR_TP_NOT_TRUSTED
  67 verifyTime = 20060726000000
  68 end