mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 12:23:32 +01:00
Unit tests for cert-chain-processing, including failed cases
Check out the coverage!
This commit is contained in:
parent
a90a111a5f
commit
af2459f09e
@ -1954,8 +1954,11 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
|
||||
ERR("Couldn't compute digests for key in ID cert");
|
||||
|
||||
identity_rcvd = tor_tls_cert_get_key(id_cert);
|
||||
if (!identity_rcvd)
|
||||
if (!identity_rcvd) {
|
||||
//LCOV_EXCL_START
|
||||
ERR("Internal error: Couldn't get RSA key from ID cert.");
|
||||
//LCOV_EXCL_STOP
|
||||
}
|
||||
memcpy(chan->conn->handshake_state->authenticated_rsa_peer_id,
|
||||
id_digests->d[DIGEST_SHA1], DIGEST_LEN);
|
||||
channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
|
||||
|
@ -1059,6 +1059,16 @@ get_master_identity_key(void)
|
||||
return &master_identity_key->pubkey;
|
||||
}
|
||||
|
||||
#ifdef TOR_UNIT_TESTS
|
||||
/* only exists for the unit tests, since otherwise the identity key
|
||||
* should be used to sign nothing but the signing key. */
|
||||
const ed25519_keypair_t *
|
||||
get_master_identity_keypair(void)
|
||||
{
|
||||
return master_identity_key;
|
||||
}
|
||||
#endif
|
||||
|
||||
const ed25519_keypair_t *
|
||||
get_master_signing_keypair(void)
|
||||
{
|
||||
|
@ -74,6 +74,7 @@ int write_encrypted_secret_key(const ed25519_secret_key_t *out,
|
||||
void routerkeys_free_all(void);
|
||||
|
||||
#ifdef TOR_UNIT_TESTS
|
||||
const ed25519_keypair_t *get_master_identity_keypair(void);
|
||||
void init_mock_ed_keys(const crypto_pk_t *rsa_identity_key);
|
||||
#endif
|
||||
|
||||
|
@ -461,7 +461,7 @@ or_handshake_certs_rsa_ok(int severity,
|
||||
|
||||
if (certs->started_here) {
|
||||
if (! (id_cert && link_cert))
|
||||
ERR("The certs we wanted were missing");
|
||||
ERR("The certs we wanted (ID, Link) were missing");
|
||||
if (! tor_tls_cert_matches_key(tls, link_cert))
|
||||
ERR("The link certificate didn't match the TLS public key");
|
||||
if (! tor_tls_cert_is_valid(severity, link_cert, id_cert, now, 0))
|
||||
@ -470,7 +470,7 @@ or_handshake_certs_rsa_ok(int severity,
|
||||
ERR("The ID certificate was not valid");
|
||||
} else {
|
||||
if (! (id_cert && auth_cert))
|
||||
ERR("The certs we wanted were missing");
|
||||
ERR("The certs we wanted (ID, Auth) were missing");
|
||||
/* Remember these certificates so we can check an AUTHENTICATE cell
|
||||
* XXXX make sure we do that
|
||||
*/
|
||||
@ -505,20 +505,20 @@ or_handshake_certs_ed25519_ok(int severity,
|
||||
ERR("Could not get checkable cert."); \
|
||||
} while (0)
|
||||
|
||||
if (! certs->ed_id_sign || !certs->ed_id_sign->signing_key_included)
|
||||
ERR("No signing key");
|
||||
if (! certs->ed_id_sign || !certs->ed_id_sign->signing_key_included) {
|
||||
ERR("No Ed25519 signing key");
|
||||
}
|
||||
ADDCERT(certs->ed_id_sign, NULL);
|
||||
|
||||
if (certs->started_here) {
|
||||
if (! certs->ed_sign_link)
|
||||
ERR("No link key");
|
||||
ERR("No Ed25519 link key");
|
||||
{
|
||||
/* check for a match with the TLS cert. */
|
||||
tor_x509_cert_t *peer_cert = tor_tls_get_peer_cert(tls);
|
||||
/* XXXX Does 'cert' match spec in this case? I hope so; if not, fix
|
||||
* spec */
|
||||
if (!peer_cert)
|
||||
ERR("No x509 peer cert");
|
||||
if (BUG(!peer_cert)) {
|
||||
ERR("No x509 peer cert"); // LCOV_EXCL_LINE
|
||||
}
|
||||
const common_digests_t *peer_cert_digests =
|
||||
tor_x509_cert_get_cert_digests(peer_cert);
|
||||
int okay = tor_memeq(peer_cert_digests->d[DIGEST_SHA256],
|
||||
@ -526,14 +526,14 @@ or_handshake_certs_ed25519_ok(int severity,
|
||||
DIGEST256_LEN);
|
||||
tor_x509_cert_free(peer_cert);
|
||||
if (!okay)
|
||||
ERR("link certificate does not match TLS certificate");
|
||||
ERR("Link certificate does not match TLS certificate");
|
||||
}
|
||||
|
||||
ADDCERT(certs->ed_sign_link, &certs->ed_id_sign->signed_key);
|
||||
|
||||
} else {
|
||||
if (! certs->ed_sign_auth)
|
||||
ERR("No link authentiction key");
|
||||
ERR("No Ed25519 link authentication key");
|
||||
ADDCERT(certs->ed_sign_auth, &certs->ed_id_sign->signed_key);
|
||||
}
|
||||
|
||||
@ -555,6 +555,9 @@ or_handshake_certs_ed25519_ok(int severity,
|
||||
if (! tor_tls_cert_is_valid(severity, rsa_id_cert, rsa_id_cert, now, 1)) {
|
||||
ERR("The legacy RSA ID certificate was not valid");
|
||||
}
|
||||
if (! certs->ed_rsa_crosscert) {
|
||||
ERR("Missing RSA->Ed25519 crosscert");
|
||||
}
|
||||
crypto_pk_t *rsa_id_key = tor_tls_cert_get_key(rsa_id_cert);
|
||||
|
||||
if (rsa_ed25519_crosscert_check(certs->ed_rsa_crosscert,
|
||||
@ -563,7 +566,7 @@ or_handshake_certs_ed25519_ok(int severity,
|
||||
&certs->ed_id_sign->signing_key,
|
||||
now) < 0) {
|
||||
crypto_pk_free(rsa_id_key);
|
||||
ERR("Invalid/missing RSA crosscert");
|
||||
ERR("Invalid RSA->Ed25519 crosscert");
|
||||
}
|
||||
crypto_pk_free(rsa_id_key);
|
||||
rsa_id_key = NULL;
|
||||
|
@ -6,12 +6,16 @@
|
||||
#define CHANNELTLS_PRIVATE
|
||||
#define CONNECTION_PRIVATE
|
||||
#define TOR_CHANNEL_INTERNAL_
|
||||
#define TORTLS_PRIVATE
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include "or.h"
|
||||
#include "config.h"
|
||||
#include "connection.h"
|
||||
#include "connection_or.h"
|
||||
#include "channeltls.h"
|
||||
#include "link_handshake.h"
|
||||
#include "router.h"
|
||||
#include "routerkeys.h"
|
||||
#include "scheduler.h"
|
||||
#include "torcert.h"
|
||||
@ -337,7 +341,6 @@ recv_certs_setup(const struct testcase_t *test)
|
||||
int is_auth = !strcmpend(test->setup_data, "-Auth");
|
||||
tor_assert(is_ed != is_rsa);
|
||||
tor_assert(is_link != is_auth);
|
||||
printf("rsa == %d; is_link == %d\n", is_rsa, is_link);
|
||||
|
||||
d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
|
||||
d->chan = tor_malloc_zero(sizeof(*d->chan));
|
||||
@ -490,6 +493,7 @@ test_link_handshake_recv_certs_ok_server(void *arg)
|
||||
tt_int_op(d->c->handshake_state->authenticated, ==, 0);
|
||||
tt_int_op(d->c->handshake_state->received_certs_cell, ==, 1);
|
||||
tt_assert(d->c->handshake_state->certs->id_cert != NULL);
|
||||
tt_assert(d->c->handshake_state->certs->link_cert == NULL);
|
||||
if (d->is_ed) {
|
||||
tt_assert(d->c->handshake_state->certs->ed_sign_auth != NULL);
|
||||
tt_assert(d->c->handshake_state->certs->auth_cert == NULL);
|
||||
@ -514,6 +518,8 @@ test_link_handshake_recv_certs_ok_server(void *arg)
|
||||
tt_int_op(1, ==, mock_close_called); \
|
||||
tt_int_op(0, ==, mock_send_authenticate_called); \
|
||||
tt_int_op(0, ==, mock_send_netinfo_called); \
|
||||
tt_int_op(0, ==, d->c->handshake_state->authenticated_rsa); \
|
||||
tt_int_op(0, ==, d->c->handshake_state->authenticated_ed25519); \
|
||||
if (require_failure_message) { \
|
||||
expect_log_msg_containing(require_failure_message); \
|
||||
} \
|
||||
@ -554,12 +560,41 @@ CERTS_FAIL(truncated_3,
|
||||
d->cell->payload_len = 7;
|
||||
memcpy(d->cell->payload, "\x01\x01\x00\x05""abc", 7);
|
||||
})
|
||||
CERTS_FAIL(truncated_4, /* ed25519 */
|
||||
{
|
||||
require_failure_message = "It couldn't be parsed";
|
||||
d->cell->payload_len -= 10;
|
||||
})
|
||||
CERTS_FAIL(truncated_5, /* ed25519 */
|
||||
{
|
||||
require_failure_message = "It couldn't be parsed";
|
||||
d->cell->payload_len -= 100;
|
||||
})
|
||||
|
||||
#define REENCODE() do { \
|
||||
const char *msg = certs_cell_check(d->ccell); \
|
||||
if (msg) puts(msg); \
|
||||
ssize_t n = certs_cell_encode(d->cell->payload, 4096, d->ccell); \
|
||||
tt_int_op(n, >, 0); \
|
||||
d->cell->payload_len = n; \
|
||||
} while (0)
|
||||
|
||||
CERTS_FAIL(truncated_6, /* ed25519 */
|
||||
{
|
||||
/* truncate the link certificate */
|
||||
require_failure_message = "undecodable Ed certificate";
|
||||
certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 3), 7);
|
||||
certs_cell_get_certs(d->ccell, 3)->cert_len = 7;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(truncated_7, /* ed25519 */
|
||||
{
|
||||
/* truncate the crosscert */
|
||||
require_failure_message = "Unparseable or overlong crosscert";
|
||||
certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 4), 7);
|
||||
certs_cell_get_certs(d->ccell, 4)->cert_len = 7;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(not_x509,
|
||||
{
|
||||
require_failure_message = "Received undecodable certificate";
|
||||
@ -588,6 +623,206 @@ CERTS_FAIL(both_auth,
|
||||
certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(duplicate_id, /* ed25519 */
|
||||
{
|
||||
require_failure_message = "Duplicate Ed25519 certificate";
|
||||
certs_cell_get_certs(d->ccell, 2)->cert_type = 4;
|
||||
certs_cell_get_certs(d->ccell, 3)->cert_type = 4;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(duplicate_link, /* ed25519 */
|
||||
{
|
||||
require_failure_message = "Duplicate Ed25519 certificate";
|
||||
certs_cell_get_certs(d->ccell, 2)->cert_type = 5;
|
||||
certs_cell_get_certs(d->ccell, 3)->cert_type = 5;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(duplicate_crosscert, /* ed25519 */
|
||||
{
|
||||
require_failure_message = "Duplicate RSA->Ed25519 crosscert";
|
||||
certs_cell_get_certs(d->ccell, 2)->cert_type = 7;
|
||||
certs_cell_get_certs(d->ccell, 3)->cert_type = 7;
|
||||
REENCODE();
|
||||
})
|
||||
static void
|
||||
test_link_handshake_recv_certs_missing_id(void *arg) /* ed25519 */
|
||||
{
|
||||
certs_data_t *d = arg;
|
||||
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
|
||||
certs_cell_set_certs(d->ccell, 2, certs_cell_get_certs(d->ccell, 4));
|
||||
certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
|
||||
certs_cell_setlen_certs(d->ccell, 4);
|
||||
d->ccell->n_certs = 4;
|
||||
REENCODE();
|
||||
|
||||
/* This handshake succeeds, but since we have no ID cert, we will
|
||||
* just do the RSA handshake. */
|
||||
channel_tls_process_certs_cell(d->cell, d->chan);
|
||||
tt_int_op(0, ==, mock_close_called);
|
||||
tt_int_op(0, ==, d->c->handshake_state->authenticated_ed25519);
|
||||
tt_int_op(1, ==, d->c->handshake_state->authenticated_rsa);
|
||||
done:
|
||||
;
|
||||
}
|
||||
CERTS_FAIL(missing_signing_key, /* ed25519 */
|
||||
{
|
||||
require_failure_message = "No Ed25519 signing key";
|
||||
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
|
||||
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 2);
|
||||
tt_int_op(cert->cert_type, ==, CERTTYPE_ED_ID_SIGN);
|
||||
/* replace this with a valid master->signing cert, but with no
|
||||
* signing key. */
|
||||
const ed25519_keypair_t *mk = get_master_identity_keypair();
|
||||
const ed25519_keypair_t *sk = get_master_signing_keypair();
|
||||
tor_cert_t *bad_cert = tor_cert_create(mk, CERT_TYPE_ID_SIGNING,
|
||||
&sk->pubkey, time(NULL), 86400,
|
||||
0 /* don't include signer */);
|
||||
certs_cell_cert_setlen_body(cert, bad_cert->encoded_len);
|
||||
memcpy(certs_cell_cert_getarray_body(cert),
|
||||
bad_cert->encoded, bad_cert->encoded_len);
|
||||
cert->cert_len = bad_cert->encoded_len;
|
||||
tor_cert_free(bad_cert);
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(missing_link, /* ed25519 */
|
||||
{
|
||||
require_failure_message = "No Ed25519 link key";
|
||||
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
|
||||
certs_cell_set_certs(d->ccell, 3, certs_cell_get_certs(d->ccell, 4));
|
||||
certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
|
||||
certs_cell_setlen_certs(d->ccell, 4);
|
||||
d->ccell->n_certs = 4;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(missing_auth, /* ed25519 */
|
||||
{
|
||||
d->c->handshake_state->started_here = 0;
|
||||
d->c->handshake_state->certs->started_here = 0;
|
||||
require_failure_message = "No Ed25519 link authentication key";
|
||||
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
|
||||
certs_cell_set_certs(d->ccell, 3, certs_cell_get_certs(d->ccell, 4));
|
||||
certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
|
||||
certs_cell_setlen_certs(d->ccell, 4);
|
||||
d->ccell->n_certs = 4;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(missing_crosscert, /* ed25519 */
|
||||
{
|
||||
require_failure_message = "Missing RSA->Ed25519 crosscert";
|
||||
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
|
||||
certs_cell_setlen_certs(d->ccell, 4);
|
||||
d->ccell->n_certs = 4;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(missing_rsa_id, /* ed25519 */
|
||||
{
|
||||
require_failure_message = "Missing legacy RSA ID cert";
|
||||
tt_int_op(certs_cell_getlen_certs(d->ccell), OP_EQ, 5);
|
||||
certs_cell_set_certs(d->ccell, 1, certs_cell_get_certs(d->ccell, 4));
|
||||
certs_cell_set0_certs(d->ccell, 4, NULL); /* prevent free */
|
||||
certs_cell_setlen_certs(d->ccell, 4);
|
||||
d->ccell->n_certs = 4;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(link_mismatch, /* ed25519 */
|
||||
{
|
||||
require_failure_message = "Link certificate does not match "
|
||||
"TLS certificate";
|
||||
const tor_x509_cert_t *idc;
|
||||
tor_tls_get_my_certs(1, NULL, &idc);
|
||||
tor_x509_cert_free(mock_peer_cert);
|
||||
/* Pretend that the peer cert was something else. */
|
||||
mock_peer_cert = tor_x509_cert_dup(idc);
|
||||
/* No reencode needed. */
|
||||
})
|
||||
CERTS_FAIL(bad_ed_sig, /* ed25519 */
|
||||
{
|
||||
require_failure_message = "At least one Ed25519 certificate was "
|
||||
"badly signed";
|
||||
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 3);
|
||||
uint8_t *body = certs_cell_cert_getarray_body(cert);
|
||||
ssize_t body_len = certs_cell_cert_getlen_body(cert);
|
||||
/* Frob a byte in the signature */
|
||||
body[body_len - 13] ^= 7;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(bad_crosscert, /*ed25519*/
|
||||
{
|
||||
require_failure_message = "Invalid RSA->Ed25519 crosscert";
|
||||
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 4);
|
||||
uint8_t *body = certs_cell_cert_getarray_body(cert);
|
||||
ssize_t body_len = certs_cell_cert_getlen_body(cert);
|
||||
/* Frob a byte in the signature */
|
||||
body[body_len - 13] ^= 7;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(bad_rsa_id_cert, /*ed25519*/
|
||||
{
|
||||
require_failure_message = "legacy RSA ID certificate was not valid";
|
||||
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1);
|
||||
uint8_t *body = certs_cell_cert_getarray_body(cert);
|
||||
ssize_t body_len = certs_cell_cert_getlen_body(cert);
|
||||
/* Frob a byte in the signature */
|
||||
body[body_len - 13] ^= 7;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(expired_rsa_id, /* both */
|
||||
{
|
||||
require_failure_message = "Certificate already expired";
|
||||
/* we're going to replace the identity cert with an expired one. */
|
||||
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 1);
|
||||
const tor_x509_cert_t *idc;
|
||||
tor_tls_get_my_certs(1, NULL, &idc);
|
||||
X509 *newc = X509_dup(idc->cert);
|
||||
time_t new_end = time(NULL) - 86400 * 10;
|
||||
X509_time_adj(X509_get_notAfter(newc), 0, &new_end);
|
||||
EVP_PKEY *pk = crypto_pk_get_evp_pkey_(d->key2, 1);
|
||||
tt_assert(X509_sign(newc, pk, EVP_sha1()));
|
||||
int len = i2d_X509(newc, NULL);
|
||||
certs_cell_cert_setlen_body(cert, len);
|
||||
uint8_t *body = certs_cell_cert_getarray_body(cert);
|
||||
int len2 = i2d_X509(newc, &body);
|
||||
tt_int_op(len, ==, len2);
|
||||
REENCODE();
|
||||
X509_free(newc);
|
||||
EVP_PKEY_free(pk);
|
||||
})
|
||||
CERTS_FAIL(expired_ed_id, /* ed25519 */
|
||||
{
|
||||
/* we're going to replace the Ed Id->sign cert with an expired one. */
|
||||
require_failure_message = "At least one certificate expired";
|
||||
/* We don't need to re-sign, since we check for expiration first. */
|
||||
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 2);
|
||||
uint8_t *body = certs_cell_cert_getarray_body(cert);
|
||||
/* The expiration field is bytes [2..5]. It is in HOURS since the
|
||||
* epoch. */
|
||||
set_uint32(body+2, htonl(24)); /* Back to jan 2, 1970. */
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(expired_ed_link, /* ed25519 */
|
||||
{
|
||||
/* we're going to replace the Ed Sign->link cert with an expired one. */
|
||||
require_failure_message = "At least one certificate expired";
|
||||
/* We don't need to re-sign, since we check for expiration first. */
|
||||
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 3);
|
||||
uint8_t *body = certs_cell_cert_getarray_body(cert);
|
||||
/* The expiration field is bytes [2..5]. It is in HOURS since the
|
||||
* epoch. */
|
||||
set_uint32(body+2, htonl(24)); /* Back to jan 2, 1970. */
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(expired_crosscert, /* ed25519 */
|
||||
{
|
||||
/* we're going to replace the Ed Sign->link cert with an expired one. */
|
||||
require_failure_message = "Crosscert is expired";
|
||||
/* We don't need to re-sign, since we check for expiration first. */
|
||||
certs_cell_cert_t *cert = certs_cell_get_certs(d->ccell, 4);
|
||||
uint8_t *body = certs_cell_cert_getarray_body(cert);
|
||||
/* The expiration field is bytes [32..35]. once again, HOURS. */
|
||||
set_uint32(body+32, htonl(24)); /* Back to jan 2, 1970. */
|
||||
REENCODE();
|
||||
})
|
||||
|
||||
CERTS_FAIL(wrong_labels_1,
|
||||
{
|
||||
require_failure_message = "The link certificate was not valid";
|
||||
@ -612,14 +847,16 @@ CERTS_FAIL(wrong_labels_2,
|
||||
})
|
||||
CERTS_FAIL(wrong_labels_3,
|
||||
{
|
||||
require_failure_message = "The certs we wanted were missing";
|
||||
require_failure_message =
|
||||
"The certs we wanted (ID, Link) were missing";
|
||||
certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
|
||||
certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
|
||||
REENCODE();
|
||||
})
|
||||
CERTS_FAIL(server_missing_certs,
|
||||
{
|
||||
require_failure_message = "The certs we wanted were missing";
|
||||
require_failure_message =
|
||||
"The certs we wanted (ID, Auth) were missing";
|
||||
d->c->handshake_state->started_here = 0;
|
||||
d->c->handshake_state->certs->started_here = 0;
|
||||
|
||||
@ -1214,10 +1451,32 @@ struct testcase_t link_handshake_tests[] = {
|
||||
TEST_RCV_CERTS(truncated_1),
|
||||
TEST_RCV_CERTS(truncated_2),
|
||||
TEST_RCV_CERTS(truncated_3),
|
||||
TEST_RCV_CERTS_ED(truncated_4, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(truncated_5, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(truncated_6, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(truncated_7, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS(not_x509),
|
||||
TEST_RCV_CERTS(both_link),
|
||||
TEST_RCV_CERTS(both_id_rsa),
|
||||
TEST_RCV_CERTS(both_auth),
|
||||
TEST_RCV_CERTS_ED(duplicate_id, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(duplicate_link, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(duplicate_crosscert, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(missing_crosscert, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(missing_id, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(missing_signing_key, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(missing_link, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(missing_auth, "Ed25519-Auth"),
|
||||
TEST_RCV_CERTS_ED(missing_rsa_id, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(link_mismatch, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(bad_ed_sig, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(bad_rsa_id_cert, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(bad_crosscert, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_RSA(expired_rsa_id, "RSA-Link"),
|
||||
TEST_RCV_CERTS_ED(expired_rsa_id, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(expired_ed_id, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(expired_ed_link, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS_ED(expired_crosscert, "Ed25519-Link"),
|
||||
TEST_RCV_CERTS(wrong_labels_1),
|
||||
TEST_RCV_CERTS(wrong_labels_2),
|
||||
TEST_RCV_CERTS(wrong_labels_3),
|
||||
|
Loading…
Reference in New Issue
Block a user