tests: added check for errors in importing illegal RSA keysbad-keys-on-import

5 files changed, 176 insertions, 2 deletions

diff --git a/configure.ac b/configure.ac
index d933ff5de4..0ba22300e0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -456,6 +456,12 @@ AC_ARG_WITH(idn, AS_HELP_STRING([--without-idn],
             try_libidn="$withval", 
             try_libidn=yes)
 
+with_old_nettle=no
+if ! $PKG_CONFIG --atleast-version=3.3 nettle; then
+	with_old_nettle=yes
+fi
+AM_CONDITIONAL(WITH_OLD_NETTLE, test "$with_old_nettle" != "no")
+
 if test "$try_libidn" = yes;then
 PKG_CHECK_MODULES(LIBIDN, libidn >= 0.5.6, [with_libidn=yes], [with_libidn=no])
 if test "$with_libidn" != "no";then
diff --git a/tests/key-tests/Makefile.am b/tests/key-tests/Makefile.am
index a61a65d198..a10c842eeb 100644
--- a/tests/key-tests/Makefile.am
+++ b/tests/key-tests/Makefile.am
@@ -28,12 +28,16 @@ EXTRA_DIST = README data/key-ca.pem data/key-user.pem \
 	data/openssl-aes128.p8.txt data/openssl-aes256.p8 data/openssl-aes256.p8.txt \
 	data/cert.dsa.1024.pem data/cert.dsa.2048.pem data/cert.dsa.3072.pem \
 	data/dsa.1024.pem data/dsa.2048.pem data/dsa.3072.pem data/dsa-pubkey-1018.pem \
-	data/bad-key.pem
+	data/bad-key.pem data/p8key-illegal.pem data/key-illegal.pem
 
-dist_check_SCRIPTS = key-id pkcs8 pkcs8-decode dsa ecdsa
+dist_check_SCRIPTS = key-id pkcs8 pkcs8-decode dsa ecdsa illegal
 
 TESTS = key-id pkcs8 pkcs8-decode ecdsa
 
+if !WITH_OLD_NETTLE
+TESTS += illegal
+endif
+
 if !WINDOWS
 TESTS += dsa
 endif
diff --git a/tests/key-tests/data/key-illegal.pem b/tests/key-tests/data/key-illegal.pem
new file mode 100644
index 0000000000..75c7679d03
--- /dev/null
+++ b/tests/key-tests/data/key-illegal.pem
@@ -0,0 +1,97 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: Low (1024 bits)
+
+modulus:
+	00:a9:4e:b1:2b:17:a2:9e:1d:f6:92:05:f4:17:2e:4c
+	36:02:4a:ed:78:41:5c:6b:f8:db:5a:4d:92:d1:d7:f9
+	71:1a:ec:b8:2f:91:9e:ba:47:9e:4e:29:ac:92:12:55
+	06:73:17:eb:39:aa:0c:ee:96:f4:5a:30:3d:2f:9e:50
+	83:28:f8:c3:81:12:e4:17:28:93:de:95:b9:25:92:6a
+	4c:a8:88:2d:00:70:cf:aa:ea:95:03:bb:51:65:aa:7a
+	d7:3f:82:5f:52:1d:3a:bf:bd:7e:42:0d:b0:39:37:17
+	3d:1c:92:e4:3d:7e:57:97:7c:00:d7:63:c0:62:6a:da
+	ba:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	04:c8:d0:80:e3:3e:19:31:c7:92:00:d1:11:06:a1:e8
+	b4:cf:e1:3e:10:ba:c7:e2:54:70:8c:d8:a5:4d:71:23
+	1d:1b:ab:68:cc:b8:ab:92:f2:8a:4a:eb:31:85:8b:19
+	8f:8f:11:7a:a3:af:91:de:7a:31:42:43:b8:60:c4:ed
+	a4:2a:86:ca:c3:9d:38:13:9e:86:07:ed:d1:52:63:a6
+	9c:52:e7:23:e4:5e:b2:7a:2a:dc:16:d8:78:95:19:28
+	d3:d1:ca:67:91:5d:d6:78:2c:b4:f5:37:e4:6b:1e:91
+	43:2a:f2:f6:87:0e:b4:73:95:ec:9d:a7:e6:79:94:c1
+	
+
+prime1:
+	00:cf:fd:cc:ba:f0:9b:7b:b4:c6:53:a1:04:0b:86:c7
+	5d:ca:84:06:fb:62:62:5b:3d:cf:4f:d3:fd:77:95:9d
+	90:ca:b3:39:8b:7a:00:36:76:9b:c1:e9:98:c7:2f:df
+	62:d0:1e:da:e2:4b:1c:bb:26:a5:d6:de:e4:a7:a3:09
+	04:
+
+prime2:
+	00:d0:63:0e:5e:f5:7f:f1:09:d6:29:4d:bf:6f:2a:77
+	1d:50:d0:3f:9e:d5:ab:f3:37:ec:18:4c:6f:1a:19:0c
+	01:c2:68:8c:fb:bf:c9:36:0f:b5:01:41:d4:de:89:4b
+	26:ea:01:49:d7:e1:3a:60:29:e6:4f:17:4f:45:5b:8d
+	e9:
+
+coefficient:
+	12:67:c7:6f:f1:53:5c:46:de:2b:a8:5e:cb:99:0e:43
+	c6:b2:ec:bc:73:0a:f1:0c:7e:8a:80:ba:47:05:0a:a7
+	2f:aa:2f:8e:41:0a:bb:8c:f8:da:4b:bd:ea:21:56:6d
+	3d:0a:06:b5:78:fc:44:53:00:ef:8e:6d:f2:f6:b1:51
+	
+
+exp1:
+	00:ac:e7:b2:47:95:ef:f9:1e:d5:28:e1:f5:d4:4e:8b
+	c3:93:6b:b2:cc:8b:5f:bb:9d:e9:15:75:9c:7d:3c:39
+	e8:ce:2c:40:d2:81:09:54:25:1d:f4:69:93:24:c5:50
+	25:c2:bf:b2:15:19:bd:31:b0:c3:46:c3:5d:e8:67:92
+	d4:
+
+exp2:
+	1b:45:ab:7e:d0:00:63:8a:57:05:e6:cf:f3:fb:89:c5
+	43:6b:4d:b8:3a:dc:9b:23:29:79:f0:9e:e5:ba:7b:70
+	cb:81:a5:59:d9:3a:bb:21:89:1d:d6:00:c6:f3:0e:eb
+	d3:da:41:50:c8:80:3c:4f:9f:7d:a0:5e:56:84:69:e9
+	
+
+
+Public Key ID: 23:91:CE:75:3C:67:B5:29:2B:D9:F4:4E:3B:0A:40:4B:61:1D:2C:1A
+Public key's random art:
++--[ RSA 1024]----+
+|        oo..  .  |
+|      Eo.oo  . o |
+|      oo+.+ = o  |
+|     o.= o B +   |
+|      + S o o o  |
+|       . o . o . |
+|          .   +  |
+|           . . . |
+|            .    |
++-----------------+
+
+
+** Private key parameters validation failed **
+
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCpTrErF6KeHfaSBfQXLkw2AkrteEFca/jbWk2S0df5cRrsuC+R
+nrpHnk4prJISVQZzF+s5qgzulvRaMD0vnlCDKPjDgRLkFyiT3pW5JZJqTKiILQBw
+z6rqlQO7UWWqetc/gl9SHTq/vX5CDbA5Nxc9HJLkPX5Xl3wA12PAYmraugIDAQAB
+AoGABMjQgOM+GTHHkgDREQah6LTP4T4QusfiVHCM2KVNcSMdG6tozLirkvKKSusx
+hYsZj48ReqOvkd56MUJDuGDE7aQqhsrDnTgTnoYH7dFSY6acUucj5F6yeircFth4
+lRko09HKZ5Fd1ngstPU35GsekUMq8vaHDrRzleydp+Z5lMECQQDP/cy68Jt7tMZT
+oQQLhsddyoQG+2JiWz3PT9P9d5WdkMqzOYt6ADZ2m8HpmMcv32LQHtriSxy7JqXW
+3uSnowkEAkEA0GMOXvV/8QnWKU2/byp3HVDQP57Vq/M37BhMbxoZDAHCaIz7v8k2
+D7UBQdTeiUsm6gFJ1+E6YCnmTxdPRVuN6QJBALLLOQAGL5Jy/v4K7yA9dwpgOYiK
+9rMYPhUFSXWdI+cz/Zt9vzFcF3V0RYhaRfgYLqg7retTqFoVSgBg0OxuUSMCQBtF
+q37QAGOKVwXmz/P7icVDa024OtybIyl58J7luntwy4GlWdk6uyGJHdYAxvMO69Pa
+QVDIgDxPn32gXlaEaekCQQCVhXc3zc+VX3nM4iCpXhlET2N75ULzsR+r6CdvtwSB
+vXMBcuCE1aJHZDxqRx8XFZDZl+Ij/jrBMmtI15ebDuzH
+-----END RSA PRIVATE KEY-----
diff --git a/tests/key-tests/data/p8key-illegal.pem b/tests/key-tests/data/p8key-illegal.pem
new file mode 100644
index 0000000000..a247c3c944
--- /dev/null
+++ b/tests/key-tests/data/p8key-illegal.pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICojAcBgoqhkiG9w0BDAEDMA4ECDxZ1/EW+8XWAgIUYASCAoBR6R3Z341vSRvs
+/LMErKcKkAQ3THTZBpmYgR2mrJUjJBivzOuRTCRpgtjuQ4ht2Q7KV943mJXsqAFI
+Jly5fuVQ5YmRGLW+LE5sv+AGwmsii/PvGfGa9al56tHLDSeXV2VH4fly45bQ7ipr
+PZBiEgBToF/jqDFWleH2GTCnSLpc4B2cKkMO2c5RYrCCGNRK/jr1xVUDVzeiXZwE
+dbdDaV2UG/Oeo7F48UmvuWgS9YSFSUJ4fKG1KLlAQMKtAQKX+B4oL6Jbeb1jwSCX
+Q1H9hHXHTXbPGaIncPugotZNArwwrhesTszFE4NFMbg3QNKL1fabJJFIcOYIktwL
+7HG3pSiU2rqUZgS59OMJgL4jJm1lipo8ruNIl/YCpZTombOAV2Wbvq/I0SbRRXbX
+12lco8bQO1dgSkhhe58Vrs+ChaNajtNi8SjLS+Pi1tYYAVQjcQdxCGh4q8aZUhDv
+5yRp/TUOMaZqkY6YzRAlERb9jzVeh97EsOURzLu8pQgVjcNDOUAZF67KSqlSGMh7
+PdqknM/j8KaWmVMAUn4+PuWohkyjd1/1QhCnEtFZ1lbIfWrKXV76U7zyy0OTvFKw
+qemHUbryOJu0dQHziWmdtJpS7abSuhoMnrByZD+jDfQoSX7BzmdmCQGinltITYY1
+3iChqWC7jY02CiKZqTcdwkImvmDtDYOBr0uQSgBa4eh7nYmmcpdY4I6V5qAdo30w
+oXNEMqM53Syx36Fp70/Vmy0KmK8+2T4UgxGVJEgTDsEhiwJtTXxdzgxc5npbTePa
+abhFyIXIpqoUYZ9GPU8UjNEuF//wPY6klBp6VP0ixO6RqQKzbwr85EXbzoceBrLo
+eng1/Czj
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/key-tests/illegal b/tests/key-tests/illegal
new file mode 100755
index 0000000000..6e7aeb80aa
--- /dev/null
+++ b/tests/key-tests/illegal
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# Copyright (C) 2016 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+GREP="${GREP:-grep}"
+
+TMPFILE=tmp-key.$$.p8
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --password 1234 --infile "${srcdir}/data/p8key-illegal.pem" 2>/dev/null
+rc=$?
+# We're done.
+if test "${rc}" != "1"; then
+	echo "Error in importing illegal PKCS#8 key"
+	exit ${rc}
+fi
+
+#check invalid RSA pem key. The key has even prime factor.
+${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/key-illegal.pem" 2>/dev/null
+rc=$?
+# We're done.
+if test "${rc}" != "1"; then
+	echo "Error in importing illegal RSA key"
+	exit ${rc}
+fi
+
+rm -f $TMPFILE
+
+exit 0