diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index ee8e617edd4d1..0c563799bd05e 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -436,6 +436,14 @@ Custom X.509 Vectors version. * ``invalid-sct-length.der`` - A certificate with an SCT with an internal length greater than the amount of data. +* Directory ``has_signature_of``, files + ``{rsa,dsa,ecdsa,ed25519,ed448}{issuer,good_leaf,bad_leaf}.pem`` + - triplets of (CA certificate, leaf certificate issued by the CA, same leaf + certificate with invalid signature) for the five supported signature + algorithms +* ``has_signature_of/bp-cert.pem`` - self-signed certificate using + ``brainpoolP224t1`` curve for signature - one of curves not supported by + Cryptography. Custom X.509 Request Vectors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 4e8b4a844a41f..5380f6cff44dd 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -9,9 +9,10 @@ import typing from cryptography import utils +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons from cryptography.hazmat.backends import _get_backend from cryptography.hazmat.backends.interfaces import Backend -from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives import hashes, serialization, asymmetric from cryptography.hazmat.primitives.asymmetric import ( dsa, ec, @@ -188,6 +189,72 @@ def public_bytes(self, encoding: serialization.Encoding) -> bytes: Serializes the certificate to PEM or DER format. """ + def _has_signature_of(self, signer_candidate: "Certificate") -> bool: + """ + Returns True if the certificate holds a valid signature by + `signer_candidate`. + Raises appropriate exception otherwise. + No other checks, e.g. comparison of issuer and leaf names, is done. + """ + try: + pubkey = signer_candidate.public_key() + except ValueError as e: + # Backend is unable to get the public key + raise UnsupportedAlgorithm( + str(e), _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM + ) + + signature = self.signature + data = self.tbs_certificate_bytes + if isinstance(pubkey, asymmetric.rsa.RSAPublicKeyWithSerialization): + assert isinstance( + self.signature_hash_algorithm, hashes.HashAlgorithm + ) + pubkey.verify( + signature, + data, + padding=asymmetric.padding.PKCS1v15(), + algorithm=self.signature_hash_algorithm, + ) + elif isinstance(pubkey, asymmetric.dsa.DSAPublicKeyWithSerialization): + assert isinstance( + self.signature_hash_algorithm, hashes.HashAlgorithm + ) + pubkey.verify( + signature, + data, + algorithm=self.signature_hash_algorithm, + ) + elif isinstance( + pubkey, asymmetric.ec.EllipticCurvePublicKeyWithSerialization + ): + assert isinstance( + self.signature_hash_algorithm, hashes.HashAlgorithm + ) + pubkey.verify( + signature, + data, + signature_algorithm=asymmetric.ec.ECDSA( + self.signature_hash_algorithm + ), + ) + elif isinstance( + pubkey, + ( + asymmetric.ed25519.Ed25519PublicKey, + asymmetric.ed448.Ed448PublicKey, + ), + ): + pubkey.verify(signature, data) + else: + # Should not happen, all PUBLIC_KEY_TYPES are tried + raise UnsupportedAlgorithm( # pragma: no cover + "Signature algorithm is not supported", + _Reasons.UNSUPPORTED_PUBLIC_KEY_ALGORITHM, + ) + + return True + class RevokedCertificate(metaclass=abc.ABCMeta): @abc.abstractproperty diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py index fc36d5f4111b8..49723da2e66b4 100644 --- a/tests/x509/test_x509.py +++ b/tests/x509/test_x509.py @@ -16,8 +16,8 @@ import pytz from cryptography import utils, x509 -from cryptography.exceptions import UnsupportedAlgorithm from cryptography.hazmat.bindings._rust import asn1 +from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm from cryptography.hazmat.primitives import hashes, serialization from cryptography.hazmat.primitives.asymmetric import ( dh, @@ -4915,3 +4915,42 @@ def notrandom(size): assert serial_number == int.from_bytes(sample_data, "big") >> 1 assert serial_number.bit_length() < 160 + + +class TestHasSignatureOf(object): + @staticmethod + def load(backend, filename): + return _load_cert( + os.path.join("x509", "has_signature_of", filename), + x509.load_pem_x509_certificate, + backend, + ) + + @pytest.mark.parametrize("key_type", ["rsa", "dsa", "ecdsa"]) + def test_signature_with_key_type(self, backend, key_type): + issuer = self.load(backend, key_type + "_issuer.pem") + good_leaf = self.load(backend, key_type + "_good_leaf.pem") + assert good_leaf._has_signature_of(issuer) + bad_leaf = self.load(backend, key_type + "_bad_leaf.pem") + with pytest.raises(InvalidSignature): + bad_leaf._has_signature_of(issuer) + + @pytest.mark.supported( + only_if=lambda backend: backend.ed25519_supported(), + skip_message="Requires backend with Ed25519 support", + ) + def test_ed25519_signature(self, backend): + self.test_signature_with_key_type(backend, "ed25519") + + @pytest.mark.supported( + only_if=lambda backend: backend.ed448_supported(), + skip_message="Requires backend with Ed448 support", + ) + def test_ed448_signature(self, backend): + self.test_signature_with_key_type(backend, "ed448") + + def test_unsupported_curve(self, backend): + # bp-cert.pem uses brainpoolP224t1, which is not in ec._CURVE_TYPES + unsupported_cert = self.load(backend, "bp-cert.pem") + with pytest.raises(UnsupportedAlgorithm): + unsupported_cert._has_signature_of(unsupported_cert) diff --git a/vectors/cryptography_vectors/x509/has_signature_of/bp-cert.pem b/vectors/cryptography_vectors/x509/has_signature_of/bp-cert.pem new file mode 100644 index 0000000000000..df62e5909c33b --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/bp-cert.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBYTCCARCgAwIBAgIUaCMW+T+3ZPSVxrEhN9GlAiSj52QwCgYIKoZIzj0EAwIw +DjEMMAoGA1UEAwwDZm9vMB4XDTIxMDMyMTE5MjA0NFoXDTIxMDQyMDE5MjA0NFow +DjEMMAoGA1UEAwwDZm9vMFIwFAYHKoZIzj0CAQYJKyQDAwIIAQEGAzoABGAcW7kC +nwkbbZPmBY+oYC575lvUmT+8IdogWnexhPLtDfOPeT+e4NBkucox8qThx5Wzrk65 +gb3Co1MwUTAdBgNVHQ4EFgQUElZUaqbrqXCtuoMccyG8PX2Yz9AwHwYDVR0jBBgw +FoAUElZUaqbrqXCtuoMccyG8PX2Yz9AwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO +PQQDAgM/ADA8Ahx6gdp/bL70RrgMcaaKXOW6OVa9z8KTpngrOZMeAhw0OfDR1LF0 +rkC+qBkgueUPWuqGPd1TWL0wAgpf +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/dsa_bad_leaf.pem b/vectors/cryptography_vectors/x509/has_signature_of/dsa_bad_leaf.pem new file mode 100644 index 0000000000000..f20975fdc0773 --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/dsa_bad_leaf.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC1DCCApQCCQDL8Ub6cdNJPzAJBgcqhkjOOAQDMBkxFzAVBgNVBAMMDkNBIGNl +cnRpZmljYXRlMB4XDTIwMDIwOTEwMTA0OVoXDTIwMDMxMDEwMTA0OVowGzEZMBcG +A1UEAwwQTGVhZiBjZXJ0aWZpY2F0ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBANzNrj5f0qNSeDCHqFqgYS4vn6+IJ/lF3OEPZRM3OqB30ZcTjo8aqNzL +zed7MwcudX+O5yCzkKg4Ix9R+MnfZTLC5fX39cacv1sMZxLmmYPj7HkpUhb6pU62 +gJH09LoyeLPWe08e6yUxGHh687UWJFEbupnAs10Kt4oQjvqH2a05ZF8qg+xvreeq +g9aXo0vZhM9vKmDL/vSKvhC4CClGpjRzEcb09RUWUCVC6ODFdrYB6RCHW4vdBX+J +z5Sj0bFlHYSGNU2egc3Fg8Ukl/bccKdkifBrW9vxCj/jHRDcE+7/3Lrc1VWJnOsX +T74IMv75ENBCtJpJob7x2j7Tc0AurqJJaHjqDAkcn85BLKY2G2e6p3FC44rBqTNK +yi/s5sBsjDkrMzKHWE2xQiFjHQb4AgvHASdNvFNUUS/znHDQNsp22zjjuL8JCs23 +e5imBKFVDPTdlkO4Mu7IQNzT0M8dRx5Toeudg9XMvlB9zk+FnqX+qQgc1977oyZl +ezqGC0yVOIoF1BjSJ2bE6t3l2dm/lJ/N9s+WUYQjjHgV2zFtOrj/VZsmLZDytHYd +dM8+xXZfeM54Fs19iotSL6IRjNtRiTRqTtsvYeimJonMqEPsr51IJsOAMl++OwlB +p6TsxxjjIMIA+lJ19a1Rv3LE8kWBVYVGT1XvP445j8bXt0mpkwDFAgMBAAEwCQYH +KoZIzjgEAwMvADAsAhRw2AP3fPwkumYNkvAjwk4Nl+I4SgIUFcI3QI70aKth4Rfl +YQ3H28KpoJ4= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/dsa_good_leaf.pem b/vectors/cryptography_vectors/x509/has_signature_of/dsa_good_leaf.pem new file mode 100644 index 0000000000000..537e0761898ef --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/dsa_good_leaf.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC1DCCApQCCQDL8Ub6cdNJPzAJBgcqhkjOOAQDMBkxFzAVBgNVBAMMDkNBIGNl +cnRpZmljYXRlMB4XDTIwMDIwOTEwMTA0OVoXDTIwMDMxMDEwMTA0OVowGzEZMBcG +A1UEAwwQTGVhZiBjZXJ0aWZpY2F0ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBANzNrj5f0qNSeDCHqFqgYS4vn6+IJ/lF3OEPZRM3OqB30ZcTjo8aqNzL +zed7MwcudX+O5yCzkKg4Ix9R+MnfZTLC5fX39cacv1sMZxLmmYPj7HkpUhb6pU62 +gJH09LoyeLPWe08e6yUxGHh687UWJFEbupnAs10Kt4oQjvqH2a05ZF8qg+xvreeq +g9aXo0vZhM9vKmDL/vSKvhC4CClGpjRzEcb09RUWUCVC6ODFdrYB6RCHW4vdBX+J +z5Sj0bFlHYSGNU2egc3Fg8Ukl/bccKdkifBrW9vxCj/jHRDcE+7/3Lrc1VWJnOsX +T74IMv75ENBCtJpJob7x2j7Tc0AurqJJaHjqDAkcn85BLKY2G2e6p3FC44rBqTNK +yi/s5sBsjDkrMzKHWE2xQiFjHQb4AgvHASdNvFNUUS/znHDQNsp22zjjuL8JCs23 +e5imBKFVDPTdlkO4Mu7IQNzT0M8dRx5Toeudg9XMvlB9zk+FnqX+qQgc1977oyZl +ezqGC0yVOIoF1BjSJ2bE6t3l2dm/lJ/N9s+WUYQjjHgV2zFtOrj/VZsmLZDytHYd +dM8+xXZfeM54Fs19iotSL6IRjNtRiTRqTtsvYeimJonMqEPsr51IJsOAMl++OwlB +p6TsxxjjIMIA+lJ19a1Rv3LE8kWBVYVGT1XvP445j8bXt0mpkwDFAgMBAAEwCQYH +KoZIzjgEAwMvADAsAhRw2AP3fPwkumYNkvAjwk4Nl+I4SgIUFcI3QI70aKth4Rfl +ZQ3H28KpoJ4= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/dsa_issuer.pem b/vectors/cryptography_vectors/x509/has_signature_of/dsa_issuer.pem new file mode 100644 index 0000000000000..1064c1059cba6 --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/dsa_issuer.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICgjCCAj+gAwIBAgIJAJM55fmU82xTMAsGCWCGSAFlAwQDAjAZMRcwFQYDVQQD +DA5DQSBjZXJ0aWZpY2F0ZTAeFw0yMDAyMDkxMDEwNDlaFw0yMDAzMTAxMDEwNDla +MBkxFzAVBgNVBAMMDkNBIGNlcnRpZmljYXRlMIIBtjCCASsGByqGSM44BAEwggEe +AoGBAJjf5SfTfwSXOVHXvAOlJohZUqkPlfUma57E4kPS0rzHjVv+Q8Dk2SU9VOcZ +mUrMUoseUxdIYCo+HYzZZR7DcpN2X6PRo0RyCuu2fSCGjmLGeTORPE6bIlkz8T2X +W0nDLEeKZLsDdXhGb1R+9uffQNbo9zYcvQ51FrYGkoqDNjlfAhUAj/4AyDu/XOhY +ICYVUOzR0U3d650CgYBEUGi+B9eXYBIHryEj3UOHAyf97MXeDpPDGzywiv52ytTB +jZjueL3Eq/MBtag431+N4u9BLXaztUDnRIZdiqe+Qyhou6AeiVJaxCAx14FpVb1v +J45Sw6fcI/4xV1Kgi+VhYc8YG20JI4X94S7HSZNm6ZNxEKng9r0OzKGUxjZT6gOB +hAACgYBtB2zOuCe/YoFoDx54nCAvrZuqasJEzlcEOYtVzwxGW+9BTG+NkbJOaNyA +BpvamNOGf3fvYJosMx3qoi80XKFNSepxHViFntEYwFh0+tLOD3to6IEnFmb5Qgx6 +xe17990oVak6RcxqNHG4io/THpV8sLFUzhjXi6/FySF17YWGGqMQMA4wDAYDVR0T +BAUwAwEB/zALBglghkgBZQMEAwIDMAAwLQIVAIWhFnkG12O5Q3+MQcT1GfLBai67 +AhQJFJonn8wctth7nmQwFV2X0KRzOA== +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/ecdsa_bad_leaf.pem b/vectors/cryptography_vectors/x509/has_signature_of/ecdsa_bad_leaf.pem new file mode 100644 index 0000000000000..3d56075b30f04 --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/ecdsa_bad_leaf.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMjCCApQCCQCawyGGWP/1IzAJBgcqhkjOPQQBMBkxFzAVBgNVBAMMDkNBIGNl +cnRpZmljYXRlMB4XDTIwMDIwOTEwMTA0OVoXDTIwMDMxMDEwMTA0OVowGzEZMBcG +A1UEAwwQTGVhZiBjZXJ0aWZpY2F0ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBANzNrj5f0qNSeDCHqFqgYS4vn6+IJ/lF3OEPZRM3OqB30ZcTjo8aqNzL +zed7MwcudX+O5yCzkKg4Ix9R+MnfZTLC5fX39cacv1sMZxLmmYPj7HkpUhb6pU62 +gJH09LoyeLPWe08e6yUxGHh687UWJFEbupnAs10Kt4oQjvqH2a05ZF8qg+xvreeq +g9aXo0vZhM9vKmDL/vSKvhC4CClGpjRzEcb09RUWUCVC6ODFdrYB6RCHW4vdBX+J +z5Sj0bFlHYSGNU2egc3Fg8Ukl/bccKdkifBrW9vxCj/jHRDcE+7/3Lrc1VWJnOsX +T74IMv75ENBCtJpJob7x2j7Tc0AurqJJaHjqDAkcn85BLKY2G2e6p3FC44rBqTNK +yi/s5sBsjDkrMzKHWE2xQiFjHQb4AgvHASdNvFNUUS/znHDQNsp22zjjuL8JCs23 +e5imBKFVDPTdlkO4Mu7IQNzT0M8dRx5Toeudg9XMvlB9zk+FnqX+qQgc1977oyZl +ezqGC0yVOIoF1BjSJ2bE6t3l2dm/lJ/N9s+WUYQjjHgV2zFtOrj/VZsmLZDytHYd +dM8+xXZfeM54Fs19iotSL6IRjNtRiTRqTtsvYeimJonMqEPsr51IJsOAMl++OwlB +p6TsxxjjIMIA+lJ19a1Rv3LE8kWBVYVGT1XvP445j8bXt0mpkwDFAgMBAAEwCQYH +KoZIzj0EAQOBjAAwgYgCQgC3bPW419R1JTcIathr1S+9NTKySBRBASRMJ5AznPLc +/MADqNOwhO29k9U/qCWhV6dUvOvro5et9qdUn9Wh1b13wQJCAIc8aIduLWSZBhs+ +YDDXg+u2UA14aLO0zjmaSVIs7zaFguKUj34dUiERmr3Ha6J5S3ovl3uhkgj+MsFR +muXsRZQ1 +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/ecdsa_good_leaf.pem b/vectors/cryptography_vectors/x509/has_signature_of/ecdsa_good_leaf.pem new file mode 100644 index 0000000000000..563044ea4e914 --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/ecdsa_good_leaf.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMjCCApQCCQCawyGGWP/1IzAJBgcqhkjOPQQBMBkxFzAVBgNVBAMMDkNBIGNl +cnRpZmljYXRlMB4XDTIwMDIwOTEwMTA0OVoXDTIwMDMxMDEwMTA0OVowGzEZMBcG +A1UEAwwQTGVhZiBjZXJ0aWZpY2F0ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC +AgoCggIBANzNrj5f0qNSeDCHqFqgYS4vn6+IJ/lF3OEPZRM3OqB30ZcTjo8aqNzL +zed7MwcudX+O5yCzkKg4Ix9R+MnfZTLC5fX39cacv1sMZxLmmYPj7HkpUhb6pU62 +gJH09LoyeLPWe08e6yUxGHh687UWJFEbupnAs10Kt4oQjvqH2a05ZF8qg+xvreeq +g9aXo0vZhM9vKmDL/vSKvhC4CClGpjRzEcb09RUWUCVC6ODFdrYB6RCHW4vdBX+J +z5Sj0bFlHYSGNU2egc3Fg8Ukl/bccKdkifBrW9vxCj/jHRDcE+7/3Lrc1VWJnOsX +T74IMv75ENBCtJpJob7x2j7Tc0AurqJJaHjqDAkcn85BLKY2G2e6p3FC44rBqTNK +yi/s5sBsjDkrMzKHWE2xQiFjHQb4AgvHASdNvFNUUS/znHDQNsp22zjjuL8JCs23 +e5imBKFVDPTdlkO4Mu7IQNzT0M8dRx5Toeudg9XMvlB9zk+FnqX+qQgc1977oyZl +ezqGC0yVOIoF1BjSJ2bE6t3l2dm/lJ/N9s+WUYQjjHgV2zFtOrj/VZsmLZDytHYd +dM8+xXZfeM54Fs19iotSL6IRjNtRiTRqTtsvYeimJonMqEPsr51IJsOAMl++OwlB +p6TsxxjjIMIA+lJ19a1Rv3LE8kWBVYVGT1XvP445j8bXt0mpkwDFAgMBAAEwCQYH +KoZIzj0EAQOBjAAwgYgCQgC3bPW419R1JTcIathr1S+9NTKySBRBASRMJ5AznPLc +/MADqNOwhO29k9U/qCWhV6dUvOvro5et9qdUn9Wh1b13wQJCAIc8aIduLWSZBhs+ +YDDXg+u2UA14aLO0zjmaSVIs7zaFguKUj34dUiERmr3Ha6J5S3ovl3uhkgj+MsFR +muXsQZQ1 +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/ecdsa_issuer.pem b/vectors/cryptography_vectors/x509/has_signature_of/ecdsa_issuer.pem new file mode 100644 index 0000000000000..c0fafb501cc85 --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/ecdsa_issuer.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBwDCCASKgAwIBAgIJAOWJozoEO/sdMAoGCCqGSM49BAMCMBkxFzAVBgNVBAMM +DkNBIGNlcnRpZmljYXRlMB4XDTIwMDIwOTEwMTA0OVoXDTIwMDMxMDEwMTA0OVow +GTEXMBUGA1UEAwwOQ0EgY2VydGlmaWNhdGUwgZswEAYHKoZIzj0CAQYFK4EEACMD +gYYABACrh7Bkec6u/z3yuWrFmE8AR7+4XGCk0AvbJYlnfTVMX97YSvhKeMx3/izq +7wli1/AN8qxuHAeqSAXIoWFlNDqG4gAfSeUYE9pzo0gt2BK+1ZQZ7abe9XZw5vfe +I08iI7i77ivaJAP7025r9Ne12F/a4z2j60yC0ZI36/vSanP0Q2o7gqMQMA4wDAYD +VR0TBAUwAwEB/zAKBggqhkjOPQQDAgOBiwAwgYcCQTxgVqRcE7mc1iK1aTSvASTJ +2j01W0oGKxoeyldUSIpRxZUkJp/lslv+tynk4ay6NYkqwNL+qxWhHB3CsI+5P8yp +AkIAsD+qvO6G+aDA1yRx609RCJhCsq3gnE0iiDh6VcrRzDO56WqtjjZSlt0Wma3+ +kbvJQOG5Otphw8xJY4RRvBohAXk= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/ed25519_bad_leaf.pem b/vectors/cryptography_vectors/x509/has_signature_of/ed25519_bad_leaf.pem new file mode 100644 index 0000000000000..054041889a4ca --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/ed25519_bad_leaf.pem @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE----- +MIHXMIGKAhRYiXUa2UrMaqcG8XvpAED1PFqupzAFBgMrZXAwDjEMMAoGA1UEAwwD +Zm9vMB4XDTIxMDQwMjA3MzkyNVoXDTIxMDUwMjA3MzkyNVowDzENMAsGA1UEAwwE +bGVhZjAqMAUGAytlcAMhAP2K36MXVe3JlKo+EBArXsW/ESFNCf4rIOt61coxfOJ/ +MAUGAytlcANBACBwai0be7leXKLfSHx15XebP1GowfE4fA1NVlvpGQZlm5f82iY/ +3A56atif9YmAzl6YmFojfcfCU1x1lPz1zwo= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/ed25519_good_leaf.pem b/vectors/cryptography_vectors/x509/has_signature_of/ed25519_good_leaf.pem new file mode 100644 index 0000000000000..ec63deb6bb378 --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/ed25519_good_leaf.pem @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE----- +MIHXMIGKAhRYiXUa2UrMaqcG8XvpAED1PFqupzAFBgMrZXAwDjEMMAoGA1UEAwwD +Zm9vMB4XDTIxMDQwMjA3MzkyNVoXDTIxMDUwMjA3MzkyNVowDzENMAsGA1UEAwwE +bGVhZjAqMAUGAytlcAMhAP2K36MXVe3JlKo+EBArXsW/ESFNCf4rIOt61coxfOJ/ +MAUGAytlcANBACBwai0be7leXKLfSHx15XebP1GowfE4fA1NVlvpGQZlm5f82iY/ +3A56atif9YmAzl6YmFojfbfCU1x1lPz1zwo= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/ed25519_issuer.pem b/vectors/cryptography_vectors/x509/has_signature_of/ed25519_issuer.pem new file mode 100644 index 0000000000000..ee9a2a4cc262f --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/ed25519_issuer.pem @@ -0,0 +1,7 @@ +-----BEGIN CERTIFICATE----- +MIHWMIGJAhR5TvbGkg611+UVCI6P5bwfsPLzWjAFBgMrZXAwDjEMMAoGA1UEAwwD +Zm9vMB4XDTIxMDQwMTIwNDgzNVoXDTIxMDUwMTIwNDgzNVowDjEMMAoGA1UEAwwD +Zm9vMCowBQYDK2VwAyEA/YrfoxdV7cmUqj4QECtexb8RIU0J/isg63rVyjF84n8w +BQYDK2VwA0EAKHfT3CM9AgLhcQWbNhSuMX7k3nmyq0Z5YtiN4J1pSJ97jtwOzyOV +w3FjBBfBkmPqdoMAc1rWdHnHBuqG3rx1AA== +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/ed448_bad_leaf.pem b/vectors/cryptography_vectors/x509/has_signature_of/ed448_bad_leaf.pem new file mode 100644 index 0000000000000..787a52cb3b175 --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/ed448_bad_leaf.pem @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE----- +MIIBCTCBigIUSeOYX+79wZSIAM4ujtM7UCibBNEwBQYDK2VxMA4xDDAKBgNVBAMM +A2ZvbzAeFw0yMTA0MDIwNzM5MzRaFw0yMTA1MDIwNzM5MzRaMA8xDTALBgNVBAMM +BGxlYWYwKjAFBgMrZXADIQD9it+jF1XtyZSqPhAQK17FvxEhTQn+KyDretXKMXzi +fzAFBgMrZXEDcwBwxgw1ask3WxcXIIVrTZ5dGvKxBQIMIfsQ/rU/bn3Gjwh4IsZN +T9nXza33ZVpIaSQrNsduSN14GAD8v25mY+Jp8O/v9YBNVvZqiKNJFz2YShLnR5l0 +gurM6NxasJ40AUZ7MP7mPafgNR6hBDKVuytDEQA= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/ed448_good_leaf.pem b/vectors/cryptography_vectors/x509/has_signature_of/ed448_good_leaf.pem new file mode 100644 index 0000000000000..1f1874d40769d --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/ed448_good_leaf.pem @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE----- +MIIBCTCBigIUSeOYX+79wZSIAM4ujtM7UCibBNEwBQYDK2VxMA4xDDAKBgNVBAMM +A2ZvbzAeFw0yMTA0MDIwNzM5MzRaFw0yMTA1MDIwNzM5MzRaMA8xDTALBgNVBAMM +BGxlYWYwKjAFBgMrZXADIQD9it+jF1XtyZSqPhAQK17FvxEhTQn+KyDretXKMXzi +fzAFBgMrZXEDcwBwxgw1ask3WxcXIIVrTZ5dGvKxBQIMIfsQ/rU/bn3Gjwh4IsZN +T9nXza33ZVpIaSQrNsduSN14GAD8v25mY+Jp8O/v9YBNVvZqiKNJFz2YShLnR5l0 +gurM6NxasJ40AUZ7MP7mPafgNR6hADKVuytDEQA= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/ed448_issuer.pem b/vectors/cryptography_vectors/x509/has_signature_of/ed448_issuer.pem new file mode 100644 index 0000000000000..99bef3ca95db3 --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/ed448_issuer.pem @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE----- +MIIBITCBogIUJ/xUY+EK7mI2MeEx5sgjTQQE7RgwBQYDK2VxMA4xDDAKBgNVBAMM +A2ZvbzAeFw0yMTA0MDIwNzIwNDZaFw0yMTA1MDIwNzIwNDZaMA4xDDAKBgNVBAMM +A2ZvbzBDMAUGAytlcQM6AFNsH50H7CuMZVk7Rr8BzILqw2vhTFKETPVBz6cqxdHk +tzubSmmWx5CF9549DYhAEGhnhgGiLoMqgDAFBgMrZXEDcwDu/kqufiflcnJSBK9t +lcSB/vjrY5syDfJs1K72c0nhI4aubvJFaykkMjujokfuI5ijIDwneQyerIBoOqay +KXDaI/1NzX802ACpk7Voy6EwiTVAC3TGSWp8dUPLKOroSSOGJfpkQJiSFi3KOiJo +TDc2MQA= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/rsa_bad_leaf.pem b/vectors/cryptography_vectors/x509/has_signature_of/rsa_bad_leaf.pem new file mode 100644 index 0000000000000..628b8885a477f --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/rsa_bad_leaf.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyTCCArECCQDocC9n00jr7TANBgkqhkiG9w0BAQUFADAoMSYwJAYDVQQDDB1N +eSBzZWxmLXNpZ25lZCBDQSBjZXJ0aWZpY2F0ZTAeFw0yMDAyMDgyMjI1MzNaFw0y +MDAzMDkyMjI1MzNaMCUxIzAhBgNVBAMMGk5vbi1DQSBleGFtcGxlIGNlcnRpZmlj +YXRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoUgbIYq6iup4kokg +znd8n0H4m4JAwZ8aFlsdYkAAwg8CXmHLMdOiZ4qRnl/kVHHtXpHoltuZso7m8lPC +jzgCL+rd421tK6SItvBaWcdnxakcf92MUHGoI8aZhMM9SZ5DMLfyxmIiSe+rUmnv +ho7VKoRWu4fkOuSFyW02F1wLA8o9cuMxJQIPr38uvgqlhBSzYmuHaN3BkAsn68Ip +wIJNHc2MDjyUr6PaeqxpccgilZXkRb8ygX2qcbB4cd25hnoLyaNpLYx9RYudK4Bv +4NJtkKSwUzsw4a83Cys5rMXvQF1VQWe+vNtt396xCnv7RK5SoAvHKp2v6n1RinDp +uyzyjZzSYIPMwmhsjD3WDeT/TP7ikT17/rRbfUXOtWNuDZDnhQqfbyJtqbTX5BgE +CoHeeZy52nTP5Kf62FB/L5Xf1p4w1Js54lmtelmpo82JL2uC/QyQftvB6YQC7Fgi +FQxCbtwzIP//54wf9b1A1R52fFyGfkJ5VBrsdfN5bc/dULpmt1MUHHFra49rXKPi +qdUoZ7TNvCkggIhZEQHOJcidUcmEwlFu8HPS45sDSjA2fMhr9E4GnZeRQmnTeTZ8 +6G0VZ+UwiDXEEkRD3gZws2UIlbEadMAL+rBIUwYDSSudpaWj7qukd00C0/qbffla +u6SR7kjiXO/XMmjYsmvRMUVIhUMCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAGBLn +vkmxGn7IBh5xNtygC2rVnlA8xaRDMNvj0HkzSuMggZYXjLCx11k+FgY9IHPQYiVu +YeET/AfjouFivyi3PaWMDMHHkS00xlFC3PCQpg6IMbqNlO8wmqN1dzyfZBsoCxRm +b2TWFP6CIhnk5wPpMZGEaWURAYipGbVLi+SQ4mef/nvbQmcRQfwyWMrB9fkSbDJX +8cji3CnZmI7tPMs/jyIJLbIDEe+ySOtHVFoS6j4OTUlFzN0iSLasC8cbYyxsaQSQ +FtNNxnX9x/nvbtAIkUa3i/M3q//3J0evoYhIWms3JFDwyusip4hZTBgjHvdNOK36 +Dx1qNu4H1uqRrRsCG/HgnZl73yBZfoZmm994bqI337e5G+7xIDfvWYaJyZBleaqc +l0vEkPCzWK8D8uw6VY25nOIaoNTiDv1w14V8+KcEIYlpRhVAVSSDlehILi1xaAjA +DL5bsfHgKXAIdP6YL+zy8uA4xXfO9SVjr47q1yXhov57kibqU/oRz+Oa3mmS+/w8 +ge5kEGyr1SGVAJnMsIscToDdQfhRINBFqaR5KcqzMxbCidoLAYBmlsNG5TxnVZMz +8XoaPTo9In5mzlZPDLdY/Qi1QHe1O4W7z2Nr976SGJyU6Cd+1kWeZNB1i0vUH7rA +sevrM9leZS9Rp4lTsXiMhM4NJd/iHu5V7Iy7EPI= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/rsa_good_leaf.pem b/vectors/cryptography_vectors/x509/has_signature_of/rsa_good_leaf.pem new file mode 100644 index 0000000000000..2ad001b184a68 --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/rsa_good_leaf.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEyTCCArECCQDocC9n00jr7TANBgkqhkiG9w0BAQUFADAoMSYwJAYDVQQDDB1N +eSBzZWxmLXNpZ25lZCBDQSBjZXJ0aWZpY2F0ZTAeFw0yMDAyMDgyMjI1MzNaFw0y +MDAzMDkyMjI1MzNaMCUxIzAhBgNVBAMMGk5vbi1DQSBleGFtcGxlIGNlcnRpZmlj +YXRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoUgbIYq6iup4kokg +znd8n0H4m4JAwZ8aFlsdYkAAwg8CXmHLMdOiZ4qRnl/kVHHtXpHoltuZso7m8lPC +jzgCL+rd421tK6SItvBaWcdnxakcf92MUHGoI8aZhMM9SZ5DMLfyxmIiSe+rUmnv +ho7VKoRWu4fkOuSFyW02F1wLA8o9cuMxJQIPr38uvgqlhBSzYmuHaN3BkAsn68Ip +wIJNHc2MDjyUr6PaeqxpccgilZXkRb8ygX2qcbB4cd25hnoLyaNpLYx9RYudK4Bv +4NJtkKSwUzsw4a83Cys5rMXvQF1VQWe+vNtt396xCnv7RK5SoAvHKp2v6n1RinDp +uyzyjZzSYIPMwmhsjD3WDeT/TP7ikT17/rRbfUXOtWNuDZDnhQqfbyJtqbTX5BgE +CoHeeZy52nTP5Kf62FB/L5Xf1p4w1Js54lmtelmpo82JL2uC/QyQftvB6YQC7Fgi +FQxCbtwzIP//54wf9b1A1R52fFyGfkJ5VBrsdfN5bc/dULpmt1MUHHFra49rXKPi +qdUoZ7TNvCkggIhZEQHOJcidUcmEwlFu8HPS45sDSjA2fMhr9E4GnZeRQmnTeTZ8 +6G0VZ+UwiDXEEkRD3gZws2UIlbEadMAL+rBIUwYDSSudpaWj7qukd00C0/qbffla +u6SR7kjiXO/XMmjYsmvRMUVIhUMCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAGBLn +vkmxGn7IBh5xNtygC2rVnlA8xaRDMNvj0HkzSuMggZYXjLCx11k+FgY9IHPQYiVu +YeET/AfjouFivyi3PaWMDMHHkS00xlFC3PCQpg6IMbqNlO8wmqN1dzyfZBsoCxRm +b2TWFP6CIhnk5wPpMZGEaWURAYipGbVLi+SQ4mef/nvbQmcRQfwyWMrB9fkSbDJX +8cji3CnZmI7tPMs/jyIJLbIDEe+ySOtHVFoS6j4OTUlFzN0iSLasC8cbYyxsaQSQ +FtNNxnX9x/nvbtAIkUa3i/M3q//3J0evoYhIWms3JFDwyusip4hZTBgjHvdNOK36 +Dx1qNu4H1uqRrRsCG/HgnZl73yBZfoZmm994bqI337e5G+7xIDfvWYaJyZBleaqc +l0vEkPCzWK8D8uw6VY25nOIaoNTiDv1w14V8+KcEIYlpRhVAVSSDlehILi1xaAjA +DL5bsfHgKXAIdP6YL+zy8uA4xXfO9SVjr47q1yXhov57kibqU/oRz+Oa3mmS+/w8 +ge5kEGyr1SGVAJnMsIscToDdQfhRINBFqaR5KcqzMxbCidoLAYBmlsNG5TxnVZMz +8XoaPTo9In5mzlZPDLdY/Qi1QHe1O4W7z2Nr976SGJyU6Cd+1kWeZNB1i0vUH7rA +tevrM9leZS9Rp4lTsXiMhM4NJd/iHu5V7Iy7EPI= +-----END CERTIFICATE----- diff --git a/vectors/cryptography_vectors/x509/has_signature_of/rsa_issuer.pem b/vectors/cryptography_vectors/x509/has_signature_of/rsa_issuer.pem new file mode 100644 index 0000000000000..ebf1f804edddd --- /dev/null +++ b/vectors/cryptography_vectors/x509/has_signature_of/rsa_issuer.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE4zCCAsugAwIBAgIJAKHZAn8DoTX5MA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV +BAMMHU15IHNlbGYtc2lnbmVkIENBIGNlcnRpZmljYXRlMB4XDTIwMDIwODIyMjUz +MloXDTIwMDMwOTIyMjUzMlowKDEmMCQGA1UEAwwdTXkgc2VsZi1zaWduZWQgQ0Eg +Y2VydGlmaWNhdGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCbPf4d +dAumRdLLlUwdPS39Tkrrdsf4LUlbVEJRNglS1S821LfPo3Ixk+Uv8iPen2ZdoumC +kLcUaHiyz8lkV80rUnbXWP5wiEwyqIgGBiFjnaqAnMTKQCMMCF0IFeNK2xX22Yxl +Db1Db4mxhDiklVBlbLW3kwb9k5thGnOUgyLFGxflLUz8DSVHB0E/veOc47WdLW+F +dvFq2A3o8iPCCHIWaAx5Klg64N5pmODx7LQikaypAHv73WkS9QFjobittCgV4Zs3 +136ui1XCjk9NV+cn+vyUm3EpPsTEjbBqNyp55D3CbhWL9JF/sAZRHET5B6hcNG8T +ArVCS9Js7UMB6WvuUT5bexs6smpQssZUj1Lzmjsg55cJGP+iAGUK8ba9KCGuxHc7 +RsE2g68cnDuW1qugZSN3xKIsR0IUWY0wsYNKLJD8/bIEDQjzqYlI/VLJ8SBO6RQn +3AHiX+wwitJGrNuOF3kYK9XutqZ/otAibYvL86JI2kBdRuuV0odKTfu5CnDMBj2F +ej+BeK0/BOObyrCEyR6YwkMMokb/2JZvUn7AaHF061lx2PkKe6yKY7L8zwTgLPC7 +TORgwfVEiDJ+AmTtNsF6xQa3Vw0zArpEo5A6MlrtHf56Kw/m8GA0YOFPMNxz2Nw/ +KutZ2Wk4XBOoX9SsWbaKMR8Uu3KqnsqieWhv5QIDAQABoxAwDjAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCVfLX/bZQHIhXBML1MX8PmYnVHdtxxC9NK +S4ByAcw8EZZKAzl4ARIwvl2wKEroDuKSBigLjPxAkeLb+QFgJD6rM1Pz3mnYWokS +oUtPVV0LxpylfSAU5wekAFSUPDzBVIQiMFmKLoGHzZ3PsYpYK6D6MwX4fzA26I1E +bAbDkYl1uvaLnlzEZ2wdVRWMJHbHgRSs1syAcgoyKYwWzCXlPiYOxlinTAIqiSWG +LorwEx+9YTJmvgAaAMKm+c/7lm//VcuQ5g8JkymIWoawg0oRi1D8PBn8jSTRL20q +AchBpx1NM90C1++mfWNso1mWF1+A5B96gGQgkdd58tgZB8nE9X7LmPNq/9KF45Sr +O2I1bD67YnOs9oOaAMMIkRJAMTnK/yLLckGF3/4rM+Gj57cWoePqG973NpmXRSil +lIJg6RgXnlfwo4XaNbYPQs3ECqMpV8+lEonRqWT1Win6s09F1pbrSwDAMnU8AxHN +Y6aRM/z9hmzTIiB9jXts85cLh4VFx6zssjytzng46yhR0hz2w2tGPrBTb7ebl+5y +V9M0H1ckklrd/4ka5hohQ1t/fM+Jvj4D/0UZXbOkrz/oDXGf2Jk0copqg8wVDeU6 +o+MWwunrWMRr5ZMXfoWkz5We7jIcgxNrFw/fg9zeTtntMD5rX3kEYJ9SD6aL2Ljs +nzNcdAkACA== +-----END CERTIFICATE-----