|
611 | 611 | equal(x.verifySignature(pubkey), false, "false"); |
612 | 612 | }); |
613 | 613 |
|
| 614 | +test("verifySignature DSA forged cert with g=1 shall be rejected", function() { |
| 615 | +var DERSeq = function(arr) { return new KJUR.asn1.DERSequence({array: arr}); }; |
| 616 | +var DERSet = function(arr) { return new KJUR.asn1.DERSet({array: arr}); }; |
| 617 | +var DERInt = function(v) { |
| 618 | + if (typeof v == "string") return new KJUR.asn1.DERInteger({hex: v}); |
| 619 | + return new KJUR.asn1.DERInteger({"int": v}); |
| 620 | +}; |
| 621 | +var DEROid = function(o) { return new KJUR.asn1.DERObjectIdentifier({oid: o}); }; |
| 622 | +var DERUtf8 = function(s) { return new KJUR.asn1.DERUTF8String({str: s}); }; |
| 623 | +var DERBits = function(hex) { return new KJUR.asn1.DERBitString({hex: "00" + hex}); }; |
| 624 | +var DERUtcT = function(s) { return new KJUR.asn1.DERUTCTime({str: s}); }; |
| 625 | +var DERTag = function(t, o) { |
| 626 | + return new KJUR.asn1.DERTaggedObject({tag: t, explicit: true, obj: o}); |
| 627 | +}; |
| 628 | +var rdnCN = function(cn) { return DERSeq([DERSet([DERSeq([DEROid("2.5.4.3"), DERUtf8(cn)])])]); }; |
| 629 | + |
| 630 | +var pHex = "17"; |
| 631 | +var qHex = "0b"; |
| 632 | +var gHex = "01"; |
| 633 | +var yHex = "01"; |
| 634 | + |
| 635 | +var dsaParams = DERSeq([DERInt(pHex), DERInt(qHex), DERInt(gHex)]); |
| 636 | +var spki = DERSeq([DERSeq([DEROid("1.2.840.10040.4.1"), dsaParams]), |
| 637 | + DERBits(DERInt(yHex).getEncodedHex())]); |
| 638 | + |
| 639 | +var tbs = DERSeq([ |
| 640 | + DERTag("a0", DERInt(2)), |
| 641 | + DERInt(1), |
| 642 | + DERSeq([DEROid("1.2.840.10040.4.3")]), |
| 643 | + rdnCN("Malicious CA"), |
| 644 | + DERSeq([DERUtcT("250101000000Z"), DERUtcT("351231235959Z")]), |
| 645 | + rdnCN("Malicious CA"), |
| 646 | + spki |
| 647 | +]); |
| 648 | +var forgedSigHex = DERSeq([DERInt(1), DERInt(7)]).getEncodedHex(); |
| 649 | +var certHex = DERSeq([tbs, DERSeq([DEROid("1.2.840.10040.4.3")]), DERBits(forgedSigHex)]).getEncodedHex(); |
| 650 | +var certPEM = KJUR.asn1.ASN1Util.getPEMStringFromHex(certHex, "CERTIFICATE"); |
| 651 | + |
| 652 | +var accepted = false; |
| 653 | +try { |
| 654 | + var x = new X509(); |
| 655 | + x.readCertPEM(certPEM); |
| 656 | + var pubkey = x.getPublicKey(); |
| 657 | + accepted = x.verifySignature(pubkey); |
| 658 | +} catch (ex) { |
| 659 | + accepted = false; |
| 660 | +} |
| 661 | +equal(accepted, false, "forged certificate rejected"); |
| 662 | +}); |
| 663 | + |
614 | 664 | test("verifySignature ECDSA k1.self.sha1.cer with k1.pub.p8 VALID", function() { |
615 | 665 | var pubkey = KEYUTIL.getKey(K1PUBP8); |
616 | 666 | var x = new X509(); |
|
691 | 741 |
|
692 | 742 | </body> |
693 | 743 | </html> |
694 | | - |
|
0 commit comments