Skip to content

Commit b637d81

Browse files
DenisKarchDenisKarch
committed
Changes for PR
Using PEM cert instead of DER Added TPM manufacturer to comment
1 parent e433068 commit b637d81

File tree

1 file changed

+40
-9
lines changed

1 file changed

+40
-9
lines changed

x509/x509_test.go

Lines changed: 40 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1119,23 +1119,54 @@ func TestRSAPSSSelfSigned(t *testing.T) {
11191119
}
11201120
}
11211121

1122-
// Valid EKCert (from a TPM) with RSAES-OAEP Public Key.
1122+
// Valid EKCert (from an Infineon TPM1.2) with RSAES-OAEP Public Key.
11231123
// TPM1.2 uses RSA keys with OAEP padding (SHA1).
1124-
// The hardware only supports SHA1 so manufacturers have
1125-
// since switched to using rsaEncryption keys but millions
1126-
// of certificates still exist that have this type of key.
1127-
var oaepCertDER = `3082056e30820456a003020102020464f5bda5300d06092a864886f70d01010505003077310b3009060355040613024445310f300d060355040813065361786f6e793121301f060355040a1318496e66696e656f6e20546563686e6f6c6f67696573204147310c300a060355040b130341494d312630240603550403131d4946582054504d20454b20496e7465726d656469617465204341203230301e170d3135303932313231323932385a170d3235303932313231323932385a300030820137302206092a864886f70d0101073015a213301106092a864886f70d0101090404544350410382010f003082010a02820101008e7983105063a3f1c2e77d7c8b4f411db9c76f11366ccbb11757001fa51805bbbf68b6dccd9ad28a82c6a831e1591f06181c2e328c261cf9a14ff1704dc3261cc16da751760141969330a75b3fc5ae185ac76d636a97a339838bd042aa7c5999f63f946c6987b0e8be8f5908d08563f62bc6ee9510e36752bd3b2e7b55281bc92a8dcc8ba8a30d6aaa7580b672d83802449d34bfea0434edea4dbc3a9b201f3de0bf5ab2ca96a5254f4e76a58adc8d3bc385be94e93e0052e4066f238a9c1195eaacda02a6dc78393063340054e3ce99754a8770c8efcca45ad8fc999f7aaa67a8a83960141e5f4b892d3af333f09b6d13e60900e0ea8bd3b5eea30f4f2b889b0203010001a38202623082025e30550603551d110101ff044b3049a447304531163014060567810502010c0b69643a343934363538303031173015060567810502020c0c534c42393636307878312e3231123010060567810502030c0769643a30343238300c0603551d130101ff040230003081bc0603551d200101ff0481b13081ae3081ab060b6086480186f84501072f0130819b303906082b06010505070201162d687474703a2f2f7777772e766572697369676e2e636f6d2f7265706f7369746f72792f696e6465782e68746d6c305e06082b0601050507020230521e5000540043005000410020005400720075007300740065006400200050006c006100740066006f0072006d0020004d006f00640075006c006500200045006e0064006f007200730065006d0065006e00743081a10603551d2304819930819680148ffd47880e239a3a3a20de13edf101e882a9d21da17ba4793077310b3009060355040613024445310f300d060355040813065361786f6e793121301f060355040a1318496e66696e656f6e20546563686e6f6c6f67696573204147310c300a060355040b130341494d312630240603550403131d4946582054504d20454b20496e7465726d6564696174652043412032308201053081930603551d0904818b308188303a06035504343133300b300906052b0e03021a05003024302206092a864886f70d0101073015a213301106092a864886f70d010109040454435041301606056781050210310d300b0c03312e32020102020103303206056781050212312930270101ffa0030a0101a1030a0100a2030a0100a310300e1603332e310a01040a01010101ff0101ff300d06092a864886f70d010105050003820101003b25d3958cf08b2c32cefb40570f845e25fa98fd38a47be8c16e4ef663d8f057824ff550052b4a338e353b08bfe70364cda07961d3f4fb5cbf548497389a5ab59c3469d14b6f5bfdc27db3dd0cbd21ac818a64a14032cd433a2bffb939b5f54555c2b6892b5f6479e3c38bd4b30283d2e8ee57ecad779dae90bd9d6052ad6bf3efbb30f639e03b0a239f539a476b129540bc9806e2dc7011d265dca8a95301aaba872b4e176bdb670e65b750b0afdc2ca97b3f0bef55862ae135bd86b1d3a28d4eedfe5ee445a3f1d65bbad0adae49999e613eabb133166461cf47146de078a7d7f550940a1a475ecc834ee784a6a6e42fa4ad7869ef8d2b2251c830efb38496`
1124+
// The hardware only supports SHA1 so manufacturers have since switched
1125+
// to using rsaEncryption keys but millions of certificates still exist
1126+
// that have this type of key.
1127+
var oaepCertPEM = `-----BEGIN CERTIFICATE-----
1128+
MIIFbjCCBFagAwIBAgIEZPW9pTANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJE
1129+
RTEPMA0GA1UECBMGU2F4b255MSEwHwYDVQQKExhJbmZpbmVvbiBUZWNobm9sb2dp
1130+
ZXMgQUcxDDAKBgNVBAsTA0FJTTEmMCQGA1UEAxMdSUZYIFRQTSBFSyBJbnRlcm1l
1131+
ZGlhdGUgQ0EgMjAwHhcNMTUwOTIxMjEyOTI4WhcNMjUwOTIxMjEyOTI4WjAAMIIB
1132+
NzAiBgkqhkiG9w0BAQcwFaITMBEGCSqGSIb3DQEBCQQEVENQQQOCAQ8AMIIBCgKC
1133+
AQEAjnmDEFBjo/HC5318i09BHbnHbxE2bMuxF1cAH6UYBbu/aLbczZrSioLGqDHh
1134+
WR8GGBwuMowmHPmhT/FwTcMmHMFtp1F2AUGWkzCnWz/Frhhax21japejOYOL0EKq
1135+
fFmZ9j+UbGmHsOi+j1kI0IVj9ivG7pUQ42dSvTsue1UoG8kqjcyLqKMNaqp1gLZy
1136+
2DgCRJ00v+oENO3qTbw6myAfPeC/WrLKlqUlT052pYrcjTvDhb6U6T4AUuQGbyOK
1137+
nBGV6qzaAqbceDkwYzQAVOPOmXVKh3DI78ykWtj8mZ96qmeoqDlgFB5fS4ktOvMz
1138+
8JttE+YJAODqi9O17qMPTyuImwIDAQABo4ICYjCCAl4wVQYDVR0RAQH/BEswSaRH
1139+
MEUxFjAUBgVngQUCAQwLaWQ6NDk0NjU4MDAxFzAVBgVngQUCAgwMU0xCOTY2MHh4
1140+
MS4yMRIwEAYFZ4EFAgMMB2lkOjA0MjgwDAYDVR0TAQH/BAIwADCBvAYDVR0gAQH/
1141+
BIGxMIGuMIGrBgtghkgBhvhFAQcvATCBmzA5BggrBgEFBQcCARYtaHR0cDovL3d3
1142+
dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9pbmRleC5odG1sMF4GCCsGAQUFBwIC
1143+
MFIeUABUAEMAUABBACAAVAByAHUAcwB0AGUAZAAgAFAAbABhAHQAZgBvAHIAbQAg
1144+
AE0AbwBkAHUAbABlACAARQBuAGQAbwByAHMAZQBtAGUAbgB0MIGhBgNVHSMEgZkw
1145+
gZaAFI/9R4gOI5o6OiDeE+3xAeiCqdIdoXukeTB3MQswCQYDVQQGEwJERTEPMA0G
1146+
A1UECBMGU2F4b255MSEwHwYDVQQKExhJbmZpbmVvbiBUZWNobm9sb2dpZXMgQUcx
1147+
DDAKBgNVBAsTA0FJTTEmMCQGA1UEAxMdSUZYIFRQTSBFSyBJbnRlcm1lZGlhdGUg
1148+
Q0EgMjCCAQUwgZMGA1UdCQSBizCBiDA6BgNVBDQxMzALMAkGBSsOAwIaBQAwJDAi
1149+
BgkqhkiG9w0BAQcwFaITMBEGCSqGSIb3DQEBCQQEVENQQTAWBgVngQUCEDENMAsM
1150+
AzEuMgIBAgIBAzAyBgVngQUCEjEpMCcBAf+gAwoBAaEDCgEAogMKAQCjEDAOFgMz
1151+
LjEKAQQKAQEBAf8BAf8wDQYJKoZIhvcNAQEFBQADggEBADsl05WM8IssMs77QFcP
1152+
hF4l+pj9OKR76MFuTvZj2PBXgk/1UAUrSjOONTsIv+cDZM2geWHT9Ptcv1SElzia
1153+
WrWcNGnRS29b/cJ9s90MvSGsgYpkoUAyzUM6K/+5ObX1RVXCtokrX2R548OL1LMC
1154+
g9Lo7lfsrXedrpC9nWBSrWvz77sw9jngOwojn1OaR2sSlUC8mAbi3HAR0mXcqKlT
1155+
Aaq6hytOF2vbZw5lt1Cwr9wsqXs/C+9VhirhNb2GsdOijU7t/l7kRaPx1lu60K2u
1156+
SZmeYT6rsTMWZGHPRxRt4Hin1/VQlAoaR17Mg07nhKam5C+krXhp740rIlHIMO+z
1157+
hJY=
1158+
-----END CERTIFICATE-----`
11281159

11291160
func TestParseCertificateWithRSAESOAEPPublicKey(t *testing.T) {
11301161
wantKey := &rsa.PublicKey{
11311162
E: 65537,
11321163
N: bigFromHexString("8e7983105063a3f1c2e77d7c8b4f411db9c76f11366ccbb11757001fa51805bbbf68b6dccd9ad28a82c6a831e1591f06181c2e328c261cf9a14ff1704dc3261cc16da751760141969330a75b3fc5ae185ac76d636a97a339838bd042aa7c5999f63f946c6987b0e8be8f5908d08563f62bc6ee9510e36752bd3b2e7b55281bc92a8dcc8ba8a30d6aaa7580b672d83802449d34bfea0434edea4dbc3a9b201f3de0bf5ab2ca96a5254f4e76a58adc8d3bc385be94e93e0052e4066f238a9c1195eaacda02a6dc78393063340054e3ce99754a8770c8efcca45ad8fc999f7aaa67a8a83960141e5f4b892d3af333f09b6d13e60900e0ea8bd3b5eea30f4f2b889b"),
11331164
}
1134-
derBlock, err := hex.DecodeString(oaepCertDER)
1135-
if err != nil {
1136-
t.Fatalf("Failed to decode hex string: %s", err)
1165+
der, _ := pem.Decode([]byte(oaepCertPEM))
1166+
if der == nil {
1167+
t.Fatalf("Failed to decode PEM cert")
11371168
}
1138-
cert, err := ParseCertificate(derBlock)
1169+
cert, err := ParseCertificate(der.Bytes)
11391170
if err != nil {
11401171
t.Fatalf("Failed to parse certificate: %s", err)
11411172
}

0 commit comments

Comments
 (0)