From 8eb9cfe8efe6eef87892c67824714b7ab4d590b5 Mon Sep 17 00:00:00 2001 From: Simon Scurrell Date: Thu, 4 Apr 2024 11:04:39 +0100 Subject: [PATCH 1/8] add support for parsing ASN.1 GeneralizedTime --- nx_secure/inc/nx_secure_x509.h | 3 +- nx_secure/src/nx_secure_x509.c | 3 +- .../src/nx_secure_x509_expiration_check.c | 164 ++++++++++++++++-- 3 files changed, 152 insertions(+), 18 deletions(-) diff --git a/nx_secure/inc/nx_secure_x509.h b/nx_secure/inc/nx_secure_x509.h index 04d52fb7..ab03abea 100644 --- a/nx_secure/inc/nx_secure_x509.h +++ b/nx_secure/inc/nx_secure_x509.h @@ -709,7 +709,8 @@ typedef struct NX_SECURE_X509_CERT_STRUCT /* Validity time format - either ASN.1 generalized time or ASN.1 UTC time. Uses the ASN.1 tag value. */ - USHORT nx_secure_x509_validity_format; + USHORT nx_secure_x509_not_before_validity_format; + USHORT nx_secure_x509_not_after_validity_format; /* Validity period. Stored as ASN.1 generalized time or UTC time. */ const UCHAR *nx_secure_x509_not_before; diff --git a/nx_secure/src/nx_secure_x509.c b/nx_secure/src/nx_secure_x509.c index a8cf5b1d..a2117132 100644 --- a/nx_secure/src/nx_secure_x509.c +++ b/nx_secure/src/nx_secure_x509.c @@ -1128,7 +1128,7 @@ const UCHAR *current_buffer; return(NX_SECURE_X509_UNEXPECTED_ASN1_TAG); } - cert -> nx_secure_x509_validity_format = tlv_type; + cert -> nx_secure_x509_not_before_validity_format = tlv_type; cert -> nx_secure_x509_not_before = tlv_data; cert -> nx_secure_x509_not_before_length = (USHORT)tlv_length; @@ -1149,6 +1149,7 @@ const UCHAR *current_buffer; return(NX_SECURE_X509_UNEXPECTED_ASN1_TAG); } + cert -> nx_secure_x509_not_after_validity_format = tlv_type; cert -> nx_secure_x509_not_after = tlv_data; cert -> nx_secure_x509_not_after_length = (USHORT)tlv_length; diff --git a/nx_secure/src/nx_secure_x509_expiration_check.c b/nx_secure/src/nx_secure_x509_expiration_check.c index de948e77..e14defea 100644 --- a/nx_secure/src/nx_secure_x509_expiration_check.c +++ b/nx_secure/src/nx_secure_x509_expiration_check.c @@ -28,6 +28,8 @@ static UINT _nx_secure_x509_asn1_time_to_unix_convert(const UCHAR *asn1_time, USHORT asn1_length, USHORT format, ULONG *unix_time); +static ULONG _nx_secure_count_leap_years(ULONG start_year, ULONG end_year); + /**************************************************************************/ /* */ /* FUNCTION RELEASE */ @@ -118,12 +120,21 @@ UINT status; /* Helper function to convert the ASN.1 time formats into UNIX epoch time for comparison. */ #define date_2_chars_to_int(buffer, index) (ULONG)(((buffer[index] - '0') * 10) + (buffer[index + 1] - '0')) +#define date_3_chars_to_int(buffer, index) (ULONG)(((buffer[index] - '0') * 100) + ((buffer[index + 1] - '0') * 10) + (buffer[index + 2] - '0')) +#define date_4_chars_to_int(buffer, index) (ULONG)(((buffer[index] - '0') * 1000) + ((buffer[index + 1] - '0') * 100) + ((buffer[index + 2] - '0') * 10) + (buffer[index + 3] - '0')) + +/* Helper function to determine if a given year is a leap year */ + +#define is_leap_year(year) ((((year) % 4 == 0) && ((year) % 100 != 0)) || ((year) % 400 == 0)) /* Array indexed on month - 1 gives the total number of days in all previous months (through last day of previous month). Leap years are handled in the logic below and are not reflected in this array. */ /* J F M A M J J A S O N D */ static const UINT days_before_month[12] = {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334}; +/* Define epoch year for UNIX time */ +static const ULONG unix_epoch = 1970; + /**************************************************************************/ /* */ /* FUNCTION RELEASE */ @@ -175,7 +186,7 @@ static const UINT days_before_month[12] = {0, 31, 59, 90, 120, 151, 181, 212, 24 static UINT _nx_secure_x509_asn1_time_to_unix_convert(const UCHAR *asn1_time, USHORT asn1_length, USHORT format, ULONG *unix_time) { -ULONG year, month, day, hour, minute, second; +ULONG year, month, day, hour, minute, second, fractional; UINT index; NX_CRYPTO_PARAMETER_NOT_USED(asn1_length); @@ -191,6 +202,7 @@ UINT index; hour = date_2_chars_to_int(asn1_time, 6); minute = date_2_chars_to_int(asn1_time, 8); second = 0; + fractional = 0; /* Check the next field, can be 'Z' for Zulu time (GMT) or [+/-] for local time offset. */ index = 10; @@ -230,31 +242,28 @@ UINT index; /* printf("year: %lu, month: %lu, day: %lu, hour: %lu, minute: %lu, second: %lu\n", year, month, day, hour, minute, second);*/ - /* Now we have our time in integers, calculate leap years. We aren't concerned with years outside the UNIX - time range of 1970-2038 so we can assume every 4 years starting with 1972 is a leap year (years divisible - by 100 are NOT leap years unless also divisible by 400, which the year 2000 is). Using integer division gives - us the floor of the number of 4 year periods, so add 1. */ + /* Now we have our time in integers, calculate leap years that have occurred. */ if (year >= 70) - { - /* Year is before 2000. Subtract 72 to get duration from first leap year in epoch. */ - year -= 70; - day += ((year + 2) / 4); + { + /* Year is before 2000. Add 1900 to get actual year. */ + year += 1900; } else { - /* Year is 2000 or greater. Add 28 (2000-1972) to get duration from first leap year in epoch. */ - year += 30; - day += ((year - 2) / 4) + 1; + /* Year is 2000 or greater. Add 2000 to get actual year. */ + year += 2000; } + day += _nx_secure_count_leap_years(unix_epoch, year); + /* If it is leap year and month is before March, subtract 1 day. */ - if (((year + 2) % 4 == 0) && (month < 3)) + if ((is_leap_year(year)) && (month < 3)) { day -= 1; } /* Finally, calculate the number of seconds from the extracted values. */ - day += year * 365; + day += (year - unix_epoch) * 365; day += days_before_month[month - 1]; hour += day * 24; minute += hour * 60; @@ -269,8 +278,77 @@ UINT index; Local time only. ``YYYYMMDDHH[MM[SS[.fff]]]'', where the optional fff is three decimal places (fractions of seconds). Universal time (UTC time) only. ``YYYYMMDDHH[MM[SS[.fff]]]Z''. MM, SS, .fff are optional. Difference between local and UTC times. ``YYYYMMDDHH[MM[SS[.fff]]]+-HHMM''. +/-HHMM is local time offset. */ - /* TODO: Implement conversion to 32-bit UNIX time. */ - return(NX_SECURE_X509_INVALID_DATE_FORMAT); + + year = date_4_chars_to_int(asn1_time, 0); + month = date_2_chars_to_int(asn1_time, 4); + day = date_2_chars_to_int(asn1_time, 6) - 1; /* For calculations, day is 0-based. */ + hour = date_2_chars_to_int(asn1_time, 8); + minute = date_2_chars_to_int(asn1_time, 10); + second = 0; + fractional = 0; + + /* Check the next field, can be 'Z' for Zulu time (GMT) or [+/-] for local time offset. */ + index = 12; + + /* Check for optional seconds. */ + if (asn1_time[index] != 'Z' && asn1_time[index] != '+' && asn1_time[index] != '-') + { + second = date_2_chars_to_int(asn1_time, index); + index += 2; + + /* Check for optional fractional seconds. */ + if (asn1_time[index] == '.') + { + index++; + fractional = date_3_chars_to_int(asn1_time, index); + index += 3; + } + } + + /* Check for GMT time or local time offset. */ + if (asn1_time[index] != 'Z') + { + /* Check for optional local time offset. NOTE: The additions and subtractions here may + * result in values > 24 or < 0 but that is OK for the calculations. */ + if (asn1_time[index] == '+') + { + index++; /* Skip the '+' */ + hour -= date_2_chars_to_int(asn1_time, index); + index += 2; + minute -= date_2_chars_to_int(asn1_time, index); + } + else if (asn1_time[index] == '-') + { + index++; /* Skip the '-' */ + hour += date_2_chars_to_int(asn1_time, index); + index += 2; + minute += date_2_chars_to_int(asn1_time, index); + } + else + { + /* Not a correct UTC time! */ + return(NX_SECURE_X509_INVALID_DATE_FORMAT); + } + } + + /* Now we have our time in integers, calculate leap years that have occurred. */ + day += _nx_secure_count_leap_years(unix_epoch, year); + + /* If it is leap year and month is before March, subtract 1 day. */ + if (is_leap_year(year) && (month < 3)) + { + day -= 1; + } + + /* Finally, calculate the number of seconds from the extracted values. */ + day += (year - unix_epoch) * 365; + day += days_before_month[month - 1]; + hour += day * 24; + minute += hour * 60; + second += minute * 60; + + /* Finally, return the converted time. */ + *unix_time = second; } else { @@ -280,3 +358,57 @@ UINT index; return(NX_SECURE_X509_SUCCESS); } + +/**************************************************************************/ +/* */ +/* FUNCTION RELEASE */ +/* */ +/* _nx_secure_count_leap_years PORTABLE C */ +/* 6.4.1 */ +/* AUTHOR */ +/* */ +/* Simon Scurrell, T3S Solutions Ltd */ +/* */ +/* DESCRIPTION */ +/* */ +/* This function calculates the number of leap years that have */ +/* occurred between the given start and end years. */ +/* */ +/* INPUT */ +/* */ +/* start_year 4-digit start year (YYYY) */ +/* end_year 4-digit end year (YYYY) */ +/* */ +/* OUTPUT */ +/* */ +/* count Returns the number of leap years */ +/* */ +/* CALLS */ +/* */ +/* None */ +/* */ +/* CALLED BY */ +/* */ +/* _nx_secure_x509_asn1_time_to_unix_convert ASN.1 time convert */ +/* */ +/* RELEASE HISTORY */ +/* */ +/* DATE NAME DESCRIPTION */ +/* */ +/* 04-04-2024 Simon Scurrell Initial Version 6.4.1 */ +/* */ +/**************************************************************************/ +static ULONG _nx_secure_count_leap_years(ULONG start_year, ULONG end_year) +{ + ULONG count = 0; + + for(ULONG year = start_year; year <= end_year; year++) + { + if(is_leap_year(year)) + { + count += 1; + } + } + + return count; +} From 14105e1a2de7b3c1f28bb2b86cfa7de49fb59a00 Mon Sep 17 00:00:00 2001 From: Simon Scurrell Date: Thu, 4 Apr 2024 12:13:17 +0100 Subject: [PATCH 2/8] fix validity format field error --- nx_secure/src/nx_secure_x509_expiration_check.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nx_secure/src/nx_secure_x509_expiration_check.c b/nx_secure/src/nx_secure_x509_expiration_check.c index e14defea..7ea5cdaa 100644 --- a/nx_secure/src/nx_secure_x509_expiration_check.c +++ b/nx_secure/src/nx_secure_x509_expiration_check.c @@ -84,7 +84,7 @@ UINT status; /* First, convert the X.509 ASN.1 time format into 32-bit UINX-epoch format of the "not before" field. */ status = _nx_secure_x509_asn1_time_to_unix_convert(certificate -> nx_secure_x509_not_before, certificate -> nx_secure_x509_not_before_length, - certificate -> nx_secure_x509_validity_format, ¬_before); + certificate -> nx_secure_x509_not_before_validity_format, ¬_before); if (status != NX_SECURE_X509_SUCCESS) { return(status); @@ -92,7 +92,7 @@ UINT status; /* Convert the "not after" time field. */ status = _nx_secure_x509_asn1_time_to_unix_convert(certificate -> nx_secure_x509_not_after, certificate -> nx_secure_x509_not_after_length, - certificate -> nx_secure_x509_validity_format, ¬_after); + certificate -> nx_secure_x509_not_after_validity_format, ¬_after); if (status != NX_SECURE_X509_SUCCESS) { return(status); From ce74786fbc71402540e812b5ff6bd4a43c13a5ea Mon Sep 17 00:00:00 2001 From: Simon Scurrell Date: Thu, 4 Apr 2024 12:14:04 +0100 Subject: [PATCH 3/8] changed CertMsg notBefore format to be in GeneralizedTime format --- .../nx_secure_tls_coverage_test.c | 133 +++++++++--------- 1 file changed, 63 insertions(+), 70 deletions(-) diff --git a/test/regression/nx_secure_test/nx_secure_tls_coverage_test.c b/test/regression/nx_secure_test/nx_secure_tls_coverage_test.c index c4269085..d488a947 100644 --- a/test/regression/nx_secure_test/nx_secure_tls_coverage_test.c +++ b/test/regression/nx_secure_test/nx_secure_tls_coverage_test.c @@ -180,10 +180,10 @@ UINT status; static UCHAR CertMsg[] = { /* total length. */ - 0x00, 0x03, 0x27, + 0x00, 0x03, 0x29, /* cert length */ - 0x00, 0x03, 0x24, - 0x30, 0x82, 0x03, 0x20, 0x30, 0x82, 0x02, 0x08, 0x02, 0x09, 0x00, 0xc0, + 0x00, 0x03, 0x26, + 0x30, 0x82, 0x03, 0x22, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x09, 0x00, 0xc0, 0xbe, 0x29, 0xae, 0x89, 0x1b, 0xc9, 0xe5, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x52, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, @@ -192,64 +192,65 @@ static UCHAR CertMsg[] = { 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0c, 0x06, 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x1e, - 0x17, 0x0d, 0x31, 0x37, 0x31, 0x31, 0x30, 0x39, 0x30, 0x32, 0x33, 0x33, - 0x31, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x38, 0x32, 0x39, 0x30, - 0x32, 0x33, 0x33, 0x31, 0x39, 0x5a, 0x30, 0x52, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x45, 0x4c, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x02, 0x45, - 0x4c, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x06, - 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xc3, 0x79, 0x72, 0xa4, 0xe2, 0xc6, 0xb7, 0x5d, 0x0f, - 0x41, 0x8c, 0x8e, 0xd1, 0x3c, 0xfd, 0x97, 0xf4, 0x8e, 0x82, 0x7e, 0x75, - 0xac, 0x4d, 0x85, 0xbb, 0xba, 0xe3, 0xd6, 0x22, 0xad, 0xc5, 0xc2, 0xd5, - 0x9d, 0x78, 0x1c, 0xab, 0x9c, 0x33, 0xb7, 0x95, 0x36, 0xcb, 0x63, 0x76, - 0x88, 0xc7, 0x3c, 0xa7, 0xf7, 0xfb, 0x84, 0x1d, 0x7c, 0xc5, 0x17, 0x25, - 0x5f, 0x1d, 0x41, 0xf3, 0x8c, 0xf9, 0x2f, 0x93, 0xab, 0xb2, 0x6b, 0x84, - 0xa9, 0x07, 0x70, 0xa1, 0xa0, 0xb3, 0xe0, 0x86, 0x5b, 0x5f, 0x4e, 0x0c, - 0x78, 0x7f, 0x20, 0x10, 0x12, 0x60, 0x13, 0x5c, 0xf8, 0x15, 0xe0, 0xc6, - 0xcb, 0xb2, 0x61, 0xe4, 0x78, 0x9d, 0xb8, 0x91, 0x60, 0x0f, 0xe6, 0xce, - 0xa4, 0x57, 0xa9, 0xb3, 0xb1, 0x9e, 0x3b, 0xc7, 0xf1, 0x66, 0x96, 0x23, - 0xf7, 0xe5, 0x40, 0xfa, 0xf6, 0x3a, 0xb9, 0x32, 0x64, 0xd0, 0x01, 0x14, - 0x31, 0x81, 0x3c, 0x3e, 0xf1, 0x9e, 0x64, 0x3d, 0xd0, 0x37, 0xee, 0xcd, - 0xf1, 0x82, 0x79, 0x3e, 0x08, 0x48, 0x2d, 0x2f, 0xa4, 0x5d, 0x41, 0xff, - 0x1f, 0xc1, 0x99, 0x26, 0x53, 0xb8, 0x7b, 0x59, 0xe5, 0x79, 0x9d, 0x25, - 0x2c, 0x35, 0xe6, 0x7b, 0x22, 0x02, 0x8c, 0x78, 0x05, 0xda, 0x90, 0x5d, - 0xbd, 0xd4, 0x53, 0xca, 0xa2, 0x73, 0xcc, 0xa0, 0xd7, 0x63, 0x3c, 0x22, - 0xe4, 0x2a, 0xb8, 0xc8, 0x5f, 0x58, 0x74, 0xce, 0x6c, 0x3b, 0xf3, 0x21, - 0x9a, 0xfa, 0xa0, 0x40, 0xc3, 0x10, 0x32, 0x46, 0xbb, 0x14, 0xff, 0xd6, - 0x1c, 0x41, 0x90, 0xb1, 0xb0, 0x0b, 0x59, 0x18, 0xaa, 0xfd, 0x43, 0x63, - 0x4b, 0x7c, 0xf1, 0x68, 0x1d, 0xa7, 0xed, 0x2c, 0x35, 0x11, 0xb8, 0xbc, - 0x02, 0x27, 0xc6, 0x39, 0x48, 0x62, 0x2b, 0xc1, 0xa9, 0x08, 0x53, 0x1f, - 0x7c, 0xdb, 0xa1, 0x6d, 0x41, 0x58, 0xc5, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x04, 0x03, 0x0c, 0x06, 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x20, + 0x18, 0x0f, 0x32, 0x30, 0x31, 0x37, 0x31, 0x31, 0x30, 0x39, 0x30, 0x32, + 0x33, 0x33, 0x31, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x38, 0x32, + 0x39, 0x30, 0x32, 0x33, 0x33, 0x31, 0x39, 0x5a, 0x30, 0x52, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, + 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, + 0x45, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x02, 0x45, 0x4c, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x06, 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3d, 0xa4, 0x36, 0xc9, - 0x9d, 0x91, 0xd1, 0x25, 0xe7, 0x41, 0x2c, 0x8d, 0xda, 0xcd, 0xb3, 0x8a, - 0x53, 0xe4, 0xee, 0x4f, 0x94, 0xa4, 0x84, 0xee, 0xaf, 0x06, 0x85, 0x6a, - 0xa6, 0x54, 0xe5, 0x8f, 0x12, 0xd3, 0x5e, 0x84, 0x33, 0x7a, 0x1d, 0x66, - 0x24, 0xb0, 0x9d, 0x94, 0x71, 0xad, 0x5b, 0x91, 0x6d, 0x06, 0xf3, 0x7b, - 0x41, 0x8f, 0x1a, 0x97, 0xa2, 0xe9, 0x52, 0x57, 0x2e, 0xfb, 0xaf, 0x1f, - 0xb7, 0xf9, 0x9c, 0xf8, 0xa9, 0xde, 0x4e, 0xdb, 0x92, 0x92, 0x94, 0xe0, - 0x06, 0x50, 0xfa, 0x76, 0x4f, 0x45, 0xeb, 0x8f, 0x60, 0x49, 0xeb, 0x98, - 0x32, 0x65, 0xb9, 0x85, 0xc4, 0x21, 0x81, 0xe3, 0x81, 0x33, 0x41, 0x45, - 0xc4, 0xbc, 0x3b, 0xda, 0x7a, 0x74, 0xe8, 0x4e, 0x3e, 0xc9, 0x39, 0xdf, - 0xdd, 0xa0, 0xb3, 0x49, 0x76, 0x58, 0x13, 0x46, 0x74, 0x66, 0x9e, 0xc1, - 0xbc, 0x6b, 0x37, 0xb8, 0x77, 0x6a, 0x8e, 0xf1, 0x6a, 0xad, 0xb4, 0x75, - 0x13, 0x1b, 0x2b, 0x3f, 0x62, 0x5e, 0xc7, 0x18, 0x6f, 0x65, 0xfa, 0x5c, - 0xc6, 0xb3, 0xf9, 0xa2, 0x83, 0xfa, 0x79, 0x50, 0xfa, 0xa8, 0xc8, 0xa7, - 0xc5, 0xeb, 0x7d, 0x4a, 0x27, 0x82, 0xe5, 0x09, 0xfb, 0x20, 0x06, 0x25, - 0x0a, 0x35, 0x4e, 0x43, 0x01, 0x2e, 0x09, 0x41, 0x8d, 0x1d, 0xf5, 0x4e, - 0x58, 0x72, 0x3c, 0x52, 0x34, 0x25, 0x64, 0xb6, 0xc5, 0x24, 0x9c, 0xd8, - 0xe4, 0xc9, 0xe6, 0xee, 0x23, 0xce, 0xa8, 0x1d, 0x46, 0xd0, 0xc8, 0xd6, - 0x8f, 0x27, 0xc1, 0x48, 0x66, 0x3d, 0x30, 0x7f, 0xf4, 0xf5, 0xd7, 0x81, - 0x3a, 0x62, 0x92, 0xbb, 0x9a, 0x66, 0x65, 0xaf, 0x27, 0x93, 0xd8, 0x63, - 0xfa, 0xa8, 0x3f, 0x14, 0x2e, 0xbd, 0xd2, 0x20, 0x30, 0x5b, 0x41, 0x6d, - 0x01, 0x07, 0x37, 0xe9, 0x9c, 0x8a, 0x07, 0xe3, 0x32, 0xb7, 0x68, 0xae + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, 0x79, 0x72, 0xa4, 0xe2, 0xc6, 0xb7, + 0x5d, 0x0f, 0x41, 0x8c, 0x8e, 0xd1, 0x3c, 0xfd, 0x97, 0xf4, 0x8e, 0x82, + 0x7e, 0x75, 0xac, 0x4d, 0x85, 0xbb, 0xba, 0xe3, 0xd6, 0x22, 0xad, 0xc5, + 0xc2, 0xd5, 0x9d, 0x78, 0x1c, 0xab, 0x9c, 0x33, 0xb7, 0x95, 0x36, 0xcb, + 0x63, 0x76, 0x88, 0xc7, 0x3c, 0xa7, 0xf7, 0xfb, 0x84, 0x1d, 0x7c, 0xc5, + 0x17, 0x25, 0x5f, 0x1d, 0x41, 0xf3, 0x8c, 0xf9, 0x2f, 0x93, 0xab, 0xb2, + 0x6b, 0x84, 0xa9, 0x07, 0x70, 0xa1, 0xa0, 0xb3, 0xe0, 0x86, 0x5b, 0x5f, + 0x4e, 0x0c, 0x78, 0x7f, 0x20, 0x10, 0x12, 0x60, 0x13, 0x5c, 0xf8, 0x15, + 0xe0, 0xc6, 0xcb, 0xb2, 0x61, 0xe4, 0x78, 0x9d, 0xb8, 0x91, 0x60, 0x0f, + 0xe6, 0xce, 0xa4, 0x57, 0xa9, 0xb3, 0xb1, 0x9e, 0x3b, 0xc7, 0xf1, 0x66, + 0x96, 0x23, 0xf7, 0xe5, 0x40, 0xfa, 0xf6, 0x3a, 0xb9, 0x32, 0x64, 0xd0, + 0x01, 0x14, 0x31, 0x81, 0x3c, 0x3e, 0xf1, 0x9e, 0x64, 0x3d, 0xd0, 0x37, + 0xee, 0xcd, 0xf1, 0x82, 0x79, 0x3e, 0x08, 0x48, 0x2d, 0x2f, 0xa4, 0x5d, + 0x41, 0xff, 0x1f, 0xc1, 0x99, 0x26, 0x53, 0xb8, 0x7b, 0x59, 0xe5, 0x79, + 0x9d, 0x25, 0x2c, 0x35, 0xe6, 0x7b, 0x22, 0x02, 0x8c, 0x78, 0x05, 0xda, + 0x90, 0x5d, 0xbd, 0xd4, 0x53, 0xca, 0xa2, 0x73, 0xcc, 0xa0, 0xd7, 0x63, + 0x3c, 0x22, 0xe4, 0x2a, 0xb8, 0xc8, 0x5f, 0x58, 0x74, 0xce, 0x6c, 0x3b, + 0xf3, 0x21, 0x9a, 0xfa, 0xa0, 0x40, 0xc3, 0x10, 0x32, 0x46, 0xbb, 0x14, + 0xff, 0xd6, 0x1c, 0x41, 0x90, 0xb1, 0xb0, 0x0b, 0x59, 0x18, 0xaa, 0xfd, + 0x43, 0x63, 0x4b, 0x7c, 0xf1, 0x68, 0x1d, 0xa7, 0xed, 0x2c, 0x35, 0x11, + 0xb8, 0xbc, 0x02, 0x27, 0xc6, 0x39, 0x48, 0x62, 0x2b, 0xc1, 0xa9, 0x08, + 0x53, 0x1f, 0x7c, 0xdb, 0xa1, 0x6d, 0x41, 0x58, 0xc5, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3d, 0xa4, + 0x36, 0xc9, 0x9d, 0x91, 0xd1, 0x25, 0xe7, 0x41, 0x2c, 0x8d, 0xda, 0xcd, + 0xb3, 0x8a, 0x53, 0xe4, 0xee, 0x4f, 0x94, 0xa4, 0x84, 0xee, 0xaf, 0x06, + 0x85, 0x6a, 0xa6, 0x54, 0xe5, 0x8f, 0x12, 0xd3, 0x5e, 0x84, 0x33, 0x7a, + 0x1d, 0x66, 0x24, 0xb0, 0x9d, 0x94, 0x71, 0xad, 0x5b, 0x91, 0x6d, 0x06, + 0xf3, 0x7b, 0x41, 0x8f, 0x1a, 0x97, 0xa2, 0xe9, 0x52, 0x57, 0x2e, 0xfb, + 0xaf, 0x1f, 0xb7, 0xf9, 0x9c, 0xf8, 0xa9, 0xde, 0x4e, 0xdb, 0x92, 0x92, + 0x94, 0xe0, 0x06, 0x50, 0xfa, 0x76, 0x4f, 0x45, 0xeb, 0x8f, 0x60, 0x49, + 0xeb, 0x98, 0x32, 0x65, 0xb9, 0x85, 0xc4, 0x21, 0x81, 0xe3, 0x81, 0x33, + 0x41, 0x45, 0xc4, 0xbc, 0x3b, 0xda, 0x7a, 0x74, 0xe8, 0x4e, 0x3e, 0xc9, + 0x39, 0xdf, 0xdd, 0xa0, 0xb3, 0x49, 0x76, 0x58, 0x13, 0x46, 0x74, 0x66, + 0x9e, 0xc1, 0xbc, 0x6b, 0x37, 0xb8, 0x77, 0x6a, 0x8e, 0xf1, 0x6a, 0xad, + 0xb4, 0x75, 0x13, 0x1b, 0x2b, 0x3f, 0x62, 0x5e, 0xc7, 0x18, 0x6f, 0x65, + 0xfa, 0x5c, 0xc6, 0xb3, 0xf9, 0xa2, 0x83, 0xfa, 0x79, 0x50, 0xfa, 0xa8, + 0xc8, 0xa7, 0xc5, 0xeb, 0x7d, 0x4a, 0x27, 0x82, 0xe5, 0x09, 0xfb, 0x20, + 0x06, 0x25, 0x0a, 0x35, 0x4e, 0x43, 0x01, 0x2e, 0x09, 0x41, 0x8d, 0x1d, + 0xf5, 0x4e, 0x58, 0x72, 0x3c, 0x52, 0x34, 0x25, 0x64, 0xb6, 0xc5, 0x24, + 0x9c, 0xd8, 0xe4, 0xc9, 0xe6, 0xee, 0x23, 0xce, 0xa8, 0x1d, 0x46, 0xd0, + 0xc8, 0xd6, 0x8f, 0x27, 0xc1, 0x48, 0x66, 0x3d, 0x30, 0x7f, 0xf4, 0xf5, + 0xd7, 0x81, 0x3a, 0x62, 0x92, 0xbb, 0x9a, 0x66, 0x65, 0xaf, 0x27, 0x93, + 0xd8, 0x63, 0xfa, 0xa8, 0x3f, 0x14, 0x2e, 0xbd, 0xd2, 0x20, 0x30, 0x5b, + 0x41, 0x6d, 0x01, 0x07, 0x37, 0xe9, 0x9c, 0x8a, 0x07, 0xe3, 0x32, 0xb7, + 0x68, 0xae }; /* -----===== SERVER =====----- */ @@ -1132,11 +1133,7 @@ UCHAR test_iv[16]; /* expiration_check failed. */ server_tls_session.nx_secure_tls_session_time_function = _session_time_function; - cert_1.nx_secure_x509_validity_format = NX_SECURE_ASN_TAG_GENERALIZED_TIME; - status = _nx_secure_tls_remote_certificate_verify(&server_tls_session); - EXPECT_EQ(NX_SECURE_X509_INVALID_DATE_FORMAT, status); - - certificate.nx_secure_x509_validity_format = 0xff; + certificate.nx_secure_x509_not_before_validity_format = 0xff; status = _nx_secure_tls_remote_certificate_verify(&server_tls_session); EXPECT_EQ(NX_SECURE_X509_INVALID_DATE_FORMAT, status); @@ -1747,11 +1744,7 @@ UCHAR test_iv[16]; /* expiration_check failed. */ server_tls_session.nx_secure_tls_session_time_function = _session_time_function; - cert_1.nx_secure_x509_validity_format = NX_SECURE_ASN_TAG_GENERALIZED_TIME; - status = _nx_secure_tls_remote_certificate_verify(&server_tls_session); - EXPECT_EQ(NX_SECURE_X509_INVALID_DATE_FORMAT, status); - - certificate.nx_secure_x509_validity_format = 0xff; + certificate.nx_secure_x509_not_before_validity_format = 0xff; status = _nx_secure_tls_remote_certificate_verify(&server_tls_session); EXPECT_EQ(NX_SECURE_X509_INVALID_DATE_FORMAT, status); From e348ac36493feac7f081b989fd6204cbb8fcc042 Mon Sep 17 00:00:00 2001 From: Simon Scurrell Date: Thu, 4 Apr 2024 12:15:25 +0100 Subject: [PATCH 4/8] changed notBefore time to be in GeneralizedTime format --- .../nx_secure_x509_expiration_check_test.c | 120 +++++++++--------- 1 file changed, 60 insertions(+), 60 deletions(-) diff --git a/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c b/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c index 02a78413..90996219 100644 --- a/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c +++ b/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c @@ -10,7 +10,7 @@ static const UCHAR example_com_der[] = { - 0x30, 0x82, 0x03, 0x25, 0x30, 0x82, 0x02, 0x0d, 0x02, 0x09, 0x00, 0xe8, + 0x30, 0x82, 0x03, 0x27, 0x30, 0x82, 0x02, 0x0f, 0x02, 0x09, 0x00, 0xe8, 0xc2, 0xa4, 0x9c, 0x7c, 0x44, 0xb8, 0x54, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x52, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, @@ -19,65 +19,65 @@ static const UCHAR example_com_der[] = { 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0c, 0x06, 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x1e, - 0x17, 0x0d, 0x31, 0x37, 0x31, 0x31, 0x30, 0x39, 0x30, 0x37, 0x33, 0x37, - 0x35, 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x38, 0x32, 0x39, 0x30, - 0x37, 0x33, 0x37, 0x35, 0x36, 0x5a, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31, - 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x45, 0x4c, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x02, 0x45, - 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0b, - 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, - 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, - 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb5, 0xb8, 0x43, 0xe0, - 0x33, 0x31, 0x80, 0x31, 0xe6, 0x0d, 0x65, 0x84, 0x40, 0x34, 0xe1, 0xfb, - 0x69, 0xa6, 0x23, 0xbd, 0x35, 0xcd, 0xde, 0xbc, 0x0f, 0x1a, 0xd4, 0x27, - 0x44, 0xee, 0x03, 0xdf, 0xc5, 0xcc, 0x2c, 0x22, 0xda, 0xe1, 0x67, 0x3b, - 0x6b, 0xa1, 0xa9, 0x97, 0x93, 0xa1, 0x58, 0x1c, 0x23, 0x1b, 0x2c, 0xf0, - 0xd0, 0xee, 0x3f, 0x32, 0xbf, 0x23, 0x23, 0xf9, 0x22, 0x56, 0xa2, 0x1e, - 0x31, 0xfd, 0x22, 0x02, 0x9a, 0x12, 0x83, 0x2c, 0x34, 0xf4, 0x32, 0xf2, - 0xb4, 0x5f, 0x13, 0x77, 0x71, 0x49, 0x8f, 0xcb, 0x52, 0xb4, 0xf5, 0xd6, - 0xb2, 0xd5, 0xd6, 0x05, 0x92, 0x3d, 0x53, 0x85, 0x7d, 0x36, 0x5e, 0x4d, - 0xd4, 0x5d, 0xc0, 0xcd, 0x6d, 0xd8, 0xf3, 0xc8, 0x72, 0xa2, 0x4a, 0xf9, - 0x8b, 0x1a, 0x12, 0xa4, 0x89, 0xc2, 0xcd, 0x86, 0xf9, 0x50, 0x6c, 0xc6, - 0x37, 0x36, 0x3e, 0xeb, 0xb4, 0xb5, 0x7c, 0xda, 0x14, 0xf8, 0x05, 0x51, - 0x5c, 0x90, 0x13, 0xc2, 0xa8, 0x82, 0xac, 0x13, 0x8b, 0x29, 0x66, 0x4c, - 0x51, 0xde, 0xf4, 0x6f, 0xfc, 0x49, 0x95, 0x68, 0x36, 0xbc, 0x69, 0xe4, - 0xe0, 0xb9, 0xb7, 0x49, 0xcb, 0x99, 0x8c, 0x51, 0xc1, 0x82, 0x4b, 0x94, - 0xed, 0x83, 0x6e, 0xc8, 0xc6, 0x4c, 0x43, 0x47, 0x6d, 0x4f, 0xce, 0x10, - 0x54, 0x06, 0xd7, 0xa9, 0x2b, 0x29, 0x77, 0x53, 0xd3, 0xfb, 0xd3, 0x32, - 0xb9, 0x6d, 0x73, 0x22, 0x0d, 0xa8, 0xcd, 0x1a, 0xf9, 0x8e, 0x51, 0xeb, - 0x12, 0x37, 0xee, 0xc4, 0xe4, 0x21, 0xf6, 0x6a, 0x4e, 0x14, 0x9c, 0xcc, - 0xad, 0x02, 0xbe, 0x21, 0x99, 0x7d, 0x56, 0xd5, 0xb0, 0x13, 0x0e, 0x3c, - 0x0d, 0x6e, 0x8e, 0xb8, 0x3c, 0xb8, 0x5c, 0xff, 0x64, 0xe2, 0xf6, 0xd6, - 0xa7, 0x06, 0x03, 0x77, 0x0d, 0xe4, 0x5e, 0xe4, 0x50, 0x26, 0x28, 0x7f, - 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, - 0x00, 0x8d, 0xb7, 0xf9, 0x4f, 0xe3, 0x9b, 0x25, 0xdd, 0x49, 0x69, 0x37, - 0xae, 0xca, 0xd6, 0x18, 0x4a, 0x96, 0x63, 0x83, 0x9d, 0x3d, 0xec, 0xeb, - 0x62, 0x97, 0xeb, 0xfc, 0x91, 0x5f, 0xf4, 0x2b, 0x62, 0x39, 0x11, 0xd4, - 0xb7, 0x31, 0x75, 0x1b, 0x08, 0xda, 0x4e, 0xa4, 0xf8, 0x2c, 0x08, 0x61, - 0x80, 0x3e, 0x1d, 0x18, 0x72, 0x71, 0x9b, 0x78, 0xea, 0x12, 0x79, 0xa6, - 0x70, 0xc1, 0x40, 0x06, 0x26, 0xee, 0xaf, 0x26, 0xd7, 0xa2, 0x79, 0x32, - 0xfa, 0x4f, 0xcc, 0x9a, 0x1d, 0xb9, 0xdf, 0x57, 0x3c, 0x0f, 0x2c, 0x12, - 0x7b, 0xa7, 0x5f, 0xd3, 0x38, 0x40, 0x33, 0x8c, 0xfa, 0x16, 0x8f, 0x10, - 0xf0, 0xe3, 0x81, 0x35, 0x0d, 0x2e, 0x38, 0xd8, 0x82, 0x23, 0xa7, 0xdb, - 0x9e, 0x7c, 0x78, 0xb9, 0x6b, 0x52, 0xcc, 0x0d, 0x40, 0x22, 0xbf, 0x5d, - 0x15, 0x97, 0xcf, 0x8f, 0xf3, 0x38, 0x73, 0x25, 0x85, 0x5f, 0x07, 0xbd, - 0x11, 0x81, 0x03, 0x1f, 0xc0, 0x82, 0xe4, 0xcb, 0xaa, 0xe2, 0x3a, 0xa8, - 0x6b, 0x92, 0x41, 0xaa, 0xa1, 0xb6, 0xe1, 0x23, 0x44, 0xca, 0xcc, 0xa2, - 0x43, 0x5a, 0xc1, 0xae, 0x62, 0x32, 0x8d, 0x85, 0x64, 0xc3, 0x0c, 0x0c, - 0x38, 0x97, 0x47, 0x08, 0xbb, 0x25, 0x78, 0xc3, 0x8f, 0x38, 0xfe, 0x73, - 0x26, 0xf9, 0xec, 0x72, 0x5c, 0x14, 0xe3, 0xd7, 0x55, 0x5b, 0x6c, 0xf5, - 0x16, 0xb2, 0x15, 0xe7, 0x35, 0x54, 0x45, 0xbb, 0x8a, 0x75, 0xeb, 0x84, - 0xd5, 0xb7, 0xdd, 0xab, 0x65, 0xe9, 0x82, 0x6f, 0x4e, 0xd7, 0x11, 0x99, - 0x09, 0x83, 0x4c, 0x40, 0xd8, 0xde, 0x8e, 0x6f, 0xfe, 0xd2, 0x78, 0x70, - 0x17, 0x9d, 0x41, 0x0d, 0x50, 0xa2, 0x6a, 0xe4, 0xcc, 0xb3, 0xf9, 0x34, - 0x4a, 0x7f, 0x43, 0x2a, 0x48, 0x79, 0x74, 0xbc, 0xe9, 0x3d, 0x48, 0x37, - 0x76, 0xed, 0xd9, 0x7b, 0x80 + 0x04, 0x03, 0x0c, 0x06, 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x20, + 0x18, 0x0f, 0x32, 0x30, 0x31, 0x37, 0x31, 0x31, 0x30, 0x39, 0x30, 0x37, + 0x33, 0x37, 0x35, 0x36, 0x5a, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x38, 0x32, + 0x39, 0x30, 0x37, 0x33, 0x37, 0x35, 0x36, 0x5a, 0x30, 0x57, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, + 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, + 0x45, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x02, 0x45, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, + 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, + 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb5, 0xb8, + 0x43, 0xe0, 0x33, 0x31, 0x80, 0x31, 0xe6, 0x0d, 0x65, 0x84, 0x40, 0x34, + 0xe1, 0xfb, 0x69, 0xa6, 0x23, 0xbd, 0x35, 0xcd, 0xde, 0xbc, 0x0f, 0x1a, + 0xd4, 0x27, 0x44, 0xee, 0x03, 0xdf, 0xc5, 0xcc, 0x2c, 0x22, 0xda, 0xe1, + 0x67, 0x3b, 0x6b, 0xa1, 0xa9, 0x97, 0x93, 0xa1, 0x58, 0x1c, 0x23, 0x1b, + 0x2c, 0xf0, 0xd0, 0xee, 0x3f, 0x32, 0xbf, 0x23, 0x23, 0xf9, 0x22, 0x56, + 0xa2, 0x1e, 0x31, 0xfd, 0x22, 0x02, 0x9a, 0x12, 0x83, 0x2c, 0x34, 0xf4, + 0x32, 0xf2, 0xb4, 0x5f, 0x13, 0x77, 0x71, 0x49, 0x8f, 0xcb, 0x52, 0xb4, + 0xf5, 0xd6, 0xb2, 0xd5, 0xd6, 0x05, 0x92, 0x3d, 0x53, 0x85, 0x7d, 0x36, + 0x5e, 0x4d, 0xd4, 0x5d, 0xc0, 0xcd, 0x6d, 0xd8, 0xf3, 0xc8, 0x72, 0xa2, + 0x4a, 0xf9, 0x8b, 0x1a, 0x12, 0xa4, 0x89, 0xc2, 0xcd, 0x86, 0xf9, 0x50, + 0x6c, 0xc6, 0x37, 0x36, 0x3e, 0xeb, 0xb4, 0xb5, 0x7c, 0xda, 0x14, 0xf8, + 0x05, 0x51, 0x5c, 0x90, 0x13, 0xc2, 0xa8, 0x82, 0xac, 0x13, 0x8b, 0x29, + 0x66, 0x4c, 0x51, 0xde, 0xf4, 0x6f, 0xfc, 0x49, 0x95, 0x68, 0x36, 0xbc, + 0x69, 0xe4, 0xe0, 0xb9, 0xb7, 0x49, 0xcb, 0x99, 0x8c, 0x51, 0xc1, 0x82, + 0x4b, 0x94, 0xed, 0x83, 0x6e, 0xc8, 0xc6, 0x4c, 0x43, 0x47, 0x6d, 0x4f, + 0xce, 0x10, 0x54, 0x06, 0xd7, 0xa9, 0x2b, 0x29, 0x77, 0x53, 0xd3, 0xfb, + 0xd3, 0x32, 0xb9, 0x6d, 0x73, 0x22, 0x0d, 0xa8, 0xcd, 0x1a, 0xf9, 0x8e, + 0x51, 0xeb, 0x12, 0x37, 0xee, 0xc4, 0xe4, 0x21, 0xf6, 0x6a, 0x4e, 0x14, + 0x9c, 0xcc, 0xad, 0x02, 0xbe, 0x21, 0x99, 0x7d, 0x56, 0xd5, 0xb0, 0x13, + 0x0e, 0x3c, 0x0d, 0x6e, 0x8e, 0xb8, 0x3c, 0xb8, 0x5c, 0xff, 0x64, 0xe2, + 0xf6, 0xd6, 0xa7, 0x06, 0x03, 0x77, 0x0d, 0xe4, 0x5e, 0xe4, 0x50, 0x26, + 0x28, 0x7f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x8d, 0xb7, 0xf9, 0x4f, 0xe3, 0x9b, 0x25, 0xdd, 0x49, + 0x69, 0x37, 0xae, 0xca, 0xd6, 0x18, 0x4a, 0x96, 0x63, 0x83, 0x9d, 0x3d, + 0xec, 0xeb, 0x62, 0x97, 0xeb, 0xfc, 0x91, 0x5f, 0xf4, 0x2b, 0x62, 0x39, + 0x11, 0xd4, 0xb7, 0x31, 0x75, 0x1b, 0x08, 0xda, 0x4e, 0xa4, 0xf8, 0x2c, + 0x08, 0x61, 0x80, 0x3e, 0x1d, 0x18, 0x72, 0x71, 0x9b, 0x78, 0xea, 0x12, + 0x79, 0xa6, 0x70, 0xc1, 0x40, 0x06, 0x26, 0xee, 0xaf, 0x26, 0xd7, 0xa2, + 0x79, 0x32, 0xfa, 0x4f, 0xcc, 0x9a, 0x1d, 0xb9, 0xdf, 0x57, 0x3c, 0x0f, + 0x2c, 0x12, 0x7b, 0xa7, 0x5f, 0xd3, 0x38, 0x40, 0x33, 0x8c, 0xfa, 0x16, + 0x8f, 0x10, 0xf0, 0xe3, 0x81, 0x35, 0x0d, 0x2e, 0x38, 0xd8, 0x82, 0x23, + 0xa7, 0xdb, 0x9e, 0x7c, 0x78, 0xb9, 0x6b, 0x52, 0xcc, 0x0d, 0x40, 0x22, + 0xbf, 0x5d, 0x15, 0x97, 0xcf, 0x8f, 0xf3, 0x38, 0x73, 0x25, 0x85, 0x5f, + 0x07, 0xbd, 0x11, 0x81, 0x03, 0x1f, 0xc0, 0x82, 0xe4, 0xcb, 0xaa, 0xe2, + 0x3a, 0xa8, 0x6b, 0x92, 0x41, 0xaa, 0xa1, 0xb6, 0xe1, 0x23, 0x44, 0xca, + 0xcc, 0xa2, 0x43, 0x5a, 0xc1, 0xae, 0x62, 0x32, 0x8d, 0x85, 0x64, 0xc3, + 0x0c, 0x0c, 0x38, 0x97, 0x47, 0x08, 0xbb, 0x25, 0x78, 0xc3, 0x8f, 0x38, + 0xfe, 0x73, 0x26, 0xf9, 0xec, 0x72, 0x5c, 0x14, 0xe3, 0xd7, 0x55, 0x5b, + 0x6c, 0xf5, 0x16, 0xb2, 0x15, 0xe7, 0x35, 0x54, 0x45, 0xbb, 0x8a, 0x75, + 0xeb, 0x84, 0xd5, 0xb7, 0xdd, 0xab, 0x65, 0xe9, 0x82, 0x6f, 0x4e, 0xd7, + 0x11, 0x99, 0x09, 0x83, 0x4c, 0x40, 0xd8, 0xde, 0x8e, 0x6f, 0xfe, 0xd2, + 0x78, 0x70, 0x17, 0x9d, 0x41, 0x0d, 0x50, 0xa2, 0x6a, 0xe4, 0xcc, 0xb3, + 0xf9, 0x34, 0x4a, 0x7f, 0x43, 0x2a, 0x48, 0x79, 0x74, 0xbc, 0xe9, 0x3d, + 0x48, 0x37, 0x76, 0xed, 0xd9, 0x7b, 0x80 }; static const UCHAR example_com_localtime_der[] = { From 571558988bed3304ce4faec9884b63fafb298b72 Mon Sep 17 00:00:00 2001 From: Simon Scurrell Date: Thu, 4 Apr 2024 12:15:44 +0100 Subject: [PATCH 5/8] changed notAfter time to be in GeneralizedTime format --- .../nx_secure_x509_expiration_check_test.c | 118 +++++++++--------- 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c b/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c index 90996219..bfe26984 100644 --- a/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c +++ b/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c @@ -81,7 +81,7 @@ static const UCHAR example_com_der[] = { }; static const UCHAR example_com_localtime_der[] = { - 0x30, 0x82, 0x03, 0x29, 0x30, 0x82, 0x02, 0x11, 0x02, 0x09, 0x00, 0xe8, + 0x30, 0x82, 0x03, 0x2b, 0x30, 0x82, 0x02, 0x13, 0x02, 0x09, 0x00, 0xe8, 0xc2, 0xa4, 0x9c, 0x7c, 0x44, 0xb8, 0x54, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x52, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, @@ -90,65 +90,65 @@ static const UCHAR example_com_localtime_der[] = { 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0c, 0x06, 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x22, + 0x04, 0x03, 0x0c, 0x06, 0x54, 0x65, 0x73, 0x74, 0x43, 0x41, 0x30, 0x24, 0x17, 0x0f, 0x39, 0x39, 0x31, 0x32, 0x31, 0x31, 0x31, 0x30, 0x30, 0x39, - 0x2b, 0x30, 0x38, 0x30, 0x30, 0x17, 0x0f, 0x30, 0x34, 0x30, 0x32, 0x30, - 0x33, 0x30, 0x34, 0x30, 0x35, 0x2d, 0x30, 0x31, 0x33, 0x30, 0x30, 0x57, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, - 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, - 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, - 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x0b, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x04, 0x03, 0x0c, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, - 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xb5, 0xb8, 0x43, 0xe0, 0x33, 0x31, 0x80, 0x31, 0xe6, 0x0d, 0x65, 0x84, - 0x40, 0x34, 0xe1, 0xfb, 0x69, 0xa6, 0x23, 0xbd, 0x35, 0xcd, 0xde, 0xbc, - 0x0f, 0x1a, 0xd4, 0x27, 0x44, 0xee, 0x03, 0xdf, 0xc5, 0xcc, 0x2c, 0x22, - 0xda, 0xe1, 0x67, 0x3b, 0x6b, 0xa1, 0xa9, 0x97, 0x93, 0xa1, 0x58, 0x1c, - 0x23, 0x1b, 0x2c, 0xf0, 0xd0, 0xee, 0x3f, 0x32, 0xbf, 0x23, 0x23, 0xf9, - 0x22, 0x56, 0xa2, 0x1e, 0x31, 0xfd, 0x22, 0x02, 0x9a, 0x12, 0x83, 0x2c, - 0x34, 0xf4, 0x32, 0xf2, 0xb4, 0x5f, 0x13, 0x77, 0x71, 0x49, 0x8f, 0xcb, - 0x52, 0xb4, 0xf5, 0xd6, 0xb2, 0xd5, 0xd6, 0x05, 0x92, 0x3d, 0x53, 0x85, - 0x7d, 0x36, 0x5e, 0x4d, 0xd4, 0x5d, 0xc0, 0xcd, 0x6d, 0xd8, 0xf3, 0xc8, - 0x72, 0xa2, 0x4a, 0xf9, 0x8b, 0x1a, 0x12, 0xa4, 0x89, 0xc2, 0xcd, 0x86, - 0xf9, 0x50, 0x6c, 0xc6, 0x37, 0x36, 0x3e, 0xeb, 0xb4, 0xb5, 0x7c, 0xda, - 0x14, 0xf8, 0x05, 0x51, 0x5c, 0x90, 0x13, 0xc2, 0xa8, 0x82, 0xac, 0x13, - 0x8b, 0x29, 0x66, 0x4c, 0x51, 0xde, 0xf4, 0x6f, 0xfc, 0x49, 0x95, 0x68, - 0x36, 0xbc, 0x69, 0xe4, 0xe0, 0xb9, 0xb7, 0x49, 0xcb, 0x99, 0x8c, 0x51, - 0xc1, 0x82, 0x4b, 0x94, 0xed, 0x83, 0x6e, 0xc8, 0xc6, 0x4c, 0x43, 0x47, - 0x6d, 0x4f, 0xce, 0x10, 0x54, 0x06, 0xd7, 0xa9, 0x2b, 0x29, 0x77, 0x53, - 0xd3, 0xfb, 0xd3, 0x32, 0xb9, 0x6d, 0x73, 0x22, 0x0d, 0xa8, 0xcd, 0x1a, - 0xf9, 0x8e, 0x51, 0xeb, 0x12, 0x37, 0xee, 0xc4, 0xe4, 0x21, 0xf6, 0x6a, - 0x4e, 0x14, 0x9c, 0xcc, 0xad, 0x02, 0xbe, 0x21, 0x99, 0x7d, 0x56, 0xd5, - 0xb0, 0x13, 0x0e, 0x3c, 0x0d, 0x6e, 0x8e, 0xb8, 0x3c, 0xb8, 0x5c, 0xff, - 0x64, 0xe2, 0xf6, 0xd6, 0xa7, 0x06, 0x03, 0x77, 0x0d, 0xe4, 0x5e, 0xe4, - 0x50, 0x26, 0x28, 0x7f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x8d, 0xb7, 0xf9, 0x4f, 0xe3, 0x9b, 0x25, - 0xdd, 0x49, 0x69, 0x37, 0xae, 0xca, 0xd6, 0x18, 0x4a, 0x96, 0x63, 0x83, - 0x9d, 0x3d, 0xec, 0xeb, 0x62, 0x97, 0xeb, 0xfc, 0x91, 0x5f, 0xf4, 0x2b, - 0x62, 0x39, 0x11, 0xd4, 0xb7, 0x31, 0x75, 0x1b, 0x08, 0xda, 0x4e, 0xa4, - 0xf8, 0x2c, 0x08, 0x61, 0x80, 0x3e, 0x1d, 0x18, 0x72, 0x71, 0x9b, 0x78, - 0xea, 0x12, 0x79, 0xa6, 0x70, 0xc1, 0x40, 0x06, 0x26, 0xee, 0xaf, 0x26, - 0xd7, 0xa2, 0x79, 0x32, 0xfa, 0x4f, 0xcc, 0x9a, 0x1d, 0xb9, 0xdf, 0x57, - 0x3c, 0x0f, 0x2c, 0x12, 0x7b, 0xa7, 0x5f, 0xd3, 0x38, 0x40, 0x33, 0x8c, - 0xfa, 0x16, 0x8f, 0x10, 0xf0, 0xe3, 0x81, 0x35, 0x0d, 0x2e, 0x38, 0xd8, - 0x82, 0x23, 0xa7, 0xdb, 0x9e, 0x7c, 0x78, 0xb9, 0x6b, 0x52, 0xcc, 0x0d, - 0x40, 0x22, 0xbf, 0x5d, 0x15, 0x97, 0xcf, 0x8f, 0xf3, 0x38, 0x73, 0x25, - 0x85, 0x5f, 0x07, 0xbd, 0x11, 0x81, 0x03, 0x1f, 0xc0, 0x82, 0xe4, 0xcb, - 0xaa, 0xe2, 0x3a, 0xa8, 0x6b, 0x92, 0x41, 0xaa, 0xa1, 0xb6, 0xe1, 0x23, - 0x44, 0xca, 0xcc, 0xa2, 0x43, 0x5a, 0xc1, 0xae, 0x62, 0x32, 0x8d, 0x85, - 0x64, 0xc3, 0x0c, 0x0c, 0x38, 0x97, 0x47, 0x08, 0xbb, 0x25, 0x78, 0xc3, - 0x8f, 0x38, 0xfe, 0x73, 0x26, 0xf9, 0xec, 0x72, 0x5c, 0x14, 0xe3, 0xd7, - 0x55, 0x5b, 0x6c, 0xf5, 0x16, 0xb2, 0x15, 0xe7, 0x35, 0x54, 0x45, 0xbb, - 0x8a, 0x75, 0xeb, 0x84, 0xd5, 0xb7, 0xdd, 0xab, 0x65, 0xe9, 0x82, 0x6f, - 0x4e, 0xd7, 0x11, 0x99, 0x09, 0x83, 0x4c, 0x40, 0xd8, 0xde, 0x8e, 0x6f, - 0xfe, 0xd2, 0x78, 0x70, 0x17, 0x9d, 0x41, 0x0d, 0x50, 0xa2, 0x6a, 0xe4, - 0xcc, 0xb3, 0xf9, 0x34, 0x4a, 0x7f, 0x43, 0x2a, 0x48, 0x79, 0x74, 0xbc, - 0xe9, 0x3d, 0x48, 0x37, 0x76, 0xed, 0xd9, 0x7b, 0x80 + 0x2b, 0x30, 0x38, 0x30, 0x30, 0x18, 0x11, 0x32, 0x30, 0x30, 0x34, 0x30, + 0x32, 0x30, 0x33, 0x30, 0x34, 0x30, 0x35, 0x2d, 0x30, 0x31, 0x33, 0x30, + 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x02, 0x45, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, + 0x01, 0x00, 0xb5, 0xb8, 0x43, 0xe0, 0x33, 0x31, 0x80, 0x31, 0xe6, 0x0d, + 0x65, 0x84, 0x40, 0x34, 0xe1, 0xfb, 0x69, 0xa6, 0x23, 0xbd, 0x35, 0xcd, + 0xde, 0xbc, 0x0f, 0x1a, 0xd4, 0x27, 0x44, 0xee, 0x03, 0xdf, 0xc5, 0xcc, + 0x2c, 0x22, 0xda, 0xe1, 0x67, 0x3b, 0x6b, 0xa1, 0xa9, 0x97, 0x93, 0xa1, + 0x58, 0x1c, 0x23, 0x1b, 0x2c, 0xf0, 0xd0, 0xee, 0x3f, 0x32, 0xbf, 0x23, + 0x23, 0xf9, 0x22, 0x56, 0xa2, 0x1e, 0x31, 0xfd, 0x22, 0x02, 0x9a, 0x12, + 0x83, 0x2c, 0x34, 0xf4, 0x32, 0xf2, 0xb4, 0x5f, 0x13, 0x77, 0x71, 0x49, + 0x8f, 0xcb, 0x52, 0xb4, 0xf5, 0xd6, 0xb2, 0xd5, 0xd6, 0x05, 0x92, 0x3d, + 0x53, 0x85, 0x7d, 0x36, 0x5e, 0x4d, 0xd4, 0x5d, 0xc0, 0xcd, 0x6d, 0xd8, + 0xf3, 0xc8, 0x72, 0xa2, 0x4a, 0xf9, 0x8b, 0x1a, 0x12, 0xa4, 0x89, 0xc2, + 0xcd, 0x86, 0xf9, 0x50, 0x6c, 0xc6, 0x37, 0x36, 0x3e, 0xeb, 0xb4, 0xb5, + 0x7c, 0xda, 0x14, 0xf8, 0x05, 0x51, 0x5c, 0x90, 0x13, 0xc2, 0xa8, 0x82, + 0xac, 0x13, 0x8b, 0x29, 0x66, 0x4c, 0x51, 0xde, 0xf4, 0x6f, 0xfc, 0x49, + 0x95, 0x68, 0x36, 0xbc, 0x69, 0xe4, 0xe0, 0xb9, 0xb7, 0x49, 0xcb, 0x99, + 0x8c, 0x51, 0xc1, 0x82, 0x4b, 0x94, 0xed, 0x83, 0x6e, 0xc8, 0xc6, 0x4c, + 0x43, 0x47, 0x6d, 0x4f, 0xce, 0x10, 0x54, 0x06, 0xd7, 0xa9, 0x2b, 0x29, + 0x77, 0x53, 0xd3, 0xfb, 0xd3, 0x32, 0xb9, 0x6d, 0x73, 0x22, 0x0d, 0xa8, + 0xcd, 0x1a, 0xf9, 0x8e, 0x51, 0xeb, 0x12, 0x37, 0xee, 0xc4, 0xe4, 0x21, + 0xf6, 0x6a, 0x4e, 0x14, 0x9c, 0xcc, 0xad, 0x02, 0xbe, 0x21, 0x99, 0x7d, + 0x56, 0xd5, 0xb0, 0x13, 0x0e, 0x3c, 0x0d, 0x6e, 0x8e, 0xb8, 0x3c, 0xb8, + 0x5c, 0xff, 0x64, 0xe2, 0xf6, 0xd6, 0xa7, 0x06, 0x03, 0x77, 0x0d, 0xe4, + 0x5e, 0xe4, 0x50, 0x26, 0x28, 0x7f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8d, 0xb7, 0xf9, 0x4f, 0xe3, + 0x9b, 0x25, 0xdd, 0x49, 0x69, 0x37, 0xae, 0xca, 0xd6, 0x18, 0x4a, 0x96, + 0x63, 0x83, 0x9d, 0x3d, 0xec, 0xeb, 0x62, 0x97, 0xeb, 0xfc, 0x91, 0x5f, + 0xf4, 0x2b, 0x62, 0x39, 0x11, 0xd4, 0xb7, 0x31, 0x75, 0x1b, 0x08, 0xda, + 0x4e, 0xa4, 0xf8, 0x2c, 0x08, 0x61, 0x80, 0x3e, 0x1d, 0x18, 0x72, 0x71, + 0x9b, 0x78, 0xea, 0x12, 0x79, 0xa6, 0x70, 0xc1, 0x40, 0x06, 0x26, 0xee, + 0xaf, 0x26, 0xd7, 0xa2, 0x79, 0x32, 0xfa, 0x4f, 0xcc, 0x9a, 0x1d, 0xb9, + 0xdf, 0x57, 0x3c, 0x0f, 0x2c, 0x12, 0x7b, 0xa7, 0x5f, 0xd3, 0x38, 0x40, + 0x33, 0x8c, 0xfa, 0x16, 0x8f, 0x10, 0xf0, 0xe3, 0x81, 0x35, 0x0d, 0x2e, + 0x38, 0xd8, 0x82, 0x23, 0xa7, 0xdb, 0x9e, 0x7c, 0x78, 0xb9, 0x6b, 0x52, + 0xcc, 0x0d, 0x40, 0x22, 0xbf, 0x5d, 0x15, 0x97, 0xcf, 0x8f, 0xf3, 0x38, + 0x73, 0x25, 0x85, 0x5f, 0x07, 0xbd, 0x11, 0x81, 0x03, 0x1f, 0xc0, 0x82, + 0xe4, 0xcb, 0xaa, 0xe2, 0x3a, 0xa8, 0x6b, 0x92, 0x41, 0xaa, 0xa1, 0xb6, + 0xe1, 0x23, 0x44, 0xca, 0xcc, 0xa2, 0x43, 0x5a, 0xc1, 0xae, 0x62, 0x32, + 0x8d, 0x85, 0x64, 0xc3, 0x0c, 0x0c, 0x38, 0x97, 0x47, 0x08, 0xbb, 0x25, + 0x78, 0xc3, 0x8f, 0x38, 0xfe, 0x73, 0x26, 0xf9, 0xec, 0x72, 0x5c, 0x14, + 0xe3, 0xd7, 0x55, 0x5b, 0x6c, 0xf5, 0x16, 0xb2, 0x15, 0xe7, 0x35, 0x54, + 0x45, 0xbb, 0x8a, 0x75, 0xeb, 0x84, 0xd5, 0xb7, 0xdd, 0xab, 0x65, 0xe9, + 0x82, 0x6f, 0x4e, 0xd7, 0x11, 0x99, 0x09, 0x83, 0x4c, 0x40, 0xd8, 0xde, + 0x8e, 0x6f, 0xfe, 0xd2, 0x78, 0x70, 0x17, 0x9d, 0x41, 0x0d, 0x50, 0xa2, + 0x6a, 0xe4, 0xcc, 0xb3, 0xf9, 0x34, 0x4a, 0x7f, 0x43, 0x2a, 0x48, 0x79, + 0x74, 0xbc, 0xe9, 0x3d, 0x48, 0x37, 0x76, 0xed, 0xd9, 0x7b, 0x80 }; static const UCHAR example_com_bad_not_before_der[] = { From b9d41bc51e9a5d9b654dad92e54353cbb9ef2d02 Mon Sep 17 00:00:00 2001 From: Simon Scurrell Date: Thu, 4 Apr 2024 12:16:12 +0100 Subject: [PATCH 6/8] expand tests for invalid date format --- .../nx_secure_x509_expiration_check_test.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c b/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c index bfe26984..4d45c7d4 100644 --- a/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c +++ b/test/regression/nx_secure_test/nx_secure_x509_expiration_check_test.c @@ -373,13 +373,21 @@ USHORT backup; EXPECT_EQ(NX_SECURE_X509_INVALID_DATE_FORMAT, status); - /* Invalid time format. */ - backup = localtime_certificate.nx_secure_x509_validity_format; - localtime_certificate.nx_secure_x509_validity_format = 0xff; + /* Invalid 'not before' time format. */ + backup = localtime_certificate.nx_secure_x509_not_before_validity_format; + localtime_certificate.nx_secure_x509_not_before_validity_format = 0xff; status = _nx_secure_x509_expiration_check(&localtime_certificate, 944878140); - localtime_certificate.nx_secure_x509_validity_format = backup; + localtime_certificate.nx_secure_x509_not_before_validity_format = backup; EXPECT_EQ(NX_SECURE_X509_INVALID_DATE_FORMAT, status); + /* Invalid 'not after' time format. */ + backup = localtime_certificate.nx_secure_x509_not_after_validity_format; + localtime_certificate.nx_secure_x509_not_after_validity_format = 0xff; + status = _nx_secure_x509_expiration_check(&localtime_certificate, 944878140); + localtime_certificate.nx_secure_x509_not_after_validity_format = backup; + EXPECT_EQ(NX_SECURE_X509_INVALID_DATE_FORMAT, status); + + printf("SUCCESS!\n"); test_control_return(0); From cc67d010e91578207e4b1f41b99e100b037ab2c7 Mon Sep 17 00:00:00 2001 From: Simon Scurrell Date: Thu, 4 Apr 2024 12:32:56 +0100 Subject: [PATCH 7/8] update function comments --- nx_secure/src/nx_secure_x509_expiration_check.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/nx_secure/src/nx_secure_x509_expiration_check.c b/nx_secure/src/nx_secure_x509_expiration_check.c index 7ea5cdaa..a057e18d 100644 --- a/nx_secure/src/nx_secure_x509_expiration_check.c +++ b/nx_secure/src/nx_secure_x509_expiration_check.c @@ -140,7 +140,7 @@ static const ULONG unix_epoch = 1970; /* FUNCTION RELEASE */ /* */ /* _nx_secure_x509_asn1_time_to_unix_convert PORTABLE C */ -/* 6.1.11 */ +/* 6.1.12 */ /* AUTHOR */ /* */ /* Timothy Stapko, Microsoft Corporation */ @@ -163,7 +163,7 @@ static const ULONG unix_epoch = 1970; /* */ /* CALLS */ /* */ -/* None */ +/* _nx_secure_count_leap_years */ /* */ /* CALLED BY */ /* */ @@ -181,6 +181,10 @@ static const ULONG unix_epoch = 1970; /* extend the time range, */ /* removed unused code, */ /* resulting in version 6.1.11 */ +/* 04-04-2024 Simon Scurrell Modified comment(s), and */ +/* Added support for parsing */ +/* of ASN.1 GeneralisedTime */ +/* resulting in version 6.1.12 */ /* */ /**************************************************************************/ static UINT _nx_secure_x509_asn1_time_to_unix_convert(const UCHAR *asn1_time, USHORT asn1_length, From 3c349b7f4ec08446fae6f1eb466793880ea154ce Mon Sep 17 00:00:00 2001 From: Simon Scurrell Date: Thu, 4 Apr 2024 12:36:17 +0100 Subject: [PATCH 8/8] update function comments --- nx_secure/src/nx_secure_x509_expiration_check.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nx_secure/src/nx_secure_x509_expiration_check.c b/nx_secure/src/nx_secure_x509_expiration_check.c index a057e18d..6f16c2a7 100644 --- a/nx_secure/src/nx_secure_x509_expiration_check.c +++ b/nx_secure/src/nx_secure_x509_expiration_check.c @@ -74,6 +74,10 @@ static ULONG _nx_secure_count_leap_years(ULONG start_year, ULONG end_year); /* 04-02-2021 Timothy Stapko Modified comment(s), */ /* removed dependency on TLS, */ /* resulting in version 6.1.6 */ +/* 04-04-2024 Simon Scurrell Modified comment(s), */ +/* changed name of validity */ +/* format fields, */ +/* resulting in version 6.1.7 */ /* */ /**************************************************************************/ UINT _nx_secure_x509_expiration_check(NX_SECURE_X509_CERT *certificate, ULONG current_time)