1# 2# Test for NISCC Parasitic key bearing certs. 3# This version should only succeed if both system-wide key size prefs are 4# set to > 16K (RSAMaxKeySize, RSAMaxPublicExponent in com.apple.crypto). 5# 6# The easy way to set these is via the cspxutils/keySizePref program; compile it and 7# run it like this as root: 8# 9# 10# keySizePref set keysize 20000 11# keySizePref set pubexpsize 20000 12# 13globals 14allowUnverified = true 15crlNetFetchEnable = false 16certNetFetchEnable = false 17useSystemAnchors = false 18end 19 20test = "locally generated 6K keys" 21cert = ssSubjCert.der 22root = ssRootCert.der 23verifyTime = 20060726000000 24end 25 26test = "test1, uee8k" 27cert = uee8k.pem 28cert = shintca.pem 29root = shroot.pem 30verifyTime = 20060726000000 31end 32 33test = "test1, uee16k.pem" 34cert = uee16k.pem 35cert = shintca.pem 36root = shroot.pem 37verifyTime = 20060726000000 38end 39 40test = "test2a, huge pkint8k.pem CA" 41cert = eepkint1.pem 42cert = pkint8k.pem 43root = shroot.pem 44verifyTime = 20060726000000 45end 46 47test = "test2a, bad pkint8k.pem CA, wrong root" 48cert = eepkint1.pem 49cert = pkint8k.pem 50root = root.pem 51error = CSSMERR_TP_NOT_TRUSTED 52verifyTime = 20060726000000 53end 54 55test = "test2b, huge pkint16k.pem CA" 56cert = eepkint2.pem 57cert = pkint16k.pem 58root = shroot.pem 59verifyTime = 20060726000000 60end 61 62test = "test2b, bad pkint16k.pem CA, wrong root" 63cert = eepkint2.pem 64cert = pkint16k.pem 65root = root.pem 66error = CSSMERR_TP_NOT_TRUSTED 67verifyTime = 20060726000000 68end 69