From 7fd215fb6d3a851a2c4b76c13d6e7f19a0b46518 Mon Sep 17 00:00:00 2001
From: chrysn <chrysn@fsfe.org>
Date: Wed, 27 Nov 2024 16:03:56 +0100
Subject: [PATCH] tests/shared: Add examples of non-acceptable credentials

The current code accepts them but produces wrong public keys, resulting
in highly confusing `assertion `left == right` failed: Public key is not
a good point` errors being raised from subtle/p256_ecdh.
---
 shared/src/cred.rs | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/shared/src/cred.rs b/shared/src/cred.rs
index ac0ed777..12329042 100644
--- a/shared/src/cred.rs
+++ b/shared/src/cred.rs
@@ -409,6 +409,17 @@ mod test {
         );
         assert_eq!(cred.kid.unwrap().as_slice(), KID_VALUE_TV);
         assert_eq!(cred.cred_type, CredentialType::CCS);
+
+        // A CCS without a subject. It's OK if this starts working in future, but then its
+        // public key needs to start with F5AEBA08B599754 (it'd be clearly wrong if this produced
+        // an Ok value with a different public key).
+        let cred_no_sub = hex!("a108a101a401022001215820f5aeba08b599754ba16f5db80feafdf91e90a5a7ccb2e83178adb51b8c68ea9522582097e7a3fdd70a3a7c0a5f9578c6e4e96d8bc55f6edd0ff64f1caeaac19d37b67d");
+        Credential::parse_ccs(&cred_no_sub).unwrap_err();
+        // A CCS without a KID. It's OK if this starts working in future, but then its
+        // public key needs to start with F5AEBA08B599754 (it'd be clearly wrong if this produced
+        // an Ok value with a different public key).
+        let cred_no_kid = hex!("a20263666f6f08a101a401022001215820f5aeba08b599754ba16f5db80feafdf91e90a5a7ccb2e83178adb51b8c68ea9522582097e7a3fdd70a3a7c0a5f9578c6e4e96d8bc55f6edd0ff64f1caeaac19d37b67d");
+        Credential::parse_ccs(&cred_no_kid).unwrap_err();
     }
 
     #[rstest]