yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-17 23:38:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted

Browse source
This commit is contained in:
Gilles Peskine 2017-11-28 18:43:57 +01:00
parent 6f941d6c89 8c946113ba
commit 2cd7c18f59
20 changed files with 531 additions and 160 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
ChangeLog
View file

@ -43,6 +43,24 @@ Bugfix
Found independently by Florian in the mbed TLS forum and by Mishamax.
#878, #1019.
* Fix build problems on Windows. Contributed by Nicholas Wilson.
* Fix unchecked return codes from AES, DES and 3DES functions in
pem_aes_decrypt(), pem_des_decrypt() and pem_des3_decrypt() respectively.
If a call to one of the functions of the cryptographic primitive modules
failed, the error may not be noticed by the function pem_read_buffer()
causing it to return invalid values. Found by Guido Vranken. #756
* Include configuration file in md.h, to fix compilation warnings.
Reported by aaronmdjones in #1001
* Correct extraction of signature-type from PK instance in X.509 CRT and CSR
writing routines that prevented these functions to work with alternative
RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011.
* Don't print X.509 version tag for v1 CRT's, and omit extensions for
non-v3 CRT's.
* Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024
Changes
* Extend cert_write example program by options to set the CRT version
and the message digest. Further, allow enabling/disabling of authority
identifier, subject identifier and basic constraints extensions.
= mbed TLS 1.3.21 branch released 2017-08-10

5
include/polarssl/md.h
View file

@ -27,6 +27,11 @@
#define POLARSSL_MD_H
#include <stddef.h>
#if !defined(POLARSSL_CONFIG_FILE)
#include "config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)

3
library/entropy.c
View file

@ -61,6 +61,9 @@ void entropy_init( entropy_context *ctx )
{
memset( ctx, 0, sizeof(entropy_context) );
/* Reminder: Update ENTROPY_HAVE_DEFAULT in the test files
* when adding more strong entropy sources here. */
#if defined(POLARSSL_THREADING_C)
polarssl_mutex_init( &ctx->mutex );
#endif

66
library/pem.c
View file

@ -135,45 +135,53 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
/*
* Decrypt with DES-CBC, using PBKDF1 for key derivation
*/
static void pem_des_decrypt( unsigned char des_iv[8],
unsigned char *buf, size_t buflen,
const unsigned char *pwd, size_t pwdlen )
static int pem_des_decrypt( unsigned char des_iv[8],
unsigned char *buf, size_t buflen,
const unsigned char *pwd, size_t pwdlen )
{
des_context des_ctx;
unsigned char des_key[8];
int ret;
des_init( &des_ctx );
pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
des_setkey_dec( &des_ctx, des_key );
des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
des_iv, buf, buf );
if( ( ret = des_setkey_dec( &des_ctx, des_key ) ) != 0 )
goto exit;
ret = des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen, des_iv, buf, buf );
exit:
des_free( &des_ctx );
polarssl_zeroize( des_key, 8 );
return( ret );
}
/*
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
*/
static void pem_des3_decrypt( unsigned char des3_iv[8],
unsigned char *buf, size_t buflen,
const unsigned char *pwd, size_t pwdlen )
static int pem_des3_decrypt( unsigned char des3_iv[8],
unsigned char *buf, size_t buflen,
const unsigned char *pwd, size_t pwdlen )
{
des3_context des3_ctx;
unsigned char des3_key[24];
int ret;
des3_init( &des3_ctx );
pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
des3_set3key_dec( &des3_ctx, des3_key );
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
des3_iv, buf, buf );
if( ( ret = des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
goto exit;
ret = des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen, des3_iv, buf, buf );
exit:
des3_free( &des3_ctx );
polarssl_zeroize( des3_key, 24 );
return( ret );
}
#endif /* POLARSSL_DES_C */
@ -181,23 +189,27 @@ static void pem_des3_decrypt( unsigned char des3_iv[8],
/*
* Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
*/
static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
unsigned char *buf, size_t buflen,
const unsigned char *pwd, size_t pwdlen )
static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
unsigned char *buf, size_t buflen,
const unsigned char *pwd, size_t pwdlen )
{
aes_context aes_ctx;
unsigned char aes_key[32];
int ret;
aes_init( &aes_ctx );
pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
aes_iv, buf, buf );
if( ( ret = aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
goto exit;
ret = aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen, aes_iv, buf, buf );
exit:
aes_free( &aes_ctx );
polarssl_zeroize( aes_key, keylen );
return( ret );
}
#endif /* POLARSSL_AES_C */
@ -349,22 +361,30 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
}
ret = 0;
#if defined(POLARSSL_DES_C)
if( enc_alg == POLARSSL_CIPHER_DES_EDE3_CBC )
pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
else if( enc_alg == POLARSSL_CIPHER_DES_CBC )
pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_AES_C)
if( enc_alg == POLARSSL_CIPHER_AES_128_CBC )
pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
else if( enc_alg == POLARSSL_CIPHER_AES_192_CBC )
pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
else if( enc_alg == POLARSSL_CIPHER_AES_256_CBC )
pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
#endif /* POLARSSL_AES_C */
if( ret != 0 )
{
polarssl_free( buf );
return( ret );
}
/*
* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
* length bytes (allow 4 to be sure) in all known use cases.

78
library/x509write_crt.c
View file

@ -52,7 +52,7 @@ static void polarssl_zeroize( void *v, size_t n ) {
void x509write_crt_init( x509write_cert *ctx )
{
memset( ctx, 0, sizeof(x509write_cert) );
memset( ctx, 0, sizeof( x509write_cert ) );
mpi_init( &ctx->serial );
ctx->version = X509_CRT_VERSION_3;
@ -66,7 +66,7 @@ void x509write_crt_free( x509write_cert *ctx )
asn1_free_named_data_list( &ctx->issuer );
asn1_free_named_data_list( &ctx->extensions );
polarssl_zeroize( ctx, sizeof(x509write_cert) );
polarssl_zeroize( ctx, sizeof( x509write_cert ) );
}
void x509write_crt_set_version( x509write_cert *ctx, int version )
@ -141,10 +141,10 @@ int x509write_crt_set_basic_constraints( x509write_cert *ctx,
{
int ret;
unsigned char buf[9];
unsigned char *c = buf + sizeof(buf);
unsigned char *c = buf + sizeof( buf );
size_t len = 0;
memset( buf, 0, sizeof(buf) );
memset( buf, 0, sizeof( buf ) );
if( is_ca && max_pathlen > 127 )
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
@ -164,7 +164,7 @@ int x509write_crt_set_basic_constraints( x509write_cert *ctx,
return x509write_crt_set_extension( ctx, OID_BASIC_CONSTRAINTS,
OID_SIZE( OID_BASIC_CONSTRAINTS ),
0, buf + sizeof(buf) - len, len );
0, buf + sizeof( buf ) - len, len );
}
#if defined(POLARSSL_SHA1_C)
@ -172,14 +172,14 @@ int x509write_crt_set_subject_key_identifier( x509write_cert *ctx )
{
int ret;
unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
unsigned char *c = buf + sizeof(buf);
unsigned char *c = buf + sizeof( buf );
size_t len = 0;
memset( buf, 0, sizeof(buf) );
memset( buf, 0, sizeof( buf ) );
ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->subject_key ) );
sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
c = buf + sizeof(buf) - 20;
sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 );
c = buf + sizeof( buf ) - 20;
len = 20;
ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
@ -187,21 +187,21 @@ int x509write_crt_set_subject_key_identifier( x509write_cert *ctx )
return x509write_crt_set_extension( ctx, OID_SUBJECT_KEY_IDENTIFIER,
OID_SIZE( OID_SUBJECT_KEY_IDENTIFIER ),
0, buf + sizeof(buf) - len, len );
0, buf + sizeof( buf ) - len, len );
}
int x509write_crt_set_authority_key_identifier( x509write_cert *ctx )
{
int ret;
unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
unsigned char *c = buf + sizeof(buf);
unsigned char *c = buf + sizeof( buf );
size_t len = 0;
memset( buf, 0, sizeof(buf) );
memset( buf, 0, sizeof( buf ) );
ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->issuer_key ) );
sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
c = buf + sizeof(buf) - 20;
sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 );
c = buf + sizeof( buf ) - 20;
len = 20;
ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
@ -213,7 +213,7 @@ int x509write_crt_set_authority_key_identifier( x509write_cert *ctx )
return x509write_crt_set_extension( ctx, OID_AUTHORITY_KEY_IDENTIFIER,
OID_SIZE( OID_AUTHORITY_KEY_IDENTIFIER ),
0, buf + sizeof(buf) - len, len );
0, buf + sizeof( buf ) - len, len );
}
#endif /* POLARSSL_SHA1_C */
@ -308,9 +308,15 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
c = tmp_buf + sizeof( tmp_buf );
/* Signature algorithm needed in TBS, and later for actual signature */
pk_alg = pk_get_type( ctx->issuer_key );
if( pk_alg == POLARSSL_PK_ECKEY )
/* There's no direct way of extracting a signature algorithm
* (represented as an element of pk_type_t) from a PK instance. */
if( pk_can_do( ctx->issuer_key, POLARSSL_PK_RSA ) )
pk_alg = POLARSSL_PK_RSA;
else if( pk_can_do( ctx->issuer_key, POLARSSL_PK_ECDSA ) )
pk_alg = POLARSSL_PK_ECDSA;
else
return( POLARSSL_ERR_X509_INVALID_ALG );
if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
&sig_oid, &sig_oid_len ) ) != 0 )
@ -321,13 +327,19 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
/*
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
*/
ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
ASN1_SEQUENCE ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
ASN1_CONSTRUCTED | 3 ) );
/* Only for v3 */
if( ctx->version == X509_CRT_VERSION_3 )
{
ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf,
ctx->extensions ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
ASN1_SEQUENCE ) );
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
ASN1_CONSTRUCTED | 3 ) );
}
/*
* SubjectPublicKeyInfo
@ -379,16 +391,20 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
sub_len = 0;
ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) );
len += sub_len;
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
ASN1_CONSTRUCTED | 0 ) );
if( ctx->version != X509_CRT_VERSION_1 )
{
sub_len = 0;
ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) );
len += sub_len;
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
ASN1_CONSTRUCTED | 0 ) );
}
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
ASN1_SEQUENCE ) );
ASN1_SEQUENCE ) );
/*
* Make signature

23
library/x509write_csr.c
View file

@ -51,7 +51,7 @@ static void polarssl_zeroize( void *v, size_t n ) {
void x509write_csr_init( x509write_csr *ctx )
{
memset( ctx, 0, sizeof(x509write_csr) );
memset( ctx, 0, sizeof( x509write_csr ) );
}
void x509write_csr_free( x509write_csr *ctx )
@ -59,7 +59,7 @@ void x509write_csr_free( x509write_csr *ctx )
asn1_free_named_data_list( &ctx->subject );
asn1_free_named_data_list( &ctx->extensions );
polarssl_zeroize( ctx, sizeof(x509write_csr) );
polarssl_zeroize( ctx, sizeof( x509write_csr ) );
}
void x509write_csr_set_md_alg( x509write_csr *ctx, md_type_t md_alg )
@ -195,13 +195,20 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
*/
md( md_info_from_type( ctx->md_alg ), c, len, hash );
pk_alg = pk_get_type( ctx->key );
if( pk_alg == POLARSSL_PK_ECKEY )
pk_alg = POLARSSL_PK_ECDSA;
if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
f_rng, p_rng ) ) != 0 ||
( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
f_rng, p_rng ) ) != 0 )
{
return( ret );
}
if( pk_can_do( ctx->key, POLARSSL_PK_RSA ) )
pk_alg = POLARSSL_PK_RSA;
else if( pk_can_do( ctx->key, POLARSSL_PK_ECDSA ) )
pk_alg = POLARSSL_PK_ECDSA;
else
return( POLARSSL_ERR_X509_INVALID_ALG );
if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
&sig_oid, &sig_oid_len ) ) != 0 )
{
return( ret );

239
programs/x509/cert_write.c
View file

@ -54,6 +54,7 @@ int main( void )
#include "polarssl/x509_csr.h"
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/md.h"
#include "polarssl/error.h"
#include <stdio.h>
@ -86,6 +87,11 @@ int main( void )
#define DFL_MAX_PATHLEN -1
#define DFL_KEY_USAGE 0
#define DFL_NS_CERT_TYPE 0
#define DFL_VERSION 3
#define DFL_AUTH_IDENT 1
#define DFL_SUBJ_IDENT 1
#define DFL_CONSTRAINTS 1
#define DFL_DIGEST POLARSSL_MD_SHA256
#define USAGE \
"\n usage: cert_write param=<>...\n" \
@ -112,6 +118,20 @@ int main( void )
" not_after=%%s default: 20301231235959\n"\
" is_ca=%%d default: 0 (disabled)\n" \
" max_pathlen=%%d default: -1 (none)\n" \
" md=%%s default: SHA256\n" \
" Supported values:\n" \
" MD5, SHA1, SHA256, SHA512\n"\
" version=%%d default: 3\n" \
" Possible values: 1, 2, 3\n"\
" subject_identifier default: 1\n" \
" Possible values: 0, 1\n" \
" (Considered for v3 only)\n"\
" authority_identifier default: 1\n" \
" Possible values: 0, 1\n" \
" (Considered for v3 only)\n"\
" basic_constraints default: 1\n" \
" Possible values: 0, 1\n" \
" (Considered for v3 only)\n"\
" key_usage=%%s default: (empty)\n" \
" Comma-separated-list of values:\n" \
" digital_signature\n" \
@ -121,6 +141,7 @@ int main( void )
" key_agreement\n" \
" key_certificate_sign\n" \
" crl_sign\n" \
" (Considered for v3 only)\n"\
" ns_cert_type=%%s default: (empty)\n" \
" Comma-separated-list of values:\n" \
" ssl_client\n" \
@ -152,6 +173,11 @@ struct options
int selfsign; /* selfsign the certificate */
int is_ca; /* is a CA certificate */
int max_pathlen; /* maximum CA path length */
int authority_identifier; /* add authority identifier to CRT */
int subject_identifier; /* add subject identifier to CRT */
int basic_constraints; /* add basic constraints ext to CRT */
int version; /* CRT version */
md_type_t md; /* Hash used for signing */
unsigned char key_usage; /* key usage flags */
unsigned char ns_cert_type; /* NS cert type */
} opt;
@ -246,6 +272,11 @@ int main( int argc, char *argv[] )
opt.max_pathlen = DFL_MAX_PATHLEN;
opt.key_usage = DFL_KEY_USAGE;
opt.ns_cert_type = DFL_NS_CERT_TYPE;
opt.version = DFL_VERSION - 1;
opt.md = DFL_DIGEST;
opt.subject_identifier = DFL_SUBJ_IDENT;
opt.authority_identifier = DFL_AUTH_IDENT;
opt.basic_constraints = DFL_CONSTRAINTS;
for( i = 1; i < argc; i++ )
{
@ -289,23 +320,88 @@ int main( int argc, char *argv[] )
{
opt.serial = q;
}
else if( strcmp( p, "authority_identifier" ) == 0 )
{
opt.authority_identifier = atoi( q );
if( opt.authority_identifier != 0 &&
opt.authority_identifier != 1 )
{
polarssl_printf( "Invalid argument for option %s\n", p );
goto usage;
}
}
else if( strcmp( p, "subject_identifier" ) == 0 )
{
opt.subject_identifier = atoi( q );
if( opt.subject_identifier != 0 &&
opt.subject_identifier != 1 )
{
polarssl_printf( "Invalid argument for option %s\n", p );
goto usage;
}
}
else if( strcmp( p, "basic_constraints" ) == 0 )
{
opt.basic_constraints = atoi( q );
if( opt.basic_constraints != 0 &&
opt.basic_constraints != 1 )
{
polarssl_printf( "Invalid argument for option %s\n", p );
goto usage;
}
}
else if( strcmp( p, "md" ) == 0 )
{
if( strcmp( q, "SHA1" ) == 0 )
opt.md = POLARSSL_MD_SHA1;
else if( strcmp( q, "SHA256" ) == 0 )
opt.md = POLARSSL_MD_SHA256;
else if( strcmp( q, "SHA512" ) == 0 )
opt.md = POLARSSL_MD_SHA512;
else if( strcmp( q, "MD5" ) == 0 )
opt.md = POLARSSL_MD_MD5;
else
{
polarssl_printf( "Invalid argument for option %s\n", p );
goto usage;
}
}
else if( strcmp( p, "version" ) == 0 )
{
opt.version = atoi( q );
if( opt.version < 1 || opt.version > 3 )
{
polarssl_printf( "Invalid argument for option %s\n", p );
goto usage;
}
opt.version--;
}
else if( strcmp( p, "selfsign" ) == 0 )
{
opt.selfsign = atoi( q );
if( opt.selfsign < 0 || opt.selfsign > 1 )
{
polarssl_printf( "Invalid argument for option %s\n", p );
goto usage;
}
}
else if( strcmp( p, "is_ca" ) == 0 )
{
opt.is_ca = atoi( q );
if( opt.is_ca < 0 || opt.is_ca > 1 )
{
polarssl_printf( "Invalid argument for option %s\n", p );
goto usage;
}
}
else if( strcmp( p, "max_pathlen" ) == 0 )
{
opt.max_pathlen = atoi( q );
if( opt.max_pathlen < -1 || opt.max_pathlen > 127 )
{
polarssl_printf( "Invalid argument for option %s\n", p );
goto usage;
}
}
else if( strcmp( p, "key_usage" ) == 0 )
{
@ -329,7 +425,10 @@ int main( int argc, char *argv[] )
else if( strcmp( q, "crl_sign" ) == 0 )
opt.key_usage |= KU_CRL_SIGN;
else
{
polarssl_printf( "Invalid argument for option %s\n", p );
goto usage;
}
q = r;
}
@ -356,7 +455,10 @@ int main( int argc, char *argv[] )
else if( strcmp( q, "object_signing_ca" ) == 0 )
opt.ns_cert_type |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
else
{
polarssl_printf( "Invalid argument for option %s\n", p );
goto usage;
}
q = r;
}
@ -379,7 +481,8 @@ int main( int argc, char *argv[] )
strlen( pers ) ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! ctr_drbg_init returned %d - %s\n", ret, buf );
polarssl_printf( " failed\n ! ctr_drbg_init "
"returned %d - %s\n", ret, buf );
goto exit;
}
@ -393,7 +496,8 @@ int main( int argc, char *argv[] )
if( ( ret = mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! mpi_read_string returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! mpi_read_string "
"returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@ -412,7 +516,8 @@ int main( int argc, char *argv[] )
if( ( ret = x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509_crt_parse_file returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! x509_crt_parse_file returned "
"-0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@ -421,7 +526,8 @@ int main( int argc, char *argv[] )
if( ret < 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! x509_dn_gets returned "
"-0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@ -444,7 +550,8 @@ int main( int argc, char *argv[] )
if( ( ret = x509_csr_parse_file( &csr, opt.request_file ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509_csr_parse_file returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! x509_csr_parse_file returned "
"-0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@ -453,7 +560,8 @@ int main( int argc, char *argv[] )
if( ret < 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! x509_dn_gets returned "
"-0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@ -477,7 +585,8 @@ int main( int argc, char *argv[] )
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! pk_parse_keyfile returned "
"-0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@ -492,7 +601,8 @@ int main( int argc, char *argv[] )
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! pk_parse_keyfile returned "
"-x%02x - %s\n\n", -ret, buf );
goto exit;
}
@ -506,7 +616,8 @@ int main( int argc, char *argv[] )
mpi_cmp_mpi( &pk_rsa( issuer_crt.pk )->E,
&pk_rsa( *issuer_key )->E ) != 0 )
{
polarssl_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" );
polarssl_printf( " failed\n ! issuer_key does not match "
"issuer certificate\n\n" );
ret = -1;
goto exit;
}
@ -526,28 +637,35 @@ int main( int argc, char *argv[] )
/*
* 1.0. Check the names for validity
*/
if( ( ret = x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 )
if( ( ret = x509write_crt_set_subject_name( &crt,
opt.subject_name ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_subject_name returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! x509write_crt_set_subject_name returned"
" -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
if( ( ret = x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_issuer_name returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! x509write_crt_set_issuer_name returned "
"-0x%04x - %s\n\n", -ret, buf );
goto exit;
}
polarssl_printf( " . Setting certificate values ..." );
fflush( stdout );
x509write_crt_set_version( &crt, opt.version );
x509write_crt_set_md_alg( &crt, opt.md );
ret = x509write_crt_set_serial( &crt, &serial );
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_serial returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! x509write_crt_set_serial returned "
"-0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@ -555,55 +673,72 @@ int main( int argc, char *argv[] )
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_validity returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! x509write_crt_set_validity returned "
"-0x%04x - %s\n\n", -ret, buf );
goto exit;
}
polarssl_printf( " ok\n" );
polarssl_printf( " . Adding the Basic Constraints extension ..." );
fflush( stdout );
ret = x509write_crt_set_basic_constraints( &crt, opt.is_ca,
opt.max_pathlen );
if( ret != 0 )
if( opt.version == 3 && opt.basic_constraints )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_basic_contraints returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
polarssl_printf( " . Adding the Basic Constraints extension ..." );
fflush( stdout );
polarssl_printf( " ok\n" );
ret = x509write_crt_set_basic_constraints( &crt, opt.is_ca,
opt.max_pathlen );
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_basic_contraints "
"returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
polarssl_printf( " ok\n" );
}
#if defined(POLARSSL_SHA1_C)
polarssl_printf( " . Adding the Subject Key Identifier ..." );
fflush( stdout );
ret = x509write_crt_set_subject_key_identifier( &crt );
if( ret != 0 )
if( opt.version == 3 && opt.subject_identifier )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_subject_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
polarssl_printf( " . Adding the Subject Key Identifier ..." );
fflush( stdout );
ret = x509write_crt_set_subject_key_identifier( &crt );
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_subject"
"_key_identifier returned -0x%04x - %s\n\n",
-ret, buf );
goto exit;
}
polarssl_printf( " ok\n" );
}
polarssl_printf( " ok\n" );
polarssl_printf( " . Adding the Authority Key Identifier ..." );
fflush( stdout );
ret = x509write_crt_set_authority_key_identifier( &crt );
if( ret != 0 )
if( opt.version == X509_CRT_VERSION_3 &&
opt.authority_identifier != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_authority_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
goto exit;
}
polarssl_printf( " . Adding the Authority Key Identifier ..." );
fflush( stdout );
polarssl_printf( " ok\n" );
ret = x509write_crt_set_authority_key_identifier( &crt );
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_authority_"
"key_identifier returned -0x%04x - %s\n\n",
-ret, buf );
goto exit;
}
polarssl_printf( " ok\n" );
}
#endif /* POLARSSL_SHA1_C */
if( opt.key_usage )
if( opt.version == X509_CRT_VERSION_3 &&
opt.key_usage != 0 )
{
polarssl_printf( " . Adding the Key Usage extension ..." );
fflush( stdout );
@ -612,14 +747,16 @@ int main( int argc, char *argv[] )
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! x509write_crt_set_key_usage "
"returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
polarssl_printf( " ok\n" );
}
if( opt.ns_cert_type )
if( opt.version == X509_CRT_VERSION_3 &&
opt.ns_cert_type != 0 )
{
polarssl_printf( " . Adding the NS Cert Type extension ..." );
fflush( stdout );
@ -628,7 +765,8 @@ int main( int argc, char *argv[] )
if( ret != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! x509write_crt_set_ns_cert_type "
"returned -0x%04x - %s\n\n", -ret, buf );
goto exit;
}
@ -645,7 +783,8 @@ int main( int argc, char *argv[] )
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
polarssl_strerror( ret, buf, 1024 );
polarssl_printf( " failed\n ! write_certifcate -0x%02x - %s\n\n", -ret, buf );
polarssl_printf( " failed\n ! write_certifcate returned "
"-0x%04x - %s\n\n", -ret, buf );
goto exit;
}

20
tests/data_files/server1.cert_type_noauthid.crt Normal file
View file

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR
BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBABNT+r+6vvlpjtyz
mewrGOKPt5iwb8w2aReJ0AWuyQzTiduN26MhXq93cXHV0pHj2rD7MfiBEwBSWnf9
FcxkE0g77GVyM9Vs9Uy/MspIqOce7JD0c36G4EI8lYce2TYwQLE9CGNl+LDxqkLy
prijXBl/FaD+IO/SNMr3VVnfFEZqPUxg+BSTaGgD+52Z7B4nPP0xGPjlW367RGDv
9dIkr1thve2WOeC9ixxl9K/864I7/0GdbgKSf77xl3/5vnQUOY7kugRvkvxWIgHS
HNVnmEN2I2Nb0M8lQNF1sFDbpFwVbh9CkBF5LJNesy0VWd67Ho6EntPEb7vBFF/x
jz0b2l4=
-----END CERTIFICATE-----

20
tests/data_files/server1.key_usage_noauthid.crt Normal file
View file

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDLjCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO
BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBAJZRIISo4+rDvHXXaS43
shfSkyJyur588mNJFzty1WVfhaIkwjMIGHeGlHS29fwgPsBUgelZ3Qv3J7wsm42+
3BwQet0l36FIBIJtFhcrTGlaCFUo/5bZJUPGgiOFB9ec/8lOszVlX8cH34UimWqg
q2wXRGoXWPbuRnUWlJhI2bAv5ri9Mt7Rs4nK4wyS1ZjC8ByXMn4tk3yMjkUEqu0o
37zoQiF+FJApu0eTKK5goA2hisyfCX9eJMppAbcyvJwoj/AmiBkXW8J3kEMJtLmZ
VoxXYknnXumxBLxUrGuamR/3cmbaJHIHE1Dqox7hB+9miyp4lue1/uXHCocGAIeF
JTo=
-----END CERTIFICATE-----

19
tests/data_files/server1.noauthid.crt Normal file
View file

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDHjCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
oywwKjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAN
BgkqhkiG9w0BAQUFAAOCAQEAUMDKviuchRc4ICoVwi9LFyfQjxFQLgjnX1UYSqc5
UptiJsDpbJ+TMbOhNBs7YRV7ju61J33ax1fqgcFWkc2M2Vsqzz9+3zJlQoQuOLxH
5C6v5/rhUEV9HMy3K5SIa/BVem9osWvMwDnB8g5k3wCZAnOuFcT6ttvzRqz6Oh9d
avozrYHsATzPXBal41Gf95cNVcJ1pn/JgE4EOijMqmAPldVbCqfXLl6TB0nJS6dm
q9z73DGrVQlOwmCVI+qD2POJI67LuQ0g6Y0WVMxsWilMppt+UrEknMzk4O4qOaUs
1B20vI/bN4XPDnw58psazdoBxFL+fAk5MbTNKETNHjBsIg==
-----END CERTIFICATE-----

32
tests/data_files/server1.v1.crt
View file

@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC9DCCAdygAwIBAAIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
owIwADANBgkqhkiG9w0BAQUFAAOCAQEAoZVuVi7bIslKgMJhejSFXiO+ICMz1fmK
b0tPN68mRYhI/gsjRT0cmX6GUNrg+U5mcBWhMwHgyvx1CARU4YToKZxcXGNL0DPd
Z1hF8nCrJCZBQvNuWE7s0ufw92xz5ZfuKkVxi94RYR529F6gzgl4rpX8UQVu2ym/
9pTlHKr4MKi9LNppyJMS89uRcb2FJFMdhAKbhNtbIjI9qGZ7x//0belAaWhq389u
6XWFnZt35PU6Zz6YbAQ5pjZYsTaohuufgrpOlFPUuc4uR+RfGHIQ6id12lZaQC2m
OFIBDcU0x1cFfPfMgVdBLf6klPt/v/tD77mwx0eztSp28NIf+ACw8A==
MIIC6zCCAdMCAQEwDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UEBhMCTkwxETAPBgNV
BAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4XDTExMDIx
MjE0NDQwNloXDTIxMDIxMjE0NDQwNlowPDELMAkGA1UEBhMCTkwxETAPBgNVBAoT
CFBvbGFyU1NMMRowGAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb
7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJ
BEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8Yw
fhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5B
Xhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1Y
ieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAATANBgkq
hkiG9w0BAQUFAAOCAQEAPMRfR9ql7b06b5DdNyJhD96lBzuVSUOW2MgVHT2Vs7NB
tk5L1htpA5N4uaIeyt6YM0xU0nHdHUKaywNcDiXcnzvRoctGWiWdpcEvdA0rYRF5
T4MGPpjEuLJcG3aTU8mV8wUEbrY6IEnSpC1G9iasjhkwAF7pb/Ic8+/riwmPD/Fh
zBrRfBCgi5VXbX9IvY+yQHRVRal8y+n4eh9/hFxBKDbvuidFropGzcuparEwCIRi
U7L/7aZ3A5wsQp9GPDliSjpeYCf5tok/bvjG4xU041pGQ7yVNpu2mEIoqDz9v+Ay
IKqsWradEnFG/1ov78a2RB+2+iIPE4iCDtmKUkgPjQ==
-----END CERTIFICATE-----

21
tests/scripts/generate_code.pl
View file

@ -194,7 +194,7 @@ END
# and make check code
my $dep_check_code;
my @res = $test_data =~ /^depends_on:([\w:]+)/msg;
my @res = $test_data =~ /^depends_on:([!:\w]+)/msg;
my %case_deps;
foreach my $deps (@res)
{
@ -205,7 +205,23 @@ foreach my $deps (@res)
}
while( my ($key, $value) = each(%case_deps) )
{
$dep_check_code .= << "END";
if( substr($key, 0, 1) eq "!" )
{
my $key = substr($key, 1);
$dep_check_code .= << "END";
if( strcmp( str, "!$key" ) == 0 )
{
#if !defined($key)
return( 0 );
#else
return( 1 );
#endif
}
END
}
else
{
$dep_check_code .= << "END";
if( strcmp( str, "$key" ) == 0 )
{
#if defined($key)
@ -215,6 +231,7 @@ while( my ($key, $value) = each(%case_deps) )
#endif
}
END
}
}
# Make mapping code

13
tests/suites/helpers.function
View file

@ -55,6 +55,17 @@ typedef UINT32 uint32_t;
}
#endif
/* Helper flags for complex dependencies */
/* Indicates whether we expect mbedtls_entropy_init
* to initialize some strong entropy source. */
#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES) && \
( !defined(POLARSSL_NO_PLATFORM_ENTROPY) || \
defined(POLARSSL_HAVEGE_C) || \
defined(POLARSSL_TIMING_C) )
#define ENTROPY_HAVE_DEFAULT
#endif
static int unhexify( unsigned char *obuf, const char *ibuf )
{
unsigned char c, c2;
@ -214,7 +225,7 @@ typedef struct
* This function returns random based on a buffer it receives.
*
* rng_state shall be a pointer to a rnd_buf_info structure.
*
*
* The number of bytes released from the buffer on each call to
* the random function is specified by per_call. (Can be between
* 1 and 4)

4
tests/suites/test_suite_entropy.data
View file

@ -31,10 +31,10 @@ entropy_threshold:16:2:8
Entropy threshold #2
entropy_threshold:32:1:32
Entropy thershold #3
Entropy threshold #3
entropy_threshold:16:0:POLARSSL_ERR_ENTROPY_SOURCE_FAILED
Entropy thershold #4
Entropy threshold #4
entropy_threshold:1024:1:POLARSSL_ERR_ENTROPY_SOURCE_FAILED
Entropy self test

8
tests/suites/test_suite_entropy.function
View file

@ -40,7 +40,7 @@ static int entropy_dummy_source( void *data, unsigned char *output,
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:POLARSSL_FS_IO */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:ENTROPY_HAVE_DEFAULT */
void entropy_seed_file( char *path, int ret )
{
entropy_context ctx;
@ -78,7 +78,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:ENTROPY_HAVE_DEFAULT */
void entropy_func_len( int len, int ret )
{
entropy_context ctx;
@ -137,7 +137,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on:ENTROPY_HAVE_DEFAULT */
void entropy_threshold( int threshold, int chunk_size, int result )
{
entropy_context ctx;
@ -167,7 +167,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_SELF_TEST */
/* BEGIN_CASEdepends_on:ENTROPY_HAVE_DEFAULT:POLARSSL_SELF_TEST */
void entropy_selftest( )
{
TEST_ASSERT( entropy_self_test( 0 ) == 0 );

18
tests/suites/test_suite_pem.data
View file

@ -17,10 +17,22 @@ PEM write (exactly two lines + 1)
pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n"
PEM read (DES-EDE3-CBC + invalid iv)
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":POLARSSL_ERR_PEM_INVALID_ENC_IV
PEM read (DES-CBC + invalid iv)
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":POLARSSL_ERR_PEM_INVALID_ENC_IV
PEM read (unknown encryption algorithm)
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG
PEM read (malformed PEM DES-CBC)
depends_on:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC
pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
PEM read (malformed PEM DES-EDE3-CBC)
depends_on:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC
pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
PEM read (malformed PEM AES-128-CBC)
depends_on:POLARSSL_AES_C:POLARSSL_CIPHER_MODE_CBC
pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":POLARSSL_ERR_AES_INVALID_INPUT_LENGTH

13
tests/suites/test_suite_pem.function
View file

@ -1,6 +1,8 @@
/* BEGIN_HEADER */
#include "polarssl/base64.h"
#include "polarssl/pem.h"
#include "polarssl/des.h"
#include "polarssl/aes.h"
/* END_HEADER */
/* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */
@ -35,16 +37,19 @@ exit:
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_AES_C:POLARSSL_DES_C:POLARSSL_MD5_C:POLARSSL_CIPHER_MODE_CBC */
void pem_read_buffer( char *header, char *footer, char *data, int ret )
void pem_read_buffer( char *header, char *footer, char *data, char *pwd,
int res )
{
pem_context ctx;
int ret;
size_t use_len = 0;
size_t pwd_len = strlen( pwd );
pem_init( &ctx );
TEST_ASSERT( pem_read_buffer( &ctx, header, footer,
(const unsigned char *)data, NULL, 0,
&use_len ) == ret );
ret = pem_read_buffer( &ctx, header, footer, (const unsigned char *)data,
(unsigned char *)pwd, pwd_len, &use_len );
TEST_ASSERT( ret == res );
exit:
pem_free( &ctx );

6
tests/suites/test_suite_rsa.function
View file

@ -658,7 +658,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_CTR_DRBG_C:POLARSSL_ENTROPY_C */
/* BEGIN_CASE depends_on:POLARSSL_CTR_DRBG_C:POLARSSL_ENTROPY_C:ENTROPY_HAVE_DEFAULT */
void rsa_gen_key( int nrbits, int exponent, int result)
{
rsa_context ctx;
@ -667,12 +667,12 @@ void rsa_gen_key( int nrbits, int exponent, int result)
const char *pers = "test_suite_rsa";
entropy_init( &entropy );
rsa_init( &ctx, 0, 0 );
TEST_ASSERT( ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) == 0 );
rsa_init( &ctx, 0, 0 );
TEST_ASSERT( rsa_gen_key( &ctx, ctr_drbg_random, &ctr_drbg, nrbits,
exponent ) == result );
if( result == 0 )

24
tests/suites/test_suite_x509write.data
View file

@ -44,19 +44,35 @@ x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":POLARSS
Certificate write check Server1 SHA1
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:-1:"data_files/server1.crt"
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0
Certificate write check Server1 SHA1, key_usage
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt"
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0
Certificate write check Server1 SHA1, ns_cert_type
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt"
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0
Certificate write check Server1 SHA1, version 1
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt"
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:1:X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
Certificate write check Server1 SHA1, RSA_ALT
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":0
Certificate write check Server1 SHA1, RSA_ALT, key_usage
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":0
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":0
Certificate write check Server1 SHA1, RSA_ALT, version 1
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
X509 String to Names #1
x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0

61
tests/suites/test_suite_x509write.function
View file

@ -3,6 +3,30 @@
#include "polarssl/x509_csr.h"
#include "polarssl/pem.h"
#include "polarssl/oid.h"
#include "polarssl/rsa.h"
#if defined(POLARSSL_RSA_C)
int rsa_decrypt_func( void *ctx, int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len )
{
return( rsa_pkcs1_decrypt( (rsa_context *) ctx, NULL, NULL, mode, olen,
input, output, output_max_len ) );
}
int rsa_sign_func( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, mode,
md_alg, hashlen, hash, sig ) );
}
size_t rsa_key_len_func( void *ctx )
{
return( ((const rsa_context *) ctx)->len );
}
#endif /* POLARSSL_RSA_C */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -75,10 +99,12 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
char *subject_name, char *issuer_key_file,
char *issuer_pwd, char *issuer_name,
char *serial_str, char *not_before, char *not_after,
int md_type, int key_usage, int cert_type, int ver,
char *cert_check_file )
int md_type, int key_usage, int cert_type, int auth_ident,
int ver, char *cert_check_file, int rsa_alt )
{
pk_context subject_key, issuer_key;
pk_context subject_key, issuer_key, issuer_key_alt;
pk_context *key = &issuer_key;
x509write_cert crt;
unsigned char buf[4096];
unsigned char check_buf[5000];
@ -93,14 +119,29 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
mpi_init( &serial );
pk_init( &subject_key );
pk_init( &issuer_key );
pk_init( &issuer_key_alt );
x509write_crt_init( &crt );
TEST_ASSERT( pk_parse_keyfile( &subject_key, subject_key_file,
subject_pwd ) == 0 );
TEST_ASSERT( pk_parse_keyfile( &issuer_key, issuer_key_file,
issuer_pwd ) == 0 );
/* For RSA PK contexts, create a copy as an alternative RSA context. */
if( rsa_alt == 1 && pk_get_type( &issuer_key ) == POLARSSL_PK_RSA )
{
TEST_ASSERT( pk_init_ctx_rsa_alt( &issuer_key_alt,
pk_rsa( issuer_key ),
rsa_decrypt_func,
rsa_sign_func,
rsa_key_len_func ) == 0 );
key = &issuer_key_alt;
}
TEST_ASSERT( mpi_read_string( &serial, 10, serial_str ) == 0 );
x509write_crt_init( &crt );
if( ver != -1 )
x509write_crt_set_version( &crt, ver );
TEST_ASSERT( x509write_crt_set_serial( &crt, &serial ) == 0 );
@ -110,20 +151,21 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
TEST_ASSERT( x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
TEST_ASSERT( x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
x509write_crt_set_subject_key( &crt, &subject_key );
x509write_crt_set_issuer_key( &crt, &issuer_key );
x509write_crt_set_issuer_key( &crt, key );
if( crt.version >= X509_CRT_VERSION_3 )
{
TEST_ASSERT( x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
TEST_ASSERT( x509write_crt_set_subject_key_identifier( &crt ) == 0 );
TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 );
if( auth_ident != 0 )
TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 );
if( key_usage != 0 )
TEST_ASSERT( x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
if( cert_type != 0 )
TEST_ASSERT( x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
}
ret = x509write_crt_pem( &crt, buf, sizeof(buf),
ret = x509write_crt_pem( &crt, buf, sizeof( buf ),
rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == 0 );
@ -131,8 +173,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
f = fopen( cert_check_file, "r" );
TEST_ASSERT( f != NULL );
olen = fread( check_buf, 1, sizeof(check_buf), f );
TEST_ASSERT( olen < sizeof(check_buf) );
olen = fread( check_buf, 1, sizeof( check_buf ), f );
TEST_ASSERT( olen < sizeof( check_buf ) );
fclose( f );
TEST_ASSERT( olen >= pem_len - 1 );
@ -152,6 +194,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
exit:
x509write_crt_free( &crt );
pk_free( &issuer_key );
pk_free( &issuer_key_alt );
pk_free( &subject_key );
mpi_free( &serial );
}