mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-03-17 23:17:38 +00:00
Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
This commit is contained in:
commit
2cd7c18f59
18
ChangeLog
18
ChangeLog
|
@ -43,6 +43,24 @@ Bugfix
|
|||
Found independently by Florian in the mbed TLS forum and by Mishamax.
|
||||
#878, #1019.
|
||||
* Fix build problems on Windows. Contributed by Nicholas Wilson.
|
||||
* Fix unchecked return codes from AES, DES and 3DES functions in
|
||||
pem_aes_decrypt(), pem_des_decrypt() and pem_des3_decrypt() respectively.
|
||||
If a call to one of the functions of the cryptographic primitive modules
|
||||
failed, the error may not be noticed by the function pem_read_buffer()
|
||||
causing it to return invalid values. Found by Guido Vranken. #756
|
||||
* Include configuration file in md.h, to fix compilation warnings.
|
||||
Reported by aaronmdjones in #1001
|
||||
* Correct extraction of signature-type from PK instance in X.509 CRT and CSR
|
||||
writing routines that prevented these functions to work with alternative
|
||||
RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011.
|
||||
* Don't print X.509 version tag for v1 CRT's, and omit extensions for
|
||||
non-v3 CRT's.
|
||||
* Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024
|
||||
|
||||
Changes
|
||||
* Extend cert_write example program by options to set the CRT version
|
||||
and the message digest. Further, allow enabling/disabling of authority
|
||||
identifier, subject identifier and basic constraints extensions.
|
||||
|
||||
= mbed TLS 1.3.21 branch released 2017-08-10
|
||||
|
||||
|
|
|
@ -27,6 +27,11 @@
|
|||
#define POLARSSL_MD_H
|
||||
|
||||
#include <stddef.h>
|
||||
#if !defined(POLARSSL_CONFIG_FILE)
|
||||
#include "config.h"
|
||||
#else
|
||||
#include POLARSSL_CONFIG_FILE
|
||||
#endif
|
||||
|
||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||
!defined(inline) && !defined(__cplusplus)
|
||||
|
|
|
@ -61,6 +61,9 @@ void entropy_init( entropy_context *ctx )
|
|||
{
|
||||
memset( ctx, 0, sizeof(entropy_context) );
|
||||
|
||||
/* Reminder: Update ENTROPY_HAVE_DEFAULT in the test files
|
||||
* when adding more strong entropy sources here. */
|
||||
|
||||
#if defined(POLARSSL_THREADING_C)
|
||||
polarssl_mutex_init( &ctx->mutex );
|
||||
#endif
|
||||
|
|
|
@ -135,45 +135,53 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
|
|||
/*
|
||||
* Decrypt with DES-CBC, using PBKDF1 for key derivation
|
||||
*/
|
||||
static void pem_des_decrypt( unsigned char des_iv[8],
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
static int pem_des_decrypt( unsigned char des_iv[8],
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
{
|
||||
des_context des_ctx;
|
||||
unsigned char des_key[8];
|
||||
int ret;
|
||||
|
||||
des_init( &des_ctx );
|
||||
|
||||
pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
|
||||
|
||||
des_setkey_dec( &des_ctx, des_key );
|
||||
des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
|
||||
des_iv, buf, buf );
|
||||
if( ( ret = des_setkey_dec( &des_ctx, des_key ) ) != 0 )
|
||||
goto exit;
|
||||
ret = des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen, des_iv, buf, buf );
|
||||
|
||||
exit:
|
||||
des_free( &des_ctx );
|
||||
polarssl_zeroize( des_key, 8 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
|
||||
*/
|
||||
static void pem_des3_decrypt( unsigned char des3_iv[8],
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
static int pem_des3_decrypt( unsigned char des3_iv[8],
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
{
|
||||
des3_context des3_ctx;
|
||||
unsigned char des3_key[24];
|
||||
int ret;
|
||||
|
||||
des3_init( &des3_ctx );
|
||||
|
||||
pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
|
||||
|
||||
des3_set3key_dec( &des3_ctx, des3_key );
|
||||
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
|
||||
des3_iv, buf, buf );
|
||||
if( ( ret = des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
|
||||
goto exit;
|
||||
ret = des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen, des3_iv, buf, buf );
|
||||
|
||||
exit:
|
||||
des3_free( &des3_ctx );
|
||||
polarssl_zeroize( des3_key, 24 );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
|
@ -181,23 +189,27 @@ static void pem_des3_decrypt( unsigned char des3_iv[8],
|
|||
/*
|
||||
* Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
|
||||
*/
|
||||
static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
|
||||
unsigned char *buf, size_t buflen,
|
||||
const unsigned char *pwd, size_t pwdlen )
|
||||
{
|
||||
aes_context aes_ctx;
|
||||
unsigned char aes_key[32];
|
||||
int ret;
|
||||
|
||||
aes_init( &aes_ctx );
|
||||
|
||||
pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
|
||||
|
||||
aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
|
||||
aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
|
||||
aes_iv, buf, buf );
|
||||
if( ( ret = aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
|
||||
goto exit;
|
||||
ret = aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen, aes_iv, buf, buf );
|
||||
|
||||
exit:
|
||||
aes_free( &aes_ctx );
|
||||
polarssl_zeroize( aes_key, keylen );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
|
@ -349,22 +361,30 @@ int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
|
|||
return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
if( enc_alg == POLARSSL_CIPHER_DES_EDE3_CBC )
|
||||
pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||
ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||
else if( enc_alg == POLARSSL_CIPHER_DES_CBC )
|
||||
pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||
ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_AES_C)
|
||||
if( enc_alg == POLARSSL_CIPHER_AES_128_CBC )
|
||||
pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
|
||||
ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
|
||||
else if( enc_alg == POLARSSL_CIPHER_AES_192_CBC )
|
||||
pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
|
||||
ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
|
||||
else if( enc_alg == POLARSSL_CIPHER_AES_256_CBC )
|
||||
pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
|
||||
ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
polarssl_free( buf );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
|
||||
* length bytes (allow 4 to be sure) in all known use cases.
|
||||
|
|
|
@ -52,7 +52,7 @@ static void polarssl_zeroize( void *v, size_t n ) {
|
|||
|
||||
void x509write_crt_init( x509write_cert *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof(x509write_cert) );
|
||||
memset( ctx, 0, sizeof( x509write_cert ) );
|
||||
|
||||
mpi_init( &ctx->serial );
|
||||
ctx->version = X509_CRT_VERSION_3;
|
||||
|
@ -66,7 +66,7 @@ void x509write_crt_free( x509write_cert *ctx )
|
|||
asn1_free_named_data_list( &ctx->issuer );
|
||||
asn1_free_named_data_list( &ctx->extensions );
|
||||
|
||||
polarssl_zeroize( ctx, sizeof(x509write_cert) );
|
||||
polarssl_zeroize( ctx, sizeof( x509write_cert ) );
|
||||
}
|
||||
|
||||
void x509write_crt_set_version( x509write_cert *ctx, int version )
|
||||
|
@ -141,10 +141,10 @@ int x509write_crt_set_basic_constraints( x509write_cert *ctx,
|
|||
{
|
||||
int ret;
|
||||
unsigned char buf[9];
|
||||
unsigned char *c = buf + sizeof(buf);
|
||||
unsigned char *c = buf + sizeof( buf );
|
||||
size_t len = 0;
|
||||
|
||||
memset( buf, 0, sizeof(buf) );
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
|
||||
if( is_ca && max_pathlen > 127 )
|
||||
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||
|
@ -164,7 +164,7 @@ int x509write_crt_set_basic_constraints( x509write_cert *ctx,
|
|||
|
||||
return x509write_crt_set_extension( ctx, OID_BASIC_CONSTRAINTS,
|
||||
OID_SIZE( OID_BASIC_CONSTRAINTS ),
|
||||
0, buf + sizeof(buf) - len, len );
|
||||
0, buf + sizeof( buf ) - len, len );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
|
@ -172,14 +172,14 @@ int x509write_crt_set_subject_key_identifier( x509write_cert *ctx )
|
|||
{
|
||||
int ret;
|
||||
unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
|
||||
unsigned char *c = buf + sizeof(buf);
|
||||
unsigned char *c = buf + sizeof( buf );
|
||||
size_t len = 0;
|
||||
|
||||
memset( buf, 0, sizeof(buf) );
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->subject_key ) );
|
||||
|
||||
sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
|
||||
c = buf + sizeof(buf) - 20;
|
||||
sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 );
|
||||
c = buf + sizeof( buf ) - 20;
|
||||
len = 20;
|
||||
|
||||
ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
|
||||
|
@ -187,21 +187,21 @@ int x509write_crt_set_subject_key_identifier( x509write_cert *ctx )
|
|||
|
||||
return x509write_crt_set_extension( ctx, OID_SUBJECT_KEY_IDENTIFIER,
|
||||
OID_SIZE( OID_SUBJECT_KEY_IDENTIFIER ),
|
||||
0, buf + sizeof(buf) - len, len );
|
||||
0, buf + sizeof( buf ) - len, len );
|
||||
}
|
||||
|
||||
int x509write_crt_set_authority_key_identifier( x509write_cert *ctx )
|
||||
{
|
||||
int ret;
|
||||
unsigned char buf[POLARSSL_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
|
||||
unsigned char *c = buf + sizeof(buf);
|
||||
unsigned char *c = buf + sizeof( buf );
|
||||
size_t len = 0;
|
||||
|
||||
memset( buf, 0, sizeof(buf) );
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
ASN1_CHK_ADD( len, pk_write_pubkey( &c, buf, ctx->issuer_key ) );
|
||||
|
||||
sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
|
||||
c = buf + sizeof(buf) - 20;
|
||||
sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 );
|
||||
c = buf + sizeof( buf ) - 20;
|
||||
len = 20;
|
||||
|
||||
ASN1_CHK_ADD( len, asn1_write_len( &c, buf, len ) );
|
||||
|
@ -213,7 +213,7 @@ int x509write_crt_set_authority_key_identifier( x509write_cert *ctx )
|
|||
|
||||
return x509write_crt_set_extension( ctx, OID_AUTHORITY_KEY_IDENTIFIER,
|
||||
OID_SIZE( OID_AUTHORITY_KEY_IDENTIFIER ),
|
||||
0, buf + sizeof(buf) - len, len );
|
||||
0, buf + sizeof( buf ) - len, len );
|
||||
}
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
|
||||
|
@ -308,9 +308,15 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
|
|||
c = tmp_buf + sizeof( tmp_buf );
|
||||
|
||||
/* Signature algorithm needed in TBS, and later for actual signature */
|
||||
pk_alg = pk_get_type( ctx->issuer_key );
|
||||
if( pk_alg == POLARSSL_PK_ECKEY )
|
||||
|
||||
/* There's no direct way of extracting a signature algorithm
|
||||
* (represented as an element of pk_type_t) from a PK instance. */
|
||||
if( pk_can_do( ctx->issuer_key, POLARSSL_PK_RSA ) )
|
||||
pk_alg = POLARSSL_PK_RSA;
|
||||
else if( pk_can_do( ctx->issuer_key, POLARSSL_PK_ECDSA ) )
|
||||
pk_alg = POLARSSL_PK_ECDSA;
|
||||
else
|
||||
return( POLARSSL_ERR_X509_INVALID_ALG );
|
||||
|
||||
if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
|
||||
&sig_oid, &sig_oid_len ) ) != 0 )
|
||||
|
@ -321,13 +327,19 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
|
|||
/*
|
||||
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
|
||||
*/
|
||||
ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
|
||||
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
|
||||
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
|
||||
ASN1_SEQUENCE ) );
|
||||
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
|
||||
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
|
||||
ASN1_CONSTRUCTED | 3 ) );
|
||||
|
||||
/* Only for v3 */
|
||||
if( ctx->version == X509_CRT_VERSION_3 )
|
||||
{
|
||||
ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf,
|
||||
ctx->extensions ) );
|
||||
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
|
||||
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
|
||||
ASN1_SEQUENCE ) );
|
||||
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
|
||||
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
|
||||
ASN1_CONSTRUCTED | 3 ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* SubjectPublicKeyInfo
|
||||
|
@ -379,16 +391,20 @@ int x509write_crt_der( x509write_cert *ctx, unsigned char *buf, size_t size,
|
|||
/*
|
||||
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
||||
*/
|
||||
sub_len = 0;
|
||||
ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) );
|
||||
len += sub_len;
|
||||
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
|
||||
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
|
||||
ASN1_CONSTRUCTED | 0 ) );
|
||||
|
||||
if( ctx->version != X509_CRT_VERSION_1 )
|
||||
{
|
||||
sub_len = 0;
|
||||
ASN1_CHK_ADD( sub_len, asn1_write_int( &c, tmp_buf, ctx->version ) );
|
||||
len += sub_len;
|
||||
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, sub_len ) );
|
||||
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONTEXT_SPECIFIC |
|
||||
ASN1_CONSTRUCTED | 0 ) );
|
||||
}
|
||||
|
||||
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
|
||||
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED |
|
||||
ASN1_SEQUENCE ) );
|
||||
ASN1_SEQUENCE ) );
|
||||
|
||||
/*
|
||||
* Make signature
|
||||
|
|
|
@ -51,7 +51,7 @@ static void polarssl_zeroize( void *v, size_t n ) {
|
|||
|
||||
void x509write_csr_init( x509write_csr *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof(x509write_csr) );
|
||||
memset( ctx, 0, sizeof( x509write_csr ) );
|
||||
}
|
||||
|
||||
void x509write_csr_free( x509write_csr *ctx )
|
||||
|
@ -59,7 +59,7 @@ void x509write_csr_free( x509write_csr *ctx )
|
|||
asn1_free_named_data_list( &ctx->subject );
|
||||
asn1_free_named_data_list( &ctx->extensions );
|
||||
|
||||
polarssl_zeroize( ctx, sizeof(x509write_csr) );
|
||||
polarssl_zeroize( ctx, sizeof( x509write_csr ) );
|
||||
}
|
||||
|
||||
void x509write_csr_set_md_alg( x509write_csr *ctx, md_type_t md_alg )
|
||||
|
@ -195,13 +195,20 @@ int x509write_csr_der( x509write_csr *ctx, unsigned char *buf, size_t size,
|
|||
*/
|
||||
md( md_info_from_type( ctx->md_alg ), c, len, hash );
|
||||
|
||||
pk_alg = pk_get_type( ctx->key );
|
||||
if( pk_alg == POLARSSL_PK_ECKEY )
|
||||
pk_alg = POLARSSL_PK_ECDSA;
|
||||
|
||||
if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
|
||||
f_rng, p_rng ) ) != 0 ||
|
||||
( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
|
||||
f_rng, p_rng ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( pk_can_do( ctx->key, POLARSSL_PK_RSA ) )
|
||||
pk_alg = POLARSSL_PK_RSA;
|
||||
else if( pk_can_do( ctx->key, POLARSSL_PK_ECDSA ) )
|
||||
pk_alg = POLARSSL_PK_ECDSA;
|
||||
else
|
||||
return( POLARSSL_ERR_X509_INVALID_ALG );
|
||||
|
||||
if( ( ret = oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
|
||||
&sig_oid, &sig_oid_len ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
|
|
|
@ -54,6 +54,7 @@ int main( void )
|
|||
#include "polarssl/x509_csr.h"
|
||||
#include "polarssl/entropy.h"
|
||||
#include "polarssl/ctr_drbg.h"
|
||||
#include "polarssl/md.h"
|
||||
#include "polarssl/error.h"
|
||||
|
||||
#include <stdio.h>
|
||||
|
@ -86,6 +87,11 @@ int main( void )
|
|||
#define DFL_MAX_PATHLEN -1
|
||||
#define DFL_KEY_USAGE 0
|
||||
#define DFL_NS_CERT_TYPE 0
|
||||
#define DFL_VERSION 3
|
||||
#define DFL_AUTH_IDENT 1
|
||||
#define DFL_SUBJ_IDENT 1
|
||||
#define DFL_CONSTRAINTS 1
|
||||
#define DFL_DIGEST POLARSSL_MD_SHA256
|
||||
|
||||
#define USAGE \
|
||||
"\n usage: cert_write param=<>...\n" \
|
||||
|
@ -112,6 +118,20 @@ int main( void )
|
|||
" not_after=%%s default: 20301231235959\n"\
|
||||
" is_ca=%%d default: 0 (disabled)\n" \
|
||||
" max_pathlen=%%d default: -1 (none)\n" \
|
||||
" md=%%s default: SHA256\n" \
|
||||
" Supported values:\n" \
|
||||
" MD5, SHA1, SHA256, SHA512\n"\
|
||||
" version=%%d default: 3\n" \
|
||||
" Possible values: 1, 2, 3\n"\
|
||||
" subject_identifier default: 1\n" \
|
||||
" Possible values: 0, 1\n" \
|
||||
" (Considered for v3 only)\n"\
|
||||
" authority_identifier default: 1\n" \
|
||||
" Possible values: 0, 1\n" \
|
||||
" (Considered for v3 only)\n"\
|
||||
" basic_constraints default: 1\n" \
|
||||
" Possible values: 0, 1\n" \
|
||||
" (Considered for v3 only)\n"\
|
||||
" key_usage=%%s default: (empty)\n" \
|
||||
" Comma-separated-list of values:\n" \
|
||||
" digital_signature\n" \
|
||||
|
@ -121,6 +141,7 @@ int main( void )
|
|||
" key_agreement\n" \
|
||||
" key_certificate_sign\n" \
|
||||
" crl_sign\n" \
|
||||
" (Considered for v3 only)\n"\
|
||||
" ns_cert_type=%%s default: (empty)\n" \
|
||||
" Comma-separated-list of values:\n" \
|
||||
" ssl_client\n" \
|
||||
|
@ -152,6 +173,11 @@ struct options
|
|||
int selfsign; /* selfsign the certificate */
|
||||
int is_ca; /* is a CA certificate */
|
||||
int max_pathlen; /* maximum CA path length */
|
||||
int authority_identifier; /* add authority identifier to CRT */
|
||||
int subject_identifier; /* add subject identifier to CRT */
|
||||
int basic_constraints; /* add basic constraints ext to CRT */
|
||||
int version; /* CRT version */
|
||||
md_type_t md; /* Hash used for signing */
|
||||
unsigned char key_usage; /* key usage flags */
|
||||
unsigned char ns_cert_type; /* NS cert type */
|
||||
} opt;
|
||||
|
@ -246,6 +272,11 @@ int main( int argc, char *argv[] )
|
|||
opt.max_pathlen = DFL_MAX_PATHLEN;
|
||||
opt.key_usage = DFL_KEY_USAGE;
|
||||
opt.ns_cert_type = DFL_NS_CERT_TYPE;
|
||||
opt.version = DFL_VERSION - 1;
|
||||
opt.md = DFL_DIGEST;
|
||||
opt.subject_identifier = DFL_SUBJ_IDENT;
|
||||
opt.authority_identifier = DFL_AUTH_IDENT;
|
||||
opt.basic_constraints = DFL_CONSTRAINTS;
|
||||
|
||||
for( i = 1; i < argc; i++ )
|
||||
{
|
||||
|
@ -289,23 +320,88 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
opt.serial = q;
|
||||
}
|
||||
else if( strcmp( p, "authority_identifier" ) == 0 )
|
||||
{
|
||||
opt.authority_identifier = atoi( q );
|
||||
if( opt.authority_identifier != 0 &&
|
||||
opt.authority_identifier != 1 )
|
||||
{
|
||||
polarssl_printf( "Invalid argument for option %s\n", p );
|
||||
goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "subject_identifier" ) == 0 )
|
||||
{
|
||||
opt.subject_identifier = atoi( q );
|
||||
if( opt.subject_identifier != 0 &&
|
||||
opt.subject_identifier != 1 )
|
||||
{
|
||||
polarssl_printf( "Invalid argument for option %s\n", p );
|
||||
goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "basic_constraints" ) == 0 )
|
||||
{
|
||||
opt.basic_constraints = atoi( q );
|
||||
if( opt.basic_constraints != 0 &&
|
||||
opt.basic_constraints != 1 )
|
||||
{
|
||||
polarssl_printf( "Invalid argument for option %s\n", p );
|
||||
goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "md" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "SHA1" ) == 0 )
|
||||
opt.md = POLARSSL_MD_SHA1;
|
||||
else if( strcmp( q, "SHA256" ) == 0 )
|
||||
opt.md = POLARSSL_MD_SHA256;
|
||||
else if( strcmp( q, "SHA512" ) == 0 )
|
||||
opt.md = POLARSSL_MD_SHA512;
|
||||
else if( strcmp( q, "MD5" ) == 0 )
|
||||
opt.md = POLARSSL_MD_MD5;
|
||||
else
|
||||
{
|
||||
polarssl_printf( "Invalid argument for option %s\n", p );
|
||||
goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "version" ) == 0 )
|
||||
{
|
||||
opt.version = atoi( q );
|
||||
if( opt.version < 1 || opt.version > 3 )
|
||||
{
|
||||
polarssl_printf( "Invalid argument for option %s\n", p );
|
||||
goto usage;
|
||||
}
|
||||
opt.version--;
|
||||
}
|
||||
else if( strcmp( p, "selfsign" ) == 0 )
|
||||
{
|
||||
opt.selfsign = atoi( q );
|
||||
if( opt.selfsign < 0 || opt.selfsign > 1 )
|
||||
{
|
||||
polarssl_printf( "Invalid argument for option %s\n", p );
|
||||
goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "is_ca" ) == 0 )
|
||||
{
|
||||
opt.is_ca = atoi( q );
|
||||
if( opt.is_ca < 0 || opt.is_ca > 1 )
|
||||
{
|
||||
polarssl_printf( "Invalid argument for option %s\n", p );
|
||||
goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "max_pathlen" ) == 0 )
|
||||
{
|
||||
opt.max_pathlen = atoi( q );
|
||||
if( opt.max_pathlen < -1 || opt.max_pathlen > 127 )
|
||||
{
|
||||
polarssl_printf( "Invalid argument for option %s\n", p );
|
||||
goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "key_usage" ) == 0 )
|
||||
{
|
||||
|
@ -329,7 +425,10 @@ int main( int argc, char *argv[] )
|
|||
else if( strcmp( q, "crl_sign" ) == 0 )
|
||||
opt.key_usage |= KU_CRL_SIGN;
|
||||
else
|
||||
{
|
||||
polarssl_printf( "Invalid argument for option %s\n", p );
|
||||
goto usage;
|
||||
}
|
||||
|
||||
q = r;
|
||||
}
|
||||
|
@ -356,7 +455,10 @@ int main( int argc, char *argv[] )
|
|||
else if( strcmp( q, "object_signing_ca" ) == 0 )
|
||||
opt.ns_cert_type |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
|
||||
else
|
||||
{
|
||||
polarssl_printf( "Invalid argument for option %s\n", p );
|
||||
goto usage;
|
||||
}
|
||||
|
||||
q = r;
|
||||
}
|
||||
|
@ -379,7 +481,8 @@ int main( int argc, char *argv[] )
|
|||
strlen( pers ) ) ) != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! ctr_drbg_init returned %d - %s\n", ret, buf );
|
||||
polarssl_printf( " failed\n ! ctr_drbg_init "
|
||||
"returned %d - %s\n", ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -393,7 +496,8 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! mpi_read_string returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! mpi_read_string "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -412,7 +516,8 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509_crt_parse_file returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! x509_crt_parse_file returned "
|
||||
"-0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -421,7 +526,8 @@ int main( int argc, char *argv[] )
|
|||
if( ret < 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! x509_dn_gets returned "
|
||||
"-0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -444,7 +550,8 @@ int main( int argc, char *argv[] )
|
|||
if( ( ret = x509_csr_parse_file( &csr, opt.request_file ) ) != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509_csr_parse_file returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! x509_csr_parse_file returned "
|
||||
"-0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -453,7 +560,8 @@ int main( int argc, char *argv[] )
|
|||
if( ret < 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! x509_dn_gets returned "
|
||||
"-0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -477,7 +585,8 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! pk_parse_keyfile returned "
|
||||
"-0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -492,7 +601,8 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! pk_parse_keyfile returned "
|
||||
"-x%02x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -506,7 +616,8 @@ int main( int argc, char *argv[] )
|
|||
mpi_cmp_mpi( &pk_rsa( issuer_crt.pk )->E,
|
||||
&pk_rsa( *issuer_key )->E ) != 0 )
|
||||
{
|
||||
polarssl_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" );
|
||||
polarssl_printf( " failed\n ! issuer_key does not match "
|
||||
"issuer certificate\n\n" );
|
||||
ret = -1;
|
||||
goto exit;
|
||||
}
|
||||
|
@ -526,28 +637,35 @@ int main( int argc, char *argv[] )
|
|||
/*
|
||||
* 1.0. Check the names for validity
|
||||
*/
|
||||
if( ( ret = x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 )
|
||||
if( ( ret = x509write_crt_set_subject_name( &crt,
|
||||
opt.subject_name ) ) != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_subject_name returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_subject_name returned"
|
||||
" -0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_issuer_name returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_issuer_name returned "
|
||||
"-0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
polarssl_printf( " . Setting certificate values ..." );
|
||||
fflush( stdout );
|
||||
|
||||
x509write_crt_set_version( &crt, opt.version );
|
||||
x509write_crt_set_md_alg( &crt, opt.md );
|
||||
|
||||
ret = x509write_crt_set_serial( &crt, &serial );
|
||||
if( ret != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_serial returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_serial returned "
|
||||
"-0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -555,55 +673,72 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_validity returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_validity returned "
|
||||
"-0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
polarssl_printf( " ok\n" );
|
||||
|
||||
polarssl_printf( " . Adding the Basic Constraints extension ..." );
|
||||
fflush( stdout );
|
||||
|
||||
ret = x509write_crt_set_basic_constraints( &crt, opt.is_ca,
|
||||
opt.max_pathlen );
|
||||
if( ret != 0 )
|
||||
if( opt.version == 3 && opt.basic_constraints )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_basic_contraints returned -0x%02x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
polarssl_printf( " . Adding the Basic Constraints extension ..." );
|
||||
fflush( stdout );
|
||||
|
||||
polarssl_printf( " ok\n" );
|
||||
ret = x509write_crt_set_basic_constraints( &crt, opt.is_ca,
|
||||
opt.max_pathlen );
|
||||
if( ret != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_basic_contraints "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
polarssl_printf( " ok\n" );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SHA1_C)
|
||||
polarssl_printf( " . Adding the Subject Key Identifier ..." );
|
||||
fflush( stdout );
|
||||
|
||||
ret = x509write_crt_set_subject_key_identifier( &crt );
|
||||
if( ret != 0 )
|
||||
if( opt.version == 3 && opt.subject_identifier )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_subject_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
polarssl_printf( " . Adding the Subject Key Identifier ..." );
|
||||
fflush( stdout );
|
||||
|
||||
ret = x509write_crt_set_subject_key_identifier( &crt );
|
||||
if( ret != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_subject"
|
||||
"_key_identifier returned -0x%04x - %s\n\n",
|
||||
-ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
polarssl_printf( " ok\n" );
|
||||
}
|
||||
|
||||
polarssl_printf( " ok\n" );
|
||||
|
||||
polarssl_printf( " . Adding the Authority Key Identifier ..." );
|
||||
fflush( stdout );
|
||||
|
||||
ret = x509write_crt_set_authority_key_identifier( &crt );
|
||||
if( ret != 0 )
|
||||
if( opt.version == X509_CRT_VERSION_3 &&
|
||||
opt.authority_identifier != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_authority_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
polarssl_printf( " . Adding the Authority Key Identifier ..." );
|
||||
fflush( stdout );
|
||||
|
||||
polarssl_printf( " ok\n" );
|
||||
ret = x509write_crt_set_authority_key_identifier( &crt );
|
||||
if( ret != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_authority_"
|
||||
"key_identifier returned -0x%04x - %s\n\n",
|
||||
-ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
polarssl_printf( " ok\n" );
|
||||
}
|
||||
#endif /* POLARSSL_SHA1_C */
|
||||
|
||||
if( opt.key_usage )
|
||||
if( opt.version == X509_CRT_VERSION_3 &&
|
||||
opt.key_usage != 0 )
|
||||
{
|
||||
polarssl_printf( " . Adding the Key Usage extension ..." );
|
||||
fflush( stdout );
|
||||
|
@ -612,14 +747,16 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_key_usage "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
polarssl_printf( " ok\n" );
|
||||
}
|
||||
|
||||
if( opt.ns_cert_type )
|
||||
if( opt.version == X509_CRT_VERSION_3 &&
|
||||
opt.ns_cert_type != 0 )
|
||||
{
|
||||
polarssl_printf( " . Adding the NS Cert Type extension ..." );
|
||||
fflush( stdout );
|
||||
|
@ -628,7 +765,8 @@ int main( int argc, char *argv[] )
|
|||
if( ret != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! x509write_crt_set_ns_cert_type "
|
||||
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -645,7 +783,8 @@ int main( int argc, char *argv[] )
|
|||
ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||
{
|
||||
polarssl_strerror( ret, buf, 1024 );
|
||||
polarssl_printf( " failed\n ! write_certifcate -0x%02x - %s\n\n", -ret, buf );
|
||||
polarssl_printf( " failed\n ! write_certifcate returned "
|
||||
"-0x%04x - %s\n\n", -ret, buf );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
20
tests/data_files/server1.cert_type_noauthid.crt
Normal file
20
tests/data_files/server1.cert_type_noauthid.crt
Normal file
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
|
||||
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
|
||||
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
|
||||
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
|
||||
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
||||
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||
oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR
|
||||
BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBABNT+r+6vvlpjtyz
|
||||
mewrGOKPt5iwb8w2aReJ0AWuyQzTiduN26MhXq93cXHV0pHj2rD7MfiBEwBSWnf9
|
||||
FcxkE0g77GVyM9Vs9Uy/MspIqOce7JD0c36G4EI8lYce2TYwQLE9CGNl+LDxqkLy
|
||||
prijXBl/FaD+IO/SNMr3VVnfFEZqPUxg+BSTaGgD+52Z7B4nPP0xGPjlW367RGDv
|
||||
9dIkr1thve2WOeC9ixxl9K/864I7/0GdbgKSf77xl3/5vnQUOY7kugRvkvxWIgHS
|
||||
HNVnmEN2I2Nb0M8lQNF1sFDbpFwVbh9CkBF5LJNesy0VWd67Ho6EntPEb7vBFF/x
|
||||
jz0b2l4=
|
||||
-----END CERTIFICATE-----
|
20
tests/data_files/server1.key_usage_noauthid.crt
Normal file
20
tests/data_files/server1.key_usage_noauthid.crt
Normal file
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDLjCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
|
||||
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
|
||||
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
|
||||
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
|
||||
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
||||
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||
ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO
|
||||
BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBAJZRIISo4+rDvHXXaS43
|
||||
shfSkyJyur588mNJFzty1WVfhaIkwjMIGHeGlHS29fwgPsBUgelZ3Qv3J7wsm42+
|
||||
3BwQet0l36FIBIJtFhcrTGlaCFUo/5bZJUPGgiOFB9ec/8lOszVlX8cH34UimWqg
|
||||
q2wXRGoXWPbuRnUWlJhI2bAv5ri9Mt7Rs4nK4wyS1ZjC8ByXMn4tk3yMjkUEqu0o
|
||||
37zoQiF+FJApu0eTKK5goA2hisyfCX9eJMppAbcyvJwoj/AmiBkXW8J3kEMJtLmZ
|
||||
VoxXYknnXumxBLxUrGuamR/3cmbaJHIHE1Dqox7hB+9miyp4lue1/uXHCocGAIeF
|
||||
JTo=
|
||||
-----END CERTIFICATE-----
|
19
tests/data_files/server1.noauthid.crt
Normal file
19
tests/data_files/server1.noauthid.crt
Normal file
|
@ -0,0 +1,19 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDHjCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
|
||||
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
|
||||
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
|
||||
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
|
||||
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
||||
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||
oywwKjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAN
|
||||
BgkqhkiG9w0BAQUFAAOCAQEAUMDKviuchRc4ICoVwi9LFyfQjxFQLgjnX1UYSqc5
|
||||
UptiJsDpbJ+TMbOhNBs7YRV7ju61J33ax1fqgcFWkc2M2Vsqzz9+3zJlQoQuOLxH
|
||||
5C6v5/rhUEV9HMy3K5SIa/BVem9osWvMwDnB8g5k3wCZAnOuFcT6ttvzRqz6Oh9d
|
||||
avozrYHsATzPXBal41Gf95cNVcJ1pn/JgE4EOijMqmAPldVbCqfXLl6TB0nJS6dm
|
||||
q9z73DGrVQlOwmCVI+qD2POJI67LuQ0g6Y0WVMxsWilMppt+UrEknMzk4O4qOaUs
|
||||
1B20vI/bN4XPDnw58psazdoBxFL+fAk5MbTNKETNHjBsIg==
|
||||
-----END CERTIFICATE-----
|
|
@ -1,18 +1,18 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIC9DCCAdygAwIBAAIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
|
||||
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
|
||||
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
|
||||
A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
|
||||
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
|
||||
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
|
||||
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
|
||||
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
||||
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||
owIwADANBgkqhkiG9w0BAQUFAAOCAQEAoZVuVi7bIslKgMJhejSFXiO+ICMz1fmK
|
||||
b0tPN68mRYhI/gsjRT0cmX6GUNrg+U5mcBWhMwHgyvx1CARU4YToKZxcXGNL0DPd
|
||||
Z1hF8nCrJCZBQvNuWE7s0ufw92xz5ZfuKkVxi94RYR529F6gzgl4rpX8UQVu2ym/
|
||||
9pTlHKr4MKi9LNppyJMS89uRcb2FJFMdhAKbhNtbIjI9qGZ7x//0belAaWhq389u
|
||||
6XWFnZt35PU6Zz6YbAQ5pjZYsTaohuufgrpOlFPUuc4uR+RfGHIQ6id12lZaQC2m
|
||||
OFIBDcU0x1cFfPfMgVdBLf6klPt/v/tD77mwx0eztSp28NIf+ACw8A==
|
||||
MIIC6zCCAdMCAQEwDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UEBhMCTkwxETAPBgNV
|
||||
BAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4XDTExMDIx
|
||||
MjE0NDQwNloXDTIxMDIxMjE0NDQwNlowPDELMAkGA1UEBhMCTkwxETAPBgNVBAoT
|
||||
CFBvbGFyU1NMMRowGAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZI
|
||||
hvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb
|
||||
7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJ
|
||||
BEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8Yw
|
||||
fhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5B
|
||||
Xhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1Y
|
||||
ieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAATANBgkq
|
||||
hkiG9w0BAQUFAAOCAQEAPMRfR9ql7b06b5DdNyJhD96lBzuVSUOW2MgVHT2Vs7NB
|
||||
tk5L1htpA5N4uaIeyt6YM0xU0nHdHUKaywNcDiXcnzvRoctGWiWdpcEvdA0rYRF5
|
||||
T4MGPpjEuLJcG3aTU8mV8wUEbrY6IEnSpC1G9iasjhkwAF7pb/Ic8+/riwmPD/Fh
|
||||
zBrRfBCgi5VXbX9IvY+yQHRVRal8y+n4eh9/hFxBKDbvuidFropGzcuparEwCIRi
|
||||
U7L/7aZ3A5wsQp9GPDliSjpeYCf5tok/bvjG4xU041pGQ7yVNpu2mEIoqDz9v+Ay
|
||||
IKqsWradEnFG/1ov78a2RB+2+iIPE4iCDtmKUkgPjQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -194,7 +194,7 @@ END
|
|||
# and make check code
|
||||
my $dep_check_code;
|
||||
|
||||
my @res = $test_data =~ /^depends_on:([\w:]+)/msg;
|
||||
my @res = $test_data =~ /^depends_on:([!:\w]+)/msg;
|
||||
my %case_deps;
|
||||
foreach my $deps (@res)
|
||||
{
|
||||
|
@ -205,7 +205,23 @@ foreach my $deps (@res)
|
|||
}
|
||||
while( my ($key, $value) = each(%case_deps) )
|
||||
{
|
||||
$dep_check_code .= << "END";
|
||||
if( substr($key, 0, 1) eq "!" )
|
||||
{
|
||||
my $key = substr($key, 1);
|
||||
$dep_check_code .= << "END";
|
||||
if( strcmp( str, "!$key" ) == 0 )
|
||||
{
|
||||
#if !defined($key)
|
||||
return( 0 );
|
||||
#else
|
||||
return( 1 );
|
||||
#endif
|
||||
}
|
||||
END
|
||||
}
|
||||
else
|
||||
{
|
||||
$dep_check_code .= << "END";
|
||||
if( strcmp( str, "$key" ) == 0 )
|
||||
{
|
||||
#if defined($key)
|
||||
|
@ -215,6 +231,7 @@ while( my ($key, $value) = each(%case_deps) )
|
|||
#endif
|
||||
}
|
||||
END
|
||||
}
|
||||
}
|
||||
|
||||
# Make mapping code
|
||||
|
|
|
@ -55,6 +55,17 @@ typedef UINT32 uint32_t;
|
|||
}
|
||||
#endif
|
||||
|
||||
/* Helper flags for complex dependencies */
|
||||
|
||||
/* Indicates whether we expect mbedtls_entropy_init
|
||||
* to initialize some strong entropy source. */
|
||||
#if !defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES) && \
|
||||
( !defined(POLARSSL_NO_PLATFORM_ENTROPY) || \
|
||||
defined(POLARSSL_HAVEGE_C) || \
|
||||
defined(POLARSSL_TIMING_C) )
|
||||
#define ENTROPY_HAVE_DEFAULT
|
||||
#endif
|
||||
|
||||
static int unhexify( unsigned char *obuf, const char *ibuf )
|
||||
{
|
||||
unsigned char c, c2;
|
||||
|
@ -214,7 +225,7 @@ typedef struct
|
|||
* This function returns random based on a buffer it receives.
|
||||
*
|
||||
* rng_state shall be a pointer to a rnd_buf_info structure.
|
||||
*
|
||||
*
|
||||
* The number of bytes released from the buffer on each call to
|
||||
* the random function is specified by per_call. (Can be between
|
||||
* 1 and 4)
|
||||
|
|
|
@ -31,10 +31,10 @@ entropy_threshold:16:2:8
|
|||
Entropy threshold #2
|
||||
entropy_threshold:32:1:32
|
||||
|
||||
Entropy thershold #3
|
||||
Entropy threshold #3
|
||||
entropy_threshold:16:0:POLARSSL_ERR_ENTROPY_SOURCE_FAILED
|
||||
|
||||
Entropy thershold #4
|
||||
Entropy threshold #4
|
||||
entropy_threshold:1024:1:POLARSSL_ERR_ENTROPY_SOURCE_FAILED
|
||||
|
||||
Entropy self test
|
||||
|
|
|
@ -40,7 +40,7 @@ static int entropy_dummy_source( void *data, unsigned char *output,
|
|||
* END_DEPENDENCIES
|
||||
*/
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_FS_IO */
|
||||
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:ENTROPY_HAVE_DEFAULT */
|
||||
void entropy_seed_file( char *path, int ret )
|
||||
{
|
||||
entropy_context ctx;
|
||||
|
@ -78,7 +78,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:ENTROPY_HAVE_DEFAULT */
|
||||
void entropy_func_len( int len, int ret )
|
||||
{
|
||||
entropy_context ctx;
|
||||
|
@ -137,7 +137,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:ENTROPY_HAVE_DEFAULT */
|
||||
void entropy_threshold( int threshold, int chunk_size, int result )
|
||||
{
|
||||
entropy_context ctx;
|
||||
|
@ -167,7 +167,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_SELF_TEST */
|
||||
/* BEGIN_CASEdepends_on:ENTROPY_HAVE_DEFAULT:POLARSSL_SELF_TEST */
|
||||
void entropy_selftest( )
|
||||
{
|
||||
TEST_ASSERT( entropy_self_test( 0 ) == 0 );
|
||||
|
|
|
@ -17,10 +17,22 @@ PEM write (exactly two lines + 1)
|
|||
pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n"
|
||||
|
||||
PEM read (DES-EDE3-CBC + invalid iv)
|
||||
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV
|
||||
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":POLARSSL_ERR_PEM_INVALID_ENC_IV
|
||||
|
||||
PEM read (DES-CBC + invalid iv)
|
||||
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":POLARSSL_ERR_PEM_INVALID_ENC_IV
|
||||
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":POLARSSL_ERR_PEM_INVALID_ENC_IV
|
||||
|
||||
PEM read (unknown encryption algorithm)
|
||||
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG
|
||||
pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG
|
||||
|
||||
PEM read (malformed PEM DES-CBC)
|
||||
depends_on:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC
|
||||
pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
|
||||
|
||||
PEM read (malformed PEM DES-EDE3-CBC)
|
||||
depends_on:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC
|
||||
pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
|
||||
|
||||
PEM read (malformed PEM AES-128-CBC)
|
||||
depends_on:POLARSSL_AES_C:POLARSSL_CIPHER_MODE_CBC
|
||||
pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":POLARSSL_ERR_AES_INVALID_INPUT_LENGTH
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include "polarssl/base64.h"
|
||||
#include "polarssl/pem.h"
|
||||
#include "polarssl/des.h"
|
||||
#include "polarssl/aes.h"
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_PEM_WRITE_C */
|
||||
|
@ -35,16 +37,19 @@ exit:
|
|||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_AES_C:POLARSSL_DES_C:POLARSSL_MD5_C:POLARSSL_CIPHER_MODE_CBC */
|
||||
void pem_read_buffer( char *header, char *footer, char *data, int ret )
|
||||
void pem_read_buffer( char *header, char *footer, char *data, char *pwd,
|
||||
int res )
|
||||
{
|
||||
pem_context ctx;
|
||||
int ret;
|
||||
size_t use_len = 0;
|
||||
size_t pwd_len = strlen( pwd );
|
||||
|
||||
pem_init( &ctx );
|
||||
|
||||
TEST_ASSERT( pem_read_buffer( &ctx, header, footer,
|
||||
(const unsigned char *)data, NULL, 0,
|
||||
&use_len ) == ret );
|
||||
ret = pem_read_buffer( &ctx, header, footer, (const unsigned char *)data,
|
||||
(unsigned char *)pwd, pwd_len, &use_len );
|
||||
TEST_ASSERT( ret == res );
|
||||
|
||||
exit:
|
||||
pem_free( &ctx );
|
||||
|
|
|
@ -658,7 +658,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_CTR_DRBG_C:POLARSSL_ENTROPY_C */
|
||||
/* BEGIN_CASE depends_on:POLARSSL_CTR_DRBG_C:POLARSSL_ENTROPY_C:ENTROPY_HAVE_DEFAULT */
|
||||
void rsa_gen_key( int nrbits, int exponent, int result)
|
||||
{
|
||||
rsa_context ctx;
|
||||
|
@ -667,12 +667,12 @@ void rsa_gen_key( int nrbits, int exponent, int result)
|
|||
const char *pers = "test_suite_rsa";
|
||||
|
||||
entropy_init( &entropy );
|
||||
rsa_init( &ctx, 0, 0 );
|
||||
|
||||
TEST_ASSERT( ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
|
||||
(const unsigned char *) pers,
|
||||
strlen( pers ) ) == 0 );
|
||||
|
||||
rsa_init( &ctx, 0, 0 );
|
||||
|
||||
TEST_ASSERT( rsa_gen_key( &ctx, ctr_drbg_random, &ctr_drbg, nrbits,
|
||||
exponent ) == result );
|
||||
if( result == 0 )
|
||||
|
|
|
@ -44,19 +44,35 @@ x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":POLARSS
|
|||
|
||||
Certificate write check Server1 SHA1
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:-1:"data_files/server1.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, key_usage
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, ns_cert_type
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, version 1
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt"
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:1:X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, key_usage
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, version 1
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
|
||||
|
||||
X509 String to Names #1
|
||||
x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
|
||||
|
|
|
@ -3,6 +3,30 @@
|
|||
#include "polarssl/x509_csr.h"
|
||||
#include "polarssl/pem.h"
|
||||
#include "polarssl/oid.h"
|
||||
#include "polarssl/rsa.h"
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
int rsa_decrypt_func( void *ctx, int mode, size_t *olen,
|
||||
const unsigned char *input, unsigned char *output,
|
||||
size_t output_max_len )
|
||||
{
|
||||
return( rsa_pkcs1_decrypt( (rsa_context *) ctx, NULL, NULL, mode, olen,
|
||||
input, output, output_max_len ) );
|
||||
}
|
||||
int rsa_sign_func( void *ctx,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
|
||||
int mode, md_type_t md_alg, unsigned int hashlen,
|
||||
const unsigned char *hash, unsigned char *sig )
|
||||
{
|
||||
return( rsa_pkcs1_sign( (rsa_context *) ctx, f_rng, p_rng, mode,
|
||||
md_alg, hashlen, hash, sig ) );
|
||||
}
|
||||
size_t rsa_key_len_func( void *ctx )
|
||||
{
|
||||
return( ((const rsa_context *) ctx)->len );
|
||||
}
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
|
@ -75,10 +99,12 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
|||
char *subject_name, char *issuer_key_file,
|
||||
char *issuer_pwd, char *issuer_name,
|
||||
char *serial_str, char *not_before, char *not_after,
|
||||
int md_type, int key_usage, int cert_type, int ver,
|
||||
char *cert_check_file )
|
||||
int md_type, int key_usage, int cert_type, int auth_ident,
|
||||
int ver, char *cert_check_file, int rsa_alt )
|
||||
{
|
||||
pk_context subject_key, issuer_key;
|
||||
pk_context subject_key, issuer_key, issuer_key_alt;
|
||||
pk_context *key = &issuer_key;
|
||||
|
||||
x509write_cert crt;
|
||||
unsigned char buf[4096];
|
||||
unsigned char check_buf[5000];
|
||||
|
@ -93,14 +119,29 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
|||
mpi_init( &serial );
|
||||
pk_init( &subject_key );
|
||||
pk_init( &issuer_key );
|
||||
pk_init( &issuer_key_alt );
|
||||
|
||||
x509write_crt_init( &crt );
|
||||
|
||||
TEST_ASSERT( pk_parse_keyfile( &subject_key, subject_key_file,
|
||||
subject_pwd ) == 0 );
|
||||
TEST_ASSERT( pk_parse_keyfile( &issuer_key, issuer_key_file,
|
||||
issuer_pwd ) == 0 );
|
||||
|
||||
/* For RSA PK contexts, create a copy as an alternative RSA context. */
|
||||
if( rsa_alt == 1 && pk_get_type( &issuer_key ) == POLARSSL_PK_RSA )
|
||||
{
|
||||
TEST_ASSERT( pk_init_ctx_rsa_alt( &issuer_key_alt,
|
||||
pk_rsa( issuer_key ),
|
||||
rsa_decrypt_func,
|
||||
rsa_sign_func,
|
||||
rsa_key_len_func ) == 0 );
|
||||
|
||||
key = &issuer_key_alt;
|
||||
}
|
||||
|
||||
TEST_ASSERT( mpi_read_string( &serial, 10, serial_str ) == 0 );
|
||||
|
||||
x509write_crt_init( &crt );
|
||||
if( ver != -1 )
|
||||
x509write_crt_set_version( &crt, ver );
|
||||
TEST_ASSERT( x509write_crt_set_serial( &crt, &serial ) == 0 );
|
||||
|
@ -110,20 +151,21 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
|||
TEST_ASSERT( x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
|
||||
TEST_ASSERT( x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
|
||||
x509write_crt_set_subject_key( &crt, &subject_key );
|
||||
x509write_crt_set_issuer_key( &crt, &issuer_key );
|
||||
x509write_crt_set_issuer_key( &crt, key );
|
||||
|
||||
if( crt.version >= X509_CRT_VERSION_3 )
|
||||
{
|
||||
TEST_ASSERT( x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
|
||||
TEST_ASSERT( x509write_crt_set_subject_key_identifier( &crt ) == 0 );
|
||||
TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 );
|
||||
if( auth_ident != 0 )
|
||||
TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 );
|
||||
if( key_usage != 0 )
|
||||
TEST_ASSERT( x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
|
||||
if( cert_type != 0 )
|
||||
TEST_ASSERT( x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
|
||||
}
|
||||
|
||||
ret = x509write_crt_pem( &crt, buf, sizeof(buf),
|
||||
ret = x509write_crt_pem( &crt, buf, sizeof( buf ),
|
||||
rnd_pseudo_rand, &rnd_info );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
|
@ -131,8 +173,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
|||
|
||||
f = fopen( cert_check_file, "r" );
|
||||
TEST_ASSERT( f != NULL );
|
||||
olen = fread( check_buf, 1, sizeof(check_buf), f );
|
||||
TEST_ASSERT( olen < sizeof(check_buf) );
|
||||
olen = fread( check_buf, 1, sizeof( check_buf ), f );
|
||||
TEST_ASSERT( olen < sizeof( check_buf ) );
|
||||
fclose( f );
|
||||
|
||||
TEST_ASSERT( olen >= pem_len - 1 );
|
||||
|
@ -152,6 +194,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
|||
exit:
|
||||
x509write_crt_free( &crt );
|
||||
pk_free( &issuer_key );
|
||||
pk_free( &issuer_key_alt );
|
||||
pk_free( &subject_key );
|
||||
mpi_free( &serial );
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue