/* BEGIN_HEADER */ #include #include #include #include /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:POLARSSL_X509_WRITE_C:POLARSSL_BIGNUM_C * END_DEPENDENCIES */ /* BEGIN_CASE */ void x509_csr_check( char *key_file, int md_type, char *cert_req_check_file ) { rsa_context rsa; pem_context pem; x509write_csr req; unsigned char *c; unsigned char buf[4000]; unsigned char check_buf[4000]; int ret; size_t olen = sizeof( check_buf ); FILE *f; char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; memset( &rsa, 0, sizeof(rsa_context) ); ret = x509parse_keyfile_rsa( &rsa, key_file, NULL ); TEST_ASSERT( ret == 0 ); if( ret != 0 ) return; x509write_csr_init( &req ); x509write_csr_set_md_alg( &req, md_type ); x509write_csr_set_rsa_key( &req, &rsa ); TEST_ASSERT( x509write_csr_set_subject_name( &req, subject_name ) == 0 ); ret = x509write_csr_der( &req, buf, sizeof( buf ) ); TEST_ASSERT( ret >= 0 ); c = buf + sizeof( buf ) - ret; f = fopen( cert_req_check_file, "r" ); TEST_ASSERT( f != NULL ); fread( check_buf, 1, sizeof( check_buf ), f ); fclose( f ); pem_init( &pem ); pem_read_buffer( &pem, "-----BEGIN CERTIFICATE REQUEST-----", "-----END CERTIFICATE REQUEST-----", check_buf, NULL, 0, &olen ); TEST_ASSERT( pem.buflen == (size_t) ret ); TEST_ASSERT( memcmp( c, pem.buf, pem.buflen ) == 0 ); x509write_csr_free( &req ); rsa_free( &rsa ); pem_free( &pem ); } /* END_CASE */ /* BEGIN_CASE */ void x509_crt_check( char *subject_key_file, char *subject_pwd, char *subject_name, char *issuer_key_file, char *issuer_pwd, char *issuer_name, char *serial_str, char *not_before, char *not_after, int md_type, char *cert_check_file ) { rsa_context subject_rsa, issuer_rsa; pem_context pem; x509write_cert crt; unsigned char *c; unsigned char buf[4000]; unsigned char check_buf[5000]; mpi serial; int ret; size_t olen = sizeof( check_buf ); FILE *f; mpi_init( &serial ); rsa_init( &subject_rsa, RSA_PKCS_V15, 0 ); rsa_init( &issuer_rsa, RSA_PKCS_V15, 0 ); TEST_ASSERT( x509parse_keyfile_rsa( &subject_rsa, subject_key_file, subject_pwd ) == 0 ); TEST_ASSERT( x509parse_keyfile_rsa( &issuer_rsa, issuer_key_file, issuer_pwd ) == 0 ); TEST_ASSERT( mpi_read_string( &serial, 10, serial_str ) == 0 ); x509write_crt_init( &crt ); x509write_crt_set_serial( &crt, &serial ); TEST_ASSERT( x509write_crt_set_validity( &crt, not_before, not_after ) == 0 ); x509write_crt_set_md_alg( &crt, md_type ); TEST_ASSERT( x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 ); TEST_ASSERT( x509write_crt_set_subject_name( &crt, subject_name ) == 0 ); x509write_crt_set_subject_key( &crt, &subject_rsa ); x509write_crt_set_issuer_key( &crt, &issuer_rsa ); TEST_ASSERT( x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 ); TEST_ASSERT( x509write_crt_set_subject_key_identifier( &crt ) == 0 ); TEST_ASSERT( x509write_crt_set_authority_key_identifier( &crt ) == 0 ); ret = x509write_crt_der( &crt, buf, sizeof(buf) ); TEST_ASSERT( ret >= 0 ); c = buf + sizeof( buf ) - ret; f = fopen( cert_check_file, "r" ); TEST_ASSERT( f != NULL ); TEST_ASSERT( fread( check_buf, 1, sizeof(check_buf), f ) < sizeof(check_buf) ); fclose( f ); pem_init( &pem ); TEST_ASSERT( pem_read_buffer( &pem, "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----", check_buf, NULL, 0, &olen ) >= 0 ); TEST_ASSERT( pem.buflen == (size_t) ret ); TEST_ASSERT( memcmp( c, pem.buf, pem.buflen ) == 0 ); x509write_crt_free( &crt ); rsa_free( &issuer_rsa ); rsa_free( &subject_rsa ); pem_free( &pem ); mpi_free( &serial ); } /* END_CASE */