diff --git a/include/polarssl/ecdsa.h b/include/polarssl/ecdsa.h index d61e82c2d..47382e583 100644 --- a/include/polarssl/ecdsa.h +++ b/include/polarssl/ecdsa.h @@ -31,6 +31,8 @@ /** * \brief ECDSA context structure + * + * \note Purposefully begins with the same members as struct ecp_keypair. */ typedef struct { @@ -140,6 +142,16 @@ int ecdsa_read_signature( ecdsa_context *ctx, int ecdsa_genkey( ecdsa_context *ctx, ecp_group_id gid, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief Set an ECDSA context from an EC key pair + * + * \param ctx ECDSA context to set + * \param key EC key to use + * + * \return 0 on success, or a POLARSSL_ERR_ECP code. + */ +int ecdsa_from_keypair( ecdsa_context *ctx, const ecp_keypair *key ); + /** * \brief Initialize context * diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h index 2082bd960..36c618546 100644 --- a/include/polarssl/ecp.h +++ b/include/polarssl/ecp.h @@ -95,6 +95,8 @@ ecp_group; * \brief ECP key pair structure * * A generic key pair that could be used for ECDSA, fixed ECDH, etc. + * + * \note Members purposefully in the same order as struc ecdsa_context. */ typedef struct { diff --git a/include/polarssl/error.h b/include/polarssl/error.h index 45a66401a..889e4bebc 100644 --- a/include/polarssl/error.h +++ b/include/polarssl/error.h @@ -77,14 +77,14 @@ * PEM 1 9 * PKCS#12 1 4 (Started from top) * X509 2 25 - * PK 2 1 (Started from top) + * PK 2 3 (Started from top) * DHM 3 6 * PKCS5 3 4 (Started from top) * RSA 4 9 * ECP 4 4 (Started from top) * MD 5 4 * CIPHER 6 5 - * SSL 6 5 (Started from top) + * SSL 6 6 (Started from top) * SSL 7 31 * * Module dependent error code (5 bits 0x.08.-0x.F8.) diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index df3fc44de..fb0e92ec5 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -24,17 +24,29 @@ * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ + #ifndef POLARSSL_PK_H #define POLARSSL_PK_H #include "config.h" +#include "md.h" + #if defined(POLARSSL_RSA_C) #include "rsa.h" #endif +#if defined(POLARSSL_ECP_C) +#include "ecp.h" +#endif + +#if defined(POLARSSL_ECDSA_C) +#include "ecdsa.h" +#endif + #define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */ -#define POLARSSL_ERR_PK_TYPE_MISMATCH -0x2F00 /**< Type mismatch, eg attempt to use a RSA key as EC, or to modify key type */ +#define POLARSSL_ERR_PK_TYPE_MISMATCH -0x2F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */ +#define POLARSSL_ERR_PK_BAD_INPUT_DATA -0x2E80 /**< Bad input parameters to function. */ #if defined(POLARSSL_RSA_C) /** @@ -43,7 +55,7 @@ * \warning You must make sure the PK context actually holds an RSA context * before using this macro! */ -#define pk_rsa( pk ) ( (rsa_context *) (pk).data ) +#define pk_rsa( pk ) ( (rsa_context *) (pk).pk_ctx ) #endif /* POLARSSL_RSA_C */ #if defined(POLARSSL_ECP_C) @@ -53,7 +65,7 @@ * \warning You must make sure the PK context actually holds an EC context * before using this macro! */ -#define pk_ec( pk ) ( (ecp_keypair *) (pk).data ) +#define pk_ec( pk ) ( (ecp_keypair *) (pk).pk_ctx ) #endif /* POLARSSL_ECP_C */ @@ -72,58 +84,161 @@ typedef enum { POLARSSL_PK_ECDSA, } pk_type_t; +/** + * \brief Types for interfacing with the debug module + */ +typedef enum +{ + POLARSSL_PK_DEBUG_NONE = 0, + POLARSSL_PK_DEBUG_MPI, + POLARSSL_PK_DEBUG_ECP, +} pk_debug_type; + +/** + * \brief Item to send to the debug module + */ +typedef struct +{ + pk_debug_type type; + char *name; + void *value; +} pk_debug_item; + +/** Maximum number of item send for debugging, plus 1 */ +#define POLARSSL_PK_DEBUG_MAX_ITEMS 3 + +/** + * \brief Public key information and operations + */ +typedef struct +{ + /** Public key type */ + pk_type_t type; + + /** Type name */ + const char *name; + + /** Get key size in bits */ + size_t (*get_size)( const void * ); + + /** Tell if the context implements this type (eg ECKEY can do ECDSA) */ + int (*can_do)( pk_type_t type ); + + /** Verify signature */ + int (*verify_func)( void *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len ); + + /** Allocate a new context */ + void * (*ctx_alloc_func)( void ); + + /** Free the given context */ + void (*ctx_free_func)( void *ctx ); + + /** Interface with the debug module */ + void (*debug_func)( const void *ctx, pk_debug_item *items ); + +} pk_info_t; + /** * \brief Public key container */ typedef struct { - pk_type_t type; /**< Public key type */ - void * data; /**< Public key data */ - int dont_free; /**< True if data must not be freed */ + const pk_info_t * pk_info; /**< Public key informations */ + void * pk_ctx; /**< Underlying public key context */ } pk_context; +/** + * \brief Return information associated with the given PK type + * + * \param type PK type to search for. + * + * \return The PK info associated with the type or NULL if not found. + */ +const pk_info_t *pk_info_from_type( pk_type_t pk_type ); + /** * \brief Initialize a pk_context (as NONE) */ void pk_init( pk_context *ctx ); +/** + * \brief Initialize a PK context with the information given + * and allocates the type-specific PK subcontext. + * + * \param ctx Context to initialize. Must be empty (type NONE). + * \param info Information to use + * + * \return 0 on success, + * POLARSSL_ERR_PK_BAD_INPUT_DATA on invalid input, + * POLARSSL_ERR_PK_MALLOC_FAILED on allocation failure. + */ +int pk_init_ctx( pk_context *ctx, const pk_info_t *info ); + /** * \brief Free a pk_context */ void pk_free( pk_context *ctx ); /** - * \brief Set a pk_context to a given type + * \brief Get the size in bits of the underlying key * - * \param ctx Context to initialize - * \param type Type of key + * \param ctx Context to use * - * \note Once the type of a key has been set, it cannot be reset. - * If you want to do so, you need to use pk_free() first. - * - * \return O on success, - * POLARSSL_ERR_PK_MALLOC_FAILED on memory allocation fail, - * POLARSSL_ERR_PK_TYPE_MISMATCH on attempts to reset type. + * \return Key size in bits, or 0 on error */ -int pk_set_type( pk_context *ctx, pk_type_t type ); +size_t pk_get_size( const pk_context *ctx ); -#if defined(POLARSSL_RSA_C) /** - * \brief Wrap a RSA context in a PK context + * \brief Tell if a context can do the operation given by type * - * \param ctx PK context to initiliaze - * \param rsa RSA context to use + * \param ctx Context to test + * \param type Target type * - * \note The PK context must be freshly initialized. - * - * \return O on success, - * POLARSSL_ERR_PK_TYPE_MISMATCH if ctx was not empty. + * \return 0 if context can't do the operations, + * 1 otherwise. */ -int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa); -#endif /* POLARSSL_RSA_C */ +int pk_can_do( pk_context *ctx, pk_type_t type ); + +/** + * \brief Verify signature + * + * \param ctx PK context to use + * \param md_alg Hash algorithm used + * \param hash Hash of the message to sign + * \param hash_len Hash length + * \param sig Signature to verify + * \param sig_len Signature length + * + * \return 0 on success (signature is valid), + * or a specific error code. + */ +int pk_verify( pk_context *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len ); + +/** + * \brief Export debug information + * + * \param ctx Context to use + * \param items Place to write debug items + * + * \return 0 on sucess or POLARSSL_ERR_PK_BAD_INPUT_DATA + */ +int pk_debug( const pk_context *ctx, pk_debug_item *items ); + +/** + * \brief Access the type name + * + * \param ctx Context to use + * + * \return Type name on success, or "invalid PK" + */ +const char * pk_get_name( const pk_context *ctx ); #ifdef __cplusplus } #endif -#endif /* pk.h */ +#endif /* POLARSSL_PK_H */ diff --git a/include/polarssl/pk_wrap.h b/include/polarssl/pk_wrap.h new file mode 100644 index 000000000..a24fbd1d1 --- /dev/null +++ b/include/polarssl/pk_wrap.h @@ -0,0 +1,48 @@ +/** + * \file pk.h + * + * \brief Public Key abstraction layer: wrapper functions + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef POLARSSL_PK_WRAP_H +#define POLARSSL_PK_WRAP_H + +#include "config.h" + +#include "pk.h" + +#if defined(POLARSSL_RSA_C) +extern const pk_info_t rsa_info; +#endif + +#if defined(POLARSSL_ECP_C) +extern const pk_info_t eckey_info; +extern const pk_info_t eckeydh_info; +#endif + +#if defined(POLARSSL_ECDSA_C) +extern const pk_info_t ecdsa_info; +#endif + +#endif /* POLARSSL_PK_WRAP_H */ diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h index 7daa05a41..8e52e7d1e 100644 --- a/include/polarssl/rsa.h +++ b/include/polarssl/rsa.h @@ -451,7 +451,7 @@ int rsa_pkcs1_verify( rsa_context *ctx, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, - unsigned char *sig ); + const unsigned char *sig ); /** * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) @@ -474,7 +474,7 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, - unsigned char *sig ); + const unsigned char *sig ); /** * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) @@ -504,7 +504,18 @@ int rsa_rsassa_pss_verify( rsa_context *ctx, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, - unsigned char *sig ); + const unsigned char *sig ); + +/** + * \brief Copy the components of an RSA context + * + * \param dst Destination context + * \param src Source context + * + * \return O on success, + * POLARSSL_ERR_MPI_MALLOC_FAILED on memory allocation failure + */ +int rsa_copy( rsa_context *dst, const rsa_context *src ); /** * \brief Free the components of an RSA key diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 7a468c46b..d5a2fc001 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -110,7 +110,7 @@ #define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */ #define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */ #define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */ - +#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */ /* * Various constants diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 3fa76a972..9eea7dc05 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -40,6 +40,7 @@ set(src pkcs11.c pkcs12.c pk.c + pk_wrap.c rsa.c sha1.c sha256.c diff --git a/library/Makefile b/library/Makefile index 48c3bdcbb..044e2b7a4 100644 --- a/library/Makefile +++ b/library/Makefile @@ -49,7 +49,7 @@ OBJS= aes.o arc4.o asn1parse.o \ oid.o \ padlock.o pbkdf2.o pem.o \ pkcs5.o pkcs11.o pkcs12.o \ - pk.o \ + pk.o pk_wrap.o \ rsa.o sha1.o sha256.o \ sha512.o ssl_cache.o ssl_cli.o \ ssl_srv.o ssl_ciphersuites.o \ diff --git a/library/bignum.c b/library/bignum.c index cc4b1f368..b0bbf8f9c 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -130,6 +130,12 @@ int mpi_copy( mpi *X, const mpi *Y ) if( X == Y ) return( 0 ); + if( Y->p == NULL ) + { + mpi_free( X ); + return( 0 ); + } + for( i = Y->n - 1; i > 0; i-- ) if( Y->p[i] != 0 ) break; diff --git a/library/debug.c b/library/debug.c index 8e3dd03a9..5522fb643 100644 --- a/library/debug.c +++ b/library/debug.c @@ -225,6 +225,39 @@ void debug_print_mpi( const ssl_context *ssl, int level, #endif /* POLARSSL_BIGNUM_C */ #if defined(POLARSSL_X509_PARSE_C) +static void debug_print_pk( const ssl_context *ssl, int level, + const char *file, int line, + const char *text, const pk_context *pk ) +{ + size_t i; + pk_debug_item items[POLARSSL_PK_DEBUG_MAX_ITEMS]; + char name[16]; + + memset( items, 0, sizeof( items ) ); + + if( pk_debug( pk, items ) != 0 ) + { + debug_print_msg( ssl, level, file, line, "invalid PK context" ); + return; + } + + for( i = 0; i < sizeof( items ); i++ ) + { + if( items[i].type == POLARSSL_PK_DEBUG_NONE ) + return; + + snprintf( name, sizeof( name ), "%s%s", text, items[i].name ); + name[sizeof( name ) - 1] = '\0'; + + if( items[i].type == POLARSSL_PK_DEBUG_MPI ) + debug_print_mpi( ssl, level, file, line, name, items[i].value ); + else if( items[i].type == POLARSSL_PK_DEBUG_ECP ) + debug_print_ecp( ssl, level, file, line, name, items[i].value ); + else + debug_print_msg( ssl, level, file, line, "should not happen" ); + } +} + void debug_print_crt( const ssl_context *ssl, int level, const char *file, int line, const char *text, const x509_cert *crt ) @@ -250,25 +283,7 @@ void debug_print_crt( const ssl_context *ssl, int level, str[maxlen] = '\0'; ssl->f_dbg( ssl->p_dbg, level, str ); -#if defined(POLARSSL_RSA_C) - if( crt->pk.type == POLARSSL_PK_RSA ) - { - debug_print_mpi( ssl, level, file, line, - "crt->rsa.N", &pk_rsa( crt->pk )->N ); - debug_print_mpi( ssl, level, file, line, - "crt->rsa.E", &pk_rsa( crt->pk )->E ); - } else -#endif /* POLARSSL_RSA_C */ -#if defined(POLARSSL_ECP_C) - if( crt->pk.type == POLARSSL_PK_ECKEY || - crt->pk.type == POLARSSL_PK_ECKEY_DH ) - { - debug_print_ecp( ssl, level, file, line, - "crt->eckey.Q", &pk_ec( crt->pk )->Q ); - } else -#endif /* POLARSSL_ECP_C */ - debug_print_msg( ssl, level, file, line, - "crt->pk.type is not valid" ); + debug_print_pk( ssl, level, file, line, "crt->", &crt->pk ); crt = crt->next; } diff --git a/library/ecdsa.c b/library/ecdsa.c index 6746233b4..bdb356750 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -283,6 +283,20 @@ int ecdsa_genkey( ecdsa_context *ctx, ecp_group_id gid, ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); } +/* + * Set context from an ecp_keypair + */ +int ecdsa_from_keypair( ecdsa_context *ctx, const ecp_keypair *key ) +{ + int ret = ecp_group_copy( &ctx->grp, &key->grp ) || + mpi_copy( &ctx->d, &key->d ) || + ecp_copy( &ctx->Q, &key->Q ); + + if( ret != 0 ) + ecdsa_free( ctx ); + + return( ret ); +} /* * Initialize context diff --git a/library/error.c b/library/error.c index 23f4a85d7..0ea3c297c 100644 --- a/library/error.c +++ b/library/error.c @@ -252,6 +252,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "PK - Memory alloation failed" ); if( use_ret == -(POLARSSL_ERR_PK_TYPE_MISMATCH) ) snprintf( buf, buflen, "PK - Type mismatch, eg attempt to use a RSA key as EC, or to modify key type" ); + if( use_ret == -(POLARSSL_ERR_PK_BAD_INPUT_DATA) ) + snprintf( buf, buflen, "PK - Bad input parameters to function" ); #endif /* POLARSSL_PK_C */ #if defined(POLARSSL_PKCS12_C) @@ -373,6 +375,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "SSL - Processing of the NewSessionTicket handshake message failed" ); if( use_ret == -(POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED) ) snprintf( buf, buflen, "SSL - Session ticket has expired" ); + if( use_ret == -(POLARSSL_ERR_SSL_PK_TYPE_MISMATCH) ) + snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" ); #endif /* POLARSSL_SSL_TLS_C */ #if defined(POLARSSL_X509_PARSE_C) diff --git a/library/pk.c b/library/pk.c index 3755fbcfe..3711794e1 100644 --- a/library/pk.c +++ b/library/pk.c @@ -26,6 +26,7 @@ #include "polarssl/config.h" #include "polarssl/pk.h" +#include "polarssl/pk_wrap.h" #if defined(POLARSSL_RSA_C) #include "polarssl/rsa.h" @@ -37,15 +38,6 @@ #include "polarssl/ecdsa.h" #endif -#if defined(POLARSSL_MEMORY_C) -#include "polarssl/memory.h" -#else -#define polarssl_malloc malloc -#define polarssl_free free -#endif - -#include - /* * Initialise a pk_context */ @@ -54,9 +46,8 @@ void pk_init( pk_context *ctx ) if( ctx == NULL ) return; - ctx->type = POLARSSL_PK_NONE; - ctx->data = NULL; - ctx->dont_free = 0; + ctx->pk_info = NULL; + ctx->pk_ctx = NULL; } /* @@ -64,87 +55,116 @@ void pk_init( pk_context *ctx ) */ void pk_free( pk_context *ctx ) { - if( ctx == NULL ) + if( ctx == NULL || ctx->pk_info == NULL) return; -#if defined(POLARSSL_RSA_C) - if( ctx->type == POLARSSL_PK_RSA ) - rsa_free( ctx->data ); - else -#endif -#if defined(POLARSSL_ECP_C) - if( ctx->type == POLARSSL_PK_ECKEY || ctx->type == POLARSSL_PK_ECKEY_DH ) - ecp_keypair_free( ctx->data ); - else -#endif -#if defined(POLARSSL_ECDSA_C) - if( ctx->type == POLARSSL_PK_ECDSA ) - ecdsa_free( ctx->data ); - else -#endif - { - ; /* guard for the else's above */ - } + ctx->pk_info->ctx_free_func( ctx->pk_ctx ); + ctx->pk_ctx = NULL; - if( ! ctx->dont_free ) - polarssl_free( ctx->data ); - - ctx->type = POLARSSL_PK_NONE; - ctx->data = NULL; + ctx->pk_info = NULL; } /* - * Set a pk_context to a given type + * Get pk_info structure from type */ -int pk_set_type( pk_context *ctx, pk_type_t type ) +const pk_info_t * pk_info_from_type( pk_type_t pk_type ) { - size_t size; - - if( ctx->type == type ) - return( 0 ); - - if( ctx->type != POLARSSL_PK_NONE ) - return( POLARSSL_ERR_PK_TYPE_MISMATCH ); - + switch( pk_type ) { #if defined(POLARSSL_RSA_C) - if( type == POLARSSL_PK_RSA ) - size = sizeof( rsa_context ); - else + case POLARSSL_PK_RSA: + return &rsa_info; #endif #if defined(POLARSSL_ECP_C) - if( type == POLARSSL_PK_ECKEY || type == POLARSSL_PK_ECKEY_DH ) - size = sizeof( ecp_keypair ); - else + case POLARSSL_PK_ECKEY: + return &eckey_info; + case POLARSSL_PK_ECKEY_DH: + return &eckeydh_info; #endif #if defined(POLARSSL_ECDSA_C) - if( type == POLARSSL_PK_ECDSA ) - size = sizeof( ecdsa_context ); - else + case POLARSSL_PK_ECDSA: + return &ecdsa_info; #endif - return( POLARSSL_ERR_PK_TYPE_MISMATCH ); + default: + return NULL; + } +} - if( ( ctx->data = polarssl_malloc( size ) ) == NULL ) +/* + * Initialise context + */ +int pk_init_ctx( pk_context *ctx, const pk_info_t *info ) +{ + if( ctx == NULL || info == NULL || ctx->pk_info != NULL ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); + + if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) return( POLARSSL_ERR_PK_MALLOC_FAILED ); - memset( ctx->data, 0, size ); - ctx->type = type; + ctx->pk_info = info; return( 0 ); } -#if defined(POLARSSL_RSA_C) /* - * Wrap an RSA context in a PK context + * Tell if a PK can do the operations of the given type */ -int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa) +int pk_can_do( pk_context *ctx, pk_type_t type ) { - if( ctx->type != POLARSSL_PK_NONE ) + /* null or NONE context can't do anything */ + if( ctx == NULL || ctx->pk_info == NULL ) + return( 0 ); + + return( ctx->pk_info->can_do( type ) ); +} + +/* + * Verify a signature + */ +int pk_verify( pk_context *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len ) +{ + if( ctx == NULL || ctx->pk_info == NULL ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); + + if( ctx->pk_info->verify_func == NULL ) return( POLARSSL_ERR_PK_TYPE_MISMATCH ); - ctx->type = POLARSSL_PK_RSA; - ctx->data = (rsa_context *) rsa; - ctx->dont_free = 1; + return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, + hash, hash_len, + sig, sig_len ) ); +} +/* + * Get key size in bits + */ +size_t pk_get_size( const pk_context *ctx ) +{ + if( ctx == NULL || ctx->pk_info == NULL ) + return( 0 ); + + return( ctx->pk_info->get_size( ctx->pk_ctx ) ); +} + +/* + * Export debug information + */ +int pk_debug( const pk_context *ctx, pk_debug_item *items ) +{ + if( ctx == NULL || ctx->pk_info == NULL ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); + + ctx->pk_info->debug_func( ctx->pk_ctx, items ); return( 0 ); } -#endif + +/* + * Access the PK type name + */ +const char * pk_get_name( const pk_context *ctx ) +{ + if( ctx == NULL || ctx->pk_info == NULL ) + return( "invalid PK" ); + + return( ctx->pk_info->name ); +} diff --git a/library/pk_wrap.c b/library/pk_wrap.c new file mode 100644 index 000000000..c2a4c7fce --- /dev/null +++ b/library/pk_wrap.c @@ -0,0 +1,254 @@ +/* + * Public Key abstraction layer: wrapper functions + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "polarssl/config.h" + +#include "polarssl/pk_wrap.h" + +#if defined(POLARSSL_RSA_C) +#include "polarssl/rsa.h" +#endif + +#if defined(POLARSSL_ECP_C) +#include "polarssl/ecp.h" +#endif + +#if defined(POLARSSL_ECDSA_C) +#include "polarssl/ecdsa.h" +#endif + +#if defined(POLARSSL_MEMORY_C) +#include "polarssl/memory.h" +#else +#include +#define polarssl_malloc malloc +#define polarssl_free free +#endif + +#if defined(POLARSSL_RSA_C) +static int rsa_can_do( pk_type_t type ) +{ + return( type == POLARSSL_PK_RSA ); +} + +static size_t rsa_get_size( const void * ctx ) +{ + return( 8 * ((rsa_context *) ctx)->len ); +} + +static int rsa_verify_wrap( void *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len ) +{ + if( sig_len != ((rsa_context *) ctx)->len ) + return( POLARSSL_ERR_RSA_VERIFY_FAILED ); + + return( rsa_pkcs1_verify( (rsa_context *) ctx, + RSA_PUBLIC, md_alg, hash_len, hash, sig ) ); +} + +static void *rsa_alloc_wrap( void ) +{ + void *ctx = polarssl_malloc( sizeof( rsa_context ) ); + + if( ctx != NULL ) + rsa_init( (rsa_context *) ctx, 0, 0 ); + + return ctx; +} + +static void rsa_free_wrap( void *ctx ) +{ + rsa_free( (rsa_context *) ctx ); + polarssl_free( ctx ); +} + +static void rsa_debug( const void *ctx, pk_debug_item *items ) +{ + items->type = POLARSSL_PK_DEBUG_MPI; + items->name = "rsa.N"; + items->value = &( ((rsa_context *) ctx)->N ); + + items++; + + items->type = POLARSSL_PK_DEBUG_MPI; + items->name = "rsa.E"; + items->value = &( ((rsa_context *) ctx)->E ); +} + +const pk_info_t rsa_info = { + POLARSSL_PK_RSA, + "RSA", + rsa_get_size, + rsa_can_do, + rsa_verify_wrap, + rsa_alloc_wrap, + rsa_free_wrap, + rsa_debug, +}; +#endif /* POLARSSL_RSA_C */ + +#if defined(POLARSSL_ECP_C) +/* + * Generic EC key + */ +static int eckey_can_do( pk_type_t type ) +{ + return( type == POLARSSL_PK_ECKEY || + type == POLARSSL_PK_ECKEY_DH || + type == POLARSSL_PK_ECDSA ); +} + +static size_t eckey_get_size( const void *ctx ) +{ + return( ((ecp_keypair *) ctx)->grp.pbits ); +} + +#if defined(POLARSSL_ECDSA_C) +/* Forward declaration */ +static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len ); + +static int eckey_verify_wrap( void *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len ) +{ + int ret; + ecdsa_context ecdsa; + + ecdsa_init( &ecdsa ); + + ret = ecdsa_from_keypair( &ecdsa, ctx ) || + ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len ); + + ecdsa_free( &ecdsa ); + + return( ret ); +} +#endif /* POLARSSL_ECDSA_C */ + +static void *eckey_alloc_wrap( void ) +{ + void *ctx = polarssl_malloc( sizeof( ecp_keypair ) ); + + if( ctx != NULL ) + ecp_keypair_init( ctx ); + + return( ctx ); +} + +static void eckey_free_wrap( void *ctx ) +{ + ecp_keypair_free( (ecp_keypair *) ctx ); + polarssl_free( ctx ); +} + +static void eckey_debug( const void *ctx, pk_debug_item *items ) +{ + items->type = POLARSSL_PK_DEBUG_ECP; + items->name = "eckey.Q"; + items->value = &( ((ecp_keypair *) ctx)->Q ); +} + +const pk_info_t eckey_info = { + POLARSSL_PK_ECKEY, + "EC", + eckey_get_size, + eckey_can_do, +#if defined(POLARSSL_ECDSA_C) + eckey_verify_wrap, +#else + NULL, +#endif + eckey_alloc_wrap, + eckey_free_wrap, + eckey_debug, +}; + +/* + * EC key resticted to ECDH + */ +static int eckeydh_can_do( pk_type_t type ) +{ + return( type == POLARSSL_PK_ECKEY || + type == POLARSSL_PK_ECKEY_DH ); +} + +const pk_info_t eckeydh_info = { + POLARSSL_PK_ECKEY_DH, + "EC_DH", + eckey_get_size, /* Same underlying key structure */ + eckeydh_can_do, + NULL, + eckey_alloc_wrap, /* Same underlying key structure */ + eckey_free_wrap, /* Same underlying key structure */ + eckey_debug, /* Same underlying key structure */ +}; +#endif /* POLARSSL_ECP_C */ + +#if defined(POLARSSL_ECDSA_C) +static int ecdsa_can_do( pk_type_t type ) +{ + return( type == POLARSSL_PK_ECDSA ); +} + +static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len ) +{ + ((void) md_alg); + + return( ecdsa_read_signature( (ecdsa_context *) ctx, + hash, hash_len, sig, sig_len ) ); +} + +static void *ecdsa_alloc_wrap( void ) +{ + void *ctx = polarssl_malloc( sizeof( ecdsa_context ) ); + + if( ctx != NULL ) + ecdsa_init( (ecdsa_context *) ctx ); + + return( ctx ); +} + +static void ecdsa_free_wrap( void *ctx ) +{ + ecdsa_free( (ecdsa_context *) ctx ); + polarssl_free( ctx ); +} + +const pk_info_t ecdsa_info = { + POLARSSL_PK_ECDSA, + "ECDSA", + eckey_get_size, /* Compatible key structures */ + ecdsa_can_do, + ecdsa_verify_wrap, + ecdsa_alloc_wrap, + ecdsa_free_wrap, + eckey_debug, /* Compatible key structures */ +}; +#endif /* POLARSSL_ECDSA_C */ diff --git a/library/rsa.c b/library/rsa.c index 146b4a3d4..ccdd04815 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -953,7 +953,7 @@ int rsa_rsassa_pss_verify( rsa_context *ctx, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, - unsigned char *sig ) + const unsigned char *sig ) { int ret; size_t siglen; @@ -1063,7 +1063,7 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, - unsigned char *sig ) + const unsigned char *sig ) { int ret; size_t len, siglen, asn1_len; @@ -1177,7 +1177,7 @@ int rsa_pkcs1_verify( rsa_context *ctx, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, - unsigned char *sig ) + const unsigned char *sig ) { switch( ctx->padding ) { @@ -1196,6 +1196,40 @@ int rsa_pkcs1_verify( rsa_context *ctx, } } +/* + * Copy the components of an RSA key + */ +int rsa_copy( rsa_context *dst, const rsa_context *src ) +{ + int ret; + + dst->ver = src->ver; + dst->len = src->len; + + MPI_CHK( mpi_copy( &dst->N, &src->N ) ); + MPI_CHK( mpi_copy( &dst->E, &src->E ) ); + + MPI_CHK( mpi_copy( &dst->D, &src->D ) ); + MPI_CHK( mpi_copy( &dst->P, &src->P ) ); + MPI_CHK( mpi_copy( &dst->Q, &src->Q ) ); + MPI_CHK( mpi_copy( &dst->DP, &src->DP ) ); + MPI_CHK( mpi_copy( &dst->DQ, &src->DQ ) ); + MPI_CHK( mpi_copy( &dst->QP, &src->QP ) ); + + MPI_CHK( mpi_copy( &dst->RN, &src->RN ) ); + MPI_CHK( mpi_copy( &dst->RP, &src->RP ) ); + MPI_CHK( mpi_copy( &dst->RQ, &src->RQ ) ); + + dst->padding = src->padding; + dst->hash_id = src->padding; + +cleanup: + if( ret != 0 ) + rsa_free( dst ); + + return( ret ); +} + /* * Free the components of an RSA key */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 667434819..1c2c395db 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1346,12 +1346,15 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - /* EC NOT IMPLEMENTED YET */ - if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA ) - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, + POLARSSL_PK_RSA ) ) + { + SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); + return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH ); + } - if( (unsigned int)( end - p ) != - pk_rsa( ssl->session_negotiate->peer_cert->pk )->len ) + if( 8 * (unsigned int)( end - p ) != + pk_get_size( &ssl->session_negotiate->peer_cert->pk ) ) { SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); @@ -1795,12 +1798,15 @@ static int ssl_write_client_key_exchange( ssl_context *ssl ) if( ret != 0 ) return( ret ); - /* EC NOT IMPLEMENTED YET */ - if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA ) - return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, + POLARSSL_PK_RSA ) ) + { + SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) ); + return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH ); + } i = 4; - n = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len; + n = pk_get_size( &ssl->session_negotiate->peer_cert->pk ) / 8; if( ssl->minor_ver != SSL_MINOR_VERSION_0 ) { diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 36c4f2f36..0780da514 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2517,10 +2517,13 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) } /* EC NOT IMPLEMENTED YET */ - if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA ) + if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk, + POLARSSL_PK_RSA ) ) + { return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE ); + } - n1 = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len; + n1 = pk_get_size( &ssl->session_negotiate->peer_cert->pk ) / 8; n2 = ( ssl->in_msg[4 + n] << 8 ) | ssl->in_msg[5 + n]; if( n + n1 + 6 != ssl->in_hslen || n1 != n2 ) diff --git a/library/x509parse.c b/library/x509parse.c index 08dc4d0ba..bbaca8ea4 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -570,6 +570,7 @@ static int x509_get_pubkey( unsigned char **p, size_t len; x509_buf alg_params; pk_type_t pk_alg = POLARSSL_PK_NONE; + const pk_info_t *pk_info; if( ( ret = asn1_get_tag( p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) @@ -589,7 +590,10 @@ static int x509_get_pubkey( unsigned char **p, return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); - if( ( ret = pk_set_type( pk, pk_alg ) ) != 0 ) + if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL ) + return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ) return( ret ); #if defined(POLARSSL_RSA_C) @@ -2138,12 +2142,24 @@ int x509parse_public_keyfile( pk_context *ctx, const char *path ) */ int x509parse_keyfile_rsa( rsa_context *rsa, const char *path, const char *pwd ) { + int ret; pk_context pk; pk_init( &pk ); - pk_wrap_rsa( &pk, rsa ); - return( x509parse_keyfile( &pk, path, pwd ) ); + ret = x509parse_keyfile( &pk, path, pwd ); + + if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) + ret = POLARSSL_ERR_PK_TYPE_MISMATCH; + + if( ret == 0 ) + rsa_copy( rsa, pk_rsa( pk ) ); + else + rsa_free( rsa ); + + pk_free( &pk ); + + return( ret ); } /* @@ -2151,12 +2167,24 @@ int x509parse_keyfile_rsa( rsa_context *rsa, const char *path, const char *pwd ) */ int x509parse_public_keyfile_rsa( rsa_context *rsa, const char *path ) { + int ret; pk_context pk; pk_init( &pk ); - pk_wrap_rsa( &pk, rsa ); - return( x509parse_public_keyfile( &pk, path ) ); + ret = x509parse_public_keyfile( &pk, path ); + + if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) + ret = POLARSSL_ERR_PK_TYPE_MISMATCH; + + if( ret == 0 ) + rsa_copy( rsa, pk_rsa( pk ) ); + else + rsa_free( rsa ); + + pk_free( &pk ); + + return( ret ); } #endif /* POLARSSL_RSA_C */ #endif /* POLARSSL_FS_IO */ @@ -2360,6 +2388,7 @@ static int x509parse_key_pkcs8_unencrypted_der( unsigned char *p = (unsigned char *) key; unsigned char *end = p + keylen; pk_type_t pk_alg = POLARSSL_PK_NONE; + const pk_info_t *pk_info; /* * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208) @@ -2401,7 +2430,10 @@ static int x509parse_key_pkcs8_unencrypted_der( return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA ); - if( ( ret = pk_set_type( pk, pk_alg ) ) != 0 ) + if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL ) + return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ) return( ret ); #if defined(POLARSSL_RSA_C) @@ -2548,6 +2580,7 @@ int x509parse_key( pk_context *pk, const unsigned char *pwd, size_t pwdlen ) { int ret; + const pk_info_t *pk_info; #if defined(POLARSSL_PEM_C) size_t len; @@ -2562,7 +2595,10 @@ int x509parse_key( pk_context *pk, key, pwd, pwdlen, &len ); if( ret == 0 ) { - if( ( ret = pk_set_type( pk, POLARSSL_PK_RSA ) ) != 0 || + if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL ) + return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || ( ret = x509parse_key_pkcs1_der( pk_rsa( *pk ), pem.buf, pem.buflen ) ) != 0 ) { @@ -2587,7 +2623,10 @@ int x509parse_key( pk_context *pk, key, pwd, pwdlen, &len ); if( ret == 0 ) { - if( ( ret = pk_set_type( pk, POLARSSL_PK_ECKEY ) ) != 0 || + if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL ) + return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || ( ret = x509parse_key_sec1_der( pk_ec( *pk ), pem.buf, pem.buflen ) ) != 0 ) { @@ -2672,7 +2711,10 @@ int x509parse_key( pk_context *pk, pk_free( pk ); #if defined(POLARSSL_RSA_C) - if( ( ret = pk_set_type( pk, POLARSSL_PK_RSA ) ) == 0 && + if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL ) + return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || ( ret = x509parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) == 0 ) { return( 0 ); @@ -2682,7 +2724,10 @@ int x509parse_key( pk_context *pk, #endif /* POLARSSL_RSA_C */ #if defined(POLARSSL_ECP_C) - if( ( ret = pk_set_type( pk, POLARSSL_PK_ECKEY ) ) == 0 && + if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL ) + return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || ( ret = x509parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) == 0 ) { return( 0 ); @@ -2745,12 +2790,24 @@ int x509parse_key_rsa( rsa_context *rsa, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen ) { + int ret; pk_context pk; pk_init( &pk ); - pk_wrap_rsa( &pk, rsa ); - return( x509parse_key( &pk, key, keylen, pwd, pwdlen ) ); + ret = x509parse_key( &pk, key, keylen, pwd, pwdlen ); + + if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) + ret = POLARSSL_ERR_PK_TYPE_MISMATCH; + + if( ret == 0 ) + rsa_copy( rsa, pk_rsa( pk ) ); + else + rsa_free( rsa ); + + pk_free( &pk ); + + return( ret ); } /* @@ -2759,12 +2816,24 @@ int x509parse_key_rsa( rsa_context *rsa, int x509parse_public_key_rsa( rsa_context *rsa, const unsigned char *key, size_t keylen ) { + int ret; pk_context pk; pk_init( &pk ); - pk_wrap_rsa( &pk, rsa ); - return( x509parse_public_key( &pk, key, keylen ) ); + ret = x509parse_public_key( &pk, key, keylen ); + + if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) + ret = POLARSSL_ERR_PK_TYPE_MISMATCH; + + if( ret == 0 ) + rsa_copy( rsa, pk_rsa( pk ) ); + else + rsa_free( rsa ); + + pk_free( &pk ); + + return( ret ); } #endif /* POLARSSL_RSA_C */ @@ -3021,9 +3090,29 @@ int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial ) return( (int) ( size - n ) ); } +/* + * Helper for writing "RSA key size", "EC key size", etc + */ +static int x509_key_size_helper( char *buf, size_t size, const char *name ) +{ + char *p = buf; + size_t n = size; + int ret; + + if( strlen( name ) + sizeof( " key size" ) > size ) + return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL; + + ret = snprintf( p, n, "%s key size", name ); + SAFE_SNPRINTF(); + + return( 0 ); +} + /* * Return an informational string about the certificate. */ +#define BEFORE_COLON 14 +#define BC "14" int x509parse_cert_info( char *buf, size_t size, const char *prefix, const x509_cert *crt ) { @@ -3031,6 +3120,7 @@ int x509parse_cert_info( char *buf, size_t size, const char *prefix, size_t n; char *p; const char *desc = NULL; + char key_size_str[BEFORE_COLON]; p = buf; n = size; @@ -3079,20 +3169,14 @@ int x509parse_cert_info( char *buf, size_t size, const char *prefix, ret = snprintf( p, n, desc ); SAFE_SNPRINTF(); -#if defined(POLARSSL_RSA_C) - if( crt->pk.type == POLARSSL_PK_RSA ) - ret = snprintf( p, n, "\n%sRSA key size : %d bits\n", prefix, - (int) pk_rsa( crt->pk )->N.n * (int) sizeof( t_uint ) * 8 ); - else -#endif /* POLARSSL_RSA_C */ -#if defined(POLARSSL_ECP_C) - if( crt->pk.type == POLARSSL_PK_ECKEY || - crt->pk.type == POLARSSL_PK_ECKEY_DH ) - ret = snprintf( p, n, "\n%sEC key size : %d bits\n", prefix, - (int) pk_ec( crt->pk )->grp.pbits ); - else -#endif /* POLARSSL_ECP_C */ - ret = snprintf(p, n, "\n%sPK type looks wrong!", prefix); + if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON, + pk_get_name( &crt->pk ) ) ) != 0 ) + { + return( ret ); + } + + ret = snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str, + (int) pk_get_size( &crt->pk ) ); SAFE_SNPRINTF(); return( (int) ( size - n ) ); @@ -3344,16 +3428,10 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca, md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ); - /* EC NOT IMPLEMENTED YET */ - if( ca->pk.type != POLARSSL_PK_RSA ) - return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); - - if( !rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC, crl_list->sig_md, - 0, hash, crl_list->sig.p ) == 0 ) + if( pk_can_do( &ca->pk, crl_list->sig_pk ) == 0 || + pk_verify( &ca->pk, crl_list->sig_md, hash, md_info->size, + crl_list->sig.p, crl_list->sig.len ) != 0 ) { - /* - * CRL is not trusted - */ flags |= BADCRL_NOT_TRUSTED; break; } @@ -3443,7 +3521,7 @@ static int x509parse_verify_top( */ if( child->subject_raw.len == trust_ca->subject_raw.len && memcmp( child->subject_raw.p, trust_ca->subject_raw.p, - child->issuer_raw.len ) == 0 ) + child->issuer_raw.len ) == 0 ) { check_path_cnt--; } @@ -3467,12 +3545,9 @@ static int x509parse_verify_top( md( md_info, child->tbs.p, child->tbs.len, hash ); - /* EC NOT IMPLEMENTED YET */ - if( trust_ca->pk.type != POLARSSL_PK_RSA ) - return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); - - if( rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC, child->sig_md, - 0, hash, child->sig.p ) != 0 ) + if( pk_can_do( &trust_ca->pk, child->sig_pk ) == 0 || + pk_verify( &trust_ca->pk, child->sig_md, hash, md_info->size, + child->sig.p, child->sig.len ) != 0 ) { trust_ca = trust_ca->next; continue; @@ -3547,12 +3622,9 @@ static int x509parse_verify_child( { md( md_info, child->tbs.p, child->tbs.len, hash ); - /* EC NOT IMPLEMENTED YET */ - if( parent->pk.type != POLARSSL_PK_RSA ) - return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); - - if( rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC, child->sig_md, - 0, hash, child->sig.p ) != 0 ) + if( pk_can_do( &parent->pk, child->sig_pk ) == 0 || + pk_verify( &parent->pk, child->sig_md, hash, md_info->size, + child->sig.p, child->sig.len ) != 0 ) { *flags |= BADCERT_NOT_TRUSTED; } diff --git a/programs/test/ssl_cert_test.c b/programs/test/ssl_cert_test.c index ec824c9eb..a77a314ad 100644 --- a/programs/test/ssl_cert_test.c +++ b/programs/test/ssl_cert_test.c @@ -213,7 +213,7 @@ int main( int argc, char *argv[] ) /* EC NOT IMPLEMENTED YET */ - if( clicert.pk.type != POLARSSL_PK_RSA ) + if( ! pk_can_do( &clicert.pk, POLARSSL_PK_RSA ) ) { printf( " failed\n ! certificate's key is not RSA\n\n" ); ret = POLARSSL_ERR_X509_FEATURE_UNAVAILABLE; diff --git a/tests/data_files/crl-ec-sha224.pem b/tests/data_files/crl-ec-sha224.pem new file mode 100644 index 000000000..bae7063ca --- /dev/null +++ b/tests/data_files/crl-ec-sha224.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBUDCB9wIBATAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4 +MDYzOFoXDTIzMDgwNzA4MDYzOFowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu +BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwEDSAAwRQIge0CLFC7Ba9urAcQjRg2y +MlaoNZjFTLfgORXoVIr7qB0CIQD875hm+aual5qW62hMfHcb7W3BoU+vV1D42YyE +sd4POA== +-----END X509 CRL----- diff --git a/tests/data_files/crl-ec-sha256.pem b/tests/data_files/crl-ec-sha256.pem new file mode 100644 index 000000000..cc01f39e0 --- /dev/null +++ b/tests/data_files/crl-ec-sha256.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBTjCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4 +MDY0NFoXDTIzMDgwNzA4MDY0NFowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu +BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwIDRgAwQwIgZ8GDUEO/f6f6+yCdb6jj +/Sw0bkdVRGinNKBda4J87ksCHySC8j+ijdECxWR6O6Isxl9g47WSf+0tRslvqn0k +D9k= +-----END X509 CRL----- diff --git a/tests/data_files/crl-ec-sha384.pem b/tests/data_files/crl-ec-sha384.pem new file mode 100644 index 000000000..9c74f4d2f --- /dev/null +++ b/tests/data_files/crl-ec-sha384.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBUDCB9wIBATAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4 +MDY1MloXDTIzMDgwNzA4MDY1MlowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu +BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwMDSAAwRQIhAJpojagrap1H0VYcCkfs +JK0a304u+NLa4fkL4Qe9dXRaAiB7gx0xZL0ePad7/PiFfsJgIhMrGiRHGTXnK121 +DgSMLw== +-----END X509 CRL----- diff --git a/tests/data_files/crl-ec-sha512.pem b/tests/data_files/crl-ec-sha512.pem new file mode 100644 index 000000000..8d82a8c27 --- /dev/null +++ b/tests/data_files/crl-ec-sha512.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBUDCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4 +MDcwMVoXDTIzMDgwNzA4MDcwMVowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu +BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwQDSAAwRQIgYkzK1SMOvmwq2qfkxQ/6 +nWz0QaNSVS589vInbPBrFt8CIQDQFZi4S+L7DN/WUl91o1xS6n9aTGoHOzaQS7Ym +fWUstQ== +-----END X509 CRL----- diff --git a/tests/data_files/crl-ec.pem b/tests/data_files/crl-ec.pem new file mode 100644 index 000000000..5388d7e42 --- /dev/null +++ b/tests/data_files/crl-ec.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBTTCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ +b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwODA5MDgw +NjI2WhcNMjMwODA3MDgwNjI2WjAUMBICAQIXDTEzMDgwOTA4MDQwM1qgcjBwMG4G +A1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKkQDA+MQswCQYDVQQGEwJO +TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0cAMEQCIDbClXv2qJc1OgDtaxLWogdO +5x51dupuJ8N+Oa2S1aPJAiBJWFhnRZRvqVRMhkJ5NQquR+crofroBOOrrdmlHvC3 ++g== +-----END X509 CRL----- diff --git a/tests/data_files/server2-badsign.crt b/tests/data_files/server2-badsign.crt new file mode 100644 index 000000000..7e32d3b90 --- /dev/null +++ b/tests/data_files/server2-badsign.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN +owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz +NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM +tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P +hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya +HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD +VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw +FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY +oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw +UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y +iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M +wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS +RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8 +zhuYwjVuX6JHG08= +-----END CERTIFICATE----- diff --git a/tests/data_files/server3.crt b/tests/data_files/server3.crt new file mode 100644 index 000000000..ed0d696b4 --- /dev/null +++ b/tests/data_files/server3.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICojCCAYqgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTMwODA5MDkxNzAzWhcNMjMwODA3MDkxNzAzWjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG +CCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5 +fQcsej6EFasvlTdJ/6OBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTkF2s2sgaJ +OtleQ7bgZH2Hq33eNzBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/ +pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQ +b2xhclNTTCBUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjmSIjGKD1eH5W +4bl2MXfNIsTwc2vv/MAAhBzBEbTXd3T37+zAGPGjKncvTB+oufUVRGkoKbfoC6Jm +DYSEUuxtnUZOko/C//XlCEtK0TuS2aLEqF3gJjBJTCfthEdAhJCtmPAQDCzeKsdx +CoOtH0NQx6Xl64oDt2wYSQNWUTGLPfRpdsVEvBHhHYATQijkl2ZH8BDjsYcBicrS +qmCeN+0T1B9vrOQVEZe+fwgzVL38n8lkJZNPIbdovA9WLHwXAEzPv4la3w0qh4Tb +kSb8HtILl4I474QxrFywylyXR/p2znPleRIRgB5HtUp9tLSWkB0bwMlqQlg2EHXu +CAQ1sXmQ +-----END CERTIFICATE----- diff --git a/tests/data_files/server3.key b/tests/data_files/server3.key new file mode 100644 index 000000000..fecf44db1 --- /dev/null +++ b/tests/data_files/server3.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MF8CAQEEGItTogpE7AOnjvYuTqm+9OabmsX02XKIAqAKBggqhkjOPQMBAaE0AzIA +BH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5fQcsej6EFasvlTdJ +/w== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/server4.crt b/tests/data_files/server4.crt new file mode 100644 index 000000000..ccebbd873 --- /dev/null +++ b/tests/data_files/server4.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICRDCCAeugAwIBAgIBBDAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x +MzA4MDkwNzU3NTdaFw0yMzA4MDcwNzU3NTdaMDQxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCrySYRCWA2hMyRyGXtO58nVCboGjDXfw+T78yfzrQUFMmG +sMsrjnVriz8TboJla9G5l0BO/KVInrs4X5CBJkAy1TZoJy8QJoYwfDFXQ+x2hH9l +23BF0Mom1frAJl/ju9TzIhqGM2zCFcVHH1ACCxstDp9nqEWN1B0YVW02th8pHwID +AQABo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFBfZRL1Q6LhG2+zv4wFMS8Yw +taURMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKkQDA+MQswCQYD +VQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRl +c3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCICi0VueSFiU2O5MP +LBPbu0Lsm4kCbWJA34HteefA29wWAiEAne8oWL9ILDpqhuB0wEv5PpKMuXLC2A1e +ATV35ATh3EM= +-----END CERTIFICATE----- diff --git a/tests/data_files/server4.key b/tests/data_files/server4.key new file mode 100644 index 000000000..ba6cf23c8 --- /dev/null +++ b/tests/data_files/server4.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKvJJhEJYDaEzJHI +Ze07nydUJugaMNd/D5PvzJ/OtBQUyYawyyuOdWuLPxNugmVr0bmXQE78pUieuzhf +kIEmQDLVNmgnLxAmhjB8MVdD7HaEf2XbcEXQyibV+sAmX+O71PMiGoYzbMIVxUcf +UAILGy0On2eoRY3UHRhVbTa2HykfAgMBAAECgYALAPmFQdp944fPFs0gox8Qv902 +JOdYBnWS/ltXKUBzwNkf3ZdGFPwEhYjmz79ei8eFYeDmrlxQCIrpk4WIIFEgVZZA +DRFZSQDIm6i+KSKWX6dFG/ot6VBzahKX24TUNuPhTrYUb+vkqxifbN/ItXcfcG2Z +HB7AZl2RgRbeJGI/IQJBANJCx2dkCIKsrC21cAuq+fbxtSdzGho4hF1jsDHOjoCh +x53BCivk1tL0kLcmLPbJnH2KvzTV4YrizAoGKFneiokCQQDRJ7pnKabHs9qhF6kl +6m9dxAoGmeZY4RwodcVOqAjHFeMI9eSNLpsxava2RJFQVagCzwuft5lvhqeaxxZ0 +nwxnAkBFcKCCWNsmrPhAMEfM0q6zC6iUWsMoHbo5TY8HI/yUJtnSE8rULEN2cCbL +FeSLrJHuNEBppqlSQQy50sbIx2JhAkEAug8ZZ0RKNUTtrHib5DrUrxkBwjWOEGrQ +3b1GtF4O0OvLd+EmW+Gl9SQuLJ56lnhcaYM91+s/91JWLv4EH+KM6QJADR52KML6 +0IvPiOv8i98U+H5GvYT7pla+F61Y2i/h7M7wpANR8hAwK9IQ2eloeGQ3Fmyedd9l +kHGxNTIgEkw3uQ== +-----END PRIVATE KEY----- diff --git a/tests/data_files/server5-badsign.crt b/tests/data_files/server5-badsign.crt new file mode 100644 index 000000000..8e6024353 --- /dev/null +++ b/tests/data_files/server5-badsign.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB7TCCAZSgAwIBAgIBAzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x +MzA4MDkwNzU3NDBaFw0yMzA4MDcwNzU3NDBaMDQxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI +KoZIzj0DAQEDMgAEy0Lh3ZfhEwBiC8jmJfEg8NGxCDqHEtz+hPgYs37hDz9wTOoY ++CJDtEUcDedgFCpqo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKItALYotNzi +cfBPd7LwETtkYmdBMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk +QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv +bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCIE/J +rb3TrYL+z1OsZ2rtCmji7hrPj570X4Qkm1Pb5QEvAiEAiq46sM0+1DSAU0u8FcuL +jbRvSP9W7EJjb9QR3zNYbf4= +-----END CERTIFICATE----- diff --git a/tests/data_files/server5-sha224.crt b/tests/data_files/server5-sha224.crt new file mode 100644 index 000000000..1bda4fb38 --- /dev/null +++ b/tests/data_files/server5-sha224.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB7jCCAZWgAwIBAgIBBjAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwODA5MDgwODEyWhcNMjMwODA3MDgwODEyWjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG +CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq +GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc +4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC +pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ +b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwEDRwAwRAIg +Xm1nvMzdlO+q5tGATM/IPZxuWSZQqFqwqqdlDEe2OCcCIEbPknZFIjopDpOBMSuU +k+VDnNYzQajkdeM9T5XqaX6B +-----END CERTIFICATE----- diff --git a/tests/data_files/server5-sha256.crt b/tests/data_files/server5-sha256.crt new file mode 100644 index 000000000..43ac60aa3 --- /dev/null +++ b/tests/data_files/server5-sha256.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB7zCCAZWgAwIBAgIBBzAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwODA5MDgwODE3WhcNMjMwODA3MDgwODE3WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG +CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq +GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc +4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC +pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ +b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwIDSAAwRQIh +ALfqO3j3gA18v/MG+s5CJfNGBeeRIttASyiO3FOiZUfeAiBoid6STq5AvS1c9Olm +Vk7wB2zYU9v6sSoR99csMz4TTQ== +-----END CERTIFICATE----- diff --git a/tests/data_files/server5-sha384.crt b/tests/data_files/server5-sha384.crt new file mode 100644 index 000000000..cb727e7c8 --- /dev/null +++ b/tests/data_files/server5-sha384.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB7zCCAZWgAwIBAgIBCDAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwODA5MDgwODI1WhcNMjMwODA3MDgwODI1WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG +CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq +GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc +4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC +pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ +b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwMDSAAwRQIh +ANRFz89Cp8ohvDHX94h+pftXR34mhGqzzi3xidVj1Sg8AiBOv+ChIGVXGmM3RFvj +kOaH0pCTLJQEpIAj5jlaCw9tDA== +-----END CERTIFICATE----- diff --git a/tests/data_files/server5-sha512.crt b/tests/data_files/server5-sha512.crt new file mode 100644 index 000000000..44f4041fd --- /dev/null +++ b/tests/data_files/server5-sha512.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB7zCCAZWgAwIBAgIBCTAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwODA5MDgwODMyWhcNMjMwODA3MDgwODMyWjA0MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG +CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq +GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc +4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC +pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ +b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwQDSAAwRQIh +AN5rRzdwAbgA4scB15w5W9DPJ6w7Q7QiEnV7PV5IAXX4AiBAFnODGe6Lk7C5YYYU +dANkEzunQUZNP1qh24SgeqBUNg== +-----END CERTIFICATE----- diff --git a/tests/data_files/server5.crt b/tests/data_files/server5.crt new file mode 100644 index 000000000..b42abf2e1 --- /dev/null +++ b/tests/data_files/server5.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB7TCCAZSgAwIBAgIBAzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x +MzA4MDkwNzU3NDBaFw0yMzA4MDcwNzU3NDBaMDQxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI +KoZIzj0DAQEDMgAEy0Lh3ZfhEwBiC8jmJfEg8NGxCDqHEtz+hPgYs37hDz9wTOoY ++CJDtEUcDedgFCpqo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKItALYotNzi +cfBPd7LwETtkYmdBMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk +QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv +bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCIE/J +rb3TrYL+z1OsZ2rtCmji7hrPj570X4Qkm1Pb5QEvAiEAiq46sM0+1DSAU0u8FcuL +jbRvSP9W7EJjb9QR3zNYbX4= +-----END CERTIFICATE----- diff --git a/tests/data_files/server5.key b/tests/data_files/server5.key new file mode 100644 index 000000000..844bb4498 --- /dev/null +++ b/tests/data_files/server5.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MF8CAQEEGO82j8OXBoUhVyauCA8XZ288l595u7BXWqAKBggqhkjOPQMBAaE0AzIA +BMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzqGPgiQ7RFHA3nYBQq +ag== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/server6.crt b/tests/data_files/server6.crt new file mode 100644 index 000000000..b5f210f9a --- /dev/null +++ b/tests/data_files/server6.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB7TCCAZSgAwIBAgIBAjAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x +MzA4MDkwNzU3MjZaFw0yMzA4MDcwNzU3MjZaMDQxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI +KoZIzj0DAQEDMgAEE2sIbSZOSEinZM3q2MMOy8egM8Y9BAcsuwxO9UpS1B8nT9u1 +1bvjTh5VQAgJAU+Oo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDYreWnU1s1J +AG49ALPOQliFaJahMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk +QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv +bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCICDC +Qiv7ypgB4K9x6mf3UvYmdfLHzRkUHyP2FoY/GnFwAiEAr/WVRRw8tPZq3kKaMApQ +OLFV/1jRkCd3i9vpRfdZjsI= +-----END CERTIFICATE----- diff --git a/tests/data_files/server6.key b/tests/data_files/server6.key new file mode 100644 index 000000000..9b582dc4b --- /dev/null +++ b/tests/data_files/server6.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MF8CAQEEGD5d3O02N8S/dSjU0RmPK8h2TEH64xPN6qAKBggqhkjOPQMBAaE0AzIA +BBNrCG0mTkhIp2TN6tjDDsvHoDPGPQQHLLsMTvVKUtQfJ0/btdW7404eVUAICQFP +jg== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/server6.pem b/tests/data_files/server6.pem new file mode 100644 index 000000000..f78cb1043 --- /dev/null +++ b/tests/data_files/server6.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB3TCCAZSgAwIBAgIBGDAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJTU0wgVGVzdCBFQyBDQTAeFw0x +MzA4MDgxNjQ0MTBaFw0yMzA4MDYxNjQ0MTBaMDQxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI +KoZIzj0DAQEDMgAEE2sIbSZOSEinZM3q2MMOy8egM8Y9BAcsuwxO9UpS1B8nT9u1 +1bvjTh5VQAgJAU+Oo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDYreWnU1s1J +AG49ALPOQliFaJahMG4GA1UdIwRnMGWAFNCkRpkIZ/H0utlW6GcwC/zvJRZjoUKk +QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv +bGFyU1NMIFRlc3QgRUMgQ0GCCQClZwiM/hcKsjAJBgcqhkjOPQQBAzgAMDUCGQDq +PIUaCr8u28R7V0G/TEOklXgPawdiY4ICGDzmBegZHs7BcNwENa1fn4JYUdTPqKwl +LA== +-----END CERTIFICATE----- diff --git a/tests/data_files/server7.crt b/tests/data_files/server7.crt new file mode 100644 index 000000000..5040bec9a --- /dev/null +++ b/tests/data_files/server7.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICMTCCAZqgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDgxMDA5Mzc1OVoXDTIzMDgwODA5Mzc1OVowNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +STATBgcqhkjOPQIBBggqhkjOPQMBAQMyAATLQuHdl+ETAGILyOYl8SDw0bEIOocS +3P6E+BizfuEPP3BM6hj4IkO0RRwN52AUKmqjgZUwgZIwCQYDVR0TBAIwADAdBgNV +HQ4EFgQUoi0Atii03OJx8E93svARO2RiZ0EwZgYDVR0jBF8wXYAUSWP5COj9AlpE +9UEpjc+8T9LAHryhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNT +TDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIBDzANBgkqhkiG9w0BAQUF +AAOBgQDXdaDKbre+goT5vJ8GHr3APTsHed40sS/UvbGtjC4XsZ+liUMhAZn85nWd +95FifmASBWG7R8eyU+nOL1yDQNxIcN1nqzX+UNUnXI5P2gNLF+lllr9T9zYmFo4s +Qg4vVTIZIidwJtB60ZwboTx1au0bDPGDF1oniyLPBJdwcY4jsA== +-----END CERTIFICATE----- diff --git a/tests/data_files/server7.key b/tests/data_files/server7.key new file mode 100644 index 000000000..844bb4498 --- /dev/null +++ b/tests/data_files/server7.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MF8CAQEEGO82j8OXBoUhVyauCA8XZ288l595u7BXWqAKBggqhkjOPQMBAaE0AzIA +BMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzqGPgiQ7RFHA3nYBQq +ag== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/server7_int-ca.crt b/tests/data_files/server7_int-ca.crt new file mode 100644 index 000000000..75c9dc612 --- /dev/null +++ b/tests/data_files/server7_int-ca.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIICMTCCAZqgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDgxMDA5Mzc1OVoXDTIzMDgwODA5Mzc1OVowNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +STATBgcqhkjOPQIBBggqhkjOPQMBAQMyAATLQuHdl+ETAGILyOYl8SDw0bEIOocS +3P6E+BizfuEPP3BM6hj4IkO0RRwN52AUKmqjgZUwgZIwCQYDVR0TBAIwADAdBgNV +HQ4EFgQUoi0Atii03OJx8E93svARO2RiZ0EwZgYDVR0jBF8wXYAUSWP5COj9AlpE +9UEpjc+8T9LAHryhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNT +TDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIBDzANBgkqhkiG9w0BAQUF +AAOBgQDXdaDKbre+goT5vJ8GHr3APTsHed40sS/UvbGtjC4XsZ+liUMhAZn85nWd +95FifmASBWG7R8eyU+nOL1yDQNxIcN1nqzX+UNUnXI5P2gNLF+lllr9T9zYmFo4s +Qg4vVTIZIidwJtB60ZwboTx1au0bDPGDF1oniyLPBJdwcY4jsA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICWjCCAgKgAwIBAgIBDzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x +MzA4MTAwOTA4NTFaFw0yMzA4MTAwOTA4NTFaMEgxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEmMCQGA1UEAxMdUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh +dGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/CgAVAhMzUJ7kFpAjx +7vwq2Vs4qmy6nuwOJ7UNBHXaWKSBUUP9KhExuTGMeNvYZmLiwfrd7p22Cgj1VFwp +V/5FEuEk4C7pXSZxqn2bXTaD1ivOVu9I0yKmA3+95f34V72fiqQ2U/SssGhI0EX4 +pSMEEbX8NOR31MCFut8ACzQ1AgMBAAGjgaAwgZ0wHQYDVR0OBBYEFElj+Qjo/QJa +RPVBKY3PvE/SwB68MG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk +QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv +bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAMBgNVHRMEBTADAQH/MAkGByqG +SM49BAEDRwAwRAIgfIwD+A0rcrrJWKLR1g88ImIx5765D0ZAixZy9Q1j8EgCIFPo +AAs001kkpocmMwGv3Mz8bYCK+0GwSteAoWtZmTz0 +-----END CERTIFICATE----- diff --git a/tests/data_files/server8.crt b/tests/data_files/server8.crt new file mode 100644 index 000000000..533006087 --- /dev/null +++ b/tests/data_files/server8.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4TCCAZmgAwIBAgIBAzAJBgcqhkjOPQQBMEsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEpMCcGA1UEAxMgUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh +dGUgRUMgQ0EwHhcNMTMwODEwMTA0ODQyWhcNMjMwODEwMTA0ODQyWjA0MQswCQYD +VQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJ +MBMGByqGSM49AgEGCCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrB +dUR7/L2QPB8EC2p5fQcsej6EFasvlTdJ/6OBlTCBkjAdBgNVHQ4EFgQU5BdrNrIG +iTrZXkO24GR9h6t93jcwYwYDVR0jBFwwWoAUsdlE7s/zeovBx8go2LphSL+Nu9mh +P6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQ +UG9sYXJTU0wgVGVzdCBDQYIBETAMBgNVHRMEBTADAQH/MAkGByqGSM49BAEDNwAw +NAIYPH5MSjau/MPc+rjSbYt+Q9rlv4idlJ84AhhWuxV7gaFzJzCs7acgX6WbfOAB +SAnWzz4= +-----END CERTIFICATE----- diff --git a/tests/data_files/server8.key b/tests/data_files/server8.key new file mode 100644 index 000000000..447925831 --- /dev/null +++ b/tests/data_files/server8.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBAQ== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MF8CAQEEGItTogpE7AOnjvYuTqm+9OabmsX02XKIAqAKBggqhkjOPQMBAaE0AzIA +BH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5fQcsej6EFasvlTdJ +/w== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/server8_int-ca2.crt b/tests/data_files/server8_int-ca2.crt new file mode 100644 index 000000000..e43e6b8ca --- /dev/null +++ b/tests/data_files/server8_int-ca2.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIB4TCCAZmgAwIBAgIBAzAJBgcqhkjOPQQBMEsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEpMCcGA1UEAxMgUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh +dGUgRUMgQ0EwHhcNMTMwODEwMTA0ODQyWhcNMjMwODEwMTA0ODQyWjA0MQswCQYD +VQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJ +MBMGByqGSM49AgEGCCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrB +dUR7/L2QPB8EC2p5fQcsej6EFasvlTdJ/6OBlTCBkjAdBgNVHQ4EFgQU5BdrNrIG +iTrZXkO24GR9h6t93jcwYwYDVR0jBFwwWoAUsdlE7s/zeovBx8go2LphSL+Nu9mh +P6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQ +UG9sYXJTU0wgVGVzdCBDQYIBETAMBgNVHRMEBTADAQH/MAkGByqGSM49BAEDNwAw +NAIYPH5MSjau/MPc+rjSbYt+Q9rlv4idlJ84AhhWuxV7gaFzJzCs7acgX6WbfOAB +SAnWzz4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICvDCCAaSgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTMwODEwMTA0NzM5WhcNMjMwODEwMTA0NzM5WjBLMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEF/Nw4VH9gt/WUMJt +dKRsyselY6ngTpfw1XDtlLMT2XewBCAgIHDQoeQlVIkxsdRGo4GVMIGSMB0GA1Ud +DgQWBBSx2UTuz/N6i8HHyCjYumFIv4272TBjBgNVHSMEXDBagBS0WuSls97SUva5 +1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM +MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQEFBQADggEBABKWcjM5s2rqe3Ha3MR8rj5Ki6sXnda6mDFga4sWrkzR +aK8FOzHNtGgZvua7mQ3slvxa1b4rdl0ZiCzs16FxeIPrdilo2EqzKKZNbTNx8hGu +f593cXnjRijU4O4ysqNdPfrmUrJHl+gME6C5eLJsrdlhYXa8zog+eOUn/94EFq6I +QW/7hcaAN8mr1ZPCml+dWNynkYd7TqtqIkukB6pqZU9SkSIX6iNaRZXhSjge/+iB +XkJS7NXqwQZ3ktUhHYrkqSuVkdL61hrkB20T3NaPaYGPj/PcnCfk9nOmTmWlqHhl +FZM816w2/AT6G98zJgU0iAG53ANVO1k+FgbUFjrqRDQ= +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2.crt b/tests/data_files/test-ca2.crt index c47c496bf..bfd3eeff6 100644 Binary files a/tests/data_files/test-ca2.crt and b/tests/data_files/test-ca2.crt differ diff --git a/tests/data_files/test-ca2.key b/tests/data_files/test-ca2.key index 2725398e9..4f6fa6721 100644 --- a/tests/data_files/test-ca2.key +++ b/tests/data_files/test-ca2.key @@ -1,8 +1,5 @@ ------BEGIN EC PARAMETERS----- -BggqhkjOPQMBAQ== ------END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- -MF8CAQEEGKHCq9vcqkdzGdKSIUP2M9o/vu1rja5jxqAKBggqhkjOPQMBAaE0AzIA -BCE3lp+r1ONwYkoOGjPjecq5UMzgDvjDw+KtrrcnHI8HZZ1l09d33PIWFDY65Lbm -Fw== +MHcCAQEEIBgsCX6wjouYFLrghn4s8iRrt9krCKiFHZYtzY8J7+p3oAoGCCqGSM49 +AwEHoUQDQgAElrizLPspIX2+kNvC+BOpJnw19tnAi5nsUnt8r6N+KDybdaVUWmLI +qZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/g== -----END EC PRIVATE KEY----- diff --git a/tests/data_files/test-ca_cat12.crt b/tests/data_files/test-ca_cat12.crt new file mode 100644 index 000000000..18aa919be --- /dev/null +++ b/tests/data_files/test-ca_cat12.crt @@ -0,0 +1,94 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA + Validity + Not Before: Feb 12 14:44:00 2011 GMT + Not After : Feb 12 14:44:00 2021 GMT + Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32: + 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18: + 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87: + 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93: + e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14: + cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9: + ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90: + 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60: + c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb: + 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0: + e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72: + 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1: + 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13: + 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6: + e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38: + 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9: + ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f: + a2:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF + X509v3 Authority Key Identifier: + keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF + DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA + serial:00 + + Signature Algorithm: sha1WithRSAEncryption + b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07: + 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a: + 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9: + 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62: + 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26: + 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d: + 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5: + e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7: + e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f: + 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5: + 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce: + 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6: + 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca: + e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de: + f7:e0:e9:54 +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH +/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV +BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz +dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ +SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H +DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF +pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf +m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ +7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICEjCCAbmgAwIBAgIJAK1CeXaecvbhMAkGByqGSM49BAEwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBMB4XDTEzMDgwOTA3NDk0NloXDTIzMDgwNzA3NDk0NlowPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrizLPspIX2+kNvC+BOpJnw1 +9tnAi5nsUnt8r6N+KDybdaVUWmLIqZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/qOB +oDCBnTAdBgNVHQ4EFgQUvEDvue6auzY54S2porosu6a9EHEwbgYDVR0jBGcwZYAU +vEDvue6auzY54S2porosu6a9EHGhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQK +EwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAK1CeXae +cvbhMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNIADBFAiBs5rd9NzQs/wQZVS6D +rjpOpzFteqBkqe6YgKWkG5kDVwIhAKr4Lr4v+MU1G5D5oSZXYxvUPBa4yARcD7QM +espQnlFX +-----END CERTIFICATE----- diff --git a/tests/data_files/test-ca_cat21.crt b/tests/data_files/test-ca_cat21.crt new file mode 100644 index 000000000..18a2c0d0d --- /dev/null +++ b/tests/data_files/test-ca_cat21.crt @@ -0,0 +1,94 @@ +-----BEGIN CERTIFICATE----- +MIICEjCCAbmgAwIBAgIJAK1CeXaecvbhMAkGByqGSM49BAEwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBMB4XDTEzMDgwOTA3NDk0NloXDTIzMDgwNzA3NDk0NlowPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrizLPspIX2+kNvC+BOpJnw1 +9tnAi5nsUnt8r6N+KDybdaVUWmLIqZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/qOB +oDCBnTAdBgNVHQ4EFgQUvEDvue6auzY54S2porosu6a9EHEwbgYDVR0jBGcwZYAU +vEDvue6auzY54S2porosu6a9EHGhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQK +EwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAK1CeXae +cvbhMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNIADBFAiBs5rd9NzQs/wQZVS6D +rjpOpzFteqBkqe6YgKWkG5kDVwIhAKr4Lr4v+MU1G5D5oSZXYxvUPBa4yARcD7QM +espQnlFX +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA + Validity + Not Before: Feb 12 14:44:00 2011 GMT + Not After : Feb 12 14:44:00 2021 GMT + Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32: + 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18: + 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87: + 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93: + e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14: + cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9: + ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90: + 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60: + c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb: + 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0: + e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72: + 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1: + 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13: + 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6: + e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38: + 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9: + ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f: + a2:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF + X509v3 Authority Key Identifier: + keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF + DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA + serial:00 + + Signature Algorithm: sha1WithRSAEncryption + b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07: + 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a: + 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9: + 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62: + 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26: + 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d: + 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5: + e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7: + e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f: + 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5: + 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce: + 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6: + 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca: + e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de: + f7:e0:e9:54 +-----BEGIN CERTIFICATE----- +MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx +mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny +50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n +YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL +R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu +KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj +gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH +/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV +BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz +dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ +SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H +DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF +pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf +m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ +7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +-----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca.crt b/tests/data_files/test-int-ca.crt new file mode 100644 index 000000000..1bb5a9914 --- /dev/null +++ b/tests/data_files/test-int-ca.crt @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICWjCCAgKgAwIBAgIBDzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x +MzA4MTAwOTA4NTFaFw0yMzA4MTAwOTA4NTFaMEgxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEmMCQGA1UEAxMdUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh +dGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/CgAVAhMzUJ7kFpAjx +7vwq2Vs4qmy6nuwOJ7UNBHXaWKSBUUP9KhExuTGMeNvYZmLiwfrd7p22Cgj1VFwp +V/5FEuEk4C7pXSZxqn2bXTaD1ivOVu9I0yKmA3+95f34V72fiqQ2U/SssGhI0EX4 +pSMEEbX8NOR31MCFut8ACzQ1AgMBAAGjgaAwgZ0wHQYDVR0OBBYEFElj+Qjo/QJa +RPVBKY3PvE/SwB68MG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk +QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv +bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAMBgNVHRMEBTADAQH/MAkGByqG +SM49BAEDRwAwRAIgfIwD+A0rcrrJWKLR1g88ImIx5765D0ZAixZy9Q1j8EgCIFPo +AAs001kkpocmMwGv3Mz8bYCK+0GwSteAoWtZmTz0 +-----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca.key b/tests/data_files/test-int-ca.key new file mode 100644 index 000000000..9d0e234c9 --- /dev/null +++ b/tests/data_files/test-int-ca.key @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAN/CgAVAhMzUJ7kF +pAjx7vwq2Vs4qmy6nuwOJ7UNBHXaWKSBUUP9KhExuTGMeNvYZmLiwfrd7p22Cgj1 +VFwpV/5FEuEk4C7pXSZxqn2bXTaD1ivOVu9I0yKmA3+95f34V72fiqQ2U/SssGhI +0EX4pSMEEbX8NOR31MCFut8ACzQ1AgMBAAECgYB+yAibcTQNjoO3TN/lhZcgX/Lp +wdCmbJMRMvACoI6PbBjflLoD6NTGC0NgNLRh9FoG226HgunpiDRlYQPceDx3MP5p +1bcUInatOdAMbYoYw+O+y+/w9qDQWiWOskkdaiktFlaZFC9jaI37jr5ChCsH+3v3 +bjnX/8YWYeBZHZEowQJBAPvvhioS4b2RcrkLSUI7pJx3Dlj4m/crlK0v0un1ikNg +ahplDMZoTFhvagUGDKXE4Uqj3Iz9c4QKsZozcwBio4UCQQDjXpyXHscDqo6iXaAz +8McsxXQs1ITs3R9F6SwPbhmF1W7WiMgR5udEHnBkagyFzl2LpwJdFUW3BFHOpPhe +63TxAkEAorlQ9PgBKoo5iV/Kz6bqac1UTQ823e0eOMZ8+nSH+4DYx3ehSr2vIifE +WL5RiPijc6xnFgHWjODDWhAFJaiQaQJBAL1weu++iPqZBLZrY6tjFdBLw/wGJapk +okXRfRBuH33O0saUuH2R8WZkJijD4yMpSe+tet6rdqaCRtbxxK7xZ0ECQFxKE1Zb +nzECNNfhXkswM4X5ieCZAGvh8P0WvmyvPUGkgQIcsQb+exw2FCvsdetqdVHQqzNl +LKLwwuNT9u4/XCo= +-----END PRIVATE KEY----- diff --git a/tests/data_files/test-int-ca2.crt b/tests/data_files/test-int-ca2.crt new file mode 100644 index 000000000..8fed9179d --- /dev/null +++ b/tests/data_files/test-int-ca2.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICvDCCAaSgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTMwODEwMTA0NzM5WhcNMjMwODEwMTA0NzM5WjBLMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEF/Nw4VH9gt/WUMJt +dKRsyselY6ngTpfw1XDtlLMT2XewBCAgIHDQoeQlVIkxsdRGo4GVMIGSMB0GA1Ud +DgQWBBSx2UTuz/N6i8HHyCjYumFIv4272TBjBgNVHSMEXDBagBS0WuSls97SUva5 +1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM +MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQEFBQADggEBABKWcjM5s2rqe3Ha3MR8rj5Ki6sXnda6mDFga4sWrkzR +aK8FOzHNtGgZvua7mQ3slvxa1b4rdl0ZiCzs16FxeIPrdilo2EqzKKZNbTNx8hGu +f593cXnjRijU4O4ysqNdPfrmUrJHl+gME6C5eLJsrdlhYXa8zog+eOUn/94EFq6I +QW/7hcaAN8mr1ZPCml+dWNynkYd7TqtqIkukB6pqZU9SkSIX6iNaRZXhSjge/+iB +XkJS7NXqwQZ3ktUhHYrkqSuVkdL61hrkB20T3NaPaYGPj/PcnCfk9nOmTmWlqHhl +FZM816w2/AT6G98zJgU0iAG53ANVO1k+FgbUFjrqRDQ= +-----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca2.key b/tests/data_files/test-int-ca2.key new file mode 100644 index 000000000..ef3798c27 --- /dev/null +++ b/tests/data_files/test-int-ca2.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MF8CAQEEGFgy1xMAKfxIVYM/GIkSort30RcWwJOv3aAKBggqhkjOPQMBAaE0AzIA +BBfzcOFR/YLf1lDCbXSkbMrHpWOp4E6X8NVw7ZSzE9l3sAQgICBw0KHkJVSJMbHU +Rg== +-----END EC PRIVATE KEY----- diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 7a309cef7..81d13a557 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -4,7 +4,7 @@ debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: Debug print certificate #2 (EC) depends_on:POLARSSL_FS_IO:POLARSSL_PEM_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED -debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 1\nMyFile(0999)\: serial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nMyFile(0999)\: issuer name \: CN=Test\nMyFile(0999)\: subject name \: CN=Test\nMyFile(0999)\: issued on \: 2013-07-10 09\:40\:19\nMyFile(0999)\: expires on \: 2023-07-08 09\:40\:19\nMyFile(0999)\: signed using \: ECDSA with SHA1\nMyFile(0999)\: EC key size \: 192 bits\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (190 bits) is\:\nMyFile(0999)\: 21 37 96 9f ab d4 e3 70 62 4a 0e 1a 33 e3 79 ca\nMyFile(0999)\: b9 50 cc e0 0e f8 c3 c3\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (192 bits) is\:\nMyFile(0999)\: e2 ad ae b7 27 1c 8f 07 65 9d 65 d3 d7 77 dc f2\nMyFile(0999)\: 16 14 36 3a e4 b6 e6 17\nMyFile(0999)\: value of 'crt->eckey.Q(Z)' (1 bits) is\:\nMyFile(0999)\: 01\n" +debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: AD\:42\:79\:76\:9E\:72\:F6\:E1\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-08-09 07\:49\:46\nMyFile(0999)\: expires on \: 2023-08-07 07\:49\:46\nMyFile(0999)\: signed using \: ECDSA with SHA1\nMyFile(0999)\: EC key size \: 256 bits\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (256 bits) is\:\nMyFile(0999)\: 96 b8 b3 2c fb 29 21 7d be 90 db c2 f8 13 a9 26\nMyFile(0999)\: 7c 35 f6 d9 c0 8b 99 ec 52 7b 7c af a3 7e 28 3c\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (256 bits) is\:\nMyFile(0999)\: 9b 75 a5 54 5a 62 c8 a9 90 ab 8e e6 86 2b 03 9d\nMyFile(0999)\: 39 9b 65 fd b0 69 f0 a3 a9 2d 9e 14 0e e8 d5 fe\nMyFile(0999)\: value of 'crt->eckey.Q(Z)' (1 bits) is\:\nMyFile(0999)\: 01\n" Debug print mpi #1 debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n" diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 16d969839..a4a5257b3 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1,47 +1,75 @@ X509 Certificate information #1 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 Certificate information #2 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 Certificate information #3 -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 Certificate information MD2 Digest -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\n" X509 Certificate information MD4 Digest -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" X509 Certificate information MD5 Digest -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" X509 Certificate information SHA1 Digest -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 Certificate information SHA224 Digest -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" X509 Certificate information SHA256 Digest -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 Certificate information SHA384 Digest -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" X509 Certificate information SHA512 Digest -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" +X509 Certificate information EC, SHA1 Digest +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C +x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 07\:57\:40\nexpires on \: 2023-08-07 07\:57\:40\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n" + +X509 Certificate information EC, SHA224 Digest +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C +x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:12\nexpires on \: 2023-08-07 08\:08\:12\nsigned using \: ECDSA with SHA224\nEC key size \: 192 bits\n" + +X509 Certificate information EC, SHA256 Digest +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C +x509_cert_info:"data_files/server5-sha256.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:17\nexpires on \: 2023-08-07 08\:08\:17\nsigned using \: ECDSA with SHA256\nEC key size \: 192 bits\n" + +X509 Certificate information EC, SHA384 Digest +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C +x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:25\nexpires on \: 2023-08-07 08\:08\:25\nsigned using \: ECDSA with SHA384\nEC key size \: 192 bits\n" + +X509 Certificate information EC, SHA512 Digest +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C +x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:32\nexpires on \: 2023-08-07 08\:08\:32\nsigned using \: ECDSA with SHA512\nEC key size \: 192 bits\n" + +X509 Certificate information RSA signed by EC +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C +x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 07\:57\:57\nexpires on \: 2023-08-07 07\:57\:57\nsigned using \: ECDSA with SHA1\nRSA key size \: 1024 bits\n" + +X509 Certificate information EC signed by RSA +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C +x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n" + X509 CRL information #1 depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" @@ -78,6 +106,26 @@ X509 CRL Information SHA512 Digest depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" +X509 CRL Information EC, SHA1 Digest +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +x509_crl_info:"data_files/crl-ec.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:26\nnext update \: 2023-08-07 08\:06\:26\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA1\n" + +X509 CRL Information EC, SHA224 Digest +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:38\nnext update \: 2023-08-07 08\:06\:38\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA224\n" + +X509 CRL Information EC, SHA256 Digest +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:44\nnext update \: 2023-08-07 08\:06\:44\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA256\n" + +X509 CRL Information EC, SHA384 Digest +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:52\nnext update \: 2023-08-07 08\:06\:52\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA384\n" + +X509 CRL Information EC, SHA512 Digest +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:07\:01\nnext update \: 2023-08-07 08\:07\:01\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA512\n" + X509 Parse RSA Key #1 (No password when required) depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO x509parse_keyfile_rsa:"data_files/test-ca.key":"NULL":POLARSSL_ERR_X509_PASSWORD_REQUIRED @@ -290,134 +338,214 @@ X509 Time Expired #5 depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO x509_time_expired:"data_files/test-ca.crt":"valid_from":1 -X509 Time Expired #6:POLARSSL_FS_IO +X509 Time Expired #6 depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO x509_time_expired:"data_files/test-ca.crt":"valid_to":0 X509 Certificate verification #1 (Revoked Cert, Expired CRL) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL" X509 Certificate verification #2 (Revoked Cert, Expired CRL) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL" X509 Certificate verification #3 (Revoked Cert, Expired CRL, CN Mismatch) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED | BADCERT_CN_MISMATCH:"NULL" X509 Certificate verification #4 (Valid Cert, Expired CRL) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_EXPIRED:"NULL" X509 Certificate verification #5 (Revoked Cert) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL" X509 Certificate verification #6 (Revoked Cert) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL" X509 Certificate verification #7 (Revoked Cert, CN Mismatch) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCERT_CN_MISMATCH:"NULL" X509 Certificate verification #8 (Valid Cert) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #9 (Not trusted Cert) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #10 (Not trusted Cert, Expired CRL) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #12 (Valid Cert MD4 Digest) -depends_on:POLARSSL_MD4_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_MD4_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #13 (Valid Cert MD5 Digest) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #14 (Valid Cert SHA1 Digest) -depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #15 (Valid Cert SHA224 Digest) -depends_on:POLARSSL_SHA256_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_SHA256_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #16 (Valid Cert SHA256 Digest) -depends_on:POLARSSL_SHA256_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_SHA256_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #17 (Valid Cert SHA384 Digest) -depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #18 (Valid Cert SHA512 Digest) -depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" X509 Certificate verification #19 (Valid Cert, denying callback) -depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_OTHER:"verify_none" -X509 Certificate verification #20 (Not trusted Cert, allowing callback) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO +X509 Certificate verification #19 (Not trusted Cert, allowing callback) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"verify_all" X509 Certificate verification #21 (domain matching wildcard certificate) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.com":0:0:"NULL" X509 Certificate verification #22 (domain not matching wildcard certificate) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL" X509 Certificate verification #23 (domain not matching wildcard certificate) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL" X509 Certificate verification #24 (domain matching CN of multi certificate) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL" X509 Certificate verification #25 (domain matching multi certificate) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:"NULL" X509 Certificate verification #26 (domain not matching multi certificate) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL" X509 Certificate verification #27 (domain not matching multi certificate) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL" X509 Certificate verification #27 (domain not matching multi certificate) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL" X509 Certificate verification #28 (domain not matching wildcard in multi certificate) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.org":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL" X509 Certificate verification #29 (domain matching wildcard in multi certificate) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.org":0:0:"NULL" X509 Certificate verification #30 (domain matching multi certificate without CN) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.shotokan-braunschweig.de":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" X509 Certificate verification #31 (domain not matching multi certificate without CN) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH + BADCERT_NOT_TRUSTED:"NULL" +X509 Certificate verification #32 (Valid, EC cert, RSA CA) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #33 (Valid, RSA cert, EC CA) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED +x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #34 (Valid, EC cert, EC CA) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #35 (Revoked, EC CA) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL" + +X509 Certificate verification #36 (Valid, EC CA, SHA224 Digest) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #37 (Valid, EC CA, SHA256 Digest) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server5-sha256.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA512_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA512_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #40 (Valid, depth 0, RSA, CA) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C +x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #41 (Valid, depth 0, EC, CA) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C +x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #42 (Depth 0, not CA, RSA) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C +x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" + +X509 Certificate verification #43 (Depth 0, not CA, EC) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C +x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" + +X509 Certificate verification #44 (Corrupted signature, EC) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" + +X509 Certificate verification #45 (Corrupted signature, RSA) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C +x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" + +X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" + +X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL" + +X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #50 (Valid, multiple CAs) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"NULL" + +X509 Certificate verification #51 (Valid, multiple CAs, reverse order) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"NULL" + X509 Parse Selftest depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_SELF_TEST x509_selftest: diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index cec4d8d8d..ce27a9f39 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -226,8 +226,8 @@ void x509parse_public_keyfile_ec( char *key_file, int result ) if( res == 0 ) { ecp_keypair *eckey; - TEST_ASSERT( ctx.type == POLARSSL_PK_ECKEY ); - eckey = (ecp_keypair *) ctx.data; + TEST_ASSERT( pk_can_do( &ctx, POLARSSL_PK_ECKEY ) ); + eckey = pk_ec( ctx ); TEST_ASSERT( ecp_check_pubkey( &eckey->grp, &eckey->Q ) == 0 ); } @@ -250,8 +250,8 @@ void x509parse_keyfile_ec( char *key_file, char *password, int result ) if( res == 0 ) { ecp_keypair *eckey; - TEST_ASSERT( ctx.type == POLARSSL_PK_ECKEY ); - eckey = (ecp_keypair *) ctx.data; + TEST_ASSERT( pk_can_do( &ctx, POLARSSL_PK_ECKEY ) ); + eckey = pk_ec( ctx ); TEST_ASSERT( ecp_check_privkey( &eckey->grp, &eckey->d ) == 0 ); }