From 1a7550ac6777a92bf67d8130c16314533cf0f892 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Sun, 15 Sep 2013 13:01:22 +0200 Subject: [PATCH] Moved PK key parsing from X509 module to PK module --- include/polarssl/error.h | 4 +- include/polarssl/pk.h | 80 ++ include/polarssl/x509.h | 84 +- library/CMakeLists.txt | 1 + library/Makefile | 2 +- library/error.c | 38 +- library/pkparse.c | 957 +++++++++++++++++++++ library/x509parse.c | 884 +------------------ programs/pkey/key_app_writer.c | 8 +- programs/ssl/ssl_client2.c | 6 +- programs/ssl/ssl_fork_server.c | 4 +- programs/ssl/ssl_mail_client.c | 6 +- programs/ssl/ssl_server.c | 6 +- programs/ssl/ssl_server2.c | 6 +- programs/test/ssl_test.c | 6 +- programs/x509/cert_req.c | 4 +- programs/x509/cert_write.c | 10 +- tests/CMakeLists.txt | 1 + tests/Makefile | 5 + tests/suites/test_suite_pkparse.data | 196 +++++ tests/suites/test_suite_pkparse.function | 136 +++ tests/suites/test_suite_x509parse.data | 215 +---- tests/suites/test_suite_x509parse.function | 119 --- tests/suites/test_suite_x509write.function | 10 +- 24 files changed, 1468 insertions(+), 1320 deletions(-) create mode 100644 library/pkparse.c create mode 100644 tests/suites/test_suite_pkparse.data create mode 100644 tests/suites/test_suite_pkparse.function diff --git a/include/polarssl/error.h b/include/polarssl/error.h index 4c9ef7c47..8279df5b4 100644 --- a/include/polarssl/error.h +++ b/include/polarssl/error.h @@ -76,8 +76,8 @@ * Name ID Nr of Errors * PEM 1 9 * PKCS#12 1 4 (Started from top) - * X509 2 25 - * PK 2 3 (Started from top) + * X509 2 18 + * PK 2 13 (Started from top) * DHM 3 6 * PKCS5 3 4 (Started from top) * RSA 4 9 diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index f8c6cc89a..97e6cb9f4 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -47,6 +47,17 @@ #define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */ #define POLARSSL_ERR_PK_TYPE_MISMATCH -0x2F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */ #define POLARSSL_ERR_PK_BAD_INPUT_DATA -0x2E80 /**< Bad input parameters to function. */ +#define POLARSSL_ERR_PK_FILE_IO_ERROR -0x2E00 /**< Read/write of file failed. */ +#define POLARSSL_ERR_PK_KEY_INVALID_VERSION -0x2D80 /**< Unsupported key version */ +#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT -0x2D00 /**< Invalid key tag or value. */ +#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG -0x2C80 /**< Key algorithm is unsupported (only RSA and EC are supported). */ +#define POLARSSL_ERR_PK_PASSWORD_REQUIRED -0x2C00 /**< Private key password can't be empty. */ +#define POLARSSL_ERR_PK_PASSWORD_MISMATCH -0x2B80 /**< Given private key password does not allow for correct decryption. */ +#define POLARSSL_ERR_PK_INVALID_PUBKEY -0x2B00 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */ +#define POLARSSL_ERR_PK_INVALID_ALG -0x2A80 /**< The algorithm tag or value is invalid. */ +#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE -0x2A00 /**< Elliptic curve is unsupported (only NIST curves are supported). */ +#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE -0x2980 /**< Unavailable feature, e.g. RSA disabled for RSA key. */ + #if defined(POLARSSL_RSA_C) /** @@ -378,6 +389,75 @@ const char * pk_get_name( const pk_context *ctx ); */ pk_type_t pk_get_type( const pk_context *ctx ); +/** \ingroup x509_module */ +/** + * \brief Parse a private key + * + * \param ctx key to be initialized + * \param key input buffer + * \param keylen size of the buffer + * \param pwd password for decryption (optional) + * \param pwdlen size of the password + * + * \return 0 if successful, or a specific PK or PEM error code + */ +int pk_parse_key( pk_context *ctx, + const unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen ); + +#if defined(POLARSSL_FS_IO) +/** \ingroup x509_module */ +/** + * \brief Load and parse a private key + * + * \param ctx key to be initialized + * \param path filename to read the private key from + * \param password password to decrypt the file (can be NULL) + * + * \return 0 if successful, or a specific PK or PEM error code + */ +int pk_parse_keyfile( pk_context *ctx, + const char *path, const char *password ); +#endif /* POLARSSL_FS_IO */ + +/** \ingroup x509_module */ +/** + * \brief Parse a public key + * + * \param ctx key to be initialized + * \param key input buffer + * \param keylen size of the buffer + * + * \return 0 if successful, or a specific PK or PEM error code + */ +int pk_parse_public_key( pk_context *ctx, + const unsigned char *key, size_t keylen ); + +#if defined(POLARSSL_FS_IO) +/** \ingroup x509_module */ +/** + * \brief Load and parse a public key + * + * \param ctx key to be initialized + * \param path filename to read the private key from + * + * \return 0 if successful, or a specific PK or PEM error code + */ +int pk_parse_public_keyfile( pk_context *ctx, const char *path ); +#endif /* POLARSSL_FS_IO */ + +/** + * \brief Parse a SubjectPublicKeyInfo DER structure + * + * \param p the position in the ASN.1 data + * \param end end of the buffer + * \param pk the key to fill + * + * \return 0 if successful, or a specific PK error code + */ +int pk_parse_get_pubkey( unsigned char **p, const unsigned char *end, + pk_context *pk ); + #ifdef __cplusplus } #endif diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 00e9b0bce..3c66e60b7 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -52,23 +52,16 @@ #define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x2300 /**< The algorithm tag or value is invalid. */ #define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x2380 /**< The name tag or value is invalid. */ #define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x2400 /**< The date tag or value is invalid. */ -#define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x2480 /**< The pubkey tag or value is invalid (only RSA and EC are supported). */ -#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x2500 /**< The signature tag or value invalid. */ -#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x2580 /**< The extension tag or value is invalid. */ -#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x2600 /**< Certificate or CRL has an unsupported version number. */ -#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x2680 /**< Signature algorithm (oid) is unsupported. */ -#define POLARSSL_ERR_X509_UNKNOWN_PK_ALG -0x2700 /**< Key algorithm is unsupported (only RSA and EC are supported). */ -#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x2780 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */ -#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2800 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */ -#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x2880 /**< Unsupported RSA key version */ -#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x2900 /**< Invalid RSA key tag or value. */ -#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2980 /**< Format not recognized as DER or PEM. */ -#define POLARSSL_ERR_X509_INVALID_INPUT -0x2A00 /**< Input invalid. */ -#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2A80 /**< Allocation of memory failed. */ -#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2B00 /**< Read/write of file failed. */ -#define POLARSSL_ERR_X509_PASSWORD_REQUIRED -0x2B80 /**< Private key password can't be empty. */ -#define POLARSSL_ERR_X509_PASSWORD_MISMATCH -0x2C00 /**< Given private key password does not allow for correct decryption. */ -#define POLARSSL_ERR_X509_UNKNOWN_NAMED_CURVE -0x2C80 /**< Elliptic curve is unsupported (only NIST curves are supported). */ +#define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x2480 /**< The signature tag or value invalid. */ +#define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x2500 /**< The extension tag or value is invalid. */ +#define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x2580 /**< Certificate or CRL has an unsupported version number. */ +#define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x2600 /**< Signature algorithm (oid) is unsupported. */ +#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x2680 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */ +#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2700 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */ +#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780 /**< Format not recognized as DER or PEM. */ +#define POLARSSL_ERR_X509_INVALID_INPUT -0x2800 /**< Input invalid. */ +#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2880 /**< Allocation of memory failed. */ +#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */ /* \} name */ /** @@ -480,63 +473,6 @@ int x509parse_public_keyfile_rsa( rsa_context *rsa, const char *path ); #endif /* POLARSSL_FS_IO */ #endif /* POLARSSL_RSA_C */ -/** \ingroup x509_module */ -/** - * \brief Parse a private key - * - * \param ctx key to be initialized - * \param key input buffer - * \param keylen size of the buffer - * \param pwd password for decryption (optional) - * \param pwdlen size of the password - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int x509parse_key( pk_context *ctx, - const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ); - -#if defined(POLARSSL_FS_IO) -/** \ingroup x509_module */ -/** - * \brief Load and parse a private key - * - * \param ctx key to be initialized - * \param path filename to read the private key from - * \param password password to decrypt the file (can be NULL) - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int x509parse_keyfile( pk_context *ctx, - const char *path, const char *password ); -#endif /* POLARSSL_FS_IO */ - -/** \ingroup x509_module */ -/** - * \brief Parse a public key - * - * \param ctx key to be initialized - * \param key input buffer - * \param keylen size of the buffer - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int x509parse_public_key( pk_context *ctx, - const unsigned char *key, size_t keylen ); - -#if defined(POLARSSL_FS_IO) -/** \ingroup x509_module */ -/** - * \brief Load and parse a public key - * - * \param ctx key to be initialized - * \param path filename to read the private key from - * - * \return 0 if successful, or a specific X509 or PEM error code - */ -int x509parse_public_keyfile( pk_context *ctx, const char *path ); -#endif /* POLARSSL_FS_IO */ - /** \ingroup x509_module */ /** * \brief Parse DHM parameters diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 9eea7dc05..fcd601cbf 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -41,6 +41,7 @@ set(src pkcs12.c pk.c pk_wrap.c + pkparse.c rsa.c sha1.c sha256.c diff --git a/library/Makefile b/library/Makefile index 044e2b7a4..1316155f0 100644 --- a/library/Makefile +++ b/library/Makefile @@ -49,7 +49,7 @@ OBJS= aes.o arc4.o asn1parse.o \ oid.o \ padlock.o pbkdf2.o pem.o \ pkcs5.o pkcs11.o pkcs12.o \ - pk.o pk_wrap.o \ + pk.o pk_wrap.o pkparse.o \ rsa.o sha1.o sha256.o \ sha512.o ssl_cache.o ssl_cli.o \ ssl_srv.o ssl_ciphersuites.o \ diff --git a/library/error.c b/library/error.c index 86586dde2..b0e3ebd20 100644 --- a/library/error.c +++ b/library/error.c @@ -214,9 +214,11 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(POLARSSL_ERR_ECP_BUFFER_TOO_SMALL) ) snprintf( buf, buflen, "ECP - The buffer is too small to write to" ); if( use_ret == -(POLARSSL_ERR_ECP_GENERIC) ) - snprintf( buf, buflen, "ECP - Generic ECP error" ); + snprintf( buf, buflen, "ECP - Generic ECP error" ); if( use_ret == -(POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE) ) snprintf( buf, buflen, "ECP - Requested curve not available" ); + if( use_ret == -(POLARSSL_ERR_ECP_VERIFY_FAILED) ) + snprintf( buf, buflen, "ECP - The signature is not valid" ); #endif /* POLARSSL_ECP_C */ #if defined(POLARSSL_MD_C) @@ -258,6 +260,26 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" ); if( use_ret == -(POLARSSL_ERR_PK_BAD_INPUT_DATA) ) snprintf( buf, buflen, "PK - Bad input parameters to function" ); + if( use_ret == -(POLARSSL_ERR_PK_FILE_IO_ERROR) ) + snprintf( buf, buflen, "PK - Read/write of file failed" ); + if( use_ret == -(POLARSSL_ERR_PK_KEY_INVALID_VERSION) ) + snprintf( buf, buflen, "PK - Unsupported key version" ); + if( use_ret == -(POLARSSL_ERR_PK_KEY_INVALID_FORMAT) ) + snprintf( buf, buflen, "PK - Invalid key tag or value" ); + if( use_ret == -(POLARSSL_ERR_PK_UNKNOWN_PK_ALG) ) + snprintf( buf, buflen, "PK - Key algorithm is unsupported (only RSA and EC are supported)" ); + if( use_ret == -(POLARSSL_ERR_PK_PASSWORD_REQUIRED) ) + snprintf( buf, buflen, "PK - Private key password can't be empty" ); + if( use_ret == -(POLARSSL_ERR_PK_PASSWORD_MISMATCH) ) + snprintf( buf, buflen, "PK - Given private key password does not allow for correct decryption" ); + if( use_ret == -(POLARSSL_ERR_PK_INVALID_PUBKEY) ) + snprintf( buf, buflen, "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" ); + if( use_ret == -(POLARSSL_ERR_PK_INVALID_ALG) ) + snprintf( buf, buflen, "PK - The algorithm tag or value is invalid" ); + if( use_ret == -(POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE) ) + snprintf( buf, buflen, "PK - Elliptic curve is unsupported (only NIST curves are supported)" ); + if( use_ret == -(POLARSSL_ERR_PK_FEATURE_UNAVAILABLE) ) + snprintf( buf, buflen, "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); #endif /* POLARSSL_PK_C */ #if defined(POLARSSL_PKCS12_C) @@ -400,8 +422,6 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "X509 - The name tag or value is invalid" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_DATE) ) snprintf( buf, buflen, "X509 - The date tag or value is invalid" ); - if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_PUBKEY) ) - snprintf( buf, buflen, "X509 - The pubkey tag or value is invalid (only RSA is supported)" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE) ) snprintf( buf, buflen, "X509 - The signature tag or value invalid" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS) ) @@ -410,16 +430,10 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "X509 - Certificate or CRL has an unsupported version number" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG) ) snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" ); - if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_PK_ALG) ) - snprintf( buf, buflen, "X509 - Key algorithm is unsupported (only RSA and EC are supported)" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_SIG_MISMATCH) ) snprintf( buf, buflen, "X509 - Certificate signature algorithms do not match. (see \\c ::x509_cert sig_oid)" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_VERIFY_FAILED) ) snprintf( buf, buflen, "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" ); - if( use_ret == -(POLARSSL_ERR_X509_KEY_INVALID_VERSION) ) - snprintf( buf, buflen, "X509 - Unsupported RSA key version" ); - if( use_ret == -(POLARSSL_ERR_X509_KEY_INVALID_FORMAT) ) - snprintf( buf, buflen, "X509 - Invalid RSA key tag or value" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT) ) snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" ); if( use_ret == -(POLARSSL_ERR_X509_INVALID_INPUT) ) @@ -428,12 +442,6 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "X509 - Allocation of memory failed" ); if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) ) snprintf( buf, buflen, "X509 - Read/write of file failed" ); - if( use_ret == -(POLARSSL_ERR_X509_PASSWORD_REQUIRED) ) - snprintf( buf, buflen, "X509 - Private key password can't be empty" ); - if( use_ret == -(POLARSSL_ERR_X509_PASSWORD_MISMATCH) ) - snprintf( buf, buflen, "X509 - Given private key password does not allow for correct decryption" ); - if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_NAMED_CURVE) ) - snprintf( buf, buflen, "X509 - Elliptic curve is unsupported (only NIST curves are supported)" ); #endif /* POLARSSL_X509_PARSE_C */ #if defined(POLARSSL_X509_WRITE_C) diff --git a/library/pkparse.c b/library/pkparse.c new file mode 100644 index 000000000..e04bbea43 --- /dev/null +++ b/library/pkparse.c @@ -0,0 +1,957 @@ +/* + * Public Key layer for parsing key files and structures + * + * Copyright (C) 2006-2013, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "polarssl/config.h" + +#if defined(POLARSSL_PK_C) + +#include "polarssl/pk.h" +#include "polarssl/asn1.h" +#include "polarssl/oid.h" + +#if defined(POLARSSL_RSA_C) +#include "polarssl/rsa.h" +#endif +#if defined(POLARSSL_ECP_C) +#include "polarssl/ecp.h" +#endif +#if defined(POLARSSL_ECDSA_C) +#include "polarssl/ecdsa.h" +#endif +#if defined(POLARSSL_PEM_C) +#include "polarssl/pem.h" +#endif +#if defined(POLARSSL_PKCS5_C) +#include "polarssl/pkcs5.h" +#endif +#if defined(POLARSSL_PKCS12_C) +#include "polarssl/pkcs12.h" +#endif + +#if defined(POLARSSL_MEMORY_C) +#include "polarssl/memory.h" +#else +#include +#define polarssl_malloc malloc +#define polarssl_free free +#endif + +#if defined(POLARSSL_FS_IO) +/* + * Load all data from a file into a given buffer. + */ +static int load_file( const char *path, unsigned char **buf, size_t *n ) +{ + FILE *f; + long size; + + if( ( f = fopen( path, "rb" ) ) == NULL ) + return( POLARSSL_ERR_PK_FILE_IO_ERROR ); + + fseek( f, 0, SEEK_END ); + if( ( size = ftell( f ) ) == -1 ) + { + fclose( f ); + return( POLARSSL_ERR_PK_FILE_IO_ERROR ); + } + fseek( f, 0, SEEK_SET ); + + *n = (size_t) size; + + if( *n + 1 == 0 || + ( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL ) + { + fclose( f ); + return( POLARSSL_ERR_PK_MALLOC_FAILED ); + } + + if( fread( *buf, 1, *n, f ) != *n ) + { + fclose( f ); + polarssl_free( *buf ); + return( POLARSSL_ERR_PK_FILE_IO_ERROR ); + } + + fclose( f ); + + (*buf)[*n] = '\0'; + + return( 0 ); +} + +/* + * Load and parse a private key + */ +int pk_parse_keyfile( pk_context *ctx, + const char *path, const char *pwd ) +{ + int ret; + size_t n; + unsigned char *buf; + + if ( (ret = load_file( path, &buf, &n ) ) != 0 ) + return( ret ); + + if( pwd == NULL ) + ret = pk_parse_key( ctx, buf, n, NULL, 0 ); + else + ret = pk_parse_key( ctx, buf, n, + (const unsigned char *) pwd, strlen( pwd ) ); + + memset( buf, 0, n + 1 ); + polarssl_free( buf ); + + return( ret ); +} + +/* + * Load and parse a public key + */ +int pk_parse_public_keyfile( pk_context *ctx, const char *path ) +{ + int ret; + size_t n; + unsigned char *buf; + + if ( (ret = load_file( path, &buf, &n ) ) != 0 ) + return( ret ); + + ret = pk_parse_public_key( ctx, buf, n ); + + memset( buf, 0, n + 1 ); + polarssl_free( buf ); + + return( ret ); +} +#endif /* POLARSSL_FS_IO */ + +#if defined(POLARSSL_ECP_C) +/* Get an EC group id from an ECParameters buffer + * + * ECParameters ::= CHOICE { + * namedCurve OBJECT IDENTIFIER + * -- implicitCurve NULL + * -- specifiedCurve SpecifiedECDomain + * } + */ +static int pk_get_ecparams( unsigned char **p, const unsigned char *end, + asn1_buf *params ) +{ + int ret; + + params->tag = **p; + + if( ( ret = asn1_get_tag( p, end, ¶ms->len, ASN1_OID ) ) != 0 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + + params->p = *p; + *p += params->len; + + if( *p != end ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); + + return( 0 ); +} + +/* + * Use EC parameters to initialise an EC group + */ +static int pk_use_ecparams( const asn1_buf *params, ecp_group *grp ) +{ + int ret; + ecp_group_id grp_id; + + if( oid_get_ec_grp( params, &grp_id ) != 0 ) + return( POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE ); + + /* + * grp may already be initilialized; if so, make sure IDs match + */ + if( grp->id != POLARSSL_ECP_DP_NONE && grp->id != grp_id ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT ); + + if( ( ret = ecp_use_known_dp( grp, grp_id ) ) != 0 ) + return( ret ); + + return( 0 ); +} + +/* + * EC public key is an EC point + */ +static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, + ecp_keypair *key ) +{ + int ret; + + if( ( ret = ecp_point_read_binary( &key->grp, &key->Q, + (const unsigned char *) *p, end - *p ) ) != 0 || + ( ret = ecp_check_pubkey( &key->grp, &key->Q ) ) != 0 ) + { + ecp_keypair_free( key ); + return( POLARSSL_ERR_PK_INVALID_PUBKEY ); + } + + /* + * We know ecp_point_read_binary consumed all bytes + */ + *p = (unsigned char *) end; + + return( 0 ); +} +#endif /* POLARSSL_ECP_C */ + +#if defined(POLARSSL_RSA_C) +/* + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e + * } + */ +static int pk_get_rsapubkey( unsigned char **p, + const unsigned char *end, + rsa_context *rsa ) +{ + int ret; + size_t len; + + if( ( ret = asn1_get_tag( p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret ); + + if( *p + len != end ) + return( POLARSSL_ERR_PK_INVALID_PUBKEY + + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); + + if( ( ret = asn1_get_mpi( p, end, &rsa->N ) ) != 0 || + ( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 ) + return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret ); + + if( *p != end ) + return( POLARSSL_ERR_PK_INVALID_PUBKEY + + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); + + if( ( ret = rsa_check_pubkey( rsa ) ) != 0 ) + return( ret ); + + rsa->len = mpi_size( &rsa->N ); + + return( 0 ); +} +#endif /* POLARSSL_RSA_C */ + +/* Get a PK algorithm identifier + * + * AlgorithmIdentifier ::= SEQUENCE { + * algorithm OBJECT IDENTIFIER, + * parameters ANY DEFINED BY algorithm OPTIONAL } + */ +static int pk_get_pk_alg( unsigned char **p, + const unsigned char *end, + pk_type_t *pk_alg, asn1_buf *params ) +{ + int ret; + asn1_buf alg_oid; + + memset( params, 0, sizeof(asn1_buf) ); + + if( ( ret = asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) + return( POLARSSL_ERR_PK_INVALID_ALG + ret ); + + if( oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) + return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); + + /* + * No parameters with RSA (only for EC) + */ + if( *pk_alg == POLARSSL_PK_RSA && + ( ( params->tag != ASN1_NULL && params->tag != 0 ) || + params->len != 0 ) ) + { + return( POLARSSL_ERR_PK_INVALID_ALG ); + } + + return( 0 ); +} + +/* + * SubjectPublicKeyInfo ::= SEQUENCE { + * algorithm AlgorithmIdentifier, + * subjectPublicKey BIT STRING } + */ +int pk_parse_get_pubkey( unsigned char **p, const unsigned char *end, + pk_context *pk ) +{ + int ret; + size_t len; + asn1_buf alg_params; + pk_type_t pk_alg = POLARSSL_PK_NONE; + const pk_info_t *pk_info; + + if( ( ret = asn1_get_tag( p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + end = *p + len; + + if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 ) + return( ret ); + + if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 ) + return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret ); + + if( *p + len != end ) + return( POLARSSL_ERR_PK_INVALID_PUBKEY + + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); + + if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL ) + return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ) + return( ret ); + +#if defined(POLARSSL_RSA_C) + if( pk_alg == POLARSSL_PK_RSA ) + { + ret = pk_get_rsapubkey( p, end, pk_rsa( *pk ) ); + } else +#endif /* POLARSSL_RSA_C */ +#if defined(POLARSSL_ECP_C) + if( pk_alg == POLARSSL_PK_ECKEY_DH || pk_alg == POLARSSL_PK_ECKEY ) + { + ret = pk_use_ecparams( &alg_params, &pk_ec( *pk )->grp ); + if( ret == 0 ) + ret = pk_get_ecpubkey( p, end, pk_ec( *pk ) ); + } else +#endif /* POLARSSL_ECP_C */ + ret = POLARSSL_ERR_PK_UNKNOWN_PK_ALG; + + if( ret == 0 && *p != end ) + ret = POLARSSL_ERR_PK_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH; + + if( ret != 0 ) + pk_free( pk ); + + return( ret ); +} + +#if defined(POLARSSL_RSA_C) +/* + * Parse a PKCS#1 encoded private RSA key + */ +static int pk_parse_key_pkcs1_der( rsa_context *rsa, + const unsigned char *key, + size_t keylen ) +{ + int ret; + size_t len; + unsigned char *p, *end; + + p = (unsigned char *) key; + end = p + keylen; + + /* + * This function parses the RSAPrivateKey (PKCS#1) + * + * RSAPrivateKey ::= SEQUENCE { + * version Version, + * modulus INTEGER, -- n + * publicExponent INTEGER, -- e + * privateExponent INTEGER, -- d + * prime1 INTEGER, -- p + * prime2 INTEGER, -- q + * exponent1 INTEGER, -- d mod (p-1) + * exponent2 INTEGER, -- d mod (q-1) + * coefficient INTEGER, -- (inverse of q) mod p + * otherPrimeInfos OtherPrimeInfos OPTIONAL + * } + */ + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + end = p + len; + + if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) + { + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + if( rsa->ver != 0 ) + { + return( POLARSSL_ERR_PK_KEY_INVALID_VERSION ); + } + + if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || + ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) + { + rsa_free( rsa ); + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + rsa->len = mpi_size( &rsa->N ); + + if( p != end ) + { + rsa_free( rsa ); + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); + } + + if( ( ret = rsa_check_privkey( rsa ) ) != 0 ) + { + rsa_free( rsa ); + return( ret ); + } + + return( 0 ); +} +#endif /* POLARSSL_RSA_C */ + +#if defined(POLARSSL_ECP_C) +/* + * Parse a SEC1 encoded private EC key + */ +static int pk_parse_key_sec1_der( ecp_keypair *eck, + const unsigned char *key, + size_t keylen ) +{ + int ret; + int version; + size_t len; + asn1_buf params; + unsigned char *p = (unsigned char *) key; + unsigned char *end = p + keylen; + unsigned char *end2; + + /* + * RFC 5915, or SEC1 Appendix C.4 + * + * ECPrivateKey ::= SEQUENCE { + * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + * privateKey OCTET STRING, + * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, + * publicKey [1] BIT STRING OPTIONAL + * } + */ + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + end = p + len; + + if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + + if( version != 1 ) + return( POLARSSL_ERR_PK_KEY_INVALID_VERSION ); + + if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + + if( ( ret = mpi_read_binary( &eck->d, p, len ) ) != 0 ) + { + ecp_keypair_free( eck ); + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + p += len; + + /* + * Is 'parameters' present? + */ + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 ) + { + if( ( ret = pk_get_ecparams( &p, p + len, ¶ms) ) != 0 || + ( ret = pk_use_ecparams( ¶ms, &eck->grp ) ) != 0 ) + { + ecp_keypair_free( eck ); + return( ret ); + } + } + else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) + { + ecp_keypair_free( eck ); + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + /* + * Is 'publickey' present? + */ + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 ) + { + end2 = p + len; + + if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + + if( p + len != end2 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); + + if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) != 0 ) + return( ret ); + } + else if ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) + { + ecp_keypair_free( eck ); + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + if( ( ret = ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 ) + { + ecp_keypair_free( eck ); + return( ret ); + } + + return 0; +} +#endif /* POLARSSL_ECP_C */ + +/* + * Parse an unencrypted PKCS#8 encoded private key + */ +static int pk_parse_key_pkcs8_unencrypted_der( + pk_context *pk, + const unsigned char* key, + size_t keylen ) +{ + int ret, version; + size_t len; + asn1_buf params; + unsigned char *p = (unsigned char *) key; + unsigned char *end = p + keylen; + pk_type_t pk_alg = POLARSSL_PK_NONE; + const pk_info_t *pk_info; + + /* + * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208) + * + * PrivateKeyInfo ::= SEQUENCE { + * version Version, + * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, + * privateKey PrivateKey, + * attributes [0] IMPLICIT Attributes OPTIONAL } + * + * Version ::= INTEGER + * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier + * PrivateKey ::= OCTET STRING + * + * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey + */ + + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + end = p + len; + + if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + + if( version != 0 ) + return( POLARSSL_ERR_PK_KEY_INVALID_VERSION + ret ); + + if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + + if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + + if( len < 1 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + + POLARSSL_ERR_ASN1_OUT_OF_DATA ); + + if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL ) + return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ) + return( ret ); + +#if defined(POLARSSL_RSA_C) + if( pk_alg == POLARSSL_PK_RSA ) + { + if( ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), p, len ) ) != 0 ) + { + pk_free( pk ); + return( ret ); + } + } else +#endif /* POLARSSL_RSA_C */ +#if defined(POLARSSL_ECP_C) + if( pk_alg == POLARSSL_PK_ECKEY || pk_alg == POLARSSL_PK_ECKEY_DH ) + { + if( ( ret = pk_use_ecparams( ¶ms, &pk_ec( *pk )->grp ) ) != 0 || + ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), p, len ) ) != 0 ) + { + pk_free( pk ); + return( ret ); + } + } else +#endif /* POLARSSL_ECP_C */ + return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); + + return 0; +} + +/* + * Parse an encrypted PKCS#8 encoded private key + */ +static int pk_parse_key_pkcs8_encrypted_der( + pk_context *pk, + const unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen ) +{ + int ret; + size_t len; + unsigned char buf[2048]; + unsigned char *p, *end; + asn1_buf pbe_alg_oid, pbe_params; +#if defined(POLARSSL_PKCS12_C) + cipher_type_t cipher_alg; + md_type_t md_alg; +#endif + + memset( buf, 0, sizeof( buf ) ); + + p = (unsigned char *) key; + end = p + keylen; + + if( pwdlen == 0 ) + return( POLARSSL_ERR_PK_PASSWORD_REQUIRED ); + + /* + * This function parses the EncryptedPrivatKeyInfo object (PKCS#8) + * + * EncryptedPrivateKeyInfo ::= SEQUENCE { + * encryptionAlgorithm EncryptionAlgorithmIdentifier, + * encryptedData EncryptedData + * } + * + * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + * + * EncryptedData ::= OCTET STRING + * + * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo + */ + if( ( ret = asn1_get_tag( &p, end, &len, + ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) + { + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + } + + end = p + len; + + if( ( ret = asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + + if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ) + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); + + if( len > sizeof( buf ) ) + return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); + + /* + * Decrypt EncryptedData with appropriate PDE + */ +#if defined(POLARSSL_PKCS12_C) + if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) + { + if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT, + cipher_alg, md_alg, + pwd, pwdlen, p, len, buf ) ) != 0 ) + { + if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH ) + return( POLARSSL_ERR_PK_PASSWORD_MISMATCH ); + + return( ret ); + } + } + else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) ) + { + if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params, + PKCS12_PBE_DECRYPT, + pwd, pwdlen, + p, len, buf ) ) != 0 ) + { + return( ret ); + } + + // Best guess for password mismatch when using RC4. If first tag is + // not ASN1_CONSTRUCTED | ASN1_SEQUENCE + // + if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) + return( POLARSSL_ERR_PK_PASSWORD_MISMATCH ); + } + else +#endif /* POLARSSL_PKCS12_C */ +#if defined(POLARSSL_PKCS5_C) + if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) ) + { + if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen, + p, len, buf ) ) != 0 ) + { + if( ret == POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH ) + return( POLARSSL_ERR_PK_PASSWORD_MISMATCH ); + + return( ret ); + } + } + else +#endif /* POLARSSL_PKCS5_C */ + return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE ); + + return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); +} + +/* + * Parse a private key + */ +int pk_parse_key( pk_context *pk, + const unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen ) +{ + int ret; + const pk_info_t *pk_info; + +#if defined(POLARSSL_PEM_C) + size_t len; + pem_context pem; + + pem_init( &pem ); + +#if defined(POLARSSL_RSA_C) + ret = pem_read_buffer( &pem, + "-----BEGIN RSA PRIVATE KEY-----", + "-----END RSA PRIVATE KEY-----", + key, pwd, pwdlen, &len ); + if( ret == 0 ) + { + if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL ) + return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || + ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), + pem.buf, pem.buflen ) ) != 0 ) + { + pk_free( pk ); + } + + pem_free( &pem ); + return( ret ); + } + else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH ) + return( POLARSSL_ERR_PK_PASSWORD_MISMATCH ); + else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED ) + return( POLARSSL_ERR_PK_PASSWORD_REQUIRED ); + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + return( ret ); +#endif /* POLARSSL_RSA_C */ + +#if defined(POLARSSL_ECP_C) + ret = pem_read_buffer( &pem, + "-----BEGIN EC PRIVATE KEY-----", + "-----END EC PRIVATE KEY-----", + key, pwd, pwdlen, &len ); + if( ret == 0 ) + { + if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL ) + return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || + ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), + pem.buf, pem.buflen ) ) != 0 ) + { + pk_free( pk ); + } + + pem_free( &pem ); + return( ret ); + } + else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH ) + return( POLARSSL_ERR_PK_PASSWORD_MISMATCH ); + else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED ) + return( POLARSSL_ERR_PK_PASSWORD_REQUIRED ); + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + return( ret ); +#endif /* POLARSSL_ECP_C */ + + ret = pem_read_buffer( &pem, + "-----BEGIN PRIVATE KEY-----", + "-----END PRIVATE KEY-----", + key, NULL, 0, &len ); + if( ret == 0 ) + { + if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, + pem.buf, pem.buflen ) ) != 0 ) + { + pk_free( pk ); + } + + pem_free( &pem ); + return( ret ); + } + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + return( ret ); + + ret = pem_read_buffer( &pem, + "-----BEGIN ENCRYPTED PRIVATE KEY-----", + "-----END ENCRYPTED PRIVATE KEY-----", + key, NULL, 0, &len ); + if( ret == 0 ) + { + if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, + pem.buf, pem.buflen, + pwd, pwdlen ) ) != 0 ) + { + pk_free( pk ); + } + + pem_free( &pem ); + return( ret ); + } + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + return( ret ); +#else + ((void) pwd); + ((void) pwdlen); +#endif /* POLARSSL_PEM_C */ + + /* + * At this point we only know it's not a PEM formatted key. Could be any + * of the known DER encoded private key formats + * + * We try the different DER format parsers to see if one passes without + * error + */ + if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, + pwd, pwdlen ) ) == 0 ) + { + return( 0 ); + } + + pk_free( pk ); + + if( ret == POLARSSL_ERR_PK_PASSWORD_MISMATCH ) + { + return( ret ); + } + + if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) + return( 0 ); + + pk_free( pk ); + +#if defined(POLARSSL_RSA_C) + if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL ) + return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || + ( ret = pk_parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) == 0 ) + { + return( 0 ); + } + + pk_free( pk ); +#endif /* POLARSSL_RSA_C */ + +#if defined(POLARSSL_ECP_C) + if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL ) + return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); + + if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || + ( ret = pk_parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) == 0 ) + { + return( 0 ); + } + + pk_free( pk ); +#endif /* POLARSSL_ECP_C */ + + return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT ); +} + +/* + * Parse a public key + */ +int pk_parse_public_key( pk_context *ctx, + const unsigned char *key, size_t keylen ) +{ + int ret; + unsigned char *p; +#if defined(POLARSSL_PEM_C) + size_t len; + pem_context pem; + + pem_init( &pem ); + ret = pem_read_buffer( &pem, + "-----BEGIN PUBLIC KEY-----", + "-----END PUBLIC KEY-----", + key, NULL, 0, &len ); + + if( ret == 0 ) + { + /* + * Was PEM encoded + */ + key = pem.buf; + keylen = pem.buflen; + } + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) + { + pem_free( &pem ); + return( ret ); + } +#endif + p = (unsigned char *) key; + + ret = pk_parse_get_pubkey( &p, p + keylen, ctx ); + +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif + + return( ret ); +} + +#endif /* POLARSSL_PK_C */ diff --git a/library/x509parse.c b/library/x509parse.c index f5e8688b9..55938f954 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -183,40 +183,6 @@ static int x509_get_serial( unsigned char **p, return( 0 ); } -/* Get a PK algorithm identifier - * - * AlgorithmIdentifier ::= SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters ANY DEFINED BY algorithm OPTIONAL } - */ -static int x509_get_pk_alg( unsigned char **p, - const unsigned char *end, - pk_type_t *pk_alg, x509_buf *params ) -{ - int ret; - x509_buf alg_oid; - - memset( params, 0, sizeof(asn1_buf) ); - - if( ( ret = asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) - return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret ); - - if( oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) - return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); - - /* - * No parameters with RSA (only for EC) - */ - if( *pk_alg == POLARSSL_PK_RSA && - ( ( params->tag != ASN1_NULL && params->tag != 0 ) || - params->len != 0 ) ) - { - return( POLARSSL_ERR_X509_CERT_INVALID_ALG ); - } - - return( 0 ); -} - /* Get an algorithm identifier without parameters (eg for signatures) * * AlgorithmIdentifier ::= SEQUENCE { @@ -234,60 +200,6 @@ static int x509_get_alg_null( unsigned char **p, const unsigned char *end, return( 0 ); } - -#if defined(POLARSSL_ECP_C) -/* Get an EC group id from an ECParameters buffer - * - * ECParameters ::= CHOICE { - * namedCurve OBJECT IDENTIFIER - * -- implicitCurve NULL - * -- specifiedCurve SpecifiedECDomain - * } - */ -static int x509_get_ecparams( unsigned char **p, const unsigned char *end, - x509_buf *params ) -{ - int ret; - - params->tag = **p; - - if( ( ret = asn1_get_tag( p, end, ¶ms->len, ASN1_OID ) ) != 0 ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - - params->p = *p; - *p += params->len; - - if( *p != end ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); - - return( 0 ); -} - -/* - * Use EC parameters to initialise an EC group - */ -static int x509_use_ecparams( const x509_buf *params, ecp_group *grp ) -{ - int ret; - ecp_group_id grp_id; - - if( oid_get_ec_grp( params, &grp_id ) != 0 ) - return( POLARSSL_ERR_X509_UNKNOWN_NAMED_CURVE ); - - /* - * grp may already be initilialized; if so, make sure IDs match - */ - if( grp->id != POLARSSL_ECP_DP_NONE && grp->id != grp_id ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT ); - - if( ( ret = ecp_use_known_dp( grp, grp_id ) ) != 0 ) - return( ret ); - - return( 0 ); -} -#endif /* POLARSSL_ECP_C */ - /* * AttributeTypeAndValue ::= SEQUENCE { * type AttributeType, @@ -515,136 +427,6 @@ static int x509_get_dates( unsigned char **p, return( 0 ); } -#if defined(POLARSSL_RSA_C) -/* - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e - * } - */ -static int x509_get_rsapubkey( unsigned char **p, - const unsigned char *end, - rsa_context *rsa ) -{ - int ret; - size_t len; - - if( ( ret = asn1_get_tag( p, end, &len, - ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) - return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret ); - - if( *p + len != end ) - return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); - - if( ( ret = asn1_get_mpi( p, end, &rsa->N ) ) != 0 || - ( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 ) - return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret ); - - if( *p != end ) - return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); - - if( ( ret = rsa_check_pubkey( rsa ) ) != 0 ) - return( ret ); - - rsa->len = mpi_size( &rsa->N ); - - return( 0 ); -} -#endif /* POLARSSL_RSA_C */ - -#if defined(POLARSSL_ECP_C) -/* - * EC public key is an EC point - */ -static int x509_get_ecpubkey( unsigned char **p, const unsigned char *end, - ecp_keypair *key ) -{ - int ret; - - if( ( ret = ecp_point_read_binary( &key->grp, &key->Q, - (const unsigned char *) *p, end - *p ) ) != 0 || - ( ret = ecp_check_pubkey( &key->grp, &key->Q ) ) != 0 ) - { - ecp_keypair_free( key ); - return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY ); - } - - /* - * We know ecp_point_read_binary consumed all bytes - */ - *p = (unsigned char *) end; - - return( 0 ); -} -#endif /* POLARSSL_ECP_C */ - -/* - * SubjectPublicKeyInfo ::= SEQUENCE { - * algorithm AlgorithmIdentifier, - * subjectPublicKey BIT STRING } - */ -static int x509_get_pubkey( unsigned char **p, - const unsigned char *end, - pk_context *pk ) -{ - int ret; - size_t len; - x509_buf alg_params; - pk_type_t pk_alg = POLARSSL_PK_NONE; - const pk_info_t *pk_info; - - if( ( ret = asn1_get_tag( p, end, &len, - ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) - { - return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret ); - } - - end = *p + len; - - if( ( ret = x509_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 ) - return( ret ); - - if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 ) - return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + ret ); - - if( *p + len != end ) - return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); - - if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL ) - return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); - - if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ) - return( ret ); - -#if defined(POLARSSL_RSA_C) - if( pk_alg == POLARSSL_PK_RSA ) - { - ret = x509_get_rsapubkey( p, end, pk_rsa( *pk ) ); - } else -#endif /* POLARSSL_RSA_C */ -#if defined(POLARSSL_ECP_C) - if( pk_alg == POLARSSL_PK_ECKEY_DH || pk_alg == POLARSSL_PK_ECKEY ) - { - ret = x509_use_ecparams( &alg_params, &pk_ec( *pk )->grp ); - if( ret == 0 ) - ret = x509_get_ecpubkey( p, end, pk_ec( *pk ) ); - } else -#endif /* POLARSSL_ECP_C */ - ret = POLARSSL_ERR_X509_UNKNOWN_PK_ALG; - - if( ret == 0 && *p != end ) - ret = POLARSSL_ERR_X509_CERT_INVALID_PUBKEY - POLARSSL_ERR_ASN1_LENGTH_MISMATCH; - - if( ret != 0 ) - pk_free( pk ); - - return( ret ); -} - static int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig ) @@ -1405,7 +1187,7 @@ static int x509parse_crt_der_core( x509_cert *crt, const unsigned char *buf, /* * SubjectPublicKeyInfo */ - if( ( ret = x509_get_pubkey( &p, end, &crt->pk ) ) != 0 ) + if( ( ret = pk_parse_get_pubkey( &p, end, &crt->pk ) ) != 0 ) { x509_free( crt ); return( ret ); @@ -1792,7 +1574,7 @@ int x509parse_csr( x509_csr *csr, const unsigned char *buf, size_t buflen ) /* * subjectPKInfo SubjectPublicKeyInfo */ - if( ( ret = x509_get_pubkey( &p, end, &csr->pk ) ) != 0 ) + if( ( ret = pk_parse_get_pubkey( &p, end, &csr->pk ) ) != 0 ) { x509_csr_free( csr ); return( ret ); @@ -2328,51 +2110,6 @@ int x509parse_crlfile( x509_crl *chain, const char *path ) return( ret ); } -/* - * Load and parse a private key - */ -int x509parse_keyfile( pk_context *ctx, - const char *path, const char *pwd ) -{ - int ret; - size_t n; - unsigned char *buf; - - if ( (ret = load_file( path, &buf, &n ) ) != 0 ) - return( ret ); - - if( pwd == NULL ) - ret = x509parse_key( ctx, buf, n, NULL, 0 ); - else - ret = x509parse_key( ctx, buf, n, - (const unsigned char *) pwd, strlen( pwd ) ); - - memset( buf, 0, n + 1 ); - polarssl_free( buf ); - - return( ret ); -} - -/* - * Load and parse a public key - */ -int x509parse_public_keyfile( pk_context *ctx, const char *path ) -{ - int ret; - size_t n; - unsigned char *buf; - - if ( (ret = load_file( path, &buf, &n ) ) != 0 ) - return( ret ); - - ret = x509parse_public_key( ctx, buf, n ); - - memset( buf, 0, n + 1 ); - polarssl_free( buf ); - - return( ret ); -} - #if defined(POLARSSL_RSA_C) /* * Load and parse a private RSA key @@ -2384,7 +2121,7 @@ int x509parse_keyfile_rsa( rsa_context *rsa, const char *path, const char *pwd ) pk_init( &pk ); - ret = x509parse_keyfile( &pk, path, pwd ); + ret = pk_parse_keyfile( &pk, path, pwd ); if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) ret = POLARSSL_ERR_PK_TYPE_MISMATCH; @@ -2409,7 +2146,7 @@ int x509parse_public_keyfile_rsa( rsa_context *rsa, const char *path ) pk_init( &pk ); - ret = x509parse_public_keyfile( &pk, path ); + ret = pk_parse_public_keyfile( &pk, path ); if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) ret = POLARSSL_ERR_PK_TYPE_MISMATCH; @@ -2426,599 +2163,6 @@ int x509parse_public_keyfile_rsa( rsa_context *rsa, const char *path ) #endif /* POLARSSL_RSA_C */ #endif /* POLARSSL_FS_IO */ -#if defined(POLARSSL_RSA_C) -/* - * Parse a PKCS#1 encoded private RSA key - */ -static int x509parse_key_pkcs1_der( rsa_context *rsa, - const unsigned char *key, - size_t keylen ) -{ - int ret; - size_t len; - unsigned char *p, *end; - - p = (unsigned char *) key; - end = p + keylen; - - /* - * This function parses the RSAPrivateKey (PKCS#1) - * - * RSAPrivateKey ::= SEQUENCE { - * version Version, - * modulus INTEGER, -- n - * publicExponent INTEGER, -- e - * privateExponent INTEGER, -- d - * prime1 INTEGER, -- p - * prime2 INTEGER, -- q - * exponent1 INTEGER, -- d mod (p-1) - * exponent2 INTEGER, -- d mod (q-1) - * coefficient INTEGER, -- (inverse of q) mod p - * otherPrimeInfos OtherPrimeInfos OPTIONAL - * } - */ - if( ( ret = asn1_get_tag( &p, end, &len, - ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) - { - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - } - - end = p + len; - - if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) - { - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - } - - if( rsa->ver != 0 ) - { - return( POLARSSL_ERR_X509_KEY_INVALID_VERSION ); - } - - if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || - ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || - ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || - ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || - ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || - ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || - ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || - ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) - { - rsa_free( rsa ); - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - } - - rsa->len = mpi_size( &rsa->N ); - - if( p != end ) - { - rsa_free( rsa ); - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); - } - - if( ( ret = rsa_check_privkey( rsa ) ) != 0 ) - { - rsa_free( rsa ); - return( ret ); - } - - return( 0 ); -} -#endif /* POLARSSL_RSA_C */ - -#if defined(POLARSSL_ECP_C) -/* - * Parse a SEC1 encoded private EC key - */ -static int x509parse_key_sec1_der( ecp_keypair *eck, - const unsigned char *key, - size_t keylen ) -{ - int ret; - int version; - size_t len; - x509_buf params; - unsigned char *p = (unsigned char *) key; - unsigned char *end = p + keylen; - unsigned char *end2; - - /* - * RFC 5915, or SEC1 Appendix C.4 - * - * ECPrivateKey ::= SEQUENCE { - * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), - * privateKey OCTET STRING, - * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, - * publicKey [1] BIT STRING OPTIONAL - * } - */ - if( ( ret = asn1_get_tag( &p, end, &len, - ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) - { - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - } - - end = p + len; - - if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - - if( version != 1 ) - return( POLARSSL_ERR_X509_KEY_INVALID_VERSION ); - - if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - - if( ( ret = mpi_read_binary( &eck->d, p, len ) ) != 0 ) - { - ecp_keypair_free( eck ); - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - } - - p += len; - - /* - * Is 'parameters' present? - */ - if( ( ret = asn1_get_tag( &p, end, &len, - ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 ) - { - if( ( ret = x509_get_ecparams( &p, p + len, ¶ms) ) != 0 || - ( ret = x509_use_ecparams( ¶ms, &eck->grp ) ) != 0 ) - { - ecp_keypair_free( eck ); - return( ret ); - } - } - else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) - { - ecp_keypair_free( eck ); - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - } - - /* - * Is 'publickey' present? - */ - if( ( ret = asn1_get_tag( &p, end, &len, - ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 ) - { - end2 = p + len; - - if( ( ret = asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - - if( p + len != end2 ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); - - if( ( ret = x509_get_ecpubkey( &p, end2, eck ) ) != 0 ) - return( ret ); - } - else if ( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG ) - { - ecp_keypair_free( eck ); - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - } - - if( ( ret = ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 ) - { - ecp_keypair_free( eck ); - return( ret ); - } - - return 0; -} -#endif /* POLARSSL_ECP_C */ - -/* - * Parse an unencrypted PKCS#8 encoded private key - */ -static int x509parse_key_pkcs8_unencrypted_der( - pk_context *pk, - const unsigned char* key, - size_t keylen ) -{ - int ret, version; - size_t len; - x509_buf params; - unsigned char *p = (unsigned char *) key; - unsigned char *end = p + keylen; - pk_type_t pk_alg = POLARSSL_PK_NONE; - const pk_info_t *pk_info; - - /* - * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208) - * - * PrivateKeyInfo ::= SEQUENCE { - * version Version, - * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, - * privateKey PrivateKey, - * attributes [0] IMPLICIT Attributes OPTIONAL } - * - * Version ::= INTEGER - * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier - * PrivateKey ::= OCTET STRING - * - * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey - */ - - if( ( ret = asn1_get_tag( &p, end, &len, - ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) - { - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - } - - end = p + len; - - if( ( ret = asn1_get_int( &p, end, &version ) ) != 0 ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - - if( version != 0 ) - return( POLARSSL_ERR_X509_KEY_INVALID_VERSION + ret ); - - if( ( ret = x509_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - - if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - - if( len < 1 ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + - POLARSSL_ERR_ASN1_OUT_OF_DATA ); - - if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL ) - return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); - - if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ) - return( ret ); - -#if defined(POLARSSL_RSA_C) - if( pk_alg == POLARSSL_PK_RSA ) - { - if( ( ret = x509parse_key_pkcs1_der( pk_rsa( *pk ), p, len ) ) != 0 ) - { - pk_free( pk ); - return( ret ); - } - } else -#endif /* POLARSSL_RSA_C */ -#if defined(POLARSSL_ECP_C) - if( pk_alg == POLARSSL_PK_ECKEY || pk_alg == POLARSSL_PK_ECKEY_DH ) - { - if( ( ret = x509_use_ecparams( ¶ms, &pk_ec( *pk )->grp ) ) != 0 || - ( ret = x509parse_key_sec1_der( pk_ec( *pk ), p, len ) ) != 0 ) - { - pk_free( pk ); - return( ret ); - } - } else -#endif /* POLARSSL_ECP_C */ - return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); - - return 0; -} - -/* - * Parse an encrypted PKCS#8 encoded private key - */ -static int x509parse_key_pkcs8_encrypted_der( - pk_context *pk, - const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ) -{ - int ret; - size_t len; - unsigned char buf[2048]; - unsigned char *p, *end; - x509_buf pbe_alg_oid, pbe_params; -#if defined(POLARSSL_PKCS12_C) - cipher_type_t cipher_alg; - md_type_t md_alg; -#endif - - memset( buf, 0, sizeof( buf ) ); - - p = (unsigned char *) key; - end = p + keylen; - - if( pwdlen == 0 ) - return( POLARSSL_ERR_X509_PASSWORD_REQUIRED ); - - /* - * This function parses the EncryptedPrivatKeyInfo object (PKCS#8) - * - * EncryptedPrivateKeyInfo ::= SEQUENCE { - * encryptionAlgorithm EncryptionAlgorithmIdentifier, - * encryptedData EncryptedData - * } - * - * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier - * - * EncryptedData ::= OCTET STRING - * - * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo - */ - if( ( ret = asn1_get_tag( &p, end, &len, - ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) - { - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - } - - end = p + len; - - if( ( ret = asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - - if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ) - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); - - if( len > sizeof( buf ) ) - return( POLARSSL_ERR_X509_INVALID_INPUT ); - - /* - * Decrypt EncryptedData with appropriate PDE - */ -#if defined(POLARSSL_PKCS12_C) - if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) - { - if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT, - cipher_alg, md_alg, - pwd, pwdlen, p, len, buf ) ) != 0 ) - { - if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH ) - return( POLARSSL_ERR_X509_PASSWORD_MISMATCH ); - - return( ret ); - } - } - else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) ) - { - if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params, - PKCS12_PBE_DECRYPT, - pwd, pwdlen, - p, len, buf ) ) != 0 ) - { - return( ret ); - } - - // Best guess for password mismatch when using RC4. If first tag is - // not ASN1_CONSTRUCTED | ASN1_SEQUENCE - // - if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) - return( POLARSSL_ERR_X509_PASSWORD_MISMATCH ); - } - else -#endif /* POLARSSL_PKCS12_C */ -#if defined(POLARSSL_PKCS5_C) - if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) ) - { - if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen, - p, len, buf ) ) != 0 ) - { - if( ret == POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH ) - return( POLARSSL_ERR_X509_PASSWORD_MISMATCH ); - - return( ret ); - } - } - else -#endif /* POLARSSL_PKCS5_C */ - return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); - - return( x509parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); -} - -/* - * Parse a private key - */ -int x509parse_key( pk_context *pk, - const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ) -{ - int ret; - const pk_info_t *pk_info; - -#if defined(POLARSSL_PEM_C) - size_t len; - pem_context pem; - - pem_init( &pem ); - -#if defined(POLARSSL_RSA_C) - ret = pem_read_buffer( &pem, - "-----BEGIN RSA PRIVATE KEY-----", - "-----END RSA PRIVATE KEY-----", - key, pwd, pwdlen, &len ); - if( ret == 0 ) - { - if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL ) - return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); - - if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || - ( ret = x509parse_key_pkcs1_der( pk_rsa( *pk ), - pem.buf, pem.buflen ) ) != 0 ) - { - pk_free( pk ); - } - - pem_free( &pem ); - return( ret ); - } - else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH ) - return( POLARSSL_ERR_X509_PASSWORD_MISMATCH ); - else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED ) - return( POLARSSL_ERR_X509_PASSWORD_REQUIRED ); - else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); -#endif /* POLARSSL_RSA_C */ - -#if defined(POLARSSL_ECP_C) - ret = pem_read_buffer( &pem, - "-----BEGIN EC PRIVATE KEY-----", - "-----END EC PRIVATE KEY-----", - key, pwd, pwdlen, &len ); - if( ret == 0 ) - { - if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL ) - return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); - - if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || - ( ret = x509parse_key_sec1_der( pk_ec( *pk ), - pem.buf, pem.buflen ) ) != 0 ) - { - pk_free( pk ); - } - - pem_free( &pem ); - return( ret ); - } - else if( ret == POLARSSL_ERR_PEM_PASSWORD_MISMATCH ) - return( POLARSSL_ERR_X509_PASSWORD_MISMATCH ); - else if( ret == POLARSSL_ERR_PEM_PASSWORD_REQUIRED ) - return( POLARSSL_ERR_X509_PASSWORD_REQUIRED ); - else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); -#endif /* POLARSSL_ECP_C */ - - ret = pem_read_buffer( &pem, - "-----BEGIN PRIVATE KEY-----", - "-----END PRIVATE KEY-----", - key, NULL, 0, &len ); - if( ret == 0 ) - { - if( ( ret = x509parse_key_pkcs8_unencrypted_der( pk, - pem.buf, pem.buflen ) ) != 0 ) - { - pk_free( pk ); - } - - pem_free( &pem ); - return( ret ); - } - else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); - - ret = pem_read_buffer( &pem, - "-----BEGIN ENCRYPTED PRIVATE KEY-----", - "-----END ENCRYPTED PRIVATE KEY-----", - key, NULL, 0, &len ); - if( ret == 0 ) - { - if( ( ret = x509parse_key_pkcs8_encrypted_der( pk, - pem.buf, pem.buflen, - pwd, pwdlen ) ) != 0 ) - { - pk_free( pk ); - } - - pem_free( &pem ); - return( ret ); - } - else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - return( ret ); -#else - ((void) pwd); - ((void) pwdlen); -#endif /* POLARSSL_PEM_C */ - - /* - * At this point we only know it's not a PEM formatted key. Could be any - * of the known DER encoded private key formats - * - * We try the different DER format parsers to see if one passes without - * error - */ - if( ( ret = x509parse_key_pkcs8_encrypted_der( pk, key, keylen, - pwd, pwdlen ) ) == 0 ) - { - return( 0 ); - } - - pk_free( pk ); - - if( ret == POLARSSL_ERR_X509_PASSWORD_MISMATCH ) - { - return( ret ); - } - - if( ( ret = x509parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) - return( 0 ); - - pk_free( pk ); - -#if defined(POLARSSL_RSA_C) - if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL ) - return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); - - if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || - ( ret = x509parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) == 0 ) - { - return( 0 ); - } - - pk_free( pk ); -#endif /* POLARSSL_RSA_C */ - -#if defined(POLARSSL_ECP_C) - if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL ) - return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG ); - - if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 || - ( ret = x509parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) == 0 ) - { - return( 0 ); - } - - pk_free( pk ); -#endif /* POLARSSL_ECP_C */ - - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT ); -} - -/* - * Parse a public key - */ -int x509parse_public_key( pk_context *ctx, - const unsigned char *key, size_t keylen ) -{ - int ret; - unsigned char *p; -#if defined(POLARSSL_PEM_C) - size_t len; - pem_context pem; - - pem_init( &pem ); - ret = pem_read_buffer( &pem, - "-----BEGIN PUBLIC KEY-----", - "-----END PUBLIC KEY-----", - key, NULL, 0, &len ); - - if( ret == 0 ) - { - /* - * Was PEM encoded - */ - key = pem.buf; - keylen = pem.buflen; - } - else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) - { - pem_free( &pem ); - return( ret ); - } -#endif - p = (unsigned char *) key; - - ret = x509_get_pubkey( &p, p + keylen, ctx ); - -#if defined(POLARSSL_PEM_C) - pem_free( &pem ); -#endif - - return( ret ); -} - #if defined(POLARSSL_RSA_C) /* * Parse a private RSA key @@ -3032,7 +2176,7 @@ int x509parse_key_rsa( rsa_context *rsa, pk_init( &pk ); - ret = x509parse_key( &pk, key, keylen, pwd, pwdlen ); + ret = pk_parse_key( &pk, key, keylen, pwd, pwdlen ); if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) ret = POLARSSL_ERR_PK_TYPE_MISMATCH; @@ -3058,7 +2202,7 @@ int x509parse_public_key_rsa( rsa_context *rsa, pk_init( &pk ); - ret = x509parse_public_key( &pk, key, keylen ); + ret = pk_parse_public_key( &pk, key, keylen ); if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) ) ret = POLARSSL_ERR_PK_TYPE_MISMATCH; @@ -3126,7 +2270,7 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen #if defined(POLARSSL_PEM_C) pem_free( &pem ); #endif - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); + return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret ); } end = p + len; @@ -3138,7 +2282,7 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen pem_free( &pem ); #endif dhm_free( dhm ); - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + ret ); + return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + ret ); } if( p != end ) @@ -3147,7 +2291,7 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen pem_free( &pem ); #endif dhm_free( dhm ); - return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT + + return( POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); } @@ -4311,11 +3455,11 @@ int x509_self_test( int verbose ) pk_init( &pkey ); - if( ( ret = x509parse_key( &pkey, - (const unsigned char *) test_ca_key, - strlen( test_ca_key ), - (const unsigned char *) test_ca_pwd, - strlen( test_ca_pwd ) ) ) != 0 ) + if( ( ret = pk_parse_key( &pkey, + (const unsigned char *) test_ca_key, + strlen( test_ca_key ), + (const unsigned char *) test_ca_pwd, + strlen( test_ca_pwd ) ) ) != 0 ) { if( verbose != 0 ) printf( "failed\n" ); diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 371b03a53..c78f99073 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -250,11 +250,11 @@ int main( int argc, char *argv[] ) printf( "\n . Loading the private key ..." ); fflush( stdout ); - ret = x509parse_keyfile( &key, opt.filename, NULL ); + ret = pk_parse_keyfile( &key, opt.filename, NULL ); if( ret != 0 ) { - printf( " failed\n ! x509parse_key returned %d", ret ); + printf( " failed\n ! pk_parse_key returned %d", ret ); goto exit; } @@ -291,11 +291,11 @@ int main( int argc, char *argv[] ) printf( "\n . Loading the public key ..." ); fflush( stdout ); - ret = x509parse_public_keyfile( &key, opt.filename ); + ret = pk_parse_public_keyfile( &key, opt.filename ); if( ret != 0 ) { - printf( " failed\n ! x509parse_public_key returned %d", ret ); + printf( " failed\n ! pk_parse_public_key returned %d", ret ); goto exit; } diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index f9989ffe4..7d25de6d9 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -626,11 +626,11 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_FS_IO) if( strlen( opt.key_file ) ) - ret = x509parse_keyfile( &pkey, opt.key_file, "" ); + ret = pk_parse_keyfile( &pkey, opt.key_file, "" ); else #endif #if defined(POLARSSL_CERTS_C) - ret = x509parse_key( &pkey, (const unsigned char *) test_cli_key, + ret = pk_parse_key( &pkey, (const unsigned char *) test_cli_key, strlen( test_cli_key ), NULL, 0 ); #else { @@ -640,7 +640,7 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - printf( " failed\n ! x509parse_key returned -0x%x\n\n", -ret ); + printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret ); goto exit; } diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 98a518c14..b37ddb019 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -158,11 +158,11 @@ int main( int argc, char *argv[] ) } pk_init( &pkey ); - ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key, + ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key, strlen( test_srv_key ), NULL, 0 ); if( ret != 0 ) { - printf( " failed\n ! x509parse_key returned %d\n\n", ret ); + printf( " failed\n ! pk_parse_key returned %d\n\n", ret ); goto exit; } diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index cbd1a00f3..d0fed72b8 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -532,11 +532,11 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_FS_IO) if( strlen( opt.key_file ) ) - ret = x509parse_keyfile( &pkey, opt.key_file, "" ); + ret = pk_parse_keyfile( &pkey, opt.key_file, "" ); else #endif #if defined(POLARSSL_CERTS_C) - ret = x509parse_key( &pkey, (const unsigned char *) test_cli_key, + ret = pk_parse_key( &pkey, (const unsigned char *) test_cli_key, strlen( test_cli_key ), NULL, 0 ); #else { @@ -546,7 +546,7 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - printf( " failed\n ! x509parse_key returned %d\n\n", ret ); + printf( " failed\n ! pk_parse_key returned %d\n\n", ret ); goto exit; } diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 801c0c6dc..869c871d7 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -136,11 +136,11 @@ int main( int argc, char *argv[] ) } pk_init( &pkey ); - ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key, - strlen( test_srv_key ), NULL, 0 ); + ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key, + strlen( test_srv_key ), NULL, 0 ); if( ret != 0 ) { - printf( " failed\n ! x509parse_key returned %d\n\n", ret ); + printf( " failed\n ! pk_parse_key returned %d\n\n", ret ); goto exit; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 8d2a8b33e..7e3ced6c0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -575,11 +575,11 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_FS_IO) if( strlen( opt.key_file ) ) - ret = x509parse_keyfile( &pkey, opt.key_file, "" ); + ret = pk_parse_keyfile( &pkey, opt.key_file, "" ); else #endif #if defined(POLARSSL_CERTS_C) - ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key, + ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key, strlen( test_srv_key ), NULL, 0 ); #else { @@ -589,7 +589,7 @@ int main( int argc, char *argv[] ) #endif if( ret != 0 ) { - printf( " failed\n ! x509parse_key returned -0x%x\n\n", -ret ); + printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret ); goto exit; } diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c index 797226bb1..d9f4e2d51 100644 --- a/programs/test/ssl_test.c +++ b/programs/test/ssl_test.c @@ -229,11 +229,11 @@ static int ssl_test( struct options *opt ) goto exit; } - ret = x509parse_key( &pkey, (const unsigned char *) test_srv_key, - strlen( test_srv_key ), NULL, 0 ); + ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key, + strlen( test_srv_key ), NULL, 0 ); if( ret != 0 ) { - printf( " ! x509parse_key returned %d\n\n", ret ); + printf( " ! pk_parse_key returned %d\n\n", ret ); goto exit; } #endif diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index c0c014fe3..f4b139e3b 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -292,11 +292,11 @@ int main( int argc, char *argv[] ) printf( " . Loading the private key ..." ); fflush( stdout ); - ret = x509parse_keyfile( &key, opt.filename, NULL ); + ret = pk_parse_keyfile( &key, opt.filename, NULL ); if( ret != 0 ) { - printf( " failed\n ! x509parse_keyfile returned %d", ret ); + printf( " failed\n ! pk_parse_keyfile returned %d", ret ); goto exit; } diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 37cea589e..0b52bb186 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -458,12 +458,12 @@ int main( int argc, char *argv[] ) printf( " . Loading the subject key ..." ); fflush( stdout ); - ret = x509parse_keyfile( &loaded_subject_key, opt.subject_key, + ret = pk_parse_keyfile( &loaded_subject_key, opt.subject_key, opt.subject_pwd ); if( ret != 0 ) { error_strerror( ret, buf, 1024 ); - printf( " failed\n ! x509parse_keyfile returned -0x%02x - %s\n\n", -ret, buf ); + printf( " failed\n ! pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -473,12 +473,12 @@ int main( int argc, char *argv[] ) printf( " . Loading the issuer key ..." ); fflush( stdout ); - ret = x509parse_keyfile( &loaded_issuer_key, opt.issuer_key, - opt.issuer_pwd ); + ret = pk_parse_keyfile( &loaded_issuer_key, opt.issuer_key, + opt.issuer_pwd ); if( ret != 0 ) { error_strerror( ret, buf, 1024 ); - printf( " failed\n ! x509parse_keyfile returned -x%02x - %s\n\n", -ret, buf ); + printf( " failed\n ! pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf ); goto exit; } diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 20f3c8d94..706a3a13e 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -68,6 +68,7 @@ add_test_suite(mpi) add_test_suite(pbkdf2) add_test_suite(pkcs1_v21) add_test_suite(pkcs5) +add_test_suite(pkparse) add_test_suite(shax) add_test_suite(rsa) add_test_suite(version) diff --git a/tests/Makefile b/tests/Makefile index 4d2bcba61..b68bb8a5c 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -47,6 +47,7 @@ APPS = test_suite_aes.ecb test_suite_aes.cbc \ test_suite_md test_suite_mdx \ test_suite_mpi test_suite_pbkdf2 \ test_suite_pkcs1_v21 test_suite_pkcs5 \ + test_suite_pkparse \ test_suite_rsa test_suite_shax \ test_suite_x509parse test_suite_x509write \ test_suite_xtea test_suite_version @@ -275,6 +276,10 @@ test_suite_pkcs5: test_suite_pkcs5.c ../library/libpolarssl.a echo " CC $@.c" $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@ +test_suite_pkparse: test_suite_pkparse.c ../library/libpolarssl.a + echo " CC $@.c" + $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@ + test_suite_rsa: test_suite_rsa.c ../library/libpolarssl.a echo " CC $@.c" $(CC) $(CFLAGS) $(OFLAGS) $@.c $(LDFLAGS) -o $@ diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data new file mode 100644 index 000000000..3d2e01b7b --- /dev/null +++ b/tests/suites/test_suite_pkparse.data @@ -0,0 +1,196 @@ +Parse RSA Key #1 (No password when required) +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/test-ca.key":"NULL":POLARSSL_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #2 (Correct password) +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 + +Parse RSA Key #3 (Wrong password) +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #4 (DES Encrypted) +depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/keyfile.des":"testkey":0 + +Parse RSA Key #5 (3DES Encrypted) +depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/keyfile.3des":"testkey":0 + +Parse RSA Key #6 (AES-128 Encrypted) +depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/keyfile.aes128":"testkey":0 + +Parse RSA Key #7 (AES-192 Encrypted) +depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/keyfile.aes192":"testkey":0 + +Parse RSA Key #8 (AES-256 Encrypted) +depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/keyfile.aes256":"testkey":0 + +Parse RSA Key #9 (PKCS#8 wrapped) +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO +pk_parse_keyfile_rsa:"data_files/format_gen.key":"":0 + +Parse RSA Key #10 (PKCS#8 encrypted SHA1-3DES) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTest":0 + +Parse RSA Key #10.1 (PKCS#8 encrypted SHA1-3DES, wrong PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTes":POLARSSL_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #10.2 (PKCS#8 encrypted SHA1-3DES, no PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"":POLARSSL_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #11 (PKCS#8 encrypted SHA1-3DES DER) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.der":"PolarSSLTest":0 + +Parse RSA Key #12 (PKCS#8 encrypted SHA1-2DES) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSSLTest":0 + +Parse RSA Key #12.1 (PKCS#8 encrypted SHA1-2DES, wrong PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSLTest":POLARSSL_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #12.2 (PKCS#8 encrypted SHA1-2DES, no PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"":POLARSSL_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #13 (PKCS#8 encrypted SHA1-RC4-128) +depends_on:POLARSSL_ARC4_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTest":0 + +Parse RSA Key #13.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW) +depends_on:POLARSSL_ARC4_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTe":POLARSSL_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #13.2 (PKCS#8 encrypted SHA1-RC4-128, no PW) +depends_on:POLARSSL_ARC4_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"":POLARSSL_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #14 (PKCS#8 encrypted v2 PBDFK2 3DES) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTest":0 + +Parse RSA Key #15 (PKCS#8 encrypted v2 PBDFK2 3DES, wrong PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTes":POLARSSL_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #16 (PKCS#8 encrypted v2 PBDFK2 3DES, no PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"":POLARSSL_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #17 (PKCS#8 encrypted v2 PBDFK2 3DES DER) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTest":0 + +Parse RSA Key #18 (PKCS#8 encrypted v2 PBDFK2 3DES DER, wrong PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTes":POLARSSL_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #19 (PKCS#8 encrypted v2 PBDFK2 3DES DER, no PW) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #20 (PKCS#8 encrypted v2 PBDFK2 DES) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTest":0 + +Parse Public RSA Key #1 (PKCS#8 wrapped) +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO +pk_parse_public_keyfile_rsa:"data_files/format_gen.pub":0 + +Parse Public EC Key #1 (RFC 5480, DER) +depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_FS_IO +pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0 + +Parse Public EC Key #2 (RFC 5480, PEM) +depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_FS_IO +pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0 + +Parse Public EC Key #3 (RFC 5480, secp224r1) +depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP224R1_ENABLED:POLARSSL_FS_IO +pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0 + +Parse Public EC Key #4 (RFC 5480, secp256r1) +depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_FS_IO +pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0 + +Parse Public EC Key #5 (RFC 5480, secp384r1) +depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_FS_IO +pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0 + +Parse Public EC Key #6 (RFC 5480, secp521r1) +depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_FS_IO +pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0 + +Parse EC Key #1 (SEC1 DER) +depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0 + +Parse EC Key #2 (SEC1 PEM) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0 + +Parse EC Key #3 (SEC1 PEM encrypted) +depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_CIPHER_MODE_CBC +pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 + +Parse EC Key #4 (PKCS8 DER) +depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 + +Parse EC Key #5 (PKCS8 PEM) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0 + +Parse EC Key #6 (PKCS8 encrypted DER) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0 + +Parse EC Key #7 (PKCS8 encrypted PEM) +depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0 + +Parse EC Key #8 (SEC1 PEM, secp224r1) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP224R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 + +Parse EC Key #9 (SEC1 PEM, secp256r1) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0 + +Parse EC Key #10 (SEC1 PEM, secp384r1) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0 + +Parse EC Key #11 (SEC1 PEM, secp521r1) +depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP521R1_ENABLED +pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0 + +Key ASN1 (Incorrect first tag) +pk_parse_key_rsa:"":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + +Key ASN1 (RSAPrivateKey, incorrect version tag) +pk_parse_key_rsa:"300100":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + +Key ASN1 (RSAPrivateKey, version tag missing) +pk_parse_key_rsa:"3000":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + +Key ASN1 (RSAPrivateKey, invalid version) +pk_parse_key_rsa:"3003020101":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + +Key ASN1 (RSAPrivateKey, correct version, incorrect tag) +pk_parse_key_rsa:"300402010000":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + +Key ASN1 (RSAPrivateKey, values present, length mismatch) +pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + +Key ASN1 (RSAPrivateKey, values present, check_privkey fails) +pk_parse_key_rsa:"301b020100020101020101020101020101020101020101020101020101":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function new file mode 100644 index 000000000..b1470c725 --- /dev/null +++ b/tests/suites/test_suite_pkparse.function @@ -0,0 +1,136 @@ +/* BEGIN_HEADER */ +#include +#include +#include +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:POLARSSL_PK_C:POLARSSL_BIGNUM_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:POLARSSL_RSA_C */ +void pk_parse_keyfile_rsa( char *key_file, char *password, int result ) +{ + pk_context ctx; + int res; + char *pwd = password; + + pk_init( &ctx ); + + if( strcmp( pwd, "NULL" ) == 0 ) + pwd = NULL; + + res = pk_parse_keyfile( &ctx, key_file, pwd ); + + TEST_ASSERT( res == result ); + + if( res == 0 ) + { + rsa_context *rsa; + TEST_ASSERT( pk_can_do( &ctx, POLARSSL_PK_RSA ) ); + rsa = pk_rsa( ctx ); + TEST_ASSERT( rsa_check_privkey( rsa ) == 0 ); + } + + pk_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:POLARSSL_RSA_C */ +void pk_parse_public_keyfile_rsa( char *key_file, int result ) +{ + pk_context ctx; + int res; + + pk_init( &ctx ); + + res = pk_parse_public_keyfile( &ctx, key_file ); + + TEST_ASSERT( res == result ); + + if( res == 0 ) + { + rsa_context *rsa; + TEST_ASSERT( pk_can_do( &ctx, POLARSSL_PK_RSA ) ); + rsa = pk_rsa( ctx ); + TEST_ASSERT( rsa_check_pubkey( rsa ) == 0 ); + } + + pk_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pk_parse_public_keyfile_ec( char *key_file, int result ) +{ + pk_context ctx; + int res; + + pk_init( &ctx ); + + res = pk_parse_public_keyfile( &ctx, key_file ); + + TEST_ASSERT( res == result ); + + if( res == 0 ) + { + ecp_keypair *eckey; + TEST_ASSERT( pk_can_do( &ctx, POLARSSL_PK_ECKEY ) ); + eckey = pk_ec( ctx ); + TEST_ASSERT( ecp_check_pubkey( &eckey->grp, &eckey->Q ) == 0 ); + } + + pk_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pk_parse_keyfile_ec( char *key_file, char *password, int result ) +{ + pk_context ctx; + int res; + + pk_init( &ctx ); + + res = pk_parse_keyfile( &ctx, key_file, password ); + + TEST_ASSERT( res == result ); + + if( res == 0 ) + { + ecp_keypair *eckey; + TEST_ASSERT( pk_can_do( &ctx, POLARSSL_PK_ECKEY ) ); + eckey = pk_ec( ctx ); + TEST_ASSERT( ecp_check_privkey( &eckey->grp, &eckey->d ) == 0 ); + } + + pk_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:POLARSSL_RSA_C */ +void pk_parse_key_rsa( char *key_data, char *result_str, int result ) +{ + pk_context pk; + unsigned char buf[2000]; + unsigned char output[2000]; + int data_len; + ((void) result_str); + + pk_init( &pk ); + + memset( buf, 0, 2000 ); + memset( output, 0, 2000 ); + + data_len = unhexify( buf, key_data ); + + TEST_ASSERT( pk_parse_key( &pk, buf, data_len, NULL, 0 ) == ( result ) ); + if( ( result ) == 0 ) + { + TEST_ASSERT( 1 ); + } + + pk_free( &pk ); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 0ac7e09a3..86ee31145 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -126,182 +126,6 @@ X509 CRL Information EC, SHA512 Digest depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:07\:01\nnext update \: 2023-08-07 08\:07\:01\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA512\n" -X509 Parse RSA Key #1 (No password when required) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/test-ca.key":"NULL":POLARSSL_ERR_X509_PASSWORD_REQUIRED - -X509 Parse RSA Key #2 (Correct password) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0 - -X509 Parse RSA Key #3 (Wrong password) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_X509_PASSWORD_MISMATCH - -X509 Parse RSA Key #4 (DES Encrypted) -depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/keyfile.des":"testkey":0 - -X509 Parse RSA Key #5 (3DES Encrypted) -depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/keyfile.3des":"testkey":0 - -X509 Parse RSA Key #6 (AES-128 Encrypted) -depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/keyfile.aes128":"testkey":0 - -X509 Parse RSA Key #7 (AES-192 Encrypted) -depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/keyfile.aes192":"testkey":0 - -X509 Parse RSA Key #8 (AES-256 Encrypted) -depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/keyfile.aes256":"testkey":0 - -X509 Parse RSA Key #9 (PKCS#8 wrapped) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO -x509parse_keyfile_rsa:"data_files/format_gen.key":"":0 - -X509 Parse RSA Key #10 (PKCS#8 encrypted SHA1-3DES) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTest":0 - -X509 Parse RSA Key #10.1 (PKCS#8 encrypted SHA1-3DES, wrong PW) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTes":POLARSSL_ERR_X509_PASSWORD_MISMATCH - -X509 Parse RSA Key #10.2 (PKCS#8 encrypted SHA1-3DES, no PW) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C -x509parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"":POLARSSL_ERR_X509_PASSWORD_REQUIRED - -X509 Parse RSA Key #11 (PKCS#8 encrypted SHA1-3DES DER) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.der":"PolarSSLTest":0 - -X509 Parse RSA Key #12 (PKCS#8 encrypted SHA1-2DES) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSSLTest":0 - -X509 Parse RSA Key #12.1 (PKCS#8 encrypted SHA1-2DES, wrong PW) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSLTest":POLARSSL_ERR_X509_PASSWORD_MISMATCH - -X509 Parse RSA Key #12.2 (PKCS#8 encrypted SHA1-2DES, no PW) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C -x509parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"":POLARSSL_ERR_X509_PASSWORD_REQUIRED - -X509 Parse RSA Key #13 (PKCS#8 encrypted SHA1-RC4-128) -depends_on:POLARSSL_ARC4_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C -x509parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTest":0 - -X509 Parse RSA Key #13.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW) -depends_on:POLARSSL_ARC4_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C -x509parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTe":POLARSSL_ERR_X509_PASSWORD_MISMATCH - -X509 Parse RSA Key #13.2 (PKCS#8 encrypted SHA1-RC4-128, no PW) -depends_on:POLARSSL_ARC4_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS12_C -x509parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"":POLARSSL_ERR_X509_PASSWORD_REQUIRED - -X509 Parse RSA Key #14 (PKCS#8 encrypted v2 PBDFK2 3DES) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTest":0 - -X509 Parse RSA Key #15 (PKCS#8 encrypted v2 PBDFK2 3DES, wrong PW) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTes":POLARSSL_ERR_X509_PASSWORD_MISMATCH - -X509 Parse RSA Key #16 (PKCS#8 encrypted v2 PBDFK2 3DES, no PW) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C -x509parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"":POLARSSL_ERR_X509_PASSWORD_REQUIRED - -X509 Parse RSA Key #17 (PKCS#8 encrypted v2 PBDFK2 3DES DER) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTest":0 - -X509 Parse RSA Key #18 (PKCS#8 encrypted v2 PBDFK2 3DES DER, wrong PW) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTes":POLARSSL_ERR_X509_PASSWORD_MISMATCH - -X509 Parse RSA Key #19 (PKCS#8 encrypted v2 PBDFK2 3DES DER, no PW) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C -x509parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT - -X509 Parse RSA Key #20 (PKCS#8 encrypted v2 PBDFK2 DES) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_PKCS5_C:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTest":0 - -X509 Parse Public RSA Key #1 (PKCS#8 wrapped) -depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO -x509parse_public_keyfile_rsa:"data_files/format_gen.pub":0 - -X509 Parse Public EC Key #1 (RFC 5480, DER) -depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_FS_IO -x509parse_public_keyfile_ec:"data_files/ec_pub.der":0 - -X509 Parse Public EC Key #2 (RFC 5480, PEM) -depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_FS_IO -x509parse_public_keyfile_ec:"data_files/ec_pub.pem":0 - -X509 Parse Public EC Key #3 (RFC 5480, secp224r1) -depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP224R1_ENABLED:POLARSSL_FS_IO -x509parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0 - -X509 Parse Public EC Key #4 (RFC 5480, secp256r1) -depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_FS_IO -x509parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0 - -X509 Parse Public EC Key #5 (RFC 5480, secp384r1) -depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_FS_IO -x509parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0 - -X509 Parse Public EC Key #6 (RFC 5480, secp521r1) -depends_on:POLARSSL_PEM_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP521R1_ENABLED:POLARSSL_FS_IO -x509parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0 - -X509 Parse EC Key #1 (SEC1 DER) -depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED -x509parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0 - -X509 Parse EC Key #2 (SEC1 PEM) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED -x509parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0 - -X509 Parse EC Key #3 (SEC1 PEM encrypted) -depends_on:POLARSSL_DES_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED:POLARSSL_CIPHER_MODE_CBC -x509parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0 - -X509 Parse EC Key #4 (PKCS8 DER) -depends_on:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED -x509parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 - -X509 Parse EC Key #5 (PKCS8 PEM) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED -x509parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0 - -X509 Parse EC Key #6 (PKCS8 encrypted DER) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED -x509parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0 - -X509 Parse EC Key #7 (PKCS8 encrypted PEM) -depends_on:POLARSSL_DES_C:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED -x509parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0 - -X509 Parse EC Key #8 (SEC1 PEM, secp224r1) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP224R1_ENABLED -x509parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 - -X509 Parse EC Key #9 (SEC1 PEM, secp256r1) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED -x509parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0 - -X509 Parse EC Key #10 (SEC1 PEM, secp384r1) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED -x509parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0 - -X509 Parse EC Key #11 (SEC1 PEM, secp521r1) -depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP521R1_ENABLED -x509parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0 - X509 Get Distinguished Name #1 depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C x509_dn_gets:"data_files/server1.crt":"subject":"C=NL, O=PolarSSL, CN=PolarSSL Server 1" @@ -668,38 +492,38 @@ X509 Certificate ASN1 (TBSCertificate, valid validity, no subject) x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo) -x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_X509_CERT_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA +x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, no alg) x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":POLARSSL_ERR_X509_CERT_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg) -x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_X509_UNKNOWN_PK_ALG +x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":POLARSSL_ERR_PK_UNKNOWN_PK_ALG X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring) -x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA +x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":POLARSSL_ERR_PK_INVALID_PUBKEY + POLARSSL_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data) -x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA +x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":POLARSSL_ERR_PK_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start) -x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA +x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":POLARSSL_ERR_PK_INVALID_PUBKEY + POLARSSL_ERR_ASN1_INVALID_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length) depends_on:POLARSSL_RSA_C -x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH +x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":POLARSSL_ERR_PK_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring tag) depends_on:POLARSSL_RSA_C -x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_UNEXPECTED_TAG +x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000":"":POLARSSL_ERR_PK_INVALID_PUBKEY + POLARSSL_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, pubkey, invalid mpi) depends_on:POLARSSL_RSA_C -x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_UNEXPECTED_TAG +x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":POLARSSL_ERR_PK_INVALID_PUBKEY + POLARSSL_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, pubkey, total length mismatch) depends_on:POLARSSL_RSA_C -x509parse_crt:"30753073a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300d06092A864886F70D0101010500030b0030080202ffff0202ffff00":"":POLARSSL_ERR_X509_CERT_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH +x509parse_crt:"30753073a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300d06092A864886F70D0101010500030b0030080202ffff0202ffff00":"":POLARSSL_ERR_PK_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate, pubkey, check failed) depends_on:POLARSSL_RSA_C @@ -894,24 +718,3 @@ x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b060355040 X509 CRL ASN1 (TBSCertList, no entries) x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 - -X509 Key ASN1 (Incorrect first tag) -x509parse_key_rsa:"":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT - -X509 Key ASN1 (RSAPrivateKey, incorrect version tag) -x509parse_key_rsa:"300100":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT - -X509 Key ASN1 (RSAPrivateKey, version tag missing) -x509parse_key_rsa:"3000":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT - -X509 Key ASN1 (RSAPrivateKey, invalid version) -x509parse_key_rsa:"3003020101":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT - -X509 Key ASN1 (RSAPrivateKey, correct version, incorrect tag) -x509parse_key_rsa:"300402010000":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT - -X509 Key ASN1 (RSAPrivateKey, values present, length mismatch) -x509parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT - -X509 Key ASN1 (RSAPrivateKey, values present, check_privkey fails) -x509parse_key_rsa:"301b020100020101020101020101020101020101020101020101020101":"":POLARSSL_ERR_X509_KEY_INVALID_FORMAT diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 26ce8f5f3..c653f2b82 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -165,100 +165,6 @@ void x509_time_expired( char *crt_file, char *entity, int result ) } /* END_CASE */ -/* BEGIN_CASE depends_on:POLARSSL_RSA_C */ -void x509parse_keyfile_rsa( char *key_file, char *password, int result ) -{ - rsa_context rsa; - int res; - char *pwd = password; - - memset( &rsa, 0, sizeof( rsa_context ) ); - - if( strcmp( pwd, "NULL" ) == 0 ) - pwd = NULL; - - res = x509parse_keyfile_rsa( &rsa, key_file, pwd ); - - TEST_ASSERT( res == result ); - - if( res == 0 ) - { - TEST_ASSERT( rsa_check_privkey( &rsa ) == 0 ); - } - - rsa_free( &rsa ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:POLARSSL_RSA_C */ -void x509parse_public_keyfile_rsa( char *key_file, int result ) -{ - rsa_context rsa; - int res; - - memset( &rsa, 0, sizeof( rsa_context ) ); - - res = x509parse_public_keyfile_rsa( &rsa, key_file ); - - TEST_ASSERT( res == result ); - - if( res == 0 ) - { - TEST_ASSERT( rsa_check_pubkey( &rsa ) == 0 ); - } - - rsa_free( &rsa ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void x509parse_public_keyfile_ec( char *key_file, int result ) -{ - pk_context ctx; - int res; - - pk_init( &ctx ); - - res = x509parse_public_keyfile( &ctx, key_file ); - - TEST_ASSERT( res == result ); - - if( res == 0 ) - { - ecp_keypair *eckey; - TEST_ASSERT( pk_can_do( &ctx, POLARSSL_PK_ECKEY ) ); - eckey = pk_ec( ctx ); - TEST_ASSERT( ecp_check_pubkey( &eckey->grp, &eckey->Q ) == 0 ); - } - - pk_free( &ctx ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void x509parse_keyfile_ec( char *key_file, char *password, int result ) -{ - pk_context ctx; - int res; - - pk_init( &ctx ); - - res = x509parse_keyfile( &ctx, key_file, password ); - - TEST_ASSERT( res == result ); - - if( res == 0 ) - { - ecp_keypair *eckey; - TEST_ASSERT( pk_can_do( &ctx, POLARSSL_PK_ECKEY ) ); - eckey = pk_ec( ctx ); - TEST_ASSERT( ecp_check_privkey( &eckey->grp, &eckey->d ) == 0 ); - } - - pk_free( &ctx ); -} -/* END_CASE */ - /* BEGIN_CASE */ void x509parse_crt( char *crt_data, char *result_str, int result ) { @@ -317,31 +223,6 @@ void x509parse_crl( char *crl_data, char *result_str, int result ) } /* END_CASE */ -/* BEGIN_CASE depends_on:POLARSSL_RSA_C */ -void x509parse_key_rsa( char *key_data, char *result_str, int result ) -{ - rsa_context rsa; - unsigned char buf[2000]; - unsigned char output[2000]; - int data_len; - ((void) result_str); - - memset( &rsa, 0, sizeof( rsa_context ) ); - memset( buf, 0, 2000 ); - memset( output, 0, 2000 ); - - data_len = unhexify( buf, key_data ); - - TEST_ASSERT( x509parse_key_rsa( &rsa, buf, data_len, NULL, 0 ) == ( result ) ); - if( ( result ) == 0 ) - { - TEST_ASSERT( 1 ); - } - - rsa_free( &rsa ); -} -/* END_CASE */ - /* BEGIN_CASE */ void x509_selftest() { diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 9352c9ea2..296952745 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -29,7 +29,7 @@ void x509_csr_check( char *key_file, int md_type, memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) ); pk_init( &key ); - TEST_ASSERT( x509parse_keyfile( &key, key_file, NULL ) == 0 ); + TEST_ASSERT( pk_parse_keyfile( &key, key_file, NULL ) == 0 ); x509write_csr_init( &req ); x509write_csr_set_md_alg( &req, md_type ); @@ -83,9 +83,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, pk_init( &subject_key ); pk_init( &issuer_key ); - TEST_ASSERT( x509parse_keyfile( &subject_key, subject_key_file, + TEST_ASSERT( pk_parse_keyfile( &subject_key, subject_key_file, subject_pwd ) == 0 ); - TEST_ASSERT( x509parse_keyfile( &issuer_key, issuer_key_file, + TEST_ASSERT( pk_parse_keyfile( &issuer_key, issuer_key_file, issuer_pwd ) == 0 ); TEST_ASSERT( mpi_read_string( &serial, 10, serial_str ) == 0 ); @@ -141,7 +141,7 @@ void x509_pubkey_check( char *key_file ) memset( check_buf, 0, sizeof( check_buf ) ); pk_init( &key ); - TEST_ASSERT( x509parse_public_keyfile( &key, key_file ) == 0 ); + TEST_ASSERT( pk_parse_public_keyfile( &key, key_file ) == 0 ); ret = x509write_pubkey_pem( &key, buf, sizeof( buf ) - 1); TEST_ASSERT( ret >= 0 ); @@ -170,7 +170,7 @@ void x509_key_check( char *key_file ) memset( check_buf, 0, sizeof( check_buf ) ); pk_init( &key ); - TEST_ASSERT( x509parse_keyfile( &key, key_file, NULL ) == 0 ); + TEST_ASSERT( pk_parse_keyfile( &key, key_file, NULL ) == 0 ); ret = x509write_key_pem( &key, buf, sizeof( buf ) - 1); TEST_ASSERT( ret >= 0 );