diff --git a/ChangeLog b/ChangeLog index cf091008e..721f3f703 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ PolarSSL ChangeLog += Version 0.99-pre2 released on XXXXXX +Features + * Parsing PEM private keys encrypted with DES and AES + are now supported as well (Fixes ticket #5) + +Changes + * Parsing of PEM files moved to separate module (Fixes + ticket #13). Also possible to remove PEM support for + systems only using DER encoding + = Version 0.99-pre1 released on 2011-01-30 Features Note: Most of these features have been donated by Fox-IT diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 1cf5b500c..014bc1491 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -151,6 +151,7 @@ * * Module: library/aes.c * Caller: library/ssl_tls.c + * library/pem.c * * This module enables the following ciphersuites: * SSL_RSA_AES_128_SHA @@ -370,6 +371,18 @@ */ #define POLARSSL_PADLOCK_C +/** + * \def POLARSSL_PEM_C + * + * Enable PEM decoding + * + * Module: library/pem.c + * Caller: library/x509parse.c + * + * This modules adds support for decoding PEM files. + */ +#define POLARSSL_PEM_C + /** * \def POLARSSL_RSA_C * diff --git a/include/polarssl/pem.h b/include/polarssl/pem.h new file mode 100644 index 000000000..dfb2f1ed2 --- /dev/null +++ b/include/polarssl/pem.h @@ -0,0 +1,98 @@ +/** + * \file pem.h + * + * \brief Privacy Enhanced Mail (PEM) decoding + * + * Copyright (C) 2006-2010, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifndef POLARSSL_PEM_H +#define POLARSSL_PEM_H + +/** + * \name PEM Error codes + * These error codes are returned in case of errors reading the + * PEM data. + * \{ + */ +#define POLARSSL_ERR_PEM_NO_HEADER_PRESENT -0x0500 /**< No PEM header found. */ +#define POLARSSL_ERR_PEM_INVALID_DATA -0x0520 /**< PEM string is not as expected. */ +#define POLARSSL_ERR_PEM_MALLOC_FAILED -0x0540 /**< Failed to allocate memory. */ +#define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x0560 /**< RSA IV is not in hex-format. */ +#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG -0x0580 /**< Unsupported key encryption algorithm. */ +#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x05A0 /**< Private key password can't be empty. */ +#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x05C0 /**< Given private key password does not allow for correct decryption. */ +#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x05E0 /**< Unavailable feature, e.g. hashing/encryption combination. */ +/* \} name */ + +/** + * \brief PEM context structure + */ +typedef struct +{ + unsigned char *buf; /*!< buffer for decoded data */ + int buflen; /*!< length of the buffer */ + unsigned char *info; /*!< buffer for extra header information */ +} +pem_context; + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief PEM context setup + * + * \param ctx context to be initialized + */ +void pem_init( pem_context *ctx ); + +/** + * \brief Read a buffer for PEM information and store the resulting + * data into the specified context buffers. + * + * \param ctx context to use + * \param header header string to seek and expect + * \param footer footer string to seek and expect + * \param data source data to look in + * \param pwd password for decryption (can be NULL) + * \param pwdlen length of password + * \param use_len destination for total length used + * + * \return 0 on success, ior a specific PEM error code + */ +int pem_read_buffer( pem_context *ctx, char *header, char *footer, + const unsigned char *data, + const unsigned char *pwd, + int pwdlen, int *use_len ); + +/** + * \brief PEM context memory freeing + * + * \param ctx context to be freed + */ +void pem_free( pem_context *ctx ); + +#ifdef __cplusplus +} +#endif + +#endif /* pem.h */ diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index eda522161..b2ca75e1c 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -69,13 +69,8 @@ #define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 /**< Public key algorithm is unsupported (only RSA is supported). */ #define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */ #define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */ -#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220 /**< PEM key string is not as expected. */ #define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 /**< Unsupported RSA key version */ #define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 /**< Invalid RSA key tag or value. */ -#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 /**< RSA IV is not in hex-format. */ -#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 /**< Unsupported key encryption algorithm. */ -#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 /**< Private key password can't be empty. */ -#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 /**< Given private key password does not allow for correct decryption. */ #define POLARSSL_ERR_X509_POINT_ERROR -0x0300 /**< Not used. */ #define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 /**< Not used. */ /* \} name */ @@ -485,7 +480,7 @@ extern "C" { * \param buf buffer holding the certificate data * \param buflen size of the buffer * - * \return 0 if successful, or a specific X509 error code + * \return 0 if successful, or a specific X509 or PEM error code */ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen ); @@ -497,7 +492,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen ); * \param chain points to the start of the chain * \param path filename to read the certificates from * - * \return 0 if successful, or a specific X509 error code + * \return 0 if successful, or a specific X509 or PEM error code */ int x509parse_crtfile( x509_cert *chain, const char *path ); @@ -510,7 +505,7 @@ int x509parse_crtfile( x509_cert *chain, const char *path ); * \param buf buffer holding the CRL data * \param buflen size of the buffer * - * \return 0 if successful, or a specific X509 error code + * \return 0 if successful, or a specific X509 or PEM error code */ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen ); @@ -522,7 +517,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen ); * \param chain points to the start of the chain * \param path filename to read the CRLs from * - * \return 0 if successful, or a specific X509 error code + * \return 0 if successful, or a specific X509 or PEM error code */ int x509parse_crlfile( x509_crl *chain, const char *path ); @@ -536,7 +531,7 @@ int x509parse_crlfile( x509_crl *chain, const char *path ); * \param pwd password for decryption (optional) * \param pwdlen size of the password * - * \return 0 if successful, or a specific X509 error code + * \return 0 if successful, or a specific X509 or PEM error code */ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen, @@ -550,7 +545,7 @@ int x509parse_key( rsa_context *rsa, * \param path filename to read the private key from * \param password password to decrypt the file (can be NULL) * - * \return 0 if successful, or a specific X509 error code + * \return 0 if successful, or a specific X509 or PEM error code */ int x509parse_keyfile( rsa_context *rsa, const char *path, const char *password ); @@ -563,7 +558,7 @@ int x509parse_keyfile( rsa_context *rsa, const char *path, * \param dhmin input buffer * \param dhminlen size of the buffer * - * \return 0 if successful, or a specific X509 error code + * \return 0 if successful, or a specific X509 or PEM error code */ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen ); @@ -574,7 +569,7 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen ); * \param dhm DHM context to be initialized * \param path filename to read the DHM Parameters from * - * \return 0 if successful, or a specific X509 error code + * \return 0 if successful, or a specific X509 or PEM error code */ int x509parse_dhmfile( dhm_context *dhm, const char *path ); diff --git a/library/pem.c b/library/pem.c new file mode 100644 index 000000000..6117f044e --- /dev/null +++ b/library/pem.c @@ -0,0 +1,350 @@ +/* + * Privacy Enhanced Mail (PEM) decoding + * + * Copyright (C) 2006-2010, Brainspark B.V. + * + * This file is part of PolarSSL (http://www.polarssl.org) + * Lead Maintainer: Paul Bakker + * + * All rights reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "polarssl/config.h" + +#if defined(POLARSSL_PEM_C) + +#include "polarssl/pem.h" +#include "polarssl/base64.h" +#include "polarssl/des.h" +#include "polarssl/aes.h" +#include "polarssl/md5.h" +#include "polarssl/cipher.h" + +#include +#include + +void pem_init( pem_context *ctx ) +{ + memset( ctx, 0, sizeof( pem_context ) ); +} + +#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C)) +/* + * Read a 16-byte hex string and convert it to binary + */ +static int pem_get_iv( const unsigned char *s, unsigned char *iv, int iv_len ) +{ + int i, j, k; + + memset( iv, 0, iv_len ); + + for( i = 0; i < iv_len * 2; i++, s++ ) + { + if( *s >= '0' && *s <= '9' ) j = *s - '0'; else + if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else + if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else + return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); + + k = ( ( i & 1 ) != 0 ) ? j : j << 4; + + iv[i >> 1] = (unsigned char)( iv[i >> 1] | k ); + } + + return( 0 ); +} + +static void pem_pbkdf1( unsigned char *key, int keylen, + unsigned char *iv, + const unsigned char *pwd, int pwdlen ) +{ + md5_context md5_ctx; + unsigned char md5sum[16]; + int use_len; + + /* + * key[ 0..15] = MD5(pwd || IV) + */ + md5_starts( &md5_ctx ); + md5_update( &md5_ctx, pwd, pwdlen ); + md5_update( &md5_ctx, iv, 8 ); + md5_finish( &md5_ctx, md5sum ); + + if( keylen <= 16 ) + { + memcpy( key, md5sum, keylen ); + + memset( &md5_ctx, 0, sizeof( md5_ctx ) ); + memset( md5sum, 0, 16 ); + return; + } + + memcpy( key, md5sum, 16 ); + + /* + * key[16..23] = MD5(key[ 0..15] || pwd || IV]) + */ + md5_starts( &md5_ctx ); + md5_update( &md5_ctx, md5sum, 16 ); + md5_update( &md5_ctx, pwd, pwdlen ); + md5_update( &md5_ctx, iv, 8 ); + md5_finish( &md5_ctx, md5sum ); + + use_len = 16; + if( keylen < 32 ) + use_len = keylen - 16; + + memcpy( key + 16, md5sum, use_len ); + + memset( &md5_ctx, 0, sizeof( md5_ctx ) ); + memset( md5sum, 0, 16 ); +} + +#if defined(POLARSSL_DES_C) +/* + * Decrypt with DES-CBC, using PBKDF1 for key derivation + */ +static void pem_des_decrypt( unsigned char des_iv[8], + unsigned char *buf, int buflen, + const unsigned char *pwd, int pwdlen ) +{ + des_context des_ctx; + unsigned char des_key[8]; + + pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ); + + des_setkey_dec( &des_ctx, des_key ); + des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen, + des_iv, buf, buf ); + + memset( &des_ctx, 0, sizeof( des_ctx ) ); + memset( des_key, 0, 8 ); +} + +/* + * Decrypt with 3DES-CBC, using PBKDF1 for key derivation + */ +static void pem_des3_decrypt( unsigned char des3_iv[8], + unsigned char *buf, int buflen, + const unsigned char *pwd, int pwdlen ) +{ + des3_context des3_ctx; + unsigned char des3_key[24]; + + pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ); + + des3_set3key_dec( &des3_ctx, des3_key ); + des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen, + des3_iv, buf, buf ); + + memset( &des3_ctx, 0, sizeof( des3_ctx ) ); + memset( des3_key, 0, 24 ); +} +#endif /* POLARSSL_DES_C */ + +#if defined(POLARSSL_AES_C) +/* + * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation + */ +static void pem_aes_decrypt( unsigned char aes_iv[16], int keylen, + unsigned char *buf, int buflen, + const unsigned char *pwd, int pwdlen ) +{ + aes_context aes_ctx; + unsigned char aes_key[32]; + + pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ); + + aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ); + aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen, + aes_iv, buf, buf ); + + memset( &aes_ctx, 0, sizeof( aes_ctx ) ); + memset( aes_key, 0, keylen ); +} +#endif /* POLARSSL_AES_C */ + +#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */ + +int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigned char *data, const unsigned char *pwd, int pwdlen, int *use_len ) +{ + int ret, len, enc; + unsigned char *buf; + unsigned char *s1, *s2; +#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C)) + unsigned char pem_iv[16]; + cipher_type_t enc_alg = POLARSSL_CIPHER_NONE; +#else + ((void) pwd); + ((void) pwdlen); +#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */ + + if( ctx == NULL ) + return( POLARSSL_ERR_PEM_INVALID_DATA ); + + s1 = (unsigned char *) strstr( (char *) data, header ); + + if( s1 == NULL ) + return( POLARSSL_ERR_PEM_NO_HEADER_PRESENT ); + + s2 = (unsigned char *) strstr( (char *) data, footer ); + + if( s2 == NULL || s2 <= s1 ) + return( POLARSSL_ERR_PEM_INVALID_DATA ); + + s1 += strlen( header ); + if( *s1 == '\r' ) s1++; + if( *s1 == '\n' ) s1++; + else return( POLARSSL_ERR_PEM_INVALID_DATA ); + + enc = 0; + + if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) + { +#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C)) + enc++; + + s1 += 22; + if( *s1 == '\r' ) s1++; + if( *s1 == '\n' ) s1++; + else return( POLARSSL_ERR_PEM_INVALID_DATA ); + + +#if defined(POLARSSL_DES_C) + if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) + { + enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC; + + s1 += 23; + if( pem_get_iv( s1, pem_iv, 8 ) != 0 ) + return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); + + s1 += 16; + } + else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) + { + enc_alg = POLARSSL_CIPHER_DES_CBC; + + s1 += 18; + if( pem_get_iv( s1, pem_iv, 8) != 0 ) + return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); + + s1 += 16; + } +#endif /* POLARSSL_DES_C */ + +#if defined(POLARSSL_AES_C) + if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) + { + if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 ) + enc_alg = POLARSSL_CIPHER_AES_128_CBC; + else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 ) + enc_alg = POLARSSL_CIPHER_AES_192_CBC; + else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 ) + enc_alg = POLARSSL_CIPHER_AES_256_CBC; + else + return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); + + s1 += 22; + if( pem_get_iv( s1, pem_iv, 16 ) != 0 ) + return( POLARSSL_ERR_PEM_INVALID_ENC_IV ); + + s1 += 32; + } +#endif /* POLARSSL_AES_C */ + + if( enc_alg == POLARSSL_CIPHER_NONE ) + return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG ); + + if( *s1 == '\r' ) s1++; + if( *s1 == '\n' ) s1++; + else return( POLARSSL_ERR_PEM_INVALID_DATA ); +#else + return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE ); +#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */ + } + + len = 0; + ret = base64_decode( NULL, &len, s1, s2 - s1 ); + + if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER ) + return( ret | POLARSSL_ERR_PEM_INVALID_DATA ); + + if( ( buf = (unsigned char *) malloc( len ) ) == NULL ) + return( POLARSSL_ERR_PEM_MALLOC_FAILED ); + + if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 ) + { + free( buf ); + return( ret | POLARSSL_ERR_PEM_INVALID_DATA ); + } + + if( enc != 0 ) + { +#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C)) + if( pwd == NULL ) + { + free( buf ); + return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED ); + } + +#if defined(POLARSSL_DES_C) + if( enc_alg == POLARSSL_CIPHER_DES_EDE3_CBC ) + pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); + else if( enc_alg == POLARSSL_CIPHER_DES_CBC ) + pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); +#endif /* POLARSSL_DES_C */ + +#if defined(POLARSSL_AES_C) + if( enc_alg == POLARSSL_CIPHER_AES_128_CBC ) + pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); + else if( enc_alg == POLARSSL_CIPHER_AES_192_CBC ) + pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); + else if( enc_alg == POLARSSL_CIPHER_AES_256_CBC ) + pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); +#endif /* POLARSSL_AES_C */ + + if( buf[0] != 0x30 || buf[1] != 0x82 || + buf[4] != 0x02 || buf[5] != 0x01 ) + { + free( buf ); + return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH ); + } +#else + return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE ); +#endif + } + + ctx->buf = buf; + ctx->buflen = len; + s2 += strlen( footer ); + if( *s2 == '\r' ) s2++; + if( *s2 == '\n' ) s2++; + *use_len = s2 - data; + + return( 0 ); +} + +void pem_free( pem_context *ctx ) +{ + if( ctx->buf ) + free( ctx->buf ); + + if( ctx->info ) + free( ctx->info ); +} + +#endif diff --git a/library/x509parse.c b/library/x509parse.c index 0e410f4ac..ffe13444c 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -39,7 +39,7 @@ #if defined(POLARSSL_X509_PARSE_C) #include "polarssl/x509.h" -#include "polarssl/base64.h" +#include "polarssl/pem.h" #include "polarssl/des.h" #include "polarssl/md2.h" #include "polarssl/md4.h" @@ -1045,10 +1045,12 @@ static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg ) */ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen ) { - int ret, len; - const unsigned char *s1, *s2; + int ret, len, use_len; unsigned char *p, *end; x509_cert *crt; +#if defined(POLARSSL_PEM_C) + pem_context pem; +#endif crt = chain; @@ -1078,57 +1080,33 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen ) memset( crt, 0, sizeof( x509_cert ) ); } - /* - * check if the certificate is encoded in base64 - */ - s1 = (unsigned char *) strstr( (char *) buf, - "-----BEGIN CERTIFICATE-----" ); +#if defined(POLARSSL_PEM_C) + pem_init( &pem ); + ret = pem_read_buffer( &pem, + "-----BEGIN CERTIFICATE-----", + "-----END CERTIFICATE-----", + buf, NULL, 0, &use_len ); - if( s1 != NULL ) + if( ret == 0 ) { - s2 = (unsigned char *) strstr( (char *) buf, - "-----END CERTIFICATE-----" ); - - if( s2 == NULL || s2 <= s1 ) - return( POLARSSL_ERR_X509_CERT_INVALID_PEM ); - - s1 += 27; - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( POLARSSL_ERR_X509_CERT_INVALID_PEM ); + /* + * Was PEM encoded + */ + buflen -= use_len; + buf += use_len; /* - * get the DER data length and decode the buffer + * Steal PEM buffer */ - len = 0; - ret = base64_decode( NULL, &len, s1, s2 - s1 ); - - if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER ) - return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret ); - - if( ( p = (unsigned char *) malloc( len ) ) == NULL ) - return( 1 ); - - if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 ) - { - free( p ); - return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret ); - } - - /* - * update the buffer size and offset - */ - s2 += 25; - if( *s2 == '\r' ) s2++; - if( *s2 == '\n' ) s2++; - else - { - free( p ); - return( POLARSSL_ERR_X509_CERT_INVALID_PEM ); - } - - buflen -= s2 - buf; - buf = s2; + p = pem.buf; + pem.buf = NULL; + len = pem.buflen; + pem_free( &pem ); + } + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT ) + { + pem_free( &pem ); + return( ret ); } else { @@ -1144,6 +1122,16 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen ) buflen = 0; } +#else + p = (unsigned char *) malloc( len = buflen ); + + if( p == NULL ) + return( 1 ); + + memcpy( p, buf, buflen ); + + buflen = 0; +#endif crt->raw.p = p; crt->raw.len = len; @@ -1393,10 +1381,12 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen ) */ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen ) { - int ret, len; - unsigned char *s1, *s2; + int ret, len, use_len; unsigned char *p, *end; x509_crl *crl; +#if defined(POLARSSL_PEM_C) + pem_context pem; +#endif crl = chain; @@ -1426,57 +1416,33 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen ) memset( crl, 0, sizeof( x509_crl ) ); } - /* - * check if the CRL is encoded in base64 - */ - s1 = (unsigned char *) strstr( (char *) buf, - "-----BEGIN X509 CRL-----" ); +#if defined(POLARSSL_PEM_C) + pem_init( &pem ); + ret = pem_read_buffer( &pem, + "-----BEGIN X509 CRL-----", + "-----END X509 CRL-----", + buf, NULL, 0, &use_len ); - if( s1 != NULL ) + if( ret == 0 ) { - s2 = (unsigned char *) strstr( (char *) buf, - "-----END X509 CRL-----" ); - - if( s2 == NULL || s2 <= s1 ) - return( POLARSSL_ERR_X509_CERT_INVALID_PEM ); - - s1 += 24; - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( POLARSSL_ERR_X509_CERT_INVALID_PEM ); + /* + * Was PEM encoded + */ + buflen -= use_len; + buf += use_len; /* - * get the DER data length and decode the buffer + * Steal PEM buffer */ - len = 0; - ret = base64_decode( NULL, &len, s1, s2 - s1 ); - - if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER ) - return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret ); - - if( ( p = (unsigned char *) malloc( len ) ) == NULL ) - return( 1 ); - - if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 ) - { - free( p ); - return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret ); - } - - /* - * update the buffer size and offset - */ - s2 += 22; - if( *s2 == '\r' ) s2++; - if( *s2 == '\n' ) s2++; - else - { - free( p ); - return( POLARSSL_ERR_X509_CERT_INVALID_PEM ); - } - - buflen -= s2 - buf; - buf = s2; + p = pem.buf; + pem.buf = NULL; + len = pem.buflen; + pem_free( &pem ); + } + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT ) + { + pem_free( &pem ); + return( ret ); } else { @@ -1492,6 +1458,16 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen ) buflen = 0; } +#else + p = (unsigned char *) malloc( len = buflen ); + + if( p == NULL ) + return( 1 ); + + memcpy( p, buf, buflen ); + + buflen = 0; +#endif crl->raw.p = p; crl->raw.len = len; @@ -1758,180 +1734,44 @@ int x509parse_crlfile( x509_crl *chain, const char *path ) return( ret ); } -#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C) -/* - * Read a 16-byte hex string and convert it to binary - */ -static int x509_get_iv( const unsigned char *s, unsigned char iv[8] ) -{ - int i, j, k; - - memset( iv, 0, 8 ); - - for( i = 0; i < 16; i++, s++ ) - { - if( *s >= '0' && *s <= '9' ) j = *s - '0'; else - if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else - if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else - return( POLARSSL_ERR_X509_KEY_INVALID_ENC_IV ); - - k = ( ( i & 1 ) != 0 ) ? j : j << 4; - - iv[i >> 1] = (unsigned char)( iv[i >> 1] | k ); - } - - return( 0 ); -} - -/* - * Decrypt with 3DES-CBC, using PBKDF1 for key derivation - */ -static void x509_des3_decrypt( unsigned char des3_iv[8], - unsigned char *buf, int buflen, - const unsigned char *pwd, int pwdlen ) -{ - md5_context md5_ctx; - des3_context des3_ctx; - unsigned char md5sum[16]; - unsigned char des3_key[24]; - - /* - * 3DES key[ 0..15] = MD5(pwd || IV) - * key[16..23] = MD5(pwd || IV || 3DES key[ 0..15]) - */ - md5_starts( &md5_ctx ); - md5_update( &md5_ctx, pwd, pwdlen ); - md5_update( &md5_ctx, des3_iv, 8 ); - md5_finish( &md5_ctx, md5sum ); - memcpy( des3_key, md5sum, 16 ); - - md5_starts( &md5_ctx ); - md5_update( &md5_ctx, md5sum, 16 ); - md5_update( &md5_ctx, pwd, pwdlen ); - md5_update( &md5_ctx, des3_iv, 8 ); - md5_finish( &md5_ctx, md5sum ); - memcpy( des3_key + 16, md5sum, 8 ); - - des3_set3key_dec( &des3_ctx, des3_key ); - des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen, - des3_iv, buf, buf ); - - memset( &md5_ctx, 0, sizeof( md5_ctx ) ); - memset( &des3_ctx, 0, sizeof( des3_ctx ) ); - memset( md5sum, 0, 16 ); - memset( des3_key, 0, 24 ); -} -#endif - /* * Parse a private RSA key */ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen, const unsigned char *pwd, int pwdlen ) { - int ret, len, enc; - unsigned char *buf, *s1, *s2; + int ret, len; unsigned char *p, *end; -#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C) - unsigned char des3_iv[8]; -#else - ((void) pwd); - ((void) pwdlen); -#endif +#if defined(POLARSSL_PEM_C) + pem_context pem; - s1 = (unsigned char *) strstr( (char *) key, - "-----BEGIN RSA PRIVATE KEY-----" ); + pem_init( &pem ); + ret = pem_read_buffer( &pem, + "-----BEGIN RSA PRIVATE KEY-----", + "-----END RSA PRIVATE KEY-----", + key, pwd, pwdlen, &len ); - if( s1 != NULL ) + if( ret == 0 ) { - s2 = (unsigned char *) strstr( (char *) key, - "-----END RSA PRIVATE KEY-----" ); - - if( s2 == NULL || s2 <= s1 ) - return( POLARSSL_ERR_X509_KEY_INVALID_PEM ); - - s1 += 31; - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( POLARSSL_ERR_X509_KEY_INVALID_PEM ); - - enc = 0; - - if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) - { -#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C) - enc++; - - s1 += 22; - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( POLARSSL_ERR_X509_KEY_INVALID_PEM ); - - if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) != 0 ) - return( POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG ); - - s1 += 23; - if( x509_get_iv( s1, des3_iv ) != 0 ) - return( POLARSSL_ERR_X509_KEY_INVALID_ENC_IV ); - - s1 += 16; - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( POLARSSL_ERR_X509_KEY_INVALID_PEM ); -#else - return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); -#endif - } - - len = 0; - ret = base64_decode( NULL, &len, s1, s2 - s1 ); - - if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER ) - return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM ); - - if( ( buf = (unsigned char *) malloc( len ) ) == NULL ) - return( 1 ); - - if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 ) - { - free( buf ); - return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM ); - } - - keylen = len; - - if( enc != 0 ) - { -#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C) - if( pwd == NULL ) - { - free( buf ); - return( POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED ); - } - - x509_des3_decrypt( des3_iv, buf, keylen, pwd, pwdlen ); - - if( buf[0] != 0x30 || buf[1] != 0x82 || - buf[4] != 0x02 || buf[5] != 0x01 ) - { - free( buf ); - return( POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH ); - } -#else - return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); -#endif - } + /* + * Was PEM encoded + */ + keylen = pem.buflen; } - else + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT ) { - buf = NULL; + pem_free( &pem ); + return( ret ); } + p = ( ret == 0 ) ? pem.buf : (unsigned char *) key; +#else + p = (unsigned char *) key; +#endif + end = p + keylen; + memset( rsa, 0, sizeof( rsa_context ) ); - p = ( s1 != NULL ) ? buf : (unsigned char *) key; - end = p + keylen; - /* * RSAPrivateKey ::= SEQUENCE { * version Version, @@ -1949,9 +1789,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen, if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { - if( s1 != NULL ) - free( buf ); - +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif rsa_free( rsa ); return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); } @@ -1960,18 +1800,18 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen, if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) { - if( s1 != NULL ) - free( buf ); - +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif rsa_free( rsa ); return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); } if( rsa->ver != 0 ) { - if( s1 != NULL ) - free( buf ); - +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif rsa_free( rsa ); return( ret | POLARSSL_ERR_X509_KEY_INVALID_VERSION ); } @@ -1985,9 +1825,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen, ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) { - if( s1 != NULL ) - free( buf ); - +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif rsa_free( rsa ); return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT ); } @@ -1996,9 +1836,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen, if( p != end ) { - if( s1 != NULL ) - free( buf ); - +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif rsa_free( rsa ); return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); @@ -2006,15 +1846,16 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen, if( ( ret = rsa_check_privkey( rsa ) ) != 0 ) { - if( s1 != NULL ) - free( buf ); - +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif rsa_free( rsa ); return( ret ); } - if( s1 != NULL ) - free( buf ); +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif return( 0 ); } @@ -2049,52 +1890,38 @@ int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd ) int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen ) { int ret, len; - unsigned char *buf, *s1, *s2; unsigned char *p, *end; +#if defined(POLARSSL_PEM_C) + pem_context pem; - s1 = (unsigned char *) strstr( (char *) dhmin, - "-----BEGIN DH PARAMETERS-----" ); + pem_init( &pem ); - if( s1 != NULL ) + ret = pem_read_buffer( &pem, + "-----BEGIN DH PARAMETERS-----", + "-----END DH PARAMETERS-----", + dhmin, NULL, 0, &dhminlen ); + + if( ret == 0 ) { - s2 = (unsigned char *) strstr( (char *) dhmin, - "-----END DH PARAMETERS-----" ); - - if( s2 == NULL || s2 <= s1 ) - return( POLARSSL_ERR_X509_KEY_INVALID_PEM ); - - s1 += 29; - if( *s1 == '\r' ) s1++; - if( *s1 == '\n' ) s1++; - else return( POLARSSL_ERR_X509_KEY_INVALID_PEM ); - - len = 0; - ret = base64_decode( NULL, &len, s1, s2 - s1 ); - - if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER ) - return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM ); - - if( ( buf = (unsigned char *) malloc( len ) ) == NULL ) - return( 1 ); - - if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 ) - { - free( buf ); - return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM ); - } - - dhminlen = len; + /* + * Was PEM encoded + */ + dhminlen = pem.buflen; } - else + else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT ) { - buf = NULL; + pem_free( &pem ); + return( ret ); } + p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin; +#else + p = (unsigned char *) dhmin; +#endif + end = p + dhminlen; + memset( dhm, 0, sizeof( dhm_context ) ); - p = ( s1 != NULL ) ? buf : (unsigned char *) dhmin; - end = p + dhminlen; - /* * DHParams ::= SEQUENCE { * prime INTEGER, -- P @@ -2104,10 +1931,9 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen ) if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { - if( s1 != NULL ) - free( buf ); - - dhm_free( dhm ); +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); } @@ -2116,25 +1942,26 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen ) if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 ) { - if( s1 != NULL ) - free( buf ); - +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif dhm_free( dhm ); return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT ); } if( p != end ) { - if( s1 != NULL ) - free( buf ); - +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif dhm_free( dhm ); return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); } - if( s1 != NULL ) - free( buf ); +#if defined(POLARSSL_PEM_C) + pem_free( &pem ); +#endif return( 0 ); } diff --git a/tests/data_files/keyfile b/tests/data_files/keyfile new file mode 100644 index 000000000..f54d47aa7 --- /dev/null +++ b/tests/data_files/keyfile @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDMYfnvWtC8Id5bPKae5yXSxQTt+Zpul6AnnZWfI2TtIarvjHBF +UtXRo96y7hoL4VWOPKGCsRqMFDkrbeUjRrx8iL914/srnyf6sh9c8Zk04xEOpK1y +pvBz+Ks4uZObtjnnitf0NBGdjMKxveTq+VE7BWUIyQjtQ8mbDOsiLLvh7wIDAQAB +AoGAefPIT8MPpAJNjIE/JrfkAMTgsSLrvCurO5gzDBbxhPE+7tsMrsDDpuix3HBo +iEg3ZbzV3obQwV7b0gcr34W4t0CMuJf5b5irHRG8JcZuncmofDy6z7S5Vs75O85z +fVzTIuVUyuHy1rM6rSBYKfsMLVyImUb4wtIXEMHPzdCL9LECQQD3ZfgGqudMWq8v +3BlKhsQ4fsR0vxzNlMZfoRrZzcvBT339Bp1UQ8aUo8xBtHiRwuW1NaPNgYKX6XQ6 +ppuWuTiJAkEA030i493KnFPLRwWypqF/s6ZNlVye+euFN5NF/IeJcvb/GUDRYv9O +pRozRS1jNx4ZB1K2xT7N9MwsPHD6j6K4twJBALdfHTfT9RzjGnae7SAQQ+CcFYFz +JiY6386B2yUVJLFj+j5RaMvMcKQ7xGnvGm7vxtNJrt/j3qg6oavXUfulzgECQQDP +CEVLhCd/+ZeZoz5MWPTGTRrOCKmoRqNW0FlG6PfpD1qSwh04KG44uflO0yu5HUGr +JZG+bcj4x5bWZFMkoUrpAkEAyEgQzesKFqcbt1cqv3pLXJYQBBw6leFXgHk11a7k ++AkexhrPYyq/4tXFO2TLk2hs7tpYgNDOqZCvEu7jtN3RuA== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.3des b/tests/data_files/keyfile.3des new file mode 100644 index 000000000..638c19afc --- /dev/null +++ b/tests/data_files/keyfile.3des @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,BE8274D6692AF2A7 + +9ZXjoF55A9XgJpdaWmF/ZL1sJfbnE1M42N7HHRDwpq1/K+afC9poM0/AdCUbRL7w +uvQERievbAYpNeLdah1EftM6033e1oTxUMivdL4orDKcbb3qDpSQ0o0UbjavbT+d +aruilW8zVP4dz3mYMvGbkgoujgzdT+4wM0T1mTTuYcRKQsHlg7QDy2QrBILNuXA4 +Hmye4GlSXVUSON8vPXT12V4oeubEIZVlnkLTRFGRVA4qz5tby9GBymkeNCBu+LCw +JwJLTbQwMFqozHvioq/2YBaHDcySpTD4X5AwrCjifUNO9BnLWLAmt8dOWr0z+48E +P/yWr5xZl3DrKh9r9EGb9xbTxhum3yHV7bvXLoUH+t9gowmd4Lq3Qjjf8jQXle0P +zoCOVxwN1E1IMhleEUPV7L8mbt26b0JyvrSS5ByrXahGu9vGQyy7qqx9ZANkzgXF +3hPMDuzQXMJiUeG92VsMEdGdA1/8V5ro+ceB5c7Zca5MjMzvx2tihda7BUjj6dSE +cA8Vvksy/NX/nqHSt0aSgphvBmZP8dN6GMcZ+hT7p0fhCq4mSFEykQqueKXiFUfz +0xCUVZC6WzOoEkc8k7xiLWQDlsZZ13Z4yxU1IxJp7llZXpZ8GkwS+678/Nx8h54A +mv5ZlSFWWQrvN5JPQJka7aU2ITu1LUK6mXBu+DoSDOfQuqR4vQytkjOqHK185iHs +JQtBGkFFdElkWgubPX/S8/xxoT8MoQY/c+dr6iwcswyUnSJXh32KLPGNBoqWCCbY +jp/VYmeb117gNpEJKJhcNbrP7DoQrC3/D7JFXnOvTA/z6FOtUmz0rQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes128 b/tests/data_files/keyfile.aes128 new file mode 100644 index 000000000..dd7443f84 --- /dev/null +++ b/tests/data_files/keyfile.aes128 @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,B5FA3F70C2AF79EB9D3DD2C40E7AE61A + +iyfOvvyTPPR7on4XPFxu6CoCgTqh88ROlslM+RLJhwM/qGexbgDOzeI2CPf4XfzI +tyevKD/pqCaCMesYJh/HDQCILdW2tGbwzPajg72xkfCD6+1NHOGoDbdQN8ahGVmg +flAYU0iXDMvqs/jnucM7nlTGp8Istn7+zd9ARyrkQy+I8nvMh3chGKWzx/XtJR+z +Iv8p+n/o+fCHzGvtj+LWYeUc4d0OTIjnF6QPTtPOexX28z0gXRODT/indgifNXv3 +j45KO2NYOaVTaCuiWIHj7wWBokoL4bCMFcFTJbdJx5BgfLmDkTEmB/6DEXu6UOsQ +3lPzyJhIRxn7hNq2I47TzSAFvmcXwm84txpxtSwHTcl9LgsyIiEMmHv3lPPE1G94 +F5VrCzzFHyU7nFRdUC0mqLrCHcjDn5O4SQWfH7J/7G4OArU6lA4Z2NC03IPxEmsQ +66Fu8GdMbmtFORdlZQtOjLi3zZwN9+NwhiUrNNdVvGNJIjIcZ4FZRZysbt7++hfQ +/JOAKhVNC8dNROJUleEYIiqx23e5lze6wqcIosziq3tb6/SQ6fH533D8+PpcZKsC +IlWKAQzsNV+nJvt7CI1ppWc6CtV7TKn0scZm2oOC4339gdR5xzxXe9EJDsMBpcg9 +drIdBr+3UxeC6Lc/rWM7IjSQ2YULBra3toEF6UYevngXdUD2YafrpoY5rK9IH90G +Hjbf65IaHLTS0jA7lAvJsQEBuULQQoWENOjhp8v+UfkNM2ccyOuUk3xZJNeX19YP +1Z09UMEKbf6ucoRCc01SBl206OAsq1NZEaodszT+mDg990I/9ACVi3LEU6XB5ZVs +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes192 b/tests/data_files/keyfile.aes192 new file mode 100644 index 000000000..96702d8e9 --- /dev/null +++ b/tests/data_files/keyfile.aes192 @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,72F869F41B989D71730B2983448251B8 + +R6ST6H9oUyFWBavUO++azbn9ga87lgeuqNMVVScOcXjguqQZdnuZq9AzwQQETEv+ +ZbVPL9w2isuXKoavaPxYyCXbZ+l6JRfWiXi6CmnfNhx4MgYpbH9BEqGbIVxA3fvu +zFutqi+Ru6QeERshDNke6HfFjJ91WkBjNjrXcfDmt0uRGqFSWd5DSEniyaPmxCYs +mpRwr9XESFiBkCHL+/iSkW0EZBjwHW0//RNsZKtuqVJGW/dZhDxerOGRl0a1oWkb +IvfED7afrXMlpHokMwtUduk2TBE1AoczZ6Dv7RZGipaBR4yb9kYgIkiqFk53lg5h +7b3WQt6TYECI7X3Q2rDgPQtUChVud0uUQYmQ5328HRE8zhlWxHGmTQMWVBW6X+FM +ikFLRUeYBeq0UJu20DmvklZV6iDxsULLu+Rb0b8NkT+V2feSXbrP976oCSUznvT6 +3e2EOH+KAqMy5JZhTsjM7HtkleMwYQ9v+Wnbnn1OsB9drYWUJuhQeXt6v8dkm/eD +9m6dZzivc/h1UThIuuZPo+6S7FoluIlt5uv2UcnYYdYOgKSd1Vm0wztGaJn3CSGw +JEbebucr+5ptOHxflV5Txgnfj63sJyVd/wy0T8sMRO2znk5uVLWxf855fNXev9M3 +gA3+MXC2eGaR9DYOxfakFRwL+Z30RlIktaqDK76BZRD4sWB6dIVw5JdCXpNMCuDH +dxlTKcP59uPAEB2VyhDvm5CN3T+bM2K6WDZFO95hKKfEk5ea/UB7DA2ucfovdayE +Hd46EUKC4/cdUFiSycgD01ztdda7hU7hFvOkHTK7O3G1yvEwH0+jxKNsudNfbbxc +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes256 b/tests/data_files/keyfile.aes256 new file mode 100644 index 000000000..5df09cf47 --- /dev/null +++ b/tests/data_files/keyfile.aes256 @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,53572EEEE794948AC48CB0E077CE075A + +p0YobpQmzHb3NgGlojpYoH+G5f1XX9snYv2GQe2tGTBQpoHh+ivHcOt85EZu9pC1 +1KRdALEwp7Cb4RYeQncV9Bfp5rItupS1TwfgKAlp7Plmb4vDcDVw+KL3PaYn52Bd +qq5USLxCvKcl91hZXzitttH072lEj2MzW2QpX2/1hCRPgMDu9PJlBX2S+GOaYP+9 +sTWTCc1yvHMW4XGEM4P4yfRg9EOTxU5gIYWUE2JqmEGd+9I0hK2YevAPLNKHxzpy +klCCBYqDplcVT5zEyCmdiBHIjzodlFuocZC8ncinVnsuJvpTeMQ+zOZ5rao8xm2j +uCnnVRh7yZktfsf5B/ZKBMGyPYRyKN4CCYhF0GzbehTvBirgDELq4LHyDdnnOTwU +YJiqo17x6S4FVNq6AubADVAbCOMFyfr+TFshI8spOwqfGFFDs8/WWL5OnBS85Pd1 +dgoqwzJAt55GyDUbGnp6hUFl9g96nvV3sE6Xe4xVE2Cpf1BtUl9Dt3UrrDrbS0dk +pKxl2FA2H0BVKtfNBHXvWkORi+v+XZl34rZZ37B8snYIN2aOqLuvyM4fd1EabkyG +ymMEUHJcrc5zl/7IECaHrCahqZIsLpLhGTd0MMGrkGSvRLiY5nQ4MN5tKI0fUw0S +5KIjOA6ZX5nvh4rYgQcgN7K6dXNA2hOj5256Vv0HVwXsVhQFmCGnuo+h8XxudRVH +RuIUaTUtl29a/2nPTzXB6MNZe7Wol8EkzuYEgyaizKr7nO0J1umg+lj7ipX/80Ji +3ADi0yL4F831LsdAiTY60Lu2e3WABleZsvuLMWSodb9WzJXknsnFEDLGOM+HGj8Q +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.des b/tests/data_files/keyfile.des new file mode 100644 index 000000000..f23230559 --- /dev/null +++ b/tests/data_files/keyfile.des @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,F87FE1C0FB9B3E77 + +1NbOyRx5kBWeXy93eCXyidDpR3pbfgGWIIgXVCVE4/ZXgEt14A23YndZeI5OSxvG +JWhqZ+VuiRsxeKAjo+xf4bnKLArvbshhzUKCEVsCP1d2d1xfgjsnyr8tqNiJE0F6 +7Nimjcrpw/udCk2RBVyshN9kiPBbnA+XUdOHfEnbdkqDsS5DGjq7H1kBZuHhTQa8 +Xv6ta3kbI1BGiqKDhH2H9iJlZMwpVQuJs+HqcqNEhsPm0V4kp0S3PZMbYVKpEtDO +vh9CHprQy/nlHfq7ZAs9/2HN4/OT/5kw4JM9qQy7eo/6FX2yh39Lyz8u7PXLaVgM +pwOiFb+zvegYts5aCXyM1nBUu9NFPDQNDytjXOhbWL0hEr1RzgK67f5QYIxWgGCK +St4moIn7J5BifViNdp7j/RXCoCmda3Zv5PiRw83yScSlzgDdTNpm/70jp8pGSxEn +Ib768zYEcYeeKyPar210Nh9abySPpkFFaujN4do5wujboC0VPz73M6eTeZ6iOUgR +cX9WwkfRj6G6VQfM6xAZdOkQ2cj6M4YRze1RKLhqo0+gre76FLn8Kzf/Hjrp/0iy +0flr/6BwLxGV49vMUCesJ9oqE/frru9Y89cOwbgcHxKJ24Oz+64OUPyeSxDMElZ8 +lXiNk3aBEuLdBOKJ8B9kyKuxNqwDoqhCsrc77Gjio+q24w+G2+KAzBEup4S9cYgp +FiSvK8sizKINfE14f9HA60MJJzyEjTUuL7+ioL7xHGtIkdWbs/Qp7KxliH6qoIUv +VUsT6VS1nWLDyTyMbcjMx1odRsWrLwLqIsvNIcGGwe+P4sm4LivNnQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index 690ba1d52..1a20e0e3e 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -1,4 +1,4 @@ Debug print certificate #1 -depends_on:POLARSSL_DEBUG_C +depends_on:POLARSSL_DEBUG_C:POLARSSL_PEM_C debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2009-02-09 21\:12\:35\nMyFile(0999)\: expires on \: 2011-02-09 21\:12\:35\nMyFile(0999)\: signed using \: RSA+SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: ae 92 63 59 74 68 a4 aa 89 50 42 f2 e7 27 09 2c\nMyFile(0999)\: a5 86 99 09 28 52 5d 6e 32 f5 93 18 35 0e 2b 28\nMyFile(0999)\: 6d 11 20 49 f2 21 0d d6 fc e6 dc de 40 93 7b 29\nMyFile(0999)\: ee 4b 4c 28 4f e4 8c 38 12 de 10 69 f7 ba 40 e8\nMyFile(0999)\: 74 80 a6 19 36 63 e0 37 93 39 f6 00 8e 3c 5a fd\nMyFile(0999)\: dc 8e 50 c1 41 7c bf ff c9 bb e2 ad 7c 8d b1 a4\nMyFile(0999)\: 1a 8b 3e 1f 1a 28 9b e6 93 4b 74 c3 e9 ab 2c c8\nMyFile(0999)\: 93 cf f6 02 a1 c9 4b 9e f9 f6 fa a6 95 98 6c 32\nMyFile(0999)\: 85 c0 f4 e7 b0 ec 50 af 17 52 49 21 80 9f 0d c8\nMyFile(0999)\: 37 73 74 42 3e 06 7f 29 29 1d 6a 9a 71 0f 70 ea\nMyFile(0999)\: c8 49 0d d7 3b 7e c2 ed 9b 33 dd 64 e9 8f df 85\nMyFile(0999)\: 81 c3 b1 c5 50 b6 55 2c c8 88 ed fd c4 cf 14 4f\nMyFile(0999)\: 49 d8 76 5c 1d 95 ef 34 e8 d7 74 aa 1e d2 ff 1d\nMyFile(0999)\: 19 27 19 de af b5 7a 71 c3 fb 38 11 ca da 78 2c\nMyFile(0999)\: 9b 32 3e 5f 31 eb c9 6e 43 eb 3d a5 c1 36 e2 86\nMyFile(0999)\: 49 1c 68 d7 5b f1 01 d0 29 16 d0 3a 44 36 5c 77\nMyFile(0999)\: value of 'crt->rsa.E' (32 bits) is\:\nMyFile(0999)\: 00 01 00 01\n" diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a156992cd..4441d24e0 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1,176 +1,237 @@ X509 Certificate information #1 +depends_on:POLARSSL_PEM_C x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2009-02-09 21\:12\:35\nexpires on \: 2011-02-09 21\:12\:35\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n" X509 Certificate information #2 +depends_on:POLARSSL_PEM_C x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2009-02-10 22\:15\:12\nexpires on \: 2011-02-10 22\:15\:12\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n" X509 Certificate information #3 +depends_on:POLARSSL_PEM_C x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2009-02-09 21\:12\:25\nexpires on \: 2019-02-10 21\:12\:25\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n" X509 Certificate information MD2 Digest +depends_on:POLARSSL_PEM_C x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD2\nRSA key size \: 2048 bits\n" X509 Certificate information MD4 Digest +depends_on:POLARSSL_PEM_C x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD4\nRSA key size \: 2048 bits\n" X509 Certificate information MD5 Digest +depends_on:POLARSSL_PEM_C x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD5\nRSA key size \: 2048 bits\n" X509 Certificate information SHA1 Digest +depends_on:POLARSSL_PEM_C x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 0C\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n" X509 Certificate information SHA224 Digest +depends_on:POLARSSL_PEM_C x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA224\nRSA key size \: 2048 bits\n" X509 Certificate information SHA256 Digest +depends_on:POLARSSL_PEM_C x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 0E\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA256\nRSA key size \: 2048 bits\n" X509 Certificate information SHA384 Digest +depends_on:POLARSSL_PEM_C x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0F\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA384\nRSA key size \: 2048 bits\n" X509 Certificate information SHA512 Digest +depends_on:POLARSSL_PEM_C x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 10\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2009-07-12 10\:57\:00\nexpires on \: 2011-07-12 10\:57\:00\nsigned using \: RSA+SHA512\nRSA key size \: 2048 bits\n" X509 CRL information #1 +depends_on:POLARSSL_PEM_C x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-02-09 21\:12\:36\nnext update \: 2009-04-10 21\:12\:36\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n" X509 CRL Information MD2 Digest +depends_on:POLARSSL_PEM_C x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD2\n" X509 CRL Information MD4 Digest +depends_on:POLARSSL_PEM_C x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD4\n" X509 CRL Information MD5 Digest +depends_on:POLARSSL_PEM_C x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD5\n" X509 CRL Information SHA1 Digest +depends_on:POLARSSL_PEM_C x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n" X509 CRL Information SHA224 Digest +depends_on:POLARSSL_PEM_C x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA224\n" X509 CRL Information SHA256 Digest +depends_on:POLARSSL_PEM_C x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA256\n" X509 CRL Information SHA384 Digest +depends_on:POLARSSL_PEM_C x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA384\n" X509 CRL Information SHA512 Digest +depends_on:POLARSSL_PEM_C x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA512\n" X509 Parse Key #1 (No password when required) -depends_on:POLARSSL_MD5_C -x509parse_keyfile:"data_files/test-ca.key":NULL:POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C +x509parse_keyfile:"data_files/test-ca.key":NULL:POLARSSL_ERR_PEM_PASSWORD_REQUIRED X509 Parse Key #2 (Correct password) -depends_on:POLARSSL_MD5_C +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C x509parse_keyfile:"data_files/test-ca.key":"PolarSSLTest":0 X509 Parse Key #3 (Wrong password) -depends_on:POLARSSL_MD5_C -x509parse_keyfile:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C +x509parse_keyfile:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_PEM_PASSWORD_MISMATCH + +X509 Parse Key #4 (DES Encrypted) +depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C +x509parse_keyfile:"data_files/keyfile.des":"testkey":0 + +X509 Parse Key #5 (3DES Encrypted) +depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C +x509parse_keyfile:"data_files/keyfile.3des":"testkey":0 + +X509 Parse Key #6 (AES-128 Encrypted) +depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C +x509parse_keyfile:"data_files/keyfile.aes128":"testkey":0 + +X509 Parse Key #7 (AES-192 Encrypted) +depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C +x509parse_keyfile:"data_files/keyfile.aes192":"testkey":0 + +X509 Parse Key #8 (AES-256 Encrypted) +depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C +x509parse_keyfile:"data_files/keyfile.aes256":"testkey":0 X509 Get Distinguished Name #1 +depends_on:POLARSSL_PEM_C x509_dn_gets:"data_files/server1.crt":subject:"C=NL, O=PolarSSL, CN=PolarSSL Server 1" X509 Get Distinguished Name #2 +depends_on:POLARSSL_PEM_C x509_dn_gets:"data_files/server1.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA" X509 Get Distinguished Name #3 +depends_on:POLARSSL_PEM_C x509_dn_gets:"data_files/server2.crt":subject:"C=NL, O=PolarSSL, CN=localhost" X509 Get Distinguished Name #4 +depends_on:POLARSSL_PEM_C x509_dn_gets:"data_files/server2.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA" X509 Time Expired #1 +depends_on:POLARSSL_PEM_C x509_time_expired:"data_files/server1.crt":valid_from:1 X509 Time Expired #2 +depends_on:POLARSSL_PEM_C x509_time_expired:"data_files/server1.crt":valid_to:0 X509 Time Expired #3 +depends_on:POLARSSL_PEM_C x509_time_expired:"data_files/server2.crt":valid_from:1 X509 Time Expired #4 +depends_on:POLARSSL_PEM_C x509_time_expired:"data_files/server2.crt":valid_to:0 X509 Time Expired #5 +depends_on:POLARSSL_PEM_C x509_time_expired:"data_files/test-ca.crt":valid_from:1 X509 Time Expired #6 +depends_on:POLARSSL_PEM_C x509_time_expired:"data_files/test-ca.crt":valid_to:0 X509 Certificate verification #1 (Revoked Cert, Expired CRL) +depends_on:POLARSSL_PEM_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL X509 Certificate verification #2 (Revoked Cert, Expired CRL) +depends_on:POLARSSL_PEM_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL X509 Certificate verification #3 (Revoked Cert, Expired CRL, CN Mismatch) +depends_on:POLARSSL_PEM_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED | BADCERT_CN_MISMATCH:NULL X509 Certificate verification #4 (Valid Cert, Expired CRL) +depends_on:POLARSSL_PEM_C x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_EXPIRED:NULL X509 Certificate verification #5 (Revoked Cert) +depends_on:POLARSSL_PEM_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL X509 Certificate verification #6 (Revoked Cert) +depends_on:POLARSSL_PEM_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL X509 Certificate verification #7 (Revoked Cert, CN Mismatch) +depends_on:POLARSSL_PEM_C x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCERT_CN_MISMATCH:NULL X509 Certificate verification #8 (Valid Cert) +depends_on:POLARSSL_PEM_C x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL X509 Certificate verification #9 (Not trusted Cert) +depends_on:POLARSSL_PEM_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL X509 Certificate verification #10 (Not trusted Cert, Expired CRL) +depends_on:POLARSSL_PEM_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL X509 Certificate verification #11 (Valid Cert MD2 Digest) -depends_on:POLARSSL_MD2_C +depends_on:POLARSSL_MD2_C:POLARSSL_PEM_C x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL X509 Certificate verification #12 (Valid Cert MD4 Digest) -depends_on:POLARSSL_MD4_C +depends_on:POLARSSL_MD4_C:POLARSSL_PEM_C x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL X509 Certificate verification #13 (Valid Cert MD5 Digest) -depends_on:POLARSSL_MD5_C +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL X509 Certificate verification #14 (Valid Cert SHA1 Digest) -depends_on:POLARSSL_SHA1_C +depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_C x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL X509 Certificate verification #15 (Valid Cert SHA224 Digest) -depends_on:POLARSSL_SHA2_C +depends_on:POLARSSL_SHA2_C:POLARSSL_PEM_C x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL X509 Certificate verification #16 (Valid Cert SHA256 Digest) -depends_on:POLARSSL_SHA2_C +depends_on:POLARSSL_SHA2_C:POLARSSL_PEM_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL X509 Certificate verification #17 (Valid Cert SHA384 Digest) -depends_on:POLARSSL_SHA4_C +depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL X509 Certificate verification #18 (Valid Cert SHA512 Digest) -depends_on:POLARSSL_SHA4_C +depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL X509 Certificate verification #19 (Valid Cert, denying callback) -depends_on:POLARSSL_SHA4_C +depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:0:&verify_none X509 Certificate verification #20 (Not trusted Cert, allowing callback) +depends_on:POLARSSL_PEM_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:0:0:&verify_all X509 Parse Selftest -depends_on:POLARSSL_MD5_C +depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C x509_selftest: X509 Certificate ASN1 (Incorrect first tag) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 9a7a46019..6106c7527 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1,6 +1,7 @@ BEGIN_HEADER #include #include +#include int verify_none( void *data, x509_cert *crt, int certificate_depth, int preverify_ok ) {