mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 15:05:45 +01:00
- Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5) - Added tests for encrypted keyfiles
This commit is contained in:
parent
f17ed288ad
commit
96743fc5f5
10
ChangeLog
10
ChangeLog
@ -1,5 +1,15 @@
|
|||||||
PolarSSL ChangeLog
|
PolarSSL ChangeLog
|
||||||
|
|
||||||
|
= Version 0.99-pre2 released on XXXXXX
|
||||||
|
Features
|
||||||
|
* Parsing PEM private keys encrypted with DES and AES
|
||||||
|
are now supported as well (Fixes ticket #5)
|
||||||
|
|
||||||
|
Changes
|
||||||
|
* Parsing of PEM files moved to separate module (Fixes
|
||||||
|
ticket #13). Also possible to remove PEM support for
|
||||||
|
systems only using DER encoding
|
||||||
|
|
||||||
= Version 0.99-pre1 released on 2011-01-30
|
= Version 0.99-pre1 released on 2011-01-30
|
||||||
Features
|
Features
|
||||||
Note: Most of these features have been donated by Fox-IT
|
Note: Most of these features have been donated by Fox-IT
|
||||||
|
@ -151,6 +151,7 @@
|
|||||||
*
|
*
|
||||||
* Module: library/aes.c
|
* Module: library/aes.c
|
||||||
* Caller: library/ssl_tls.c
|
* Caller: library/ssl_tls.c
|
||||||
|
* library/pem.c
|
||||||
*
|
*
|
||||||
* This module enables the following ciphersuites:
|
* This module enables the following ciphersuites:
|
||||||
* SSL_RSA_AES_128_SHA
|
* SSL_RSA_AES_128_SHA
|
||||||
@ -370,6 +371,18 @@
|
|||||||
*/
|
*/
|
||||||
#define POLARSSL_PADLOCK_C
|
#define POLARSSL_PADLOCK_C
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def POLARSSL_PEM_C
|
||||||
|
*
|
||||||
|
* Enable PEM decoding
|
||||||
|
*
|
||||||
|
* Module: library/pem.c
|
||||||
|
* Caller: library/x509parse.c
|
||||||
|
*
|
||||||
|
* This modules adds support for decoding PEM files.
|
||||||
|
*/
|
||||||
|
#define POLARSSL_PEM_C
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \def POLARSSL_RSA_C
|
* \def POLARSSL_RSA_C
|
||||||
*
|
*
|
||||||
|
98
include/polarssl/pem.h
Normal file
98
include/polarssl/pem.h
Normal file
@ -0,0 +1,98 @@
|
|||||||
|
/**
|
||||||
|
* \file pem.h
|
||||||
|
*
|
||||||
|
* \brief Privacy Enhanced Mail (PEM) decoding
|
||||||
|
*
|
||||||
|
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||||
|
*
|
||||||
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
|
*
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License along
|
||||||
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*/
|
||||||
|
#ifndef POLARSSL_PEM_H
|
||||||
|
#define POLARSSL_PEM_H
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \name PEM Error codes
|
||||||
|
* These error codes are returned in case of errors reading the
|
||||||
|
* PEM data.
|
||||||
|
* \{
|
||||||
|
*/
|
||||||
|
#define POLARSSL_ERR_PEM_NO_HEADER_PRESENT -0x0500 /**< No PEM header found. */
|
||||||
|
#define POLARSSL_ERR_PEM_INVALID_DATA -0x0520 /**< PEM string is not as expected. */
|
||||||
|
#define POLARSSL_ERR_PEM_MALLOC_FAILED -0x0540 /**< Failed to allocate memory. */
|
||||||
|
#define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x0560 /**< RSA IV is not in hex-format. */
|
||||||
|
#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG -0x0580 /**< Unsupported key encryption algorithm. */
|
||||||
|
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x05A0 /**< Private key password can't be empty. */
|
||||||
|
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x05C0 /**< Given private key password does not allow for correct decryption. */
|
||||||
|
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x05E0 /**< Unavailable feature, e.g. hashing/encryption combination. */
|
||||||
|
/* \} name */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief PEM context structure
|
||||||
|
*/
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
unsigned char *buf; /*!< buffer for decoded data */
|
||||||
|
int buflen; /*!< length of the buffer */
|
||||||
|
unsigned char *info; /*!< buffer for extra header information */
|
||||||
|
}
|
||||||
|
pem_context;
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief PEM context setup
|
||||||
|
*
|
||||||
|
* \param ctx context to be initialized
|
||||||
|
*/
|
||||||
|
void pem_init( pem_context *ctx );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Read a buffer for PEM information and store the resulting
|
||||||
|
* data into the specified context buffers.
|
||||||
|
*
|
||||||
|
* \param ctx context to use
|
||||||
|
* \param header header string to seek and expect
|
||||||
|
* \param footer footer string to seek and expect
|
||||||
|
* \param data source data to look in
|
||||||
|
* \param pwd password for decryption (can be NULL)
|
||||||
|
* \param pwdlen length of password
|
||||||
|
* \param use_len destination for total length used
|
||||||
|
*
|
||||||
|
* \return 0 on success, ior a specific PEM error code
|
||||||
|
*/
|
||||||
|
int pem_read_buffer( pem_context *ctx, char *header, char *footer,
|
||||||
|
const unsigned char *data,
|
||||||
|
const unsigned char *pwd,
|
||||||
|
int pwdlen, int *use_len );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief PEM context memory freeing
|
||||||
|
*
|
||||||
|
* \param ctx context to be freed
|
||||||
|
*/
|
||||||
|
void pem_free( pem_context *ctx );
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif /* pem.h */
|
@ -69,13 +69,8 @@
|
|||||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 /**< Public key algorithm is unsupported (only RSA is supported). */
|
#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 /**< Public key algorithm is unsupported (only RSA is supported). */
|
||||||
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
|
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
|
||||||
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
|
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
|
||||||
#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220 /**< PEM key string is not as expected. */
|
|
||||||
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 /**< Unsupported RSA key version */
|
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 /**< Unsupported RSA key version */
|
||||||
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 /**< Invalid RSA key tag or value. */
|
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 /**< Invalid RSA key tag or value. */
|
||||||
#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 /**< RSA IV is not in hex-format. */
|
|
||||||
#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 /**< Unsupported key encryption algorithm. */
|
|
||||||
#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 /**< Private key password can't be empty. */
|
|
||||||
#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 /**< Given private key password does not allow for correct decryption. */
|
|
||||||
#define POLARSSL_ERR_X509_POINT_ERROR -0x0300 /**< Not used. */
|
#define POLARSSL_ERR_X509_POINT_ERROR -0x0300 /**< Not used. */
|
||||||
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 /**< Not used. */
|
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 /**< Not used. */
|
||||||
/* \} name */
|
/* \} name */
|
||||||
@ -485,7 +480,7 @@ extern "C" {
|
|||||||
* \param buf buffer holding the certificate data
|
* \param buf buffer holding the certificate data
|
||||||
* \param buflen size of the buffer
|
* \param buflen size of the buffer
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific X509 error code
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
*/
|
*/
|
||||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
|
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
|
||||||
|
|
||||||
@ -497,7 +492,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
|
|||||||
* \param chain points to the start of the chain
|
* \param chain points to the start of the chain
|
||||||
* \param path filename to read the certificates from
|
* \param path filename to read the certificates from
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific X509 error code
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
*/
|
*/
|
||||||
int x509parse_crtfile( x509_cert *chain, const char *path );
|
int x509parse_crtfile( x509_cert *chain, const char *path );
|
||||||
|
|
||||||
@ -510,7 +505,7 @@ int x509parse_crtfile( x509_cert *chain, const char *path );
|
|||||||
* \param buf buffer holding the CRL data
|
* \param buf buffer holding the CRL data
|
||||||
* \param buflen size of the buffer
|
* \param buflen size of the buffer
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific X509 error code
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
*/
|
*/
|
||||||
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
|
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
|
||||||
|
|
||||||
@ -522,7 +517,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
|
|||||||
* \param chain points to the start of the chain
|
* \param chain points to the start of the chain
|
||||||
* \param path filename to read the CRLs from
|
* \param path filename to read the CRLs from
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific X509 error code
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
*/
|
*/
|
||||||
int x509parse_crlfile( x509_crl *chain, const char *path );
|
int x509parse_crlfile( x509_crl *chain, const char *path );
|
||||||
|
|
||||||
@ -536,7 +531,7 @@ int x509parse_crlfile( x509_crl *chain, const char *path );
|
|||||||
* \param pwd password for decryption (optional)
|
* \param pwd password for decryption (optional)
|
||||||
* \param pwdlen size of the password
|
* \param pwdlen size of the password
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific X509 error code
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
*/
|
*/
|
||||||
int x509parse_key( rsa_context *rsa,
|
int x509parse_key( rsa_context *rsa,
|
||||||
const unsigned char *key, int keylen,
|
const unsigned char *key, int keylen,
|
||||||
@ -550,7 +545,7 @@ int x509parse_key( rsa_context *rsa,
|
|||||||
* \param path filename to read the private key from
|
* \param path filename to read the private key from
|
||||||
* \param password password to decrypt the file (can be NULL)
|
* \param password password to decrypt the file (can be NULL)
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific X509 error code
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
*/
|
*/
|
||||||
int x509parse_keyfile( rsa_context *rsa, const char *path,
|
int x509parse_keyfile( rsa_context *rsa, const char *path,
|
||||||
const char *password );
|
const char *password );
|
||||||
@ -563,7 +558,7 @@ int x509parse_keyfile( rsa_context *rsa, const char *path,
|
|||||||
* \param dhmin input buffer
|
* \param dhmin input buffer
|
||||||
* \param dhminlen size of the buffer
|
* \param dhminlen size of the buffer
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific X509 error code
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
*/
|
*/
|
||||||
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen );
|
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen );
|
||||||
|
|
||||||
@ -574,7 +569,7 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen );
|
|||||||
* \param dhm DHM context to be initialized
|
* \param dhm DHM context to be initialized
|
||||||
* \param path filename to read the DHM Parameters from
|
* \param path filename to read the DHM Parameters from
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or a specific X509 error code
|
* \return 0 if successful, or a specific X509 or PEM error code
|
||||||
*/
|
*/
|
||||||
int x509parse_dhmfile( dhm_context *dhm, const char *path );
|
int x509parse_dhmfile( dhm_context *dhm, const char *path );
|
||||||
|
|
||||||
|
350
library/pem.c
Normal file
350
library/pem.c
Normal file
@ -0,0 +1,350 @@
|
|||||||
|
/*
|
||||||
|
* Privacy Enhanced Mail (PEM) decoding
|
||||||
|
*
|
||||||
|
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||||
|
*
|
||||||
|
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||||
|
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||||
|
*
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License along
|
||||||
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "polarssl/config.h"
|
||||||
|
|
||||||
|
#if defined(POLARSSL_PEM_C)
|
||||||
|
|
||||||
|
#include "polarssl/pem.h"
|
||||||
|
#include "polarssl/base64.h"
|
||||||
|
#include "polarssl/des.h"
|
||||||
|
#include "polarssl/aes.h"
|
||||||
|
#include "polarssl/md5.h"
|
||||||
|
#include "polarssl/cipher.h"
|
||||||
|
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
void pem_init( pem_context *ctx )
|
||||||
|
{
|
||||||
|
memset( ctx, 0, sizeof( pem_context ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
|
||||||
|
/*
|
||||||
|
* Read a 16-byte hex string and convert it to binary
|
||||||
|
*/
|
||||||
|
static int pem_get_iv( const unsigned char *s, unsigned char *iv, int iv_len )
|
||||||
|
{
|
||||||
|
int i, j, k;
|
||||||
|
|
||||||
|
memset( iv, 0, iv_len );
|
||||||
|
|
||||||
|
for( i = 0; i < iv_len * 2; i++, s++ )
|
||||||
|
{
|
||||||
|
if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
|
||||||
|
if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
|
||||||
|
if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
|
||||||
|
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
|
||||||
|
|
||||||
|
k = ( ( i & 1 ) != 0 ) ? j : j << 4;
|
||||||
|
|
||||||
|
iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
static void pem_pbkdf1( unsigned char *key, int keylen,
|
||||||
|
unsigned char *iv,
|
||||||
|
const unsigned char *pwd, int pwdlen )
|
||||||
|
{
|
||||||
|
md5_context md5_ctx;
|
||||||
|
unsigned char md5sum[16];
|
||||||
|
int use_len;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* key[ 0..15] = MD5(pwd || IV)
|
||||||
|
*/
|
||||||
|
md5_starts( &md5_ctx );
|
||||||
|
md5_update( &md5_ctx, pwd, pwdlen );
|
||||||
|
md5_update( &md5_ctx, iv, 8 );
|
||||||
|
md5_finish( &md5_ctx, md5sum );
|
||||||
|
|
||||||
|
if( keylen <= 16 )
|
||||||
|
{
|
||||||
|
memcpy( key, md5sum, keylen );
|
||||||
|
|
||||||
|
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
|
||||||
|
memset( md5sum, 0, 16 );
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy( key, md5sum, 16 );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* key[16..23] = MD5(key[ 0..15] || pwd || IV])
|
||||||
|
*/
|
||||||
|
md5_starts( &md5_ctx );
|
||||||
|
md5_update( &md5_ctx, md5sum, 16 );
|
||||||
|
md5_update( &md5_ctx, pwd, pwdlen );
|
||||||
|
md5_update( &md5_ctx, iv, 8 );
|
||||||
|
md5_finish( &md5_ctx, md5sum );
|
||||||
|
|
||||||
|
use_len = 16;
|
||||||
|
if( keylen < 32 )
|
||||||
|
use_len = keylen - 16;
|
||||||
|
|
||||||
|
memcpy( key + 16, md5sum, use_len );
|
||||||
|
|
||||||
|
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
|
||||||
|
memset( md5sum, 0, 16 );
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
/*
|
||||||
|
* Decrypt with DES-CBC, using PBKDF1 for key derivation
|
||||||
|
*/
|
||||||
|
static void pem_des_decrypt( unsigned char des_iv[8],
|
||||||
|
unsigned char *buf, int buflen,
|
||||||
|
const unsigned char *pwd, int pwdlen )
|
||||||
|
{
|
||||||
|
des_context des_ctx;
|
||||||
|
unsigned char des_key[8];
|
||||||
|
|
||||||
|
pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
|
||||||
|
|
||||||
|
des_setkey_dec( &des_ctx, des_key );
|
||||||
|
des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
|
||||||
|
des_iv, buf, buf );
|
||||||
|
|
||||||
|
memset( &des_ctx, 0, sizeof( des_ctx ) );
|
||||||
|
memset( des_key, 0, 8 );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
|
||||||
|
*/
|
||||||
|
static void pem_des3_decrypt( unsigned char des3_iv[8],
|
||||||
|
unsigned char *buf, int buflen,
|
||||||
|
const unsigned char *pwd, int pwdlen )
|
||||||
|
{
|
||||||
|
des3_context des3_ctx;
|
||||||
|
unsigned char des3_key[24];
|
||||||
|
|
||||||
|
pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
|
||||||
|
|
||||||
|
des3_set3key_dec( &des3_ctx, des3_key );
|
||||||
|
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
|
||||||
|
des3_iv, buf, buf );
|
||||||
|
|
||||||
|
memset( &des3_ctx, 0, sizeof( des3_ctx ) );
|
||||||
|
memset( des3_key, 0, 24 );
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_AES_C)
|
||||||
|
/*
|
||||||
|
* Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
|
||||||
|
*/
|
||||||
|
static void pem_aes_decrypt( unsigned char aes_iv[16], int keylen,
|
||||||
|
unsigned char *buf, int buflen,
|
||||||
|
const unsigned char *pwd, int pwdlen )
|
||||||
|
{
|
||||||
|
aes_context aes_ctx;
|
||||||
|
unsigned char aes_key[32];
|
||||||
|
|
||||||
|
pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
|
||||||
|
|
||||||
|
aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
|
||||||
|
aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
|
||||||
|
aes_iv, buf, buf );
|
||||||
|
|
||||||
|
memset( &aes_ctx, 0, sizeof( aes_ctx ) );
|
||||||
|
memset( aes_key, 0, keylen );
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
|
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
|
||||||
|
|
||||||
|
int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigned char *data, const unsigned char *pwd, int pwdlen, int *use_len )
|
||||||
|
{
|
||||||
|
int ret, len, enc;
|
||||||
|
unsigned char *buf;
|
||||||
|
unsigned char *s1, *s2;
|
||||||
|
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
|
||||||
|
unsigned char pem_iv[16];
|
||||||
|
cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
|
||||||
|
#else
|
||||||
|
((void) pwd);
|
||||||
|
((void) pwdlen);
|
||||||
|
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
|
||||||
|
|
||||||
|
if( ctx == NULL )
|
||||||
|
return( POLARSSL_ERR_PEM_INVALID_DATA );
|
||||||
|
|
||||||
|
s1 = (unsigned char *) strstr( (char *) data, header );
|
||||||
|
|
||||||
|
if( s1 == NULL )
|
||||||
|
return( POLARSSL_ERR_PEM_NO_HEADER_PRESENT );
|
||||||
|
|
||||||
|
s2 = (unsigned char *) strstr( (char *) data, footer );
|
||||||
|
|
||||||
|
if( s2 == NULL || s2 <= s1 )
|
||||||
|
return( POLARSSL_ERR_PEM_INVALID_DATA );
|
||||||
|
|
||||||
|
s1 += strlen( header );
|
||||||
|
if( *s1 == '\r' ) s1++;
|
||||||
|
if( *s1 == '\n' ) s1++;
|
||||||
|
else return( POLARSSL_ERR_PEM_INVALID_DATA );
|
||||||
|
|
||||||
|
enc = 0;
|
||||||
|
|
||||||
|
if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
|
||||||
|
{
|
||||||
|
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
|
||||||
|
enc++;
|
||||||
|
|
||||||
|
s1 += 22;
|
||||||
|
if( *s1 == '\r' ) s1++;
|
||||||
|
if( *s1 == '\n' ) s1++;
|
||||||
|
else return( POLARSSL_ERR_PEM_INVALID_DATA );
|
||||||
|
|
||||||
|
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
|
||||||
|
{
|
||||||
|
enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC;
|
||||||
|
|
||||||
|
s1 += 23;
|
||||||
|
if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
|
||||||
|
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
|
||||||
|
|
||||||
|
s1 += 16;
|
||||||
|
}
|
||||||
|
else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
|
||||||
|
{
|
||||||
|
enc_alg = POLARSSL_CIPHER_DES_CBC;
|
||||||
|
|
||||||
|
s1 += 18;
|
||||||
|
if( pem_get_iv( s1, pem_iv, 8) != 0 )
|
||||||
|
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
|
||||||
|
|
||||||
|
s1 += 16;
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_AES_C)
|
||||||
|
if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
|
||||||
|
{
|
||||||
|
if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
|
||||||
|
enc_alg = POLARSSL_CIPHER_AES_128_CBC;
|
||||||
|
else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
|
||||||
|
enc_alg = POLARSSL_CIPHER_AES_192_CBC;
|
||||||
|
else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
|
||||||
|
enc_alg = POLARSSL_CIPHER_AES_256_CBC;
|
||||||
|
else
|
||||||
|
return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
|
||||||
|
|
||||||
|
s1 += 22;
|
||||||
|
if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
|
||||||
|
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
|
||||||
|
|
||||||
|
s1 += 32;
|
||||||
|
}
|
||||||
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
|
if( enc_alg == POLARSSL_CIPHER_NONE )
|
||||||
|
return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
|
||||||
|
|
||||||
|
if( *s1 == '\r' ) s1++;
|
||||||
|
if( *s1 == '\n' ) s1++;
|
||||||
|
else return( POLARSSL_ERR_PEM_INVALID_DATA );
|
||||||
|
#else
|
||||||
|
return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
|
||||||
|
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
|
||||||
|
}
|
||||||
|
|
||||||
|
len = 0;
|
||||||
|
ret = base64_decode( NULL, &len, s1, s2 - s1 );
|
||||||
|
|
||||||
|
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
|
||||||
|
return( ret | POLARSSL_ERR_PEM_INVALID_DATA );
|
||||||
|
|
||||||
|
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
|
||||||
|
return( POLARSSL_ERR_PEM_MALLOC_FAILED );
|
||||||
|
|
||||||
|
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
|
||||||
|
{
|
||||||
|
free( buf );
|
||||||
|
return( ret | POLARSSL_ERR_PEM_INVALID_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( enc != 0 )
|
||||||
|
{
|
||||||
|
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
|
||||||
|
if( pwd == NULL )
|
||||||
|
{
|
||||||
|
free( buf );
|
||||||
|
return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(POLARSSL_DES_C)
|
||||||
|
if( enc_alg == POLARSSL_CIPHER_DES_EDE3_CBC )
|
||||||
|
pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||||
|
else if( enc_alg == POLARSSL_CIPHER_DES_CBC )
|
||||||
|
pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||||
|
#endif /* POLARSSL_DES_C */
|
||||||
|
|
||||||
|
#if defined(POLARSSL_AES_C)
|
||||||
|
if( enc_alg == POLARSSL_CIPHER_AES_128_CBC )
|
||||||
|
pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
|
||||||
|
else if( enc_alg == POLARSSL_CIPHER_AES_192_CBC )
|
||||||
|
pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
|
||||||
|
else if( enc_alg == POLARSSL_CIPHER_AES_256_CBC )
|
||||||
|
pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
|
||||||
|
#endif /* POLARSSL_AES_C */
|
||||||
|
|
||||||
|
if( buf[0] != 0x30 || buf[1] != 0x82 ||
|
||||||
|
buf[4] != 0x02 || buf[5] != 0x01 )
|
||||||
|
{
|
||||||
|
free( buf );
|
||||||
|
return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH );
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
ctx->buf = buf;
|
||||||
|
ctx->buflen = len;
|
||||||
|
s2 += strlen( footer );
|
||||||
|
if( *s2 == '\r' ) s2++;
|
||||||
|
if( *s2 == '\n' ) s2++;
|
||||||
|
*use_len = s2 - data;
|
||||||
|
|
||||||
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
void pem_free( pem_context *ctx )
|
||||||
|
{
|
||||||
|
if( ctx->buf )
|
||||||
|
free( ctx->buf );
|
||||||
|
|
||||||
|
if( ctx->info )
|
||||||
|
free( ctx->info );
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
@ -39,7 +39,7 @@
|
|||||||
#if defined(POLARSSL_X509_PARSE_C)
|
#if defined(POLARSSL_X509_PARSE_C)
|
||||||
|
|
||||||
#include "polarssl/x509.h"
|
#include "polarssl/x509.h"
|
||||||
#include "polarssl/base64.h"
|
#include "polarssl/pem.h"
|
||||||
#include "polarssl/des.h"
|
#include "polarssl/des.h"
|
||||||
#include "polarssl/md2.h"
|
#include "polarssl/md2.h"
|
||||||
#include "polarssl/md4.h"
|
#include "polarssl/md4.h"
|
||||||
@ -1045,10 +1045,12 @@ static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
|
|||||||
*/
|
*/
|
||||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
|
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
|
||||||
{
|
{
|
||||||
int ret, len;
|
int ret, len, use_len;
|
||||||
const unsigned char *s1, *s2;
|
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end;
|
||||||
x509_cert *crt;
|
x509_cert *crt;
|
||||||
|
#if defined(POLARSSL_PEM_C)
|
||||||
|
pem_context pem;
|
||||||
|
#endif
|
||||||
|
|
||||||
crt = chain;
|
crt = chain;
|
||||||
|
|
||||||
@ -1078,57 +1080,33 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
|
|||||||
memset( crt, 0, sizeof( x509_cert ) );
|
memset( crt, 0, sizeof( x509_cert ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
#if defined(POLARSSL_PEM_C)
|
||||||
* check if the certificate is encoded in base64
|
pem_init( &pem );
|
||||||
*/
|
ret = pem_read_buffer( &pem,
|
||||||
s1 = (unsigned char *) strstr( (char *) buf,
|
"-----BEGIN CERTIFICATE-----",
|
||||||
"-----BEGIN CERTIFICATE-----" );
|
"-----END CERTIFICATE-----",
|
||||||
|
buf, NULL, 0, &use_len );
|
||||||
|
|
||||||
if( s1 != NULL )
|
if( ret == 0 )
|
||||||
{
|
{
|
||||||
s2 = (unsigned char *) strstr( (char *) buf,
|
/*
|
||||||
"-----END CERTIFICATE-----" );
|
* Was PEM encoded
|
||||||
|
*/
|
||||||
if( s2 == NULL || s2 <= s1 )
|
buflen -= use_len;
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
buf += use_len;
|
||||||
|
|
||||||
s1 += 27;
|
|
||||||
if( *s1 == '\r' ) s1++;
|
|
||||||
if( *s1 == '\n' ) s1++;
|
|
||||||
else return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* get the DER data length and decode the buffer
|
* Steal PEM buffer
|
||||||
*/
|
*/
|
||||||
len = 0;
|
p = pem.buf;
|
||||||
ret = base64_decode( NULL, &len, s1, s2 - s1 );
|
pem.buf = NULL;
|
||||||
|
len = pem.buflen;
|
||||||
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
|
pem_free( &pem );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
|
}
|
||||||
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
||||||
if( ( p = (unsigned char *) malloc( len ) ) == NULL )
|
{
|
||||||
return( 1 );
|
pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 )
|
|
||||||
{
|
|
||||||
free( p );
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* update the buffer size and offset
|
|
||||||
*/
|
|
||||||
s2 += 25;
|
|
||||||
if( *s2 == '\r' ) s2++;
|
|
||||||
if( *s2 == '\n' ) s2++;
|
|
||||||
else
|
|
||||||
{
|
|
||||||
free( p );
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
|
||||||
}
|
|
||||||
|
|
||||||
buflen -= s2 - buf;
|
|
||||||
buf = s2;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -1144,6 +1122,16 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
|
|||||||
|
|
||||||
buflen = 0;
|
buflen = 0;
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
p = (unsigned char *) malloc( len = buflen );
|
||||||
|
|
||||||
|
if( p == NULL )
|
||||||
|
return( 1 );
|
||||||
|
|
||||||
|
memcpy( p, buf, buflen );
|
||||||
|
|
||||||
|
buflen = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
crt->raw.p = p;
|
crt->raw.p = p;
|
||||||
crt->raw.len = len;
|
crt->raw.len = len;
|
||||||
@ -1393,10 +1381,12 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
|
|||||||
*/
|
*/
|
||||||
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
|
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
|
||||||
{
|
{
|
||||||
int ret, len;
|
int ret, len, use_len;
|
||||||
unsigned char *s1, *s2;
|
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end;
|
||||||
x509_crl *crl;
|
x509_crl *crl;
|
||||||
|
#if defined(POLARSSL_PEM_C)
|
||||||
|
pem_context pem;
|
||||||
|
#endif
|
||||||
|
|
||||||
crl = chain;
|
crl = chain;
|
||||||
|
|
||||||
@ -1426,57 +1416,33 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
|
|||||||
memset( crl, 0, sizeof( x509_crl ) );
|
memset( crl, 0, sizeof( x509_crl ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
#if defined(POLARSSL_PEM_C)
|
||||||
* check if the CRL is encoded in base64
|
pem_init( &pem );
|
||||||
*/
|
ret = pem_read_buffer( &pem,
|
||||||
s1 = (unsigned char *) strstr( (char *) buf,
|
"-----BEGIN X509 CRL-----",
|
||||||
"-----BEGIN X509 CRL-----" );
|
"-----END X509 CRL-----",
|
||||||
|
buf, NULL, 0, &use_len );
|
||||||
|
|
||||||
if( s1 != NULL )
|
if( ret == 0 )
|
||||||
{
|
{
|
||||||
s2 = (unsigned char *) strstr( (char *) buf,
|
/*
|
||||||
"-----END X509 CRL-----" );
|
* Was PEM encoded
|
||||||
|
*/
|
||||||
if( s2 == NULL || s2 <= s1 )
|
buflen -= use_len;
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
buf += use_len;
|
||||||
|
|
||||||
s1 += 24;
|
|
||||||
if( *s1 == '\r' ) s1++;
|
|
||||||
if( *s1 == '\n' ) s1++;
|
|
||||||
else return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* get the DER data length and decode the buffer
|
* Steal PEM buffer
|
||||||
*/
|
*/
|
||||||
len = 0;
|
p = pem.buf;
|
||||||
ret = base64_decode( NULL, &len, s1, s2 - s1 );
|
pem.buf = NULL;
|
||||||
|
len = pem.buflen;
|
||||||
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
|
pem_free( &pem );
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
|
}
|
||||||
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
||||||
if( ( p = (unsigned char *) malloc( len ) ) == NULL )
|
{
|
||||||
return( 1 );
|
pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 )
|
|
||||||
{
|
|
||||||
free( p );
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* update the buffer size and offset
|
|
||||||
*/
|
|
||||||
s2 += 22;
|
|
||||||
if( *s2 == '\r' ) s2++;
|
|
||||||
if( *s2 == '\n' ) s2++;
|
|
||||||
else
|
|
||||||
{
|
|
||||||
free( p );
|
|
||||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
|
||||||
}
|
|
||||||
|
|
||||||
buflen -= s2 - buf;
|
|
||||||
buf = s2;
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -1492,6 +1458,16 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
|
|||||||
|
|
||||||
buflen = 0;
|
buflen = 0;
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
p = (unsigned char *) malloc( len = buflen );
|
||||||
|
|
||||||
|
if( p == NULL )
|
||||||
|
return( 1 );
|
||||||
|
|
||||||
|
memcpy( p, buf, buflen );
|
||||||
|
|
||||||
|
buflen = 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
crl->raw.p = p;
|
crl->raw.p = p;
|
||||||
crl->raw.len = len;
|
crl->raw.len = len;
|
||||||
@ -1758,180 +1734,44 @@ int x509parse_crlfile( x509_crl *chain, const char *path )
|
|||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
|
|
||||||
/*
|
|
||||||
* Read a 16-byte hex string and convert it to binary
|
|
||||||
*/
|
|
||||||
static int x509_get_iv( const unsigned char *s, unsigned char iv[8] )
|
|
||||||
{
|
|
||||||
int i, j, k;
|
|
||||||
|
|
||||||
memset( iv, 0, 8 );
|
|
||||||
|
|
||||||
for( i = 0; i < 16; i++, s++ )
|
|
||||||
{
|
|
||||||
if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
|
|
||||||
if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
|
|
||||||
if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_ENC_IV );
|
|
||||||
|
|
||||||
k = ( ( i & 1 ) != 0 ) ? j : j << 4;
|
|
||||||
|
|
||||||
iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
|
|
||||||
}
|
|
||||||
|
|
||||||
return( 0 );
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
|
|
||||||
*/
|
|
||||||
static void x509_des3_decrypt( unsigned char des3_iv[8],
|
|
||||||
unsigned char *buf, int buflen,
|
|
||||||
const unsigned char *pwd, int pwdlen )
|
|
||||||
{
|
|
||||||
md5_context md5_ctx;
|
|
||||||
des3_context des3_ctx;
|
|
||||||
unsigned char md5sum[16];
|
|
||||||
unsigned char des3_key[24];
|
|
||||||
|
|
||||||
/*
|
|
||||||
* 3DES key[ 0..15] = MD5(pwd || IV)
|
|
||||||
* key[16..23] = MD5(pwd || IV || 3DES key[ 0..15])
|
|
||||||
*/
|
|
||||||
md5_starts( &md5_ctx );
|
|
||||||
md5_update( &md5_ctx, pwd, pwdlen );
|
|
||||||
md5_update( &md5_ctx, des3_iv, 8 );
|
|
||||||
md5_finish( &md5_ctx, md5sum );
|
|
||||||
memcpy( des3_key, md5sum, 16 );
|
|
||||||
|
|
||||||
md5_starts( &md5_ctx );
|
|
||||||
md5_update( &md5_ctx, md5sum, 16 );
|
|
||||||
md5_update( &md5_ctx, pwd, pwdlen );
|
|
||||||
md5_update( &md5_ctx, des3_iv, 8 );
|
|
||||||
md5_finish( &md5_ctx, md5sum );
|
|
||||||
memcpy( des3_key + 16, md5sum, 8 );
|
|
||||||
|
|
||||||
des3_set3key_dec( &des3_ctx, des3_key );
|
|
||||||
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
|
|
||||||
des3_iv, buf, buf );
|
|
||||||
|
|
||||||
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
|
|
||||||
memset( &des3_ctx, 0, sizeof( des3_ctx ) );
|
|
||||||
memset( md5sum, 0, 16 );
|
|
||||||
memset( des3_key, 0, 24 );
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parse a private RSA key
|
* Parse a private RSA key
|
||||||
*/
|
*/
|
||||||
int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
||||||
const unsigned char *pwd, int pwdlen )
|
const unsigned char *pwd, int pwdlen )
|
||||||
{
|
{
|
||||||
int ret, len, enc;
|
int ret, len;
|
||||||
unsigned char *buf, *s1, *s2;
|
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end;
|
||||||
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
|
#if defined(POLARSSL_PEM_C)
|
||||||
unsigned char des3_iv[8];
|
pem_context pem;
|
||||||
#else
|
|
||||||
((void) pwd);
|
|
||||||
((void) pwdlen);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
s1 = (unsigned char *) strstr( (char *) key,
|
pem_init( &pem );
|
||||||
"-----BEGIN RSA PRIVATE KEY-----" );
|
ret = pem_read_buffer( &pem,
|
||||||
|
"-----BEGIN RSA PRIVATE KEY-----",
|
||||||
|
"-----END RSA PRIVATE KEY-----",
|
||||||
|
key, pwd, pwdlen, &len );
|
||||||
|
|
||||||
if( s1 != NULL )
|
if( ret == 0 )
|
||||||
{
|
{
|
||||||
s2 = (unsigned char *) strstr( (char *) key,
|
/*
|
||||||
"-----END RSA PRIVATE KEY-----" );
|
* Was PEM encoded
|
||||||
|
*/
|
||||||
if( s2 == NULL || s2 <= s1 )
|
keylen = pem.buflen;
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
|
||||||
|
|
||||||
s1 += 31;
|
|
||||||
if( *s1 == '\r' ) s1++;
|
|
||||||
if( *s1 == '\n' ) s1++;
|
|
||||||
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
|
||||||
|
|
||||||
enc = 0;
|
|
||||||
|
|
||||||
if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
|
|
||||||
enc++;
|
|
||||||
|
|
||||||
s1 += 22;
|
|
||||||
if( *s1 == '\r' ) s1++;
|
|
||||||
if( *s1 == '\n' ) s1++;
|
|
||||||
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
|
||||||
|
|
||||||
if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) != 0 )
|
|
||||||
return( POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG );
|
|
||||||
|
|
||||||
s1 += 23;
|
|
||||||
if( x509_get_iv( s1, des3_iv ) != 0 )
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_ENC_IV );
|
|
||||||
|
|
||||||
s1 += 16;
|
|
||||||
if( *s1 == '\r' ) s1++;
|
|
||||||
if( *s1 == '\n' ) s1++;
|
|
||||||
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
|
||||||
#else
|
|
||||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
len = 0;
|
|
||||||
ret = base64_decode( NULL, &len, s1, s2 - s1 );
|
|
||||||
|
|
||||||
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
|
|
||||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
|
||||||
|
|
||||||
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
|
|
||||||
return( 1 );
|
|
||||||
|
|
||||||
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
|
|
||||||
{
|
|
||||||
free( buf );
|
|
||||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
|
||||||
}
|
|
||||||
|
|
||||||
keylen = len;
|
|
||||||
|
|
||||||
if( enc != 0 )
|
|
||||||
{
|
|
||||||
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
|
|
||||||
if( pwd == NULL )
|
|
||||||
{
|
|
||||||
free( buf );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED );
|
|
||||||
}
|
|
||||||
|
|
||||||
x509_des3_decrypt( des3_iv, buf, keylen, pwd, pwdlen );
|
|
||||||
|
|
||||||
if( buf[0] != 0x30 || buf[1] != 0x82 ||
|
|
||||||
buf[4] != 0x02 || buf[5] != 0x01 )
|
|
||||||
{
|
|
||||||
free( buf );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH );
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
else
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
||||||
{
|
{
|
||||||
buf = NULL;
|
pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
|
||||||
|
#else
|
||||||
|
p = (unsigned char *) key;
|
||||||
|
#endif
|
||||||
|
end = p + keylen;
|
||||||
|
|
||||||
memset( rsa, 0, sizeof( rsa_context ) );
|
memset( rsa, 0, sizeof( rsa_context ) );
|
||||||
|
|
||||||
p = ( s1 != NULL ) ? buf : (unsigned char *) key;
|
|
||||||
end = p + keylen;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* RSAPrivateKey ::= SEQUENCE {
|
* RSAPrivateKey ::= SEQUENCE {
|
||||||
* version Version,
|
* version Version,
|
||||||
@ -1949,9 +1789,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
|||||||
if( ( ret = asn1_get_tag( &p, end, &len,
|
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
if( s1 != NULL )
|
#if defined(POLARSSL_PEM_C)
|
||||||
free( buf );
|
pem_free( &pem );
|
||||||
|
#endif
|
||||||
rsa_free( rsa );
|
rsa_free( rsa );
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
|
||||||
}
|
}
|
||||||
@ -1960,18 +1800,18 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
|||||||
|
|
||||||
if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
|
if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
|
||||||
{
|
{
|
||||||
if( s1 != NULL )
|
#if defined(POLARSSL_PEM_C)
|
||||||
free( buf );
|
pem_free( &pem );
|
||||||
|
#endif
|
||||||
rsa_free( rsa );
|
rsa_free( rsa );
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( rsa->ver != 0 )
|
if( rsa->ver != 0 )
|
||||||
{
|
{
|
||||||
if( s1 != NULL )
|
#if defined(POLARSSL_PEM_C)
|
||||||
free( buf );
|
pem_free( &pem );
|
||||||
|
#endif
|
||||||
rsa_free( rsa );
|
rsa_free( rsa );
|
||||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_VERSION );
|
return( ret | POLARSSL_ERR_X509_KEY_INVALID_VERSION );
|
||||||
}
|
}
|
||||||
@ -1985,9 +1825,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
|||||||
( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
|
( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
|
||||||
( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
|
( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
|
||||||
{
|
{
|
||||||
if( s1 != NULL )
|
#if defined(POLARSSL_PEM_C)
|
||||||
free( buf );
|
pem_free( &pem );
|
||||||
|
#endif
|
||||||
rsa_free( rsa );
|
rsa_free( rsa );
|
||||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
|
return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
|
||||||
}
|
}
|
||||||
@ -1996,9 +1836,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
|||||||
|
|
||||||
if( p != end )
|
if( p != end )
|
||||||
{
|
{
|
||||||
if( s1 != NULL )
|
#if defined(POLARSSL_PEM_C)
|
||||||
free( buf );
|
pem_free( &pem );
|
||||||
|
#endif
|
||||||
rsa_free( rsa );
|
rsa_free( rsa );
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
@ -2006,15 +1846,16 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
|||||||
|
|
||||||
if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
|
if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
|
||||||
{
|
{
|
||||||
if( s1 != NULL )
|
#if defined(POLARSSL_PEM_C)
|
||||||
free( buf );
|
pem_free( &pem );
|
||||||
|
#endif
|
||||||
rsa_free( rsa );
|
rsa_free( rsa );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( s1 != NULL )
|
#if defined(POLARSSL_PEM_C)
|
||||||
free( buf );
|
pem_free( &pem );
|
||||||
|
#endif
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -2049,52 +1890,38 @@ int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
|
|||||||
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
|
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
|
||||||
{
|
{
|
||||||
int ret, len;
|
int ret, len;
|
||||||
unsigned char *buf, *s1, *s2;
|
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end;
|
||||||
|
#if defined(POLARSSL_PEM_C)
|
||||||
|
pem_context pem;
|
||||||
|
|
||||||
s1 = (unsigned char *) strstr( (char *) dhmin,
|
pem_init( &pem );
|
||||||
"-----BEGIN DH PARAMETERS-----" );
|
|
||||||
|
|
||||||
if( s1 != NULL )
|
ret = pem_read_buffer( &pem,
|
||||||
|
"-----BEGIN DH PARAMETERS-----",
|
||||||
|
"-----END DH PARAMETERS-----",
|
||||||
|
dhmin, NULL, 0, &dhminlen );
|
||||||
|
|
||||||
|
if( ret == 0 )
|
||||||
{
|
{
|
||||||
s2 = (unsigned char *) strstr( (char *) dhmin,
|
/*
|
||||||
"-----END DH PARAMETERS-----" );
|
* Was PEM encoded
|
||||||
|
*/
|
||||||
if( s2 == NULL || s2 <= s1 )
|
dhminlen = pem.buflen;
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
|
||||||
|
|
||||||
s1 += 29;
|
|
||||||
if( *s1 == '\r' ) s1++;
|
|
||||||
if( *s1 == '\n' ) s1++;
|
|
||||||
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
|
||||||
|
|
||||||
len = 0;
|
|
||||||
ret = base64_decode( NULL, &len, s1, s2 - s1 );
|
|
||||||
|
|
||||||
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
|
|
||||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
|
||||||
|
|
||||||
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
|
|
||||||
return( 1 );
|
|
||||||
|
|
||||||
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
|
|
||||||
{
|
|
||||||
free( buf );
|
|
||||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
|
||||||
}
|
|
||||||
|
|
||||||
dhminlen = len;
|
|
||||||
}
|
}
|
||||||
else
|
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
||||||
{
|
{
|
||||||
buf = NULL;
|
pem_free( &pem );
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
|
||||||
|
#else
|
||||||
|
p = (unsigned char *) dhmin;
|
||||||
|
#endif
|
||||||
|
end = p + dhminlen;
|
||||||
|
|
||||||
memset( dhm, 0, sizeof( dhm_context ) );
|
memset( dhm, 0, sizeof( dhm_context ) );
|
||||||
|
|
||||||
p = ( s1 != NULL ) ? buf : (unsigned char *) dhmin;
|
|
||||||
end = p + dhminlen;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* DHParams ::= SEQUENCE {
|
* DHParams ::= SEQUENCE {
|
||||||
* prime INTEGER, -- P
|
* prime INTEGER, -- P
|
||||||
@ -2104,10 +1931,9 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
|
|||||||
if( ( ret = asn1_get_tag( &p, end, &len,
|
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||||
{
|
{
|
||||||
if( s1 != NULL )
|
#if defined(POLARSSL_PEM_C)
|
||||||
free( buf );
|
pem_free( &pem );
|
||||||
|
#endif
|
||||||
dhm_free( dhm );
|
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2116,25 +1942,26 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
|
|||||||
if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
|
if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
|
||||||
( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
|
( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
|
||||||
{
|
{
|
||||||
if( s1 != NULL )
|
#if defined(POLARSSL_PEM_C)
|
||||||
free( buf );
|
pem_free( &pem );
|
||||||
|
#endif
|
||||||
dhm_free( dhm );
|
dhm_free( dhm );
|
||||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
|
return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( p != end )
|
if( p != end )
|
||||||
{
|
{
|
||||||
if( s1 != NULL )
|
#if defined(POLARSSL_PEM_C)
|
||||||
free( buf );
|
pem_free( &pem );
|
||||||
|
#endif
|
||||||
dhm_free( dhm );
|
dhm_free( dhm );
|
||||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
|
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
|
||||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( s1 != NULL )
|
#if defined(POLARSSL_PEM_C)
|
||||||
free( buf );
|
pem_free( &pem );
|
||||||
|
#endif
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
15
tests/data_files/keyfile
Normal file
15
tests/data_files/keyfile
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICXgIBAAKBgQDMYfnvWtC8Id5bPKae5yXSxQTt+Zpul6AnnZWfI2TtIarvjHBF
|
||||||
|
UtXRo96y7hoL4VWOPKGCsRqMFDkrbeUjRrx8iL914/srnyf6sh9c8Zk04xEOpK1y
|
||||||
|
pvBz+Ks4uZObtjnnitf0NBGdjMKxveTq+VE7BWUIyQjtQ8mbDOsiLLvh7wIDAQAB
|
||||||
|
AoGAefPIT8MPpAJNjIE/JrfkAMTgsSLrvCurO5gzDBbxhPE+7tsMrsDDpuix3HBo
|
||||||
|
iEg3ZbzV3obQwV7b0gcr34W4t0CMuJf5b5irHRG8JcZuncmofDy6z7S5Vs75O85z
|
||||||
|
fVzTIuVUyuHy1rM6rSBYKfsMLVyImUb4wtIXEMHPzdCL9LECQQD3ZfgGqudMWq8v
|
||||||
|
3BlKhsQ4fsR0vxzNlMZfoRrZzcvBT339Bp1UQ8aUo8xBtHiRwuW1NaPNgYKX6XQ6
|
||||||
|
ppuWuTiJAkEA030i493KnFPLRwWypqF/s6ZNlVye+euFN5NF/IeJcvb/GUDRYv9O
|
||||||
|
pRozRS1jNx4ZB1K2xT7N9MwsPHD6j6K4twJBALdfHTfT9RzjGnae7SAQQ+CcFYFz
|
||||||
|
JiY6386B2yUVJLFj+j5RaMvMcKQ7xGnvGm7vxtNJrt/j3qg6oavXUfulzgECQQDP
|
||||||
|
CEVLhCd/+ZeZoz5MWPTGTRrOCKmoRqNW0FlG6PfpD1qSwh04KG44uflO0yu5HUGr
|
||||||
|
JZG+bcj4x5bWZFMkoUrpAkEAyEgQzesKFqcbt1cqv3pLXJYQBBw6leFXgHk11a7k
|
||||||
|
+AkexhrPYyq/4tXFO2TLk2hs7tpYgNDOqZCvEu7jtN3RuA==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
18
tests/data_files/keyfile.3des
Normal file
18
tests/data_files/keyfile.3des
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: DES-EDE3-CBC,BE8274D6692AF2A7
|
||||||
|
|
||||||
|
9ZXjoF55A9XgJpdaWmF/ZL1sJfbnE1M42N7HHRDwpq1/K+afC9poM0/AdCUbRL7w
|
||||||
|
uvQERievbAYpNeLdah1EftM6033e1oTxUMivdL4orDKcbb3qDpSQ0o0UbjavbT+d
|
||||||
|
aruilW8zVP4dz3mYMvGbkgoujgzdT+4wM0T1mTTuYcRKQsHlg7QDy2QrBILNuXA4
|
||||||
|
Hmye4GlSXVUSON8vPXT12V4oeubEIZVlnkLTRFGRVA4qz5tby9GBymkeNCBu+LCw
|
||||||
|
JwJLTbQwMFqozHvioq/2YBaHDcySpTD4X5AwrCjifUNO9BnLWLAmt8dOWr0z+48E
|
||||||
|
P/yWr5xZl3DrKh9r9EGb9xbTxhum3yHV7bvXLoUH+t9gowmd4Lq3Qjjf8jQXle0P
|
||||||
|
zoCOVxwN1E1IMhleEUPV7L8mbt26b0JyvrSS5ByrXahGu9vGQyy7qqx9ZANkzgXF
|
||||||
|
3hPMDuzQXMJiUeG92VsMEdGdA1/8V5ro+ceB5c7Zca5MjMzvx2tihda7BUjj6dSE
|
||||||
|
cA8Vvksy/NX/nqHSt0aSgphvBmZP8dN6GMcZ+hT7p0fhCq4mSFEykQqueKXiFUfz
|
||||||
|
0xCUVZC6WzOoEkc8k7xiLWQDlsZZ13Z4yxU1IxJp7llZXpZ8GkwS+678/Nx8h54A
|
||||||
|
mv5ZlSFWWQrvN5JPQJka7aU2ITu1LUK6mXBu+DoSDOfQuqR4vQytkjOqHK185iHs
|
||||||
|
JQtBGkFFdElkWgubPX/S8/xxoT8MoQY/c+dr6iwcswyUnSJXh32KLPGNBoqWCCbY
|
||||||
|
jp/VYmeb117gNpEJKJhcNbrP7DoQrC3/D7JFXnOvTA/z6FOtUmz0rQ==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
18
tests/data_files/keyfile.aes128
Normal file
18
tests/data_files/keyfile.aes128
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: AES-128-CBC,B5FA3F70C2AF79EB9D3DD2C40E7AE61A
|
||||||
|
|
||||||
|
iyfOvvyTPPR7on4XPFxu6CoCgTqh88ROlslM+RLJhwM/qGexbgDOzeI2CPf4XfzI
|
||||||
|
tyevKD/pqCaCMesYJh/HDQCILdW2tGbwzPajg72xkfCD6+1NHOGoDbdQN8ahGVmg
|
||||||
|
flAYU0iXDMvqs/jnucM7nlTGp8Istn7+zd9ARyrkQy+I8nvMh3chGKWzx/XtJR+z
|
||||||
|
Iv8p+n/o+fCHzGvtj+LWYeUc4d0OTIjnF6QPTtPOexX28z0gXRODT/indgifNXv3
|
||||||
|
j45KO2NYOaVTaCuiWIHj7wWBokoL4bCMFcFTJbdJx5BgfLmDkTEmB/6DEXu6UOsQ
|
||||||
|
3lPzyJhIRxn7hNq2I47TzSAFvmcXwm84txpxtSwHTcl9LgsyIiEMmHv3lPPE1G94
|
||||||
|
F5VrCzzFHyU7nFRdUC0mqLrCHcjDn5O4SQWfH7J/7G4OArU6lA4Z2NC03IPxEmsQ
|
||||||
|
66Fu8GdMbmtFORdlZQtOjLi3zZwN9+NwhiUrNNdVvGNJIjIcZ4FZRZysbt7++hfQ
|
||||||
|
/JOAKhVNC8dNROJUleEYIiqx23e5lze6wqcIosziq3tb6/SQ6fH533D8+PpcZKsC
|
||||||
|
IlWKAQzsNV+nJvt7CI1ppWc6CtV7TKn0scZm2oOC4339gdR5xzxXe9EJDsMBpcg9
|
||||||
|
drIdBr+3UxeC6Lc/rWM7IjSQ2YULBra3toEF6UYevngXdUD2YafrpoY5rK9IH90G
|
||||||
|
Hjbf65IaHLTS0jA7lAvJsQEBuULQQoWENOjhp8v+UfkNM2ccyOuUk3xZJNeX19YP
|
||||||
|
1Z09UMEKbf6ucoRCc01SBl206OAsq1NZEaodszT+mDg990I/9ACVi3LEU6XB5ZVs
|
||||||
|
-----END RSA PRIVATE KEY-----
|
18
tests/data_files/keyfile.aes192
Normal file
18
tests/data_files/keyfile.aes192
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: AES-192-CBC,72F869F41B989D71730B2983448251B8
|
||||||
|
|
||||||
|
R6ST6H9oUyFWBavUO++azbn9ga87lgeuqNMVVScOcXjguqQZdnuZq9AzwQQETEv+
|
||||||
|
ZbVPL9w2isuXKoavaPxYyCXbZ+l6JRfWiXi6CmnfNhx4MgYpbH9BEqGbIVxA3fvu
|
||||||
|
zFutqi+Ru6QeERshDNke6HfFjJ91WkBjNjrXcfDmt0uRGqFSWd5DSEniyaPmxCYs
|
||||||
|
mpRwr9XESFiBkCHL+/iSkW0EZBjwHW0//RNsZKtuqVJGW/dZhDxerOGRl0a1oWkb
|
||||||
|
IvfED7afrXMlpHokMwtUduk2TBE1AoczZ6Dv7RZGipaBR4yb9kYgIkiqFk53lg5h
|
||||||
|
7b3WQt6TYECI7X3Q2rDgPQtUChVud0uUQYmQ5328HRE8zhlWxHGmTQMWVBW6X+FM
|
||||||
|
ikFLRUeYBeq0UJu20DmvklZV6iDxsULLu+Rb0b8NkT+V2feSXbrP976oCSUznvT6
|
||||||
|
3e2EOH+KAqMy5JZhTsjM7HtkleMwYQ9v+Wnbnn1OsB9drYWUJuhQeXt6v8dkm/eD
|
||||||
|
9m6dZzivc/h1UThIuuZPo+6S7FoluIlt5uv2UcnYYdYOgKSd1Vm0wztGaJn3CSGw
|
||||||
|
JEbebucr+5ptOHxflV5Txgnfj63sJyVd/wy0T8sMRO2znk5uVLWxf855fNXev9M3
|
||||||
|
gA3+MXC2eGaR9DYOxfakFRwL+Z30RlIktaqDK76BZRD4sWB6dIVw5JdCXpNMCuDH
|
||||||
|
dxlTKcP59uPAEB2VyhDvm5CN3T+bM2K6WDZFO95hKKfEk5ea/UB7DA2ucfovdayE
|
||||||
|
Hd46EUKC4/cdUFiSycgD01ztdda7hU7hFvOkHTK7O3G1yvEwH0+jxKNsudNfbbxc
|
||||||
|
-----END RSA PRIVATE KEY-----
|
18
tests/data_files/keyfile.aes256
Normal file
18
tests/data_files/keyfile.aes256
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: AES-256-CBC,53572EEEE794948AC48CB0E077CE075A
|
||||||
|
|
||||||
|
p0YobpQmzHb3NgGlojpYoH+G5f1XX9snYv2GQe2tGTBQpoHh+ivHcOt85EZu9pC1
|
||||||
|
1KRdALEwp7Cb4RYeQncV9Bfp5rItupS1TwfgKAlp7Plmb4vDcDVw+KL3PaYn52Bd
|
||||||
|
qq5USLxCvKcl91hZXzitttH072lEj2MzW2QpX2/1hCRPgMDu9PJlBX2S+GOaYP+9
|
||||||
|
sTWTCc1yvHMW4XGEM4P4yfRg9EOTxU5gIYWUE2JqmEGd+9I0hK2YevAPLNKHxzpy
|
||||||
|
klCCBYqDplcVT5zEyCmdiBHIjzodlFuocZC8ncinVnsuJvpTeMQ+zOZ5rao8xm2j
|
||||||
|
uCnnVRh7yZktfsf5B/ZKBMGyPYRyKN4CCYhF0GzbehTvBirgDELq4LHyDdnnOTwU
|
||||||
|
YJiqo17x6S4FVNq6AubADVAbCOMFyfr+TFshI8spOwqfGFFDs8/WWL5OnBS85Pd1
|
||||||
|
dgoqwzJAt55GyDUbGnp6hUFl9g96nvV3sE6Xe4xVE2Cpf1BtUl9Dt3UrrDrbS0dk
|
||||||
|
pKxl2FA2H0BVKtfNBHXvWkORi+v+XZl34rZZ37B8snYIN2aOqLuvyM4fd1EabkyG
|
||||||
|
ymMEUHJcrc5zl/7IECaHrCahqZIsLpLhGTd0MMGrkGSvRLiY5nQ4MN5tKI0fUw0S
|
||||||
|
5KIjOA6ZX5nvh4rYgQcgN7K6dXNA2hOj5256Vv0HVwXsVhQFmCGnuo+h8XxudRVH
|
||||||
|
RuIUaTUtl29a/2nPTzXB6MNZe7Wol8EkzuYEgyaizKr7nO0J1umg+lj7ipX/80Ji
|
||||||
|
3ADi0yL4F831LsdAiTY60Lu2e3WABleZsvuLMWSodb9WzJXknsnFEDLGOM+HGj8Q
|
||||||
|
-----END RSA PRIVATE KEY-----
|
18
tests/data_files/keyfile.des
Normal file
18
tests/data_files/keyfile.des
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: DES-CBC,F87FE1C0FB9B3E77
|
||||||
|
|
||||||
|
1NbOyRx5kBWeXy93eCXyidDpR3pbfgGWIIgXVCVE4/ZXgEt14A23YndZeI5OSxvG
|
||||||
|
JWhqZ+VuiRsxeKAjo+xf4bnKLArvbshhzUKCEVsCP1d2d1xfgjsnyr8tqNiJE0F6
|
||||||
|
7Nimjcrpw/udCk2RBVyshN9kiPBbnA+XUdOHfEnbdkqDsS5DGjq7H1kBZuHhTQa8
|
||||||
|
Xv6ta3kbI1BGiqKDhH2H9iJlZMwpVQuJs+HqcqNEhsPm0V4kp0S3PZMbYVKpEtDO
|
||||||
|
vh9CHprQy/nlHfq7ZAs9/2HN4/OT/5kw4JM9qQy7eo/6FX2yh39Lyz8u7PXLaVgM
|
||||||
|
pwOiFb+zvegYts5aCXyM1nBUu9NFPDQNDytjXOhbWL0hEr1RzgK67f5QYIxWgGCK
|
||||||
|
St4moIn7J5BifViNdp7j/RXCoCmda3Zv5PiRw83yScSlzgDdTNpm/70jp8pGSxEn
|
||||||
|
Ib768zYEcYeeKyPar210Nh9abySPpkFFaujN4do5wujboC0VPz73M6eTeZ6iOUgR
|
||||||
|
cX9WwkfRj6G6VQfM6xAZdOkQ2cj6M4YRze1RKLhqo0+gre76FLn8Kzf/Hjrp/0iy
|
||||||
|
0flr/6BwLxGV49vMUCesJ9oqE/frru9Y89cOwbgcHxKJ24Oz+64OUPyeSxDMElZ8
|
||||||
|
lXiNk3aBEuLdBOKJ8B9kyKuxNqwDoqhCsrc77Gjio+q24w+G2+KAzBEup4S9cYgp
|
||||||
|
FiSvK8sizKINfE14f9HA60MJJzyEjTUuL7+ioL7xHGtIkdWbs/Qp7KxliH6qoIUv
|
||||||
|
VUsT6VS1nWLDyTyMbcjMx1odRsWrLwLqIsvNIcGGwe+P4sm4LivNnQ==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
@ -1,4 +1,4 @@
|
|||||||
Debug print certificate #1
|
Debug print certificate #1
|
||||||
depends_on:POLARSSL_DEBUG_C
|
depends_on:POLARSSL_DEBUG_C:POLARSSL_PEM_C
|
||||||
debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2009-02-09 21\:12\:35\nMyFile(0999)\: expires on \: 2011-02-09 21\:12\:35\nMyFile(0999)\: signed using \: RSA+SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: ae 92 63 59 74 68 a4 aa 89 50 42 f2 e7 27 09 2c\nMyFile(0999)\: a5 86 99 09 28 52 5d 6e 32 f5 93 18 35 0e 2b 28\nMyFile(0999)\: 6d 11 20 49 f2 21 0d d6 fc e6 dc de 40 93 7b 29\nMyFile(0999)\: ee 4b 4c 28 4f e4 8c 38 12 de 10 69 f7 ba 40 e8\nMyFile(0999)\: 74 80 a6 19 36 63 e0 37 93 39 f6 00 8e 3c 5a fd\nMyFile(0999)\: dc 8e 50 c1 41 7c bf ff c9 bb e2 ad 7c 8d b1 a4\nMyFile(0999)\: 1a 8b 3e 1f 1a 28 9b e6 93 4b 74 c3 e9 ab 2c c8\nMyFile(0999)\: 93 cf f6 02 a1 c9 4b 9e f9 f6 fa a6 95 98 6c 32\nMyFile(0999)\: 85 c0 f4 e7 b0 ec 50 af 17 52 49 21 80 9f 0d c8\nMyFile(0999)\: 37 73 74 42 3e 06 7f 29 29 1d 6a 9a 71 0f 70 ea\nMyFile(0999)\: c8 49 0d d7 3b 7e c2 ed 9b 33 dd 64 e9 8f df 85\nMyFile(0999)\: 81 c3 b1 c5 50 b6 55 2c c8 88 ed fd c4 cf 14 4f\nMyFile(0999)\: 49 d8 76 5c 1d 95 ef 34 e8 d7 74 aa 1e d2 ff 1d\nMyFile(0999)\: 19 27 19 de af b5 7a 71 c3 fb 38 11 ca da 78 2c\nMyFile(0999)\: 9b 32 3e 5f 31 eb c9 6e 43 eb 3d a5 c1 36 e2 86\nMyFile(0999)\: 49 1c 68 d7 5b f1 01 d0 29 16 d0 3a 44 36 5c 77\nMyFile(0999)\: value of 'crt->rsa.E' (32 bits) is\:\nMyFile(0999)\: 00 01 00 01\n"
|
debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2009-02-09 21\:12\:35\nMyFile(0999)\: expires on \: 2011-02-09 21\:12\:35\nMyFile(0999)\: signed using \: RSA+SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: ae 92 63 59 74 68 a4 aa 89 50 42 f2 e7 27 09 2c\nMyFile(0999)\: a5 86 99 09 28 52 5d 6e 32 f5 93 18 35 0e 2b 28\nMyFile(0999)\: 6d 11 20 49 f2 21 0d d6 fc e6 dc de 40 93 7b 29\nMyFile(0999)\: ee 4b 4c 28 4f e4 8c 38 12 de 10 69 f7 ba 40 e8\nMyFile(0999)\: 74 80 a6 19 36 63 e0 37 93 39 f6 00 8e 3c 5a fd\nMyFile(0999)\: dc 8e 50 c1 41 7c bf ff c9 bb e2 ad 7c 8d b1 a4\nMyFile(0999)\: 1a 8b 3e 1f 1a 28 9b e6 93 4b 74 c3 e9 ab 2c c8\nMyFile(0999)\: 93 cf f6 02 a1 c9 4b 9e f9 f6 fa a6 95 98 6c 32\nMyFile(0999)\: 85 c0 f4 e7 b0 ec 50 af 17 52 49 21 80 9f 0d c8\nMyFile(0999)\: 37 73 74 42 3e 06 7f 29 29 1d 6a 9a 71 0f 70 ea\nMyFile(0999)\: c8 49 0d d7 3b 7e c2 ed 9b 33 dd 64 e9 8f df 85\nMyFile(0999)\: 81 c3 b1 c5 50 b6 55 2c c8 88 ed fd c4 cf 14 4f\nMyFile(0999)\: 49 d8 76 5c 1d 95 ef 34 e8 d7 74 aa 1e d2 ff 1d\nMyFile(0999)\: 19 27 19 de af b5 7a 71 c3 fb 38 11 ca da 78 2c\nMyFile(0999)\: 9b 32 3e 5f 31 eb c9 6e 43 eb 3d a5 c1 36 e2 86\nMyFile(0999)\: 49 1c 68 d7 5b f1 01 d0 29 16 d0 3a 44 36 5c 77\nMyFile(0999)\: value of 'crt->rsa.E' (32 bits) is\:\nMyFile(0999)\: 00 01 00 01\n"
|
||||||
|
|
||||||
|
@ -1,176 +1,237 @@
|
|||||||
X509 Certificate information #1
|
X509 Certificate information #1
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2009-02-09 21\:12\:35\nexpires on \: 2011-02-09 21\:12\:35\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2009-02-09 21\:12\:35\nexpires on \: 2011-02-09 21\:12\:35\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
||||||
|
|
||||||
X509 Certificate information #2
|
X509 Certificate information #2
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2009-02-10 22\:15\:12\nexpires on \: 2011-02-10 22\:15\:12\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2009-02-10 22\:15\:12\nexpires on \: 2011-02-10 22\:15\:12\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
||||||
|
|
||||||
X509 Certificate information #3
|
X509 Certificate information #3
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2009-02-09 21\:12\:25\nexpires on \: 2019-02-10 21\:12\:25\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2009-02-09 21\:12\:25\nexpires on \: 2019-02-10 21\:12\:25\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
||||||
|
|
||||||
X509 Certificate information MD2 Digest
|
X509 Certificate information MD2 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD2\nRSA key size \: 2048 bits\n"
|
x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD2\nRSA key size \: 2048 bits\n"
|
||||||
|
|
||||||
X509 Certificate information MD4 Digest
|
X509 Certificate information MD4 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD4\nRSA key size \: 2048 bits\n"
|
x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD4\nRSA key size \: 2048 bits\n"
|
||||||
|
|
||||||
X509 Certificate information MD5 Digest
|
X509 Certificate information MD5 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD5\nRSA key size \: 2048 bits\n"
|
x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD5\nRSA key size \: 2048 bits\n"
|
||||||
|
|
||||||
X509 Certificate information SHA1 Digest
|
X509 Certificate information SHA1 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 0C\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 0C\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
||||||
|
|
||||||
X509 Certificate information SHA224 Digest
|
X509 Certificate information SHA224 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA224\nRSA key size \: 2048 bits\n"
|
x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA224\nRSA key size \: 2048 bits\n"
|
||||||
|
|
||||||
X509 Certificate information SHA256 Digest
|
X509 Certificate information SHA256 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 0E\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA256\nRSA key size \: 2048 bits\n"
|
x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 0E\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA256\nRSA key size \: 2048 bits\n"
|
||||||
|
|
||||||
X509 Certificate information SHA384 Digest
|
X509 Certificate information SHA384 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0F\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA384\nRSA key size \: 2048 bits\n"
|
x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0F\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA384\nRSA key size \: 2048 bits\n"
|
||||||
|
|
||||||
X509 Certificate information SHA512 Digest
|
X509 Certificate information SHA512 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 10\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2009-07-12 10\:57\:00\nexpires on \: 2011-07-12 10\:57\:00\nsigned using \: RSA+SHA512\nRSA key size \: 2048 bits\n"
|
x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 10\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2009-07-12 10\:57\:00\nexpires on \: 2011-07-12 10\:57\:00\nsigned using \: RSA+SHA512\nRSA key size \: 2048 bits\n"
|
||||||
|
|
||||||
X509 CRL information #1
|
X509 CRL information #1
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-02-09 21\:12\:36\nnext update \: 2009-04-10 21\:12\:36\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n"
|
x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-02-09 21\:12\:36\nnext update \: 2009-04-10 21\:12\:36\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n"
|
||||||
|
|
||||||
X509 CRL Information MD2 Digest
|
X509 CRL Information MD2 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD2\n"
|
x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD2\n"
|
||||||
|
|
||||||
X509 CRL Information MD4 Digest
|
X509 CRL Information MD4 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD4\n"
|
x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD4\n"
|
||||||
|
|
||||||
X509 CRL Information MD5 Digest
|
X509 CRL Information MD5 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD5\n"
|
x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD5\n"
|
||||||
|
|
||||||
X509 CRL Information SHA1 Digest
|
X509 CRL Information SHA1 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n"
|
x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n"
|
||||||
|
|
||||||
X509 CRL Information SHA224 Digest
|
X509 CRL Information SHA224 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA224\n"
|
x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA224\n"
|
||||||
|
|
||||||
X509 CRL Information SHA256 Digest
|
X509 CRL Information SHA256 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA256\n"
|
x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA256\n"
|
||||||
|
|
||||||
X509 CRL Information SHA384 Digest
|
X509 CRL Information SHA384 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA384\n"
|
x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA384\n"
|
||||||
|
|
||||||
X509 CRL Information SHA512 Digest
|
X509 CRL Information SHA512 Digest
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA512\n"
|
x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA512\n"
|
||||||
|
|
||||||
X509 Parse Key #1 (No password when required)
|
X509 Parse Key #1 (No password when required)
|
||||||
depends_on:POLARSSL_MD5_C
|
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
|
||||||
x509parse_keyfile:"data_files/test-ca.key":NULL:POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED
|
x509parse_keyfile:"data_files/test-ca.key":NULL:POLARSSL_ERR_PEM_PASSWORD_REQUIRED
|
||||||
|
|
||||||
X509 Parse Key #2 (Correct password)
|
X509 Parse Key #2 (Correct password)
|
||||||
depends_on:POLARSSL_MD5_C
|
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
|
||||||
x509parse_keyfile:"data_files/test-ca.key":"PolarSSLTest":0
|
x509parse_keyfile:"data_files/test-ca.key":"PolarSSLTest":0
|
||||||
|
|
||||||
X509 Parse Key #3 (Wrong password)
|
X509 Parse Key #3 (Wrong password)
|
||||||
depends_on:POLARSSL_MD5_C
|
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
|
||||||
x509parse_keyfile:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH
|
x509parse_keyfile:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_PEM_PASSWORD_MISMATCH
|
||||||
|
|
||||||
|
X509 Parse Key #4 (DES Encrypted)
|
||||||
|
depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C
|
||||||
|
x509parse_keyfile:"data_files/keyfile.des":"testkey":0
|
||||||
|
|
||||||
|
X509 Parse Key #5 (3DES Encrypted)
|
||||||
|
depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C
|
||||||
|
x509parse_keyfile:"data_files/keyfile.3des":"testkey":0
|
||||||
|
|
||||||
|
X509 Parse Key #6 (AES-128 Encrypted)
|
||||||
|
depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C
|
||||||
|
x509parse_keyfile:"data_files/keyfile.aes128":"testkey":0
|
||||||
|
|
||||||
|
X509 Parse Key #7 (AES-192 Encrypted)
|
||||||
|
depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C
|
||||||
|
x509parse_keyfile:"data_files/keyfile.aes192":"testkey":0
|
||||||
|
|
||||||
|
X509 Parse Key #8 (AES-256 Encrypted)
|
||||||
|
depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C
|
||||||
|
x509parse_keyfile:"data_files/keyfile.aes256":"testkey":0
|
||||||
|
|
||||||
X509 Get Distinguished Name #1
|
X509 Get Distinguished Name #1
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_dn_gets:"data_files/server1.crt":subject:"C=NL, O=PolarSSL, CN=PolarSSL Server 1"
|
x509_dn_gets:"data_files/server1.crt":subject:"C=NL, O=PolarSSL, CN=PolarSSL Server 1"
|
||||||
|
|
||||||
X509 Get Distinguished Name #2
|
X509 Get Distinguished Name #2
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_dn_gets:"data_files/server1.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
x509_dn_gets:"data_files/server1.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
||||||
|
|
||||||
X509 Get Distinguished Name #3
|
X509 Get Distinguished Name #3
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_dn_gets:"data_files/server2.crt":subject:"C=NL, O=PolarSSL, CN=localhost"
|
x509_dn_gets:"data_files/server2.crt":subject:"C=NL, O=PolarSSL, CN=localhost"
|
||||||
|
|
||||||
X509 Get Distinguished Name #4
|
X509 Get Distinguished Name #4
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_dn_gets:"data_files/server2.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
x509_dn_gets:"data_files/server2.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
||||||
|
|
||||||
X509 Time Expired #1
|
X509 Time Expired #1
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_time_expired:"data_files/server1.crt":valid_from:1
|
x509_time_expired:"data_files/server1.crt":valid_from:1
|
||||||
|
|
||||||
X509 Time Expired #2
|
X509 Time Expired #2
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_time_expired:"data_files/server1.crt":valid_to:0
|
x509_time_expired:"data_files/server1.crt":valid_to:0
|
||||||
|
|
||||||
X509 Time Expired #3
|
X509 Time Expired #3
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_time_expired:"data_files/server2.crt":valid_from:1
|
x509_time_expired:"data_files/server2.crt":valid_from:1
|
||||||
|
|
||||||
X509 Time Expired #4
|
X509 Time Expired #4
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_time_expired:"data_files/server2.crt":valid_to:0
|
x509_time_expired:"data_files/server2.crt":valid_to:0
|
||||||
|
|
||||||
X509 Time Expired #5
|
X509 Time Expired #5
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_time_expired:"data_files/test-ca.crt":valid_from:1
|
x509_time_expired:"data_files/test-ca.crt":valid_from:1
|
||||||
|
|
||||||
X509 Time Expired #6
|
X509 Time Expired #6
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_time_expired:"data_files/test-ca.crt":valid_to:0
|
x509_time_expired:"data_files/test-ca.crt":valid_to:0
|
||||||
|
|
||||||
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
|
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL
|
||||||
|
|
||||||
X509 Certificate verification #2 (Revoked Cert, Expired CRL)
|
X509 Certificate verification #2 (Revoked Cert, Expired CRL)
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL
|
||||||
|
|
||||||
X509 Certificate verification #3 (Revoked Cert, Expired CRL, CN Mismatch)
|
X509 Certificate verification #3 (Revoked Cert, Expired CRL, CN Mismatch)
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED | BADCERT_CN_MISMATCH:NULL
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED | BADCERT_CN_MISMATCH:NULL
|
||||||
|
|
||||||
X509 Certificate verification #4 (Valid Cert, Expired CRL)
|
X509 Certificate verification #4 (Valid Cert, Expired CRL)
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_EXPIRED:NULL
|
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_EXPIRED:NULL
|
||||||
|
|
||||||
X509 Certificate verification #5 (Revoked Cert)
|
X509 Certificate verification #5 (Revoked Cert)
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL
|
||||||
|
|
||||||
X509 Certificate verification #6 (Revoked Cert)
|
X509 Certificate verification #6 (Revoked Cert)
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL
|
||||||
|
|
||||||
X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
|
X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCERT_CN_MISMATCH:NULL
|
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCERT_CN_MISMATCH:NULL
|
||||||
|
|
||||||
X509 Certificate verification #8 (Valid Cert)
|
X509 Certificate verification #8 (Valid Cert)
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||||
|
|
||||||
X509 Certificate verification #9 (Not trusted Cert)
|
X509 Certificate verification #9 (Not trusted Cert)
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL
|
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL
|
||||||
|
|
||||||
X509 Certificate verification #10 (Not trusted Cert, Expired CRL)
|
X509 Certificate verification #10 (Not trusted Cert, Expired CRL)
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL
|
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL
|
||||||
|
|
||||||
X509 Certificate verification #11 (Valid Cert MD2 Digest)
|
X509 Certificate verification #11 (Valid Cert MD2 Digest)
|
||||||
depends_on:POLARSSL_MD2_C
|
depends_on:POLARSSL_MD2_C:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||||
|
|
||||||
X509 Certificate verification #12 (Valid Cert MD4 Digest)
|
X509 Certificate verification #12 (Valid Cert MD4 Digest)
|
||||||
depends_on:POLARSSL_MD4_C
|
depends_on:POLARSSL_MD4_C:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||||
|
|
||||||
X509 Certificate verification #13 (Valid Cert MD5 Digest)
|
X509 Certificate verification #13 (Valid Cert MD5 Digest)
|
||||||
depends_on:POLARSSL_MD5_C
|
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||||
|
|
||||||
X509 Certificate verification #14 (Valid Cert SHA1 Digest)
|
X509 Certificate verification #14 (Valid Cert SHA1 Digest)
|
||||||
depends_on:POLARSSL_SHA1_C
|
depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||||
|
|
||||||
X509 Certificate verification #15 (Valid Cert SHA224 Digest)
|
X509 Certificate verification #15 (Valid Cert SHA224 Digest)
|
||||||
depends_on:POLARSSL_SHA2_C
|
depends_on:POLARSSL_SHA2_C:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||||
|
|
||||||
X509 Certificate verification #16 (Valid Cert SHA256 Digest)
|
X509 Certificate verification #16 (Valid Cert SHA256 Digest)
|
||||||
depends_on:POLARSSL_SHA2_C
|
depends_on:POLARSSL_SHA2_C:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||||
|
|
||||||
X509 Certificate verification #17 (Valid Cert SHA384 Digest)
|
X509 Certificate verification #17 (Valid Cert SHA384 Digest)
|
||||||
depends_on:POLARSSL_SHA4_C
|
depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||||
|
|
||||||
X509 Certificate verification #18 (Valid Cert SHA512 Digest)
|
X509 Certificate verification #18 (Valid Cert SHA512 Digest)
|
||||||
depends_on:POLARSSL_SHA4_C
|
depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||||
|
|
||||||
X509 Certificate verification #19 (Valid Cert, denying callback)
|
X509 Certificate verification #19 (Valid Cert, denying callback)
|
||||||
depends_on:POLARSSL_SHA4_C
|
depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:0:&verify_none
|
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:0:&verify_none
|
||||||
|
|
||||||
X509 Certificate verification #20 (Not trusted Cert, allowing callback)
|
X509 Certificate verification #20 (Not trusted Cert, allowing callback)
|
||||||
|
depends_on:POLARSSL_PEM_C
|
||||||
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:0:0:&verify_all
|
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:0:0:&verify_all
|
||||||
|
|
||||||
X509 Parse Selftest
|
X509 Parse Selftest
|
||||||
depends_on:POLARSSL_MD5_C
|
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
|
||||||
x509_selftest:
|
x509_selftest:
|
||||||
|
|
||||||
X509 Certificate ASN1 (Incorrect first tag)
|
X509 Certificate ASN1 (Incorrect first tag)
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
BEGIN_HEADER
|
BEGIN_HEADER
|
||||||
#include <polarssl/config.h>
|
#include <polarssl/config.h>
|
||||||
#include <polarssl/x509.h>
|
#include <polarssl/x509.h>
|
||||||
|
#include <polarssl/pem.h>
|
||||||
|
|
||||||
int verify_none( void *data, x509_cert *crt, int certificate_depth, int preverify_ok )
|
int verify_none( void *data, x509_cert *crt, int certificate_depth, int preverify_ok )
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user