mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-25 09:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merged update certificate verification for EC certificates into

Browse Source 
development
This commit is contained in:
Paul Bakker 2013-08-20 23:13:29 +02:00
commit 43fdd617e1
57 changed files with 1559 additions and 240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/polarssl/ecdsa.h
View File

@ -31,6 +31,8 @@
/**
* \brief ECDSA context structure
*
* \note Purposefully begins with the same members as struct ecp_keypair.
*/
typedef struct
{
@ -140,6 +142,16 @@ int ecdsa_read_signature( ecdsa_context *ctx,
int ecdsa_genkey( ecdsa_context *ctx, ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/**
* \brief Set an ECDSA context from an EC key pair
*
* \param ctx ECDSA context to set
* \param key EC key to use
*
* \return 0 on success, or a POLARSSL_ERR_ECP code.
*/
int ecdsa_from_keypair( ecdsa_context *ctx, const ecp_keypair *key );
/**
* \brief Initialize context
*

2
include/polarssl/ecp.h
View File

@ -95,6 +95,8 @@ ecp_group;
* \brief ECP key pair structure
*
* A generic key pair that could be used for ECDSA, fixed ECDH, etc.
*
* \note Members purposefully in the same order as struc ecdsa_context.
*/
typedef struct
{

4
include/polarssl/error.h
View File

@ -77,14 +77,14 @@
* PEM 1 9
* PKCS#12 1 4 (Started from top)
* X509 2 25
* PK 2 1 (Started from top)
* PK 2 3 (Started from top)
* DHM 3 6
* PKCS5 3 4 (Started from top)
* RSA 4 9
* ECP 4 4 (Started from top)
* MD 5 4
* CIPHER 6 5
* SSL 6 5 (Started from top)
* SSL 6 6 (Started from top)
* SSL 7 31
*
* Module dependent error code (5 bits 0x.08.-0x.F8.)

169
include/polarssl/pk.h
View File

@ -24,17 +24,29 @@
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_PK_H
#define POLARSSL_PK_H
#include "config.h"
#include "md.h"
#if defined(POLARSSL_RSA_C)
#include "rsa.h"
#endif
#if defined(POLARSSL_ECP_C)
#include "ecp.h"
#endif
#if defined(POLARSSL_ECDSA_C)
#include "ecdsa.h"
#endif
#define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */
#define POLARSSL_ERR_PK_TYPE_MISMATCH -0x2F00 /**< Type mismatch, eg attempt to use a RSA key as EC, or to modify key type */
#define POLARSSL_ERR_PK_TYPE_MISMATCH -0x2F00 /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
#define POLARSSL_ERR_PK_BAD_INPUT_DATA -0x2E80 /**< Bad input parameters to function. */
#if defined(POLARSSL_RSA_C)
/**
@ -43,7 +55,7 @@
* \warning You must make sure the PK context actually holds an RSA context
* before using this macro!
*/
#define pk_rsa( pk ) ( (rsa_context *) (pk).data )
#define pk_rsa( pk ) ( (rsa_context *) (pk).pk_ctx )
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECP_C)
@ -53,7 +65,7 @@
* \warning You must make sure the PK context actually holds an EC context
* before using this macro!
*/
#define pk_ec( pk ) ( (ecp_keypair *) (pk).data )
#define pk_ec( pk ) ( (ecp_keypair *) (pk).pk_ctx )
#endif /* POLARSSL_ECP_C */
@ -72,58 +84,161 @@ typedef enum {
POLARSSL_PK_ECDSA,
} pk_type_t;
/**
* \brief Types for interfacing with the debug module
*/
typedef enum
{
POLARSSL_PK_DEBUG_NONE = 0,
POLARSSL_PK_DEBUG_MPI,
POLARSSL_PK_DEBUG_ECP,
} pk_debug_type;
/**
* \brief Item to send to the debug module
*/
typedef struct
{
pk_debug_type type;
char *name;
void *value;
} pk_debug_item;
/** Maximum number of item send for debugging, plus 1 */
#define POLARSSL_PK_DEBUG_MAX_ITEMS 3
/**
* \brief Public key information and operations
*/
typedef struct
{
/** Public key type */
pk_type_t type;
/** Type name */
const char *name;
/** Get key size in bits */
size_t (*get_size)( const void * );
/** Tell if the context implements this type (eg ECKEY can do ECDSA) */
int (*can_do)( pk_type_t type );
/** Verify signature */
int (*verify_func)( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len );
/** Allocate a new context */
void * (*ctx_alloc_func)( void );
/** Free the given context */
void (*ctx_free_func)( void *ctx );
/** Interface with the debug module */
void (*debug_func)( const void *ctx, pk_debug_item *items );
} pk_info_t;
/**
* \brief Public key container
*/
typedef struct
{
pk_type_t type; /**< Public key type */
void * data; /**< Public key data */
int dont_free; /**< True if data must not be freed */
const pk_info_t * pk_info; /**< Public key informations */
void * pk_ctx; /**< Underlying public key context */
} pk_context;
/**
* \brief Return information associated with the given PK type
*
* \param type PK type to search for.
*
* \return The PK info associated with the type or NULL if not found.
*/
const pk_info_t *pk_info_from_type( pk_type_t pk_type );
/**
* \brief Initialize a pk_context (as NONE)
*/
void pk_init( pk_context *ctx );
/**
* \brief Initialize a PK context with the information given
* and allocates the type-specific PK subcontext.
*
* \param ctx Context to initialize. Must be empty (type NONE).
* \param info Information to use
*
* \return 0 on success,
* POLARSSL_ERR_PK_BAD_INPUT_DATA on invalid input,
* POLARSSL_ERR_PK_MALLOC_FAILED on allocation failure.
*/
int pk_init_ctx( pk_context *ctx, const pk_info_t *info );
/**
* \brief Free a pk_context
*/
void pk_free( pk_context *ctx );
/**
* \brief Set a pk_context to a given type
* \brief Get the size in bits of the underlying key
*
* \param ctx Context to initialize
* \param type Type of key
* \param ctx Context to use
*
* \note Once the type of a key has been set, it cannot be reset.
* If you want to do so, you need to use pk_free() first.
*
* \return O on success,
* POLARSSL_ERR_PK_MALLOC_FAILED on memory allocation fail,
* POLARSSL_ERR_PK_TYPE_MISMATCH on attempts to reset type.
* \return Key size in bits, or 0 on error
*/
int pk_set_type( pk_context *ctx, pk_type_t type );
size_t pk_get_size( const pk_context *ctx );
#if defined(POLARSSL_RSA_C)
/**
* \brief Wrap a RSA context in a PK context
* \brief Tell if a context can do the operation given by type
*
* \param ctx PK context to initiliaze
* \param rsa RSA context to use
* \param ctx Context to test
* \param type Target type
*
* \note The PK context must be freshly initialized.
*
* \return O on success,
* POLARSSL_ERR_PK_TYPE_MISMATCH if ctx was not empty.
* \return 0 if context can't do the operations,
* 1 otherwise.
*/
int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa);
#endif /* POLARSSL_RSA_C */
int pk_can_do( pk_context *ctx, pk_type_t type );
/**
* \brief Verify signature
*
* \param ctx PK context to use
* \param md_alg Hash algorithm used
* \param hash Hash of the message to sign
* \param hash_len Hash length
* \param sig Signature to verify
* \param sig_len Signature length
*
* \return 0 on success (signature is valid),
* or a specific error code.
*/
int pk_verify( pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len );
/**
* \brief Export debug information
*
* \param ctx Context to use
* \param items Place to write debug items
*
* \return 0 on sucess or POLARSSL_ERR_PK_BAD_INPUT_DATA
*/
int pk_debug( const pk_context *ctx, pk_debug_item *items );
/**
* \brief Access the type name
*
* \param ctx Context to use
*
* \return Type name on success, or "invalid PK"
*/
const char * pk_get_name( const pk_context *ctx );
#ifdef __cplusplus
}
#endif
#endif /* pk.h */
#endif /* POLARSSL_PK_H */

48
include/polarssl/pk_wrap.h Normal file
View File

@ -0,0 +1,48 @@
/**
* \file pk.h
*
* \brief Public Key abstraction layer: wrapper functions
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_PK_WRAP_H
#define POLARSSL_PK_WRAP_H
#include "config.h"
#include "pk.h"
#if defined(POLARSSL_RSA_C)
extern const pk_info_t rsa_info;
#endif
#if defined(POLARSSL_ECP_C)
extern const pk_info_t eckey_info;
extern const pk_info_t eckeydh_info;
#endif
#if defined(POLARSSL_ECDSA_C)
extern const pk_info_t ecdsa_info;
#endif
#endif /* POLARSSL_PK_WRAP_H */

17
include/polarssl/rsa.h
View File

@ -451,7 +451,7 @@ int rsa_pkcs1_verify( rsa_context *ctx,
md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
const unsigned char *sig );
/**
* \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
@ -474,7 +474,7 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
const unsigned char *sig );
/**
* \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY)
@ -504,7 +504,18 @@ int rsa_rsassa_pss_verify( rsa_context *ctx,
md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig );
const unsigned char *sig );
/**
* \brief Copy the components of an RSA context
*
* \param dst Destination context
* \param src Source context
*
* \return O on success,
* POLARSSL_ERR_MPI_MALLOC_FAILED on memory allocation failure
*/
int rsa_copy( rsa_context *dst, const rsa_context *src );
/**
* \brief Free the components of an RSA key

2
include/polarssl/ssl.h
View File

@ -110,7 +110,7 @@
#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION -0x6E80 /**< Handshake protocol not within min/max boundaries */
#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET -0x6E00 /**< Processing of the NewSessionTicket handshake message failed. */
#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80 /**< Session ticket has expired. */
#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH -0x6D00 /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
/*
* Various constants

1
library/CMakeLists.txt
View File

@ -40,6 +40,7 @@ set(src
pkcs11.c
pkcs12.c
pk.c
pk_wrap.c
rsa.c
sha1.c
sha256.c

2
library/Makefile
View File

@ -49,7 +49,7 @@ OBJS= aes.o arc4.o asn1parse.o \
oid.o \
padlock.o pbkdf2.o pem.o \
pkcs5.o pkcs11.o pkcs12.o \
pk.o \
pk.o pk_wrap.o \
rsa.o sha1.o sha256.o \
sha512.o ssl_cache.o ssl_cli.o \
ssl_srv.o ssl_ciphersuites.o \

6
library/bignum.c
View File

@ -130,6 +130,12 @@ int mpi_copy( mpi *X, const mpi *Y )
if( X == Y )
return( 0 );
if( Y->p == NULL )
{
mpi_free( X );
return( 0 );
}
for( i = Y->n - 1; i > 0; i-- )
if( Y->p[i] != 0 )
break;

53
library/debug.c
View File

@ -225,6 +225,39 @@ void debug_print_mpi( const ssl_context *ssl, int level,
#endif /* POLARSSL_BIGNUM_C */
#if defined(POLARSSL_X509_PARSE_C)
static void debug_print_pk( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const pk_context *pk )
{
size_t i;
pk_debug_item items[POLARSSL_PK_DEBUG_MAX_ITEMS];
char name[16];
memset( items, 0, sizeof( items ) );
if( pk_debug( pk, items ) != 0 )
{
debug_print_msg( ssl, level, file, line, "invalid PK context" );
return;
}
for( i = 0; i < sizeof( items ); i++ )
{
if( items[i].type == POLARSSL_PK_DEBUG_NONE )
return;
snprintf( name, sizeof( name ), "%s%s", text, items[i].name );
name[sizeof( name ) - 1] = '\0';
if( items[i].type == POLARSSL_PK_DEBUG_MPI )
debug_print_mpi( ssl, level, file, line, name, items[i].value );
else if( items[i].type == POLARSSL_PK_DEBUG_ECP )
debug_print_ecp( ssl, level, file, line, name, items[i].value );
else
debug_print_msg( ssl, level, file, line, "should not happen" );
}
}
void debug_print_crt( const ssl_context *ssl, int level,
const char *file, int line,
const char *text, const x509_cert *crt )
@ -250,25 +283,7 @@ void debug_print_crt( const ssl_context *ssl, int level,
str[maxlen] = '\0';
ssl->f_dbg( ssl->p_dbg, level, str );
#if defined(POLARSSL_RSA_C)
if( crt->pk.type == POLARSSL_PK_RSA )
{
debug_print_mpi( ssl, level, file, line,
"crt->rsa.N", &pk_rsa( crt->pk )->N );
debug_print_mpi( ssl, level, file, line,
"crt->rsa.E", &pk_rsa( crt->pk )->E );
} else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECP_C)
if( crt->pk.type == POLARSSL_PK_ECKEY ||
crt->pk.type == POLARSSL_PK_ECKEY_DH )
{
debug_print_ecp( ssl, level, file, line,
"crt->eckey.Q", &pk_ec( crt->pk )->Q );
} else
#endif /* POLARSSL_ECP_C */
debug_print_msg( ssl, level, file, line,
"crt->pk.type is not valid" );
debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
crt = crt->next;
}

14
library/ecdsa.c
View File

@ -283,6 +283,20 @@ int ecdsa_genkey( ecdsa_context *ctx, ecp_group_id gid,
ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
}
/*
* Set context from an ecp_keypair
*/
int ecdsa_from_keypair( ecdsa_context *ctx, const ecp_keypair *key )
{
int ret = ecp_group_copy( &ctx->grp, &key->grp ) ||
mpi_copy( &ctx->d, &key->d ) ||
ecp_copy( &ctx->Q, &key->Q );
if( ret != 0 )
ecdsa_free( ctx );
return( ret );
}
/*
* Initialize context

4
library/error.c
View File

@ -252,6 +252,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "PK - Memory alloation failed" );
if( use_ret == -(POLARSSL_ERR_PK_TYPE_MISMATCH) )
snprintf( buf, buflen, "PK - Type mismatch, eg attempt to use a RSA key as EC, or to modify key type" );
if( use_ret == -(POLARSSL_ERR_PK_BAD_INPUT_DATA) )
snprintf( buf, buflen, "PK - Bad input parameters to function" );
#endif /* POLARSSL_PK_C */
#if defined(POLARSSL_PKCS12_C)
@ -373,6 +375,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
snprintf( buf, buflen, "SSL - Processing of the NewSessionTicket handshake message failed" );
if( use_ret == -(POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED) )
snprintf( buf, buflen, "SSL - Session ticket has expired" );
if( use_ret == -(POLARSSL_ERR_SSL_PK_TYPE_MISMATCH) )
snprintf( buf, buflen, "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" );
#endif /* POLARSSL_SSL_TLS_C */
#if defined(POLARSSL_X509_PARSE_C)

154
library/pk.c
View File

@ -26,6 +26,7 @@
#include "polarssl/config.h"
#include "polarssl/pk.h"
#include "polarssl/pk_wrap.h"
#if defined(POLARSSL_RSA_C)
#include "polarssl/rsa.h"
@ -37,15 +38,6 @@
#include "polarssl/ecdsa.h"
#endif
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#else
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#include <stdlib.h>
/*
* Initialise a pk_context
*/
@ -54,9 +46,8 @@ void pk_init( pk_context *ctx )
if( ctx == NULL )
return;
ctx->type = POLARSSL_PK_NONE;
ctx->data = NULL;
ctx->dont_free = 0;
ctx->pk_info = NULL;
ctx->pk_ctx = NULL;
}
/*
@ -64,87 +55,116 @@ void pk_init( pk_context *ctx )
*/
void pk_free( pk_context *ctx )
{
if( ctx == NULL )
if( ctx == NULL || ctx->pk_info == NULL)
return;
#if defined(POLARSSL_RSA_C)
if( ctx->type == POLARSSL_PK_RSA )
rsa_free( ctx->data );
else
#endif
#if defined(POLARSSL_ECP_C)
if( ctx->type == POLARSSL_PK_ECKEY || ctx->type == POLARSSL_PK_ECKEY_DH )
ecp_keypair_free( ctx->data );
else
#endif
#if defined(POLARSSL_ECDSA_C)
if( ctx->type == POLARSSL_PK_ECDSA )
ecdsa_free( ctx->data );
else
#endif
{
; /* guard for the else's above */
}
ctx->pk_info->ctx_free_func( ctx->pk_ctx );
ctx->pk_ctx = NULL;
if( ! ctx->dont_free )
polarssl_free( ctx->data );
ctx->type = POLARSSL_PK_NONE;
ctx->data = NULL;
ctx->pk_info = NULL;
}
/*
* Set a pk_context to a given type
* Get pk_info structure from type
*/
int pk_set_type( pk_context *ctx, pk_type_t type )
const pk_info_t * pk_info_from_type( pk_type_t pk_type )
{
size_t size;
if( ctx->type == type )
return( 0 );
if( ctx->type != POLARSSL_PK_NONE )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
switch( pk_type ) {
#if defined(POLARSSL_RSA_C)
if( type == POLARSSL_PK_RSA )
size = sizeof( rsa_context );
else
case POLARSSL_PK_RSA:
return &rsa_info;
#endif
#if defined(POLARSSL_ECP_C)
if( type == POLARSSL_PK_ECKEY || type == POLARSSL_PK_ECKEY_DH )
size = sizeof( ecp_keypair );
else
case POLARSSL_PK_ECKEY:
return &eckey_info;
case POLARSSL_PK_ECKEY_DH:
return &eckeydh_info;
#endif
#if defined(POLARSSL_ECDSA_C)
if( type == POLARSSL_PK_ECDSA )
size = sizeof( ecdsa_context );
else
case POLARSSL_PK_ECDSA:
return &ecdsa_info;
#endif
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
default:
return NULL;
}
}
if( ( ctx->data = polarssl_malloc( size ) ) == NULL )
/*
* Initialise context
*/
int pk_init_ctx( pk_context *ctx, const pk_info_t *info )
{
if( ctx == NULL || info == NULL || ctx->pk_info != NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
return( POLARSSL_ERR_PK_MALLOC_FAILED );
memset( ctx->data, 0, size );
ctx->type = type;
ctx->pk_info = info;
return( 0 );
}
#if defined(POLARSSL_RSA_C)
/*
* Wrap an RSA context in a PK context
* Tell if a PK can do the operations of the given type
*/
int pk_wrap_rsa( pk_context *ctx, const rsa_context *rsa)
int pk_can_do( pk_context *ctx, pk_type_t type )
{
if( ctx->type != POLARSSL_PK_NONE )
/* null or NONE context can't do anything */
if( ctx == NULL || ctx->pk_info == NULL )
return( 0 );
return( ctx->pk_info->can_do( type ) );
}
/*
* Verify a signature
*/
int pk_verify( pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
if( ctx == NULL || ctx->pk_info == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->verify_func == NULL )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
ctx->type = POLARSSL_PK_RSA;
ctx->data = (rsa_context *) rsa;
ctx->dont_free = 1;
return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg,
hash, hash_len,
sig, sig_len ) );
}
/*
* Get key size in bits
*/
size_t pk_get_size( const pk_context *ctx )
{
if( ctx == NULL || ctx->pk_info == NULL )
return( 0 );
return( ctx->pk_info->get_size( ctx->pk_ctx ) );
}
/*
* Export debug information
*/
int pk_debug( const pk_context *ctx, pk_debug_item *items )
{
if( ctx == NULL || ctx->pk_info == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
ctx->pk_info->debug_func( ctx->pk_ctx, items );
return( 0 );
}
#endif
/*
* Access the PK type name
*/
const char * pk_get_name( const pk_context *ctx )
{
if( ctx == NULL || ctx->pk_info == NULL )
return( "invalid PK" );
return( ctx->pk_info->name );
}

254
library/pk_wrap.c Normal file
View File

@ -0,0 +1,254 @@
/*
* Public Key abstraction layer: wrapper functions
*
* Copyright (C) 2006-2013, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "polarssl/config.h"
#include "polarssl/pk_wrap.h"
#if defined(POLARSSL_RSA_C)
#include "polarssl/rsa.h"
#endif
#if defined(POLARSSL_ECP_C)
#include "polarssl/ecp.h"
#endif
#if defined(POLARSSL_ECDSA_C)
#include "polarssl/ecdsa.h"
#endif
#if defined(POLARSSL_MEMORY_C)
#include "polarssl/memory.h"
#else
#include <stdlib.h>
#define polarssl_malloc malloc
#define polarssl_free free
#endif
#if defined(POLARSSL_RSA_C)
static int rsa_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_RSA );
}
static size_t rsa_get_size( const void * ctx )
{
return( 8 * ((rsa_context *) ctx)->len );
}
static int rsa_verify_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
if( sig_len != ((rsa_context *) ctx)->len )
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
return( rsa_pkcs1_verify( (rsa_context *) ctx,
RSA_PUBLIC, md_alg, hash_len, hash, sig ) );
}
static void *rsa_alloc_wrap( void )
{
void *ctx = polarssl_malloc( sizeof( rsa_context ) );
if( ctx != NULL )
rsa_init( (rsa_context *) ctx, 0, 0 );
return ctx;
}
static void rsa_free_wrap( void *ctx )
{
rsa_free( (rsa_context *) ctx );
polarssl_free( ctx );
}
static void rsa_debug( const void *ctx, pk_debug_item *items )
{
items->type = POLARSSL_PK_DEBUG_MPI;
items->name = "rsa.N";
items->value = &( ((rsa_context *) ctx)->N );
items++;
items->type = POLARSSL_PK_DEBUG_MPI;
items->name = "rsa.E";
items->value = &( ((rsa_context *) ctx)->E );
}
const pk_info_t rsa_info = {
POLARSSL_PK_RSA,
"RSA",
rsa_get_size,
rsa_can_do,
rsa_verify_wrap,
rsa_alloc_wrap,
rsa_free_wrap,
rsa_debug,
};
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECP_C)
/*
* Generic EC key
*/
static int eckey_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_ECKEY ||
type == POLARSSL_PK_ECKEY_DH ||
type == POLARSSL_PK_ECDSA );
}
static size_t eckey_get_size( const void *ctx )
{
return( ((ecp_keypair *) ctx)->grp.pbits );
}
#if defined(POLARSSL_ECDSA_C)
/* Forward declaration */
static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len );
static int eckey_verify_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
int ret;
ecdsa_context ecdsa;
ecdsa_init( &ecdsa );
ret = ecdsa_from_keypair( &ecdsa, ctx ) ||
ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
ecdsa_free( &ecdsa );
return( ret );
}
#endif /* POLARSSL_ECDSA_C */
static void *eckey_alloc_wrap( void )
{
void *ctx = polarssl_malloc( sizeof( ecp_keypair ) );
if( ctx != NULL )
ecp_keypair_init( ctx );
return( ctx );
}
static void eckey_free_wrap( void *ctx )
{
ecp_keypair_free( (ecp_keypair *) ctx );
polarssl_free( ctx );
}
static void eckey_debug( const void *ctx, pk_debug_item *items )
{
items->type = POLARSSL_PK_DEBUG_ECP;
items->name = "eckey.Q";
items->value = &( ((ecp_keypair *) ctx)->Q );
}
const pk_info_t eckey_info = {
POLARSSL_PK_ECKEY,
"EC",
eckey_get_size,
eckey_can_do,
#if defined(POLARSSL_ECDSA_C)
eckey_verify_wrap,
#else
NULL,
#endif
eckey_alloc_wrap,
eckey_free_wrap,
eckey_debug,
};
/*
* EC key resticted to ECDH
*/
static int eckeydh_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_ECKEY ||
type == POLARSSL_PK_ECKEY_DH );
}
const pk_info_t eckeydh_info = {
POLARSSL_PK_ECKEY_DH,
"EC_DH",
eckey_get_size, /* Same underlying key structure */
eckeydh_can_do,
NULL,
eckey_alloc_wrap, /* Same underlying key structure */
eckey_free_wrap, /* Same underlying key structure */
eckey_debug, /* Same underlying key structure */
};
#endif /* POLARSSL_ECP_C */
#if defined(POLARSSL_ECDSA_C)
static int ecdsa_can_do( pk_type_t type )
{
return( type == POLARSSL_PK_ECDSA );
}
static int ecdsa_verify_wrap( void *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
((void) md_alg);
return( ecdsa_read_signature( (ecdsa_context *) ctx,
hash, hash_len, sig, sig_len ) );
}
static void *ecdsa_alloc_wrap( void )
{
void *ctx = polarssl_malloc( sizeof( ecdsa_context ) );
if( ctx != NULL )
ecdsa_init( (ecdsa_context *) ctx );
return( ctx );
}
static void ecdsa_free_wrap( void *ctx )
{
ecdsa_free( (ecdsa_context *) ctx );
polarssl_free( ctx );
}
const pk_info_t ecdsa_info = {
POLARSSL_PK_ECDSA,
"ECDSA",
eckey_get_size, /* Compatible key structures */
ecdsa_can_do,
ecdsa_verify_wrap,
ecdsa_alloc_wrap,
ecdsa_free_wrap,
eckey_debug, /* Compatible key structures */
};
#endif /* POLARSSL_ECDSA_C */

40
library/rsa.c
View File

@ -953,7 +953,7 @@ int rsa_rsassa_pss_verify( rsa_context *ctx,
md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig )
const unsigned char *sig )
{
int ret;
size_t siglen;
@ -1063,7 +1063,7 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig )
const unsigned char *sig )
{
int ret;
size_t len, siglen, asn1_len;
@ -1177,7 +1177,7 @@ int rsa_pkcs1_verify( rsa_context *ctx,
md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig )
const unsigned char *sig )
{
switch( ctx->padding )
{
@ -1196,6 +1196,40 @@ int rsa_pkcs1_verify( rsa_context *ctx,
}
}
/*
* Copy the components of an RSA key
*/
int rsa_copy( rsa_context *dst, const rsa_context *src )
{
int ret;
dst->ver = src->ver;
dst->len = src->len;
MPI_CHK( mpi_copy( &dst->N, &src->N ) );
MPI_CHK( mpi_copy( &dst->E, &src->E ) );
MPI_CHK( mpi_copy( &dst->D, &src->D ) );
MPI_CHK( mpi_copy( &dst->P, &src->P ) );
MPI_CHK( mpi_copy( &dst->Q, &src->Q ) );
MPI_CHK( mpi_copy( &dst->DP, &src->DP ) );
MPI_CHK( mpi_copy( &dst->DQ, &src->DQ ) );
MPI_CHK( mpi_copy( &dst->QP, &src->QP ) );
MPI_CHK( mpi_copy( &dst->RN, &src->RN ) );
MPI_CHK( mpi_copy( &dst->RP, &src->RP ) );
MPI_CHK( mpi_copy( &dst->RQ, &src->RQ ) );
dst->padding = src->padding;
dst->hash_id = src->padding;
cleanup:
if( ret != 0 )
rsa_free( dst );
return( ret );
}
/*
* Free the components of an RSA key
*/

24
library/ssl_cli.c
View File

@ -1346,12 +1346,15 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
/* EC NOT IMPLEMENTED YET */
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk,
POLARSSL_PK_RSA ) )
{
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
}
if( (unsigned int)( end - p ) !=
pk_rsa( ssl->session_negotiate->peer_cert->pk )->len )
if( 8 * (unsigned int)( end - p ) !=
pk_get_size( &ssl->session_negotiate->peer_cert->pk ) )
{
SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
@ -1795,12 +1798,15 @@ static int ssl_write_client_key_exchange( ssl_context *ssl )
if( ret != 0 )
return( ret );
/* EC NOT IMPLEMENTED YET */
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk,
POLARSSL_PK_RSA ) )
{
SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) );
return( POLARSSL_ERR_SSL_PK_TYPE_MISMATCH );
}
i = 4;
n = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len;
n = pk_get_size( &ssl->session_negotiate->peer_cert->pk ) / 8;
if( ssl->minor_ver != SSL_MINOR_VERSION_0 )
{

7
library/ssl_srv.c
View File

@ -2517,10 +2517,13 @@ static int ssl_parse_certificate_verify( ssl_context *ssl )
}
/* EC NOT IMPLEMENTED YET */
if( ssl->session_negotiate->peer_cert->pk.type != POLARSSL_PK_RSA )
if( ! pk_can_do( &ssl->session_negotiate->peer_cert->pk,
POLARSSL_PK_RSA ) )
{
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
n1 = pk_rsa( ssl->session_negotiate->peer_cert->pk )->len;
n1 = pk_get_size( &ssl->session_negotiate->peer_cert->pk ) / 8;
n2 = ( ssl->in_msg[4 + n] << 8 ) | ssl->in_msg[5 + n];
if( n + n1 + 6 != ssl->in_hslen || n1 != n2 )

172
library/x509parse.c
View File

@ -570,6 +570,7 @@ static int x509_get_pubkey( unsigned char **p,
size_t len;
x509_buf alg_params;
pk_type_t pk_alg = POLARSSL_PK_NONE;
const pk_info_t *pk_info;
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
@ -589,7 +590,10 @@ static int x509_get_pubkey( unsigned char **p,
return( POLARSSL_ERR_X509_CERT_INVALID_PUBKEY +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
if( ( ret = pk_set_type( pk, pk_alg ) ) != 0 )
if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
return( ret );
#if defined(POLARSSL_RSA_C)
@ -2138,12 +2142,24 @@ int x509parse_public_keyfile( pk_context *ctx, const char *path )
*/
int x509parse_keyfile_rsa( rsa_context *rsa, const char *path, const char *pwd )
{
int ret;
pk_context pk;
pk_init( &pk );
pk_wrap_rsa( &pk, rsa );
return( x509parse_keyfile( &pk, path, pwd ) );
ret = x509parse_keyfile( &pk, path, pwd );
if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) )
ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
if( ret == 0 )
rsa_copy( rsa, pk_rsa( pk ) );
else
rsa_free( rsa );
pk_free( &pk );
return( ret );
}
/*
@ -2151,12 +2167,24 @@ int x509parse_keyfile_rsa( rsa_context *rsa, const char *path, const char *pwd )
*/
int x509parse_public_keyfile_rsa( rsa_context *rsa, const char *path )
{
int ret;
pk_context pk;
pk_init( &pk );
pk_wrap_rsa( &pk, rsa );
return( x509parse_public_keyfile( &pk, path ) );
ret = x509parse_public_keyfile( &pk, path );
if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) )
ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
if( ret == 0 )
rsa_copy( rsa, pk_rsa( pk ) );
else
rsa_free( rsa );
pk_free( &pk );
return( ret );
}
#endif /* POLARSSL_RSA_C */
#endif /* POLARSSL_FS_IO */
@ -2360,6 +2388,7 @@ static int x509parse_key_pkcs8_unencrypted_der(
unsigned char *p = (unsigned char *) key;
unsigned char *end = p + keylen;
pk_type_t pk_alg = POLARSSL_PK_NONE;
const pk_info_t *pk_info;
/*
* This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
@ -2401,7 +2430,10 @@ static int x509parse_key_pkcs8_unencrypted_der(
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT +
POLARSSL_ERR_ASN1_OUT_OF_DATA );
if( ( ret = pk_set_type( pk, pk_alg ) ) != 0 )
if( ( pk_info = pk_info_from_type( pk_alg ) ) == NULL )
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 )
return( ret );
#if defined(POLARSSL_RSA_C)
@ -2548,6 +2580,7 @@ int x509parse_key( pk_context *pk,
const unsigned char *pwd, size_t pwdlen )
{
int ret;
const pk_info_t *pk_info;
#if defined(POLARSSL_PEM_C)
size_t len;
@ -2562,7 +2595,10 @@ int x509parse_key( pk_context *pk,
key, pwd, pwdlen, &len );
if( ret == 0 )
{
if( ( ret = pk_set_type( pk, POLARSSL_PK_RSA ) ) != 0 ||
if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
( ret = x509parse_key_pkcs1_der( pk_rsa( *pk ),
pem.buf, pem.buflen ) ) != 0 )
{
@ -2587,7 +2623,10 @@ int x509parse_key( pk_context *pk,
key, pwd, pwdlen, &len );
if( ret == 0 )
{
if( ( ret = pk_set_type( pk, POLARSSL_PK_ECKEY ) ) != 0 ||
if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
( ret = x509parse_key_sec1_der( pk_ec( *pk ),
pem.buf, pem.buflen ) ) != 0 )
{
@ -2672,7 +2711,10 @@ int x509parse_key( pk_context *pk,
pk_free( pk );
#if defined(POLARSSL_RSA_C)
if( ( ret = pk_set_type( pk, POLARSSL_PK_RSA ) ) == 0 &&
if( ( pk_info = pk_info_from_type( POLARSSL_PK_RSA ) ) == NULL )
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
( ret = x509parse_key_pkcs1_der( pk_rsa( *pk ), key, keylen ) ) == 0 )
{
return( 0 );
@ -2682,7 +2724,10 @@ int x509parse_key( pk_context *pk,
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECP_C)
if( ( ret = pk_set_type( pk, POLARSSL_PK_ECKEY ) ) == 0 &&
if( ( pk_info = pk_info_from_type( POLARSSL_PK_ECKEY ) ) == NULL )
return( POLARSSL_ERR_X509_UNKNOWN_PK_ALG );
if( ( ret = pk_init_ctx( pk, pk_info ) ) != 0 ||
( ret = x509parse_key_sec1_der( pk_ec( *pk ), key, keylen ) ) == 0 )
{
return( 0 );
@ -2745,12 +2790,24 @@ int x509parse_key_rsa( rsa_context *rsa,
const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen )
{
int ret;
pk_context pk;
pk_init( &pk );
pk_wrap_rsa( &pk, rsa );
return( x509parse_key( &pk, key, keylen, pwd, pwdlen ) );
ret = x509parse_key( &pk, key, keylen, pwd, pwdlen );
if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) )
ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
if( ret == 0 )
rsa_copy( rsa, pk_rsa( pk ) );
else
rsa_free( rsa );
pk_free( &pk );
return( ret );
}
/*
@ -2759,12 +2816,24 @@ int x509parse_key_rsa( rsa_context *rsa,
int x509parse_public_key_rsa( rsa_context *rsa,
const unsigned char *key, size_t keylen )
{
int ret;
pk_context pk;
pk_init( &pk );
pk_wrap_rsa( &pk, rsa );
return( x509parse_public_key( &pk, key, keylen ) );
ret = x509parse_public_key( &pk, key, keylen );
if( ret == 0 && ! pk_can_do( &pk, POLARSSL_PK_RSA ) )
ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
if( ret == 0 )
rsa_copy( rsa, pk_rsa( pk ) );
else
rsa_free( rsa );
pk_free( &pk );
return( ret );
}
#endif /* POLARSSL_RSA_C */
@ -3021,9 +3090,29 @@ int x509parse_serial_gets( char *buf, size_t size, const x509_buf *serial )
return( (int) ( size - n ) );
}
/*
* Helper for writing "RSA key size", "EC key size", etc
*/
static int x509_key_size_helper( char *buf, size_t size, const char *name )
{
char *p = buf;
size_t n = size;
int ret;
if( strlen( name ) + sizeof( " key size" ) > size )
return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;
ret = snprintf( p, n, "%s key size", name );
SAFE_SNPRINTF();
return( 0 );
}
/*
* Return an informational string about the certificate.
*/
#define BEFORE_COLON 14
#define BC "14"
int x509parse_cert_info( char *buf, size_t size, const char *prefix,
const x509_cert *crt )
{
@ -3031,6 +3120,7 @@ int x509parse_cert_info( char *buf, size_t size, const char *prefix,
size_t n;
char *p;
const char *desc = NULL;
char key_size_str[BEFORE_COLON];
p = buf;
n = size;
@ -3079,20 +3169,14 @@ int x509parse_cert_info( char *buf, size_t size, const char *prefix,
ret = snprintf( p, n, desc );
SAFE_SNPRINTF();
#if defined(POLARSSL_RSA_C)
if( crt->pk.type == POLARSSL_PK_RSA )
ret = snprintf( p, n, "\n%sRSA key size : %d bits\n", prefix,
(int) pk_rsa( crt->pk )->N.n * (int) sizeof( t_uint ) * 8 );
else
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECP_C)
if( crt->pk.type == POLARSSL_PK_ECKEY ||
crt->pk.type == POLARSSL_PK_ECKEY_DH )
ret = snprintf( p, n, "\n%sEC key size : %d bits\n", prefix,
(int) pk_ec( crt->pk )->grp.pbits );
else
#endif /* POLARSSL_ECP_C */
ret = snprintf(p, n, "\n%sPK type looks wrong!", prefix);
if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
pk_get_name( &crt->pk ) ) ) != 0 )
{
return( ret );
}
ret = snprintf( p, n, "\n%s%-" BC "s: %d bits\n", prefix, key_size_str,
(int) pk_get_size( &crt->pk ) );
SAFE_SNPRINTF();
return( (int) ( size - n ) );
@ -3344,16 +3428,10 @@ static int x509parse_verifycrl(x509_cert *crt, x509_cert *ca,
md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
/* EC NOT IMPLEMENTED YET */
if( ca->pk.type != POLARSSL_PK_RSA )
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
if( !rsa_pkcs1_verify( pk_rsa( ca->pk ), RSA_PUBLIC, crl_list->sig_md,
0, hash, crl_list->sig.p ) == 0 )
if( pk_can_do( &ca->pk, crl_list->sig_pk ) == 0 ||
pk_verify( &ca->pk, crl_list->sig_md, hash, md_info->size,
crl_list->sig.p, crl_list->sig.len ) != 0 )
{
/*
* CRL is not trusted
*/
flags |= BADCRL_NOT_TRUSTED;
break;
}
@ -3443,7 +3521,7 @@ static int x509parse_verify_top(
*/
if( child->subject_raw.len == trust_ca->subject_raw.len &&
memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
child->issuer_raw.len ) == 0 )
child->issuer_raw.len ) == 0 )
{
check_path_cnt--;
}
@ -3467,12 +3545,9 @@ static int x509parse_verify_top(
md( md_info, child->tbs.p, child->tbs.len, hash );
/* EC NOT IMPLEMENTED YET */
if( trust_ca->pk.type != POLARSSL_PK_RSA )
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
if( rsa_pkcs1_verify( pk_rsa( trust_ca->pk ), RSA_PUBLIC, child->sig_md,
0, hash, child->sig.p ) != 0 )
if( pk_can_do( &trust_ca->pk, child->sig_pk ) == 0 ||
pk_verify( &trust_ca->pk, child->sig_md, hash, md_info->size,
child->sig.p, child->sig.len ) != 0 )
{
trust_ca = trust_ca->next;
continue;
@ -3547,12 +3622,9 @@ static int x509parse_verify_child(
{
md( md_info, child->tbs.p, child->tbs.len, hash );
/* EC NOT IMPLEMENTED YET */
if( parent->pk.type != POLARSSL_PK_RSA )
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
if( rsa_pkcs1_verify( pk_rsa( parent->pk ), RSA_PUBLIC, child->sig_md,
0, hash, child->sig.p ) != 0 )
if( pk_can_do( &parent->pk, child->sig_pk ) == 0 ||
pk_verify( &parent->pk, child->sig_md, hash, md_info->size,
child->sig.p, child->sig.len ) != 0 )
{
*flags |= BADCERT_NOT_TRUSTED;
}

2
programs/test/ssl_cert_test.c
View File

@ -213,7 +213,7 @@ int main( int argc, char *argv[] )
/* EC NOT IMPLEMENTED YET */
if( clicert.pk.type != POLARSSL_PK_RSA )
if( ! pk_can_do( &clicert.pk, POLARSSL_PK_RSA ) )
{
printf( " failed\n ! certificate's key is not RSA\n\n" );
ret = POLARSSL_ERR_X509_FEATURE_UNAVAILABLE;

10
tests/data_files/crl-ec-sha224.pem Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN X509 CRL-----
MIIBUDCB9wIBATAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4
MDYzOFoXDTIzMDgwNzA4MDYzOFowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu
BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwEDSAAwRQIge0CLFC7Ba9urAcQjRg2y
MlaoNZjFTLfgORXoVIr7qB0CIQD875hm+aual5qW62hMfHcb7W3BoU+vV1D42YyE
sd4POA==
-----END X509 CRL-----

10
tests/data_files/crl-ec-sha256.pem Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN X509 CRL-----
MIIBTjCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4
MDY0NFoXDTIzMDgwNzA4MDY0NFowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu
BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwIDRgAwQwIgZ8GDUEO/f6f6+yCdb6jj
/Sw0bkdVRGinNKBda4J87ksCHySC8j+ijdECxWR6O6Isxl9g47WSf+0tRslvqn0k
D9k=
-----END X509 CRL-----

10
tests/data_files/crl-ec-sha384.pem Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN X509 CRL-----
MIIBUDCB9wIBATAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4
MDY1MloXDTIzMDgwNzA4MDY1MlowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu
BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwMDSAAwRQIhAJpojagrap1H0VYcCkfs
JK0a304u+NLa4fkL4Qe9dXRaAiB7gx0xZL0ePad7/PiFfsJgIhMrGiRHGTXnK121
DgSMLw==
-----END X509 CRL-----

10
tests/data_files/crl-ec-sha512.pem Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN X509 CRL-----
MIIBUDCB9wIBATAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDgwOTA4
MDcwMVoXDTIzMDgwNzA4MDcwMVowFDASAgECFw0xMzA4MDkwODA0MDNaoHIwcDBu
BgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFCpEAwPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwQDSAAwRQIgYkzK1SMOvmwq2qfkxQ/6
nWz0QaNSVS589vInbPBrFt8CIQDQFZi4S+L7DN/WUl91o1xS6n9aTGoHOzaQS7Ym
fWUstQ==
-----END X509 CRL-----

10
tests/data_files/crl-ec.pem Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN X509 CRL-----
MIIBTTCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ
b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwODA5MDgw
NjI2WhcNMjMwODA3MDgwNjI2WjAUMBICAQIXDTEzMDgwOTA4MDQwM1qgcjBwMG4G
A1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKkQDA+MQswCQYDVQQGEwJO
TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg
Q0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0cAMEQCIDbClXv2qJc1OgDtaxLWogdO
5x51dupuJ8N+Oa2S1aPJAiBJWFhnRZRvqVRMhkJ5NQquR+crofroBOOrrdmlHvC3
+g==
-----END X509 CRL-----

20
tests/data_files/server2-badsign.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD
VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJxnXClY
oHkbp70cqBrsGXLybA74czbO5RdLEgFs7rHVS9r+c293luS/KdliLScZqAzYVylw
UfRWvKMoWhHYKp3dEIS4xTXk6/5zXxhv9Rw8SGc8qn6vITHk1S1mPevtekgasY5Y
iWQuM3h4YVlRH3HHEMAD1TnAexfXHHDFQGe+Bd1iAbz1/sH9H8l4StwX6egvTK3M
wXRwkKkvjKaEDA9ATbZx0mI8LGsxSuCqe9r9dyjmttd47J1p1Rulz3CLzaRcVIuS
RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8
zhuYwjVuX6JHG08=
-----END CERTIFICATE-----

17
tests/data_files/server3.crt Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICojCCAYqgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTMwODA5MDkxNzAzWhcNMjMwODA3MDkxNzAzWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
CCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5
fQcsej6EFasvlTdJ/6OBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTkF2s2sgaJ
OtleQ7bgZH2Hq33eNzBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/
pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQ
b2xhclNTTCBUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjmSIjGKD1eH5W
4bl2MXfNIsTwc2vv/MAAhBzBEbTXd3T37+zAGPGjKncvTB+oufUVRGkoKbfoC6Jm
DYSEUuxtnUZOko/C//XlCEtK0TuS2aLEqF3gJjBJTCfthEdAhJCtmPAQDCzeKsdx
CoOtH0NQx6Xl64oDt2wYSQNWUTGLPfRpdsVEvBHhHYATQijkl2ZH8BDjsYcBicrS
qmCeN+0T1B9vrOQVEZe+fwgzVL38n8lkJZNPIbdovA9WLHwXAEzPv4la3w0qh4Tb
kSb8HtILl4I474QxrFywylyXR/p2znPleRIRgB5HtUp9tLSWkB0bwMlqQlg2EHXu
CAQ1sXmQ
-----END CERTIFICATE-----

5
tests/data_files/server3.key Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MF8CAQEEGItTogpE7AOnjvYuTqm+9OabmsX02XKIAqAKBggqhkjOPQMBAaE0AzIA
BH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5fQcsej6EFasvlTdJ
/w==
-----END EC PRIVATE KEY-----

15
tests/data_files/server4.crt Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICRDCCAeugAwIBAgIBBDAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x
MzA4MDkwNzU3NTdaFw0yMzA4MDcwNzU3NTdaMDQxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCrySYRCWA2hMyRyGXtO58nVCboGjDXfw+T78yfzrQUFMmG
sMsrjnVriz8TboJla9G5l0BO/KVInrs4X5CBJkAy1TZoJy8QJoYwfDFXQ+x2hH9l
23BF0Mom1frAJl/ju9TzIhqGM2zCFcVHH1ACCxstDp9nqEWN1B0YVW02th8pHwID
AQABo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFBfZRL1Q6LhG2+zv4wFMS8Yw
taURMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKkQDA+MQswCQYD
VQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRl
c3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCICi0VueSFiU2O5MP
LBPbu0Lsm4kCbWJA34HteefA29wWAiEAne8oWL9ILDpqhuB0wEv5PpKMuXLC2A1e
ATV35ATh3EM=
-----END CERTIFICATE-----

16
tests/data_files/server4.key Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKvJJhEJYDaEzJHI
Ze07nydUJugaMNd/D5PvzJ/OtBQUyYawyyuOdWuLPxNugmVr0bmXQE78pUieuzhf
kIEmQDLVNmgnLxAmhjB8MVdD7HaEf2XbcEXQyibV+sAmX+O71PMiGoYzbMIVxUcf
UAILGy0On2eoRY3UHRhVbTa2HykfAgMBAAECgYALAPmFQdp944fPFs0gox8Qv902
JOdYBnWS/ltXKUBzwNkf3ZdGFPwEhYjmz79ei8eFYeDmrlxQCIrpk4WIIFEgVZZA
DRFZSQDIm6i+KSKWX6dFG/ot6VBzahKX24TUNuPhTrYUb+vkqxifbN/ItXcfcG2Z
HB7AZl2RgRbeJGI/IQJBANJCx2dkCIKsrC21cAuq+fbxtSdzGho4hF1jsDHOjoCh
x53BCivk1tL0kLcmLPbJnH2KvzTV4YrizAoGKFneiokCQQDRJ7pnKabHs9qhF6kl
6m9dxAoGmeZY4RwodcVOqAjHFeMI9eSNLpsxava2RJFQVagCzwuft5lvhqeaxxZ0
nwxnAkBFcKCCWNsmrPhAMEfM0q6zC6iUWsMoHbo5TY8HI/yUJtnSE8rULEN2cCbL
FeSLrJHuNEBppqlSQQy50sbIx2JhAkEAug8ZZ0RKNUTtrHib5DrUrxkBwjWOEGrQ
3b1GtF4O0OvLd+EmW+Gl9SQuLJ56lnhcaYM91+s/91JWLv4EH+KM6QJADR52KML6
0IvPiOv8i98U+H5GvYT7pla+F61Y2i/h7M7wpANR8hAwK9IQ2eloeGQ3Fmyedd9l
kHGxNTIgEkw3uQ==
-----END PRIVATE KEY-----

13
tests/data_files/server5-badsign.crt Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB7TCCAZSgAwIBAgIBAzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x
MzA4MDkwNzU3NDBaFw0yMzA4MDcwNzU3NDBaMDQxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI
KoZIzj0DAQEDMgAEy0Lh3ZfhEwBiC8jmJfEg8NGxCDqHEtz+hPgYs37hDz9wTOoY
+CJDtEUcDedgFCpqo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKItALYotNzi
cfBPd7LwETtkYmdBMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv
bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCIE/J
rb3TrYL+z1OsZ2rtCmji7hrPj570X4Qkm1Pb5QEvAiEAiq46sM0+1DSAU0u8FcuL
jbRvSP9W7EJjb9QR3zNYbf4=
-----END CERTIFICATE-----

13
tests/data_files/server5-sha224.crt Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB7jCCAZWgAwIBAgIBBjAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTMwODA5MDgwODEyWhcNMjMwODA3MDgwODEyWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq
GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc
4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC
pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ
b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwEDRwAwRAIg
Xm1nvMzdlO+q5tGATM/IPZxuWSZQqFqwqqdlDEe2OCcCIEbPknZFIjopDpOBMSuU
k+VDnNYzQajkdeM9T5XqaX6B
-----END CERTIFICATE-----

13
tests/data_files/server5-sha256.crt Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB7zCCAZWgAwIBAgIBBzAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTMwODA5MDgwODE3WhcNMjMwODA3MDgwODE3WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq
GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc
4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC
pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ
b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwIDSAAwRQIh
ALfqO3j3gA18v/MG+s5CJfNGBeeRIttASyiO3FOiZUfeAiBoid6STq5AvS1c9Olm
Vk7wB2zYU9v6sSoR99csMz4TTQ==
-----END CERTIFICATE-----

13
tests/data_files/server5-sha384.crt Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB7zCCAZWgAwIBAgIBCDAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTMwODA5MDgwODI1WhcNMjMwODA3MDgwODI1WjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq
GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc
4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC
pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ
b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwMDSAAwRQIh
ANRFz89Cp8ohvDHX94h+pftXR34mhGqzzi3xidVj1Sg8AiBOv+ChIGVXGmM3RFvj
kOaH0pCTLJQEpIAj5jlaCw9tDA==
-----END CERTIFICATE-----

13
tests/data_files/server5-sha512.crt Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB7zCCAZWgAwIBAgIBCTAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MTMwODA5MDgwODMyWhcNMjMwODA3MDgwODMyWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
CCqGSM49AwEBAzIABMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzq
GPgiQ7RFHA3nYBQqaqOBnTCBmjAJBgNVHRMEAjAAMB0GA1UdDgQWBBSiLQC2KLTc
4nHwT3ey8BE7ZGJnQTBuBgNVHSMEZzBlgBS8QO+57pq7NjnhLamiuiy7pr0QcaFC
pEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQ
b2xhcnNzbCBUZXN0IEVDIENBggkArUJ5dp5y9uEwCgYIKoZIzj0EAwQDSAAwRQIh
AN5rRzdwAbgA4scB15w5W9DPJ6w7Q7QiEnV7PV5IAXX4AiBAFnODGe6Lk7C5YYYU
dANkEzunQUZNP1qh24SgeqBUNg==
-----END CERTIFICATE-----

13
tests/data_files/server5.crt Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB7TCCAZSgAwIBAgIBAzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x
MzA4MDkwNzU3NDBaFw0yMzA4MDcwNzU3NDBaMDQxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI
KoZIzj0DAQEDMgAEy0Lh3ZfhEwBiC8jmJfEg8NGxCDqHEtz+hPgYs37hDz9wTOoY
+CJDtEUcDedgFCpqo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFKItALYotNzi
cfBPd7LwETtkYmdBMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv
bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCIE/J
rb3TrYL+z1OsZ2rtCmji7hrPj570X4Qkm1Pb5QEvAiEAiq46sM0+1DSAU0u8FcuL
jbRvSP9W7EJjb9QR3zNYbX4=
-----END CERTIFICATE-----

5
tests/data_files/server5.key Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MF8CAQEEGO82j8OXBoUhVyauCA8XZ288l595u7BXWqAKBggqhkjOPQMBAaE0AzIA
BMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzqGPgiQ7RFHA3nYBQq
ag==
-----END EC PRIVATE KEY-----

13
tests/data_files/server6.crt Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB7TCCAZSgAwIBAgIBAjAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x
MzA4MDkwNzU3MjZaFw0yMzA4MDcwNzU3MjZaMDQxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI
KoZIzj0DAQEDMgAEE2sIbSZOSEinZM3q2MMOy8egM8Y9BAcsuwxO9UpS1B8nT9u1
1bvjTh5VQAgJAU+Oo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDYreWnU1s1J
AG49ALPOQliFaJahMG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv
bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAJBgcqhkjOPQQBA0gAMEUCICDC
Qiv7ypgB4K9x6mf3UvYmdfLHzRkUHyP2FoY/GnFwAiEAr/WVRRw8tPZq3kKaMApQ
OLFV/1jRkCd3i9vpRfdZjsI=
-----END CERTIFICATE-----

5
tests/data_files/server6.key Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MF8CAQEEGD5d3O02N8S/dSjU0RmPK8h2TEH64xPN6qAKBggqhkjOPQMBAaE0AzIA
BBNrCG0mTkhIp2TN6tjDDsvHoDPGPQQHLLsMTvVKUtQfJ0/btdW7404eVUAICQFP
jg==
-----END EC PRIVATE KEY-----

13
tests/data_files/server6.pem Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB3TCCAZSgAwIBAgIBGDAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJTU0wgVGVzdCBFQyBDQTAeFw0x
MzA4MDgxNjQ0MTBaFw0yMzA4MDYxNjQ0MTBaMDQxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI
KoZIzj0DAQEDMgAEE2sIbSZOSEinZM3q2MMOy8egM8Y9BAcsuwxO9UpS1B8nT9u1
1bvjTh5VQAgJAU+Oo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDYreWnU1s1J
AG49ALPOQliFaJahMG4GA1UdIwRnMGWAFNCkRpkIZ/H0utlW6GcwC/zvJRZjoUKk
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv
bGFyU1NMIFRlc3QgRUMgQ0GCCQClZwiM/hcKsjAJBgcqhkjOPQQBAzgAMDUCGQDq
PIUaCr8u28R7V0G/TEOklXgPawdiY4ICGDzmBegZHs7BcNwENa1fn4JYUdTPqKwl
LA==
-----END CERTIFICATE-----

14
tests/data_files/server7.crt Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICMTCCAZqgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTEzMDgxMDA5Mzc1OVoXDTIzMDgwODA5Mzc1OVowNDELMAkG
A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
STATBgcqhkjOPQIBBggqhkjOPQMBAQMyAATLQuHdl+ETAGILyOYl8SDw0bEIOocS
3P6E+BizfuEPP3BM6hj4IkO0RRwN52AUKmqjgZUwgZIwCQYDVR0TBAIwADAdBgNV
HQ4EFgQUoi0Atii03OJx8E93svARO2RiZ0EwZgYDVR0jBF8wXYAUSWP5COj9AlpE
9UEpjc+8T9LAHryhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNT
TDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIBDzANBgkqhkiG9w0BAQUF
AAOBgQDXdaDKbre+goT5vJ8GHr3APTsHed40sS/UvbGtjC4XsZ+liUMhAZn85nWd
95FifmASBWG7R8eyU+nOL1yDQNxIcN1nqzX+UNUnXI5P2gNLF+lllr9T9zYmFo4s
Qg4vVTIZIidwJtB60ZwboTx1au0bDPGDF1oniyLPBJdwcY4jsA==
-----END CERTIFICATE-----

5
tests/data_files/server7.key Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MF8CAQEEGO82j8OXBoUhVyauCA8XZ288l595u7BXWqAKBggqhkjOPQMBAaE0AzIA
BMtC4d2X4RMAYgvI5iXxIPDRsQg6hxLc/oT4GLN+4Q8/cEzqGPgiQ7RFHA3nYBQq
ag==
-----END EC PRIVATE KEY-----

29
tests/data_files/server7_int-ca.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIICMTCCAZqgAwIBAgIBBDANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
ZWRpYXRlIENBMB4XDTEzMDgxMDA5Mzc1OVoXDTIzMDgwODA5Mzc1OVowNDELMAkG
A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
STATBgcqhkjOPQIBBggqhkjOPQMBAQMyAATLQuHdl+ETAGILyOYl8SDw0bEIOocS
3P6E+BizfuEPP3BM6hj4IkO0RRwN52AUKmqjgZUwgZIwCQYDVR0TBAIwADAdBgNV
HQ4EFgQUoi0Atii03OJx8E93svARO2RiZ0EwZgYDVR0jBF8wXYAUSWP5COj9AlpE
9UEpjc+8T9LAHryhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNT
TDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIBDzANBgkqhkiG9w0BAQUF
AAOBgQDXdaDKbre+goT5vJ8GHr3APTsHed40sS/UvbGtjC4XsZ+liUMhAZn85nWd
95FifmASBWG7R8eyU+nOL1yDQNxIcN1nqzX+UNUnXI5P2gNLF+lllr9T9zYmFo4s
Qg4vVTIZIidwJtB60ZwboTx1au0bDPGDF1oniyLPBJdwcY4jsA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICWjCCAgKgAwIBAgIBDzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x
MzA4MTAwOTA4NTFaFw0yMzA4MTAwOTA4NTFaMEgxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEmMCQGA1UEAxMdUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh
dGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/CgAVAhMzUJ7kFpAjx
7vwq2Vs4qmy6nuwOJ7UNBHXaWKSBUUP9KhExuTGMeNvYZmLiwfrd7p22Cgj1VFwp
V/5FEuEk4C7pXSZxqn2bXTaD1ivOVu9I0yKmA3+95f34V72fiqQ2U/SssGhI0EX4
pSMEEbX8NOR31MCFut8ACzQ1AgMBAAGjgaAwgZ0wHQYDVR0OBBYEFElj+Qjo/QJa
RPVBKY3PvE/SwB68MG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv
bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAMBgNVHRMEBTADAQH/MAkGByqG
SM49BAEDRwAwRAIgfIwD+A0rcrrJWKLR1g88ImIx5765D0ZAixZy9Q1j8EgCIFPo
AAs001kkpocmMwGv3Mz8bYCK+0GwSteAoWtZmTz0
-----END CERTIFICATE-----

13
tests/data_files/server8.crt Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIIB4TCCAZmgAwIBAgIBAzAJBgcqhkjOPQQBMEsxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEpMCcGA1UEAxMgUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh
dGUgRUMgQ0EwHhcNMTMwODEwMTA0ODQyWhcNMjMwODEwMTA0ODQyWjA0MQswCQYD
VQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJ
MBMGByqGSM49AgEGCCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrB
dUR7/L2QPB8EC2p5fQcsej6EFasvlTdJ/6OBlTCBkjAdBgNVHQ4EFgQU5BdrNrIG
iTrZXkO24GR9h6t93jcwYwYDVR0jBFwwWoAUsdlE7s/zeovBx8go2LphSL+Nu9mh
P6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQ
UG9sYXJTU0wgVGVzdCBDQYIBETAMBgNVHRMEBTADAQH/MAkGByqGSM49BAEDNwAw
NAIYPH5MSjau/MPc+rjSbYt+Q9rlv4idlJ84AhhWuxV7gaFzJzCs7acgX6WbfOAB
SAnWzz4=
-----END CERTIFICATE-----

8
tests/data_files/server8.key Normal file
View File

@ -0,0 +1,8 @@
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBAQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MF8CAQEEGItTogpE7AOnjvYuTqm+9OabmsX02XKIAqAKBggqhkjOPQMBAaE0AzIA
BH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5fQcsej6EFasvlTdJ
/w==
-----END EC PRIVATE KEY-----

30
tests/data_files/server8_int-ca2.crt Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIB4TCCAZmgAwIBAgIBAzAJBgcqhkjOPQQBMEsxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEpMCcGA1UEAxMgUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh
dGUgRUMgQ0EwHhcNMTMwODEwMTA0ODQyWhcNMjMwODEwMTA0ODQyWjA0MQswCQYD
VQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJ
MBMGByqGSM49AgEGCCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrB
dUR7/L2QPB8EC2p5fQcsej6EFasvlTdJ/6OBlTCBkjAdBgNVHQ4EFgQU5BdrNrIG
iTrZXkO24GR9h6t93jcwYwYDVR0jBFwwWoAUsdlE7s/zeovBx8go2LphSL+Nu9mh
P6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQ
UG9sYXJTU0wgVGVzdCBDQYIBETAMBgNVHRMEBTADAQH/MAkGByqGSM49BAEDNwAw
NAIYPH5MSjau/MPc+rjSbYt+Q9rlv4idlJ84AhhWuxV7gaFzJzCs7acgX6WbfOAB
SAnWzz4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICvDCCAaSgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTMwODEwMTA0NzM5WhcNMjMwODEwMTA0NzM5WjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEF/Nw4VH9gt/WUMJt
dKRsyselY6ngTpfw1XDtlLMT2XewBCAgIHDQoeQlVIkxsdRGo4GVMIGSMB0GA1Ud
DgQWBBSx2UTuz/N6i8HHyCjYumFIv4272TBjBgNVHSMEXDBagBS0WuSls97SUva5
1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM
MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJ
KoZIhvcNAQEFBQADggEBABKWcjM5s2rqe3Ha3MR8rj5Ki6sXnda6mDFga4sWrkzR
aK8FOzHNtGgZvua7mQ3slvxa1b4rdl0ZiCzs16FxeIPrdilo2EqzKKZNbTNx8hGu
f593cXnjRijU4O4ysqNdPfrmUrJHl+gME6C5eLJsrdlhYXa8zog+eOUn/94EFq6I
QW/7hcaAN8mr1ZPCml+dWNynkYd7TqtqIkukB6pqZU9SkSIX6iNaRZXhSjge/+iB
XkJS7NXqwQZ3ktUhHYrkqSuVkdL61hrkB20T3NaPaYGPj/PcnCfk9nOmTmWlqHhl
FZM816w2/AT6G98zJgU0iAG53ANVO1k+FgbUFjrqRDQ=
-----END CERTIFICATE-----

BIN
tests/data_files/test-ca2.crt
View File

Binary file not shown.

9
tests/data_files/test-ca2.key
View File

@ -1,8 +1,5 @@
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBAQ==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MF8CAQEEGKHCq9vcqkdzGdKSIUP2M9o/vu1rja5jxqAKBggqhkjOPQMBAaE0AzIA
BCE3lp+r1ONwYkoOGjPjecq5UMzgDvjDw+KtrrcnHI8HZZ1l09d33PIWFDY65Lbm
Fw==
MHcCAQEEIBgsCX6wjouYFLrghn4s8iRrt9krCKiFHZYtzY8J7+p3oAoGCCqGSM49
AwEHoUQDQgAElrizLPspIX2+kNvC+BOpJnw19tnAi5nsUnt8r6N+KDybdaVUWmLI
qZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/g==
-----END EC PRIVATE KEY-----

94
tests/data_files/test-ca_cat12.crt Normal file
View File

@ -0,0 +1,94 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 12 14:44:00 2011 GMT
Not After : Feb 12 14:44:00 2021 GMT
Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
a2:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
serial:00
Signature Algorithm: sha1WithRSAEncryption
b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
f7:e0:e9:54
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICEjCCAbmgAwIBAgIJAK1CeXaecvbhMAkGByqGSM49BAEwPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBMB4XDTEzMDgwOTA3NDk0NloXDTIzMDgwNzA3NDk0NlowPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrizLPspIX2+kNvC+BOpJnw1
9tnAi5nsUnt8r6N+KDybdaVUWmLIqZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/qOB
oDCBnTAdBgNVHQ4EFgQUvEDvue6auzY54S2porosu6a9EHEwbgYDVR0jBGcwZYAU
vEDvue6auzY54S2porosu6a9EHGhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQK
EwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAK1CeXae
cvbhMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNIADBFAiBs5rd9NzQs/wQZVS6D
rjpOpzFteqBkqe6YgKWkG5kDVwIhAKr4Lr4v+MU1G5D5oSZXYxvUPBa4yARcD7QM
espQnlFX
-----END CERTIFICATE-----

94
tests/data_files/test-ca_cat21.crt Normal file
View File

@ -0,0 +1,94 @@
-----BEGIN CERTIFICATE-----
MIICEjCCAbmgAwIBAgIJAK1CeXaecvbhMAkGByqGSM49BAEwPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBMB4XDTEzMDgwOTA3NDk0NloXDTIzMDgwNzA3NDk0NlowPjELMAkGA1UEBhMC
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElrizLPspIX2+kNvC+BOpJnw1
9tnAi5nsUnt8r6N+KDybdaVUWmLIqZCrjuaGKwOdOZtl/bBp8KOpLZ4UDujV/qOB
oDCBnTAdBgNVHQ4EFgQUvEDvue6auzY54S2porosu6a9EHEwbgYDVR0jBGcwZYAU
vEDvue6auzY54S2porosu6a9EHGhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQK
EwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAK1CeXae
cvbhMAwGA1UdEwQFMAMBAf8wCQYHKoZIzj0EAQNIADBFAiBs5rd9NzQs/wQZVS6D
rjpOpzFteqBkqe6YgKWkG5kDVwIhAKr4Lr4v+MU1G5D5oSZXYxvUPBa4yARcD7QM
espQnlFX
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Validity
Not Before: Feb 12 14:44:00 2011 GMT
Not After : Feb 12 14:44:00 2021 GMT
Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
a2:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
X509v3 Authority Key Identifier:
keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
serial:00
Signature Algorithm: sha1WithRSAEncryption
b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
f7:e0:e9:54
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
-----END CERTIFICATE-----

15
tests/data_files/test-int-ca.crt Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICWjCCAgKgAwIBAgIBDzAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x
MzA4MTAwOTA4NTFaFw0yMzA4MTAwOTA4NTFaMEgxCzAJBgNVBAYTAk5MMREwDwYD
VQQKEwhQb2xhclNTTDEmMCQGA1UEAxMdUG9sYXJTU0wgVGVzdCBJbnRlcm1lZGlh
dGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/CgAVAhMzUJ7kFpAjx
7vwq2Vs4qmy6nuwOJ7UNBHXaWKSBUUP9KhExuTGMeNvYZmLiwfrd7p22Cgj1VFwp
V/5FEuEk4C7pXSZxqn2bXTaD1ivOVu9I0yKmA3+95f34V72fiqQ2U/SssGhI0EX4
pSMEEbX8NOR31MCFut8ACzQ1AgMBAAGjgaAwgZ0wHQYDVR0OBBYEFElj+Qjo/QJa
RPVBKY3PvE/SwB68MG4GA1UdIwRnMGWAFLxA77numrs2OeEtqaK6LLumvRBxoUKk
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv
bGFyc3NsIFRlc3QgRUMgQ0GCCQCtQnl2nnL24TAMBgNVHRMEBTADAQH/MAkGByqG
SM49BAEDRwAwRAIgfIwD+A0rcrrJWKLR1g88ImIx5765D0ZAixZy9Q1j8EgCIFPo
AAs001kkpocmMwGv3Mz8bYCK+0GwSteAoWtZmTz0
-----END CERTIFICATE-----

16
tests/data_files/test-int-ca.key Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAN/CgAVAhMzUJ7kF
pAjx7vwq2Vs4qmy6nuwOJ7UNBHXaWKSBUUP9KhExuTGMeNvYZmLiwfrd7p22Cgj1
VFwpV/5FEuEk4C7pXSZxqn2bXTaD1ivOVu9I0yKmA3+95f34V72fiqQ2U/SssGhI
0EX4pSMEEbX8NOR31MCFut8ACzQ1AgMBAAECgYB+yAibcTQNjoO3TN/lhZcgX/Lp
wdCmbJMRMvACoI6PbBjflLoD6NTGC0NgNLRh9FoG226HgunpiDRlYQPceDx3MP5p
1bcUInatOdAMbYoYw+O+y+/w9qDQWiWOskkdaiktFlaZFC9jaI37jr5ChCsH+3v3
bjnX/8YWYeBZHZEowQJBAPvvhioS4b2RcrkLSUI7pJx3Dlj4m/crlK0v0un1ikNg
ahplDMZoTFhvagUGDKXE4Uqj3Iz9c4QKsZozcwBio4UCQQDjXpyXHscDqo6iXaAz
8McsxXQs1ITs3R9F6SwPbhmF1W7WiMgR5udEHnBkagyFzl2LpwJdFUW3BFHOpPhe
63TxAkEAorlQ9PgBKoo5iV/Kz6bqac1UTQ823e0eOMZ8+nSH+4DYx3ehSr2vIifE
WL5RiPijc6xnFgHWjODDWhAFJaiQaQJBAL1weu++iPqZBLZrY6tjFdBLw/wGJapk
okXRfRBuH33O0saUuH2R8WZkJijD4yMpSe+tet6rdqaCRtbxxK7xZ0ECQFxKE1Zb
nzECNNfhXkswM4X5ieCZAGvh8P0WvmyvPUGkgQIcsQb+exw2FCvsdetqdVHQqzNl
LKLwwuNT9u4/XCo=
-----END PRIVATE KEY-----

17
tests/data_files/test-int-ca2.crt Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICvDCCAaSgAwIBAgIBETANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTMwODEwMTA0NzM5WhcNMjMwODEwMTA0NzM5WjBLMQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEF/Nw4VH9gt/WUMJt
dKRsyselY6ngTpfw1XDtlLMT2XewBCAgIHDQoeQlVIkxsdRGo4GVMIGSMB0GA1Ud
DgQWBBSx2UTuz/N6i8HHyCjYumFIv4272TBjBgNVHSMEXDBagBS0WuSls97SUva5
1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM
MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJ
KoZIhvcNAQEFBQADggEBABKWcjM5s2rqe3Ha3MR8rj5Ki6sXnda6mDFga4sWrkzR
aK8FOzHNtGgZvua7mQ3slvxa1b4rdl0ZiCzs16FxeIPrdilo2EqzKKZNbTNx8hGu
f593cXnjRijU4O4ysqNdPfrmUrJHl+gME6C5eLJsrdlhYXa8zog+eOUn/94EFq6I
QW/7hcaAN8mr1ZPCml+dWNynkYd7TqtqIkukB6pqZU9SkSIX6iNaRZXhSjge/+iB
XkJS7NXqwQZ3ktUhHYrkqSuVkdL61hrkB20T3NaPaYGPj/PcnCfk9nOmTmWlqHhl
FZM816w2/AT6G98zJgU0iAG53ANVO1k+FgbUFjrqRDQ=
-----END CERTIFICATE-----

5
tests/data_files/test-int-ca2.key Normal file
View File

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MF8CAQEEGFgy1xMAKfxIVYM/GIkSort30RcWwJOv3aAKBggqhkjOPQMBAaE0AzIA
BBfzcOFR/YLf1lDCbXSkbMrHpWOp4E6X8NVw7ZSzE9l3sAQgICBw0KHkJVSJMbHU
Rg==
-----END EC PRIVATE KEY-----

2
tests/suites/test_suite_debug.data
View File

@ -4,7 +4,7 @@ debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\:
Debug print certificate #2 (EC)
depends_on:POLARSSL_FS_IO:POLARSSL_PEM_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 1\nMyFile(0999)\: serial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nMyFile(0999)\: issuer name \: CN=Test\nMyFile(0999)\: subject name \: CN=Test\nMyFile(0999)\: issued on \: 2013-07-10 09\:40\:19\nMyFile(0999)\: expires on \: 2023-07-08 09\:40\:19\nMyFile(0999)\: signed using \: ECDSA with SHA1\nMyFile(0999)\: EC key size \: 192 bits\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (190 bits) is\:\nMyFile(0999)\: 21 37 96 9f ab d4 e3 70 62 4a 0e 1a 33 e3 79 ca\nMyFile(0999)\: b9 50 cc e0 0e f8 c3 c3\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (192 bits) is\:\nMyFile(0999)\: e2 ad ae b7 27 1c 8f 07 65 9d 65 d3 d7 77 dc f2\nMyFile(0999)\: 16 14 36 3a e4 b6 e6 17\nMyFile(0999)\: value of 'crt->eckey.Q(Z)' (1 bits) is\:\nMyFile(0999)\: 01\n"
debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: AD\:42\:79\:76\:9E\:72\:F6\:E1\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-08-09 07\:49\:46\nMyFile(0999)\: expires on \: 2023-08-07 07\:49\:46\nMyFile(0999)\: signed using \: ECDSA with SHA1\nMyFile(0999)\: EC key size \: 256 bits\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (256 bits) is\:\nMyFile(0999)\: 96 b8 b3 2c fb 29 21 7d be 90 db c2 f8 13 a9 26\nMyFile(0999)\: 7c 35 f6 d9 c0 8b 99 ec 52 7b 7c af a3 7e 28 3c\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (256 bits) is\:\nMyFile(0999)\: 9b 75 a5 54 5a 62 c8 a9 90 ab 8e e6 86 2b 03 9d\nMyFile(0999)\: 39 9b 65 fd b0 69 f0 a3 a9 2d 9e 14 0e e8 d5 fe\nMyFile(0999)\: value of 'crt->eckey.Q(Z)' (1 bits) is\:\nMyFile(0999)\: 01\n"
Debug print mpi #1
debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"

216
tests/suites/test_suite_x509parse.data
View File

@ -1,47 +1,75 @@
X509 Certificate information #1
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
X509 Certificate information #2
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
X509 Certificate information #3
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
X509 Certificate information MD2 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\n"
X509 Certificate information MD4 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n"
X509 Certificate information MD5 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n"
X509 Certificate information SHA1 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
X509 Certificate information SHA224 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n"
X509 Certificate information SHA256 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 Certificate information SHA384 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n"
X509 Certificate information SHA512 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
X509 Certificate information EC, SHA1 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C
x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 07\:57\:40\nexpires on \: 2023-08-07 07\:57\:40\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n"
X509 Certificate information EC, SHA224 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C
x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:12\nexpires on \: 2023-08-07 08\:08\:12\nsigned using \: ECDSA with SHA224\nEC key size \: 192 bits\n"
X509 Certificate information EC, SHA256 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C
x509_cert_info:"data_files/server5-sha256.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:17\nexpires on \: 2023-08-07 08\:08\:17\nsigned using \: ECDSA with SHA256\nEC key size \: 192 bits\n"
X509 Certificate information EC, SHA384 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C
x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:25\nexpires on \: 2023-08-07 08\:08\:25\nsigned using \: ECDSA with SHA384\nEC key size \: 192 bits\n"
X509 Certificate information EC, SHA512 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C
x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 08\:08\:32\nexpires on \: 2023-08-07 08\:08\:32\nsigned using \: ECDSA with SHA512\nEC key size \: 192 bits\n"
X509 Certificate information RSA signed by EC
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 07\:57\:57\nexpires on \: 2023-08-07 07\:57\:57\nsigned using \: ECDSA with SHA1\nRSA key size \: 1024 bits\n"
X509 Certificate information EC signed by RSA
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C
x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n"
X509 CRL information #1
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
@ -78,6 +106,26 @@ X509 CRL Information SHA512 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n"
X509 CRL Information EC, SHA1 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_crl_info:"data_files/crl-ec.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:26\nnext update \: 2023-08-07 08\:06\:26\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA1\n"
X509 CRL Information EC, SHA224 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:38\nnext update \: 2023-08-07 08\:06\:38\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA224\n"
X509 CRL Information EC, SHA256 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:44\nnext update \: 2023-08-07 08\:06\:44\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA256\n"
X509 CRL Information EC, SHA384 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:06\:52\nnext update \: 2023-08-07 08\:06\:52\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA384\n"
X509 CRL Information EC, SHA512 Digest
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-08-09 08\:07\:01\nnext update \: 2023-08-07 08\:07\:01\nRevoked certificates\:\nserial number\: 02 revocation date\: 2013-08-09 08\:04\:03\nsigned using \: ECDSA with SHA512\n"
X509 Parse RSA Key #1 (No password when required)
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO
x509parse_keyfile_rsa:"data_files/test-ca.key":"NULL":POLARSSL_ERR_X509_PASSWORD_REQUIRED
@ -290,134 +338,214 @@ X509 Time Expired #5
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_time_expired:"data_files/test-ca.crt":"valid_from":1
X509 Time Expired #6:POLARSSL_FS_IO
X509 Time Expired #6
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
x509_time_expired:"data_files/test-ca.crt":"valid_to":0
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL"
X509 Certificate verification #2 (Revoked Cert, Expired CRL)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL"
X509 Certificate verification #3 (Revoked Cert, Expired CRL, CN Mismatch)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED | BADCERT_CN_MISMATCH:"NULL"
X509 Certificate verification #4 (Valid Cert, Expired CRL)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_EXPIRED:"NULL"
X509 Certificate verification #5 (Revoked Cert)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
X509 Certificate verification #6 (Revoked Cert)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCERT_CN_MISMATCH:"NULL"
X509 Certificate verification #8 (Valid Cert)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #9 (Not trusted Cert)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #10 (Not trusted Cert, Expired CRL)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #12 (Valid Cert MD4 Digest)
depends_on:POLARSSL_MD4_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_MD4_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #13 (Valid Cert MD5 Digest)
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #14 (Valid Cert SHA1 Digest)
depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #15 (Valid Cert SHA224 Digest)
depends_on:POLARSSL_SHA256_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_SHA256_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #16 (Valid Cert SHA256 Digest)
depends_on:POLARSSL_SHA256_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_SHA256_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #17 (Valid Cert SHA384 Digest)
depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #18 (Valid Cert SHA512 Digest)
depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #19 (Valid Cert, denying callback)
depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_SHA512_C:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_OTHER:"verify_none"
X509 Certificate verification #20 (Not trusted Cert, allowing callback)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO
X509 Certificate verification #19 (Not trusted Cert, allowing callback)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"verify_all"
X509 Certificate verification #21 (domain matching wildcard certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.com":0:0:"NULL"
X509 Certificate verification #22 (domain not matching wildcard certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL"
X509 Certificate verification #23 (domain not matching wildcard certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL"
X509 Certificate verification #24 (domain matching CN of multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL"
X509 Certificate verification #25 (domain matching multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:"NULL"
X509 Certificate verification #26 (domain not matching multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL"
X509 Certificate verification #27 (domain not matching multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL"
X509 Certificate verification #27 (domain not matching multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL"
X509 Certificate verification #28 (domain not matching wildcard in multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.org":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH:"NULL"
X509 Certificate verification #29 (domain matching wildcard in multi certificate)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.org":0:0:"NULL"
X509 Certificate verification #30 (domain matching multi certificate without CN)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.shotokan-braunschweig.de":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #31 (domain not matching multi certificate without CN)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_SHA1_C:POLARSSL_RSA_C
x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_CN_MISMATCH + BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #32 (Valid, EC cert, RSA CA)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #33 (Valid, RSA cert, EC CA)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL"
X509 Certificate verification #34 (Valid, EC cert, EC CA)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL"
X509 Certificate verification #35 (Revoked, EC CA)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA1_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
X509 Certificate verification #36 (Valid, EC CA, SHA224 Digest)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL"
X509 Certificate verification #37 (Valid, EC CA, SHA256 Digest)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5-sha256.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL"
X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA512_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL"
X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_SHA512_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL"
X509 Certificate verification #40 (Valid, depth 0, RSA, CA)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #41 (Valid, depth 0, EC, CA)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C
x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL"
X509 Certificate verification #42 (Depth 0, not CA, RSA)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #43 (Depth 0, not CA, EC)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C
x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #44 (Corrupted signature, EC)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #45 (Corrupted signature, RSA)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_RSA_C
x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL"
X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec.pem":"NULL":0:0:"NULL"
X509 Certificate verification #50 (Valid, multiple CAs)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Certificate verification #51 (Valid, multiple CAs, reverse order)
depends_on:POLARSSL_PEM_C:POLARSSL_FS_IO:POLARSSL_ECDSA_C:POLARSSL_RSA_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
X509 Parse Selftest
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C:POLARSSL_SELF_TEST
x509_selftest:

8
tests/suites/test_suite_x509parse.function
View File

@ -226,8 +226,8 @@ void x509parse_public_keyfile_ec( char *key_file, int result )
if( res == 0 )
{
ecp_keypair *eckey;
TEST_ASSERT( ctx.type == POLARSSL_PK_ECKEY );
eckey = (ecp_keypair *) ctx.data;
TEST_ASSERT( pk_can_do( &ctx, POLARSSL_PK_ECKEY ) );
eckey = pk_ec( ctx );
TEST_ASSERT( ecp_check_pubkey( &eckey->grp, &eckey->Q ) == 0 );
}
@ -250,8 +250,8 @@ void x509parse_keyfile_ec( char *key_file, char *password, int result )
if( res == 0 )
{
ecp_keypair *eckey;
TEST_ASSERT( ctx.type == POLARSSL_PK_ECKEY );
eckey = (ecp_keypair *) ctx.data;
TEST_ASSERT( pk_can_do( &ctx, POLARSSL_PK_ECKEY ) );
eckey = pk_ec( ctx );
TEST_ASSERT( ecp_check_privkey( &eckey->grp, &eckey->d ) == 0 );
}