Add x509_time_future()

This commit is contained in:
Manuel Pégourié-Gonnard 2014-03-10 12:26:11 +01:00
parent 29dcc0b93c
commit 6304f786e0
6 changed files with 150 additions and 40 deletions

View File

@ -230,15 +230,26 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
/** /**
* \brief Check a given x509_time against the system time and check * \brief Check a given x509_time against the system time and check
* if it is valid. * if it is not expired.
* *
* \param time x509_time to check * \param time x509_time to check
* *
* \return Return 0 if the x509_time is still valid, * \return 0 if the x509_time is still valid,
* or 1 otherwise. * 1 otherwise.
*/ */
int x509_time_expired( const x509_time *time ); int x509_time_expired( const x509_time *time );
/**
* \brief Check a given x509_time against the system time and check
* if it is not from the future.
*
* \param time x509_time to check
*
* \return 0 if the x509_time is already valid,
* 1 otherwise.
*/
int x509_time_future( const x509_time *time );
/** /**
* \brief Checkup routine * \brief Checkup routine
* *

View File

@ -621,22 +621,20 @@ int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid )
* Return 0 if the x509_time is still valid, or 1 otherwise. * Return 0 if the x509_time is still valid, or 1 otherwise.
*/ */
#if defined(POLARSSL_HAVE_TIME) #if defined(POLARSSL_HAVE_TIME)
int x509_time_expired( const x509_time *to )
{
int year, mon, day;
int hour, min, sec;
static void x509_get_current_time( x509_time *now )
{
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
SYSTEMTIME st; SYSTEMTIME st;
GetLocalTime(&st); GetLocalTime(&st);
year = st.wYear; now->year = st.wYear;
mon = st.wMonth; now->mon = st.wMonth;
day = st.wDay; now->day = st.wDay;
hour = st.wHour; now->hour = st.wHour;
min = st.wMinute; now->min = st.wMinute;
sec = st.wSecond; now->sec = st.wSecond;
#else #else
struct tm *lt; struct tm *lt;
time_t tt; time_t tt;
@ -644,55 +642,87 @@ int x509_time_expired( const x509_time *to )
tt = time( NULL ); tt = time( NULL );
lt = localtime( &tt ); lt = localtime( &tt );
year = lt->tm_year + 1900; now->year = lt->tm_year + 1900;
mon = lt->tm_mon + 1; now->mon = lt->tm_mon + 1;
day = lt->tm_mday; now->day = lt->tm_mday;
hour = lt->tm_hour; now->hour = lt->tm_hour;
min = lt->tm_min; now->min = lt->tm_min;
sec = lt->tm_sec; now->sec = lt->tm_sec;
#endif #endif
}
if( year > to->year ) /*
* Return 0 if before <= after, 1 otherwise
*/
static int x509_check_time( const x509_time *before, const x509_time *after )
{
if( before->year > after->year )
return( 1 ); return( 1 );
if( year == to->year && if( before->year == after->year &&
mon > to->mon ) before->mon > after->mon )
return( 1 ); return( 1 );
if( year == to->year && if( before->year == after->year &&
mon == to->mon && before->mon == after->mon &&
day > to->day ) before->day > after->day )
return( 1 ); return( 1 );
if( year == to->year && if( before->year == after->year &&
mon == to->mon && before->mon == after->mon &&
day == to->day && before->day == after->day &&
hour > to->hour ) before->hour > after->hour )
return( 1 ); return( 1 );
if( year == to->year && if( before->year == after->year &&
mon == to->mon && before->mon == after->mon &&
day == to->day && before->day == after->day &&
hour == to->hour && before->hour == after->hour &&
min > to->min ) before->min > after->min )
return( 1 ); return( 1 );
if( year == to->year && if( before->year == after->year &&
mon == to->mon && before->mon == after->mon &&
day == to->day && before->day == after->day &&
hour == to->hour && before->hour == after->hour &&
min == to->min && before->min == after->min &&
sec > to->sec ) before->sec > after->sec )
return( 1 ); return( 1 );
return( 0 ); return( 0 );
} }
int x509_time_expired( const x509_time *to )
{
x509_time now;
x509_get_current_time( &now );
return( x509_check_time( &now, to ) );
}
int x509_time_future( const x509_time *from )
{
x509_time now;
x509_get_current_time( &now );
return( x509_check_time( from, &now ) );
}
#else /* POLARSSL_HAVE_TIME */ #else /* POLARSSL_HAVE_TIME */
int x509_time_expired( const x509_time *to ) int x509_time_expired( const x509_time *to )
{ {
((void) to); ((void) to);
return( 0 ); return( 0 );
} }
int x509_time_future( const x509_time *from )
{
((void) from);
return( 0 );
}
#endif /* POLARSSL_HAVE_TIME */ #endif /* POLARSSL_HAVE_TIME */
#if defined(POLARSSL_SELF_TEST) #if defined(POLARSSL_SELF_TEST)

View File

@ -0,0 +1,11 @@
-----BEGIN X509 CRL-----
MIIBgzCCAQoCAQEwCQYHKoZIzj0EATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTMyMDMxMDEx
MDUxNVoXDTQyMDMwODExMDUxNVowKDASAgEKFw0xMzA5MjQxNjI4MzhaMBICARYX
DTE0MDEyMDEzNDMwNVqgcjBwMG4GA1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb
+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNV
BAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gA
MGUCMQCmsvNsOQdbGpmzpeZlKU9lDP6yyWenrI/89swZYogE3cSPob4tOzeYg38i
or91IPgCMD7N/0Qz6Nq2IgBtZORLgsA0ltK+W6AOS+/EIhvGuXV8uguUyYknl4vb
+cE+lWxhCQ==
-----END X509 CRL-----

View File

@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICHjCCAaWgAwIBAgIBHTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
MzIwMzEwMTEwNDExWhcNNDIwMzA4MTEwNDExWjA0MQswCQYDVQQGEwJOTDERMA8G
A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
CCqGSM49BAMCA2cAMGQCMAZWcb+NYxFVK+W6Z5eknM2TrbqQGZEYHQXeV9/XF0t7
TLDhA6a/pFDTJVZunFzesgIwfqkBYuvMkiNlS4lWcVyf8L4CZIHCn1yHnOCxu8ix
uqgLb4na3i94x9urgbZZYfVK
-----END CERTIFICATE-----

View File

@ -170,6 +170,30 @@ X509 Time Expired #6
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
x509_time_expired:"data_files/test-ca.crt":"valid_to":0 x509_time_expired:"data_files/test-ca.crt":"valid_to":0
X509 Time Future #1
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5.crt":"valid_from":0
X509 Time Future #2
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5.crt":"valid_to":1
X509 Time Future #3
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5-future.crt":"valid_from":1
X509 Time Future #4
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/server5-future.crt":"valid_to":1
X509 Time Future #5
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/test-ca2.crt":"valid_from":0
X509 Time Future #6
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C
x509_time_future:"data_files/test-ca2.crt":"valid_to":1
X509 Certificate verification #1 (Revoked Cert, Expired CRL) X509 Certificate verification #1 (Revoked Cert, Expired CRL)
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL" x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:"NULL"

View File

@ -166,6 +166,26 @@ void x509_time_expired( char *crt_file, char *entity, int result )
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_USE_C */
void x509_time_future( char *crt_file, char *entity, int result )
{
x509_crt crt;
x509_crt_init( &crt );
TEST_ASSERT( x509_crt_parse_file( &crt, crt_file ) == 0 );
if( strcmp( entity, "valid_from" ) == 0 )
TEST_ASSERT( x509_time_future( &crt.valid_from ) == result );
else if( strcmp( entity, "valid_to" ) == 0 )
TEST_ASSERT( x509_time_future( &crt.valid_to ) == result );
else
TEST_ASSERT( "Unknown entity" == 0 );
x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C */ /* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C */
void x509parse_crt( char *crt_data, char *result_str, int result ) void x509parse_crt( char *crt_data, char *result_str, int result )
{ {