c70b982056
A new OID module has been created that contains the main OID searching functionality based on type-dependent arrays. A base type is used to contain the basic values (oid_descriptor_t) and that type is extended to contain type specific information (like a pk_alg_t). As a result the rsa sign and verify function prototypes have changed. They now expect a md_type_t identifier instead of the removed RSA_SIG_XXX defines. All OID definitions have been moved to oid.h All OID matching code is in the OID module. The RSA PKCS#1 functions cleaned up as a result and adapted to use the MD layer. The SSL layer cleanup up as a result and adapted to use the MD layer. The X509 parser cleaned up and matches OIDs in certificates with new module and adapted to use the MD layer. The X509 writer cleaned up and adapted to use the MD layer. Apps and tests modified accordingly
270 lines
5.5 KiB
Plaintext
270 lines
5.5 KiB
Plaintext
BEGIN_HEADER
|
|
#include <polarssl/x509.h>
|
|
#include <polarssl/pem.h>
|
|
#include <polarssl/oid.h>
|
|
|
|
int verify_none( void *data, x509_cert *crt, int certificate_depth, int *flags )
|
|
{
|
|
((void) data);
|
|
((void) crt);
|
|
((void) certificate_depth);
|
|
*flags |= BADCERT_OTHER;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int verify_all( void *data, x509_cert *crt, int certificate_depth, int *flags )
|
|
{
|
|
((void) data);
|
|
((void) crt);
|
|
((void) certificate_depth);
|
|
*flags = 0;
|
|
|
|
return 0;
|
|
}
|
|
|
|
END_HEADER
|
|
|
|
BEGIN_DEPENDENCIES
|
|
depends_on:POLARSSL_X509_PARSE_C:POLARSSL_BIGNUM_C
|
|
END_DEPENDENCIES
|
|
|
|
BEGIN_CASE
|
|
x509_cert_info:crt_file:result_str
|
|
{
|
|
x509_cert crt;
|
|
char buf[2000];
|
|
int res;
|
|
|
|
memset( &crt, 0, sizeof( x509_cert ) );
|
|
memset( buf, 0, 2000 );
|
|
|
|
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
|
res = x509parse_cert_info( buf, 2000, "", &crt );
|
|
|
|
x509_free( &crt );
|
|
|
|
TEST_ASSERT( res != -1 );
|
|
TEST_ASSERT( res != -2 );
|
|
|
|
TEST_ASSERT( strcmp( buf, {result_str} ) == 0 );
|
|
}
|
|
END_CASE
|
|
|
|
BEGIN_CASE
|
|
x509_crl_info:crl_file:result_str
|
|
{
|
|
x509_crl crl;
|
|
char buf[2000];
|
|
int res;
|
|
|
|
memset( &crl, 0, sizeof( x509_crl ) );
|
|
memset( buf, 0, 2000 );
|
|
|
|
TEST_ASSERT( x509parse_crlfile( &crl, {crl_file} ) == 0 );
|
|
res = x509parse_crl_info( buf, 2000, "", &crl );
|
|
|
|
x509_crl_free( &crl );
|
|
|
|
TEST_ASSERT( res != -1 );
|
|
TEST_ASSERT( res != -2 );
|
|
|
|
TEST_ASSERT( strcmp( buf, {result_str} ) == 0 );
|
|
}
|
|
END_CASE
|
|
|
|
BEGIN_CASE
|
|
x509_verify:crt_file:ca_file:crl_file:cn_name:result:flags:verify_callback
|
|
{
|
|
x509_cert crt;
|
|
x509_cert ca;
|
|
x509_crl crl;
|
|
int flags = 0;
|
|
int res;
|
|
|
|
memset( &crt, 0, sizeof( x509_cert ) );
|
|
memset( &ca, 0, sizeof( x509_cert ) );
|
|
memset( &crl, 0, sizeof( x509_crl ) );
|
|
|
|
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
|
TEST_ASSERT( x509parse_crtfile( &ca, {ca_file} ) == 0 );
|
|
TEST_ASSERT( x509parse_crlfile( &crl, {crl_file} ) == 0 );
|
|
|
|
res = x509parse_verify( &crt, &ca, &crl, {cn_name}, &flags, {verify_callback}, NULL );
|
|
|
|
x509_free( &crt );
|
|
x509_free( &ca );
|
|
x509_crl_free( &crl );
|
|
|
|
TEST_ASSERT( res == ( {result} ) );
|
|
TEST_ASSERT( flags == ( {flags} ) );
|
|
}
|
|
END_CASE
|
|
|
|
BEGIN_CASE
|
|
x509_dn_gets:crt_file:entity:result_str
|
|
{
|
|
x509_cert crt;
|
|
char buf[2000];
|
|
int res;
|
|
|
|
memset( &crt, 0, sizeof( x509_cert ) );
|
|
memset( buf, 0, 2000 );
|
|
|
|
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
|
res = x509parse_dn_gets( buf, 2000, &crt.{entity} );
|
|
|
|
x509_free( &crt );
|
|
|
|
TEST_ASSERT( res != -1 );
|
|
TEST_ASSERT( res != -2 );
|
|
|
|
TEST_ASSERT( strcmp( buf, {result_str} ) == 0 );
|
|
}
|
|
END_CASE
|
|
|
|
BEGIN_CASE
|
|
x509_time_expired:crt_file:entity:result
|
|
{
|
|
x509_cert crt;
|
|
|
|
memset( &crt, 0, sizeof( x509_cert ) );
|
|
|
|
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
|
TEST_ASSERT( x509parse_time_expired( &crt.{entity} ) == {result} );
|
|
|
|
x509_free( &crt );
|
|
}
|
|
END_CASE
|
|
|
|
BEGIN_CASE
|
|
x509parse_keyfile:key_file:password:result
|
|
{
|
|
rsa_context rsa;
|
|
int res;
|
|
|
|
memset( &rsa, 0, sizeof( rsa_context ) );
|
|
|
|
res = x509parse_keyfile( &rsa, {key_file}, {password} );
|
|
|
|
TEST_ASSERT( res == {result} );
|
|
|
|
if( res == 0 )
|
|
{
|
|
TEST_ASSERT( rsa_check_privkey( &rsa ) == 0 );
|
|
}
|
|
|
|
rsa_free( &rsa );
|
|
}
|
|
END_CASE
|
|
|
|
BEGIN_CASE
|
|
x509parse_public_keyfile:key_file:result
|
|
{
|
|
rsa_context rsa;
|
|
int res;
|
|
|
|
memset( &rsa, 0, sizeof( rsa_context ) );
|
|
|
|
res = x509parse_public_keyfile( &rsa, {key_file} );
|
|
|
|
TEST_ASSERT( res == {result} );
|
|
|
|
if( res == 0 )
|
|
{
|
|
TEST_ASSERT( rsa_check_pubkey( &rsa ) == 0 );
|
|
}
|
|
|
|
rsa_free( &rsa );
|
|
}
|
|
END_CASE
|
|
|
|
BEGIN_CASE
|
|
x509parse_crt:crt_data:result_str:result
|
|
{
|
|
x509_cert crt;
|
|
unsigned char buf[2000];
|
|
unsigned char output[2000];
|
|
int data_len, res;
|
|
|
|
memset( &crt, 0, sizeof( x509_cert ) );
|
|
memset( buf, 0, 2000 );
|
|
memset( output, 0, 2000 );
|
|
|
|
data_len = unhexify( buf, {crt_data} );
|
|
|
|
TEST_ASSERT( x509parse_crt( &crt, buf, data_len ) == ( {result} ) );
|
|
if( ( {result} ) == 0 )
|
|
{
|
|
res = x509parse_cert_info( (char *) output, 2000, "", &crt );
|
|
|
|
TEST_ASSERT( res != -1 );
|
|
TEST_ASSERT( res != -2 );
|
|
|
|
TEST_ASSERT( strcmp( (char *) output, {result_str} ) == 0 );
|
|
}
|
|
|
|
x509_free( &crt );
|
|
}
|
|
END_CASE
|
|
|
|
BEGIN_CASE
|
|
x509parse_crl:crl_data:result_str:result
|
|
{
|
|
x509_crl crl;
|
|
unsigned char buf[2000];
|
|
unsigned char output[2000];
|
|
int data_len, res;
|
|
|
|
memset( &crl, 0, sizeof( x509_crl ) );
|
|
memset( buf, 0, 2000 );
|
|
memset( output, 0, 2000 );
|
|
|
|
data_len = unhexify( buf, {crl_data} );
|
|
|
|
TEST_ASSERT( x509parse_crl( &crl, buf, data_len ) == ( {result} ) );
|
|
if( ( {result} ) == 0 )
|
|
{
|
|
res = x509parse_crl_info( (char *) output, 2000, "", &crl );
|
|
|
|
TEST_ASSERT( res != -1 );
|
|
TEST_ASSERT( res != -2 );
|
|
|
|
TEST_ASSERT( strcmp( (char *) output, {result_str} ) == 0 );
|
|
}
|
|
|
|
x509_crl_free( &crl );
|
|
}
|
|
END_CASE
|
|
|
|
BEGIN_CASE
|
|
x509parse_key:key_data:result_str:result
|
|
{
|
|
rsa_context rsa;
|
|
unsigned char buf[2000];
|
|
unsigned char output[2000];
|
|
int data_len;
|
|
|
|
memset( &rsa, 0, sizeof( rsa_context ) );
|
|
memset( buf, 0, 2000 );
|
|
memset( output, 0, 2000 );
|
|
|
|
data_len = unhexify( buf, {key_data} );
|
|
|
|
TEST_ASSERT( x509parse_key( &rsa, buf, data_len, NULL, 0 ) == ( {result} ) );
|
|
if( ( {result} ) == 0 )
|
|
{
|
|
TEST_ASSERT( 1 );
|
|
}
|
|
|
|
rsa_free( &rsa );
|
|
}
|
|
END_CASE
|
|
|
|
BEGIN_CASE
|
|
x509_selftest:
|
|
{
|
|
TEST_ASSERT( x509_self_test( 0 ) == 0 );
|
|
}
|
|
END_CASE
|